(trafficserver) branch master updated (14d5b2ce40 -> ed29bf7bed)
This is an automated email from the ASF dual-hosted git repository. bneradt pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git from 14d5b2ce40 Terminate H2 connection by COMPRESSION_ERROR (#11222) add ed29bf7bed HttpSM::tunnel_handler: Handle WRITE events (#11242) No new revisions were added by this update. Summary of changes: src/proxy/http/HttpSM.cc | 6 ++ 1 file changed, 6 insertions(+)
(trafficserver) branch master updated: Terminate H2 connection by COMPRESSION_ERROR (#11222)
This is an automated email from the ASF dual-hosted git repository.
masaori pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 14d5b2ce40 Terminate H2 connection by COMPRESSION_ERROR (#11222)
14d5b2ce40 is described below
commit 14d5b2ce401446a13b2fef4ab8dbc7cf890acf25
Author: Masaori Koshiba
AuthorDate: Fri Apr 12 08:16:09 2024 +0900
Terminate H2 connection by COMPRESSION_ERROR (#11222)
---
src/proxy/http2/Http2ConnectionState.cc | 9 -
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/proxy/http2/Http2ConnectionState.cc
b/src/proxy/http2/Http2ConnectionState.cc
index 9bb38b097a..c15102e3c5 100644
--- a/src/proxy/http2/Http2ConnectionState.cc
+++ b/src/proxy/http2/Http2ConnectionState.cc
@@ -320,6 +320,13 @@ Http2ConnectionState::rcv_headers_frame(const Http2Frame
)
stream = this->create_stream(stream_id, error);
new_stream = true;
if (!stream) {
+// Terminate the connection with COMPRESSION_ERROR because we don't
decompress the field block in this HEADERS frame.
+// TODO: try to decompress to keep HPACK Dynamic Table in sync.
+if (error.cls == Http2ErrorClass::HTTP2_ERROR_CLASS_STREAM) {
+ return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_CONNECTION,
Http2ErrorCode::HTTP2_ERROR_COMPRESSION_ERROR,
+error.msg);
+}
+
return error;
}
}
@@ -377,7 +384,7 @@ Http2ConnectionState::rcv_headers_frame(const Http2Frame
)
}
// Protocol error if the stream depends on itself
if (stream_id == params.priority.stream_dependency) {
- return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_STREAM,
Http2ErrorCode::HTTP2_ERROR_PROTOCOL_ERROR,
+ return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_CONNECTION,
Http2ErrorCode::HTTP2_ERROR_COMPRESSION_ERROR,
"recv headers self dependency");
}
(trafficserver) branch master updated: AuTest: Make ja3_fingerprint test stable (#11230)
This is an automated email from the ASF dual-hosted git repository. masaori pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new b4c6b8bafa AuTest: Make ja3_fingerprint test stable (#11230) b4c6b8bafa is described below commit b4c6b8bafa272b727098cfc091070b9180ad7d51 Author: Masaori Koshiba AuthorDate: Fri Apr 12 08:12:40 2024 +0900 AuTest: Make ja3_fingerprint test stable (#11230) --- tests/gold_tests/pluginTest/ja3_fingerprint/modify-sent-client.gold | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/gold_tests/pluginTest/ja3_fingerprint/modify-sent-client.gold b/tests/gold_tests/pluginTest/ja3_fingerprint/modify-sent-client.gold index f50c2dea7c..4fe02c02a7 100644 --- a/tests/gold_tests/pluginTest/ja3_fingerprint/modify-sent-client.gold +++ b/tests/gold_tests/pluginTest/ja3_fingerprint/modify-sent-client.gold @@ -1,6 +1,4 @@ + Incoming Request + -`` -+ Incoming Request + -- State Machine Id`` POST `` Host: ``
(trafficserver) branch master updated: Fixed asan leak issues with RegexContext (#11184)
This is an automated email from the ASF dual-hosted git repository.
bcall pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new a39b8f112d Fixed asan leak issues with RegexContext (#11184)
a39b8f112d is described below
commit a39b8f112dc977e0f2d41daa3dc42d2fe5b7cd05
Author: Bryan Call
AuthorDate: Thu Apr 11 15:29:56 2024 -0700
Fixed asan leak issues with RegexContext (#11184)
---
src/tsutil/DbgCtl.cc | 16 -
src/tsutil/Regex.cc | 66 +---
2 files changed, 72 insertions(+), 10 deletions(-)
diff --git a/src/tsutil/DbgCtl.cc b/src/tsutil/DbgCtl.cc
index da17985893..18112318f2 100644
--- a/src/tsutil/DbgCtl.cc
+++ b/src/tsutil/DbgCtl.cc
@@ -150,7 +150,7 @@ DbgCtl::_new_reference(char const *tag)
DebugInterface *p = DebugInterface::get_instance();
debug_assert(tag != nullptr);
- // DbgCtl instances may be declared as static objects in the destructors of
objects not destoyed till program exit.
+ // DbgCtl instances may be declared as static objects in the destructors of
objects not destroyed till program exit.
// So, we must handle the case where the construction of such instances of
DbgCtl overlaps with the destruction of
// other instances of DbgCtl. That is why it is important to make sure the
reference count is non-zero before
// constructing _RegistryAccessor. The _RegistryAccessor constructor is
thereby able to assume that, if it creates
@@ -158,6 +158,20 @@ DbgCtl::_new_reference(char const *tag)
++_RegistryAccessor::registry_reference_count;
+ // There is a mutex in the C/C++ runtime that both dlopen() and
_cxa_thread_atexit() lock while running.
+ // Creating a _RegistryAccessor instance locks the registry mutex. If the
subsequent code in this function triggers
+ // the construction of a thread_local variable (with a non-trivial
destructor), the following deadlock scenario is
+ // possible:
+ // 1. Thread 1 calls a DbgCtl constructor, which locks the registry mutex,
but then is suspended.
+ // 2. Thread 2 calls dlopen() for a plugin, locking the runtime mutex. It
then executes the constructor for a
+ // statically allocated DbgCtl object, which blocks on locking the
registry mutex.
+ // 3. Thread 1 resumes, and calls member functions of the derived class of
DebugInterface. If this causes the
+ // the construction of a thread_local variable with a non-trivial
destructor, _cxa_thread_atexit() will be called
+ // to set up a call of the variable's destructor at thread exit. The
call to _cxa_thread_atexit() will block on
+ // the runtime mutex (held by Thread 2). So Thread 1 holds the registry
mutex and is blocked waiting for the
+ // runtime mutex. And Thread 2 holds the runtime mutex and is blocked
waiting for the registry mutex. Deadlock.
+ //
+ // This deadlock is avoided by having the thread_local variable register its
destruction in a non-thread_local class.
