[trafficserver] branch 9.2.x updated: Add an HTTP/2 related rate limiting (#10564)
This is an automated email from the ASF dual-hosted git repository. bcall pushed a commit to branch 9.2.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/9.2.x by this push: new b28ad74f11 Add an HTTP/2 related rate limiting (#10564) b28ad74f11 is described below commit b28ad74f117307e8de206f1de70c3fa716f90682 Author: Masakazu Kitajo AuthorDate: Tue Oct 10 00:02:18 2023 +0900 Add an HTTP/2 related rate limiting (#10564) --- doc/admin-guide/files/records.config.en.rst| 7 + doc/admin-guide/files/sni.yaml.en.rst | 190 +++-- .../statistics/core/http-connection.en.rst | 7 + iocore/net/P_SNIActionPerformer.h | 68 iocore/net/SSLSNIConfig.cc | 13 ++ iocore/net/TLSSNISupport.h | 4 + iocore/net/YamlSNIConfig.cc| 16 ++ iocore/net/YamlSNIConfig.h | 8 + mgmt/RecordsConfig.cc | 2 + proxy/http2/HTTP2.cc | 64 +++ proxy/http2/HTTP2.h| 2 + proxy/http2/Http2ConnectionState.cc| 54 +- proxy/http2/Http2ConnectionState.h | 8 + 13 files changed, 323 insertions(+), 120 deletions(-) diff --git a/doc/admin-guide/files/records.config.en.rst b/doc/admin-guide/files/records.config.en.rst index 50d0dfd941..e6865b8c80 100644 --- a/doc/admin-guide/files/records.config.en.rst +++ b/doc/admin-guide/files/records.config.en.rst @@ -4272,6 +4272,13 @@ HTTP/2 Configuration This limit only will be enforced if :ts:cv:`proxy.config.http2.stream_priority_enabled` is set to 1. +.. ts:cv:: CONFIG proxy.config.http2.max_rst_stream_frames_per_minute INT 14 + :reloadable: + + Specifies how many RST_STREAM frames |TS| receives for a minute at maximum. + Clients exceeded this limit will be immediately disconnected with an error + code of ENHANCE_YOUR_CALM. + .. ts:cv:: CONFIG proxy.config.http2.min_avg_window_update FLOAT 2560.0 :reloadable: diff --git a/doc/admin-guide/files/sni.yaml.en.rst b/doc/admin-guide/files/sni.yaml.en.rst index 5c11420142..8dc078eacb 100644 --- a/doc/admin-guide/files/sni.yaml.en.rst +++ b/doc/admin-guide/files/sni.yaml.en.rst @@ -52,122 +52,138 @@ for a more detailed description of HTTP/2 connection coalescing. .. _override-host-sni-policy: .. _override-h2-properties: -= = -Key Direction Meaning -= = -fqdn Both Fully Qualified Domain Name. This item is used if the SNI value matches this. +== = +KeyDirection Meaning +== = +fqdn Both Fully Qualified Domain Name. This item is used if the SNI value matches this. + +ip_allow Inbound Specify a list of client IP address, subnets, or ranges what are allowed to complete + the connection. This list is comma separated. IPv4 and IPv6 addresses can be specified. + Here is an example list: 192.168.1.0/24,192.168.10.1-4. This would allow connections + from clients in the 19.168.1.0 network or in the range from 192.168.10.1 to 192.168.1.4. + +verify_server_policy Outbound One of the values :code:`DISABLED`, :code:`PERMISSIVE`, or :code:`ENFORCED`. + + By default this is :ts:cv:`proxy.config.ssl.client.verify.server.policy`. + This controls how |TS| evaluated the origin certificate. -ip_allow Inbound Specify a list of client IP address, subnets, or ranges what are allowed to complete -the connection. This list is comma separated. IPv4 and IPv6 addresses can be specified. -Here is an example list: 192.168.1.0/24,192.168.10.1-4. This would allow connections -from clients in the 19.168.1.0 network or in the range from 192.168.10.1 to 192.168.1.4. +verify_server_properties Outbound One of the values :code:`NONE`, :code:`SIGNATURE`, :code:`NAME`, and :code:`ALL` -verify_server_policy
[trafficserver] branch 8.1.x updated: APIs to get the h2 error codes and a plugin to use them (#10572)
This is an automated email from the ASF dual-hosted git repository. bcall pushed a commit to branch 8.1.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/8.1.x by this push: new c4cb0526d6 APIs to get the h2 error codes and a plugin to use them (#10572) c4cb0526d6 is described below commit c4cb0526d65460d1db0f5e01f48411766652928b Author: Bryan Call AuthorDate: Mon Oct 9 10:29:03 2023 -0700 APIs to get the h2 error codes and a plugin to use them (#10572) --- doc/admin-guide/plugins/block_errors.en.rst | 69 + doc/admin-guide/plugins/index.en.rst | 4 + include/ts/ts.h | 36 +++ include/tscore/ink_inet.h | 26 ++ plugins/Makefile.am | 1 + plugins/experimental/block_errors/Makefile.inc| 20 ++ plugins/experimental/block_errors/block_errors.cc | 318 ++ src/traffic_server/InkAPI.cc | 50 8 files changed, 524 insertions(+) diff --git a/doc/admin-guide/plugins/block_errors.en.rst b/doc/admin-guide/plugins/block_errors.en.rst new file mode 100644 index 00..36b51c451f --- /dev/null +++ b/doc/admin-guide/plugins/block_errors.en.rst @@ -0,0 +1,69 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + + + .. include:: ../../common.defs + +.. _admin-plugins-block_errors: + +Block Errors Plugin +*** + +Description +=== +The `block_errors` plugin blocks connections for clients that have too many HTTP/2 errors on the server. + +The plugin tracks users based on their IP address and blocks them for a configurable amount of time. +The existing connection that experience errors and is over the error limit will be closed. The plugin also supports on the fly configuration changes using the `traffic_ctl` command. + + +Configuration += + +To enable the `block_errors` plugin, insert the following line in :file:`plugin.config`: + +block_errors.so + +Additional configuration options are available and can be set in :file:`plugin.config`: + +block_errors.so + +- ``error limit``: The number of errors allowed before blocking the client. Default: 1000 (per minute) +- ``timeout``: The time in minutes to block the client. Default: 4 (minutes) +- ``enable``: Enable (1) or disable (0) the plugin. Default: 1 (enabled) + +Example Configuration += + +block_errors.so 1000 4 0 1 + +Run Time Configuration +== +The plugin can be configured at run time using the `traffic_ctl` command. The following commands are available: + +- ``block_errors.error_limit``: Set the error limit. Takes a single argument, the number of errors allowed before blocking the client. +- ``block_errors.timeout``: Set the block timeout. Takes a single argument, the number of minutes to block the client. +- ``block_errors.enable``: Enable or disable the plugin. Takes a single argument, 0 to disable, 1 to enable. + +Example Run Time Configuration +== + +traffic_ctl plugin msg block_errors.error_limit 1 + +traffic_ctl plugin msg block_errors.timeout 10 + +traffic_ctl plugin msg block_errors.enable 1 diff --git a/doc/admin-guide/plugins/index.en.rst b/doc/admin-guide/plugins/index.en.rst index 7c408387a2..73a1e56f0c 100644 --- a/doc/admin-guide/plugins/index.en.rst +++ b/doc/admin-guide/plugins/index.en.rst @@ -150,6 +150,7 @@ directory of the |TS| source tree. Experimental plugins can be compiled by passi Access Control Balancer Buffer Upload + Block Errors Cache Fill Certifier Collapsed-Forwarding @@ -181,6 +182,9 @@ directory of the |TS| source tree. Experimental plugins can be compiled by passi :doc:`Buffer Upload ` Buffers POST data before connecting to the Origin server. +:doc:`Block Errors ` + Blocks or downgrades new connections when the server receives too many errors from an IP address. + :doc:`Certifier ` Manages and/or generates certificates for incoming HTTPS requests. diff --git a/include/ts/ts.h b/include/ts/ts.h index 6b39abf925..6dee5d05d5 100644 ---
[trafficserver] branch 8.1.x updated: clang-format (#10569)
This is an automated email from the ASF dual-hosted git repository. bcall pushed a commit to branch 8.1.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/8.1.x by this push: new ece783b9d0 clang-format (#10569) ece783b9d0 is described below commit ece783b9d0b5c73cd4e5552ff94725b31cf52f42 Author: Masakazu Kitajo AuthorDate: Tue Oct 10 00:05:46 2023 +0900 clang-format (#10569) --- proxy/hdrs/unit_tests/test_URL.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proxy/hdrs/unit_tests/test_URL.cc b/proxy/hdrs/unit_tests/test_URL.cc index d5fc7f471c..a293740285 100644 --- a/proxy/hdrs/unit_tests/test_URL.cc +++ b/proxy/hdrs/unit_tests/test_URL.cc @@ -505,7 +505,7 @@ test_parse(url_parse_test_case const _case, bool parse_function) } else { heap->destroy(); return; -//result = url.parse_no_host_check(test_case.input_uri.c_str(), test_case.input_uri.size()); +// result = url.parse_no_host_check(test_case.input_uri.c_str(), test_case.input_uri.size()); } bool expected_is_valid = test_case.is_valid;
[trafficserver] branch master updated: Reallocate a buffer for H2 header block only if needed (#10568)
This is an automated email from the ASF dual-hosted git repository. bcall pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new 65dd186326 Reallocate a buffer for H2 header block only if needed (#10568) 65dd186326 is described below commit 65dd18632648e5441df115c4ed666af02e61d2d9 Author: Masakazu Kitajo AuthorDate: Tue Oct 10 00:33:06 2023 +0900 Reallocate a buffer for H2 header block only if needed (#10568) Co-authored-by: Bryan Call --- proxy/http2/Http2ConnectionState.cc | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/proxy/http2/Http2ConnectionState.cc b/proxy/http2/Http2ConnectionState.cc index 05ac31dcb2..7c9db663a8 100644 --- a/proxy/http2/Http2ConnectionState.cc +++ b/proxy/http2/Http2ConnectionState.cc @@ -1007,8 +1007,10 @@ Http2ConnectionState::rcv_continuation_frame(const Http2Frame ) "header blocks too large"); } - stream->header_blocks = static_cast(ats_realloc(stream->header_blocks, stream->header_blocks_length)); - frame.reader()->memcpy(stream->header_blocks + header_blocks_offset, payload_length); + if (payload_length > 0) { +stream->header_blocks = static_cast(ats_realloc(stream->header_blocks, stream->header_blocks_length)); +frame.reader()->memcpy(stream->header_blocks + header_blocks_offset, payload_length); + } if (frame.header().flags & HTTP2_FLAGS_HEADERS_END_HEADERS) { // NOTE: If there are END_HEADERS flag, decode stored Header Blocks.
