[trafficserver] branch master updated (884f4a4 -> e629118)

[masaori]

This is an automated email from the ASF dual-hosted git repository.

masaori pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git.


from 884f4a4  Add server_name option to proxy.config.ssl.client.sni_policy 
(#7533)
 add e629118  Add ALPN support on TLS Partial Blind Tunnel (#7511)

No new revisions were added by this update.

Summary of changes:
 doc/admin-guide/files/sni.yaml.en.rst |  5 +
 iocore/net/P_SNIActionPerformer.h | 10 +-
 iocore/net/SSLNetVConnection.cc   | 23 ++-
 iocore/net/SSLSNIConfig.cc|  2 +-
 iocore/net/YamlSNIConfig.cc   | 32 +++-
 iocore/net/YamlSNIConfig.h|  2 ++
 lib/records/I_RecHttp.h   | 11 +++
 lib/records/RecHttp.cc| 31 +++
 proxy/http/HttpSM.cc  |  8 
 9 files changed, 120 insertions(+), 4 deletions(-)

[trafficserver] branch master updated (325aa81 -> 884f4a4)

[masaori]

This is an automated email from the ASF dual-hosted git repository.

masaori pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git.


from 325aa81  Fix a crash on origin session reuse (#7543)
 add 884f4a4  Add server_name option to proxy.config.ssl.client.sni_policy 
(#7533)

No new revisions were added by this update.

Summary of changes:
 doc/admin-guide/files/records.config.en.rst|  3 +++
 proxy/http/HttpSM.cc   |  2 ++
 .../tls/tls_verify_override_base.test.py   | 26 +-
 3 files changed, 30 insertions(+), 1 deletion(-)

[trafficserver] branch master updated (7f4aef6 -> 325aa81)

[duke8253]

This is an automated email from the ASF dual-hosted git repository.

duke8253 pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git.


from 7f4aef6  Removes the test plugins from the .spec file / RPM (#7551)
 add 325aa81  Fix a crash on origin session reuse (#7543)

No new revisions were added by this update.

Summary of changes:
 iocore/net/SSLUtils.cc | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

[trafficserver] branch 9.1.x updated: Updated ChangeLog

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.1.x by this push:
 new fc23b6c  Updated ChangeLog
fc23b6c is described below

commit fc23b6c10aaebfb79a527ad9f16128bc8fcffdef
Author: Leif Hedstrom 
AuthorDate: Tue Feb 23 10:55:00 2021 -0700

Updated ChangeLog
---
 CHANGELOG-9.1.0 | 16 
 1 file changed, 16 insertions(+)

diff --git a/CHANGELOG-9.1.0 b/CHANGELOG-9.1.0
index ae6ed85..5f0fd32 100644
--- a/CHANGELOG-9.1.0
+++ b/CHANGELOG-9.1.0
@@ -60,6 +60,7 @@ Changes with Apache Traffic Server 9.1.0
   #6509 - Cleanup: Break down HpackIndexingTable::lookup() into static table 
lookup & dynamic table lookup
   #6515 - Check the exit value of the regression test
   #6520 - Cleanup: Get rid of MIMEFieldWrapper from HPACK encoding
+  #6521 - Perf: Replace casecmp with memcmp in HPACK static table lookup
   #6528 - Introduce LocalBuffer
   #6531 - Allow lo interface in list of system stats
   #6536 - Perf: Use LocalBuffer in HTTP/2
@@ -208,6 +209,7 @@ Changes with Apache Traffic Server 9.1.0
   #7273 - Removes commented out code from esi plugin
   #7276 - Remove the last remnants of the enable_url_expandomatic
   #7277 - Fix example in default sni.yaml configuration.
+  #7281 - Make s3_auth plugin auto reload the config at expiration time
   #7286 - Remove unfinished h2c support
   #7289 - Enable all h2spec test
   #7292 - Allow disabling SO_MARK and IP_TOS usage
@@ -257,17 +259,31 @@ Changes with Apache Traffic Server 9.1.0
   #7433 - Fix a link error on traffic_quic command
   #7436 - Cleanup: Remove unused members of NextHopProperty
   #7439 - API to retrieve NoStore set by plugins
+  #7445 - Add PROXY Protocol Builder
+  #7446 - Add Outbound PROXY Protocol (v1/v2) Support
+  #7450 - Move reopen_moved_log_files to log flushing thread
+  #7451 - Unit Test -  Increase openssl's key size. Place test certs into a 
comon test folder
   #7453 - Cleanup: Add SNIRoutingType
   #7455 - Fix Makefile target for creating changelogs
   #7457 - Fix comment in include/tscore/Filenames.h.
   #7461 - Do not write to the cache if the plugin decides not to write
+  #7464 - Upgrade Catch.hpp to v2.13.4
   #7465 - Select lua context per thread
   #7466 - Change atoi to atol, causing obvious issues on what needs to be 
int64's
   #7468 - Proxy Verifier: Making use of delay directives for caching tests.
   #7469 - Update AuTest version update directions for pipenv
   #7473 - Adjust so transfer-encoding header can be treated hop-by-hop
+  #7488 - Avoid -Warray-bounds on PROXY Protocol Builder
+  #7491 - Add new log field for negotiated ALPN Protocol ID with the client
+  #7494 - Fix certs used in tls related autests
+  #7496 - Fix QUIC unit tests build issue on GNU ld
+  #7497 - Fix QUIC unit test failures
   #7499 - Move has_request_body to ProxyTransaction
+  #7500 - Disable ja3 plugin when building with boringssl
   #7502 - traffic_dump: AuTests to use Proxy Verifier.
   #7518 - Updates the Dockerfile for debian
   #7522 - Make the H3 build script work properly on Debian platforms
+  #7532 - Fix asserts in multiplexer plugin.
+  #7535 - Convert the inactive_client_timeout test to use Proxy Verifier
   #7539 - Fix the schedule AuTest for 9.1.x: use PrepareTestPlugin
+  #7550 - Fix ja3_fingerprint configure syntax

[trafficserver] branch 9.0.x updated: Updated ChangeLog

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 49d2875  Updated ChangeLog
49d2875 is described below

commit 49d287533548da4e203ce5ae9b41ac728fe869d2
Author: Leif Hedstrom 
AuthorDate: Tue Feb 23 10:52:58 2021 -0700

Updated ChangeLog
---
 CHANGELOG-9.0.1 | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/CHANGELOG-9.0.1 b/CHANGELOG-9.0.1
index 95a3a7d..7fe91eb 100644
--- a/CHANGELOG-9.0.1
+++ b/CHANGELOG-9.0.1
@@ -14,6 +14,7 @@ Changes with Apache Traffic Server 9.0.1
   #7309 - Disable client inactivity timeout while server is processing POST 
request
   #7347 - Allow for regex_remap of pristine URL.
   #7377 - Addresses some of the lock contention with HostStatus.
+  #7389 - Apple Silicon macOS support
   #7395 - Replace ::exit() with _exit() to avoid secondary cleanup cores
   #7410 - Fix issue with unavailable server retry codes
   #7414 - Remove the warning messages
@@ -29,9 +30,14 @@ Changes with Apache Traffic Server 9.0.1
   #7454 - Updating to Proxy Verifier v2.0.0
   #7460 - Update to the new MicroServer 1.0.6 release
   #7463 - Fixing compress expectation for new microserver
+  #7484 - traffic_ctl - Fix lookup key for run-root option.
   #7486 - slice/server: handleFirstServerHeader exit sooner on detected 
requested range errors.
+  #7490 - Fix out of bounds access error in ats_base64_decode
   #7493 - AuTest: Upgrade to Proxy Verifier 2.0.2
   #7495 - Add zlib1g-dev to Debian dependencies in README (#7303)
   #7506 - Fixed build issues with Fedora 34
   #7507 - Fixing DNS local_ipv* config option
+  #7526 - Fix out of bounds access error in jtest
   #7534 - Updating to use Proxy Verifier 2.1.0
+  #7549 - Release Notes update on HTTP/2 disabling in v9.x
+  #7551 - Removes the test plugins from the .spec file / RPM

[trafficserver] branch 9.1.x updated: Fix ja3_fingerprint configure syntax (#7550)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.1.x by this push:
 new 2ba8d2b  Fix ja3_fingerprint configure syntax (#7550)
2ba8d2b is described below

commit 2ba8d2bad3f2df84608093bf4a25de0b3c206c82
Author: Brian Neradt 
AuthorDate: Tue Feb 23 09:32:47 2021 -0600

Fix ja3_fingerprint configure syntax (#7550)

A call to "test" was missed in the ja3_fingerprint logic. Before the
patch in this commit, this would result in the following output:

checking for JA3 compatible OpenSSL version... yes
./configure: line 25014: -z: command not found

(cherry picked from commit bb8844da1cc07d15fd27d812b6b7fb2af1695f1f)
---
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 9481e37..63fc801 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1363,7 +1363,7 @@ AC_EGREP_CPP(yes, [
   #endif
   ], [
 AC_MSG_RESULT(yes)
-AS_IF([test "x${enable_experimental_plugins}" = "xyes" && -z 
"$openssl_is_boringssl"], [
+AS_IF([test "x${enable_experimental_plugins}" = "xyes" && test -z 
"$openssl_is_boringssl"], [
   enable_ja3_plugin=yes
 ])
   ], [AC_MSG_RESULT(no)])

[trafficserver] branch 9.1.x updated: Convert the inactive_client_timeout test to use Proxy Verifier (#7535)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.1.x by this push:
 new 334ce75  Convert the inactive_client_timeout test to use Proxy 
Verifier (#7535)
334ce75 is described below

commit 334ce7503828cd18133e7504fd3841d47d43
Author: Brian Neradt 
AuthorDate: Tue Feb 23 09:58:17 2021 -0600

Convert the inactive_client_timeout test to use Proxy Verifier (#7535)

Convert the current client inactivity timeout test to use Proxy Verifier
instead of a combination of curl and nc shell scripts.

(cherry picked from commit a42d2155987bbe5c7c3b74e4a53e4e9f374d6870)
---
 tests/gold_tests/timeout/case-inactive1.sh |  19 ---
 tests/gold_tests/timeout/case-inactive2.sh |  19 ---
 tests/gold_tests/timeout/case-inactive3.sh |  19 ---
 tests/gold_tests/timeout/case-inactive4.sh |  19 ---
 tests/gold_tests/timeout/case-inactive5.sh |  19 ---
 tests/gold_tests/timeout/case-inactive6.sh |  19 ---
 tests/gold_tests/timeout/delay-inactive-server.sh  |  20 ---
 .../timeout/inactive_client_post_timeout.test.py   | 108 -
 .../timeout/inactive_client_timeout.test.py|  63 
 tests/gold_tests/timeout/slow_server.yaml  | 171 +
 10 files changed, 234 insertions(+), 242 deletions(-)

diff --git a/tests/gold_tests/timeout/case-inactive1.sh 
b/tests/gold_tests/timeout/case-inactive1.sh
deleted file mode 100644
index ecee593..000
--- a/tests/gold_tests/timeout/case-inactive1.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#  Licensed to the Apache Software Foundation (ASF) under one
-#  or more contributor license agreements.  See the NOTICE file
-#  distributed with this work for additional information
-#  regarding copyright ownership.  The ASF licenses this file
-#  to you under the Apache License, Version 2.0 (the
-#  "License"); you may not use this file except in compliance
-#  with the License.  You may obtain a copy of the License at
-#
-#  http://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
-
-nc -4 -l ${2} -c "sh ./delay-inactive-server.sh" &
-sleep 1
-curl -i http://127.0.0.1:${1}/${3}
diff --git a/tests/gold_tests/timeout/case-inactive2.sh 
b/tests/gold_tests/timeout/case-inactive2.sh
deleted file mode 100644
index d172741..000
--- a/tests/gold_tests/timeout/case-inactive2.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#  Licensed to the Apache Software Foundation (ASF) under one
-#  or more contributor license agreements.  See the NOTICE file
-#  distributed with this work for additional information
-#  regarding copyright ownership.  The ASF licenses this file
-#  to you under the Apache License, Version 2.0 (the
-#  "License"); you may not use this file except in compliance
-#  with the License.  You may obtain a copy of the License at
-#
-#  http://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
-
-nc -4 -l ${2} -c  "sh ./delay-inactive-server.sh" &
-sleep 1
-curl -k -i --http1.1 https://127.0.0.1:${1}/${3}
diff --git a/tests/gold_tests/timeout/case-inactive3.sh 
b/tests/gold_tests/timeout/case-inactive3.sh
deleted file mode 100644
index 9e6ad9d..000
--- a/tests/gold_tests/timeout/case-inactive3.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#  Licensed to the Apache Software Foundation (ASF) under one
-#  or more contributor license agreements.  See the NOTICE file
-#  distributed with this work for additional information
-#  regarding copyright ownership.  The ASF licenses this file
-#  to you under the Apache License, Version 2.0 (the
-#  "License"); you may not use this file except in compliance
-#  with the License.  You may obtain a copy of the License at
-#
-#  http://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
-
-nc -4 -l ${2} -c  "sh ./delay-inactive-server.sh" &
-sleep 1
-curl -k -i --http2 https://127.0.0.1:${1}/${3}
diff --git a/tests/gold_tests/timeout/case-inactive4.sh 

[trafficserver] branch 9.1.x updated: Fix asserts in multiplexer plugin. (#7532)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.1.x by this push:
 new 4003fc6  Fix asserts in multiplexer plugin. (#7532)
4003fc6 is described below

commit 4003fc65290c3829356c8b435aaa1a1eb300224e
Author: Walt Karas 
AuthorDate: Mon Feb 22 10:43:32 2021 -0600

