(trafficserver) branch large-post-body-transform deleted (was 6bf342ba36)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch large-post-body-transform in repository https://gitbox.apache.org/repos/asf/trafficserver.git was 6bf342ba36 Fix for OpenSSL 3.2+. (#11501) The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
(trafficserver) branch large-post-body-transform created (now 6bf342ba36)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch large-post-body-transform in repository https://gitbox.apache.org/repos/asf/trafficserver.git at 6bf342ba36 Fix for OpenSSL 3.2+. (#11501) No new revisions were added by this update.
(trafficserver) branch avx-ats10 deleted (was a31995236e)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch avx-ats10 in repository https://gitbox.apache.org/repos/asf/trafficserver.git was a31995236e Add another file This change permanently discards the following revisions: discard a31995236e Add another file discard a1f9a051cf Checkpoint dagger changes discard 98ea2783ee Move Aviatrix plugins to ats10
(trafficserver) branch avx-53179 deleted (was 12bae2b9cc)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch avx-53179 in repository https://gitbox.apache.org/repos/asf/trafficserver.git was 12bae2b9cc Fix logging reason This change permanently discards the following revisions: discard 12bae2b9cc Fix logging reason discard 82b7f9dc8d AVX-53179: Make 'Ensure TLS' an action and not a match condition discard 420f527eac AVX-45480: update plugin to support non-http/non-tls traffic (#124) discard b9917c14bb Merge pull request #122 from AviatrixDev/AVX-54729-fix-memory-leak discard 2ea3642263 AVX-54729: fix memory leak discard 39860c2d9a AVX-43612: Preserve CAP_NET_RAW on startup (#121) discard 9e9164df44 AVX-33061: Move to ATS10
(trafficserver) 02/07: AVX-43612: Preserve CAP_NET_RAW on startup (#121)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch avx-53179 in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit 39860c2d9a3760740f3e1d2342a604b248da3164 Author: Susan Hinrichs AuthorDate: Tue May 7 10:54:30 2024 -0500 AVX-43612: Preserve CAP_NET_RAW on startup (#121) --- src/tscore/ink_cap.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tscore/ink_cap.cc b/src/tscore/ink_cap.cc index 9b28428400..6944e007e3 100644 --- a/src/tscore/ink_cap.cc +++ b/src/tscore/ink_cap.cc @@ -266,7 +266,7 @@ RestrictCapabilities() cap_t caps_orig = cap_get_proc(); // Capabilities we need. - cap_value_t perm_list[] = {CAP_NET_ADMIN, CAP_NET_BIND_SERVICE, CAP_IPC_LOCK, CAP_DAC_OVERRIDE, CAP_FOWNER}; + cap_value_t perm_list[] = {CAP_NET_ADMIN, CAP_NET_BIND_SERVICE, CAP_IPC_LOCK, CAP_DAC_OVERRIDE, CAP_FOWNER, CAP_NET_RAW}; static int const PERM_CAP_COUNT = sizeof(perm_list) / sizeof(*perm_list); cap_value_t eff_list[] = {CAP_NET_ADMIN, CAP_NET_BIND_SERVICE, CAP_IPC_LOCK}; static int const EFF_CAP_COUNT = sizeof(eff_list) / sizeof(*eff_list);
(trafficserver) 07/07: Fix logging reason
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch avx-53179 in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit 12bae2b9cc3a508e9b31f80b52fc2e65d59c2eb8 Author: Susan Hinrichs AuthorDate: Wed Jul 10 21:12:03 2024 + Fix logging reason --- aviatrix/plugins/avx_policy_driver/web_filter.cc | 5 + 1 file changed, 5 insertions(+) diff --git a/aviatrix/plugins/avx_policy_driver/web_filter.cc b/aviatrix/plugins/avx_policy_driver/web_filter.cc index e7437bd2dd..13c3361ffa 100644 --- a/aviatrix/plugins/avx_policy_driver/web_filter.cc +++ b/aviatrix/plugins/avx_policy_driver/web_filter.cc @@ -431,6 +431,11 @@ PolicyHolder::logAndWatchResult(const char *stage, PolicyResult result, struct s } m.ids = true; break; +case PolicyResult::POLICY_REQUIRE_TLS: + m.action = "DROP"; + m.reason = "POLICY_REQUIRE_TLS"; + m.message = "Non-TLS Traffic"; + break; case PolicyResult::POLICY_CONTINUE: // this should not happen return false;
(trafficserver) 04/07: Merge pull request #122 from AviatrixDev/AVX-54729-fix-memory-leak
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch avx-53179 in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit b9917c14bbdf44ab6d82b4c079668102236bb290 Merge: 39860c2d9a 2ea3642263 Author: kspoelstra-aviatrix <101131137+kspoelstra-aviat...@users.noreply.github.com> AuthorDate: Mon Jul 8 23:43:33 2024 +0200 Merge pull request #122 from AviatrixDev/AVX-54729-fix-memory-leak AVX-54729: fix memory leak aviatrix/plugins/avx_policy_driver/web_filter.cc | 21 - 1 file changed, 12 insertions(+), 9 deletions(-)
(trafficserver) 03/07: AVX-54729: fix memory leak
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch avx-53179 in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit 2ea3642263d0ae6b23546ab511424fd669b8172b Author: Kees Spoelstra AuthorDate: Tue Jul 2 12:39:58 2024 + AVX-54729: fix memory leak --- aviatrix/plugins/avx_policy_driver/web_filter.cc | 21 - 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/aviatrix/plugins/avx_policy_driver/web_filter.cc b/aviatrix/plugins/avx_policy_driver/web_filter.cc index 2596b267fa..3a90a3ee16 100644 --- a/aviatrix/plugins/avx_policy_driver/web_filter.cc +++ b/aviatrix/plugins/avx_policy_driver/web_filter.cc @@ -37,28 +37,28 @@ class PolicyHolder { public: void - SetPolicies(Layer7Config &new_config) + SetPolicies(std::shared_ptr new_config) { Dbg(dbg_ctl, "UpdatePolicy old generation=0x%x", this->generationNumber); std::unique_lock lock(this->mutex); -this->current_config = std::make_shared(new_config); -auto it = new_config.mutable_policies()->begin(); +this->current_config = new_config; +auto it = new_config->mutable_policies()->begin(); auto offset = policy_hit_counter_manager.CurrentOffset(); auto length = policy_hit_counter_manager.CurrentLength(); -auto send_old= policy_hit_counter_manager.CreateNew(new_config.policies_size()); +auto send_old= policy_hit_counter_manager.CreateNew(new_config->policies_size()); uint32_t index = 0; if (send_old && send_stats_callback) { send_stats_callback(offset, length); } -while (it != new_config.mutable_policies()->end()) { +while (it != new_config->mutable_policies()->end()) { policy_hit_counter_manager.ResetCounter(index++, it->id().a(), it->id().b()); it++; } -trafficFilters.load(new_config); -webFilters.load(new_config); +trafficFilters.load(*new_config); +webFilters.load(*new_config); this->generationNumber = this->generationNumber + 1; } @@ -167,6 +167,7 @@ IsPolicyLoaded() } static std::mutex load_policy_mutex; + bool LoadPolicy(bool skip_if_exists) { @@ -180,7 +181,8 @@ LoadPolicy(bool skip_if_exists) return true; } - Layer7Config *policyConfig = FetchLayer7Policy(); + std::shared_ptr policyConfig(FetchLayer7Policy()); + if (policyConfig != nullptr) { if (current_config != nullptr) { // ignore duplicates @@ -190,7 +192,8 @@ LoadPolicy(bool skip_if_exists) return true; } } -activePolicy.SetPolicies(*policyConfig); +// SetPolicies will own the policy +activePolicy.SetPolicies(policyConfig); } return policyConfig != nullptr; }
(trafficserver) 05/07: AVX-45480: update plugin to support non-http/non-tls traffic (#124)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch avx-53179 in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit 420f527eac0afb848eb2b51a48861a4ff879433b Author: Susan Hinrichs AuthorDate: Wed Jul 10 14:47:02 2024 -0500 AVX-45480: update plugin to support non-http/non-tls traffic (#124) --- aviatrix/10_0_0.0001/configs/records.yaml | 2 +- .../plugins/avx_policy_driver/policy_driver.cc | 64 -- 2 files changed, 61 insertions(+), 5 deletions(-) diff --git a/aviatrix/10_0_0.0001/configs/records.yaml b/aviatrix/10_0_0.0001/configs/records.yaml index 9bb22a8a5f..4283faa171 100644 --- a/aviatrix/10_0_0.0001/configs/records.yaml +++ b/aviatrix/10_0_0.0001/configs/records.yaml @@ -126,7 +126,7 @@ ts: # Specify server addresses and ports to bind for HTTP and HTTPS. Docs: # https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html#proxy.config.http.server_ports ## -server_ports: 8443:ssl:tr-full:allow-plain +server_ports: 8443:ssl:tr-full:allow-plain:tr-pass server_session_sharing: match: none diff --git a/aviatrix/plugins/avx_policy_driver/policy_driver.cc b/aviatrix/plugins/avx_policy_driver/policy_driver.cc index dbf878cefb..0acabbfa7e 100644 --- a/aviatrix/plugins/avx_policy_driver/policy_driver.cc +++ b/aviatrix/plugins/avx_policy_driver/policy_driver.cc @@ -148,8 +148,8 @@ policy_sni(TSCont cont, TSEvent event, void *edata) case POLICY_DROP: default: Dbg(dbg_ctl, "Filter drop"); -// int ssl_fd = TSVConnFdGet(ssl_vc); -// close(ssl_fd); +int ssl_fd = TSVConnFdGet(ssl_vc); +close(ssl_fd); // One might think that the TSVConnClose would be more appropriate // than just closing the file descriptor. But calling TSVConnClose // with or without the reenable just causes a core dump. Presume it is a problem @@ -202,6 +202,60 @@ transaction_start(TSCont cont, TSEvent event, void *edata) return TS_SUCCESS; } +static int +tunnel_start(TSCont cont, TSEvent event, void *edata) +{ + TSHttpTxn txnp = reinterpret_cast(edata); + // Need to determine and skip if we entered this tunnel as the result of the first pass of policy evaluation + TSTxnType retval = TSHttpTxnTypeGet(txnp); + Dbg(dbg_ctl, "Tunnel Start event=%d type=%d", event, retval); + if (retval != TS_TXN_TYPE_TR_PASS_TUNNEL) { +Dbg(dbg_ctl, "No more policy for this tunnel"); +TSHttpTxnReenable(txnp, TS_EVENT_HTTP_CONTINUE); +return TS_SUCCESS; + } + Dbg(dbg_ctl, "TR PASS Tunnel"); + + // Is a policy loaded? + if (!IsPolicyLoaded()) { +// Big error if not +TSError("[%s] Policy not loaded at tunnel start", PLUGIN_NAME); +TSHttpTxnReenable(txnp, TS_EVENT_HTTP_ERROR); +return TS_ERROR; + } + + // Is there more policy to interpret + uint64_t policy_offset = get_l7_policy_offset(txnp); + Dbg(dbg_ctl, "Tunnel Policy Offset=0x%" PRIX64, policy_offset); + auto result = EvaluatePolicyTxn(txnp, &policy_offset); + switch (result) { + case POLICY_PERMIT: +Dbg(dbg_ctl, "No IDS policy, permit the tunnel and move on"); +TSHttpTxnReenable(txnp, TS_EVENT_HTTP_CONTINUE); +break; + case POLICY_IDS: +Dbg(dbg_ctl, "Tunnel IDS policy, continue"); +TSUserArgSet(txnp, IDSPolicyTxnIndex, reinterpret_cast(static_cast(1))); +// Continue processing +TSHttpTxnReenable(txnp, TS_EVENT_HTTP_CONTINUE); +break; + case POLICY_DROP: + default: +Dbg(dbg_ctl, "tunnel drop"); +int fd = -1; +TSHttpTxnClientFdGet(txnp, &fd); +close(fd); +// TODO, I assume continuing with ERROR will cause the transaction to fail +// This will end up returning a 50x status code, we could replace this with a 401 +// unauthorized or something configurable to the customer's pleasing. We would need to +// set a hook on the send client response to adjust the status code and message. +TSHttpTxnReenable(txnp, TS_EVENT_HTTP_ERROR); +return TS_ERROR; +break; + } + return TS_SUCCESS; +} + static int connection_start(TSCont cont, TSEvent event, void *edata) { @@ -264,11 +318,13 @@ TSPluginInit(int argc, const char *argv[]) if (stats_timeout <= 0) { stats_timeout = 60; } -TSCont start_contp = TSContCreate(connection_start, NULL); -TSCont start_txn_contp = TSContCreate(transaction_start, NULL); +TSCont start_contp= TSContCreate(connection_start, NULL); +TSCont start_txn_contp= TSContCreate(transaction_start, NULL); +TSCont start_tunnel_contp = TSContCreate(tunnel_start, NULL); // Trigger on connection start, apply hooks on txn start as necssary TSHttpHookAdd(TS_VCONN_START_HOOK, start_contp); TSHttpHookAdd(TS_HTTP_READ_REQUEST_HDR
(trafficserver) 06/07: AVX-53179: Make 'Ensure TLS' an action and not a match condition
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch avx-53179 in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit 82b7f9dc8d9ba6fc8e494359362148ad782eaead Author: Susan Hinrichs AuthorDate: Wed Jul 10 20:25:57 2024 + AVX-53179: Make 'Ensure TLS' an action and not a match condition --- aviatrix/plugins/avx_policy_driver/policy.h| 1 + .../plugins/avx_policy_driver/policy_driver.cc | 4 +- aviatrix/plugins/avx_policy_driver/web_filter.cc | 90 +++--- 3 files changed, 48 insertions(+), 47 deletions(-) diff --git a/aviatrix/plugins/avx_policy_driver/policy.h b/aviatrix/plugins/avx_policy_driver/policy.h index 72ffbd163b..eb76587806 100644 --- a/aviatrix/plugins/avx_policy_driver/policy.h +++ b/aviatrix/plugins/avx_policy_driver/policy.h @@ -18,6 +18,7 @@ enum PolicyResult { POLICY_IDS, POLICY_CONTINUE, POLICY_ERROR, + POLICY_REQUIRE_TLS, POLICY_END, }; diff --git a/aviatrix/plugins/avx_policy_driver/policy_driver.cc b/aviatrix/plugins/avx_policy_driver/policy_driver.cc index 0acabbfa7e..19898e8fe9 100644 --- a/aviatrix/plugins/avx_policy_driver/policy_driver.cc +++ b/aviatrix/plugins/avx_policy_driver/policy_driver.cc @@ -145,6 +145,7 @@ policy_sni(TSCont cont, TSEvent event, void *edata) TSUserArgSet(ssl_vc, CertifierPolicyIndex, reinterpret_cast(static_cast(1))); TSVConnReenable(ssl_vc); break; + case POLICY_REQUIRE_TLS: case POLICY_DROP: default: Dbg(dbg_ctl, "Filter drop"); @@ -188,9 +189,10 @@ transaction_start(TSCont cont, TSEvent event, void *edata) // Continue processing TSHttpTxnReenable(txnp, TS_EVENT_HTTP_CONTINUE); break; + case POLICY_REQUIRE_TLS: case POLICY_DROP: default: -Dbg(dbg_ctl, "URL Filter drop"); +Dbg(dbg_ctl, "Txn Filter drop"); // TODO, I assume continuing with ERROR will cause the transaction to fail // This will end up returning a 50x status code, we could replace this with a 401 // unauthorized or something configurable to the customer's pleasing. We would need to diff --git a/aviatrix/plugins/avx_policy_driver/web_filter.cc b/aviatrix/plugins/avx_policy_driver/web_filter.cc index 3a90a3ee16..e7437bd2dd 100644 --- a/aviatrix/plugins/avx_policy_driver/web_filter.cc +++ b/aviatrix/plugins/avx_policy_driver/web_filter.cc @@ -85,14 +85,14 @@ public: private: bool logAndWatchResult(const char *stage, PolicyResult result, struct sockaddr_in *client_addr, struct sockaddr_in *server_addr, const char *sni_hostname, const char *url, int policy_offset, int decrypt_policy_offset); - PolicyResult checkAction(int policy_offset); + PolicyResult checkAction(TSVConn vc, int policy_offset); MatchResult MatchTuple(int policy_offset, struct sockaddr_in *client_addr, struct sockaddr_in *server_addr); MatchResult MatchWebFilter(int policy_offset, std::string_view sni_target, std::string_view url_target); bool HasWebFilters(int policy_offset); bool IsLogPolicy(int policy_offset); bool IsWatchPolicy(int policy_offset); - bool MeetFlowRequirements(int policy_offset, TSHttpTxn txnp); bool AllowsDecrypt(int policy_offset); + bool TlsRequirementMet(TSVConn vc, int policy_offst); void SetGenerationNumber(PolicyEvalInfo *policy_eval_info); int GetGenerationNumber(PolicyEvalInfo *policy_eval_info); void SetPolicyOffset(PolicyEvalInfo *policy_eval_info, int policy_offset); @@ -317,11 +317,35 @@ PolicyHolder::AllowsDecrypt(int policy_offset) return false; } +bool +PolicyHolder::TlsRequirementMet(TSVConn vc, int policy_offset) +{ + if (policy_offset < this->current_config->policies_size()) { +const Layer7Policy &policy = this->current_config->policies(policy_offset); +if (policy.flow_app_requirement() == Layer7Policy_FlowApp_TLS_REQUIRED) { + Dbg(dbg_ctl, "Check TLS_REQUIRED"); + if (!TSVConnIsSsl(vc)) { +Dbg(dbg_ctl, "Failed TLS_REQUIRED"); +return false; + } +} +Dbg(dbg_ctl, "Passed TLS_REQUIRED"); +return true; + } + Dbg(dbg_ctl, "Check TLS_REQUIRED includes too high %d", policy_offset); + return false; +} + PolicyResult -PolicyHolder::checkAction(int policy_offset) +PolicyHolder::checkAction(TSVConn vc, int policy_offset) { if (policy_offset < this->current_config->policies_size()) { const Layer7Policy &policy = this->current_config->policies(policy_offset); +// Is this required to be TLS? +if (!this->TlsRequirementMet(vc, policy_offset)) { + return POLICY_REQUIRE_TLS; +} +// Passed the TLS requirement if present switch (policy.action()) { case Layer7Policy_Action_INTRUSION_DETECTION: return POLICY_IDS; @@ -483,24 +507,28 @@ PolicyHolder::internalEvaluatePolicySni(TSVConn ssl_vc, PolicyEvalI
(trafficserver) branch avx-53179 created (now 12bae2b9cc)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch avx-53179 in repository https://gitbox.apache.org/repos/asf/trafficserver.git at 12bae2b9cc Fix logging reason This branch includes the following new commits: new 9e9164df44 AVX-33061: Move to ATS10 new 39860c2d9a AVX-43612: Preserve CAP_NET_RAW on startup (#121) new 2ea3642263 AVX-54729: fix memory leak new b9917c14bb Merge pull request #122 from AviatrixDev/AVX-54729-fix-memory-leak new 420f527eac AVX-45480: update plugin to support non-http/non-tls traffic (#124) new 82b7f9dc8d AVX-53179: Make 'Ensure TLS' an action and not a match condition new 12bae2b9cc Fix logging reason The 7 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
(trafficserver) branch avx-45480 deleted (was d4b5faebac)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch avx-45480 in repository https://gitbox.apache.org/repos/asf/trafficserver.git was d4b5faebac AVX-45480: update plugin to support non-http/non-tls traffic This change permanently discards the following revisions: discard d4b5faebac AVX-45480: update plugin to support non-http/non-tls traffic discard 39860c2d9a AVX-43612: Preserve CAP_NET_RAW on startup (#121) discard 9e9164df44 AVX-33061: Move to ATS10
(trafficserver) 02/03: AVX-43612: Preserve CAP_NET_RAW on startup (#121)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch avx-45480 in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit 39860c2d9a3760740f3e1d2342a604b248da3164 Author: Susan Hinrichs AuthorDate: Tue May 7 10:54:30 2024 -0500 AVX-43612: Preserve CAP_NET_RAW on startup (#121) --- src/tscore/ink_cap.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tscore/ink_cap.cc b/src/tscore/ink_cap.cc index 9b28428400..6944e007e3 100644 --- a/src/tscore/ink_cap.cc +++ b/src/tscore/ink_cap.cc @@ -266,7 +266,7 @@ RestrictCapabilities() cap_t caps_orig = cap_get_proc(); // Capabilities we need. - cap_value_t perm_list[] = {CAP_NET_ADMIN, CAP_NET_BIND_SERVICE, CAP_IPC_LOCK, CAP_DAC_OVERRIDE, CAP_FOWNER}; + cap_value_t perm_list[] = {CAP_NET_ADMIN, CAP_NET_BIND_SERVICE, CAP_IPC_LOCK, CAP_DAC_OVERRIDE, CAP_FOWNER, CAP_NET_RAW}; static int const PERM_CAP_COUNT = sizeof(perm_list) / sizeof(*perm_list); cap_value_t eff_list[] = {CAP_NET_ADMIN, CAP_NET_BIND_SERVICE, CAP_IPC_LOCK}; static int const EFF_CAP_COUNT = sizeof(eff_list) / sizeof(*eff_list);
