This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 9746ceb Adds a new condition, %{IP:<part>}
9746ceb is described below
commit 9746cebcbc7c5d8e7f52dfd03d04909f8c97e13c
Author: Leif Hedstrom <[email protected]>
AuthorDate: Wed Mar 29 17:23:15 2017 -0500
Adds a new condition, %{IP:<part>}
This replaces the old %{CLIENT-IP}, and generalizes the access to
all four IP addresses. E.g.
cond %{SEND_RESPONSE_HDR_HOOK}
set-header X-Client-IP %{IP:CLIENT}
set-header X-Inbound-IP %{IP:INBOUND}
set-header X-Server-IP %{IP:SERVER}
set-header X-Outbound-IP %{IP:OUTBOUND}
In the case of a sockaddr not being populated, e.g. IP:SERVER on
a cache hit, the string is "" (empty).
---
doc/admin-guide/plugins/header_rewrite.en.rst | 31 ++++++++++++
plugins/header_rewrite/conditions.cc | 70 +++++++++++++++++++++++++++
plugins/header_rewrite/conditions.h | 18 +++++++
plugins/header_rewrite/factory.cc | 4 ++
plugins/header_rewrite/lulu.cc | 9 ++++
plugins/header_rewrite/statement.h | 9 ++++
6 files changed, 141 insertions(+)
diff --git a/doc/admin-guide/plugins/header_rewrite.en.rst
b/doc/admin-guide/plugins/header_rewrite.en.rst
index 7071fbe..ee08669 100644
--- a/doc/admin-guide/plugins/header_rewrite.en.rst
+++ b/doc/admin-guide/plugins/header_rewrite.en.rst
@@ -179,6 +179,8 @@ CLIENT-IP
Remote IP address, as a string, of the client connection for the current
transaction.
+This condition is *deprecated* as of ATS v7.2.x, please use %{IP:CLIENT}
instead.
+
CLIENT-URL
~~~~~~~~~~
::
@@ -291,6 +293,35 @@ INCOMING-PORT
TCP port, as a decimal integer, on which the incoming client connection was
made.
+IP
+~~
+::
+
+ cond %{IP:<part>} <operand>
+
+This is one of four possible IPs associated with the transaction, with the
+possible parts being
+::
+
+ %{IP:CLIENT} Clients IP
+ %{IP:INBOUND} ATS's server IP the client connected to
+ %{IP:SERVER} Upstream (next-hop) server IP (typically origin, or
parent)
+ %{IP:OUTBOUND} ATS's outbound IP, that was used to connect upstream
(next-hop)
+
+Note that both %{IP:SERVER} and %{IP:OUTBOUND} can be unset, in which case the
+empty string is returned. The common use for this condition is
+actually as a value to an operator, e.g.
+::
+
+ cond %{SEND_RESPONSE_HDR_HOOK}
+ set-header X-Client-IP %{IP:CLIENT}
+ set-header X-Inbound-IP %{IP:INBOUND}
+ set-header X-Server-IP %{IP:SERVER}
+ set-header X-Outbound-IP %{IP:OUTBOUND}
+
+Finally, this new condition replaces the old %{CLIENT-IP} condition, which is
+now properly deprecated. It will be removed as of ATS v8.0.0.
+
INTERNAL-TRANSACTION
~~~~~~~~~~~~~~~~~~~~
::
diff --git a/plugins/header_rewrite/conditions.cc
b/plugins/header_rewrite/conditions.cc
index d4425be..b1e0269 100644
--- a/plugins/header_rewrite/conditions.cc
+++ b/plugins/header_rewrite/conditions.cc
@@ -582,6 +582,76 @@ ConditionClientIp::append_value(std::string &s, const
Resources &res)
}
void
+ConditionIp::initialize(Parser &p)
+{
+ Condition::initialize(p);
+
+ MatcherType *match = new MatcherType(_cond_op);
+
+ match->set(p.get_arg());
+ _matcher = match;
+}
+
+void
+ConditionIp::set_qualifier(const std::string &q)
+{
+ Condition::set_qualifier(q);
+
+ TSDebug(PLUGIN_NAME, "\tParsing %%{IP:%s} qualifier", q.c_str());
+
+ if (q == "CLIENT") {
+ _ip_qual = IP_QUAL_CLIENT;
+ } else if (q == "INBOUND") {
+ _ip_qual = IP_QUAL_INBOUND;
+ } else if (q == "SERVER") {
+ _ip_qual = IP_QUAL_SERVER;
+ } else if (q == "OUTBOUND") {
+ _ip_qual = IP_QUAL_OUTBOUND;
+ } else {
+ TSError("[%s] Unknown IP() qualifier: %s", PLUGIN_NAME, q.c_str());
+ }
+}
+
+bool
+ConditionIp::eval(const Resources &res)
+{
+ std::string s;
+
+ append_value(s, res);
+ bool rval = static_cast<const Matchers<std::string> *>(_matcher)->test(s);
+
+ TSDebug(PLUGIN_NAME, "Evaluating IP(): %s - rval: %d", s.c_str(), rval);
+
