This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 8.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/8.1.x by this push:
new 9c55701 Remove usage of stored ACL record, always pull from current
ipallow (#7217)
9c55701 is described below
commit 9c55701f3d930a35b6bdd1a9a4f53614f5b5d44e
Author: Evan Zelkowitz <e...@apache.org>
AuthorDate: Thu Oct 1 14:19:24 2020 -0600
Remove usage of stored ACL record, always pull from current ipallow (#7217)
---
proxy/ProxyClientSession.h | 4 ----
proxy/ProxyClientTransaction.h | 6 ------
proxy/http/HttpSessionAccept.cc | 1 -
proxy/http/HttpTransact.cc | 10 ++++++++--
proxy/http2/Http2SessionAccept.cc | 1 -
5 files changed, 8 insertions(+), 14 deletions(-)
diff --git a/proxy/ProxyClientSession.h b/proxy/ProxyClientSession.h
index 76dc0c6..21fe2fa 100644
--- a/proxy/ProxyClientSession.h
+++ b/proxy/ProxyClientSession.h
@@ -36,7 +36,6 @@
#define SsnDebug(ssn, tag, ...) SpecificDebug((ssn)->debug(), tag, __VA_ARGS__)
class ProxyClientTransaction;
-struct AclRecord;
enum class ProxyErrorClass {
NONE,
@@ -285,9 +284,6 @@ public:
return netvc ? netvc->get_local_addr() : nullptr;
}
- /// acl record - cache IpAllow::match() call
- const AclRecord *acl_record = nullptr;
-
/// Local address for outbound connection.
IpAddr outbound_ip4;
/// Local address for outbound connection.
diff --git a/proxy/ProxyClientTransaction.h b/proxy/ProxyClientTransaction.h
index 5d7e071..695ecaf 100644
--- a/proxy/ProxyClientTransaction.h
+++ b/proxy/ProxyClientTransaction.h
@@ -144,12 +144,6 @@ public:
host_res_style = style;
}
- const AclRecord *
- get_acl_record() const
- {
- return parent ? parent->acl_record : nullptr;
- }
-
// Indicate we are done with this transaction
virtual void release(IOBufferReader *r);
diff --git a/proxy/http/HttpSessionAccept.cc b/proxy/http/HttpSessionAccept.cc
index cb4bc84..50aded4 100644
--- a/proxy/http/HttpSessionAccept.cc
+++ b/proxy/http/HttpSessionAccept.cc
@@ -67,7 +67,6 @@ HttpSessionAccept::accept(NetVConnection *netvc, MIOBuffer
*iobuf, IOBufferReade
new_session->outbound_ip6 = outbound_ip6;
new_session->outbound_port = outbound_port;
new_session->host_res_style =
ats_host_res_from(client_ip->sa_family, host_res_preference);
- new_session->acl_record = acl_record;
new_session->new_connection(netvc, iobuf, reader, backdoor);
diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc
index c526fa7..e5c97c9 100644
--- a/proxy/http/HttpTransact.cc
+++ b/proxy/http/HttpTransact.cc
@@ -6450,8 +6450,14 @@ HttpTransact::process_quick_http_filter(State *s, int
method)
}
if (s->state_machine->ua_txn) {
- const AclRecord *acl_record = s->state_machine->ua_txn->get_acl_record();
- bool deny_request = (acl_record == nullptr);
+ const AclRecord *acl_record = nullptr;
+ if (s->backdoor_request) {
+ acl_record = IpAllow::AllMethodAcl();
+ } else {
+ acl_record = SessionAccept::testIpAllowPolicy(s->client_info.src_addr);
+ }
+
+ bool deny_request = (acl_record == nullptr);
if (acl_record && (acl_record->_method_mask !=
AclRecord::ALL_METHOD_MASK)) {
if (method != -1) {
deny_request = !acl_record->isMethodAllowed(method);
diff --git a/proxy/http2/Http2SessionAccept.cc
b/proxy/http2/Http2SessionAccept.cc
index 8f4e154..3d8e929 100644
--- a/proxy/http2/Http2SessionAccept.cc
+++ b/proxy/http2/Http2SessionAccept.cc
@@ -54,7 +54,6 @@ Http2SessionAccept::accept(NetVConnection *netvc, MIOBuffer
*iobuf, IOBufferRead
}
Http2ClientSession *new_session =
THREAD_ALLOC_INIT(http2ClientSessionAllocator, this_ethread());
- new_session->acl_record = session_acl_record;
new_session->host_res_style = ats_host_res_from(client_ip->sa_family,
options.host_res_preference);
new_session->outbound_ip4 = options.outbound_ip4;
new_session->outbound_ip6 = options.outbound_ip6;
