[
https://issues.apache.org/jira/browse/TS-4337?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oknet Xu updated TS-4337:
-------------------------
Description:
add config line into records.config
{code}
CONFIG proxy.config.http.use_client_target_addr INT 2
{code}
Setup ATS working on bridge mode with ebtables/iptables,
and enable tr-full on 8080 port.
send a HTTP CONNECT request.
{code}
telnet 200.x.y.10 8080
CONNECT 220.181.111.188:443 HTTP/1.1
{code}
the ip address 200.x.y.10 is a public http proxy address.
Snip contents from traffic.out
{code}
+++++++++ Proxy's Request +++++++++
-- State Machine Id: 578
CONNECT HTTP/1.1
Client-ip: 172.22.70.66
X-Forwarded-For: 172.22.70.66
Via: http/1.0 debian[AC166F6E] (ApacheTrafficServer/6.0.0)
Host: 220.181.111.188:443
[Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http_trans) Next action
next; HttpTransact::HandleResponse
[Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http) [578] State
Transition: SM_ACTION_API_OS_DNS -> SM_ACTION_ORIGIN_SERVER_RAW_OPEN
[Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http_track) entered
inside do_http_server_open ][IPv4]
[Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http) [578] open
connection to 220.181.111.188: 200.x.y.10:443
[Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http_seq)
[HttpSM::do_http_server_open] Sending request to server
[Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http) calling
netProcessor.connect_s
{code}
please notice on the below line:
{code}
[Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http) [578] open
connection to 220.181.111.188: 200.x.y.10:443
{code}
with "use_client_target_addr INT 2", ATS does not do name resolve and pickup
dest ip directly from TCP layer but still pickup dest port from HTTP request.
In a tr-full mode, does ATS should tunnel the CONNECT method to a remote proxy
? just think it is a one shot parent proxy, only for this tcp connection.
or other behaviour ?
was:
add config line into records.config
{code}
CONFIG proxy.config.http.use_client_target_addr INT 2
{code}
Setup ATS working on bridge mode with ebtables/iptables,
and enable tr-full on 8080 port.
send a HTTP CONNECT request.
{code}
telnet 200.x.y.10 8080
CONNECT 220.181.111.188:443 HTTP/1.1
{code}
the ip address 200.x.y.10 is a public http proxy address.
Snip contents from traffic.out
{code}
+++++++++ Proxy's Request +++++++++
-- State Machine Id: 578
CONNECT HTTP/1.1
Client-ip: 172.22.70.66
X-Forwarded-For: 172.22.70.66
Via: http/1.0 debian[AC166F6E] (ApacheTrafficServer/6.0.0)
Host: 220.181.111.188:443
[Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http_trans) Next action
next; HttpTransact::HandleResponse
[Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http) [578] State
Transition: SM_ACTION_API_OS_DNS -> SM_ACTION_ORIGIN_SERVER_RAW_OPEN
[Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http_track) entered
inside do_http_server_open ][IPv4]
[Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http) [578] open
connection to 220.181.111.188: 111.13.56.28:443
[Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http_seq)
[HttpSM::do_http_server_open] Sending request to server
[Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http) calling
netProcessor.connect_s
{code}
please notice on the below line:
{code}
[Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http) [578] open
connection to 220.181.111.188: 200.x.y.10:443
{code}
with "use_client_target_addr INT 2", ATS does not do name resolve and pickup
dest ip directly from TCP layer but still pickup dest port from HTTP request.
In a tr-full mode, does ATS should tunnel the CONNECT method to a remote proxy
? just think it is a one shot parent proxy, only for this tcp connection.
or other behaviour ?
> Pickup wrong dest ip or port while parsing CONNECT Method with
> use_client_target_addr = 2
> -----------------------------------------------------------------------------------------
>
> Key: TS-4337
> URL: https://issues.apache.org/jira/browse/TS-4337
> Project: Traffic Server
> Issue Type: Bug
> Components: HTTP
> Reporter: Oknet Xu
> Fix For: 7.1.0
>
>
> add config line into records.config
> {code}
> CONFIG proxy.config.http.use_client_target_addr INT 2
> {code}
> Setup ATS working on bridge mode with ebtables/iptables,
> and enable tr-full on 8080 port.
> send a HTTP CONNECT request.
> {code}
> telnet 200.x.y.10 8080
> CONNECT 220.181.111.188:443 HTTP/1.1
> {code}
> the ip address 200.x.y.10 is a public http proxy address.
> Snip contents from traffic.out
> {code}
> +++++++++ Proxy's Request +++++++++
> -- State Machine Id: 578
> CONNECT HTTP/1.1
> Client-ip: 172.22.70.66
> X-Forwarded-For: 172.22.70.66
> Via: http/1.0 debian[AC166F6E] (ApacheTrafficServer/6.0.0)
> Host: 220.181.111.188:443
> [Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http_trans) Next action
> next; HttpTransact::HandleResponse
> [Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http) [578] State
> Transition: SM_ACTION_API_OS_DNS -> SM_ACTION_ORIGIN_SERVER_RAW_OPEN
> [Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http_track) entered
> inside do_http_server_open ][IPv4]
> [Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http) [578] open
> connection to 220.181.111.188: 200.x.y.10:443
> [Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http_seq)
> [HttpSM::do_http_server_open] Sending request to server
> [Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http) calling
> netProcessor.connect_s
> {code}
> please notice on the below line:
> {code}
> [Apr 7 16:58:49.996] Server {0x2b6176b8a700} DEBUG: (http) [578] open
> connection to 220.181.111.188: 200.x.y.10:443
> {code}
> with "use_client_target_addr INT 2", ATS does not do name resolve and pickup
> dest ip directly from TCP layer but still pickup dest port from HTTP request.
> In a tr-full mode, does ATS should tunnel the CONNECT method to a remote
> proxy ? just think it is a one shot parent proxy, only for this tcp
> connection.
> or other behaviour ?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