[trafficserver] branch 8.1.x updated: s3_auth: Fix hash calculation (#10567)
This is an automated email from the ASF dual-hosted git repository. bcall pushed a commit to branch 8.1.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/8.1.x by this push: new 334839cb7a s3_auth: Fix hash calculation (#10567) 334839cb7a is described below commit 334839cb7a6724c71a5542e924251a8d931774b0 Author: Masakazu Kitajo AuthorDate: Tue Oct 10 00:33:39 2023 +0900 s3_auth: Fix hash calculation (#10567) --- plugins/s3_auth/aws_auth_v4.cc | 4 plugins/s3_auth/unit_tests/test_aws_auth_v4.cc | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/plugins/s3_auth/aws_auth_v4.cc b/plugins/s3_auth/aws_auth_v4.cc index 5df57151c6..8adccc8779 100644 --- a/plugins/s3_auth/aws_auth_v4.cc +++ b/plugins/s3_auth/aws_auth_v4.cc @@ -93,6 +93,10 @@ uriEncode(const String , bool isObjectName) } else if (isObjectName && i == '/') { /* Encode the forward slash character, '/', everywhere except in the object key name. */ result << "/"; +} else if (i == '+') { + /* Only written in the example code, but a plus sign is treated as a space regardless of the position and it must be encoded + * as "%20" instead of "%2B" */ + result << "%20"; } else { /* Letters in the hexadecimal value must be upper-case, for example "%1A". */ result << "%" << std::uppercase << std::setfill('0') << std::setw(2) << std::hex << (int)i; diff --git a/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc b/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc index 8cf9b2948e..d9974b5c7f 100644 --- a/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc +++ b/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc @@ -57,7 +57,7 @@ TEST_CASE("uriEncode(): encode reserved chars in a name which is not object name String encoded = uriEncode(in, /* isObjectName */ false); CHECK(3 * in.length() == encoded.length()); /* size of "%NN" = 3 */ - CHECK_FALSE(encoded.compare("%20%2F%21%22%23%24%25%26%27%28%29%2A%2B%2C%3A%3B%3C%3D%3E%3F%40%5B%5C%5D%5E%60%7B%7C%7D")); + CHECK_FALSE(encoded.compare("%20%2F%21%22%23%24%25%26%27%28%29%2A%20%2C%3A%3B%3C%3D%3E%3F%40%5B%5C%5D%5E%60%7B%7C%7D")); } TEST_CASE("uriEncode(): encode reserved chars in an object name", "[AWS][auth][utility]") @@ -66,7 +66,7 @@ TEST_CASE("uriEncode(): encode reserved chars in an object name", "[AWS][auth][u String encoded = uriEncode(in, /* isObjectName */ true); CHECK(3 * in.length() - 2 == encoded.length()); /* size of "%NN" = 3, '/' is not encoded */ - CHECK_FALSE(encoded.compare("%20/%21%22%23%24%25%26%27%28%29%2A%2B%2C%3A%3B%3C%3D%3E%3F%40%5B%5C%5D%5E%60%7B%7C%7D")); + CHECK_FALSE(encoded.compare("%20/%21%22%23%24%25%26%27%28%29%2A%20%2C%3A%3B%3C%3D%3E%3F%40%5B%5C%5D%5E%60%7B%7C%7D")); } TEST_CASE("isUriEncoded(): check an empty input", "[AWS][auth][utility]")
[trafficserver] branch master updated: s3_auth: Fix hash calculation (#10566)
This is an automated email from the ASF dual-hosted git repository. bcall pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new 4c62a113b4 s3_auth: Fix hash calculation (#10566) 4c62a113b4 is described below commit 4c62a113b48fd76d06e0a896ce8c21d749944339 Author: Masakazu Kitajo AuthorDate: Tue Oct 10 00:31:12 2023 +0900 s3_auth: Fix hash calculation (#10566) --- plugins/s3_auth/aws_auth_v4.cc | 4 plugins/s3_auth/unit_tests/test_aws_auth_v4.cc | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/plugins/s3_auth/aws_auth_v4.cc b/plugins/s3_auth/aws_auth_v4.cc index 1544add501..2a5ff550d7 100644 --- a/plugins/s3_auth/aws_auth_v4.cc +++ b/plugins/s3_auth/aws_auth_v4.cc @@ -93,6 +93,10 @@ uriEncode(const String , bool isObjectName) } else if (isObjectName && i == '/') { /* Encode the forward slash character, '/', everywhere except in the object key name. */ result << "/"; +} else if (i == '+') { + /* Only written in the example code, but a plus sign is treated as a space regardless of the position and it must be encoded + * as "%20" instead of "%2B" */ + result << "%20"; } else { /* Letters in the hexadecimal value must be upper-case, for example "%1A". */ result << "%" << std::uppercase << std::setfill('0') << std::setw(2) << std::hex << static_cast(i); diff --git a/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc b/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc index e483075005..2b33c055a6 100644 --- a/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc +++ b/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc @@ -57,7 +57,7 @@ TEST_CASE("uriEncode(): encode reserved chars in a name which is not object name String encoded = uriEncode(in, /* isObjectName */ false); CHECK(3 * in.length() == encoded.length()); /* size of "%NN" = 3 */ - CHECK_FALSE(encoded.compare("%20%2F%21%22%23%24%25%26%27%28%29%2A%2B%2C%3A%3B%3C%3D%3E%3F%40%5B%5C%5D%5E%60%7B%7C%7D")); + CHECK_FALSE(encoded.compare("%20%2F%21%22%23%24%25%26%27%28%29%2A%20%2C%3A%3B%3C%3D%3E%3F%40%5B%5C%5D%5E%60%7B%7C%7D")); } TEST_CASE("uriEncode(): encode reserved chars in an object name", "[AWS][auth][utility]") @@ -66,7 +66,7 @@ TEST_CASE("uriEncode(): encode reserved chars in an object name", "[AWS][auth][u String encoded = uriEncode(in, /* isObjectName */ true); CHECK(3 * in.length() - 2 == encoded.length()); /* size of "%NN" = 3, '/' is not encoded */ - CHECK_FALSE(encoded.compare("%20/%21%22%23%24%25%26%27%28%29%2A%2B%2C%3A%3B%3C%3D%3E%3F%40%5B%5C%5D%5E%60%7B%7C%7D")); + CHECK_FALSE(encoded.compare("%20/%21%22%23%24%25%26%27%28%29%2A%20%2C%3A%3B%3C%3D%3E%3F%40%5B%5C%5D%5E%60%7B%7C%7D")); } TEST_CASE("isUriEncoded(): check an empty input", "[AWS][auth][utility]")
[trafficserver] branch master updated (65dd186326 -> 83161881b1)
This is an automated email from the ASF dual-hosted git repository. maskit pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git from 65dd186326 Reallocate a buffer for H2 header block only if needed (#10568) add 83161881b1 Add an HTTP/2 related rate limiting (#10563) No new revisions were added by this update. Summary of changes: doc/admin-guide/files/records.yaml.en.rst | 7 + doc/admin-guide/files/sni.yaml.en.rst | 374 +++-- .../statistics/core/http-connection.en.rst | 7 + iocore/net/P_SNIActionPerformer.h | 76 + iocore/net/TLSSNISupport.h | 4 + iocore/net/YamlSNIConfig.cc| 28 ++ iocore/net/YamlSNIConfig.h | 8 + proxy/http2/HTTP2.cc | 34 +- proxy/http2/HTTP2.h| 2 + proxy/http2/Http2ConnectionState.cc| 52 ++- proxy/http2/Http2ConnectionState.h | 8 + src/records/RecordsConfig.cc | 2 + 12 files changed, 404 insertions(+), 198 deletions(-)
[trafficserver] branch master updated (83161881b1 -> 0dfb832ff6)
This is an automated email from the ASF dual-hosted git repository. bcall pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git from 83161881b1 Add an HTTP/2 related rate limiting (#10563) add 0dfb832ff6 APIs to get the h2 error codes and a plugin to use them (#10570) No new revisions were added by this update. Summary of changes: doc/admin-guide/plugins/block_errors.en.rst| 73 + doc/admin-guide/plugins/index.en.rst | 4 + include/ts/ts.h| 36 +++ plugins/Makefile.am| 1 + plugins/experimental/CMakeLists.txt| 1 + .../block_errors}/CMakeLists.txt | 8 +- .../{fq_pacing => block_errors}/Makefile.inc | 6 +- plugins/experimental/block_errors/block_errors.cc | 306 + proxy/http2/Http2Stream.cc | 5 +- src/api/InkAPI.cc | 50 10 files changed, 483 insertions(+), 7 deletions(-) create mode 100644 doc/admin-guide/plugins/block_errors.en.rst copy plugins/{conf_remap => experimental/block_errors}/CMakeLists.txt (87%) copy plugins/experimental/{fq_pacing => block_errors}/Makefile.inc (83%) create mode 100644 plugins/experimental/block_errors/block_errors.cc
[trafficserver] branch 8.1.x updated: Add an HTTP/2 related rate limiting (#10565)
This is an automated email from the ASF dual-hosted git repository. bcall pushed a commit to branch 8.1.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/8.1.x by this push: new d742d74039 Add an HTTP/2 related rate limiting (#10565) d742d74039 is described below commit d742d74039aaa548dda0148ab4ba207906abc620 Author: Masakazu Kitajo AuthorDate: Tue Oct 10 01:02:37 2023 +0900 Add an HTTP/2 related rate limiting (#10565) --- doc/admin-guide/files/records.config.en.rst| 7 +++ .../statistics/core/http-connection.en.rst | 7 +++ mgmt/RecordsConfig.cc | 2 + proxy/http2/HTTP2.cc | 54 -- proxy/http2/HTTP2.h| 2 + proxy/http2/Http2ConnectionState.cc| 23 + proxy/http2/Http2ConnectionState.h | 3 ++ 7 files changed, 74 insertions(+), 24 deletions(-) diff --git a/doc/admin-guide/files/records.config.en.rst b/doc/admin-guide/files/records.config.en.rst index 98b2565490..fc9aae122f 100644 --- a/doc/admin-guide/files/records.config.en.rst +++ b/doc/admin-guide/files/records.config.en.rst @@ -3686,6 +3686,13 @@ HTTP/2 Configuration This limit only will be enforced if :ts:cv:`proxy.config.http2.stream_priority_enabled` is set to 1. +.. ts:cv:: CONFIG proxy.config.http2.max_rst_stream_frames_per_minute INT 14 + :reloadable: + + Specifies how many RST_STREAM frames |TS| receives for a minute at maximum. + Clients exceeded this limit will be immediately disconnected with an error + code of ENHANCE_YOUR_CALM. + .. ts:cv:: CONFIG proxy.config.http2.min_avg_window_update FLOAT 2560.0 :reloadable: diff --git a/doc/admin-guide/monitoring/statistics/core/http-connection.en.rst b/doc/admin-guide/monitoring/statistics/core/http-connection.en.rst index d2e9014ffd..b14e72bd75 100644 --- a/doc/admin-guide/monitoring/statistics/core/http-connection.en.rst +++ b/doc/admin-guide/monitoring/statistics/core/http-connection.en.rst @@ -238,6 +238,13 @@ HTTP/2 maximum allowed number of priority frames per minute limit which is configured by :ts:cv:`proxy.config.http2.max_priority_frames_per_minute`. +.. ts:stat:: global proxy.process.http2.max_rst_stream_frames_per_minute_exceeded integer + :type: counter + + Represents the total number of closed HTTP/2 connections for exceeding the + maximum allowed number of rst_stream frames per minute limit which is configured by + :ts:cv:`proxy.config.http2.max_rst_stream_frames_per_minute`. + .. ts:stat:: global proxy.process.http2.insufficient_avg_window_update integer :type: counter diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc index 79b025b64f..c2d84dc0e8 100644 --- a/mgmt/RecordsConfig.cc +++ b/mgmt/RecordsConfig.cc @@ -1346,6 +1346,8 @@ static const RecordElement RecordsConfig[] = , {RECT_CONFIG, "proxy.config.http2.max_priority_frames_per_minute", RECD_INT, "120", RECU_DYNAMIC, RR_NULL, RECC_STR, "^[0-9]+$", RECA_NULL} , + {RECT_CONFIG, "proxy.config.http2.max_rst_stream_frames_per_minute", RECD_INT, "200", RECU_DYNAMIC, RR_NULL, RECC_STR, "^[0-9]+$", RECA_NULL} + , {RECT_CONFIG, "proxy.config.http2.min_avg_window_update", RECD_FLOAT, "2560.0", RECU_DYNAMIC, RR_NULL, RECC_NULL, nullptr, RECA_NULL} , {RECT_CONFIG, "proxy.config.http2.header_table_size_limit", RECD_INT, "65536", RECU_DYNAMIC, RR_NULL, RECC_STR, "^[0-9]+$", RECA_NULL} diff --git a/proxy/http2/HTTP2.cc b/proxy/http2/HTTP2.cc index f928ea33a5..cc07c9a018 100644 --- a/proxy/http2/HTTP2.cc +++ b/proxy/http2/HTTP2.cc @@ -71,6 +71,8 @@ static const char *const HTTP2_STAT_MAX_PING_FRAMES_PER_MINUTE_EXCEEDED_NAME = "proxy.process.http2.max_ping_frames_per_minute_exceeded"; static const char *const HTTP2_STAT_MAX_PRIORITY_FRAMES_PER_MINUTE_EXCEEDED_NAME = "proxy.process.http2.max_priority_frames_per_minute_exceeded"; +static const char *const HTTP2_STAT_MAX_RST_STREAM_FRAMES_PER_MINUTE_EXCEEDED_NAME = + "proxy.process.http2.max_rst_stream_frames_per_minute_exceeded"; static const char *const HTTP2_STAT_INSUFFICIENT_AVG_WINDOW_UPDATE_NAME = "proxy.process.http2.insufficient_avg_window_update"; union byte_pointer { @@ -726,30 +728,31 @@ http2_decode_header_blocks(HTTPHdr *hdr, const uint8_t *buf_start, const uint32_ } // Initialize this subsystem with librecords configs (for now) -uint32_t Http2::max_concurrent_streams_in = 100; -uint32_t Http2::min_concurrent_streams_in = 10; -uint32_t Http2::max_active_streams_in = 0; -bool Http2::throttling = false; -uint32_t Http2::stream_priority_enabled= 0; -uint32_t Http2::initial_window_size= 65535; -uint32_t Http2::max_frame_size = 16384; -uint32_t Http2::header_table_size = 4096; -uint32_t Http2::max_header_list_size = 4294967295;
[trafficserver] branch 9.2.x updated: APIs to get the h2 error codes and a plugin to use them (#10571)
This is an automated email from the ASF dual-hosted git repository. bcall pushed a commit to branch 9.2.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/9.2.x by this push: new a49e575340 APIs to get the h2 error codes and a plugin to use them (#10571) a49e575340 is described below commit a49e5753405e20b553f16d976db99a5ccce4ffbb Author: Bryan Call AuthorDate: Mon Oct 9 09:23:56 2023 -0700 APIs to get the h2 error codes and a plugin to use them (#10571) --- doc/admin-guide/plugins/block_errors.en.rst | 73 + doc/admin-guide/plugins/index.en.rst | 4 + include/ts/ts.h | 36 +++ include/tscore/ink_inet.h | 26 ++ plugins/Makefile.am | 1 + plugins/experimental/block_errors/CMakeLists.txt | 22 ++ plugins/experimental/block_errors/Makefile.inc| 20 ++ plugins/experimental/block_errors/block_errors.cc | 309 ++ proxy/ProxyTransaction.cc | 5 +- src/traffic_server/InkAPI.cc | 50 10 files changed, 545 insertions(+), 1 deletion(-) diff --git a/doc/admin-guide/plugins/block_errors.en.rst b/doc/admin-guide/plugins/block_errors.en.rst new file mode 100644 index 00..c08d597726 --- /dev/null +++ b/doc/admin-guide/plugins/block_errors.en.rst @@ -0,0 +1,73 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + + + .. include:: ../../common.defs + +.. _admin-plugins-block_errors: + +Block Errors Plugin +*** + +Description +=== +The `block_errors` plugin blocks connections or downgrades the protocol from HTTP/2 to HTTP/1.1 for clients that have too many HTTP/2 errors on the server. + +The plugin tracks users based on their IP address and blocks them for a configurable amount of time. `block_errors` can be configured to either block or downgrade the protocol, only use HTTP/1.1, for any new connections. +The existing connection that experience errors and is over the error limit will be closed. The plugin also supports on the fly configuration changes using the `traffic_ctl` command. + + +Configuration += + +To enable the `block_errors` plugin, insert the following line in :file:`plugin.config`: + +block_errors.so + +Additional configuration options are available and can be set in :file:`plugin.config`: + +block_errors.so + +- ``error limit``: The number of errors allowed before blocking the client. Default: 1000 (per minute) +- ``timeout``: The time in minutes to block the client. Default: 4 (minutes) +- ``shutdown``: Shutdown (1) or downgrade (0) the protocol for new connections. Default: 0 (downgrade to HTTP/1.1) +- ``enable``: Enable (1) or disable (0) the plugin. Default: 1 (enabled) + +Example Configuration += + +block_errors.so 1000 4 0 1 + +Run Time Configuration +== +The plugin can be configured at run time using the `traffic_ctl` command. The following commands are available: + +- ``block_errors.error_limit``: Set the error limit. Takes a single argument, the number of errors allowed before blocking the client. +- ``block_errors.timeout``: Set the block timeout. Takes a single argument, the number of minutes to block the client. +- ``block_errors.shutdown``: Set the shutdown mode. Takes a single argument, 0 to downgrade to HTTP/1.1, 1 to close the connection. +- ``block_errors.enable``: Enable or disable the plugin. Takes a single argument, 0 to disable, 1 to enable. + +Example Run Time Configuration +== + +traffic_ctl plugin msg block_errors.error_limit 1 + +traffic_ctl plugin msg block_errors.timeout 10 + +traffic_ctl plugin msg block_errors.shutdown 1 + +traffic_ctl plugin msg block_errors.enable 1 diff --git a/doc/admin-guide/plugins/index.en.rst b/doc/admin-guide/plugins/index.en.rst index 986a956913..b0218bab9d 100644 --- a/doc/admin-guide/plugins/index.en.rst +++ b/doc/admin-guide/plugins/index.en.rst @@ -151,6 +151,7 @@ directory of the |TS| source tree. Experimental plugins can be compiled by passi
[trafficserver] branch 9.2.x updated: Reallocate a buffer for H2 header block only if needed (#10568)
This is an automated email from the ASF dual-hosted git repository. bcall pushed a commit to branch 9.2.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/9.2.x by this push: new 4ca137b59b Reallocate a buffer for H2 header block only if needed (#10568) 4ca137b59b is described below commit 4ca137b59bc6aaa25f8b14db2bdd2e72c43502e5 Author: Masakazu Kitajo AuthorDate: Tue Oct 10 00:33:06 2023 +0900 Reallocate a buffer for H2 header block only if needed (#10568) Co-authored-by: Bryan Call (cherry picked from commit 65dd18632648e5441df115c4ed666af02e61d2d9) --- proxy/http2/Http2ConnectionState.cc | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/proxy/http2/Http2ConnectionState.cc b/proxy/http2/Http2ConnectionState.cc index 888fdc39b5..dcfab9b674 100644 --- a/proxy/http2/Http2ConnectionState.cc +++ b/proxy/http2/Http2ConnectionState.cc @@ -937,8 +937,10 @@ rcv_continuation_frame(Http2ConnectionState , const Http2Frame ) "header blocks too large"); } - stream->header_blocks = static_cast(ats_realloc(stream->header_blocks, stream->header_blocks_length)); - frame.reader()->memcpy(stream->header_blocks + header_blocks_offset, payload_length); + if (payload_length > 0) { +stream->header_blocks = static_cast(ats_realloc(stream->header_blocks, stream->header_blocks_length)); +frame.reader()->memcpy(stream->header_blocks + header_blocks_offset, payload_length); + } if (frame.header().flags & HTTP2_FLAGS_HEADERS_END_HEADERS) { // NOTE: If there are END_HEADERS flag, decode stored Header Blocks.
[trafficserver] branch 9.2.x updated: s3_auth: Fix hash calculation (#10566)
