[trafficserver] branch master updated (63e048a -> 3aaf280)

[bcall]

This is an automated email from the ASF dual-hosted git repository.

bcall pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git.


from 63e048a  doc + unittest TSRemap(Init|NewInstance) failures
 add 3aaf280  Script used for comparing commits on internal branch and 
seeing if they are on the remote master or release branch.  It uses a 
combination of cherry-mark and searching the commit message for cherry-pick -x 
hashes.

No new revisions were added by this update.

Summary of changes:
 tools/{ => git}/apply-pr.sh  |   0
 tools/{ => git}/changelog.pl |   0
 tools/git/git_merge_log.pl   | 144 +++
 3 files changed, 144 insertions(+)
 rename tools/{ => git}/apply-pr.sh (100%)
 rename tools/{ => git}/changelog.pl (100%)
 create mode 100755 tools/git/git_merge_log.pl

[trafficserver] branch 9.0.x updated: Fix the external link

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 14b1c68  Fix the external link
14b1c68 is described below

commit 14b1c6805583b5ad6039c3f046f3d19996b2eff3
Author: Leif Hedstrom 
AuthorDate: Wed Oct 30 17:15:55 2019 -0600

Fix the external link
---
 doc/release-notes/whats-new.en.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/release-notes/whats-new.en.rst 
b/doc/release-notes/whats-new.en.rst
index c4fb1eb..53e4841 100644
--- a/doc/release-notes/whats-new.en.rst
+++ b/doc/release-notes/whats-new.en.rst
@@ -38,7 +38,7 @@ the following features:
 
 PROXY protocol
 ~~
-ATS now supports the `PROXY 
https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt`_ protocol,
+ATS now supports the `PROXY 
`_ protocol,
 on the inbound side. The incoming PROXY data gets transformed into the 
`Forwarded` header.
 
 Incompatible records.config settings

[trafficserver] branch 8.0.x updated (c879269 -> 2c70471)

[bcall]

This is an automated email from the ASF dual-hosted git repository.

bcall pushed a change to branch 8.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git.


from c879269  Perform a SSL quiet shutdown when close-notify is not sent
 add 2c70471  Updated Changelog

No new revisions were added by this update.

Summary of changes:
 CHANGELOG-8.0.6 | 2 ++
 1 file changed, 2 insertions(+)

[trafficserver] branch 9.0.x updated: doc + unittest TSRemap(Init|NewInstance) failures

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new e3a1428  doc + unittest TSRemap(Init|NewInstance) failures
e3a1428 is described below

commit e3a1428ebef51e11825b152c05a6ea55bc2e1c57
Author: Gancho Tenev 
AuthorDate: Tue Oct 29 21:27:46 2019 -0700

doc + unittest TSRemap(Init|NewInstance) failures

Documented configuration reload behavior when `TSRemapIniti()` and
`TSRemapNewInstance()` return `TS_ERROR` aborting the reload.

Verified that `TSRemapInit()` and `TSRemapNewInstance()` actually
abort the configuration reload if any of them return `TS_ERROR`.
Discovered and fixed a discrepency with not unloading the DSO
if the initial `TSRemapInit()` call returns `TS_ERROR`.  Added
unit tests to validate the DSO actuall unloading.

(cherry picked from commit 63e048a7546bb87537498265fd7ccf1f5700d396)
---
 doc/developer-guide/plugins/remap-plugins.en.rst   |  6 ++
 proxy/http/remap/Makefile.am   | 13 +++-
 proxy/http/remap/PluginFactory.cc  |  6 +-
 proxy/http/remap/unit-tests/plugin_init_fail.cc| 58 ++
 .../http/remap/unit-tests/plugin_instinit_fail.cc  | 69 ++
 proxy/http/remap/unit-tests/test_PluginFactory.cc  | 52 +++-
 6 files changed, 198 insertions(+), 6 deletions(-)

diff --git a/doc/developer-guide/plugins/remap-plugins.en.rst 
b/doc/developer-guide/plugins/remap-plugins.en.rst
index d436169..2446510 100644
--- a/doc/developer-guide/plugins/remap-plugins.en.rst
+++ b/doc/developer-guide/plugins/remap-plugins.en.rst
@@ -50,6 +50,9 @@ should be placed in :arg:`errbuff`, taking note of the 
maximum size of the buffe
 :arg:`errbuff_size`. The message is checked if the function returns a value 
other than
 :macro:`TS_SUCCESS`.
 
+If :func:`TSRemapInit` returns :macro:`TS_ERROR` then the remap configuration 
loading
+is aborted immediatelly.
+
 This function should perform any plugin global initialization, such as setting 
up static data
 tables. It only be called immediately after the dynamic library is loaded from 
disk.
 
@@ -88,6 +91,9 @@ If there is an error then the callback should return 
:macro:`TS_ERROR` and fill
 :arg:`errbuff` with a C-string describing the error. Otherwise the function 
must return
 :macro:`TS_SUCCESS`.
 
+If :func:`TSRemapNewInstance` returns :macro:`TS_ERROR` then the remap 
configuration loading
+is aborted immediatelly.
+
 
 Configuration reload notifications
 ~~
diff --git a/proxy/http/remap/Makefile.am b/proxy/http/remap/Makefile.am
index 8275166..c1874c9 100644
--- a/proxy/http/remap/Makefile.am
+++ b/proxy/http/remap/Makefile.am
@@ -82,7 +82,10 @@ test_PluginDso_SOURCES = \
 
