[trafficserver] branch master updated (2950a71 -> 73dd46c)
This is an automated email from the ASF dual-hosted git repository. bneradt pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from 2950a71 New option to dead server to not retry during dead period (#7142) add 73dd46c Revert "Create an explicit runroot.yaml for AuTests (#7177)" (#7235) No new revisions were added by this update. Summary of changes: .../autest-site/autest_runroot_layout.yml | 28 -- .../gold_tests/autest-site/trafficserver.test.ext | 15 +++- 2 files changed, 3 insertions(+), 40 deletions(-) delete mode 100644 tests/gold_tests/autest-site/autest_runroot_layout.yml
[trafficserver] branch master updated (2950a71 -> 73dd46c)
This is an automated email from the ASF dual-hosted git repository. bneradt pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from 2950a71 New option to dead server to not retry during dead period (#7142) add 73dd46c Revert "Create an explicit runroot.yaml for AuTests (#7177)" (#7235) No new revisions were added by this update. Summary of changes: .../autest-site/autest_runroot_layout.yml | 28 -- .../gold_tests/autest-site/trafficserver.test.ext | 15 +++- 2 files changed, 3 insertions(+), 40 deletions(-) delete mode 100644 tests/gold_tests/autest-site/autest_runroot_layout.yml
[trafficserver] branch master updated (2950a71 -> 73dd46c)
This is an automated email from the ASF dual-hosted git repository. bneradt pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from 2950a71 New option to dead server to not retry during dead period (#7142) add 73dd46c Revert "Create an explicit runroot.yaml for AuTests (#7177)" (#7235) No new revisions were added by this update. Summary of changes: .../autest-site/autest_runroot_layout.yml | 28 -- .../gold_tests/autest-site/trafficserver.test.ext | 15 +++- 2 files changed, 3 insertions(+), 40 deletions(-) delete mode 100644 tests/gold_tests/autest-site/autest_runroot_layout.yml
[trafficserver] branch master updated (2950a71 -> 73dd46c)
This is an automated email from the ASF dual-hosted git repository. bneradt pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from 2950a71 New option to dead server to not retry during dead period (#7142) add 73dd46c Revert "Create an explicit runroot.yaml for AuTests (#7177)" (#7235) No new revisions were added by this update. Summary of changes: .../autest-site/autest_runroot_layout.yml | 28 -- .../gold_tests/autest-site/trafficserver.test.ext | 15 +++- 2 files changed, 3 insertions(+), 40 deletions(-) delete mode 100644 tests/gold_tests/autest-site/autest_runroot_layout.yml
[trafficserver] branch master updated (2950a71 -> 73dd46c)
This is an automated email from the ASF dual-hosted git repository. bneradt pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from 2950a71 New option to dead server to not retry during dead period (#7142) add 73dd46c Revert "Create an explicit runroot.yaml for AuTests (#7177)" (#7235) No new revisions were added by this update. Summary of changes: .../autest-site/autest_runroot_layout.yml | 28 -- .../gold_tests/autest-site/trafficserver.test.ext | 15 +++- 2 files changed, 3 insertions(+), 40 deletions(-) delete mode 100644 tests/gold_tests/autest-site/autest_runroot_layout.yml
[trafficserver] branch 9.0.x updated: Updated ChangeLog
