[trafficserver] branch master updated: Cleanup SNIConfig (#8892)
This is an automated email from the ASF dual-hosted git repository. masaori pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new 12801c966 Cleanup SNIConfig (#8892) 12801c966 is described below commit 12801c966e5710d818287e79a7a977e837bfddc6 Author: Masaori Koshiba AuthorDate: Thu Jun 9 12:59:14 2022 +0900 Cleanup SNIConfig (#8892) --- iocore/net/P_SSLSNI.h | 101 ++-- iocore/net/SSLNetVConnection.cc | 10 ++-- iocore/net/SSLSNIConfig.cc | 99 --- proxy/http/HttpSM.cc| 2 +- proxy/http/PreWarmManager.cc| 4 +- 5 files changed, 115 insertions(+), 101 deletions(-) diff --git a/iocore/net/P_SSLSNI.h b/iocore/net/P_SSLSNI.h index dbc1cc276..2d25982ce 100644 --- a/iocore/net/P_SSLSNI.h +++ b/iocore/net/P_SSLSNI.h @@ -37,22 +37,19 @@ #include "ProxyConfig.h" #include "P_SNIActionPerformer.h" -#include "tscore/MatcherUtils.h" #include "YamlSNIConfig.h" // Properties for the next hop server struct NextHopProperty { - std::string client_cert_file; // full path to client cert file for lookup - std::string client_key_file; // full path to client key file for lookup - YamlSNIConfig::Policy verifyServerPolicy = YamlSNIConfig::Policy::UNSET; // whether to verify the next hop - YamlSNIConfig::Property verifyServerProperties = YamlSNIConfig::Property::UNSET; // what to verify on the next hop - - NextHopProperty() {} + std::string client_cert_file; // full path to client cert file for lookup + std::string client_key_file; // full path to client key file for lookup + YamlSNIConfig::Policy verify_server_policy = YamlSNIConfig::Policy::UNSET; // whether to verify the next hop + YamlSNIConfig::Property verify_server_properties = YamlSNIConfig::Property::UNSET; // what to verify on the next hop }; -using actionVector = std::vector>; +using ActionVector = std::vector>; -struct pcreFreer { +struct PcreFreer { void operator()(void *p) { @@ -60,85 +57,55 @@ struct pcreFreer { } }; -struct namedElement { -public: - namedElement() {} - - namedElement & - operator=(namedElement &) - { -if (this != ) { - match = std::move(other.match); -} -return *this; - } - namedElement(namedElement &) { *this = std::move(other); } +struct NamedElement { + NamedElement() {} - void - setGlobName(std::string name) - { -std::string::size_type pos = 0; -while ((pos = name.find('.', pos)) != std::string::npos) { - name.replace(pos, 1, "\\."); - pos += 2; -} -pos = 0; -while ((pos = name.find('*', pos)) != std::string::npos) { - name.replace(pos, 1, "(.{0,})"); -} -Debug("ssl_sni", "Regexed fqdn=%s", name.c_str()); -setRegexName(name); - } + NamedElement(NamedElement &); + NamedElement =(NamedElement &); - void - setRegexName(const std::string ) - { -const char *err_ptr; -int err_offset = 0; -if (!regexName.empty()) { - match.reset(pcre_compile(regexName.c_str(), PCRE_ANCHORED | PCRE_CASELESS, _ptr, _offset, nullptr)); -} - } + void set_glob_name(std::string name); + void set_regex_name(const std::string _name); - std::unique_ptr match; + std::unique_ptr match; }; -struct actionElement : public namedElement { -public: - actionVector actions; +struct ActionElement : public NamedElement { + ActionVector actions; }; -struct NextHopItem : public namedElement { -public: +struct NextHopItem : public NamedElement { NextHopProperty prop; }; -typedef std::vector SNIList; -typedef std::vector NextHopPropertyList; +using SNIList = std::vector; +using NextHopPropertyList = std::vector; struct SNIConfigParams : public ConfigInfo { + SNIConfigParams() = default; + ~SNIConfigParams() override; + + const NextHopProperty *get_property_config(const std::string ) const; + int initialize(); + void load_sni_config(); + std::pair get(std::string_view servername) const; + SNIList sni_action_list; NextHopPropertyList next_hop_list; - YamlSNIConfig Y_sni; - const NextHopProperty *getPropertyConfig(const std::string ) const; - SNIConfigParams(); - ~SNIConfigParams() override; - void cleanup(); - int Initialize(); - void loadSNIConfig(); - std::pair get(std::string_view servername) const; + YamlSNIConfig yaml_sni; }; -struct SNIConfig { +class SNIConfig +{ +public: + using scoped_config = ConfigProcessor::scoped_config; + static void startup(); static void reconfigure(); static SNIConfigParams *acquire(); static void release(SNIConfigParams *params); - typedef
[trafficserver] branch 9.2.x updated: Updated ChangeLog
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 9.2.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/9.2.x by this push: new b303fd8cc Updated ChangeLog b303fd8cc is described below commit b303fd8cc94190add24def88e506ebccf0512fba Author: Leif Hedstrom AuthorDate: Wed Jun 8 16:35:20 2022 -0600 Updated ChangeLog --- CHANGELOG-9.2.0 | 20 ++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/CHANGELOG-9.2.0 b/CHANGELOG-9.2.0 index b96aa210d..ce7dc17ff 100644 --- a/CHANGELOG-9.2.0 +++ b/CHANGELOG-9.2.0 @@ -313,7 +313,6 @@ Changes with Apache Traffic Server 9.2.0 #8365 - Fixes issue #8329 crash in NextHopConsistentHash #8368 - TSSslSecretSet: Update SSL_CTX TLS Secrets #8372 - Add Au test for pqsi and pqsp log fields. - #8373 - Removed references to the throttle option from the slice plugin. #8374 - 9.2.x autest fixes #8375 - Add a set-http-cntl operator for header_rewrite #8381 - Fix a potential H2 stall @@ -346,16 +345,19 @@ Changes with Apache Traffic Server 9.2.0 #8469 - Make factory.response_suppression_mode an overridable config #8473 - Serve stale content from child if parent returns invalid/marked down #8477 - Define TS_HTTP_VALUE_BROTLI and TS_HTTP_LEN_BROTLI + #8480 - Update HostDBContinuation timeout handling to clear pending queue. #8482 - Update control mechanism changes in lua plugin documentation #8483 - ssl_secret debug printing: print only the first 50 bytes #8484 - Serve stale content when DNS lookup fails #8485 - Adding a forward proxy AuTest. + #8488 - cache_range_requests plugin: don't require 206 Partial Content reason string #8489 - Better TLS Secrets Truncation. #8491 - Fix wording for jemalloc autoconf #8492 - When checking for SSL_set1_verify_cert_store, save/restore LIBS before manipulating LIBS #8497 - Block TS startup if configured body factory directory does not exist. #8498 - Use shared pointer to help with high memory utilization #8499 - tests: Adjust generated file paths to work within some restricted environments + #8501 - Improve option processing in cache promote #8506 - Add proxy.config.http2.stream_error_sampling_threshold #8507 - Add skipped log entries to troubleshooting FAQ in docs. #8508 - Makes proxy_serve_stale version independent @@ -384,7 +386,6 @@ Changes with Apache Traffic Server 9.2.0 #8594 - Propagate accept options to HTTP/2 #8595 - Adds two overridable config variables to control parent mark downs. #8600 - Prevent calling SSL_set_session in the middle of handshake - #8603 - LogFilter: fix NULL termination check #8606 - Fixed a scoping bug that leads to "sticky" parent weights #8608 - Update to Proxy Verifier version v2.3.0 #8609 - Don't use Http1ClientTransaction as an event handler @@ -397,6 +398,7 @@ Changes with Apache Traffic Server 9.2.0 #8649 - Fix plugin parent_select missing hostname len #8650 - Fix strategies to initialize scheme #8651 - Add parent_select plugin strategy caching + #8655 - money_trace: allow custom header, change span-id gen, opt to create if none #8656 - Cleanup strategy debug logs #8657 - Support transforming range requests when origin returns full resource. #8660 - Fix overflow conditions in prefetch plugin @@ -450,19 +452,33 @@ Changes with Apache Traffic Server 9.2.0 #8798 - Create clean exit path for traffic_manager on SIGTERM #8805 - remove pthread_*specific and replace with thread_local #8815 - Fedora/RHEL path layout for config.layout + #8816 - Add support for caching complete responses to the cache range requests plugin #8817 - Fix `COMPRESSION_ERROR` on valid HPACK input #8821 - Fixes leak of SNI config filename on load #8822 - Fixes leak of ssl_ocsp_response_path_only on reload #8827 - Fixes leak in SNIAction name globbing + #8828 - Fixes issues with the CRR plugin introduced in #8488 #8829 - Fix a compile error #8831 - Fix parent_select optional scheme + #8832 - Make post-early-return Au test more robust. #8834 - Handle opentelemetry-cpp v1.3.0 upgrade for otel_tracer plugin #8835 - Remove incorrect comment from base64 functions + #8837 - Add compatibility define when building with OpenSSL3 + #8838 - mkdfa.c is not being used and doesn't compile with gcc 12.1.1 #8846 - Add `#pragma once` for PendingAction.h #8847 - Restore down nameservers after they come back online #8850 - Fix Rocky Linux 8 arm64 GCC Compiler Warnings + #8853 - Change parent_select Init func to constructor + #8855 - Allow for long Http* error.log lines #8859 - Re-introduce import to get man_pages list available for sphinx. #8861 - Add missing configuration files man pages + #8866 - Fix "is is" typos. #8868 - Update to Proxy Verifier v2.3.3 + #8870 - Eliminate duplicate words. #8871 - Handle hit as miss when cach
[trafficserver] branch 9.2.x updated: Add proxy.process.hostdb.total_serve_stale (#8873)
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 9.2.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/9.2.x by this push: new a1de56065 Add proxy.process.hostdb.total_serve_stale (#8873) a1de56065 is described below commit a1de560657e12deea276f053e1fba640fdd4e7a0 Author: Brian Neradt AuthorDate: Tue Jun 7 15:00:24 2022 -0500 Add proxy.process.hostdb.total_serve_stale (#8873) Add a HostDB statistic for the number of times we serve a stale DNS response from the HostDB cache while a DNS refresh fetch is taking place. (cherry picked from commit ded2d89a1c80c1873230d0397b738df3feec0bec) --- doc/admin-guide/monitoring/statistics/core/hostdb.en.rst | 9 + doc/appendices/command-line/traffic_top.en.rst | 10 ++ iocore/hostdb/HostDB.cc | 4 iocore/hostdb/P_HostDBProcessor.h| 7 --- src/traffic_top/stats.h | 1 + 5 files changed, 28 insertions(+), 3 deletions(-) diff --git a/doc/admin-guide/monitoring/statistics/core/hostdb.en.rst b/doc/admin-guide/monitoring/statistics/core/hostdb.en.rst index 4bef3f653..b6f2e84b9 100644 --- a/doc/admin-guide/monitoring/statistics/core/hostdb.en.rst +++ b/doc/admin-guide/monitoring/statistics/core/hostdb.en.rst @@ -49,6 +49,15 @@ origin servers' hostnames prior to object revalidation or retrieval. satisfied by entries in the HostDB lookup cache, since statistics collection began. +.. ts:stat:: global proxy.process.hostdb.total_serve_stale integer + :type: counter + + Represents the total number of origin server name resolutions which were + satisfied by entries in the HostDB lookup cache while those entries were + stale, since statistics collection began. See + :ts:cv:`proxy.config.hostdb.serve_stale_for` for how this feature is + configured. + .. ts:stat:: global proxy.process.hostdb.total_lookups integer :type: counter diff --git a/doc/appendices/command-line/traffic_top.en.rst b/doc/appendices/command-line/traffic_top.en.rst index 59d8156e2..02ede4bcd 100644 --- a/doc/appendices/command-line/traffic_top.en.rst +++ b/doc/appendices/command-line/traffic_top.en.rst @@ -207,6 +207,16 @@ cache. Statistic: :ts:stat:`proxy.process.hostdb.total_hits`. +DNS Serve Stale +~~~ + +Total number of DNS lookups which were successfully served from the HostDB +cache while the HostDB cache entry was stale. See +:ts:cv:`proxy.config.hostdb.serve_stale_for` for how this feature is +configured. + +Statistic: :ts:stat:`proxy.process.hostdb.total_serve_stale`. + Ram Hit ~~~ diff --git a/iocore/hostdb/HostDB.cc b/iocore/hostdb/HostDB.cc index 89968f6ca..e39b8fcc5 100644 --- a/iocore/hostdb/HostDB.cc +++ b/iocore/hostdb/HostDB.cc @@ -571,6 +571,7 @@ probe(const Ptr , HostDBHash const , bool ignore_timeout) // If the record is stale, but we want to revalidate-- lets start that up if ((!ignore_timeout && r->is_ip_stale() && !r->reverse_dns) || (r->is_ip_timeout() && r->serve_stale_but_revalidate())) { +HOSTDB_INCREMENT_DYN_STAT(hostdb_total_serve_stale_stat); if (hostDB.is_pending_dns_for_hash(hash.hash)) { Debug("hostdb", "stale %u %u %u, using it and pending to refresh it", r->ip_interval(), r->ip_timestamp, r->ip_timeout_interval); @@ -2091,6 +2092,9 @@ ink_hostdb_init(ts::ModuleVersion v) RecRegisterRawStat(hostdb_rsb, RECT_PROCESS, "proxy.process.hostdb.total_hits", RECD_INT, RECP_PERSISTENT, (int)hostdb_total_hits_stat, RecRawStatSyncSum); + RecRegisterRawStat(hostdb_rsb, RECT_PROCESS, "proxy.process.hostdb.total_serve_stale", RECD_INT, RECP_PERSISTENT, + (int)hostdb_total_serve_stale_stat, RecRawStatSyncSum); + RecRegisterRawStat(hostdb_rsb, RECT_PROCESS, "proxy.process.hostdb.ttl", RECD_FLOAT, RECP_PERSISTENT, (int)hostdb_ttl_stat, RecRawStatSyncAvg); diff --git a/iocore/hostdb/P_HostDBProcessor.h b/iocore/hostdb/P_HostDBProcessor.h index 1dbe1a579..7a05013c7 100644 --- a/iocore/hostdb/P_HostDBProcessor.h +++ b/iocore/hostdb/P_HostDBProcessor.h @@ -136,9 +136,10 @@ struct HostEnt; // Stats enum HostDB_Stats { hostdb_total_lookups_stat, - hostdb_total_hits_stat, // D == total hits - hostdb_ttl_stat, // D average TTL - hostdb_ttl_expires_stat, // D == TTL Expires + hostdb_total_hits_stat,// D == total hits + hostdb_total_serve_stale_stat, // D == total times we served a stale response + hostdb_ttl_stat, // D average TTL + hostdb_ttl_expires_stat, // D == TTL Expires hostdb_re_dns_on_reload_stat, hostdb_insert_duplicate_to_pending_dns_stat, HostDB_Stat_Count diff --git a/src/traffic_top/stats.h b/src/traffic_top/stats.h index 7b508491f..ae0b7afb7 100644 --- a/src/traffic_top/stats.h
[trafficserver] branch 9.2.x updated: Allow for long Http* error.log lines (#8855)
