[trafficserver] branch master updated (2950a71 -> 73dd46c)
This is an automated email from the ASF dual-hosted git repository. bneradt pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from 2950a71 New option to dead server to not retry during dead period (#7142) add 73dd46c Revert "Create an explicit runroot.yaml for AuTests (#7177)" (#7235) No new revisions were added by this update. Summary of changes: .../autest-site/autest_runroot_layout.yml | 28 -- .../gold_tests/autest-site/trafficserver.test.ext | 15 +++- 2 files changed, 3 insertions(+), 40 deletions(-) delete mode 100644 tests/gold_tests/autest-site/autest_runroot_layout.yml
[trafficserver] branch master updated (2950a71 -> 73dd46c)
This is an automated email from the ASF dual-hosted git repository. bneradt pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from 2950a71 New option to dead server to not retry during dead period (#7142) add 73dd46c Revert "Create an explicit runroot.yaml for AuTests (#7177)" (#7235) No new revisions were added by this update. Summary of changes: .../autest-site/autest_runroot_layout.yml | 28 -- .../gold_tests/autest-site/trafficserver.test.ext | 15 +++- 2 files changed, 3 insertions(+), 40 deletions(-) delete mode 100644 tests/gold_tests/autest-site/autest_runroot_layout.yml
[trafficserver] branch master updated (2950a71 -> 73dd46c)
This is an automated email from the ASF dual-hosted git repository. bneradt pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from 2950a71 New option to dead server to not retry during dead period (#7142) add 73dd46c Revert "Create an explicit runroot.yaml for AuTests (#7177)" (#7235) No new revisions were added by this update. Summary of changes: .../autest-site/autest_runroot_layout.yml | 28 -- .../gold_tests/autest-site/trafficserver.test.ext | 15 +++- 2 files changed, 3 insertions(+), 40 deletions(-) delete mode 100644 tests/gold_tests/autest-site/autest_runroot_layout.yml
[trafficserver] branch master updated (2950a71 -> 73dd46c)
This is an automated email from the ASF dual-hosted git repository. bneradt pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from 2950a71 New option to dead server to not retry during dead period (#7142) add 73dd46c Revert "Create an explicit runroot.yaml for AuTests (#7177)" (#7235) No new revisions were added by this update. Summary of changes: .../autest-site/autest_runroot_layout.yml | 28 -- .../gold_tests/autest-site/trafficserver.test.ext | 15 +++- 2 files changed, 3 insertions(+), 40 deletions(-) delete mode 100644 tests/gold_tests/autest-site/autest_runroot_layout.yml
[trafficserver] branch master updated (2950a71 -> 73dd46c)
This is an automated email from the ASF dual-hosted git repository. bneradt pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from 2950a71 New option to dead server to not retry during dead period (#7142) add 73dd46c Revert "Create an explicit runroot.yaml for AuTests (#7177)" (#7235) No new revisions were added by this update. Summary of changes: .../autest-site/autest_runroot_layout.yml | 28 -- .../gold_tests/autest-site/trafficserver.test.ext | 15 +++- 2 files changed, 3 insertions(+), 40 deletions(-) delete mode 100644 tests/gold_tests/autest-site/autest_runroot_layout.yml
[trafficserver] branch 9.0.x updated: Updated ChangeLog
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/9.0.x by this push: new e7508b7 Updated ChangeLog e7508b7 is described below commit e7508b75728d6b4e347976f5a3043781a10fb2cd Author: Leif Hedstrom AuthorDate: Thu Oct 1 16:43:46 2020 -0600 Updated ChangeLog --- CHANGELOG-9.0.0 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG-9.0.0 b/CHANGELOG-9.0.0 index 2b5fa49..984007a 100644 --- a/CHANGELOG-9.0.0 +++ b/CHANGELOG-9.0.0 @@ -1075,6 +1075,7 @@ Changes with Apache Traffic Server 9.0.0 #7137 - Removes duplicated listing of files in same Makefile target #7138 - Remove useless shortopt #7140 - Fixes garbled logs when using % log tag + #7142 - New option to dead server to not retry during dead period #7143 - Deprecate cqhv field #7144 - Fix typo in cache docs #7145 - Check VIO availability before acquiring a lock for it @@ -1102,3 +1103,5 @@ Changes with Apache Traffic Server 9.0.0 #7210 - Docs cleanup #7213 - Follow redirection responses when refreshing stale cache objects. #7215 - Log config reload: use new config for initialization + #7224 - Fix renamed setting in default config + #7225 - Increment ssl_error_syscall only if not EOF