(trafficserver) branch avx-45480 created (now d4b5faebac)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch avx-45480 in repository https://gitbox.apache.org/repos/asf/trafficserver.git at d4b5faebac AVX-45480: update plugin to support non-http/non-tls traffic This branch includes the following new commits: new 9e9164df44 AVX-33061: Move to ATS10 new 39860c2d9a AVX-43612: Preserve CAP_NET_RAW on startup (#121) new d4b5faebac AVX-45480: update plugin to support non-http/non-tls traffic The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
(trafficserver) 03/03: AVX-45480: update plugin to support non-http/non-tls traffic
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch avx-45480 in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit d4b5faebacf518c6a221a0c0fe4de1f53a69efde Author: Susan Hinrichs AuthorDate: Tue Jul 9 22:51:56 2024 + AVX-45480: update plugin to support non-http/non-tls traffic --- aviatrix/10_0_0.0001/configs/records.yaml | 2 +- .../plugins/avx_policy_driver/policy_driver.cc | 64 -- 2 files changed, 61 insertions(+), 5 deletions(-) diff --git a/aviatrix/10_0_0.0001/configs/records.yaml b/aviatrix/10_0_0.0001/configs/records.yaml index 9bb22a8a5f..4283faa171 100644 --- a/aviatrix/10_0_0.0001/configs/records.yaml +++ b/aviatrix/10_0_0.0001/configs/records.yaml @@ -126,7 +126,7 @@ ts: # Specify server addresses and ports to bind for HTTP and HTTPS. Docs: # https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html#proxy.config.http.server_ports ## -server_ports: 8443:ssl:tr-full:allow-plain +server_ports: 8443:ssl:tr-full:allow-plain:tr-pass server_session_sharing: match: none diff --git a/aviatrix/plugins/avx_policy_driver/policy_driver.cc b/aviatrix/plugins/avx_policy_driver/policy_driver.cc index dbf878cefb..0acabbfa7e 100644 --- a/aviatrix/plugins/avx_policy_driver/policy_driver.cc +++ b/aviatrix/plugins/avx_policy_driver/policy_driver.cc @@ -148,8 +148,8 @@ policy_sni(TSCont cont, TSEvent event, void *edata) case POLICY_DROP: default: Dbg(dbg_ctl, "Filter drop"); -// int ssl_fd = TSVConnFdGet(ssl_vc); -// close(ssl_fd); +int ssl_fd = TSVConnFdGet(ssl_vc); +close(ssl_fd); // One might think that the TSVConnClose would be more appropriate // than just closing the file descriptor. But calling TSVConnClose // with or without the reenable just causes a core dump. Presume it is a problem @@ -202,6 +202,60 @@ transaction_start(TSCont cont, TSEvent event, void *edata) return TS_SUCCESS; } +static int +tunnel_start(TSCont cont, TSEvent event, void *edata) +{ + TSHttpTxn txnp = reinterpret_cast(edata); + // Need to determine and skip if we entered this tunnel as the result of the first pass of policy evaluation + TSTxnType retval = TSHttpTxnTypeGet(txnp); + Dbg(dbg_ctl, "Tunnel Start event=%d type=%d", event, retval); + if (retval != TS_TXN_TYPE_TR_PASS_TUNNEL) { +Dbg(dbg_ctl, "No more policy for this tunnel"); +TSHttpTxnReenable(txnp, TS_EVENT_HTTP_CONTINUE); +return TS_SUCCESS; + } + Dbg(dbg_ctl, "TR PASS Tunnel"); + + // Is a policy loaded? + if (!IsPolicyLoaded()) { +// Big error if not +TSError("[%s] Policy not loaded at tunnel start", PLUGIN_NAME); +TSHttpTxnReenable(txnp, TS_EVENT_HTTP_ERROR); +return TS_ERROR; + } + + // Is there more policy to interpret + uint64_t policy_offset = get_l7_policy_offset(txnp); + Dbg(dbg_ctl, "Tunnel Policy Offset=0x%" PRIX64, policy_offset); + auto result = EvaluatePolicyTxn(txnp, &policy_offset); + switch (result) { + case POLICY_PERMIT: +Dbg(dbg_ctl, "No IDS policy, permit the tunnel and move on"); +TSHttpTxnReenable(txnp, TS_EVENT_HTTP_CONTINUE); +break; + case POLICY_IDS: +Dbg(dbg_ctl, "Tunnel IDS policy, continue"); +TSUserArgSet(txnp, IDSPolicyTxnIndex, reinterpret_cast(static_cast(1))); +// Continue processing +TSHttpTxnReenable(txnp, TS_EVENT_HTTP_CONTINUE); +break; + case POLICY_DROP: + default: +Dbg(dbg_ctl, "tunnel drop"); +int fd = -1; +TSHttpTxnClientFdGet(txnp, &fd); +close(fd); +// TODO, I assume continuing with ERROR will cause the transaction to fail +// This will end up returning a 50x status code, we could replace this with a 401 +// unauthorized or something configurable to the customer's pleasing. We would need to +// set a hook on the send client response to adjust the status code and message. +TSHttpTxnReenable(txnp, TS_EVENT_HTTP_ERROR); +return TS_ERROR; +break; + } + return TS_SUCCESS; +} + static int connection_start(TSCont cont, TSEvent event, void *edata) { @@ -264,11 +318,13 @@ TSPluginInit(int argc, const char *argv[]) if (stats_timeout <= 0) { stats_timeout = 60; } -TSCont start_contp = TSContCreate(connection_start, NULL); -TSCont start_txn_contp = TSContCreate(transaction_start, NULL); +TSCont start_contp= TSContCreate(connection_start, NULL); +TSCont start_txn_contp= TSContCreate(transaction_start, NULL); +TSCont start_tunnel_contp = TSContCreate(tunnel_start, NULL); // Trigger on connection start, apply hooks on txn start as necssary TSHttpHookAdd(TS_VCONN_START_HOOK, start_contp); TSHttpHookAdd(TS_HTTP_READ_REQUEST_HDR_HOOK, sta
(trafficserver) branch avx-ats10 created (now a31995236e)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch avx-ats10 in repository https://gitbox.apache.org/repos/asf/trafficserver.git at a31995236e Add another file This branch includes the following new commits: new 98ea2783ee Move Aviatrix plugins to ats10 new a1f9a051cf Checkpoint dagger changes new a31995236e Add another file The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
(trafficserver) 02/03: Checkpoint dagger changes
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch avx-ats10 in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit a1f9a051cf930c1400427784012d09e2bd63913f Author: Susan Hinrichs AuthorDate: Thu Mar 28 21:18:06 2024 + Checkpoint dagger changes --- .gitignore | 2 +- CMakePresets.json | 20 + aviatrix/10_0_0.0001/avx-gw-trafficserver.service | 18 + aviatrix/10_0_0.0001/configs/logging.yaml | 53 ++ aviatrix/10_0_0.0001/configs/plugin.config | 15 + aviatrix/10_0_0.0001/configs/records.yaml | 224 aviatrix/10_0_0.0001/control | 6 + .../10_0_0.0001/logrotate/avx-gw-trafficserver | 11 + aviatrix/10_0_0.0001/postinst | 25 + aviatrix/build/.gitignore | 3 + aviatrix/build/docker_scripts/env_command.sh | 179 ++ aviatrix/build/docker_scripts/setup_debug.sh | 3 + aviatrix/build/docker_scripts/setup_local.sh | 94 aviatrix/build/docker_scripts/setup_release.sh | 3 + aviatrix/build/dockerfile-atsbuild | 116 aviatrix/build/dockerfile-atsbuildv2 | 61 +++ aviatrix/build/dockerfile-buildtools | 37 ++ aviatrix/build/dockerfile-openssl | 51 ++ aviatrix/build/makeprotos.sh | 3 + aviatrix/build/setup_build_tools.sh| 21 + aviatrix/build/setup_build_tools_1.sh | 66 +++ aviatrix/build/setup_build_tools_2.sh | 24 + aviatrix/dagger/Makefile | 59 ++ aviatrix/dagger/build.go | 605 + aviatrix/dagger/build_manifest.sh | 27 + aviatrix/dagger/builder.sh | 13 + aviatrix/dagger/go.mod | 23 + aviatrix/dagger/go.sum | 48 ++ aviatrix/dagger/main.go| 312 +++ aviatrix/plugins/avx_certifier/CMakeLists.txt | 2 +- aviatrix/plugins/avx_policy_driver/CMakeLists.txt | 23 +- 31 files changed, 2140 insertions(+), 7 deletions(-) diff --git a/.gitignore b/.gitignore index e1fd4bc749..65e49bb2b8 100644 --- a/.gitignore +++ b/.gitignore @@ -44,7 +44,7 @@ m4/ltversion.m4 m4/lt~obsolete.m4 # common directory name for out-of-tree CMake builds -build* +#build* configs/records.yaml.default configs/storage.config.default diff --git a/CMakePresets.json b/CMakePresets.json index 4ea2a27dda..fcf3a3a6e4 100644 --- a/CMakePresets.json +++ b/CMakePresets.json @@ -375,6 +375,26 @@ "CMAKE_CXX_FLAGS_DEBUG": "--coverage", "CMAKE_C_FLAGS_DEBUG": "--coverage" } +}, +{ + "name": "aviatrix", + "displayName": "Aviatrix", + "description": "Aviatrix Presets", + "inherits": ["release"], + "generator": "Unix Makefiles", + "cacheVariables": { +"CMAKE_BUILD_TYPE": "RelWithDebInfo", +"jemalloc_ROOT": "/usr", +"ENABLE_LUAJIT": false, +"ENABLE_JEMALLOC": true, +"ENABLE_MIMALLOC": false, +"ENABLE_MALLOC_ALLOCATOR": true, + "ENABLE_AUTEST": false, +"BUILD_EXPERIMENTAL_PLUGINS": false, +"BUILD_REGRESSION_TESTING": false, + "CLOUDN_SOURCE_ROOT": "/src/cloudn", + "CMAKE_INSTALL_PREFIX": "/opt/ats/ats_10.0.0" + } } ], "buildPresets": [ diff --git a/aviatrix/10_0_0.0001/avx-gw-trafficserver.service b/aviatrix/10_0_0.0001/avx-gw-trafficserver.service new file mode 100644 index 00..90fb3b88ee --- /dev/null +++ b/aviatrix/10_0_0.0001/avx-gw-trafficserver.service @@ -0,0 +1,18 @@ +[Unit] +Description=Service that runs the trafficserver + + +[Service] +Type=simple +User=ats-user +ExecStart=-/opt/ats/ats_10.0.0/bin/traffic_server --bind_stdout /var/log/tslogs/traffic.out --bind_stderr /var/log/tslogs/traffic.out +Restart=on-failure +RestartSec=5s +LimitNOFILE=100 +PIDFile=/opt/ats/ats_10.0.0/var/trafficserver/server.lock +TimeoutStopSec=5s +#ExecReload=@exp_bindir@/traffic_ctl config reload +KillMode=process + +[Install] +WantedBy=multi-user.target diff --git a/aviatrix/10_0_0.0001/configs/logging.yaml b/aviatrix/10_0_0.0001/configs/logging.yaml new file mode 100755 index 00..087e2cde40 --- /dev/null +++ b/aviatrix/10_0_0.0001/configs/logging.yaml @@ -0,0 +1,53 @@ +# Custom log configuration +# +# Documentation on logging: +# https://docs.trafficserver.apache.org/en/9.0.x/admin-guide/logging/index.en.html +# +# Do
(trafficserver) 03/03: Add another file
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch avx-ats10 in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit a31995236e822f9789f978ad996df6d133e7dbc9 Author: Susan Hinrichs AuthorDate: Thu Mar 28 21:18:51 2024 + Add another file --- aviatrix/plugins/CMakeLists.txt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/aviatrix/plugins/CMakeLists.txt b/aviatrix/plugins/CMakeLists.txt new file mode 100644 index 00..cf0996dd6e --- /dev/null +++ b/aviatrix/plugins/CMakeLists.txt @@ -0,0 +1,3 @@ +add_subdirectory(avx_tee_decrypt) +add_subdirectory(avx_certifier) +add_subdirectory(avx_policy_driver)
(trafficserver) branch master updated: Adjust ReturnCode for MakeATSProcess on ubuntu22 (#10904)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new 11c3f8d82c Adjust ReturnCode for MakeATSProcess on ubuntu22 (#10904) 11c3f8d82c is described below commit 11c3f8d82c52203da82d1442ed9d2228cc3e6c21 Author: Susan Hinrichs AuthorDate: Tue Dec 12 10:15:50 2023 -0600 Adjust ReturnCode for MakeATSProcess on ubuntu22 (#10904) --- tests/gold_tests/next_hop/strategies_ch/strategies_ch.test.py| 1 + tests/gold_tests/next_hop/strategies_ch2/strategies_ch2.test.py | 1 + tests/gold_tests/next_hop/strategies_stale/strategies_stale.test.py | 1 + .../gold_tests/next_hop/zzz_strategies_peer/zzz_strategies_peer.test.py | 1 + .../next_hop/zzz_strategies_peer2/zzz_strategies_peer2.test.py | 1 + tests/gold_tests/pluginTest/prefetch/prefetch_bignum.test.py | 1 + tests/gold_tests/pluginTest/prefetch/prefetch_overflow.test.py | 1 + tests/gold_tests/pluginTest/prefetch/prefetch_simple.test.py | 1 + 8 files changed, 8 insertions(+) diff --git a/tests/gold_tests/next_hop/strategies_ch/strategies_ch.test.py b/tests/gold_tests/next_hop/strategies_ch/strategies_ch.test.py index 29f67ec417..d8d48bf704 100644 --- a/tests/gold_tests/next_hop/strategies_ch/strategies_ch.test.py +++ b/tests/gold_tests/next_hop/strategies_ch/strategies_ch.test.py @@ -59,6 +59,7 @@ for i in range(num_nh): 'proxy.config.dns.resolv_conf': "NULL", }) ts.Disk.remap_config.AddLine(f"map / http://127.0.0.1:{server.Variables.Port}";) +ts.ReturnCode = Any(0, -2) ts_nh.append(ts) ts = Test.MakeATSProcess("ts") diff --git a/tests/gold_tests/next_hop/strategies_ch2/strategies_ch2.test.py b/tests/gold_tests/next_hop/strategies_ch2/strategies_ch2.test.py index 08331fc64d..1dde7079db 100644 --- a/tests/gold_tests/next_hop/strategies_ch2/strategies_ch2.test.py +++ b/tests/gold_tests/next_hop/strategies_ch2/strategies_ch2.test.py @@ -62,6 +62,7 @@ for i in range(num_nh): ts_nh.append(ts) ts = Test.MakeATSProcess("ts", use_traffic_out=False, command="traffic_server 2> trace.log") +ts.ReturnCode = Any(0, -2) ts.Disk.records_config.update( { diff --git a/tests/gold_tests/next_hop/strategies_stale/strategies_stale.test.py b/tests/gold_tests/next_hop/strategies_stale/strategies_stale.test.py index 10ed23c6d0..582bb6bdcc 100644 --- a/tests/gold_tests/next_hop/strategies_stale/strategies_stale.test.py +++ b/tests/gold_tests/next_hop/strategies_stale/strategies_stale.test.py @@ -55,6 +55,7 @@ ts_nh.Disk.records_config.update( 'proxy.config.dns.resolv_conf': "NULL", }) ts_nh.Disk.remap_config.AddLine(f"map / http://127.0.0.1:{server.Variables.Port}";) +ts_nh.ReturnCode = Any(0, -2) ts = Test.MakeATSProcess("ts") diff --git a/tests/gold_tests/next_hop/zzz_strategies_peer/zzz_strategies_peer.test.py b/tests/gold_tests/next_hop/zzz_strategies_peer/zzz_strategies_peer.test.py index f5f977301c..13b4cea6fe 100644 --- a/tests/gold_tests/next_hop/zzz_strategies_peer/zzz_strategies_peer.test.py +++ b/tests/gold_tests/next_hop/zzz_strategies_peer/zzz_strategies_peer.test.py @@ -71,6 +71,7 @@ num_peer = 8 ts_peer = [] for i in range(num_peer): ts = Test.MakeATSProcess(f"ts_peer{i}", use_traffic_out=False, command=f"traffic_server 2> trace_peer{i}.log") +ts.ReturnCode = Any(0, -2) ts_peer.append(ts) for i in range(num_peer): ts = ts_peer[i] diff --git a/tests/gold_tests/next_hop/zzz_strategies_peer2/zzz_strategies_peer2.test.py b/tests/gold_tests/next_hop/zzz_strategies_peer2/zzz_strategies_peer2.test.py index adaea1b389..9d28939005 100644 --- a/tests/gold_tests/next_hop/zzz_strategies_peer2/zzz_strategies_peer2.test.py +++ b/tests/gold_tests/next_hop/zzz_strategies_peer2/zzz_strategies_peer2.test.py @@ -71,6 +71,7 @@ num_peer = 8 ts_peer = [] for i in range(num_peer): ts = Test.MakeATSProcess(f"ts_peer{i}", use_traffic_out=False, command=f"traffic_server 2> trace_peer{i}.log") +ts.ReturnCode = Any(0, -2) ts_peer.append(ts) for i in range(num_peer): ts = ts_peer[i] diff --git a/tests/gold_tests/pluginTest/prefetch/prefetch_bignum.test.py b/tests/gold_tests/pluginTest/prefetch/prefetch_bignum.test.py index 198f71f644..698a79edc4 100644 --- a/tests/gold_tests/pluginTest/prefetch/prefetch_bignum.test.py +++ b/tests/gold_tests/pluginTest/prefetch/prefetch_bignum.test.py @@ -57,6 +57,7 @@ ts.Disk.remap_config.AddLine( f"map http://domain.in http://127.0.0.1:{server.Variables.Port}"; + " @plugin=cachekey.so @pparam=--remove-all-params=true" " @plugin=prefetch.so" + " @pparam
(trafficserver) branch master updated: Simplify bad-fmt test use of nc (#10861)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new 780b51c8c8 Simplify bad-fmt test use of nc (#10861) 780b51c8c8 is described below commit 780b51c8c84d5c4e5aa54170a8b4d38c74e4c727 Author: Susan Hinrichs AuthorDate: Thu Nov 30 16:43:04 2023 -0600 Simplify bad-fmt test use of nc (#10861) --- tests/gold_tests/bad_http_fmt/bad_http_fmt.test.py | 159 ++--- tests/gold_tests/bad_http_fmt/method-server.sh | 44 ++ tests/gold_tests/bad_http_fmt/server.gold | 18 +-- 3 files changed, 151 insertions(+), 70 deletions(-) diff --git a/tests/gold_tests/bad_http_fmt/bad_http_fmt.test.py b/tests/gold_tests/bad_http_fmt/bad_http_fmt.test.py index 8e84e18e1e..58959f5a0a 100644 --- a/tests/gold_tests/bad_http_fmt/bad_http_fmt.test.py +++ b/tests/gold_tests/bad_http_fmt/bad_http_fmt.test.py @@ -28,6 +28,52 @@ random_method = "xyzxyz" ts = Test.MakeATSProcess("ts") +Test.GetTcpPort("upstream_port") + +method_server = Test.Processes.Process("method-server", "bash -c '" + Test.TestDirectory + + f"/method-server.sh {Test.Variables.upstream_port} outserver'") + +server = Test.MakeOriginServer("server", ssl=False) +request_header = { +"headers": "GET {}/0 HTTP/1.1\r\nX-Req-Id: 0\r\nHost: example.com\r\n\r\n".format(random_path), +"timestamp": "1469733493.993", +"body": ""} +response_header = { +"headers": "HTTP/1.1 200 OK\r\nX-Resp-Id: 1\r\nConnection: close\r\n\r\n", +"timestamp": "1469733493.993", +"body": ""} +server.addResponse("sessionlog.json", request_header, response_header) + +request_header = { +"headers": "GET {}/1 HTTP/1.1\r\nX-Req-Id: 1\r\nHost: example.com\r\n\r\n".format(random_path), +"timestamp": "1469733493.993", +"body": ""} +response_header = { +"headers": "HTTP/1.1 200 OK\r\nX-Resp-Id: 2\r\nConnection: close\r\n\r\n", +"timestamp": "1469733493.993", +"body": ""} +server.addResponse("sessionlog.json", request_header, response_header) + +request_header = { +"headers": "GET /example/1 HTTP/1.1\r\nX-Req-Id: 6\r\nHost: example.com\r\n\r\n", +"timestamp": "1469733493.993", +"body": ""} +response_header = { +"headers": "HTTP/1.1 200 OK\r\nX-Resp-Id: 3\r\nConnection: close\r\n\r\n", +"timestamp": "1469733493.993", +"body": ""} +server.addResponse("sessionlog.json", request_header, response_header) + +request_header = { +"headers": "GET /example/2 HTTP/1.1\r\nX-Req-Id: 7\r\nHost: example.com\r\n\r\n", +"timestamp": "1469733493.993", +"body": ""} +response_header = { +"headers": "HTTP/1.1 200 OK\r\nX-Resp-Id: 4\r\nConnection: close\r\n\r\n", +"timestamp": "1469733493.993", +"body": ""} +server.addResponse("sessionlog.json", request_header, response_header) + ts.Disk.records_config.update({ 'proxy.config.diags.debug.enabled': 1, 'proxy.config.diags.debug.tags': 'http|dns', @@ -55,108 +101,111 @@ ts.Disk.ip_allow_yaml.AddLines([ ' - GET' ]) -Test.GetTcpPort("server_port") - - -def server_cmd(resp_id): -dq = '"' -return (fr"(nc -o server{resp_id}.log " + -fr"--sh-exec 'sleep 1 ; printf {dq}HTTP/1.1 200 OK\r\n" + -fr"X-Resp-Id: {resp_id}\r\n" + -fr"Content-Length: 0\r\n\r\n{dq}' " + -fr"-l 127.0.0.1 {Test.Variables.server_port} & )") - +ts.Disk.remap_config.AddLine( +'map /add-method http://127.0.0.1:{0}/'.format(Test.Variables.upstream_port) +) +ts.Disk.remap_config.AddLine( +'map / http://127.0.0.1:{0}/'.format(server.Variables.Port) +) # Even if the request from the client is HTTP version 1.0, ATS's request to server will be HTTP version 1.1. # -tr = Test.AddTestRun() +tr = Test.AddTestRun("success-1.0") tr.Processes.Default.StartBefore(ts) +tr.Processes.Default.StartBefore(server) tr.Processes.Default.Command = ( -server_cmd(1) + -fr" ; printf 'GET {random_path}HTTP/1.0\r\n" + -fr"Host: localhost:{Test.Variables.server_port}\r\n"