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/9.0.x by this push: new e7508b7 Updated ChangeLog e7508b7 is described below commit e7508b75728d6b4e347976f5a3043781a10fb2cd Author: Leif Hedstrom AuthorDate: Thu Oct 1 16:43:46 2020 -0600 Updated ChangeLog --- CHANGELOG-9.0.0 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG-9.0.0 b/CHANGELOG-9.0.0 index 2b5fa49..984007a 100644 --- a/CHANGELOG-9.0.0 +++ b/CHANGELOG-9.0.0 @@ -1075,6 +1075,7 @@ Changes with Apache Traffic Server 9.0.0 #7137 - Removes duplicated listing of files in same Makefile target #7138 - Remove useless shortopt #7140 - Fixes garbled logs when using % log tag + #7142 - New option to dead server to not retry during dead period #7143 - Deprecate cqhv field #7144 - Fix typo in cache docs #7145 - Check VIO availability before acquiring a lock for it @@ -1102,3 +1103,5 @@ Changes with Apache Traffic Server 9.0.0 #7210 - Docs cleanup #7213 - Follow redirection responses when refreshing stale cache objects. #7215 - Log config reload: use new config for initialization + #7224 - Fix renamed setting in default config + #7225 - Increment ssl_error_syscall only if not EOF
[trafficserver] branch 8.1.x updated: Updated ChangeLog
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 8.1.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/8.1.x by this push: new f972a70 Updated ChangeLog f972a70 is described below commit f972a70a191119a792171a37a3b9e0ec23d476f1 Author: Leif Hedstrom AuthorDate: Thu Oct 1 15:47:52 2020 -0600 Updated ChangeLog --- CHANGELOG-8.1.1 | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG-8.1.1 b/CHANGELOG-8.1.1 index 026abf8..f2399e1 100644 --- a/CHANGELOG-8.1.1 +++ b/CHANGELOG-8.1.1 @@ -2,3 +2,4 @@ Changes with Apache Traffic Server 8.1.1 #7154 - Fixes H2 toggling using ssl_server_name.yaml #7156 - Fixes garbled logs when using % log tag #7191 - Emits log when OCSP fails to connect to server + #7217 - Remove usage of stored ACL record, fix ipallow reload
[trafficserver] branch 9.0.x updated: Increment ssl_error_syscall only if not EOF (#7225)
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 18df045 Increment ssl_error_syscall only if not EOF (#7225)
18df045 is described below
commit 18df045cd38497559a98ddde36ec5072d99e94bc
Author: Masaori Koshiba
AuthorDate: Wed Sep 30 08:57:42 2020 +0900
Increment ssl_error_syscall only if not EOF (#7225)
(cherry picked from commit fef47d7919e0f87e4f650dfb26742c3a0482091b)
---
doc/admin-guide/monitoring/statistics/core/ssl.en.rst | 4
iocore/net/SSLNetVConnection.cc | 3 +--
iocore/net/SSLStats.cc| 2 --
iocore/net/SSLStats.h | 1 -
4 files changed, 1 insertion(+), 9 deletions(-)
diff --git a/doc/admin-guide/monitoring/statistics/core/ssl.en.rst
b/doc/admin-guide/monitoring/statistics/core/ssl.en.rst
index 3b6ee48..e84e75d 100644
--- a/doc/admin-guide/monitoring/statistics/core/ssl.en.rst
+++ b/doc/admin-guide/monitoring/statistics/core/ssl.en.rst
@@ -74,9 +74,6 @@ SSL/TLS
The number of SSL connections to origin servers which were terminated due to
unsupported SSL/TLS protocol versions, since statistics collection began.
-.. ts:stat:: global proxy.process.ssl.ssl_error_read_eos integer
- :type: counter
-
.. ts:stat:: global proxy.process.ssl.ssl_error_ssl integer
:type: counter
@@ -224,4 +221,3 @@ SSL/TLS
Incoming client SSL connections terminated due to an unsupported or disabled
version of SSL/TLS, since statistics collection began.