[trafficserver] branch 8.1.x updated: Updated ChangeLog
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 8.1.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/8.1.x by this push: new f972a70 Updated ChangeLog f972a70 is described below commit f972a70a191119a792171a37a3b9e0ec23d476f1 Author: Leif Hedstrom AuthorDate: Thu Oct 1 15:47:52 2020 -0600 Updated ChangeLog --- CHANGELOG-8.1.1 | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG-8.1.1 b/CHANGELOG-8.1.1 index 026abf8..f2399e1 100644 --- a/CHANGELOG-8.1.1 +++ b/CHANGELOG-8.1.1 @@ -2,3 +2,4 @@ Changes with Apache Traffic Server 8.1.1 #7154 - Fixes H2 toggling using ssl_server_name.yaml #7156 - Fixes garbled logs when using % log tag #7191 - Emits log when OCSP fails to connect to server + #7217 - Remove usage of stored ACL record, fix ipallow reload
[trafficserver] branch 9.0.x updated: Increment ssl_error_syscall only if not EOF (#7225)
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/9.0.x by this push: new 18df045 Increment ssl_error_syscall only if not EOF (#7225) 18df045 is described below commit 18df045cd38497559a98ddde36ec5072d99e94bc Author: Masaori Koshiba AuthorDate: Wed Sep 30 08:57:42 2020 +0900 Increment ssl_error_syscall only if not EOF (#7225) (cherry picked from commit fef47d7919e0f87e4f650dfb26742c3a0482091b) --- doc/admin-guide/monitoring/statistics/core/ssl.en.rst | 4 iocore/net/SSLNetVConnection.cc | 3 +-- iocore/net/SSLStats.cc| 2 -- iocore/net/SSLStats.h | 1 - 4 files changed, 1 insertion(+), 9 deletions(-) diff --git a/doc/admin-guide/monitoring/statistics/core/ssl.en.rst b/doc/admin-guide/monitoring/statistics/core/ssl.en.rst index 3b6ee48..e84e75d 100644 --- a/doc/admin-guide/monitoring/statistics/core/ssl.en.rst +++ b/doc/admin-guide/monitoring/statistics/core/ssl.en.rst @@ -74,9 +74,6 @@ SSL/TLS The number of SSL connections to origin servers which were terminated due to unsupported SSL/TLS protocol versions, since statistics collection began. -.. ts:stat:: global proxy.process.ssl.ssl_error_read_eos integer - :type: counter - .. ts:stat:: global proxy.process.ssl.ssl_error_ssl integer :type: counter @@ -224,4 +221,3 @@ SSL/TLS Incoming client SSL connections terminated due to an unsupported or disabled version of SSL/TLS, since statistics collection began. - diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc index 59f6f27..68c70b6 100644 --- a/iocore/net/SSLNetVConnection.cc +++ b/iocore/net/SSLNetVConnection.cc @@ -306,15 +306,14 @@ ssl_read_from_net(SSLNetVConnection *sslvc, EThread *lthread, int64_t ) Debug("ssl.error", "SSL_ERROR_WOULD_BLOCK(read/x509 lookup)"); break; case SSL_ERROR_SYSCALL: - SSL_INCREMENT_DYN_STAT(ssl_error_syscall); if (nread != 0) { // not EOF +SSL_INCREMENT_DYN_STAT(ssl_error_syscall); event = SSL_READ_ERROR; ret = errno; Debug("ssl.error", "SSL_ERROR_SYSCALL, underlying IO error: %s", strerror(errno)); } else { // then EOF observed, treat it as EOS -// Error("[SSL_NetVConnection::ssl_read_from_net] SSL_ERROR_SYSCALL, EOF observed violating SSL protocol"); event = SSL_READ_EOS; } break; diff --git a/iocore/net/SSLStats.cc b/iocore/net/SSLStats.cc index f9d5304..fe36f4c 100644 --- a/iocore/net/SSLStats.cc +++ b/iocore/net/SSLStats.cc @@ -184,8 +184,6 @@ SSLInitializeStatistics() // error stats RecRegisterRawStat(ssl_rsb, RECT_PROCESS, "proxy.process.ssl.ssl_error_syscall", RECD_COUNTER, RECP_PERSISTENT, (int)ssl_error_syscall, RecRawStatSyncCount); - RecRegisterRawStat(ssl_rsb, RECT_PROCESS, "proxy.process.ssl.ssl_error_read_eos", RECD_COUNTER, RECP_PERSISTENT, - (int)ssl_error_read_eos, RecRawStatSyncCount); RecRegisterRawStat(ssl_rsb, RECT_PROCESS, "proxy.process.ssl.ssl_error_ssl", RECD_COUNTER, RECP_PERSISTENT, (int)ssl_error_ssl, RecRawStatSyncCount); RecRegisterRawStat(ssl_rsb, RECT_PROCESS, "proxy.process.ssl.ssl_sni_name_set_failure", RECD_COUNTER, RECP_PERSISTENT, diff --git a/iocore/net/SSLStats.h b/iocore/net/SSLStats.h index 202aa15..a6506bd 100644 --- a/iocore/net/SSLStats.h +++ b/iocore/net/SSLStats.h @@ -88,7 +88,6 @@ enum SSL_Stats { /* error stats */ ssl_error_syscall, - ssl_error_read_eos, ssl_error_ssl, ssl_sni_name_set_failure, ssl_total_attempts_handshake_count_out_stat,