This is an automated email from the ASF dual-hosted git repository. bcall pushed a commit to branch 9.2.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/9.2.x by this push: new de7c8a78ed s3_auth: Fix hash calculation (#10566) de7c8a78ed is described below commit de7c8a78edd5b75e311561dfaa133e9d71ea8a5e Author: Masakazu Kitajo AuthorDate: Tue Oct 10 00:31:12 2023 +0900 s3_auth: Fix hash calculation (#10566) (cherry picked from commit 4c62a113b48fd76d06e0a896ce8c21d749944339) --- plugins/s3_auth/aws_auth_v4.cc | 4 plugins/s3_auth/unit_tests/test_aws_auth_v4.cc | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/plugins/s3_auth/aws_auth_v4.cc b/plugins/s3_auth/aws_auth_v4.cc index d21ae814b4..968cfae2c7 100644 --- a/plugins/s3_auth/aws_auth_v4.cc +++ b/plugins/s3_auth/aws_auth_v4.cc @@ -93,6 +93,10 @@ uriEncode(const String , bool isObjectName) } else if (isObjectName && i == '/') { /* Encode the forward slash character, '/', everywhere except in the object key name. */ result << "/"; +} else if (i == '+') { + /* Only written in the example code, but a plus sign is treated as a space regardless of the position and it must be encoded + * as "%20" instead of "%2B" */ + result << "%20"; } else { /* Letters in the hexadecimal value must be upper-case, for example "%1A". */ result << "%" << std::uppercase << std::setfill('0') << std::setw(2) << std::hex << static_cast(i); diff --git a/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc b/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc index 506fef4387..ca2c6bbff6 100644 --- a/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc +++ b/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc @@ -57,7 +57,7 @@ TEST_CASE("uriEncode(): encode reserved chars in a name which is not object name String encoded = uriEncode(in, /* isObjectName */ false); CHECK(3 * in.length() == encoded.length()); /* size of "%NN" = 3 */ - CHECK_FALSE(encoded.compare("%20%2F%21%22%23%24%25%26%27%28%29%2A%2B%2C%3A%3B%3C%3D%3E%3F%40%5B%5C%5D%5E%60%7B%7C%7D")); + CHECK_FALSE(encoded.compare("%20%2F%21%22%23%24%25%26%27%28%29%2A%20%2C%3A%3B%3C%3D%3E%3F%40%5B%5C%5D%5E%60%7B%7C%7D")); } TEST_CASE("uriEncode(): encode reserved chars in an object name", "[AWS][auth][utility]") @@ -66,7 +66,7 @@ TEST_CASE("uriEncode(): encode reserved chars in an object name", "[AWS][auth][u String encoded = uriEncode(in, /* isObjectName */ true); CHECK(3 * in.length() - 2 == encoded.length()); /* size of "%NN" = 3, '/' is not encoded */ - CHECK_FALSE(encoded.compare("%20/%21%22%23%24%25%26%27%28%29%2A%2B%2C%3A%3B%3C%3D%3E%3F%40%5B%5C%5D%5E%60%7B%7C%7D")); + CHECK_FALSE(encoded.compare("%20/%21%22%23%24%25%26%27%28%29%2A%20%2C%3A%3B%3C%3D%3E%3F%40%5B%5C%5D%5E%60%7B%7C%7D")); } TEST_CASE("isUriEncoded(): check an empty input", "[AWS][auth][utility]")
[trafficserver] branch 9.2.x updated: Add support for vconn start handler in lua plugin (#10573)
This is an automated email from the ASF dual-hosted git repository. kichan pushed a commit to branch 9.2.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/9.2.x by this push: new 44267901b3 Add support for vconn start handler in lua plugin (#10573) 44267901b3 is described below commit 44267901b3f4820f0ebc7a7f63955bbfd34dd20b Author: Kit Chan AuthorDate: Mon Oct 9 15:43:29 2023 -0300 Add support for vconn start handler in lua plugin (#10573) * Add support for vconn start handler in lua plugin * fix clang format issue * fix doc error --- doc/admin-guide/plugins/lua.en.rst | 94 ++ plugins/lua/Makefile.inc| 1 + plugins/lua/example/test_vconn.lua | 42 plugins/lua/ts_lua.c| 89 plugins/lua/ts_lua_common.h | 17 + plugins/lua/ts_lua_fetch.c | 4 ++ plugins/lua/ts_lua_hook.c | 10 +++ plugins/lua/ts_lua_http.c | 131 plugins/lua/ts_lua_http_intercept.c | 2 + plugins/lua/ts_lua_misc.c | 6 ++ plugins/lua/ts_lua_util.c | 92 + plugins/lua/ts_lua_util.h | 25 +-- plugins/lua/ts_lua_vconn.c | 105 + plugins/lua/ts_lua_vconn.h | 23 +++ 14 files changed, 636 insertions(+), 5 deletions(-) diff --git a/doc/admin-guide/plugins/lua.en.rst b/doc/admin-guide/plugins/lua.en.rst index 68e95843fb..06db5cb023 100644 --- a/doc/admin-guide/plugins/lua.en.rst +++ b/doc/admin-guide/plugins/lua.en.rst @@ -112,6 +112,7 @@ script, and we can write this in remap.config: This module can also act as a global plugin of Traffic Server. In this case we should provide one of these functions in each lua script: +- **'do_global_vconn_start'** - **'do_global_txn_start'** - **'do_global_txn_close'** - **'do_global_os_dns'** @@ -620,6 +621,7 @@ Hook point constants :: +TS_LUA_HOOK_VCONN_START TS_LUA_HOOK_OS_DNS TS_LUA_HOOK_PRE_REMAP TS_LUA_HOOK_READ_CACHE_HDR @@ -643,6 +645,8 @@ Additional Information: | | | do_remap() via | do_os_response() | global context via | | | | ts.hook()? | via ts.hook()? | ts.hook()? | +===+===+==++==+ +| TS_VCONN_START_HOOK | TS_LUA_HOOK_VCONN_START | NO | NO |YES | ++---+---+--++--+ | TS_HTTP_TXN | TS_LUA_HOOK | NO | NO |YES | | _START_HOOK | _TXN_START| | | | +---+---+--++--+ @@ -3376,6 +3380,66 @@ Here is an example :ref:`TOP ` +ts.http.get_ssn_remote_addr +--- +**syntax:** *ts.http.get_ssn_remote_addr()* + +**context:** after do_global_read_reqest + +**description:** This function can be used to get the remote address (IP, port, family) of the session. + +`TOP <#ts-lua-plugin>`_ + +ts.http.get_client_received_error +- +**syntax:** *ts.http.get_client_received_error()* + +**context:** after do_global_txn_close + +**description:** This function can be used to get the client received error from transaction. + +Here is an example + +:: + +function do_global_txn_close() +local class, code = ts.http.get_client_received_error() +ts.debug('txn_close: '..class) +ts.debug('txn_close: '..code) +end + +`TOP <#ts-lua-plugin>`_ + +ts.http.get_client_sent_error +- +**syntax:** *ts.http.get_client_sent_error()* + +**context:** after do_global_txn_close + +**description:** This function can be used to get the client sent error from transaction. + +`TOP <#ts-lua-plugin>`_ + +ts.http.get_server_received_error +- +**syntax:** *ts.http.get_server_received_error()* + +**context:** after do_global_txn_close + +**description:** This function can be used to get the server received error from transaction. + +`TOP <#ts-lua-plugin>`_ + +ts.http.get_server_sent_error +- +**syntax:** *ts.http.get_server_sent_error()* + +**context:** after do_global_txn_close + +**description:** This function can be used to get the server sent error from transaction. + +`TOP <#ts-lua-plugin>`_ + ts.add_package_path --- **syntax:**
[trafficserver] 01/02: Updating files for 8.1.9 rc0
This is an automated email from the ASF dual-hosted git repository. eze pushed a commit to branch 8.1.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit 33bf0a6ce2be91ddc120de8910b360689ab0dcc8 Author: Evan Zelkowitz AuthorDate: Mon Oct 9 13:02:29 2023 -0600 Updating files for 8.1.9 rc0 --- configure.ac | 2 +- tools/package/trafficserver.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 1720e41294..12c9bb697b 100644 --- a/configure.ac +++ b/configure.ac @@ -32,7 +32,7 @@ # Version number is calculated as MAJOR * 100 + MINOR * 1000 + MICRO # Version string is in the form of MAJOR.MINOR.MICRO[sufix] # -m4_define([TS_VERSION_S],[8.1.8]) +m4_define([TS_VERSION_S],[8.1.9]) m4_define([TS_VERSION_N],[8001008]) AC_INIT([Apache Traffic Server], TS_VERSION_S(), [d...@trafficserver.apache.org], [trafficserver],[http://trafficserver.apache.org]) diff --git a/tools/package/trafficserver.spec b/tools/package/trafficserver.spec index 5d171cde83..537856bfcd 100755 --- a/tools/package/trafficserver.spec +++ b/tools/package/trafficserver.spec @@ -26,7 +26,7 @@ Summary: Apache Traffic Server, a reverse, forward and transparent HTTP proxy cache Name: trafficserver -Version: 8.1.8 +Version: 8.1.9 Release: %{release}%{?dist} License: Apache Software License 2.0 (AL2) Group: System Environment/Daemons
[trafficserver] branch 8.1.x updated (32cbd5baad -> fd8fb86334)
This is an automated email from the ASF dual-hosted git repository. eze pushed a change to branch 8.1.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git from 32cbd5baad Add support for vconn start handler for lua plugin (#10575) new 33bf0a6ce2 Updating files for 8.1.9 rc0 new fd8fb86334 Adding for 8.1.9 rc0 The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: CHANGELOG-8.1.9 | 6 ++ configure.ac | 2 +- tools/package/trafficserver.spec | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 CHANGELOG-8.1.9
[trafficserver] 02/02: Adding for 8.1.9 rc0
This is an automated email from the ASF dual-hosted git repository. eze pushed a commit to branch 8.1.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit fd8fb86334c192d7c538f14b9612fbd9aae11a6e Author: Evan Zelkowitz AuthorDate: Mon Oct 9 13:02:55 2023 -0600 Adding for 8.1.9 rc0 --- CHANGELOG-8.1.9 | 6 ++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG-8.1.9 b/CHANGELOG-8.1.9 new file mode 100644 index 00..40f1f6ef09 --- /dev/null +++ b/CHANGELOG-8.1.9 @@ -0,0 +1,6 @@ +Changes with Apache Traffic Server 8.1.9 + #10565 - Add an HTTP/2 related rate limiting + #10567 - s3_auth: Fix hash calculation + #10569 - clang-format + #10572 - APIs to get the h2 error codes and a plugin to use them + #10575 - Add support for vconn start handler for lua plugin
[trafficserver] branch 8.1.x updated: Add support for vconn start handler for lua plugin (#10575)