Fix asserts in multiplexer plugin. (#7532)

(cherry picked from commit d011f94f5695bccd9388912ca53810c2a3f8fa5f)
---
 plugins/multiplexer/dispatch.cc |  3 +--
 plugins/multiplexer/dispatch.h  | 28 
 plugins/multiplexer/original-request.cc |  3 +--
 3 files changed, 26 insertions(+), 8 deletions(-)

diff --git a/plugins/multiplexer/dispatch.cc b/plugins/multiplexer/dispatch.cc
index d5f4c3a..493501e 100644
--- a/plugins/multiplexer/dispatch.cc
+++ b/plugins/multiplexer/dispatch.cc
@@ -86,8 +86,7 @@ copy(const TSIOBufferReader , const TSIOBuffer b)
 const void *const pointer = TSIOBufferBlockReadStart(block, r, );
 
 if (pointer != nullptr && size > 0) {
-  const int64_t size2 = TSIOBufferWrite(b, pointer, size);
-  assert(size == size2);
+  CHECK(TSIOBufferWrite(b, pointer, size) == size);
   length += size;
 }
   }
diff --git a/plugins/multiplexer/dispatch.h b/plugins/multiplexer/dispatch.h
index 0d9c4e1..4cba391 100644
--- a/plugins/multiplexer/dispatch.h
+++ b/plugins/multiplexer/dispatch.h
@@ -31,12 +31,32 @@
 
 #include "ts.h"
 
-#define CHECK(X) \
-  {  \
-const TSReturnCode r = static_cast(X); \
-assert(r == TS_SUCCESS); \
+#ifdef __OPTIMIZE__
+
+// Optimized -- release build.
+
+// For CHECK(), execute any side effects (only) for expression X.
+#define CHECK(X)  \
+  {   \
+static_cast(X); \
   }
 
+// Make sure assert() disabled.
+#ifndef NDEBUG
+#define NDEBUG
+#endif
+
+#else
+
+// Check if expression X returns a value that implicitly converts to bool 
false (such as TS_SUCCESS).
+#define CHECK(X)\
+  { \
+static_assert(!TS_SUCCESS); \
+assert(!(X));   \
+  }
+
+#endif
+
 struct Statistics {
   int failures;
   int hits;
diff --git a/plugins/multiplexer/original-request.cc 
b/plugins/multiplexer/original-request.cc
index f0c1943..542e3c2 100644
--- a/plugins/multiplexer/original-request.cc
+++ b/plugins/multiplexer/original-request.cc
@@ -93,8 +93,7 @@ OriginalRequest::urlScheme(const std::string )
 {
   assert(buffer_ != nullptr);
   assert(url_ != nullptr);
-  const TSReturnCode result = TSUrlSchemeSet(buffer_, url_, s.c_str(), 
s.size());
-  assert(result == TS_SUCCESS);
+  CHECK(TSUrlSchemeSet(buffer_, url_, s.c_str(), s.size()));
 }
 
 void

[trafficserver] 02/02: Fix out of bounds access error in jtest (#7526)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit bbdf4eca482e74db1eb000b2abffdb246887ae27
Author: Masakazu Kitajo 
AuthorDate: Wed Feb 17 05:52:48 2021 +0900

Fix out of bounds access error in jtest (#7526)

(cherry picked from commit 7a7a89960ce71be9fce3b0bcf5eb4f7c169903ca)
---
 tools/jtest/jtest.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/jtest/jtest.cc b/tools/jtest/jtest.cc
index 3f04a50..d251520 100644
--- a/tools/jtest/jtest.cc
+++ b/tools/jtest/jtest.cc
@@ -4800,7 +4800,7 @@ ink_web_escapify_string(char *dest_in, char *src_in, int 
max_dest_len)
   int quit   = 0;
 
   while ((*src != 0) && (dcount < max_dest_len) && (quit == 0)) {
-if ((char *)memchr(dontescapify, *src, INT_MAX) || 
ParseRules::is_alpha(*src) || ParseRules::is_digit(*src)) {
+if ((char *)strchr(dontescapify, *src) || ParseRules::is_alpha(*src) || 
ParseRules::is_digit(*src)) {
   /* this is regular character, don't escapify it */
   if (dcount + 1 < max_dest_len) {
 *dest++ = *src;

[trafficserver] branch 9.1.x updated (ad8e411 -> bbdf4ec)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a change to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git.


from ad8e411  Fix QUIC unit test failures (#7497)
 new 85d2500  Disable ja3 plugin when building with boringssl (#7500)
 new bbdf4ec  Fix out of bounds access error in jtest (#7526)

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 configure.ac | 2 +-
 tools/jtest/jtest.cc | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

[trafficserver] 01/02: Disable ja3 plugin when building with boringssl (#7500)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit 85d250097ca121481bef4e732f1c1fc279b32abb
Author: Randall Meyer 
AuthorDate: Tue Feb 9 08:19:08 2021 -0800

Disable ja3 plugin when building with boringssl (#7500)

SSL_client_hello_get0_legacy_version is not available under boringssl

(cherry picked from commit 92a20b770510a1fb226f798870cc341449eabafe)
---
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index b5bf0c2..9481e37 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1363,7 +1363,7 @@ AC_EGREP_CPP(yes, [
   #endif
   ], [
 AC_MSG_RESULT(yes)
-AS_IF([test "x${enable_experimental_plugins}" = "xyes"], [
+AS_IF([test "x${enable_experimental_plugins}" = "xyes" && -z 
"$openssl_is_boringssl"], [
   enable_ja3_plugin=yes
 ])
   ], [AC_MSG_RESULT(no)])

[trafficserver] branch 9.0.x updated: Fix out of bounds access error in jtest (#7526)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 045ed15  Fix out of bounds access error in jtest (#7526)
045ed15 is described below

commit 045ed1513fa412ca3941c83cdddf7bee5da24890
Author: Masakazu Kitajo 
AuthorDate: Wed Feb 17 05:52:48 2021 +0900

Fix out of bounds access error in jtest (#7526)

(cherry picked from commit 7a7a89960ce71be9fce3b0bcf5eb4f7c169903ca)
---
 tools/jtest/jtest.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/jtest/jtest.cc b/tools/jtest/jtest.cc
index 3f04a50..d251520 100644
--- a/tools/jtest/jtest.cc
+++ b/tools/jtest/jtest.cc
@@ -4800,7 +4800,7 @@ ink_web_escapify_string(char *dest_in, char *src_in, int 
max_dest_len)
   int quit   = 0;
 
   while ((*src != 0) && (dcount < max_dest_len) && (quit == 0)) {
-if ((char *)memchr(dontescapify, *src, INT_MAX) || 
ParseRules::is_alpha(*src) || ParseRules::is_digit(*src)) {
+if ((char *)strchr(dontescapify, *src) || ParseRules::is_alpha(*src) || 
ParseRules::is_digit(*src)) {
   /* this is regular character, don't escapify it */
   if (dcount + 1 < max_dest_len) {
 *dest++ = *src;

[trafficserver] branch 9.1.x updated: Fix QUIC unit test failures (#7497)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.1.x by this push:
 new ad8e411  Fix QUIC unit test failures (#7497)
ad8e411 is described below

commit ad8e411addd7f7e5579adc9ef313a017d3abe8d5
Author: Masakazu Kitajo 
AuthorDate: Wed Feb 10 08:57:03 2021 +0900

Fix QUIC unit test failures (#7497)

* Fix QUIC unit test failures

Recent BoringSSL requires ALPN extension if the SSL context is used for 
QUIC.

* Fix the string length passed for server_len

(cherry picked from commit be2cee799349838d2425afb2701b03d0e25f2bf2)
---
 iocore/net/quic/test/test_QUICHandshakeProtocol.cc | 38 +-
 .../quic/test/test_QUICPacketHeaderProtector.cc| 30 +
 2 files changed, 53 insertions(+), 15 deletions(-)

diff --git a/iocore/net/quic/test/test_QUICHandshakeProtocol.cc 
b/iocore/net/quic/test/test_QUICHandshakeProtocol.cc
index e697868..ec84f0e 100644
--- a/iocore/net/quic/test/test_QUICHandshakeProtocol.cc
+++ b/iocore/net/quic/test/test_QUICHandshakeProtocol.cc
@@ -102,16 +102,32 @@ TEST_CASE("QUICHandshakeProtocol")
   BIO *key_bio(BIO_new_mem_buf(server_key, sizeof(server_key)));
   EVP_PKEY *pkey = PEM_read_bio_PrivateKey(key_bio, nullptr, nullptr, nullptr);
   SSL_CTX_use_PrivateKey(server_ssl_ctx, pkey);
+  SSL_CTX_set_alpn_select_cb(
+server_ssl_ctx,
+[](SSL *ssl, const unsigned char **out, unsigned char *outlen, const 
unsigned char *in, unsigned inlen, void *) {
+  auto ret = SSL_select_next_proto(const_cast(out), 
outlen,
+   reinterpret_cast("\6h3-foo"), 7, in, inlen);
+  if (ret == OPENSSL_NPN_NEGOTIATED) {
+return SSL_TLSEXT_ERR_OK;
+  } else {
+*out= nullptr;
+*outlen = 0;
+return SSL_TLSEXT_ERR_NOACK;
+  }
+},
+nullptr);
 
   SECTION("Full Handshake", "[quic]")
   {
 QUICPacketProtectionKeyInfo pp_key_info_client;
 QUICPacketProtectionKeyInfo pp_key_info_server;
-NetVCOptions netvc_options;
+NetVCOptions netvc_options_client;
+NetVCOptions netvc_options_server;
 MockQUICConnection mock_client_connection;
 MockQUICConnection mock_server_connection;
-QUICHandshakeProtocol *client = new QUICTLS(pp_key_info_client, 
client_ssl_ctx, NET_VCONNECTION_OUT, netvc_options);
-QUICHandshakeProtocol *server = new QUICTLS(pp_key_info_server, 
server_ssl_ctx, NET_VCONNECTION_IN, netvc_options);
+netvc_options_client.alpn_protos = "\6h3-foo";
+QUICHandshakeProtocol *client= new QUICTLS(pp_key_info_client, 
client_ssl_ctx, NET_VCONNECTION_OUT, netvc_options_client);
+QUICHandshakeProtocol *server= new QUICTLS(pp_key_info_server, 
server_ssl_ctx, NET_VCONNECTION_IN, netvc_options_server);
 SSL_set_ex_data(static_cast(client)->ssl_handle(), 
QUIC::ssl_quic_qc_index, _client_connection);
 SSL_set_ex_data(static_cast(server)->ssl_handle(), 
QUIC::ssl_quic_qc_index, _server_connection);
 QUICPacketPayloadProtector ppp_client(pp_key_info_client);
@@ -238,11 +254,13 @@ TEST_CASE("QUICHandshakeProtocol")
 
 QUICPacketProtectionKeyInfo pp_key_info_client;
 QUICPacketProtectionKeyInfo pp_key_info_server;
-NetVCOptions netvc_options;
+NetVCOptions netvc_options_client;
+NetVCOptions netvc_options_server;
+netvc_options_client.alpn_protos = "\6h3-foo";
 MockQUICConnection mock_client_connection;
 MockQUICConnection mock_server_connection;
-QUICHandshakeProtocol *client = new QUICTLS(pp_key_info_client, 
client_ssl_ctx, NET_VCONNECTION_OUT, netvc_options);
-QUICHandshakeProtocol *server = new QUICTLS(pp_key_info_server, 
server_ssl_ctx, NET_VCONNECTION_IN, netvc_options);
+QUICHandshakeProtocol *client = new QUICTLS(pp_key_info_client, 
client_ssl_ctx, NET_VCONNECTION_OUT, netvc_options_client);
+QUICHandshakeProtocol *server = new QUICTLS(pp_key_info_server, 
server_ssl_ctx, NET_VCONNECTION_IN, netvc_options_server);
 SSL_set_ex_data(static_cast(client)->ssl_handle(), 
QUIC::ssl_quic_qc_index, _client_connection);
 SSL_set_ex_data(static_cast(server)->ssl_handle(), 
QUIC::ssl_quic_qc_index, _server_connection);
 QUICPacketPayloadProtector ppp_client(pp_key_info_client);
@@ -414,11 +432,13 @@ TEST_CASE("QUICHandshakeProtocol")
   {
 QUICPacketProtectionKeyInfo pp_key_info_client;
 QUICPacketProtectionKeyInfo pp_key_info_server;
-NetVCOptions netvc_options;
+NetVCOptions netvc_options_client;
+NetVCOptions netvc_options_server;
+netvc_options_client.alpn_protos = "\6h3-foo";
 MockQUICConnection mock_client_connection;
 MockQUICConnection mock_server_connection;
-QUICHandshakeProtocol *client = new QUICTLS(pp_key_info_client, 
client_ssl_ctx, NET_VCONNECTION_OUT, netvc_options);
-QUICHandshakeProtocol *server = new 

[trafficserver] branch 9.1.x updated: Fix QUIC unit tests build issue on GNU ld (#7496)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.1.x by this push:
 new 9a6c3de  Fix QUIC unit tests build issue on GNU ld (#7496)
9a6c3de is described below

commit 9a6c3de8521b618c97a430ea9bedac0f8561fda7
Author: Masakazu Kitajo 
AuthorDate: Wed Feb 10 08:57:56 2021 +0900

