TS-3558: Fix proxy.config.http.auth_server_session_private
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/300cdbae Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/300cdbae Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/300cdbae Branch: refs/heads/master Commit: 300cdbae992eb21d5cca233e91467f7902b726d8 Parents: a1af594 Author: Brian Geffon <bri...@apache.org> Authored: Mon Apr 27 19:54:41 2015 -0700 Committer: Brian Geffon <bri...@apache.org> Committed: Mon Apr 27 19:54:41 2015 -0700 ---------------------------------------------------------------------- lib/ts/apidefs.h.in | 1 + proxy/InkAPI.cc | 7 +++++++ proxy/InkAPITest.cc | 1 + proxy/http/HttpConfig.cc | 4 ++++ proxy/http/HttpSM.cc | 46 ++++++++++++++++++++++++++++--------------- proxy/http/HttpSM.h | 7 +++++++ 6 files changed, 50 insertions(+), 16 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/300cdbae/lib/ts/apidefs.h.in ---------------------------------------------------------------------- diff --git a/lib/ts/apidefs.h.in b/lib/ts/apidefs.h.in index 329adf2..a3e0d93 100644 --- a/lib/ts/apidefs.h.in +++ b/lib/ts/apidefs.h.in @@ -679,6 +679,7 @@ extern "C" TS_CONFIG_HTTP_KEEP_ALIVE_ENABLED_IN, TS_CONFIG_HTTP_KEEP_ALIVE_ENABLED_OUT, TS_CONFIG_HTTP_KEEP_ALIVE_POST_OUT, + TS_CONFIG_HTTP_AUTH_SERVER_SESSION_PRIVATE, TS_CONFIG_HTTP_SHARE_SERVER_SESSIONS, // DEPRECATED TS_CONFIG_HTTP_SERVER_SESSION_SHARING_POOL, TS_CONFIG_HTTP_SERVER_SESSION_SHARING_MATCH, http://git-wip-us.apache.org/repos/asf/trafficserver/blob/300cdbae/proxy/InkAPI.cc ---------------------------------------------------------------------- diff --git a/proxy/InkAPI.cc b/proxy/InkAPI.cc index 55def42..cfc1411 100644 --- a/proxy/InkAPI.cc +++ b/proxy/InkAPI.cc @@ -7660,6 +7660,9 @@ _conf_to_memberp(TSOverridableConfigKey conf, OverridableHttpConfigParams *overr case TS_CONFIG_HTTP_KEEP_ALIVE_POST_OUT: ret = &overridableHttpConfig->keep_alive_post_out; break; + case TS_CONFIG_HTTP_AUTH_SERVER_SESSION_PRIVATE: + ret = &overridableHttpConfig->auth_server_session_private; + break; case TS_CONFIG_HTTP_SHARE_SERVER_SESSIONS: ink_assert("Deprecated config key value - TS_CONFIG_HTTP_SHARE_SERVER_SESSIONS"); // ret = &overridableHttpConfig->share_server_sessions; @@ -8438,6 +8441,10 @@ TSHttpTxnConfigFind(const char *name, int length, TSOverridableConfigKey *conf, if (0 == strncmp(name, "proxy.config.http.server_session_sharing.pool", length)) cnf = TS_CONFIG_HTTP_SERVER_SESSION_SHARING_POOL; break; + case 'e': + if (0 == strncmp(name, "proxy.config.http.auth_server_session_private", length)) + cnf = TS_CONFIG_HTTP_AUTH_SERVER_SESSION_PRIVATE; + break; } break; http://git-wip-us.apache.org/repos/asf/trafficserver/blob/300cdbae/proxy/InkAPITest.cc ---------------------------------------------------------------------- diff --git a/proxy/InkAPITest.cc b/proxy/InkAPITest.cc index de5e319..8a7ec68 100644 --- a/proxy/InkAPITest.cc +++ b/proxy/InkAPITest.cc @@ -7170,6 +7170,7 @@ const char *SDK_Overridable_Configs[TS_CONFIG_LAST_ENTRY] = { "proxy.config.url_remap.pristine_host_hdr", "proxy.config.http.chunking_enabled", "proxy.config.http.negative_caching_enabled", "proxy.config.http.negative_caching_lifetime", "proxy.config.http.cache.when_to_revalidate", "proxy.config.http.keep_alive_enabled_in", "proxy.config.http.keep_alive_enabled_out", "proxy.config.http.keep_alive_post_out", + "proxy.config.http.auth_server_session_private", "proxy.config.http.share_server_sessions", "proxy.config.http.server_session_sharing.pool", "proxy.config.http.server_session_sharing.match", "proxy.config.net.sock_recv_buffer_size_out", "proxy.config.net.sock_send_buffer_size_out", "proxy.config.net.sock_option_flag_out", http://git-wip-us.apache.org/repos/asf/trafficserver/blob/300cdbae/proxy/http/HttpConfig.cc ---------------------------------------------------------------------- diff --git a/proxy/http/HttpConfig.cc b/proxy/http/HttpConfig.cc index a5bfc63..50d0b45 100644 --- a/proxy/http/HttpConfig.cc +++ b/proxy/http/HttpConfig.cc @@ -987,6 +987,8 @@ HttpConfig::startup() http_config_enum_read("proxy.config.http.server_session_sharing.match", SessionSharingMatchStrings, c.oride.server_session_sharing_match); + HttpEstablishStaticConfigByte(c.oride.auth_server_session_private, "proxy.config.http.auth_server_session_private"); + HttpEstablishStaticConfigByte(c.oride.keep_alive_post_out, "proxy.config.http.keep_alive_post_out"); HttpEstablishStaticConfigLongLong(c.oride.keep_alive_no_activity_timeout_in, @@ -1232,6 +1234,8 @@ HttpConfig::reconfigure() params->oride.keep_alive_enabled_in = INT_TO_BOOL(m_master.oride.keep_alive_enabled_in); params->oride.keep_alive_enabled_out = INT_TO_BOOL(m_master.oride.keep_alive_enabled_out); params->oride.chunking_enabled = INT_TO_BOOL(m_master.oride.chunking_enabled); + params->oride.auth_server_session_private = INT_TO_BOOL(m_master.oride.auth_server_session_private); + params->oride.http_chunking_size = m_master.oride.http_chunking_size; params->oride.post_check_content_length_enabled = INT_TO_BOOL(m_master.oride.post_check_content_length_enabled); http://git-wip-us.apache.org/repos/asf/trafficserver/blob/300cdbae/proxy/http/HttpSM.cc ---------------------------------------------------------------------- diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc index 99f3aa1..0e8918a 100644 --- a/proxy/http/HttpSM.cc +++ b/proxy/http/HttpSM.cc @@ -292,7 +292,7 @@ HttpSM::HttpSM() enable_redirection(false), redirect_url(NULL), redirect_url_len(0), redirection_tries(0), transfered_bytes(0), post_failed(false), debug_on(false), plugin_tunnel_type(HTTP_NO_PLUGIN_TUNNEL), plugin_tunnel(NULL), reentrancy_count(0), history_pos(0), tunnel(), ua_entry(NULL), ua_session(NULL), background_fill(BACKGROUND_FILL_NONE), ua_raw_buffer_reader(NULL), - server_entry(NULL), server_session(NULL), shared_session_retries(0), server_buffer_reader(NULL), transform_info(), + server_entry(NULL), server_session(NULL), will_be_private_ss(false), shared_session_retries(0), server_buffer_reader(NULL), transform_info(), post_transform_info(), has_active_plugin_agents(false), second_cache_sm(NULL), default_handler(NULL), pending_action(NULL), historical_action(NULL), last_action(HttpTransact::SM_ACTION_UNDEFINED), // TODO: Now that bodies can be empty, should the body counters be set to -1 ? TS-2213 @@ -4569,6 +4569,32 @@ HttpSM::do_http_server_open(bool raw) // to do this but as far I can tell the code that prevented keep-alive if // there is a request body has been removed. + // If we are sending authorizations headers, mark the connection private + // + // We do this here because it means that we will not waste a connection from the pool if we already + // know that the session will be private. This is overridable meaning that if a plugin later decides + // it shouldn't be private it can still be returned to a shared pool. + // + if (t_state.txn_conf->auth_server_session_private == 1 && + t_state.hdr_info.server_request.presence(MIME_PRESENCE_AUTHORIZATION | MIME_PRESENCE_PROXY_AUTHORIZATION | + MIME_PRESENCE_WWW_AUTHENTICATE)) { + DebugSM("http_ss_auth", "Setting