<div dir="ltr"><div>Hi,</div><div><br></div>We have been using something like this for ~2 years.<div><br></div><div>For ours we used a random number to start and the Process ID & Process start time to try and increase uniqueness between reloads (ours is a 128bit ID). Then applying an increment, with future requests having a higher id.</div><div><br></div><div>Perhaps that would be better than just 128bit of random data?</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Apr 27, 2016 at 12:14 PM, Alexey Ivanov <span dir="ltr"><<a href="mailto:savetherbtz@gmail.com" target="_blank">savetherbtz@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Same here, in our environment we:<br>
* get current request id from a header<br>
* validate it against our guidelines<br>
* if not already present or does not pass validation:<br>
* re-generate using `RAND_bytes()`<br>
* propagate it to the upstream<br>
* echo it back to the downstream<br>
* log it to the access.log<br>
<br>
It would be nice if new nginx code can be used more or less drop-in replacement for our homegrown lua-stuff.<br>
<br>
We currently use following pseudo-code to validate/generate/propagate/echo-back request_ids:<br>
<br>
```<br>
set_by_lua $request_id '<br>
local success, req_id = pcall(request_id.get_hex_or_generate, ngx.var.http_x_dropbox_request_id)<br>
if not success then<br>
return "-"<br>
end<br>
return req_id<br>
';<br>
more_set_headers "X-Dropbox-Request-Id: $request_id";<br>
proxy_set_header X-Dropbox-Request-Id $request_id ;<br>
```<br>
<br>
```<br>
--[[<br>
Helper function that verifies request_id or generates new one in case<br>
validation fails.<br>
<br>
@req_id: current request id<br>
--]]<br>
function request_id.get_hex_or_generate(req_id)<br>
...<br>
end<br>
```<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
> On Apr 26, 2016, at 9:51 AM, ToSHiC <<a href="mailto:toshic.toshic@gmail.com">toshic.toshic@gmail.com</a>> wrote:<br>
><br>
> Hello,<br>
><br>
> We are using such variable for more than a year, and I suggest to add ability to extract request_id from header. It's very usefull for systems with frontend and backend installed on different servers.<br>
><br>
> On Tue, Apr 26, 2016 at 7:38 PM, Vladimir Homutov <<a href="mailto:vl@nginx.com">vl@nginx.com</a>> wrote:<br>
> details: <a href="http://hg.nginx.org/nginx/rev/59f8f2dd8b31" rel="noreferrer" target="_blank">http://hg.nginx.org/nginx/rev/59f8f2dd8b31</a><br>
> branches:<br>
> changeset: 6531:59f8f2dd8b31<br>
> user: Vladimir Homutov <<a href="mailto:vl@nginx.com">vl@nginx.com</a>><br>
> date: Tue Apr 26 19:31:46 2016 +0300<br>
> description:<br>
> Variable $request_id.<br>
><br>
> The variable contains text representation based on random data, usable as<br>
> a unique request identifier.<br>
><br>
> diffstat:<br>
><br>
> src/http/ngx_http_variables.c | 47 +++++++++++++++++++++++++++++++++++++++++++<br>
> 1 files changed, 47 insertions(+), 0 deletions(-)<br>
><br>
> diffs (71 lines):<br>
><br>
> diff -r 1d0e03db9f8e -r 59f8f2dd8b31 src/http/ngx_http_variables.c<br>
> --- a/src/http/ngx_http_variables.c Fri Dec 18 19:05:27 2015 +0300<br>
> +++ b/src/http/ngx_http_variables.c Tue Apr 26 19:31:46 2016 +0300<br>
> @@ -98,6 +98,8 @@ static ngx_int_t ngx_http_variable_reque<br>
> ngx_http_variable_value_t *v, uintptr_t data);<br>
> static ngx_int_t ngx_http_variable_request_time(ngx_http_request_t *r,<br>
> ngx_http_variable_value_t *v, uintptr_t data);<br>
> +static ngx_int_t ngx_http_variable_request_id(ngx_http_request_t *r,<br>
> + ngx_http_variable_value_t *v, uintptr_t data);<br>
> static ngx_int_t ngx_http_variable_status(ngx_http_request_t *r,<br>
> ngx_http_variable_value_t *v, uintptr_t data);<br>
><br>
> @@ -274,6 +276,10 @@ static ngx_http_variable_t ngx_http_cor<br>
> { ngx_string("request_time"), NULL, ngx_http_variable_request_time,<br>
> 0, NGX_HTTP_VAR_NOCACHEABLE, 0 },<br>
><br>
> + { ngx_string("request_id"), NULL,<br>
> + ngx_http_variable_request_id,<br>
> + 0, 0, 0 },<br>
> +<br>
> { ngx_string("status"), NULL,<br>
> ngx_http_variable_status, 0,<br>
> NGX_HTTP_VAR_NOCACHEABLE, 0 },<br>
> @@ -2068,6 +2074,47 @@ ngx_http_variable_request_time(ngx_http_<br>
><br>
><br>
> static ngx_int_t<br>
> +ngx_http_variable_request_id(ngx_http_request_t *r,<br>
> + ngx_http_variable_value_t *v, uintptr_t data)<br>
> +{<br>
> + u_char *id;<br>
> +<br>
> +#if (NGX_OPENSSL)<br>
> + u_char random_bytes[16];<br>
> +#endif<br>
> +<br>
> + id = ngx_pnalloc(r->pool, 32);<br>
> + if (id == NULL) {<br>
> + return NGX_ERROR;<br>
> + }<br>
> +<br>
> + v->valid = 1;<br>
> + v->no_cacheable = 0;<br>
> + v->not_found = 0;<br>
> +<br>
> + v->len = 32;<br>
> + v->data = id;<br>
> +<br>
> +#if (NGX_OPENSSL)<br>
> +<br>
> + if (RAND_bytes(random_bytes, 16) == 1) {<br>
> + ngx_hex_dump(id, random_bytes, 16);<br>
> + return NGX_OK;<br>
> + }<br>
> +<br>
> + ngx_ssl_error(NGX_LOG_ERR, r->connection->log, 0, "RAND_bytes() failed");<br>
> +<br>
> +#endif<br>
> +<br>
> + ngx_sprintf(id, "%08xD%08xD%08xD%08xD",<br>
> + (uint32_t) ngx_random(), (uint32_t) ngx_random(),<br>
> + (uint32_t) ngx_random(), (uint32_t) ngx_random());<br>
> +<br>
> + return NGX_OK;<br>
> +}<br>
> +<br>
> +<br>
> +static ngx_int_t<br>
> ngx_http_variable_connection(ngx_http_request_t *r,<br>
> ngx_http_variable_value_t *v, uintptr_t data)<br>
> {<br>
><br>
> _______________________________________________<br>
> nginx-devel mailing list<br>
> <a href="mailto:nginx-devel@nginx.org">nginx-devel@nginx.org</a><br>
> <a href="http://mailman.nginx.org/mailman/listinfo/nginx-devel" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx-devel</a><br>
><br>
> _______________________________________________<br>
> nginx-devel mailing list<br>
> <a href="mailto:nginx-devel@nginx.org">nginx-devel@nginx.org</a><br>
> <a href="http://mailman.nginx.org/mailman/listinfo/nginx-devel" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx-devel</a><br>
<br>
</div></div><br>_______________________________________________<br>
nginx-devel mailing list<br>
<a href="mailto:nginx-devel@nginx.org">nginx-devel@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx-devel" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx-devel</a><br></blockquote></div><br></div>