diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-09-17 03:51:28 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-09-17 03:51:28 +0000 |
commit | 2b07c041cb218eca6e548bac9c4347f8a90c474c (patch) | |
tree | 679142f3916fa927903c6f245896f5c0325a3254 | |
parent | Initial commit. (diff) | |
download | libapache2-mod-qos-upstream.tar.xz libapache2-mod-qos-upstream.zip |
Adding upstream version 11.74.upstream/11.74upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
92 files changed, 43156 insertions, 0 deletions
diff --git a/README.TXT b/README.TXT new file mode 100644 index 0000000..d11de7d --- /dev/null +++ b/README.TXT @@ -0,0 +1,29 @@ + + Quality of service module for Apache Web Server. + http://mod-qos.sourceforge.net/ + + Copyright (C) 2023 Pascal Buchbinder + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + Please refer to ./doc/index.html for further information. + + Directories in this archive: + apache2/ The source code of the module (mod_qos.c). + doc/ Contains the documentation (HTML). + tools/ Source code of several supplement tools incl. their + man pages. + diff --git a/apache2/Makefile.in b/apache2/Makefile.in new file mode 100644 index 0000000..d4733b2 --- /dev/null +++ b/apache2/Makefile.in @@ -0,0 +1,10 @@ + +include $(top_srcdir)/build/special.mk + +# use the -lcrypto option when loading mod_qos as a DSO into +# an Apache with dynamically loaded OpenSSL library (e.g. when not +# using mod_ssl) +SH_LDFLAGS += -lcrypto +SH_LDFLAGS += -lpcre +LDFLAGS += -lcrypto +LDFLAGS += -lpcre
\ No newline at end of file diff --git a/apache2/config.m4 b/apache2/config.m4 new file mode 100644 index 0000000..a069da4 --- /dev/null +++ b/apache2/config.m4 @@ -0,0 +1,6 @@ + +APACHE_MODPATH_INIT(qos) + +APACHE_MODULE(qos, quality of service module, , , shared) + +APACHE_MODPATH_FINISH diff --git a/apache2/mod_qos.c b/apache2/mod_qos.c new file mode 100644 index 0000000..cef1cf9 --- /dev/null +++ b/apache2/mod_qos.c @@ -0,0 +1,14830 @@ +/* -*-mode: c; indent-tabs-mode: nil; c-basic-offset: 2; -*- + */ + +/** + * mod_qos.c: Quality of service module for Apache Web Server. + * + * The Apache Web Servers requires threads and processes to serve + * requests. Each TCP connection to the web server occupies one + * thread or process. Sometimes, a server gets too busy to serve + * every request due the lack of free processes or threads. + * + * This module implements control mechanisms that can provide + * different priority to different requests. + * + * mod_qos requires OpenSSL, PCRE, threading and shared memory + * support. It has been designed, developed and fully + * tested for Apache httpd MPM worker binaries and it is optimized + * to be used in a reverse proxy. + * + * See http://mod-qos.sourceforge.net/ for further + * details and to obtain the latest version of this module. + * + * Copyright (C) 2023 Pascal Buchbinder + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +/************************************************************************ + * Version + ***********************************************************************/ +static const char revision[] = "$Id: mod_qos.c 2706 2023-05-16 19:52:59Z pbuchbinder $"; +static const char g_revision[] = "11.74"; + +/************************************************************************ + * Includes + ***********************************************************************/ +/* std */ +#include <ctype.h> +#include <time.h> + +#ifndef WIN32 +# include <arpa/inet.h> +# include <unistd.h> +#else +# include <ws2tcpip.h> +# include <windows.h> +# include <direct.h> +#endif + +#include <stdlib.h> + +// for socket options +#ifdef __unix__ +#include <sys/types.h> +#include <sys/socket.h> +#endif + +/* apache */ +#include <httpd.h> +#include <http_core.h> +#include <http_main.h> +#include <http_protocol.h> +#include <http_request.h> +#include <http_connection.h> +#define CORE_PRIVATE +#include <http_config.h> +#include <http_log.h> +#include <util_filter.h> +#include <ap_mpm.h> +#include <scoreboard.h> +#include <ap_config.h> +#include <ap_regex.h> +#include <mpm_common.h> +#include <util_md5.h> + +/* apr / scrlib */ +#include <apr_strings.h> +#include <apr_file_info.h> +#include <apr_base64.h> +#include <apr_hooks.h> +#include <apr_lib.h> +#ifdef AP_NEED_SET_MUTEX_PERMS +#include <unixd.h> +#endif + +/* mod_qos requires OpenSSL */ +#include <openssl/rand.h> +#include <openssl/evp.h> +#include <openssl/hmac.h> + +/* additional modules */ +#include "mod_status.h" + +/* Preprocessor Definitions + * this (optional header file allowing other modules to register to our hoos: */ +#ifdef QS_MOD_EXT_HOOKS +#include "mod_qos.h" +#endif + +/************************************************************************ + * defines + ***********************************************************************/ +#define QOS_LOG_PFX(id) "mod_qos("#id"): " +#define QOS_LOGD_PFX "mod_qos(): " +#define QOS_LOG_MSGCT 200 +#define QOS_HASH_LEN 16 +#define QOS_MAX_AGE "3600" +#define QOS_COOKIE_NAME "MODQOS" +#define QOS_USER_TRACKING "mod_qos_user_id" +#define QOS_USER_TRACKING_NEW "QOS_USER_ID_NEW" +#define QOS_USER_TRACKING_RENEW "QOS_USER_ID_RENEW" +#define QOS_DISABLE_UTC_ENFORCEMENT "DISABLE_UTC_ENFORCEMENT" +#define QOS_MILESTONE "mod_qos_milestone" +#define QOS_MILESTONE_TIMEOUT 3600 +#define QOS_MILESTONE_COOKIE "QSSCD" +#define QS_SIM_IP_LEN 100 +#define QS_USR_SPE "mod_qos::user" +#define QS_REC_COOKIE "mod_qos::gc" +#define QS_R010_ALREADY_BLOCKED "R010B" +#define QS_R012_ALREADY_BLOCKED "R012B" +#define QS_R013_ALREADY_BLOCKED "R013B" +#define QS_PKT_RATE_TH 3 +#define QS_BW_SAMPLING_RATE 10 +// split linear QS_SrvMaxConnPerIP* entry (conn->conn_ip) search: +#ifndef QS_MEM_SEG +#define QS_MEM_SEG 4 +#endif +// buffer if srv opens new connections faster than it closes existing ones +#define QS_DOUBLE_CONN_H 128 +#define QS_DOUBLE_CONN 32 + +#define QS_CONN_ABORT "mod_qos_connection_aborted" + +/* Preprocessor Definitions + * QSLOG_CLID, QSLOG_EVENT, QSLOG_AVERAGE define parameters for QSLog: */ +#ifndef QSLOG_CLID +#define QSLOG_CLID "mod_qos_user_id" +#endif +#ifndef QSLOG_EVENT +#define QSLOG_EVENT "Event" +#endif +#ifndef QSLOG_AVERAGE +#define QSLOG_AVERAGE "QS_AllConn" +#endif + +/* Preprocessor Definitions + * logs repeating messages only once: */ +#ifndef QS_LOG_REPEAT +#define QS_LOG_REPEAT 20 +#endif + +#define QS_IP4IN6 "::ffff:" + +#define QS_PARP_Q "qos-parp-query" +#define QS_PARP_QUERY "qos-query" +#define QS_PARP_PATH "qos-path" +#define QS_PARP_LOC "qos-loc" + +#define QSLOGFORMAT "ISBiDUkEQaC" + +#define QS_SET_DSCP "QS_Set_DSCP" + +#define QS_RESDELYATIME "QS_ResponseDelayTime" +#define QS_CONNID "QS_ConnectionId" +#define QS_COUNTRY "QS_Country" +#define QS_SERIALIZE "QS_Serialize" +#define QS_SRVSERIALIZE "QS_SrvSerialize" +#define QS_ErrorNotes "QS_ErrorNotes" +#define QS_BLOCK "QS_Block" +#define QS_BLOCK_SEEN "QS_Block_seen" +#define QS_BLOCK_DEC "QS_Block_Decrement" +#define QS_LIMIT_NAME_PFX "QS_Limit_VAR_NAME_IDX" +#define QS_LIMIT_DEFAULT "QS_Limit" +#define QS_LIMIT_SEEN "QS_Limit_seen" +#define QS_COUNTER_SUFFIX "_Counter" +#define QS_LIMIT_CLEAR "_Clear" +#define QS_LIMIT_DEC "_Decrement" +#define QS_LIMIT_REMAINING "_Remaining" +#define QS_EVENT "QS_Event" +#define QS_COND "QS_Cond" +#define QS_ISVIPREQ "QS_IsVipRequest" +#define QS_VipRequest "QS_VipRequest" +#define QS_KEEPALIVE "QS_KeepAliveTimeout" +#define QS_MAXKEEPALIVEREQ "QS_MaxKeepAliveRequests" +#define QS_TIMEOUT "QS_Timeout" +#define QS_CLOSE "QS_SrvMinDataRate" +#define QS_MAXIP "QS_SrvMaxConnPerIP" +#define QS_EMPTY_CON "NullConnection" +#define QS_BROKEN_CON "BrokenConnection" +#define QS_RuleId "QS_RuleId" + +// enable connection counter if one of the following feature is used +#define QS_COUNT_CONNECTIONS(sconf) (sconf->max_conn != -1) || \ + (sconf->min_rate_max != -1) || \ + (sconf->max_conn_close != -1) || \ + (sconf->max_conn_per_ip_connections != 1) || \ + sconf->geodb + + +// "3758096128","3758096383","AU" +#define QS_GEO_PATTERN "\"([0-9]+)\",\"([0-9]+)\",\"([A-Z0-9]{2}|-)\"" + +static const char *m_env_variables[] = { + QS_ErrorNotes, + QS_SERIALIZE, + QS_SRVSERIALIZE, + QS_BLOCK, + QS_BLOCK_SEEN, + QS_BLOCK_DEC, + QS_LIMIT_DEFAULT, + QS_LIMIT_SEEN, + QS_EVENT, + QS_COND, + QS_ISVIPREQ, + QS_VipRequest, + QS_KEEPALIVE, + QS_MAXKEEPALIVEREQ, + QS_CLOSE, + QS_EMPTY_CON, + QS_BROKEN_CON, + QS_RuleId, + NULL +}; + +static const char *m_note_variables[] = { + QS_PARP_PATH, + QS_PARP_QUERY, + NULL +}; + +#define QS_INCTX_ID inctx->id + +/* Preprocessor Definitions + This is the measure rate for QS_SrvRequestRate/QS_SrvMinDataRate which may + be increased to 10 or 30 seconds in order to compensate bandwidth variations. + You may also use the QS_SrvSampleRate directive to override this default. + Set it greater than the Apache Timeout directive to prevent from closing + unused speculative TCP pre-connections. */ +#ifndef QS_REQ_RATE_TM +#define QS_REQ_RATE_TM 5 +#endif + +#define QS_MAX_DELAY 5000000 + +#define QOS_DEC_MODE_FLAGS_URL 0x00 +#define QOS_DEC_MODE_FLAGS_HTML 0x01 +#define QOS_DEC_MODE_FLAGS_UNI 0x02 +#define QOS_DEC_MODE_FLAGS_ANSI 0x04 + +#define QOS_LOW_FLAG_PKGRATE 0x01 +#define QOS_LOW_FLAG_BEHAVIOR_OK 0x02 +#define QOS_LOW_FLAG_BEHAVIOR_BAD 0x04 +#define QOS_LOW_FLAG_EVENTBLOCK 0x08 +#define QOS_LOW_FLAG_EVENTLIMIT 0x10 +#define QOS_LOW_FLAG_TIMEOUT 0x20 +#define QOS_LOW_TIMEOUT 86400 + +#define QOS_CC_BEHAVIOR_THR 50000 +#define QOS_CC_BEHAVIOR_THR_SINGLE 50 +#ifdef QS_INTERNAL_TEST +#undef QOS_CC_BEHAVIOR_THR +#undef QOS_CC_BEHAVIOR_THR_SINGLE +#define QOS_CC_BEHAVIOR_THR 50 +#define QOS_CC_BEHAVIOR_THR_SINGLE 20 +#endif +#define QOS_CC_BEHAVIOR_TOLERANCE_STR "20" + +/* Apache 2.2 testing needs patch in util_pcre.c line 134 as it does not know AP_REG_DOTALL + * Add: + * if ((cflags & 0x40) != 0) options |= 0x04; */ +#ifndef AP_REG_DOTALL +#define AP_REG_DOTALL 0x40 +#endif + +#define QS_ERR_TIME_FORMAT "%a %b %d %H:%M:%S %Y" + +#define QSMOD 4 +#define QOS_DELIM ";" + +// Apache 2.4 compat +#if (AP_SERVER_MINORVERSION_NUMBER == 4) +#define QS_APACHE_24 1 +#if (AP_SERVER_PATCHLEVEL_NUMBER > 17) +#define QS_CONN_REMOTEIP(c) c->master ? c->master->client_ip : c->client_ip +#define QS_CONN_REMOTEADDR(c) c->master ? c->master->client_addr : c->client_addr +#define QS_CONN_MASTER(c) (c->master ? c->master : c) +#else +#define QS_CONN_REMOTEIP(c) c->client_ip +#define QS_CONN_REMOTEADDR(c) c->client_addr +#define QS_CONN_MASTER(c) (c) +#endif +#define QOS_MY_GENERATION(g) ap_mpm_query(AP_MPMQ_GENERATION, &g) +#define qos_unixd_set_global_mutex_perms ap_unixd_set_global_mutex_perms +#define QS_ISDEBUG(s) APLOG_IS_LEVEL(s, APLOG_DEBUG) +#else +#define QS_CONN_REMOTEIP(c) c->remote_ip +#define QS_CONN_REMOTEADDR(c) c->remote_addr +#define QS_CONN_MASTER(c) (c) +#define QOS_MY_GENERATION(g) g = ap_my_generation +#define qos_unixd_set_global_mutex_perms unixd_set_global_mutex_perms +#define QS_ISDEBUG(s) s->loglevel >= APLOG_DEBUG +#endif + +#ifdef QS_MOD_EXT_HOOKS +APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(qos, QOS, apr_status_t, path_decode_hook, + (request_rec *r, char **path, int *len), + (r, path, len), + OK, DECLINED) +APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(qos, QOS, apr_status_t, query_decode_hook, + (request_rec *r, char **query, int *len), + (r, query, len), + OK, DECLINED) +#endif + +/************************************************************************ + * structures + ***********************************************************************/ +typedef struct { + const char *name; /* variable name */ + ap_regex_t *preg; + const char *url; /* redirect url */ + int code; +} qos_redirectif_entry_t; + +typedef struct { + unsigned long start; + unsigned long end; + char country[3]; +} qos_geo_entry_t; + +typedef struct { + qos_geo_entry_t *data; // fist element + int size; // number of elements + const char *path; +} qos_geo_t; + +typedef struct { + const char *url; + const char *path; +} qos_errelt_t; + +static const qos_errelt_t m_error_pages[] = { + { "/errorpages/server_error.html", "work/errorpages/server_error.html" }, + { "/errorpages/forbidden.html", "work/errorpages/forbidden.html" }, + { "/errorpages/500.html", "work/errorpages/500.html" }, + { "/errorpages/error.html", "work/errorpages/error.html" }, + { "/errorpages/error500.html", "work/errorpages/error500.html" }, + { "/errorpages/gateway_error.html", "work/errorpages/gateway_error.html" }, + { NULL, NULL } +}; + +typedef struct { + int id; + const char *name; +} qos_dscp_t; + +static const qos_dscp_t m_dscp_desc[] = { + { 0, "none" }, + { 8, "class selector 1" }, + { 10, "assured forwarding 11" }, + { 12, "assured forwarding 12" }, + { 14, "assured forwarding 13" }, + { 16, "class selector 2" }, + { 18, "assured forwarding 21" }, + { 20, "assured forwarding 22" }, + { 22, "assured forwarding 23" }, + { 24, "class selector 3" }, + { 26, "assured forwarding 31" }, + { 28, "assured forwarding 32" }, + { 30, "assured forwarding 33" }, + { 32, "class selector 4" }, + { 34, "assured forwarding 41" }, + { 36, "assured forwarding 42" }, + { 38, "assured forwarding 43" }, + { 40, "class selector 5" }, + { 44, "voice admit" }, + { 46, "expedited forwarding" }, + { 48, "class selector 6" }, + { 56, "class selector 7" }, + { -1, "unknown" } +}; + +typedef struct { + unsigned short int limit; + time_t limitTime; +} qos_s_entry_limit_t; + +typedef struct { + unsigned short int limit; + time_t limitTime; + const char *eventClearStr; // name of the var clearing the counter + const char *eventDecStr; // name of the var decrementing the counter + const char *condStr; + ap_regex_t *preg; +} qos_s_entry_limit_conf_t; + +typedef struct { + apr_uint64_t ip6[2]; + time_t lowrate; + unsigned int lowratestatus; + /* behavior */ + unsigned int html; + unsigned int cssjs; + unsigned int img; + unsigned int other; + unsigned int notmodified; + unsigned int events; + /* serialization flag */ + unsigned int serialize; + apr_time_t serializeQueue; + /* prefer */ + short int vip; + /* ev block */ + unsigned short int block; + short int blockMsg; + time_t time; + time_t blockTime; + qos_s_entry_limit_t *limit; + /* ev/sec */ + time_t interval; + long req; + long req_per_sec; + int req_per_sec_block_rate; + int event_req; +} qos_s_entry_t; + +typedef struct { + time_t t; + /* index */ + qos_s_entry_t **ipd; + qos_s_entry_t **timed; + /* shm */ + apr_shm_t *m; + char *lock_file; + apr_global_mutex_t *lock; + /* size */ + int num; + int max; + int msize; + /* limit table settings */ + apr_table_t *limitTable; + /* av. behavior */ + unsigned long long html; + unsigned long long cssjs; + unsigned long long img; + unsigned long long other; + unsigned long long notmodified; + /* data */ + int connections; + /* remember for which clients this rec has created (shared mem) */ + int generation_locked; // indicates the the counters have been cleared for this generation + /* log counter */ + unsigned long long eventTotal[QOS_LOG_MSGCT]; // total number of events since initial start + unsigned long long eventLast[QOS_LOG_MSGCT]; // number of events since last read +} qos_s_t; + +typedef enum { + QS_IP_V6_DEFAULT = 0, + QS_IP_V6, + QS_IP_V4 +} qs_ip_type_e; + +typedef enum { + QS_CONN_STATE_NEW = 0, + QS_CONN_STATE_HEAD, + QS_CONN_STATE_BODY, + QS_CONN_STATE_CHUNKED, + QS_CONN_STATE_KEEP, + QS_CONN_STATE_RESPONSE, + QS_CONN_STATE_END, + QS_CONN_STATE_DESTROY +} qs_conn_state_e; + +typedef enum { + QS_HEADERFILTER_OFF_DEFAULT = 0, + QS_HEADERFILTER_OFF, + QS_HEADERFILTER_ON, + QS_HEADERFILTER_SIZE_ONLY, + QS_HEADERFILTER_SILENT +} qs_headerfilter_mode_e; + +typedef enum { + QS_FLT_ACTION_DROP, + QS_FLT_ACTION_DENY +} qs_flt_action_e; + +typedef enum { + QS_EVENT_ACTION_DENY = 0 +} qs_event_action_e; + +typedef enum { + QS_DENY_REQUEST_LINE, + QS_DENY_PATH, + QS_DENY_QUERY, + QS_DENY_EVENT, + QS_PERMIT_URI +} qs_rfilter_type_e; + +typedef enum { + QS_LOG = 0, + QS_DENY, + QS_OFF_DEFAULT, + QS_OFF +} qs_rfilter_action_e; + +enum qos_cmp { + QS_CMP_EQ, + QS_CMP_NE, + QS_CMP_GT, + QS_CMP_LT +}; + +typedef struct { + enum qos_cmp cmp; + const char *left; + const char *right; + const char *variable; + const char *value; +} qos_cmp_entry_t; + +typedef struct { + char *variable1; + char *variable2; + ap_regex_t *preg; + char *name; + char *value; +} qos_setenvif_t; + +typedef struct { + ap_regex_t *preg; + char *name; + char *value; +} qos_setenvifquery_t; + +typedef struct { + ap_regex_t *pregx; + char *name; + char *value; +} qos_setenvifparpbody_t; + +/** + * generic request filter + */ +typedef struct { + ap_regex_t *preg; + char *text; + char *id; + qs_rfilter_type_e type; + qs_rfilter_action_e action; +} qos_rfilter_t; + +/** + * list of in_filter ctx + */ +typedef struct { + apr_table_t *table; +#if APR_HAS_THREADS + apr_thread_mutex_t *lock; + apr_thread_t *thread; +#endif + int exit; +} qos_ifctx_list_t; + +/** + * ip entry + */ +typedef struct qs_ip_entry_st { + apr_uint64_t ip6[2]; + int counter; + int error; +} qs_ip_entry_t; + +typedef struct { + qs_ip_entry_t *conn_ip; + int conn_ip_len; + int connections; + int max_client; +} qs_conn_t; + +typedef struct { + apr_time_t q1; // first request in queue + apr_time_t q2; // second request in queue + int locked; +} qs_serial_t; + +/** + * session cookie + */ +typedef struct { + time_t time; +} qos_session_t; + +/** + * cfg/act entry for event limitation + */ +typedef struct { + const char *env_var;// configured environment variable name + const char *eventDecStr; + int max; // configured max. num + int seconds; // configured duration + int limit; // event counter + time_t limitTime; // timer + qs_event_action_e action; + const char *condStr; + ap_regex_t *preg; +} qos_event_limit_entry_t; + +/** + * access control table entry + */ +typedef struct qs_acentry_st { + int id; + /** pointer to lock of the actable */ + apr_global_mutex_t *lock; + /** location rules */ + char *url; + int url_len; + char *event; + ap_regex_t *regex; + ap_regex_t *regex_var; + ap_regex_t *condition; + int counter; + int limit; + /* measurement */ + apr_time_t interval; + long req; + long req_per_sec; + long req_per_sec_limit; + int req_per_sec_block_rate; + long bytes; // transferred bytes + apr_time_t kbytes_interval_us; // elapsed time + apr_off_t kbytes_per_sec; // actual kbytes/sec (measured) + apr_off_t kbytes_per_sec_limit; // configured limitation + apr_off_t kbytes_per_sec_block_rate; // current wait time + struct qs_acentry_st *next; +} qs_acentry_t; + +/** + * access control table (act) + */ +typedef struct qs_actable_st { + apr_size_t size; + apr_shm_t *m; + apr_pool_t *pool; + /** process pool is used to create user space data */ + apr_pool_t *ppool; + /** rule entry list */ + qs_acentry_t *entry; /* shm pointer */ + int has_events; + /** event limit list */ + qos_event_limit_entry_t *event_entry; + /** mutex */ + char *lock_file; + apr_global_mutex_t *lock; + /** ip/conn data */ + qs_conn_t *conn; /* shm pointer */ + unsigned int timeout; + /* settings */ + int child_init; + /* serialize */ + qs_serial_t *serialize; /* shm pointer */ + time_t *qsstatustimer; /* shm pointer */ +} qs_actable_t; + +/** + * network table (total connections, vip connections, first update, last update) + */ +typedef struct qs_netstat_st { + // int counter; + int vip; + // time_t first; + // time_t last; +} qs_netstat_t; + +/** + * user space + */ +typedef struct { + int server_start; + apr_table_t *act_table; + /* client control */ + qos_s_t *qos_cc; +} qos_user_t; + +/** + * directory config + */ +typedef struct { + char *path; + apr_table_t *rfilter_table; + int inheritoff; + qs_headerfilter_mode_e headerfilter; + qs_headerfilter_mode_e resheaderfilter; + int bodyfilter_d; + int bodyfilter_p; + int dec_mode; + apr_off_t maxpost; + qs_rfilter_action_e urldecoding; + const char *response_pattern; + int response_pattern_len; + const char *response_pattern_var; + apr_array_header_t *redirectif; + int decodings; + apr_table_t *disable_reqrate_events; + apr_table_t *setenvstatus_t; + apr_array_header_t *setenvif_t; + apr_table_t *setenvifquery_t; + apr_array_header_t* setenvcmp; +} qos_dir_config; + +/** + * server configuration + */ +typedef struct { + apr_pool_t *pool; + int is_virtual; + server_rec *base_server; + char *mfile; + qs_actable_t *act; + const char *error_page; + apr_table_t *location_t; + apr_table_t *setenv_t; + apr_table_t *setreqheader_t; + apr_table_t *setreqheaderlate_t; + apr_table_t *unsetresheader_t; + apr_table_t *unsetreqheader_t; + apr_array_header_t *setenvif_t; + apr_table_t *setenvifquery_t; + apr_table_t *setenvifparp_t; + apr_table_t *setenvifparpbody_t; + apr_table_t *setenvstatus_t; + apr_table_t *setenvresheader_t; + apr_table_t *setenvresheadermatch_t; + apr_table_t *setenvres_t; + qs_headerfilter_mode_e headerfilter; + qs_headerfilter_mode_e resheaderfilter; + apr_array_header_t *redirectif; + char *cookie_name; + char *cookie_path; + char *user_tracking_cookie; + char *user_tracking_cookie_force; + int user_tracking_cookie_session; + int user_tracking_cookie_jsredirect; + char *user_tracking_cookie_domain; + int max_age; + unsigned char key[EVP_MAX_KEY_LENGTH]; + const unsigned char *rawKey; + int rawKeyLen; + int keyset; + char *header_name; + int header_name_drop; + ap_regex_t *header_name_regex; + apr_table_t *disable_reqrate_events; + char *ip_header_name; + int ip_header_name_drop; + ap_regex_t *ip_header_name_regex; + int vip_user; + int vip_ip_user; + + int has_conn_counter; + int max_conn; + int max_conn_close; + int max_conn_close_percent; + int max_conn_per_ip; + int max_conn_per_ip_connections; + int max_conn_per_ip_ignore_vip; + + int serialize; + int serializeTMO; + apr_table_t *exclude_ip; + qos_ifctx_list_t *inctx_t; + apr_table_t *hfilter_table; /* GLOBAL ONLY */ + apr_table_t *reshfilter_table; /* GLOBAL ONLY */ + /* event rule (enables rule validation) */ + int has_event_filter; + int has_event_limit; + apr_array_header_t *event_limit_a; + /* min data rate */ + int req_rate; /* GLOBAL ONLY */ + int req_rate_start; /* GLOBAL ONLY */ + int min_rate; /* GLOBAL ONLY */ + int min_rate_max; /* GLOBAL ONLY */ + int min_rate_off; + int req_ignore_vip_rate; /* GLOBAL ONLY */ + int max_clients; + int max_clients_conf; +#ifdef QS_INTERNAL_TEST + apr_table_t *testip; + int enable_testip; +#endif + int disable_handler; + int log_only; /* GLOBAL ONLY */ + int log_env; + /* client control */ + int has_qos_cc; /* GLOBAL ONLY */ + int qos_cc_size; /* GLOBAL ONLY */ + int qos_cc_prefer; /* GLOBAL ONLY */ + apr_table_t *cc_exclude_ip; /* GLOBAL ONLY */ + int qos_cc_prefer_limit; + int qos_cc_event; /* GLOBAL ONLY */ + int qos_cc_event_req; /* GLOBAL ONLY */ + int qos_cc_block; /* GLOBAL ONLY */ + int qos_cc_blockTime; /* GLOBAL ONLY */ + apr_table_t *qos_cc_limitTable; /* GLOBAL ONLY */ + char *qos_cc_forwardedfor; /* GLOBAL ONLY */ + int qos_cc_serialize; /* GLOBAL ONLY */ + apr_off_t maxpost; + int cc_tolerance; /* GLOBAL ONLY */ + int cc_tolerance_max; /* GLOBAL ONLY */ + int cc_tolerance_min; /* GLOBAL ONLY */ + int qs_req_rate_tm; /* GLOBAL ONLY */ + qos_geo_t *geodb; /* GLOBAL ONLY */ + int geo_limit; /* GLOBAL ONLY */ + apr_table_t *geo_priv; /* GLOBAL ONLY */ + int geo_excludeUnknown; /* GLOBAL ONLY */ + qs_ip_type_e ip_type; /* GLOBAL ONLY */ + int qsstatus; /* GLOBAL ONLY */ + int qsevents; /* GLOBAL ONLY */ + apr_array_header_t *milestones; + time_t milestoneTimeout; + /* predefined client behavior */ + int static_on; + unsigned long long static_html; + unsigned long long static_cssjs; + unsigned long long static_img; + unsigned long long static_other; + unsigned long long static_notmodified; + apr_file_t *qslog_p; /* GLOBAL ONLY */ + const char *qslog_str; /* GLOBAL ONLY */ +} qos_srv_config; + +#if APR_HAS_THREADS +typedef struct { + apr_thread_t *thread; + int exit; + int maxclients; + time_t *qsstatustimer; /* shm in act */ + apr_global_mutex_t *lock; /* lock of act */ + apr_pool_t *pool; + qos_srv_config *sconf; +} qsstatus_t; +#endif + +/** + * in_filter ctx + */ +typedef struct { + apr_socket_t *clientSocket; + qs_conn_state_e status; + apr_off_t cl_val; + conn_rec *c; + request_rec *r; + /* upload bandwidth (received bytes and start time) */ + time_t time; + apr_size_t nbytes; // measuring the bytes/sec + int hasBytes; + int shutdown; + int errors; + int disabled; + int lowrate; + char *id; + qos_srv_config *sconf; +} qos_ifctx_t; + +/** + * connection configuration + */ +typedef struct { + apr_uint64_t ip6[2]; + conn_rec *mc; // master (real) connection + char *evmsg; + qos_srv_config *sconf; + int is_vip; /* is vip, either by request or by session or by ip */ + int set_vip_by_header; /* received vip header from application/or auth. user (propagate to IP store)*/ + int has_lowrate; + qs_conn_t *conn; +} qs_conn_ctx; + +typedef struct { + qs_conn_ctx *cconf; + conn_rec *c; + qos_srv_config *sconf; + int requests; // number of requests processed (received) by this connection + apr_socket_t *clientSocket; +} qs_conn_base_ctx; + +/** + * request configuration + */ +typedef struct { + qs_acentry_t *entry; + qs_acentry_t *entry_cond; + apr_table_t *event_entries; + char *evmsg; + int is_vip; + apr_off_t maxpostcount; + int cc_event_req_set; + apr_uint64_t cc_event_ip[2]; + int cc_serialize_set; + apr_uint64_t cc_serialize_ip[2]; + int srv_serialize_set; + char *body_window; + apr_off_t response_delayed; // indicates, if the response has been delayed (T) +} qs_req_ctx; + + +/** + * Delay filter context + */ +typedef struct { + qs_acentry_t *entry; + qs_req_ctx *rctx; +} qos_delay_ctx_t; + +/** + * rule set + */ +typedef struct { + char *url; + char *event; + int limit; + ap_regex_t *regex; + ap_regex_t *regex_var; + ap_regex_t *condition; + long req_per_sec_limit; + apr_off_t kbytes_per_sec_limit; +} qs_rule_ctx_t; + +typedef struct { + const char* name; + const char* pattern; + qs_flt_action_e action; + int size; +} qos_her_t; + +typedef struct { + ap_regex_t *preg; + char *name; + char *value; +} qos_pregval_t; + +typedef struct { + int num; + int thinktime; + const char* pattern; + ap_regex_t *preg; + qs_rfilter_action_e action; +} qos_milestone_t; + +typedef struct { + char *text; + ap_regex_t *preg; + qs_flt_action_e action; + int size; +} qos_fhlt_r_t; + +typedef struct { + apr_time_t request_time; + unsigned int in_addr; + unsigned int conn; +#if APR_HAS_THREADS + apr_os_thread_t tid; +#endif + unsigned int unique_id_counter; +} qos_unique_id_t; + +/************************************************************************ + * Globals + ***********************************************************************/ + +module AP_MODULE_DECLARE_DATA qos_module; +static int m_forced_close = 1; +static int m_retcode = HTTP_INTERNAL_SERVER_ERROR; +static int m_threaded_mpm = 1; // note: mod_qos is fully tested for Apache 2.2 worker MPM only +static int m_event_mpm = 0; +static double m_event_mpm_worker_factor = 2; +static unsigned int m_hostcode = 0; +static int m_generation = 0; // parent process (restart generation) +static int m_qos_cc_partition = QSMOD; +static qos_unique_id_t m_unique_id; +static const char qos_basis_64[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-"; + +#ifdef QS_INTERNAL_TEST +static int m_qs_sim_ip_len = QS_SIM_IP_LEN; +#endif + +#ifdef QS_APACHE_24 +APLOG_USE_MODULE(qos); +#endif + +/* mod_parp, forward and optional function */ +static apr_status_t qos_cleanup_conn(void *p); +static apr_status_t qos_base_cleanup_conn(void *p); + +static qs_ip_type_e m_ip_type = QS_IP_V6_DEFAULT; + +APR_DECLARE_OPTIONAL_FN(apr_table_t *, parp_hp_table, (request_rec *)); +APR_DECLARE_OPTIONAL_FN(char *, parp_body_data, (request_rec *, apr_size_t *)); +static APR_OPTIONAL_FN_TYPE(parp_hp_table) *qos_parp_hp_table_fn = NULL; +static APR_OPTIONAL_FN_TYPE(parp_body_data) *qos_parp_body_data_fn = NULL; +static int m_requires_parp = 0; +static int m_enable_audit = 0; +/* mod_ssl, forward and optional function */ +APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *)); +static APR_OPTIONAL_FN_TYPE(ssl_is_https) *qos_is_https = NULL; +APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup, (apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *)); +static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *qos_ssl_var = NULL; + +static void qs_inc_eventcounter(apr_pool_t *ppool, int event, int locked); +#define QS_INC_EVENT(sconf, event) if(sconf->qsevents) qs_inc_eventcounter(sconf->act->ppool, event, 0) +#define QS_INC_EVENT_LOCKED(sconf, event) if(sconf->qsevents) qs_inc_eventcounter(sconf->act->ppool, event, 1) +static int m_knownEvents[] = { 10, 11, 12, 13, 21, 23, 25, 30, 31, 34, 35, 36, 37, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 60, 61, 62, 65, 66, 67, 68, 69, 101, 147, 0 }; + +/* simple header rules allowing "the usual" header formats only (even drop requests using + extensions which are used rarely) */ +/* reserved (to be escaped): {}[]()^$.|*+?\ */ +static const qos_her_t qs_header_rules[] = { +#define QS_URL_UNRESERVED "a-zA-Z0-9._~% -" +#define QS_URL_GEN ":/?#\\[\\]@" +#define QS_URL_SUB "!$&'()*+,;=" +#define QS_URL "["QS_URL_GEN""QS_URL_SUB""QS_URL_UNRESERVED"]" +#define QS_2616TOKEN "[\\x21\\x23-\\x27\\x2a-\\x2e0-9A-Z\\x5-\\x60a-z\\x7e]+" +#define QS_B64_SP "[a-zA-Z0-9 +/$=:]" +#define QS_PIPE "\\|" +#define QS_WEAK "(W/)?" +#define QS_H_ACCEPT "[a-zA-Z0-9_*+-]+/[a-zA-Z0-9_*+.-]+(;[ ]?[a-zA-Z0-9]+=[0-9]+)?[ ]?(;[ ]?[qv]=[a-z0-9.]+)?" +#define QS_H_ACCEPT_C "[a-zA-Z0-9*-]+(;[ ]?q=[0-9.]+)?" +#define QS_H_ACCEPT_E "[a-zA-Z0-9*-]+(;[ ]?q=[0-9.]+)?" +#define QS_H_ACCEPT_L "[a-zA-Z*-]+[0-9]{0,3}(;[ ]?q=[0-9.]+)?" +#define QS_H_CACHE "no-cache|no-store|max-age=[0-9]+|max-stale(=[0-9]+)?|min-fresh=[0-9]+|no-transform|only-if-chached" +#define QS_H_CONTENT "[\"a-zA-Z0-9*/; =-]+" +#define QS_H_COOKIE "["QS_URL_GEN""QS_URL_SUB"\""QS_URL_UNRESERVED"]" +#define QS_H_EXPECT "[a-zA-Z0-9= ;.,-]" +#define QS_H_PRAGMA "[a-zA-Z0-9= ;.,-]" +#define QS_H_FROM "[a-zA-Z0-9=@;.,()-]" +#define QS_H_HOST "[a-zA-Z0-9.-]+(:[0-9]+)?" +#define QS_H_IFMATCH "[a-zA-Z0-9=@;.,*\"-]" +#define QS_H_DATE "[a-zA-Z0-9 :,]" +#define QS_H_TE "[a-zA-Z0-9*-]+(;[ ]?q=[0-9.]+)?" + { "Accept", "^("QS_H_ACCEPT"){1}([ ]?,[ ]?("QS_H_ACCEPT"))*$", QS_FLT_ACTION_DROP, 300 }, + { "Accept-Charset", "^("QS_H_ACCEPT_C"){1}([ ]?,[ ]?("QS_H_ACCEPT_C"))*$", QS_FLT_ACTION_DROP, 300 }, + { "Accept-Encoding", "^("QS_H_ACCEPT_E"){1}([ ]?,[ ]?("QS_H_ACCEPT_E"))*$", QS_FLT_ACTION_DROP, 500 }, + { "Accept-Language", "^("QS_H_ACCEPT_L"){1}([ ]?,[ ]?("QS_H_ACCEPT_L"))*$", QS_FLT_ACTION_DROP, 200 }, + { "Access-Control-Request-Method", "^[a-zA-Z]+$", QS_FLT_ACTION_DROP, 10 }, + { "Access-Control-Request-Headers", "^([a-zA-Z0-9-]+){1}([ ]?,[ ]?([a-zA-Z0-9-]+))*$", QS_FLT_ACTION_DROP, 500 }, + { "Authorization", "^"QS_B64_SP"+$", QS_FLT_ACTION_DROP, 4000 }, + { "Cache-Control", "^("QS_H_CACHE"){1}([ ]?,[ ]?("QS_H_CACHE"))*$", QS_FLT_ACTION_DROP, 100 }, + { "Connection", "^([teTE]+,[ ]?)?([a-zA-Z0-9-]+){1}([ ]?,[ ]?([teTE]+))?$", QS_FLT_ACTION_DROP, 100 }, + { "Content-Encoding", "^[a-zA-Z0-9-]+(,[ ]*[a-zA-Z0-9-]+)*$", QS_FLT_ACTION_DENY, 100 }, + { "Content-Language", "^([0-9a-zA-Z]{0,8}(-[0-9a-zA-Z]{0,8})*)(,[ ]*([0-9a-zA-Z]{0,8}(-[0-9a-zA-Z]{0,8})*))*$", QS_FLT_ACTION_DROP, 100 }, + { "Content-Length", "^[0-9]+$", QS_FLT_ACTION_DENY, 10 }, + { "Content-Location", "^"QS_URL"+$", QS_FLT_ACTION_DENY, 200 }, + { "Content-md5", "^"QS_B64_SP"+$", QS_FLT_ACTION_DENY, 50 }, + { "Content-Range", "^(bytes[ ]+([0-9]+-[0-9]+)/([0-9]+|\\*))$", QS_FLT_ACTION_DENY, 50 }, + { "Content-Type", "^("QS_H_CONTENT"){1}([ ]?,[ ]?("QS_H_CONTENT"))*$", QS_FLT_ACTION_DENY, 200 }, + { "Cookie", "^"QS_H_COOKIE"+$", QS_FLT_ACTION_DROP, 3000 }, + { "Cookie2", "^"QS_H_COOKIE"+$", QS_FLT_ACTION_DROP, 3000 }, + { "DNT", "^[0-9]+$", QS_FLT_ACTION_DROP, 3 }, + { "Expect", "^"QS_H_EXPECT"+$", QS_FLT_ACTION_DROP, 200 }, + { "From", "^"QS_H_FROM"+$", QS_FLT_ACTION_DROP, 100 }, + { "Host", "^"QS_H_HOST"$", QS_FLT_ACTION_DROP, 100 }, + { "If-Invalid", "^[a-zA-Z0-9_.:;() /+!-]+$", QS_FLT_ACTION_DROP, 500 }, + { "If-Match", "^"QS_WEAK""QS_H_IFMATCH"+$", QS_FLT_ACTION_DROP, 100 }, + { "If-Modified-Since", "^"QS_H_DATE"+$", QS_FLT_ACTION_DROP, 100 }, + { "If-None-Match", "^"QS_WEAK""QS_H_IFMATCH"+$", QS_FLT_ACTION_DROP, 100 }, + { "If-Range", "^"QS_H_IFMATCH"+$", QS_FLT_ACTION_DROP, 100 }, + { "If-Unmodified-Since", "^"QS_H_DATE"+$", QS_FLT_ACTION_DROP, 100 }, + { "If-Valid", "^[a-zA-Z0-9_.:;() /+!-]+$", QS_FLT_ACTION_DROP, 500 }, + { "Keep-Alive", "^[0-9]+$", QS_FLT_ACTION_DROP, 20 }, + { "Max-Forwards", "^[0-9]+$", QS_FLT_ACTION_DROP, 20 }, + { "Origin", "^"QS_URL"+$", QS_FLT_ACTION_DROP, 2000 }, + { "Proxy-Authorization", "^"QS_B64_SP"+$", QS_FLT_ACTION_DROP, 400 }, + { "Pragma", "^"QS_H_PRAGMA"+$", QS_FLT_ACTION_DROP, 200 }, + { "Range", "^[a-zA-Z0-9=_.:;() /+!-]+$", QS_FLT_ACTION_DROP, 200 }, + { "Referer", "^"QS_URL"+$", QS_FLT_ACTION_DROP, 2000 }, + { "TE", "^("QS_H_TE"){1}([ ]?,[ ]?("QS_H_TE"))*$", QS_FLT_ACTION_DROP, 100 }, + { "Transfer-Encoding", "^(chunked|Chunked|compress|Compress|deflate|Deflate|gzip|Gzip|identity|Identity)([ ]?,[ ]?(chunked|Chunked|compress|Compress|deflate|Deflate|gzip|Gzip|identity|Identity))*$", QS_FLT_ACTION_DENY, 100 }, + { "Unless-Modified-Since", "^"QS_H_DATE"+$", QS_FLT_ACTION_DROP, 100 }, + { "User-Agent", "^[a-zA-Z0-9]+[a-zA-Z0-9_.:;()\\[\\]@ /+!=,-]+$", QS_FLT_ACTION_DROP, 300 }, + { "Upgrade-Insecure-Requests", "^1$", QS_FLT_ACTION_DROP, 1 }, + { "Via", "^[a-zA-Z0-9_.:;() /+!-]+$", QS_FLT_ACTION_DROP, 100 }, + { "X-Forwarded-For", "^[a-zA-Z0-9_.:-]+(, [a-zA-Z0-9_.:-]+)*$", QS_FLT_ACTION_DROP, 100 }, + { "X-Forwarded-Host", "^[a-zA-Z0-9_.:-]+$", QS_FLT_ACTION_DROP, 100 }, + { "X-Forwarded-Server", "^[a-zA-Z0-9_.:-]+$", QS_FLT_ACTION_DROP, 100 }, + { "X-lori-time-1", "^[0-9]+$", QS_FLT_ACTION_DROP, 20 }, + { "X-Do-Not-Track", "^[0-9]+$", QS_FLT_ACTION_DROP, 20 }, + { NULL, NULL, 0, 0 } +}; + +/* list of allowed standard response headers */ +static const qos_her_t qs_res_header_rules[] = { + { "Age", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Accept-Ranges", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Access-Control-Allow-Origin", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Access-Control-Allow-Methods", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Access-Control-Allow-Headers", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Access-Control-Max-Age", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Access-Control-Allow-Credentials", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Access-Control-Expose-Headers", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Allow", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Cache-Control", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Content-Disposition", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Content-Encoding", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Content-Language", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Content-Length", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Content-Location", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Content-MD5", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Content-Range", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Content-Security-Policy", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 8000 }, + { "Content-Type", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Connection", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Date", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "ETag", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Expect", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Expires", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Keep-Alive", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Last-Modified", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Location", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Proxy-Authenticate", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Public-Key-Pins", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Public-Key-Pins-Report-Only", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Retry-After", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Pragma", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Server", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Set-Cookie", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Set-Cookie2", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Strict-Transport-Security", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "Vary", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "WWW-Authenticate", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "X-Content-Security-Policy", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 8000 }, + { "X-Content-Type-Options", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "X-Frame-Options", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { "X-XSS-Protection", "^[\\x20-\\xFF]*$", QS_FLT_ACTION_DROP, 4000 }, + { NULL, NULL, 0, 0 } +}; + +/************************************************************************ + * private functions + ***********************************************************************/ + +static int qos_regexec_len(apr_pool_t *pool, const ap_regex_t *preg, + const char *buff, apr_size_t len) { +#if (AP_SERVER_MINORVERSION_NUMBER < 4) && defined QS_INTERNAL_TEST + // Apache 2.2 is no longer supported (test only) + char *data = apr_palloc(pool, len + 1); + memcpy(data, buff, len); + data[len] = '\0'; + return ap_regexec(preg, data, 0, NULL, 0); // won't work for null chars! +#else + return ap_regexec_len(preg, buff, len, 0, NULL, 0); +#endif +} + +/** + * Converts an ip long array back to a string representation + * + * @param pool + * @param src Array of two unsigned long + * @return String or null for an invalid address + */ +static char *qos_ip_long2str(apr_pool_t *pool, const void *src) { + char *dst = apr_pcalloc(pool, INET6_ADDRSTRLEN); + char *ret = (char *)inet_ntop(AF_INET6, src, dst, INET6_ADDRSTRLEN); + if(ret) { + if((strncmp(ret, QS_IP4IN6, 7) == 0) && + strchr(ret, '.')) { + ret = &ret[7]; + } + } + return ret; +} + +/** + * Converts an ip string to long array (128 bit) representation + * + * @param src String representation, e.g. 139.12.33.1 or 1::8 + * @param dst Pointer to array of unsigned long (2) (contains "{ 0, 0 }" on error) + * @return 1 on success, 0 on error + */ +static int qos_ip_str2long(const char *src, apr_uint64_t *dst) { + char str[INET6_ADDRSTRLEN]; + const char *convert = src; + apr_uint64_t *n = dst; + n[0] = 0; + n[1] = 0; + if(convert == NULL) { + return 0; + } + if((strchr(convert, ':') == NULL) && + (strlen(convert) <= 15)) { + // looks like an IPv4 address + sprintf(str, QS_IP4IN6"%s", src); + convert = str; + } + return inet_pton(AF_INET6, convert, dst); +} + +static int qos_encode64_binary(char *encoded, const char *string, int len) { + int i; + char *p; + + p = encoded; + for (i = 0; i < len - 2; i += 3) { + *p++ = qos_basis_64[(string[i] >> 2) & 0x3F]; + *p++ = qos_basis_64[((string[i] & 0x3) << 4) | + ((int) (string[i + 1] & 0xF0) >> 4)]; + *p++ = qos_basis_64[((string[i + 1] & 0xF) << 2) | + ((int) (string[i + 2] & 0xC0) >> 6)]; + *p++ = qos_basis_64[string[i + 2] & 0x3F]; + } + if (i < len) { + *p++ = qos_basis_64[(string[i] >> 2) & 0x3F]; + if (i == (len - 1)) { + *p++ = qos_basis_64[((string[i] & 0x3) << 4)]; + *p++ = '='; + } + else { + *p++ = qos_basis_64[((string[i] & 0x3) << 4) | + ((int) (string[i + 1] & 0xF0) >> 4)]; + *p++ = qos_basis_64[((string[i + 1] & 0xF) << 2)]; + } + *p++ = '='; + } + + *p++ = '\0'; + return (int)(p - encoded); +} + +/** + * loads the default header rules into the server configuration (see rules + * above). + * @param pool To allocate memory + * @param outHdrFltTable Table to add rules to + * @param hdrFltRuleDefArray built-in header rules + * @return error message (NULL on success) + */ +static char *qos_load_headerfilter(apr_pool_t *pool, apr_table_t *outHdrFltTable, + const qos_her_t *hdrFltRuleDefArray) { + const qos_her_t* hdrFltRuleDefEntry; + for(hdrFltRuleDefEntry = hdrFltRuleDefArray; hdrFltRuleDefEntry->name != NULL ; ++hdrFltRuleDefEntry) { + qos_fhlt_r_t *hdrFltElement = apr_pcalloc(pool, sizeof(qos_fhlt_r_t)); + hdrFltElement->text = apr_pstrdup(pool, hdrFltRuleDefEntry->pattern); + hdrFltElement->preg = ap_pregcomp(pool, hdrFltRuleDefEntry->pattern, AP_REG_DOTALL); + hdrFltElement->action = hdrFltRuleDefEntry->action; + hdrFltElement->size = hdrFltRuleDefEntry->size; + if(hdrFltElement->preg == NULL) { + return apr_psprintf(pool, "could not compile regular expression '%s' for %s header", + hdrFltElement->text, hdrFltRuleDefEntry->name); + } + apr_table_setn(outHdrFltTable, hdrFltRuleDefEntry->name, (char *)hdrFltElement); + } + return NULL; +} + +/** + * Returns string representation of filter type (for logging purposes) + * @param pool To allocate string + * @param type Rule type + * @return Name of the directive used to configure the rule + */ +static char *qos_rfilter_type2text(apr_pool_t *pool, qs_rfilter_type_e type) { + if(type == QS_DENY_REQUEST_LINE) return apr_pstrdup(pool, "QS_DenyRequestLine"); + if(type == QS_DENY_PATH) return apr_pstrdup(pool, "QS_DenyPath"); + if(type == QS_DENY_QUERY) return apr_pstrdup(pool, "QS_DenyQuery"); + if(type == QS_DENY_EVENT) return apr_pstrdup(pool, "QS_DenyEvent"); + if(type == QS_PERMIT_URI) return apr_pstrdup(pool, "QS_PermitUri"); + return apr_pstrdup(pool, "UNKNOWN"); +} + +/** + * Sets unique apache instance id (hopefully) to the global m_hostcore variable + * @param ptemp Pool to allocate memory from + * @param s Base server record + */ +static void qos_hostcode(apr_pool_t *ptemp, server_rec *s) { + char *key = apr_psprintf(ptemp, "%s%s%s%d%s" +#ifdef ap_http_scheme +/* Apache 2.2 */ + "%s" +#endif + "%s", + s->defn_name ? s->defn_name : "", + s->server_admin ? s->server_admin : "", + s->server_hostname ? s->server_hostname : "", + s->addrs ? s->addrs->host_port : 0, + s->path ? s->path : "", + s->error_fname ? s->error_fname : "" +#ifdef ap_http_scheme +/* Apache 2.2 */ + ,s->server_scheme ? s->server_scheme : "" +#endif + ); + int len = strlen(key); + int i; + char *p; + for(p = key, i = len; i; i--, p++) { + m_hostcode = m_hostcode * 33 + *p; + } +} + +/** + * temp file name for the main/virtual serve + * @param pool Pool to allocate the file name from + * @param s Server record + * @return absolute file name + */ +static char *qos_tmpnam(apr_pool_t *pool, server_rec *s) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(s->module_config, + &qos_module); + const char *path = NULL; + char *ret; + char *file; + if(apr_temp_dir_get(&path, pool) != APR_SUCCESS) { + path = apr_pstrdup(pool, "/var/tmp"); + } + if(sconf && sconf->mfile) { + path = sconf->mfile; + } + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, + QOS_LOGD_PFX"temporary directory for semaphores/shared memory: %s" + " (use QS_SemMemFile to override it).", path); + if(s) { + unsigned int scode = 0; + char *key = apr_psprintf(pool, "%u%s.%s.%d", + m_hostcode, + s->is_virtual ? "v" : "b", + s->server_hostname == NULL ? "-" : s->server_hostname, + s->addrs == NULL ? 0 : s->addrs->host_port); + int len = strlen(key); + int i; + char *p; + for(p = key, i = len; i; i--, p++) { + scode = scode * 33 + *p; + } + file = apr_psprintf(pool, "%u", scode); + } else { + file = apr_psprintf(pool, "%u", m_hostcode); + } + file[0] += 25; /* non numeric */ + apr_filepath_merge(&ret, path, file, APR_FILEPATH_NATIVE, pool); + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, + QOS_LOGD_PFX"temporary file: %s", ret); + return ret; +} + +/** + * QS_LimitRequestBody settings. Environment variable (dynamic) has higher prio than + * configuration (static) value. + * @param r + * @param sconf + * @param dconf + */ +static apr_off_t qos_maxpost(request_rec *r, qos_srv_config *sconf, + qos_dir_config *dconf) { + if(r->subprocess_env) { + const char *bytes = apr_table_get(r->subprocess_env, "QS_LimitRequestBody"); + if(bytes) { + apr_off_t s; +#ifdef ap_http_scheme + /* Apache 2.2 */ + char *errp = NULL; + if(APR_SUCCESS == apr_strtoff(&s, bytes, &errp, 10)) { + return s; + } +#else + if((s = apr_atoi64(bytes)) >= 0) { + return s; + } +#endif + } + } + if(dconf->maxpost != -1) { + return dconf->maxpost; + } + return sconf->maxpost; +} + + +/** + * Similar to strstr but restricting the length of s1 (supports strings which + * are not NULL terminated). + * + * @param s1 String to search in + * @param s2 Pattern to ind + * @param len Length of s1 + * @return pointer to the beginning of the substring s2 within s1, or NULL + * if the substring is not found + */ +static char *qos_strnstr(const char *s1, const char *s2, int len) { + const char *e1 = &s1[len-1]; + char *p1, *p2; + if (*s2 == '\0') { + /* an empty s2 */ + return((char *)s1); + } + while(1) { + for ( ; (*s1 != '\0') && (s1 <= e1) && (apr_tolower(*s1) != apr_tolower(*s2)); s1++); + if (*s1 == '\0' || s1 > e1) { + return(NULL); + } + /* found first character of s2, see if the rest matches */ + p1 = (char *)s1; + p2 = (char *)s2; + for (++p1, ++p2; (apr_tolower(*p1) == apr_tolower(*p2)) && (p1 <= e1); ++p1, ++p2) { + if((p1 > e1) && (*p2 != '\0')) { + // reached the end without match + return NULL; + } + if (*p2 == '\0') { + /* both strings ended together */ + return((char *)s1); + } + } + if (*p2 == '\0') { + /* second string ended, a match */ + break; + } + /* didn't find a match here, try starting at next character in s1 */ + s1++; + } + return((char *)s1); +} + +/** + * Determines, if the client IP shall be excluded from rule enforcement + * + * @param connection Connection to get the IP + * @param exclude_ip Table containing the rules + * @return 1 on match otherwise 0 + */ +static int qos_is_excluded_ip(conn_rec *connection, apr_table_t *exclude_ip) { + conn_rec *c = connection; + if(apr_table_elts(exclude_ip)->nelts > 0) { + int i; + apr_table_entry_t *entry = (apr_table_entry_t *)apr_table_elts(exclude_ip)->elts; + for(i = 0; i < apr_table_elts(exclude_ip)->nelts; i++) { + if(entry[i].val[0] == 'r') { + if(strncmp(entry[i].key, QS_CONN_REMOTEIP(c), strlen(entry[i].key)) == 0) { + return 1; + } + } else { + if(strcmp(entry[i].key, QS_CONN_REMOTEIP(c)) == 0) { + return 1; + } + } + } + } + return 0; +} + +/** + * Comperator (ip search) for the client ip store qos_cc_*() + * functions (used by bsearch/qsort) + */ +static int qos_cc_comp(const void *_pA, const void *_pB) { + qos_s_entry_t *pA=*(( qos_s_entry_t **)_pA); + qos_s_entry_t *pB=*(( qos_s_entry_t **)_pB); + if(pA->ip6[0] > pB->ip6[0]) return 2; + if(pA->ip6[0] < pB->ip6[0]) return -2; + if(pA->ip6[1] > pB->ip6[1]) return 1; + if(pA->ip6[1] < pB->ip6[1]) return -1; + return 0; +} + +static int qos_cc_compv4(const void *_pA, const void *_pB) { + qos_s_entry_t *pA=*(( qos_s_entry_t **)_pA); + qos_s_entry_t *pB=*(( qos_s_entry_t **)_pB); + if(pA->ip6[1] > pB->ip6[1]) return 1; + if(pA->ip6[1] < pB->ip6[1]) return -1; + return 0; +} + +/** + * Comperator (time search) for the client ip store qos_cc_*() + * functions (used by bsearch/qsort) + */ +static int qos_cc_comp_time(const void *_pA, const void *_pB) { + qos_s_entry_t *pA=*(( qos_s_entry_t **)_pA); + qos_s_entry_t *pB=*(( qos_s_entry_t **)_pB); + if(pA->time > pB->time) return 1; + if(pA->time < pB->time) return -1; + return 0; +} + +/** + * creates new per client store + * @param pool Persistent process pool + * @param srec Server rec for sem/mutex + * @param size Number of entries + * @param limitTable Table of "QS_Limit" events + * @return pointer to the per client data array + */ +static qos_s_t *qos_cc_new(apr_pool_t *pool, server_rec *srec, int size, + apr_table_t *limitTable) { + char *file = "-"; + apr_shm_t *clientMem; // per client memory table + apr_shm_t *limitMem; // "limit" memory table + apr_status_t res; + int limitTableSize = apr_table_elts(limitTable)->nelts; + int limitMemSize = 0; + int clientMemSize = APR_ALIGN_DEFAULT(sizeof(qos_s_t)) + + (APR_ALIGN_DEFAULT(sizeof(qos_s_entry_t)) * size) + + (2 * APR_ALIGN_DEFAULT(sizeof(qos_s_entry_t *)) * size); + int i; + qos_s_t *clientDataArray; + qos_s_entry_t *clientDataEntry; + qos_s_entry_limit_t *limitTableEntry = NULL; + clientMemSize = clientMemSize + 1024; + if(limitTableSize > 0) { + limitMemSize = APR_ALIGN_DEFAULT(sizeof(qos_s_entry_limit_t)) * limitTableSize * size; + limitMemSize = limitMemSize + 1024; + } + /* use anonymous shm by default */ + if(limitTableSize > 0) { + apr_shm_create(&limitMem, limitMemSize, NULL, pool); + } + res = apr_shm_create(&clientMem, clientMemSize, NULL, pool); + if(APR_STATUS_IS_ENOTIMPL(res)) { + char *lfile = apr_psprintf(pool, "%s_cc_ml.mod_qos", + qos_tmpnam(pool, srec)); + file = apr_psprintf(pool, "%s_cc_m.mod_qos", + qos_tmpnam(pool, srec)); +#ifdef ap_http_scheme + /* Apache 2.2 */ + if(limitTableSize > 0) { + apr_shm_remove(lfile, pool); + } + apr_shm_remove(file, pool); +#endif + if(limitTableSize > 0) { + apr_shm_create(&limitMem, limitMemSize, lfile, pool); + } + res = apr_shm_create(&clientMem, clientMemSize, file, pool); + } + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, srec, + QOS_LOGD_PFX"create shared memory (client control)(%s): %d bytes", + file, clientMemSize + limitMemSize); + if(res != APR_SUCCESS) { + char buf[MAX_STRING_LEN]; + apr_strerror(res, buf, sizeof(buf)); + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, srec, + QOS_LOG_PFX(002)"failed to create shared memory (client control)(%s): " + "%s (%d bytes)", + file, buf, clientMemSize); + return NULL; + } + clientDataArray = apr_shm_baseaddr_get(clientMem); + clientDataArray->m = clientMem; + clientDataArray->generation_locked = -1; + if(limitTableSize > 0) { + apr_table_entry_t *te = (apr_table_entry_t *)apr_table_elts(limitTable)->elts; + limitTableEntry = apr_shm_baseaddr_get(limitMem); + clientDataArray->limitTable = apr_table_make(pool, limitTableSize+10); + for(i = 0; i < limitTableSize; i++) { + char *eventName = apr_pstrdup(pool, te[i].key); + qos_s_entry_limit_conf_t *eventLimitConf = apr_pcalloc(pool, sizeof(qos_s_entry_limit_conf_t)); + qos_s_entry_limit_conf_t *src = (qos_s_entry_limit_conf_t*)te[i].val; + eventLimitConf->limit = src->limit; + eventLimitConf->limitTime = src->limitTime; + eventLimitConf->eventClearStr = apr_pstrcat(pool, eventName, QS_LIMIT_CLEAR, NULL); + eventLimitConf->eventDecStr = apr_pstrcat(pool, eventName, QS_LIMIT_DEC, NULL); + eventLimitConf->condStr = NULL; + eventLimitConf->preg = NULL; + if(src->condStr) { + eventLimitConf->condStr = apr_pstrdup(pool, src->condStr); + eventLimitConf->preg = ap_pregcomp(pool, src->condStr, AP_REG_EXTENDED); + } + apr_table_addn(clientDataArray->limitTable, eventName, (char *)eventLimitConf); + } + } else { + clientDataArray->limitTable = NULL; + } + clientDataArray->lock_file = apr_psprintf(pool, "%s_ccl.mod_qos", + qos_tmpnam(pool, srec)); + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, srec, + QOS_LOGD_PFX"create mutex (client control)(%s)", + clientDataArray->lock_file); + res = apr_global_mutex_create(&clientDataArray->lock, clientDataArray->lock_file, APR_LOCK_DEFAULT, pool); + if(res != APR_SUCCESS) { + char buf[MAX_STRING_LEN]; + apr_strerror(res, buf, sizeof(buf)); + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, srec, + QOS_LOG_PFX(004)"failed to create mutex (client control)(%s): %s", + clientDataArray->lock_file, buf); + apr_shm_destroy(clientDataArray->m); + return NULL; + } +#ifdef AP_NEED_SET_MUTEX_PERMS + qos_unixd_set_global_mutex_perms(clientDataArray->lock); +#endif + clientDataEntry = (qos_s_entry_t *)&clientDataArray[1]; + clientDataArray->ipd = (qos_s_entry_t **)&clientDataEntry[size]; + clientDataArray->timed = (qos_s_entry_t **)&clientDataArray->ipd[size]; + clientDataArray->num = 0; + clientDataArray->max = size; + clientDataArray->msize = clientMemSize; + clientDataArray->connections = 0; + clientDataArray->html = 0; + clientDataArray->cssjs = 0; + clientDataArray->img = 0; + clientDataArray->other = 0; + clientDataArray->notmodified = 0; + for(i = 0; i < size; i++) { + clientDataArray->ipd[i] = clientDataEntry; + clientDataArray->timed[i] = clientDataEntry; + if(limitTableSize > 0) { + clientDataEntry->limit = limitTableEntry; + limitTableEntry += limitTableSize; + } else { + clientDataEntry->limit = NULL; + } + clientDataEntry++; + } + clientDataArray->t = time(NULL); + for(i = 0; i < QOS_LOG_MSGCT; i++) { + clientDataArray->eventTotal[i] = 0; + clientDataArray->eventLast[i] = 0; + } + return clientDataArray; +} + +/** + * Destroys the client data store + */ +static void qos_cc_free(qos_s_t *s) { + /* + We don't need to destroy locks or shared memory + manually as apr_global_mutex_create() and + apr_shm_create() register the cleanup methods + themself to the pool we used when allocating the + locks/memory. + if(s->lock) { + apr_global_mutex_destroy(s->lock); + } + if(s->m) { + apr_shm_destroy(s->m); + } + if(s->lm) { + apr_shm_destroy(s->lm); + } + */ +} + +/** + * searches an entry + * @param s Client store (locked) + * @param pA IP to search + * @param now Current time (update access to the entry) + * @return client entry or NULL if not available + */ +static qos_s_entry_t **qos_cc_get0(qos_s_t *s, qos_s_entry_t *pA, time_t now) { + qos_s_entry_t **pB; + unsigned char *b = (void *)&pA->ip6[1]; + int mod = b[7] % m_qos_cc_partition; + int max = (s->max / m_qos_cc_partition); + int start = mod * max; + if(m_ip_type == QS_IP_V4) { + pB = bsearch((const void *)&pA, (const void *)&s->ipd[start], + max, sizeof(qos_s_entry_t *), qos_cc_compv4); + } else { + pB = bsearch((const void *)&pA, (const void *)&s->ipd[start], + max, sizeof(qos_s_entry_t *), qos_cc_comp); + } + if(pB) { + if(now != 0) { + s->t = now; + } + (*pB)->time = s->t; + } + return pB; +} + +/** + * inserts a new entry to the client data store + * @param s Client store (locked) + * @param pA IP to insert + * @param now Current time (last access) + * @return inserted entry + */ +static qos_s_entry_t **qos_cc_set(qos_s_t *s, qos_s_entry_t *pA, time_t now) { + qos_s_entry_t **pB; + unsigned char *b = (void *)&pA->ip6[1]; + int mod = b[7] % m_qos_cc_partition; + int max = (s->max / m_qos_cc_partition); + int start = mod * max; + s->t = now; + qsort(&s->timed[start], max, sizeof(qos_s_entry_t *), qos_cc_comp_time); + if(s->num < s->max) { + s->num++; + } + pB = &s->timed[start]; + (*pB)->ip6[0] = pA->ip6[0]; + (*pB)->ip6[1] = pA->ip6[1]; + (*pB)->time = now; + if(m_ip_type == QS_IP_V4) { + qsort(&s->ipd[start], max, sizeof(qos_s_entry_t *), qos_cc_compv4); + } else { + qsort(&s->ipd[start], max, sizeof(qos_s_entry_t *), qos_cc_comp); + } + + (*pB)->vip = 0; + (*pB)->lowrate = 0; + (*pB)->lowratestatus = 0; + (*pB)->block = 0; + (*pB)->blockMsg = 0; + (*pB)->blockTime = 0; + if(s->limitTable) { + int i; + for(i = 0; i < apr_table_elts(s->limitTable)->nelts; i++) { + (*pB)->limit[i].limit = 0; + (*pB)->limit[i].limitTime = 0; + } + } + (*pB)->interval = now; + (*pB)->req = 0; + (*pB)->req_per_sec = 0; + (*pB)->req_per_sec_block_rate = 0; + (*pB)->event_req = 0; + (*pB)->serialize = 0; + (*pB)->serializeQueue = 0; + (*pB)->html = 1; + (*pB)->cssjs = 1; + (*pB)->img = 1; + (*pB)->other = 1; + (*pB)->notmodified = 1; + (*pB)->events = 0; + return pB; +} + +/** + * searches or inserts (if not available) an entry from/to the client data store + * @param s Client store (locked) + * @param pA IP to insert + * @param now Current time (last access) + * @return inserted entry + */ +static qos_s_entry_t **qos_cc_getOrSet(qos_s_t *s, qos_s_entry_t *pA, time_t now) { + qos_s_entry_t **clientEntry = clientEntry = qos_cc_get0(s, pA, now); + if(!clientEntry) { + clientEntry = qos_cc_set(s, pA, now != 0 ? now : time(NULL)); + } + return clientEntry; +} + +static int qos_isnum(const char *x) { + const char *p = x; + if(x == NULL || x[0] == 0) { + return 0; + } + while(p && p[0]) { + if(!apr_isdigit(p[0])) { + return 0; + } + p++; + } + return 1; +} + +/* 000-255 */ +int qos_dec32c(const char *x) { + char buf[4]; + strncpy(buf, x, 3); + buf[3] = '\0'; + return atoi(buf); +} + +int qos_dec22c(const char *x) { + char buf[4]; + strncpy(buf, x, 2); + buf[2] = '\0'; + return atoi(buf); +} + +/** + * hex value for the char + * @param x + * @return hex value + */ +int qos_hex2c(const char *x) { + int i, ch; + ch = x[0]; + if (isdigit(ch)) { + i = ch - '0'; + }else if (isupper(ch)) { + i = ch - ('A' - 10); + } else { + i = ch - ('a' - 10); + } + i <<= 4; + + ch = x[1]; + if (isdigit(ch)) { + i += ch - '0'; + } else if (isupper(ch)) { + i += ch - ('A' - 10); + } else { + i += ch - ('a' - 10); + } + return i; +} + +#define QOS_ISHEX(x) (((x >= '0') && (x <= '9')) || \ + ((x >= 'a') && (x <= 'f')) || \ + ((x >= 'A') && (x <= 'F'))) + + +/** + * url unescaping (%xx, \xHH, '+') + * optional decoding: + * - uni: MS IIS unicode %uXXXX + * - ansi: ansi c esc (\n, \r, ...), not implemented + * - char: charset conv, not implemented + * - html: (amp/angelbr, &#xHH;, &#DDD;, &#DD;), not implemented ('&' is delimiter) + */ +static int qos_unescaping(char *x, int mode, int *error) { + /* start with standard url decoding*/ + int i, j, ch; + if(x == 0) { + return 0; + } + if(x[0] == '\0') { + return 0; + } + for(i = 0, j = 0; x[i] != '\0'; i++, j++) { + ch = x[i]; + if(ch == '%') { + if(QOS_ISHEX(x[i + 1]) && QOS_ISHEX(x[i + 2])) { + /* url %xx */ + ch = qos_hex2c(&x[i + 1]); + i += 2; + } else if((mode & QOS_DEC_MODE_FLAGS_UNI) && + ((x[i + 1] == 'u') || (x[i + 1] == 'U')) && + QOS_ISHEX(x[i + 2]) && + QOS_ISHEX(x[i + 3]) && + QOS_ISHEX(x[i + 4]) && + QOS_ISHEX(x[i + 5])) { + /* unicode %uXXXX */ + ch = qos_hex2c(&x[i + 4]); + if((ch > 0x00) && (ch < 0x5f) && + ((x[i + 2] == 'f') || (x[i + 2] == 'F')) && + ((x[i + 3] == 'f') || (x[i + 3] == 'F'))) { + ch += 0x20; + } + i += 5; + } else { + (*error)++; + } + } else if((ch == '\\') && + (mode & QOS_DEC_MODE_FLAGS_UNI) && + ((x[i + 1] == 'u') || (x[i + 1] == 'U'))) { + if(QOS_ISHEX(x[i + 2]) && + QOS_ISHEX(x[i + 3]) && + QOS_ISHEX(x[i + 4]) && + QOS_ISHEX(x[i + 5])) { + /* unicode \uXXXX */ + ch = qos_hex2c(&x[i + 4]); + if((ch > 0x00) && (ch < 0x5f) && + ((x[i + 2] == 'f') || (x[i + 2] == 'F')) && + ((x[i + 3] == 'f') || (x[i + 3] == 'F'))) { + ch += 0x20; + } + i += 5; + } else { + (*error)++; + } + } else if(ch == '\\' && (x[i + 1] == 'x')) { + if(QOS_ISHEX(x[i + 2]) && QOS_ISHEX(x[i + 3])) { + /* url \xHH */ + ch = qos_hex2c(&x[i + 2]); + i += 3; + } else { + (*error)++; + } + } else if(ch == '+') { + ch = ' '; + } + x[j] = ch; + } + x[j] = '\0'; + return j; +} + +/** + * returns the request id from mod_unique_id (if available) + */ +static const char *qos_unique_id(request_rec *r, const char *eid) { + const char *uid = apr_table_get(r->subprocess_env, "UNIQUE_ID"); + if(eid) { + apr_table_set(r->notes, "error-notes", eid); + apr_table_set(r->subprocess_env, QS_ErrorNotes, eid); + } + if(uid == NULL) { + /* generate simple id if mod_unique_id has not been not loaded */ + qos_unique_id_t id; + char *uidstr; + int len; + + m_unique_id.unique_id_counter++; + id.request_time = r->request_time; + id.in_addr = m_unique_id.in_addr; +#if APR_HAS_THREADS + id.tid = apr_os_thread_current(); +#endif + id.conn = r->connection->id; + id.unique_id_counter = m_unique_id.unique_id_counter; + uidstr = (char *)apr_pcalloc(r->pool, apr_base64_encode_len(sizeof(qos_unique_id_t))); + len = qos_encode64_binary(uidstr, (const char *)&id, sizeof(qos_unique_id_t)); + uidstr[len-2] = (id.unique_id_counter%8)+50; + uid = uidstr; + apr_table_set(r->subprocess_env, "UNIQUE_ID", uid); + } + return uid; +} + +static void qos_log_env(request_rec *r, const char *handler) { + char *msg = ""; + int i; + apr_table_entry_t *e = (apr_table_entry_t *) apr_table_elts(r->subprocess_env)->elts; + for (i = 0; i < apr_table_elts(r->subprocess_env)->nelts; ++i) { + msg = apr_psprintf(r->pool, "%s=%s;%s", e[i].key, e[i].val, msg); + } + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, 0, r, + QOS_LOG_PFX(210)"ENV %s %s %s", handler, msg, qos_unique_id(r, NULL)); + return; +} + +static char *qos_ipv6_hash(request_rec *r, const char *var) { + char *md = ap_md5_binary(r->pool, (unsigned char *)var, strlen(var)); + char *hash = apr_pcalloc(r->pool, 64); + char *d = hash; + int c = 0; + while(md[0]) { + d[0] = md[0]; + d++; + c++; + md++; + if(c == 4 && md[0]) { + c=0; + d[0] = ':'; + d++; + } + } + d[0] = '\0'; + return hash; +} + +static const char *qos_forwardedfor_fromHeader(request_rec *r, const char *header) { + const char *forwardedfor = apr_table_get(r->headers_in, header); + if(forwardedfor == NULL && r->prev) { + // internal redirect? + forwardedfor = apr_table_get(r->prev->headers_in, header); + } + if(forwardedfor == NULL && r->main) { + // internal redirect? + forwardedfor = apr_table_get(r->main->headers_in, header); + } + return forwardedfor; +} + +static const char *qos_forwardedfor_fromSSL(request_rec *r) { + if(qos_ssl_var) { + const char *dn = qos_ssl_var(r->pool, r->server, r->connection, r, "SSL_CLIENT_S_DN"); + const char *issuer = qos_ssl_var(r->pool, r->server, r->connection, r, "SSL_CLIENT_I_DN"); + char *header = apr_pstrcat(r->pool, dn, issuer, NULL); + if(header && header[0]) { + return header; + } + } + return NULL; +} + +static const char *qos_pseudoip(request_rec *r, const char *header) { + const char *forwardedfor = NULL; + if(strcmp("SSL_CLIENT_S_DN", header) == 0) { + forwardedfor = qos_forwardedfor_fromSSL(r); + } else { + forwardedfor = qos_forwardedfor_fromHeader(r, header); + } + if(forwardedfor && forwardedfor[0]) { + return qos_ipv6_hash(r, forwardedfor); + } + return NULL; +} + +static const char *qos_forwardedfor(request_rec *r, const char *header) { + const char *forwardedfor = NULL; + if(header[0] == '#') { + forwardedfor = qos_pseudoip(r, &header[1]); + } else { + forwardedfor = qos_forwardedfor_fromHeader(r, header); + } + return forwardedfor; +} + +/** + * Returns the client IP, either from the connection + * of from the forwarded-for header if configured + * + * @param r Request to get the IP from the header + * @param sconf + * @param cconf (if available) to get the real IP from + * @param caller Which caller of the method + * @param ip6 The client's IP address to be used (pointer to array of unsigned long (2)) + * @return The client's IP address as a string (for logging) + */ +static const char *qos_get_clientIP(request_rec *r, qos_srv_config *sconf, + qs_conn_ctx *cconf, const char *caller, + apr_uint64_t *ip6) { + const char *forwardedForLogIP; + if(sconf->qos_cc_forwardedfor) { + const char *forwardedfor = qos_forwardedfor(r, sconf->qos_cc_forwardedfor); + if(forwardedfor) { + if(qos_ip_str2long(forwardedfor, ip6) == 0) { + if(apr_table_get(r->notes, "QOS_LOG_PFX069") == NULL) { + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, + QOS_LOG_PFX(069)"no valid IP header found (@%s):" + " invalid header value '%s'," + " fallback to connection's IP %s, id=%s", + caller, + forwardedfor, + QS_CONN_REMOTEIP(r->connection) == NULL ? "-" : + QS_CONN_REMOTEIP(r->connection), + qos_unique_id(r, "069")); + apr_table_set(r->notes, "QOS_LOG_PFX069", "log once"); + QS_INC_EVENT(sconf, 69); + } + } else { + // done + return forwardedfor; + } + } else { + if(apr_table_get(r->notes, "QOS_LOG_PFX069") == NULL) { + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, + QOS_LOG_PFX(069)"no valid IP header found (@%s):" + " header '%s' not available," + " fallback to connection's IP %s, id=%s", + caller, + sconf->qos_cc_forwardedfor, + QS_CONN_REMOTEIP(r->connection) == NULL ? "-" : QS_CONN_REMOTEIP(r->connection), + qos_unique_id(r, "069")); + apr_table_set(r->notes, "QOS_LOG_PFX069", "log once"); + QS_INC_EVENT(sconf, 69); + } + } + } + // use the real IP + if(cconf) { + forwardedForLogIP = QS_CONN_REMOTEIP(cconf->mc); + // works for real connections only (no HTTP/2) + ip6[0] = cconf->ip6[0]; + ip6[1] = cconf->ip6[1]; + } else { + // HTTP/2 + forwardedForLogIP = QS_CONN_REMOTEIP(r->connection); + qos_ip_str2long(forwardedForLogIP, ip6); + } + return forwardedForLogIP; +} + +/** + * returns the version number of mod_qos + * @param p Pool to alloc version string from + * @return Version string + */ +static char *qos_revision(apr_pool_t *p) { + return apr_pstrdup(p, g_revision); +} + +/** + * returns the request context + */ +static qs_req_ctx *qos_rctx_config_get(request_rec *r) { + qs_req_ctx *rctx = ap_get_module_config(r->request_config, &qos_module); + if(rctx == NULL) { + rctx = apr_pcalloc(r->pool, sizeof(qs_req_ctx)); + rctx->entry = NULL; + rctx->entry_cond = NULL; + rctx->evmsg = NULL; + rctx->is_vip = 0; + rctx->event_entries = apr_table_make(r->pool, 1); + rctx->maxpostcount = 0; + rctx->cc_event_req_set = 0; + rctx->cc_event_ip[0] = 0; + rctx->cc_event_ip[1] = 0; + rctx->cc_serialize_set = 0; + rctx->cc_serialize_ip[0] = 0; + rctx->cc_serialize_ip[1] = 0; + rctx->srv_serialize_set = 0; + rctx->body_window = NULL; + rctx->response_delayed = 0; + ap_set_module_config(r->request_config, &qos_module, rctx); + } + return rctx; +} + +/** + * Adds the defined mod_qos_ev id to the request context (creates + * the req ctx if necessary). + * + * @param r + * @param id ID to set, e.g. "L;" or "D;" + */ +static void qs_set_evmsg(request_rec *r, const char *id) { + qs_req_ctx *rctx = qos_rctx_config_get(r); + if(rctx->evmsg == NULL || (strstr(rctx->evmsg, id) == NULL)) { + rctx->evmsg = apr_pstrcat(r->pool, id, rctx->evmsg, NULL); + } +} + +/** + * Encrypts and base64 encodes the provided buffer + * @param r + * @param sconf Secret to use (sconf->key) + * @param b Buffer to encrypt + * @param l Length of the buffer + * @return Encrypted string (or NULL on error) + */ +static char *qos_encrypt(request_rec *r, qos_srv_config *sconf, + const unsigned char *b, int l) { +#if OPENSSL_VERSION_NUMBER < 0x10100000L + EVP_CIPHER_CTX cipher_ctx; + EVP_CIPHER_CTX *cipher_ctx_p = &cipher_ctx; + HMAC_CTX hmac; + HMAC_CTX *hmac_p = &hmac; +#else + EVP_CIPHER_CTX *cipher_ctx_p; + HMAC_CTX *hmac_p; +#endif + unsigned char hash[HMAC_MAX_MD_CBLOCK]; + unsigned int hashLen = HMAC_MAX_MD_CBLOCK; + int buf_len = 0; + int len = 0; + unsigned char *buf = apr_pcalloc(r->pool, + + EVP_MAX_IV_LENGTH + + QOS_HASH_LEN + + l + + EVP_CIPHER_block_size(EVP_des_ede3_cbc())); + +#if APR_HAS_RANDOM + if(apr_generate_random_bytes(buf, EVP_MAX_IV_LENGTH) != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + QOS_LOG_PFX(080)"Can't generate random data, id=%s", + qos_unique_id(r, NULL)); + } +#else + if(!RAND_bytes(buf, EVP_MAX_IV_LENGTH)) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + QOS_LOG_PFX(080)"Can't generate random data, id=%s", + qos_unique_id(r, NULL)); + } +#endif + + /* checksum */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_CTX_init(hmac_p); +#else + hmac_p = HMAC_CTX_new(); +#endif +#ifndef OPENSSL_NO_MD5 + HMAC_Init_ex(hmac_p, sconf->rawKey, sconf->rawKeyLen, EVP_md5(), NULL); +#else + HMAC_Init_ex(hmac_p, sconf->rawKey, sconf->rawKeyLen, EVP_sha256(), NULL); +#endif + HMAC_Update(hmac_p, b, l); + HMAC_Final(hmac_p, hash, &hashLen); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_CTX_cleanup(hmac_p); +#else + HMAC_CTX_free(hmac_p); +#endif + + /* sym enc */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L + EVP_CIPHER_CTX_init(cipher_ctx_p); +#else + cipher_ctx_p = EVP_CIPHER_CTX_new(); +#endif + EVP_EncryptInit(cipher_ctx_p, EVP_des_ede3_cbc(), sconf->key, (unsigned char *)buf); + + // skip iv, enc(hash + data) + buf_len = EVP_MAX_IV_LENGTH; + if(!EVP_EncryptUpdate(cipher_ctx_p, &buf[buf_len], &len, hash, QOS_HASH_LEN)) { + goto failed; + } + buf_len+=len; + if(!EVP_EncryptUpdate(cipher_ctx_p, &buf[buf_len], &len, b, l)) { + goto failed; + } + buf_len+=len; + if(!EVP_EncryptFinal(cipher_ctx_p, &buf[buf_len], &len)) { + goto failed; + } + buf_len+=len; + +#if OPENSSL_VERSION_NUMBER < 0x10100000L + EVP_CIPHER_CTX_cleanup(cipher_ctx_p); +#else + EVP_CIPHER_CTX_free(cipher_ctx_p); +#endif + + /* b64 encode */ + { + char *data = (char *)apr_pcalloc(r->pool, 1 + apr_base64_encode_len(buf_len)); + len = apr_base64_encode(data, (const char *)buf, buf_len); + data[len] = '\0'; + return data; + } + + failed: +#if OPENSSL_VERSION_NUMBER < 0x10100000L + EVP_CIPHER_CTX_cleanup(cipher_ctx_p); +#else + EVP_CIPHER_CTX_free(cipher_ctx_p); +#endif + if(QS_ISDEBUG(r->server)) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + QOS_LOGD_PFX"qos_encrypt() encryption operation failed, id=%s", + qos_unique_id(r, NULL)); + } + return NULL; +} + +/** + * Decryptes the base64 encoded string (see qos_encrypt()). + * @param r + * @param sconf To access the secret + * @param ret_buf Pointer to the decypted data (result), NULL if decyption fails + * @param value Base64 encded string to decrypt + * @return Length of the decypted data (0 if decyption failed) + */ +static int qos_decrypt(request_rec *r, qos_srv_config* sconf, + unsigned char **ret_buf, const char *value) { +#if OPENSSL_VERSION_NUMBER < 0x10100000L + EVP_CIPHER_CTX cipher_ctx; + EVP_CIPHER_CTX *cipher_ctx_p = &cipher_ctx; +#else + EVP_CIPHER_CTX *cipher_ctx_p; +#endif + + /* decode */ + char *dec = (char *)apr_pcalloc(r->pool, 1 + apr_base64_decode_len(value)); + int dec_len = apr_base64_decode(dec, value); + *ret_buf = NULL; + + if(dec_len < (EVP_MAX_IV_LENGTH + QOS_HASH_LEN)) { + if(QS_ISDEBUG(r->server)) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + QOS_LOGD_PFX"qos_decrypt() base64 decoding failed, id=%s", + qos_unique_id(r, NULL)); + } + return 0; + } else { + /* decrypt */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_CTX hmac; + HMAC_CTX *hmac_p = &hmac; +#else + HMAC_CTX *hmac_p; +#endif + unsigned char hash[HMAC_MAX_MD_CBLOCK]; + unsigned int hashLen = HMAC_MAX_MD_CBLOCK; + int len = 0; + int buf_len = 0; + unsigned char *buf; + dec_len -= EVP_MAX_IV_LENGTH; + buf = apr_pcalloc(r->pool, dec_len); + + /* sym dec */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L + EVP_CIPHER_CTX_init(cipher_ctx_p); +#else + cipher_ctx_p = EVP_CIPHER_CTX_new(); +#endif + EVP_DecryptInit(cipher_ctx_p, EVP_des_ede3_cbc(), sconf->key, (unsigned char *)dec); + if(!EVP_DecryptUpdate(cipher_ctx_p, (unsigned char *)&buf[buf_len], &len, + (const unsigned char *)&dec[EVP_MAX_IV_LENGTH], dec_len)) { + goto failed; + } + buf_len+=len; + if(!EVP_DecryptFinal(cipher_ctx_p, (unsigned char *)&buf[buf_len], &len)) { + goto failed; + } + buf_len+=len; + +#if OPENSSL_VERSION_NUMBER < 0x10100000L + EVP_CIPHER_CTX_cleanup(cipher_ctx_p); +#else + EVP_CIPHER_CTX_free(cipher_ctx_p); +#endif + + // hash + data + if(buf_len < (QOS_HASH_LEN + 1)) { + if(QS_ISDEBUG(r->server)) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + QOS_LOGD_PFX"qos_decrypt() misshing hash, id=%s", + qos_unique_id(r, NULL)); + } + return 0; + } + + /* checksum */ + buf_len -= QOS_HASH_LEN; +#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_CTX_init(hmac_p); +#else + hmac_p = HMAC_CTX_new(); +#endif +#ifndef OPENSSL_NO_MD5 + HMAC_Init_ex(hmac_p, sconf->rawKey, sconf->rawKeyLen, EVP_md5(), NULL); +#else + HMAC_Init_ex(hmac_p, sconf->rawKey, sconf->rawKeyLen, EVP_sha256(), NULL); +#endif + HMAC_Update(hmac_p, &buf[QOS_HASH_LEN], buf_len); + HMAC_Final(hmac_p, hash, &hashLen); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_CTX_cleanup(hmac_p); +#else + HMAC_CTX_free(hmac_p); +#endif + if(hashLen > QOS_HASH_LEN) { + // we don't keep more than 16 bytes + hashLen = QOS_HASH_LEN; + } + if(memcmp(hash, buf, hashLen) != 0) { + if(QS_ISDEBUG(r->server)) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + QOS_LOGD_PFX"qos_decrypt() invalid hash, id=%s", + qos_unique_id(r, NULL)); + } + return 0; + } + + /* decrypted and valid */ + *ret_buf = &buf[QOS_HASH_LEN]; + return buf_len; + } + + failed: +#if OPENSSL_VERSION_NUMBER < 0x10100000L + EVP_CIPHER_CTX_cleanup(cipher_ctx_p); +#else + EVP_CIPHER_CTX_free(cipher_ctx_p); +#endif + if(QS_ISDEBUG(r->server)) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + QOS_LOGD_PFX"qos_decrypt() decryption operation failed, id=%s", + qos_unique_id(r, NULL)); + } + return 0; +} + +/** + * Adds the user tracking cookie to r->headers_out if QOS_USER_TRACKING_NEW env variable + * has been set. + * @param r + * @param sconf + * @param status (302 or other) + */ +static void qos_send_user_tracking_cookie(request_rec *r, qos_srv_config* sconf, + int status) { + const char *new_user = apr_table_get(r->subprocess_env, QOS_USER_TRACKING_NEW); + if(new_user) { + char *setCookieVal; + apr_size_t retcode; + char timeString[MAX_STRING_LEN]; + apr_time_exp_t timeEx; + int new_user_len = strlen(new_user); + int len = 2 + new_user_len; + unsigned char *value = apr_pcalloc(r->pool, len + 1); + char *encryptedVal; + char *domain = NULL; + apr_time_exp_gmt(&timeEx, r->request_time); + apr_strftime(timeString, &retcode, sizeof(timeString), "%m", &timeEx); +#ifdef QS_INTERNAL_TEST + { + const char *m = apr_table_get(r->headers_in, "X-TEST-USER-TRACK-MONTH"); + if(m) { + strcpy(timeString, m); + } + } +#endif + memcpy(value, timeString, 2); + memcpy(&value[2], new_user, new_user_len); + value[len] = '\0'; + encryptedVal = qos_encrypt(r, sconf, value, len + 1); + if(sconf->user_tracking_cookie_domain != NULL) { + domain = apr_pstrcat(r->pool, "; Domain=", sconf->user_tracking_cookie_domain, NULL); + } + /* set cookie valid for 300 days or for this session only */ + setCookieVal = apr_psprintf(r->pool, "%s=%s; Path=/%s%s", + sconf->user_tracking_cookie, encryptedVal, + sconf->user_tracking_cookie_session < 1 ? "; Max-Age=25920000" : "", + domain != NULL ? domain : ""); + if(status != HTTP_MOVED_TEMPORARILY) { + apr_table_add(r->headers_out, "Set-Cookie", setCookieVal); + } else { + apr_table_add(r->err_headers_out, "Set-Cookie", setCookieVal); + } + } + return; +} + +/** + * Verifies and sets the user tracking cookie + * - QOS_USER_TRACKING if the cookie was available + * - QOS_USER_TRACKING_NEW if a new cookie needs to be set + * - QOS_USER_TRACKING_RENEW if the cookie shall be renewed + * + * syntax: b64(enc(<month><UNIQUE_ID>)) + * + * shall be called after(!) mod_unique_id has created an id + * + * @param r + * @param sconf + * @param value Cookie received from the client, possibly null (see qos_get_remove_cookie()) + */ +static void qos_get_create_user_tracking(request_rec *r, qos_srv_config* sconf, + const char *value) { + const char *uid = qos_unique_id(r, NULL); + const char *verified = NULL; + const char *newUID = NULL; + if(value != NULL) { + int buf_len = 0; + unsigned char *buf; + buf_len = qos_decrypt(r, sconf, &buf, value); + if(buf_len > 0) { + verified = (char *)buf; + } + } + if(verified == NULL) { + newUID = uid; + apr_table_set(r->subprocess_env, QOS_USER_TRACKING_NEW, newUID); + qs_set_evmsg(r, "u;"); + } else if(strlen(verified) > 2) { + apr_size_t retcode; + char timeString[MAX_STRING_LEN]; + apr_time_exp_t timeEx; + apr_time_exp_gmt(&timeEx, r->request_time); + apr_strftime(timeString, &retcode, sizeof(timeString), "%m", &timeEx); + if(strncmp(timeString, verified, 2) != 0) { + /* renew, if not from this month */ + apr_table_set(r->subprocess_env, QOS_USER_TRACKING_NEW, &verified[2]); + apr_table_set(r->subprocess_env, QOS_USER_TRACKING_RENEW, "1"); + } + newUID = &verified[2]; + } else { + newUID = uid; + apr_table_set(r->subprocess_env, QOS_USER_TRACKING_NEW, newUID); + } + apr_table_set(r->subprocess_env, QOS_USER_TRACKING, newUID); + return; +} + +/** + * Adds new milestone cookie to the response headers if QOS_MILESTONE_COOKIE + * has been set. + * See qos_verify_milestone() about the syntax. + */ +static void qos_update_milestone(request_rec *r, qos_srv_config* sconf) { + const char *new_ms = apr_table_get(r->subprocess_env, QOS_MILESTONE_COOKIE); + if(new_ms) { + apr_time_t now = apr_time_sec(r->request_time); + int new_ms_len = strlen(new_ms); + int len = sizeof(apr_time_t) + new_ms_len; + unsigned char *value = apr_pcalloc(r->pool, len + 1); + char *encryptedVal; + + apr_table_unset(r->subprocess_env, QOS_MILESTONE_COOKIE); + memcpy(value, &now, sizeof(apr_time_t)); + memcpy(&value[sizeof(apr_time_t)], new_ms, new_ms_len); + value[len] = '\0'; + encryptedVal = qos_encrypt(r, sconf, value, len); + apr_table_add(r->headers_out, "Set-Cookie", + apr_psprintf(r->pool, "%s=%s; Path=/;", + QOS_MILESTONE_COOKIE, encryptedVal)); + } + return; +} + +/** + * Verifies the milestone. Evaluates rule and enforces it. Does also set the + * QOS_MILESTONE_COOKIE variable if a new milestone has been reached. + * + * milestone cookie syntax: b64(enc(<time><milestone>)) + * + * @param r + * @param sconf + * @param value Cookie received from the client (contains the already reached milestones) + * @return APR_SUCCESS if request is allowed, otherwise HTTP_FORBIDDEN + */ + +static int qos_verify_milestone(request_rec *r, qos_srv_config* sconf, const char *value) { + char *the_request; + int the_request_len; + int escerr = 0; + qos_milestone_t *milestone = NULL; + qos_milestone_t *entries; + int i; + int ms = -1; // milestone the user has reached + int required = -1; // required for this request + apr_time_t age = 0; // milestone's age + + if(value != NULL) { + int buf_len = 0; + unsigned char *buf; + buf_len = qos_decrypt(r, sconf, &buf, value); + if(buf_len >= (sizeof(apr_time_t) + 1)) { + apr_time_t *t = (apr_time_t *)buf; + apr_time_t now = apr_time_sec(r->request_time); + age = now - *t; + if(now <= (*t + sconf->milestoneTimeout)) { + ms = atoi((char *)&buf[sizeof(apr_time_t)]); + } + } + } + the_request = apr_pstrdup(r->pool, r->the_request); + the_request_len = qos_unescaping(the_request, QOS_DEC_MODE_FLAGS_URL, &escerr); + entries = (qos_milestone_t *)sconf->milestones->elts; + for(i = 0; i < sconf->milestones->nelts; ++i) { + milestone = &entries[i]; + if(qos_regexec_len(r->pool, milestone->preg, the_request, the_request_len) == 0) { + required = milestone->num; + break; + } + } + if(milestone && (required >= 0)) { + int severity = milestone->action == QS_DENY ? APLOG_ERR : APLOG_WARNING; + if(ms < (required - 1)) { + /* not allowed */ + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|severity, 0, r, + QOS_LOG_PFX(047)"access denied, reached milestone '%d' (%s)," + " user has already passed '%s'," + " action=%s, c=%s, id=%s", + required, milestone->pattern, + ms == -1 ? "none" : apr_psprintf(r->pool, "%d", ms), + !sconf->log_only && milestone->action == QS_DENY ? + "deny" : "log only (pass milestone)", + QS_CONN_REMOTEIP(r->connection) == NULL ? "-" : QS_CONN_REMOTEIP(r->connection), + qos_unique_id(r, "047")); + QS_INC_EVENT(sconf, 47); + if(milestone->action == QS_DENY) { + return HTTP_FORBIDDEN; + } + } + if(milestone->thinktime > 0) { + if(age < milestone->thinktime) { + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|severity, 0, r, + QOS_LOG_PFX(147)"access denied, reached milestone '%d' (%s)," + " earlier than expected (right after %"APR_TIME_T_FMT" instead of %d seconds)," + " action=%s, c=%s, id=%s", + required, milestone->pattern, + age, milestone->thinktime, + !sconf->log_only && milestone->action == QS_DENY ? + "deny" : "log only (pass milestone)", + QS_CONN_REMOTEIP(r->connection) == NULL ? "-" : QS_CONN_REMOTEIP(r->connection), + qos_unique_id(r, "147")); + QS_INC_EVENT(sconf, 147); + if(milestone->action == QS_DENY) { + return HTTP_FORBIDDEN; + } + } + } + if(required > ms) { + /* update milestone */ + apr_table_set(r->subprocess_env, QOS_MILESTONE_COOKIE, apr_psprintf(r->pool, "%d", required)); + } + } + return APR_SUCCESS; +} + + +/** + * Extracts the cookie from the request. + * @param r + * @param cookieName Name of the cookie to remove from the request headers + * @param Cookie if available of NULL if not + */ +static char *qos_get_remove_cookie(request_rec *r, const char *cookieName) { + const char *cookieHdr = apr_table_get(r->headers_in, "cookie"); + if(cookieHdr) { + char *cn = apr_pstrcat(r->pool, cookieName, "=", NULL); + char *pt = ap_strcasestr(cookieHdr, cn); + char *p = NULL; + while(pt && !p) { + // ensure we found the real cookie (and not an ending b64 str) + if(pt == cookieHdr) { + // @beginning of the header + p = pt; + pt = NULL; + } else { + char pre = pt[-1]; + if(pre == ' ' || + pre == ';') { + // @beginning of a cookie + p = pt; + pt = NULL; + } else { + // found patter somewhere else + pt++; + pt = ap_strcasestr(pt, cn); + } + } + } + if(p) { + char *sp = p; + char *value = NULL; + p[0] = '\0'; /* terminates the beginning of the cookie header */ + sp--; /* deletes spaces "in front" of the qos cookie */ + while((sp > cookieHdr) && (sp[0] == ' ')) { + sp[0] = '\0'; + sp--; + } + p = &p[strlen(cn)]; + value = ap_getword(r->pool, (const char **)&p, ';'); + while(p && (p[0] == ' ')) p++; + /* skip a path, if there is any */ + if(p && (strncasecmp(p, "$path=", strlen("$path=")) == 0)) { + ap_getword(r->pool, (const char **)&p, ';'); + } + /* restore cookie header appending the part left*/ + if(p && p[0]) { + if(cookieHdr[0]) { + if(p[0] == ' ') { + cookieHdr = apr_pstrcat(r->pool, cookieHdr, p, NULL); + } else { + cookieHdr = apr_pstrcat(r->pool, cookieHdr, " ", p, NULL); + } + } else { + cookieHdr = apr_pstrcat(r->pool, p, NULL); + } + } + if(strlen(cookieHdr) == 0) { + apr_table_unset(r->headers_in, "cookie"); + } else { + if((strncasecmp(cookieHdr, "$Version=", strlen("$Version=")) == 0) && + (strlen(cookieHdr) <= strlen("$Version=X; "))) { + /* nothing left */ + apr_table_unset(r->headers_in, "cookie"); + } else { + apr_table_set(r->headers_in, "cookie", cookieHdr); + } + } + return value; + } + } + return NULL; +} + +/** + * verifies the session cookie 0=failed, 1=succeeded + */ +static int qos_verify_session(request_rec *r, qos_srv_config* sconf) { + int buf_len = 0; + unsigned char *buf; + char *value = qos_get_remove_cookie(r, sconf->cookie_name); + if(value == NULL) { + return 0; + } + buf_len = qos_decrypt(r, sconf, &buf, value); + if(buf_len != sizeof(qos_session_t)) { + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, 0, r, + QOS_LOG_PFX(021)"session cookie verification failed, " + "decoding failed, id=%s", qos_unique_id(r, "021")); + QS_INC_EVENT(sconf, 21); + return 0; + } else { + qos_session_t *s = (qos_session_t *)buf; + if(s->time < (apr_time_sec(r->request_time) - sconf->max_age)) { + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, 0, r, + QOS_LOG_PFX(023)"session cookie verification failed, " + "expired, id=%s", qos_unique_id(r, "023")); + QS_INC_EVENT(sconf, 23); + return 0; + } + } + /* success */ + apr_table_set(r->notes, QS_REC_COOKIE, ""); + return 1; +} + +/** + * set/update the session cookie + */ +static void qos_set_session(request_rec *r, qos_srv_config *sconf) { + qos_session_t *s = (qos_session_t *)apr_pcalloc(r->pool, sizeof(qos_session_t)); + char *cookie; + char *session; + qs_set_evmsg(r, "V;"); // log VIP session creation + /* payload */ + s->time = time(NULL); + session = qos_encrypt(r, sconf, (const unsigned char *)s, sizeof(qos_session_t)); + if(session == NULL) { + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, 0, r, + QOS_LOG_PFX(025)"failed to create session cookie, id=%s", + qos_unique_id(r, "025")); + QS_INC_EVENT(sconf, 25); + return; + } + cookie = apr_psprintf(r->pool, "%s=%s; Path=%s; Max-Age=%d", + sconf->cookie_name, session, + sconf->cookie_path, sconf->max_age); + apr_table_add(r->headers_out,"Set-Cookie", cookie); + return; +} + +/** + * destroy shared memory and mutexes + */ +static void qos_destroy_act(qs_actable_t *act) { + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL, + QOS_LOGD_PFX"cleanup shared memory: %"APR_SIZE_T_FMT" bytes", + act->size); + act->child_init = 0; + if(act->lock_file && act->lock_file[0]) { + /* + We don't need to destroy locks manually as + apr_global_mutex_create() registers the cleanup + method itself to the pool we used when allocating the + lock. + if(act->lock) { + apr_global_mutex_destroy(act->lock); + } + */ + act->lock_file[0] = '\0'; + act->lock_file = NULL; + } + /* + We don't need to destroy shared memory + manually as apr_shm_create() registers the + cleanup method to the pool we used when + allocating the memory. + if(act->m) { + apr_shm_destroy(act->m); + } + */ + apr_pool_destroy(act->pool); +} + +/** + * returns the persistent configuration (restarts) + */ +static qos_user_t *qos_get_user_conf(apr_pool_t *ppool) { + void *v; + qos_user_t *u; + apr_pool_userdata_get(&v, QS_USR_SPE, ppool); + u = v; + if(v) { + return v; + } + u = (qos_user_t *)apr_pcalloc(ppool, sizeof(qos_user_t)); + u->server_start = 0; + u->act_table = apr_table_make(ppool, 2); + apr_pool_userdata_set(u, QS_USR_SPE, apr_pool_cleanup_null, ppool); + u->qos_cc = NULL; + return u; +} + +/** + * increments the event counters for the specified event + * @param ppool Process pool to fetch user ctx from + * @param event Event number + * @param locked Set this to 1 if user ctx is already locked + */ +static void qs_inc_eventcounter(apr_pool_t *ppool, int event, int locked) { + qos_user_t *u = qos_get_user_conf(ppool); + if(u->qos_cc == NULL) { + return; + } + if(!locked) { + apr_global_mutex_lock(u->qos_cc->lock); /* @CRT49 */ + } + u->qos_cc->eventTotal[event]++; + u->qos_cc->eventLast[event]++; + if(!locked) { + apr_global_mutex_unlock(u->qos_cc->lock); /* @CRT49 */ + } +} + +static int qs_calc_maxClients(server_rec *bs, qos_srv_config *bsconf) { + int maxThreads = 0; + int maxDaemons = 0; + int maxClientsCalc = 0; + int maxClients = 0; + + ap_mpm_query(AP_MPMQ_MAX_DAEMONS, &maxDaemons); + ap_mpm_query(AP_MPMQ_MAX_THREADS, &maxThreads); + maxClientsCalc = (maxThreads == 0 ? 1 : maxThreads) * (maxDaemons == 0 ? 1 : maxDaemons); + if(m_event_mpm) { + /* QS_MaxClients = (AsyncRequestWorkerFactor + 1) * MaxRequestWorkers */ + maxClientsCalc = (m_event_mpm_worker_factor + 1) * maxClientsCalc; + } + if(bsconf->max_clients_conf > 0) { + maxClients = bsconf->max_clients_conf; + } else { + maxClients = maxClientsCalc; + } + if(maxClients != maxClientsCalc) { + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, bs, + QOS_LOG_PFX(007)"calculated MaxClients/MaxRequestWorkers (max connections): %d," + " applied limit: %d (QS_MaxClients)", + maxClientsCalc, maxClients); + } else { + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, bs, + QOS_LOGD_PFX"calculated MaxClients/MaxRequestWorkers (max connections): %d", + maxClients); + } + return maxClients; +} + +#ifdef QS_APACHE_24 +/** + * tells if server is terminating immediately or not + */ +static int qos_is_graceful() { + if(ap_state_query(AP_SQ_MAIN_STATE) == AP_SQ_MS_EXITING) { + return 0; + } + if(ap_state_query(AP_SQ_CONFIG_GEN) == 0) { + return 0; + } + return 1; +} +#else +/** + * tells if server is terminating immediately or not + */ +static int qos_is_graceful() { + int mpm_gen = 0; + QOS_MY_GENERATION(mpm_gen); + if(mpm_gen != m_generation) return 1; + return 0; +} +#endif + +/* clear all counters of the per client data store at graceful restart + used to prevent counter grow due blocked/crashed client processes*/ +static void qos_clear_cc(qos_user_t *u) { + if(u->qos_cc) { + qos_s_entry_t **entry; + int i; + apr_global_mutex_lock(u->qos_cc->lock); /* @CRT37 */ + u->qos_cc->connections = 0; + if(m_generation > 0) { + // this process generation must not update the connections counter anymore + u->qos_cc->generation_locked = m_generation; + } + entry = u->qos_cc->ipd; + for(i = 0; i < u->qos_cc->max; i++) { + (*entry)->event_req = 0; + (*entry)->serialize = 0; + entry++; + } + apr_global_mutex_unlock(u->qos_cc->lock); /* @CRT37 */ + } +} + +/** + * destroys the act + * shared memory must not be destroyed before graceful restart has + * been finished due running requests still need the shared memory + * till they have finished. + * keep the memory leak as little as possible ... + */ +static apr_status_t qos_cleanup_shm(void *p) { + qs_actable_t *act = p; + qos_user_t *u = qos_get_user_conf(act->ppool); + char *this_generation; + char *last_generation; + int i; + apr_table_entry_t *entry; + + this_generation = apr_psprintf(act->ppool, "%d", m_generation); + last_generation = apr_psprintf(act->pool, "%d", m_generation-1); + qos_clear_cc(u); + + /* delete acts from the last graceful restart */ + entry = (apr_table_entry_t *)apr_table_elts(u->act_table)->elts; + for(i = 0; i < apr_table_elts(u->act_table)->nelts; i++) { + if(strcmp(entry[i].key, last_generation) == 0) { + qs_actable_t *a = (qs_actable_t *)entry[i].val; +#ifdef QS_INTERNAL_TEST + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, + QOS_LOGD_PFX"clear ACT generation '%s' at '%d'", last_generation, m_generation); +#endif + qos_destroy_act(a); + } + } + apr_table_unset(u->act_table, last_generation); + + if(qos_is_graceful()) { + /* don't delete this act now, but at next server restart ... */ + apr_table_addn(u->act_table, this_generation, (char *)act); + } else { + if(u->qos_cc) { + qos_cc_free(u->qos_cc); + u->qos_cc = NULL; + } +#ifdef QS_INTERNAL_TEST + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, + QOS_LOGD_PFX"clear ACT generation 'current' at '%d'", m_generation); +#endif + qos_destroy_act(act); + } + return APR_SUCCESS; +} + +/** + * init the shared memory of the act + * act->serialize <- start + act->qsstatustimer <- start + sizeof(serialize) + * act->conn <- start + sizeof(serialize) + sizeof(time_t) + * act->conn->conn_ip <- start + sizeof(serialize) + sizeof(time_t) + sizeof(conn) * QS_MEM_SEG + * + [max_ip] + * act->entry <- + * + [rule_entries] + * act->event_limit <- + * + [event_limit_entries] + */ +static apr_status_t qos_init_shm(server_rec *s, qos_srv_config *sconf, qs_actable_t *act, + apr_table_t *locRuleCfgTable, int maxClients) { + char *file = "-"; + apr_status_t res; + int i; + int ruleEntries = apr_table_elts(locRuleCfgTable)->nelts; + apr_table_entry_t *locRuleEntry = (apr_table_entry_t *)apr_table_elts(locRuleCfgTable)->elts; + int event_limit_entries = sconf->event_limit_a->nelts; + qs_acentry_t *actEntry = NULL; + int max_ip = maxClients; + + act->size = ((max_ip+QS_DOUBLE_CONN) * QS_MEM_SEG * APR_ALIGN_DEFAULT(sizeof(qs_ip_entry_t))) + + (ruleEntries * APR_ALIGN_DEFAULT(sizeof(qs_acentry_t))) + + (event_limit_entries * APR_ALIGN_DEFAULT(sizeof(qos_event_limit_entry_t))) + + APR_ALIGN_DEFAULT(sizeof(qs_conn_t)) + + APR_ALIGN_DEFAULT(sizeof(qs_serial_t)) + + APR_ALIGN_DEFAULT(sizeof(time_t)) + + 2048; + /* use anonymous shm by default */ + res = apr_shm_create(&act->m, act->size, NULL, act->pool); + if(APR_STATUS_IS_ENOTIMPL(res)) { + file = apr_psprintf(act->pool, "%s_m.mod_qos", + qos_tmpnam(act->pool, s)); +#ifdef ap_http_scheme + /* Apache 2.2 */ + apr_shm_remove(file, act->pool); +#endif + res = apr_shm_create(&act->m, act->size, file, act->pool); + } + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, + QOS_LOGD_PFX"%s(%s), create shared memory (ACT)(%s): %"APR_SIZE_T_FMT" bytes" + " (r=%d,ip=%d)", + s->server_hostname == NULL ? "-" : s->server_hostname, + s->is_virtual ? "v" : "b", + file, + act->size, + ruleEntries, max_ip); + if(res != APR_SUCCESS) { + char buf[MAX_STRING_LEN]; + apr_strerror(res, buf, sizeof(buf)); + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, + QOS_LOG_PFX(002)"failed to create shared memory (ACT)(%s): %s" + " (%"APR_SIZE_T_FMT" bytes)", + file, buf, act->size); + return res; + } else { + qs_serial_t *sp = apr_shm_baseaddr_get(act->m); + time_t *qsstatustimer = (time_t *)&sp[1]; + qs_conn_t *connEntryP = (qs_conn_t *)&qsstatustimer[1]; + qs_ip_entry_t *conn_ip = (qs_ip_entry_t *)&connEntryP[1]; + apr_time_t now = apr_time_now(); + act->serialize = sp; + act->serialize->q1 = 0; + act->serialize->q2 = 0; + act->serialize->locked = 0; + act->qsstatustimer = qsstatustimer; + *act->qsstatustimer = 0; + act->conn = connEntryP; + act->conn->conn_ip_len = (max_ip + QS_DOUBLE_CONN) * QS_MEM_SEG; + act->conn->conn_ip = conn_ip; + act->conn->max_client = max_ip; + act->conn->connections = 0; + for(i = 0; i < act->conn->conn_ip_len; i++) { + conn_ip->ip6[0] = 0; + conn_ip->ip6[1] = 0; + conn_ip->counter = 0; + conn_ip->error = 0; + conn_ip++; + } + if(ruleEntries) { + act->entry = (qs_acentry_t *)conn_ip; + actEntry = act->entry; + } else { + act->entry = NULL; + } + /* init rule entries (link data, init mutex) */ + for(i = 0; i < ruleEntries; i++) { + qs_rule_ctx_t *rule = (qs_rule_ctx_t *)locRuleEntry[i].val; + actEntry->next = &actEntry[1]; + actEntry->id = i; + actEntry->url = rule->url; + actEntry->url_len = strlen(actEntry->url); + actEntry->event = rule->event; + if(actEntry->event) { + act->has_events++; + } + actEntry->regex = rule->regex; + actEntry->condition = rule->condition; + actEntry->regex_var = rule->regex_var; + actEntry->limit = rule->limit; + if(actEntry->limit == 0 ) { + if((actEntry->condition == NULL) && (actEntry->event == NULL)) { + ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, 0, s, + QOS_LOG_PFX(003)"request level rule %s has no " + "concurrent request limitations", + actEntry->url); + } + } + actEntry->kbytes_interval_us = now; + actEntry->interval = apr_time_sec(now); + actEntry->bytes = 0; + actEntry->req_per_sec_limit = rule->req_per_sec_limit; + actEntry->kbytes_per_sec_limit = rule->kbytes_per_sec_limit; + actEntry->kbytes_per_sec = 0; + actEntry->counter = 0; + actEntry->lock = act->lock; + if(i < ruleEntries - 1) { + actEntry = actEntry->next; + } else { + actEntry->next = NULL; + } + } + if(event_limit_entries == 0) { + act->event_entry = NULL; + } else { + // source (config) event limit array + qos_event_limit_entry_t *eventEntrySrc = (qos_event_limit_entry_t *)sconf->event_limit_a->elts; + // target (act) event limit array + qos_event_limit_entry_t *eventEntryDst; + if(actEntry) { + // end of the last act rule entry + act->event_entry = (qos_event_limit_entry_t *)&actEntry[1]; + } else { + // end of the last connection entry + act->event_entry = (qos_event_limit_entry_t *)conn_ip; + } + eventEntryDst = act->event_entry; + // set config + for(i = 0; i < event_limit_entries; i++) { + eventEntryDst->env_var = eventEntrySrc->env_var; + eventEntryDst->eventDecStr = eventEntrySrc->eventDecStr; + eventEntryDst->max = eventEntrySrc->max; + eventEntryDst->seconds = eventEntrySrc->seconds; + eventEntryDst->limit = 0; + eventEntryDst->limitTime = 0; + eventEntryDst->action = eventEntrySrc->action; + eventEntryDst->condStr = eventEntrySrc->condStr; + eventEntryDst->preg = eventEntrySrc->preg; + eventEntryDst++; + eventEntrySrc++; + } + } + } + return APR_SUCCESS; +} + +/** + * Loads the geo database. See QS_GEO_PATTERN about the file format. + * @param pool To allocate memory from + * @param geodb Data structore to initialize + * @param msg Error message if something went wrong while loading the db + * @param errors Number of errors + * @return APR_SUCCESS if data could be loaded resp. lines have been counted + */ +static apr_status_t qos_loadgeo(apr_pool_t *pool, qos_geo_t *geodb, + char **msg, int *errors) { + ap_regmatch_t ma[AP_MAX_REG_MATCH]; + ap_regex_t *preg; + qos_geo_entry_t *entry = NULL; + qos_geo_entry_t *last = NULL; + + int lines = 0; + char line[HUGE_STRING_LEN]; + FILE *file; + + preg = ap_pregcomp(pool, QS_GEO_PATTERN, AP_REG_EXTENDED); + if(preg == NULL) { + // internal error + *msg = apr_pstrdup(pool, "failed to compile regular" + " expression "QS_GEO_PATTERN); + (*errors)++; + return APR_INCOMPLETE; + } + + file = fopen(geodb->path, "r"); + if(!file) { + *msg = apr_psprintf(pool, "could not open file %s (%s)", + geodb->path, strerror(errno)); + (*errors)++; + return APR_INCOMPLETE; + } + + // check syntax and determine required memory size + while(fgets(line, sizeof(line), file) != NULL) { + if(strlen(line) > 0) { + if(ap_regexec(preg, line, 0, NULL, 0) == 0) { + lines++; + } else { + *msg = apr_psprintf(pool, "invalid entry in database: '%s'", line); + (*errors)++; + } + } + } + if(*errors != 0) { + return APR_INCOMPLETE; + } + + geodb->size = lines; + geodb->data = apr_pcalloc(pool, APR_ALIGN_DEFAULT(sizeof(qos_geo_entry_t)) * geodb->size); + + // load the file into the memory + entry = geodb->data; + fseek(file, 0, SEEK_SET); + lines = 0; + while(fgets(line, sizeof(line), file) != NULL) { + lines++; + if(strlen(line) > 0) { + if(ap_regexec(preg, line, AP_MAX_REG_MATCH, ma, 0) == 0) { + line[ma[1].rm_eo] = '\0'; + line[ma[2].rm_eo] = '\0'; + line[ma[3].rm_eo] = '\0'; + entry->start = atoll(&line[ma[1].rm_so]); + entry->end = atoll(&line[ma[2].rm_so]); + strncpy(entry->country, &line[ma[3].rm_so], 2); + if(last) { + if(entry->start < last->start) { + *msg = apr_psprintf(pool, "wrong order/lines not sorted (line %d)", + lines); + (*errors)++; + } + } + last = entry; + entry++; + } + } + } + + fclose(file); + if(*errors == 0) { + return APR_SUCCESS; + } else { + return APR_INCOMPLETE; + } +} + +/** + * Verifies if the string is a number + * @param num Number to test + * @param 1 if numeric (0 if not) + */ +static int qos_is_num(const char *num) { + int i = 0; + while(num[i]) { + if(!isdigit(num[i])) { + return 0; + } + i++; + } + return 1; +} + +/** + * Helper for the status viewer (unsigned long to char). + */ +static void qos_collect_ip(request_rec *r, qos_srv_config *sconf, + apr_table_t *entries, int limit, + int html) { + int i = sconf->act->conn->conn_ip_len; + qs_ip_entry_t *conn_ip = sconf->act->conn->conn_ip; + apr_global_mutex_lock(sconf->act->lock); /* @CRT8 */ + while(i) { + if(conn_ip->ip6[0] || conn_ip->ip6[1]) { + char *red = "style=\"background-color: rgb(240,153,155);\""; + if(html) { + apr_table_addn(entries, apr_psprintf(r->pool, "%s</td><td %s colspan=\"3\">%d", + qos_ip_long2str(r->pool, conn_ip->ip6), + ((limit != -1) && conn_ip->counter >= limit) ? red : "", + conn_ip->counter), ""); + } else { + apr_table_addn(entries, qos_ip_long2str(r->pool, conn_ip->ip6), apr_psprintf(r->pool, "%d", conn_ip->counter)); + } + } + conn_ip++; + i--; + } + apr_global_mutex_unlock(sconf->act->lock); /* @CRT8 */ +} + + +/** + * Count's the number of free ip entries (for the status viewer only) + */ +static int qos_count_free_ip(qos_srv_config *sconf) { + int c = sconf->act->conn->max_client; + int i = sconf->act->conn->conn_ip_len; + qs_ip_entry_t *conn_ip = sconf->act->conn->conn_ip; + apr_global_mutex_lock(sconf->act->lock); /* @CRT7 */ + while(i) { + if((conn_ip->ip6[0] != 0) || + (conn_ip->ip6[1] != 0)) { + c--; + } + conn_ip++; + i--; + } + apr_global_mutex_unlock(sconf->act->lock); /* @CRT7 */ + return c > 0 ? c : 0; +} + +/** + * Checks the subprocess_env table for + * event variable and returns its numeric value. + * + * @param r + * @param variable Name of the variable to lookup + * @return Number within the variable or 0 if not set + */ +static int get_qs_event(request_rec *r, const char *variable) { + const char *eventStr = apr_table_get(r->subprocess_env, variable); + if(eventStr == NULL) { + return 0; + } + if(qos_is_num(eventStr) && (strlen(eventStr) > 0)) { + int num = atoi(eventStr); + if(num <= 0) { + num = 1; + } + return num; + } + return 1; +} + +/** + * adds an ip entry (insert or increment) + * + * @param sconf + * @param cconf Configuration record containing the ip table(s) + * @param e Pointer to the IP entry + * NOTE: we can't sort the list since the address of this pointer + * must not be change (we don't keep the lock) + * @return The number of connections open by this IP + */ +static int qos_inc_ip(qos_srv_config *sconf, + qs_conn_ctx *cconf, qs_ip_entry_t **e) { + int num = -1; + qs_ip_entry_t *free = NULL; + int i = cconf->sconf->act->conn->conn_ip_len / QS_MEM_SEG; // size of the array + int seqnum = (cconf->ip6[1] % QS_MEM_SEG) * i; // array offset + qs_ip_entry_t *conn_ip = cconf->sconf->act->conn->conn_ip; + conn_ip = &conn_ip[seqnum]; // address of the first entry + + apr_global_mutex_lock(cconf->sconf->act->lock); /* @CRT1 */ + + // search the whole list (until we find an exiting entry for this ip) + while(i) { + if((conn_ip->ip6[0] == 0) && + (conn_ip->ip6[1] == 0) && + (free == NULL)) { + // first free entry + free = conn_ip; + } + if((conn_ip->ip6[0] == cconf->ip6[0]) && + (conn_ip->ip6[1] == cconf->ip6[1])) { + // found an existing entry + conn_ip->counter++; + num = conn_ip->counter; + *e = conn_ip; + break; + } + conn_ip++; + i--; + } + if(num == -1) { + // no entry found, use the first free entry + if(free) { + free->ip6[0] = cconf->ip6[0]; + free->ip6[1] = cconf->ip6[1]; + free->counter++; + num = free->counter; + *e = free; + } else { + ap_log_error(APLOG_MARK, APLOG_ALERT, 0, sconf->base_server, + QOS_LOG_PFX(035)"QS_SrvMaxConn: no free IP slot available!" + " Check log for unclean child exit and consider" + " to do a graceful server restart if this condition persists." + " You might also increase the number of supported connections" + " using the 'QS_MaxClients' directive."); + QS_INC_EVENT_LOCKED(sconf, 35); + } + } + + apr_global_mutex_unlock(cconf->sconf->act->lock); /* @CRT1 */ + return num; +} + +/** + * removes an ip entry (deletes/decrements) + */ +static void qos_dec_ip(qs_conn_ctx *cconf) { + int i = cconf->sconf->act->conn->conn_ip_len / QS_MEM_SEG; + int seqnum = (cconf->ip6[1] % QS_MEM_SEG) * i; + qs_ip_entry_t *conn_ip = cconf->sconf->act->conn->conn_ip; + conn_ip = &conn_ip[seqnum]; + apr_global_mutex_lock(cconf->sconf->act->lock); /* @CRT2 */ + while(i) { + if((conn_ip->ip6[0] == cconf->ip6[0]) && + (conn_ip->ip6[1] == cconf->ip6[1])) { + // entry found, decrement and exit + conn_ip->counter--; + if(conn_ip->counter == 0) { + // entry is no longer used by this ip + conn_ip->ip6[0] = 0; + conn_ip->ip6[1] = 0; + conn_ip->error = 0; + } + break; + } + conn_ip++; + i--; + } + apr_global_mutex_unlock(cconf->sconf->act->lock); /* @CRT2 */ +} + +static apr_status_t qos_cleanup_inctx(void *p) { + qos_ifctx_t *inctx = p; + qos_srv_config *sconf = inctx->sconf; +#if APR_HAS_THREADS + if(sconf && sconf->inctx_t && !sconf->inctx_t->exit) { + apr_thread_mutex_lock(sconf->inctx_t->lock); /* @CRT25 */ + inctx->status = QS_CONN_STATE_DESTROY; + apr_table_unset(sconf->inctx_t->table, + QS_INCTX_ID); + apr_thread_mutex_unlock(sconf->inctx_t->lock); /* @CRT25 */ + } +#endif + return APR_SUCCESS; +} + +/** + * creates a new connection ctx (remember to set the socket, connection and timeout) + */ +static qos_ifctx_t *qos_create_ifctx(conn_rec *connection, qos_srv_config *sconf) { + conn_rec *c = connection; + char buf[128]; + qos_ifctx_t *inctx = apr_pcalloc(c->pool, sizeof(qos_ifctx_t)); + inctx->clientSocket = NULL; + inctx->status = QS_CONN_STATE_NEW; + inctx->cl_val = 0; + inctx->c = c; + inctx->r = NULL; + inctx->clientSocket = NULL; + inctx->time = 0; + inctx->nbytes = 0; + inctx->hasBytes = 0; + inctx->shutdown = 0; + inctx->disabled = 0; + inctx->lowrate = -1; + sprintf(buf, "%p", inctx); + inctx->id = apr_psprintf(c->pool, "%s%.16lx", buf, c->id); + inctx->sconf = sconf; + apr_pool_pre_cleanup_register(c->pool, inctx, qos_cleanup_inctx); + return inctx; +} + +/** + * returns the context from the r->connection->input_filters + */ +static qos_ifctx_t *qos_get_ifctx(ap_filter_t *f) { + qos_ifctx_t *inctx = NULL; + while(f) { + if(strcmp(f->frec->name, "qos-in-filter") == 0) { + inctx = f->ctx; + break; + } + f = f->next; + } + return inctx; +} + +static qs_conn_base_ctx *qos_create_conn_base_ctx(conn_rec *connection, qos_srv_config *sconf) { + conn_rec *c = connection; + qs_conn_base_ctx *base = apr_pcalloc(c->pool, sizeof(qs_conn_base_ctx)); + base->cconf = NULL; + base->requests = 0; + base->c = c; + base->sconf = sconf; + base->clientSocket = NULL; + ap_set_module_config(c->conn_config, &qos_module, base); + apr_pool_pre_cleanup_register(c->pool, base, qos_base_cleanup_conn); + return base; +} + +static qs_conn_base_ctx *qos_get_conn_base_ctx(conn_rec *connection) { + conn_rec *c = connection; + qs_conn_base_ctx *base = (qs_conn_base_ctx*)ap_get_module_config(c->conn_config, &qos_module); + return base; +} + +/** + * send server error, used for connection errors + */ +static int qos_return_error_andclose(conn_rec *connection, apr_socket_t *socket) { + conn_rec *c = connection; + char *line = apr_pstrcat(c->pool, AP_SERVER_PROTOCOL, " ", + ap_get_status_line(500), CRLF CRLF, NULL); + apr_bucket *e = apr_bucket_pool_create(line, strlen(line), c->pool, c->bucket_alloc); + apr_bucket_brigade *bb = apr_brigade_create(c->pool, c->bucket_alloc); + + c->keepalive = AP_CONN_CLOSE; + c->aborted = 1; + if(c->cs) { + c->cs->state = CONN_STATE_LINGER; + } + apr_table_set(c->notes, QS_CONN_ABORT, QS_CONN_ABORT); + if (m_forced_close == 0) { + return DECLINED; + } + + //apr_brigade_cleanup(bb); + APR_BRIGADE_INSERT_HEAD(bb, e); + e = apr_bucket_flush_create(c->bucket_alloc); + APR_BRIGADE_INSERT_TAIL(bb, e); + ap_pass_brigade(c->output_filters, bb); + +// if(socket) { +// // speed up connection termination +// qos_ifctx_t *inctx = qos_get_ifctx(c->input_filters); +//#ifdef QS_INTERNAL_TEST +// struct timespec delay; +// delay.tv_sec = 0; +// delay.tv_nsec = 1000000; // 1ms to allow testing +// nanosleep(&delay, NULL); +//#endif +// apr_socket_shutdown(socket, APR_SHUTDOWN_READ); +// if(inctx) { +// qos_cleanup_inctx(inctx); +// } +// } + + return HTTP_INTERNAL_SERVER_ERROR; +} + +/** + * returns custom error page + */ +static int qos_error_response(request_rec *r, const char *error_page) { + if(r->subprocess_env) { + const char *v = apr_table_get(r->subprocess_env, "QS_ErrorPage"); + if(v) { + error_page = v; + } + } + + if(error_page) { + /* do (almost) the same as ap_die() does */ + const char *error_notes; + r->status = m_retcode; + r->connection->keepalive = AP_CONN_CLOSE; + r->no_local_copy = 1; + apr_table_setn(r->subprocess_env, "REQUEST_METHOD", r->method); + if ((error_notes = apr_table_get(r->notes, + "error-notes")) != NULL) { + apr_table_setn(r->subprocess_env, "ERROR_NOTES", error_notes); + } + /* external or internal redirect */ + if(strncasecmp(error_page, "http", 4) == 0) { + apr_table_set(r->headers_out, "Location", error_page); + return HTTP_MOVED_TEMPORARILY; + } else { + r->method = apr_pstrdup(r->pool, "GET"); + r->method_number = M_GET; + ap_internal_redirect(error_page, r); + return DONE; + } + } + return DECLINED; +} + +/** + * returns the matching regex with the lowest limitation + */ +static qs_acentry_t *qos_getrule_byregex(request_rec *r, qos_srv_config *sconf) { + qs_acentry_t *ret = NULL; + qs_actable_t *act = sconf->act; + qs_acentry_t *actEntry = act->entry; + int limit = -1; + while(actEntry) { + if((actEntry->event == NULL) && (actEntry->regex != NULL) && (actEntry->condition == NULL)) { + if((limit == -1) || (actEntry->limit < limit)) { + if(ap_regexec(actEntry->regex, r->unparsed_uri, 0, NULL, 0) == 0) { + if(limit == -1) { + ret = actEntry; + limit = actEntry->limit; + } else if(actEntry->limit < limit) { + ret = actEntry; + limit = actEntry->limit; + } + } + } + } + actEntry = actEntry->next; + } + return ret; +} + +/** + * returns the matching conditional regex with the lowest limitation + */ +static qs_acentry_t *qos_getcondrule_byregex(request_rec *r, qos_srv_config *sconf) { + qs_acentry_t *ret = NULL; + qs_actable_t *act = sconf->act; + qs_acentry_t *actEntry = act->entry; + int limit = -1; + while(actEntry) { + if((actEntry->event == NULL) && (actEntry->regex != NULL) && (actEntry->condition != NULL)) { + if((limit == -1) || (actEntry->limit < limit)) { + if(ap_regexec(actEntry->regex, r->unparsed_uri, 0, NULL, 0) == 0) { + if(limit == -1) { + ret = actEntry; + limit = actEntry->limit; + } else if(actEntry->limit < limit) { + ret = actEntry; + limit = actEntry->limit; + } + } + } + } + actEntry = actEntry->next; + } + return ret; +} + +/** + * returns the best matching location entry + */ +static qs_acentry_t *qos_getrule_bylocation(request_rec * r, qos_srv_config *sconf) { + qs_acentry_t *ret = NULL; + qs_actable_t *act = sconf->act; + qs_acentry_t *actEntry = act->entry; + int match_len = 0; + while(actEntry) { + if((actEntry->event == NULL) && (actEntry->regex == NULL)) { + /* per location limitation */ + if(actEntry->url && (strncmp(actEntry->url, r->parsed_uri.path, actEntry->url_len) == 0)) { + /* best match */ + if(actEntry->url_len > match_len) { + match_len = actEntry->url_len; + ret = actEntry; + } + } + } + actEntry = actEntry->next; + } + return ret; +} + +/** + * checks for VIP user (may pass restrictions) + */ +static int qos_is_vip(request_rec *r, qos_srv_config *sconf) { + if(qos_verify_session(r, sconf)) { + apr_table_set(r->subprocess_env, QS_VipRequest, "yes"); + apr_table_set(r->subprocess_env, QS_ISVIPREQ, "yes"); + return 1; + } + if(r->subprocess_env) { + const char *v = apr_table_get(r->subprocess_env, QS_VipRequest); + if(v && (strcasecmp(v, "yes") == 0)) { + apr_table_set(r->subprocess_env, QS_ISVIPREQ, "yes"); + return 1; + } + } + return 0; +} + +/** + * writes the parp table to a single query line + */ +static const char *qos_parp_query(request_rec *r, apr_table_t *tl, const char *add) { + int add_len = 0; + char *query = NULL; + int len = 0; + char *p; + int i; + apr_table_entry_t *entry = (apr_table_entry_t *)apr_table_elts(tl)->elts; + for(i = 0; i < apr_table_elts(tl)->nelts; i++) { + len = len + + (entry[i].key == NULL ? 0 : strlen(entry[i].key)) + + (entry[i].val == NULL ? 0 : strlen(entry[i].val)) + + 2; + } + if(add && add[0]) { + add_len = strlen(add); + len = len + add_len + 1; + } + query = apr_pcalloc(r->pool, len + 2); + query[0] = '?'; + if(add_len) { + memcpy(&query[1], add, add_len); + p = &query[add_len]; + } else { + p = &query[1]; + } + p[0] = '\0'; + for(i = 0; i < apr_table_elts(tl)->nelts; i++) { + int l = strlen(entry[i].key); + if(p != &query[1]) { + p[0] = '&'; + p++; + p[0] = '\0'; + } + memcpy(p, entry[i].key, l); + p += l; + p[0] = '='; + p++; + l = strlen(entry[i].val); + memcpy(p, entry[i].val, l); + p += l; + p[0] = '\0'; + } + apr_table_setn(r->notes, apr_pstrdup(r->pool, QS_PARP_QUERY), query); + return &query[1]; +} + +/* filter events */ +static int qos_per_dir_event_rules(request_rec *r, qos_srv_config *sconf, + qos_dir_config *dconf) { + apr_table_entry_t *entry = (apr_table_entry_t *)apr_table_elts(dconf->rfilter_table)->elts; + int i; + for(i = 0; i < apr_table_elts(dconf->rfilter_table)->nelts; i++) { + if(entry[i].key[0] == '+') { + int deny_rule = 0; + int ex = -1; + qos_rfilter_t *rfilter = (qos_rfilter_t *)entry[i].val; + if(rfilter->type == QS_DENY_EVENT) { + deny_rule = 1; + if(rfilter->text[0] == '!') { + if(apr_table_get(r->subprocess_env, &rfilter->text[1]) == NULL) { + ex = 0; + } + } else { + if(apr_table_get(r->subprocess_env, rfilter->text) != NULL) { + ex = 0; + } + } + } + if(deny_rule && (ex == 0)) { + int severity = rfilter->action == QS_DENY ? APLOG_ERR : APLOG_WARNING; + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|severity, 0, r, + QOS_LOG_PFX(040)"access denied, %s rule id: %s (%s)," + " action=%s, c=%s, id=%s", + qos_rfilter_type2text(r->pool, rfilter->type), + rfilter->id, + rfilter->text, + (!sconf->log_only) && (rfilter->action == QS_DENY) ? "deny" : "log only", + QS_CONN_REMOTEIP(r->connection) == NULL ? "-" : QS_CONN_REMOTEIP(r->connection), + qos_unique_id(r, "040")); + QS_INC_EVENT(sconf, 40); + if(rfilter->action == QS_DENY) { + return HTTP_FORBIDDEN; + } + } + } + } + return APR_SUCCESS; +} + +/* json parser start ------------------------------------------------------- */ +#define QOS_J_ERROR "HTTP_BAD_REQUEST QOS JSON PARSER: FORMAT ERROR" +#define QOS_j_RECURSION 80 + +static int j_val(apr_pool_t *pool, char **val, apr_table_t *tl, char *name, int rec); + +static char *j_escape_url(apr_pool_t *pool, const char *c) { + char buf[4]; + char special[] = " \t()<>@,;:\\/[]?={}\"'&%+"; + char *r = apr_pcalloc(pool, 3 * strlen(c)); + const char *p = c; + int i = 0; + while(p && p[0]) { + char c = p[0]; + if(!apr_isprint(c) || strchr(special, c)) { + sprintf(buf, "%02x", p[0]); + r[i] = '%'; i++; + r[i] = buf[0]; i++; + r[i] = buf[1]; i++; + } else { + r[i] = c; + i++; + } + p++; + } + return r; +} + +static char *j_strchr(char *data, char d) { + char *q = data; + if(!q) { + return NULL; + } + if(q[0] == d) { + return q; + } + while(q[0]) { + if((q[0] == d) && (q[-1] != '\\')) { + return q; + } + q++; + } + return NULL; +} + +static char *j_skip(char *in) { + if(!in) return NULL; + while(in[0] && ((in[0] == ' ') || + (in[0] == '\t') || + (in[0] == '\r') || + (in[0] == '\n') || + (in[0] == '\f'))) { + in++; + } + return in; +} + +static int j_string(apr_pool_t *pool, char **val, apr_table_t *tl, char *name, char **n) { + char *d = *val; + char *v = d; + char *end = j_strchr(d, '"'); + if(!end) { + apr_table_add(tl, QOS_J_ERROR, "error while parsing string (no ending double quote)"); + return HTTP_BAD_REQUEST; + } + end[0] = '\0'; + end++; + *val = j_skip(end); + /* TODO, improve string format validation */ + while(v[0]) { + if(v[0] < ' ') { + apr_table_add(tl, QOS_J_ERROR, "error while parsing string (invalid character)"); + return HTTP_BAD_REQUEST; + } + v++; + } + *n = d; + return APR_SUCCESS; +} + +static int j_num(apr_pool_t *pool, char **val, apr_table_t *tl, char *name, char **n) { + char *s = *val; + char *d = *val; + while(d && ((d[0] >= '0' && d[0] <= '9') || + d[0] == '.' || + d[0] == 'e' || + d[0] == 'E' || + d[0] == '+' || + d[0] == '-')) { + d++; + } + *n = apr_pstrndup(pool, s, d-s); + *val = d; + return APR_SUCCESS; +} + +static int j_obj(apr_pool_t *pool, char **val, apr_table_t *tl, char *name, int rec) { + char *d = j_skip(*val); + int rc; + while(d && d[0]) { + if(*d != '\"') { + apr_table_add(tl, QOS_J_ERROR, "error while parsing object (missing string)"); + return HTTP_BAD_REQUEST; + } else { + /* list of string ":" value pairs (sepated by ',') */ + char *v = NULL; + char *thisname; + d++; + rc = j_string(pool, &d, tl, name, &v); + if(rc != APR_SUCCESS) { + return rc; + } + thisname = apr_pstrcat(pool, name, "_" , v, NULL); + d = j_skip(d); + if(!d || d[0] != ':') { + apr_table_add(tl, QOS_J_ERROR, "error while parsing object (missing value/wrong delimiter)"); + return HTTP_BAD_REQUEST; + } + d++; + rc = j_val(pool, &d, tl, thisname, rec); + if(rc != APR_SUCCESS) { + return rc; + } + d = j_skip(d); + if(!d) { + apr_table_add(tl, QOS_J_ERROR, "error while parsing object (unexpected end)"); + return HTTP_BAD_REQUEST; + } + if(d[0] == '}') { + d++; + *val = d; + return APR_SUCCESS; + } else if(d[0] == ',') { + d = j_strchr(d, '"'); + } else { + apr_table_add(tl, QOS_J_ERROR, "error while parsing object (unexpected end/wrong delimiter)"); + return HTTP_BAD_REQUEST; + } + } + } + return APR_SUCCESS; +} + +static int j_ar(apr_pool_t *pool, char **val, apr_table_t *tl, char *name, int rec) { + char *d = j_skip(*val); + int rc; + int index = 0; + while(d && d[0]) { + rc = j_val(pool, &d, tl, apr_psprintf(pool, "%s%d", name, index), rec); + if(rc != APR_SUCCESS) { + return rc; + } + d = j_skip(d); + if(!d) { + apr_table_add(tl, QOS_J_ERROR, "error while parsing array (unexpected end)"); + return HTTP_BAD_REQUEST; + } + if(d[0] == ']') { + d++; + *val = d; + return APR_SUCCESS; + } else if(d[0] == ',') { + d++; + d = j_skip(d); + } else { + apr_table_add(tl, QOS_J_ERROR, "error while parsing array (unexpected end/wrong delimiter)"); + return HTTP_BAD_REQUEST; + } + index++; + } + return APR_SUCCESS; +} + +static int j_val(apr_pool_t *pool, char **val, apr_table_t *tl, char *name, int rec) { + char *d = j_skip(*val); + int rc = APR_SUCCESS; + rec++; + if(rec > QOS_j_RECURSION) { + apr_table_add(tl, QOS_J_ERROR, "error while parsing string (reached recursion limit)"); + return HTTP_BAD_REQUEST; + } + /* either object, array, string, number, "true", "false", or "null" */ + if(d[0] == '{') { + d++; + rc = j_obj(pool, &d, tl, apr_pstrcat(pool, name, "_o", NULL), rec); + } else if(d[0] == '[') { + d++; + rc = j_ar(pool, &d, tl, apr_pstrcat(pool, name, "_a", NULL), rec); + } else if(strncmp(d,"null",4) == 0) { + d+=4; + apr_table_add(tl, apr_pstrcat(pool, j_escape_url(pool, name), "_b", NULL), "null"); + } else if(strncmp(d,"true",4) == 0) { + apr_table_add(tl, apr_pstrcat(pool, j_escape_url(pool, name), "_b", NULL), "true"); + d+=4; + } else if(strncmp(d,"false",5) == 0) { + apr_table_add(tl, apr_pstrcat(pool, j_escape_url(pool, name), "_b", NULL), "false"); + d+=5; + } else if(*d == '-' || (*d >= '0' && *d <= '9')) { + char *n = apr_pstrcat(pool, name, "_n", NULL); + char *v = NULL; + rc = j_num(pool, &d, tl, n, &v); + if(rc == APR_SUCCESS) { + apr_table_addn(tl, j_escape_url(pool, n), j_escape_url(pool, v)); + } + } else if(*d == '\"') { + char *n = apr_pstrcat(pool, name, "_v", NULL); + char *v = NULL; + d++; + rc = j_string(pool, &d, tl, n, &v); + if(rc == APR_SUCCESS) { + apr_table_addn(tl, j_escape_url(pool, n), j_escape_url(pool, v)); + } + } else { + /* error */ + apr_table_add(tl, QOS_J_ERROR, "error while parsing value (invalid type)"); + return HTTP_BAD_REQUEST; + } + if(rc != APR_SUCCESS) { + return rc; + } + *val = d; + rec--; + return APR_SUCCESS; +} +/* json parser end --------------------------------------------------------- */ + +/** + * Process json data retrieved from parp (request body) + * @param r + * @param dconf + * @param query Query to add data + * @param msg Error message if paring fails + * @return APR_SUCCESS if processed without errors. + */ +static int qos_json(request_rec *r, qos_dir_config *dconf, const char **query, const char **msg) { + const char *contenttype = apr_table_get(r->headers_in, "Content-Type"); + if(contenttype && (strncasecmp(contenttype, "application/json", 16) == 0)) { + apr_size_t len = 0; + const char *data = NULL; + /* check if parp has body data to process (requires "PARP_BodyData application/json") + or if the json message is stored within the query */ + if(qos_parp_body_data_fn) { + data = qos_parp_body_data_fn(r, &len); + } + if(data == NULL) { + data = *query; + if(data && (data[0] == '[' || data[0] == '{')) { + int escerr = 0; + char *copyq = apr_pstrdup(r->pool, data); + *query = NULL; + // the query needs to be unescaped before getting parsed + len = qos_unescaping(copyq, dconf->dec_mode, &escerr); +#ifdef QS_MOD_EXT_HOOKS + qos_run_path_decode_hook(r, ©q, &len); +#endif + data = copyq; + if(strlen(data) != len) { + *msg = apr_pstrdup(r->pool, "null character within data structure in query"); + return HTTP_BAD_REQUEST; + } + } else { + // does not look like a json structure (strict) + data = NULL; + } + } + if(data && (len > 0)) { + char *value = apr_pstrndup(r->pool, data, len); + apr_table_t *tl = apr_table_make(r->pool, 200); + int rc; + if(strlen(value) != len) { + *msg = apr_pstrdup(r->pool, "null character within data structure"); + return HTTP_BAD_REQUEST; + } + rc = j_val(r->pool, &value, tl, "J", 0); + if(rc != APR_SUCCESS) { + *msg = apr_table_get(tl, QOS_J_ERROR); + apr_table_unset(tl, QOS_J_ERROR); + return rc; + } + if(value && value[0]) { + value = j_skip(value); + if(value && value[0]) { + /* error, there is still some data */ + *msg = apr_pstrdup(r->pool, "more than one element"); + } + } + *query = qos_parp_query(r, tl, *query); + if(*query) { + apr_table_setn(r->notes, apr_pstrdup(r->pool, QS_PARP_Q), *query); + } + } + } + return APR_SUCCESS; +} + +/** + * processes the per location rules QS_Permit* and QS_Deny* + */ +static int qos_per_dir_rules(request_rec *r, qos_srv_config *sconf, + qos_dir_config *dconf) { + apr_table_entry_t *entry = (apr_table_entry_t *)apr_table_elts(dconf->rfilter_table)->elts; + int i; + char *path = apr_pstrdup(r->pool, r->parsed_uri.path); + char *query = NULL; + char *fragment = NULL; + char *request_line = apr_pstrdup(r->pool, r->the_request); + char *uri = path; + int request_line_len; + int path_len; + int query_len = 0; + int fragment_len = 0; + int uri_len; + int permit_rule = 0; + int permit_rule_match = 0; + int permit_rule_action = QS_DENY; + int escerr = 0; + request_line_len = qos_unescaping(request_line, dconf->dec_mode, &escerr); + path_len = qos_unescaping(path, dconf->dec_mode, &escerr); +#ifdef QS_MOD_EXT_HOOKS + qos_run_path_decode_hook(r, &path, &path_len); +#endif + uri_len = path_len; + if(dconf->bodyfilter_p == 1 || dconf->bodyfilter_d == 1) { + const char *q = apr_table_get(r->notes, QS_PARP_Q); + if((q == NULL) && qos_parp_hp_table_fn) { + const char *msg = NULL; + apr_table_t *tl = qos_parp_hp_table_fn(r); + if(tl) { + if(apr_table_elts(tl)->nelts > 0) { + q = qos_parp_query(r, tl, NULL); + if(q) { + apr_table_setn(r->notes, apr_pstrdup(r->pool, QS_PARP_Q), q); + } + } + } else { + /* no table provided by mod_parp (unsupported content type?), + use query string if available */ + if(r->parsed_uri.query) { + q = r->parsed_uri.query; + } + } + if(qos_json(r, dconf, &q, &msg) != APR_SUCCESS) { + /* parser error */ + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, + QOS_LOG_PFX(048)"access denied, invalid JSON syntax (%s)," + " action=%s, c=%s, id=%s", + msg ? msg : "-", + sconf->log_only ? "log only" : "deny", + QS_CONN_REMOTEIP(r->connection) == NULL ? "-" : QS_CONN_REMOTEIP(r->connection), + qos_unique_id(r, "048")); + QS_INC_EVENT(sconf, 48); + return HTTP_FORBIDDEN; + } + } + if(q) { + /* prepare unescaped body query (parp) */ + char *q1 = apr_pstrdup(r->pool, q); + int q1_len = 0; + q1 = apr_pstrdup(r->pool, q); + q1_len = qos_unescaping(q1, dconf->dec_mode, &escerr); +#ifdef QS_MOD_EXT_HOOKS + qos_run_query_decode_hook(r, &q1, &q1_len); +#endif + if(dconf->bodyfilter_d == 1) { + /* use body for query deny filter */ + query = q1; + query_len = q1_len; + } else { + /* don't use body for query deny filter */ + if(r->parsed_uri.query) { + query = apr_pstrdup(r->pool, r->parsed_uri.query); + query_len = qos_unescaping(query, dconf->dec_mode, &escerr); +#ifdef QS_MOD_EXT_HOOKS + qos_run_query_decode_hook(r, &query, &query_len); +#endif + } + } + if(dconf->bodyfilter_p != 1) { + /* don' use body for permit filter */ + if(r->parsed_uri.query) { + q1 = apr_pstrdup(r->pool, r->parsed_uri.query); + q1_len = qos_unescaping(q1, dconf->dec_mode, &escerr); +#ifdef QS_MOD_EXT_HOOKS + qos_run_query_decode_hook(r, &q1, &q1_len); +#endif + } else { + q1 = NULL; + q1_len = 0; + } + } + if(q1) { + uri = apr_pcalloc(r->pool, path_len + 1 + q1_len + 1); + memcpy(uri, path, path_len); + uri[path_len] = '?'; + memcpy(&uri[path_len+1], q1, q1_len); + uri[path_len+1+q1_len] = '\0'; + uri_len = path_len + 1 + q1_len; + } + } + } else { + if(r->parsed_uri.query) { + query = apr_pstrdup(r->pool, r->parsed_uri.query); + query_len = qos_unescaping(query, dconf->dec_mode, &escerr); +#ifdef QS_MOD_EXT_HOOKS + qos_run_query_decode_hook(r, &query, &query_len); +#endif + uri = apr_pcalloc(r->pool, path_len + 1 + query_len + 1); + memcpy(uri, path, path_len); + uri[path_len] = '?'; + memcpy(&uri[path_len+1], query, query_len); + uri[path_len+1+query_len] = '\0'; + uri_len = path_len + 1 + query_len; + } + } + if(r->parsed_uri.fragment) { + fragment = apr_pstrdup(r->pool, r->parsed_uri.fragment); + fragment_len = qos_unescaping(fragment, dconf->dec_mode, &escerr); + uri = apr_pcalloc(r->pool, path_len + 1 + fragment_len + 1); + memcpy(uri, path, path_len); + uri[path_len] = '?'; + memcpy(&uri[path_len+1], fragment, fragment_len); + uri[path_len+1+fragment_len] = '\0'; + uri_len = path_len + 1 + fragment_len; + } + if(escerr > 0 && (dconf->urldecoding < QS_OFF_DEFAULT)) { + int severity = dconf->urldecoding == QS_DENY ? APLOG_ERR : APLOG_WARNING; + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|severity, 0, r, + QOS_LOG_PFX(046)"access denied, invalid url encoding, action=%s, c=%s, id=%s", + (!sconf->log_only) && (dconf->urldecoding == QS_DENY) ? "deny" : "log only", + QS_CONN_REMOTEIP(r->connection) == NULL ? "-" : QS_CONN_REMOTEIP(r->connection), + qos_unique_id(r, "046")); + QS_INC_EVENT(sconf, 46); + if(dconf->urldecoding == QS_DENY) { + return HTTP_FORBIDDEN; + } + } + /* process deny- and allow- list rules in one loop */ + for(i = 0; i < apr_table_elts(dconf->rfilter_table)->nelts; i++) { + if(entry[i].key[0] == '+') { + int deny_rule = 0; + int ex = -1; + qos_rfilter_t *rfilter = (qos_rfilter_t *)entry[i].val; + if(rfilter->type == QS_DENY_REQUEST_LINE) { + deny_rule = 1; + ex = qos_regexec_len(r->pool, rfilter->preg, request_line, request_line_len); + } else if(rfilter->type == QS_DENY_PATH) { + deny_rule = 1; + ex = qos_regexec_len(r->pool, rfilter->preg, path, path_len); + } else if(rfilter->type == QS_DENY_QUERY) { + deny_rule = 1; + ex = qos_regexec_len(r->pool, rfilter->preg, query, query_len); + } else if(rfilter->type == QS_DENY_EVENT) { + /* event rules are processed separately */ + } else { + permit_rule = 1; + ex = qos_regexec_len(r->pool, rfilter->preg, uri, uri_len); + permit_rule_action = rfilter->action; + if(ex == 0) { + permit_rule_match = 1; + } + } + if(deny_rule && (ex == 0)) { + int severity = rfilter->action == QS_DENY ? APLOG_ERR : APLOG_WARNING; + apr_table_set(r->subprocess_env, QS_RuleId, rfilter->id); + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|severity, 0, r, + QOS_LOG_PFX(040)"access denied, %s rule id: %s (%s)," + " action=%s, c=%s, id=%s", + qos_rfilter_type2text(r->pool, rfilter->type), + rfilter->id, + rfilter->text, + (!sconf->log_only) && (rfilter->action == QS_DENY) ? "deny" : "log only", + QS_CONN_REMOTEIP(r->connection) == NULL ? "-" : QS_CONN_REMOTEIP(r->connection), + qos_unique_id(r, "040")); + QS_INC_EVENT(sconf, 40); + if(rfilter->action == QS_DENY) { + return HTTP_FORBIDDEN; + } + } + } + } + if(permit_rule && !permit_rule_match) { + int severity = permit_rule_action == QS_DENY ? APLOG_ERR : APLOG_WARNING; + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|severity, 0, r, + QOS_LOG_PFX(041)"access denied, no permit rule match, action=%s, c=%s, id=%s", + (!sconf->log_only) && (permit_rule_action == QS_DENY) ? "deny" : "log only", + QS_CONN_REMOTEIP(r->connection) == NULL ? "-" : QS_CONN_REMOTEIP(r->connection), + qos_unique_id(r, "041")); + QS_INC_EVENT(sconf, 41); + if(permit_rule_action == QS_DENY) { + return HTTP_FORBIDDEN; + } + } + return APR_SUCCESS; +} + +/** + * request/response header filter, drops headers which are not allowed + */ +static int qos_header_filter(request_rec *r, qos_srv_config *sconf, + apr_table_t *headers, const char *type, + apr_table_t *hfilter_table, + qs_headerfilter_mode_e mode) { + apr_table_t *delete = apr_table_make(r->pool, 1); + apr_table_t *reason = NULL; + int i; + apr_table_entry_t *entry = (apr_table_entry_t *)apr_table_elts(headers)->elts; + for(i = 0; i < apr_table_elts(headers)->nelts; i++) { + qos_fhlt_r_t *he = (qos_fhlt_r_t *)apr_table_get(hfilter_table, entry[i].key); + int denied = 0; + if(he) { + if(mode != QS_HEADERFILTER_SIZE_ONLY) { + if(ap_regexec(he->preg, entry[i].val, 0, NULL, 0) != 0) { + denied = 1; + } + } + if(strlen(entry[i].val) > he->size) { + denied += 2; + } + if(denied) { + char *pattern = apr_psprintf(r->pool, "(pattern=%s, max. length=%d)", + he->text, he->size); + if(he->action == QS_FLT_ACTION_DENY) { + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, + QOS_LOG_PFX(043)"access denied%s, %s header: \'%s: %s\', %s, c=%s, id=%s", + sconf->log_only ? " (log only)" : "", + type, + entry[i].key, entry[i].val, + pattern, + QS_CONN_REMOTEIP(r->connection) == NULL ? "-" : QS_CONN_REMOTEIP(r->connection), + qos_unique_id(r, "043")); + QS_INC_EVENT(sconf, 43); + return HTTP_FORBIDDEN; + } + if(reason == NULL) { + reason = apr_table_make(r->pool, 1); + } + apr_table_add(delete, entry[i].key, entry[i].val); + apr_table_add(reason, entry[i].key, pattern); + } + } else { + if(reason == NULL) { + reason = apr_table_make(r->pool, 1); + } + apr_table_add(delete, entry[i].key, entry[i].val); + apr_table_add(reason, entry[i].key, "(no rule available)"); + } + } + entry = (apr_table_entry_t *)apr_table_elts(delete)->elts; + for(i = 0; i < apr_table_elts(delete)->nelts; i++) { + if(mode != QS_HEADERFILTER_SILENT) { + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, 0, r, + QOS_LOG_PFX(042)"drop %s header%s: \'%s: %s\', %s, c=%s, id=%s", + type, + sconf->log_only ? " (log only)" : "", + entry[i].key, entry[i].val, + apr_table_get(reason, entry[i].key), + QS_CONN_REMOTEIP(r->connection) == NULL ? "-" : QS_CONN_REMOTEIP(r->connection), + qos_unique_id(r, "042")); + QS_INC_EVENT(sconf, 42); + } + if(!sconf->log_only) { + apr_table_unset(headers, entry[i].key); + } + } + return APR_SUCCESS; +} + +/** + * returns list of all query name=value pairs + */ +static apr_table_t *qos_get_query_table(request_rec *r) { + apr_table_t *av = apr_table_make(r->pool, 2); + if(r->parsed_uri.query) { + const char *q = apr_pstrdup(r->pool, r->parsed_uri.query); + while(q && q[0]) { + const char *t = ap_getword(r->pool, &q, '&'); + const char *name = ap_getword(r->pool, &t, '='); + const char *value = t; + if(name && (strlen(name) > 0)) { + if(value && (strlen(value) > 0)) { + apr_table_add(av, name, value); + } else if((strlen(name) > 0)) { + apr_table_add(av, name, ""); + } + } + } + } + return av; +} + +/** add "\n" */ +#define QOS_ALERT_LINE_LEN 65 +static char *qos_crline(request_rec *r, const char *line) { + char *string = ""; + const char *pos = line; + while(pos && pos[0]) { + int len = strlen(pos); + if(len > QOS_ALERT_LINE_LEN) { + string = apr_pstrcat(r->pool, string, + apr_psprintf(r->pool, "%.*s", QOS_ALERT_LINE_LEN, pos), "\n", NULL); + pos = &pos[QOS_ALERT_LINE_LEN]; + } else { + string = apr_pstrcat(r->pool, string, pos, NULL); + pos = NULL; + } + } + return string; +} + +/** + * calculates the rec/sec block rate + */ +static void qos_cal_req_sec(qos_srv_config *sconf, request_rec *r, qs_acentry_t *e) { + if(e->req_per_sec > e->req_per_sec_limit) { + int factor = ((e->req_per_sec * 100) / e->req_per_sec_limit) - 100; + e->req_per_sec_block_rate = e->req_per_sec_block_rate + factor; + if(e->req_per_sec_block_rate > QS_MAX_DELAY/1000) { + e->req_per_sec_block_rate = QS_MAX_DELAY/1000; + } + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, 0, r, + QOS_LOG_PFX(050)"request rate limit, rule: %s(%ld), req/sec=%ld," + " delay=%dms%s", + e->url, e->req_per_sec_limit, + e->req_per_sec, e->req_per_sec_block_rate, + e->req_per_sec_block_rate == QS_MAX_DELAY/1000 ? " (max)" : ""); + QS_INC_EVENT(sconf, 50); + } else if(e->req_per_sec_block_rate > 0) { + if(e->req_per_sec_block_rate < 50) { + e->req_per_sec_block_rate = 0; + } else { + int factor = e->req_per_sec_block_rate / 4; + e->req_per_sec_block_rate = e->req_per_sec_block_rate - factor; + } + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, 0, r, + QOS_LOG_PFX(051)"request rate limit, rule: %s(%ld), req/sec=%ld," + " delay=%dms", + e->url, e->req_per_sec_limit, + e->req_per_sec, e->req_per_sec_block_rate); + QS_INC_EVENT(sconf, 51); + } +} + +/** + * QS_DenyEvent enforcement at header parser + * @param r + * @param sconf + * @param dconf + # returns DECLINED if no events has been detected + */ +static int qos_hp_event_deny_filter(request_rec *r, qos_srv_config *sconf, qos_dir_config *dconf) { + apr_status_t rv = qos_per_dir_event_rules(r, sconf, dconf); + if(rv != APR_SUCCESS) { + int rc; + const char *error_page = sconf->error_page; + qs_set_evmsg(r, "D;"); + if(!sconf->log_only) { + rc = qos_error_response(r, error_page); + if((rc == DONE) || (rc == HTTP_MOVED_TEMPORARILY)) { + return rc; + } + return rv; + } + } + return DECLINED; +} + +/** + * QS_Permit* / QS_Deny* enforcement at header parser + * @param r + * @param sconf + * @param dconf + * @return + */ +static int qos_hp_filter(request_rec *r, qos_srv_config *sconf, qos_dir_config *dconf) { + apr_status_t rv = APR_SUCCESS; + if(sconf->milestones) { + char *value = qos_get_remove_cookie(r, QOS_MILESTONE_COOKIE); + rv = qos_verify_milestone(r, sconf, value); + } + + if((rv == APR_SUCCESS) && (apr_table_elts(dconf->rfilter_table)->nelts > 0)) { + rv = qos_per_dir_rules(r, sconf, dconf); + } + + if(rv != APR_SUCCESS) { + int rc; + const char *error_page = sconf->error_page; + qs_set_evmsg(r, "D;"); + if(!sconf->log_only) { + rc = qos_error_response(r, error_page); + if((rc == DONE) || (rc == HTTP_MOVED_TEMPORARILY)) { + return rc; + } + return rv; + } + } + return DECLINED; +} + +/** + * QS_SetEnvRes (outfilter) + * Detects events at response time. + */ +static void qos_setenvres(request_rec *r, qos_srv_config *sconf) { + ap_regmatch_t regm[AP_MAX_REG_MATCH]; + int i; + apr_table_entry_t *entry = (apr_table_entry_t *)apr_table_elts(sconf->setenvres_t)->elts; + for(i = 0; i < apr_table_elts(sconf->setenvres_t)->nelts; i++) { + const char *val = apr_table_get(r->subprocess_env, entry[i].key); + if(val) { + qos_pregval_t *pregval = (qos_pregval_t *)entry[i].val; + if(ap_regexec(pregval->preg, val, AP_MAX_REG_MATCH, regm, 0) == 0) { + if(pregval->value) { + char *replaced = ap_pregsub(r->pool, pregval->value, val, AP_MAX_REG_MATCH, regm); + apr_table_set(r->subprocess_env, pregval->name, replaced); + } else { + apr_table_set(r->subprocess_env, pregval->name, "1"); + } + } + } + } +} + +/** + * QS_SetEnvResHeader(Match) (outfilter) + * Matches response headers and sets an event on match. + * @param r + * @param sconf + */ +static void qos_setenvresheader(request_rec *r, qos_srv_config *sconf) { + apr_table_t *headers = r->headers_out; + int i; + apr_table_entry_t *entry = (apr_table_entry_t *)apr_table_elts(sconf->setenvresheader_t)->elts; + apr_table_entry_t *entryMatch = (apr_table_entry_t *)apr_table_elts(sconf->setenvresheadermatch_t)->elts; + while(headers) { + for(i = 0; i < apr_table_elts(sconf->setenvresheadermatch_t)->nelts; i++) { + const char *val = apr_table_get(headers, entryMatch[i].key); + if(val) { + ap_regex_t *preg = (ap_regex_t *)entryMatch[i].val; + if(ap_regexec(preg, val, 0, NULL, 0) == 0) { + apr_table_set(r->subprocess_env, entryMatch[i].key, val); + } + } + } + for(i = 0; i < apr_table_elts(sconf->setenvresheader_t)->nelts; i++) { + const char *val = apr_table_get(headers, entry[i].key); + if(val) { + apr_table_set(r->subprocess_env, entry[i].key, val); + if(strcasecmp(entry[i].val, "drop") == 0) { + apr_table_unset(headers, entry[i].key); + } + } + } + if(headers == r->headers_out) { + headers = r->err_headers_out; + } else { + headers = NULL; + } + } +} + +/** + * QS_SetEnvIfStatus + * Match response status code + * + * @param r + * @param sconf + * @param dconf + */ +static void qos_setenvstatus(request_rec *r, qos_srv_config *sconf, qos_dir_config *dconf) { + char *code = apr_psprintf(r->pool, "%d", r->status); + int i; + apr_table_entry_t *entry = (apr_table_entry_t *)apr_table_elts(sconf->setenvstatus_t)->elts; + for(i = 0; i < apr_table_elts(sconf->setenvstatus_t)->nelts; i++) { + if(strcmp(entry[i].key, code) == 0) { + char *var = apr_pstrdup(r->pool, entry[i].val); + char *value = strchr(var, '='); + if(value) { + // a value has been defined + value[0] = '\0'; + value++; + } else { + if(strcmp(var, QS_BLOCK) == 0) { + // QS_Block optionally defines the weight for error codes + value = apr_pstrdup(r->pool, "1"); + } else { + // by default, the value becomes the status code + value = code; + } + } + apr_table_set(r->subprocess_env, var, value); + } + } + if(dconf) { + entry = (apr_table_entry_t *)apr_table_elts(dconf->setenvstatus_t)->elts; + for(i = 0; i < apr_table_elts(dconf->setenvstatus_t)->nelts; i++) { + if(strcmp(entry[i].key, code) == 0) { + char *var = apr_pstrdup(r->pool, entry[i].val); + char *value = strchr(var, '='); + if(value) { + value[0] = '\0'; + value++; + } else { + value = code; + } + apr_table_set(r->subprocess_env, var, value); + } + } + } +} + +/** + * Returns the best matching server name (the configured ServerName, + * supporting ServerAlias directive or the value provided by the + * caller (usually the Host header)). + * + * @param r + * @param server_hostname Host name the client expects (Host header) <host>[:<port>] + * @param match Indicates if the provide name matches the ServerName/ServerAlias + * @return hostname + */ +static char *qos_server_alias(request_rec *r, const char *server_hostname, int *match) { + char *server = apr_pstrdup(r->pool, r->server->server_hostname); // default (hostname, no port) + *match = 0; + if(server_hostname) { + const char *search = server_hostname; + char *port = strchr(search, ':'); + if(port) { + // without the port + search = apr_pstrndup(r->pool, search, port - search); + } + if(strcasecmp(search, r->server->server_hostname) == 0) { + /* match ServerName */ + // we already did: server = apr_pstrdup(r->pool, r->server->server_hostname); + *match = 1; + } else if(r->server->names) { + int i; + apr_array_header_t *names = r->server->names; + char **name = (char **)names->elts; + for(i = 0; i < names->nelts; ++i) { + if(!name[i]) continue; + if(strcasecmp(search, name[i]) == 0) { + /* match ServerAlias */ + server = apr_pstrdup(r->pool, name[i]); + *match = 1; + } + } + } else if(r->server->wild_names) { + int i; + apr_array_header_t *names = r->server->wild_names; + char **name = (char **)names->elts; + for(i = 0; i < names->nelts; ++i) { + if(!name[i]) continue; + if(!ap_strcasecmp_match(search, name[i])) { + /* match ServerAlias using wildcards */ + server = apr_pstrdup(r->pool, search); + *match = 1; + } + } + } + } + return server; +} + +/** + * Returns the url to this server, e.g. https://server1 or http://server1:8080 + * used for redirects. + * + * @param r + * @return schema/hostname + */ +static char *qos_this_host(request_rec *r) { + const char *hostport = apr_table_get(r->headers_in, "Host"); + int port = 0; + int ssl = 0; + int default_port; + const char *server_hostname = r->server->server_hostname; + if(qos_is_https) { + ssl = qos_is_https(r->connection); + } + if(hostport) { + char *p; + int match; + hostport = apr_pstrdup(r->pool, hostport); + if((p = strchr(hostport, ':')) != NULL) { + p[0] = '\0'; + p++; + port = atoi(p); + } + server_hostname = qos_server_alias(r, hostport, &match); + } + if(port == 0) { + // pref. vhost + port = r->server->addrs->host_port; + } + if(port == 0) { + // main srv + port = r->server->port; + } + default_port = ssl ? 