[ https://issues.apache.org/jira/browse/TS-803?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15501506#comment-15501506 ]
James Peach commented on TS-803: -------------------------------- Yep, we should take it through [API review|https://cwiki.apache.org/confluence/display/TS/API+Review+Process]. Looking at the patch above, I'd recommend we call it something line {{TSHttpTxnSocksParentAddrSet}} since {{AddrSet}} is the naming convention we have for setting addresses. It should take a {{const struct sockaddr*}}. > Fix SOCKS breakage and allow for setting next-hop SOCKS > ------------------------------------------------------- > > Key: TS-803 > URL: https://issues.apache.org/jira/browse/TS-803 > Project: Traffic Server > Issue Type: New Feature > Components: Network, SOCKS > Affects Versions: 3.0.0 > Environment: Wherever ATS might run > Reporter: M. Nunberg > > Here is a patch I drew up a few months ago against a snapshot of ATS/2.1.7 > unstable/git. There are some quirks here, and I'm not that sure any more what > this patch does exactly. However it: > 1) Does fix SOCKS connections in general > 2) Allows setting next-hop SOCKS proxy via the API > Problems: > See https://issues.apache.org/jira/browse/TS-802 > This has no effect on connections which are drawn from the connection pool, > as it seems ATS currently doesn't maintain unique identities for peripheral > connection params (source IP, SOCKS etc); i.e. this only affects new TCP > connections to an OS. > diff -x '*.o' -ru tsorig/iocore/net/I_NetVConnection.h > tsgit217/iocore/net/I_NetVConnection.h > --- tsorig/iocore/net/I_NetVConnection.h 2011-03-09 21:43:58.000000000 > +0000 > +++ tsgit217/iocore/net/I_NetVConnection.h 2011-03-17 14:37:18.000000000 > +0000 > @@ -120,6 +120,13 @@ > /// Version of SOCKS to use. > unsigned char socks_version; > + struct { > + unsigned int ip; > + int port; > + char *username; > + char *password; > + } socks_override; > + > int socket_recv_bufsize; > int socket_send_bufsize; > Only in tsgit217/iocore/net: Makefile > Only in tsgit217/iocore/net: Makefile.in > diff -x '*.o' -ru tsorig/iocore/net/P_Socks.h tsgit217/iocore/net/P_Socks.h > --- tsorig/iocore/net/P_Socks.h 2011-03-09 21:43:58.000000000 +0000 > +++ tsgit217/iocore/net/P_Socks.h 2011-03-17 13:17:20.000000000 +0000 > @@ -126,7 +126,7 @@ > unsigned char version; > bool write_done; > - > + bool manual_parent_selection; > SocksAuthHandler auth_handler; > unsigned char socks_cmd; > @@ -145,7 +145,8 @@ > SocksEntry():Continuation(NULL), netVConnection(0), > ip(0), port(0), server_ip(0), server_port(0), nattempts(0), > - lerrno(0), timeout(0), version(5), write_done(false), > auth_handler(NULL), socks_cmd(NORMAL_SOCKS) > + lerrno(0), timeout(0), version(5), write_done(false), > manual_parent_selection(false), > + auth_handler(NULL), socks_cmd(NORMAL_SOCKS) > { > } > }; > diff -x '*.o' -ru tsorig/iocore/net/Socks.cc tsgit217/iocore/net/Socks.cc > --- tsorig/iocore/net/Socks.cc 2011-03-09 21:43:58.000000000 +0000 > +++ tsgit217/iocore/net/Socks.cc 2011-03-17 13:46:07.000000000 +0000 > @@ -73,7 +73,8 @@ > nattempts = 0; > findServer(); > - timeout = this_ethread()->schedule_in(this, > HRTIME_SECONDS(netProcessor.socks_conf_stuff->server_connect_timeout)); > +// timeout = this_ethread()->schedule_in(this, > HRTIME_SECONDS(netProcessor.socks_conf_stuff->server_connect_timeout)); > + timeout = this_ethread()->schedule_in(this, HRTIME_SECONDS(5)); > write_done = false; > } > @@ -81,6 +82,15 @@ > SocksEntry::findServer() > { > nattempts++; > + if(manual_parent_selection) { > + if(nattempts > 1) { > + //Nullify IP and PORT > + server_ip = -1; > + server_port = 0; > + } > + Debug("mndebug(Socks)", "findServer() is a noop with manual socks > selection"); > + return; > + } > #ifdef SOCKS_WITH_TS > if (nattempts == 1) { > @@ -187,7 +197,6 @@ > } > Debug("Socks", "Failed to connect to %u.%u.%u.%u:%d", > PRINT_IP(server_ip), server_port); > - > findServer(); > if (server_ip == (uint32_t) - 1) { > diff -x '*.o' -ru tsorig/iocore/net/UnixNetProcessor.cc > tsgit217/iocore/net/UnixNetProcessor.cc > --- tsorig/iocore/net/UnixNetProcessor.cc 2011-03-09 21:43:58.000000000 > +0000 > +++ tsgit217/iocore/net/UnixNetProcessor.cc 2011-03-17 15:48:38.000000000 > +0000 > @@ -228,6 +228,11 @@ > !socks_conf_stuff->ip_range.match(ip)) > #endif > ); > + if(opt->socks_override.ip >= 1) { > + using_socks = true; > + Debug("mndebug", "trying to set using_socks to true"); > + } > + > SocksEntry *socksEntry = NULL; > #endif > NET_SUM_GLOBAL_DYN_STAT(net_connections_currently_open_stat, 1); > @@ -242,6 +247,16 @@ > if (using_socks) { > Debug("Socks", "Using Socks ip: %u.