Fix QUIC unit tests build issue on GNU ld (#7496)

(cherry picked from commit bf95bcce359327d9636211a0867221d3ca16f26f)
---
 iocore/net/quic/Makefile.am | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/iocore/net/quic/Makefile.am b/iocore/net/quic/Makefile.am
index da29c12..9276e81 100644
--- a/iocore/net/quic/Makefile.am
+++ b/iocore/net/quic/Makefile.am
@@ -145,8 +145,8 @@ test_CPPFLAGS = \
 
 test_LDADD = \
   libquic.a \
-  $(top_builddir)/iocore/eventsystem/libinkevent.a \
   $(top_builddir)/lib/records/librecords_p.a \
+  $(top_builddir)/iocore/eventsystem/libinkevent.a \
   $(top_builddir)/mgmt/libmgmt_p.la \
   $(top_builddir)/proxy/shared/libUglyLogStubs.a \
   $(top_builddir)/src/tscore/libtscore.la \

[trafficserver] branch 9.1.x updated: fix certs (#7494)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.1.x by this push:
 new 28e0b7f  fix certs (#7494)
28e0b7f is described below

commit 28e0b7febafc49d0ca05890d01d8664a081f2445
Author: Fei Deng 
AuthorDate: Mon Feb 8 10:44:08 2021 -0600

fix certs (#7494)

(cherry picked from commit 7c3b48aebb94dfadb01ec6dca964d00f68fa0a3a)
---
 tests/gold_tests/tls/ssl/combo-signed-foo.pem | 124 -
 tests/gold_tests/tls/ssl/combo.pem| 125 --
 tests/gold_tests/tls/ssl/server.key   |  76 ++--
 tests/gold_tests/tls/ssl/server.pem   |  49 ++
 tests/gold_tests/tls/ssl/signed-bar.key   |  76 ++--
 tests/gold_tests/tls/ssl/signed-bar.pem   |  48 ++
 tests/gold_tests/tls/ssl/signed-bob-bar.pem   |  47 ++
 tests/gold_tests/tls/ssl/signed-bob-foo.pem   |  47 ++
 tests/gold_tests/tls/ssl/signed-foo-ec.key|  13 ++-
 tests/gold_tests/tls/ssl/signed-foo-ec.pem|  46 +-
 tests/gold_tests/tls/ssl/signed-foo.key   |  76 ++--
 tests/gold_tests/tls/ssl/signed-foo.pem   | 124 -
 tests/gold_tests/tls/ssl/signed-san-ec.key|  10 +--
 tests/gold_tests/tls/ssl/signed-san-ec.pem|  45 ++
 tests/gold_tests/tls/ssl/signed-san.key   |  76 ++--
 tests/gold_tests/tls/ssl/signed-san.pem   | 125 +-
 tests/gold_tests/tls/ssl/signed-wild.key  |  52 +++
 tests/gold_tests/tls/ssl/signed-wild.pem  |  33 +++
 tests/gold_tests/tls/ssl/signed2-bar.pem  |  50 +++
 tests/gold_tests/tls/ssl/signed2-foo.pem  |  50 +++
 tests/gold_tests/tls/ssl/signer.key   |  67 ++
 tests/gold_tests/tls/ssl/signer.pem   |  45 ++
 tests/gold_tests/tls/ssl/signer2.key  |  76 ++--
 tests/gold_tests/tls/ssl/signer2.pem  |  51 ++-
 tests/gold_tests/tls/ssl/wild-signed.pem  |  18 
 tests/gold_tests/tls/ssl/wild.key |  28 --
 tests/gold_tests/tls/tls_verify.test.py   |  12 +--
 27 files changed, 1025 insertions(+), 564 deletions(-)

diff --git a/tests/gold_tests/tls/ssl/combo-signed-foo.pem 
b/tests/gold_tests/tls/ssl/combo-signed-foo.pem
index e3bf4cd..aea6c76 100644
--- a/tests/gold_tests/tls/ssl/combo-signed-foo.pem
+++ b/tests/gold_tests/tls/ssl/combo-signed-foo.pem
@@ -1,47 +1,85 @@
 -BEGIN CERTIFICATE-
-MIIDCzCCAnQCCQC81MtBCwmQtzANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMC
-VVMxCzAJBgNVBAgTAklMMRIwEAYDVQQHEwlDaGFtcGFpZ24xDjAMBgNVBAoTBVlh
-aG9vMQ0wCwYDVQQLEwRFZGdlMSgwJgYDVQQDEx9qdWljZXByb2R1Y2UuY29ycC5u
-ZTEueWFob28uY29tMSQwIgYJKoZIhvcNAQkBFhVwZXJzaWEuYXppekB5YWhvby5j
-b20wHhcNMTgxMDE1MTU1NjMzWhcNMjgxMDEyMTU1NjMzWjByMQswCQYDVQQGEwJV
-UzELMAkGA1UECAwCSUwxEjAQBgNVBAcMCUNoYW1wYWlnbjEQMA4GA1UECgwHRXhh
-bXBsZTEQMA4GA1UEAwwHZm9vLmNvbTEeMBwGCSqGSIb3DQEJARYPYm9iQGV4YW1w
-bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyYXjrK9KOAtE
-FXpaPL4mJfyI1r5I+GOmKI5zvxPU+R0n1sZEYpEU/F+8qrPQpa4zXGKDzTUD+b4J
-dagCHosVK22WZJXGd5BxfzF3c7mFf/7k92H1q7Dk3X23LumnR7Qa/0HNMPRkmwaa
-eNmQC8c42doWWaudV5ir3M+ef4Jv/WL5RhK877D85Ho3R+lNRini6hmmTqpFezdi
-eMypicoj88K5kf/Mu5PvYwx0F/gNsGuYGogDBnSDPGk1fl7DTQL3rKb18l+1IcMQ
-7MNHq9Bi7+LLGAq7uYRfrVHI3jgh8UpwqBAuOW9sw2RwEyy46+wCCedk3EqNZE2k
-4qwDgIh0SwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBALr2gm+KgveEcTXwURM0wxJC
-m0yOR8w6MX8fxHKaekhJH1U84G64Ub0gbn2beOdLBQkG+4czLiOOOgyeukPaJJ81
-od2ooE7DrGUPGnbHYxW/70EtVF5nQEctcqpKNF/d04mVKrqI90919MJSxJ5KedHK
-2H11+gUPwDWy/mAwJzEJ
+MIIFqDCCA5CgAwIBAgIUQ8IzibYNFuyESAQtZ15ZXGjddoEwDQYJKoZIhvcNAQEL
+BQAwVDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAklMMQ4wDAYDVQQKDAVZYWhvbzEN
+MAsGA1UECwwERWRnZTEZMBcGA1UEAwwQc2lnbmVyLnlhaG9vLmNvbTAeFw0yMTAy
+MDUyMjIxMzdaFw0zMTAyMDMyMjIxMzdaMEsxCzAJBgNVBAYTAlVTMQswCQYDVQQI
+DAJJTDEOMAwGA1UECgwFWWFob28xDTALBgNVBAsMBEVkZ2UxEDAOBgNVBAMMB2Zv
+by5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC3d1SPofH6gTTQ
+2/DTX0XQ6J6I0pGa+feDGvl0dye1MzKt3BsvZq30QA/q/87pu7bYkw8P40nLnsNH
+B9lgR1XwcMuU7i7psqaxXRdwl2akNz21O++5rY8YC0Nal5Fxd6lLCLQQkWlFynO4
+bBd/OOUo55mAHTrh9l97YGHY3HW2X+ykFrZpqY+DP3FQNDVoPSLW/AUj+zpy91SD
+xZhDEWy4owGuUywv79xuTSJGhgKjPJuAtL6M5Q/ElMN7JDy6J+qWegoxcUBwhTE2
+GGFt6bpoQpLME45SbVr7Ws1xijrV1zC6cK9tHtAkCzSkcd18pGTnHcTSas8H1UPL
+cf2m9/bSaqfsIT0LQu9PTklIzALeb39sqOEe8dU77ZjBHSF6LyjBJl8rFl4qcPfn
+FErOpANwtfJEklQ7Oqw7xDKKeu8oEVJn/SpjpczObFArTgWy1BwA9Ta3rNHHYQnM
++1cj4k2JHlbISfDw3aUyykDIdsbCILQTyWlCIZk0foieBRv229mfiaXXZEYjxK8u
+u5aa3UlmMb2G7zzEuM+xCPVUD97st5n4MTlaQc2dzL4LqP7W75W1ZRcEaU6eZGeO
+ElXGQfLS+ychURIg0Z9YmBwoNvvJoITA5Lhc2WzuQspz4cm8yoNkuh/xPkLB8TST
+UwCG0iXCdqANoxyx4P1dhsKC3Ggy7QIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCG
+SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
+FgQUcZcJW8zXBnFSWlOlzEDu8IVgutEwHwYDVR0jBBgwFoAUvL2OD0q1YpE9OZDt

[trafficserver] branch 9.1.x updated: Add new log field for negotiated ALPN Protocol ID with the client (#7491)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.1.x by this push:
 new fa5b858  Add new log field for negotiated ALPN Protocol ID with the 
client (#7491)
fa5b858 is described below

commit fa5b8581e026634f56eab1bc1f4e57563b516fa1
Author: Masaori Koshiba 
AuthorDate: Fri Feb 12 10:29:37 2021 +0900

Add new log field for negotiated ALPN Protocol ID with the client (#7491)

(cherry picked from commit 55439ff1cc99e67bf4391876632e195f15709bfc)
---
 doc/admin-guide/logging/formatting.en.rst |  2 ++
 iocore/net/P_ALPNSupport.h| 20 
 iocore/net/QUICNetVConnection.cc  |  2 ++
 iocore/net/SSLNetVConnection.cc   |  2 ++
 proxy/http/HttpSM.cc  |  2 ++
 proxy/http/HttpSM.h   |  1 +
 proxy/http/Makefile.am|  2 +-
 proxy/logging/Log.cc  |  5 +
 proxy/logging/LogAccess.cc| 18 ++
 proxy/logging/LogAccess.h |  1 +
 10 files changed, 54 insertions(+), 1 deletion(-)

diff --git a/doc/admin-guide/logging/formatting.en.rst 
b/doc/admin-guide/logging/formatting.en.rst
index 583e999..d9dbc1b 100644
--- a/doc/admin-guide/logging/formatting.en.rst
+++ b/doc/admin-guide/logging/formatting.en.rst
@@ -604,6 +604,7 @@ SSL / Encryption
 .. _cqssv:
 .. _cqssc:
 .. _cqssu:
+.. _cqssa:
 .. _pqssl:
 .. _pscert:
 
@@ -628,6 +629,7 @@ cqssv  Client Request SSL version used to communicate with 
the client.
 cqssc  Client Request SSL Cipher used by |TS| to communicate with the client.
 cqssu  Client Request SSL Elliptic Curve used by |TS| to communicate with the
   client when using an ECDHE cipher.
+cqssa  Client Request ALPN Protocol ID negotiated with the client.
 pqssl  Proxy Request  Indicates whether the connection from |TS| to the origin
   was over SSL or not.
 pscert Proxy Request  1 if origin requested certificate from |TS| during TLS
diff --git a/iocore/net/P_ALPNSupport.h b/iocore/net/P_ALPNSupport.h
index 75970da..e403122 100644
--- a/iocore/net/P_ALPNSupport.h
+++ b/iocore/net/P_ALPNSupport.h
@@ -61,6 +61,9 @@ public:
 return npnSet;
   }
 
+  void set_negotiated_protocol_id(const ts::TextView );
+  int get_negotiated_protocol_id() const;
+
 private:
   const SSLNextProtocolSet *npnSet = nullptr;
   SessionProtocolSet protoenabled;
@@ -68,4 +71,21 @@ private:
   unsigned char *npn= nullptr;
   size_t npnsz  = 0;
   Continuation *npnEndpoint = nullptr;
+  int _negotiated_proto_id  = SessionProtocolNameRegistry::INVALID;
 };
+
+//
+// Inline functions
+//
+
+inline void
+ALPNSupport::set_negotiated_protocol_id(const ts::TextView )
+{
+  _negotiated_proto_id = globalSessionProtocolNameRegistry.indexFor(proto);
+}
+
+inline int
+ALPNSupport::get_negotiated_protocol_id() const
+{
+  return _negotiated_proto_id;
+}
diff --git a/iocore/net/QUICNetVConnection.cc b/iocore/net/QUICNetVConnection.cc
index 666c028..fbba684 100644
--- a/iocore/net/QUICNetVConnection.cc
+++ b/iocore/net/QUICNetVConnection.cc
@@ -2133,6 +2133,8 @@ QUICNetVConnection::_start_application()
   app_name_len = IP_PROTO_TAG_HTTP_QUIC.size();
 }
 