(trafficserver) branch master updated: Fix double to watch for done like the other continuation tests (#10874)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new cd2e49031c Fix double to watch for done like the other continuation tests (#10874) cd2e49031c is described below commit cd2e49031c7918a066fb31fb091dfafaf6fb818e Author: Susan Hinrichs AuthorDate: Thu Nov 30 13:10:31 2023 -0600 Fix double to watch for done like the other continuation tests (#10874) --- tests/gold_tests/continuations/double.test.py | 37 +-- 1 file changed, 23 insertions(+), 14 deletions(-) diff --git a/tests/gold_tests/continuations/double.test.py b/tests/gold_tests/continuations/double.test.py index 52b11ca694..110c971984 100644 --- a/tests/gold_tests/continuations/double.test.py +++ b/tests/gold_tests/continuations/double.test.py @@ -81,24 +81,33 @@ tr.StillRunningAfter = ts # Signal that all the curl processes have completed and poll for done metric tr = Test.AddTestRun("Curl Done") -tr.Processes.Default.Command = ( -"traffic_ctl plugin msg done done ; " -"N=60 ; " -"while (( N > 0 )) ; " -"do " -"sleep 1 ; " -'if [[ "$$( traffic_ctl metric get continuations_verify.test.done )" = ' -'"continuations_verify.test.done 1" ]] ; then exit 0 ; ' -"fi ; " -"let N=N-1 ; " -"done ; " -"echo TIMEOUT ; " -"exit 1" -) +tr.Processes.Default.Command = "traffic_ctl plugin msg done done" tr.Processes.Default.ReturnCode = 0 tr.Processes.Default.Env = ts.Env tr.StillRunningAfter = ts + +def make_done_stat_ready(tsenv): +def done_stat_ready(process, hasRunFor, **kw): +retval = subprocess.run( +"traffic_ctl metric get continuations_verify.test.done", +shell=True, +stdout=subprocess.PIPE, +stderr=subprocess.STDOUT, +env=tsenv) +return retval.returncode == 0 and b'1' in retval.stdout + +return done_stat_ready + + +watcher = Test.Processes.Process("watcher", "sleep 20") + +tr = Test.AddTestRun("Wait for stats") +tr.Processes.Default.StartBefore(watcher, ready=make_done_stat_ready(ts.Env)) +tr.Processes.Default.Command = "traffic_ctl metric get continuations_verify.test.done" +tr.Processes.Default.ReturnCode = 0 +tr.Processes.Default.Env = ts.Env + # number of sessions/transactions opened and closed are equal tr = Test.AddTestRun("Check Ssn") tr.Processes.Default.Command = comparator_command.format('ssn')
(trafficserver) branch master updated: Remove netcat from bigobj test (#10866)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new 1ce86a82b6 Remove netcat from bigobj test (#10866) 1ce86a82b6 is described below commit 1ce86a82b63ce33756af68c8da1c3fb6d12fb2c6 Author: Susan Hinrichs AuthorDate: Thu Nov 30 10:38:29 2023 -0600 Remove netcat from bigobj test (#10866) --- tests/CMakeLists.txt | 1 - tests/gold_tests/bigobj/CMakeLists.txt | 19 -- tests/gold_tests/bigobj/bigobj.test.py | 112 +++-- tests/gold_tests/bigobj/check_ramp.c | 57 - tests/gold_tests/bigobj/log2.gold | 4 -- tests/gold_tests/bigobj/push_request.c | 79 --- 6 files changed, 66 insertions(+), 206 deletions(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index d58dcd3265..afd94746d3 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -27,7 +27,6 @@ function(ADD_AUTEST_PLUGIN _NAME) endfunction() add_subdirectory(tools/plugins) -add_subdirectory(gold_tests/bigobj) add_subdirectory(gold_tests/chunked_encoding) add_subdirectory(gold_tests/continuations/plugins) add_subdirectory(gold_tests/jsonrpc/plugins) diff --git a/tests/gold_tests/bigobj/CMakeLists.txt b/tests/gold_tests/bigobj/CMakeLists.txt deleted file mode 100644 index b56709f853..00 --- a/tests/gold_tests/bigobj/CMakeLists.txt +++ /dev/null @@ -1,19 +0,0 @@ -### -# -# Licensed to the Apache Software Foundation (ASF) under one or more contributor license -# agreements. See the NOTICE file distributed with this work for additional information regarding -# copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software distributed under the License -# is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express -# or implied. See the License for the specific language governing permissions and limitations under -# the License. -# -### - -add_executable(check_ramp check_ramp.c) -add_executable(push_request push_request.c) diff --git a/tests/gold_tests/bigobj/bigobj.test.py b/tests/gold_tests/bigobj/bigobj.test.py index b46f417878..30b82541ee 100644 --- a/tests/gold_tests/bigobj/bigobj.test.py +++ b/tests/gold_tests/bigobj/bigobj.test.py @@ -28,11 +28,6 @@ Test.SkipUnless( Condition.HasCurlFeature('http2') ) -# push_request and check_ramp are built via `make`. Here we copy the built binary down to the test -# directory so that the test runs in this file can use it. -Test.Setup.Copy(os.path.join(Test.Variables.AtsBuildGoldTestsDir, 'bigobj', 'push_request')) -Test.Setup.Copy(os.path.join(Test.Variables.AtsBuildGoldTestsDir, 'bigobj', 'check_ramp')) - ts = Test.MakeATSProcess("ts1", enable_tls=True) ts.addDefaultSSLFiles() @@ -52,65 +47,88 @@ ts.Disk.ssl_multicert_config.AddLine( ) ts.Disk.remap_config.AddLine( -'map https://localhost http://localhost' +f'map https://localhost:{ts.Variables.ssl_port} http://localhost:{ts.Variables.port}' +) +ts.Disk.remap_config.AddLine( +f'map https://localhost:{ts.Variables.ssl_portv6} http://localhost:{ts.Variables.port}' ) - -# Set up to check the output after the tests have run. -# -log_id = Test.Disk.File("log2.txt") -log_id.Content = "log2.gold" # Size of object to get. (NOTE: If you increase this significantly you may also have to increase cache # capacity in tests/gold_tests/autest-size/min_cfg/storage.config. Also, for very large objects, if # proxy.config.diags.debug.enabled is 1, the PUSH request will timeout and fail.) # obj_kilobytes = 10 * 1024 +obj_bytes = obj_kilobytes * 10 +header = "HTTP/1.1 200 OK\r\nContent-length: {}\r\n\r\n".format(obj_bytes) + + +def create_pushfile(): +f = open(Test.RunDirectory + "/objfile", "w") +f.write(header) +f.write("x" * obj_bytes) +f.close() +return True + tr = Test.AddTestRun("PUSH an object to the cache") # Delay on readiness of TS IPv4 ssl port -tr.Processes.Default.StartBefore(ts) -# +tr.Processes.Default.StartBefore(ts, ready=lambda: create_pushfile()) # Put object with URL http://localhost/bigobj in cache using PUSH request. -tr.Processes.Default.Command = ( -f'./push_request {obj_kilobytes} | nc localhost {ts.Variables.port}' -) +tr.Processes.Default.Command = "curl -v -H 'C
(trafficserver) branch master updated: Fix logging path for regex_revalidate_state (#10884)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new 95baa7e23d Fix logging path for regex_revalidate_state (#10884) 95baa7e23d is described below commit 95baa7e23dc714901dc067167be4f29258bf929f Author: Susan Hinrichs AuthorDate: Thu Nov 30 09:59:12 2023 -0600 Fix logging path for regex_revalidate_state (#10884) --- .../pluginTest/regex_revalidate/regex_revalidate_state.test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/gold_tests/pluginTest/regex_revalidate/regex_revalidate_state.test.py b/tests/gold_tests/pluginTest/regex_revalidate/regex_revalidate_state.test.py index 88cdf836f2..74fd575f8a 100644 --- a/tests/gold_tests/pluginTest/regex_revalidate/regex_revalidate_state.test.py +++ b/tests/gold_tests/pluginTest/regex_revalidate/regex_revalidate_state.test.py @@ -61,7 +61,7 @@ response_header_0 = {"headers": server.addResponse("sessionlog.json", request_header_0, response_header_0) reval_conf_path = os.path.join(ts.Variables.CONFIGDIR, 'reval.conf') -reval_state_path = os.path.join(Test.Variables.RUNTIMEDIR, 'reval.state') +reval_state_path = os.path.join(ts.Variables.RUNTIMEDIR, 'reval.state') # Configure ATS server ts.Disk.plugin_config.AddLine(
(trafficserver) branch master updated: Fix nc use in tls-forward-test (#10887)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new 8dce458105 Fix nc use in tls-forward-test (#10887) 8dce458105 is described below commit 8dce45810577179229b67f2c247226764236a418 Author: Susan Hinrichs AuthorDate: Thu Nov 30 09:58:34 2023 -0600 Fix nc use in tls-forward-test (#10887) --- tests/gold_tests/tls/test-nc-s_client.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/gold_tests/tls/test-nc-s_client.sh b/tests/gold_tests/tls/test-nc-s_client.sh index f08574e045..58ddaf743a 100644 --- a/tests/gold_tests/tls/test-nc-s_client.sh +++ b/tests/gold_tests/tls/test-nc-s_client.sh @@ -23,5 +23,5 @@ if openssl s_client --help 2>&1 | grep -q ignore_unexpected_eof then ignore_unexpected_eof='-ignore_unexpected_eof' fi -nc -l -p "$1" -c 'echo -e "This is a reply"' -o test.out & -echo "This is a test" | openssl s_client -servername bar.com -connect "localhost:$2" -ign_eof ${ignore_unexpected_eof} "${@:3}" +echo -e "This is a reply" | nc -l "$1" > test.out & +echo "This is a test" | openssl s_client -servername bar.com -connect "localhost:$2" -ign_eof ${ignore_unexpected_eof}
(trafficserver) branch master updated: Fix remap_inc test for systems with dash (#10885)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new 40961fbf69 Fix remap_inc test for systems with dash (#10885) 40961fbf69 is described below commit 40961fbf69d33d9a19e8e0be706101efef4a3a7b Author: Susan Hinrichs AuthorDate: Wed Nov 29 19:47:42 2023 -0600 Fix remap_inc test for systems with dash (#10885) --- tests/gold_tests/traffic_ctl/remap_inc/remap_inc.test.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/gold_tests/traffic_ctl/remap_inc/remap_inc.test.py b/tests/gold_tests/traffic_ctl/remap_inc/remap_inc.test.py index 11b6541711..747be4333d 100644 --- a/tests/gold_tests/traffic_ctl/remap_inc/remap_inc.test.py +++ b/tests/gold_tests/traffic_ctl/remap_inc/remap_inc.test.py @@ -74,8 +74,8 @@ tr.Processes.Default.ReturnCode = 0 tr.StillRunningAfter = ts tr = Test.AddTestRun("Get response from generator") -tr.Processes.Default.Command = ( -f'test $$(curl --proxy 127.0.0.1:{ts.Variables.port} http://example.four/nocache/5 | wc -c) == 5' -) +tr.Processes.Default.Command = f'curl --proxy 127.0.0.1:{ts.Variables.port} http://example.four/nocache/5' tr.Processes.Default.ReturnCode = 0 tr.StillRunningAfter = ts +tr.Processes.Default.Streams.All = Testers.ContainsExpression("x", "Contains generated text") +tr.Processes.Default.Streams.All += Testers.ExcludesExpression("xx", "Not too much data")
(trafficserver) branch master updated: Adjust nc usage in fix-post-early-return test (#10878)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new 0758341592 Adjust nc usage in fix-post-early-return test (#10878) 0758341592 is described below commit 0758341592b9ace99b71ae6a31e678483531140d Author: Susan Hinrichs AuthorDate: Wed Nov 29 15:26:52 2023 -0600 Adjust nc usage in fix-post-early-return test (#10878) --- tests/gold_tests/post/delay_client.sh | 25 ++ tests/gold_tests/post/delay_client2.sh | 27 +++ tests/gold_tests/post/delay_client3.sh | 26 +++ tests/gold_tests/post/post-early-return.test.py | 61 ++--- tests/gold_tests/post/server1.sh| 41 + 5 files changed, 164 insertions(+), 16 deletions(-) diff --git a/tests/gold_tests/post/delay_client.sh b/tests/gold_tests/post/delay_client.sh new file mode 100644 index 00..a2774becd7 --- /dev/null +++ b/tests/gold_tests/post/delay_client.sh @@ -0,0 +1,25 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +request () +{ + printf "POST /four HTTP/1.1\r\nHost: bob\r\nContent-Length: 20\r\n\r\n1234567890" + sleep 4 + printf "0123456789" +} + +outfile=$2 +request | nc 127.0.0.1 $1 > "$outfile" diff --git a/tests/gold_tests/post/delay_client2.sh b/tests/gold_tests/post/delay_client2.sh new file mode 100644 index 00..33f6f8b2c8 --- /dev/null +++ b/tests/gold_tests/post/delay_client2.sh @@ -0,0 +1,27 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +request () +{ + printf "POST /five HTTP/1.1\r\nHost: bob\r\nContent-Length: 20\r\n\r\n" + sleep 1 + printf "1234567890" + sleep 4 + printf "0123456789" +} + +outfile=$2 +request | nc 127.0.0.1 $1 > "$outfile" diff --git a/tests/gold_tests/post/delay_client3.sh b/tests/gold_tests/post/delay_client3.sh new file mode 100644 index 00..2f4de3a457 --- /dev/null +++ b/tests/gold_tests/post/delay_client3.sh @@ -0,0 +1,26 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +request () +{ + printf "POST /six HTTP/1.1\r\nHost: bob\r\nContent-Length: 20\r\n\r\n" + printf "1234567890" + sleep 4 + printf "0123456789" +} + +outfile=$2 +request | nc 127.0.0.1 $1 > "$outfile" diff --git a/tests/gold_tests/post/post-early-return.test.py b/tests/gold_tests/post/post-early-return.test.py index af9debbb64..1c13e97388 100644 --- a/tests/g
(trafficserver) branch master updated (da1f392084 -> 38cd7e984f)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git from da1f392084 Coverity 1523685: Use of 32-bit time_t in test_mime (#10855) add 38cd7e984f Adjust gold file to deal curl case differences (#10875) No new revisions were added by this update. Summary of changes: tests/gold_tests/h2/gold/httpbin_0_stderr.gold | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
(trafficserver) branch allow-plain deleted (was 1be584aa52)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch allow-plain in repository https://gitbox.apache.org/repos/asf/trafficserver.git was 1be584aa52 Address Maskit's comments The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
(trafficserver) branch simplify-bigobj deleted (was 122151592a)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch simplify-bigobj in repository https://gitbox.apache.org/repos/asf/trafficserver.git was 122151592a Finish cleaning out cmake The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
(trafficserver) branch fix-timeout-tests deleted (was 5f9285b5ea)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch fix-timeout-tests in repository https://gitbox.apache.org/repos/asf/trafficserver.git was 5f9285b5ea Fix idle wait time The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
(trafficserver) branch fix-timeout-tests created (now 5f9285b5ea)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch fix-timeout-tests in repository https://gitbox.apache.org/repos/asf/trafficserver.git at 5f9285b5ea Fix idle wait time This branch includes the following new commits: new 5f9285b5ea Fix idle wait time The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
(trafficserver) 01/01: Fix idle wait time
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch fix-timeout-tests in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit 5f9285b5ea4af637482884baa03c50985cff4278 Author: Susan Hinrichs AuthorDate: Wed Nov 29 17:42:35 2023 + Fix idle wait time --- tests/gold_tests/timeout/create_request.sh | 17 - 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/tests/gold_tests/timeout/create_request.sh b/tests/gold_tests/timeout/create_request.sh index 83e962dd1f..df7cdc2ccd 100755 --- a/tests/gold_tests/timeout/create_request.sh +++ b/tests/gold_tests/timeout/create_request.sh @@ -16,5 +16,20 @@ # See the License for the specific language governing permissions and # limitations under the License. -(printf "GET / HTTP/1.1" | nc -w 11 127.0.0.1 $1) +# Different vresions of nc have different wait options, +# so falling back to shell +printf "GET / HTTP/1.1" | nc 127.0.0.1 $1 & +targetPID=$! +count=11 +while [ $count -gt 0 ] +do + sleep 1 + output=`ps uax | grep $targetPID | grep "nc "` + if [ -z "$output" ] # process is gone + then + exit 0 + fi + count=`expr $count - 1` +done +kill $targetPID
(trafficserver) branch master updated: Remove unnecessary nc to fix u22 test (#10868)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new 870e242eee Remove unnecessary nc to fix u22 test (#10868) 870e242eee is described below commit 870e242eee6d382750ad383abde03e416314bba0 Author: Susan Hinrichs AuthorDate: Wed Nov 29 10:57:55 2023 -0600 Remove unnecessary nc to fix u22 test (#10868) --- tests/gold_tests/headers/cache_and_req_body.test.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/gold_tests/headers/cache_and_req_body.test.py b/tests/gold_tests/headers/cache_and_req_body.test.py index dfdda324fa..95b4ebd400 100644 --- a/tests/gold_tests/headers/cache_and_req_body.test.py +++ b/tests/gold_tests/headers/cache_and_req_body.test.py @@ -99,8 +99,8 @@ tr.StillRunningAfter = ts # Test 2 - 200 cached response and using netcat tr = Test.AddTestRun() -tr.Processes.Default.Command = "printf 'GET / HTTP/1.1\r\n''x-debug: x-cache,x-cache-key,via\r\n''Host: www.example.com\r\n''\r\n'|nc 127.0.0.1 -w 1 {port}".format( -port=ts.Variables.port) +tr.Processes.Default.Command = 'curl -s -D - -v --ipv4 --http1.1 -H "x-debug: x-cache,x-cache-key,via" -H "Host: www.example.com" http://localhost:{}'.format( +ts.Variables.port) tr.Processes.Default.ReturnCode = 0 tr.Processes.Default.Streams.stdout = Testers.CurlHeader(cache_and_req_body_hit) tr.StillRunningAfter = ts
(trafficserver) branch master updated: Fix connect test for ubuntu22 (#10869)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new ab521556a1 Fix connect test for ubuntu22 (#10869) ab521556a1 is described below commit ab521556a1e098a098a24651798641f225cb7d97 Author: Susan Hinrichs AuthorDate: Wed Nov 29 10:57:04 2023 -0600 Fix connect test for ubuntu22 (#10869) --- tests/gold_tests/connect/gold/connect_0_stderr.gold | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/gold_tests/connect/gold/connect_0_stderr.gold b/tests/gold_tests/connect/gold/connect_0_stderr.gold index c114dc4cf4..48aad129bc 100644 --- a/tests/gold_tests/connect/gold/connect_0_stderr.gold +++ b/tests/gold_tests/connect/gold/connect_0_stderr.gold @@ -1,5 +1,5 @@ `` -* Connected to 127.0.0.1 (127.0.0.1) port `` +* Connected to `` (127.0.0.1) port `` `` * Establish HTTP proxy tunnel to foo.com:80 > CONNECT foo.com:80 HTTP/1.1
