--- httpd-2.4.25/modules/metadata/mod_unique_id.c.uniqueid 2011-12-05 02:08:01.000000000 +0200
+++ httpd-2.4.25/modules/metadata/mod_unique_id.c 2016-12-24 15:43:18.060602927 +0200
@@ -14,304 +14,212 @@
* limitations under the License.
*/
/*
* mod_unique_id.c: generate a unique identifier for each request
*
* Original author: Dean Gaudet <dgaudet@arctic.org>
* UUencoding modified by: Alvaro Martinez Echevarria <alvaro@lander.es>
*/
#define APR_WANT_BYTEFUNC /* for htons() et al */
#include "apr_want.h"
#include "apr_general.h" /* for APR_OFFSETOF */
#include "apr_network_io.h"
#include "httpd.h"
#include "http_config.h"
#include "http_log.h"
#include "http_protocol.h" /* for ap_hook_post_read_request */
-#if APR_HAVE_UNISTD_H
-#include <unistd.h> /* for getpid() */
-#endif
+#define ROOT_SIZE 10
typedef struct {
unsigned int stamp;
- unsigned int in_addr;
- unsigned int pid;
+ char root[ROOT_SIZE];
unsigned short counter;
unsigned int thread_index;
} unique_id_rec;
/* We are using thread_index (the index into the scoreboard), because we
* cannot guarantee the thread_id will be an integer.
*
* This code looks like it won't give a unique ID with the new thread logic.
* It will. The reason is, we don't increment the counter in a thread_safe
* manner. Because the thread_index is also in the unique ID now, this does
* not matter. In order for the id to not be unique, the same thread would
* have to get the same counter twice in the same second.
*/
/* Comments:
*
* We want an identifier which is unique across all hits, everywhere.
* "everywhere" includes multiple httpd instances on the same machine, or on
* multiple machines. Essentially "everywhere" should include all possible
* httpds across all servers at a particular "site". We make some assumptions
* that if the site has a cluster of machines then their time is relatively
* synchronized. We also assume that the first address returned by a
* gethostbyname (gethostname()) is unique across all the machines at the
* "site".
*
- * We also further assume that pids fit in 32-bits. If something uses more
- * than 32-bits, the fix is trivial, but it requires the unrolled uuencoding
- * loop to be extended. * A similar fix is needed to support multithreaded
- * servers, using a pid/tid combo.
- *
- * Together, the in_addr and pid are assumed to absolutely uniquely identify
- * this one child from all other currently running children on all servers
- * (including this physical server if it is running multiple httpds) from each
+ * The root is assumed to absolutely uniquely identify this one child
+ * from all other currently running children on all servers (including
+ * this physical server if it is running multiple httpds) from each
* other.
*
- * The stamp and counter are used to distinguish all hits for a particular
- * (in_addr,pid) pair. The stamp is updated using r->request_time,
- * saving cpu cycles. The counter is never reset, and is used to permit up to
- * 64k requests in a single second by a single child.
+ * The stamp and counter are used to distinguish all hits for a
+ * particular root. The stamp is updated using r->request_time,
+ * saving cpu cycles. The counter is never reset, and is used to
+ * permit up to 64k requests in a single second by a single child.
*
* The 144-bits of unique_id_rec are encoded using the alphabet
* [A-Za-z0-9@-], resulting in 24 bytes of printable characters. That is then
* stuffed into the environment variable UNIQUE_ID so that it is available to
* other modules. The alphabet choice differs from normal base64 encoding
* [A-Za-z0-9+/] because + and / are special characters in URLs and we want to
* make it easy to use UNIQUE_ID in URLs.
*
* Note that UNIQUE_ID should be considered an opaque token by other
* applications. No attempt should be made to dissect its internal components.
* It is an abstraction that may change in the future as the needs of this
* module change.
*
* It is highly desirable that identifiers exist for "eternity". But future
- * needs (such as much faster webservers, moving to 64-bit pids, or moving to a
+ * needs (such as much faster webservers, or moving to a
* multithreaded server) may dictate a need to change the contents of
* unique_id_rec. Such a future implementation should ensure that the first
* field is still a time_t stamp. By doing that, it is possible for a site to
* have a "flag second" in which they stop all of their old-format servers,
* wait one entire second, and then start all of their new-servers. This
* procedure will ensure that the new space of identifiers is completely unique
* from the old space. (Since the first four unencoded bytes always differ.)
+ *
+ * Note: previous implementations used 32-bits of IP address plus pid
+ * in place of the PRNG output in the "root" field. This was
+ * insufficient for IPv6-only hosts, required working DNS to determine
+ * a unique IP address (fragile), and needed a [0, 1) second sleep
+ * call at startup to avoid pid reuse. Use of the PRNG avoids all
+ * these issues.