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 9.2.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/9.2.x by this push: new d430865c6 Allow for long Http* error.log lines (#8855) d430865c6 is described below commit d430865c6dc29a389e7dea3d73f34b12af19345d Author: Brian Neradt AuthorDate: Tue Jun 7 15:01:11 2022 -0500 Allow for long Http* error.log lines (#8855) Many URLs and log paths are long enough that the previous 256 byte error.log limit for HttpSM and HttpTransact made it so that the logs got truncated. Some of those logs had meaningful strings at the end which made them hard to interpret unless you had the source code in front of you to figure out what was truncated. This utilizes bwprint and local std::string buffers for arbitrarily long log lines. (cherry picked from commit d274b8f9f066bfd0bd743b9a73e2323b505a8cfc) --- proxy/http/HttpSM.cc | 36 +--- proxy/http/HttpTransact.cc | 43 ++- 2 files changed, 31 insertions(+), 48 deletions(-) diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc index 010f5c5df..ee65c959d 100644 --- a/proxy/http/HttpSM.cc +++ b/proxy/http/HttpSM.cc @@ -136,6 +136,9 @@ milestone_update_api_time(TransactionMilestones , ink_hrtime _tim // Unique state machine identifier std::atomic next_sm_id(0); +/// Buffer for some error logs. +thread_local std::string error_bw_buffer; + /** Outbound PROXY Protocol @@ -4203,27 +4206,18 @@ HttpSM::check_sni_host() Warning("No SNI for TLS request with hostname %.*s action=%s", host_len, host_name, action_value); SMDebug("ssl_sni", "No SNI for TLS request with hostname %.*s action=%s", host_len, host_name, action_value); if (host_sni_policy == 2) { - Log::error("%s", lbw() - .clip(1) - .print("No SNI for TLS request: connecting to {} for host='{}', returning a 403", -t_state.client_info.dst_addr, std::string_view{host_name, static_cast(host_len)}) - .extend(1) - .write('\0') - .data()); + ts::bwprint(error_bw_buffer, "No SNI for TLS request: connecting to {} for host='{}', returning a 403", + t_state.client_info.dst_addr, std::string_view{host_name, static_cast(host_len)}); + Log::error("%s", error_bw_buffer.c_str()); this->t_state.client_connection_enabled = false; } } else if (strncasecmp(host_name, sni_value, host_len) != 0) { // Name mismatch Warning("SNI/hostname mismatch sni=%s host=%.*s action=%s", sni_value, host_len, host_name, action_value); SMDebug("ssl_sni", "SNI/hostname mismatch sni=%s host=%.*s action=%s", sni_value, host_len, host_name, action_value); if (host_sni_policy == 2) { - Log::error("%s", lbw() - .clip(1) - .print("SNI/hostname mismatch: connecting to {} for host='{}' sni='{}', returning a 403", -t_state.client_info.dst_addr, std::string_view{host_name, static_cast(host_len)}, -sni_value) - .extend(1) - .write('\0') - .data()); + ts::bwprint(error_bw_buffer, "SNI/hostname mismatch: connecting to {} for host='{}' sni='{}', returning a 403", + t_state.client_info.dst_addr, std::string_view{host_name, static_cast(host_len)}, sni_value); + Log::error("%s", error_bw_buffer.c_str()); this->t_state.client_connection_enabled = false; } } else { @@ -5589,14 +5583,10 @@ HttpSM::mark_host_failure(HostDBInfo *info, time_t time_down) int host_len; const char *host_name_ptr = t_state.unmapped_url.host_get(_len); std::string_view host_name{host_name_ptr, size_t(host_len)}; -Log::error("%s", lbw() - .clip(1) - .print("CONNECT: {::s} connecting to {} for host='{}' url='{}' marking down", - ts::bwf::Errno(t_state.current.server->connect_result), t_state.current.server->dst_addr, - host_name, ts::bwf::FirstOf(url_str, "")) - .extend(1) - .write('\0') - .data()); +ts::bwprint(error_bw_buffer, "CONNECT: {::s} connecting to {} for host='{}' url='{}' marking down", +
[trafficserver] branch 9.2.x updated: mkdfa.c is not being used and doesn't compile with gcc 12.1.1 (#8838)
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 9.2.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/9.2.x by this push: new d9d3cae8f mkdfa.c is not being used and doesn't compile with gcc 12.1.1 (#8838) d9d3cae8f is described below commit d9d3cae8f024bb478ac481fab607007222f92385 Author: Bryan Call AuthorDate: Thu May 19 08:31:53 2022 -0700 mkdfa.c is not being used and doesn't compile with gcc 12.1.1 (#8838) (cherry picked from commit 5fe6f413efdd296351a53391f3a0d21c5514e1d7) --- src/tscore/Makefile.am | 4 +- src/tscore/mkdfa.c | 621 - 2 files changed, 1 insertion(+), 624 deletions(-) diff --git a/src/tscore/Makefile.am b/src/tscore/Makefile.am index 0b6d938de..491d5f173 100644 --- a/src/tscore/Makefile.am +++ b/src/tscore/Makefile.am @@ -18,7 +18,7 @@ include $(top_srcdir)/build/tidy.mk -noinst_PROGRAMS = mkdfa CompileParseRules freelist_benchmark +noinst_PROGRAMS = CompileParseRules freelist_benchmark check_PROGRAMS = test_geometry test_X509HostnameValidator test_tscore if EXPENSIVE_TESTS @@ -145,8 +145,6 @@ $(srcdir)/ParseRules.cc: ParseRulesCType ParseRulesCType: CompileParseRules LSAN_OPTIONS='detect_leaks=0' ./CompileParseRules -mkdfa_SOURCES = mkdfa.c - test_atomic_SOURCES = test_atomic.cc test_atomic_LDADD = libtscore.la $(top_builddir)/src/tscpp/util/libtscpputil.la @LIBPCRE@ diff --git a/src/tscore/mkdfa.c b/src/tscore/mkdfa.c deleted file mode 100644 index 2e3092941..0 --- a/src/tscore/mkdfa.c +++ /dev/null @@ -1,621 +0,0 @@ -/** @file - - A brief file description - - @section license License - - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - */ - -#include -#include -#include -#include -#include - -#define SIZEOF(t) (sizeof(t) / (sizeof((t)[0]))) - -typedef struct _info_t info_t; -typedef struct _state_t state_t; -typedef struct _transition_t transition_t; - -struct _info_t { - const char *name; - const char *value; - int namelen; -}; - -struct _state_t { - int num; - const char *value; - transition_t *transitions; -}; - -struct _transition_t { - int value; - state_t *state; - transition_t *next; -}; - -info_t fields[] = { - {"Accept", "MIME_FIELD_ACCEPT", 0}, - {"Accept-Charset", "MIME_FIELD_ACCEPT_CHARSET", 0}, - {"Accept-Encoding", "MIME_FIELD_ACCEPT_ENCODING", 0}, - {"Accept-Language", "MIME_FIELD_ACCEPT_LANGUAGE", 0}, - {"Accept-Ranges", "MIME_FIELD_ACCEPT_RANGES", 0}, - {"Age", "MIME_FIELD_AGE", 0}, - {"Allow", "MIME_FIELD_ALLOW", 0}, - {"Approved", "MIME_FIELD_APPROVED", 0}, - {"Authorization", "MIME_FIELD_AUTHORIZATION", 0}, - {"Bytes", "MIME_FIELD_BYTES", 0}, - {"Cache-Control", "MIME_FIELD_CACHE_CONTROL", 0}, - {"Connection", "MIME_FIELD_CONNECTION", 0}, - {"Content-Base", "MIME_FIELD_CONTENT_BASE", 0}, - {"Content-Encoding", "MIME_FIELD_CONTENT_ENCODING", 0}, - {"Content-Language", "MIME_FIELD_CONTENT_LANGUAGE", 0}, - {"Content-Length", "MIME_FIELD_CONTENT_LENGTH", 0}, - {"Content-Location", "MIME_FIELD_CONTENT_LOCATION", 0}, - {"Content-Md5", "MIME_FIELD_CONTENT_MD5", 0}, - {"Content-Range", "MIME_FIELD_CONTENT_RANGE", 0}, - {"Content-Type", "MIME_FIELD_CONTENT_TYPE", 0}, - {"Control", "MIME_FIELD_CONTROL", 0}, - {"Cookie", "MIME_FIELD_COOKIE", 0}, - {"Date", "MIME_FIELD_DATE", 0}, - {"Distribution", "MIME_FIELD_DISTRIBUTION", 0}, - {"Etag", "MIME_FIELD_ETAG", 0}, - {"Expires", "MIME_FIELD_EXPIRES", 0}, - {"Followup-To", "MIME_FIELD_FOLLOWUP_TO", 0}, - {"From", "MIME_FIELD_FROM", 0}, - {"Host", "MIME_FIELD_HOST", 0}, - {"If-Match", "MIME_FIELD_IF_MATCH", 0}, - {"If-Modified-Since", "MIME_FIELD_IF_MODIFIED_SINCE", 0}, - {"If-None-Match", "MIME_FIELD_IF_NONE_MATCH", 0}, - {"If-Range", "MIME_FIELD_IF_RANGE", 0}, - {"If-Unmodified-Since", "MIME_FIELD_IF_UNMODIFIED_SINCE", 0}, - {"Keywords", "MIME_FIELD_KEYWORDS", 0}, - {"Last-Modified", "MIME_FIELD_LAST_MODIFIED", 0}, - {"Lines", "MIME_FIELD_LINES", 0}, - {"Location", "MIME_FIELD_LOCATION", 0}, - {"Max-Forwards", "MIME_FIELD_MAX_FORWARDS", 0}, - {"Message-ID", "MIME_FIELD_MESSAGE_ID", 0}, - {"Newsgroups",
[trafficserver] branch 9.2.x updated: Add compatibility define when building with OpenSSL3 (#8837)