 test_PluginFactory_CPPFLAGS = $(AM_CPPFLAGS) -I$(abs_top_srcdir)/tests/include 
-DPLUGIN_DSO_TESTS
 test_PluginFactory_LIBTOOLFLAGS = --preserve-dup-deps
-EXTRA_test_PluginFactory_DEPENDENCIES = unit-tests/plugin_v1.la
+EXTRA_test_PluginFactory_DEPENDENCIES = \
+   unit-tests/plugin_v1.la \
+   unit-tests/plugin_init_fail.la
+   unit-tests/plugin_instinit_fail.la
 test_PluginFactory_LDADD = $(COMMON_PLUGINDSO_LDADDS)
 test_PluginFactory_LDFLAGS = $(AM_LDFLAGS)
 test_PluginFactory_SOURCES = \
@@ -121,6 +124,8 @@ DSO_LDFLAGS = \
 pkglib_LTLIBRARIES = \
unit-tests/plugin_v1.la \
unit-tests/plugin_v2.la \
+   unit-tests/plugin_init_fail.la \
+   unit-tests/plugin_instinit_fail.la \
unit-tests/plugin_required_cb.la \
unit-tests/plugin_missing_deleteinstance.la \
unit-tests/plugin_missing_doremap.la \
@@ -133,6 +138,12 @@ unit_tests_plugin_v1_la_CPPFLAGS = -DPLUGINDSOVER=1 
$(AM_CPPFLAGS)
 unit_tests_plugin_v2_la_SOURCES = unit-tests/plugin_misc_cb.cc
 unit_tests_plugin_v2_la_LDFLAGS = $(DSO_LDFLAGS)
 unit_tests_plugin_v2_la_CPPFLAGS = -DPLUGINDSOVER=2 $(AM_CPPFLAGS)
+unit_tests_plugin_init_fail_la_SOURCES = unit-tests/plugin_init_fail.cc
+unit_tests_plugin_init_fail_la_LDFLAGS = $(DSO_LDFLAGS)
+unit_tests_plugin_init_fail_la_CPPFLAGS = $(AM_CPPFLAGS)
+unit_tests_plugin_instinit_fail_la_SOURCES = unit-tests/plugin_instinit_fail.cc
+unit_tests_plugin_instinit_fail_la_LDFLAGS = $(DSO_LDFLAGS)
+unit_tests_plugin_instinit_fail_la_CPPFLAGS = $(AM_CPPFLAGS)
 unit_tests_plugin_required_cb_la_SOURCES = unit-tests/plugin_required_cb.cc
 unit_tests_plugin_required_cb_la_LDFLAGS = $(DSO_LDFLAGS)
 unit_tests_plugin_required_cb_la_CPPFLAGS = -DPLUGINDSOVER=1 $(AM_CPPFLAGS)
diff --git a/proxy/http/remap/PluginFactory.cc 
b/proxy/http/remap/PluginFactory.cc
index 8fc55af..b55875b 100644
--- a/proxy/http/remap/PluginFactory.cc
+++ b/proxy/http/remap/PluginFactory.cc
@@ -171,13 +171,15 @@ PluginFactory::getRemapPlugin(const fs::path , 
int argc, char **argv,
 plugin = new 

[trafficserver] 01/02: Off by 1 error in memcpy of redirect url

[bcall]

This is an automated email from the ASF dual-hosted git repository.

bcall pushed a commit to branch 8.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit efcdc13741b2baba96a96c623effd92aa746aefa
Author: Susan Hinrichs 
AuthorDate: Tue Apr 23 16:42:31 2019 +

Off by 1 error in memcpy of redirect url

(cherry picked from commit d611b54aadd399641e009fde77017fed4d2da01f)

 Conflicts:
proxy/http/HttpSM.cc
---
 proxy/http/HttpSM.cc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index 1008fd8..caeb2c7 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -7715,7 +7715,9 @@ HttpSM::redirect_request(const char *redirect_url, const 
int redirect_len)
   // Prepend a slash and parse again.
   char redirect_url_leading_slash[redirect_len + 1];
   redirect_url_leading_slash[0] = '/';
-  memcpy(redirect_url_leading_slash + 1, redirect_url, redirect_len + 1);
+  if (redirect_len > 0) {
+memcpy(redirect_url_leading_slash + 1, redirect_url, redirect_len);
+  }
   url_nuke_proxy_stuff(redirectUrl.m_url_impl);
   redirectUrl.parse(redirect_url_leading_slash, redirect_len + 1);
 }

[trafficserver] branch 8.0.x updated (7e34842 -> c879269)

[bcall]

This is an automated email from the ASF dual-hosted git repository.

bcall pushed a change to branch 8.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git.


from 7e34842  Updated Changelog
 new efcdc13  Off by 1 error in memcpy of redirect url
 new c879269  Perform a SSL quiet shutdown when close-notify is not sent

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 iocore/net/SSLNetVConnection.cc|  5 ++
 proxy/http/HttpSM.cc   |  4 +-
 .../tls_session_cache.test.py} | 87 +-
 3 files changed, 58 insertions(+), 38 deletions(-)
 copy tests/gold_tests/{tls_hooks/tls_hooks.test.py => 
tls/tls_session_cache.test.py} (52%)

[trafficserver] 02/02: Perform a SSL quiet shutdown when close-notify is not sent

[bcall]

This is an automated email from the ASF dual-hosted git repository.

bcall pushed a commit to branch 8.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit c8792690da84a890f362ab9b1b9b51353d509143
Author: Valentin Gutierrez 
AuthorDate: Fri Sep 13 10:15:17 2019 +

Perform a SSL quiet shutdown when close-notify is not sent

(cherry picked from commit acf2fb7519bb0ed3820d3f798178903341d0678f)

 Conflicts:
iocore/net/SSLNetVConnection.cc
---
 iocore/net/SSLNetVConnection.cc|  5 ++
 tests/gold_tests/tls/tls_session_cache.test.py | 93 ++
 2 files changed, 98 insertions(+)

diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index a03022c..f38a9ee 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -907,6 +907,11 @@ SSLNetVConnection::do_io_close(int lerrno)
   // Send the close-notify
   int ret = SSL_shutdown(ssl);
   Debug("ssl-shutdown", "SSL_shutdown %s", (ret) ? "success" : "failed");
+} else {
+  // Request a quiet shutdown to OpenSSL
+  SSL_set_quiet_shutdown(ssl, 1);
+  SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN | SSL_SENT_SHUTDOWN);
+  Debug("ssl-shutdown", "Enable quiet shutdown");
 }
   }
   // Go on and do the unix socket cleanups
diff --git a/tests/gold_tests/tls/tls_session_cache.test.py 
b/tests/gold_tests/tls/tls_session_cache.test.py
new file mode 100644
index 000..08d9fd2
--- /dev/null
+++ b/tests/gold_tests/tls/tls_session_cache.test.py
@@ -0,0 +1,93 @@
+'''
+'''
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#  http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+import os
+import re
+Test.Summary = '''
+Test tls session cache
+'''
+
+# Define default ATS
+ts = Test.MakeATSProcess("ts", select_ports=True, enable_tls=True)
+server = Test.MakeOriginServer("server")
+
+
+# Add info the origin server responses
+request_header = {"headers": "GET / HTTP/1.1\r\nHost: 
www.example.com\r\n\r\n", "timestamp": "1469733493.993", "body": ""}
+response_header = {"headers": "HTTP/1.1 200 OK\r\nConnection: close\r\n\r\n", 
"timestamp": "1469733493.993", "body": ""}
+server.addResponse("sessionlog.json", request_header, response_header)
+
+# add ssl materials like key, certificates for the server
+ts.addSSLfile("ssl/server.pem")
+ts.addSSLfile("ssl/server.key")
+
+ts.Disk.remap_config.AddLine(
+'map / http://127.0.0.1:{0}'.format(server.Variables.Port)
+)
+
+ts.Disk.ssl_multicert_config.AddLine(
+'dest_ip=* ssl_cert_name=server.pem ssl_key_name=server.key'
+)
+
+ts.Disk.records_config.update({
+'proxy.config.ssl.server.cert.path': '{0}'.format(ts.Variables.SSLDir),
+'proxy.config.ssl.server.private_key.path': 
'{0}'.format(ts.Variables.SSLDir),
+'proxy.config.ssl.client.verify.server':  0,
+'proxy.config.ssl.server.cipher_suite': 
'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA:RC4-MD5:AES128-SHA:AES256-SHA:DES-CBC3-SHA!SRP:!DSS:!PSK:!aNULL:!eNULL:!SSLv2',
+'proxy.config.exec_thread.autoconfig.scale': 1.0,
+'proxy.config.ssl.session_cache': 2,
+'proxy.config.ssl.session_cache.size': 4096,
+'proxy.config.ssl.session_cache.num_buckets': 256,
+'proxy.config.ssl.session_cache.skip_cache_on_bucket_contention': 0,
+'proxy.config.ssl.session_cache.timeout': 0,
+'proxy.config.ssl.session_cache.auto_clear': 1,
+'proxy.config.ssl.server.session_ticket.enable': 0,
+})
+
+# Check that Session-ID is the same on every connection
+def checkSession(ev) :
+  retval = False
+  f = open(openssl_output, 'r')
+  err = "Session ids match"
+  if not f:
+err = "Failed to open {0}".format(openssl_output)
+return (retval, "Check that session ids match", err)
+
+  content = f.read()
+  match = re.findall('Session-ID: ([0-9A-F]+)', content)
+
+  if match:
+if all(i == j for i, j in zip(match, match[1:])):
+  err = "{0} reused successfully {1} times".format(match[0], len(match))
+  retval = True
+else:
+  err = "Session is not being reused as expected"
+  else:
+err = "Didn't find session id"
+  