[trafficserver] branch 9.0.x updated: New option to dead server to not retry during dead period (#7142)
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/9.0.x by this push: new acd0ac0 New option to dead server to not retry during dead period (#7142) acd0ac0 is described below commit acd0ac07dbc40f3f842a49ce3f09c1e31cc1d367 Author: Bryan Call AuthorDate: Wed Sep 30 16:41:36 2020 -0700 New option to dead server to not retry during dead period (#7142) (cherry picked from commit 2950a7162cfb0a8ee40f94ac92b9dcd258d8d2b8) --- doc/admin-guide/files/records.config.en.rst | 2 +- proxy/http/HttpSM.cc| 6 ++ proxy/http/HttpTransact.cc | 15 +-- proxy/http/HttpTransact.h | 3 ++- 4 files changed, 22 insertions(+), 4 deletions(-) diff --git a/doc/admin-guide/files/records.config.en.rst b/doc/admin-guide/files/records.config.en.rst index 96ba3bc..610927f 100644 --- a/doc/admin-guide/files/records.config.en.rst +++ b/doc/admin-guide/files/records.config.en.rst @@ -1430,7 +1430,7 @@ Origin Server Connect Attempts :reloadable: :overridable: - Maximum number of connection retries |TS| can make while an origin is marked dead. Typically this value is smaller than + Maximum number of connection attempts |TS| can make while an origin is marked dead per request. Typically this value is smaller than `proxy.config.http.connect_attempts_max_retries`_ so an error is returned to the client faster and also to reduce the load on the dead origin. The timeout interval `proxy.config.http.connect_attempts_timeout`_ in seconds is used with this setting. diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc index 9e853ea..87af632 100644 --- a/proxy/http/HttpSM.cc +++ b/proxy/http/HttpSM.cc @@ -4896,6 +4896,12 @@ HttpSM::do_http_server_open(bool raw) call_transact_and_set_next_state(HttpTransact::Forbidden); return; } + +if (HttpTransact::is_server_negative_cached(_state) == true && +t_state.txn_conf->connect_attempts_max_retries_dead_server <= 0) { + call_transact_and_set_next_state(HttpTransact::OriginDead); + return; +} } // Check for self loop. diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc index 7134cd1..a990c9c 100644 --- a/proxy/http/HttpTransact.cc +++ b/proxy/http/HttpTransact.cc @@ -400,7 +400,7 @@ update_cache_control_information_from_config(HttpTransact::State *s) } } -inline bool +bool HttpTransact::is_server_negative_cached(State *s) { if (s->host_db_info.app.http_data.last_failure != 0 && @@ -815,6 +815,15 @@ HttpTransact::TooEarly(State *s) } void +HttpTransact::OriginDead(State *s) +{ + TxnDebug("http_trans", "origin server is marked down"); + bootstrap_state_variables_from_request(s, >hdr_info.client_request); + build_error_response(s, HTTP_STATUS_BAD_GATEWAY, "Origin Server Marked Down", "connect#failed_connect"); + TRANSACT_RETURN(SM_ACTION_SEND_ERROR_CACHE_NOOP, nullptr); +} + +void HttpTransact::HandleBlindTunnel(State *s) { URL u; @@ -3745,12 +3754,14 @@ HttpTransact::handle_response_from_server(State *s) } if (is_server_negative_cached(s)) { - max_connect_retries = s->txn_conf->connect_attempts_max_retries_dead_server; + max_connect_retries = s->txn_conf->connect_attempts_max_retries_dead_server - 1; } else { // server not yet negative cached - use default number of retries max_connect_retries = s->txn_conf->connect_attempts_max_retries; } +TxnDebug("http_trans", "max_connect_retries: %d s->current.attempts: %d", max_connect_retries, s->current.attempts); + if (is_request_retryable(s) && s->current.attempts < max_connect_retries) { // If this is a round robin DNS entry & we're tried configured //number of times, we should try another node diff --git a/proxy/http/HttpTransact.h b/proxy/http/HttpTransact.h index 966bb7f..f9900a2 100644 --- a/proxy/http/HttpTransact.h +++ b/proxy/http/HttpTransact.h @@ -942,8 +942,9 @@ public: static void HandleRequestAuthorized(State *s); static void BadRequest(State *s); static void Forbidden(State *s); - static void TooEarly(State *s); static void SelfLoop(State *s); + static void TooEarly(State *s); + static void OriginDead(State *s); static void PostActiveTimeoutResponse(State *s); static void PostInactiveTimeoutResponse(State *s); static void DecideCacheLookup(State *s);