443 : 80; + if(port == default_port) { + return apr_psprintf(r->pool, "%s%s", + ssl ? "https://" : "http://", + server_hostname); + } + return apr_psprintf(r->pool, "%s%s:%d", + ssl ? "https://" : "http://", + server_hostname, + port); +} + +/** + * Enables mod_parp if mod_qos requires access to the request body. + * @param r + */ +static void qos_enable_parp(request_rec *r) { + const char *ct = apr_table_get(r->headers_in, "Content-Type"); + if(ct) { + if(ap_strcasestr(ct, "application/x-www-form-urlencoded") || + ap_strcasestr(ct, "multipart/form-data") || + ap_strcasestr(ct, "multipart/mixed") || + ap_strcasestr(ct, "application/json")) { + apr_table_set(r->subprocess_env, "parp", "mod_qos"); + } + } +} + +/** + * Generic request validation / sanity check: + * We ensure to have at least a valid, decoded request uri received. + * (no further uri validation required in your code) + * @param r + * @param sconf + * @return HTTP_BAD_REQUEST for requests which may not be processed by mod_qos, otherwise + * APR_SUCCESS + */ +static apr_status_t qos_request_check(request_rec *r, qos_srv_config *sconf) { + if((r->unparsed_uri == NULL) || (r->parsed_uri.path == NULL)) { + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, + QOS_LOG_PFX(045)"access denied, invalid request line:" + " can't parse uri, c=%s, id=%s", + QS_CONN_REMOTEIP(r->connection) == NULL ? "-" : QS_CONN_REMOTEIP(r->connection), + qos_unique_id(r, "045")); + QS_INC_EVENT(sconf, 45); + return HTTP_BAD_REQUEST; + } + return APR_SUCCESS; +} + +/** + * QS_SetEnvIfParp (prr), enable parp + */ +static apr_status_t qos_parp_prr(request_rec *r, qos_srv_config *sconf) { + if(apr_table_elts(sconf->setenvifparp_t)->nelts > 0) { + qos_enable_parp(r); + } + return DECLINED; +} + +/** + * QS_SetEnvIfQuery/QS_SetEnvIfParp + */ +static void qos_setenvif_ex(request_rec *r, const char *query, apr_table_t *table_setenvif) { + int i; + apr_table_entry_t *entry = (apr_table_entry_t *)apr_table_elts(table_setenvif)->elts; + for(i = 0; i < apr_table_elts(table_setenvif)->nelts; i++) { + qos_setenvifquery_t *setenvif = (qos_setenvifquery_t *)entry[i].val; + char *name = setenvif->name; + ap_regmatch_t regm[AP_MAX_REG_MATCH]; + if(ap_regexec(setenvif->preg, query, AP_MAX_REG_MATCH, regm, 0) == 0) { + if(name[0] == '!') { + apr_table_unset(r->subprocess_env, &name[1]); + } else { + char *replaced = ""; + if(setenvif->value) { + replaced = ap_pregsub(r->pool, setenvif->value, query, AP_MAX_REG_MATCH, regm); + } + apr_table_set(r->subprocess_env, name, replaced); + } + } + } +} + +/** + * Process body events (QS_SetEnvIfBody) and sets the r->subprocess_env variables + * @param r + * @param sconf + */ +static void qos_parp_hp_body(request_rec *r, qos_srv_config *sconf) { + apr_size_t len; + const char *data = qos_parp_body_data_fn(r, &len); + if(data && (len > 0)) { + int i; + apr_table_entry_t *entry = (apr_table_entry_t *)apr_table_elts(sconf->setenvifparpbody_t)->elts; +#if (AP_SERVER_MINORVERSION_NUMBER < 4) && defined QS_INTERNAL_TEST + // Apache 2.2 is no longer supported (test only) + char *tmpData = apr_palloc(r->pool, len + 1); + memcpy(tmpData, data, len); + tmpData[len] = '\0'; + data = (const char *)tmpData; +#endif + for(i = 0; i < apr_table_elts(sconf->setenvifparpbody_t)->nelts; i++) { + qos_setenvifparpbody_t *setenvif = (qos_setenvifparpbody_t *)entry[i].val; + ap_regmatch_t regm[AP_MAX_REG_MATCH]; +#if (AP_SERVER_MINORVERSION_NUMBER < 4) && defined QS_INTERNAL_TEST + if(ap_regexec(setenvif->pregx, data, AP_MAX_REG_MATCH, regm, 0) == 0) { // won't work for null chars! +#else + if(ap_regexec_len(setenvif->pregx, data, len, AP_MAX_REG_MATCH, regm, 0) == 0) { +#endif + char *name = setenvif->name; + if(name[0] == '!') { + apr_table_unset(r->subprocess_env, &name[1]); + } else { + char *value = apr_pstrdup(r->pool, setenvif->value); + char *p = strstr(value, "$1"); + if(p) { + char *c = apr_pstrndup(r->pool, &data[regm[0].rm_so], regm[0].rm_eo - regm[0].rm_so); + if(ap_regexec(setenvif->pregx, c, AP_MAX_REG_MATCH, regm, 0) == 0) { + value = ap_pregsub(r->pool, value, c, AP_MAX_REG_MATCH, regm); + } + } + apr_table_set(r->subprocess_env, name, value != NULL ? value : ""); + } + } + } + } +} + +/** + * Setting events based on request payload (query), QS_SetEnvIfParp (hp) + * @param r + * @param sconf + */ +static void qos_parp_hp(request_rec *r, qos_srv_config *sconf) { + const char *query = apr_table_get(r->notes, QS_PARP_Q); + if((query == NULL) && qos_parp_hp_table_fn) { + apr_table_t *tl = qos_parp_hp_table_fn(r); + if(tl) { + if(apr_table_elts(tl)->nelts > 0) { + query = qos_parp_query(r, tl, NULL); + if(query) { + apr_table_setn(r->notes, apr_pstrdup(r->pool, QS_PARP_Q), query); + } + } + } else { + /* no table provided by mod_parp (unsupported content type?), + use query string if available */ + if(r->parsed_uri.query) { + query = r->parsed_uri.query; + } + } + } + if(query) { + qos_setenvif_ex(r, query, sconf->setenvifparp_t); + } +} + +/** + * Replaces ${var} by the value in var + * @param p Pool for memory allocation + * @param vars Available variables to lookup + * @param string String to replace variables + * @return 1 on success or 0 if string still contains "${" + */ +static int qos_reslove_variable(apr_pool_t *p, apr_table_t *vars, char **string) { + int i; + int start; + int line_end; + char *var_name; + char *new_line = *string; + char *line = *string; + const char *val; + + once_again: + i = 0; + while(line[i] != 0) { + if((line[i] == '$') && (line[i+1] == '{')) { + line_end = i; + i=i+2; + start = i; + while((line[i] != 0) && (line[i] != '}')) { + i++; + } + if(line[i] != '}') { + /* no end found */ + break; + } else { + var_name = apr_pstrndup(p, &line[start], i - start); + val = apr_table_get(vars, var_name); + if(val) { + line[line_end] = 0; + i++; + new_line = apr_pstrcat(p, line, val, &line[i], NULL); + line = new_line; + goto once_again; + } + } + } + i++; + } + if(!new_line[0] || strstr(new_line, "${")) { + return 0; + } + *string = new_line; + return 1; +} + +/** + * QS_SetEnvIfQuery (hp) + * @param r + * @param sconf + * @param dconf + */ +static void qos_setenvifquery(request_rec *r, qos_srv_config *sconf, qos_dir_config *dconf) { + qos_setenvif_ex(r, r->parsed_uri.query, sconf->setenvifquery_t); + qos_setenvif_ex(r, r->parsed_uri.query, dconf->setenvifquery_t); +} + +/** + * QS_SetEnv + * @param r + * @param sconf + */ +static void qos_setenv(request_rec *r, qos_srv_config *sconf) { + int i; + apr_table_entry_t *entry = (apr_table_entry_t *)apr_table_elts(sconf->setenv_t)->elts; + for(i = 0; i < apr_table_elts(sconf->setenv_t)->nelts; i++) { + char *variable = entry[i].val; + char *value = apr_pstrdup(r->pool, strchr(entry[i].key, '=')); + value++; + if(qos_reslove_variable(r->pool, r->subprocess_env, &value)) { + apr_table_set(r->subprocess_env, variable, value); + } + } +} + +/** + * QS_SetReqHeader + * @param r + * @param header_t + */ +static void qos_setreqheader(request_rec *r, apr_table_t *header_t) { + int i; + apr_table_entry_t *entry = (apr_table_entry_t *)apr_table_elts(header_t)->elts; + for(i = 0; i < apr_table_elts(header_t)->nelts; i++) { + char *header = entry[i].val; + char *variable = apr_pstrdup(r->pool, strchr(entry[i].key, '=')); + const char *val; + variable++; + val = apr_table_get(r->subprocess_env, variable); + if(val) { + if(header[0] == '!') { + apr_table_unset(r->headers_in, &header[1]); + } else { + apr_table_set(r->headers_in, header, val); + } + } + } +} + +/** + * QS_SetEnvIf (hp and logger) + * @param r + * @param setenvif_t + */ +static void qos_setenvif(request_rec *r, apr_array_header_t *setenvif_t) { + int i; + qos_setenvif_t *entries = (qos_setenvif_t *)setenvif_t->elts; + for(i = 0; i < setenvif_t->nelts; i++) { + qos_setenvif_t *setenvif = &entries[i]; + if(setenvif->preg == NULL) { + // mode 1 (boolean AND operator) + if((setenvif->variable1[0] == '!') && (setenvif->variable2[0] == '!')) { + if(!apr_table_get(r->subprocess_env, &setenvif->variable1[1]) && + !apr_table_get(r->subprocess_env, &setenvif->variable2[1])) { + if(setenvif->name[0] == '!') { + apr_table_unset(r->subprocess_env, &setenvif->name[1]); + } else { + apr_table_set(r->subprocess_env, setenvif->name, setenvif->value); + } + } + } else if(setenvif->variable1[0] == '!') { + if(!apr_table_get(r->subprocess_env, &setenvif->variable1[1]) && + apr_table_get(r->subprocess_env, setenvif->variable2)) { + if(setenvif->name[0] == '!') { + apr_table_unset(r->subprocess_env, &setenvif->name[1]); + } else { + apr_table_set(r->subprocess_env, setenvif->name, setenvif->value); + } + } + } else if(setenvif->variable2[0] == '!') { + if(apr_table_get(r->subprocess_env, setenvif->variable1) && + !apr_table_get(r->subprocess_env, &setenvif->variable2[1])) { + if(setenvif->name[0] == '!') { + apr_table_unset(r->subprocess_env, &setenvif->name[1]); + } else { + apr_table_set(r->subprocess_env, setenvif->name, setenvif->value); + } + } + } else { + if(apr_table_get(r->subprocess_env, setenvif->variable1) && + apr_table_get(r->subprocess_env, setenvif->variable2)) { + if(setenvif->name[0] == '!') { + apr_table_unset(r->subprocess_env, &setenvif->name[1]); + } else { + apr_table_set(r->subprocess_env, setenvif->name, setenvif->value); + } + } + } + } else { + // mode 2 (pattern match) + const char *value = apr_table_get(r->subprocess_env, setenvif->variable1); + if(value) { + ap_regmatch_t regm[AP_MAX_REG_MATCH]; + if(ap_regexec(setenvif->preg, value, AP_MAX_REG_MATCH, regm, 0) == 0) { + if(setenvif->name[0] == '!') { + apr_table_unset(r->subprocess_env, &setenvif->name[1]); + } else { + char *replaced = ap_pregsub(r->pool, setenvif->value, value, AP_MAX_REG_MATCH, regm); + apr_table_set(r->subprocess_env, setenvif->name, replaced); + } + } + } + } + } +} + +/** + * QS_RequestHeaderFilter enforcement + * @param r + * @param sconf + * @parm dconf + * @return + */ +static int qos_hp_header_filter(request_rec *r, qos_srv_config *sconf, qos_dir_config *dconf) { + qs_headerfilter_mode_e mode = sconf->headerfilter; + if(dconf->headerfilter > QS_HEADERFILTER_OFF_DEFAULT) { + // overrides server configuration + mode = dconf->headerfilter; + } + if(mode > QS_HEADERFILTER_OFF) { + apr_status_t rv = qos_header_filter(r, sconf, r->headers_in, "request", + sconf->hfilter_table, mode); + if(rv != APR_SUCCESS) { + int rc; + const char *error_page = sconf->error_page; + qs_set_evmsg(r, "D;"); + if(!sconf->log_only) { + rc = qos_error_response(r, error_page); + if((rc == DONE) || (rc == HTTP_MOVED_TEMPORARILY)) { + return rc; + } + return rv; + } + } + } + return DECLINED; +} + +/** + * Dynamic keep alive. + * Creates a copy of the server_rec and adjusts the keep-aliva settings + * for this request. + * + * @param r + * @param sconf + */ +static void qos_keepalive(request_rec *r, qos_srv_config *sconf) { + if(r->subprocess_env) { + const char *vtmo = apr_table_get(r->subprocess_env, QS_KEEPALIVE); + const char *vmax = apr_table_get(r->subprocess_env, QS_MAXKEEPALIVEREQ); + int ka = -1; // keep alive timeout + int km = -1; // max keep alive requests + if(vtmo) { + ka = atoi(vtmo); + if(ka == 0 && vtmo[0] != '0') { + ka = -1; + } + } + if(vmax) { + km = atoi(vmax); + if(km == 0 && vmax[0] != '0') { + km = -1; + } + } + if(ka >= 0 || km >= 0) { + qs_req_ctx *rctx = qos_rctx_config_get(r); + if(m_event_mpm) { + ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, + QOS_LOG_PFX(037)"loaded MPM is 'event'" + " and the QS_KeepAliveTimeout/QS_MaxKeepAliveRequests" + " directives can't be used."); + QS_INC_EVENT(sconf, 37); + return; + } + if(QS_ISDEBUG(r->server)) { + int kaorig = apr_time_sec(r->server->keep_alive_timeout); + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + QOS_LOGD_PFX"set keepalive timeout to %d seconds and max" + " keepalive requests to %d%s, id=%s", + ka >= 0 ? ka : kaorig, + km >= 0 ? km : r->server->keep_alive_max, + sconf->log_only ? " (log only)" : "", + qos_unique_id(r, NULL)); + } + /* copy the server record (I know......., but this works) */ + if(!rctx->evmsg || !strstr(rctx->evmsg, "T;")) { + /* copy it only once (@hp or @out-filter) */ + if(!sconf->log_only) { + server_rec *sr = apr_pcalloc(r->connection->pool, sizeof(server_rec)); + server_rec *sc = apr_pcalloc(r->connection->pool, sizeof(server_rec)); + memcpy(sr, r->server, sizeof(server_rec)); + memcpy(sc, r->connection->base_server, sizeof(server_rec)); + r->server = sr; + r->connection->base_server = sc; + } + qs_set_evmsg(r, "T;"); + } + if(!sconf->log_only) { + if(ka >= 0) { + apr_interval_time_t kat = apr_time_from_sec(ka); + r->server->keep_alive_timeout = kat; + r->connection->base_server->keep_alive_timeout = kat; + } + if(km >= 0) { + r->server->keep_alive_max = km; + r->connection->base_server->keep_alive_max = km; + } + } + } + } +} + +/** + * QS_EventPerSecLimit + */ +static void qos_lg_event_update(request_rec *r, apr_time_t *t) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(r->server->module_config, + &qos_module); + qs_actable_t *act = sconf->act; + if(act->has_events && (apr_table_get(r->notes, QS_R012_ALREADY_BLOCKED) == NULL)) { + apr_time_t now = apr_time_sec(r->request_time); + qs_acentry_t *actEntry = act->entry; + *t = now; + if(actEntry) { + apr_global_mutex_lock(act->lock); /* @CRT13 */ + while(actEntry) { + if(actEntry->event) { + if(((actEntry->event[0] != '!') && apr_table_get(r->subprocess_env, actEntry->event)) || + ((actEntry->event[0] == '!') && !apr_table_get(r->subprocess_env, &actEntry->event[1]))) { + if(actEntry->req < LONG_MAX) { + actEntry->req++; + } + if(now > (actEntry->interval + QS_BW_SAMPLING_RATE)) { + if(actEntry->req_per_sec_limit) { + /* QS_EventPerSecLimit */ + actEntry->req_per_sec = actEntry->req / (now - actEntry->interval); + actEntry->req = 0; + actEntry->interval = now; + qos_cal_req_sec(sconf, r, actEntry); + } + } + } + } + actEntry = actEntry->next; + } + apr_global_mutex_unlock(act->lock); /* @CRT13 */ + } + } +} + +/** + * QS_EventLimitCount, propagte variable + */ +static void qos_pr_event_limit(request_rec *r, qos_srv_config *sconf) { + qs_actable_t *act = sconf->act; + if(act->event_entry && (sconf->event_limit_a->nelts > 0)) { + int i; + qos_event_limit_entry_t *entry = act->event_entry; + apr_time_t now = apr_time_sec(r->request_time); + apr_global_mutex_lock(act->lock); /* @CRT46 */ + for(i = 0; i < sconf->event_limit_a->nelts; i++) { + if(entry->action == QS_EVENT_ACTION_DENY) { + // propagte to environment (previous value) + if(entry->limitTime + entry->seconds >= now) { + apr_table_set(r->subprocess_env, + apr_pstrcat(r->pool, entry->env_var, QS_COUNTER_SUFFIX, NULL), + apr_psprintf(r->pool, "%d", entry->limit)); + } + } + // next rule + entry++; + } + apr_global_mutex_unlock(act->lock); /* @CRT46 */ + } +} + +/** + * QS_EventLimitCount, detect and enforce + */ +static int qos_hp_event_limit(request_rec *r, qos_srv_config *sconf) { + apr_status_t rv = DECLINED; + qs_actable_t *act = sconf->act; + if(act->event_entry) { + apr_time_t now = apr_time_sec(r->request_time); + int i; + qos_event_limit_entry_t *entry = act->event_entry; + apr_global_mutex_lock(act->lock); /* @CRT41 */ + for(i = 0; i < sconf->event_limit_a->nelts; i++) { + if(entry->action == QS_EVENT_ACTION_DENY) { + if(apr_table_get(r->subprocess_env, entry->env_var) != NULL) { + char *eventLimitId = apr_pstrcat(r->pool, QS_R013_ALREADY_BLOCKED, entry->env_var, NULL); + apr_table_set(r->notes, eventLimitId, ""); + // reset required (expired)? + if(entry->limitTime + entry->seconds < now) { + entry->limit = 0; + entry->limitTime = 0; + } + /* increment limit event */ + if(entry->limit < INT_MAX) { + entry->limit++; + } + if(entry->limit == 1) { + /* ... and start timer */ + entry->limitTime = now; + } + // check limit + if(entry->limit > entry->max) { + int block = 1; + char *conditional = ""; + if(entry->condStr != NULL) { + // conditional enforcement... + const char *condition = apr_table_get(r->subprocess_env, QS_COND); + conditional = apr_pstrdup(r->pool, "Cond"); + if(condition == NULL) { + block = 0; // variable not set + } else { + if(ap_regexec(entry->preg, condition, 0, NULL, 0) != 0) { + block = 0; // pattern does not match + } + } + } + if(block) { + rv = m_retcode; + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, + QOS_LOG_PFX(013)"access denied%s," + " QS_%sEventLimitCount rule: %s," + " max=%d, current=%d," + " c=%s, id=%s", + sconf->log_only ? " (log only)" : "", + conditional, + entry->env_var, entry->max, entry->limit, + QS_CONN_REMOTEIP(r->connection) == NULL ? "-" : QS_CONN_REMOTEIP(r->connection), + qos_unique_id(r, "013")); + QS_INC_EVENT_LOCKED(sconf, 13); + } + } + } + // propagte to environment (current) + apr_table_set(r->subprocess_env, + apr_pstrcat(r->pool, entry->env_var, QS_COUNTER_SUFFIX, NULL), + apr_psprintf(r->pool, "%d", entry->limit)); + } + // next rule + entry++; + } + apr_global_mutex_unlock(act->lock); /* @CRT41 */ + } + if(rv != DECLINED) { + int rc; + const char *error_page = sconf->error_page; + qs_set_evmsg(r, "D;"); + if(!sconf->log_only) { + rc = qos_error_response(r, error_page); + if((rc == DONE) || (rc == HTTP_MOVED_TEMPORARILY)) { + rv = rc; + } + } else { + return DECLINED; + } + } + return rv; +} + +/** + * QS_EventRequestLimit + */ +static int qos_hp_event_filter(request_rec *r, qos_srv_config *sconf) { + apr_status_t rv = DECLINED; + qs_req_ctx *rctx = qos_rctx_config_get(r); + qs_actable_t *act = sconf->act; + if(act->has_events) { + qs_acentry_t *actEntry = act->entry; + if(actEntry) { + apr_global_mutex_lock(act->lock); /* @CRT31 */ + while(actEntry) { + if(actEntry->event && (actEntry->limit != -1)) { + const char *var = apr_table_get(r->subprocess_env, actEntry->event); + if(var) { + int match = 1; + if(actEntry->regex_var) { + if(ap_regexec(actEntry->regex_var, var, 0, NULL, 0) != 0) { + match = 0; + } + } + if(match) { + apr_table_addn(rctx->event_entries, actEntry->url, (char *)actEntry); + if(actEntry->counter < INT_MAX) { + actEntry->counter++; + } + if(actEntry->counter > actEntry->limit) { + rv = m_retcode; + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, + QOS_LOG_PFX(012)"access denied%s," + " QS_EventRequestLimit rule: %s(%d)," + " concurrent requests=%d," + " c=%s, id=%s", + sconf->log_only ? " (log only)" : "", + actEntry->url, actEntry->limit, actEntry->counter, + QS_CONN_REMOTEIP(r->connection) == NULL ? "-" : QS_CONN_REMOTEIP(r->connection), + qos_unique_id(r, "012")); + apr_table_set(r->notes, QS_R012_ALREADY_BLOCKED, ""); + QS_INC_EVENT_LOCKED(sconf, 12); + } + apr_table_add(r->subprocess_env, + apr_psprintf(r->pool, "QS_EventRequestLimit_%s_Counter", actEntry->event), + apr_psprintf(r->pool, "%d", actEntry->counter)); + } + } + } + actEntry = actEntry->next; + } + apr_global_mutex_unlock(act->lock); /* @CRT31 */ + } + } + if(rv != DECLINED) { + int rc; + const char *error_page = sconf->error_page; + qs_set_evmsg(r, "D;"); + if(!sconf->log_only) { + rc = qos_error_response(r, error_page); + if((rc == DONE) || (rc == HTTP_MOVED_TEMPORARILY)) { + rv = rc; + } + } else { + return DECLINED; + } + } + return rv; +} + +static qs_conn_ctx *qos_get_cconf(conn_rec *connection) { + conn_rec *c = QS_CONN_MASTER(connection); + qs_conn_ctx *cconf = NULL; + qs_conn_base_ctx *base = qos_get_conn_base_ctx(c); + if(base) { + cconf = base->cconf; + } + return cconf; +} + +static qs_conn_ctx *qos_create_cconf(conn_rec *connection, qos_srv_config *sconf) { + conn_rec *c = QS_CONN_MASTER(connection); + qs_conn_base_ctx *base = qos_get_conn_base_ctx(c); + qs_conn_ctx *cconf = apr_pcalloc(c->pool, sizeof(qs_conn_ctx)); + cconf->mc = c; + cconf->ip6[0] = 0; + cconf->ip6[1] = 0; + cconf->evmsg = NULL; + cconf->sconf = sconf; + cconf->is_vip = 0; + cconf->set_vip_by_header = 0; + cconf->has_lowrate = 0; + apr_pool_pre_cleanup_register(c->pool, cconf, qos_cleanup_conn); + if(base == NULL) { + base = qos_create_conn_base_ctx(c, sconf); + } + base->cconf = cconf; + return cconf; +} + +/* + * QS_SrvSerialize + */ +static void qos_hp_srv_serialize(request_rec *r, qos_srv_config *sconf, + qs_req_ctx * rctx) { + int loops = 0; + int locked = 0; // we got the lock for this request + if(!rctx) { + rctx = qos_rctx_config_get(r); + } + while(!locked) { + apr_global_mutex_lock(sconf->act->lock); /* @CRT44 */ + if(sconf->act->serialize->locked == 0) { + // free!! check if we might get the lock for this request + if(sconf->act->serialize->q1 == 0) { + // yes: no other request waiting + locked = 1; + } else if(sconf->act->serialize->q1 == r->request_time) { + // yes: waiting for this request (we are the next in the queue) + locked = 1; + sconf->act->serialize->q1 = sconf->act->serialize->q2; + sconf->act->serialize->q2 = 0; + } else if(sconf->act->serialize->q1 > r->request_time) { + // yes: not yet in the queue but this request is waiting for a longer time + // keep the others in the queue + locked = 1; + } else if(sconf->act->serialize->q2 == 0 || sconf->act->serialize->q2 > r->request_time) { + // no: it's not yet our time... but take the second place in the queue + sconf->act->serialize->q2 = r->request_time; + } + } else { + // put this request into one of the queues if possible + if(sconf->act->serialize->q1 == 0) { + // no other request waiting + sconf->act->serialize->q1 = r->request_time; + } else if(sconf->act->serialize->q1 == r->request_time) { + // already next in the queue + } else if(sconf->act->serialize->q1 > r->request_time) { + // older request is waiting, take over + sconf->act->serialize->q2 = sconf->act->serialize->q1; + sconf->act->serialize->q1 = r->request_time; + } else if(sconf->act->serialize->q2 == 0) { + // no one in on the second place + sconf->act->serialize->q2 = r->request_time; + } else if(sconf->act->serialize->q2 == r->request_time) { + // already next in the queue + } else if(sconf->act->serialize->q2 > r->request_time) { + // older request is waiting in the second position, take over + sconf->act->serialize->q2 = r->request_time; + } + } + if(locked) { + sconf->act->serialize->locked = 1; + rctx->srv_serialize_set = 1; + } + apr_global_mutex_unlock(sconf->act->lock); /* @CRT44 */ + if(!locked) { + /* sleep 50ms */ + qs_set_evmsg(r, "s;"); + if(sconf->log_only) { + return; + } + apr_sleep(50000); + } + if(loops >= sconf->serializeTMO) { + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, 0, r, + QOS_LOG_PFX(068)"QS_SrvSerialize exceeds limit of %d seconds, " + "id=%s", + sconf->serializeTMO / 20, + qos_unique_id(r, "037")); + QS_INC_EVENT(sconf, 37); + /* remove this request from the queue resp. clear the queue + to avoid a deadlock */ + apr_global_mutex_lock(sconf->act->lock); /* @CRT44.1 */ + sconf->act->serialize->q2 = 0; + sconf->act->serialize->q1 = 0; + apr_global_mutex_unlock(sconf->act->lock); /* @CRT44.1 */ + break; + } + loops++; + } +} + +/* + * QS_ClientSerialize + */ +static void qos_hp_cc_serialize(request_rec *r, qos_srv_config *sconf, qs_req_ctx * rctx) { + qos_user_t *u = qos_get_user_conf(sconf->act->ppool); + qs_conn_ctx *cconf = qos_get_cconf(r->connection); + if(!rctx) { + rctx = qos_rctx_config_get(r); + } + if(u && cconf) { + int loops = 0; + int locked = 0; + qos_s_entry_t searchE; + const char *forwardedForLogIP = qos_get_clientIP(r, sconf, cconf, + "hp", rctx->cc_serialize_ip); + searchE.ip6[0] = rctx->cc_serialize_ip[0]; + searchE.ip6[1] = rctx->cc_serialize_ip[1]; + + /* wait until we get a lock */ + while(!locked) { + qos_s_entry_t **clientEntry = NULL; + apr_global_mutex_lock(u->qos_cc->lock); /* @CRT36 */ + clientEntry = qos_cc_getOrSet(u->qos_cc, &searchE, apr_time_sec(r->request_time)); + if((*clientEntry)->serialize == 0) { + // free! check if this request is the next in the queue */ + if(((*clientEntry)->serializeQueue == 0) || (r->request_time <= (*clientEntry)->serializeQueue)) { + (*clientEntry)->serialize = 1; + (*clientEntry)->serializeQueue = 0; + rctx->cc_serialize_set = 1; + locked = 1; + } + } else { + // put the request into the queue + if((*clientEntry)->serializeQueue == 0) { + // the only waiting req + (*clientEntry)->serializeQueue = r->request_time; + } else { + if((*clientEntry)->serializeQueue > r->request_time) { + // this request is waiting for a longer time + (*clientEntry)->serializeQueue = r->request_time; + } + } + } + apr_global_mutex_unlock(u->qos_cc->lock); /* @CRT36 */ + if(!locked) { + /* sleep 100ms */ + qs_set_evmsg(r, "s;"); + if(sconf->log_only) { + return; + } + apr_sleep(100000); + } + // max wait time: 5 minutes + if(loops >= 3000) { + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, 0, r, + QOS_LOG_PFX(068)"QS_ClientSerialize exceeds limit of 5 minutes, " + "c=%s, id=%s", + forwardedForLogIP == NULL ? "-" : forwardedForLogIP, + qos_unique_id(r, "068")); + QS_INC_EVENT(sconf, 68); + /* remove this request from the queue resp. clear the queue + to avoid a deadlock */ + apr_global_mutex_lock(u->qos_cc->lock); /* @CRT36.1 */ + clientEntry = qos_cc_getOrSet(u->qos_cc, &searchE, apr_time_sec(r->request_time)); + (*clientEntry)->serializeQueue = 0; + apr_global_mutex_unlock(u->qos_cc->lock); /* @CRT36.1 */ + break; + } + loops++; + } + } +} + +/* + * QS_ClientEventRequestLimit + */ +static int qos_hp_cc_event_count(request_rec *r, qos_srv_config *sconf, + qs_req_ctx * rctx) { + qos_user_t *u = qos_get_user_conf(sconf->act->ppool); + qs_conn_ctx *cconf = qos_get_cconf(r->connection); + if(!rctx) { + rctx = qos_rctx_config_get(r); + } + if(u && cconf && + r->subprocess_env && apr_table_get(r->subprocess_env, "QS_EventRequest")) { + int vip = 0; + int count = 0; + qos_s_entry_t **clientEntry = NULL; + qos_s_entry_t searchE; + const char *forwardedForLogIP = qos_get_clientIP(r, sconf, cconf, + "hp", rctx->cc_event_ip); + + rctx->cc_event_req_set = 1; + searchE.ip6[0] = rctx->cc_event_ip[0]; + searchE.ip6[1] = rctx->cc_event_ip[1]; + apr_global_mutex_lock(u->qos_cc->lock); /* @CRT33 */ + clientEntry = qos_cc_getOrSet(u->qos_cc, &searchE, apr_time_sec(r->request_time)); + if((*clientEntry)->event_req < INT_MAX) { + (*clientEntry)->event_req++; + } + count = (*clientEntry)->event_req; + if((*clientEntry)->vip || rctx->is_vip) { + vip = 1; + } + apr_global_mutex_unlock(u->qos_cc->lock); /* @CRT33 */ + if(vip) { + apr_table_set(r->subprocess_env, QS_ISVIPREQ, "yes"); + } + if(count > sconf->qos_cc_event_req) { + if(vip) { + qs_set_evmsg(r, "S;"); + } else { + int rc; + const char *error_page = sconf->error_page; + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, + QOS_LOG_PFX(065)"access denied%s," + " QS_ClientEventRequestLimit rule:" + " max=%d, current=%d, c=%s, id=%s", + sconf->log_only ? " (log only)" : "", + sconf->qos_cc_event_req, + count, + forwardedForLogIP == NULL ? "-" : + forwardedForLogIP, + qos_unique_id(r, "065")); + QS_INC_EVENT(sconf, 65); + qs_set_evmsg(r, "D;"); + if(!sconf->log_only) { + rc = qos_error_response(r, error_page); + if((rc == DONE) || (rc == HTTP_MOVED_TEMPORARILY)) { + return rc; + } + return m_retcode; + } + } + } + } + return DECLINED; +} + +/* QS_SetEnvIfCmp */ +static void qos_setenvifcmp(request_rec *r, apr_array_header_t *cmps) { + int i; + qos_cmp_entry_t *entries = (qos_cmp_entry_t *)cmps->elts; + for(i = 0; i < cmps->nelts; ++i) { + qos_cmp_entry_t *b = &entries[i]; + const char *leftStr = apr_table_get(r->subprocess_env, b->left); + const char *rightStr = apr_table_get(r->subprocess_env, b->right); + if(leftStr != NULL && rightStr != NULL) { + int set = 0; + if(qos_isnum(leftStr) && qos_isnum(rightStr)) { + int left = atoi(leftStr); + int right = atoi(rightStr); + switch (b->cmp) { + case QS_CMP_EQ: + if(left == right) { + set = 1; + } + break; + case QS_CMP_NE: + if(left != right) { + set = 1; + } + break; + case QS_CMP_GT: + if(left > right) { + set = 1; + } + break; + case QS_CMP_LT: + if(left < right) { + set = 1; + } + break; + } + } else { + int c = strcasecmp(leftStr, rightStr); + switch (b->cmp) { + case QS_CMP_EQ: + if(c == 0) { + set = 1; + } + break; + case QS_CMP_NE: + if(c != 0) { + set = 1; + } + break; + case QS_CMP_GT: + if(c < 0) { + set = 1; + } + break; + case QS_CMP_LT: + if(c > 0) { + set = 1; + } + break; + } + } + if(set) { + if(b->variable[0] == '!') { + apr_table_unset(r->subprocess_env, &b->variable[1]); + } else { + apr_table_set(r->subprocess_env, b->variable, b->value); + } + } + } + } + return; +} + +/* + * QS_EventPerSecLimit/QS_EventKBytesPerSecLimit + * returns the max req_per_sec_block_rate/kbytes_per_sec_limit and the event + * with the lowest kbytes_per_sec_limit. + */ +static qs_acentry_t *qos_hp_event_count(request_rec *r, + int *req_per_sec_block, + apr_off_t *kbytes_per_sec_limit) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(r->server->module_config, + &qos_module); + qs_actable_t *act = sconf->act; + qs_acentry_t *event_kbytes_limit = NULL; + *req_per_sec_block = 0; + *kbytes_per_sec_limit = 0; + if(act->has_events) { + qs_acentry_t *actEntry = act->entry; + if(actEntry) { + apr_global_mutex_lock(act->lock); /* @CRT12 */ + while(actEntry) { + if(actEntry->event && (actEntry->limit == -1)) { + if(((actEntry->event[0] != '!') && apr_table_get(r->subprocess_env, actEntry->event)) || + ((actEntry->event[0] == '!') && !apr_table_get(r->subprocess_env, &actEntry->event[1]))) { + if(actEntry->req_per_sec_limit) { + /* QS_EventPerSecLimit */ + if(actEntry->req_per_sec_block_rate > *req_per_sec_block) { + *req_per_sec_block = actEntry->req_per_sec_block_rate; + } + } else { + /* QS_EventKBytesPerSecLimit */ + if(actEntry->kbytes_per_sec_limit) { + if((*kbytes_per_sec_limit == 0) || + (actEntry->kbytes_per_sec_limit < *kbytes_per_sec_limit)) { + *kbytes_per_sec_limit = actEntry->kbytes_per_sec_limit; + event_kbytes_limit = actEntry; + } + } + } + } + } + actEntry = actEntry->next; + } + apr_global_mutex_unlock(act->lock); /* @CRT12 */ + } + } + return event_kbytes_limit; +} + +static apr_size_t qos_packet_rate(qos_ifctx_t *inctx, apr_bucket_brigade *bb) { + apr_bucket *b; + apr_size_t total = 0; + for(b = APR_BRIGADE_FIRST(bb); b != APR_BRIGADE_SENTINEL(bb); b = APR_BUCKET_NEXT(b)) { + if(b->length) { + total = total + b->length; + } + } + return total; +} + +/** + * start packet rate measure (if filter has not already been inserted) + */ +static void qos_pktrate_pc(conn_rec *connection, qos_srv_config *sconf) { + conn_rec *c = connection; + qos_ifctx_t *inctx = qos_get_ifctx(c->input_filters); + if(inctx == NULL) { + inctx = qos_create_ifctx(c, sconf); + ap_add_input_filter("qos-in-filter", inctx, NULL, c); + } + inctx->lowrate = 0; +} + +/** + * timeout control at process connection handler + */ +static void qos_timeout_pc(conn_rec *connection, qos_srv_config *sconf) { + conn_rec *c = connection; + qos_ifctx_t *inctx = qos_get_ifctx(c->input_filters); + if(inctx) { + inctx->status = QS_CONN_STATE_HEAD; + inctx->time = time(NULL); + inctx->nbytes = 0; +#if APR_HAS_THREADS + if(sconf->inctx_t && !sconf->inctx_t->exit && sconf->min_rate_off == 0) { + apr_thread_mutex_lock(sconf->inctx_t->lock); /* @CRT22 */ + apr_table_setn(sconf->inctx_t->table, + QS_INCTX_ID, + (char *)inctx); + apr_thread_mutex_unlock(sconf->inctx_t->lock); /* @CRT22 */ + } +#endif + } +} + +/** + * determines client behavior based on accessed content types + * + * @return 0=normal, -1=unknown (not enough data), >=1 abnormal + */ +static int qos_content_type(request_rec *r, qos_srv_config *sconf, + qos_s_t *s, qos_s_entry_t *e, int limit) { + int penalty = -1; + const char *ct = apr_table_get(r->headers_out, "Content-Type"); + e->events++; // events counts requests and connections + if(r->status == 304) { + e->notmodified ++; + s->notmodified ++; + } + if(ct) { + if(ap_strcasestr(ct, "html")) { + e->events++; // learn faster if user requests HTML content (main pages) + e->html++; + s->html++; + goto end; + } else if(ap_strcasestr(ct, "image")) { + e->img++; + s->img++; + goto end; + } else if(ap_strcasestr(ct, "css")) { + e->cssjs++; + s->cssjs++; + goto end; + } else if(ap_strcasestr(ct, "javascript")) { + e->cssjs++; + s->cssjs++; + goto end; + } + } + e->other++; + s->other++; + + end: + /* compare this client with other clients */ + if(e->events > QOS_CC_BEHAVIOR_THR_SINGLE) { + penalty = 0; + if(limit && + ((sconf->static_on == 1) || + (s->html > QOS_CC_BEHAVIOR_THR && s->html && s->img && s->cssjs && s->other && s->notmodified))) { + int i; + unsigned int server[5]; + unsigned int client[5]; + // note: all e->* variables are initialized by "1" to avoid FPE + if(sconf->static_on == 1) { + /* use predefined value */ + unsigned long e_all = e->html + e->img + e->cssjs + e->other + e->notmodified; + server[0] = sconf->static_html; + server[1] = sconf->static_cssjs; + server[2] = sconf->static_img; + server[3] = sconf->static_other; + server[4] = sconf->static_notmodified; + client[0] = 100 * e->html / e_all; + client[1] = 100 * e->cssjs / e_all; + client[2] = 100 * e->img / e_all; + client[3] = 100 * e->other / e_all; + client[4] = 100 * e->notmodified / e_all; + } else { + /* learn average */ + unsigned long long s_all = s->html + s->img + s->cssjs + s->other + s->notmodified; + unsigned long e_all = e->html + e->img + e->cssjs + e->other + e->notmodified; + server[0] = 100 * s->html / s_all; + server[1] = 100 * s->cssjs / s_all; + server[2] = 100 * s->img / s_all; + server[3] = 100 * s->other / s_all; + server[4] = 100 * s->notmodified / s_all; + client[0] = 100 * e->html / e_all; + client[1] = 100 * e->cssjs / e_all; + client[2] = 100 * e->img / e_all; + client[3] = 100 * e->other / e_all; + client[4] = 100 * e->notmodified / e_all; + } + for(i = 0; i < 5; i++) { + if(client[i] > (server[i] + sconf->cc_tolerance)) { + penalty++; + } else { + if((server[i] > sconf->cc_tolerance) && + (client[i] < (server[i] - sconf->cc_tolerance))) { + penalty++; + } + } + } + } + } + return penalty; +} + +//static void qos_error_log(const char *file, int line, int level, +// apr_status_t status, const server_rec *s, +// const request_rec *r, apr_pool_t *pool, +// const char *errstr) { +// return; +//} + +/** + * QS_EventLimitCount, detect/update only + */ +static void qos_logger_event_limit(request_rec *r, qos_srv_config *sconf) { + qs_actable_t *act = sconf->act; + if(act->event_entry && (sconf->event_limit_a->nelts > 0)) { + apr_time_t now = apr_time_sec(r->request_time); + int i; + qos_event_limit_entry_t *actEntry = act->event_entry; + apr_global_mutex_lock(act->lock); /* @CRT42 */ + for(i = 0; i < sconf->event_limit_a->nelts; i++) { + if(actEntry->action == QS_EVENT_ACTION_DENY) { + int decEvent = get_qs_event(r, actEntry->eventDecStr); + if(decEvent > 0) { + if(decEvent >= actEntry->limit) { + actEntry->limit = 0; + actEntry->limitTime = 0; + } else { + actEntry->limit = actEntry->limit - decEvent; + } + } + if(apr_table_get(r->subprocess_env, actEntry->env_var) != NULL) { + // increment only once + char *eventLimitId = apr_pstrcat(r->pool, QS_R013_ALREADY_BLOCKED, actEntry->env_var, NULL); + if(apr_table_get(r->notes, eventLimitId) == NULL) { + // reset required (expired)? + if(actEntry->limitTime + actEntry->seconds < now) { + actEntry->limit = 0; + actEntry->limitTime = 0; + } + /* increment limit event */ + if(actEntry->limit < INT_MAX) { + actEntry->limit++; + } + if(actEntry->limit == 1) { + /* ... and start timer */ + actEntry->limitTime = now; + } + } + } + } + // next rule + actEntry++; + } + apr_global_mutex_unlock(act->lock); /* @CRT42 */ + } +} + +/** + * client control rules at log transaction + */ +static void qos_logger_cc(request_rec *r, qos_srv_config *sconf, qs_req_ctx *rctx) { + int lowrate = 0; + int unusual_behavior = -1; + int block_event = get_qs_event(r, QS_BLOCK); + const char *block_seen = apr_table_get(r->subprocess_env, QS_BLOCK_SEEN); + int block_dec = get_qs_event(r, QS_BLOCK_DEC); + qs_conn_ctx *cconf = qos_get_cconf(r->connection); + qos_user_t *u = qos_get_user_conf(sconf->act->ppool); + apr_time_t now = apr_time_sec(r->request_time); + qos_s_entry_t **clientEntry = NULL; + qos_s_entry_t **clientEntryFromHdr = NULL; // client ip entry from header + qos_s_entry_t searchE; + qos_s_entry_t searchEFromHdr; + + if(block_seen != NULL) { + block_event = 0; + } + + if(sconf->qos_cc_prefer_limit || (sconf->req_rate != -1)) { + qos_ifctx_t *inctx = qos_get_ifctx(r->connection->input_filters); + if(inctx) { + if(inctx->lowrate > QS_PKT_RATE_TH) { + lowrate = inctx->lowrate; + } + if(inctx->lowrate != -1) { + inctx->lowrate = 0; + } + if(inctx->status > QS_CONN_STATE_NEW) { + inctx->r = NULL; + inctx->status = QS_CONN_STATE_KEEP; + } + if(inctx->shutdown) { + lowrate++; + inctx->shutdown = 0; + } + } + } + + if(cconf) { + // works for real connections only (no HTTP/2) + searchE.ip6[0] = cconf->ip6[0]; + searchE.ip6[1] = cconf->ip6[1]; + } else { + // HTTP/2 + apr_uint64_t ci6[2]; + qos_ip_str2long(QS_CONN_REMOTEIP(r->connection), ci6); + searchE.ip6[0] = ci6[0]; + searchE.ip6[1] = ci6[1]; + } + qos_get_clientIP(r, sconf, cconf, "logger", searchEFromHdr.ip6); + + apr_global_mutex_lock(u->qos_cc->lock); /* @CRT19 */ + clientEntry = qos_cc_getOrSet(u->qos_cc, &searchE, apr_time_sec(r->request_time)); + if(searchEFromHdr.ip6[0] == searchE.ip6[0] && searchEFromHdr.ip6[1] == searchE.ip6[1]) { + clientEntryFromHdr = clientEntry; // same as connection + } else { + clientEntryFromHdr = qos_cc_getOrSet(u->qos_cc, &searchEFromHdr, apr_time_sec(r->request_time)); + } + + if(rctx->cc_event_req_set) { + /* QS_ClientEventRequestLimit */ + qos_s_entry_t **eEvent = NULL; + rctx->cc_event_req_set = 0; + if(rctx->cc_event_ip[0] == searchE.ip6[0] && + rctx->cc_event_ip[1] == searchE.ip6[1]) { + // connection ip + eEvent = clientEntry; + } else if(rctx->cc_event_ip[0] == searchEFromHdr.ip6[0] && + rctx->cc_event_ip[1] == searchEFromHdr.ip6[1]) { + // from header + eEvent = clientEntryFromHdr; + } else { + // looks like the header has changed or is no longer available + qos_s_entry_t searchEvent; + searchEvent.ip6[0] = rctx->cc_event_ip[0]; + searchEvent.ip6[1] = rctx->cc_event_ip[1]; + eEvent = qos_cc_get0(u->qos_cc, &searchEvent, apr_time_sec(r->request_time)); + } + if(eEvent) { + if((*eEvent)->event_req > 0) { + (*eEvent)->event_req--; + } + } + } + + if(rctx->cc_serialize_set) { + /* QS_ClientSerialize */ + qos_s_entry_t **eSerialize = NULL; + rctx->cc_serialize_set = 0; + if(rctx->cc_serialize_ip[0] == searchE.ip6[0] && + rctx->cc_serialize_ip[1] == searchE.ip6[1]) { + // connection ip + eSerialize = clientEntry; + } else if(rctx->cc_serialize_ip[0] == searchEFromHdr.ip6[0] && + rctx->cc_serialize_ip[1] == searchEFromHdr.ip6[1]) { + // from header + eSerialize = clientEntryFromHdr; + } else { + // looks like the header has changed or is no longer available + qos_s_entry_t searchSerialize; + searchSerialize.ip6[0] = rctx->cc_serialize_ip[0]; + searchSerialize.ip6[1] = rctx->cc_serialize_ip[1]; + eSerialize = qos_cc_get0(u->qos_cc, &searchSerialize, apr_time_sec(r->request_time)); + } + if(eSerialize) { + (*eSerialize)->serialize = 0; + } + } + + if(sconf->qos_cc_prefer) { + // QS_ClientPrefer is not enabled + unusual_behavior = qos_content_type(r, sconf, u->qos_cc, *clientEntry, sconf->qos_cc_prefer_limit); + if(unusual_behavior == 0) { + // normal behavior + (*clientEntry)->lowratestatus |= QOS_LOW_FLAG_BEHAVIOR_OK; + (*clientEntry)->lowratestatus &= ~QOS_LOW_FLAG_BEHAVIOR_BAD; + } else { + // unknown or bad behavior + (*clientEntry)->lowratestatus &= ~QOS_LOW_FLAG_BEHAVIOR_OK; + } + } + + if(block_event || block_dec || lowrate || (unusual_behavior > 0)) { + if(((*clientEntry)->blockTime + sconf->qos_cc_blockTime) < now) { + /* reset expired events */ + if((*clientEntry)->blockMsg > QS_LOG_REPEAT) { + // write remaining log lines + ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r->connection->base_server, + QOS_LOG_PFX(060)"access denied (previously), " + "QS_ClientEventBlockCount rule: " + "max=%d, current=%hu, " + "message repeated %d times, " + "c=%s", + sconf->qos_cc_block, + (*clientEntry)->block, + (*clientEntry)->blockMsg % QS_LOG_REPEAT, + QS_CONN_REMOTEIP(r->connection) == NULL ? "-" : + QS_CONN_REMOTEIP(r->connection)/*no id here, this r is okay*/); + QS_INC_EVENT_LOCKED(sconf, 60); + (*clientEntry)->blockMsg = 0; + } + (*clientEntry)->block = 0; + (*clientEntry)->blockTime = 0; + } + /* mark lowpkt client */ + if(lowrate || (unusual_behavior > 0)) { + (*clientEntry)->lowrate = apr_time_sec(r->request_time); + if(lowrate) { + (*clientEntry)->lowratestatus |= QOS_LOW_FLAG_PKGRATE; + } + if(unusual_behavior > 1) { + (*clientEntry)->lowratestatus |= QOS_LOW_FLAG_BEHAVIOR_BAD; + (*clientEntry)->lowratestatus &= ~QOS_LOW_FLAG_BEHAVIOR_OK; + } + qs_set_evmsg(r, "r;"); + } + if(block_dec > 0) { + if(block_dec >= (*clientEntry)->block) { + (*clientEntry)->block = 0; + (*clientEntry)->blockTime = 0; + } else { + (*clientEntry)->block = (*clientEntry)->block - block_dec; + } + } + if(block_event) { + int newValue = (*clientEntry)->block + block_event; + if((*clientEntry)->block == 0) { + /* start timer */ + (*clientEntry)->blockTime = now; + } + /* ...and increment/increase block event counter */ + (*clientEntry)->block = newValue > USHRT_MAX ? USHRT_MAX : newValue; + } + } else if((*clientEntry)->lowrate) { + /* reset low prio client after 24h (resp. QOS_LOW_TIMEOUT seconds) */ + if(((*clientEntry)->lowrate + QOS_LOW_TIMEOUT) < now) { + (*clientEntry)->lowrate = 0; + if((*clientEntry)->lowratestatus & QOS_LOW_FLAG_BEHAVIOR_OK) { + (*clientEntry)->lowratestatus = QOS_LOW_FLAG_BEHAVIOR_OK; + } else { + (*clientEntry)->lowratestatus = 0; + } + } + } + + /* QS_Limit* */ + if(u->qos_cc->limitTable) { + int limitTableIndex; + apr_table_entry_t *limitTableEntry = (apr_table_entry_t *)apr_table_elts(u->qos_cc->limitTable)->elts; + for(limitTableIndex = 0; + limitTableIndex < apr_table_elts(u->qos_cc->limitTable)->nelts; + limitTableIndex++) { + int eventSet = 0; + const char *eventName = limitTableEntry[limitTableIndex].key; + qos_s_entry_limit_conf_t *eventLimitConf = (qos_s_entry_limit_conf_t *)limitTableEntry[limitTableIndex].val; + const char *clearEvent = apr_table_get(r->subprocess_env, eventLimitConf->eventClearStr); + int decEvent = get_qs_event(r, eventLimitConf->eventDecStr); + + /* + * reset expired events, clear event counter, decrement event counter + */ + if(clearEvent || + (((*clientEntryFromHdr)->limit[limitTableIndex].limitTime + eventLimitConf->limitTime) < now)) { + (*clientEntryFromHdr)->limit[limitTableIndex].limit = 0; + (*clientEntryFromHdr)->limit[limitTableIndex].limitTime = 0; + } + if(decEvent > 0) { + if(decEvent >= (*clientEntryFromHdr)->limit[limitTableIndex].limit) { + (*clientEntryFromHdr)->limit[limitTableIndex].limit = 0; + (*clientEntryFromHdr)->limit[limitTableIndex].limitTime = 0; + } else { + (*clientEntryFromHdr)->limit[limitTableIndex].limit = (*clientEntryFromHdr)->limit[limitTableIndex].limit - decEvent; + } + } + + /* + * check for new events + */ + eventSet = get_qs_event(r, eventName); + if(eventSet) { + char *seenEvent; + if(strcasecmp(eventName, QS_LIMIT_DEFAULT) == 0) { + // backward compat/event forwarding + seenEvent = apr_pstrcat(r->pool, QS_LIMIT_SEEN, NULL); + } else { + seenEvent = apr_pstrcat(r->pool, QS_LIMIT_SEEN, eventName, NULL); + } + if(apr_table_get(r->subprocess_env, seenEvent) == NULL) { + int newValue = (*clientEntryFromHdr)->limit[limitTableIndex].limit + eventSet; + /* only once per request */ + apr_table_set(r->subprocess_env, seenEvent, ""); + if((*clientEntryFromHdr)->limit[limitTableIndex].limit == 0) { + /* start timer... */ + (*clientEntryFromHdr)->limit[limitTableIndex].limitTime = now; + } + /* ... and increase limit event */ + (*clientEntryFromHdr)->limit[limitTableIndex].limit = newValue > USHRT_MAX ? USHRT_MAX : newValue; + } + } + } + } + apr_global_mutex_unlock(u->qos_cc->lock); /* @CRT19 */ + if(block_event) { + /* only once per request */ + apr_table_set(r->subprocess_env, QS_BLOCK_SEEN, ""); + apr_table_set(r->connection->notes, QS_BLOCK_SEEN, ""); + } +} + +/** + * client control rules at header parser + */ +static int qos_hp_cc(request_rec *r, qos_srv_config *sconf, char **msg, char **uid) { + int ret = DECLINED; + if(sconf->has_qos_cc) { + int req_per_sec_block_rate = 0; + qos_s_entry_t **clientEntry = NULL; + qos_s_entry_t **clientEntryFromHdr = NULL; + qos_s_entry_t searchE; + qos_s_entry_t searchEFromHdr; + qs_conn_ctx *cconf = qos_get_cconf(r->connection); + const char *forwardedForLogIP = QS_CONN_REMOTEIP(r->connection); + qos_user_t *u = qos_get_user_conf(sconf->act->ppool); + int excludeFromBlock = qos_is_excluded_ip(r->connection, sconf->cc_exclude_ip); + if(cconf) { + searchE.ip6[0] = cconf->ip6[0]; + searchE.ip6[1] = cconf->ip6[1]; + } else { + // HTTP/2 + apr_uint64_t ci6[2]; + qos_ip_str2long(QS_CONN_REMOTEIP(r->connection), ci6); + searchE.ip6[0] = ci6[0]; + searchE.ip6[1] = ci6[1]; + } + + forwardedForLogIP = qos_get_clientIP(r, sconf, cconf, "hp", + searchEFromHdr.ip6); + + apr_global_mutex_lock(u->qos_cc->lock); /* @CRT17 */ + clientEntry = qos_cc_get0(u->qos_cc, &searchE, apr_time_sec(r->request_time)); + if(!clientEntry) { + clientEntry = qos_cc_set(u->qos_cc, &searchE, apr_time_sec(r->request_time)); + } else { + /* update time */ + (*clientEntry)->time = apr_time_sec(r->request_time); + } + if(searchEFromHdr.ip6[0] == searchE.ip6[0] && searchEFromHdr.ip6[1] == searchE.ip6[1]) { + clientEntryFromHdr = clientEntry; // same as connection + } else { + clientEntryFromHdr = qos_cc_get0(u->qos_cc, &searchEFromHdr, apr_time_sec(r->request_time)); + if(!clientEntryFromHdr) { + clientEntryFromHdr = qos_cc_set(u->qos_cc, &searchEFromHdr, apr_time_sec(r->request_time)); + } else { + /* update time */ + (*clientEntryFromHdr)->time = apr_time_sec(r->request_time); + } + } + if(sconf->qos_cc_event) { + apr_time_t now = apr_time_sec(r->request_time); + const char *v = apr_table_get(r->subprocess_env, QS_EVENT); + if(v) { + if((*clientEntry)->req < LONG_MAX) { + (*clientEntry)->req++; + } + if(now > (*clientEntry)->interval + QS_BW_SAMPLING_RATE) { + /* calc req/sec */ + (*clientEntry)->req_per_sec = (*clientEntry)->req / (now - (*clientEntry)->interval); + (*clientEntry)->req = 0; + (*clientEntry)->interval = now; + /* calc block rate */ + if((*clientEntry)->req_per_sec > sconf->qos_cc_event) { + int factor = (((*clientEntry)->req_per_sec * 100) / sconf->qos_cc_event) - 100; + (*clientEntry)->req_per_sec_block_rate = (*clientEntry)->req_per_sec_block_rate + factor; + if((*clientEntry)->req_per_sec_block_rate > QS_MAX_DELAY/1000) { + (*clientEntry)->req_per_sec_block_rate = QS_MAX_DELAY/1000; + } + /* QS_ClientEventPerSecLimit */ + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, 0, r, + QOS_LOG_PFX(061)"request rate limit," + " rule: "QS_EVENT"(%d), req/sec=%ld," + " delay=%dms%s", + sconf->qos_cc_event, + (*clientEntry)->req_per_sec, (*clientEntry)->req_per_sec_block_rate, + (*clientEntry)->req_per_sec_block_rate == QS_MAX_DELAY/1000 ? " (max)" : ""); + QS_INC_EVENT_LOCKED(sconf, 61); + } else if((*clientEntry)->req_per_sec_block_rate > 0) { + if((*clientEntry)->req_per_sec_block_rate < 50) { + (*clientEntry)->req_per_sec_block_rate = 0; + } else { + int factor = (*clientEntry)->req_per_sec_block_rate / 4; + (*clientEntry)->req_per_sec_block_rate = (*clientEntry)->req_per_sec_block_rate - factor; + } + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, 0, r, + QOS_LOG_PFX(062)"request rate limit," + " rule: "QS_EVENT"(%d), req/sec=%ld," + " delay=%dms", + sconf->qos_cc_event, + (*clientEntry)->req_per_sec, (*clientEntry)->req_per_sec_block_rate); + QS_INC_EVENT_LOCKED(sconf, 62); + } + } + req_per_sec_block_rate = (*clientEntry)->req_per_sec_block_rate; + } + } + if(sconf->qos_cc_block && !excludeFromBlock) { + apr_time_t now = apr_time_sec(r->request_time); + int block_event = get_qs_event(r, QS_BLOCK); + if(((*clientEntry)->blockTime + sconf->qos_cc_blockTime) < now) { + /* reset expired events */ + if((*clientEntry)->blockMsg > QS_LOG_REPEAT) { + // write remaining log lines + ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r->connection->base_server, + QOS_LOG_PFX(060)"access denied (previously), " + "QS_ClientEventBlockCount rule: " + "max=%d, current=%hu, " + "message repeated %d times, " + "c=%s", + sconf->qos_cc_block, + (*clientEntry)->block, + (*clientEntry)->blockMsg % QS_LOG_REPEAT, + QS_CONN_REMOTEIP(r->connection) == NULL ? "-" : + QS_CONN_REMOTEIP(r->connection)/*no id here, this r is okay*/); + QS_INC_EVENT_LOCKED(sconf, 60); + (*clientEntry)->blockMsg = 0; + } + (*clientEntry)->block = 0; + (*clientEntry)->blockTime = 0; + } + if(block_event) { + if((*clientEntry)->block == 0) { + /* start timer */ + (*clientEntry)->blockTime = now; + } + /* ... and increment block event */ + (*clientEntry)->block += block_event; + /* only once per request */ + apr_table_set(r->subprocess_env, QS_BLOCK_SEEN, ""); + apr_table_set(r->connection->notes, QS_BLOCK_SEEN, ""); + } + if((*clientEntry)->block >= sconf->qos_cc_block) { + *uid = apr_pstrdup(r->connection->pool, "060"); + *msg = apr_psprintf(r->connection->pool, + QOS_LOG_PFX(060)"access denied%s, " + "QS_ClientEventBlockCount rule: " + "max=%d, current=%hu, age=%"APR_TIME_T_FMT", c=%s", + sconf->log_only ? " (log only)" : "", + sconf->qos_cc_block, + (*clientEntry)->block, + now - (*clientEntry)->blockTime, + QS_CONN_REMOTEIP(r->connection) == NULL ? "-" : + QS_CONN_REMOTEIP(r->connection)); + QS_INC_EVENT_LOCKED(sconf, 60); + ret = m_retcode; + (*clientEntry)->lowrate = apr_time_sec(r->request_time); + (*clientEntry)->lowratestatus |= QOS_LOW_FLAG_EVENTBLOCK; + qs_set_evmsg(r, "r;"); + } + } + if(u->qos_cc->limitTable) { + apr_time_t now = apr_time_sec(r->request_time); + int limitTableIndex; + apr_table_entry_t *limitTableEntry = (apr_table_entry_t *)apr_table_elts(u->qos_cc->limitTable)->elts; + for(limitTableIndex = 0; + limitTableIndex < apr_table_elts(u->qos_cc->limitTable)->nelts; + limitTableIndex++) { + time_t remaining = 0; + int eventSet = 0; + const char *eventName = limitTableEntry[limitTableIndex].key; + qos_s_entry_limit_conf_t *eventLimitConf = (qos_s_entry_limit_conf_t *)limitTableEntry[limitTableIndex].val; + const char *clearEvent = apr_table_get(r->subprocess_env, eventLimitConf->eventClearStr); + + /* + * reset expired events or clear event counter + */ + if(clearEvent || + (((*clientEntryFromHdr)->limit[limitTableIndex].limitTime + eventLimitConf->limitTime) < now)) { + (*clientEntryFromHdr)->limit[limitTableIndex].limit = 0; + (*clientEntryFromHdr)->limit[limitTableIndex].limitTime = 0; + } + + /* + * check for new events + */ + eventSet = get_qs_event(r, eventName); + if(eventSet) { + char *seenEvent; + if(strcasecmp(eventName, QS_LIMIT_DEFAULT) == 0) { + // backward compat/event forwarding + seenEvent = apr_pstrcat(r->pool, QS_LIMIT_SEEN, NULL); + } else { + seenEvent = apr_pstrcat(r->pool, QS_LIMIT_SEEN, eventName, NULL); + } + if(apr_table_get(r->subprocess_env, seenEvent) == NULL) { + int newValue = (*clientEntryFromHdr)->limit[limitTableIndex].limit + eventSet; + // first occurrence + apr_table_set(r->subprocess_env, seenEvent, ""); + if((*clientEntryFromHdr)->limit[limitTableIndex].limit == 0) { + /* .start timer */ + (*clientEntryFromHdr)->limit[limitTableIndex].limitTime = now; + } + /* increment limit event */ + (*clientEntryFromHdr)->limit[limitTableIndex].limit = newValue > USHRT_MAX ? USHRT_MAX : newValue; + } + } + + /* + * propagate to env + */ + apr_table_set(r->subprocess_env, + apr_pstrcat(r->pool, QS_LIMIT_NAME_PFX, eventName, NULL), + eventName); + apr_table_set(r->subprocess_env, + apr_pstrcat(r->pool, eventName, QS_COUNTER_SUFFIX, NULL), + apr_psprintf(r->pool, "%d", (*clientEntryFromHdr)->limit[limitTableIndex].limit)); + + remaining = ((*clientEntryFromHdr)->limit[limitTableIndex].limitTime + eventLimitConf->limitTime) - now; + apr_table_set(r->subprocess_env, + apr_pstrcat(r->pool, eventName, QS_LIMIT_REMAINING, NULL), + apr_psprintf(r->pool, "%"APR_TIME_T_FMT, remaining > 0 ? remaining : 0)); + + /* + * enforce limit + */ + if((*clientEntryFromHdr)->limit[limitTableIndex].limit >= eventLimitConf->limit) { + int block = 1; + char *conditional = ""; + if(eventLimitConf->condStr != NULL) { + // conditional enforcement... + const char *condition = apr_table_get(r->subprocess_env, QS_COND); + conditional = apr_pstrdup(r->pool, "Cond"); + if(condition == NULL) { + block = 0; // variable not set + } else { + if(ap_regexec(eventLimitConf->preg, condition, 0, NULL, 0) != 0) { + block = 0; // pattern does not match + } + } + } + if(block) { + if(ret == DECLINED || clientEntryFromHdr != clientEntry) { + /* log only one error (either block or limit) */ + *uid = apr_pstrdup(r->connection->pool, "067"); + *msg = apr_psprintf(r->connection->pool, + QOS_LOG_PFX(067)"access denied%s, " + "QS_%sClientEventLimitCount rule: " + "event=%s, " + "max=%hu, current=%hu, age=%"APR_TIME_T_FMT", c=%s", + sconf->log_only ? " (log only)" : "", + conditional, + eventName, + eventLimitConf->limit, + (*clientEntryFromHdr)->limit[limitTableIndex].limit, + now - (*clientEntryFromHdr)->limit[limitTableIndex].limitTime, + forwardedForLogIP == NULL ? "-" : forwardedForLogIP); + QS_INC_EVENT_LOCKED(sconf, 67); + ret = m_retcode; + } + } + if(clientEntryFromHdr == clientEntry) { + (*clientEntry)->lowrate = apr_time_sec(r->request_time); + (*clientEntry)->lowratestatus |= QOS_LOW_FLAG_EVENTLIMIT; + qs_set_evmsg(r, "r;"); + } + } + } + } + + /* reset low prio client after 24h */ + if(clientEntry && sconf->qos_cc_prefer) { + apr_time_t now = apr_time_sec(r->request_time); + if(((*clientEntry)->lowrate + QOS_LOW_TIMEOUT) < now) { + (*clientEntry)->lowrate = 0; + if((*clientEntry)->lowratestatus & QOS_LOW_FLAG_BEHAVIOR_OK) { + (*clientEntry)->lowratestatus = QOS_LOW_FLAG_BEHAVIOR_OK; + } else { + (*clientEntry)->lowratestatus = 0; + } + } + } + apr_global_mutex_unlock(u->qos_cc->lock); /* @CRT17 */ + + if(req_per_sec_block_rate) { + qs_set_evmsg(r, "L;"); + if(!sconf->log_only) { + apr_sleep(req_per_sec_block_rate*1000); + } + } + } + return ret; +} + +#if APR_HAS_THREADS +static apr_status_t qos_cleanup_status_thread(void *selfv) { + qsstatus_t *s = selfv; + s->exit = 1; + /* may long up to 100ms */ + if(m_threaded_mpm) { + apr_status_t status; + apr_thread_join(&status, s->thread); + //apr_pool_destroy(s->pool); + } + return APR_SUCCESS; +} + +// checks if connection counting is enabled (any host) +static int qos_count_connections(qos_srv_config *sconf) { + server_rec *s = sconf->base_server; + qos_srv_config *bsconf = (qos_srv_config*)ap_get_module_config(s->module_config, &qos_module); + if(QS_COUNT_CONNECTIONS(bsconf)) { + return 1; + } + s = s->next; + while(s) { + qos_srv_config *sc = (qos_srv_config*)ap_get_module_config(s->module_config, &qos_module); + if(QS_COUNT_CONNECTIONS(sc)) { + return 1; + } + s = s->next; + } + return 0; +} + +// total (server/all hosts) connections +static int qos_server_connections(qos_srv_config *sconf) { + server_rec *s = sconf->base_server; + qos_srv_config *bsconf = (qos_srv_config*)ap_get_module_config(s->module_config, &qos_module); + int connections = bsconf->act->conn->connections; + s = s->next; + while(s) { + qos_srv_config *sc = (qos_srv_config*)ap_get_module_config(s->module_config, &qos_module); + if(sc->act->conn != bsconf->act->conn) { + // server has either his own counter or the base server's counter + connections += sc->act->conn->connections; + } + s = s->next; + } + return connections; + /* + int i, j; + worker_score *ws_record; + process_score *ps_record; + for(i = 0; i < sconf->server_limit; ++i) { + ps_record = ap_get_scoreboard_process(i); + for(j = 0; j < sconf->thread_limit; ++j) { + ws_record = ap_get_scoreboard_worker(i, j); + if(!ps_record->quiescing && ps_record->pid) { + if(ws_record->status == SERVER_READY && ps_record->generation == qos_my_generation) { + ready++; + } + } + } + } + */ +} + +/** + * Status logger thread + * + * @param thread + * @param selfv Base server_rec + */ +static void *APR_THREAD_FUNC qos_status_thread(apr_thread_t *thread, void *selfv) { + qsstatus_t *s = selfv; + int server_limit, thread_limit; + ap_mpm_query(AP_MPMQ_HARD_LIMIT_THREADS, &thread_limit); + ap_mpm_query(AP_MPMQ_HARD_LIMIT_DAEMONS, &server_limit); + while(!s->exit) { + char clientContentTypes[8192]; + char allConn[64]; + int s_busy = 0; + int s_open = 0; + int s_ready = 0; + int s_read = 0; + int s_write = 0; + int s_keep = 0; + int s_start = 0; + int s_log = 0; + int s_dns = 0; + int s_closing = 0; + int s_usr1 = 0; + int s_kill = 0; + worker_score ws_record; + int c, i, e; + time_t now = time(NULL); + int run = 0; + e = 60 - (now % 60); + e = e * 10; + for(c = 0; c < e; c++) { + apr_sleep(100000); + if(s->exit) { + run = 0; + break; + } + } + if(!s->exit) { + apr_global_mutex_lock(s->lock); /* @CRT47 */ + now = time(NULL); + if(*s->qsstatustimer <= now) { + // set next and fetch the data + *s->qsstatustimer = (now/60*60 + 60); + run = 1; + } else { + // another child already did the job + run = 0; + } + apr_global_mutex_unlock(s->lock); /* @CRT47 */ + } + if(!s->exit && run) { + for(i = 0; i < server_limit; ++i) { + int j; + for(j = 0; j < thread_limit; ++j) { + int res; + ap_copy_scoreboard_worker(&ws_record, i, j); + res = ws_record.status; + if(res == SERVER_DEAD) { + s_open++; + } else if(res == SERVER_READY) { + s_ready++; + } else if(res == SERVER_BUSY_READ) { + s_read++; + s_busy++; + } else if(res == SERVER_BUSY_WRITE) { + s_write++; + s_busy++; + } else if(res == SERVER_BUSY_KEEPALIVE) { + s_keep++; + s_busy++; + } else if(res == SERVER_STARTING) { + s_start++; + } else if(res == SERVER_BUSY_LOG) { + s_log++; + s_busy++; + } else if(res == SERVER_BUSY_DNS) { + s_dns++; + s_busy++; + } else if(res == SERVER_CLOSING) { + s_closing++; + } else if(res == SERVER_GRACEFUL) { + s_usr1++; + } else if(res == SERVER_IDLE_KILL) { + s_kill++; + } + } + } + clientContentTypes[0] = '\0'; + if(s->sconf->qos_cc_prefer) { + qos_user_t *u = qos_get_user_conf(s->sconf->act->ppool); + if(u) { + unsigned long long html; + unsigned long long cssjs; + unsigned long long img; + unsigned long long other; + unsigned long long notmodified; + apr_global_mutex_lock(u->qos_cc->lock); /* @CRT48 */ + html = u->qos_cc->html; + cssjs = u->qos_cc->cssjs; + img = u->qos_cc->img; + other = u->qos_cc->other; + notmodified = u->qos_cc->notmodified; + apr_global_mutex_unlock(u->qos_cc->lock); /* @CRT48 */ + snprintf(clientContentTypes, 8191, ", \"clientContentTypes\": { " + "\"html\": %llu, \"css/js\": %llu," + " \"images\": %llu, \"other\": %llu, \"304\": %llu }", + html, cssjs, + img, other, notmodified + ); + } + } + allConn[0] = '\0'; + if(qos_count_connections(s->sconf)) { + apr_global_mutex_lock(s->lock); /* @CRT52 */ + int all_connections = qos_server_connections(s->sconf); + snprintf(allConn, 64, ", \"QS_AllConn\": %d", + all_connections + ); + apr_global_mutex_unlock(s->lock); /* @CRT52 */ + } + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s->sconf->base_server, + QOS_LOG_PFX(200)"{ \"scoreboard\": { " + "\"open\": %d, \"waiting\": %d, \"read\": %d, " + "\"write\": %d, \"keepalive\": %d, " + "\"start\": %d, \"log\": %d, " + "\"dns\": %d, \"closing\": %d, " + "\"finishing\": %d, \"idle\": %d }, " + "\"maxclients\": { " + "\"max\": %d, \"busy\": %d" + "%s }" + "%s }", + s_open, s_ready, s_read, + s_write, s_keep, + s_start, s_log, + s_dns, s_closing, + s_usr1, s_kill, + s->maxclients, s_busy, + allConn, + clientContentTypes); + } + } + if(m_threaded_mpm) { + apr_thread_exit(thread, APR_SUCCESS); + } + return NULL; +} + +/** + * Starts the stats logger thread + */ +static void qos_init_status_thread(apr_pool_t *p, qos_srv_config *sconf, int maxclients) { + qs_actable_t *act = sconf->act; + apr_pool_t *pool; + apr_threadattr_t *tattr; + qsstatus_t *s; + apr_pool_create(&pool, NULL); + s = apr_pcalloc(pool, sizeof(qsstatus_t)); + s->exit = 0; + s->pool = pool; + s->maxclients = maxclients; + s->qsstatustimer = act->qsstatustimer; + s->lock = act->lock; + s->sconf = sconf; + if(apr_threadattr_create(&tattr, pool) == APR_SUCCESS) { + if(apr_thread_create(&s->thread, tattr, qos_status_thread, s, pool) == APR_SUCCESS) { + apr_pool_pre_cleanup_register(p, s, qos_cleanup_status_thread); + } + } +} +#endif + +/** + * client control rules at process connection handler + */ +static int qos_cc_pc_filter(conn_rec *connection, qs_conn_ctx *cconf, qos_user_t *u, char **msg) { + conn_rec *c = connection; + int ret = DECLINED; + if(cconf && cconf->sconf->has_qos_cc) { + qos_s_entry_t **clientEntry = NULL; + qos_s_entry_t searchE; + searchE.ip6[0] = cconf->ip6[0]; + searchE.ip6[1] = cconf->ip6[1]; + apr_global_mutex_lock(u->qos_cc->lock); /* @CRT14 */ + clientEntry = qos_cc_getOrSet(u->qos_cc, &searchE, 0); + + /* early vip detection */ + if((*clientEntry)->vip) { + cconf->is_vip = 1; + apr_table_set(c->notes, QS_ISVIPREQ, "yes"); + } + + /* max connections */ + if(cconf->sconf->has_qos_cc && cconf->sconf->qos_cc_prefer) { + if(m_generation != u->qos_cc->generation_locked) { + u->qos_cc->connections++; + } else { + ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, 0, c->base_server, + QOS_LOG_PFX(166)"unexpected connection dispatching, skipping" + " connection counter update for QS_ClientPrefer rule, c=%s", + QS_CONN_REMOTEIP(cconf->mc) == NULL ? "-" : + QS_CONN_REMOTEIP(cconf->mc)); + } + if((*clientEntry)->lowrate) { + if(c->notes) { + char *flags = apr_psprintf(c->pool, "0x%02x", (*clientEntry)->lowratestatus); + apr_table_set(c->notes, "QS_ClientLowPrio", flags); + } + } + /* non vip (allow all vip addresses - no restrictions) */ + if(!(*clientEntry)->vip) { + if(u->qos_cc->connections > cconf->sconf->qos_cc_prefer_limit) { + int penalty = 4; // 2 to 12 points + int reqSpare = 0; + if((*clientEntry)->lowrate) { + if((*clientEntry)->lowratestatus & QOS_LOW_FLAG_PKGRATE) { + penalty++; + } + if((*clientEntry)->lowratestatus & QOS_LOW_FLAG_BEHAVIOR_BAD) { + penalty+=2; + } + if((*clientEntry)->lowratestatus & QOS_LOW_FLAG_EVENTBLOCK) { + penalty+=2; + } + if((*clientEntry)->lowratestatus & QOS_LOW_FLAG_EVENTLIMIT) { + penalty+=2; + } + if((*clientEntry)->lowratestatus & QOS_LOW_FLAG_TIMEOUT) { + penalty++; + } + } + if((*clientEntry)->lowratestatus & QOS_LOW_FLAG_BEHAVIOR_OK) { + // normal behavior + penalty-=2; + } + // calculate the min. required free connections allowing us to serve request by this IP + reqSpare = (cconf->sconf->max_clients - cconf->sconf->qos_cc_prefer_limit) * penalty / 12; + if((cconf->sconf->max_clients - u->qos_cc->connections) < reqSpare) { + /* not enough free connections */ + if(u->qos_cc->connections > cconf->sconf->qos_cc_prefer_limit) { + *msg = apr_psprintf(cconf->mc->pool, + QOS_LOG_PFX(066)"access denied%s, " + "QS_ClientPrefer rule (penalty=%d 0x%02x): " + "max=%d, concurrent connections=%d, c=%s", + cconf->sconf->log_only ? " (log only)" : "", + penalty, (*clientEntry)->lowratestatus, + cconf->sconf->qos_cc_prefer_limit, u->qos_cc->connections, + QS_CONN_REMOTEIP(cconf->mc) == NULL ? "-" : + QS_CONN_REMOTEIP(cconf->mc)); + QS_INC_EVENT_LOCKED(cconf->sconf, 66); + ret = m_retcode; + } + } + } + } + } + + apr_global_mutex_unlock(u->qos_cc->lock); /* @CRT14 */ + } + return ret; +} + +/** + * calculates the current minimal up/download bandwidth + */ +static int qos_req_rate_calc(qos_srv_config *sconf, int *current) { + int req_rate = sconf->req_rate; + if(sconf->min_rate_max != -1) { + int connections = qos_server_connections(sconf); + if(connections > sconf->req_rate_start) { + /* keep the minimal rate until reaching the min connections */ + req_rate = req_rate + (sconf->min_rate_max * connections / sconf->max_clients); + if(connections > sconf->max_clients) { + // limit the max rate to its max if we have more connections then expected + if(connections > (sconf->max_clients + QS_DOUBLE_CONN_H)) { + ap_log_error(APLOG_MARK, APLOG_CRIT, 0, sconf->base_server, + QOS_LOG_PFX(036)"QS_SrvMinDataRate: unexpected connection status!" + " connections=%d," + " cal. request rate=%d," + " max. limit=%d." + " Check log for unclean child exit and consider" + " to do a graceful server restart if this condition persists." + " You might also increase the number of supported connections" + " using the 'QS_MaxClients' directive.", + connections, req_rate, sconf->min_rate_max); + } + QS_INC_EVENT(sconf, 36); + req_rate = sconf->min_rate_max; + } + } + *current = connections; + } + return req_rate; +} + +qos_s_entry_limit_conf_t *qos_getQSLimitEvent(qos_user_t *u, const char *event, + int *limitTableIndex) { + int i = 0; + apr_table_entry_t *limitTableEntry = (apr_table_entry_t *)apr_table_elts(u->qos_cc->limitTable)->elts; + for(i = 0; i < apr_table_elts(u->qos_cc->limitTable)->nelts; i++) { + const char *eventName = limitTableEntry[i].key; + if(strcasecmp(eventName, event) == 0) { + *limitTableIndex = i; + return (qos_s_entry_limit_conf_t *)limitTableEntry[i].val; + } + } + return NULL; +} + +/************************************************************************ + * "public" + ***********************************************************************/ + +/** + * short status viewer + */ +static void qos_ext_status_short(request_rec *r, apr_table_t *qt) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(r->server->module_config, + &qos_module); + server_rec *s = sconf->base_server; + qos_srv_config *bsconf = (qos_srv_config*)ap_get_module_config(s->module_config, + &qos_module); + const char *option = apr_table_get(qt, "option"); + const char *all_connections = apr_table_get(r->subprocess_env, "QS_AllConn"); + apr_time_t now = apr_time_sec(r->request_time); + double av[1]; + + qos_user_t *u = qos_get_user_conf(sconf->act->ppool); + +#if (!defined(WIN32) && !defined(__MINGW32__) && !defined(_WIN64) && !defined(CYGWIN)) + getloadavg(av, 1); + ap_rprintf(r, "b"QOS_DELIM"system.load: %.2f\n", av[0]); +#endif + + if(u->qos_cc && sconf->qos_cc_prefer) { + unsigned long long html; + unsigned long long cssjs; + unsigned long long img; + unsigned long long other; + unsigned long long notmodified; + char clientContentTypes[8192]; + apr_global_mutex_lock(u->qos_cc->lock); /* @CRT51 */ + html = u->qos_cc->html; + cssjs = u->qos_cc->cssjs; + img = u->qos_cc->img; + other = u->qos_cc->other; + notmodified = u->qos_cc->notmodified; + apr_global_mutex_unlock(u->qos_cc->lock); /* @CRT51 */ + snprintf(clientContentTypes, 8191, + "b;clientContentTypes(html,css/js,images,other,304): " + "%llu %llu %llu %llu %llu", + html, cssjs, img, other, notmodified + ); + ap_rprintf(r, "%s\n", clientContentTypes); + } + while(s) { + char *sn = apr_psprintf(r->pool, "%s"QOS_DELIM"%s"QOS_DELIM"%d", + s->is_virtual ? "v" : "b", + s->server_hostname == NULL ? "-" : + ap_escape_html(r->pool, s->server_hostname), + s->addrs->host_port); + sconf = (qos_srv_config*)ap_get_module_config(s->module_config, &qos_module); + if(all_connections && !s->is_virtual) { + ap_rprintf(r, "%s"QOS_DELIM"QS_AllConn: %s\n", sn, all_connections); + } + if((s->is_virtual && (sconf != bsconf)) || !s->is_virtual) { + qs_acentry_t *actEntry; + if(!s->is_virtual && sconf->has_qos_cc && sconf->qos_cc_prefer_limit) { + int hc = u->qos_cc->connections; /* not synchronized ... */ + ap_rprintf(r, "%s"QOS_DELIM"QS_ClientPrefer"QOS_DELIM"%d[]: %d\n", sn, + sconf->qos_cc_prefer_limit, hc); + } + /* request level */ + actEntry = sconf->act->entry; + while(actEntry) { + if((actEntry->limit > 0) && !actEntry->condition && !actEntry->event) { + ap_rprintf(r, "%s"QOS_DELIM"QS_LocRequestLimit%s"QOS_DELIM"%d[%s]: %d\n", sn, + actEntry->regex == NULL ? "" : "Match", + actEntry->limit, + actEntry->url, + actEntry->counter); + } + if((actEntry->req_per_sec_limit > 0) && !actEntry->event) { + ap_rprintf(r, "%s"QOS_DELIM"QS_LocRequestPerSecLimit%s"QOS_DELIM"%ld[%s]: %ld\n", sn, + actEntry->regex == NULL ? "" : "Match", + actEntry->req_per_sec_limit, + actEntry->url, + actEntry->req_per_sec); + } + if((actEntry->kbytes_per_sec_limit > 0) && !actEntry->event) { + ap_rprintf(r, "%s"QOS_DELIM"QS_LocKBytesPerSecLimit%s"QOS_DELIM"%"APR_OFF_T_FMT"[%s]: %"APR_OFF_T_FMT"\n", sn, + actEntry->regex == NULL ? "" : "Match", + actEntry->kbytes_per_sec_limit, + actEntry->url, + actEntry->kbytes_per_sec); + } + if(actEntry->condition && !actEntry->event) { + ap_rprintf(r, "%s"QOS_DELIM"QS_CondLocRequestLimitMatch"QOS_DELIM"%d[%s]: %d\n", sn, + actEntry->limit, + actEntry->url, + actEntry->counter); + } + if(actEntry->event && (actEntry->limit != -1)) { + ap_rprintf(r, "%s"QOS_DELIM"QS_EventRequestLimit"QOS_DELIM"%d[%s]: %d\n", sn, + actEntry->limit, + actEntry->url, + actEntry->counter); + } + if(actEntry->event && (actEntry->kbytes_per_sec_limit != 0)) { + ap_rprintf(r, "%s"QOS_DELIM"QS_EventKBytesPerSecLimit"QOS_DELIM"%"APR_OFF_T_FMT"[%s]: %"APR_OFF_T_FMT"\n", sn, + actEntry->kbytes_per_sec_limit, + actEntry->url, + now > (apr_time_sec(actEntry->kbytes_interval_us) + (QS_BW_SAMPLING_RATE*10)) ? 0 : actEntry->kbytes_per_sec); + } + if(actEntry->event && (actEntry->req_per_sec_limit > 0)) { + ap_rprintf(r, "%s"QOS_DELIM"QS_EventPerSecLimit"QOS_DELIM"%ld[%s]: %ld\n", sn, + actEntry->req_per_sec_limit, + actEntry->url, + now > (actEntry->interval + (QS_BW_SAMPLING_RATE*3)) ? 0 : actEntry->req_per_sec); + } + actEntry = actEntry->next; + } + /* event limit */ + if(sconf->event_limit_a->nelts > 0) { + int ie = 0; + qos_event_limit_entry_t *event_limit = sconf->act->event_entry; + for(ie = 0; ie < sconf->event_limit_a->nelts; ie++) { + int elimit = event_limit->limit; + if(event_limit->limitTime + event_limit->seconds <= now) { + elimit = 0; + } + if(event_limit->action == QS_EVENT_ACTION_DENY) { + ap_rprintf(r, "%s"QOS_DELIM"QS_%sEventLimitCount"QOS_DELIM"%d/%d[%s]: %d\n", + sn, + event_limit->condStr == NULL ? "" : "Cond", + event_limit->max, + event_limit->seconds, + event_limit->env_var, + elimit); + } + event_limit++; + } + } + if(!s->is_virtual || sconf->act->conn != bsconf->act->conn) { + if(sconf->max_conn != -1) { + ap_rprintf(r, "%s"QOS_DELIM"QS_SrvMaxConn"QOS_DELIM"%d[]: %d\n", sn, + sconf->max_conn, + sconf->act->conn->connections); + } + if(sconf->max_conn_close != -1) { + ap_rprintf(r, "%s"QOS_DELIM"QS_SrvMaxConnClose"QOS_DELIM"%d[]: %d\n", sn, + sconf->max_conn_close, + sconf->act->conn->connections); + } + if(option && strstr(option, "ip")) { + if(sconf->act->conn->connections) { + apr_table_t *entries = apr_table_make(r->pool, 100); + int j; + apr_table_entry_t *entry; + qos_collect_ip(r, sconf, entries, sconf->max_conn_per_ip, 0); + entry = (apr_table_entry_t *)apr_table_elts(entries)->elts; + for(j = 0; j < apr_table_elts(entries)->nelts; j++) { + ap_rprintf(r, "%s"QOS_DELIM"QS_SrvMaxConnPerIP"QOS_DELIM"%s: %s\n", + sn, + entry[j].key, entry[j].val); + } + } + } + } + } + s = s->next; + } + if(u->qos_cc && sconf->qsevents) { + int i = 0; + apr_table_t *eTable = apr_table_make(r->pool, QOS_LOG_MSGCT); + apr_table_entry_t *entry; + char buf1[1024]; + char buf2[1024]; + apr_global_mutex_lock(u->qos_cc->lock); /* @CRT50 */ + while(m_knownEvents[i] > 0) { + snprintf(buf1, 1023, "e;mod_qos(%03d);new: %llu", + m_knownEvents[i], u->qos_cc->eventLast[m_knownEvents[i]]); + snprintf(buf2, 1023, "e;mod_qos(%03d);total: %llu", + m_knownEvents[i], u->qos_cc->eventTotal[m_knownEvents[i]]); + apr_table_add(eTable, buf1, buf2); + u->qos_cc->eventLast[m_knownEvents[i]] = 0; + i++; + } + apr_global_mutex_unlock(u->qos_cc->lock); /* @CRT50 */ + entry = (apr_table_entry_t *)apr_table_elts(eTable)->elts; + for(i = 0; i < apr_table_elts(eTable)->nelts; ++i) { + ap_rprintf(r, "%s\n%s\n", entry[i].key, entry[i].val); + } + } +} + +/** + * Comperator for bsearch function + */ +static int qos_geo_comp(const void *_pA, const void *_pB) { + unsigned long *pA = (unsigned long *)_pA; + qos_geo_entry_t *pB = (qos_geo_entry_t *)_pB; + unsigned long search = *pA; + if((search >= pB->start) && (search <= pB->end)) return 0; + if(search > pB->start) return 1; + if(search < pB->start) return -1; + return -1; // error +} + +/** + * Translates an IP address (from geo csv) to a numeric value. + * + * @param pool To dup the string while parsing. + * @param ip + * @return + */ +static unsigned long qos_geo_str2long(apr_pool_t *pool, const char *ip) { + char *p; + char *i = apr_pstrdup(pool, ip); + unsigned long addr = 0; + + p = strchr(i, '.'); + if(!p) return 0; + p[0] = '\0'; + if(!qos_is_num(i)) return 0; + addr += (atol(i) * 16777216); + i = p; + i++; + + p = strchr(i, '.'); + if(!p) return 0; + p[0] = '\0'; + if(!qos_is_num(i)) return 0; + addr += (atol(i) * 65536); + i = p; + i++; + + p = strchr(i, '.'); + if(!p) return 0; + p[0] = '\0'; + if(!qos_is_num(i)) return 0; + addr += (atol(i) * 256); + i = p; + i++; + + if(!qos_is_num(i)) return 0; + addr += (atol(i)); + + return addr; +} + +/** + * Viewer settings about ip address information. + */ +static void qos_show_ip(request_rec *r, qos_srv_config *sconf, apr_table_t *qt) { + int max_conn_per_ip = 0; + server_rec *s = sconf->base_server; + apr_time_t now = apr_time_sec(r->request_time); + while(s) { + // enable per client connection search if any server has enabled QS_SrvMaxConnPerIP + qos_srv_config *conf = (qos_srv_config*)ap_get_module_config(s->module_config, &qos_module); + if(conf->max_conn_per_ip != -1) { + max_conn_per_ip = 1; + break; + } + s = s->next; + } + if(sconf->has_qos_cc || max_conn_per_ip) { + const char *option = apr_table_get(qt, "option"); + const char *refresh = apr_table_get(qt, "refresh"); + const char *address = apr_table_get(qt, "address"); + if(address) { + int escerr = 0; + char *ta = apr_pstrdup(r->pool, address); + qos_unescaping(ta, QOS_DEC_MODE_FLAGS_URL, &escerr); + address = ta; + } + if(strcmp(r->handler, "qos-viewer") == 0) { + ap_rputs("<table class=\"btable\"><tbody>\n", r); + ap_rputs(" <tr class=\"row\"><td>\n", r); + } else { + ap_rputs("<table border=\"1\"><tbody>\n", r); + ap_rputs(" <tr><td>\n", r); + } + if(strcmp(r->handler, "qos-viewer") == 0) { + ap_rputs(" <table border=\"0\" cellpadding=\"2\" " + "cellspacing=\"2\" style=\"width: 100%\"><tbody>\n",r); + } else { + ap_rputs(" <table border=\"1\" cellpadding=\"2\" " + "cellspacing=\"2\" style=\"width: 100%\"><tbody>\n",r); + } + ap_rputs(" <tr class=\"rowe\">\n", r); + ap_rputs(" <td colspan=\"9\">viewer settings</td>\n", r); + ap_rputs(" </tr>\n", r); + /* auto refresh */ + ap_rputs(" <tr class=\"rows\">\n" + " <td colspan=\"1\">auto refresh</td>\n", r); + ap_rputs(" <td colspan=\"8\">\n", r); + ap_rprintf(r, " <form action=\"%s\" method=\"get\">\n", + ap_escape_html(r->pool, r->parsed_uri.path)); + if(option && strstr(option, "ip")) { + ap_rprintf(r, " <input name=\"option\" value=\"ip\" type=\"hidden\">\n"); + } + if(address) { + ap_rprintf(r, " <input name=\"address\" value=\"%s\" type=\"hidden\">\n", + ap_escape_html(r->pool, address)); + } + if(refresh) { + ap_rprintf(r, " <input name=\"action\" value=\"disable\" type=\"submit\">\n"); + } else { + ap_rprintf(r, " <input name=\"action\" value=\"enable\" type=\"submit\">\n"); + ap_rprintf(r, " <input name=\"refresh\" value=\"\" type=\"hidden\">\n"); + } + ap_rputs(" </form>\n", r); + ap_rputs(" </td>\n", r); + ap_rputs(" </tr>\n", r); + /* show ip addresses and their connections */ + ap_rputs(" <tr class=\"rows\">\n" + " <td colspan=\"1\">client ip connections</td>\n", r); + ap_rputs(" <td colspan=\"8\">\n", r); + ap_rprintf(r, " <form action=\"%s\" method=\"get\">\n", + ap_escape_html(r->pool, r->parsed_uri.path)); + if(!option || (option && !strstr(option, "ip")) ) { + ap_rprintf(r, " <input name=\"option\" value=\"ip\" type=\"hidden\">\n"); + ap_rprintf(r, " <input name=\"action\" value=\"enable\" type=\"submit\">\n"); + } else { + ap_rprintf(r, " <input name=\"option\" value=\"no\" type=\"hidden\">\n"); + ap_rprintf(r, " <input name=\"action\" value=\"disable\" type=\"submit\">\n"); + } + if(address) { + ap_rprintf(r, " <input name=\"address\" value=\"%s\" type=\"hidden\">\n", + ap_escape_html(r->pool, address)); + } + if(refresh) { + ap_rprintf(r, " <input name=\"refresh\" value=\"\" type=\"hidden\">\n"); + } + ap_rputs(" </form>\n", r); + ap_rputs(" </td>\n", r); + ap_rputs(" </tr>\n", r); + + if(sconf->has_qos_cc) { + ap_rputs(" <tr class=\"rows\">\n" + " <td colspan=\"1\">search a client ip entry</td>\n", r); + ap_rputs(" <td colspan=\"8\">\n", r); + ap_rprintf(r, " <form action=\"%s\" method=\"get\">\n", + ap_escape_html(r->pool, r->parsed_uri.path)); + if(option && strstr(option, "ip")) { + ap_rprintf(r, " <input name=\"option\" value=\"ip\" type=\"hidden\">\n"); + } + if(refresh) { + ap_rprintf(r, " <input name=\"refresh\" value=\"\" type=\"hidden\">\n"); + } + ap_rprintf(r, " <input name=\"address\" value=\"%s\" type=\"text\">\n", + address ? ap_escape_html(r->pool, address) : "0.0.0.0"); + ap_rprintf(r, " <input name=\"action\" value=\"search\" type=\"submit\">\n"); + ap_rputs(" </form>\n", r); + ap_rputs(" </td>\n", r); + ap_rputs(" </tr>\n", r); + if(address) { + apr_uint64_t ip[2]; + qos_user_t *u = qos_get_user_conf(sconf->act->ppool); + if(qos_ip_str2long(address, ip)) { + unsigned long html; + unsigned long cssjs; + unsigned long img; + unsigned long other; + unsigned long notmodified; + qos_s_entry_t **clientEntry = NULL; + qos_s_entry_t searchE; + int found = 0; + apr_global_mutex_lock(u->qos_cc->lock); /* @CRT20 */ + html = u->qos_cc->html; + cssjs = u->qos_cc->cssjs; + img = u->qos_cc->img; + other = u->qos_cc->other; + notmodified = u->qos_cc->notmodified; + searchE.ip6[0] = ip[0]; + searchE.ip6[1] = ip[1]; + clientEntry = qos_cc_get0(u->qos_cc, &searchE, 0); + if(clientEntry) { + found = 1; + searchE.vip = (*clientEntry)->vip; + searchE.lowrate = (*clientEntry)->lowrate; + searchE.lowratestatus = (*clientEntry)->lowratestatus; + searchE.time = (*clientEntry)->time; + searchE.block = (*clientEntry)->block; + searchE.blockTime = (*clientEntry)->blockTime; + searchE.limit = (*clientEntry)->limit; + searchE.req_per_sec = (*clientEntry)->req_per_sec; + searchE.req_per_sec_block_rate = (*clientEntry)->req_per_sec_block_rate; + searchE.other = (*clientEntry)->other - 1; + searchE.html = (*clientEntry)->html - 1; + searchE.cssjs = (*clientEntry)->cssjs - 1; + searchE.img = (*clientEntry)->img - 1; + searchE.notmodified = (*clientEntry)->notmodified - 1; + searchE.event_req = (*clientEntry)->event_req; + } + apr_global_mutex_unlock(u->qos_cc->lock); /* @CRT20 */ + ap_rputs(" <tr class=\"rowt\">\n", r); + ap_rputs(" <td colspan=\"1\">IP</td>\n", r); + ap_rputs(" <td colspan=\"2\">last request</td>\n", r); + ap_rputs(" <td colspan=\"1\">" + "<div title=\"QS_VipHeaderName|QS_VipIPHeaderName\">vip</div></td>\n", r); + ap_rputs(" <td colspan=\"1\">" + "<div title=\"QS_ClientEventBlockCount\">blocked</div></td>\n", r); + ap_rputs(" <td colspan=\"1\">" + "<div title=\"QS_ClientEventLimitCount (QS_Limit)\">limited</div></td>\n", r); + ap_rputs(" <td colspan=\"2\">" + "<div title=\"QS_ClientEventPerSecLimit\">events/sec</div></td>\n", r); + ap_rputs(" <td colspan=\"1\">" + "<div title=\"QS_ClientPrefer
0x01 bad pkg rate
0x02 normal behavior
0x04 bad behavior
0x08 blocked
0x10 limited
0x20 timeout\">low prio</div></td>\n", r); + ap_rputs(" </tr>\n", r); + ap_rprintf(r, " <tr class=\"rows\">" + "<td colspan=\"1\">%s</td>", ap_escape_html(r->pool, address)); + if(!found) { + ap_rputs("<td colspan=\"8\"><i>not found</i></td>\n", r); + } else { + char buf[1024]; + struct tm *ptr = localtime(&searchE.time); + strftime(buf, sizeof(buf), "%d.%m.%Y %H:%M:%S", ptr); + ap_rprintf(r, "<td colspan=\"2\">%s</td>", buf); + ap_rprintf(r, "<td colspan=\"1\">%s</td>", searchE.vip ? "yes" : "no"); + if(sconf->qos_cc_blockTime > (time(NULL) - searchE.blockTime)) { + ap_rprintf(r, "<td colspan=\"1\">%d, %ld sec</td>", + searchE.block, time(NULL) - searchE.blockTime); + } else { + ap_rprintf(r, "<td colspan=\"1\">no</td>"); + } + + if(u->qos_cc->limitTable) { + int limitTableIndex; + qos_s_entry_limit_conf_t *eventLimitConf = qos_getQSLimitEvent(u, QS_LIMIT_DEFAULT, &limitTableIndex); + if(eventLimitConf) { + if(eventLimitConf->limitTime > (time(NULL) - searchE.limit[limitTableIndex].limitTime)) { + ap_rprintf(r, "<td colspan=\"1\">%hu, %ld sec</td>", + searchE.limit[limitTableIndex].limit, time(NULL) - searchE.limit[limitTableIndex].limitTime); + } else { + ap_rprintf(r, "<td colspan=\"1\">no</td>"); + } + } else { + ap_rprintf(r, "<td colspan=\"1\">off</td>"); + } + } else { + ap_rprintf(r, "<td colspan=\"1\">off</td>"); + } + ap_rprintf(r, "<td colspan=\"1\">%ld</td>", searchE.req_per_sec); + ap_rprintf(r, "<td colspan=\"1\">%d ms</td>", searchE.req_per_sec_block_rate); + ap_rprintf(r, "<td colspan=\"1\">%s (0x%02x)</td>\n", + (searchE.lowrate + QOS_LOW_TIMEOUT) > now ? "yes" : "no", + searchE.lowratestatus); + ap_rputs("</tr>\n", r); + ap_rprintf(r, " <tr class=\"rows\">" + "<td colspan=\"6\"> </td>" + "<td>" + "<div title=\"QS_ClientEventRequestLimit\">events:</div></td>" + "<td style=\"width:9%%\">%s</td>" + "<td colspan=\"1\"></td>" + "</tr>\n", (sconf->qos_cc_event_req == -1 ? "off" : apr_psprintf(r->pool, "%d", searchE.event_req))); + } + if(sconf->qos_cc_prefer) { + ap_rprintf(r, " <tr class=\"rowt\">" + "<td colspan=\"4\"></td>" + "<td style=\"width:9%%\">html</td>" + "<td style=\"width:9%%\">css/js</td>" + "<td style=\"width:9%%\">images</td>" + "<td style=\"width:9%%\">other</td>" + "<td style=\"width:9%%\">304</td>" + "</tr>\n"); + if(found) { + ap_rprintf(r, " <tr class=\"rows\">" + "<td colspan=\"4\"></td>" + "<td style=\"width:9%%\">%u</td>" + "<td style=\"width:9%%\">%u</td>" + "<td style=\"width:9%%\">%u</td>" + "<td style=\"width:9%%\">%u</td>" + "<td style=\"width:9%%\">%u</td>" + "</tr>\n", searchE.html, + searchE.cssjs, + searchE.img, + searchE.other, + searchE.notmodified); + } + ap_rprintf(r, " <tr class=\"rows\">" + "<td colspan=\"3\"></td>" + "<td style=\"width:9%%\"><div title=\"QS_ClientContentTypes\">all clients</div></td>" + "<td style=\"width:9%%\">%lu</td>" + "<td style=\"width:9%%\">%lu</td>" + "<td style=\"width:9%%\">%lu</td>" + "<td style=\"width:9%%\">%lu</td>" + "<td style=\"width:9%%\">%lu</td>" + "</tr>\n", html, cssjs, img, other, notmodified); + if(sconf->static_on == 1) { + unsigned long shtml = sconf->static_html; + unsigned long scssjs = sconf->static_cssjs; + unsigned long simg = sconf->static_img; + unsigned long sother = sconf->static_other; + unsigned long snotmodified = sconf->static_notmodified; + ap_rprintf(r, " <tr class=\"rows\">" + "<td colspan=\"3\"></td>" + "<td style=\"width:9%%\"><div title=\"QS_ClientContentTypes\">configured (global)</div></td>" + "<td style=\"width:9%%\">%lu</td>" + "<td style=\"width:9%%\">%lu</td>" + "<td style=\"width:9%%\">%lu</td>" + "<td style=\"width:9%%\">%lu</td>" + "<td style=\"width:9%%\">%lu</td>" + "</tr>\n", shtml, scssjs, + simg, sother, snotmodified); + } + } + } + } + } + ap_rprintf(r, " <tr class=\"row\">" + "<td style=\"width:28%%\"></td>" + "<td style=\"width:9%%\"></td>" + "<td style=\"width:9%%\"></td>" + "<td style=\"width:9%%\"></td>" + "<td style=\"width:9%%\"></td>" + "<td style=\"width:9%%\"></td>" + "<td style=\"width:9%%\"></td>" + "<td style=\"width:9%%\"></td>" + "<td style=\"width:9%%\"></td>" + "</tr>\n"); + ap_rputs(" </tbody></table>\n", r); + ap_rputs(" </tr></td>\n", r); + ap_rputs("</tbody></table>\n", r); + } +} + +/** + * Daws the load/connection bars at the top of the status page + * + * @param r + * @param bs + */ +static void qos_bars(request_rec *r, server_rec *bs) { + server_rec *s = bs; + qos_srv_config *bsconf = (qos_srv_config*)ap_get_module_config(s->module_config, &qos_module); + if(bsconf->act && bsconf->act->conn) { + int connections = -1; + double av[1]; + int load = 0; +#if (!defined(WIN32) && !defined(__MINGW32__) && !defined(_WIN64) && !defined(CYGWIN)) + getloadavg(av, 1); + load = av[0]; + if(load > 0) { + load = 100*load/(10+load); + } +#endif + + ap_rputs("<table class=\"btable\"><tbody>\n", r); + ap_rputs(" <tr class=\"row\"><td>\n", r); + + ap_rputs("<table border=\"0\" cellpadding=\"2\" " + "cellspacing=\"2\" style=\"width: 100%\"><tbody>\n",r); + ap_rputs("<tr class=\"rowe\">\n", r); + ap_rputs("<td colspan=\"2\">overview</td>", r); + ap_rputs("</tr>\n", r); + + if(bsconf->log_only) { + ap_rputs("<tr class=\"rowt\">\n", r); + ap_rputs("<td colspan=\"2\">running in 'log only' mode - rules are NOT enforced</td>", r); + ap_rputs("</tr>\n", r); + } + if(qos_count_connections(bsconf)) { + connections = qos_server_connections(bsconf); + } + if(connections != -1) { +#if (!defined(WIN32) && !defined(__MINGW32__) && !defined(_WIN64)) + ap_rprintf(r, "<tr class=\"rowt\">" + "<td colspan=\"1\">connections: %d</td>" + "<td colspan=\"1\">load: %.2f</td>" + "</tr>\n", connections, av[0]); +#else + ap_rprintf(r, "<tr class=\"rowt\">" + "<td colspan=\"1\">connections: %d</td>" + "<td colspan=\"1\">load: n/a</td>" + "</tr>\n", connections); +#endif + } else { +#if (!defined(WIN32) && !defined(__MINGW32__) && !defined(_WIN64)) + ap_rprintf(r, "<tr class=\"rowt\">" + "<td colspan=\"1\">connections: n/a</td>" + "<td colspan=\"1\">load: %.2f</td>" + "</tr>\n", av[0]); +#else + ap_rprintf(r, "<tr class=\"rowt\">" + "<td colspan=\"1\">connections: n/a</td>" + "<td colspan=\"1\">load: n/a</td>" + "</tr>\n"); +#endif + } + ap_rprintf(r, "<tr class=\"rows\">"); + ap_rprintf(r, "<td>"); + if(connections != -1) { + int percentage = 100 * connections / bsconf->max_clients; + if(percentage > 100) percentage = 100; + ap_rprintf(r, "<div class=\"prog-border\">" + "<div class=\"%s\" style=\"width: %d%%;\"></div></div>", + percentage < 90 ? "prog-bar" : "prog-bar-limit", + percentage); + ap_rprintf(r, "</td>"); + } else { + ap_rprintf(r, " "); + } + ap_rprintf(r, "<td>"); + ap_rprintf(r, "<div class=\"prog-border\">" + "<div class=\"prog-bar\" style=\"width: %d%%;\"></div></div>", + load); + ap_rprintf(r, "</td>"); + ap_rprintf(r, "</tr>\n"); + + ap_rputs("</tbody></table>\n", r); + + ap_rputs(" </tr></td>\n", r); + ap_rputs("</tbody></table>\n", r); + } +} + +/** + * (Extendet-)Status viewer, used by internal and mod_status handler. + */ +static int qos_ext_status_hook(request_rec *r, int flags) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(r->server->module_config, + &qos_module); + server_rec *s = sconf->base_server; + int i = 0; + apr_time_t now = apr_time_sec(r->request_time); + qos_srv_config *bsconf = (qos_srv_config*)ap_get_module_config(s->module_config, + &qos_module); + apr_table_t *qt = qos_get_query_table(r); + const char *option = apr_table_get(qt, "option"); + if(sconf->disable_handler == 1) { + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, + QOS_LOG_PFX(072)"handler has been disabled for this host, id=%s", + qos_unique_id(r, "072")); + return OK; + } + if (flags & AP_STATUS_SHORT) { + qos_ext_status_short(r, qt); + return OK; + } + if(qt && (apr_table_get(qt, "auto") != NULL)) { + qos_ext_status_short(r, qt); + return OK; + } + if(strcmp(r->handler, "qos-viewer") != 0) { + ap_rputs("<hr>\n", r); + ap_rputs("<table style=\"width:400px\" cellspacing=0 cellpadding=0>\n", r); + ap_rputs(" <tr><td bgcolor=\"#000000\">\n", r); + ap_rputs(" <b><font color=\"#ffffff\" face=\"Arial,Helvetica\">", r); + ap_rprintf(r, "mod_qos %s", ap_escape_html(r->pool, qos_revision(r->pool))); + ap_rputs(" </font></b>\r", r); + ap_rputs(" </td></tr>\n", r); + ap_rputs("</table>\n", r); + if(sconf->log_only) { + ap_rputs("<p>running in 'log only' mode - rules are NOT enforced</p>\n", r); + } + } +#ifdef QS_INTERNAL_TEST + { + apr_uint64_t remoteip[2]; + qs_conn_ctx *cconf = qos_get_cconf(r->connection); + qos_ip_str2long(QS_CONN_REMOTEIP(r->connection), remoteip); + if(cconf) { + remoteip[0] = cconf->ip6[0]; + remoteip[1] = cconf->ip6[1]; + } + ap_rputs("<p>TEST BINARY, NOT FOR PRODUCTIVE USE<br>\n", r); + ap_rprintf(r, "client ip=%s</p>\n", qos_ip_long2str(r->pool, remoteip)); + } +#endif + if(strcmp(r->handler, "qos-viewer") == 0) { + qos_bars(r, s); + } + qos_show_ip(r, bsconf, qt); + if(strcmp(r->handler, "qos-viewer") == 0) { + ap_rputs("<table class=\"btable\"><tbody>\n", r); + ap_rputs(" <tr class=\"row\"><td>\n", r); + } else { + ap_rputs("<table border=\"1\"><tbody>\n", r); + ap_rputs(" <tr><td>\n", r); + } + while(s) { + qs_acentry_t *actEntry; + if(strcmp(r->handler, "qos-viewer") == 0) { + ap_rputs(" <table border=\"0\" cellpadding=\"2\" " + "cellspacing=\"2\" style=\"width: 100%\"><tbody>\n",r); + } else { + ap_rputs(" <table border=\"1\" cellpadding=\"2\" " + "cellspacing=\"2\" style=\"width: 100%\"><tbody>\n",r); + } + ap_rputs(" <tr class=\"rowe\">\n", r); + ap_rprintf(r, " <td colspan=\"9\">%s:%d (%s)</td>\n", + s->server_hostname == NULL ? "-" : ap_escape_html(r->pool, s->server_hostname), + s->addrs->host_port, + s->is_virtual ? "virtual" : "base"); + ap_rputs(" </tr>\n", r); + sconf = (qos_srv_config*)ap_get_module_config(s->module_config, &qos_module); + + if((sconf == bsconf) && s->is_virtual) { + ap_rputs(" <tr class=\"rows\">\n" + " <td colspan=\"9\"><i>uses base server settings and counters</i></td>\n </tr>\n", r); + } else { + if(!s->is_virtual && sconf->has_qos_cc) { + qos_user_t *u = qos_get_user_conf(sconf->act->ppool); + int num = 0; + int max = 0; + int hc = -1; + apr_global_mutex_lock(u->qos_cc->lock); /* @CRT16 */ + hc = u->qos_cc->connections; + num = u->qos_cc->num; + max = u->qos_cc->max; + apr_global_mutex_unlock(u->qos_cc->lock); /* @CRT16 */ + ap_rputs("<tr class=\"rowt\">" + "<td colspan=\"6\">client control</td>" + "<td >max</td>" + "<td >limit </td>" + "<td >current </td>", r); + ap_rputs("</tr>\n", r); + ap_rprintf(r, "<tr class=\"rows\">"); + ap_rprintf(r, "<td colspan=\"6\"><div title=\"QS_ClientEntries\">clients in memory</div></td>"); + ap_rprintf(r, "<td >%d</td>", max); + ap_rprintf(r, "<td >-</td>"); + ap_rprintf(r, "<td >%d</td>", num); + ap_rputs("</tr>\n", r); + if(sconf->qos_cc_prefer) { + ap_rprintf(r, "<tr class=\"rows\">"); + ap_rprintf(r, "<td colspan=\"6\"><div title=\"QS_ClientPrefer\">connections</div></td>"); + ap_rprintf(r, "<td >%d</td>", sconf->qos_cc_prefer); + ap_rprintf(r, "<td >%d</td>", sconf->qos_cc_prefer_limit); + ap_rprintf(r, "<td >%d</td>", hc); + ap_rputs("</tr>\n", r); + } + /* + if(sconf->qos_cc_block) { + ap_rprintf(r, "<tr class=\"rows\">"); + ap_rprintf(r, "<td colspan=\"6\">block event</td>"); + ap_rprintf(r, "<td >%d</td>", sconf->qos_cc_block); + ap_rprintf(r, "<td > </td>"); + ap_rprintf(r, "<td >%d</td>", blocked); + ap_rputs("</tr>\n", r); + } + */ + } + /* request level */ + actEntry = sconf->act->entry; + if(actEntry) { + ap_rputs(" <tr class=\"rowt\">" + "<td colspan=\"1\">rule</td>" + "<td colspan=\"2\">" + "<div title=\"QS_LocRequestLimitMatch|QS_LocRequestLimit" + "|QS_CondLocRequestLimitMatch|QS_EventRequestLimit\">" + "concurrent requests</div></td>" + "<td colspan=\"3\">" + "<div title=\"QS_LocRequestPerSecLimitMatch|" + "QS_LocRequestPerSecLimit|QS_EventPerSecLimit\">" + "requests/second</div></td>" + "<td colspan=\"3\">" + "<div title=\"QS_LocKBytesPerSecLimitMatch|QS_LocKBytesPerSecLimit\">" + "kbytes/second</div></td>", r); + ap_rputs("</tr>\n", r); + ap_rputs(" <tr class=\"rowt\">" + "<td > </td>" + "<td >limit</td>" + "<td >current</td>" + "<td >wait rate</td>" + "<td >limit</td>" + "<td >current</td>" + "<td >wait rate</td>" + "<td >limit</td>" + "<td >current</td>", r); + ap_rputs("</tr>\n", r); + } + while(actEntry) { + char *red = "style=\"background-color: rgb(240,153,155);\""; + ap_rputs(" <tr class=\"rows\">", r); + ap_rprintf(r, "<!--%d--><td>%s%s</a></td>", i, + ap_escape_html(r->pool, qos_crline(r, actEntry->url)), + actEntry->condition == NULL ? "" : " <small>(conditional)</small>"); + if((actEntry->limit == 0) || (actEntry->limit == -1)) { + ap_rprintf(r, "<td>-</td>"); + ap_rprintf(r, "<td>-</td>"); + } else { + ap_rprintf(r, "<td>%d</td>", actEntry->limit); + ap_rprintf(r, "<td %s>%d</td>", + ((actEntry->counter * 100) / actEntry->limit) > 90 ? red : "", + actEntry->counter); + } + if(actEntry->req_per_sec_limit == 0) { + ap_rprintf(r, "<td>-</td>"); + ap_rprintf(r, "<td>-</td>"); + ap_rprintf(r, "<td>-</td>"); + } else { + ap_rprintf(r, "<td %s>%d ms</td>", + actEntry->req_per_sec_block_rate ? red : "", + actEntry->req_per_sec_block_rate); + ap_rprintf(r, "<td>%ld</td>", actEntry->req_per_sec_limit); + ap_rprintf(r, "<td %s>%ld</td>", + ((actEntry->req_per_sec * 100) / actEntry->req_per_sec_limit) > 90 ? red : "", + now > (actEntry->interval + (QS_BW_SAMPLING_RATE*3)) ? 0 : actEntry->req_per_sec); + } + if(actEntry->kbytes_per_sec_limit == 0) { + ap_rprintf(r, "<td>-</td>"); + ap_rprintf(r, "<td>-</td>"); + ap_rprintf(r, "<td>-</td>"); + } else { + int hasActualData = now > (apr_time_sec(actEntry->kbytes_interval_us) + QS_BW_SAMPLING_RATE) ? 0 : 1; + ap_rprintf(r, "<td %s>%"APR_OFF_T_FMT" ms</td>", + hasActualData && (actEntry->kbytes_per_sec_block_rate >= 1000) ? red : "", + actEntry->kbytes_per_sec_block_rate / 1000); + ap_rprintf(r, "<td>%"APR_OFF_T_FMT"</td>", actEntry->kbytes_per_sec_limit); + ap_rprintf(r, "<td %s>%"APR_OFF_T_FMT"</td>", + hasActualData && (((actEntry->kbytes_per_sec * 100) / actEntry->kbytes_per_sec_limit) > 90) ? red : "", + hasActualData ? actEntry->kbytes_per_sec : 0); + } + ap_rputs("</tr>\n", r); + actEntry = actEntry->next; + } + /* event limit */ + if(sconf->event_limit_a->nelts > 0) { + char *red = "style=\"background-color: rgb(240,153,155);\""; + int ie = 0; + qos_event_limit_entry_t *event_limit = sconf->act->event_entry; + ap_rputs(" <tr class=\"rowt\">" + "<td colspan=\"5\"><div title=\"QS_EventLimitCount\">events</div></td>" + "<td colspan=\"1\">limit</td>" + "<td colspan=\"1\">seconds</td>" + "<td colspan=\"2\">current</td>", r); + ap_rputs("</tr>\n", r); + for(ie = 0; ie < sconf->event_limit_a->nelts; ie++) { + int edelta = event_limit->limitTime + event_limit->seconds - now; + int elimit = event_limit->limit; + if(event_limit->limitTime + event_limit->seconds <= now) { + elimit = 0; + edelta = 0; + } + if(event_limit->action == QS_EVENT_ACTION_DENY) { + ap_rprintf(r, " <tr class=\"rows\">" + "<td colspan=\"5\">%s%s</td>" + "<td>%d</td><td>%ds</td><td %s>%d</td><td>%ds</td>" + "</tr>\n", + event_limit->env_var, + event_limit->condStr == NULL ? "" : " <small>(conditional)</small>", + event_limit->max, + event_limit->seconds, + elimit >= event_limit->max ? red : "", + elimit, + edelta); + } + event_limit++; + } + } + /* connection level */ + if(sconf->has_conn_counter == 1 || !s->is_virtual) { + char *red = "style=\"background-color: rgb(240,153,155);\""; + int c = qos_count_free_ip(sconf); + ap_rputs(" <tr class=\"rowt\">" + "<td colspan=\"9\">connections</td>", r); + ap_rputs("</tr>\n", r); + ap_rprintf(r, " <tr class=\"rows\">" + "<!--%d--><td colspan=\"6\">" + "<div title=\"QS_SrvMaxConnPerIP\">free ip entries</div></td>" + "<td colspan=\"3\">%d</td></tr>\n", i, c); + ap_rprintf(r, " <tr class=\"rows\">" + "<!--%d--><td colspan=\"6\">" + "<div title=\"QS_SrvMaxConn|QS_SrvMaxConnClose\">current connections</div></td>" + "<td %s colspan=\"3\">%d</td></tr>\n", i, + ( ( (sconf->max_conn_close != -1) && + (sconf->act->conn->connections >= sconf->max_conn_close) ) || + ( (sconf->max_conn != -1) && + (sconf->act->conn->connections >= sconf->max_conn) ) ) ? red : "", + sconf->act->conn->connections); + + if(!s->is_virtual) { + ap_rprintf(r, " <tr class=\"rows\">" + "<!--base--><td colspan=\"6\">" + "<div>total connections</div></td>" + "<td colspan=\"3\">%d</td></tr>\n", + qos_server_connections(sconf)); + } + + if(option && strstr(option, "ip")) { + apr_table_t *entries = apr_table_make(r->pool, 100); + int j; + apr_table_entry_t *entry; + ap_rputs(" <tr class=\"rowt\">" + "<td colspan=\"6\">" + "<div title=\"QS_SrvMaxConnPerIP\">client ip connections</div></td>" + "<td colspan=\"3\">current </td>", r); + ap_rputs("</tr>\n", r); + qos_collect_ip(r, sconf, entries, sconf->max_conn_per_ip, 1); + entry = (apr_table_entry_t *)apr_table_elts(entries)->elts; + for(j = 0; j < apr_table_elts(entries)->nelts; j++) { + ap_rputs(" <tr class=\"rows\">", r); + ap_rputs("<td colspan=\"6\">", r); + ap_rprintf(r, "%s</td></tr>\n", entry[j].key); + } + } + + ap_rputs(" <tr class=\"rowt\">" + "<td colspan=\"9\">connection settings</td>", r); + ap_rputs("</tr>\n", r); + ap_rprintf(r, " <tr class=\"rows\">" + "<td colspan=\"6\">" + "<div title=\"QS_SrvMaxConn\">max connections</div></td>"); + if(sconf->max_conn == -1) { + ap_rprintf(r, "<td colspan=\"3\">-</td></tr>\n"); + } else { + ap_rprintf(r, "<td colspan=\"3\">%d</td></tr>\n", sconf->max_conn); + } + ap_rprintf(r, " <tr class=\"rows\">" + "<td colspan=\"6\">" + "<div title=\"QS_SrvMaxConnClose\">max connections with keep-alive</div></td>"); + if(sconf->max_conn_close == -1) { + ap_rprintf(r, "<td colspan=\"3\">-</td></tr>\n"); + } else { + ap_rprintf(r, "<td colspan=\"3\">%d</td></tr>\n", sconf->max_conn_close); + } + ap_rprintf(r, " <tr class=\"rows\">" + "<td colspan=\"6\">" + "<div title=\"QS_SrvMaxConnPerIP\">max connections per client ip</div></td>"); + if(sconf->max_conn_per_ip == -1) { + ap_rprintf(r, "<td colspan=\"3\">-</td></tr>\n"); + } else { + ap_rprintf(r, "<td colspan=\"3\">%d</td></tr>\n", sconf->max_conn_per_ip); + } + ap_rprintf(r, " <tr class=\"rows\">" + "<td colspan=\"6\">" + "<div title=\"QS_SrvMinDataRate|QS_SrvRequestRate\">" + "min. data rate (bytes/sec) (min/max/current)</div></td>"); + if(sconf->req_rate == -1) { + ap_rprintf(r, "<td colspan=\"3\">-</td></tr>\n"); + } else { + int connections; + int rt = qos_req_rate_calc(sconf, &connections); + ap_rprintf(r, "<td colspan=\"3\">%d/%d/%d</td></tr>\n", + sconf->req_rate, + sconf->min_rate_max == -1 ? sconf->req_rate : sconf->min_rate_max, + rt); + } + } else { + ap_rputs(" <tr class=\"rowt\">" + "<td colspan=\"9\">connections</td>", r); + ap_rputs("</tr>\n", r); + ap_rputs(" <tr class=\"rows\">\n" + " <td colspan=\"9\"><i>uses base server settings and counters</i></td>\n </tr>\n", r); + } + } + ap_rprintf(r, " <tr class=\"row\">" + "<td style=\"width:28%%\"></td>" + "<td style=\"width:9%%\"></td>" + "<td style=\"width:9%%\"></td>" + "<td style=\"width:9%%\"></td>" + "<td style=\"width:9%%\"></td>" + "<td style=\"width:9%%\"></td>" + "<td style=\"width:9%%\"></td>" + "<td style=\"width:9%%\"></td>" + "<td style=\"width:9%%\"></td>" + "</tr>"); + i++; + s = s->next; + ap_rputs("</tbody></table>\n", r); + } + ap_rputs(" </td></tr>\n", r); + ap_rputs("</tbody></table>\n", r); + return OK; +} + +/** + * Disables request rate enforcements for all child processes (at start/fork) if + * init has failed. + * + * @param bs Base server_rec to iterate through all client configurations + * @param msg Error message to log (reason what has failed @init). + */ +static void qos_disable_req_rate(server_rec *bs, const char *msg) { + server_rec *s = bs->next; + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(bs->module_config, &qos_module); + ap_log_error(APLOG_MARK, APLOG_CRIT, 0, bs, + QOS_LOG_PFX(008)"could not create supervisor thread (%s)," + " disable request rate enforcement", msg); + sconf->req_rate = -1; + while(s) { + sconf = (qos_srv_config*)ap_get_module_config(s->module_config, &qos_module); + sconf->req_rate = -1; + s = s->next; + } +} + +/** + * stores the IP of the connection into the array and + * increments the array pointer (for QS_Block for connection errors) + */ +static apr_uint64_t *qos_inc_block(conn_rec *connection, qos_srv_config *sconf, + qs_conn_ctx *cconf, apr_uint64_t *ip) { + conn_rec *c = connection; + if(sconf->qos_cc_block && + apr_table_get(sconf->setenvstatus_t, QS_CLOSE) && + !apr_table_get(c->notes, QS_BLOCK_SEEN)) { + apr_table_set(c->notes, QS_BLOCK_SEEN, ""); + *ip = cconf->ip6[0]; + ip++; + *ip = cconf->ip6[1]; + ip++; + } + return ip; +} + +#if APR_HAS_THREADS +/** + * Supervisior thread monitoring the bandith of registered connections. + * + * Connections are closed by a apr_socket_close/shutdown which must be + * detected by the thread processing the connection in order to + * de-register the connection and to terminate the pending request in + * order to free resources (thread). + * + * @param thread + * @param selfv Base server_rec + */ +static void *APR_THREAD_FUNC qos_req_rate_thread(apr_thread_t *thread, void *selfv) { + server_rec *bs = selfv; + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(bs->module_config, &qos_module); + // list of ip addr. for whose we shall inc. block count + apr_uint64_t *ips = calloc(sconf->max_clients * 2, APR_ALIGN_DEFAULT(sizeof(apr_uint64_t))); + while(!sconf->inctx_t->exit) { + apr_uint64_t *ip = ips; + int current_con = 0; + int req_rate = qos_req_rate_calc(sconf, ¤t_con); + apr_time_t now = apr_time_sec(apr_time_now()); + apr_time_t interval = now - sconf->qs_req_rate_tm; + int i; + apr_table_entry_t *entry; + // every second + apr_sleep(APR_USEC_PER_SEC); + if(sconf->inctx_t->exit) { + break; + } + apr_thread_mutex_lock(sconf->inctx_t->lock); /* @CRT21 */ + entry = (apr_table_entry_t *)apr_table_elts(sconf->inctx_t->table)->elts; + for(i = 0; i < apr_table_elts(sconf->inctx_t->table)->nelts; i++) { + qos_ifctx_t *inctx = (qos_ifctx_t *)entry[i].val; + if(inctx->status == QS_CONN_STATE_KEEP) { + /* enforce keep alive */ + apr_interval_time_t current_timeout = 0; + apr_socket_timeout_get(inctx->clientSocket, ¤t_timeout); + /* add 5sec tolerance to receive the request line + or let Apache close the connection */ + /* ignored by event MPM ! */ + if(!m_event_mpm && + (now > (apr_time_sec(current_timeout) + 5 + inctx->time))) { + qs_conn_ctx *cconf = qos_get_cconf(inctx->c); + int level = APLOG_ERR; + if(cconf) { + /* disabled by vip priv */ + if(cconf->is_vip && sconf->req_ignore_vip_rate != 1) { + level = APLOG_DEBUG; + cconf->has_lowrate = 1; /* mark connection low rate */ + } + /* disabled for this request/connection */ + if(inctx->disabled) { + level = APLOG_DEBUG; + cconf->has_lowrate = 1; /* mark connection low rate */ + } + /* enable only if min. num of connection reached */ + if(current_con < sconf->req_rate_start) { + level = APLOG_DEBUG; + cconf->has_lowrate = 1; /* mark connection low rate */ + } + ip = qos_inc_block(inctx->c, sconf, cconf, ip); + ap_log_error(APLOG_MARK, APLOG_NOERRNO|level, 0, inctx->c->base_server, + QOS_LOG_PFX(034)"%s," + " QS_SrvMinDataRate rule (enforce keep-alive)," + " c=%s", + (level == APLOG_DEBUG) || sconf->log_only ? + "log only (allowed)" + : "access denied", + QS_CONN_REMOTEIP(inctx->c) == NULL ? "-" : QS_CONN_REMOTEIP(inctx->c)); + QS_INC_EVENT_LOCKED(sconf, 34); + inctx->time = now; + inctx->nbytes = 0; + if((level == APLOG_ERR) && + !sconf->log_only) { + apr_socket_shutdown(inctx->clientSocket, APR_SHUTDOWN_READ); + } + /* mark slow clients (QS_ClientPrefer) even they are VIP */ + inctx->shutdown = 1; + } + //else { + // // HTTP/2 + //} + } + } else { + if(interval > inctx->time) { + int rate = inctx->nbytes / sconf->qs_req_rate_tm; + if(rate < req_rate) { + if(inctx->clientSocket) { + qs_conn_ctx *cconf = qos_get_cconf(inctx->c); + int level = APLOG_ERR; + int notUsed = 0; + if(cconf) { + /* disabled by vip priv */ + if(cconf->is_vip && sconf->req_ignore_vip_rate != 1) { + level = APLOG_DEBUG; + cconf->has_lowrate = 1; /* mark connection low rate */ + } + /* disabled for this request/connection */ + if(inctx->disabled) { + level = APLOG_DEBUG; + cconf->has_lowrate = 1; /* mark connection low rate */ + } + /* enable only if min. num of connection reached */ + if(current_con < sconf->req_rate_start) { + level = APLOG_DEBUG; + cconf->has_lowrate = 1; /* mark connection low rate */ + } + ip = qos_inc_block(inctx->c, sconf, cconf, ip); + if((inctx->hasBytes == 0) && + (inctx->c->keepalives == 0) && + (inctx->status == QS_CONN_STATE_HEAD)) { + // not even received the request line + notUsed = 1; + } + ap_log_error(APLOG_MARK, APLOG_NOERRNO|level, 0, inctx->c->base_server, + QOS_LOG_PFX(034)"%s, QS_SrvMinDataRate rule (%s%s): min=%d," + " this connection=%d," + " c=%s", + (level == APLOG_DEBUG) || sconf->log_only ? + "log only (allowed)" + : "access denied", + inctx->status == QS_CONN_STATE_RESPONSE ? "out" : "in", + notUsed ? ":0" : "", + req_rate, + rate, + QS_CONN_REMOTEIP(inctx->c) == NULL ? "-" : QS_CONN_REMOTEIP(inctx->c)); + QS_INC_EVENT_LOCKED(sconf, 34); + inctx->time = interval + sconf->qs_req_rate_tm; + inctx->nbytes = 0; + if((level == APLOG_ERR) && !sconf->log_only) { + if(inctx->status == QS_CONN_STATE_RESPONSE) { + apr_socket_shutdown(inctx->clientSocket, APR_SHUTDOWN_WRITE); + /* close out socket (the hard way) */ + apr_socket_close(inctx->clientSocket); + } else { + apr_socket_shutdown(inctx->clientSocket, APR_SHUTDOWN_READ); + } + } + /* mark slow clients (QS_ClientPrefer) even they are VIP */ + inctx->shutdown = 1; + } + } + //else { + // // HTTP/2 + //} + } else { + inctx->time = interval + sconf->qs_req_rate_tm; + inctx->nbytes = 0; + } + } + } + } + apr_thread_mutex_unlock(sconf->inctx_t->lock); /* @CRT21 */ + /* QS_Block for connection errors */ + while(ip != ips) { + qos_user_t *u = qos_get_user_conf(sconf->act->ppool); + qos_s_entry_t **clientEntry = NULL; + qos_s_entry_t searchE; + apr_global_mutex_lock(u->qos_cc->lock); /* @CRT38 */ + ip--; + searchE.ip6[1] = *ip; + ip--; + searchE.ip6[0] = *ip; + clientEntry = qos_cc_getOrSet(u->qos_cc, &searchE, 0); + + /* increment block event */ + if((*clientEntry)->block < USHRT_MAX) { + (*clientEntry)->block++; + } + if((*clientEntry)->block == 1) { + /* ... and start timer */ + (*clientEntry)->blockTime = apr_time_sec(apr_time_now()); + } + apr_global_mutex_unlock(u->qos_cc->lock); /* @CRT38 */ + } + } + // apr_thread_mutex_lock(sconf->inctx_t->lock); + // apr_thread_mutex_unlock(sconf->inctx_t->lock); + // called via apr_pool_cleanup_register(): + // apr_thread_mutex_destroy(sconf->inctx_t->lock); + free(ips); + if(m_threaded_mpm) { + apr_thread_exit(thread, APR_SUCCESS); + } + return NULL; +} + +/** + * Terminates the connection supervisor thread. + * (works for mpm_worker only) + * + * @param selfv The base server_rec + * @return APR_SUCCESS + */ +static apr_status_t qos_cleanup_req_rate_thread(void *selfv) { + server_rec *bs = selfv; + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(bs->module_config, &qos_module); + sconf->inctx_t->exit = 1; + /* may long up to one second */ + if(m_threaded_mpm) { + apr_status_t status; + apr_thread_join(&status, sconf->inctx_t->thread); + } + return APR_SUCCESS; +} +#endif + +/** + * Writes the query/body to the env variables which may be used + * for the qsfilter* audit log. + * + * @param r + * @param dconf + */ +static void qos_audit(request_rec *r, qos_dir_config *dconf) { + const char *q = NULL; + const char *u = apr_table_get(r->notes, QS_PARP_PATH); + if(dconf->bodyfilter_p == 1 || dconf->bodyfilter_d == 1) { + q = apr_table_get(r->notes, QS_PARP_QUERY); + } + if(u == NULL) { + if(r->parsed_uri.path) { + u = apr_pstrdup(r->pool, r->parsed_uri.path); + } else { + u = apr_pstrdup(r->pool, ""); + } + apr_table_setn(r->notes, apr_pstrdup(r->pool, QS_PARP_PATH), u); + } + if(q == NULL) { + if(r->parsed_uri.query) { + q = apr_pstrcat(r->pool, "?", r->parsed_uri.query, NULL); + } else { + q = apr_pstrdup(r->pool, ""); + } + apr_table_setn(r->notes, apr_pstrdup(r->pool, QS_PARP_QUERY), q); + } + apr_table_setn(r->notes, apr_pstrdup(r->pool, QS_PARP_LOC), dconf->path); + if(r->next) { + apr_table_setn(r->next->notes, apr_pstrdup(r->pool, QS_PARP_PATH), u); + apr_table_setn(r->next->notes, apr_pstrdup(r->pool, QS_PARP_QUERY), q); + apr_table_setn(r->next->notes, apr_pstrdup(r->pool, QS_PARP_LOC), dconf->path); + } +} + +/** + * Adds the configured (QS_Delay env var) delay to the request + * + * @param r + * @param sconf Do set log-only mode + */ +static void qos_delay(request_rec *r, qos_srv_config *sconf) { + const char *d = apr_table_get(r->subprocess_env, "QS_Delay"); + if(d) { + apr_off_t s; +#ifdef ap_http_scheme + /* Apache 2.2 */ + char *errp = NULL; + if((APR_SUCCESS == apr_strtoff(&s, d, &errp, 10)) && s > 0) +#else + if((s = apr_atoi64(d)) > 0) +#endif + { + qs_set_evmsg(r, "L;"); + if(!sconf->log_only) { + apr_sleep(s*1000); + } + } + } +} + +/** + * Enables mod_deflate + * QS_DeflateReqBody (if parp has been enabled) + * + * @param r + */ +static void qos_deflate(request_rec *r) { + if(apr_table_get(r->subprocess_env, "QS_DeflateReqBody") && + apr_table_get(r->subprocess_env, "parp")) { + ap_add_input_filter("DEFLATE", NULL, r, r->connection); + } +} + +/** + * Adjusts the content-length header + * + * @param r + */ +static void qos_deflate_contentlength(request_rec *r) { + if(apr_table_get(r->subprocess_env, "QS_DeflateReqBody") && + apr_table_get(r->subprocess_env, "parp")) { + const char *PARPContentLength = apr_table_get(r->subprocess_env, "PARPContentLength"); + const char *contentLength = apr_table_get(r->headers_in, "Content-Length"); + if(PARPContentLength && contentLength) { + apr_table_set(r->headers_in, "Content-Length", PARPContentLength); + } + } +} + +/** + * Verifies Apache and MPM version and writes error message (notice) + * for incompatibel version/type. + * + * Apache MPM worker binaries is the only configuration which + * has been fully tested (as mentioned in the documentation, see index.html). + * + * - old (2.0.x, 2.2.x) MPM Apache prefork versions do not unload the + * DSO properly or child exit may cause a segfault (pool cleanup) + * - regular expression are only fully supported with Apach 2.4 + * - Apache 2.4 should work (but is not fully tested) + * (see CHANGES.txt for more information) + * - Apache 2.0 does not support all directives (e.g. QS_ClientPrefer) and + * we do no longer test against this version (the module does probably + * not even compile with version 2.0) + * + */ +static void qos_version_check(server_rec *bs) { + ap_version_t version; + + if(strcasecmp(ap_show_mpm(), "event") == 0) { + ap_directive_t *pdir; + m_event_mpm = 1; // disable features like keep-alive control + for(pdir = ap_conftree; pdir != NULL; pdir = pdir->next) { + if(strcasecmp(pdir->directive, "AsyncRequestWorkerFactor") == 0) { + double val = 0; + char *endptr; + const char *arg = pdir->args; + if(arg == NULL) { + continue; + } + val = strtod(arg, &endptr); + if(*endptr) { + continue; + } + if(val < 0) { + continue; + } + m_event_mpm_worker_factor = val; + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, bs, + QOS_LOGD_PFX"found AsyncRequestWorkerFactor directive '%f'", + m_event_mpm_worker_factor); + } + } + } else if(strcasecmp(ap_show_mpm(), "worker") != 0) { + // mod_qos is fully tested for MPM worker (and "works" with event) + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, bs, + QOS_LOG_PFX(009)"loaded MPM is '%s'" + " but mod_qos should be used with MPM 'Worker' or 'Event' only.", + ap_show_mpm()); + } + + if(strcasecmp(ap_show_mpm(), "prefork") == 0) { + m_threaded_mpm = 0; // disable child cleanup (if neither worker nor event MPM) + } + + ap_get_server_revision(&version); + if(version.major == 2 && version.minor == 4 && version.patch == 49) { + // 2.4.49 compat: prevents Apache segfault on connection close + m_forced_close = 0; + } + + if(version.major != 2 || version.minor != 4) { + // 2.4 should work fine / older or newer versions are not tested + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, bs, + QOS_LOG_PFX(009)"server version is %d.%d" + " but mod_qos should be used with Apache 2.4 only.", + version.major, version.minor); + } +} + +/** + * enforces the QS_RedirectIf variable + * @param r + * @param sconf + * @param rules Rules array + * @return HTTP_MOVED_TEMPORARILY/HTTP_TEMPORARY_REDIRECT or DECLINED + */ +static int qos_redirectif(request_rec *r, qos_srv_config *sconf, + apr_array_header_t *rules) { + ap_regmatch_t regm[AP_MAX_REG_MATCH]; + int i; + qos_redirectif_entry_t *entries = (qos_redirectif_entry_t *)rules->elts; + for(i = 0; i < rules->nelts; ++i) { + qos_redirectif_entry_t *entry = &entries[i]; + const char *val = apr_table_get(r->subprocess_env, entry->name); + if(val) { + if(ap_regexec(entry->preg, val, AP_MAX_REG_MATCH, regm, 0) == 0) { + int severity = sconf->log_only ? APLOG_WARNING : APLOG_ERR; + char *replaced = ap_pregsub(r->pool, entry->url, val, AP_MAX_REG_MATCH, regm); + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|severity, 0, r, + QOS_LOG_PFX(049)"redirect to %s," + " var=%s," + " action=%s, c=%s, id=%s", + replaced, + entry->name, + sconf->log_only ? "log only" : "redirect", + QS_CONN_REMOTEIP(r->connection) == NULL ? "-" : + QS_CONN_REMOTEIP(r->connection), + qos_unique_id(r, "049")); + QS_INC_EVENT(sconf, 49); + if(!sconf->log_only) { + apr_table_set(r->headers_out, "Location", replaced); + return entry->code; + } + } + } + } + return DECLINED; +} + +static void qos_init_unique_id(apr_pool_t *p, server_rec *bs) { + char str[APRMAXHOSTLEN + 1]; + apr_sockaddr_t *sockaddr; + str[APRMAXHOSTLEN] = '\0'; + unsigned int in_addr = 0; + if(apr_gethostname(str, sizeof(str) - 1, p) == APR_SUCCESS) { + if(apr_sockaddr_info_get(&sockaddr, str, AF_INET, 0, 0, p) == APR_SUCCESS) { + in_addr = sockaddr->sa.sin.sin_addr.s_addr; + } + } + pid_t pid = getpid(); + m_unique_id.in_addr = pid^in_addr; + m_unique_id.unique_id_counter = time(NULL); +} + +/** + * propagates environment variables to sub-requests (for logging) + */ +static void qos_propagate_events(request_rec *r) { + request_rec *mr = NULL; + const char **var; + if(r->prev) { + mr = r->prev; + } else if(r->main) { + mr = r->main; + } else if(r->next) { + mr = r->next; + } + var = m_env_variables; + while(*var) { + int propagated = 0; + if(mr) { + const char *p = apr_table_get(mr->subprocess_env, *var); + if(p) { + propagated = 1; + apr_table_set(r->subprocess_env, *var, p); + } + if(!propagated) { + p = apr_table_get(r->subprocess_env, *var); + if(p) { + propagated = 1; + apr_table_set(mr->subprocess_env, *var, p); + } + } + } + var++; + } + if(r->prev) { + // internal redirect (e.g. error page) + int i; + int len = strlen(QS_LIMIT_NAME_PFX); + request_rec *mp = r->prev; + apr_table_entry_t *entry = (apr_table_entry_t *)apr_table_elts(mp->subprocess_env)->elts; + for(i = 0; i < apr_table_elts(mp->subprocess_env)->nelts; ++i) { + if(strncmp(entry[i].key, QS_LIMIT_NAME_PFX, len) == 0) { + const char *eventName = entry[i].val; + const char *name = apr_pstrcat(r->pool, eventName, QS_COUNTER_SUFFIX, NULL); + const char *value = apr_table_get(mp->subprocess_env, name); + if(value) { + apr_table_set(r->subprocess_env, name, value); + } + name = eventName; + value = apr_table_get(mp->subprocess_env, name); + if(value) { + apr_table_set(r->subprocess_env, name, value); + } + name = apr_pstrcat(r->pool, eventName, QS_LIMIT_REMAINING, NULL); + value = apr_table_get(mp->subprocess_env, name); + if(value) { + apr_table_set(r->subprocess_env, name, value); + } + name = apr_pstrcat(r->pool, eventName, QS_LIMIT_SEEN, NULL); + value = apr_table_get(mp->subprocess_env, name); + if(value) { + apr_table_set(r->subprocess_env, name, value); + } + } + } + } +} + +/** + * ensure that every request record has the error notes to log + */ +static void qos_propagate_notes(request_rec *r) { + request_rec *mr = NULL; + const char **var; + if(r->prev) { + mr = r->prev; + } else if(r->main) { + mr = r->main; + } else if(r->next) { + mr = r->next; + } + var = m_note_variables; + while(*var) { + int propagated = 0; + if(mr) { + const char *p = apr_table_get(mr->notes, *var); + if(p) { + propagated = 1; + apr_table_setn(r->notes, *var, p); + } + if(!propagated) { + p = apr_table_get(r->notes, *var); + if(p) { + propagated = 1; + apr_table_setn(mr->notes, *var, p); + } + } + } + var++; + } +} + + +/* QS_UnsetReqHeader */ +static void qos_unset_reqheader(request_rec *r, qos_srv_config *sconf) { + int i; + apr_table_entry_t *entry = (apr_table_entry_t *)apr_table_elts(sconf->unsetreqheader_t)->elts; + for(i = 0; i < apr_table_elts(sconf->unsetreqheader_t)->nelts; i++) { + apr_table_unset(r->headers_in, entry[i].key); + } + return; +} + +/* QS_UnsetResHeader */ +static void qos_unset_resheader(request_rec *r, qos_srv_config *sconf) { + int i; + apr_table_entry_t *entry = (apr_table_entry_t *)apr_table_elts(sconf->unsetresheader_t)->elts; + for(i = 0; i < apr_table_elts(sconf->unsetresheader_t)->nelts; i++) { + apr_table_unset(r->headers_out, entry[i].key); + apr_table_unset(r->err_headers_out, entry[i].key); + } + return; +} + +/************************************************************************ + * handlers + ***********************************************************************/ + +/** + * Destructor to handle connections which do not have been established + * successfully resp. have been closed unexpectedly. + * + * Increments block counter. + * + * @param p Connection base context + * @return APR_SUCCESS + */ +static apr_status_t qos_base_cleanup_conn(void *p) { + qs_conn_base_ctx *base = p; + if(base->sconf->has_qos_cc || base->sconf->qos_cc_prefer) { + int connRuleViolation = 0; + const char *type = QS_EMPTY_CON; + if(base->requests == 0 && + apr_table_get(base->sconf->setenvstatus_t, QS_EMPTY_CON) && + !apr_table_get(base->c->notes, QS_BLOCK_SEEN)) { + connRuleViolation = 1; + apr_table_set(base->c->notes, QS_BLOCK_SEEN, ""); + } + if(apr_table_get(base->c->notes, QS_BROKEN_CON)) { + connRuleViolation = 1; + type = QS_BROKEN_CON; + } + if(apr_table_get(base->c->notes, QS_MAXIP)) { + connRuleViolation = 1; + type = QS_MAXIP; + } + if(connRuleViolation) { + qos_user_t *u = qos_get_user_conf(base->sconf->act->ppool); + qos_s_entry_t **clientEntry = NULL; + qos_s_entry_t searchE; + qos_ip_str2long(QS_CONN_REMOTEIP(base->c), searchE.ip6); // no ip simulation here + apr_global_mutex_lock(u->qos_cc->lock); /* @CRT40 */ + clientEntry = qos_cc_getOrSet(u->qos_cc, &searchE, 0); + + /* increment block event */ + if((*clientEntry)->block < USHRT_MAX) { + (*clientEntry)->block++; + } + if((*clientEntry)->block == 1) { + /* ... and start timer */ + (*clientEntry)->blockTime = apr_time_sec(apr_time_now()); + } + apr_global_mutex_unlock(u->qos_cc->lock); /* @CRT40 */ + if(QS_ISDEBUG(base->c->base_server)) { + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, base->c->base_server, + QOS_LOGD_PFX"QS_ClientEventBlockCount rule: " + "%s event detected " + "c=%s", + type, + QS_CONN_REMOTEIP(base->c) == NULL ? "-" : QS_CONN_REMOTEIP(base->c)); + } + } + } + return APR_SUCCESS; +} + +/** + * Connection destructor. + * + * Updates per IP events and connection counter. + * + * @param p Connection context + * @return APR_SUCCESS + */ +static apr_status_t qos_cleanup_conn(void *p) { + qs_conn_ctx *cconf = p; + if(cconf->sconf->has_qos_cc || cconf->sconf->qos_cc_prefer) { + qos_user_t *u = qos_get_user_conf(cconf->sconf->act->ppool); + qos_s_entry_t **clientEntry = NULL; + qos_s_entry_t searchE; + searchE.ip6[0] = cconf->ip6[0]; + searchE.ip6[1] = cconf->ip6[1]; + apr_global_mutex_lock(u->qos_cc->lock); /* @CRT15 */ + // generation: check if it has been cleard for this process generation + if((m_generation != u->qos_cc->generation_locked) && u->qos_cc->connections > 0) { + u->qos_cc->connections--; + } + clientEntry = qos_cc_getOrSet(u->qos_cc, &searchE, 0); + if((*clientEntry)->events < UINT_MAX) { + (*clientEntry)->events++; // update event activity even there is no valid request (logger) + } + if(cconf->set_vip_by_header) { + (*clientEntry)->vip = 1; + } + if(cconf->has_lowrate) { + (*clientEntry)->lowrate = time(NULL); + (*clientEntry)->lowratestatus |= QOS_LOW_FLAG_PKGRATE; + } + apr_global_mutex_unlock(u->qos_cc->lock); /* @CRT15 */ + } + /* QS_SrvMaxConn or Geo */ + if(qos_count_connections(cconf->sconf)) { + apr_global_mutex_lock(cconf->sconf->act->lock); /* @CRT3 */ + if(cconf->sconf->act->conn && cconf->sconf->act->conn->connections > 0) { + cconf->sconf->act->conn->connections--; + } + apr_global_mutex_unlock(cconf->sconf->act->lock); /* @CRT3 */ + } + if(cconf->sconf->max_conn_per_ip != -1) { + qos_dec_ip(cconf); + } + return APR_SUCCESS; +} + +/** + * handler to close the connection in the case the abort + * by the pre-connect hook was ignored (Apache 2.4.28 Event MPM) + */ +static int qos_process_connection(conn_rec *connection) { +#if (AP_SERVER_MINORVERSION_NUMBER == 4) +#if (AP_SERVER_PATCHLEVEL_NUMBER > 17) + if(connection->master) { + // skip slave connections / process "real" connections only + return DECLINED; + } +#endif +#endif + if(connection->aborted == 1 && apr_table_get(connection->notes, QS_CONN_ABORT)) { + if(connection->cs) { + connection->cs->state = CONN_STATE_LINGER; + } + ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, 0, connection->base_server, + QOS_LOG_PFX(167)"closing connection at process connection hook, c=%s", + QS_CONN_REMOTEIP(connection) == NULL ? "-" : + QS_CONN_REMOTEIP(connection)); + + return HTTP_INTERNAL_SERVER_ERROR; + } + return DECLINED; +} + +/** + * Connection constructor. Rules that are applied to established connections. + * + * @param c + * @return + */ +static int qos_pre_process_connection(conn_rec *connection, void *skt) { + conn_rec *c = connection; + qs_conn_ctx *cconf; + int vip = 0; + apr_socket_t *socket = skt; + + if(c->sbh == NULL) { + // proxy connections do NOT have any relation to the score board, don't handle them + return DECLINED; + } + +#if (AP_SERVER_MINORVERSION_NUMBER == 4) +#if (AP_SERVER_PATCHLEVEL_NUMBER > 17) + if(connection->master) { + // skip slave connections / process "real" connections only + return DECLINED; + } +#endif +#endif + + cconf = qos_get_cconf(c); + if(cconf == NULL) { + int client_control = DECLINED; + int connections = 0; + int all_connections = 0; + int current = 0; + qs_ip_entry_t *conn_ip = NULL; + char *msg = NULL; + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(c->base_server->module_config, + &qos_module); + qos_user_t *u = qos_get_user_conf(sconf->act->ppool); + cconf = qos_create_cconf(c, sconf); + + /* control timeout */ + if(sconf->req_rate != -1) { + qos_timeout_pc(c, sconf); + } + + /* packet rate */ + if(sconf->qos_cc_prefer_limit) { + qos_pktrate_pc(c, sconf); + } + + /* evaluates client ip */ + qos_ip_str2long(QS_CONN_REMOTEIP(c), cconf->ip6); +#ifdef QS_INTERNAL_TEST + /* use one of the predefined ip addresses */ + if(cconf->sconf->enable_testip) { + char *testid = apr_psprintf(c->pool, "%d", rand()%(m_qs_sim_ip_len-1)); + const char *testip = apr_table_get(cconf->sconf->testip, testid); + qos_ip_str2long(testip, cconf->ip6); + } +#endif + + /* ------------------------------------------------------------ + * update data + */ + /* client control */ + client_control = qos_cc_pc_filter(c, cconf, u, &msg); + /* QS_SrvMaxConn: vhost connections or Geo */ + if(qos_count_connections(sconf)) { + apr_global_mutex_lock(cconf->sconf->act->lock); /* @CRT4 */ + if(cconf->sconf->act->conn) { + cconf->sconf->act->conn->connections++; + all_connections = qos_server_connections(sconf); + connections = cconf->sconf->act->conn->connections; + apr_table_set(c->notes, "QS_SrvConn", apr_psprintf(c->pool, "%d", connections)); + apr_table_set(c->notes, "QS_AllConn", apr_psprintf(c->pool, "%d", all_connections)); + } + apr_global_mutex_unlock(cconf->sconf->act->lock); /* @CRT4 */ + } + + /* single source ip */ + if(sconf->max_conn_per_ip != -1) { + current = qos_inc_ip(sconf, cconf, &conn_ip); + apr_table_set(c->notes, "QS_IPConn", apr_psprintf(c->pool, "%d", current)); + } + /* Check for vip (by ip) */ + vip = qos_is_excluded_ip(cconf->mc, sconf->exclude_ip); + if(vip == 0) { + // check if qos_cc_pc_filter() got vip status form the cc store + vip = cconf->is_vip; + } + if(vip) { + /* propagate vip to connection */ + cconf->is_vip = vip; + if(!cconf->evmsg || !strstr(cconf->evmsg, "S;")) { + cconf->evmsg = apr_pstrcat(c->pool, "S;", cconf->evmsg, NULL); + } + } + + /* ------------------------------------------------------------ + * enforce rules + */ + /* client control */ + if((client_control != DECLINED) && !vip) { + ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, c->base_server, + "%s", + msg == NULL ? "-" : msg); + if(!sconf->log_only) { + return qos_return_error_andclose(c, socket); + } + } + /* Geo */ + if(sconf->geodb) { + unsigned long ip = qos_geo_str2long(c->pool, QS_CONN_REMOTEIP(c)); + qos_geo_entry_t *pB = bsearch(&ip, + sconf->geodb->data, + sconf->geodb->size, + sizeof(qos_geo_entry_t), + qos_geo_comp); + if(pB) { + apr_table_set(c->notes, QS_COUNTRY, pB->country); + } + if(sconf->geo_limit != -1) { + if(all_connections >= sconf->geo_limit) { + if(sconf->geo_excludeUnknown == 1 && (pB == NULL || pB->country[0] == '\0')) { + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server, + QOS_LOGD_PFX"skip QS_ClientGeoCountryPriv enforcement" + " for client address %s which could not be mapped to country code", + QS_CONN_REMOTEIP(c) ? QS_CONN_REMOTEIP(c) : "UNKNOWN"); + } else if(pB == NULL || apr_table_get(sconf->geo_priv, pB->country) == NULL) { + ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, c->base_server, + QOS_LOG_PFX(101)"access denied%s," + " QS_ClientGeoCountryPriv rule: max=%d," + " concurrent connections=%d," + " c=%s" + " country=%s", + sconf->log_only ? " (log only)" : "", + sconf->geo_limit, + all_connections, + QS_CONN_REMOTEIP(c) == NULL ? "-" : QS_CONN_REMOTEIP(c), + pB != NULL ? pB->country : "--"); + QS_INC_EVENT(sconf, 101); + if(!sconf->log_only) { + return qos_return_error_andclose(c, socket); + } + } + } + } + } + /* QS_SrvMaxConn: vhost connections */ + if((sconf->max_conn != -1) && !vip) { + if(connections > sconf->max_conn) { + ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, c->base_server, + QOS_LOG_PFX(030)"access denied%s, QS_SrvMaxConn rule: max=%d," + " concurrent connections=%d," + " c=%s", + sconf->log_only ? " (log only)" : "", + sconf->max_conn, connections, + QS_CONN_REMOTEIP(c) == NULL ? "-" : QS_CONN_REMOTEIP(c)); + QS_INC_EVENT(sconf, 30); + if(!sconf->log_only) { + return qos_return_error_andclose(c, socket); + } + } + } + /* single source ip */ + if((sconf->max_conn_per_ip != -1) && (!vip || sconf->max_conn_per_ip_ignore_vip == 1)) { + if((current > sconf->max_conn_per_ip) && + (all_connections >= sconf->max_conn_per_ip_connections)) { + conn_ip->error++; + if(apr_table_get(sconf->setenvstatus_t, QS_MAXIP)) { + apr_table_set(c->notes, QS_MAXIP, "1"); + } + /* only print the first 20 messages for this client */ + QS_INC_EVENT(sconf, 31); + if(conn_ip->error <= QS_LOG_REPEAT) { + ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, c->base_server, + QOS_LOG_PFX(031)"access denied%s," + " QS_SrvMaxConnPerIP rule: max=%d," + " concurrent connections=%d," + " c=%s", + sconf->log_only ? " (log only)" : "", + sconf->max_conn_per_ip, current, + QS_CONN_REMOTEIP(c) == NULL ? "-" : QS_CONN_REMOTEIP(c)); + } else { + if((conn_ip->error % QS_LOG_REPEAT) == 0) { + ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, c->base_server, + QOS_LOG_PFX(031)"access denied%s," + " QS_SrvMaxConnPerIP rule: max=%d," + " concurrent connections=%d," + " message repeated %d times," + " c=%s", + sconf->log_only ? " (log only)" : "", + sconf->max_conn_per_ip, current, + QS_LOG_REPEAT, + QS_CONN_REMOTEIP(c) == NULL ? "-" : QS_CONN_REMOTEIP(c)); + } + } + if(!sconf->log_only) { + return qos_return_error_andclose(c, socket); + } + } else { + if(conn_ip) { + if(conn_ip->error > QS_LOG_REPEAT) { + ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, c->base_server, + QOS_LOG_PFX(031)"access denied (previously)," + " QS_SrvMaxConnPerIP rule: max=%d," + " concurrent connections=%d," + " message repeated %d times," + " c=%s", + sconf->max_conn_per_ip, current, + conn_ip->error % QS_LOG_REPEAT, + QS_CONN_REMOTEIP(c) == NULL ? "-" : QS_CONN_REMOTEIP(c)); + } + conn_ip->error = 0; + } + } + } + } + return DECLINED; +} + +/** + * Pre connection + * - constructs the connection ctx (stores socket ref) + * - enforces block counter (as early as possible) + */ +static int qos_pre_connection(conn_rec *connection, void *skt) { + conn_rec *c = connection; + int ret = DECLINED; + qos_srv_config *sconf; + qs_conn_base_ctx *base; + int excludeFromBlock; + + if(c->sbh == NULL) { + // proxy connections do NOT have any relation to the score board, don't handle them + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server, + QOS_LOGD_PFX"skip processing of outgoing/virtual connection %s<->%s", + QS_CONN_REMOTEIP(c) ? QS_CONN_REMOTEIP(c) : "UNKNOWN", + c->local_ip ? c->local_ip : "UNKNOWN"); + return ret; + } + +#if (AP_SERVER_MINORVERSION_NUMBER == 4) +#if (AP_SERVER_PATCHLEVEL_NUMBER > 17) + if(connection->master) { + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server, + QOS_LOGD_PFX"skip slave connection %s", + QS_CONN_REMOTEIP(c) ? QS_CONN_REMOTEIP(c) : "UNKNOWN"); + return ret; + } +#endif +#endif + + sconf = (qos_srv_config*)ap_get_module_config(c->base_server->module_config, &qos_module); + excludeFromBlock = qos_is_excluded_ip(c, sconf->cc_exclude_ip); + base = qos_get_conn_base_ctx(c); + if(base == NULL) { + base = qos_create_conn_base_ctx(c, sconf); + base->clientSocket = skt; + } + + if(sconf && (sconf->req_rate != -1)) { + qos_ifctx_t *inctx = qos_create_ifctx(c, sconf); + inctx->clientSocket = skt; + ap_add_input_filter("qos-in-filter", inctx, NULL, c); + } + + /* blocked by event (block only, no limit) - very aggressive */ + if(sconf->qos_cc_block && !excludeFromBlock) { + qos_user_t *u = qos_get_user_conf(sconf->act->ppool); + qos_s_entry_t **clientEntry = NULL; + qos_s_entry_t searchE; + qos_ip_str2long(QS_CONN_REMOTEIP(c), searchE.ip6); // no ip simulation here + apr_global_mutex_lock(u->qos_cc->lock); /* @CRT39 */ + clientEntry = qos_cc_getOrSet(u->qos_cc, &searchE, 0); + if((*clientEntry)->block >= sconf->qos_cc_block) { + apr_time_t now = time(NULL); + if(((*clientEntry)->blockTime + sconf->qos_cc_blockTime) > now) { + (*clientEntry)->blockMsg++;; + // stop logging every event if we have logged it many times + QS_INC_EVENT_LOCKED(sconf, 60); + if((*clientEntry)->blockMsg > QS_LOG_REPEAT) { + if(((*clientEntry)->blockMsg % QS_LOG_REPEAT) == 0) { + ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, c->base_server, + QOS_LOG_PFX(060)"access denied, " + "QS_ClientEventBlockCount rule: " + "max=%d, current=%hu, " + "message repeated %d times, " + "c=%s", + sconf->qos_cc_block, + (*clientEntry)->block, + QS_LOG_REPEAT, + QS_CONN_REMOTEIP(c) == NULL ? "-" : QS_CONN_REMOTEIP(c)); + } + } else { + ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, c->base_server, + QOS_LOG_PFX(060)"access denied, QS_ClientEventBlockCount rule: " + "max=%d, current=%hu, age=%"APR_TIME_T_FMT", c=%s", + sconf->qos_cc_block, + (*clientEntry)->block, + now - (*clientEntry)->blockTime, + QS_CONN_REMOTEIP(c) == NULL ? "-" : QS_CONN_REMOTEIP(c)); + } + if(!sconf->log_only) { + apr_table_set(c->notes, QS_BLOCK_SEEN, ""); // suppress NullConnection messages + c->keepalive = AP_CONN_CLOSE; + c->aborted = 1; + if(c->cs) { + c->cs->state = CONN_STATE_LINGER; + } + apr_table_set(c->notes, QS_CONN_ABORT, QS_CONN_ABORT); + if (m_forced_close == 0) { + ret = DECLINED; + } else { + ret = m_retcode; + } + } + } else { + /* release */ + if((*clientEntry)->blockMsg > QS_LOG_REPEAT) { + // write remaining log lines + ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, c->base_server, + QOS_LOG_PFX(060)"access denied (previously), QS_ClientEventBlockCount rule: " + "max=%d, current=%hu, " + "message repeated %d times, " + "c=%s", + sconf->qos_cc_block, + (*clientEntry)->block, + (*clientEntry)->blockMsg % QS_LOG_REPEAT, + QS_CONN_REMOTEIP(c) == NULL ? "-" : QS_CONN_REMOTEIP(c)); + (*clientEntry)->blockMsg = 0; + } + (*clientEntry)->block = 0; + (*clientEntry)->blockTime = 0; + } + } + apr_global_mutex_unlock(u->qos_cc->lock); /* @CRT39 */ + } + + return ret; +} + +/** + * Process user tracking cookie (QS_UserTrackingCookieName) + * + * @param r + * @return DECLINED or 302 + */ +static int qos_post_read_request_later(request_rec *r) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(r->server->module_config, + &qos_module); + char *value; + const char *ignore; + + if(sconf->log_env == 1) { + qos_log_env(r, ">PR_2"); + } + + if(!ap_is_initial_req(r) || !sconf->user_tracking_cookie) { + return DECLINED; + } + + value = qos_get_remove_cookie(r, sconf->user_tracking_cookie); + qos_get_create_user_tracking(r, sconf, value); + + if(!sconf->user_tracking_cookie_force) { + return DECLINED; + } + + if(qos_request_check(r, sconf) != APR_SUCCESS) { + return HTTP_BAD_REQUEST; + } + + if(strcmp("/favicon.ico", r->parsed_uri.path) == 0) { + return DECLINED; + } + + ignore = apr_table_get(r->subprocess_env, QOS_DISABLE_UTC_ENFORCEMENT); + if(ignore) { + return DECLINED; + } + if(strcmp(sconf->user_tracking_cookie_force, r->parsed_uri.path) == 0) { + /* access to check url */ + if(sconf->user_tracking_cookie_jsredirect == 1) { + apr_table_set(r->subprocess_env, "QS_UT_NAME", sconf->user_tracking_cookie); + apr_table_set(r->subprocess_env, "QS_UT_INITIAL_URI", "/"); + apr_table_set(r->subprocess_env, "QS_UT_QUERY", "qs=init"); + if(r->parsed_uri.query && strcmp(r->parsed_uri.query, "qs=init") == 0) { + apr_table_add(r->headers_out, "Cache-Control", "no-cache, no-store"); + qos_send_user_tracking_cookie(r, sconf, HTTP_OK); + return DECLINED; + } + if(r->parsed_uri.query && (strncmp(r->parsed_uri.query, "r=", 2) == 0)) { + char *redirect_page; + int buf_len = 0; + unsigned char *buf; + char *q = r->parsed_uri.query; + buf_len = qos_decrypt(r, sconf, &buf, &q[2]); + if(buf_len > 0) { + redirect_page = apr_psprintf(r->pool, "%.*s", + buf_len, buf); + apr_table_set(r->subprocess_env, "QS_UT_INITIAL_URI", redirect_page); + } + } + } + if(apr_table_get(r->subprocess_env, QOS_USER_TRACKING_NEW) == NULL) { + if(r->parsed_uri.query && (strncmp(r->parsed_uri.query, "r=", 2) == 0)) { + /* client has send a cookie, redirect to original url */ + int buf_len = 0; + unsigned char *buf; + char *q = r->parsed_uri.query; + buf_len = qos_decrypt(r, sconf, &buf, &q[2]); + if(buf_len > 0) { + char *redirect_page = apr_psprintf(r->pool, "%s%.*s", + qos_this_host(r), + buf_len, buf); + apr_table_set(r->headers_out, "Location", redirect_page); + return HTTP_MOVED_TEMPORARILY; + } + } + } /* else, "grant access" to the error page */ + /* but prevent page caching (the browser shall always access the + server when redireced to this url */ + apr_table_add(r->headers_out, "Cache-Control", "no-cache, no-store"); + } else if(apr_table_get(r->subprocess_env, QOS_USER_TRACKING_NEW) != NULL) { + if((r->method_number == M_GET || sconf->user_tracking_cookie_jsredirect == 1) && + (apr_table_get(r->subprocess_env, QOS_USER_TRACKING_RENEW) == NULL)) { + /* no valid cookie in request, redirect to check page */ + char *redirect_page = apr_pstrcat(r->pool, qos_this_host(r), + sconf->user_tracking_cookie_force, + "?r=", + qos_encrypt(r, sconf, + (unsigned char *)r->unparsed_uri, + strlen(r->unparsed_uri)), + NULL); + apr_table_set(r->headers_out, "Location", redirect_page); + if(sconf->user_tracking_cookie_jsredirect < 1) { + qos_send_user_tracking_cookie(r, sconf, HTTP_MOVED_TEMPORARILY); + } + return HTTP_MOVED_TEMPORARILY; + } + } + return DECLINED; +} + +/** + * All headers has been read. End/updates connection level filters and propagtes + * per connection events to the request_rec. + * + * @param r + * @return DECLINED + */ +static int qos_post_read_request(request_rec *r) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(r->server->module_config, + &qos_module); + qos_ifctx_t *inctx = NULL; + + /* propagate connection env vars to req, geo data and QS_SrvMaxConn */ + const char *country = apr_table_get(r->connection->notes, QS_COUNTRY); + const char *connections = apr_table_get(r->connection->notes, "QS_SrvConn"); + const char *all_connections = apr_table_get(r->connection->notes, "QS_AllConn"); + const char *fromCurrentIp = apr_table_get(r->connection->notes, "QS_IPConn"); + const char *connectionid = apr_table_get(r->connection->notes, QS_CONNID); + const char *lowPrioFlags = apr_table_get(r->connection->notes, "QS_ClientLowPrio"); + const char *isVipIP = apr_table_get(r->connection->notes, QS_ISVIPREQ); + + /* QS_UnsetReqHeader */ + qos_unset_reqheader(r, sconf); + + if(sconf->geodb) { + if(sconf->qos_cc_forwardedfor) { + // override country determined on a per connection basis + const char *forwardedfor = qos_forwardedfor_fromHeader(r, sconf->qos_cc_forwardedfor); + if(forwardedfor) { + unsigned long ip = qos_geo_str2long(r->pool, forwardedfor); + if(ip) { + qos_geo_entry_t *pB = bsearch(&ip, + sconf->geodb->data, + sconf->geodb->size, + sizeof(qos_geo_entry_t), + qos_geo_comp); + if(pB) { + country = apr_pstrdup(r->pool, pB->country); + } + } else { + if(apr_table_get(r->notes, "QOS_LOG_PFX069") == NULL) { + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, + QOS_LOG_PFX(069)"no valid IP header found (@prr):" + " invalid header value '%s', fallback to connection's IP %s, id=%s", + forwardedfor, + QS_CONN_REMOTEIP(r->connection) == NULL ? "-" : QS_CONN_REMOTEIP(r->connection), + qos_unique_id(r, "069")); + apr_table_set(r->notes, "QOS_LOG_PFX069", "log once"); + QS_INC_EVENT(sconf, 69); + } + } + } else { + if(apr_table_get(r->notes, "QOS_LOG_PFX069") == NULL) { + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, + QOS_LOG_PFX(069)"no valid IP header found (@prr):" + " header '%s' not available, fallback to connection's IP %s, id=%s", + sconf->qos_cc_forwardedfor, + QS_CONN_REMOTEIP(r->connection) == NULL ? "-" : QS_CONN_REMOTEIP(r->connection), + qos_unique_id(r, "069")); + apr_table_set(r->notes, "QOS_LOG_PFX069", "log once"); + QS_INC_EVENT(sconf, 69); + } + } + } + } + if(country) { + apr_table_set(r->subprocess_env, QS_COUNTRY, country); + } + if(connections) { + apr_table_set(r->subprocess_env, "QS_SrvConn", connections); + } + if(fromCurrentIp) { + apr_table_set(r->subprocess_env, "QS_IPConn", fromCurrentIp); + } + if(all_connections) { + apr_table_set(r->subprocess_env, "QS_AllConn", all_connections); + } + if(connectionid == NULL) { + connectionid = apr_psprintf(r->pool, "%"APR_TIME_T_FMT"%.2ld%.5"APR_PID_T_FMT, + r->request_time, + r->connection->id % 100, + getpid()); + apr_table_set(r->connection->notes, QS_CONNID, connectionid); + } + apr_table_set(r->subprocess_env, QS_CONNID, connectionid); + + if(!ap_is_initial_req(r)) { + // sub-request + qos_propagate_events(r); + } else { + qos_pr_event_limit(r, sconf); + } + + /* QS_ClientPrefer: propagate connection env vars to req */ + if(lowPrioFlags) { + apr_table_set(r->subprocess_env, "QS_ClientLowPrio", lowPrioFlags); + } + /* QS_IsVipRequest is set due VIP IP */ + if(isVipIP) { + apr_table_set(r->subprocess_env, QS_ISVIPREQ, isVipIP); + } + + if(sconf->log_env == 1) { + qos_log_env(r, ">PR_1"); + } + + if(qos_request_check(r, sconf) != APR_SUCCESS) { + return HTTP_BAD_REQUEST; + } + + if(!ap_is_initial_req(r)) { + // we are done for this request (e.g. error page) + return DECLINED; + } + + qos_parp_prr(r, sconf); + if(sconf && (sconf->req_rate != -1)) { + inctx = qos_get_ifctx(r->connection->input_filters); + if(inctx) { + const char *te = apr_table_get(r->headers_in, "Transfer-Encoding"); + inctx->r = r; + if(r->read_chunked || (te && (strcasecmp(te, "chunked") == 0))) { + ap_add_input_filter("qos-in-filter2", inctx, r, r->connection); + inctx->status = QS_CONN_STATE_CHUNKED; + } else { + const char *cl = apr_table_get(r->headers_in, "Content-Length"); + if(cl == NULL) { + inctx->status = QS_CONN_STATE_END; +#if APR_HAS_THREADS + if(!sconf->inctx_t->exit) { + apr_thread_mutex_lock(sconf->inctx_t->lock); /* @CRT26 */ + apr_table_unset(sconf->inctx_t->table, + QS_INCTX_ID); + apr_thread_mutex_unlock(sconf->inctx_t->lock); /* @CRT26 */ + } +#endif + } else { +#ifdef ap_http_scheme + /* Apache 2.2 */ + if(APR_SUCCESS == apr_strtoff(&inctx->cl_val, cl, NULL, 0)) +#else + if((inctx->cl_val = apr_atoi64(cl)) >= 0) +#endif + { + ap_add_input_filter("qos-in-filter2", inctx, r, r->connection); + inctx->status = QS_CONN_STATE_BODY; + } else { + /* header filter should block this request */ + } + } + } + } + } + return DECLINED; +} + +/** + * QS_LimitRequestBody, if content-length header is available. + * + * @param r + * @param sconf Either server or dir config is used (or env var) + * @param dconf Either server or dir config is used (or env var) + * @return HTTP_REQUEST_ENTITY_TOO_LARGE if not allowed + */ +static apr_status_t qos_limitrequestbody_ctl(request_rec *r, qos_srv_config *sconf, + qos_dir_config *dconf) { + apr_off_t maxpost = qos_maxpost(r, sconf, dconf); + if(maxpost != -1) { + const char *l = apr_table_get(r->headers_in, "Content-Length"); + if(l != NULL) { + apr_off_t s; +#ifdef ap_http_scheme + /* Apache 2.2 */ + char *errp = NULL; + if((APR_SUCCESS != apr_strtoff(&s, l, &errp, 10)) || (s < 0)) +#else + if(((s = apr_atoi64(l)) < 0) || (s < 0)) +#endif + { + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, + QOS_LOG_PFX(044)"access denied%s, QS_LimitRequestBody:" + " invalid content-length header, c=%s, id=%s", + sconf->log_only ? " (log only)" : "", + QS_CONN_REMOTEIP(r->connection) == NULL ? "-" : QS_CONN_REMOTEIP(r->connection), + qos_unique_id(r, "044")); + QS_INC_EVENT(sconf, 44); + return HTTP_REQUEST_ENTITY_TOO_LARGE; + } + if(s > maxpost) { + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, + QOS_LOG_PFX(044)"access denied%s, QS_LimitRequestBody:" + " max=%"APR_OFF_T_FMT" this=%"APR_OFF_T_FMT", c=%s, id=%s", + sconf->log_only ? " (log only)" : "", + maxpost, s, + QS_CONN_REMOTEIP(r->connection) == NULL ? "-" : QS_CONN_REMOTEIP(r->connection), + qos_unique_id(r, "044")); + QS_INC_EVENT(sconf, 44); + return HTTP_REQUEST_ENTITY_TOO_LARGE; + } + } else { + int read_chunked = 0; + if(r->read_chunked) { + read_chunked = 1; + } else { + // Apache 2.4 + const char *tenc = apr_table_get(r->headers_in, "Transfer-Encoding"); + if(tenc && strcasecmp(tenc, "chunked") == 0) { + read_chunked = 1; + } + } + if(ap_is_initial_req(r) && read_chunked) { + ap_add_input_filter("qos-in-filter3", NULL, r, r->connection); + } + } + } + return APR_SUCCESS; +} + +/** + * Header parser (executed after mod_setenvif but before mod_parp). + * Implements content-length based request body size limit and activates + * content-length adijustmen for compressed request body. + * + * @param r + * @return + */ +static int qos_header_parser1(request_rec * r) { + if(ap_is_initial_req(r)) { + apr_status_t rv; + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(r->server->module_config, + &qos_module); + qos_dir_config *dconf = (qos_dir_config*)ap_get_module_config(r->per_dir_config, + &qos_module); + + if(sconf->log_env == 1) { + qos_log_env(r, ">HP_2"); + } + + qos_deflate(r); + + /** QS_LimitRequestBody */ + rv = qos_limitrequestbody_ctl(r, sconf, dconf); + if(rv != APR_SUCCESS) { + int rc; + const char *error_page = sconf->error_page; + qs_set_evmsg(r, "D;"); + if(!sconf->log_only) { + rc = qos_error_response(r, error_page); + if((rc == DONE) || (rc == HTTP_MOVED_TEMPORARILY)) { + return rc; + } + return rv; + } + } + } + return DECLINED; +} + +/** + * Header parser (executed before mod_setenvif or mod_parp). + * Enables mod_parp if request body processing (filter) has been enabled + * and implements the request header filter. + * + * @param r + * @return + */ +static int qos_header_parser0(request_rec * r) { + if(ap_is_initial_req(r)) { + int rc = DECLINED; + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(r->server->module_config, + &qos_module); + qos_dir_config *dconf = (qos_dir_config*)ap_get_module_config(r->per_dir_config, + &qos_module); + + if(sconf->log_env == 1) { + qos_log_env(r, ">HP_1"); + } + + /* + * QS_DenyBody requires mod_parp + */ + if(dconf && (dconf->bodyfilter_p == 1 || dconf->bodyfilter_d == 1)) { + qos_enable_parp(r); + } + + /* + * QS_RequestHeaderFilter enforcement + */ + rc = qos_hp_header_filter(r, sconf, dconf); + if(rc != DECLINED) { + return rc; + } + + } + return DECLINED; +} + +/** + * Header parser implements restrictions on a per location (url) basis. + * + * @param r + * @return + */ +static int qos_header_parser(request_rec * r) { + /* apply rules only to main request (avoid filtering of error documents) */ + if(ap_is_initial_req(r)) { + char *msg = NULL; + char *uid = NULL; + int req_per_sec_block = 0; + apr_off_t kbytes_per_sec_limit = 0; + qs_acentry_t *event_kbytes_per_sec = NULL; + int status; + const char *tmostr = NULL; + qs_acentry_t *actEntry = NULL; + qs_acentry_t *actEntryCond = NULL; + qs_acentry_t *actEntryMain = NULL; // either e or e_cond (used for locking) + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(r->server->module_config, + &qos_module); + qos_dir_config *dconf = (qos_dir_config*)ap_get_module_config(r->per_dir_config, + &qos_module); + qs_req_ctx *rctx = NULL; + const char *error_page = sconf->error_page; + + if(sconf->log_env == 1) { + qos_log_env(r, ">HP_3"); + } + + qos_deflate_contentlength(r); + + /* QS_SetEnvIfResBody */ + if(dconf && dconf->response_pattern) { + ap_add_output_filter("qos-out-filter-body", NULL, r, r->connection); + } + + /* enable broken connection detection (connection abort by client) */ + if(apr_table_get(sconf->setenvstatus_t, QS_BROKEN_CON)) { + ap_add_output_filter("qos-out-filter-brokencon", NULL, r, r->connection); + } + + /* + * QS_Permit* / QS_Deny* enforcement (but not QS_DenyEvent) + */ + status = qos_hp_filter(r, sconf, dconf); + /* prepare audit log */ + if(m_enable_audit && dconf) { + qos_audit(r, dconf); + } + if(status != DECLINED) { + return status; + } + + /* + * Dynamic keep alive + */ + if(!sconf->log_only) { + qos_keepalive(r, sconf); + } + + /* + * VIP control + */ + if(sconf->header_name || sconf->vip_user) { + rctx = qos_rctx_config_get(r); + rctx->is_vip = qos_is_vip(r, sconf); + if(rctx->is_vip) { + qs_conn_ctx *cconf = qos_get_cconf(r->connection); + if(cconf) { + cconf->is_vip = 1; + } + } + } + + /* + * additional variables + */ + if(apr_table_elts(sconf->setenvifparp_t)->nelts > 0) { + qos_parp_hp(r, sconf); + } + if((apr_table_elts(sconf->setenvifparpbody_t)->nelts > 0) && qos_parp_body_data_fn) { + qos_parp_hp_body(r, sconf); + } + if(r->parsed_uri.query) { + qos_setenvifquery(r, sconf, dconf); + } + if(sconf->setenvif_t->nelts > 0) { + qos_setenvif(r, sconf->setenvif_t); + } + if(dconf->setenvif_t->nelts > 0) { + qos_setenvif(r, dconf->setenvif_t); + } + if(apr_table_elts(sconf->setenv_t)->nelts > 0) { + qos_setenv(r, sconf); + } + if(apr_table_elts(sconf->setreqheader_t)->nelts > 0) { + qos_setreqheader(r, sconf->setreqheader_t); + } + tmostr = apr_table_get(r->subprocess_env, QS_TIMEOUT); + if(tmostr) { + apr_interval_time_t timeout = apr_time_from_sec(atoi(tmostr)); + if(timeout > 0) { + qs_conn_base_ctx *bctx = qos_get_conn_base_ctx(r->connection); + if(bctx && bctx->clientSocket) { + if(QS_ISDEBUG(r->server)) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + QOS_LOGD_PFX"set connection timeout to %s seconds, id=%s", + tmostr, qos_unique_id(r, NULL)); + } + apr_socket_timeout_set(bctx->clientSocket, timeout); + } + } + } + + /* + * QS_DenyEvent + */ + if(apr_table_elts(dconf->rfilter_table)->nelts > 0) { + status = qos_hp_event_deny_filter(r, sconf, dconf); + if(status != DECLINED) { + return status; + } + } + + /* + * QS_EventLimitCount + */ + if(sconf->event_limit_a->nelts > 0) { + status = qos_hp_event_limit(r, sconf); + if(status != DECLINED) { + return status; + } + } + + /* + * QS_EventRequestLimit + */ + if(sconf->has_event_filter) { + status = qos_hp_event_filter(r, sconf); + if(status != DECLINED) { + return status; + } + } + + /* + * QS_EventPerSecLimit/QS_EventKBytesPerSecLimit + */ + if(sconf->has_event_limit) { + event_kbytes_per_sec = qos_hp_event_count(r, &req_per_sec_block, &kbytes_per_sec_limit); + } + + /* + * QS_SetEnvIfCmp + */ + qos_setenvifcmp(r, dconf->setenvcmp); + + /* + * QS_ClientEventRequestLimit + */ + if(sconf->qos_cc_event_req >= 0) { + status = qos_hp_cc_event_count(r, sconf, rctx); + if(status != DECLINED) { + return status; + } + } + + /* + * QS_ClientSerialize + */ + if(sconf->qos_cc_serialize && apr_table_get(r->subprocess_env, QS_SERIALIZE)) { + qos_hp_cc_serialize(r, sconf, rctx); + } + + /* + * QS_SrvSerialize + */ + if((sconf->serialize == 1) && apr_table_get(r->subprocess_env, QS_SRVSERIALIZE)) { + qos_hp_srv_serialize(r, sconf, rctx); + } + + /* + * client control + */ + if(qos_hp_cc(r, sconf, &msg, &uid) != DECLINED) { + int rc; + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, + "%s, id=%s", msg == NULL ? "-" : msg, + qos_unique_id(r, uid)); + qs_set_evmsg(r, "D;"); + if(!sconf->log_only) { + rc = qos_error_response(r, error_page); + if((rc == DONE) || (rc == HTTP_MOVED_TEMPORARILY)) { + return rc; + } + return m_retcode; + } + } + + /* + * Request level control + * get rule with conditional enforcement + */ + actEntryCond = qos_getcondrule_byregex(r, sconf); + /* 1st prio has "Match" rule */ + actEntry = qos_getrule_byregex(r, sconf); + /* 2th prio has "URL" rule */ + if(!actEntry) actEntry = qos_getrule_bylocation(r, sconf); + if(actEntry) { + actEntryMain = actEntry; + } else if(actEntryCond) { + actEntryMain = actEntryCond; + } + + if(!rctx) { + rctx = qos_rctx_config_get(r); + } + // optimistic locking (write only) + if(actEntryMain) { + rctx->entry_cond = actEntryCond; + rctx->entry = actEntry; + + apr_global_mutex_lock(actEntryMain->lock); /* @CRT5 */ + + if(actEntryCond) { + actEntryCond->counter++; + } + + if(actEntry) { + actEntry->counter++; + if(actEntry->req_per_sec_block_rate > req_per_sec_block) { + /* update req_per_sec_block if event restriction has returned worse block rate */ + req_per_sec_block = actEntry->req_per_sec_block_rate; + } + } + + apr_global_mutex_unlock(actEntryMain->lock); /* @CRT5 */ + + } + + if(actEntry) { + /* + * QS_LocRequestLimitMatch/QS_LocRequestLimit/QS_LocRequestLimitDefault enforcement + */ + if(actEntry->limit && (actEntry->counter > actEntry->limit)) { + /* vip session has no limitation */ + if(rctx->is_vip) { + qs_set_evmsg(r, "S;"); + } else { + /* std user */ + int rc; + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, + QOS_LOG_PFX(010)"access denied%s, QS_LocRequestLimit* rule: %s(%d)," + " concurrent requests=%d," + " c=%s, id=%s", + sconf->log_only ? " (log only)" : "", + actEntry->url, actEntry->limit, actEntry->counter, + QS_CONN_REMOTEIP(r->connection) == NULL ? "-" : QS_CONN_REMOTEIP(r->connection), + qos_unique_id(r, "010")); + QS_INC_EVENT(sconf, 10); + qs_set_evmsg(r, "D;"); + // request has already been blocked, don't cont this request for req/sec violations! + apr_table_set(r->notes, QS_R010_ALREADY_BLOCKED, ""); + if(!sconf->log_only) { + rc = qos_error_response(r, error_page); + if((rc == DONE) || (rc == HTTP_MOVED_TEMPORARILY)) { + return rc; + } + return m_retcode; + } + } + } + /* + * QS_LocRequestPerSecLimit/QS_EventPerSecLimit enforcement + */ + if(req_per_sec_block) { + if(rctx->is_vip) { + qs_set_evmsg(r, "S;"); + } else { + qs_set_evmsg(r, "L;"); + if(!sconf->log_only) { + apr_sleep(req_per_sec_block*1000); + } + /* don't wait more than once */ + req_per_sec_block = 0; + } + } + + /* + * QS_LocKBytesPerSecLimit selection + */ + if(actEntry->kbytes_per_sec_limit) { + if(kbytes_per_sec_limit) { + if(actEntry->kbytes_per_sec_limit < kbytes_per_sec_limit) { + // this is lower than the event limitation + kbytes_per_sec_limit = actEntry->kbytes_per_sec_limit; + event_kbytes_per_sec = actEntry; + } + } else { + kbytes_per_sec_limit = actEntry->kbytes_per_sec_limit; + event_kbytes_per_sec = actEntry; + } + } + } + + /* + * QS_EventKBytesPerSecLimit or QS_LocKBytesPerSecLimit enforcement + */ + if(kbytes_per_sec_limit) { + if(rctx->is_vip) { + qs_set_evmsg(r, "S;"); + } else { + qos_delay_ctx_t *dctx = apr_pcalloc(r->pool, sizeof(qos_delay_ctx_t)); + dctx->rctx = rctx; + dctx->entry = event_kbytes_per_sec; + if(!sconf->log_only) { + ap_add_output_filter("qos-out-filter-delay", dctx, r, r->connection); + } + } + } + + if(actEntryCond) { + /* + * QS_CondLocRequestLimitMatch + */ + if(actEntryCond->limit && (actEntryCond->counter > actEntryCond->limit)) { + /* check condition */ + const char *condition = apr_table_get(r->subprocess_env, QS_COND); + if(condition) { + if(ap_regexec(actEntryCond->condition, condition, 0, NULL, 0) == 0) { + /* vip session has no limitation */ + if(rctx->is_vip) { + qs_set_evmsg(r, "S;"); + } else { + /* std user */ + int rc; + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, + QOS_LOG_PFX(011)"access denied, QS_CondLocRequestLimitMatch" + " rule: %s(%d)," + " concurrent requests=%d," + " c=%s, id=%s", + actEntryCond->url, actEntryCond->limit, actEntryCond->counter, + QS_CONN_REMOTEIP(r->connection) == NULL ? "-" : QS_CONN_REMOTEIP(r->connection), + qos_unique_id(r, "011")); + QS_INC_EVENT(sconf, 11); + qs_set_evmsg(r, "D;"); + if(!sconf->log_only) { + rc = qos_error_response(r, error_page); + if((rc == DONE) || (rc == HTTP_MOVED_TEMPORARILY)) { + return rc; + } + return m_retcode; + } + } + } + } + } + } + + /* + * QS_EventPerSecLimit + */ + if(req_per_sec_block) { + qs_set_evmsg(r, "L;"); + if(!sconf->log_only) { + apr_sleep(req_per_sec_block*1000); + } + } + + /* + * QS_Delay + */ + qos_delay(r, sconf); + + } + return DECLINED; +} + +/** + * QS_LimitRequestBody + * Input filter limiting request body size for chunked encoded requests. + * + * @param f + * @param bb + * @param mode + * @param block + * @param nbytes + * @return + */ +static apr_status_t qos_in_filter3(ap_filter_t *f, apr_bucket_brigade *bb, + ap_input_mode_t mode, apr_read_type_e block, + apr_off_t nbytes) { + apr_status_t rv = ap_get_brigade(f->next, bb, mode, block, nbytes); + request_rec *r = f->r; + + qos_srv_config *sconf = ap_get_module_config(r->server->module_config, &qos_module); + qos_dir_config *dconf = ap_get_module_config(r->per_dir_config, &qos_module); + apr_off_t maxpost = qos_maxpost(r, sconf, dconf); + + if(rv != APR_SUCCESS) { + return rv; + } + + if(maxpost != -1) { + apr_size_t bytes = 0; + apr_bucket *b; + qs_req_ctx *rctx = qos_rctx_config_get(r); + for(b = APR_BRIGADE_FIRST(bb); b != APR_BRIGADE_SENTINEL(bb); b = APR_BUCKET_NEXT(b)) { + bytes = bytes + b->length; + } + rctx->maxpostcount += bytes; + if(rctx->maxpostcount > maxpost) { + int rc; + const char *error_page = sconf->error_page; + qs_req_ctx *rctx = qos_rctx_config_get(r); + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, + QOS_LOG_PFX(044)"access denied%s, QS_LimitRequestBody:" + " max=%"APR_OFF_T_FMT" this=%"APR_OFF_T_FMT", c=%s, id=%s", + sconf->log_only ? " (log only)" : "", + maxpost, rctx->maxpostcount, + QS_CONN_REMOTEIP(r->connection) == NULL ? "-" : QS_CONN_REMOTEIP(r->connection), + qos_unique_id(r, "044")); + QS_INC_EVENT(sconf, 44); + qs_set_evmsg(r, "D;"); + if(!sconf->log_only) { + rc = qos_error_response(r, error_page); + if((rc == DONE) || (rc == HTTP_MOVED_TEMPORARILY)) { + return rc; + } + return HTTP_REQUEST_ENTITY_TOO_LARGE; + } + } + } + return APR_SUCCESS; +} + +/** + * Input filter removes connection from sconf->inctx_t->table + * when reading EOS. + * + * @param f + * @param bb + * @param mode + * @param block + * @param nbytes + * @return + */ +static apr_status_t qos_in_filter2(ap_filter_t *f, apr_bucket_brigade *bb, + ap_input_mode_t mode, apr_read_type_e block, + apr_off_t nbytes) { + qos_ifctx_t *inctx = f->ctx; + apr_status_t rv = ap_get_brigade(f->next, bb, mode, block, nbytes); + if((rv == APR_SUCCESS) && APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(bb))) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(inctx->c->base_server->module_config, + &qos_module); + ap_remove_input_filter(f); +#if APR_HAS_THREADS + if(!sconf->inctx_t->exit) { + apr_thread_mutex_lock(sconf->inctx_t->lock); /* @CRT28 */ + apr_table_unset(sconf->inctx_t->table, + QS_INCTX_ID); + apr_thread_mutex_unlock(sconf->inctx_t->lock); /* @CRT28 */ + } +#endif + } + return rv; +} + +/** + * Input filter, used to log timeout event, mark slow clients, + * and to calculate packet rate. + * + * Adds/removes the connection from the sconf->inctx_t->table + * dapending of the request state (read head/body, keepalive, ...). + * + * @param f + * @param bb + * @param mode + * @param block + * @param nbytes + * @return + */ +static apr_status_t qos_in_filter(ap_filter_t *f, apr_bucket_brigade *bb, + ap_input_mode_t mode, apr_read_type_e block, + apr_off_t nbytes) { + apr_status_t rv; + qos_ifctx_t *inctx = f->ctx; + apr_size_t bytes = 0; + int crs = inctx->status; + rv = ap_get_brigade(f->next, bb, mode, block, nbytes); + if(rv == APR_SUCCESS) { + if(inctx->lowrate != -1) { + bytes = qos_packet_rate(inctx, bb); + } + } + if(inctx->status == QS_CONN_STATE_KEEP) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(inctx->c->base_server->module_config, + &qos_module); + inctx->time = time(NULL); + inctx->nbytes = 0; + inctx->status = QS_CONN_STATE_HEAD; +#if APR_HAS_THREADS + if(sconf->inctx_t && !sconf->inctx_t->exit && sconf->min_rate_off == 0) { + apr_thread_mutex_lock(sconf->inctx_t->lock); /* @CRT23 */ + apr_table_setn(sconf->inctx_t->table, + QS_INCTX_ID, + (char *)inctx); + apr_thread_mutex_unlock(sconf->inctx_t->lock); /* @CRT23 */ + } +#endif + } + if(rv != APR_SUCCESS) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(inctx->c->base_server->module_config, + &qos_module); + inctx->status = QS_CONN_STATE_END; + inctx->time = 0; + inctx->nbytes = 0; +#if APR_HAS_THREADS + if(sconf->inctx_t && !sconf->inctx_t->exit) { + apr_thread_mutex_lock(sconf->inctx_t->lock); /* @CRT24 */ + apr_table_unset(sconf->inctx_t->table, + QS_INCTX_ID); + apr_thread_mutex_unlock(sconf->inctx_t->lock); /* @CRT24 */ + } +#endif + } + if(inctx->status > QS_CONN_STATE_NEW) { + if(rv == APR_SUCCESS) { + if(bytes == 0) { + apr_bucket *b; + for(b = APR_BRIGADE_FIRST(bb); b != APR_BRIGADE_SENTINEL(bb); b = APR_BUCKET_NEXT(b)) { + bytes = bytes + b->length; + } + } + inctx->nbytes = inctx->nbytes + bytes; + inctx->hasBytes = inctx->nbytes; + if(inctx->status == QS_CONN_STATE_BODY) { + if(inctx->cl_val >= bytes) { + inctx->cl_val = inctx->cl_val - bytes; + } + if(inctx->cl_val == 0) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(inctx->c->base_server->module_config, + &qos_module); +#if APR_HAS_THREADS + if(!sconf->inctx_t->exit) { + apr_thread_mutex_lock(sconf->inctx_t->lock); /* @CRT27 */ + apr_table_unset(sconf->inctx_t->table, + QS_INCTX_ID); + apr_thread_mutex_unlock(sconf->inctx_t->lock); /* @CRT27 */ + } +#endif + } + } + } + if((rv == APR_TIMEUP) && + (crs != QS_CONN_STATE_END) && + (crs != QS_CONN_STATE_KEEP)) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(inctx->c->base_server->module_config, + &qos_module); + /* mark clients causing a timeout */ + if(sconf && sconf->has_qos_cc) { + qos_user_t *u = qos_get_user_conf(sconf->act->ppool); + qos_s_entry_t **clientEntry = NULL; + qos_s_entry_t searchE; + request_rec *r = f->r; + apr_global_mutex_lock(u->qos_cc->lock); /* @CRT18 */ + qos_ip_str2long(QS_CONN_REMOTEIP(inctx->c), searchE.ip6); + clientEntry = qos_cc_getOrSet(u->qos_cc, &searchE, 0); + (*clientEntry)->lowrate = time(NULL); + (*clientEntry)->lowratestatus |= QOS_LOW_FLAG_TIMEOUT; + if(r) { + qs_set_evmsg(r, "r;"); + } + apr_global_mutex_unlock(u->qos_cc->lock); /* @CRT18 */ + } + inctx->lowrate = QS_PKT_RATE_TH + 1; + } + } + return rv; +} + +/** + * BrokenConnection + */ +static apr_status_t qos_out_filter_brokencon(ap_filter_t *f, apr_bucket_brigade *bb) { + apr_status_t rc = ap_pass_brigade(f->next, bb); + if(rc == APR_ECONNABORTED || rc == APR_EPIPE) { + // client closed the connection (abort or broken pipe) + request_rec *r = f->r; + qs_set_evmsg(r, "A;"); + apr_table_set(r->connection->notes, QS_BROKEN_CON, ""); + } + return rc; +} + +/** + * QS_SetEnvIfResBody + * + * Searches the response body for the pattern defined by the QS_SetEnvIfResBody + * directive (supports only one search pattern (literal string)). + * + * @param f + * @param bb + * @return + */ +static apr_status_t qos_out_filter_body(ap_filter_t *f, apr_bucket_brigade *bb) { + request_rec *r = f->r; + qos_dir_config *dconf = ap_get_module_config(r->per_dir_config, &qos_module); + qs_req_ctx *rctx; + int len; + apr_bucket *b; + + if((dconf == NULL) || (dconf->response_pattern == NULL)) { + // not used + ap_remove_output_filter(f); + return ap_pass_brigade(f->next, bb); + } + + rctx = qos_rctx_config_get(r); + len = dconf->response_pattern_len; + + if((apr_table_get(r->subprocess_env, "QS_SetEnvIfResBodyIgnore") != NULL) && + rctx->body_window == NULL) { + // skip this response (disabled and nothing processed yet) + ap_remove_output_filter(f); + return ap_pass_brigade(f->next, bb); + } + + for(b = APR_BRIGADE_FIRST(bb); b != APR_BRIGADE_SENTINEL(bb); b = APR_BUCKET_NEXT(b)) { + if(APR_BUCKET_IS_EOS(b)) { + /* If we ever see an EOS, make sure to FLUSH. */ + apr_bucket *flush = apr_bucket_flush_create(f->c->bucket_alloc); + APR_BUCKET_INSERT_BEFORE(b, flush); + } + if(!(APR_BUCKET_IS_METADATA(b))) { + const char *buf; + apr_size_t nbytes; + if(apr_bucket_read(b, &buf, &nbytes, APR_BLOCK_READ) == APR_SUCCESS) { + if(nbytes > 0) { + int blen = nbytes > len ? len : nbytes - 1; + /* 1. overlap: this buffer avoids that we miss a string if it is cut apart + within two buckets + e.g., [Logi][n Page] instead of [Login Page] when searching for "Login Page" */ + if(rctx->body_window == NULL) { + // first call, create a window buffer + rctx->body_window = apr_pcalloc(r->pool, (len*2)+1); + rctx->body_window[0] = '\0'; + } else { + // subsequent call, searches within the window too + int wlen = strlen(rctx->body_window); + strncpy(&rctx->body_window[wlen], buf, blen); + rctx->body_window[wlen+blen+1] = '\0'; + if(strstr(rctx->body_window, dconf->response_pattern)) { + /* found pattern */ + if(dconf->response_pattern_var[0] == '!') { + apr_table_unset(r->subprocess_env, &dconf->response_pattern_var[1]); + } else { + apr_table_set(r->subprocess_env, dconf->response_pattern_var, dconf->response_pattern); + } + ap_remove_output_filter(f); + } + } + /* 2. new buffer (don't want to copy the data) */ + if(qos_strnstr(buf, dconf->response_pattern, nbytes)) { + /* found pattern */ + if(dconf->response_pattern_var[0] == '!') { + apr_table_unset(r->subprocess_env, &dconf->response_pattern_var[1]); + } else { + apr_table_set(r->subprocess_env, dconf->response_pattern_var, dconf->response_pattern); + } + ap_remove_output_filter(f); + } + /* 3. store the end (for next loop) */ + strncpy(rctx->body_window, &buf[nbytes - blen], blen); + rctx->body_window[blen] = '\0'; + } + } + } + } + return ap_pass_brigade(f->next, bb); +} + +/** + * Helper used by qos_out_filter_delay() to calculate/update + * the delay rate. Shall be called for every bucket we are + * sending to the client. + * @param request_time Time this request has started + * @param entry Rule entry to update / measure + * @param length Bytes we are going to transfer + * @return Wait time in microsseconds + */ +static apr_off_t qos_calc_kbytes_per_sec_wait_time(apr_time_t request_time, + qs_acentry_t *entry, + apr_off_t length) { + apr_off_t kbps_wait_time; + apr_global_mutex_lock(entry->lock); /* @CRT43 */ + kbps_wait_time = entry->kbytes_per_sec_block_rate; + if(((entry->bytes / 1024) > entry->kbytes_per_sec_limit) || + (request_time > (entry->kbytes_interval_us + APR_USEC_PER_SEC))) { + /* transferred more than the limit/sec OR + it's long time ago since we last updated the rate + => check within which time we did */ + apr_time_t now = apr_time_now(); + apr_time_t duration = now - entry->kbytes_interval_us; + apr_off_t kbs; + if(duration == 0) { + duration = 1; + } + kbs = entry->bytes * 1000 / duration; + entry->kbytes_per_sec = (entry->kbytes_per_sec + kbs) / 2; + if(duration > APR_USEC_PER_SEC) { + // lower than the defined kbytes/sec rate + if(kbps_wait_time > 0) { + // reduce wait time + apr_off_t newtime = kbps_wait_time * kbs / entry->kbytes_per_sec_limit; + // PI like closed-loop control + kbps_wait_time = (kbps_wait_time + newtime) / 2; + } + } else { + // higher than the defined kbytes/sec rate + if(kbps_wait_time == 0) { + kbps_wait_time = 1000; // start with 1 ms + } else { + // increase wait time + apr_off_t newtime = kbps_wait_time * kbs / entry->kbytes_per_sec_limit; + // PI like closed-loop control + kbps_wait_time = (kbps_wait_time + newtime) / 2; + } + } + if(kbps_wait_time > QS_MAX_DELAY) { + kbps_wait_time = QS_MAX_DELAY; + } + entry->kbytes_interval_us = now; + entry->bytes = 0; + } + entry->bytes = entry->bytes + length; + entry->kbytes_per_sec_block_rate = kbps_wait_time; + apr_global_mutex_unlock(entry->lock); /* @CRT43 */ + return kbps_wait_time; +} + +/** + * Output filter adds response delay. + * + * @param f + * @param bb + * @return + */ +static apr_status_t qos_out_filter_delay(ap_filter_t *f, apr_bucket_brigade *bb) { + qos_delay_ctx_t *dctx = f->ctx; + qs_acentry_t *entry = dctx->entry; + request_rec *r = f->r; + if(entry) { + apr_off_t length; + if(apr_brigade_length(bb, 1, &length) == APR_SUCCESS) { + if(length > 0) { + if(length > APR_BUCKET_BUFF_SIZE) { + // split (no proxy) + while(!APR_BRIGADE_EMPTY(bb)) { + apr_bucket *b, *first, *next; + apr_bucket_brigade *tmp_bb; + apr_status_t rv; + apr_off_t kbps_wait_time; + rv = apr_brigade_partition(bb, APR_BUCKET_BUFF_SIZE, &next); + if(rv != APR_SUCCESS && rv != APR_INCOMPLETE) { + return rv; + } + if(rv == APR_INCOMPLETE) { /* no split needed */ + break; + } + first = APR_BRIGADE_FIRST(bb); + APR_BUCKET_REMOVE(first); + kbps_wait_time = qos_calc_kbytes_per_sec_wait_time(r->request_time, + entry, first->length); + if(kbps_wait_time > 0) { + dctx->rctx->response_delayed = (1 + dctx->rctx->response_delayed + kbps_wait_time) / 2; + apr_sleep(kbps_wait_time); + } + tmp_bb = apr_brigade_create(f->r->pool, f->c->bucket_alloc); + APR_BRIGADE_INSERT_TAIL(tmp_bb, first); + b = apr_bucket_flush_create(f->c->bucket_alloc); + APR_BRIGADE_INSERT_TAIL(tmp_bb, b); + rv = ap_pass_brigade(f->next, tmp_bb); + if(rv != APR_SUCCESS) { + return rv; + } + } + } else { + // sleep once every 8k + apr_off_t kbps_wait_time = qos_calc_kbytes_per_sec_wait_time(r->request_time, + entry, length); + if(length < APR_BUCKET_BUFF_SIZE) { + // be fair with very small responses + kbps_wait_time = kbps_wait_time * length / APR_BUCKET_BUFF_SIZE; + } + if(kbps_wait_time > 0) { + dctx->rctx->response_delayed = (1 + dctx->rctx->response_delayed + kbps_wait_time) / 2; + apr_sleep(kbps_wait_time); + } + } + } + } + } + return ap_pass_brigade(f->next, bb); +} + +/** + * Out filter measuring the minimal download bandwidth. + * + * @param f + * @param bb + * @return + */ +static apr_status_t qos_out_filter_min(ap_filter_t *f, apr_bucket_brigade *bb) { + request_rec *r = f->r; + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(r->server->module_config, &qos_module); + qos_ifctx_t *inctx = qos_get_ifctx(r->connection->input_filters); + if(APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(bb))) { +#if APR_HAS_THREADS + if(!sconf->inctx_t->exit) { + apr_thread_mutex_lock(sconf->inctx_t->lock); /* @CRT30 */ + apr_table_unset(sconf->inctx_t->table, + QS_INCTX_ID); + apr_thread_mutex_unlock(sconf->inctx_t->lock); /* @CRT30 */ + } +#endif + inctx->status = QS_CONN_STATE_END; + ap_remove_output_filter(f); + } else { + apr_size_t total = 0; + apr_bucket *b; + for(b = APR_BRIGADE_FIRST(bb); b != APR_BRIGADE_SENTINEL(bb); b = APR_BUCKET_NEXT(b)) { + total = total + b->length; + } + inctx->nbytes = inctx->nbytes + total; + } + return ap_pass_brigade(f->next, bb); +} + +/** + * Merges two rule tables. Entries whose key/name begin with a "+" are added + * while those with a "-" prefix are removed. + * + * @param p Pool to allocate new table from. + * @param b_rfilter_table Base rule table (parent) + * @param o_rfilter_table Over rule table (child) + * @return Merged table + */ +apr_table_t *qos_table_merge_create(apr_pool_t *p, apr_table_t *b_rfilter_table, + apr_table_t *o_rfilter_table) { + int i; + apr_table_t *rfilter_table = apr_table_make(p, apr_table_elts(b_rfilter_table)->nelts + + apr_table_elts(o_rfilter_table)->nelts); + apr_table_entry_t *entry = (apr_table_entry_t *)apr_table_elts(b_rfilter_table)->elts; + // add additional (+) entries from the base/parent table + for(i = 0; i < apr_table_elts(b_rfilter_table)->nelts; ++i) { + if(entry[i].key[0] == '+') { + apr_table_setn(rfilter_table, entry[i].key, entry[i].val); + } + } + // add additional (+) entries from the over/child table + entry = (apr_table_entry_t *)apr_table_elts(o_rfilter_table)->elts; + for(i = 0; i < apr_table_elts(o_rfilter_table)->nelts; ++i) { + if(entry[i].key[0] == '+') { + apr_table_setn(rfilter_table, entry[i].key, entry[i].val); + } + } + // remove the "-" entries + for(i = 0; i < apr_table_elts(o_rfilter_table)->nelts; ++i) { + if(entry[i].key[0] == '-') { + char *id = apr_psprintf(p, "+%s", &entry[i].key[1]); + apr_table_unset(rfilter_table, id); + } + } + return rfilter_table; +} + +/* QS_SrvMinDataRateOffEvent */ +#if APR_HAS_THREADS +static void qos_disable_rate(request_rec *r, qos_srv_config *sconf, + qos_dir_config *dconf) { + if(dconf && sconf && (sconf->req_rate != -1) && (sconf->min_rate != -1)) { + apr_table_t *disable_reqrate_events = dconf->disable_reqrate_events; + if(apr_table_elts(sconf->disable_reqrate_events)->nelts > 0) { + disable_reqrate_events = qos_table_merge_create(r->pool, sconf->disable_reqrate_events, + dconf->disable_reqrate_events); + } + if(apr_table_elts(disable_reqrate_events)->nelts > 0) { + qos_ifctx_t *inctx = qos_get_ifctx(r->connection->input_filters); + if(inctx) { + apr_table_entry_t *entry = (apr_table_entry_t *)apr_table_elts(disable_reqrate_events)->elts; + int i; + for(i = 0; i < apr_table_elts(disable_reqrate_events)->nelts; i++) { + char *v = entry[i].key; + if(apr_table_get(r->subprocess_env, &v[1])) { + inctx->disabled = 1; + break; + } + } + } + } + } +} +#endif + +static void qos_start_res_rate(request_rec *r, qos_srv_config *sconf) { + if(sconf && (sconf->req_rate != -1) && (sconf->min_rate != -1)) { + qos_ifctx_t *inctx = qos_get_ifctx(r->connection->input_filters); + if(inctx) { + inctx->status = QS_CONN_STATE_RESPONSE; + inctx->time = time(NULL); + inctx->nbytes = 0; +#if APR_HAS_THREADS + if(sconf->inctx_t && !sconf->inctx_t->exit && sconf->min_rate_off == 0) { + apr_thread_mutex_lock(sconf->inctx_t->lock); /* @CRT29 */ + apr_table_setn(sconf->inctx_t->table, + QS_INCTX_ID, + (char *)inctx); + apr_thread_mutex_unlock(sconf->inctx_t->lock); /* @CRT29 */ + } + ap_add_output_filter("qos-out-filter-min", NULL, r, r->connection); +#endif + } + } +} + +/* QS_SET_DSCP */ +static void qos_set_dscp(request_rec *r) { + const char *dscpStr = apr_table_get(r->subprocess_env, QS_SET_DSCP); + if(dscpStr) { +#ifdef __unix__ + qs_conn_base_ctx *base = qos_get_conn_base_ctx(r->connection); + int rc = -2; + int hasSocket = 0; + if(base!=NULL && base->clientSocket!