[trafficserver] branch master updated (60e6ace -> 63e048a)

[gancho]

This is an automated email from the ASF dual-hosted git repository.

gancho pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git.


from 60e6ace  Updating the autest version pin to 1.7.4.
 add 63e048a  doc + unittest TSRemap(Init|NewInstance) failures

No new revisions were added by this update.

Summary of changes:
 doc/developer-guide/plugins/remap-plugins.en.rst   |  6 +++
 proxy/http/remap/Makefile.am   | 13 +-
 proxy/http/remap/PluginFactory.cc  |  6 ++-
 ..._missing_newinstance.cc => plugin_init_fail.cc} | 14 +++---
 ...g_deleteinstance.cc => plugin_instinit_fail.cc} | 20 +++--
 proxy/http/remap/unit-tests/test_PluginFactory.cc  | 52 --
 6 files changed, 95 insertions(+), 16 deletions(-)
 copy proxy/http/remap/unit-tests/{plugin_missing_newinstance.cc => 
plugin_init_fail.cc} (95%)
 copy proxy/http/remap/unit-tests/{plugin_missing_deleteinstance.cc => 
plugin_instinit_fail.cc} (92%)

[trafficserver] branch 9.0.x updated: Updated with more new features and incopmatible changes

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 6eefa69  Updated with more new features and incopmatible changes
6eefa69 is described below

commit 6eefa698a60100f55c38d313e2b801cb71d3d173
Author: Leif Hedstrom 
AuthorDate: Wed Oct 30 16:23:36 2019 -0600

Updated with more new features and incopmatible changes
---
 doc/release-notes/upgrading.en.rst | 27 ---
 doc/release-notes/whats-new.en.rst | 18 --
 2 files changed, 40 insertions(+), 5 deletions(-)

diff --git a/doc/release-notes/upgrading.en.rst 
b/doc/release-notes/upgrading.en.rst
index a35e2ff..fb2505d 100644
--- a/doc/release-notes/upgrading.en.rst
+++ b/doc/release-notes/upgrading.en.rst
@@ -25,6 +25,14 @@ Upgrading to ATS v9.x
 .. toctree::
:maxdepth: 1
 
+Remapping
+-
+
+One of the biggest changes in ATS v9.0.0 is that URL rewrites, as specified in 
a :file:`remap.config`
+rule, now always happens **before** all plugins are executed. This can have 
significant impact on
+behavior, since plugins might now see a different URL than they did in prior 
versions. In particular,
+plugins modifying the cache key could have serious problems (see the  section 
below for details).
+
 YAML
 
 
@@ -61,6 +69,13 @@ These are all gone, and replaced with the following set of 
configurations:
 * :ts:cv:`proxy.config.http.per_server.connection.queue_delay`
 * :ts:cv:`proxy.config.http.per_server.connection.min`
 
+Removed records.config settings
+---
+
+The following settings are simply gone, and have no purpose:
+
+* `proxy.config.config_dir` (see PROXY_CONFIG_CONFIG_DIR environment variable)
+
 Deprecated or Removed Features
 --
 The following features, configurations and plugins are either removed or 
deprecated in this
@@ -70,8 +85,16 @@ removed in the next major release of ATS.
 
 API Changes
 ---
-The following APIs have changed, either in semanatics, interfaces, or both.
+Our APIs are guaranteed to be compatible within major versions, but we do make 
changes
+for each new major release.
+
+Removed APIs
+
+* `TSHttpTxnRedirectRequest()`
 
+Renamed or modified APIs
+
+* `TSVConnSSLConnectionGet` is renamed to be :c:func:`TSVConnSslConnectionGet`.
 
 Cache
 -
@@ -94,13 +117,11 @@ The following plugins have changes that might require you 
to change configuratio
 
 header_rewrite
 ~~
-
 * The `%{PATH}` directive is now removed, and instead you want to use 
`%{CLIENT-URL:PATH}`. This was
   done to unify the behavior of these operators, rather than having this 
one-off directive.
 
 Platform specific
 -
-
 Solaris is no longer a supported platform, but the code is still there. 
However, it's unlikely to work,
 and unless someone takes on ownership of this Platform, it will be removed 
from the source in ATS v10.0.0.
 For more details, see issue #5553.
diff --git a/doc/release-notes/whats-new.en.rst 
b/doc/release-notes/whats-new.en.rst
index 87027cf..c4fb1eb 100644
--- a/doc/release-notes/whats-new.en.rst
+++ b/doc/release-notes/whats-new.en.rst
@@ -21,7 +21,6 @@
 
 What's New in ATS v9.x
 ===
-
 This version of ATS includes over  commits, from  pull requests. A total 
of  contributors
 have participated in this development cycle.
 
@@ -31,9 +30,19 @@ have participated in this development cycle.
 New Features
 
 
+This version of ATS has a number of new features (details below), but we're 
particularly excited about
+the following features:
+
+* Experimental QUIC support (draft 23).
+* TLS v1.3 0RTT support.
+
+PROXY protocol
+~~
+ATS now supports the `PROXY 
https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt`_ protocol,
+on the inbound side. The incoming PROXY data gets transformed into the 
`Forwarded` header.
+
 Incompatible records.config settings
 
-
 These are the changes that are most likely to cause problems during an 
upgrade. Take special care
 making sure you have updated your configurations accordingly.
 
