-
Notifications
You must be signed in to change notification settings - Fork 817
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
header_rewrite: allow for use of maxminddb as source of geo truth #7695
Conversation
20ef2aa
to
e9feaa9
Compare
@@ -14,9 +14,5 @@ | |||
# See the License for the specific language governing permissions and | |||
# limitations under the License. | |||
|
|||
if BUILD_HEALTHCHECK_PLUGIN |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
unrelated, but general cleanup. we conditionalize compilation at the parent Makefile for everything else.
bd52837
to
a01e0d6
Compare
Need to have a way to not use the library even if it's installed. |
@ezelkow1 do you have experience with maxmind? |
yea, but its mostly similar to what was done here, which is similar to what I did in the maxmind_acl plugin. I briefly looked through the PR and it looked good to me, though Im not sure what @SolidWallOfCode comment meant. Do you mean we need a way to have a --disable-maxmind type of config to be able to not bring it in if it exists? |
Also while you are in there, it may be good to add some notes in the docs re: #7669 Since both geoip and mmdb are using mmap, if you swap the db out from underneath the plugin while it is running you may end up with a bad time since its using an mmap'd version to the file location as @pbchou found. GeoIP may have ways around this since it looks like it has multiple ways to load a file but mmdb only has the one method, so I dont think there is any way around it there I have also opened an issue with mmdb for this since it is surprising it doesnt have this functionality yet, maxmind/libmaxminddb#256 |
@SolidWallOfCode Can you provide more detail? do you mean at configure time? eg |
Latest version will return |
I guess I don't see an issue with the current implementation (overwriting data files with |
) (cherry picked from commit 2f36ec6)
Cherry-picked to v9.1.x branch. |
* master: Get rid of code for OpenSSL that has old QUIC API (#7599) Fixed warning in gcc 11 about array not being initalized (#7840) Don't call next next dup on destroyed mime field mloc. (#7833) build_h3_tools: use OpenSSL_1_1_1k+quic (#7836) Address assert on captive_action (#7807) Fix so EOS are delivered to sessions in the pool (#7828) Fix a format specifier for size_t (#7830) Fix stall on sending response for request with trailer header (#7831) Simplification dir_init_done (#7817) Remove unused member from HttpSM (#7835) AuTest: use exteneded help output to determin curl feature support (#7834) Apply fmt compile time argument checking to log functions (#7829) Adds new X-Cache-Info header to the xdebug plugin (#7784) Cleanup: Remove unused members of Http2Stream (#7813) Cleanup: unused functions of Http2ClientSession (#7812) Cancel cross_thread_event on clear_io_events (#7815) Cleanup: Remove a meaningless Http2Stream::do_io_close() call (#7814) Eliminate next dup call using stale mime field mloc is s3_auth plugin. (#7825) NetEvent cleanup - replace #define with constexpr (#7804) fix origin session related crashes (#7808) Update HTTP version info in HostDB on new outbound connection (#7816) Remove a redundant argument (#7811) SSL Cert lookup using PP dest ip when ProxyProtocol is enabled (#7802) Fix MLoc assert caused by s3auth (#7790) Fix cpu utilization problem in session cache (#7719) Fix to cookie_remap.cc tp avoid Intel compiler warning. (#7792) TSHttpTxnCacheDiskPathGet - tighten up the code a bit. (#7806) Doc: tcpinfo plugin table formatting (#7805) fix DNS spike issue for TCP_RETRY mode (#7307) Adds new TS API TSHttpTxnCacheDiskPathGet (#7783) tests: Fixes spelling (#7789) Traffic Dump: Add an HTTP/3 AuTest (#7758) use sendmsg and recvmsg (#7793) HTTP: clean up the http_hdr_describe format error (#7797) Fixes an issue