-
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index 59f6f27..68c70b6 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -306,15 +306,14 @@ ssl_read_from_net(SSLNetVConnection *sslvc, EThread
*lthread, int64_t )
Debug("ssl.error", "SSL_ERROR_WOULD_BLOCK(read/x509 lookup)");
break;
case SSL_ERROR_SYSCALL:
- SSL_INCREMENT_DYN_STAT(ssl_error_syscall);
if (nread != 0) {
// not EOF
+SSL_INCREMENT_DYN_STAT(ssl_error_syscall);
event = SSL_READ_ERROR;
ret = errno;
Debug("ssl.error", "SSL_ERROR_SYSCALL, underlying IO error: %s",
strerror(errno));
} else {
// then EOF observed, treat it as EOS
-// Error("[SSL_NetVConnection::ssl_read_from_net] SSL_ERROR_SYSCALL,
EOF observed violating SSL protocol");
event = SSL_READ_EOS;
}
break;
diff --git a/iocore/net/SSLStats.cc b/iocore/net/SSLStats.cc
index f9d5304..fe36f4c 100644
--- a/iocore/net/SSLStats.cc
+++ b/iocore/net/SSLStats.cc
@@ -184,8 +184,6 @@ SSLInitializeStatistics()
// error stats
RecRegisterRawStat(ssl_rsb, RECT_PROCESS,
"proxy.process.ssl.ssl_error_syscall", RECD_COUNTER, RECP_PERSISTENT,
(int)ssl_error_syscall, RecRawStatSyncCount);
- RecRegisterRawStat(ssl_rsb, RECT_PROCESS,
"proxy.process.ssl.ssl_error_read_eos", RECD_COUNTER, RECP_PERSISTENT,
- (int)ssl_error_read_eos, RecRawStatSyncCount);
RecRegisterRawStat(ssl_rsb, RECT_PROCESS, "proxy.process.ssl.ssl_error_ssl",
RECD_COUNTER, RECP_PERSISTENT, (int)ssl_error_ssl,
RecRawStatSyncCount);
RecRegisterRawStat(ssl_rsb, RECT_PROCESS,
"proxy.process.ssl.ssl_sni_name_set_failure", RECD_COUNTER, RECP_PERSISTENT,
diff --git a/iocore/net/SSLStats.h b/iocore/net/SSLStats.h
index 202aa15..a6506bd 100644
--- a/iocore/net/SSLStats.h
+++ b/iocore/net/SSLStats.h
@@ -88,7 +88,6 @@ enum SSL_Stats {
/* error stats */
ssl_error_syscall,
- ssl_error_read_eos,
ssl_error_ssl,
ssl_sni_name_set_failure,
ssl_total_attempts_handshake_count_out_stat,
[trafficserver] branch 9.0.x updated: New option to dead server to not retry during dead period (#7142)
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new acd0ac0 New option to dead server to not retry during dead period
(#7142)
acd0ac0 is described below
commit acd0ac07dbc40f3f842a49ce3f09c1e31cc1d367
Author: Bryan Call
AuthorDate: Wed Sep 30 16:41:36 2020 -0700
New option to dead server to not retry during dead period (#7142)
(cherry picked from commit 2950a7162cfb0a8ee40f94ac92b9dcd258d8d2b8)
---
doc/admin-guide/files/records.config.en.rst | 2 +-
proxy/http/HttpSM.cc| 6 ++
proxy/http/HttpTransact.cc | 15 +--
proxy/http/HttpTransact.h | 3 ++-
4 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/doc/admin-guide/files/records.config.en.rst
b/doc/admin-guide/files/records.config.en.rst
index 96ba3bc..610927f 100644
--- a/doc/admin-guide/files/records.config.en.rst
+++ b/doc/admin-guide/files/records.config.en.rst
@@ -1430,7 +1430,7 @@ Origin Server Connect Attempts
:reloadable:
:overridable:
- Maximum number of connection retries |TS| can make while an origin is
marked dead. Typically this value is smaller than
+ Maximum number of connection attempts |TS| can make while an origin is
marked dead per request. Typically this value is smaller than
`proxy.config.http.connect_attempts_max_retries`_ so an error is returned
to the client faster and also to reduce the load on the dead origin.
