[
https://issues.apache.org/jira/browse/TS-2983?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14088542#comment-14088542
]
Sudheer Vinukonda edited comment on TS-2983 at 8/7/14 12:47 AM:
----------------------------------------------------------------
[~jpe...@apache.org]] -
I dug a bit into the old logs to find if there was any non-https request
getting corrupted. I did not find a single such request. iow, all the requests
that are corrupted seem to be https.
Looking into the changes made in TS-2751 again, I am wondering if we really
need to support protocol probe for https at all - the implementation prior to
TS-2751 also seem to only support probe for http.
I also verified that there's no issue with TS-2751 commit when I enable the
probe for http and just revert the probe for https. Is there any specific
reason that you would like the probe enabled for https? Isn't NPN support
mandatory for SPDY over https?
{code}
diff --git a/proxy/http/HttpProxyServerMain.cc
b/proxy/http/HttpProxyServerMain.cc
index 9eb9291..6cdbce7 100644
--- a/proxy/http/HttpProxyServerMain.cc
+++ b/proxy/http/HttpProxyServerMain.cc
@@ -171,10 +171,9 @@ MakeHttpProxyAcceptor(HttpProxyAcceptor& acceptor,
HttpProxyPort& port, unsigned
// XXX the protocol probe should be a configuration option.
ProtocolProbeSessionAccept *probe = new ProtocolProbeSessionAccept();
- HttpSessionAccept *http = 0; // don't allocate this unless it will be used.
+ HttpSessionAccept *http = new HttpSessionAccept(accept_opt);
if (port.m_session_protocol_preference.intersects(HTTP_PROTOCOL_SET)) {
- http = new HttpSessionAccept(accept_opt);
probe->registerEndpoint(ProtocolProbeSessionAccept::PROTO_HTTP, http);
}
@@ -185,7 +184,7 @@ MakeHttpProxyAcceptor(HttpProxyAcceptor& acceptor,
HttpProxyPort& port, unsigned
#endif
if (port.isSSL()) {
- SSLNextProtocolAccept *ssl = new SSLNextProtocolAccept(probe);
+ SSLNextProtocolAccept *ssl = new SSLNextProtocolAccept(http);
// ALPN selects the first server-offered protocol,
// so make sure that we offer the newest protocol first.
{code}
was (Author: sudheerv):
[~jpeach] -
I dug a bit into the old logs to find if there was any non-https request
getting corrupted. I did not find a single such request. iow, all the requests
that are corrupted seem to be https.
Looking into the changes made in TS-2751 again, I am wondering if we really
need to support protocol probe for https at all - the implementation prior to
TS-2751 also seem to only support probe for http.
I also verified that there's no issue with TS-2751 commit when I enable the
probe for http and just revert the probe for https. Is there any specific
reason that you would like the probe enabled for https? Isn't NPN support
mandatory for SPDY over https?
{code}
diff --git a/proxy/http/HttpProxyServerMain.cc
b/proxy/http/HttpProxyServerMain.cc
index 9eb9291..6cdbce7 100644
--- a/proxy/http/HttpProxyServerMain.cc
+++ b/proxy/http/HttpProxyServerMain.cc
@@ -171,10 +171,9 @@ MakeHttpProxyAcceptor(HttpProxyAcceptor& acceptor,
HttpProxyPort& port, unsigned
// XXX the protocol probe should be a configuration option.
ProtocolProbeSessionAccept *probe = new ProtocolProbeSessionAccept();
- HttpSessionAccept *http = 0; // don't allocate this unless it will be used.
+ HttpSessionAccept *http = new HttpSessionAccept(accept_opt);
if (port.m_session_protocol_preference.intersects(HTTP_PROTOCOL_SET)) {
- http = new HttpSessionAccept(accept_opt);
probe->registerEndpoint(ProtocolProbeSessionAccept::PROTO_HTTP, http);
}
@@ -185,7 +184,7 @@ MakeHttpProxyAcceptor(HttpProxyAcceptor& acceptor,
HttpProxyPort& port, unsigned
#endif
if (port.isSSL()) {
- SSLNextProtocolAccept *ssl = new SSLNextProtocolAccept(probe);
+ SSLNextProtocolAccept *ssl = new SSLNextProtocolAccept(http);
// ALPN selects the first server-offered protocol,
// so make sure that we offer the newest protocol first.