+this->set_negotiated_protocol_id({reinterpret_cast(app_name), static_cast(app_name_len)});
+
 if (netvc_context == NET_VCONNECTION_IN) {
   if (!this->setSelectedProtocol(app_name, app_name_len)) {
 
this->_handle_error(std::make_unique(QUICTransErrorCode::PROTOCOL_VIOLATION));
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index fc2bde2..fda1df6 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -1325,6 +1325,8 @@ SSLNetVConnection::sslServerHandShakeEvent(int )
 if (!this->setSelectedProtocol(proto, len)) {
   return EVENT_ERROR;
 }
+this->set_negotiated_protocol_id({reinterpret_cast(proto), static_cast(len)});
+
 Debug("ssl", "client selected next protocol '%.*s'", len, proto);
   } else {
 Debug("ssl", "client did not select a next protocol");
diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index ceb5d9d..43ae2ed 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -566,6 +566,8 @@ HttpSM::attach_client_session(ProxyTransaction *client_vc, 
IOBufferReader *buffe
 client_cipher_suite  = cipher ? cipher : "-";
 const char *curve= ssl_vc->getSSLCurve();
 client_curve = curve ? curve : "-";
+client_alpn_id   = ssl_vc->get_negotiated_protocol_id();
+
 if (!client_tcp_reused) {
   // Copy along the TLS handshake timings
   milestones[TS_MILESTONE_TLS_HANDSHAKE_START] = 
ssl_vc->sslHandshakeBeginTime;
diff --git a/proxy/http/HttpSM.h b/proxy/http/HttpSM.h
index 

[trafficserver] branch 9.1.x updated: Fix out of bounds access error in ats_base64_decode (#7490)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.1.x by this push:
 new 46ab6ca  Fix out of bounds access error in ats_base64_decode (#7490)
46ab6ca is described below

commit 46ab6ca5b97b2103d7977a0b36f4a7948ddf3e3e
Author: Masakazu Kitajo 
AuthorDate: Thu Feb 11 03:45:45 2021 +0900

Fix out of bounds access error in ats_base64_decode (#7490)

(cherry picked from commit 95b86998e37c57fb493a6d792d638e0368d7d80c)
---
 src/tscore/ink_base64.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tscore/ink_base64.cc b/src/tscore/ink_base64.cc
index 22cb11f..a1da352 100644
--- a/src/tscore/ink_base64.cc
+++ b/src/tscore/ink_base64.cc
@@ -136,7 +136,7 @@ ats_base64_decode(const char *inBuffer, size_t 
inBufferSize, unsigned char *outB
 
   // Ignore any trailing ='s or other undecodable characters.
   // TODO: Perhaps that ought to be an error instead?
-  while (printableToSixBit[static_cast(inBuffer[inBytes])] <= 
MAX_PRINT_VAL) {
+  while (inBytes < inBufferSize && 
printableToSixBit[static_cast(inBuffer[inBytes])] <= MAX_PRINT_VAL) {
 ++inBytes;
   }
 

[trafficserver] branch 9.0.x updated: Fix out of bounds access error in ats_base64_decode (#7490)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 59185d7  Fix out of bounds access error in ats_base64_decode (#7490)
59185d7 is described below

commit 59185d7417b104546118ca10a37934c583b39cac
Author: Masakazu Kitajo 
AuthorDate: Thu Feb 11 03:45:45 2021 +0900

Fix out of bounds access error in ats_base64_decode (#7490)

(cherry picked from commit 95b86998e37c57fb493a6d792d638e0368d7d80c)
---
 src/tscore/ink_base64.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tscore/ink_base64.cc b/src/tscore/ink_base64.cc
index 22cb11f..a1da352 100644
--- a/src/tscore/ink_base64.cc
+++ b/src/tscore/ink_base64.cc
@@ -136,7 +136,7 @@ ats_base64_decode(const char *inBuffer, size_t 
inBufferSize, unsigned char *outB
 
   // Ignore any trailing ='s or other undecodable characters.
   // TODO: Perhaps that ought to be an error instead?
-  while (printableToSixBit[static_cast(inBuffer[inBytes])] <= 
MAX_PRINT_VAL) {
+  while (inBytes < inBufferSize && 
printableToSixBit[static_cast(inBuffer[inBytes])] <= MAX_PRINT_VAL) {
 ++inBytes;
   }
 

[trafficserver] branch 9.1.x updated: Avoid -Warray-bounds on PROXY Protocol Builder (#7488)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.1.x by this push:
 new f5ac0f5  Avoid -Warray-bounds on PROXY Protocol Builder (#7488)
f5ac0f5 is described below

commit f5ac0f5200327ae00216f314a5009091df164843
Author: Masaori Koshiba 
AuthorDate: Tue Feb 9 07:49:10 2021 +0900

Avoid -Warray-bounds on PROXY Protocol Builder (#7488)

(cherry picked from commit f658828f3ba38482aadc218eb060fae9ce22d58a)
---
 iocore/net/ProxyProtocol.cc | 14 --
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/iocore/net/ProxyProtocol.cc b/iocore/net/ProxyProtocol.cc
index 1d406a7..9cf4c8e 100644
--- a/iocore/net/ProxyProtocol.cc
+++ b/iocore/net/ProxyProtocol.cc
@@ -62,6 +62,8 @@ constexpr uint16_t PPv2_ADDR_LEN_INET  = 4 + 4 + 2 + 2;
 constexpr uint16_t PPv2_ADDR_LEN_INET6 = 16 + 16 + 2 + 2;
 constexpr uint16_t PPv2_ADDR_LEN_UNIX  = 108 + 108;
 
+const ts::BWFSpec ADDR_ONLY_FMT{"::a"};
+
 struct PPv2Hdr {
   uint8_t sig[12]; ///< preface
   uint8_t ver_cmd; ///< protocol version and command
@@ -334,19 +336,11 @@ proxy_protocol_v1_build(uint8_t *buf, size_t max_buf_len, 
const ProxyProtocol 
   bw.write(PPv1_DELIMITER);
 
   // the layer 3 source address
-  char src_ip_buf[INET6_ADDRSTRLEN];
-  ats_ip_ntop(pp_info.src_addr, src_ip_buf, sizeof(src_ip_buf));
-  size_t src_ip_len = strnlen(src_ip_buf, sizeof(src_ip_buf));
-
-  bw.write(src_ip_buf, src_ip_len);
+  bwformat(bw, ADDR_ONLY_FMT, pp_info.src_addr);
   bw.write(PPv1_DELIMITER);
 
   // the layer 3 destination address
-  char dst_ip_buf[INET6_ADDRSTRLEN];
-  ats_ip_ntop(pp_info.dst_addr, dst_ip_buf, sizeof(dst_ip_buf));
-  size_t dst_ip_len = strnlen(dst_ip_buf, sizeof(dst_ip_buf));
-
-  bw.write(dst_ip_buf, dst_ip_len);
+  bwformat(bw, ADDR_ONLY_FMT, pp_info.dst_addr);
   bw.write(PPv1_DELIMITER);
 
   // TCP source port

[trafficserver] branch 9.0.x updated: traffic_ctl - Fix lookup key for run-root option (#7484)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 97f6647  traffic_ctl - Fix lookup key for run-root option (#7484)
97f6647 is described below

commit 97f664740f68732b5c243ea2ddb8ae1da1c173e3
Author: Damian Meden 
AuthorDate: Fri Feb 5 16:46:08 2021 +

traffic_ctl - Fix lookup key for run-root option (#7484)

- Fix lookup key for run-root option. Update ArgParser docs to make this
  clear. Also fix another doc warning.

Co-authored-by: Damian Meden 
(cherry picked from commit b13fc672310505f94be5f21141b4d06b52cbf930)
---
 doc/admin-guide/plugins/compress.en.rst | 2 +-
 doc/developer-guide/internal-libraries/ArgParser.en.rst | 4 +++-
 src/traffic_ctl/traffic_ctl.cc  | 2 +-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/doc/admin-guide/plugins/compress.en.rst 
b/doc/admin-guide/plugins/compress.en.rst
index f58454e..b548ccb 100644
--- a/doc/admin-guide/plugins/compress.en.rst
+++ b/doc/admin-guide/plugins/compress.en.rst
@@ -104,7 +104,7 @@ versions of the content as :term:`alternates `. 
When set to
 by the origin. Enabled by default.
 
 range-request
--
+-
 
 When set to ``true``, causes |TS| to compress responses to Range Requests.
 Disabled by default. Setting this to true while setting cache to false leads 
to delivering corrupted content.
diff --git a/doc/developer-guide/internal-libraries/ArgParser.en.rst 
b/doc/developer-guide/internal-libraries/ArgParser.en.rst
index 1448a90..235775b 100644
--- a/doc/developer-guide/internal-libraries/ArgParser.en.rst
+++ b/doc/developer-guide/internal-libraries/ArgParser.en.rst
@@ -158,7 +158,9 @@ Classes
 
.. function:: Option _option(std::string const _option, 
std::string const _option, std::string const , std::string 
const  = "", unsigned arg_num = 0, std::string const _value = 
"", std::string const  = "")
 
-  Add an option to current command with *long name*, *short name*, *help 
description*, *environment variable*, *arguments expected*, *default value* and 
*lookup key*. Return The Option object itself.
+  Add an option to current command with *long name*, *short name*, *help 
description*, *environment variable*, *arguments expected*, *default value* and 
*lookup key*.
+  If no *lookup key* is provided, the *long name* will be used as lookup 
key without the prefix, for instance, for a long option ``--debug`` you should 
use ``debug`` as
+  as lookup key. Return The Option object itself.
 
.. function:: Command _command(std::string const _name, std::string 
const _description, std::function const  = nullptr, std::string 
const  = "")
 
diff --git a/src/traffic_ctl/traffic_ctl.cc b/src/traffic_ctl/traffic_ctl.cc
index 33b363e..be7899f 100644
--- a/src/traffic_ctl/traffic_ctl.cc
+++ b/src/traffic_ctl/traffic_ctl.cc
@@ -273,7 +273,7 @@ main(int argc, const char **argv)
 diags->show_location  = SHOW_LOCATION_DEBUG;
   }
 
-  argparser_runroot_handler(engine.arguments.get("--run-root").value(), 
argv[0]);
+  argparser_runroot_handler(engine.arguments.get("run-root").value(), argv[0]);
   Layout::create();
 
   // This is a little bit of a hack, for now it'll suffice.

[trafficserver] branch 9.1.x updated: traffic_ctl - Fix lookup key for run-root option (#7484)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.1.x by this push:
 new 2004d24  traffic_ctl - Fix lookup key for run-root option (#7484)
2004d24 is described below

commit 2004d2443cb6d2000bc54d7848010427bd1cbd50
Author: Damian Meden 
AuthorDate: Fri Feb 5 16:46:08 2021 +

traffic_ctl - Fix lookup key for run-root option (#7484)

- Fix lookup key for run-root option. Update ArgParser docs to make this
  clear. Also fix another doc warning.

Co-authored-by: Damian Meden 
(cherry picked from commit b13fc672310505f94be5f21141b4d06b52cbf930)
---
 doc/admin-guide/plugins/compress.en.rst | 2 +-
 doc/developer-guide/internal-libraries/ArgParser.en.rst | 4 +++-
 src/traffic_ctl/traffic_ctl.cc  | 2 +-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/doc/admin-guide/plugins/compress.en.rst 
b/doc/admin-guide/plugins/compress.en.rst
index f58454e..b548ccb 100644
--- a/doc/admin-guide/plugins/compress.en.rst
+++ b/doc/admin-guide/plugins/compress.en.rst
@@ -104,7 +104,7 @@ versions of the content as :term:`alternates `. 
When set to
 by the origin. Enabled by default.
 
 range-request
--
+-
 
 When set to ``true``, causes |TS| to compress responses to Range Requests.
 Disabled by default. Setting this to true while setting cache to false leads 
to delivering corrupted content.
diff --git a/doc/developer-guide/internal-libraries/ArgParser.en.rst 
b/doc/developer-guide/internal-libraries/ArgParser.en.rst
index 1448a90..235775b 100644
--- a/doc/developer-guide/internal-libraries/ArgParser.en.rst
+++ b/doc/developer-guide/internal-libraries/ArgParser.en.rst
@@ -158,7 +158,9 @@ Classes
 
.. function:: Option _option(std::string const _option, 
std::string const _option, std::string const , std::string 
const  = "", unsigned arg_num = 0, std::string const _value = 
"", std::string const  = "")
 
-  Add an option to current command with *long name*, *short name*, *help 
description*, *environment variable*, *arguments expected*, *default value* and 
*lookup key*. Return The Option object itself.
+  Add an option to current command with *long name*, *short name*, *help 
description*, *environment variable*, *arguments expected*, *default value* and 
*lookup key*.
+  If no *lookup key* is provided, the *long name* will be used as lookup 
key without the prefix, for instance, for a long option ``--debug`` you should 
use ``debug`` as
+  as lookup key. Return The Option object itself.
 
.. function:: Command _command(std::string const _name, std::string 
const _description, std::function const  = nullptr, std::string 
const  = "")
 
diff --git a/src/traffic_ctl/traffic_ctl.cc b/src/traffic_ctl/traffic_ctl.cc
index f71cd7b..f7d570e 100644
--- a/src/traffic_ctl/traffic_ctl.cc
+++ b/src/traffic_ctl/traffic_ctl.cc
@@ -275,7 +275,7 @@ main(int argc, const char **argv)
 diags->show_location  = SHOW_LOCATION_DEBUG;
   }
 
-  argparser_runroot_handler(engine.arguments.get("--run-root").value(), 
argv[0]);
+  argparser_runroot_handler(engine.arguments.get("run-root").value(), argv[0]);
   Layout::create();
 
   // This is a little bit of a hack, for now it'll suffice.

