This is an automated email from the ASF dual-hosted git repository. bneradt pushed a commit to branch 11-Dev in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 842f001d0e406e841a313d4fea42208e5e08d06b Merge: 6ebaeb01fc 29fa13ae6e Author: bneradt <[email protected]> AuthorDate: Sat Jun 22 21:02:16 2024 -0500 Merge master into 11-Dev Conflicts: include/iocore/net/TLSSessionResumptionSupport.h src/iocore/net/SSLUtils.cc CMakeLists.txt | 2 + configs/remap.config.default | 6 +- doc/admin-guide/files/records.yaml.en.rst | 32 +-- doc/admin-guide/files/remap.config.en.rst | 4 +- doc/admin-guide/performance/index.en.rst | 24 +- doc/admin-guide/plugins/conf_remap.en.rst | 2 +- doc/admin-guide/plugins/header_rewrite.en.rst | 8 +- doc/admin-guide/plugins/lua.en.rst | 4 +- doc/admin-guide/plugins/url_sig.en.rst | 2 +- doc/admin-guide/security/index.en.rst | 16 +- .../tools/converting-records-to-yaml.en.rst | 16 +- .../command-line/traffic_crashlog.en.rst | 9 + doc/appendices/command-line/traffic_ctl.en.rst | 6 +- .../api/functions/TSMimeHdrPrint.en.rst | 4 +- .../api/functions/TSRecYAMLConfigParse.en.rst | 2 +- doc/developer-guide/cripts/cripts-bundles.en.rst | 34 ++- .../cripts/cripts-connections.en.rst | 13 ++ doc/developer-guide/cripts/cripts-misc.en.rst | 16 +- doc/developer-guide/cripts/cripts-overview.en.rst | 2 +- doc/developer-guide/cripts/cripts-urls.en.rst | 5 +- doc/developer-guide/cripts/cripts-variables.en.rst | 13 ++ doc/developer-guide/debugging/debug-tags.en.rst | 2 +- doc/developer-guide/debugging/memory-leaks.en.rst | 4 +- .../plugins/example-plugins/tls_bridge.en.rst | 16 +- doc/ext/traffic-server.cmake.in.py | 2 +- doc/ext/traffic-server.py | 4 +- doc/getting-started/index.en.rst | 8 +- example/cripts/example1.cc | 18 +- example/plugins/c-api/cache_scan/cache_scan.cc | 2 +- .../plugins/c-api/output_header/output_header.cc | 2 +- include/cripts/Bundle.hpp | 7 +- include/cripts/Bundles/{Common.hpp => Caching.hpp} | 35 ++- include/cripts/Bundles/Common.hpp | 33 ++- include/cripts/Bundles/Headers.hpp | 25 +- include/cripts/Bundles/LogsMetrics.hpp | 8 +- include/cripts/Configs.hpp | 253 ++++++++++----------- include/cripts/ConfigsBase.hpp | 104 +++++++++ include/cripts/Connections.hpp | 53 ++--- include/cripts/Context.hpp | 86 ++----- include/cripts/Crypto.hpp | 73 +++--- include/cripts/Epilogue.hpp | 3 +- include/cripts/Error.hpp | 24 +- include/cripts/Files.hpp | 19 +- include/cripts/Headers.hpp | 34 ++- include/cripts/Instance.hpp | 16 +- include/cripts/Lulu.hpp | 38 ++-- include/cripts/Matcher.hpp | 24 +- include/cripts/Plugins.hpp | 14 +- include/cripts/Preamble.hpp | 5 +- include/cripts/Time.hpp | 15 +- include/cripts/Transaction.hpp | 2 +- include/cripts/UUID.hpp | 19 +- include/cripts/Urls.hpp | 142 ++++++++---- include/iocore/eventsystem/Lock.h | 2 +- include/iocore/eventsystem/Thread.h | 3 + include/iocore/net/NetVConnection.h | 4 +- include/iocore/net/SNIActionItem.h | 3 +- include/iocore/net/TLSALPNSupport.h | 4 +- include/iocore/net/TLSSessionResumptionSupport.h | 10 +- include/proxy/hdrs/HTTP.h | 10 +- include/proxy/hdrs/MIME.h | 7 +- include/proxy/http/HttpTransact.h | 66 ++++-- include/proxy/logging/LogField.h | 2 +- include/records/RecYAMLDecoder.h | 6 +- include/ts/ts.h | 8 +- include/tscore/Allocator.h | 8 +- include/tscore/Extendible.h | 8 +- include/tscore/ink_config.h.cmake.in | 2 + include/tscpp/api/Plugin.h | 3 +- include/tsutil/StringConvert.h | 12 +- plugins/CMakeLists.txt | 14 +- plugins/background_fetch/background_fetch.cc | 2 +- plugins/background_fetch/headers.cc | 4 +- plugins/background_fetch/headers.h | 2 +- plugins/cache_promote/policy.h | 6 +- .../cache_range_requests/cache_range_requests.cc | 2 +- plugins/cachekey/plugin.cc | 6 +- plugins/certifier/certifier.cc | 4 +- plugins/compress/compress.cc | 4 +- plugins/esi/combo_handler.cc | 7 +- plugins/esi/test/TestHttpDataFetcher.h | 5 +- plugins/experimental/access_control/headers.cc | 39 ---- plugins/experimental/access_control/headers.h | 1 - plugins/experimental/access_control/plugin.cc | 6 +- plugins/experimental/access_control/utils.cc | 4 +- plugins/experimental/block_errors/block_errors.cc | 8 +- .../experimental/cache_fill/background_fetch.cc | 6 +- plugins/experimental/cache_fill/cache_fill.cc | 5 +- .../cert_reporting_tool/cert_reporting_tool.cc | 2 +- plugins/experimental/cookie_remap/cookie_remap.cc | 4 +- plugins/experimental/fq_pacing/fq_pacing.cc | 6 +- plugins/experimental/geoip_acl/acl.cc | 4 +- plugins/experimental/header_freq/header_freq.cc | 8 +- plugins/experimental/hook-trace/hook-trace.cc | 4 +- plugins/experimental/http_stats/http_stats.cc | 12 +- plugins/experimental/icap/icap_plugin.cc | 44 ++-- plugins/experimental/inliner/fetcher.h | 2 +- plugins/experimental/inliner/ts.cc | 2 +- .../magick/image_magic_dlopen_leak_suppression.txt | 1 + plugins/experimental/magick/magick.cc | 51 +++-- plugins/experimental/memcache/tsmemcache.cc | 10 +- .../experimental/memory_profile/memory_profile.cc | 2 +- plugins/experimental/money_trace/money_trace.cc | 2 +- plugins/experimental/rate_limit/rate_limit.cc | 2 +- plugins/experimental/rate_limit/sni_selector.cc | 4 +- plugins/experimental/rate_limit/txn_limiter.cc | 2 +- plugins/experimental/stale_response/CacheUpdate.cc | 6 +- .../experimental/stale_response/stale_response.cc | 4 +- .../experimental/stream_editor/stream_editor.cc | 5 +- plugins/experimental/system_stats/system_stats.cc | 4 +- plugins/experimental/tls_bridge/tls_bridge.cc | 2 +- .../txn_box/plugin/include/txn_box/accl_util.h | 10 +- .../experimental/txn_box/plugin/src/Machinery.cc | 9 + plugins/experimental/url_sig/README | 2 +- plugins/experimental/wasm/ats_context.h | 15 +- plugins/generator/generator.cc | 10 +- plugins/header_rewrite/conditions.cc | 12 +- plugins/ja3_fingerprint/ja3_fingerprint.cc | 4 +- plugins/multiplexer/ats-multiplexer.cc | 2 +- plugins/multiplexer/fetcher.h | 2 +- plugins/multiplexer/post.cc | 2 +- plugins/prefetch/fetch.cc | 2 +- plugins/prefetch/fetch_policy_simple.cc | 2 +- plugins/prefetch/headers.cc | 5 +- plugins/prefetch/headers.h | 2 +- plugins/prefetch/plugin.cc | 4 +- plugins/regex_revalidate/regex_revalidate.cc | 4 +- plugins/remap_purge/remap_purge.cc | 6 +- plugins/s3_auth/aws_auth_v4.cc | 10 +- plugins/s3_auth/s3_auth.cc | 2 +- plugins/s3_auth/unit_tests/test_aws_auth_v4.cc | 2 +- plugins/s3_auth/unit_tests/test_aws_auth_v4.h | 5 +- plugins/server_push_preload/server_push_preload.cc | 3 +- plugins/slice/server.cc | 4 +- plugins/slice/slice.cc | 6 +- plugins/statichit/statichit.cc | 4 +- plugins/stats_over_http/stats_over_http.cc | 12 +- plugins/traffic_dump/session_data.cc | 4 +- plugins/traffic_dump/traffic_dump.cc | 2 +- plugins/traffic_dump/transaction_data.cc | 4 +- plugins/xdebug/xdebug.cc | 4 +- plugins/xdebug/xdebug_headers.cc | 12 +- plugins/xdebug/xdebug_transforms.cc | 2 +- src/api/InkAPI.cc | 18 +- src/cripts/Bundles/{Common.cc => Caching.cc} | 34 +-- src/cripts/Bundles/Common.cc | 112 ++++++++- src/cripts/Bundles/HRWBridge.cc | 70 +++++- src/cripts/Bundles/Headers.cc | 32 +-- src/cripts/Bundles/LogsMetrics.cc | 13 +- src/cripts/CMakeLists.txt | 4 + src/cripts/Configs.cc | 92 ++++++++ src/cripts/Context.cc | 70 ++++++ src/cripts/Crypto.cc | 14 -- src/cripts/Error.cc | 6 + src/cripts/Files.cc | 13 ++ src/cripts/Headers.cc | 14 ++ src/cripts/Instance.cc | 2 - src/cripts/Lulu.cc | 2 - src/cripts/Urls.cc | 35 +++ src/iocore/aio/AIO.cc | 2 +- src/iocore/cache/AggregateWriteBuffer.cc | 23 +- .../iocore/cache/AggregateWriteBuffer.h | 53 ++++- src/iocore/cache/CMakeLists.txt | 1 + src/iocore/cache/Cache.cc | 10 +- src/iocore/cache/CacheRead.cc | 2 +- src/iocore/cache/CacheWrite.cc | 47 ++-- src/iocore/cache/P_CacheVol.h | 8 +- src/iocore/cache/RamCacheLRU.cc | 2 +- src/iocore/cache/Stripe.cc | 9 + src/iocore/cache/unit_tests/CacheTestHandler.cc | 2 +- src/iocore/cache/unit_tests/CacheTestHandler.h | 4 +- src/iocore/cache/unit_tests/main.cc | 6 +- src/iocore/cache/unit_tests/main.h | 6 +- src/iocore/cache/unit_tests/stub.cc | 14 +- .../cache/unit_tests/test_AggregateWriteBuffer.cc | 52 +++++ .../cache/unit_tests/test_Alternate_L_to_S.cc | 6 +- .../unit_tests/test_Alternate_L_to_S_remove_L.cc | 10 +- .../unit_tests/test_Alternate_L_to_S_remove_S.cc | 10 +- .../cache/unit_tests/test_Alternate_S_to_L.cc | 6 +- .../unit_tests/test_Alternate_S_to_L_remove_L.cc | 10 +- .../unit_tests/test_Alternate_S_to_L_remove_S.cc | 10 +- src/iocore/cache/unit_tests/test_Cache.cc | 2 +- src/iocore/cache/unit_tests/test_CacheDir.cc | 2 +- src/iocore/cache/unit_tests/test_CacheVol.cc | 2 +- .../cache/unit_tests/test_Populated_Cache.cc | 2 +- src/iocore/cache/unit_tests/test_RWW.cc | 4 +- src/iocore/cache/unit_tests/test_Update_L_to_S.cc | 6 +- src/iocore/cache/unit_tests/test_Update_S_to_L.cc | 6 +- src/iocore/cache/unit_tests/test_Update_header.cc | 6 +- src/iocore/dns/DNSEventIO.cc | 2 +- src/iocore/eventsystem/MIOBufferWriter.cc | 2 +- .../eventsystem/unit_tests/test_EventSystem.cc | 2 +- src/iocore/eventsystem/unit_tests/test_IOBuffer.cc | 2 +- .../eventsystem/unit_tests/test_MIOBufferWriter.cc | 2 +- src/iocore/hostdb/HostDB.cc | 4 +- src/iocore/net/ALPNSupport.cc | 5 +- src/iocore/net/AsyncSignalEventIO.cc | 2 +- src/iocore/net/Connection.cc | 3 +- src/iocore/net/ConnectionTracker.cc | 14 +- src/iocore/net/NetAcceptEventIO.cc | 2 +- src/iocore/net/OCSPStapling.cc | 2 +- src/iocore/net/P_Net.h | 5 - src/iocore/net/P_TLSKeyLogger.h | 2 +- src/iocore/net/PollCont.cc | 4 - src/iocore/net/SNIActionPerformer.cc | 39 ++-- src/iocore/net/SNIActionPerformer.h | 2 +- src/iocore/net/SSLCertLookup.cc | 2 +- src/iocore/net/SSLConfig.cc | 6 +- src/iocore/net/SSLNetVConnection.cc | 2 +- src/iocore/net/SSLUtils.cc | 12 +- src/iocore/net/TLSSNISupport.cc | 4 +- src/iocore/net/TLSSessionResumptionSupport.cc | 22 +- src/iocore/net/UnixNetAccept.cc | 2 +- src/iocore/net/UnixNetVConnection.cc | 4 +- src/iocore/net/YamlSNIConfig.cc | 6 +- src/iocore/utils/OneWayMultiTunnel.cc | 2 +- src/proxy/hdrs/HTTP.cc | 10 +- src/proxy/hdrs/MIME.cc | 11 +- src/proxy/hdrs/unit_tests/test_HdrUtils.cc | 4 +- src/proxy/http/HttpSM.cc | 4 +- src/proxy/http/HttpTransact.cc | 30 +-- src/proxy/logging/CMakeLists.txt | 4 +- src/proxy/logging/LogAccess.cc | 68 ++++-- src/proxy/logging/LogField.cc | 2 +- src/proxy/logging/LogUtils.cc | 12 +- src/records/CMakeLists.txt | 8 +- src/records/RecHttp.cc | 3 +- src/records/RecYAMLDecoder.cc | 4 +- src/traffic_crashlog/traffic_crashlog.cc | 44 +++- src/traffic_ctl/FileConfigCommand.cc | 10 +- src/tscore/ArgParser.cc | 5 +- src/tscore/ink_memory.cc | 6 +- src/tscore/ink_queue.cc | 2 +- src/tscpp/api/AsyncTimer.cc | 2 +- src/tscpp/api/Headers.cc | 2 +- src/tscpp/api/RemapPlugin.cc | 2 +- src/tscpp/api/TransformationPlugin.cc | 2 +- src/tscpp/api/utils_internal.cc | 4 +- src/tsutil/CMakeLists.txt | 1 + src/tsutil/unit_tests/test_StringConvert.cc | 12 + tests/autest.sh | 1 + .../gold_tests/autest-site/trafficserver.test.ext | 2 +- tests/gold_tests/records/gold/full_records.yaml | 2 +- .../records/gold/records.yaml.cold_test0.gold | 4 +- .../records/gold/records.yaml.cold_test2.gold | 4 +- .../records/gold/records.yaml.cold_test4.gold | 4 +- .../records/gold/records.yaml.cold_test5.gold | 2 +- tests/gold_tests/records/gold/renamed_records.yaml | 2 +- .../gold_tests/remap/basic_conf_remap_yaml.test.py | 10 +- tests/gold_tests/remap/conf_remap_float.test.py | 2 +- tools/cripts/genconfig.py | 41 +--- tools/records/convert2yaml.py | 2 +- 252 files changed, 2012 insertions(+), 1271 deletions(-) diff --cc include/iocore/net/TLSSessionResumptionSupport.h index 4088d4f785,6955528096..086ccbfaf5 --- a/include/iocore/net/TLSSessionResumptionSupport.h +++ b/include/iocore/net/TLSSessionResumptionSupport.h @@@ -52,7 -52,8 +52,7 @@@ public bool getSSLOriginSessionCacheHit() const; ssl_curve_id getSSLCurveNID() const; - std::shared_ptr<SSL_SESSION> getOriginSession(SSL *ssl, const std::string &lookup_key); - SSL_SESSION *getSession(SSL *ssl, const unsigned char *id, int len, int *copy); + std::shared_ptr<SSL_SESSION> getOriginSession(const std::string &lookup_key); protected: void clear(); diff --cc src/iocore/net/TLSSessionResumptionSupport.cc index e58cc2ebd0,935e55c25a..cdd3571383 --- a/src/iocore/net/TLSSessionResumptionSupport.cc +++ b/src/iocore/net/TLSSessionResumptionSupport.cc @@@ -142,8 -142,56 +142,8 @@@ TLSSessionResumptionSupport::getSSLCurv return this->_sslCurveNID; } -SSL_SESSION * -TLSSessionResumptionSupport::getSession(SSL *ssl, const unsigned char *id, int len, int *copy) -{ - SSLSessionID sid(id, len); - - *copy = 0; - if (diags()->on()) { - static DbgCtl dbg_ctl("ssl.session_cache.get"); - if (dbg_ctl.tag_on()) { - char printable_buf[(len * 2) + 1]; - sid.toString(printable_buf, sizeof(printable_buf)); - DbgPrint(dbg_ctl, "ssl_get_cached_session cached session '%s' context %p", printable_buf, SSL_get_SSL_CTX(ssl)); - } - } - - APIHook *hook = SSLAPIHooks::instance()->get(TSSslHookInternalID(TS_SSL_SESSION_HOOK)); - while (hook) { - hook->invoke(TS_EVENT_SSL_SESSION_GET, &sid); - hook = hook->m_link.next; - } - - SSL_SESSION *session = nullptr; - ssl_session_cache_exdata *exdata = nullptr; - if (session_cache->getSession(sid, &session, &exdata)) { - ink_assert(session); - ink_assert(exdata); - - // Double check the timeout - if (is_ssl_session_timed_out(session)) { - Metrics::Counter::increment(ssl_rsb.session_cache_miss); -// Due to bug in openssl, the timeout is checked, but only removed -// from the openssl built-in hash table. The external remove cb is not called -#if 0 // This is currently eliminated, since it breaks things in odd ways (see TS-3710) - ssl_rm_cached_session(SSL_get_SSL_CTX(ssl), session); -#endif - SSL_SESSION_free(session); - session = nullptr; - } else { - Metrics::Counter::increment(ssl_rsb.session_cache_hit); - this->_setSSLSessionCacheHit(true); - this->_setSSLCurveNID(exdata->curve); - } - } else { - Metrics::Counter::increment(ssl_rsb.session_cache_miss); - } - return session; -} - std::shared_ptr<SSL_SESSION> - TLSSessionResumptionSupport::getOriginSession(SSL *ssl, const std::string &lookup_key) + TLSSessionResumptionSupport::getOriginSession(const std::string &lookup_key) { ssl_curve_id curve = 0; std::shared_ptr<SSL_SESSION> shared_sess = origin_sess_cache->get_session(lookup_key, &curve);