_RegistryAccessor ra;
auto {ra.data()};
diff --git a/src/tsutil/Regex.cc b/src/tsutil/Regex.cc
index faea3b8546..37e4b4337b 100644
--- a/src/tsutil/Regex.cc
+++ b/src/tsutil/Regex.cc
@@ -25,6 +25,8 @@
#include
#include
+#include
+#include
//
namespace
@@ -41,7 +43,19 @@ my_free(void *ptr, void * /*caller*/)
{
free(ptr);
}
-} // namespace
+
+class RegexContext; // defined below
+class RegexContextCleanup
+{
+public:
+ void push_back(RegexContext *ctx);
+ ~RegexContextCleanup();
+
+private:
+ std::vector _contexts;
+ std::mutex _mutex;
+};
+RegexContextCleanup regex_context_cleanup;
//
class RegexContext
@@ -50,13 +64,20 @@ public:
static RegexContext *
get_instance()
{
-if (!_regex_context) {
+if (_shutdown == true) {
+ return nullptr;
+}
+
+if (_regex_context == nullptr) {
_regex_context = new RegexContext();
+ regex_context_cleanup.push_back(_regex_context);
}
return _regex_context;
}
~RegexContext()
{
+_shutdown = true;
+
if (_general_context != nullptr) {
pcre2_general_context_free(_general_context);
}
@@ -100,17 +121,28 @@ private:
pcre2_match_context *_match_context = nullptr;
pcre2_jit_stack *_jit_stack = nullptr;
thread_local static RegexContext *_regex_context;
+ static bool _shutdown; // flag to indicate destructor was called, so no new
instances can be created
};
thread_local RegexContext *RegexContext::_regex_context = nullptr;
+bool RegexContext::_shutdown= false;
//
-namespace
+
+RegexContextCleanup::~RegexContextCleanup()
{
-struct RegexContextCleanup
(trafficserver) branch master updated: header_rewrite: add debug to accompany parse_line errors (#11238)
This is an automated email from the ASF dual-hosted git repository.
bnolsen pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 1feaba1235 header_rewrite: add debug to accompany parse_line errors
(#11238)
1feaba1235 is described below
commit 1feaba123536c14a462a507d12fbd95f3a26f8e4
Author: Brian Olsen
AuthorDate: Thu Apr 11 16:03:35 2024 -0600
header_rewrite: add debug to accompany parse_line errors (#11238)
---
plugins/header_rewrite/header_rewrite.cc | 7 ++-
plugins/header_rewrite/value.cc | 1 +
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/plugins/header_rewrite/header_rewrite.cc
b/plugins/header_rewrite/header_rewrite.cc
index b6999b3b68..60a1f72f29 100644
--- a/plugins/header_rewrite/header_rewrite.cc
+++ b/plugins/header_rewrite/header_rewrite.cc
@@ -180,7 +180,12 @@ RulesConfig::parse_config(const std::string ,
TSHttpHookID default_hook)
Parser p;
// Tokenize and parse this line
-if (!p.parse_line(line) || p.empty()) {
+if (!p.parse_line(line)) {
+ Dbg(dbg_ctl, "Error parsing line '%s'", line.c_str());
+ continue;
+}
+
+if (p.empty()) {
continue;
}
diff --git a/plugins/header_rewrite/value.cc b/plugins/header_rewrite/value.cc
index 9256565a9d..d5d8f5727a 100644
--- a/plugins/header_rewrite/value.cc
+++ b/plugins/header_rewrite/value.cc
@@ -60,6 +60,7 @@ Value::set_value(const std::string )
tcond_val->initialize(parser);
} else {
// TODO: should we produce error here?
+Dbg(dbg_ctl, "Error parsing value '%s'", _value.c_str());
}
}
} else {
(trafficserver) branch master updated: Allow Cripts to be used directly as @plugin (#11192)
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new defd0f2f5b Allow Cripts to be used directly as @plugin (#11192) defd0f2f5b is described below commit defd0f2f5b8efcf366a4651f30a4ba9d266b1b99 Author: Leif Hedstrom AuthorDate: Thu Apr 11 10:07:13 2024 -0600 Allow Cripts to be used directly as @plugin (#11192) * Allow for traffic_server to compile Cripts directly This relies on an external script / application to do the actual work. If not configured, no new behavior is introduced. * Fixes from review --- doc/admin-guide/files/records.yaml.en.rst | 14 + include/proxy/http/remap/PluginDso.h | 2 +- include/proxy/http/remap/PluginFactory.h | 2 + include/proxy/http/remap/RemapPluginInfo.h | 2 +- src/proxy/http/remap/PluginDso.cc | 24 ++-- src/proxy/http/remap/PluginFactory.cc | 24 +++- src/proxy/http/remap/RemapPluginInfo.cc| 4 +- src/proxy/http/remap/UrlRewrite.cc | 19 ++ src/records/RecordsConfig.cc | 2 + src/traffic_server/traffic_server.cc | 2 +- tools/cripts/compiler.sh | 97 ++ 11 files changed, 182 insertions(+), 10 deletions(-) diff --git a/doc/admin-guide/files/records.yaml.en.rst b/doc/admin-guide/files/records.yaml.en.rst index a1fdc5b7ae..ba94d190b7 100644 --- a/doc/admin-guide/files/records.yaml.en.rst +++ b/doc/admin-guide/files/records.yaml.en.rst @@ -4901,6 +4901,20 @@ Plug-in Configuration Enables (``1``) or disables (``0``) the dynamic reload feature for remap plugins (`remap.config`). Global plugins (`plugin.config`) do not have dynamic reload feature yet. +.. ts:cv:: CONFIG proxy.config.plugin.compiler_path STRING "" + + Specifies an optional compiler tool path for compiling plugins. This tool should + be an executable, which takes two arguments: + + === == + Arg Description + === == + 1 This is the path to the source file, which should be compiled + 2 This is the path to the DSO file, which will be created and loaded + === == + + The script should exit with a status code of ``0`` if the compilation was successful. + .. ts:cv:: CONFIG proxy.config.plugin.vc.default_buffer_index INT 8 :reloadable: :overridable: diff --git a/include/proxy/http/remap/PluginDso.h b/include/proxy/http/remap/PluginDso.h index e93954f615..5a5dc11b6f 100644 --- a/include/proxy/http/remap/PluginDso.h +++ b/include/proxy/http/remap/PluginDso.h @@ -67,7 +67,7 @@ public: virtual ~PluginDso(); /* DSO Load, unload, get symbols from DSO */ - virtual bool load(std::string ); + virtual bool load(std::string , const fs::path ); virtual bool unload(std::string ); bool isLoaded(); bool getSymbol(const char *symbol, void *, std::string ) const; diff --git a/include/proxy/http/remap/PluginFactory.h b/include/proxy/http/remap/PluginFactory.h index 5a63a13f41..1ebcadd81e 100644 --- a/include/proxy/http/remap/PluginFactory.h +++ b/include/proxy/http/remap/PluginFactory.h @@ -95,6 +95,7 @@ public: virtual ~PluginFactory(); PluginFactory (const fs::path ); + PluginFactory (const fs::path ); PluginFactory (const fs::path ); RemapPluginInst *getRemapPlugin(const fs::path , int argc, char **argv, std::string , bool dynamicReloadEnabled); @@ -112,6 +113,7 @@ protected: std::vector _searchDirs; /** @brief ordered list of search paths where we look for plugins */ fs::path _runtimeDir; /** @brief the path where we would create a temporary copies of the plugins to load */ + fs::path _compilerPath;/** @brief the compilation script to use for cripts and other non-DSO plugins */ PluginInstList _instList; diff --git a/include/proxy/http/remap/RemapPluginInfo.h b/include/proxy/http/remap/RemapPluginInfo.h index dda7695ce6..73a91643f0 100644 --- a/include/proxy/http/remap/RemapPluginInfo.h +++ b/include/proxy/http/remap/RemapPluginInfo.h @@ -83,7 +83,7 @@ public: ~RemapPluginInfo(); /* Overload to add / execute remap plugin specific tasks during the plugin loading */ - bool load(std::string ) override; + bool load(std::string , const fs::path ) override; /* Used by the factory to invoke callbacks during plugin load, init and unload */ bool init(std::string ) override; diff --git a/src/proxy/http/remap/PluginDso.cc b/src/proxy/http/remap/PluginDso.cc index 1fbc235998..c1095cd9f6 100644 --- a/src/proxy/http/remap/PluginDso.cc +++ b/src/proxy/http/remap/PluginDso.cc @@ -38,6 +38,8 @@ #define PluginError Error #endif +#include
(trafficserver) 04/09: Update curl library references to CURL (#11232)
This is an automated email from the ASF dual-hosted git repository.
