[trafficserver] 03/03: fix freebsd build error
This is an automated email from the ASF dual-hosted git repository. kichan pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit 6b7b61b00aa8d3550522327ed02c4416d74e0fae Author: Kit Chan AuthorDate: Mon Jan 6 21:45:31 2020 -0800 fix freebsd build error --- plugins/esi/fetcher/HttpDataFetcherImpl.h | 1 + 1 file changed, 1 insertion(+) diff --git a/plugins/esi/fetcher/HttpDataFetcherImpl.h b/plugins/esi/fetcher/HttpDataFetcherImpl.h index 9784b65..11239b9 100644 --- a/plugins/esi/fetcher/HttpDataFetcherImpl.h +++ b/plugins/esi/fetcher/HttpDataFetcherImpl.h @@ -26,6 +26,7 @@ #include #include #include +#include #include "ts/ts.h" #include "lib/StringHash.h"
[trafficserver] 02/02: fix doc build error
This is an automated email from the ASF dual-hosted git repository. kichan pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit 9d21c106c8676d96948a599e903bac179a6c4466 Author: Kit Chan AuthorDate: Sat Jan 4 16:15:46 2020 -0800 fix doc build error --- doc/admin-guide/plugins/lua.en.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/admin-guide/plugins/lua.en.rst b/doc/admin-guide/plugins/lua.en.rst index 281246c..38c8131 100644 --- a/doc/admin-guide/plugins/lua.en.rst +++ b/doc/admin-guide/plugins/lua.en.rst @@ -2475,7 +2475,7 @@ Here is an example: end The above example also shows the use of eos passed as a parameter to transform function. It indicates the end of the -data stream to the transform function. +data stream to the transform function. :ref:`TOP `
[trafficserver] branch master updated (c3590f1 -> 6b7b61b)
This is an automated email from the ASF dual-hosted git repository. kichan pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from c3590f1 Add new log field to output server name sent by client in TLS handshake. new 284a6a8 Improvements on ESI plugin new 2787e40 Remove unused variable new 6b7b61b fix freebsd build error The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: plugins/esi/Makefile.inc | 2 - plugins/esi/combo_handler.cc | 6 -- plugins/esi/esi.cc | 31 ++-- plugins/esi/fetcher/HttpDataFetcherImpl.cc | 23 +- plugins/esi/fetcher/HttpDataFetcherImpl.h | 3 +- plugins/esi/lib/EsiProcessor.cc| 122 + plugins/esi/lib/EsiProcessor.h | 3 - plugins/esi/lib/FailureInfo.cc | 105 - plugins/esi/lib/FailureInfo.h | 112 -- plugins/esi/test/docnode_test.cc | 3 - plugins/esi/test/gzip_test.cc | 3 - plugins/esi/test/parser_test.cc| 3 - plugins/esi/test/processor_test.cc | 3 - plugins/esi/test/utils_test.cc | 3 - plugins/esi/test/vars_test.cc | 3 - 15 files changed, 34 insertions(+), 391 deletions(-) delete mode 100644 plugins/esi/lib/FailureInfo.cc delete mode 100644 plugins/esi/lib/FailureInfo.h
[trafficserver] branch master updated (6b7b61b -> 9d21c10)
This is an automated email from the ASF dual-hosted git repository. kichan pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from 6b7b61b fix freebsd build error new 7236e78 Simple and miscellaneous fixes/additions for lua plugin new 9d21c10 fix doc build error The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: doc/admin-guide/plugins/lua.en.rst | 77 +- plugins/lua/Makefile.inc | 1 + plugins/lua/ts_lua.c | 16 - plugins/lua/ts_lua_client_request.c| 2 +- plugins/lua/ts_lua_client_response.c | 2 +- plugins/lua/ts_lua_fetch.c | 4 +- plugins/lua/ts_lua_http.c | 41 ++-- plugins/lua/ts_lua_http_config.c | 2 +- plugins/lua/ts_lua_http_intercept.c| 15 +++-- plugins/lua/ts_lua_http_txn_info.c | 76 + .../lua/{ts_lua_hook.h => ts_lua_http_txn_info.h} | 2 +- plugins/lua/ts_lua_log.c | 4 +- plugins/lua/ts_lua_misc.c | 40 +-- plugins/lua/ts_lua_package.c | 4 +- plugins/lua/ts_lua_server_request.c| 2 +- plugins/lua/ts_lua_server_response.c | 2 +- plugins/lua/ts_lua_transform.c | 9 +-- plugins/lua/ts_lua_util.c | 11 +++- 18 files changed, 270 insertions(+), 40 deletions(-) create mode 100644 plugins/lua/ts_lua_http_txn_info.c copy plugins/lua/{ts_lua_hook.h => ts_lua_http_txn_info.h} (94%)
[trafficserver] 01/02: Simple and miscellaneous fixes/additions for lua plugin