This is an automated email from the ASF dual-hosted git repository. kichan pushed a commit to branch 8.1.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/8.1.x by this push: new 32cbd5baad Add support for vconn start handler for lua plugin (#10575) 32cbd5baad is described below commit 32cbd5baadc946fc87c78b1b3a8b778a081ff3c7 Author: Kit Chan AuthorDate: Mon Oct 9 15:43:42 2023 -0300 Add support for vconn start handler for lua plugin (#10575) * add support for vconn start for lua plugin * fix clang format --- doc/admin-guide/plugins/lua.en.rst | 84 +++ plugins/lua/Makefile.inc| 1 + plugins/lua/example/test_vconn.lua | 40 +++ plugins/lua/ts_lua.c| 87 plugins/lua/ts_lua_common.h | 17 + plugins/lua/ts_lua_fetch.c | 4 ++ plugins/lua/ts_lua_hook.c | 10 +++ plugins/lua/ts_lua_http.c | 131 plugins/lua/ts_lua_http_intercept.c | 2 + plugins/lua/ts_lua_misc.c | 6 ++ plugins/lua/ts_lua_util.c | 92 + plugins/lua/ts_lua_util.h | 25 +-- plugins/lua/ts_lua_vconn.c | 87 plugins/lua/ts_lua_vconn.h | 21 ++ 14 files changed, 602 insertions(+), 5 deletions(-) diff --git a/doc/admin-guide/plugins/lua.en.rst b/doc/admin-guide/plugins/lua.en.rst index 8cf69b17ba..3e27e1ba44 100644 --- a/doc/admin-guide/plugins/lua.en.rst +++ b/doc/admin-guide/plugins/lua.en.rst @@ -96,6 +96,7 @@ script, and we can write this in remap.config: This module can also act as a global plugin of Traffic Server. In this case we should provide one of these functions in each lua script: +- **'do_global_vconn_start'** - **'do_global_txn_start'** - **'do_global_txn_close'** - **'do_global_os_dns'** @@ -478,6 +479,7 @@ Hook point constants :: +TS_LUA_HOOK_VCONN_START TS_LUA_HOOK_OS_DNS TS_LUA_HOOK_PRE_REMAP TS_LUA_HOOK_READ_CACHE_HDR @@ -501,6 +503,8 @@ Additional Information: | | | do_remap() via | do_os_response() | global context via | | | | ts.hook()? | via ts.hook()? | ts.hook()? | +===+===+==++==+ +| TS_VCONN_START_HOOK | TS_LUA_HOOK_VCONN_START | NO | NO |YES | ++---+---+--++--+ | TS_HTTP_TXN | TS_LUA_HOOK | NO | NO |YES | | _START_HOOK | _TXN_START| | | | +---+---+--++--+ @@ -2745,6 +2749,66 @@ Here is an example `TOP <#ts-lua-plugin>`_ +ts.http.get_ssn_remote_addr +--- +**syntax:** *ts.http.get_ssn_remote_addr()* + +**context:** after do_global_read_reqest + +**description:** This function can be used to get the remote address (IP, port, family) of the session. + +`TOP <#ts-lua-plugin>`_ + +ts.http.get_client_received_error +- +**syntax:** *ts.http.get_client_received_error()* + +**context:** after do_global_txn_close + +**description:** This function can be used to get the client received error from transaction. + +Here is an example + +:: + +function do_global_txn_close() +local class, code = ts.http.get_client_received_error() +ts.debug('txn_close: '..class) +ts.debug('txn_close: '..code) +end + +`TOP <#ts-lua-plugin>`_ + +ts.http.get_client_sent_error +- +**syntax:** *ts.http.get_client_sent_error()* + +**context:** after do_global_txn_close + +**description:** This function can be used to get the client sent error from transaction. + +`TOP <#ts-lua-plugin>`_ + +ts.http.get_server_received_error +- +**syntax:** *ts.http.get_server_received_error()* + +**context:** after do_global_txn_close + +**description:** This function can be used to get the server received error from transaction. + +`TOP <#ts-lua-plugin>`_ + +ts.http.get_server_sent_error +- +**syntax:** *ts.http.get_server_sent_error()* + +**context:** after do_global_txn_close + +**description:** This function can be used to get the server sent error from transaction. + +`TOP <#ts-lua-plugin>`_ + ts.add_package_path --- **syntax:** *ts.add_package_path(lua-style-path-str)* @@ -3847,6 +3911,26 @@ be
[trafficserver] branch master updated (0dfb832ff6 -> ff21aaf6de)
This is an automated email from the ASF dual-hosted git repository. kichan pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git from 0dfb832ff6 APIs to get the h2 error codes and a plugin to use them (#10570) add ff21aaf6de Add support for vconn start handler for lua plugin (#10574) No new revisions were added by this update. Summary of changes: doc/admin-guide/plugins/lua.en.rst | 94 +++ plugins/lua/Makefile.inc | 1 + .../{test_client_socket.lua => test_vconn.lua} | 36 +++--- plugins/lua/ts_lua.cc | 89 ++ plugins/lua/ts_lua_common.h| 17 +++ plugins/lua/ts_lua_fetch.cc| 4 + plugins/lua/ts_lua_hook.cc | 10 ++ plugins/lua/ts_lua_http.cc | 131 + plugins/lua/ts_lua_http_intercept.cc | 2 + plugins/lua/ts_lua_misc.cc | 6 + plugins/lua/ts_lua_util.cc | 92 +++ plugins/lua/ts_lua_util.h | 25 +++- plugins/lua/ts_lua_vconn.cc| 103 plugins/lua/{ts_lua_log.h => ts_lua_vconn.h} | 4 +- 14 files changed, 589 insertions(+), 25 deletions(-) copy plugins/lua/example/{test_client_socket.lua => test_vconn.lua} (51%) create mode 100644 plugins/lua/ts_lua_vconn.cc copy plugins/lua/{ts_lua_log.h => ts_lua_vconn.h} (94%)
[trafficserver] branch 9.2.x updated: Updated ChangeLog
This is an automated email from the ASF dual-hosted git repository. bcall pushed a commit to branch 9.2.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/9.2.x by this push: new b4e3c73354 Updated ChangeLog b4e3c73354 is described below commit b4e3c73354d2a104ed6f00379eeb9f121a85e8bb Author: Bryan Call AuthorDate: Mon Oct 9 13:38:12 2023 -0700 Updated ChangeLog --- CHANGELOG-9.2.3 | 9 + 1 file changed, 9 insertions(+) diff --git a/CHANGELOG-9.2.3 b/CHANGELOG-9.2.3 index 692e518268..dfbcfa0467 100644 --- a/CHANGELOG-9.2.3 +++ b/CHANGELOG-9.2.3 @@ -11,8 +11,17 @@ Changes with Apache Traffic Server 9.2.3 #10257 - Python 3.12: Make autest regex strings raw strings #10266 - Python 3.12: add charset-nomalizer to tests/Pipfile #10285 - Fix slice head request memory issue + #10286 - Abort a read when the disk is known to be bad #10287 - Fix a crash due to bad disks #10304 - Preserve unmapped url regardless of need for remapping + #10324 - Add TSVConnFdGet api #10386 - Don't set port number as part of hostname #10389 - 9.2.x: Proxy Verfier Upgrade to v2.10.1 #10391 - tls_verify4: Use traffic_manager for config reload + #10399 - Fix use-after-free issue + #10480 - Fix the SNI and HOST parsing properly + #10564 - Add an HTTP/2 related rate limiting + #10566 - s3_auth: Fix hash calculation + #10568 - Reallocate a buffer for H2 header block only if needed + #10571 - APIs to get the h2 error codes and a plugin to use them + #10573 - Add support for vconn start handler in lua plugin
[trafficserver] annotated tag 8.1.9-rc0 updated (fd8fb86334 -> 073ba3f5c3)
This is an automated email from the ASF dual-hosted git repository. eze pushed a change to annotated tag 8.1.9-rc0 in repository https://gitbox.apache.org/repos/asf/trafficserver.git *** WARNING: tag 8.1.9-rc0 was modified! *** from fd8fb86334 (commit) to 073ba3f5c3 (tag) tagging fd8fb86334c192d7c538f14b9612fbd9aae11a6e (commit) replaces 8.1.8-rc1 by Evan Zelkowitz on Mon Oct 9 13:06:01 2023 -0600 - Log - Release Candidate 8.1.9-rc0 -BEGIN PGP SIGNATURE- iQJNBAABCgA3FiEElnZxNIL5Jn4xrNGdRmN2b7bo5OMFAmUkTxkZHGV2YW4uemVs a293aXR6QGdtYWlsLmNvbQAKCRBGY3Zvtujk409HD/9UEgOdhy8reQ0pcUak/Klc xecewQHrxgRXzlV5lLEXLCzaSgRrRJGIJ253/E64Bp4NaMeId5gy9E8E86ytpWAD dpBGkHUwaPXcGk9R/2zU8fc1GJzTA5EZ+OrMlfTjIUmqUv8tj4Lnc7zL2BT4V8Kb cFO5qzWSfnw8NpJDhpiR22ITnkwqMN9Ss6Af+TNqbIcG+G62w3Tl7Gm3GWucWz7B B0axxLJ+tNKn4nwvXxB21i4nnbbQQHhA0AmUiAyP2BlHoHHie9H1qvnf2sLEodzf El1FpnNqo3hfy6fDHyIWGcCeISY0ayijAdN2wnRFkH2Ev9daLXh3pIB7EzalYWNG wxi2aJNnihj1YjHn7GPNlt0WwQhCH/yukpIsCbK1CIkF8M0gLXO7uSOgrt+LDjVj Ks8ScWE40xNsAJ1zGf0yXu+9Z8wZHFqxOg/ug9tIJlZvI6Q5UYNZaKCsIVoZPv8l WYZZVoTOAEZ8G/LnBJI5DlG6WOdNN/HFD2z69qcpa8oXpRaE6qCE83++hMjVIo4D eGnJZuC3BpE/252F6j2eRZv5ckMT2SgxM6Ck+cZG19Q1KM0u0Zp1BPuXIhXdmBnR ct4TwqSXAH7l2Vg8f21NU4sZpYmTaAC2JJksqh66zKuaY5d5A5g8V41ys9/aneMy m2oRMP4M/JjspmKiN+aMXw== =Nwl2 -END PGP SIGNATURE- --- No new revisions were added by this update. Summary of changes:
[trafficserver] branch master updated: make sure open() and read() succeeded (#10273)
This is an automated email from the ASF dual-hosted git repository. bcall pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new 26affdad94 make sure open() and read() succeeded (#10273) 26affdad94 is described below commit 26affdad9451da19782cdb3ff6ac881a54277410 Author: Fei Deng AuthorDate: Mon Oct 9 18:33:33 2023 -0400 make sure open() and read() succeeded (#10273) --- plugins/experimental/ssl_session_reuse/src/config.cc | 3 +-- plugins/experimental/ssl_session_reuse/src/ssl_init.cc | 11 +++ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/plugins/experimental/ssl_session_reuse/src/config.cc b/plugins/experimental/ssl_session_reuse/src/config.cc index b2a9814c7b..d83c60d783 100644 --- a/plugins/experimental/ssl_session_reuse/src/config.cc +++ b/plugins/experimental/ssl_session_reuse/src/config.cc @@ -82,12 +82,11 @@ Config::loadConfig(const std::string ) } } -close(fd); - m_noConfig = false; success = true; m_alreadyLoaded = true; } + close(fd); return success; } diff --git a/plugins/experimental/ssl_session_reuse/src/ssl_init.cc b/plugins/experimental/ssl_session_reuse/src/ssl_init.cc index 961a017cfb..acfd2ea2a3 100644 --- a/plugins/experimental/ssl_session_reuse/src/ssl_init.cc +++ b/plugins/experimental/ssl_session_reuse/src/ssl_init.cc @@ -105,7 +105,7 @@ get_redis_auth_key(char *retKeyBuff, int buffSize) if (ssl_param.redis_auth_key_file.length()) { int fd = open(ssl_param.redis_auth_key_file.c_str(), O_RDONLY); struct stat info; -if (0 == fstat(fd, )) { +if (fd >= 0 && 0 == fstat(fd, )) { size_t n = info.st_size; std::string key_data; key_data.resize(n); @@ -114,10 +114,13 @@ get_redis_auth_key(char *retKeyBuff, int buffSize) while (read_len > 1 && key_data[read_len - 1] == '\n') { --read_len; } - memset(retKeyBuff, 0, buffSize); - strncpy(retKeyBuff, key_data.c_str(), read_len); - retval = key_data.length(); + if (read_len > 0 && read_len <= buffSize && static_cast(read_len) <= key_data.length()) { +memset(retKeyBuff, 0, buffSize); +strncpy(retKeyBuff, key_data.c_str(), read_len); +retval = read_len; + } } +close(fd); } else { TSError("Can not get redis auth key."); }
[trafficserver] tag 8.1.9 created (now fd8fb86334)
This is an automated email from the ASF dual-hosted git repository. eze pushed a change to tag 8.1.9 in repository https://gitbox.apache.org/repos/asf/trafficserver.git at fd8fb86334 (commit) No new revisions were added by this update.