The timeout interval `proxy.config.http.connect_attempts_timeout`_ in
seconds is used with this setting.
diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index 9e853ea..87af632 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -4896,6 +4896,12 @@ HttpSM::do_http_server_open(bool raw)
call_transact_and_set_next_state(HttpTransact::Forbidden);
return;
}
+
+if (HttpTransact::is_server_negative_cached(_state) == true &&
+t_state.txn_conf->connect_attempts_max_retries_dead_server <= 0) {
+ call_transact_and_set_next_state(HttpTransact::OriginDead);
+ return;
+}
}
// Check for self loop.
diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc
index 7134cd1..a990c9c 100644
--- a/proxy/http/HttpTransact.cc
+++ b/proxy/http/HttpTransact.cc
@@ -400,7 +400,7 @@
update_cache_control_information_from_config(HttpTransact::State *s)
}
}
-inline bool
+bool
HttpTransact::is_server_negative_cached(State *s)
{
if (s->host_db_info.app.http_data.last_failure != 0 &&
@@ -815,6 +815,15 @@ HttpTransact::TooEarly(State *s)
}
void
+HttpTransact::OriginDead(State *s)
+{
+ TxnDebug("http_trans", "origin server is marked down");
+ bootstrap_state_variables_from_request(s, >hdr_info.client_request);
+ build_error_response(s, HTTP_STATUS_BAD_GATEWAY, "Origin Server Marked
Down", "connect#failed_connect");
+ TRANSACT_RETURN(SM_ACTION_SEND_ERROR_CACHE_NOOP, nullptr);
+}
+
+void
HttpTransact::HandleBlindTunnel(State *s)
{
URL u;
@@ -3745,12 +3754,14 @@ HttpTransact::handle_response_from_server(State *s)
}
if (is_server_negative_cached(s)) {
- max_connect_retries =
s->txn_conf->connect_attempts_max_retries_dead_server;
+ max_connect_retries =
s->txn_conf->connect_attempts_max_retries_dead_server - 1;
} else {
// server not yet negative cached - use default number of retries
max_connect_retries = s->txn_conf->connect_attempts_max_retries;
}
+TxnDebug("http_trans", "max_connect_retries: %d s->current.attempts: %d",
max_connect_retries, s->current.attempts);
+
if (is_request_retryable(s) && s->current.attempts < max_connect_retries) {
// If this is a round robin DNS entry & we're tried configured
//number of times, we should try another node
diff --git a/proxy/http/HttpTransact.h b/proxy/http/HttpTransact.h
index 966bb7f..f9900a2 100644
--- a/proxy/http/HttpTransact.h
+++ b/proxy/http/HttpTransact.h
@@ -942,8 +942,9 @@ public:
static void HandleRequestAuthorized(State *s);
static void BadRequest(State *s);
static void Forbidden(State *s);
- static void TooEarly(State *s);
static void SelfLoop(State *s);
+ static void TooEarly(State *s);
+ static void OriginDead(State *s);
static void PostActiveTimeoutResponse(State *s);
static void PostInactiveTimeoutResponse(State *s);
static void DecideCacheLookup(State *s);
[trafficserver] branch 8.1.x updated: Remove usage of stored ACL record, always pull from current ipallow (#7217)
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 8.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/8.1.x by this push:
new 9c55701 Remove usage of stored ACL record, always pull from current
ipallow (#7217)
9c55701 is described below
commit 9c55701f3d930a35b6bdd1a9a4f53614f5b5d44e
Author: Evan Zelkowitz
AuthorDate: Thu Oct 1 14:19:24 2020 -0600
Remove usage of stored ACL record, always pull from current ipallow (#7217)
---
proxy/ProxyClientSession.h| 4
proxy/ProxyClientTransaction.h| 6 --
proxy/http/HttpSessionAccept.cc | 1 -
proxy/http/HttpTransact.cc| 10 --
proxy/http2/Http2SessionAccept.cc | 1 -
5 files changed, 8 insertions(+), 14 deletions(-)
diff --git a/proxy/ProxyClientSession.h b/proxy/ProxyClientSession.h
index 76dc0c6..21fe2fa 100644
--- a/proxy/ProxyClientSession.h
+++ b/proxy/ProxyClientSession.h
@@ -36,7 +36,6 @@
#define SsnDebug(ssn, tag, ...) SpecificDebug((ssn)->debug(), tag, __VA_ARGS__)
class ProxyClientTransaction;
-struct AclRecord;
enum class ProxyErrorClass {
NONE,
@@ -285,9 +284,6 @@ public:
return netvc ? netvc->get_local_addr() : nullptr;
}
- /// acl record - cache IpAllow::match() call
- const AclRecord *acl_record = nullptr;
-
/// Local address for outbound connection.