@@ -59,3 +68,8 @@ Logging and Metrics
 
 Plugins
 ---
+
+xdebug
+~~
+
+* A new directive, `fwd=` to control the number of hops the header is 
forwarded for.

[trafficserver] 02/05: Avoid AWS auth v4 path/query param double encoding

[bcall]

This is an automated email from the ASF dual-hosted git repository.

bcall pushed a commit to branch 8.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit 7a84b6b6485f608d65853c5fc31a42c13029e42c
Author: Gancho Tenev 
AuthorDate: Tue Aug 13 11:35:39 2019 -0700

Avoid AWS auth v4 path/query param double encoding

AWS signature validation differs from the spec published here (or spec
not detailed enough):
  
http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html
("Task 1: Create a Canonical Request”)

During signature calculation (CanonicalURI and CanonicalQueryString
inside the CanonicalRequest) AWS avoids URI encoding of already
encoded path or query parameters which is nowhere mentioned in the
specification but it is likely done according to rfc3986#section-2.4
which says "implementations must not percent-encode or decode the
same string more than once ..."

We already had a fix for query parementer values. Added missing
checks to be consistent with AWS behavior while still waiting for
response/confirmation from AWS.

(cherry picked from commit 30b75a3d5cae94bcd105464122a253eb9bbf4a1c)
---
 plugins/s3_auth/aws_auth_v4.cc | 31 --
 plugins/s3_auth/unit_tests/test_aws_auth_v4.cc | 11 -
 2 files changed, 25 insertions(+), 17 deletions(-)

diff --git a/plugins/s3_auth/aws_auth_v4.cc b/plugins/s3_auth/aws_auth_v4.cc
index 1df1a61..22e90ad 100644
--- a/plugins/s3_auth/aws_auth_v4.cc
+++ b/plugins/s3_auth/aws_auth_v4.cc
@@ -151,6 +151,22 @@ isUriEncoded(const String , bool isObjectName)
   return false;
 }
 
+String
+canonicalEncode(const String , bool isObjectName)
+{
+  String canonical;
+  if (!isUriEncoded(in, isObjectName)) {
+/* Not URI-encoded */
+canonical = uriEncode(in, isObjectName);
+  } else {
+/* URI-encoded, then don't encode since AWS does not encode which is not 
mentioned in the spec,
+ * asked AWS, still waiting for confirmation */
+canonical = in;
+  }
+
+  return canonical;
+}
+
 /**
  * @brief trim the white-space character from the beginning and the end of the 
string ("in-place", just moving pointers around)
  *
@@ -287,7 +303,7 @@ getCanonicalRequestSha256Hash(TsInterface , bool 
signPayload, const StringSe
   str = api.getPath();
   String path("/");
   path.append(str, length);
-  String canonicalUri = uriEncode(path, /* isObjectName */ true);
+  String canonicalUri = canonicalEncode(path, /* isObjectName */ true);
   sha256Update(, canonicalUri);
   sha256Update(, "\n");
 
@@ -306,18 +322,9 @@ getCanonicalRequestSha256Hash(TsInterface , bool 
signPayload, const StringSe
 String param(token.substr(0, pos == String::npos ? token.size() : pos));
 String value(pos == String::npos ? "" : token.substr(pos + 1, 
token.size()));
 
-String encodedParam = uriEncode(param, /* isObjectName */ false);
-
+String encodedParam = canonicalEncode(param, /* isObjectName */ false);
 paramNames.insert(encodedParam);
-
-if (!isUriEncoded(value, /* isObjectName */ false)) {
-  /* Not URI-encoded */
-  paramsMap[encodedParam] = uriEncode(value, /* isObjectName */ false);
-} else {
-  /* URI-encoded, then don't encode since AWS does not encode which is not 
mentioned in the spec,
-   * asked AWS, still waiting for confirmation */
-  paramsMap[encodedParam] = value;
-}
+paramsMap[encodedParam] = canonicalEncode(value, /* isObjectName */ false);
   }
 
   String queryStr;
diff --git a/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc 
b/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc
index 025cc2b..40bc137 100644
--- a/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc
+++ b/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc
@@ -631,7 +631,7 @@ TEST_CASE("AWSAuthSpecByExample: GET Bucket List Objects, 
query param value alre
   MockTsInterface api;
   api._method.assign("GET");
   api._host.assign("examplebucket.s3.amazonaws.com");
-  api._path.assign("");
+  api._path.assign("PATH==");
   api._query.assign("key=TEST==");
   api._headers["Host"] = "examplebucket.s3.amazonaws.com";
   api._headers["x-amz-content-sha256"] = "UNSIGNED-PAYLOAD";
@@ -642,18 +642,18 @@ TEST_CASE("AWSAuthSpecByExample: GET Bucket List Objects, 
query param value alre
 "AWS4-HMAC-SHA256 "
 "Credential=AKIAIOSFODNN7EXAMPLE/20130524/us-east-1/s3/aws4_request,"
 "SignedHeaders=host;x-amz-content-sha256;x-amz-date,"
-
"Signature=60b410f6a0ffe09b91c2aef1f179945916b45ea215278e6b8f6cfb8d461e3706",
+
"Signature=3b195c74eaa89790c596114a9fcb8515d6a3cc78577f8941c46b09ee7f501194",
 /* Canonical Request sha256 */
-"1035b1d75dad9e94fa99fa6edc2cf7d489f38796109a132721621977737a41cc",
+"7b3c74369013172ce9cb3da99b5d14e358382953e7b560b4c9bf0a46e73933cb",
 /* Date and time*/
 "20130524T00Z",
 /* String to sign */
 "AWS4-HMAC-SHA256\n"
 

[trafficserver] 05/05: Updated Changelog

[bcall]

This is an automated email from the ASF dual-hosted git repository.

bcall pushed a commit to branch 8.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit 7e34842d27fbfd4e4587ff9ca9da48a279a731a7
Author: Bryan Call 
AuthorDate: Wed Oct 30 15:15:02 2019 -0700

