[trafficserver] branch master updated: TS-4116: DNS failure prohibits use of client target address (#599)

Sun, 24 Apr 2016 13:35:04 -0700 

This is an automated email from the ASF dual-hosted git repository.

ushachar pushed a commit to branch master
in repository https://git-dual.apache.org/repos/asf/trafficserver.git

The following commit(s) were added to refs/heads/master by this push:
       new  7810e6b   TS-4116: DNS failure prohibits use of client target 
address (#599)
7810e6b is described below

commit 7810e6bd68fd1b542a297af3896f9412b2586aa9
Author: Uri Shachar <[email protected]>
AuthorDate: Sun Apr 24 23:34:15 2016 +0300

    TS-4116: DNS failure prohibits use of client target address (#599)
    
    Refactor handling of use_client_target_addr=1 when DNS resolving fails
---
 proxy/http/HttpSM.cc       | 66 ++++++++++++++++++----------------------------
 proxy/http/HttpTransact.cc |  7 +++--
 2 files changed, 31 insertions(+), 42 deletions(-)

diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index b8b2ef0..6487b16 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -2055,39 +2055,37 @@ HttpSM::process_srv_info(HostDBInfo *r)
 void
 HttpSM::process_hostdb_info(HostDBInfo *r)
 {
+  sockaddr const *client_addr = NULL;
+  bool use_client_addr = t_state.http_config_param->use_client_target_addr == 
1 && t_state.client_info.is_transparent &&
+                         t_state.dns_info.os_addr_style == 
HttpTransact::DNSLookupInfo::OS_ADDR_TRY_DEFAULT;
+  if (use_client_addr) {
+    client_addr = 
t_state.state_machine->ua_session->get_netvc()->get_local_addr();
+    // Regardless of whether the client address matches the DNS record or not,
+    // we want to use that address.  Therefore, we copy over the client address
+    // info and skip the assignment from the DNS cache
+    ats_ip_copy(t_state.host_db_info.ip(), client_addr);
+    t_state.dns_info.os_addr_style = 
HttpTransact::DNSLookupInfo::OS_ADDR_TRY_CLIENT;
+    t_state.dns_info.lookup_success = true;
+    // Leave ret unassigned, so we don't overwrite the host_db_info
+  }
+
   if (r && !r->failed()) {
     ink_time_t now = ink_cluster_time();
     HostDBInfo *ret = NULL;
     t_state.dns_info.lookup_success = true;
     t_state.dns_info.lookup_validated = true;
-    if (r->round_robin) {
-      // if use_client_target_addr is set, make sure the client
-      // addr sits in the pool
-      if (t_state.http_config_param->use_client_target_addr == 1 && 
t_state.client_info.is_transparent &&
-          t_state.dns_info.os_addr_style == 
HttpTransact::DNSLookupInfo::OS_ADDR_TRY_DEFAULT) {
-        HostDBRoundRobin *rr = r->rr();
-        sockaddr const *addr = 
t_state.state_machine->ua_session->get_netvc()->get_local_addr();
-
-        if (rr && rr->find_ip(addr) == NULL) {
-          // The client specified server address does not appear
-          // in the DNS pool
-          DebugSM("http",
-                  "use_client_target_addr == 1. Client specified address is 
not in the pool. Client address is not validated.");
-          t_state.dns_info.lookup_validated = false;
-        }
-        // Even if we did find the client specified address in the pool,
-        // We want to make sure that that address is used and not some
-        // other address in the DNS set.
-        // Copy over the client information and give up on the lookup
-        ats_ip_copy(t_state.host_db_info.ip(), addr);
-        t_state.dns_info.os_addr_style = 
HttpTransact::DNSLookupInfo::OS_ADDR_TRY_CLIENT;
+
+    HostDBRoundRobin *rr = r->round_robin ? r->rr() : NULL;
+    if (rr) {
+      // if use_client_target_addr is set, make sure the client addr is in the 
results pool
+      if (use_client_addr && rr->find_ip(client_addr) == NULL) {
+        DebugSM("http", "use_client_target_addr == 1. Client specified address 
is not in the pool, not validated.");
+        t_state.dns_info.lookup_validated = false;
       } else {
         // Since the time elapsed between current time and client_request_time
         // may be very large, we cannot use client_request_time to approximate
         // current time when calling select_best_http().
-        HostDBRoundRobin *rr = r->rr();
         ret = rr->select_best_http(&t_state.client_info.src_addr.sa, now, 
static_cast<int>(t_state.txn_conf->down_server_timeout));
-
         // set the srv target`s last_failure
         if (t_state.dns_info.srv_lookup_success) {
           uint32_t last_failure = 0xFFFFFFFF;
@@ -2106,22 +2104,9 @@ HttpSM::process_hostdb_info(HostDBInfo *r)
         }
       }
     } else {
-      if (t_state.http_config_param->use_client_target_addr == 1 && 
t_state.client_info.is_transparent &&
-          t_state.dns_info.os_addr_style == 
HttpTransact::DNSLookupInfo::OS_ADDR_TRY_DEFAULT) {
-        // Compare the client specified address against the looked up address
-        sockaddr const *addr = 
t_state.state_machine->ua_session->get_netvc()->get_local_addr();
-        if (!ats_ip_addr_eq(addr, &r->data.ip.sa)) {
-          DebugSM("http", "use_client_target_addr == 1.  Comparing single 
addresses failed. Client address is not validated.");
-          t_state.dns_info.lookup_validated = false;
-        }
-        // Regardless of whether the client address matches the DNS
-        // record or not, we want to use that address.  Therefore,
-        // we copy over the client address info and skip the assignment
-        // from the DNS cache
-        ats_ip_copy(t_state.host_db_info.ip(), addr);
-        t_state.dns_info.os_addr_style = 
HttpTransact::DNSLookupInfo::OS_ADDR_TRY_CLIENT;
-
-        // Leave ret unassigned, so we don't overwrite the host_db_info
+      if (use_client_addr && !ats_ip_addr_eq(client_addr, &r->data.ip.sa)) {
+        DebugSM("http", "use_client_target_addr == 1. Comparing single 
addresses failed, not validated.");
+        t_state.dns_info.lookup_validated = false;
       } else {
         ret = r;
       }
@@ -2134,7 +2119,8 @@ HttpSM::process_hostdb_info(HostDBInfo *r)
   } else {
     DebugSM("http", "[%" PRId64 "] DNS lookup failed for '%s'", sm_id, 
t_state.dns_info.lookup_name);
 