This is an automated email from the ASF dual-hosted git repository. kichan pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit 7236e78f7f53acae3fd6f71ce9cd12f99f7b5b9c Author: Kit Chan AuthorDate: Sat Jan 4 15:38:16 2020 -0800 Simple and miscellaneous fixes/additions for lua plugin --- doc/admin-guide/plugins/lua.en.rst | 77 +++- plugins/lua/Makefile.inc | 1 + plugins/lua/ts_lua.c | 16 ++-- plugins/lua/ts_lua_client_request.c | 2 +- plugins/lua/ts_lua_client_response.c | 2 +- plugins/lua/ts_lua_fetch.c | 4 +- plugins/lua/ts_lua_http.c| 41 +++ plugins/lua/ts_lua_http_config.c | 2 +- plugins/lua/ts_lua_http_intercept.c | 15 +++ plugins/lua/ts_lua_http_txn_info.c | 76 +++ plugins/lua/ts_lua_http_txn_info.h | 23 +++ plugins/lua/ts_lua_log.c | 4 +- plugins/lua/ts_lua_misc.c| 40 +-- plugins/lua/ts_lua_package.c | 4 +- plugins/lua/ts_lua_server_request.c | 2 +- plugins/lua/ts_lua_server_response.c | 2 +- plugins/lua/ts_lua_transform.c | 9 +++-- plugins/lua/ts_lua_util.c| 11 +- 18 files changed, 292 insertions(+), 39 deletions(-) diff --git a/doc/admin-guide/plugins/lua.en.rst b/doc/admin-guide/plugins/lua.en.rst index 3200f0a..281246c 100644 --- a/doc/admin-guide/plugins/lua.en.rst +++ b/doc/admin-guide/plugins/lua.en.rst @@ -213,6 +213,38 @@ Here is an example: :ref:`TOP ` +ts.fatal + +**syntax:** *ts.fatal(MESSAGE)* + +**context:** global + +**description**: Log the MESSAGE to error.log and shutdown Traffic Server + +Here is an example: + +:: + + ts.fatal('This is an fatal message') + +:ref:`TOP ` + +ts.emergency + +**syntax:** *ts.emergency(MESSAGE)* + +**context:** global + +**description**: Log the MESSAGE to error.log and shutdown Traffic Server + +Here is an example: + +:: + + ts.emergency('This is an emergency message') + +:ref:`TOP ` + TS Basic Internal Information - **syntax:** *ts.get_install_dir()* @@ -1093,6 +1125,16 @@ ts.http.set_cache_lookup_url :ref:`TOP ` +ts.http.redo_cache_lookup +- +**syntax:** *ts.http.redo_cache_lookup()* + +**context:** do_global_cache_lookup_complete + +**description:** This function can be used to redo cache lookup with a different url. + +:ref:`TOP ` + ts.http.get_parent_proxy **syntax:** *ts.http.get_parent_proxy()* @@ -2432,6 +2474,9 @@ Here is an example: return 0 end +The above example also shows the use of eos passed as a parameter to transform function. It indicates the end of the +data stream to the transform function. + :ref:`TOP ` ts.http.resp_transform.get_upstream_watermark_bytes @@ -3808,7 +3853,7 @@ of seconds since the beginning of the transaction. :ref:`TOP ` Milestone constants --- +--- **context:** do_remap/do_os_response or do_global_* or later :: @@ -3841,6 +3886,36 @@ Milestone constants :ref:`TOP ` +ts.http.txn_info_get + +**syntax:** *val = ts.http.txn_info_get(TXN_INFO_TYPE)* + +**context:** do_global_cache_lookup_complete + +**description:** This function can be used to retrieve the various cache related info about a transaction. + +:: + +val = ts.http.txn_info_get(TS_LUA_TXN_INFO_CACHE_HIT_RAM) + +:ref:`TOP ` + +Txn Info constants +-- +**context:** do_global_cache_lookup_complete + +:: + +TS_LUA_TXN_INFO_CACHE_HIT_RAM +TS_LUA_TXN_INFO_CACHE_COMPRESSED_IN_RAM +TS_LUA_TXN_INFO_CACHE_HIT_RWW +TS_LUA_TXN_INFO_CACHE_OPEN_READ_TRIES +TS_LUA_TXN_INFO_CACHE_OPEN_WRITE_TRIES +TS_LUA_TXN_INFo_CACHE_VOLUME + + +:ref:`TOP ` + ts.mgmt.get_counter --- **syntax:** *val = ts.mgmt.get_counter(RECORD_NAME)* diff --git a/plugins/lua/Makefile.inc b/plugins/lua/Makefile.inc index adcdde5..d68faa8 100644 --- a/plugins/lua/Makefile.inc +++ b/plugins/lua/Makefile.inc @@ -37,6 +37,7 @@ lua_tslua_la_SOURCES = \ lua/ts_lua_remap.c \ lua/ts_lua_http_cntl.c \ lua/ts_lua_http_milestone.c \ + lua/ts_lua_http_txn_info.c \ lua/ts_lua_http_config.c \ lua/ts_lua_mgmt.c \ lua/ts_lua_package.c \ diff --git a/plugins/lua/ts_lua.c b/plugins/lua/ts_lua.c index 5aef7b5..685fe35 100644 --- a/plugins/lua/ts_lua.c +++ b/plugins/lua/ts_lua.c @@ -239,7 +239,7 @@ ts_lua_remap_plugin_init(void *ih, TSHttpTxn rh, TSRemapRequestInfo *rri) ts_lua_set_cont_info(L, NULL); if (lua_pcall(L, 0, 1, 0) != 0) { -TSError("[ts_lua] lua_pcall failed: %s", lua_tostring(L, -1)); +TSError("[ts_lua][%s] lua_pcall failed: %s", __FUNCTION__, lua_tostring(L, -1)); ret = TSREMAP_NO_REMAP; } else { @@ -364,6 +364,7 @@ globalHookHandler(TSCont contp, TSEvent event