{code}
> request headers, http object corrupted in 5.0.x
> -----------------------------------------------
>
> Key: TS-2983
> URL: https://issues.apache.org/jira/browse/TS-2983
> Project: Traffic Server
> Issue Type: Bug
> Components: Core
> Affects Versions: 5.1.0
> Reporter: Sudheer Vinukonda
> Priority: Blocker
> Fix For: 5.1.0
>
> Attachments: TS-2983.diff
>
>
> We have run into a http header/field corruption issue on our proxy
> infrastructure production hosts when we enabled 5.0.x. The issue results in
> host header/method and other field corruption.
> For example, this is what we see in our squid access logs:
> {code}
> 1406999819.698 0 69.109.120.92 ERR_CONNECT_FAIL 404 0 nas=0&disclaimer=2;
> https://AMCV_att1=MCAID%7C29B9EEB305013EE7-4000010900024C7D;%20ypcdb=27a2458b603f6370d295cf4130825e34/
> - NONE/- -
> https://AMCV_att1=MCAID%7C29B9EEB305013EE7-4000010900024C7D;%20ypcdb=27a2458b603f6370d295cf4130825e34/
> f1 f2 f3 f4
> 1406999819.698 4 69.109.120.92 ERR_CONNECT_FAIL 404 1825 nas=0&disclaimer=2;
> https://AMCV_att1=MCAID%7C29B9EEB305013EE7-4000010900024C7D;%20ypcdb=27a2458b603f6370d295cf4130825e34/
> - NONE/- text/html
> https://AMCV_att1=MCAID%7C29B9EEB305013EE7-4000010900024C7D;%20ypcdb=27a2458b603f6370d295cf4130825e34/
> f1 f2 f3 f4
> 1406999834.692 0 69.109.120.92 ERR_CONNECT_FAIL 404 0 nas=0&disclaimer=2;
> https://AMCV_att1=MCAID%7C29B9EEB305013EE7-4000010900024C7D;%20ypcdb=27a2458b603f6370d295cf4130825e34/
> - NONE/- -
> https://AMCV_att1=MCAID%7C29B9EEB305013EE7-4000010900024C7D;%20ypcdb=27a2458b603f6370d295cf4130825e34/
> f1 f2 f3 f4
> 1406999834.692 4 69.109.120.92 ERR_CONNECT_FAIL 404 1825 nas=0&disclaimer=2;
> https://AMCV_att1=MCAID%7C29B9EEB305013EE7-4000010900024C7D;%20ypcdb=27a2458b603f6370d295cf4130825e34/
> - NONE/- text/html
> https://AMCV_att1=MCAID%7C29B9EEB305013EE7-4000010900024C7D;%20ypcdb=27a2458b603f6370d295cf4130825e34/
> f1 f2 f3 f4
> 1406999842.475 0 75.15.121.107 ERR_CONNECT_FAIL 404 0