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 9.2.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/9.2.x by this push: new a2b412740 Add compatibility define when building with OpenSSL3 (#8837) a2b412740 is described below commit a2b4127409ab0efb6147286bc64efeea2531733c Author: Bryan Call AuthorDate: Thu May 12 08:10:06 2022 -0700 Add compatibility define when building with OpenSSL3 (#8837) (cherry picked from commit cea26fe72406963fa7648a9bef3099a1a545f838) --- build/crypto.m4 | 19 +++ configure.ac| 3 +++ 2 files changed, 22 insertions(+) diff --git a/build/crypto.m4 b/build/crypto.m4 index e9e675fff..71d35a68d 100644 --- a/build/crypto.m4 +++ b/build/crypto.m4 @@ -59,6 +59,25 @@ int main() { ) ]) +dnl +dnl Check OpenSSL Version 3 +dnl +AC_DEFUN([TS_CHECK_OPENSSL3], [ + AC_MSG_CHECKING([for OpenSSL version 3]) + AC_RUN_IFELSE([AC_LANG_SOURCE( + [ +#include +int main() { + if (OPENSSL_VERSION_NUMBER > 0x300fL) { +return 0; + } + return 1; +} + ])], + [AC_MSG_RESULT(yes) TS_ADDTO(CPPFLAGS, -DOPENSSL_API_COMPAT=10002)], [AC_MSG_RESULT(no)] + ) +]) + dnl dnl Since OpenSSL 1.1.0 dnl diff --git a/configure.ac b/configure.ac index 434930c13..64192700d 100644 --- a/configure.ac +++ b/configure.ac @@ -1251,6 +1251,9 @@ TS_CHECK_CRYPTO # Check for OpenSSL Version TS_CHECK_CRYPTO_VERSION +# Check for OpenSSL Version 3 and add compatiblity define if needed +TS_CHECK_OPENSSL3 + # Check for openssl ASYNC jobs TS_CHECK_CRYPTO_ASYNC
[trafficserver] branch 9.2.x updated: Make post-early-return Au test more robust. (#8832)
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 9.2.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/9.2.x by this push: new cfdffd9c7 Make post-early-return Au test more robust. (#8832) cfdffd9c7 is described below commit cfdffd9c7a62ababf575ab927a429415f7a66dfd Author: Walt Karas AuthorDate: Mon May 9 10:13:20 2022 -0500 Make post-early-return Au test more robust. (#8832) Adds a delay between starting the origin server (an nc -l command) for each test run and sending the POST request. Co-authored-by: Walt Karas (cherry picked from commit bbc81ddac998f4c0df1b51ea521c67c77178985e) --- tests/gold_tests/post/post-early-return.test.py | 20 ++-- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/gold_tests/post/post-early-return.test.py b/tests/gold_tests/post/post-early-return.test.py index fbcee87ac..b7beb8a43 100644 --- a/tests/gold_tests/post/post-early-return.test.py +++ b/tests/gold_tests/post/post-early-return.test.py @@ -59,21 +59,21 @@ big_post_body_file.close() # The third case has an explicit multi-second sleep which ensures the early response path is exercised test_run = Test.AddTestRun("http1.1 Post with small body early return") test_run.Processes.Default.StartBefore(Test.Processes.ts) -test_run.Processes.Default.Command = '(nc -o output --sh-exec \'printf \"HTTP/1.1 420 Be Calm\r\nContent-Length: 0\r\n\r\n\"; sleep 1\' -l 127.0.0.1 {} & ) && curl -v -o /dev/null --http1.1 -d "small body" -k https://127.0.0.1:{}/post'.format( +test_run.Processes.Default.Command = '(nc -o output --sh-exec \'printf \"HTTP/1.1 420 Be Calm\r\nContent-Length: 0\r\n\r\n\"; sleep 1\' -l 127.0.0.1 {} & ) ; sleep 1 ; curl -v -o /dev/null --http1.1 -d "small body" -k https://127.0.0.1:{}/post'.format( Test.Variables.upstream_port, ts.Variables.ssl_port) test_run.Processes.Default.Streams.All = Testers.ContainsExpression("HTTP/1.1 420 Be Calm", "Receive the early response") test_run.StillRunningAfter = ts test_run.Processes.Default.ReturnCode = 0 test_run = Test.AddTestRun("http1.1 Post with large body early return") -test_run.Processes.Default.Command = '(nc -o output2 --sh-exec \'printf \"HTTP/1.1 420 Be Calm\r\nContent-Length: 0\r\n\r\n\"; sleep 1\' -l 127.0.0.1 {} & ) && curl -H "Expect:" -v -o /dev/null --http1.1 -d @big_post_body -k https://127.0.0.1:{}/post'.format(Test.Variables.upstream_port, - ts.Variables.ssl_port) +test_run.Processes.Default.Command = '(nc -o output2 --sh-exec \'printf \"HTTP/1.1 420 Be Calm\r\nContent-Length: 0\r\n\r\n\"; sleep 1\' -l 127.0.0.1 {} & ) ; sleep 1 ; curl -H "Expect:" -v -o /dev/null --http1.1 -d @big_post_body -k https://127.0.0.1:{}/post'.format(Test.Variables.upstream_port, + ts.Variables.ssl_port) test_run.Processes.Default.Streams.All = Testers.ContainsExpression("HTTP/1.1 420 Be Calm", "Receive the early response") test_run.StillRunningAfter = ts test_run.Processes.Default.ReturnCode = 0 test_run = Test.AddTestRun("http2 Post with large body, small window and early return") -test_run.Processes.Default.Command = '(nc -o output2 --sh-exec \'printf \"HTTP/1.1 420 Be Calm\r\nContent-Length: 0\r\n\r\n\"; sleep 1\' -l 127.0.0.1 {} & ) && curl -v -o /dev/null --http2 -d @big_post_body -k https://127.0.0.1:{}/post-http2'.format( +test_run.Processes.Default.Command = '(nc -o output2 --sh-exec \'printf \"HTTP/1.1 420 Be Calm\r\nContent-Length: 0\r\n\r\n\"; sleep 1\' -l 127.0.0.1 {} & ) ; sleep 1 ; curl -v -o /dev/null --http2 -d @big_post_body -k https://127.0.0.1:{}/post-http2'.format( Test.Variables.upstream_port, ts.Variables.ssl_port) test_run.Processes.Default.Streams.All = Testers.ContainsExpression("HTTP/2 420", "Receive the early response") test_run.StillRunningAfter = ts @@ -95,19 +95,19 @@ client_out3.Content += Testers.ContainsExpression("HTTP/1.1 420 Be Calm", "Recei client_out3.Content += Testers.ContainsExpression("Connection: close", "ATS marks the client connection to close") test_run = Test.AddTestRun("http1.1 Post with paused body") -test_run.Processes.Default.Command = '(nc -o output3 --sh-exec \'printf \"HTTP/1.1 420 Be Calm\r\nContent-Length: 0\r\n\r\n\"; sleep 1\' -l 127.0.0.1 {} & ) && nc -o clientout --sh-exec \' printf \"POST /post HTTP/1.1\r\nHost: bob\r\nContent-Length:
[trafficserver] branch 9.2.x updated: Add support for caching complete responses to the cache range requests plugin (#8816)
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 9.2.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/9.2.x by this push: new ee3f47d05 Add support for caching complete responses to the cache range requests plugin (#8816) ee3f47d05 is described below commit ee3f47d05caefb6020ff0c106736272f68949da0 Author: Jeff Elsloo AuthorDate: Fri May 27 11:40:33 2022 -0600 Add support for caching complete responses to the cache range requests plugin (#8816) * Add support for caching complete responses to the cache range requests plugin * Adds support for caching full object responses. * Refactored logic to be more efficient. * Added new plugin parameter to relevant docs. * Revert 206 flip behavior * Status code must be flipped to 200 prior to performing cacheability check * Reverts to prior logic for the partial content case * Update docs to reflect actual behavior. * Adds an AuTest to validate the behavior of caching complete responses with the full plugin stack. * Update docs to provide more detail on the expected use case. * Removed a trailing space from the AuTest. * Ran autopep8 * Added a few test cases to cover when the CRR plugin is used without slice and cachekey. * Fix test case numbering. * Fix test name/comment. * Update AuTest check on cachekey to use non-greedy regex to work in the CI sandbox. (cherry picked from commit 39744f74e001f8ab1517af5a470d5656e4cce79e) --- .../plugins/cache_range_requests.en.rst| 38 ++ plugins/cache_range_requests/README.md | 19 +- .../cache_range_requests/cache_range_requests.cc | 36 +- ...range_requests_cache_complete_responses.test.py | 461 + 4 files changed, 541 insertions(+), 13 deletions(-) diff --git a/doc/admin-guide/plugins/cache_range_requests.en.rst b/doc/admin-guide/plugins/cache_range_requests.en.rst index e677bc528..a20b77141 100644 --- a/doc/admin-guide/plugins/cache_range_requests.en.rst +++ b/doc/admin-guide/plugins/cache_range_requests.en.rst @@ -185,6 +185,44 @@ status code is reset back to 206, which leads to the object not being cached. This option is useful when used with other plugins, such as Cache Promote. +Cache Complete Responses + + +.. option:: --cache-complete-responses +.. option:: -r + +This option causes the plugin to cache complete responses (200 OK). By default, +only 206 Partial Content responses are cached by this plugin; without this flag, +any 200 OK observed will be marked as not cacheable. + +This option is intended to cover the case when an origin responds with a 200 OK +when the requested range exceeds the size of the object. For example, if an object +is 500 bytes, and the requested range is for bytes 0-5000, some origins will +respond with a 206 and a `Content-Range` header, while others may respond with a +200 OK and no `Content-Range` header. The same origin that responds with a 200 OK +when the requested range exceeds the object size will serve 206s when the range is +smaller than or within the bytes of the object. + +**NOTE:** This option *should be used carefully* with full knowledge of how +cache keys are set for a given remap rule that relies on this behavior and origin +response mechanics. For example, when this option is the sole argument to +`cache_range_requests.so` and no other plugins are in use, the behavior could be +abused, especially if the origin always responds with 200 OKs. This is because +the plugin will automatically include the requested `Range` in the cache key. +This means that arbitrary ranges can be used to pollute the cache with different +combinations of ranges, which will lead to many copies of the same complete object +stored under different cache keys. + +For this reason, if the plugin is instructed to cache complete responses, `Range` +request headers coming into the remap should ideally be normalized. Normalization +can be accomplished by using the slice plugin *without* the `--ref-relative` argument +which is disabled by default. The cache key plugin can also be used to tightly control +the construction of the cache key itself. + +The preferred means of using this plugin option is with the following plugins: +- slice to normalize the requested ranges, *without* the `--ref-relative` option +- cachekey to control the cache key, including the `Range` header normalized by slice +- cache range requests with `--no-modify-cachekey` and `--cache-complete-responses` Configuration examples == diff --git a/plugins/cache_range_requests/README.md b/plugins/cache_range_requests/README.md index 23250bef9..381f47f4d 100644 --- a/plugins/cache_range_requests/README.md +++
[trafficserver] branch 9.2.x updated: Fixes issues with the CRR plugin introduced in #8488 (#8828)
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 9.2.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/9.2.x by this push: new 0d3c9a6eb Fixes issues with the CRR plugin introduced in #8488 (#8828) 0d3c9a6eb is described below commit 0d3c9a6eb06a10feaf1d9c839b7de3c487b7d43d Author: Jeff Elsloo AuthorDate: Tue May 10 06:18:20 2022 -0600 Fixes issues with the CRR plugin introduced in #8488 (#8828) * Fixes an issue that leads to an incorrect assumption about the origin status code on cache hit * Fixes the content revalidation case, as original implementation did not recognize the 304 (cherry picked from commit aedb7fb6540cd12dadbaa9651b9d1ff37732aeb6) --- .../cache_range_requests/cache_range_requests.cc | 33 ++ 1 file changed, 27 insertions(+), 6 deletions(-) diff --git a/plugins/cache_range_requests/cache_range_requests.cc b/plugins/cache_range_requests/cache_range_requests.cc index 23f458a8d..8927cd7e3 100644 --- a/plugins/cache_range_requests/cache_range_requests.cc +++ b/plugins/cache_range_requests/cache_range_requests.cc @@ -59,7 +59,7 @@ struct pluginconfig { struct txndata { std::string range_value; - TSHttpStatus origin_status{TS_HTTP_STATUS_PARTIAL_CONTENT}; + TSHttpStatus origin_status{TS_HTTP_STATUS_NONE}; time_t ims_time{0}; bool verify_cacheability{false}; }; @@ -337,12 +337,33 @@ handle_client_send_response(TSHttpTxn txnp, txndata *const txn_state) if (TS_SUCCESS == TSHttpTxnClientRespGet(txnp, _buf, _loc)) { TSHttpStatus const status = TSHttpHdrStatusGet(resp_buf, resp_loc); // a cached status will be 200 with expected parent response status of 206 -if (TS_HTTP_STATUS_OK == status && TS_HTTP_STATUS_PARTIAL_CONTENT == txn_state->origin_status) { - DEBUG_LOG("Got TS_HTTP_STATUS_OK with origin TS_HTTP_STATUS_PARTIAL_CONTENT"); - partial_content_reason = true; +if (TS_HTTP_STATUS_OK == status) { + if (txn_state->origin_status == TS_HTTP_STATUS_NONE || + txn_state->origin_status == TS_HTTP_STATUS_NOT_MODIFIED) { // cache hit or revalidation +// status is always TS_HTTP_STATUS_NONE on cache hit; its value is only set during handle_server_read_response() +TSMLoc content_range_loc = TSMimeHdrFieldFind(resp_buf, resp_loc, TS_MIME_FIELD_CONTENT_RANGE, TS_MIME_LEN_CONTENT_RANGE); + +if (content_range_loc) { + DEBUG_LOG("Got TS_HTTP_STATUS_OK on cache hit or revalidation and Content-Range header present in response"); + partial_content_reason = true; + TSHandleMLocRelease(resp_buf, resp_loc, content_range_loc); +} else { + DEBUG_LOG("Got TS_HTTP_STATUS_OK on cache hit and Content-Range header is NOT present in response"); +} + } else if (txn_state->origin_status == + TS_HTTP_STATUS_PARTIAL_CONTENT) { // only set on cache miss in handle_server_read_response() +DEBUG_LOG("Got TS_HTTP_STATUS_OK with origin TS_HTTP_STATUS_PARTIAL_CONTENT"); +partial_content_reason = true; + } else { +DEBUG_LOG("Allowing TS_HTTP_STATUS_OK in response due to origin status code %d", txn_state->origin_status); + } - DEBUG_LOG("Restoring response header to TS_HTTP_STATUS_PARTIAL_CONTENT."); - TSHttpHdrStatusSet(resp_buf, resp_loc, TS_HTTP_STATUS_PARTIAL_CONTENT); + if (partial_content_reason) { +DEBUG_LOG("Restoring response header to TS_HTTP_STATUS_PARTIAL_CONTENT."); +TSHttpHdrStatusSet(resp_buf, resp_loc, TS_HTTP_STATUS_PARTIAL_CONTENT); + } +} else { + DEBUG_LOG("Ignoring status code %d; txn_state->origin_status=%d", status, txn_state->origin_status); } TSHandleMLocRelease(resp_buf, TS_NULL_MLOC, resp_loc); }
[trafficserver] branch 9.2.x updated: slice and cache_range_requests: allow header override (#8666) (#8898)