=NULL) { + apr_socket_t *sock = base->clientSocket; + int fd; + int dscp = atoi(dscpStr); + hasSocket = 1; + apr_os_sock_get(&fd, sock); + if(dscp >= 0 && dscp < 64) { + int tos = dscp << 2; + if(QS_ISDEBUG(r->server)) { + int n = 0; + const char *d = "unknown"; + while(m_dscp_desc[n].id >= 0) { + if(m_dscp_desc[n].id == dscp) { + d = m_dscp_desc[n].name; + } + n++; + } + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + QOS_LOGD_PFX"%s=%s, tos=0x%02x, dscp=0x%02x (%s), id=%s", + QS_SET_DSCP, dscpStr, tos, dscp, d, qos_unique_id(r, NULL)); + } + rc = setsockopt(fd, + IPPROTO_IP, IP_TOS, + &tos, sizeof(tos)); + } + } + if(rc != 0) { + ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, + QOS_LOG_PFX(038)"DSCP, failed to set socket options, " + QS_SET_DSCP"=%s, socket=%s, rc=%d, id=%s", + dscpStr, + hasSocket ? "yes" : "no", + rc, + qos_unique_id(r, "038")); + } +#else + ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, + QOS_LOG_PFX(038)QS_SET_DSCP" is not available for this platform"); +#endif + } +} + +static void qos_end_res_rate(request_rec *r, qos_srv_config *sconf) { + if((sconf->req_rate != -1) && (sconf->min_rate != -1)) { + qos_ifctx_t *inctx = qos_get_ifctx(r->connection->input_filters); + if(inctx) { + inctx->time = time(NULL); + inctx->nbytes = 0; + if(r->connection->keepalive == AP_CONN_CLOSE) { + if(!sconf->inctx_t->exit) { +#if APR_HAS_THREADS + apr_thread_mutex_lock(sconf->inctx_t->lock); /* @CRT30 */ +#endif + inctx->status = QS_CONN_STATE_END; +#if APR_HAS_THREADS + apr_table_unset(sconf->inctx_t->table, + QS_INCTX_ID); + apr_thread_mutex_unlock(sconf->inctx_t->lock); /* @CRT30 */ +#endif + } + } else { + if(!sconf->inctx_t->exit) { +#if APR_HAS_THREADS + apr_thread_mutex_lock(sconf->inctx_t->lock); /* @CRT30 */ +#endif + if(inctx->status != QS_CONN_STATE_DESTROY) { + inctx->status = QS_CONN_STATE_KEEP; +#if APR_HAS_THREADS + apr_table_setn(sconf->inctx_t->table, + QS_INCTX_ID, (char *)inctx); +#endif + } +#if APR_HAS_THREADS + apr_thread_mutex_unlock(sconf->inctx_t->lock); /* @CRT30 */ +#endif + } + } + } + } +} + +/** + * process response: + * - start min data measure + * - setenvif header + * - detects vip header and create session + * - header filter + */ +static apr_status_t qos_out_filter(ap_filter_t *f, apr_bucket_brigade *bb) { + request_rec *r = f->r; + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(r->server->module_config, &qos_module); + qos_dir_config *dconf = ap_get_module_config(r->per_dir_config, &qos_module); + qs_headerfilter_mode_e mode; + + qos_start_res_rate(r, sconf); + qos_setenvstatus(r, sconf, dconf); + qos_setenvresheader(r, sconf); + qos_setenvres(r, sconf); + if(sconf->user_tracking_cookie) { + if((sconf->user_tracking_cookie_jsredirect < 1) || + (apr_table_get(r->subprocess_env, QOS_USER_TRACKING_RENEW) != NULL)) { + qos_send_user_tracking_cookie(r, sconf, r->status); + } + } + if(sconf->milestones) { + qos_update_milestone(r, sconf); + } + if(sconf->ip_header_name) { + const char *ctrl_h = apr_table_get(r->headers_out, sconf->ip_header_name); + if(ctrl_h) { + int match = 1; + if(sconf->ip_header_name_regex) { + if(ap_regexec(sconf->ip_header_name_regex, ctrl_h, 0, NULL, 0) != 0) { + match = 0; + } + } + if(match) { + qs_conn_ctx *cconf = qos_get_cconf(r->connection); + if(cconf) { + qs_set_evmsg(r, "v;"); + cconf->is_vip = 1; + cconf->set_vip_by_header = 1; + apr_table_set(r->subprocess_env, QS_ISVIPREQ, "yes"); + } + } + if(sconf->ip_header_name_drop) { + apr_table_unset(r->headers_out, sconf->ip_header_name); + } + } + } + if(sconf->header_name) { + /* got a vip header: create new session (if non exists) */ + const char *ctrl_h = apr_table_get(r->headers_out, sconf->header_name); + if(ctrl_h && !apr_table_get(r->notes, QS_REC_COOKIE)) { + int match = 1; + if(sconf->header_name_regex) { + if(ap_regexec(sconf->header_name_regex, ctrl_h, 0, NULL, 0) != 0) { + match = 0; + } + } + if(match) { + qs_conn_ctx *cconf = qos_get_cconf(r->connection); + qos_set_session(r, sconf); + if(cconf) { + qs_set_evmsg(r, "v;"); + cconf->is_vip = 1; + cconf->set_vip_by_header = 1; + apr_table_set(r->subprocess_env, QS_ISVIPREQ, "yes"); + } + apr_table_set(r->notes, QS_REC_COOKIE, ""); + } + if(sconf->header_name_drop) { + apr_table_unset(r->headers_out, sconf->header_name); + } + } + } + if(sconf->vip_user && r->user) { + if(!apr_table_get(r->notes, QS_REC_COOKIE)) { + qs_conn_ctx *cconf = qos_get_cconf(r->connection); + qos_set_session(r, sconf); + if(cconf) { + qs_set_evmsg(r, "v;"); + cconf->is_vip = 1; + cconf->set_vip_by_header = 1; + apr_table_set(r->subprocess_env, QS_ISVIPREQ, "yes"); + } + apr_table_set(r->notes, QS_REC_COOKIE, ""); + } + } + if(sconf->vip_ip_user && r->user) { + qs_conn_ctx *cconf = qos_get_cconf(r->connection); + if(cconf) { + qs_set_evmsg(r, "v;"); + cconf->is_vip = 1; + cconf->set_vip_by_header = 1; + apr_table_set(r->subprocess_env, QS_ISVIPREQ, "yes"); + } + } + qos_unset_resheader(r, sconf); + /* don't handle response status since response header filter use "drop" action only */ + mode = sconf->resheaderfilter; + if(dconf->resheaderfilter > QS_HEADERFILTER_OFF_DEFAULT) { + // override server configuration + mode = dconf->resheaderfilter; + } + if(mode > QS_HEADERFILTER_OFF) { + qos_header_filter(r, sconf, r->headers_out, "response", + sconf->reshfilter_table, mode); + } + qos_set_dscp(r); + qos_keepalive(r, sconf); + if(sconf->max_conn_close != -1) { + if(sconf->act->conn->connections > sconf->max_conn_close) { + qs_set_evmsg(r, "K;"); + r->connection->keepalive = AP_CONN_CLOSE; + } + } + /* disable request rate for certain connections */ +#if APR_HAS_THREADS + qos_disable_rate(r, sconf, dconf); +#endif + ap_remove_output_filter(f); + return ap_pass_brigade(f->next, bb); +} + +static apr_status_t qos_out_err_filter(ap_filter_t *f, apr_bucket_brigade *bb) { + request_rec *r = f->r; + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(r->server->module_config, &qos_module); + + if(sconf) { + qos_dir_config *dconf = ap_get_module_config(r->per_dir_config, &qos_module); + qos_setenvstatus(r, sconf, dconf); + qos_setenvresheader(r, sconf); + qos_setenvres(r, sconf); + if(sconf->milestones) { + qos_update_milestone(r, sconf); + } + } + + ap_remove_output_filter(f); + return ap_pass_brigade(f->next, bb); +} + +/** + * QS_SrvSerialize + */ +static void qos_logger_serialize(qos_srv_config *sconf, qs_req_ctx *rctx) { + if(rctx->srv_serialize_set) { + apr_global_mutex_lock(sconf->act->lock); /* @CRT45 */ + sconf->act->serialize->locked = 0; + apr_global_mutex_unlock(sconf->act->lock); /* @CRT45 */ + } +} + +/** + * QS_EventRequestLimit + * reset event counter + */ +static void qos_event_reset(qos_srv_config *sconf, qs_req_ctx *rctx) { + int i; + apr_table_entry_t *entry; + apr_global_mutex_lock(sconf->act->lock); /* @CRT32 */ + entry = (apr_table_entry_t *)apr_table_elts(rctx->event_entries)->elts; + for(i = 0; i < apr_table_elts(rctx->event_entries)->nelts; i++) { + qs_acentry_t *e = (qs_acentry_t *)entry[i].val; + if(e->counter > 0) { + e->counter--; + } + } + apr_global_mutex_unlock(sconf->act->lock); /* @CRT32 */ +} + +static int qos_fixup(request_rec * r) { + int rc = 0; + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(r->server->module_config, + &qos_module); + qos_dir_config *dconf = (qos_dir_config*)ap_get_module_config(r->per_dir_config, + &qos_module); + /* QS_VipUser/QS_VipIpUser */ + if(sconf && (sconf->vip_user || sconf->vip_ip_user) && r->user) { + /* check r->user early (final status is update is implemented in output-filter) */ + qs_conn_ctx *cconf = qos_get_cconf(r->connection); + if(cconf) { + qs_set_evmsg(r, "v;"); + cconf->is_vip = 1; + cconf->set_vip_by_header = 1; + apr_table_set(r->subprocess_env, QS_ISVIPREQ, "yes"); + } + } + + if(sconf->log_env == 1) { + qos_log_env(r, ">FX_1"); + } + +#if APR_HAS_THREADS + qos_disable_rate(r, sconf, dconf); +#endif + + if(apr_table_elts(sconf->setreqheaderlate_t)->nelts > 0) { + qos_setreqheader(r, sconf->setreqheaderlate_t); + } + + rc = qos_redirectif(r, sconf, sconf->redirectif); + if(rc != DECLINED) { + return rc; + } + rc = qos_redirectif(r, sconf, dconf->redirectif); + if(rc != DECLINED) { + return rc; + } + + return DECLINED; +} + +/** + * "free resources" and update stats + */ +static int qos_logger(request_rec *r) { + qs_req_ctx *rctx = qos_rctx_config_get(r); + qs_acentry_t *actEntry = rctx->entry; + qs_acentry_t *actEntryCond = rctx->entry_cond; + qs_acentry_t *actEntryMain = actEntry; + qs_conn_base_ctx *base = qos_get_conn_base_ctx(r->connection); + qs_conn_ctx *cconf = qos_get_cconf(r->connection); + apr_time_t now = 0; + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(r->server->module_config, &qos_module); + qos_dir_config *dconf = ap_get_module_config(r->per_dir_config, &qos_module); + if(actEntryMain == NULL) { + actEntryMain = actEntryCond; + } + if(rctx->response_delayed) { + qs_set_evmsg(r, "L;"); + apr_table_set(r->subprocess_env, QS_RESDELYATIME, + apr_psprintf(r->pool, "%"APR_OFF_T_FMT, rctx->response_delayed)); + } + qos_propagate_notes(r); + qos_propagate_events(r); + if(sconf->log_env == 1) { + qos_log_env(r, "<LG_1"); + } + qos_end_res_rate(r, sconf); + if(sconf->setenvif_t->nelts > 0) { + qos_setenvif(r, sconf->setenvif_t); + } + if(dconf->setenvif_t->nelts > 0) { + qos_setenvif(r, dconf->setenvif_t); + } + if(sconf->has_qos_cc) { + qos_logger_cc(r, sconf, rctx); + } + qos_logger_event_limit(r, sconf); + if(base) { + base->requests++; + } + if(cconf) { + if(cconf->evmsg) { + rctx->evmsg = apr_pstrcat(r->pool, cconf->evmsg, rctx->evmsg, NULL); + } + } + if(sconf->has_event_filter) { + qos_event_reset(sconf, rctx); + } + if(sconf->serialize == 1) { + qos_logger_serialize(sconf, rctx); + } + if(sconf->has_event_limit) { + qos_lg_event_update(r, &now); + } + if(actEntryMain) { + char *h; + if(!now) { + now = apr_time_sec(r->request_time); + } + apr_global_mutex_lock(actEntryMain->lock); /* @CRT6 */ + h = apr_psprintf(r->pool, "%d", actEntryMain->counter); + if(actEntryCond) { + if(actEntryCond->counter > 0) { + actEntryCond->counter--; + } + } + if(actEntry) { + if(actEntry->counter > 0) { + actEntry->counter--; + } + if(apr_table_get(r->notes, QS_R010_ALREADY_BLOCKED) == NULL) { + if(actEntry->req < LONG_MAX) { + actEntry->req++; + } + if(now > (actEntry->interval + QS_BW_SAMPLING_RATE)) { + actEntry->req_per_sec = actEntry->req / (now - actEntry->interval); + actEntry->req = 0; + actEntry->interval = now; + if(actEntry->req_per_sec_limit) { + qos_cal_req_sec(sconf, r, actEntry); + } + } + } + } + apr_global_mutex_unlock(actEntryMain->lock); /* @CRT6 */ + /* allow logging of the current location usage */ + apr_table_set(r->subprocess_env, "mod_qos_cr", h); + if(r->next) { + apr_table_set(r->next->subprocess_env, "mod_qos_cr", h); + } + /* decrement only once */ + ap_set_module_config(r->request_config, &qos_module, NULL); + } + if(cconf && (cconf->sconf->max_conn != -1)) { + char *cc = apr_psprintf(r->pool, "%d", cconf->sconf->act->conn->connections); + apr_table_set(r->subprocess_env, "mod_qos_con", cc); + if(r->next) { + apr_table_set(r->next->subprocess_env, "mod_qos_con", cc); + } + } + if(rctx->evmsg) { + apr_table_set(r->subprocess_env, "mod_qos_ev", rctx->evmsg); + if(r->next) { + apr_table_set(r->next->subprocess_env, "mod_qos_ev", rctx->evmsg); + } + } +#if APR_HAS_THREADS + qos_disable_rate(r, sconf, dconf); +#endif + + if(sconf->qslog_p) { + // ISBiDUkEQaC equiv %h %>s %B %{Content-Length}i %D %{mod_qos_user_id}e %k %{Event}e %{mod_qos_ev}e %{QS_AllConn}e '%v:%U' + apr_size_t nbytes; + const char *clID = apr_table_get(r->subprocess_env, QSLOG_CLID); // client identifier (individual users) + const char *event = apr_table_get(r->subprocess_env, QSLOG_EVENT); // generic event variable + const char *mod_qos_ev = apr_table_get(r->subprocess_env, "mod_qos_ev"); // qos events + const char *averageConn = apr_table_get(r->subprocess_env, QSLOG_AVERAGE); // average counter, e.g. connections + // TODO: measure the real traffic instead of using the (optional) content-length header + const char *contentLength = apr_table_get(r->headers_in, "Content-Length"); + char *qslogstr = apr_psprintf(r->pool, "%s %s %s %s %s %s %d %s %s %s '%s:%s'\n", + QS_CONN_REMOTEIP(r->connection), /* %h */ + (r->status <= 0) ? "-" : apr_itoa(r->pool, r->status), /* %s */ + (!r->sent_bodyct || !r->bytes_sent) ? "0" : apr_off_t_toa(r->pool, r->bytes_sent), /* %B */ + contentLength == NULL ? "-" : contentLength, /* %{content-length} */ + apr_psprintf(r->pool, "%" APR_TIME_T_FMT, (apr_time_now() - r->request_time)), /* %D */ + clID == NULL ? "-" : clID, /* %{mod_qos_user_id}e */ + r->connection->keepalives ? r->connection->keepalives - 1 : 0, /* %k */ + event == NULL ? "-" : event, /* %{Event}e */ + mod_qos_ev == NULL ? "-" : mod_qos_ev, /* %{mod_qos_ev}e */ + averageConn == NULL ? "- " : averageConn, /* %{QS_AllConn}e */ + ap_escape_logitem(r->pool, ap_get_server_name(r)), /* %v */ + ap_escape_logitem(r->pool, r->uri) /* %U */ + ); + nbytes = strlen(qslogstr); + apr_file_write(sconf->qslog_p, qslogstr, &nbytes); + } + + return DECLINED; +} + +static void qos_audit_check(ap_directive_t * node) { + ap_directive_t *pdir; + for(pdir = node; pdir != NULL; pdir = pdir->next) { + if(pdir->args && + strstr(pdir->args, "%{"QS_PARP_PATH"}n") && + strstr(pdir->args, "%{"QS_PARP_QUERY"}n")) { + m_enable_audit = 1; + } + if(pdir->first_child != NULL) { + qos_audit_check(pdir->first_child); + } + } +} + +static int qos_module_check(const char *m) { + module *modp = NULL; + for(modp = ap_top_module; modp; modp = modp->next) { + if(strcmp(modp->name, m) == 0) { + return APR_SUCCESS; + } + } + return DECLINED; +} + +/** + * inits each child + */ +static void qos_child_init(apr_pool_t *p, server_rec *bs) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(bs->module_config, &qos_module); + qos_user_t *u = qos_get_user_conf(sconf->act->ppool); + qos_ifctx_list_t *inctx_t = NULL; +#ifdef QS_INTERNAL_TEST +#ifdef PREFORK_MPM + int seed = getpid() + time(NULL); +#if APR_HAS_THREADS + seed += apr_os_thread_current(); +#endif + srand(seed); +#endif +#endif + qos_init_unique_id(p, bs); +#if APR_HAS_THREADS + if(sconf->req_rate != -1) { + inctx_t = apr_pcalloc(p, sizeof(qos_ifctx_list_t)); + inctx_t->exit = 0; + inctx_t->table = apr_table_make(p, 64); + sconf->inctx_t = inctx_t; + if(apr_thread_mutex_create(&sconf->inctx_t->lock, APR_THREAD_MUTEX_DEFAULT, p) != APR_SUCCESS) { + qos_disable_req_rate(bs, "create mutex"); + } else { + apr_threadattr_t *tattr; + if(apr_threadattr_create(&tattr, p) != APR_SUCCESS) { + qos_disable_req_rate(bs, "create thread attr"); + } else { + if(apr_thread_create(&sconf->inctx_t->thread, tattr, + qos_req_rate_thread, bs, p) != APR_SUCCESS) { + qos_disable_req_rate(bs, "create thread"); + } else { + server_rec *sn = bs->next; + apr_pool_pre_cleanup_register(p, bs, qos_cleanup_req_rate_thread); + while(sn) { + qos_srv_config *sc = (qos_srv_config*)ap_get_module_config(sn->module_config, &qos_module); + sc->inctx_t = inctx_t; + sn = sn->next; + } + } + } + } + } +#endif + if(sconf->has_qos_cc) { + apr_global_mutex_child_init(&u->qos_cc->lock, u->qos_cc->lock_file, p); + } + if(!sconf->act->child_init) { + sconf->act->child_init = 1; + /* propagate mutex to child process (required by some platforms) */ + apr_global_mutex_child_init(&sconf->act->lock, sconf->act->lock_file, p); + } +#if APR_HAS_THREADS + if(sconf->qsstatus) { + qos_init_status_thread(p, sconf, sconf->max_clients); + } +#endif +} + +/* +static const char *qos_search_docroot(apr_pool_t *pconf, server_rec *bs, + ap_directive_t *node) { + ap_directive_t *pdir; + for(pdir = node; pdir != NULL; pdir = pdir->next) { + if(strcasecmp(pdir->directive, "DocumentRoot") == 0) { + return pdir->args; + } + if(pdir->first_child != NULL) { + const char *docroot = qos_search_docroot(pconf, bs, pdir->first_child); + if(docroot != NULL) { + return docroot; + } + } + } + return NULL; +} +*/ + +static const char *detectErrorPage(apr_pool_t *ptemp, server_rec *bs, ap_directive_t *pdir) { + const qos_errelt_t *e = m_error_pages; + apr_finfo_t finfo; + /* + const char *docroot = qos_search_docroot(ptemp, bs, pdir); + if(docroot) { + docroot = ap_server_root_relative(ptemp, docroot); + } + */ + while(e->path != NULL) { + char *path = ap_server_root_relative(ptemp, e->path); + if(apr_stat(&finfo, path, APR_FINFO_TYPE, ptemp) == APR_SUCCESS) { + return e->url; + } + /* + if(docroot) { + path = apr_pstrcat(ptemp, docroot, "/", e->path, NULL); + if(apr_stat(&finfo, path, APR_FINFO_TYPE, ptemp) == APR_SUCCESS) { + return e->url; + } + } + */ + e++; + } + return NULL; +} + +/** + * inits the server configuration + */ +static int qos_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *bs) { + qos_srv_config *bsconf = (qos_srv_config*)ap_get_module_config(bs->module_config, &qos_module); + char *rev = qos_revision(ptemp); + qos_user_t *u; + int maxClients; + int cc_net_prefer_limit = 0; + apr_status_t rv; + ap_directive_t *pdir = ap_conftree; + const char *error_page = detectErrorPage(ptemp, bs, pdir); + int auto_error_page = 0; + + /* verify if this Apache version is supported/mod_qos has been tested for + and enable/disable features */ + qos_version_check(bs); + + maxClients = qs_calc_maxClients(bs, bsconf); + QOS_MY_GENERATION(m_generation); + bsconf->max_clients = maxClients; + + if(bsconf->ip_type == QS_IP_V4) { + m_ip_type = QS_IP_V4; + } else { + m_ip_type = QS_IP_V6; + } + + qos_hostcode(ptemp, bs); + + if(bsconf->log_only) { + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, bs, + QOS_LOG_PFX(009)"running in 'log only' mode - rules are NOT enforced!"); + } + if(bsconf->geo_limit != -1 && !bsconf->geodb) { + ap_log_error(APLOG_MARK, APLOG_CRIT, 0, bs, + QOS_LOG_PFX(100)"QS_ClientGeoCountryDB has not been configured"); + } + + if(bsconf->max_conn_close_percent) { + bsconf->max_conn_close = maxClients * bsconf->max_conn_close_percent / 100; + } + cc_net_prefer_limit = maxClients * bsconf->qos_cc_prefer / 100; + if(bsconf->qos_cc_prefer) { + bsconf->qos_cc_prefer = maxClients; + bsconf->qos_cc_prefer_limit = cc_net_prefer_limit; + } else { + bsconf->qos_cc_prefer = 0; + bsconf->qos_cc_prefer_limit = 0; + } + u = qos_get_user_conf(bs->process->pool); + if(u == NULL) return !OK; + u->server_start++; + /* mutex init */ + if(bsconf->act->lock_file == NULL) { + bsconf->act->lock_file = apr_psprintf(bsconf->act->pool, "%s.mod_qos", + qos_tmpnam(bsconf->act->pool, bs)); + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, bs, + QOS_LOGD_PFX"create mutex (ACT)(%s)", + bsconf->act->lock_file); + rv = apr_global_mutex_create(&bsconf->act->lock, bsconf->act->lock_file, + APR_LOCK_DEFAULT, bsconf->act->pool); + if (rv != APR_SUCCESS) { + char buf[MAX_STRING_LEN]; + apr_strerror(rv, buf, sizeof(buf)); + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, bs, + QOS_LOG_PFX(004)"failed to create mutex (ACT)(%s): %s", + bsconf->act->lock_file, buf); + exit(1); + } +#ifdef AP_NEED_SET_MUTEX_PERMS + qos_unixd_set_global_mutex_perms(bsconf->act->lock); +#endif + } + bsconf->base_server = bs; + bsconf->act->timeout = apr_time_sec(bs->timeout); + if(bsconf->act->timeout == 0) bsconf->act->timeout = 300; + if(qos_init_shm(bs, bsconf, bsconf->act, bsconf->location_t, maxClients) != APR_SUCCESS) { + return !OK; + } + apr_pool_pre_cleanup_register(bsconf->pool, bsconf->act, qos_cleanup_shm); + + if((qos_module_check("mod_unique_id.c") != APR_SUCCESS) && + (qos_module_check("mod_navajo.cpp") != APR_SUCCESS)) { + ap_log_error(APLOG_MARK, APLOG_WARNING, 0, bs, + QOS_LOG_PFX(009)"mod_unique_id not available" + " (mod_qos generates simple request id if required)"); + } + qos_audit_check(ap_conftree); + qos_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https); + qos_ssl_var = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup); + if(qos_is_https == NULL || qos_ssl_var == NULL) { + ap_log_error(APLOG_MARK, APLOG_INFO, 0, bs, + QOS_LOG_PFX(009)"could not retrieve mod_ssl functions"); + } + if(m_requires_parp) { + if(qos_module_check("mod_parp.c") != APR_SUCCESS) { + qos_parp_hp_table_fn = NULL; + ap_log_error(APLOG_MARK, APLOG_CRIT, 0, bs, + QOS_LOG_PFX(009)"mod_parp not available" + " (required by some directives)"); + } else { + qos_parp_hp_table_fn = APR_RETRIEVE_OPTIONAL_FN(parp_hp_table); + qos_parp_body_data_fn = APR_RETRIEVE_OPTIONAL_FN(parp_body_data); + } + } + if(u->server_start == 2) { + int i; + apr_table_entry_t *entry = (apr_table_entry_t *)apr_table_elts(bsconf->hfilter_table)->elts; + for(i = 0; i < apr_table_elts(bsconf->hfilter_table)->nelts; i++) { + qos_fhlt_r_t *he = (qos_fhlt_r_t *)entry[i].val; + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, bs, + QOS_LOGD_PFX"request header filter rule (%s) %s: %s max=%d", + he->action == QS_FLT_ACTION_DROP ? "drop" : "deny", entry[i].key, + he->text, he->size); + } + entry = (apr_table_entry_t *)apr_table_elts(bsconf->reshfilter_table)->elts; + for(i = 0; i < apr_table_elts(bsconf->reshfilter_table)->nelts; i++) { + qos_fhlt_r_t *he = (qos_fhlt_r_t *)entry[i].val; + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, bs, + QOS_LOGD_PFX"response header filter rule (%s) %s: %s max=%d", + he->action == QS_FLT_ACTION_DROP ? "drop" : "deny", entry[i].key, + he->text, he->size); + } + } + if(bsconf->has_qos_cc) { + if(!u->qos_cc) { + u->qos_cc = qos_cc_new(bs->process->pool, bs, bsconf->qos_cc_size, bsconf->qos_cc_limitTable); + if(u->qos_cc == NULL) { + return !OK; + } + } else { + int configOk = 1; + int limitTableSize = apr_table_elts(bsconf->qos_cc_limitTable)->nelts; + if(u->qos_cc->limitTable) { + int i; + apr_table_entry_t *te = (apr_table_entry_t *)apr_table_elts(bsconf->qos_cc_limitTable)->elts; + for(i = 0; i < limitTableSize; i++) { + const char *name = te[i].key; + qos_s_entry_limit_conf_t *newentry = (qos_s_entry_limit_conf_t *)te[i].val; + qos_s_entry_limit_conf_t *entryConf = (qos_s_entry_limit_conf_t *)apr_table_get(u->qos_cc->limitTable, name); + if(entryConf) { + entryConf->limit = newentry->limit; + entryConf->limitTime = newentry->limitTime; + entryConf->condStr = NULL; + entryConf->preg = NULL; + if(newentry->condStr) { + entryConf->condStr = apr_pstrdup(bs->process->pool, newentry->condStr); + entryConf->preg = ap_pregcomp(bs->process->pool, newentry->condStr, AP_REG_EXTENDED); + } + } else { + // new variable + configOk = 0; + } + if(apr_table_elts(u->qos_cc->limitTable)->nelts != limitTableSize) { + // removed variable + configOk = 0; + } + } + } else { + if(limitTableSize > 0) { + // enabled after graceful restart + configOk = 0; + } + } + if(!configOk) { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, bs, + QOS_LOG_PFX(001)"QS_ClientEventLimitCount directives" + " can't be added/removed by graceful restart. A server" + " restart is required to apply the new configuration!"); + } + } + } + if(bsconf->error_page == NULL && error_page != NULL) { + bsconf->error_page = error_page; + auto_error_page = 1; + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, bs, + QOS_LOGD_PFX"QS_ErrorPage: use %s for server %s:%d (global)", + error_page, + bs->server_hostname == NULL ? "-" : bs->server_hostname, + bs->addrs->host_port); + } + + if(bsconf->qslog_str) { + char *qslogarg = apr_psprintf(pconf, "%s -f %s", bsconf->qslog_str, QSLOGFORMAT); + piped_log *pl = ap_open_piped_log(pconf, qslogarg); + if(pl == NULL) { + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, bs, + QOS_LOG_PFX(009)"failed to initialize the qslog facility '%s'", qslogarg); + } + bsconf->qslog_p = ap_piped_log_write_fd(pl); + } + + { + server_rec *s = bs->next; + while(s) { + qos_srv_config *ssconf = (qos_srv_config*)ap_get_module_config(s->module_config, &qos_module); + + /* mutex init */ + if(ssconf->act->lock == NULL) { + ssconf->act->lock_file = bsconf->act->lock_file; + ssconf->act->lock = bsconf->act->lock; + } + ssconf->base_server = bs; + ssconf->act->timeout = apr_time_sec(s->timeout); + ssconf->qos_cc_prefer = bsconf->qos_cc_prefer; + ssconf->qos_cc_prefer_limit = bsconf->qos_cc_prefer_limit; + ssconf->max_clients = bsconf->max_clients; + ssconf->max_clients_conf = bsconf->max_clients_conf; + if(ssconf->max_conn_close_percent) { + ssconf->max_conn_close = maxClients * ssconf->max_conn_close_percent / 100; + } + if(ssconf->act->timeout == 0) { + ssconf->act->timeout = 300; + } + ssconf->qslog_p = bsconf->qslog_p; + if(ssconf->is_virtual) { + if(qos_init_shm(s, ssconf, ssconf->act, ssconf->location_t, maxClients) != APR_SUCCESS) { + return !OK; + } + apr_pool_pre_cleanup_register(ssconf->pool, ssconf->act, + qos_cleanup_shm); + if(ssconf->has_conn_counter == 0 && bsconf->has_conn_counter == 1) { + // shall use global counter because vhost has not QS_SrvMaxConn* directive + ssconf->act->conn = bsconf->act->conn; + } + } + if(ssconf->error_page == NULL && error_page != NULL) { + ssconf->error_page = error_page; + auto_error_page |= 2; + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, bs, + QOS_LOGD_PFX"QS_ErrorPage: use %s for server %s:%d", + error_page, + s->server_hostname == NULL ? "-" : s->server_hostname, + s->addrs->host_port); + } + s = s->next; + } + } + if(auto_error_page) { + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, bs, + QOS_LOG_PFX(009)"found default error document '%s'. Use the QS_ErrorPage" + " directive to override this default page.", + error_page); + } + ap_add_version_component(pconf, apr_psprintf(pconf, "mod_qos/%s", rev)); + +#ifdef QS_INTERNAL_TEST + fprintf(stdout, "\033[1mmod_qos TEST BINARY, NOT FOR PRODUCTIVE USE\033[0m\n"); + fflush(stdout); +#endif +#ifndef QS_NO_STATUS_HOOK + APR_OPTIONAL_HOOK(ap, status_hook, qos_ext_status_hook, NULL, NULL, APR_HOOK_MIDDLE); +#endif + + return DECLINED; +} + +/** + * mod_qos + */ +static int qos_favicon(request_rec *r) { + int i; + unsigned const char ico[] = { + 0x00,0x00,0x01,0x00,0x01,0x00,0x10,0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x68,0x05, + 0x00,0x00,0x16,0x00,0x00,0x00,0x28,0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x20,0x00, + 0x00,0x00,0x01,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x0f,0x29,0x21,0x00,0x11,0x29,0x21,0x00,0x9c,0x9d,0x9c,0x00,0x8d,0x8e, + 0x8d,0x00,0x65,0x65,0x65,0x00,0x73,0xaf,0x9d,0x00,0xf1,0xf3,0xf2,0x00,0x04,0x0e, + 0x0b,0x00,0x05,0x0e,0x0b,0x00,0x1b,0x3b,0x31,0x00,0x26,0x60,0x4d,0x00,0x45,0x45, + 0x45,0x00,0x9c,0xc8,0xb9,0x00,0x38,0x89,0x6e,0x00,0x35,0x7d,0x67,0x00,0x7d,0x7d, + 0x7d,0x00,0x6f,0x27,0x80,0x00,0x3d,0x28,0x3d,0x00,0x0c,0x10,0x0f,0x00,0x04,0x05, + 0x05,0x00,0x5f,0x64,0x62,0x00,0x20,0x50,0x42,0x00,0x85,0xca,0xb6,0x00,0x61,0x22, + 0x98,0x00,0x76,0xb4,0xa2,0x00,0x69,0x6a,0x6a,0x00,0x02,0x03,0x03,0x00,0xaa,0xda, + 0xca,0x00,0x25,0x5c,0x4a,0x00,0xfc,0xfc,0xfc,0x00,0x87,0xae,0xa2,0x00,0xaa,0xcc, + 0xc0,0x00,0x01,0x01,0x01,0x00,0x6a,0xa0,0x91,0x00,0x31,0x75,0x5f,0x00,0x44,0xa5, + 0x85,0x00,0xe6,0xe5,0xec,0x00,0x31,0x7a,0x62,0x00,0x0b,0x1d,0x16,0x00,0xc2,0xcb, + 0xdc,0x00,0x2e,0x6c,0x58,0x00,0x22,0x53,0x44,0x00,0xa5,0xd4,0xc4,0x00,0x3e,0x42, + 0x41,0x00,0x68,0x85,0x7b,0x00,0x31,0x5a,0x51,0x00,0x55,0x4e,0xd5,0x00,0x8b,0x8b, + 0x8a,0x00,0x02,0x06,0x05,0x00,0x04,0x06,0x05,0x00,0x48,0x62,0x5b,0x00,0x0c,0x1d, + 0x17,0x00,0x01,0x04,0x03,0x00,0x03,0x04,0x03,0x00,0x2f,0x3d,0x38,0x00,0x65,0x81, + 0x77,0x00,0xef,0xf1,0xf5,0x00,0x57,0x25,0x51,0x00,0xc1,0xbd,0xc3,0x00,0x34,0x81, + 0x69,0x00,0x39,0x5d,0x52,0x00,0xff,0xff,0xff,0x00,0x2f,0x31,0x31,0x00,0x79,0x7d, + 0xd5,0x00,0x1b,0x46,0x39,0x00,0x4d,0x46,0xdd,0x00,0x13,0x13,0x13,0x00,0x5a,0x40, + 0x71,0x00,0xb4,0xb4,0xb4,0x00,0x71,0x74,0x73,0x00,0x4c,0x59,0x55,0x00,0x02,0x02, + 0x02,0x00,0xec,0xec,0xec,0x00,0x6f,0x72,0x71,0x00,0x67,0x67,0x67,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x3e,0x3e, + 0x3e,0x3e,0x3e,0x3e,0x3e,0x3e,0x3e,0x3e,0x3e,0x3e,0x3e,0x3e,0x3e,0x3e,0x3e,0x3e, + 0x3e,0x3e,0x3e,0x4a,0x26,0x26,0x15,0x3e,0x3e,0x3e,0x3e,0x1e,0x28,0x39,0x3e,0x3f, + 0x3e,0x24,0x24,0x24,0x24,0x24,0x24,0x24,0x20,0x2f,0x11,0x18,0x25,0x3e,0x3e,0x3e, + 0x00,0x24,0x08,0x00,0x05,0x4b,0x21,0x42,0x3a,0x0f,0x40,0x3e,0x3e,0x3e,0x3e,0x17, + 0x2e,0x00,0x0c,0x45,0x00,0x00,0x44,0x12,0x24,0x09,0x3c,0x3e,0x3e,0x3e,0x3c,0x3c, + 0x00,0x3c,0x00,0x00,0x0d,0x2b,0x24,0x24,0x00,0x00,0x3c,0x46,0x3e,0x3e,0x3c,0x3c, + 0x30,0x43,0x24,0x31,0x1c,0x1c,0x0e,0x00,0x48,0x3b,0x3c,0x3c,0x3e,0x3e,0x3c,0x06, + 0x3e,0x00,0x23,0x1c,0x1c,0x1c,0x1c,0x00,0x36,0x3e,0x16,0x3c,0x3e,0x3e,0x3c,0x22, + 0x3e,0x00,0x33,0x1c,0x37,0x1f,0x1c,0x3d,0x14,0x3e,0x41,0x3c,0x3e,0x3e,0x3c,0x3c, + 0x49,0x00,0x00,0x32,0x1c,0x1c,0x2a,0x24,0x00,0x3e,0x3c,0x3c,0x3e,0x3e,0x47,0x3c, + 0x00,0x00,0x27,0x24,0x29,0x13,0x00,0x02,0x24,0x00,0x3c,0x0a,0x3e,0x3e,0x3e,0x3c, + 0x19,0x34,0x24,0x21,0x48,0x1b,0x00,0x00,0x01,0x0b,0x3c,0x3e,0x3e,0x3e,0x3e,0x3e, + 0x1d,0x3c,0x00,0x1a,0x3e,0x3e,0x10,0x00,0x3c,0x35,0x3e,0x3e,0x3e,0x3e,0x3e,0x2c, + 0x3e,0x3c,0x3c,0x3c,0x2d,0x38,0x3c,0x3c,0x3c,0x07,0x3f,0x3e,0x3e,0x3e,0x3e,0x3e, + 0x3e,0x3e,0x03,0x3c,0x3c,0x3c,0x3c,0x04,0x3e,0x3e,0x3e,0x3e,0x3e,0x3e,0x3e,0x3e, + 0x3e,0x3e,0x3e,0x3e,0x3e,0x3e,0x3e,0x3e,0x3e,0x3e,0x3e,0x3e,0x3e,0x3e,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; + ap_set_content_type(r, "image/x-icon"); + for(i=0; i < sizeof(ico); i++) { + ap_rputc(ico[i], r); + } + return OK; +} + +static int qos_console_dump(request_rec * r, const char *event) { + qos_srv_config *sconf = sconf = (qos_srv_config*)ap_get_module_config(r->server->module_config, + &qos_module); + if(sconf && sconf->has_qos_cc) { + int i = 0; + qos_user_t *u = qos_get_user_conf(sconf->act->ppool); + qos_s_entry_t **clientEntry = NULL; + /* table requires heap (100'000 ~ 4MB) but we avoid io with drawn lock */ + apr_table_t *iptable = apr_table_make(r->pool, u->qos_cc->max); + apr_table_entry_t *entry; + apr_time_t now = apr_time_sec(r->request_time); + ap_set_content_type(r, "text/plain"); + apr_global_mutex_lock(u->qos_cc->lock); /* @CRT35 */ + clientEntry = u->qos_cc->ipd; + for(i = 0; i < u->qos_cc->max; i++) { + if((clientEntry[i]->ip6[0] != 0) || + (clientEntry[i]->ip6[1] != 0)) { + char *k; + int limit = 0; + time_t limitTime = 0; + if(u->qos_cc->limitTable) { + int limitTableIndex; + qos_s_entry_limit_conf_t *eventLimitConf = qos_getQSLimitEvent(u, event, &limitTableIndex); + if(eventLimitConf) { + limit = clientEntry[i]->limit[limitTableIndex].limit; + limitTime = (eventLimitConf->limitTime >= (time(NULL) - clientEntry[i]->limit[limitTableIndex].limitTime)) ? + (eventLimitConf->limitTime - (time(NULL) - clientEntry[i]->limit[limitTableIndex].limitTime)) : 0; + } + } + k = apr_psprintf(r->pool, + "%010d %s vip=%s lowprio=%s block=%hu/%ld limit=%d/%ld %ld", + i, + qos_ip_long2str(r->pool, clientEntry[i]->ip6), + clientEntry[i]->vip ? "yes" : "no", + (clientEntry[i]->lowrate + QOS_LOW_TIMEOUT) > now ? "yes" : "no", + clientEntry[i]->block, + (sconf->qos_cc_blockTime >= (time(NULL) - clientEntry[i]->blockTime)) ? + (sconf->qos_cc_blockTime - (time(NULL) - clientEntry[i]->blockTime)) : 0, + limit, + limitTime, + clientEntry[i]->time); + apr_table_addn(iptable, k, NULL); + } + } + apr_global_mutex_unlock(u->qos_cc->lock); /* @CRT35 */ + entry = (apr_table_entry_t *)apr_table_elts(iptable)->elts; + for(i = 0; i < apr_table_elts(iptable)->nelts; ++i) { + ap_rprintf(r, "%s\n", entry[i].key); + } + return OK; + } + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, + QOS_LOG_PFX(070)"console, not acceptable, " + "qos client control has not been activated, id=%s", + qos_unique_id(r, "070")); + return HTTP_NOT_ACCEPTABLE; +} + +#ifdef QS_INTERNAL_TEST +static int qos_handler_headerfilter(request_rec * r) { + int i; + apr_table_entry_t *entry; + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(r->server->module_config, &qos_module); + if(strcmp(r->handler, "qos-headerfilter") != 0) { + return DECLINED; + } + ap_set_content_type(r, "text/plain"); + + ap_rprintf(r, "\nQS_RequestHeaderFilter rules:\n\n"); + entry = (apr_table_entry_t *)apr_table_elts(sconf->hfilter_table)->elts; + for(i = 0; i < apr_table_elts(sconf->hfilter_table)->nelts; i++) { + qos_fhlt_r_t *he = (qos_fhlt_r_t *)entry[i].val; + ap_rprintf(r, " name=%s, action=%s, size=%d, pattern=%s\n", + entry[i].key, + he->action == QS_FLT_ACTION_DROP ? "drop" : "deny", + he->size, he->text); + } + ap_rprintf(r, "\nQS_ResponseHeaderFilter rules:\n\n"); + entry = (apr_table_entry_t *)apr_table_elts(sconf->reshfilter_table)->elts; + for(i = 0; i < apr_table_elts(sconf->reshfilter_table)->nelts; i++) { + qos_fhlt_r_t *he = (qos_fhlt_r_t *)entry[i].val; + ap_rprintf(r, " name=%s, action=%s, size=%d, pattern=%s\n", + entry[i].key, + he->action == QS_FLT_ACTION_DROP ? "drop" : "deny", + he->size, he->text); + } + + ap_rprintf(r, "\nmod_qos %s\n", g_revision); + + return OK; +} + +static int qos_handler_man1(request_rec * r) { + module *modp = NULL; + if(strcmp(r->handler, "qos-man1") != 0) { + return DECLINED; + } + ap_set_content_type(r, "text/plain"); + for(modp = ap_top_module; modp; modp = modp->next) { + if(strcmp(modp->name, "mod_qos.c") == 0) { + const command_rec *cmd = modp->cmds; + char time_string[64]; + time_t tm = time(NULL); + struct tm *ptr = localtime(&tm); + strftime(time_string, sizeof(time_string), "%B %Y", ptr); + ap_rprintf(r, ".TH MOD_QOS 1 \"%s\" \"mod_qos Apache Module\" \"mod_qos\"\n", time_string); + ap_rprintf(r, ".SH NAME\n"); + ap_rprintf(r, "mod_qos - quality of service module for the Apache Web server\n"); + ap_rprintf(r, ".SH DESCRIPTION\n"); + ap_rprintf(r, "mod_qos is a quality of service module for the Apache web server implementing control mechanisms that can provide different levels of priority to different HTTP requests.\n"); + ap_rprintf(r, ".SH OPTIONS\n"); + while(cmd) { + if(cmd->name) { + if(cmd->errmsg && cmd->errmsg[0] && + ((strstr(cmd->errmsg, "QS_") != NULL) || (strstr(cmd->errmsg, "QSLog") != NULL))) { + ap_rprintf(r, ".TP\n"); + ap_rprintf(r, "%s\n", cmd->errmsg); + } + cmd++; + } else { + break; + } + } + ap_rprintf(r, ".SH AUTHOR\n"); + ap_rprintf(r, "Pascal Buchbinder, http://mod-qos.sourceforge.net/\n"); + } + } + return OK; +} +#endif + +static int qos_handler_console(request_rec * r) { + apr_table_t *qt; + const char *ip; + const char *cmd; + const char *event; + apr_uint64_t addr[2]; + qos_srv_config *sconf; + int status = HTTP_NOT_ACCEPTABLE;; + if (strcmp(r->handler, "qos-console") != 0) { + return DECLINED; + } + sconf = (qos_srv_config*)ap_get_module_config(r->server->module_config, &qos_module); + if(sconf->disable_handler == 1) { + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, + QOS_LOG_PFX(072)"handler has been disabled for this host, id=%s", + qos_unique_id(r, "072")); + return DECLINED; + } + apr_table_add(r->err_headers_out, "Cache-Control", "no-cache"); + qt = qos_get_query_table(r); + ip = apr_table_get(qt, "address"); + cmd = apr_table_get(qt, "action"); + event = apr_table_get(qt, "event"); + if(event == NULL) { + event = apr_pstrdup(r->pool, QS_LIMIT_DEFAULT); + } + if(!cmd || !ip) { + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, + QOS_LOG_PFX(070)"console, not acceptable," + " missing request query (action/address), id=%s", + qos_unique_id(r, "070")); + return HTTP_NOT_ACCEPTABLE; + } + if(ip) { + int escerr = 0; + char *ta = apr_pstrdup(r->pool, ip); + qos_unescaping(ta, QOS_DEC_MODE_FLAGS_URL, &escerr); + ip = ta; + } + if(!sconf->has_qos_cc) { + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, + QOS_LOG_PFX(070)"console, not acceptable," + " client data store has not been enabled, id=%s", + qos_unique_id(r, "070")); + return HTTP_NOT_ACCEPTABLE; + } + if((strcasecmp(cmd, "search") == 0) && (strcmp(ip, "*") == 0)) { + return qos_console_dump(r, event); + } + if(qos_ip_str2long(ip, addr) == 0) { + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, + QOS_LOG_PFX(070)"console, not acceptable," + " invalid ip/wrong format, id=%s", + qos_unique_id(r, "070")); + return HTTP_NOT_ACCEPTABLE; + } + if(sconf->has_qos_cc) { + char *msg = "not available"; + qos_user_t *u = qos_get_user_conf(sconf->act->ppool); + qos_s_entry_t **clientEntry = NULL; + qos_s_entry_t searchE; + int limitTableIndex = 0; + qos_s_entry_limit_conf_t *eventLimitConf = NULL; + int limit = 0; + time_t limitTime = 0; + apr_time_t now = apr_time_sec(r->request_time); + apr_global_mutex_lock(u->qos_cc->lock); /* @CRT34 */ + searchE.ip6[0] = addr[0]; + searchE.ip6[1] = addr[1]; + clientEntry = qos_cc_get0(u->qos_cc, &searchE, apr_time_sec(r->request_time)); + if(!clientEntry) { + if(strcasecmp(cmd, "search") != 0) { + clientEntry = qos_cc_set(u->qos_cc, &searchE, time(NULL)); + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, 0, r, + QOS_LOG_PFX(071)"console, add new client ip entry '%s', is=%s", + ip, qos_unique_id(r, "071")); + } + } + status = OK; + if(u->qos_cc->limitTable) { + eventLimitConf = qos_getQSLimitEvent(u, event, &limitTableIndex); + } + if(strcasecmp(cmd, "setvip") == 0) { + (*clientEntry)->vip = 1; + } else if(strcasecmp(cmd, "unsetvip") == 0) { + (*clientEntry)->vip = 0; + } else if(strcasecmp(cmd, "setlowprio") == 0) { + (*clientEntry)->lowrate = time(NULL); + (*clientEntry)->lowratestatus = 0xff; + (*clientEntry)->lowratestatus &= ~QOS_LOW_FLAG_BEHAVIOR_OK; + } else if(strcasecmp(cmd, "unsetlowprio") == 0) { + (*clientEntry)->lowrate = 0; + if((*clientEntry)->lowratestatus & QOS_LOW_FLAG_BEHAVIOR_OK) { + (*clientEntry)->lowratestatus = QOS_LOW_FLAG_BEHAVIOR_OK; + } else { + (*clientEntry)->lowratestatus = 0; + } + } else if(strcasecmp(cmd, "unblock") == 0) { + (*clientEntry)->blockTime = 0; + (*clientEntry)->block = 0; + } else if(strcasecmp(cmd, "block") == 0) { + (*clientEntry)->blockTime = time(NULL); + (*clientEntry)->block = sconf->qos_cc_block + 1000; + } else if(strcasecmp(cmd, "unlimit") == 0) { + if(eventLimitConf) { + (*clientEntry)->limit[limitTableIndex].limitTime = 0; + (*clientEntry)->limit[limitTableIndex].limit = 0; + } + } else if(strcasecmp(cmd, "limit") == 0) { + if(eventLimitConf) { + (*clientEntry)->limit[limitTableIndex].limitTime = time(NULL); + (*clientEntry)->limit[limitTableIndex].limit = eventLimitConf->limit + 1000; + } + } else if(strcasecmp(cmd, "inclimit") == 0) { + if(eventLimitConf) { + if(((*clientEntry)->limit[limitTableIndex].limitTime + eventLimitConf->limitTime) < now) { + // expired + (*clientEntry)->limit[limitTableIndex].limit = 0; + (*clientEntry)->limit[limitTableIndex].limitTime = 0; + } + // increment limit event + if((*clientEntry)->limit[limitTableIndex].limit < USHRT_MAX) { + (*clientEntry)->limit[limitTableIndex].limit++; + } + if((*clientEntry)->limit[limitTableIndex].limit == 1) { + // first, start timer + (*clientEntry)->limit[limitTableIndex].limitTime = now; + } + } + } else if(strcasecmp(cmd, "search") == 0) { + /* nothing to do here */ + } else { + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, + QOS_LOG_PFX(070)"console, not acceptable, unknown action '%s', id=%s", + cmd, qos_unique_id(r, "070")); + status = HTTP_NOT_ACCEPTABLE; + } + if(clientEntry) { + if(eventLimitConf) { + limit = (*clientEntry)->limit[limitTableIndex].limit; + limitTime = (eventLimitConf->limitTime >= (time(NULL) - (*clientEntry)->limit[limitTableIndex].limitTime)) ? + (eventLimitConf->limitTime - (time(NULL) - (*clientEntry)->limit[limitTableIndex].limitTime)) : 0; + } + msg = apr_psprintf(r->pool, "%s vip=%s lowprio=%s block=%hu/%ld limit=%d/%ld", ip, + (*clientEntry)->vip ? "yes" : "no", + ((*clientEntry)->lowrate + QOS_LOW_TIMEOUT) > now ? "yes" : "no", + (*clientEntry)->block, + (sconf->qos_cc_blockTime >= (time(NULL) - (*clientEntry)->blockTime)) ? + (sconf->qos_cc_blockTime - (time(NULL) - (*clientEntry)->blockTime)) : 0, + limit, + limitTime); + } + apr_global_mutex_unlock(u->qos_cc->lock); /* @CRT34 */ + if(status == OK) { + ap_set_content_type(r, "text/plain"); + ap_rprintf(r, "%s\n", msg); + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, 0, r, + QOS_LOG_PFX(071)"console, action '%s' applied to client ip entry '%s', id=%s", + cmd, ip, qos_unique_id(r, "071")); + } + } else { + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, + QOS_LOG_PFX(070)"console, not acceptable," + " qos client control has not been activated, id=%s", + qos_unique_id(r, "070")); + status = HTTP_NOT_ACCEPTABLE; + } + return status; +} + +/** + * viewer which may be used as an alternative to mod_status + */ +static int qos_handler_view(request_rec * r) { + qos_srv_config *sconf; + apr_table_t *qt; + if (strcmp(r->handler, "qos-viewer") != 0) { + return DECLINED; + } + sconf = (qos_srv_config*)ap_get_module_config(r->server->module_config, &qos_module); + if(sconf->disable_handler == 1) { + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, + QOS_LOG_PFX(072)"handler has been disabled for this host, id=%s", + qos_unique_id(r, "072")); + return DECLINED; + } + if(strstr(r->parsed_uri.path, "favicon.ico") != NULL) { + apr_table_add(r->err_headers_out, "Cache-Control", "public, max-age=2592000"); + return qos_favicon(r); + } + apr_table_add(r->err_headers_out, "Cache-Control", "no-cache"); + qt = qos_get_query_table(r); + if(qt && (apr_table_get(qt, "refresh") != NULL)) { + apr_table_add(r->err_headers_out, "Refresh", "10"); + } + if(qt && (apr_table_get(qt, "auto") != NULL)) { + ap_set_content_type(r, "text/plain"); + qos_ext_status_short(r, qt); + return OK; + } + ap_set_content_type(r, "text/html"); + if(!r->header_only) { + int hasSlash = 1; + if(strlen(r->parsed_uri.path) > 0) { + if(r->parsed_uri.path[strlen(r->parsed_uri.path)-1] != '/') { + hasSlash = 0; + } + } + ap_rputs("<html><head><title>mod_qos</title>\n", r); + ap_rprintf(r,"<link rel=\"shortcut icon\" href=\"%s%sfavicon.ico\"/>\n", + ap_escape_html(r->pool, r->parsed_uri.path), + hasSlash ? "" : "/"); + ap_rputs("<meta http-equiv=\"content-type\" content=\"text/html; charset=ISO-8859-1\">\n", r); + ap_rputs("<meta name=\"author\" content=\"Pascal Buchbinder\">\n", r); + ap_rputs("<meta http-equiv=\"Pragma\" content=\"no-cache\">\n", r); + ap_rputs("<style TYPE=\"text/css\">\n", r); + ap_rputs("<!--", r); + ap_rputs(" body {\n\ + background-color: rgb(248,250,246);\n\ + color: black;\n\ + font-family: arial, helvetica, verdana, sans-serif;\n\ + }\n\ + .btable{\n\ + background-color: white;\n\ + border: 1px solid; padding: 0px;\n\ + margin: 6px; width: 920px;\n\ + font-weight: normal;\n\ + border-collapse: collapse;\n\ + }\n\ + .rowts {\n\ + background-color: rgb(150,165,158);\n\ + vertical-align: top;\n\ + border: 1px solid;\n\ + border-color: black;\n\ + font-weight: normal;\n\ + padding: 0px;\n\ + margin: 0px;\n\ + }\n\ + .rowt {\n\ + background-color: rgb(210,220,215);\n\ + vertical-align: top;\n\ + border: 1px solid;\n\ + border-color: black;\n\ + font-weight: normal;\n\ + padding: 0px;\n\ + margin: 0px;\n\ + }\n\ + .rows {\n\ + background-color: rgb(228,235,230);\n\ + vertical-align: top;\n\ + border: 1px solid;\n\ + border-color: black;\n\ + font-weight: normal;\n\ + padding: 0px;\n\ + margin: 0px;\n\ + }\n\ + .row {\n\ + background-color: white;\n\ + vertical-align: top;\n\ + border: 1px solid;\n\ + border-color: black;\n\ + font-weight: normal;\n\ + padding: 0px;\n\ + margin: 0px;\n\ + }\n\ + .rowe {\n\ + background-color: rgb(186,200,190);\n\ + vertical-align: top;\n\ + border: 1px solid;\n\ + border-color: black;\n\ + font-weight: normal;\n\ + padding: 0px;\n\ + margin: 0px;\n\ + }\n\ + .small {\n\ + font-size: 0.75em;\n\ + font-family: courier;\n\ + }\n\ + .prog-border {\n\ + height: 10px;\n\ + width: 150px;\n\ + background: #eee;\n\ + border: 1px solid #000;\n\ + padding: 2px;\n\ + font-family: arial, helvetica, verdana, sans-serif; font-size: 10px; color: #000;\n\ + }\n\ + .prog-bar {\n\ + height: 10px;\n\ + padding: 0;\n\ + background: #339900;\n\ + font-family: arial, helvetica, verdana, sans-serif; font-size: 10px; color: #000;\n\ + }\n\ + .prog-bar-limit {\n\ + height: 10px;\n\ + padding: 0;\n\ + background: #993300;\n\ + font-family: arial, helvetica, verdana, sans-serif; font-size: 10px; color: #000;\n\ + }\n\ + form { display: inline; }\n", r); + ap_rputs("-->\n", r); + ap_rputs("</style>\n", r); + ap_rputs("</head><body>\n", r); + qos_ext_status_hook(r, 0); + { + apr_time_t nowtime = apr_time_now(); + ap_rvputs(r, "<div class=\"small\">", + ap_ht_time(r->pool, nowtime, QS_ERR_TIME_FORMAT, 0), NULL); + ap_rprintf(r, ", mod_qos %s\n", ap_escape_html(r->pool, qos_revision(r->pool))); + } + ap_rputs("</body></html>", r); + } + return OK; +} + +static int qos_handler(request_rec * r) { + int status = qos_handler_view(r); + if(status != DECLINED) { + return status; + } + status = qos_handler_console(r); + if(status != DECLINED) { + return status; + } +#ifdef QS_INTERNAL_TEST + status = qos_handler_man1(r); + if(status != DECLINED) { + return status; + } + status = qos_handler_headerfilter(r); + if(status != DECLINED) { + return status; + } +#endif + return DECLINED; +} + +/** + * insert response filter + */ +static void qos_insert_filter(request_rec *r) { + ap_add_output_filter("qos-out-filter", NULL, r, r->connection); +} +static void qos_insert_err_filter(request_rec *r) { + ap_add_output_filter("qos-out-err-filter", NULL, r, r->connection); +} + +/************************************************************************ + * directiv handlers + ***********************************************************************/ +static void qos_table_merge(apr_table_t *o, apr_table_t *b) { + int i; + apr_table_entry_t *entry = (apr_table_entry_t *)apr_table_elts(b)->elts; + for(i = 0; i < apr_table_elts(b)->nelts; ++i) { + if(apr_table_get(o, entry[i].key) == NULL) { + // copy the pointer only!!! + apr_table_setn(o, entry[i].key, entry[i].val); + } + } +} + +static void *qos_dir_config_create(apr_pool_t *p, char *d) { + qos_dir_config *dconf = apr_pcalloc(p, sizeof(qos_dir_config)); + dconf->path = d; + dconf->rfilter_table = apr_table_make(p, 1); + dconf->inheritoff = 0; + dconf->headerfilter = QS_HEADERFILTER_OFF_DEFAULT; + dconf->resheaderfilter = QS_HEADERFILTER_OFF_DEFAULT; + dconf->bodyfilter_p = -1; + dconf->bodyfilter_d = -1; + dconf->dec_mode = QOS_DEC_MODE_FLAGS_URL; + dconf->maxpost = -1; + dconf->urldecoding = QS_OFF_DEFAULT; + dconf->response_pattern = NULL; + dconf->response_pattern_var = NULL; + dconf->redirectif = apr_array_make(p, 20, sizeof(qos_redirectif_entry_t)); + dconf->disable_reqrate_events = apr_table_make(p, 1); + dconf->setenvstatus_t = apr_table_make(p, 5); + dconf->setenvif_t = apr_array_make(p, 20, sizeof(qos_setenvif_t)); + dconf->setenvifquery_t = apr_table_make(p, 1); + dconf->setenvcmp = apr_array_make(p, 2, sizeof(qos_cmp_entry_t)); + return dconf; +} + +/** + * merges dir config, inheritoff disables merge of rfilter_table. + */ +static void *qos_dir_config_merge(apr_pool_t *p, void *basev, void *addv) { + qos_dir_config *b = (qos_dir_config *)basev; + qos_dir_config *o = (qos_dir_config *)addv; + qos_dir_config *dconf = apr_pcalloc(p, sizeof(qos_dir_config)); + dconf->path = o->path; + if(o->headerfilter != QS_HEADERFILTER_OFF_DEFAULT) { + dconf->headerfilter = o->headerfilter; + } else { + dconf->headerfilter = b->headerfilter; + } + if(o->resheaderfilter != QS_HEADERFILTER_OFF_DEFAULT) { + dconf->resheaderfilter = o->resheaderfilter; + } else { + dconf->resheaderfilter = b->resheaderfilter; + } + if(o->bodyfilter_p != -1) { + dconf->bodyfilter_p = o->bodyfilter_p; + } else { + dconf->bodyfilter_p = b->bodyfilter_p; + } + if(o->bodyfilter_d != -1) { + dconf->bodyfilter_d = o->bodyfilter_d; + } else { + dconf->bodyfilter_d = b->bodyfilter_d; + } + if((o->dec_mode != QOS_DEC_MODE_FLAGS_URL) || + (o->inheritoff)) { + dconf->dec_mode = o->dec_mode; + } else { + dconf->dec_mode = b->dec_mode; + } + if(o->inheritoff) { + dconf->rfilter_table = o->rfilter_table; + } else { + dconf->rfilter_table = qos_table_merge_create(p, b->rfilter_table, o->rfilter_table); + } + if(o->maxpost != -1) { + dconf->maxpost = o->maxpost; + } else { + dconf->maxpost = b->maxpost; + } + if(o->urldecoding == QS_OFF_DEFAULT) { + dconf->urldecoding = b->urldecoding; + } else { + dconf->urldecoding = o->urldecoding; + } + if(o->response_pattern) { + dconf->response_pattern = o->response_pattern; + dconf->response_pattern_len = o->response_pattern_len; + dconf->response_pattern_var = o->response_pattern_var; + } else { + dconf->response_pattern = b->response_pattern; + dconf->response_pattern_len = b->response_pattern_len; + dconf->response_pattern_var = b->response_pattern_var; + } + dconf->disable_reqrate_events = qos_table_merge_create(p, b->disable_reqrate_events, + o->disable_reqrate_events); + dconf->redirectif = apr_array_append(p, b->redirectif, o->redirectif); + + dconf->setenvstatus_t = apr_table_copy(p, b->setenvstatus_t); + qos_table_merge(dconf->setenvstatus_t, o->setenvstatus_t); + + dconf->setenvif_t = apr_array_append(p, b->setenvif_t, o->setenvif_t); + + dconf->setenvifquery_t = apr_table_copy(p, b->setenvifquery_t); + qos_table_merge(dconf->setenvifquery_t, o->setenvifquery_t); + + dconf->setenvcmp = apr_array_append(p, b->setenvcmp, o->setenvcmp); + + return dconf; +} + +static void *qos_srv_config_create(apr_pool_t *p, server_rec *s) { + qos_srv_config *sconf; + apr_pool_t *act_pool; + apr_pool_create(&act_pool, NULL); + sconf =(qos_srv_config *)apr_pcalloc(p, sizeof(qos_srv_config)); + sconf->pool = p; + sconf->location_t = apr_table_make(sconf->pool, 2); + sconf->setenvif_t = apr_array_make(sconf->pool, 20, sizeof(qos_setenvif_t)); + sconf->setenv_t = apr_table_make(sconf->pool, 1); + sconf->setreqheader_t = apr_table_make(sconf->pool, 5); + sconf->setreqheaderlate_t = apr_table_make(sconf->pool, 5); + sconf->unsetreqheader_t = apr_table_make(sconf->pool, 5); + sconf->unsetresheader_t = apr_table_make(sconf->pool, 5); + sconf->setenvifquery_t = apr_table_make(sconf->pool, 1); + sconf->setenvifparp_t = apr_table_make(sconf->pool, 1); + sconf->setenvifparpbody_t = apr_table_make(sconf->pool, 1); + sconf->setenvstatus_t = apr_table_make(sconf->pool, 5); + sconf->setenvresheader_t = apr_table_make(sconf->pool, 1); + sconf->setenvresheadermatch_t = apr_table_make(sconf->pool, 1); + sconf->setenvres_t = apr_table_make(sconf->pool, 1); + sconf->headerfilter = QS_HEADERFILTER_OFF_DEFAULT; + sconf->resheaderfilter = QS_HEADERFILTER_OFF_DEFAULT; + sconf->redirectif = apr_array_make(p, 20, sizeof(qos_redirectif_entry_t)); + sconf->error_page = NULL; + sconf->req_rate = -1; + sconf->req_rate_start = 0; + sconf->min_rate = -1; + sconf->min_rate_max = -1; + sconf->min_rate_off = 0; + sconf->req_ignore_vip_rate = -1; + sconf->max_clients = 1024; + sconf->max_clients_conf = -1; + sconf->has_event_filter = 0; + sconf->has_event_limit = 0; + sconf->event_limit_a = apr_array_make(p, 2, sizeof(qos_event_limit_entry_t)); + sconf->mfile = NULL; + sconf->act = (qs_actable_t *)apr_pcalloc(act_pool, sizeof(qs_actable_t)); + sconf->act->pool = act_pool; + sconf->act->ppool = s->process->pool; + sconf->act->child_init = 0; + sconf->act->timeout = apr_time_sec(s->timeout); + sconf->act->has_events = 0; + sconf->act->lock_file = NULL; + sconf->act->lock = NULL; + sconf->is_virtual = s->is_virtual; + sconf->cookie_name = apr_pstrdup(sconf->pool, QOS_COOKIE_NAME); + sconf->cookie_path = apr_pstrdup(sconf->pool, "/"); + sconf->user_tracking_cookie = NULL; + sconf->user_tracking_cookie_force = NULL; + sconf->user_tracking_cookie_session = -1; + sconf->user_tracking_cookie_jsredirect = -1; + sconf->user_tracking_cookie_domain = NULL; + sconf->max_age = atoi(QOS_MAX_AGE); + sconf->header_name = NULL; + sconf->header_name_drop = 0; + sconf->header_name_regex = NULL; + sconf->ip_header_name = NULL; + sconf->ip_header_name_drop = 0; + sconf->ip_header_name_regex = NULL; + sconf->vip_user = 0; + sconf->vip_ip_user = 0; + + sconf->has_conn_counter = 0; + sconf->max_conn = -1; + sconf->max_conn_close = -1; + sconf->max_conn_per_ip = -1; + sconf->max_conn_per_ip_connections = -1; + sconf->max_conn_per_ip_ignore_vip = -1; + + sconf->serialize = -1; + sconf->exclude_ip = apr_table_make(sconf->pool, 2); + sconf->hfilter_table = apr_table_make(p, 5); + sconf->reshfilter_table = apr_table_make(p, 5); + sconf->disable_reqrate_events = apr_table_make(p, 1); + sconf->log_only = 0; + sconf->log_env = -1; + sconf->has_qos_cc = 0; + sconf->cc_exclude_ip = apr_table_make(sconf->pool, 2); + sconf->qos_cc_size = 50000; + sconf->qos_cc_prefer = 0; + sconf->qos_cc_prefer_limit = 0; + sconf->qos_cc_event = 0; + sconf->qos_cc_event_req = -1; + sconf->qos_cc_block = 0; + sconf->qos_cc_serialize = 0; + sconf->serializeTMO = 6000; // 6000 * 50ms = 5 minutes + sconf->cc_tolerance = atoi(QOS_CC_BEHAVIOR_TOLERANCE_STR); + sconf->qs_req_rate_tm = QS_REQ_RATE_TM; + sconf->geodb = NULL; + sconf->geo_limit = -1; + sconf->geo_priv = apr_table_make(p, 20); + sconf->geo_excludeUnknown = -1; + sconf->qslog_p = NULL; + sconf->qsstatus = 0; + sconf->qsevents = 0; + sconf->qslog_str = NULL; + sconf->ip_type = QS_IP_V6_DEFAULT; + sconf->qos_cc_blockTime = 600; + sconf->qos_cc_limitTable = apr_table_make(p, 5); + sconf->qos_cc_forwardedfor = NULL; + sconf->disable_handler = -1; + sconf->maxpost = -1; + sconf->milestones = NULL; + sconf->milestoneTimeout = QOS_MILESTONE_TIMEOUT; + sconf->static_on = -1; + sconf->static_html = 0; + sconf->static_cssjs = 0; + sconf->static_img = 0; + sconf->static_other = 0; + sconf->static_notmodified = 0; + if(!s->is_virtual) { + char *msg = qos_load_headerfilter(p, sconf->hfilter_table, qs_header_rules); + if(msg) { + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, + QOS_LOG_PFX(006)"could not compile request header filter rules: %s", msg); + exit(1); + } + msg = qos_load_headerfilter(p, sconf->reshfilter_table, qs_res_header_rules); + if(msg) { + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, + QOS_LOG_PFX(006)"could not compile response header filter rules: %s", msg); + exit(1); + } + } + + { + int len = EVP_MAX_KEY_LENGTH; + unsigned char *rand = apr_pcalloc(p, len); +#if APR_HAS_RANDOM + if(apr_generate_random_bytes(rand, len) != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + QOS_LOG_PFX(083)"Can't generate random data."); + } +#else + if(!RAND_bytes(rand, len)) { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + QOS_LOG_PFX(083)"Can't generate random data."); + } +#endif + EVP_BytesToKey(EVP_des_ede3_cbc(), EVP_sha1(), NULL, rand, len, 1, sconf->key, NULL); + sconf->rawKey = rand; + sconf->rawKeyLen = len; + sconf->keyset = 0; + } +#ifdef QS_INTERNAL_TEST + { + int i; + sconf->testip = apr_table_make(sconf->pool, m_qs_sim_ip_len); + sconf->enable_testip = 1; + for(i = 0; i < (m_qs_sim_ip_len*3/4); i++) { + char *qsmi = apr_psprintf(p, "%d.%d.%d.%d", rand()%255, rand()%255, rand()%255, rand()%255); + apr_table_add(sconf->testip, apr_psprintf(p, "%d", i), qsmi); + } + for(i = m_qs_sim_ip_len*3/4; i < m_qs_sim_ip_len; i++) { + char *qsmi = apr_psprintf(p, "fe%d::%d:%d:%d", rand()%100, rand()%4000, rand()%4000, rand()%400); + apr_table_add(sconf->testip, apr_psprintf(p, "%d", i), qsmi); + } + } +#endif + return sconf; +} + +/** + * "merges" server configuration: virtual host overwrites global settings (if + * any rule has been specified) + * but: global settings such as header filter table and connection timeouts + * are always used from the base server + */ +static void *qos_srv_config_merge(apr_pool_t *p, void *basev, void *addv) { + qos_srv_config *b = (qos_srv_config *)basev; + qos_srv_config *o = (qos_srv_config *)addv; + /* GLOBAL ONLY directives: */ + o->hfilter_table = b->hfilter_table; + o->reshfilter_table = b->reshfilter_table; + o->log_only = b->log_only; + if(o->log_env == -1) { + o->log_env = b->log_env; + } + o->has_qos_cc = b->has_qos_cc; + o->cc_exclude_ip = b->cc_exclude_ip; + o->qos_cc_size = b->qos_cc_size; + o->qos_cc_prefer = b->qos_cc_prefer; + o->qos_cc_prefer_limit = b->qos_cc_prefer_limit; + o->qos_cc_event = b->qos_cc_event; + o->qos_cc_event_req = b->qos_cc_event_req; + o->qos_cc_block = b->qos_cc_block; + o->qos_cc_blockTime = b->qos_cc_blockTime; + o->qos_cc_limitTable = b->qos_cc_limitTable; + o->qos_cc_forwardedfor = b->qos_cc_forwardedfor; + o->qos_cc_serialize = b->qos_cc_serialize; + o->cc_tolerance = b->cc_tolerance; + o->qs_req_rate_tm = b->qs_req_rate_tm; + o->geodb = b->geodb; + o->geo_limit = b->geo_limit; + o->geo_priv = b->geo_priv; + o->geo_excludeUnknown = b->geo_excludeUnknown; + o->qslog_p = b->qslog_p; + o->qsstatus = b->qsstatus; + o->qsevents = b->qsevents; + o->qslog_str = b->qslog_str; + o->ip_type = b->ip_type; + o->req_rate = b->req_rate; + o->req_rate_start = b->req_rate_start; + o->min_rate = b->min_rate; + o->min_rate_max = b->min_rate_max; + o->req_ignore_vip_rate = b->req_ignore_vip_rate; + o->event_limit_a = apr_array_append(p, b->event_limit_a, o->event_limit_a); + /* end GLOBAL ONLY directives */ + if(o->disable_handler == -1) { + o->disable_handler = b->disable_handler; + } +#ifdef QS_INTERNAL_TEST + o->enable_testip = b->enable_testip; +#endif + if(o->error_page == NULL) { + o->error_page = b->error_page; + } + qos_table_merge(o->location_t, b->location_t); + o->setenvif_t = apr_array_append(p, b->setenvif_t, o->setenvif_t); + qos_table_merge(o->setenv_t, b->setenv_t); + qos_table_merge(o->setreqheader_t, b->setreqheader_t); + qos_table_merge(o->setreqheaderlate_t, b->setreqheaderlate_t); + qos_table_merge(o->unsetreqheader_t, b->unsetreqheader_t); + qos_table_merge(o->unsetresheader_t, b->unsetresheader_t); + qos_table_merge(o->setenvifquery_t, b->setenvifquery_t); + qos_table_merge(o->setenvifparp_t, b->setenvifparp_t); + qos_table_merge(o->setenvifparpbody_t, b->setenvifparpbody_t); + qos_table_merge(o->setenvstatus_t, b->setenvstatus_t); + qos_table_merge(o->setenvresheader_t, b->setenvresheader_t); + qos_table_merge(o->setenvresheadermatch_t, b->setenvresheadermatch_t); + qos_table_merge(o->setenvres_t, b->setenvres_t); + qos_table_merge(o->exclude_ip, b->exclude_ip); + o->disable_reqrate_events = qos_table_merge_create(p, b->disable_reqrate_events, + o->disable_reqrate_events); + if(o->headerfilter == QS_HEADERFILTER_OFF_DEFAULT) { + o->headerfilter = b->headerfilter; + } + if(o->resheaderfilter == QS_HEADERFILTER_OFF_DEFAULT) { + o->resheaderfilter = b->resheaderfilter; + } + o->redirectif = apr_array_append(p, b->redirectif, o->redirectif); + if(o->mfile == NULL) { + o->mfile = b->mfile; + } + if(strcmp(o->cookie_name, QOS_COOKIE_NAME) == 0) { + o->cookie_name = b->cookie_name; + } + if(strcmp(o->cookie_path, "/") == 0) { + o->cookie_path = b->cookie_path; + } + if(o->max_age == atoi(QOS_MAX_AGE)) { + o->max_age = b->max_age; + } + if(o->user_tracking_cookie == NULL) { + o->user_tracking_cookie = b->user_tracking_cookie; + o->user_tracking_cookie_force = b->user_tracking_cookie_force; + o->user_tracking_cookie_session = b->user_tracking_cookie_session; + o->user_tracking_cookie_jsredirect = b->user_tracking_cookie_jsredirect; + o->user_tracking_cookie_domain = b->user_tracking_cookie_domain; + } + if(o->keyset == 0) { + memcpy(o->key, b->key, sizeof(o->key)); + o->rawKey = b->rawKey; + o->rawKeyLen = b->rawKeyLen; + } + if(o->header_name == NULL) { + o->header_name = b->header_name; + o->header_name_drop = b->header_name_drop; + o->header_name_regex = b->header_name_regex; + } + if(o->ip_header_name == NULL) { + o->ip_header_name = b->ip_header_name; + o->ip_header_name_drop = b->ip_header_name_drop; + o->ip_header_name_regex = b->ip_header_name_regex; + } + if(o->vip_user == 0) { + o->vip_user = b->vip_user; + } + if(o->vip_ip_user == 0) { + o->vip_ip_user = b->vip_ip_user; + } + if(o->max_conn == -1) { + o->max_conn = b->max_conn; + } + if(o->max_conn_close == -1) { + o->max_conn_close = b->max_conn_close; + o->max_conn_close_percent = b->max_conn_close_percent; + } + if(o->max_conn_per_ip == -1) { + o->max_conn_per_ip = b->max_conn_per_ip; + } + if(o->max_conn_per_ip_ignore_vip == -1) { + o->max_conn_per_ip_ignore_vip = b->max_conn_per_ip_ignore_vip; + } + if(o->max_conn_per_ip_connections == -1) { + o->max_conn_per_ip_connections = b->max_conn_per_ip_connections; + } + if(o->serialize == -1) { + o->serialize = b->serialize; + o->serializeTMO = b->serializeTMO; + } + if(o->has_event_filter == 0) { + o->has_event_filter = b->has_event_filter; + } + if(o->has_event_limit == 0) { + o->has_event_limit = b->has_event_limit; + } + if(o->maxpost == -1) { + o->maxpost = b->maxpost; + } + if(o->milestones == NULL) { + o->milestones = b->milestones; + o->milestoneTimeout = b->milestoneTimeout; + } + if(o->static_on == -1) { + /* use base settings if not configured per vhost */ + o->static_on = b->static_on; + o->static_html = b->static_html; + o->static_cssjs = b->static_cssjs; + o->static_img = b->static_img; + o->static_other = b->static_other; + o->static_notmodified = b->static_notmodified; + } + return o; +} + +const char *qos_logonly_cmd(cmd_parms *cmd, void *dcfg, int flag) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if (err != NULL) { + return err; + } + sconf->log_only = flag; + return NULL; +} + +const char *qos_logenv_cmd(cmd_parms *cmd, void *dcfg, int flag) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + sconf->log_env = flag; + return NULL; +} + +/** + * QS_MaxClients + */ +const char *qos_maxclients_cmd(cmd_parms *cmd, void *dcfg, const char *arg1) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if (err != NULL) { + return err; + } + sconf->max_clients_conf = atoi(arg1); + if(sconf->max_clients_conf <= 0) { + return apr_psprintf(cmd->pool, "%s: number must be numeric value >=0", + cmd->directive->directive); + } + return NULL; +} + +const char *qos_mfile_cmd(cmd_parms *cmd, void *dcfg, const char *path) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + apr_finfo_t finfo; + apr_status_t rc; + if(!path[0]) { + return apr_psprintf(cmd->pool, "%s: invalid path", + cmd->directive->directive); + } + if((rc = apr_stat(&finfo, path, APR_FINFO_TYPE, cmd->pool)) != APR_SUCCESS) { + char *p = apr_pstrdup(cmd->pool, path); + /* file? */ + if(p[strlen(p)-1] == '/') { + return apr_psprintf(cmd->pool, "%s: path does not exist", + cmd->directive->directive); + } else { + char *e = strrchr(p, '/'); + if(e) { + e[0] = '\0'; + } + if(((rc = apr_stat(&finfo, p, APR_FINFO_TYPE, cmd->pool)) != APR_SUCCESS) || + (finfo.filetype != APR_DIR)){ + return apr_psprintf(cmd->pool, "%s: path does not exist", + cmd->directive->directive); + } + } + } + sconf->mfile = apr_pstrdup(cmd->pool, path); + return NULL; +} + +/** + * command to define the concurrent request limitation for a location + */ +const char *qos_loc_con_cmd(cmd_parms *cmd, void *dcfg, const char *loc, const char *limit) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + qs_rule_ctx_t *rule = (qs_rule_ctx_t *)apr_table_get(sconf->location_t, loc); + if(rule == NULL) { + rule = (qs_rule_ctx_t *)apr_pcalloc(cmd->pool, sizeof(qs_rule_ctx_t)); + rule->url = apr_pstrdup(cmd->pool, loc); + } + rule->limit = atoi(limit); + if((rule->limit < 0) || ((rule->limit == 0) && limit && (strcmp(limit, "0") != 0))) { + return apr_psprintf(cmd->pool, "%s: number must be numeric value >=0", + cmd->directive->directive); + } + rule->event = NULL; + rule->regex = NULL; + rule->condition = NULL; + apr_table_setn(sconf->location_t, apr_pstrdup(cmd->pool, loc), (char *)rule); + return NULL; +} + +/** + * QS_LocRequestPerSecLimit: command to define the req/sec limitation for a location + */ +const char *qos_loc_rs_cmd(cmd_parms *cmd, void *dcfg, const char *loc, const char *limit) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + qs_rule_ctx_t *rule = (qs_rule_ctx_t *)apr_table_get(sconf->location_t, loc); + if(rule == NULL) { + rule = (qs_rule_ctx_t *)apr_pcalloc(cmd->pool, sizeof(qs_rule_ctx_t)); + rule->url = apr_pstrdup(cmd->pool, loc); + } + rule->req_per_sec_limit = atol(limit); + if(rule->req_per_sec_limit == 0) { + return apr_psprintf(cmd->pool, "%s: number must be numeric value >0", + cmd->directive->directive); + } + rule->event = NULL; + rule->regex = NULL; + rule->condition = NULL; + apr_table_setn(sconf->location_t, apr_pstrdup(cmd->pool, loc), (char *)rule); + return NULL; +} + +/** + * QS_LocKBytesPerSecLimit: command to define the kbytes/sec limitation for a location + */ +const char *qos_loc_bs_cmd(cmd_parms *cmd, void *dcfg, const char *loc, const char *limit) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + qs_rule_ctx_t *rule = (qs_rule_ctx_t *)apr_table_get(sconf->location_t, loc); + if(rule == NULL) { + rule = (qs_rule_ctx_t *)apr_pcalloc(cmd->pool, sizeof(qs_rule_ctx_t)); + rule->url = apr_pstrdup(cmd->pool, loc); + } + rule->kbytes_per_sec_limit = atol(limit); + if(rule->kbytes_per_sec_limit == 0) { + return apr_psprintf(cmd->pool, "%s: number must be numeric value >0", + cmd->directive->directive); + } + rule->event = NULL; + rule->regex = NULL; + rule->condition = NULL; + apr_table_setn(sconf->location_t, apr_pstrdup(cmd->pool, loc), (char *)rule); + return NULL; +} + +/** + * QS_LocRequestLimitMatch: defines the maximum of concurrent requests matching the specified + * request line pattern + */ +const char *qos_match_con_cmd(cmd_parms *cmd, void *dcfg, const char *match, const char *limit) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + qs_rule_ctx_t *rule = (qs_rule_ctx_t *)apr_table_get(sconf->location_t, match); + if(rule == NULL) { + rule = (qs_rule_ctx_t *)apr_pcalloc(cmd->pool, sizeof(qs_rule_ctx_t)); + rule->url = apr_pstrdup(cmd->pool, match); + } + rule->limit = atoi(limit); + if((rule->limit < 0) || ((rule->limit == 0) && limit && (strcmp(limit, "0") != 0))) { + return apr_psprintf(cmd->pool, "%s: number must be numeric value >=0", + cmd->directive->directive); + } + rule->regex = ap_pregcomp(cmd->pool, match, AP_REG_EXTENDED); + if(rule->regex == NULL) { + return apr_psprintf(cmd->pool, "%s: failed to compile regular expression (%s)", + cmd->directive->directive, match); + } + rule->event = NULL; + rule->condition = NULL; + apr_table_setn(sconf->location_t, apr_pstrdup(cmd->pool, match), (char *)rule); + return NULL; +} + +/** + * QS_CondLocRequestLimitMatch: defines the maximum of concurrent requests + * matching the specified request line pattern + */ +const char *qos_cond_match_con_cmd(cmd_parms *cmd, void *dcfg, const char *match, + const char *limit, const char *pattern) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + qs_rule_ctx_t *rule = (qs_rule_ctx_t *)apr_pcalloc(cmd->pool, sizeof(qs_rule_ctx_t)); + rule->url = apr_pstrdup(cmd->pool, match); + rule->limit = atoi(limit); + if((rule->limit < 0) || ((rule->limit == 0) && limit && (strcmp(limit, "0") != 0))) { + return apr_psprintf(cmd->pool, "%s: number must be numeric value >=0", + cmd->directive->directive); + } + rule->regex = ap_pregcomp(cmd->pool, match, AP_REG_EXTENDED); + rule->condition = ap_pregcomp(cmd->pool, pattern, AP_REG_EXTENDED); + if(rule->regex == NULL) { + return apr_psprintf(cmd->pool, "%s: failed to compile regular expression (%s)", + cmd->directive->directive, match); + } + if(rule->condition == NULL) { + return apr_psprintf(cmd->pool, "%s: failed to compile regular expression (%s)", + cmd->directive->directive, pattern); + } + rule->event = NULL; + apr_table_setn(sconf->location_t, apr_pstrcat(cmd->pool, match, "##conditional##", NULL), (char *)rule); + return NULL; +} + +/** + * QS_LocRequestPerSecLimitMatch: defines the maximum requests/sec for + * the matching request line pattern + */ +const char *qos_match_rs_cmd(cmd_parms *cmd, void *dcfg, const char *match, const char *limit) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + qs_rule_ctx_t *rule = (qs_rule_ctx_t *)apr_table_get(sconf->location_t, match); + if(rule == NULL) { + rule = (qs_rule_ctx_t *)apr_pcalloc(cmd->pool, sizeof(qs_rule_ctx_t)); + rule->url = apr_pstrdup(cmd->pool, match); + } + rule->req_per_sec_limit = atol(limit); + if(rule->req_per_sec_limit == 0) { + return apr_psprintf(cmd->pool, "%s: number must be numeric value >0", + cmd->directive->directive); + } + rule->regex = ap_pregcomp(cmd->pool, match, AP_REG_EXTENDED); + if(rule->regex == NULL) { + return apr_psprintf(cmd->pool, "%s: failed to compile regular expression (%s)", + cmd->directive->directive, match); + } + rule->event = NULL; + rule->condition = NULL; + apr_table_setn(sconf->location_t, apr_pstrdup(cmd->pool, match), (char *)rule); + return NULL; +} + +/** + * QS_LocKBytesPerSecLimitMatch: defines the maximum kbytes/sec for + * the matching request line pattern + */ +const char *qos_match_bs_cmd(cmd_parms *cmd, void *dcfg, const char *match, const char *limit) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + qs_rule_ctx_t *rule = (qs_rule_ctx_t *)apr_table_get(sconf->location_t, match); + if(rule == NULL) { + rule = (qs_rule_ctx_t *)apr_pcalloc(cmd->pool, sizeof(qs_rule_ctx_t)); + rule->url = apr_pstrdup(cmd->pool, match); + } + rule->kbytes_per_sec_limit = atol(limit); + if(rule->kbytes_per_sec_limit == 0) { + return apr_psprintf(cmd->pool, "%s: number must be numeric value >0", + cmd->directive->directive); + } + rule->regex = ap_pregcomp(cmd->pool, match, AP_REG_EXTENDED); + if(rule->regex == NULL) { + return apr_psprintf(cmd->pool, "%s: failed to compile regular expression (%s)", + cmd->directive->directive, match); + } + rule->event = NULL; + rule->condition = NULL; + apr_table_setn(sconf->location_t, apr_pstrdup(cmd->pool, match), (char *)rule); + return NULL; +} + +/** + * sets the default limitation of cuncurrent requests + */ +const char *qos_loc_con_def_cmd(cmd_parms *cmd, void *dcfg, const char *limit) { + return qos_loc_con_cmd(cmd, dcfg, "/", limit); +} + +/** + * QS_EventRequestLimit: defines the number of concurrent events + */ +const char *qos_event_req_cmd(cmd_parms *cmd, void *dcfg, const char *event, const char *limit) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + qs_rule_ctx_t *rule = (qs_rule_ctx_t *)apr_pcalloc(cmd->pool, sizeof(qs_rule_ctx_t)); + char *p = strchr(event, '='); + rule->url = apr_pstrcat(cmd->pool, "var=(", event, ")", NULL); + rule->limit = atoi(limit); + rule->req_per_sec_limit = 0; + rule->req_per_sec_limit = 0; + if((rule->limit < 0) || ((rule->limit == 0) && limit && (strcmp(limit, "0") != 0))) { + return apr_psprintf(cmd->pool, "%s: number must be numeric value >=0", + cmd->directive->directive); + } + sconf->has_event_filter = 1; + if(p) { + p++; + rule->regex_var = ap_pregcomp(cmd->pool, p, AP_REG_EXTENDED); + if(rule->regex_var == NULL) { + return apr_psprintf(cmd->pool, "%s: failed to compile regex (%s)", + cmd->directive->directive, p); + } + rule->event = apr_pstrndup(cmd->pool, event, p - event - 1); + } else { + rule->regex_var = NULL; + rule->event = apr_pstrdup(cmd->pool, event); + } + rule->regex = NULL; + rule->condition = NULL; + apr_table_setn(sconf->location_t, rule->url, (char *)rule); + return NULL; +} + +/** + * QS_EventPerSecLimit: defines the maximum requests/sec for the matching variable. + */ +const char *qos_event_rs_cmd(cmd_parms *cmd, void *dcfg, const char *event, const char *limit) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + qs_rule_ctx_t *rule = (qs_rule_ctx_t *)apr_pcalloc(cmd->pool, sizeof(qs_rule_ctx_t)); + rule->url = apr_pstrcat(cmd->pool, "var=[", event, "]", NULL); + rule->req_per_sec_limit = atol(limit); + rule->kbytes_per_sec_limit = 0; + if(rule->req_per_sec_limit == 0) { + return apr_psprintf(cmd->pool, "%s: number must be numeric value >0", + cmd->directive->directive); + } + sconf->has_event_limit = 1; + rule->event = apr_pstrdup(cmd->pool, event); + rule->regex = NULL; + rule->condition = NULL; + rule->limit = -1; + apr_table_setn(sconf->location_t, rule->url, (char *)rule); + return NULL; +} + +/** + * QS_EventKBytesPerSecLimit: maximum download per event + */ +const char *qos_event_bps_cmd(cmd_parms *cmd, void *dcfg, const char *event, const char *limit) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + qs_rule_ctx_t *rule = (qs_rule_ctx_t *)apr_pcalloc(cmd->pool, sizeof(qs_rule_ctx_t)); + rule->url = apr_pstrcat(cmd->pool, "var={", event, "}", NULL); + rule->kbytes_per_sec_limit = atol(limit); + rule->req_per_sec_limit = 0; + if(rule->kbytes_per_sec_limit == 0) { + return apr_psprintf(cmd->pool, "%s: number must be numeric value >0", + cmd->directive->directive); + } + sconf->has_event_limit = 1; + rule->event = apr_pstrdup(cmd->pool, event); + rule->regex = NULL; + rule->condition = NULL; + rule->limit = -1; + apr_table_setn(sconf->location_t, rule->url, (char *)rule); + return NULL; +} + +// QS_CondEventLimitCount +const char *qos_cond_event_limit_cmd(cmd_parms *cmd, void *dcfg, int argc, char *const argv[]) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + qos_event_limit_entry_t *new = apr_array_push(sconf->event_limit_a); + if(argc < 4) { + return apr_psprintf(cmd->pool, "%s: takes 3 arguments", + cmd->directive->directive); + } + new->env_var = apr_pstrdup(cmd->pool, argv[0]); + new->eventDecStr = apr_pstrcat(cmd->pool, argv[0], QS_LIMIT_DEC, NULL); + new->max = atoi(argv[1]); + new->seconds = atoi(argv[2]); + new->action = QS_EVENT_ACTION_DENY; + if(new->max == 0) { + return apr_psprintf(cmd->pool, "%s: number must be numeric value >0", + cmd->directive->directive); + } + if(new->seconds == 0) { + return apr_psprintf(cmd->pool, "%s: seconds must be numeric value >0", + cmd->directive->directive); + } + new->condStr = apr_pstrdup(cmd->pool, argv[3]); + new->preg = ap_pregcomp(cmd->pool, new->condStr, AP_REG_EXTENDED); + if(new->preg == NULL) { + return apr_psprintf(cmd->pool, "%s: failed to compile regex (%s)", + cmd->directive->directive, new->condStr); + } + return NULL; +} + +// QS_EventLimitCount +const char *qos_event_limit_cmd(cmd_parms *cmd, void *dcfg, const char *event, + const char *number, const char *seconds) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + qos_event_limit_entry_t *new = apr_array_push(sconf->event_limit_a); + new->env_var = apr_pstrdup(cmd->pool, event); + new->max = atoi(number); + new->seconds = atoi(seconds); + new->action = QS_EVENT_ACTION_DENY; + new->condStr = NULL; + if(new->max == 0) { + return apr_psprintf(cmd->pool, "%s: number must be numeric value >0", + cmd->directive->directive); + } + if(new->seconds == 0) { + return apr_psprintf(cmd->pool, "%s: seconds must be numeric value >0", + cmd->directive->directive); + } + return NULL; +} + +const char *qos_event_setenvifstatus_cmd(cmd_parms *cmd, void *dcfg, const char *rc, const char *var) { + apr_table_t *setenvstatus_t; + if(cmd->path) { + qos_dir_config *dconf = (qos_dir_config*)dcfg; + setenvstatus_t = dconf->setenvstatus_t; + } else { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + setenvstatus_t = sconf->setenvstatus_t; + } + + if(strcasecmp(rc, QS_CLOSE) == 0) { + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if(err != NULL) { + return apr_psprintf(cmd->pool, "%s: "QS_CLOSE" may only be defined globally", + cmd->directive->directive); + } + if(strcasecmp(var, QS_BLOCK) != 0) { + return apr_psprintf(cmd->pool, "%s: "QS_CLOSE" may only be defined for the event "QS_BLOCK, + cmd->directive->directive); + } + } else if(strcasecmp(rc, QS_MAXIP) == 0) { + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if(err != NULL) { + return apr_psprintf(cmd->pool, "%s: "QS_MAXIP" may only be defined globally", + cmd->directive->directive); + } + if(strcasecmp(var, QS_BLOCK) != 0) { + return apr_psprintf(cmd->pool, "%s: "QS_MAXIP" may only be defined for the event "QS_BLOCK, + cmd->directive->directive); + } + } else if(strcasecmp(rc, QS_EMPTY_CON) == 0) { + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if(err != NULL) { + return apr_psprintf(cmd->pool, "%s: "QS_EMPTY_CON" may only be defined globally", + cmd->directive->directive); + } + if(strcasecmp(var, QS_BLOCK) != 0) { + return apr_psprintf(cmd->pool, "%s: "QS_EMPTY_CON" may only be defined for the event "QS_BLOCK, + cmd->directive->directive); + } + } else if(strcasecmp(rc, QS_BROKEN_CON) == 0) { + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if(err != NULL) { + return apr_psprintf(cmd->pool, "%s: "QS_BROKEN_CON" may only be defined globally", + cmd->directive->directive); + } + if(strcasecmp(var, QS_BLOCK) != 0) { + return apr_psprintf(cmd->pool, "%s: "QS_BROKEN_CON" may only be defined for the event "QS_BLOCK, + cmd->directive->directive); + } + } else { + int code = atoi(rc); + if(code <= 0) { + return apr_psprintf(cmd->pool, "%s: invalid HTTP status code", + cmd->directive->directive); + } + } + apr_table_set(setenvstatus_t, rc, var); + return NULL; +} + +/** QS_SetEnvIfResBody */ +const char *qos_event_setenvifresbody_cmd(cmd_parms *cmd, void *dcfg, const char *pattern, + const char *var) { + qos_dir_config *dconf = (qos_dir_config*)dcfg; + if(dconf->response_pattern) { + return apr_psprintf(cmd->pool, "%s: only one pattern must be configured for a location", + cmd->directive->directive); + } + dconf->response_pattern = apr_pstrdup(cmd->pool, pattern); + dconf->response_pattern_len = strlen(dconf->response_pattern); + dconf->response_pattern_var = apr_pstrdup(cmd->pool, var); + if(var[0] == '!' && !var[1]) { + return apr_psprintf(cmd->pool, "%s: variable name is too short", + cmd->directive->directive); + } + return NULL; +} + +/* QS_SetEnv */ +const char *qos_setenv_cmd(cmd_parms *cmd, void *dcfg, const char *variable, + const char *value) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + if(!variable[0] || !value[0]) { + return apr_psprintf(cmd->pool, "%s: invalid parameter", + cmd->directive->directive); + } + if(strchr(variable, '=')) { + return apr_psprintf(cmd->pool, "%s: variable must not contain a '='", + cmd->directive->directive); + } + apr_table_set(sconf->setenv_t, apr_pstrcat(cmd->pool, variable, "=", value, NULL), variable); + return NULL; +} + +/* QS_SetReqHeader */ +const char *qos_setreqheader_cmd(cmd_parms *cmd, void *dcfg, const char *header, + const char *variable, const char *late) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + + if(!variable[0] || !header[0]) { + return apr_psprintf(cmd->pool, "%s: invalid parameter", + cmd->directive->directive); + } + if(header[0] == '!' && !header[1]) { + return apr_psprintf(cmd->pool, "%s: header name is too short", + cmd->directive->directive); + } + if(strchr(header, '=')) { + return apr_psprintf(cmd->pool, "%s: header name must not contain a '='", + cmd->directive->directive); + } + if(late != NULL) { + if(strcasecmp(late, "late") != 0) { + return apr_psprintf(cmd->pool, "%s: third parameter can only be 'late'", + cmd->directive->directive); + } + apr_table_set(sconf->setreqheaderlate_t, + apr_pstrcat(cmd->pool, header, "=", variable, NULL), header); + } else { + apr_table_set(sconf->setreqheader_t, + apr_pstrcat(cmd->pool, header, "=", variable, NULL), header); + } + return NULL; +} + +/* QS_UnsetReqHeader */ +const char *qos_unsetreqheader_cmd(cmd_parms *cmd, void *dcfg, const char *header) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + apr_table_set(sconf->unsetreqheader_t, header, ""); + return NULL; +} + +/* QS_UnsetResHeader */ +const char *qos_unsetresheader_cmd(cmd_parms *cmd, void *dcfg, const char *header) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + apr_table_set(sconf->unsetresheader_t, header, ""); + return NULL; +} + +const char *qos_event_setenvresheader_cmd(cmd_parms *cmd, void *dcfg, const char *hdr, + const char *action) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + apr_table_set(sconf->setenvresheader_t, hdr, action == NULL ? "" : action); + return NULL; +} + +const char *qos_event_setenvresheadermatch_cmd(cmd_parms *cmd, void *dcfg, const char *hdr, + const char *pcres) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + ap_regex_t *preg = ap_pregcomp(cmd->pool, pcres, AP_REG_DOTALL | AP_REG_ICASE); + if(preg == NULL) { + return apr_psprintf(cmd->pool, "%s: could not compile regular expression '%s'", + cmd->directive->directive, pcres); + } + apr_table_setn(sconf->setenvresheadermatch_t, apr_pstrdup(cmd->pool, hdr), (char *)preg); + return NULL; +} + +const char *qos_redirectif_cmd(cmd_parms *cmd, void *dcfg, const char *var, + const char *pattern, const char *url) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + qos_dir_config *dconf = (qos_dir_config*)dcfg; + qos_redirectif_entry_t *new; + if(cmd->path) { + new = apr_array_push(dconf->redirectif); + } else { + new = apr_array_push(sconf->redirectif); + } + new->name = apr_pstrdup(cmd->pool, var); + new->preg = ap_pregcomp(cmd->pool, pattern, (AP_REG_EXTENDED | AP_REG_ICASE)); + if(new->preg == NULL) { + return apr_psprintf(cmd->pool, "%s: could not compile regular expression %s", + cmd->directive->directive, pattern); + } + if(strncasecmp(url, "307:", 4) == 0) { + new->code = HTTP_TEMPORARY_REDIRECT; + new->url = apr_pstrdup(cmd->pool, &url[4]); + } else if(strncasecmp(url, "301:", 4) == 0) { + new->code = HTTP_MOVED_PERMANENTLY; + new->url = apr_pstrdup(cmd->pool, &url[4]); + } else if(strncasecmp(url, "302:", 4) == 0) { + new->code = HTTP_MOVED_TEMPORARILY; + new->url = apr_pstrdup(cmd->pool, &url[4]); + } else { + new->code = HTTP_MOVED_TEMPORARILY; + new->url = apr_pstrdup(cmd->pool, url); + } + return NULL; +} + +const char *qos_setenvres_cmd(cmd_parms *cmd, void *dcfg, const char *var, + const char *pattern, const char *var2) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + qos_pregval_t *pregval = apr_pcalloc(cmd->pool, sizeof(qos_pregval_t)); + pregval->name = apr_pstrdup(cmd->pool, var2); + pregval->value = strchr(pregval->name, '='); + if(pregval->value) { + pregval->value[0] = '\0'; + pregval->value++; + } + pregval->preg = ap_pregcomp(cmd->pool, pattern, AP_REG_EXTENDED); + if(pregval->preg == NULL) { + return apr_psprintf(cmd->pool, "%s: could not compile regular expression '%s'", + cmd->directive->directive, pattern); + } + apr_table_addn(sconf->setenvres_t, apr_pstrdup(cmd->pool, var), (char *)pregval); + return NULL; +} + +/** QS_SetEnvIf */ +const char *qos_event_setenvif_cmd(cmd_parms *cmd, void *dcfg, const char *v1, const char *v2, + const char *a3) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + qos_setenvif_t *setenvif; + if(cmd->path) { + qos_dir_config *dconf = (qos_dir_config*)dcfg; + setenvif = apr_array_push(dconf->setenvif_t); + } else { + setenvif = apr_array_push(sconf->setenvif_t); + } + + if(a3) { + // mode 1 (boolean AND operator) + setenvif->variable1 = apr_pstrdup(cmd->pool, v1); + setenvif->variable2 = apr_pstrdup(cmd->pool, v2); + setenvif->preg = NULL; + setenvif->name = apr_pstrdup(cmd->pool, a3); + setenvif->value = strchr(setenvif->name, '='); + if(setenvif->value == NULL) { + if(setenvif->name[0] == '!') { + setenvif->value = apr_pstrdup(cmd->pool, ""); + } else { + return apr_psprintf(cmd->pool, "%s: new variable must have the format <name>=<value>", + cmd->directive->directive); + } + } else { + setenvif->value[0] = '\0'; + setenvif->value++; + } + } else { + // mode 2 (pattern match) + char *pattern; + setenvif->variable1 = apr_pstrdup(cmd->pool, v1); + pattern = strchr(setenvif->variable1, '='); + if(pattern == NULL) { + return apr_psprintf(cmd->pool, "%s: missing pattern for variable1", + cmd->directive->directive); + } + pattern[0] = '\0'; + pattern++; + setenvif->variable2 = NULL; + setenvif->preg = ap_pregcomp(cmd->pool, pattern, AP_REG_EXTENDED); + if(setenvif->preg == NULL) { + return apr_psprintf(cmd->pool, "%s: failed to compile regex (%s)", + cmd->directive->directive, pattern); + } + setenvif->name = apr_pstrdup(cmd->pool, v2); + setenvif->value = strchr(setenvif->name, '='); + if(setenvif->value == NULL) { + if(setenvif->name[0] == '!') { + setenvif->value = apr_pstrdup(cmd->pool, ""); + } else { + return apr_psprintf(cmd->pool, "%s: new variable must have the format <name>=<value>", + cmd->directive->directive); + } + } else { + setenvif->value[0] = '\0'; + setenvif->value++; + } + } + return NULL; +} + +/** QS_SetEnvIfCmp */ +const char *qos_cmp_cmd(cmd_parms *cmd, void *dcfg, int argc, char *const argv[]) { + qos_cmp_entry_t *new; + qos_dir_config *conf = dcfg; + char *del; + if(argc != 4) { + return apr_psprintf(cmd->pool, "%s: requires 4 arguments", + cmd->directive->directive); + } + new = apr_array_push(conf->setenvcmp); + new->left = apr_pstrdup(cmd->pool, argv[0]); + if(strcasecmp(argv[1], "eq") == 0) { + new->cmp = QS_CMP_EQ; + } else if(strcasecmp(argv[1], "ne") == 0) { + new->cmp = QS_CMP_NE; + } else if(strcasecmp(argv[1], "lt") == 0) { + new->cmp = QS_CMP_LT; + } else if(strcasecmp(argv[1], "gt") == 0) { + new->cmp = QS_CMP_GT; + } else { + return apr_psprintf(cmd->pool, "%s: invalid operator '%s", + cmd->directive->directive, argv[1]); + } + new->right = apr_pstrdup(cmd->pool, argv[2]); + new->variable = apr_pstrdup(cmd->pool, argv[3]); + del = strchr(new->variable, '='); + if(del) { + new->value = &del[1]; + del[0] = '\0'; + } else { + new->value = apr_pstrdup(cmd->pool, ""); + } + return NULL; +} + +/** QS_SetEnvIfQuery */ +const char *qos_event_setenvifquery_cmd(cmd_parms *cmd, void *dcfg, const char *rx, const char *v) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + qos_setenvifquery_t *setenvif = apr_pcalloc(cmd->pool, sizeof(qos_setenvifquery_t)); + char *p; + setenvif->preg = ap_pregcomp(cmd->pool, rx, AP_REG_EXTENDED); + if(setenvif->preg == NULL) { + return apr_psprintf(cmd->pool, "%s: failed to compile regex (%s)", + cmd->directive->directive, rx); + } + if(strlen(v) < 2) { + return apr_psprintf(cmd->pool, "%s: variable name is too short (%s)", + cmd->directive->directive, v); + } + setenvif->name = apr_pstrdup(cmd->pool, v); + p = strchr(setenvif->name, '='); + if(p == NULL) { + setenvif->value = apr_pstrdup(cmd->pool, ""); + } else { + p[0] = '\0'; + p++; + setenvif->value = p; + } + if(cmd->path) { + qos_dir_config *dconf = (qos_dir_config*)dcfg; + apr_table_setn(dconf->setenvifquery_t, apr_pstrdup(cmd->pool, rx), (char *)setenvif); + } else { + apr_table_setn(sconf->setenvifquery_t, apr_pstrdup(cmd->pool, rx), (char *)setenvif); + } + return NULL; +} + +const char *qos_event_setenvifparpbody_cmd(cmd_parms *cmd, void *dcfg, + const char *rx, const char *v) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + qos_setenvifparpbody_t *setenvif = apr_pcalloc(cmd->pool, sizeof(qos_setenvifparpbody_t)); + char *p; + setenvif->pregx = ap_pregcomp(cmd->pool, rx, AP_REG_DOTALL | AP_REG_EXTENDED | AP_REG_ICASE); + if(setenvif->pregx == NULL) { + return apr_psprintf(cmd->pool, "%s: failed to compile regex (%s)", + cmd->directive->directive, rx); + } + setenvif->name = apr_pstrdup(cmd->pool, v); + p = strchr(setenvif->name, '='); + if(p == NULL) { + setenvif->value = apr_pstrdup(cmd->pool, ""); + } else { + p[0] = '\0'; + p++; + setenvif->value = p; + } + m_requires_parp = 1; + apr_table_setn(sconf->setenvifparpbody_t, apr_pstrdup(cmd->pool, rx), (char *)setenvif); + return NULL; +} + +const char *qos_event_setenvifparp_cmd(cmd_parms *cmd, void *dcfg, const char *rx, const char *v) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + qos_setenvifquery_t *setenvif = apr_pcalloc(cmd->pool, sizeof(qos_setenvifquery_t)); + char *p; + setenvif->preg = ap_pregcomp(cmd->pool, rx, AP_REG_EXTENDED); + if(setenvif->preg == NULL) { + return apr_psprintf(cmd->pool, "%s: failed to compile regex (%s)", + cmd->directive->directive, rx); + } + if(strlen(v) < 2) { + return apr_psprintf(cmd->pool, "%s: variable name is too short (%s)", + cmd->directive->directive, v); + } + setenvif->name = apr_pstrdup(cmd->pool, v); + p = strchr(setenvif->name, '='); + if(p == NULL) { + setenvif->value = apr_pstrdup(cmd->pool, ""); + } else { + p[0] = '\0'; + p++; + setenvif->value = p; + } + m_requires_parp = 1; + apr_table_setn(sconf->setenvifparp_t, apr_pstrdup(cmd->pool, rx), (char *)setenvif); + return NULL; +} + +/** + * defines custom error page + */ +const char *qos_error_page_cmd(cmd_parms *cmd, void *dcfg, const char *path) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + sconf->error_page = apr_pstrdup(cmd->pool, path); + if((sconf->error_page[0] != '/') && + (strncmp(sconf->error_page, "http", 4) != 0)) { + return apr_psprintf(cmd->pool, "%s: requires absolute path (%s)", + cmd->directive->directive, sconf->error_page); + } + return NULL; +} + +#if APR_HAS_THREADS +/** + * QS_Status + */ +const char *qos_qsstatus_cmd(cmd_parms *cmd, void *dcfg, int flag) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if (err != NULL) { + return err; + } + sconf->qsstatus = flag; + return NULL; +} +#endif + +/** + * QS_EventCount + */ +const char *qos_qsevents_cmd(cmd_parms *cmd, void *dcfg, int flag) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if (err != NULL) { + return err; + } + sconf->qsevents = flag; + return NULL; +} + +/** + * pipe to global qslog tool (per Apache instance stat) + */ +const char *qos_qlog_cmd(cmd_parms *cmd, void *dcfg, const char *arg) { + qos_srv_config *sconf = ap_get_module_config(cmd->server->module_config, &qos_module); + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if (err != NULL) { + return err; + } + sconf->qslog_str = apr_pstrdup(cmd->pool, arg); + return NULL; +} + +/** + * global error code setting + */ +const char *qos_error_code_cmd(cmd_parms *cmd, void *dcfg, const char *arg) { + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + int idx500 = ap_index_of_response(HTTP_INTERNAL_SERVER_ERROR); + if (err != NULL) { + return err; + } + m_retcode = atoi(arg); + if((m_retcode < 400) || (m_retcode > 599)) { + return apr_psprintf(cmd->pool, "%s: HTTP response code code must be a" + " numeric value between 400 and 599", + cmd->directive->directive); + } + if(m_retcode != 500) { + if(ap_index_of_response(m_retcode) == idx500) { + return apr_psprintf(cmd->pool, "%s: unsupported HTTP response code", + cmd->directive->directive); + } + } + return NULL; +} + +/** + * global connection close behavior + */ +const char *qos_forced_close_cmd(cmd_parms *cmd, void *dcfg, int flag) { + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if (err != NULL) { + return err; + } + m_forced_close = flag; + return NULL; +} + +/** QS_UserTrackingCookieName */ + +#ifdef AP_TAKE_ARGV +const char *qos_user_tracking_cookie_cmd(cmd_parms *cmd, void *dcfg, + int argc, char *const argv[]) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + int pos = 1; + if(argc == 0) { + return apr_psprintf(cmd->pool, "%s: takes 1 to 4 arguments", + cmd->directive->directive); + } + sconf->user_tracking_cookie = apr_pstrdup(cmd->pool, argv[0]); + while(pos < argc) { + const char *value = argv[pos]; + if(value[0] == '/') { + sconf->user_tracking_cookie_force = apr_pstrdup(cmd->pool, value); + } else if(strcasecmp(value, "session") == 0) { + sconf->user_tracking_cookie_session = 1; + } else if(strcasecmp(value, "jsredirect") == 0) { + sconf->user_tracking_cookie_jsredirect = 1; + } else { + if(sconf->user_tracking_cookie_domain != NULL) { + return apr_psprintf(cmd->pool, "%s: invalid attribute" + " (expects <name>, <path>, 'session', or <domain>", + cmd->directive->directive); + } + sconf->user_tracking_cookie_domain = apr_pstrdup(cmd->pool, value); + } + pos++; + } + return NULL; +} +#else +const char *qos_user_tracking_cookie_cmd(cmd_parms *cmd, void *dcfg, + const char *name, + const char *option1, + const char *option2) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + const char *force = NULL; + sconf->user_tracking_cookie = apr_pstrdup(cmd->pool, name); + if(option1) { + if((strcasecmp(option1, "session") == 0) || + (strcasecmp(option1, "'session'") == 0)) { + sconf->user_tracking_cookie_session = 1; + } else { + force = option1; + } + } + if(option2) { + if((strcasecmp(option2, "session") == 0) || + (strcasecmp(option2, "'session'") == 0)) { + sconf->user_tracking_cookie_session = 1; + } else { + if(force == NULL) { + force = option2; + } + } + } + if(force) { + if(force[0] != '/') { + return apr_psprintf(cmd->pool, "%s: invalid path '%s'", + cmd->directive->directive, force); + } + sconf->user_tracking_cookie_force = apr_pstrdup(cmd->pool, force); + } + return NULL; +} +#endif + +/** + * session definitions: cookie name and path, expiration/max-age + */ +const char *qos_cookie_name_cmd(cmd_parms *cmd, void *dcfg, const char *name) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + sconf->cookie_name = apr_pstrdup(cmd->pool, name); + return NULL; +} + +const char *qos_cookie_path_cmd(cmd_parms *cmd, void *dcfg, const char *path) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + sconf->cookie_path = apr_pstrdup(cmd->pool, path); + return NULL; +} + +const char *qos_timeout_cmd(cmd_parms *cmd, void *dcfg, const char *sec) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + sconf->max_age = atoi(sec); + if(sconf->max_age == 0) { + return apr_psprintf(cmd->pool, "%s: timeout must be numeric value >0", + cmd->directive->directive); + } + return NULL; +} + +const char *qos_key_cmd(cmd_parms *cmd, void *dcfg, const char *seed) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + sconf->rawKey = (unsigned char *)apr_pstrdup(cmd->pool, seed); + sconf->rawKeyLen = strlen(seed); + EVP_BytesToKey(EVP_des_ede3_cbc(), EVP_sha1(), NULL, + sconf->rawKey, sconf->rawKeyLen, 1, sconf->key, NULL); + sconf->keyset = 1; + return NULL; +} + +/** + * name of the http header to mark a vip + */ +const char *qos_header_name_cmd(cmd_parms *cmd, void *dcfg, const char *n, const char *drop) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + char *name = apr_pstrdup(cmd->pool, n); + char *p = strchr(name, '='); + if(p) { + p[0] = '\0'; + p++; + sconf->header_name_regex = ap_pregcomp(cmd->pool, p, AP_REG_EXTENDED); + if(sconf->header_name_regex == NULL) { + return apr_psprintf(cmd->pool, "%s: failed to compile regex (%s)", + cmd->directive->directive, p); + } + } else { + sconf->header_name_regex = NULL; + } + if(drop && (strcasecmp(drop, "drop") == 0)) { + sconf->header_name_drop = 1; + } else { + sconf->header_name_drop = 0; + } + sconf->header_name = name; + return NULL; +} + +const char *qos_ip_header_name_cmd(cmd_parms *cmd, void *dcfg, const char *n, const char *drop) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + char *name = apr_pstrdup(cmd->pool, n); + char *p = strchr(name, '='); + if(p) { + p[0] = '\0'; + p++; + sconf->ip_header_name_regex = ap_pregcomp(cmd->pool, p, AP_REG_EXTENDED); + if(sconf->ip_header_name_regex == NULL) { + return apr_psprintf(cmd->pool, "%s: failed to compile regex (%s)", + cmd->directive->directive, p); + } + } else { + sconf->ip_header_name_regex = NULL; + } + if(drop && (strcasecmp(drop, "drop") == 0)) { + sconf->ip_header_name_drop = 1; + } else { + sconf->ip_header_name_drop = 0; + } + sconf->has_qos_cc = 1; + sconf->ip_header_name = name; + return NULL; +} + +const char *qos_vip_u_cmd(cmd_parms *cmd, void *dcfg) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + sconf->vip_user = 1; + return NULL; +} + +const char *qos_vip_ip_u_cmd(cmd_parms *cmd, void *dcfg) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + sconf->vip_ip_user = 1; + return NULL; +} + +/** + * max concurrent connections per server + */ +const char *qos_max_conn_cmd(cmd_parms *cmd, void *dcfg, const char *number) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + sconf->has_conn_counter = 1; + sconf->max_conn = atoi(number); + if(sconf->max_conn == 0) { + return apr_psprintf(cmd->pool, "%s: number must be numeric value >0", + cmd->directive->directive); + } + return NULL; +} + +/** + * QS_SrvMaxConnClose, disable keep-alive + */ +const char *qos_max_conn_close_cmd(cmd_parms *cmd, void *dcfg, const char *number) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + char *n = apr_pstrdup(cmd->temp_pool, number); + sconf->has_conn_counter = 1; + if((strlen(n) > 1) && + (n[strlen(n)-1] == '%')) { + n[strlen(n)-1] = '\0'; + sconf->max_conn_close = atoi(n); + sconf->max_conn_close_percent = sconf->max_conn_close; + if(sconf->max_conn_close > 99) { + return apr_psprintf(cmd->pool, "%s: number must be a percentage <100", + cmd->directive->directive); + } + } else { + sconf->max_conn_close = atoi(n); + sconf->max_conn_close_percent = 0; + } + if(sconf->max_conn_close == 0) { + return apr_psprintf(cmd->pool, "%s: number must be >0", + cmd->directive->directive); + } + return NULL; +} + +/** + * max concurrent connections per client ip + */ +const char *qos_max_conn_ip_cmd(cmd_parms *cmd, void *dcfg, const char *number, + const char *connections) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + sconf->has_conn_counter = 1; + sconf->max_conn_per_ip = atoi(number); + if(sconf->max_conn_per_ip == 0) { + return apr_psprintf(cmd->pool, "%s: number must be numeric value >0", + cmd->directive->directive); + } + if(connections) { + sconf->max_conn_per_ip_connections = atoi(connections); + if((sconf->max_conn_per_ip_connections == 0) && + (strcmp(connections, "0") != 0)) { + return apr_psprintf(cmd->pool, "%s: number must be numeric value >0", + cmd->directive->directive); + } + } + return NULL; +} + +/* QS_SrvMaxConnPerIPIgnoreVIP */ +const char *qos_max_conn_ip_vip_off_cmd(cmd_parms *cmd, void *dcfg, int flag) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + sconf->max_conn_per_ip_ignore_vip = flag; + return NULL; +} + +/** + * QS_SrvSerialize + */ +const char *qos_serialize_cmd(cmd_parms *cmd, void *dcfg, const char * flag, + const char *seconds) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + if(strcasecmp(flag, "on") == 0) { + sconf->serialize = 1; + } else if(strcasecmp(flag, "off") == 0) { + sconf->serialize = 0; + } else { + return apr_psprintf(cmd->pool, "%s: flag needs to be either 'on' or 'off'", + cmd->directive->directive); + } + if(seconds) { + sconf->serializeTMO = atoi(seconds); + if(sconf->serializeTMO <= 0) { + return apr_psprintf(cmd->pool, "%s: timeout (seconds) must be a numeric value >0", + cmd->directive->directive); + } + // n * 50 milliseconds + sconf->serializeTMO = sconf->serializeTMO * 20; + } + return NULL; +} + +/** + * ip address without any limitation + */ +const char *qos_max_conn_ex_cmd(cmd_parms *cmd, void *dcfg, const char *addr) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + if(addr[strlen(addr)-1] == '.') { + /* address range */ + apr_table_add(sconf->exclude_ip, addr, "r"); + } else if(addr[strlen(addr)-1] == ':') { + /* address range */ + apr_table_add(sconf->exclude_ip, addr, "r"); + } else { + /* single ip */ + apr_table_add(sconf->exclude_ip, addr, "s"); + } + return NULL; +} + +const char *qos_req_rate_off_cmd(cmd_parms *cmd, void *dcfg) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + sconf->min_rate_off = 1; + return NULL; +} + +/** verify, that the platform supports "%p" in sprintf */ +static int qos_sprintfcheck() { + char buf[128]; + char buf2[128]; + sprintf(buf, "%p", buf); + sprintf(buf2, "%p", buf2); + if((strcmp(buf, buf2) == 0) || (strlen(buf) < 4)) { + /* not okay */ + return 0; + } + return 1; +} + +const char *qos_req_rate_cmd(cmd_parms *cmd, void *dcfg, const char *sec, const char *secmax) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if (err != NULL) { + return err; + } + if(!qos_sprintfcheck()) { + return apr_psprintf(cmd->pool, "%s: directive can't be used on this platform", + cmd->directive->directive); + } + if(sconf->req_rate != -1) { + return apr_psprintf(cmd->pool, "%s: directive can't be used together with QS_SrvMinDataRate", + cmd->directive->directive); + } + sconf->req_rate = atoi(sec); + if(sconf->req_rate <= 0) { + return apr_psprintf(cmd->pool, "%s: request rate must be a numeric value >0", + cmd->directive->directive); + } + if(secmax) { + sconf->min_rate_max = atoi(secmax); + if(sconf->min_rate_max <= sconf->min_rate) { + return apr_psprintf(cmd->pool, "%s: max. data rate must be a greater than min. value", + cmd->directive->directive); + } + } + return NULL; +} + +/* QS_SrvMinDataRateOffEvent */ +const char *qos_min_rate_off_cmd(cmd_parms *cmd, void *dcfg, const char *var) { + apr_table_t *disable_reqrate_events; + if(cmd->path) { + qos_dir_config *dconf = (qos_dir_config*)dcfg; + disable_reqrate_events = dconf->disable_reqrate_events; + } else { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + disable_reqrate_events = sconf->disable_reqrate_events; + } + if(((var[0] != '+') && (var[0] != '-')) || (strlen(var) < 2)) { + return apr_psprintf(cmd->pool, "%s: invalid variable (requires +/- prefix)", + cmd->directive->directive); + } + apr_table_set(disable_reqrate_events, var, ""); + return NULL; +} + +#ifdef AP_TAKE_ARGV +const char *qos_min_rate_cmd(cmd_parms *cmd, void *dcfg, int argc, char *const argv[]) +#else +const char *qos_min_rate_cmd(cmd_parms *cmd, void *dcfg, const char *_sec, const char *_secmax) +#endif +{ + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + const char *sec = NULL; + const char *secmax = NULL; + const char *connections = NULL; +#ifdef AP_TAKE_ARGV + if(argc == 0) { + return apr_psprintf(cmd->pool, "%s: takes 1 to 3 arguments", + cmd->directive->directive); + } + sec = argv[0]; + if(argc > 1) { + secmax = argv[1]; + } + if(argc > 2) { + connections = argv[2]; + } +#else + sec = _sec; + secmax = _secmax; +#endif + if (err != NULL) { + return err; + } + if(!qos_sprintfcheck()) { + return apr_psprintf(cmd->pool, "%s: directive can't be used on this platform", + cmd->directive->directive); + } + if(sconf->req_rate != -1) { + return apr_psprintf(cmd->pool, "%s: directive can't be used together with QS_SrvRequestRate", + cmd->directive->directive); + } + sconf->req_rate = atoi(sec); + sconf->min_rate = sconf->req_rate; + if(connections) { + sconf->req_rate_start = atoi(connections); + if(sconf->req_rate_start <= 0) { + return apr_psprintf(cmd->pool, "%s: number of connections must be a numeric value >0", + cmd->directive->directive); + } + } + if(sconf->req_rate <= 0) { + return apr_psprintf(cmd->pool, "%s: minimal data rate must be a numeric value >0", + cmd->directive->directive); + } + if(secmax) { + sconf->min_rate_max = atoi(secmax); + if(sconf->min_rate_max <= sconf->min_rate) { + return apr_psprintf(cmd->pool, "%s: max. data rate must be a greater than min. value", + cmd->directive->directive); + } + } + return NULL; +} + +/* QS_SrvMinDataRateIgnoreVIP */ +const char *qos_min_rate_vip_off_cmd(cmd_parms *cmd, void *dcfg, int flag) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if (err != NULL) { + return err; + } + sconf->req_ignore_vip_rate = flag; + return NULL; +} + +/** + * generic filter command + */ +const char *qos_deny_cmd(cmd_parms *cmd, void *dcfg, + const char *id, const char *action, const char *pcres, + qs_rfilter_type_e type, int options) { + qos_dir_config *dconf = (qos_dir_config*)dcfg; + qos_rfilter_t *flt = apr_pcalloc(cmd->pool, sizeof(qos_rfilter_t)); + flt->type = type; + if(((id[0] != '+') && (id[0] != '-')) || (strlen(id) < 2)) { + return apr_psprintf(cmd->pool, "%s: invalid rule id", + cmd->directive->directive); + } + flt->id = apr_pstrdup(cmd->pool, &id[1]); + if(strcasecmp(action, "log") == 0) { + flt->action = QS_LOG; + } else if(strcasecmp(action, "deny") == 0) { + flt->action = QS_DENY; + } else { + return apr_psprintf(cmd->pool, "%s: invalid action", + cmd->directive->directive); + } + if(flt->type != QS_DENY_EVENT) { + flt->preg = ap_pregcomp(cmd->pool, pcres, AP_REG_DOTALL | options); + if(flt->preg == NULL) { + return apr_psprintf(cmd->pool, "%s: could not compile regular expression '%s'", + cmd->directive->directive, + pcres); + } + } + flt->text = apr_pstrdup(cmd->pool, pcres); + apr_table_setn(dconf->rfilter_table, apr_pstrdup(cmd->pool, id), (char *)flt); + return NULL; +} +const char *qos_deny_rql_cmd(cmd_parms *cmd, void *dcfg, + const char *id, const char *action, const char *pcres) { + return qos_deny_cmd(cmd, dcfg, id, action, pcres, QS_DENY_REQUEST_LINE, AP_REG_ICASE); +} +const char *qos_deny_path_cmd(cmd_parms *cmd, void *dcfg, + const char *id, const char *action, const char *pcres) { + return qos_deny_cmd(cmd, dcfg, id, action, pcres, QS_DENY_PATH, AP_REG_ICASE); +} +const char *qos_deny_query_cmd(cmd_parms *cmd, void *dcfg, + const char *id, const char *action, const char *pcres) { + return qos_deny_cmd(cmd, dcfg, id, action, pcres, QS_DENY_QUERY, AP_REG_ICASE); +} +const char *qos_deny_event_cmd(cmd_parms *cmd, void *dcfg, + const char *id, const char *action, const char *event) { + return qos_deny_cmd(cmd, dcfg, id, action, event, QS_DENY_EVENT, 0); +} +const char *qos_permit_uri_cmd(cmd_parms *cmd, void *dcfg, + const char *id, const char *action, const char *pcres) { + return qos_deny_cmd(cmd, dcfg, id, action, pcres, QS_PERMIT_URI, 0); +} +const char *qos_deny_urlenc_cmd(cmd_parms *cmd, void *dcfg, const char *mode) { + qos_dir_config *dconf = (qos_dir_config*)dcfg; + if(strcasecmp(mode, "log") == 0) { + dconf->urldecoding = QS_LOG; + } else if(strcasecmp(mode, "deny") == 0) { + dconf->urldecoding = QS_DENY; + } else if(strcasecmp(mode, "off") == 0) { + dconf->urldecoding = QS_OFF; + } else { + return apr_psprintf(cmd->pool, "%s: invalid action", + cmd->directive->directive); + } + return NULL; +} + +const char *qos_milestone_tmo_cmd(cmd_parms *cmd, void *dcfg, const char *sec) { + qos_srv_config *sconf = ap_get_module_config(cmd->server->module_config, &qos_module); + sconf->milestoneTimeout = atoi(sec); + if(sconf->milestoneTimeout <= 0) { + return apr_psprintf(cmd->pool, "%s: timeout must be numeric value >0", + cmd->directive->directive); + } + return NULL; +} + +const char *qos_milestone_cmd(cmd_parms *cmd, void *dcfg, const char *action, + const char *pattern, const char *thinktimestr) { + qos_srv_config *sconf = ap_get_module_config(cmd->server->module_config, &qos_module); + qos_milestone_t *ms; + if(sconf->milestones == NULL) { + sconf->milestones = apr_array_make(cmd->pool, 100, sizeof(qos_milestone_t)); + } + ms = apr_array_push(sconf->milestones); + ms->num = sconf->milestones->nelts - 1; + if(thinktimestr != NULL) { + ms->thinktime = atoi(thinktimestr); + if(ms->thinktime <= 0) { + return apr_psprintf(cmd->pool, "%s: invalid 'think time' (must be numeric value >0)", + cmd->directive->directive); + } + } else { + ms->thinktime = 0; + } + ms->preg = ap_pregcomp(cmd->pool, pattern, AP_REG_DOTALL); + if(ms->preg == NULL) { + return apr_psprintf(cmd->pool, "%s: could not compile regular expression '%s'", + cmd->directive->directive, pattern); + } + ms->pattern = apr_pstrdup(cmd->pool, pattern); + if(strcasecmp(action, "deny") == 0) { + ms->action = QS_DENY; + } else if(strcasecmp(action, "log") == 0) { + ms->action = QS_LOG; + } else { + return apr_psprintf(cmd->pool, "%s: invalid action %s", + cmd->directive->directive, action); + } + return NULL; +} + +const char *qos_maxpost_cmd(cmd_parms *cmd, void *dcfg, const char *bytes) { + apr_off_t s; + char *errp = NULL; +#ifdef ap_http_scheme + /* Apache 2.2 */ + if(APR_SUCCESS != apr_strtoff(&s, bytes, &errp, 10)) +#else + if((s = apr_atoi64(bytes)) < 0) +#endif + { + return "QS_LimitRequestBody argument is not parsable"; + } + if(s < 0) { + return "QS_LimitRequestBody requires a non-negative integer"; + } + if(cmd->path == NULL) { + /* server */ + qos_srv_config *sconf = ap_get_module_config(cmd->server->module_config, &qos_module); + sconf->maxpost = s; + } else { + /* location */ + qos_dir_config *dconf = (qos_dir_config*)dcfg; + dconf->maxpost = s; + } + return NULL; +} + +/* QS_Decoding */ +const char *qos_dec_cmd(cmd_parms *cmd, void *dcfg, const char *arg) { + qos_dir_config *dconf = (qos_dir_config*)dcfg; +// if(strcasecmp(arg, "html") == 0) { +// dconf->dec_mode |= QOS_DEC_MODE_FLAGS_HTML; +// } else + if(strcasecmp(arg, "uni") == 0) { + dconf->dec_mode |= QOS_DEC_MODE_FLAGS_UNI; +// } if(strcasecmp(arg, "ansi") == 0) { +// dconf->dec_mode |= QOS_DEC_MODE_FLAGS_ANSI; + } else { + return apr_psprintf(cmd->pool, "%s: unknown decoding '%s'", + cmd->directive->directive, arg); + } + return NULL; +} + +const char *qos_denyinheritoff_cmd(cmd_parms *cmd, void *dcfg) { + qos_dir_config *dconf = (qos_dir_config*)dcfg; + dconf->inheritoff = 1; + return NULL; +} + +const char *qos_denybody_cmd(cmd_parms *cmd, void *dcfg, int flag) { + qos_dir_config *dconf = (qos_dir_config*)dcfg; + dconf->bodyfilter_p = flag; + dconf->bodyfilter_d = flag; + if(flag) { + m_requires_parp = 1; + } + return NULL; +} + +const char *qos_denybody_d_cmd(cmd_parms *cmd, void *dcfg, int flag) { + qos_dir_config *dconf = (qos_dir_config*)dcfg; + dconf->bodyfilter_d = flag; + if(flag) { + m_requires_parp = 1; + } + return NULL; +} + +const char *qos_denybody_p_cmd(cmd_parms *cmd, void *dcfg, int flag) { + qos_dir_config *dconf = (qos_dir_config*)dcfg; + dconf->bodyfilter_p = flag; + if(flag) { + m_requires_parp = 1; + } + return NULL; +} + +/* QS_RequestHeaderFilter enables/disables header filter */ +const char *qos_headerfilter_cmd(cmd_parms *cmd, void *dcfg, const char *flag) { + qs_headerfilter_mode_e headerfilter; + if(strcasecmp(flag, "on") == 0) { + headerfilter = QS_HEADERFILTER_ON; + } else if(strcasecmp(flag, "off") == 0) { + headerfilter = QS_HEADERFILTER_OFF; + } else if(strcasecmp(flag, "size") == 0) { + headerfilter = QS_HEADERFILTER_SIZE_ONLY; + } else { + return apr_psprintf(cmd->pool, "%s: invalid argument", + cmd->directive->directive); + } + if(cmd->path) { + qos_dir_config *dconf = (qos_dir_config*)dcfg; + dconf->headerfilter = headerfilter; + } else { + qos_srv_config *sconf = ap_get_module_config(cmd->server->module_config, &qos_module); + sconf->headerfilter = headerfilter; + } + return NULL; +} + +/* QS_ResponseHeaderFilter */ +const char *qos_resheaderfilter_cmd(cmd_parms *cmd, void *dcfg, const char *flag) { + qos_dir_config *dconf = (qos_dir_config*)dcfg; + if(strcasecmp(flag, "on") == 0) { + dconf->resheaderfilter = QS_HEADERFILTER_ON; + } else if(strcasecmp(flag, "off") == 0) { + dconf->resheaderfilter = QS_HEADERFILTER_OFF; + } else if(strcasecmp(flag, "silent") == 0) { + dconf->resheaderfilter = QS_HEADERFILTER_SILENT; + } else { + return apr_psprintf(cmd->pool, "%s: invalid argument", + cmd->directive->directive); + } + return NULL; +} + +/* QS_RequestHeaderFilterRule: set custom header rules (global only) + name, action, pcre, size */ +#ifdef AP_TAKE_ARGV +const char *qos_headerfilter_rule_cmd(cmd_parms *cmd, void *dcfg, int argc, char *const argv[]) +#else +const char *qos_headerfilter_rule_cmd(cmd_parms *cmd, void *dcfg, + const char *header, const char *action, + const char *rule) +#endif + { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + qos_fhlt_r_t *he; +#ifdef AP_TAKE_ARGV + const char *header; + const char *rule; + const char *action; +#endif + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if (err != NULL) { + return err; + } +#ifdef AP_TAKE_ARGV + if(argc != 4) { + return apr_psprintf(cmd->pool, "%s: takes 4 arguments", + cmd->directive->directive); + } +#endif + he = apr_pcalloc(cmd->pool, sizeof(qos_fhlt_r_t)); +#ifdef AP_TAKE_ARGV + header = argv[0]; + action = argv[1]; + rule = argv[2]; + he->size = atoi(argv[3]); +#else + he->size = 9000; +#endif + he->text = apr_pstrdup(cmd->pool, rule); + he->preg = ap_pregcomp(cmd->pool, rule, AP_REG_DOTALL); + if(strcasecmp(action, "deny") == 0) { + he->action = QS_FLT_ACTION_DENY; + } else if(strcasecmp(action, "drop") == 0) { + he->action = QS_FLT_ACTION_DROP; + } else { + return apr_psprintf(cmd->pool, "%s: invalid action %s", + cmd->directive->directive, action); + } + if(he->preg == NULL) { + return apr_psprintf(cmd->pool, "%s: could not compile regular expression '%s'", + cmd->directive->directive, rule); + } + if(he->size <= 0) { + return apr_psprintf(cmd->pool, "%s: size must be numeric value >0", + cmd->directive->directive); + } + apr_table_setn(sconf->hfilter_table, apr_pstrdup(cmd->pool, header), (char *)he); + return NULL; +} + +const char *qos_resheaderfilter_rule_cmd(cmd_parms *cmd, void *dcfg, + const char *header, + const char *rule, const char *size) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + qos_fhlt_r_t *he; + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if (err != NULL) { + return err; + } + he = apr_pcalloc(cmd->pool, sizeof(qos_fhlt_r_t)); + he->size = atoi(size); + he->text = apr_pstrdup(cmd->pool, rule); + he->preg = ap_pregcomp(cmd->pool, rule, AP_REG_DOTALL); + he->action = QS_FLT_ACTION_DROP; + if(he->preg == NULL) { + return apr_psprintf(cmd->pool, "%s: could not compile regular expression '%s'", + cmd->directive->directive, rule); + } + if(he->size <= 0) { + return apr_psprintf(cmd->pool, "%s: size must be numeric value >0", + cmd->directive->directive); + } + apr_table_setn(sconf->reshfilter_table, apr_pstrdup(cmd->pool, header), (char *)he); + return NULL; +} + +const char *qos_geodb_cmd(cmd_parms *cmd, void *dcfg, const char *arg1) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + char *msg = NULL; + int errors = 0; + qos_geo_t *geodb = apr_pcalloc(cmd->pool, sizeof(qos_geo_t)); + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if (err != NULL) { + return err; + } + + sconf->geodb = geodb; + sconf->geodb->data = NULL; + sconf->geodb->path = ap_server_root_relative(cmd->pool, arg1); + sconf->geodb->size = 0; + + if(qos_loadgeo(cmd->pool, sconf->geodb, &msg, &errors) != APR_SUCCESS) { + return apr_psprintf(cmd->pool, "%s: failed to load the database: %s" + " (total %d errors)", + cmd->directive->directive, + msg ? msg : "-", + errors); + } + + return NULL; +} + +const char *qos_geopriv_cmd(cmd_parms *cmd, void *dcfg, const char *list, const char *con, + const char *excludeUnknown) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + char *next = apr_pstrdup(cmd->pool, list); + int geo_limit; + char *name; + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if (err != NULL) { + return err; + } + name = apr_strtok(next, ",", &next); + if(name == NULL) { + return apr_psprintf(cmd->pool, "%s: empty list", + cmd->directive->directive); + } + while(name) { + apr_table_set(sconf->geo_priv, name, ""); + name = apr_strtok(NULL, ",", &next); + } + geo_limit = atoi(con); + if(geo_limit <= 0 && con[0] != '0' && con[1] != '\0') { + return apr_psprintf(cmd->pool, "%s: invalid connection number", + cmd->directive->directive); + } + if(sconf->geo_limit != -1 && sconf->geo_limit != geo_limit) { + return apr_psprintf(cmd->pool, "%s: already configured with a different limitation", + cmd->directive->directive); + } + if(excludeUnknown != NULL) { + if(strcasecmp(excludeUnknown, excludeUnknown) != 0) { + return apr_psprintf(cmd->pool, "%s: invalid argument %s", + cmd->directive->directive, excludeUnknown); + } + sconf->geo_excludeUnknown = 1; + } + sconf->geo_limit = geo_limit; + return NULL; +} + +const char *qos_enable_ipv6_cmd(cmd_parms *cmd, void *dcfg, int flag) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if (err != NULL) { + return err; + } + if(flag) { + sconf->ip_type = QS_IP_V6; + } else { + sconf->ip_type = QS_IP_V4; + } + return NULL; +} + +const char *qos_client_ex_cmd(cmd_parms *cmd, void *dcfg, const char *addr) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if (err != NULL) { + return err; + } + if(strlen(addr) == 0) { + return apr_psprintf(cmd->pool, "%s: invalid address", + cmd->directive->directive); + } + if(addr[strlen(addr)-1] == '.') { + /* address range */ + apr_table_add(sconf->cc_exclude_ip, addr, "r"); + } else if(addr[strlen(addr)-1] == ':') { + /* address range */ + apr_table_add(sconf->cc_exclude_ip, addr, "r"); + } else { + /* single ip */ + apr_table_add(sconf->cc_exclude_ip, addr, "s"); + } + return NULL; +} + +const char *qos_client_cmd(cmd_parms *cmd, void *dcfg, const char *arg1) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if (err != NULL) { + return err; + } + sconf->qos_cc_size = atoi(arg1); +#ifdef QS_INTERNAL_TEST + sconf->qos_cc_size = sconf->qos_cc_size / 100 * 100 ; +#else + sconf->qos_cc_size = sconf->qos_cc_size / 640 * 640 ; +#endif + if(sconf->qos_cc_size < 50000) { + m_qos_cc_partition = 2; + } + if(sconf->qos_cc_size >= 100000) { + m_qos_cc_partition = 8; + } + if(sconf->qos_cc_size >= 500000) { + m_qos_cc_partition = 16; + } + if(sconf->qos_cc_size >= 1000000) { + m_qos_cc_partition = 32; + } + if(sconf->qos_cc_size >= 4000000) { + m_qos_cc_partition = 64; + } + if(sconf->qos_cc_size <= 0 || sconf->qos_cc_size > 10000000) { + return apr_psprintf(cmd->pool, "%s: number must be numeric value gearter than 640" + " and less than 10000000", + cmd->directive->directive); + } + return NULL; +} + +#ifdef AP_TAKE_ARGV +const char *qos_client_pref_cmd(cmd_parms *cmd, void *dcfg, int argc, char *const argv[]) +#else +const char *qos_client_pref_cmd(cmd_parms *cmd, void *dcfg) +#endif + { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if (err != NULL) { + return err; + } + sconf->has_qos_cc = 1; + sconf->qos_cc_prefer = 80; +#ifdef AP_TAKE_ARGV + if(argc) { + char *copy = apr_pstrdup(cmd->pool, argv[0]); + char *p = strchr(copy, '%'); + if(p) { + p[0] = '\0'; + } + sconf->qos_cc_prefer = atoi(copy); + } +#endif + if((sconf->qos_cc_prefer < 1) || (sconf->qos_cc_prefer > 99)) { + return apr_psprintf(cmd->pool, "%s: percentage must be a numeric value" + " between 1 and 99", + cmd->directive->directive); + } +#ifdef AP_TAKE_ARGV + if(argc > 1) { + return apr_psprintf(cmd->pool, "%s: command takes not more than one argument", + cmd->directive->directive); + } +#endif + return NULL; +} + +const char *qos_client_block_cmd(cmd_parms *cmd, void *dcfg, const char *arg1, + const char *arg2) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if (err != NULL) { + return err; + } + sconf->has_qos_cc = 1; + sconf->qos_cc_block = atoi(arg1); + if((sconf->qos_cc_block < 0) || sconf->qos_cc_block >= (USHRT_MAX-1) || ((sconf->qos_cc_block == 0) && (strcmp(arg1, "0") != 0))) { + return apr_psprintf(cmd->pool, "%s: number must be numeric value >=0 and <%d.", + cmd->directive->directive, USHRT_MAX-1); + } + if(arg2) { + sconf->qos_cc_blockTime = atoi(arg2); + } + if(sconf->qos_cc_blockTime == 0) { + return apr_psprintf(cmd->pool, "%s: time must be numeric value >0", + cmd->directive->directive); + } + return NULL; +} + +const char *qos_client_limit_int_cmd(cmd_parms *cmd, void *dcfg, const char *arg_number, + const char *arg_sec, const char *arg_varname, + const char *arg_condition) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + char *limit_name = QS_LIMIT_DEFAULT; + int limit; + time_t limitTime = 600; + qos_s_entry_limit_conf_t *entry = apr_pcalloc(cmd->pool, sizeof(qos_s_entry_limit_conf_t)); + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if (err != NULL) { + return err; + } + sconf->has_qos_cc = 1; + limit = atoi(arg_number); + if((limit < 0) || limit >= (USHRT_MAX-1) || ((limit == 0) && (strcmp(arg_number, "0") != 0))) { + return apr_psprintf(cmd->pool, "%s: number must be numeric value >=0 and <%d.", + cmd->directive->directive, USHRT_MAX-1); + } + if(arg_sec) { + limitTime = atoi(arg_sec); + } + if(limitTime == 0) { + return apr_psprintf(cmd->pool, "%s: time must be numeric value >0", + cmd->directive->directive); + } + if(arg_varname) { + limit_name = apr_pstrdup(cmd->pool, arg_varname); + } + entry->limit = limit; + entry->limitTime = limitTime; + entry->condStr = NULL; + entry->preg = NULL; + if(arg_condition) { + entry->condStr = apr_pstrdup(cmd->pool, arg_condition); + entry->preg = ap_pregcomp(cmd->pool, entry->condStr, AP_REG_EXTENDED); + if(entry->preg == NULL) { + return apr_psprintf(cmd->pool, "%s: failed to compile regex (%s)", + cmd->directive->directive, entry->condStr); + } + } + if(apr_table_get(sconf->qos_cc_limitTable, limit_name) != NULL) { + return apr_psprintf(cmd->pool, "%s: variable %s has already been used by" + " another QS_[Cond]ClientEventLimitCount directive", + cmd->directive->directive, limit_name); + } + apr_table_setn(sconf->qos_cc_limitTable, limit_name, (char *)entry); + return NULL; +} + +/* QS_ClientEventLimitCount <number> <seconds> <variable> */ +const char *qos_client_limit_cmd(cmd_parms *cmd, void *dcfg, const char *arg_number, + const char *arg_sec, const char *arg_varname) { + return qos_client_limit_int_cmd(cmd, dcfg, arg_number, arg_sec, arg_varname, NULL); +} + +#ifdef AP_TAKE_ARGV +/* QS_CondClientEventLimitCount <number> <seconds> <variable> <pattern> */ +const char *qos_cond_client_limit_cmd(cmd_parms *cmd, void *dcfg, int argc, char *const argv[]) { + if(argc != 4) { + return apr_psprintf(cmd->pool, "%s: takes 4 arguments", + cmd->directive->directive); + } + return qos_client_limit_int_cmd(cmd, dcfg, argv[0], argv[1], argv[2], argv[3]); +} +#endif + +const char *qos_client_forwardedfor_cmd(cmd_parms *cmd, void *dcfg, const char *header) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if (err != NULL) { + return err; + } + sconf->qos_cc_forwardedfor = apr_pstrdup(cmd->pool, header); + return NULL; +} + +const char *qos_client_serial_cmd(cmd_parms *cmd, void *dcfg) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if (err != NULL) { + return err; + } + sconf->has_qos_cc = 1; + sconf->qos_cc_serialize = 1; + return NULL; +} + +const char *qos_req_rate_tm_cmd(cmd_parms *cmd, void *dcfg, const char *arg1) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if (err != NULL) { + return err; + } + sconf->qs_req_rate_tm= atoi(arg1); + if(sconf->qs_req_rate_tm < 2) { + return apr_psprintf(cmd->pool, "%s: must be numeric value between >1", + cmd->directive->directive); + } + return NULL; +} + +const char *qos_client_tolerance_cmd(cmd_parms *cmd, void *dcfg, const char *arg1) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + char *value = apr_pstrdup(cmd->pool, arg1); + char *p = strchr(value, '%'); + if(p) { + p[0] = '\0'; + } + if (err != NULL) { + return err; + } + sconf->cc_tolerance = atoi(value); + if(sconf->cc_tolerance < 5 || sconf->cc_tolerance > 80) { + return apr_psprintf(cmd->pool, "%s: must be numeric value between 5 and 80", + cmd->directive->directive); + } + return NULL; +} + +#ifdef AP_TAKE_ARGV +const char *qos_client_contenttype(cmd_parms *cmd, void *dcfg, int argc, char *const argv[]) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + if(argc != 5) { + return apr_psprintf(cmd->pool, "%s: requires five arguments", + cmd->directive->directive); + } + sconf->static_on = 1; + sconf->static_html = atol(argv[0]); + sconf->static_cssjs = atol(argv[1]); + sconf->static_img = atol(argv[2]); + sconf->static_other = atol(argv[3]); + sconf->static_notmodified = atol(argv[4]); + if(sconf->static_html == 0 || + sconf->static_cssjs == 0 || + sconf->static_img == 0 || + sconf->static_other == 0 || + sconf->static_notmodified == 0) { + return apr_psprintf(cmd->pool, "%s: requires numeric values greater than 0", + cmd->directive->directive); + } else { + unsigned long long s_all = sconf->static_html + sconf->static_img + sconf->static_cssjs + + sconf->static_other + sconf->static_notmodified; + unsigned long long s_2html = 100 * sconf->static_html / s_all; + unsigned long long s_2cssjs = 100 * sconf->static_cssjs / s_all; + unsigned long long s_2img = 100 * sconf->static_img / s_all; + unsigned long long s_2other = 100 * sconf->static_other / s_all; + unsigned long long s_2notmodified = 100 * sconf->static_notmodified / s_all; + sconf->static_html = s_2html; + sconf->static_cssjs = s_2cssjs; + sconf->static_img = s_2img; + sconf->static_other = s_2other; + sconf->static_notmodified = s_2notmodified; + } + return NULL; +} +#endif + +const char *qos_client_event_cmd(cmd_parms *cmd, void *dcfg, const char *arg1) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if (err != NULL) { + return err; + } + sconf->has_qos_cc = 1; + sconf->qos_cc_event = atoi(arg1); + if((sconf->qos_cc_event < 0) || ((sconf->qos_cc_event == 0) && (strcmp(arg1, "0") != 0))) { + return apr_psprintf(cmd->pool, "%s: number must be numeric value >=0", + cmd->directive->directive); + } + return NULL; +} + +const char *qos_client_event_req_cmd(cmd_parms *cmd, void *dcfg, const char *arg1) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if (err != NULL) { + return err; + } + sconf->has_qos_cc = 1; + sconf->qos_cc_event_req = atoi(arg1); + if((sconf->qos_cc_event_req < 0) || ((sconf->qos_cc_event_req == 0) && (strcmp(arg1, "0") != 0))) { + return apr_psprintf(cmd->pool, "%s: number must be numeric value >=0", + cmd->directive->directive); + } + return NULL; +} + +const char *qos_disable_handler_cmd(cmd_parms *cmd, void *dcfg, int flag) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + sconf->disable_handler = flag; + return NULL; +} + +#ifdef QS_INTERNAL_TEST +const char *qos_disable_int_ip_cmd(cmd_parms *cmd, void *dcfg, const char *arg) { + qos_srv_config *sconf = (qos_srv_config*)ap_get_module_config(cmd->server->module_config, + &qos_module); + if(strcasecmp(arg, "off") == 0 ) { + sconf->enable_testip = 0; + } else if(strcasecmp(arg, "on") == 0 ) { + sconf->enable_testip = 1; + } else { + sconf->enable_testip = 1; + m_qs_sim_ip_len = atoi(arg); + if(m_qs_sim_ip_len == 0) { + return apr_psprintf(cmd->pool, "%s: must be on/off or the number of IPs", + cmd->directive->directive); + } + } + return NULL; +} +#endif + +static const command_rec qos_config_cmds[] = { + /* request limitation per location */ + AP_INIT_TAKE1("QS_LocRequestLimitDefault", qos_loc_con_def_cmd, NULL, + RSRC_CONF, + "QS_LocRequestLimitDefault <number>, defines the default for the" + " QS_LocRequestLimit and QS_LocRequestLimitMatch directive."), + + AP_INIT_TAKE2("QS_LocRequestLimit", qos_loc_con_cmd, NULL, + RSRC_CONF, + "QS_LocRequestLimit <location> <number>, defines the maximum number of" + " concurrent requests allowed to access the specified location. Default is defined by the" + " QS_LocRequestLimitDefault directive."), + + AP_INIT_TAKE2("QS_LocRequestPerSecLimit", qos_loc_rs_cmd, NULL, + RSRC_CONF, + "QS_LocRequestPerSecLimit <location> <number>, defines the allowed" + " number of requests per second to a location. Requests are limited" + " by adding a delay to each requests. This directive should be used" + " in conjunction with QS_LocRequestLimit only."), + + AP_INIT_TAKE2("QS_LocKBytesPerSecLimit", qos_loc_bs_cmd, NULL, + RSRC_CONF, + "QS_LocKBytesPerSecLimit <location> <kbytes>, defines the allowed" + " download bandwidth to the defined kbytes per second. Responses are" + "slowed by adding a delay to each response (non-linear, bigger files" + " get longer delay than smaller ones). This directive should be used" + " in conjunction with QS_LocRequestLimit only."), + + AP_INIT_TAKE2("QS_LocRequestLimitMatch", qos_match_con_cmd, NULL, + RSRC_CONF, + "QS_LocRequestLimitMatch <regex> <number>, defines the number of" + " concurrent requests to the uri (path and query) pattern." + " Default is defined by the QS_LocRequestLimitDefault directive."), + + AP_INIT_TAKE2("QS_LocRequestPerSecLimitMatch", qos_match_rs_cmd, NULL, + RSRC_CONF, + "QS_LocRequestPerSecLimitMatch <regex> <number>, defines the allowed" + " number of requests per second to the uri (path and query) pattern." + " Requests are limited by adding a delay to each requests." + " This directive should be used in conjunction with" + " QS_LocRequestLimitMatch only."), + + AP_INIT_TAKE2("QS_LocKBytesPerSecLimitMatch", qos_match_bs_cmd, NULL, + RSRC_CONF, + "QS_LocKBytesPerSecLimitMatch <regex> <kbytes>, defines the allowed" + " download bandwidth to the location matching the defined URL (path" + " and query) pattern. Responses are slowed down" + " by adding a delay to each response (non-linear, bigger files" + " get longer delay than smaller ones). This directive should be used" + " in conjunction with QS_LocRequestLimitMatch only."), + + /* conditional per location */ + AP_INIT_TAKE3("QS_CondLocRequestLimitMatch", qos_cond_match_con_cmd, NULL, + RSRC_CONF, + "QS_CondLocRequestLimitMatch <regex> <number> <pattern>, defines the number of" + " concurrent requests to the uri (path and query) regex." + " Rule is only enforced if the "QS_COND" variable matches the specified" + " pattern (regex)."), + + /* event based rules */ + AP_INIT_TAKE2("QS_EventRequestLimit", qos_event_req_cmd, NULL, + RSRC_CONF, + "QS_EventRequestLimit <variable>[=<regex>] <number>, defines the" + " number of concurrent events. Directive works similar to" + " QS_LocRequestLimit, but counts the requests having the same" + " environment variable (and optionally matching its value, too)" + " rather than those that have the same URL pattern."), + + AP_INIT_TAKE2("QS_EventPerSecLimit", qos_event_rs_cmd, NULL, + RSRC_CONF, + "QS_EventPerSecLimit [!]<variable> <number>, defines how" + " often requests may have the defined environment variable" + " (literal string) set. It measures the occurrences of the defined" + " environment variable on a request per seconds level and tries to" + " limit this occurrence to the defined number. It works similar to" + " as QS_LocRequestPerSecLimit, but counts only the requests with the" + " specified variable (or without it if the variable name is" + " prefixed by a '!'). If a request matches multiple events, the" + " rule with the lowest bandwidth is applied. Events are limited" + " by adding a delay to each request causing an event."), + AP_INIT_TAKE2("QS_EventKBytesPerSecLimit", qos_event_bps_cmd, NULL, + RSRC_CONF, + "QS_EventKBytesPerSecLimit [!]<variable> <kbytes>, throttles the" + " download bandwidth of all requests having the defined" + " variable set to the defined kbytes per second. Responses are slowed" + " by adding a delay to each response (non-linear, bigger files get" + " longer delay than smaller ones). By default, no limitation is active." + " This directive should be used in conjunction with QS_EventRequestLimit" + " only (you must use the same variable name for both directives)."), + AP_INIT_TAKE3("QS_EventLimitCount", qos_event_limit_cmd, NULL, + RSRC_CONF, + "QS_EventLimitCount <env-variable> <number> <seconds>," + " defines the maximum number of events allowed within the defined" + " time. Requests are denied when reaching this limitation for the" + " specified time (blocked at request level)."), +#ifdef AP_TAKE_ARGV + AP_INIT_TAKE_ARGV("QS_CondEventLimitCount", qos_cond_event_limit_cmd, NULL, + RSRC_CONF, + "QS_CondEventLimitCount <env-variable> <number> <seconds> <pattern>," + " same as QS_EventLimitCount but blocks requests only if the "QS_COND + " variable matches the specified pattern (regex)."), +#endif + + /* server / connection limitation */ + AP_INIT_TAKE1("QS_SrvMaxConn", qos_max_conn_cmd, NULL, + RSRC_CONF, + "QS_SrvMaxConn <number>, defines the maximum number of concurrent" + " TCP connections for this server (virtual host)."), + + AP_INIT_TAKE1("QS_SrvMaxConnClose", qos_max_conn_close_cmd, NULL, + RSRC_CONF, + "QS_SrvMaxConnClose <number>[%], defines the maximum number of" + " concurrent TCP connections until the server disables" + " keep-alive for this server (closes the connection after" + " each requests. You may specify the number of connections" + " as a percentage of MaxClients if adding the suffix '%'" + " to the specified value."), + + AP_INIT_TAKE12("QS_SrvMaxConnPerIP", qos_max_conn_ip_cmd, NULL, + RSRC_CONF, + "QS_SrvMaxConnPerIP <number> [<connections>], defines the maximum number" + " of connections per source IP address for this server (virtual host)." + " 'connections' defines the number of busy connections of the server" + " (all virtual hosts) to enable this limitation, default is 0."), + + AP_INIT_TAKE1("QS_SrvMaxConnExcludeIP", qos_max_conn_ex_cmd, NULL, + RSRC_CONF, + "QS_SrvMaxConnExcludeIP <addr>, excludes an IP address or" + " address range from being limited."), + + AP_INIT_FLAG("QS_SrvMaxConnPerIPIgnoreVIP", qos_max_conn_ip_vip_off_cmd, NULL, + RSRC_CONF, + "QS_SrvMinDataRateIgnoreVIP tells the QS_SrvMaxConnPerIP" + " directive to ignore (if set to \"on\") the VIP status" + " of clients. Default is \"off\", which means that" + " QS_SrvMaxConnPerIP is disabled for VIPs."), + + AP_INIT_TAKE12("QS_SrvSerialize", qos_serialize_cmd, NULL, + RSRC_CONF, + "QS_SrvSerialize 'on'|'off' [<seconds>], ensures that not more than one request" + " having the "QS_SRVSERIALIZE" variable set is processed" + " at the same time by serializing them (process one after" + " each other)."), + +#if APR_HAS_THREADS + AP_INIT_NO_ARGS("QS_SrvDataRateOff", qos_req_rate_off_cmd, NULL, + RSRC_CONF, + "QS_SrvDataRateOff," + " disables the QS_SrvRequestRate and QS_SrvMinDataRate enforcement for" + " a virtual host (only port/address based but not for name based" + " virtual hosts)."), + + AP_INIT_TAKE12("QS_SrvRequestRate", qos_req_rate_cmd, NULL, + RSRC_CONF, + "QS_SrvRequestRate <bytes per seconds> [<max bytes per second>]," + " defines the minimum upload" + " throughput a client must generate. See also QS_SrvMinDataRate."), + +#ifdef AP_TAKE_ARGV + AP_INIT_TAKE_ARGV("QS_SrvMinDataRate", qos_min_rate_cmd, NULL, + RSRC_CONF, + "QS_SrvMinDataRate <bytes per seconds> [<max bytes per second> [<connections>]]," + " defines the minimum upload/download" + " throughput a client must generate (the bytes send/received by the client" + " per seconds). This bandwidth is measured while transmitting the data" + " (request line, header fields, request body, or response data). The" + " client connection get closed if the client does not fulfill the" + " required data rate and the IP address of the causing client get marked" + " in order to be handled with low priority (see the QS_ClientPrefer" + " directive)." + " The \"max bytes per second\" activates dynamic" + " minimum throughput control: The required minimal throughput" + " is increased in parallel to the number of concurrent clients" + " sending/receiving data. The \"max bytes per second\"" + " setting is reached when the number of sending/receiving" + " clients is equal to the MaxClients setting." + " The \"connections\" argument is used to specify the" + " number of busy TCP connections a server must have to" + " enable this feature (0 by default)." + " No limitation is set by default."), +#else + AP_INIT_TAKE12("QS_SrvMinDataRate", qos_min_rate_cmd, NULL, + RSRC_CONF, + "QS_SrvMinDataRate <bytes per seconds> [<max bytes per second>]," + " defines the minimum upload/download throughput" + " a client must generate (the bytes send/received by the client" + " per seconds). This bandwidth is measured while transmitting the data" + " (request line, header fields, request body, or response data). The" + " client connection get closed if the client does not fulfill the" + " required data rate and the IP address of the causing client get marked" + " in order to be handled with low priority (see the QS_ClientPrefer" + " directive)." + " The \"max bytes per second\" activates dynamic" + " minimum throughput control: The required minimal throughput" + " is increased in parallel to the number of concurrent clients" + " sending/receiving data. The \"max bytes per second\"" + " setting is reached when the number of sending/receiving" + " clients is equal to the MaxClients setting." + " No limitation is set by default."), +#endif // ARGV + AP_INIT_TAKE1("QS_SrvMinDataRateOffEvent", qos_min_rate_off_cmd, NULL, + RSRC_CONF|ACCESS_CONF, + "QS_SrvMinDataRateOffEvent '+'|'-'<env-variable>," + " disables the minimal data rate enfocement (QS_SrvMinDataRate)" + " for a certain connection if the defined environment variable" + " has been set. The '+' prefix is used to add a variable" + " to the configuration while the '-' prefix is used" + " to remove a variable."), + + AP_INIT_FLAG("QS_SrvMinDataRateIgnoreVIP", qos_min_rate_vip_off_cmd, NULL, + RSRC_CONF, + "QS_SrvMinDataRateIgnoreVIP tells the QS_SrvMinDataRate" + " directive to ignore (if set to \"on\") the VIP status" + " of clients. Default is \"off\", which means that" + " QS_SrvMinDataRate is disabled for VIPs."), + +#endif // has threads + + AP_INIT_TAKE1("QS_SrvSampleRate", qos_req_rate_tm_cmd, NULL, + RSRC_CONF, + "QS_SrvSampleRate <seconds>, defines the sampling rate used" + " by the QS_SrvMinDataRate directive to measure the" + " throughput of a connection."), + + /* generic request filter */ + AP_INIT_TAKE3("QS_DenyRequestLine", qos_deny_rql_cmd, NULL, + ACCESS_CONF, + "QS_DenyRequestLine '+'|'-'<id> 'log'|'deny' <regular expression>, generic" + " request line (method, path, query and protocol) filter used" + " to deny access for requests matching the defined regular expression." + " '+' adds a new rule while '-' removes a rule for a location." + " The action is either 'log' (access is granted but rule" + " match is logged) or 'deny' (access is denied)."), + + AP_INIT_TAKE3("QS_DenyPath", qos_deny_path_cmd, NULL, + ACCESS_CONF, + "QS_DenyPath, same as QS_DenyRequestLine but applied to the" + " path only."), + + AP_INIT_TAKE3("QS_DenyQuery", qos_deny_query_cmd, NULL, + ACCESS_CONF, + "QS_DenyQuery, same as QS_DenyRequestLine but applied to the" + " query only."), + + AP_INIT_TAKE3("QS_DenyEvent", qos_deny_event_cmd, NULL, + ACCESS_CONF, + "QS_DenyEvent '+'|'-'<id> 'log'|'deny' [!]<variable>, matches" + " requests having the defined process" + " environment variable set (or NOT set if prefixed by a '!')." + " The action taken for matching rules" + " is either 'log' (access is granted but the rule match is" + " logged) or 'deny' (access is denied)."), + + AP_INIT_TAKE3("QS_PermitUri", qos_permit_uri_cmd, NULL, + ACCESS_CONF, + "QS_PermitUri, '+'|'-'<id> 'log'|'deny' <regular expression>, generic" + " request filter applied to the request uri (path and query)." + " Only requests matching at least one QS_PermitUri pattern are" + " allowed. If a QS_PermitUri pattern has been defined an the" + " request does not match any rule, the request is denied albeit of" + " any server resource availability (allow list). All rules" + " must define the same action. Regular expression is case sensitive."), + + AP_INIT_FLAG("QS_DenyBody", qos_denybody_cmd, NULL, + ACCESS_CONF, + "QS_DenyBody 'on'|'off', enabled body data filter (obsolete)."), + + AP_INIT_FLAG("QS_DenyQueryBody", qos_denybody_d_cmd, NULL, + ACCESS_CONF, + "QS_DenyQueryBody 'on'|'off', enabled body data filter for QS_DenyQuery."), + + AP_INIT_FLAG("QS_PermitUriBody", qos_denybody_p_cmd, NULL, + ACCESS_CONF, + "QS_PermitUriBody 'on'|'off', enabled body data filter for QS_PermitUriBody."), + + AP_INIT_TAKE1("QS_InvalidUrlEncoding", qos_deny_urlenc_cmd, NULL, + ACCESS_CONF, + "QS_InvalidUrlEncoding 'log'|'deny'|'off'," + " enforces correct URL decoding in conjunction with the" + " QS_DenyRequestLine, QS_DenyPath, and QS_DenyQuery" + " directives. Default is \"off\"."), + + AP_INIT_TAKE1("QS_LimitRequestBody", qos_maxpost_cmd, NULL, + ACCESS_CONF|RSRC_CONF, + "QS_LimitRequestBody <bytes>, limits the allowed size" + " of an HTTP request message body."), + + AP_INIT_ITERATE("QS_Decoding", qos_dec_cmd, NULL, + ACCESS_CONF, + "QS_DenyDecoding 'uni', enabled additional string decoding" + " functions which are applied before" + " matching QS_Deny* and QS_Permit* directives." + " Default is URL decoding (%xx, \\xHH, '+')."), + + AP_INIT_NO_ARGS("QS_DenyInheritanceOff", qos_denyinheritoff_cmd, NULL, + ACCESS_CONF, + "QS_DenyInheritanceOff, disable inheritance of QS_Deny* and QS_Permit*" + " directives to a location."), + + AP_INIT_TAKE1("QS_RequestHeaderFilter", qos_headerfilter_cmd, NULL, + RSRC_CONF|ACCESS_CONF, + "QS_RequestHeaderFilter 'on'|'off'|'size', filters request headers by allowing" + " only these headers which match the request header rules defined by" + " mod_qos. Request headers which do not conform these definitions" + " are either dropped or the whole request is denied. Custom" + " request headers may be added by the QS_RequestHeaderFilterRule" + " directive. Using the 'size' option, the header field max. size" + " is verified only (similar to LimitRequestFieldsize but using" + " individual values for each header type) while the pattern is ignored."), + + AP_INIT_TAKE1("QS_ResponseHeaderFilter", qos_resheaderfilter_cmd, NULL, + ACCESS_CONF, + "QS_ResponseHeaderFilter 'on'|'off', filters response headers by allowing" + " only these headers which match the response header rules defined by" + " mod_qos. Response headers which do not conform these definitions" + " are dropped."), + +#ifdef AP_TAKE_ARGV + AP_INIT_TAKE_ARGV("QS_RequestHeaderFilterRule", qos_headerfilter_rule_cmd, NULL, + RSRC_CONF, + "QS_RequestHeaderFilterRule <header name> 'drop'|'deny' <regular expression> <size>, used" + " to add custom request header filter rules which override the internal" + " filter rules of mod_qos." + " Directive is allowed in global server context only."), +#else + AP_INIT_TAKE3("QS_RequestHeaderFilterRule", qos_headerfilter_rule_cmd, NULL, + RSRC_CONF, + "QS_RequestHeaderFilterRule <header name> 'drop'|'deny' <regular expression>, used" + " to add custom request header filter rules which override the internal" + " filter rules of mod_qos." + " Directive is allowed in global server context only."), +#endif + + AP_INIT_TAKE3("QS_ResponseHeaderFilterRule", qos_resheaderfilter_rule_cmd, NULL, + RSRC_CONF, + "QS_ResponseHeaderFilterRule <header name> <regular expression> <size>, used" + " to add custom response header filter rules which override the internal" + " filter rules of mod_qos." + " Directive is allowed in global server context only."), + + /* milestones */ + AP_INIT_TAKE23("QS_MileStone", qos_milestone_cmd, NULL, + RSRC_CONF, + "QS_MileStone 'log'|'deny' <pattern> [<thinktime>], defines request line patterns" + " a client must access in the defined order as they are defined in the" + " configuration file."), + + AP_INIT_TAKE1("QS_MileStoneTimeout", qos_milestone_tmo_cmd, NULL, + RSRC_CONF, + "QS_MileStoneTimeout <seconds>, defines the time in seconds" + " within a client must reach the next milestone." + " Default are 3600 seconds."), + + /* session / vip */ + AP_INIT_TAKE1("QS_SessionCookieName", qos_cookie_name_cmd, NULL, + RSRC_CONF, + "QS_SessionCookieName <name>, defines a custom session cookie name," + " default is "QOS_COOKIE_NAME"."), + + AP_INIT_TAKE1("QS_SessionCookiePath", qos_cookie_path_cmd, NULL, + RSRC_CONF, + "QS_SessionCookiePath <path>, defines the cookie path, default is \"/\"."), + + AP_INIT_TAKE1("QS_SessionTimeout", qos_timeout_cmd, NULL, + RSRC_CONF, + "QS_SessionTimeout <seconds>, defines the session life time for a VIP." + " It is only used for session based (cookie) VIP identification (not" + " for IP based). Default is "QOS_MAX_AGE" seconds."), + + AP_INIT_TAKE1("QS_SessionKey", qos_key_cmd, NULL, + RSRC_CONF, + "QS_SessionKey <string>, secret key used for cookie encryption." + " Used when using the same session cookie for multiple web servers" + " (load balancing) or sessions should survive a server restart." + " By default, a random key is used which changes every server restart."), + + AP_INIT_TAKE12("QS_VipHeaderName", qos_header_name_cmd, NULL, + RSRC_CONF, + "QS_VipHeaderName <name>[=<regex>] [drop], defines an HTTP" + " response header which marks a user as a VIP. mod_qos" + " creates a session for this user by setting a cookie," + " e.g., after successful user authentication. Tests" + " optionally its value against the provided regular" + " expression. Specify the action 'drop' if you want mod_qos" + " to remove this control header from the HTTP response."), + + AP_INIT_TAKE12("QS_VipIPHeaderName", qos_ip_header_name_cmd, NULL, + RSRC_CONF, + "QS_VipIPHeaderName <name>[=<regex>] [drop], defines an HTTP" + " response header which marks a client source IP address as" + " a VIP. Tests optionally its value against the provided" + " regular expression." + " Specify the action 'drop' if you want mod_qos to remove" + " this control header from the HTTP response."), + + AP_INIT_NO_ARGS("QS_VipUser", qos_vip_u_cmd, NULL, + RSRC_CONF, + "QS_VipUser, creates a VIP session for users which have been" + " authenticated by the Apache server, e.g., by the standard" + " mod_auth* modules. It works similar to the" + " QS_VipHeaderName directive."), + + AP_INIT_NO_ARGS("QS_VipIpUser", qos_vip_ip_u_cmd, NULL, + RSRC_CONF, + "QS_VipIpUser, marks a source IP address as a VIP if the" + " user has been authenticated by the Apache server, e.g." + " by the standard mod_auth* modules. It works similar to" + " the QS_VipIPHeaderName directive."), + + /* user tracking */ +#ifdef AP_TAKE_ARGV + AP_INIT_TAKE_ARGV("QS_UserTrackingCookieName", qos_user_tracking_cookie_cmd, NULL, + RSRC_CONF, + "QS_UserTrackingCookieName <name> [<path>] [<domain>] ['session'] ['jsredirect']," + " enables the user tracking cookie by defining a cookie" + " name. The \"path\" parameter is an option cookie" + " check page which is used to ensure the client accepts" + " cookies. The \"domain\" option defines the Domain attriibute" + " for the Set-Cookie header. The option \"session\" indicates" + " that the cookie shall be a session cookie expiring when the" + " user closes it's browser." + " User tracking requires mod_unique_id." + " This feature is disabled by default." + " Ignores QS_LogOnly."), +#else + AP_INIT_TAKE123("QS_UserTrackingCookieName", qos_user_tracking_cookie_cmd, NULL, + RSRC_CONF, + "QS_UserTrackingCookieName <name> [<path>] ['session']," + " enables the user tracking cookie by defining a cookie" + " name. The \"path\" parameter is an option cookie" + " check page which is used to ensure the client accepts" + " cookies. The option \"session\" indicates that the" + " cookie shall be a session cookie expiring when the" + " user closes it's browser." + " User tracking requires mod_unique_id." + " This feature is disabled by default." + " Ignores QS_LogOnly."), +#endif + + /* env vars */ + AP_INIT_TAKE23("QS_SetEnvIf", qos_event_setenvif_cmd, NULL, + RSRC_CONF|ACCESS_CONF, + "QS_SetEnvIf [!]<variable1>[=<regex>] [[!]<variable2>] [!]<variable=value>," + " sets (or unsets) the 'variable=value' (literal string) if" + " variable1 (literal string) AND variable2 (literal string)" + " are set in the request environment variable list (not case" + " sensitive). This is used to combine multiple variables" + " to a new event type. Alternatively, a regular expression" + " can be specified for variable1's value and variable2 must be" + " omitted in order to simply set a new variable if" + " the regular expression matches."), + + AP_INIT_TAKE_ARGV("QS_SetEnvIfCmp", qos_cmp_cmd, NULL, + ACCESS_CONF, + "QS_SetEnvIfCmpP <env-variable1> eq|ne|gt|lt <env-variable2> [!]<env-variable>[=<value>]," + " sets the specified environment variable if the specified env-variables" + " are alphabetically or numerical equal (eq), not equal (ne)," + " greater (gt), less (lt)."), + + AP_INIT_TAKE2("QS_SetEnvIfQuery", qos_event_setenvifquery_cmd, NULL, + RSRC_CONF|ACCESS_CONF, + "QS_SetEnvIfQuery <regex> [!]<variable>[=value]," + " directive works quite similar to the SetEnvIf directive" + " of the Apache module mod_setenvif, but the specified regex" + " is applied against the query string portion of the request" + " line. The directive recognizes the occurrences of $1..$9" + " within value and replaces them by the sub-expressions of" + " the defined regex pattern."), + + AP_INIT_TAKE2("QS_SetEnvIfParp", qos_event_setenvifparp_cmd, NULL, + RSRC_CONF, + "QS_SetEnvIfParp <regex> [!]<variable>[=value]," + " directive parsing the request payload using the Apache module" + " mod_parp. It matches the request URL query and the HTTP" + " request message body data as well ('application/x-www-form-urlencoded'," + " 'multipart/form-data', and 'multipart/mixed') and sets the defined" + " process variable (quite similar to the QS_SetEnvIfQuery directive)." + " The directive recognizes the occurrences of $1..$9 within value" + " and replaces them by the sub-expressions of the defined regex" + " pattern. This directive activates mod_parp for every request to" + " the virtual host. You may deactivate mod_parp for selected requests" + " using the SetEnvIf directive: unset the variable 'parp' to do so." + " Important: request message body processing requires that the server" + " loads the whole request into its memory (at least twice the length" + " of the message). You should limit the allowed size of the HTTP" + " request message body using the QS_LimitRequestBody directive" + " when using QS_SetEnvIfParp!"), + + AP_INIT_TAKE2("QS_SetEnvIfBody", qos_event_setenvifparpbody_cmd, NULL, + RSRC_CONF, + "QS_SetEnvIfBody <regex> [!]<variable>[=value]," + " parses the request body using the Apache module mod_parp." + " Specify the content types to process using the mod_parp" + " directive PARP_BodyData and ensure that mod_parp is enabled" + " using the SetEnvIf directive of the Apache module mod_setenvif." + " You should limit the allowed size of HTTP requests message body" + " using the QS_LimitRequestBody directive when using mod_parp." + " The directive recognizes the occurrence of $1 within the variable" + " value and replaces it by the sub-expressions of the defined regex" + " pattern."), + + AP_INIT_TAKE2("QS_SetEnvStatus", qos_event_setenvifstatus_cmd, NULL, + RSRC_CONF|ACCESS_CONF, + "QS_SetEnvStatus (deprecated, use QS_SetEnvIfStatus)"), + + AP_INIT_TAKE2("QS_SetEnvIfStatus", qos_event_setenvifstatus_cmd, NULL, + RSRC_CONF|ACCESS_CONF, + "QS_SetEnvIfStatus <status code> <variable>, adds the defined" + " request environment variable if the HTTP status code matches the" + " defined value. The value '"QS_CLOSE"' may be used as a special" + " status code to set a "QS_BLOCK" event in order to handle" + " connection close events caused by "QS_CLOSE" rules while" + " the status '"QS_EMPTY_CON"' may be used to mark connections" + " which are closed before any HTTP request has ever been received." + " The '"QS_MAXIP"' value may be used to count "QS_BLOCK" events for" + " connections closed by the "QS_MAXIP" directive." + " The '"QS_BROKEN_CON"' value may be used to mark clients not" + " reading the full HTTP response."), + + AP_INIT_TAKE2("QS_SetEnvResBody", qos_event_setenvifresbody_cmd, NULL, + ACCESS_CONF, + "QS_SetEnvResBody (deprecated, use QS_SetEnvIfResBody)"), + + AP_INIT_TAKE2("QS_SetEnvIfResBody", qos_event_setenvifresbody_cmd, NULL, + ACCESS_CONF, + "QS_SetEnvIfResBody <string> [!]<variable>, adds the defined" + " request environment variable (e.g. "QS_BLOCK") if the HTTP" + " response body contains the defined literal string." + " Supports only one pattern per location."), + + AP_INIT_TAKE2("QS_SetEnv", qos_setenv_cmd, NULL, + RSRC_CONF, + "QS_SetEnv <variable> <value>, sets the defined variable" + " with the value where the value string may contain" + " other environment variables surrounded by \"${\" and \"}\"." + " The variable is only set if all defined variables within" + " the value can be resolved."), + + AP_INIT_TAKE23("QS_SetReqHeader", qos_setreqheader_cmd, NULL, + RSRC_CONF, + "QS_SetReqHeader [!]<header name> <variable> ['late'], sets the defined" + " HTTP request header to the request if the specified" + " environment variable is set."), + + AP_INIT_TAKE1("QS_UnsetReqHeader", qos_unsetreqheader_cmd, NULL, + RSRC_CONF, + "QS_UnsetReqHeader <header name>, Removes the specified header from the request."), + + AP_INIT_TAKE1("QS_UnsetResHeader", qos_unsetresheader_cmd, NULL, + RSRC_CONF, + "QS_UnsetResHeader <header name>, Removes the specified header from the response."), + + AP_INIT_TAKE12("QS_SetEnvResHeader", qos_event_setenvresheader_cmd, NULL, + RSRC_CONF, + "QS_SetEnvResHeader <header name> [drop], sets the defined" + " HTTP response header (name and value) to the request environment variables" + " Deletes the header if the action 'drop' has been specified."), + + AP_INIT_TAKE2("QS_SetEnvResHeaderMatch", qos_event_setenvresheadermatch_cmd, NULL, + RSRC_CONF, + "QS_SetEnvResHeaderMatch <header name> <regex>, sets the defined" + " HTTP response header (name and value) to the request environment variables" + " if the specified regular expression matches the header value."), + + AP_INIT_TAKE3("QS_SetEnvRes", qos_setenvres_cmd, NULL, + RSRC_CONF, + "QS_SetEnvRes <variable> <regex> <variable2>[=<value>], sets the environment" + " variable2 if the regular expression matches against the value of" + " the environment variable. Occurrences of $1..