where next hop unit tests crash when run on macOS. (#7787) Apply log throttling to HTTP/2 session error rate messages (#7772) Cleans up uninitialized warning in LogMessage.cc (#7788) Short circuit remap reload when a valid remap file is not specified (#7782) DNS: Clean up argument passing to DNS queries. (#7778) Remove extra verify-callback (#7540) Augment test cases for tls_verify_override test (#7736) Make when_to_revalidate setting available on HTTPS (#7753) Add traffic_server command line option for debugging in Au test. (#7762) Test: Update tls_partial_blind_tunnel to have a nameserver. (#7773) Test: update tls_forward_nonhttp to have a nameserver. (#7774) Test: add nameserver to log-filter test. (#7776) BWF: Add support for std::error_code. (#7777) Test: add nameserver to log-field test. (#7779) Test: add nameserver to regex_remap test. (#7775) Elevate privileges for traffic_manager during SSL cert reload (#7770) Clean up HTTP version processing (#7766) Remove proxy.config.http.down_server.abort_threshold (#7748) Remove undocumented keepalive_internal_vc setting (#7693) doc: header_rewrite random function not inclusive (#7760) Experimental Cache fill plugin (#7470) Remove references to removed options (#7756) Propagate TLS errors (#7714) AuTest extension: check for unrecognized configurations (#7752) Fixes errors in the strategies.yaml documentation. (#7745) Updates to Nexthop strategies to limit the number of simultaneous (#7744) Fixes Issue #7739 - Next hop strategy with bad 'to' URL causes TS crash. (#7749) header_rewrite: Various fixes for MaxMind support (#7746) Remove unused variable is_revalidation_necessary (#7747) Fix simple remapping in regex_remap plugin. (#7718) Adding DNS TTL AuTests. (#7742) Add a chunked disabled test. (#7743) Fix monitor threads in lib records to exit on system shutdown. (#7731) Add overload for memcpy to take a destination buffer and source string_view / TextView (#7732) Test: Add nameserver to TLS tunnel forward test. (#7733) AIO_NOT_IN_PROGRESS should not be 0 (#7734) if transaction status non-success, bypass intercept plugin (#7724) ink_utf8_to_latin1 is not defined, removing declaration (#7737) Fix build on FreeBSD 13 (#7730) Update VSCode CPP Standard (#7723) Updating to use Proxy Verifier 2.2.0 (#7729) header_rewrite: Allow for relative path to geo database files (#7727) Override proxy.config.ssl.client.sni_policy from sni.yaml (#7703) compress.test.py: Reference config file from Test.RunDirectory (#7725) Ran clang-tidy over the code (#7708) Deny unknown transfer encoding values (#7694) Fix doc for http2.no_activity_timeout_in (#7721) Add DynamicStats (#7704) header_rewrite: allow for use of maxminddb as source of geo truth (#7695) Include in parentselectdefs.h in install target (#7713) uri_signing: fix warning which affects ubuntu:20.04 builds (#7717) Increase the maximum slice block size from 32MB to 128MB (#7709)
commit d232a12 Merge: 837bd0e 2edeae4 Author: Masakazu Kitajo <[email protected]> Date: Tue Jun 29 15:41:34 2021 +0900 Merge branch 'master' into quic-latest * master: reuse multiple times (apache#7992) Test bad request behavior (apache#7884) Fix BoringSSL build (apache#8001) Update TSHttpTxnAborted API to distinguish client/server aborts (apache#7901) Enforce case for well known methods (apache#7886) Add null checks for http_load (apache#7995) commit 837bd0e Author: Masakazu Kitajo <[email protected]> Date: Mon Jun 28 15:11:03 2021 +0900 Fix unit tests for QUICStreamState commit c5bb9e0 Merge: 0a63fa9 202b250 Author: Masakazu Kitajo <[email protected]> Date: Mon Jun 28 10:02:54 2021 +0900 Merge branch 'master' into quic-latest * master: Implement TLSBasicSupport for QUICNetVC (apache#7959) Reload server session inactivity timeout before placing a session into the pool (apache#7618) Use