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 9.2.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/9.2.x by this push: new df5eb7340 slice and cache_range_requests: allow header override (#8666) (#8898) df5eb7340 is described below commit df5eb734041572ca4187f21947d618080e124861 Author: Jeff Elsloo AuthorDate: Wed Jun 8 15:35:44 2022 -0600 slice and cache_range_requests: allow header override (#8666) (#8898) (cherry picked from commit b1d4cf8e3c32c4221f05e2694ed9422f6b1f0aec) Co-authored-by: Brian Olsen --- .../plugins/cache_range_requests.en.rst| 7 +++ doc/admin-guide/plugins/slice.en.rst | 13 + .../cache_range_requests/cache_range_requests.cc | 41 ++-- plugins/experimental/slice/Config.cc | 26 +- plugins/experimental/slice/Config.h| 3 ++ plugins/experimental/slice/HttpHeader.h| 2 - plugins/experimental/slice/client.cc | 15 +++--- plugins/experimental/slice/server.cc | 20 plugins/experimental/slice/slice.cc| 11 ++--- plugins/experimental/slice/slice.h | 2 - plugins/experimental/slice/util.cc | 18 +++ .../cache_range_requests_ims.test.py | 34 + tests/gold_tests/pluginTest/slice/slice.test.py| 21 +++-- .../pluginTest/slice/slice_selfhealing.test.py | 55 ++ 14 files changed, 195 insertions(+), 73 deletions(-) diff --git a/doc/admin-guide/plugins/cache_range_requests.en.rst b/doc/admin-guide/plugins/cache_range_requests.en.rst index eb01960f7..e677bc528 100644 --- a/doc/admin-guide/plugins/cache_range_requests.en.rst +++ b/doc/admin-guide/plugins/cache_range_requests.en.rst @@ -118,6 +118,8 @@ X-Crr-Ims header support .. option:: --consider-ims .. option:: -c +.. option:: --ims-header=[header name] (default: X-Crr-Ims) +.. option:: -i To support slice plugin self healing an option to force revalidation after cache lookup complete was added. This option is triggered by a @@ -137,6 +139,11 @@ In order for this to properly work in a CDN each cache in the chain *SHOULD* also contain a remap rule with the :program:`cache_range_requests` plugin with this option set. +When used with the :program:`slice` plugin its `--crr-ims-header` +option must have the same value (or not be defined) in order to work. + +Presence of the `--ims-header` automatically sets the `--consider-ims` option. + Don't modify the Cache Key -- diff --git a/doc/admin-guide/plugins/slice.en.rst b/doc/admin-guide/plugins/slice.en.rst index 7f5bc850e..73078fbbb 100644 --- a/doc/admin-guide/plugins/slice.en.rst +++ b/doc/admin-guide/plugins/slice.en.rst @@ -120,6 +120,19 @@ The slice plugin supports the following options:: cache miss latency. -f for short +--skip-header= (default: X-Slicer-Info) +Header name used by the slice plugin after the loopback +to indicate that the slice plugin should be skipped. +-s for short + +--crr-ims-header= (default: X-Crr-Ims) +Header name used by the slice plugin to tell the +`cache_range_requests` plugin that a request should +be marked as STALE. Used for self healing. +This must match the `--ims-header` option used by the +`cache_range_requests` plugin. +-i for short + Examples:: @plugin=slice.so @pparam=--blockbytes=100 @plugin=cache_range_requests.so diff --git a/plugins/cache_range_requests/cache_range_requests.cc b/plugins/cache_range_requests/cache_range_requests.cc index 622352724..23f458a8d 100644 --- a/plugins/cache_range_requests/cache_range_requests.cc +++ b/plugins/cache_range_requests/cache_range_requests.cc @@ -47,11 +47,14 @@ using parent_select_mode_t = enum parent_select_mode { PS_CACHEKEY_URL, // Set parent selection url to cache_key url }; +constexpr std::string_view DefaultImsHeader = {"X-Crr-Ims"}; + struct pluginconfig { parent_select_mode_t ps_mode{PS_DEFAULT}; bool consider_ims_header{false}; bool modify_cache_key{true}; bool verify_cacheability{false}; + std::string ims_header; }; struct txndata { @@ -61,9 +64,6 @@ struct txndata { bool verify_cacheability{false}; }; -// Header for optional revalidation -constexpr std::string_view X_IMS_HEADER = {"X-Crr-Ims"}; - // pluginconfig struct (global plugin only) pluginconfig *gPluginConfig = {nullptr}; @@ -99,9 +99,10 @@ create_pluginconfig(int argc, char *const argv[]) } static const struct option longopts[] = { -{const_cast("ps-cachekey"), no_argument, nullptr, 'p'}, {const_cast("consider-ims"), no_argument, nullptr, 'c'}, +{const_cast("ims-header"), required_argument, nullptr, 'i'}, {const_cast("no-modify-cachekey"),
[trafficserver] branch 10-Dev updated: Autest: This tests seems not happy when using traffic_manager instead of traffic_server. (#8895)
This is an automated email from the ASF dual-hosted git repository. dmeden pushed a commit to branch 10-Dev in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/10-Dev by this push: new a7f311e58 Autest: This tests seems not happy when using traffic_manager instead of traffic_server. (#8895) a7f311e58 is described below commit a7f311e589508b949e90170625657f982f025672 Author: Damian Meden AuthorDate: Wed Jun 8 22:23:55 2022 +0100 Autest: This tests seems not happy when using traffic_manager instead of traffic_server. (#8895) As traffic_manager is no longer needed to handle the reload message use traffic_server instead. --- tests/gold_tests/remap/remap_reload.test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/gold_tests/remap/remap_reload.test.py b/tests/gold_tests/remap/remap_reload.test.py index 6660dcc58..57ac1a58a 100644 --- a/tests/gold_tests/remap/remap_reload.test.py +++ b/tests/gold_tests/remap/remap_reload.test.py @@ -25,7 +25,7 @@ replay_file_2 = "reload_2.replay.yaml" replay_file_3 = "reload_3.replay.yaml" replay_file_4 = "reload_4.replay.yaml" -tm = Test.MakeATSProcess("tm", command="traffic_manager", select_ports=True) +tm = Test.MakeATSProcess("tm", select_ports=True) tm.Disk.diags_log.Content = Testers.ContainsExpression("remap.config failed to load", "Remap should fail to load") remap_cfg_path = os.path.join(tm.Variables.CONFIGDIR, 'remap.config')
[trafficserver] branch 9.2.x updated: Removed references to the throttle option from the slice plugin. (#8373) (#8897)
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 9.2.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/9.2.x by this push: new a7f36998d Removed references to the throttle option from the slice plugin. (#8373) (#8897) a7f36998d is described below commit a7f36998d3fa84e837cd0fd82bb851072eadd59c Author: Jeff Elsloo AuthorDate: Wed Jun 8 13:33:03 2022 -0600 Removed references to the throttle option from the slice plugin. (#8373) (#8897) (cherry picked from commit e7b69489716a2c4460b482c59bf013e241c44e9b) --- doc/admin-guide/plugins/slice.en.rst | 11 --- plugins/experimental/slice/Config.cc | 2 +- 2 files changed, 1 insertion(+), 12 deletions(-) diff --git a/doc/admin-guide/plugins/slice.en.rst b/doc/admin-guide/plugins/slice.en.rst index b16f338e7..7f5bc850e 100644 --- a/doc/admin-guide/plugins/slice.en.rst +++ b/doc/admin-guide/plugins/slice.en.rst @@ -113,17 +113,6 @@ The slice plugin supports the following options:: Requires setting up an intermediate loopback remap rule. -r for short ---throttle (optional) -Under certain circumstances where many contiguous slices are in -RAM cache ATS will aggressively try to push these through the -slice plugin. The downside of this is that all these contiguous -slices end up being marked as fresh even if the downstream -client aborts. This option keeps track of how much data the -client has already passed down and slows down issuing new -slice requests. -Normally leave this off. --o for short - --prefetch-count= (optional) Default is 0 Prefetches successive 'n' slice block requests in the background diff --git a/plugins/experimental/slice/Config.cc b/plugins/experimental/slice/Config.cc index 5d9b66f07..964dad362 100644 --- a/plugins/experimental/slice/Config.cc +++ b/plugins/experimental/slice/Config.cc @@ -122,7 +122,7 @@ Config::fromArgs(int const argc, char const *const argv[]) // getopt assumes args start at '1' so this hack is needed char *const *argvp = (const_cast(argv) - 1); for (;;) { -int const opt = getopt_long(argc + 1, argvp, "b:de:i:lop:r:t:", longopts, nullptr); +int const opt = getopt_long(argc + 1, argvp, "b:de:i:lp:r:t:", longopts, nullptr); if (-1 == opt) { break; }
