MINOR: http: allow the cookie capture size to be changed
Some users need more than 64 characters to log large cookies. The limit
was set to 63 characters (and not 64 as previously documented). Now it
is possible to change this using the global "tune.http.cookielen" setting
if required.
diff --git a/doc/configuration.txt b/doc/configuration.txt
index b5b22c9..fd3e38d 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -467,6 +467,7 @@
- tune.bufsize
- tune.chksize
- tune.comp.maxlevel
+ - tune.http.cookielen
- tune.http.maxhdr
- tune.maxaccept
- tune.maxpollevents
@@ -792,6 +793,16 @@
Each session using compression initializes the compression algorithm with
this value. The default value is 1.
+tune.http.cookielen <number>
+ Sets the maximum length of captured cookies. This is the maximum value that
+ the "capture cookie xxx len yyy" will be allowed to take, and any upper value
+ will automatically be truncated to this one. It is important not to set too
+ high a value because all cookie captures still allocate this size whatever
+ their configured value (they share a same pool). This value is per request
+ per response, so the memory allocated is twice this value per connection.
+ When not specified, the limit is set to 63 characters. It is recommended not
+ to change this value.
+
tune.http.maxhdr <number>
Sets the maximum number of headers in a request. When a request comes with a
number of headers greater than this value (including the first line), it is
@@ -1736,9 +1747,9 @@
The capture is performed in the frontend only because it is necessary that
the log format does not change for a given frontend depending on the
backends. This may change in the future. Note that there can be only one
- "capture cookie" statement in a frontend. The maximum capture length is
- configured in the sources by default to 64 characters. It is not possible to
- specify a capture in a "defaults" section.
+ "capture cookie" statement in a frontend. The maximum capture length is set
+ by the global "tune.http.cookielen" setting and defaults to 63 characters. It
+ is not possible to specify a capture in a "defaults" section.
Example:
capture cookie ASPSESSION len 32
diff --git a/include/types/global.h b/include/types/global.h
index 081cf54..bfc1a35 100644
--- a/include/types/global.h
+++ b/include/types/global.h
@@ -112,6 +112,7 @@
int chksize; /* check buffer size in bytes, defaults to BUFSIZE */
int pipesize; /* pipe size in bytes, system defaults if zero */
int max_http_hdr; /* max number of HTTP headers, use MAX_HTTP_HDR if zero */
+ int cookie_len; /* max length of cookie captures */
#ifdef USE_OPENSSL
int sslcachesize; /* SSL cache size in session, defaults to 20000 */
unsigned int ssllifetime; /* SSL session lifetime in seconds */
diff --git a/src/cfgparse.c b/src/cfgparse.c
index d173e65..72719dc 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -673,6 +673,14 @@
}
global.tune.pipesize = atol(args[1]);
}
+ else if (!strcmp(args[0], "tune.http.cookielen")) {
+ if (*(args[1]) == 0) {
+ Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
+ err_code |= ERR_ALERT | ERR_FATAL;
+ goto out;
+ }
+ global.tune.cookie_len = atol(args[1]) + 1;
+ }
else if (!strcmp(args[0], "tune.http.maxhdr")) {
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
@@ -2495,12 +2503,6 @@
curproxy->capture_name = strdup(args[2]);
curproxy->capture_namelen = strlen(curproxy->capture_name);
curproxy->capture_len = atol(args[4]);
- if (curproxy->capture_len >= CAPTURE_LEN) {
- Warning("parsing [%s:%d] : truncating capture length to %d bytes.\n",
- file, linenum, CAPTURE_LEN - 1);
- err_code |= ERR_WARN;
- curproxy->capture_len = CAPTURE_LEN - 1;
- }
curproxy->to_log |= LW_COOKIE;
}
else if (!strcmp(args[1], "request") && !strcmp(args[2], "header")) {
@@ -5951,6 +5953,14 @@
/* will be needed further to delay some tasks */
tv_update_date(0,1);
+ if (!global.tune.max_http_hdr)
+ global.tune.max_http_hdr = MAX_HTTP_HDR;
+
+ if (!global.tune.cookie_len)
+ global.tune.cookie_len = CAPTURE_LEN;
+
+ pool2_capture = create_pool("capture", global.tune.cookie_len, MEM_F_SHARED);
+
/* first, we will invert the proxy list order */
curproxy = NULL;
while (proxy) {
@@ -6438,6 +6448,14 @@
memcpy(curproxy->check_req, sslv3_client_hello_pkt, curproxy->check_len);
}
+ /* ensure that cookie capture length is not too large */
+ if (curproxy->capture_len >= global.tune.cookie_len) {
+ Warning("config : truncating capture length to %d bytes for %s '%s'.\n",
+ global.tune.cookie_len - 1, proxy_type_str(curproxy), curproxy->id);
+ err_code |= ERR_WARN;
+ curproxy->capture_len = global.tune.cookie_len - 1;
+ }
+
/* The small pools required for the capture lists */
if (curproxy->nb_req_cap) {
if (curproxy->mode == PR_MODE_HTTP) {
@@ -7142,9 +7160,6 @@
}
}
- if (!global.tune.max_http_hdr)
- global.tune.max_http_hdr = MAX_HTTP_HDR;
-
pool2_hdr_idx = create_pool("hdr_idx",
global.tune.max_http_hdr * sizeof(struct hdr_idx_elem),
MEM_F_SHARED);
diff --git a/src/proto_http.c b/src/proto_http.c
index e5b0fb6..b82d453 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -269,7 +269,6 @@
/* memory allocations */
pool2_requri = create_pool("requri", REQURI_LEN, MEM_F_SHARED);
- pool2_capture = create_pool("capture", CAPTURE_LEN, MEM_F_SHARED);
pool2_uniqueid = create_pool("uniqueid", UNIQUEID_LEN, MEM_F_SHARED);
}
@@ -862,7 +861,7 @@
extern const char sess_fin_state[8];
extern const char *monthname[12];
struct pool_head *pool2_requri;
-struct pool_head *pool2_capture;
+struct pool_head *pool2_capture = NULL;
struct pool_head *pool2_uniqueid;
/*