This is an automated email from the ASF dual-hosted git repository.
amc pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 3eec6e0 TS-4976: Regularize plugins - replace-protoset changed to
disable_http2
3eec6e0 is described below
commit 3eec6e0586ad1c95245bfd77d01bc3fd2f3b44a8
Author: Alan M. Carroll <[email protected]>
AuthorDate: Tue May 2 09:00:27 2017 -0500
TS-4976: Regularize plugins - replace-protoset changed to disable_http2
---
example/Makefile.am | 4 +-
.../disable_http2.cc} | 76 ++++++++++------------
example/disable_http2/readme.txt | 7 ++
3 files changed, 42 insertions(+), 45 deletions(-)
diff --git a/example/Makefile.am b/example/Makefile.am
index 24fe037..98f3c38 100644
--- a/example/Makefile.am
+++ b/example/Makefile.am
@@ -56,7 +56,7 @@ example_Plugins = \
thread-1.la \
txn-data-sink.la \
version.la \
- replace-protoset.la
+ disable_http2.la
example_Plugins += \
cppapi/AsyncHttpFetch.la \
@@ -117,7 +117,7 @@ server_transform_la_SOURCES =
server-transform/server-transform.c
ssl_preaccept_la_SOURCES = ssl-preaccept/ssl-preaccept.cc
ssl_sni_la_SOURCES = ssl-sni/ssl-sni.cc
ssl_sni_whitelist_la_SOURCES = ssl-sni-whitelist/ssl-sni-whitelist.cc
-replace_protoset_la_SOURCES = replace-protoset/replace-protoset.cc
+disable_http2_la_SOURCES = disable_http2/disable_http2.cc
statistic_la_SOURCES = statistic/statistic.cc
thread_1_la_SOURCES = thread-1/thread-1.c
txn_data_sink_la_SOURCES = txn-data-sink/txn-data-sink.c
diff --git a/example/replace-protoset/replace-protoset.cc
b/example/disable_http2/disable_http2.cc
similarity index 58%
rename from example/replace-protoset/replace-protoset.cc
rename to example/disable_http2/disable_http2.cc
index b5f4e1d..1e4afdc 100644
--- a/example/replace-protoset/replace-protoset.cc
+++ b/example/disable_http2/disable_http2.cc
@@ -1,6 +1,10 @@
/** @file
- A brief file description
+ An example plugin for accept object protocol set API.
+
+ This clones the protocol sets attached to all the accept objects and
unregisters HTTP/2 from those
+ copies. The protocol set for incoming connections that match a list of
domains are replaced with
+ the copy, effectively disabling HTTP/2 for those domains.
@section license License
@@ -21,51 +25,35 @@
limitations under the License.
*/
-/*
- * replace-protoset.c:
- * an example plugin...
- * Clones protoset attached with all the accept objects
- * Unregisters H2 from the clone
- * Replaces the protoset attached with all the incoming VCs with a clone
- */
-#include <atscppapi/GlobalPlugin.h>
-#include <atscppapi/PluginInit.h>
#include <ts/ts.h>
-#include <ts/TsBuffer.h>
#include <unordered_map>
#include <unordered_set>
-#include <iostream>
-#include <algorithm>
-#include <cinttypes>
+#include <string>
#include <openssl/ssl.h>
-#include <fcntl.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <unistd.h>
-#define PLNAME "TLS Protocol Adjuster"
-#define PLTAG "replace_protoset"
+#define PLUGIN_NAME "disable_http2"
+
+typedef std::unordered_map<int, TSNextProtocolSet> AcceptorMapping; // stores
protocolset keyed by NetAccept ID
+AcceptorMapping AcceptorMap;
-typedef std::unordered_map<int, TSNextProtocolSet> protoTable; // stores
protocolset keyed by NetAccept ID
-protoTable ProtoSetTable;
-typedef std::unordered_set<std::string> Table;
// Map of domains to tweak.