[trafficserver-ingress-controller] branch master updated: Release new version of helm chart
This is an automated email from the ASF dual-hosted git repository. github-bot pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver-ingress-controller.git The following commit(s) were added to refs/heads/master by this push: new c0277c5 Release new version of helm chart c0277c5 is described below commit c0277c55f2b6637b34531fd66c4db77c8ec7fbfe Author: github-actions AuthorDate: Wed Jun 8 18:28:17 2022 + Release new version of helm chart --- docs/ats-ingress-0.1.0.tgz | Bin 5656 -> 5543 bytes docs/index.yaml| 6 +++--- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/ats-ingress-0.1.0.tgz b/docs/ats-ingress-0.1.0.tgz index f94ca20..cb3160a 100644 Binary files a/docs/ats-ingress-0.1.0.tgz and b/docs/ats-ingress-0.1.0.tgz differ diff --git a/docs/index.yaml b/docs/index.yaml index d14a734..893ac80 100644 --- a/docs/index.yaml +++ b/docs/index.yaml @@ -3,12 +3,12 @@ entries: ats-ingress: - apiVersion: v2 appVersion: 0.1.0 -created: "2022-06-08T01:17:00.271507-07:00" +created: "2022-06-08T18:28:17.849370736Z" description: A Helm chart for Kubernetes -digest: ede1f813e682bae7e7f3e38ba3c423368b6591656a2f26113e2f9473a5791367 +digest: a45f33d184f769d74f5347cacba33ad18f58a9f2504b881122a509ae5a407859 name: ats-ingress type: application urls: - https://apache.github.io/trafficserver-ingress-controller/ats-ingress-0.1.0.tgz version: 0.1.0 -generated: "2022-06-08T01:17:00.270572-07:00" +generated: "2022-06-08T18:28:17.848257154Z"
[trafficserver-ingress-controller] branch master updated: fix helm release (#130)
This is an automated email from the ASF dual-hosted git repository. kichan pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver-ingress-controller.git The following commit(s) were added to refs/heads/master by this push: new ddf32c0 fix helm release (#130) ddf32c0 is described below commit ddf32c0a091dc25cdf56de1b2d2c4dbcdf851684 Author: Kit Chan AuthorDate: Wed Jun 8 11:27:37 2022 -0700 fix helm release (#130) * fix helm release * fix github action --- .github/workflows/helm.yml | 18 +- charts/ats-ingress/README.md | 3 --- 2 files changed, 5 insertions(+), 16 deletions(-) diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index ff47268..45cdd79 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -13,31 +13,23 @@ jobs: runs-on: ubuntu-latest steps: - - name: Checkout -uses: actions/checkout@v1 -with: - submodules: 'true' - - - name: Configure Git -run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "$github_ac...@users.noreply.github.com" - - name: Install Helm uses: azure/setup-helm@v1 with: version: v3.5.4 - - name: Build Helm Chart -run: | + - uses: actions/checkout@v3 + - run: | cd charts helm package ats-ingress helm repo index . --url https://apache.github.io/trafficserver-ingress-controller cp index.yaml ../docs/ cp ats-ingress-*.tgz ../docs/ cd .. + git config user.name github-actions + git config user.email github-acti...@github.com git add docs/index.yaml git add docs/ats-ingress-*.tgz git commit -m 'Release new version of helm chart' - git push origin master + git push diff --git a/charts/ats-ingress/README.md b/charts/ats-ingress/README.md index b134910..5411038 100644 --- a/charts/ats-ingress/README.md +++ b/charts/ats-ingress/README.md @@ -20,9 +20,6 @@ # Helm support This is the ats-ingress chart repository for Helm V3. -## To build and push new version of the helm chart -1. Done through [github action for helm release](https://github.com/apache/trafficserver-ingress-controller/blob/master/.github/workflows/helm.yml) - ## To install from git source 1. git clone the project 2. `$ kubectl create namespace ats-helm`
[trafficserver-ingress-controller] branch master updated: fix helm release github action (#129)
This is an automated email from the ASF dual-hosted git repository. kichan pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver-ingress-controller.git The following commit(s) were added to refs/heads/master by this push: new 23071b7 fix helm release github action (#129) 23071b7 is described below commit 23071b7fc556d8250eebba6a4dc7cdf35a24a767 Author: Kit Chan AuthorDate: Wed Jun 8 10:47:51 2022 -0700 fix helm release github action (#129) --- .github/workflows/helm.yml | 4 ++-- charts/ats-ingress/README.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index 6e7f1ce..ff47268 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -30,12 +30,12 @@ jobs: - name: Build Helm Chart run: | - cd trafficserver-ingress-controller/charts + cd charts helm package ats-ingress helm repo index . --url https://apache.github.io/trafficserver-ingress-controller cp index.yaml ../docs/ cp ats-ingress-*.tgz ../docs/ - cd ../../ + cd .. git add docs/index.yaml git add docs/ats-ingress-*.tgz git commit -m 'Release new version of helm chart' diff --git a/charts/ats-ingress/README.md b/charts/ats-ingress/README.md index b42e724..b134910 100644 --- a/charts/ats-ingress/README.md +++ b/charts/ats-ingress/README.md @@ -21,7 +21,7 @@ This is the ats-ingress chart repository for Helm V3. ## To build and push new version of the helm chart -1. Check out the [github action for helm release](https://github.com/apache/trafficserver-ingress-controller/blob/master/.github/workflows/helm.yml) +1. Done through [github action for helm release](https://github.com/apache/trafficserver-ingress-controller/blob/master/.github/workflows/helm.yml) ## To install from git source 1. git clone the project
[trafficserver-ingress-controller] branch master updated: update helm chart readme (#128)
This is an automated email from the ASF dual-hosted git repository. kichan pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver-ingress-controller.git The following commit(s) were added to refs/heads/master by this push: new ae1c4cb update helm chart readme (#128) ae1c4cb is described below commit ae1c4cb1daddbdc45cd6c183d46e93cd1451fa48 Author: Kit Chan AuthorDate: Wed Jun 8 10:31:33 2022 -0700 update helm chart readme (#128) --- charts/ats-ingress/README.md | 9 + 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/charts/ats-ingress/README.md b/charts/ats-ingress/README.md index 5018c0a..b42e724 100644 --- a/charts/ats-ingress/README.md +++ b/charts/ats-ingress/README.md @@ -21,14 +21,7 @@ This is the ats-ingress chart repository for Helm V3. ## To build and push new version of the helm chart -1. git clone the project -2. `$ cd trafficserver-ingress-controller/charts` -3. Update version in ats-ingress/Chart.yaml -4. `$ helm package ats-ingress` -5. `$ helm repo index . --url https://apache.github.io/trafficserver-ingress-controller` -6. `$ cp index.yaml ../docs/` -7. `$ cp ats-ingress-*.tgz ../docs/` -6. Commit and push the changes +1. Check out the [github action for helm release](https://github.com/apache/trafficserver-ingress-controller/blob/master/.github/workflows/helm.yml) ## To install from git source 1. git clone the project
[trafficserver-ingress-controller] branch master updated: [skip ci] github action to build and release helm chart (#127)