Updated Changelog
---
 CHANGELOG-8.0.6 | 5 +
 1 file changed, 5 insertions(+)

diff --git a/CHANGELOG-8.0.6 b/CHANGELOG-8.0.6
index ffe98f6..2eeb181 100644
--- a/CHANGELOG-8.0.6
+++ b/CHANGELOG-8.0.6
@@ -1,4 +1,6 @@
 Changes with Apache Traffic Server 8.0.6
+  #4590 - Print thread name instead of thread id
+  #4840 - resolve stack-use-after-scope in YamlLogConfig.cc
   #5078 - Fix directives for checking TS_USE_TLS_OCSP
   #5105 - tscore/ink_hrtime: add missing cstdint import
   #5316 - cppcheck: Removed problematic move operators for FixedBufferWriter.
@@ -9,9 +11,12 @@ Changes with Apache Traffic Server 8.0.6
   #5434 - gcc9 - Fix I_Store.h
   #5435 - gcc9 - fix HTTPVersion.
   #5516 - Make code compilable with BoringSSL
+  #5823 - Avoid AWS auth v4 path/query param double encoding
+  #5833 - Fix H2 internal counters
   #5887 - Fixed const issue with magick plugin
   #5899 - Substitution string has changed
   #5911 - Enable stdout logging on FreeBSD
+  #5930 - Track SSL session cache evictions performed due to full bucket
   #5989 - Concurrent SRV requests failure
   #6047 - Change the ready checks for ats to use the actual ats port and not 
th…
   #6088 - Local 8.0.x change for gcc9 - Map.h, MemSpan.h, ink_uuid.h

[trafficserver] 03/05: resolve stack-use-after-scope in YamlLogConfig.cc

[bcall]

This is an automated email from the ASF dual-hosted git repository.

bcall pushed a commit to branch 8.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit 661583ffde8e3ac5503114fd2386ed723513b99c
Author: cichang.chen 
AuthorDate: Mon Jan 21 20:44:42 2019 +0800

resolve stack-use-after-scope in YamlLogConfig.cc

fix warning in YamlLogConfig.cc

(cherry picked from commit 0ee2a26d735c8047688e660f134a6c2cd99ee913)
---
 proxy/logging/YamlLogConfig.cc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/proxy/logging/YamlLogConfig.cc b/proxy/logging/YamlLogConfig.cc
index 07bfcfb..2b3da66 100644
--- a/proxy/logging/YamlLogConfig.cc
+++ b/proxy/logging/YamlLogConfig.cc
@@ -186,10 +186,10 @@ YamlLogConfig::decodeLogObject(const YAML::Node )
   }
 
   for (auto & : filters) {
-const char *filter_name = filter.as().c_str();
-LogFilter *f= cfg->filter_list.find_by_name(filter_name);
+std::string filter_name = filter.as().c_str();
+LogFilter *f= 
cfg->filter_list.find_by_name(filter_name.c_str());
 if (!f) {
-  Warning("Filter %s is not a known filter; cannot add to this LogObject", 
filter_name);
+  Warning("Filter %s is not a known filter; cannot add to this LogObject", 
filter_name.c_str());
 } else {
   logObject->add_filter(f);
 }

[trafficserver] branch 8.0.x updated (e43fb51 -> 7e34842)

[bcall]

This is an automated email from the ASF dual-hosted git repository.

bcall pushed a change to branch 8.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git.


from e43fb51  Updated Changelog
 new 3484935  Fix H2 internal counters
 new 7a84b6b  Avoid AWS auth v4 path/query param double encoding
 new 661583f  resolve stack-use-after-scope in YamlLogConfig.cc
 new 74f8997  Track SSL session cache evictions performed due to full bucket
 new 7e34842  Updated Changelog

The 5 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .gitignore |   1 +
 CHANGELOG-8.0.6|   5 +
 iocore/net/SSLSessionCache.cc  |   3 +
 plugins/s3_auth/aws_auth_v4.cc |  31 +--
 plugins/s3_auth/unit_tests/test_aws_auth_v4.cc |  11 +-
 proxy/http2/Http2ConnectionState.cc|  56 +-
 proxy/http2/Http2ConnectionState.h |  17 +-
 proxy/http2/Http2FrequencyCounter.cc   |  55 ++
 .../http2/Http2FrequencyCounter.h  |  17 +-
 proxy/http2/Makefile.am|  17 ++
 .../http2/unit_tests/test_Http2FrequencyCounter.cc | 219 +
 proxy/logging/YamlLogConfig.cc |   6 +-
 12 files changed, 350 insertions(+), 88 deletions(-)
 create mode 100644 proxy/http2/Http2FrequencyCounter.cc
 copy iocore/eventsystem/I_Tasks.h => proxy/http2/Http2FrequencyCounter.h (80%)
 create mode 100644 proxy/http2/unit_tests/test_Http2FrequencyCounter.cc

[trafficserver] 04/05: Track SSL session cache evictions performed due to full bucket

[bcall]

This is an automated email from the ASF dual-hosted git repository.

bcall pushed a commit to branch 8.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit 74f89978b9fdb5620d4278699b2b6e17dfcdb40c
Author: Valentin Gutierrez 
AuthorDate: Wed Sep 11 13:43:55 2019 +

Track SSL session cache evictions performed due to full bucket

(cherry picked from commit a62e5f98763bd29bf68318cb55a2ddc1ec189a1b)
---
 iocore/net/SSLSessionCache.cc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/iocore/net/SSLSessionCache.cc b/iocore/net/SSLSessionCache.cc
index bbe52a9..ba65dad 100644
--- a/iocore/net/SSLSessionCache.cc
+++ b/iocore/net/SSLSessionCache.cc
@@ -140,6 +140,9 @@ SSLSessionBucket::insertSession(const SSLSessionID , 
SSL_SESSION *sess)
 
   PRINT_BUCKET("insertSession before")
   if (queue.size >= 
static_cast(SSLConfigParams::session_cache_max_bucket_size)) {
+if (ssl_rsb) {
+  SSL_INCREMENT_DYN_STAT(ssl_session_cache_eviction);
+}
 removeOldestSession();
   }
 

[trafficserver] 01/05: Fix H2 internal counters

[bcall]

This is an automated email from the ASF dual-hosted git repository.

bcall pushed a commit to branch 8.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit 3484935253a21faf32ee7d153dd5f1f08bcc088f
Author: Masakazu Kitajo 
AuthorDate: Sat Aug 17 00:29:30 2019 +0900

Fix H2 internal counters

(cherry picked from commit aa319a461c8326724ea10a42ae474fcdac7fc849)
---
 .gitignore |   1 +
 proxy/http2/Http2ConnectionState.cc|  56 +-
 proxy/http2/Http2ConnectionState.h |  17 +-
 proxy/http2/Http2FrequencyCounter.cc   |  55 ++
 proxy/http2/Http2FrequencyCounter.h|  38 
 proxy/http2/Makefile.am|  17 ++
 .../http2/unit_tests/test_Http2FrequencyCounter.cc | 219 +
 7 files changed, 343 insertions(+), 60 deletions(-)