[trafficserver] 02/03: Remove unused variable
This is an automated email from the ASF dual-hosted git repository. kichan pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit 2787e405d9b1fd9e744e55d00076bc7b264d1a18 Author: Kit Chan AuthorDate: Mon Jan 6 21:04:42 2020 -0800 Remove unused variable --- plugins/esi/lib/EsiProcessor.cc | 1 - plugins/esi/lib/EsiProcessor.h | 1 - 2 files changed, 2 deletions(-) diff --git a/plugins/esi/lib/EsiProcessor.cc b/plugins/esi/lib/EsiProcessor.cc index c8120bb..265e3eb 100644 --- a/plugins/esi/lib/EsiProcessor.cc +++ b/plugins/esi/lib/EsiProcessor.cc @@ -43,7 +43,6 @@ EsiProcessor::EsiProcessor(const char *debug_tag, const char *parser_debug_tag, _n_processed_try_nodes(0), _overall_len(0), _fetcher(fetcher), -_reqAdded(false), _usePackedNodeList(false), _esi_vars(variables), _expression(expression_debug_tag, debug_func, error_func, _esi_vars), diff --git a/plugins/esi/lib/EsiProcessor.h b/plugins/esi/lib/EsiProcessor.h index d264a05..a057763 100644 --- a/plugins/esi/lib/EsiProcessor.h +++ b/plugins/esi/lib/EsiProcessor.h @@ -139,7 +139,6 @@ private: HttpDataFetcher &_fetcher; EsiLib::StringHash _include_urls; - bool _reqAdded; bool _usePackedNodeList; bool _processEsiNode(const EsiLib::DocNodeList::iterator );
[trafficserver] 01/03: Improvements on ESI plugin
This is an automated email from the ASF dual-hosted git repository. kichan pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit 284a6a8b787a2a023755efc45c5fc590eadfe020 Author: Kit Chan AuthorDate: Mon Jan 6 19:45:26 2020 -0800 Improvements on ESI plugin --- plugins/esi/Makefile.inc | 2 - plugins/esi/combo_handler.cc | 6 -- plugins/esi/esi.cc | 31 ++-- plugins/esi/fetcher/HttpDataFetcherImpl.cc | 23 +- plugins/esi/fetcher/HttpDataFetcherImpl.h | 2 +- plugins/esi/lib/EsiProcessor.cc| 121 + plugins/esi/lib/EsiProcessor.h | 2 - plugins/esi/lib/FailureInfo.cc | 105 - plugins/esi/lib/FailureInfo.h | 112 -- plugins/esi/test/docnode_test.cc | 3 - plugins/esi/test/gzip_test.cc | 3 - plugins/esi/test/parser_test.cc| 3 - plugins/esi/test/processor_test.cc | 3 - plugins/esi/test/utils_test.cc | 3 - plugins/esi/test/vars_test.cc | 3 - 15 files changed, 33 insertions(+), 389 deletions(-) diff --git a/plugins/esi/Makefile.inc b/plugins/esi/Makefile.inc index 81622d5..03fb333 100644 --- a/plugins/esi/Makefile.inc +++ b/plugins/esi/Makefile.inc @@ -57,8 +57,6 @@ esi_libesicore_la_SOURCES = \ esi/lib/EsiProcessor.h \ esi/lib/Expression.cc \ esi/lib/Expression.h \ - esi/lib/FailureInfo.cc \ - esi/lib/FailureInfo.h \ esi/lib/HandlerManager.h \ esi/lib/HttpHeader.h \ esi/lib/IncludeHandlerFactory.h \ diff --git a/plugins/esi/combo_handler.cc b/plugins/esi/combo_handler.cc index 7cc317f..4ca62a0 100644 --- a/plugins/esi/combo_handler.cc +++ b/plugins/esi/combo_handler.cc @@ -29,7 +29,6 @@ #include #include #include -#include #include #include #include @@ -340,9 +339,6 @@ static bool writeStandardHeaderFields(InterceptData _data, int _bytes_writ static void prepareResponse(InterceptData _data, ByteBlockList _blocks, string _header_fields); static bool getDefaultBucket(TSHttpTxn txnp, TSMBuffer bufp, TSMLoc hdr_obj, ClientRequest ); -// libesi TLS key. -pthread_key_t threadKey = 0; - void TSPluginInit(int argc, const char *argv[]) { @@ -434,8 +430,6 @@ TSPluginInit(int argc, const char *argv[]) } ++optind; - TSReleaseAssert(pthread_key_create(, nullptr) == 0); - TSCont rrh_contp = TSContCreate(handleReadRequestHeader, nullptr); if (!rrh_contp) { LOG_ERROR("Could not create read request header continuation"); diff --git a/plugins/esi/esi.cc b/plugins/esi/esi.cc index cf02b3b..d158983 100644 --- a/plugins/esi/esi.cc +++ b/plugins/esi/esi.cc @@ -30,7 +30,6 @@ #include #include #include -#include #include #include "ts/ts.h" @@ -47,7 +46,6 @@ #include "serverIntercept.h" #include "Stats.h" #include "HttpDataFetcherImpl.h" -#include "FailureInfo.h" using std::string; using std::list; using namespace EsiLib; @@ -1493,7 +1491,6 @@ lFail: return false; } -pthread_key_t threadKey = 0; static int globalHookHandler(TSCont contp, TSEvent event, void *edata) { @@ -1629,28 +1626,14 @@ esiPluginInit(int argc, const char *argv[], struct OptionInfo *pOptionInfo) } } - int result = 0; - bool bKeySet; - if (threadKey == 0) { -bKeySet = true; -if ((result = pthread_key_create(, nullptr)) != 0) { - TSError("[esi][%s] Could not create key", __FUNCTION__); - TSDebug(DEBUG_TAG, "[%s] Could not create key", __FUNCTION__); -} - } else { -bKeySet = false; - } + TSDebug(DEBUG_TAG, + "[%s] Plugin started, " + "packed-node-support: %d, private-response: %d, " + "disable-gzip-output: %d, first-byte-flush: %d ", + __FUNCTION__, pOptionInfo->packed_node_support, pOptionInfo->private_response, pOptionInfo->disable_gzip_output, + pOptionInfo->first_byte_flush); - if (result == 0) { -TSDebug(DEBUG_TAG, -"[%s] Plugin started%s, " -"packed-node-support: %d, private-response: %d, " -"disable-gzip-output: %d, first-byte-flush: %d ", -__FUNCTION__, bKeySet ? " and key is set" : "", pOptionInfo->packed_node_support, pOptionInfo->private_response, -pOptionInfo->disable_gzip_output, pOptionInfo->first_byte_flush); - } - - return result; + return 0; } void diff --git a/plugins/esi/fetcher/HttpDataFetcherImpl.cc b/plugins/esi/fetcher/HttpDataFetcherImpl.cc index 5e8a545..70e4334 100644 --- a/plugins/esi/fetcher/HttpDataFetcherImpl.cc +++ b/plugins/esi/fetcher/HttpDataFetcherImpl.cc @@ -47,10 +47,29 @@ HttpDataFetcherImpl::_release(RequestData _data) } HttpDataFetcherImpl::HttpDataFetcherImpl(TSCont contp, sockaddr const *client_addr, const char *debug_tag) - : _contp(contp), _n_pending_requests(0),
[trafficserver] branch 9.0.x updated: Fixes clang-format on this cherry-pick
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/9.0.x by this push: new a3dfab9 Fixes clang-format on this cherry-pick a3dfab9 is described below commit a3dfab98cd1ee4a95cd33076751bcaff20085ccf Author: Leif Hedstrom AuthorDate: Wed Jan 15 22:39:27 2020 -0700 Fixes clang-format on this cherry-pick --- proxy/http/HttpConfig.cc | 32 +--- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/proxy/http/HttpConfig.cc b/proxy/http/HttpConfig.cc index 9a9bab8..1284be7 100644 --- a/proxy/http/HttpConfig.cc +++ b/proxy/http/HttpConfig.cc @@ -164,24 +164,26 @@ Enable_Config_Var(std::string_view const , bool (*cb)(const char *, RecData Context = storage.emplace_back(cb, cookie); // Register the call back - this handles external updates. - RecRegisterConfigUpdateCb(name.data(), -[](const char *name, RecDataT dtype, RecData data, void *ctx) -> int { - auto &&[cb, cookie] = *static_cast(ctx); - if ((*cb)(name, dtype, data, cookie)) { -http_config_cb(name, dtype, data, cookie); // signal runtime config update. - } - return REC_ERR_OKAY; -}, -); + RecRegisterConfigUpdateCb( +name.data(), +[](const char *name, RecDataT dtype, RecData data, void *ctx) -> int { + auto &&[cb, cookie] = *static_cast(ctx); + if ((*cb)(name, dtype, data, cookie)) { +http_config_cb(name, dtype, data, cookie); // signal runtime config update. + } + return REC_ERR_OKAY; +}, +); // Use the record to do the initial data load. // Look it up and call the updater @a cb on that data. - RecLookupRecord(name.data(), - [](RecRecord const *r, void *ctx) -> void { -auto &&[cb, cookie] = *static_cast(ctx); -(*cb)(r->name, r->data_type, r->data, cookie); - }, - ); + RecLookupRecord( +name.data(), +[](RecRecord const *r, void *ctx) -> void { + auto &&[cb, cookie] = *static_cast(ctx); + (*cb)(r->name, r->data_type, r->data, cookie); +}, +); } // [amc] Not sure which is uglier, this switch or having a micro-function for each var.
[trafficserver] branch 9.0.x updated: Add new log field to output server name sent by client in TLS handshake.