-Table _table;
+typedef std::unordered_set<std::string> DomainSet;
+DomainSet Domains;
int
CB_SNI(TSCont contp, TSEvent, void *cb_data)
{
- TSVConn vc = (static_cast<TSVConn>(cb_data));
+ auto vc = static_cast<TSVConn>(cb_data);
TSSslConnection ssl_conn = TSVConnSSLConnectionGet(vc);
auto *ssl = reinterpret_cast<SSL *>(ssl_conn);
char const *sni = SSL_get_servername(ssl,
TLSEXT_NAMETYPE_host_name);
if (sni) {
- if (_table.find(sni) != _table.end()) {
+ if (Domains.find(sni) != Domains.end()) {
TSAcceptor na = TSAcceptorGet(vc);
int nid = TSAcceptorIDGet(na);
- TSNextProtocolSet ps = ProtoSetTable[nid];
- TSRegisterProtocolSet(vc, ps);
+ TSNextProtocolSet ps = AcceptorMap[nid]; // get our copy of the protocol
set.
+ TSRegisterProtocolSet(vc, ps); // replace default protocol set
with the copy.
}
}
@@ -78,12 +66,14 @@ CB_NetAcceptReady(TSCont contp, TSEvent event, void
*cb_data)
{
switch (event) {
case TS_EVENT_LIFECYCLE_PORTS_READY:
+ // The accept objecs are all created and ready at this point. We
+ // can now iterate over them.
for (int i = 0, totalNA = TSAcceptorCount(); i < totalNA; ++i) {
TSAcceptor netaccept = TSAcceptorGetbyID(i);
// get a clone of the protoset associated with the netaccept
TSNextProtocolSet nps = TSGetcloneProtoSet(netaccept);
TSUnregisterProtocol(nps, TS_ALPN_PROTOCOL_HTTP_2_0);
- ProtoSetTable[i] = nps;
+ AcceptorMap[i] = nps;
}
break;
default:
@@ -95,29 +85,29 @@ CB_NetAcceptReady(TSCont contp, TSEvent event, void
*cb_data)
void
TSPluginInit(int argc, char const *argv[])
{
- int ret = -999, i;
+ int ret;
TSPluginRegistrationInfo info;
- info.plugin_name = PLNAME;
- info.vendor_name = "Yahoo!";
- info.support_email = "[email protected]";
+
+ info.plugin_name = PLUGIN_NAME;
+ info.vendor_name = "Apache Software Foundation";
+ info.support_email = "[email protected]";
ret = TSPluginRegister(&info);
if (ret != TS_SUCCESS) {
- TSError("Plugin registration failed.");
+ TSError("[%s] registration failed.", PLUGIN_NAME);
+ return;
+ } else if (argc < 2) {
+ TSError("[%s] Usage %s.so servername1 servername2 ... ", PLUGIN_NAME,
PLUGIN_NAME);
return;
} else {
- if (argc < 2) {
- TSError("[%s] Usage %s servername1 servername2 .... ", PLTAG, PLTAG);
- return;
- }
- TSDebug(PLTAG, "Plugin registration succeeded.");
+ TSDebug(PLUGIN_NAME, "registration succeeded.");
}
- for (i = 1; i < argc; i++) {
- TSDebug(PLTAG, "%s added to the No-H2 list", argv[i]);
- _table.emplace(std::string(argv[i], strlen(argv[i])));
+ for (int i = 1; i < argc; i++) {
+ TSDebug(PLUGIN_NAME, "%s added to the No-H2 list", argv[i]);
+ Domains.emplace(std::string(argv[i], strlen(argv[i])));
}
- // This should not modify any state so no lock is needed.
+ // These callbacks do not modify any state so no lock is needed.
TSCont cb_sni = TSContCreate(&CB_SNI, nullptr);
TSCont cb_netacc = TSContCreate(&CB_NetAcceptReady, nullptr);
diff --git a/example/disable_http2/readme.txt b/example/disable_http2/readme.txt
new file mode 100644
index 0000000..90c9cf5
--- /dev/null
+++ b/example/disable_http2/readme.txt
@@ -0,0 +1,7 @@
+Usage:
+
+In plugins.config,
+
+disable_http2 sni_a sni_b [...]
+
+For connections with any of these SNI values, HTTP/2 will be removed
(disabled) from the list of valid next protocols.
--
To stop receiving notification emails like this one, please contact
['"[email protected]" <[email protected]>'].