cmcfarlen pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 20c27101d2efaaf889a6152ed3984311fe2f5056
Author: Brian Neradt
AuthorDate: Tue Apr 9 13:19:43 2024 -0500
Update curl library references to CURL (#11232)
The cmake builtin FindCURL module looks for CURL and CURL::libcurl.
This updates our references to curl, via our Open Telemetry plugin, to
reference CURL the way FindCURL expects. I verified I can reference our
CI's version of curl in /opt via -DCURL_ROOT=/opt with these updates.
(cherry picked from commit 4e9c8314cabebf3e6f7289415b284c8569e9fc4e)
---
cmake/ExperimentalPlugins.cmake | 2 +-
plugins/experimental/otel_tracer/CMakeLists.txt | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/cmake/ExperimentalPlugins.cmake b/cmake/ExperimentalPlugins.cmake
index 637635d400..673c1f5835 100644
--- a/cmake/ExperimentalPlugins.cmake
+++ b/cmake/ExperimentalPlugins.cmake
@@ -70,7 +70,7 @@ auto_option(
PACKAGE_DEPENDS
opentelemetry
Protobuf
- curl
+ CURL
DEFAULT
${_DEFAULT}
)
diff --git a/plugins/experimental/otel_tracer/CMakeLists.txt
b/plugins/experimental/otel_tracer/CMakeLists.txt
index 79bf187be4..8b9ab00579 100644
--- a/plugins/experimental/otel_tracer/CMakeLists.txt
+++ b/plugins/experimental/otel_tracer/CMakeLists.txt
@@ -16,5 +16,5 @@
###
add_atsplugin(otel_tracer otel_tracer.cc)
-target_link_libraries(otel_tracer PRIVATE opentelemetry::opentelemetry
protobuf::libprotobuf curl::curl)
+target_link_libraries(otel_tracer PRIVATE opentelemetry::opentelemetry
protobuf::libprotobuf CURL::libcurl)
verify_global_plugin(otel_tracer)
(trafficserver) 07/09: jsonrpc: small cleanup. (#11236)
This is an automated email from the ASF dual-hosted git repository.
cmcfarlen pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 163717755de9cd99446c49edc55b4892f28cddc3
Author: Damian Meden
AuthorDate: Thu Apr 11 09:43:09 2024 +0200
jsonrpc: small cleanup. (#11236)
Remove come commented out code and fix some comments.
(cherry picked from commit fdbda82e85d9f8177f0add02f4c14485c6ebf4bf)
---
src/mgmt/rpc/jsonrpc/JsonRPCManager.cc | 5 +
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/src/mgmt/rpc/jsonrpc/JsonRPCManager.cc
b/src/mgmt/rpc/jsonrpc/JsonRPCManager.cc
index dbe695934b..3747b843c1 100644
--- a/src/mgmt/rpc/jsonrpc/JsonRPCManager.cc
+++ b/src/mgmt/rpc/jsonrpc/JsonRPCManager.cc
@@ -291,11 +291,8 @@
JsonRPCManager::Dispatcher::InternalHandler::invoke(specs::RPCRequestInfo const
std::unique_lock
lock(g_rpcHandlingMutex);
g_rpcHandlingCompletion.wait(lock, []() {
return g_rpcHandlerProcessingCompleted; });
g_rpcHandlerProcessingCompleted = false;
-// seems to be done, set the response. As the
response data is a swoc::Rv this will handle both,
-// error and non error cases.
+// swoc::Rv this will handle both, error and
success cases.
ret = std::move(g_rpcHandlerResponseData);
-// clean up the shared data.
-//
g_rpcHandlerResponseData.clear(); // moved so no cleanup?
lock.unlock();
}},
this->_func);
(trafficserver) 02/09: Manage storage for ssl hooks (#11224)
This is an automated email from the ASF dual-hosted git repository.