$9 within the value" + " and replace them by parenthesized subexpressions of the regular expression."), + + AP_INIT_TAKE3("QS_RedirectIf", qos_redirectif_cmd, NULL, + RSRC_CONF|ACCESS_CONF, + "QS_RedirectIf <variable> <regex> [<code>:]<url>," + " redirects the client to the configured url" + " if the regular expression matches" + " the value of the the environment variable."), + + /* client control */ + AP_INIT_TAKE1("QS_ClientEntries", qos_client_cmd, NULL, + RSRC_CONF, + "QS_ClientEntries <number>, defines the number of individual" + " clients managed by mod_qos. Default is 50000." + " Directive is allowed in global server context only."), + +#ifdef AP_TAKE_ARGV + AP_INIT_TAKE_ARGV("QS_ClientPrefer", qos_client_pref_cmd, NULL, + RSRC_CONF, + "QS_ClientPrefer [<percent>], prefers known VIP clients" + " when server has less than 80% (or the configured value)" + " of free TCP connections. Preferred clients" + " are VIP clients (or those without any negative penalties)," + " see QS_VipHeaderName directive." + " Directive is allowed in global server context only."), +#else + AP_INIT_NO_ARGS("QS_ClientPrefer", qos_client_pref_cmd, NULL, + RSRC_CONF, + "QS_ClientPrefer, prefers known VIP clients" + " when server has less than 80% of free TCP connections." + " Preferred clients are VIP clients only," + " see QS_VipHeaderName directive." + " Directive is allowed in global server context only."), +#endif + + AP_INIT_TAKE1("QS_ClientTolerance", qos_client_tolerance_cmd, NULL, + RSRC_CONF, + "QS_ClientTolerance <percent>, defines the allowed tolerance (variation)" + " from a \"normal\" client (average) in percent." + " Default is "QOS_CC_BEHAVIOR_TOLERANCE_STR"%." + " Directive is allowed in global server context only."), + +#ifdef AP_TAKE_ARGV + AP_INIT_TAKE_ARGV("QS_ClientContentTypes", qos_client_contenttype, NULL, + RSRC_CONF, + "QS_ClientContentTypes <html> <css/js> <images> <other> <304>," + " defines the distribution of HTTP response content types a client normally" + " receives when accessing the server. mod_qos normally learns the average" + " behavior automatically by default but you may specify a static configuration" + " in order to avoid influences by a high number of abnormal clients."), +#endif + + AP_INIT_TAKE12("QS_ClientEventBlockCount", qos_client_block_cmd, NULL, + RSRC_CONF, + "QS_ClientEventBlockCount <number> [<seconds>], defines the maximum number" + " of "QS_BLOCK" allowed within the defined time (default are 10 minutes)." + " Directive is allowed in global server context only."), + + AP_INIT_TAKE1("QS_ClientEventBlockExcludeIP", qos_client_ex_cmd, NULL, + RSRC_CONF, + "QS_ClientEventBlockExcludeIP <addr>, excludes an IP address or" + " address range from being limited by QS_ClientEventBlockCount."), + + AP_INIT_TAKE123("QS_ClientEventLimitCount", qos_client_limit_cmd, NULL, + RSRC_CONF, + "QS_ClientEventLimitCount <number> [<seconds> [<variable>]]," + " defines the maximum number" + " of the specified environment variable ("QS_LIMIT_DEFAULT" by default)" + " allowed within the defined time (default are 10 minutes)." + " Directive is allowed in global server context only."), + +#ifdef AP_TAKE_ARGV + AP_INIT_TAKE_ARGV("QS_CondClientEventLimitCount", qos_cond_client_limit_cmd, NULL, + RSRC_CONF, + "QS_CondClientEventLimitCount <number> <seconds> <variable> <pattern>," + " defines the maximum number" + " of the specified environment variable" + " allowed within the defined time." + " Directive works similar as QS_ClientEventLimitCount but" + " requests are only blocked if the "QS_COND" variable matches" + " the defined pattern (regex)." + " Directive is allowed in global server context only."), +#endif + + AP_INIT_TAKE1("QS_ClientEventPerSecLimit", qos_client_event_cmd, NULL, + RSRC_CONF, + "QS_ClientEventPerSecLimit <number>, defines the number" + " events pro seconds on a per client (source IP) basis." + " Events are identified by requests having the" + " "QS_EVENT" variable set." + " Directive is allowed in global server context only."), + + AP_INIT_TAKE1("QS_ClientEventRequestLimit", qos_client_event_req_cmd, NULL, + RSRC_CONF, + "QS_ClientEventRequestLimit <number>, defines the allowed" + " number of concurrent requests coming from the same client" + " source IP address" + " having the QS_EventRequest variable set." + " Directive is allowed in global server context only."), + + AP_INIT_NO_ARGS("QS_ClientSerialize", qos_client_serial_cmd, NULL, + RSRC_CONF, + "QS_ClientSerialize, serializes requests having the "QS_SERIALIZE" variable" + " set if they are coming from the same IP address."), + + AP_INIT_TAKE1("QS_ClientIpFromHeader", qos_client_forwardedfor_cmd, NULL, + RSRC_CONF, + "QS_ClientIpFromHeader <header>, defines a HTTP request header to read" + " the client's source IP address from (instead of taking the IP address" + " of the client opening the TCP connection). This may be used for the" + " QS_ClientEventLimitCount directive and QS_Country variable."), + + /* geo ip */ + AP_INIT_TAKE1("QS_ClientGeoCountryDB", qos_geodb_cmd, NULL, + RSRC_CONF, + "QS_ClientGeoCountryDB <path>, path to the geograpical database file."), + + AP_INIT_TAKE23("QS_ClientGeoCountryPriv", qos_geopriv_cmd, NULL, + RSRC_CONF, + "QS_ClientGeoCountryPriv <list> <connections> ['excludeUnknown']," + " defines a comma separated list of country codes" + " for origin client IP address which are allowed to" + " access the server if the number of busy TCP connections reaches" + " the defined number of connections while others are denied access." + " Clients whose IP can't be mapped to a country code can be excluded" + " from the limitation by configuring the 'excludeUnknown' argument."), + + /* error documents */ + AP_INIT_TAKE1("QS_ErrorPage", qos_error_page_cmd, NULL, + RSRC_CONF, + "QS_ErrorPage <url>, defines a custom error page."), + + AP_INIT_TAKE1("QS_ErrorResponseCode", qos_error_code_cmd, NULL, + RSRC_CONF, + "QS_ErrorResponseCode <code>, defines the HTTP response code which" + " is used when a request is denied, default is 500."), + + AP_INIT_FLAG("QS_ForcedClose", qos_forced_close_cmd, NULL, + RSRC_CONF, + "QS_ForcedClose 'on'|'off', defines if mod_qos connection handler shall" + " exit with an error code (on) or not. Default is on (except for" + " Apache 2.4.49)."), + + /* module settings / various stuff */ + AP_INIT_FLAG("QS_LogOnly", qos_logonly_cmd, NULL, + RSRC_CONF, + "QS_LogOnly 'on'|'off', enables the log only mode of the module" + " where no limitations are enforced. Default is off." + " Directive is allowed in global server context only."), + + AP_INIT_FLAG("QS_LogEnv", qos_logenv_cmd, NULL, + RSRC_CONF, + "QS_LogEnv 'on'|'off', enables logging of environment" + " variables."), + + AP_INIT_FLAG("QS_SupportIPv6", qos_enable_ipv6_cmd, NULL, + RSRC_CONF, + "QS_SupportIPv6 'on'|'off', enables IPv6 address support." + " Default is on."), + + AP_INIT_TAKE1("QS_SemMemFile", qos_mfile_cmd, NULL, + RSRC_CONF, + "QS_SemMemFile <path>, optional path to a directory or file" + " which shall be used for file based semaphores/shared memory" + " usage, e.g. /var/tmp."), + + AP_INIT_TAKE1("QS_MaxClients", qos_maxclients_cmd, NULL, + RSRC_CONF, + "QS_MaxClients <number>, optional override for mod_qos's" + " MaxClients/MaxRequestWorkers calculation which defines" + " the maximum number of TCP connections the server can handle."), + + AP_INIT_FLAG("QS_DisableHandler", qos_disable_handler_cmd, NULL, + RSRC_CONF, + "QS_DisableHandler 'on'|'off', disables the qos-viewer" + " and qos-console for a virtual host"), + +#if APR_HAS_THREADS + AP_INIT_FLAG("QS_Status", qos_qsstatus_cmd, NULL, + RSRC_CONF, + "QS_Status 'on'|'off', writes a log message containing server" + " statistics once every minute. Default is off."), +#endif + + AP_INIT_FLAG("QS_EventCount", qos_qsevents_cmd, NULL, + RSRC_CONF, + "QS_EventCount 'on'|'off', enables error event counting" + " (counters are shown in the machine-readable version" + " of the status viewer). Default is off."), + + AP_INIT_TAKE1("QSLog", qos_qlog_cmd, NULL, + RSRC_CONF, + "QSLog <arg>, used to configure a global (per Apache" + " instance) 'qslog' logger."), + +#ifdef QS_INTERNAL_TEST + AP_INIT_TAKE1("QS_EnableInternalIPSimulation", qos_disable_int_ip_cmd, NULL, + RSRC_CONF, + ""), +#endif + + { NULL } +}; + + +/************************************************************************ + * apache register + ***********************************************************************/ +static void qos_register_hooks(apr_pool_t * p) { + static const char *pre[] = { "mod_setenvif.c", "mod_setenvifplus.c", "mod_parp.c", NULL }; + static const char *preuid[] = { "mod_setenvif.c", "mod_setenvifplus.c", "mod_parp.c", "mod_unique_id.c", NULL }; + static const char *pressl[] = { "mod_ssl.c", NULL }; + static const char *preconf[] = { "mod_setenvif.c", "mod_setenvifplus.c", "mod_parp.c", "mod_ssl.c", NULL }; + static const char *post[] = { "mod_setenvif.c", "mod_setenvifplus.c", NULL }; + static const char *postlog[] = { "mod_logio.c", NULL }; + static const char *parp[] = { "mod_parp.c", NULL }; + static const char *prelast[] = { "mod_setenvif.c", "mod_setenvifplus.c", "mod_ssl.c", NULL }; + static const char *preFix[] = { "mod_ssl.c", "mod_setenvifplus.c", NULL }; + + ap_hook_post_config(qos_post_config, preconf, NULL, APR_HOOK_MIDDLE); + + ap_hook_child_init(qos_child_init, NULL, NULL, APR_HOOK_MIDDLE); + + // before ssl_hook_pre_connection@APR_HOOK_MIDDLE but after logio_pre_conn@APR_HOOK_MIDDLE + ap_hook_pre_connection(qos_pre_connection, postlog, pressl, APR_HOOK_MIDDLE); + // after ssl_hook_pre_connection@APR_HOOK_MIDDLE (and a many others) + ap_hook_pre_connection(qos_pre_process_connection, prelast, NULL, APR_HOOK_LAST); + + ap_hook_process_connection(qos_process_connection, NULL, NULL, APR_HOOK_MIDDLE); + + // be before sp_post_read_request@APR_HOOK_MIDDLE + ap_hook_post_read_request(qos_post_read_request, NULL, post, APR_HOOK_MIDDLE); + ap_hook_post_read_request(qos_post_read_request_later, preuid, NULL, APR_HOOK_MIDDLE); + + ap_hook_header_parser(qos_header_parser0, NULL, post, APR_HOOK_FIRST); + ap_hook_header_parser(qos_header_parser1, post, parp, APR_HOOK_FIRST); + ap_hook_header_parser(qos_header_parser, pre, NULL, APR_HOOK_MIDDLE); + + ap_hook_fixups(qos_fixup, preFix, NULL, APR_HOOK_MIDDLE); + + ap_hook_handler(qos_handler, NULL, NULL, APR_HOOK_MIDDLE); + + ap_hook_log_transaction(qos_logger, NULL, NULL, APR_HOOK_FIRST); + //ap_hook_error_log(qos_error_log, NULL, NULL, APR_HOOK_LAST); + + ap_register_input_filter("qos-in-filter", qos_in_filter, NULL, AP_FTYPE_CONNECTION); + ap_register_input_filter("qos-in-filter2", qos_in_filter2, NULL, AP_FTYPE_RESOURCE); + ap_register_input_filter("qos-in-filter3", qos_in_filter3, NULL, AP_FTYPE_CONTENT_SET); + /* AP_FTYPE_RESOURCE+1 ensures the filter is executed after mod_setenvifplus + * AP_FTYPE_PROTOCOL+3 ensures the filter is executed after mod_deflate */ + ap_register_output_filter("qos-out-filter", qos_out_filter, NULL, AP_FTYPE_RESOURCE+1); + ap_register_output_filter("qos-out-filter-min", qos_out_filter_min, NULL, AP_FTYPE_RESOURCE+1); + ap_register_output_filter("qos-out-filter-delay", qos_out_filter_delay, NULL, AP_FTYPE_PROTOCOL+3); + ap_register_output_filter("qos-out-filter-body", qos_out_filter_body, NULL, AP_FTYPE_RESOURCE+1); + ap_register_output_filter("qos-out-filter-brokencon", qos_out_filter_brokencon, NULL, AP_FTYPE_PROTOCOL+3); + ap_register_output_filter("qos-out-err-filter", qos_out_err_filter, NULL, AP_FTYPE_RESOURCE+1); + + ap_hook_insert_filter(qos_insert_filter, NULL, NULL, APR_HOOK_MIDDLE); + ap_hook_insert_error_filter(qos_insert_err_filter, NULL, NULL, APR_HOOK_MIDDLE); + +} + +/************************************************************************ + * apache module definition + ***********************************************************************/ +module AP_MODULE_DECLARE_DATA qos_module ={ + STANDARD20_MODULE_STUFF, + qos_dir_config_create, /**< dir config creator */ + qos_dir_config_merge, /**< dir merger */ + qos_srv_config_create, /**< server config */ + qos_srv_config_merge, /**< server merger */ + qos_config_cmds, /**< command table */ + qos_register_hooks, /**< hook registration */ +}; diff --git a/apache2/mod_qos.h b/apache2/mod_qos.h new file mode 100644 index 0000000..3372abe --- /dev/null +++ b/apache2/mod_qos.h @@ -0,0 +1,79 @@ +/* -*-mode: c; indent-tabs-mode: nil; c-basic-offset: 2; -*- + */ + +/** + * mod_qos.h: Quality of service module for Apache Web Server. + * + * The Apache Web Servers requires threads and processes to serve + * requests. Each TCP connection to the web server occupies one + * thread or process. Sometimes, a server gets too busy to serve + * every request due the lack of free processes or threads. + * + * This module implements control mechanisms that can provide + * different priority to different requests. + * + * See http://mod-qos.sourceforge.net/ for further + * details. + * + * Copyright (C) 2023 Pascal Buchbinder + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef __MOD_QOS_H__ +#define __MOD_QOS_H__ + +/************************************************************************** + * Hooks + **************************************************************************/ +#if !defined(WIN32) +#define QOS_DECLARE(type) type +#define QOS_DECLARE_NONSTD(type) type +#define QOS_DECLARE_DATA +#elif defined(QOS_DECLARE_STATIC) +#define QOS_DECLARE(type) type __stdcall +#define QOS_DECLARE_NONSTD(type) type +#define QOS_DECLARE_DATA +#elif defined(QOS_DECLARE_EXPORT) +#define QOS_DECLARE(type) __declspec(dllexport) type __stdcall +#define QOS_DECLARE_NONSTD(type) __declspec(dllexport) type +#define QOS_DECLARE_DATA __declspec(dllexport) +#else +#define QOS_DECLARE(type) __declspec(dllimport) type __stdcall +#define QOS_DECLARE_NONSTD(type) __declspec(dllimport) type +#define QOS_DECLARE_DATA __declspec(dllimport) +#endif + +#define QOS_OPTIONAL_HOOK(name,fn,pre,succ,order) \ + APR_OPTIONAL_HOOK(qos,name,fn,pre,succ,order) + +/** + * mod_qos.h header file defining hooks for path/query + * decoding (used by QS_Deny* and QS_Permit* rules). + * + * Define QS_MOD_EXT_HOOKS in order to enable these hooks + * within mod_qos.c. + */ + +/* hook to decode/unescape the path portion of the request uri */ +APR_DECLARE_EXTERNAL_HOOK(qos, QOS, apr_status_t, path_decode_hook, + (request_rec *r, char **path, int *len)) +/* hook to decode/unescape the query portion of the request uri */ +APR_DECLARE_EXTERNAL_HOOK(qos, QOS, apr_status_t, query_decode_hook, + (request_rec *r, char **query, int *len)) + +#endif /* __MOD_QOS_H__ */ diff --git a/doc/CHANGES.txt b/doc/CHANGES.txt new file mode 100644 index 0000000..5fd53bc --- /dev/null +++ b/doc/CHANGES.txt @@ -0,0 +1,1947 @@ +Version 11.74 + +- Fixed: Potential counter overflow for early event detection + (increment before block) or log only mode. + +Version 11.73 + + This release introduces support of the PCRE2 (10.x) library in place of + the now end-of-life PCRE version 1 (8.x) API. + + - Removes PCRE API dependency from mod_qos.c. The module no longer has an + explicit dependency to the PCRE library but uses ap_pregcomp(), + ap_regexec(), and ap_regexec_len() from ap_regex.h. + Wrapping the PCRE (v1) and PCRE2 interface by the Apache httpd allows you + to use either the old or the new API version (depends on locating + pcre2-config). PCRE2 compatibility requires Apache httpd 2.4.53 or newer. + + - Support utilities migrated to PCRE2 API (version 10.x). + Tested with PCRE2 version 10.41. + + - Removed compatibility to Apache 2.0 and 2.2. + +Version 11.72 + + - Improve the support of Apache "event" MPM by calculating + a higher QS_MaxClients default value based on the + AsyncRequestWorkerFactor setting. + +Version 11.71 + + - Removed directive QS_Chroot. + + - Minor code changes (improvements #39/#40 reported by + Rainer Jung - many thanks). + + - QS_LogOnly also disables QS_EventKBytesPerSecLimit and + QS_LocKBytesPerSecLimit (deactivates delay output filter). + + - Uses apr_temp_dir_get() to determine temp. directory for + semaphores/shared memory (default used to be /var/tmp). + Use QS_SemMemFile to override it. + +Version 11.70 + + - QS_ClientGeoCountryPriv skips clients whose IP address can't + be mapped to a country code if the argument 'excludeUnknown' + is specified. + +Version 11.69 + + - Internal: QS_SetEnvIf directives use an array to store all + rules (to ensure they are applied in the order they appear + in the configuration file). + + - Apache 2.4.49 compatibility fix introduced by mod_qos 11.68 is no + longer applied for Apache version 2.4.50 and newer. + 'QS_ForcedClose off' could be used to enable gentle connection + close handling manually. + +Version 11.68 + + - Compatibility with Apache 2.4.49 (avoid segfault when returning + error code in pre-connection hook / issue similar to CVE-2017-3169). + +Version 11.67 + + - The QS_LogEnv directive can be used to enable environment variable + logging. mod_qos writes all environment variables which are set when + entering a handler to the log. + +Version 11.66 + + - QS_ClientIpFromHeader supports pseudo IP by creating a hash + of a HTTP request header's value if the header name is prefixed + by '#', e.g. #Authorization to use the HTTP basic auth header. + It's also possible to use the client's SSL client certificate's + subject and issuer DN if you specify #SSL_CLIENT_S_DN instead + of a real HTTP header name. + Note: Does not work for IP geolocation. + +Version 11.65 + + - Fixed: QS_SrvMinDataRate did not enforce (log only) min data rate + in simple mode (only one arg). + Improved min. data rate calculation and updated documentation. + + - Fixed: Several typos in documentation. + +Version 11.64 + + - Updated request header filter rules (allows signed HTTP exchanges content + type in Accept header). + + - qsgeo: New pattern to detect "readable" format (no longer adding IP address + range twice for some file formats). + + - QS_Status: adds the QS_AllConn variable to the maxClients object. + +Version 11.63 + + - Adds the option 'jsredirect' to the QS_UserTrackingCookieName directive: + Client (browser) has to use Javascript within the cookie check page + to fetch the cookie and to redirect the client back to the initially + requested page (adding Javascript to the cookie challenge). + SSI variables to be used in the HTML page / Javascript: + - QS_UT_QUERY: query string to call (ajax) the cookie page again to + obtain the cookie. + - QS_UT_NAME: name of the cookie + - QS_UT_INITIAL_URI: initial page to redirect to + Sample page: http://mod-qos.sourceforge.net/cookie-ir.shtml + +Version 11.62 + + - Machine-readable version of the status viewer does no longer + show QS_SrvMaxConn* counters for virtual hosts using the base + server's configuration and counter. + + - New directive QS_MaxClients. + +Version 11.61 + + - QS_SrvMaxConnPerIP can handle more than MaxClient IP addresses + (if the server opens new connections faster than closing old) + and enables memory block distribution by default. + +Version 11.60 + + - Fixed: Wrong connection counter (total server connections stored in the + QS_AllConn variable) when using SrvMaxConn* directives globally only but + other QS_* directives within virtual hosts. Bug influenced + QS_SrvMinDataRate behavior as well (activating and increasing the min. + data rate too fast). + +Version 11.59 + + - QS_EventRequestLimit writes the current counter value to the + QS_EventRequestLimit_<env-variable>_Counter environment variable. + + - New directive QS_SetEnvIfCmp. + +Version 11.58 + + - Adds directive QS_UnsetReqHeader. + + - Removes version information in automake configure script (utilities). + +Version 11.57 + + - Adds qsrespeed and qsre (previous "regexspeed" and "regex" dev tool) + to the support utilities. + +Version 11.56 + + - Non-functional: Changed QS_Status invocation timer implementation. + + - Adds qsdt (previous "duration" dev tool) to the support utilities. + +Version 11.55 + + - qslog: "-l" supports files with huge gaps (missing lines). + + - QS_SetEnvIf and QS_SetEnvIfQuery directives can be used within Location + configuration. + +Version 11.54 + + - Introduces the QS_Block_Decrement variable. + +Version 11.53 + + - Adds CORS headers to the default QS_RequestHeaderFilter and + QS_ResponseHeaderFilter rule set. + + - qslog: shows also the distribution of response durations faster than + a second within the following intervals: + * 0-49ms + * 50-99ms + * 100-499ms + * 500-999ms + +Version 11.52 + + - Fixed: QS_LimitRequestBody did not work for chunked requests + when used in Apache 2.4. + + - QS_Status uses the server's base configuration settings while logging + allowing to configure a custom log format using ErrorLogFormat. + + - qssign's verification mode supports graceful restart (sigusr1) where + two qssign processes are running (one with the old sequence + counter and the new one starting at 1). + +Version 11.51 + + - Adds process-connection handler to close the connection in the case the + abort by the pre-connect hook was ignored (workaround for bug in + Apache 2.4.28 Event MPM ignoring the connection abort) (msg id 167). + + - Uses module name in log index. + +Version 11.50 + + - Changes pre-connection hook dependency (called later but still before + mod_ssl). + +Version 11.49 + + - Adapted connection handling to deal with master/slave connections + (introduced by Apache 2.4.18) avoiding inconsistent connection counters. + +Version 11.48 + + - Detects unexpected connection dispatching to old child process to avoid + invalid connection counter state for QS_ClientPrefer rules (msg id 166). + +Version 11.47 + + - Updates built-in filter pattern of QS_HeaderFilter (Transfer-Encoding). + + - qslog standard mode supports peak/max value counter (M). + + - Fixed: potential segfault if connection ctx is null when using h2. + +Version 11.46 + + - Updates built-in filter pattern of QS_HeaderFilter. + +Version 11.45 + + - QS_ClientEventRequestLimit supports the QS_ClientIpFromHeader directive. + +Version 11.44 + + - New directive QS_CondEventLimitCount. + + - QS_EventLimitCount (and QS_CondEventLimitCount) counter may be decremented + by environment variable suffixed by "_Decrement". + + - Slightly changed unique-id generator (shorter). + +Version 11.43 + + - Fixed: QS_IsVipRequest was not set if QS_ClientPrefer hasn't been + used. + +Version 11.42c + + - qslog supports QSCOUNTERPATH (-pc mode) environment variable which + defines a file containing a list of QS_ClientEventLimitCount rules. + The 'E' format character defines the event string in the log + to match (literal string) the event1 and event2 event names against. + + Rule syntax: <name>:<event1>-<n>*<event2>/<duration>=<limit> + + Example mod_qos config: + QS_ClientEventLimitCount 20 600 QS_LimitEv + QS_SetEnvRes Event AU04 QS_LimitEv + QS_SetEnvRes Event AU05 QS_LimitEv_Decrement=2 + Sample qslog rule: + QS_LimitEv:AU04-2*AU05/600=20 + + Special us case matching against the HTTP status code ('S' character) + is used if the rule 'name' starts with STATUS. + Example mod_qos configuration: + QS_ClientEventLimitCount 10 300 QS_LimisS + QS_SetEnvIfStatus 400 QS_LimitS=1 + QS_SetEnvIfStatus 405 QS_LimitS=1 + QS_SetEnvIfStatus 406 QS_LimitS=1 + QS_SetEnvIfStatus 408 QS_LimitS=1 + QS_SetEnvIfStatus 413 QS_LimitS=1 + QS_SetEnvIfStatus 414 QS_LimitS=1 + QS_SetEnvIfStatus 500 QS_LimitS=1 + Sample qslog rule: + STATUS:400_405_406_408_413_414_500-1*X/300=10 + +Version 11.42 + + - Message mod_qos(034) indicates (by "in:0") when the server not even + received a request line on a TCP connection (potentially a speculative + TCP pre-connection). + + - qslog -pc mode supports peak/max value counter (M). + + - qsrotate supports line-by-line data processing prefixing every line + by a timestamp when using the option "-d", e.g. for batch/script + output logging. + + - qsrotate supports option "-m" to define the file permissions. + +Version 11.41 + + - Fixed: wrong default file size used by qsrotate. + + - qsrotate supports signal USR1 to perform a file rotation manually + at any time. + +Version 11.40 + + - mod_qos and all utilities are now distributed under the Apache License. + +Version 11.39 + + - New directive QS_EventCount to enable an error message event counter + (counters are shown in the machine-readable status view). + + - Adds clientContentTypes statistics to the status view. + +Version 11.38 + + - New directive QS_SrvMinDataRateIgnoreVIP and QS_SrvMaxConnPerIPIgnoreVIP. + + - QS_ClientEventLimitCount may be decremented or cleared by environment + variable (suffixed by "_Decrement", e.g. QS_Limit_Decrement). + + - QS_MileStone sets cookie also within error filter supporting redirects + even not reaching the handler. + +Version 11.37 + + - Fixed: wrong include in qspng.c + + - Console: dump shows time of last db access (seconds since epoch). + + - Adds clientContentTypes to QS_Status. + +Version 11.36 + + - Fixed: moves code from "process connection" hook to the "pre + connection" hook for Apache 2.4 compatibility and higher efficiency. + + - Lower severity of message 036 to critical. + +Version 11.35 + + - Fixed: potential segfault by mod_ssl in ssl_io_filter_disable() + when closing a connection after a failed SSL handshake (CVE-2017-3169). + +Version 11.34 + + - New variable QS_SetEnvIfResBodyIgnore which might be used to + deactivate QS_SetEnvIfResBody. + + - mod_qos_ev: sets "v" if an IP is marked as VIP. + +Version 11.33 + + - QS_ClientLowPrio variable's value contains the status flag representing + the tracked attributes. + + - Sets QS_IsVipRequest variable for marked IP addresses at connection + processing handler and propagetes it to every request. + + - Fixed: message 045 (uri check ignores log-only mode). + +Version 11.32 + + - Header filter: accepts region specific language codes in + Accept-Language request header by default. + + - Compiles also against OpenSSL 1.1.0b. + +Version 11.31 + + - QS_SetReqHeader supports header removal (unset) by prefixing + the header name with "!". + + - QS_SetEnvIfResBody supports variable removal (unset) by + prefixing the variably with "!". + + - New cookie data format (user tracking, vip, milestones). + +Version 11.30 + + - qslogger supports option "-x" (adding a prefix to every message). + + - Fixed: calculation of MaxClients for MPM prefork binary (bug reported + by Fergus - thanks!). + +Version 11.29 + + - mod_qos_ev variable sets character "u" if server is accessed by a + client without a user tracking cookie (but QS_UserTrackingCookieName + has been configured). + + - Minor (non-functional) DSCP implementation code changes (incl. new log + messages). + + - Adds mod_qos events "qA" and "qu" to qslog and the output of event + counters (q*) has been made optional. + +Version 11.28 + + - New variable "QS_Set_DSCP" to set the IP differentiated services code + points (DiffServ / RFC 2474). + + - QS_RedirectIf also supports 301. + +Version 11.26 + + - Changed: QS_SrvMaxConn* directive counter's inheritance from the base + server to virtual hosts is no longer coupled to other QS_* directive + rules. This means, that a virtual host uses the very same counters + as the base server as long as neither QS_SrvMaxConn, QS_SrvMaxConnClose, + nor QS_SrvMaxConnPerIP has been configured within the virtual host. + +Version 11.25 + + - QS_ClientEntries max. value is now limited to 10000000. + + - New "special code" 'BrokenConnection' for the QS_SetEnvIfStatus + direcive. + +Version 11.24 + + - Fixed: Apache 2.4 had nested error page when using QS_ErrorPage + (bug introduced by version 11.22). + +Version 11.23 + + - Directive QS_SetEnvIf supports single variable match. + + - qslog -p: + * fallback to simple hour/minutes detection + * Fixed: writes now statistic line at the "next" minute (m+1:00) + +Version 11.22 + + - Disables client behavior (content type) measurement if + QS_ClientPrefer has been disabled. + + - Minor changes to the status viewer. + + - Fixed: segfault when using HTTP/2. + +Version 11.21 + + - Fixed: Implemented graceful restart detection for Apache 2.4 + to properly free shared memory and mutexes (prevents from + leaking while doing graceful restarts). + + - Disables keep-alive enforcement for MPM event binaries. + +Version 11.20 + + - Adds filter (option -f) to qssign. + + - Revised QS_ClientPrefer implementation (improved attribute weighting) + and the log messages 063/064 have been merged into message 066. + +Version 11.19 + + - Updates User-Agent header field pattern for the default + QS_RequestHeaderFilterRule rule set and adds the + Upgrade-Insecure-Requests header. + + - QS_ClientGeoCountryDB is able to read IP2LOCATION csv file without + prior transformation (country code '-'). + + - Fixed: QS_ClientIpFromHeader used to determine country code + (QS_ClientGeoCountryDB) even the country could not be determined + for the connection address (incomplete IP list). + +Version 11.18 + + - New directive QS_Status. + + - QS_SrvSampleRate must be greater then one second. + + - Avoids using RAND_bytes() and checks if the generator is seeded with + enough entropy (mod_qos(08x) messages). + + - Calculates MaxClients (instead of reading the directive). + +Version 11.17 + + - QS_SetEnvIfStatus supports QS_SrvMaxConnPerIP to increment the + QS_Block event variable. + + - qssign features the option "-a" to define which algorithm to use. + + - Enables QS_SrvMinDataRate, QS_SrvDataRateOff, and + QS_SrvMinDataRateOffEvent for Apache 2.4 as smoke test against + Apache 2.4.12 and 2.4.16 was now successful (MPM worker and event). + The QS_KeepAliveTimeout and QS_MaxKeepAliveRequests directives have + been disabled for the MPM event. Apache 2.4 is still not fully tested. + +Version 11.16 + + - Adds timeout option to the QS_SrvSerialize directive. + +Version 11.15 + + - Increased severity of message 035 and 036 from critical to alert. + + - Lowered severity of messages 100, 009, and 007 from emergency to + critical. + + - QS_RedirectIf directive supports 307 response code. + + - Set *_Counter variable of QS_EventLimitCount within post read request + handler. + + - QS_ClientSerialize honors the sequence of receiving requests (fifo) in + order to support requests from different clients accessing the server + via a proxy. + + - Fixed: potential deadlock (when reaching the 5min timeout) when using + the QS_SrvSerialize directive. + +Version 11.14 + + - New directive QS_SrvSerialize. + +Version 11.13 + + - Adds option "-u" to the qslogger and qssign utilities. + + - QS_MileStone features a "think time" attribute which defines how long + a client must wait between two milestones. + +Version 11.12 + + - Propagates the variables used by QS_ClientEventLimitCount to sub-requests + making them available within SSI pages. + + - New QS_ClientEventLimitCount variable suffixed by "_Remaining" containing + the remaining time in seconds a client is still blocked (to be used + within error pages to show a client how long he has to wait until he + might proceed). + + - New variable QS_MaxKeepAliveRequests. + +Version 11.11 + + - QS_Limit (resp. the event variable processed by the + QS_ClientEventLimitCount/QS_CondClientEventLimitCount directives) + event may specify a weighting of events defining by how many penalty + points the counter shall be increased. Default is 1. + +Version 11.10 + + - Adds qslog command to the module (dedicated statisic log facility on + a per Apache server instance basis). + +Version 11.9 + + - QS_Block event may specify a weighting of events defining by how many + penalty points the counter shall be increased. + + - Fixed: enables per client data store when using the QS_VipIPHeaderName + together with the QS_SrvMaxConn[PerIP] directive. + +Version 11.8 + + - New console command 'inclimit' increments the + QS_ClientEventLimitCount rule counter. + + - Adds the option "<domain>" to the QS_UserTrackingCookieName + directive. + +Version 11.7 + + - Man page for the module itself. + + - Adds option "session" to QS_UserTrackingCookieName. + +Version 11.6 + + - Adds "Public-Key-Pins" and "Public-Key-Pins-Report-Only" to the + pre-defined list of allowed HTTP response header fields. + + - Adds "Origin" to the pre-defined list of allowed HTTP response header + fields. + + - Fixed: qsrotate reads the size of an existing logfile at startup + (required by the "-b" option). + +Version 11.5 + + - qslog: improved performance. + + - Minor code refactoring. + + - Some log messages (010, 012, 013, 030, 031, 034, 040, 041, 042, 043, + 044, 046, 047, 048, 060, 063, 064, 065, 067, 101) indicate if + QS_LogOnly mode is active. + + - Apply QS_LogOnly to header filter (action drop). + + - qsgeo option "-l": + * adds the IP address if missing + * fixed: unintentional dropping of valid lines + * may be used to normalize "ip2location lite" DB1 files + * option "-v" to print all error messages + +Version 11.4 + + - Adds request ID to console log messages (07*). + + - qslog supports writing to stdout (if "-o <out_file>" is omitted). + + - qslog: improved performance. + +Version 11.3 + + - New directive QS_ClientEventBlockExcludeIP. + + - Minor changes to the status viewer. + + - Modified error messages 060 and 067 (adding the "age" parameter which + indicates the seconds since the event occurred the first time). + + - Fixed: Message 065 contained wrong directive name. + +Version 11.2 + + - Adds variable QS_ResponseDelayTime showing the delay time (us) + calculated for response throttling. + + - New variable QS_Timeout. + +Version 11.1 + + - Fixed: Shows "T" log marker only for requests which has really been + delayed by mod_qos. + + - Further improved bytes/sec limitation implementation. + +Version 11.0 + + - Highly improves bytes/sec limitation (response throttling) based on + the input I got from Jeff Trawick - many thanks! + * Calculates delay within filter (immediately(!) when reaching the + defined amount of bytes). + * Uses nanoseconds delay (instead of milliseconds). + * Splits large bucket brigades to 8k blocks (support for local files, + not using mod_proxy). + * Inserts filter late (after mod_deflate). + + - User tracking: set Cache-Control header when accessing the cookie + check page. + + - QS_UserTrackingCookieName: improved cookie header processing. + + - Fixed: 'qslog -pc' does no longer require 'S' nor a date. + +Version 10.30 + + - QS_SetReqHeader features the option 'late'. + + - New console output (without ':' suffix for the IP address). + + - Console 'search', 'limit', and 'unlimit' command support now the + 'event' parameter specifying which QS_ClientEventLimitCount event + variable to show/set/clear. + +Version 10.29 + + - Supports IPv6 clients. + +Version 10.28 + + - Fixed: QS_ClientEventLimit did overwrite counters of other clients if + multiple events have been configured. + +Version 10.27 + + - qslog features the option "-pu" and "-puc" used to gather request + information on a per URL basis. + + - Fixed: Wrong includes within the support utilities. + + - Extends QS_ClientSerialize max. timeout from 1 to 5 minutes. + +Version 10.26 + + - QS_ClientSerialize supports the QS_ClientIpFromHeader directive. + + - Refactor method used to determine redirect port (user tracking) + supporting servers not using virtual hosts. + + - Fixed: QS_UserTrackingCookieName uses correct server_rec to retrieve + configuration. + + - Hook implementing user tracking is now called after mod_unique_id. + + - Slightly changed unique-id generator. + + - Adds fflush() to qsgrep utility when writing data to stdout. + +Version 10.25 + + - QS_EventLimitCount writes the current value to the process environment + variables. + + - Fixed: QS_[Cond]ClientEventLimitCount logs request id and propagtes + message code (067) to the QS_ErrorNotes variable. + + - New variable QS_IPConn representing the number of connections opened + from the very same source IP (works in conjunction with + QS_SrvMaxConnPerIP only). + +Version 10.24 + + - New directive QS_CondClientEventLimitCount. + + - QS_SrvMinDataRate: limits the max. data rate to the configured value + (prevents invalid rate due to misconfiguration server or died child + process). + +Version 10.23 + + - Fixed: QS_ClientEventLimitCount log message 067 contains now the IP + address of the request header if QS_ClientIpFromHeader is used. + + - QS_SetEnvRes: supports multiple variables with the same name. + +Version 10.22 + + - Process QS_SetEnvResHeader(Match) and QS_SetEnvRes at error filter too. + +Version 10.21 + + - Fixed: qslogger may had detected the wrong message severity. + + - Adds debug message when detecting "NullConnection" events. + + - Built-in request header rules: adapt If-Match, If-None-Match, Cookie, + and Cookie2 HTTP header patterns. + +Version 10.20 + + - Fixed: QS_CondLocRequestLimitMatch did work only if other QS_Loc* + directive had been configured. + +Version 10.19 + + - New directive QS_RedirectIf. + +Version 10.18 + + - QS_ClientEventLimitCount may be cleared by environment variable + (suffixed by "_Clear", e.g. QS_Limit_Clear). + +Version 10.17 + + - QS_ClientEventLimitCount supports unlimited number of events. + + - Stores the value of the QS_ClientEventLimitCount variables as + environment variables suffixed by "_Counter", e.g. QS_Limit_Counter + for the default QS_Limit variable, in order to be processed by other + rules. + + - Add Content-Security-Policy to the default response header allow list. + + - qslog features enhanced "-pc" mode providing more information: + * Collects content type information (%{content-type}o). + * Duration between the first and the last request. + * Average response in ms. + * "ci" indicates if we have seen the client at the end or the + beginning of the file (maybe not all requests in the log due to + log rotation). + * Bytes downloaded. + * Writes status characters to stderr. + * HTTP request methods (GET/POST) + +- qsgeo features option "-l" and is able to process "qslog -pc" files. + +Version 10.16 + + - qslog adds 'E' (event identifiers) to the format string. QSEVENTPATH + environment variable specifies a file containing all known event + names (comma separated list). + + - qslog average counter (a/A) count only if a numeric value is available. + + - qssing does not try to execute invalid program name (space only). + +Version 10.15 + + - qsrotate supports DST and offset to UTC. + + - Add the "connections" argument to the QS_SrvMaxConnPerIP directive + to disable the rule enforcement on idle web servers. + +Version 10.14 + + - Minor changes to status viewer (color for QS_EventLimitCount counter). + + - Q3594444: adapted man page subject. + + - QS_ErrorResponseCode verifies that the defined error code is valid + resp. known by Apache. + + - Add option "-b" to the qsrotate utility. + +Version 10.13 + + - Add new directive QS_EventLimitCount. + +Version 10.12 + + - Fixed: Per-client status viewer did not show numbers correctly + (depending on the platform it has been compiled for). + +Version 10.11 + + - Don't write QS_ClientEventBlockCount event messages (060) every time + a client is blocked. + + - Adjust log message severity of permitted QS_SrvMinDataRate rule + violations from 'info' to 'debug'. + +Version 10.10 + + - Add DNT HTTP request header to the default request header allow list. + + - qslog "-pc" supports counting established connections. + + - Fixed: Endless loop when using option "-c" with only one rule. + + - New utility qshead. + +Version 10.9 + + - Q3535677: Don't use prce_info() any longer. + + - qslog option "-x" allows the specification how many files to keep. + Default are 14 days. + + - qslog counter 'a', 'A', and 's'. + + - Adapted log message mod_qos(069) + + - QS_ClientIpFromHeader@logger searches for the header in r->prev and + r->main too. + +Version 10.8 + + - Fixed: QS_SetEnvIfResBody did not properly detect pattern. + + - qslogger features severity filter (forward only messages with a + matching/higher severity) and adjustable default severity for those + log lines which do not contain the severity pattern. + +Version 10.7 + + - Writes notice message at server startup if the Apache version is not + supported (mod_qos has been implemented for Apache 2.2 worker + binaries only resp. Apache 2.0 is no longer supported). + + - Use pcre_study() API call only if QOS_EXTRA_USE_PCRE_STUDY has been + defined while compiling mod_qos. + + - Adds fflush() to qslogger/qsexec/qsgeo/qslogger utility when writing + data to stdout. + +Version 10.6 + + - qslog measures average response time in milliseconds (avms). + + - Fixed: Viewer shows number of per client ip connections if no server + limitations are set (query "option=ip"). + + - Fixed: qslogger did not compile on non-Linux platforms. + +Version 10.5 + + - New utility: qslogger. + + - JSON includes array index number (note: you need to adapt existing + JSON rules). + + - Experimental: mod_qos compiles with Apache 2.4 + * QS_SrvMinDataRate is not available (does not work, use mod_reqtimeout + instead) + * QS_Srv* directives shall not be used (connection cleanup takes + very long) + +Version 10.4 + + - Improved qs* utility performance. + +Version 10.3 + + - Fixed: ABR in QS_SetEnvIfResBody. + +Version 10.2 + + - Fixed: QS_Milestone uses now URL decoding before applying the + expression (pcre). + + - Add the qsgeo utility to the distribution archive file. + + - Fixed: Suppress warning message about missing mod_unique_id if + mod_navajo.cpp is available. + + - New connection correlation id QS_ConnectionId (available as + an event for logging purposes). + +Version 10.1 + + - QS_ClientIpFromHeader may be used to set QS_Country variable. + + - Viewer shows QS_AllConn variable. + +Version 10.0 + + - New directives QS_ClientGeoCountryDB and QS_ClientGeoCountryPriv. + + - New variables: QS_AllConn and QS_Country. + +Version 9.79 + + - Fixed: Wrong IP conversion (str2long) used by console and + QS_ClientIpFromHeader. + +Version 9.78 + + - Fixed: QS_UserTrackingCookieName enforcement did not work if server + creates internal redirect. + +Version 9.77 + + - Use pcre_study() and match_limit where applicable. + + - qslog features the option "-c" to collect separate statistics, + e.g., for different URLs. + + - qslog features the option "-pc" used to gather request information + per client. + + - New directive QS_SrvSampleRate (may be used to adjust the + QS_REQ_RATE_TM sample rate at runtime/post compilation). Not + documented. + + - Fixed: qslog line parsing bug (double backslash). + +Version 9.76 + + - New directive QS_ClientIpFromHeader (may be used in conjunction with + QS_ClientEventLimitCount only). + + - qslog measures new connections per minute (%k == 0). + + - Fixed: Don't show connections in the overview if not measured. + + - Internal: QS_EventRequestLimit are added (instead of set) to the event + table in order to prevent multiple increments by the very same request. + +Version 9.75 + + - New directive QS_SetEnvRes. + + - Viewer keeps value about the last measured kbytes/second result for + a longer time. + + - Update documentation (description of QS_LocKBytesPerSecLimit* + directives). + +Version 9.74 + + - Fixed header file in qsfilter2 (possible compile problems). + + - Fixed pre connection handling for outgoing (mod_proxy) connections. + +Version 9.73 + + - Q3429879: Format usage text of the mod_qos utilities to man page + format. Use "<utility> --man" to generate the man page. + + - Make "NullConnection" detection (known by QS_SetEnvIfStatus) more + aggressive. + +Version 9.72 + + - Module tries to detect a suitable default error document for + QS_ErrorPage automatically. + + - New status "NullConnection" known by QS_SetEnvIfStatus detecting + TCP connections which are not used to send a HTTP request (closed + without transmitting HTTP request line and header or denied by any + other module). + + - QS_ClientEventBlockCount is processed at pre_connection hook (more + aggressive, before mod_ssl). + + - Suppress warning message about missing mod_unique_id if mod_navajo is + available. + +Version 9.71 + + - QS_RequestHeaderFilterRule and QS_ResponseHeaderFilterRule may be + configured within a host (outside location). + + - QS_ResponseHeaderFilterRule features the action "silent" which drops + header silently without writing a log message. + + - Headers X-Content-Type-Options and X-XSS-Protection has been added to + the default response header rules. + + - Fixed: Bug in JSON parser. + + - Fixed: Propagation of Apache environment variables to sub-requests + (solves bug when using QS_ClientEventBlockCount and ErrorDocument). + +Version 9.70 + + - QS_EventPerSecLimit and QS_EventKBytesPerSecLimit counters are no + longer updated if a request has already been denied by a + QS_EventRequestLimit rule. + + - QS_LocRequestPerSecLimit* and QS_LocKBytesPerSecLimit* counter are + no longer updated if a request has already been denied by a + QS_LocRequestLimit* rule. + + - Adjust attributes/number of requests required to identify the client + behavior. + + - Update request header allow list rule for Content-Type. + +Version 9.69 + + - Client behavior (content type a client is downloading) is calculated + in a percent of the whole traffic type distribution. The directive + QS_ClientTolerance supports only values between 5 and 80. + + - Add directive QS_ClientContentTypes to define the normally downloaded + content types statically (instead of self learning). + + - Detection if module has been build for a different MPM implementation + than the server is using at runtime. + + - JSON parser processes request query (if starting with an array '[' of + object '{') if no body is available. + + - qssing supports additional log format detection. + + - qslog supports request time duration measurement in milli- and + microseconds too (t and D instead of T). + + - qslog isolates numeric values (B, i, T, t, D, S) even they are + surrounded or prefixed by other characters, e.g. time="<number>". + + - qslog treats single quoted string with (short) leading name and eaual + sign (e.g., agent='Mozilla 1') as single element (offline mode only). + + - qslog extracts additional time formats (offline mode). + + - Added "X-Do-Not-Track" to the built-in request header allow list. + + - Minor changes within the status viewer (machine-readable view). + +Version 9.68 + + - Change in order to support HP-UX. + +Version 9.67 + + - Fixed: QS_ClientSerialize has required other client level control + directive. + +Version 9.66 + + - Client data store updates entry time stamp every access. + +Version 9.65 + + - Fixed: Could not compile the support utility qscheck. + + - qsexec features option "-c" (pattern clearing the event counter). + +Version 9.64 + + - New utility: qsexec + + - Dynamic client data store partition (depending on the size of the + store as defined by QS_ClientEntries) for improved performance. + +Version 9.62 + + - Some code refactoring (performance improvements, no functional + changes). + +Version 9.61 + + - New directive QS_LogOnly may be used to disable rule enforcement + (permissive mode). + + - Minor changes within the status viewer. + + - "QS_SetEnvIfStatus QS_SrvMinDataRate QS_Block" limits the allowed + number of QS_SrvMinDataRate rule violations. + +Version 9.60 + + - Fixed: QS_ClientEventBlockCount/QS_ClientEventLimitCount get not reset + if client causes events continuously. + +Version 9.58 + + - Fixed: IP does not get marked as VIP if QS_ClientPrefer has not been + defined. + + - New variable QS_ErrorNotes. + + - Add "Transfer-Encoding" (very strict) to the built-in request header + allow list. + +Version 9.57 + + - Status viewer features query name "refresh" which causes the browser + to reload the page every 10 seconds. + +Version 9.56 + + - Clear per client data store counters at graceful restart to prevent + dead enties (counter grow) due unclear client shutdown. + + - qsfilter2 features url filter (-f). + + - QS_ClientSerialize does not block for more than 10 minutes. + +Version 9.55 + + - Minor changes in configure script (autotools) of the support utilities + (png library name). + + - Add allowed response header X-Content-Security-Policy. + + - Fixed: qslog cuts last character if parameter is at end of line. + + - Fixed: qsfilter2 handling of 0 byte characters. + +Version 9.54 + + - QS_SetEnvIf may unset a variable. + + - New variable QS_IsVipRequest. + +Version 9.53 + + - Re-introduce qscheck to the support utilities tarball. + +Version 9.52 + + - Double per client data store speed (insert new entries) by partitioning + of odd and even ip addresses. + + - Overview section in qos viewer (showing connections and load). + + - Remove packet-rate measurement. + +Version 9.51 + + - Set IP based VIP status to connection even before we receive the + HTTP request. + + - New argument "connections" for the QS_SrvMinDataRate directive allows + to disable the limitation if the server is idle/has only little + traffic. + + - Adapt built-in request header filter rules. + +Version 9.49 + + - Adapt built-in request header filter rules. + + - New utility: qsgrep. + + - Change process order: process QS_SetEnvResHeader after + QS_SetEnvResHeaderMatch. + + - New directive QS_UnsetResHeader. + + - New directive QS_ClientEventLimitCount (works similar as + QS_ClientEventBlockCount but enforces rule at request level only). + +Version 9.48 + + - qslog supports mod_logio (%I and %O). + + - Re-introduce deprecated QS_SetEnvStatus directive (for backwards + compatibility). + +Version 9.47 + + - QS_SetEnvIfStatus may be used within Locations. + + - Sequence: execute QS_SetEnvIfStatus earlier (before + QS_SetEnvResHeader). + + - Remove directive QS_SetEnvStatus (alias for QS_SetEnvIfStatus). + +Version 9.46 + + - QS_VipUser/QS_VipIpUser detects r->user earlier (@fixup). + + - QS_KeepAliveTimeout allows value "0" disabling keep-alive. + + - Process QS_KeepAliveTimeout variable at response too. + + - QS_SetEnvIfStatus may be specified multiple times for the same + response code. + + - QS_SetEnvIfStatus accepts the definition of a variable value. + +Version 9.45 + + - Add directive QS_ClientSerialize. + + - qslog used new parameter names for event message counts. + +Version 9.44 + + - Add directive QS_DisableHandler. + +Version 9.43 + + - QS_ClientEventBlockCount rule violation marks client to have low + priority. + +Version 9.42 + + - Console "action=search&address=*" returns a list of all clients. + + - Fixed: Removes the apr_shm_destroy() calls to avoid double-free + errors on Linux with old APR library versions. + +Version 9.41 + + - Fixed: Console action 'block' did not set event number. + +Version 9.40 + + - Fixed: Search IP in console + + - Fixed: User tracking set-cookie is set twice. + + - Process QS_SetEnvIfStatus on internal errors (protocol). + +Version 9.38 + + - Web console allows the modification of attributes of entries within + the client data store. + + - Status viewer supports query "ip" (showing the IP addresses of the + connected clients for all open TCP connections) in machine-readable + version. + + - Status viewer used new delimiter within rule names on machine-readable + version (query "auto"). + +Version 9.37 + + - Changed QS_ClientPrefer behavior: + - never block VIP IP + - step 1 denies slow marked clients only + + - Set the QS_ClientLowPrio variable for clients with low priority. + + - qssign: add option "-e" which ensures we don't lost any lines. + + - Update built-in header validation pattern. + +Version 9.36 + + - QS_SrvMinDataRateOffEvent processing at fixup (request). + + - Use apr_time_t instead of time_t. + +Version 9.34 + + - qslog counts response status codes per minute. + + - Use apr_time_t instead of time_t. + +Version 9.33 + + - User tracking cookie enforcement may be disabled by setting the + DISABLE_UTC_ENFORCEMENT environment variable, e.g. for certain + User-Agent headers. + +Version 9.32 + + - Status viewer returns "text/plain" for request query 'auto'. + +Version 9.31 + + - qsfilter2: encode double quotes and backslashes using their hex values + (no escaping within Apache configuration necessary). + + - Featuring JSON parser which may be used in conjunction with + QS_PermitUri. + +Version 9.30 + + - Fixed: qsfilter2 did not compile with OpenSSL 1.0.0. + +Version 9.29 + + - Add Strict-Transport-Security to the default response header rules. + + - Directive QS_UserTrackingCookieName features an optional "path" + attribute. This path specifies a local error page which is shown + to users not accepting the user tracking cookie (note: search engines + do probably not support this cookie enforcement and won't be able to + crawl the site). + + - Generates a simple request id (unique per pid/tid within a + millisecond) if mod_unique_id has not been loaded. + + - Fix: syntax check for QS_ErrorPage. + +Version 9.28 + + - QS_ErrorPage supports external HTTP redirect (302). + + - qsfilter2 features a rule id prefix (-k <prefix>). + + - qsfilter2 may process audit log using the sample log format + "%h %>s %{qos-loc}n %{qos-path}n%{qos-query}n" without pre-processing. + +Version 9.27 + + - Remove qscheck utility (don't compile it by default). + + - New variable %{qos-loc}n indicating the Location matching a request + (may be used to filter the audit log for dedicated locations in order + to generate QS_PermitUri rules). + + - qsfilter2 may process "standard" Apache access log (TransferLog) + files too (automatically detecting the request line). + + - Several adaptions/fixes to the machine-readable version of the status + viewer. + +Version 9.26 + + - Fix: no mutex destroy (called by register cleanup when destroying + pools). Should fix the restart issues with MPM prefork binaries. + + - Renew user tracking cookie once every month. + +Version 9.25 + + - Compile utilities using GNU autotools (hope this works at least on + some Linux platforms). + +Version 9.24 + + - QS_SrvMinConnPerIP: don't log every rule violation (consolidate log + messages and log only every 20th event, see QS_LOG_REPEAT). + + - Fixed: Removes thread_join for MPM prefork binaries. + +Version 9.23 + + - New directives: QS_MileStone*. + + - Q3032708: see http://www.openssl.org/support/faq.html#LEGAL2. + + - Add Access-Control-Allow-Origin to the default response header rules. + +Version 9.22 + + - New variable: QS_SrvConn + + - qslog shows total number of requests within a minute. + +Version 9.21 + + - New directive QS_UserTrackingCookieName. + +Version 9.20 + + - Fixed: Racing condition when using QS_SrvMinDataRate and + ThreadsPerChild > 64 may cause segfault. + +Version 9.19 + + - Fixed: Segfault at server start if no vhost has been defined. + + - QS_SrvMinDataRateOffEvent may be used at server and/or location level. + +Version 9.18 + + - QS_SrvMaxConnClose supports the definition of the number of + keep-alive connections as a percentage of MaxClients. + + - Updates built-in filter pattern of QS_HeaderFilter. + +Version 9.17 + + - Output filters are executed after mod_setenvifplus. + +Version 9.16 + + - New directive QS_SrvMinDataRateOffEvent. + + - Changes directive process order (QS_SetEnvIfStatus). + + - QS_SrvMinDataRate enforces keep-alive timeout (request line must be + received within the keep-alive timeout). + +Version 9.15 + + - New directives QS_ResponseHeaderFilter and QS_ResponseHeaderFilterRule. + +Version 9.14 + + - New directive QS_Decoding. + +Version 9.12 + + - New directive QS_SemMemFile. + + - Uses a checksum to represent IPV6 addresses. + +Version 9.10 + + - Fixed: ap_remove_input_filter(). + + - MaxClients overrides ServerLimit/Treads settings when calculating the + maximum number of possible client connections. + + - Log/debug message about used semaphore files. + +Version 9.9 + + - New implementation of the code for QS_SrvMaxConnPerIP to avoid + malfunction reported by mod_qos user. + + - Module dependency (execution order) to mod_setenvifplus. + +Version 9.8 + + - Internal code changes/maintenance (join thread). + +Version 9.7 + + - mod_qos may be compiled defining QS_NO_STATUS_HOOK which prevents + mod_qos from registering to mod_status. + +Version 9.6 + + - Environment variable QS_DeflateReqBody to deflate request body data + (update to mod_parp 0.8 in order to get a correct content-length + header after data deflating). + +Version 9.5 + + - New directives QS_SetReqHeader and QS_SetEnv. + +Version 9.4 + + - Fixed: Variable %{qos-query} is not set when using the + QS_DenyQueryBody directive (and neither QS_DenyBody nor + QS_PermitUriBody has been set). + + - Increased line buffer for qsfilter2 (2MB). + +Version 9.3 + + - New directive QS_SetEnvResBody. + +Version 9.2 + + - New syntax: + QS_VipHeaderName <header name>[=<regex>] [drop] + QS_VipIPHeaderName <header name>[=<regex>] [drop] + +Version 9.1 + + - QS_ClientEventRequestLimit limits the number of concurrent events on + a per client IP address basis (again increasing the per client memory + consumption). + +Version 9.0 + + - Client level control: request characteristics measuring adds content + type ration and number of 304 responses (requires now 64bytes instead + of 48bytes per client on a 32bit system). + + - Improved client level control (behavior detection, see above) is + processed by the QS_ClientPrefer directive. Directive + QS_ClientTolerance controls the allowed variation. + + - Directive QS_SrvPreferNet has been removed. It's recommended to use + QS_ClientPrefer instead. + +Version 8.18 + + - Q2841328: remove nasty pointer address cast to int. + +Version 8.16 + + - Q2834297: use a single mutex for all per virtual host ACT tables (too + many mutexes if a server uses many virtual hosts). + +Version 8.15 + + - New variable QS_Delay. + +Version 8.14 + + - New directive QS_SrvDataRateOff. + +Version 8.13 + + - New directives QS_DenyQueryBody and QS_PermitUriBody obsolete + QS_DenyBody. + + - Fixed: QS_Deny*/QS_Permit* directives can handle strings containing + 0 bytes (qsfilter2 still can't). + +Version 8.12 + + - New directive QS_InvalidUrlEncoding. + +Version 8.11 + + - Fixed: Change Apache 2.0 ifdef statements in order to compile with + any compiler. + +Version 8.10 + + - Fixed: Did not compile with Apache 2.0. + +Version 8.9 + + - QS_LimitRequestBody may be defined using mod_setenvif. + See new directive order in mod_qos_seq.gif + + - mod_qos uses anonymous shm by default. + + - Use constant semaphore/shared memory file names in order to reuse + resources after unclear server shutdown. + +Version 8.5 + + - New directive QS_EventKBytesPerSecLimit. + + - New structure of the source archive tarball, see index.html#build + for more information about building the binaries. + +Version 8.3 + + - QS_RequestHeaderFilterRule has new syntax. + + - QS_RequestHeaderFilter checks the header length too. It's possible + to use "QS_RequestHeaderFilter size" for header length checking only + (instead of using LimitRequestFieldsize). + +Version 8.2 + + - Fixed: Client prefer, don't mark connection timeout at keep alive + end (used in conjunction with QS_ClientPrefer). + + - Access log events (mod_qos_ev, mod_qos_cr, mod_qos_con) are stored as + variables (storing them in the out headers will be removed in one of + the next release). + +Version 8.1 + + - Fixed: Checks for enabled cc in input filter. + + - Don't allow requests without an URL. + +Version 8.0 + + - New server configuration merger: settings within virtual hosts are + merged with the settings from the base server (directives outside + virtual hosts). Virtual host settings do not overwrite base settings + any more. + + - New directive QS_LimitRequestBody. + +Version 7.20 + + - Fixed: Url decoding detecting %HH encoding (full range). + +Version 7.19 + + - QS_DenyEvent may be used to block requests which do NOT have the + specified event set. + + - QS_DenyEvent is applied after the QS_SetEnvIf* directives. + See mod_qos_seq.gif for more details. + +Version 7.18 + + - QS_Deny/Permit logs on severity warning if action is log only. + +Version 7.17 + + - QS_SetEnvIfBody recognizes the occurrence of $1 within the variable + value and replaces it by the subexpressions of the defined regex + pattern. + +Version 7.16 + + - Set audit log variables at header parser hook. + +Version 7.15 + + - Directive QS_EventRequestLimit may match variable values too. + + - New directive QS_SetEnvIfBody. + + - Audit log is enabled based on the defined log format variables. + +Version 7.14 + + - New directive QS_DenyBody implements generic request body filter + which can be used in conjunction with QS_DenyQuery, QS_PermitUri, + and body data audit log (to be processed my qsfilter2). + +Version 7.13 + + - Changed directive processing order, see mod_qos_seq.gif. + + - New directive QS_SetEnvIfParp (requires mod_parp, + see http://parp.sourceforge.net). + + Important: + mod_parp and the QS_SetEnvIfParp directive copies the whole HTTP + request message body into the servers memory (requires at least + twice the memory size of the posted data). It is very important + that you limit the messagy body size for requests processed my + mod_parp/QS_SetEnvIfParp using the Apache directive LimitRequestBody. + + - New directive QS_DenyEvent. + + - Chuck out mod_qos_control. + +Version 7.12 + + - Process event filter only if some rules have been defined. + + - Recovery rate (decrease limitation) for bandwidth and and request + limit has been increased from 16% to 25%. + +Version 7.11 + + - New directive QS_EventRequestLimit. + +Version 7.9 + + - Fixed: QS_SrvMinDataRate/QS_SrvRequestRate counts all server + connections (not only per child process). + +Version 7.8 + + - Directive QS_SrvMinDataRate/QS_SrvRequestRate supports min/max + limitation in order to increase the minimum upload/download bandwidth + on multiple simultaneously connections. + + - Fixed: Activation of QS_SrvMinDataRate did not work + (QS_SrvRequestRate only). + +Version 7.7 + + - New directive QS_SetEnvIfQuery. + +Version 7.6 + + - Use the HTTP response code defined by QS_ErrorResponseCode (default + is 500) settings for all denied requests expect for those requests + rejected to a QS_Deny*, QS_Permit*, or QS_RequestHeaderFilter rule. + +Version 7.5 + + - New directive QS_ErrorResponseCode + + - Multiple directives (QS_LocRequestLimit, QS_LocRequestLimitMatch, + QS_CondLocRequestLimitMatch, QS_ClientEventBlockCount, and + QS_ClientEventPerSecLimit) allow now a limitation set to "0". + + - QS_SrvMinDataRate replaces QS_SrvRequestRate. + +Version 7.4 + + - QS_SrvRequestRate supports chunked POST. + +Version 7.3 + + - Partial (not for chunked post) fixed error message for slow server + response when using QS_SrvRequestRate. + +Version 7.2 + + - New directive QS_SetEnvResHeaderMatch + +Version 7.1 + + - QS_SrvMaxConnExcludeIP works for QS_SrvRequestRate (may be used to + allow selected IP sources, e.g. slow spider). + +Version 7.0 + + - New directive QS_SrvRequestRate enforces minimum upload bandwidth + (used for TCP DoS prevention). Requires thread support. + + - QS_ClientPrefer allows definition of free connections in percent + in order to override the default of 80%. Available for Apache 2.2 + only. + + - QS_SrvConnTimeout is no longer available. + You may use QS_SrvRequestRate instead. + +Version 6.7 + + - Detects low priority clients (clients sending slow or using small + data packets get marked as low priority clients). + + - New directives QS_VipUser and QS_VipIpUser. + + - Status viewer shows information about client (IP) control status. + +Version 6.6 + + - mod_status handler hook supports short status flag. + +Version 6.5 + + - New directive QS_SetEnvResHeader. + + - mod_qos_control supports QS_SetEnvIf, QS_SetEnvStatus, and + QS_SetEnvIf directive editing. + +Version 6.4 + + - New directive QS_SetEnvStatus. + + - QS_SetEnvIf for response processing (log transaction). + + - QS_ClientEventBlockCount on response events (log transaction). + +Version 6.3 + + - New directive QS_VipIPHeaderName to mark clients (IP) without + providing them full VIP privileges. + + - Add details to log messages. + +Version 6.2 + + - New command: QS_ClientEventPerSecLimit. + +Version 6.1 + + - QS_SetEnvIf supports "NOT" operator. + + - Sets QS_VipRequest variable when receiving valid session cookie. + +Version 6.0 + + - mod_qos features per client (IP) control rules. + + - QS_ClientPrefer, prefers known VIP clients. + + - QS_ClientEventBlockCount, blocks clients on events. + +Version 5.17 + + - New directive QS_EventPerSecLimit allows req/sec limitation for + requests causing an event. + + - New directive QS_SetEnvIf allows combination of multiple environment + variables. + + - Fixed: sem/shm leak when using QS_SrvPreferNet. + +Version 5.16 + + - Mark QS_CondLocRequestLimitMatch in status viewer. + +Version 5.15 + + - New directive QS_CondLocRequestLimitMatch allows conditional request + level rules. + +Version 5.14 + + - Remove "nicetitles" from status viewer. + +Version 5.13 + + - Again, minor status viewer changes. + +Version 5.12 + + - Status viewer uses "nicetitles" to show long rule strings. + +Version 5.11 + + - Minor internal code changes. + +Version 5.10 + + - Rules do not use individual mutex any longer. This allows an unlimited + number of rules. + +Version 5.9 + + - mod_qos_control features additional qsfilter2 settings. + +Version 5.8 + + - Minor improvements in status viewer. + + - 5.7 did not compile with Apache 2.0 (ap_regex). + +Version 5.7 + + - Important: + QS_PermitUri, QS_Deny*, qsfilter2 apply filter rules against unescaped + URLs where %<hex>, \x<hex> and + (new!) is unescaped. + You should regenerate your QS_PermitUri rules using the updated + version of the qsfilter2 tool provided by this release. + + - Very first release of mod_qos_control. + +Version 5.6 + + - New status viewer implementation. + +Version 5.4 + + - Important: + QS_PermitUri, QS_Deny*, qsfilter2 apply filter rules against + unescaped URLs where %<hex> and \x<hex> (new!) is unescaped. + You should regenerate your QS_PermitUri rules using the updated + version of the qsfilter2 tool provided by this release. + +Version 5.2 + + - QS_VipHeaderName creates session cookie only once. + + - VIP has no QS_LocKBytesPerSecLimit/QS_LocKBytesPerSecLimitMatch + restrictions. + + - QS_SrvPreferNet triggers for VIP user on response header only. + +Version 5.1 + + - New directive QS_SrvPreferNet. + +Version 4.30 + + - Fixed: Segfault at server startup when no virtual host has been + configured. + +Version 4.29 + + - Debug log level lists available request header filter rules. + +Version 4.28 + + - Introduce request header filter. + +Version 4.18 + + - Introduce log message numbers and SSI support for error pages. + + - Add new directive QS_DenyInheritanceOff + + - Add qsfilter2, a tool to generate request URI allow list rules. + + - Use mod_unique_id to tag error messages. + +Version 4.13 + + - QS_PermitUri uses case sensitive pcre. + +Version 4.11 + + - Add new directive QS_PermitUri. + +Version 4.8 + + - Introduce generic request filtering (QS_Deny* directive). + +Version 4.3 + + - New handling of graceful server restart. + +Version 4.2 + + - QS_LocKBytesPerSecLimitMatch, QS_LocRequestPerSecLimitMatch + +Version 4.1 + + - QS_LocKBytesPerSecLimit + +Version 4.0 + + - Introduce request/response throttling. + +Version 3.12 + + - Update to mod_qos viewer (status handler). + +Version 3.10 + + - Dynamic error page definition using setenvif. + +Version 3.12 + + - Introduce mod_qos viewer (status handler). + +Version 3.5 + + - QS_KeepAliveTimeout + +Version 3.4 + + - QS_SrvConnTimeout + +Version 3.2 + + - QS_SrvMaxConnTimeout + +Version 3.1 + + - QS_SrvMaxConnExcludeIP + +Version 3.0 + + - Introduce connection level control (QS_SrvMaxConnClose QS_SrvMaxConn). + +Version 2.3 + + - VIP detection. + +Version 2.2 + + - qslog utility. + +Version 2.0 + + - New implementation of location based request limitation. + +Version 1.3 + + - Initial version (scoreboard based request limitation). diff --git a/doc/LICENSE.txt b/doc/LICENSE.txt new file mode 100644 index 0000000..57bc88a --- /dev/null +++ b/doc/LICENSE.txt @@ -0,0 +1,202 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/doc/MESSAGES.txt b/doc/MESSAGES.txt new file mode 100644 index 0000000..3afdb29 --- /dev/null +++ b/doc/MESSAGES.txt @@ -0,0 +1,79 @@ +mod_qos version 11.74 +mod_qos(001): QS_ClientEventLimitCount directives can't be added/removed by graceful restart. A server restart is required to apply the new configuration! +mod_qos(002): failed to create shared memory (ACT)(%s): %s (%lu bytes) +mod_qos(002): failed to create shared memory (client control)(%s): %s (%d bytes) +mod_qos(003): request level rule %s has no concurrent request limitations +mod_qos(004): failed to create mutex (ACT)(%s): %s +mod_qos(004): failed to create mutex (client control)(%s): %s +mod_qos(006): could not compile request header filter rules: %s +mod_qos(006): could not compile response header filter rules: %s +mod_qos(007): calculated MaxClients/MaxRequestWorkers (max connections): %d, applied limit: %d (QS_MaxClients) +mod_qos(008): could not create supervisor thread (%s), disable request rate enforcement +mod_qos(009): could not retrieve mod_ssl functions +mod_qos(009): failed to initialize the qslog facility '%s' +mod_qos(009): found default error document '%s'. Use the QS_ErrorPage directive to override this default page. +mod_qos(009): loaded MPM is '%s' but mod_qos should be used with MPM 'Worker' or 'Event' only. +mod_qos(009): mod_parp not available (required by some directives) +mod_qos(009): mod_unique_id not available (mod_qos generates simple request id if required) +mod_qos(009): running in 'log only' mode - rules are NOT enforced! +mod_qos(009): server version is %d.%d but mod_qos should be used with Apache 2.4 only. +mod_qos(010): access denied%s, QS_LocRequestLimit* rule: %s(%d), concurrent requests=%d, c=%s, id=%s +mod_qos(011): access denied, QS_CondLocRequestLimitMatch rule: %s(%d), concurrent requests=%d, c=%s, id=%s +mod_qos(012): access denied%s, QS_EventRequestLimit rule: %s(%d), concurrent requests=%d, c=%s, id=%s +mod_qos(013): access denied%s, QS_%sEventLimitCount rule: %s, max=%d, current=%d, c=%s, id=%s +mod_qos(021): session cookie verification failed, decoding failed, id=%s +mod_qos(023): session cookie verification failed, expired, id=%s +mod_qos(025): failed to create session cookie, id=%s +mod_qos(030): access denied%s, QS_SrvMaxConn rule: max=%d, concurrent connections=%d, c=%s +mod_qos(031): access denied (previously), QS_SrvMaxConnPerIP rule: max=%d, concurrent connections=%d, message repeated %d times, c=%s +mod_qos(031): access denied%s, QS_SrvMaxConnPerIP rule: max=%d, concurrent connections=%d, c=%s +mod_qos(031): access denied%s, QS_SrvMaxConnPerIP rule: max=%d, concurrent connections=%d, message repeated %d times, c=%s +mod_qos(034): %s, QS_SrvMinDataRate rule (enforce keep-alive), c=%s +mod_qos(034): %s, QS_SrvMinDataRate rule (%s%s): min=%d, this connection=%d, c=%s +mod_qos(035): QS_SrvMaxConn: no free IP slot available! Check log for unclean child exit and consider to do a graceful server restart if this condition persists. You might also increase the number of supported connections using the 'QS_MaxClients' directive. +mod_qos(036): QS_SrvMinDataRate: unexpected connection status! connections=%d, cal. request rate=%d, max. limit=%d. Check log for unclean child exit and consider to do a graceful server restart if this condition persists. You might also increase the number of supported connections using the 'QS_MaxClients' directive. +mod_qos(037): loaded MPM is 'event' and the QS_KeepAliveTimeout/QS_MaxKeepAliveRequests directives can't be used. +mod_qos(038): DSCP, failed to set socket options, QS_Set_DSCP=%s, socket=%s, rc=%d, id=%s +mod_qos(040): access denied, %s rule id: %s (%s), action=%s, c=%s, id=%s +mod_qos(041): access denied, no permit rule match, action=%s, c=%s, id=%s +mod_qos(042): drop %s header%s: '%s: %s', %s, c=%s, id=%s +mod_qos(043): access denied%s, %s header: '%s: %s', %s, c=%s, id=%s +mod_qos(044): access denied%s, QS_LimitRequestBody: invalid content-length header, c=%s, id=%s +mod_qos(044): access denied%s, QS_LimitRequestBody: max=%ld this=%ld, c=%s, id=%s +mod_qos(045): access denied, invalid request line: can't parse uri, c=%s, id=%s +mod_qos(046): access denied, invalid url encoding, action=%s, c=%s, id=%s +mod_qos(047): access denied, reached milestone '%d' (%s), user has already passed '%s', action=%s, c=%s, id=%s +mod_qos(048): access denied, invalid JSON syntax (%s), action=%s, c=%s, id=%s +mod_qos(049): redirect to %s, var=%s, action=%s, c=%s, id=%s +mod_qos(050): request rate limit, rule: %s(%ld), req/sec=%ld, delay=%dms%s +mod_qos(051): request rate limit, rule: %s(%ld), req/sec=%ld, delay=%dms +mod_qos(060): access denied (previously), QS_ClientEventBlockCount rule: max=%d, current=%hu, message repeated %d times, c=%s +mod_qos(060): access denied, QS_ClientEventBlockCount rule: max=%d, current=%hu, age=%ld, c=%s +mod_qos(060): access denied, QS_ClientEventBlockCount rule: max=%d, current=%hu, message repeated %d times, c=%s +mod_qos(060): access denied%s, QS_ClientEventBlockCount rule: max=%d, current=%hu, age=%ld, c=%s +mod_qos(061): request rate limit, rule: QS_Event(%d), req/sec=%ld, delay=%dms%s +mod_qos(062): request rate limit, rule: QS_Event(%d), req/sec=%ld, delay=%dms +mod_qos(065): access denied%s, QS_ClientEventRequestLimit rule: max=%d, current=%d, c=%s, id=%s +mod_qos(066): access denied%s, QS_ClientPrefer rule (penalty=%d 0x%02x): max=%d, concurrent connections=%d, c=%s +mod_qos(067): access denied%s, QS_%sClientEventLimitCount rule: event=%s, max=%hu, current=%hu, age=%ld, c=%s +mod_qos(068): QS_ClientSerialize exceeds limit of 5 minutes, c=%s, id=%s +mod_qos(068): QS_SrvSerialize exceeds limit of %d seconds, id=%s +mod_qos(069): no valid IP header found (@%s): header '%s' not available, fallback to connection's IP %s, id=%s +mod_qos(069): no valid IP header found (@%s): invalid header value '%s', fallback to connection's IP %s, id=%s +mod_qos(070): console, not acceptable, client data store has not been enabled, id=%s +mod_qos(070): console, not acceptable, invalid ip/wrong format, id=%s +mod_qos(070): console, not acceptable, missing request query (action/address), id=%s +mod_qos(070): console, not acceptable, qos client control has not been activated, id=%s +mod_qos(070): console, not acceptable, unknown action '%s', id=%s +mod_qos(071): console, action '%s' applied to client ip entry '%s', id=%s +mod_qos(071): console, add new client ip entry '%s', is=%s +mod_qos(072): handler has been disabled for this host, id=%s +mod_qos(080): Can't generate random data, id=%s +mod_qos(083): Can't generate random data. +mod_qos(100): QS_ClientGeoCountryDB has not been configured +mod_qos(101): access denied%s, QS_ClientGeoCountryPriv rule: max=%d, concurrent connections=%d, c=%s country=%s +mod_qos(147): access denied, reached milestone '%d' (%s), earlier than expected (right after %ld instead of %d seconds), action=%s, c=%s, id=%s +mod_qos(166): unexpected connection dispatching, skipping connection counter update for QS_ClientPrefer rule, c=%s +mod_qos(167): closing connection at process connection hook, c=%s +mod_qos(200): { "scoreboard": { "open": %d, "waiting": %d, "read": %d, "write": %d, "keepalive": %d, "start": %d, "log": %d, "dns": %d, "closing": %d, "finishing": %d, "idle": %d }, "maxclients": { "max": %d, "busy": %d%s }%s } +mod_qos(210): ENV %s %s %s diff --git a/doc/favicon.ico b/doc/favicon.ico Binary files differnew file mode 100644 index 0000000..717367b --- /dev/null +++ b/doc/favicon.ico diff --git a/doc/glossary.html b/doc/glossary.html new file mode 100644 index 0000000..66ddc49 --- /dev/null +++ b/doc/glossary.html @@ -0,0 +1,603 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<html> +<head> + <title>mod_qos - Additional Information</title> +<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" /> +<meta name="author" content="Pascal Buchbinder" /> +<meta name="KeyWords" content="mod_qos, Quality of Service, Apache Web Server" /> +<link rel="shortcut icon" href="favicon.ico" /> +<style TYPE="text/css"> +<!-- + body { + background-color: white; + color: black; + font-family: sans-serif, arial, verdana; + font-weight: normal; + text-align: left; + } + a:link { color:#00673F; text-decoration:none; } + a:visited { color:#00673F; text-decoration:none; } + a:focus { color:black; text-decoration:underline; } + a:hover { color:black; text-decoration:underline; } + a:active { color:black; text-decoration:underline; } + syntax { font-family: monospace; font-size: 14; line-height: 1.6; } + .btable { font-size:0.75em; } +--> +</style> +</head> +<body> +<!-- + + Quality of service module for Apache Web Server. + + See http://mod-qos.sourceforge.net/ for further details. + + Copyright (C) 2023 Pascal Buchbinder + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +--> +<table> +<tbody> +<tr><td><a href="index.html"><img src="images/mod_qos.gif" alt="mod_qos" title="mod_qos" /></a></td> + <td style="vertical-align: bottom;"><h1>Additional Information</h1></td></tr> +<tr><td> </td> + <td> + + +<p> +This page gives you additional information on certain aspects of +<a href="index.html">mod_qos</a> to get a better understanding about +how to use the module. +</p> +<hr> + +<p> + <ul> + <li><a href="#directives">Directives</a></li> + <li><a href="#rules">Rules</a></li> + <li><a href="#variables">Environment Variables</a></li> + <li><a href="#concurrency">Concurrency Counter</a></li> + <ul> + <li><a href="#QS_LocRequestLimit_Example">Sample Use Case</a></li> + </ul> + <li><a href="#repeat">Repeat Counter</a></li> + <li><a href="#throughput">Throughput Control</a></li> + <ul> + <li><a href="#requestPerSecond">Requests per Second</a></li> + </ul> + <li><a href="#serialization">Serialization</a></li> + <li><a href="#ssi">Error Pages and Server Side Includes (SSI)</a></li> + <li><a href="#UserTracking">User Tracking</a></li> + <li><a href="#RequestStatistics">Request Statistics Using <i>qslog</i></a></li> + </ul> +</p> + + +<!-- --------------------------------------------------------- --> +<hr> +<a name="directives"></a> +<h2>Directives</h2> +<p> +The module is configured by directives. All directives process the +connection, HTTP request, and response data in a pre-defined sequence. +The following graph shows the order in which the directives work. +</p> +<p> +<a href="images/directive_seq.gif"><img src="images/directive_seq.gif" height="435" width="558" title="directive sequence" alt="directive sequence"/></a> +</p> + + +<!-- --------------------------------------------------------- --> +<hr> +<a name="rules"></a> +<h2>Rules</h2> +<p> +<a href="index.html">mod_qos</a> allows you to configure different kind of +rules. The main component of a rule is its counter. A rule measures either +the <a href="#concurrency">concurrency</a> (how many times something happens +at the same time), the <a href="#repeat">occurrence </a> (how often does +something happen in a certain amount of time), or the +<a href="#throughput">throughput</a> (sent amount of data or number of +request) and stores this information within that counter.</p> +<p> +Every rule has it's own threshold and maintains its own counter. A rule +is identified by either an URL pattern/matching string or by an +<a href="#variables">environment variable name</a>. +You can configure as many rules as you want. </p> +<img src="images/Rule.png" height="164" width="514" alt="Rule" /> +<p> +<i>Note: Some counters are only available once. This applies to the counters of +the rules using the +<code><a href="index.html#QS_Block">QS_Block</a></code>, +<code><a href="index.html#QS_SrvSerialize_var">QS_SrvSerialize</a></code>, and +<code><a href="index.html#QS_Serialize">QS_Serialize</a></code> +<a href="#variables">environment variables</a>. +</i> +</p> + + +<!-- --------------------------------------------------------- --> +<hr> +<a name="variables"></a> +<h2>Environment Variables</h2> +<p> +The Apache web server provides a mechanism for storing information +in so called <i>environment variables</i>. <a href="index.html">mod_qos</a> uses these +variables to exchange data respectively signalize events between +<a href="#rules">different rules</a> defined by the +<a href="#directives">corresponding directive</a>. These +variables can also be written or read by other Apache modules, such as +<a href="http://modsetenvifplus.sourceforge.net/">mod_setenvifplus <img src="images/link.png"/></a> +or <a href="http://httpd.apache.org/docs/current/mod/mod_setenvif.html">mod_setenvif <img src="images/link.png"/></a>. +</p> +<p>Example:<br> +The <code><a href="http://httpd.apache.org/docs/current/mod/mod_setenvif.html#setenvif">SetEnvIf <img src="images/link.png"/></a></code> directive +is used to set the <i>LimitLogin</i> variable if the request line matches +the <code>^/wp-login.php</code> pattern while the +<a href="index.html#QS_ClientEventLimitCount"><code>QS_ClientEventLimitCount</code></a> +directives increments the <a href="#repeat">repeat counter</a> having the same name +if the variable is present. +<br> +<img src="images/Events.png" height="396" width="795" alt="Event set by SetEnvIf and processed by QS_ClientEventLimitCount" /> +</p> +<p>It is also possible to write the values of these variables to your log +file using the format string <code>%{VARNAME}e</code> within the +<code><a href="http://httpd.apache.org/docs/current/mod/mod_log_config.html">TransferLog/CustomLog <img src="images/link.png"/></a></code> +directives. Or you can use them within error pages using +<a href="#ssi">server-side includes (SSI)</a>. +</p> +<p> +<i>Note: Whenever you use a directive (such as +<code><a href="http://modsetenvifplus.sourceforge.net/#SetEnvIfPlus">SetEnvIfPlus <img src="images/link.png"/></a></code>) which can either process request attributes (such +as HTTP headers) or environment variables, you must make sure that +a client can not bypass your rules by sending a request header +with the same name as the environment variable used in your configuration. +Use either the <a href="index.html#QS_RequestHeaderFilter">request header filter</a> +or the <code><a href="index.html#QS_UnsetReqHeader">QS_UnsetReqHeader</a></code> +directive to prevent anyone from sending a request header with the same name as +the variable you have defined. +</i></p> + +<!-- --------------------------------------------------------- --> +<hr> +<a name="concurrency"></a> +<h2>Concurrency Counter</h2> +<p> +A "concurrency counter" is used to determine how many times something +happens at the same time (concurrent), e.g. HTTP requests accessing the same +resource/URL at the same time. The rules using this counter type are either +defined by an <a href="#variables">environment variable name</a> or an +URL pattern (regular expression or a string matching the request's URL). +Such a rule automatically increments the counter when the Apache web server +starts to process a matching request and decrements the counter when the +request processing is completed. +</p> +<p> +You have to configure a threshold and the rule's variable name resp. URL +pattern. Requests (or new connections) are denied as soon as the configured +threshold is reached. +</p> +<p> +Directives using this counter type are: +<ul> +<li><a href="index.html#QS_LocRequestLimitMatch"><syntax>QS_LocRequestLimitMatch</syntax></a></li> +<li><a href="index.html#QS_LocRequestLimit"><syntax>QS_LocRequestLimit</syntax></a></li> +<li><a href="index.html#QS_CondLocRequestLimitMatch"><syntax>QS_CondLocRequestLimitMatch</syntax></a></li> +<li><a href="index.html#QS_EventRequestLimit"><syntax>QS_EventRequestLimit</syntax></a></li> +<li><a href="index.html#QS_ClientEventRequestLimit"><syntax>QS_ClientEventRequestLimit</syntax></a></li> +</ul> +Also the +<a href="index.html#QS_SrvMaxConn"><code>QS_SrvMaxConn</code></a>, +<a href="index.html#QS_SrvMaxConnClose"><code>QS_SrvMaxConnClose</code></a>, and +<a href="index.html#QS_SrvMaxConnPerIP"><code>QS_SrvMaxConnPerIP</code></a> +directives use this counter type, although with fewer parameter options. +</p> +<p> +<a name="QS_LocRequestLimit_Example"></a> +<h4>Sample Use Case</h4> +Now let us look at an example to show where these rules can be used. +Let's assume that you have two applications. We call them +"<font color="green">A</font>" and "<font color="blue">B</font>". +Application "<font color="green">A</font>" has been deployed on +path <code>/app/a</code> and "<font color="blue">B</font>" +on <code>/app/b</code>. +<table width="780px"> + <tr> +<td> </td> +<td> +As long as the server has enough resources, users can access both +applications the same time without influencing each other.<br> +All requests are processed quickly and the workers (w) become free +again to serve new requests. +<br><br> +</td> +<td> +<small> </small> <img src="images/qsloc1.png" height="216" width="408" alt="trouble-free"/> +</td> + </tr> + <tr> +<td> </td> +<td> +But if the application "<font color="blue">B</font>" becomes slow, +the duration of request processing increases and all workers (w) become busy. +There are no free workers left and application +"<font color="green">A</font>" becomes unavailable because of that. +<br><br> +</td> +<td> + <img src="images/qsloc2.png" height="212" width="422" alt="disruption"/> +</td> + </tr> + <tr> +<td> </td> +<td> +A <a href="index.html#QS_LocRequestLimit"><code>QS_LocRequestLimit</code></a> or +<a href="index.html#QS_LocRequestLimitMatch"><code>QS_LocRequestLimitMatch</code></a> +rule can help in such a situation. mod_qos limits the +number of requests to application "<font color="blue">B</font>" +so that application "<font color="green">A</font>" remains +available even if application "<font color="blue">B</font>" +has performance problems. +</td> +<td> + <img src="images/qsloc3.png" height="244" width="422" alt="disruption"/> +</td> + </tr> +</table> +<br> +Such a scenario can occur due to various infrastructure problems, +e.g., by slow database queries.<br> A similar situation can also +arise through an external influence: if someone penetrates application +"<font color="blue">B</font>" with a <i>HTTP GET / POST flood DoS attack</i>, +then application "<font color="green">A</font>" could also become +unreachable. +A <a href="index.html#QS_LocRequestLimit"><code>QS_LocRequestLimit</code></a> +rule can prevent this. +</p> + +<!-- --------------------------------------------------------- --> +<hr> +<a name="repeat"></a> +<h2>Repeat Counter</h2> +<p> +"Repeat counters" limit the number how often (Cr) something is allowed to +happen in a certain amount of time (Td). These rules trigger a timer whenever +the defined event occurs the first time and start to count every subsequent event +until the timer expires. If the event counter reaches the defined limitation, +requests are blocked until the time is up. +</p> +<p> + <img src="images/LimitCount.png" height="432" width="576" alt="reapet counter"/> +</p> +<p> +All repeat counters allow you to define an event which shall +increment the counter if they occur. You also have to configure a +duration Td and the threshold Cr, defining how many events are +allowed within the time Td.</p> +<p>Directive parameter example:<br> +<img src="images/LimitCountExample.png" height="165" width="574" alt="QS_ClientEventLimitCount" /> +</p> +<p> +While the counter is automatically cleared (set to 0) when the +time Td is up, you might also configure additional events to +<a href="index.html#_Decrement">decrement</a> or +<a href="index.html#_Clear">clear</a> the counter earlier. +</p> +<p> +The directives using this counter type are: +<ul> +<li><a href="index.html#QS_EventLimitCount"><syntax>QS_EventLimitCount</syntax></a></li> +<li><a href="index.html#QS_CondEventLimitCount"><syntax>QS_CondEventLimitCount</syntax></a></li> +<li><a href="index.html#QS_ClientEventLimitCount"><syntax>QS_ClientEventLimitCount</syntax></a></li> +<li><a href="index.html#QS_CondClientEventLimitCount"><syntax>QS_CondClientEventLimitCount</syntax></a></li> +<li><a href="index.html#QS_ClientEventBlockCount"><syntax>QS_ClientEventBlockCount</syntax></a></li> +</ul> +<i>Note: Some directives support the increase of the counter by more than "1" +taking the variable's value into account.</i> +</p> + + +<!-- --------------------------------------------------------- --> +<hr> +<a name="throughput"></a> +<h2>Throughput Control</h2> +<p> +Throughput control is implemented by measuring the current usage and +calculating a necessary delay which needs to be applied to the +data processing in order to achieve the desired limitation (closed +loop control system). +</p> +<p> + <img src="images/ClosedLoop.png" height="216" width="478" alt="closed loop"/> +</p> +<p> +<a href="index.html">mod_qos</a> can limit the bandwidth when downloading +data from your web server to the client. This throughput control can +be configured by the following directives: +<ul> +<li><a href="index.html#QS_LocKBytesPerSecLimitMatch"><syntax>QS_LocKBytesPerSecLimitMatch</syntax></a></li> +<li><a href="index.html#QS_LocKBytesPerSecLimit"><syntax>QS_LocKBytesPerSecLimit</syntax></a></li> +<li><a href="index.html#QS_EventKBytesPerSecLimit"><syntax>QS_EventKBytesPerSecLimit</syntax></a></li> +</ul> +<i>Note: Throughput control should always be used with a <a href="#concurrency">concurrency counter</a> +because the added delay increases the number of simultaneous requests. +</i></p> +<a name="requestPerSecond"></a> +<h3>Requests per Second</h3> +<p> +It is also possible to limit the number or requests per second to a +resource. This control function is less accurate than the bandwidth +limitation, since the measurement of the request rate takes longer +(several seconds) and the request delay is more coarse-grained.<br> +The following directive can be used to limit the number of requests +per second: +<ul> +<li><a href="index.html#QS_LocRequestPerSecLimitMatch"><syntax>QS_LocRequestPerSecLimitMatch</syntax></a></li> +<li><a href="index.html#QS_LocRequestPerSecLimit"><syntax>QS_LocRequestPerSecLimit</syntax></a></li> +<li><a href="index.html#QS_EventPerSecLimit"><syntax>QS_EventPerSecLimit</syntax></a></li> +<li><a href="index.html#QS_ClientEventPerSecLimit"><syntax>QS_ClientEventPerSecLimit</syntax></a></li> +</ul> +</p> + + +<!-- --------------------------------------------------------- --> +<hr> +<a name="serialization"></a> +<h2>Serialization</h2> +<p> +<a href="index.html">mod_qos</a> offers you the option to serialize requests. +Serialization means, that requests are processed one after the other. Incoming +requests are queued if another request is in process and have to wait until +the previous request is finished. +</p> +<p> + <img src="images/Serialization.png" height="336" width="570" alt="serialization"/> +</p> +<p> +Requests, which shall be serialized, are tagged by one of the following +<a href="#variables">environment variables</a>: +<ul> +<li><syntax><a href="index.html#QS_SrvSerialize_var">QS_SrvSerialize</a></syntax></li> +<li><syntax><a href="index.html#QS_Serialize">QS_Serialize</a></syntax></li> +</ul> +</p> +<p> +Serialization might be applied on a per +<a href="index.html#QS_SrvSerialize">server level</a> (serializing all HTTP +requests) or on a <a href="index.html#QS_ClientSerialize">per client level</a> +(serializing multiple requests coming from the same client/IP address). +</p> + + +<!-- --------------------------------------------------------- --> +<hr> +<a name="ssi"></a> +<a name="SSI"></a> +<h2>Error Pages and Server Side Includes (SSI)</h2> +<p> +Custom error documents to be used by <a href="index.html">mod_qos</a> +are either configured using the +<code><a href="index.html#QS_ErrorPage">QS_ErrorPage</a></code> directive +or the <code><a href="index.html#QS_ErrorPage_Var">QS_ErrorPage</a></code> +variable.<br> +You may also use Apache's <a href="http://httpd.apache.org/docs/current/howto/ssi.html">server-side includes (SSI) <img src="images/link.png"/></a> to generate the content +of the error document dynamically. The <a href="index.html#errorlog">error codes</a> and +other <a href="index.html#variables">variables</a> set by +<a href="index.html">mod_qos</a> can be used. +</p> +<p> +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +Sample configuration:<br> +<pre> +AddType text/html .shtml +AddOutputFilter INCLUDES .shtml +QS_ErrorPage <a href="#qs_error.shtml">/errorpages/qs_error.shtml</a> +</pre> +</td></tr> +</table> +</p> + +<p> +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"><a name="qs_error.shtml"></a> +Sample page:<br> +<pre> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<html> + <head> + <!-- + -- mod_qos sample SSI error page (Apache 2.4) + --> + <meta http-equiv="Cache-Control" content="no-cache, no-store"/> + <meta http-equiv="expires" content="0" /> + <title>ERROR - <!--#echo var="REDIRECT_ERROR_NOTES" --></title> + </head> + <body> + <p> + <b><i>sorry - the server was unable to complete your request</i></b> + </p> + <p> + code: mod_qos(<!--#echo var="<a href="index.html#QS_ErrorNotes">QS_ErrorNotes</a>" -->)<br> + <!--#if expr="v('REDIRECT_ERROR_NOTES') =~ /00[0-9]/" --> + reason: initialisation failure + <!--#elif expr="v('REDIRECT_ERROR_NOTES') =~ /0[18][0-9]/" --> + reason: request rule + <!--#elif expr="v('REDIRECT_ERROR_NOTES') =~ /03[0-9]/" --> + reason: connection rule + <!--#elif expr="v('REDIRECT_ERROR_NOTES') =~ /[01]4[0-9]/" --> + reason: request filter + <!--#elif expr="v('REDIRECT_ERROR_NOTES') =~ /05[0-9]/" --> + reason: bandwidth limitation + <!--#elif expr="v('REDIRECT_ERROR_NOTES') =~ /[01]6[0-9]/" --> + reason: client limitation <br> + remaining time: <span id="remaining"><!--#echo var="<a href="index.html#QS_Limit_Remaining">QS_Limit_Remaining</a>" --></span> seconds + <script type="text/javascript"> + <!-- + setInterval(function () { + var msg = document.getElementById('remaining'); + if(msg) { + var value = msg.innerHTML; + var remainTime = value - 1; + if(remainTime < 0) { + window.location = window.location.pathname; + } else { + msg.innerHTML = remainTime; + } + } + }, 1000); + //--> + </script> + <!--#elif expr="v('REDIRECT_ERROR_NOTES') =~ /10[0-9]/" --> + reason: GEO location limitation + <!--#else --> + reason: generic failure + <!--#endif --> + </p> + </body> +</html> +</pre> +</td></tr> +</table> +</p> + + +<!-- --------------------------------------------------------- --> +<hr> +<a name="UserTracking"></a> +<a name="QS_UserTrackingCookieName"></a> +<h2>User Tracking</h2> +<p> +It might be necessary to identify individual users to define appropriate QoS +rules. For this reason, <a href="index.html">mod_qos</a> can set a cookie +containing a unique identifier. This identifier is then written to the +<code><a href="index.html#mod_qos_user_id">mod_qos_user_id</a></code> +environment variable and you can add it to your log files by the +format string <code>%{mod_qos_user_id}e</code>. This allows you to identify +all requests issued by a user.</p> +<p> +This feature is enabled by the following directive: +<ul> +<li><syntax>QS_UserTrackingCookieName <name> [<path>] [<domain>] ['session'] ['jsredirect']</syntax><br> +The parameter "name" defines the cookie's name and "domain" (optional) +the domain attribute for the Set-Cookie header. The string "session" can +be defined if the cookie should not be stored by the session (but can +be deleted when the user closes this browser). +</li> +</ul> +You can also enforce the browser to support cookies by specifying the +"path" parameter for the <code>QS_UserTrackingCookieName</code> directive. +This parameter defines an error document and mod_qos +answers the request with a redirect (302) to this document when setting +the cookie initially. The browser will follow the redirect and mod_qos +redirects the browser back to the initially requested page if the request +to this error document contains the tracking cookie. If the browser did not +send the cookie, the error document is shown. +</p> +<p> <img src="images/UserTracking.png" height="386" width="410" alt="user tracking cookie enforcement"/></p> +<p> +<i>Note: You can exclude certain clients from this enforcement by +setting the <code>DISABLE_UTC_ENFORCEMENT</code> +<a href="#variables">environment variable</a> +at server level (outside Location), e.g., to allow crawlers not +supporting cookies to access your site.</i> +</p> +<p> +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +Sample configuration:<br> +<pre> +<a href="index.html#QS_UserTrackingCookieName">QS_UserTrackingCookieName</a> qstrack <a href="#cookiecheck">/errorpages/cookiecheck.html</a> session +<a href="index.html#QS_SessionKey">QS_SessionKey</a> sB.F4_0%D700ahXT2 +</pre> +</td></tr> +</table> +</p> +<p> +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"><a name="cookiecheck"></a> +Sample page:<br> +<pre> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<html> + <head> + <meta http-equiv="Cache-Control" content="no-cache, no-store"/> + <meta http-equiv="expires" content="0" /> + <title>Cookie Check Page</title> + </head> + <body> + <h1>Cookie Check Failed</h1> + <p> + Please enable cookies in your browser.<br> + Bitte schalten Sie in Ihrem Browser Cookies ein.<br> + Activez les cookies dans votre navigateur, s'il vous pla&icirc;t.<br> + Por favor active las cookies en su navegador.<br> + Si prega di attivare i cookies nel proprio browser.<br> + </p> + </body> +</html> +</pre> +</td></tr> +</table> +</p> + +<!-- --------------------------------------------------------- --> +<hr> +<a name="qslog"></a> +<a name="RequestStatistics"></a> +<h2>Request Statistics Using <i>qslog</i></h2> +<p> +<code><a href="qslog.1.html">qslog</a></code> is a command line tool to +generate usage statistics data from log files. It can generate the data in +real time if defined within your Apache's server configuration. +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +Sample configuration:<br> +<pre> +CustomLog "|/usr/bin/qslog -o logs/qslog.csv -x -f ISBDk" "%h %>s %b %D %k" +</pre> +</td></tr> +</table> +</p><p> +Or you can use it to process any existing log file using the post processing +option <code>-p</code>. This does not only work for +<a href="http://httpd.apache.org/docs/current/mod/mod_log_config.html">Apache log <img src="images/link.png"/></a> files but for any other log file as well. You just have to know what's in the log +and configure the format string argument <code>-f</code> of the +<code><a href="qslog.1.html">qslog</a></code> command accordingly. +</p> +<p> +Example:<br> +<img src="images/qslogFormat.png" height="381" width="738" alt="log format definition"/> +</p> +<p> +The output shows the data as a function of time: a summary of what happened every minute. +Each line includes all measured values as semicolon spearated name/value pairs (CSV). +</p> +<p> +You can use the spreadsheet program of your choice to process the output:<br><br> +<img src="images/qslog_spreadsheet_example.png" height="413" width="850" alt="spreadsheet"/> +</p> + +<!-- --------------------------------------------------------- --> +</td></tr> +</tbody> +</table> +<br> +<hr> +<SMALL><SMALL>© 2023, Pascal Buchbinder</SMALL></SMALL> +</body> +</html> diff --git a/doc/headerfilterrules.txt b/doc/headerfilterrules.txt new file mode 100644 index 0000000..58d4d5c --- /dev/null +++ b/doc/headerfilterrules.txt @@ -0,0 +1,97 @@ + +QS_RequestHeaderFilter rules: + + name=Accept, action=drop, size=300, pattern=^([a-zA-Z0-9_*+-]+/[a-zA-Z0-9_*+.-]+(;[ ]?[a-zA-Z0-9]+=[0-9]+)?[ ]?(;[ ]?[qv]=[a-z0-9.]+)?){1}([ ]?,[ ]?([a-zA-Z0-9_*+-]+/[a-zA-Z0-9_*+.-]+(;[ ]?[a-zA-Z0-9]+=[0-9]+)?[ ]?(;[ ]?[qv]=[a-z0-9.]+)?))*$ + name=Accept-Charset, action=drop, size=300, pattern=^([a-zA-Z0-9*-]+(;[ ]?q=[0-9.]+)?){1}([ ]?,[ ]?([a-zA-Z0-9*-]+(;[ ]?q=[0-9.]+)?))*$ + name=Accept-Encoding, action=drop, size=500, pattern=^([a-zA-Z0-9*-]+(;[ ]?q=[0-9.]+)?){1}([ ]?,[ ]?([a-zA-Z0-9*-]+(;[ ]?q=[0-9.]+)?))*$ + name=Accept-Language, action=drop, size=200, pattern=^([a-zA-Z*-]+[0-9]{0,3}(;[ ]?q=[0-9.]+)?){1}([ ]?,[ ]?([a-zA-Z*-]+[0-9]{0,3}(;[ ]?q=[0-9.]+)?))*$ + name=Access-Control-Request-Method, action=drop, size=10, pattern=^[a-zA-Z]+$ + name=Access-Control-Request-Headers, action=drop, size=500, pattern=^([a-zA-Z0-9-]+){1}([ ]?,[ ]?([a-zA-Z0-9-]+))*$ + name=Authorization, action=drop, size=4000, pattern=^[a-zA-Z0-9 +/$=:]+$ + name=Cache-Control, action=drop, size=100, pattern=^(no-cache|no-store|max-age=[0-9]+|max-stale(=[0-9]+)?|min-fresh=[0-9]+|no-transform|only-if-chached){1}([ ]?,[ ]?(no-cache|no-store|max-age=[0-9]+|max-stale(=[0-9]+)?|min-fresh=[0-9]+|no-transform|only-if-chached))*$ + name=Connection, action=drop, size=100, pattern=^([teTE]+,[ ]?)?([a-zA-Z0-9-]+){1}([ ]?,[ ]?([teTE]+))?$ + name=Content-Encoding, action=deny, size=100, pattern=^[a-zA-Z0-9-]+(,[ ]*[a-zA-Z0-9-]+)*$ + name=Content-Language, action=drop, size=100, pattern=^([0-9a-zA-Z]{0,8}(-[0-9a-zA-Z]{0,8})*)(,[ ]*([0-9a-zA-Z]{0,8}(-[0-9a-zA-Z]{0,8})*))*$ + name=Content-Length, action=deny, size=10, pattern=^[0-9]+$ + name=Content-Location, action=deny, size=200, pattern=^[:/?#\[\]@!$&'()*+,;=a-zA-Z0-9._~% -]+$ + name=Content-md5, action=deny, size=50, pattern=^[a-zA-Z0-9 +/$=:]+$ + name=Content-Range, action=deny, size=50, pattern=^(bytes[ ]+([0-9]+-[0-9]+)/([0-9]+|\*))$ + name=Content-Type, action=deny, size=200, pattern=^(["a-zA-Z0-9*/; =-]+){1}([ ]?,[ ]?(["a-zA-Z0-9*/; =-]+))*$ + name=Cookie, action=drop, size=3000, pattern=^[:/?#\[\]@!$&'()*+,;="a-zA-Z0-9._~% -]+$ + name=Cookie2, action=drop, size=3000, pattern=^[:/?#\[\]@!$&'()*+,;="a-zA-Z0-9._~% -]+$ + name=DNT, action=drop, size=3, pattern=^[0-9]+$ + name=Expect, action=drop, size=200, pattern=^[a-zA-Z0-9= ;.,-]+$ + name=From, action=drop, size=100, pattern=^[a-zA-Z0-9=@;.,()-]+$ + name=Host, action=drop, size=100, pattern=^[a-zA-Z0-9.-]+(:[0-9]+)?$ + name=If-Invalid, action=drop, size=500, pattern=^[a-zA-Z0-9_.:;() /+!-]+$ + name=If-Match, action=drop, size=100, pattern=^(W/)?[a-zA-Z0-9=@;.,*"-]+$ + name=If-Modified-Since, action=drop, size=100, pattern=^[a-zA-Z0-9 :,]+$ + name=If-None-Match, action=drop, size=100, pattern=^(W/)?[a-zA-Z0-9=@;.,*"-]+$ + name=If-Range, action=drop, size=100, pattern=^[a-zA-Z0-9=@;.,*"-]+$ + name=If-Unmodified-Since, action=drop, size=100, pattern=^[a-zA-Z0-9 :,]+$ + name=If-Valid, action=drop, size=500, pattern=^[a-zA-Z0-9_.:;() /+!-]+$ + name=Keep-Alive, action=drop, size=20, pattern=^[0-9]+$ + name=Max-Forwards, action=drop, size=20, pattern=^[0-9]+$ + name=Origin, action=drop, size=2000, pattern=^[:/?#\[\]@!$&'()*+,;=a-zA-Z0-9._~% -]+$ + name=Proxy-Authorization, action=drop, size=400, pattern=^[a-zA-Z0-9 +/$=:]+$ + name=Pragma, action=drop, size=200, pattern=^[a-zA-Z0-9= ;.,-]+$ + name=Range, action=drop, size=200, pattern=^[a-zA-Z0-9=_.:;() /+!-]+$ + name=Referer, action=drop, size=2000, pattern=^[:/?#\[\]@!$&'()*+,;=a-zA-Z0-9._~% -]+$ + name=TE, action=drop, size=100, pattern=^([a-zA-Z0-9*-]+(;[ ]?q=[0-9.]+)?){1}([ ]?,[ ]?([a-zA-Z0-9*-]+(;[ ]?q=[0-9.]+)?))*$ + name=Transfer-Encoding, action=deny, size=100, pattern=^(chunked|Chunked|compress|Compress|deflate|Deflate|gzip|Gzip|identity|Identity)([ ]?,[ ]?(chunked|Chunked|compress|Compress|deflate|Deflate|gzip|Gzip|identity|Identity))*$ + name=Unless-Modified-Since, action=drop, size=100, pattern=^[a-zA-Z0-9 :,]+$ + name=User-Agent, action=drop, size=300, pattern=^[a-zA-Z0-9]+[a-zA-Z0-9_.:;()\[\]@ /+!=,-]+$ + name=Upgrade-Insecure-Requests, action=drop, size=1, pattern=^1$ + name=Via, action=drop, size=100, pattern=^[a-zA-Z0-9_.:;() /+!-]+$ + name=X-Forwarded-For, action=drop, size=100, pattern=^[a-zA-Z0-9_.:-]+(, [a-zA-Z0-9_.:-]+)*$ + name=X-Forwarded-Host, action=drop, size=100, pattern=^[a-zA-Z0-9_.:-]+$ + name=X-Forwarded-Server, action=drop, size=100, pattern=^[a-zA-Z0-9_.:-]+$ + name=X-lori-time-1, action=drop, size=20, pattern=^[0-9]+$ + name=X-Do-Not-Track, action=drop, size=20, pattern=^[0-9]+$ + +QS_ResponseHeaderFilter rules: + + name=Age, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Accept-Ranges, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Access-Control-Allow-Origin, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Access-Control-Allow-Methods, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Access-Control-Allow-Headers, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Access-Control-Max-Age, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Access-Control-Allow-Credentials, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Access-Control-Expose-Headers, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Allow, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Cache-Control, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Content-Disposition, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Content-Encoding, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Content-Language, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Content-Length, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Content-Location, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Content-MD5, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Content-Range, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Content-Security-Policy, action=drop, size=8000, pattern=^[\x20-\xFF]*$ + name=Content-Type, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Connection, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Date, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=ETag, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Expect, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Expires, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Keep-Alive, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Last-Modified, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Location, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Proxy-Authenticate, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Public-Key-Pins, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Public-Key-Pins-Report-Only, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Retry-After, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Pragma, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Server, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Set-Cookie, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Set-Cookie2, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Strict-Transport-Security, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=Vary, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=WWW-Authenticate, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=X-Content-Security-Policy, action=drop, size=8000, pattern=^[\x20-\xFF]*$ + name=X-Content-Type-Options, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=X-Frame-Options, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + name=X-XSS-Protection, action=drop, size=4000, pattern=^[\x20-\xFF]*$ + +mod_qos 11.74 diff --git a/doc/images/ClientPrefer.png b/doc/images/ClientPrefer.png Binary files differnew file mode 100644 index 0000000..ad1f759 --- /dev/null +++ b/doc/images/ClientPrefer.png diff --git a/doc/images/ClosedLoop.png b/doc/images/ClosedLoop.png Binary files differnew file mode 100644 index 0000000..8303b73 --- /dev/null +++ b/doc/images/ClosedLoop.png diff --git a/doc/images/Events.png b/doc/images/Events.png Binary files differnew file mode 100644 index 0000000..8ae21cc --- /dev/null +++ b/doc/images/Events.png diff --git a/doc/images/LimitCount.png b/doc/images/LimitCount.png Binary files differnew file mode 100644 index 0000000..7c8586d --- /dev/null +++ b/doc/images/LimitCount.png diff --git a/doc/images/LimitCountExample.png b/doc/images/LimitCountExample.png Binary files differnew file mode 100644 index 0000000..f210c36 --- /dev/null +++ b/doc/images/LimitCountExample.png diff --git a/doc/images/QS_ClientEventBlockCount.png b/doc/images/QS_ClientEventBlockCount.png Binary files differnew file mode 100644 index 0000000..452c887 --- /dev/null +++ b/doc/images/QS_ClientEventBlockCount.png diff --git a/doc/images/Rule.png b/doc/images/Rule.png Binary files differnew file mode 100644 index 0000000..9d3ff86 --- /dev/null +++ b/doc/images/Rule.png diff --git a/doc/images/Serialization.png b/doc/images/Serialization.png Binary files differnew file mode 100644 index 0000000..241a260 --- /dev/null +++ b/doc/images/Serialization.png diff --git a/doc/images/SrvMinDataRate.png b/doc/images/SrvMinDataRate.png Binary files differnew file mode 100644 index 0000000..e992a99 --- /dev/null +++ b/doc/images/SrvMinDataRate.png diff --git a/doc/images/UserTracking.png b/doc/images/UserTracking.png Binary files differnew file mode 100644 index 0000000..6ae02c6 --- /dev/null +++ b/doc/images/UserTracking.png diff --git a/doc/images/directive_seq.gif b/doc/images/directive_seq.gif Binary files differnew file mode 100644 index 0000000..0fcae8e --- /dev/null +++ b/doc/images/directive_seq.gif diff --git a/doc/images/download.jpg b/doc/images/download.jpg Binary files differnew file mode 100644 index 0000000..4c3ac5d --- /dev/null +++ b/doc/images/download.jpg diff --git a/doc/images/link.png b/doc/images/link.png Binary files differnew file mode 100644 index 0000000..d6a9ee2 --- /dev/null +++ b/doc/images/link.png diff --git a/doc/images/mod_qos.gif b/doc/images/mod_qos.gif Binary files differnew file mode 100644 index 0000000..fc4077c --- /dev/null +++ b/doc/images/mod_qos.gif diff --git a/doc/images/qsloc.png b/doc/images/qsloc.png Binary files differnew file mode 100644 index 0000000..3b8482f --- /dev/null +++ b/doc/images/qsloc.png diff --git a/doc/images/qsloc1.png b/doc/images/qsloc1.png Binary files differnew file mode 100644 index 0000000..6b710ff --- /dev/null +++ b/doc/images/qsloc1.png diff --git a/doc/images/qsloc2.png b/doc/images/qsloc2.png Binary files differnew file mode 100644 index 0000000..348e6bc --- /dev/null +++ b/doc/images/qsloc2.png diff --git a/doc/images/qsloc3.png b/doc/images/qsloc3.png Binary files differnew file mode 100644 index 0000000..2f48ef2 --- /dev/null +++ b/doc/images/qsloc3.png diff --git a/doc/images/qslogFormat.png b/doc/images/qslogFormat.png Binary files differnew file mode 100644 index 0000000..bc78bed --- /dev/null +++ b/doc/images/qslogFormat.png diff --git a/doc/images/qslog_spreadsheet_example.png b/doc/images/qslog_spreadsheet_example.png Binary files differnew file mode 100644 index 0000000..4b23801 --- /dev/null +++ b/doc/images/qslog_spreadsheet_example.png diff --git a/doc/index.html b/doc/index.html new file mode 100644 index 0000000..839d364 --- /dev/null +++ b/doc/index.html @@ -0,0 +1,2751 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<html> +<head> + <title>mod_qos</title> +<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" /> +<meta name="author" content="Pascal Buchbinder" /> +<meta name="KeyWords" content="mod_qos, Quality of Service, Apache Web Server, Throttling, Web application security, WAF, Open Source Software, Secure Reverse Proxy, Denial of Service Prevention, DoS, DDoS" /> +<link rel="shortcut icon" href="favicon.ico" /> +<style TYPE="text/css"> +<!-- + body { + background-color: white; + color: black; + font-family: sans-serif, arial, verdana; + font-weight: normal; + text-align: left; + } + a:link { color:#00673F; text-decoration:none; } + a:visited { color:#00673F; text-decoration:none; } + a:focus { color:black; text-decoration:underline; } + a:hover { color:black; text-decoration:underline; } + a:active { color:black; text-decoration:underline; } + li { margin: 4px 0; } + syntax { font-family: monospace; font-size: 14; line-height: 1.8; } + .btable { font-size:0.75em; } + .prept { font-size:0.75em; } +--> +</style> +</head> +<body> +<!-- + + Quality of service module for Apache Web Server. + + See http://mod-qos.sourceforge.net/ for further details. + + Copyright (C) 2023 Pascal Buchbinder + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +--> +<table> +<tbody> +<tr><td><img src="images/mod_qos.gif" alt="mod_qos" title="mod_qos" /></td> + <td style="vertical-align: bottom;"><h1>mod_qos</h1></td> +</tr> +<tr><td> </td> + <td> +<p> +In computer networking, the term quality of service (QoS) describes +resource management rather than the quality of a service. +Quality of service implements control mechanisms to provide +different priority to different users, applications, and data +connections. It is used to guarantee a certain level of performance +to data resources. The term quality of service is often used +in the field of wide area network protocols (e.g. ATM) and +telephony (e.g. VoIP), but rarely in conjunction with web applications. +<b>mod_qos is a quality of service module for the Apache web server</b> +implementing control mechanisms that can provide different levels of +priority to different HTTP requests. +</p> +<p> +But why do you need quality of service for a web application? Well, +web servers require threads and processes to serve HTTP requests. +Each TCP connection to the web server occupies one of these threads +respectively processes. Sometimes a server gets too busy to serve +every request due to the lack of free processes or threads. Another +parameter requiring control by mod_qos is the available bandwidth: +all clients communicate to the server over a network link with +limited bandwidth. Overfilling the link results in network +congestion and poor performance. +</p> +<p> +Example situations where web applications require QoS: +<ul> +<li> +More resources are consumed if request processing by an application +takes a long time, e.g. when request processing includes +time consuming database queries. +</li> +<li> +Oversubscription of link capabilities due to many concurrent +clients uploading or downloading data. +</li> +<li> +Penetration of the web server by attackers (DoS).<!-- line is a MARKER --> +</li> +</ul> +</p> +<p> +mod_qos may be used to determine which requests should be served and +which shouldn't in order to avoid resource oversubscription. The +module collects different attributes such as the request URL, +HTTP request and response headers, the IP source address, country codes, +the HTTP response code, history data (based on user session and source +IP address), the number of concurrent requests to the +server (total or requests having similar attributes), the number +of concurrent TCP connections (total or from a single source IP), +and so forth.</p> +<p> +<a name="rules"></a> +The <u><a href="glossary.html#rules">rules</a></u> you want to configure +are defined by the +<u><a href="glossary.html#directives">module's directives</a></u>. Every rule +reads attributes from different sources and using its own counters to +store their status. +</p> +<p> +Counteractive measures to enforce the defined rules are: request +blocking, dynamic timeout adjustment, request delay, response +throttling, and dropping of TCP connections. +</p> +<p> +The <a title="change log" href="CHANGES.txt">current release</a> of the mod_qos +module implements various control mechanisms: +<ul> +<li type=square> +The maximum number of <a href="glossary.html#concurrency">concurrent</a> +requests to a location/resource (URL) +or virtual host. +</li> +<li type=square> +Limitation of the <a href="glossary.html#throughput">bandwidth</a> such as the maximum +allowed number of requests per second to an URL or the maximum/minimum of downloaded +kbytes per second. +</li> +<li type=square> +Limits the number of request <a href="glossary.html#requestPerSecond">events per second</a> (special request conditions). +</li> +<li type=square> +Limits the number of request <a href="glossary.html#repeat">events within a defined +period of time</a>. +</li> +<li type=square> +It can also detect very important persons (VIP) which may access the +web server without or with fewer restrictions. +</li> +<li type=square> +Generic request line and header filter to deny unauthorized operations. +</li> +<li type=square> +Request body data limitation and filtering (requires +<a href="http://parp.sourceforge.net">mod_parp <img src="images/link.png"/></a>). +</li> +<li type=square> +Limits the number of request events for individual clients (IP). +</li> +<li type=square> +Limitations on the TCP connection level, e.g., the maximum number of +allowed connections from a single IP source address or dynamic +keep-alive control. +</li> +<li type=square> +Prefers known IP addresses when server runs out of free TCP connections. +</li> +<li type=square> +Serialization of requests. +</li> +</ul> +</p> +<hr> +</td></tr> +<tr><td> </td><td style="background-color: #E2EDE2"> +<p align="center"> +<br> +mod_qos is an open source software licensed under the +<a href="LICENSE.txt">Apache License</a>. You can download the latest release at +<a href="https://sourceforge.net/projects/mod-qos/files/">SourceForge.net</a>. +<br><br> +</p> +</td></tr> +<tr><td> </td><td> +<hr> +<p> +More information about mod_qos: +<ul> +<li><a href="#build">Build</a></li> +<!-- DIST START --> +<li><a href="#source">Source Code</a></li> +<li><a href="CHANGES.txt">Changes</a></li> +<!-- DIST END --> +<li><a href="#configuration">Configuration</a></li> +<ul> +<li><a href="#requestlevelcontrol">Request Level Control</a></li> +<li><a href="#statuscode">Status Code and Error Page</a></li> +<li><a href="#privilegedusers">Privileged Users</a></li> +<li><a href="#variables">Variables</a></li> +<li><a href="#conditionalrules">Conditional Rules</a></li> +<li><a href="#eventcontrol">Events</a></li> +<li><a href="#filter">Request Level, Generic Filter</a></li> +<li><a href="#connectionlevelcontrol">Connection Level Control</a></li> +<li><a href="#clientlevelcontrol">Client Level Control</a></li> +</ul> +<li><a href="#messages">Log Messages</a></li> +<ul> +<li><a href="#errorlog">Error Log</a></li> +<li><a href="#accesslog">Access Log</a></li> +<li><a href="#requeststatistics">Request Statistics</a></li> +<li><a href="#statusviewer">Status Viewer</a></li> +<li><a href="#webconsole">Web Console</a></li> +<li><a href="#utilities">Utilities</a></li> +</ul> +<li><a href="#usecases">Sample Use Cases</a></li> +</ul> +</p> + +<hr> +<a name="build"></a> +<h2>Build</h2> +<p> +mod_qos requires OpenSSL, PCRE, threading and shared memory support. +mod_qos is designed to be used with Apache's +<a href="http://httpd.apache.org/docs/current/mod/worker.html">MPM worker <img src="images/link.png"/></a> +binaries but works, with some restrictions, also with other Apache 2.4 multi-processing modules. +The module is optimized to be used in a +<a href="http://httpd.apache.org/docs/current/mod/mod_proxy.html">reverse proxy +<img src="images/link.png"/></a> server.<p> +<p> +<small><i>Notes:<br> You should choose the <a href="https://httpd.apache.org/docs/current/mod/worker.html">worker MPM <img src="images/link.png"/></a> +if you intend to use any <a href="#connectionlevelcontrol">connection level control</a> directive. <br> + If you decide to use <a href="https://httpd.apache.org/docs/current/howto/http2.html">HTTP/2 <img src="images/link.png"/></a>, +you should only use the <a href="#requestlevelcontrol">request level control</a> directives +as mod_qos works for the hypertext transfer protocol +version 1.0 and 1.1 (RFC1945/RFC2616) only. +</i></small> +</p> +<p> +You can compile the module using +<code><a href="http://httpd.apache.org/docs/current/programs/apxs.html">apxs <img src="images/link.png"/></a></code>. +Your httpd binary must support dynamically loaded objects +(DSO). Verify this by checking the availability of mod_so: The command +<code>httpd -l</code> must list the mod_so.c module. +The following command compiles the module and installs mod_qos into the +server's modules directory. +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +<pre> +cd mod_qos-11.74/apache2 +apxs -i -c mod_qos.c -lcrypto -lpcre2-8 +cd ../.. +</pre> +</td></tr> +</table> +If the necessary header files of OpenSSL, PCRE, etc. cannot be found, add +the <code>-I</code> option to the <code>apxs</code> command to specify +the directory where header files can be found and if any of the required +libraries cannot be found (may happen if you use mod_qos without mod_ssl), +add the <code>-L</code> option to specify the directory where libraries +can be found. +<br> +<small><i>Note: you may customize the code using the following preprocessor directives:</i></small> +<table class="prept" width="780px"> +<tr> + <td> </td> + <td bgcolor="#E2EDE2">Name</td> + <td bgcolor="#E2EDE2">Description</td> + <td bgcolor="#E2EDE2">Default</td> +</tr> +<tr> + <td> </td> + <td>QS_MOD_EXT_HOOKS</td> + <td>Enables the optional hooks defined in mod_qos.h</td> + <td><i>not set</i></td> +</tr> +<tr> + <td> </td> + <td>QSLOG_CLID</td> + <td>Defines the environment variable which shall be used for the "user tracking id" (U) +within the format string used by the <a href="#QSLog"><code>QSLog</code></a> directive.</td> + <td>mod_qos_user_id</td> +</tr> +<tr> + <td> </td> + <td>QSLOG_EVENT</td> + <td>Defines the environment variable which shall be used for the "event" (Q) +within the format string used by the <a href="#QSLog"><code>QSLog</code></a> directive.</td> + <td>Event</td> +</tr> +<tr> + <td> </td> + <td>QSLOG_AVERAGE</td> + <td>Defines the environment variable which shall be used for the "average" (a) +within the format string used by the <a href="#QSLog"><code>QSLog</code></a> directive.</td> + <td>QS_AllConn</td> +</tr> +<tr> + <td> </td> + <td>QS_LOG_REPEAT</td> + <td>Counter used to define how many repetitive messages are summarized.</td> + <td>20</td> +</tr> +<tr> + <td> </td> + <td>QS_REQ_RATE_TM</td> + <td>Default for the <a href="#QS_SrvSampleRate"><code>QS_SrvSampleRate</code></a> directive.</td> + <td>5</td> +</tr> +<tr> + <td> </td> + <td>QS_EXTRA_MATCH_LIMIT</td> + <td>Match limit field used for PCRE data processing.</td> + <td>1500</td> +</tr> +</table> +</p> +<p> +The <a href="#utilities">support tools</a> may be built (at least on some +Linux platforms) using the GNU autotools. Some of these +utilities require third-party libraries such as apr, apr-util, PCRE2, +libpng, and OpenSSL. +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +<pre> +cd mod_qos-11.74/tools +./configure +make +</pre> +</td></tr> +</table> +<!-- +<small><i>Note: +If you have a different version of <code>aclocal</code> or +<code>automake</code> on your system (you get a message like +"aclocal-x.y is missing on your system"), edit the configure +script and change the <code>am__api_version</code> variable +to match the version you have installed (<code>aclocal --versions</code> +shows you which version this is). +</i></small> +--> +</p> + +<!-- DIST START --> + +<a name="source"></a> +<h2>Source Code</h2> +<p> +<a href="../apache2">mod_qos</a> is available for Apache version 2.4. +</p> + +<!-- DIST END --> +<!-- CONFIGURATION --> + +<a name="configuration"></a> +<h2>Configuration</h2> +<p>Configuration is mostly done on a per-server basis (except the +<a href="#filter">generic request</a> filter and a few other directives). +<a href="glossary.html#directives">Directives</a> within a virtual +host are merged with the settings in the global configuration. +</p> +<p> +The <code><a href="#QS_SrvMinDataRate">QS_SrvMinDataRate</a></code>, +<code><a href="#QS_SrvRequestRate">QS_SrvRequestRate</a></code>, +<code><a href="#QS_RequestHeaderFilterRule">QS_RequestHeaderFilterRule</a></code>, +<code><a href="#QS_ResponseHeaderFilterRule">QS_ResponseHeaderFilterRule</a></code>, +and all <code><a href="#clientlevelcontrol">QS_Client*</a></code> +directives may be used outside of virtual host configurations only. +</p> +<p> +<a name="QS_LogOnly"></a> +The <code>QS_LogOnly on</code> directive may be used to put mod_qos +into a permissive mode where rule violations are logged only but +requests/connections are not blocked. This may be used for test purposes.<br> +Should not be activated if you are using any +<a href="glossary.html#throughput">throughput control</a> +directive (open loop). +</p> + +<p> +<a name="requestlevelcontrol"></a> +<h3>Request Level Control</h3> +The module features directives to control server access +on a per-URL level - basically the main function of mod_qos. <br> +Only one <code>QS_Loc*</code> rule (URL string or +regular expression) of each type is evaluated per request where +regular expression rules (*Match) have higher priority +than the rules using a literal URL-string. A +<code>QS_LocRequestLimit*</code> rule may be used in parallel to a +<code>QS_LocRequestPerSecLimit*</code> and/or +<code>QS_LocKBytesPerSecLimit*</code> rule if they use the very +same URL string or regular expression. +<ul> +<li> +<a name="QS_LocRequestLimitMatch"></a> +<syntax>QS_LocRequestLimitMatch <regex> <number></syntax><br> +Defines the number of <a href="glossary.html#concurrency">concurrent</a> +requests for the specified request pattern (path and query). +The rule with the lowest number of allowed concurrent connections has the +highest priority if multiple expressions match the request. +By default, no limitations are active. +</li> +<li> +<a name="QS_LocRequestPerSecLimitMatch"></a> +<syntax>QS_LocRequestPerSecLimitMatch <regex> <number></syntax><br> +Defines the allowed number of <a href="glossary.html#requestPerSecond">requests per second</a> +to the URL (path and query) pattern. Requests are limited by +adding a delay to each request (linear). The delay calculation is based on +an average request rate measurement using a sampling rate of 10 seconds. +By default, no limitation is active. This directive should be used in +conjunction with <code><a href="#QS_LocRequestLimitMatch">QS_LocRequestLimitMatch</a></code> +only (you must use the very same regex pattern with the +<code><a href="#QS_LocRequestPerSecLimitMatch">QS_LocRequestPerSecLimitMatch</a></code> +and <code><a href="#QS_LocRequestLimitMatch">QS_LocRequestLimitMatch</a></code> +directive) to avoid too many concurrent requests. +</li> +<li> +<a name="QS_LocKBytesPerSecLimitMatch"></a> +<syntax>QS_LocKBytesPerSecLimitMatch <regex> <number></syntax><br> +Defines the allowed download <a href="glossary.html#throughput">bandwidth</a> to the location +matching the defined URL (path and query) pattern. Responses are slowed down by +adding a delay to each response (every 8kbytes). Bandwidth calculation +is based on measuring the transferred data. +By default, no limitation is active. This directive should be used +in conjunction with <code><a href="#QS_LocRequestLimitMatch">QS_LocRequestLimitMatch</a></code> +only (you must use the very same regex pattern with the +<code><a href="#QS_LocKBytesPerSecLimitMatch">QS_LocKBytesPerSecLimitMatch</a></code> and +<code><a href="#QS_LocRequestLimitMatch">QS_LocRequestLimitMatch</a></code> directive) +to avoid too many concurrent requests. +</li> +<li> +<a name="QS_LocRequestLimit"></a> +<syntax>QS_LocRequestLimit <location> <number></syntax><br> +Defines the number of <a href="glossary.html#concurrency">concurrent</a> +requests for the specified location (applied to the parsed path). +By default, no limitations are active for locations. Has lower priority than +<code><a href="#QS_LocRequestLimitMatch">QS_LocRequestLimitMatch</a></code> +directives. +</li> +<li> +<a name="QS_LocRequestLimitDefault"></a> +<syntax>QS_LocRequestLimitDefault <number></syntax><br>Defines the +default limitation for the maximum of concurrent requests per-location +for those locations not defined by any +<code><a href="#QS_LocRequestLimit">QS_LocRequestLimit</a></code> +directive. It could also be used to limit the number of concurrent +requests to a virtual host. +</li> +<li> +<a name="QS_LocRequestPerSecLimit"></a> +<syntax>QS_LocRequestPerSecLimit <location> <number></syntax><br> +Defines the allowed number of <a href="glossary.html#requestPerSecond">requests per second</a> +to a location, similar to the +<a href="#QS_LocRequestPerSecLimitMatch"><code>QS_LocRequestPerSecLimitMatch</code></a> +directive. The maximum number of requests is limited by adding a delay to +each request (linear, each request gets the same delay). By default, +no limitation is active. +This directive should be used in conjunction with +<code><a href="#QS_LocRequestLimit">QS_LocRequestLimit</a></code> only (you +must use the same location for both directives) to avoid too many +concurrent requests.. Has lower priority than +<code><a href="#QS_LocRequestPerSecLimitMatch">QS_LocRequestPerSecLimitMatch</a></code>. +</li> +<li> +<a name="QS_LocKBytesPerSecLimit"></a> +<syntax>QS_LocKBytesPerSecLimit <location> <number></syntax><br> +Throttles the download <a href="glossary.html#throughput">bandwidth</a> to the defined +kbytes per second. Works similar as the +<a href="#QS_LocKBytesPerSecLimitMatch"><code>QS_LocKBytesPerSecLimitMatch</code></a> +directive slowing down HTTP responses by adding a delay to each response. +By default, no limitation is active. This directive should be used in +conjunction with <code><a href="#QS_LocRequestLimit">QS_LocRequestLimit</a></code> only +(you must use the same location for both directives) to avoid too many +concurrent requests.. Has lower priority than +<code><a href="#QS_LocKBytesPerSecLimitMatch">QS_LocKBytesPerSecLimitMatch</a></code>. +</li> +</ul> + +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +Sample configuration:<br> +<pre> +# maximum number of active TCP connections is limited to 512 +MaxClients 512 + +# limits concurrent requests to the locations: +# - /app/a max. 200 concurrent requests +# - /app/b and /app/c (together) max. 300 concurrent requests +# - /images max. 100 concurrent requests +<a href="#QS_LocRequestLimit">QS_LocRequestLimit</a> /app/a 200 +<a href="#QS_LocRequestLimitMatch">QS_LocRequestLimitMatch</a> ^(/app/b/|/app/c/).*$ 300 +<a href="#QS_LocRequestLimit">QS_LocRequestLimit</a> /images 100 +# limits download bandwidth to 5Mbit/sec (resp. 640kbytes/sec) +# for downloads from /app/a: +<a href="#QS_LocKBytesPerSecLimit">QS_LocKBytesPerSecLimit</a> /app/a 640 +</pre> +</td></tr> +</table> +<br> + + +<a name="statuscode"></a> +<h3>Status Code and Error Page</h3> +The <code>QS_Error*</code> directives are used to control the response +given to clients whose requests have been denied. +<ul> +<li> +<a name="QS_ErrorPage"></a> +<syntax>QS_ErrorPage <URL></syntax><br>Defines an error page to be +returned when a request is denied. The defined URL must be a (S)HTML +document accessible by the client. +You may enable <a href="glossary.html#ssi">server-side includes (SSI)</a> +in order to present detailed error messages based on the +<a href="#errorlog">error codes</a> provided by mod_qos.<br> +Alternatively, a HTTP redirect (302) to a dedicated error page may be +defined using an absolute URL defining schema, hostname, and path. +</li> +<li> +<a name="QS_ErrorResponseCode"></a> +<syntax>QS_ErrorResponseCode <code></syntax><br>Defines the HTTP +response code which is used when a request is denied. Requests denied +at connection level usually get a HTTP 500 response code (ignoring +the settings of the <code>QS_ErrorResponseCode</code> and +<code><a href="#QS_ErrorPage">QS_ErrorPage</a></code> directives).<br> +Default (no custom error code or page defined) codes are:<br> + 400: if a request has no valid URL.<br> + 403: for requests denied by a <code><a href="#filter">QS_Deny*</a></code>, +<code><a href="#filter">QS_Permit*</a></code> or +<code><a href="#QS_RequestHeaderFilter">QS_RequestHeaderFilter</a></code> +directive.<br> + 413: when limiting the max. body data length by the +<code><a href="#QS_LimitRequestBody">QS_LimitRequestBody</a></code> directive.<br> + 500: for requests denied by any other directive.<br> +</li> +</ul> + +<a name="privilegedusers"></a> +<h3>Privileged Users</h3> +Additional directives are used to identify VIPs (very important persons) +and to control the session life time and its cookie format. VIP users have +privileged access and less QoS restrictions than ordinary users. <br><br> +VIP information is stored and evaluated at different levels: +<ul> +<li> +Session: VIP identification is stored using a HTTP +session cookie. mod_qos starts a new session when detecting a HTTP +response header (the header name is defined by the +<code><a href="#QS_VipHeaderName">QS_VipHeaderName</a></code> +directive). Alternatively, a new session is started when detecting an +authenticated user, see <code><a href="#QS_VipUser">QS_VipUser</a></code>. +The <code><a href="#QS_Session">QS_Session*</a></code> +directives are used to set session attributes. +</li> +<li> +Request: The <code><a href="#QS_VipRequest">QS_VipRequest</a></code> +process environment may be evaluated by mod_qos rules. This +variable is set automatically when receiving a valid mod_qos +session cookie. The <code><a href="#QS_VipRequest">QS_VipRequest</a></code> +variable may also be set by configuration using a <code><a href="#QS_SetEnvIf">QS_SetEnvIf*</a></code> +or <code><a href="http://httpd.apache.org/docs/current/mod/mod_setenvif.html#setenvif">SetEnvIf <img src="images/link.png"/></a></code> +directive. VIP status lasts for the particular +request only. +</li> +<li> +Client IP address: VIP identification may be stored at the server side +on a per-client IP address basis. +The <code><a href="#QS_VipIPHeaderName">QS_VipIPHeaderName</a></code>, +<code><a href="#QS_VipHeaderName">QS_VipHeaderName</a></code>, +<code><a href="#QS_VipIPUser">QS_VipIPUser</a></code>, and +<code><a href="#QS_VipUser">QS_VipUser</a></code> directives are used +to define when an IP address should be marked as a VIP user. +</li> +</ul> + +Directives: + +<ul> +<li> +<a name="QS_VipHeaderName"></a> +<syntax>QS_VipHeaderName <header name>[=<regex>] [drop]</syntax><br> +Defines an HTTP response header which marks a user as a VIP. mod_qos creates +a session for this user by setting a cookie, e.g., after successful user +authentication. +Tests optionally its value against the provided regular expression. +Specify the action 'drop' if you want mod_qos to remove this +control header from the HTTP response. +</li> +<li> +<a name="QS_VipIPHeaderName"></a> +<syntax>QS_VipIPHeaderName <header name>[=<regex>] [drop]</syntax><br> +Defines an HTTP response header which marks a client source IP address as +a VIP. +Tests optionally its value against the provided regular expression. +Specify the action 'drop' if you want mod_qos to remove this +control header from the HTTP response. +</li> +<li> +<a name="QS_VipUser"></a> +<syntax>QS_VipUser</syntax><br> +Creates a VIP session for users which have been authenticated by the +Apache server, e.g., by the standard mod_auth* modules. +It works similar to the <code><a href="#QS_VipHeaderName">QS_VipHeaderName</a></code> directive. +</li> +<li> +<a name="QS_VipIPUser"></a> +<syntax>QS_VipIPUser</syntax><br> +Marks a source IP address as a VIP if the user has been authenticated by the +Apache server, e.g. by the standard mod_auth* modules. It works similar to +the <code><a href="#QS_VipIPHeaderName">QS_VipIPHeaderName</a></code> directive. +</li> +<li> +<a name="QS_Session"></a> +<a name="QS_SessionTimeout"></a> +<syntax>QS_SessionTimeout <seconds></syntax><br> +Defines the session life time for a VIP. It is only used for session +based (cookie) VIP identification (not for IP based). +Default is 3600 seconds. +</li> +<a name="QS_SessionCookieName"></a> +<li> +<syntax>QS_SessionCookieName <name></syntax><br> +A cookie is used to identify requests coming from a user which has +been identified as a VIP. This directive defines a custom cookie name +for the mod_qos session cookie. Default is MODQOS. +</li> +<li> +<a name="QS_SessionCookiePath"></a> +<syntax>QS_SessionCookiePath <path></syntax><br> +Defines the cookie path. Default is "/". +</li> +<li> +<a name="QS_SessionKey"></a> +<syntax>QS_SessionKey <string></syntax><br> +Secret key used for cookie encryption. This key must be defined +when using the same session cookie for multiple web servers +(load balancing) or the sessions should survive a server restart. +By default, a random key is used which changes every server restart. +</li> +</ul> + +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +Sample configuration:<br> +<pre> +<a href="#QS_ErrorPage">QS_ErrorPage</a> /error-docs/qs_error.html + +# restricts max concurrent requests for any location which has no +# individual rule: +<a href="#QS_LocRequestLimitDefault">QS_LocRequestLimitDefault</a> 200 + +# limits access to *.gif files to 100 concurrent requests: +<a href="#QS_LocRequestLimitMatch">QS_LocRequestLimitMatch</a> "^.*\.gif$" 100 + +# limits concurrent requests to the locations /images and /app/a: +<a href="#QS_LocRequestLimit">QS_LocRequestLimit</a> /images 100 +<a href="#QS_LocRequestLimit">QS_LocRequestLimit</a> /app/a 300 +# limits download bandwidth to 5Mbit/sec: +<a href="#QS_LocKBytesPerSecLimit">QS_LocKBytesPerSecLimit</a> /app/a 640 + +# two locations (/app/b and /app/c) representing a single application: +<a href="#QS_LocRequestLimitMatch">QS_LocRequestLimitMatch</a> "^(/app/b/|/app/c/).*$" 300 + + +# allows the application to nominate VIP users by sending a +# "mod-qos-vip" HTTP response header: +<a href="#QS_VipHeaderName">QS_VipHeaderName</a> mod-qos-vip +<a href="#QS_SessionKey">QS_SessionKey</a> na&5san-sB.F4_0a=%VBEBahXT1 +</pre> +</td></tr> +</table> +<br> + +<a name="privilegedusers_list"></a> +The following table shows if a rules may be deactivated for VIPs: +<table class="btable" width="280px"> +<tr><td>QS_ClientEventBlockCount</td><td>no</td></tr> +<tr><td>QS_ClientEventLimitCount</td><td>no</td></tr> +<tr><td>QS_ClientEventPerSecLimit</td><td>no</td></tr> +<tr><td>QS_ClientEventRequestLimit</td><td>no</td></tr> +<tr><td>QS_ClientPrefer</td><td>yes</td></tr> +<tr><td>QS_ClientSerialize</td><td>no</td></tr> +<tr><td>QS_ClientGeoCountryPriv</td><td>no</td></tr> +<tr><td>QS_CondLocRequestLimitMatch</td><td>yes</td></tr> +<tr><td>QS_CondEventLimitCount</td><td>no</td></tr> +<tr><td>QS_CondClientEventLimitCount</td><td>no</td></tr> +<tr><td>QS_DenyQueryBody</td><td>no</td></tr> +<tr><td>QS_PermitUriBody</td><td>no</td></tr> +<tr><td>QS_DenyEvent</td><td>no</td></tr> +<tr><td>QS_DenyPath</td><td>no</td></tr> +<tr><td>QS_DenyQuery</td><td>no</td></tr> +<tr><td>QS_DenyRequestLine</td><td>no</td></tr> +<tr><td>QS_EventKBytesPerSecLimit</td><td>yes</td></tr> +<tr><td>QS_EventPerSecLimit</td><td>yes</td></tr> +<tr><td>QS_EventRequestLimit</td><td>no</td></tr> +<tr><td>QS_EventLimitCount</td><td>no</td></tr> +<tr><td>QS_InvalidUrlEncoding</td><td>no</td></tr> +<tr><td>QS_LimitRequestBody</td><td>no</td></tr> +<tr><td>QS_LocKBytesPerSecLimit(Match)</td><td>yes</td></tr> +<tr><td>QS_LocRequestLimit(Match)</td><td>yes</td></tr> +<tr><td>QS_LocRequestPerSecLimit(Match)</td><td>yes</td></tr> +<tr><td>QS_MileStone</td><td>no</td></tr> +<tr><td>QS_RedirectIf</td><td>no</td></tr> +<tr><td>QS_PermitUri</td><td>no</td></tr> +<tr><td>QS_RequestHeaderFilter</td><td>no</td></tr> +<tr><td>QS_ResponseHeaderFilter</td><td>no</td></tr> +<tr><td>QS_SrvMaxConn</td><td>yes</td></tr> +<tr><td>QS_SrvMaxConnClose</td><td>no</td></tr> +<tr><td>QS_SrvMaxConnPerIP</td><td>yes*</td></tr> +<tr><td>QS_SrvMinDataRate</td><td>yes*</td></tr> +<tr><td>QS_SrvSerialize</td><td>no</td></tr> +<tr><td> </td><td> </td></tr> +</table> +<small><i>Notes:<br> + Directives marked by "*" allow you to disable VIP support.<br> + Event based or conditional rules may evaluate the +<a href="#QS_VipRequest">QS_VipRequest</a> and +<a href="#QS_IsVipRequest">QS_IsVipRequest</a> variables to decide +if the rule should be applied.</i></small> +<br> +<a name="variables"></a> +<h3>Variables</h3> +<a href="glossary.html#variables">Environment variables</a> are used on a per +request level and implement additional control mechanisms. Variables may be set +using the standard Apache module +<a href="http://httpd.apache.org/docs/current/mod/mod_setenvif.html">mod_setenvif <img src="images/link.png"/></a> or +<a href="http://modsetenvifplus.sourceforge.net/">mod_setenvifplus <img src="images/link.png"/></a>. +See also the <a href="#eventcontrol"> +<code><a href="#QS_SetEnvIf">QS_SetEnvIf*</a></code></a> directives in order to combine multiple +variables to form new variables interpreted by mod_qos rules. <br> +<br> +These are the variables recognized by mod_qos: +<ul> +<li> +<a name="QS_ErrorPage_Var"></a> +<syntax>QS_ErrorPage=<URL></syntax><br> +Defines the error page overriding the setting made by the +<code><a href="#QS_ErrorPage">QS_ErrorPage</a></code> directive. +</li> +<li> +<a name="QS_VipRequest"></a> +<syntax>QS_VipRequest=yes</syntax><br> +Disables some restrictions for this request (see <a href="#privilegedusers">privileged Users</a>). +Requires the definition of a VIP header using the +<code><a href="#QS_VipHeaderName">QS_VipHeaderName</a></code> directive +(this activates VIP verification). However, such an event does +not create a VIP session. The user has the VIP status only for +a single request. <br>The variable is set by mod_qos when +receiving a valid VIP <a href="#QS_SessionCookieName">session cookie</a>. +</li> +<li> +<a name="QS_KeepAliveTimeout"></a> +<syntax>QS_KeepAliveTimeout=<seconds></syntax><br> +Applies dynamic connection keep-alive settings overriding the Apache +<code><a href="http://httpd.apache.org/docs/current/mod/core.html#keepalivetimeout">KeepAliveTimeout <img src="images/link.png"/></a></code> directive settings. +</li> +<li> +<a name="QS_MaxKeepAliveRequests"></a> +<syntax>QS_MaxKeepAliveRequests=<number></syntax><br> +Applies dynamic connection keep-alive settings overriding the Apache +<code><a href="http://httpd.apache.org/docs/current/mod/core.html#maxkeepaliverequests">MaxKeepAliveRequests <img src="images/link.png"/></a></code> directive settings. +</li> +<li> +<a name="QS_Timeout"></a> +<syntax>QS_Timeout=<seconds></syntax><br> +Alters the I/O timeout (while reading the request body / writing the response) +of the current request overriding the Apache +<code><a href="http://httpd.apache.org/docs/current/mod/core.html#timeout">TimeOut <img src="images/link.png"/></a></code> +directive settings. +</li> +<li> +<a name="QS_Set_DSCP"></a> +<syntax>QS_Set_DSCP=<value></syntax><br> +Variable used to set the IP differentiated services code points +(DiffServ / RFC 2474). This allows you to classify the network +traffic when sending the response data to the client. "value" +represents the 6-bit DSCP field as a decimal number (0 to 63).<br> +Commonly used values: +<small> +<table class="btable"> +<tr><td>DSCP</td><td>Class</td><td> </td> <td>DSCP</td><td>Class</td></tr> +<tr><td>0</td><td>none</td><td> </td> <td>8</td><td>Class selector 1</td></tr> +<tr><td>10</td><td>Assured forwarding 11</td><td> </td> <td>12</td><td>Assured forwarding 12</td></tr> +<tr><td>14</td><td>Assured forwarding 13</td><td> </td> <td>16</td><td>Class selector 2</td></tr> +<tr><td>18</td><td>Assured forwarding 21</td><td> </td> <td>20</td><td>Assured forwarding 22</td></tr> +<tr><td>22</td><td>Assured forwarding 23</td><td> </td> <td>24</td><td>Class selector 3</td></tr> +<tr><td>26</td><td>Assured forwarding 31</td><td> </td> <td>28</td><td>Assured forwarding 32</td></tr> +<tr><td>30</td><td>Assured forwarding 33</td><td> </td> <td>32</td><td>Class selector 4</td></tr> +<tr><td>34</td><td>Assured forwarding 41</td><td> </td> <td>36</td><td>Assured forwarding 42</td></tr> +<tr><td>38</td><td>Assured forwarding 43</td><td> </td> <td>40</td><td>Class selector 5</td></tr> +<tr><td>44</td><td>Voice admit</td><td> </td> <td>46</td><td>Expedited forwarding</td></tr> +<tr><td>48</td><td>Class selector 6</td><td> </td> <td>56</td><td>Class selector 7</td></tr> +</table> +</small> +</li> +<li> +<a name="QS_Delay"></a> +<syntax>QS_Delay=<milliseconds></syntax><br> +Defines a number of milliseconds to delay the request processing. +</li> +<li> +<a name="QS_Event"></a> +<syntax>QS_Event</syntax><br> +The variable processed by the <code><a href="#QS_ClientEventPerSecLimit">QS_ClientEventPerSecLimit</a></code> directive. +</li> +<li> +<a name="QS_Block"></a> +<syntax>QS_Block[=<number>]</syntax><br> +Variable processed by the <code><a href="#QS_ClientEventBlockCount">QS_ClientEventBlockCount</a></code> +directive.<br> +The optional <code>number</code> value defines the penalty points to +increase the counter (default is 1). +</li> +<li> +<a name="QS_Limit"></a> +<syntax>QS_Limit[=<number>]</syntax><br> +(Default) variable processed by the +<code><a href="#QS_ClientEventLimitCount">QS_ClientEventLimitCount</a></code> +directive.<br> +The optional <code>number</code> value defines the penalty points to +increase the counter (default is 1). +</li> +<li> +<a name="_Clear"></a> +<syntax>*_Clear</syntax><br> +The counter of the variable processed by the +<code><a href="#QS_ClientEventLimitCount">QS_ClientEventLimitCount</a></code> +directive is reset if you set the same variable suffixed by <code>_Clear</code>, +e.g. <code>QS_Limit_Clear</code>. +</li> +<li> +<a name="_Decrement"></a> +<syntax>*_Decrement</syntax><br> +The counter of the variable processed by the +<code><a href="#QS_EventLimitCount">QS_EventLimitCount</a></code>, +<code><a href="#QS_CondEventLimitCount">QS_CondEventLimitCount</a></code>, +<code><a href="#QS_ClientEventLimitCount">QS_ClientEventLimitCount</a></code>, +<code><a href="#QS_CondClientEventLimitCount">QS_CondClientEventLimitCount</a></code>, and +<code><a href="#QS_ClientEventBlockCount">QS_ClientEventBlockCount</a></code> +directives +is decremented by the value set in the same variable suffixed by <code>_Decrement</code>, +e.g. <code>QS_Limit_Decrement=1</code> decrements the value of the <code>QS_Limit</code> +variable of the corresponding +<code><a href="#QS_ClientEventLimitCount">QS_ClientEventLimitCount</a></code> +rule by 1. The variable is evaluated at the end of the request processing. +</li> +<li> +<a name="QS_Serialize"></a> +<syntax>QS_Serialize</syntax><br> +Variable processed by the <code><a href="#QS_ClientSerialize">QS_ClientSerialize</a></code> +directive. +</li> +<li> +<a name="QS_SrvSerialize_var"></a> +<syntax>QS_SrvSerialize</syntax><br> +Variable processed by the <code><a href="#QS_SrvSerialize">QS_SrvSerialize</a></code> +directive. +</li> +<li> +<a name="QS_Cond"></a> +<syntax>QS_Cond</syntax><br> +Variable processed by the <code><a href="#QS_CondLocRequestLimitMatch">QS_CondLocRequestLimitMatch</a></code>, +<code><a href="#QS_CondEventLimitCount">QS_CondEventLimitCount</a></code>, and +<code><a href="#QS_CondClientEventLimitCount">QS_CondClientEventLimitCount</a></code> directives. +</li> +<li> +<a name="QS_EventRequest"></a> +<syntax>QS_EventRequest</syntax><br> +Variable processed by the <code><a href="#QS_ClientEventRequestLimit">QS_ClientEventRequestLimit</a></code> directive. +</li> +</ul> + +Variables set by mod_qos which may be processed by conditional or event based +rules, e.g., +<code><a href="#QS_CondLocRequestLimitMatch">QS_CondLocRequestLimitMatch</a></code>: +<ul> +<li> +<a name="QS_SrvConn"></a> +<syntax>QS_SrvConn</syntax><br> +Number of <a href="glossary.html#concurrency">concurrent</a> +connections for this server/virtual host. Value is set +when using either the <code><a href="#QS_SrvMaxConn">QS_SrvMaxConn</a></code>, +<code><a href="#QS_SrvMinDataRate">QS_SrvMinDataRate</a></code>, +<code><a href="#QS_SrvMaxConnClose">QS_SrvMaxConnClose</a></code>, or +<code><a href="#QS_ClientGeoCountryDB">QS_ClientGeoCountryDB</a></code> +directive. <br> +<small><i>Note: value is calulcated when the client establishes the connection +and remains the same for all HTTP requests performed on this connection.</i></small> +</li> +<li> +<a name="QS_AllConn"></a> +<syntax>QS_AllConn</syntax><br> +Number of all concurrent connections for this Apache instance. Value is set +when using either the <code><a href="#QS_SrvMaxConn">QS_SrvMaxConn</a></code>, +<code><a href="#QS_SrvMinDataRate">QS_SrvMinDataRate</a></code>, +<code><a href="#QS_SrvMaxConnClose">QS_SrvMaxConnClose</a></code>, or +<code><a href="#QS_ClientGeoCountryDB">QS_ClientGeoCountryDB</a></code> +directive. <br> +<small><i>Note: value is calulcated when the client establishes the connection +and remains the same for all HTTP requests performed on this connection.</i></small> +</li> +<li> +<a name="QS_IPConn"></a> +<syntax>QS_IPConn</syntax><br> +Number of IP connections open from the current IP address. Variable is +available when using the <code><a href="#QS_SrvMaxConnPerIP">QS_SrvMaxConnPerIP</a></code> +directive. <br> +<small><i>Note: value is calulcated when the client establishes the connection +and remains the same for all HTTP requests performed on this connection.</i></small> +</li> +<li> +<a name="QS_ClientLowPrio"></a> +<syntax>QS_ClientLowPrio</syntax><br> +The variable is set for connections by clients which have been marked to be +processed with low priority, see <code><a href="#QS_ClientPrefer">QS_ClientPrefer</a></code>. +The variable's value is determined when the client opens a new connection and +its value represents the status flag of the tracked client attributes +(hexadecimal). <a href="#privilegedusers">VIP</a> status is ignored and +the variable is always set even the IP has been marked as being VIP. +</li> +<li> +<a name="QS_IsVipRequest"></a> +<syntax>QS_IsVipRequest</syntax><br> +Variable is set when detecting a <a href="#privilegedusers">VIP</a> request +(either by cookie, IP address status, valid user, etc.). May be used by +various event based directives. +</li> +<li> +<a name="_Counter"></a> +<syntax>*_Counter</syntax><br> +The counter values of the variables used by the +<code><a href="#QS_ClientEventLimitCount">QS_ClientEventLimitCount</a></code> +and <code><a href="#QS_EventLimitCount">QS_EventLimitCount</a></code> +directive are stored within the variable whose name is suffixed by +<code>_Counter</code>, e.g. <code>QS_Limit_Counter</code> when limiting +<code><a href="#QS_Limit">QS_Limit</a></code> events. +</li> +<li> +<a name="QS_ErrorNotes"></a> +<syntax>QS_ErrorNotes</syntax><br> +The error code (number only) of a mod_qos <a href="#errorlog">log message</a> +that has occurred during a request. +</li> +<li> +<a name="QS_Country"></a> +<syntax>QS_Country</syntax><br> +ISO 3166 country code of client IPv4 address. Only available if the +<a href="#QS_ClientGeoCountryDB">geographical database</a> file has been loaded.<br> +<small><i>Note: You may use the <code>QS_ClientIpFromHeader <header></code> +directive to override the client's IP address based on the value within the defined +HTTP request header (e.g., X-Forwarded-For) instead of taking the IP address of +the client which has opened the TCP connection.</i></small> +</li> +<!--<li> +<syntax>QS_RuleId</syntax><br> +ID of the matching <code>QS_Deny*</code> rule. +</li>--> +</ul> + +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +Sample of variable usage:<br> +<pre> +# privileged access for curl clients: +BrowserMatch "curl" <a href="#QS_VipRequest">QS_VipRequest</a>=yes + +# allows privileged access to a single resource: +SetEnvIf Request_URI /app/start.html <a href="#QS_VipRequest">QS_VipRequest</a>=yes + +# allows privileged access from a specified source address +# or source address range: +SetEnvIf Remote_Addr 172.18.3.32 <a href="#QS_VipRequest">QS_VipRequest</a>=yes +SetEnvIf Remote_Addr 192.168.10. <a href="#QS_VipRequest">QS_VipRequest</a>=yes + +# set keep-alive timeout for MSIE version 5.x browser to 65 seconds: +BrowserMatch "(MSIE 5\.)" <a href="#QS_KeepAliveTimeout">QS_KeepAliveTimeout</a>=65 + +# dynamic error page URL (per host error page): +SetEnvIf Host ^([a-zA-Z0-9_\.\-]+) <a href="#QS_ErrorPage">QS_ErrorPage</a>=/error-docs/$1.html +# external redirect to a sever hosting the error page: +SetEnvIf Request_URI /app <a href="#QS_ErrorPage">QS_ErrorPage</a>=http://your.server.name/error.html +</pre> +</td></tr> +</table> +<a name="QS_LogEnv"></a> +<small><i>Note: The <code>QS_LogEnv</code> directive can be used to enable environment variable logging. mod_qos +writes all environment variables which are set when entering a <a href="glossary.html#directives">handler</a> +to the log.</i></small> +<br> + +<a name="conditionalrules"></a> +<h3>Conditional Rules</h3> +Conditional rules are only enforced if the <code><a href="#QS_Cond">QS_Cond</a></code> +variable matches the specified pattern. +<ul> +<li> +<a name="QS_CondLocRequestLimitMatch"></a> +<syntax>QS_CondLocRequestLimitMatch <regex> <number> <condition></syntax><br> +Rule works similar to <a href="#QS_LocRequestLimitMatch"><code>QS_LocRequestLimitMatch</code></a> +but it is only enforced for requests whose <code><a href="#QS_Cond">QS_Cond</a></code> +variable matches the specified condition (regular expression). Every request +matching the defined pattern is counted, but the defined limitation is only +enforced for those requests matching the specified condition. <br> +Only one <code>QS_CondLocRequestLimitMatch</code> rule is evaluated per request. +</li> +<li> +<a name="QS_CondEventLimitCount"></a> +<syntax>QS_CondEventLimitCount <env-variable> <number> <seconds> <pattern></syntax><br> +Same as <code><a href="#QS_EventLimitCount">QS_EventLimitCount</a></code> but +requests are only blocked if the value of the +<code><a href="#QS_Cond">QS_Cond</a></code> +variable matches the defined pattern (regex). +</li> +<li> +<a name="QS_CondClientEventLimitCount"></a> +<syntax>QS_CondClientEventLimitCount <number> <seconds> <variable> <pattern></syntax><br> +Defines the maximum number of the specified environment variable +allowed within the defined time. Directive works similar as +<a href="#QS_ClientEventLimitCount"><code>QS_ClientEventLimitCount</code></a> +but requests are only blocked if the value of the <code><a href="#QS_Cond">QS_Cond</a></code> +variable matches the defined pattern (regex). Directive is allowed +in global server context only. <br> +</li> +</ul> + +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +Sample of conditional rules:<br> +<pre> +# set the conditional variable to spider if detecting a +# "slurp" or "googlebot" search engine: +BrowserMatch "slurp" <a href="#QS_Cond">QS_Cond</a>=spider +BrowserMatch "googlebot" <a href="#QS_Cond">QS_Cond</a>=spider + +# limits the number of concurrent requests to two applications +# (/app/b and /app/c) to 300 but does not allow access by a "spider" +# if the number of concurrent requests exceeds the limit of 10: +<a href="#QS_LocRequestLimitMatch">QS_LocRequestLimitMatch</a> "^(/app/b/|/app/c/).*$" 300 +<a href="#QS_LocRequestLimitMatch">QS_CondLocRequestLimitMatch</a> "^(/app/b/|/app/c/).*$" 10 spider +</pre> +</td></tr> +</table> + +<a name="eventcontrol"></a> +<h3>Events</h3> +mod_qos may control the frequency of "events". An event may be any +request attribute which can be represented by an +<a href="glossary.html#variables">environment variable</a>. +Such variables may be set by +<a href="http://httpd.apache.org/docs/current/mod/mod_setenvif.html">mod_setenvif <img src="images/link.png"/></a>, +<a href="http://modsetenvifplus.sourceforge.net/">mod_setenvifplus <img src="images/link.png"/></a>, or +by other Apache modules. +Please consider the <a href="glossary.html#directives">order of command execution</a> +to ensure that the necessary variables are set. + +<ul> +<li> +<a name="QS_EventRequestLimit"></a> +<syntax>QS_EventRequestLimit <env-variable>[=<regex>] <number></syntax><br> +Defines the number of <a href="glossary.html#concurrency">concurrent</a> events. +Directive works similar to +<code><a href="#QS_LocRequestLimit">QS_LocRequestLimit</a></code>, but +counts the requests having the same environment variable (and optionally +matching its value, too) rather than those that have the same URL pattern. +<br><small><i>Note: The counter's value is stored in the environment variable +QS_EventRequestLimit_<env-variable>_Counter. +</i></small> +</li> +<li> +<a name="QS_EventPerSecLimit"></a> +<syntax>QS_EventPerSecLimit [!]<env-variable> <number></syntax><br> +Defines how often requests may have the defined environment variable +(literal string) set. It measures the occurrences of the defined +environment variable on a <a href="glossary.html#requestPerSecond">request per seconds</a> +level and tries to limit this occurrence to the defined number. It works similar as +<a href="#QS_LocRequestPerSecLimit"><code>QS_LocRequestPerSecLimit</code></a>, +but counts only the requests with the specified variable (or without it +if the variable name is prefixed by a "!"). If a request matches +multiple events, the rule with the lowest bandwidth is applied. +Events are limited by adding a delay to each request causing an +event. +</li> +<li> +<a name="QS_EventKBytesPerSecLimit"></a> +<syntax>QS_EventKBytesPerSecLimit [!]<env-variable> <number></syntax><br> +Throttles the download <a href="glossary.html#throughput">bandwidth</a> +of all requests having the defined variable set to the defined +kbytes per second. Responses are slowed by adding a delay to each +response (every 8kbytes). The delay calculation +is based on an average request rate measurement. +By default, no limitation is active. +This directive should be used in conjunction with +<code><a href="#QS_EventRequestLimit">QS_EventRequestLimit</a></code> +only (you must use the same variable name for both directives) to avoid too many +concurrent requests. +</li> +<li> +<a name="QS_EventLimitCount"></a> +<syntax>QS_EventLimitCount <env-variable> <number> <seconds></syntax><br> +Defines the maximum <a href="glossary.html#repeat">number of events allowed within the defined time</a>. +Requests causing the event are denied when reaching this limitation for the specified time +(blocked at request level).<br> +<small><i>Notes:<ul> +<li>The current counter value is propagated to the process environment within +the variable <code><env-variable><a href="#_Counter">_Counter</a></code>.</li> +<li>See also <a href="#QS_CondEventLimitCount"><code>QS_CondEventLimitCount</code></a> +if you want to enforce a rule under certain conditions only.</li> +<li>The event counter can be decremented by setting the environment +<code><env-variable><a href="#_Decrement">_Decrement</a></code>.</li> +</ul> +</i></small> +</li> +</ul> +Mulpiple built-in directives may be used to set or detect events (additional +event variable processing could be configured using +<a href="http://httpd.apache.org/docs/current/mod/mod_setenvif.html">mod_setenvif <img src="images/link.png"/></a> or +<a href="http://modsetenvifplus.sourceforge.net/">mod_setenvifplus <img src="images/link.png"/></a>). +<ul> +<li> +<a name="QS_SetEnvIf"></a> +<syntax>QS_SetEnvIf [!]<env-variable1> [!]<env-variable2> [!]<env-variable=value></syntax><br> +Sets (or unsets) the environment "variable=value" (literal string) if variable1 (literal +string) AND variable2 (literal string) are set in the request environment +variable list (not case sensitive). This is used to combine multiple +variables to a new event type.<br> +This directive may be used on a per-server or +<a href="http://httpd.apache.org/docs/current/mod/core.html.en#location">location <img src="images/link.png"/></a> +basis. +</li> +<li> +<a name="QS_SetEnvIfMatch"></a> +<syntax>QS_SetEnvIf <env-variable1>=<regex> [!]<env-variable>=<value></syntax><br> +Sets the environment variable if the environment variable1's value +matches the defined regular expression. <code>$1</code>..<code>$9</code> +within the value and are replaced by parenthesized subexpressions +of the regular expression.<br> +This directive may be used on a per-server or +<a href="http://httpd.apache.org/docs/current/mod/core.html.en#location">location <img src="images/link.png"/></a> +basis. +</li> +<li> +<a name="QS_SetEnv"></a> +<syntax>QS_SetEnv <env-variable> <value></syntax><br> +Sets the defined variable with the value where the value string may contain +other environment variables surrounded by "${" and "}". The variable is only +set if all defined variables within the value have been resolved. +</li> +<li> +<a name="QS_SetEnvIfQuery"></a> +<syntax>QS_SetEnvIfQuery <regex> [!]<env-variable>[=<value>]</syntax><br> +Directive works quite similar to the +<code><a href="http://httpd.apache.org/docs/current/mod/mod_setenvif.html#setenvif">SetEnvIf <img src="images/link.png"/></a></code> +directive of the Apache module +<a href="http://httpd.apache.org/docs/current/mod/mod_setenvif.html">mod_setenvif <img src="images/link.png"/></a>, +but the specified regex is applied against the query string +portion of the request line. The directive recognizes +the occurrences of $1..$9 within value and replaces them +by the sub-expressions of the defined regex pattern.<br> +This directive may be used on a per-server or +<a href="http://httpd.apache.org/docs/current/mod/core.html.en#location">location <img src="images/link.png"/></a> +basis. +</li> +<a name="QS_SetEnvIfCmp"></a> +<li> +<syntax>QS_SetEnvIfCmp <env-variable1> eq|ne|gt|lt <env-variable2> [!]<env-variable>[=<value>]</syntax><br> +Sets the defined environment variable if the specified env-variables[1|2] +are numerical or alphabetically (case insensitive) equal (<code>eq</code>), +not equal (<code>ne</code>) greater (<code>gt</code>), or less (<code>lt</code>).<br> +This directive may be used on a per-<a href="http://httpd.apache.org/docs/current/mod/core.html.en#location">location <img src="images/link.png"/></a> +basis only.</li> +<li> +<a name="QS_SetEnvIfParp"></a> +<syntax>QS_SetEnvIfParp <regex> [!]<env-variable>[=<value>]</syntax><br> +Directive parsing the request payload using the Apache module +<a href="http://parp.sourceforge.net">mod_parp <img src="images/link.png"/></a>. It matches +the request URL query and the HTTP request message body data as well +(<code>application/x-www-form-urlencoded</code>, +<code>multipart/form-data</code>, and <code>multipart/mixed</code>) +and sets the defined process variable (quite similar to the +<code><a href="#QS_SetEnvIfQuery">QS_SetEnvIfQuery</a></code> directive). +The directive recognizes the occurrences of $1..$9 within +value and replaces them by the sub-expressions +of the defined regex pattern. This directive activates +mod_parp for every request to the virtual host. +You may deactivate mod_parp for selected requests using the +<code><a href="http://httpd.apache.org/docs/current/mod/mod_setenvif.html#setenvif">SetEnvIf <img src="images/link.png"/></a></code> +or <code><a href="http://modsetenvifplus.sourceforge.net/#SetEnvIfPlus">SetEnvIfPlus <img src="images/link.png"/></a></code> +directive: unset the variable "parp" to do so. +Important: request message body processing requires that the server +loads the whole request into its memory (at least twice the length +of the message). You should limit the allowed size of the HTTP +request message body using the <code><a href="#QS_LimitRequestBody">QS_LimitRequestBody</a></code> directive +when using <code><a href="#QS_SetEnvIfParp">QS_SetEnvIfParp</a></code>! +</li> +<li> +<a name="QS_SetEnvIfBody"></a> +<syntax>QS_SetEnvIfBody <regex> [!]<env-variable>[=<value>]</syntax><br> +Directive parsing the request body using the Apache module +<a href="http://parp.sourceforge.net">mod_parp <img src="images/link.png"/></a>. Specify the content +types to process using the mod_parp directive +<code><a href="http://parp.sourceforge.net/#PARP_BodyData">PARP_BodyData <img src="images/link.png"/></a></code> +and ensure that mod_parp is enabled using the +<code><a href="http://httpd.apache.org/docs/current/mod/mod_setenvif.html#setenvif">SetEnvIf <img src="images/link.png"/></a></code> +or <code><a href="http://modsetenvifplus.sourceforge.net/#SetEnvIfPlus">SetEnvIfPlus <img src="images/link.png"/></a></code> +directive. +You should limit the allowed size of HTTP requests message body +using the <code><a href="#QS_LimitRequestBody">QS_LimitRequestBody</a></code> +directive when using mod_parp. The directive recognizes the occurrence of $1 +within the variable value and replaces it by the sub-expressions of the +defined regex pattern. The regular expressions is case insensitive. +</li> +<li> +<a name="QS_SetEnvIfStatus"></a> +<syntax>QS_SetEnvIfStatus <code> <env-variable>[=<value>]</syntax><br> +Sets the defined variable in the request environment if the HTTP +response status code matches the defined code. Default value is the status code, but +you might override this by any other value. +Directive may be used on a per-server or per-location basis. <br> +A possible use case for this directive is the prevention of +repetitive occurrence of unwanted response status codes in +conjunction with the +<code><a href="#QS_ClientEventBlockCount">QS_ClientEventBlockCount</a></code> or +<code><a href="#QS_ClientEventLimitCount">QS_ClientEventLimitCount</a></code> +directive. <br> +When using the special variable <code><a href="#QS_Block">QS_Block</a></code>, its +value is set to "1" by default. There are also four "special codes" available to +set the <code><a href="#QS_Block">QS_Block</a></code> event: +<ul> +<li><a name="QS_SrvMinDataRate_var"></a> +<code><a href="#QS_SrvMinDataRate">QS_SrvMinDataRate</a></code> may be used +to set <code><a href="#QS_Block">QS_Block</a></code> events in order to limit the +allowed number of <a href="#QS_SrvMinDataRate"><code>QS_SrvMinDataRate</code></a> +rule violations.</li> +<li><a name="QS_SrvMaxConnPerIP_var"></a> +<code><a href="#QS_SrvMaxConnPerIP">QS_SrvMaxConnPerIP</a></code> may be used +to increment the <code><a href="#QS_Block">QS_Block</a></code> +event when closing connections due to the reach of the limitation configured +by the <a href="#QS_SrvMaxConnPerIP"><code>QS_SrvMaxConnPerIP</code></a> directive.</li> +<li><a name="NullConnection"></a> +<code>NullConnection</code> detects connections +which are closed even no HTTP request has been received. <br> +<small><i>Note: The <code>NullConnection</code> event may happen silently (no log +message) expect when using <code><a href="http://httpd.apache.org/docs/current/mod/core.html#loglevel">LogLevel <img src="images/link.png"/></a></code> "debug". +The parameter may be used to defend against SSL DoS attacks. <!-- "defend against SSL DoS attacks" is a MARKER --> +Please pay attention to the fact that unused speculative TCP pre-connections of +browsers may unintentionally cause this event as well.</i></small></li> +<li><a name="BrokenConnection"></a> +<code>BrokenConnection</code> may be used +to mark clients aborting the TCP connection before reading the whole HTTP +response.<br> +<small><i>Note: Connections may also be aborted by mod_qos if client reads +the response too slow.</i></small></li> +</ul> +</li> +<li> +<a name="QS_SetEnvIfResBody"></a> +<syntax>QS_SetEnvIfResBody <string> [!]<env-variable></syntax><br> +Adds the defined environment variable (e.g., <code><a href="#QS_Block">QS_Block</a></code>) +if the response body contains the defined literal string. Used on a per- +<a href="http://httpd.apache.org/docs/current/mod/core.html.en#location">location <img src="images/link.png"/></a> +level. Only one directive may be defined per-location +(one search string per response). Prefixing the variably by a "!" +lets the variable being removed (unset). You may set the <code>QS_SetEnvIfResBodyIgnore</code> +environment variable if you want mod_qos to skip (not parsing) a request's response +body. +</li> +<li> +<a name="QS_SetEnvRes"></a> +<syntax>QS_SetEnvRes <env-variable> <regex> <env-variable2>[=<value>]</syntax><br> +Sets the environment variable (env-variable2) if the regular expression (regex) matches +against the value of the environment variable (env-variable). Occurrences of $1..$9 within +the value are replaced by parenthesized subexpressions of the regular expression. +</li> +<li> +<a name="QS_SetReqHeader"></a> +<syntax>QS_SetReqHeader [!]<header name> <env-variable> [late]</syntax><br> +Sets the defined HTTP request header with the value of the specified +environment variable if the variable is available.<br> +The header is unset (removed from the request) if the header name is prefixed by a "!". +</li> +<li> +<a name="QS_SetEnvResHeader"></a> +<syntax>QS_SetEnvResHeader <header name> [drop]</syntax><br> +Sets the defined HTTP response header (name and value) to the request environment variables. +Deletes the specified header if the action 'drop' has been specified. +</li> +<li> +<a name="QS_SetEnvResHeaderMatch"></a> +<syntax>QS_SetEnvResHeaderMatch <header name> <regex></syntax><br> +Sets the defined HTTP response header (name and value) to the request environment variables if +the specified regular expression (pcre, not case sensitive) matches +the header value. +</li> +<li> +<a name="QS_UnsetReqHeader"></a> +<syntax>QS_UnsetReqHeader <header name></syntax><br> +The request header of this name is removed. +</li> +<li> +<a name="QS_UnsetResHeader"></a> +<syntax>QS_UnsetResHeader <header name></syntax><br> +The response header of this name is removed. +</li> +<li> +<a name="QS_RedirectIf"></a> +<syntax>QS_RedirectIf <variable> <regex> [<code>:]<url></syntax><br> +Redirects the client to the configured url if the regular expression (case insensitive) +matches the value of the the environment variable. Occurrences of $1..$9 +within the url are replaced by parenthesized subexpressions of the +regular expression. The default status code used by this directive is 302 +but you may prefix the url parameter by <i>307:</i> or <i>301:</i> to change +it to a "307 Temporary Redirect" or "301 Moved Permanently" response. +Directive may be used on a per-server or per-location basis. +</li> +</ul> + +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +Sample of event rules:<br> +<pre> +# marks clients coming from the internal network: +SetEnvIf Remote_Addr ^192\.168\. QS_Intra + +# marks clients neither coming from the internal network +# nor are VIP clients as low priority clients: +<a href="#QS_SetEnvIf">QS_SetEnvIf</a> !<a href="#QS_VipRequest">QS_VipRequest</a> !QS_Intra QS_LowPrio=1 + +# limits the request rate for low priority (neither VIP nor internal) +# clients (and no more than 400 concurrent requests for them): +<a href="#QS_EventPerSecLimit">QS_EventPerSecLimit</a> QS_LowPrio 100 +<a href="#QS_EventRequestLimit">QS_EventRequestLimit</a> QS_LowPrio 400 + +# detects the variable "file" within the query portion of the URL: +<a href="#QS_SetEnvIfQuery">QS_SetEnvIfQuery</a> file=([a-zA-Z]*) QS_LowPrio=$1 + +# combine variables and propagate them to the application via HTTP header: +SetEnvIf Content-Length ([0-9]*) QS_Length=$1 +<a href="#QS_SetEnv">QS_SetEnv</a> QS_Type "length=${QS_Length}; file=${QS_LowPrio}" +<a href="#QS_SetReqHeader">QS_SetReqHeader</a> X-File QS_Type + +# limit the max. body size since mod_parp loads the whole message into +# the memory servers's: +<a href="#QS_LimitRequestBody">QS_LimitRequestBody</a> 131072 + +# body pattern detection, example limits the maximum number of concurrent +# requests posting "id=1234" to ten: +<a href="#QS_SetEnvIfParp">QS_SetEnvIfParp</a> id=([0-9]*) PARP_PATTERN=$1 +<a href="#QS_EventRequestLimit">QS_EventRequestLimit</a> PARP_PATTERN=1234 10 +# but ignore requests to the location /main/ (any sub-locations): +SetEnvIf Request_URI /main/.* !parp +</pre> +</td></tr> +</table> + +<a name="filter"></a> +<h3>Request Level, Generic Filter</h3> +These filters are defined on a per- +<a href="http://httpd.apache.org/docs/current/mod/core.html.en#location">location <img src="images/link.png"/></a> +level and are used to restrict access to resources in +general, independent of server resource availability. +New rules are added by defining a rule id prefixed by a '+'. Rules are merged +to sub-locations. If a rule should not be active for a sub-location, the +very same rule must be defined, but instead, the rule id must be prefixed with a '-'. The filter rules are implemented as Perl-compatible regular expressions +(pcre) and are applied to the decoded URL components (un-escaped characters, +e.g., %20 is a space). The generic request filter ignores the +<a href="#privilegedusers">VIP</a> status of a client.<br> +<small><i>Note: Compile mod_qos with the preprocessor definition +<code>-DQS_MOD_EXT_HOOKS</code> to enable the decoding hooks defined +in <code>mod_qos.h</code> if you intend to implement additional +decodings by other Apache modules.</i></small> +<ul> +<li> +<a name="QS_DenyRequestLine"></a> +<syntax>QS_DenyRequestLine '+'|'-'<id> 'log'|'deny' <pcre></syntax><br> +Generic request line (method, path, query, and protocol) filter used to +deny access for requests matching the defined expression (pcre, case insensitive). +The action taken for matching rules is either 'log' (access is granted but the rule +match is logged) or 'deny' (access is denied). +</li> +<li> +<a name="QS_DenyPath"></a> +<syntax>QS_DenyPath '+'|'-'<id> 'log'|'deny' <pcre></syntax><br> +Generic abs_path (see RFC 2616 section 3.2.2) filter used to deny access +for requests matching the defined expression (pcre, case insensitive). +The action taken for matching rules is either 'log' (access is granted +but the rule match is logged) or 'deny' (access is denied). +</li> +<li> +<a name="QS_DenyQuery"></a> +<syntax>QS_DenyQuery '+'|'-'<id> 'log'|'deny' <pcre></syntax><br> +Generic query (see RFC 2616 section 3.2.2) filter used to deny access for +requests matching the defined expression (pcre, case insensitive). +The action taken for matching rules is either 'log' (access is granted +but the rule match is logged) or 'deny' (access is denied). +</li> +<li> +<a name="QS_InvalidUrlEncoding"></a> +<syntax>QS_InvalidUrlEncoding 'log'|'deny'|'off'</syntax><br> +Enforces correct URL decoding in conjunction with the +<code><a href="#QS_DenyRequestLine">QS_DenyRequestLine</a></code>, +<code><a href="#QS_DenyPath">QS_DenyPath</a></code>, and +<code><a href="#QS_DenyQuery">QS_DenyQuery</a></code> directives. +Default is "off" which means that an incorrect encoding does stop +request processing. +</li> +<li> +<a name="QS_Decoding"></a> +<syntax>QS_Decoding 'uni'</syntax><br> +Enables additional string decoding functions which are applied before +matching <code>QS_Deny*</code> and <code>QS_Permit*</code> directives. +Default is URL decoding (%xx, \\xHH, '+'). <br>Available additional decodings: +<ul> +<li><code>uni</code>: unicode decoding for MS IIS (%uXXXX and \uXXXX) encoded characters. +</li> +</ul> +</li> +<li> +<a name="QS_DenyEvent"></a> +<syntax>QS_DenyEvent '+'|'-'<id> 'log'|'deny' [!]