[trafficserver] branch master updated (2dd01b51b3 -> 561b409f65)
This is an automated email from the ASF dual-hosted git repository. bcall pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git from 2dd01b51b3 Fix hwloc build (#10406) add 561b409f65 Fixed differences between cmake rc files and autotools (#10408) No new revisions were added by this update. Summary of changes: rc/CMakeLists.txt | 8 1 file changed, 4 insertions(+), 4 deletions(-)
[trafficserver] branch master updated (236b749b2b -> 2dd01b51b3)
This is an automated email from the ASF dual-hosted git repository. masaori pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git from 236b749b2b Allow origins to do TLS renegotiation (#10385) add 2dd01b51b3 Fix hwloc build (#10406) No new revisions were added by this update. Summary of changes: configure.ac| 16 +++- iocore/aio/Makefile.am | 3 ++- iocore/eventsystem/Makefile.am | 4 +++- src/traffic_layout/Makefile.inc | 1 + src/traffic_server/Makefile.inc | 1 + src/tscore/Makefile.am | 1 + tools/benchmark/Makefile.am | 1 + 7 files changed, 20 insertions(+), 7 deletions(-)
[trafficserver] branch 9.2.x updated: Updated ChangeLog
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 9.2.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/9.2.x by this push: new 649b31b010 Updated ChangeLog 649b31b010 is described below commit 649b31b010eb0468afcaddbc1397135463e1dd85 Author: Leif Hedstrom AuthorDate: Wed Sep 13 16:39:29 2023 -0600 Updated ChangeLog --- CHANGELOG-9.2.3 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG-9.2.3 b/CHANGELOG-9.2.3 index d1f3849474..692e518268 100644 --- a/CHANGELOG-9.2.3 +++ b/CHANGELOG-9.2.3 @@ -12,4 +12,7 @@ Changes with Apache Traffic Server 9.2.3 #10266 - Python 3.12: add charset-nomalizer to tests/Pipfile #10285 - Fix slice head request memory issue #10287 - Fix a crash due to bad disks + #10304 - Preserve unmapped url regardless of need for remapping + #10386 - Don't set port number as part of hostname #10389 - 9.2.x: Proxy Verfier Upgrade to v2.10.1 + #10391 - tls_verify4: Use traffic_manager for config reload
[trafficserver] branch 9.2.x updated (e3919273fe -> cd76df8955)
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a change to branch 9.2.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git from e3919273fe tls_verify4: Use traffic_manager for config reload (#10391) new f6df310175 Don't set port number as part of hostname (#10386) new cd76df8955 Preserve unmapped url regardless of need for remapping (#10304) The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: proxy/http/HttpSM.cc | 38 ++ proxy/http/HttpTransact.cc | 4 2 files changed, 38 insertions(+), 4 deletions(-)
[trafficserver] 01/02: Don't set port number as part of hostname (#10386)
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 9.2.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit f6df3101753ae91bd53646d565ace2bd13957b13 Author: Masakazu Kitajo AuthorDate: Tue Sep 12 00:42:07 2023 +0900 Don't set port number as part of hostname (#10386) * Don't set port number as part of hostname * Initialize host_len with 0 (cherry picked from commit 943358110b061a03a84b863260c5d99f29ff9c69) --- proxy/http/HttpSM.cc | 35 ++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc index 66dd58c135..d63aeb1b87 100644 --- a/proxy/http/HttpSM.cc +++ b/proxy/http/HttpSM.cc @@ -4234,10 +4234,43 @@ HttpSM::do_remap_request(bool run_inline) if (!t_state.unmapped_url.m_url_impl->m_ptr_host) { MIMEField *host_field = t_state.hdr_info.client_request.field_find(MIME_FIELD_HOST, MIME_LEN_HOST); if (host_field) { - int host_len; + int host_len = 0; const char *host_name = host_field->value_get(_len); if (host_name && host_len) { +int port = -1; +// Host header can contain port number, and if it does we need to set host and port separately to unmapped_url. +// If header value starts with '[', the value must contain an IPv6 address, and it may