*/
+
/*
* Sun Jun 7 05:43:49 CEST 1998 -- Alvaro
* More comments:
* 1) The UUencoding prodecure is now done in a general way, avoiding the problems
* with sizes and paddings that can arise depending on the architecture. Now the
* offsets and sizes of the elements of the unique_id_rec structure are calculated
* in unique_id_global_init; and then used to duplicate the structure without the
* paddings that might exist. The multithreaded server fix should be now very easy:
* just add a new "tid" field to the unique_id_rec structure, and increase by one
* UNIQUE_ID_REC_MAX.
* 2) unique_id_rec.stamp has been changed from "time_t" to "unsigned int", because
* its size is 64bits on some platforms (linux/alpha), and this caused problems with
* htonl/ntohl. Well, this shouldn't be a problem till year 2106.
*/
-static unsigned global_in_addr;
-
/*
* XXX: We should have a per-thread counter and not use cur_unique_id.counter
* XXX: in all threads, because this is bad for performance on multi-processor
* XXX: systems: Writing to the same address from several CPUs causes cache
* XXX: thrashing.
*/
static unique_id_rec cur_unique_id;
/*
* Number of elements in the structure unique_id_rec.
*/
-#define UNIQUE_ID_REC_MAX 5
+#define UNIQUE_ID_REC_MAX 4
static unsigned short unique_id_rec_offset[UNIQUE_ID_REC_MAX],
unique_id_rec_size[UNIQUE_ID_REC_MAX],
unique_id_rec_total_size,
unique_id_rec_size_uu;
static int unique_id_global_init(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *main_server)
{
- char str[APRMAXHOSTLEN + 1];
- apr_status_t rv;
- char *ipaddrstr;
- apr_sockaddr_t *sockaddr;
-
/*
* Calculate the sizes and offsets in cur_unique_id.
*/
unique_id_rec_offset[0] = APR_OFFSETOF(unique_id_rec, stamp);
unique_id_rec_size[0] = sizeof(cur_unique_id.stamp);
- unique_id_rec_offset[1] = APR_OFFSETOF(unique_id_rec, in_addr);
- unique_id_rec_size[1] = sizeof(cur_unique_id.in_addr);
- unique_id_rec_offset[2] = APR_OFFSETOF(unique_id_rec, pid);
- unique_id_rec_size[2] = sizeof(cur_unique_id.pid);
- unique_id_rec_offset[3] = APR_OFFSETOF(unique_id_rec, counter);
- unique_id_rec_size[3] = sizeof(cur_unique_id.counter);
- unique_id_rec_offset[4] = APR_OFFSETOF(unique_id_rec, thread_index);
- unique_id_rec_size[4] = sizeof(cur_unique_id.thread_index);
+ unique_id_rec_offset[1] = APR_OFFSETOF(unique_id_rec, root);
+ unique_id_rec_size[1] = sizeof(cur_unique_id.root);
+ unique_id_rec_offset[2] = APR_OFFSETOF(unique_id_rec, counter);
+ unique_id_rec_size[2] = sizeof(cur_unique_id.counter);
+ unique_id_rec_offset[3] = APR_OFFSETOF(unique_id_rec, thread_index);
+ unique_id_rec_size[3] = sizeof(cur_unique_id.thread_index);
unique_id_rec_total_size = unique_id_rec_size[0] + unique_id_rec_size[1] +
- unique_id_rec_size[2] + unique_id_rec_size[3] +
- unique_id_rec_size[4];
+ unique_id_rec_size[2] + unique_id_rec_size[3];
/*
* Calculate the size of the structure when encoded.
*/
unique_id_rec_size_uu = (unique_id_rec_total_size*8+5)/6;
- /*
- * Now get the global in_addr. Note that it is not sufficient to use one
- * of the addresses from the main_server, since those aren't as likely to
- * be unique as the physical address of the machine
- */
- if ((rv = apr_gethostname(str, sizeof(str) - 1, p)) != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_ALERT, rv, main_server, APLOGNO(01563)
- "unable to find hostname of the server");
- return HTTP_INTERNAL_SERVER_ERROR;
- }
-
- if ((rv = apr_sockaddr_info_get(&sockaddr, str, AF_INET, 0, 0, p)) == APR_SUCCESS) {
- global_in_addr = sockaddr->sa.sin.sin_addr.s_addr;
- }
- else {
- ap_log_error(APLOG_MARK, APLOG_ALERT, rv, main_server, APLOGNO(01564)
- "unable to find IPv4 address of \"%s\"", str);
-#if APR_HAVE_IPV6
- if ((rv = apr_sockaddr_info_get(&sockaddr, str, AF_INET6, 0, 0, p)) == APR_SUCCESS) {
- memcpy(&global_in_addr,
- (char *)sockaddr->ipaddr_ptr + sockaddr->ipaddr_len - sizeof(global_in_addr),
- sizeof(global_in_addr));
- ap_log_error(APLOG_MARK, APLOG_ALERT, rv, main_server, APLOGNO(01565)
- "using low-order bits of IPv6 address "
- "as if they were unique");
- }
- else
-#endif
- return HTTP_INTERNAL_SERVER_ERROR;
- }
-
- apr_sockaddr_ip_get(&ipaddrstr, sockaddr);
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, main_server, APLOGNO(01566) "using ip addr %s",
- ipaddrstr);
-
- /*
- * If the server is pummelled with restart requests we could possibly end
- * up in a situation where we're starting again during the same second
- * that has been used in previous identifiers. Avoid that situation.