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/9.0.x by this push: new 06acc9d Add new log field to output server name sent by client in TLS handshake. 06acc9d is described below commit 06acc9d03e57dab377ee9626e20fac0489489408 Author: Walter Karas AuthorDate: Tue Oct 15 18:48:49 2019 -0500 Add new log field to output server name sent by client in TLS handshake. (cherry picked from commit c3590f1160f67c15944c5fcb2eec6f684fce) --- doc/admin-guide/logging/formatting.en.rst | 5 +++ iocore/net/P_SSLNetVConnection.h | 3 ++ proxy/Makefile.am | 3 ++ proxy/ProxySession.cc | 13 ++ proxy/ProxySession.h | 18 + proxy/http/Http1ClientSession.cc | 2 + proxy/http2/Http2ClientSession.cc | 2 + proxy/logging/Log.cc | 5 +++ proxy/logging/LogAccess.cc | 32 +++ proxy/logging/LogAccess.h | 1 + .../private/Makefile.inc | 41 +++ proxy/private/SSLProxySession.cc | 39 ++ proxy/private/SSLProxySession.h| 46 ++ .../{ccid_ctid.test.py => new_log_flds.test.py}| 27 + ...d_ctid_observer.py => new_log_flds_observer.py} | 17 ++-- 15 files changed, 207 insertions(+), 47 deletions(-) diff --git a/doc/admin-guide/logging/formatting.en.rst b/doc/admin-guide/logging/formatting.en.rst index fd6a396..182199c 100644 --- a/doc/admin-guide/logging/formatting.en.rst +++ b/doc/admin-guide/logging/formatting.en.rst @@ -579,6 +579,7 @@ cqtx Client Request The full HTTP client request text, minus headers, e.g. SSL / Encryption +.. _cssn: .. _cqssl: .. _cqssr: .. _cqssv: @@ -592,6 +593,10 @@ features. = == == Field Source Description = == == +cssn Client TLS SNI server name in client Hello message in TLS handshake. + Hello If no server name present in Hello, or the transaction + was not over TLS (over TCP), this field will contain + ``-``. cqssl Client Request SSL client request status indicates if this client connection is over SSL. cqssr Client Request SSL session ticket reused status; indicates if the current diff --git a/iocore/net/P_SSLNetVConnection.h b/iocore/net/P_SSLNetVConnection.h index 60ce374..83ff6d6 100644 --- a/iocore/net/P_SSLNetVConnection.h +++ b/iocore/net/P_SSLNetVConnection.h @@ -36,6 +36,8 @@ #include "tscore/ink_platform.h" #include "ts/apidefs.h" #include +#include +#include #include #include @@ -480,6 +482,7 @@ private: bool tunnel_decrypt = false; X509_STORE_CTX *verify_cert = nullptr; + // Null-terminated string, or nullptr if there is no SNI server name. std::unique_ptr _serverName; }; diff --git a/proxy/Makefile.am b/proxy/Makefile.am index bac2ea4..33a2ad1 100644 --- a/proxy/Makefile.am +++ b/proxy/Makefile.am @@ -18,6 +18,8 @@ include $(top_srcdir)/build/tidy.mk +include private/Makefile.inc + SUBDIRS = hdrs shared http http2 logging if ENABLE_QUIC SUBDIRS += http3 @@ -44,6 +46,7 @@ noinst_HEADERS = \ Show.h libproxy_a_SOURCES = \ + $(PRIVATE_SOURCES_) \ CacheControl.cc \ CacheControl.h \ ControlBase.cc \ diff --git a/proxy/ProxySession.cc b/proxy/ProxySession.cc index d3b7eb4..0298866 100644 --- a/proxy/ProxySession.cc +++ b/proxy/ProxySession.cc @@ -24,6 +24,7 @@ #include "HttpConfig.h" #include "HttpDebugNames.h" #include "ProxySession.h" +#include "P_SSLNetVConnection.h" ProxySession::ProxySession() : VConnection(nullptr) { @@ -79,6 +80,7 @@ ProxySession::free() this->api_hooks.clear(); this->mutex.clear(); this->acl.clear(); + this->_ssl.reset(); } int @@ -244,9 +246,20 @@ ProxySession::get_client_addr() NetVConnection *netvc = get_netvc(); return netvc ? netvc->get_remote_addr() : nullptr; } + sockaddr const * ProxySession::get_local_addr() { NetVConnection *netvc = get_netvc(); return netvc ? netvc->get_local_addr() : nullptr; } + +void +ProxySession::_handle_if_ssl(NetVConnection *new_vc) +{ + auto ssl_vc = dynamic_cast(new_vc); + if (ssl_vc) { +_ssl = std::make_unique(); +_ssl.get()->init(*ssl_vc); + } +} diff --git a/proxy/ProxySession.h b/proxy/ProxySession.h index 478c592..e70b683 100644 --- a/proxy/ProxySession.h +++ b/proxy/ProxySession.h @@ -27,11 +27,13 @@ #include "tscore/ink_resolver.h" #include
[trafficserver] branch master updated (cf3d098 -> c3590f1)