cmcfarlen pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 8d0a94534390bd30b22f314488c7407ce3253fdb
Author: Chris McFarlen
AuthorDate: Wed Apr 10 10:52:24 2024 -0500
Manage storage for ssl hooks (#11224)
* Manage storage for ssl hooks
* safer THREAD_ALLOC and THREAD_FREE
(cherry picked from commit 6d4f2b117fc21e18f6d3884ce92f06a2e883c555)
---
include/iocore/eventsystem/ProxyAllocator.h | 5 +++--
include/iocore/eventsystem/Thread.h | 2 +-
include/iocore/net/SSLAPIHooks.h | 7 ++-
src/api/APIHooks.cc | 4 +++-
src/api/InkAPI.cc | 2 +-
src/api/InkAPIInternal.cc | 1 -
src/iocore/cache/unit_tests/main.cc | 1 -
src/iocore/eventsystem/Thread.cc | 7 +++
src/iocore/net/Net.cc | 1 -
src/iocore/net/SSLAPIHooks.cc | 10 +-
src/iocore/net/SSLNetVConnection.cc | 18 +-
src/iocore/net/SSLUtils.cc| 4 ++--
src/iocore/net/TLSSessionResumptionSupport.cc | 2 +-
src/iocore/net/unit_tests/unit_test_main.cc | 1 -
14 files changed, 34 insertions(+), 31 deletions(-)
diff --git a/include/iocore/eventsystem/ProxyAllocator.h
b/include/iocore/eventsystem/ProxyAllocator.h
index 851de14624..31043b4f96 100644
--- a/include/iocore/eventsystem/ProxyAllocator.h
+++ b/include/iocore/eventsystem/ProxyAllocator.h
@@ -73,6 +73,7 @@ void thread_freeup(Allocator , ProxyAllocator );
//
#define THREAD_ALLOC(_a, _t, ...) thread_alloc(::_a, _t->_a,
##__VA_ARGS__)
#define THREAD_ALLOC_INIT(_a, _t, ...) thread_alloc(::_a, _t->_a,
##__VA_ARGS__)
+#define SAFE_THREAD_ALLOC(_a, _t, ...) (_t ? thread_alloc(::_a, _t->_a,
##__VA_ARGS__) : ::_a.alloc(##__VA_ARGS__))
#else
@@ -86,8 +87,8 @@ void thread_freeup(Allocator , ProxyAllocator );
#define THREAD_FREE(_p, _a, _tin)
\
do {
\
::_a.destroy_if_enabled(_p);
\
-if (!cmd_disable_pfreelist) {
\
- Thread *_t = (_tin);
\
+Thread *_t = (_tin);
\
+if (_t && !cmd_disable_pfreelist) {
\
*(char **)_p= (char *)_t->_a.freelist;
\
_t->_a.freelist = _p;
\
_t->_a.allocated++;
\
diff --git a/include/iocore/eventsystem/Thread.h
b/include/iocore/eventsystem/Thread.h
index 372f6d6cb0..31a446186b 100644
--- a/include/iocore/eventsystem/Thread.h
+++ b/include/iocore/eventsystem/Thread.h
@@ -161,7 +161,7 @@ public:
Thread(const Thread &)= delete;
Thread =(const Thread &) = delete;
- virtual ~Thread() {}
+ virtual ~Thread();
protected:
Thread();
diff --git a/include/iocore/net/SSLAPIHooks.h b/include/iocore/net/SSLAPIHooks.h
index 4c4bbe76f1..120dcdb411 100644
--- a/include/iocore/net/SSLAPIHooks.h
+++ b/include/iocore/net/SSLAPIHooks.h
@@ -52,9 +52,6 @@ private:
class SSLAPIHooks : public FeatureAPIHooks
{
+public:
+ static SSLAPIHooks *instance();
};
-
-// there is no corresponding deinit; we leak the resource on shutdown
-void init_global_ssl_hooks();
-
-extern SSLAPIHooks *g_ssl_hooks;
diff --git a/src/api/APIHooks.cc b/src/api/APIHooks.cc
index 9d08a6932d..49eb99c9ae 100644
--- a/src/api/APIHooks.cc
+++ b/src/api/APIHooks.cc
@@ -23,6 +23,7 @@
#include "api/APIHooks.h"
+#include "api/APIHook.h"
#include "tscore/Allocator.h"
// inkevent
@@ -42,7 +43,8 @@ APIHooks::append(INKContInternal *cont)
{
APIHook *api_hook;
- api_hook = THREAD_ALLOC(apiHookAllocator, this_thread());
+ Thread *t= this_thread();
+ api_hook = SAFE_THREAD_ALLOC(apiHookAllocator, t);
api_hook->m_cont = cont;
m_hooks.enqueue(api_hook);
diff --git a/src/api/InkAPI.cc b/src/api/InkAPI.cc
index 17c10b3bba..9ef9510302 100644
--- a/src/api/InkAPI.cc
+++ b/src/api/InkAPI.cc
@@ -3613,7 +3613,7 @@ TSHttpHookAdd(TSHttpHookID id, TSCont contp)
TSSslHookInternalID internalId{id};
if (internalId.is_in_bounds()) {
-g_ssl_hooks->append(internalId, icontp);
+SSLAPIHooks::instance()->append(internalId, icontp);
} else { // Follow through the regular HTTP hook framework
http_global_hooks->append(id, icontp);
}
(trafficserver) 01/09: Refactor Metrics storage to preserve lifetime (#11214)
This is an automated email from the ASF dual-hosted git repository.
cmcfarlen pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 3c4ab456a346f6a00721f334cf9ceb5163e4f6d7
Author: Chris McFarlen
AuthorDate: Wed Apr 10 12:05:49 2024 -0500
Refactor Metrics storage to preserve lifetime (#11214)
* Refactor Metrics storage to preserve lifetime
* cleanup, make storage class
* PR address
-
Co-authored-by: Chris McFarlen
(cherry picked from commit 402c393beacb4b57ffb63f430f1176eb9b3a93e8)
---
include/tsutil/Metrics.h | 126 ++-
src/tsutil/Metrics.cc| 34 +++--
2 files changed, 110 insertions(+), 50 deletions(-)
diff --git a/include/tsutil/Metrics.h b/include/tsutil/Metrics.h
index 77b18fd39c..a143cf041f 100644
--- a/include/tsutil/Metrics.h
+++ b/include/tsutil/Metrics.h
@@ -27,7 +27,6 @@
#include
#include
#include
-#include
#include
#include
#include
@@ -103,29 +102,33 @@ public:
Metrics =(Metrics &&) = delete;
Metrics(Metrics &&) = delete;
- virtual ~Metrics()
- {
-for (size_t i = 0; i <= _cur_blob; ++i) {
- delete _blobs[i];
-}
- }
-
- Metrics()
- {
-_blobs[0] = new NamesAndAtomics();
-release_assert(_blobs[0]);
-release_assert(0 == _create("proxy.process.api.metrics.bad_id")); //
Reserve slot 0 for errors, this should always be 0
- }
+ virtual ~Metrics() {}
// The singleton instance, owned by the Metrics class
static Metrics ();
// Yes, we don't return objects here, but rather ID's and atomic's directly.
Treat
// the std::atomic as the underlying class for a single metric, and
be happy.
