diff --git a/src/ngx_http_modsecurity_body_filter.c b/src/ngx_http_modsecurity_body_filter.c index 268d17d..04a2b4c 100644 --- a/src/ngx_http_modsecurity_body_filter.c +++ b/src/ngx_http_modsecurity_body_filter.c @@ -156,8 +156,8 @@ ngx_http_modsecurity_body_filter(ngx_http_request_t *r, ngx_chain_t *in) if (is_request_processed) { ngx_pool_t *old_pool; - struct timeval start_tv; - ngx_gettimeofday(&start_tv); + struct timespec start_tv; + (void) clock_gettime(CLOCK_MONOTONIC, &start_tv); old_pool = ngx_http_modsecurity_pcre_malloc_init(r->pool); msc_process_response_body(ctx->modsec_transaction); @@ -165,8 +165,8 @@ ngx_http_modsecurity_body_filter(ngx_http_request_t *r, ngx_chain_t *in) /* XXX: I don't get how body from modsec being transferred to nginx's buffer. If so - after adjusting of nginx's XXX: body we can proceed to adjust body size (content-length). see xslt_body_filter() for example */ - ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r, 0); ctx->resp_body_phase_time = ngx_http_modsecurity_compute_processing_time(start_tv); + ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r, 0); if (ret > 0) { return ret; } diff --git a/src/ngx_http_modsecurity_common.h b/src/ngx_http_modsecurity_common.h index dc3e5a8..8282606 100644 --- a/src/ngx_http_modsecurity_common.h +++ b/src/ngx_http_modsecurity_common.h @@ -169,6 +169,6 @@ ngx_int_t ngx_http_modsecurity_pre_access_handler(ngx_http_request_t *r); /* ngx_http_modsecurity_rewrite.c */ ngx_int_t ngx_http_modsecurity_rewrite_handler(ngx_http_request_t *r); -ngx_msec_int_t ngx_http_modsecurity_compute_processing_time(struct timeval tv); +ngx_msec_int_t ngx_http_modsecurity_compute_processing_time(struct timespec tv); #endif /* _NGX_HTTP_MODSECURITY_COMMON_H_INCLUDED_ */ diff --git a/src/ngx_http_modsecurity_header_filter.c b/src/ngx_http_modsecurity_header_filter.c index 0c8df9b..69b64fe 100644 --- a/src/ngx_http_modsecurity_header_filter.c +++ b/src/ngx_http_modsecurity_header_filter.c @@ -446,8 +446,8 @@ ngx_http_modsecurity_header_filter(ngx_http_request_t *r) return ngx_http_next_header_filter(r); } - struct timeval start_tv; - ngx_gettimeofday(&start_tv); + struct timespec start_tv; + (void) clock_gettime(CLOCK_MONOTONIC, &start_tv); /* * Lets ask nginx to keep the response body in memory @@ -527,12 +527,10 @@ ngx_http_modsecurity_header_filter(ngx_http_request_t *r) #endif old_pool = ngx_http_modsecurity_pcre_malloc_init(r->pool); - msc_process_response_headers(ctx->modsec_transaction, status, http_response_ver); + msc_process_response_headers(ctx->modsec_transaction, status, http_response_ver); ngx_http_modsecurity_pcre_malloc_done(old_pool); - ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r, 0); - ctx->resp_headers_phase_time = ngx_http_modsecurity_compute_processing_time(start_tv); - + ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r, 0); if (r->error_page) { return ngx_http_next_header_filter(r); } diff --git a/src/ngx_http_modsecurity_log.c b/src/ngx_http_modsecurity_log.c index 3a62a12..2b1f363 100644 --- a/src/ngx_http_modsecurity_log.c +++ b/src/ngx_http_modsecurity_log.c @@ -71,8 +71,8 @@ ngx_http_modsecurity_log_handler(ngx_http_request_t *r) dd("already logged earlier"); return NGX_OK; } - struct timeval start_tv; - ngx_gettimeofday(&start_tv); + struct timespec start_tv; + (void) clock_gettime(CLOCK_MONOTONIC, &start_tv); dd("calling msc_process_logging for %p", ctx); old_pool = ngx_http_modsecurity_pcre_malloc_init(r->pool); diff --git a/src/ngx_http_modsecurity_module.c b/src/ngx_http_modsecurity_module.c index da69ec3..993c537 100644 --- a/src/ngx_http_modsecurity_module.c +++ b/src/ngx_http_modsecurity_module.c @@ -33,15 +33,7 @@ static char *ngx_http_modsecurity_merge_conf(ngx_conf_t *cf, void *parent, void static void