[trafficserver] branch master updated (cbb4f35ea9 -> 9e4f4418ef)
This is an automated email from the ASF dual-hosted git repository. bcall pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git from cbb4f35ea9 Build unit tests only with BUILD_TESTING (#10548) add 9e4f4418ef fix(http): do reverse dns resolution only for IP addresses (#10234) No new revisions were added by this update. Summary of changes: proxy/http/HttpTransact.cc | 16 ++-- proxy/http/HttpTransact.h | 5 +++-- 2 files changed, 9 insertions(+), 12 deletions(-)
[trafficserver] branch master updated: Prevent HttpSM to be added to wrong ConnectingEntry (#10576)
This is an automated email from the ASF dual-hosted git repository. bneradt pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new f1827d453a Prevent HttpSM to be added to wrong ConnectingEntry (#10576) f1827d453a is described below commit f1827d453a735b7ab189bb6501475f8767714092 Author: Zhengxi Li AuthorDate: Mon Oct 9 19:09:00 2023 -0400 Prevent HttpSM to be added to wrong ConnectingEntry (#10576) This PR fixes #10455, a crash observed in production coincided with changes in #10157. Please see details in the issue. --- proxy/http/ConnectingEntry.cc | 7 +++--- proxy/http/HttpSM.cc | 55 --- 2 files changed, 29 insertions(+), 33 deletions(-) diff --git a/proxy/http/ConnectingEntry.cc b/proxy/http/ConnectingEntry.cc index e0276ff09e..a06e9d2b34 100644 --- a/proxy/http/ConnectingEntry.cc +++ b/proxy/http/ConnectingEntry.cc @@ -152,13 +152,12 @@ ConnectingEntry::state_http_server_open(int event, void *data) void ConnectingEntry::remove_entry() { - EThread *ethread = this_ethread(); - auto ip_iter = ethread->connecting_pool->m_ip_pool.find(this->ipaddr); - while (ip_iter != ethread->connecting_pool->m_ip_pool.end() && this->ipaddr == ip_iter->first) { + EThread *ethread= this_ethread(); + auto [iter_start, iter_end] = ethread->connecting_pool->m_ip_pool.equal_range(this->ipaddr); + for (auto ip_iter = iter_start; ip_iter != iter_end; ++ip_iter) { if (ip_iter->second == this) { ethread->connecting_pool->m_ip_pool.erase(ip_iter); break; } -++ip_iter; } } diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc index 8b2cf65a1e..055aca6f97 100644 --- a/proxy/http/HttpSM.cc +++ b/proxy/http/HttpSM.cc @@ -2143,33 +2143,30 @@ void HttpSM::cancel_pending_server_connection() { EThread *ethread = this_ethread(); - if (nullptr == ethread->connecting_pool) { + if (nullptr == ethread->connecting_pool || !t_state.current.server) { return; // No pending requests } - if (t_state.current.server) { -IpEndpoint ip; -ip.assign(>t_state.current.server->dst_addr.sa); -auto ip_iter = ethread->connecting_pool->m_ip_pool.find(ip); -while (ip_iter != ethread->connecting_pool->m_ip_pool.end() && ip_iter->first == ip) { - ConnectingEntry *connecting_entry = ip_iter->second; - // Found a match - // Look for our sm in the queue - auto entry = connecting_entry->connect_sms.find(this); - if (entry != connecting_entry->connect_sms.end()) { -connecting_entry->connect_sms.erase(entry); -if (connecting_entry->connect_sms.empty()) { - if (connecting_entry->netvc) { -connecting_entry->netvc->do_io_write(nullptr, 0, nullptr); -connecting_entry->netvc->do_io_close(); - } - ethread->connecting_pool->m_ip_pool.erase(ip_iter); - delete connecting_entry; - break; -} else { - // Leave the shared entry remaining alone + IpEndpoint ip; + ip.assign(>t_state.current.server->dst_addr.sa); + auto [iter_start, iter_end] = ethread->connecting_pool->m_ip_pool.equal_range(ip); + for (auto ip_iter = iter_start; ip_iter != iter_end; ++ip_iter) { +ConnectingEntry *connecting_entry = ip_iter->second; +// Found a match, look for our sm in the queue. +auto entry = connecting_entry->connect_sms.find(this); +if (entry != connecting_entry->connect_sms.end()) { + // Found the sm, remove it. + connecting_entry->connect_sms.erase(entry); + if (connecting_entry->connect_sms.empty()) { +if (connecting_entry->netvc) { + connecting_entry->netvc->do_io_write(nullptr, 0, nullptr); + connecting_entry->netvc->do_io_close(); } +ethread->connecting_pool->m_ip_pool.erase(ip_iter); +delete connecting_entry; +break; + } else { +// Leave the shared entry remaining alone } - ++ip_iter; } } } @@ -2198,23 +2195,23 @@ HttpSM::add_to_existing_request() IpEndpoint ip; ip.assign(>dst_addr.sa); - auto ip_iter = ethread->connecting_pool->m_ip_pool.find(ip); std::string_view proposed_sni = this->get_outbound_sni(); std::string_view proposed_cert = this->get_outbound_cert(); std::string_view proposed_hostname = this->t_state.current.server->name; - while (!retval && ip_iter != ethread->connecting_pool->m_ip_pool.end() && ip_iter->first == ip) { -// Check that entry matches sni, hostname, and cert + auto [iter_start, iter_end]= ethread->connecting_pool->m_ip_pool.equal_range(ip); + + for (auto ip_iter = iter_start; ip_iter != iter_end; ++ip_iter) { +// Check that entry matches sni, hostname, and cert. if (proposed_hostname == ip_iter->second->hostname && proposed_sni ==
[trafficserver-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/trafficserver-site.git The following commit(s) were added to refs/heads/asf-site by this push: new a3f4012 Automatic Site Publish by Buildbot a3f4012 is described below commit a3f40122eae8ab2757110acd7eb170d88d854de0 Author: buildbot AuthorDate: Mon Oct 9 23:27:49 2023 + Automatic Site Publish by Buildbot --- content/downloads.html | 24 content/index.html | 5 ++--- 2 files changed, 14 insertions(+), 15 deletions(-) diff --git a/content/downloads.html b/content/downloads.html index ab8ce51..0a7a77d 100644 --- a/content/downloads.html +++ b/content/downloads.html @@ -61,9 +61,9 @@ - The latest stable release of Apache Traffic Server is v9.2.0, released on 2023-01-23. -In addition, we continue to support the v8.1.x LTS release train, currently v8.1.6, -which was released on 2022-12-15. We follow the http://semver.org;>Semantic Versioning + The latest stable release of Apache Traffic Server is v9.2.3, released on 2023-10-9. +In addition, we continue to support the v8.1.x LTS release train, currently v8.1.8, +which was released on 2023-08-03. We follow the http://semver.org;>Semantic Versioning scheme. The goal is to release patch releases frequently, and minor releases as needed. Within the major versions, all such patch and minor releases are all compatible. When downloading from a mirror, please be sure to https://www.apache.org/info/verification.html;>verify the hash and OpenPGP @@ -72,15 +72,15 @@ the PGP signatures the https://www.apache.org/dist/trafficserver/KEYS;> will be needed. You can also https://archive.apache.org/dist/trafficserver/;>browse through all releases and hash signatures. -Current v9.x Release -- 9.2.2 -Apache Traffic Server v9.2.2 was released on August 3rd, 2023. - [https://www.apache.org/dist/trafficserver/trafficserver-9.2.2.tar.bz2.asc;>PGP] - [https://www.apache.org/dist/trafficserver/trafficserver-9.2.2.tar.bz2.sha512;>SHA512] -https://www.apache.org/dyn/closer.cgi/trafficserver/trafficserver-9.2.2.tar.bz2; - class="download_ts">Traffic Server 9.2.2 -v9.2.2 is our latest stable release. Additional details for this release are in the -https://raw.githubusercontent.com/apache/trafficserver/9.2.x/CHANGELOG-9.2.2;>CHANGELOG -and the the related https://github.com/apache/trafficserver/pulls?q=is:closed+is:pr+milestone:9.2.2;>Github Issues and PRs. +Current v9.x Release -- 9.2.3 +Apache Traffic Server v9.2.3 was released on August 3rd, 2023. + [https://www.apache.org/dist/trafficserver/trafficserver-9.2.3.tar.bz2.asc;>PGP] + [https://www.apache.org/dist/trafficserver/trafficserver-9.2.3.tar.bz2.sha512;>SHA512] +https://www.apache.org/dyn/closer.cgi/trafficserver/trafficserver-9.2.3.tar.bz2; + class="download_ts">Traffic Server 9.2.3 +v9.2.3 is our latest stable release. Additional details for this release are in the +https://raw.githubusercontent.com/apache/trafficserver/9.2.x/CHANGELOG-9.2.3;>CHANGELOG +and the the related https://github.com/apache/trafficserver/pulls?q=is:closed+is:pr+milestone:9.2.3;>Github Issues and PRs. For details on the v9.x release, please see https://docs.trafficserver.apache.org/en/9.2.x/release-notes/whats-new.en.html;>9.2.x News (there's a new section specific to v9.2.x). There are also diff --git a/content/index.html b/content/index.html index a68c7c4..9b37eb2 100644 --- a/content/index.html +++ b/content/index.html @@ -287,7 +287,8 @@ - August 3, 2023: We are releasing both v9.2.2 and v8.1.8. We recommend everyone to upgrade to one of these versions of ATS. + October 9, 2023:We are releasing v9.2.3. We recommend everyone to upgrade to one of these versions of ATS. + August 3, 2023: We are releasing both v9.2.2 and v8.1.8 which include security fixes. We recommend everyone to upgrade to one of these versions of ATS. June 12, 2023: We are releasing both v9.2.1 and v8.1.7 which include security fixes. We recommend everyone to upgrade to one of these versions of ATS. January 23, 2023:The first version of the stable v9.2.x ATS branch is now available for download. This version, \ v9.2.0, is a feature and bug fix release over previous v9.1.x releases. @@ -301,8 +302,6 @@ v9.2.0, is a feature and bug fix release over previous v9.1.x releases. August 17, 2021:We are releasing both v9.1.0, which is our next current release. June 24, 2021:We are releasing both v9.0.2 and v8.1.2 which include security fixes. We recommend everyone to upgrade to one of these versions of ATS. April 16, 2021:We are pleased to announce v9.0.1, which is bug-fix release on the v9.x LTS train. - December 14, 2020:We are pleased to announce the first release of ATS
[trafficserver-site] branch asf-site updated: Updated index with 9.2.3 release
This is an automated email from the ASF dual-hosted git repository. bcall pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/trafficserver-site.git The following commit(s) were added to refs/heads/asf-site by this push: new de5e5d3 Updated index with 9.2.3 release de5e5d3 is described below commit de5e5d3322c526469228d7a51802a40575bc6e62 Author: Bryan Call AuthorDate: Mon Oct 9 16:27:16 2023 -0700 Updated index with 9.2.3 release --- source/markdown/downloads.mdtext | 24 source/markdown/index.html | 5 ++--- 2 files changed, 14 insertions(+), 15 deletions(-) diff --git a/source/markdown/downloads.mdtext b/source/markdown/downloads.mdtext index 8e0960d..8d1bda8 100644 --- a/source/markdown/downloads.mdtext +++ b/source/markdown/downloads.mdtext @@ -19,9 +19,9 @@ RSS: /rss/releases.rss -The latest stable release of Apache Traffic Server is v9.2.0, released on 2023-01-23. -In addition, we continue to support the v8.1.x LTS release train, currently v8.1.6, -which was released on 2022-12-15. We follow the [Semantic Versioning](http://semver.org) +The latest stable release of Apache Traffic Server is v9.2.3, released on 2023-10-9. +In addition, we continue to support the v8.1.x LTS release train, currently v8.1.8, +which was released on 2023-08-03. We follow the [Semantic Versioning](http://semver.org) scheme. The goal is to release patch releases frequently, and minor releases as needed. Within the major versions, all such patch and minor releases are all compatible. @@ -32,18 +32,18 @@ will be needed. You can also [browse through all releases](https://archive.apache.org/dist/trafficserver/) and hash signatures. -# Current v9.x Release -- 9.2.2 # {#9.2.2} +# Current v9.x Release -- 9.2.3 # {#9.2.3} - Apache Traffic Server v9.2.2 was released on August 3rd, 2023. - [[`PGP`](https://www.apache.org/dist/trafficserver/trafficserver-9.2.2.tar.bz2.asc)] - [[`SHA512`](https://www.apache.org/dist/trafficserver/trafficserver-9.2.2.tar.bz2.sha512)] + Apache Traffic Server v9.2.3 was released on August 3rd, 2023. + [[`PGP`](https://www.apache.org/dist/trafficserver/trafficserver-9.2.3.tar.bz2.asc)] + [[`SHA512`](https://www.apache.org/dist/trafficserver/trafficserver-9.2.3.tar.bz2.sha512)] - https://www.apache.org/dyn/closer.cgi/trafficserver/trafficserver-9.2.2.tar.bz2; - class="download_ts">Traffic Server 9.2.2 + https://www.apache.org/dyn/closer.cgi/trafficserver/trafficserver-9.2.3.tar.bz2; + class="download_ts">Traffic Server 9.2.3 -v9.2.2 is our latest stable release. Additional details for this release are in the -[CHANGELOG](https://raw.githubusercontent.com/apache/trafficserver/9.2.x/CHANGELOG-9.2.2) -and