(trafficserver) 01/01: Finish cleaning out cmake
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch simplify-bigobj in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit 122151592aaf5f9fb988f31821ec0603e53adfa7 Author: Susan Hinrichs AuthorDate: Wed Nov 29 05:47:00 2023 + Finish cleaning out cmake --- tests/CMakeLists.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index d58dcd3265..afd94746d3 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -27,7 +27,6 @@ function(ADD_AUTEST_PLUGIN _NAME) endfunction() add_subdirectory(tools/plugins) -add_subdirectory(gold_tests/bigobj) add_subdirectory(gold_tests/chunked_encoding) add_subdirectory(gold_tests/continuations/plugins) add_subdirectory(gold_tests/jsonrpc/plugins)
(trafficserver) branch simplify-bigobj created (now 122151592a)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch simplify-bigobj in repository https://gitbox.apache.org/repos/asf/trafficserver.git at 122151592a Finish cleaning out cmake This branch includes the following new commits: new 122151592a Finish cleaning out cmake The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
(trafficserver) branch master updated: Fix chunked-encoding test to run with more basic netcat (#10853)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new 959a1b8aac Fix chunked-encoding test to run with more basic netcat (#10853) 959a1b8aac is described below commit 959a1b8aac2eb0bfc2ce176fcbc0b3e89c84cc62 Author: Susan Hinrichs AuthorDate: Tue Nov 28 17:29:50 2023 -0600 Fix chunked-encoding test to run with more basic netcat (#10853) --- tests/gold_tests/chunked_encoding/case1.sh | 19 - tests/gold_tests/chunked_encoding/case2.sh | 19 - tests/gold_tests/chunked_encoding/case3.sh | 19 - tests/gold_tests/chunked_encoding/case4.sh | 20 - .../chunked_encoding/chunked_encoding.test.py | 8 -- .../chunked_encoding/chunked_encoding_h2.test.py | 33 ++ tests/gold_tests/chunked_encoding/delay-server.sh | 31 +--- tests/gold_tests/chunked_encoding/server2.sh | 27 -- tests/gold_tests/chunked_encoding/server3.sh | 27 -- tests/gold_tests/chunked_encoding/server4.sh | 29 +-- 10 files changed, 131 insertions(+), 101 deletions(-) diff --git a/tests/gold_tests/chunked_encoding/case1.sh b/tests/gold_tests/chunked_encoding/case1.sh deleted file mode 100644 index 4262283977..00 --- a/tests/gold_tests/chunked_encoding/case1.sh +++ /dev/null @@ -1,19 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -nc -l ${2} -o outserver1 -c "sh ./delay-server.sh" & -sleep 1 -nghttp -vv https://127.0.0.1:${1}/delay-chunked-response diff --git a/tests/gold_tests/chunked_encoding/case2.sh b/tests/gold_tests/chunked_encoding/case2.sh deleted file mode 100644 index be4d76f57c..00 --- a/tests/gold_tests/chunked_encoding/case2.sh +++ /dev/null @@ -1,19 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -nc -l ${2} -o outserver2 -c "sh ./server2.sh" & -sleep 1 -curl --http2 -k https://127.0.0.1:${1}/post --verbose -H "Transfer-encoding: chunked" -d "Knock knock" diff --git a/tests/gold_tests/chunked_encoding/case3.sh b/tests/gold_tests/chunked_encoding/case3.sh deleted file mode 100644 index 4af2d92b9d..00 --- a/tests/gold_tests/chunked_encoding/case3.sh +++ /dev/null @@ -1,19 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -nc -l ${2} -o outserver3 -c "sh ./server3.sh" & -sleep 1 -curl --http2 -k htt
[trafficserver] branch master updated (5fbffc7df3 -> ef6f092731)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git from 5fbffc7df3 Fix unchecked dynamic_cast (#10483) add ef6f092731 Add support for transform plugins on tunnels. (#10314) No new revisions were added by this update. Summary of changes: .../hooks-and-transactions/adding-hooks.en.rst | 4 +- .../plugins/hooks-and-transactions/index.en.rst| 7 ++ proxy/http/HttpSM.cc | 42 +-- proxy/http/HttpSM.h| 9 ++ proxy/http/HttpTunnel.h| 4 +- src/api/InkAPI.cc | 13 ++- .../{txn_type.test.py => tunnel_transform.test.py} | 97 tests/gold_tests/tunnel/txn_type.test.py | 4 +- tests/tools/plugins/Makefile.inc | 3 + .../tools/plugins/tunnel_transform.cc | 124 +++-- 10 files changed, 183 insertions(+), 124 deletions(-) copy tests/gold_tests/tunnel/{txn_type.test.py => tunnel_transform.test.py} (65%) copy example/plugins/c-api/null_transform/null_transform.cc => tests/tools/plugins/tunnel_transform.cc (70%)
[trafficserver] branch master updated (38a247671f -> 63b4f0937c)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git from 38a247671f Coverity 1518592: check cachekey valid (#10491) add 63b4f0937c Add TS_HTTP_TUNNEL_START_HOOK and TSHttpTxnTypeGet API (#10308) No new revisions were added by this update. Summary of changes: ...tpHdrTypeGet.en.rst => TSHttpTxnTypeGet.en.rst} | 7 +- .../{TSRecordType.en.rst => TSTxnType.en.rst} | 27 ++-- .../hooks-and-transactions/adding-hooks.en.rst | 6 + include/ts/apidefs.h.in| 9 ++ include/ts/ts.h| 10 ++ proxy/ProxySession.cc | 1 + proxy/http/HttpDebugNames.cc | 7 + proxy/http/HttpSM.cc | 10 +- proxy/http/HttpTransact.h | 1 + src/api/InkAPI.cc | 18 +++ src/api/InkAPITest.cc | 1 + tests/gold_tests/tunnel/txn_type.test.py | 169 + tests/tools/plugins/CMakeLists.txt | 1 + tests/tools/plugins/Makefile.inc | 3 + tests/tools/plugins/hook_tunnel_plugin.cc | 104 + 15 files changed, 356 insertions(+), 18 deletions(-) copy doc/developer-guide/api/functions/{TSHttpHdrTypeGet.en.rst => TSHttpTxnTypeGet.en.rst} (89%) copy doc/developer-guide/api/types/{TSRecordType.en.rst => TSTxnType.en.rst} (60%) create mode 100644 tests/gold_tests/tunnel/txn_type.test.py create mode 100644 tests/tools/plugins/hook_tunnel_plugin.cc
[trafficserver] branch start-tunnel-hook deleted (was e47ef31749)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch start-tunnel-hook in repository https://gitbox.apache.org/repos/asf/trafficserver.git was e47ef31749 Add connect method test case The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
[trafficserver] 01/01: Add connect method test case
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch start-tunnel-hook in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit e47ef3174960c955e059f16d3079fff4cfe1817c Author: Susan Hinrichs AuthorDate: Mon Sep 25 16:22:04 2023 + Add connect method test case --- tests/gold_tests/tunnel/txn_type.test.py | 27 ++- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/tests/gold_tests/tunnel/txn_type.test.py b/tests/gold_tests/tunnel/txn_type.test.py index af61541c66..85f854f340 100644 --- a/tests/gold_tests/tunnel/txn_type.test.py +++ b/tests/gold_tests/tunnel/txn_type.test.py @@ -50,10 +50,12 @@ Test.PrepareTestPlugin(os.path.join(Test.Variables.AtsTestPluginsDir, server.addResponse("sessionfile.log", request_header, response_header) server.addResponse("sessionfile.log", request_tunnel_header, response_tunnel_header) ts.Disk.records_config.update({ -'proxy.config.diags.debug.enabled': 0, -'proxy.config.diags.debug.tags': 'http|ssl|test', +'proxy.config.diags.debug.enabled': 1, +'proxy.config.diags.debug.tags': 'http|test', 'proxy.config.ssl.server.cert.path': '{0}'.format(ts.Variables.SSLDir), -'proxy.config.ssl.server.private_key.path': '{0}'.format(ts.Variables.SSLDir) +'proxy.config.ssl.server.private_key.path': '{0}'.format(ts.Variables.SSLDir), +'proxy.config.ssl.client.verify.server.policy': 'PERMISSIVE', +'proxy.config.http.connect_ports': '{0}'.format(server.Variables.SSL_Port) }) ts.Disk.ssl_multicert_config.AddLine( @@ -61,7 +63,7 @@ ts.Disk.ssl_multicert_config.AddLine( ) ts.Disk.remap_config.AddLine( -'map http://http-test:{0} http://127.0.0.1:{1}'.format( +'map https://http-test:{0}/ https://127.0.0.1:{1}/'.format( ts.Variables.ssl_port, server.Variables.SSL_Port) ) @@ -76,6 +78,8 @@ cmd_http = 'curl -k --http1.1 -H "Connection: close" -vs --resolve "http-test:{0 ts.Variables.ssl_port) cmd_tunnel = 'curl -k --http1.1 -H "Connection: close" -vs --resolve "tunnel-test:{0}:127.0.0.1" https://tunnel-test:{0}/'.format( ts.Variables.ssl_port) +cmd_connect = 'curl -k --http1.1 -H "Connection: close" -vs --resolve "connect-proxy:{0}:127.0.0.1" -x http://connect-proxy:{0} --resolve "http-test:{1}:127.0.0.1" https://http-test:{1}/'.format( +ts.Variables.port, ts.Variables.ssl_port) # Send the http request tr = Test.AddTestRun("send http request") @@ -85,6 +89,7 @@ tr.Processes.Default.ReturnCode = 0 tr.Processes.Default.StartBefore(server, ready=When.PortOpen(server.Variables.SSL_Port)) tr.Processes.Default.StartBefore(Test.Processes.ts) tr.StillRunningAfter = ts +tr.StillRunningAfter = server # Send the tunnel request tr = Test.AddTestRun("send tunnel request") @@ -92,7 +97,18 @@ tr.Processes.Default.Env = ts.Env tr.Processes.Default.Command = cmd_tunnel tr.Processes.Default.ReturnCode = 0 tr.StillRunningAfter = ts +tr.StillRunningAfter = server +# Send the connect request +# while the connect method will set up a tunnel, it is processed in ATS as a +# transaction rather than a blind tunnel directly. Plugs can differentiate on the +# method to determine whether a connect tunnel will be set up +tr = Test.AddTestRun("send connect request") +tr.Processes.Default.Env = ts.Env +tr.Processes.Default.Command = cmd_connect +tr.Processes.Default.ReturnCode = 0 +tr.StillRunningAfter = ts +tr.StillRunningAfter = server # Signal that all the curl processes have completed tr = Test.AddTestRun("Curl Done") @@ -101,6 +117,7 @@ tr.Processes.Default.Command = "traffic_ctl plugin msg done done" tr.Processes.Default.ReturnCode = 0 tr.Processes.Default.Env = ts.Env tr.StillRunningAfter = ts +tr.StillRunningAfter = server # Parking this as a ready tester on a meaningless process # To stall the test runs that check for the stats until the @@ -147,6 +164,6 @@ tr.Processes.Default.Command = 'traffic_ctl metric get txn_type_verify.http.req' tr.Processes.Default.ReturnCode = 0 tr.Processes.Default.Env = ts.Env tr.Processes.Default.Streams.stdout = Testers.ContainsExpression( -"txn_type_verify.http.req 1", 'Should have a http request.') +"txn_type_verify.http.req 2", 'Should have a http request.') tr.StillRunningAfter = ts tr.StillRunningAfter = server
[trafficserver] branch start-tunnel-hook created (now e47ef31749)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch start-tunnel-hook in repository https://gitbox.apache.org/repos/asf/trafficserver.git at e47ef31749 Add connect method test case This branch includes the following new commits: new e47ef31749 Add connect method test case The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
[trafficserver] branch start-tunnel-hook deleted (was acd321487d)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch start-tunnel-hook in repository https://gitbox.apache.org/repos/asf/trafficserver.git was acd321487d Update cmake for new test plugin The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
[trafficserver] branch reloadable-server-policy deleted (was a385c9c37f)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch reloadable-server-policy in repository https://gitbox.apache.org/repos/asf/trafficserver.git was a385c9c37f Address Damian's comments The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
[trafficserver] branch start-tunnel-hook created (now acd321487d)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch start-tunnel-hook in repository https://gitbox.apache.org/repos/asf/trafficserver.git at acd321487d Update cmake for new test plugin No new revisions were added by this update.
[trafficserver] branch master updated (26db54022d -> 17d918a4de)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git from 26db54022d [Fuzzing] move build.sh in trafficserver (#10466) add 17d918a4de Add allow-plain server ports attribute (#9574) No new revisions were added by this update. Summary of changes: doc/admin-guide/files/records.yaml.en.rst | 7 ++ include/records/I_RecHttp.h| 3 + iocore/net/P_SSLNetVConnection.h | 15 iocore/net/P_SSLNextProtocolAccept.h | 3 +- iocore/net/SSLNetVConnection.cc| 100 +++-- iocore/net/SSLNextProtocolAccept.cc| 57 +++- proxy/ProtocolProbeSessionAccept.cc| 10 ++- proxy/http/HttpProxyServerMain.cc | 2 +- src/records/RecHttp.cc | 18 tests/gold_tests/tls/allow-plain.test.py | 94 +++ .../replay/allow-plain.replay.yaml}| 16 11 files changed, 291 insertions(+), 34 deletions(-) create mode 100644 tests/gold_tests/tls/allow-plain.test.py copy tests/gold_tests/{post/replay/post-continue.replay.yaml => tls/replay/allow-plain.replay.yaml} (81%)
[trafficserver] branch allow-plain updated (3de3260bba -> 1be584aa52)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch allow-plain in repository https://gitbox.apache.org/repos/asf/trafficserver.git from 3de3260bba Fix conflicting contants add 1be584aa52 Address Maskit's comments No new revisions were added by this update. Summary of changes: iocore/net/SSLNextProtocolAccept.cc | 16 +--- 1 file changed, 5 insertions(+), 11 deletions(-)
[trafficserver] branch allow-plain updated (72f067875b -> 3de3260bba)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch allow-plain in repository https://gitbox.apache.org/repos/asf/trafficserver.git omit 72f067875b Back out the recursion tracking memory solution omit 0652345797 fix rebase omit 1578222c3c Avoid ink-assert for stopped ep omit 69716d7cd4 Fix use after free issue omit 2aa925e99d At least issue a warning if someone tries to enable quic and allow-plain omit 89137f777d Address comments and fix 32K buffer issue omit d7d6d52d4a Remove assert omit 1341d1e2e8 Fix nullptr crash identified by CICD omit 2e99e66848 Add doc and comment out unrelated line that is offending OSX omit 991eb34aef Add allow-plain server ports attribute add ac2e2df8d1 Add allow-plain server ports attribute add cca5a99ded Fix use after free issue add 467112f1aa Back out the recursion tracking memory solution add 3de3260bba Fix conflicting contants This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (72f067875b) \ N -- N -- N refs/heads/allow-plain (3de3260bba) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. No new revisions were added by this update. Summary of changes: iocore/net/SSLNetVConnection.cc | 9 ++--- tests/gold_tests/tls/allow-plain.test.py | 2 +- 2 files changed, 7 insertions(+), 4 deletions(-)
[trafficserver] branch allow-plain updated (0652345797 -> 72f067875b)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch allow-plain in repository https://gitbox.apache.org/repos/asf/trafficserver.git from 0652345797 fix rebase add 72f067875b Back out the recursion tracking memory solution No new revisions were added by this update. Summary of changes: iocore/net/P_UnixNetVConnection.h | 3 --- iocore/net/SSLNetVConnection.cc | 7 --- iocore/net/UnixNetVConnection.cc | 21 - 3 files changed, 8 insertions(+), 23 deletions(-)
[trafficserver] branch allow-plain updated (a2fe5fe2ce -> 0652345797)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch allow-plain in repository https://gitbox.apache.org/repos/asf/trafficserver.git omit a2fe5fe2ce Avoid ink-assert for stopped ep omit 556f122391 Fix use after free issue omit 7eac946a2f At least issue a warning if someone tries to enable quic and allow-plain omit 21b6fc563e Address comments and fix 32K buffer issue omit a2ecafd721 Remove assert omit b4ff09175c Fix nullptr crash identified by CICD omit ca800c2fde Add doc and comment out unrelated line that is offending OSX omit b29b7e7f3e Add allow-plain server ports attribute add b6fa5a8d9e Plugin promotions, deprecations and deletions (#10303) add 541d174c8e Fix ip_allow optional methods specification (#10246) add bb1d435161 cmake: add tests for proxy/hdrs (#10283) add 068e184c81 setup default install path, runtime user and group (#10299) add f3631b11fc cmake: add unit tests for proxy/logging (#10301) add 6e56c81c17 add tests for src/records (#10302) add 2320ca36a6 Cmake: Add tests in proxy/http proxy/http2 (#10305) add e06d2404ed cmake: add tests for proxy/http3 (#10310) add ac37de5191 cmake: Add support for building benchmarks (#10316) add 70e2127e3a Fix lua plugin build (#10319) add c5d7b19d60 Update Proxy Verifier to v2.10.1 (#10322) add d7c19675e9 Make bad disk detection more robust (#10317) add 6f2194ee06 Remove test references to DelayTransformation.so (#10325) add 030afacb56 Constify cachekey tables and reduce aliasing. (#10311) add a727dcc361 Fix example plugins build (#10326) add d50428d9a8 Adjust CMakeLists with git worktree (#10298) add de68cd0224 cmake: add unit tests from mgmt/rpc (#10366) add cd3a3ea0ab Cmake autest (#10327) add 04c04e3c6e Disable copying/moving for DbgCtl. (#10321) add 3a5707f1b0 Add tests for disk failure (#10192) add 8b7c494aeb Eliminate unreachable code covered by switch default (#10370) add a4527f0488 Fixes some build issues that happens with other changes (#10374) add adac616644 Fix a couple of Coverity issues in health check plugin, around filenames (#10371) add fb41acc0c8 money_trace cid 1518569: string not null terminated (#10373) add f37fd7586e Fix more build dep issues, for later PRs to work (#10376) add f738aea0ed Allow DbgCtl tag to be set after instance construction. (#10375) add 6108d51dca Minor parent.config a/an change (#10372) add 6219de1dff Fixes the TSMgmt metrics APIs for new API metrics (#10379) add dcc83d3a70 Fix slice head request memory issue (#10285) add 9d3d3c2fce CID 1516688: Fix uninitialized member of AcceptOptions (#10152) add 62abe06545 Give a chance to send a response before receiving next request on H2 (#9997) add 964cd49fe5 prefetch_cmcd: make autests more robust by removing need for gold file wildcard (#10382) add 1f407a65ad Coverity 1518612: Remove dead code (#10384) add 18b3d553b9 fix: check whether a protocol is enabled during the length calculation in create_npn_advertisement (#10381) add 10081d6b22 make alternate tests wait a multiple of cache_config_mutex_retry_delay (#10378) add 48862f272d URL.cc: url_length_get consider ipv6 address with added [] (#10387) add b8e033a96e Restores the traffic_server option for --maxRecords (#10388) add 1232001b23 Removes all HostDB persistent storage (#10368) add a9bb761020 JSONRPC handler: Add check for the lifecycle hooks. (#10312) add 943358110b Don't set port number as part of hostname (#10386) add cf64a4d590 Fix bug with reverse dns lookup from hosts files (#10392) add 7884ff376c check return values, log errors, and more tests (#10383) add 561665d582 Coverity 1518564: fix off by one (#10401) add b34977f8cb CID-1508987 (#10398) add ecbc7d051c CID-1508974 (#10397) add ac849aa9a9 cmake: Add remaining plugins without external deps (#10395) add 752ab5a0e3 include/ts: comma on all last enum elements (#10400) add 7ddb721c4f Add TSVConnFdGet api (#10324) add 1952751112 Preserve unmapped url regardless of need for remapping (#10304) add 12e492ff14 Add support for OCSP requests by GET method (#10306) add 282526427b cmake: Generate files in rc, install the trafficserver script (#10367) add f03109c6bc Move InkAPI.cc into src/api (#10315) add 07d72fcd90 Removes unused Errata functions from WCCP (#10380) add 39341bdfbc Fixes some make test build problems (#10402) add 55f6901951 Remove deprecated debug output functions from 21 source files. (#9683) add 236b749b2b Allow origins to do TLS renegotiation (#10385) add 2dd01b51b3 Fix hwloc build (#10406) add 561b409f65 Fixed differences between cmake rc files and autotools (#10408) add 991eb34aef Add allow-plain server ports attribute add 2e99e66848 Add doc and co