+ return rval;
+}
+
+void
+ConditionIp::append_value(std::string &s, const Resources &res)
+{
+ bool ip_set = false;
+ char ip[INET6_ADDRSTRLEN];
+
+ switch (_ip_qual) {
+ case IP_QUAL_CLIENT:
+ ip_set = (nullptr != getIP(TSHttpTxnClientAddrGet(res.txnp), ip));
+ break;
+ case IP_QUAL_INBOUND:
+ ip_set = (nullptr != getIP(TSHttpTxnIncomingAddrGet(res.txnp), ip));
+ break;
+ case IP_QUAL_SERVER:
+ ip_set = (nullptr != getIP(TSHttpTxnServerAddrGet(res.txnp), ip));
+ break;
+ case IP_QUAL_OUTBOUND:
+ ip_set = (nullptr != getIP(TSHttpTxnOutgoingAddrGet(res.txnp), ip));
+ break;
+ }
+
+ if (ip_set) {
+ s.append(ip);
+ }
+}
+
+void
ConditionIncomingPort::initialize(Parser &p)
{
Condition::initialize(p);
diff --git a/plugins/header_rewrite/conditions.h
b/plugins/header_rewrite/conditions.h
index 3f31126..640f1a5 100644
--- a/plugins/header_rewrite/conditions.h
+++ b/plugins/header_rewrite/conditions.h
@@ -359,6 +359,24 @@ protected:
bool eval(const Resources &res);
};
+class ConditionIp : public Condition
+{
+ typedef Matchers<std::string> MatcherType;
+
+public:
+ explicit ConditionIp() : _ip_qual(IP_QUAL_CLIENT) { TSDebug(PLUGIN_NAME_DBG,
"Calling CTOR for ConditionIp"); };
+ void initialize(Parser &p);
+ void set_qualifier(const std::string &q);
+ void append_value(std::string &s, const Resources &res);
+
+protected:
+ bool eval(const Resources &res);
+
+private:
+ DISALLOW_COPY_AND_ASSIGN(ConditionIp);
+ IpQualifiers _ip_qual;
+};
+
class ConditionClientIp : public Condition
{
typedef Matchers<std::string> MatcherType;
diff --git a/plugins/header_rewrite/factory.cc
b/plugins/header_rewrite/factory.cc
index 2acbdc8..3b70c7a 100644
--- a/plugins/header_rewrite/factory.cc
+++ b/plugins/header_rewrite/factory.cc
@@ -123,7 +123,11 @@ condition_factory(const std::string &cond)
c = new ConditionInternalTxn();
} else if (c_name == "INTERNAL-TXN") {
c = new ConditionInternalTxn();
+ } else if (c_name == "IP") {
+ c = new ConditionIp();
} else if (c_name == "CLIENT-IP") {
+ TSDebug(PLUGIN_NAME, "\tWARNING: configuration uses deprecated condition,
CLIENT-IP()");
+ TSError("warning: CLIENT-IP() is deprecated, use %%{IP:CLIENT} instead");
c = new ConditionClientIp();
} else if (c_name == "INCOMING-PORT") {
c = new ConditionIncomingPort();
diff --git a/plugins/header_rewrite/lulu.cc b/plugins/header_rewrite/lulu.cc
index 3c08030..78b70f0 100644
--- a/plugins/header_rewrite/lulu.cc
+++ b/plugins/header_rewrite/lulu.cc
@@ -17,6 +17,7 @@
*/
#include <string>
+#include <netinet/in.h>
#include "ts/ts.h"
#include "lulu.h"
@@ -31,6 +32,14 @@ getIP(sockaddr const *s_sockaddr, char res[INET6_ADDRSTRLEN])
return nullptr;
}
+ // This is a little kludgy, but the TS APIs that returns sockadd's don't
return
+ // nullptr's in general (it seems). Maybe that should be fixed, or maybe we
should
+ // export lib/ts/ink_inet.h as C APIs... (according to amc). But without
this check,
+ // we get ::1 even when the sockaddr isn't populated (e.g. server addr on a
cache hit).
+ if (AF_UNSPEC == s_sockaddr->sa_family) {
+ return nullptr;
+ }
+
switch (s_sockaddr->sa_family) {
case AF_INET: {
const struct sockaddr_in *s_sockaddr_in = reinterpret_cast<const struct
sockaddr_in *>(s_sockaddr);
diff --git a/plugins/header_rewrite/statement.h
b/plugins/header_rewrite/statement.h
index 7aa627b..69e2df5 100644
--- a/plugins/header_rewrite/statement.h
+++ b/plugins/header_rewrite/statement.h
@@ -72,6 +72,15 @@ enum IdQualifiers {
ID_QUAL_UNIQUE,
};
+// IP
+enum IpQualifiers {
+ IP_QUAL_CLIENT,
+ IP_QUAL_INBOUND,
+ // These two might not necessarily get populated, e.g. on a cache hit.
+ IP_QUAL_SERVER,
+ IP_QUAL_OUTBOUND,
+};
+
class Statement
{
public:
--
To stop receiving notification emails like this one, please contact
['"[email protected]" <[email protected]>'].