-    t_state.dns_info.lookup_success = false;
+    if (!use_client_addr)
+      t_state.dns_info.lookup_success = false;
     t_state.host_db_info.app.allotment.application1 = 0;
     t_state.host_db_info.app.allotment.application2 = 0;
     ink_assert(!t_state.host_db_info.round_robin);
diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc
index aa3f143..06bfe78 100644
--- a/proxy/http/HttpTransact.cc
+++ b/proxy/http/HttpTransact.cc
@@ -1701,10 +1701,13 @@ HttpTransact::OSDNSLookup(State *s)
     case EXPANSION_FAILED:
     case DNS_ATTEMPTS_EXHAUSTED:
       if (DNSLookupInfo::OS_ADDR_TRY_HOSTDB == s->dns_info.os_addr_style) {
-        // No HostDB data, just keep on with the CTA.
+        /*
+         *  We tried to connect to client target address, failed and tried to 
use a different addr
+         *  No HostDB data, just keep on with the CTA.
+         */
         s->dns_info.lookup_success = true;
         s->dns_info.os_addr_style = DNSLookupInfo::OS_ADDR_USE_CLIENT;
-        DebugTxn("http_seq", "[HttpTransact::OSDNSLookup] DNS lookup 
unsuccessful reverting to force client target address use");
+        DebugTxn("http_seq", "[HttpTransact::OSDNSLookup] DNS lookup 
unsuccessful, using client target address");
       } else {
         if (host_name_expansion == EXPANSION_NOT_ALLOWED) {
           // config file doesn't allow automatic expansion of host names

-- 
To stop receiving notification emails like this one, please contact
['"[email protected]" <[email protected]>'].

Reply via email to