[trafficserver] branch master updated (561b409f65 -> 4fc1aac569)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git from 561b409f65 Fixed differences between cmake rc files and autotools (#10408) add 4fc1aac569 Fix use-after-free issue (#10399) No new revisions were added by this update. Summary of changes: proxy/http/HttpSM.cc | 3 +++ 1 file changed, 3 insertions(+)
[trafficserver] branch master updated (752ab5a0e3 -> 7ddb721c4f)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git from 752ab5a0e3 include/ts: comma on all last enum elements (#10400) add 7ddb721c4f Add TSVConnFdGet api (#10324) No new revisions were added by this update. Summary of changes: .../{TSHttpHdrReasonLookup.en.rst => TSVConnFdGet.en.rst} | 8 +--- include/ts/ts.h | 2 ++ src/traffic_server/InkAPI.cc | 8 3 files changed, 15 insertions(+), 3 deletions(-) copy doc/developer-guide/api/functions/{TSHttpHdrReasonLookup.en.rst => TSVConnFdGet.en.rst} (83%)
[trafficserver] branch allow-plain updated (556f122391 -> a2fe5fe2ce)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch allow-plain in repository https://gitbox.apache.org/repos/asf/trafficserver.git from 556f122391 Fix use after free issue add a2fe5fe2ce Avoid ink-assert for stopped ep No new revisions were added by this update. Summary of changes: iocore/net/SSLNetVConnection.cc | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-)
[trafficserver] branch allow-plain updated (7eac946a2f -> 556f122391)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch allow-plain in repository https://gitbox.apache.org/repos/asf/trafficserver.git from 7eac946a2f At least issue a warning if someone tries to enable quic and allow-plain add 556f122391 Fix use after free issue No new revisions were added by this update. Summary of changes: iocore/net/P_UnixNetVConnection.h | 3 +++ iocore/net/SSLNetVConnection.cc | 7 +++ iocore/net/UnixNetVConnection.cc | 21 + 3 files changed, 23 insertions(+), 8 deletions(-)
[trafficserver] branch aviatrix-integrate-ats10 deleted (was a2f4f3aa28)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch aviatrix-integrate-ats10 in repository https://gitbox.apache.org/repos/asf/trafficserver.git was a2f4f3aa28 memory fixes for ats10 in our environment This change permanently discards the following revisions: discard a2f4f3aa28 memory fixes for ats10 in our environment discard 0b8e165f72 Fix clang-format target discard 36bba73bc5 Another checkpoint. This one installs and starts up discard dabfcb5dc0 Checkpoint discard 811eb3ef6f Checkpoint discard 05b7e30583 Merge branch 'allow-plain' into add-tunnel-transform
[trafficserver] branch aviatrix-integrate-ats10 created (now a2f4f3aa28)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch aviatrix-integrate-ats10 in repository https://gitbox.apache.org/repos/asf/trafficserver.git at a2f4f3aa28 memory fixes for ats10 in our environment This branch includes the following new commits: new 05b7e30583 Merge branch 'allow-plain' into add-tunnel-transform new 811eb3ef6f Checkpoint new dabfcb5dc0 Checkpoint new 36bba73bc5 Another checkpoint. This one installs and starts up new 0b8e165f72 Fix clang-format target new a2f4f3aa28 memory fixes for ats10 in our environment The 6 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
[trafficserver] 01/06: Merge branch 'allow-plain' into add-tunnel-transform
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch aviatrix-integrate-ats10 in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit 05b7e30583ba365afbfe85663e39331a8289f55e Merge: 6d70defc2f 7eac946a2f Author: Susan Hinrichs AuthorDate: Wed Aug 30 20:46:30 2023 + Merge branch 'allow-plain' into add-tunnel-transform CMakeLists.txt | 25 +-- configure.ac | 29 doc/admin-guide/files/records.yaml.en.rst | 7 + .../testing/blackbox-testing.en.rst| 5 - example/plugins/c-api/cache_scan/cache_scan.cc | 14 +- example/plugins/c-api/remap/remap.cc | 5 +- include/records/I_RecDefs.h| 1 + include/records/I_RecHttp.h| 3 + include/ts/DbgCtl.h| 120 ++ include/ts/Makefile.am | 4 +- include/ts/apidefs.h.in| 5 - include/ts/experimental.h | 4 - include/ts/remap_version.h | 43 + include/ts/ts.h| 49 +- include/tscore/DbgCtl.h| 62 --- include/tscore/Diags.h | 49 ++ include/tscore/DiagsTypes.h| 7 - include/tscore/Trie.h | 4 +- include/tscore/ink_config.h.cmake.in | 5 +- include/tscore/ink_config.h.in | 1 - include/tscore/ink_sys_control.h | 2 + include/tscpp/api/Cleanup.h| 11 -- iocore/aio/AIO.cc | 184 + iocore/aio/I_AIO.h | 69 iocore/aio/P_AIO.h | 33 iocore/aio/test_AIO.cc | 9 - iocore/cache/Cache.cc | 85 +- iocore/cache/CacheDir.cc | 2 +- iocore/cache/CacheHosting.cc | 4 +- iocore/cache/CacheRead.cc | 29 ++-- iocore/cache/CacheWrite.cc | 2 +- iocore/dns/DNS.cc | 4 +- iocore/dns/P_DNSProcessor.h| 2 +- iocore/dns/SplitDNS.cc | 4 +- iocore/eventsystem/I_EThread.h | 10 ++ iocore/eventsystem/I_SocketManager.h | 2 - iocore/eventsystem/UnixEThread.cc | 1 + iocore/net/I_Net.h | 1 - iocore/net/Net.cc | 9 +- iocore/net/P_SSLNetVConnection.h | 15 ++ iocore/net/P_SSLNextProtocolAccept.h | 3 +- iocore/net/P_UnixNet.h | 4 +- iocore/net/PollCont.cc | 2 +- iocore/net/PollCont.h | 4 +- iocore/net/SSLDiags.cc | 10 +- iocore/net/SSLNetVConnection.cc| 92 ++- iocore/net/SSLNextProtocolAccept.cc| 59 --- iocore/net/SSLUtils.cc | 4 +- iocore/net/TLSSessionResumptionSupport.cc | 2 +- iocore/net/UnixNet.cc | 1 - iocore/net/UnixUDPNet.cc | 3 +- iocore/net/test_I_UDPNet.cc| 1 - plugins/background_fetch/background_fetch.cc | 14 +- plugins/cache_promote/cache_promote.cc | 12 +- .../cache_range_requests/cache_range_requests.cc | 13 +- plugins/compress/compress.cc | 13 +- plugins/experimental/cache_fill/cache_fill.cc | 14 +- plugins/experimental/fq_pacing/fq_pacing.cc| 17 +- plugins/experimental/geoip_acl/geoip_acl.cc| 13 +- plugins/experimental/maxmind_acl/maxmind_acl.cc| 13 +- plugins/experimental/money_trace/money_trace.cc| 13 +- .../parent_select/consistenthash_config.cc | 115 ++--- .../experimental/parent_select/parent_select.cc| 17 +- plugins/experimental/rate_limit/ip_reputation.cc | 19 ++- plugins/experimental/rate_limit/rate_limit.cc | 13 +- .../experimental/ssl_session_reuse/src/publish.cc | 4 +- plugins/experimental/uri_signing/uri_signing.cc| 14 +- plugins/experimental/url_sig/url_sig.cc| 13 +- .../experimental/webp_transform/ImageTransform.cc | 24 +-- plugins/header_rewrite/header_rewrite.cc | 18 +- plugins/lua/ts_lua_transform.cc| 4 +- plugins/regex_remap/regex_remap.cc | 13 +- plugins/s3_auth/s3_auth.cc | 13 +- proxy/ProtocolProbeSessionAccept.cc
[trafficserver] 06/06: memory fixes for ats10 in our environment
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch aviatrix-integrate-ats10 in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit a2f4f3aa28026026978715b1843b416863fd2ce1 Author: Susan Hinrichs AuthorDate: Mon Sep 11 16:06:00 2023 + memory fixes for ats10 in our environment --- aviatrix/avx_plugins/tee_decrypt/tee_decrypt.cc | 2 +- iocore/net/P_UnixNetVConnection.h | 2 ++ iocore/net/SSLNetVConnection.cc | 6 ++ iocore/net/UnixNetVConnection.cc| 21 + proxy/http/HttpSM.cc| 1 + 5 files changed, 23 insertions(+), 9 deletions(-) diff --git a/aviatrix/avx_plugins/tee_decrypt/tee_decrypt.cc b/aviatrix/avx_plugins/tee_decrypt/tee_decrypt.cc index 70257c4a1f..23f0635d30 100644 --- a/aviatrix/avx_plugins/tee_decrypt/tee_decrypt.cc +++ b/aviatrix/avx_plugins/tee_decrypt/tee_decrypt.cc @@ -435,7 +435,7 @@ transform_plugin(TSCont contp, TSEvent event, void *edata) return 0; case TS_EVENT_HTTP_READ_RESPONSE_HDR: TSDebug(PLUGIN_NAME, "\tEvent is TS_EVENT_HTTP_READ_RESPONSE_HDR"); -if (TSUserArgGet(txnp, data_arg_index) != nullptr) { +if (data_arg_index != -1 && TSUserArgGet(txnp, data_arg_index) != nullptr) { check_txn_data(txnp); send_response_header(txnp); } diff --git a/iocore/net/P_UnixNetVConnection.h b/iocore/net/P_UnixNetVConnection.h index f978c9e2dc..08c6ba691a 100644 --- a/iocore/net/P_UnixNetVConnection.h +++ b/iocore/net/P_UnixNetVConnection.h @@ -115,6 +115,8 @@ public: void get_local_sa(); + bool testInlineClose(); + // these are not part of the pure virtual interface. They were // added to reduce the amount of duplicate code in classes inherited // from NetVConnection (SSL). diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc index fb84411516..976f1238a4 100644 --- a/iocore/net/SSLNetVConnection.cc +++ b/iocore/net/SSLNetVConnection.cc @@ -586,6 +586,9 @@ SSLNetVConnection::net_read_io(NetHandler *nh, EThread *lthread) // Continue on if we are still in the handshake if (!getSSLHandShakeComplete()) { int err = 0; +// May get into logic that will clean up the current VC +// Increment the recursion to delay do_io_close cleaup. +this->recursion++; if (get_context() == NET_VCONNECTION_OUT) { ret = sslStartHandShake(SSL_EVENT_CLIENT, err); @@ -626,6 +629,7 @@ SSLNetVConnection::net_read_io(NetHandler *nh, EThread *lthread) this->readSignalDone(VC_EVENT_READ_COMPLETE, nh); } } +this->testInlineClose(); return; // Leave if we are tunneling } } @@ -642,6 +646,7 @@ SSLNetVConnection::net_read_io(NetHandler *nh, EThread *lthread) read.triggered = 0; nh->read_ready_list.remove(this); readSignalError(nh, ETIMEDOUT); + this->testInlineClose(); return; } } @@ -677,6 +682,7 @@ SSLNetVConnection::net_read_io(NetHandler *nh, EThread *lthread) } else { readReschedule(nh); } +this->testInlineClose(); return; } diff --git a/iocore/net/UnixNetVConnection.cc b/iocore/net/UnixNetVConnection.cc index ee7fe8a93f..ac2eae6028 100644 --- a/iocore/net/UnixNetVConnection.cc +++ b/iocore/net/UnixNetVConnection.cc @@ -98,10 +98,7 @@ read_signal_and_update(int event, UnixNetVConnection *vc) break; } } - if (!--vc->recursion && vc->closed) { -/* BZ 31932 */ -ink_assert(vc->thread == this_ethread()); -vc->nh->free_netevent(vc); + if (vc->testInlineClose()) { return EVENT_DONE; } else { return EVENT_CONT; @@ -132,10 +129,7 @@ write_signal_and_update(int event, UnixNetVConnection *vc) break; } } - if (!--vc->recursion && vc->closed) { -/* BZ 31932 */ -ink_assert(vc->thread == this_ethread()); -vc->nh->free_netevent(vc); + if (vc->testInlineClose()) { return EVENT_DONE; } else { return EVENT_CONT; @@ -1495,3 +1489,14 @@ UnixNetVConnection::set_tcp_congestion_control(int side) return -1; #endif } + +bool +UnixNetVConnection::testInlineClose() +{ + if (!--this->recursion && this->closed) { +ink_assert(this->thread == this_ethread()); +this->nh->free_netevent(this); +return true; + } + return false; +} diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc index 582cf34737..f3a3304694 100644 --- a/proxy/http/HttpSM.cc +++ b/proxy/http/HttpSM.cc @@ -7487,6 +7487,7 @@ HttpSM::kill_this() server_txn = nullptr; } if (_ua.get_txn()) { + _ua.get_txn()->attach_server_session(nullptr); _ua.get_txn()->transaction_done(); }
[trafficserver] 04/06: Another checkpoint. This one installs and starts up
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch aviatrix-integrate-ats10 in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit 36bba73bc5bda1fcd7987b612ac5fc33b636e32b Author: Susan Hinrichs AuthorDate: Fri Sep 8 16:36:50 2023 + Another checkpoint. This one installs and starts up --- aviatrix/10_0_0.0001/avx-gw-trafficserver.service | 16 aviatrix/10_0_0.0001/configs/logging.yaml | 53 +++ aviatrix/10_0_0.0001/configs/plugin.config | 16 aviatrix/10_0_0.0001/configs/records.yaml | 102 + .../10_0_0.0001/logrotate/avx-gw-trafficserver | 11 +++ aviatrix/10_0_0.0001/postinst | 25 + .../avx_plugins/policy_driver/policy_driver.cc | 5 +- aviatrix/avx_plugins/policy_driver/web_filter.cc | 5 +- build_debs.sh | 62 + include/ts/ts.h| 1 + src/traffic_server/InkAPI.cc | 23 +++-- 11 files changed, 309 insertions(+), 10 deletions(-) diff --git a/aviatrix/10_0_0.0001/avx-gw-trafficserver.service b/aviatrix/10_0_0.0001/avx-gw-trafficserver.service new file mode 100644 index 00..5bf0a6ea7d --- /dev/null +++ b/aviatrix/10_0_0.0001/avx-gw-trafficserver.service @@ -0,0 +1,16 @@ +[Unit] +Description=Service that runs the trafficserver + +[Service] +Type=simple +ExecStart=-/opt/ats/ats_10.0.0/bin/traffic_server -f -F --bind_stdout /var/log/tslogs/traffic.out --bind_stderr /var/log/tslogs/traffic.out +Restart=on-failure +RestartSec=5s +LimitNOFILE=100 +PIDFile=/opt/ats/ats_10.0.0/var/trafficserver/server.lock +TimeoutStopSec=5s +#ExecReload=@exp_bindir@/traffic_ctl config reload +KillMode=process + +[Install] +WantedBy=multi-user.target diff --git a/aviatrix/10_0_0.0001/configs/logging.yaml b/aviatrix/10_0_0.0001/configs/logging.yaml new file mode 100755 index 00..087e2cde40 --- /dev/null +++ b/aviatrix/10_0_0.0001/configs/logging.yaml @@ -0,0 +1,53 @@ +# Custom log configuration +# +# Documentation on logging: +# https://docs.trafficserver.apache.org/en/9.0.x/admin-guide/logging/index.en.html +# +# Documentation on logging.yaml file format: +# https://docs.trafficserver.apache.org/en/9.0.x/admin-guide/files/logging.yaml.en.html +# +# Example log configurations: +# https://docs.trafficserver.apache.org/en/9.0.x/admin-guide/logging/examples.en.html + + +logging: + formats: +# WebTrends Enhanced Log Format. +# +# The following is compatible with the WebTrends Enhanced Log Format. +# If you want to generate a log that can be parsed by WebTrends +# reporting tools, simply create a log that uses this format. +- name: welf + format: |- + id=firewall time="% %" fw=% pri=6 proto=% duration=% sent=% rcvd=% src=% dst=% dstname=% user=% op=% arg="%" result=% ref="%<{Referer}cqh>" agent="%<{user-agent}cqh>" cache=% +# Squid Log Format with seconds resolution timestamp. +# The following is the squid format but with a seconds-only timestamp +# (cqts) instead of a seconds and milliseconds timestamp (cqtq). +- name: squid_seconds_only_timestamp + format: '% % % %/% % % % % %/% %' + +# Squid Log Format. +- name: squid + format: '% % % %/% % % % % %/% %' + +- name: aviatrix + format: 'ts=% ttms=% sni=% meth=% cqpv=% pssc=% cqtr=% cqssl=% chi=% cqql=% shi=% shn=% psql=% sstc=% cquc=%' + +# Common Log Format. +- name: common + format: '% - % [%] "%" % %' + +# Extended Log Format. +- name: 'extended' + format: '% - % [%] "%" % % % % % % % % % % %' + + # Extended2 Log Formats +- name: "extended2" + format: '% - % [%] "%" % % % % % % % % % % % % % % %' + + logs: +- filename: access + format: aviatrix + mode: text + +# vim: set ft=yaml : diff --git a/aviatrix/10_0_0.0001/configs/plugin.config b/aviatrix/10_0_0.0001/configs/plugin.config new file mode 100644 index 00..168bcf691f --- /dev/null +++ b/aviatrix/10_0_0.0001/configs/plugin.config @@ -0,0 +1,16 @@ +# +# plugin.config +# +# Documentation: +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/plugin.config.en.html +# +# Comments start with a '#' and continue to the end of the line +# Blank lines are ignored + +policy_driver.so 5557 +# +tee_decrypt.so 127.255.0.10 127.255.0.20 +# +#use certifier to automatically run with MITM +avx_certifier.so --sign-cert=/opt/ats/ats_9.1.3/etc/local_ca/mitm_ca.cert --sign-key=/opt/ats/ats_9.1.3/etc/local_ca/mitm_ca.key --sign-serial=/opt/ats/ats_9.1.3/var/local_ca/serial.txt --store=/opt/ats/ats_9.1.3/var/local_ca/keys --max=200 +memory_profile.so diff --git a/aviat
[trafficserver] 05/06: Fix clang-format target
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch aviatrix-integrate-ats10 in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit 0b8e165f7242d7accb04cfc83510b815134169e8 Author: Susan Hinrichs AuthorDate: Fri Sep 8 16:37:49 2023 + Fix clang-format target --- Makefile.am | 4 1 file changed, 4 insertions(+) diff --git a/Makefile.am b/Makefile.am index 924a726b68..563874808f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -130,6 +130,7 @@ CLANG_FORMAT_DIR_TARGETS = \ clang-format-include \ clang-format-mgmt \ clang-format-plugins \ + clang-format-avx-plugins \ clang-format-proxy \ clang-format-tools \ clang-format-tests @@ -162,6 +163,9 @@ clang-format-mgmt: clang-format-plugins: @$(top_srcdir)/tools/clang-format.sh $(top_srcdir)/plugins +clang-format-avx-plugins: + @$(top_srcdir)/tools/clang-format.sh $(top_srcdir)/aviatrix/avx_plugins + clang-format-proxy: @$(top_srcdir)/tools/clang-format.sh $(top_srcdir)/proxy
[trafficserver] 03/06: Checkpoint