[trafficserver] branch 9.1.x updated: Upgrade Catch.hpp to v2.13.4 (#7464)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.1.x by this push:
 new b81f978  Upgrade Catch.hpp to v2.13.4 (#7464)
b81f978 is described below

commit b81f9783ef59cded8dc4009ecd04073c7dfe33d0
Author: Randall Meyer 
AuthorDate: Thu Feb 11 14:24:09 2021 -0800

Upgrade Catch.hpp to v2.13.4 (#7464)

* Upgrade Catch.hpp to v2.13.4

* fixup tests

(cherry picked from commit 1a1a548c61c176736bf058675153114a22e9b366)
---
 .../eventsystem/unit_tests/test_MIOBufferWriter.cc |   6 +-
 .../slice/unit-tests/test_content_range.cc |   2 +-
 proxy/http2/unit_tests/test_Http2Frame.cc  |   6 +-
 proxy/logging/unit-tests/test_LogUtils.cc  |   4 +-
 src/tscore/unit_tests/test_Errata.cc   |   2 +-
 src/tscore/unit_tests/test_IntrusiveHashMap.cc |   2 +-
 tests/include/catch.hpp| 892 ++---
 7 files changed, 599 insertions(+), 315 deletions(-)

diff --git a/iocore/eventsystem/unit_tests/test_MIOBufferWriter.cc 
b/iocore/eventsystem/unit_tests/test_MIOBufferWriter.cc
index 3479946..622d4ac 100644
--- a/iocore/eventsystem/unit_tests/test_MIOBufferWriter.cc
+++ b/iocore/eventsystem/unit_tests/test_MIOBufferWriter.cc
@@ -45,11 +45,11 @@ struct MIOBuffer {
 #include "MIOBufferWriter.cc"
 
 IOBufferBlock iobb[1];
-int iobbIdx{0};
+unsigned int iobbIdx{0};
 
-const int BlockSize = 11 * 11;
+const unsigned int BlockSize = 11 * 11;
 char block[BlockSize];
-int blockUsed{0};
+unsigned int blockUsed{0};
 
 std::int64_t
 IOBufferBlock::write_avail()
diff --git a/plugins/experimental/slice/unit-tests/test_content_range.cc 
b/plugins/experimental/slice/unit-tests/test_content_range.cc
index a987629..17b417f 100644
--- a/plugins/experimental/slice/unit-tests/test_content_range.cc
+++ b/plugins/experimental/slice/unit-tests/test_content_range.cc
@@ -47,7 +47,7 @@ TEST_CASE("content_range to/from string - valid", 
"[AWS][slice][utility]")
   bool const strstat(exprange.toStringClosed(gotbuf, ));
 
   CHECK(strstat);
-  CHECK(gotlen == expstr.size());
+  CHECK(gotlen == static_cast(expstr.size()));
   CHECK(expstr == std::string(gotbuf));
 
   ContentRange gotrange;
diff --git a/proxy/http2/unit_tests/test_Http2Frame.cc 
b/proxy/http2/unit_tests/test_Http2Frame.cc
index b957868..d30b07a 100644
--- a/proxy/http2/unit_tests/test_Http2Frame.cc
+++ b/proxy/http2/unit_tests/test_Http2Frame.cc
@@ -39,13 +39,13 @@ TEST_CASE("Http2Frame", "[http2][Http2Frame]")
 uint8_t hdr_block_len = sizeof(hdr_block);
 
 Http2PushPromiseFrame frame(id, flags, pp, hdr_block, hdr_block_len);
-uint64_t written = frame.write_to(miob);
+int64_t written = frame.write_to(miob);
 
-CHECK(written == HTTP2_FRAME_HEADER_LEN + sizeof(Http2StreamId) + 
hdr_block_len);
+CHECK(written == static_cast(HTTP2_FRAME_HEADER_LEN + 
sizeof(Http2StreamId) + hdr_block_len));
 CHECK(written == miob_r->read_avail());
 
 uint8_t buf[32] = {0};
-uint64_t read   = miob_r->read(buf, written);
+int64_t read= miob_r->read(buf, written);
 CHECK(read == written);
 
 uint8_t expected[] = {
diff --git a/proxy/logging/unit-tests/test_LogUtils.cc 
b/proxy/logging/unit-tests/test_LogUtils.cc
index 672aaef..cd87f67 100644
--- a/proxy/logging/unit-tests/test_LogUtils.cc
+++ b/proxy/logging/unit-tests/test_LogUtils.cc
@@ -50,7 +50,7 @@ test(const MIMEField *pairs, int numPairs, const char 
*asciiResult, int extraUnm
 
   int binAlignSize = marshalMimeHdr(numPairs ?  : nullptr, nullptr);
 
-  REQUIRE(binAlignSize < sizeof(binBuf));
+  REQUIRE(binAlignSize < static_cast(sizeof(binBuf)));
 
   hdr.reset();
 
@@ -72,7 +72,7 @@ test(const MIMEField *pairs, int numPairs, const char 
*asciiResult, int extraUnm
 
   char *bp = binBuf;
 
-  int asciiSize = unmarshalMimeHdr(, asciiBuf, std::strlen(asciiResult) + 
extraUnmarshalSpace);
+  unsigned int asciiSize = unmarshalMimeHdr(, asciiBuf, 
std::strlen(asciiResult) + extraUnmarshalSpace);
 
   REQUIRE(asciiSize == std::strlen(asciiResult));
 
diff --git a/src/tscore/unit_tests/test_Errata.cc 
b/src/tscore/unit_tests/test_Errata.cc
index a234f77..f19273a 100644
--- a/src/tscore/unit_tests/test_Errata.cc
+++ b/src/tscore/unit_tests/test_Errata.cc
@@ -49,7 +49,7 @@ TEST_CASE("Basic Errata test with id,code and text", 
"[errata]")
 {
   ts::Errata err;
   int id{1};
-  int code{2};
+  unsigned int code{2};
   std::string text{"Some error text"};
 
   err.push(id, code, text);
diff --git a/src/tscore/unit_tests/test_IntrusiveHashMap.cc 
b/src/tscore/unit_tests/test_IntrusiveHashMap.cc
index e182dd6..8223be3 100644
--- a/src/tscore/unit_tests/test_IntrusiveHashMap.cc
+++ b/src/tscore/unit_tests/test_IntrusiveHashMap.cc
@@ -99,7 +99,7 @@ TEST_CASE("IntrusiveHashMap", "[libts][IntrusiveHashMap]")
 
   size_t nb = map.bucket_count();
 

[trafficserver] branch 9.1.x updated: Unit Test - Increase openssl's key size. Place test certs into a common test folder. (#7451)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.1.x by this push:
 new 63085be  Unit Test -  Increase openssl's key size. Place test certs 
into a common test folder. (#7451)
63085be is described below

commit 63085be50957f2a1a842b5435b49e3ef1ea0d444
Author: Damian Meden 
AuthorDate: Sun Feb 7 19:54:17 2021 +

Unit Test -  Increase openssl's key size. Place test certs into a common 
test folder. (#7451)

Co-authored-by: Damian Meden 
(cherry picked from commit 245fc5b9106a55b703336c48592888e5e3e9f8c0)
---
 .../gold_tests/autest-site/trafficserver.test.ext  | 13 
 tests/gold_tests/bigobj/bigobj.test.py |  3 +-
 tests/gold_tests/bigobj/ssl/server.key | 15 -
 tests/gold_tests/bigobj/ssl/server.pem | 32 --
 .../chunked_encoding/chunked_encoding.test.py  |  3 +-
 .../chunked_encoding/chunked_encoding_h2.test.py   |  3 +-
 tests/gold_tests/chunked_encoding/ssl/server.key   | 15 -
 tests/gold_tests/chunked_encoding/ssl/server.pem   | 32 --
 tests/gold_tests/continuations/double_h2.test.py   |  3 +-
 .../gold_tests/continuations/openclose_h2.test.py  |  3 +-
 tests/gold_tests/continuations/session_id.test.py  |  3 +-
 tests/gold_tests/continuations/ssl/server.key  | 15 -
 tests/gold_tests/continuations/ssl/server.pem  | 32 --
 tests/gold_tests/h2/h2disable.test.py  |  3 +-
 .../h2/h2disable_no_accept_threads.test.py |  3 +-
 tests/gold_tests/h2/h2enable.test.py   |  3 +-
 .../h2/h2enable_no_accept_threads.test.py  |  3 +-
 tests/gold_tests/h2/h2spec.test.py |  3 +-
 tests/gold_tests/h2/http2.test.py  |  3 +-
 tests/gold_tests/h2/http2_priority.test.py |  3 +-
 tests/gold_tests/h2/httpbin.test.py|  3 +-
 tests/gold_tests/h2/nghttp.test.py |  3 +-
 tests/gold_tests/h2/ssl/server.key | 15 -
 tests/gold_tests/h2/ssl/server.pem | 32 --
 tests/gold_tests/headers/forwarded.test.py |  3 +-
 tests/gold_tests/headers/hsts.test.py  |  3 +-
 tests/gold_tests/headers/via.test.py   |  3 +-
 tests/gold_tests/ip_allow/ip_allow.test.py |  3 +-
 tests/gold_tests/ip_allow/ssl/server.key   | 15 -
 tests/gold_tests/ip_allow/ssl/server.pem   | 32 --
 tests/gold_tests/logging/new_log_flds.test.py  |  3 +-
 .../server_push_preload.test.py|  4 +-
 .../pluginTest/server_push_preload/ssl/server.key  | 15 -
 .../pluginTest/server_push_preload/ssl/server.pem  | 32 --
 .../pluginTest/sslheaders/ssl/server.key   | 28 -
 .../pluginTest/sslheaders/ssl/server.pem   | 21 ---
 .../pluginTest/sslheaders/sslheaders.test.py   |  3 +-
 .../pluginTest/test_hooks/ssl/server.key   | 15 -
 .../pluginTest/test_hooks/ssl/server.pem   | 32 --
 .../pluginTest/test_hooks/test_hooks.test.py   |  3 +-
 tests/gold_tests/pluginTest/tsapi/ssl/server.key   | 15 -
 tests/gold_tests/pluginTest/tsapi/ssl/server.pem   | 32 --
 tests/gold_tests/pluginTest/tsapi/tsapi.test.py|  3 +-
 .../gold_tests/pluginTest/url_sig/url_sig.test.py  |  4 +-
 .../post_slow_server/post_slow_server.test.py  |  3 +-
 tests/gold_tests/post_slow_server/ssl/server.key   | 15 -
 tests/gold_tests/post_slow_server/ssl/server.pem   | 32 --
 .../proxy_protocol/proxy_protocol.test.py  |  3 +-
 tests/gold_tests/proxy_protocol/ssl/server.key | 15 -
 tests/gold_tests/proxy_protocol/ssl/server.pem | 32 --
 tests/gold_tests/remap/remap_https.test.py |  3 +-
 tests/gold_tests/remap/remap_ws.test.py|  3 +-
 tests/gold_tests/remap/ssl/server.key  | 15 -
 tests/gold_tests/remap/ssl/server.pem  | 32 --
 tests/gold_tests/timeout/tls_conn_timeout.test.py  |  2 +-
 tests/gold_tests/tls/tls.test.py   |  3 +-
 tests/gold_tests/tls_hooks/ssl/server.key  | 15 -
 tests/gold_tests/tls_hooks/ssl/server.pem  | 32 --
 tests/gold_tests/tls_hooks/tls_hooks.test.py   |  3 +-
 tests/gold_tests/tls_hooks/tls_hooks10.test.py |  3 +-
 tests/gold_tests/tls_hooks/tls_hooks11.test.py |  3 +-
 tests/gold_tests/tls_hooks/tls_hooks12.test.py |  3 +-
 tests/gold_tests/tls_hooks/tls_hooks13.test.py |  3 +-
 tests/gold_tests/tls_hooks/tls_hooks14.test.py |  3 +-
 tests/gold_tests/tls_hooks/tls_hooks15.test.py |  3 +-
 tests/gold_tests/tls_hooks/tls_hooks16.test.py |  3 +-
 tests/gold_tests/tls_hooks/tls_hooks17.test.py |  3 +-
 tests/gold_tests/tls_hooks/tls_hooks18.test.py |  3 +-
 tests/gold_tests/tls_hooks/tls_hooks2.test.py  |  3 

[trafficserver] branch 9.1.x updated: Move reopen_moved_log_files to log flushing thread (#7450)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.1.x by this push:
 new d786968  Move reopen_moved_log_files to log flushing thread (#7450)
d786968 is described below

commit d786968d2415f0c3109fe441f68d09a6af446aff
Author: Brian Neradt 
AuthorDate: Thu Feb 11 16:17:00 2021 -0600

Move reopen_moved_log_files to log flushing thread (#7450)

The handling of the log rotation signal was locking against the periodic
flushing thread. This moves the log rotation handling logic into the
same flushing thread so they will not lock against each other.