diff --git a/.gitignore b/.gitignore
index a06789b..10a0d15 100644
--- a/.gitignore
+++ b/.gitignore
@@ -100,6 +100,7 @@ proxy/hdrs/test_mime
 proxy/http/test_ForwardedConfig
 proxy/http2/test_Huffmancode
 proxy/http2/test_Http2DependencyTree
+proxy/http2/test_Http2FrequencyCounter
 proxy/http2/test_HPACK
 proxy/http2/hpack-tests/results
 proxy/logging/test_LogUtils
diff --git a/proxy/http2/Http2ConnectionState.cc 
b/proxy/http2/Http2ConnectionState.cc
index 22027e8..5fc3a9e 100644
--- a/proxy/http2/Http2ConnectionState.cc
+++ b/proxy/http2/Http2ConnectionState.cc
@@ -1881,89 +1881,49 @@ 
Http2ConnectionState::send_window_update_frame(Http2StreamId id, uint32_t size)
 void
 Http2ConnectionState::increment_received_settings_count(uint32_t count)
 {
-  ink_hrtime hrtime_sec = Thread::get_hrtime() / HRTIME_SECOND;
-  uint8_t counter_index = ((hrtime_sec % 60) >= 30);
-
-  if ((hrtime_sec - 60) > this->settings_count_last_update) {
-this->settings_count[0] = 0;
-this->settings_count[1] = 0;
-  } else if (counter_index != ((this->settings_count_last_update % 60) >= 30)) 
{
-this->settings_count[counter_index] = 0;
-  }
-  this->settings_count[counter_index] += count;
-  this->settings_count_last_update = hrtime_sec;
+  this->_received_settings_counter.increment(count);
 }
 
 uint32_t
 Http2ConnectionState::get_received_settings_count()
 {
-  return this->settings_count[0] + this->settings_count[1];
+  return this->_received_settings_counter.get_count();
 }
 
 void
 Http2ConnectionState::increment_received_settings_frame_count()
 {
-  ink_hrtime hrtime_sec = Thread::get_hrtime() / HRTIME_SECOND;
-  uint8_t counter_index = ((hrtime_sec % 60) >= 30);
-
-  if ((hrtime_sec - 60) > this->settings_frame_count_last_update) {
-this->settings_frame_count[0] = 0;
-this->settings_frame_count[1] = 0;
-  } else if (counter_index != ((this->settings_frame_count_last_update % 60) 
>= 30)) {
-this->settings_frame_count[counter_index] = 0;
-  }
-  ++this->settings_frame_count[counter_index];
-  this->settings_frame_count_last_update = hrtime_sec;
+  this->_received_settings_frame_counter.increment();
 }
 
 uint32_t
 Http2ConnectionState::get_received_settings_frame_count()
 {
-  return this->settings_frame_count[0] + this->settings_frame_count[1];
+  return this->_received_settings_frame_counter.get_count();
 }
 
 void
 Http2ConnectionState::increment_received_ping_frame_count()
 {
-  ink_hrtime hrtime_sec = Thread::get_hrtime() / HRTIME_SECOND;
-  uint8_t counter_index = ((hrtime_sec % 60) >= 30);
-
-  if ((hrtime_sec - 60) > this->ping_frame_count_last_update) {
-this->ping_frame_count[0] = 0;
-this->ping_frame_count[1] = 0;
-  } else if (counter_index != ((this->ping_frame_count_last_update % 60) >= 
30)) {
-this->ping_frame_count[counter_index] = 0;
-  }
-  ++this->ping_frame_count[counter_index];
-  this->ping_frame_count_last_update = hrtime_sec;
+  this->_received_ping_frame_counter.increment();
 }
 
 uint32_t
 Http2ConnectionState::get_received_ping_frame_count()
 {
-  return this->ping_frame_count[0] + this->ping_frame_count[1];
+  return this->_received_ping_frame_counter.get_count();
 }
 
 void
 Http2ConnectionState::increment_received_priority_frame_count()
 {
-  ink_hrtime hrtime_sec = Thread::get_hrtime() / HRTIME_SECOND;
-  uint8_t counter_index = ((hrtime_sec % 60) >= 30);
-
-  if ((hrtime_sec - 60) > this->priority_frame_count_last_update) {
-this->priority_frame_count[0] = 0;
-this->priority_frame_count[1] = 0;
-  } else if (counter_index != ((this->priority_frame_count_last_update % 60) 
>= 30)) {
-this->priority_frame_count[counter_index] = 0;
-  }
-  ++this->priority_frame_count[counter_index];
-  this->priority_frame_count_last_update = hrtime_sec;
+  this->_received_priority_frame_counter.increment();
 }
 
 uint32_t
 Http2ConnectionState::get_received_priority_frame_count()
 {
-  return this->priority_frame_count[0] + this->priority_frame_count[1];
+  return this->_received_priority_frame_counter.get_count();
 }
 
 // Return min_concurrent_streams_in when current 

[trafficserver] branch 9.0.x updated: Documented #3819, new connection management

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 490273b  Documented #3819, new connection management
490273b is described below

commit 490273b1568c30b83ee8abaf2c49c20f20227568
Author: Leif Hedstrom 
AuthorDate: Wed Oct 30 15:04:37 2019 -0600

Documented #3819, new connection management
---
 doc/release-notes/upgrading.en.rst | 42 +-
 doc/release-notes/whats-new.en.rst | 24 --
 2 files changed, 59 insertions(+), 7 deletions(-)

diff --git a/doc/release-notes/upgrading.en.rst 
b/doc/release-notes/upgrading.en.rst
index d99092a..a35e2ff 100644
--- a/doc/release-notes/upgrading.en.rst
+++ b/doc/release-notes/upgrading.en.rst
@@ -25,6 +25,42 @@ Upgrading to ATS v9.x
 .. toctree::
:maxdepth: 1
 
+YAML
+
+
+We are moving configurations over to YAML, and thus far, the following 
configurations are now fully
+migrated over to YAML:
+
+* :file:`logging.yaml` (*was* `logging.config` or `logging.lua`)
+* :file:`ip_allow.yaml` (*was* `ip_allow.config`)
+
+In addition, a new file for TLS handhsake negotiation configuration is added:
+
+* :file:`sni.yaml` (this was for a while named ssl_server_name.config in 
Github)
+
+New records.config settings
+
+
+These are the changes that are most likely to cause problems during an 
upgrade. Take special care
+making sure you have updated your configurations accordingly.
+
+Connection management
+~
+The old settings for origin connection management included the following 
settings:
+
+* `proxy.config.http.origin_max_connections`
+* `proxy.config.http.origin_max_connections_queue`
+* `proxy.config.http.origin_min_keep_alive_connections`
+
+These are all gone, and replaced with the following set of configurations:
+
+* :ts:cv:`proxy.config.http.per_server.connection.max` (overridable)
+* :ts:cv:`proxy.config.http.per_server.connection.match` (overridable)
+* :ts:cv:`proxy.config.http.per_server.connection.alert_delay`
+* :ts:cv:`proxy.config.http.per_server.connection.queue_size`
+* :ts:cv:`proxy.config.http.per_server.connection.queue_delay`
+* :ts:cv:`proxy.config.http.per_server.connection.min`
+
 Deprecated or Removed Features
 --
 The following features, configurations and plugins are either removed or 
deprecated in this
@@ -52,10 +88,6 @@ The old `v23` cache is no longer supported, which means 
caches created with ATS
 possible to load with ATS v9.0.0 or later. We feel that this is an unlikely 
scenario, but if you do
 run into this, clearing the cache is required.
 