the the related [Github Issues and PRs](https://github.com/apache/trafficserver/pulls?q=is:closed+is:pr+milestone:9.2.2). +v9.2.3 is our latest stable release. Additional details for this release are in the +[CHANGELOG](https://raw.githubusercontent.com/apache/trafficserver/9.2.x/CHANGELOG-9.2.3) +and the the related [Github Issues and PRs](https://github.com/apache/trafficserver/pulls?q=is:closed+is:pr+milestone:9.2.3). For details on the v9.x release, please see [9.2.x News](https://docs.trafficserver.apache.org/en/9.2.x/release-notes/whats-new.en.html) diff --git a/source/markdown/index.html b/source/markdown/index.html index a68c7c4..9b37eb2 100644 --- a/source/markdown/index.html +++ b/source/markdown/index.html @@ -287,7 +287,8 @@ - August 3, 2023: We are releasing both v9.2.2 and v8.1.8. We recommend everyone to upgrade to one of these versions of ATS. + October 9, 2023:We are releasing v9.2.3. We recommend everyone to upgrade to one of these versions of ATS. + August 3, 2023: We are releasing both v9.2.2 and v8.1.8 which include security fixes. We recommend everyone to upgrade to one of these versions of ATS. June 12, 2023: We are releasing both v9.2.1 and v8.1.7 which include security fixes. We recommend everyone to upgrade to one of these versions of ATS. January 23, 2023:The first version of the stable v9.2.x ATS branch is now available for download. This version, \ v9.2.0, is a feature and bug fix release over previous v9.1.x releases. @@ -301,8 +302,6 @@ v9.2.0, is a feature and bug fix release over previous v9.1.x releases. August 17, 2021:We are releasing both v9.1.0, which is our next current release. June 24, 2021:We are releasing both v9.0.2 and v8.1.2 which include security fixes. We recommend everyone to upgrade to one of these versions of ATS. April 16, 2021:We are pleased to announce v9.0.1, which is bug-fix release on the v9.x LTS train. - December 14, 2020:We are pleased to announce the first release of ATS v9.0.0, which is our new LTS release cycle. It's available for immediate downloads from the regular Downloads
[trafficserver] branch master updated: Ran clang-tidy over the experimental plugins (#10550)
This is an automated email from the ASF dual-hosted git repository. bcall pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new 7f86ef2a73 Ran clang-tidy over the experimental plugins (#10550) 7f86ef2a73 is described below commit 7f86ef2a734775d4dc76c64d4b6048d0b1fea348 Author: Bryan Call AuthorDate: Mon Oct 9 15:01:12 2023 -0700 Ran clang-tidy over the experimental plugins (#10550) --- .../cache_range_requests/cache_range_requests.cc | 2 +- .../cache_key_genid/cache_key_genid.cc | 8 +- plugins/experimental/cookie_remap/hash.cc | 6 +- plugins/experimental/fastcgi/src/Profiler.h| 6 +- plugins/experimental/fastcgi/src/ats_fastcgi.cc| 7 +- .../experimental/fastcgi/src/ats_fcgi_client.cc| 55 plugins/experimental/fastcgi/src/ats_fcgi_client.h | 6 +- plugins/experimental/fastcgi/src/fcgi_config.cc| 2 +- plugins/experimental/fastcgi/src/fcgi_config.h | 8 +- plugins/experimental/fastcgi/src/fcgi_protocol.h | 14 +-- plugins/experimental/fastcgi/src/server.cc | 10 +- .../experimental/fastcgi/src/server_connection.cc | 5 +- plugins/experimental/fq_pacing/fq_pacing.cc| 30 ++--- plugins/experimental/http_stats/http_stats.cc | 8 +- plugins/experimental/maxmind_acl/mmdb.h| 6 +- plugins/experimental/memcache/protocol_binary.h| 138 ++--- plugins/experimental/memcache/tsmemcache.cc| 2 +- plugins/experimental/memcache/tsmemcache.h | 10 +- plugins/experimental/money_trace/money_trace.cc| 2 +- plugins/experimental/mp4/mp4_meta.h| 87 ++--- plugins/experimental/otel_tracer/otel_tracer.cc| 8 +- plugins/experimental/otel_tracer/tracer_common.h | 4 +- plugins/experimental/rate_limit/iprep_simu.cc | 19 +-- plugins/experimental/rate_limit/limiter.h | 2 +- plugins/experimental/rate_limit/txn_limiter.h | 2 +- .../experimental/ssl_session_reuse/src/Config.h| 6 +- .../experimental/ssl_session_reuse/src/message.h | 10 +- .../ssl_session_reuse/src/redis_endpoint.cc| 2 +- .../ssl_session_reuse/src/redis_endpoint.h | 8 +- plugins/experimental/system_stats/system_stats.cc | 20 +-- plugins/experimental/tls_bridge/tls_bridge.cc | 12 +- plugins/experimental/uri_signing/config.cc | 6 +- plugins/experimental/uri_signing/cookie.cc | 2 +- plugins/experimental/uri_signing/jwt.cc| 18 +-- plugins/experimental/uri_signing/match.cc | 12 +- plugins/experimental/uri_signing/normalize.cc | 10 +- plugins/experimental/uri_signing/parse.cc | 6 +- plugins/experimental/uri_signing/timing.h | 3 +- .../uri_signing/unit_tests/uri_signing_test.cc | 14 +-- plugins/experimental/uri_signing/uri_signing.cc| 24 ++-- plugins/experimental/url_sig/url_sig.cc| 39 +++--- plugins/experimental/wasm/ats_context.cc | 4 +- plugins/experimental/wasm/ats_context.h| 4 +- plugins/experimental/wasm/wasm_main.cc | 4 +- proxy/Plugin.h | 2 +- 45 files changed, 337 insertions(+), 316 deletions(-) diff --git a/plugins/cache_range_requests/cache_range_requests.cc b/plugins/cache_range_requests/cache_range_requests.cc index a5e2883ab3..aaf3ceed2f 100644 --- a/plugins/cache_range_requests/cache_range_requests.cc +++ b/plugins/cache_range_requests/cache_range_requests.cc @@ -45,7 +45,7 @@ namespace { DbgCtl dbg_ctl{PLUGIN_NAME}; -using parent_select_mode_t = enum parent_select_mode { +enum parent_select_mode_t { PS_DEFAULT, // Default ATS parent selection mode PS_CACHEKEY_URL, // Set parent selection url to cache_key url }; diff --git a/plugins/experimental/cache_key_genid/cache_key_genid.cc b/plugins/experimental/cache_key_genid/cache_key_genid.cc index 8191168345..e4083190bc 100644 --- a/plugins/experimental/cache_key_genid/cache_key_genid.cc +++ b/plugins/experimental/cache_key_genid/cache_key_genid.cc @@ -18,8 +18,8 @@ */ #include -#include -#include +#include +#include #include #define PLUGIN_NAME "cache-key-genid" @@ -95,7 +95,7 @@ get_genid(char *host) static int handle_hook(TSCont *contp, TSEvent event, void *edata) { - TSHttpTxn txnp = (TSHttpTxn)edata; + TSHttpTxn txnp = static_cast(edata); char *url = nullptr, *host = nullptr; int url_length; int gen_id; @@ -172,5 +172,5 @@ TSPluginInit(int argc, const char *argv[]) return; } - TSHttpHookAdd(TS_HTTP_READ_REQUEST_HDR_HOOK, TSContCreate((TSEventFunc)handle_hook, nullptr)); + TSHttpHookAdd(TS_HTTP_READ_REQUEST_HDR_HOOK, TSContCreate(reinterpret_cast(handle_hook), nullptr)); } diff --git a/plugins/experimental/cookie_remap/hash.cc
[trafficserver] branch master updated (7f86ef2a73 -> cbb4f35ea9)
This is an automated email from the ASF dual-hosted git repository. bcall pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git from 7f86ef2a73 Ran clang-tidy over the experimental plugins (#10550) add cbb4f35ea9 Build unit tests only with BUILD_TESTING (#10548) No new revisions were added by this update. Summary of changes: CMakeLists.txt| 7 ++- mgmt/rpc/CMakeLists.txt | 46 + plugins/esi/CMakeLists.txt| 4 +- plugins/header_rewrite/CMakeLists.txt | 2 +- plugins/prefetch/CMakeLists.txt | 4 +- plugins/s3_auth/CMakeLists.txt| 4 +- proxy/hdrs/CMakeLists.txt | 20 proxy/http/CMakeLists.txt | 23 + proxy/http2/CMakeLists.txt| 88 proxy/logging/CMakeLists.txt | 26 +- src/api/CMakeLists.txt| 14 +++--- src/records/CMakeLists.txt| 22 src/traffic_logstats/CMakeLists.txt | 22 src/traffic_via/CMakeLists.txt| 12 +++-- src/tscore/CMakeLists.txt | 94 ++- src/tscpp/util/CMakeLists.txt | 24 + 16 files changed, 219 insertions(+), 193 deletions(-)
svn commit: r64439 - in /release/trafficserver: trafficserver-9.2.3.tar.bz2 trafficserver-9.2.3.tar.bz2.asc trafficserver-9.2.3.tar.bz2.sha512
Author: bcall Date: Mon Oct 9 23:19:16 2023 New Revision: 64439 Log: Release 9.2.3 Added: release/trafficserver/trafficserver-9.2.3.tar.bz2 (with props) release/trafficserver/trafficserver-9.2.3.tar.bz2.asc (with props) release/trafficserver/trafficserver-9.2.3.tar.bz2.sha512 Added: release/trafficserver/trafficserver-9.2.3.tar.bz2 == Binary file - no diff available. Propchange: release/trafficserver/trafficserver-9.2.3.tar.bz2 -- svn:mime-type = application/x-bzip2 Added: release/trafficserver/trafficserver-9.2.3.tar.bz2.asc == Binary file - no diff available. Propchange: release/trafficserver/trafficserver-9.2.3.tar.bz2.asc -- svn:mime-type = application/pgp-signature Added: release/trafficserver/trafficserver-9.2.3.tar.bz2.sha512 == --- release/trafficserver/trafficserver-9.2.3.tar.bz2.sha512 (added) +++ release/trafficserver/trafficserver-9.2.3.tar.bz2.sha512 Mon Oct 9 23:19:16 2023 @@ -0,0 +1 @@ +acb511873a051c2cdfddccabf420be79cba01ae241470738658a89bcf636074bf41cda62552e01f41b9549295f817c566a1696aec057509a8c93f3b22ae9e90e *trafficserver-9.2.3.tar.bz2
[trafficserver] branch master updated (9e4f4418ef -> b3d0f7182e)
This is an automated email from the ASF dual-hosted git repository. bcall pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git from 9e4f4418ef fix(http): do reverse dns resolution only for IP addresses (#10234) add b3d0f7182e replace time_t (#10268) No new revisions were added by this update. Summary of changes: .../ssl_session_reuse/src/ssl_key_utils.cc | 45 ++ 1 file changed, 30 insertions(+), 15 deletions(-)
svn commit: r64440 - in /release/trafficserver: trafficserver-8.1.9.tar.bz2 trafficserver-8.1.9.tar.bz2.asc trafficserver-8.1.9.tar.bz2.sha512
Author: eze Date: Mon Oct 9 23:57:20 2023 New Revision: 64440 Log: Release 8.1.9 Added: release/trafficserver/trafficserver-8.1.9.tar.bz2 (with props) release/trafficserver/trafficserver-8.1.9.tar.bz2.asc release/trafficserver/trafficserver-8.1.9.tar.bz2.sha512 Added: release/trafficserver/trafficserver-8.1.9.tar.bz2 == Binary file - no diff available. Propchange: release/trafficserver/trafficserver-8.1.9.tar.bz2 -- svn:mime-type = application/octet-stream Added: release/trafficserver/trafficserver-8.1.9.tar.bz2.asc == --- release/trafficserver/trafficserver-8.1.9.tar.bz2.asc (added) +++ release/trafficserver/trafficserver-8.1.9.tar.bz2.asc Mon Oct 9 23:57:20 2023 @@ -0,0 +1,11 @@ +-BEGIN PGP SIGNATURE- + +iQEzBAABCgAdFiEEcxRKqDsQqXsEwemDFa1i6UAQTpYFAmUkTwYACgkQFa1i6UAQ +TpYiawf+LI6N5Tiog1O5sar31emyOmNmktytiGbBMDnjphf6TZvesD068+IbwFL9 +CDOEiJ+VRxws3QkzJqIwMqoiR0h6ohcK9W+ypRbJm2nDWowLyoCByqhS0eo9sk2Z +Ff43iWx4ZcqDb/6cMnMCZK5CyCjsjQok49EF/B3eUghICJk9FKJyOzX8MZ+G7D9D +o0EBlSdPM2ccFwQ2dzu+/j5kBPZpaLknFkxrObPTQpIA76l1noRckR8AM/eibNO2 +wGdhL2R74EfmejNbOKodNr9JZ3CQnOJ2bb7dkVJpRgrL7IrU2wKULfxKAff3XMOY +OBXX/JUWDvm0uhP32aOq7HgpekCO4w== +=2/MQ +-END PGP SIGNATURE- Added: release/trafficserver/trafficserver-8.1.9.tar.bz2.sha512 == --- release/trafficserver/trafficserver-8.1.9.tar.bz2.sha512 (added) +++ release/trafficserver/trafficserver-8.1.9.tar.bz2.sha512 Mon Oct 9 23:57:20 2023 @@ -0,0 +1 @@ +377542915f8e7bea7fc6c2b9201f714512c7204f51d4882d88648c5cb6ff3db8bdbdd7c81a26ac617bfebcb2c9cf2a47957a48871552962565b12257ffcf62f3 trafficserver-8.1.9.tar.bz2
[trafficserver-site] branch asf-site updated: update header on downloads
This is an automated email from the ASF dual-hosted git repository. eze pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/trafficserver-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 40e7af7 update header on downloads new 81aae3e Merge branch 'asf-site' of github.com:apache/trafficserver-site into asf-site 40e7af7 is described below commit 40e7af7e77711af4d9fed6a455c202d1e30a0654 Author: Evan Zelkowitz AuthorDate: Mon Oct 9 18:05:40 2023 -0600 update header on downloads --- source/markdown/downloads.mdtext | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/markdown/downloads.mdtext b/source/markdown/downloads.mdtext index e76a224..49c6510 100644 --- a/source/markdown/downloads.mdtext +++ b/source/markdown/downloads.mdtext @@ -20,8 +20,8 @@ RSS: /rss/releases.rss The latest stable release of Apache Traffic Server is v9.2.3, released on 2023-10-9. -In addition, we continue to support the v8.1.x LTS release train, currently v8.1.8, -which was released on 2023-08-03. We follow the [Semantic Versioning](http://semver.org) +In addition, we continue to support the v8.1.x LTS release train, currently v8.1.9, +which was released on 2023-10-09. We follow the [Semantic Versioning](http://semver.org) scheme. The goal is to release patch releases frequently, and minor releases as needed. Within the major versions, all such patch and minor releases are all compatible.