(cherry picked from commit 3107b8bcbb64114af6d80e51cc4572a2fb7c7be7)
---
 proxy/logging/Log.cc | 19 +--
 proxy/logging/Log.h  |  8 +---
 src/traffic_server/traffic_server.cc |  2 +-
 tests/gold_tests/logging/sigusr2.test.py |  1 +
 4 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/proxy/logging/Log.cc b/proxy/logging/Log.cc
index 61307e0..0766256 100644
--- a/proxy/logging/Log.cc
+++ b/proxy/logging/Log.cc
@@ -72,6 +72,7 @@ int Log::preproc_threads;
 int Log::init_status  = 0;
 int Log::config_flags = 0;
 bool Log::logging_mode_changed= false;
+bool Log::log_rotate_signal_received  = false;
 uint32_t Log::periodic_tasks_interval = PERIODIC_TASKS_INTERVAL_FALLBACK;
 
 // Hash table for LogField symbols
@@ -140,12 +141,6 @@ Log::change_configuration()
   Debug("log-config", "... new configuration in place");
 }
 
-void
-Log::reopen_moved_log_files()
-{
-  Log::config->log_object_manager.reopen_moved_log_files();
-}
-
 /*-
   PERIODIC EVENTS
 
@@ -260,6 +255,10 @@ Log::periodic_tasks(long time_now)
   }
   Log::config->log_object_manager.roll_files(time_now);
 }
+if (log_rotate_signal_received) {
+  Log::config->log_object_manager.reopen_moved_log_files();
+  log_rotate_signal_received = false;
+}
   }
 }
 
@@ -986,6 +985,14 @@ Log::handle_periodic_tasks_int_change(const char * /* name 
ATS_UNUSED */, RecDat
   return REC_ERR_OKAY;
 }
 
+int
+Log::handle_log_rotation_request()
+{
+  Debug("log", "Request to reopen rotated log files.");
+  log_rotate_signal_received = true;
+  return 0;
+}
+
 void
 Log::init(int flags)
 {
diff --git a/proxy/logging/Log.h b/proxy/logging/Log.h
index eff338a..50c4323 100644
--- a/proxy/logging/Log.h
+++ b/proxy/logging/Log.h
@@ -206,15 +206,16 @@ public:
   // reconfiguration stuff
   static void change_configuration();
 
+  static int handle_logging_mode_change(const char *name, RecDataT data_type, 
RecData data, void *cookie);
+  static int handle_periodic_tasks_int_change(const char *name, RecDataT 
data_type, RecData data, void *cookie);
+
   /** Check each log file path to see whether it exists and re-open if not.
*
* This is called when an external log rotation entity has moved log files to
* rolled names. This checks whether the original log file exists and, if
* not, closes the file descriptor and re-opens the file.
*/
-  static void reopen_moved_log_files();
-  static int handle_logging_mode_change(const char *name, RecDataT data_type, 
RecData data, void *cookie);
-  static int handle_periodic_tasks_int_change(const char *name, RecDataT 
data_type, RecData data, void *cookie);
+  static int handle_log_rotation_request();
 
   friend void RegressionTest_LogObjectManager_Transfer(RegressionTest *, int, 
int *);
 
@@ -226,6 +227,7 @@ private:
   static int init_status;
   static int config_flags;
   static bool logging_mode_changed;
+  static bool log_rotate_signal_received;
   static uint32_t periodic_tasks_interval;
 };
 
diff --git a/src/traffic_server/traffic_server.cc 
b/src/traffic_server/traffic_server.cc
index c251698..2a17303 100644
--- a/src/traffic_server/traffic_server.cc
+++ b/src/traffic_server/traffic_server.cc
@@ -290,7 +290,7 @@ public:
 Note("Could not reseat %s", DIAGS_LOG_FILENAME);
   }
   // Reload any of the other moved log files (such as the ones in 
logging.yaml).
-  Log::reopen_moved_log_files();
+  Log::handle_log_rotation_request();
 }
 
 if (signal_received[SIGTERM] || signal_received[SIGINT]) {
diff --git a/tests/gold_tests/logging/sigusr2.test.py 
b/tests/gold_tests/logging/sigusr2.test.py
index a1d2ed8..cc01166 100644
--- a/tests/gold_tests/logging/sigusr2.test.py
+++ b/tests/gold_tests/logging/sigusr2.test.py
@@ -43,6 +43,7 @@ class Sigusr2Test:
 'proxy.config.http.wait_for_cache': 1,
 'proxy.config.diags.debug.enabled': 1,
 'proxy.config.diags.debug.tags': 'log',
+'proxy.config.log.periodic_tasks_interval': 1,
 
 # All log rotation should be handled externally.

[trafficserver] branch 9.1.x updated: Add Outbound PROXY Protocol (v1/v2) Support (#7446)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.1.x by this push:
 new 35b6a47  Add Outbound PROXY Protocol (v1/v2) Support (#7446)
35b6a47 is described below

commit 35b6a475dbab8d169a1c0dd932ee9a6febc95abd
Author: Masaori Koshiba 
AuthorDate: Fri Feb 12 08:26:24 2021 +0900

Add Outbound PROXY Protocol (v1/v2) Support (#7446)

(cherry picked from commit c87c6500415089bfc4959fd05690af077f139287)
---
 .../configuration/proxy-protocol.en.rst| 16 ---
 doc/admin-guide/files/records.config.en.rst| 15 ++
 include/ts/apidefs.h.in|  1 +
 iocore/net/I_NetVConnection.h  |  4 ++
 iocore/net/P_NetVConnection.h  | 21 
 iocore/net/SSLNetVConnection.cc| 29 +++
 mgmt/RecordsConfig.cc  |  2 +
 plugins/lua/ts_lua_http_config.c   |  2 +
 proxy/http/HttpConfig.cc   |  3 ++
 proxy/http/HttpConfig.h|  1 +
 proxy/http/HttpSM.cc   | 56 --
 src/shared/overridable_txn_vars.cc |  1 +
 src/traffic_server/InkAPI.cc   |  3 ++
 src/traffic_server/InkAPITest.cc   |  1 +
 14 files changed, 145 insertions(+), 10 deletions(-)

diff --git a/doc/admin-guide/configuration/proxy-protocol.en.rst 
b/doc/admin-guide/configuration/proxy-protocol.en.rst
index adf61f6..a83fe5b 100644
--- a/doc/admin-guide/configuration/proxy-protocol.en.rst
+++ b/doc/admin-guide/configuration/proxy-protocol.en.rst
@@ -31,12 +31,7 @@ TLS connections.
 
 .. note::
 
-The current version only supports transforming client IP from PROXY 
Version 1/2
-header to the Forwarded: header.
-
-In the current implementation, the client IP address in the PROXY protocol 
header
-is passed to the origin server via an HTTP `Forwarded:
-`_ header.
+The current implementation doesn't support TLV fields of Version 2.
 
 The Proxy Protocol must be enabled on each port.  See
 :ts:cv:`proxy.config.http.server_ports` for information on how to enable the
@@ -52,11 +47,18 @@ configured with 
:ts:cv:`proxy.config.http.proxy_protocol_allowlist`.
If the allowlist is configured, requests will only be accepted from 
these
IP addresses and must be prefaced with the PROXY v1/v2 header.
 
-See :ts:cv:`proxy.config.http.insert_forwarded` for configuration information.
+1. HTTP Forwarded Header
+
+The client IP address in the PROXY protocol header is passed to the origin 
server via an HTTP `Forwarded:
+`_ header. See 
:ts:cv:`proxy.config.http.insert_forwarded` for configuration information.
 Detection of the PROXY protocol header is automatic.  If the PROXY header
 precludes the request, it will automatically be parse and made available to the
 Forwarded: request header sent to the origin server.
 
+2. Outbound PROXY protocol
+
+See :ts:cv:`proxy.config.http.proxy_protocol_out` for configuration 
information.
+
 Example
 ---
 
diff --git a/doc/admin-guide/files/records.config.en.rst 
b/doc/admin-guide/files/records.config.en.rst
index 7050389..fcbec12 100644
--- a/doc/admin-guide/files/records.config.en.rst
+++ b/doc/admin-guide/files/records.config.en.rst
@@ -1818,6 +1818,21 @@ Proxy User Variables
 
See :ref:`proxy-protocol` for more discussion on how |TS| transforms the 
`Forwarded: header`.
 
+.. ts:cv:: CONFIG proxy.config.http.proxy_protocol_out INT ``-1``
+   :reloadable:
+   :overridable:
+
+   Set the behavior of outbound PROXY Protocol.
+
+   === 
==
+   Value   Description
+   === 
==
+   ``-1``  Disable (default)
+   ``0``   Forward received PROXY protocol to the next hop
+   ``1``   Send client information in PROXY protocol version 1
+   ``2``   Send client information in PROXY protocol version 2
+   === 
==
+
 .. ts:cv:: CONFIG proxy.config.http.normalize_ae INT 1
:reloadable:
:overridable:
diff --git a/include/ts/apidefs.h.in b/include/ts/apidefs.h.in
index e8ee795..93098b1 100644
--- a/include/ts/apidefs.h.in
+++ b/include/ts/apidefs.h.in
@@ -785,6 +785,7 @@ typedef enum {
   TS_CONFIG_HTTP_PARENT_CONNECT_ATTEMPT_TIMEOUT,
   TS_CONFIG_HTTP_NORMALIZE_AE,
   TS_CONFIG_HTTP_INSERT_FORWARDED,
+  TS_CONFIG_HTTP_PROXY_PROTOCOL_OUT,
   TS_CONFIG_HTTP_ALLOW_MULTI_RANGE,
   TS_CONFIG_HTTP_REQUEST_BUFFER_ENABLED,
   TS_CONFIG_HTTP_ALLOW_HALF_OPEN,
diff --git a/iocore/net/I_NetVConnection.h b/iocore/net/I_NetVConnection.h

[trafficserver] branch 9.1.x updated: Add PROXY Protocol Builder (#7445)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.1.x by this push:
 new f46ce85  Add PROXY Protocol Builder (#7445)
f46ce85 is described below

commit f46ce85cfa86db9ea361659139f621b28dcd54c0
Author: Masaori Koshiba 
AuthorDate: Fri Feb 5 08:19:34 2021 +0900

Add PROXY Protocol Builder (#7445)

(cherry picked from commit 1baffec5f2d5ce5272c9af5d46b2b54f4b9bbe6a)
---
 include/tscore/ink_inet.h   |   6 +-
 iocore/net/ProxyProtocol.cc | 186 +++-
 iocore/net/ProxyProtocol.h  |   3 +
 iocore/net/unit_tests/test_ProxyProtocol.cc | 100 +++
 4 files changed, 292 insertions(+), 3 deletions(-)

diff --git a/include/tscore/ink_inet.h b/include/tscore/ink_inet.h
index c0a7cc1..c683643 100644
--- a/include/tscore/ink_inet.h
+++ b/include/tscore/ink_inet.h
@@ -181,8 +181,10 @@ inkcoreapi uint32_t ats_inet_addr(const char *s);
 const char *ats_ip_ntop(const struct sockaddr *addr, char *dst, size_t size);
 
 // --
-/// Size in bytes of an IPv6 address.
-static size_t const TS_IP6_SIZE = sizeof(in6_addr);
+/// Size in bytes of an port and IPv4/IPv6 address.
+static constexpr size_t TS_IP4_SIZE  = sizeof(in_addr_t); ///< 4
+static constexpr size_t TS_IP6_SIZE  = sizeof(in6_addr);  ///< 16
+static constexpr size_t TS_PORT_SIZE = sizeof(in_port_t); ///< 2
 
 /// Reset an address to invalid.
 /// @note Useful for marking a member as not yet set.
diff --git a/iocore/net/ProxyProtocol.cc b/iocore/net/ProxyProtocol.cc
index 452f63b..1d406a7 100644
--- a/iocore/net/ProxyProtocol.cc
+++ b/iocore/net/ProxyProtocol.cc
@@ -26,7 +26,10 @@
 #include "I_EventSystem.h"
 #include "I_NetVConnection.h"
 
+#include "tscore/BufferWriter.h"
 #include "tscore/ink_assert.h"
+#include "tscore/ink_string.h"
+#include "tscore/ink_inet.h"
 #include "tscpp/util/TextView.h"
 
 namespace
@@ -42,6 +45,8 @@ constexpr ts::TextView PPv1_PROTO_UNKNOWN = "UNKNOWN"sv;
 constexpr ts::TextView PPv1_PROTO_TCP4= "TCP4"sv;
 constexpr ts::TextView PPv1_PROTO_TCP6= "TCP6"sv;
 
+constexpr std::string_view PPv1_DELIMITER = " "sv;
+
 constexpr uint8_t PPv2_CMD_LOCAL = 0x20;
 constexpr uint8_t PPv2_CMD_PROXY = 0x21;
 
@@ -55,7 +60,7 @@ constexpr uint8_t PPv2_PROTO_UNIX_DATAGRAM = 0x32;
 
 constexpr uint16_t PPv2_ADDR_LEN_INET  = 4 + 4 + 2 + 2;
 constexpr uint16_t PPv2_ADDR_LEN_INET6 = 16 + 16 + 2 + 2;
-// constexpr uint16_t PPv2_ADDR_LEN_UNIX  = 108 + 108;
+constexpr uint16_t PPv2_ADDR_LEN_UNIX  = 108 + 108;
 
 struct PPv2Hdr {
   uint8_t sig[12]; ///< preface
@@ -302,6 +307,149 @@ proxy_protocol_v2_parse(ProxyProtocol *pp_info, const 
ts::TextView )
   return 0;
 }
 