[trafficserver] branch 8.1.x updated: Remove usage of stored ACL record, always pull from current ipallow (#7217)
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 8.1.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/8.1.x by this push: new 9c55701 Remove usage of stored ACL record, always pull from current ipallow (#7217) 9c55701 is described below commit 9c55701f3d930a35b6bdd1a9a4f53614f5b5d44e Author: Evan Zelkowitz AuthorDate: Thu Oct 1 14:19:24 2020 -0600 Remove usage of stored ACL record, always pull from current ipallow (#7217) --- proxy/ProxyClientSession.h| 4 proxy/ProxyClientTransaction.h| 6 -- proxy/http/HttpSessionAccept.cc | 1 - proxy/http/HttpTransact.cc| 10 -- proxy/http2/Http2SessionAccept.cc | 1 - 5 files changed, 8 insertions(+), 14 deletions(-) diff --git a/proxy/ProxyClientSession.h b/proxy/ProxyClientSession.h index 76dc0c6..21fe2fa 100644 --- a/proxy/ProxyClientSession.h +++ b/proxy/ProxyClientSession.h @@ -36,7 +36,6 @@ #define SsnDebug(ssn, tag, ...) SpecificDebug((ssn)->debug(), tag, __VA_ARGS__) class ProxyClientTransaction; -struct AclRecord; enum class ProxyErrorClass { NONE, @@ -285,9 +284,6 @@ public: return netvc ? netvc->get_local_addr() : nullptr; } - /// acl record - cache IpAllow::match() call - const AclRecord *acl_record = nullptr; - /// Local address for outbound connection. IpAddr outbound_ip4; /// Local address for outbound connection. diff --git a/proxy/ProxyClientTransaction.h b/proxy/ProxyClientTransaction.h index 5d7e071..695ecaf 100644 --- a/proxy/ProxyClientTransaction.h +++ b/proxy/ProxyClientTransaction.h @@ -144,12 +144,6 @@ public: host_res_style = style; } - const AclRecord * - get_acl_record() const - { -return parent ? parent->acl_record : nullptr; - } - // Indicate we are done with this transaction virtual void release(IOBufferReader *r); diff --git a/proxy/http/HttpSessionAccept.cc b/proxy/http/HttpSessionAccept.cc index cb4bc84..50aded4 100644 --- a/proxy/http/HttpSessionAccept.cc +++ b/proxy/http/HttpSessionAccept.cc @@ -67,7 +67,6 @@ HttpSessionAccept::accept(NetVConnection *netvc, MIOBuffer *iobuf, IOBufferReade new_session->outbound_ip6 = outbound_ip6; new_session->outbound_port = outbound_port; new_session->host_res_style= ats_host_res_from(client_ip->sa_family, host_res_preference); - new_session->acl_record= acl_record; new_session->new_connection(netvc, iobuf, reader, backdoor); diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc index c526fa7..e5c97c9 100644 --- a/proxy/http/HttpTransact.cc +++ b/proxy/http/HttpTransact.cc @@ -6450,8 +6450,14 @@ HttpTransact::process_quick_http_filter(State *s, int method) } if (s->state_machine->ua_txn) { -const AclRecord *acl_record = s->state_machine->ua_txn->get_acl_record(); -bool deny_request = (acl_record == nullptr); +const AclRecord *acl_record = nullptr; +if (s->backdoor_request) { + acl_record = IpAllow::AllMethodAcl(); +} else { + acl_record = SessionAccept::testIpAllowPolicy(s->client_info.src_addr); +} + +bool deny_request = (acl_record == nullptr); if (acl_record && (acl_record->_method_mask != AclRecord::ALL_METHOD_MASK)) { if (method != -1) { deny_request = !acl_record->isMethodAllowed(method); diff --git a/proxy/http2/Http2SessionAccept.cc b/proxy/http2/Http2SessionAccept.cc index 8f4e154..3d8e929 100644 --- a/proxy/http2/Http2SessionAccept.cc +++ b/proxy/http2/Http2SessionAccept.cc @@ -54,7 +54,6 @@ Http2SessionAccept::accept(NetVConnection *netvc, MIOBuffer *iobuf, IOBufferRead } Http2ClientSession *new_session = THREAD_ALLOC_INIT(http2ClientSessionAllocator, this_ethread()); - new_session->acl_record = session_acl_record; new_session->host_res_style = ats_host_res_from(client_ip->sa_family, options.host_res_preference); new_session->outbound_ip4 = options.outbound_ip4; new_session->outbound_ip6 = options.outbound_ip6;