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch aviatrix-integrate-ats10 in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit dabfcb5dc0f23e9ced6f14843353ba4353e759f2 Author: Susan Hinrichs AuthorDate: Wed Sep 6 19:14:22 2023 + Checkpoint --- Makefile.am | 2 +- aviatrix/{plugins => avx_plugins}/Makefile.am| 0 aviatrix/{plugins => avx_plugins}/avx_certifier/Makefile.inc | 0 aviatrix/{plugins => avx_plugins}/avx_certifier/README | 0 aviatrix/{plugins => avx_plugins}/avx_certifier/avx_certifier.cc | 0 aviatrix/{plugins => avx_plugins}/policy_driver/.gitignore | 0 aviatrix/{plugins => avx_plugins}/policy_driver/Makefile-proto | 0 aviatrix/{plugins => avx_plugins}/policy_driver/Makefile.inc | 0 aviatrix/{plugins => avx_plugins}/policy_driver/empty.cc | 0 aviatrix/{plugins => avx_plugins}/policy_driver/jsonwriter.h | 0 aviatrix/{plugins => avx_plugins}/policy_driver/logging.cc | 0 aviatrix/{plugins => avx_plugins}/policy_driver/logging.h| 0 aviatrix/{plugins => avx_plugins}/policy_driver/plugin.h | 0 aviatrix/{plugins => avx_plugins}/policy_driver/policy.h | 0 aviatrix/{plugins => avx_plugins}/policy_driver/policy_client.cc | 0 aviatrix/{plugins => avx_plugins}/policy_driver/policy_driver.cc | 0 aviatrix/{plugins => avx_plugins}/policy_driver/rules/mitm_test.json | 0 aviatrix/{plugins => avx_plugins}/policy_driver/rules/no-ids.json| 0 aviatrix/{plugins => avx_plugins}/policy_driver/rules/rules1.json| 0 aviatrix/{plugins => avx_plugins}/policy_driver/test_client.cc | 0 aviatrix/{plugins => avx_plugins}/policy_driver/test_server.cc | 0 aviatrix/{plugins => avx_plugins}/policy_driver/web_filter.cc| 0 aviatrix/{plugins => avx_plugins}/policy_driver/web_filter.h | 0 aviatrix/{plugins => avx_plugins}/tee_decrypt/Makefile.inc | 0 aviatrix/{plugins => avx_plugins}/tee_decrypt/plugin.h | 0 aviatrix/{plugins => avx_plugins}/tee_decrypt/remake_plugin.sh | 0 aviatrix/{plugins => avx_plugins}/tee_decrypt/tee_decrypt.cc | 0 aviatrix/{plugins => avx_plugins}/tee_decrypt/tee_info.cc| 0 aviatrix/{plugins => avx_plugins}/tee_decrypt/tee_info.h | 0 configure.ac | 2 +- 30 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index 51084c5ba2..924a726b68 100644 --- a/Makefile.am +++ b/Makefile.am @@ -27,7 +27,7 @@ export CCACHE_BASEDIR # and mgmt, hence we have to build proxy/hdrs first. # depends on the generates ts/ts.h include file. -SUBDIRS = include lib src/tscpp/util src/tscore src/records iocore proxy mgmt src plugins tools example rc configs tests aviatrix/plugins +SUBDIRS = include lib src/tscpp/util src/tscore src/records iocore proxy mgmt src plugins tools example rc configs tests aviatrix/avx_plugins if BUILD_DOCS SUBDIRS += doc include diff --git a/aviatrix/plugins/Makefile.am b/aviatrix/avx_plugins/Makefile.am similarity index 100% rename from aviatrix/plugins/Makefile.am rename to aviatrix/avx_plugins/Makefile.am diff --git a/aviatrix/plugins/avx_certifier/Makefile.inc b/aviatrix/avx_plugins/avx_certifier/Makefile.inc similarity index 100% rename from aviatrix/plugins/avx_certifier/Makefile.inc rename to aviatrix/avx_plugins/avx_certifier/Makefile.inc diff --git a/aviatrix/plugins/avx_certifier/README b/aviatrix/avx_plugins/avx_certifier/README similarity index 100% rename from aviatrix/plugins/avx_certifier/README rename to aviatrix/avx_plugins/avx_certifier/README diff --git a/aviatrix/plugins/avx_certifier/avx_certifier.cc b/aviatrix/avx_plugins/avx_certifier/avx_certifier.cc similarity index 100% rename from aviatrix/plugins/avx_certifier/avx_certifier.cc rename to aviatrix/avx_plugins/avx_certifier/avx_certifier.cc diff --git a/aviatrix/plugins/policy_driver/.gitignore b/aviatrix/avx_plugins/policy_driver/.gitignore similarity index 100% rename from aviatrix/plugins/policy_driver/.gitignore rename to aviatrix/avx_plugins/policy_driver/.gitignore diff --git a/aviatrix/plugins/policy_driver/Makefile-proto b/aviatrix/avx_plugins/policy_driver/Makefile-proto similarity index 100% rename from aviatrix/plugins/policy_driver/Makefile-proto rename to aviatrix/avx_plugins/policy_driver/Makefile-proto diff --git a/aviatrix/plugins/policy_driver/Makefile.inc b/aviatrix/avx_plugins/policy_driver/Makefile.inc similarity index 100% rename from aviatrix/plugins/policy_driver/Makefile.inc rename to aviatrix/avx_plugins/policy_driver/Makefile.inc diff --git a/aviatrix/plugins/policy_driver/empty.cc b/aviatrix/avx_plugins/pol
[trafficserver] branch start-tunnel-hook deleted (was 902e8de813)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch start-tunnel-hook in repository https://gitbox.apache.org/repos/asf/trafficserver.git was 902e8de813 Remove trailing spaces in docs The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
[trafficserver] branch add-ssl-apis deleted (was a306a2e646)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch add-ssl-apis in repository https://gitbox.apache.org/repos/asf/trafficserver.git was a306a2e646 Generalize the FdGet() call The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
[trafficserver] 01/01: Generalize the FdGet() call
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch add-ssl-apis in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit a306a2e646b00e26df82966ee738e7cbe7daa652 Author: Susan Hinrichs AuthorDate: Wed Sep 6 20:01:10 2023 + Generalize the FdGet() call --- .../{TSVConnSslFdGet.en.rst => TSVConnFdGet.en.rst} | 8 include/ts/ts.h | 2 +- src/traffic_server/InkAPI.cc | 16 ++-- 3 files changed, 11 insertions(+), 15 deletions(-) diff --git a/doc/developer-guide/api/functions/TSVConnSslFdGet.en.rst b/doc/developer-guide/api/functions/TSVConnFdGet.en.rst similarity index 85% rename from doc/developer-guide/api/functions/TSVConnSslFdGet.en.rst rename to doc/developer-guide/api/functions/TSVConnFdGet.en.rst index dec2779427..7e5a808115 100644 --- a/doc/developer-guide/api/functions/TSVConnSslFdGet.en.rst +++ b/doc/developer-guide/api/functions/TSVConnFdGet.en.rst @@ -15,8 +15,8 @@ permissions and limitations under the License. -TSVConnSslFdGet -=== +TSVConnFdGet + Synopsis @@ -25,10 +25,10 @@ Synopsis #include -.. c:function:: int TSVConnSslFdGet(TSVConn sslp) +.. c:function:: int TSVConnFdGet(TSVConn vconnp) Description --- -Returns the file descriptor associated with the SSL connection :arg:`sslp`. +Returns the file descriptor associated with the network connection :arg:`sslp`. It returns -1 on error. diff --git a/include/ts/ts.h b/include/ts/ts.h index 94312d041d..9c3ab8e2fd 100644 --- a/include/ts/ts.h +++ b/include/ts/ts.h @@ -1316,7 +1316,7 @@ namespace c /* Return the SSL object associated with the connection */ TSSslConnection TSVConnSslConnectionGet(TSVConn sslp); /* Return the file descriptoer associated with the ssl connection */ - int TSVConnSslFdGet(TSVConn sslp); + int TSVConnFdGet(TSVConn sslp); /* Return the intermediate X509StoreCTX object that references the certificate being validated */ TSSslVerifyCTX TSVConnSslVerifyCTXGet(TSVConn sslp); /* Fetch a SSL context from the global lookup table */ diff --git a/src/traffic_server/InkAPI.cc b/src/traffic_server/InkAPI.cc index f5575e48c6..c1421b8ae8 100644 --- a/src/traffic_server/InkAPI.cc +++ b/src/traffic_server/InkAPI.cc @@ -9133,17 +9133,13 @@ tsapi::c::TSVConnSslConnectionGet(TSVConn sslp) } int -tsapi::c::TSVConnSslFdGet(TSVConn sslp) -{ - TSSslConnection sslvc = TSVConnSslConnectionGet(sslp); - int fd= -1; - if (sslvc != nullptr) { -SSL *sslObj = reinterpret_cast(sslvc); -if (sslObj != nullptr) { - fd = SSL_get_wfd(sslObj); -} +tsapi::c::TSVConnFdGet(TSVConn vconnp) +{ + NetVConnection *vc = reinterpret_cast(vconnp); + if (vc != nullptr) { +return vc->get_socket(); } - return fd; + return -1; } const char *
[trafficserver] branch add-ssl-apis created (now a306a2e646)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch add-ssl-apis in repository https://gitbox.apache.org/repos/asf/trafficserver.git at a306a2e646 Generalize the FdGet() call This branch includes the following new commits: new a306a2e646 Generalize the FdGet() call The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
[trafficserver] branch allow-plain updated (21b6fc563e -> 7eac946a2f)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch allow-plain in repository https://gitbox.apache.org/repos/asf/trafficserver.git from 21b6fc563e Address comments and fix 32K buffer issue add 7eac946a2f At least issue a warning if someone tries to enable quic and allow-plain No new revisions were added by this update. Summary of changes: src/records/RecHttp.cc | 11 +++ 1 file changed, 11 insertions(+)
[trafficserver] branch start-tunnel-hook created (now 902e8de813)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch start-tunnel-hook in repository https://gitbox.apache.org/repos/asf/trafficserver.git at 902e8de813 Remove trailing spaces in docs This branch includes the following new commits: new 902e8de813 Remove trailing spaces in docs The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
[trafficserver] 01/01: Remove trailing spaces in docs
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch start-tunnel-hook in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit 902e8de81338d5278b332044a898256537213b00 Author: Susan Hinrichs AuthorDate: Tue Aug 29 21:50:54 2023 + Remove trailing spaces in docs --- doc/developer-guide/api/functions/TSHttpTxnTypeGet.en.rst | 2 +- doc/developer-guide/api/types/TSTxnType.en.rst| 8 .../plugins/hooks-and-transactions/adding-hooks.en.rst| 2 +- 3 files changed, 2 insertions(+), 10 deletions(-) diff --git a/doc/developer-guide/api/functions/TSHttpTxnTypeGet.en.rst b/doc/developer-guide/api/functions/TSHttpTxnTypeGet.en.rst index a92354da92..ae3563dc5a 100644 --- a/doc/developer-guide/api/functions/TSHttpTxnTypeGet.en.rst +++ b/doc/developer-guide/api/functions/TSHttpTxnTypeGet.en.rst @@ -33,5 +33,5 @@ Synopsis Description === -Returns the type of the txnp argument. +Returns the type of the txnp argument. diff --git a/doc/developer-guide/api/types/TSTxnType.en.rst b/doc/developer-guide/api/types/TSTxnType.en.rst index c454c2cdeb..9182d62ea3 100644 --- a/doc/developer-guide/api/types/TSTxnType.en.rst +++ b/doc/developer-guide/api/types/TSTxnType.en.rst @@ -24,14 +24,6 @@ Synopsis .. code-block:: cpp -#include -+ typedef enum { - +TS_TXN_TYPE_UNKNOWN, -+TS_TXN_TYPE_HTTP, - +TS_TXN_TYPE_EXPLICIT_TUNNEL, -+TS_TXN_TYPE_TR_PASS_TUNNEL, - + } TSTxnType; - .. c:enum:: TSTxnType Specify the type of a transaction argument diff --git a/doc/developer-guide/plugins/hooks-and-transactions/adding-hooks.en.rst b/doc/developer-guide/plugins/hooks-and-transactions/adding-hooks.en.rst index 85f1f0b036..ee50526582 100644 --- a/doc/developer-guide/plugins/hooks-and-transactions/adding-hooks.en.rst +++ b/doc/developer-guide/plugins/hooks-and-transactions/adding-hooks.en.rst @@ -159,7 +159,7 @@ values for ``TSHttpHookID`` are: ``TS_HTTP_TUNNEL_START_HOOK`` Called when the transaction is processed as a tunnel. The tunnel can be due to an API call, a sni.yaml configuration, or a parse failure allowed due -to tr-pass. With this hook, a plugin can examine other information to +to tr-pass. With this hook, a plugin can examine other information to determine whether the tunnel should be allowed or not. The function you use to add a global HTTP hook is
[trafficserver] branch master updated (c5b4031b3 -> 6d1382def)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git from c5b4031b3 Add CMake to the required PR CI builds (#9575) add 6d1382def Add logic to make the server.policy and server.properties settings reloadable (#9572) No new revisions were added by this update. Summary of changes: iocore/net/P_SSLConfig.h | 2 + iocore/net/SSLConfig.cc | 89 +++ tests/gold_tests/tls/tls_verify4.test.py | 190 +++ 3 files changed, 257 insertions(+), 24 deletions(-) create mode 100644 tests/gold_tests/tls/tls_verify4.test.py
[trafficserver] branch reloadable-server-policy updated (8dcfc2d62 -> a385c9c37)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch reloadable-server-policy in repository https://gitbox.apache.org/repos/asf/trafficserver.git discard 8dcfc2d62 Address Damian's comments discard 73f903245 Add logic to make the server.policy and server.properties settings reloadable add c5b4031b3 Add CMake to the required PR CI builds (#9575) add 360f0583a Add logic to make the server.policy and server.properties settings reloadable add a385c9c37 Address Damian's comments This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (8dcfc2d62) \ N -- N -- N refs/heads/reloadable-server-policy (a385c9c37) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. No new revisions were added by this update. Summary of changes: .asf.yaml | 1 + 1 file changed, 1 insertion(+)
[trafficserver] branch reloadable-server-policy updated (73f903245 -> 8dcfc2d62)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch reloadable-server-policy in repository https://gitbox.apache.org/repos/asf/trafficserver.git from 73f903245 Add logic to make the server.policy and server.properties settings reloadable add 8dcfc2d62 Address Damian's comments No new revisions were added by this update. Summary of changes: iocore/net/SSLConfig.cc | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-)
[trafficserver] branch allow-plain updated (ae9c5de9a -> 93e8ff8e8)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch allow-plain in repository https://gitbox.apache.org/repos/asf/trafficserver.git from ae9c5de9a Fix nullptr crash identified by CICD add 93e8ff8e8 Remove assert No new revisions were added by this update. Summary of changes: iocore/net/SSLNextProtocolAccept.cc | 1 - 1 file changed, 1 deletion(-)
[trafficserver] branch allow-plain updated (99e23d785 -> ae9c5de9a)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch allow-plain in repository https://gitbox.apache.org/repos/asf/trafficserver.git from 99e23d785 Add doc and comment out unrelated line that is offending OSX add ae9c5de9a Fix nullptr crash identified by CICD No new revisions were added by this update. Summary of changes: iocore/net/SSLNextProtocolAccept.cc | 9 - 1 file changed, 8 insertions(+), 1 deletion(-)
[trafficserver] branch reloadable-server-policy updated (40cc654b8 -> 73f903245)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch reloadable-server-policy in repository https://gitbox.apache.org/repos/asf/trafficserver.git discard 40cc654b8 Add logic to make the server.policy and server.properties settings reloadable add 710e9d7c8 Define BIO macros in ink_ssl.h (#9557) add 3c4c5fc59 Add `current_time_epoch_ms` stat to be appended before the server version. This allows computation of stats externally based on the cache time frame. This can help alleviate issues with sliding windows between various stats programs that generate discrepencies (#9567) add 849754c5e Fix log format specifications (#9568) add ddf53b5de QUIC: Ignore default_inactivity_timeout in favour of proxy.config.quic.no_activity_timeout_in. (#9564) add d58f1843b Drop support for old quiche (#9561) add 674fb2619 codeql 24: Multiplication result converted to larger type (#9569) add dfad359c2 Cleanup: Use swoc::meta instead of ts::meta. (#9566) add 99eb23a59 fixup cmake build for master and add conditional for io_uring support (#9571) add 73f903245 Add logic to make the server.policy and server.properties settings reloadable This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (40cc654b8) \ N -- N -- N refs/heads/reloadable-server-policy (73f903245) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. No new revisions were added by this update. Summary of changes: CMakeLists.txt | 18 +++ build/quiche.m4| 1 - configure.ac | 19 +++- doc/admin-guide/files/records.yaml.en.rst | 8 +++ include/tscore/ink_config.h.cmake.in | 6 +++ .../tscore/ink_ssl.h | 32 ++-- iocore/CMakeLists.txt | 2 + iocore/eventsystem/CMakeLists.txt | 3 +- iocore/net/BIO_fastopen.h | 1 + iocore/net/CMakeLists.txt | 7 +-- iocore/net/QUICNetVConnection_quiche.cc| 17 --- iocore/net/QUICPacketHandler_quiche.cc | 11 ++--- mgmt/rpc/jsonrpc/JsonRPCManager.cc | 57 +++--- mgmt/rpc/jsonrpc/JsonRPCManager.h | 1 - plugins/stats_over_http/stats_over_http.cc | 6 ++- proxy/http/CMakeLists.txt | 1 + proxy/http/HttpSM.cc | 2 +- proxy/http/HttpTunnel.cc | 4 +- proxy/http2/CMakeLists.txt | 1 + proxy/http2/Http2Stream.cc | 6 +-- src/traffic_ctl/CtrlPrinters.cc| 4 +- src/traffic_server/CMakeLists.txt | 3 +- src/tscore/ink_queue.cc| 2 +- src/tscpp/util/unit_tests/test_IntrusiveDList.cc | 6 +-- .../timeout/quic_no_activity_timeout.test.py | 20 +++- 25 files changed, 145 insertions(+), 93 deletions(-) copy iocore/net/P_QUICNetProcessor.h => include/tscore/ink_ssl.h (56%)
[trafficserver] branch allow-plain updated (bfb67341e -> 99e23d785)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch allow-plain in repository https://gitbox.apache.org/repos/asf/trafficserver.git discard bfb67341e Add doc and comment out unrelated line that is offending OSX omit 13cac6ef4 Add allow-plain server ports attribute add 710e9d7c8 Define BIO macros in ink_ssl.h (#9557) add 3c4c5fc59 Add `current_time_epoch_ms` stat to be appended before the server version. This allows computation of stats externally based on the cache time frame. This can help alleviate issues with sliding windows between various stats programs that generate discrepencies (#9567) add 849754c5e Fix log format specifications (#9568) add ddf53b5de QUIC: Ignore default_inactivity_timeout in favour of proxy.config.quic.no_activity_timeout_in. (#9564) add d58f1843b Drop support for old quiche (#9561) add 674fb2619 codeql 24: Multiplication result converted to larger type (#9569) add dfad359c2 Cleanup: Use swoc::meta instead of ts::meta. (#9566) add 99eb23a59 fixup cmake build for master and add conditional for io_uring support (#9571) add c7ffd5e7d Add allow-plain server ports attribute add 99e23d785 Add doc and comment out unrelated line that is offending OSX This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (bfb67341e) \ N -- N -- N refs/heads/allow-plain (99e23d785) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. No new revisions were added by this update. Summary of changes: CMakeLists.txt | 18 +++ build/quiche.m4| 1 - configure.ac | 19 +++- doc/admin-guide/files/records.yaml.en.rst | 8 +++ include/tscore/ink_config.h.cmake.in | 6 +++ .../tscore/ink_ssl.h | 32 ++-- iocore/CMakeLists.txt | 2 + iocore/eventsystem/CMakeLists.txt | 3 +- iocore/net/BIO_fastopen.h | 1 + iocore/net/CMakeLists.txt | 7 +-- iocore/net/QUICNetVConnection_quiche.cc| 17 --- iocore/net/QUICPacketHandler_quiche.cc | 11 ++--- mgmt/rpc/jsonrpc/JsonRPCManager.cc | 57 +++--- mgmt/rpc/jsonrpc/JsonRPCManager.h | 1 - plugins/stats_over_http/stats_over_http.cc | 6 ++- proxy/http/CMakeLists.txt | 1 + proxy/http/HttpSM.cc | 2 +- proxy/http/HttpTunnel.cc | 4 +- proxy/http2/CMakeLists.txt | 1 + proxy/http2/Http2Stream.cc | 6 +-- src/traffic_ctl/CtrlPrinters.cc| 4 +- src/traffic_server/CMakeLists.txt | 3 +- src/tscore/ink_queue.cc| 2 +- src/tscpp/util/unit_tests/test_IntrusiveDList.cc | 6 +-- .../timeout/quic_no_activity_timeout.test.py | 20 +++- 25 files changed, 145 insertions(+), 93 deletions(-) copy iocore/net/P_QUICNetProcessor.h => include/tscore/ink_ssl.h (56%)