- IdType lookup(const std::string_view name) const;
- AtomicType *lookup(const std::string_view name, IdType *out_id) const;
- AtomicType *lookup(IdType id, std::string_view *out_name = nullptr) const;
- bool rename(IdType id, const std::string_view name);
+ IdType
+ lookup(const std::string_view name) const
+ {
+return _storage->lookup(name);
+ }
+ AtomicType *
+ lookup(const std::string_view name, IdType *out_id) const
+ {
+return _storage->lookup(name, out_id);
+ }
+ AtomicType *
+ lookup(IdType id, std::string_view *out_name = nullptr) const
+ {
+return _storage->lookup(id, out_name);
+ }
+ bool
+ rename(IdType id, const std::string_view name)
+ {
+return _storage->rename(id, name);
+ }
AtomicType &
operator[](IdType id)
@@ -155,14 +158,16 @@ public:
return (metric ? metric->_value.fetch_sub(val, MEMORY_ORDER) : NOT_FOUND);
}
- std::string_view name(IdType id) const;
+ std::string_view
+ name(IdType id) const
+ {
+return _storage->name(id);
+ }
bool
valid(IdType id) const
{
-auto [blob, entry] = _splitID(id);
-
-return (id >= 0 && ((blob < _cur_blob && entry < MAX_SIZE) || (blob ==
_cur_blob && entry <= _cur_off)));
+return _storage->valid(id);
}
// Static methods to encapsulate access to the atomic's
@@ -232,10 +237,7 @@ public:
iterator
end() const
{
-_mutex.lock();
-int16_t blob = _cur_blob;
-int16_t offset = _cur_off;
-_mutex.unlock();
+auto [blob, offset] = _storage->current();
return iterator(*this, _makeId(blob, offset));
}
@@ -254,8 +256,17 @@ public:
private:
// These are private, to assure that we don't use them by accident creating
naked metrics
- IdType _create(const std::string_view name);
- SpanType _createSpan(size_t size, IdType *id = nullptr);
+ IdType
+ _create(const std::string_view name)
+ {
+return _storage->create(name);
+ }
+
+ SpanType
+ _createSpan(size_t size, IdType *id = nullptr)
+ {
+return _storage->createSpan(size, id);
+ }
// These are little helpers around managing the ID's
static constexpr std::tuple
@@ -276,13 +287,60 @@ private:
return _makeId(std::get<0>(id), std::get<1>(id));
}
- void _addBlob();
+ class Storage
+ {
+BlobStorage _blobs;
+uint16_t _cur_blob = 0;
+uint16_t _cur_off = 0;
+LookupTable _lookups;
+mutable std::mutex _mutex;
+
+ public:
+Storage(const Storage &)= delete;
+Storage =(const Storage &) = delete;
+
+Storage()
+{
+ _blobs[0] = new NamesAndAtomics();
+ release_assert(_blobs[0]);
+ release_assert(0 == create("proxy.process.api.metrics.bad_id")); //
Reserve slot 0 for errors, this should always be 0
+}
+
+~Storage()
+{
+ for (size_t i = 0; i <= _cur_blob; ++i) {
+delete _blobs[i];
+ }
+}
+
+IdType create(const std::string_view name);
+void addBlob();
+IdType lookup(const std::string_view name) const;
+AtomicType *lookup(const std::string_view name, IdType *out_id) const;
+AtomicType *lookup(Metrics::IdType id, std::string_view *out_name =
nullptr) const;
+std::string_view name(IdType id)
(trafficserver) 09/09: IP Allow: document when rules are applied (#11240)
This is an automated email from the ASF dual-hosted git repository. cmcfarlen pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit eaf34fd330a3b858dfca72c9848ec065ca432e7e Author: Brian Neradt AuthorDate: Wed Apr 10 18:08:58 2024 -0500 IP Allow: document when rules are applied (#11240) I have noticed when discussing the IP Allow feature that there is some confusion over when various types of rules are applied. This PR documents the three stages in which any given rule could be applied. (cherry picked from commit 10520b361a97d431e3f31991bf2c0a5287538700) --- doc/admin-guide/files/ip_allow.yaml.en.rst | 22 ++ doc/admin-guide/files/remap.config.en.rst | 2 ++ 2 files changed, 24 insertions(+) diff --git a/doc/admin-guide/files/ip_allow.yaml.en.rst b/doc/admin-guide/files/ip_allow.yaml.en.rst index 83b8458b9a..63e6d3ae2f 100644 --- a/doc/admin-guide/files/ip_allow.yaml.en.rst +++ b/doc/admin-guide/files/ip_allow.yaml.en.rst @@ -143,6 +143,28 @@ enables all methods for all outbound connections. since, while those are decrypted, they are not processed by |TS|. For details, see :ref:`sni-routing` and :file:`sni.yaml`. +Timing +== + +IP allow rules are applied at different stages, depending on the type of rule: + +* **On connection accept:** At the beginning of accepting a connection, if the + source IP address matches an ``in`` rule and the rule denies all methods from + this client (meaning that all transactions from the client are denied), the + connection is immediately closed by |TS|. The idea is that since the + administrator wants to deny all transactions from the client, |TS| should just + reject any connection from the client and not even process data from it. Note + that this means that for these all-method rules, no transactions are ever + processed by |TS|, and thus there will be no transaction log entries for these + denied connections. +* **Post remap:** ``in`` rules that are not all-method rules (meaning they apply + only to certain methods) are processed for each transaction after the client + headers are parsed and remap is applied. Processing the rules post-remap + allows for remap ACL modifications (see :ref:`Remap ACL Filters + `). +* **Preceding server connect:** ``out`` rules are applied after DNS resolution of + the upstream server but before the connection is established. + Examples diff --git a/doc/admin-guide/files/remap.config.en.rst b/doc/admin-guide/files/remap.config.en.rst index 7988220b30..9bd479b830 100644 --- a/doc/admin-guide/files/remap.config.en.rst +++ b/doc/admin-guide/files/remap.config.en.rst @@ -435,6 +435,8 @@ You may configure Nexthop or Parent hierarchical caching rules by remap using th **@strategy** tag. See :doc:`../configuration/hierarchical-caching.en` and :doc:`strategies.yaml.en` for configuration details and examples. +.. _acl-filters: + ACL Filters ===
(trafficserver) 05/09: CI: have rocky and fedora builds use curl in /opt (#11233)
This is an automated email from the ASF dual-hosted git repository.
cmcfarlen pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 7815914c6be9de7f480e65bf9f9021934524e1b9
Author: Brian Neradt
AuthorDate: Tue Apr 9 18:47:55 2024 -0500
CI: have rocky and fedora builds use curl in /opt (#11233)
(cherry picked from commit ae9fe3e512b5a4ea008ec54fa89662da64058a38)
---
CMakePresets.json | 5 +
1 file changed, 5 insertions(+)
diff --git a/CMakePresets.json b/CMakePresets.json
index 77a88c10f4..4c30bf9816 100644
--- a/CMakePresets.json
+++ b/CMakePresets.json
@@ -150,6 +150,8 @@
"OPENSSL_ROOT_DIR": "/opt/boringssl",
"quiche_ROOT": "/opt/quiche",
"CMAKE_INSTALL_PREFIX": "/tmp/ats-quiche",
+"opentelemetry_ROOT": "/opt",
+"CURL_ROOT": "/opt",
"ENABLE_QUICHE": true
}
},
@@ -161,6 +163,7 @@
"cacheVariables": {
"OPENSSL_ROOT_DIR": "/opt/openssl-quic",
"opentelemetry_ROOT": "/opt",
+"CURL_ROOT": "/opt",
"ENABLE_CRIPTS": true
}
},
@@ -170,6 +173,7 @@
"description": "CI Pipeline config for Fedora Linux compiled with c++20",
"inherits": ["ci"],
"cacheVariables": {
+"CURL_ROOT": "/opt",
"CMAKE_CXX_STANDARD": "20"
}
},
@@ -181,6 +185,7 @@
"cacheVariables": {
"OPENSSL_ROOT_DIR": "/opt/boringssl",
"quiche_ROOT": "/opt/quiche",
+"CURL_ROOT": "/opt",
"CMAKE_INSTALL_PREFIX": "/tmp/ats-quiche",
"ENABLE_QUICHE": true
}
(trafficserver) 03/09: Restore private key passphrase behavior (#11201)
This is an automated email from the ASF dual-hosted git repository.
cmcfarlen pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 3e0ff2d8aba34619d8cb542833fba336dcbb2939
Author: Mo Chen
AuthorDate: Tue Apr 9 16:59:08 2024 -0500
Restore private key passphrase behavior (#11201)
Fix private key passphrase support in ssl_multicert. Add autest.
