traffic_dump: print request body data and client address filtering

This adds the -b option to traffic dump to dump client request body
data. It also adds the -4 and -6 options so that the client can filter
what is dumped based upon a client IP address.

Author: bneradt

include/tscore/ink_inet.h

@@ -1179,6 +1179,7 @@ struct IpAddr {
 
   /// Construct from @c sockaddr.
   explicit IpAddr(sockaddr const *addr) { this->assign(addr); }
+  explicit IpAddr(sockaddr const &addr) { this->assign(&addr); }
   /// Construct from @c sockaddr_in6.
   explicit IpAddr(sockaddr_in6 const &addr) { this->assign(ats_ip_sa_cast(&addr)); }
   /// Construct from @c sockaddr_in6.

plugins/experimental/traffic_dump/json_utils.cc

@@ -127,31 +127,6 @@ esc_json_out(const char *buf, int64_t len, std::ostream &jsonfile)
 
   return len;
 }
-/** Escape characters in a string as needed and return the resultant escaped string.
- *
- * @param[in] s The characters that need to be escaped.
- */
-std::string
-escape_json(std::string_view s)
-{
-  std::ostringstream o;
-  esc_json_out(s.data(), s.length(), o);
-  return o.str();
-}
-
-/** An escape_json overload for a char buffer.
- *
- * @param[in] buf The char buffer pointer with characters that need to be escaped.
- *
- * @param[in] size The size of the buf char array.
- */
-std::string
-escape_json(char const *buf, int64_t size)
-{
-  std::ostringstream o;
-  esc_json_out(buf, size, o);
-  return o.str();
-}
 
 } // anonymous namespace
 
@@ -175,4 +150,20 @@ json_entry_array(std::string_view name, std::string_view value)
   return "[\"" + escape_json(name) + "\",\"" + escape_json(value) + "\"]";
 }
 
+std::string
+escape_json(std::string_view s)
+{
+  std::ostringstream o;
+  esc_json_out(s.data(), s.length(), o);
+  return o.str();
+}
+
+std::string
+escape_json(char const *buf, int64_t size)
+{
+  std::ostringstream o;
+  esc_json_out(buf, size, o);
+  return o.str();
+}
+
 } // namespace traffic_dump

plugins/experimental/traffic_dump/json_utils.h

@@ -55,4 +55,18 @@ std::string json_entry(std::string_view name, char const *value, int64_t size);
  */
 std::string json_entry_array(std::string_view name, std::string_view value);
 
+/** Escape characters in a string as needed and return the resultant escaped string.
+ *
+ * @param[in] s The characters that need to be escaped.
+ */
+std::string escape_json(std::string_view s);
+
+/** An escape_json overload for a char buffer.
+ *
+ * @param[in] buf The char buffer pointer with characters that need to be escaped.
+ *
+ * @param[in] size The size of the buf char array.
+ */
+std::string escape_json(char const *buf, int64_t size);
+
 } // namespace traffic_dump

plugins/experimental/traffic_dump/session_data.cc

@@ -191,6 +191,7 @@ std::atomic<int64_t> SessionData::disk_usage       = 0;
 ts::file::path SessionData::log_directory{default_log_directory};
 uint64_t SessionData::session_counter = 0;
 std::string SessionData::sni_filter;
+std::optional<IpAddr> SessionData::client_ip_filter = std::nullopt;
 
 int
 SessionData::get_session_arg_index()
@@ -217,12 +218,25 @@ SessionData::set_max_disk_usage(int64_t new_max_disk_usage)
 }
 
 bool
-SessionData::init(std::string_view log_directory, int64_t max_disk_usage, int64_t sample_size)
+SessionData::init(std::string_view log_directory, int64_t max_disk_usage, int64_t sample_size, std::string_view ip_filter)
 {
   SessionData::log_directory    = log_directory;
   SessionData::max_disk_usage   = max_disk_usage;
   SessionData::sample_pool_size = sample_size;
 
+  if (!ip_filter.empty()) {
+    client_ip_filter.emplace();
+    if (client_ip_filter->load(ip_filter)) {
+      TSDebug(debug_tag, "Problems parsing IP filter address argument: %.*s", static_cast<int>(ip_filter.size()), ip_filter.data());
+      TSError("[%s] Problems parsing IP filter address argument: %.*s", debug_tag, static_cast<int>(ip_filter.size()),
+              ip_filter.data());
+      client_ip_filter = std::nullopt;
+      return false;
+    } else {
+      TSDebug(debug_tag, "Filtering to only dump connections with ip: %.*s", static_cast<int>(ip_filter.size()), ip_filter.data());
+    }
+  }
+
   if (TS_SUCCESS != TSUserArgIndexReserve(TS_USER_ARGS_SSN, debug_tag, "Track log related data", &session_arg_index)) {
     TSError("[%s] Unable to initialize plugin (disabled). Failed to reserve ssn arg.", traffic_dump::debug_tag);
     return false;
@@ -239,9 +253,10 @@ SessionData::init(std::string_view log_directory, int64_t max_disk_usage, int64_
 }
 