-Configuration changes
--
-The following incompatible changes to the configurations have been made in 
this version of ATS.
-
 Plugins
 ---
 The following plugins have changes that might require you to change 
configurations.
@@ -64,7 +96,7 @@ header_rewrite
 ~~
 
 * The `%{PATH}` directive is now removed, and instead you want to use 
`%{CLIENT-URL:PATH}`. This was
-done to unify the behavior of these operators, rather than having this one-off 
directive.
+  done to unify the behavior of these operators, rather than having this 
one-off directive.
 
 Platform specific
 -
diff --git a/doc/release-notes/whats-new.en.rst 
b/doc/release-notes/whats-new.en.rst
index f335fed..87027cf 100644
--- a/doc/release-notes/whats-new.en.rst
+++ b/doc/release-notes/whats-new.en.rst
@@ -31,8 +31,28 @@ have participated in this development cycle.
 New Features
 
 
-New or modifed Configurations
--
+Incompatible records.config settings
+
+
+These are the changes that are most likely to cause problems during an 
upgrade. Take special care
+making sure you have updated your configurations accordingly.
+
+Connection management
+~
+The old settings for origin connection management included the following 
settings:
+
+* `proxy.config.http.origin_max_connections`
+* `proxy.config.http.origin_max_connections_queue`
+* `proxy.config.http.origin_min_keep_alive_connections`
+
+These are all gone, and replaced with the following set of configurations:
+
+* :ts:cv:`proxy.config.http.per_server.connection.max` (overridable)
+* :ts:cv:`proxy.config.http.per_server.connection.match` (overridable)
+* :ts:cv:`proxy.config.http.per_server.connection.alert_delay`
+* :ts:cv:`proxy.config.http.per_server.connection.queue_size`
+* :ts:cv:`proxy.config.http.per_server.connection.queue_delay`
+* :ts:cv:`proxy.config.http.per_server.connection.min`
 
 Logging and Metrics
 ---

[trafficserver] branch master updated (c9c8855 -> 60e6ace)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git.


from c9c8855  Fixing log cleanup candidate selection and adding a test for 
it.
 add 60e6ace  Updating the autest version pin to 1.7.4.

No new revisions were added by this update.

Summary of changes:
 tests/Pipfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

[trafficserver] branch master updated (323d5b5 -> c9c8855)

[bcall]

This is an automated email from the ASF dual-hosted git repository.

bcall pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git.


from 323d5b5  Replace container of HPACK dynamic table from std::vector to 
std::deque
 add c9c8855  Fixing log cleanup candidate selection and adding a test for 
it.

No new revisions were added by this update.

Summary of changes:
 proxy/logging/LogConfig.cc |   9 ++-
 tests/gold_tests/logging/log_retention.test.py | 105 +
 2 files changed, 112 insertions(+), 2 deletions(-)
 create mode 100644 tests/gold_tests/logging/log_retention.test.py

[trafficserver] branch master updated (be2102e -> 323d5b5)

[bcall]

This is an automated email from the ASF dual-hosted git repository.

bcall pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git.


from be2102e  Allow txn handler to be set from ssn on same hook
 add 323d5b5  Replace container of HPACK dynamic table from std::vector to 
std::deque

No new revisions were added by this update.

Summary of changes:
 proxy/http2/HPACK.cc | 20 
 proxy/http2/HPACK.h  |  4 ++--
 2 files changed, 10 insertions(+), 14 deletions(-)

[trafficserver] branch master updated: Allow txn handler to be set from ssn on same hook

[shinrich]

This is an automated email from the ASF dual-hosted git repository.

shinrich pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
 new be2102e  Allow txn handler to be set from ssn on same hook
be2102e is described below

commit be2102e4b2874e69823bee5e14f7f644f65cb501
Author: Susan Hinrichs 
AuthorDate: Fri Oct 25 20:28:33 2019 +

Allow txn handler to be set from ssn on same hook
---
 proxy/InkAPIInternal.h |   5 +-
 src/traffic_server/InkAPI.cc   |   9 +-
 .../gold_tests/pluginTest/test_hooks/hook_add.gold |   7 ++
 .../pluginTest/test_hooks/hook_add.test.py |  57 +
 tests/tools/plugins/hook_add_plugin.cc | 140 +
 5 files changed, 214 insertions(+), 4 deletions(-)

diff --git a/proxy/InkAPIInternal.h b/proxy/InkAPIInternal.h
index 25fab38..4a90f35 100644
--- a/proxy/InkAPIInternal.h
+++ b/proxy/InkAPIInternal.h
@@ -357,8 +357,9 @@ public:
 protected:
   /// Track the state of one scope of hooks.
   struct Scope {
-APIHook const *_c; ///< Current hook (candidate for invocation).
-APIHook const *_p; ///< Previous hook (already invoked).
+APIHook const *_c;  ///< Current hook (candidate for invocation).
+APIHook const *_p;  ///< Previous hook (already invoked).
+APIHooks const *_hooks; ///< Reference to the real hook list
 
 /// Initialize the scope.
 void init(HttpAPIHooks const *scope, TSHttpHookID id);
diff --git a/src/traffic_server/InkAPI.cc b/src/traffic_server/InkAPI.cc
index 257e1b8..827235f 100644
--- a/src/traffic_server/InkAPI.cc
+++ b/src/traffic_server/InkAPI.cc
@@ -1426,16 +1426,21 @@ HttpHookState::is_enabled()
 void
 HttpHookState::Scope::init(HttpAPIHooks const *feature_hooks, TSHttpHookID id)
 {
-  APIHooks const *hooks = (*feature_hooks)[id];
+  _hooks = (*feature_hooks)[id];
 