ngx_http_modsecurity_cleanup_instance(void *data); static void ngx_http_modsecurity_cleanup_rules(void *data); -static ngx_int_t ngx_http_modsecurity_req_headers_phase_time(ngx_http_request_t *r, - ngx_http_variable_value_t *v, uintptr_t data); -static ngx_int_t ngx_http_modsecurity_req_body_phase_time(ngx_http_request_t *r, - ngx_http_variable_value_t *v, uintptr_t data); -static ngx_int_t ngx_http_modsecurity_resp_headers_phase_time(ngx_http_request_t *r, - ngx_http_variable_value_t *v, uintptr_t data); -static ngx_int_t ngx_http_modsecurity_resp_body_phase_time(ngx_http_request_t *r, - ngx_http_variable_value_t *v, uintptr_t data); -static ngx_int_t ngx_http_modsecurity_logging_phase_time(ngx_http_request_t *r, +static ngx_int_t ngx_http_modsecurity_phase_time(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); static ngx_int_t ngx_http_modsecurity_time_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data, ngx_msec_int_t usec); @@ -541,26 +533,26 @@ ngx_module_t ngx_http_modsecurity_module = { static ngx_http_variable_t ngx_http_modsecurity_vars[] = { { ngx_string("modsecurity_req_headers_phase_time"), NULL, - ngx_http_modsecurity_req_headers_phase_time, 0, - NGX_HTTP_VAR_NOCACHEABLE, 0 }, + ngx_http_modsecurity_phase_time, 0, + NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 }, { ngx_string("modsecurity_req_body_phase_time"), NULL, - ngx_http_modsecurity_req_body_phase_time, 0, - NGX_HTTP_VAR_NOCACHEABLE, 0 }, + ngx_http_modsecurity_phase_time, 1, + NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 }, { ngx_string("modsecurity_resp_headers_phase_time"), NULL, - ngx_http_modsecurity_resp_headers_phase_time, 0, - NGX_HTTP_VAR_NOCACHEABLE, 0 }, + ngx_http_modsecurity_phase_time, 2, + NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 }, { ngx_string("modsecurity_resp_body_phase_time"), NULL, - ngx_http_modsecurity_resp_body_phase_time, 0, - NGX_HTTP_VAR_NOCACHEABLE, 0 }, + ngx_http_modsecurity_phase_time, 3, + NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 }, { ngx_string("modsecurity_logging_phase_time"), NULL, - ngx_http_modsecurity_logging_phase_time, 0, - NGX_HTTP_VAR_NOCACHEABLE, 0 }, + ngx_http_modsecurity_phase_time, 4, + NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 }, - ngx_http_null_variable + { ngx_null_string, NULL, NULL, 0, 0, 0 } }; @@ -850,21 +842,7 @@ ngx_http_modsecurity_cleanup_rules(void *data) static ngx_int_t -ngx_http_modsecurity_req_headers_phase_time(ngx_http_request_t *r, - ngx_http_variable_value_t *v, uintptr_t data) -{ - ngx_http_modsecurity_ctx_t *ctx; - - ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module); - if (ctx == NULL) { - return NGX_ERROR; - } - return ngx_http_modsecurity_time_variable(r, v, data, ctx->req_headers_phase_time); -} - - -static ngx_int_t -ngx_http_modsecurity_req_body_phase_time(ngx_http_request_t *r, +ngx_http_modsecurity_phase_time(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data) { ngx_http_modsecurity_ctx_t *ctx; @@ -873,49 +851,21 @@ ngx_http_modsecurity_req_body_phase_time(ngx_http_request_t *r, if (ctx == NULL) { return NGX_ERROR; } - return ngx_http_modsecurity_time_variable(r, v, data, ctx->req_body_phase_time); -} - -static ngx_int_t -ngx_http_modsecurity_resp_headers_phase_time(ngx_http_request_t *r, - ngx_http_variable_value_t *v, uintptr_t data) -{ - ngx_http_modsecurity_ctx_t *ctx; - - ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module); - if (ctx == NULL) { - return NGX_ERROR; - } - return ngx_http_modsecurity_time_variable(r, v, data, ctx->resp_headers_phase_time); -} - - -static ngx_int_t -ngx_http_modsecurity_resp_body_phase_time(ngx_http_request_t *r, - ngx_http_variable_value_t *v, uintptr_t data) -{ - ngx_http_modsecurity_ctx_t *ctx; - - ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module); - if (ctx == NULL) { - return NGX_ERROR; - } - return ngx_http_modsecurity_time_variable(r, v, data, ctx->resp_body_phase_time); -} - - -static ngx_int_t -ngx_http_modsecurity_logging_phase_time(ngx_http_request_t *r, - ngx_http_variable_value_t *v, uintptr_t data) -{ - ngx_http_modsecurity_ctx_t *ctx; - - ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module); - if (ctx == NULL) { - return NGX_ERROR; + switch(data) { + case 0: + return ngx_http_modsecurity_time_variable(r, v, data, ctx->req_headers_phase_time); + case 1: + return ngx_http_modsecurity_time_variable(r, v, data, ctx->req_body_phase_time); + case 2: + return ngx_http_modsecurity_time_variable(r, v, data, ctx->resp_headers_phase_time); + case 3: + return ngx_http_modsecurity_time_variable(r, v, data, ctx->resp_body_phase_time); + case 4: + return ngx_http_modsecurity_time_variable(r, v, data, ctx->logging_phase_time); + default: + return -1; } - return ngx_http_modsecurity_time_variable(r, v, data, ctx->logging_phase_time); } @@ -946,10 +896,10 @@ ngx_http_modsecurity_time_variable(ngx_http_request_t *r, ngx_msec_int_t -ngx_http_modsecurity_compute_processing_time(struct timeval tv) { - struct timeval current_tv; - ngx_gettimeofday(¤t_tv); - return (ngx_msec_int_t) ((current_tv.tv_sec - tv.tv_sec) * 1000000 + (current_tv.tv_usec - tv.tv_usec)); +ngx_http_modsecurity_compute_processing_time(struct timespec tv) { + struct timespec current_tv; + (void) clock_gettime(CLOCK_MONOTONIC, ¤t_tv); + return (ngx_msec_int_t) ((current_tv.tv_sec - tv.tv_sec) * 1000000 + (current_tv.tv_nsec - tv.tv_nsec) / 1000); }; /* vi:set ft=c ts=4 sw=4 et fdm=marker: */ diff --git a/src/ngx_http_modsecurity_pre_access.c b/src/ngx_http_modsecurity_pre_access.c index 5fcf5d6..41370ae 100644 --- a/src/ngx_http_modsecurity_pre_access.c +++ b/src/ngx_http_modsecurity_pre_access.c @@ -140,8 +140,8 @@ ngx_http_modsecurity_pre_access_handler(ngx_http_request_t *r) int ret = 0; int already_inspected = 0; - struct timeval start_tv; - ngx_gettimeofday(&start_tv); + struct timespec start_tv; + (void) clock_gettime(CLOCK_MONOTONIC, &start_tv); dd("request body is ready to be processed"); @@ -212,11 +212,8 @@ ngx_http_modsecurity_pre_access_handler(ngx_http_request_t *r) /* XXX: once more -- is body can be modified ? content-length need to be adjusted ? */ old_pool = ngx_http_modsecurity_pcre_malloc_init(r->pool); - msc_process_request_body(ctx->modsec_transaction); - ctx->req_body_phase_time = ngx_http_modsecurity_compute_processing_time(start_tv); - ngx_http_modsecurity_pcre_malloc_done(old_pool); ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r, 0); diff --git a/src/ngx_http_modsecurity_rewrite.c b/src/ngx_http_modsecurity_rewrite.c index 7739802..42ed1bd 100644 --- a/src/ngx_http_modsecurity_rewrite.c +++ b/src/ngx_http_modsecurity_rewrite.c @@ -51,9 +51,8 @@ ngx_http_modsecurity_rewrite_handler(ngx_http_request_t *r) if (ctx == NULL) { int ret = 0; - struct timeval start_tv; - - ngx_gettimeofday(&start_tv); + struct timespec start_tv; + (void) clock_gettime(CLOCK_MONOTONIC, &start_tv); ngx_connection_t *connection = r->connection; /** @@ -208,10 +207,8 @@ ngx_http_modsecurity_rewrite_handler(ngx_http_request_t *r) msc_process_request_headers(ctx->modsec_transaction); ngx_http_modsecurity_pcre_malloc_done(old_pool); dd("Processing intervention with the request headers information filled in"); - ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r, 1); - ctx->req_headers_phase_time = ngx_http_modsecurity_compute_processing_time(start_tv); - + ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r, 1); if (r->error_page) { return NGX_DECLINED; } @@ -221,5 +218,6 @@ ngx_http_modsecurity_rewrite_handler(ngx_http_request_t *r) } } + return NGX_DECLINED; }