%u.%u.%u:%d\n", PRINT_IP(ip), port); > socksEntry = socksAllocator.alloc(); > + > + if (opt->socks_override.ip) { > + //Needs to be done before socksEntry->init() > + socksEntry->server_ip = opt->socks_override.ip; > + socksEntry->server_port = opt->socks_override.port; > + socksEntry->manual_parent_selection = true; > + opt->socks_support = NORMAL_SOCKS; > + Debug("mndebug(Socks)", "SOCKS proxy selected manually"); > + } > + > socksEntry->init(cont->mutex, vc, opt->socks_support, > opt->socks_version); /*XXXX remove last two args */ > socksEntry->action_ = cont; > cont = socksEntry; > diff -x '*.o' -ru tsorig/proxy/InkAPI.cc tsgit217/proxy/InkAPI.cc > --- tsorig/proxy/InkAPI.cc 2011-03-09 21:43:58.000000000 +0000 > +++ tsgit217/proxy/InkAPI.cc 2011-03-17 15:43:23.000000000 +0000 > @@ -5239,6 +5239,15 @@ > } > void > +TSHttpTxnSocksProxySet(TSHttpTxn txnp, unsigned int ipaddr, int port) > +{ > + sdk_assert(sdk_sanity_check_txn(txnp) == TS_SUCCESS); > + HttpSM *sm = (HttpSM*) txnp; > + sm->t_state.api_info.socks_proxy_ipaddr = ipaddr; > + sm->t_state.api_info.socks_proxy_port = port; > +} > + > +void > TSHttpTxnUntransformedRespCache(TSHttpTxn txnp, int on) > { > sdk_assert(sdk_sanity_check_txn(txnp) == TS_SUCCESS); > diff -x '*.o' -ru tsorig/proxy/api/ts/ts.h.in tsgit217/proxy/api/ts/ts.h.in > --- tsorig/proxy/api/ts/ts.h.in 2011-03-09 21:43:58.000000000 +0000 > +++ tsgit217/proxy/api/ts/ts.h.in 2011-03-17 15:43:04.000000000 +0000 > @@ -2134,6 +2134,7 @@ > */ > tsapi void TSHttpTxnParentProxySet(TSHttpTxn txnp, char* hostname, int > port); > + tsapi void TSHttpTxnSocksProxySet(TSHttpTxn txnp, unsigned int ipaddr, int > port); > tsapi void TSHttpTxnUntransformedRespCache(TSHttpTxn txnp, int on); > tsapi void TSHttpTxnTransformedRespCache(TSHttpTxn txnp, int on); > diff -x '*.o' -ru tsorig/proxy/http/HttpSM.cc tsgit217/proxy/http/HttpSM.cc > --- tsorig/proxy/http/HttpSM.cc 2011-03-09 21:43:58.000000000 +0000 > +++ tsgit217/proxy/http/HttpSM.cc 2011-03-17 15:53:07.000000000 +0000 > @@ -3658,6 +3658,7 @@ > // before we return from this function for forward proxy > > t_state.pristine_url.create(t_state.hdr_info.client_request.url_get()->m_heap); > t_state.pristine_url.copy(t_state.hdr_info.client_request.url_get()); > + Debug("url_rewrite", "URL is %s", > t_state.pristine_url.string_get_ref(NULL)); > if (!ret) { > Debug("url_rewrite", "Could not find a valid remapping entry for this > request [%" PRId64 "]", sm_id); > @@ -4077,6 +4078,8 @@ > opt.addr_binding = NetVCOptions::FOREIGN_ADDR; > opt.local_addr = t_state.client_info.ip; > } > + opt.socks_override.ip = t_state.api_info.socks_proxy_ipaddr; > + opt.socks_override.port = t_state.api_info.socks_proxy_port; > Debug("http", "[%" PRId64 "] open connection to %s: %u.%u.%u.%u", > sm_id, t_state.current.server->name, > PRINT_IP(t_state.current.server->ip)); > @@ -4124,6 +4127,11 @@ > // to do this but as far I can tell the code that prevented keep-alive if > // there is a request body has been removed. > + //FIXME: We won't always be using from the shared connection pool. In the > new architecture, the only time > + //We don't need a new connection is in the case of chaining HTTP proxies. > Otherwise the session manager > + //Doesn't keep track of src IPs or SOCKS proxies. > + > + > if (raw == false && t_state.http_config_param->share_server_sessions && > (t_state.txn_conf->keep_alive_post_out == 1 || > t_state.hdr_info.request_content_length == 0) && > ua_session != NULL) { > diff -x '*.o' -ru tsorig/proxy/http/HttpTransact.h > tsgit217/proxy/http/HttpTransact.h > --- tsorig/proxy/http/HttpTransact.h 2011-03-09 21:43:58.000000000 +0000 > +++ tsgit217/proxy/http/HttpTransact.h 2011-03-17 15:39:05.000000000 +0000 > @@ -317,6 +317,8 @@ > { > char *parent_proxy_name; > int parent_proxy_port; > + unsigned int socks_proxy_ipaddr; > + int socks_proxy_port; > bool cache_untransformed; > bool cache_transformed; > bool logging_enabled; > @@ -325,6 +327,8 @@ > _HttpApiInfo() > : parent_proxy_name(NULL), > parent_proxy_port(-1), > + socks_proxy_ipaddr(0), > + socks_proxy_port(0), > cache_untransformed(false), cache_transformed(true), > logging_enabled(true), retry_intercept_failures(false) > { } > } HttpApiInfo; -- This message was sent by Atlassian JIRA (v6.3.4#6332)