server session to private for authorization header"); + will_be_private_ss = true; + } + + if (t_state.method == HTTP_WKSIDX_POST || t_state.method == HTTP_WKSIDX_PUT) { + // don't share the session if keep-alive for post is not on + if (t_state.txn_conf->keep_alive_post_out == 0) { + DebugSM("http_ss", "Setting server session to private because of keep-alive post out"); + will_be_private_ss = true; + } + } + + // If there is already an attached server session mark it as private. + if (server_session != NULL && will_be_private_ss) { + set_server_session_private(true); + } + if (raw == false && TS_SERVER_SESSION_SHARING_MATCH_NONE != t_state.txn_conf->server_session_sharing_match && (t_state.txn_conf->keep_alive_post_out == 1 || t_state.hdr_info.request_content_length == 0) && !is_private() && ua_session != NULL) { @@ -5581,13 +5607,6 @@ HttpSM::attach_server_session(HttpServerSession *s) if (t_state.method == HTTP_WKSIDX_POST || t_state.method == HTTP_WKSIDX_PUT) { connect_timeout = t_state.txn_conf->post_connect_attempts_timeout; - - // don't share the session if keep-alive for post is not on - if (t_state.txn_conf->keep_alive_post_out == 0) { - DebugSM("http_ss", "Setting server session to private because of keep-alive post out"); - set_server_session_private(true); - } - } else if (t_state.current.server == &t_state.parent_info) { connect_timeout = t_state.http_config_param->parent_connect_timeout; } else { @@ -5608,7 +5627,7 @@ HttpSM::attach_server_session(HttpServerSession *s) server_session->get_netvc()->set_active_timeout(HRTIME_SECONDS(t_state.txn_conf->transaction_active_timeout_out)); } - if (plugin_tunnel_type != HTTP_NO_PLUGIN_TUNNEL) { + if (plugin_tunnel_type != HTTP_NO_PLUGIN_TUNNEL || will_be_private_ss) { DebugSM("http_ss", "Setting server session to private"); set_server_session_private(true); } @@ -5652,13 +5671,6 @@ HttpSM::setup_server_send_request() server_request_body_bytes = msg_len; } - // If we are sending authorizations headers, mark the connection private - if (t_state.txn_conf->auth_server_session_private == 1 && - t_state.hdr_info.server_request.presence(MIME_PRESENCE_AUTHORIZATION | MIME_PRESENCE_PROXY_AUTHORIZATION | - MIME_PRESENCE_WWW_AUTHENTICATE)) { - DebugSM("http_ss", "Setting server session to private for authorization header"); - set_server_session_private(true); - } milestones.server_begin_write = ink_get_hrtime(); server_entry->write_vio = server_entry->vc->do_io_write(this, hdr_length, buf_start); } @@ -7602,6 +7614,8 @@ HttpSM::is_private() HttpServerSession *ss = ua_session->get_server_session(); if (ss) { res = ss->private_session; + } else if (will_be_private_ss) { + res = will_be_private_ss; } } return res; http://git-wip-us.apache.org/repos/asf/trafficserver/blob/300cdbae/proxy/http/HttpSM.h ---------------------------------------------------------------------- diff --git a/proxy/http/HttpSM.h b/proxy/http/HttpSM.h index 4edd7d5..16844ce 100644 --- a/proxy/http/HttpSM.h +++ b/proxy/http/HttpSM.h @@ -316,6 +316,13 @@ protected: HttpVCTableEntry *server_entry; HttpServerSession *server_session; + + /* Because we don't want to take a session from a shared pool if we know that it will be private, + * but we cannot set it to private until we have an attached server session. + * So we use this variable to indicate that + * we should create a new connection and then once we attach the session we'll mark it as private. + */ + bool will_be_private_ss; int shared_session_retries; IOBufferReader *server_buffer_reader; void remove_server_entry();