From: Ali Masarwa <amasarwa@redhat.com>
Date: Tue, 14 Jan 2025 15:42:48 +0000 (+0200)
Subject: RGW\logging: adding transport layer fields
X-Git-Tag: testing/wip-hyelloji-testing-20250127.141229~39^2
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=9b7df3a29275cb443687c6477f859b4095902321;p=ceph-ci.git

RGW\logging: adding transport layer fields

Signed-off-by: Ali Masarwa <amasarwa@redhat.com>
---

diff --git a/src/rgw/rgw_asio_frontend.cc b/src/rgw/rgw_asio_frontend.cc
index 30e1e77fd15..e4f01d816a0 100644
--- a/src/rgw/rgw_asio_frontend.cc
+++ b/src/rgw/rgw_asio_frontend.cc
@@ -323,6 +323,16 @@ void handle_connection(boost::asio::io_context& context,
                                   rgw::io::add_conlen_controlling(
                                     &real_client))));
       RGWRestfulIO client(cct, &real_client_io);
+      // getting ssl_cipher and tls_version
+      if(is_ssl) {
+        ceph_assert(typeid(Stream) == typeid(boost::asio::ssl::stream<tcp::socket&>));
+        const SSL * native_handle = reinterpret_cast<const SSL *>(stream.native_handle());
+        const auto ssl_cipher = SSL_CIPHER_get_name(SSL_get_current_cipher(native_handle));
+        const auto tls_version = SSL_get_version(native_handle);
+        auto& client_env = client.get_env();
+        client_env.set("SSL_CIPHER", ssl_cipher);
+        client_env.set("TLS_VERSION", tls_version);
+      }
       optional_yield y = null_yield;
       if (cct->_conf->rgw_beast_enable_async) {
         y = optional_yield{yield};
diff --git a/src/rgw/rgw_bucket_logging.cc b/src/rgw/rgw_bucket_logging.cc
index 50eaa5478b4..e43196f9d48 100644
--- a/src/rgw/rgw_bucket_logging.cc
+++ b/src/rgw/rgw_bucket_logging.cc
@@ -419,11 +419,11 @@ int log_record(rgw::sal::Driver* driver,
 
   switch (conf.logging_type) {
     case LoggingType::Standard:
-      record = fmt::format("{} {} [{:%d/%b/%Y:%H:%M:%S %z}] {} {} {} {} {} \"{} {}{}{} HTTP/1.1\" {} {} {} {} {} {} {} {} {} {} {} {} {} {} {} {} {}",
+      record = fmt::format("{} {} [{:%d/%b/%Y:%H:%M:%S %z}] {} {} {} {} {} \"{} {}{}{} HTTP/1.1\" {} {} {} {} {} {} {} \"{}\" {} {} {} {} {} {} {} {} {}",
         dash_if_empty(bucket_owner),
         dash_if_empty(bucket_name),
         t,
-        "-", // no requester IP
+        s->info.env->get("REMOTE_ADDR", "-"),
         dash_if_empty(user_or_account),
         dash_if_empty(s->req_id),
         op_name,
@@ -443,10 +443,10 @@ int log_record(rgw::sal::Driver* driver,
         dash_if_empty_or_null(obj, obj->get_instance()),
         s->info.x_meta_map.contains("x-amz-id-2") ? s->info.x_meta_map.at("x-amz-id-2") : "-",
         aws_version,
-        "-", // TODO: SSL cipher. e.g. "ECDHE-RSA-AES128-GCM-SHA256"
+        s->info.env->get("SSL_CIPHER", "-"),
         auth_type,
         dash_if_empty(fqdn),
-        "-", // TODO: TLS version. e.g. "TLSv1.2" or "TLSv1.3"
+        s->info.env->get("TLS_VERSION", "-"),
         "-", // no access point ARN
         (s->has_acl_header) ? "Yes" : "-");
       break;