[trafficserver] branch master updated: Add incoming PROXY Protocol v2 support (#7340)

[masaori]

This is an automated email from the ASF dual-hosted git repository.

masaori pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
 new f7bdee6  Add incoming PROXY Protocol v2 support (#7340)
f7bdee6 is described below

commit f7bdee616ebec26b2746ce50c75eaacab7571554
Author: Masaori Koshiba 
AuthorDate: Tue Jan 26 08:04:44 2021 +0900

Add incoming PROXY Protocol v2 support (#7340)

TCP support only for now. UDP, UNIX Domain Socket, and TLVs are out of 
scope.
---
 .../configuration/proxy-protocol.en.rst|   6 +-
 iocore/net/ProxyProtocol.cc| 137 +-
 iocore/net/ProxyProtocol.h |   2 +-
 iocore/net/unit_tests/test_ProxyProtocol.cc| 292 -
 4 files changed, 424 insertions(+), 13 deletions(-)

diff --git a/doc/admin-guide/configuration/proxy-protocol.en.rst 
b/doc/admin-guide/configuration/proxy-protocol.en.rst
index 8df27d1..adf61f6 100644
--- a/doc/admin-guide/configuration/proxy-protocol.en.rst
+++ b/doc/admin-guide/configuration/proxy-protocol.en.rst
@@ -31,7 +31,7 @@ TLS connections.
 
 .. note::
 
-The current version only supports transforming client IP from PROXY 
Version 1
+The current version only supports transforming client IP from PROXY 
Version 1/2
 header to the Forwarded: header.
 
 In the current implementation, the client IP address in the PROXY protocol 
header
@@ -41,7 +41,7 @@ is passed to the origin server via an HTTP `Forwarded:
 The Proxy Protocol must be enabled on each port.  See
 :ts:cv:`proxy.config.http.server_ports` for information on how to enable the
 Proxy Protocol on a port.  Once enabled, all incoming requests must be prefaced
-with the PROXY v1 header.  Any request not preface by this header will be
+with the PROXY v1/v2 header.  Any request not preface by this header will be
 dropped.
 
 As a security measure, an optional list of trusted IP addresses may be
@@ -50,7 +50,7 @@ configured with 
:ts:cv:`proxy.config.http.proxy_protocol_allowlist`.
.. important::
 
If the allowlist is configured, requests will only be accepted from 
these
-   IP addresses and must be prefaced with the PROXY v1 header.
+   IP addresses and must be prefaced with the PROXY v1/v2 header.
 
 See :ts:cv:`proxy.config.http.insert_forwarded` for configuration information.
 Detection of the PROXY protocol header is automatic.  If the PROXY header
diff --git a/iocore/net/ProxyProtocol.cc b/iocore/net/ProxyProtocol.cc
index 2de8673..452f63b 100644
--- a/iocore/net/ProxyProtocol.cc
+++ b/iocore/net/ProxyProtocol.cc
@@ -34,15 +34,57 @@ namespace
 using namespace std::literals;
 
 constexpr ts::TextView PPv1_CONNECTION_PREFACE = "PROXY"sv;
-constexpr ts::TextView PPv2_CONNECTION_PREFACE = 
"\x0D\x0A\x0D\x0A\x00\x0D\x0A\x51\x55\x49\x54\x0A\x02"sv;
+constexpr ts::TextView PPv2_CONNECTION_PREFACE = 
"\x0D\x0A\x0D\x0A\x00\x0D\x0A\x51\x55\x49\x54\x0A"sv;
 
 constexpr size_t PPv1_CONNECTION_HEADER_LEN_MIN = 15;
-constexpr size_t PPv2_CONNECTION_HEADER_LEN_MIN = 16;
 
 constexpr ts::TextView PPv1_PROTO_UNKNOWN = "UNKNOWN"sv;
 constexpr ts::TextView PPv1_PROTO_TCP4= "TCP4"sv;
 constexpr ts::TextView PPv1_PROTO_TCP6= "TCP6"sv;
 
+constexpr uint8_t PPv2_CMD_LOCAL = 0x20;
+constexpr uint8_t PPv2_CMD_PROXY = 0x21;
+
+constexpr uint8_t PPv2_PROTO_UNSPEC= 0x00;
+constexpr uint8_t PPv2_PROTO_TCP4  = 0x11;
+constexpr uint8_t PPv2_PROTO_UDP4  = 0x12;
+constexpr uint8_t PPv2_PROTO_TCP6  = 0x21;
+constexpr uint8_t PPv2_PROTO_UDP6  = 0x22;
+constexpr uint8_t PPv2_PROTO_UNIX_STREAM   = 0x31;
+constexpr uint8_t PPv2_PROTO_UNIX_DATAGRAM = 0x32;
+
+constexpr uint16_t PPv2_ADDR_LEN_INET  = 4 + 4 + 2 + 2;
+constexpr uint16_t PPv2_ADDR_LEN_INET6 = 16 + 16 + 2 + 2;
+// constexpr uint16_t PPv2_ADDR_LEN_UNIX  = 108 + 108;
+
+struct PPv2Hdr {
+  uint8_t sig[12]; ///< preface
+  uint8_t ver_cmd; ///< protocol version and command
+  uint8_t fam; ///< protocol family and transport
+  uint16_t len;///< number of following bytes part of the header
+  union {
+// for TCP/UDP over IPv4, len = 12 (PPv2_ADDR_LEN_INET)
+struct {
+  uint32_t src_addr;
+  uint32_t dst_addr;
+  uint16_t src_port;
+  uint16_t dst_port;
+} ip4;
+// for TCP/UDP over IPv6, len = 36 (PPv2_ADDR_LEN_INET6)
+struct {
+  uint8_t src_addr[16];
+  uint8_t dst_addr[16];
+  uint16_t src_port;
+  uint16_t dst_port;
+} ip6;
+// for AF_UNIX sockets, len = 216 (PPv2_ADDR_LEN_UNIX)
+struct {
+  uint8_t src_addr[108];
+  uint8_t dst_addr[108];
+} unix;
+  } addr;
+};
+
 /**
PROXY Protocol v1 Parser
 
@@ -166,13 +208,100 @@ proxy_protocol_v1_parse(ProxyProtocol *pp_info, 
ts::TextView hdr)
 /**
PROXY Protocol v2 Parser
 
+   TODO: TLVs Support
+
@return read length
  */
 size_t

[trafficserver] branch 9.0.x updated: Updated ChangeLog

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 3dde3a5  Updated ChangeLog
3dde3a5 is described below

commit 3dde3a54af2875c377e7add2df44dfe86f1ba113
Author: Leif Hedstrom 
AuthorDate: Mon Jan 25 13:32:18 2021 -0700

Updated ChangeLog
---
 CHANGELOG-9.0.1 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG-9.0.1 b/CHANGELOG-9.0.1
index 3f6177f..d420217 100644
--- a/CHANGELOG-9.0.1
+++ b/CHANGELOG-9.0.1
@@ -11,3 +11,4 @@ Changes with Apache Traffic Server 9.0.1
   #7420 - Update documentation for TSSslSessionInsert
   #7432 - Fix stall on outbound TLS handshake
   #7435 - Slice: 9.0.x back port of self healing and throttle by default
+  #7437 - Small fix to regex_remap PR # 7347.