[trafficserver] branch allow-plain updated (13cac6ef4 -> bfb67341e)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch allow-plain in repository https://gitbox.apache.org/repos/asf/trafficserver.git from 13cac6ef4 Add allow-plain server ports attribute add bfb67341e Add doc and comment out unrelated line that is offending OSX No new revisions were added by this update. Summary of changes: doc/admin-guide/files/records.yaml.en.rst | 6 ++ proxy/http/HttpSM.cc | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-)
[trafficserver] 01/01: Add allow-plain server ports attribute
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch allow-plain in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit 13cac6ef4cebe05806a8dfda7a52f3096a41c761 Author: Susan Hinrichs AuthorDate: Fri Mar 31 17:32:21 2023 + Add allow-plain server ports attribute --- include/records/I_RecHttp.h | 3 ++ iocore/net/P_SSLNetVConnection.h | 15 ++ iocore/net/P_SSLNextProtocolAccept.h | 3 +- iocore/net/SSLNetVConnection.cc | 90 +--- iocore/net/SSLNextProtocolAccept.cc | 49 ++--- proxy/ProtocolProbeSessionAccept.cc | 10 +++- proxy/http/HttpProxyServerMain.cc| 2 +- src/records/RecHttp.cc | 7 +++ tests/gold_tests/tls/allow-plain.test.py | 80 9 files changed, 229 insertions(+), 30 deletions(-) diff --git a/include/records/I_RecHttp.h b/include/records/I_RecHttp.h index 9285828b6..817b5988f 100644 --- a/include/records/I_RecHttp.h +++ b/include/records/I_RecHttp.h @@ -271,6 +271,8 @@ public: bool m_outbound_transparent_p = false; // True if transparent pass-through is enabled on this port. bool m_transparent_passthrough = false; + // True if allow-plain is enabled on this port. + bool m_allow_plain = false; /// True if MPTCP is enabled on this port. bool m_mptcp = false; /// Local address for inbound connections (listen address). @@ -420,6 +422,7 @@ public: static const char *const OPT_TRANSPARENT_OUTBOUND;///< Outbound transparent. static const char *const OPT_TRANSPARENT_FULL;///< Full transparency. static const char *const OPT_TRANSPARENT_PASSTHROUGH; ///< Pass-through non-HTTP. + static const char *const OPT_ALLOW_PLAIN; ///< Backup to plain HTTP. static const char *const OPT_SSL; ///< SSL (experimental) static const char *const OPT_QUIC;///< QUIC (experimental) static const char *const OPT_PROXY_PROTO; ///< Proxy Protocol diff --git a/iocore/net/P_SSLNetVConnection.h b/iocore/net/P_SSLNetVConnection.h index 6fcacdf72..c1392c990 100644 --- a/iocore/net/P_SSLNetVConnection.h +++ b/iocore/net/P_SSLNetVConnection.h @@ -174,6 +174,18 @@ public: transparentPassThrough = val; } + bool + getAllowPlain() const + { +return allowPlain; + } + + void + setAllowPlain(bool val) + { +allowPlain = val; + } + // Copy up here so we overload but don't override using super::reenable; @@ -432,6 +444,7 @@ private: int handShakeBioStored = 0; bool transparentPassThrough = false; + bool allowPlain = false; int sent_cert = 0; @@ -476,6 +489,8 @@ private: void _make_ssl_connection(SSL_CTX *ctx); void _bindSSLObject(); void _unbindSSLObject(); + UnixNetVConnection *_migrateFromSSL(); + void _propagateHandShakeBuffer(UnixNetVConnection *target, EThread *t); int _ssl_read_from_net(EThread *lthread, int64_t &ret); ssl_error_t _ssl_read_buffer(void *buf, int64_t nbytes, int64_t &nread); diff --git a/iocore/net/P_SSLNextProtocolAccept.h b/iocore/net/P_SSLNextProtocolAccept.h index 18070cd6b..512960441 100644 --- a/iocore/net/P_SSLNextProtocolAccept.h +++ b/iocore/net/P_SSLNextProtocolAccept.h @@ -33,7 +33,7 @@ class SSLNextProtocolAccept : public SessionAccept { public: - SSLNextProtocolAccept(Continuation *, bool); + SSLNextProtocolAccept(Continuation *, bool, bool); ~SSLNextProtocolAccept() override; bool accept(NetVConnection *, MIOBuffer *, IOBufferReader *) override; @@ -60,6 +60,7 @@ private: SSLNextProtocolSet protoset; SessionProtocolSet protoenabled; bool transparent_passthrough; + bool allow_plain; friend struct SSLNextProtocolTrampoline; }; diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc index 97c94082e..12e1567a8 100644 --- a/iocore/net/SSLNetVConnection.cc +++ b/iocore/net/SSLNetVConnection.cc @@ -1332,13 +1332,23 @@ SSLNetVConnection::sslServerHandShakeEvent(int &err) err = errno; SSLVCDebug(this, "SSL handshake error: %s (%d), errno=%d", SSLErrorName(ssl_error), ssl_error, err); -// start a blind tunnel if tr-pass is set and data does not look like ClientHello char *buf = handShakeBuffer ? handShakeBuffer->buf() : nullptr; -if (getTransparentPassThrough() && buf && *buf != SSL_OP_HANDSHAKE) { - SSLVCDebug(this, "Data does not look like SSL handshake, starting blind tunnel"); - this->attributes = HttpProxyPort::TRANSPORT_BLIND_TUNNEL; - sslHandshakeStatus = SSL_HANDSHAKE_ONGOING; - return EVENT_CONT; +if (buf && *buf != SSL_OP_HANDSHAKE) { + if (getAllowPlain()) { +SSLVCDebug(this, "Try plain"); +// If this doesn't look like a ClientHello, co
[trafficserver] branch allow-plain created (now 13cac6ef4)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch allow-plain in repository https://gitbox.apache.org/repos/asf/trafficserver.git at 13cac6ef4 Add allow-plain server ports attribute This branch includes the following new commits: new 13cac6ef4 Add allow-plain server ports attribute The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
[trafficserver] 01/01: Add logic to make the server.policy and server.properties settings reloadable
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch reloadable-server-policy in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit 40cc654b8eb9c9498f08c8aca79c9a81102d790b Author: Susan Hinrichs AuthorDate: Fri Mar 31 15:36:58 2023 + Add logic to make the server.policy and server.properties settings reloadable --- iocore/net/P_SSLConfig.h | 2 + iocore/net/SSLConfig.cc | 87 ++ tests/gold_tests/tls/tls_verify4.test.py | 190 +++ 3 files changed, 255 insertions(+), 24 deletions(-) diff --git a/iocore/net/P_SSLConfig.h b/iocore/net/P_SSLConfig.h index 6a25f7ce8..120aee4ae 100644 --- a/iocore/net/P_SSLConfig.h +++ b/iocore/net/P_SSLConfig.h @@ -173,6 +173,8 @@ struct SSLConfigParams : public ConfigInfo { void cleanup(); void reset(); void SSLConfigInit(swoc::IPRangeSet *global); + void SetServerPolicy(const char *); + void SetServerPolicyProperties(const char *); private: // c_str() of string passed to in-progess call to updateCTX(). diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc index a55e34ac2..cb4aebfaa 100644 --- a/iocore/net/SSLConfig.cc +++ b/iocore/net/SSLConfig.cc @@ -189,6 +189,65 @@ set_paths_helper(const char *path, const char *filename, char **final_path, char } } +int +UpdateServerPolicy(const char * /* name ATS_UNUSED */, RecDataT /* data_type ATS_UNUSED */, RecData data, void *cookie) +{ + SSLConfigParams *params = SSLConfig::acquire(); + char *verify_server = data.rec_string; + if (params != nullptr && verify_server != nullptr) { +Debug("ssl_load", "New Server Policy %s", verify_server); +params->SetServerPolicy(verify_server); + } else { +Debug("ssl_load", "Failed to load new Server Policy %p %p", verify_server, params); + } + return 0; +} + +int +UpdateServerPolicyProperties(const char * /* name ATS_UNUSED */, RecDataT /* data_type ATS_UNUSED */, RecData data, void *cookie) +{ + SSLConfigParams *params = SSLConfig::acquire(); + char *verify_server = data.rec_string; + if (params != nullptr && verify_server != nullptr) { +params->SetServerPolicyProperties(verify_server); + } + return 0; +} + +void +SSLConfigParams::SetServerPolicyProperties(const char *verify_server) +{ + if (strcmp(verify_server, "SIGNATURE") == 0) { +verifyServerProperties = YamlSNIConfig::Property::SIGNATURE_MASK; + } else if (strcmp(verify_server, "NAME") == 0) { +verifyServerProperties = YamlSNIConfig::Property::NAME_MASK; + } else if (strcmp(verify_server, "ALL") == 0) { +verifyServerProperties = YamlSNIConfig::Property::ALL_MASK; + } else if (strcmp(verify_server, "NONE") == 0) { +verifyServerProperties = YamlSNIConfig::Property::NONE; + } else { +Warning("%s is invalid for proxy.config.ssl.client.verify.server.properties. Should be one of SIGNATURE, NAME, or ALL", +verify_server); +verifyServerProperties = YamlSNIConfig::Property::NONE; + } +} + +void +SSLConfigParams::SetServerPolicy(const char *verify_server) +{ + if (strcmp(verify_server, "DISABLED") == 0) { +verifyServerPolicy = YamlSNIConfig::Policy::DISABLED; + } else if (strcmp(verify_server, "PERMISSIVE") == 0) { +verifyServerPolicy = YamlSNIConfig::Policy::PERMISSIVE; + } else if (strcmp(verify_server, "ENFORCED") == 0) { +verifyServerPolicy = YamlSNIConfig::Policy::ENFORCED; + } else { +Warning("%s is invalid for proxy.config.ssl.client.verify.server.policy. Should be one of DISABLED, PERMISSIVE, or ENFORCED", +verify_server); +verifyServerPolicy = YamlSNIConfig::Policy::DISABLED; + } +} + void SSLConfigParams::initialize() { @@ -389,34 +448,14 @@ SSLConfigParams::initialize() char *verify_server = nullptr; REC_ReadConfigStringAlloc(verify_server, "proxy.config.ssl.client.verify.server.policy"); - if (strcmp(verify_server, "DISABLED") == 0) { -verifyServerPolicy = YamlSNIConfig::Policy::DISABLED; - } else if (strcmp(verify_server, "PERMISSIVE") == 0) { -verifyServerPolicy = YamlSNIConfig::Policy::PERMISSIVE; - } else if (strcmp(verify_server, "ENFORCED") == 0) { -verifyServerPolicy = YamlSNIConfig::Policy::ENFORCED; - } else { -Warning("%s is invalid for proxy.config.ssl.client.verify.server.policy. Should be one of DISABLED, PERMISSIVE, or ENFORCED", -verify_server); -verifyServerPolicy = YamlSNIConfig::Policy::DISABLED; - } + this->SetServerPolicy(verify_server); ats_free(verify_server); + REC_RegisterConfigUpdateFunc("proxy.config.ssl.client.verify.server.policy", UpdateServerPolicy, nullptr); REC_ReadConfigStringAlloc(verify_server, "p
[trafficserver] branch reloadable-server-policy created (now 40cc654b8)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch reloadable-server-policy in repository https://gitbox.apache.org/repos/asf/trafficserver.git at 40cc654b8 Add logic to make the server.policy and server.properties settings reloadable This branch includes the following new commits: new 40cc654b8 Add logic to make the server.policy and server.properties settings reloadable The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
[trafficserver] branch master updated (b75eb0a73 -> 2506ec8a1)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git from b75eb0a73 Clean up some errors in output of ASAN build. (#9004) add 2506ec8a1 Fix transparent tr-pass (#9150) No new revisions were added by this update. Summary of changes: proxy/http/HttpSM.cc | 25 +++-- proxy/http/HttpTransact.cc | 5 + 2 files changed, 20 insertions(+), 10 deletions(-)
[trafficserver] 01/01: Fix transparent tr-pass
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch skh/fix-transparent-pass-through in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit 6c00faf88646c0371ca62a7c99bcbe738583cdce Author: Susan Hinrichs AuthorDate: Fri Oct 14 21:16:47 2022 -0500 Fix transparent tr-pass --- proxy/http/HttpSM.cc | 25 +++-- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc index e349181bf..69ee672a6 100644 --- a/proxy/http/HttpSM.cc +++ b/proxy/http/HttpSM.cc @@ -651,17 +651,22 @@ HttpSM::setup_blind_tunnel_port() NetVConnection *netvc = ua_txn->get_netvc(); ink_release_assert(netvc); int host_len; - if (auto *tts = dynamic_cast(netvc)) { -if (!t_state.hdr_info.client_request.url_get()->host_get(&host_len)) { - // the URL object has not been created in the start of the transaction. Hence, we need to create the URL here - URL u; - t_state.hdr_info.client_request.create(HTTP_TYPE_REQUEST); - t_state.hdr_info.client_request.method_set(HTTP_METHOD_CONNECT, HTTP_LEN_CONNECT); - t_state.hdr_info.client_request.url_create(&u); - u.scheme_set(URL_SCHEME_TUNNEL, URL_LEN_TUNNEL); - t_state.hdr_info.client_request.url_set(&u); + // This applies to both the TLS and non TLS cases + if (!t_state.hdr_info.client_request.url_get()->host_get(&host_len)) { +// the URL object has not been created in the start of the transaction. Hence, we need to create the URL here +URL u; + +t_state.hdr_info.client_request.create(HTTP_TYPE_REQUEST); +t_state.hdr_info.client_request.method_set(HTTP_METHOD_CONNECT, HTTP_LEN_CONNECT); +t_state.hdr_info.client_request.url_create(&u); +u.scheme_set(URL_SCHEME_TUNNEL, URL_LEN_TUNNEL); +t_state.hdr_info.client_request.url_set(&u); + } + TLSTunnelSupport *tts = nullptr; + if (!ua_txn->is_outbound_transparent() && (tts = dynamic_cast(netvc))) { +if (!t_state.hdr_info.client_request.url_get()->host_get(&host_len)) { if (tts->has_tunnel_destination()) { const char *tunnel_host = tts->get_tunnel_host(); t_state.hdr_info.client_request.url_get()->host_set(tunnel_host, strlen(tunnel_host)); @@ -675,7 +680,7 @@ HttpSM::setup_blind_tunnel_port() t_state.hdr_info.client_request.url_get()->port_set(netvc->get_local_port()); } } - } else { + } else { // If outbound transparent or not TLS, just use the local IP as the origin char new_host[INET6_ADDRSTRLEN]; ats_ip_ntop(netvc->get_local_addr(), new_host, sizeof(new_host));
[trafficserver] branch skh/fix-transparent-pass-through created (now 6c00faf88)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch skh/fix-transparent-pass-through in repository https://gitbox.apache.org/repos/asf/trafficserver.git at 6c00faf88 Fix transparent tr-pass This branch includes the following new commits: new 6c00faf88 Fix transparent tr-pass The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
[trafficserver] branch master updated (0960eb1 -> 4af0b77)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from 0960eb1 remove unused argument, and make sure condition checks are consistent (#8572) add 4af0b77 Fix transparent mode documentation (#8593) No new revisions were added by this update. Summary of changes: .../configuration/transparent-proxy.en.rst | 45 -- doc/admin-guide/files/records.config.en.rst| 8 ++-- 2 files changed, 28 insertions(+), 25 deletions(-)
[trafficserver] branch master updated (71e4aba -> 0716c2e)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from 71e4aba Clean up of next hop HostRecord class. (#8585) add 0716c2e Propagate accept options to HTTP/2 (#8594) No new revisions were added by this update. Summary of changes: proxy/http2/Http2Stream.cc | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-)
[trafficserver] branch master updated (f0a69cd -> 4f68338)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from f0a69cd LGTM: Fix pointless comparison of unsigined value to zero (#8575) add 4f68338 Eliminate erroneous self-loop error on transparent mode (#8586) No new revisions were added by this update. Summary of changes: proxy/http/HttpSM.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
[trafficserver] branch master updated: Update nghttp gold file based on previous h2 fix (#8298)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new ce5afe3 Update nghttp gold file based on previous h2 fix (#8298) ce5afe3 is described below commit ce5afe32e0301584cdcf5c321be2d0fff674edae Author: Susan Hinrichs AuthorDate: Tue Aug 31 19:01:25 2021 -0500 Update nghttp gold file based on previous h2 fix (#8298) --- tests/gold_tests/h2/gold/nghttp_1_stdout.gold | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/gold_tests/h2/gold/nghttp_1_stdout.gold b/tests/gold_tests/h2/gold/nghttp_1_stdout.gold index fb9b831..c104532 100644 --- a/tests/gold_tests/h2/gold/nghttp_1_stdout.gold +++ b/tests/gold_tests/h2/gold/nghttp_1_stdout.gold @@ -7,6 +7,6 @@ [``] recv GOAWAY frame (last_stream_id=1, error_code=NO_ERROR(0x00), opaque_data(0)=[]) `` -[``] recv DATA frame +[``] recv DATA frame ; END_STREAM ``
[trafficserver] 02/02: Output crlf header endings
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch fix-output-line-endings in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit 788d1da52b4f47e190b1241b0f89c98d45b51906 Author: Susan Hinrichs AuthorDate: Tue Aug 31 19:36:02 2021 + Output crlf header endings --- proxy/hdrs/MIME.cc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/proxy/hdrs/MIME.cc b/proxy/hdrs/MIME.cc index b88c5d5..3bf69fb 100644 --- a/proxy/hdrs/MIME.cc +++ b/proxy/hdrs/MIME.cc @@ -2580,6 +2580,8 @@ mime_parser_parse(MIMEParser *parser, HdrHeap *heap, MIMEHdrImpl *mh, const char } field_name.rtrim_if(&ParseRules::is_ws); raw_print_field = false; +} else if (parsed.suffix(2) != "\r\n") { + raw_print_field = false; } // find value first
[trafficserver] 01/02: Revert "Fail requests with incomplete line ends (#8096)"