contain a port number as well. +if (host_name[0] == '[') { // IPv6 + host_name = host_name + 1; // Skip '[' + host_len--; + // If header value ends with ']', the value must only contain an IPv6 address (no port number). + if (host_name[host_len - 1] == ']') { // Without port number +host_len--; // Exclude ']' + } else { // With port number +for (int idx = host_len - 1; idx > 0; idx--) { + if (host_name[idx] == ':') { +port = ink_atoi(host_name + idx + 1, host_len - (idx + 1)); +host_len = idx; +break; + } +} + } +} else { // Anything else (Hostname or IPv4 address) + // If the value contains ':' where it does not have IPv6 address, there must be port number + if (const char *colon = static_cast(memchr(host_name, ':', host_len)); + colon == nullptr) { // Without port number +// Nothing to adjust. Entire value should be used as hostname. + } else { // With port number +port = ink_atoi(colon + 1, host_len - ((colon + 1) - host_name)); +host_len = colon - host_name; + } +} + +// Set values t_state.unmapped_url.host_set(host_name, host_len); +if (port >= 0) { + t_state.unmapped_url.port_set(port); +} } } }
[trafficserver] 02/02: Preserve unmapped url regardless of need for remapping (#10304)
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 9.2.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit cd76df895587017fb2072806487984ca72bfbebf Author: Masakazu Kitajo AuthorDate: Tue Sep 12 08:14:04 2023 +0900 Preserve unmapped url regardless of need for remapping (#10304) (cherry picked from commit 195275111242eff00428b595a78984a5a0c7c39a) --- proxy/http/HttpSM.cc | 3 --- proxy/http/HttpTransact.cc | 4 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc index d63aeb1b87..6b3ef19a28 100644 --- a/proxy/http/HttpSM.cc +++ b/proxy/http/HttpSM.cc @@ -4224,9 +4224,6 @@ HttpSM::do_remap_request(bool run_inline) check_sni_host(); - // Preserve effective url before remap - t_state.unmapped_url.create(t_state.hdr_info.client_request.url_get()->m_heap); - t_state.unmapped_url.copy(t_state.hdr_info.client_request.url_get()); // Depending on a variety of factors the HOST field may or may not have been promoted to the // client request URL. The unmapped URL should always have that promotion done. If the HOST field // is not already there, promote it only in the unmapped_url. This avoids breaking any logic that diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc index b1095be30d..ea7b54c751 100644 --- a/proxy/http/HttpTransact.cc +++ b/proxy/http/HttpTransact.cc @@ -951,6 +951,10 @@ HttpTransact::HandleBlindTunnel(State *s) void HttpTransact::StartRemapRequest(State *s) { + // Preserve effective url before remap, regardless of actual need for remap + s->unmapped_url.create(s->hdr_info.client_request.url_get()->m_heap); + s->unmapped_url.copy(s->hdr_info.client_request.url_get()); + if (s->api_skip_all_remapping) { TxnDebug("http_trans", "API request to skip remapping");
[trafficserver] branch master updated: Allow origins to do TLS renegotiation (#10385)
This is an automated email from the ASF dual-hosted git repository. bcall pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new 236b749b2b Allow origins to do TLS renegotiation (#10385) 236b749b2b is described below commit 236b749b2b3cc746829ad534a7034ab7799d1b71 Author: Bryan Call AuthorDate: Wed Sep 13 13:19:20 2023 -0700 Allow origins to do TLS renegotiation (#10385) --- iocore/net/P_SSLNetVConnection.h | 14 ++ iocore/net/SSLClientUtils.cc | 4 +++- iocore/net/SSLNetVConnection.cc | 22 +++--- 3 files changed, 24 insertions(+), 16 deletions(-) diff --git a/iocore/net/P_SSLNetVConnection.h b/iocore/net/P_SSLNetVConnection.h index 7eb2973eb5..048accbac8 100644 --- a/iocore/net/P_SSLNetVConnection.h +++ b/iocore/net/P_SSLNetVConnection.h @@ -89,7 +89,7 @@ typedef enum { SSL_HOOK_OP_LAST = SSL_HOOK_OP_TERMINATE ///< End marker value. } SslVConnOp; -enum SSLHandshakeStatus { SSL_HANDSHAKE_ONGOING, SSL_HANDSHAKE_DONE, SSL_HANDSHAKE_ERROR }; +enum class SSLHandshakeStatus { SSL_HANDSHAKE_ONGOING, SSL_HANDSHAKE_DONE, SSL_HANDSHAKE_ERROR }; // // @@ -124,14 +124,20 @@ public: return retval; } + SSLHandshakeStatus + getSSLHandshakeStatus() const + { +return sslHandshakeStatus; + } + bool getSSLHandShakeComplete() const override { -return sslHandshakeStatus != SSL_HANDSHAKE_ONGOING; +return sslHandshakeStatus != SSLHandshakeStatus::SSL_HANDSHAKE_ONGOING; } virtual void - setSSLHandShakeComplete(enum SSLHandshakeStatus state) + setSSLHandShakeComplete(SSLHandshakeStatus state) { sslHandshakeStatus = state; } @@ -423,7 +429,7 @@ private: NetProcessor *_getNetProcessor() override; void *_prepareForMigration() override; - enum SSLHandshakeStatus sslHandshakeStatus = SSL_HANDSHAKE_ONGOING; + enum SSLHandshakeStatus sslHandshakeStatus = SSLHandshakeStatus::SSL_HANDSHAKE_ONGOING; bool sslClientRenegotiationAbort = false; bool first_ssl_connect = true; MIOBuffer *handShakeBuffer = nullptr; diff --git a/iocore/net/SSLClientUtils.cc b/iocore/net/SSLClientUtils.cc index 54b63c8814..a1b141b16b 100644 --- a/iocore/net/SSLClientUtils.cc +++ b/iocore/net/SSLClientUtils.cc @@ -127,7 +127,9 @@ verify_callback(int signature_ok, X509_STORE_CTX *ctx) netvc->set_verify_cert(ctx); netvc->callHooks(TS_EVENT_SSL_VERIFY_SERVER); netvc->set_verify_cert(nullptr); - if (netvc->getSSLHandShakeComplete()) { // hook moved the handshake state to terminal + + if (netvc->getSSLHandshakeStatus() == SSLHandshakeStatus::SSL_HANDSHAKE_ERROR) { +// Verify server hook failed and set the status to SSL_HANDSHAKE_ERROR unsigned char *sni_name; char buff[INET6_ADDRSTRLEN]; if (netvc->options.sni_servername) { diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc index 4e4fcdab6e..7f0f74eaf0 100644 --- a/iocore/net/SSLNetVConnection.cc +++ b/iocore/net/SSLNetVConnection.cc @@ -623,7 +623,7 @@ SSLNetVConnection::net_read_io(NetHandler *nh, EThread *lthread) // the client hello message back into the standard read.vio // so it will get forwarded onto the origin server if (!this->getSSLHandShakeComplete()) { - this->sslHandshakeStatus = SSL_HANDSHAKE_DONE; + this->sslHandshakeStatus = SSLHandshakeStatus::SSL_HANDSHAKE_DONE; // Copy over all data already read in during the SSL_accept // (the client hello message) @@ -1003,7 +1003,7 @@ SSLNetVConnection::clear() TLSTunnelSupport::_clear(); TLSCertSwitchSupport::_clear(); - sslHandshakeStatus = SSL_HANDSHAKE_ONGOING; + sslHandshakeStatus = SSLHandshakeStatus::SSL_HANDSHAKE_ONGOING; sslLastWriteTime= 0; sslTotalBytesSent = 0; sslClientRenegotiationAbort = false; @@ -1096,7 +1096,7 @@ SSLNetVConnection::sslStartHandShake(int event, int ) if (cc && SSLCertContextOption::OPT_TUNNEL == cc->opt) { if (this->is_transparent) { this->attributes = HttpProxyPort::TRANSPORT_BLIND_TUNNEL; - sslHandshakeStatus = SSL_HANDSHAKE_DONE; + sslHandshakeStatus = SSLHandshakeStatus::SSL_HANDSHAKE_DONE; SSL_free(this->ssl); this->ssl = nullptr; return EVENT_DONE; @@ -1285,7 +1285,7 @@ SSLNetVConnection::sslServerHandShakeEvent(int ) // over the buffered handshake packets to the O.S. return EVENT_DONE; } else if (SSL_HOOK_OP_TERMINATE == hookOpRequested) { -sslHandshakeStatus = SSL_HANDSHAKE_DONE; +sslHandshakeStatus = SSLHandshakeStatus::SSL_HANDSHAKE_DONE; return EVENT_DONE; } @@ -1365,7 +1365,7 @@ SSLNetVConnection::sslServerHandShakeEvent(int ) if
[trafficserver] branch master updated: Remove deprecated debug output functions from 21 source files. (#9683)