   _p = nullptr;
-  _c = hooks->head();
+  _c = _hooks->head();
 }
 
 APIHook const *
 HttpHookState::Scope::candidate()
 {
   /// Simply returns _c hook for now. Later will do priority checking here
+
+  // Check to see if a hook has been added since this was initialized empty
+  if (nullptr == _c && nullptr == _p && _hooks != nullptr) {
+_c = _hooks->head();
+  }
   return _c;
 }
 
diff --git a/tests/gold_tests/pluginTest/test_hooks/hook_add.gold 
b/tests/gold_tests/pluginTest/test_hooks/hook_add.gold
new file mode 100644
index 000..9141bac
--- /dev/null
+++ b/tests/gold_tests/pluginTest/test_hooks/hook_add.gold
@@ -0,0 +1,7 @@
+`` DIAG: (test)  -- globalHandler :: TS_EVENT_HTTP_SSN_START
+`` DIAG: (test) New session, cont is ``
+`` DIAG: (test)  -- sessionHandler :: TS_EVENT_HTTP_PRE_REMAP
+`` DIAG: (test)  -- transactionHandler :: TS_EVENT_HTTP_PRE_REMAP
+`` DIAG: (test)  -- transactionHandler :: TS_EVENT_HTTP_TXN_CLOSE
+`` DIAG: (test)  -- sessionHandler :: TS_EVENT_HTTP_SSN_CLOSE
+``
diff --git a/tests/gold_tests/pluginTest/test_hooks/hook_add.test.py 
b/tests/gold_tests/pluginTest/test_hooks/hook_add.test.py
new file mode 100644
index 000..3ea96bc
--- /dev/null
+++ b/tests/gold_tests/pluginTest/test_hooks/hook_add.test.py
@@ -0,0 +1,57 @@
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#  http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+Test.Summary = '''
+Test adding hooks
+'''
+
+Test.ContinueOnFail = True
+
+server = Test.MakeOriginServer("server")
+
+request_header = {
+"headers": "GET /argh HTTP/1.1\r\nHost: doesnotmatter\r\n\r\n", 
"timestamp": "1469733493.993", "body": "" }
+response_header = {"headers": "HTTP/1.1 200 OK\r\nConnection: close\r\n\r\n", 
"timestamp": "1469733493.993", "body": "" }
+server.addResponse("sessionlog.json", request_header, response_header)
+
+ts = Test.MakeATSProcess("ts", select_ports=True, enable_tls=False)
+
+ts.Disk.records_config.update({
+'proxy.config.diags.debug.tags': 'test',
+'proxy.config.diags.debug.enabled': 1,
+'proxy.config.http.cache.http': 0, 
+'proxy.config.url_remap.remap_required': 0,
+})
+
+Test.PreparePlugin(Test.Variables.AtsTestToolsDir + 
'/plugins/hook_add_plugin.cc', ts)
+
+ts.Disk.remap_config.AddLine(
+"map http://one 

[trafficserver] branch master updated: Add basic SystemTap markers support

[shinrich]

This is an automated email from the ASF dual-hosted git repository.

shinrich pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
 new dd27599  Add basic SystemTap markers support
dd27599 is described below

commit dd27599720cfccbfd77fa20e47f529fa972d0469
Author: Emanuele Rocca 
AuthorDate: Thu Oct 10 13:48:43 2019 -0700

Add basic SystemTap markers support

Introduce a new ./configure flag, --enable-systemtap, to build
traffic_server with SystemTap markers support. Also include a marker
called "new_origin_server_connection" under the "trafficserver"
provider.

See https://sourceware.org/systemtap/wiki/AddingUserSpaceProbingToApps
---
 configure.ac  | 19 +++
 doc/developer-guide/debugging/debug-builds.en.rst | 19 +++
 doc/release-notes/whats-new.en.rst|  1 +
 include/ts/sdt.h  | 40 +++
 proxy/http/HttpSM.cc  |  3 ++
 5 files changed, 82 insertions(+)

diff --git a/configure.ac b/configure.ac
index d479c69..b1ff976 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2070,6 +2070,25 @@ AC_CHECK_TYPE([struct tcp_info],
   ]]
 )
 
+AC_MSG_CHECKING([whether to include systemtap tracing support])
+AC_ARG_ENABLE([systemtap],
+  [AS_HELP_STRING([--enable-systemtap],
+  [Enable inclusion of systemtap trace support])],
+  [ENABLE_SYSTEMTAP="${enableval}"], [ENABLE_SYSTEMTAP='no'])
+AM_CONDITIONAL([ENABLE_SYSTEMTAP], [test x$ENABLE_SYSTEMTAP = xyes])
+AC_MSG_RESULT(${ENABLE_SYSTEMTAP})
+
+if test "x${ENABLE_SYSTEMTAP}" = xyes; then
+  AC_CHECK_PROGS(DTRACE, dtrace)
+  if test -z "$DTRACE"; then
+AC_MSG_ERROR([dtrace not found])
+  fi
+  AC_CHECK_HEADER([sys/sdt.h], [SDT_H_FOUND='yes'],
+  [SDT_H_FOUND='no';
+ AC_MSG_ERROR([systemtap support needs sys/sdt.h header])])
+  AC_DEFINE([HAVE_SYSTEMTAP], [1], [Define to 1 if using probes.])
+fi
+
 # See if we can build the remap_stats plugin
 AS_IF([test "x$enable_experimental_plugins" = "xyes"],
   [
diff --git a/doc/developer-guide/debugging/debug-builds.en.rst 
b/doc/developer-guide/debugging/debug-builds.en.rst
index 53ad22c..d1e823f 100644
--- a/doc/developer-guide/debugging/debug-builds.en.rst
+++ b/doc/developer-guide/debugging/debug-builds.en.rst
@@ -41,3 +41,22 @@ Debugging Tips:
 -  Use assertions in your plugin (:c:func:`TSAssert` and 
:c:func:`TSReleaseAssert`).
 
 
+SystemTap and DTrace support
+
+
+Traffic Server can be instrumented with **SystemTap** on Linux systems, or
+**DTrace** on *BSDs and macOS. In order to use such tools, Traffic Server needs
+to be built with ``-g``, or the debug symbols need to be installed. On Debian
+systems, install the ``trafficserver-dbgsym`` package to install the debug
+symbols.
+
+In addition to the normal probe points that can be used with SystemTap and
+DTrace, such as function calls and specific statements, Traffic Server does
+provide SDT markers at various interesting code paths.
+
+Pass the ``--enable-systemtap`` flag to ``./configure`` in order to build
+Traffic Server with dtrace style markers (SDT). On Traffic Server builds with
+SDT markers enabled, you can list the available markers with ``stap -L
+'process("/path/to/traffic_server").mark("*")``.
+
+See the `SystemTap documentation 
`_ and the 
`DTrace guide `_ for more information.
diff --git a/doc/release-notes/whats-new.en.rst 
b/doc/release-notes/whats-new.en.rst
index e369c9a..205b94a 100644
--- a/doc/release-notes/whats-new.en.rst
+++ b/doc/release-notes/whats-new.en.rst
@@ -30,6 +30,7 @@ have participated in this development cycle.
 
 New Features
 
+- Add support for dtrace style markers (SDT) and include a few markers at 
locations of interest to users of SystemTap, dtrace, and gdb. See 
:ref:`developer-debug-builds`.
 
 New or modifed Configurations
 -
diff --git a/include/ts/sdt.h b/include/ts/sdt.h
new file mode 100644
index 000..68f8d92
--- /dev/null
+++ b/include/ts/sdt.h
@@ -0,0 +1,40 @@
+/** @file
+
+A brief file description
+
+@section license License
+
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or