> 435OjuZl6UyTXTs38eKhUO5C7Vs4E7FRajuU3BHWqLQxY4GMkRCgkGTvCOJPimsE1aB2W5hj_Qh70_dy7aJoas2DbmaCbIJ6UgkbkUINLhJbjDnfx3pKtVSlFca1VB6zCYSEkCswU_dULV6p2FtUs5aVRCZl2kVCmvy9esXiSqqXN1oYxAPe6l5bHM9yLOVNIRmaFTRcSHLm3e3lIp5Bx3Wismutrnp8nddMtqoz8xhLLUTVrid1YGmu0kPQxEhn8kJtm_8E2Kw48yhiy.slyxhwZPtI3rHRz42B4MrcvGBnZiglC0f0FCHYBcHVZ4B0eqCXX3hNNH_.xj9xqHfRJzRaL0c6DwuiVFiyd4UcID3uhp6e1Y5EAh0lN4_gJPFCxnyrqnzw1T31w.TuhS9Rz98ZlNHVvsN6kLnKq5JmxocK7X4rmzOKNmmY9e85vEhQS7c4fN69JtzyvdbNUWY_4x6iYU4rvIu30miN.klS8iqD_W8g_6Xl.iclrYt_AKdUJ59qhj9V54JDebWuybPyZHLB.h2ZOKzbIyO9qUiZUY.5eqiHeupe_3ZieCViVpkCVKoiEunj1bPRd9tuxcNel.GmAtDPjRCwUH3WVCz3zq34rY6VBG2EeNQyLNNTT1GEHiXQ7k_ykZeQ6qCZGSZPpqz0S5we2qshU69hR1grm1Pyxli2Pv8uZ3YqL2FUQow0zZdtejnsxosoFqfge_mWnnHq9gmXkfc0RdgUevblIr50wC6stwTwjbW2MqOo2zyrRkp99Uprxah2olhrbw7Zc2yFDuCG5A4.R_3crXB8fp6iwmdlGnDfRa1oaHXn3Kves9YbZLtp1sUmQFmPoKr7Fu0qgxSHPDagEqhQXFnV3YpZ0LHdvir7MWFKg2bzh3OlrDeaGe0KK.xl8Y2OkckdNvQ.ho6F9AElt5GBACSl2kaVKChw8xa5xUOT0x8FYzFfgGk6syEESBPxvloY7OpdDGh3LUovu00N7z2z8lhC.LvYwmEdMeuS.5qq5yAE4jGWSlXXBBgUBXqyTFJ3IZUbm1gPvOCbEVELrbEvc7n0Gw_D_TjHcbNHN7rzXqad;
>
> https://YLS=v=1&p=1&n=0;%20ucs=bnas=1&bnid=SGZJL05rb2dzRzN3dTd5UDJWdFdqUT09;%20_br_uid_2=uid%3D7216053621378%3A_uid%3D8562842167448%3Av%3D10.6.1%3Ats%3D1324745461005%3Ahc%3D11/
> - NONE/- -
> https://YLS=v=1&p=1&n=0;%20ucs=bnas=1&bnid=SGZJL05rb2dzRzN3dTd5UDJWdFdqUT09;%20_br_uid_2=uid%3D7216053621378%3A_uid%3D8562842167448%3Av%3D10.6.1%3Ats%3D1324745461005%3Ahc%3D11/
> f1 f2 f3 f4
> 1406999842.475 0 75.15.121.107 ERR_CONNECT_FAIL 404 1897
> 435OjuZl6UyTXTs38eKhUO5C7Vs4E7FRajuU3BHWqLQxY4GMkRCgkGTvCOJPimsE1aB2W5hj_Qh70_dy7aJoas2DbmaCbIJ6UgkbkUINLhJbjDnfx3pKtVSlFca1VB6zCYSEkCswU_dULV6p2FtUs5aVRCZl2kVCmvy9esXiSqqXN1oYxAPe6l5bHM9yLOVNIRmaFTRcSHLm3e3lIp5Bx3Wismutrnp8nddMtqoz8xhLLUTVrid1YGmu0kPQxEhn8kJtm_8E2Kw48yhiy.slyxhwZPtI3rHRz42B4MrcvGBnZiglC0f0FCHYBcHVZ4B0eqCXX3hNNH_.xj9xqHfRJzRaL0c6DwuiVFiyd4UcID3uhp6e1Y5EAh0lN4_gJPFCxnyrqnzw1T31w.TuhS9Rz98ZlNHVvsN6kLnKq5JmxocK7X4rmzOKNmmY9e85vEhQS7c4fN69JtzyvdbNUWY_4x6iYU4rvIu30miN.klS8iqD_W8g_6Xl.iclrYt_AKdUJ59qhj9V54JDebWuybPyZHLB.h2ZOKzbIyO9qUiZUY.5eqiHeupe_3ZieCViVpkCVKoiEunj1bPRd9tuxcNel.GmAtDPjRCwUH3WVCz3zq34rY6VBG2EeNQyLNNTT1GEHiXQ7k_ykZeQ6qCZGSZPpqz0S5we2qshU69hR1grm1Pyxli2Pv8uZ3YqL2FUQow0zZdtejnsxosoFqfge_mWnnHq9gmXkfc0RdgUevblIr50wC6stwTwjbW2MqOo2zyrRkp99Uprxah2olhrbw7Zc2yFDuCG5A4.R_3crXB8fp6iwmdlGnDfRa1oaHXn3Kves9YbZLtp1sUmQFmPoKr7Fu0qgxSHPDagEqhQXFnV3YpZ0LHdvir7MWFKg2bzh3OlrDeaGe0KK.xl8Y2OkckdNvQ.ho6F9AElt5GBACSl2kaVKChw8xa5xUOT0x8FYzFfgGk6syEESBPxvloY7OpdDGh3LUovu00N7z2z8lhC.LvYwmEdMeuS.5qq5yAE4jGWSlXXBBgUBXqyTFJ3IZUbm1gPvOCbEVELrbEvc7n0Gw_D_TjHcbNHN7rzXqad;
>
> https://YLS=v=1&p=1&n=0;%20ucs=bnas=1&bnid=SGZJL05rb2dzRzN3dTd5UDJWdFdqUT09;%20_br_uid_2=uid%3D7216053621378%3A_uid%3D8562842167448%3Av%3D10.6.1%3Ats%3D1324745461005%3Ahc%3D11/
> - NONE/- text/html
> https://YLS=v=1&p=1&n=0;%20ucs=bnas=1&bnid=SGZJL05rb2dzRzN3dTd5UDJWdFdqUT09;%20_br_uid_2=uid%3D7216053621378%3A_uid%3D8562842167448%3Av%3D10.6.1%3Ats%3D1324745461005%3Ahc%3D11/
> f1 f2 f3 f4
> 1406999842.735 0 75.15.121.107 ERR_CONNECT_FAIL 404 0
> 435OjuZl6UyTXTs38eKhUO5C7Vs4E7FRajuU3BHWqLQxY4GMkRCgkGTvCOJPimsE1aB2W5hj_Qh70_dy7aJoas2DbmaCbIJ6UgkbkUINLhJbjDnfx3pKtVSlFca1VB6zCYSEkCswU_dULV6p2FtUs5aVRCZl2kVCmvy9esXiSqqXN1oYxAPe6l5bHM9yLOVNIRmaFTRcSHLm3e3lIp5Bx3Wismutrnp8nddMtqoz8xhLLUTVrid1YGmu0kPQxEhn8kJtm_8E2Kw48yhiy.slyxhwZPtI3rHRz42B4MrcvGBnZiglC0f0FCHYBcHVZ4B0eqCXX3hNNH_.xj9xqHfRJzRaL0c6DwuiVFiyd4UcID3uhp6e1Y5EAh0lN4_gJPFCxnyrqnzw1T31w.TuhS9Rz98ZlNHVvsN6kLnKq5JmxocK7X4rmzOKNmmY9e85vEhQS7c4fN69JtzyvdbNUWY_4x6iYU4rvIu30miN.klS8iqD_W8g_6Xl.iclrYt_AKdUJ59qhj9V54JDebWuybPyZHLB.h2ZOKzbIyO9qUiZUY.5eqiHeupe_3ZieCViVpkCVKoiEunj1bPRd9tuxcNel.GmAtDPjRCwUH3WVCz3zq34rY6VBG2EeNQyLNNTT1GEHiXQ7k_ykZeQ6qCZGSZPpqz0S5we2qshU69hR1grm1Pyxli2Pv8uZ3YqL2FUQow0zZdtejnsxosoFqfge_mWnnHq9gmXkfc0RdgUevblIr50wC6stwTwjbW2MqOo2zyrRkp99Uprxah2olhrbw7Zc2yFDuCG5A4.R_3crXB8fp6iwmdlGnDfRa1oaHXn3Kves9YbZLtp1sUmQFmPoKr7Fu0qgxSHPDagEqhQXFnV3YpZ0LHdvir7MWFKg2bzh3OlrDeaGe0KK.xl8Y2OkckdNvQ.ho6F9AElt5GBACSl2kaVKChw8xa5xUOT0x8FYzFfgGk6syEESBPxvloY7OpdDGh3LUovu00N7z2z8lhC.LvYwmEdMeuS.5qq5yAE4jGWSlXXBBgUBXqyTFJ3IZUbm1gPvOCbEVELrbEvc7n0Gw_D_TjHcbNHN7rzXqad;
>
> https://YLS=v=1&p=1&n=0;%20ucs=bnas=1&bnid=SGZJL05rb2dzRzN3dTd5UDJWdFdqUT09;%20_br_uid_2=uid%3D7216053621378%3A_uid%3D8562842167448%3Av%3D10.6.1%3Ats%3D1324745461005%3Ahc%3D11/
> - NONE/- -
