Project

General

Profile

[Solved] Conditionals with unix domain sockets

Added by flynn 7 months ago

Hi,

if lighttpd is bound to a unix domain socket

server.bind = "/..." 

and I want use conditionals like

$HTTP["remoteip"] =~ "..." {

What can I use to match incoming connections on the unix domain socket?
The access log only logs binary (garbage) <BB><F9><82>U
(Can the log message be improved to avoid binary content?)


Replies (3)

RE: Conditionals with unix domain sockets - Added by gstrauss 7 months ago

lighttpd does not currently special-case unix domain socket paths with ctrl characters, as encoding for a path to a manually-created unix domain socket typically uses printable characters, and stringified IPv4 and IPv6 addresses are printable without encoding.

What can I use to match incoming connections on the unix domain socket?

Right now, you can use unix domain socket paths "/..." with $HTTP["remoteip"] and $SERVER["socket"], but the unix domain socket path is a literal string.

mod_extforward is useful to change the request context to use upstream IP. Then, the upstream IP can be used in lighttpd.conf conditions and in logging.

(Can the log message be improved to avoid binary content?)

No promises, but I'll think about how this can be done efficiently, since the common use case -- stringified IPv4 or IPv6, or unix domain path with printable chars -- do not require this. Also, equally important is that the unix domain socket path is probably not as useful in your logs as is an upstream IP, so you might omit the unix domain path in the log format, or use mod_extforward (recommended).

RE: Conditionals with unix domain sockets - Added by gstrauss 7 months ago

BTW, see #3147 which has a patch and might be the same garbage you are seeing in the logs.

accept() or accept4() might not fill in (sockaddr *) more than the initial two bytes (sa_family) for unix domain sockets, and I did not know about that behavior. The patch has lighttpd fill in sa.sun_path[] when the kernel does not. Without the patch, there might have been garbage in sa.sun_path[], which is what you might be seeing printed and why you could not match $HTTP["remoteip"] =~ "..." {

RE: [Solved] Conditionals with unix domain sockets - Added by gstrauss 7 months ago

I am fairly certain the issue you have run into is fixed in #3147, which will be part of the next lighttpd release.
mod_extforward is recommended for use with unix domain sockets and will workaround the issue until the next lighttpd release.
Alternatively, using $SERVER["socket"] to match the unix domain socket works in the current lighttpd release. ($SERVER["socket"] instead of $HTTP["remoteip"])

Separately, I have sketched out (experimental) support for abstract sockets (Linux) on my dev branch.

    (1-3/3)