This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 8.1.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/8.1.x by this push: new 9c55701 Remove usage of stored ACL record, always pull from current ipallow (#7217) 9c55701 is described below commit 9c55701f3d930a35b6bdd1a9a4f53614f5b5d44e Author: Evan Zelkowitz <e...@apache.org> AuthorDate: Thu Oct 1 14:19:24 2020 -0600 Remove usage of stored ACL record, always pull from current ipallow (#7217) --- proxy/ProxyClientSession.h | 4 ---- proxy/ProxyClientTransaction.h | 6 ------ proxy/http/HttpSessionAccept.cc | 1 - proxy/http/HttpTransact.cc | 10 ++++++++-- proxy/http2/Http2SessionAccept.cc | 1 - 5 files changed, 8 insertions(+), 14 deletions(-) diff --git a/proxy/ProxyClientSession.h b/proxy/ProxyClientSession.h index 76dc0c6..21fe2fa 100644 --- a/proxy/ProxyClientSession.h +++ b/proxy/ProxyClientSession.h @@ -36,7 +36,6 @@ #define SsnDebug(ssn, tag, ...) SpecificDebug((ssn)->debug(), tag, __VA_ARGS__) class ProxyClientTransaction; -struct AclRecord; enum class ProxyErrorClass { NONE, @@ -285,9 +284,6 @@ public: return netvc ? netvc->get_local_addr() : nullptr; } - /// acl record - cache IpAllow::match() call - const AclRecord *acl_record = nullptr; - /// Local address for outbound connection. IpAddr outbound_ip4; /// Local address for outbound connection. diff --git a/proxy/ProxyClientTransaction.h b/proxy/ProxyClientTransaction.h index 5d7e071..695ecaf 100644 --- a/proxy/ProxyClientTransaction.h +++ b/proxy/ProxyClientTransaction.h @@ -144,12 +144,6 @@ public: host_res_style = style; } - const AclRecord * - get_acl_record() const - { - return parent ? parent->acl_record : nullptr; - } - // Indicate we are done with this transaction virtual void release(IOBufferReader *r); diff --git a/proxy/http/HttpSessionAccept.cc b/proxy/http/HttpSessionAccept.cc index cb4bc84..50aded4 100644 --- a/proxy/http/HttpSessionAccept.cc +++ b/proxy/http/HttpSessionAccept.cc @@ -67,7 +67,6 @@ HttpSessionAccept::accept(NetVConnection *netvc, MIOBuffer *iobuf, IOBufferReade new_session->outbound_ip6 = outbound_ip6; new_session->outbound_port = outbound_port; new_session->host_res_style = ats_host_res_from(client_ip->sa_family, host_res_preference); - new_session->acl_record = acl_record; new_session->new_connection(netvc, iobuf, reader, backdoor); diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc index c526fa7..e5c97c9 100644 --- a/proxy/http/HttpTransact.cc +++ b/proxy/http/HttpTransact.cc @@ -6450,8 +6450,14 @@ HttpTransact::process_quick_http_filter(State *s, int method) } if (s->state_machine->ua_txn) { - const AclRecord *acl_record = s->state_machine->ua_txn->get_acl_record(); - bool deny_request = (acl_record == nullptr); + const AclRecord *acl_record = nullptr; + if (s->backdoor_request) { + acl_record = IpAllow::AllMethodAcl(); + } else { + acl_record = SessionAccept::testIpAllowPolicy(s->client_info.src_addr); + } + + bool deny_request = (acl_record == nullptr); if (acl_record && (acl_record->_method_mask != AclRecord::ALL_METHOD_MASK)) { if (method != -1) { deny_request = !acl_record->isMethodAllowed(method); diff --git a/proxy/http2/Http2SessionAccept.cc b/proxy/http2/Http2SessionAccept.cc index 8f4e154..3d8e929 100644 --- a/proxy/http2/Http2SessionAccept.cc +++ b/proxy/http2/Http2SessionAccept.cc @@ -54,7 +54,6 @@ Http2SessionAccept::accept(NetVConnection *netvc, MIOBuffer *iobuf, IOBufferRead } Http2ClientSession *new_session = THREAD_ALLOC_INIT(http2ClientSessionAllocator, this_ethread()); - new_session->acl_record = session_acl_record; new_session->host_res_style = ats_host_res_from(client_ip->sa_family, options.host_res_preference); new_session->outbound_ip4 = options.outbound_ip4; new_session->outbound_ip6 = options.outbound_ip6;