[ https://issues.apache.org/jira/browse/TS-4337?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oknet Xu updated TS-4337: ------------------------- Description: add config line into records.config {code} CONFIG proxy.config.http.use_client_target_addr INT 2 {code} Setup ATS working on bridge mode with ebtables/iptables, and enable tr-full on 8080 port. send a HTTP CONNECT request. {code} telnet 200.x.y.10 8080 CONNECT 220.181.111.188:443 HTTP/1.1 {code} the ip address 200.x.y.10 is a public http proxy address. Snip contents from traffic.out {code} +++++++++ Proxy's Request +++++++++ -- State Machine Id: 578 CONNECT HTTP/1.1 Client-ip: 172.22.70.66 X-Forwarded-For: 172.22.70.66 Via: http/1.0 debian[AC166F6E] (ApacheTrafficServer/6.0.0) Host: 220.181.111.188:443 [Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http_trans) Next action next; HttpTransact::HandleResponse [Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http) [578] State Transition: SM_ACTION_API_OS_DNS -> SM_ACTION_ORIGIN_SERVER_RAW_OPEN [Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http_track) entered inside do_http_server_open ][IPv4] [Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http) [578] open connection to 220.181.111.188: 200.x.y.10:443 [Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http_seq) [HttpSM::do_http_server_open] Sending request to server [Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http) calling netProcessor.connect_s {code} please notice on the below line: {code} [Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http) [578] open connection to 220.181.111.188: 200.x.y.10:443 {code} with "use_client_target_addr INT 2", ATS does not do name resolve and pickup dest ip directly from TCP layer but still pickup dest port from HTTP request. In a tr-full mode, does ATS should tunnel the CONNECT method to a remote proxy ? just think it is a one shot parent proxy, only for this tcp connection. or other behaviour ? was: add config line into records.config {code} CONFIG proxy.config.http.use_client_target_addr INT 2 {code} Setup ATS working on bridge mode with ebtables/iptables, and enable tr-full on 8080 port. send a HTTP CONNECT request. {code} telnet 200.x.y.10 8080 CONNECT 220.181.111.188:443 HTTP/1.1 {code} the ip address 200.x.y.10 is a public http proxy address. Snip contents from traffic.out {code} +++++++++ Proxy's Request +++++++++ -- State Machine Id: 578 CONNECT HTTP/1.1 Client-ip: 172.22.70.66 X-Forwarded-For: 172.22.70.66 Via: http/1.0 debian[AC166F6E] (ApacheTrafficServer/6.0.0) Host: 220.181.111.188:443 [Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http_trans) Next action next; HttpTransact::HandleResponse [Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http) [578] State Transition: SM_ACTION_API_OS_DNS -> SM_ACTION_ORIGIN_SERVER_RAW_OPEN [Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http_track) entered inside do_http_server_open ][IPv4] [Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http) [578] open connection to 220.181.111.188: 111.13.56.28:443 [Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http_seq) [HttpSM::do_http_server_open] Sending request to server [Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http) calling netProcessor.connect_s {code} please notice on the below line: {code} [Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http) [578] open connection to 220.181.111.188: 200.x.y.10:443 {code} with "use_client_target_addr INT 2", ATS does not do name resolve and pickup dest ip directly from TCP layer but still pickup dest port from HTTP request. In a tr-full mode, does ATS should tunnel the CONNECT method to a remote proxy ? just think it is a one shot parent proxy, only for this tcp connection. or other behaviour ? > Pickup wrong dest ip or port while parsing CONNECT Method with > use_client_target_addr = 2 > ----------------------------------------------------------------------------------------- > > Key: TS-4337 > URL: https://issues.apache.org/jira/browse/TS-4337 > Project: Traffic Server > Issue Type: Bug > Components: HTTP > Reporter: Oknet Xu > Fix For: 7.1.0 > > > add config line into records.config > {code} > CONFIG proxy.config.http.use_client_target_addr INT 2 > {code} > Setup ATS working on bridge mode with ebtables/iptables, > and enable tr-full on 8080 port. > send a HTTP CONNECT request. > {code} > telnet 200.x.y.10 8080 > CONNECT 220.181.111.188:443 HTTP/1.1 > {code} > the ip address 200.x.y.10 is a public http proxy address. > Snip contents from traffic.out > {code} > +++++++++ Proxy's Request +++++++++ > -- State Machine Id: 578 > CONNECT HTTP/1.1 > Client-ip: 172.22.70.66 > X-Forwarded-For: 172.22.70.66 > Via: http/1.0 debian[AC166F6E] (ApacheTrafficServer/6.0.0) > Host: 220.181.111.188:443 > [Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http_trans) Next action > next; HttpTransact::HandleResponse > [Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http) [578] State > Transition: SM_ACTION_API_OS_DNS -> SM_ACTION_ORIGIN_SERVER_RAW_OPEN > [Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http_track) entered > inside do_http_server_open ][IPv4] > [Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http) [578] open > connection to 220.181.111.188: 200.x.y.10:443 > [Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http_seq) > [HttpSM::do_http_server_open] Sending request to server > [Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http) calling > netProcessor.connect_s > {code} > please notice on the below line: > {code} > [Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http) [578] open > connection to 220.181.111.188: 200.x.y.10:443 > {code} > with "use_client_target_addr INT 2", ATS does not do name resolve and pickup > dest ip directly from TCP layer but still pickup dest port from HTTP request. > In a tr-full mode, does ATS should tunnel the CONNECT method to a remote > proxy ? just think it is a one shot parent proxy, only for this tcp > connection. > or other behaviour ? -- This message was sent by Atlassian JIRA (v6.3.4#6332)