+/**
+   Build PROXY Protocol v1
+ */
+size_t
+proxy_protocol_v1_build(uint8_t *buf, size_t max_buf_len, const ProxyProtocol 
_info)
+{
+  if (max_buf_len < PPv1_CONNECTION_HEADER_LEN_MAX) {
+return 0;
+  }
+
+  ts::FixedBufferWriter bw{reinterpret_cast(buf), max_buf_len};
+
+  // preface
+  bw.write(PPv1_CONNECTION_PREFACE);
+  bw.write(PPv1_DELIMITER);
+
+  // the proxied INET protocol and family
+  if (pp_info.src_addr.isIp4()) {
+bw.write(PPv1_PROTO_TCP4);
+  } else if (pp_info.src_addr.isIp6()) {
+bw.write(PPv1_PROTO_TCP6);
+  } else {
+bw.write(PPv1_PROTO_UNKNOWN);
+  }
+  bw.write(PPv1_DELIMITER);
+
+  // the layer 3 source address
+  char src_ip_buf[INET6_ADDRSTRLEN];
+  ats_ip_ntop(pp_info.src_addr, src_ip_buf, sizeof(src_ip_buf));
+  size_t src_ip_len = strnlen(src_ip_buf, sizeof(src_ip_buf));
+
+  bw.write(src_ip_buf, src_ip_len);
+  bw.write(PPv1_DELIMITER);
+
+  // the layer 3 destination address
+  char dst_ip_buf[INET6_ADDRSTRLEN];
+  ats_ip_ntop(pp_info.dst_addr, dst_ip_buf, sizeof(dst_ip_buf));
+  size_t dst_ip_len = strnlen(dst_ip_buf, sizeof(dst_ip_buf));
+
+  bw.write(dst_ip_buf, dst_ip_len);
+  bw.write(PPv1_DELIMITER);
+
+  // TCP source port
+  {
+size_t len = ink_small_itoa(ats_ip_port_host_order(pp_info.src_addr), 
bw.auxBuffer(), bw.remaining());
+bw.fill(len);
+bw.write(PPv1_DELIMITER);
+  }
+
+  // TCP destination port
+  {
+size_t len = ink_small_itoa(ats_ip_port_host_order(pp_info.dst_addr), 
bw.auxBuffer(), bw.remaining());
+bw.fill(len);
+  }
+
+  bw.write("\r\n");
+
+  return bw.size();
+}
+
+/**
+   Build PROXY Protocol v2
+
+   UDP, Unix Domain Socket, and TLV fields are not supported yet
+ */
+size_t
+proxy_protocol_v2_build(uint8_t *buf, size_t max_buf_len, const ProxyProtocol 
_info)
+{
+  if (max_buf_len < PPv2_CONNECTION_HEADER_LEN) {
+return 0;
+  }
+
+  ts::FixedBufferWriter bw{reinterpret_cast(buf), max_buf_len};
+
+  // # proxy_hdr_v2
+  // ## preface
+  bw.write(PPv2_CONNECTION_PREFACE);
+
+  // ## version and command
+  // TODO: support PPv2_CMD_LOCAL for health check
+  bw.write(static_cast(PPv2_CMD_PROXY));
+
+  // ## family & address
+  

[trafficserver] branch 9.0.x updated: Disable compiling Inline.cc on macOS (#7389)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new bc41ebd  Disable compiling Inline.cc on macOS (#7389)
bc41ebd is described below

commit bc41ebdf6fbcb941ab904608ffcaf4b126f10e3b
Author: Randall Meyer 
AuthorDate: Tue Feb 16 12:27:57 2021 -0800

Disable compiling Inline.cc on macOS (#7389)

Allows builds on Apple Silicon to complete and run

(cherry picked from commit fa8b3f9a3081e6f51d4ae733c48348b9f988e7c8)
---
 iocore/aio/Inline.cc   | 2 ++
 iocore/cache/Inline.cc | 2 ++
 iocore/dns/Inline.cc   | 2 ++
 iocore/eventsystem/Inline.cc   | 2 ++
 iocore/eventsystem/unit_tests/test_IOBuffer.cc | 3 +++
 iocore/hostdb/Inline.cc| 2 ++
 iocore/net/Inline.cc   | 2 ++
 iocore/net/test_I_UDPNet.cc| 5 +
 8 files changed, 20 insertions(+)

diff --git a/iocore/aio/Inline.cc b/iocore/aio/Inline.cc
index 8e9b6d3..03ba7b0 100644
--- a/iocore/aio/Inline.cc
+++ b/iocore/aio/Inline.cc
@@ -26,5 +26,7 @@
  *
  */
 
+#if !defined(darwin)
 #define TS_INLINE
 #include "P_AIO.h"
+#endif
diff --git a/iocore/cache/Inline.cc b/iocore/cache/Inline.cc
index ecd72d2..80b7af8 100644
--- a/iocore/cache/Inline.cc
+++ b/iocore/cache/Inline.cc
@@ -26,5 +26,7 @@
  *
  */
 
+#if !defined(darwin)
 #define TS_INLINE
 #include "P_Cache.h"
+#endif
diff --git a/iocore/dns/Inline.cc b/iocore/dns/Inline.cc
index 27da8cd..c7142c7 100644
--- a/iocore/dns/Inline.cc
+++ b/iocore/dns/Inline.cc
@@ -26,5 +26,7 @@
  *
  */
 
+#if !defined(darwin)
 #define TS_INLINE
 #include "P_DNS.h"
+#endif
diff --git a/iocore/eventsystem/Inline.cc b/iocore/eventsystem/Inline.cc
index dc708c2..98a80a3 100644
--- a/iocore/eventsystem/Inline.cc
+++ b/iocore/eventsystem/Inline.cc
@@ -26,5 +26,7 @@
  *
  */
 
+#if !defined(darwin)
 #define TS_INLINE
 #include "P_EventSystem.h"
+#endif
diff --git a/iocore/eventsystem/unit_tests/test_IOBuffer.cc 
b/iocore/eventsystem/unit_tests/test_IOBuffer.cc
index 1c2c407..0fc3518 100644
--- a/iocore/eventsystem/unit_tests/test_IOBuffer.cc
+++ b/iocore/eventsystem/unit_tests/test_IOBuffer.cc
@@ -28,6 +28,9 @@
 
 #include "I_EventSystem.h"
 #include "RecordsConfig.h"
+#if defined(darwin)
+#include "P_IOBuffer.h"
+#endif
 
 #include "diags.i"
 
diff --git a/iocore/hostdb/Inline.cc b/iocore/hostdb/Inline.cc
index dd8fb46..17cb3fe 100644
--- a/iocore/hostdb/Inline.cc
+++ b/iocore/hostdb/Inline.cc
@@ -26,5 +26,7 @@
  *
  */
 
+#if !defined(darwin)
 #define TS_INLINE
 #include "P_HostDB.h"
+#endif
diff --git a/iocore/net/Inline.cc b/iocore/net/Inline.cc
index 96716d6..fe9fe52 100644
--- a/iocore/net/Inline.cc
+++ b/iocore/net/Inline.cc
@@ -26,5 +26,7 @@
  *
  */
 
+#if !defined(darwin)
 #define TS_INLINE
 #include "P_Net.h"
+#endif
diff --git a/iocore/net/test_I_UDPNet.cc b/iocore/net/test_I_UDPNet.cc
index 9f50efe..c09167c 100644
--- a/iocore/net/test_I_UDPNet.cc
+++ b/iocore/net/test_I_UDPNet.cc
@@ -31,8 +31,13 @@
 #include "I_EventSystem.h"
 #include "I_Net.h"
 #include "I_UDPNet.h"
+#if defined(darwin)
+#include "P_UDPConnection.h"
+#include "P_UDPPacket.h"
+#else
 #include "I_UDPPacket.h"
 #include "I_UDPConnection.h"
+#endif
 
 #include "diags.i"
 

[trafficserver] branch 9.1.x updated: Disable compiling Inline.cc on macOS (#7389)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.1.x by this push:
 new 249b66a  Disable compiling Inline.cc on macOS (#7389)
249b66a is described below

commit 249b66ae31df247b9a9666994c41ff29542faeb4
Author: Randall Meyer 
AuthorDate: Tue Feb 16 12:27:57 2021 -0800

Disable compiling Inline.cc on macOS (#7389)

Allows builds on Apple Silicon to complete and run

(cherry picked from commit fa8b3f9a3081e6f51d4ae733c48348b9f988e7c8)
---
 iocore/aio/Inline.cc   | 2 ++
 iocore/cache/Inline.cc | 2 ++
 iocore/dns/Inline.cc   | 2 ++
 iocore/eventsystem/Inline.cc   | 2 ++
 iocore/eventsystem/unit_tests/test_IOBuffer.cc | 3 +++
 iocore/hostdb/Inline.cc| 2 ++
 iocore/net/Inline.cc   | 2 ++
 iocore/net/test_I_UDPNet.cc| 5 +
 8 files changed, 20 insertions(+)

diff --git a/iocore/aio/Inline.cc b/iocore/aio/Inline.cc
index 8e9b6d3..03ba7b0 100644
--- a/iocore/aio/Inline.cc
+++ b/iocore/aio/Inline.cc
@@ -26,5 +26,7 @@
  *
  */
 
+#if !defined(darwin)
 #define TS_INLINE
 #include "P_AIO.h"
+#endif
diff --git a/iocore/cache/Inline.cc b/iocore/cache/Inline.cc
index ecd72d2..80b7af8 100644
--- a/iocore/cache/Inline.cc
+++ b/iocore/cache/Inline.cc
@@ -26,5 +26,7 @@
  *
  */
 
+#if !defined(darwin)
 #define TS_INLINE
 #include "P_Cache.h"
+#endif
diff --git a/iocore/dns/Inline.cc b/iocore/dns/Inline.cc
index 27da8cd..c7142c7 100644
--- a/iocore/dns/Inline.cc
+++ b/iocore/dns/Inline.cc
@@ -26,5 +26,7 @@
  *
  */
 
+#if !defined(darwin)
 #define TS_INLINE
 #include "P_DNS.h"
+#endif
diff --git a/iocore/eventsystem/Inline.cc b/iocore/eventsystem/Inline.cc
index dc708c2..98a80a3 100644
--- a/iocore/eventsystem/Inline.cc
+++ b/iocore/eventsystem/Inline.cc
@@ -26,5 +26,7 @@
  *
  */
 
+#if !defined(darwin)
 #define TS_INLINE
 #include "P_EventSystem.h"
+#endif
diff --git a/iocore/eventsystem/unit_tests/test_IOBuffer.cc 
b/iocore/eventsystem/unit_tests/test_IOBuffer.cc
index 1c2c407..0fc3518 100644
--- a/iocore/eventsystem/unit_tests/test_IOBuffer.cc
+++ b/iocore/eventsystem/unit_tests/test_IOBuffer.cc
@@ -28,6 +28,9 @@
 
 #include "I_EventSystem.h"
 #include "RecordsConfig.h"
+#if defined(darwin)
+#include "P_IOBuffer.h"
+#endif
 
 #include "diags.i"
 
diff --git a/iocore/hostdb/Inline.cc b/iocore/hostdb/Inline.cc
index dd8fb46..17cb3fe 100644
--- a/iocore/hostdb/Inline.cc
+++ b/iocore/hostdb/Inline.cc
@@ -26,5 +26,7 @@
  *
  */
 
+#if !defined(darwin)
 #define TS_INLINE
 #include "P_HostDB.h"
+#endif
diff --git a/iocore/net/Inline.cc b/iocore/net/Inline.cc
index 96716d6..fe9fe52 100644
--- a/iocore/net/Inline.cc
+++ b/iocore/net/Inline.cc
@@ -26,5 +26,7 @@
  *
  */
 
+#if !defined(darwin)
 #define TS_INLINE
 #include "P_Net.h"
+#endif
diff --git a/iocore/net/test_I_UDPNet.cc b/iocore/net/test_I_UDPNet.cc
index dca7e0a..39f6c11 100644
--- a/iocore/net/test_I_UDPNet.cc
+++ b/iocore/net/test_I_UDPNet.cc
@@ -31,8 +31,13 @@
 #include "I_EventSystem.h"
 #include "I_Net.h"
 #include "I_UDPNet.h"
+#if defined(darwin)
+#include "P_UDPConnection.h"
+#include "P_UDPPacket.h"
+#else
 #include "I_UDPPacket.h"
 #include "I_UDPConnection.h"
+#endif
 
 #include "diags.i"
 

[trafficserver] branch 9.1.x updated: parse expiration time and reload config at time out (#7281)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.1.x by this push:
 new 6c94cf3  parse expiration time and reload config at time out (#7281)
6c94cf3 is described below

commit 6c94cf318030942341191e3dfed07668610a9757
Author: Fei Deng 
AuthorDate: Fri Feb 19 17:05:55 2021 -0600

parse expiration time and reload config at time out (#7281)

(cherry picked from commit b777c92acea5b7f280c15d5b048c1d03a5b7e608)
---
 plugins/s3_auth/s3_auth.cc | 248 +
 1 file changed, 226 insertions(+), 22 deletions(-)

diff --git a/plugins/s3_auth/s3_auth.cc b/plugins/s3_auth/s3_auth.cc
index 696fcab..5b381ab 100644
--- a/plugins/s3_auth/s3_auth.cc
+++ b/plugins/s3_auth/s3_auth.cc
@@ -37,6 +37,12 @@
 #include 
 #include 
 
+#include 
+#include 
+#include 
+#include 
+#include 
+
 #include 
 #include 
 #include "tscore/ink_config.h"
@@ -143,7 +149,31 @@ public:
   S3Config *get(const char *fname);
 
 private:
-  std::unordered_map> _cache;
+  struct _ConfigData {
+// This is incremented before and after cnf and load_time are set.
+// Thus, an odd value indicates an update is in progress.
+std::atomic update_status{0};
+
+// A config from a file and the last time it was loaded.
+// config should be written before load_time.  That way,
+// if config is read after load_time, the load time will
+// never indicate config is fresh when it isn't.
+std::atomic config;
+std::atomic load_time;
+
+_ConfigData() {}
+
+_ConfigData(S3Config *config_, time_t load_time_) : config(config_), 
load_time(load_time_) {}
+
+_ConfigData(_ConfigData &)
+{
+  update_status = lhs.update_status.load();
+  config= lhs.config.load();
+  load_time = lhs.load_time.load();
+}
+  };
+
+  std::unordered_map _cache;
   static const int _ttl = 60;
 };
 