(cherry picked from commit 87d88ded2884a8b4a36a2f440bd4ddb75c481192)
---
src/iocore/net/SSLConfig.cc | 4 +-
src/iocore/net/SSLUtils.cc | 57 --
tests/gold_tests/tls/ssl/passphrase.key | 30 ++
tests/gold_tests/tls/ssl/passphrase.pem | 27 +
tests/gold_tests/tls/ssl/passphrase2.key| 30 ++
tests/gold_tests/tls/ssl/passphrase2.pem| 27 +
tests/gold_tests/tls/ssl_key_dialog.test.py | 91 +
7 files changed, 231 insertions(+), 35 deletions(-)
diff --git a/src/iocore/net/SSLConfig.cc b/src/iocore/net/SSLConfig.cc
index df1f2299e2..8d02afd265 100644
--- a/src/iocore/net/SSLConfig.cc
+++ b/src/iocore/net/SSLConfig.cc
@@ -975,7 +975,9 @@ SSLConfigParams::getCTX(const std::string _cert,
const std::string _f
biop = BIO_new_mem_buf(secret_data.data(), secret_data.size());
}
- key = PEM_read_bio_PrivateKey(biop, nullptr, nullptr, nullptr);
+ pem_password_cb *password_cb =
SSL_CTX_get_default_passwd_cb(client_ctx.get());
+ void *u =
SSL_CTX_get_default_passwd_cb_userdata(client_ctx.get());
+ key = PEM_read_bio_PrivateKey(biop, nullptr,
password_cb, u);
if (!key) {
SSLError("failed to load client private key file from %s",
key_file_name.c_str());
goto fail;
diff --git a/src/iocore/net/SSLUtils.cc b/src/iocore/net/SSLUtils.cc
index 3d74f5b8a0..7845e9ca69 100644
--- a/src/iocore/net/SSLUtils.cc
+++ b/src/iocore/net/SSLUtils.cc
@@ -654,18 +654,6 @@ ssl_context_enable_tickets(SSL_CTX *ctx, const char
*ticket_key_path)
#endif /* TS_HAS_TLS_SESSION_TICKET */
}
-struct passphrase_cb_userdata {
- const SSLConfigParams *_configParams;
- const char *_serverDialog;
- const char *_serverCert;
- const char *_serverKey;
-
- passphrase_cb_userdata(const SSLConfigParams *params, const char *dialog,
const char *cert, const char *key)
-: _configParams(params), _serverDialog(dialog), _serverCert(cert),
_serverKey(key)
- {
- }
-};
-
// RAII implementation for struct termios
struct ssl_termios : public termios {
ssl_termios(int fd)
@@ -741,15 +729,17 @@ ssl_private_key_passphrase_callback_exec(char *buf, int
size, int rwflag, void *
return 0;
}
- *buf = 0;
- passphrase_cb_userdata *ud = static_cast(userdata);
+ *buf= 0;
+ const SSLMultiCertConfigParams *sslMultCertSettings =
static_cast(userdata);
- Dbg(dbg_ctl_ssl_load, "ssl_private_key_passphrase_callback_exec rwflag=%d
serverDialog=%s", rwflag, ud->_serverDialog);
+ Dbg(dbg_ctl_ssl_load, "ssl_private_key_passphrase_callback_exec rwflag=%d
dialog=%s", rwflag, sslMultCertSettings->dialog.get());
// only respond to reading private keys, not writing them (does ats even do
that?)
if (0 == rwflag) {
// execute the dialog program and use the first line output as the
passphrase
-FILE *f = popen(ud->_serverDialog, "r");
+ink_assert(strncmp(sslMultCertSettings->dialog, "exec:", 5) == 0);
+const char *serverDialog = >dialog[5];
+FILE *f = popen(serverDialog, "r");
if (f) {
if (fgets(buf, size, f)) {
// remove any ending CR or LF
@@ -762,7 +752,7 @@ ssl_private_key_passphrase_callback_exec(char *buf, int
size, int rwflag, void *
}
pclose(f);
} else { // popen failed
- Error("could not open dialog '%s' - %s", ud->_serverDialog,
strerror(errno));
+ Error("could not open dialog '%s' - %s", serverDialog, strerror(errno));
}
}
return strlen(buf);
@@ -775,19 +765,19 @@ ssl_private_key_passphrase_callback_builtin(char *buf,
int size, int rwflag, voi
return 0;
}
- *buf = 0;
- passphrase_cb_userdata *ud = static_cast(userdata);
+ *buf= 0;
+ const SSLMultiCertConfigParams *sslMultCertSettings =
static_cast(userdata);
- Dbg(dbg_ctl_ssl_load, "ssl_private_key_passphrase_callback rwflag=%d
serverDialog=%s", rwflag, ud->_serverDialog);
+ Dbg(dbg_ctl_ssl_load, "ssl_private_key_passphrase_callback rwflag=%d
dialog=%s", rwflag, sslMultCertSettings->dialog.get());
// only respond to reading private keys, not writing them (does ats even do
that?)
if (0 == rwflag) {
// output request
fprintf(stdout, "Some of your private key files are encrypted for security
reasons.\n");
fprintf(stdout, "In order to read them you have to
(trafficserver) 08/09: cleanup asan odr violations (#11237)
This is an automated email from the ASF dual-hosted git repository.