> https://YLS=v=1&p=1&n=0;%20ucs=bnas=1&bnid=SGZJL05rb2dzRzN3dTd5UDJWdFdqUT09;%20_br_uid_2=uid%3D7216053621378%3A_uid%3D8562842167448%3Av%3D10.6.1%3Ats%3D1324745461005%3Ahc%3D11/
> f1 f2 f3 f4
> 1406999842.735 0 75.15.121.107 ERR_CONNECT_FAIL 404 1897
> 435OjuZl6UyTXTs38eKhUO5C7Vs4E7FRajuU3BHWqLQxY4GMkRCgkGTvCOJPimsE1aB2W5hj_Qh70_dy7aJoas2DbmaCbIJ6UgkbkUINLhJbjDnfx3pKtVSlFca1VB6zCYSEkCswU_dULV6p2FtUs5aVRCZl2kVCmvy9esXiSqqXN1oYxAPe6l5bHM9yLOVNIRmaFTRcSHLm3e3lIp5Bx3Wismutrnp8nddMtqoz8xhLLUTVrid1YGmu0kPQxEhn8kJtm_8E2Kw48yhiy.slyxhwZPtI3rHRz42B4MrcvGBnZiglC0f0FCHYBcHVZ4B0eqCXX3hNNH_.xj9xqHfRJzRaL0c6DwuiVFiyd4UcID3uhp6e1Y5EAh0lN4_gJPFCxnyrqnzw1T31w.TuhS9Rz98ZlNHVvsN6kLnKq5JmxocK7X4rmzOKNmmY9e85vEhQS7c4fN69JtzyvdbNUWY_4x6iYU4rvIu30miN.klS8iqD_W8g_6Xl.iclrYt_AKdUJ59qhj9V54JDebWuybPyZHLB.h2ZOKzbIyO9qUiZUY.5eqiHeupe_3ZieCViVpkCVKoiEunj1bPRd9tuxcNel.GmAtDPjRCwUH3WVCz3zq34rY6VBG2EeNQyLNNTT1GEHiXQ7k_ykZeQ6qCZGSZPpqz0S5we2qshU69hR1grm1Pyxli2Pv8uZ3YqL2FUQow0zZdtejnsxosoFqfge_mWnnHq9gmXkfc0RdgUevblIr50wC6stwTwjbW2MqOo2zyrRkp99Uprxah2olhrbw7Zc2yFDuCG5A4.R_3crXB8fp6iwmdlGnDfRa1oaHXn3Kves9YbZLtp1sUmQFmPoKr7Fu0qgxSHPDagEqhQXFnV3YpZ0LHdvir7MWFKg2bzh3OlrDeaGe0KK.xl8Y2OkckdNvQ.ho6F9AElt5GBACSl2kaVKChw8xa5xUOT0x8FYzFfgGk6syEESBPxvloY7OpdDGh3LUovu00N7z2z8lhC.LvYwmEdMeuS.5qq5yAE4jGWSlXXBBgUBXqyTFJ3IZUbm1gPvOCbEVELrbEvc7n0Gw_D_TjHcbNHN7rzXqad;
>
> https://YLS=v=1&p=1&n=0;%20ucs=bnas=1&bnid=SGZJL05rb2dzRzN3dTd5UDJWdFdqUT09;%20_br_uid_2=uid%3D7216053621378%3A_uid%3D8562842167448%3Av%3D10.6.1%3Ats%3D1324745461005%3Ahc%3D11/
> - NONE/- text/html
> https://YLS=v=1&p=1&n=0;%20ucs=bnas=1&bnid=SGZJL05rb2dzRzN3dTd5UDJWdFdqUT09;%20_br_uid_2=uid%3D7216053621378%3A_uid%3D8562842167448%3Av%3D10.6.1%3Ats%3D1324745461005%3Ahc%3D11/
> f1 f2 f3 f4
> {code}
> After a lot of debugging, figured that the request was getting corrupted even
> before remap and in fact, is being parsed incorrectly at the read request
> state. Further analysis lead me to the commit TS-2197 (commit
> 30fcc2b2e698831d1a9e4db1474d8cfc202818a3 in Oct'13), which has altered the
> way the request is read slightly. Reverting the commit seems to have fixed
> the issue.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