<env-variable></syntax><br> +Rule matching requests having the defined process environment variable set +(or NOT set if prefixed by a '!'). +The action taken for matching rules is either 'log' (access is granted +but the rule match is logged) or 'deny' (access is denied). +</li> +<li> +<a name="QS_PermitUri"></a> +<syntax>QS_PermitUri '+'|'-'<id> 'log'|'deny' <pcre></syntax><br> +Generic URL (path and query) filter implementing a request pattern +allow list. Only requests matching at least one <code>QS_PermitUri</code> +pattern are allowed. If a <code>QS_PermitUri</code> pattern has +been defined and the request does not match any rule, the request +is denied. +All rules must define the same action. pcre is case sensitive. +You may use the <code><a href="qsfilter2.1.html">qsfilter2</a></code> +utility to generate rules based on access log files. +</li> +<li> +<a name="QS_DenyInheritanceOff"></a> +<syntax>QS_DenyInheritanceOff</syntax><br> +Disables inheritance of <code>QS_Deny*</code> and <code>QS_Permit*</code> +directives (pattern definitions) to a location. +</li> +<li> +<a name="QS_RequestHeaderFilter"></a> +<syntax>QS_RequestHeaderFilter 'on'|'off'|'size'</syntax><br> +Filters request headers using validation rules <a href="headerfilterrules.txt">provided by mod_qos</a>. +Suspicious headers (not matching the pattern or those which are too long) are normally +dropped (removed from the request). Abnormal <code>content-*</code> headers cause +request blocking. Only the defined headers are allowed (allow list). Custom +rules (additional headers or different pattern/size definitions) may be +added using the +<code><a href="#QS_RequestHeaderFilterRule">QS_RequestHeaderFilterRule</a></code> +directive.<br> +This directive has three different operation modes: 'on' (activated), 'off' (disabled), +and 'size' (activated). The operation mode enabled by 'size' does not check the header +values against the patterns but limits the maximum length of request header +values only (similar to the Apache directive <code>LimitRequestFieldsize</code> +but with an individual rule for each header field). +This directive may be used on a per-server or per-location level.<br> +<small><i>Notes:<ul><li>Header validation is also useful to avoid bypassing of +<code><a href="http://httpd.apache.org/docs/current/mod/mod_setenvif.html#setenvif">SetEnvIf <img src="images/link.png"/></a></code> / +<code><a href="http://modsetenvifplus.sourceforge.net/#SetEnvIfPlus">SetEnvIfPlus <img src="images/link.png"/></a></code> +(if configured on a per-location level) directive settings as request headers have higher priority than +<a href="glossary.html#variables">environment variables</a> for those +directives and therefore a header sent a by client +can override an environment variable having the same name.</li> +<li> +You might also configure deny list rules (delete unwanted headers) using the +<code><a href="#QS_UnsetReqHeader">QS_UnsetReqHeader</a></code> or +<code><a href="#QS_UnsetResHeader">QS_UnsetResHeader</a></code> directive. +</li> +</ul></i></small> +</li> +<li> +<a name="QS_RequestHeaderFilterRule"></a> +<syntax>QS_RequestHeaderFilterRule <header name> 'drop'|'deny' <pcre> <size></syntax><br> +Used to add custom request header filter rules, e.g., to override the +<a href="headerfilterrules.txt">internal rules</a> (different pcre or size) +or to add additional headers which should be allowed. +Definitions are made globally (outside VirtualHost). The list of all loaded rules +is shown at server startup when using <code><a href="http://httpd.apache.org/docs/current/mod/core.html#loglevel">LogLevel <img src="images/link.png"/></a></code> "debug". pcre is +case sensitive. The size parameter defines the maximum length of a header value. +The action 'drop' removes a header not matching the pcre, the action 'deny' +rejects a request including such a header not matching the pcre. +</li> +<li> +<a name="QS_ResponseHeaderFilter"></a> +<syntax>QS_ResponseHeaderFilter 'on'|'silent'|'off'</syntax><br> +Filters response headers using validation rules <a href="headerfilterrules.txt">provided by mod_qos</a>. +Suspicious headers (not matching the pattern or those which are too long) are removed +from the response. Only the defined headers are allowed. Filter +is activated ('on' or 'silent') or deactivated ('off'). +</li> +<li> +<a name="QS_ResponseHeaderFilterRule"></a> +<syntax>QS_ResponseHeaderFilterRule <header name> <pcre> <size></syntax><br> +Used to add custom response header filter rules, e.g., to override the +<a href="headerfilterrules.txt">internal rules</a> +(different pcre or size) or to add additional headers which should be allowed. +Definitions are made globally (outside VirtualHost). A list of all loaded rules +is shown at server startup when using <code><a href="http://httpd.apache.org/docs/current/mod/core.html#loglevel">LogLevel <img src="images/link.png"/></a></code> "debug". pcre is +case sensitive. The size parameter defines the maximum length of a header value. +</li> +</ul> +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +Sample configuration:<br> +<pre> +<a href="#QS_ErrorPage">QS_ErrorPage</a> /error-docs/qs_error.html + +# add a custom request header rule: +<a href="#QS_RequestHeaderFilterRule">QS_RequestHeaderFilterRule</a> UA-CPU drop "^[a-zA-Z0-9]+$" 20 + +# enable header validation: +<a href="#QS_RequestHeaderFilter">QS_RequestHeaderFilter</a> on + +<Location /> + # don't allow access to the path /app/admin.jsp: + <a href="#QS_DenyPath">QS_DenyPath</a> +admin deny "^/app/admin.jsp$" + + # allow printable characters only within the request line: + <a href="#QS_DenyRequestLine">QS_DenyRequestLine</a> +printable deny ".*[\x00-\x19].*" +</Location> +</pre> +</td></tr> +</table> +</p> +<p> +Body data filtering requires <a href="http://parp.sourceforge.net">mod_parp <img src="images/link.png"/></a> +which processes the request's message body of the following HTTP request content types: +<code>application/x-www-form-urlencoded</code>, +<code>multipart/form-data</code>, and <code>multipart/mixed</code>. The content type +<code>application/json</code> may be processed by the built-in JSON parser of mod_qos. The body +data is transformed into a request query and may be filtered using the +<code><a href="#QS_DenyQuery">QS_DenyQuery</a></code> and +<code><a href="#QS_PermitUri">QS_PermitUri</a></code> directives. +<ul> +<li> +<a name="QS_DenyQueryBody"></a> +<syntax>QS_DenyQueryBody 'on|'off'</syntax><br> +Enables request body data filtering for the +<code><a href="#QS_DenyQuery">QS_DenyQuery</a></code> directive. +</li> +<li> +<a name="QS_PermitUriBody"></a> +<syntax>QS_PermitUriBody 'on|'off'</syntax><br> +Enables request body data filtering for the +<code><a href="#QS_PermitUri">QS_PermitUri</a></code> directive. +</li> +<li> +<a name="QS_LimitRequestBody"></a> +<syntax>QS_LimitRequestBody <bytes></syntax><br> +Limits the allowed size of an HTTP request message body. This directive may +be placed anywhere in the configuration. Alternatively, the limitation +may be set as an environment variable using +<a href="http://httpd.apache.org/docs/current/mod/mod_setenvif.html">mod_setenvif <img src="images/link.png"/></a> +(overriding the directive settings). +</li> +</ul> + +<a name="QS_DeflateReqBody"></a> +Set the <code>QS_DeflateReqBody</code> variable if the request body data has to +be deflated (compressed data) using +<a href="http://httpd.apache.org/docs/current/mod/mod_deflate.html">mod_deflate <img src="images/link.png"/></a>. + +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +Sample configuration:<br><a name="qsfiltersample"></a> +<pre> +# configure the audit log writing the request body data to a file +# (use this log to generate allow list rules using <a href="qsfilter2.1.html">qsfilter2</a> +# when <a href="#QS_PermitUriBody">QS_PermitUriBody</a> has been enabled) +# format: +# %h: +# The remote host (used to filter by IP address). +# %>s: +# The HTTP response status code. +# %{qos-loc}n +# The matching Location to generate the rules for. +# %{qos-path}n%{qos-query}n +# The request data required by qsfilter2 to generate rules. +CustomLog logs/qsaudit_log "%h %>s %{qos-loc}n %{qos-path}n%{qos-query}n" + +# enable json parser +PARP_BodyData application/json + +<a href="#QS_RequestHeaderFilter">QS_RequestHeaderFilter</a> on + +# limit the max. body size since mod_parp loads the whole message into the +# servers's memory: +SetEnvIfNoCase Content-Type application/x-www-form-urlencoded <a href="#QS_LimitRequestBody">QS_LimitRequestBody</a>=131072 +SetEnvIfNoCase Content-Type multipart/form-data <a href="#QS_LimitRequestBody">QS_LimitRequestBody</a>=131072 +SetEnvIfNoCase Content-Type multipart/mixed <a href="#QS_LimitRequestBody">QS_LimitRequestBody</a>=131072 +SetEnvIfNoCase Content-Type application/json <a href="#QS_LimitRequestBody">QS_LimitRequestBody</a>=65536 + +# enable mod_deflate input filter for compressed request body data: +SetEnvIfNoCase Content-Encoding (gzip|compress|deflate) <a href="#QS_DeflateReqBody">QS_DeflateReqBody</a> + +<Location /app> + # don't allow a certain string pattern within the request query or + # the request message body data: + <a href="#QS_DenyQueryBody">QS_DenyQueryBody</a> on + <a href="#QS_DenyQuery">QS_DenyQuery</a> +s01 deny "(EXEC|SELECT|INSERT|UPDATE|DELETE)" +</Location> +</pre> +</td></tr> +</table> +You may enable request body filtering for arbitrary content types: +<ul> +<li>Register the <a href="http://parp.sourceforge.net">mod_parp <img src="images/link.png"/></a> raw parser using the +<code><a href="http://parp.sourceforge.net/#PARP_BodyData">PARP_BodyData <img src="images/link.png"/></a></code> directive.</li> +<li>Enable mod_parp for the content type using the +<code><a href="http://httpd.apache.org/docs/current/mod/mod_setenvif.html#setenvifnocase">SetEnvIfNoCase <img src="images/link.png"/></a></code> directive.</li> +<li>Use <code><a href="#QS_SetEnvIfBody">QS_SetEnvIfBody</a></code> to detect patterns within the HTTP request body.</li> +<li>The <code><a href="#QS_DenyEvent">QS_DenyEvent</a></code> directive denies access for the request.</li> +</ul> +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +Sample configuration:<br> +<pre> +# sample (using the raw body parser of mod_parp) which denies XML documents +# containing the pattern "<code>delete</code>": +PARP_BodyData text/xml +SetEnvIfNoCase Content-Type text/xml.* parp +SetEnvIfNoCase Content-Type application/xml <a href="#QS_LimitRequestBody">QS_LimitRequestBody</a>=65536 +<a href="#QS_SetEnvIfBody">QS_SetEnvIfBody</a> <code>delete</code> DENYACTION +<Location /app/web> + <a href="#QS_DenyEvent">QS_DenyEvent</a> +BADCODE deny DENYACTION +</Location> +</pre> +</td></tr> +</table> +</p> +<p> +<a name="QS_MileStone"></a> +<h4>Milestones</h4> +You may define a number of resources (request line patterns) as milestones. A +client must access these resources in the correct order as they are defined within +the server configuration. A client is not allowed to skip these milestones (but may access +any other resource not covered by a milestone in between requests to milestones). +<ul> +<li> +<syntax>QS_MileStone 'log'|'deny' <pattern> [<thinktime>]</syntax><br> +Defines request line patterns a client must access in the defined order as +they are defined in the configuration file. The optional 'thinktime' parameter +defines the minimal elapse time (in seconds) between two milestones. +Milestones are defined on a per-server basis, outside +<a href="http://httpd.apache.org/docs/current/mod/core.html.en#location">location <img src="images/link.png"/></a>. +Access to milestones is tracked by a dedicated +<a href="#QS_SessionKey">session cookie</a> (QSSCD). +</li> +<li> +<a name="QS_MileStoneTimeout"></a> +<syntax>QS_MileStoneTimeout <seconds></syntax><br> +Defines the time in seconds within which a client must reach the next +milestone. Default are 3600 seconds. +</li> +</ul> +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +Sample configuration:<br> +<pre> +# four milestones: +# 1) client must start with /app/index.html +# 2) and then read some images (e.g. media used within the first page) +# 3) before posting data to /app/register +# 4) afterwards, the user may download zip files +<a href="#QS_MileStone">QS_MileStone</a> deny "^GET /app/index.html" +<a href="#QS_MileStone">QS_MileStone</a> deny "^GET /app/images/.*" +<a href="#QS_MileStone">QS_MileStone</a> deny "^POST /app/register*" +<a href="#QS_MileStone">QS_MileStone</a> deny "^GET /app/.*\.zip HTTP/..." +</pre> +</td></tr> +</table> +</p> + +<a name="connectionlevelcontrol"></a> +<h3>Connection Level Control</h3> +<p> +The module features the following directives to control server access on a per-server +(TCP connection) level. These directives must only be used in the global server context +and for port based virtual hosts. +Virtual hosts neither defining <code>QS_SrvMaxConn</code>, <code>QS_SrvMaxConnClose</code>, +nor <code>QS_SrvMaxConnPerIP</code> are using the base server's settings and counters. +And do not use these three directives for name based virtual hosts! +<ul> +<li> +<a name="QS_SrvMaxConn"></a> +<syntax>QS_SrvMaxConn <number></syntax><br> +Defines the maximum allowed number of <a href="glossary.html#concurrency">concurrent</a> +TCP connections for this server (virtual host). +</li> +<li> +<a name="QS_SrvMaxConnClose"></a> +<syntax>QS_SrvMaxConnClose <number>[%]</syntax><br> +Defines the maximum number of connections for this server (virtual host) supporting +HTTP keep-alive. If the number of <a href="glossary.html#concurrency">concurrent</a> +connections exceeds this threshold, the TCP connections +gets closed after each request. You may specify the number of +connections as a percentage of <a href="http://httpd.apache.org/docs/current/mod/mpm_common.html#maxrequestworkers"><code>MaxClients</code> <img src="images/link.png"/></a> if adding the suffix '%' to the +specified value.<br> +<small><i>Note: It's also possible to control the Keep-Alive settings dynamically using +the <code><a href="#QS_KeepAliveTimeout">QS_KeepAliveTimeout</a></code> +and <code><a href="#QS_MaxKeepAliveRequests">QS_MaxKeepAliveRequests</a></code> +environment <a href="glossary.html#variables">variables</a>.</i></small> +</li> +<li> +<a name="QS_SrvMaxConnPerIP"></a> +<syntax>QS_SrvMaxConnPerIP <number> [<connections>]</syntax><br> +Defines the maximum number of connections per source IP address for this server (virtual host). +The "connections" argument defines the number of busy connections of the server +(all virtual hosts) to enable this limitation, default is 0 (which means that the limitation +is always enabled, even the server is idle). +</li> +<li> +<a name="QS_SrvMaxConnExcludeIP"></a> +<syntax>QS_SrvMaxConnExcludeIP <address></syntax><br> +Defines an IP address or address range to be excluded from connection +level control restrictions (trusted proxy servers). An address range +must end with a "." or ":". +</li> +<li> +<a name="QS_SrvMaxConnPerIPIgnoreVIP"></a> +<syntax>QS_SrvMaxConnPerIPIgnoreVIP 'on'|'off'</syntax><br> +Tells the <a href="#QS_SrvMaxConnPerIP"><code>QS_SrvMaxConnPerIP</code></a> directive +to ignore (if set to "on") the <a href="#privilegedusers">VIP</a> status of +clients. Default is "off", which means that <code>QS_SrvMaxConnPerIP</code> gets +disabled for VIPs. +</li> +<li> +<a name="QS_SrvMinDataRate"></a> +<syntax>QS_SrvMinDataRate <bytes per second> [<max bytes per second> [<connections>]]</syntax><br> +Defines the minimum upload/download throughput a client must generate (the bytes +sent/received by the client per seconds). This bandwidth is measured while +receiving request data (<i>in</i>: request line, header fields, or body), sending response data +(<i>out</i>: header fields, body) and during keep-alive (<i>enforce keep-alive</i>). +The client connection is closed if the client does not fulfill this required minimal +data rate and the IP address of the causing client is marked in order to be handled +with low priority (see the <code><a href="#QS_ClientPrefer">QS_ClientPrefer</a></code> directive). +The "max bytes per second" activates <u><a href="images/SrvMinDataRate.png">dynamic minimum throughput control</a></u>: +The required minimal throughput is increased in parallel to the number of concurrent clients +sending/receiving data (starts increasing when reaching the "connections" threshold) +as a percentage of the "max bytes per second" which maximum is reached when the number of +sending/receiving clients is equal to the <code>MaxClients</code> setting. +The "connections" argument is used to specify the number of busy TCP connections a +server must have to enable this feature (used to disable the +<code>QS_SrvMinDataRate</code> rule enforcement on idle servers).<br> +This directives must only be used in the global server context. +</li> +<li> +<a name="QS_SrvRequestRate"></a> +<syntax>QS_SrvRequestRate <bytes per second> [<max bytes per second>]</syntax><br> +Same as <code><a href="#QS_SrvMinDataRate">QS_SrvMinDataRate</a></code> but enforcing a +minimal upload (reading request) throughput only. +</li> +<li> +<a name="QS_SrvDataRateOff"></a> +<syntax>QS_SrvDataRateOff</syntax><br> +Disables the <code><a href="#QS_SrvMinDataRate">QS_SrvMinDataRate</a></code> or +<code><a href="#QS_SrvRequestRate">QS_SrvRequestRate</a></code> enforcement +for a virtual host. +</li> +<li> +<a name="QS_SrvMinDataRateOffEvent"></a> +<syntax>QS_SrvMinDataRateOffEvent '+'|'-'<env-variable></syntax><br> +Disables the <code><a href="#QS_SrvMinDataRate">QS_SrvMinDataRate</a></code> or +<code><a href="#QS_SrvRequestRate">QS_SrvRequestRate</a></code> enforcement +for a connection when the defined process environment variable is set. +The '+' prefix is used to add a variable to the configuration while the '-' prefix +is used to remove a variable. Directive may be used on a per-server or a +per-<a href="http://httpd.apache.org/docs/current/mod/core.html.en#location">location <img src="images/link.png"/></a> basis. +</li> +<li> +<a name="QS_SrvSampleRate"></a> +<syntax>QS_SrvSampleRate <seconds></syntax><br> +Defines the sampling rate used to measure the data throughput. +Default is 5 seconds or the value you have used for +<code>QS_REQ_RATE_TM</code> while compiling the module. +Increase this value if you want to compensate bandwidth +variations.<br> +This directives must only be used in the global server context.<br> +<small><i>Note: It might also be increased to avoid too many error messages generated by a +<code>QS_SrvMinDataRate</code> rule for clients opening unused TCP pre-connections +which might happen if Apache's +<code><a href="http://httpd.apache.org/docs/current/mod/core.html#timeout">TimeOut <img src="images/link.png"/></a></code> directive is set to higher value than this sample rate. +</i></small> +</li> +<li> +<a name="QS_SrvMinDataRateIgnoreVIP"></a> +<syntax>QS_SrvMinDataRateIgnoreVIP 'on'|'off'</syntax><br> +Tells the <a href="#QS_SrvMinDataRate"><code>QS_SrvMinDataRate</code></a> directive +to ignore (if set to "on") the <a href="#privilegedusers">VIP</a> status of +clients. Default is "off", which means that <code>QS_SrvMinDataRate</code> gets +disabled for VIPs. +</li> +<li> +<a name="QS_SrvSerialize"></a> +<syntax>QS_SrvSerialize 'on'|'off' [<timeout>]</syntax><br> +Ensures that not more than one request having the +<a href="#QS_SrvSerialize_var"><code>QS_SrvSerialize</code></a> +variable set is processed at the same time by +<a href="glossary.html#serialization">serializing</a> them +(process one request after each other). Default is "off".<br> +<small><i>Note: Maximum wait time for a request is defined by the +optional timeout parameter (in seconds). The default is 300 seconds. +</i></small> +</li> +<li> +Throttling the download bandwidth: +mod_qos does not support bandwidth limitation on a per connection +basis but you might use the <code>RATE_LIMIT</code> filter +provided by the Apache module +<a href="https://httpd.apache.org/docs/2.4/mod/mod_ratelimit.html">mod_ratelimit <img src="images/link.png"/></a> +to implement a bandwidth rate limitation for connections. +</li> +</ul> + +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +Sample configuration:<br> +<pre> +# minimum data rate (bytes/sec) when the server +# has 150 or more open TCP connections: +<a href="#QS_SrvMinDataRate">QS_SrvMinDataRate</a> 64 256 150 + +# limits the connections for this virtual host: +<a href="#QS_SrvMaxConn">QS_SrvMaxConn</a> 800 + +# allows keep-alive support till the server reaches 600 connections: +<a href="#QS_SrvMaxConnClose">QS_SrvMaxConnClose</a> 600 + +# allows max 50 connections from a single ip address: +<a href="#QS_SrvMaxConnPerIP">QS_SrvMaxConnPerIP</a> 50 + +# disables connection restrictions for certain clients: +<a href="#QS_SrvMaxConnExcludeIP">QS_SrvMaxConnExcludeIP</a> 172.18.3.32 +<a href="#QS_SrvMaxConnExcludeIP">QS_SrvMaxConnExcludeIP</a> 192.168.10. +</pre> +</td></tr> +</table> +</p> + +<a name="clientlevelcontrol"></a> +<h3>Client Level Control</h3> +<p> +Client level control rules are applied per client (IP source address). +These directives must only be used in the global server context. +<ul> +<li> +<a name="QS_ClientEntries"></a> +<syntax>QS_ClientEntries <number></syntax><br> +Defines the number of individual clients managed by mod_qos. +Default is 50'000 concurrent IP addresses. Each client requires +about 150 bytes memory on a 64bit system (depending on how many +<code><a href="#QS_ClientEventLimitCount">QS_ClientEventLimitCount</a></code> +events you have configured). Client IP source address store +survives graceful server restart. The maximum value is 10'000'000. +</li> +<li> +<a name="QS_ClientEventRequestLimit"></a> +<syntax>QS_ClientEventRequestLimit <number></syntax><br> +Defines the allowed number of <a href="glossary.html#concurrency">concurrent</a> +requests coming from the same client source IP address having the +<code><a href="#QS_EventRequest">QS_EventRequest</a></code> variable set.<br> +<small><i>Note: You may use the <code>QS_ClientIpFromHeader <header></code> +directive to override the client's IP address based on the value within the defined +HTTP request header (e.g., X-Forwarded-For) instead of taking the IP address of +the client which has opened the TCP connection.</i></small> +</li> +<li> +<a name="QS_ClientEventPerSecLimit"></a> +<syntax>QS_ClientEventPerSecLimit <number></syntax><br> +Defines how often a client may cause a +<code><a href="#QS_Event">QS_Event</a></code> +<a href="glossary.html#requestPerSecond">per second</a>. Such events are requests having the +<code><a href="#QS_Event">QS_Event</a></code> variable set, e.g., defined by +using the <code><a href="http://httpd.apache.org/docs/current/mod/mod_setenvif.html#setenvif">SetEnvIf <img src="images/link.png"/></a></code> directive. +The rule is enforced by adding a delay to requests causing +the event (similar to the <code><a href="#QS_LocRequestPerSecLimit">QS_LocRequestPerSecLimit</a></code> +directive). +</li> +<li> +<a name="QS_ClientEventBlockCount"></a> +<a name="QS_ClientEventBlockExcludeIP"></a> +<syntax>QS_ClientEventBlockCount <number> [<seconds>]</syntax><br> +Defines the <a href="glossary.html#repeat">maximum number</a> of <code><a href="#QS_Block">QS_Block</a></code> +events allowed within the defined time (default is 600 seconds). +Client IP is blocked when reaching this counter for the specified +time (blocked at connection level: user might not always get a +user friendly error response).<br/> +<small><i>Notes: +<ul> +<li> +You may use <code>QS_ClientEventBlockExcludeIP <addr></code> +to exclude an IP address from being processed by this limitation +(e.g. for trusted clients connecting via a proxy server). An address +range must end with a "." or ":". +</li> +<li>The counter can be decremented by setting the environment +variable <code><a href="#_Decrement">QS_Block_Decrement</a></code>. +</li> +</ul></i></small> +</li> +<li> +<a name="QS_ClientEventLimitCount"></a> +<syntax>QS_ClientEventLimitCount <number> [<seconds> [<variable>]]</syntax><br> +Defines the <a href="glossary.html#repeat">maximum number</a> of requests +having the defined environment variables +(<code><a href="#QS_Limit">QS_Limit</a></code> by default) set allowed within +the defined time (default is 600 seconds). Requests from client IP's reaching +this limitation are denied for the specified time (blocked at request level). <br/> +<small><i>Notes: +<ul> +<li>The value of the variable defines the penalty points by which the counters +are increased. Default (empty or non-numeric value) is 1 (increment per request).</li> +<li><a name="QS_ClientIpFromHeader"></a> +You may use the <code>QS_ClientIpFromHeader <header></code> +directive to determine the client's IP address based on the defined HTTP +request header (e.g., X-Forwarded-For) instead of taking the IP address +of the client which has opened the TCP connection. The header must only +contain a single IP address.<br> +You might also use a pseudo IP address by creating a hash from the +header's value if you prefix the header name by a '#', +e.g. <code>#Authorization</code> to use the HTTP basic auth header. +as the pseudo IP address. The special name <code>#SSL_CLIENT_S_DN</code> +creates a pseudo IP from the SSL client certificate's subject and issuer DN. +</li> +<li>The current value of this counter is stored within the variable suffixed +by <code><a href="#_Counter">_Counter</a></code>, e.g. <code>QS_Limit_Counter</code> for further +processing by other rules. </li> +<a name="QS_Limit_Remaining"></a> +<li>The remaining time (in seconds) is stored within the variabled suffixed +by <code>_Remaining</code>, e.g. <code>QS_Limit_Remaining</code> to be +used within <a href="glossary.html#ssi">SSI</a> error pages.</li> +<li>The counter can be reset by setting the environment variable which name is +suffixed by <code><a href="#_Clear">_Clear</a></code>, e.g. <code>QS_Limit_Clear</code>. +<li>The counter can be decremented by setting the environment variable which name is +suffixed by <code><a href="#_Decrement">_Decrement</a></code>, e.g. <code>QS_Limit_Decrement</code>. +<li>Adding/removing events (configuration changes) require a server restart +(graceful restart is not supported).</li> +<li>Only the default rule (<code><a href="#QS_Limit">QS_Limit</a></code>) is accessibly by the +<a href="#statusviewer">status viewer</a> (you may use the +<a href="#webconsole">console</a> to view other variables alternatively).</li> +<li>See also <a href="#QS_CondClientEventLimitCount"><code>QS_CondClientEventLimitCount</code></a> +if you want to enforce a rule under certain conditions only.</li> +</ul></i></small> +</li> +<li> +<a name="QS_ClientSerialize"></a> +<syntax>QS_ClientSerialize</syntax><br> +<a href="glossary.html#serialization">Serializes</a> requests having the +<a href="#QS_Serialize"><code>QS_Serialize</code></a> +variable set if they are coming from the same IP address.<br> +<small><i>Notes: +<ul> +<li>You may use the <code>QS_ClientIpFromHeader <header></code> directive to +override the client's IP address based on the value within the defined HTTP request +header (e.g., X-Forwarded-For) instead of taking the IP address of the client which has opened +the TCP connection. +</li> +<li>Maximum wait time for a request is 5 minutes. +</li> +</ul></i></small> +</li> +<li> +<a name="QS_ClientPrefer"></a> +<syntax>QS_ClientPrefer [<percent>]</syntax><br> +Accepts only <a href="#privilegedusers">VIP</a> +and high priority clients when the server has less than 80% +(or the defined percentage) of free TCP connections. The server +<u><a href="images/ClientPrefer.png">continues dropping more and more clients</a></u> +(also those with few penalty points) the higher the number of connections +grows. +<br>Use the +<code><a href="#QS_VipHeaderName">QS_VipHeaderName</a></code> or +<code><a href="#QS_VipIPHeaderName">QS_VipIPHeaderName</a></code> +directive in order to identify <a href="#privilegedusers">VIP</a> clients.<br> +The distinction between high and low priority clients is made +based on penalty points which are calculated based of these attributes: +<ul> +<li>Data transfer behavior (clients sending data slowly / their transfer rate) (0x01).</li> +<li>Accessing "unusual" content types (see <code><a href="#QS_ClientTolerance">QS_ClientTolerance</a></code> +and <code><a href="#QS_ClientContentTypes">QS_ClientContentTypes</a></code>) +(0x00 unknown / 0x02 normal / 0x04 unusual).</li> +<li>Causing events <a href="#QS_ClientEventBlockCount">blocking</a> / +<a href="#QS_ClientEventLimitCount">limiting</a> them (0x08 block / 0x10 limit).</li> +<li>If their connections get closed due to timeouts (0x20).</li> +</ul> +HTTP requests causing a client to get marked as "low priority" have the +"r;" event within the <a href="#mod_qos_ev">mod_qos_ev</a> variable set. +You may use the <a href="#statusviewer">status viewer</a> to determine +which client addresses are identified as low priority clients. Feature is +disabled if directive is not set.<br> +A low priority flag is cleared after 24h hours. Clients identified by +<code><a href="#QS_SrvMaxConnExcludeIP">QS_SrvMaxConnExcludeIP</a></code> +are excluded from connection restrictions. Filter is applied on connection level +blocking clients even before the server starts reading the HTTP request data. +</li> +<li> +<a name="QS_ClientTolerance"></a> +<syntax>QS_ClientTolerance <percent></syntax><br> +Defines the allowed variation from a "normal" client (average) behavior when enabling +the <code><a href="#QS_ClientPrefer">QS_ClientPrefer</a></code> directive. Default is 20%. +</li> +<li> +<a name="QS_ClientContentTypes"></a> +<syntax>QS_ClientContentTypes <html> <css/js> <images> <other> <304></syntax><br> +Defines the distribution of HTTP response content types a client normally +receives when accessing the server. Can only be used in conjunction with the +<code><a href="#QS_ClientPrefer">QS_ClientPrefer</a></code> directive. +<code><a href="#QS_ClientTolerance">QS_ClientTolerance</a></code> defines +the allowed deviation from these values. mod_qos normally learns the average +behavior automatically by default (you can see the learned values within +the <a href="#statusviewer">status viewer</a> or by enabling the +<a href="#QS_Status"><code>QS_Status</code></a> log messages) but +you may specify a static configuration using this directive in order +to avoid influences by a high number of abnormal clients. Default is +automatic self-learning. +</li> +<li> +<a name="QS_ClientGeoCountryDB"></a> +<syntax>QS_ClientGeoCountryDB <path></syntax><br> +Defines the path to the geographical database file. +The file is a Comma Separated Value (CSV) format file +(<a href="https://sourceforge.net/p/mod-qos/source/HEAD/tree/trunk/test/conf/GeoIPCountryWhois.csv?format=raw">example</a>). +Each line contains the following fields: +<ul> +<li> +Double quoted beginning <i><id title="where w.x.y.z results in 16777216*w + 65536*x + 256*y + z">IPv4 number</id></i> of the address range, e.g. "1052272128" for 62.184.102.0 +</li> +<li> +Double quoted ending <i><id title="where w.x.y.z results in 16777216*w + 65536*x + 256*y + z">IPv4 number</id></i> of the address range, e.g. "1052272543" for 62.184.103.159. +</li> +<li> +Double quoted ISO 3166 country code, e.g. "FR" for France. +</li> +</ul> +The <a href="#QS_Country"><code>QS_Country</code></a> variable contains +the country code for the client's IP address. <br> +<small><i>Note: You may use the <code>QS_ClientIpFromHeader <header></code> directive to +override the client's IP address based on the value within the defined HTTP request +header (e.g., X-Forwarded-For) instead of taking the IP address of the client which has opened +the TCP connection to evaluate this variable.</i></small> +</li> +<li> +<a name="QS_ClientGeoCountryPriv"></a> +<syntax>QS_ClientGeoCountryPriv <list> <connections> ['excludeUnknown']</syntax><br> +Defines a comma separated list of country codes for origin client IPv4 address +which are allowed to access the server even if the number of busy TCP +connections reaches the defined number of connections.<br> +Uses the geographical database loaded by +<a href="#QS_ClientGeoCountryDB"><code>QS_ClientGeoCountryDB</code></a>. +<br>Clients whose IP can't be mapped to a country code can be excluded +from the limitation by configuring the 'excludeUnknown' argument. +</li> +</ul> + +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +Sample configuration:<br> +<pre> +# allows not more than 20 events/penalty points per 10 minutes: +<a href="#QS_ClientEventBlockCount">QS_ClientEventBlockCount</a> 20 + +# don't allow a client to access /app/start.html more than +# 20 times within 10 minutes: +SetEnvIf Request_URI /app/start.html <a href="#QS_Block">QS_Block</a>=1 + +# don't allow more than 4 "403" status code responses +# (forbidden) for a client within 10 minutes: +<a href="#QS_SetEnvIfStatus">QS_SetEnvIfStatus</a> 403 <a href="#QS_Block">QS_Block</a>=5 +</pre> +</td></tr> +</table> +</p> + +<a name="messages"></a> +<h2>Log Messages</h2> +<a name="errorlog"></a> +<h3>Error Log</h3> +<p> +mod_qos writes <a href="MESSAGES.txt">messages</a> to Apache's error log when +detecting a rule violation. Each error message is prefixed by an id: +<code>mod_qos(<number>)</code>. These error codes (number only) +are also written to the error notes (Apache's <code>error-notes</code> note +as well as the <a href="#QS_ErrorNotes"><code>QS_ErrorNotes</code></a> +variable) in order to be processed within error pages using +<a href="glossary.html#ssi">server-side includes (SSI)</a>. +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +<pre> +mod_qos(00x): initialisation event +mod_qos(01x): request level control event +mod_qos(08x): request level control event +mod_qos(02x): vip session event +mod_qos(03x): connection level event +mod_qos(04x): generic filter event +mod_qos(14x): generic filter event +mod_qos(05x): bandwidth limitation event +mod_qos(06x): client control event +mod_qos(16x): client control event +mod_qos(07x): console errors +mod_qos(08x): initialisation/resource errors +mod_qos(10x): geo errors +</pre> +</td></tr> +</table> +</p> + +<a name="accesslog"></a> +<h3>Access Log</h3> +<p> +mod_qos adds event variables to the request record which may be added +to access log messages. +<ul> +<li> +<a name="mod_qos_ev"></a> +<syntax>mod_qos_ev</syntax> <br> Status event message of mod_qos. It's a +single letter which is used to signalize an event: "D"=denied, "S"=pass +due to an available <a href="#privilegedusers">VIP</a> session, +"V"=create VIP session (cookie), "v"=marks an IP as VIP, +"K"=connection closed (no keep-alive), "T"=dynamic keep-alive, +"r"=IP is marked as a slow/bad client, "L"=means a request slowdown, +"u"=request without a <a href="#QS_UserTrackingCookieName">user tracking cookie</a>, +and "s" is used for serialized requests. The letter "A" for connection abort +is set if the status code detection +<a href="#BrokenConnection"><code>BrokenConnection</code></a> +has been configured. +</li> +<li> +<a name="mod_qos_cr"></a> +<syntax>mod_qos_cr</syntax> <br> The number of concurrent requests to a +location matching the <code><a href="#QS_LocRequestLimit">QS_LocRequestLimit</a></code>, +<code><a href="#QS_LocRequestLimitMatch">QS_LocRequestLimitMatch</a></code>, +<code><a href="#QS_LocRequestPerSecLimit">QS_LocRequestPerSecLimit</a></code>, +<code><a href="#QS_LocRequestPerSecLimitMatch">QS_LocRequestPerSecLimitMatch</a></code>, +<code><a href="#QS_LocKBytesPerSecLimit">QS_LocKBytesPerSecLimit</a></code>, +<code><a href="#QS_LocKBytesPerSecLimitMatch">QS_LocKBytesPerSecLimitMatch</a></code>, +<code><a href="#QS_CondLocRequestLimitMatch">QS_CondLocRequestLimitMatch</a></code>, +or <code><a href="#QS_EventRequestLimit">QS_EventRequestLimit</a></code> directive. +</li> +<li> +<a name="mod_qos_con"></a> +<syntax>mod_qos_con</syntax> <br> This event shows the number of +concurrent connections to this server. Only available if the directive +<a href="#QS_SrvMaxConn"><code>QS_SrvMaxConn</code></a> +is used. +</li> +<li> +<a name="mod_qos_user_id"></a> +<a name="QS_UserTrackingCookieName"></a> +<syntax>mod_qos_user_id</syntax> <br> The user id which is available when +enabling <a href="glossary.html#UserTracking">user tracking</a>.<br> +<a href="glossary.html#UserTracking">User tracking</a> is based on a unique identifier generated by +<a href="https://httpd.apache.org/docs/current/mod/mod_unique_id.html">mod_unique_id <img src="images/link.png"/></a>. +This unique identifier is stored as a cookie. The user tracking +feature is enabled by setting the +<code>QS_UserTrackingCookieName <name> [<path>] [<domain>] ['session'] ['jsredirect']</code> +directive.<br> +Options of the <code>QS_UserTrackingCookieName</code> directive are: +<ul> +<li>The <code>name</code> argument defining the name of the +user tracking cookie.</li> +<li>The <code>path</code> specifies a local error document +which is shown if a user does not accept the cookie (enforcement). +<br> +You may disable this enforcement for certain clients by setting the +<code>DISABLE_UTC_ENFORCEMENT</code> environment variable at server +level (outside Location), e.g., to allow crawlers not supporting +cookies to access your site.<br/> +This option can be used to ensure whether a client/browser accepts cookies +at all which might be a requirement of your application.</li> +<li><code>domain</code> defines optionally the domain attribute for +the Set-Cookie header.</li> +<li>The <code>session</code> flag indicates that a short lived (per +session) cookie shall be created which won't be stored by the browser +permanently.</li> +<li>When using the additional option <code>'jsredirect'</code>, +the client (browser) has to interpret Javascript used within the +<a href="http://mod-qos.sourceforge.net/cookie-ir.shtml">cookie check page</a> +to fetch the cookie and to execute the redirect back to the initially +requested page (adding Javascript to the cookie challenge).<br> +The following <a href="glossary.html#ssi">SSI variables</a> can be used:<ul> +<li><code>QS_UT_QUERY</code>: Query string to call (ajax) the cookie +page again to obtain the cookie.</li> +<li><code>QS_UT_NAME</code>: Name of the cookie.</li> +<li><code>QS_UT_INITIAL_URI</code>: Initial page to redirect to.</li> +</ul> +</ul> +<small><i> +Notes: +<ul> +<li><code>QS_UserTrackingCookieName</code> ignores the +<code><a href="#QS_LogOnly">QS_LogOnly</a></code> +directive.</li> +<li>The cookie is secured by the <code><a href="#QS_SessionKey">QS_SessionKey</a></code> +and you should set this directive to have a constant key.</li> +</ul> +</li> +</i></small> +<li> +<a name="UNIQUE_ID"></a> +<syntax>UNIQUE_ID</syntax> <br> This is a unique request id generated by +mod_unique_id. mod_qos uses this id to mark messages written to the +error log. So it might be useful to log the <code>UNIQUE_ID</code> +environment variable as well, in order to correlate errors +to access log messages. +</li> +<li> +<a name="QS_ConnectionId"></a> +<syntax>QS_ConnectionId</syntax> <br> Connection correlation id used to +mark all messages belonging to the same TCP connection. +</li> +</ul> +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +Sample configuration:<br> +<pre> +LogFormat "%h %u %t \"%r\" %>s %b %T \"%{content-length}i\" %k \"%{User-Agent}i\" \ + %{mod_qos_cr}e %{mod_qos_ev}e %{mod_qos_con}e %{QS_SrvConn}e %{QS_AllConn}e \ + id=%{UNIQUE_ID}e %{QS_ConnectionId}e %{mod_qos_user_id}e %{QS_Country}e #%P" +</pre> +</td></tr> +</table> +</p> + +<a name="requeststatistics"></a> +<h3>Request Statistics</h3> +<p> +The <code><a href="qslog.1.html">qslog</a></code> tool, which is part of +the support utilities of mod_qos, may be used to gather request +statistics from Apache's access log data. This includes data such +as the number of denied requests or new VIP session creations per +minute but also total requests per second and other data. Refer +to the usage text of the <code><a href="qslog.1.html">qslog</a></code> +utility and read <a href="glossary.html#RequestStatistics">"Request Statistics Using qslog"</a> +for further details. +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +<pre> +CustomLog "|/usr/bin/qslog -o logs/qslog.csv -x -f ISBDQkU" \ + "%h %>s %b %D %{mod_qos_ev}e %k %{mod_qos_user_id}e" +</pre> +</td></tr> +</table> +</p> +<p> +<a name="QSLog"></a> +Instead of using the standard Apache log <code>CustomLog</code> directive, +you may use the <code>QSLog</code> directive of mod_qos alternatively. This +allows you to configure a single log file for your Apache instance (globally, +not per virtual host) and you don't have to specify the format (-f) option. +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +<pre> +QSLog "|/usr/bin/qslog -o /var/log/apache/qslog.csv" +</pre> +</td></tr> +</table> +</p> + +<a name="statusviewer"></a> +<h3>Status Viewer</h3> +<p> +mod_qos features a handler showing the current connection and request status. +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +<pre> +<Location /qos> + SetHandler qos-viewer +</Location> +</pre> +</td></tr> +</table> +A machine-readable version of the status information is available when using +the request query string <code>auto</code>, e.g., +<code>http://your.server.name/qos?auto</code>. The page updates itself +automatically every 10 seconds if you add the request +query string <code>refresh</code>, e.g., +<code>http://your.server.name/qos?refresh</code>.<br> +<a name="QS_EventCount"></a> +<small><i>Note: This view also shows you the <a href="#errorlog">error log event</a> +counters if you enable event (errors and warnings) counting by +configuring <code>QS_EventCount on</code> and are using any +<a href="#clientlevelcontrol">client level limitation</a> using +<code>QS_Client*</code> directives.</i></small> +</p> +<p> +The status information is also provided on the server status page of +<a href="http://httpd.apache.org/docs/current/mod/mod_status.html">mod_status <img src="images/link.png"/></a> +(although in a reduced scope).<br> +<small><i>Note: Compile mod_qos with the preprocessor definition +<code>-DQS_NO_STATUS_HOOK</code> to disable its registration to +the status page rendered by mod_status.</i></small> +</p> +<p> +<a name="QS_DisableHandler"></a> +Use the directive <code>QS_DisableHandler on</code> to disable the qos-viewer and qos-console for +a virtual host in order to prevent accidental activation of these functions, including by configuration +settings of per-directory files (e.g., .htaccess). +</p> +<p> +<a name="QS_Status"></a> +The directive <code>QS_Status 'on'|'off'</code> may be used to enable a +status log message (<i>mod_qos(200)</i>) written to the Apache server's +<code>ErrorLog</code>. This message contains information about the server's +scoreboard. The message is written once every minute. +</p> + +<a name="webconsole"></a> +<h3>Web Console</h3> +<p> +mod_qos implements an Apache handler which acts as a web console for setting attributes via HTTP requests. +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +<pre> +<Location /qos/console> + SetHandler qos-console +</Location> +</pre> +</td></tr> +</table> +Access a location where you have enabled the <code>qos-console</code> handler +with a web client and use the following request query parameter to modify +the status of a client (may only be used if <a href="#clientlevelcontrol">client level control</a> +has been enabled). +<ul> +<li> +<syntax>address=<IP address></syntax><br>Specifies the IP address of the client to modify. +</li> +<li> +<syntax>action='block'|'unblock'|'limit'|'unlimit'|'inclimit'|'setvip'|'unsetvip'|'setlowprio'|'unsetlowprio'|'search'</syntax><br>Defines the command to be executed, or the attribute to be changed. +<ul> +<li><code>block</code>: <a href="#QS_ClientEventBlockCount">blocks</a> the client for the configured period of time, +see also <code><a href="#QS_ClientEventBlockCount">QS_ClientEventBlockCount</a></code>.</li> +<li><code>unblock</code>: clears the <a href="#QS_ClientEventBlockCount">block</a> attribute of the client.</li> +<li><code>limit</code>: <a href="#QS_ClientEventLimitCount">denies requests</a> +from the client IP for the configured period of time, see also +<code><a href="#QS_ClientEventLimitCount">QS_ClientEventLimitCount</a></code>.</li> +<li><code>unlimit</code>: clears the <a href="#QS_ClientEventLimitCount">limit</a> +attribute of the client.</li> +<li><code>inclimit</code>: increments the client's <a href="#QS_ClientEventLimitCount">limit</a> counter.</li> +<li><code>setvip</code>: sets the client status to <a href="#privilegedusers">VIP</a>.</li> +<li><code>unsetvip</code>: clears the <a href="#privilegedusers">VIP</a> status for a client.</li> +<li><code>setlowprio</code>: sets the client's <a href="#QS_ClientPrefer">priority</a> to 'low'.</li> +<li><code>unsetlowprio</code>: clears the 'low' <a href="#QS_ClientPrefer">priority</a> +attribute of the client.</li> +<li><code>search</code>: verifies the availability of a client IP address. <br/>Use the asterisk (*) +for the <code>address</code> parameter in order to get a list of all available clients (dump).</li> +</ul> +</li> +<li><syntax>event=<name></syntax><br>Specifies the event name of the +<code><a href="#QS_ClientEventLimitCount">QS_ClientEventLimitCount</a></code> +directive <a href="glossary.html#repeat">counter</a> which shall be +shown or modified (used in conjunction with the <code>limit</code>, +<code>unlimit</code>, <code>inclimit</code>, and <code>search</code> action). +Default is <code><a href="#QS_Limit">QS_Limit</a></code>.</li> +</ul> +</p> +<p> +The output (which is plain text) contains the following fields: +<ul> + <li>IP address</li> + <li><a href="#privilegedusers">VIP</a> status</li> + <li>low <a href="#QS_ClientPrefer">priority</a> status</li> + <li><code><a href="#QS_ClientEventBlockCount">QS_ClientEventBlockCount</a></code> + counter (<a href="glossary.html#repeat">Cr</a>) and + remaining time (<a href="glossary.html#repeat">Td</a>)</li> + <li><code><a href="#QS_ClientEventLimitCount">QS_ClientEventLimitCount</a></code> + counter (<a href="glossary.html#repeat">Cr</a>) and + remaining time (<a href="glossary.html#repeat">Td</a>)</li> +</ul> +The wildcard search (<code>address=*</code>) generates a by a newline separated list of +all client IP entries. Each line is prefixed by an index and terminated +by the time of the last entry update (seconds since epoch). +</p> +<p> +The console may be used to manually update the status of a client (IP) or +for automated actions. <br/>Examples: +<ul> +<li>To unlock a client which got blocked by mistake.</li> +<li>To synchronize events within multiple Apache instances. <br/> +An example using <code><a href="qsexec.1.html">qsexec</a></code> +is available within the +<a href="https://sourceforge.net/p/mod-qos/source/HEAD/tree/trunk/test/sync.sh?format=raw">source code repository</a>.</li> +<li><a href="https://sourceforge.net/p/mod-qos/source/HEAD/tree/trunk/tools/cc_sync_2k.sh?format=raw">Download/upload</a> client status from one +Apache instance to another (or to the same instance, +e.g., when restarting an instance).</li> +</ul> +</p> +<p> +Examples to access the console: +<ul> +<li>Sets VIP status for the IP 194.31.217.21:<br> +<code>http://your.server.name/qos/console?action=setvip&address=194.31.217.21</code></li> +<li>Clears the QS_Limit counter for the IP 194.31.217.21:<br> +<code>http://your.server.name/qos/console?action=unlimit&address=194.31.217.21&event=QS_Limit</code></li> +</ul> +</p> +<p> +The <a href="#statusviewer">status viewer</a> may be used as well to +verify the status of the client. Example: <br/> +<code>http://your.server.name/qos?action=search&address=194.31.217.21</code> +</p> + +<a name="utilities"></a> +<h3>Utilities</h3> +<p> +mod_qos provides optional tools for log data processing and analysis: +<ul> +<a name="qsdt"></a> +<li><syntax><a href="qsdt.1.html">qsdt</a></syntax><br>Simple tool +to measure the elapse time between related log messages.</li> +<a name="qsexec"></a> +<li><syntax><a href="qsexec.1.html">qsexec</a></syntax><br>Command execution +triggered by patterns within log files.</li> +<a name="qsfilter2"></a> +<li><syntax><a href="qsfilter2.1.html">qsfilter2</a></syntax><br> +Rule generator. Creates <code><a href="#filter">QS_Permit*</a></code> directives and rule patterns +from audit log files.</li> +<a name="qsgeo"></a> +<li><syntax><a href="qsgeo.1.html">qsgeo</a></syntax><br>Adds the country code +for the client IP address within a log file.</li> +<a name="qsgrep"></a> +<li><syntax><a href="qsgrep.1.html">qsgrep</a></syntax><br>Searches a file for a +pattern and prints the data in a new format.</li> +<a name="qslog"></a> +<li><syntax><a href="qslog.1.html">qslog</a></syntax><br>A real time +<code><a href="http://httpd.apache.org/docs/current/mod/mod_log_config.html">TransferLog/CustomLog <img src="images/link.png"/></a></code> +data analyzer. It reads the per request log data from stdin and generates +statistic records every minute.</li> +<a name="qslogger"></a> +<li><syntax><a href="qslogger.1.html">qslogger</a></syntax><br>Shell command +interface to the syslog(3) system log module.</li> +<a name="qspng"></a> +<li><syntax><a href="qspng.1.html">qspng</a></syntax><br>Creates graphics (png +images) from the output of <code>qslog</code>.</li> +<a name="qsre"></a> +<li><syntax><a href="qsre.1.html">qsre</a></syntax><br>Regular expression (pcre) +pattern match test tool.</li> +<a name="qsrespeed"></a> +<li><syntax><a href="qsrespeed.1.html">qsrespeed</a></syntax><br>Compares the +expected processing time per regular expression.</li> +<a name="qsrotate"></a> +<li><syntax><a href="qsrotate.1.html">qsrotate</a></syntax><br>Log rotation tool +similar to Apache's <code>rotatelogs</code>.</li> +<a name="qssign"></a> +<li><syntax><a href="qssign.1.html">qssign</a></syntax><br>A log data integrity +check tool. It reads log data from stdin (pipe) and writes the signed data +to stdout adding a sequence number and signature to ever log line.<br> +<a href="https://sourceforge.net/p/mod-qos/source/HEAD/tree/trunk/tools/logstash-filter-qssign/lib/logstash/filters/qssign.rb?format=raw"><code>qssign.rb</code></a> is a <a href="http://www.logstash.net/">Logstash <img src="images/link.png"/></a> filter +plugin which may be used to verify the signatures of log messages in real time.</li> +<a name="qstail"></a> +<li><syntax><a href="qstail.1.html">qstail</a></syntax><br>Shows the end of a log +file beginning at a defined pattern.</li> +</ul> + +</p> + + +<a name="usecases"></a> +<h2>Sample Use Cases</h2> + +The following use cases may give you an idea about how to use mod_qos. +<a name="Slow_Application"></a> +<h3>Slow Application</h3> +<p> +In case of a very slow application (e.g., at location /ccc), requests wait +until a timeout occurs. Due to many waiting requests, there are no free TCP +connections left and the web sever is not able to process other requests +to applications still working fine, e.g., to /aaa, /bbb /dd1, and /dd2. +mod_qos limits the number of <a href="glossary.html#concurrency">concurrent</a> +requests to an application in order to +assure the availability of other resources. +<br><br>Example:<br> +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +<pre> +# maximum number of active TCP connections is limited to 256 (limited +# by the available memory, adjust the settings according to the +# used hardware): +MaxClients 256 + +# limits the maximum of concurrent requests per application to 100: +<a href="#QS_LocRequestLimit">QS_LocRequestLimit</a> /aaa 100 +<a href="#QS_LocRequestLimit">QS_LocRequestLimit</a> /bbb 100 +<a href="#QS_LocRequestLimit">QS_LocRequestLimit</a> /ccc 100 +<a href="#QS_LocRequestLimitMatch">QS_LocRequestLimitMatch</a> "^(/dd1/|/dd2/).*$" 100 +</pre> +</td></tr> +</table> +The <code><a href="qslog.1.html">qslog</a></code> tool may be used +to analyze your log files in order to identify "slow" resources by +using the <code>-pu</code>, <code>-puc</code>, or <code>-c</code> option. +</p> + +<a name="HTTP_Keep-Alive"></a> +<h3>HTTP Keep-Alive</h3> +<p> +The keep-alive extension of HTTP 1.1 allows persistent TCP connections for +multiple requests/responses. This accelerates access to the web server due to less and optimized network traffic. The disadvantage of these persistent +connections is that server resources are blocked even when no data is exchanged +between client and server. mod_qos allows a server to support keep-alive +as long as sufficient connections are available, but stops the keep-alive +support when it reaches a defined connection threshold. +<br><br>Example:<br> +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +<pre> +# maximum number of active TCP connections is limited to 256 (limited +# by the available memory, adjust the settings according to the +# used hardware): +MaxClients 256 + +# disables keep-alive when 70% of the TCP connections are occupied: +<a href="#QS_SrvMaxConnClose">QS_SrvMaxConnClose</a> 70% +</pre> +</td></tr> +</table> +</p> + +<a name="Client_Opens_Many_Concurrent_Connections"></a> +<h3>Client Opens Many Concurrent Connections</h3> +<p> +A single client may open many TCP connections simultaneously in order to +download different content from the web server. So the client gets many +connections while other users may not be able to access the server because +no free connections remain for them. mod_qos can limit the number +of concurrent connections for a single IP source address. +<br><br>Example:<br> +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +<pre> +# maximum number of active TCP connections is limited to 896 +# (limited by the available memory, adjust the settings according to the +# used hardware): +MaxClients 896 + +# don't allow a single client to open more than 50 TCP connections if +# the server has not more than 196 free connections: +<a href="#QS_SrvMaxConnPerIP">QS_SrvMaxConnPerIP</a> 50 700 +</pre> +</td></tr> +</table> +</p> + +<a name="Many_Requests_to_a_Single_URL"></a> +<h3>Many Requests to a Single URL</h3> +<p> +If you have to limit the number of requests to an URL, mod_qos can help +with that, too. You may limit the number of requests per second to +an URL. mod_qos will then calculate the necessary delay time to be added +to each requests accessing this resource in order to achieve the defined +limitation. +<br><br>Example:<br> +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +<pre> +# does not allow more than 150 requests/sec: +<a href="#QS_LocRequestPerSecLimit">QS_LocRequestPerSecLimit</a> /download/mod_qos.so.gz 150 + +# but do not allow more than 600 concurrent requests: +<a href="#QS_LocRequestLimit">QS_LocRequestLimit</a> /download/mod_qos.so.gz 600 +</pre> +</td></tr> +</table> +</p> +<a name="Many_Requests_to_a_Single_URL_SLOW"></a> +<p> +Alternatively, if you need to reduce the number of processed requests +per time to a very low value, you might add a (predefined or +dynamically calculated) delay to each request and process only +one of them at the same time. However, this will delay every +request to the defined URI, even the server is idle. +<br><br>Example:<br> +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +<pre> +# does not allow more than 4 requests/sec by adding a wait time of 250ms +# to each request and process only one request at once: +SetEnvIf Request_URI ^/download/mod_qos.so.gz <a href="#QS_SrvSerialize">QS_SrvSerialize</a>=1 +SetEnvIf Request_URI ^/download/mod_qos.so.gz <a href="#QS_Delay">QS_Delay</a>=250 +<a href="#QS_SrvSerialize">QS_SrvSerialize</a> on + +# but do not allow more than 600 concurrent requests: +<a href="#QS_EventRequestLimit">QS_EventRequestLimit</a> <a href="#QS_SrvSerialize">QS_SrvSerialize</a> 600 +</pre> +</td></tr> +</table> +</p> + +<a name="Limit_per_IP"></a> +<p> +mod_qos can also restrict the access to an URL by limiting the number +of requests from a single IP address (<code>LimitDownloadCounter</code> is +the <a href="glossary.html#repeat">counter</a> to use while the +<code>LimitDownloadNow</code> pattern is used to limit access to this +specific resource only still allowing the IP address to access +other resources). +<br><br>Example:<br> +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +<pre> +# does not allow more than 4 downloads of mod_qos.so.gz per minute from a single IP address: +SetEnvIf Request_URI ^/download/mod_qos.so.gz LimitDownloadCounter +SetEnvIf Request_URI ^/download/mod_qos.so.gz <a href="#QS_Cond">QS_Cond</a>=LimitDownloadNow +<a href="#QS_CondClientEventLimitCount">QS_CondClientEventLimitCount</a> 4 60 LimitDownloadCounter LimitDownloadNow +</pre> +</td></tr> +</table> +</p> + +<a name="bandwidth_restriction"></a> +<h3>Bandwidth Restriction</h3> +<p> +It's sometimes necessary to restrict the bandwidth consumed by +clients downloading certain type of data in order to avoid +that the entire bandwidth of your Internet connection is +exploited by less important data traffic, e.g. if your web server +hosts large files to be downloaded.<br/> +mod_qos allows you to defined the bandwidth which may be +used when accessing a defined URL or when the server returns a +certain content-type. +<br><br>Example:<br> +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +<pre> +# limits the download bandwidth when accessing ISO images to 1 megabyte/sec +# and does not allow more then 300 clients to download such file type in +# parallel: +<a href="#QS_LocKBytesPerSecLimitMatch">QS_LocKBytesPerSecLimitMatch</a> \.iso 1024 +<a href="#QS_LocRequestLimitMatch">QS_LocRequestLimitMatch</a> \.iso 300 +</pre> +</td></tr> +</table> +</p> + +<a name="brute_force"></a> +<h3>Brute Force</h3> +<p> +Sometimes, you want to limit how often a resource may be accessed +within a certain amount of time, e.g., to defend against brute-force +respectively dictionary attacks or an account lockout DoS (someone +systematically locks user accounts by too many invalid sign-in +attempts). mod_qos allows you to limit this either server wide +(any request accessing the resource) by using the +<code><a href="#QS_EventLimitCount">QS_EventLimitCount</a></code> directive, +or on a per client IP basis using the +<code><a href="#QS_ClientEventLimitCount">QS_ClientEventLimitCount</a></code> +directive. +<br><br>Example:<br> +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +<pre> +# allows a single IP address to access the URI /wp-login.php not more +# than 10 times within an hour: +SetEnvIf Request_URI ^/wp-login.php LimitLogin +<a href="#QS_ClientEventLimitCount">QS_ClientEventLimitCount</a> 10 3600 LimitLogin +</pre> +</td></tr> +</table> +<small> +<i>Note: Multiple users may share an IP addresses which might cause false +positives. You might avoid this by decrementing the counter on successful +user authentication / login, e.g. by setting the variable +<code><a href="#_Decrement">LimitLogin_Decrement=1</a></code>. +</i></small> +</p> +<p> +A brute force attack might also be performed by many distributed +clients (thousands of clients, but every client performs a few +requests only). To add protection to your server, you might configure an +overall limitation for critical resources allowing only known clients +(<a href="#privilegedusers">VIPs</a>) +to access your server without any restrictions. The +<code><a href="#QS_CondEventLimitCount">QS_CondEventLimitCount</a></code> +directive might be used to achieve this. +</p> +<a name="ddos"></a> +<a name="Too_Many_Client_Connections"></a> +<h3>Too Many Client Connections</h3> +<p> +mod_qos may <a href="#QS_ClientPrefer">prefer</a> "known" client IP +addresses in the case that too many clients access the server. +"Known" clients are those which have once been identified by the +application by setting the corresponding +<a href="#QS_VipIPHeaderName ">HTTP response header</a>. +Such identification may happen at successful user login. +Connections from clients which are not known to mod_qos +(never marked by the corresponding response header) are denied +if the server runs on low TCP connection resources (20% or +fewer free connections in this example). mod_qos may +also prefer those clients which communicate with the server +instantaneously and fast, and denies access to slow clients +sending data irregularly, in case the server has not enough +resources.</p> +<p> +You may also set limitations defining how many resources +may be requested by a single IP address source, e.g., using +the <code><a href="#QS_SrvMaxConnPerIP">QS_SrvMaxConnPerIP</a></code> +directive and you can <a href="#HTTP_Keep-Alive">disable HTTP keep-alive</a> +dynamically.</p> +<p> +For more information about how mod_qos can help you in such situations, see the article +<a href="http://mod-qos.sourceforge.net/dos.html">"Denial of Service Defense"</a>. +<br><br>Example:<br> +<table border="0" cellspacing="5" cellpadding="10" width="100%"> +<tr><td bgcolor="#E2EDE2"> +<pre> +# maximum number of active TCP connections is limited to 896 (limited +# by the available memory, adjust the settings according to the used +# hardware): +MaxClients 896 + +# idle timeout: +Timeout 5 + +# keep alive (for up to 85% of all connections): +KeepAlive on +MaxKeepAliveRequests 40 +KeepAliveTimeout 2 +<a href="#QS_SrvMaxConnClose">QS_SrvMaxConnClose</a> 85% + +# name of the HTTP response header which marks preferred clients (this +# may be used to let the application decide which clients are "good" and +# have higher privileges, e.g. authenticated users. +# you may also use the <a href="#QS_VipIPUser">QS_VipIPUser</a> directive when using an Apache +# authentication module such as mod_auth_basic or <a href="http://auth-openid.sourceforge.net/">mod_auth_oid <img src="images/link.png"/></a>): +<a href="#QS_VipIPHeaderName">QS_VipIPHeaderName</a> mod-qos-login + +# enables the known client prefer mode (server allows new TCP connections +# from known/good clients only if there are more than 716 open TCP connections): +<a href="#QS_ClientPrefer">QS_ClientPrefer</a> 80% + +# don't allow more than 30 TCP connections per client source address being +# processed if the server has 500 or more open connections: +<a href="#QS_SrvMaxConnPerIP">QS_SrvMaxConnPerIP</a> 30 500 +</pre> +</td></tr> +</table> +</p> + + +</td></tr> +</tbody> +</table> +<br> +<hr> +<small><small>© 2007-2023, Pascal Buchbinder - mod_qos version 11.74</small></small> +</body> +</html> diff --git a/doc/qsdt.1.html b/doc/qsdt.1.html new file mode 100644 index 0000000..3dbafad --- /dev/null +++ b/doc/qsdt.1.html @@ -0,0 +1,85 @@ + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML><HEAD><TITLE>Man page of QSDT</TITLE> +<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/> +<META name='author' content='Pascal Buchbinder' /> +</HEAD><BODY> +<H1>QSDT</H1> +Section: qsdt man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A> +<A HREF="index.html#utilities">Return to Main Contents</A><HR> + +<P> +<A NAME="lbAB"> </A> +<H2>NAME</H2> + +qsdt calculates the elapsed time between two related log messages. +<A NAME="lbAC"> </A> +<H2>SYNOPSIS</H2> + +qsdt [-t <regex>] -i <regex> -s <regex> -e <regex> [-v] [<path>] +<A NAME="lbAD"> </A> +<H2>DESCRIPTION</H2> + +qsdt is a simple tool to search two different messages in a log file and calculates the elapsed time between these lines. The two log messages need a common identifier such an unique request id (UNIQUE_ID), a thread id, or a transaction code. +<A NAME="lbAE"> </A> +<H2>OPTIONS</H2> + +<DL COMPACT> +<DT>-t <regex> <DD> +Defines a pattern (regular expression) matching the log line's timestamp. The pattern must include two sub-expressions, one matching hours, minutes and seconds the other matching the milliseconds. Default pattern is ([0-9]{2}:[0-9]{2}:[0-9]{2})[.,]([0-9]{3}) +<DT>-i <regex> <DD> +Pattern (regular expression) matching the identifier which the two messages have in common. The sub-expression defines the part which needs to be extracted from the matching string. Note: You can also use the start (-s) and end (-e) pattern to define the sub-expression matching this identifier. +<DT>-s <regex> <DD> +Defines the pattern (regular expression or literal string) identifying the first (start) of the two messages. +<DT>-e <regex> <DD> +Defines the pattern (regular expression or literal string) identifying the second (end) of the two messages. +<DT>-v <DD> +Verbose mode. +<DT><path> <DD> +Defines the input file to process. qsdt reads from from standard input if this parameter is omitted. +</DL> +<A NAME="lbAF"> </A> +<H2>EXAMPLE</H2> + +Sample command line arguments: +<P> +<BR> -i ' ([a-z0-9]+) [A-Z]+ ' -s 'Received Request' -e 'Received Response' +<P> +<BR> matching those sample log messages: +<BR> 2018-03-12 16:34:08.653 threadid23 INFO Received Request +<BR> 2018-03-13 16:35:09.891 threadid23 DEBUG MessageHandler Received Response +<P> +<A NAME="lbAG"> </A> +<H2>NOTE</H2> + +The four patterns (t,i,s,e) are concatenated into two search patterns: +<BR> first (start): [t (HH:MM:SS)(SSS) ].*[i (id) ].*[s ] +<BR> second (end): [t (HH:MM:SS)(SSS) ].*[i (id) ].*[e ] +<P> +And the three sub-expression are used to extract the timestamp and the unique identifier that the start and end message have in common. This means that you could specify the sub-expression for the unique identifier in the start (-s) or end (-e) pattern alternatively, e.g. in case the identifier is at the end of the log line. +<A NAME="lbAH"> </A> +<H2>SEE ALSO</H2> + +<A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1) +<A NAME="lbAI"> </A> +<H2>AUTHOR</H2> + +Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A> +<P> + +<HR> +<A NAME="index"> </A><H2>Index</H2> +<DL> +<DT><A HREF="#lbAB">NAME</A><DD> +<DT><A HREF="#lbAC">SYNOPSIS</A><DD> +<DT><A HREF="#lbAD">DESCRIPTION</A><DD> +<DT><A HREF="#lbAE">OPTIONS</A><DD> +<DT><A HREF="#lbAF">EXAMPLE</A><DD> +<DT><A HREF="#lbAG">NOTE</A><DD> +<DT><A HREF="#lbAH">SEE ALSO</A><DD> +<DT><A HREF="#lbAI">AUTHOR</A><DD> +</DL> +<HR> + +</BODY> +</HTML> diff --git a/doc/qsexec.1.html b/doc/qsexec.1.html new file mode 100644 index 0000000..d9d0490 --- /dev/null +++ b/doc/qsexec.1.html @@ -0,0 +1,72 @@ + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML><HEAD><TITLE>Man page of QSEXEC</TITLE> +<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/> +<META name='author' content='Pascal Buchbinder' /> +</HEAD><BODY> +<H1>QSEXEC</H1> +Section: qsexec man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A> +<A HREF="index.html#utilities">Return to Main Contents</A><HR> + +<P> +<A NAME="lbAB"> </A> +<H2>NAME</H2> + +qsexec - parses the data received via stdin and executes the defined command on a pattern match. +<P> +<A NAME="lbAC"> </A> +<H2>SYNOPSIS</H2> + +qsexec -e <pattern> [-t <number>:<sec>] [-c <pattern> [<command string>]] [-p] [-u <user>] <command string> +<A NAME="lbAD"> </A> +<H2>DESCRIPTION</H2> + +qsexec reads log lines from stdin and searches for the defined pattern. It executes the defined command string on pattern match. +<A NAME="lbAE"> </A> +<H2>OPTIONS</H2> + +<DL COMPACT> +<DT>-e <pattern> <DD> +Specifies the search pattern causing an event which shall trigger the command. +<DT>-t <number>:<sec> <DD> +Defines the number of pattern match within the the defined number of seconds in order to trigger the command execution. By default, every pattern match causes a command execution. +<DT>-c <pattern> [<command string>] <DD> +Pattern which clears the event counter. Executes optionally a command if an event command has been executed before. +<DT>-p <DD> +Writes data also to stdout (for piped logging). +<DT>-u <name> <DD> +Become another user, e.g. www-data. +<DT><command string> <DD> +Defines the event command string where $0-$9 are substituted by the submatches of the regular expression. +</DL> +<A NAME="lbAF"> </A> +<H2>EXAMPLE</H2> + +Executes the deny.sh script providing the IP address of the client causing a mod_qos(031) messages whenever the log message appears 10 times within at most one minute: +<BR> ErrorLog "|/usr/bin/qsexec -e \'mod_qos\(031\).*, c=([0-9a-zA-Z:.]*)\' -t 10:60 \'/usr/local/bin/deny.sh $1\'" +<P> +<A NAME="lbAG"> </A> +<H2>SEE ALSO</H2> + +<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1) +<A NAME="lbAH"> </A> +<H2>AUTHOR</H2> + +Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A> +<P> + +<HR> +<A NAME="index"> </A><H2>Index</H2> +<DL> +<DT><A HREF="#lbAB">NAME</A><DD> +<DT><A HREF="#lbAC">SYNOPSIS</A><DD> +<DT><A HREF="#lbAD">DESCRIPTION</A><DD> +<DT><A HREF="#lbAE">OPTIONS</A><DD> +<DT><A HREF="#lbAF">EXAMPLE</A><DD> +<DT><A HREF="#lbAG">SEE ALSO</A><DD> +<DT><A HREF="#lbAH">AUTHOR</A><DD> +</DL> +<HR> + +</BODY> +</HTML> diff --git a/doc/qsfilter2.1.html b/doc/qsfilter2.1.html new file mode 100644 index 0000000..dd4aa06 --- /dev/null +++ b/doc/qsfilter2.1.html @@ -0,0 +1,127 @@ + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML><HEAD><TITLE>Man page of QSFILTER2</TITLE> +<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/> +<META name='author' content='Pascal Buchbinder' /> +</HEAD><BODY> +<H1>QSFILTER2</H1> +Section: qsfilter2 man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A> +<A HREF="index.html#utilities">Return to Main Contents</A><HR> + +<P> +<A NAME="lbAB"> </A> +<H2>NAME</H2> + +qsfilter2 - an utility to generate mod_qos request line rules out from existing access/audit log data. +<A NAME="lbAC"> </A> +<H2>SYNOPSIS</H2> + +qsfilter2 -i <path> [-c <path>] [-d <num>] [-h] [-b <num>] [-p|-s|-m|-o] [-l <len>] [-n] [-e] [-u 'uni'] [-k <prefix>] [-t] [-f <path>] [-v 0|1|2] +<A NAME="lbAD"> </A> +<H2>DESCRIPTION</H2><p><img src="qsfilter2_process.gif" alt="overview"></p> + +mod_qos implements a request filter which validates each request line. The module supports both, negative and positive security model. The QS_Deny* directives are used to specify request line patterns which are not allowed to access the server (negative security model / deny list). These rules are used to restrict access to certain resources which should not be available to users or to protect the server from malicious patterns. The QS_Permit* rules implement a positive security model (allow list). These directives are used to define allowed request line patterns. Request which do not match any of these patterns are not allowed to access the server. +<P> +qsfilter2 is an audit log analyzer used to generate filter rules (perl compatible regular expressions) which may be used by mod_qos to deny access for suspect requests (QS_PermitUri rules). It parses existing audit log files in order to generate request patterns covering all allowed requests. +<A NAME="lbAE"> </A> +<H2>OPTIONS</H2> + +<DL COMPACT> +<DT>-i <path> <DD> +Input file containing request URIs. The URIs for this file have to be extracted from the servers access logs. Each line of the input file contains a request URI consisting of a path and and query. +<BR> Example: +<BR> /aaa/index.do +<BR> /aaa/edit?image=1.jpg +<BR> /aaa/image/1.jpg +<BR> /aaa/view?page=1 +<BR> /aaa/edit?document=1 +<P> +These access log data must include current request URIs but also request lines from previous rule generation steps. It must also include request lines which cover manually generated rules. You may use the 'qos-path' and 'qos-query' variables to create an audit log containing all request data (path and query/body data). Example: 'CustomLog audit_log %{qos-path}n%{qos-query}n'. See also <A HREF="http://mod-qos.sourceforge.net#qsfiltersample">http://mod-qos.sourceforge.net#qsfiltersample</A> about the module settings. +<DT>-c <path> <DD> +mod_qos configuration file defining QS_DenyRequestLine and QS_PermitUri directives. qsfilter2 generates rules from access log data automatically. Manually generated rules (QS_PermitUri) may be provided from this file. Note: each manual rule must be represented by a request URI in the input data (-i) in order to make sure not to be deleted by the rule optimisation algorithm. QS_Deny* rules from this file are used to filter request lines which should not be used for allow list rule generation. +<BR> Example: +<BR> # manually defined allow list rule: +<BR> QS_PermitUri +view deny "^[/a-zA-Z0-9]+/view\?(page=[0-9]+)?$" +<BR> # filter unwanted request line patterns: +<BR> QS_DenyRequestLine +printable deny ".*[\x00-\x19].*" +<P> +<P> +<DT>-d <num> <DD> +Depth (sub locations) of the path string which is defined as a literal string. Default is 1. +<DT>-h <DD> +Always use a string representing the handler name in the path even the url does not have a query. See also -d option. +<DT>-b <num> <DD> +Replaces url pattern by the regular expression when detecting a base64/hex encoded string. Detecting sensibility is defined by a numeric value. You should use values higher than 5 (default) or 0 to disable this function. +<DT>-p <DD> +Represents query by pcre only (no literal strings). +<DT>-s <DD> +Uses one single pcre for the whole query string. +<DT>-m <DD> +Uses one pcre for multiple query values (recommended mode). +<DT>-o <DD> +Does not care the order of query parameters. +<DT>-l <len> <DD> +Outsizes the query length by the defined length ({0,size+len}), default is 10. +<DT>-n <DD> +Disables redundant rules elimination. +<DT>-e <DD> +Exit on error. +<DT>-u 'uni' <DD> +Enables additional decoding methods. Use the same settings as you have used for the QS_Decoding directive. +<DT>-k <prefix> <DD> +Prefix used to generate rule identifiers (QSF by default). +<DT>-t <DD> +Calculates the maximal latency per request (worst case) using the generated rules. +<DT>-f <path> <DD> +Filters the input by the provided path (prefix) only processing matching lines. +<DT>-v <level> <DD> +Verbose mode. (0=silent, 1=rule source, 2=detailed). Default is 1. Don't use rules you haven't checked the request data used to generate it! Level 1 is highly recommended (as long as you don't have created the log data using your own web crawler). +</DL> +<A NAME="lbAF"> </A> +<H2>OUTPUT</H2> + +The output of qsfilter2 is written to stdout. The output contains the generated QS_PermitUri directives but also information about the source which has been used to generate these rules. It is very important to check the validity of each request line which has been used to calculate the QS_PermitUri rules. Each request line which has been used to generate a new rule is shown in the output prefixed by "ADD line <line number>:". These request lines should be stored and reused at any later rule generation (add them to the URI input file). The subsequent line shows the generated rule. At the end of data processing a list of all generated QS_PermitUri rules is shown. These directives may be used withn the configuration file used by mod_qos. +<A NAME="lbAG"> </A> +<H2>EXAMPLE</H2> + +<BR> qsfilter2 -i loc.txt -c httpd.conf -m -e +<BR> ... +<BR> # ADD line 1: /aaa/index.do +<BR> # 003 ^(/[a-zA-Z0-9\-_]+)+[/]?\.?[a-zA-Z]{0,4}$ +<BR> # ADD line 3: /aaa/view?page=1 +<BR> # --- ^[/a-zA-Z0-9]+/view\?(page=[0-9]+)?$ +<BR> # ADD line 4: /aaa/edit?document=1 +<BR> # 004 ^[/a-zA-Z]+/edit\?((document)(=[0-9]*)*[&]?)*$ +<BR> # ADD line 5: /aaa/edit?image=1.jpg +<BR> # 005 ^[/a-zA-Z]+/edit\?((image)(=[0-9\.a-zA-Z]*)*[&]?)*$ +<BR> ... +<BR> QS_PermitUri +QSF001 deny "^[/a-zA-Z]+/edit\?((document|image)(=[0-9\.a-zA-Z]*)*[&]?)*$" +<BR> QS_PermitUri +QSF002 deny "^[/a-zA-Z0-9]+/view\?(page=[0-9]+)?$" +<BR> QS_PermitUri +QSF003 deny "^(/[a-zA-Z0-9\-_]+)+[/]?\.?[a-zA-Z]{0,4}$" +<P> +<A NAME="lbAH"> </A> +<H2>SEE ALSO</H2> + +<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1) +<A NAME="lbAI"> </A> +<H2>AUTHOR</H2> + +Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A> +<P> + +<HR> +<A NAME="index"> </A><H2>Index</H2> +<DL> +<DT><A HREF="#lbAB">NAME</A><DD> +<DT><A HREF="#lbAC">SYNOPSIS</A><DD> +<DT><A HREF="#lbAD">DESCRIPTION</A><DD> +<DT><A HREF="#lbAE">OPTIONS</A><DD> +<DT><A HREF="#lbAF">OUTPUT</A><DD> +<DT><A HREF="#lbAG">EXAMPLE</A><DD> +<DT><A HREF="#lbAH">SEE ALSO</A><DD> +<DT><A HREF="#lbAI">AUTHOR</A><DD> +</DL> +<HR> + +</BODY> +</HTML> diff --git a/doc/qsfilter2_process.gif b/doc/qsfilter2_process.gif Binary files differnew file mode 100644 index 0000000..907d466 --- /dev/null +++ b/doc/qsfilter2_process.gif diff --git a/doc/qsgeo.1.html b/doc/qsgeo.1.html new file mode 100644 index 0000000..33487ab --- /dev/null +++ b/doc/qsgeo.1.html @@ -0,0 +1,77 @@ + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML><HEAD><TITLE>Man page of QSGEO</TITLE> +<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/> +<META name='author' content='Pascal Buchbinder' /> +</HEAD><BODY> +<H1>QSGEO</H1> +Section: qsgeo man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A> +<A HREF="index.html#utilities">Return to Main Contents</A><HR> + +<P> +<A NAME="lbAB"> </A> +<H2>NAME</H2> + +qsgeo - an utility to lookup a client's country code. +<A NAME="lbAC"> </A> +<H2>SYNOPSIS</H2> + +qsgeo -d <path> [-l] [-s] [-ip <ip>] +<A NAME="lbAD"> </A> +<H2>DESCRIPTION</H2> + +Use this utility to resolve the country codes of IP addresses within existing log files. The utility reads the log file data from stdin and writes them, with the injected country code, to stdout. +<A NAME="lbAE"> </A> +<H2>OPTIONS</H2> + +<P> +<DL COMPACT> +<DT>-d <path> <DD> +Specifies the path to the geographical database files (CSV file containing IP address ranges and country codes). +<DT>-s <DD> +Writes a summary of the requests per country only. +<DT>-l <DD> +Writes the database to stdout (ignoring stdin) inserting local (127.*) and private (10.*, 172.16*, 192.168.*) network addresses. +<DT>-ip <ip> <DD> +Resolves a single IP address instead of processing a log file. +</DL> +<A NAME="lbAF"> </A> +<H2>EXAMPLE</H2> + +Reading the file access.log and adding the country code to the IP address field: +<P> +<BR> cat access.log | qsgeo -d GeoIPCountryWhois.csv +<P> +Reading the file access.log and showing a summary only: +<P> +<BR> cat access.log | qsgeo -d GeoIPCountryWhois.csv -s +<P> +Resolving a single IP address: +<P> +<BR> qsgeo -d GeoIPCountryWhois.csv -ip 192.84.12.23 +<P> +<A NAME="lbAG"> </A> +<H2>SEE ALSO</H2> + +<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1) +<A NAME="lbAH"> </A> +<H2>AUTHOR</H2> + +Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A> +<P> + +<HR> +<A NAME="index"> </A><H2>Index</H2> +<DL> +<DT><A HREF="#lbAB">NAME</A><DD> +<DT><A HREF="#lbAC">SYNOPSIS</A><DD> +<DT><A HREF="#lbAD">DESCRIPTION</A><DD> +<DT><A HREF="#lbAE">OPTIONS</A><DD> +<DT><A HREF="#lbAF">EXAMPLE</A><DD> +<DT><A HREF="#lbAG">SEE ALSO</A><DD> +<DT><A HREF="#lbAH">AUTHOR</A><DD> +</DL> +<HR> + +</BODY> +</HTML> diff --git a/doc/qsgrep.1.html b/doc/qsgrep.1.html new file mode 100644 index 0000000..6dd5552 --- /dev/null +++ b/doc/qsgrep.1.html @@ -0,0 +1,67 @@ + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML><HEAD><TITLE>Man page of QSGREP</TITLE> +<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/> +<META name='author' content='Pascal Buchbinder' /> +</HEAD><BODY> +<H1>QSGREP</H1> +Section: qsgrep man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A> +<A HREF="index.html#utilities">Return to Main Contents</A><HR> + +<P> +<A NAME="lbAB"> </A> +<H2>NAME</H2> + +qsgrep - prints matching patterns within a file. +<A NAME="lbAC"> </A> +<H2>SYNOPSIS</H2> + +qsgrep -e <pattern> -o <sub string> [<path>] +<A NAME="lbAD"> </A> +<H2>DESCRIPTION</H2> + +qsgrep is a simple tool to search patterns within files. It uses regular expressions to find patterns and prints the submatches within a pre-defined format string. +<A NAME="lbAE"> </A> +<H2>OPTIONS</H2> + +<DL COMPACT> +<DT>-e <pattern> <DD> +Specifies the search pattern. +<DT>-o <string> <DD> +Defines the output string where $0-$9 are substituted by the submatches of the regular expression. +<DT><path> <DD> +Defines the input file to process. qsgrep reads from from standard input if this parameter is omitted. +<P> +</DL> +<A NAME="lbAF"> </A> +<H2>EXAMPLE</H2> + +Shows the IP addresses of clients causing mod_qos(031) messages): +<P> +<BR> qsgrep -e 'mod_qos\(031\).*, c=([a-zA-Z0-9:.]*)' -o 'ip=$1' error_log +<P> +<A NAME="lbAG"> </A> +<H2>SEE ALSO</H2> + +<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1) +<A NAME="lbAH"> </A> +<H2>AUTHOR</H2> + +Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A> +<P> + +<HR> +<A NAME="index"> </A><H2>Index</H2> +<DL> +<DT><A HREF="#lbAB">NAME</A><DD> +<DT><A HREF="#lbAC">SYNOPSIS</A><DD> +<DT><A HREF="#lbAD">DESCRIPTION</A><DD> +<DT><A HREF="#lbAE">OPTIONS</A><DD> +<DT><A HREF="#lbAF">EXAMPLE</A><DD> +<DT><A HREF="#lbAG">SEE ALSO</A><DD> +<DT><A HREF="#lbAH">AUTHOR</A><DD> +</DL> +<HR> + +</BODY> +</HTML> diff --git a/doc/qshead.1.html b/doc/qshead.1.html new file mode 100644 index 0000000..5ef66d0 --- /dev/null +++ b/doc/qshead.1.html @@ -0,0 +1,54 @@ + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML><HEAD><TITLE>Man page of QSHEAD</TITLE> +<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/> +<META name='author' content='Pascal Buchbinder' /> +</HEAD><BODY> +<H1>QSHEAD</H1> +Section: qshead man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A> +<A HREF="index.html#utilities">Return to Main Contents</A><HR> + +<P> +<A NAME="lbAB"> </A> +<H2>NAME</H2> + +qshead - an utility reading from stdin and printing all lines to stdout until reaching the defined pattern. +<A NAME="lbAC"> </A> +<H2>SYNOPSIS</H2> + +qshead -p <pattern> +<A NAME="lbAD"> </A> +<H2>DESCRIPTION</H2> + +qshead reads lines from stdin and prints them to stdout until a line contains the specified pattern (literal string). +<A NAME="lbAE"> </A> +<H2>OPTIONS</H2> + +<DL COMPACT> +<DT>-p <pattern> <DD> +Search pattern (literal string). +</DL> +<A NAME="lbAF"> </A> +<H2>SEE ALSO</H2> + +<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1) <A HREF="qstail.1.html">qstail</A>(1) +<A NAME="lbAG"> </A> +<H2>AUTHOR</H2> + +Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A> +<P> + +<HR> +<A NAME="index"> </A><H2>Index</H2> +<DL> +<DT><A HREF="#lbAB">NAME</A><DD> +<DT><A HREF="#lbAC">SYNOPSIS</A><DD> +<DT><A HREF="#lbAD">DESCRIPTION</A><DD> +<DT><A HREF="#lbAE">OPTIONS</A><DD> +<DT><A HREF="#lbAF">SEE ALSO</A><DD> +<DT><A HREF="#lbAG">AUTHOR</A><DD> +</DL> +<HR> + +</BODY> +</HTML> diff --git a/doc/qslog.1.html b/doc/qslog.1.html new file mode 100644 index 0000000..349bf22 --- /dev/null +++ b/doc/qslog.1.html @@ -0,0 +1,146 @@ + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML><HEAD><TITLE>Man page of QSLOG</TITLE> +<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/> +<META name='author' content='Pascal Buchbinder' /> +</HEAD><BODY> +<H1>QSLOG</H1> +Section: qslog man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A> +<A HREF="index.html#utilities">Return to Main Contents</A><HR> + +<P> +<A NAME="lbAB"> </A> +<H2>NAME</H2> + +qslog - collects request statistics from access log data. +<A NAME="lbAC"> </A> +<H2>SYNOPSIS</H2> + +qslog -f <format_string> -o <out_file> [-p[c|u[c]] [-v]] [-x [<num>]] [-u <name>] [-m] [-c <path>] +<A NAME="lbAD"> </A> +<H2>DESCRIPTION</H2> + +qslog is a real time access log analyzer. It collects the data from stdin. The output is written to the specified file every minute and includes the following entries: +<BR> - requests per second (r/s) +<BR> - number of requests within measured time (req) +<BR> - bytes sent to the client per second (b/s) +<BR> - bytes received from the client per second (ib/s) +<BR> - response status codes within the last minute (1xx,2xx,3xx,4xx,5xx) +<BR> - average response duration (av) +<BR> - average response duration in milliseconds (avms) +<BR> - distribution of response durations in seconds within the last minute +(<1s,1s,2s,3s,4s,5s,>5s) +<BR> - distribution of response durations faster than a second within the last minute +(0-49ms,50-99ms,100-499ms,500-999ms) +<BR> - number of established (new) connections within the measured time (esco) +<BR> - average system load (sl) +<BR> - free memory (m) (not available for all platforms) +<BR> - number of client ip addresses seen withn the last 600 seconds (ip) +<BR> - number of different users seen withn the last 600 seconds (usr) +<BR> - number of events identified by the 'E' format character +<BR> - number of mod_qos events within the last minute (qV=create session, +qv=VIP IP,qS=session pass, qD=access denied, qK=connection closed, qT=dynamic keep-alive, qL=request/response slow down, qs=serialized request, qA=connection abort, qU=new user tracking cookie) +<A NAME="lbAE"> </A> +<H2>OPTIONS</H2> + +<DL COMPACT> +<DT>-f <format_string> <DD> +Defines the log data format and the positions of data elements processed by this utility. See to the 'LogFormat' directive of the httpd.conf file to see the format definitions of the servers access log data. +<BR> qslog knows the following elements: +<BR> I defines the client ip address (%h) +<BR> R defines the request line (%r) +<BR> S defines HTTP response status code (%s) +<BR> B defines the transferred bytes (%b or %O) +<BR> i defines the received bytes (%I) +<BR> D defines the request duration in microseconds (%D) +<BR> t defines the request duration in milliseconds (may be used instead of D) +<BR> T defines the request duration in seconds (may be used instead of D or t) (%T) +<BR> k defines the number of keepalive requests on the connection (%k) +<BR> U defines the user tracking id (%{mod_qos_user_id}e) +<BR> Q defines the mod_qos_ev event message (%{mod_qos_ev}e) +<BR> C defines the element for the detailed log (-c option), e.g. "%U" +<BR> s arbitrary counter to add up (sum within a minute) +<BR> a arbitrary counter to build an average from (average per request) +<BR> A arbitrary counter to build an average from (average per request) +<BR> M arbitrary counter to measure the maximum value reached (peak) +<BR> E comma separated list of event strings +<BR> c content type (%{content-type}o), available in -pc mode only +<BR> m request method (GET/POST) (%m), available in -pc mode only +<BR> . defines an element to ignore (unknown string) +<P> +<DT>-o <out_file> <DD> +Specifies the file to store the output to. stdout is used if this option is not defined. +<DT>-p <DD> +Used for post processing when reading the log data from a file (cat/pipe). qslog is started using it's offline mode (extracting the time stamps from the log lines) in order to process existing log files. The option "-pc" may be used alternatively if you want to gather request information per client (identified by IP address (I) or user tracking id (U) showing how many request each client has performed within the captured period of time). "-pc" supports the format characters IURSBTtDkMEcm. The option "-pu" collects statistics on a per URL level (supports format characters RSTtD). "-puc" is very similar to "-pu" but cuts the end (handler) of each URL. +<DT>-v <DD> +Verbose mode. +<DT>-x [<num>] <DD> +Rotates the output file once a day (move). You may specify the number of rotated files to keep. Default are 14. +<DT>-u <name> <DD> +Becomes another user, e.g. www-data. +<DT>-m <DD> +Calculates free system memory every minute. +<DT>-c <path> <DD> +Enables the collection of log statistics for different request types. 'path' specifies the necessary rule file. Each rule consists of a rule identifier and a regular expression to identify a request seprarated by a colon, e.g., 01:^(/a)|(/c). The regular expressions are matched against the log data element which has been identified by the 'C' format character. +</DL> +<A NAME="lbAF"> </A> +<H2>VARIABLES</H2> + +The following environment variables are known to qslog: +<DL COMPACT> +<DT>QSEVENTPATH=<path> <DD> +Defines a file containing a comma or new line separated list of known event strings expected within the log filed identified by the 'E' format character. +<DT>QSCOUNTERPATH=<path> <DD> +Defines a file containing a by new line separated list of rules which reflect possible QS_ClientEventLimitCount directive settings (for simulation purpose / -pc option). The 'E' format character defines the event string in the log to match (literal string) the 'event1' and 'event2' event names against. +<P> +Rule syntax: <name>:<event1>-<n>*<event2>/<duration>=<limit> +<BR> 'name' defines the name you have given to the rule entry and is logged along with +with the number of times the 'limit' has been reached within the 'duration'. +<BR> 'event1' defines the variable name (if found in 'E') to increment the counter. +<BR> 'event2' defines the variable name (if found in 'E') to decrement the counter (and +the parameter 'n' defines by how much). +<BR> 'duration' defines the measure interval (in seconds) used for the +QS_ClientEventLimitCount directive. +<BR> 'limit' defines the threshold (number) defined for the QS_ClientEventLimitCount +directive. +<P> +Note: If the 'name' parameter is prefixed by 'STATUS', the rule is applied against the HTTP status code 'S' and the 'event1' string shall contain a list of relevant status codes separated by an underscore (while 'event2' is ignored). +</DL> +<A NAME="lbAG"> </A> +<H2>EXAMPLE</H2> + +Configuration using pipped logging: +<P> +<BR> CustomLog "|/usr/bin/qslog -f ISBDQ -x -o /var/log/apache/stat.csv" "%h %>s %b %D %{mod_qos_ev}e" +<P> +Post processing: +<P> +<BR> LogFormat "%t %h \"%r\" %>s %b \"%{User-Agent}i\" %T" +<BR> cat access.log | qslog -f ..IRSB.T -o stat.csv -p +<P> +<A NAME="lbAH"> </A> +<H2>SEE ALSO</H2> + +<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1) +<A NAME="lbAI"> </A> +<H2>AUTHOR</H2> + +Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A> +<P> + +<HR> +<A NAME="index"> </A><H2>Index</H2> +<DL> +<DT><A HREF="#lbAB">NAME</A><DD> +<DT><A HREF="#lbAC">SYNOPSIS</A><DD> +<DT><A HREF="#lbAD">DESCRIPTION</A><DD> +<DT><A HREF="#lbAE">OPTIONS</A><DD> +<DT><A HREF="#lbAF">VARIABLES</A><DD> +<DT><A HREF="#lbAG">EXAMPLE</A><DD> +<DT><A HREF="#lbAH">SEE ALSO</A><DD> +<DT><A HREF="#lbAI">AUTHOR</A><DD> +</DL> +<HR> + +</BODY> +</HTML> diff --git a/doc/qslogger.1.html b/doc/qslogger.1.html new file mode 100644 index 0000000..81029e9 --- /dev/null +++ b/doc/qslogger.1.html @@ -0,0 +1,75 @@ + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML><HEAD><TITLE>Man page of QSLOGGER</TITLE> +<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/> +<META name='author' content='Pascal Buchbinder' /> +</HEAD><BODY> +<H1>QSLOGGER</H1> +Section: qslogger man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A> +<A HREF="index.html#utilities">Return to Main Contents</A><HR> + +<P> +<A NAME="lbAB"> </A> +<H2>NAME</H2> + +qslogger - another shell command interface to the system log module (syslog). +<A NAME="lbAC"> </A> +<H2>SYNOPSIS</H2> + +qslogger [-t <tag>] [-f <facility>] [-l <level>] [-x <prefix>] [-r <expression>] [-d <level>] [-u <name>] [-p] +<A NAME="lbAD"> </A> +<H2>DESCRIPTION</H2> + +Use this utility to forward log messages to the systems syslog facility, e.g., to forward the messages to a remote host. It reads data from stdin. +<A NAME="lbAE"> </A> +<H2>OPTIONS</H2> + +<P> +<DL COMPACT> +<DT>-t <tag> <DD> +Defines the tag name which shall be used to define the origin of the messages, e.g. 'httpd'. +<DT>-f <facility> <DD> +Defines the syslog facility. Default is 'daemon'. +<DT>-u <name> <DD> +Becomes another user, e.g. www-data. +<DT>-l <level> <DD> +Defines the minimal severity a message must have in order to be forwarded. Default is 'DEBUG' (forwarding everything). +<DT>-x <prefix> <DD> +Allows you to add a prefix (literal string) to every message. +<DT>-r <expression> <DD> +Specifies a regular expression which shall be used to determine the severity (syslog level) for each log line. The default pattern '^\[[0-9a-zA-Z :]+\] \[([a-z]+)\] ' can be used for Apache error log messages but you may configure your own pattern matching other log formats. Use brackets to define the pattern enclosing the severity string. Default level (if severity can't be determined) is defined by the option '-d' (see below). +<DT>-d <level> <DD> +The default severity if the specified pattern (-r) does not match and the message's severity can't be determined. Default is 'NOTICE'. +<DT>-p <DD> +Writes data also to stdout (for piped logging). +</DL> +<A NAME="lbAF"> </A> +<H2>EXAMPLE</H2> + +<BR> ErrorLog "|/usr/bin/qslogger -t apache -f local7" +<P> +<A NAME="lbAG"> </A> +<H2>SEE ALSO</H2> + +<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1) +<A NAME="lbAH"> </A> +<H2>AUTHOR</H2> + +Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A> +<P> + +<HR> +<A NAME="index"> </A><H2>Index</H2> +<DL> +<DT><A HREF="#lbAB">NAME</A><DD> +<DT><A HREF="#lbAC">SYNOPSIS</A><DD> +<DT><A HREF="#lbAD">DESCRIPTION</A><DD> +<DT><A HREF="#lbAE">OPTIONS</A><DD> +<DT><A HREF="#lbAF">EXAMPLE</A><DD> +<DT><A HREF="#lbAG">SEE ALSO</A><DD> +<DT><A HREF="#lbAH">AUTHOR</A><DD> +</DL> +<HR> + +</BODY> +</HTML> diff --git a/doc/qspng.1.html b/doc/qspng.1.html new file mode 100644 index 0000000..a27b74d --- /dev/null +++ b/doc/qspng.1.html @@ -0,0 +1,58 @@ + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML><HEAD><TITLE>Man page of QSPNG</TITLE> +<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/> +<META name='author' content='Pascal Buchbinder' /> +</HEAD><BODY> +<H1>QSPNG</H1> +Section: qspng man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A> +<A HREF="index.html#utilities">Return to Main Contents</A><HR> + +<P> +<A NAME="lbAB"> </A> +<H2>NAME</H2> + +qspng - an utility to draw a png graph from <A HREF="qslog.1.html">qslog</A>(1) output data. +<A NAME="lbAC"> </A> +<H2>SYNOPSIS</H2> + +qspng -i <stat_log_file> -p <parameter> -o <out_file> [-10] +<A NAME="lbAD"> </A> +<H2>DESCRIPTION</H2> + +qspng is a tool to generate png (portable network graphics) raster images files from semicolon separated data generated by the qslog utility. It reads up to the first 1440 entries (24 hours) and prints a graph using the values defined by the 'parameter' name. +<A NAME="lbAE"> </A> +<H2>OPTIONS</H2> + +<DL COMPACT> +<DT>-i <stats_log_file> <DD> +Input file to read data from. +<DT>-p <parameter> <DD> +Parameter name, e.g. r/s or usr. +<DT>-o <out_file> <DD> +Output file name, e.g. stat.png. +</DL> +<A NAME="lbAF"> </A> +<H2>SEE ALSO</H2> + +<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1) +<A NAME="lbAG"> </A> +<H2>AUTHOR</H2> + +Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A> +<P> + +<HR> +<A NAME="index"> </A><H2>Index</H2> +<DL> +<DT><A HREF="#lbAB">NAME</A><DD> +<DT><A HREF="#lbAC">SYNOPSIS</A><DD> +<DT><A HREF="#lbAD">DESCRIPTION</A><DD> +<DT><A HREF="#lbAE">OPTIONS</A><DD> +<DT><A HREF="#lbAF">SEE ALSO</A><DD> +<DT><A HREF="#lbAG">AUTHOR</A><DD> +</DL> +<HR> + +</BODY> +</HTML> diff --git a/doc/qsre.1.html b/doc/qsre.1.html new file mode 100644 index 0000000..39753ba --- /dev/null +++ b/doc/qsre.1.html @@ -0,0 +1,56 @@ + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML><HEAD><TITLE>Man page of QSRE</TITLE> +<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/> +<META name='author' content='Pascal Buchbinder' /> +</HEAD><BODY> +<H1>QSRE</H1> +Section: qsre man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A> +<A HREF="index.html#utilities">Return to Main Contents</A><HR> + +<P> +<A NAME="lbAB"> </A> +<H2>NAME</H2> + +qsre matches a regular expression against test strings. +<A NAME="lbAC"> </A> +<H2>SYNOPSIS</H2> + +qsre <string>|<path> <pcre>|<path> +<A NAME="lbAD"> </A> +<H2>DESCRIPTION</H2> + +Regular expression test tool. The provided regular expression (pcre, caseless matching, "." matches anything incl. newline) is appplied against the provided test strings to verify if the pattern matches. +<A NAME="lbAE"> </A> +<H2>OPTIONS</H2> + +<DL COMPACT> +<DT><string>|<path> <DD> +The first argument either defines a single test string of a path to a file containing either multiple test strings or a test pattern with newline characters (text). +<DT><pcre>|<path> <DD> +The second argument either defines a regular expression or a path to a file containing the expression. +</DL> +<A NAME="lbAF"> </A> +<H2>SEE ALSO</H2> + +<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1) +<A NAME="lbAG"> </A> +<H2>AUTHOR</H2> + +Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A> +<P> + +<HR> +<A NAME="index"> </A><H2>Index</H2> +<DL> +<DT><A HREF="#lbAB">NAME</A><DD> +<DT><A HREF="#lbAC">SYNOPSIS</A><DD> +<DT><A HREF="#lbAD">DESCRIPTION</A><DD> +<DT><A HREF="#lbAE">OPTIONS</A><DD> +<DT><A HREF="#lbAF">SEE ALSO</A><DD> +<DT><A HREF="#lbAG">AUTHOR</A><DD> +</DL> +<HR> + +</BODY> +</HTML> diff --git a/doc/qsrespeed.1.html b/doc/qsrespeed.1.html new file mode 100644 index 0000000..4a5b4d9 --- /dev/null +++ b/doc/qsrespeed.1.html @@ -0,0 +1,54 @@ + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML><HEAD><TITLE>Man page of QSRESPEED</TITLE> +<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/> +<META name='author' content='Pascal Buchbinder' /> +</HEAD><BODY> +<H1>QSRESPEED</H1> +Section: qsrespeed man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A> +<A HREF="index.html#utilities">Return to Main Contents</A><HR> + +<P> +<A NAME="lbAB"> </A> +<H2>NAME</H2> + +Tool to compare / estimate the processing time for (Perl-compatible) regular expressions (PCRE). +<A NAME="lbAC"> </A> +<H2>SYNOPSIS</H2> + +qsrespeed <path> +<A NAME="lbAD"> </A> +<H2>DESCRIPTION</H2> + +qsrespeed loads regular expressions from the provided file and matches them against a built-in set of strings measuring the time needed to process them. It's a benchmark too to judge the expressions you have defined regarding the potential CPU consumption. +<A NAME="lbAE"> </A> +<H2>OPTIONS</H2> + +<DL COMPACT> +<DT><path> <DD> +Defines the input file to process. The file consists a list of (separated by a newline character) regular expressions to test +</DL> +<A NAME="lbAF"> </A> +<H2>SEE ALSO</H2> + +<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1) +<A NAME="lbAG"> </A> +<H2>AUTHOR</H2> + +Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A> +<P> + +<HR> +<A NAME="index"> </A><H2>Index</H2> +<DL> +<DT><A HREF="#lbAB">NAME</A><DD> +<DT><A HREF="#lbAC">SYNOPSIS</A><DD> +<DT><A HREF="#lbAD">DESCRIPTION</A><DD> +<DT><A HREF="#lbAE">OPTIONS</A><DD> +<DT><A HREF="#lbAF">SEE ALSO</A><DD> +<DT><A HREF="#lbAG">AUTHOR</A><DD> +</DL> +<HR> + +</BODY> +</HTML> diff --git a/doc/qsrotate.1.html b/doc/qsrotate.1.html new file mode 100644 index 0000000..faa787a --- /dev/null +++ b/doc/qsrotate.1.html @@ -0,0 +1,86 @@ + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML><HEAD><TITLE>Man page of QSROTATE</TITLE> +<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/> +<META name='author' content='Pascal Buchbinder' /> +</HEAD><BODY> +<H1>QSROTATE</H1> +Section: qsrotate man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A> +<A HREF="index.html#utilities">Return to Main Contents</A><HR> + +<P> +<A NAME="lbAB"> </A> +<H2>NAME</H2> + +qsrotate - a log rotation tool (similar to Apache's rotatelogs). +<A NAME="lbAC"> </A> +<H2>SYNOPSIS</H2> + +qsrotate -o <file> [-s <sec> [-t <hours>]] [-b <bytes>] [-f] [-z] [-g <num>] [-u <name>] [-m <mask>] [-p] [-d] +<A NAME="lbAD"> </A> +<H2>DESCRIPTION</H2> + +qsrotate reads from stdin (piped log) and writes the data to the provided file rotating the file after the specified time. +<A NAME="lbAE"> </A> +<H2>OPTIONS</H2> + +<DL COMPACT> +<DT>-o <file> <DD> +Output log file to write the data to (use an absolute path). +<DT>-s <sec> <DD> +Rotation interval in seconds, default are 86400 seconds. +<DT>-t <hours> <DD> +Offset to UTC (enables also DST support), default is 0. +<DT>-b <bytes> <DD> +File size limitation (default/max. are 2147352576 bytes, min. are 1048576 bytes). +<DT>-f <DD> +Forced log rotation at the specified interval even no data is written. +<DT>-z <DD> +Compress (gzip) the rotated file. +<DT>-g <num> <DD> +Generations (number of files to keep). +<DT>-u <name> <DD> +Become another user, e.g. www-data. -m <mask> +File permission which is either 600, 640, 660 (default) or 664. +<DT>-p <DD> +Writes data also to stdout (for piped logging). -d +Line-by-line data reading prefixing every line with a timestamp. +</DL> +<A NAME="lbAF"> </A> +<H2>EXAMPLE</H2> + +<BR> TransferLog "|/usr/bin/qsrotate -f -z -g 3 -o /var/log/apache/access.log -s 86400" +<P> +The name of the rotated file will be /dest/filee.YYYYmmddHHMMSS where YYYYmmddHHMMSS is the system time at which the data has been rotated. +<A NAME="lbAG"> </A> +<H2>NOTE</H2> + +<BR> - Each qsrotate instance must use an individual file. +<BR> - You may trigger a file rotation manually by sending the signal USR1 +to the process. +<A NAME="lbAH"> </A> +<H2>SEE ALSO</H2> + +<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1) +<A NAME="lbAI"> </A> +<H2>AUTHOR</H2> + +Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A> +<P> + +<HR> +<A NAME="index"> </A><H2>Index</H2> +<DL> +<DT><A HREF="#lbAB">NAME</A><DD> +<DT><A HREF="#lbAC">SYNOPSIS</A><DD> +<DT><A HREF="#lbAD">DESCRIPTION</A><DD> +<DT><A HREF="#lbAE">OPTIONS</A><DD> +<DT><A HREF="#lbAF">EXAMPLE</A><DD> +<DT><A HREF="#lbAG">NOTE</A><DD> +<DT><A HREF="#lbAH">SEE ALSO</A><DD> +<DT><A HREF="#lbAI">AUTHOR</A><DD> +</DL> +<HR> + +</BODY> +</HTML> diff --git a/doc/qssign.1.html b/doc/qssign.1.html new file mode 100644 index 0000000..8c434ff --- /dev/null +++ b/doc/qssign.1.html @@ -0,0 +1,79 @@ + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML><HEAD><TITLE>Man page of QSSIGN</TITLE> +<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/> +<META name='author' content='Pascal Buchbinder' /> +</HEAD><BODY> +<H1>QSSIGN</H1> +Section: qssign man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A> +<A HREF="index.html#utilities">Return to Main Contents</A><HR> + +<P> +<A NAME="lbAB"> </A> +<H2>NAME</H2> + +qssign - an utility to sign and verify the integrity of log data. +<A NAME="lbAC"> </A> +<H2>SYNOPSIS</H2> + +qssign -s|S <secret> [-e] [-v] [-u <name>] [-f <regex>] [-a 'sha1'|'sha256'] +<A NAME="lbAD"> </A> +<H2>DESCRIPTION</H2> + +qssign is a log data integrity check tool. It reads log data from stdin (pipe) and writes the data to stdout adding a sequence number and signature to ever log line. +<A NAME="lbAE"> </A> +<H2>OPTIONS</H2> + +<DL COMPACT> +<DT>-s <secret> <DD> +Passphrase used to calculate signature. +<DT>-S <program> <DD> +Specifies a program which writes the passphrase to stdout. +<DT>-e <DD> +Writes start/end marker when starting/stopping data signing. +<DT>-v <DD> +Verification mode checking the integrity of signed data. +<DT>-u <name> <DD> +Becomes another user, e.g. www-data. +<DT>-f <regex> <DD> +Filter pattern (case sensitive regular expression) for messages which do not need to be signed. +<DT>-a 'sha1'|'sha256' <DD> +Specifies the algorithm to use. Default is sha1. +</DL> +<A NAME="lbAF"> </A> +<H2>EXAMPLE</H2> + +Sign: +<P> +<BR> TransferLog "|/usr/bin/qssign -s password -e |/usr/bin/qsrotate -o /var/log/apache/access.log" +<P> +<P> +Verify: +<P> +<BR> cat access.log | qssign -s password -v +<P> +<A NAME="lbAG"> </A> +<H2>SEE ALSO</H2> + +<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qstail.1.html">qstail</A>(1) +<A NAME="lbAH"> </A> +<H2>AUTHOR</H2> + +Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A> +<P> + +<HR> +<A NAME="index"> </A><H2>Index</H2> +<DL> +<DT><A HREF="#lbAB">NAME</A><DD> +<DT><A HREF="#lbAC">SYNOPSIS</A><DD> +<DT><A HREF="#lbAD">DESCRIPTION</A><DD> +<DT><A HREF="#lbAE">OPTIONS</A><DD> +<DT><A HREF="#lbAF">EXAMPLE</A><DD> +<DT><A HREF="#lbAG">SEE ALSO</A><DD> +<DT><A HREF="#lbAH">AUTHOR</A><DD> +</DL> +<HR> + +</BODY> +</HTML> diff --git a/doc/qstail.1.html b/doc/qstail.1.html new file mode 100644 index 0000000..cb2cbbf --- /dev/null +++ b/doc/qstail.1.html @@ -0,0 +1,56 @@ + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML><HEAD><TITLE>Man page of QSTAIL</TITLE> +<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/> +<META name='author' content='Pascal Buchbinder' /> +</HEAD><BODY> +<H1>QSTAIL</H1> +Section: qstail man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A> +<A HREF="index.html#utilities">Return to Main Contents</A><HR> + +<P> +<A NAME="lbAB"> </A> +<H2>NAME</H2> + +qstail - an utility printing the end of a log file starting at the specified pattern. +<A NAME="lbAC"> </A> +<H2>SYNOPSIS</H2> + +qstail -i <path> -p <pattern> +<A NAME="lbAD"> </A> +<H2>DESCRIPTION</H2> + +qstail shows the end of a log file beginning with the line containing the specified pattern. This may be used to show all lines which has been written after a certain event (e.g., server restart) or time stamp. +<A NAME="lbAE"> </A> +<H2>OPTIONS</H2> + +<DL COMPACT> +<DT>-i <path> <DD> +Input file to read the data from. +<DT>-p <pattern> <DD> +Search pattern (literal string). +</DL> +<A NAME="lbAF"> </A> +<H2>SEE ALSO</H2> + +<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1) +<A NAME="lbAG"> </A> +<H2>AUTHOR</H2> + +Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A> +<P> + +<HR> +<A NAME="index"> </A><H2>Index</H2> +<DL> +<DT><A HREF="#lbAB">NAME</A><DD> +<DT><A HREF="#lbAC">SYNOPSIS</A><DD> +<DT><A HREF="#lbAD">DESCRIPTION</A><DD> +<DT><A HREF="#lbAE">OPTIONS</A><DD> +<DT><A HREF="#lbAF">SEE ALSO</A><DD> +<DT><A HREF="#lbAG">AUTHOR</A><DD> +</DL> +<HR> + +</BODY> +</HTML> diff --git a/tools/Makefile.am b/tools/Makefile.am new file mode 100644 index 0000000..2c9f908 --- /dev/null +++ b/tools/Makefile.am @@ -0,0 +1,2 @@ +AUTOMAKE_OPTIONS=foreign +SUBDIRS=src diff --git a/tools/Makefile.in b/tools/Makefile.in new file mode 100644 index 0000000..dc39b39 --- /dev/null +++ b/tools/Makefile.in @@ -0,0 +1,766 @@ +# Makefile.in generated by automake 1.15 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +subdir = . +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \ + $(am__configure_deps) $(am__DIST_COMMON) +am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ + configure.lineno config.status.lineno +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ + ctags-recursive dvi-recursive html-recursive info-recursive \ + install-data-recursive install-dvi-recursive \ + install-exec-recursive install-html-recursive \ + install-info-recursive install-pdf-recursive \ + install-ps-recursive install-recursive installcheck-recursive \ + installdirs-recursive pdf-recursive ps-recursive \ + tags-recursive uninstall-recursive +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +am__recursive_targets = \ + $(RECURSIVE_TARGETS) \ + $(RECURSIVE_CLEAN_TARGETS) \ + $(am__extra_recursive_targets) +AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ + cscope distdir dist dist-all distcheck +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) \ + $(LISP)config.h.in +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +CSCOPE = cscope +DIST_SUBDIRS = $(SUBDIRS) +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in compile \ + depcomp install-sh missing +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +distdir = $(PACKAGE)-$(VERSION) +top_distdir = $(distdir) +am__remove_distdir = \ + if test -d "$(distdir)"; then \ + find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \ + && rm -rf "$(distdir)" \ + || { sleep 5 && rm -rf "$(distdir)"; }; \ + else :; fi +am__post_remove_distdir = $(am__remove_distdir) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" +DIST_ARCHIVES = $(distdir).tar.gz +GZIP_ENV = --best +DIST_TARGETS = dist-gzip +distuninstallcheck_listfiles = find . -type f -print +am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \ + | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$' +distcleancheck_listfiles = find . -type f -print +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build_alias = @build_alias@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host_alias = @host_alias@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +runstatedir = @runstatedir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +AUTOMAKE_OPTIONS = foreign +SUBDIRS = src +all: config.h + $(MAKE) $(AM_MAKEFLAGS) all-recursive + +.SUFFIXES: +am--refresh: Makefile + @: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + echo ' cd $(srcdir) && $(AUTOMAKE) --foreign'; \ + $(am__cd) $(srcdir) && $(AUTOMAKE) --foreign \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + echo ' $(SHELL) ./config.status'; \ + $(SHELL) ./config.status;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + $(SHELL) ./config.status --recheck + +$(top_srcdir)/configure: $(am__configure_deps) + $(am__cd) $(srcdir) && $(AUTOCONF) +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) +$(am__aclocal_m4_deps): + +config.h: stamp-h1 + @test -f $@ || rm -f stamp-h1 + @test -f $@ || $(MAKE) $(AM_MAKEFLAGS) stamp-h1 + +stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status + @rm -f stamp-h1 + cd $(top_builddir) && $(SHELL) ./config.status config.h +$(srcdir)/config.h.in: $(am__configure_deps) + ($(am__cd) $(top_srcdir) && $(AUTOHEADER)) + rm -f stamp-h1 + touch $@ + +distclean-hdr: + -rm -f config.h stamp-h1 + +# This directory's subdirectories are mostly independent; you can cd +# into them and run 'make' without going through this Makefile. +# To change the values of 'make' variables: instead of editing Makefiles, +# (1) if the variable is set in 'config.status', edit 'config.status' +# (which will cause the Makefiles to be regenerated when you run 'make'); +# (2) otherwise, pass the desired values on the 'make' command line. +$(am__recursive_targets): + @fail=; \ + if $(am__make_keepgoing); then \ + failcom='fail=yes'; \ + else \ + failcom='exit 1'; \ + fi; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-recursive +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-recursive + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscope: cscope.files + test ! -s cscope.files \ + || $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS) +clean-cscope: + -rm -f cscope.files +cscope.files: clean-cscope cscopelist +cscopelist: cscopelist-recursive + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + -rm -f cscope.out cscope.in.out cscope.po.out cscope.files + +distdir: $(DISTFILES) + $(am__remove_distdir) + test -d "$(distdir)" || mkdir "$(distdir)" + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + $(am__make_dryrun) \ + || test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + am__skip_mode_fix=: \ + distdir) \ + || exit 1; \ + fi; \ + done + -test -n "$(am__skip_mode_fix)" \ + || find "$(distdir)" -type d ! -perm -755 \ + -exec chmod u+rwx,go+rx {} \; -o \ + ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ + ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ + ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ + || chmod -R a+r "$(distdir)" +dist-gzip: distdir + tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz + $(am__post_remove_distdir) + +dist-bzip2: distdir + tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2 + $(am__post_remove_distdir) + +dist-lzip: distdir + tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz + $(am__post_remove_distdir) + +dist-xz: distdir + tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz + $(am__post_remove_distdir) + +dist-tarZ: distdir + @echo WARNING: "Support for distribution archives compressed with" \ + "legacy program 'compress' is deprecated." >&2 + @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 + tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z + $(am__post_remove_distdir) + +dist-shar: distdir + @echo WARNING: "Support for shar distribution archives is" \ + "deprecated." >&2 + @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 + shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz + $(am__post_remove_distdir) + +dist-zip: distdir + -rm -f $(distdir).zip + zip -rq $(distdir).zip $(distdir) + $(am__post_remove_distdir) + +dist dist-all: + $(MAKE) $(AM_MAKEFLAGS) $(DIST_TARGETS) am__post_remove_distdir='@:' + $(am__post_remove_distdir) + +# This target untars the dist file and tries a VPATH configuration. Then +# it guarantees that the distribution is self-contained by making another +# tarfile. +distcheck: dist + case '$(DIST_ARCHIVES)' in \ + *.tar.gz*) \ + GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ + *.tar.bz2*) \ + bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ + *.tar.lz*) \ + lzip -dc $(distdir).tar.lz | $(am__untar) ;;\ + *.tar.xz*) \ + xz -dc $(distdir).tar.xz | $(am__untar) ;;\ + *.tar.Z*) \ + uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ + *.shar.gz*) \ + GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\ + *.zip*) \ + unzip $(distdir).zip ;;\ + esac + chmod -R a-w $(distdir) + chmod u+w $(distdir) + mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst + chmod a-w $(distdir) + test -d $(distdir)/_build || exit 0; \ + dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ + && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ + && am__cwd=`pwd` \ + && $(am__cd) $(distdir)/_build/sub \ + && ../../configure \ + $(AM_DISTCHECK_CONFIGURE_FLAGS) \ + $(DISTCHECK_CONFIGURE_FLAGS) \ + --srcdir=../.. --prefix="$$dc_install_base" \ + && $(MAKE) $(AM_MAKEFLAGS) \ + && $(MAKE) $(AM_MAKEFLAGS) dvi \ + && $(MAKE) $(AM_MAKEFLAGS) check \ + && $(MAKE) $(AM_MAKEFLAGS) install \ + && $(MAKE) $(AM_MAKEFLAGS) installcheck \ + && $(MAKE) $(AM_MAKEFLAGS) uninstall \ + && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \ + distuninstallcheck \ + && chmod -R a-w "$$dc_install_base" \ + && ({ \ + (cd ../.. && umask 077 && mkdir "$$dc_destdir") \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \ + distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \ + } || { rm -rf "$$dc_destdir"; exit 1; }) \ + && rm -rf "$$dc_destdir" \ + && $(MAKE) $(AM_MAKEFLAGS) dist \ + && rm -rf $(DIST_ARCHIVES) \ + && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \ + && cd "$$am__cwd" \ + || exit 1 + $(am__post_remove_distdir) + @(echo "$(distdir) archives ready for distribution: "; \ + list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ + sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x' +distuninstallcheck: + @test -n '$(distuninstallcheck_dir)' || { \ + echo 'ERROR: trying to run $@ with an empty' \ + '$$(distuninstallcheck_dir)' >&2; \ + exit 1; \ + }; \ + $(am__cd) '$(distuninstallcheck_dir)' || { \ + echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \ + exit 1; \ + }; \ + test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \ + || { echo "ERROR: files left after uninstall:" ; \ + if test -n "$(DESTDIR)"; then \ + echo " (check DESTDIR support)"; \ + fi ; \ + $(distuninstallcheck_listfiles) ; \ + exit 1; } >&2 +distcleancheck: distclean + @if test '$(srcdir)' = . ; then \ + echo "ERROR: distcleancheck can only run from a VPATH build" ; \ + exit 1 ; \ + fi + @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \ + || { echo "ERROR: files left in build directory after distclean:" ; \ + $(distcleancheck_listfiles) ; \ + exit 1; } >&2 +check-am: all-am +check: check-recursive +all-am: Makefile config.h +installdirs: installdirs-recursive +installdirs-am: +install: install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-recursive +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-recursive + +clean-am: clean-generic mostlyclean-am + +distclean: distclean-recursive + -rm -f $(am__CONFIG_DISTCLEAN_FILES) + -rm -f Makefile +distclean-am: clean-am distclean-generic distclean-hdr distclean-tags + +dvi: dvi-recursive + +dvi-am: + +html: html-recursive + +html-am: + +info: info-recursive + +info-am: + +install-data-am: + +install-dvi: install-dvi-recursive + +install-dvi-am: + +install-exec-am: + +install-html: install-html-recursive + +install-html-am: + +install-info: install-info-recursive + +install-info-am: + +install-man: + +install-pdf: install-pdf-recursive + +install-pdf-am: + +install-ps: install-ps-recursive + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-recursive + -rm -f $(am__CONFIG_DISTCLEAN_FILES) + -rm -rf $(top_srcdir)/autom4te.cache + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-recursive + +mostlyclean-am: mostlyclean-generic + +pdf: pdf-recursive + +pdf-am: + +ps: ps-recursive + +ps-am: + +uninstall-am: + +.MAKE: $(am__recursive_targets) all install-am install-strip + +.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \ + am--refresh check check-am clean clean-cscope clean-generic \ + cscope cscopelist-am ctags ctags-am dist dist-all dist-bzip2 \ + dist-gzip dist-lzip dist-shar dist-tarZ dist-xz dist-zip \ + distcheck distclean distclean-generic distclean-hdr \ + distclean-tags distcleancheck distdir distuninstallcheck dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs installdirs-am \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-generic pdf pdf-am ps ps-am tags tags-am uninstall \ + uninstall-am + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/tools/config.h.in b/tools/config.h.in new file mode 100644 index 0000000..d0aef6d --- /dev/null +++ b/tools/config.h.in @@ -0,0 +1,128 @@ +/* config.h.in. Generated from configure.ac by autoheader. */ + +/* Define to 1 if you have the <fcntl.h> header file. */ +#undef HAVE_FCNTL_H + +/* Define to 1 if you have the `fork' function. */ +#undef HAVE_FORK + +/* Define to 1 if you have the `ftruncate' function. */ +#undef HAVE_FTRUNCATE + +/* Define to 1 if you have the `gethostbyname' function. */ +#undef HAVE_GETHOSTBYNAME + +/* Define to 1 if you have the <inttypes.h> header file. */ +#undef HAVE_INTTYPES_H + +/* Define to 1 if your system has a GNU libc compatible `malloc' function, and + to 0 otherwise. */ +#undef HAVE_MALLOC + +/* Define to 1 if you have the <memory.h> header file. */ +#undef HAVE_MEMORY_H + +/* Define to 1 if you have the `memset' function. */ +#undef HAVE_MEMSET + +/* Define to 1 if you have the <netdb.h> header file. */ +#undef HAVE_NETDB_H + +/* Define to 1 if you have the `regcomp' function. */ +#undef HAVE_REGCOMP + +/* Define to 1 if you have the `select' function. */ +#undef HAVE_SELECT + +/* Define to 1 if you have the `socket' function. */ +#undef HAVE_SOCKET + +/* Define to 1 if you have the <stdint.h> header file. */ +#undef HAVE_STDINT_H + +/* Define to 1 if you have the <stdlib.h> header file. */ +#undef HAVE_STDLIB_H + +/* Define to 1 if you have the `strchr' function. */ +#undef HAVE_STRCHR + +/* Define to 1 if you have the `strerror' function. */ +#undef HAVE_STRERROR + +/* Define to 1 if you have the <strings.h> header file. */ +#undef HAVE_STRINGS_H + +/* Define to 1 if you have the <string.h> header file. */ +#undef HAVE_STRING_H + +/* Define to 1 if you have the `strrchr' function. */ +#undef HAVE_STRRCHR + +/* Define to 1 if you have the `strstr' function. */ +#undef HAVE_STRSTR + +/* Define to 1 if you have the <sys/socket.h> header file. */ +#undef HAVE_SYS_SOCKET_H + +/* Define to 1 if you have the <sys/stat.h> header file. */ +#undef HAVE_SYS_STAT_H + +/* Define to 1 if you have the <sys/types.h> header file. */ +#undef HAVE_SYS_TYPES_H + +/* Define to 1 if you have the <unistd.h> header file. */ +#undef HAVE_UNISTD_H + +/* Define to 1 if you have the `vfork' function. */ +#undef HAVE_VFORK + +/* Define to 1 if you have the <vfork.h> header file. */ +#undef HAVE_VFORK_H + +/* Define to 1 if `fork' works. */ +#undef HAVE_WORKING_FORK + +/* Define to 1 if `vfork' works. */ +#undef HAVE_WORKING_VFORK + +/* Name of package */ +#undef PACKAGE + +/* Define to the address where bug reports for this package should be sent. */ +#undef PACKAGE_BUGREPORT + +/* Define to the full name of this package. */ +#undef PACKAGE_NAME + +/* Define to the full name and version of this package. */ +#undef PACKAGE_STRING + +/* Define to the one symbol short name of this package. */ +#undef PACKAGE_TARNAME + +/* Define to the home page for this package. */ +#undef PACKAGE_URL + +/* Define to the version of this package. */ +#undef PACKAGE_VERSION + +/* Define to 1 if you have the ANSI C header files. */ +#undef STDC_HEADERS + +/* Version number of package */ +#undef VERSION + +/* Define to `int' if <sys/types.h> doesn't define. */ +#undef gid_t + +/* Define to rpl_malloc if the replacement function should be used. */ +#undef malloc + +/* Define to `int' if <sys/types.h> does not define. */ +#undef pid_t + +/* Define to `int' if <sys/types.h> doesn't define. */ +#undef uid_t + +/* Define as `fork' if `vfork' does not work. */ +#undef vfork diff --git a/tools/configure b/tools/configure new file mode 100755 index 0000000..1dd7bb3 --- /dev/null +++ b/tools/configure @@ -0,0 +1,6185 @@ +#! /bin/sh +# Guess values for system-dependent variables and create Makefiles. +# Generated by GNU Autoconf 2.69 for mod_qos 9.0. +# +# Report bugs to <pbuchbinder@users.sourceforge.net>. +# +# +# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. +# +# +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +as_myself= +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +# Use a proper internal environment variable to ensure we don't fall + # into an infinite loop, continuously re-executing ourselves. + if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then + _as_can_reexec=no; export _as_can_reexec; + # We cannot yet assume a decent shell, so we have to provide a +# neutralization value for shells without unset; and this also +# works around shells that cannot unset nonexistent variables. +# Preserve -v and -x to the replacement shell. +BASH_ENV=/dev/null +ENV=/dev/null +(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV +case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; +esac +exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} +# Admittedly, this is quite paranoid, since all the known shells bail +# out after a failed `exec'. +$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 +as_fn_exit 255 + fi + # We don't want this to propagate to other subprocesses. + { _as_can_reexec=; unset _as_can_reexec;} +if test "x$CONFIG_SHELL" = x; then + as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which + # is contrary to our usage. Disable this feature. + alias -g '\${1+\"\$@\"}'='\"\$@\"' + setopt NO_GLOB_SUBST +else + case \`(set -o) 2>/dev/null\` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi +" + as_required="as_fn_return () { (exit \$1); } +as_fn_success () { as_fn_return 0; } +as_fn_failure () { as_fn_return 1; } +as_fn_ret_success () { return 0; } +as_fn_ret_failure () { return 1; } + +exitcode=0 +as_fn_success || { exitcode=1; echo as_fn_success failed.; } +as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } +as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } +as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } +if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : + +else + exitcode=1; echo positional parameters were not saved. +fi +test x\$exitcode = x0 || exit 1 +test -x / || exit 1" + as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO + as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO + eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && + test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 +test \$(( 1 + 1 )) = 2 || exit 1" + if (eval "$as_required") 2>/dev/null; then : + as_have_required=yes +else + as_have_required=no +fi + if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : + +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_found=false +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + as_found=: + case $as_dir in #( + /*) + for as_base in sh bash ksh sh5; do + # Try only shells that exist, to save several forks. + as_shell=$as_dir/$as_base + if { test -f "$as_shell" || test -f "$as_shell.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : + CONFIG_SHELL=$as_shell as_have_required=yes + if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : + break 2 +fi +fi + done;; + esac + as_found=false +done +$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : + CONFIG_SHELL=$SHELL as_have_required=yes +fi; } +IFS=$as_save_IFS + + + if test "x$CONFIG_SHELL" != x; then : + export CONFIG_SHELL + # We cannot yet assume a decent shell, so we have to provide a +# neutralization value for shells without unset; and this also +# works around shells that cannot unset nonexistent variables. +# Preserve -v and -x to the replacement shell. +BASH_ENV=/dev/null +ENV=/dev/null +(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV +case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; +esac +exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} +# Admittedly, this is quite paranoid, since all the known shells bail +# out after a failed `exec'. +$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 +exit 255 +fi + + if test x$as_have_required = xno; then : + $as_echo "$0: This script requires a shell more modern than all" + $as_echo "$0: the shells that I found on your system." + if test x${ZSH_VERSION+set} = xset ; then + $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" + $as_echo "$0: be upgraded to zsh 4.3.4 or later." + else + $as_echo "$0: Please tell bug-autoconf@gnu.org and +$0: pbuchbinder@users.sourceforge.net about your system, +$0: including any error possibly output before this +$0: message. Then install a modern shell, or manually run +$0: the script under such a shell if you do have one." + fi + exit 1 +fi +fi +fi +SHELL=${CONFIG_SHELL-/bin/sh} +export SHELL +# Unset more variables known to interfere with behavior of common tools. +CLICOLOR_FORCE= GREP_OPTIONS= +unset CLICOLOR_FORCE GREP_OPTIONS + +## --------------------- ## +## M4sh Shell Functions. ## +## --------------------- ## +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p + +# as_fn_executable_p FILE +# ----------------------- +# Test if FILE is an executable regular file. +as_fn_executable_p () +{ + test -f "$1" && test -x "$1" +} # as_fn_executable_p +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + $as_echo "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + + + as_lineno_1=$LINENO as_lineno_1a=$LINENO + as_lineno_2=$LINENO as_lineno_2a=$LINENO + eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && + test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { + # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) + sed -n ' + p + /[$]LINENO/= + ' <$as_myself | + sed ' + s/[$]LINENO.*/&-/ + t lineno + b + :lineno + N + :loop + s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ + t loop + s/-\n.*// + ' >$as_me.lineno && + chmod +x "$as_me.lineno" || + { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } + + # If we had to re-execute with $CONFIG_SHELL, we're ensured to have + # already done that, so ensure we don't try to do so again and fall + # in an infinite loop. This has already happened in practice. + _as_can_reexec=no; export _as_can_reexec + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensitive to this). + . "./$as_me.lineno" + # Exit status is that of the last command. + exit +} + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -pR'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -pR' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -pR' + fi +else + as_ln_s='cp -pR' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +as_test_x='test -x' +as_executable_p=as_fn_executable_p + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +test -n "$DJDIR" || exec 7<&0 </dev/null +exec 6>&1 + +# Name of the host. +# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, +# so uname gets run too. +ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` + +# +# Initializations. +# +ac_default_prefix=/usr/local +ac_clean_files= +ac_config_libobj_dir=. +LIBOBJS= +cross_compiling=no +subdirs= +MFLAGS= +MAKEFLAGS= + +# Identity of this package. +PACKAGE_NAME='mod_qos' +PACKAGE_TARNAME='mod_qos' +PACKAGE_VERSION='9.0' +PACKAGE_STRING='mod_qos 9.0' +PACKAGE_BUGREPORT='pbuchbinder@users.sourceforge.net' +PACKAGE_URL='' + +ac_unique_file="src/qscheck.c" +# Factoring default headers for most tests. +ac_includes_default="\ +#include <stdio.h> +#ifdef HAVE_SYS_TYPES_H +# include <sys/types.h> +#endif +#ifdef HAVE_SYS_STAT_H +# include <sys/stat.h> +#endif +#ifdef STDC_HEADERS +# include <stdlib.h> +# include <stddef.h> +#else +# ifdef HAVE_STDLIB_H +# include <stdlib.h> +# endif +#endif +#ifdef HAVE_STRING_H +# if !defined STDC_HEADERS && defined HAVE_MEMORY_H +# include <memory.h> +# endif +# include <string.h> +#endif +#ifdef HAVE_STRINGS_H +# include <strings.h> +#endif +#ifdef HAVE_INTTYPES_H +# include <inttypes.h> +#endif +#ifdef HAVE_STDINT_H +# include <stdint.h> +#endif +#ifdef HAVE_UNISTD_H +# include <unistd.h> +#endif" + +ac_subst_vars='am__EXEEXT_FALSE +am__EXEEXT_TRUE +LTLIBOBJS +LIBOBJS +EGREP +GREP +CPP +am__fastdepCC_FALSE +am__fastdepCC_TRUE +CCDEPMODE +am__nodep +AMDEPBACKSLASH +AMDEP_FALSE +AMDEP_TRUE +am__quote +am__include +DEPDIR +OBJEXT +EXEEXT +ac_ct_CC +CPPFLAGS +LDFLAGS +CFLAGS +CC +AM_BACKSLASH +AM_DEFAULT_VERBOSITY +AM_DEFAULT_V +AM_V +am__untar +am__tar +AMTAR +am__leading_dot +SET_MAKE +AWK +mkdir_p +MKDIR_P +INSTALL_STRIP_PROGRAM +STRIP +install_sh +MAKEINFO +AUTOHEADER +AUTOMAKE +AUTOCONF +ACLOCAL +VERSION +PACKAGE +CYGPATH_W +am__isrc +INSTALL_DATA +INSTALL_SCRIPT +INSTALL_PROGRAM +target_alias +host_alias +build_alias +LIBS +ECHO_T +ECHO_N +ECHO_C +DEFS +mandir +localedir +libdir +psdir +pdfdir +dvidir +htmldir +infodir +docdir +oldincludedir +includedir +runstatedir +localstatedir +sharedstatedir +sysconfdir +datadir +datarootdir +libexecdir +sbindir +bindir +program_transform_name +prefix +exec_prefix +PACKAGE_URL +PACKAGE_BUGREPORT +PACKAGE_STRING +PACKAGE_VERSION +PACKAGE_TARNAME +PACKAGE_NAME +PATH_SEPARATOR +SHELL' +ac_subst_files='' +ac_user_opts=' +enable_option_checking +enable_silent_rules +enable_dependency_tracking +enable_use_static +enable_full_static +enable_ssl +with_apr +with_apr_util +with_pcre2 +with_png +with_ssl +' + ac_precious_vars='build_alias +host_alias +target_alias +CC +CFLAGS +LDFLAGS +LIBS +CPPFLAGS +CPP' + + +# Initialize some variables set by options. +ac_init_help= +ac_init_version=false +ac_unrecognized_opts= +ac_unrecognized_sep= +# The variables have the same names as the options, with +# dashes changed to underlines. +cache_file=/dev/null +exec_prefix=NONE +no_create= +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +verbose= +x_includes=NONE +x_libraries=NONE + +# Installation directory options. +# These are left unexpanded so users can "make install exec_prefix=/foo" +# and all the variables that are supposed to be based on exec_prefix +# by default will actually change. +# Use braces instead of parens because sh, perl, etc. also accept them. +# (The list follows the same order as the GNU Coding Standards.) +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datarootdir='${prefix}/share' +datadir='${datarootdir}' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +runstatedir='${localstatedir}/run' +includedir='${prefix}/include' +oldincludedir='/usr/include' +docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' +infodir='${datarootdir}/info' +htmldir='${docdir}' +dvidir='${docdir}' +pdfdir='${docdir}' +psdir='${docdir}' +libdir='${exec_prefix}/lib' +localedir='${datarootdir}/locale' +mandir='${datarootdir}/man' + +ac_prev= +ac_dashdash= +for ac_option +do + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval $ac_prev=\$ac_option + ac_prev= + continue + fi + + case $ac_option in + *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; + *=) ac_optarg= ;; + *) ac_optarg=yes ;; + esac + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case $ac_dashdash$ac_option in + --) + ac_dashdash=yes ;; + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir=$ac_optarg ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build_alias ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build_alias=$ac_optarg ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file=$ac_optarg ;; + + --config-cache | -C) + cache_file=config.cache ;; + + -datadir | --datadir | --datadi | --datad) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=*) + datadir=$ac_optarg ;; + + -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ + | --dataroo | --dataro | --datar) + ac_prev=datarootdir ;; + -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ + | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) + datarootdir=$ac_optarg ;; + + -disable-* | --disable-*) + ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=no ;; + + -docdir | --docdir | --docdi | --doc | --do) + ac_prev=docdir ;; + -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) + docdir=$ac_optarg ;; + + -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) + ac_prev=dvidir ;; + -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) + dvidir=$ac_optarg ;; + + -enable-* | --enable-*) + ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=\$ac_optarg ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix=$ac_optarg ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he | -h) + ac_init_help=long ;; + -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) + ac_init_help=recursive ;; + -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) + ac_init_help=short ;; + + -host | --host | --hos | --ho) + ac_prev=host_alias ;; + -host=* | --host=* | --hos=* | --ho=*) + host_alias=$ac_optarg ;; + + -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) + ac_prev=htmldir ;; + -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ + | --ht=*) + htmldir=$ac_optarg ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir=$ac_optarg ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir=$ac_optarg ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir=$ac_optarg ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir=$ac_optarg ;; + + -localedir | --localedir | --localedi | --localed | --locale) + ac_prev=localedir ;; + -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) + localedir=$ac_optarg ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst | --locals) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) + localstatedir=$ac_optarg ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir=$ac_optarg ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c | -n) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir=$ac_optarg ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix=$ac_optarg ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix=$ac_optarg ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix=$ac_optarg ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name=$ac_optarg ;; + + -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) + ac_prev=pdfdir ;; + -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) + pdfdir=$ac_optarg ;; + + -psdir | --psdir | --psdi | --psd | --ps) + ac_prev=psdir ;; + -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) + psdir=$ac_optarg ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -runstatedir | --runstatedir | --runstatedi | --runstated \ + | --runstate | --runstat | --runsta | --runst | --runs \ + | --run | --ru | --r) + ac_prev=runstatedir ;; + -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ + | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ + | --run=* | --ru=* | --r=*) + runstatedir=$ac_optarg ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir=$ac_optarg ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir=$ac_optarg ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site=$ac_optarg ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir=$ac_optarg ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir=$ac_optarg ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target_alias ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target_alias=$ac_optarg ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers | -V) + ac_init_version=: ;; + + -with-* | --with-*) + ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=\$ac_optarg ;; + + -without-* | --without-*) + ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=no ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes=$ac_optarg ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries=$ac_optarg ;; + + -*) as_fn_error $? "unrecognized option: \`$ac_option' +Try \`$0 --help' for more information" + ;; + + *=*) + ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` + # Reject names that are not valid shell variable names. + case $ac_envvar in #( + '' | [0-9]* | *[!_$as_cr_alnum]* ) + as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; + esac + eval $ac_envvar=\$ac_optarg + export $ac_envvar ;; + + *) + # FIXME: should be removed in autoconf 3.0. + $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 + expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && + $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 + : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" + ;; + + esac +done + +if test -n "$ac_prev"; then + ac_option=--`echo $ac_prev | sed 's/_/-/g'` + as_fn_error $? "missing argument to $ac_option" +fi + +if test -n "$ac_unrecognized_opts"; then + case $enable_option_checking in + no) ;; + fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; + *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; + esac +fi + +# Check all directory arguments for consistency. +for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ + datadir sysconfdir sharedstatedir localstatedir includedir \ + oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ + libdir localedir mandir runstatedir +do + eval ac_val=\$$ac_var + # Remove trailing slashes. + case $ac_val in + */ ) + ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` + eval $ac_var=\$ac_val;; + esac + # Be sure to have absolute directory names. + case $ac_val in + [\\/$]* | ?:[\\/]* ) continue;; + NONE | '' ) case $ac_var in *prefix ) continue;; esac;; + esac + as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" +done + +# There might be people who depend on the old broken behavior: `$host' +# used to hold the argument of --host etc. +# FIXME: To remove some day. +build=$build_alias +host=$host_alias +target=$target_alias + +# FIXME: To remove some day. +if test "x$host_alias" != x; then + if test "x$build_alias" = x; then + cross_compiling=maybe + elif test "x$build_alias" != "x$host_alias"; then + cross_compiling=yes + fi +fi + +ac_tool_prefix= +test -n "$host_alias" && ac_tool_prefix=$host_alias- + +test "$silent" = yes && exec 6>/dev/null + + +ac_pwd=`pwd` && test -n "$ac_pwd" && +ac_ls_di=`ls -di .` && +ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || + as_fn_error $? "working directory cannot be determined" +test "X$ac_ls_di" = "X$ac_pwd_ls_di" || + as_fn_error $? "pwd does not report name of working directory" + + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then the parent directory. + ac_confdir=`$as_dirname -- "$as_myself" || +$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_myself" : 'X\(//\)[^/]' \| \ + X"$as_myself" : 'X\(//\)$' \| \ + X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_myself" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + srcdir=$ac_confdir + if test ! -r "$srcdir/$ac_unique_file"; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r "$srcdir/$ac_unique_file"; then + test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." + as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" +fi +ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" +ac_abs_confdir=`( + cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" + pwd)` +# When building in place, set srcdir=. +if test "$ac_abs_confdir" = "$ac_pwd"; then + srcdir=. +fi +# Remove unnecessary trailing slashes from srcdir. +# Double slashes in file names in object file debugging info +# mess up M-x gdb in Emacs. +case $srcdir in +*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; +esac +for ac_var in $ac_precious_vars; do + eval ac_env_${ac_var}_set=\${${ac_var}+set} + eval ac_env_${ac_var}_value=\$${ac_var} + eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} + eval ac_cv_env_${ac_var}_value=\$${ac_var} +done + +# +# Report the --help message. +# +if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +\`configure' configures mod_qos 9.0 to adapt to many kinds of systems. + +Usage: $0 [OPTION]... [VAR=VALUE]... + +To assign environment variables (e.g., CC, CFLAGS...), specify them as +VAR=VALUE. See below for descriptions of some of the useful variables. + +Defaults for the options are specified in brackets. + +Configuration: + -h, --help display this help and exit + --help=short display options specific to this package + --help=recursive display the short help of all the included packages + -V, --version display version information and exit + -q, --quiet, --silent do not print \`checking ...' messages + --cache-file=FILE cache test results in FILE [disabled] + -C, --config-cache alias for \`--cache-file=config.cache' + -n, --no-create do not create output files + --srcdir=DIR find the sources in DIR [configure dir or \`..'] + +Installation directories: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [PREFIX] + +By default, \`make install' will install all the files in +\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify +an installation prefix other than \`$ac_default_prefix' using \`--prefix', +for instance \`--prefix=\$HOME'. + +For better control, use the options below. + +Fine tuning of the installation directories: + --bindir=DIR user executables [EPREFIX/bin] + --sbindir=DIR system admin executables [EPREFIX/sbin] + --libexecdir=DIR program executables [EPREFIX/libexec] + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] + --libdir=DIR object code libraries [EPREFIX/lib] + --includedir=DIR C header files [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc [/usr/include] + --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] + --datadir=DIR read-only architecture-independent data [DATAROOTDIR] + --infodir=DIR info documentation [DATAROOTDIR/info] + --localedir=DIR locale-dependent data [DATAROOTDIR/locale] + --mandir=DIR man documentation [DATAROOTDIR/man] + --docdir=DIR documentation root [DATAROOTDIR/doc/mod_qos] + --htmldir=DIR html documentation [DOCDIR] + --dvidir=DIR dvi documentation [DOCDIR] + --pdfdir=DIR pdf documentation [DOCDIR] + --psdir=DIR ps documentation [DOCDIR] +_ACEOF + + cat <<\_ACEOF + +Program names: + --program-prefix=PREFIX prepend PREFIX to installed program names + --program-suffix=SUFFIX append SUFFIX to installed program names + --program-transform-name=PROGRAM run sed PROGRAM on installed program names +_ACEOF +fi + +if test -n "$ac_init_help"; then + case $ac_init_help in + short | recursive ) echo "Configuration of mod_qos 9.0:";; + esac + cat <<\_ACEOF + +Optional Features: + --disable-option-checking ignore unrecognized --enable/--with options + --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) + --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --enable-silent-rules less verbose build output (undo: "make V=1") + --disable-silent-rules verbose build output (undo: "make V=0") + --enable-dependency-tracking + do not reject slow dependency extractors + --disable-dependency-tracking + speeds up one-time build + --enable-use-static Try to use archives instead of shared libraries + --enable-full-static Try to compile a statical linked executable + --disable-ssl Disable ssl support (not supported yet) + +Optional Packages: + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] + --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) + --with-apr=PATH path to apr-1-config script + --with-apr-util=PATH path to apu-1-config script + --with-pcre2=PATH path to pcre2-config script + --with-png=PATH path to libpng-config script + --with-ssl=PATH path to openssl source + +Some influential environment variables: + CC C compiler command + CFLAGS C compiler flags + LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a + nonstandard directory <lib dir> + LIBS libraries to pass to the linker, e.g. -l<library> + CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if + you have headers in a nonstandard directory <include dir> + CPP C preprocessor + +Use these variables to override the choices made by `configure' or to help +it to find libraries and programs with nonstandard names/locations. + +Report bugs to <pbuchbinder@users.sourceforge.net>. +_ACEOF +ac_status=$? +fi + +if test "$ac_init_help" = "recursive"; then + # If there are subdirs, report their specific --help. + for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue + test -d "$ac_dir" || + { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || + continue + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + cd "$ac_dir" || { ac_status=$?; continue; } + # Check for guested configure. + if test -f "$ac_srcdir/configure.gnu"; then + echo && + $SHELL "$ac_srcdir/configure.gnu" --help=recursive + elif test -f "$ac_srcdir/configure"; then + echo && + $SHELL "$ac_srcdir/configure" --help=recursive + else + $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + fi || ac_status=$? + cd "$ac_pwd" || { ac_status=$?; break; } + done +fi + +test -n "$ac_init_help" && exit $ac_status +if $ac_init_version; then + cat <<\_ACEOF +mod_qos configure 9.0 +generated by GNU Autoconf 2.69 + +Copyright (C) 2012 Free Software Foundation, Inc. +This configure script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it. +_ACEOF + exit +fi + +## ------------------------ ## +## Autoconf initialization. ## +## ------------------------ ## + +# ac_fn_c_try_compile LINENO +# -------------------------- +# Try to compile conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext + if { { ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_compile + +# ac_fn_c_try_cpp LINENO +# ---------------------- +# Try to preprocess conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_cpp () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } > conftest.i && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_cpp + +# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES +# ------------------------------------------------------- +# Tests whether HEADER exists, giving a warning if it cannot be compiled using +# the include files in INCLUDES and setting the cache variable VAR +# accordingly. +ac_fn_c_check_header_mongrel () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if eval \${$3+:} false; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +else + # Is the header compilable? +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 +$as_echo_n "checking $2 usability... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_header_compiler=yes +else + ac_header_compiler=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 +$as_echo "$ac_header_compiler" >&6; } + +# Is the header present? +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 +$as_echo_n "checking $2 presence... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include <$2> +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + ac_header_preproc=yes +else + ac_header_preproc=no +fi +rm -f conftest.err conftest.i conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 +$as_echo "$ac_header_preproc" >&6; } + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( + yes:no: ) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 +$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} + ;; + no:yes:* ) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 +$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 +$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 +$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 +$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} +( $as_echo "## ------------------------------------------------ ## +## Report this to pbuchbinder@users.sourceforge.net ## +## ------------------------------------------------ ##" + ) | sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + eval "$3=\$ac_header_compiler" +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_header_mongrel + +# ac_fn_c_try_run LINENO +# ---------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes +# that executables *can* be run. +ac_fn_c_try_run () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then : + ac_retval=0 +else + $as_echo "$as_me: program exited with status $ac_status" >&5 + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=$ac_status +fi + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_run + +# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES +# ------------------------------------------------------- +# Tests whether HEADER exists and can be compiled using the include files in +# INCLUDES, setting the cache variable VAR accordingly. +ac_fn_c_check_header_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_header_compile + +# ac_fn_c_check_type LINENO TYPE VAR INCLUDES +# ------------------------------------------- +# Tests whether TYPE exists after having included INCLUDES, setting cache +# variable VAR accordingly. +ac_fn_c_check_type () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + eval "$3=no" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +if (sizeof ($2)) + return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +if (sizeof (($2))) + return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + eval "$3=yes" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_type + +# ac_fn_c_try_link LINENO +# ----------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_link () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext conftest$ac_exeext + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + test -x conftest$ac_exeext + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information + # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would + # interfere with the next link command; also delete a directory that is + # left behind by Apple's compiler. We do this before executing the actions. + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_link + +# ac_fn_c_check_func LINENO FUNC VAR +# ---------------------------------- +# Tests whether FUNC exists, setting the cache variable VAR accordingly +ac_fn_c_check_func () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Define $2 to an innocuous variant, in case <limits.h> declares $2. + For example, HP-UX 11i <limits.h> declares gettimeofday. */ +#define $2 innocuous_$2 + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $2 (); below. + Prefer <limits.h> to <assert.h> if __STDC__ is defined, since + <limits.h> exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include <limits.h> +#else +# include <assert.h> +#endif + +#undef $2 + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char $2 (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined __stub_$2 || defined __stub___$2 +choke me +#endif + +int +main () +{ +return $2 (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_func +cat >config.log <<_ACEOF +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. + +It was created by mod_qos $as_me 9.0, which was +generated by GNU Autoconf 2.69. Invocation command line was + + $ $0 $@ + +_ACEOF +exec 5>>config.log +{ +cat <<_ASUNAME +## --------- ## +## Platform. ## +## --------- ## + +hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` + +/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` +/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` +/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` +/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` + +_ASUNAME + +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + $as_echo "PATH: $as_dir" + done +IFS=$as_save_IFS + +} >&5 + +cat >&5 <<_ACEOF + + +## ----------- ## +## Core tests. ## +## ----------- ## + +_ACEOF + + +# Keep a trace of the command line. +# Strip out --no-create and --no-recursion so they do not pile up. +# Strip out --silent because we don't want to record it for future runs. +# Also quote any args containing shell meta-characters. +# Make two passes to allow for proper duplicate-argument suppression. +ac_configure_args= +ac_configure_args0= +ac_configure_args1= +ac_must_keep_next=false +for ac_pass in 1 2 +do + for ac_arg + do + case $ac_arg in + -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + continue ;; + *\'*) + ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + case $ac_pass in + 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; + 2) + as_fn_append ac_configure_args1 " '$ac_arg'" + if test $ac_must_keep_next = true; then + ac_must_keep_next=false # Got value, back to normal. + else + case $ac_arg in + *=* | --config-cache | -C | -disable-* | --disable-* \ + | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ + | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ + | -with-* | --with-* | -without-* | --without-* | --x) + case "$ac_configure_args0 " in + "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; + esac + ;; + -* ) ac_must_keep_next=true ;; + esac + fi + as_fn_append ac_configure_args " '$ac_arg'" + ;; + esac + done +done +{ ac_configure_args0=; unset ac_configure_args0;} +{ ac_configure_args1=; unset ac_configure_args1;} + +# When interrupted or exit'd, cleanup temporary files, and complete +# config.log. We remove comments because anyway the quotes in there +# would cause problems or look ugly. +# WARNING: Use '\'' to represent an apostrophe within the trap. +# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. +trap 'exit_status=$? + # Save into config.log some information that might help in debugging. + { + echo + + $as_echo "## ---------------- ## +## Cache variables. ## +## ---------------- ##" + echo + # The following way of writing the cache mishandles newlines in values, +( + for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + (set) 2>&1 | + case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + sed -n \ + "s/'\''/'\''\\\\'\'''\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" + ;; #( + *) + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) + echo + + $as_echo "## ----------------- ## +## Output variables. ## +## ----------------- ##" + echo + for ac_var in $ac_subst_vars + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + + if test -n "$ac_subst_files"; then + $as_echo "## ------------------- ## +## File substitutions. ## +## ------------------- ##" + echo + for ac_var in $ac_subst_files + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + fi + + if test -s confdefs.h; then + $as_echo "## ----------- ## +## confdefs.h. ## +## ----------- ##" + echo + cat confdefs.h + echo + fi + test "$ac_signal" != 0 && + $as_echo "$as_me: caught signal $ac_signal" + $as_echo "$as_me: exit $exit_status" + } >&5 + rm -f core *.core core.conftest.* && + rm -f -r conftest* confdefs* conf$$* $ac_clean_files && + exit $exit_status +' 0 +for ac_signal in 1 2 13 15; do + trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal +done +ac_signal=0 + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -f -r conftest* confdefs.h + +$as_echo "/* confdefs.h */" > confdefs.h + +# Predefined preprocessor variables. + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_NAME "$PACKAGE_NAME" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_TARNAME "$PACKAGE_TARNAME" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_VERSION "$PACKAGE_VERSION" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_STRING "$PACKAGE_STRING" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_URL "$PACKAGE_URL" +_ACEOF + + +# Let the site file select an alternate cache file if it wants to. +# Prefer an explicitly selected file to automatically selected ones. +ac_site_file1=NONE +ac_site_file2=NONE +if test -n "$CONFIG_SITE"; then + # We do not want a PATH search for config.site. + case $CONFIG_SITE in #(( + -*) ac_site_file1=./$CONFIG_SITE;; + */*) ac_site_file1=$CONFIG_SITE;; + *) ac_site_file1=./$CONFIG_SITE;; + esac +elif test "x$prefix" != xNONE; then + ac_site_file1=$prefix/share/config.site + ac_site_file2=$prefix/etc/config.site +else + ac_site_file1=$ac_default_prefix/share/config.site + ac_site_file2=$ac_default_prefix/etc/config.site +fi +for ac_site_file in "$ac_site_file1" "$ac_site_file2" +do + test "x$ac_site_file" = xNONE && continue + if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 +$as_echo "$as_me: loading site script $ac_site_file" >&6;} + sed 's/^/| /' "$ac_site_file" >&5 + . "$ac_site_file" \ + || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "failed to load site script $ac_site_file +See \`config.log' for more details" "$LINENO" 5; } + fi +done + +if test -r "$cache_file"; then + # Some versions of bash will fail to source /dev/null (special files + # actually), so we avoid doing that. DJGPP emulates it as a regular file. + if test /dev/null != "$cache_file" && test -f "$cache_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 +$as_echo "$as_me: loading cache $cache_file" >&6;} + case $cache_file in + [\\/]* | ?:[\\/]* ) . "$cache_file";; + *) . "./$cache_file";; + esac + fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 +$as_echo "$as_me: creating cache $cache_file" >&6;} + >$cache_file +fi + +# Check that the precious variables saved in the cache have kept the same +# value. +ac_cache_corrupted=false +for ac_var in $ac_precious_vars; do + eval ac_old_set=\$ac_cv_env_${ac_var}_set + eval ac_new_set=\$ac_env_${ac_var}_set + eval ac_old_val=\$ac_cv_env_${ac_var}_value + eval ac_new_val=\$ac_env_${ac_var}_value + case $ac_old_set,$ac_new_set in + set,) + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,set) + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,);; + *) + if test "x$ac_old_val" != "x$ac_new_val"; then + # differences in whitespace do not lead to failure. + ac_old_val_w=`echo x $ac_old_val` + ac_new_val_w=`echo x $ac_new_val` + if test "$ac_old_val_w" != "$ac_new_val_w"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 +$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + ac_cache_corrupted=: + else + { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 +$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} + eval $ac_var=\$ac_old_val + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 +$as_echo "$as_me: former value: \`$ac_old_val'" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 +$as_echo "$as_me: current value: \`$ac_new_val'" >&2;} + fi;; + esac + # Pass precious variables to config.status. + if test "$ac_new_set" = set; then + case $ac_new_val in + *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; + *) ac_arg=$ac_var=$ac_new_val ;; + esac + case " $ac_configure_args " in + *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. + *) as_fn_append ac_configure_args " '$ac_arg'" ;; + esac + fi +done +if $ac_cache_corrupted; then + { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 +$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} + as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 +fi +## -------------------- ## +## Main body of script. ## +## -------------------- ## + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + +am__api_version='1.15' + +ac_aux_dir= +for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do + if test -f "$ac_dir/install-sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f "$ac_dir/install.sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + elif test -f "$ac_dir/shtool"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/shtool install -c" + break + fi +done +if test -z "$ac_aux_dir"; then + as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 +fi + +# These three variables are undocumented and unsupported, +# and are intended to be withdrawn in a future Autoconf release. +# They can cause serious problems if a builder's source tree is in a directory +# whose full name contains unusual characters. +ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. +ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. +ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. + + +# Find a good install program. We prefer a C program (faster), +# so one script is as good as another. But avoid the broken or +# incompatible versions: +# SysV /etc/install, /usr/sbin/install +# SunOS /usr/etc/install +# IRIX /sbin/install +# AIX /bin/install +# AmigaOS /C/install, which installs bootblocks on floppy discs +# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag +# AFS /usr/afsws/bin/install, which mishandles nonexistent args +# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" +# OS/2's system install, which has a completely different semantic +# ./install, which can be erroneously created by make from ./install.sh. +# Reject install programs that cannot install multiple files. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 +$as_echo_n "checking for a BSD-compatible install... " >&6; } +if test -z "$INSTALL"; then +if ${ac_cv_path_install+:} false; then : + $as_echo_n "(cached) " >&6 +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + # Account for people who put trailing slashes in PATH elements. +case $as_dir/ in #(( + ./ | .// | /[cC]/* | \ + /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ + ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ + /usr/ucb/* ) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. + # Don't use installbsd from OSF since it installs stuff as root + # by default. + for ac_prog in ginstall scoinst install; do + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then + if test $ac_prog = install && + grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + : + elif test $ac_prog = install && + grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # program-specific install script used by HP pwplus--don't use. + : + else + rm -rf conftest.one conftest.two conftest.dir + echo one > conftest.one + echo two > conftest.two + mkdir conftest.dir + if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && + test -s conftest.one && test -s conftest.two && + test -s conftest.dir/conftest.one && + test -s conftest.dir/conftest.two + then + ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" + break 3 + fi + fi + fi + done + done + ;; +esac + + done +IFS=$as_save_IFS + +rm -rf conftest.one conftest.two conftest.dir + +fi + if test "${ac_cv_path_install+set}" = set; then + INSTALL=$ac_cv_path_install + else + # As a last resort, use the slow shell script. Don't cache a + # value for INSTALL within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the value is a relative name. + INSTALL=$ac_install_sh + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 +$as_echo "$INSTALL" >&6; } + +# Use test -z because SunOS4 sh mishandles braces in ${var-val}. +# It thinks the first close brace ends the variable substitution. +test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' + +test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' + +test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 +$as_echo_n "checking whether build environment is sane... " >&6; } +# Reject unsafe characters in $srcdir or the absolute working directory +# name. Accept space and tab only in the latter. +am_lf=' +' +case `pwd` in + *[\\\"\#\$\&\'\`$am_lf]*) + as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5;; +esac +case $srcdir in + *[\\\"\#\$\&\'\`$am_lf\ \ ]*) + as_fn_error $? "unsafe srcdir value: '$srcdir'" "$LINENO" 5;; +esac + +# Do 'set' in a subshell so we don't clobber the current shell's +# arguments. Must try -L first in case configure is actually a +# symlink; some systems play weird games with the mod time of symlinks +# (eg FreeBSD returns the mod time of the symlink's containing +# directory). +if ( + am_has_slept=no + for am_try in 1 2; do + echo "timestamp, slept: $am_has_slept" > conftest.file + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` + if test "$*" = "X"; then + # -L didn't work. + set X `ls -t "$srcdir/configure" conftest.file` + fi + if test "$*" != "X $srcdir/configure conftest.file" \ + && test "$*" != "X conftest.file $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + as_fn_error $? "ls -t appears to fail. Make sure there is not a broken + alias in your environment" "$LINENO" 5 + fi + if test "$2" = conftest.file || test $am_try -eq 2; then + break + fi + # Just in case. + sleep 1 + am_has_slept=yes + done + test "$2" = conftest.file + ) +then + # Ok. + : +else + as_fn_error $? "newly created file is older than distributed files! +Check your system clock" "$LINENO" 5 +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +# If we didn't sleep, we still need to ensure time stamps of config.status and +# generated files are strictly newer. +am_sleep_pid= +if grep 'slept: no' conftest.file >/dev/null 2>&1; then + ( sleep 1 ) & + am_sleep_pid=$! +fi + +rm -f conftest.file + +test "$program_prefix" != NONE && + program_transform_name="s&^&$program_prefix&;$program_transform_name" +# Use a double $ so make ignores it. +test "$program_suffix" != NONE && + program_transform_name="s&\$&$program_suffix&;$program_transform_name" +# Double any \ or $. +# By default was `s,x,x', remove it if useless. +ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' +program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` + +# Expand $ac_aux_dir to an absolute path. +am_aux_dir=`cd "$ac_aux_dir" && pwd` + +if test x"${MISSING+set}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; + *) + MISSING="\${SHELL} $am_aux_dir/missing" ;; + esac +fi +# Use eval to expand $SHELL +if eval "$MISSING --is-lightweight"; then + am_missing_run="$MISSING " +else + am_missing_run= + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5 +$as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;} +fi + +if test x"${install_sh+set}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; + *) + install_sh="\${SHELL} $am_aux_dir/install-sh" + esac +fi + +# Installed binaries are usually stripped using 'strip' when the user +# run "make install-strip". However 'strip' might not be the right +# tool to use in cross-compilation environments, therefore Automake +# will honor the 'STRIP' environment variable to overrule this program. +if test "$cross_compiling" != no; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. +set dummy ${ac_tool_prefix}strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_STRIP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$STRIP"; then + ac_cv_prog_STRIP="$STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_STRIP="${ac_tool_prefix}strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +STRIP=$ac_cv_prog_STRIP +if test -n "$STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 +$as_echo "$STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_STRIP"; then + ac_ct_STRIP=$STRIP + # Extract the first word of "strip", so it can be a program name with args. +set dummy strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_STRIP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_STRIP"; then + ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_STRIP="strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP +if test -n "$ac_ct_STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 +$as_echo "$ac_ct_STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_STRIP" = x; then + STRIP=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + STRIP=$ac_ct_STRIP + fi +else + STRIP="$ac_cv_prog_STRIP" +fi + +fi +INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5 +$as_echo_n "checking for a thread-safe mkdir -p... " >&6; } +if test -z "$MKDIR_P"; then + if ${ac_cv_path_mkdir+:} false; then : + $as_echo_n "(cached) " >&6 +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in mkdir gmkdir; do + for ac_exec_ext in '' $ac_executable_extensions; do + as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext" || continue + case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #( + 'mkdir (GNU coreutils) '* | \ + 'mkdir (coreutils) '* | \ + 'mkdir (fileutils) '4.1*) + ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext + break 3;; + esac + done + done + done +IFS=$as_save_IFS + +fi + + test -d ./--version && rmdir ./--version + if test "${ac_cv_path_mkdir+set}" = set; then + MKDIR_P="$ac_cv_path_mkdir -p" + else + # As a last resort, use the slow shell script. Don't cache a + # value for MKDIR_P within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the value is a relative name. + MKDIR_P="$ac_install_sh -d" + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 +$as_echo "$MKDIR_P" >&6; } + +for ac_prog in gawk mawk nawk awk +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_AWK+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$AWK"; then + ac_cv_prog_AWK="$AWK" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_AWK="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +AWK=$ac_cv_prog_AWK +if test -n "$AWK"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 +$as_echo "$AWK" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$AWK" && break +done + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 +$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } +set x ${MAKE-make} +ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` +if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat >conftest.make <<\_ACEOF +SHELL = /bin/sh +all: + @echo '@@@%%%=$(MAKE)=@@@%%%' +_ACEOF +# GNU make sometimes prints "make[1]: Entering ...", which would confuse us. +case `${MAKE-make} -f conftest.make 2>/dev/null` in + *@@@%%%=?*=@@@%%%*) + eval ac_cv_prog_make_${ac_make}_set=yes;; + *) + eval ac_cv_prog_make_${ac_make}_set=no;; +esac +rm -f conftest.make +fi +if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + SET_MAKE= +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + SET_MAKE="MAKE=${MAKE-make}" +fi + +rm -rf .tst 2>/dev/null +mkdir .tst 2>/dev/null +if test -d .tst; then + am__leading_dot=. +else + am__leading_dot=_ +fi +rmdir .tst 2>/dev/null + +# Check whether --enable-silent-rules was given. +if test "${enable_silent_rules+set}" = set; then : + enableval=$enable_silent_rules; +fi + +case $enable_silent_rules in # ((( + yes) AM_DEFAULT_VERBOSITY=0;; + no) AM_DEFAULT_VERBOSITY=1;; + *) AM_DEFAULT_VERBOSITY=1;; +esac +am_make=${MAKE-make} +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 +$as_echo_n "checking whether $am_make supports nested variables... " >&6; } +if ${am_cv_make_support_nested_variables+:} false; then : + $as_echo_n "(cached) " >&6 +else + if $as_echo 'TRUE=$(BAR$(V)) +BAR0=false +BAR1=true +V=1 +am__doit: + @$(TRUE) +.PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then + am_cv_make_support_nested_variables=yes +else + am_cv_make_support_nested_variables=no +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 +$as_echo "$am_cv_make_support_nested_variables" >&6; } +if test $am_cv_make_support_nested_variables = yes; then + AM_V='$(V)' + AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' +else + AM_V=$AM_DEFAULT_VERBOSITY + AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY +fi +AM_BACKSLASH='\' + +if test "`cd $srcdir && pwd`" != "`pwd`"; then + # Use -I$(srcdir) only when $(srcdir) != ., so that make's output + # is not polluted with repeated "-I." + am__isrc=' -I$(srcdir)' + # test to see if srcdir already configured + if test -f $srcdir/config.status; then + as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5 + fi +fi + +# test whether we have cygpath +if test -z "$CYGPATH_W"; then + if (cygpath --version) >/dev/null 2>/dev/null; then + CYGPATH_W='cygpath -w' + else + CYGPATH_W=echo + fi +fi + + +# Define the identity of the package. + PACKAGE='mod_qos' + VERSION='9.0' + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE "$PACKAGE" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define VERSION "$VERSION" +_ACEOF + +# Some tools Automake needs. + +ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal"} + + +AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"} + + +AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake"} + + +AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"} + + +MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} + +# For better backward compatibility. To be removed once Automake 1.9.x +# dies out for good. For more background, see: +# <http://lists.gnu.org/archive/html/automake/2012-07/msg00001.html> +# <http://lists.gnu.org/archive/html/automake/2012-07/msg00014.html> +mkdir_p='$(MKDIR_P)' + +# We need awk for the "check" target (and possibly the TAP driver). The +# system "awk" is bad on some platforms. +# Always define AMTAR for backward compatibility. Yes, it's still used +# in the wild :-( We should find a proper way to deprecate it ... +AMTAR='$${TAR-tar}' + + +# We'll loop over all known methods to create a tar archive until one works. +_am_tools='gnutar pax cpio none' + +am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -' + + + + + + +# POSIX will say in a future version that running "rm -f" with no argument +# is OK; and we want to be able to make that assumption in our Makefile +# recipes. So use an aggressive probe to check that the usage we want is +# actually supported "in the wild" to an acceptable degree. +# See automake bug#10828. +# To make any issue more visible, cause the running configure to be aborted +# by default if the 'rm' program in use doesn't match our expectations; the +# user can still override this though. +if rm -f && rm -fr && rm -rf; then : OK; else + cat >&2 <<'END' +Oops! + +Your 'rm' program seems unable to run without file operands specified +on the command line, even when the '-f' option is present. This is contrary +to the behaviour of most rm programs out there, and not conforming with +the upcoming POSIX standard: <http://austingroupbugs.net/view.php?id=542> + +Please tell bug-automake@gnu.org about your system, including the value +of your $PATH and any error possibly output before this message. This +can help us improve future automake versions. + +END + if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then + echo 'Configuration will proceed anyway, since you have set the' >&2 + echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2 + echo >&2 + else + cat >&2 <<'END' +Aborting the configuration process, to ensure you take notice of the issue. + +You can download and install GNU coreutils to get an 'rm' implementation +that behaves properly: <http://www.gnu.org/software/coreutils/>. + +If you want to complete the configuration process using your problematic +'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM +to "yes", and re-run configure. + +END + as_fn_error $? "Your 'rm' program is bad, sorry." "$LINENO" 5 + fi +fi + +ac_config_headers="$ac_config_headers config.h" + + +# Checks for programs. +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + fi +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl.exe + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl.exe +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_CC" && break +done + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +fi + +fi + + +test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "no acceptable C compiler found in \$PATH +See \`config.log' for more details" "$LINENO" 5; } + +# Provide some information about the compiler. +$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 +set X $ac_compile +ac_compiler=$2 +for ac_option in --version -v -V -qversion; do + { { ac_try="$ac_compiler $ac_option >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compiler $ac_option >&5") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + sed '10a\ +... rest of stderr output deleted ... + 10q' conftest.err >conftest.er1 + cat conftest.er1 >&5 + fi + rm -f conftest.er1 conftest.err + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +done + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" +# Try to create an executable without -o first, disregard a.out. +# It will help us diagnose broken compilers, and finding out an intuition +# of exeext. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 +$as_echo_n "checking whether the C compiler works... " >&6; } +ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` + +# The possible output files: +ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" + +ac_rmfiles= +for ac_file in $ac_files +do + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + * ) ac_rmfiles="$ac_rmfiles $ac_file";; + esac +done +rm -f $ac_rmfiles + +if { { ac_try="$ac_link_default" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link_default") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. +# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' +# in a Makefile. We should not override ac_cv_exeext if it was cached, +# so that the user can short-circuit this test for compilers unknown to +# Autoconf. +for ac_file in $ac_files '' +do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) + ;; + [ab].out ) + # We found the default executable, but exeext='' is most + # certainly right. + break;; + *.* ) + if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; + then :; else + ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + fi + # We set ac_cv_exeext here because the later test for it is not + # safe: cross compilers may not add the suffix if given an `-o' + # argument, so we may need to know it at that point already. + # Even if this section looks crufty: it has the advantage of + # actually working. + break;; + * ) + break;; + esac +done +test "$ac_cv_exeext" = no && ac_cv_exeext= + +else + ac_file='' +fi +if test -z "$ac_file"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +$as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "C compiler cannot create executables +See \`config.log' for more details" "$LINENO" 5; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 +$as_echo_n "checking for C compiler default output file name... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 +$as_echo "$ac_file" >&6; } +ac_exeext=$ac_cv_exeext + +rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out +ac_clean_files=$ac_clean_files_save +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 +$as_echo_n "checking for suffix of executables... " >&6; } +if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + # If both `conftest.exe' and `conftest' are `present' (well, observable) +# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will +# work properly (i.e., refer to `conftest.exe'), while it won't with +# `rm'. +for ac_file in conftest.exe conftest conftest.*; do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + break;; + * ) break;; + esac +done +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details" "$LINENO" 5; } +fi +rm -f conftest conftest$ac_cv_exeext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 +$as_echo "$ac_cv_exeext" >&6; } + +rm -f conftest.$ac_ext +EXEEXT=$ac_cv_exeext +ac_exeext=$EXEEXT +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include <stdio.h> +int +main () +{ +FILE *f = fopen ("conftest.out", "w"); + return ferror (f) || fclose (f) != 0; + + ; + return 0; +} +_ACEOF +ac_clean_files="$ac_clean_files conftest.out" +# Check that the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 +$as_echo_n "checking whether we are cross compiling... " >&6; } +if test "$cross_compiling" != yes; then + { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if { ac_try='./conftest$ac_cv_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then + cross_compiling=no + else + if test "$cross_compiling" = maybe; then + cross_compiling=yes + else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details" "$LINENO" 5; } + fi + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 +$as_echo "$cross_compiling" >&6; } + +rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out +ac_clean_files=$ac_clean_files_save +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 +$as_echo_n "checking for suffix of object files... " >&6; } +if ${ac_cv_objext+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.o conftest.obj +if { { ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + for ac_file in conftest.o conftest.obj conftest.*; do + test -f "$ac_file" || continue; + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; + *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` + break;; + esac +done +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot compute suffix of object files: cannot compile +See \`config.log' for more details" "$LINENO" 5; } +fi +rm -f conftest.$ac_cv_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 +$as_echo "$ac_cv_objext" >&6; } +OBJEXT=$ac_cv_objext +ac_objext=$OBJEXT +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 +$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } +if ${ac_cv_c_compiler_gnu+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_compiler_gnu=yes +else + ac_compiler_gnu=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 +$as_echo "$ac_cv_c_compiler_gnu" >&6; } +if test $ac_compiler_gnu = yes; then + GCC=yes +else + GCC= +fi +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 +$as_echo_n "checking whether $CC accepts -g... " >&6; } +if ${ac_cv_prog_cc_g+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_save_c_werror_flag=$ac_c_werror_flag + ac_c_werror_flag=yes + ac_cv_prog_cc_g=no + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +else + CFLAGS="" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + ac_c_werror_flag=$ac_save_c_werror_flag + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_c_werror_flag=$ac_save_c_werror_flag +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 +$as_echo "$ac_cv_prog_cc_g" >&6; } +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 +$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } +if ${ac_cv_prog_cc_c89+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_prog_cc_c89=no +ac_save_CC=$CC +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include <stdarg.h> +#include <stdio.h> +struct stat; +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters + inside strings and character constants. */ +#define FOO(x) 'x' +int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ + -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_c89=$ac_arg +fi +rm -f core conftest.err conftest.$ac_objext + test "x$ac_cv_prog_cc_c89" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC + +fi +# AC_CACHE_VAL +case "x$ac_cv_prog_cc_c89" in + x) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +$as_echo "none needed" >&6; } ;; + xno) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +$as_echo "unsupported" >&6; } ;; + *) + CC="$CC $ac_cv_prog_cc_c89" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; +esac +if test "x$ac_cv_prog_cc_c89" != xno; then : + +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5 +$as_echo_n "checking whether $CC understands -c and -o together... " >&6; } +if ${am_cv_prog_cc_c_o+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF + # Make sure it works both with $CC and with simple cc. + # Following AC_PROG_CC_C_O, we do the test twice because some + # compilers refuse to overwrite an existing .o file with -o, + # though they will create one. + am_cv_prog_cc_c_o=yes + for am_i in 1 2; do + if { echo "$as_me:$LINENO: $CC -c conftest.$ac_ext -o conftest2.$ac_objext" >&5 + ($CC -c conftest.$ac_ext -o conftest2.$ac_objext) >&5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } \ + && test -f conftest2.$ac_objext; then + : OK + else + am_cv_prog_cc_c_o=no + break + fi + done + rm -f core conftest* + unset am_i +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5 +$as_echo "$am_cv_prog_cc_c_o" >&6; } +if test "$am_cv_prog_cc_c_o" != yes; then + # Losing compiler, so override with the script. + # FIXME: It is wrong to rewrite CC. + # But if we don't then we get into trouble of one sort or another. + # A longer-term fix would be to have automake use am__CC in this case, + # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)" + CC="$am_aux_dir/compile $CC" +fi +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +DEPDIR="${am__leading_dot}deps" + +ac_config_commands="$ac_config_commands depfiles" + + +am_make=${MAKE-make} +cat > confinc << 'END' +am__doit: + @echo this is the am__doit target +.PHONY: am__doit +END +# If we don't find an include directive, just comment out the code. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5 +$as_echo_n "checking for style of include used by $am_make... " >&6; } +am__include="#" +am__quote= +_am_result=none +# First try GNU make style include. +echo "include confinc" > confmf +# Ignore all kinds of additional output from 'make'. +case `$am_make -s -f confmf 2> /dev/null` in #( +*the\ am__doit\ target*) + am__include=include + am__quote= + _am_result=GNU + ;; +esac +# Now try BSD make style include. +if test "$am__include" = "#"; then + echo '.include "confinc"' > confmf + case `$am_make -s -f confmf 2> /dev/null` in #( + *the\ am__doit\ target*) + am__include=.include + am__quote="\"" + _am_result=BSD + ;; + esac +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5 +$as_echo "$_am_result" >&6; } +rm -f confinc confmf + +# Check whether --enable-dependency-tracking was given. +if test "${enable_dependency_tracking+set}" = set; then : + enableval=$enable_dependency_tracking; +fi + +if test "x$enable_dependency_tracking" != xno; then + am_depcomp="$ac_aux_dir/depcomp" + AMDEPBACKSLASH='\' + am__nodep='_no' +fi + if test "x$enable_dependency_tracking" != xno; then + AMDEP_TRUE= + AMDEP_FALSE='#' +else + AMDEP_TRUE='#' + AMDEP_FALSE= +fi + + + +depcc="$CC" am_compiler_list= + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 +$as_echo_n "checking dependency style of $depcc... " >&6; } +if ${am_cv_CC_dependencies_compiler_type+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For + # instance it was reported that on HP-UX the gcc test will end up + # making a dummy file named 'D' -- because '-MD' means "put the output + # in D". + rm -rf conftest.dir + mkdir conftest.dir + # Copy depcomp to subdir because otherwise we won't find it if we're + # using a relative directory. + cp "$am_depcomp" conftest.dir + cd conftest.dir + # We will build objects and dependencies in a subdirectory because + # it helps to detect inapplicable dependency modes. For instance + # both Tru64's cc and ICC support -MD to output dependencies as a + # side effect of compilation, but ICC will put the dependencies in + # the current directory while Tru64 will put them in the object + # directory. + mkdir sub + + am_cv_CC_dependencies_compiler_type=none + if test "$am_compiler_list" = ""; then + am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` + fi + am__universal=false + case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac + + for depmode in $am_compiler_list; do + # Setup a source with many dependencies, because some compilers + # like to wrap large dependency lists on column 80 (with \), and + # we should not choose a depcomp mode which is confused by this. + # + # We need to recreate these files for each test, as the compiler may + # overwrite some of them when testing with obscure command lines. + # This happens at least with the AIX C compiler. + : > sub/conftest.c + for i in 1 2 3 4 5 6; do + echo '#include "conftst'$i'.h"' >> sub/conftest.c + # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with + # Solaris 10 /bin/sh. + echo '/* dummy */' > sub/conftst$i.h + done + echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + + # We check with '-c' and '-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle '-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs. + am__obj=sub/conftest.${OBJEXT-o} + am__minus_obj="-o $am__obj" + case $depmode in + gcc) + # This depmode causes a compiler race in universal mode. + test "$am__universal" = false || continue + ;; + nosideeffect) + # After this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested. + if test "x$enable_dependency_tracking" = xyes; then + continue + else + break + fi + ;; + msvc7 | msvc7msys | msvisualcpp | msvcmsys) + # This compiler won't grok '-c -o', but also, the minuso test has + # not run yet. These depmodes are late enough in the game, and + # so weak that their functioning should not be impacted. + am__obj=conftest.${OBJEXT-o} + am__minus_obj= + ;; + none) break ;; + esac + if depmode=$depmode \ + source=sub/conftest.c object=$am__obj \ + depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ + $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ + >/dev/null 2>conftest.err && + grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && + grep $am__obj sub/conftest.Po > /dev/null 2>&1 && + ${MAKE-make} -s -f confmf > /dev/null 2>&1; then + # icc doesn't choke on unknown options, it will just issue warnings + # or remarks (even with -Werror). So we grep stderr for any message + # that says an option was ignored or not supported. + # When given -MP, icc 7.0 and 7.1 complain thusly: + # icc: Command line warning: ignoring option '-M'; no argument required + # The diagnosis changed in icc 8.0: + # icc: Command line remark: option '-MP' not supported + if (grep 'ignoring option' conftest.err || + grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + am_cv_CC_dependencies_compiler_type=$depmode + break + fi + fi + done + + cd .. + rm -rf conftest.dir +else + am_cv_CC_dependencies_compiler_type=none +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5 +$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; } +CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type + + if + test "x$enable_dependency_tracking" != xno \ + && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then + am__fastdepCC_TRUE= + am__fastdepCC_FALSE='#' +else + am__fastdepCC_TRUE='#' + am__fastdepCC_FALSE= +fi + + + +# Checks for libraries. + +# Checks for header files. + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 +$as_echo_n "checking how to run the C preprocessor... " >&6; } +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then + if ${ac_cv_prog_CPP+:} false; then : + $as_echo_n "(cached) " >&6 +else + # Double quotes because CPP needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since + # <limits.h> exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include <limits.h> +#else +# include <assert.h> +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include <ac_nonexistent.h> +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + break +fi + + done + ac_cv_prog_CPP=$CPP + +fi + CPP=$ac_cv_prog_CPP +else + ac_cv_prog_CPP=$CPP +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 +$as_echo "$CPP" >&6; } +ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since + # <limits.h> exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include <limits.h> +#else +# include <assert.h> +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include <ac_nonexistent.h> +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details" "$LINENO" 5; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 +$as_echo_n "checking for grep that handles long lines and -e... " >&6; } +if ${ac_cv_path_GREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$GREP"; then + ac_path_GREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in grep ggrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_GREP" || continue +# Check for GNU ac_path_GREP and select it if it is found. + # Check for GNU $ac_path_GREP +case `"$ac_path_GREP" --version 2>&1` in +*GNU*) + ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'GREP' >> "conftest.nl" + "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_GREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_GREP="$ac_path_GREP" + ac_path_GREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_GREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_GREP"; then + as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_GREP=$GREP +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 +$as_echo "$ac_cv_path_GREP" >&6; } + GREP="$ac_cv_path_GREP" + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 +$as_echo_n "checking for egrep... " >&6; } +if ${ac_cv_path_EGREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 + then ac_cv_path_EGREP="$GREP -E" + else + if test -z "$EGREP"; then + ac_path_EGREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in egrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_EGREP" || continue +# Check for GNU ac_path_EGREP and select it if it is found. + # Check for GNU $ac_path_EGREP +case `"$ac_path_EGREP" --version 2>&1` in +*GNU*) + ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'EGREP' >> "conftest.nl" + "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_EGREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_EGREP="$ac_path_EGREP" + ac_path_EGREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_EGREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_EGREP"; then + as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_EGREP=$EGREP +fi + + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 +$as_echo "$ac_cv_path_EGREP" >&6; } + EGREP="$ac_cv_path_EGREP" + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 +$as_echo_n "checking for ANSI C header files... " >&6; } +if ${ac_cv_header_stdc+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include <stdlib.h> +#include <stdarg.h> +#include <string.h> +#include <float.h> + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_header_stdc=yes +else + ac_cv_header_stdc=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include <string.h> + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include <stdlib.h> + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then : + : +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include <ctype.h> +#include <stdlib.h> +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + return 2; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + +else + ac_cv_header_stdc=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 +$as_echo "$ac_cv_header_stdc" >&6; } +if test $ac_cv_header_stdc = yes; then + +$as_echo "#define STDC_HEADERS 1" >>confdefs.h + +fi + +# On IRIX 5.3, sys/types and inttypes.h are conflicting. +for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ + inttypes.h stdint.h unistd.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default +" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + +for ac_header in fcntl.h netdb.h stdlib.h string.h strings.h sys/socket.h unistd.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + +# Checks for typedefs, structures, and compiler characteristics. +ac_fn_c_check_type "$LINENO" "pid_t" "ac_cv_type_pid_t" "$ac_includes_default" +if test "x$ac_cv_type_pid_t" = xyes; then : + +else + +cat >>confdefs.h <<_ACEOF +#define pid_t int +_ACEOF + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for uid_t in sys/types.h" >&5 +$as_echo_n "checking for uid_t in sys/types.h... " >&6; } +if ${ac_cv_type_uid_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include <sys/types.h> + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "uid_t" >/dev/null 2>&1; then : + ac_cv_type_uid_t=yes +else + ac_cv_type_uid_t=no +fi +rm -f conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uid_t" >&5 +$as_echo "$ac_cv_type_uid_t" >&6; } +if test $ac_cv_type_uid_t = no; then + +$as_echo "#define uid_t int" >>confdefs.h + + +$as_echo "#define gid_t int" >>confdefs.h + +fi + + +# Checks for library functions. +for ac_header in vfork.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "vfork.h" "ac_cv_header_vfork_h" "$ac_includes_default" +if test "x$ac_cv_header_vfork_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_VFORK_H 1 +_ACEOF + +fi + +done + +for ac_func in fork vfork +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +if test "x$ac_cv_func_fork" = xyes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working fork" >&5 +$as_echo_n "checking for working fork... " >&6; } +if ${ac_cv_func_fork_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + ac_cv_func_fork_works=cross +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ + + /* By Ruediger Kuhlmann. */ + return fork () < 0; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + ac_cv_func_fork_works=yes +else + ac_cv_func_fork_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_fork_works" >&5 +$as_echo "$ac_cv_func_fork_works" >&6; } + +else + ac_cv_func_fork_works=$ac_cv_func_fork +fi +if test "x$ac_cv_func_fork_works" = xcross; then + case $host in + *-*-amigaos* | *-*-msdosdjgpp*) + # Override, as these systems have only a dummy fork() stub + ac_cv_func_fork_works=no + ;; + *) + ac_cv_func_fork_works=yes + ;; + esac + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: result $ac_cv_func_fork_works guessed because of cross compilation" >&5 +$as_echo "$as_me: WARNING: result $ac_cv_func_fork_works guessed because of cross compilation" >&2;} +fi +ac_cv_func_vfork_works=$ac_cv_func_vfork +if test "x$ac_cv_func_vfork" = xyes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working vfork" >&5 +$as_echo_n "checking for working vfork... " >&6; } +if ${ac_cv_func_vfork_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + ac_cv_func_vfork_works=cross +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Thanks to Paul Eggert for this test. */ +$ac_includes_default +#include <sys/wait.h> +#ifdef HAVE_VFORK_H +# include <vfork.h> +#endif +/* On some sparc systems, changes by the child to local and incoming + argument registers are propagated back to the parent. The compiler + is told about this with #include <vfork.h>, but some compilers + (e.g. gcc -O) don't grok <vfork.h>. Test for this by using a + static variable whose address is put into a register that is + clobbered by the vfork. */ +static void +#ifdef __cplusplus +sparc_address_test (int arg) +# else +sparc_address_test (arg) int arg; +#endif +{ + static pid_t child; + if (!child) { + child = vfork (); + if (child < 0) { + perror ("vfork"); + _exit(2); + } + if (!child) { + arg = getpid(); + write(-1, "", 0); + _exit (arg); + } + } +} + +int +main () +{ + pid_t parent = getpid (); + pid_t child; + + sparc_address_test (0); + + child = vfork (); + + if (child == 0) { + /* Here is another test for sparc vfork register problems. This + test uses lots of local variables, at least as many local + variables as main has allocated so far including compiler + temporaries. 4 locals are enough for gcc 1.40.3 on a Solaris + 4.1.3 sparc, but we use 8 to be safe. A buggy compiler should + reuse the register of parent for one of the local variables, + since it will think that parent can't possibly be used any more + in this routine. Assigning to the local variable will thus + munge parent in the parent process. */ + pid_t + p = getpid(), p1 = getpid(), p2 = getpid(), p3 = getpid(), + p4 = getpid(), p5 = getpid(), p6 = getpid(), p7 = getpid(); + /* Convince the compiler that p..p7 are live; otherwise, it might + use the same hardware register for all 8 local variables. */ + if (p != p1 || p != p2 || p != p3 || p != p4 + || p != p5 || p != p6 || p != p7) + _exit(1); + + /* On some systems (e.g. IRIX 3.3), vfork doesn't separate parent + from child file descriptors. If the child closes a descriptor + before it execs or exits, this munges the parent's descriptor + as well. Test for this by closing stdout in the child. */ + _exit(close(fileno(stdout)) != 0); + } else { + int status; + struct stat st; + + while (wait(&status) != child) + ; + return ( + /* Was there some problem with vforking? */ + child < 0 + + /* Did the child fail? (This shouldn't happen.) */ + || status + + /* Did the vfork/compiler bug occur? */ + || parent != getpid() + + /* Did the file descriptor bug occur? */ + || fstat(fileno(stdout), &st) != 0 + ); + } +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + ac_cv_func_vfork_works=yes +else + ac_cv_func_vfork_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_vfork_works" >&5 +$as_echo "$ac_cv_func_vfork_works" >&6; } + +fi; +if test "x$ac_cv_func_fork_works" = xcross; then + ac_cv_func_vfork_works=$ac_cv_func_vfork + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: result $ac_cv_func_vfork_works guessed because of cross compilation" >&5 +$as_echo "$as_me: WARNING: result $ac_cv_func_vfork_works guessed because of cross compilation" >&2;} +fi + +if test "x$ac_cv_func_vfork_works" = xyes; then + +$as_echo "#define HAVE_WORKING_VFORK 1" >>confdefs.h + +else + +$as_echo "#define vfork fork" >>confdefs.h + +fi +if test "x$ac_cv_func_fork_works" = xyes; then + +$as_echo "#define HAVE_WORKING_FORK 1" >>confdefs.h + +fi + +for ac_header in stdlib.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "stdlib.h" "ac_cv_header_stdlib_h" "$ac_includes_default" +if test "x$ac_cv_header_stdlib_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_STDLIB_H 1 +_ACEOF + +fi + +done + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU libc compatible malloc" >&5 +$as_echo_n "checking for GNU libc compatible malloc... " >&6; } +if ${ac_cv_func_malloc_0_nonnull+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + ac_cv_func_malloc_0_nonnull=no +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if defined STDC_HEADERS || defined HAVE_STDLIB_H +# include <stdlib.h> +#else +char *malloc (); +#endif + +int +main () +{ +return ! malloc (0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + ac_cv_func_malloc_0_nonnull=yes +else + ac_cv_func_malloc_0_nonnull=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_malloc_0_nonnull" >&5 +$as_echo "$ac_cv_func_malloc_0_nonnull" >&6; } +if test $ac_cv_func_malloc_0_nonnull = yes; then : + +$as_echo "#define HAVE_MALLOC 1" >>confdefs.h + +else + $as_echo "#define HAVE_MALLOC 0" >>confdefs.h + + case " $LIBOBJS " in + *" malloc.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS malloc.$ac_objext" + ;; +esac + + +$as_echo "#define malloc rpl_malloc" >>confdefs.h + +fi + + +for ac_func in ftruncate gethostbyname memset regcomp select socket strchr strerror strrchr strstr +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + +# START customize settings +# Check whether --enable-use-static was given. +if test "${enable_use_static+set}" = set; then : + enableval=$enable_use_static; +fi + +# Check whether --enable-full-static was given. +if test "${enable_full_static+set}" = set; then : + enableval=$enable_full_static; +fi + +# Check whether --enable-ssl was given. +if test "${enable_ssl+set}" = set; then : + enableval=$enable_ssl; +fi + + + +# Check whether --with-apr was given. +if test "${with_apr+set}" = set; then : + withval=$with_apr; if test ! -x $withval/apr-1-config; then as_fn_error $? "$withval/apr-1-config do not exist or is not executable" "$LINENO" 5; else APR_CONFIG="$withval/apr-1-config"; fi +else + APR_CONFIG="apr-1-config" +fi + + +# Check whether --with-apr-util was given. +if test "${with_apr_util+set}" = set; then : + withval=$with_apr_util; if test ! -x $withval/apu-1-config; then as_fn_error $? "$withval/apu-1-config do not exist or is not executable" "$LINENO" 5; else APU_CONFIG="$withval/apu-1-config"; fi +else + APU_CONFIG="apu-1-config" +fi + + +# Check whether --with-pcre2 was given. +if test "${with_pcre2+set}" = set; then : + withval=$with_pcre2; if test ! -x $withval/pcre2-config; then as_fn_error $? "$withval/pcre2-config do not exist or is not executable" "$LINENO" 5; else PCRE2_CONFIG="$withval/pcre2-config"; fi +else + PCRE2_CONFIG="pcre2-config" +fi + + +# Check whether --with-png was given. +if test "${with_png+set}" = set; then : + withval=$with_png; if test ! -x $withval/libpng-config; then as_fn_error $? "$withval/libpng-config do not exist or is not executable" "$LINENO" 5; else PNG_CONFIG="$withval/libpng-config"; fi +else + PNG_CONFIG="libpng-config" +fi + + +# Check whether --with-ssl was given. +if test "${with_ssl+set}" = set; then : + withval=$with_ssl; if test ! -d $withval; then as_fn_error $? "$withval is not a directory" "$LINENO" 5; else OPENSSL_LIB_PATH="-L${withval}"; OPENSSL_INCLUDES="-I${withval}/include"; fi +else + OPENSSL_LIB_PATH=""; OPENSSL_INCLUDES="" +fi + + +APR_VERSION=`$APR_CONFIG --version` +if test ! "$?" = "0"; then + echo "libapr is missing, use --with-apr=PATH" + exit -1 +fi +APU_VERSION=`$APU_CONFIG --version` +if test ! "$?" = "0"; then + echo "libaprutil is missing, use --with-apr-util=PATH" + exit -1 +fi +PCRE2_VERSION=`$PCRE2_CONFIG --version` +if test ! "$?" = "0"; then + echo "libpcre2 is missing, use --with-pcre2=PATH to specify the location of your pcre2 library" + exit -1 +fi +PNG_VERSION=`$PNG_CONFIG --version` +if test ! "$?" = "0"; then + echo "libpng is missing, use --with-png=PATH to specify the location of your png library" + #exit -1 +fi + +# Store settings for includes, libs and flags +INCLUDES="`$APR_CONFIG --includes` `$APU_CONFIG --includes` $OPENSSL_INCLUDES" +CFLAGS="`$APR_CONFIG --cflags` `$PCRE2_CONFIG --cflags` `$PNG_CONFIG --cflags` $CFLAGS $INCLUDES" +CPPFLAGS="`$APR_CONFIG --cppflags` $CPPFLAGS" +LIBS="$OPENSSL_LIB_PATH -lssl -lcrypto `$APR_CONFIG --link-ld` `$APU_CONFIG --link-ld` `$APR_CONFIG --libs` `$APU_CONFIG --libs` `$PCRE2_CONFIG --libs8` `$PNG_CONFIG --libs` -lz" + +# if link static +if test "$enable_full_static" = "yes"; then + LDFLAGS="-all-static" +fi + +# if link static +if test "$enable_use_static" = "yes"; then + LDFLAGS="-static" +fi +# END customize settings + +ac_config_files="$ac_config_files Makefile src/Makefile" + +cat >confcache <<\_ACEOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs, see configure's option --config-cache. +# It is not useful on other systems. If it contains results you don't +# want to keep, you may remove or edit it. +# +# config.status only pays attention to the cache file if you give it +# the --recheck option to rerun configure. +# +# `ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* `ac_cv_foo' will be assigned the +# following values. + +_ACEOF + +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, we kill variables containing newlines. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +( + for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + + (set) 2>&1 | + case $as_nl`(ac_space=' '; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + # `set' does not quote correctly, so add quotes: double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \. + sed -n \ + "s/'/'\\\\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" + ;; #( + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) | + sed ' + /^ac_cv_env_/b end + t clear + :clear + s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + t end + s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + :end' >>confcache +if diff "$cache_file" confcache >/dev/null 2>&1; then :; else + if test -w "$cache_file"; then + if test "x$cache_file" != "x/dev/null"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 +$as_echo "$as_me: updating cache $cache_file" >&6;} + if test ! -f "$cache_file" || test -h "$cache_file"; then + cat confcache >"$cache_file" + else + case $cache_file in #( + */* | ?:*) + mv -f confcache "$cache_file"$$ && + mv -f "$cache_file"$$ "$cache_file" ;; #( + *) + mv -f confcache "$cache_file" ;; + esac + fi + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 +$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} + fi +fi +rm -f confcache + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +DEFS=-DHAVE_CONFIG_H + +ac_libobjs= +ac_ltlibobjs= +for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue + # 1. Remove the extension, and $U if already installed. + ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' + ac_i=`$as_echo "$ac_i" | sed "$ac_script"` + # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR + # will be set to the directory where LIBOBJS objects are built. + as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" + as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' +done +LIBOBJS=$ac_libobjs + +LTLIBOBJS=$ac_ltlibobjs + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5 +$as_echo_n "checking that generated files are newer than configure... " >&6; } + if test -n "$am_sleep_pid"; then + # Hide warnings about reused PIDs. + wait $am_sleep_pid 2>/dev/null + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: done" >&5 +$as_echo "done" >&6; } + if test -n "$EXEEXT"; then + am__EXEEXT_TRUE= + am__EXEEXT_FALSE='#' +else + am__EXEEXT_TRUE='#' + am__EXEEXT_FALSE= +fi + +if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then + as_fn_error $? "conditional \"AMDEP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then + as_fn_error $? "conditional \"am__fastdepCC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi + +: "${CONFIG_STATUS=./config.status}" +ac_write_fail=0 +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files $CONFIG_STATUS" +{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 +$as_echo "$as_me: creating $CONFIG_STATUS" >&6;} +as_write_fail=0 +cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 +#! $SHELL +# Generated by $as_me. +# Run this file to recreate the current configuration. +# Compiler output produced by configure, useful for debugging +# configure, is in config.log if it exists. + +debug=false +ac_cs_recheck=false +ac_cs_silent=false + +SHELL=\${CONFIG_SHELL-$SHELL} +export SHELL +_ASEOF +cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +as_myself= +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + $as_echo "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -pR'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -pR' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -pR' + fi +else + as_ln_s='cp -pR' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + + +# as_fn_executable_p FILE +# ----------------------- +# Test if FILE is an executable regular file. +as_fn_executable_p () +{ + test -f "$1" && test -x "$1" +} # as_fn_executable_p +as_test_x='test -x' +as_executable_p=as_fn_executable_p + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +exec 6>&1 +## ----------------------------------- ## +## Main body of $CONFIG_STATUS script. ## +## ----------------------------------- ## +_ASEOF +test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# Save the log message, to keep $0 and so on meaningful, and to +# report actual input values of CONFIG_FILES etc. instead of their +# values after options handling. +ac_log=" +This file was extended by mod_qos $as_me 9.0, which was +generated by GNU Autoconf 2.69. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + $ $0 $@ + +on `(hostname || uname -n) 2>/dev/null | sed 1q` +" + +_ACEOF + +case $ac_config_files in *" +"*) set x $ac_config_files; shift; ac_config_files=$*;; +esac + +case $ac_config_headers in *" +"*) set x $ac_config_headers; shift; ac_config_headers=$*;; +esac + + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +# Files that config.status was made for. +config_files="$ac_config_files" +config_headers="$ac_config_headers" +config_commands="$ac_config_commands" + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +ac_cs_usage="\ +\`$as_me' instantiates files and other configuration actions +from templates according to the current configuration. Unless the files +and actions are specified as TAGs, all are instantiated by default. + +Usage: $0 [OPTION]... [TAG]... + + -h, --help print this help, then exit + -V, --version print version number and configuration settings, then exit + --config print configuration, then exit + -q, --quiet, --silent + do not print progress messages + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + --header=FILE[:TEMPLATE] + instantiate the configuration header FILE + +Configuration files: +$config_files + +Configuration headers: +$config_headers + +Configuration commands: +$config_commands + +Report bugs to <pbuchbinder@users.sourceforge.net>." + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" +ac_cs_version="\\ +mod_qos config.status 9.0 +configured by $0, generated by GNU Autoconf 2.69, + with options \\"\$ac_cs_config\\" + +Copyright (C) 2012 Free Software Foundation, Inc. +This config.status script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it." + +ac_pwd='$ac_pwd' +srcdir='$srcdir' +INSTALL='$INSTALL' +MKDIR_P='$MKDIR_P' +AWK='$AWK' +test -n "\$AWK" || AWK=awk +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# The default lists apply if the user does not specify any file. +ac_need_defaults=: +while test $# != 0 +do + case $1 in + --*=?*) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` + ac_shift=: + ;; + --*=) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg= + ac_shift=: + ;; + *) + ac_option=$1 + ac_optarg=$2 + ac_shift=shift + ;; + esac + + case $ac_option in + # Handling of the options. + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + ac_cs_recheck=: ;; + --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) + $as_echo "$ac_cs_version"; exit ;; + --config | --confi | --conf | --con | --co | --c ) + $as_echo "$ac_cs_config"; exit ;; + --debug | --debu | --deb | --de | --d | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + '') as_fn_error $? "missing file argument" ;; + esac + as_fn_append CONFIG_FILES " '$ac_optarg'" + ac_need_defaults=false;; + --header | --heade | --head | --hea ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + as_fn_append CONFIG_HEADERS " '$ac_optarg'" + ac_need_defaults=false;; + --he | --h) + # Conflict between --help and --header + as_fn_error $? "ambiguous option: \`$1' +Try \`$0 --help' for more information.";; + --help | --hel | -h ) + $as_echo "$ac_cs_usage"; exit ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil | --si | --s) + ac_cs_silent=: ;; + + # This is an error. + -*) as_fn_error $? "unrecognized option: \`$1' +Try \`$0 --help' for more information." ;; + + *) as_fn_append ac_config_targets " $1" + ac_need_defaults=false ;; + + esac + shift +done + +ac_configure_extra_args= + +if $ac_cs_silent; then + exec 6>/dev/null + ac_configure_extra_args="$ac_configure_extra_args --silent" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +if \$ac_cs_recheck; then + set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion + shift + \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 + CONFIG_SHELL='$SHELL' + export CONFIG_SHELL + exec "\$@" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +exec 5>>config.log +{ + echo + sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX +## Running $as_me. ## +_ASBOX + $as_echo "$ac_log" +} >&5 + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +# +# INIT-COMMANDS +# +AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir" + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + +# Handling of arguments. +for ac_config_target in $ac_config_targets +do + case $ac_config_target in + "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; + "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; + "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; + + *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; + esac +done + + +# If the user did not use the arguments to specify the items to instantiate, +# then the envvar interface is used. Set only those that are not. +# We use the long form for the default assignment because of an extremely +# bizarre bug on SunOS 4.1.3. +if $ac_need_defaults; then + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files + test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers + test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands +fi + +# Have a temporary directory for convenience. Make it in the build tree +# simply because there is no reason against having it here, and in addition, +# creating and moving files from /tmp can sometimes cause problems. +# Hook for its removal unless debugging. +# Note that there is a small window in which the directory will not be cleaned: +# after its creation but before its name has been assigned to `$tmp'. +$debug || +{ + tmp= ac_tmp= + trap 'exit_status=$? + : "${ac_tmp:=$tmp}" + { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status +' 0 + trap 'as_fn_exit 1' 1 2 13 15 +} +# Create a (secure) tmp directory for tmp files. + +{ + tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && + test -d "$tmp" +} || +{ + tmp=./conf$$-$RANDOM + (umask 077 && mkdir "$tmp") +} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 +ac_tmp=$tmp + +# Set up the scripts for CONFIG_FILES section. +# No need to generate them if there are no CONFIG_FILES. +# This happens for instance with `./config.status config.h'. +if test -n "$CONFIG_FILES"; then + + +ac_cr=`echo X | tr X '\015'` +# On cygwin, bash can eat \r inside `` if the user requested igncr. +# But we know of no other shell where ac_cr would be empty at this +# point, so we can use a bashism as a fallback. +if test "x$ac_cr" = x; then + eval ac_cr=\$\'\\r\' +fi +ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null` +if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then + ac_cs_awk_cr='\\r' +else + ac_cs_awk_cr=$ac_cr +fi + +echo 'BEGIN {' >"$ac_tmp/subs1.awk" && +_ACEOF + + +{ + echo "cat >conf$$subs.awk <<_ACEOF" && + echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && + echo "_ACEOF" +} >conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 +ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` +ac_delim='%!_!# ' +for ac_last_try in false false false false false :; do + . ./conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + + ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` + if test $ac_delim_n = $ac_delim_num; then + break + elif $ac_last_try; then + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done +rm -f conf$$subs.sh + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && +_ACEOF +sed -n ' +h +s/^/S["/; s/!.*/"]=/ +p +g +s/^[^!]*!// +:repl +t repl +s/'"$ac_delim"'$// +t delim +:nl +h +s/\(.\{148\}\)..*/\1/ +t more1 +s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ +p +n +b repl +:more1 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t nl +:delim +h +s/\(.\{148\}\)..*/\1/ +t more2 +s/["\\]/\\&/g; s/^/"/; s/$/"/ +p +b +:more2 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t delim +' <conf$$subs.awk | sed ' +/^[^""]/{ + N + s/\n// +} +' >>$CONFIG_STATUS || ac_write_fail=1 +rm -f conf$$subs.awk +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +_ACAWK +cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && + for (key in S) S_is_set[key] = 1 + FS = "" + +} +{ + line = $ 0 + nfields = split(line, field, "@") + substed = 0 + len = length(field[1]) + for (i = 2; i < nfields; i++) { + key = field[i] + keylen = length(key) + if (S_is_set[key]) { + value = S[key] + line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) + len += length(value) + length(field[++i]) + substed = 1 + } else + len += 1 + keylen + } + + print line +} + +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then + sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" +else + cat +fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ + || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 +_ACEOF + +# VPATH may cause trouble with some makes, so we remove sole $(srcdir), +# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and +# trailing colons and then remove the whole line if VPATH becomes empty +# (actually we leave an empty line to preserve line numbers). +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ +h +s/// +s/^/:/ +s/[ ]*$/:/ +s/:\$(srcdir):/:/g +s/:\${srcdir}:/:/g +s/:@srcdir@:/:/g +s/^:*// +s/:*$// +x +s/\(=[ ]*\).*/\1/ +G +s/\n// +s/^[^=]*=[ ]*$// +}' +fi + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +fi # test -n "$CONFIG_FILES" + +# Set up the scripts for CONFIG_HEADERS section. +# No need to generate them if there are no CONFIG_HEADERS. +# This happens for instance with `./config.status Makefile'. +if test -n "$CONFIG_HEADERS"; then +cat >"$ac_tmp/defines.awk" <<\_ACAWK || +BEGIN { +_ACEOF + +# Transform confdefs.h into an awk script `defines.awk', embedded as +# here-document in config.status, that substitutes the proper values into +# config.h.in to produce config.h. + +# Create a delimiter string that does not exist in confdefs.h, to ease +# handling of long lines. +ac_delim='%!_!# ' +for ac_last_try in false false :; do + ac_tt=`sed -n "/$ac_delim/p" confdefs.h` + if test -z "$ac_tt"; then + break + elif $ac_last_try; then + as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done + +# For the awk script, D is an array of macro values keyed by name, +# likewise P contains macro parameters if any. Preserve backslash +# newline sequences. + +ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* +sed -n ' +s/.\{148\}/&'"$ac_delim"'/g +t rset +:rset +s/^[ ]*#[ ]*define[ ][ ]*/ / +t def +d +:def +s/\\$// +t bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3"/p +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p +d +:bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3\\\\\\n"\\/p +t cont +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p +t cont +d +:cont +n +s/.\{148\}/&'"$ac_delim"'/g +t clear +:clear +s/\\$// +t bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/"/p +d +:bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p +b cont +' <confdefs.h | sed ' +s/'"$ac_delim"'/"\\\ +"/g' >>$CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + for (key in D) D_is_set[key] = 1 + FS = "" +} +/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { + line = \$ 0 + split(line, arg, " ") + if (arg[1] == "#") { + defundef = arg[2] + mac1 = arg[3] + } else { + defundef = substr(arg[1], 2) + mac1 = arg[2] + } + split(mac1, mac2, "(") #) + macro = mac2[1] + prefix = substr(line, 1, index(line, defundef) - 1) + if (D_is_set[macro]) { + # Preserve the white space surrounding the "#". + print prefix "define", macro P[macro] D[macro] + next + } else { + # Replace #undef with comments. This is necessary, for example, + # in the case of _POSIX_SOURCE, which is predefined and required + # on some systems where configure will not decide to define it. + if (defundef == "undef") { + print "/*", prefix defundef, macro, "*/" + next + } + } +} +{ print } +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 +fi # test -n "$CONFIG_HEADERS" + + +eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS" +shift +for ac_tag +do + case $ac_tag in + :[FHLC]) ac_mode=$ac_tag; continue;; + esac + case $ac_mode$ac_tag in + :[FHL]*:*);; + :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; + :[FH]-) ac_tag=-:-;; + :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; + esac + ac_save_IFS=$IFS + IFS=: + set x $ac_tag + IFS=$ac_save_IFS + shift + ac_file=$1 + shift + + case $ac_mode in + :L) ac_source=$1;; + :[FH]) + ac_file_inputs= + for ac_f + do + case $ac_f in + -) ac_f="$ac_tmp/stdin";; + *) # Look for the file first in the build tree, then in the source tree + # (if the path is not absolute). The absolute path cannot be DOS-style, + # because $ac_f cannot contain `:'. + test -f "$ac_f" || + case $ac_f in + [\\/$]*) false;; + *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; + esac || + as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; + esac + case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac + as_fn_append ac_file_inputs " '$ac_f'" + done + + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + configure_input='Generated from '` + $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' + `' by configure.' + if test x"$ac_file" != x-; then + configure_input="$ac_file. $configure_input" + { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 +$as_echo "$as_me: creating $ac_file" >&6;} + fi + # Neutralize special characters interpreted by sed in replacement strings. + case $configure_input in #( + *\&* | *\|* | *\\* ) + ac_sed_conf_input=`$as_echo "$configure_input" | + sed 's/[\\\\&|]/\\\\&/g'`;; #( + *) ac_sed_conf_input=$configure_input;; + esac + + case $ac_tag in + *:-:* | *:-) cat >"$ac_tmp/stdin" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; + esac + ;; + esac + + ac_dir=`$as_dirname -- "$ac_file" || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + as_dir="$ac_dir"; as_fn_mkdir_p + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + + case $ac_mode in + :F) + # + # CONFIG_FILE + # + + case $INSTALL in + [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; + *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; + esac + ac_MKDIR_P=$MKDIR_P + case $MKDIR_P in + [\\/$]* | ?:[\\/]* ) ;; + */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;; + esac +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# If the template does not know about datarootdir, expand it. +# FIXME: This hack should be removed a few years after 2.60. +ac_datarootdir_hack=; ac_datarootdir_seen= +ac_sed_dataroot=' +/datarootdir/ { + p + q +} +/@datadir@/p +/@docdir@/p +/@infodir@/p +/@localedir@/p +/@mandir@/p' +case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in +*datarootdir*) ac_datarootdir_seen=yes;; +*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 +$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + ac_datarootdir_hack=' + s&@datadir@&$datadir&g + s&@docdir@&$docdir&g + s&@infodir@&$infodir&g + s&@localedir@&$localedir&g + s&@mandir@&$mandir&g + s&\\\${datarootdir}&$datarootdir&g' ;; +esac +_ACEOF + +# Neutralize VPATH when `$srcdir' = `.'. +# Shell code in configure.ac might set extrasub. +# FIXME: do we really want to maintain this feature? +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_sed_extra="$ac_vpsub +$extrasub +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +:t +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +s|@configure_input@|$ac_sed_conf_input|;t t +s&@top_builddir@&$ac_top_builddir_sub&;t t +s&@top_build_prefix@&$ac_top_build_prefix&;t t +s&@srcdir@&$ac_srcdir&;t t +s&@abs_srcdir@&$ac_abs_srcdir&;t t +s&@top_srcdir@&$ac_top_srcdir&;t t +s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t +s&@builddir@&$ac_builddir&;t t +s&@abs_builddir@&$ac_abs_builddir&;t t +s&@abs_top_builddir@&$ac_abs_top_builddir&;t t +s&@INSTALL@&$ac_INSTALL&;t t +s&@MKDIR_P@&$ac_MKDIR_P&;t t +$ac_datarootdir_hack +" +eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ + >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + +test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && + { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && + { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ + "$ac_tmp/out"`; test -z "$ac_out"; } && + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&5 +$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&2;} + + rm -f "$ac_tmp/stdin" + case $ac_file in + -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; + *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; + esac \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + ;; + :H) + # + # CONFIG_HEADER + # + if test x"$ac_file" != x-; then + { + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" + } >"$ac_tmp/config.h" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then + { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 +$as_echo "$as_me: $ac_file is unchanged" >&6;} + else + rm -f "$ac_file" + mv "$ac_tmp/config.h" "$ac_file" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + fi + else + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ + || as_fn_error $? "could not create -" "$LINENO" 5 + fi +# Compute "$ac_file"'s index in $config_headers. +_am_arg="$ac_file" +_am_stamp_count=1 +for _am_header in $config_headers :; do + case $_am_header in + $_am_arg | $_am_arg:* ) + break ;; + * ) + _am_stamp_count=`expr $_am_stamp_count + 1` ;; + esac +done +echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" || +$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$_am_arg" : 'X\(//\)[^/]' \| \ + X"$_am_arg" : 'X\(//\)$' \| \ + X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$_am_arg" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'`/stamp-h$_am_stamp_count + ;; + + :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 +$as_echo "$as_me: executing $ac_file commands" >&6;} + ;; + esac + + + case $ac_file$ac_mode in + "depfiles":C) test x"$AMDEP_TRUE" != x"" || { + # Older Autoconf quotes --file arguments for eval, but not when files + # are listed without --file. Let's play safe and only enable the eval + # if we detect the quoting. + case $CONFIG_FILES in + *\'*) eval set x "$CONFIG_FILES" ;; + *) set x $CONFIG_FILES ;; + esac + shift + for mf + do + # Strip MF so we end up with the name of the file. + mf=`echo "$mf" | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile or not. + # We used to match only the files named 'Makefile.in', but + # some people rename them; so instead we look at the file content. + # Grep'ing the first line is not enough: some people post-process + # each Makefile.in and add a new line on top of each file to say so. + # Grep'ing the whole file is not good either: AIX grep has a line + # limit of 2048, but all sed's we know have understand at least 4000. + if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then + dirpart=`$as_dirname -- "$mf" || +$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$mf" : 'X\(//\)[^/]' \| \ + X"$mf" : 'X\(//\)$' \| \ + X"$mf" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$mf" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + else + continue + fi + # Extract the definition of DEPDIR, am__include, and am__quote + # from the Makefile without running 'make'. + DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` + test -z "$DEPDIR" && continue + am__include=`sed -n 's/^am__include = //p' < "$mf"` + test -z "$am__include" && continue + am__quote=`sed -n 's/^am__quote = //p' < "$mf"` + # Find all dependency output files, they are included files with + # $(DEPDIR) in their names. We invoke sed twice because it is the + # simplest approach to changing $(DEPDIR) to its actual value in the + # expansion. + for file in `sed -n " + s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ + sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do + # Make sure the directory exists. + test -f "$dirpart/$file" && continue + fdir=`$as_dirname -- "$file" || +$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$file" : 'X\(//\)[^/]' \| \ + X"$file" : 'X\(//\)$' \| \ + X"$file" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + as_dir=$dirpart/$fdir; as_fn_mkdir_p + # echo "creating $dirpart/$file" + echo '# dummy' > "$dirpart/$file" + done + done +} + ;; + + esac +done # for ac_tag + + +as_fn_exit 0 +_ACEOF +ac_clean_files=$ac_clean_files_save + +test $ac_write_fail = 0 || + as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 + + +# configure is writing to config.log, and then calls config.status. +# config.status does its own redirection, appending to config.log. +# Unfortunately, on DOS this fails, as config.log is still kept open +# by configure, so config.status won't be able to write to it; its +# output is simply discarded. So we exec the FD to /dev/null, +# effectively closing config.log, so it can be properly (re)opened and +# appended to by config.status. When coming back to configure, we +# need to make the FD available again. +if test "$no_create" != yes; then + ac_cs_success=: + ac_config_status_args= + test "$silent" = yes && + ac_config_status_args="$ac_config_status_args --quiet" + exec 5>/dev/null + $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false + exec 5>>config.log + # Use ||, not &&, to avoid exiting from the if with $? = 1, which + # would make configure fail if this is the last instruction. + $ac_cs_success || as_fn_exit 1 +fi +if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 +$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} +fi + diff --git a/tools/configure.ac b/tools/configure.ac new file mode 100644 index 0000000..d98628d --- /dev/null +++ b/tools/configure.ac @@ -0,0 +1,88 @@ +# -*- Autoconf -*- +# Process this file with autoconf to produce a configure script. + +AC_PREREQ([2.50]) +AC_INIT(mod_qos, 9.0, pbuchbinder@users.sourceforge.net) +AC_CONFIG_SRCDIR([src/qscheck.c]) +AM_INIT_AUTOMAKE +AM_CONFIG_HEADER([config.h]) + +# Checks for programs. +AC_PROG_CC + +# Checks for libraries. + +# Checks for header files. +AC_CHECK_HEADERS([fcntl.h netdb.h stdlib.h string.h strings.h sys/socket.h unistd.h]) + +# Checks for typedefs, structures, and compiler characteristics. +AC_TYPE_PID_T +AC_TYPE_UID_T + +# Checks for library functions. +AC_FUNC_FORK +AC_FUNC_MALLOC +AC_CHECK_FUNCS([ftruncate gethostbyname memset regcomp select socket strchr strerror strrchr strstr]) + +# START customize settings +AC_ARG_ENABLE([use-static], AS_HELP_STRING(--enable-use-static,Try to use archives instead of shared libraries)) +AC_ARG_ENABLE([full-static], AS_HELP_STRING(--enable-full-static,Try to compile a statical linked executable)) +AC_ARG_ENABLE([ssl], AS_HELP_STRING(--disable-ssl,Disable ssl support (not supported yet))) + +AC_ARG_WITH(apr,AS_HELP_STRING(--with-apr=PATH,path to apr-1-config script), + [if test ! -x $withval/apr-1-config; then AC_MSG_ERROR($withval/apr-1-config do not exist or is not executable); else APR_CONFIG="$withval/apr-1-config"; fi], + [APR_CONFIG="apr-1-config"]) +AC_ARG_WITH(apr-util,AS_HELP_STRING(--with-apr-util=PATH,path to apu-1-config script), + [if test ! -x $withval/apu-1-config; then AC_MSG_ERROR($withval/apu-1-config do not exist or is not executable); else APU_CONFIG="$withval/apu-1-config"; fi], + [APU_CONFIG="apu-1-config"]) +AC_ARG_WITH(pcre2,AS_HELP_STRING(--with-pcre2=PATH,path to pcre2-config script), + [if test ! -x $withval/pcre2-config; then AC_MSG_ERROR($withval/pcre2-config do not exist or is not executable); else PCRE2_CONFIG="$withval/pcre2-config"; fi], + [PCRE2_CONFIG="pcre2-config"]) +AC_ARG_WITH(png,AS_HELP_STRING(--with-png=PATH,path to libpng-config script), + [if test ! -x $withval/libpng-config; then AC_MSG_ERROR($withval/libpng-config do not exist or is not executable); else PNG_CONFIG="$withval/libpng-config"; fi], + [PNG_CONFIG="libpng-config"]) +AC_ARG_WITH(ssl,AS_HELP_STRING(--with-ssl=PATH,path to openssl source), + [if test ! -d $withval; then AC_MSG_ERROR($withval is not a directory); else OPENSSL_LIB_PATH="-L${withval}"; OPENSSL_INCLUDES="-I${withval}/include"; fi], + [OPENSSL_LIB_PATH=""; OPENSSL_INCLUDES=""]) + +APR_VERSION=`$APR_CONFIG --version` +if test ! "$?" = "0"; then + echo "libapr is missing, use --with-apr=PATH" + exit -1 +fi +APU_VERSION=`$APU_CONFIG --version` +if test ! "$?" = "0"; then + echo "libaprutil is missing, use --with-apr-util=PATH" + exit -1 +fi +PCRE2_VERSION=`$PCRE2_CONFIG --version` +if test ! "$?" = "0"; then + echo "libpcre2 is missing, use --with-pcre2=PATH to specify the location of your pcre2 library" + exit -1 +fi +PNG_VERSION=`$PNG_CONFIG --version` +if test ! "$?" = "0"; then + echo "libpng is missing, use --with-png=PATH to specify the location of your png library" + #exit -1 +fi + +# Store settings for includes, libs and flags +INCLUDES="`$APR_CONFIG --includes` `$APU_CONFIG --includes` $OPENSSL_INCLUDES" +CFLAGS="`$APR_CONFIG --cflags` `$PCRE2_CONFIG --cflags` `$PNG_CONFIG --cflags` $CFLAGS $INCLUDES" +CPPFLAGS="`$APR_CONFIG --cppflags` $CPPFLAGS" +LIBS="$OPENSSL_LIB_PATH -lssl -lcrypto `$APR_CONFIG --link-ld` `$APU_CONFIG --link-ld` `$APR_CONFIG --libs` `$APU_CONFIG --libs` `$PCRE2_CONFIG --libs8` `$PNG_CONFIG --libs` -lz" + +# if link static +if test "$enable_full_static" = "yes"; then + LDFLAGS="-all-static" +fi + +# if link static +if test "$enable_use_static" = "yes"; then + LDFLAGS="-static" +fi +# END customize settings + +AC_CONFIG_FILES([Makefile + src/Makefile]) +AC_OUTPUT diff --git a/tools/depcomp b/tools/depcomp new file mode 100755 index 0000000..fc98710 --- /dev/null +++ b/tools/depcomp @@ -0,0 +1,791 @@ +#! /bin/sh +# depcomp - compile a program generating dependencies as side-effects + +scriptversion=2013-05-30.07; # UTC + +# Copyright (C) 1999-2014 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Originally written by Alexandre Oliva <oliva@dcc.unicamp.br>. + +case $1 in + '') + echo "$0: No command. Try '$0 --help' for more information." 1>&2 + exit 1; + ;; + -h | --h*) + cat <<\EOF +Usage: depcomp [--help] [--version] PROGRAM [ARGS] + +Run PROGRAMS ARGS to compile a file, generating dependencies +as side-effects. + +Environment variables: + depmode Dependency tracking mode. + source Source file read by 'PROGRAMS ARGS'. + object Object file output by 'PROGRAMS ARGS'. + DEPDIR directory where to store dependencies. + depfile Dependency file to output. + tmpdepfile Temporary file to use when outputting dependencies. + libtool Whether libtool is used (yes/no). + +Report bugs to <bug-automake@gnu.org>. +EOF + exit $? + ;; + -v | --v*) + echo "depcomp $scriptversion" + exit $? + ;; +esac + +# Get the directory component of the given path, and save it in the +# global variables '$dir'. Note that this directory component will +# be either empty or ending with a '/' character. This is deliberate. +set_dir_from () +{ + case $1 in + */*) dir=`echo "$1" | sed -e 's|/[^/]*$|/|'`;; + *) dir=;; + esac +} + +# Get the suffix-stripped basename of the given path, and save it the +# global variable '$base'. +set_base_from () +{ + base=`echo "$1" | sed -e 's|^.*/||' -e 's/\.[^.]*$//'` +} + +# If no dependency file was actually created by the compiler invocation, +# we still have to create a dummy depfile, to avoid errors with the +# Makefile "include basename.Plo" scheme. +make_dummy_depfile () +{ + echo "#dummy" > "$depfile" +} + +# Factor out some common post-processing of the generated depfile. +# Requires the auxiliary global variable '$tmpdepfile' to be set. +aix_post_process_depfile () +{ + # If the compiler actually managed to produce a dependency file, + # post-process it. + if test -f "$tmpdepfile"; then + # Each line is of the form 'foo.o: dependency.h'. + # Do two passes, one to just change these to + # $object: dependency.h + # and one to simply output + # dependency.h: + # which is needed to avoid the deleted-header problem. + { sed -e "s,^.*\.[$lower]*:,$object:," < "$tmpdepfile" + sed -e "s,^.*\.[$lower]*:[$tab ]*,," -e 's,$,:,' < "$tmpdepfile" + } > "$depfile" + rm -f "$tmpdepfile" + else + make_dummy_depfile + fi +} + +# A tabulation character. +tab=' ' +# A newline character. +nl=' +' +# Character ranges might be problematic outside the C locale. +# These definitions help. +upper=ABCDEFGHIJKLMNOPQRSTUVWXYZ +lower=abcdefghijklmnopqrstuvwxyz +digits=0123456789 +alpha=${upper}${lower} + +if test -z "$depmode" || test -z "$source" || test -z "$object"; then + echo "depcomp: Variables source, object and depmode must be set" 1>&2 + exit 1 +fi + +# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po. +depfile=${depfile-`echo "$object" | + sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`} +tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`} + +rm -f "$tmpdepfile" + +# Avoid interferences from the environment. +gccflag= dashmflag= + +# Some modes work just like other modes, but use different flags. We +# parameterize here, but still list the modes in the big case below, +# to make depend.m4 easier to write. Note that we *cannot* use a case +# here, because this file can only contain one case statement. +if test "$depmode" = hp; then + # HP compiler uses -M and no extra arg. + gccflag=-M + depmode=gcc +fi + +if test "$depmode" = dashXmstdout; then + # This is just like dashmstdout with a different argument. + dashmflag=-xM + depmode=dashmstdout +fi + +cygpath_u="cygpath -u -f -" +if test "$depmode" = msvcmsys; then + # This is just like msvisualcpp but w/o cygpath translation. + # Just convert the backslash-escaped backslashes to single forward + # slashes to satisfy depend.m4 + cygpath_u='sed s,\\\\,/,g' + depmode=msvisualcpp +fi + +if test "$depmode" = msvc7msys; then + # This is just like msvc7 but w/o cygpath translation. + # Just convert the backslash-escaped backslashes to single forward + # slashes to satisfy depend.m4 + cygpath_u='sed s,\\\\,/,g' + depmode=msvc7 +fi + +if test "$depmode" = xlc; then + # IBM C/C++ Compilers xlc/xlC can output gcc-like dependency information. + gccflag=-qmakedep=gcc,-MF + depmode=gcc +fi + +case "$depmode" in +gcc3) +## gcc 3 implements dependency tracking that does exactly what +## we want. Yay! Note: for some reason libtool 1.4 doesn't like +## it if -MD -MP comes after the -MF stuff. Hmm. +## Unfortunately, FreeBSD c89 acceptance of flags depends upon +## the command line argument order; so add the flags where they +## appear in depend2.am. Note that the slowdown incurred here +## affects only configure: in makefiles, %FASTDEP% shortcuts this. + for arg + do + case $arg in + -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;; + *) set fnord "$@" "$arg" ;; + esac + shift # fnord + shift # $arg + done + "$@" + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + mv "$tmpdepfile" "$depfile" + ;; + +gcc) +## Note that this doesn't just cater to obsosete pre-3.x GCC compilers. +## but also to in-use compilers like IMB xlc/xlC and the HP C compiler. +## (see the conditional assignment to $gccflag above). +## There are various ways to get dependency output from gcc. Here's +## why we pick this rather obscure method: +## - Don't want to use -MD because we'd like the dependencies to end +## up in a subdir. Having to rename by hand is ugly. +## (We might end up doing this anyway to support other compilers.) +## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like +## -MM, not -M (despite what the docs say). Also, it might not be +## supported by the other compilers which use the 'gcc' depmode. +## - Using -M directly means running the compiler twice (even worse +## than renaming). + if test -z "$gccflag"; then + gccflag=-MD, + fi + "$@" -Wp,"$gccflag$tmpdepfile" + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + echo "$object : \\" > "$depfile" + # The second -e expression handles DOS-style file names with drive + # letters. + sed -e 's/^[^:]*: / /' \ + -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile" +## This next piece of magic avoids the "deleted header file" problem. +## The problem is that when a header file which appears in a .P file +## is deleted, the dependency causes make to die (because there is +## typically no way to rebuild the header). We avoid this by adding +## dummy dependencies for each header file. Too bad gcc doesn't do +## this for us directly. +## Some versions of gcc put a space before the ':'. On the theory +## that the space means something, we add a space to the output as +## well. hp depmode also adds that space, but also prefixes the VPATH +## to the object. Take care to not repeat it in the output. +## Some versions of the HPUX 10.20 sed can't process this invocation +## correctly. Breaking it into two sed invocations is a workaround. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \ + | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +hp) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +sgi) + if test "$libtool" = yes; then + "$@" "-Wp,-MDupdate,$tmpdepfile" + else + "$@" -MDupdate "$tmpdepfile" + fi + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + + if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files + echo "$object : \\" > "$depfile" + # Clip off the initial element (the dependent). Don't try to be + # clever and replace this with sed code, as IRIX sed won't handle + # lines with more than a fixed number of characters (4096 in + # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines; + # the IRIX cc adds comments like '#:fec' to the end of the + # dependency line. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' \ + | tr "$nl" ' ' >> "$depfile" + echo >> "$depfile" + # The second pass generates a dummy entry for each header file. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \ + >> "$depfile" + else + make_dummy_depfile + fi + rm -f "$tmpdepfile" + ;; + +xlc) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +aix) + # The C for AIX Compiler uses -M and outputs the dependencies + # in a .u file. In older versions, this file always lives in the + # current directory. Also, the AIX compiler puts '$object:' at the + # start of each line; $object doesn't have directory information. + # Version 6 uses the directory in both cases. + set_dir_from "$object" + set_base_from "$object" + if test "$libtool" = yes; then + tmpdepfile1=$dir$base.u + tmpdepfile2=$base.u + tmpdepfile3=$dir.libs/$base.u + "$@" -Wc,-M + else + tmpdepfile1=$dir$base.u + tmpdepfile2=$dir$base.u + tmpdepfile3=$dir$base.u + "$@" -M + fi + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + do + test -f "$tmpdepfile" && break + done + aix_post_process_depfile + ;; + +tcc) + # tcc (Tiny C Compiler) understand '-MD -MF file' since version 0.9.26 + # FIXME: That version still under development at the moment of writing. + # Make that this statement remains true also for stable, released + # versions. + # It will wrap lines (doesn't matter whether long or short) with a + # trailing '\', as in: + # + # foo.o : \ + # foo.c \ + # foo.h \ + # + # It will put a trailing '\' even on the last line, and will use leading + # spaces rather than leading tabs (at least since its commit 0394caf7 + # "Emit spaces for -MD"). + "$@" -MD -MF "$tmpdepfile" + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + # Each non-empty line is of the form 'foo.o : \' or ' dep.h \'. + # We have to change lines of the first kind to '$object: \'. + sed -e "s|.*:|$object :|" < "$tmpdepfile" > "$depfile" + # And for each line of the second kind, we have to emit a 'dep.h:' + # dummy dependency, to avoid the deleted-header problem. + sed -n -e 's|^ *\(.*\) *\\$|\1:|p' < "$tmpdepfile" >> "$depfile" + rm -f "$tmpdepfile" + ;; + +## The order of this option in the case statement is important, since the +## shell code in configure will try each of these formats in the order +## listed in this file. A plain '-MD' option would be understood by many +## compilers, so we must ensure this comes after the gcc and icc options. +pgcc) + # Portland's C compiler understands '-MD'. + # Will always output deps to 'file.d' where file is the root name of the + # source file under compilation, even if file resides in a subdirectory. + # The object file name does not affect the name of the '.d' file. + # pgcc 10.2 will output + # foo.o: sub/foo.c sub/foo.h + # and will wrap long lines using '\' : + # foo.o: sub/foo.c ... \ + # sub/foo.h ... \ + # ... + set_dir_from "$object" + # Use the source, not the object, to determine the base name, since + # that's sadly what pgcc will do too. + set_base_from "$source" + tmpdepfile=$base.d + + # For projects that build the same source file twice into different object + # files, the pgcc approach of using the *source* file root name can cause + # problems in parallel builds. Use a locking strategy to avoid stomping on + # the same $tmpdepfile. + lockdir=$base.d-lock + trap " + echo '$0: caught signal, cleaning up...' >&2 + rmdir '$lockdir' + exit 1 + " 1 2 13 15 + numtries=100 + i=$numtries + while test $i -gt 0; do + # mkdir is a portable test-and-set. + if mkdir "$lockdir" 2>/dev/null; then + # This process acquired the lock. + "$@" -MD + stat=$? + # Release the lock. + rmdir "$lockdir" + break + else + # If the lock is being held by a different process, wait + # until the winning process is done or we timeout. + while test -d "$lockdir" && test $i -gt 0; do + sleep 1 + i=`expr $i - 1` + done + fi + i=`expr $i - 1` + done + trap - 1 2 13 15 + if test $i -le 0; then + echo "$0: failed to acquire lock after $numtries attempts" >&2 + echo "$0: check lockdir '$lockdir'" >&2 + exit 1 + fi + + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + # Each line is of the form `foo.o: dependent.h', + # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'. + # Do two passes, one to just change these to + # `$object: dependent.h' and one to simply `dependent.h:'. + sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile" + # Some versions of the HPUX 10.20 sed can't process this invocation + # correctly. Breaking it into two sed invocations is a workaround. + sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" \ + | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +hp2) + # The "hp" stanza above does not work with aCC (C++) and HP's ia64 + # compilers, which have integrated preprocessors. The correct option + # to use with these is +Maked; it writes dependencies to a file named + # 'foo.d', which lands next to the object file, wherever that + # happens to be. + # Much of this is similar to the tru64 case; see comments there. + set_dir_from "$object" + set_base_from "$object" + if test "$libtool" = yes; then + tmpdepfile1=$dir$base.d + tmpdepfile2=$dir.libs/$base.d + "$@" -Wc,+Maked + else + tmpdepfile1=$dir$base.d + tmpdepfile2=$dir$base.d + "$@" +Maked + fi + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile1" "$tmpdepfile2" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" + do + test -f "$tmpdepfile" && break + done + if test -f "$tmpdepfile"; then + sed -e "s,^.*\.[$lower]*:,$object:," "$tmpdepfile" > "$depfile" + # Add 'dependent.h:' lines. + sed -ne '2,${ + s/^ *// + s/ \\*$// + s/$/:/ + p + }' "$tmpdepfile" >> "$depfile" + else + make_dummy_depfile + fi + rm -f "$tmpdepfile" "$tmpdepfile2" + ;; + +tru64) + # The Tru64 compiler uses -MD to generate dependencies as a side + # effect. 'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'. + # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put + # dependencies in 'foo.d' instead, so we check for that too. + # Subdirectories are respected. + set_dir_from "$object" + set_base_from "$object" + + if test "$libtool" = yes; then + # Libtool generates 2 separate objects for the 2 libraries. These + # two compilations output dependencies in $dir.libs/$base.o.d and + # in $dir$base.o.d. We have to check for both files, because + # one of the two compilations can be disabled. We should prefer + # $dir$base.o.d over $dir.libs/$base.o.d because the latter is + # automatically cleaned when .libs/ is deleted, while ignoring + # the former would cause a distcleancheck panic. + tmpdepfile1=$dir$base.o.d # libtool 1.5 + tmpdepfile2=$dir.libs/$base.o.d # Likewise. + tmpdepfile3=$dir.libs/$base.d # Compaq CCC V6.2-504 + "$@" -Wc,-MD + else + tmpdepfile1=$dir$base.d + tmpdepfile2=$dir$base.d + tmpdepfile3=$dir$base.d + "$@" -MD + fi + + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + do + test -f "$tmpdepfile" && break + done + # Same post-processing that is required for AIX mode. + aix_post_process_depfile + ;; + +msvc7) + if test "$libtool" = yes; then + showIncludes=-Wc,-showIncludes + else + showIncludes=-showIncludes + fi + "$@" $showIncludes > "$tmpdepfile" + stat=$? + grep -v '^Note: including file: ' "$tmpdepfile" + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + echo "$object : \\" > "$depfile" + # The first sed program below extracts the file names and escapes + # backslashes for cygpath. The second sed program outputs the file + # name when reading, but also accumulates all include files in the + # hold buffer in order to output them again at the end. This only + # works with sed implementations that can handle large buffers. + sed < "$tmpdepfile" -n ' +/^Note: including file: *\(.*\)/ { + s//\1/ + s/\\/\\\\/g + p +}' | $cygpath_u | sort -u | sed -n ' +s/ /\\ /g +s/\(.*\)/'"$tab"'\1 \\/p +s/.\(.*\) \\/\1:/ +H +$ { + s/.*/'"$tab"'/ + G + p +}' >> "$depfile" + echo >> "$depfile" # make sure the fragment doesn't end with a backslash + rm -f "$tmpdepfile" + ;; + +msvc7msys) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +#nosideeffect) + # This comment above is used by automake to tell side-effect + # dependency tracking mechanisms from slower ones. + +dashmstdout) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout, regardless of -o. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + + # Remove '-o $object'. + IFS=" " + for arg + do + case $arg in + -o) + shift + ;; + $object) + shift + ;; + *) + set fnord "$@" "$arg" + shift # fnord + shift # $arg + ;; + esac + done + + test -z "$dashmflag" && dashmflag=-M + # Require at least two characters before searching for ':' + # in the target name. This is to cope with DOS-style filenames: + # a dependency such as 'c:/foo/bar' could be seen as target 'c' otherwise. + "$@" $dashmflag | + sed "s|^[$tab ]*[^:$tab ][^:][^:]*:[$tab ]*|$object: |" > "$tmpdepfile" + rm -f "$depfile" + cat < "$tmpdepfile" > "$depfile" + # Some versions of the HPUX 10.20 sed can't process this sed invocation + # correctly. Breaking it into two sed invocations is a workaround. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \ + | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +dashXmstdout) + # This case only exists to satisfy depend.m4. It is never actually + # run, as this mode is specially recognized in the preamble. + exit 1 + ;; + +makedepend) + "$@" || exit $? + # Remove any Libtool call + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + # X makedepend + shift + cleared=no eat=no + for arg + do + case $cleared in + no) + set ""; shift + cleared=yes ;; + esac + if test $eat = yes; then + eat=no + continue + fi + case "$arg" in + -D*|-I*) + set fnord "$@" "$arg"; shift ;; + # Strip any option that makedepend may not understand. Remove + # the object too, otherwise makedepend will parse it as a source file. + -arch) + eat=yes ;; + -*|$object) + ;; + *) + set fnord "$@" "$arg"; shift ;; + esac + done + obj_suffix=`echo "$object" | sed 's/^.*\././'` + touch "$tmpdepfile" + ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@" + rm -f "$depfile" + # makedepend may prepend the VPATH from the source file name to the object. + # No need to regex-escape $object, excess matching of '.' is harmless. + sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile" + # Some versions of the HPUX 10.20 sed can't process the last invocation + # correctly. Breaking it into two sed invocations is a workaround. + sed '1,2d' "$tmpdepfile" \ + | tr ' ' "$nl" \ + | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \ + | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" "$tmpdepfile".bak + ;; + +cpp) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + + # Remove '-o $object'. + IFS=" " + for arg + do + case $arg in + -o) + shift + ;; + $object) + shift + ;; + *) + set fnord "$@" "$arg" + shift # fnord + shift # $arg + ;; + esac + done + + "$@" -E \ + | sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \ + -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \ + | sed '$ s: \\$::' > "$tmpdepfile" + rm -f "$depfile" + echo "$object : \\" > "$depfile" + cat < "$tmpdepfile" >> "$depfile" + sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +msvisualcpp) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + + IFS=" " + for arg + do + case "$arg" in + -o) + shift + ;; + $object) + shift + ;; + "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI") + set fnord "$@" + shift + shift + ;; + *) + set fnord "$@" "$arg" + shift + shift + ;; + esac + done + "$@" -E 2>/dev/null | + sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile" + rm -f "$depfile" + echo "$object : \\" > "$depfile" + sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::'"$tab"'\1 \\:p' >> "$depfile" + echo "$tab" >> "$depfile" + sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +msvcmsys) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +none) + exec "$@" + ;; + +*) + echo "Unknown depmode $depmode" 1>&2 + exit 1 + ;; +esac + +exit 0 + +# Local Variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" +# End: diff --git a/tools/install-sh b/tools/install-sh new file mode 100755 index 0000000..59990a1 --- /dev/null +++ b/tools/install-sh @@ -0,0 +1,508 @@ +#!/bin/sh +# install - install a program, script, or datafile + +scriptversion=2014-09-12.12; # UTC + +# This originates from X11R5 (mit/util/scripts/install.sh), which was +# later released in X11R6 (xc/config/util/install.sh) with the +# following copyright and license. +# +# Copyright (C) 1994 X Consortium +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- +# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +# +# Except as contained in this notice, the name of the X Consortium shall not +# be used in advertising or otherwise to promote the sale, use or other deal- +# ings in this Software without prior written authorization from the X Consor- +# tium. +# +# +# FSF changes to this file are in the public domain. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# 'make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. + +tab=' ' +nl=' +' +IFS=" $tab$nl" + +# Set DOITPROG to "echo" to test this script. + +doit=${DOITPROG-} +doit_exec=${doit:-exec} + +# Put in absolute file names if you don't have them in your path; +# or use environment vars. + +chgrpprog=${CHGRPPROG-chgrp} +chmodprog=${CHMODPROG-chmod} +chownprog=${CHOWNPROG-chown} +cmpprog=${CMPPROG-cmp} +cpprog=${CPPROG-cp} +mkdirprog=${MKDIRPROG-mkdir} +mvprog=${MVPROG-mv} +rmprog=${RMPROG-rm} +stripprog=${STRIPPROG-strip} + +posix_mkdir= + +# Desired mode of installed file. +mode=0755 + +chgrpcmd= +chmodcmd=$chmodprog +chowncmd= +mvcmd=$mvprog +rmcmd="$rmprog -f" +stripcmd= + +src= +dst= +dir_arg= +dst_arg= + +copy_on_change=false +is_target_a_directory=possibly + +usage="\ +Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE + or: $0 [OPTION]... SRCFILES... DIRECTORY + or: $0 [OPTION]... -t DIRECTORY SRCFILES... + or: $0 [OPTION]... -d DIRECTORIES... + +In the 1st form, copy SRCFILE to DSTFILE. +In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. +In the 4th, create DIRECTORIES. + +Options: + --help display this help and exit. + --version display version info and exit. + + -c (ignored) + -C install only if different (preserve the last data modification time) + -d create directories instead of installing files. + -g GROUP $chgrpprog installed files to GROUP. + -m MODE $chmodprog installed files to MODE. + -o USER $chownprog installed files to USER. + -s $stripprog installed files. + -t DIRECTORY install into DIRECTORY. + -T report an error if DSTFILE is a directory. + +Environment variables override the default commands: + CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG + RMPROG STRIPPROG +" + +while test $# -ne 0; do + case $1 in + -c) ;; + + -C) copy_on_change=true;; + + -d) dir_arg=true;; + + -g) chgrpcmd="$chgrpprog $2" + shift;; + + --help) echo "$usage"; exit $?;; + + -m) mode=$2 + case $mode in + *' '* | *"$tab"* | *"$nl"* | *'*'* | *'?'* | *'['*) + echo "$0: invalid mode: $mode" >&2 + exit 1;; + esac + shift;; + + -o) chowncmd="$chownprog $2" + shift;; + + -s) stripcmd=$stripprog;; + + -t) + is_target_a_directory=always + dst_arg=$2 + # Protect names problematic for 'test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac + shift;; + + -T) is_target_a_directory=never;; + + --version) echo "$0 $scriptversion"; exit $?;; + + --) shift + break;; + + -*) echo "$0: invalid option: $1" >&2 + exit 1;; + + *) break;; + esac + shift +done + +# We allow the use of options -d and -T together, by making -d +# take the precedence; this is for compatibility with GNU install. + +if test -n "$dir_arg"; then + if test -n "$dst_arg"; then + echo "$0: target directory not allowed when installing a directory." >&2 + exit 1 + fi +fi + +if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then + # When -d is used, all remaining arguments are directories to create. + # When -t is used, the destination is already specified. + # Otherwise, the last argument is the destination. Remove it from $@. + for arg + do + if test -n "$dst_arg"; then + # $@ is not empty: it contains at least $arg. + set fnord "$@" "$dst_arg" + shift # fnord + fi + shift # arg + dst_arg=$arg + # Protect names problematic for 'test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac + done +fi + +if test $# -eq 0; then + if test -z "$dir_arg"; then + echo "$0: no input file specified." >&2 + exit 1 + fi + # It's OK to call 'install-sh -d' without argument. + # This can happen when creating conditional directories. + exit 0 +fi + +if test -z "$dir_arg"; then + if test $# -gt 1 || test "$is_target_a_directory" = always; then + if test ! -d "$dst_arg"; then + echo "$0: $dst_arg: Is not a directory." >&2 + exit 1 + fi + fi +fi + +if test -z "$dir_arg"; then + do_exit='(exit $ret); exit $ret' + trap "ret=129; $do_exit" 1 + trap "ret=130; $do_exit" 2 + trap "ret=141; $do_exit" 13 + trap "ret=143; $do_exit" 15 + + # Set umask so as not to create temps with too-generous modes. + # However, 'strip' requires both read and write access to temps. + case $mode in + # Optimize common cases. + *644) cp_umask=133;; + *755) cp_umask=22;; + + *[0-7]) + if test -z "$stripcmd"; then + u_plus_rw= + else + u_plus_rw='% 200' + fi + cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;; + *) + if test -z "$stripcmd"; then + u_plus_rw= + else + u_plus_rw=,u+rw + fi + cp_umask=$mode$u_plus_rw;; + esac +fi + +for src +do + # Protect names problematic for 'test' and other utilities. + case $src in + -* | [=\(\)!]) src=./$src;; + esac + + if test -n "$dir_arg"; then + dst=$src + dstdir=$dst + test -d "$dstdir" + dstdir_status=$? + else + + # Waiting for this to be detected by the "$cpprog $src $dsttmp" command + # might cause directories to be created, which would be especially bad + # if $src (and thus $dsttmp) contains '*'. + if test ! -f "$src" && test ! -d "$src"; then + echo "$0: $src does not exist." >&2 + exit 1 + fi + + if test -z "$dst_arg"; then + echo "$0: no destination specified." >&2 + exit 1 + fi + dst=$dst_arg + + # If destination is a directory, append the input filename; won't work + # if double slashes aren't ignored. + if test -d "$dst"; then + if test "$is_target_a_directory" = never; then + echo "$0: $dst_arg: Is a directory" >&2 + exit 1 + fi + dstdir=$dst + dst=$dstdir/`basename "$src"` + dstdir_status=0 + else + dstdir=`dirname "$dst"` + test -d "$dstdir" + dstdir_status=$? + fi + fi + + obsolete_mkdir_used=false + + if test $dstdir_status != 0; then + case $posix_mkdir in + '') + # Create intermediate dirs using mode 755 as modified by the umask. + # This is like FreeBSD 'install' as of 1997-10-28. + umask=`umask` + case $stripcmd.$umask in + # Optimize common cases. + *[2367][2367]) mkdir_umask=$umask;; + .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; + + *[0-7]) + mkdir_umask=`expr $umask + 22 \ + - $umask % 100 % 40 + $umask % 20 \ + - $umask % 10 % 4 + $umask % 2 + `;; + *) mkdir_umask=$umask,go-w;; + esac + + # With -d, create the new directory with the user-specified mode. + # Otherwise, rely on $mkdir_umask. + if test -n "$dir_arg"; then + mkdir_mode=-m$mode + else + mkdir_mode= + fi + + posix_mkdir=false + case $umask in + *[123567][0-7][0-7]) + # POSIX mkdir -p sets u+wx bits regardless of umask, which + # is incompatible with FreeBSD 'install' when (umask & 300) != 0. + ;; + *) + # $RANDOM is not portable (e.g. dash); use it when possible to + # lower collision chance + tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ + trap 'ret=$?; rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null; exit $ret' 0 + + # As "mkdir -p" follows symlinks and we work in /tmp possibly; so + # create the $tmpdir first (and fail if unsuccessful) to make sure + # that nobody tries to guess the $tmpdir name. + if (umask $mkdir_umask && + $mkdirprog $mkdir_mode "$tmpdir" && + exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1 + then + if test -z "$dir_arg" || { + # Check for POSIX incompatibilities with -m. + # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or + # other-writable bit of parent directory when it shouldn't. + # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. + test_tmpdir="$tmpdir/a" + ls_ld_tmpdir=`ls -ld "$test_tmpdir"` + case $ls_ld_tmpdir in + d????-?r-*) different_mode=700;; + d????-?--*) different_mode=755;; + *) false;; + esac && + $mkdirprog -m$different_mode -p -- "$test_tmpdir" && { + ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"` + test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" + } + } + then posix_mkdir=: + fi + rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" + else + # Remove any dirs left behind by ancient mkdir implementations. + rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null + fi + trap '' 0;; + esac;; + esac + + if + $posix_mkdir && ( + umask $mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" + ) + then : + else + + # The umask is ridiculous, or mkdir does not conform to POSIX, + # or it failed possibly due to a race condition. Create the + # directory the slow way, step by step, checking for races as we go. + + case $dstdir in + /*) prefix='/';; + [-=\(\)!]*) prefix='./';; + *) prefix='';; + esac + + oIFS=$IFS + IFS=/ + set -f + set fnord $dstdir + shift + set +f + IFS=$oIFS + + prefixes= + + for d + do + test X"$d" = X && continue + + prefix=$prefix$d + if test -d "$prefix"; then + prefixes= + else + if $posix_mkdir; then + (umask=$mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break + # Don't fail if two instances are running concurrently. + test -d "$prefix" || exit 1 + else + case $prefix in + *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; + *) qprefix=$prefix;; + esac + prefixes="$prefixes '$qprefix'" + fi + fi + prefix=$prefix/ + done + + if test -n "$prefixes"; then + # Don't fail if two instances are running concurrently. + (umask $mkdir_umask && + eval "\$doit_exec \$mkdirprog $prefixes") || + test -d "$dstdir" || exit 1 + obsolete_mkdir_used=true + fi + fi + fi + + if test -n "$dir_arg"; then + { test -z "$chowncmd" || $doit $chowncmd "$dst"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } && + { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false || + test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1 + else + + # Make a couple of temp file names in the proper directory. + dsttmp=$dstdir/_inst.$$_ + rmtmp=$dstdir/_rm.$$_ + + # Trap to clean up those temp files at exit. + trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 + + # Copy the file name to the temp name. + (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && + + # and set any options; do chmod last to preserve setuid bits. + # + # If any of these fail, we abort the whole thing. If we want to + # ignore errors from any of these, just make sure not to ignore + # errors from the above "$doit $cpprog $src $dsttmp" command. + # + { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } && + { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } && + { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && + + # If -C, don't bother to copy if it wouldn't change the file. + if $copy_on_change && + old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && + new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && + set -f && + set X $old && old=:$2:$4:$5:$6 && + set X $new && new=:$2:$4:$5:$6 && + set +f && + test "$old" = "$new" && + $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 + then + rm -f "$dsttmp" + else + # Rename the file to the real destination. + $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || + + # The rename failed, perhaps because mv can't rename something else + # to itself, or perhaps because mv is so ancient that it does not + # support -f. + { + # Now remove or move aside any old file at destination location. + # We try this two ways since rm can't unlink itself on some + # systems and the destination file might be busy for other + # reasons. In this case, the final cleanup might fail but the new + # file should still install successfully. + { + test ! -f "$dst" || + $doit $rmcmd -f "$dst" 2>/dev/null || + { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && + { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } + } || + { echo "$0: cannot unlink or rename $dst" >&2 + (exit 1); exit 1 + } + } && + + # Now rename the file to the real destination. + $doit $mvcmd "$dsttmp" "$dst" + } + fi || exit 1 + + trap '' 0 + fi +done + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" +# End: diff --git a/tools/man1/mod_qos.1 b/tools/man1/mod_qos.1 new file mode 100644 index 0000000..7095625 --- /dev/null +++ b/tools/man1/mod_qos.1 @@ -0,0 +1,198 @@ +.TH MOD_QOS 1 "May 2023" "mod_qos Apache Module" "mod_qos" +.SH NAME +mod_qos \- quality of service module for the Apache Web server +.SH DESCRIPTION +mod_qos is a quality of service module for the Apache web server implementing control mechanisms that can provide different levels of priority to different HTTP requests. +.SH OPTIONS +.TP +QS_LocRequestLimitDefault <number>, defines the default for the QS_LocRequestLimit and QS_LocRequestLimitMatch directive. +.TP +QS_LocRequestLimit <location> <number>, defines the maximum number of concurrent requests allowed to access the specified location. Default is defined by the QS_LocRequestLimitDefault directive. +.TP +QS_LocRequestPerSecLimit <location> <number>, defines the allowed number of requests per second to a location. Requests are limited by adding a delay to each requests. This directive should be used in conjunction with QS_LocRequestLimit only. +.TP +QS_LocKBytesPerSecLimit <location> <kbytes>, defines the allowed download bandwidth to the defined kbytes per second. Responses areslowed by adding a delay to each response (non\-linear, bigger files get longer delay than smaller ones). This directive should be used in conjunction with QS_LocRequestLimit only. +.TP +QS_LocRequestLimitMatch <regex> <number>, defines the number of concurrent requests to the uri (path and query) pattern. Default is defined by the QS_LocRequestLimitDefault directive. +.TP +QS_LocRequestPerSecLimitMatch <regex> <number>, defines the allowed number of requests per second to the uri (path and query) pattern. Requests are limited by adding a delay to each requests. This directive should be used in conjunction with QS_LocRequestLimitMatch only. +.TP +QS_LocKBytesPerSecLimitMatch <regex> <kbytes>, defines the allowed download bandwidth to the location matching the defined URL (path and query) pattern. Responses are slowed down by adding a delay to each response (non\-linear, bigger files get longer delay than smaller ones). This directive should be used in conjunction with QS_LocRequestLimitMatch only. +.TP +QS_CondLocRequestLimitMatch <regex> <number> <pattern>, defines the number of concurrent requests to the uri (path and query) regex. Rule is only enforced if the QS_Cond variable matches the specified pattern (regex). +.TP +QS_EventRequestLimit <variable>[=<regex>] <number>, defines the number of concurrent events. Directive works similar to QS_LocRequestLimit, but counts the requests having the same environment variable (and optionally matching its value, too) rather than those that have the same URL pattern. +.TP +QS_EventPerSecLimit [!]<variable> <number>, defines how often requests may have the defined environment variable (literal string) set. It measures the occurrences of the defined environment variable on a request per seconds level and tries to limit this occurrence to the defined number. It works similar to as QS_LocRequestPerSecLimit, but counts only the requests with the specified variable (or without it if the variable name is prefixed by a '!'). If a request matches multiple events, the rule with the lowest bandwidth is applied. Events are limited by adding a delay to each request causing an event. +.TP +QS_EventKBytesPerSecLimit [!]<variable> <kbytes>, throttles the download bandwidth of all requests having the defined variable set to the defined kbytes per second. Responses are slowed by adding a delay to each response (non\-linear, bigger files get longer delay than smaller ones). By default, no limitation is active. This directive should be used in conjunction with QS_EventRequestLimit only (you must use the same variable name for both directives). +.TP +QS_EventLimitCount <env\-variable> <number> <seconds>, defines the maximum number of events allowed within the defined time. Requests are denied when reaching this limitation for the specified time (blocked at request level). +.TP +QS_CondEventLimitCount <env\-variable> <number> <seconds> <pattern>, same as QS_EventLimitCount but blocks requests only if the QS_Cond variable matches the specified pattern (regex). +.TP +QS_SrvMaxConn <number>, defines the maximum number of concurrent TCP connections for this server (virtual host). +.TP +QS_SrvMaxConnClose <number>[%], defines the maximum number of concurrent TCP connections until the server disables keep\-alive for this server (closes the connection after each requests. You may specify the number of connections as a percentage of MaxClients if adding the suffix '%' to the specified value. +.TP +QS_SrvMaxConnPerIP <number> [<connections>], defines the maximum number of connections per source IP address for this server (virtual host). 'connections' defines the number of busy connections of the server (all virtual hosts) to enable this limitation, default is 0. +.TP +QS_SrvMaxConnExcludeIP <addr>, excludes an IP address or address range from being limited. +.TP +QS_SrvMinDataRateIgnoreVIP tells the QS_SrvMaxConnPerIP directive to ignore (if set to "on") the VIP status of clients. Default is "off", which means that QS_SrvMaxConnPerIP is disabled for VIPs. +.TP +QS_SrvSerialize 'on'|'off' [<seconds>], ensures that not more than one request having the QS_SrvSerialize variable set is processed at the same time by serializing them (process one after each other). +.TP +QS_SrvDataRateOff, disables the QS_SrvRequestRate and QS_SrvMinDataRate enforcement for a virtual host (only port/address based but not for name based virtual hosts). +.TP +QS_SrvRequestRate <bytes per seconds> [<max bytes per second>], defines the minimum upload throughput a client must generate. See also QS_SrvMinDataRate. +.TP +QS_SrvMinDataRate <bytes per seconds> [<max bytes per second> [<connections>]], defines the minimum upload/download throughput a client must generate (the bytes send/received by the client per seconds). This bandwidth is measured while transmitting the data (request line, header fields, request body, or response data). The client connection get closed if the client does not fulfill the required data rate and the IP address of the causing client get marked in order to be handled with low priority (see the QS_ClientPrefer directive). The "max bytes per second" activates dynamic minimum throughput control: The required minimal throughput is increased in parallel to the number of concurrent clients sending/receiving data. The "max bytes per second" setting is reached when the number of sending/receiving clients is equal to the MaxClients setting. The "connections" argument is used to specify the number of busy TCP connections a server must have to enable this feature (0 by default). No limitation is set by default. +.TP +QS_SrvMinDataRateOffEvent '+'|'\-'<env\-variable>, disables the minimal data rate enfocement (QS_SrvMinDataRate) for a certain connection if the defined environment variable has been set. The '+' prefix is used to add a variable to the configuration while the '\-' prefix is used to remove a variable. +.TP +QS_SrvMinDataRateIgnoreVIP tells the QS_SrvMinDataRate directive to ignore (if set to "on") the VIP status of clients. Default is "off", which means that QS_SrvMinDataRate is disabled for VIPs. +.TP +QS_SrvSampleRate <seconds>, defines the sampling rate used by the QS_SrvMinDataRate directive to measure the throughput of a connection. +.TP +QS_DenyRequestLine '+'|'\-'<id> 'log'|'deny' <regular expression>, generic request line (method, path, query and protocol) filter used to deny access for requests matching the defined regular expression. '+' adds a new rule while '\-' removes a rule for a location. The action is either 'log' (access is granted but rule match is logged) or 'deny' (access is denied). +.TP +QS_DenyPath, same as QS_DenyRequestLine but applied to the path only. +.TP +QS_DenyQuery, same as QS_DenyRequestLine but applied to the query only. +.TP +QS_DenyEvent '+'|'\-'<id> 'log'|'deny' [!]<variable>, matches requests having the defined process environment variable set (or NOT set if prefixed by a '!'). The action taken for matching rules is either 'log' (access is granted but the rule match is logged) or 'deny' (access is denied). +.TP +QS_PermitUri, '+'|'\-'<id> 'log'|'deny' <regular expression>, generic request filter applied to the request uri (path and query). Only requests matching at least one QS_PermitUri pattern are allowed. If a QS_PermitUri pattern has been defined an the request does not match any rule, the request is denied albeit of any server resource availability (allow list). All rules must define the same action. Regular expression is case sensitive. +.TP +QS_DenyBody 'on'|'off', enabled body data filter (obsolete). +.TP +QS_DenyQueryBody 'on'|'off', enabled body data filter for QS_DenyQuery. +.TP +QS_PermitUriBody 'on'|'off', enabled body data filter for QS_PermitUriBody. +.TP +QS_InvalidUrlEncoding 'log'|'deny'|'off', enforces correct URL decoding in conjunction with the QS_DenyRequestLine, QS_DenyPath, and QS_DenyQuery directives. Default is "off". +.TP +QS_LimitRequestBody <bytes>, limits the allowed size of an HTTP request message body. +.TP +QS_DenyDecoding 'uni', enabled additional string decoding functions which are applied before matching QS_Deny* and QS_Permit* directives. Default is URL decoding (%xx, \xHH, '+'). +.TP +QS_DenyInheritanceOff, disable inheritance of QS_Deny* and QS_Permit* directives to a location. +.TP +QS_RequestHeaderFilter 'on'|'off'|'size', filters request headers by allowing only these headers which match the request header rules defined by mod_qos. Request headers which do not conform these definitions are either dropped or the whole request is denied. Custom request headers may be added by the QS_RequestHeaderFilterRule directive. Using the 'size' option, the header field max. size is verified only (similar to LimitRequestFieldsize but using individual values for each header type) while the pattern is ignored. +.TP +QS_ResponseHeaderFilter 'on'|'off', filters response headers by allowing only these headers which match the response header rules defined by mod_qos. Response headers which do not conform these definitions are dropped. +.TP +QS_RequestHeaderFilterRule <header name> 'drop'|'deny' <regular expression> <size>, used to add custom request header filter rules which override the internal filter rules of mod_qos. Directive is allowed in global server context only. +.TP +QS_ResponseHeaderFilterRule <header name> <regular expression> <size>, used to add custom response header filter rules which override the internal filter rules of mod_qos. Directive is allowed in global server context only. +.TP +QS_MileStone 'log'|'deny' <pattern> [<thinktime>], defines request line patterns a client must access in the defined order as they are defined in the configuration file. +.TP +QS_MileStoneTimeout <seconds>, defines the time in seconds within a client must reach the next milestone. Default are 3600 seconds. +.TP +QS_SessionCookieName <name>, defines a custom session cookie name, default is MODQOS. +.TP +QS_SessionCookiePath <path>, defines the cookie path, default is "/". +.TP +QS_SessionTimeout <seconds>, defines the session life time for a VIP. It is only used for session based (cookie) VIP identification (not for IP based). Default is 3600 seconds. +.TP +QS_SessionKey <string>, secret key used for cookie encryption. Used when using the same session cookie for multiple web servers (load balancing) or sessions should survive a server restart. By default, a random key is used which changes every server restart. +.TP +QS_VipHeaderName <name>[=<regex>] [drop], defines an HTTP response header which marks a user as a VIP. mod_qos creates a session for this user by setting a cookie, e.g., after successful user authentication. Tests optionally its value against the provided regular expression. Specify the action 'drop' if you want mod_qos to remove this control header from the HTTP response. +.TP +QS_VipIPHeaderName <name>[=<regex>] [drop], defines an HTTP response header which marks a client source IP address as a VIP. Tests optionally its value against the provided regular expression. Specify the action 'drop' if you want mod_qos to remove this control header from the HTTP response. +.TP +QS_VipUser, creates a VIP session for users which have been authenticated by the Apache server, e.g., by the standard mod_auth* modules. It works similar to the QS_VipHeaderName directive. +.TP +QS_VipIpUser, marks a source IP address as a VIP if the user has been authenticated by the Apache server, e.g. by the standard mod_auth* modules. It works similar to the QS_VipIPHeaderName directive. +.TP +QS_UserTrackingCookieName <name> [<path>] [<domain>] ['session'] ['jsredirect'], enables the user tracking cookie by defining a cookie name. The "path" parameter is an option cookie check page which is used to ensure the client accepts cookies. The "domain" option defines the Domain attriibute for the Set\-Cookie header. The option "session" indicates that the cookie shall be a session cookie expiring when the user closes it's browser. User tracking requires mod_unique_id. This feature is disabled by default. Ignores QS_LogOnly. +.TP +QS_SetEnvIf [!]<variable1>[=<regex>] [[!]<variable2>] [!]<variable=value>, sets (or unsets) the 'variable=value' (literal string) if variable1 (literal string) AND variable2 (literal string) are set in the request environment variable list (not case sensitive). This is used to combine multiple variables to a new event type. Alternatively, a regular expression can be specified for variable1's value and variable2 must be omitted in order to simply set a new variable if the regular expression matches. +.TP +QS_SetEnvIfCmpP <env\-variable1> eq|ne|gt|lt <env\-variable2> [!]<env\-variable>[=<value>], sets the specified environment variable if the specified env\-variables are alphabetically or numerical equal (eq), not equal (ne), greater (gt), less (lt). +.TP +QS_SetEnvIfQuery <regex> [!]<variable>[=value], directive works quite similar to the SetEnvIf directive of the Apache module mod_setenvif, but the specified regex is applied against the query string portion of the request line. The directive recognizes the occurrences of $1..$9 within value and replaces them by the sub\-expressions of the defined regex pattern. +.TP +QS_SetEnvIfParp <regex> [!]<variable>[=value], directive parsing the request payload using the Apache module mod_parp. It matches the request URL query and the HTTP request message body data as well ('application/x\-www\-form\-urlencoded', 'multipart/form\-data', and 'multipart/mixed') and sets the defined process variable (quite similar to the QS_SetEnvIfQuery directive). The directive recognizes the occurrences of $1..$9 within value and replaces them by the sub\-expressions of the defined regex pattern. This directive activates mod_parp for every request to the virtual host. You may deactivate mod_parp for selected requests using the SetEnvIf directive: unset the variable 'parp' to do so. Important: request message body processing requires that the server loads the whole request into its memory (at least twice the length of the message). You should limit the allowed size of the HTTP request message body using the QS_LimitRequestBody directive when using QS_SetEnvIfParp! +.TP +QS_SetEnvIfBody <regex> [!]<variable>[=value], parses the request body using the Apache module mod_parp. Specify the content types to process using the mod_parp directive PARP_BodyData and ensure that mod_parp is enabled using the SetEnvIf directive of the Apache module mod_setenvif. You should limit the allowed size of HTTP requests message body using the QS_LimitRequestBody directive when using mod_parp. The directive recognizes the occurrence of $1 within the variable value and replaces it by the sub\-expressions of the defined regex pattern. +.TP +QS_SetEnvStatus (deprecated, use QS_SetEnvIfStatus) +.TP +QS_SetEnvIfStatus <status code> <variable>, adds the defined request environment variable if the HTTP status code matches the defined value. The value 'QS_SrvMinDataRate' may be used as a special status code to set a QS_Block event in order to handle connection close events caused by QS_SrvMinDataRate rules while the status 'NullConnection' may be used to mark connections which are closed before any HTTP request has ever been received. The 'QS_SrvMaxConnPerIP' value may be used to count QS_Block events for connections closed by the QS_SrvMaxConnPerIP directive. The 'BrokenConnection' value may be used to mark clients not reading the full HTTP response. +.TP +QS_SetEnvResBody (deprecated, use QS_SetEnvIfResBody) +.TP +QS_SetEnvIfResBody <string> [!]<variable>, adds the defined request environment variable (e.g. QS_Block) if the HTTP response body contains the defined literal string. Supports only one pattern per location. +.TP +QS_SetEnv <variable> <value>, sets the defined variable with the value where the value string may contain other environment variables surrounded by "${" and "}". The variable is only set if all defined variables within the value can be resolved. +.TP +QS_SetReqHeader [!]<header name> <variable> ['late'], sets the defined HTTP request header to the request if the specified environment variable is set. +.TP +QS_UnsetReqHeader <header name>, Removes the specified header from the request. +.TP +QS_UnsetResHeader <header name>, Removes the specified header from the response. +.TP +QS_SetEnvResHeader <header name> [drop], sets the defined HTTP response header (name and value) to the request environment variables Deletes the header if the action 'drop' has been specified. +.TP +QS_SetEnvResHeaderMatch <header name> <regex>, sets the defined HTTP response header (name and value) to the request environment variables if the specified regular expression matches the header value. +.TP +QS_SetEnvRes <variable> <regex> <variable2>[=<value>], sets the environment variable2 if the regular expression matches against the value of the environment variable. Occurrences of $1..$9 within the value and replace them by parenthesized subexpressions of the regular expression. +.TP +QS_RedirectIf <variable> <regex> [<code>:]<url>, redirects the client to the configured url if the regular expression matches the value of the the environment variable. +.TP +QS_ClientEntries <number>, defines the number of individual clients managed by mod_qos. Default is 50000. Directive is allowed in global server context only. +.TP +QS_ClientPrefer [<percent>], prefers known VIP clients when server has less than 80% (or the configured value) of free TCP connections. Preferred clients are VIP clients (or those without any negative penalties), see QS_VipHeaderName directive. Directive is allowed in global server context only. +.TP +QS_ClientTolerance <percent>, defines the allowed tolerance (variation) from a "normal" client (average) in percent. Default is 20%. Directive is allowed in global server context only. +.TP +QS_ClientContentTypes <html> <css/js> <images> <other> <304>, defines the distribution of HTTP response content types a client normally receives when accessing the server. mod_qos normally learns the average behavior automatically by default but you may specify a static configuration in order to avoid influences by a high number of abnormal clients. +.TP +QS_ClientEventBlockCount <number> [<seconds>], defines the maximum number of QS_Block allowed within the defined time (default are 10 minutes). Directive is allowed in global server context only. +.TP +QS_ClientEventBlockExcludeIP <addr>, excludes an IP address or address range from being limited by QS_ClientEventBlockCount. +.TP +QS_ClientEventLimitCount <number> [<seconds> [<variable>]], defines the maximum number of the specified environment variable (QS_Limit by default) allowed within the defined time (default are 10 minutes). Directive is allowed in global server context only. +.TP +QS_CondClientEventLimitCount <number> <seconds> <variable> <pattern>, defines the maximum number of the specified environment variable allowed within the defined time. Directive works similar as QS_ClientEventLimitCount but requests are only blocked if the QS_Cond variable matches the defined pattern (regex). Directive is allowed in global server context only. +.TP +QS_ClientEventPerSecLimit <number>, defines the number events pro seconds on a per client (source IP) basis. Events are identified by requests having the QS_Event variable set. Directive is allowed in global server context only. +.TP +QS_ClientEventRequestLimit <number>, defines the allowed number of concurrent requests coming from the same client source IP address having the QS_EventRequest variable set. Directive is allowed in global server context only. +.TP +QS_ClientSerialize, serializes requests having the QS_Serialize variable set if they are coming from the same IP address. +.TP +QS_ClientIpFromHeader <header>, defines a HTTP request header to read the client's source IP address from (instead of taking the IP address of the client opening the TCP connection). This may be used for the QS_ClientEventLimitCount directive and QS_Country variable. +.TP +QS_ClientGeoCountryDB <path>, path to the geograpical database file. +.TP +QS_ClientGeoCountryPriv <list> <connections> ['excludeUnknown'], defines a comma separated list of country codes for origin client IP address which are allowed to access the server if the number of busy TCP connections reaches the defined number of connections while others are denied access. Clients whose IP can't be mapped to a country code can be excluded from the limitation by configuring the 'excludeUnknown' argument. +.TP +QS_ErrorPage <url>, defines a custom error page. +.TP +QS_ErrorResponseCode <code>, defines the HTTP response code which is used when a request is denied, default is 500. +.TP +QS_ForcedClose 'on'|'off', defines if mod_qos connection handler shall exit with an error code (on) or not. Default is on (except for Apache 2.4.49). +.TP +QS_LogOnly 'on'|'off', enables the log only mode of the module where no limitations are enforced. Default is off. Directive is allowed in global server context only. +.TP +QS_LogEnv 'on'|'off', enables logging of environment variables. +.TP +QS_SupportIPv6 'on'|'off', enables IPv6 address support. Default is on. +.TP +QS_SemMemFile <path>, optional path to a directory or file which shall be used for file based semaphores/shared memory usage, e.g. /var/tmp. +.TP +QS_MaxClients <number>, optional override for mod_qos's MaxClients/MaxRequestWorkers calculation which defines the maximum number of TCP connections the server can handle. +.TP +QS_DisableHandler 'on'|'off', disables the qos\-viewer and qos\-console for a virtual host +.TP +QS_Status 'on'|'off', writes a log message containing server statistics once every minute. Default is off. +.TP +QS_EventCount 'on'|'off', enables error event counting (counters are shown in the machine\-readable version of the status viewer). Default is off. +.TP +QSLog <arg>, used to configure a global (per Apache instance) 'qslog' logger. +.SH AUTHOR +Pascal Buchbinder, http://mod\-qos.sourceforge.net/ diff --git a/tools/man1/qsdt.1 b/tools/man1/qsdt.1 new file mode 100644 index 0000000..ed58005 --- /dev/null +++ b/tools/man1/qsdt.1 @@ -0,0 +1,46 @@ +.TH QSDT 1 "May 2023" "mod_qos utilities 11.74" "qsdt man page" + +.SH NAME +qsdt calculates the elapsed time between two related log messages. +.SH SYNOPSIS +qsdt [\-t <regex>] \-i <regex> \-s <regex> \-e <regex> [\-v] [<path>] +.SH DESCRIPTION +qsdt is a simple tool to search two different messages in a log file and calculates the elapsed time between these lines. The two log messages need a common identifier such an unique request id (UNIQUE_ID), a thread id, or a transaction code. +.SH OPTIONS +.TP +\-t <regex> +Defines a pattern (regular expression) matching the log line's timestamp. The pattern must include two sub\-expressions, one matching hours, minutes and seconds the other matching the milliseconds. Default pattern is ([0\-9]{2}:[0\-9]{2}:[0\-9]{2})[.,]([0\-9]{3}) +.TP +\-i <regex> +Pattern (regular expression) matching the identifier which the two messages have in common. The sub\-expression defines the part which needs to be extracted from the matching string. Note: You can also use the start (\-s) and end (\-e) pattern to define the sub\-expression matching this identifier. +.TP +\-s <regex> +Defines the pattern (regular expression or literal string) identifying the first (start) of the two messages. +.TP +\-e <regex> +Defines the pattern (regular expression or literal string) identifying the second (end) of the two messages. +.TP +\-v +Verbose mode. +.TP +<path> +Defines the input file to process. qsdt reads from from standard input if this parameter is omitted. +.SH EXAMPLE +Sample command line arguments: + + \-i ' ([a\-z0\-9]+) [A\-Z]+ ' \-s 'Received Request' \-e 'Received Response' + + matching those sample log messages: + 2018\-03\-12 16:34:08.653 threadid23 INFO Received Request + 2018\-03\-13 16:35:09.891 threadid23 DEBUG MessageHandler Received Response + +.SH NOTE +The four patterns (t,i,s,e) are concatenated into two search patterns: + first (start): [t (HH:MM:SS)(SSS) ].*[i (id) ].*[s ] + second (end): [t (HH:MM:SS)(SSS) ].*[i (id) ].*[e ] + +And the three sub\-expression are used to extract the timestamp and the unique identifier that the start and end message have in common. This means that you could specify the sub\-expression for the unique identifier in the start (\-s) or end (\-e) pattern alternatively, e.g. in case the identifier is at the end of the log line. +.SH SEE ALSO +qsexec(1), qsfilter2(1), qsgeo(1), qsgrep(1), qshead(1), qslog(1), qslogger(1), qspng(1), qsre(1), qsrespeed(1), qsrotate(1), qssign(1), qstail(1) +.SH AUTHOR +Pascal Buchbinder, http://mod-qos.sourceforge.net/ diff --git a/tools/man1/qsexec.1 b/tools/man1/qsexec.1 new file mode 100644 index 0000000..0ae6030 --- /dev/null +++ b/tools/man1/qsexec.1 @@ -0,0 +1,36 @@ +.TH QSEXEC 1 "May 2023" "mod_qos utilities 11.74" "qsexec man page + +.SH NAME +qsexec \- parses the data received via stdin and executes the defined command on a pattern match. + +.SH SYNOPSIS +qsexec \-e <pattern> [\-t <number>:<sec>] [\-c <pattern> [<command string>]] [\-p] [\-u <user>] <command string> +.SH DESCRIPTION +qsexec reads log lines from stdin and searches for the defined pattern. It executes the defined command string on pattern match. +.SH OPTIONS +.TP +\-e <pattern> +Specifies the search pattern causing an event which shall trigger the command. +.TP +\-t <number>:<sec> +Defines the number of pattern match within the the defined number of seconds in order to trigger the command execution. By default, every pattern match causes a command execution. +.TP +\-c <pattern> [<command string>] +Pattern which clears the event counter. Executes optionally a command if an event command has been executed before. +.TP +\-p +Writes data also to stdout (for piped logging). +.TP +\-u <name> +Become another user, e.g. www\-data. +.TP +<command string> +Defines the event command string where $0\-$9 are substituted by the submatches of the regular expression. +.SH EXAMPLE +Executes the deny.sh script providing the IP address of the client causing a mod_qos(031) messages whenever the log message appears 10 times within at most one minute: + ErrorLog "|/usr/bin/qsexec \-e \\'mod_qos\\(031\\).*, c=([0\-9a\-zA\-Z:.]*)\\' \-t 10:60 \\'/usr/local/bin/deny.sh $1\\'" + +.SH SEE ALSO +qsdt(1), qsfilter2(1), qsgeo(1), qsgrep(1), qshead(1), qslog(1), qslogger(1), qspng(1), qsre(1), qsrespeed(1), qsrotate(1), qssign(1), qstail(1) +.SH AUTHOR +Pascal Buchbinder, http://mod-qos.sourceforge.net/ diff --git a/tools/man1/qsfilter2.1 b/tools/man1/qsfilter2.1 new file mode 100644 index 0000000..8ec845b --- /dev/null +++ b/tools/man1/qsfilter2.1 @@ -0,0 +1,99 @@ +.TH QSFILTER2 1 "May 2023" "mod_qos utilities 11.74" "qsfilter2 man page" + +.SH NAME +qsfilter2 \- an utility to generate mod_qos request line rules out from existing access/audit log data. +.SH SYNOPSIS +qsfilter2 \-i <path> [\-c <path>] [\-d <num>] [\-h] [\-b <num>] [\-p|\-s|\-m|\-o] [\-l <len>] [\-n] [\-e] [\-u 'uni'] [\-k <prefix>] [\-t] [\-f <path>] [\-v 0|1|2] +.SH DESCRIPTION +mod_qos implements a request filter which validates each request line. The module supports both, negative and positive security model. The QS_Deny* directives are used to specify request line patterns which are not allowed to access the server (negative security model / deny list). These rules are used to restrict access to certain resources which should not be available to users or to protect the server from malicious patterns. The QS_Permit* rules implement a positive security model (allow list). These directives are used to define allowed request line patterns. Request which do not match any of these patterns are not allowed to access the server. + +qsfilter2 is an audit log analyzer used to generate filter rules (perl compatible regular expressions) which may be used by mod_qos to deny access for suspect requests (QS_PermitUri rules). It parses existing audit log files in order to generate request patterns covering all allowed requests. +.SH OPTIONS +.TP +\-i <path> +Input file containing request URIs. The URIs for this file have to be extracted from the servers access logs. Each line of the input file contains a request URI consisting of a path and and query. + Example: + /aaa/index.do + /aaa/edit?image=1.jpg + /aaa/image/1.jpg + /aaa/view?page=1 + /aaa/edit?document=1 + +These access log data must include current request URIs but also request lines from previous rule generation steps. It must also include request lines which cover manually generated rules. You may use the 'qos\-path' and 'qos\-query' variables to create an audit log containing all request data (path and query/body data). Example: 'CustomLog audit_log %{qos\-path}n%{qos\-query}n'. See also http://mod\-qos.sourceforge.net#qsfiltersample about the module settings. +.TP +\-c <path> +mod_qos configuration file defining QS_DenyRequestLine and QS_PermitUri directives. qsfilter2 generates rules from access log data automatically. Manually generated rules (QS_PermitUri) may be provided from this file. Note: each manual rule must be represented by a request URI in the input data (\-i) in order to make sure not to be deleted by the rule optimisation algorithm. QS_Deny* rules from this file are used to filter request lines which should not be used for allow list rule generation. + Example: + # manually defined allow list rule: + QS_PermitUri +view deny "^[/a\-zA\-Z0\-9]+/view\\?(page=[0\-9]+)?$" + # filter unwanted request line patterns: + QS_DenyRequestLine +printable deny ".*[\\x00\-\\x19].*" + + +.TP +\-d <num> +Depth (sub locations) of the path string which is defined as a literal string. Default is 1. +.TP +\-h +Always use a string representing the handler name in the path even the url does not have a query. See also \-d option. +.TP +\-b <num> +Replaces url pattern by the regular expression when detecting a base64/hex encoded string. Detecting sensibility is defined by a numeric value. You should use values higher than 5 (default) or 0 to disable this function. +.TP +\-p +Represents query by pcre only (no literal strings). +.TP +\-s +Uses one single pcre for the whole query string. +.TP +\-m +Uses one pcre for multiple query values (recommended mode). +.TP +\-o +Does not care the order of query parameters. +.TP +\-l <len> +Outsizes the query length by the defined length ({0,size+len}), default is 10. +.TP +\-n +Disables redundant rules elimination. +.TP +\-e +Exit on error. +.TP +\-u 'uni' +Enables additional decoding methods. Use the same settings as you have used for the QS_Decoding directive. +.TP +\-k <prefix> +Prefix used to generate rule identifiers (QSF by default). +.TP +\-t +Calculates the maximal latency per request (worst case) using the generated rules. +.TP +\-f <path> +Filters the input by the provided path (prefix) only processing matching lines. +.TP +\-v <level> +Verbose mode. (0=silent, 1=rule source, 2=detailed). Default is 1. Don't use rules you haven't checked the request data used to generate it! Level 1 is highly recommended (as long as you don't have created the log data using your own web crawler). +.SH OUTPUT +The output of qsfilter2 is written to stdout. The output contains the generated QS_PermitUri directives but also information about the source which has been used to generate these rules. It is very important to check the validity of each request line which has been used to calculate the QS_PermitUri rules. Each request line which has been used to generate a new rule is shown in the output prefixed by "ADD line <line number>:". These request lines should be stored and reused at any later rule generation (add them to the URI input file). The subsequent line shows the generated rule. At the end of data processing a list of all generated QS_PermitUri rules is shown. These directives may be used withn the configuration file used by mod_qos. +.SH EXAMPLE + qsfilter2 \-i loc.txt \-c httpd.conf \-m \-e + ... + # ADD line 1: /aaa/index.do + # 003 ^(/[a\-zA\-Z0\-9\\\-_]+)+[/]?\\.?[a\-zA\-Z]{0,4}$ + # ADD line 3: /aaa/view?page=1 + # \-\-\- ^[/a\-zA\-Z0\-9]+/view\\?(page=[0\-9]+)?$ + # ADD line 4: /aaa/edit?document=1 + # 004 ^[/a\-zA\-Z]+/edit\\?((document)(=[0\-9]*)*[&]?)*$ + # ADD line 5: /aaa/edit?image=1.jpg + # 005 ^[/a\-zA\-Z]+/edit\\?((image)(=[0\-9\\.a\-zA\-Z]*)*[&]?)*$ + ... + QS_PermitUri +QSF001 deny "^[/a\-zA\-Z]+/edit\\?((document|image)(=[0\-9\\.a\-zA\-Z]*)*[&]?)*$" + QS_PermitUri +QSF002 deny "^[/a\-zA\-Z0\-9]+/view\\?(page=[0\-9]+)?$" + QS_PermitUri +QSF003 deny "^(/[a\-zA\-Z0\-9\\\-_]+)+[/]?\\.?[a\-zA\-Z]{0,4}$" + +.SH SEE ALSO +qsdt(1), qsexec(1), qsgeo(1), qsgrep(1), qshead(1), qslog(1), qslogger(1), qspng(1), qsre(1), qsrespeed(1), qsrotate(1), qssign(1), qstail(1) +.SH AUTHOR +Pascal Buchbinder, http://mod-qos.sourceforge.net/ diff --git a/tools/man1/qsgeo.1 b/tools/man1/qsgeo.1 new file mode 100644 index 0000000..9c0e1be --- /dev/null +++ b/tools/man1/qsgeo.1 @@ -0,0 +1,39 @@ +.TH QSGEO 1 "May 2023" "mod_qos utilities 11.74" "qsgeo man page" + +.SH NAME +qsgeo \- an utility to lookup a client's country code. +.SH SYNOPSIS +qsgeo \-d <path> [\-l] [\-s] [\-ip <ip>] +.SH DESCRIPTION +Use this utility to resolve the country codes of IP addresses within existing log files. The utility reads the log file data from stdin and writes them, with the injected country code, to stdout. +.SH OPTIONS + +.TP +\-d <path> +Specifies the path to the geographical database files (CSV file containing IP address ranges and country codes). +.TP +\-s +Writes a summary of the requests per country only. +.TP +\-l +Writes the database to stdout (ignoring stdin) inserting local (127.*) and private (10.*, 172.16*, 192.168.*) network addresses. +.TP +\-ip <ip> +Resolves a single IP address instead of processing a log file. +.SH EXAMPLE +Reading the file access.log and adding the country code to the IP address field: + + cat access.log | qsgeo \-d GeoIPCountryWhois.csv + +Reading the file access.log and showing a summary only: + + cat access.log | qsgeo \-d GeoIPCountryWhois.csv \-s + +Resolving a single IP address: + + qsgeo \-d GeoIPCountryWhois.csv \-ip 192.84.12.23 + +.SH SEE ALSO +qsdt(1), qsexec(1), qsfilter2(1), qsgrep(1), qshead(1), qslog(1), qslogger(1), qspng(1), qsre(1), qsrespeed(1), qsrotate(1), qssign(1), qstail(1) +.SH AUTHOR +Pascal Buchbinder, http://mod-qos.sourceforge.net/ diff --git a/tools/man1/qsgrep.1 b/tools/man1/qsgrep.1 new file mode 100644 index 0000000..5bba3d9 --- /dev/null +++ b/tools/man1/qsgrep.1 @@ -0,0 +1,28 @@ +.TH QSGREP 1 "May 2023" "mod_qos utilities 11.74" "qsgrep man page" + +.SH NAME +qsgrep \- prints matching patterns within a file. +.SH SYNOPSIS +qsgrep \-e <pattern> \-o <sub string> [<path>] +.SH DESCRIPTION +qsgrep is a simple tool to search patterns within files. It uses regular expressions to find patterns and prints the submatches within a pre\-defined format string. +.SH OPTIONS +.TP +\-e <pattern> +Specifies the search pattern. +.TP +\-o <string> +Defines the output string where $0\-$9 are substituted by the submatches of the regular expression. +.TP +<path> +Defines the input file to process. qsgrep reads from from standard input if this parameter is omitted. + +.SH EXAMPLE +Shows the IP addresses of clients causing mod_qos(031) messages): + + qsgrep \-e 'mod_qos\\(031\\).*, c=([a\-zA\-Z0\-9:.]*)' \-o 'ip=$1' error_log + +.SH SEE ALSO +qsdt(1), qsexec(1), qsfilter2(1), qsgeo(1), qshead(1), qslog(1), qslogger(1), qspng(1), qsre(1), qsrespeed(1), qsrotate(1), qssign(1), qstail(1) +.SH AUTHOR +Pascal Buchbinder, http://mod-qos.sourceforge.net/ diff --git a/tools/man1/qshead.1 b/tools/man1/qshead.1 new file mode 100644 index 0000000..b7956a8 --- /dev/null +++ b/tools/man1/qshead.1 @@ -0,0 +1,16 @@ +.TH QSHEAD 1 "May 2023" "mod_qos utilities 11.74" "qshead man page" + +.SH NAME +qshead \- an utility reading from stdin and printing all lines to stdout until reaching the defined pattern. +.SH SYNOPSIS +qshead \-p <pattern> +.SH DESCRIPTION +qshead reads lines from stdin and prints them to stdout until a line contains the specified pattern (literal string). +.SH OPTIONS +.TP +\-p <pattern> +Search pattern (literal string). +.SH SEE ALSO +qsdt(1), qsexec(1), qsfilter2(1), qsgeo(1), qsgrep(1), qslog(1), qslogger(1), qspng(1), qsre(1), qsrespeed(1), qsrotate(1), qssign(1) qstail(1) +.SH AUTHOR +Pascal Buchbinder, http://mod-qos.sourceforge.net/ diff --git a/tools/man1/qslog.1 b/tools/man1/qslog.1 new file mode 100644 index 0000000..140a8a8 --- /dev/null +++ b/tools/man1/qslog.1 @@ -0,0 +1,109 @@ +.TH QSLOG 1 "May 2023" "mod_qos utilities 11.74" "qslog man page" + +.SH NAME +qslog \- collects request statistics from access log data. +.SH SYNOPSIS +qslog \-f <format_string> \-o <out_file> [\-p[c|u[c]] [\-v]] [\-x [<num>]] [\-u <name>] [\-m] [\-c <path>] +.SH DESCRIPTION +qslog is a real time access log analyzer. It collects the data from stdin. The output is written to the specified file every minute and includes the following entries: + \- requests per second (r/s) + \- number of requests within measured time (req) + \- bytes sent to the client per second (b/s) + \- bytes received from the client per second (ib/s) + \- response status codes within the last minute (1xx,2xx,3xx,4xx,5xx) + \- average response duration (av) + \- average response duration in milliseconds (avms) + \- distribution of response durations in seconds within the last minute +(<1s,1s,2s,3s,4s,5s,>5s) + \- distribution of response durations faster than a second within the last minute +(0\-49ms,50\-99ms,100\-499ms,500\-999ms) + \- number of established (new) connections within the measured time (esco) + \- average system load (sl) + \- free memory (m) (not available for all platforms) + \- number of client ip addresses seen withn the last 600 seconds (ip) + \- number of different users seen withn the last 600 seconds (usr) + \- number of events identified by the 'E' format character + \- number of mod_qos events within the last minute (qV=create session, +qv=VIP IP,qS=session pass, qD=access denied, qK=connection closed, qT=dynamic keep\-alive, qL=request/response slow down, qs=serialized request, qA=connection abort, qU=new user tracking cookie) +.SH OPTIONS +.TP +\-f <format_string> +Defines the log data format and the positions of data elements processed by this utility. See to the 'LogFormat' directive of the httpd.conf file to see the format definitions of the servers access log data. + qslog knows the following elements: + I defines the client ip address (%h) + R defines the request line (%r) + S defines HTTP response status code (%s) + B defines the transferred bytes (%b or %O) + i defines the received bytes (%I) + D defines the request duration in microseconds (%D) + t defines the request duration in milliseconds (may be used instead of D) + T defines the request duration in seconds (may be used instead of D or t) (%T) + k defines the number of keepalive requests on the connection (%k) + U defines the user tracking id (%{mod_qos_user_id}e) + Q defines the mod_qos_ev event message (%{mod_qos_ev}e) + C defines the element for the detailed log (\-c option), e.g. "%U" + s arbitrary counter to add up (sum within a minute) + a arbitrary counter to build an average from (average per request) + A arbitrary counter to build an average from (average per request) + M arbitrary counter to measure the maximum value reached (peak) + E comma separated list of event strings + c content type (%{content\-type}o), available in \-pc mode only + m request method (GET/POST) (%m), available in \-pc mode only + . defines an element to ignore (unknown string) + +.TP +\-o <out_file> +Specifies the file to store the output to. stdout is used if this option is not defined. +.TP +\-p +Used for post processing when reading the log data from a file (cat/pipe). qslog is started using it's offline mode (extracting the time stamps from the log lines) in order to process existing log files. The option "\-pc" may be used alternatively if you want to gather request information per client (identified by IP address (I) or user tracking id (U) showing how many request each client has performed within the captured period of time). "\-pc" supports the format characters IURSBTtDkMEcm. The option "\-pu" collects statistics on a per URL level (supports format characters RSTtD). "\-puc" is very similar to "\-pu" but cuts the end (handler) of each URL. +.TP +\-v +Verbose mode. +.TP +\-x [<num>] +Rotates the output file once a day (move). You may specify the number of rotated files to keep. Default are 14. +.TP +\-u <name> +Becomes another user, e.g. www\-data. +.TP +\-m +Calculates free system memory every minute. +.TP +\-c <path> +Enables the collection of log statistics for different request types. 'path' specifies the necessary rule file. Each rule consists of a rule identifier and a regular expression to identify a request seprarated by a colon, e.g., 01:^(/a)|(/c). The regular expressions are matched against the log data element which has been identified by the 'C' format character. +.SH VARIABLES +The following environment variables are known to qslog: +.TP +QSEVENTPATH=<path> +Defines a file containing a comma or new line separated list of known event strings expected within the log filed identified by the 'E' format character. +.TP +QSCOUNTERPATH=<path> +Defines a file containing a by new line separated list of rules which reflect possible QS_ClientEventLimitCount directive settings (for simulation purpose / \-pc option). The 'E' format character defines the event string in the log to match (literal string) the 'event1' and 'event2' event names against. + +Rule syntax: <name>:<event1>\-<n>*<event2>/<duration>=<limit> + 'name' defines the name you have given to the rule entry and is logged along with +with the number of times the 'limit' has been reached within the 'duration'. + 'event1' defines the variable name (if found in 'E') to increment the counter. + 'event2' defines the variable name (if found in 'E') to decrement the counter (and +the parameter 'n' defines by how much). + 'duration' defines the measure interval (in seconds) used for the +QS_ClientEventLimitCount directive. + 'limit' defines the threshold (number) defined for the QS_ClientEventLimitCount +directive. + +Note: If the 'name' parameter is prefixed by 'STATUS', the rule is applied against the HTTP status code 'S' and the 'event1' string shall contain a list of relevant status codes separated by an underscore (while 'event2' is ignored). +.SH EXAMPLE +Configuration using pipped logging: + + CustomLog "|/usr/bin/qslog \-f ISBDQ \-x \-o /var/log/apache/stat.csv" "%h %>s %b %D %{mod_qos_ev}e" + +Post processing: + + LogFormat "%t %h \\"%r\\" %>s %b \\"%{User\-Agent}i\\" %T" + cat access.log | qslog \-f ..IRSB.T \-o stat.csv \-p + +.SH SEE ALSO +qsdt(1), qsexec(1), qsfilter2(1), qsgeo(1), qsgrep(1), qshead(1), qslogger(1), qspng(1), qsre(1), qsrespeed(1), qsrotate(1), qssign(1), qstail(1) +.SH AUTHOR +Pascal Buchbinder, http://mod-qos.sourceforge.net/ diff --git a/tools/man1/qslogger.1 b/tools/man1/qslogger.1 new file mode 100644 index 0000000..8c8961f --- /dev/null +++ b/tools/man1/qslogger.1 @@ -0,0 +1,41 @@ +.TH QSLOGGER 1 "May 2023" "mod_qos utilities 11.74" "qslogger man page" + +.SH NAME +qslogger \- another shell command interface to the system log module (syslog). +.SH SYNOPSIS +qslogger [\-t <tag>] [\-f <facility>] [\-l <level>] [\-x <prefix>] [\-r <expression>] [\-d <level>] [\-u <name>] [\-p] +.SH DESCRIPTION +Use this utility to forward log messages to the systems syslog facility, e.g., to forward the messages to a remote host. It reads data from stdin. +.SH OPTIONS + +.TP +\-t <tag> +Defines the tag name which shall be used to define the origin of the messages, e.g. 