cmcfarlen pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit fd036f9537e2f293a0e9f141ad3291dc7967ddb2
Author: Chris McFarlen
AuthorDate: Wed Apr 10 13:58:03 2024 -0500
cleanup asan odr violations (#11237)
* cleanup asan odr violations
* link libswoc to experimental/sslheaders
* slice uses pcre directly
* tls_bridge uses PCRE::PCRE
* transitive
(cherry picked from commit 69860ddfaa6869884eea4849bba8cc989bb5f7eb)
---
plugins/background_fetch/CMakeLists.txt| 2 +-
plugins/compress/compress.cc | 3 ++-
plugins/experimental/sslheaders/CMakeLists.txt | 3 ++-
plugins/experimental/tls_bridge/CMakeLists.txt | 3 ++-
plugins/remap_stats/CMakeLists.txt | 1 -
plugins/slice/CMakeLists.txt | 3 +--
6 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/plugins/background_fetch/CMakeLists.txt
b/plugins/background_fetch/CMakeLists.txt
index 698af17344..abfb728bf6 100644
--- a/plugins/background_fetch/CMakeLists.txt
+++ b/plugins/background_fetch/CMakeLists.txt
@@ -16,5 +16,5 @@
###
add_atsplugin(background_fetch background_fetch.cc configs.cc headers.cc
rules.cc)
-target_link_libraries(background_fetch PRIVATE libswoc::libswoc ts::tsutil)
+target_link_libraries(background_fetch PRIVATE libswoc::libswoc)
verify_global_plugin(background_fetch)
diff --git a/plugins/compress/compress.cc b/plugins/compress/compress.cc
index b0e0c7a474..abe1976e90 100644
--- a/plugins/compress/compress.cc
+++ b/plugins/compress/compress.cc
@@ -70,7 +70,7 @@ const int BROTLI_LGW = 16;
static const char *global_hidden_header_name = nullptr;
-static TSMutex compress_config_mutex = TSMutexCreate();
+static TSMutex compress_config_mutex = nullptr;
// Current global configuration, and the previous one (for cleanup)
Configuration *cur_config = nullptr;
@@ -1017,6 +1017,7 @@ void
TSPluginInit(int argc, const char *argv[])
{
const char *config_path = nullptr;
+ compress_config_mutex = TSMutexCreate();
if (argc > 2) {
fatal("the compress plugin does not accept more than 1 plugin argument");
diff --git a/plugins/experimental/sslheaders/CMakeLists.txt
b/plugins/experimental/sslheaders/CMakeLists.txt
index 4b9d0c4cbd..5108f6ec19 100644
--- a/plugins/experimental/sslheaders/CMakeLists.txt
+++ b/plugins/experimental/sslheaders/CMakeLists.txt
@@ -16,7 +16,8 @@
###
add_library(sslhdr STATIC expand.cc util.cc)
-target_link_libraries(sslhdr PRIVATE OpenSSL::SSL ts::tsutil)
+target_link_libraries(sslhdr PRIVATE OpenSSL::SSL libswoc::libswoc # transitive
+)
set_target_properties(sslhdr PROPERTIES POSITION_INDEPENDENT_CODE TRUE)
if(BUILD_TESTING)
diff --git a/plugins/experimental/tls_bridge/CMakeLists.txt
b/plugins/experimental/tls_bridge/CMakeLists.txt
index 5430505431..bb13df997e 100644
--- a/plugins/experimental/tls_bridge/CMakeLists.txt
+++ b/plugins/experimental/tls_bridge/CMakeLists.txt
@@ -17,5 +17,6 @@
add_atsplugin(tls_bridge tls_bridge.cc)
-target_link_libraries(tls_bridge PRIVATE ts::tsutil libswoc::libswoc)
+target_link_libraries(tls_bridge PRIVATE libswoc::libswoc PCRE::PCRE #
transitive
+)
verify_global_plugin(tls_bridge)
diff --git a/plugins/remap_stats/CMakeLists.txt
b/plugins/remap_stats/CMakeLists.txt
index 4efc6c831f..7cfa5545bd 100644
--- a/plugins/remap_stats/CMakeLists.txt
+++ b/plugins/remap_stats/CMakeLists.txt
@@ -17,5 +17,4 @@
add_atsplugin(remap_stats remap_stats.cc)
-target_link_libraries(remap_stats PRIVATE ts::tscore)
verify_global_plugin(remap_stats)
diff --git a/plugins/slice/CMakeLists.txt b/plugins/slice/CMakeLists.txt
index 5c15c5a8d2..efca6315d8 100644
--- a/plugins/slice/CMakeLists.txt
+++ b/plugins/slice/CMakeLists.txt
@@ -33,8 +33,7 @@ add_atsplugin(
util.cc
)
-target_link_libraries(slice PRIVATE ts::tscore)
-
+target_link_libraries(slice PRIVATE PCRE::PCRE)
if(BUILD_TESTING)
add_subdirectory(unit-tests)
endif()
(trafficserver) 06/09: Cleanup: rename client_vc to txn (#11234)
This is an automated email from the ASF dual-hosted git repository.
cmcfarlen pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 1b1212532956bff0baa2577481b2af7db3261e7a
Author: Masaori Koshiba
AuthorDate: Thu Apr 11 07:39:48 2024 +0900
Cleanup: rename client_vc to txn (#11234)
(cherry picked from commit ceb60aeaf77e3cf83ca6fa1109a7b90d7d88b154)
---
include/proxy/http/HttpSM.h | 2 +-
src/proxy/http/HttpSM.cc| 22 +++---
2 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/include/proxy/http/HttpSM.h b/include/proxy/http/HttpSM.h
index 6f28523d0b..3b2dacb256 100644
--- a/include/proxy/http/HttpSM.h
+++ b/include/proxy/http/HttpSM.h
@@ -186,7 +186,7 @@ public:
void init(bool from_early_data = false);
- void attach_client_session(ProxyTransaction *client_vc_arg);
+ void attach_client_session(ProxyTransaction *txn);
// Called after the network connection has been completed
// to set the session timeouts and initiate a read while
diff --git a/src/proxy/http/HttpSM.cc b/src/proxy/http/HttpSM.cc
index 9ef713dbdd..d268d74db9 100644
--- a/src/proxy/http/HttpSM.cc
+++ b/src/proxy/http/HttpSM.cc
@@ -371,16 +371,16 @@ HttpSM::start_sub_sm()
}
void
-HttpSM::attach_client_session(ProxyTransaction *client_vc)
+HttpSM::attach_client_session(ProxyTransaction *txn)
{
milestones[TS_MILESTONE_UA_BEGIN] = ink_get_hrtime();
- ink_assert(client_vc != nullptr);
+ ink_assert(txn != nullptr);
- NetVConnection *netvc = client_vc->get_netvc();
+ NetVConnection *netvc = txn->get_netvc();
if (!netvc) {
return;
}
- _ua.set_txn(client_vc, milestones);
+ _ua.set_txn(txn, milestones);
// Collect log & stats information. We've already verified that the netvc is
!nullptr above,
// and netvc == _ua.get_txn()->get_netvc().