This is an automated email from the ASF dual-hosted git repository. wkaras pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new 55f6901951 Remove deprecated debug output functions from 21 source files. (#9683) 55f6901951 is described below commit 55f6901951c9267aab2029ac8e2422e895e8dbb0 Author: Walt Karas AuthorDate: Wed Sep 13 10:00:16 2023 -0400 Remove deprecated debug output functions from 21 source files. (#9683) --- iocore/net/NetHandler.h | 3 + iocore/net/P_Net.h| 4 +- iocore/net/P_NetAccept.h | 6 +- iocore/net/P_SNIActionPerformer.h | 15 ++- iocore/net/P_UDPNet.h | 9 +- iocore/net/P_UnixNet.h| 6 +- iocore/net/P_UnixNetVConnection.h | 13 +- iocore/net/PollCont.cc| 23 +++- iocore/net/QUICNetProcessor.cc| 21 ++- iocore/net/QUICPacketHandler.cc | 35 ++--- iocore/net/SNIActionPerformer.cc | 12 +- iocore/net/SNIActionPerformer.h | 4 + iocore/net/SSLDiags.h | 8 +- iocore/net/SSLNetVConnection.cc | 276 -- iocore/net/SSLSNIConfig.cc| 9 +- iocore/net/TLSSNISupport.cc | 11 +- iocore/net/UnixNet.cc | 30 +++-- iocore/net/UnixNetAccept.cc | 15 ++- iocore/net/UnixNetProcessor.cc| 28 ++-- iocore/net/UnixUDPConnection.cc | 11 +- iocore/net/UnixUDPNet.cc | 104 +++--- 21 files changed, 376 insertions(+), 267 deletions(-) diff --git a/iocore/net/NetHandler.h b/iocore/net/NetHandler.h index 9103aeabd3..d218d8ccc6 100644 --- a/iocore/net/NetHandler.h +++ b/iocore/net/NetHandler.h @@ -223,6 +223,9 @@ public: NetHandler(); + inline static DbgCtl dbg_ctl_socket{"socket"}; + inline static DbgCtl dbg_ctl_iocore_net{"iocore_net"}; + private: void _close_ne(NetEvent *ne, ink_hrtime now, int _event, int , int _idle_time, int _idle_count); diff --git a/iocore/net/P_Net.h b/iocore/net/P_Net.h index 09c2fa1251..7516b106cd 100644 --- a/iocore/net/P_Net.h +++ b/iocore/net/P_Net.h @@ -108,9 +108,9 @@ static constexpr ts::ModuleVersion NET_SYSTEM_MODULE_INTERNAL_VERSION(NET_SYSTEM // For very verbose iocore debugging. #ifndef DEBUG -#define NetDebug(tag, fmt, ...) +#define NetDbg(dbg_ctl, fmt, ...) #else -#define NetDebug(tag, fmt, ...) Debug(tag, fmt, ##__VA_ARGS__) +#define NetDbg(dbg_ctl, fmt, ...) Dbg(dbg_ctl, fmt, ##__VA_ARGS__) #endif /// Default amount of buffer space to use for the initial read on an incoming connection. diff --git a/iocore/net/P_NetAccept.h b/iocore/net/P_NetAccept.h index ddeeb8b5af..f44c70b517 100644 --- a/iocore/net/P_NetAccept.h +++ b/iocore/net/P_NetAccept.h @@ -76,7 +76,11 @@ struct NetAcceptAction : public Action, public RefCountObj { return Action::operator=(acont); } - ~NetAcceptAction() override { Debug("net_accept", "NetAcceptAction dying"); } + ~NetAcceptAction() override + { +static DbgCtl dbg_ctl{"net_accept"}; +Dbg(dbg_ctl, "NetAcceptAction dying"); + } }; // diff --git a/iocore/net/P_SNIActionPerformer.h b/iocore/net/P_SNIActionPerformer.h index 88790cab80..cdfb39de7e 100644 --- a/iocore/net/P_SNIActionPerformer.h +++ b/iocore/net/P_SNIActionPerformer.h @@ -75,10 +75,10 @@ public: if (ssl_vc) { if (!enable_h2) { ssl_vc->disableProtocol(TS_ALPN_PROTOCOL_INDEX_HTTP_2_0); -Debug("ssl_sni", "H2 disabled, fqdn [%s]", servername); +Dbg(dbg_ctl_ssl_sni, "H2 disabled, fqdn [%s]", servername); } else { ssl_vc->enableProtocol(TS_ALPN_PROTOCOL_INDEX_HTTP_2_0); -Debug("ssl_sni", "H2 enabled, fqdn [%s]", servername); +Dbg(dbg_ctl_ssl_sni, "H2 enabled, fqdn [%s]", servername); } } return SSL_TLSEXT_ERR_OK; @@ -179,7 +179,7 @@ public: if (ssl_netvc) { if (fnArrIndexes.empty()) { ssl_netvc->set_tunnel_destination(destination, type, !TLSTunnelSupport::PORT_IS_DYNAMIC, tunnel_prewarm); -Debug("ssl_sni", "Destination now is [%s], fqdn [%s]", destination.c_str(), servername); +Dbg(dbg_ctl_ssl_sni, "Destination now is [%s], fqdn [%s]", destination.c_str(), servername); } else { bool port_is_dynamic = false; auto fixed_dst{destination}; @@ -189,7 +189,8 @@ public: fixed_dst = fix_destination[fnArrIndex](fixed_dst, var_start_pos, ctx, ssl_netvc, port_is_dynamic); } ssl_netvc->set_tunnel_destination(fixed_dst, type, port_is_dynamic, tunnel_prewarm); -Debug("ssl_sni", "Destination now is [%s], configured [%s], fqdn [%s]", fixed_dst.c_str(), destination.c_str(), servername); +Dbg(dbg_ctl_ssl_sni, "Destination now is [%s], configured [%s], fqdn [%s]", fixed_dst.c_str(), destination.c_str(), +servername); } if (type == SNIRoutingType::BLIND) { @@ -320,7 +321,7 @@ public: {