 bool
-SessionData::init(std::string_view log_directory, int64_t max_disk_usage, int64_t sample_size, std::string_view sni_filter)
+SessionData::init(std::string_view log_directory, int64_t max_disk_usage, int64_t sample_size, std::string_view ip_filter,
+                  std::string_view sni_filter)
 {
-  if (!init(log_directory, max_disk_usage, sample_size)) {
+  if (!init(log_directory, max_disk_usage, sample_size, ip_filter)) {
     return false;
   }
   SessionData::sni_filter = sni_filter;
@@ -337,6 +352,25 @@ SessionData::write_transaction_to_disk(std::string_view content)
   return result;
 }
 
+bool
+SessionData::is_filtered_out(const sockaddr *session_client_ip)
+{
+  if (!client_ip_filter) {
+    // The user did not configure an IP by which to filter.
+    return false;
+  }
+  if (session_client_ip == nullptr) {
+    TSDebug(debug_tag, "Found no client IP address for session. Abort.");
+    return true;
+  }
+  if (session_client_ip->sa_family != AF_INET && session_client_ip->sa_family != AF_INET6) {
+    TSDebug(debug_tag, "IP family is not v4 nor v6. Abort.");
+    return true;
+  }
+
+  IpAddr session_address(*session_client_ip);
+  return session_address != *client_ip_filter;
+}
 int
 SessionData::session_aio_handler(TSCont contp, TSEvent event, void *edata)
 {
@@ -413,12 +447,17 @@ SessionData::global_session_handler(TSCont contp, TSEvent event, void *edata)
     }
     const auto this_session_count = session_counter++;
     if (this_session_count % sample_pool_size != 0) {
-      TSDebug(debug_tag, "global_session_handler(): Ignore session %" PRId64 "...", id);
+      TSDebug(debug_tag, "Ignore session %" PRId64 " per the random sampling mechanism", id);
       break;
     } else if (disk_usage >= max_disk_usage) {
-      TSDebug(debug_tag, "global_session_handler(): Ignore session %" PRId64 "due to disk usage %" PRId64 "bytes", id,
-              disk_usage.load());
+      TSDebug(debug_tag, "Ignore session %" PRId64 "due to disk usage %" PRId64 "bytes", id, disk_usage.load());
       break;
+    } else {
+      const sockaddr *client_ip = TSHttpSsnClientAddrGet(ssnp);
+      if (SessionData::is_filtered_out(client_ip)) {
+        TSDebug(debug_tag, "Ignore session %" PRId64 " per the client's IP filter", id);
+        break;
+      }
     }
     // Beginning of a new session
     /// Get epoch time

plugins/experimental/traffic_dump/session_data.h

@@ -24,6 +24,7 @@
 #include <string_view>
 
 #include "ts/ts.h"
+#include "tscore/ink_inet.h"
 #include "tscore/ts_file.h"
 
 namespace traffic_dump
@@ -95,6 +96,9 @@ class SessionData
   /// The running counter of all sessions dumped by traffic_dump.
   static uint64_t session_counter;
 
+  /// Only addresses with this IP will be dumped (if set).
+  static std::optional<IpAddr> client_ip_filter;
+
 public:
   SessionData();
   ~SessionData();
@@ -106,8 +110,9 @@ class SessionData
    *
    * @return True if initialization is successful, false otherwise.
    */
-  static bool init(std::string_view log_directory, int64_t max_disk_usage, int64_t sample_size);
-  static bool init(std::string_view log_directory, int64_t max_disk_usage, int64_t sample_size, std::string_view sni_filter);
+  static bool init(std::string_view log_directory, int64_t max_disk_usage, int64_t sample_size, std::string_view ip_filter);
+  static bool init(std::string_view log_directory, int64_t max_disk_usage, int64_t sample_size, std::string_view ip_filter,
+                   std::string_view sni_filter);
 
   /** Set the sample_pool_size to a new value.
    *
@@ -168,6 +173,22 @@ class SessionData
    */
   int write_to_disk_no_lock(std::string_view content);
 