This is an automated email from the ASF dual-hosted git repository. kichan pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver-ingress-controller.git The following commit(s) were added to refs/heads/master by this push: new 1590b57 [skip ci] github action to build and release helm chart (#127) 1590b57 is described below commit 1590b5779afb36afa2dcdd04126074ea1dcd2966 Author: Kit Chan AuthorDate: Wed Jun 8 03:10:53 2022 -0700 [skip ci] github action to build and release helm chart (#127) * [skip ci] github action to build and release helm chart * [skip ci] Stop fork from releasing helm --- .github/workflows/helm.yml | 43 +++ 1 file changed, 43 insertions(+) diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml new file mode 100644 index 000..6e7f1ce --- /dev/null +++ b/.github/workflows/helm.yml @@ -0,0 +1,43 @@ +name: Build and Release Helm Chart + +on: + push: +branches: +- 'master' +paths: +- 'charts/**' + +jobs: + build-and-release-helm: +if: github.repository == 'apache/trafficserver-ingress-controller' +runs-on: ubuntu-latest + +steps: + - name: Checkout +uses: actions/checkout@v1 +with: + submodules: 'true' + + - name: Configure Git +run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$github_ac...@users.noreply.github.com" + + - name: Install Helm +uses: azure/setup-helm@v1 +with: + version: v3.5.4 + + - name: Build Helm Chart +run: | + cd trafficserver-ingress-controller/charts + helm package ats-ingress + helm repo index . --url https://apache.github.io/trafficserver-ingress-controller + cp index.yaml ../docs/ + cp ats-ingress-*.tgz ../docs/ + cd ../../ + git add docs/index.yaml + git add docs/ats-ingress-*.tgz + git commit -m 'Release new version of helm chart' + git push origin master +
[trafficserver-ingress-controller] branch master updated: Add periodic trivy scan (#126)
This is an automated email from the ASF dual-hosted git repository. kichan pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver-ingress-controller.git The following commit(s) were added to refs/heads/master by this push: new b53984c Add periodic trivy scan (#126) b53984c is described below commit b53984c324b323e806f60bc5c8292b1f07c4a6c7 Author: Kit Chan AuthorDate: Wed Jun 8 02:33:56 2022 -0700 Add periodic trivy scan (#126) --- .github/workflows/trivy.yml | 44 1 file changed, 44 insertions(+) diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml new file mode 100644 index 000..5275b87 --- /dev/null +++ b/.github/workflows/trivy.yml @@ -0,0 +1,44 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +name: Periodic Trivy Scan + +on: + schedule: +- cron: '30 1 * * 2' + +permissions: + contents: read + +jobs: + trivy-scan: +permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results +name: Trivy Scan +runs-on: "ubuntu-18.04" +steps: + - name: Run Trivy vulnerability scanner +uses: aquasecurity/trivy-action@master +with: + image-ref: 'ghcr.io/apache/ats-ingress:latest' + format: 'sarif' + output: 'trivy-results.sarif' + + - name: Upload Trivy scan results to GitHub Security tab +uses: github/codeql-action/upload-sarif@v1 +with: + sarif_file: 'trivy-results.sarif'
[trafficserver-ingress-controller] branch master updated: Update helm chart to use ghcr image (#125)
This is an automated email from the ASF dual-hosted git repository. kichan pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver-ingress-controller.git The following commit(s) were added to refs/heads/master by this push: new 16c5de7 Update helm chart to use ghcr image (#125) 16c5de7 is described below commit 16c5de76a0bb52c0c1b0b590a8c43401bf33641a Author: Kit Chan AuthorDate: Wed Jun 8 01:20:10 2022 -0700 Update helm chart to use ghcr image (#125) --- charts/ats-ingress/values.yaml | 2 +- docs/ats-ingress-0.1.0.tgz | Bin 5653 -> 5656 bytes docs/index.yaml| 6 +++--- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/ats-ingress/values.yaml b/charts/ats-ingress/values.yaml index b71eebf..8d67b49 100644 --- a/charts/ats-ingress/values.yaml +++ b/charts/ats-ingress/values.yaml @@ -39,7 +39,7 @@ controller: ## Image Information image: -repository: kichan/ats-ingress +repository: ghcr.io/apache/ats-ingress pullPolicy: IfNotPresent tag: latest diff --git a/docs/ats-ingress-0.1.0.tgz b/docs/ats-ingress-0.1.0.tgz index dd40f50..f94ca20 100644 Binary files a/docs/ats-ingress-0.1.0.tgz and b/docs/ats-ingress-0.1.0.tgz differ diff --git a/docs/index.yaml b/docs/index.yaml index 399c0a5..d14a734 100644 --- a/docs/index.yaml +++ b/docs/index.yaml @@ -3,12 +3,12 @@ entries: ats-ingress: - apiVersion: v2 appVersion: 0.1.0 -created: "2022-03-29T00:27:12.614941-07:00" +created: "2022-06-08T01:17:00.271507-07:00" description: A Helm chart for Kubernetes -digest: 2c6fce94d029ecc3b2c5e9d9dcdf0918127312dbc67647c19023bb209cc123e6 +digest: ede1f813e682bae7e7f3e38ba3c423368b6591656a2f26113e2f9473a5791367 name: ats-ingress type: application urls: - https://apache.github.io/trafficserver-ingress-controller/ats-ingress-0.1.0.tgz version: 0.1.0 -generated: "2022-03-29T00:27:12.609436-07:00" +generated: "2022-06-08T01:17:00.270572-07:00"
[trafficserver-ingress-controller] branch master updated: Publish package to ghcr (#124)
This is an automated email from the ASF dual-hosted git repository. kichan pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver-ingress-controller.git The following commit(s) were added to refs/heads/master by this push: new f77a501 Publish package to ghcr (#124) f77a501 is described below commit f77a5015219124939d528a5b0fb9c532c8aed670 Author: Kit Chan AuthorDate: Tue Jun 7 23:52:06 2022 -0700 Publish package to ghcr (#124) --- .github/workflows/build.yml | 48 + 1 file changed, 48 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5d6c655..768311e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -9,9 +9,17 @@ on: - 'charts/**' - 'docs/**' +env: + REGISTRY: ghcr.io + IMAGE_NAME: apache/ats-ingress + jobs: build-and-integrate: runs-on: ubuntu-latest +permissions: + contents: read + packages: write + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results steps: - name: Checkout @@ -53,3 +61,43 @@ jobs: run: | cd tests pytest -q --minikubeip="$(minikube ip)" suite/test_ingress.py + + - name: Log in to the Container registry +if: github.repository == 'apache/trafficserver-ingress-controller' +uses: docker/login-action@v2 +with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker +if: github.repository == 'apache/trafficserver-ingress-controller' +id: meta +uses: docker/metadata-action@v4 +with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | +type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'master') }} + + - name: Build and push Docker image +if: github.repository == 'apache/trafficserver-ingress-controller' +uses: docker/build-push-action@v3 +with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + - name: Run Trivy vulnerability scanner +if: github.repository == 'apache/trafficserver-ingress-controller' +uses: aquasecurity/trivy-action@master +with: + image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest + format: 'sarif' + output: 'trivy-results.sarif' + + - name: Upload Trivy scan results to GitHub Security tab +if: github.repository == 'apache/trafficserver-ingress-controller' +uses: github/codeql-action/upload-sarif@v2 +with: + sarif_file: 'trivy-results.sarif'