@@ -153,6 +183,7 @@ ConfigCache gConfCache;
 // One configuration setup
 //
 int event_handler(TSCont, TSEvent, void *); // Forward declaration
+int config_reloader(TSCont, TSEvent, void *);
 
 class S3Config
 {
@@ -162,6 +193,9 @@ public:
 if (get_cont) {
   _cont = TSContCreate(event_handler, nullptr);
   TSContDataSet(_cont, static_cast(this));
+
+  _conf_rld = TSContCreate(config_reloader, TSMutexCreate());
+  TSContDataSet(_conf_rld, static_cast(this));
 }
   }
 
@@ -171,6 +205,13 @@ public:
 TSfree(_secret);
 TSfree(_keyid);
 TSfree(_token);
+TSfree(_conf_fname);
+if (_conf_rld_act) {
+  TSActionCancel(_conf_rld_act);
+}
+if (_conf_rld) {
+  TSContDestroy(_conf_rld);
+}
 if (_cont) {
   TSContDestroy(_cont);
 }
@@ -212,16 +253,19 @@ public:
   copy_changes_from(const S3Config *src)
   {
 if (src->_secret) {
+  TSfree(_secret);
   _secret = TSstrdup(src->_secret);
   _secret_len = src->_secret_len;
 }
 
 if (src->_keyid) {
+  TSfree(_keyid);
   _keyid = TSstrdup(src->_keyid);
   _keyid_len = src->_keyid_len;
 }
 
 if (src->_token) {
+  TSfree(_token);
   _token = TSstrdup(src->_token);
   _token_len = src->_token_len;
 }
@@ -250,6 +294,13 @@ public:
   _region_map  = src->_region_map;
   _region_map_modified = true;
 }
+
+_expiration = src->_expiration;
+
+if (src->_conf_fname) {
+  TSfree(_conf_fname);
+  _conf_fname = TSstrdup(src->_conf_fname);
+}
   }
 
   // Getters
@@ -319,6 +370,24 @@ public:
 return _region_map;
   }
 
+  long
+  expiration() const
+  {
+return _expiration;
+  }
+
+  const char *
+  conf_fname() const
+  {
+return _conf_fname;
+  }
+
+  int
+  incr_conf_reload_count()
+  {
+return _conf_reload_count++;
+  }
+
   // Setters
   void
   set_secret(const char *s)
@@ -380,6 +449,25 @@ public:
 _region_map_modified = true;
   }
 
+  void
+  set_expiration(const char *s)
+  {
+_expiration = strtol(s, nullptr, 10);
+  }
+
+  void
+  set_conf_fname(const char *s)
+  {
+TSfree(_conf_fname);
+_conf_fname = TSstrdup(s);
+  }
+
+  void
+  reset_conf_reload_count()
+  {
+_conf_reload_count = 0;
+  }
+
   // Parse configs from an external file
   bool parse_config(const std::string );
 
@@ -391,6 +479,18 @@ public:
 TSHttpTxnHookAdd(txnp, TS_HTTP_SEND_REQUEST_HDR_HOOK, _cont);
   }
 
+  void
+  schedule_conf_reload(long delay)
+  {
+if (_conf_rld_act != nullptr && !TSActionDone(_conf_rld_act)) {
+  TSActionCancel(_conf_rld_act);
+}
+_conf_rld_act = TSContScheduleOnPool(_conf_rld, delay * 1000, 
TS_THREAD_POOL_NET);
+  }
+
+  std::shared_mutex reload_mutex;
+  std::atomic_bool reload_waiting = false;
+
 private:
   char *_secret= nullptr;
   size_t _secret_len   = 0;
@@ -403,12 +503,17 @@ private:
   bool _version_modified   = false;

[trafficserver] branch 9.1.x updated: Perf: Replace casecmp with memcmp in HPACK static table lookup (#6521)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.1.x by this push:
 new e33d4fb  Perf: Replace casecmp with memcmp in HPACK static table 
lookup (#6521)
e33d4fb is described below

commit e33d4fbdb56dcea482f2f8deb56c71e0821c1324
Author: Masaori Koshiba 
AuthorDate: Fri Feb 5 15:15:49 2021 +0900

Perf: Replace casecmp with memcmp in HPACK static table lookup (#6521)

(cherry picked from commit 13285d111d463e96ff6960e92007811eac153678)
---
 proxy/http2/HPACK.cc | 36 
 1 file changed, 16 insertions(+), 20 deletions(-)

diff --git a/proxy/http2/HPACK.cc b/proxy/http2/HPACK.cc
index 81ed795..bccf4b8 100644
--- a/proxy/http2/HPACK.cc
+++ b/proxy/http2/HPACK.cc
@@ -231,9 +231,8 @@ namespace HpackStaticTable
   std::string_view name  = STATIC_TABLE[index].name;
   std::string_view value = STATIC_TABLE[index].value;
 
-  // TODO: replace `strcasecmp` with `memcmp`
   // Check whether name (and value) are matched
-  if (strcasecmp(header.name, name) == 0) {
+  if (memcmp(header.name, name) == 0) {
 if (memcmp(header.value, value) == 0) {
   result.index  = index;
   result.index_type = HpackIndex::STATIC;
@@ -619,19 +618,8 @@ encode_literal_header_field_with_new_name(uint8_t 
*buf_start, const uint8_t *buf
   }
   *(p++) = flag;
 
-  // Convert field name to lower case to follow HTTP2 spec.
-  // This conversion is needed because WKSs in MIMEFields is old fashioned
-  int name_len  = header.name.size();
-  const char *original_name = header.name.data();
-
-  ts::LocalBuffer local_buffer(name_len);
-  char *lower_name = local_buffer.data();
-  for (int i = 0; i < name_len; i++) {
-lower_name[i] = ParseRules::ink_tolower(original_name[i]);
-  }
-
   // Name String
-  len = xpack_encode_string(p, buf_end, lower_name, name_len);
+  len = xpack_encode_string(p, buf_end, header.name.data(), 
header.name.size());
   if (len == -1) {
 return -1;
   }
@@ -645,8 +633,8 @@ encode_literal_header_field_with_new_name(uint8_t 
*buf_start, const uint8_t *buf
 
   p += len;
 
-  Debug("hpack_encode", "Encoded field: %.*s: %.*s", name_len, lower_name, 
static_cast(header.value.size()),
-header.value.data());
+  Debug("hpack_encode", "Encoded field: %.*s: %.*s", 
static_cast(header.name.size()), header.name.data(),
+static_cast(header.value.size()), header.value.data());
 
   return p - buf_start;
 }
@@ -922,16 +910,24 @@ hpack_encode_header_block(HpackIndexingTable 
_table, uint8_t *out_buf,
 
   MIMEFieldIter field_iter;
   for (MIMEField *field = hdr->iter_get_first(_iter); field != nullptr; 
field = hdr->iter_get_next(_iter)) {
-std::string_view name  = field->name_get();
+// Convert field name to lower case to follow HTTP2 spec
+// This conversion is needed because WKSs in MIMEFields is old fashioned
+std::string_view original_name = field->name_get();
+int name_len   = original_name.size();
+ts::LocalBuffer local_buffer(name_len);
+char *lower_name = local_buffer.data();
+for (int i = 0; i < name_len; i++) {
+  lower_name[i] = ParseRules::ink_tolower(original_name[i]);
+}
+
+std::string_view name{lower_name, static_cast(name_len)};
 std::string_view value = field->value_get();
 
 // Choose field representation (See RFC7541 7.1.3)
 // - Authorization header obviously should not be indexed
 // - Short Cookie header should not be indexed because of low entropy
 HpackField field_type;
-// TODO: replace `strcasecmp` with `memcmp`
-if ((value.size() < 20 && strcasecmp(name, HPACK_HDR_FIELD_COOKIE) == 0) ||
-(strcasecmp(name, HPACK_HDR_FIELD_AUTHORIZATION) == 0)) {
+if ((value.size() < 20 && memcmp(name, HPACK_HDR_FIELD_COOKIE) == 0) || 
memcmp(name, HPACK_HDR_FIELD_AUTHORIZATION) == 0) {
   field_type = HpackField::NEVERINDEX_LITERAL;
 } else {
   field_type = HpackField::INDEXED_LITERAL;

[trafficserver] branch 9.1.x updated: Removes the test plugins from the .spec file / RPM (#7551)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.1.x by this push:
 new 1ca4c4f  Removes the test plugins from the .spec file / RPM (#7551)
1ca4c4f is described below

commit 1ca4c4f7d0d3117cb37465280597a260b6b3cf29
Author: Leif Hedstrom 
AuthorDate: Tue Feb 23 10:01:22 2021 -0700

Removes the test plugins from the .spec file / RPM (#7551)

(cherry picked from commit 7f4aef6b04fede839316ebe118ded286e3b9e812)
---
 tools/package/trafficserver.spec | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tools/package/trafficserver.spec b/tools/package/trafficserver.spec
index 2a4ae84..1667186 100755
--- a/tools/package/trafficserver.spec
+++ b/tools/package/trafficserver.spec
@@ -111,6 +111,8 @@ find %{buildroot} -type f -name "*.a" -delete
 find %{buildroot} -type f -name "*.pod" -delete
 find %{buildroot} -type f -name "*.in" -delete
 find %{buildroot} -type f -name ".packlist" -delete
+find %{buildroot} -type f -name "plugin_*.so" -delete
+
 
 # ToDo: Why is the Perl stuff ending up in the wrong place ??
 mkdir -p %{buildroot}%{_datadir}/perl5

[trafficserver] branch 9.0.x updated: Removes the test plugins from the .spec file / RPM (#7551)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 8226b28  Removes the test plugins from the .spec file / RPM (#7551)
8226b28 is described below

commit 8226b28c680f698092e8477d86e5c260ef8579f0
Author: Leif Hedstrom 
AuthorDate: Tue Feb 23 10:01:22 2021 -0700

Removes the test plugins from the .spec file / RPM (#7551)

(cherry picked from commit 7f4aef6b04fede839316ebe118ded286e3b9e812)
---
 tools/package/trafficserver.spec | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tools/package/trafficserver.spec b/tools/package/trafficserver.spec
index 431d965..812d6ce 100755
--- a/tools/package/trafficserver.spec
+++ b/tools/package/trafficserver.spec
@@ -111,6 +111,8 @@ find %{buildroot} -type f -name "*.a" -delete
 find %{buildroot} -type f -name "*.pod" -delete
 find %{buildroot} -type f -name "*.in" -delete
 find %{buildroot} -type f -name ".packlist" -delete
+find %{buildroot} -type f -name "plugin_*.so" -delete
+
 
 # ToDo: Why is the Perl stuff ending up in the wrong place ??
 mkdir -p %{buildroot}%{_datadir}/perl5

[trafficserver] branch master updated (a42d215 -> 7f4aef6)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git.


from a42d215  Convert the inactive_client_timeout test to use Proxy 
Verifier (#7535)
 add 7f4aef6  Removes the test plugins from the .spec file / RPM (#7551)

No new revisions were added by this update.

Summary of changes:
 tools/package/trafficserver.spec | 2 ++
 1 file changed, 2 insertions(+)

[trafficserver] branch master updated (bb8844d -> a42d215)

[bneradt]

This is an automated email from the ASF dual-hosted git repository.

bneradt pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git.


from bb8844d  Fix ja3_fingerprint configure syntax (#7550)
 add a42d215  Convert the inactive_client_timeout test to use Proxy 
Verifier (#7535)

No new revisions were added by this update.

Summary of changes:
 tests/gold_tests/timeout/case-inactive1.sh |  19 ---
 tests/gold_tests/timeout/case-inactive2.sh |  19 ---
 tests/gold_tests/timeout/case-inactive3.sh |  19 ---
 tests/gold_tests/timeout/case-inactive4.sh |  19 ---
 tests/gold_tests/timeout/case-inactive5.sh |  19 ---
 tests/gold_tests/timeout/case-inactive6.sh |  19 ---
 tests/gold_tests/timeout/delay-inactive-server.sh  |  20 ---
 .../timeout/inactive_client_post_timeout.test.py   | 108 -
 .../timeout/inactive_client_timeout.test.py|  63 
 tests/gold_tests/timeout/slow_server.yaml  | 171 +
 10 files changed, 234 insertions(+), 242 deletions(-)
 delete mode 100644 tests/gold_tests/timeout/case-inactive1.sh
 delete mode 100644 tests/gold_tests/timeout/case-inactive2.sh
 delete mode 100644 tests/gold_tests/timeout/case-inactive3.sh
 delete mode 100644 tests/gold_tests/timeout/case-inactive4.sh
 delete mode 100644 tests/gold_tests/timeout/case-inactive5.sh
 delete mode 100644 tests/gold_tests/timeout/case-inactive6.sh
 delete mode 100644 tests/gold_tests/timeout/delay-inactive-server.sh
 delete mode 100644 
tests/gold_tests/timeout/inactive_client_post_timeout.test.py
 create mode 100644 tests/gold_tests/timeout/inactive_client_timeout.test.py
 create mode 100644 tests/gold_tests/timeout/slow_server.yaml

[trafficserver] branch master updated (d011f94 -> bb8844d)

[bneradt]

This is an automated email from the ASF dual-hosted git repository.

bneradt pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git.


from d011f94  Fix asserts in multiplexer plugin. (#7532)
 add bb8844d  Fix ja3_fingerprint configure syntax (#7550)

No new revisions were added by this update.

Summary of changes:
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)