This is an automated email from the ASF dual-hosted git repository. bcall pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from cf3d098 Merge pull request #6268 from shinrich/add_h2_chunked_encoding_test add c3590f1 Add new log field to output server name sent by client in TLS handshake. No new revisions were added by this update. Summary of changes: doc/admin-guide/logging/formatting.en.rst | 5 iocore/net/P_SSLNetVConnection.h | 3 ++ proxy/Makefile.am | 3 ++ proxy/ProxySession.cc | 13 + proxy/ProxySession.h | 18 proxy/http/Http1ClientSession.cc | 2 ++ proxy/http2/Http2ClientSession.cc | 2 ++ proxy/logging/Log.cc | 5 proxy/logging/LogAccess.cc | 32 ++ proxy/logging/LogAccess.h | 1 + .../cache_promote => proxy/private}/Makefile.inc | 8 -- .../private/SSLProxySession.cc | 31 ++--- .../SSLProxySession.h} | 31 - .../{ccid_ctid.test.py => new_log_flds.test.py}| 27 +- ...d_ctid_observer.py => new_log_flds_observer.py} | 17 +--- 15 files changed, 154 insertions(+), 44 deletions(-) copy {plugins/cache_promote => proxy/private}/Makefile.inc (82%) copy iocore/net/SSLNetAccept.cc => proxy/private/SSLProxySession.cc (69%) copy proxy/{logging/YamlLogConfigDecoders.h => private/SSLProxySession.h} (67%) rename tests/gold_tests/logging/{ccid_ctid.test.py => new_log_flds.test.py} (77%) rename tests/gold_tests/logging/{ccid_ctid_observer.py => new_log_flds_observer.py} (76%)
[trafficserver] branch master updated: Add tests to exercise H2 and chunked encoding
This is an automated email from the ASF dual-hosted git repository. calavera pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new d34a32c Add tests to exercise H2 and chunked encoding new cf3d098 Merge pull request #6268 from shinrich/add_h2_chunked_encoding_test d34a32c is described below commit d34a32c2aa584964fce5150c34f3ea2c2e418a32 Author: Susan Hinrichs AuthorDate: Wed Dec 18 14:43:15 2019 + Add tests to exercise H2 and chunked encoding --- tests/gold_tests/chunked_encoding/case1.sh | 19 tests/gold_tests/chunked_encoding/case2.sh | 19 tests/gold_tests/chunked_encoding/case3.sh | 19 .../chunked_encoding/chunked_encoding.test.py | 2 +- .../chunked_encoding/chunked_encoding_h2.test.py | 106 + tests/gold_tests/chunked_encoding/delay-server.sh | 20 tests/gold_tests/chunked_encoding/server2.sh | 18 tests/gold_tests/chunked_encoding/server3.sh | 18 8 files changed, 220 insertions(+), 1 deletion(-) diff --git a/tests/gold_tests/chunked_encoding/case1.sh b/tests/gold_tests/chunked_encoding/case1.sh new file mode 100644 index 000..fff931f --- /dev/null +++ b/tests/gold_tests/chunked_encoding/case1.sh @@ -0,0 +1,19 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +nc -l -o outserver1 -c "sh ./delay-server.sh" & +sleep 1 +nghttp -vv https://127.0.0.1:${1}/delay-chunked-response diff --git a/tests/gold_tests/chunked_encoding/case2.sh b/tests/gold_tests/chunked_encoding/case2.sh new file mode 100644 index 000..55a9c11 --- /dev/null +++ b/tests/gold_tests/chunked_encoding/case2.sh @@ -0,0 +1,19 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +nc -l -o outserver2 -c "sh ./server2.sh" & +sleep 1 +curl --http2 -k https://127.0.0.1:${1}/post --verbose -H "Transfer-encoding: chunked" -d "Knock knock" diff --git a/tests/gold_tests/chunked_encoding/case3.sh b/tests/gold_tests/chunked_encoding/case3.sh new file mode 100644 index 000..6ed3b3c --- /dev/null +++ b/tests/gold_tests/chunked_encoding/case3.sh @@ -0,0 +1,19 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +nc -l -o outserver3 -c "sh ./server3.sh" & +sleep 1 +curl --http2 -k https://127.0.0.1:${1}/post-chunked --verbose -H "Transfer-encoding: chunked" -d "Knock knock" diff --git a/tests/gold_tests/chunked_encoding/chunked_encoding.test.py b/tests/gold_tests/chunked_encoding/chunked_encoding.test.py index 7219221..faea3af 100644 --- a/tests/gold_tests/chunked_encoding/chunked_encoding.test.py +++
[trafficserver] branch master updated (8236813 -> 4d06ce6)
This is an automated email from the ASF dual-hosted git repository. rrm pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from 8236813 TLSv1.3 0-RTT support (#5450) add 4d06ce6 Fixes clang-format issues No new revisions were added by this update. Summary of changes: tests/gold_tests/tls/early_h1_get.txt | 6 +++--- tests/gold_tests/tls/early_h1_post.txt | 12 ++-- 2 files changed, 9 insertions(+), 9 deletions(-)
[trafficserver] 01/02: Add Example URI Signer Python Script
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit f85548b9d6d0699b18e5cbeb23cdda1078f04f1b Author: Dylan Souza AuthorDate: Wed Oct 23 11:41:00 2019 -0600 Add Example URI Signer Python Script Provide an example script to be used in conjunction with the uri signing plugin. This script is meant to serve as an example of how to get started with uri signing and could be useful in testing various configs. (cherry picked from commit 3632eb748de4556dd87a66925ef2ace9a2b2c3fa) --- .../uri_signing/python_signer/README.md| 36 +++ .../uri_signing/python_signer/example_config.json | 33 ++ .../uri_signing/python_signer/uri_signer.py| 74 ++ 3 files changed, 143 insertions(+) diff --git a/plugins/experimental/uri_signing/python_signer/README.md b/plugins/experimental/uri_signing/python_signer/README.md new file mode 100644 index 000..baa9b22 --- /dev/null +++ b/plugins/experimental/uri_signing/python_signer/README.md @@ -0,0 +1,36 @@ +Python URI Signer +== + +Given a configuration file and a URI, this python script will generate a signed URI according to the URI signing protocol outlined [here](https://tools.ietf.org/html/draft-ietf-cdni-uri-signing-16): + +The script takes a config file and a uri as command line arguments. It picks one of the keys located in the json file at random +and embeds a valid JWT as a query string parameter into the uri and prints this new signed URI to standard out. + +** Disclaimer ** +Please note that this script is provided as a very simple example of how to implement a signer should not be considered production ready. + +Requirements +-- + +[python-jose](https://pypi.org/project/python-jose/) library must be installed (pip install python-jose). + +Config +-- + +The config file should be a JSON object that contains the following: + + - `iss`: A string representing the issuer of the token + - `token_lifetime`: The lifetime of the token in seconds. Expiry of the token is calculated as now + token_lifetime + - `aud`: A string representing the intended audience of the token. + - `cdnistt`: Boolean value which if set to true uses cookie signed token transport, allowing the validator of the token to +to issue subsequent tokens via set cookie headers. + - `cdniets`: Must be set if using cdnistt. Provides means of setting Expiry Times when generating subsequent tokens. It denotes +the number of seconds to be added to the time at which the JWT is verified that gives the value of the Expiry Time claim of the +next signed JWT. + - `keys`: A list of json objects, each one representing a key. Each key should have the following attributes: + - `alg`: The Cryptographic algorithm to be used with the key. + - `kid`: The key identifier + - `kty`: The key type + - `k`: The key itself + +example_config.json can be used as a template for the configuration file. diff --git a/plugins/experimental/uri_signing/python_signer/example_config.json b/plugins/experimental/uri_signing/python_signer/example_config.json new file mode 100644 index 000..4039796 --- /dev/null +++ b/plugins/experimental/uri_signing/python_signer/example_config.json @@ -0,0 +1,33 @@ +{ + "iss": "Example Issuer", + "token_lifetime": 90, + "aud": "Caching Software", +"cdnistt": true, +"cdniets": 30, + "keys": [ + { + "alg": "HS256", + "kid": 0, + "kty": "oct", + "k": "SECRET1" + }, + { + "alg": "HS256", + "kid": 1, + "kty": "oct", + "k": "SECRET2" + }, + { + "alg": "HS256", + "kid": 2, + "kty": "oct", + "k": "SECRET3" + }, + { + "alg": "HS256", + "kid": 3, + "kty": "oct", + "k": "SECRET4" + } + ] +} diff --git a/plugins/experimental/uri_signing/python_signer/uri_signer.py b/plugins/experimental/uri_signing/python_signer/uri_signer.py new file mode 100755 index 000..274361e --- /dev/null +++ b/plugins/experimental/uri_signing/python_signer/uri_signer.py @@ -0,0 +1,74 @@ +#!/usr/bin/env python3 + +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in
[trafficserver] 02/02: Add simple autest and subsequent fixes
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit 35f789a9682a88f0846cfd78f828518b314a79bb Author: Brian Olsen AuthorDate: Thu Dec 5 20:59:52 2019 + Add simple autest and subsequent fixes (cherry picked from commit ea3aa04b88bbfea1412d8f2105c73c4eace763ee) --- plugins/experimental/uri_signing/common.h | 7 +- plugins/experimental/uri_signing/config.c | 1 - plugins/experimental/uri_signing/parse.c | 4 +- plugins/experimental/uri_signing/parse.h | 2 + .../uri_signing/python_signer/uri_signer.py| 128 + plugins/experimental/uri_signing/uri_signing.c | 52 -- tests/Pipfile | 1 + .../gold_tests/pluginTest/uri_signing/config.json | 27 +++ .../pluginTest/uri_signing/gold/200.gold | 13 ++ .../pluginTest/uri_signing/gold/403.gold | 16 ++ .../gold_tests/pluginTest/uri_signing/run_sign.sh | 104 +++ .../gold_tests/pluginTest/uri_signing/signer.json | 18 ++ .../pluginTest/uri_signing/uri_signing.test.py | 208 + 13 files changed, 530 insertions(+), 51 deletions(-) diff --git a/plugins/experimental/uri_signing/common.h b/plugins/experimental/uri_signing/common.h index 467d0ce..9a51bb6 100644 --- a/plugins/experimental/uri_signing/common.h +++ b/plugins/experimental/uri_signing/common.h @@ -33,7 +33,10 @@ void PrintToStdErr(const char *fmt, ...); #else #include "ts/ts.h" -#define PluginDebug(...) TSDebug("uri_signing", PLUGIN_NAME " " __VA_ARGS__) -#define PluginError(...) PluginDebug(__VA_ARGS__), TSError(PLUGIN_NAME " " __VA_ARGS__) +#define __FILENAME__ (strrchr(__FILE__, '/') ? strrchr(__FILE__, '/') + 1 : __FILE__) +#define