OpeSSL EVP API if SHA1 API is unavailable (cache_promote) (apache#7447) Cleanup: Get rid of HTTP2_SESSION_EVENT_RECV (apache#7879) Timing and permissions update for regex_revalidate test (apache#7998) limit m_current_range to max value in RangeTransform (apache#4843) Allow to TLS handshake to error out on TSVConnReenable (apache#7994) Cleanup: Get rid of HTTP2_SESSION_EVENT_INIT (apache#7878) Add hook for loading certificate and key data from plugin (apache#6609) Doc: Now's Minute invocation error (apache#7990) Fix typo in configure.ac (apache#7993) commit 0a63fa9 Merge: 312cf39 bd93f2a Author: Masakazu Kitajo <[email protected]> Date: Fri Jun 25 14:34:55 2021 +0900 Merge branch 'master' into quic-latest * master: Don't rely on SSLNetVC when HttpSM gathers info about SSL (apache#7961) conf_remap: demote 'Invalid configuration' to warning (apache#7991) Cleans up the code bit, including milliseconds consistency (apache#7989) Pass through expect header and handle 100-continue response (apache#7962) Treat TRACE with body as bad request (apache#7905) Thread safe Mersenne Twister 64 using c++11 (apache#7859) ESI plugin documentation updates. (apache#7970) Add log name configuration and stderr/stdout support. (apache#7937) Cleanup: Constify MIMEHdr (apache#7949) Fixed compile error with Linux AIO unit test (apache#7958) Note YAML parser library bug, and work-around, in documentation. (apache#7963) Ensure that the content-length value is only digits (apache#7964) String the url fragment for outgoing requests (apache#7966) Fix for HTTP/2 frames (apache#7965) Improve parsing error messages for strategies.yaml. (apache#7948) fix the scheme of h2 0rtt tests (apache#7957) Fix double test flakiness due to EOS/TXN_CLOSE race (apache#7956) Use proxy.config.log.hostname for rotated log filenames (apache#7943) Fixed memory leak in the QUIC stream manager (apache#7951) Fixup TS_USE_LINUX_NATIVE_AIO AIO_MODE_NATIVE (apache#7832) Update GitHub stale action to auto close old PRs (apache#7952) Revert "Do not invalidate cached resources upon error responses to unsafe methods (apache#7864)" (apache#7954) regex_revalidate: add stats for miss/stale counts (apache#7950) Do not invalidate cached resources upon error responses to unsafe methods (apache#7864) Add an HTTP/2 304 "Not Modified" AuTest. (apache#7882) regex_revalidate: optionally retain rule epoch state across restarts (apache#7939) Fixed memory leak in QUIC ack frame unit test (apache#7947) cache_promote: Don't promote on uncacheable requests (apache#7942) Fix dynamic-stack-buffer-overflow of cachekey plugin (apache#7945) Compilation error fixes for QUIC unit tests (apache#7944) Adds bytes counting as a trigger to the cache_promote LRU (apache#7765) Add a JSON schema for strategies.yaml (apache#7932) Remove second call to TRANSACT_RETURN while handling cache write lock (apache#7873) Close connection after every bad request for HTTP/1.1 (apache#7885) Pin Sphinx to 3.x to unblock `make html` (apache#7940) Add support for Remap rule hit stats (apache#7936) Remove scrap log object dead code (apache#7935) Add STL forward iterators to DLL container. (apache#7934) Add log SQUID code testing to redirect.test.py Au test. (apache#7870) Fix race condition on server session state (apache#7921) regex_reval: bug where rule type is always reported as the first (apache#7928) Remove duplicate entry in overridable txn vars. (apache#7930) Satisfy ci/jenkins/bin/clang-format.sh (apache#7929) Add a basic Au test using strategies.yaml, with consistent hashing. (apache#7911) Add a chunked negative revalidating test. (apache#7907) Ensure that URL components are valid when alternate eviction is logged (apache#7924) fix grammar (apache#7927) AuTest: Enable h2spec generic test cases (apache#7926) Adjust vc read errors (apache#7923) Remove bucket search from IntrusiveHashMap::erase (apache#7848) Ensure TS_VCONN_CLOSE_HOOK hook is called during TS_EVENT_VCONN_CLOSE. (apache#7913) Update docs languages file to add 9.1.x for en and ja (apache#7917) * Adds a new peering ring mode to next hop selection strategies. (apache#7897) Add Au test for strategies.yaml, with consistent hashing, with fallover. (apache#7914) Make HttpSM server reference a Transaction instead of a Session (apache#7849) Set accept_options of Http1Transaction in Http1ClientSession::new_connection() (apache#7894) Reset Http1Transaction before adding vc to keep_alive_queue (apache#7892) Add dead server policy control and metric. Improve messages. (apache#7757) Ensure the HTTP protion of the protocol string is upper case (apache#7904) Fixed spelling mistakes in the docs (apache#7896) add MISS capability to the regex_revalidate plugin (apache#7899) docs: fix capitalization of Linux (apache#7898) Redirect - Make TS to honour the number_of_redirections configuration value (apache#7867) Clean up producer more regularly (apache#7386) Fix crash in open_close_h2 (apache#7586) Cleanup Http2ClientSession SessionHandler (apache#7876) Enforce HTTP parsing restrictions on HTTP versions supported (apache#7875) Do not delete the continuation twice (apache#7862) Cleanup: refer Http2ClientSession::mutex (apache#7853) Autest - Proxy Verifier Extension, add context template $-base string substitution in the replay file. (apache#7866) Fixed some spelling mistakes in comments (apache#7869) Fixed ASAN issues with MMH test (apache#7868) Cleanup: Move member functions defined inside of class definitions of Http2ConnectionState & Http2ConnectionSettings (apache#7854) Add URI Signing cdnistd Claim Implementation (apache#7822) Adds a new --enable-all-asserts configure option (apache#7858) Unifdef test code for MMH and moved it into its own test file (apache#7841) Clean up lua plugin doc for overridable configurations (apache#7844) Save and propagate epoll network error (apache#7809) Add method to write an IpAddr value to a sockaddr. (apache#7821) Add proxy.config.http.max_proxy_cycles (apache#7657) Update NextHop strategies so that unavailable server retry codes (apache#7837) generator: allow for POST requests (apache#7635) Fixed double declaration types for log buffer tracking (apache#7847) Extra braces for clang 5 / ubuntu 16.04 on array initialization (apache#7842) Conflicts: iocore/net/quic/QUICStreamFactory.cc commit 312cf39 Merge: f90e8dd 5cdc145 Author: Masakazu Kitajo <[email protected]> Date: Mon May 17 10:07:42 2021 +0900 Merge branch 'master' into quic-latest * master: Get rid of code for OpenSSL that has old QUIC API (apache#7599) Fixed warning in gcc 11 about array not being initalized (apache#7840) Don't call next next dup on destroyed mime field mloc. (apache#7833) build_h3_tools: use OpenSSL_1_1_1k+quic (apache#7836) Address assert on captive_action (apache#7807) Fix so EOS are delivered to sessions in the pool (apache#7828) Fix a format specifier for size_t (apache#7830) Fix stall on sending response for request with trailer header (apache#7831) Simplification dir_init_done (apache#7817) Remove unused member from HttpSM (apache#7835) AuTest: use exteneded help output to determin curl feature support (apache#7834) Apply fmt compile time argument checking to log functions (apache#7829) Adds new X-Cache-Info header to the xdebug plugin (apache#7784) Cleanup: Remove unused members of Http2Stream (apache#7813) Cleanup: unused functions of Http2ClientSession (apache#7812) Cancel cross_thread_event on clear_io_events (apache#7815) Cleanup: Remove a meaningless Http2Stream::do_io_close() call (apache#7814) Eliminate next dup call using stale mime field mloc is s3_auth plugin. (apache#7825) NetEvent cleanup - replace #define with constexpr (apache#7804) fix origin session related crashes (apache#7808) Update HTTP version info in HostDB on new outbound connection (apache#7816) Remove a redundant argument (apache#7811) SSL Cert lookup using PP dest ip when ProxyProtocol is enabled (apache#7802) Fix MLoc assert caused by s3auth (apache#7790) Fix cpu utilization problem in session cache (apache#7719) Fix to cookie_remap.cc tp avoid Intel compiler warning. (apache#7792) TSHttpTxnCacheDiskPathGet - tighten up the code a bit. (apache#7806) Doc: tcpinfo plugin table formatting (apache#7805) fix DNS spike issue for TCP_RETRY mode (apache#7307) Adds new TS API TSHttpTxnCacheDiskPathGet (apache#7783) tests: Fixes spelling (apache#7789) Traffic Dump: Add an HTTP/3 AuTest (apache#7758) use sendmsg and recvmsg (apache#7793) HTTP: clean up the http_hdr_describe format error (apache#7797) Fixes an issue where next hop unit tests crash when run on macOS. (apache#7787) Apply log throttling to HTTP/2 session error rate messages (apache#7772) Cleans up uninitialized warning in LogMessage.cc (apache#7788) Short circuit remap reload when a valid remap file is not specified (apache#7782) DNS: Clean up argument passing to DNS queries. (apache#7778) Remove extra verify-callback (apache#7540) Augment test cases for tls_verify_override test (apache#7736) Make when_to_revalidate setting available on HTTPS (apache#7753) Add traffic_server command line option for debugging in Au test. (apache#7762) Test: Update tls_partial_blind_tunnel to have a nameserver. (apache#7773) Test: update tls_forward_nonhttp to have a nameserver. (apache#7774) Test: add nameserver to log-filter test. (apache#7776) BWF: Add support for std::error_code. (apache#7777) Test: add nameserver to log-field test. (apache#7779) Test: add nameserver to regex_remap test. (apache#7775) Elevate privileges for traffic_manager during SSL cert reload (apache#7770) Clean up HTTP version processing (apache#7766) Remove proxy.config.http.down_server.abort_threshold (apache#7748) Remove undocumented keepalive_internal_vc setting (apache#7693) doc: header_rewrite random function not inclusive (apache#7760) Experimental Cache fill plugin (apache#7470) Remove references to removed options (apache#7756) Propagate TLS errors (apache#7714) AuTest extension: check for unrecognized configurations (apache#7752) Fixes errors in the strategies.yaml documentation. (apache#7745) Updates to Nexthop strategies to limit the number of simultaneous (apache#7744) Fixes Issue apache#7739 - Next hop strategy with bad 'to' URL causes TS crash. (apache#7749) header_rewrite: Various fixes for MaxMind support (apache#7746) Remove unused variable is_revalidation_necessary (apache#7747) Fix simple remapping in regex_remap plugin. (apache#7718) Adding DNS TTL AuTests. (apache#7742) Add a chunked disabled test. (apache#7743) Fix monitor threads in lib records to exit on system shutdown. (apache#7731) Add overload for memcpy to take a destination buffer and source string_view / TextView (apache#7732) Test: Add nameserver to TLS tunnel forward test. (apache#7733) AIO_NOT_IN_PROGRESS should not be 0 (apache#7734) if transaction status non-success, bypass intercept plugin (apache#7724) ink_utf8_to_latin1 is not defined, removing declaration (apache#7737) Fix build on FreeBSD 13 (apache#7730) Update VSCode CPP Standard (apache#7723) Updating to use Proxy Verifier 2.2.0 (apache#7729) header_rewrite: Allow for relative path to geo database files (apache#7727) Override proxy.config.ssl.client.sni_policy from sni.yaml (apache#7703) compress.test.py: Reference config file from Test.RunDirectory (apache#7725) Ran clang-tidy over the code (apache#7708) Deny unknown transfer encoding values (apache#7694) Fix doc for http2.no_activity_timeout_in (apache#7721) Add