@@ -389,7 +389,7 @@ HttpSM::attach_client_session(ProxyTransaction *client_vc)
mptcp_state = netvc->get_mptcp_state();
ink_release_assert(_ua.get_txn()->get_half_close_flag() == false);
- mutex = client_vc->mutex;
+ mutex = txn->mutex;
if (_ua.get_txn()->debug()) {
debug_on = true;
}
@@ -408,7 +408,7 @@ HttpSM::attach_client_session(ProxyTransaction *client_vc)
// Allocate a user agent entry in the state machine's
// vc table
_ua.set_entry(vc_table.new_entry());
- _ua.get_entry()->vc = client_vc;
+ _ua.get_entry()->vc = txn;
_ua.get_entry()->vc_type = HTTP_UA_VC;
ats_ip_copy(_state.client_info.src_addr, netvc->get_remote_addr());
@@ -417,7 +417,7 @@ HttpSM::attach_client_session(ProxyTransaction *client_vc)
t_state.client_info.port_attribute =
static_cast(netvc->attributes);
// Record api hook set state
- hooks_set = client_vc->has_hooks();
+ hooks_set = txn->has_hooks();
// Setup for parsing the header
_ua.get_entry()->vc_read_handler = ::state_read_client_request_header;
@@ -434,14 +434,14 @@ HttpSM::attach_client_session(ProxyTransaction *client_vc)
// this hook maybe asynchronous, we need to disable IO on
// client but set the continuation to be the state machine
// so if we get an timeout events the sm handles them
- _ua.get_entry()->read_vio = client_vc->do_io_read(this, 0,
_ua.get_txn()->get_remote_reader()->mbuf);
- _ua.get_entry()->write_vio = client_vc->do_io_write(this, 0, nullptr);
+ _ua.get_entry()->read_vio = txn->do_io_read(this, 0,
_ua.get_txn()->get_remote_reader()->mbuf);
+ _ua.get_entry()->write_vio = txn->do_io_write(this, 0, nullptr);
/
// set up timeouts //
/
-
client_vc->set_inactivity_timeout(HRTIME_SECONDS(t_state.txn_conf->transaction_no_activity_timeout_in));
-
client_vc->set_active_timeout(HRTIME_SECONDS(t_state.txn_conf->transaction_active_timeout_in));
+
txn->set_inactivity_timeout(HRTIME_SECONDS(t_state.txn_conf->transaction_no_activity_timeout_in));
+
txn->set_active_timeout(HRTIME_SECONDS(t_state.txn_conf->transaction_active_timeout_in));
++reentrancy_count;
// Add our state sm to the sm list
(trafficserver) branch 10.0.x updated (16123bfa01 -> eaf34fd330)
This is an automated email from the ASF dual-hosted git repository. cmcfarlen pushed a change to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git from 16123bfa01 add missing CMakeLists.txt (#11231) new 3c4ab456a3 Refactor Metrics storage to preserve lifetime (#11214) new 8d0a945343 Manage storage for ssl hooks (#11224) new 3e0ff2d8ab Restore private key passphrase behavior (#11201) new 20c27101d2 Update curl library references to CURL (#11232) new 7815914c6b CI: have rocky and fedora builds use curl in /opt (#11233) new 1b12125329 Cleanup: rename client_vc to txn (#11234) new 163717755d jsonrpc: small cleanup. (#11236) new fd036f9537 cleanup asan odr violations (#11237) new eaf34fd330 IP Allow: document when rules are applied (#11240) The 9 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: CMakePresets.json | 5 + cmake/ExperimentalPlugins.cmake | 2 +- doc/admin-guide/files/ip_allow.yaml.en.rst | 22 + doc/admin-guide/files/remap.config.en.rst | 2 + include/iocore/eventsystem/ProxyAllocator.h | 5 +- include/iocore/eventsystem/Thread.h | 2 +- include/iocore/net/SSLAPIHooks.h| 7 +- include/proxy/http/HttpSM.h | 2 +- include/tsutil/Metrics.h| 126 +--- plugins/background_fetch/CMakeLists.txt | 2 +- plugins/compress/compress.cc| 3 +- plugins/experimental/otel_tracer/CMakeLists.txt | 2 +- plugins/experimental/sslheaders/CMakeLists.txt | 3 +- plugins/experimental/tls_bridge/CMakeLists.txt | 3 +- plugins/remap_stats/CMakeLists.txt | 1 - plugins/slice/CMakeLists.txt| 3 +- src/api/APIHooks.cc | 4 +- src/api/InkAPI.cc | 2 +- src/api/InkAPIInternal.cc | 1 - src/iocore/cache/unit_tests/main.cc | 1 - src/iocore/eventsystem/Thread.cc| 7 ++ src/iocore/net/Net.cc | 1 - src/iocore/net/SSLAPIHooks.cc | 10 +- src/iocore/net/SSLConfig.cc | 4 +- src/iocore/net/SSLNetVConnection.cc | 18 ++-- src/iocore/net/SSLUtils.cc | 61 +--- src/iocore/net/TLSSessionResumptionSupport.cc | 2 +- src/iocore/net/unit_tests/unit_test_main.cc | 1 - src/mgmt/rpc/jsonrpc/JsonRPCManager.cc | 5 +- src/proxy/http/HttpSM.cc| 22 ++--- src/tsutil/Metrics.cc | 34 --- tests/gold_tests/tls/ssl/passphrase.key | 30 ++ tests/gold_tests/tls/ssl/passphrase.pem | 27 + tests/gold_tests/tls/ssl/passphrase2.key| 30 ++ tests/gold_tests/tls/ssl/passphrase2.pem| 27 + tests/gold_tests/tls/ssl_key_dialog.test.py | 91 + 36 files changed, 427 insertions(+), 141 deletions(-) create mode 100644 tests/gold_tests/tls/ssl/passphrase.key create mode 100644 tests/gold_tests/tls/ssl/passphrase.pem create mode 100644 tests/gold_tests/tls/ssl/passphrase2.key create mode 100644 tests/gold_tests/tls/ssl/passphrase2.pem create mode 100644 tests/gold_tests/tls/ssl_key_dialog.test.py
(trafficserver) branch master updated: jsonrpc: small cleanup. (#11236)
This is an automated email from the ASF dual-hosted git repository.
dmeden pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new fdbda82e85 jsonrpc: small cleanup. (#11236)
fdbda82e85 is described below
commit fdbda82e85d9f8177f0add02f4c14485c6ebf4bf
Author: Damian Meden
AuthorDate: Thu Apr 11 09:43:09 2024 +0200
jsonrpc: small cleanup. (#11236)
Remove come commented out code and fix some comments.
---
src/mgmt/rpc/jsonrpc/JsonRPCManager.cc | 5 +
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/src/mgmt/rpc/jsonrpc/JsonRPCManager.cc
b/src/mgmt/rpc/jsonrpc/JsonRPCManager.cc
index dbe695934b..3747b843c1 100644
--- a/src/mgmt/rpc/jsonrpc/JsonRPCManager.cc
+++ b/src/mgmt/rpc/jsonrpc/JsonRPCManager.cc
@@ -291,11 +291,8 @@
JsonRPCManager::Dispatcher::InternalHandler::invoke(specs::RPCRequestInfo const
std::unique_lock
lock(g_rpcHandlingMutex);
g_rpcHandlingCompletion.wait(lock, []() {
return g_rpcHandlerProcessingCompleted; });
g_rpcHandlerProcessingCompleted = false;
-// seems to be done, set the response. As the
response data is a swoc::Rv this will handle both,
-// error and non error cases.
+// swoc::Rv this will handle both, error and
success cases.
ret = std::move(g_rpcHandlerResponseData);
-// clean up the shared data.
-//
g_rpcHandlerResponseData.clear(); // moved so no cleanup?
lock.unlock();
}},
this->_func);