- *
- * In truth, for this to actually happen not only would it have to restart
- * in the same second, but it would have to somehow get the same pids as
- * one of the other servers that was running in that second. Which would
- * mean a 64k wraparound on pids ... not very likely at all.
- *
- * But protecting against it is relatively cheap. We just sleep into the
- * next second.
- */
- apr_sleep(apr_time_from_sec(1) - apr_time_usec(apr_time_now()));
return OK;
}
static void unique_id_child_init(apr_pool_t *p, server_rec *s)
{
- pid_t pid;
-
- /*
- * Note that we use the pid because it's possible that on the same
- * physical machine there are multiple servers (i.e. using Listen). But
- * it's guaranteed that none of them will share the same pids between
- * children.
- *
- * XXX: for multithread this needs to use a pid/tid combo and probably
- * needs to be expanded to 32 bits
- */
- pid = getpid();
- cur_unique_id.pid = pid;
-
- /*
- * Test our assumption that the pid is 32-bits. It's possible that
- * 64-bit machines will declare pid_t to be 64 bits but only use 32
- * of them. It would have been really nice to test this during
- * global_init ... but oh well.
- */
- if ((pid_t)cur_unique_id.pid != pid) {
- ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s, APLOGNO(01567)
- "oh no! pids are greater than 32-bits! I'm broken!");
- }
-
- cur_unique_id.in_addr = global_in_addr;
+ ap_random_insecure_bytes(&cur_unique_id.root,
+ sizeof(cur_unique_id.root));
/*
* If we use 0 as the initial counter we have a little less protection
* against restart problems, and a little less protection against a clock
* going backwards in time.
*/
ap_random_insecure_bytes(&cur_unique_id.counter,
sizeof(cur_unique_id.counter));
-
- /*
- * We must always use network ordering for these bytes, so that
- * identifiers are comparable between machines of different byte
- * orderings. Note in_addr is already in network order.
- */
- cur_unique_id.pid = htonl(cur_unique_id.pid);
}
/* NOTE: This is *NOT* the same encoding used by base64encode ... the last two
* characters should be + and /. But those two characters have very special
* meanings in URLs, and we want to make it easy to use identifiers in
* URLs. So we replace them with @ and -.
*/
static const char uuencoder[64] = {
'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm',
'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '@', '-',
};
static const char *gen_unique_id(const request_rec *r)
{
char *str;
/*
* Buffer padded with two final bytes, used to copy the unique_id_red
* structure without the internal paddings that it could have.
*/
unique_id_rec new_unique_id;
struct {
unique_id_rec foo;
unsigned char pad[2];
} paddedbuf;
unsigned char *x,*y;
unsigned short counter;
int i,j,k;
- new_unique_id.in_addr = cur_unique_id.in_addr;
- new_unique_id.pid = cur_unique_id.pid;
+ memcpy(&new_unique_id.root, &cur_unique_id.root, ROOT_SIZE);
new_unique_id.counter = cur_unique_id.counter;
-
new_unique_id.stamp = htonl((unsigned int)apr_time_sec(r->request_time));
new_unique_id.thread_index = htonl((unsigned int)r->connection->id);
/* we'll use a temporal buffer to avoid uuencoding the possible internal
* paddings of the original structure */
x = (unsigned char *) &paddedbuf;
k = 0;
for (i = 0; i < UNIQUE_ID_REC_MAX; i++) {
y = ((unsigned char *) &new_unique_id) + unique_id_rec_offset[i];
for (j = 0; j < unique_id_rec_size[i]; j++, k++) {
x[k] = y[j];
}
}
/*
* We reset two more bytes just in case padding is needed for the uuencoding.
*/
x[k++] = '\0';
x[k++] = '\0';
/* alloc str and do the uuencoding */