[trafficserver-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/trafficserver-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 25e7e97 Automatic Site Publish by Buildbot 25e7e97 is described below commit 25e7e9783419d27fe57297bc407963cd6653d41b Author: buildbot AuthorDate: Tue Oct 10 00:06:21 2023 + Automatic Site Publish by Buildbot --- content/downloads.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/downloads.html b/content/downloads.html index 21d9775..2c78d2e 100644 --- a/content/downloads.html +++ b/content/downloads.html @@ -62,8 +62,8 @@ The latest stable release of Apache Traffic Server is v9.2.3, released on 2023-10-9. -In addition, we continue to support the v8.1.x LTS release train, currently v8.1.8, -which was released on 2023-08-03. We follow the http://semver.org;>Semantic Versioning +In addition, we continue to support the v8.1.x LTS release train, currently v8.1.9, +which was released on 2023-10-09. We follow the http://semver.org;>Semantic Versioning scheme. The goal is to release patch releases frequently, and minor releases as needed. Within the major versions, all such patch and minor releases are all compatible. When downloading from a mirror, please be sure to https://www.apache.org/info/verification.html;>verify the hash and OpenPGP
[trafficserver-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/trafficserver-site.git The following commit(s) were added to refs/heads/asf-site by this push: new fb352e8 Automatic Site Publish by Buildbot fb352e8 is described below commit fb352e8bb7663ddc6c88223e40239afb9fcd74bd Author: buildbot AuthorDate: Tue Oct 10 00:04:48 2023 + Automatic Site Publish by Buildbot --- content/downloads.html | 20 ++-- content/index.html | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/content/downloads.html b/content/downloads.html index 0a7a77d..21d9775 100644 --- a/content/downloads.html +++ b/content/downloads.html @@ -73,7 +73,7 @@ will be needed. You can also https://archive.apache.org/dist/trafficserver/;>browse through all releases and hash signatures. Current v9.x Release -- 9.2.3 -Apache Traffic Server v9.2.3 was released on August 3rd, 2023. +Apache Traffic Server v9.2.3 was released on October 9th, 2023. [https://www.apache.org/dist/trafficserver/trafficserver-9.2.3.tar.bz2.asc;>PGP] [https://www.apache.org/dist/trafficserver/trafficserver-9.2.3.tar.bz2.sha512;>SHA512] https://www.apache.org/dyn/closer.cgi/trafficserver/trafficserver-9.2.3.tar.bz2; @@ -85,15 +85,15 @@ and the the related https://github.com/apache/trafficserver/pulls?q=is: https://docs.trafficserver.apache.org/en/9.2.x/release-notes/whats-new.en.html;>9.2.x News (there's a new section specific to v9.2.x). There are also details about https://docs.trafficserver.apache.org/en/9.2.x/release-notes/upgrading.en.html;>upgrading to 9.x. -Current v8.x Release -- 8.1.8 -Apache Traffic Server v8.1.8 was released on August 3rd, 2023. - [https://www.apache.org/dist/trafficserver/trafficserver-8.1.8.tar.bz2.asc;>PGP] - [https://www.apache.org/dist/trafficserver/trafficserver-8.1.8.tar.bz2.sha512;>SHA512] -https://www.apache.org/dyn/closer.cgi/trafficserver/trafficserver-8.1.8.tar.bz2; - class="download_ts">Traffic Server 8.1.8 -v8.1.6 is our latest stable release for the 8.x release. Additional details for this release are in the -https://raw.githubusercontent.com/apache/trafficserver/8.1.x/CHANGELOG-8.1.8;>CHANGELOG -and the the related https://github.com/apache/trafficserver/pulls?q=is:closed+is:pr+milestone:8.1.8;>Github Issues and PRs. +Current v8.x Release -- 8.1.9 +Apache Traffic Server v8.1.9 was released on October 9th, 2023. + [https://www.apache.org/dist/trafficserver/trafficserver-8.1.9.tar.bz2.asc;>PGP] + [https://www.apache.org/dist/trafficserver/trafficserver-8.1.9.tar.bz2.sha512;>SHA512] +https://www.apache.org/dyn/closer.cgi/trafficserver/trafficserver-8.1.9.tar.bz2; + class="download_ts">Traffic Server 8.1.9 +v8.1.9 is our latest stable release for the 8.x release. Additional details for this release are in the +https://raw.githubusercontent.com/apache/trafficserver/8.1.x/CHANGELOG-8.1.9;>CHANGELOG +and the the related https://github.com/apache/trafficserver/pulls?q=is:closed+is:pr+milestone:8.1.9;>Github Issues and PRs. Archived Releases https://archive.apache.org/dist/trafficserver/;>Apache Traffic Server Archive diff --git a/content/index.html b/content/index.html index 9b37eb2..b455afe 100644 --- a/content/index.html +++ b/content/index.html @@ -287,7 +287,7 @@ - October 9, 2023:We are releasing v9.2.3. We recommend everyone to upgrade to one of these versions of ATS. + October 9, 2023:We are releasing both v9.2.3 and v8.1.9. We recommend everyone to upgrade to one of these versions of ATS. August 3, 2023: We are releasing both v9.2.2 and v8.1.8 which include security fixes. We recommend everyone to upgrade to one of these versions of ATS. June 12, 2023: We are releasing both v9.2.1 and v8.1.7 which include security fixes. We recommend everyone to upgrade to one of these versions of ATS. January 23, 2023:The first version of the stable v9.2.x ATS branch is now available for download. This version, \
[trafficserver-site] branch asf-site updated: Add 9.2.3 and 8.1.9 releases
This is an automated email from the ASF dual-hosted git repository. eze pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/trafficserver-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 3036b8a Add 9.2.3 and 8.1.9 releases 3036b8a is described below commit 3036b8a9f1e6e68c76fef6f5b2a415ce8145ffa6 Author: Evan Zelkowitz AuthorDate: Mon Oct 9 18:04:26 2023 -0600 Add 9.2.3 and 8.1.9 releases --- source/markdown/downloads.mdtext | 20 ++-- source/markdown/index.html | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/source/markdown/downloads.mdtext b/source/markdown/downloads.mdtext index 8d1bda8..e76a224 100644 --- a/source/markdown/downloads.mdtext +++ b/source/markdown/downloads.mdtext @@ -34,7 +34,7 @@ and hash signatures. # Current v9.x Release -- 9.2.3 # {#9.2.3} - Apache Traffic Server v9.2.3 was released on August 3rd, 2023. + Apache Traffic Server v9.2.3 was released on October 9th, 2023. [[`PGP`](https://www.apache.org/dist/trafficserver/trafficserver-9.2.3.tar.bz2.asc)] [[`SHA512`](https://www.apache.org/dist/trafficserver/trafficserver-9.2.3.tar.bz2.sha512)] @@ -50,18 +50,18 @@ For details on the v9.x release, please see (there's a new section specific to v9.2.x). There are also details about [upgrading to 9.x](https://docs.trafficserver.apache.org/en/9.2.x/release-notes/upgrading.en.html). -# Current v8.x Release -- 8.1.8 # {#8.1.8} +# Current v8.x Release -- 8.1.9 # {#8.1.9} - Apache Traffic Server v8.1.8 was released on August 3rd, 2023. - [[`PGP`](https://www.apache.org/dist/trafficserver/trafficserver-8.1.8.tar.bz2.asc)] - [[`SHA512`](https://www.apache.org/dist/trafficserver/trafficserver-8.1.8.tar.bz2.sha512)] + Apache Traffic Server v8.1.9 was released on October 9th, 2023. + [[`PGP`](https://www.apache.org/dist/trafficserver/trafficserver-8.1.9.tar.bz2.asc)] + [[`SHA512`](https://www.apache.org/dist/trafficserver/trafficserver-8.1.9.tar.bz2.sha512)] - https://www.apache.org/dyn/closer.cgi/trafficserver/trafficserver-8.1.8.tar.bz2; - class="download_ts">Traffic Server 8.1.8 + https://www.apache.org/dyn/closer.cgi/trafficserver/trafficserver-8.1.9.tar.bz2; + class="download_ts">Traffic Server 8.1.9 -v8.1.6 is our latest stable release for the 8.x release. Additional details for this release are in the -[CHANGELOG](https://raw.githubusercontent.com/apache/trafficserver/8.1.x/CHANGELOG-8.1.8) -and the the related [Github Issues and PRs](https://github.com/apache/trafficserver/pulls?q=is:closed+is:pr+milestone:8.1.8). +v8.1.9 is our latest stable release for the 8.x release. Additional details for this release are in the +[CHANGELOG](https://raw.githubusercontent.com/apache/trafficserver/8.1.x/CHANGELOG-8.1.9) +and the the related [Github Issues and PRs](https://github.com/apache/trafficserver/pulls?q=is:closed+is:pr+milestone:8.1.9). # Archived Releases diff --git a/source/markdown/index.html b/source/markdown/index.html index 9b37eb2..b455afe 100644 --- a/source/markdown/index.html +++ b/source/markdown/index.html @@ -287,7 +287,7 @@ - October 9, 2023:We are releasing v9.2.3. We recommend everyone to upgrade to one of these versions of ATS. + October 9, 2023:We are releasing both v9.2.3 and v8.1.9. We recommend everyone to upgrade to one of these versions of ATS. August 3, 2023: We are releasing both v9.2.2 and v8.1.8 which include security fixes. We recommend everyone to upgrade to one of these versions of ATS. June 12, 2023: We are releasing both v9.2.1 and v8.1.7 which include security fixes. We recommend everyone to upgrade to one of these versions of ATS. January 23, 2023:The first version of the stable v9.2.x ATS branch is now available for download. This version, \