DynamicStats (apache#7704) header_rewrite: allow for use of maxminddb as source of geo truth (apache#7695) Include in parentselectdefs.h in install target (apache#7713) uri_signing: fix warning which affects ubuntu:20.04 builds (apache#7717) Increase the maximum slice block size from 32MB to 128MB (apache#7709) commit f90e8dd Author: Masakazu Kitajo <[email protected]> Date: Tue Jan 12 12:21:51 2021 +0900 Add QUICStreamStateListener commit f66646c Merge: be9837c 9f9594f Author: Masakazu Kitajo <[email protected]> Date: Sat Apr 17 13:57:50 2021 +0900 Merge branch 'master' into quic-latest * master: Fix ALPN support on QUIC connections (apache#7593) fix mem leak in session cache (apache#7707) Parent Select Plugin (apache#7467) Add new TS API function TSUrlRawPortGet. (apache#7568) Add NixOS support (apache#7697) Remove support for --enable-remote-cov-commit (apache#7700) Remove configure-time loopback interface detection (apache#7702) Add sqpv log field for server protocol (apache#7680) Call do_io_close instead of HTTP2_SESSION_EVENT_FINI handler (apache#7594) Fix a bug in tspush that pushes corrupted content to cache (apache#7696) Automatically marks PRs and issues stale (apache#7675) New rate_limit plugin for simple resource limitations (apache#7623) Remove undefined method HttpSM::perform_nca_cache_action (apache#7692) Remove undefined method HttpSM::setup_client_header_nca (apache#7691) Scalar; Move "tag" struct to be inside the "ts" namespace to avoid collisions. (apache#7690) Rollback LAZY_BUF_ALLOC remove in HttpTunnel (apache#7583) Add class to normalize handling of pending action (apache#7667) Make HTTP/2 Curl AuTest gold files case insensitive (apache#7683) Add STL compliant field iteration to MIMEHdr. - rebase. (apache#7476) Fix use of -mcx16 flag - only use if it compiles cleanly. (apache#7684) Refine connection failure logging and messages and eliminate suprious connection errors (apache#7580) Add close header normalize openclose test (apache#7679) Fix has_consumer_besides_client to deal with no clients (apache#7685) create a new cache status RWW_HIT (apache#7670) Updating to AuTest 1.10.0 (apache#7682) sslheaders AuTest: Skip if plugin does not exist (apache#7678) Add AuTest for Background Fill (apache#7613) Do NOT kill tunnel if it has any consumer besides HT_HTTP_CLIENT (apache#7641) AuTest: address various permissions issues (apache#7668) Adding TCP Info header support to header rewrite (apache#7516) Refine Inline.cc carveout for arm64 darwin builds (apache#7662) Comment why log eviction isn't implemented via a log field. (apache#7648) Fixing Throttler.h for older clang and gcc compilers (apache#7651) Update -with-profile and add some profiling documentation (apache#7601) Use correct default value for verify.server.policy (apache#7636) Update server_response_body_bytes when background fill worked (apache#7621) Remove erroneous manager.log mesg with remap include file reload (apache#7646) Change ROUNDUP from function-like macro to function template. (apache#7614) Document http.default_buffer_water_mark (apache#7612) Add proxy.config.cache.log.alternate.eviction (apache#7629) Fix HttpSessionManager::acquireSession from previous rebase error (apache#7631) Fix tls_client_versions and tls_hooks18 tests (apache#7645) Updating documentation for negative_revalidating_lifetime (apache#7633) Remove reference to client.verify.server from tests and other bits (apache#7639) Add pooled_server_connections metric (apache#7627) Expose URL element methods through HTTPHdr (apache#7628) Add default implementation for allow_half_open (apache#7630) Add thread yeield to avoid busy waiting in LogObject::_checkout_write(). (apache#7576) Add proxy.process.http.background_fill_total_count (apache#7625) statichit: misc. fixes (apache#7634) Remove