+  /** Determine whether the user configured IP filter indicates this transaction
+   * should not be dumped.
+   *
+   * @note This also does some validity verification on the IP, making sure it is
+   * v4 or v6, and returns true (i.e., it should be filtered out) if it does not
+   * match these checks. These checks are required in order to perform the IP
+   * filtering logic. This function will only return true if the client has
+   * enabled client filtering.
+   *
+   * @param[in] session_client_ip The session's client address.
+   *
+   * @return True if the provided address should not be dumped per the user's
+   * configuration, false otherwise.
+   */
+  static bool is_filtered_out(const sockaddr *session_client_ip);
+
   /** Get the JSON string that describes the client session stack.
    *
    * @param[in] ssnp The reference to the client session.

plugins/experimental/traffic_dump/traffic_dump.cc

@@ -76,22 +76,33 @@ TSPluginInit(int argc, char const *argv[])
     return;
   }
 
+  bool dump_body                       = false;
   bool sensitive_fields_were_specified = false;
   traffic_dump::sensitive_fields_t user_specified_fields;
   ts::file::path log_dir{traffic_dump::SessionData::default_log_directory};
   int64_t sample_pool_size = traffic_dump::SessionData::default_sample_pool_size;
   int64_t max_disk_usage   = traffic_dump::SessionData::default_max_disk_usage;
   std::string sni_filter;
+  std::string client_ip_filter;
 
   /// Commandline options
-  static const struct option longopts[] = {
-    {"logdir", required_argument, nullptr, 'l'},     {"sample", required_argument, nullptr, 's'},
-    {"limit", required_argument, nullptr, 'm'},      {"sensitive-fields", required_argument, nullptr, 'f'},
-    {"sni-filter", required_argument, nullptr, 'n'}, {nullptr, no_argument, nullptr, 0}};
-  int opt = 0;
+  static const struct option longopts[] = {{"dump_body", no_argument, nullptr, 'b'},
+                                           {"logdir", required_argument, nullptr, 'l'},
+                                           {"sample", required_argument, nullptr, 's'},
+                                           {"limit", required_argument, nullptr, 'm'},
+                                           {"sensitive-fields", required_argument, nullptr, 'f'},
+                                           {"sni-filter", required_argument, nullptr, 'n'},
+                                           {"client_ipv4", required_argument, nullptr, '4'},
+                                           {"client_ipv6", required_argument, nullptr, '6'},
+                                           {nullptr, no_argument, nullptr, 0}};
+  int opt                               = 0;
   while (opt >= 0) {
-    opt = getopt_long(argc, const_cast<char *const *>(argv), "l:", longopts, nullptr);
+    opt = getopt_long(argc, const_cast<char *const *>(argv), "bf:l:s:m:n:4:6", longopts, nullptr);
     switch (opt) {
+    case 'b': {
+      dump_body = true;
+      break;
+    }
     case 'f': {
       // --sensitive-fields takes a comma-separated list of HTTP fields that
       // are sensitive.  The field values for these fields will be replaced
@@ -128,6 +139,12 @@ TSPluginInit(int argc, char const *argv[])
     }
     case 'm': {
       max_disk_usage = static_cast<int64_t>(std::strtol(optarg, nullptr, 0));
+      break;
+    }
+    case '4':
+    case '6': {
+      client_ip_filter = std::string(optarg);
+      break;
     }
     case -1:
     case '?':
@@ -143,26 +160,26 @@ TSPluginInit(int argc, char const *argv[])
     log_dir = ts::file::path(TSInstallDirGet()) / log_dir;
   }
   if (sni_filter.empty()) {
-    if (!traffic_dump::SessionData::init(log_dir.view(), max_disk_usage, sample_pool_size)) {
+    if (!traffic_dump::SessionData::init(log_dir.view(), max_disk_usage, sample_pool_size, client_ip_filter)) {
       TSError("[%s] Failed to initialize session state.", traffic_dump::debug_tag);
       return;
     }
   } else {
-    if (!traffic_dump::SessionData::init(log_dir.view(), max_disk_usage, sample_pool_size, sni_filter)) {
+    if (!traffic_dump::SessionData::init(log_dir.view(), max_disk_usage, sample_pool_size, client_ip_filter, sni_filter)) {
       TSError("[%s] Failed to initialize session state with an SNI filter.", traffic_dump::debug_tag);
       return;
     }
   }
 
   if (sensitive_fields_were_specified) {
-    if (!traffic_dump::TransactionData::init(std::move(user_specified_fields))) {
+    if (!traffic_dump::TransactionData::init(dump_body, std::move(user_specified_fields))) {
       TSError("[%s] Failed to initialize transaction state with user-specified fields.", traffic_dump::debug_tag);
       return;
     }
   } else {
     // The user did not provide their own list of sensitive fields. Use the
     // default.
-    if (!traffic_dump::TransactionData::init()) {
+    if (!traffic_dump::TransactionData::init(dump_body)) {
       TSError("[%s] Failed to initialize transaction state.", traffic_dump::debug_tag);
       return;
     }