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch fix-output-line-endings in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit 157bc9a854ec86b818cc23d38e39cf83fac61eda Author: Susan Hinrichs AuthorDate: Tue Aug 31 19:20:03 2021 + Revert "Fail requests with incomplete line ends (#8096)" This reverts commit 2c8bb98b2cb364b1a820236dc83271af082e7434. --- ci/rat-regex.txt | 1 - proxy/hdrs/MIME.cc | 45 ++--- proxy/hdrs/unit_tests/test_Hdrs.cc | 14 +++ ...test_input => www.customplugin204.test_get.txt} | 4 +- ...st_input => www.customtemplate204.test_get.txt} | 4 +- ..._get.test_input => www.default204.test_get.txt} | 4 +- ..._get.test_input => www.default304.test_get.txt} | 4 +- ...200.test_input => www.example.test_get_200.txt} | 6 +-- ...304.test_input => www.example.test_get_304.txt} | 8 ++-- ...t_head.test_input => www.example.test_head.txt} | 6 +-- ...00.test_input => www.example.test_head_200.txt} | 6 +-- .../body_factory/http204_response.test.py | 4 +- .../body_factory/http204_response_plugin.test.py | 2 +- .../body_factory/http304_response.test.py | 2 +- .../body_factory/http_head_no_origin.test.py | 2 +- .../body_factory/http_with_origin.test.py | 6 +-- ...ttp408.test.test_input => www.http408.test.txt} | 10 ++--- ...get.test_input => www.passthrough.test_get.txt} | 4 +- ...t_get.test_input => www.redirect0.test_get.txt} | 4 +- ...get.test_input => www.redirect301.test_get.txt} | 4 +- ...get.test_input => www.redirect302.test_get.txt} | 4 +- ...get.test_input => www.redirect307.test_get.txt} | 4 +- ...get.test_input => www.redirect308.test_get.txt} | 4 +- .../headers/domain-blacklist-30x.test.py | 12 +++--- tests/gold_tests/headers/http408.test.py | 2 +- .../pluginTest/combo_handler/combo_handler.test.py | 16 .../x_cache_info/{none.test_input => none.in} | 8 ++-- .../xdebug/x_cache_info/{one.test_input => one.in} | 8 ++-- .../x_cache_info/{three.test_input => three.in}| 8 ++-- .../xdebug/x_cache_info/{two.test_input => two.in} | 8 ++-- .../xdebug/x_cache_info/x_cache_info.test.py | 4 +- .../x_effective_url/{none.test_input => none.in} | 10 ++--- .../x_effective_url/{one.test_input => one.in} | 10 ++--- .../x_effective_url/{three.test_input => three.in} | 10 ++--- .../x_effective_url/{two.test_input => two.in} | 10 ++--- .../xdebug/x_effective_url/x_effective_url.test.py | 2 +- .../xdebug/x_remap/{four.test_input => four.in}| 10 ++--- .../xdebug/x_remap/{fwd1.test_input => fwd1.in}| 10 ++--- .../xdebug/x_remap/{fwd2.test_input => fwd2.in}| 10 ++--- .../xdebug/x_remap/{fwd3.test_input => fwd3.in}| 10 ++--- .../xdebug/x_remap/{fwd4.test_input => fwd4.in}| 10 ++--- .../xdebug/x_remap/{fwd5.test_input => fwd5.in}| 10 ++--- .../xdebug/x_remap/{none.test_input => none.in}| 10 ++--- .../xdebug/x_remap/{one.test_input => one.in} | 10 ++--- .../xdebug/x_remap/{three.test_input => three.in} | 10 ++--- .../xdebug/x_remap/{two.test_input => two.in} | 10 ++--- .../pluginTest/xdebug/x_remap/x_remap.test.py | 2 +- .../{early_h1_get.test_input => early_h1_get.txt} | 6 +-- ...{early_h1_post.test_input => early_h1_post.txt} | 8 ++-- .../{early_h2_get.test_input => early_h2_get.txt} | Bin ...ly_h2_multi1.test_input => early_h2_multi1.txt} | Bin ...ly_h2_multi2.test_input => early_h2_multi2.txt} | Bin ...{early_h2_post.test_input => early_h2_post.txt} | Bin tests/gold_tests/tls/test-0rtt-s_client.py | 2 +- tests/gold_tests/tls/tls_0rtt_server.test.py | 12 +++--- tests/tools/tcp_client.py | 5 +-- 56 files changed, 195 insertions(+), 200 deletions(-) diff --git a/ci/rat-regex.txt b/ci/rat-regex.txt index dfea60e..26c63b9 100644 --- a/ci/rat-regex.txt +++ b/ci/rat-regex.txt @@ -24,7 +24,6 @@ .*\.config$ .*\.yaml$ .*\.gold$ -.*\.test_input$ ^\.gitignore$ ^\.gitmodules$ ^\.perltidyrc$ diff --git a/proxy/hdrs/MIME.cc b/proxy/hdrs/MIME.cc index 7376e3c..b88c5d5 100644 --- a/proxy/hdrs/MIME.cc +++ b/proxy/hdrs/MIME.cc @@ -2349,6 +2349,8 @@ ParseResult MIMEScanner::get(TextView &input, TextView &output, bool &output_shares_input, bool eof_p, ScanType scan_type) { ParseResult zret = PARSE_RESULT_CONT; + // Need this for handling dangling CR. + static const char RAW_CR{ParseRules::CHAR_CR}; auto text = input; while (PARSE_RESULT_CONT == zret && !text.empty()) { @@ -2366,7 +2368,7 @@ MIMEScanner::get(TextView &input, TextView &output, bool &am
[trafficserver] branch fix-output-line-endings created (now 788d1da)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch fix-output-line-endings in repository https://gitbox.apache.org/repos/asf/trafficserver.git. at 788d1da Output crlf header endings This branch includes the following new commits: new 157bc9a Revert "Fail requests with incomplete line ends (#8096)" new 788d1da Output crlf header endings The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
[trafficserver] branch master updated (9b3cde5 -> 947d78b)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from 9b3cde5 Cleanup generated LDFLAGS for jemalloc (#8285) add 947d78b Fix H2 logic when setting EOS flag on DATA frame (#8201) No new revisions were added by this update. Summary of changes: proxy/http2/Http2ConnectionState.cc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
[trafficserver] branch master updated (277f795 -> db936ad)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from 277f795 Fix some minor issues with loading the self identifying data in the Machine class. (#8275) add db936ad In preparation for H2 outbound, split out common Session (#8281) No new revisions were added by this update. Summary of changes: proxy/http2/Http2ClientSession.cc | 419 + proxy/http2/Http2ClientSession.h | 163 +--- ...Http2ClientSession.cc => Http2CommonSession.cc} | 387 +++ .../{Http2ClientSession.h => Http2CommonSession.h} | 94 +++-- proxy/http2/Http2CommonSessionInternal.h | 43 +++ proxy/http2/Http2ConnectionState.cc| 239 ++-- proxy/http2/Http2ConnectionState.h | 8 +- proxy/http2/Makefile.am| 2 + 8 files changed, 281 insertions(+), 1074 deletions(-) copy proxy/http2/{Http2ClientSession.cc => Http2CommonSession.cc} (51%) copy proxy/http2/{Http2ClientSession.h => Http2CommonSession.h} (73%) create mode 100644 proxy/http2/Http2CommonSessionInternal.h
[trafficserver] branch master updated (675d77a -> e155fa0)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from 675d77a Add ACCEPT_FILTER Support on FreeBSD (#8263) add e155fa0 Add warning message about why enhance your calm is being sent (#8271) No new revisions were added by this update. Summary of changes: proxy/http2/Http2ConnectionState.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
[trafficserver] branch master updated (45f155f -> 2c8bb98)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from 45f155f Doc: Notes of setting Environment Variables for traffic_server (#8258) add 2c8bb98 Fail requests with incomplete line ends (#8096) No new revisions were added by this update. Summary of changes: ci/rat-regex.txt | 1 + proxy/hdrs/MIME.cc | 45 +++-- proxy/hdrs/unit_tests/test_Hdrs.cc | 14 --- ...txt => www.customplugin204.test_get.test_input} | 4 +- ...t => www.customtemplate204.test_get.test_input} | 4 +- ..._get.txt => www.default204.test_get.test_input} | 4 +- ..._get.txt => www.default304.test_get.test_input} | 4 +- ...200.txt => www.example.test_get_200.test_input} | 6 +-- ...304.txt => www.example.test_get_304.test_input} | 8 ++-- ...t_head.txt => www.example.test_head.test_input} | 6 +-- ...00.txt => www.example.test_head_200.test_input} | 6 +-- .../body_factory/http204_response.test.py | 4 +- .../body_factory/http204_response_plugin.test.py | 2 +- .../body_factory/http304_response.test.py | 2 +- .../body_factory/http_head_no_origin.test.py | 2 +- .../body_factory/http_with_origin.test.py | 6 +-- ...ttp408.test.txt => www.http408.test.test_input} | 10 ++--- ...get.txt => www.passthrough.test_get.test_input} | 4 +- ...t_get.txt => www.redirect0.test_get.test_input} | 4 +- ...get.txt => www.redirect301.test_get.test_input} | 4 +- ...get.txt => www.redirect302.test_get.test_input} | 4 +- ...get.txt => www.redirect307.test_get.test_input} | 4 +- ...get.txt => www.redirect308.test_get.test_input} | 4 +- .../headers/domain-blacklist-30x.test.py | 12 +++--- tests/gold_tests/headers/http408.test.py | 2 +- .../pluginTest/combo_handler/combo_handler.test.py | 16 .../x_cache_info/{none.in => none.test_input} | 8 ++-- .../xdebug/x_cache_info/{one.in => one.test_input} | 8 ++-- .../x_cache_info/{three.in => three.test_input}| 8 ++-- .../xdebug/x_cache_info/{two.in => two.test_input} | 8 ++-- .../xdebug/x_cache_info/x_cache_info.test.py | 4 +- .../x_effective_url/{none.in => none.test_input} | 10 ++--- .../x_effective_url/{one.in => one.test_input} | 10 ++--- .../x_effective_url/{three.in => three.test_input} | 10 ++--- .../x_effective_url/{two.in => two.test_input} | 10 ++--- .../xdebug/x_effective_url/x_effective_url.test.py | 2 +- .../xdebug/x_remap/{four.in => four.test_input}| 10 ++--- .../xdebug/x_remap/{fwd1.in => fwd1.test_input}| 10 ++--- .../xdebug/x_remap/{fwd2.in => fwd2.test_input}| 10 ++--- .../xdebug/x_remap/{fwd3.in => fwd3.test_input}| 10 ++--- .../xdebug/x_remap/{fwd4.in => fwd4.test_input}| 10 ++--- .../xdebug/x_remap/{fwd5.in => fwd5.test_input}| 10 ++--- .../xdebug/x_remap/{none.in => none.test_input}| 10 ++--- .../xdebug/x_remap/{one.in => one.test_input} | 10 ++--- .../xdebug/x_remap/{three.in => three.test_input} | 10 ++--- .../xdebug/x_remap/{two.in => two.test_input} | 10 ++--- .../pluginTest/xdebug/x_remap/x_remap.test.py | 2 +- .../{early_h1_get.txt => early_h1_get.test_input} | 6 +-- ...{early_h1_post.txt => early_h1_post.test_input} | 8 ++-- .../{early_h2_get.txt => early_h2_get.test_input} | Bin ...ly_h2_multi1.txt => early_h2_multi1.test_input} | Bin ...ly_h2_multi2.txt => early_h2_multi2.test_input} | Bin ...{early_h2_post.txt => early_h2_post.test_input} | Bin tests/gold_tests/tls/test-0rtt-s_client.py | 2 +- tests/gold_tests/tls/tls_0rtt_server.test.py | 12 +++--- tests/tools/tcp_client.py | 5 ++- 56 files changed, 200 insertions(+), 195 deletions(-) rename tests/gold_tests/body_factory/data/{www.customplugin204.test_get.txt => www.customplugin204.test_get.test_input} (95%) rename tests/gold_tests/body_factory/data/{www.customtemplate204.test_get.txt => www.customtemplate204.test_get.test_input} (96%) rename tests/gold_tests/body_factory/data/{www.default204.test_get.txt => www.default204.test_get.test_input} (95%) rename tests/gold_tests/body_factory/data/{www.default304.test_get.txt => www.default304.test_get.test_input} (95%) rename tests/gold_tests/body_factory/data/{www.example.test_get_200.txt => www.example.test_get_200.test_input} (93%) rename tests/gold_tests/body_factory/data/{www.example.test_get_304.txt => www.example.test_get_304.test_input} (95%) rename tests/gold_tests/body_factory/data/{www.example.test_head.txt => www.example.test_head.test_input} (95%) rename tests/gold_tests/body_factory/data/
[trafficserver] branch master updated: Add some header tests (#8221)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new 0e98156 Add some header tests (#8221) 0e98156 is described below commit 0e981565cf8267199d3c20f7a790f824e5952a40 Author: Susan Hinrichs AuthorDate: Wed Aug 18 10:03:01 2021 -0500 Add some header tests (#8221) --- .../gold_tests/headers/good_request_after_bad.test.py | 19 +++ 1 file changed, 19 insertions(+) diff --git a/tests/gold_tests/headers/good_request_after_bad.test.py b/tests/gold_tests/headers/good_request_after_bad.test.py index f65d542..1e5ca87 100644 --- a/tests/gold_tests/headers/good_request_after_bad.test.py +++ b/tests/gold_tests/headers/good_request_after_bad.test.py @@ -92,6 +92,25 @@ tr.Processes.Default.Command = 'printf "GET / HTTP/1.1\r\nhost: bob\r\ntransfer- tr.Processes.Default.ReturnCode = 0 tr.Processes.Default.Streams.stdout = 'gold/bad_te_value.gold' +tr = Test.AddTestRun("Another unsupported Transfer Encoding value") +tr.Processes.Default.Command = 'printf "GET / HTTP/1.1\r\nhost: bob\r\ntransfer-encoding: \x08chunked\r\n\r\nGET / HTTP/1.1\r\nHost: boa\r\n\r\n" | nc 127.0.0.1 {}'.format( +ts.Variables.port) +tr.Processes.Default.ReturnCode = 0 +tr.Processes.Default.Streams.stdout = 'gold/bad_te_value.gold' + +tr = Test.AddTestRun("Extra characters in content-length") +tr.Processes.Default.Command = 'printf "GET / HTTP/1.1\r\nhost: bob\r\ncontent-length:+3\r\n\r\nGET / HTTP/1.1\r\nHost: boa\r\n\r\n" | nc 127.0.0.1 {}'.format( +ts.Variables.port) +tr.Processes.Default.ReturnCode = 0 +tr.Processes.Default.Streams.stdout = 'gold/bad_good_request_header.gold' + +tr = Test.AddTestRun("Different extra characters in content-length") +tr.Processes.Default.Command = 'printf "GET / HTTP/1.1\r\nhost: bob\r\ncontent-length:\x0c3\r\n\r\nGET / HTTP/1.1\r\nHost: boa\r\n\r\n" | nc 127.0.0.1 {}'.format( +ts.Variables.port) +tr.Processes.Default.ReturnCode = 0 +tr.Processes.Default.Streams.stdout = 'gold/bad_good_request_header.gold' + + # TRACE request with a body tr = Test.AddTestRun("Trace request with a body") tr.Processes.Default.Command = 'printf "TRACE /foo HTTP/1.1\r\nHost: bob\r\nContent-length:2\r\n\r\nokGET / HTTP/1.1\r\nHost: boa\r\n\r\n" | nc 127.0.0.1 {}'.format(
[trafficserver] branch master updated (1109f20 -> 532e30c)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from 1109f20 Update documentation of the url log fields (#8015) add 532e30c Fix error connection logging crash (#8191) No new revisions were added by this update. Summary of changes: proxy/http/HttpTransact.cc | 9 ++--- 1 file changed, 6 insertions(+), 3 deletions(-)
[trafficserver] branch master updated (8b78586 -> 1109f20)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from 8b78586 Remove global g_rec_config_contents_llq (#8194) add 1109f20 Update documentation of the url log fields (#8015) No new revisions were added by this update. Summary of changes: doc/admin-guide/logging/formatting.en.rst | 17 ++--- 1 file changed, 10 insertions(+), 7 deletions(-)
[trafficserver] branch master updated (9590447 -> d00fb39)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from 9590447 Merge quic-latest into master (#8010) add d00fb39 Cancel active timeout when releasing session (#8083) No new revisions were added by this update. Summary of changes: proxy/http/Http1ServerSession.cc | 5 + proxy/http/HttpSessionManager.cc | 17 ++--- 2 files changed, 11 insertions(+), 11 deletions(-)
[trafficserver] branch master updated: Abstract adding Connection: close header to avoid triggering H2 draining logic (#8178)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new 658e3cd Abstract adding Connection: close header to avoid triggering H2 draining logic (#8178) 658e3cd is described below commit 658e3cde33a74353ec520fa18ead7035821485f1 Author: Susan Hinrichs AuthorDate: Thu Jul 29 08:56:24 2021 -0500 Abstract adding Connection: close header to avoid triggering H2 draining logic (#8178) --- proxy/ProxyTransaction.cc | 8 proxy/ProxyTransaction.h | 4 proxy/http/Http1Transaction.h | 7 +++ proxy/http/HttpSM.cc | 2 +- proxy/http/HttpTransact.cc| 11 +-- 5 files changed, 29 insertions(+), 3 deletions(-) diff --git a/proxy/ProxyTransaction.cc b/proxy/ProxyTransaction.cc index 3f1ace9..cb80b3c 100644 --- a/proxy/ProxyTransaction.cc +++ b/proxy/ProxyTransaction.cc @@ -240,3 +240,11 @@ ProxyTransaction::allow_half_open() const { return false; } + +// Most protocols will not want to set the Connection: header +// For H2 it will initiate the drain logic. So we make do nothing +// the default action. +void +ProxyTransaction::set_close_connection(HTTPHdr &hdr) const +{ +} diff --git a/proxy/ProxyTransaction.h b/proxy/ProxyTransaction.h index 82a07d6..261af68 100644 --- a/proxy/ProxyTransaction.h +++ b/proxy/ProxyTransaction.h @@ -87,6 +87,10 @@ public: // Returns true if there is a request body for this request virtual bool has_request_body(int64_t content_length, bool is_chunked_set) const; + // Worker function to set Connection:close header if appropriate for + // underlying protocol + virtual void set_close_connection(HTTPHdr &hdr) const; + sockaddr const *get_remote_addr() const; virtual HTTPVersion get_version(HTTPHdr &hdr) const; diff --git a/proxy/http/Http1Transaction.h b/proxy/http/Http1Transaction.h index be0a174..aeb1d3a 100644 --- a/proxy/http/Http1Transaction.h +++ b/proxy/http/Http1Transaction.h @@ -43,6 +43,7 @@ public: // Methods int get_transaction_id() const override; void set_reader(IOBufferReader *reader); + void set_close_connection(HTTPHdr &hdr) const override; // Variables @@ -71,3 +72,9 @@ Http1Transaction::set_reader(IOBufferReader *reader) { _reader = reader; } + +inline void +Http1Transaction::set_close_connection(HTTPHdr &hdr) const +{ + hdr.value_set(MIME_FIELD_CONNECTION, MIME_LEN_CONNECTION, "close", 5); +} diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc index 67d18b8..4f6e06d 100644 --- a/proxy/http/HttpSM.cc +++ b/proxy/http/HttpSM.cc @@ -5873,7 +5873,7 @@ HttpSM::do_drain_request_body(HTTPHdr &response) close_connection: t_state.client_info.keep_alive = HTTP_NO_KEEPALIVE; - response.value_set(MIME_FIELD_CONNECTION, MIME_LEN_CONNECTION, "close", 5); + ua_txn->set_close_connection(response); } void diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc index 6e66aa4..ce2d7fa 100644 --- a/proxy/http/HttpTransact.cc +++ b/proxy/http/HttpTransact.cc @@ -6891,7 +6891,10 @@ HttpTransact::handle_request_keep_alive_headers(State *s, HTTPVersion ver, HTTPH if (s->current.request_to == PARENT_PROXY && parent_is_proxy(s)) { heads->value_set(MIME_FIELD_PROXY_CONNECTION, MIME_LEN_PROXY_CONNECTION, "close", 5); } else { - heads->value_set(MIME_FIELD_CONNECTION, MIME_LEN_CONNECTION, "close", 5); + ProxyTransaction *svr = s->state_machine->get_server_txn(); + if (svr) { +svr->set_close_connection(*heads); + } } } // Note: if we are 1.1, we always need to send the close @@ -7050,7 +7053,11 @@ HttpTransact::handle_response_keep_alive_headers(State *s, HTTPVersion ver, HTTP case KA_CLOSE: case KA_DISABLED: if (s->client_info.keep_alive != HTTP_NO_KEEPALIVE || (ver == HTTP_1_1)) { - heads->value_set(c_hdr_field_str, c_hdr_field_len, "close", 5); + if (s->client_info.proxy_connect_hdr) { +heads->value_set(c_hdr_field_str, c_hdr_field_len, "close", 5); + } else if (s->state_machine->ua_txn != nullptr) { +s->state_machine->ua_txn->set_close_connection(*heads); + } s->client_info.keep_alive = HTTP_NO_KEEPALIVE; } // Note: if we are 1.1, we always need to send the close
[trafficserver] branch master updated (f2b4585 -> aeef325)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from f2b4585 Fix typo in documentation (#8177) add aeef325 Remove unused HdrCsvIter methods (#8167) No new revisions were added by this update. Summary of changes: proxy/hdrs/HdrUtils.cc | 22 -- proxy/hdrs/HdrUtils.h | 10 -- 2 files changed, 32 deletions(-)