IpAddr outbound_ip4;
/// Local address for outbound connection.
diff --git a/proxy/ProxyClientTransaction.h b/proxy/ProxyClientTransaction.h
index 5d7e071..695ecaf 100644
--- a/proxy/ProxyClientTransaction.h
+++ b/proxy/ProxyClientTransaction.h
@@ -144,12 +144,6 @@ public:
host_res_style = style;
}
- const AclRecord *
- get_acl_record() const
- {
-return parent ? parent->acl_record : nullptr;
- }
-
// Indicate we are done with this transaction
virtual void release(IOBufferReader *r);
diff --git a/proxy/http/HttpSessionAccept.cc b/proxy/http/HttpSessionAccept.cc
index cb4bc84..50aded4 100644
--- a/proxy/http/HttpSessionAccept.cc
+++ b/proxy/http/HttpSessionAccept.cc
@@ -67,7 +67,6 @@ HttpSessionAccept::accept(NetVConnection *netvc, MIOBuffer
*iobuf, IOBufferReade
new_session->outbound_ip6 = outbound_ip6;
new_session->outbound_port = outbound_port;
new_session->host_res_style=
ats_host_res_from(client_ip->sa_family, host_res_preference);
- new_session->acl_record= acl_record;
new_session->new_connection(netvc, iobuf, reader, backdoor);
diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc
index c526fa7..e5c97c9 100644
--- a/proxy/http/HttpTransact.cc
+++ b/proxy/http/HttpTransact.cc
@@ -6450,8 +6450,14 @@ HttpTransact::process_quick_http_filter(State *s, int
method)
}
if (s->state_machine->ua_txn) {
-const AclRecord *acl_record = s->state_machine->ua_txn->get_acl_record();
-bool deny_request = (acl_record == nullptr);
+const AclRecord *acl_record = nullptr;
+if (s->backdoor_request) {
+ acl_record = IpAllow::AllMethodAcl();
+} else {
+ acl_record = SessionAccept::testIpAllowPolicy(s->client_info.src_addr);
+}
+
+bool deny_request = (acl_record == nullptr);
if (acl_record && (acl_record->_method_mask !=
AclRecord::ALL_METHOD_MASK)) {
if (method != -1) {
deny_request = !acl_record->isMethodAllowed(method);
diff --git a/proxy/http2/Http2SessionAccept.cc
b/proxy/http2/Http2SessionAccept.cc
index 8f4e154..3d8e929 100644
--- a/proxy/http2/Http2SessionAccept.cc
+++ b/proxy/http2/Http2SessionAccept.cc
@@ -54,7 +54,6 @@ Http2SessionAccept::accept(NetVConnection *netvc, MIOBuffer
*iobuf, IOBufferRead
}
Http2ClientSession *new_session =
THREAD_ALLOC_INIT(http2ClientSessionAllocator, this_ethread());
- new_session->acl_record = session_acl_record;
new_session->host_res_style = ats_host_res_from(client_ip->sa_family,
options.host_res_preference);
new_session->outbound_ip4 = options.outbound_ip4;
new_session->outbound_ip6 = options.outbound_ip6;