'httpd'. +.TP +\-f <facility> +Defines the syslog facility. Default is 'daemon'. +.TP +\-u <name> +Becomes another user, e.g. www\-data. +.TP +\-l <level> +Defines the minimal severity a message must have in order to be forwarded. Default is 'DEBUG' (forwarding everything). +.TP +\-x <prefix> +Allows you to add a prefix (literal string) to every message. +.TP +\-r <expression> +Specifies a regular expression which shall be used to determine the severity (syslog level) for each log line. The default pattern '^\\[[0\-9a\-zA\-Z :]+\\] \\[([a\-z]+)\\] ' can be used for Apache error log messages but you may configure your own pattern matching other log formats. Use brackets to define the pattern enclosing the severity string. Default level (if severity can't be determined) is defined by the option '\-d' (see below). +.TP +\-d <level> +The default severity if the specified pattern (\-r) does not match and the message's severity can't be determined. Default is 'NOTICE'. +.TP +\-p +Writes data also to stdout (for piped logging). +.SH EXAMPLE + ErrorLog "|/usr/bin/qslogger \-t apache \-f local7" + +.SH SEE ALSO +qsdt(1), qsexec(1), qsfilter2(1), qsgeo(1), qsgrep(1), qshead(1), qslog(1), qspng(1), qsre(1), qsrespeed(1), qsrotate(1), qssign(1), qstail(1) +.SH AUTHOR +Pascal Buchbinder, http://mod-qos.sourceforge.net/ diff --git a/tools/man1/qspng.1 b/tools/man1/qspng.1 new file mode 100644 index 0000000..d3ff0c4 --- /dev/null +++ b/tools/man1/qspng.1 @@ -0,0 +1,22 @@ +.TH QSPNG 1 "May 2023" "mod_qos utilities 11.74" "qspng man page" + +.SH NAME +qspng \- an utility to draw a png graph from qslog(1) output data. +.SH SYNOPSIS +qspng \-i <stat_log_file> \-p <parameter> \-o <out_file> [\-10] +.SH DESCRIPTION +qspng is a tool to generate png (portable network graphics) raster images files from semicolon separated data generated by the qslog utility. It reads up to the first 1440 entries (24 hours) and prints a graph using the values defined by the 'parameter' name. +.SH OPTIONS +.TP +\-i <stats_log_file> +Input file to read data from. +.TP +\-p <parameter> +Parameter name, e.g. r/s or usr. +.TP +\-o <out_file> +Output file name, e.g. stat.png. +.SH SEE ALSO +qsdt(1), qsexec(1), qsfilter2(1), qsgeo(1), qsgrep(1), qshead(1), qslogger(1), qslog(1), qsre(1), qsrespeed(1), qsrotate(1), qssign(1), qstail(1) +.SH AUTHOR +Pascal Buchbinder, http://mod-qos.sourceforge.net/ diff --git a/tools/man1/qsre.1 b/tools/man1/qsre.1 new file mode 100644 index 0000000..b011661 --- /dev/null +++ b/tools/man1/qsre.1 @@ -0,0 +1,19 @@ +.TH QSRE 1 "May 2023" "mod_qos utilities 11.74" "qsre man page" + +.SH NAME +qsre matches a regular expression against test strings. +.SH SYNOPSIS +qsre <string>|<path> <pcre>|<path> +.SH DESCRIPTION +Regular expression test tool. The provided regular expression (pcre, caseless matching, "." matches anything incl. newline) is appplied against the provided test strings to verify if the pattern matches. +.SH OPTIONS +.TP +<string>|<path> +The first argument either defines a single test string of a path to a file containing either multiple test strings or a test pattern with newline characters (text). +.TP +<pcre>|<path> +The second argument either defines a regular expression or a path to a file containing the expression. +.SH SEE ALSO +qsdt(1), qsexec(1), qsfilter2(1), qsgeo(1), qsgrep(1), qshead(1), qslog(1), qslogger(1), qspng(1), qsrespeed(1), qsrotate(1), qssign(1), qstail(1) +.SH AUTHOR +Pascal Buchbinder, http://mod-qos.sourceforge.net/ diff --git a/tools/man1/qsrespeed.1 b/tools/man1/qsrespeed.1 new file mode 100644 index 0000000..15207a8 --- /dev/null +++ b/tools/man1/qsrespeed.1 @@ -0,0 +1,16 @@ +.TH QSRESPEED 1 "May 2023" "mod_qos utilities 11.74" "qsrespeed man page" + +.SH NAME +Tool to compare / estimate the processing time for (Perl\-compatible) regular expressions (PCRE). +.SH SYNOPSIS +qsrespeed <path> +.SH DESCRIPTION +qsrespeed loads regular expressions from the provided file and matches them against a built\-in set of strings measuring the time needed to process them. It's a benchmark too to judge the expressions you have defined regarding the potential CPU consumption. +.SH OPTIONS +.TP +<path> +Defines the input file to process. The file consists a list of (separated by a newline character) regular expressions to test +.SH SEE ALSO +qsdt(1), qsexec(1), qsfilter2(1), qsgeo(1), qsgrep(1), qshead(1), qslog(1), qslogger(1), qspng(1), qsre(1), qsrotate(1), qssign(1), qstail(1) +.SH AUTHOR +Pascal Buchbinder, http://mod-qos.sourceforge.net/ diff --git a/tools/man1/qsrotate.1 b/tools/man1/qsrotate.1 new file mode 100644 index 0000000..754e8f4 --- /dev/null +++ b/tools/man1/qsrotate.1 @@ -0,0 +1,50 @@ +.TH QSROTATE 1 "May 2023" "mod_qos utilities 11.74" "qsrotate man page" + +.SH NAME +qsrotate \- a log rotation tool (similar to Apache's rotatelogs). +.SH SYNOPSIS +qsrotate \-o <file> [\-s <sec> [\-t <hours>]] [\-b <bytes>] [\-f] [\-z] [\-g <num>] [\-u <name>] [\-m <mask>] [\-p] [\-d] +.SH DESCRIPTION +qsrotate reads from stdin (piped log) and writes the data to the provided file rotating the file after the specified time. +.SH OPTIONS +.TP +\-o <file> +Output log file to write the data to (use an absolute path). +.TP +\-s <sec> +Rotation interval in seconds, default are 86400 seconds. +.TP +\-t <hours> +Offset to UTC (enables also DST support), default is 0. +.TP +\-b <bytes> +File size limitation (default/max. are 2147352576 bytes, min. are 1048576 bytes). +.TP +\-f +Forced log rotation at the specified interval even no data is written. +.TP +\-z +Compress (gzip) the rotated file. +.TP +\-g <num> +Generations (number of files to keep). +.TP +\-u <name> +Become another user, e.g. www\-data. \-m <mask> +File permission which is either 600, 640, 660 (default) or 664. +.TP +\-p +Writes data also to stdout (for piped logging). \-d +Line\-by\-line data reading prefixing every line with a timestamp. +.SH EXAMPLE + TransferLog "|/usr/bin/qsrotate \-f \-z \-g 3 \-o /var/log/apache/access.log \-s 86400" + +The name of the rotated file will be /dest/filee.YYYYmmddHHMMSS where YYYYmmddHHMMSS is the system time at which the data has been rotated. +.SH NOTE + \- Each qsrotate instance must use an individual file. + \- You may trigger a file rotation manually by sending the signal USR1 +to the process. +.SH SEE ALSO +qsdt(1), qsexec(1), qsfilter2(1), qsgeo(1), qsgrep(1), qshead(1), qslog(1), qslogger(1), qsre(1), qsrespeed(1), qspng(1), qssign(1), qstail(1) +.SH AUTHOR +Pascal Buchbinder, http://mod-qos.sourceforge.net/ diff --git a/tools/man1/qssign.1 b/tools/man1/qssign.1 new file mode 100644 index 0000000..ec3ed8d --- /dev/null +++ b/tools/man1/qssign.1 @@ -0,0 +1,44 @@ +.TH QSSIGN 1 "May 2023" "mod_qos utilities 11.74" "qssign man page" + +.SH NAME +qssign \- an utility to sign and verify the integrity of log data. +.SH SYNOPSIS +qssign \-s|S <secret> [\-e] [\-v] [\-u <name>] [\-f <regex>] [\-a 'sha1'|'sha256'] +.SH DESCRIPTION +qssign is a log data integrity check tool. It reads log data from stdin (pipe) and writes the data to stdout adding a sequence number and signature to ever log line. +.SH OPTIONS +.TP +\-s <secret> +Passphrase used to calculate signature. +.TP +\-S <program> +Specifies a program which writes the passphrase to stdout. +.TP +\-e +Writes start/end marker when starting/stopping data signing. +.TP +\-v +Verification mode checking the integrity of signed data. +.TP +\-u <name> +Becomes another user, e.g. www\-data. +.TP +\-f <regex> +Filter pattern (case sensitive regular expression) for messages which do not need to be signed. +.TP +\-a 'sha1'|'sha256' +Specifies the algorithm to use. Default is sha1. +.SH EXAMPLE +Sign: + + TransferLog "|/usr/bin/qssign \-s password \-e |/usr/bin/qsrotate \-o /var/log/apache/access.log" + + +Verify: + + cat access.log | qssign \-s password \-v + +.SH SEE ALSO +qsdt(1), qsexec(1), qsfilter2(1), qsgeo(1), qsgrep(1), qshead(1), qslog(1), qslogger(1), qspng(1), qsre(1), qsrespeed(1), qsrotate(1), qstail(1) +.SH AUTHOR +Pascal Buchbinder, http://mod-qos.sourceforge.net/ diff --git a/tools/man1/qstail.1 b/tools/man1/qstail.1 new file mode 100644 index 0000000..0755c0e --- /dev/null +++ b/tools/man1/qstail.1 @@ -0,0 +1,19 @@ +.TH QSTAIL 1 "May 2023" "mod_qos utilities 11.74" "qstail man page" + +.SH NAME +qstail \- an utility printing the end of a log file starting at the specified pattern. +.SH SYNOPSIS +qstail \-i <path> \-p <pattern> +.SH DESCRIPTION +qstail shows the end of a log file beginning with the line containing the specified pattern. This may be used to show all lines which has been written after a certain event (e.g., server restart) or time stamp. +.SH OPTIONS +.TP +\-i <path> +Input file to read the data from. +.TP +\-p <pattern> +Search pattern (literal string). +.SH SEE ALSO +qsdt(1), qsexec(1), qsfilter2(1), qsgeo(1), qsgrep(1), qshead(1), qslog(1), qslogger(1), qspng(1), qsre(1), qsrespeed(1), qsrotate(1), qssign(1) +.SH AUTHOR +Pascal Buchbinder, http://mod-qos.sourceforge.net/ diff --git a/tools/missing b/tools/missing new file mode 100755 index 0000000..f62bbae --- /dev/null +++ b/tools/missing @@ -0,0 +1,215 @@ +#! /bin/sh +# Common wrapper for a few potentially missing GNU programs. + +scriptversion=2013-10-28.13; # UTC + +# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +if test $# -eq 0; then + echo 1>&2 "Try '$0 --help' for more information" + exit 1 +fi + +case $1 in + + --is-lightweight) + # Used by our autoconf macros to check whether the available missing + # script is modern enough. + exit 0 + ;; + + --run) + # Back-compat with the calling convention used by older automake. + shift + ;; + + -h|--h|--he|--hel|--help) + echo "\ +$0 [OPTION]... PROGRAM [ARGUMENT]... + +Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due +to PROGRAM being missing or too old. + +Options: + -h, --help display this help and exit + -v, --version output version information and exit + +Supported PROGRAM values: + aclocal autoconf autoheader autom4te automake makeinfo + bison yacc flex lex help2man + +Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and +'g' are ignored when checking the name. + +Send bug reports to <bug-automake@gnu.org>." + exit $? + ;; + + -v|--v|--ve|--ver|--vers|--versi|--versio|--version) + echo "missing $scriptversion (GNU Automake)" + exit $? + ;; + + -*) + echo 1>&2 "$0: unknown '$1' option" + echo 1>&2 "Try '$0 --help' for more information" + exit 1 + ;; + +esac + +# Run the given program, remember its exit status. +"$@"; st=$? + +# If it succeeded, we are done. +test $st -eq 0 && exit 0 + +# Also exit now if we it failed (or wasn't found), and '--version' was +# passed; such an option is passed most likely to detect whether the +# program is present and works. +case $2 in --version|--help) exit $st;; esac + +# Exit code 63 means version mismatch. This often happens when the user +# tries to use an ancient version of a tool on a file that requires a +# minimum version. +if test $st -eq 63; then + msg="probably too old" +elif test $st -eq 127; then + # Program was missing. + msg="missing on your system" +else + # Program was found and executed, but failed. Give up. + exit $st +fi + +perl_URL=http://www.perl.org/ +flex_URL=http://flex.sourceforge.net/ +gnu_software_URL=http://www.gnu.org/software + +program_details () +{ + case $1 in + aclocal|automake) + echo "The '$1' program is part of the GNU Automake package:" + echo "<$gnu_software_URL/automake>" + echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:" + echo "<$gnu_software_URL/autoconf>" + echo "<$gnu_software_URL/m4/>" + echo "<$perl_URL>" + ;; + autoconf|autom4te|autoheader) + echo "The '$1' program is part of the GNU Autoconf package:" + echo "<$gnu_software_URL/autoconf/>" + echo "It also requires GNU m4 and Perl in order to run:" + echo "<$gnu_software_URL/m4/>" + echo "<$perl_URL>" + ;; + esac +} + +give_advice () +{ + # Normalize program name to check for. + normalized_program=`echo "$1" | sed ' + s/^gnu-//; t + s/^gnu//; t + s/^g//; t'` + + printf '%s\n' "'$1' is $msg." + + configure_deps="'configure.ac' or m4 files included by 'configure.ac'" + case $normalized_program in + autoconf*) + echo "You should only need it if you modified 'configure.ac'," + echo "or m4 files included by it." + program_details 'autoconf' + ;; + autoheader*) + echo "You should only need it if you modified 'acconfig.h' or" + echo "$configure_deps." + program_details 'autoheader' + ;; + automake*) + echo "You should only need it if you modified 'Makefile.am' or" + echo "$configure_deps." + program_details 'automake' + ;; + aclocal*) + echo "You should only need it if you modified 'acinclude.m4' or" + echo "$configure_deps." + program_details 'aclocal' + ;; + autom4te*) + echo "You might have modified some maintainer files that require" + echo "the 'autom4te' program to be rebuilt." + program_details 'autom4te' + ;; + bison*|yacc*) + echo "You should only need it if you modified a '.y' file." + echo "You may want to install the GNU Bison package:" + echo "<$gnu_software_URL/bison/>" + ;; + lex*|flex*) + echo "You should only need it if you modified a '.l' file." + echo "You may want to install the Fast Lexical Analyzer package:" + echo "<$flex_URL>" + ;; + help2man*) + echo "You should only need it if you modified a dependency" \ + "of a man page." + echo "You may want to install the GNU Help2man package:" + echo "<$gnu_software_URL/help2man/>" + ;; + makeinfo*) + echo "You should only need it if you modified a '.texi' file, or" + echo "any other file indirectly affecting the aspect of the manual." + echo "You might want to install the Texinfo package:" + echo "<$gnu_software_URL/texinfo/>" + echo "The spurious makeinfo call might also be the consequence of" + echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might" + echo "want to install GNU make:" + echo "<$gnu_software_URL/make/>" + ;; + *) + echo "You might have modified some files without having the proper" + echo "tools for further handling them. Check the 'README' file, it" + echo "often tells you about the needed prerequisites for installing" + echo "this package. You may also peek at any GNU archive site, in" + echo "case some other package contains this missing '$1' program." + ;; + esac +} + +give_advice "$1" | sed -e '1s/^/WARNING: /' \ + -e '2,$s/^/ /' >&2 + +# Propagate the correct exit status (expected to be 127 for a program +# not found, 63 for a program that failed due to version mismatch). +exit $st + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" +# End: diff --git a/tools/src/Makefile.am b/tools/src/Makefile.am new file mode 100644 index 0000000..489a69a --- /dev/null +++ b/tools/src/Makefile.am @@ -0,0 +1,49 @@ +# $Id: Makefile.am 2486 2018-09-03 20:22:17Z pbuchbinder $ + +bin_PROGRAMS=qsfilter2 qslog qspng qsrotate qssign qstail qshead qsgrep qsexec qscheck qsgeo qslogger qsdt qsrespeed qsre + +qsfilter2_SOURCES= \ + qsfilter2.c qs_util.c + +qslog_SOURCES= \ + qslog.c qs_util.c + +qspng_SOURCES= \ + qspng.c qs_util.c + +qsrotate_SOURCES= \ + qsrotate.c qs_util.c + +qssign_SOURCES= \ + qssign.c qs_util.c qs_apo.c + +qstail_SOURCES= \ + qstail.c qs_util.c + +qshead_SOURCES= \ + qshead.c qs_util.c + +qsgrep_SOURCES= \ + qsgrep.c qs_util.c + +qsexec_SOURCES= \ + qsexec.c qs_util.c + +qscheck_SOURCES= \ + qscheck.c qs_util.c + +qsgeo_SOURCES= \ + qsgeo.c qs_util.c + +qslogger_SOURCES= \ + qslogger.c qs_util.c + +qsdt_SOURCES= \ + qsdt.c qs_util.c + +qsrespeed_SOURCES= \ + qsrespeed.c qs_util.c + +qsre_SOURCES= \ + qsre.c qs_util.c + diff --git a/tools/src/Makefile.in b/tools/src/Makefile.in new file mode 100644 index 0000000..18daa12 --- /dev/null +++ b/tools/src/Makefile.in @@ -0,0 +1,734 @@ +# Makefile.in generated by automake 1.15 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# $Id: Makefile.am 2486 2018-09-03 20:22:17Z pbuchbinder $ + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +bin_PROGRAMS = qsfilter2$(EXEEXT) qslog$(EXEEXT) qspng$(EXEEXT) \ + qsrotate$(EXEEXT) qssign$(EXEEXT) qstail$(EXEEXT) \ + qshead$(EXEEXT) qsgrep$(EXEEXT) qsexec$(EXEEXT) \ + qscheck$(EXEEXT) qsgeo$(EXEEXT) qslogger$(EXEEXT) \ + qsdt$(EXEEXT) qsrespeed$(EXEEXT) qsre$(EXEEXT) +subdir = src +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__installdirs = "$(DESTDIR)$(bindir)" +PROGRAMS = $(bin_PROGRAMS) +am_qscheck_OBJECTS = qscheck.$(OBJEXT) qs_util.$(OBJEXT) +qscheck_OBJECTS = $(am_qscheck_OBJECTS) +qscheck_LDADD = $(LDADD) +am_qsdt_OBJECTS = qsdt.$(OBJEXT) qs_util.$(OBJEXT) +qsdt_OBJECTS = $(am_qsdt_OBJECTS) +qsdt_LDADD = $(LDADD) +am_qsexec_OBJECTS = qsexec.$(OBJEXT) qs_util.$(OBJEXT) +qsexec_OBJECTS = $(am_qsexec_OBJECTS) +qsexec_LDADD = $(LDADD) +am_qsfilter2_OBJECTS = qsfilter2.$(OBJEXT) qs_util.$(OBJEXT) +qsfilter2_OBJECTS = $(am_qsfilter2_OBJECTS) +qsfilter2_LDADD = $(LDADD) +am_qsgeo_OBJECTS = qsgeo.$(OBJEXT) qs_util.$(OBJEXT) +qsgeo_OBJECTS = $(am_qsgeo_OBJECTS) +qsgeo_LDADD = $(LDADD) +am_qsgrep_OBJECTS = qsgrep.$(OBJEXT) qs_util.$(OBJEXT) +qsgrep_OBJECTS = $(am_qsgrep_OBJECTS) +qsgrep_LDADD = $(LDADD) +am_qshead_OBJECTS = qshead.$(OBJEXT) qs_util.$(OBJEXT) +qshead_OBJECTS = $(am_qshead_OBJECTS) +qshead_LDADD = $(LDADD) +am_qslog_OBJECTS = qslog.$(OBJEXT) qs_util.$(OBJEXT) +qslog_OBJECTS = $(am_qslog_OBJECTS) +qslog_LDADD = $(LDADD) +am_qslogger_OBJECTS = qslogger.$(OBJEXT) qs_util.$(OBJEXT) +qslogger_OBJECTS = $(am_qslogger_OBJECTS) +qslogger_LDADD = $(LDADD) +am_qspng_OBJECTS = qspng.$(OBJEXT) qs_util.$(OBJEXT) +qspng_OBJECTS = $(am_qspng_OBJECTS) +qspng_LDADD = $(LDADD) +am_qsre_OBJECTS = qsre.$(OBJEXT) qs_util.$(OBJEXT) +qsre_OBJECTS = $(am_qsre_OBJECTS) +qsre_LDADD = $(LDADD) +am_qsrespeed_OBJECTS = qsrespeed.$(OBJEXT) qs_util.$(OBJEXT) +qsrespeed_OBJECTS = $(am_qsrespeed_OBJECTS) +qsrespeed_LDADD = $(LDADD) +am_qsrotate_OBJECTS = qsrotate.$(OBJEXT) qs_util.$(OBJEXT) +qsrotate_OBJECTS = $(am_qsrotate_OBJECTS) +qsrotate_LDADD = $(LDADD) +am_qssign_OBJECTS = qssign.$(OBJEXT) qs_util.$(OBJEXT) \ + qs_apo.$(OBJEXT) +qssign_OBJECTS = $(am_qssign_OBJECTS) +qssign_LDADD = $(LDADD) +am_qstail_OBJECTS = qstail.$(OBJEXT) qs_util.$(OBJEXT) +qstail_OBJECTS = $(am_qstail_OBJECTS) +qstail_LDADD = $(LDADD) +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(qscheck_SOURCES) $(qsdt_SOURCES) $(qsexec_SOURCES) \ + $(qsfilter2_SOURCES) $(qsgeo_SOURCES) $(qsgrep_SOURCES) \ + $(qshead_SOURCES) $(qslog_SOURCES) $(qslogger_SOURCES) \ + $(qspng_SOURCES) $(qsre_SOURCES) $(qsrespeed_SOURCES) \ + $(qsrotate_SOURCES) $(qssign_SOURCES) $(qstail_SOURCES) +DIST_SOURCES = $(qscheck_SOURCES) $(qsdt_SOURCES) $(qsexec_SOURCES) \ + $(qsfilter2_SOURCES) $(qsgeo_SOURCES) $(qsgrep_SOURCES) \ + $(qshead_SOURCES) $(qslog_SOURCES) $(qslogger_SOURCES) \ + $(qspng_SOURCES) $(qsre_SOURCES) $(qsrespeed_SOURCES) \ + $(qsrotate_SOURCES) $(qssign_SOURCES) $(qstail_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build_alias = @build_alias@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host_alias = @host_alias@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +runstatedir = @runstatedir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +qsfilter2_SOURCES = \ + qsfilter2.c qs_util.c + +qslog_SOURCES = \ + qslog.c qs_util.c + +qspng_SOURCES = \ + qspng.c qs_util.c + +qsrotate_SOURCES = \ + qsrotate.c qs_util.c + +qssign_SOURCES = \ + qssign.c qs_util.c qs_apo.c + +qstail_SOURCES = \ + qstail.c qs_util.c + +qshead_SOURCES = \ + qshead.c qs_util.c + +qsgrep_SOURCES = \ + qsgrep.c qs_util.c + +qsexec_SOURCES = \ + qsexec.c qs_util.c + +qscheck_SOURCES = \ + qscheck.c qs_util.c + +qsgeo_SOURCES = \ + qsgeo.c qs_util.c + +qslogger_SOURCES = \ + qslogger.c qs_util.c + +qsdt_SOURCES = \ + qsdt.c qs_util.c + +qsrespeed_SOURCES = \ + qsrespeed.c qs_util.c + +qsre_SOURCES = \ + qsre.c qs_util.c + +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-binPROGRAMS: $(bin_PROGRAMS) + @$(NORMAL_INSTALL) + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \ + fi; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p \ + ; then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' \ + -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-binPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' \ + `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files + +clean-binPROGRAMS: + -test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS) + +qscheck$(EXEEXT): $(qscheck_OBJECTS) $(qscheck_DEPENDENCIES) $(EXTRA_qscheck_DEPENDENCIES) + @rm -f qscheck$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(qscheck_OBJECTS) $(qscheck_LDADD) $(LIBS) + +qsdt$(EXEEXT): $(qsdt_OBJECTS) $(qsdt_DEPENDENCIES) $(EXTRA_qsdt_DEPENDENCIES) + @rm -f qsdt$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(qsdt_OBJECTS) $(qsdt_LDADD) $(LIBS) + +qsexec$(EXEEXT): $(qsexec_OBJECTS) $(qsexec_DEPENDENCIES) $(EXTRA_qsexec_DEPENDENCIES) + @rm -f qsexec$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(qsexec_OBJECTS) $(qsexec_LDADD) $(LIBS) + +qsfilter2$(EXEEXT): $(qsfilter2_OBJECTS) $(qsfilter2_DEPENDENCIES) $(EXTRA_qsfilter2_DEPENDENCIES) + @rm -f qsfilter2$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(qsfilter2_OBJECTS) $(qsfilter2_LDADD) $(LIBS) + +qsgeo$(EXEEXT): $(qsgeo_OBJECTS) $(qsgeo_DEPENDENCIES) $(EXTRA_qsgeo_DEPENDENCIES) + @rm -f qsgeo$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(qsgeo_OBJECTS) $(qsgeo_LDADD) $(LIBS) + +qsgrep$(EXEEXT): $(qsgrep_OBJECTS) $(qsgrep_DEPENDENCIES) $(EXTRA_qsgrep_DEPENDENCIES) + @rm -f qsgrep$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(qsgrep_OBJECTS) $(qsgrep_LDADD) $(LIBS) + +qshead$(EXEEXT): $(qshead_OBJECTS) $(qshead_DEPENDENCIES) $(EXTRA_qshead_DEPENDENCIES) + @rm -f qshead$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(qshead_OBJECTS) $(qshead_LDADD) $(LIBS) + +qslog$(EXEEXT): $(qslog_OBJECTS) $(qslog_DEPENDENCIES) $(EXTRA_qslog_DEPENDENCIES) + @rm -f qslog$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(qslog_OBJECTS) $(qslog_LDADD) $(LIBS) + +qslogger$(EXEEXT): $(qslogger_OBJECTS) $(qslogger_DEPENDENCIES) $(EXTRA_qslogger_DEPENDENCIES) + @rm -f qslogger$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(qslogger_OBJECTS) $(qslogger_LDADD) $(LIBS) + +qspng$(EXEEXT): $(qspng_OBJECTS) $(qspng_DEPENDENCIES) $(EXTRA_qspng_DEPENDENCIES) + @rm -f qspng$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(qspng_OBJECTS) $(qspng_LDADD) $(LIBS) + +qsre$(EXEEXT): $(qsre_OBJECTS) $(qsre_DEPENDENCIES) $(EXTRA_qsre_DEPENDENCIES) + @rm -f qsre$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(qsre_OBJECTS) $(qsre_LDADD) $(LIBS) + +qsrespeed$(EXEEXT): $(qsrespeed_OBJECTS) $(qsrespeed_DEPENDENCIES) $(EXTRA_qsrespeed_DEPENDENCIES) + @rm -f qsrespeed$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(qsrespeed_OBJECTS) $(qsrespeed_LDADD) $(LIBS) + +qsrotate$(EXEEXT): $(qsrotate_OBJECTS) $(qsrotate_DEPENDENCIES) $(EXTRA_qsrotate_DEPENDENCIES) + @rm -f qsrotate$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(qsrotate_OBJECTS) $(qsrotate_LDADD) $(LIBS) + +qssign$(EXEEXT): $(qssign_OBJECTS) $(qssign_DEPENDENCIES) $(EXTRA_qssign_DEPENDENCIES) + @rm -f qssign$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(qssign_OBJECTS) $(qssign_LDADD) $(LIBS) + +qstail$(EXEEXT): $(qstail_OBJECTS) $(qstail_DEPENDENCIES) $(EXTRA_qstail_DEPENDENCIES) + @rm -f qstail$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(qstail_OBJECTS) $(qstail_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/qs_apo.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/qs_util.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/qscheck.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/qsdt.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/qsexec.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/qsfilter2.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/qsgeo.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/qsgrep.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/qshead.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/qslog.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/qslogger.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/qspng.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/qsre.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/qsrespeed.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/qsrotate.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/qssign.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/qstail.Po@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(PROGRAMS) +installdirs: + for dir in "$(DESTDIR)$(bindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-binPROGRAMS clean-generic mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-binPROGRAMS + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-binPROGRAMS + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean \ + clean-binPROGRAMS clean-generic cscopelist-am ctags ctags-am \ + distclean distclean-compile distclean-generic distclean-tags \ + distdir dvi dvi-am html html-am info info-am install \ + install-am install-binPROGRAMS install-data install-data-am \ + install-dvi install-dvi-am install-exec install-exec-am \ + install-html install-html-am install-info install-info-am \ + install-man install-pdf install-pdf-am install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic pdf pdf-am \ + ps ps-am tags tags-am uninstall uninstall-am \ + uninstall-binPROGRAMS + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/tools/src/char.h b/tools/src/char.h new file mode 100644 index 0000000..a703691 --- /dev/null +++ b/tools/src/char.h @@ -0,0 +1,539 @@ +/** + * Utilities for the quality of service module mod_qos. + * + * See http://mod-qos.sourceforge.net/ for further + * details. + * + * Copyright (C) 2023 Pascal Buchbinder + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#define S_W_MAX 6 +#define S_H_MAX 7 + +static int s_0[S_H_MAX][S_W_MAX] = { + { 0,1,1,1,0,0}, + { 1,0,0,0,1,0}, + { 1,0,0,0,1,0}, + { 1,0,0,0,1,0}, + { 1,0,0,0,1,0}, + { 0,1,1,1,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_1[S_H_MAX][S_W_MAX] = { + { 0,0,0,1,0,0}, + { 0,0,1,1,0,0}, + { 0,1,0,1,0,0}, + { 0,0,0,1,0,0}, + { 0,0,0,1,0,0}, + { 0,0,0,1,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_2[S_H_MAX][S_W_MAX] = { + { 0,1,1,1,0,0}, + { 1,0,0,0,1,0}, + { 0,0,0,1,0,0}, + { 0,0,1,0,0,0}, + { 0,1,0,0,0,0}, + { 1,1,1,1,1,0}, + { 0,0,0,0,0,0} +}; + +static int s_3[S_H_MAX][S_W_MAX] = { + { 0,1,1,1,0,0}, + { 1,0,0,0,1,0}, + { 0,0,1,1,0,0}, + { 0,0,0,0,1,0}, + { 1,0,0,0,1,0}, + { 0,1,1,1,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_4[S_H_MAX][S_W_MAX] = { + { 0,0,0,1,0,0}, + { 0,0,1,0,0,0}, + { 0,1,0,0,0,0}, + { 1,0,0,1,0,0}, + { 1,1,1,1,1,0}, + { 0,0,0,1,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_5[S_H_MAX][S_W_MAX] = { + { 1,1,1,1,1,0}, + { 1,0,0,0,0,0}, + { 1,1,1,1,0,0}, + { 0,0,0,0,1,0}, + { 0,0,0,0,1,0}, + { 1,1,1,1,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_6[S_H_MAX][S_W_MAX] = { + { 0,1,1,1,0,0}, + { 1,0,0,0,0,0}, + { 1,0,1,1,0,0}, + { 1,1,0,0,1,0}, + { 1,0,0,0,1,0}, + { 0,1,1,1,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_7[S_H_MAX][S_W_MAX] = { + { 1,1,1,1,1,0}, + { 0,0,0,0,1,0}, + { 0,0,0,1,0,0}, + { 0,0,1,0,0,0}, + { 0,1,0,0,0,0}, + { 0,1,0,0,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_8[S_H_MAX][S_W_MAX] = { + { 0,1,1,1,0,0}, + { 1,0,0,0,1,0}, + { 0,1,1,1,0,0}, + { 1,0,0,0,1,0}, + { 1,0,0,0,1,0}, + { 0,1,1,1,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_9[S_H_MAX][S_W_MAX] = { + { 0,1,1,1,0,0}, + { 1,0,0,0,1,0}, + { 0,1,1,1,1,0}, + { 0,0,0,0,1,0}, + { 0,0,0,0,1,0}, + { 0,1,1,1,0,0}, + { 0,0,0,0,0,0} +}; + +/* ----------------------------------------------- */ +static int s_a[S_H_MAX][S_W_MAX] = { + { 0,0,0,0,0,0}, + { 0,1,1,1,0,0}, + { 0,0,0,0,1,0}, + { 0,1,1,1,1,0}, + { 1,0,0,0,1,0}, + { 0,1,1,1,1,0}, + { 0,0,0,0,0,0} +}; + +static int s_b[S_H_MAX][S_W_MAX] = { + { 1,0,0,0,0,0}, + { 1,0,0,0,0,0}, + { 1,1,1,1,0,0}, + { 1,0,0,0,1,0}, + { 1,0,0,0,1,0}, + { 1,1,1,1,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_c[S_H_MAX][S_W_MAX] = { + { 0,0,0,0,0,0}, + { 0,1,1,1,0,0}, + { 1,0,0,0,1,0}, + { 1,0,0,0,0,0}, + { 1,0,0,0,1,0}, + { 0,1,1,1,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_d[S_H_MAX][S_W_MAX] = { + { 0,0,0,0,1,0}, + { 0,0,0,0,1,0}, + { 0,1,1,1,1,0}, + { 1,0,0,0,1,0}, + { 1,0,0,0,1,0}, + { 0,1,1,1,1,0}, + { 0,0,0,0,0,0} +}; + +static int s_e[S_H_MAX][S_W_MAX] = { + { 0,0,0,0,0,0}, + { 0,1,1,1,0,0}, + { 1,0,0,0,1,0}, + { 1,1,1,1,1,0}, + { 1,0,0,0,0,0}, + { 0,1,1,1,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_f[S_H_MAX][S_W_MAX] = { + { 0,0,1,1,0,0}, + { 0,1,0,0,0,0}, + { 1,1,1,0,0,0}, + { 0,1,0,0,0,0}, + { 0,1,0,0,0,0}, + { 0,1,0,0,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_g[S_H_MAX][S_W_MAX] = { + { 0,0,0,0,0,0}, + { 0,1,1,1,1,0}, + { 1,0,0,0,1,0}, + { 1,0,0,0,1,0}, + { 0,1,1,1,1,0}, + { 0,0,0,0,1,0}, + { 0,1,1,1,0,0} +}; + +static int s_h[S_H_MAX][S_W_MAX] = { + { 1,0,0,0,0,0}, + { 1,0,0,0,0,0}, + { 1,0,1,1,0,0}, + { 1,1,0,0,1,0}, + { 1,0,0,0,1,0}, + { 1,0,0,0,1,0}, + { 0,0,0,0,0,0} +}; + +static int s_i[S_H_MAX][S_W_MAX] = { + { 0,0,1,0,0,0}, + { 0,0,0,0,0,0}, + { 0,1,1,0,0,0}, + { 0,0,1,0,0,0}, + { 0,0,1,0,0,0}, + { 0,1,1,1,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_j[S_H_MAX][S_W_MAX] = { + { 0,0,0,0,1,0}, + { 0,0,0,0,0,0}, + { 0,0,0,1,1,0}, + { 0,0,0,0,1,0}, + { 0,0,0,0,1,0}, + { 0,0,0,0,1,0}, + { 0,0,1,1,0,0} +}; + +static int s_k[S_H_MAX][S_W_MAX] = { + { 1,0,0,0,0,0}, + { 1,0,0,0,0,0}, + { 1,0,1,1,0,0}, + { 1,1,0,0,0,0}, + { 1,0,1,0,0,0}, + { 1,0,0,1,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_l[S_H_MAX][S_W_MAX] = { + { 0,1,1,0,0,0}, + { 0,0,1,0,0,0}, + { 0,0,1,0,0,0}, + { 0,0,1,0,0,0}, + { 0,0,1,0,0,0}, + { 0,0,1,0,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_m[S_H_MAX][S_W_MAX] = { + { 0,0,0,0,0,0}, + { 1,1,0,1,0,0}, + { 1,0,1,0,1,0}, + { 1,0,1,0,1,0}, + { 1,0,1,0,1,0}, + { 1,0,1,0,1,0}, + { 0,0,0,0,0,0} +}; + +static int s_n[S_H_MAX][S_W_MAX] = { + { 0,0,0,0,0,0}, + { 1,0,1,1,0,0}, + { 1,1,0,0,1,0}, + { 1,0,0,0,1,0}, + { 1,0,0,0,1,0}, + { 1,0,0,0,1,0}, + { 0,0,0,0,0,0} +}; + +static int s_o[S_H_MAX][S_W_MAX] = { + { 0,0,0,0,0,0}, + { 0,1,1,1,0,0}, + { 1,0,0,0,1,0}, + { 1,0,0,0,1,0}, + { 1,0,0,0,1,0}, + { 0,1,1,1,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_p[S_H_MAX][S_W_MAX] = { + { 0,0,0,0,0,0}, + { 1,1,1,1,0,0}, + { 1,0,0,0,1,0}, + { 1,0,0,0,1,0}, + { 1,1,1,1,0,0}, + { 1,0,0,0,0,0}, + { 1,0,0,0,0,0} +}; + +static int s_q[S_H_MAX][S_W_MAX] = { + { 0,0,0,0,0,0}, + { 0,1,1,1,1,0}, + { 1,0,0,0,1,0}, + { 1,0,0,0,1,0}, + { 0,1,1,1,1,0}, + { 0,0,0,0,1,0}, + { 0,0,0,0,1,0} +}; + +static int s_r[S_H_MAX][S_W_MAX] = { + { 0,0,0,0,0,0}, + { 1,0,1,1,0,0}, + { 1,1,0,0,1,0}, + { 1,0,0,0,0,0}, + { 1,0,0,0,0,0}, + { 1,0,0,0,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_s[S_H_MAX][S_W_MAX] = { + { 0,0,0,0,0,0}, + { 0,1,1,1,1,0}, + { 1,0,0,0,0,0}, + { 0,1,1,1,0,0}, + { 0,0,0,0,1,0}, + { 1,1,1,1,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_t[S_H_MAX][S_W_MAX] = { + { 0,0,1,0,0,0}, + { 0,1,1,1,0,0}, + { 0,0,1,0,0,0}, + { 0,0,1,0,0,0}, + { 0,0,1,0,1,0}, + { 0,0,0,1,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_u[S_H_MAX][S_W_MAX] = { + { 0,0,0,0,0,0}, + { 1,0,0,0,1,0}, + { 1,0,0,0,1,0}, + { 1,0,0,0,1,0}, + { 1,0,0,0,1,0}, + { 0,1,1,1,1,0}, + { 0,0,0,0,0,0} +}; + +static int s_v[S_H_MAX][S_W_MAX] = { + { 0,0,0,0,0,0}, + { 1,0,0,0,1,0}, + { 1,0,0,0,1,0}, + { 1,0,0,0,1,0}, + { 0,1,0,1,0,0}, + { 0,0,1,0,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_w[S_H_MAX][S_W_MAX] = { + { 0,0,0,0,0,0}, + { 1,0,0,0,1,0}, + { 1,0,0,0,1,0}, + { 1,0,1,0,1,0}, + { 1,1,0,1,1,0}, + { 1,0,0,0,1,0}, + { 0,0,0,0,0,0} +}; + +static int s_x[S_H_MAX][S_W_MAX] = { + { 0,0,0,0,0,0}, + { 1,0,0,0,1,0}, + { 0,1,0,1,0,0}, + { 0,0,1,0,0,0}, + { 0,1,0,1,0,0}, + { 1,0,0,0,1,0}, + { 0,0,0,0,0,0} +}; + +static int s_y[S_H_MAX][S_W_MAX] = { + { 0,0,0,0,0,0}, + { 1,0,0,0,1,0}, + { 1,0,0,0,1,0}, + { 1,0,0,0,1,0}, + { 0,1,1,1,1,0}, + { 0,0,0,0,1,0}, + { 1,1,1,1,0,0} +}; + +static int s_z[S_H_MAX][S_W_MAX] = { + { 0,0,0,0,0,0}, + { 1,1,1,1,1,0}, + { 0,0,0,1,1,0}, + { 0,0,1,0,0,0}, + { 1,1,0,0,0,0}, + { 1,1,1,1,1,0}, + { 0,0,0,0,0,0} +}; + +static int s_BRO[S_H_MAX][S_W_MAX] = { + { 0,0,0,1,0,0}, + { 0,0,1,0,0,0}, + { 0,1,0,0,0,0}, + { 0,1,0,0,0,0}, + { 0,0,1,0,0,0}, + { 0,0,0,1,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_BRC[S_H_MAX][S_W_MAX] = { + { 0,0,1,0,0,0}, + { 0,0,0,1,0,0}, + { 0,0,0,0,1,0}, + { 0,0,0,0,1,0}, + { 0,0,0,1,0,0}, + { 0,0,1,0,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_MI[S_H_MAX][S_W_MAX] = { + { 0,0,0,0,0,0}, + { 0,0,0,0,0,0}, + { 0,0,0,0,0,0}, + { 1,1,1,1,1,0}, + { 0,0,0,0,0,0}, + { 0,0,0,0,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_LT[S_H_MAX][S_W_MAX] = { + { 0,0,0,0,0,0}, + { 0,0,0,1,0,0}, + { 0,1,1,0,0,0}, + { 1,0,0,0,0,0}, + { 0,1,1,0,0,0}, + { 0,0,0,1,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_GT[S_H_MAX][S_W_MAX] = { + { 0,0,0,0,0,0}, + { 0,1,0,0,0,0}, + { 0,0,1,1,0,0}, + { 0,0,0,0,1,0}, + { 0,0,1,1,0,0}, + { 0,1,0,0,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_SP[S_H_MAX][S_W_MAX] = { + { 0,0,0,0,0,0}, + { 0,0,0,0,0,0}, + { 0,0,0,0,0,0}, + { 0,0,0,0,0,0}, + { 0,0,0,0,0,0}, + { 0,0,0,0,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_US[S_H_MAX][S_W_MAX] = { + { 0,0,0,0,0,0}, + { 0,0,0,0,0,0}, + { 0,0,0,0,0,0}, + { 0,0,0,0,0,0}, + { 0,0,0,0,0,0}, + { 1,1,1,1,1,0}, + { 0,0,0,0,0,0} +}; + +static int s_M[S_H_MAX][S_W_MAX] = { + { 1,0,0,0,1,0}, + { 1,1,0,1,1,0}, + { 1,0,1,0,1,0}, + { 1,0,0,0,1,0}, + { 1,0,0,0,1,0}, + { 1,0,0,0,1,0}, + { 0,0,0,0,0,0} +}; + +static int s_DT[S_H_MAX][S_W_MAX] = { + { 0,0,0,0,0,0}, + { 0,0,0,0,0,0}, + { 0,0,0,0,0,0}, + { 0,0,0,0,0,0}, + { 0,0,0,0,0,0}, + { 0,1,0,0,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_CM[S_H_MAX][S_W_MAX] = { + { 0,0,0,0,0,0}, + { 0,0,0,0,0,0}, + { 0,0,0,0,0,0}, + { 0,0,0,0,0,0}, + { 0,0,0,0,0,0}, + { 0,0,1,0,0,0}, + { 0,1,0,0,0,0} +}; + +static int s_SC[S_H_MAX][S_W_MAX] = { + { 0,0,0,0,0,0}, + { 0,0,0,0,0,0}, + { 0,0,1,0,0,0}, + { 0,0,0,0,0,0}, + { 0,0,0,0,0,0}, + { 0,0,1,0,0,0}, + { 0,1,0,0,0,0} +}; + +static int s_CO[S_H_MAX][S_W_MAX] = { + { 0,0,0,0,0,0}, + { 0,0,0,0,0,0}, + { 0,0,1,0,0,0}, + { 0,0,0,0,0,0}, + { 0,0,0,0,0,0}, + { 0,0,1,0,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_SL[S_H_MAX][S_W_MAX] = { + { 0,0,0,0,0,1}, + { 0,0,0,0,1,0}, + { 0,0,0,1,0,0}, + { 0,0,1,0,0,0}, + { 0,1,0,0,0,0}, + { 1,0,0,0,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_SQ[S_H_MAX][S_W_MAX] = { + { 0,0,1,0,0,0}, + { 0,0,1,0,0,0}, + { 0,0,1,0,0,0}, + { 0,0,0,0,0,0}, + { 0,0,0,0,0,0}, + { 0,0,0,0,0,0}, + { 0,0,0,0,0,0} +}; + +static int s_X[S_H_MAX][S_W_MAX] = { + { 1,1,1,1,1,0}, + { 1,1,1,1,1,0}, + { 1,1,1,1,1,0}, + { 1,1,1,1,1,0}, + { 1,1,1,1,1,0}, + { 1,1,1,1,1,0}, + { 0,0,0,0,0,0} +}; + diff --git a/tools/src/qs_apo.c b/tools/src/qs_apo.c new file mode 100644 index 0000000..67f4027 --- /dev/null +++ b/tools/src/qs_apo.c @@ -0,0 +1,135 @@ +/** + * Utilities for the quality of service module mod_qos. + * + * See http://mod-qos.sourceforge.net/ for further + * details. + * + * Copyright (C) 2023 Pascal Buchbinder + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +static const char revision[] = "$Id: qs_apo.c 2654 2022-05-13 09:12:42Z pbuchbinder $"; + +#include <stdio.h> +#include <pthread.h> +#include <stdlib.h> +#include <string.h> +#include <ctype.h> +#include <stdarg.h> +#include <fcntl.h> +#include <dirent.h> +#include <unistd.h> +#include <errno.h> +#include <pwd.h> + +/* apr/apr-util */ +#include <apr.h> +#include <apr_base64.h> +#include <apr_pools.h> +#include <apr_strings.h> +#include <apr_thread_proc.h> +#include <apr_file_io.h> +#include <apr_time.h> + +#include "qs_util.h" +#include "qs_apo.h" + +static apr_table_t *qs_args(apr_pool_t *pool, const char *line) { + char *last = apr_pstrdup(pool, line); + apr_table_t* table = apr_table_make(pool, 10); + char *val; + while((val = apr_strtok(NULL, " ", &last))) { + apr_table_addn(table, val, ""); + } + return table; +} + +static void qs_failedexec(const char *msg, const char *cmd, apr_status_t status) { + char buf[MAX_LINE]; + apr_strerror(status, buf, sizeof(buf)); + fprintf(stderr, "ERROR %s '%s': '%s'\n", msg, cmd, buf); + exit(1); +} + +/** + * Reads a passphrase using the defined passphrase getter (executes + * the program and reads the passphras from stdout). + * + * @param pool To allocate memory + * @param prg Path of the program to exectue + * @return The passphrase + */ +char *qs_readpwd(apr_pool_t *pool, const char *prg) { + apr_status_t status; + apr_proc_t proc; + const char **args; + apr_table_entry_t *entry; + char *last; + char *copy = apr_pstrdup(pool, prg); + char *cmd = apr_strtok(copy, " ", &last); + apr_table_t *a = qs_args(pool, prg); + int i; + apr_procattr_t *attr; + apr_size_t len = MAX_LINE; + char *buf = apr_pcalloc(pool, len); + + args = apr_pcalloc(pool, (apr_table_elts(a)->nelts + 1) * sizeof(const char *)); + entry = (apr_table_entry_t *) apr_table_elts(a)->elts; + for(i = 0; i < apr_table_elts(a)->nelts; i++) { + args[i] = entry[i].key; + } + args[i] = NULL; + + if(cmd == NULL) { + qs_failedexec("can't read password, invalid executable", prg, APR_EGENERAL); + } + if((status = apr_procattr_create(&attr, pool)) != APR_SUCCESS) { + qs_failedexec("while reading password from executable", prg, status); + } + if((status = apr_procattr_cmdtype_set(attr, APR_PROGRAM_PATH)) != APR_SUCCESS) { + qs_failedexec("while reading password from executable", prg, status); + } + if((status = apr_procattr_detach_set(attr, 0)) != APR_SUCCESS) { + qs_failedexec("while reading password from executable", prg, status); + } + if((status = apr_procattr_io_set(attr, APR_FULL_BLOCK, APR_FULL_BLOCK, APR_NO_PIPE)) != APR_SUCCESS) { + qs_failedexec("while reading password from executable", prg, status); + } + if((status = apr_proc_create(&proc, cmd, args, NULL, attr, pool)) != APR_SUCCESS) { + qs_failedexec("could not execute program", prg, status); + } else { + char *e; + status = apr_proc_wait(&proc, NULL, NULL, APR_WAIT); + if(status != APR_CHILD_DONE && status != APR_SUCCESS) { + qs_failedexec("while reading password from executable", prg, status); + } + status = apr_file_read(proc.out, buf, &len); + if(status != APR_SUCCESS) { + qs_failedexec("failed to read password from program", prg, status); + } + e = buf; + while(e && e[0]) { + if((e[0] == LF) || (e[0] == CR)) { + e[0] = '\0'; + } else { + e++; + } + } + } + return buf; +} diff --git a/tools/src/qs_apo.h b/tools/src/qs_apo.h new file mode 100644 index 0000000..4316571 --- /dev/null +++ b/tools/src/qs_apo.h @@ -0,0 +1,31 @@ +/** + * Utilities for the quality of service module mod_qos. + * + * See http://mod-qos.sourceforge.net/ for further + * details. + * + * Copyright (C) 2023 Pascal Buchbinder + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef QS_APO_H +#define QS_APO_H + +char *qs_readpwd(apr_pool_t *pool, const char *prg); + +#endif diff --git a/tools/src/qs_util.c b/tools/src/qs_util.c new file mode 100644 index 0000000..ddf1e89 --- /dev/null +++ b/tools/src/qs_util.c @@ -0,0 +1,409 @@ +/** + * Utilities for the quality of service module mod_qos. + * + * See http://mod-qos.sourceforge.net/ for further + * details. + * + * Copyright (C) 2023 Pascal Buchbinder + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +static const char revision[] = "$Id: qs_util.c 2654 2022-05-13 09:12:42Z pbuchbinder $"; + +#include <stdio.h> +#include <pthread.h> +#include <stdlib.h> +#include <string.h> +#include <ctype.h> +#include <stdarg.h> +#include <fcntl.h> +#include <dirent.h> +#include <unistd.h> +#include <errno.h> +#include <pwd.h> + +#define PCRE2_CODE_UNIT_WIDTH 8 +#include <pcre2.h> +typedef pcre2_match_data* match_data_pt; +typedef size_t* match_vector_pt; + +#include "qs_util.h" + +/* mutex for counter access */ +static pthread_mutex_t m_qs_lock_cs; +/* online/offline mode */ +static int m_qs_offline = 0; +/* internal clock for offline analysis + * stores time in seconds */ +static time_t m_qs_virtualSystemTime = 0; + +/* ---------------------------------- + * functions + * ---------------------------------- */ + +/** + * man: + * - escape special chars, like "\" and "-" + * - wipe leading spaces + * - wipe tailing LF + */ +void qs_man_print(int man, const char *fmt, ...) { + char bufin[4096]; + char bufout[4096]; + va_list args; + int i = 0; + int j = 0; + memset(bufin, 0, 4096); + va_start(args, fmt); + vsprintf(bufin, fmt, args); + if(man) { + // wipe leading spaces + // while(bufin[i] == ' ' && bufin[i+1] == ' ') { + while(bufin[i] == ' ') { + i++; + } + } + while(bufin[i] && j < 4000) { + // escape "\\" and "-" for man page + if(man && (bufin[i] == '\\' || bufin[i] == '-')) { + bufout[j] = '\\'; + j++; + } + if(bufin[i] == '\n') { + if(man) { + // skip LF for man page + i++; + } else { + // keep LF + bufout[j] = bufin[i]; + i++; + j++; + } + } else { + // standard char + bufout[j] = bufin[i]; + i++; + j++; + } + } + bufout[j] = '\0'; + printf("%s", bufout); + if(man) { + printf(" "); + } +} + +// escape only +void qs_man_println(int man, const char *fmt, ...) { + char bufin[4096]; + char bufout[4096]; + va_list args; + int i = 0; + int j = 0; + memset(bufin, 0, 4096); + va_start(args, fmt); + vsprintf(bufin, fmt, args); + while(bufin[i] && j < 4000) { + // escape "\\" and "-" for man page + if(man && (bufin[i] == '\\' || bufin[i] == '-')) { + bufout[j] = '\\'; + j++; + } + // standard char + bufout[j] = bufin[i]; + i++; + j++; + } + bufout[j] = '\0'; + printf("%s", bufout); +} + +char *qs_CMD(const char *cmd) { + char *buf = calloc(1024, 1); + int i = 0; + while(cmd[i] && i < 1023) { + buf[i] = toupper(cmd[i]); + i++; + } + buf[i] = '\0'; + return buf; +} + +/* io --------------------------------------------------------- */ +/* + * reads a line from stdin + * + * @param s Buffer to write line to + * @param n Length of the buffer + * @return 0 on EOF, or 1 if there is more data to read + */ +int qs_getLine(char *s, int n) { + int i = 0; + while (1) { + s[i] = (char)getchar(); + if(s[i] == EOF) return 0; + if (s[i] == CR) { + s[i] = getchar(); + } + if ((s[i] == 0x4) || (s[i] == LF) || (i == (n - 1))) { + s[i] = '\0'; + return 1; + } + ++i; + } +} + +/* + * reads a line from file + * + * @param s Buffer to write line to + * @param n Length of the buffer + * @return 0 on EOF, or 1 if there is more data to read + */ +int qs_getLinef(char *s, int n, FILE *f) { + register int i = 0; + while (1) { + s[i] = (char) fgetc(f); + if (s[i] == CR) { + s[i] = fgetc(f); + } + if ((s[i] == 0x4) || (s[i] == LF) || (i == (n - 1))) { + s[i] = '\0'; + return (feof(f) ? 1 : 0); + } + ++i; + } +} + +/* time ------------------------------------------------------- */ +/* + * We implement our own time which is either + * the system time (real time) or the time from + * the access log lines (offline) if m_qs_offline + * has been set (use qs_set2OfflineMode() to enable + * the offline mode). + * + * @param tme Set to the time since the Epoch in seconds. + */ +void qs_time(time_t *tme) { + if(m_qs_offline) { + /* use virtual time from the access log */ + *tme = m_qs_virtualSystemTime; + } else { + time(tme); + } +} + +/** + * Sets time measurement (qs_time()) to offline mode. + */ +void qs_set2OfflineMode() { + m_qs_offline = 1; +} + +/* + * Updates the virtual time. + */ +void qs_setTime(time_t tme) { + m_qs_virtualSystemTime = tme; +} + +/* synchronisation -------------------------------------------- */ +/* + * locks all counter + */ +void qs_csLock() { + pthread_mutex_lock(&m_qs_lock_cs); +} + +/* + * unlocks all counter + */ +void qs_csUnLock() { + pthread_mutex_unlock(&m_qs_lock_cs); +} + +/* + * init locks + */ +void qs_csInitLock() { + pthread_mutex_init(&m_qs_lock_cs, NULL); +} + +/* logs ------------------------------------------------------- */ + +/** + * Keeps only the specified number of files + * + * @param file_name Absolute file name + * @param generations Number of files to keep + */ +void qs_deleteOldFiles(const char *file_name, int generations) { + DIR *dir; + char dirname[QS_HUGE_STR]; + char *p; + memset(dirname, 0, QS_HUGE_STR); + if(strlen(file_name) > (QS_HUGE_STR - 12)) { + // invalid file length + return; + } + if(strrchr(file_name, '/') == NULL) { + sprintf(dirname, "./%s", file_name); + } else { + strcpy(dirname, file_name); + } + p = strrchr(dirname, '/'); + p[0] = '\0'; p++; + dir = opendir(dirname); + if(dir) { + int num = 0; + struct dirent *de; + char filename[QS_HUGE_STR]; + snprintf(filename, sizeof(filename), "%s.20", p); + /* determine how many files to delete */ + while((de = readdir(dir)) != 0) { + if(de->d_name && (strncmp(de->d_name, filename, strlen(filename)) == 0)) { + num++; + } + } + /* delete the oldest files (assumes they are ordered by their creation date) */ + while(num > generations) { + char old[QS_HUGE_STR]; + old[0] = '\0'; + rewinddir(dir); + while((de = readdir(dir)) != 0) { + if(de->d_name && (strncmp(de->d_name, filename, strlen(filename)) == 0)) { + if(strcmp(old, de->d_name) > 0) { + snprintf(old, sizeof(old), "%s", de->d_name); + } else { + if(old[0] == '\0') { + snprintf(old, sizeof(old), "%s", de->d_name); + } + } + } + } + { + /* build abs path and delete it */ + char unl[QS_HUGE_STR]; + snprintf(unl, sizeof(unl), "%s/%s", dirname, old); + unlink(unl); + } + num--; + } + closedir(dir); + } +} + +/* user ------------------------------------------------------- */ +void qs_setuid(const char *username, const char *cmd) { + if(username && getuid() == 0) { + struct passwd *pwd = getpwnam(username); + uid_t uid, gid; + if(pwd == NULL) { + fprintf(stderr, "[%s] failed to switch user: unknown user id '%s'\n", cmd, username); + exit(1); + } + uid = pwd->pw_uid; + gid = pwd->pw_gid; + setgid(gid); + setuid(uid); + if(getuid() != uid) { + fprintf(stderr, "[%s] setuid failed (%s,%d)\n", cmd, username, uid); + exit(1); + } + if(getgid() != gid) { + fprintf(stderr, "[%s] setgid failed (%d)\n", cmd, gid); + exit(1); + } + } +} +/* pcre ------------------------------------------------------- */ +int qs_pregfree(void *p) { + qs_regfree((qs_regex_t *)p); + return 0; +} + +void qs_regfree(qs_regex_t *preg) { + if(preg->state == 1) { + pcre2_code_free(preg->re_pcre); + } +} + +int qs_regcomp(qs_regex_t *preg, const char *pattern, int cflags) { + unsigned int capcount; + size_t erroffset; + int errcode = 0; + int options = cflags; + preg->state = 0; + + preg->re_pcre = pcre2_compile((const unsigned char *)pattern, + PCRE2_ZERO_TERMINATED, options, &errcode, + &erroffset, NULL); + + if (preg->re_pcre == NULL) { + return 1; + } + + pcre2_pattern_info((const pcre2_code *)preg->re_pcre, + PCRE2_INFO_CAPTURECOUNT, &capcount); + preg->re_nsub = capcount; + + preg->state = 1; + + return 0; +} + +int qs_regexec_len(const qs_regex_t *preg, const char *buff, + unsigned int len, unsigned int nmatch, + qs_regmatch_t *pmatch, int eflags) { + int rc; + int options = 0; + match_vector_pt ovector = NULL; + unsigned int ncaps = (unsigned int)preg->re_nsub + 1; + match_data_pt data = pcre2_match_data_create(ncaps, NULL); + + if (!data) { + return -1; + } + + options = eflags; + + rc = pcre2_match((const pcre2_code *)preg->re_pcre, + (const unsigned char *)buff, len, + 0, options, data, NULL); + ovector = pcre2_get_ovector_pointer(data); + + if (rc >= 0) { + unsigned int n = rc, i; + if (n == 0 || n > nmatch) + rc = n = nmatch; /* All capture slots were filled in */ + for (i = 0; i < n; i++) { + pmatch[i].rm_so = ovector[i * 2]; + pmatch[i].rm_eo = ovector[i * 2 + 1]; + } + for (; i < nmatch; i++) { + pmatch[i].rm_so = pmatch[i].rm_eo = -1; + } + pcre2_match_data_free(data); + return rc; + } + else { + pcre2_match_data_free(data); + + return -1; + } +} diff --git a/tools/src/qs_util.h b/tools/src/qs_util.h new file mode 100644 index 0000000..fa0bc1c --- /dev/null +++ b/tools/src/qs_util.h @@ -0,0 +1,98 @@ +/** + * Utilities for the quality of service module mod_qos. + * + * See http://mod-qos.sourceforge.net/ for further + * details. + * + * Copyright (C) 2023 Pascal Buchbinder + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef QS_UTIL_H +#define QS_UTIL_H + +/* ---------------------------------- + * version info + * ---------------------------------- */ +static const char man_version[] = "11.74"; +static const char man_date[] = "May 2023"; + +/* ---------------------------------- + * definitions + * ---------------------------------- */ +/* huge (128kb) buffer supporting very long lines (twice as + much as Apache's rotatelogs uses */ +#define MAX_LINE_BUFFER 131072 +/* smaller buffer, e.g. for qslog */ +#define MAX_LINE 32768 +#define QS_HUGE_STR 2048 +#define CR 13 +#define LF 10 + +/* ---------------------------------- + * functions + * ---------------------------------- */ +char *qs_CMD(const char *cmd); +void qs_man_print(int man, const char *fmt, ...); +void qs_man_println(int man, const char *fmt, ...); + +/* io */ +int qs_getLine(char *s, int n); +int qs_getLinef(char *s, int n, FILE *f); + +/* time */ +void qs_time(time_t *tme); +void qs_set2OfflineMode(); +void qs_setTime(time_t tme); + +/* synchronisation */ +void qs_csInitLock(); +void qs_csLock(); +void qs_csUnLock(); + +/* log */ +void qs_deleteOldFiles(const char *file_name, int generations); + +/* user */ +void qs_setuid(const char *username, const char *cmd); + +/* pcre */ +#define QS_MAX_REG_MATCH 10 + +typedef struct { + int rm_so; + int rm_eo; +} qs_regmatch_t; + +typedef struct { + void *re_pcre; + int re_nsub; + int state; +} qs_regex_t; + +int qs_pregfree(void *p); + +void qs_regfree(qs_regex_t *preg); + +int qs_regcomp(qs_regex_t *preg, const char *regex, int cflags); + +int qs_regexec_len(const qs_regex_t *preg, const char *buff, + unsigned int len, unsigned int nmatch, + qs_regmatch_t *pmatch, int eflags); + +#endif diff --git a/tools/src/qscheck.c b/tools/src/qscheck.c new file mode 100644 index 0000000..4b75c36 --- /dev/null +++ b/tools/src/qscheck.c @@ -0,0 +1,413 @@ +/** + * Utilities for the quality of service module mod_qos. + * + * qscheck.c: Monitor testing tcp connectivity to servers used by mod_proxy. + * + * See http://mod-qos.sourceforge.net/ for further + * details. + * + * Copyright (C) 2023 Pascal Buchbinder + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +static const char revision[] = "$Id: qscheck.c 2654 2022-05-13 09:12:42Z pbuchbinder $"; + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <netdb.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <unistd.h> +#include <fcntl.h> +#include <ctype.h> +#include <arpa/inet.h> + +#include "qs_util.h" + +//#include <config.h> + +#define CR 13 +#define LF 10 +#define QS_TIMEOUT 2 +#define QS_PROXYP "proxypass " +#define QS_PROXYP_TAB "proxypass\t" +#define QS_PROXYPR "proxypassreverse " +#define QS_PROXYPR_TAB "proxypassreverse\t" +#define QS_PROXYR "proxyremote " +#define QS_PROXYR_TAB "proxyremote\t" +#define QS_INCLUDE "nclude " +#define QS_INCLUDE_TAB "nclude\t" +#define QS_SERVERROOT "ServerRoot " +#define QS_SERVERROOT_TAB "ServerRoot\t" + +static int m_verbose = 0; +static char ServerRoot[1024]; +static char *checkedHosts = NULL; + +/** + * Prints usage text + */ +static void usage(char *cmd) { + printf("\n"); + printf("Monitor program testing the TCP connectivity to servers.\n"); + printf("\n"); + printf("Usage: %s -c <httpd.conf> [-v]\n", cmd); + printf("\n"); + printf("Verifies the connectivity to the server referred either\n"); + printf("by the ProxyPass, ProxyPassReverse, or ProxyReverse\n"); + printf("directive used by mod_proxy.\n"); + printf("\n"); + printf("You may alternatively use \"%s -i <hostname>:<port>\" if\n", cmd); + printf("you want to check the TCP connectivity to a single host.\n"); + printf("\n"); + printf("See http://mod-qos.sourceforge.net/ for further details.\n"); + exit(1); +} + +/** + * Opens a tcp connection + */ +static int ping(unsigned long address, int port) { + int status = 0; + struct sockaddr_in addr; + int skt; + addr.sin_addr.s_addr = address; + addr.sin_port = htons(port); + addr.sin_family = PF_INET; + skt = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); + if(skt != -1) { + int sflags = fcntl(skt,F_GETFL,0); + if(sflags >=0) { + /* set non blocking socket */ + if(fcntl(skt,F_SETFL,sflags|O_NONBLOCK) >=0) { + /* this connect returns immediately */ + int ret = connect(skt, (struct sockaddr*)&addr, sizeof(struct sockaddr_in)); + if(fcntl(skt,F_SETFL,sflags) >=0) { + socklen_t lon = sizeof(int); + int valopt; + fd_set fd_w; + struct timeval tme; + tme.tv_sec = QS_TIMEOUT; + tme.tv_usec = 0; + FD_ZERO(&fd_w); + FD_SET(skt, &fd_w); + /* select returns -1 on timeout, else 1 (connected or refused) */ + if(select(FD_SETSIZE, NULL, &fd_w, NULL, &tme) > 0) { + /* check the status of the socket in order to distinguish between + connected or refused */ + if(getsockopt(skt, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon) >= 0) { + if(!valopt) { + /* UP ! */ + status = 1; + } + } + } + } + } + } + } + return status; +} + +/** + * resolves host address + */ +static unsigned long getAddress(const char *hostname) { + int ip = 1; + int i = 0; + unsigned long address = 0L; + struct hostent *hoste; + for(i = 0; i < (int) strlen(hostname); i++) { + if((!isdigit((int) hostname[i])) && (hostname[i] != '.')) { + ip = 0; + break; + } + } + if (ip) { + address = inet_addr(hostname); + if(address == -1) { + return 0L; + } + } else { + hoste = gethostbyname(hostname); + if (!hoste || !hoste->h_addr_list[ 0 ]) { + /* can't resolve host name */ + return 0L; + } + address = ((struct in_addr*)hoste->h_addr_list[ 0 ])->s_addr; + } + return address; +} + +/* + * Checks a single host (parse host string, resolve address, ping). + */ +static int checkHost(const char *cmd, const char *filename, int ln, char *abs_url) { + int status = 1; + char *schema = abs_url; + char *host = NULL; + char *ports = NULL; + int port = 0; + char hp[1024]; + unsigned long address; + char *x = strstr(abs_url, "://"); + if(x == NULL) { + if(m_verbose) { + fprintf(stderr,"[%s]: ERROR, wrong syntax <%s> in %s on line %d\n", + cmd, abs_url, filename, ln); + } + return 0; + } + x[0] = '\0'; x = x + strlen("://"); + host = x; + ports = strchr(x, ':'); + if(ports != NULL) { + ports[0] = '\0'; ports++; + x = strchr(ports, '/'); + if(x == NULL) { + int i; + x = ports; + for(i=0;(x[i] != ' ') && (x[i] != '\t') && (x[i] != '\0'); i++); + x[i] = '\0'; + } else { + x[0] = '\0'; + } + port = atoi(ports); + } else { + ports = strchr(x, '/'); + if(ports == NULL) { + int i; + for(i=0;(x[i] != ' ') && (x[i] != '\t') && (x[i] != '\0'); i++); + x[i] = '\0'; + } else { + ports[0] = '\0'; + } + if(strcmp(schema, "http") == 0) { + port = 80; + } else { + port = 443; + } + } + /* check each host only once */ + snprintf(hp, sizeof(hp), "#%s:%d#", host, port); + if(checkedHosts && strstr(checkedHosts, hp) != NULL) { + /* already checked */ + return 1; + } + if(checkedHosts == NULL) { + checkedHosts = calloc(1, strlen(hp) + 1); + strcpy(checkedHosts, hp); + } else { + int pl = strlen(checkedHosts) +strlen(hp) + 1; + char *p = calloc(1, pl); + snprintf(p, pl, "%s%s", checkedHosts, hp); + free(checkedHosts); + checkedHosts = p; + } + /* resolve address */ + address = getAddress(host); + if(address == 0L) { + fprintf(stderr,"[%s]: ERROR, could not resolve hostname %s\n", cmd, host); + return -1; + } + /* check connection */ + if(ping(address, port)) { + if(m_verbose) { + printf("[%s]: %s:%d Up\n", cmd, host, port); + } + return 1; + } else { + printf("[%s]: %s:%d Down\n", cmd, host, port); + return 0; + } +} + +/** + * Open file and check every ProxyPass* or ProxyR* entry. + * - follows include ... directive + * - determines serverroot + */ +static int checkFile(const char *cmd, const char *filename) { + int status = 1; + int ln = 0; + char line[1024]; + FILE *f = fopen(filename, "r"); + if(f == NULL) { + if(ServerRoot[0] != '\0') { + char fqfile[2048]; + snprintf(fqfile, sizeof(fqfile), "%s/%s", ServerRoot, filename); + f = fopen(fqfile, "r"); + } + } + if(f == NULL) { + fprintf(stderr,"[%s]: ERROR, could not open file %s\n", cmd, filename); + return 0; + } + + while(!qs_getLinef(line, sizeof(line), f)) { + char *command = NULL; + int cmd_len = 0; + int to = 0; + while(line[to]) { + line[to] = tolower(line[to]); + to++; + } + ln++; + command = strstr(line, QS_PROXYP); + cmd_len = strlen(QS_PROXYP); + if(command == NULL) command = strstr(line, QS_PROXYP_TAB); + if(command == NULL) { + command = strstr(line, QS_PROXYPR); + cmd_len = strlen(QS_PROXYPR); + } + if(command == NULL) command = strstr(line, QS_PROXYPR_TAB); + if(command == NULL) { + command = strstr(line, QS_PROXYR); + cmd_len = strlen(QS_PROXYR); + } + if(command == NULL) command = strstr(line, QS_PROXYR_TAB); + if(command && strchr(line, '#') == 0) { + /* command = cmd url schema://host[:port]/url */ + char *abs_url = &command[cmd_len]; + int i, j; + + /* get the url */ + for(i=0;(abs_url[i] == ' ') || (abs_url[i] == '\t'); i++); + abs_url = &abs_url[i]; + + /* skip url */ + for(i=0;(abs_url[i] != ' ') && (abs_url[i] != '\t') && (abs_url[i] != '\0'); i++); + abs_url = &abs_url[i]; + + /* get schema://host[:port]/url */ + for(i=0;(abs_url[i] == ' ') || (abs_url[i] == '\t'); i++); + abs_url = &abs_url[i]; + + /* ping */ + if(abs_url && abs_url[0] != '\0' && abs_url[0] != '!') { + status = status & checkHost(cmd, filename, ln, abs_url); + } + } else { + /* include commands */ + command = strstr(line, QS_INCLUDE); + if(command == NULL) command = strstr(line, QS_INCLUDE_TAB); + if(command && strchr(line, '#') == 0) { + char *file = &command[strlen(QS_INCLUDE)]; + int i, j; + /* get the value */ + for(i=0;(file[i] == ' ') || (file[i] == '\t'); i++); + /* delete spaces at the end of the value */ + if(&file[i] != '\0') { + for(j=i+1;(file[j] != ' ') && (file[j] != '\t') && (file[j] != '\0'); j++); + file[j] = '\0'; + } + file = &file[i]; + status = status & checkFile(cmd, file); + } else { + /* server root */ + command = strstr(line, QS_SERVERROOT); + if(command == NULL) command = strstr(line, QS_SERVERROOT_TAB); + if(command && strchr(line, '#') == 0) { + char *sr = &command[strlen(QS_SERVERROOT)]; + int i, j; + /* get the value */ + for(i=0;(sr[i] == ' ') || (sr[i] == '\t'); i++); + /* delete spaces at the end of the value */ + if(&sr[i] != '\0') { + for(j=i+1;(sr[j] != ' ') && (sr[j] != '\t') && (sr[j] != '\0'); j++); + sr[j] = '\0'; + } + strcpy(ServerRoot, &sr[i]); + } + } + } + } + fclose(f); + return status; +} + +int main(int argc, char **argv) { + char *config = NULL; + char *cmd = strrchr(argv[0], '/'); + char *single = NULL; + int status = 1; + if(cmd == NULL) { + cmd = argv[0]; + } else { + cmd++; + } + ServerRoot[0] = '\0'; + while(argc >= 1) { + if(strcmp(*argv,"-c") == 0) { + if (--argc >= 1) { + config = *(++argv); + } + } else if(strcmp(*argv,"-i") == 0) { + if (--argc >= 1) { + single = *(++argv); + } + } else if(strcmp(*argv,"-v") == 0) { + m_verbose = 1; + } + argc--; + argv++; + } + if(single) { + char *hostName = single; + char *portNumber = strchr(single, ':'); + if(portNumber) { + unsigned long addr; + int prt; + portNumber[0] = '\0'; + portNumber++; + addr = getAddress(hostName); + prt = atoi(portNumber); + if(addr && prt) { + if(ping(addr, prt)) { + if(m_verbose) { + printf("[%s]: %s:%d Up\n", cmd, hostName, prt); + } + status = 1; + } else { + printf("[%s]: %s:%d Down\n", cmd, hostName, prt); + status = 0; + } + } else { + // could not resolve + fprintf(stderr,"[%s]: ERROR, unknown host/port\n", cmd); + status = 0; + } + } else { + // invalid input + fprintf(stderr,"[%s]: ERROR, invalid format\n", cmd); + status = 0; + } + } else { + if(config == NULL) { + usage(cmd); + } + status = checkFile(cmd, config); + } + if(status == 0) { + fprintf(stderr,"[%s]: ERROR, check failed\n", cmd); + exit(1); + } + printf("[%s]: OK, check successful\n", cmd); + return 0; +} diff --git a/tools/src/qsdt.c b/tools/src/qsdt.c new file mode 100644 index 0000000..b2c9747 --- /dev/null +++ b/tools/src/qsdt.c @@ -0,0 +1,336 @@ +/** + * Utility for the quality of service module mod_qos. + * + * qsdt.c: simple tool to measure the elapse time between + * related log messages + * + * See http://mod-qos.sourceforge.net/ for further + * details. + * + * Copyright (C) 2023 Pascal Buchbinder + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include <stdio.h> +#include <string.h> + +#include <stdlib.h> +#include <unistd.h> +#include <time.h> + +#include <sys/types.h> +#include <regex.h> + +#include <apr.h> +#include <apr_portable.h> +#include <apr_strings.h> + +#include "qs_util.h" + +#define MAX_REG_MATCH 10 + +#define TIMESTR "%H:%M:%S" +#define TIMEEX "([0-9]{2}:[0-9]{2}:[0-9]{2})[.,]([0-9]{3})" + +typedef struct { + time_t seconds; + int milliseconds; + char *id; +} entry_t; + + +static void usage(const char *cmd, int man) { + if(man) { + //.TH [name of program] [section number] [center footer] [left footer] [center header] + printf(".TH %s 1 \"%s\" \"mod_qos utilities %s\" \"%s man page\"\n", qs_CMD(cmd), man_date, + man_version, cmd); + } + printf("\n"); + + if(man) { + printf(".SH NAME\n"); + } + qs_man_print(man, "%s calculates the elapsed time between two related log messages.\n", cmd); + printf("\n"); + + if(man) { + printf(".SH SYNOPSIS\n"); + } + qs_man_print(man, "%s%s [-t <regex>] -i <regex> -s <regex> -e <regex> [-v] [<path>]\n", man ? "" : "Usage: ", cmd); + printf("\n"); + + if(man) { + printf(".SH DESCRIPTION\n"); + } else { + printf("Summary\n"); + } + qs_man_print(man, "%s is a simple tool to search two different messages\n", cmd); + qs_man_print(man, "in a log file and calculates the elapsed time between these\n"); + qs_man_print(man, "lines. The two log messages need a common identifier such an\n"); + qs_man_print(man, "unique request id (UNIQUE_ID), a thread id, or a transaction\n"); + qs_man_print(man, "code.\n"); + printf("\n"); + + if(man) { + printf(".SH OPTIONS\n"); + } else { + printf("Options\n"); + } + if(man) printf(".TP\n"); + qs_man_print(man, " -t <regex>\n"); + if(man) printf("\n"); + qs_man_print(man, " Defines a pattern (regular expression) matching the log line's\n"); + qs_man_print(man, " timestamp. The pattern must include two sub-expressions, one matching\n"); + qs_man_print(man, " hours, minutes and seconds the other matching the milliseconds.\n"); + qs_man_print(man, " Default pattern is "TIMEEX"\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -i <regex>\n"); + if(man) printf("\n"); + qs_man_print(man, " Pattern (regular expression) matching the identifier which the two\n"); + qs_man_print(man, " messages have in common. The sub-expression defines the part which\n"); + qs_man_print(man, " needs to be extracted from the matching string. Note: You can also\n"); + qs_man_print(man, " use the start (-s) and end (-e) pattern to define the sub-expression\n"); + qs_man_print(man, " matching this identifier.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -s <regex>\n"); + if(man) printf("\n"); + qs_man_print(man, " Defines the pattern (regular expression or literal string)\n"); + qs_man_print(man, " identifying the first (start) of the two messages.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -e <regex>\n"); + if(man) printf("\n"); + qs_man_print(man, " Defines the pattern (regular expression or literal string)\n"); + qs_man_print(man, " identifying the second (end) of the two messages.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -v\n"); + if(man) printf("\n"); + qs_man_print(man, " Verbose mode.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " <path>\n"); + if(man) printf("\n"); + qs_man_print(man, " Defines the input file to process. %s reads from\n", cmd); + qs_man_print(man, " from standard input if this parameter is omitted.\n"); + printf("\n"); + if(man) { + printf(".SH EXAMPLE\n"); + printf("Sample command line arguments:\n"); + printf("\n"); + } else { + printf(" Sample arguments:\n"); + } + qs_man_println(man, " -i ' ([a-z0-9]+) [A-Z]+ ' -s 'Received Request' -e 'Received Response'\n"); + printf("\n"); + qs_man_println(man, " matching those sample log messages:\n"); + qs_man_println(man, " 2018-03-12 16:34:08.653 threadid23 INFO Received Request\n"); + qs_man_println(man, " 2018-03-13 16:35:09.891 threadid23 DEBUG MessageHandler Received Response\n"); + printf("\n"); + if(man) { + printf(".SH NOTE\n"); + } else { + printf("Notes:\n"); + } + qs_man_println(man, "The four patterns (t,i,s,e) are concatenated into two search patterns:\n"); + qs_man_println(man, " first (start): [t (HH:MM:SS)(SSS) ].*[i (id) ].*[s ]\n"); + qs_man_println(man, " second (end): [t (HH:MM:SS)(SSS) ].*[i (id) ].*[e ]\n"); + printf("\n"); + qs_man_print(man, "And the three sub-expression are used to extract the timestamp and the\n"); + qs_man_print(man, "unique identifier that the start and end message have in common.\n"); + qs_man_print(man, "This means that you could specify the sub-expression for the unique\n"); + qs_man_print(man, "identifier in the start (-s) or end (-e) pattern alternatively, e.g. in\n"); + qs_man_print(man, "case the identifier is at the end of the log line.\n"); + printf("\n"); + if(man) { + printf(".SH SEE ALSO\n"); + printf("qsexec(1), qsfilter2(1), qsgeo(1), qsgrep(1), qshead(1), qslog(1), qslogger(1), qspng(1), qsre(1), qsrespeed(1), qsrotate(1), qssign(1), qstail(1)\n"); + printf(".SH AUTHOR\n"); + printf("Pascal Buchbinder, http://mod-qos.sourceforge.net/\n"); + } else { + printf("See http://mod-qos.sourceforge.net/ for further details.\n"); + } + if(man) { + exit(0); + } else { + exit(1); + } +} + + +int main(int argc, const char *const argv[]) { + FILE *file; + char line[MAX_LINE]; + int verbose = 0; + + const char *cmd = strrchr(argv[0], '/'); + + apr_pool_t *pool; + apr_table_t *inmsg; + + regmatch_t ma[MAX_REG_MATCH]; + regex_t pregstart; + regex_t pregend; + + const char *timeex = TIMEEX; + const char *idex = NULL; + const char *startex = NULL; + const char *endex = NULL; + const char *filename = NULL; + + char *regexStr; + + apr_app_initialize(&argc, &argv, NULL); + apr_pool_create(&pool, NULL); + inmsg = apr_table_make(pool, 100); + + if(cmd == NULL) { + cmd = (char *)argv[0]; + } else { + cmd++; + } + + argc--; + argv++; + while(argc >= 1) { + if(strcmp(*argv,"-t") == 0) { + if (--argc >= 1) { + timeex = *(++argv); + } + } else if(strcmp(*argv,"-i") == 0) { + if (--argc >= 1) { + idex = *(++argv); + } + } else if(strcmp(*argv,"-s") == 0) { + if (--argc >= 1) { + startex = *(++argv); + } + } else if(strcmp(*argv,"-e") == 0) { + if (--argc >= 1) { + endex = *(++argv); + } + } else if(strcmp(*argv,"-v") == 0) { + verbose = 1; + } else if(strcmp(*argv,"-h") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"--help") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"-?") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"--man") == 0) { + usage(cmd, 1); + } else { + filename = *argv; + } + argc--; + argv++; + } + + if(idex == NULL || startex == NULL || endex == NULL) { + usage(cmd, 0); + } + + if(filename) { + file = fopen(filename, "r"); + if(!file) { + fprintf(stderr, "ERROR, failed to open the log file '%s'\n", filename); + exit(1); + } + } else { + file = stdin; + } + + + regexStr = apr_psprintf(pool, "%s.*%s.*%s", timeex, idex, startex); + if(verbose) { + fprintf(stderr, "start pattern: %s\n", regexStr); + } + if(regcomp(&pregstart, regexStr, REG_EXTENDED)) { + fprintf(stderr, "ERROR, could not compile %s\n", regexStr); + exit(1); + }; + regexStr = apr_psprintf(pool, "%s.*%s.*%s", timeex, idex, endex); + if(verbose) { + fprintf(stderr, "end pattern: %s\n", regexStr); + } + if(regcomp(&pregend, regexStr, REG_EXTENDED)) { + fprintf(stderr, "ERROR, could not compile %s\n", regexStr); + exit(1); + }; + + while(fgets(line, MAX_LINE-1, file) != NULL) { + char *hms; + char *ms; + char *id; + if(regexec(&pregstart, line, MAX_REG_MATCH, ma, 0) == 0) { + entry_t *entry = calloc(1, sizeof(entry_t)); + struct tm tm; + if(ma[3].rm_so == -1) { + fprintf(stderr, "ERROR, invalid regular expression (missing sub-expression in pattern)\n"); + exit(1); + } + hms = &line[ma[1].rm_so]; + ms = &line[ma[2].rm_so]; + id = &line[ma[3].rm_so]; + line[ma[1].rm_eo] = '\0'; + line[ma[2].rm_eo] = '\0'; + line[ma[3].rm_eo] = '\0'; + strptime(hms, TIMESTR, &tm); + entry->seconds = mktime(&tm); + entry->milliseconds = atoi(ms); + entry->id = calloc(strlen(id)+1, sizeof(char)); + sprintf(entry->id, "%s", id); + if(verbose) { + fprintf(stderr, "START [%s][%s][%s] %lu %d\n", + hms, ms, id, entry->seconds, entry->milliseconds); + } + apr_table_setn(inmsg, entry->id, (char *)entry); + } else if(regexec(&pregend, line, MAX_REG_MATCH, ma, 0) == 0) { + entry_t entry; + entry_t *start; + struct tm tm; + if(ma[3].rm_so == -1) { + fprintf(stderr, "ERROR, invalid regular expression (missing sub-expression in pattern)\n"); + exit(1); + } + hms = &line[ma[1].rm_so]; + ms = &line[ma[2].rm_so]; + id = &line[ma[3].rm_so]; + line[ma[1].rm_eo] = '\0'; + line[ma[2].rm_eo] = '\0'; + line[ma[3].rm_eo] = '\0'; + strptime(hms, TIMESTR, &tm); + entry.seconds = mktime(&tm); + entry.milliseconds = atoi(ms); + if(verbose) { + fprintf(stderr, "END [%s][%s][%s] %lu %d\n", + hms, ms, id, entry.seconds, entry.milliseconds); + } + start = (entry_t *)apr_table_get(inmsg, id); + if(start) { + printf("@%s %s %10lu [ms]\n", + line, + id, + (entry.seconds-start->seconds)*1000 + entry.milliseconds-start->milliseconds); + apr_table_unset(inmsg, id); + free(start->id); + free(start); + } + } + } + fclose(file); + + return 0; +} diff --git a/tools/src/qsexec.c b/tools/src/qsexec.c new file mode 100644 index 0000000..8a56b3e --- /dev/null +++ b/tools/src/qsexec.c @@ -0,0 +1,376 @@ +/* -*-mode: c; indent-tabs-mode: nil; c-basic-offset: 2; -*- + */ +/** + * Command line execution utility for the quality of service module mod_qos. + * + * See http://mod-qos.sourceforge.net/ for further details. + * + * Copyright (C) 2023 Pascal Buchbinder + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +static const char revision[] = "$Id: qsexec.c 2654 2022-05-13 09:12:42Z pbuchbinder $"; + +/* system */ +#include <stdio.h> +#include <string.h> + +#include <stdlib.h> +#include <unistd.h> +#include <time.h> + +/* apr */ +#include <apr.h> +#include <apr_strings.h> +#include <apr_file_io.h> +#include <apr_time.h> +#include <apr_getopt.h> +#include <apr_general.h> +#include <apr_lib.h> +#include <apr_portable.h> +#include <apr_support.h> + +#define PCRE2_CODE_UNIT_WIDTH 8 +#include <pcre2.h> + +#include "qs_util.h" + +#ifndef POSIX_MALLOC_THRESHOLD +#define POSIX_MALLOC_THRESHOLD (10) +#endif + +/* same as APR_SIZE_MAX which doesn't appear until APR 1.3 */ +#define QSUTIL_SIZE_MAX (~((apr_size_t)0)) + +typedef struct { + int rm_so; + int rm_eo; +} regmatch_t; + +static void usage(char *cmd, int man) { + if(man) { + //.TH [name of program] [section number] [center footer] [left footer] [center header] + printf(".TH %s 1 \"%s\" \"mod_qos utilities %s\" \"%s man page\n", qs_CMD(cmd), man_date, man_version, cmd); + } + printf("\n"); + if(man) { + printf(".SH NAME\n"); + } + printf("%s %s- parses the data received via stdin and executes the defined command on a pattern match.\n", + cmd, man ? "\\" : ""); + printf("\n"); + if(man) { + printf(".SH SYNOPSIS\n"); + } + qs_man_print(man, "%s%s -e <pattern> [-t <number>:<sec>] [-c <pattern> [<command string>]]\n", man ? "" : "Usage: ", cmd); + qs_man_print(man, " [-p] [-u <user>] <command string>\n"); + printf("\n"); + if(man) { + printf(".SH DESCRIPTION\n"); + } else { + printf("Summary\n"); + } + qs_man_print(man, "%s reads log lines from stdin and searches for the defined pattern.\n", cmd); + qs_man_print(man, "It executes the defined command string on pattern match.\n"); + printf("\n"); + if(man) { + printf(".SH OPTIONS\n"); + } else { + printf("Options\n"); + } + if(man) printf(".TP\n"); + qs_man_print(man, " -e <pattern>\n"); + if(man) printf("\n"); + qs_man_print(man, " Specifies the search pattern causing an event which shall trigger the\n"); + qs_man_print(man, " command.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -t <number>:<sec>\n"); + if(man) printf("\n"); + qs_man_print(man, " Defines the number of pattern match within the the defined number of\n"); + qs_man_print(man, " seconds in order to trigger the command execution. By default, every\n"); + qs_man_print(man, " pattern match causes a command execution.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -c <pattern> [<command string>]\n"); + if(man) printf("\n"); + qs_man_print(man, " Pattern which clears the event counter. Executes optionally a command\n"); + qs_man_print(man, " if an event command has been executed before.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -p\n"); + if(man) printf("\n"); + qs_man_print(man, " Writes data also to stdout (for piped logging).\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -u <name>\n"); + if(man) printf("\n"); + qs_man_print(man, " Become another user, e.g. www-data.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " <command string>\n"); + if(man) printf("\n"); + qs_man_print(man, " Defines the event command string where $0-$9 are substituted by the\n"); + qs_man_print(man, " submatches of the regular expression.\n"); + printf("\n"); + if(man) { + printf(".SH EXAMPLE\n"); + } else { + printf("Example:\n"); + } + qs_man_print(man, "Executes the deny.sh script providing the IP address of the\n"); + qs_man_print(man, "client causing a mod_qos(031) messages whenever the log message\n"); + qs_man_print(man, "appears 10 times within at most one minute:\n"); + if(man) printf("\n"); + qs_man_println(man, " ErrorLog \"|/usr/bin/%s -e \\'mod_qos\\(031\\).*, c=([0-9a-zA-Z:.]*)\\' -t 10:60 \\'/usr/local/bin/deny.sh $1\\'\"\n", cmd); + printf("\n"); + if(man) { + printf(".SH SEE ALSO\n"); + printf("qsdt(1), qsfilter2(1), qsgeo(1), qsgrep(1), qshead(1), qslog(1), qslogger(1), qspng(1), qsre(1), qsrespeed(1), qsrotate(1), qssign(1), qstail(1)\n"); + printf(".SH AUTHOR\n"); + printf("Pascal Buchbinder, http://mod-qos.sourceforge.net/\n"); + } else { + printf("See http://mod-qos.sourceforge.net/ for further details.\n"); + } + if(man) { + exit(0); + } else { + exit(1); + } +} + +/* + * Substitutes for $0-$9 within the matching string. + * See ap_pregsub(). + */ +char *qs_pregsub(apr_pool_t *pool, const char *input, + const char *source, size_t nmatch, + qs_regmatch_t pmatch[]) { + const char *src = input; + char *dest, *dst; + char c; + size_t no; + int len; + if(!source) { + return NULL; + } + if(!nmatch) { + return apr_pstrdup(pool, src); + } + /* First pass, find the size */ + len = 0; + while((c = *src++) != '\0') { + if(c == '&') + no = 0; + else if (c == '$' && apr_isdigit(*src)) + no = *src++ - '0'; + else + no = 10; + + if (no > 9) { /* Ordinary character. */ + if (c == '\\' && (*src == '$' || *src == '&')) + src++; + len++; + } + else if (no < nmatch && pmatch[no].rm_so < pmatch[no].rm_eo) { + if(QSUTIL_SIZE_MAX - len <= pmatch[no].rm_eo - pmatch[no].rm_so) { + fprintf(stderr, "ERROR, integer overflow or out of memory condition"); + return NULL; + } + len += pmatch[no].rm_eo - pmatch[no].rm_so; + } + + } + dest = dst = apr_pcalloc(pool, len + 1); + /* Now actually fill in the string */ + src = input; + while ((c = *src++) != '\0') { + if (c == '&') + no = 0; + else if (c == '$' && apr_isdigit(*src)) + no = *src++ - '0'; + else + no = 10; + + if (no > 9) { /* Ordinary character. */ + if (c == '\\' && (*src == '$' || *src == '&')) + c = *src++; + *dst++ = c; + } + else if (no < nmatch && pmatch[no].rm_so < pmatch[no].rm_eo) { + len = pmatch[no].rm_eo - pmatch[no].rm_so; + memcpy(dst, source + pmatch[no].rm_so, len); + dst += len; + } + } + *dst = '\0'; + return dest; +} + +int main(int argc, const char * const argv[]) { + const char *username = NULL; + int nr = 0; + char *line = calloc(1, MAX_LINE_BUFFER+1); + apr_pool_t *pool; + char *cmd = strrchr(argv[0], '/'); + const char *command = NULL; + const char *pattern = NULL; + const char *clearcommand = NULL; + const char *clearpattern = NULL; + int executed = 0; + qs_regex_t *preg; + qs_regex_t *clearpreg; + qs_regmatch_t regm[QS_MAX_REG_MATCH]; + time_t sec = 0; + int threshold = 0; + int counter = 0; + time_t countertime; + static int pass = 0; + apr_app_initialize(&argc, &argv, NULL); + apr_pool_create(&pool, NULL); + + if(cmd == NULL) { + cmd = (char *)argv[0]; + } else { + cmd++; + } + + argc--; + argv++; + while(argc >= 1) { + if(strcmp(*argv,"-e") == 0) { + if (--argc >= 1) { + pattern = *(++argv); + } + } else if(strcmp(*argv,"-u") == 0) { + if (--argc >= 1) { + username = *(++argv); + } + } else if(strcmp(*argv,"-c") == 0) { + if (--argc >= 1) { + clearpattern = *(++argv); + if (argc >=1 && *argv[0] != '-') { + clearcommand = *(++argv); + argc--; + } + } + } else if(argc >= 1 && strcmp(*argv,"-t") == 0) { + if (--argc >= 1) { + char *str = apr_pstrdup(pool, *(++argv)); + char *tme = strchr(str, ':'); + if(tme == NULL) { + fprintf(stderr,"[%s]: ERROR, invalid number:sec format\n", cmd); + exit(1); + } + tme[0] = '\0'; + tme++; + threshold = atoi(str); + sec = atol(tme); + if(threshold == 0 || sec == 0) { + fprintf(stderr,"[%s]: ERROR, invalid number:sec format\n", cmd); + exit(1); + } + } + } else if(argc >= 1 && strcmp(*argv,"-p") == 0) { + pass = 1; + } else if(strcmp(*argv,"-h") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"-?") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"-help") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"--help") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"--man") == 0) { + usage(cmd, 1); + } else { + command = *argv; + } + argc--; + argv++; + } + + if(pattern == NULL || command == NULL) { + usage(cmd, 0); + } + + qs_setuid(username, cmd); + + preg = apr_palloc(pool, sizeof(qs_regex_t)); + if(qs_regcomp(preg, pattern, PCRE2_DOTALL) != 0) { + fprintf(stderr, "ERROR, could not compile '%s'\n", pattern); + exit(1); + } + apr_pool_pre_cleanup_register(pool, preg, qs_pregfree); + if(clearpattern) { + clearpreg = apr_palloc(pool, sizeof(qs_regex_t)); + if(qs_regcomp(clearpreg, clearpattern, PCRE2_DOTALL) != 0) { + fprintf(stderr, "ERROR, could not compile '%s'\n", clearpattern); + exit(1); + } + apr_pool_pre_cleanup_register(pool, clearpattern, qs_pregfree); + } + + while(fgets(line, MAX_LINE_BUFFER, stdin) != NULL) { + size_t len; + nr++; + if(pass) { + printf("%s", line); + fflush(stdout); + } + len = strlen(line); + if(clearpattern && (qs_regexec_len(clearpreg, line, len, QS_MAX_REG_MATCH, regm, 0) >= 0)) { + apr_pool_t *subpool; + apr_pool_create(&subpool, pool); + counter = 0; + countertime = 0; + if(clearcommand && executed) { + char *replaced = qs_pregsub(subpool, clearcommand, line, QS_MAX_REG_MATCH, regm); + if(!replaced) { + fprintf(stderr, "[%s]: ERROR, failed to substitute" + " submatches '%s' in (%s)\n", cmd, clearcommand, line); + } else { + int rc = system(replaced); + } + executed = 0; + } + apr_pool_destroy(subpool); + } else if(qs_regexec_len(preg, line, len, QS_MAX_REG_MATCH, regm, 0) >= 0) { + apr_pool_t *subpool; + char *replaced; + apr_pool_create(&subpool, pool); + replaced = qs_pregsub(subpool, command, line, QS_MAX_REG_MATCH, regm); + if(!replaced) { + fprintf(stderr, "[%s]: ERROR, failed to substitute" + " submatches '%s' in (%s)\n", cmd, command, line); + } else { + counter++; + if(counter == 1) { + countertime = time(NULL); + } + if(counter >= threshold) { + if(countertime + sec >= time(NULL)) { + int rc = system(replaced); + executed = 1; + } + countertime = 0; + counter = 0; + } + } + apr_pool_destroy(subpool); + } + } + + apr_pool_destroy(pool); + return 0; +} diff --git a/tools/src/qsfilter2.c b/tools/src/qsfilter2.c new file mode 100644 index 0000000..603085e --- /dev/null +++ b/tools/src/qsfilter2.c @@ -0,0 +1,1826 @@ +/* -*-mode: c; indent-tabs-mode: nil; c-basic-offset: 2; -*- + */ +/** + * Filter utilities for the quality of service module mod_qos + * used to create allow list rules for request line filters. + * + * See http://mod-qos.sourceforge.net/ for further + * details. + * + * Copyright (C) 2023 Pascal Buchbinder + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +static const char revision[] = "$Id: qsfilter2.c 2654 2022-05-13 09:12:42Z pbuchbinder $"; + +/* system */ +#include <stdio.h> +#include <errno.h> +#include <string.h> + +#include <stdlib.h> +#include <unistd.h> +#include <time.h> + +/* apr */ +#include <apr.h> +#include <apr_uri.h> +#include <apr_signal.h> +#include <apr_strings.h> +#include <apr_network_io.h> +#include <apr_file_io.h> +#include <apr_time.h> +#include <apr_getopt.h> +#include <apr_general.h> +#include <apr_lib.h> +#include <apr_portable.h> +#include <apr_thread_proc.h> +#include <apr_thread_cond.h> +#include <apr_thread_mutex.h> +#include <apr_support.h> +//#include <ap_config.h> + +/* OpenSSL */ +#include <openssl/safestack.h> + +#define PCRE2_CODE_UNIT_WIDTH 8 +#include <pcre2.h> + +#include "qs_util.h" + +#define MAX_LINE 32768 +/* 2mb */ +#define MAX_BODY_BUFFER 2097152 +#define CR 13 +#define LF 10 + +typedef enum { + QS_UT_PATH, + QS_UT_QUERY +} qs_url_type_e; + +#define QS_PCRE_RESERVED "{}[]()^$.|*+?\\-" +//#define QS_PCRE_RESERVED "{}[]()^$.|*+?\"'\\-" + +/* reserved (to be escaped): {}[]()^$.|*+?\- */ +#define QS_UNRESERVED "a-zA-Z0-9-\\._~% " +#define QS_GEN ":/\\?#\\[\\]@" +#define QS_SUB "!$&'\\(\\)\\*\\+,;=" +#define QS_SUB_S "!$&\\(\\)\\*\\+,;=" + +#define QS_SIMPLE_PATH_PCRE "(/[a-zA-Z0-9\\-_]+)+[/]?\\.?[a-zA-Z]{0,4}" +#define QS_B64 "([a-z]+[a-z0-9]*[A-Z]+[A-Z0-9]*)" +#define QS_HX "([A-F0-9]*[A-F]+[0-9]+[A-F0-9]*)" + +#define QS_OVECCOUNT 3 + +/* request line detection */ +#define QOSC_REQ "(OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT|PROPFIND|PROPPATCH|MKCOL|COPY|MOVE|LOCK|UNLOCK|VERSION-CONTROL|REPORT|CHECKOUT|CHECKIN|UNCHECKOUT|MKWORKSPACE|UPDATE|LABEL|MERGE|BASELINE-CONTROL|MKACTIVITY|ORDERPATCH|ACL|PATCH|SEARCH|BCOPY|BDELETE|BMOVE|BPROPFIND|BPROPPATCH|NOTIFY|POLL|SUBSCRIBE|UNSUBSCRIBE|X-MS-ENUMATTS|RPC_IN_DATA|RPC_OUT_DATA) (/[\x20-\x21\x23-\xFF]*) HTTP/" + +qs_regex_t *pcre_b64; +qs_regex_t *pcre_hx; +qs_regex_t *pcre_simple_path; + +#define QOS_DEC_MODE_FLAGS_URL 0x00 +#define QOS_DEC_MODE_FLAGS_HTML 0x01 +#define QOS_DEC_MODE_FLAGS_UNI 0x02 +#define QOS_DEC_MODE_FLAGS_ANSI 0x04 + +/* global variables to store settings */ +static int m_mode = QOS_DEC_MODE_FLAGS_URL; +static int m_base64 = 5; +static int m_verbose = 1; +static int m_path_depth = 1; +static int m_redundant = 1; +static int m_query_pcre = 0; +static int m_query_multi_pcre = 0; +static int m_query_o_pcre = 0; +static int m_query_single_pcre = 0; +static int m_query_len_pcre = 10; +static int m_exit_on_error = 0; +static int m_handler = 0; +static qs_regex_t *m_req_regex = NULL; +static int m_log_req_regex = 0; +static const char *m_pfx = NULL; +static const char *m_filter = NULL; + +typedef struct { + qs_regex_t *pcre; + char *rule; + char *path; + char *query_m_string; + char *query_m_pcre; + int fragment; +} qs_rule_t; + + +/* openssl stack compare function used to sort the rules */ +int STACK_qs_cmp(const char * const *_pA, const char * const *_pB) { + qs_rule_t *pA=*(( qs_rule_t **)_pA); + qs_rule_t *pB=*(( qs_rule_t **)_pB); + return strcmp(pA->rule,pB->rule); +} + +/* compiles a pcre (exit on error) */ +static qs_regex_t *qos_pcre_compile(apr_pool_t *pool, char *pattern, int option) { + qs_regex_t *preg = apr_palloc(pool, sizeof(qs_regex_t)); + if(qs_regcomp(preg, pattern, PCRE2_DOTALL|option) != 0) { + fprintf(stderr, "ERROR, rule <%s> could not compile pcre\n", pattern); + exit(1); + } + apr_pool_pre_cleanup_register(pool, preg, qs_pregfree); + return preg; +} + +/* tries to detect base64/hex patterns (mix of upper and lower case characters) */ +static char *qos_detect_b64(char *line, int silent) { + qs_regmatch_t regm[QS_MAX_REG_MATCH]; + int rc_c = qs_regexec_len(pcre_b64, line, strlen(line), QS_MAX_REG_MATCH, regm, 0); + if(rc_c >= 0) { + if((m_verbose > 1) && !silent) printf(" B64: %.*s\n", + regm[0].rm_eo - regm[0].rm_so, &line[regm[0].rm_so]); + return &line[regm[0].rm_so]; + } + rc_c = qs_regexec_len(pcre_hx, line, strlen(line), QS_MAX_REG_MATCH, regm, 0); + if(rc_c >= 0) { + if((m_verbose > 1) && !silent) printf(" HX: %.*s\n", + regm[0].rm_eo - regm[0].rm_so, &line[regm[0].rm_so]); + return &line[regm[0].rm_so]; + } + return NULL; +} + +/* escape double quotes and backslash (to be used for Apache directive) */ +static char *qs_apache_escape(apr_pool_t *pool, const char *line) { + char *ret = apr_pcalloc(pool, strlen(line) * 4); + int i = 0; + const char *in = line; + while(in && in[0]) { + if(in[0] == '"') { + ret[i] = '\\'; + i++; + ret[i] = 'x'; + i++; + ret[i] = '2'; + i++; + ret[i] = '2'; + i++; + } else if(in[0] == '\\' && in[1] == '\\') { + ret[i] = '\\'; + i++; + ret[i] = 'x'; + i++; + ret[i] = '5'; + i++; + ret[i] = 'c'; + i++; + in++; + } else { + ret[i] = (char)in[0]; + i++; + } + in++; + } + return ret; +} + +/* escape a string in order to be used withn a pcre */ +static char *qos_escape_pcre(apr_pool_t *pool, char *line) { + int i = 0; + unsigned char prev = 0; + unsigned char *in = (unsigned char *)line; + char *ret = apr_pcalloc(pool, strlen(line) * 4); + int reti = 0; + if(strlen(line) == 0) return ""; + while(in[i]) { + if(strchr(QS_PCRE_RESERVED, in[i]) != NULL) { + if(prev && (prev == '\\')) { + /* already escaped */ + ret[reti] = in[i]; + reti++; + } else if(prev && (in[i] == '\\') && (strchr(QS_PCRE_RESERVED, in[i+1]) != NULL)) { + /* escape char */ + ret[reti] = in[i]; + reti++; + } else { + ret[reti] = '\\'; + reti++; + ret[reti] = in[i]; + reti++; + } + } else if((in[i] < ' ') || (in[i] > '~')) { + sprintf(&ret[reti], "\\x%02x", in[i]); + reti = reti + 4; + } else { + ret[reti] = in[i]; + reti++; + } + prev = in[i]; + i++; + } + return ret; +} + +/* helper for url decoding */ +static int qos_hex2c(const char *x) { + int i, ch; + ch = x[0]; + if (isdigit(ch)) { + i = ch - '0'; + }else if (isupper(ch)) { + i = ch - ('A' - 10); + } else { + i = ch - ('a' - 10); + } + i <<= 4; + + ch = x[1]; + if (isdigit(ch)) { + i += ch - '0'; + } else if (isupper(ch)) { + i += ch - ('A' - 10); + } else { + i += ch - ('a' - 10); + } + return i; +} + +static int qos_ishex(char x) { + if((x >= '0') && (x <= '9')) return 1; + if((x >= 'a') && (x <= 'f')) return 1; + if((x >= 'A') && (x <= 'F')) return 1; + return 0; +} + +/* url decoding */ +static int qos_unescaping(char *x) { + int i, j, ch; + if (x[0] == '\0') + return 0; + for (i = 0, j = 0; x[i] != '\0'; i++, j++) { + ch = x[i]; + if(ch == '%' && qos_ishex(x[i + 1]) && qos_ishex(x[i + 2])) { + ch = qos_hex2c(&x[i + 1]); + i += 2; + } else if((m_mode & QOS_DEC_MODE_FLAGS_UNI) && + ((ch == '%') || (ch == '\\')) && + ((x[i + 1] == 'u') || (x[i + 1] == 'U')) && + qos_ishex(x[i + 2]) && + qos_ishex(x[i + 3]) && + qos_ishex(x[i + 4]) && + qos_ishex(x[i + 5])) { + /* unicode %uXXXX */ + ch = qos_hex2c(&x[i + 4]); + if((ch > 0x00) && (ch < 0x5f) && + ((x[i + 2] == 'f') || (x[i + 2] == 'F')) && + ((x[i + 3] == 'f') || (x[i + 3] == 'F'))) { + ch += 0x20; + } + i += 5; + } else if (ch == '\\' && (x[i + 1] == 'x') && qos_ishex(x[i + 2]) && qos_ishex(x[i + 3])) { + ch = qos_hex2c(&x[i + 2]); + i += 3; + } else if (ch == '+') { + ch = ' '; + } + x[j] = ch; + } + x[j] = '\0'; + if(strlen(x) != j) { + fprintf(stderr, "WARNING, found escaped null char %s\n", x); + } + return j; +} + +static int qos_fgetline(char *s, int n, FILE *f) { + register int i = 0; + while (1) { + s[i] = (char) fgetc(f); + if (s[i] == CR) { + s[i] = fgetc(f); + } + if ((s[i] == 0x4) || (s[i] == LF) || (i == (n - 1))) { + s[i] = '\0'; + return (feof(f) ? 1 : 0); + } + ++i; + } +} + +/* init global pcre */ +static void qos_init_pcre(apr_pool_t *pool) { + char buf[1024]; + sprintf(buf, "%s{%d,}", QS_B64, m_base64); + pcre_b64 = qos_pcre_compile(pool, buf, 0); + sprintf(buf, "%s{%d,}", QS_HX, m_base64); + pcre_hx = qos_pcre_compile(pool, buf, 0); + pcre_simple_path = qos_pcre_compile(pool, "^"QS_SIMPLE_PATH_PCRE"$", 0); + m_req_regex = qos_pcre_compile(pool, QOSC_REQ, 0); +} + +static void usage(char *cmd, int man) { + char space[1024]; + memset(space, ' ', 1024); + space[strlen(cmd)] = '\0'; + if(man) { + //.TH [name of program] [section number] [center footer] [left footer] [center header] + printf(".TH %s 1 \"%s\" \"mod_qos utilities %s\" \"%s man page\"\n", qs_CMD(cmd), man_date, + man_version, cmd); + } + printf("\n"); + if(man) { + printf(".SH NAME\n"); + } + qs_man_print(man, "%s - an utility to generate mod_qos request line rules out from\n", + cmd); + qs_man_print(man, "existing access/audit log data.\n"); + printf("\n"); + if(man) { + printf(".SH SYNOPSIS\n"); + } + qs_man_print(man, "%s%s -i <path> [-c <path>] [-d <num>] [-h] [-b <num>]\n", man ? "" : "Usage: ", cmd); + qs_man_print(man, " %s [-p|-s|-m|-o] [-l <len>] [-n] [-e] [-u 'uni']\n", space); + qs_man_print(man, " %s [-k <prefix>] [-t] [-f <path>] [-v 0|1|2]\n", space); + printf("\n"); + if(man) { + printf(".SH DESCRIPTION\n"); + } else { + printf("Summary\n"); + } + qs_man_print(man, " mod_qos implements a request filter which validates each request\n"); + qs_man_print(man, " line. The module supports both, negative and positive security\n"); + qs_man_print(man, " model. The QS_Deny* directives are used to specify request line\n"); + qs_man_print(man, " patterns which are not allowed to access the server (negative\n"); + qs_man_print(man, " security model / deny list). These rules are used to restrict\n"); + qs_man_print(man, " access to certain resources which should not be available to\n"); + qs_man_print(man, " users or to protect the server from malicious patterns. The\n"); + qs_man_print(man, " QS_Permit* rules implement a positive security model (allow list).\n"); + qs_man_print(man, " These directives are used to define allowed request line patterns.\n"); + qs_man_print(man, " Request which do not match any of these patterns are not allowed\n"); + qs_man_print(man, " to access the server.\n"); + if(man) printf("\n\n"); + qs_man_print(man, " %s is an audit log analyzer used to generate filter\n", cmd); + qs_man_print(man, " rules (perl compatible regular expressions) which may be used\n"); + qs_man_print(man, " by mod_qos to deny access for suspect requests (QS_PermitUri rules).\n"); + qs_man_print(man, " It parses existing audit log files in order to generate request\n"); + qs_man_print(man, " patterns covering all allowed requests.\n"); + printf("\n"); + if(man) { + printf(".SH OPTIONS\n"); + } else { + printf("Options\n"); + } + if(man) printf(".TP\n"); + qs_man_print(man, " -i <path>\n"); + if(man) printf("\n"); + qs_man_print(man, " Input file containing request URIs.\n"); + qs_man_print(man, " The URIs for this file have to be extracted from the servers\n"); + qs_man_print(man, " access logs. Each line of the input file contains a request\n"); + qs_man_print(man, " URI consisting of a path and and query.\n"); + printf("\n"); + printf(" Example:\n"); + qs_man_println(man, " /aaa/index.do\n"); + qs_man_println(man, " /aaa/edit?image=1.jpg\n"); + qs_man_println(man, " /aaa/image/1.jpg\n"); + qs_man_println(man, " /aaa/view?page=1\n"); + qs_man_println(man, " /aaa/edit?document=1\n"); + printf("\n"); + qs_man_print(man, " These access log data must include current request URIs but\n"); + qs_man_print(man, " also request lines from previous rule generation steps. It\n"); + qs_man_print(man, " must also include request lines which cover manually generated\n"); + qs_man_print(man, " rules.\n"); + qs_man_print(man, " You may use the 'qos-path' and 'qos-query' variables to create\n"); + qs_man_print(man, " an audit log containing all request data (path and query/body data).\n"); + qs_man_print(man, " Example: 'CustomLog audit_log %{qos-path}n%{qos-query}n'.\n"); + qs_man_print(man, " See also http://mod-qos.sourceforge.net#qsfiltersample about\n"); + qs_man_print(man, " the module settings.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -c <path>\n"); + if(man) printf("\n"); + qs_man_print(man, " mod_qos configuration file defining QS_DenyRequestLine and\n"); + qs_man_print(man, " QS_PermitUri directives.\n"); + qs_man_print(man, " %s generates rules from access log data automatically.\n", cmd); + qs_man_print(man, " Manually generated rules (QS_PermitUri) may be provided from\n"); + qs_man_print(man, " this file. Note: each manual rule must be represented by a\n"); + qs_man_print(man, " request URI in the input data (-i) in order to make sure not\n"); + qs_man_print(man, " to be deleted by the rule optimisation algorithm.\n"); + qs_man_print(man, " QS_Deny* rules from this file are used to filter request lines\n"); + qs_man_print(man, " which should not be used for allow list rule generation.\n"); + printf("\n"); + printf(" Example:\n"); + qs_man_println(man, " # manually defined allow list rule:\n"); + qs_man_println(man, " QS_PermitUri +view deny \"^[/a-zA-Z0-9]+/view\\?(page=[0-9]+)?$\"\n"); + qs_man_println(man, " # filter unwanted request line patterns:\n"); + qs_man_println(man, " QS_DenyRequestLine +printable deny \".*[\\x00-\\x19].*\"\n"); + printf("\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -d <num>\n"); + if(man) printf("\n"); + qs_man_print(man, " Depth (sub locations) of the path string which is defined as a\n"); + qs_man_print(man, " literal string. Default is 1.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -h\n"); + if(man) printf("\n"); + qs_man_print(man, " Always use a string representing the handler name in the path even\n"); + qs_man_print(man, " the url does not have a query. See also -d option.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -b <num>\n"); + if(man) printf("\n"); + qs_man_print(man, " Replaces url pattern by the regular expression when detecting\n"); + qs_man_print(man, " a base64/hex encoded string. Detecting sensibility is defined by a\n"); + qs_man_print(man, " numeric value. You should use values higher than 5 (default)\n"); + qs_man_print(man, " or 0 to disable this function.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -p\n"); + if(man) printf("\n"); + qs_man_print(man, " Represents query by pcre only (no literal strings).\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -s\n"); + if(man) printf("\n"); + qs_man_print(man, " Uses one single pcre for the whole query string.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -m\n"); + if(man) printf("\n"); + qs_man_print(man, " Uses one pcre for multiple query values (recommended mode).\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -o\n"); + if(man) printf("\n"); + qs_man_print(man, " Does not care the order of query parameters.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -l <len>\n"); + if(man) printf("\n"); + qs_man_print(man, " Outsizes the query length by the defined length ({0,size+len}),\n"); + qs_man_print(man, " default is %d.\n", m_query_len_pcre); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -n\n"); + if(man) printf("\n"); + qs_man_print(man, " Disables redundant rules elimination.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -e\n"); + if(man) printf("\n"); + qs_man_print(man, " Exit on error.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -u 'uni'\n"); + if(man) printf("\n"); + qs_man_print(man, " Enables additional decoding methods. Use the same settings as you have\n"); + qs_man_print(man, " used for the QS_Decoding directive.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -k <prefix>\n"); + if(man) printf("\n"); + qs_man_print(man, " Prefix used to generate rule identifiers (QSF by default).\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -t\n"); + if(man) printf("\n"); + qs_man_print(man, " Calculates the maximal latency per request (worst case) using the\n"); + qs_man_print(man, " generated rules.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -f <path>\n"); + if(man) printf("\n"); + qs_man_print(man, " Filters the input by the provided path (prefix) only processing\n"); + qs_man_print(man, " matching lines.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -v <level>\n"); + if(man) printf("\n"); + qs_man_print(man, " Verbose mode. (0=silent, 1=rule source, 2=detailed). Default is 1.\n"); + qs_man_print(man, " Don't use rules you haven't checked the request data used to\n"); + qs_man_print(man, " generate it! Level 1 is highly recommended (as long as you don't\n"); + qs_man_print(man, " have created the log data using your own web crawler).\n"); + printf("\n"); + if(man) { + printf(".SH OUTPUT\n"); + } else { + printf("Output\n"); + } + qs_man_print(man, " The output of %s is written to stdout. The output\n", cmd); + qs_man_print(man, " contains the generated QS_PermitUri directives but also\n"); + qs_man_print(man, " information about the source which has been used to generate\n"); + qs_man_print(man, " these rules. It is very important to check the validity of\n"); + qs_man_print(man, " each request line which has been used to calculate the\n"); + qs_man_print(man, " QS_PermitUri rules. Each request line which has been used to\n"); + qs_man_print(man, " generate a new rule is shown in the output prefixed by\n"); + qs_man_print(man, " \"ADD line <line number>:\". These request lines should be\n"); + qs_man_print(man, " stored and reused at any later rule generation (add them to\n"); + qs_man_print(man, " the URI input file). The subsequent line shows the generated\n"); + qs_man_print(man, " rule.\n"); + qs_man_print(man, " At the end of data processing a list of all generated\n"); + qs_man_print(man, " QS_PermitUri rules is shown. These directives may be used\n"); + qs_man_print(man, " withn the configuration file used by mod_qos.\n"); + printf("\n"); + if(man) { + printf(".SH EXAMPLE\n"); + } else { + printf("Sample Usage and Output\n"); + } + qs_man_println(man, " %s -i loc.txt -c httpd.conf -m -e\n", cmd); + qs_man_println(man, " ...\n"); + qs_man_println(man, " # ADD line 1: /aaa/index.do\n"); + qs_man_println(man, " # 003 ^(/[a-zA-Z0-9\\-_]+)+[/]?\\.?[a-zA-Z]{0,4}$\n"); + qs_man_println(man, " # ADD line 3: /aaa/view?page=1\n"); + qs_man_println(man, " # --- ^[/a-zA-Z0-9]+/view\\?(page=[0-9]+)?$\n"); + qs_man_println(man, " # ADD line 4: /aaa/edit?document=1\n"); + qs_man_println(man, " # 004 ^[/a-zA-Z]+/edit\\?((document)(=[0-9]*)*[&]?)*$\n"); + qs_man_println(man, " # ADD line 5: /aaa/edit?image=1.jpg\n"); + qs_man_println(man, " # 005 ^[/a-zA-Z]+/edit\\?((image)(=[0-9\\.a-zA-Z]*)*[&]?)*$\n"); + qs_man_println(man, " ...\n"); + qs_man_println(man, " QS_PermitUri +QSF001 deny \"^[/a-zA-Z]+/edit\\?((document|image)(=[0-9\\.a-zA-Z]*)*[&]?)*$\"\n"); + qs_man_println(man, " QS_PermitUri +QSF002 deny \"^[/a-zA-Z0-9]+/view\\?(page=[0-9]+)?$\"\n"); + qs_man_println(man, " QS_PermitUri +QSF003 deny \"^(/[a-zA-Z0-9\\-_]+)+[/]?\\.?[a-zA-Z]{0,4}$\"\n"); + printf("\n"); + if(man) { + printf(".SH SEE ALSO\n"); + printf("qsdt(1), qsexec(1), qsgeo(1), qsgrep(1), qshead(1), qslog(1), qslogger(1), qspng(1), qsre(1), qsrespeed(1), qsrotate(1), qssign(1), qstail(1)\n"); + printf(".SH AUTHOR\n"); + printf("Pascal Buchbinder, http://mod-qos.sourceforge.net/\n"); + } else { + printf("mod_qos %s\n", man_version); + printf("See http://mod-qos.sourceforge.net/ for further details.\n"); + } + if(man) { + exit(0); + } else { + exit(1); + } +} + +/* worker struct, used for parallel processing */ +typedef struct { + apr_pool_t *pool; + apr_table_t *rules; + apr_table_t *rules_url; + int from; + int to; +} qs_worker_t; + +/* determines, if a rule is really required */ +static apr_table_t *qos_get_used(apr_pool_t *pool, apr_table_t *rules, apr_table_t *rules_url, + int from, int to) { + apr_table_t *used = apr_table_make(pool, 1); + int j; + for(j = from; j < to; j++) { + int l; + apr_table_entry_t *linee = (apr_table_entry_t *)apr_table_elts(rules_url)->elts; + if(m_verbose) { + printf("[%d]", j); + fflush(stdout); + } + for(l = 0; l < apr_table_elts(rules_url)->nelts; l++) { + char *line = linee[l].key; + int i; + int match = 0; + apr_table_entry_t *entry = (apr_table_entry_t *)apr_table_elts(rules)->elts; + for(i = 0; i < apr_table_elts(rules)->nelts; i++) { + if(i != j) { + qs_rule_t *rs = (qs_rule_t *)entry[i].val; + if(qs_regexec_len(rs->pcre, line, strlen(line), 0, NULL, 0) >= 0) { + match = 1; + break; + } + } + } + if(!match) { + /* no match, rule j is required */ + apr_table_add(used, entry[j].key, "+"); + } + } + } + return used; +} + +static void *qos_worker(void *argv) { + qs_worker_t *wt = argv; + return qos_get_used(wt->pool, wt->rules, wt->rules_url, wt->from, wt->to); +} + +/* get the characters used withn the string in order to define a pcre */ +static char *qos_2pcre(apr_pool_t *pool, const char *line) { + int hasA = 0; + int hasD = 0; + int hasE = 0; + int hasB = 0; + int i = 0; + unsigned char *in = (unsigned char *)line; + char *ret = apr_pcalloc(pool, strlen(line) * 6); + int reti = 0; + char *existing = ""; + if(strlen(line) == 0) return ""; + while(in[i]) { + if(isdigit(in[i])) { + if(!hasD) { + hasD = 1; + strcpy(&ret[reti], "0-9"); + reti = reti + 3; + } + } else if(isalpha(in[i])) { + if(!hasA) { + hasA = 1; + strcpy(&ret[reti], "a-zA-Z"); + reti = reti + 6; + } + } else if(in[i] == '\\') { + if(!hasE) { + hasE = 1; + strcpy(&ret[reti], "\\\\"); + reti = reti + 2; + } + } else if(in[i] == '-') { + if(!hasB) { + hasB = 1; + strcpy(&ret[reti], "\\-"); + reti = reti + 2; + } + } else if(in[i] == '\0') { + char *ck = apr_psprintf(pool, "#\\x%02x#", in[i]); + if(strstr(existing, ck) == NULL) { + sprintf(&ret[reti], "\\x%02x", in[i]); + reti = reti + 4; + existing = apr_pstrcat(pool, existing, ck, NULL); + } + } else if(strchr(ret, in[i]) == NULL) { + if(strchr(QS_PCRE_RESERVED, in[i]) != NULL) { + ret[reti] = '\\'; + reti++; + ret[reti] = in[i]; + reti++; + } else if((in[i] < ' ') || (in[i] > '~')) { + char *ck = apr_psprintf(pool, "#\\x%02x#", in[i]); + if(strstr(existing, ck) == NULL) { + sprintf(&ret[reti], "\\x%02x", in[i]); + reti = reti + 4; + existing = apr_pstrcat(pool, existing, ck, NULL); + } + } else { + ret[reti] = in[i]; + reti++; + } + } + i++; + } + if(strlen(ret) == 0) return NULL; + ret[reti] = '\0'; + return ret; +} + +/* check for the pattern "p" in "r" using the delimter "d", + returns 1 if it is in the string */ +static int qos_checkstr(apr_pool_t *pool, char *r, char *d, char *p) { + /* + * r = ..|p|.. + * r = p|... + * r = ..|p + * r = p + */ + char *check1 = apr_pstrcat(pool, d, p, d, NULL); + char *check2 = apr_pstrcat(pool, p, d, NULL); + char *check3 = apr_pstrcat(pool, d, p, NULL); + + if(strstr(r, check1) != NULL) { + return 1; + } + if(strncmp(r, check2, strlen(check2)) == 0) { + return 1; + } + if(strlen(r) > strlen(check3)) { + if((strncmp(&r[strlen(r)-strlen(check3)], check3, strlen(check3)) == 0)) { + return 1; + } + } + if(strcmp(r, p) == 0) { + return 1; + } + + return 0; +} + +/* add the string "n" to "o" using the delimiter "d" (only if not + already available */ +static char *qos_addstr(apr_pool_t *pool, char *o, char *d, char *n) { + char *p = apr_pstrdup(pool, n); + char *r = o; + if(n == NULL) return o; + while(p && p[0]) { + char *this = p; + char *next = strchr(p, d[0]); + + /* \| */ + while(next) { + if((next > this) && (next[-1] == '\\')) { + next++; + next = strchr(next, d[0]); + } else { + break; + } + } + if(next == NULL) { + p = NULL; + } else { + next[0] = '\0'; + next++; + p = next; + } + if(!qos_checkstr(pool, r, d, this)) { + r = apr_pstrcat(pool, r, d, this, NULL); + } + } + return r; +} + + +/* create a name=pcre string like this: ((s1|s2)(=[<pcre>]*)*[&]?)*" */ +static char *qos_qqs(apr_pool_t *pool, char *string, char *query_pcre, int singleEq, int hasEq, int startAmp) { + char *se = NULL; + char *s = ""; + if(startAmp) s = "[&]?"; + if(singleEq) { + se = "(=[&]?)*"; + } + if(strlen(query_pcre) > 0) { + return apr_pstrcat(pool, s, "((", string, ")(=[", qos_2pcre(pool, query_pcre), "]*)*[&]?)*", se, NULL); + } else { + if(hasEq && !singleEq) { + se = "(=[&]?)*"; + return apr_pstrcat(pool, s, "(((", string, ")[&]?)*", se, ")*", NULL); + } + return apr_pstrcat(pool, s, "((", string, ")[&]?)*", se, NULL); + } +} + +/* tries to optimize the rules by merging all query into one single pcre matching + all values */ +static void qos_query_optimization(apr_pool_t *pool, apr_table_t *rules) { + apr_table_t *delete = apr_table_make(pool, 1); + apr_table_t *checked_path = apr_table_make(pool, 1); + apr_table_t *new = apr_table_make(pool, 1); + int i, j; + apr_table_entry_t *entry = (apr_table_entry_t *)apr_table_elts(rules)->elts; + for(i = 0; i < apr_table_elts(rules)->nelts; i++) { + char *rule_str = entry[i].key; + qs_rule_t *r = (qs_rule_t *)entry[i].val; + if(!r->fragment && r->path && (apr_table_get(checked_path, r->path) == NULL)) { + int merged = 0; + char *query_m_string = r->query_m_string == NULL ? "" : r->query_m_string; + char *query_m_pcre = r->query_m_pcre == NULL ? "" : r->query_m_pcre; + if(m_verbose > 1) printf(" search for path %s (%s)\n", r->path, rule_str); + if(m_verbose > 1) printf(" . %s %s\n", query_m_string, query_m_pcre); + apr_table_add(checked_path, r->path, ""); + /* search for rules with the same path and delete them */ + for(j = 0; j < apr_table_elts(rules)->nelts; j++) { + if(i != j) { + qs_rule_t *n = (qs_rule_t *)entry[j].val; + if(!n->fragment && n->path && (strcmp(r->path, n->path) == 0)) { + if(m_verbose > 1) printf(" + %s %s\n", + n->query_m_string == NULL ? "-" : n->query_m_string, + n->query_m_pcre == NULL ? "-" : n->query_m_pcre); + if(strlen(query_m_string) == 0) { + query_m_string = apr_pstrcat(pool, query_m_string, n->query_m_string, NULL); + } else { + query_m_string = qos_addstr(pool, query_m_string, "|", n->query_m_string); + } + if(m_verbose > 1) printf(" > %s\n", query_m_string); + query_m_pcre = apr_pstrcat(pool, query_m_pcre, n->query_m_pcre, NULL); + apr_table_add(delete, entry[j].key, ""); + merged = 1; + } + } + } + /* update rule if merged to any */ + if(merged) { + apr_table_add(delete, entry[i].key, ""); + if(m_verbose) { + printf("# CHANGE: <%s>", rule_str); + } + { + const char *errptr = NULL; + char *rule = apr_pstrcat(pool, "^", r->path, NULL); + qs_rule_t *rs = apr_pcalloc(pool, sizeof(qs_rule_t)); + if(strlen(query_m_string) > 0) { + rule = apr_pstrcat(pool, rule, "\\?", + qos_qqs(pool, query_m_string, query_m_pcre, 0, 0, 0), NULL); + } + rule = apr_pstrcat(pool, rule, "$", NULL); + rs->pcre = qos_pcre_compile(pool, rule, 0); + rs->path = r->path; + apr_table_setn(new, rule, (char *)rs); + if(m_verbose) { + printf(" to <%s>\n", rule); + fflush(stdout); + } + } + } + } + } + entry = (apr_table_entry_t *)apr_table_elts(delete)->elts; + for(i = 0; i < apr_table_elts(delete)->nelts; i++) { + if(m_verbose) printf("# DEL rule: %s\n", entry[i].key); + apr_table_unset(rules, entry[i].key); + } + entry = (apr_table_entry_t *)apr_table_elts(new)->elts; + for(i = 0; i < apr_table_elts(new)->nelts; i++) { + apr_table_setn(rules, entry[i].key, entry[i].val); + } +} + +/* deletes rules which are not required and merge query name/value pairs */ +static void qos_delete_obsolete_rules(apr_pool_t *pool, apr_table_t *rules, apr_table_t *rules_url) { + apr_table_t *not_used = apr_table_make(pool, 1); + apr_table_t *used; + apr_table_t *used1; + pthread_attr_t *tha = NULL; + pthread_t tid; + qs_worker_t *wt = apr_pcalloc(pool, sizeof(qs_worker_t)); + + + if(m_query_multi_pcre) { + if(m_verbose) { + printf("# search for redundant rules ...\n"); + fflush(stdout); + } + qos_query_optimization(pool, rules); + if(m_verbose) printf("# "); + } else { + if(m_verbose) { + printf("# search for redundant rules "); + fflush(stdout); + } + } + + wt->pool = pool; + wt->rules = rules; + wt->rules_url = rules_url; + wt->from = apr_table_elts(rules)->nelts / 2; + wt->to = apr_table_elts(rules)->nelts; + + pthread_create(&tid, tha, qos_worker, (void *)wt); + used = qos_get_used(pool, rules, rules_url, 0, apr_table_elts(rules)->nelts / 2); + pthread_join(tid, (void *)&used1); + if(m_verbose) printf(" done\n"); + { + int i; + apr_table_entry_t *entry = (apr_table_entry_t *)apr_table_elts(rules)->elts; + for(i = 0; i < apr_table_elts(rules)->nelts; i++) { + if((apr_table_get(used, entry[i].key) == NULL) && + (apr_table_get(used1, entry[i].key) == NULL)) { + if(m_verbose) printf("# DEL rule (not required): %s\n", entry[i].key); + apr_table_add(not_used, entry[i].key, "-"); + } + } + entry = (apr_table_entry_t *)apr_table_elts(not_used)->elts; + for(i = 0; i < apr_table_elts(not_used)->nelts; i++) { + apr_table_unset(rules, entry[i].key); + } + } +} + +/* test if we need to create a new url (and save line if the rule is used the very + first time (rule has been read from the configuration file)) */ +static int qos_test_for_existing_rule(char *plain, char *line, apr_table_t *rules, + apr_table_t *special_rules, int line_nr, + apr_table_t *rules_url, apr_table_t *source_rules, int first) { + int i; + apr_table_entry_t *entry = (apr_table_entry_t *)apr_table_elts(rules)->elts; + if((line == 0) || (strlen(line) == 0)) return 0; + for(i = 0; i < apr_table_elts(rules)->nelts; i++) { + qs_rule_t *rs = (qs_rule_t *)entry[i].val; + if(qs_regexec_len(rs->pcre, line, strlen(line), 0, NULL, 0) >= 0) { + if(first && (apr_table_get(source_rules, entry[i].key) == NULL)) { + apr_table_add(source_rules, entry[i].key, ""); + apr_table_add(rules_url, line, ""); + apr_table_setn(special_rules, entry[i].key, (char *)rs); + if(m_verbose) { + printf("# ADD line %d: %s\n", line_nr, plain); + printf("# --- %s\n", entry[i].key); + } + } + if(m_verbose > 1){ + printf("LINE %d, exiting rule: %s\n", line_nr, entry[i].key); + } + return 1; + } + } + /* check for special rules */ + entry = (apr_table_entry_t *)apr_table_elts(special_rules)->elts; + for(i = 0; i < apr_table_elts(special_rules)->nelts; i++) { + qs_rule_t *rs = (qs_rule_t *)entry[i].val; + if(qs_regexec_len(rs->pcre, line, strlen(line), 0, NULL, 0) >= 0) { + if(m_verbose) { + printf("# ADD line %d: %s\n", line_nr, plain); + printf("# -(S) %s\n", entry[i].key); + } + apr_table_setn(rules, entry[i].key, (char *)rs); + return 1; + } + } + return 0; +} + +/* filter lines we don't want to add to the allow list */ +static int qos_enforce_denylist(apr_table_t *rules, const char *line) { + int i; + apr_table_entry_t *entry = (apr_table_entry_t *)apr_table_elts(rules)->elts; + if((line == 0) || (strlen(line) == 0)) return 0; + for(i = 0; i < apr_table_elts(rules)->nelts; i++) { + qs_rule_t *rs = (qs_rule_t *)entry[i].val; + if(qs_regexec_len(rs->pcre, line, strlen(line), 0, NULL, 0) == 0) { + if(m_verbose > 1) printf(" deny list match, rule %s\n", entry[i].key); + return 1; + } + } + return 0; +} + +/* load existing rules */ +static void qos_load_rules(apr_pool_t *pool, apr_table_t *ruletable, + const char *httpdconf, const char *command, int option) { + FILE *f = fopen(httpdconf, "r"); + char line[MAX_LINE]; + if(f == NULL) { + fprintf(stderr, "ERROR, could not open %s\n", httpdconf); + exit(1); + } + while(!qos_fgetline(line, sizeof(line), f)) { + // QS_DenyRequestLine '+'|'-'<id> 'log'|'deny' <pcre> + char *p = strstr(line, command); + if(p) { + p[0] = '\0'; + p++; + } + if(p && (strchr(line, '#') == NULL)) { + p = strchr(p, ' '); + if(p) { + while(p[0] == ' ') p++; + p = strchr(p, ' '); + if(p) { + while(p[0] == ' ') p++; + p = strchr(p, ' '); + if(p) { + while(p[0] == ' ') p++; + if(m_verbose > 1) { + printf("load %s\n", p); + } + { + const char *errptr = NULL; + char *pattern; + qs_regex_t *pcre_test; + qs_rule_t *rs; + if(p[0] == '"') { + int fl = strlen(p)-2; + pattern = apr_psprintf(pool, "%.*s", fl, &p[1]); + } else { + int fl = strlen(p); + pattern = apr_psprintf(pool, "%.*s", fl, p); + } + pcre_test = qos_pcre_compile(pool, pattern, option); + rs = apr_pcalloc(pool, sizeof(qs_rule_t)); + rs->pcre = pcre_test; + apr_table_setn(ruletable, pattern, (char *)rs); + } + } + } + } + } + } + fclose(f); +} + +static void qos_load_denylist(apr_pool_t *pool, apr_table_t *denylist, const char *httpdconf) { + qos_load_rules(pool, denylist, httpdconf, "QS_DenyRequestLine", PCRE2_CASELESS); +} +static void qos_load_allowlist(apr_pool_t *pool, apr_table_t *rules, const char *httpdconf) { + qos_load_rules(pool, rules, httpdconf, "QS_PermitUri", 0); +} + +/* tries to map a base64 string to a pcre */ +static char *qos_b64_2pcre(apr_pool_t *pool, const char *line) { + char *copy = apr_pstrdup(pool, line); + char *b64 = qos_detect_b64(copy, 1); + char *st = b64; + char *ed = &b64[1]; + if(m_verbose > 1) printf(" B642pcre: %s", copy); + /* reserved: {}[]()^$.|*+?\ */ +#define QS_BX "-_$+!" + while(st[0] && (isdigit(st[0]) || isalpha(st[0]) || (strchr(QS_BX, st[0]) != NULL))) { + st--; + } + st++; + st[0] = '\0'; + while(ed[0] && (isdigit(ed[0]) || isalpha(ed[0]) || (strchr(QS_BX, ed[0]) != NULL))) { + ed++; + } + if(m_verbose > 1) printf(" %s <> %s\n", copy, ed); + return apr_pstrcat(pool, qos_escape_pcre(pool, copy), + "[a-zA-Z0-9\\-_\\$\\+!]+", + ed[0] == '\0' ? NULL : qos_escape_pcre(pool, ed), NULL); +} + + +/* maps a query string to a pairs of <string>=<pcre> or <pcre>=<pcre> */ +static char *qos_query_string_pcre(apr_pool_t *pool, const char *path) { + char *copy = apr_pstrdup(pool, path); + char *pos = copy; + char *ret = ""; + int isValue = 0; + int open = 0; + while(copy[0]) { + if((copy[0] == '=') && (copy[1] != '=') && !open) { + copy[0] = '\0'; + qos_unescaping(pos); + if(!open) { + ret = apr_pstrcat(pool, ret, "(", NULL); + open = 1; + } + if(m_query_pcre) { + if(strlen(pos) > 0) { + ret = apr_pstrcat(pool, ret, "[", qos_2pcre(pool, pos), "]+=", NULL); + } else { + ret = apr_pstrcat(pool, ret, "=", NULL); + } + } else { + ret = apr_pstrcat(pool, ret, qos_escape_pcre(pool, pos), "=", NULL); + } + open = 1; + pos = copy; + pos++; + isValue = 1; + } + if(copy[0] == '&') { + copy[0] = '\0'; + if(strlen(pos) == 0) { + ret = apr_pstrcat(pool, ret, "[&]?", NULL); + if(open) { + ret = apr_pstrcat(pool, ret, ")?", NULL); + open = 0; + } + } else { + qos_unescaping(pos); + ret = apr_psprintf(pool, "%s[%s]{0,%"APR_SIZE_T_FMT"}[&]?", ret, qos_2pcre(pool, pos), + strlen(pos) + m_query_len_pcre); + if(open) { + ret = apr_pstrcat(pool, ret, ")?", NULL); + open = 0; + } + } + pos = copy; + pos++; + isValue = 0; + } + copy++; + } + if(pos != copy) { + qos_unescaping(pos); + if(isValue) { + ret = apr_psprintf(pool, "%s[%s]{0,%"APR_SIZE_T_FMT"}[&]?", ret, qos_2pcre(pool, pos), + strlen(pos) + m_query_len_pcre); + } else { + if(!open) { + ret = apr_pstrcat(pool, "(", ret, NULL); + open = 1; + } + if(m_query_pcre) { + ret = apr_pstrcat(pool, ret, "[", qos_2pcre(pool, pos), "]+", NULL); + } else { + ret = apr_pstrcat(pool, ret, qos_escape_pcre(pool, pos), NULL); + } + } + if(open) { + ret = apr_pstrcat(pool, ret, ")?", NULL); + open = 0; + } + } + if(open) { + ret = apr_pstrcat(pool, ret, ")?", NULL); + open = 0; + } + if(m_query_pcre) { + return ret; + } else { + return ret; + /* it would be nice to use (see -o): + * ((a=b)?(c=d)?)* + * instead of: + * (a=b)?(c=d)? and (c=d)?(a=b)? + * but in this case, two rules are much faster than one + * it's probably better to use the -m option + */ + } +} + +/* maps a query string to a list of names and a single pcre for all values: + <string>|<string>=<pcre> */ +static char *qos_multi_query_string_pcre(apr_pool_t *pool, const char *path, + char **query_m_string, char **query_m_pcre) { + char *copy = apr_pstrdup(pool, path); + char *pos = copy; + char *string = ""; + char *query_pcre = ""; + int isValue = 0; + int singleEq = 0; + int hasEq = 0; + int startAmp = 0; + if(copy[0] == '&') startAmp = 1; + while(copy[0]) { + if(copy[0] == '=') hasEq = 1; + if((copy[0] == '=') && (copy[1] != '=') && !isValue) { + copy[0] = '\0'; + qos_unescaping(pos); + if(strlen(pos) > 0) { + if(strlen(string) > 0) string = apr_pstrcat(pool, string, "|", NULL); + string = apr_pstrcat(pool, string, qos_escape_pcre(pool, pos), NULL); + } else { + if((copy[1] == '&') || (copy[1] == '\0')) { + singleEq = 1; + } + } + pos = copy; + pos++; + isValue = 1; + } + if(copy[0] == '&') { + copy[0] = '\0'; + if(!isValue) { + qos_unescaping(pos); + if(strlen(string) > 0) string = apr_pstrcat(pool, string, "|", NULL); + string = apr_pstrcat(pool, string, qos_escape_pcre(pool, pos), NULL); + } else { + if(strlen(pos) != 0) { + qos_unescaping(pos); + query_pcre = apr_pstrcat(pool, query_pcre, pos, NULL); + } + } + pos = copy; + pos++; + isValue = 0; + } + copy++; + } + if(pos != copy) { + qos_unescaping(pos); + if(isValue) { + query_pcre = apr_pstrcat(pool, query_pcre, pos, NULL); + } else { + if(strlen(string) > 0) string = apr_pstrcat(pool, string, "|", NULL); + string = apr_pstrcat(pool, string, qos_escape_pcre(pool, pos), NULL); + } + } + *query_m_string = string; + *query_m_pcre = query_pcre; + return qos_qqs(pool, string, query_pcre, singleEq, hasEq, startAmp); +} + +/* maps a path to a single pcre (don't mind its length) */ +static char *qos_path_pcre(apr_pool_t *lpool, const char *path) { + char *dec = apr_pstrdup(lpool, path); + qos_unescaping(dec); + return apr_pstrcat(lpool, "[", qos_2pcre(lpool, dec), "]+", NULL); +} + +/* maps a path to <pcre>/<string> */ +static char *qos_path_pcre_string(apr_pool_t *lpool, const char *path) { + int nohandler = 0; + char *lpath = apr_pstrdup(lpool, path); + char *last; + char *str = ""; + int depth = m_path_depth; + char *rx = ""; + if(lpath[strlen(lpath)-1] == '/') { + lpath[strlen(lpath)-1] = '\0'; + nohandler = 1; + } + last = strrchr(lpath, '/'); + while(last && depth) { + qos_unescaping(last); + if(m_base64 && qos_detect_b64(last, 0)) { + str = apr_pstrcat(lpool, qos_b64_2pcre(lpool, last), str, NULL); + } else { + str = apr_pstrcat(lpool, qos_escape_pcre(lpool, last), str, NULL); + } + last[0] = '\0'; + last = strrchr(lpath, '/'); + depth--; + } + if(lpath[0]) { + qos_unescaping(lpath); + rx = apr_pstrcat(lpool, "[", qos_2pcre(lpool, lpath), "]+", NULL); + } + if(strlen(str) > 0) { + if(nohandler) { + rx = apr_pstrcat(lpool, rx, str, "[/]?", NULL); + } else { + rx = apr_pstrcat(lpool, rx, str, NULL); + } + } + return rx; +} + +static int qos_is_alnum(const char *string) { + unsigned char *in = (unsigned char *)string; + int i = 0; + if(in == NULL) return 0; + while(in[i]) { + if(!apr_isalnum(in[i])) return 0; + i++; + } + return 1; +} + +static void qos_rule_optimization(apr_pool_t *pool, apr_pool_t *lpool, + apr_table_t *rules, apr_table_t *special_rules) { + int i; + apr_table_t *new_rules = apr_table_make(pool, 5); + apr_table_t *del_rules = apr_table_make(pool, 5); + apr_table_entry_t *entry = (apr_table_entry_t *)apr_table_elts(rules)->elts; + for(i = 0; i < apr_table_elts(rules)->nelts; i++) { + qs_rule_t *rs = (qs_rule_t *)entry[i].val; + int hit = 0; + int j; + for(j = 0; j < apr_table_elts(rules)->nelts; j++) { + if(i != j) { + qs_rule_t *rsj = (qs_rule_t *)entry[j].val; + if(rs->query_m_string && rsj->query_m_string) { + if(strcmp(rs->query_m_string, rsj->query_m_string) == 0) { + if(strlen(entry[i].key) == strlen(entry[j].key)) { + hit++; + } + } + if(hit == 5) { + int s = 0; + int e = 0; + while(entry[i].key[s] && (entry[i].key[s] == entry[j].key[s])) s++; + e = s; + while(entry[i].key[e] && + ((entry[i].key[e] != entry[j].key[e]) || + (apr_isalnum(entry[i].key[e]) && apr_isalnum(entry[j].key[e])))) e++; + if((e > s) && + (s > 14) && + (e < strlen(entry[i].key)) && + (strstr(&entry[i].key[e], "\?") != NULL)) { + const char *errptr = NULL; + char *match = apr_psprintf(lpool, "%.*s%.*s", + e-s, &entry[i].key[s], + e-s, &entry[j].key[s]); + if(qos_is_alnum(match)) { + char *matchx = apr_psprintf(lpool, "[%s]{%d}", qos_2pcre(lpool, match), e-s); + char *new = apr_psprintf(pool, "%.*s%s%s", s, entry[i].key, matchx, &entry[i].key[e]); + qs_rule_t *rsn = apr_pcalloc(pool, sizeof(qs_rule_t)); + rsn->pcre = qos_pcre_compile(pool, new, 0); + rsn->path = rs->path; + rsn->query_m_string = rs->query_m_string; + rsn->query_m_pcre = rs->query_m_pcre; + rsn->fragment = rs->fragment; + if(m_verbose) { + printf("# CHANGE: <%s> to <%s>\n", entry[i].key, new); + fflush(stdout); + } + apr_table_setn(new_rules, new, (char *)rsn); + apr_table_addn(del_rules, entry[i].key, entry[i].val); + apr_table_addn(del_rules, entry[j].key, entry[j].val); + if(m_verbose > 1) { + if(m_verbose) printf(" [%s] [%s]\n", entry[i].key, entry[j].key); + if(m_verbose) printf(" [%s] [%s]\n", match, matchx); + } + break; + } + } + } + } + } + } + } + entry = (apr_table_entry_t *)apr_table_elts(new_rules)->elts; + for(i = 0; i < apr_table_elts(new_rules)->nelts; i++) { + apr_table_setn(rules, entry[i].key, entry[i].val); + } + entry = (apr_table_entry_t *)apr_table_elts(del_rules)->elts; + for(i = 0; i < apr_table_elts(del_rules)->nelts; i++) { + apr_table_unset(rules, entry[i].key); + } +} + +/* rules do not care the order of parameter values (makes rule processing slow) + * (id=[0-9]{0,13}[&]?)?(name=[a-zA-Z]{0,12}[&]?)? + * ((id=[0-9]{0,13}[&]?)|(name=[a-zA-Z]{0,12}[&]?))* + */ +static char *qos_post_optimization(apr_pool_t *lpool, char *query) { + int hit = 0; + char *p = query; + while(p && p[0]) { + if(strncmp(p, "[&]?)?(", 7) == 0) { + hit = 1; + p[5] = '|'; + } + p++; + } + if(hit) { + query[strlen(query)-1] = '\0'; + return apr_psprintf(lpool, "(%s)*", query); + } + return query; +} + +static void qos_auto_detect(char **raw) { + char *line = *raw; + int rc_c = -1; + if(m_req_regex) { + qs_regmatch_t regm[QS_MAX_REG_MATCH]; + /* no request line, maybe raw Apache access log? */ + rc_c = qs_regexec_len(m_req_regex, line, strlen(line), QS_MAX_REG_MATCH, regm, 0); + if(rc_c >= 0) { + char *sr = &line[regm[2].rm_so]; + sr[regm[2].rm_eo - regm[2].rm_so] = '\0'; + *raw = sr; + } + } + if(rc_c < 0) { + /* or an audit log like "%h %>s %{qos-loc}n %{qos-path}n%{qos-query}n" */ + char *pe = line; + int pi = 3; + while(pe && (pi > 0)) { + pi--; + pe = strchr(pe, ' '); + if(pe) { + pe++; + } + } + if(pe && pe[0] == '/' && (pi == 0)) { + *raw = pe; + } + } + return; +} + +/* process the input file line by line */ +static void qos_process_log(apr_pool_t *pool, apr_table_t *denylist, apr_table_t *rules, + apr_table_t *rules_url, apr_table_t *special_rules, + FILE *f, int *ln, int *dc, int first) { + char *readline = apr_pcalloc(pool, MAX_BODY_BUFFER); + int deny_count = *dc; + int line_nr = *ln; + apr_table_t *source_rules = apr_table_make(pool, 10); + int rule_optimization = 300; + while(!qos_fgetline(readline, MAX_BODY_BUFFER, f)) { + int doubleSlash = 0; + apr_uri_t parsed_uri; + apr_pool_t *lpool; + char *line = readline; + apr_pool_create(&lpool, NULL); + line_nr++; + if((strlen(line) > 1) && line[1] == '/') { + doubleSlash = 1; + line++; + } + if(line[0] != '/') { + if(!m_log_req_regex) { + m_log_req_regex = 1; + fprintf(stderr, "WARNING, line %d: " + "unexpected data format, try to detect request lines automatically\n", + line_nr); + } + qos_auto_detect(&line); + } + if(apr_uri_parse(lpool, line, &parsed_uri) != APR_SUCCESS) { + fprintf(stderr, "ERROR, could not parse uri %s\n", line); + if(m_exit_on_error) exit(1); + } + if(parsed_uri.path == NULL || (parsed_uri.path[0] != '/')) { + fprintf(stderr, "WARNING, line %d: invalid request %s\n", line_nr, line); + } else if(m_filter && parsed_uri.path && strncmp(parsed_uri.path, m_filter, strlen(m_filter)) != 0) { + // skip filtered line + } else { + char *path = NULL; + char *query = NULL; + char *query_m_string = NULL; + char *query_m_pcre = NULL; + char *fragment = NULL; + char *copy = apr_pstrdup(lpool, line); + qos_unescaping(copy); + if(qos_enforce_denylist(denylist, copy)) { + fprintf(stderr, "WARNING: deny list filter match at line %d for %s\n", + line_nr, line); + deny_count++; + } else { + if(!qos_test_for_existing_rule(line, copy, rules, special_rules, + line_nr, rules_url, source_rules, first)) { + if(m_verbose > 1) printf("LINE %d, analyse: %s\n", line_nr, line); + if(parsed_uri.query) { + if(strcmp(parsed_uri.path, "/") == 0) { + path = apr_pstrdup(lpool, "/"); + } else { + path = qos_path_pcre_string(lpool, parsed_uri.path); + } + if(m_query_single_pcre) { + char *qc = apr_pstrdup(lpool, parsed_uri.query); + qos_unescaping(qc); + query = apr_pstrcat(lpool, "[", qos_2pcre(lpool, qc), "]+", NULL); + } else { + if(!m_query_multi_pcre) { + query = qos_query_string_pcre(lpool, parsed_uri.query); + if(m_query_o_pcre) { + query = qos_post_optimization(lpool, query); + } + } else { + query = qos_multi_query_string_pcre(lpool, parsed_uri.query, + &query_m_string, &query_m_pcre); + } + } + } else { + if(strcmp(parsed_uri.path, "/") == 0) { + path = apr_pstrdup(lpool, "/"); + } else { + if(m_handler) { + path = qos_path_pcre_string(lpool, parsed_uri.path); + } else { + if(qs_regexec_len(pcre_simple_path, + parsed_uri.path, strlen(parsed_uri.path), + 0, NULL, 0) >= 0) { + path = apr_pstrdup(lpool, QS_SIMPLE_PATH_PCRE); + } else { + path = qos_path_pcre(lpool, parsed_uri.path); + } + } + } + } + if(parsed_uri.fragment) { + char *f = apr_pstrdup(lpool, parsed_uri.fragment); + if(strlen(f) > 0) { + qos_unescaping(f); + fragment = apr_pstrcat(lpool, "[", qos_2pcre(lpool, f), "]+", NULL); + } else { + fragment = apr_pstrcat(lpool, "", NULL); + } + } + if(m_verbose > 1) { + printf(" path: %s\n", parsed_uri.path); + printf(" path rule: %s\n", path); + if(query) { + printf(" query: %s\n", parsed_uri.query); + printf(" query rule: %s\n", query); + } + if(fragment) { + printf(" fragment: %s\n", parsed_uri.fragment); + printf(" fragment rule: %s\n", fragment); + } + } + { + const char *errptr = NULL; + char *rule; + qs_rule_t *rs = apr_pcalloc(pool, sizeof(qs_rule_t)); + if(doubleSlash) { + rule = apr_pstrcat(pool, "^[/]?", path, NULL); + } else { + rule = apr_pstrcat(pool, "^", path, NULL); + } + if(query) { + rule = apr_pstrcat(pool, rule, "\\?", query, NULL); + } + if(fragment) { + rule = apr_pstrcat(pool, rule, "#", fragment, NULL); + rs->fragment = 1; + } else { + rs->fragment = 0; + } + rule = apr_pstrcat(pool, rule, "$", NULL); + rs->pcre = qos_pcre_compile(pool, rule, 0); + rs->path = apr_pstrdup(pool, path); + if(m_query_multi_pcre && !fragment) { + rs->query_m_string = apr_pstrdup(pool, query_m_string); + rs->query_m_pcre = apr_pstrdup(pool, query_m_pcre); + } else { + rs->query_m_string = NULL; + rs->query_m_pcre = NULL; + } + // don't mind if extra is null + if(m_verbose) { + printf("# ADD line %d: %s\n", line_nr, line); + printf("# %.3d %s\n", apr_table_elts(rules)->nelts+1, rule); + fflush(stdout); + } + if(qs_regexec_len(rs->pcre, copy, strlen(copy), 0, NULL, 0) < 0) { + fprintf(stderr, "ERROR, rule check failed (did not match)!\n"); + fprintf(stderr, " line %d: %s\n", line_nr, line); + fprintf(stderr, " string: %s\n", copy); + fprintf(stderr, " rule: %s\n", rule); + if(m_exit_on_error) exit(1); + } else { + apr_table_add(rules_url, copy, "unescaped line"); + apr_table_add(source_rules, rule, ""); + apr_table_setn(rules, rule, (char *)rs); + } + if(apr_table_elts(rules)->nelts == 2000) { + fprintf(stderr, "ERROR, too many rules (limited to max. 2000)\n"); + if(m_exit_on_error) exit(1); + } + /* rule optimazion searching for redundant patterns (only in + conjunction with -m, -b and !-n */ + if((apr_table_elts(rules)->nelts == rule_optimization) && + m_redundant && + m_query_multi_pcre && + m_base64) { + /* got too many rules, try to find more general rules */ + if(m_verbose) { + printf("# too many rules: start rule optimization ...\n"); + fflush(stdout); + } + qos_rule_optimization(pool, lpool, rules, special_rules); + if(m_verbose) { + printf("# continue with rule generation\n"); + fflush(stdout); + } + rule_optimization = rule_optimization + 200; + } + } + } + } + } + apr_pool_destroy(lpool); + } + *dc = deny_count; + *ln = line_nr; +} + +static void qos_measurement(apr_pool_t *pool, apr_table_t *denylist, apr_table_t *rules, FILE *f, int *ln) { + char *readline = apr_pcalloc(pool, MAX_BODY_BUFFER); + int line_nr = 0; + while(!qos_fgetline(readline, MAX_BODY_BUFFER, f)) { + apr_uri_t parsed_uri; + apr_pool_t *lpool; + char *line = readline; + apr_pool_create(&lpool, NULL); + line_nr++; + if((strlen(line) > 1) && line[1] == '/') { + strcpy(line, &line[1]); + } + if(line[0] != '/') { + qos_auto_detect(&line); + } + if(apr_uri_parse(lpool, line, &parsed_uri) != APR_SUCCESS) { + fprintf(stderr, "ERROR, could parse uri %s\n", line); + if(m_exit_on_error) exit(1); + } + if(parsed_uri.path == NULL || (parsed_uri.path[0] != '/')) { + fprintf(stderr, "WARNING, line %d: invalid request %s\n", line_nr, line); + } else { + char *copy = apr_pstrdup(lpool, line); + int i; + apr_table_entry_t *entry = (apr_table_entry_t *)apr_table_elts(rules)->elts; + qos_unescaping(copy); + for(i = 0; i < apr_table_elts(rules)->nelts; i++) { + qs_rule_t *rs = (qs_rule_t *)entry[i].val; + qs_regexec_len(rs->pcre, copy, strlen(copy), 0, NULL, 0); + } + } + apr_pool_destroy(lpool); + } + *ln = line_nr; +} + +int main(int argc, const char * const argv[]) { + apr_table_entry_t *entry; + long performance = -1; + time_t start = time(NULL); + time_t end; + int line_nr = 0; + int deny_count = 0; + char *time_string; + int i, rc; + const char *access_log = NULL; + FILE *f; + apr_pool_t *pool; + apr_table_t *rules; + apr_table_t *special_rules; + apr_table_t *denylist; + apr_table_t *rules_url; + int denylist_size = 0; + int allowlist_size = 0; + char *cmd = strrchr(argv[0], '/'); + const char *httpdconf = NULL; + apr_app_initialize(&argc, &argv, NULL); + apr_pool_create(&pool, NULL); + rules = apr_table_make(pool, 10); + special_rules = apr_table_make(pool, 10); + denylist = apr_table_make(pool, 10); + rules_url = apr_table_make(pool, 10); + rc = nice(10); + if(rc == -1) { + fprintf(stderr, "ERROR, failed to change nice value: %s\n", strerror(errno)); + } + if(cmd == NULL) { + cmd = (char *)argv[0]; + } else { + cmd++; + } + + argc--; + argv++; + while(argc >= 1) { + if(strcmp(*argv,"-v") == 0) { + if (--argc >= 1) { + m_verbose = atoi(*(++argv)); + } + } else if(strcmp(*argv,"-c") == 0) { + if (--argc >= 1) { + httpdconf = *(++argv); + } + } else if(strcmp(*argv,"-i") == 0) { + if (--argc >= 1) { + access_log = *(++argv); + } + } else if(strcmp(*argv,"-k") == 0) { + if (--argc >= 1) { + m_pfx = *(++argv); + } + } else if(strcmp(*argv,"-f") == 0) { + if (--argc >= 1) { + m_filter = *(++argv); + } + } else if(strcmp(*argv,"-d") == 0) { + if (--argc >= 1) { + m_path_depth = atoi(*(++argv)); + } + } else if(strcmp(*argv,"-u") == 0) { + if (--argc >= 1) { + const char *coders = *(++argv); + if(strstr(coders, "uni")) { + m_mode |= QOS_DEC_MODE_FLAGS_UNI; + } + if(strstr(coders, "ansi")) { + m_mode |= QOS_DEC_MODE_FLAGS_ANSI; + } + if(strstr(coders, "html")) { + m_mode |= QOS_DEC_MODE_FLAGS_HTML; + } + } + } else if(strcmp(*argv,"-n") == 0) { + m_redundant = 0; + } else if(strcmp(*argv,"-b") == 0) { + if (--argc >= 1) { + m_base64 = atoi(*(++argv)); + } + } else if(strcmp(*argv,"-l") == 0) { + if (--argc >= 1) { + m_query_len_pcre = atoi(*(++argv)); + } + } else if(strcmp(*argv,"-p") == 0) { + m_query_pcre = 1; + } else if(strcmp(*argv,"-m") == 0) { + m_query_multi_pcre = 1; + } else if(strcmp(*argv,"-o") == 0) { + m_query_o_pcre = 1; + } else if(strcmp(*argv,"-s") == 0) { + m_query_single_pcre = 1; + } else if(strcmp(*argv,"-e") == 0) { + m_exit_on_error = 1; + } else if(strcmp(*argv,"-t") == 0) { + performance = 0; + } else if(strcmp(*argv,"-h") == 0) { + m_handler = 1; + } else if(strcmp(*argv,"-?") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"-help") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"--help") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"--man") == 0) { + usage(cmd, 1); + } + argc--; + argv++; + } + qos_init_pcre(pool); + + if((m_query_pcre && m_query_multi_pcre) || + (m_query_pcre && m_query_single_pcre) || + (m_query_multi_pcre && m_query_single_pcre) || + (m_query_pcre && m_query_o_pcre) || + (m_query_multi_pcre && m_query_o_pcre) || + (m_query_single_pcre && m_query_o_pcre)) { + fprintf(stderr, "ERROR, option -s,-m,-o or -p can't be used together.\n"); + exit(1); + } + + if(httpdconf) { + qos_load_denylist(pool, denylist, httpdconf); + denylist_size = apr_table_elts(denylist)->nelts; + qos_load_allowlist(pool, rules, httpdconf); + allowlist_size = apr_table_elts(rules)->nelts; + } + + if(access_log == NULL) usage(cmd, 0); + f = fopen(access_log, "r"); + if(f == NULL) { + fprintf(stderr, "ERROR, could not open input file %s\n", access_log); + exit(1); + } + qos_process_log(pool, denylist, rules, rules_url, special_rules, f, &line_nr, &deny_count, 1); + fclose(f); + + if(m_redundant) { + int xl = 0; + int y = 0; + // delete useless rules + qos_delete_obsolete_rules(pool, rules, rules_url); + // ensure, we have not deleted to many! + if(m_verbose) { + printf("# verify new rules ...\n"); + fflush(stdout); + } + // if(httpdconf) { + // qos_load_allowlist(pool, rules, httpdconf); + // } + f = fopen(access_log, "r"); + qos_process_log(pool, denylist, rules, rules_url, special_rules, f, &xl, &y, 0); + fclose(f); + } + + if(performance == 0) { + int lx = 0; + apr_time_t tv; + f = fopen(access_log, "r"); + tv = apr_time_now(); + qos_measurement(pool, denylist, rules, f, &lx); + tv = apr_time_now() - tv; + performance = apr_time_msec(tv) + (apr_time_sec(tv) * 1000); + performance = performance / lx; + fclose(f); + } + + end = time(NULL); + time_string = ctime(&end); + time_string[strlen(time_string) - 1] = '\0'; + printf("\n# --------------------------------------------------------\n"); + printf("# %s\n", time_string); + printf("# %d rules from %d access log lines\n", apr_table_elts(rules)->nelts, line_nr); + printf("# mod_qos version: %s\n", man_version); + if(performance >= 0) { + printf("# performance index (ms/req): %ld\n", performance); + } + printf("# source (-i): %s\n", access_log); + printf("# path depth (-d): %d\n", m_path_depth); + printf("# disable path only regex (-h): %s\n", m_handler == 1 ? "yes" : "no"); + printf("# base64 detection level (-b): %d\n", m_base64); + printf("# redundancy check (-n): %s\n", m_redundant == 1 ? "yes" : "no"); + printf("# pcre only for query (-p): %s\n", m_query_pcre == 1 ? "yes" : "no"); + printf("# decoding (-u): url"); + if(m_mode & QOS_DEC_MODE_FLAGS_UNI) { + printf(" uni"); + } + if(m_mode & QOS_DEC_MODE_FLAGS_HTML) { + printf(" html"); + } + if(m_mode & QOS_DEC_MODE_FLAGS_ANSI) { + printf(" ansi"); + } + printf("\n"); + printf("# one pcre for query value (-m): %s\n", m_query_multi_pcre == 1 ? "yes" : "no"); + if(m_query_o_pcre) { + printf("# ignore query order (-o): yes\n"); + } + printf("# single pcre for query (-s): %s\n", m_query_single_pcre == 1 ? "yes" : "no"); + printf("# query outsize (-l): %d\n", m_query_len_pcre); + printf("# exit on error (-e): %s\n", m_exit_on_error == 1 ? "yes" : "no"); + printf("# rule file (-c): %s\n", httpdconf == NULL ? "-" : httpdconf); + if(httpdconf) { + printf("# allow list (loaded existing rules): %d\n", allowlist_size); + printf("# deny list (loaded deny rules): %d\n", denylist_size); + printf("# deny list matches: %d\n", deny_count); + } + printf("# duration: %ld minutes\n", (end - start) / 60); + printf("# --------------------------------------------------------\n"); + + { + STACK_OF(qs_rule_t) *st = sk_new(STACK_qs_cmp); + qs_rule_t *r; + int j = 1; + entry = (apr_table_entry_t *)apr_table_elts(rules)->elts; + for(i = 0; i < apr_table_elts(rules)->nelts; i++) { + // printf("QS_PermitUri +QSF%0.3d deny \"%s\"\n", i+1, entry[i].key); + r = apr_pcalloc(pool, sizeof(qs_rule_t)); + r->rule = entry[i].key; + sk_push(st, (char *)r); + } + sk_sort(st); + i = sk_num(st); + for(; i > 0; i--) { + r = (qs_rule_t *)sk_value(st, i-1); + printf("QS_PermitUri +%s%.3d deny \"%s\"\n", + m_pfx ? m_pfx : "QSF", + j, qs_apache_escape(pool, r->rule)); + j++; + } + } + + apr_pool_destroy(pool); + return 0; +} diff --git a/tools/src/qsgeo.c b/tools/src/qsgeo.c new file mode 100644 index 0000000..0a46628 --- /dev/null +++ b/tools/src/qsgeo.c @@ -0,0 +1,607 @@ +/* -*-mode: c; indent-tabs-mode: nil; c-basic-offset: 2; -*- + */ +/** + * Utilities for the quality of service module mod_qos. + * + * qsgeo.c: resolves the country codes of IP addresses + * + * See http://mod-qos.sourceforge.net/ for further + * details. + * + * Copyright (C) 2023 Pascal Buchbinder + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +static const char revision[] = "$Id: qsgeo.c 2654 2022-05-13 09:12:42Z pbuchbinder $"; + +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <errno.h> +#include <string.h> +#include <time.h> +#include <sys/time.h> +#include <regex.h> + +/* apr */ +#include <apr.h> +#include <apr_strings.h> +#include <apr_file_io.h> +#include <apr_time.h> +#include <apr_lib.h> +#include <apr_portable.h> +#include <apr_support.h> +#include <apr_base64.h> + +#include "qs_util.h" + +#define MAX_REG_MATCH 10 + +// "3758096128","3758096383","AU" +#define QS_GEO_PATTERN "\"([0-9]+)\",\"([0-9]+)\",\"([A-Z0-9]{2}|-)\"" +// "3758096128","3758096383","AU","Australia" +#define QS_GEO_PATTERN_D "\"([0-9]+)\",\"([0-9]+)\",\"([A-Z0-9]{2})\",\"(.*)\"" +// "192.83.198.0","192.83.198.255","3226715648","3226715903","AU","Australia" +#define QS_GEO_PATTERN_EXT "\"[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+\",\"[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+\",\"([0-9]+)\",\"([0-9]+)\",\"([A-Z0-9]{2})\"" +// 182.12.34.23 +#define IPPATTERN "([0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3})[\"'\x0d\x0a, ]+" +#define IPPATTERN2 "([0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3})[\"'\x0d\x0a,; ]+" + +static int m_inject = 0; +static int m_verbose = 0; + +typedef struct { + unsigned long start; + char *c; +} qos_inj_t; + +static const qos_inj_t m_inj[] = { + { 167772160, "\"10.0.0.0\",\"10.255.255.255\",\"167772160\",\"184549375\",\"PV\",\"private network\"" }, + { 2130706432, "\"127.0.0.0\",\"127.255.255.255\",\"2130706432\",\"2147483647\",\"LO\",\"local loopback\"" }, + { 2886729728, "\"172.16.0.0\",\"172.31.255.255\",\"2886729728\",\"2887778303\",\"PV\",\"private network\"" }, + { 3232235520, "\"192.168.0.0\",\"192.168.255.255\",\"3232235520\",\"3232301055\",\"PV\",\"private network\"" }, + { 0, NULL } +}; + +typedef struct { + unsigned long start; + unsigned long end; + char country[3]; + char c[500]; +} qos_geo_t; + +typedef struct { + int num; + char *c; +} qos_geo_stat_t; + +static int qos_is_num(const char *num) { + int i = 0; + while(num[i]) { + if(!isdigit(num[i])) { + return 0; + } + i++; + } + return 1; +} + +/** + * Converts an IPv4 address string to it's numeric value. + * w.x.y.z results in 16777216*w + 65536*x + 256*y + z + * + * @param pool To make a copy of the address to parse + * @param ip + * @return The address or 0 on error + */ +static unsigned long qos_geo_str2long(apr_pool_t *pool, const char *ip) { + char *p; + char *i = apr_pstrdup(pool, ip); + unsigned long addr = 0; + + p = strchr(i, '.'); + if(!p) return 0; + p[0] = '\0'; + if(!qos_is_num(i)) return 0; + addr += (atol(i) * 16777216); + i = p; + i++; + + p = strchr(i, '.'); + if(!p) return 0; + p[0] = '\0'; + if(!qos_is_num(i)) return 0; + addr += (atol(i) * 65536); + i = p; + i++; + + p = strchr(i, '.'); + if(!p) return 0; + p[0] = '\0'; + if(!qos_is_num(i)) return 0; + addr += (atol(i) * 256); + i = p; + i++; + + if(!qos_is_num(i)) return 0; + addr += (atol(i)); + + return addr; +} + +static void qos_geo_long2str(char *buf, unsigned long ip) { + int a,b,c,d; + a = ip % 256; + ip = ip / 256; + b = ip % 256; + ip = ip / 256; + c = ip % 256; + ip = ip / 256; + d = ip % 256; + sprintf(buf, "%d.%d.%d.%d", d, c, b, a); +} + +/** + * Usage message (text or manpage format). + */ +static void usage(const char *cmd, int man) { + if(man) { + //.TH [name of program] [section number] [center footer] [left footer] [center header] + printf(".TH %s 1 \"%s\" \"mod_qos utilities %s\" \"%s man page\"\n", qs_CMD(cmd), man_date, + man_version, cmd); + } + printf("\n"); + if(man) { + printf(".SH NAME\n"); + } + qs_man_print(man, "%s - an utility to lookup a client's country code.\n", cmd); + printf("\n"); + if(man) { + printf(".SH SYNOPSIS\n"); + } + qs_man_print(man, "%s%s -d <path> [-l] [-s] [-ip <ip>]\n", man ? "" : "Usage: ", cmd); + printf("\n"); + if(man) { + printf(".SH DESCRIPTION\n"); + } else { + printf("Summary\n"); + } + qs_man_print(man, "Use this utility to resolve the country codes of IP addresses\n"); + qs_man_print(man, "within existing log files. The utility reads the log file data\n"); + qs_man_print(man, "from stdin and writes them, with the injected country code, to\n"); + qs_man_print(man, "stdout.\n"); + printf("\n"); + if(man) { + printf(".SH OPTIONS\n"); + } else { + printf("Options\n"); + } + if(man) printf("\n.TP\n"); + qs_man_print(man, " -d <path>\n"); + if(man) printf("\n"); + qs_man_print(man, " Specifies the path to the geographical database files (CSV\n"); + qs_man_print(man, " file containing IP address ranges and country codes).\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -s\n"); + if(man) printf("\n"); + qs_man_print(man, " Writes a summary of the requests per country only.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -l\n"); + if(man) printf("\n"); + qs_man_print(man, " Writes the database to stdout (ignoring stdin) inserting\n"); + qs_man_print(man, " local (127.*) and private (10.*, 172.16*, 192.168.*)\n"); + qs_man_print(man, " network addresses.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -ip <ip>\n"); + if(man) printf("\n"); + qs_man_print(man, " Resolves a single IP address instead of processing a log file.\n"); + printf("\n"); + if(man) { + printf(".SH EXAMPLE\n"); + printf("Reading the file access.log and adding the country code to the IP address field:\n"); + printf("\n"); + } else { + printf("Example reading the file access.log and adding the country code to\n"); + printf("the IP address field:\n"); + } + qs_man_println(man, " cat access.log | %s -d GeoIPCountryWhois.csv\n", cmd); + printf("\n"); + if(man) { + printf("Reading the file access.log and showing a summary only:\n"); + printf("\n"); + } else { + printf("Example reading the file access.log and showing a summary only:\n"); + } + qs_man_println(man, " cat access.log | %s -d GeoIPCountryWhois.csv -s\n", cmd); + printf("\n"); + if(man) { + printf("Resolving a single IP address:\n"); + printf("\n"); + } else { + printf("Example resolving a single IP address:\n"); + } + qs_man_println(man, " %s -d GeoIPCountryWhois.csv -ip 192.84.12.23\n", cmd); + printf("\n"); + if(man) { + printf(".SH SEE ALSO\n"); + printf("qsdt(1), qsexec(1), qsfilter2(1), qsgrep(1), qshead(1), qslog(1), qslogger(1), qspng(1), qsre(1), qsrespeed(1), qsrotate(1), qssign(1), qstail(1)\n"); + printf(".SH AUTHOR\n"); + printf("Pascal Buchbinder, http://mod-qos.sourceforge.net/\n"); + } else { + printf("See http://mod-qos.sourceforge.net/ for further details.\n"); + } + if(man) { + exit(0); + } else { + exit(1); + } +} + +/** + * Comperator to search entries using bsearch. + */ +static int qos_geo_comp(const void *_pA, const void *_pB) { + unsigned long *pA = (unsigned long *)_pA; + qos_geo_t *pB = (qos_geo_t *)_pB; + unsigned long search = *pA; + if((search >= pB->start) && (search <= pB->end)) return 0; + if(search > pB->start) return 1; + if(search < pB->start) return -1; + return -1; // error +} + +/** + * Loads the (sorted) CSV file into the memory. + * + * @param pool + * @param db Path to the db file + * @param size Returns the size f the db (elements in the array) + * @param msg Error message if something got wrong + * @return Array with all entries from the CSV file (or NULL on error) + */ +static qos_geo_t *qos_loadgeo(apr_pool_t *pool, const char *db, int *size, char **msg, int *errors) { + regmatch_t ma[MAX_REG_MATCH]; + regex_t preg; + regex_t pregd; + regex_t pregext; + qos_geo_t *geo = NULL; + qos_geo_t *g = NULL; + qos_geo_t *last = NULL; + int lines = 0; + char line[HUGE_STRING_LEN]; + char buf[HUGE_STRING_LEN]; + FILE *file; + const qos_inj_t *inj = m_inj; + *size = 0; + if(regcomp(&preg, QS_GEO_PATTERN, REG_EXTENDED)) { + // internal error + *msg = apr_pstrdup(pool, "failed to compile regular expression "QS_GEO_PATTERN); + (*errors)++; + return NULL; + } + if(regcomp(&pregd, QS_GEO_PATTERN_D, REG_EXTENDED)) { + // internal error + *msg = apr_pstrdup(pool, "failed to compile regular expression "QS_GEO_PATTERN_D); + (*errors)++; + return NULL; + } + if(regcomp(&pregext, QS_GEO_PATTERN_EXT, REG_EXTENDED)) { + // internal error + *msg = apr_pstrdup(pool, "failed to compile regular expression "QS_GEO_PATTERN_EXT); + (*errors)++; + return NULL; + } + file = fopen(db, "r"); + if(!file) { + (*errors)++; + return NULL; + } + while(fgets(line, sizeof(line), file) != NULL) { + if(strlen(line) > 0) { + if(regexec(&preg, line, 0, NULL, 0) == 0) { + lines++; + } else { + *msg = apr_psprintf(pool, "invalid entry in database: '%s'", line); + (*errors)++; + if(m_verbose) { + char *p = *msg; + while(p[0]) { + if(p[0] < 32) { + p[0] = '.'; + } + p++; + } + fprintf(stderr, "line %d: %s\n", lines, *msg); + } + } + } + } + *size = lines; + geo = apr_pcalloc(pool, sizeof(qos_geo_t) * lines); + g = geo; + fseek(file, 0, SEEK_SET); + lines = 0; + while(fgets(line, sizeof(line), file) != NULL) { + lines++; + if(strlen(line) > 0) { + int plus = 0; + if(m_inject) { + strcpy(buf, line); + } + if(regexec(&pregd, line, MAX_REG_MATCH, ma, 0) == 0) { + plus = 1; + } + if(plus || regexec(&preg, line, MAX_REG_MATCH, ma, 0) == 0) { + int missingAddr = 0; + if(regexec(&pregext, line, 0, NULL, 0) != 0) { + missingAddr = 1; + } + line[ma[1].rm_eo] = '\0'; + line[ma[2].rm_eo] = '\0'; + line[ma[3].rm_eo] = '\0'; + g->start = atoll(&line[ma[1].rm_so]); + g->end = atoll(&line[ma[2].rm_so]); + g->c[0] = '\0'; + if(m_inject) { + if(inj->start && (g->start > inj->start)) { + while(inj->start && (g->start > inj->start)) { + printf("%s\n", inj->c); + inj++; + } + } else if(g->start != inj->start) { + if(missingAddr) { + /* some databases do not include IP address + representation (but number only) */ + char bs[128]; + char be[128]; + qos_geo_long2str(bs, g->start); + qos_geo_long2str(be, g->end); + printf("\"%s\",\"%s\",%s", bs, be, buf); + } + } + if(!missingAddr) { + printf("%s", buf); + } + } + strncpy(g->country, &line[ma[3].rm_so], 2); + if(last) { + if(g->start < last->start) { + *msg = apr_psprintf(pool, "wrong order/lines not sorted (line %d)", lines); + (*errors)++; + if(m_verbose) { + fprintf(stderr, "line %d: wrong order/lines not sorted\n", lines); + } + } + } + if(plus) { + line[ma[4].rm_eo] = '\0'; + strncpy(g->c, &line[ma[4].rm_so], 500); + } + last = g; + g++; + } + } + } + fclose(file); + return geo; +} + +int main(int argc, const char * const argv[]) { + int errors = 0; + int rc; + int stat = 0; + const char *ip = NULL; + char *msg = NULL; + qos_geo_t *geo; + int size; + const char *db = NULL; + apr_table_t *entries; + apr_pool_t *pool; + const char *cmd = strrchr(argv[0], '/'); + apr_app_initialize(&argc, &argv, NULL); + apr_pool_create(&pool, NULL); + entries = apr_table_make(pool, 100); + + if(cmd == NULL) { + cmd = (char *)argv[0]; + } else { + cmd++; + } + + argc--; + argv++; + while(argc >= 1) { + if(strcmp(*argv, "-d") == 0) { + if (--argc >= 1) { + db = *(++argv); + } + } else if(strcmp(*argv, "-ip") == 0) { + if (--argc >= 1) { + ip = *(++argv); + } + } else if(strcmp(*argv, "-s") == 0) { + stat = 1; + } else if(strcmp(*argv, "-l") == 0) { + m_inject = 1; + } else if(strcmp(*argv, "-v") == 0) { + m_verbose = 1; + } else if(strcmp(*argv,"-h") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"--help") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"-?") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"--man") == 0) { + usage(cmd, 1); + } else { + usage(cmd, 0); + } + argc--; + argv++; + } + + if(db == NULL) { + usage(cmd, 0); + } + + rc = nice(10); + if(rc == -1) { + fprintf(stderr, "ERROR, failed to change nice value: %s\n", strerror(errno)); + } + + geo = qos_loadgeo(pool, db, &size, &msg, &errors); + if(geo == NULL || msg != NULL) { + if(msg) { + char *p = msg; + while(p[0]) { + if(p[0] < 32) { + p[0] = '.'; + } + p++; + } + } + fprintf(stderr, "failed to load database: %s (total %d errors)\n", + msg ? msg : "-", errors); + exit(1); + } + if(m_inject) { + exit(0); + } + + if(ip) { + qos_geo_t *pB; + unsigned long search = qos_geo_str2long(pool, ip); + printf("search %lu: ", search); + pB = bsearch(&search, + geo, + size, + sizeof(qos_geo_t), + qos_geo_comp); + if(pB) { + printf("%s\n", pB->country); + } else { + printf("n/a\n"); + } + return 0; + } + + // start reading from stdin + { + char prev; + qos_geo_t *pB; + apr_pool_t *tmp; + char *line = calloc(1, MAX_LINE_BUFFER+1); + regex_t preg; + regex_t preg2; + regmatch_t ma[MAX_REG_MATCH]; + apr_pool_create(&tmp, NULL); + if(regcomp(&preg, IPPATTERN, REG_EXTENDED)) { + exit(1); + } + regcomp(&preg2, IPPATTERN2, REG_EXTENDED); + while(fgets(line, MAX_LINE_BUFFER, stdin) != NULL) { + int match = regexec(&preg, line, MAX_REG_MATCH, ma, 0); + if(match != 0) { + char *dx = strchr(line, ';'); + if(dx && ((dx - line) <= 15)) { + // file starts probably with <ip>; => a qslog -pc file? + match = regexec(&preg2, line, MAX_REG_MATCH, ma, 0); + } + } + if(match == 0) { + unsigned long search; + prev = line[ma[1].rm_eo]; + line[ma[1].rm_eo] = '\0'; + search = qos_geo_str2long(tmp, &line[ma[1].rm_so]); + apr_pool_clear(tmp); + pB = bsearch(&search, + geo, + size, + sizeof(qos_geo_t), + qos_geo_comp); + if(stat) { + /* creates a single statistic entry for each country (used to collect + requests per source country) */ + if(pB) { + qos_geo_stat_t *s = (qos_geo_stat_t *)apr_table_get(entries, pB->country); + if(s == NULL) { + s = apr_pcalloc(pool, sizeof(qos_geo_stat_t)); + s->num = 0; + s->c = pB->c; + apr_table_addn(entries, apr_pstrdup(pool, pB->country), (char *)s); + } + s->num++; + } + } else { + /* modifies each log line inserting the country code + */ + char cr = prev; + char delw[2]; + char delx[2]; + delw[1] = '\0'; + delw[0] = ' '; + delx[1] = '\0'; + delx[0] = ' '; + if(line[ma[1].rm_eo+1] == ' ') { + delx[0] = '\0'; + } + if(line[ma[1].rm_eo+1] == ';') { + delx[0] = ';'; + } + if(prev <= CR) { + prev = ' '; + } + if(prev == ' ') { + delw[0] = '\0'; + } + if(prev == ';') { + delw[0] = '\0'; + delx[0] = ';'; + } + if(pB) { + printf("%s%c%s%s%s%s", line, prev, + delw, + pB->country, + delx, + &line[ma[1].rm_eo+1]); + } else { + printf("%s%c%s--%s%s", line, prev, + delw, + delx, + &line[ma[1].rm_eo+1]); + } + if(cr <= CR) { + printf("\n"); + } + } + } else { + printf("%s", line); + } + fflush(stdout); + } + if(stat) { + int i; + apr_table_entry_t *entry = (apr_table_entry_t *)apr_table_elts(entries)->elts; + for(i = 0; i < apr_table_elts(entries)->nelts; i++) { + qos_geo_stat_t *s = (qos_geo_stat_t *)entry[i].val; + printf("%7.d %s %s\n", s->num, entry[i].key, s->c ? s->c : ""); + } + } + } + return 0; +} diff --git a/tools/src/qsgrep.c b/tools/src/qsgrep.c new file mode 100644 index 0000000..5b2c654 --- /dev/null +++ b/tools/src/qsgrep.c @@ -0,0 +1,301 @@ +/* -*-mode: c; indent-tabs-mode: nil; c-basic-offset: 2; -*- + */ +/** + * Filter utility for the quality of service module mod_qos. + * + * qsgrep.c: simple tool to search patterns within files + * + * See http://mod-qos.sourceforge.net/ for further details. + * + * Copyright (C) 2023 Pascal Buchbinder + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +static const char revision[] = "$Id: qsgrep.c 2654 2022-05-13 09:12:42Z pbuchbinder $"; + +/* system */ +#include <stdio.h> +#include <errno.h> +#include <string.h> + +#include <stdlib.h> +#include <unistd.h> +#include <time.h> + +/* apr */ +#include <apr.h> +#include <apr_strings.h> +#include <apr_file_io.h> +#include <apr_time.h> +#include <apr_getopt.h> +#include <apr_general.h> +#include <apr_lib.h> +#include <apr_portable.h> +#include <apr_support.h> + +#define PCRE2_CODE_UNIT_WIDTH 8 +#include <pcre2.h> + +#include "qs_util.h" + +#ifndef POSIX_MALLOC_THRESHOLD +#define POSIX_MALLOC_THRESHOLD (10) +#endif + +/* same as APR_SIZE_MAX which doesn't appear until APR 1.3 */ +#define QSUTIL_SIZE_MAX (~((apr_size_t)0)) + +typedef struct { + int rm_so; + int rm_eo; +} regmatch_t; + +static void usage(char *cmd, int man) { + if(man) { + //.TH [name of program] [section number] [center footer] [left footer] [center header] + printf(".TH %s 1 \"%s\" \"mod_qos utilities %s\" \"%s man page\"\n", qs_CMD(cmd), man_date, + man_version, cmd); + } + printf("\n"); + if(man) { + printf(".SH NAME\n"); + } + qs_man_print(man, "%s - prints matching patterns within a file.\n", cmd); + printf("\n"); + if(man) { + printf(".SH SYNOPSIS\n"); + } + qs_man_print(man, "%s%s -e <pattern> -o <sub string> [<path>]\n", man ? "" : "Usage: ", cmd); + printf("\n"); + if(man) { + printf(".SH DESCRIPTION\n"); + } else { + printf("Summary\n"); + } + qs_man_print(man, "%s is a simple tool to search patterns within files.\n", cmd); + qs_man_print(man, "It uses regular expressions to find patterns and prints the\n"); + qs_man_print(man, "submatches within a pre-defined format string.\n"); + printf("\n"); + if(man) { + printf(".SH OPTIONS\n"); + } else { + printf("Options\n"); + } + if(man) printf(".TP\n"); + qs_man_print(man, " -e <pattern>\n"); + if(man) printf("\n"); + qs_man_print(man, " Specifies the search pattern.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -o <string>\n"); + if(man) printf("\n"); + qs_man_print(man, " Defines the output string where $0-$9 are substituted by the\n"); + qs_man_print(man, " submatches of the regular expression.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " <path>\n"); + if(man) printf("\n"); + qs_man_print(man, " Defines the input file to process. %s reads from\n", cmd); + qs_man_print(man, " from standard input if this parameter is omitted.\n"); + printf("\n"); + printf("\n"); + if(man) { + printf(".SH EXAMPLE\n"); + qs_man_println(man, "Shows the IP addresses of clients causing mod_qos(031) messages):\n"); + printf("\n"); + } else { + printf("Example (shows the IP addresses of clients causing mod_qos(031) messages):\n"); + } + qs_man_println(man, " %s -e 'mod_qos\\(031\\).*, c=([a-zA-Z0-9:.]*)' -o 'ip=$1' error_log\n", cmd); + printf("\n"); + if(man) { + printf(".SH SEE ALSO\n"); + printf("qsdt(1), qsexec(1), qsfilter2(1), qsgeo(1), qshead(1), qslog(1), qslogger(1), qspng(1), qsre(1), qsrespeed(1), qsrotate(1), qssign(1), qstail(1)\n"); + printf(".SH AUTHOR\n"); + printf("Pascal Buchbinder, http://mod-qos.sourceforge.net/\n"); + } else { + printf("See http://mod-qos.sourceforge.net/ for further details.\n"); + } + if(man) { + exit(0); + } else { + exit(1); + } +} + +/* + * Substitutes for $0-$9 within the matching string. + * See ap_pregsub(). + */ +char *qs_pregsub(apr_pool_t *pool, const char *input, + const char *source, size_t nmatch, + qs_regmatch_t pmatch[]) { + const char *src = input; + char *dest, *dst; + char c; + size_t no; + int len; + if(!source) { + return NULL; + } + if(!nmatch) { + return apr_pstrdup(pool, src); + } + /* First pass, find the size */ + len = 0; + while((c = *src++) != '\0') { + if(c == '&') + no = 0; + else if (c == '$' && apr_isdigit(*src)) + no = *src++ - '0'; + else + no = 10; + + if (no > 9) { /* Ordinary character. */ + if (c == '\\' && (*src == '$' || *src == '&')) + src++; + len++; + } + else if (no < nmatch && pmatch[no].rm_so < pmatch[no].rm_eo) { + if(QSUTIL_SIZE_MAX - len <= pmatch[no].rm_eo - pmatch[no].rm_so) { + fprintf(stderr, "ERROR, integer overflow or out of memory condition"); + return NULL; + } + len += pmatch[no].rm_eo - pmatch[no].rm_so; + } + + } + dest = dst = apr_pcalloc(pool, len + 1); + /* Now actually fill in the string */ + src = input; + while ((c = *src++) != '\0') { + if (c == '&') + no = 0; + else if (c == '$' && apr_isdigit(*src)) + no = *src++ - '0'; + else + no = 10; + + if (no > 9) { /* Ordinary character. */ + if (c == '\\' && (*src == '$' || *src == '&')) + c = *src++; + *dst++ = c; + } + else if (no < nmatch && pmatch[no].rm_so < pmatch[no].rm_eo) { + len = pmatch[no].rm_eo - pmatch[no].rm_so; + memcpy(dst, source + pmatch[no].rm_so, len); + dst += len; + } + } + *dst = '\0'; + return dest; +} + +int main(int argc, const char * const argv[]) { + unsigned long nr = 0; + char line[32768]; + FILE *file = 0; + apr_pool_t *pool; + char *cmd = strrchr(argv[0], '/'); + const char *out = NULL; + const char *pattern = NULL; + const char *filename = NULL; + qs_regex_t *preg; + qs_regmatch_t regm[QS_MAX_REG_MATCH]; + apr_app_initialize(&argc, &argv, NULL); + apr_pool_create(&pool, NULL); + + if(cmd == NULL) { + cmd = (char *)argv[0]; + } else { + cmd++; + } + + argc--; + argv++; + while(argc >= 1) { + if(strcmp(*argv,"-e") == 0) { + if (--argc >= 1) { + pattern = *(++argv); + } + } else if(strcmp(*argv,"-o") == 0) { + if (--argc >= 1) { + out = *(++argv); + } + } else if(strcmp(*argv,"-h") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"-?") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"-help") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"--man") == 0) { + usage(cmd, 1); + } else { + filename = *argv; + } + argc--; + argv++; + } + + if(pattern == NULL || out == NULL) { + usage(cmd, 0); + } + + if(nice(10) == -1) { + fprintf(stderr, "ERROR, failed to change nice value: %s\n", strerror(errno)); + } + + preg = apr_palloc(pool, sizeof(qs_regex_t)); + if(qs_regcomp(preg, pattern, PCRE2_DOTALL) != 0) { + fprintf(stderr, "ERROR, could not compile '%s\n", pattern); + exit(1); + } + apr_pool_pre_cleanup_register(pool, preg, qs_pregfree); + + if(filename) { + file = fopen(filename, "r"); + if(!file) { + fprintf(stderr, "ERROR, could not open file\n"); + exit(1); + } + } else { + file = stdin; + } + + while(fgets(line, sizeof(line), file) != NULL) { + size_t len = strlen(line); + nr++; + if(qs_regexec_len(preg, line, len, QS_MAX_REG_MATCH, regm, 0) >= 0) { + apr_pool_t *subpool; + char *replaced; + apr_pool_create(&subpool, pool); + replaced = qs_pregsub(subpool, out, line, QS_MAX_REG_MATCH, regm); + if(!replaced) { + fprintf(stderr, "ERROR, failed to substitute submatches (line=%lu)\n", nr); + } else { + printf("%s\n", replaced); + fflush(stdout); + } + apr_pool_destroy(subpool); + } + } + + if(filename) { + fclose(file); + } + apr_pool_destroy(pool); + return 0; +} diff --git a/tools/src/qshead.c b/tools/src/qshead.c new file mode 100644 index 0000000..49130ad --- /dev/null +++ b/tools/src/qshead.c @@ -0,0 +1,132 @@ +/* -*-mode: c; indent-tabs-mode: nil; c-basic-offset: 2; -*- + */ +/** + * Utilities for the quality of service module mod_qos. + * + * qshead.c: Shows the beginning of a log file stopping at the provided pattern. + * + * See http://mod-qos.sourceforge.net/ for further + * details. + * + * Copyright (C) 2023 Pascal Buchbinder + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +static const char revision[] = "$Id: qshead.c 2654 2022-05-13 09:12:42Z pbuchbinder $"; + +#include <stdio.h> +#include <unistd.h> +#include <string.h> +#include <stdlib.h> +#include <signal.h> + +#include "qs_util.h" + +static void usage(char *cmd, int man) { + if(man) { + //.TH [name of program] [section number] [center footer] [left footer] [center header] + printf(".TH %s 1 \"%s\" \"mod_qos utilities %s\" \"%s man page\"\n", qs_CMD(cmd), man_date, + man_version, cmd); + } + printf("\n"); + if(man) { + printf(".SH NAME\n"); + } + qs_man_print(man, "%s - an utility reading from stdin and printing all" + " lines to stdout until" + " reaching the defined pattern.\n", cmd); + printf("\n"); + if(man) { + printf(".SH SYNOPSIS\n"); + } + qs_man_print(man, "%s%s -p <pattern>\n", man ? "" : "Usage: ", cmd); + printf("\n"); + if(man) { + printf(".SH DESCRIPTION\n"); + } else { + printf("Summary\n"); + } + qs_man_print(man, " %s reads lines from stdin and prints them to stdout until a line contains\n", cmd); + qs_man_print(man, " the specified pattern (literal string).\n"); + printf("\n"); + if(man) { + printf(".SH OPTIONS\n"); + } else { + printf("Options\n"); + } + if(man) printf(".TP\n"); + qs_man_print(man, " -p <pattern>\n"); + if(man) printf("\n"); + qs_man_print(man, " Search pattern (literal string).\n"); + printf("\n"); + if(man) { + printf(".SH SEE ALSO\n"); + printf("qsdt(1), qsexec(1), qsfilter2(1), qsgeo(1), qsgrep(1), qslog(1), qslogger(1), qspng(1), qsre(1), qsrespeed(1), qsrotate(1), qssign(1) qstail(1)\n"); + printf(".SH AUTHOR\n"); + printf("Pascal Buchbinder, http://mod-qos.sourceforge.net/\n"); + } else { + printf("See http://mod-qos.sourceforge.net/ for further details.\n"); + } + if(man) { + exit(0); + } else { + exit(1); + } +} + +int main(int argc, const char * const argv[]) { + char line[32768]; + const char *pattern = NULL; + char *cmd = strrchr(argv[0], '/'); + int status = 0; + if(cmd == NULL) { + cmd = (char *)argv[0]; + } else { + cmd++; + } + + argc--; + argv++; + while(argc >= 1) { + if(strcmp(*argv,"-p") == 0) { + if (--argc >= 1) { + pattern = *(++argv); + } + } else if(strcmp(*argv,"-?") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"-help") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"--man") == 0) { + usage(cmd, 1); + } + argc--; + argv++; + } + + if(pattern == NULL) { + usage(cmd, 0); + } + + while(fgets(line, sizeof(line), stdin) != NULL) { + printf("%s", line); + if(strstr(line, pattern)) { + return status; + } + } + return status; +} diff --git a/tools/src/qslog.c b/tools/src/qslog.c new file mode 100644 index 0000000..da476f8 --- /dev/null +++ b/tools/src/qslog.c @@ -0,0 +1,2681 @@ +/* -*-mode: c; indent-tabs-mode: nil; c-basic-offset: 2; -*- + */ + +/** + * Utilities for the quality of service module mod_qos. + * + * qslog.c: Real time access log data correlation. + * + * See http://mod-qos.sourceforge.net/ for further + * details. + * + * Copyright (C) 2023 Pascal Buchbinder + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +static const char revision[] = "$Id: qslog.c 2654 2022-05-13 09:12:42Z pbuchbinder $"; + +#include <stdio.h> +#include <string.h> +#include <sys/stat.h> +#include <errno.h> +#include <stdarg.h> +#include <ctype.h> + +#include <stdlib.h> +#include <unistd.h> +#include <pthread.h> +#include <pwd.h> + +#include <regex.h> +#include <time.h> + +/* apr */ +#include <apr.h> +#include <apr_portable.h> +#include <apr_support.h> +#include <apr_strings.h> + +#define PCRE2_CODE_UNIT_WIDTH 8 +#include <pcre2.h> + +#include "qs_util.h" + +/* ---------------------------------- + * definitions + * ---------------------------------- */ +#define ACTIVE_TIME 600 /* how long is a client "active" (ip addresses seen in the log) */ +#define LOG_INTERVAL 60 /* log interval ist 60 sec, don't change this value */ +#define QS_GC_INTERVAL 10 +#define LOG_DET ".detailed" +#define RULE_DELIM ':' +#define MAX_CLIENT_ENTRIES 25000 +#define MAX_EVENT_ENTRIES 50000 +#define NUM_EVENT_TABLES 8 +#define QS_GENERATIONS 14 +#define EVENT_DELIM ',' +#define QSEVENTPATH "QSEVENTPATH" /* variable name to find event definitions */ +#define QSCOUNTERPATH "QSCOUNTERPATH" /* counter rule definitions */ +#define COUNTER_PATTERN "([a-zA-Z0-9_]+):([a-zA-Z0-9_]+)[-]([0-9]+)[*]([a-zA-Z0-9_]+)[/]([0-9]+)=([0-9]+)" + +/* ---------------------------------- + * structures + * ---------------------------------- */ + +typedef struct { + const char *name; + int limit; + int count; + int total; + time_t start; + int duration; + const char *inc; + const char *dec; + int decVal; +} counter_rec_t; + +typedef struct { + unsigned long long lines; + unsigned long long ms; + unsigned long long pivot[21]; +} duration_t; + +typedef struct { + long request_count; + long status_1; + long status_2; + long status_3; + long status_4; + long status_5; + long long duration_count_ms; +} url_rec_t; + +typedef struct { + long request_count; + long error_count; + long long byte_count; + long long duration; + long long duration_count_ms; + long duration_0; + long duration_1; + long duration_2; + long duration_3; + long duration_4; + long duration_5; + long duration_6; + long status_1; + long status_2; + long status_3; + long status_4; + long status_5; + long status_304; + long connections; + unsigned long max; + apr_table_t *events; + apr_table_t *counters; + apr_pool_t *pool; + long get; + long post; + long html; + long img; + long cssjs; + long other; + time_t start_s; + time_t end_s; + long firstLine; + long lastLine; +} client_rec_t; + +typedef struct stat_rec_st { + // id + char *id; + regex_t preg; + struct stat_rec_st *next; + + // counters + long line_count; + long long i_byte_count; + long long byte_count; + long long duration_count; + long long duration_count_ms; + long duration_49; + long duration_99; + long duration_499; + long duration_999; + long duration_0; + long duration_1; + long duration_2; + long duration_3; + long duration_4; + long duration_5; + long duration_6; + long connections; + + unsigned long long sum; + unsigned long long average; + long average_count; + unsigned long long averAge; + long averAge_count; + unsigned long max; + + duration_t total; + + long status_1; + long status_2; + long status_3; + long status_4; + long status_5; + + long qos_V; + long qos_v; + long qos_s; + long qos_d; + long qos_k; + long qos_t; + long qos_l; + long qos_ser; + long qos_a; + long qos_u; + + apr_table_t *events; + apr_pool_t *pool; +} stat_rec_t; + +typedef struct qs_event_st { + char *id; /**< id, e.g. ip address or client correlator string */ + time_t time; /**< last update, used for expiration */ + long count; /**< event count/updates */ +} qs_event_t; + +/* ---------------------------------- + * global stat counter + * ---------------------------------- */ +static stat_rec_t* m_stat_rec; +static stat_rec_t* m_stat_sub = NULL; + +static time_t m_qs_expiration = 60 * 10; + +static apr_table_t *m_ip_list[NUM_EVENT_TABLES]; /* IP session store */ +static int m_ip_log_max = 0; /* already reached store limit */ +static apr_table_t *m_user_list[NUM_EVENT_TABLES]; /* user session store */ +static int m_usr_log_max = 0; /* already reached store limit */ +static int m_hasGC = 0; /* sep. gc thread or not */ +static qs_event_t **m_gc_event_list = NULL; /* list of entries to delete */ + +/* output file */ +static FILE *m_f = NULL; +static FILE *m_f2 = NULL; +static char m_file_name[MAX_LINE]; +static char m_file_name2[MAX_LINE]; +static int m_rotate = 0; +static int m_generations = QS_GENERATIONS; +/* regex to search the time string */ +static regex_t m_trx_access; +static regex_t m_trx_j; +static regex_t m_trx_g; +/* real time mode (default) or offline */ +static int m_off = 0; +static int m_offline = 0; +static int m_offline_s = 0; +static int m_offline_data = 0; +static char m_date_str[MAX_LINE]; +static int m_mem = 0; +static int m_avms = 0; +static int m_ct = 0; +static int m_customcounter = 0; +static apr_table_t *m_client_entries = NULL; +static int m_max_entries = 0; +static int m_offline_count = 0; +static apr_table_t *m_url_entries = NULL; +static int m_offline_url = 0; +static int m_offline_url_cropped = 0; +static int m_methods = 0; +/* debug/offline */ +static long m_lines = 0; +static int m_verbose = 0; +/* enable/disable event counter */ +static int m_hasEV = 0; + +/* events ----------------------------------------------------- */ +/* + * sets the expiration for events + */ +void qs_setExpiration(time_t sec) { + m_qs_expiration = sec; +} + +/* + * creates a new event entry + */ +static qs_event_t *qs_newEvent(const char *id) { + qs_event_t *ev = calloc(sizeof(qs_event_t), 1); + ev->id = calloc(strlen(id) + 1, 1); + strcpy(ev->id, id); + qs_time(&ev->time); + ev->count = 1; + return ev; +} + +/* + * deletes an event + */ +void qs_freeEvent(qs_event_t *ev) { + free(ev->id); + free(ev); +} + +/** + * Defines in which of the NUM_EVENT_TABLES session stores + * the id shall be added. + * + * @param str Session ID to store + * @return The id of the storage table (0 <= n < NUM_EVENT_TABLES) + */ +static int qs_tableSelector(const char *str) { + int num = 0; + int len = strlen(str); + if(len > 3) { + if(str[len-1] == '=' || + str[len-1] == '\'' || + str[len-1] == '"') { + len--; + } + } + if(str[0] % 2 == 1) { + num += 1; + } + if(len > 1) { + if(str[len-1] % 2 == 1) { + num += 2; + } + if(len > 2) { + if(str[len-2] % 2 == 1) { + num += 4; + } + } + } + return num; +} + +/** + * Inserts an event entry and deletes expired. + * + * @param l_qs_event Pointer to the event list. + * @param id Identifier, e.g. IP address or user tracking cookie + * @param type which counter is used (either 'I' or 'U') + * @return event counter (number of updates) for the provided id + */ +static long qs_insertEventT(apr_table_t **list0, const char *id, const char *type) { + qs_event_t *lp; + int select = qs_tableSelector(id); + apr_table_t *list = list0[select]; + lp = (qs_event_t *)apr_table_get(list, id); + if(lp) { + // exists + qs_time(&lp->time); + lp->count++; + return lp->count; + } + if(apr_table_elts(list)->nelts >= MAX_EVENT_ENTRIES) { + if((type[0] == 'I' && m_ip_log_max == 0) || + (type[0] == 'U' && m_usr_log_max == 0)) { + char time_string[1024]; + time_t tm = time(NULL); + struct tm *ptr = localtime(&tm); + strftime(time_string, sizeof(time_string), "%a %b %d %H:%M:%S %Y", ptr); + fprintf(stderr, "[%s] [notice] qslog: reached event (%s) count limit\n", + time_string, type); + if(type[0] == 'I') { + m_ip_log_max = 1; + } + if(type[0] == 'U') { + m_usr_log_max = 1; + } + } + return 0; + } + lp = qs_newEvent(id); + apr_table_setn(list, lp->id, (char *)lp); + return lp->count; +} + +/** + * deletes expired events + */ +static void gcTable(apr_table_t *list) { + int max = 0; + int i; + apr_table_entry_t *entry; + time_t gmt_time; + qs_time(&gmt_time); + + if(m_hasGC) { + qs_csLock(); + } + // collect expired events... + entry = (apr_table_entry_t *) apr_table_elts(list)->elts; + for(i = 0; i < apr_table_elts(list)->nelts; i++) { + qs_event_t *lp = (qs_event_t *)entry[i].val; + if(lp->time < (gmt_time - m_qs_expiration)) { + m_gc_event_list[max] = lp; + max++; + } + } + // ...remove... + for(i = 0; i < max; i++) { + if(m_hasGC) { + /* we don't want to hold a lock for a long time + => temp release the lock letting the pipe-buffer recover */ + if(i % 10 == 9) { + qs_csUnLock(); + // wait 1ms + apr_sleep(1000); + qs_csLock(); + } + } + apr_table_unset(list, m_gc_event_list[i]->id); + } + if(m_hasGC) { + qs_csUnLock(); + } + + // ...and delete them + for(i = 0; i < max; i++) { + qs_freeEvent(m_gc_event_list[i]); + } +} + +/** + * Returns the number of events + * + * @param event table + * @return Number of entries + */ +static long qs_countEventT(apr_table_t **list) { + int count = 0; + int t; + if(!m_hasGC) { + for(t = 0; t < NUM_EVENT_TABLES; t++) { + gcTable(list[t]); + } + } + for(t = 0; t < NUM_EVENT_TABLES; t++) { + count += apr_table_elts(list[t])->nelts; + } + return count; +} + +/** + * Calls the event table GC + */ +static void *gcThread(void *argv) { + int t; + m_hasGC = 1; + while(1) { + sleep(QS_GC_INTERVAL); + for(t = 0; t < NUM_EVENT_TABLES; t++) { + gcTable(m_ip_list[t]); + gcTable(m_user_list[t]); + } + } + return NULL; +} + +/* ------------------------------------------------------------ */ + +/** + * Helper to print an error message when terminating + * the program due to an unexpected error. + */ +static void qerror(const char *fmt,...) { + char buf[MAX_LINE]; + va_list args; + time_t t = time(NULL); + char *time_string = ctime(&t); + va_start(args, fmt); + vsprintf(buf, fmt, args); + time_string[strlen(time_string) - 1] = '\0'; + fprintf(stderr, "[%s] [error] qslog: %s\n", time_string, buf); + fflush(stderr); +} + +/* + * Similar to standard strstr() but we ignore case in this version. + * see server/util.c + */ +static char *qsstrcasestr(const char *s1, const char *s2) { + char *p1, *p2; + if (*s2 == '\0') { + /* an empty s2 */ + return((char *)s1); + } + while(1) { + for ( ; (*s1 != '\0') && (tolower(*s1) != tolower(*s2)); s1++); + if (*s1 == '\0') { + return(NULL); + } + /* found first character of s2, see if the rest matches */ + p1 = (char *)s1; + p2 = (char *)s2; + for (++p1, ++p2; tolower(*p1) == tolower(*p2); ++p1, ++p2) { + if (*p1 == '\0') { + /* both strings ended together */ + return((char *)s1); + } + } + if (*p2 == '\0') { + /* second string ended, a match */ + break; + } + /* didn't find a match here, try starting at next character in s1 */ + s1++; + } + return((char *)s1); +} + +/* + * skip an element to the next space + */ +static char *skipElement(const char* line) { + char *p = (char *)line; + /* check for quotes (double or single) */ + char delim = p[0]; + if(delim == '\'' || delim == '\"') { + p++; + // read while we found an '" '" which is not escaped + while(p[0] != 0 && + !(p[0] == delim && p[-1] != '\\' && (p[1] == '\0' || p[1] == ' '))) { + p++; + } + p++; + } else { + char *eq = NULL; + if(m_off) { + // offline mode: check for <name>='<value>' entry + eq = strstr(p, "='"); + if(eq && (eq - p) < 10) { + // near hit + p = &eq[3]; + while(p[0] != '\'' && p[0] != 0 && p[-1] != '\\') { + p++; + } + p++; + } else { + // something else... + eq=NULL; + } + } + if(!eq) { + while(p[0] != ' ' && p[0] != 0) { + p++; + } + } + } + while(p[0] == ' ') { + p++; + } + return p; +} + +/** + * Cut fp + */ +static void qsNoFloat(char *s) { + char *pn = strchr(s, '.'); + if(pn) { + pn[0] = '\0'; + } else { + pn = strchr(s, ','); + if(pn) { + pn[0] = '\0'; + } + } +} + +/** + * Strip a number. + */ +static void stripNum(char **p) { + char *s = *p; + int len; + while(s && s[0] && (s[0] < '0' || s[0] > '9')) { + s++; + } + len = strlen(s); + while(len > 0 && (s[len] < '0' || s[len] > '9')) { + s[len] = '\0'; + len--; + } + *p = s; +} + +/** + * Get and cut an element. + * + * @param line Line to parse for the next element. + * @return Pointer to the next element. + */ +static char *cutNext(char **line) { + char *c = *line; + char *p = skipElement(*line); + char delim; + *line = p; + if(p[0]) { + p--; p[0] = '\0'; + } + /* cut leading and tailing " */ + delim = c[0]; + if(delim == '\'' || delim == '\"') { + int len; + c++; + len = strlen(c); + while(len > 0 && c[strlen(c)-1] == delim) { + c[strlen(c)-1] = '\0'; + len--; + } + } + return c; +} + +/** + * Calculates the free system memory. Experimental code. + * Tested on Solaris (calling vmstat) and Linux (reading + * from /proc/meminfo). + * + * @param buf Buffer to write result to + * @sz Max. length of the buffer + */ +static void getFreeMem(char *buf, int sz) { + FILE *f = fopen("/proc/meminfo", "r"); + int mem = 0; + buf[0] = '\0'; + if(f) { + char line[MAX_LINE]; + while(!qs_getLinef(line, sizeof(line), f)) { + if(strncmp(line, "MemFree: ", 9) == 0) { + char *c = &line[9]; + char *e; + while(c[0] && ((c[0] == ' ') || (c[0] == '\t'))) c++; + e = c; + while(e[0] && (e[0] != ' ')) e++; + e[0] = '\0'; + mem = mem + atoi(c); + } + if(strncmp(line, "Cached: ", 8) == 0) { + char *c = &line[8]; + char *e; + while(c[0] && ((c[0] == ' ') || (c[0] == '\t'))) c++; + e = c; + while(e[0] && (e[0] != ' ')) e++; + e[0] = '\0'; + mem = mem + atoi(c); + } + } + fclose(f); + snprintf(buf, sz, "%d", mem); + } else { + // non linux +//#ifdef _SC_AVPHYS_PAGES +// long pageSize = sysconf(_SC_PAGESIZE); +// long freePages = sysconf(_SC_AVPHYS_PAGES); +// mem = pageSize * freePages / 1024; +// snprintf(buf, sz, "%d", mem); +//#else + /* fallback using vmstat (experimental code) */ + char vmstat[] = "/usr/bin/vmstat"; + struct stat attr; + if(stat(vmstat, &attr) == 0) { + char command[1024]; + char outfile[1024]; + snprintf(outfile, sizeof(outfile), "/tmp/qslog.%d", getpid()); + snprintf(command, sizeof(command), "%s 1 2 1>%s", vmstat, outfile); + system(command); + f = fopen(outfile, "r"); + if(f) { + char line[MAX_LINE]; + int i = 1; + while(!qs_getLinef(line, sizeof(line), f)) { + if(i == 4) { + // free memory only (ignores cache) + int j = 0; + char *p = line; + while(p && j < 4) { + p++; + p = strchr(p, ' '); + j++; + } + if(p && (j == 4)) { + char *e; + p++; + e = strchr(p, ' '); + if(e) { + e[0] = '\0'; + snprintf(buf, sz, "%s", p); + } + } + break; + } + i++; + } + fclose(f); + unlink(outfile); + } + } +//#endif + } +} + +/* value names in csv output */ +#define NRS "r/s" +#define NBS "b/s" +#define NBIS "ib/s" +#define NAV "av" +#define NAVMS "avms" + +/** + * Writes the statistic entry stat_rec to the file. + * + * @param f File to write to + * @param timeStr Time string (prefix) + * @param stat_rec Data to write + * @offline Offline mode (less data, e.g. no load) + * @param main Indicates if it is the main log or a sub entry for the detailed log + * @param av Load + * @param mem Free memory + */ +static void printStat2File(FILE *f, char *timeStr, stat_rec_t *stat_rec, + int offline, int main, + double *av, const char *mem) { + char bis[256]; + char esco[256]; + char ip[256]; + char usr[256]; + char avms[256]; + char custom[256]; + bis[0] = '\0'; + esco[0] = '\0'; + avms[0] = '\0'; + custom[0] = '\0'; + + m_ip_log_max = 0; + m_usr_log_max = 0; + + if(stat_rec->i_byte_count != -1) { + sprintf(bis, NBIS";%lld;", stat_rec->i_byte_count/LOG_INTERVAL); + } + if(main && stat_rec->connections != -1) { + sprintf(esco, "esco;%ld;", stat_rec->connections); + } + if(m_avms) { + sprintf(avms, NAVMS";%lld;", + stat_rec->duration_count_ms/(stat_rec->line_count == 0 ? 1 : stat_rec->line_count)); + // improve accuracy (rounding errors): + stat_rec->duration_count = stat_rec->duration_count_ms / 1000; + } + if(m_customcounter) { + // max len: 18446744073709551615 + sprintf(custom, "s;%llu;a;%llu;A;%llu;M;%lu;", + stat_rec->sum, + stat_rec->average / (stat_rec->average_count == 0 ? 1 : stat_rec->average_count), + stat_rec->averAge / (stat_rec->averAge_count == 0 ? 1 : stat_rec->averAge_count), + stat_rec->max); + } + if(main) { + sprintf(ip, "ip;%ld;", qs_countEventT(m_ip_list)); + sprintf(usr, "usr;%ld;", qs_countEventT(m_user_list)); + } else { + ip[0] = '\0'; + usr[0] = '\0'; + } + + fprintf(f, "%s;" + "%s" + NRS";%ld;" + "req;%ld;" + NBS";%lld;" + "%s" + "%s" + "1xx;%ld;" + "2xx;%ld;" + "3xx;%ld;" + "4xx;%ld;" + "5xx;%ld;" + "%s" + NAV";%lld;", + timeStr, + main ? "" : stat_rec->id, + stat_rec->line_count/LOG_INTERVAL, + stat_rec->line_count, + stat_rec->byte_count/LOG_INTERVAL, + bis, + esco, + stat_rec->status_1, + stat_rec->status_2, + stat_rec->status_3, + stat_rec->status_4, + stat_rec->status_5, + avms, + stat_rec->duration_count/(stat_rec->line_count == 0 ? 1 : stat_rec->line_count)); + if(m_avms) { + fprintf(f, + "0-49ms;%ld;" + "50-99ms;%ld;" + "100-499ms;%ld;" + "500-999ms;%ld;", + stat_rec->duration_49, + stat_rec->duration_99, + stat_rec->duration_499, + stat_rec->duration_999); + } + fprintf(f, + "<1s;%ld;" + "1s;%ld;" + "2s;%ld;" + "3s;%ld;" + "4s;%ld;" + "5s;%ld;" + ">5s;%ld;" + "%s" + "%s" + , + stat_rec->duration_0, + stat_rec->duration_1, + stat_rec->duration_2, + stat_rec->duration_3, + stat_rec->duration_4, + stat_rec->duration_5, + stat_rec->duration_6, + ip, + usr + ); + if(m_hasEV) { + fprintf(f, + "qV;%ld;" + "qv;%ld;" + "qS;%ld;" + "qD;%ld;" + "qK;%ld;" + "qT;%ld;" + "qL;%ld;" + "qs;%ld;" + "qA;%ld;" + "qu;%ld;", + stat_rec->qos_V, + stat_rec->qos_v, + stat_rec->qos_s, + stat_rec->qos_d, + stat_rec->qos_k, + stat_rec->qos_t, + stat_rec->qos_l, + stat_rec->qos_ser, + stat_rec->qos_a, + stat_rec->qos_u); + } + fprintf(f, "%s", + custom); + stat_rec->line_count = 0; + stat_rec->byte_count = 0; + if(stat_rec->i_byte_count != -1) { + stat_rec->i_byte_count = 0; + } + if(main && (stat_rec->connections != -1)) { + stat_rec->connections = 0; + } + stat_rec->sum = 0; + stat_rec->average = 0; + stat_rec->average_count = 0; + stat_rec->averAge = 0; + stat_rec->averAge_count = 0; + stat_rec->max = 0; + stat_rec->status_1 = 0; + stat_rec->status_2 = 0; + stat_rec->status_3 = 0; + stat_rec->status_4 = 0; + stat_rec->status_5 = 0; + stat_rec->duration_count = 0; + stat_rec->duration_count_ms = 0; + stat_rec->duration_49 = 0; + stat_rec->duration_99 = 0; + stat_rec->duration_499 = 0; + stat_rec->duration_999 = 0; + stat_rec->duration_0 = 0; + stat_rec->duration_1 = 0; + stat_rec->duration_2 = 0; + stat_rec->duration_3 = 0; + stat_rec->duration_4 = 0; + stat_rec->duration_5 = 0; + stat_rec->duration_6 = 0; + stat_rec->qos_V = 0; + stat_rec->qos_v = 0; + stat_rec->qos_s = 0; + stat_rec->qos_d = 0; + stat_rec->qos_k = 0; + stat_rec->qos_t = 0; + stat_rec->qos_l = 0; + stat_rec->qos_ser = 0; + stat_rec->qos_a = 0; + stat_rec->qos_u = 0; + if(main) { + if(!offline) { + fprintf(f, "sl;%.2f;", av[0]); + if(m_mem) { + fprintf(f, "m;%s;", mem[0] ? mem : "-"); + } + } else { + m_offline_data = 0; + } + } + if(apr_table_elts(stat_rec->events)->nelts > 0) { + int i; + apr_table_entry_t *entry = (apr_table_entry_t *) apr_table_elts(stat_rec->events)->elts; + for(i = 0; i < apr_table_elts(stat_rec->events)->nelts; i++) { + const char *eventName = entry[i].key; + int *eventVal = (int *)entry[i].val; + fprintf(f, "%s;%d;", eventName, *eventVal); + (*eventVal) = 0; + } + } + fprintf(f, "\n"); +} + +/** + * updates the counter by event or status conditions + */ +static void qs_updateCounter(apr_pool_t *pool, char *E, char *S, apr_table_t *counters) { + time_t ltime; + apr_table_entry_t *entry; + int i; + if(counters == NULL) { + return; + } + if(S == 0 && E == NULL) { + return; + } + qs_time(<ime); + entry = (apr_table_entry_t *) apr_table_elts(counters)->elts; + for(i = 0; i < apr_table_elts(counters)->nelts; i++) { + counter_rec_t *c = (counter_rec_t *)entry[i].val; + if(c->start && ((c->start + c->duration) < ltime)) { + // expired + c->start = 0; + c->count = 0; + } + } + for(i = 0; i < apr_table_elts(counters)->nelts; i++) { + counter_rec_t *c = (counter_rec_t *)entry[i].val; + if(S) { + if((strncmp(c->name, "STATUS", 6) == 0) && + (strstr(c->inc, S) != NULL)) { + if(c->start == 0) { + c->start = ltime; + } + c->count++; + if(c->count == c->limit) { + c->total++; + } + } + } + if(E) { + if(strstr(c->inc, E)) { + if(c->start == 0) { + c->start = ltime; + } + c->count++; + if(strstr(c->dec, E)) { + if(c->count > c->decVal) { + c->count = c->count - c->decVal; + } else { + c->count = 0; + } + } + if(c->count == c->limit) { + c->total++; + } + } + } + } +} + +static void qs_updateEvents(apr_pool_t *pool, char *E, apr_table_t *events) { + if(!E[0]) { + return; + } + while(E) { + char *restore = NULL; + char *sep = strchr(E, EVENT_DELIM); + int *val; + if(sep) { + sep[0] = '\0'; + restore = sep; + sep++; + } + if(isalnum(E[0])) { + val = (int *)apr_table_get(events, E); + if(val) { + (*val)++; + } else { + // new event + char *name = apr_pstrdup(pool, E); + val = apr_pcalloc(pool, sizeof(int)); + (*val) = 1; + apr_table_setn(events, name, (char *)val); + } + } + E = sep; + if(restore) { + // supports multiple parsing of the event string + restore[0] = EVENT_DELIM; + } + } +} + +/** + * Reads the counter rule file, each line contains: + * <name>:<event>-<n>*<event>/<duration>=<limit> + */ +static void qsInitCounter(apr_pool_t *pool, apr_table_t *counters) { + const char *envFile = getenv(QSCOUNTERPATH); + if(envFile != NULL) { + qs_regmatch_t regm[QS_MAX_REG_MATCH]; + qs_regex_t *pcrestat = apr_palloc(pool, sizeof(qs_regex_t)); + FILE *file = fopen(envFile, "r"); + if(qs_regcomp(pcrestat, COUNTER_PATTERN, PCRE2_CASELESS) != 0) { + fprintf(stderr, "ERROR, could not compile '%s'\n", COUNTER_PATTERN); + exit(1); + } + apr_pool_pre_cleanup_register(pool, pcrestat, qs_pregfree); + if(file != NULL) { + char line[MAX_LINE]; + while(!qs_getLinef(line, sizeof(line), file)) { + if(qs_regexec_len(pcrestat, line, strlen(line), QS_MAX_REG_MATCH, regm, 0) >= 0) { + counter_rec_t *c = apr_pcalloc(pool, sizeof(counter_rec_t)); + c->name = apr_pstrndup(pool, &line[regm[1].rm_so], regm[1].rm_eo - regm[1].rm_so); + c->count = 0; + c->total = 0; + c->start = 0; + c->inc = apr_pstrndup(pool, &line[regm[2].rm_so], regm[2].rm_eo - regm[2].rm_so); + c->decVal = atoi(apr_pstrndup(pool, &line[regm[3].rm_so], regm[3].rm_eo - regm[3].rm_so)); + c->dec = apr_pstrndup(pool, &line[regm[4].rm_so], regm[4].rm_eo - regm[4].rm_so); + c->duration = atoi(apr_pstrndup(pool, &line[regm[5].rm_so], regm[5].rm_eo - regm[5].rm_so)); + c->limit = atoi(apr_pstrndup(pool, &line[regm[6].rm_so], regm[6].rm_eo - regm[6].rm_so)); + if(m_verbose) { + fprintf(stderr, "%s : %s - (%d * %s) / %d = %d\n", + c->name, c->inc, c->decVal, c->dec, c->duration, c->limit); + } + apr_table_setn(counters, c->name, (char *)c); + } + } + fclose(file); + } + } +} + +/** + * Initializes the event table by the events specified within the + * file whose path is defined by the QSEVENTPATH environment + * variable. + * File contains event names, separated by comma and/or new line. + * + * @param pool To allocate memory + * @param events Table to init + */ +static void qsInitEvent(apr_pool_t *pool, apr_table_t *events) { + const char *envFile = getenv(QSEVENTPATH); + if(envFile != NULL) { + FILE *file = fopen(envFile, "r"); + if(file != NULL) { + char line[MAX_LINE]; + while(!qs_getLinef(line, sizeof(line), file)) { + char *p = line; + char *name; + int *val; + while(p && p[0]) { + /* file contains a list of known events (comma sep. + event names on one or multiple lines) */ + char *n = strchr(p, EVENT_DELIM); + if(n) { + n[0] = '\0'; + n++; + } + name = apr_pstrdup(pool, p); + val = apr_pcalloc(pool, sizeof(int)); + (*val) = 0; + apr_table_setn(events, name, (char *)val); + p = n; + } + } + fclose(file); + } + } +} + +/** + * Creates and init new status rec + * + * @param id Identification of the id + * @param pattern Pattern to match the log data line + * @return + */ +static stat_rec_t *createRec(apr_pool_t *pool, const char *id, const char *pattern) { + stat_rec_t *rec = calloc(sizeof(stat_rec_t), 1); + rec->id = calloc(strlen(id)+2, 1); + sprintf(rec->id, "%s;", id); + rec->id[strlen(id)+1] = '\0'; + if(regcomp(&rec->preg, pattern, REG_EXTENDED)) { + qerror("failed to compile pattern %s", pattern); + exit(1); + } + rec->next = NULL; + + rec->line_count = 0; + rec->i_byte_count = -1; + rec->byte_count = 0; + rec->duration_count = 0; + rec->duration_count_ms = 0; + rec->duration_49 = 0; + rec->duration_99 = 0; + rec->duration_499 = 0; + rec->duration_999 = 0; + rec->duration_0 = 0; + rec->duration_1 = 0; + rec->duration_2 = 0; + rec->duration_3 = 0; + rec->duration_4 = 0; + rec->duration_5 = 0; + rec->duration_6 = 0; + rec->connections = -1; + + rec->sum = 0; + rec->average = 0; + rec->average_count = 0; + rec->averAge = 0; + rec->averAge_count = 0; + rec->max = 0; + + rec->total.lines = 0; + rec->total.ms = 0; + { + int p = 0; + for(p = 0; p < 21; p++) { + rec->total.pivot[p] = 0; + } + } + + rec->status_1 = 0; + rec->status_2 = 0; + rec->status_3 = 0; + rec->status_4 = 0; + rec->status_5 = 0; + + rec->qos_V = 0; + rec->qos_v = 0; + rec->qos_s = 0; + rec->qos_d = 0; + rec->qos_k = 0; + rec->qos_t = 0; + rec->qos_l = 0; + rec->qos_ser = 0; + rec->qos_a = 0; + rec->qos_u = 0; + + rec->events = apr_table_make(pool, 300); + rec->pool = pool; + qsInitEvent(pool, rec->events); + return rec; +} + +/** + * Retrieves the best matching record (longest match( + * + * @param Parameter to match, e.g. URL + * @return Matching entry (NULL if no match) + */ +static stat_rec_t *getRec(const char *value) { + regmatch_t ma[1]; + int len = 0; + stat_rec_t *r = m_stat_sub; + stat_rec_t *rec = NULL; + while(r) { + if(regexec(&r->preg, value, 1, ma, 0) == 0) { + int l = ma[0].rm_eo - ma[0].rm_so + 1; + if(l > len) { + // longest match + len = l; + rec = r; + } + } + r = r->next; + } + return rec; +} + +/** + * writes all stat data to the out file + * an resets all counters. + * + * @param timeStr + */ +static void printAndResetStat(char *timeStr) { + stat_rec_t *r = m_stat_sub; + double av[1]; + char mem[256]; + if(!m_offline) { + getloadavg(av, 1); + if(m_mem) { + getFreeMem(mem, sizeof(mem)); + } else { + mem[0] = '\0'; + } + } else { + mem[0] = '\0'; + } + qs_csLock(); + printStat2File(m_f, timeStr, m_stat_rec, m_offline, 1, av, mem); + while(r) { + printStat2File(m_f2, timeStr, r, m_offline, 0, av, mem); + r = r->next; + } + qs_csUnLock(); + fflush(m_f); + if(m_f2) { + fflush(m_f2); + } +} + +/** + * Updates the per url records + */ +static void updateUrl(apr_pool_t *pool, char *R, char *S, long tmems) { + url_rec_t *url_rec; + char *marker; + if(R == NULL) { + return; + } + if(!isalpha(R[0])) { + fprintf(stdout, "A(%ld)", m_lines); + return; + } + marker = strchr(R, ' '); + if(marker == NULL) { + fprintf(stdout, "E(%ld)", m_lines); + return; + } + marker[0] = ';'; + marker = strrchr(R, ' '); + if(marker) { + marker[0] = '\0'; + } + marker = strchr(R, '?'); + if(marker) { + marker[0] = '\0'; + } + if(m_offline_url_cropped) { + char *root = strchr(R, '/'); + marker = strrchr(R, '/'); + if(marker && marker != root) { + marker[0] = '\0'; + } + } + url_rec = (url_rec_t *)apr_table_get(m_url_entries, R); + if(url_rec == NULL) { + if(apr_table_elts(m_url_entries)->nelts >= MAX_CLIENT_ENTRIES) { + // limitation + if(!m_max_entries) { + fprintf(stderr, "\nreached max url entries (%d)\n", MAX_CLIENT_ENTRIES); + m_max_entries = 1; + } + return; + } + url_rec = apr_pcalloc(pool, sizeof(url_rec_t)); + url_rec->request_count = 0; + url_rec->status_1 = 0; + url_rec->status_2 = 0; + url_rec->status_3 = 0; + url_rec->status_4 = 0; + url_rec->status_5 = 0; + url_rec->duration_count_ms = 0; + apr_table_setn(m_url_entries, apr_pstrdup(pool, R), (char *)url_rec); + } + url_rec->request_count++; + if(S) { + if(S[0] == '1') { + url_rec->status_1++; + } else if(S[0] == '1') { + url_rec->status_1++; + } else if(S[0] == '2') { + url_rec->status_2++; + } else if(S[0] == '3') { + url_rec->status_3++; + } else if(S[0] == '4') { + url_rec->status_4++; + } else if(S[0] == '5') { + url_rec->status_5++; + } + } + url_rec->duration_count_ms += tmems; +} + +/** + * Updates the per client record + */ +static void updateClient(apr_pool_t *pool, char *T, char *t, char *D, char *S, + char *BI, char *B, char *R, char *I, char *U, char *Q, + char *E, char *k, char *C, char *M, char *ct, long tme, long tmems, + char *m) { + client_rec_t *client_rec; + const char *id = I; // ip + if(id == NULL) { + id = U; // user + } + if(id == NULL) { + return; + } + client_rec = (client_rec_t *)apr_table_get(m_client_entries, id); + if(client_rec == NULL) { + char *tid; + if(apr_table_elts(m_client_entries)->nelts >= MAX_CLIENT_ENTRIES) { + // limitation: speed (table to big) and memory + if(!m_max_entries) { + fprintf(stderr, "\nreached max client entries (%d)\n", MAX_CLIENT_ENTRIES); + m_max_entries = 1; + } + return; + } + tid = calloc(strlen(id)+1, 1); + client_rec = calloc(sizeof(client_rec_t), 1); + strcpy(tid, id); + tid[strlen(id)] = '\0'; + client_rec->request_count = 0; + client_rec->error_count = 0; + client_rec->byte_count = 0; + client_rec->duration = 0; + client_rec->duration_count_ms = 0; + client_rec->duration_0 = 0; + client_rec->duration_1 = 0; + client_rec->duration_2 = 0; + client_rec->duration_3 = 0; + client_rec->duration_4 = 0; + client_rec->duration_5 = 0; + client_rec->duration_6 = 0; + client_rec->status_1 = 0; + client_rec->status_2 = 0; + client_rec->status_3 = 0; + client_rec->status_4 = 0; + client_rec->status_5 = 0; + client_rec->status_304 = 0; + client_rec->connections = 0; + client_rec->max = 0; + client_rec->events = apr_table_make(pool, 100); + client_rec->counters = apr_table_make(pool, 10); + client_rec->pool = pool; + client_rec->get = 0; + client_rec->post = 0; + client_rec->html = 0; + client_rec->img = 0; + client_rec->cssjs = 0; + client_rec->other = 0; + qs_time(&client_rec->start_s); + client_rec->end_s = client_rec->start_s + 1; // +1 prevents div by 0 + client_rec->firstLine = m_lines; + qsInitEvent(pool, client_rec->events); + qsInitCounter(pool, client_rec->counters); + apr_table_setn(m_client_entries, tid, (char *)client_rec); + } else { + qs_time(&client_rec->end_s); + } + client_rec->lastLine = m_lines; + client_rec->request_count++; + client_rec->duration += tme; + client_rec->duration_count_ms += tmems; + if(k != NULL) { + if(k[0] == '0' && k[1] == '\0') { + client_rec->connections++; + } + } + if(tme < 1) { + client_rec->duration_0++; + } else if(tme == 1) { + client_rec->duration_1++; + } else if(tme == 2) { + client_rec->duration_2++; + } else if(tme == 3) { + client_rec->duration_3++; + } else if(tme == 4) { + client_rec->duration_4++; + } else if(tme == 5) { + client_rec->duration_5++; + } else { + client_rec->duration_6++; + } + if(B != NULL) { + client_rec->byte_count += atol(B); + } + if(ct) { + if(qsstrcasestr(ct, "html")) { + client_rec->html++; + } else if(qsstrcasestr(ct, "image")) { + client_rec->img++; + } else if(qsstrcasestr(ct, "css")) { + client_rec->cssjs++; + } else if(qsstrcasestr(ct, "javascript")) { + client_rec->cssjs++; + } else { + client_rec->other++; + } + } + if(M && M[0]) { + long max = atol(M); + if(max > client_rec->max) { + client_rec->max = max; + } + } + if(m) { + if(strcasecmp(m, "get") == 0) { + client_rec->get++; + } else if(strcasecmp(m, "post") == 0) { + client_rec->post++; + } + } + if(S != NULL) { + if(strcmp(S, "200") != 0 && strcmp(S, "304") != 0 && strcmp(S, "302") != 0) { + client_rec->error_count++; + } + if(S[0] == '1') { + client_rec->status_1++; + } else if(S[0] == '1') { + client_rec->status_1++; + } else if(S[0] == '2') { + client_rec->status_2++; + } else if(S[0] == '3') { + client_rec->status_3++; + if(S[1] == '0' && S[2] == '4') { + client_rec->status_304++; + } + } else if(S[0] == '4') { + client_rec->status_4++; + } else if(S[0] == '5') { + client_rec->status_5++; + } + } + if(E != NULL) { + qs_updateEvents(client_rec->pool, E, client_rec->events); + } + qs_updateCounter(client_rec->pool, E, S, client_rec->counters); + return; +} + +/** + * Updates standard record + */ +static void updateRec(stat_rec_t *rec, char *T, char *t, char *D, char *S, + char *s, char *a, char *A, + char *BI, char *B, char *R, char *I, char *U, char *Q, + char *E, char *k, char *C, char *M, long tme, long tmems) { + if(Q != NULL) { + if(strchr(Q, 'V') != NULL) { + rec->qos_V++; + } + if(strchr(Q, 'v') != NULL) { + rec->qos_v++; + } + if(strchr(Q, 'S') != NULL) { + rec->qos_s++; + } + if(strchr(Q, 'D') != NULL) { + rec->qos_d++; + } + if(strchr(Q, 'K') != NULL) { + rec->qos_k++; + } + if(strchr(Q, 'T') != NULL) { + rec->qos_t++; + } + if(strchr(Q, 'L') != NULL) { + rec->qos_l++; + } + if(strchr(Q, 's') != NULL) { + rec->qos_ser++; + } + if(strchr(Q, 'A') != NULL) { + rec->qos_a++; + } + if(strchr(Q, 'u') != NULL) { + rec->qos_u++; + } + } + if(E != NULL) { + qs_updateEvents(rec->pool, E, rec->events); + } + if(I != NULL) { + /* update/store client IP */ + qs_insertEventT(m_ip_list, I, "I"); + } + if(U != NULL) { + /* update/store user */ + qs_insertEventT(m_user_list, U, "U"); + } + if(B != NULL) { + /* transferred bytes */ + rec->byte_count += atoi(B); + } + if(BI != NULL) { + /* transferred bytes */ + rec->i_byte_count += atoi(BI); + } + if(k != NULL) { + if(k[0] == '0' && k[1] == '\0') { + rec->connections++; + } + } + if(s != NULL) { + rec->sum += atol(s); + } + if(a != NULL && a[0]) { + rec->average += atol(a); + rec->average_count++; + } + if(A != NULL && A[0]) { + rec->averAge += atol(A); + rec->averAge_count++; + } + if(M && M[0]) { + long max = atol(M); + if(max > rec->max) { + rec->max = max; + } + } + + if(S != NULL) { + if(S[0] == '1') { + rec->status_1++; + } else if(S[0] == '1') { + rec->status_1++; + } else if(S[0] == '2') { + rec->status_2++; + } else if(S[0] == '3') { + rec->status_3++; + } else if(S[0] == '4') { + rec->status_4++; + } else if(S[0] == '5') { + rec->status_5++; + } + } + if(T != NULL || t != NULL || D != NULL) { + /* response duration */ + rec->duration_count += tme; + rec->duration_count_ms += tmems; + if(m_offline_s) { + long min = 0; + long max = 50; + int p; + rec->total.lines++; + rec->total.ms += tmems; + for(p = 0; p < 20; p++) { + // 0ms <= time < 50ms etc. + if((min <= tmems) && (tmems < max)) { + rec->total.pivot[p]++; + break; + } + min = max; + max += 50; + } + if(tmems >= 1000) { + // time >= 1000ms (20x50ms) + rec->total.pivot[20]++; + } + } + if(m_avms) { + if(tmems < 49) { + rec->duration_49++; + } else if(50 <= tmems && tmems < 99) { + rec->duration_99++; + } else if(100 <= tmems && tmems < 499) { + rec->duration_499++; + } else if(500 <= tmems && tmems < 999) { + rec->duration_999++; + } + } + if(tme < 1) { + rec->duration_0++; + } else if(tme == 1) { + rec->duration_1++; + } else if(tme == 2) { + rec->duration_2++; + } else if(tme == 3) { + rec->duration_3++; + } else if(tme == 4) { + rec->duration_4++; + } else if(tme == 5) { + rec->duration_5++; + } else { + rec->duration_6++; + } + } + /* request counter */ + rec->line_count++; +} + +/* + * updates the counters based on the information + * found in the current access log line + * + * . = any string to skip till the next [space] + * T = duration + * B = bytes + * + * Example: + * 127.0.0.1 [03/Nov/2006:21:06:41 +0100] "GET /index.html HTTP/1.1" 200 2836 "Wget/1.9.1" 0 + * . . . R . T + */ +static void updateStat(apr_pool_t *pool, const char *cstr, char *line) { + stat_rec_t *rec = NULL; + char *T = NULL; /* time */ + char *t = NULL; /* time ms */ + char *D = NULL; /* time us */ + char *S = NULL; /* status */ + char *BI = NULL; /* bytes in */ + char *B = NULL; /* bytes */ + char *R = NULL; /* request line */ + char *I = NULL; /* client ip */ + char *U = NULL; /* user */ + char *Q = NULL; /* mod_qos event message */ + char *k = NULL; /* connections (keep alive requests = 0) */ + char *C = NULL; /* custom patter matching the config file */ + char *s = NULL; /* sum */ + char *a = NULL; /* average 1 */ + char *A = NULL; /* average 2 */ + char *M = NULL; /* max */ + char *E = NULL; /* events */ + char *ct = NULL; /* content type */ + char *m = NULL; /* method */ + const char *c = cstr; + char *l = line; + long tme; + long tmems; + if(!line[0]) return; + if(m_off) { + m_lines++; + } + while(c[0]) { + /* process known types */ + if(c[0] == '.') { + if(l != NULL && l[0] != '\0') { + l = skipElement(l); + } + } else if(c[0] == 'T') { + if(l != NULL && l[0] != '\0') { + T = cutNext(&l); + } + } else if(c[0] == 't') { + if(l != NULL && l[0] != '\0') { + t = cutNext(&l); + } + } else if(c[0] == 'D') { + if(l != NULL && l[0] != '\0') { + D = cutNext(&l); + } + } else if(c[0] == 'S') { + if(l != NULL && l[0] != '\0') { + S = cutNext(&l); + } + } else if(c[0] == 'B') { + if(l != NULL && l[0] != '\0') { + B = cutNext(&l); + } + } else if(c[0] == 'i') { + if(l != NULL && l[0] != '\0') { + BI = cutNext(&l); + } + } else if(c[0] == 'k') { + if(l != NULL && l[0] != '\0') { + k = cutNext(&l); + } + } else if(c[0] == 'C') { + if(l != NULL && l[0] != '\0') { + C = cutNext(&l); + } + } else if(c[0] == 'c') { + if(l != NULL && l[0] != '\0') { + ct = cutNext(&l); + } + } else if(c[0] == 'm') { + if(l != NULL && l[0] != '\0') { + m = cutNext(&l); + } + } else if(c[0] == 'R') { + if(l != NULL && l[0] != '\0') { + R = cutNext(&l); + } + } else if(c[0] == 'I') { + if(l != NULL && l[0] != '\0') { + I = cutNext(&l); + } + } else if(c[0] == 'U') { + if(l != NULL && l[0] != '\0') { + U = cutNext(&l); + } + } else if(c[0] == 'Q') { + if(l != NULL && l[0] != '\0') { + Q = cutNext(&l); + } + } else if(c[0] == 's') { + if(l != NULL && l[0] != '\0') { + s = cutNext(&l); + } + } else if(c[0] == 'a') { + if(l != NULL && l[0] != '\0') { + a = cutNext(&l); + } + } else if(c[0] == 'A') { + if(l != NULL && l[0] != '\0') { + A = cutNext(&l); + } + } else if(c[0] == 'M') { + if(l != NULL && l[0] != '\0') { + M = cutNext(&l); + } + } else if(c[0] == 'E') { + if(l != NULL && l[0] != '\0') { + E = cutNext(&l); + } + } else if(c[0] == ' ') { + /* do nothing */ + } else { + /* undefined/unknown char, skip it */ + if(l != NULL && l[0] != '\0') { + l++; + } + } + c++; + } + if(C) { + rec = getRec(C); + } + + qs_csLock(); + if(B != NULL) { + /* transferred bytes */ + stripNum(&B); + } + if(BI != NULL) { + /* transferred bytes */ + stripNum(&BI); + } + if(k != NULL) { + stripNum(&k); + } + if(S != NULL) { + stripNum(&S); + } + if(s != NULL) { + stripNum(&s); + qsNoFloat(s); + } + if(a != NULL) { + stripNum(&a); + qsNoFloat(a); + } + if(A != NULL) { + stripNum(&A); + qsNoFloat(A); + } + if(M != NULL) { + stripNum(&M); + qsNoFloat(M); + } + + /* request duration */ + tme = 0; + tmems = 0; + if(T) { + stripNum(&T); + tme = atol(T); + } + if(t) { + stripNum(&t); + tmems= atol(t); + tme = tmems / 1000; + } + if(D) { + stripNum(&D); + tmems = atol(D); + tmems = tmems / 1000; + tme = tmems / 1000; + } + + if(m_offline_count) { + updateClient(pool, T, t, D, S, BI, B, R, I, U, Q, E, k, C, M, ct, tme, tmems, m); + } else if(m_offline_url) { + if((tmems) == 0 && (tme > 0)) { + tmems = 1000 * tme; + } + updateUrl(pool, R, S, tmems); + } else { + updateRec(m_stat_rec, T, t, D, S, s, a, A, BI, B, R, I, U, Q, E, k, C, M, tme, tmems); + if(rec) { + updateRec(rec, T, t, D, S, s, a, A, BI, B, R, I, U, Q, E, k, C, M, tme, tmems); + } + } + qs_csUnLock(); + + if(m_verbose && m_off) { + printf("[%ld] I=[%s] U=[%s] B=[%s] i=[%s] S=[%s] T=[%ld](%ld) Q=[%s] E=[%s] k=[%s] R=[%s]\n", m_lines, + I == NULL ? "(null)" : I, + U == NULL ? "(null)" : U, + B == NULL ? "(null)" : B, + BI == NULL ? "(null)" : BI, + S == NULL ? "(null)" : S, + tme, tmems, + Q == NULL ? "(null)" : Q, + E == NULL ? "(null)" : E, + k == NULL ? "(null)" : k, + R == NULL ? "(null)" : R + ); + } + line[0] = '\0'; +} + +/* + * convert month string to int + */ +static int mstr2i(const char *m) { + if(strcmp(m, "Jan") == 0) return 1; + if(strcmp(m, "Feb") == 0) return 2; + if(strcmp(m, "Mar") == 0) return 3; + if(strcmp(m, "Apr") == 0) return 4; + if(strcmp(m, "May") == 0) return 5; + if(strcmp(m, "Jun") == 0) return 6; + if(strcmp(m, "Jul") == 0) return 7; + if(strcmp(m, "Aug") == 0) return 8; + if(strcmp(m, "Sep") == 0) return 9; + if(strcmp(m, "Oct") == 0) return 10; + if(strcmp(m, "Nov") == 0) return 11; + if(strcmp(m, "Dec") == 0) return 12; + return 0; +} + +/** + * Extracts the time from the log line using the + * Apache access default time format (%t) + */ +static time_t getMinutesAccessLog(char *line, regmatch_t ma) { + time_t minutes = 0; + int buf_len = ma.rm_eo - ma.rm_so + 1; + char buf[buf_len]; + strncpy(buf, &line[ma.rm_so], ma.rm_eo - ma.rm_so); + buf[ma.rm_eo - ma.rm_so] = '\0'; + /* dd/MMM/yyyy:hh:mm:ss */ + /* cut seconds */ + buf[strlen(buf)-3] = '\0'; + /* get minutes */ + minutes = minutes + (atoi(&buf[strlen(buf)-2])); + /* cut minutes */ + buf[strlen(buf)-3] = '\0'; + /* get hours */ + minutes = minutes + (atoi(&buf[strlen(buf)-2]) * 60); + + /* store date information */ + { + char *year; + char *month; + char *day; + /* cut hours */ + buf[strlen(buf)-3] = '\0'; + year = &buf[strlen(buf)-4]; + /* cut year */ + buf[strlen(buf)-5] = '\0'; + month = &buf[strlen(buf)-3]; + /* cut month */ + buf[strlen(buf)-4] = '\0'; + day = buf; + snprintf(m_date_str, sizeof(m_date_str), "%s.%02d.%s", day, mstr2i(month), year); + } + return minutes; +} + +/** + * Extracts the time from the log line using the + * the time patterns "yyyy mm dd hh:mm:ss,mmm" or + * "yyyy mm dd hh:mm:ss.mmm" + */ +static time_t getMinutesJLog(char *line, regmatch_t ma) { + time_t minutes = 0; + int buf_len = ma.rm_eo - ma.rm_so + 1; + char buf[buf_len]; + strncpy(buf, &line[ma.rm_so], ma.rm_eo - ma.rm_so); + buf[ma.rm_eo - ma.rm_so] = '\0'; + /* yyyy mm dd hh:mm:ss,mmm */ + /* cut seconds */ + buf[strlen(buf)-7] = '\0'; + /* get minutes */ + minutes = minutes + (atoi(&buf[strlen(buf)-2])); + /* cut minutes */ + buf[strlen(buf)-3] = '\0'; + /* get hours */ + minutes = minutes + (atoi(&buf[strlen(buf)-2]) * 60); + /* store date information */ + { + char *year; + char *month; + char *day; + /* cut hours */ + buf[strlen(buf)-3] = '\0'; + day = &buf[strlen(buf)-2]; + /* cut day */ + buf[strlen(buf)-3] = '\0'; + month = &buf[strlen(buf)-2]; + /* cut month */ + buf[strlen(buf)-3] = '\0'; + year = buf; + snprintf(m_date_str, sizeof(m_date_str), "%s.%s.%s", day, month, year); + } + return minutes; +} + +/* + * gets today's time in minutes from the access log line + */ +static time_t getMinutes(char *line) { + regmatch_t ma[2]; + if(regexec(&m_trx_access, line, 1, ma, 0) == 0) { + return getMinutesAccessLog(line, ma[0]); + } + if(regexec(&m_trx_j, line, 1, ma, 0) == 0) { + return getMinutesJLog(line, ma[0]); + } + if(regexec(&m_trx_g, line, 2, ma, 0) == 0) { + time_t minutes = 0; + int len = ma[1].rm_eo - ma[1].rm_so; + char buf[len+1]; + strncpy(buf, &line[ma[1].rm_so], len); + buf[len] = '\0'; + /* hh:mm */ + buf[2] = '\0'; + minutes = atoi(buf) * 60; + minutes = minutes + atoi(&buf[3]); + return minutes; + } + // unknown format (not relevant for "-pu"/"-puc" but for "-p" mode) + if(m_offline_url == 0) { + fprintf(stdout, "F(%ld)", m_lines); + } + return 0; +} + +/* + * reads from stdin and calls updateStat() + * => used for real time analysis + */ +static void readStdin(apr_pool_t *pool, const char *cstr) { + char line[MAX_LINE]; + int line_len; + while(fgets(line, sizeof(line), stdin) != NULL) { + line_len = strlen(line) - 1; + while(line_len > 0) { // cut tailing CR/LF + if(line[line_len] >= ' ') { + break; + } + line[line_len] = '\0'; + line_len--; + } + updateStat(pool, cstr, line); + } +} + +/* + * reads from stdin and calls updateStat() + * and printAndResetStat() + * processes the time information from the + * access log lines + * => used for offline analysis + */ +static void readStdinOffline(apr_pool_t *pool, const char *cstr) { + char line[MAX_LINE]; + char buf[32]; + time_t unitTime = 0; + int line_len; + FILE *outdev = stdout; + if(m_offline_count || m_offline_url) { + outdev = stderr; + } + while(fgets(line, sizeof(line), stdin) != NULL) { + time_t l_time; + line_len = strlen(line) - 1; + while(line_len > 0) { // cut tailing CR/LF + if(line[line_len] >= ' ') { + break; + } + line[line_len] = '\0'; + line_len--; + } + l_time = getMinutes(line); + m_offline_data = 1; + if(unitTime == 0) { + unitTime = l_time; + qs_setTime(unitTime * 60); + } + if(unitTime == l_time) { + updateStat(pool, cstr, line); + } if(l_time < unitTime) { + /* leap in time... */ + updateStat(pool, cstr, line); + fprintf(outdev, "X"); + fflush(outdev); + unitTime = 0; + } else { + if(l_time > unitTime) { + if(!m_verbose) { + if(m_f != stdout) { + fprintf(outdev, "."); + fflush(outdev); + } + } + } + while(l_time > unitTime) { + unitTime++; + snprintf(buf, sizeof(buf), "%s %.2ld:%.2ld:00", m_date_str, unitTime/60, unitTime%60); + if(m_offline) { + printAndResetStat(buf); + } + qs_setTime(unitTime * 60);; + } + updateStat(pool, cstr, line); + } + } + if(m_offline_data) { + snprintf(buf, sizeof(buf), "%s %.2ld:%.2ld:00", m_date_str, unitTime/60, unitTime%60); + if(m_offline) { + printAndResetStat(buf); + } + } +} + +/* + * calls printAndResetStat() every minute + * => used for real time analysis + */ +static void *loggerThread(void *argv) { + char buf[1024]; + while(1) { + struct tm *ptr; + time_t tm = time(NULL); + time_t w = tm / LOG_INTERVAL * LOG_INTERVAL + LOG_INTERVAL; + sleep(w - tm); + + tm = time(NULL); + ptr = localtime(&tm); + strftime(buf, sizeof(buf), "%d.%m.%Y %H:%M:%S", ptr); + + printAndResetStat(buf); + if(m_rotate && m_file_name[0]) { + strftime(buf, sizeof(buf), "%H:%M", ptr); + if(strcmp(buf, "23:59") == 0) { + char arch[MAX_LINE]; + char arch2[MAX_LINE]; + strftime(buf, sizeof(buf), "%Y%m%d%H%M%S", ptr); + snprintf(arch, sizeof(arch), "%s.%s", m_file_name, buf); + snprintf(arch2, sizeof(arch), "%s.%s", m_file_name2, buf); + if(fclose(m_f) != 0) { + qerror("failed to close file '%s': %s", m_file_name, strerror(errno)); + } + if(rename(m_file_name, arch) != 0) { + qerror("failed to move file '%s': %s", arch, strerror(errno)); + } + qs_deleteOldFiles(m_file_name, m_generations); + m_f = fopen(m_file_name, "a+"); + if(m_f2) { + fclose(m_f2); + rename(m_file_name2, arch2); + qs_deleteOldFiles(m_file_name2, m_generations); + m_f2 = fopen(m_file_name2, "a+"); + } + } + } + } + return NULL; +} + +/** + * usage text + */ +static void usage(const char *cmd, int man) { + if(man) { + //.TH [name of program] [section number] [center footer] [left footer] [center header] + printf(".TH %s 1 \"%s\" \"mod_qos utilities %s\" \"%s man page\"\n", qs_CMD(cmd), man_date, + man_version, cmd); + } + printf("\n"); + if(man) { + printf(".SH NAME\n"); + } + qs_man_print(man, "%s - collects request statistics from access log data.\n", cmd); + printf("\n"); + + if(man) { + printf(".SH SYNOPSIS\n"); + } + qs_man_print(man, "%s%s -f <format_string> -o <out_file> [-p[c|u[c]] [-v]] [-x [<num>]] [-u <name>] [-m] [-c <path>]\n", man ? "" : "Usage: ", cmd); + printf("\n"); + + if(man) { + printf(".SH DESCRIPTION\n"); + } else { + printf("Summary\n"); + } + qs_man_print(man, "%s is a real time access log analyzer. It collects the data from stdin.\n", cmd); + qs_man_print(man, "The output is written to the specified file every minute and includes the\n"); + qs_man_println(man, "following entries:\n"); + qs_man_println(man, " - requests per second ("NRS")\n"); + qs_man_println(man, " - number of requests within measured time (req)\n"); + qs_man_println(man, " - bytes sent to the client per second ("NBS")\n"); + qs_man_println(man, " - bytes received from the client per second ("NBIS")\n"); + qs_man_println(man, " - response status codes within the last minute (1xx,2xx,3xx,4xx,5xx)\n"); + qs_man_println(man, " - average response duration ("NAV")\n"); + qs_man_println(man, " - average response duration in milliseconds ("NAVMS")\n"); + qs_man_println(man, " - distribution of response durations in seconds within the last minute\n"); + qs_man_print(man, " (<1s,1s,2s,3s,4s,5s,>5s)\n"); + if(man) printf("\n"); + qs_man_println(man, " - distribution of response durations faster than a second within the last minute\n"); + qs_man_print(man, " (0-49ms,50-99ms,100-499ms,500-999ms)\n"); + if(man) printf("\n"); + qs_man_println(man, " - number of established (new) connections within the measured time (esco)\n"); + qs_man_println(man, " - average system load (sl)\n"); + qs_man_println(man, " - free memory (m) (not available for all platforms)\n"); + qs_man_println(man, " - number of client ip addresses seen withn the last %d seconds (ip)\n", ACTIVE_TIME); + qs_man_println(man, " - number of different users seen withn the last %d seconds (usr)\n", ACTIVE_TIME); + qs_man_println(man, " - number of events identified by the 'E' format character\n"); + qs_man_println(man, " - number of mod_qos events within the last minute (qV=create session,\n"); + qs_man_print(man, " qv=VIP IP,qS=session pass, qD=access denied, qK=connection closed, qT=dynamic\n"); + qs_man_print(man, " keep-alive, qL=request/response slow down, qs=serialized request, \n"); + qs_man_print(man, " qA=connection abort, qU=new user tracking cookie)\n"); + printf("\n"); + + if(man) { + printf(".SH OPTIONS\n"); + } else { + printf("Options\n"); + } + if(man) printf(".TP\n"); + qs_man_print(man, " -f <format_string>\n"); + if(man) printf("\n"); + qs_man_print(man, " Defines the log data format and the positions of data\n"); + qs_man_print(man, " elements processed by this utility.\n"); + qs_man_print(man, " See to the 'LogFormat' directive of the httpd.conf file\n"); + qs_man_print(man, " to see the format definitions of the servers access log data.\n"); + if(man) printf("\n"); + qs_man_println(man, " %s knows the following elements:\n", cmd); + qs_man_println(man, " I defines the client ip address (%%h)\n"); + qs_man_println(man, " R defines the request line (%%r)\n"); + qs_man_println(man, " S defines HTTP response status code (%%s)\n"); + qs_man_println(man, " B defines the transferred bytes (%%b or %%O)\n"); + qs_man_println(man, " i defines the received bytes (%%I)\n"); + qs_man_println(man, " D defines the request duration in microseconds (%%D)\n"); + qs_man_println(man, " t defines the request duration in milliseconds (may be used instead of D)\n"); + qs_man_println(man, " T defines the request duration in seconds (may be used instead of D or t) (%%T)\n"); + qs_man_println(man, " k defines the number of keepalive requests on the connection (%%k)\n"); + qs_man_println(man, " U defines the user tracking id (%%{mod_qos_user_id}e)\n"); + qs_man_println(man, " Q defines the mod_qos_ev event message (%%{mod_qos_ev}e)\n"); + qs_man_println(man, " C defines the element for the detailed log (-c option), e.g. \"%%U\"\n"); + qs_man_println(man, " s arbitrary counter to add up (sum within a minute)\n"); + qs_man_println(man, " a arbitrary counter to build an average from (average per request)\n"); + qs_man_println(man, " A arbitrary counter to build an average from (average per request)\n"); + qs_man_println(man, " M arbitrary counter to measure the maximum value reached (peak)\n"); + qs_man_println(man, " E comma separated list of event strings\n"); + qs_man_println(man, " c content type (%%{content-type}o), available in -pc mode only\n"); + qs_man_println(man, " m request method (GET/POST) (%%m), available in -pc mode only\n"); + qs_man_println(man, " . defines an element to ignore (unknown string)\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -o <out_file>\n"); + if(man) printf("\n"); + qs_man_print(man, " Specifies the file to store the output to. stdout is used if this option\n"); + qs_man_print(man, " is not defined.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -p\n"); + if(man) printf("\n"); + qs_man_print(man, " Used for post processing when reading the log data from a file (cat/pipe).\n"); + qs_man_print(man, " %s is started using it's offline mode (extracting the time stamps from\n", cmd); + qs_man_print(man, " the log lines) in order to process existing log files.\n"); + qs_man_print(man, " The option \"-pc\" may be used alternatively if you want to gather request\n"); + qs_man_print(man, " information per client (identified by IP address (I) or user tracking id (U)\n"); + qs_man_print(man, " showing how many request each client has performed within the captured period\n"); + qs_man_print(man, " of time). \"-pc\" supports the format characters IURSBTtDkMEcm.\n"); + qs_man_print(man, " The option \"-pu\" collects statistics on a per URL level (supports format\n"); + qs_man_print(man, " characters RSTtD).\n"); + qs_man_print(man, " \"-puc\" is very similar to \"-pu\" but cuts the end (handler) of each URL.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -v\n"); + if(man) printf("\n"); + qs_man_print(man, " Verbose mode.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -x [<num>]\n"); + if(man) printf("\n"); + qs_man_print(man, " Rotates the output file once a day (move). You may specify the number of\n"); + qs_man_print(man, " rotated files to keep. Default are %d.\n", QS_GENERATIONS); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -u <name>\n"); + if(man) printf("\n"); + qs_man_print(man, " Becomes another user, e.g. www-data.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -m\n"); + if(man) printf("\n"); + qs_man_print(man, " Calculates free system memory every minute.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -c <path>\n"); + if(man) printf("\n"); + qs_man_print(man, " Enables the collection of log statistics for different request types.\n"); + qs_man_print(man, " 'path' specifies the necessary rule file. Each rule consists of a rule\n"); + qs_man_print(man, " identifier and a regular expression to identify a request seprarated\n"); + qs_man_print(man, " by a colon, e.g., 01:^(/a)|(/c). The regular expressions are matched against\n"); + qs_man_print(man, " the log data element which has been identified by the 'C' format character.\n"); + + printf("\n"); + if(man) { + printf(".SH VARIABLES\n"); + } else { + printf("Variables\n"); + } + qs_man_print(man, "The following environment variables are known to %s:\n", cmd); + if(man) printf("\n"); + if(man) printf(".TP\n"); + qs_man_print(man, " "QSEVENTPATH"=<path>\n"); + if(man) printf("\n"); + qs_man_print(man, " Defines a file containing a comma or new line separated list\n"); + qs_man_print(man, " of known event strings expected within the log filed identified\n"); + qs_man_print(man, " by the 'E' format character.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " "QSCOUNTERPATH"=<path>\n"); + if(man) printf("\n"); + qs_man_print(man, " Defines a file containing a by new line separated list of rules which\n"); + qs_man_print(man, " reflect possible QS_ClientEventLimitCount directive settings (for\n"); + qs_man_print(man, " simulation purpose / -pc option). The 'E' format character defines the event\n"); + qs_man_print(man, " string in the log to match (literal string) the 'event1' and 'event2' event\n"); + qs_man_print(man, " names against.\n"); + printf("\n"); + if(man) printf("\n"); + qs_man_print(man, " Rule syntax: <name>:<event1>-<n>*<event2>/<duration>=<limit>\n"); + printf("\n"); + qs_man_println(man, " 'name' defines the name you have given to the rule entry and is logged along with\n"); + qs_man_print(man, " with the number of times the 'limit' has been reached within the 'duration'.\n"); + if(man) printf("\n"); + qs_man_println(man, " 'event1' defines the variable name (if found in 'E') to increment the counter.\n"); + qs_man_println(man, " 'event2' defines the variable name (if found in 'E') to decrement the counter (and\n"); + qs_man_print(man, " the parameter 'n' defines by how much).\n"); + if(man) printf("\n"); + qs_man_println(man, " 'duration' defines the measure interval (in seconds) used for the\n"); + qs_man_print(man, " QS_ClientEventLimitCount directive.\n"); + if(man) printf("\n"); + qs_man_println(man, " 'limit' defines the threshold (number) defined for the QS_ClientEventLimitCount\n"); + qs_man_print(man, " directive.\n"); + if(man) printf("\n"); + printf("\n"); + qs_man_print(man, " Note: If the 'name' parameter is prefixed by 'STATUS', the rule is applied against\n"); + qs_man_print(man, " the HTTP status code 'S' and the 'event1' string shall contain a list of relevant\n"); + qs_man_print(man, " status codes separated by an underscore (while 'event2' is ignored).\n"); + printf("\n"); + if(man) { + printf(".SH EXAMPLE\n"); + printf("Configuration using pipped logging:\n"); + printf("\n"); + } else { + printf("Example configuration using pipped logging:\n"); + } + qs_man_println(man, " CustomLog \"|/usr/bin/%s -f ISBDQ -x -o /var/log/apache/stat.csv\" \"%%h %%>s %%b %%D %%{mod_qos_ev}e\"\n", cmd); + printf("\n"); + if(man) { + printf("Post processing:\n"); + printf("\n"); + } else { + printf("Example for post processing:\n"); + } + qs_man_println(man, " LogFormat \"%%t %%h \\\"%%r\\\" %%>s %%b \\\"%%{User-Agent}i\\\" %%T\"\n"); + qs_man_println(man, " cat access.log | %s -f ..IRSB.T -o stat.csv -p\n", cmd); + printf("\n"); + if(man) { + printf(".SH SEE ALSO\n"); + printf("qsdt(1), qsexec(1), qsfilter2(1), qsgeo(1), qsgrep(1), qshead(1), qslogger(1), qspng(1), qsre(1), qsrespeed(1), qsrotate(1), qssign(1), qstail(1)\n"); + printf(".SH AUTHOR\n"); + printf("Pascal Buchbinder, http://mod-qos.sourceforge.net/\n"); + } else { + printf("See http://mod-qos.sourceforge.net/ for further details.\n"); + } + if(man) { + exit(0); + } else { + exit(1); + } +} + +/** + * Loads the rule files. Each rule (pattern) is prefixed by an id. + * + * @param confFile Path to the rule file to load + * @return + */ +static stat_rec_t *loadRule(apr_pool_t *pool, const char *confFile) { + char line[MAX_LINE]; + FILE *file = fopen(confFile, "r"); + stat_rec_t *rec = NULL; + stat_rec_t *prev = NULL; + stat_rec_t *next = NULL; + if(file == NULL) { + qerror("could not read file '%s': ", confFile, strerror(errno)); + exit(1); + } + while(!qs_getLinef(line, sizeof(line), file)) { + char *id = line; + char *p = strchr(line, RULE_DELIM); + if(p) { + p[0] = '\0'; + p++; + if(m_verbose) { + printf("load rule %s: %s\n", id, p); + } + next = createRec(pool, id, p); + if(rec == NULL) { + // first record + rec = next; + } + if(prev) { + // has previous, append it to the list + prev->next = next; + } else { + // sole record, no next + rec->next = NULL; + } + // prev points now to the new record + prev = next; + } + } + fclose(file); + return rec; +} + +int main(int argc, const char *const argv[]) { + const char *config = NULL; + const char *file = NULL; + const char *confFile = NULL; + const char *cmd = strrchr(argv[0], '/'); + const char *username = NULL; + pthread_attr_t *tha = NULL; + pthread_t tid; + pthread_attr_t *thagc = NULL; + pthread_t tidgc; + apr_pool_t *pool; + int t; + apr_app_initialize(&argc, &argv, NULL); + apr_pool_create(&pool, NULL); + m_stat_rec = createRec(pool, "", ""); + + for(t = 0; t < NUM_EVENT_TABLES; t++) { + m_ip_list[t] = apr_table_make(pool, 15000); + m_user_list[t] = apr_table_make(pool, 15000); + } + m_gc_event_list = calloc(MAX_EVENT_ENTRIES, sizeof(qs_event_t *)); + + qs_csInitLock(); + qs_setExpiration(ACTIVE_TIME); + if(cmd == NULL) { + cmd = argv[0]; + } else { + cmd++; + } + argc--; + argv++; + while(argc >= 1) { + if(strcmp(*argv,"-f") == 0) { /* this is the format string */ + if (--argc >= 1) { + config = *(++argv); + if(strchr(config, 'i')) { + // enable ib/s + m_stat_rec->i_byte_count = 0; + } + if(strchr(config, 'k')) { + // enable esco + m_stat_rec->connections = 0; + } + if(strchr(config, 'c')) { + // enable content type + m_ct = 1; + } + if(strchr(config, 'D') || strchr(config, 't')) { + // enable average duration in ms + m_avms = 1; + } + if(strchr(config, 'm')) { + m_methods = 1; + } + if(strchr(config, 's') || strchr(config, 'a') || strchr(config, 'A') || strchr(config, 'M')) { + // enable custom counter + m_customcounter = 1; + } + if(strchr(config, 'Q')) { + m_hasEV = 1; + } + } + } else if(strcmp(*argv,"-o") == 0) { /* this is the out file */ + if (--argc >= 1) { + file = *(++argv); + } + } else if(strcmp(*argv,"-u") == 0) { /* switch user id */ + if (--argc >= 1) { + username = *(++argv); + } + } else if(strcmp(*argv,"-c") == 0) { /* custom patterns (e.g. url pattern list, format: <id>':'<pattern>) */ + if (--argc >= 1) { + confFile = *(++argv); + } + } else if(strcmp(*argv,"-p") == 0) { /* activate offline analysis */ + m_offline = 1; + qs_set2OfflineMode(); + } else if(strcmp(*argv,"-ps") == 0) { /* activate offline analysis (inckl. summary) */ + m_offline = 1; + m_offline_s = 1; + qs_set2OfflineMode(); + } else if(strcmp(*argv,"-pc") == 0) { /* activate offline counting analysis */ + m_offline_count = 1; + qs_set2OfflineMode(); + } else if(strcmp(*argv,"-pu") == 0) { /* activate offline url analysis */ + m_offline_url = 1; + qs_set2OfflineMode(); + } else if(strcmp(*argv,"-puc") == 0) { /* activate offline url analysis */ + m_offline_url = 1; + m_offline_url_cropped = 1; + qs_set2OfflineMode(); + } else if(strcmp(*argv,"-m") == 0) { /* activate memory usage */ + m_mem = 1; + } else if(strcmp(*argv,"-v") == 0) { + m_verbose = 1; + } else if(strcmp(*argv,"-x") == 0) { /* activate log rotation */ + m_rotate = 1; + if(argc > 1) { + if(*argv[1] >= '0' && *argv[1] <= '9') { + argc--; + argv++; + m_generations = atoi(*argv); + } + } + } else if(strcmp(*argv,"-h") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"--help") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"-?") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"--man") == 0) { + usage(cmd, 1); + } else { + qerror("unknown option '%s'", *argv); + exit(1); + } + argc--; + argv++; + } + m_off = m_offline || m_offline_count || m_offline_url; + if(m_off) { + if(nice(10) == -1) { + fprintf(stderr, "ERROR, failed to change nice value: %s\n", strerror(errno)); + } + /* init time pattern regex, std apache access log "dd/MMM/yyyy:hh:mm:ss" */ + regcomp(&m_trx_access, + "[0-9]{2}/[a-zA-Z]{3}/[0-9]{4}:[0-9]{2}:[0-9]{2}:[0-9]{2}", + REG_EXTENDED); + /* other time patterns: "yyyy mm dd hh:mm:ss,mmm" or "yyyy mm dd hh:mm:ss.mmm" + resp "yyyy-mm-dd hh:mm:ss,mmm" or "yyyy-mm-dd hh:mm:ss.mmm" */ + regcomp(&m_trx_j, + "[0-9]{4}[ -]{1}[0-9]{2}[ -]{1}[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}[,.]{1}[0-9]{3}", + REG_EXTENDED); + /* fallback to generic " hh:mm:ss " pattern */ + regcomp(&m_trx_g, + " ([0-9]{2}:[0-9]{2}):[0-9]{2} ", + REG_EXTENDED); + } + + /* + * offline url mod + */ + if(m_offline_url) { + int i; + apr_table_entry_t *entry; + m_url_entries = apr_table_make(pool, MAX_CLIENT_ENTRIES + 1); + if(config == NULL) usage(cmd, 0); + readStdinOffline(pool, config); + fprintf(stderr, ".\n"); + + m_f = stdout; + if(file) { + m_f = fopen(file, "a+"); + if(!m_f) { + m_f = stdout; + } + } + entry = (apr_table_entry_t *) apr_table_elts(m_url_entries)->elts; + for(i = 0; i < apr_table_elts(m_url_entries)->nelts; i++) { + url_rec_t *url_rec = (url_rec_t *)entry[i].val; + fprintf(m_f, "req;%ld;" + "1xx;%ld;2xx;%ld;3xx;%ld;4xx;%ld;5xx;%ld;" + NAVMS";%lld;%s\n", + url_rec->request_count, + url_rec->status_1, + url_rec->status_2, + url_rec->status_3, + url_rec->status_4, + url_rec->status_5, + url_rec->request_count ? (url_rec->duration_count_ms / url_rec->request_count) : 0, + entry[i].key); + + } + if(file && m_f != stdout) { + fclose(m_f); + } + return 0; + } + + /* + * offline count mode creates statistics + * on a per client basis (e.g. per source + * ip or user id using the user tracking + * feature of mod_qos) + */ + if(m_offline_count) { + int i; + apr_table_entry_t *entry; + if(config == NULL) usage(cmd, 0); + m_client_entries = apr_table_make(pool, MAX_CLIENT_ENTRIES + 1); + readStdinOffline(pool, config); + fprintf(stderr, ".\n"); + entry = (apr_table_entry_t *) apr_table_elts(m_client_entries)->elts; + m_f = stdout; + if(file) { + m_f = fopen(file, "a+"); + if(!m_f) { + m_f = stdout; + } + } + for(i = 0; i < apr_table_elts(m_client_entries)->nelts; i++) { + client_rec_t *client_rec = (client_rec_t *)entry[i].val; + char esco[256]; + char m[256]; + /* ci (coverage index): low value indicates that we have seen the client + at the end or beginning of the file (maybe not all + requests due to log rotation) */ + long coverage = m_lines ? (client_rec->firstLine * 100 / m_lines) : 0; + long coverageend = m_lines ? (100 - ((client_rec->lastLine * 100) / m_lines)) : 0; + if(coverageend < coverage) { + coverage = coverageend; + } + esco[0] = '\0'; + if(m_stat_rec->connections != -1) { + sprintf(esco, "esco;%ld;", client_rec->connections); + } + m[0] = '\0'; + if(m_methods) { + sprintf(m, "GET;%ld;POST;%ld;", + client_rec->get, + client_rec->post); + } + if(m_avms == 0) { + // no ms available + client_rec->duration_count_ms = 1000 * client_rec->duration; + } else { + // improve accuracy (rounding errors): + client_rec->duration = client_rec->duration_count_ms / 1000; + } + fprintf(m_f, "%s;req;%ld;errors;%ld;duration;%ld;bytes;%lld;" + "1xx;%ld;2xx;%ld;3xx;%ld;4xx;%ld;5xx;%ld;304;%ld;" + "av;%lld;"NAVMS";%lld;<1s;%ld;1s;%ld;2s;%ld;3s;%ld;4s;%ld;5s;%ld;>5s;%ld;" + "%s" + "%s" + "ci;%ld;", + entry[i].key, + client_rec->request_count, + client_rec->error_count, + client_rec->end_s - client_rec->start_s, + client_rec->byte_count, + client_rec->status_1, + client_rec->status_2, + client_rec->status_3, + client_rec->status_4, + client_rec->status_5, + client_rec->status_304, + client_rec->request_count ? (client_rec->duration / client_rec->request_count) : 0, + client_rec->request_count ? (client_rec->duration_count_ms / client_rec->request_count) : 0, + client_rec->duration_0, + client_rec->duration_1, + client_rec->duration_2, + client_rec->duration_3, + client_rec->duration_4, + client_rec->duration_5, + client_rec->duration_6, + esco, + m, + coverage); + if(m_customcounter) { + fprintf(m_f, "M;%ld;", + client_rec->max); + } + if(client_rec->counters) { + int c; + apr_table_entry_t *centry = (apr_table_entry_t *) apr_table_elts(client_rec->counters)->elts; + for(c = 0; c < apr_table_elts(client_rec->counters)->nelts; c++) { + counter_rec_t *cr = (counter_rec_t *)centry[c].val; + fprintf(m_f, "%s;%d;", cr->name, cr->total); + } + } + if(m_ct) { + fprintf(m_f, "html;%ld;css/js;%ld;img;%ld;other;%ld;", + client_rec->html, + client_rec->cssjs, + client_rec->img, + client_rec->other); + } + if(apr_table_elts(client_rec->events)->nelts > 0) { + int k; + apr_table_entry_t *client_entry = (apr_table_entry_t *) apr_table_elts(client_rec->events)->elts; + for(k = 0; k < apr_table_elts(client_rec->events)->nelts; k++) { + const char *eventName = client_entry[k].key; + int *eventVal = (int *)client_entry[k].val; + fprintf(m_f, "%s;%d;", eventName, *eventVal); + (*eventVal) = 0; + } + } + fprintf(m_f, "\n"); + } + if(file && (m_f != stdout)) { + fclose(m_f); + } + return 0; + } + + /* requires at least a format string */ + if(config == NULL) usage(cmd, 0); + + qs_setuid(username, cmd); + + if(file) { + m_f = fopen(file, "a+"); + if(m_f == NULL) { + qerror("could not open file for writing '%s': %s", file, strerror(errno)); + exit(1); + } + if(strlen(file) > (sizeof(m_file_name) - strlen(".yyyymmddHHMMSS ") - strlen(LOG_DET))) { + qerror("file name too long '%s'", file); + exit(1); + } + strcpy(m_file_name, file); + } else { + m_file_name[0] = '\0'; + m_f = stdout; + } + + if(confFile) { + if(file == NULL) { + qerror("option '-c' can only be used in conjunction with option '-o'"); + exit(1); + } + snprintf(m_file_name2, sizeof(m_file_name2), "%s"LOG_DET, m_file_name); + if(strchr(config, 'C') == NULL) { + qerror("you need to add 'C' to the format string when enabling the pattern list (-c)"); + exit(1); + } + m_stat_sub = loadRule(pool, confFile); + m_f2 = fopen(m_file_name2, "a+"); + if(m_f == NULL) { + qerror("could not open file for writing '%s': %s", m_file_name2, strerror(errno)); + exit(1); + } + } + + /* + * Offline mode reads an existing log file + * adjusting a virtual clock based on + * the date string match of the log + * enties. */ + if(m_offline) { + fprintf(stderr, "[%s]: offline mode\n", cmd); + m_date_str[0] = '\0'; + readStdinOffline(pool, config); + if(!m_verbose) { + fprintf(stdout, "\n"); + } + if(m_offline_s) { + int p; + int min = 0; + int max = 50; + printf("\n"); + printf(" requests: %llu\n", m_stat_rec->total.lines); + printf(" average: %llums\n", m_stat_rec->total.ms/m_stat_rec->total.lines); + for(p = 0; p <20; p++) { + printf("%3dms - %4dms: %lld\n", min, max, m_stat_rec->total.pivot[p]); + min = max; + max += 50; + } + printf("1000ms+ : %lld\n", m_stat_rec->total.pivot[20]); + } + } else { + /* standard mode reads data from + * stdin and uses a separate thread + * to write the data every minute. + */ + pthread_create(&tid, tha, loggerThread, NULL); + pthread_create(&tidgc, thagc, gcThread, NULL); + readStdin(pool, config); + } + if(file && (m_f != stdout)) { + fclose(m_f); + } + return 0; +} diff --git a/tools/src/qslogger.c b/tools/src/qslogger.c new file mode 100644 index 0000000..3a8a0d8 --- /dev/null +++ b/tools/src/qslogger.c @@ -0,0 +1,423 @@ +/* -*-mode: c; indent-tabs-mode: nil; c-basic-offset: 2; -*- + */ +/** + * Utilities for the quality of service module mod_qos. + * + * qslogger.c: Piped logging forwarding log data to syslog + * + * See http://mod-qos.sourceforge.net/ for further + * details. + * + * Copyright (C) 2023 Pascal Buchbinder + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +static const char revision[] = "$Id: qslogger.c 2654 2022-05-13 09:12:42Z pbuchbinder $"; + +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <string.h> +#include <time.h> +#include <sys/time.h> +#include <errno.h> +#include <regex.h> +#include <syslog.h> + +#include <apr.h> +#include <apr_lib.h> + +#include "qs_util.h" + +// [Wed Mar 28 22:40:41 2012] [warn] +#define QS_DEFAULTPATTERN "^\\[[0-9a-zA-Z :]+\\] \\[([a-z]+)\\] " + +#define QS_MAX_PATTERN_MA 2 + +static int m_default_severity = LOG_NOTICE; + +/** + * Similar to standard strstr() but case insensitive and length limitation + * (string which is not 0 terminated). + * + * @param s1 String to search in + * @param s2 Pattern to ind + * @param len Length of s1 + * @return pointer to the beginning of the substring s2 within s1, or NULL + * if the substring is not found + */ +static const char *qs_strncasestr(const char *s1, const char *s2, int len) { + const char *e1 = &s1[len-1]; + char *p1, *p2; + if (*s2 == '\0') { + /* an empty s2 */ + return((char *)s1); + } + while(1) { + for ( ; (*s1 != '\0') && (s1 <= e1) && (apr_tolower(*s1) != apr_tolower(*s2)); s1++); + if (*s1 == '\0' || s1 > e1) { + return(NULL); + } + /* found first character of s2, see if the rest matches */ + p1 = (char *)s1; + p2 = (char *)s2; + for (++p1, ++p2; (apr_tolower(*p1) == apr_tolower(*p2)) && (p1 <= e1); ++p1, ++p2) { + if((p1 > e1) && (*p2 != '\0')) { + // reached the end without match + return NULL; + } + if (*p2 == '\0') { + /* both strings ended together */ + return((char *)s1); + } + } + if (*p2 == '\0') { + /* second string ended, a match */ + break; + } + /* didn't find a match here, try starting at next character in s1 */ + s1++; + } + return((char *)s1); +} + +/** + * Rerurns the priority value + * + * @param priorityname Part of the log message to search the priority in + * @param len Length of the priority string + * @return Priority, LOG_NOTICE (see m_default_severity) if provided name is not recognized. + */ +static int qsgetprio(const char *priorityname, int len) { + int p = m_default_severity; + if(!priorityname) { + return p; + } + if(qs_strncasestr(priorityname, "alert", len)) { + p = LOG_ALERT; + } else if(qs_strncasestr(priorityname, "crit", len)) { + p = LOG_CRIT; + } else if(qs_strncasestr(priorityname, "debug", len)) { + p = LOG_DEBUG; + } else if(qs_strncasestr(priorityname, "emerg", len)) { + p = LOG_EMERG; + } else if(qs_strncasestr(priorityname, "err", len)) { + p = LOG_ERR; + } else if(qs_strncasestr(priorityname, "info", len)) { + p = LOG_INFO; + } else if(qs_strncasestr(priorityname, "notice", len)) { + p = LOG_NOTICE; + } else if(qs_strncasestr(priorityname, "panic", len)) { + p = LOG_EMERG; + } else if(qs_strncasestr(priorityname, "warn", len)) { + p = LOG_WARNING; + } + return p; +} + +/** + * Extracts the severity of the message using the provided + * regular expression and determinest the priofity using + * qsgetprio(). + * + * @param preg Regular expression to extract the severity + * @param line Log fline to extract the severity from + * @return Level or LOG_NOTICE (see m_default_severity) if level could not be determined. + */ +static int qsgetlevel(regex_t preg, const char *line) { + int level = m_default_severity; + regmatch_t ma[QS_MAX_PATTERN_MA]; + if(regexec(&preg, line, QS_MAX_PATTERN_MA, ma, 0) == 0) { + int len = ma[1].rm_eo - ma[1].rm_so; + level = qsgetprio(&line[ma[1].rm_so], len); + } + return level; +} + +/* entry within the facility table */ +typedef struct { + const char* name; + int f; +} qs_f_t; + +/** + * Table of known facilities, see sys/syslog.h. + */ +static const qs_f_t qs_facilities[] = { +#ifdef LOG_AUTHPRIV + { "authpriv", LOG_AUTHPRIV }, +#endif + { "auth", LOG_AUTH }, + { "cron", LOG_CRON }, + { "daemon", LOG_DAEMON }, +#ifdef LOG_FTP + { "ftp", LOG_FTP }, +#endif + { "kern", LOG_KERN }, + { "lpr", LOG_LPR }, + { "mail", LOG_MAIL }, + { "news", LOG_NEWS }, + { "security", LOG_AUTH }, + { "syslog", LOG_SYSLOG }, + { "user", LOG_USER }, + { "uucp", LOG_UUCP }, + { "local0", LOG_LOCAL0 }, + { "local1", LOG_LOCAL1 }, + { "local2", LOG_LOCAL2 }, + { "local3", LOG_LOCAL3 }, + { "local4", LOG_LOCAL4 }, + { "local5", LOG_LOCAL5 }, + { "local6", LOG_LOCAL6 }, + { "local7", LOG_LOCAL7 }, + { NULL, -1 } +}; + +/** + * Determines the facility (user input). + * + * @param facilityname + * @return The facility id or LOG_DAEMON if the provided + * string is unknown. + */ +static int qsgetfacility(const char *facilityname) { + int f = LOG_DAEMON; + const qs_f_t *facilities = qs_facilities; + if(!facilityname) { + return f; + } + while(facilities->name) { + if(strcasecmp(facilityname, facilities->name) == 0) { + f = facilities->f; + break; + } + facilities++; + } + return f; +} + +/** + * Usage message (or man page) + * + * @param cmd + * @param man + */ +static void usage(const char *cmd, int man) { + if(man) { + //.TH [name of program] [section number] [center footer] [left footer] [center header] + printf(".TH %s 1 \"%s\" \"mod_qos utilities %s\" \"%s man page\"\n", qs_CMD(cmd), man_date, + man_version, cmd); + } + printf("\n"); + if(man) { + printf(".SH NAME\n"); + } + qs_man_print(man, "%s - another shell command interface to the system log module (syslog).\n", cmd); + printf("\n"); + if(man) { + printf(".SH SYNOPSIS\n"); + } + qs_man_print(man, "%s%s [-t <tag>] [-f <facility>] [-l <level>] [-x <prefix>] [-r <expression>] [-d <level>] [-u <name>] [-p]\n", man ? "" : "Usage: ", cmd); + printf("\n"); + if(man) { + printf(".SH DESCRIPTION\n"); + } else { + printf("Summary\n"); + } + qs_man_print(man, "Use this utility to forward log messages to the systems syslog\n"); + qs_man_print(man, "facility, e.g., to forward the messages to a remote host.\n"); + qs_man_print(man, "It reads data from stdin.\n"); + printf("\n"); + if(man) { + printf(".SH OPTIONS\n"); + } else { + printf("Options\n"); + } + if(man) printf("\n.TP\n"); + qs_man_print(man, " -t <tag>\n"); + if(man) printf("\n"); + qs_man_print(man, " Defines the tag name which shall be used to define the origin\n"); + qs_man_print(man, " of the messages, e.g. 'httpd'.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -f <facility>\n"); + if(man) printf("\n"); + qs_man_print(man, " Defines the syslog facility. Default is 'daemon'.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -u <name>\n"); + if(man) printf("\n"); + qs_man_print(man, " Becomes another user, e.g. www-data.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -l <level>\n"); + if(man) printf("\n"); + qs_man_print(man, " Defines the minimal severity a message must have in order to\n"); + qs_man_print(man, " be forwarded. Default is 'DEBUG' (forwarding everything).\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -x <prefix>\n"); + if(man) printf("\n"); + qs_man_print(man, " Allows you to add a prefix (literal string) to every message.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -r <expression>\n"); + if(man) printf("\n"); + qs_man_print(man, " Specifies a regular expression which shall be used to\n"); + qs_man_print(man, " determine the severity (syslog level) for each log line.\n"); + qs_man_print(man, " The default pattern '"QS_DEFAULTPATTERN"' can\n"); + qs_man_print(man, " be used for Apache error log messages but you may configure\n"); + qs_man_print(man, " your own pattern matching other log formats. Use brackets\n"); + qs_man_print(man, " to define the pattern enclosing the severity string.\n"); + qs_man_print(man, " Default level (if severity can't be determined) is defined by the\n"); + qs_man_print(man, " option '-d' (see below).\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -d <level>\n"); + if(man) printf("\n"); + qs_man_print(man, " The default severity if the specified pattern (-r) does not\n"); + qs_man_print(man, " match and the message's severity can't be determined. Default\n"); + qs_man_print(man, " is 'NOTICE'.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -p\n"); + if(man) printf("\n"); + qs_man_print(man, " Writes data also to stdout (for piped logging).\n"); + printf("\n"); + if(man) { + printf(".SH EXAMPLE\n"); + } else { + printf("Example:\n"); + } + qs_man_println(man, " ErrorLog \"|/usr/bin/%s -t apache -f local7\"\n", cmd); + printf("\n"); + if(man) { + printf(".SH SEE ALSO\n"); + printf("qsdt(1), qsexec(1), qsfilter2(1), qsgeo(1), qsgrep(1), qshead(1), qslog(1), qspng(1), qsre(1), qsrespeed(1), qsrotate(1), qssign(1), qstail(1)\n"); + printf(".SH AUTHOR\n"); + printf("Pascal Buchbinder, http://mod-qos.sourceforge.net/\n"); + } else { + printf("See http://mod-qos.sourceforge.net/ for further details.\n"); + } + if(man) { + exit(0); + } else { + exit(1); + } +} + +int main(int argc, const char * const argv[]) { + int line_len; + char *line = calloc(1, MAX_LINE_BUFFER+1); + const char *cmd = strrchr(argv[0], '/'); + int pass = 0; + const char *tag = NULL; + int facility = LOG_DAEMON; + int severity = LOG_DEBUG; + int level = LOG_INFO; + const char *regexpattern = QS_DEFAULTPATTERN; + const char *username = NULL; + const char *prefix = NULL; + regex_t preg; + if(cmd == NULL) { + cmd = (char *)argv[0]; + } else { + cmd++; + } + + argc--; + argv++; + while(argc >= 1) { + if(strcmp(*argv, "-p") == 0) { + pass = 1; + } else if(strcmp(*argv, "-f") == 0) { + if (--argc >= 1) { + const char *facilityname = *(++argv); + facility = qsgetfacility(facilityname); + } + } else if(strcmp(*argv, "-l") == 0) { + if (--argc >= 1) { + const char *severityname = *(++argv); + severity = qsgetprio(severityname, strlen(severityname)); + } + } else if(strcmp(*argv, "-x") == 0) { + if (--argc >= 1) { + prefix = *(++argv); + } + } else if(strcmp(*argv,"-u") == 0) { /* switch user id */ + if (--argc >= 1) { + username = *(++argv); + } + } else if(strcmp(*argv, "-d") == 0) { + if (--argc >= 1) { + const char *severityname = *(++argv); + m_default_severity = qsgetprio(severityname, strlen(severityname)); + } + } else if(strcmp(*argv, "-t") == 0) { + if (--argc >= 1) { + tag = *(++argv); + } + } else if(strcmp(*argv, "-r") == 0) { + if (--argc >= 1) { + regexpattern = *(++argv); + } + } else if(strcmp(*argv,"-h") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"--help") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"-?") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"--man") == 0) { + usage(cmd, 1); + } else { + usage(cmd, 0); + } + argc--; + argv++; + } + + if(regcomp(&preg, regexpattern, REG_EXTENDED)) { + fprintf(stderr, "[%s] failed to compile pattern %s", cmd, regexpattern); + exit(1); + } + + qs_setuid(username, cmd); + + openlog(tag ? tag : getlogin(), 0, facility); + + // start reading from stdin + while(fgets(line, MAX_LINE_BUFFER, stdin) != NULL) { + line_len = strlen(line) - 1; + while(line_len > 0) { // cut tailing CR/LF + if(line[line_len] >= ' ') { + break; + } + line[line_len] = '\0'; + line_len--; + } + // severity is determined using the regular expression provided by the user + level = qsgetlevel(preg, line); + if(level <= severity) { + // send message + if(prefix) { + syslog(level, "%s%s", prefix, line); + } else { + syslog(level, "%s", line); + } + } + if(pass) { + printf("%s\n", line); + fflush(stdout); + } + } + free(line); + closelog(); + return 0; +} diff --git a/tools/src/qspng.c b/tools/src/qspng.c new file mode 100644 index 0000000..6d11f21 --- /dev/null +++ b/tools/src/qspng.c @@ -0,0 +1,784 @@ +/** + * Utilities for the quality of service module mod_qos. + * + * qspng.c: Tool to draw graph from qslog output. + * + * See http://mod-qos.sourceforge.net/ for further + * details. + * + * Copyright (C) 2023 Pascal Buchbinder + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +static const char revision[] = "$Id: qspng.c 2654 2022-05-13 09:12:42Z pbuchbinder $"; + +#include <stdio.h> +#include <string.h> + +#include <stdlib.h> +#include <unistd.h> +#include <png.h> + +//#include <config.h> + +#include "qs_util.h" +#include "char.h" + +#define HUGE_STRING_LEN 1024 +#define X_SAMPLE_RATE 3 +/* width */ +#define X_COUNTS 60 * 24 / X_SAMPLE_RATE // 24 hours, every 3th sample +/* height */ +#define Y_COUNTS 100 +/* border */ +#define XY_BORDER 20 + +typedef struct { + const char* param; + const char* name; + int r; + int g; + int b; +} qs_png_elt_t; + +/* known graph types */ +static const qs_png_elt_t qs_png_elts[] = { + { "r/s", "requests per second", 20, 30, 130, }, + { "req", "requests per minute", 20, 30, 130, }, + { "b/s", "bytes per second (out)", 30, 45, 130 }, + { "ib/s", "bytes per second (in)", 30, 45, 125 }, + { "esco", "established connections per minute", 40, 95, 140 }, + { "av", "average response time", 40, 95, 140 }, + { "avms", "average response time in milliseconds", 45, 95, 135 }, + { "0-49ms", "requests duration 0-49ms", 45, 100, 180 }, + { "50-99ms", "requests duration 50-99ms", 45, 100, 180 }, + { "100-499ms", "requests duration 100-499ms", 45, 100, 180 }, + { "500-999ms", "requests duration 500-999ms", 45, 100, 180 }, + { "<1s", "requests faster than 1 second", 35, 95, 180 }, + { "1s", "requests faster or equal than 1 second", 35, 90, 180 }, + { "2s", "requests with 2 seconds response time", 30, 85, 180 }, + { "3s", "requests with 3 seconds response time", 25, 90, 180 }, + { "4s", "requests with 4 seconds response time", 25, 95, 180 }, + { "5s", "requests with 5 seconds response time", 15, 90, 180 }, + { ">5s","requests slower than 5 seconds", 35, 90, 185 }, + { "1xx","requests with HTTP status 1xx", 50, 70, 150 }, + { "2xx","requests with HTTP status 2xx", 50, 70, 150 }, + { "3xx","requests with HTTP status 3xx", 50, 70, 150 }, + { "4xx","requests with HTTP status 4xx", 50, 70, 150 }, + { "5xx","requests with HTTP status 5xx", 50, 70, 150 }, + { "ip", "IP addresses", 55, 60, 150 }, + { "usr","active users", 55, 66, 150 }, + { "qV", "created VIP sessions", 55, 50, 155 }, + { "qS", "session pass", 55, 75, 160 }, + { "qD", "access denied", 55, 70, 170 }, + { "qK", "connection closed", 55, 60, 145 }, + { "qT", "dynamic keep-alive", 55, 55, 153 }, + { "qL", "slow down", 55, 65, 140 }, + { "qA", "connection aborts", 55, 50, 175 }, + { "qs", "serialization", 55, 40, 175 }, + { "qu", "start user tracking", 55, 45, 175 }, + { "sl", "system load", 25, 60, 175 }, + { "m", "free memory", 35, 90, 185 }, + { NULL, NULL, 0, 0, 0 } +}; + +typedef struct qs_png_conf_st { + char *path; + char *param; +} qs_png_conf; + + +/************************************************************************ + * Functions + ***********************************************************************/ + +/** + * Read the stat_log data line by line + * + * @param s IN buffer to store line to + * @param n IN buffer size + * @param f IN file descriptor + * + * @return 1 on EOF, else 0 + */ +static int qs_png_getline(char *s, int n, FILE *f) { + register int i = 0; + while (1) { + s[i] = (char) fgetc(f); + if (s[i] == CR) { + s[i] = fgetc(f); + } + if ((s[i] == 0x4) || (s[i] == LF) || (i == (n - 1))) { + s[i] = '\0'; + return (feof(f) ? 1 : 0); + } + ++i; + } +} + +/* png io callback (should write to buff/bio/bucket when using in apache) */ +void lp_write_data(png_structp png_ptr, png_bytep data, png_size_t length) { + FILE *f = png_get_io_ptr(png_ptr); + fwrite(data, length, 1, f); +} + +/* png io callback (not used) */ +void lp_flush_data(png_structp png_ptr) { + png_get_io_ptr(png_ptr); + fprintf(stderr, "flush\n"); +} + +/** + * Writes a single char to the graph + * + * @param x IN x position + * @param y IN y position + * @param row_pointers IN start pointer (0/0) + * @param n IN char to write + */ +static void qs_png_write_char(int x, int y, png_bytep *row_pointers, char n) { + int ix, iy; + int *f = &s_X[0][0]; + switch(n) { + case 'a': f = &s_a[0][0]; break; + case 'b': f = &s_b[0][0]; break; + case 'c': f = &s_c[0][0]; break; + case 'd': f = &s_d[0][0]; break; + case 'e': f = &s_e[0][0]; break; + case 'f': f = &s_f[0][0]; break; + case 'g': f = &s_g[0][0]; break; + case 'h': f = &s_h[0][0]; break; + case 'i': f = &s_i[0][0]; break; + case 'j': f = &s_j[0][0]; break; + case 'k': f = &s_k[0][0]; break; + case 'l': f = &s_l[0][0]; break; + case 'm': f = &s_m[0][0]; break; + case 'n': f = &s_n[0][0]; break; + case 'o': f = &s_o[0][0]; break; + case 'p': f = &s_p[0][0]; break; + case 'q': f = &s_q[0][0]; break; + case 'r': f = &s_r[0][0]; break; + case 's': f = &s_s[0][0]; break; + case 't': f = &s_t[0][0]; break; + case 'u': f = &s_u[0][0]; break; + case 'v': f = &s_v[0][0]; break; + case 'w': f = &s_w[0][0]; break; + case 'x': f = &s_x[0][0]; break; + case 'y': f = &s_y[0][0]; break; + case 'z': f = &s_z[0][0]; break; + case ' ': f = &s_SP[0][0]; break; + case '_': f = &s_US[0][0]; break; + case '(': f = &s_BRO[0][0]; break; + case ')': f = &s_BRC[0][0]; break; + case '<': f = &s_LT[0][0]; break; + case '>': f = &s_GT[0][0]; break; + case '-': f = &s_MI[0][0]; break; + case '/': f = &s_SL[0][0]; break; + case ';': f = &s_SC[0][0]; break; + case ',': f = &s_CM[0][0]; break; + case ':': f = &s_CO[0][0]; break; + case '.': f = &s_DT[0][0]; break; + case '\'': f = &s_SQ[0][0]; break; + case 'A': f = &s_a[0][0]; break; + case 'B': f = &s_b[0][0]; break; + case 'C': f = &s_c[0][0]; break; + case 'D': f = &s_d[0][0]; break; + case 'E': f = &s_e[0][0]; break; + case 'F': f = &s_f[0][0]; break; + case 'G': f = &s_g[0][0]; break; + case 'H': f = &s_h[0][0]; break; + case 'I': f = &s_i[0][0]; break; + case 'J': f = &s_j[0][0]; break; + case 'K': f = &s_k[0][0]; break; + case 'L': f = &s_l[0][0]; break; + case 'M': f = &s_M[0][0]; break; + case 'N': f = &s_n[0][0]; break; + case 'O': f = &s_o[0][0]; break; + case 'P': f = &s_p[0][0]; break; + case 'Q': f = &s_q[0][0]; break; + case 'R': f = &s_r[0][0]; break; + case 'S': f = &s_s[0][0]; break; + case 'T': f = &s_t[0][0]; break; + case 'U': f = &s_u[0][0]; break; + case 'V': f = &s_v[0][0]; break; + case 'W': f = &s_w[0][0]; break; + case 'X': f = &s_x[0][0]; break; + case 'Y': f = &s_y[0][0]; break; + case 'Z': f = &s_z[0][0]; break; + case '0': f = &s_0[0][0]; break; + case '1': f = &s_1[0][0]; break; + case '2': f = &s_2[0][0]; break; + case '3': f = &s_3[0][0]; break; + case '4': f = &s_4[0][0]; break; + case '5': f = &s_5[0][0]; break; + case '6': f = &s_6[0][0]; break; + case '7': f = &s_7[0][0]; break; + case '8': f = &s_8[0][0]; break; + case '9': f = &s_9[0][0]; break; + } + /* print the char matrix */ + for(iy = 0; iy < S_H_MAX; iy++) { + png_byte* row = row_pointers[y+iy]; + for(ix = 0; ix < S_W_MAX; ix++) { + png_byte* ptr = &(row[(x+ix)*4]); + if(f[iy*S_W_MAX + ix] == 1) { + /* foreground */ + ptr[0] = 0; + ptr[1] = 0; + ptr[2] = 0; + } else { + /* background */ + ptr[0] = 250; + ptr[1] = 250; + ptr[2] = 255; + } + } + } +} + +/** + * Writes a single digit 0..9. + * You should normally use either qs_png_write_int() or qs_png_write_int(). + * + * @param x IN x position + * @param y IN y position + * @param row_pointers IN start pointer (0/0) + * @param n IN number to write + */ +static void qs_png_write_digit(int x, int y, png_bytep *row_pointers, int n) { + char f = 'X'; + if(n == 0) f = '0'; + if(n == 1) f = '1'; + if(n == 2) f = '2'; + if(n == 3) f = '3'; + if(n == 4) f = '4'; + if(n == 5) f = '5'; + if(n == 6) f = '6'; + if(n == 7) f = '7'; + if(n == 8) f = '8'; + if(n == 9) f = '9'; + qs_png_write_char(x, y, row_pointers, f); +} + +/** + * Writes a string to the graph. + * + * @param x IN x position + * @param y IN y position + * @param row_pointers IN start pointer (0/0) + * @param n IN string to write + */ +static void qs_png_write_string(int x, int y, png_bytep *row_pointers, const char *n) { + int i = 0; + int offset = 0; + while(n[i] != '\0') { + qs_png_write_char(x+offset, y, row_pointers, n[i]); + i++; + offset = offset + S_W_MAX; + } +} + +/** + * Writes a number (int) to the graph (1:1). + * + * @param x IN x position + * @param y IN y position + * @param row_pointers IN start pointer (0/0) + * @param n IN number to write + */ +static void qs_png_write_int(int x, int y, png_bytep *row_pointers, int n) { + char num_str[HUGE_STRING_LEN]; + snprintf(num_str, sizeof(num_str), "%d", n); + qs_png_write_string(x, y, row_pointers, num_str); +} + +/** + * Writes a number (long) to the graph using k,M for big numbers. + * + * @param x IN x position + * @param y IN y position + * @param row_pointers IN start pointer (0/0) + * @param n IN string to write + */ +static void qs_png_write_long(int x, int y, png_bytep *row_pointers, long n) { + char num_str[HUGE_STRING_LEN]; + snprintf(num_str, sizeof(num_str), "%ld", n); + if(n >= 1000) { + snprintf(num_str, sizeof(num_str), "%ldk", n/1000); + } + if(n >= 1000000) { + snprintf(num_str, sizeof(num_str), "%ldM", n/1000000); + } + qs_png_write_string(x, y, row_pointers, num_str); +} + +/** + * Labels the graph (min,max,title). + * + * @param width IN size (x axis) of the graph + * @param height IN size (y axis) of the graph + * @param border IN border size around the graph + * @param row_pointers IN start pointer (0/0) + * @param max IN max y value + * @param name IN title + */ +static void qs_png_label(int width, int height, int border, + png_bytep *row_pointers, long max, + const char *name) { + /* MAX */ + int i; + int step = height/5; + int c = 5; + for(i = 0; i < height; i = i + step) { + qs_png_write_long(1, border - (S_W_MAX/2) + i, row_pointers, max/5*c); + c--; + } + + /* MIN */ + qs_png_write_int(1, height + border - (S_W_MAX/2), row_pointers, 0); + + /* title */ + { + char buf[HUGE_STRING_LEN]; + snprintf(buf, sizeof(buf), "%s", name); + qs_png_write_string(XY_BORDER, XY_BORDER/2-S_H_MAX/2, row_pointers, buf); + } + +} + +static void lp_init(int width, int height, int border, png_bytep **start) { + png_bytep *row_pointers; + int b_width = width + (2 * border); + int b_height = height + (2 * border); + int x, y; + + /* alloc memory */ + row_pointers = (png_bytep*) malloc(sizeof(png_bytep) * b_height); + for(y=0; y<b_height; y++) { + row_pointers[y] = (png_byte*) malloc(b_width * 4); + } + + /* background */ + for(y=0; y<b_height; y++) { + png_byte* row = row_pointers[y]; + for(x=0; x<b_width; x++) { + png_byte* ptr = &(row[x*4]); + ptr[0] = 250; + ptr[1] = 250; + ptr[2] = 255; + ptr[3] = 250; + } + } + for(y=border; y<b_height-border; y++) { + png_byte* row = row_pointers[y]; + for(x=border; x<b_width-border; x++) { + png_byte* ptr = &(row[x*4]); + ptr[0] = 245; + ptr[1] = 245; + ptr[2] = 250; + } + } + *start = row_pointers; +} + +/** + * "Main" png function: + * - reads the data from the file + * - draws the curve + * - labels the x axis + * + * @param width IN size (x axis) of the graph + * @param height IN size (y axis) of the graph + * @param border IN border size around the graph + * @param row_pointers IN start pointer (0/0) + * @param stat_log IN file descriptor to the input file + * @param name IN title + * @param c_r IN color red (0..255) + * @param c_g IN color green (0..255) + * @param c_b IN color blue (0..255) + */ +static long qs_png_draw(int width, int height, int border, + png_bytep *row_pointers, FILE *stat_log, const char *name, + int c_r, int c_g, int c_b) { + int x, y; + long req[width]; // values + long max_req[width]; // values + int hours[width]; // time marks on x axis + long tmp[X_SAMPLE_RATE]; // used to build average over multiple samples + int sample = 1; // sample rate counter (1 to X_SAMPLE_RATE) + + int i = 0; + char line[HUGE_STRING_LEN]; + + long peak = 0; // max of all values + double scale = 1; // scaling factor (height x scale = unit) + + int hour = -1; // detect "new" hour + char date_str[32] = ""; // string storing the first day (if fist value is at 00h) + + long ret; + for(x=0; x<width; x++) hours[x] = 0; + /* reads the file and resample measure points to width of the graph */ + while(!qs_png_getline(line, sizeof(line), stat_log) && i < width) { + char *p = strstr(line, name); + req[i] = 0; + max_req[i] = 0; + if(p && ((p - line) > 8)) { + char *e; + p=p+strlen(name); + e = strchr(p,';'); + if(e) e[0] = '\0'; + e = strchr(p, '.'); /** sl uses fp value */ + if(e) e[0] = '\0'; + tmp[sample-1] = atol(p); + } else { + tmp[sample-1] = 0; + } + /* hour (stat_log time format: %d.%m.%Y %H:%M:%S (19 char)) */ + p = strchr(line, ';'); + if(p && (p-line == 19 )) { + p = p - 6; + p[0] = '\0'; + p = p - 2; + hours[i] = atoi(p); + } + /* use the defined sample rate */ + if(sample == X_SAMPLE_RATE) { + int j; + int max_value = 0; + for(j = 0; j < X_SAMPLE_RATE; j++) { + req[i] = req[i] + tmp[j]; + if(max_value < tmp[j]) { + max_value = tmp[j]; + } + } + max_req[i] = max_value; + if(max_req[i] > peak) peak = max_req[i]; + /* build average */ + req[i] = req[i] / X_SAMPLE_RATE; + sample = 1; + i++; + /* and store the current date (%d.%m.%Y (10 char)) if the + first value is at 00h */ + if(hours[i] == 0 && i == 1) { + p = strchr(line, ' '); + if(p && (p-line == 10)) { + p[0] = '\0'; + strcpy(date_str, line); + } + } + } else { + sample++; + } + } + /* calculate y axis scaling (1:1 are height pixels) */ + if(peak < 10) { + scale = 0.1; + } else { + while((peak / scale) > height) { + if(scale < 8) { + scale = scale * 2; + } else { + if(scale == 8) { + scale = 10; + } else { + scale = scale * 10; + } + } + } + } + + /* draw the curve */ + for(x=0; x<i; x++) { + /* max */ + for(y=0; y<(max_req[x]/scale); y++) { + png_byte* row = row_pointers[height-y-1+border]; + png_byte* ptr = &(row[x*4+(4*border)]); + ptr[0] = c_r + 75; + ptr[1] = c_g + 75; + ptr[2] = c_b + 75; + } + /* average */ + for(y=0; y<(req[x]/scale); y++) { + png_byte* row = row_pointers[height-y-1+border]; + png_byte* ptr = &(row[x*4+(4*border)]); + ptr[0] = c_r; + ptr[1] = c_g; + ptr[2] = c_b; + } + /* label the x axis */ + if(hour != hours[x]) { + hour = hours[x]; + for(y=0; y<(height); y=y+3) { + png_byte* row = row_pointers[y+border]; + png_byte* ptr = &(row[x*4+(4*border)]); + ptr[0] = 50; + ptr[1] = 50; + ptr[2] = 50; + } + if(hour%2 == 0) { + qs_png_write_digit(x-S_W_MAX+border, height + border + 1, row_pointers, hour/10); + qs_png_write_digit(x-S_W_MAX+border+S_W_MAX, height + border + 1, row_pointers, hour%10); + qs_png_write_char(x-S_W_MAX+border+2*S_W_MAX, height + border + 1, row_pointers, 'h'); + } + } + } + + /* print date */ + qs_png_write_string(border, height+border+2+S_H_MAX, row_pointers, date_str); + + /* horizontal lines every 1/4 height */ + for(y=(height/5); y<height; y=y+height/5) { + png_byte* row = row_pointers[y+border]; + for(x=0; x<i; x=x+3) { + png_byte* ptr = &(row[x*4+(4*border)]); + ptr[0] = 50; + ptr[1] = 50; + ptr[2] = 50; + } + } + + ret = scale * height; + return ret; +} + + +static void usage(char *cmd, int man) { + if(man) { + //.TH [name of program] [section number] [center footer] [left footer] [center header] + printf(".TH %s 1 \"%s\" \"mod_qos utilities %s\" \"%s man page\"\n", qs_CMD(cmd), man_date, + man_version, cmd); + } + printf("\n"); + if(man) { + printf(".SH NAME\n"); + qs_man_print(man, "%s - an utility to draw a png graph from qslog(1) output data.\n", cmd); + } else { + qs_man_print(man, "Utility to draw a png graph from qslog output data.\n"); + } + printf("\n"); + if(man) { + printf(".SH SYNOPSIS\n"); + } + qs_man_print(man, "%s%s -i <stat_log_file> -p <parameter> -o <out_file> [-10]\n", man ? "" : "Usage: ", cmd); + printf("\n"); + if(man) { + printf(".SH DESCRIPTION\n"); + } else { + printf("Summary\n"); + } + qs_man_print(man, "%s is a tool to generate png (portable network graphics)\n", cmd); + qs_man_print(man, "raster images files from semicolon separated data generated by the\n"); + qs_man_print(man, "qslog utility. It reads up to the first 1440 entries (24 hours)\n"); + qs_man_print(man, "and prints a graph using the values defined by the 'parameter' \n"); + qs_man_print(man, "name.\n"); + printf("\n"); + if(man) { + printf(".SH OPTIONS\n"); + } else { + printf("Options\n"); + } + if(man) printf(".TP\n"); + qs_man_print(man, " -i <stats_log_file>\n"); + if(man) printf("\n"); + qs_man_print(man, " Input file to read data from.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -p <parameter>\n"); + if(man) printf("\n"); + qs_man_print(man, " Parameter name, e.g. r/s or usr.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -o <out_file>\n"); + if(man) printf("\n"); + qs_man_print(man, " Output file name, e.g. stat.png.\n"); + printf("\n"); + if(man) { + printf(".SH SEE ALSO\n"); + printf("qsdt(1), qsexec(1), qsfilter2(1), qsgeo(1), qsgrep(1), qshead(1), qslogger(1), qslog(1), qsre(1), qsrespeed(1), qsrotate(1), qssign(1), qstail(1)\n"); + printf(".SH AUTHOR\n"); + printf("Pascal Buchbinder, http://mod-qos.sourceforge.net/\n"); + } else { + printf("\n"); + printf("See http://mod-qos.sourceforge.net/ for further details.\n"); + } + if(man) { + exit(0); + } else { + exit(1); + } +} + +int main(int argc, char **argv) { + int y; + int width, height, b_width, b_height; + png_byte color_type; + png_byte bit_depth; + + int scale; + + png_structp png_ptr; + png_infop info_ptr; + + png_bytep *row_pointers; + + char *infile = NULL; + FILE *f; + FILE *stat_log; + + char *cmd = strrchr(argv[0], '/'); + const char *param = NULL; + const char *name = ""; + char *out = NULL; + int c_r = 20; + int c_g = 50; + int c_b = 175; + const qs_png_elt_t* elt; + + if(cmd == NULL) { + cmd = argv[0]; + } else { + cmd++; + } + + while(argc >= 1) { + if(strcmp(*argv,"-i") == 0) { + if (--argc >= 1) { + infile = *(++argv); + } + } else if(strcmp(*argv,"-p") == 0) { + if (--argc >= 1) { + param = *(++argv); + name = param; + } + } else if(strcmp(*argv,"-o") == 0) { + if (--argc >= 1) { + out = *(++argv); + } + } else if(strcmp(*argv,"-h") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"--help") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"-?") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"--man") == 0) { + usage(cmd, 1); + } + argc--; + argv++; + } + + + if(infile == NULL || param == NULL || out == NULL) usage(cmd, 0); + for(elt = qs_png_elts; elt->param != NULL ; ++elt) { + if(strcmp(elt->param, param) == 0) { + name = elt->name; + c_r = elt->r; + c_g = elt->g; + c_b = elt->b; + } + } + + stat_log = fopen(infile, "r"); + if(stat_log == NULL) { + fprintf(stderr,"[%s]: ERROR, could not open input file <%s>\n", cmd, infile); + exit(1); + } + + f = fopen(out, "wb"); + if(f == NULL) { + fprintf(stderr,"[%s]: ERROR, could not open output file <%s>\n", cmd, out); + exit(1); + } + + png_ptr = png_create_write_struct(PNG_LIBPNG_VER_STRING, NULL, NULL, NULL); + if(png_ptr == NULL) { + fprintf(stderr,"[%s]: ERROR, could not create png struct\n", cmd); + exit(1); + } + info_ptr = png_create_info_struct(png_ptr); + if(info_ptr == NULL) { + fprintf(stderr,"[%s]: ERROR, could not create png information struct\n", cmd); + exit(1); + } + if(setjmp(png_jmpbuf(png_ptr))) { + fprintf(stderr,"[%s]: ERROR, could not init png struct\n", cmd); + exit(1); + } + png_set_write_fn(png_ptr, f, lp_write_data, NULL); + + /* write header */ + if(setjmp(png_jmpbuf(png_ptr))) { + fprintf(stderr,"[%s]: ERROR, could not write png header\n", cmd); + exit(1); + } + + color_type = PNG_COLOR_TYPE_RGB_ALPHA; + bit_depth = 8; + width = X_COUNTS; + height = Y_COUNTS; + b_width = width + (2 * XY_BORDER); + b_height = height + (2 * XY_BORDER); + + png_set_IHDR(png_ptr, info_ptr, + b_width, b_height, + bit_depth, + color_type, + PNG_INTERLACE_NONE, + PNG_COMPRESSION_TYPE_BASE, PNG_FILTER_TYPE_BASE); + png_write_info(png_ptr, info_ptr); + + /* write bytes */ + if(setjmp(png_jmpbuf(png_ptr))) { + fprintf(stderr,"[%s]: ERROR, could not write png data\n", cmd); + exit(1); + } + + /* alloc and background */ + lp_init(width, height, XY_BORDER, &row_pointers); + + /* paint */ + { + char buf[HUGE_STRING_LEN]; + snprintf(buf, sizeof(buf), ";%s;", param); + scale = qs_png_draw(width, height, XY_BORDER, row_pointers, + stat_log, buf, c_r, c_g, c_b); + } + + /* min/max/title label */ + qs_png_label(width, height, XY_BORDER, row_pointers, scale, + name); + + + /* done, write image */ + png_write_image(png_ptr, row_pointers); + /* end write */ + if(setjmp(png_jmpbuf(png_ptr))) { + fprintf(stderr,"[%s]: ERROR, could not write png data\n", cmd); + exit(1); + } + png_write_end(png_ptr, NULL); + + /* cleanup heap allocation */ + for(y=0; y<height; y++) { + free(row_pointers[y]); + } + free(row_pointers); + + fclose(f); + fclose(stat_log); + return 0; +} diff --git a/tools/src/qsre.c b/tools/src/qsre.c new file mode 100644 index 0000000..53187b8 --- /dev/null +++ b/tools/src/qsre.c @@ -0,0 +1,226 @@ +/** + * qsre.c: pcre expression match test tool + * + * See http://mod-qos.sourceforge.net/ for further + * details. + * + * Copyright (C) 2023 Pascal Buchbinder + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +static const char revision[] = "$Id: qsre.c 2654 2022-05-13 09:12:42Z pbuchbinder $"; + +/* system */ +#include <stdio.h> +#include <string.h> + +#include <stdlib.h> +#include <unistd.h> +#include <time.h> + +/* apr */ +#include <apr.h> +#include <apr_strings.h> +#include <apr_time.h> +#include <apr_general.h> +#include <apr_lib.h> +#include <apr_portable.h> +#include <apr_support.h> + +#define PCRE2_CODE_UNIT_WIDTH 8 +#include <pcre2.h> + +#include "qs_util.h" + +#define QS_OVECCOUNT 100 + + +static void usage(const char *cmd, int man) { + if(man) { + //.TH [name of program] [section number] [center footer] [left footer] [center header] + printf(".TH %s 1 \"%s\" \"mod_qos utilities %s\" \"%s man page\"\n", qs_CMD(cmd), man_date, + man_version, cmd); + } + printf("\n"); + + if(man) { + printf(".SH NAME\n"); + } + qs_man_print(man, "%s matches a regular expression against test strings.\n", cmd); + printf("\n"); + + if(man) { + printf(".SH SYNOPSIS\n"); + } + qs_man_print(man, "%s%s <string>|<path> <pcre>|<path>\n", man ? "" : "Usage: ", cmd); + printf("\n"); + + if(man) { + printf(".SH DESCRIPTION\n"); + } else { + printf("Summary\n"); + } + qs_man_print(man, "Regular expression test tool.\n"); + qs_man_print(man, "The provided regular expression (pcre, caseless matching, \".\" matches anything\n"); + qs_man_print(man, "incl. newline) is appplied against the provided test strings to verify if the\n"); + qs_man_print(man, "pattern matches.\n"); + printf("\n"); + + if(man) { + printf(".SH OPTIONS\n"); + } else { + printf("Options\n"); + } + if(man) printf(".TP\n"); + qs_man_print(man, " <string>|<path>\n"); + if(man) printf("\n"); + qs_man_print(man, " The first argument either defines a single test string of a path to\n"); + qs_man_print(man, " a file containing either multiple test strings or a test pattern with\n"); + qs_man_print(man, " newline characters (text).\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " <pcre>|<path>\n"); + if(man) printf("\n"); + qs_man_print(man, " The second argument either defines a regular expression or a path to\n"); + qs_man_print(man, " a file containing the expression.\n"); + printf("\n"); + + if(man) { + printf(".SH SEE ALSO\n"); + printf("qsdt(1), qsexec(1), qsfilter2(1), qsgeo(1), qsgrep(1), qshead(1), qslog(1), qslogger(1), qspng(1), qsrespeed(1), qsrotate(1), qssign(1), qstail(1)\n"); + printf(".SH AUTHOR\n"); + printf("Pascal Buchbinder, http://mod-qos.sourceforge.net/\n"); + } else { + printf("See http://mod-qos.sourceforge.net/ for further details.\n"); + } + if(man) { + exit(0); + } else { + exit(1); + } +} + +static int rmatch(const char *line, qs_regex_t *preg) { + qs_regmatch_t regm[QS_MAX_REG_MATCH]; + int rc_c = -1; + do { + int rc = qs_regexec_len(preg, line, strlen(line), QS_MAX_REG_MATCH, regm, 0); + if(rc >= 0) { + int ix; + rc_c = 0; + printf("[%.*s]", regm[0].rm_eo - regm[0].rm_so, &line[regm[0].rm_so]); + for(ix = 1; ix < rc; ix++) { + printf(" $%d=%.*s", ix, regm[ix].rm_eo - regm[ix].rm_so, &line[regm[ix].rm_so]); + } + line = &line[regm[0].rm_eo]; + } else { + line = NULL; + } + } while(line && line[0]); + return rc_c; +} + +int main(int argc, const char *const argv[]) { + const char *errptr = NULL; + int erroffset; + qs_regex_t *preg; + int rc_c = -1; + const char *line; + const char *in; + const char *pattern; + FILE *file; + apr_pool_t *pool; + char *raw = ""; + int linenr = 0; + + const char *cmd = strrchr(argv[0], '/'); + + apr_app_initialize(&argc, &argv, NULL); + apr_pool_create(&pool, NULL); + if(cmd == NULL) { + cmd = (char *)argv[0]; + } else { + cmd++; + } + + argc--; + argv++; + if(argc != 2) { + if(argc == 1 && strcmp(argv[0], "--man") == 0) { + usage(cmd, 1); + } else { + usage(cmd, 0); + } + } + in = argv[0]; + pattern = argv[1]; + + file = fopen(pattern, "r"); + if(file) { + char readline[MAX_LINE]; + if(fgets(readline, MAX_LINE-1, file) != NULL) { + int len = strlen(readline); + while(len > 0 && readline[len] < 32) { + readline[len] = '\0'; + len--; + } + pattern = apr_pstrdup(pool, readline); + } + fclose(file); + } + printf("expression: %s\n", pattern); + + preg = apr_palloc(pool, sizeof(qs_regex_t)); + if(qs_regcomp(preg, pattern, PCRE2_DOTALL|PCRE2_CASELESS) != 0) { + fprintf(stderr, "ERROR, rule <%s> could not compile regular expression\n", pattern); + exit(1); + } + apr_pool_pre_cleanup_register(pool, preg, qs_pregfree); + + file = fopen(in, "r"); + if(file) { + char readline[MAX_LINE]; + while(fgets(readline, MAX_LINE-1, file) != NULL) { + int len = strlen(readline); + linenr++; + printf("line %.3d: ", linenr); + raw = apr_pstrcat(pool, raw, readline, NULL); + while(len > 0 && readline[len] < 32) { + readline[len] = '\0'; + len--; + } + if(readline[0] >= 32 && strlen(readline) > 0) { + line = readline; + rc_c = rmatch(line, preg); + } + printf("\n"); + } + fclose(file); + printf("entire content match:\n"); + rc_c = rmatch(raw, preg); + printf("\n"); + } else { + line = in; + rc_c = rmatch(line, preg); + printf("\n"); + } + if(rc_c < 0) { + printf("no match\n"); + return 2; + } + return 0; +} diff --git a/tools/src/qsrespeed.c b/tools/src/qsrespeed.c new file mode 100644 index 0000000..dc949f1 --- /dev/null +++ b/tools/src/qsrespeed.c @@ -0,0 +1,308 @@ +/** + * Utility for the quality of service module mod_qos. + * + * qsrespeed.c: tool to measure the processing time + * of regular expressions + * + * See http://mod-qos.sourceforge.net/ for further + * details. + * + * Copyright (C) 2023 Pascal Buchbinder + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +static const char revision[] = "$Revision: 2654 $"; + +/* system */ +#include <stdio.h> +#include <string.h> + +#include <stdlib.h> +#include <unistd.h> +#include <time.h> + +/* apr */ +#include <apr.h> +#include <apr_strings.h> +#include <apr_time.h> +#include <apr_general.h> +#include <apr_lib.h> +#include <apr_portable.h> +#include <apr_support.h> + +#define PCRE2_CODE_UNIT_WIDTH 8 +#include <pcre2.h> + +#include "qs_util.h" + +#define LOOPS 100 + +typedef struct { + qs_regex_t *preg; +} rule_t; + +static void usage(const char *cmd, int man) { + if(man) { + //.TH [name of program] [section number] [center footer] [left footer] [center header] + printf(".TH %s 1 \"%s\" \"mod_qos utilities %s\" \"%s man page\"\n", qs_CMD(cmd), man_date, + man_version, cmd); + } + printf("\n"); + + if(man) { + printf(".SH NAME\n"); + } + qs_man_print(man, "Tool to compare / estimate the processing time for (Perl-compatible)\n"); + qs_man_print(man, "regular expressions (PCRE).\n"); + printf("\n"); + + if(man) { + printf(".SH SYNOPSIS\n"); + } + qs_man_print(man, "%s%s <path>\n", man ? "" : "Usage: ", cmd); + printf("\n"); + + if(man) { + printf(".SH DESCRIPTION\n"); + } else { + printf("Summary\n"); + } + qs_man_print(man, "%s loads regular expressions from the provided file and matches\n", cmd); + qs_man_print(man, "them against a built-in set of strings measuring the time needed to\n"); + qs_man_print(man, "process them. It's a benchmark too to judge the expressions you have\n"); + qs_man_print(man, "defined regarding the potential CPU consumption.\n"); + printf("\n"); + + if(man) { + printf(".SH OPTIONS\n"); + } else { + printf("Options\n"); + } + if(man) printf(".TP\n"); + qs_man_print(man, " <path>\n"); + if(man) printf("\n"); + qs_man_print(man, " Defines the input file to process. The file consists a list of\n"); + qs_man_print(man, " (separated by a newline character) regular expressions to test\n"); + printf("\n"); + + if(man) { + printf(".SH SEE ALSO\n"); + printf("qsdt(1), qsexec(1), qsfilter2(1), qsgeo(1), qsgrep(1), qshead(1), qslog(1), qslogger(1), qspng(1), qsre(1), qsrotate(1), qssign(1), qstail(1)\n"); + printf(".SH AUTHOR\n"); + printf("Pascal Buchbinder, http://mod-qos.sourceforge.net/\n"); + } else { + printf("See http://mod-qos.sourceforge.net/ for further details.\n"); + } + if(man) { + exit(0); + } else { + exit(1); + } +} + +typedef struct { + const char* string; + int len; +} qs_r_t; + +int main(int argc, const char *const argv[]) { + int datalen=0; + qs_r_t data[] = { + { "Emma", 0 }, + { "Buchschacher", 0 }, + { "Schafhauserstrasse 60, 8000 Zürich", 0 }, + { "128128127136178267893209807237276365235", 0 }, + { "/get/application/data/index/list/all/data", 0 }, + { "05.03.1978", 0 }, + { "888 888-888-777", 0 }, + { "name=value&id=kAfBFLJaBQB-AAABBQAAAAZgAAAA9--DwnTUWct-AAA2&host=me.main.org&key=121213122aaaaaaaaaaMMMM123&tex=emb+ed", 0 }, + { "<x:ml><node attribute=\"value\" attr2=\"99999999\">text shows_this!</node></x:ml>", 0 }, + { "<html lang=\"en\"><meta charset=\"utf-8\"><meta property=\"og:type\" content=\"website\"></html>", 0 }, + { "lajksdfhjklasdhfaskdjfhklasjdlfaksdhfasjkdflsajkdflkdflhdjklfadhfksdjfhklasjdhfskljdfhsklajdhflskjdfhlskjhdflksjdhlfksjdhfjklsdhfklsdhfklsjdhklshlksfhdklfhslkdfhlskhdklsjhdflskfhlsh", 0 }, + { "ajksdfhjklasdhfaskdjfhklasjdlfaksdhfasjkdflsajkdflkdflhdjklfadhfksdjfhklasjdhfskljdfhsklajdhflskjdfhlskjhdflksjdhlfksjdhfjklsdhfklsdhfklsjdhklshlksfljsdahsdznvztbasmuiwmereizfrbizvnsdmovosduvnuztbvzucxzvmpmvdzubtfrmeirmrnbewrJHJSBNUAIMSODMAINBSUDTAZSUDIOASMDNBAGZDTSZBUANIMOINSAUBZDGTZUIOIMSKNABJDHT9807765243567283992039209376526368799230827836526789 ç%&/\"(><<<-.,:;)*=)()(&%\"ç", 0 }, + { "text/html,application/xhtml+xm…plication/xml;q=0.9,*/*;q=0.8", 0 }, + { "Accept-Language: fr-CH, fr;q=0.9, en;q=0.8, de;q=0.7, *;q=0.5", 0}, + { "Hm_lvt_ef1299edab2ff5d2f13e859…d=GA1.2.1594867574.1516566392", 0 }, + { "If-Modified-Since", 0 }, + { "Fri, 05 Jan 2018 02:34:41 GMT", 0 }, + { "[Wed Feb 28 22:08:09 2018] [notice] Apache/2.2.34 (Unix) mod_ssl/2.2.34 OpenSSL/1.0.2g mod_qos/11.52 configured -- resuming normal operations", 0 }, + { "127.0.0.1 - - [28/Feb/2018:21:03:37 +0100] \"GET /console?action=inclimit&address=194.31.217.21&event=QS_Limit HTTP/1.1\" 200 52 \"-\" 0 - - - id=wWkYPUtmBQARFAABEAAAAAAX-yQgC5d2 - - #5230", 0 }, + { "2013/11/07 17:44:07 [error] 4640#0: *55 auth_token_module(014): request not authorized: invalid signature, client: 127.0.0.1, server: localhost, request: \"GET /app/index.html?req=1 HTTP/1.1\", host: \"127.0.0.1:8204\" 000000000002#IPhzBRn7cuuGdqBI7T4OSIjXx7JGliUokCk8dFIU9n0=", 0 }, + { "2010 12 04 20:46:45.118 dispatch IWWWauthCo 07148.4046314384 3-ERROR : AuthsessClient_1_0::execute: no valid 000000000002#5jYHrFBotkZwAs5EyfVQVgNZb3M=", 0 }, + { "2011-09-01 07:37:17,275 main org.apache.catalina.startup.Catalina INFO Server startup in 5770 ms 000000000002#LQ/h2UbJ2HzdZyf8BqnB7TB8LZM=", 0 }, + { "2010-04-14 20:18:37,464 | INFO | org.hibernate.cfg ::getInputStream:1081 resource: /hibernate.cfg.xml 000000000002#9lpZof9jvdMRrIebCM7rbKzJ7aY=", 0 }, + { "http://mod-qos.sourceforge.net/", 0 }, + { "Mozilla/5.0 (X11; Ubuntu; Linu…) Gecko/20100101 Firefox/57.0", 0 }, + { " Whether 'tis nobler in the mind to suffer The slings and arrows of outrageous fortune, Or to take arms against a sea of troubles, And by opposing end them? To die: to sleep; No more; and by a sleep to say we end The heart-ache and the thousand natural shocks That flesh is heir to, 'tis a consummation Devoutly to be wish'd.", 0 }, + { "To be, or not to be: that is the question: Whether 'tis nobler in the mind to suffer The slings and arrows of outrageous fortune, Or to take arms against a sea of troubles, And by opposing end them? To die: to sleep; No more; and by a sleep to say we end The heart-ache and the thousand natural shocks That flesh is heir to, 'tis a consummation Devoutly to be wish'd. To die, to sleep; To sleep: perchance to dream: ay, there's the rub; For in that sleep of death what dreams may come When we have shuffled off this mortal coil, Must give us pause: there's the respect That makes calamity of so long life; For who would bear the whips and scorns of time, The oppressor's wrong, the proud man's contumely, The pangs of despised love, the law's delay, The insolence of office and the spurns That patient merit of the unworthy takes, When he himself might his quietus make With a bare bodkin? who would fardels bear, To grunt and sweat under a weary life, But that the dread of something after death, The undiscover'd country from whose bourn No traveller returns, puzzles the will And makes us rather bear those ills we have Than fly to others that we know not of? Thus conscience does make cowards of us all; And thus the native hue of resolution Is sicklied o'er with the pale cast of thought, And enterprises of great pith and moment With this regard their currents turn awry, And lose the name of action.--Soft you now! The fair Ophelia! Nymph, in thy orisonsBe all my sins remember'd.", 0 }, + { "{\n" \ + " \"_to\": \"1.2.3.4:5678\",\n" \ + " \"_line\": 63546230,\n" \ + " \"profile_image_url\": \"http://a3.twimg.com/profile_images/852841481/Untitled_3_normal.jpg\",\n" \ + " \"created_at\": \"Sat, 08 May 2010 21:46:23 +0000\",\n" \ + " \"from_user\": \"pelchiie\",\n" \ + " \"metadata\": {\n" \ + " \"result_type\": \"recent\"\n" \ + " },\n" \ + " \"to_user_id\": null,\n" \ + " \"text\": \"twitter is dead today.\",\n" \ + " \"id\": 13630378882,\n" \ + " \"from_user_id\": 12621761,\n" \ + " \"geo\": null,\n" \ + " \"iso_language_code\": \"en\",\n" \ + " \"source\": \"<a href=\\\"http://twitter.com/\\\">web</a>\"\n" \ + "}", 0 }, + { NULL, 0 } + }; + + int i; + FILE *file; + char readline[MAX_LINE]; + + const char *cmd = strrchr(argv[0], '/'); + + apr_pool_t *pool; + apr_table_t *rules; + long long start; + long long end; + struct timeval tv; + static char ver[80]; + + const char *filename = NULL; + + if(cmd == NULL) { + cmd = (char *)argv[0]; + } else { + cmd++; + } + + apr_app_initialize(&argc, &argv, NULL); + apr_pool_create(&pool, NULL); + rules = apr_table_make(pool, 100); + + argc--; + argv++; + while(argc >= 1) { + if(strcmp(*argv,"-h") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"--help") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"-?") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"--man") == 0) { + usage(cmd, 1); + } else { + filename = *argv; + } + argc--; + argv++; + } + + + { + // init + qs_r_t *d = data; + while(d->string) { + d->len = strlen(d->string); + datalen += d->len; + d++; + } + } + + if(filename == NULL) { + usage(cmd, 0); + } + + file = fopen(filename, "r"); + if(!file) { + fprintf(stderr, "ERROR, failed to open the log file '%s'\n", filename); + exit(1); + } + while(fgets(readline, MAX_LINE-1, file) != NULL) { + char *p; + int len = strlen(readline); + rule_t *rule = apr_pcalloc(pool, sizeof(rule_t)); + + while(len > 0 && readline[len] < 32) { + readline[len] = '\0'; + len--; + } + if((strlen(readline) > 0) && + (readline[0] != CR) && + (readline[0] != LF)) { + + p = readline; + + rule->preg = apr_palloc(pool, sizeof(qs_regex_t)); + if(qs_regcomp(rule->preg, p, PCRE2_DOTALL|PCRE2_CASELESS) != 0) { + printf("failed to compile pattern [%s]\n", p); + exit(1); + } + apr_pool_pre_cleanup_register(pool, rule->preg, qs_pregfree); + apr_table_addn(rules, apr_pstrdup(pool, p), (char *)rule); + } + } + + + { // per rule + int k; + apr_table_entry_t *entry = (apr_table_entry_t *)apr_table_elts(rules)->elts; + for(k = 0; k < apr_table_elts(rules)->nelts; k++) { + rule_t* rule = (rule_t *)entry[k].val; + gettimeofday(&tv, NULL); + start = tv.tv_sec * 1000000 + tv.tv_usec; + for(i = 0; i < LOOPS; i++) { + qs_r_t *d = data; + while(d->string) { + qs_regexec_len(rule->preg, d->string, d->len, 0, NULL, 0); + d++; + } + } + gettimeofday(&tv, NULL); + end = tv.tv_sec * 1000000 + tv.tv_usec; + printf("%lld usec for %s\n", (end - start)/LOOPS, entry[k].key); + } + } + + // all rules + gettimeofday(&tv, NULL); + start = tv.tv_sec * 1000000 + tv.tv_usec; + for(i = 0; i < LOOPS; i++) { + const qs_r_t *d = data; + while(d->string) { + int k; + apr_table_entry_t *entry = (apr_table_entry_t *)apr_table_elts(rules)->elts; + for(k = 0; k < apr_table_elts(rules)->nelts; k++) { + rule_t* rule = (rule_t *)entry[k].val; + qs_regexec_len(rule->preg, d->string, d->len, 0, NULL, 0); + } + d++; + } + } + gettimeofday(&tv, NULL); + end = tv.tv_sec * 1000000 + tv.tv_usec; + pcre2_config(PCRE2_CONFIG_VERSION, ver); + printf("match all rules (%d) against the test variables (%lu strings, %d characters) took: %lld usec (%s/PCRE %s)\n", + apr_table_elts(rules)->nelts, + sizeof(data)/sizeof(qs_r_t)-1, + datalen, + (end - start) / LOOPS, + revision, ver); + return 0; + +} diff --git a/tools/src/qsrotate.c b/tools/src/qsrotate.c new file mode 100644 index 0000000..213a2e4 --- /dev/null +++ b/tools/src/qsrotate.c @@ -0,0 +1,522 @@ +/** + * Utilities for the quality of service module mod_qos. + * + * qsrotate.c: Log rotation tool. + * + * See http://mod-qos.sourceforge.net/ for further + * details. + * + * Copyright (C) 2023 Pascal Buchbinder + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +static const char revision[] = "$Id: qsrotate.c 2654 2022-05-13 09:12:42Z pbuchbinder $"; + +#include <stdio.h> +#include <string.h> + +#include <errno.h> +#include <fcntl.h> +#include <dirent.h> + +#include <stdlib.h> +#include <unistd.h> + +#include <pthread.h> + +#include <time.h> +#include <zlib.h> + +#include <signal.h> +#include <sys/types.h> +#include <sys/wait.h> +#include <sys/stat.h> + +#include "qs_util.h" + +#define HUGE_STR 1024 + +//yyyy-mm-dd<sp>hh-mm-ss<sp> +#define TME_STR_LEN 20 + +/* global variables used by main and support thread */ +static int m_force_rotation = 0; +static time_t m_tLogEnd = 0; +static time_t m_tRotation = 86400; /* default are 24h */ +static int m_nLogFD = -1; +static int m_generations = -1; +static mode_t m_mode = 0660; +static char *m_file_name = NULL; +static long m_messages = 0; +static char *m_cmd = NULL; +static int m_compress = 0; +static int m_stdout = 0; +static int m_timestamp = 0; +static char time_string[TME_STR_LEN]; +static long m_counter = 0; +static long m_limit = 2147483648 - (128 * 1024); +static int m_offset = 0; +static int m_offset_enabled = 0; + +static void usage(char *cmd, int man) { + if(man) { + //.TH [name of program] [section number] [center footer] [left footer] [center header] + printf(".TH %s 1 \"%s\" \"mod_qos utilities %s\" \"%s man page\"\n", qs_CMD(cmd), man_date, + man_version, cmd); + } + printf("\n"); + if(man) { + printf(".SH NAME\n"); + } + qs_man_print(man, "%s - a log rotation tool (similar to Apache's rotatelogs).\n", cmd); + printf("\n"); + if(man) { + printf(".SH SYNOPSIS\n"); + } + qs_man_print(man, "%s%s -o <file> [-s <sec> [-t <hours>]] [-b <bytes>] [-f] [-z] [-g <num>] [-u <name>] [-m <mask>] [-p] [-d]\n", man ? "" : "Usage: ", cmd); + printf("\n"); + if(man) { + printf(".SH DESCRIPTION\n"); + } else { + printf("Summary\n"); + } + qs_man_print(man, "%s reads from stdin (piped log) and writes the data to the provided\n", cmd); + qs_man_print(man, "file rotating the file after the specified time.\n"); + printf("\n"); + if(man) { + printf(".SH OPTIONS\n"); + } else { + printf("Options\n"); + } + if(man) printf(".TP\n"); + qs_man_print(man, " -o <file>\n"); + if(man) printf("\n"); + qs_man_print(man, " Output log file to write the data to (use an absolute path).\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -s <sec>\n"); + if(man) printf("\n"); + qs_man_print(man, " Rotation interval in seconds, default are 86400 seconds.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -t <hours>\n"); + if(man) printf("\n"); + qs_man_print(man, " Offset to UTC (enables also DST support), default is 0.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -b <bytes>\n"); + if(man) printf("\n"); + qs_man_print(man, " File size limitation (default/max. are %ld bytes, min. are 1048576 bytes).\n", m_limit); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -f\n"); + if(man) printf("\n"); + qs_man_print(man, " Forced log rotation at the specified interval even no data is written.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -z\n"); + if(man) printf("\n"); + qs_man_print(man, " Compress (gzip) the rotated file.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -g <num>\n"); + if(man) printf("\n"); + qs_man_print(man, " Generations (number of files to keep).\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -u <name>\n"); + if(man) printf("\n"); + qs_man_print(man, " Become another user, e.g. www-data.\n"); + qs_man_print(man, " -m <mask>\n"); + if(man) printf("\n"); + qs_man_print(man, " File permission which is either 600, 640, 660 (default) or 664.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -p\n"); + if(man) printf("\n"); + qs_man_print(man, " Writes data also to stdout (for piped logging).\n"); + qs_man_print(man, " -d\n"); + if(man) printf("\n"); + qs_man_print(man, " Line-by-line data reading prefixing every line with a timestamp.\n"); + printf("\n"); + if(man) { + printf(".SH EXAMPLE\n"); + } else { + printf("Example:\n"); + } + qs_man_println(man, " TransferLog \"|/usr/bin/%s -f -z -g 3 -o /var/log/apache/access.log -s 86400\"\n", cmd); + printf("\n"); + qs_man_print(man, "The name of the rotated file will be /dest/filee.YYYYmmddHHMMSS\n"); + qs_man_print(man, "where YYYYmmddHHMMSS is the system time at which the data has been\n"); + qs_man_print(man, "rotated.\n"); + printf("\n"); + if(man) { + printf(".SH NOTE\n"); + } else { + printf("Notes:\n"); + } + qs_man_println(man, " - Each %s instance must use an individual file.\n", cmd); + qs_man_println(man, " - You may trigger a file rotation manually by sending the signal USR1\n"); + qs_man_print(man, " to the process.\n"); + printf("\n"); + if(man) { + printf(".SH SEE ALSO\n"); + printf("qsdt(1), qsexec(1), qsfilter2(1), qsgeo(1), qsgrep(1), qshead(1), qslog(1), qslogger(1), qsre(1), qsrespeed(1), qspng(1), qssign(1), qstail(1)\n"); + printf(".SH AUTHOR\n"); + printf("Pascal Buchbinder, http://mod-qos.sourceforge.net/\n"); + } else { + printf("See http://mod-qos.sourceforge.net/ for further details.\n"); + } + if(man) { + exit(0); + } else { + exit(1); + } +} + +static time_t get_now() { + time_t now = time(NULL); + if(m_offset_enabled) { + struct tm lcl = *localtime(&now); + if(lcl.tm_isdst) { + now += 3600; + } + now += m_offset; + } + return now; +} + +static int openFile(const char *cmd, const char *file_name) { + int m_nLogFD = open(file_name, O_WRONLY | O_CREAT | O_APPEND, m_mode); + /* error while opening log file */ + if(m_nLogFD < 0) { + fprintf(stderr,"[%s]: ERROR, failed to open file <%s>\n", cmd, file_name); + } + return m_nLogFD; +} + +/** + * Compress method called by a child process (forked) + * used to compress the rotated file. + * + * @param cmd Command name (used when logging errors) + * @param arch Path to the file to compress. File gets renamed to <arch>.gz + */ +static void compressThread(const char *cmd, const char *arch) { + gzFile *outfp; + int infp; + char dest[HUGE_STR+20]; + char buf[HUGE_STR]; + int len; + snprintf(dest, sizeof(dest), "%s.gz", arch); + /* low prio */ + if(nice(10) == -1) { + fprintf(stderr, "[%s]: WARNING, failed to change nice value: %s\n", cmd, strerror(errno)); + } + if((infp = open(arch, O_RDONLY)) == -1) { + /* failed to open file, can't compress it */ + fprintf(stderr,"[%s]: ERROR, could not open file for compression <%s>\n", cmd, arch); + return; + } + if((outfp = gzopen(dest,"wb")) == NULL) { + fprintf(stderr,"[%s]: ERROR, could not open file for compression <%s>\n", cmd, dest); + close(infp); + return; + } + chmod(dest, m_mode); + while((len = read(infp, buf, sizeof(buf))) > 0) { + gzwrite(outfp, buf, len); + } + gzclose(outfp); + close(infp); + /* done, delete the old file */ + unlink(arch); +} + +void sigchild(int signo) { + pid_t pid; + int stat; + while((pid=waitpid(-1,&stat,WNOHANG)) > 0) { + } +} + +void writeTimestamp() { + time_t tm = time(NULL); + struct tm *ptr = localtime(&tm); + strftime(time_string, TME_STR_LEN, "%Y-%m-%d %H:%M:%S ", ptr); + write(m_nLogFD, time_string, TME_STR_LEN); +} + +/** + * Rotates a file + * + * @param cmd Command name to be used in log messages + * @param now + * @param file_name Name of the file to rotate (rename) + * @param messages Number of lines/buffers which had been read + */ +static void rotate(const char *cmd, time_t now, + const char *file_name, long *messages) { + int rc; + char arch[HUGE_STR+20]; + char tmb[20]; + struct tm *ptr = localtime(&now); + strftime(tmb, sizeof(tmb), "%Y%m%d%H%M%S", ptr); + snprintf(arch, sizeof(arch), "%s.%s", file_name, tmb); + + /* set next rotation time */ + m_tLogEnd = ((now / m_tRotation) * m_tRotation) + m_tRotation; + // reset byte counter + m_counter = 0; + + /* rename current file */ + if(m_nLogFD >= 0) { + close(m_nLogFD); + rename(file_name, arch); + } + + /* open new file */ + m_nLogFD = openFile(cmd, file_name); + if(m_nLogFD < 0) { + /* opening a new file has failed! + try to reopen and clear the last file */ + char msg[HUGE_STR]; + snprintf(msg, sizeof(msg), "ERROR while writing to file, %ld messages lost\n", *messages); + fprintf(stderr,"[%s]: ERROR, while writing to file <%s>\n", cmd, file_name); + rename(arch, file_name); + m_nLogFD = openFile(cmd, file_name); + if(m_nLogFD > 0) { + rc = ftruncate(m_nLogFD, 0); + rc = write(m_nLogFD, msg, strlen(msg)); + } + } else { + *messages = 0; + if(m_compress || (m_generations != -1)) { + signal(SIGCHLD,sigchild); + if(fork() == 0) { + if(m_compress) { + compressThread(cmd, arch); + } + if(m_generations != -1) { + qs_deleteOldFiles(file_name, m_generations); + } + exit(0); + } + } + } +} + +/** + * Separate thread which initiates file rotation even no + * log data is written. + * + * @param argv (not used) + */ +static void *forcedRotationThread(void *argv) { + time_t now; + time_t n; + while(1) { + qs_csLock(); + now = get_now(); + if(now > m_tLogEnd) { + rotate(m_cmd, now, m_file_name, &m_messages); + } + qs_csUnLock(); + now = get_now(); + n = 1 + m_tLogEnd - now; + sleep(n); + } + return NULL; +} + +void handle_signal1(int signal) { + rotate(m_cmd, get_now(), m_file_name, &m_messages); + return; +} + +int main(int argc, char **argv) { + char *username = NULL; + int rc; + char *buf; + int nRead, nWrite; + time_t now; + struct stat st; + long sizeLimit = 0; + + pthread_attr_t *tha = NULL; + pthread_t tid; + struct sigaction sa; + + char *cmd = strrchr(argv[0], '/'); + + sa.sa_handler = &handle_signal1; + sa.sa_flags = SA_RESTART; + + if(cmd == NULL) { + cmd = argv[0]; + } else { + cmd++; + } + m_cmd = calloc(1, strlen(cmd)+1); + strcpy(m_cmd, cmd); // copy as we can't pass it when forking + + while(argc >= 1) { + if(strcmp(*argv,"-o") == 0) { + if (--argc >= 1) { + m_file_name = *(++argv); + } + } else if(strcmp(*argv,"-u") == 0) { + if (--argc >= 1) { + username = *(++argv); + } + } else if(strcmp(*argv,"-s") == 0) { + if (--argc >= 1) { + m_tRotation = atoi(*(++argv)); + } + } else if(strcmp(*argv,"-t") == 0) { + if (--argc >= 1) { + m_offset = atoi(*(++argv)); + m_offset = m_offset * 3600; + m_offset_enabled = 1; + } + } else if(strcmp(*argv,"-g") == 0) { + if (--argc >= 1) { + m_generations = atoi(*(++argv)); + } + } else if(strcmp(*argv,"-b") == 0) { + if (--argc >= 1) { + sizeLimit = atol(*(++argv)); + } + } else if(strcmp(*argv,"-m") == 0) { + if (--argc >= 1) { + int mode = atoi(*(++argv)); + if(mode == 600) { + m_mode = 0600; + } else if(mode == 640) { + m_mode = 0640; + } else if(mode == 660) { + m_mode = 0660; + } else if(mode == 664) { + m_mode = 0664; + } + } + } else if(strcmp(*argv,"-z") == 0) { + m_compress = 1; + } else if(strcmp(*argv,"-p") == 0) { + m_stdout = 1; + } else if(strcmp(*argv,"-d") == 0) { + m_timestamp = 1; + memset(time_string, 32, TME_STR_LEN); + } else if(strcmp(*argv,"-f") == 0) { + m_force_rotation = 1; + } else if(strcmp(*argv,"-h") == 0) { + usage(m_cmd, 0); + } else if(strcmp(*argv,"--help") == 0) { + usage(m_cmd, 0); + } else if(strcmp(*argv,"-?") == 0) { + usage(m_cmd, 0); + } else if(strcmp(*argv,"--man") == 0) { + usage(m_cmd, 1); + } + + argc--; + argv++; + } + + if(m_file_name == NULL) usage(m_cmd, 0); + if(sizeLimit > 0 && sizeLimit < m_limit && sizeLimit >= (1024 * 1024)) { + m_limit = sizeLimit; + } else if(sizeLimit > 0 && sizeLimit < (1024 * 1024)) { + m_limit = 1024 * 1024; + } + + if(stat(m_file_name, &st) == 0) { + m_counter = st.st_size; + } + + sigaction(SIGUSR1, &sa, NULL); + qs_setuid(username, m_cmd); + + /* set next rotation time */ + now = get_now(); + m_tLogEnd = ((now / m_tRotation) * m_tRotation) + m_tRotation; + /* open file */ + m_nLogFD = openFile(m_cmd, m_file_name); + if(m_nLogFD < 0) { + /* startup did not success */ + exit(2); + } + + if(m_force_rotation) { + qs_csInitLock(); + pthread_create(&tid, tha, forcedRotationThread, NULL); + } + + buf = calloc(1, MAX_LINE_BUFFER+1); + for(;;) { + if(m_timestamp) { + // low perf line-by-line read + if(fgets(buf, MAX_LINE_BUFFER, stdin) == NULL) { + exit(3); + } else { + nRead = strlen(buf); + if(m_force_rotation) { + qs_csLock(); // >@CTR1 + } + m_counter += (nRead + TME_STR_LEN); + now = get_now(); + writeTimestamp(); + nWrite = write(m_nLogFD, buf, nRead); + } + } else { + // normal/fast buffer read/process + nRead = read(0, buf, MAX_LINE_BUFFER); + if(nRead == 0) exit(3); + if(nRead < 0) if(errno != EINTR) exit(4); + if(m_force_rotation) { + qs_csLock(); // >@CTR1 + } + m_counter += nRead; + now = get_now(); + /* write data if we have a file handle (else continue but drop log data, + re-try to open the file at next rotation time) */ + if(m_nLogFD >= 0) { + do { + nWrite = write(m_nLogFD, buf, nRead); + if(m_stdout) { + printf("%.*s", nRead, buf); + } + } while (nWrite < 0 && errno == EINTR); + } + m_messages++; + if(nWrite != nRead) { + if(m_nLogFD >= 0) { + char msg[HUGE_STR]; + snprintf(msg, sizeof(msg), "ERROR while writing to file, %ld messages lost\n", m_messages); + /* error while writing data, try to delete the old file and continue ... */ + rc = ftruncate(m_nLogFD, 0); + rc = write(m_nLogFD, msg, strlen(msg)); + m_messages = 0; + } + } + } + // end buffer or line read + if((now > m_tLogEnd) || (m_counter > m_limit)) { + /* rotate! */ + rotate(m_cmd, now, m_file_name, &m_messages); + } + if(m_force_rotation) { + qs_csUnLock(); // <@CTR1 + } + } + memset(buf, 0, MAX_LINE_BUFFER); + free(buf); + return 0; +} diff --git a/tools/src/qssign.c b/tools/src/qssign.c new file mode 100644 index 0000000..6ea7021 --- /dev/null +++ b/tools/src/qssign.c @@ -0,0 +1,799 @@ +/** + * Utilities for the quality of service module mod_qos. + * + * qssign.c: Log data signing tool to ensure data integrity. + * + * See http://mod-qos.sourceforge.net/ for further + * details. + * + * Copyright (C) 2023 Pascal Buchbinder + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +static const char revision[] = "$Id: qssign.c 2654 2022-05-13 09:12:42Z pbuchbinder $"; + +#include <stdio.h> +#include <unistd.h> +#include <string.h> +#include <stdlib.h> +#include <regex.h> +#include <signal.h> + +/* openssl */ +#include <openssl/evp.h> +#include <openssl/hmac.h> + +/* apr/apr-util */ +#define QS_USEAPR 1 +#include <apr.h> +#include <apr_base64.h> +#include <apr_pools.h> +#include <apr_strings.h> +#include <apr_thread_proc.h> +#include <apr_file_io.h> +#include <apr_time.h> + +#define PCRE2_CODE_UNIT_WIDTH 8 +#include <pcre2.h> + +#include "qs_util.h" +#include "qs_apo.h" + +#define SEQDIG "12" +#define QS_END "qssign---end-of-data" +#define QS_START "qssign---------start" + +static const char *m_start_fmt = ""; +static const char *m_end_fmt = ""; +static long m_nr = 1; +static int m_logend = 0; +static void (*m_end)(const char *, int) = NULL; +static int m_end_pos = 0; +static const char *m_sec = NULL; +static const EVP_MD *m_evp; +static qs_regex_t *m_filter = NULL; + +typedef struct { + const char* start_fmt; + const char* end_fmt; + const char* pattern; + const char* test; +} qos_p_t; + +#define severity "[A-Z]+" + +static const qos_p_t pattern[] = { + { + "%s | INFO | "QS_START, + "%s | INFO | "QS_END, + "^[0-9]{4}[-][0-9]{2}[-][0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2},[0-9]{3}[ ]+[|][ ]+"severity"[ ]+[|][ ]+[a-zA-Z0-9]+", + "2010-04-14 20:18:37,464 | INFO | org.hibernate.cfg.Configuration" + }, + { + "%s INFO "QS_START, + "%s INFO "QS_END, + "^[0-9]{4}[-][0-9]{2}[-][0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2},[0-9]{3}[ ]+"severity"[ ]+", + "2011-08-30 07:27:22,738 INFO loginId='test'" + }, + { + "%s qssign start INFO "QS_START, + "%s qssign end INFO "QS_END, + "^[0-9]{4}[-][0-9]{2}[-][0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2},[0-9]{3}[ ]+[a-zA-Z0-9\\.-]+[ ]+[a-zA-Z0-9\\.-]+[ ]+"severity"[ ]+", + "2011-09-01 07:37:17,275 main org.apache.catalina.startup.Catalina INFO Server" + }, + { + "%s INFO "QS_START, + "%s INFO "QS_END, + "^[0-9]{4}[-][0-9]{2}[-][0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2},[0-9]{3}[ ]+", + "2011-08-30 07:27:22,738 " + }, + { NULL, NULL, NULL } +}; + +/** + * Writes the signed log line to stdout. + * + * @param line Data to sign + * @param line_size Length of the data + * @param sec Secret + * @param sec_len Length of the secret + */ +static void qs_write(char *line, int line_size, const char *sec, int sec_len) { +#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_CTX hmac; + HMAC_CTX *hmac_p = &hmac; +#else + HMAC_CTX *hmac_p; +#endif + unsigned char data[HMAC_MAX_MD_CBLOCK]; + unsigned int len; + char *m; + int data_len; + sprintf(&line[strlen(line)], " %."SEQDIG"ld", m_nr); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_CTX_init(hmac_p); +#else + hmac_p = HMAC_CTX_new(); +#endif + HMAC_Init_ex(hmac_p, sec, sec_len, m_evp, NULL); + HMAC_Update(hmac_p, (const unsigned char *)line, strlen(line)); + HMAC_Final(hmac_p, data, &len); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_CTX_cleanup(hmac_p); +#else + HMAC_CTX_free(hmac_p); +#endif + m = calloc(1, apr_base64_encode_len(len) + 1); + data_len = apr_base64_encode(m, (char *)data, len); + m[data_len] = '\0'; + printf("%s#%s\n", line, m); + fflush(stdout); + free(m); + m_nr++; + return; +} + +/* + * [Fri Dec 03 07:37:40 2010] [notice] ......... + */ +static void qs_end_apache_err(const char *sec, int start) { + int sec_len = strlen(sec); + char line[MAX_LINE]; + int dig = atoi(SEQDIG); + /* <data> ' ' <sequence number> '#' <hmac>*/ + int line_size = sizeof(line) - 1 - dig - 1 - (2*HMAC_MAX_MD_CBLOCK) - 1; + char time_string[1024]; + time_t tm = time(NULL); + struct tm *ptr = localtime(&tm); + strftime(time_string, sizeof(time_string), "%a %b %d %H:%M:%S %Y", ptr); + if(start) { + sprintf(line, "[%s] [notice] "QS_START, time_string); + } else { + sprintf(line, "[%s] [notice] "QS_END, time_string); + } + qs_write(line, line_size, sec, sec_len); + return; +} + +/* + * 12.12.12.12 - - [03/Dec/2010:07:36:51 +0100] ............... + */ +static void qs_end_apache_acc(const char *sec, int start) { + int sec_len = strlen(sec); + char line[MAX_LINE]; + int dig = atoi(SEQDIG); + /* <data> ' ' <sequence number> '#' <hmac>*/ + int line_size = sizeof(line) - 1 - dig - 1 - (2*HMAC_MAX_MD_CBLOCK) - 1; + char time_string[1024]; + time_t tm = time(NULL); + struct tm *ptr = localtime(&tm); + char sign; + int timz; + apr_time_exp_t xt; + apr_time_exp_lt(&xt, apr_time_now()); + timz = xt.tm_gmtoff; + if(timz < 0) { + timz = -timz; + sign = '-'; + } else { + sign = '+'; + } + strftime(time_string, sizeof(time_string), "%d/%b/%Y:%H:%M:%S", ptr); + if(start) { + sprintf(line, "0.0.0.0 - - [%s %c%.2d%.2d] "QS_START, time_string, sign, timz / (60*60), (timz % (60*60)) / 60); + } else { + sprintf(line, "0.0.0.0 - - [%s %c%.2d%.2d] "QS_END, time_string, sign, timz / (60*60), (timz % (60*60)) / 60); + } + qs_write(line, line_size, sec, sec_len); + return; +} + +/* + * 2010 12 03 17:00:30.425 qssign end 0.0 5-NOTICE: .............. + */ +static void qs_end_nj(const char *sec, int start) { + int sec_len = strlen(sec); + char line[MAX_LINE]; + int dig = atoi(SEQDIG); + /* <data> ' ' <sequence number> '#' <hmac>*/ + int line_size = sizeof(line) - 1 - dig - 1 - (2*HMAC_MAX_MD_CBLOCK) - 1; + char time_string[1024]; + time_t tm = time(NULL); + struct tm *ptr = localtime(&tm); + char buf[1024]; + int i; + for(i = 0; i < m_end_pos; i++) { + buf[i] = ' '; + } + buf[i] = '\0'; + strftime(time_string, sizeof(time_string), "%Y %m %d %H:%M:%S.000", ptr); + if(start) { + sprintf(line, "%s qssign start 0.0%s 5-NOTICE: "QS_START, time_string, buf); + } else { + sprintf(line, "%s qssign end 0.0%s 5-NOTICE: "QS_END, time_string, buf); + } + qs_write(line, line_size, sec, sec_len); + return; +} + +/* + * 2010-04-14 20:18:37,464 ... (using m_fmt) + */ +static void qs_end_lj(const char *sec, int start) { + int sec_len = strlen(sec); + char line[MAX_LINE]; + int dig = atoi(SEQDIG); + /* <data> ' ' <sequence number> '#' <hmac>*/ + int line_size = sizeof(line) - 1 - dig - 1 - (2*HMAC_MAX_MD_CBLOCK) - 1; + char time_string[1024]; + time_t tm = time(NULL); + struct tm *ptr = localtime(&tm); + strftime(time_string, sizeof(time_string), "%Y-%m-%d %H:%M:%S,000", ptr); + if(start) { + sprintf(line, m_start_fmt, time_string); + } else { + sprintf(line, m_end_fmt, time_string); + } + qs_write(line, line_size, sec, sec_len); + return; +} + +/* + * Dec 6 04:00:06 localhost kernel: + */ +static void qs_end_lx(const char *sec, int start) { + char hostname[1024]; + int len = sizeof(hostname); + int sec_len = strlen(sec); + char line[MAX_LINE]; + int dig = atoi(SEQDIG); + /* <data> ' ' <sequence number> '#' <hmac>*/ + int line_size = sizeof(line) - 1 - dig - 1 - (2*HMAC_MAX_MD_CBLOCK) - 1; + char time_string[1024]; + time_t tm = time(NULL); + struct tm *ptr = localtime(&tm); + strftime(time_string, sizeof(time_string), "%b %e %H:%M:%S", ptr); + if(gethostname(hostname, len) != 0) { + hostname[0] = '-'; + hostname[1] = '\0'; + } + if(start) { + sprintf(line, "%s %s qssign: "QS_START, time_string, hostname); + } else { + sprintf(line, "%s %s qssign: "QS_END, time_string, hostname); + } + qs_write(line, line_size, sec, sec_len); + return; +} + +/* + * 2013/11/13 17:38:41 [error] 6577#0: *1 open() + */ +static void qs_end_ngx(const char *sec, int start) { + int sec_len = strlen(sec); + char line[MAX_LINE]; + int dig = atoi(SEQDIG); + /* <data> ' ' <sequence number> '#' <hmac>*/ + int line_size = sizeof(line) - 1 - dig - 1 - (2*HMAC_MAX_MD_CBLOCK) - 1; + char time_string[1024]; + time_t tm = time(NULL); + struct tm *ptr = localtime(&tm); + strftime(time_string, sizeof(time_string), "%Y/%m/%d %H:%M:%S", ptr); + if(start) { + sprintf(line, "%s [notice] 0#0: "QS_END, time_string); + } else { + sprintf(line, "%s [notice] 0#0: "QS_END, time_string); + } + qs_write(line, line_size, sec, sec_len); + return; +} + +void qs_signal_exit(int e) { + if(m_logend && (m_end != NULL)) { + m_end(m_sec, 0); + } + exit(0); +} + +/** + * Tries to find out a suitable log line format which is used + * to log sign end messages (so let the verifier known, that the + * data ends nothing has been cut off). + * + * Sets the format to global variables. + * + * known pattern + * - [Fri Dec 03 07:37:40 2010] [notice] ......... + * - 12.12.12.12 - - [03/Dec/2010:07:36:51 +0100] ............... + * - 2010 12 03 17:00:30.425 qssign end 0.0 5-NOTICE: .............. + * 46 <- var -> 63 71 + * - Dec 6 04:00:06 localhost kernel: + * - some 2010-12-03 17:00:30,425 ... + * + * @param s + */ +static void qs_set_format(char *s) { + regex_t r_apache_err; + regex_t r_apache_acc; + regex_t r_nj; + regex_t r_lx; + regex_t r_ngx; + if(regcomp(&r_apache_err, + "^\\[[a-zA-Z]{3} [a-zA-Z]{3} [0-9]+ [0-9]+:[0-9]+:[0-9]+ [0-9]+\\] \\[[a-zA-Z]+\\] ", + REG_EXTENDED) != 0) { + fprintf(stderr, "failed to compile regex (err)\n"); + exit(1); + } + if(regcomp(&r_apache_acc, + "^[0-9.]+ [a-zA-Z0-9\\@_\\.\\-]+ [a-zA-Z0-9\\@_\\.\\-]+ \\[[0-9]+/[a-zA-Z]{3}/[0-9:]+[0-9\\+ ]+\\] ", + REG_EXTENDED) != 0) { + fprintf(stderr, "failed to compile regex (acc)\n"); + exit(1); + } + if(regcomp(&r_nj, + "^[0-9]{4} [0-9]{2} [0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}\\.[0-9]{3} [a-zA-Z0-9]+[ ]+.*[A-Z]+[ ]*:", + REG_EXTENDED) != 0) { + fprintf(stderr, "failed to compile regex (nj)\n"); + exit(1); + } + if(regcomp(&r_lx, + "^[a-zA-Z]{3}[ ]+[0-9]+[ ]+[0-9]{2}:[0-9]{2}:[0-9]{2}[ ]+[a-zA-Z0-9_\\.\\-]+[ ]+[a-zA-Z0-9_\\.\\-]+:", + REG_EXTENDED) != 0) { + fprintf(stderr, "failed to compile regex (lx)\n"); + exit(1); + } + if(regcomp(&r_ngx, + "^[0-9]{4}/[0-9]{2}/[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2} \\[[a-z]+\\] [0-9]+#[0-9]+: ", + REG_EXTENDED) != 0) { + fprintf(stderr, "failed to compile regex (ngx)\n"); + exit(1); + } + + + if(regexec(&r_apache_err, s, 0, NULL, 0) == 0) { + m_end = &qs_end_apache_err; + } else if(regexec(&r_apache_acc, s, 0, NULL, 0) == 0) { + m_end = &qs_end_apache_acc; + } else if(regexec(&r_nj, s, 0, NULL, 0) == 0) { + char *dp = strstr(s, ": "); + if(dp) { + /* calculate the "var" size, see comment above */ + m_end_pos = dp - s - 47 - 8 - 3; + if((m_end_pos < 0) || (m_end_pos > 1000)) { + m_end_pos = 0; + } + } + m_end = &qs_end_nj; + } else if(regexec(&r_lx, s, 0, NULL, 0) == 0) { + m_end = &qs_end_lx; + } else if(regexec(&r_ngx, s, 0, NULL, 0) == 0) { + m_end = &qs_end_ngx; + } + // search within the generic yyyy-mm-dd hh-mm-ss,mmm patterns + if(!m_end) { + const qos_p_t *p = pattern; + while(p->end_fmt) { + regex_t r_j; + if(regcomp(&r_j, p->pattern, REG_EXTENDED) != 0) { + fprintf(stderr, "failed to compile regex (%s)\n", p->pattern); + exit(1); + } + if(regexec(&r_j, s, 0, NULL, 0) == 0) { + m_start_fmt = p->start_fmt; + m_end_fmt = p->end_fmt; + m_end = &qs_end_lj; + break; + } + p++; + } + } + /* default (apache error log format) */ + if(m_end == NULL) { + m_end = &qs_end_apache_err; + } + return; +} + +/** + * Process the data from stdin. + * + * @param sec Passphrase + */ +static void qs_sign(const char *sec) { + int sec_len = strlen(sec); + char *line = calloc(1, MAX_LINE_BUFFER+1); + int dig = atoi(SEQDIG); + /* <data> ' ' <sequence number> '#' <hmac>*/ + int line_size = MAX_LINE_BUFFER - 1 - dig - 1 - (2*HMAC_MAX_MD_CBLOCK) - 1; + int line_len; + while(fgets(line, MAX_LINE_BUFFER, stdin) != NULL) { + line_len = strlen(line) - 1; + while(line_len > 0) { // cut tailing CR/LF + if(line[line_len] >= ' ') { + break; + } + line[line_len] = '\0'; + line_len--; + } + if(m_logend && (m_end == NULL)) { + qs_set_format(line); + m_end(m_sec, 1); + } + if(m_filter != NULL && qs_regexec_len(m_filter, line, line_len, 0, NULL, 0) >= 0) { + printf("%s\n", line); + fflush(stdout); + } else { + qs_write(line, line_size, sec, sec_len); + } + } + return; +} + +static int isSpecialLine(const char *line, const char *marker) { + char *se_marker = strstr(line, marker); + if(se_marker != NULL) { + /* QS_END/START + " " + SEQDIG */ + int sz = strlen(marker) + 1 + atoi(SEQDIG); + if(sz == (strlen(line) - (se_marker - line))) { + return 1; + } + } + return 0; +} + +static long qs_verify(const char *sec) { + int end_seen = 0; + int sec_len = strlen(sec); + long err = 0; // errors + long lineNumber = 0; // line number of the file / input data + char *line = calloc(1, MAX_LINE_BUFFER+1); + int line_size = MAX_LINE_BUFFER; + int line_len; + m_nr = -1; // expected sequence number (start with any) + long nr_alt = -1; // alternatively expected sequence number (if a line was injected) + long nr_alt_lineNumber = -1; + long nr_usr1_lineNumber = -1; // we may have lines written by a prev. qssign binary (while graceful restart) + while(fgets(line, line_size, stdin) != NULL) { + int valid = 0; + long msgSeqNr = 0; + int isOldProcess = 0; +#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_CTX hmac; + HMAC_CTX *hmac_p = &hmac; +#else + HMAC_CTX *hmac_p; +#endif + unsigned char data[HMAC_MAX_MD_CBLOCK]; + unsigned int len; + char *m; + int data_len; + char *sig; + char *seq; + line_len = strlen(line) - 1; + while(line_len > 0) { // cut tailing CR/LF + if(line[line_len] >= ' ') { + break; + } + line[line_len] = '\0'; + line_len--; + } + sig = strrchr(line, '#'); + seq = strrchr(line, ' '); + lineNumber++; + if(seq && sig) { + sig[0] = '\0'; + sig++; + /* verify hmac */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_CTX_init(hmac_p); +#else + hmac_p = HMAC_CTX_new(); +#endif + HMAC_Init_ex(hmac_p, sec, sec_len, m_evp, NULL); + HMAC_Update(hmac_p, (const unsigned char *)line, strlen(line)); + HMAC_Final(hmac_p, data, &len); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_CTX_cleanup(hmac_p); +#else + HMAC_CTX_free(hmac_p); +#endif + m = calloc(1, apr_base64_encode_len(len) + 1); + data_len = apr_base64_encode(m, (char *)data, len); + m[data_len] = '\0'; + if(strcmp(m, sig) != 0) { + err++; + fprintf(stderr, "ERROR on line %ld: invalid signature\n", lineNumber); + /* message may be modified/corrupt or inserted: next line may have + the next sequence number (modified) or the same (inserted) */ + nr_alt = m_nr + 1; + nr_alt_lineNumber = lineNumber + 1; + } else { + valid = 1; + } + free(m); + /* verify sequence */ + seq++; + msgSeqNr = atol(seq); + if(msgSeqNr == 0) { + err++; + fprintf(stderr, "ERROR on line %ld: invalid sequence\n", lineNumber); + } else { + if(m_nr != -1) { + if(lineNumber == nr_alt_lineNumber) { + // last line was modified + if(m_nr != msgSeqNr) { + // and therefore, we also accept the next sequence number + m_nr = nr_alt; + } + nr_alt = -1; + nr_alt_lineNumber = -1; + } + if(valid && isSpecialLine(line, QS_START)) { + // new start line (graceful restart) + // we expect now msg number 1 + // but still acept the old until we get the end marker + nr_usr1_lineNumber = m_nr; + m_nr = 1; + } + if(valid && nr_usr1_lineNumber == msgSeqNr) { + // msg from old process is okay... + nr_usr1_lineNumber++; + isOldProcess = 1; + } else { + if(m_nr != msgSeqNr) { + if(msgSeqNr == 1) { + if(!end_seen) { + err++; + fprintf(stderr, "ERROR on line %ld: wrong sequence, server restart? (expect %."SEQDIG"ld)\n", + lineNumber, m_nr); + } + } else { + err++; + fprintf(stderr, "ERROR on line %ld: wrong sequence (expect %."SEQDIG"ld)\n", lineNumber, m_nr); + } + } else { + // well done - this is the sequence number we expect + } + } + } else if(m_logend) { + // log should (if not rotated) start with message 1 + if(msgSeqNr != 1) { + fprintf(stderr, "NOTICE: log starts with sequence %."SEQDIG"ld, log rotation?" + " (expect %."SEQDIG"d)\n", msgSeqNr, 1); + } + } + if(valid && !isOldProcess) { + // adjust + m_nr = msgSeqNr; + } + } + } else { + err++; + fprintf(stderr, "ERROR on line %ld: missing signature/sequence\n", lineNumber); + } + end_seen = 0; + if(valid) { + if(!isOldProcess) { + m_nr++; + } + if(isSpecialLine(line, QS_END)) { + if(nr_usr1_lineNumber == -1) { + end_seen = 1; + } else { + nr_usr1_lineNumber = -1; // no more messages from an old process + } + } + } + } + if(m_logend && !end_seen) { + fprintf(stderr, "NOTICE: no end marker seen, log rotation? (expect %."SEQDIG"ld)\n", m_nr); + } + return err; +} + +static void usage(char *cmd, int man) { + if(man) { + //.TH [name of program] [section number] [center footer] [left footer] [center header] + printf(".TH %s 1 \"%s\" \"mod_qos utilities %s\" \"%s man page\"\n", qs_CMD(cmd), man_date, + man_version, cmd); + } + printf("\n"); + if(man) { + printf(".SH NAME\n"); + } + qs_man_print(man, "%s - an utility to sign and verify the integrity of log data.\n", cmd); + printf("\n"); + if(man) { + printf(".SH SYNOPSIS\n"); + } + qs_man_print(man, "%s%s -s|S <secret> [-e] [-v] [-u <name>] [-f <regex>] [-a 'sha1'|'sha256']\n", man ? "" : "Usage: ", cmd); + printf("\n"); + if(man) { + printf(".SH DESCRIPTION\n"); + } else { + printf("Summary\n"); + } + qs_man_print(man, "%s is a log data integrity check tool. It reads log data\n", cmd); + qs_man_print(man, "from stdin (pipe) and writes the data to stdout adding a sequence\n"); + qs_man_print(man, "number and signature to ever log line.\n"); + printf("\n"); + if(man) { + printf(".SH OPTIONS\n"); + } else { + printf("Options\n"); + } + if(man) printf(".TP\n"); + qs_man_print(man, " -s <secret>\n"); + if(man) printf("\n"); + qs_man_print(man, " Passphrase used to calculate signature.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -S <program>\n"); + if(man) printf("\n"); + qs_man_print(man, " Specifies a program which writes the passphrase to stdout.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -e\n"); + if(man) printf("\n"); + qs_man_print(man, " Writes start/end marker when starting/stopping data signing.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -v\n"); + if(man) printf("\n"); + qs_man_print(man, " Verification mode checking the integrity of signed data.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -u <name>\n"); + if(man) printf("\n"); + qs_man_print(man, " Becomes another user, e.g. www-data.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -f <regex>\n"); + if(man) printf("\n"); + qs_man_print(man, " Filter pattern (case sensitive regular expression) for messages\n"); + qs_man_print(man, " which do not need to be signed.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -a 'sha1'|'sha256'\n"); + if(man) printf("\n"); + qs_man_print(man, " Specifies the algorithm to use. Default is sha1.\n"); + printf("\n"); + if(man) { + printf(".SH EXAMPLE\n"); + printf("Sign:\n"); + printf("\n"); + } else { + printf("Example (sign):\n"); + } + qs_man_println(man, " TransferLog \"|/usr/bin/%s -s password -e |/usr/bin/qsrotate -o /var/log/apache/access.log\"\n", cmd); + printf("\n"); + if(man) { + printf("\n"); + printf("Verify:\n"); + printf("\n"); + } else { + qs_man_print(man, "Example (verify):\n"); + } + qs_man_println(man, " cat access.log | %s -s password -v\n", cmd); + printf("\n"); + if(man) { + printf(".SH SEE ALSO\n"); + printf("qsdt(1), qsexec(1), qsfilter2(1), qsgeo(1), qsgrep(1), qshead(1), qslog(1), qslogger(1), qspng(1), qsre(1), qsrespeed(1), qsrotate(1), qstail(1)\n"); + printf(".SH AUTHOR\n"); + printf("Pascal Buchbinder, http://mod-qos.sourceforge.net/\n"); + } else { + printf("See http://mod-qos.sourceforge.net/ for further details.\n"); + } + if(man) { + exit(0); + } else { + exit(1); + } +} + +int main(int argc, const char * const argv[]) { + apr_pool_t *pool; + int verify = 0; + char *cmd = strrchr(argv[0], '/'); + const char *username = NULL; + const char *filter = NULL; + if(cmd == NULL) { + cmd = (char *)argv[0]; + } else { + cmd++; + } + apr_app_initialize(&argc, &argv, NULL); + apr_pool_create(&pool, NULL); + m_evp = EVP_sha1(); + argc--; + argv++; + while(argc >= 1) { + if(strcmp(*argv,"-s") == 0) { + if (--argc >= 1) { + m_sec = *(++argv); + } + } else if(strcmp(*argv,"-S") == 0) { + if (--argc >= 1) { + m_sec = qs_readpwd(pool, *(++argv)); + } + } else if(strcmp(*argv,"-v") == 0) { + verify = 1; + } else if(strcmp(*argv,"-e") == 0) { + m_logend = 1; + } else if(strcmp(*argv,"-u") == 0) { /* switch user id */ + if (--argc >= 1) { + username = *(++argv); + } + } else if(strcmp(*argv,"-f") == 0) { /* filter */ + if (--argc >= 1) { + filter = *(++argv); + } + } else if(strcmp(*argv,"-a") == 0) { /* set alg */ + if (--argc >= 1) { + const char *alg = *(++argv); + if(strcasecmp(alg, "SHA256") == 0) { + m_evp = EVP_sha256(); + } else if(strcasecmp(alg, "SHA1") != 0) { + m_evp = NULL; + } + } else { + m_evp = NULL; + } + } else if(strcmp(*argv,"-?") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"-help") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"--help") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"--man") == 0) { + usage(cmd, 1); + } + argc--; + argv++; + } + + if(filter != NULL) { + m_filter = apr_palloc(pool, sizeof(qs_regex_t)); + if(qs_regcomp(m_filter, filter, 0) != 0) { + fprintf(stderr, "failed to compile filter pattern <%s>\n", filter); + exit(1); + } + apr_pool_pre_cleanup_register(pool, m_filter, qs_pregfree); + } + + if(m_evp == NULL) { + usage(cmd, 0); + } + + if(m_sec == NULL) { + usage(cmd, 0); + } + + qs_setuid(username, cmd); + + if(verify) { + long err = qs_verify(m_sec); + if(err != 0) { + return 1; + } + } else { + if(m_logend) { + signal(SIGTERM, qs_signal_exit); + } + qs_sign(m_sec); + if(m_logend && (m_end != NULL)) { + m_end(m_sec, 0); + } + } + + apr_pool_destroy(pool); + return 0; +} diff --git a/tools/src/qstail.c b/tools/src/qstail.c new file mode 100644 index 0000000..3d535e2 --- /dev/null +++ b/tools/src/qstail.c @@ -0,0 +1,237 @@ +/* -*-mode: c; indent-tabs-mode: nil; c-basic-offset: 2; -*- + */ +/** + * Utilities for the quality of service module mod_qos. + * + * qstail.c: Shows the end of a log file beginning at the + * provided pattern. + * + * See http://mod-qos.sourceforge.net/ for further + * details. + * + * Copyright (C) 2023 Pascal Buchbinder + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +static const char revision[] = "$Id: qstail.c 2654 2022-05-13 09:12:42Z pbuchbinder $"; + +#include <stdio.h> +#include <unistd.h> +#include <string.h> +#include <stdlib.h> +#include <signal.h> + +#include "qs_util.h" + +#define BUFFER 2048 + +static void usage(char *cmd, int man) { + if(man) { + //.TH [name of program] [section number] [center footer] [left footer] [center header] + printf(".TH %s 1 \"%s\" \"mod_qos utilities %s\" \"%s man page\"\n", qs_CMD(cmd), man_date, + man_version, cmd); + } + printf("\n"); + if(man) { + printf(".SH NAME\n"); + } + qs_man_print(man, "%s - an utility printing the end of a log file" + " starting at the specified pattern.\n", cmd); + printf("\n"); + if(man) { + printf(".SH SYNOPSIS\n"); + } + qs_man_print(man, "%s%s -i <path> -p <pattern>\n", man ? "" : "Usage: ", cmd); + printf("\n"); + if(man) { + printf(".SH DESCRIPTION\n"); + } else { + printf("Summary\n"); + } + qs_man_print(man, " %s shows the end of a log file beginning with the line containing the\n", cmd); + qs_man_print(man, " specified pattern. This may be used to show all lines which has been written\n"); + qs_man_print(man, " after a certain event (e.g., server restart) or time stamp.\n"); + printf("\n"); + if(man) { + printf(".SH OPTIONS\n"); + } else { + printf("Options\n"); + } + if(man) printf(".TP\n"); + qs_man_print(man, " -i <path>\n"); + if(man) printf("\n"); + qs_man_print(man, " Input file to read the data from.\n"); + if(man) printf("\n.TP\n"); + qs_man_print(man, " -p <pattern>\n"); + if(man) printf("\n"); + qs_man_print(man, " Search pattern (literal string).\n"); + printf("\n"); + if(man) { + printf(".SH SEE ALSO\n"); + printf("qsdt(1), qsexec(1), qsfilter2(1), qsgeo(1), qsgrep(1), qshead(1), qslog(1), qslogger(1), qspng(1), qsre(1), qsrespeed(1), qsrotate(1), qssign(1)\n"); + printf(".SH AUTHOR\n"); + printf("Pascal Buchbinder, http://mod-qos.sourceforge.net/\n"); + } else { + printf("See http://mod-qos.sourceforge.net/ for further details.\n"); + } + if(man) { + exit(0); + } else { + exit(1); + } +} + +/* search the beginning of the line starting at the provided position */ +static void qs_readline(long pos, FILE *f) { + size_t len; + long startpos = pos - BUFFER + 1; + long readlen = BUFFER; + char line[readlen + 1]; + if(startpos < 0) { + // we are at the beginning of the file + startpos = 0; + readlen = pos + 1; + } + fseek(f, startpos, SEEK_SET); + len = fread(&line, 1, readlen, f); + if(len > 0) { + char *s = &line[len-1]; + line[len] = '\0'; + while((s >= line) && (s[0] != CR) && (s[0] != LF)) { + s--; + } + if((s[0] == CR) || (s[0] == LF)) { + s++; + } + printf("%s", s); + } +} + +static int qs_tail(const char *cmd, FILE *f, const char *pattern) { + char *cont = NULL; + long search_win_len = (strlen(pattern) * 2) + 32; + char line[search_win_len + 10]; + long pos = 0; + size_t len; + char *startpattern = NULL; + fseek(f, 0L, SEEK_END); + pos = ftell(f); + while(pos > search_win_len) { + int offset = 0; + pos = pos - (search_win_len/2); + fseek(f, pos, SEEK_SET); + len = fread(&line, 1, search_win_len, f); + if(len <= 0) { + /* pattern not found / reached end */ + return 1; + } + line[len] = '\0'; + if((startpattern = strstr(line, pattern)) != NULL) { + int containsend = 0; + char *s = startpattern; + char *end; + offset = startpattern - line; + /* search the beginning of the line */ + while((s > line) && (s[0] != CR) && (s[0] != LF)) { + s--; + } + if((s[0] != CR) && (s[0] != LF)) { + // beginning of the line not in the buffer + qs_readline(pos, f); + } + s++; + end = startpattern; + /* search the end of the line */ + while((offset < search_win_len) && end[0] && end[0] != CR && end[0] != LF) { + end++; + offset++; + } + /* print the line containing the pattern */ + if((end[0] == CR) || (end[0] == LF)) { + end[0] = '\0'; + printf("%s\n", s); + containsend = 1; + } else { + printf("%s", s); + } + fseek(f, pos + offset, SEEK_SET); + if(containsend) { + // skip the line at the current position + cont = fgets(line, sizeof(line), f); + } else { + cont = line; + } + if(cont) { + while(fgets(line, sizeof(line), f) != NULL) { + printf("%s", line); + } + } + return 0; + } + } + return 1; +} + +int main(int argc, const char * const argv[]) { + FILE *f; + const char *filename = NULL; + const char *pattern = NULL; + char *cmd = strrchr(argv[0], '/'); + int status = 0; + if(cmd == NULL) { + cmd = (char *)argv[0]; + } else { + cmd++; + } + + argc--; + argv++; + while(argc >= 1) { + if(strcmp(*argv,"-i") == 0) { + if (--argc >= 1) { + filename = *(++argv); + } + } else if(strcmp(*argv,"-p") == 0) { + if (--argc >= 1) { + pattern = *(++argv); + } + } else if(strcmp(*argv,"-?") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"-help") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"--help") == 0) { + usage(cmd, 0); + } else if(strcmp(*argv,"--man") == 0) { + usage(cmd, 1); + } + argc--; + argv++; + } + + if(filename == NULL || pattern == NULL) { + usage(cmd, 0); + } + if((f = fopen(filename, "r")) == NULL) { + fprintf(stderr, "[%s]: ERROR, could not open file '%s'\n", cmd, filename); + exit(1); + } + + status = qs_tail(cmd, f, pattern); + + fclose(f); + return status; +} |