[trafficserver] branch master updated: Unrequire remap rules for OCSP (#10146)

Mon, 14 Aug 2023 08:17:37 -0700 

This is an automated email from the ASF dual-hosted git repository.

maskit pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
     new 766990ed3e Unrequire remap rules for OCSP (#10146)
766990ed3e is described below

commit 766990ed3e9830b1b87909064fea16ba12008c87
Author: Masakazu Kitajo <mas...@apache.org>
AuthorDate: Tue Aug 15 00:17:12 2023 +0900

    Unrequire remap rules for OCSP (#10146)
    
    * Unrequire remap rules for OCSP
    
    The change to use FetchSM for OCSP requests unintentionally made ATS rely 
on remap rules, and that effectively broke OCSP if a user
    sets remap_required to 1. To recover the original behavior which does not 
rely on remap rules, this introduces a new flag for
    FetchSM, TS_FETCH_FLAGS_SKIP_REMAP, and the flag enables skipping remap on 
a transaction initiated by FetchSM even if
    remap_required is set to 1.
    
    Since the flag is part of TS API, this also enables plugins to make HTTP 
requests for other servers without remap rules.
---
 include/ts/experimental.h     |  3 ++-
 iocore/net/I_NetVConnection.h | 15 ++++++++++++++-
 iocore/net/OCSPStapling.cc    |  4 ++--
 proxy/http/HttpSM.cc          |  1 +
 src/traffic_server/FetchSM.cc |  5 +++++
 5 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/include/ts/experimental.h b/include/ts/experimental.h
index d550d2d24c..759d1768dc 100644
--- a/include/ts/experimental.h
+++ b/include/ts/experimental.h
@@ -47,7 +47,8 @@ typedef enum {
   TS_FETCH_FLAGS_STREAM               = 1 << 1, // enable stream IO
   TS_FETCH_FLAGS_DECHUNK              = 1 << 2, // dechunk body content
   TS_FETCH_FLAGS_NEWLOCK              = 1 << 3, // allocate new lock for fetch 
sm
-  TS_FETCH_FLAGS_NOT_INTERNAL_REQUEST = 1 << 4  // Allow this fetch to be 
created as a non-internal request.
+  TS_FETCH_FLAGS_NOT_INTERNAL_REQUEST = 1 << 4, // Allow this fetch to be 
created as a non-internal request.
+  TS_FETCH_FLAGS_SKIP_REMAP           = 1 << 5, // Skip remapping and allow 
requesting arbitary URL
 } TSFetchFlags;
 
 /* Forward declaration of in_addr, any user of these APIs should probably
diff --git a/iocore/net/I_NetVConnection.h b/iocore/net/I_NetVConnection.h
index 09954cad44..441545304f 100644
--- a/iocore/net/I_NetVConnection.h
+++ b/iocore/net/I_NetVConnection.h
@@ -419,6 +419,18 @@ public:
     is_internal_request = val;
   }
 
+  bool
+  get_is_unmanaged_request() const
+  {
+    return is_unmanaged_request;
+  }
+
+  void
+  set_is_unmanaged_request(bool val = false)
+  {
+    is_unmanaged_request = val;
+  }
+
   /// Get the transparency state.
   bool
   get_is_transparent() const
@@ -528,7 +540,8 @@ protected:
   bool got_local_addr  = false;
   bool got_remote_addr = false;
 
-  bool is_internal_request = false;
+  bool is_internal_request  = false;
+  bool is_unmanaged_request = false;
   /// Set if this connection is transparent.
   bool is_transparent = false;
   /// Set if proxy protocol is enabled
diff --git a/iocore/net/OCSPStapling.cc b/iocore/net/OCSPStapling.cc
index d111ac21bb..e5ac6919f4 100644
--- a/iocore/net/OCSPStapling.cc
+++ b/iocore/net/OCSPStapling.cc
@@ -309,9 +309,9 @@ public:
 
     this->_fsm = FetchSMAllocator.alloc();
     if (use_post) {
-      this->_fsm->ext_init(this, "POST", uri, "HTTP/1.1", 
reinterpret_cast<sockaddr *>(&sin), 0);
+      this->_fsm->ext_init(this, "POST", uri, "HTTP/1.1", 
reinterpret_cast<sockaddr *>(&sin), TS_FETCH_FLAGS_SKIP_REMAP);
     } else {
-      this->_fsm->ext_init(this, "GET", uri, "HTTP/1.1", 
reinterpret_cast<sockaddr *>(&sin), 0);
+      this->_fsm->ext_init(this, "GET", uri, "HTTP/1.1", 
reinterpret_cast<sockaddr *>(&sin), TS_FETCH_FLAGS_SKIP_REMAP);
     }
   }
 
diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index ca05063aed..a9c30dbaf6 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -409,6 +409,7 @@ HttpSM::attach_client_session(ProxyTransaction *client_vc)
   }
 
   t_state.setup_per_txn_configs();
+  t_state.api_skip_all_remapping = netvc->get_is_unmanaged_request();
 
   ink_assert(_ua.get_txn()->get_proxy_ssn());
   ink_assert(_ua.get_txn()->get_proxy_ssn()->accept_options);
diff --git a/src/traffic_server/FetchSM.cc b/src/traffic_server/FetchSM.cc
index d5f7ea24df..0fae526bdf 100644
--- a/src/traffic_server/FetchSM.cc
+++ b/src/traffic_server/FetchSM.cc
@@ -92,6 +92,11 @@ FetchSM::httpConnect()
     }
   }
 
+  if (fetch_flags & TS_FETCH_FLAGS_SKIP_REMAP) {
+    PluginVC *other_side = reinterpret_cast<PluginVC 
*>(http_vc)->get_other_side();
+    other_side->set_is_unmanaged_request(true);
+  }
+
   read_vio  = http_vc->do_io_read(this, INT64_MAX, resp_buffer);
   write_vio = http_vc->do_io_write(this, getReqLen() + req_content_length, 
req_reader);
 }

Reply via email to