PluginDebug(fmt, ...) TSDebug(PLUGIN_NAME, "[%s:% 4d] %s(): " fmt, __FILENAME__, __LINE__, __func__, ##__VA_ARGS__); +#define PluginError(fmt, ...) \ + PluginDebug(fmt, ##__VA_ARGS__); \ + TSError("[%s:% 4d] %s(): " fmt, __FILENAME__, __LINE__, __func__, ##__VA_ARGS__); #endif diff --git a/plugins/experimental/uri_signing/config.c b/plugins/experimental/uri_signing/config.c index 815f12c..8727e9f 100644 --- a/plugins/experimental/uri_signing/config.c +++ b/plugins/experimental/uri_signing/config.c @@ -289,7 +289,6 @@ read_config(const char *path) PluginDebug("Found Id in the config: %s", cfg->id); } } -json_decref(id_json); json_t *strip_json = json_object_get(jwks, "strip_token"); if (strip_json) { diff --git a/plugins/experimental/uri_signing/parse.c b/plugins/experimental/uri_signing/parse.c index 3ca10b2..f577e74 100644 --- a/plugins/experimental/uri_signing/parse.c +++ b/plugins/experimental/uri_signing/parse.c @@ -31,8 +31,8 @@ cjose_jws_t * get_jws_from_uri(const char *uri, size_t uri_ct, const char *paramName, char *strip_uri, size_t buff_ct, size_t *strip_ct) { /* Reserved characters as defined by the URI Generic Syntax RFC: https://tools.ietf.org/html/rfc3986#section-2.2 */ - static const char *reserved_string = ":/?#[]@!$&\'()*+,;="; - static const char *sub_delim_string = "!$&\'()*+,;="; + static char const *const reserved_string = ":/?#[]@!$&\'()*+,;="; + static char const *const sub_delim_string = "!$&\'()*+,;="; /* If param name ends in reserved character this will be treated as the termination symbol when parsing for package. Default is * '='. */ diff --git a/plugins/experimental/uri_signing/parse.h b/plugins/experimental/uri_signing/parse.h index a16b3e9..98a35ab 100644 --- a/plugins/experimental/uri_signing/parse.h +++ b/plugins/experimental/uri_signing/parse.h @@ -21,6 +21,8 @@ #include struct _cjose_jws_int; + +/* For now strip_ct returns size of string *including* the null terminator */ struct _cjose_jws_int *get_jws_from_uri(const char *uri, size_t uri_ct, const char *paramName, char *strip_uri, size_t buff_ct, size_t *strip_ct); struct _cjose_jws_int *get_jws_from_cookie(const char **cookie, size_t *cookie_ct, const char *paramName); diff --git a/plugins/experimental/uri_signing/python_signer/uri_signer.py b/plugins/experimental/uri_signing/python_signer/uri_signer.py index 274361e..353241b 100755 --- a/plugins/experimental/uri_signing/python_signer/uri_signer.py +++ b/plugins/experimental/uri_signing/python_signer/uri_signer.py @@ -8,7 +8,7 @@ # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +#http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, @@ -26,49 +26,107 @@ import os from jose import jwk, jwt def main(): -parser =
[trafficserver] branch 9.0.x updated (6ef37a3 -> 35f789a)
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a change to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from 6ef37a3 Promote 'Enable_Config_Var' from HttpConnectionCount to HttpConfig. This is so other configuration can use it. new f85548b Add Example URI Signer Python Script new 35f789a Add simple autest and subsequent fixes The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: plugins/experimental/uri_signing/common.h | 7 +- plugins/experimental/uri_signing/config.c | 1 - plugins/experimental/uri_signing/parse.c | 4 +- plugins/experimental/uri_signing/parse.h | 2 + .../uri_signing/python_signer/README.md| 36 .../uri_signing/python_signer/example_config.json | 33 .../uri_signing/python_signer/uri_signer.py| 132 + plugins/experimental/uri_signing/uri_signing.c | 52 -- tests/Pipfile | 1 + .../gold_tests/pluginTest/uri_signing/config.json | 27 +++ .../pluginTest/uri_signing/gold/200.gold | 13 ++ .../pluginTest/uri_signing/gold/403.gold | 16 ++ .../gold_tests/pluginTest/uri_signing/run_sign.sh | 104 +++ .../gold_tests/pluginTest/uri_signing/signer.json | 18 ++ .../pluginTest/uri_signing/uri_signing.test.py | 208 + 15 files changed, 638 insertions(+), 16 deletions(-) create mode 100644 plugins/experimental/uri_signing/python_signer/README.md create mode 100644 plugins/experimental/uri_signing/python_signer/example_config.json create mode 100755 plugins/experimental/uri_signing/python_signer/uri_signer.py create mode 100644 tests/gold_tests/pluginTest/uri_signing/config.json create mode 100644 tests/gold_tests/pluginTest/uri_signing/gold/200.gold create mode 100644 tests/gold_tests/pluginTest/uri_signing/gold/403.gold create mode 100755 tests/gold_tests/pluginTest/uri_signing/run_sign.sh create mode 100644 tests/gold_tests/pluginTest/uri_signing/signer.json create mode 100644 tests/gold_tests/pluginTest/uri_signing/uri_signing.test.py