unused variables (apache#7626) Adding negative revalidating AuTests. (apache#7620) Add failed state to hostdb to better track failing origins (apache#7291) Use standard isdigit library function (apache#7619) Typo in output when forcing kqueue for configure (apache#7617) Implement log throttling (apache#7279) Increase Proxy Verifier caching delay. (apache#7616) Set pcre_malloc/free function pointers in core main() only. (apache#7608) commit be9837c Merge: 99ff68f d4fc16f Author: Masakazu Kitajo <[email protected]> Date: Wed Mar 17 09:38:59 2021 +0900 Merge branch 'master' into quic-latest * master: Fix the connection limit crash while using parents (apache#7604) Remove inline for detail::cache::CacheData::idAddr (apache#7592) Remove UnixNetVConnection::startEvent - not actually called. (apache#7596) Use return values to fix ubuntu release build error (apache#7591) Fix double destuct on Http2Stream termination (apache#7600) Add pointer/reference upcast function that is checked in debug builds. (apache#7582) Call constructors and destructors for H1/2 Session/Transaction via ClassAllocator (apache#7584) Add gold test for remap config .include directive. (apache#7589) Change the default value for verify.server.policy (apache#7587) Build the test library for tls_engine consistently (apache#7588) Generalize ALPN logic (apache#7555) Fix the final consumer write size from unchunked to chunked tunnel (apache#7577) Reactivate accept_no_activity_timeout (apache#7408) Tidy up session/transaction destruction process (apache#7571) Remove ProxyTransaction::set_proxy_ssn (apache#7567) Introduce TLSBasicSupport interface (apache#7556) Cleanup: Rename IOBufferReader of Http2ClientSession (apache#7569) Add a check for compress response, if from server and 304, then check cache for headers instead of the 304 response (apache#7564) Updates the STATUS file with all recent releases (apache#7566) Make Allocator.h less silly (no creepy "proto" object). (apache#6241) Cleanup: Remove unused member of Http2ClientSession (apache#7570) enable origin server session cache by default (apache#7537) Add tscontdestroy when transaction is closed and pacing rate is reset (apache#7572) Remove reference to CoreUtils (apache#7557) Remove unused enums from YamlSNIConfig struct. (apache#7565) Removes deprecated sni.yaml option: disable_h2 (apache#7547) This PR updates parent selection to limit the number of simultaneous (apache#7485) Fix KA header not checking strategy (apache#7483) Get rid of kruft LogObject copy constructor. (apache#7553) For TSHttpHdrEffectiveUrlBufGet(), include scheme for request to server URL. (apache#7545) Adding lower_ support to stats and bonding_slave data points for port status (apache#7560) Change cookie_remap plugin to allow use of pre-remap URL (and components). (apache#7519) check verify policy and properties (apache#7559) Fix parent.config to 504 not 502 on timeout (apache#7558) use SSL_CTX address as part of the lookup key (apache#7552) Add ALPN support on TLS Partial Blind Tunnel (apache#7511) Add server_name option to proxy.config.ssl.client.sni_policy (apache#7533) Fix a crash on origin session reuse (apache#7543) Removes the test plugins from the .spec file / RPM (apache#7551) Convert the inactive_client_timeout test to use Proxy Verifier (apache#7535) Fix ja3_fingerprint configure syntax (apache#7550) Fix asserts in multiplexer plugin. (apache#7532) parse expiration time and reload config at time out (apache#7281) Fix origin_session_reuse test (apache#7542) Fix tls_session_reuse test (apache#7541) Split SSL_CTX initialization logic into small functions (apache#7434) Remove dependency for SSL stuff from P_Net.h (apache#7531) Unify all the connect timeouts into one (apache#7335) Fix lua_states_stats Au test. (apache#7232) origin session reuse (apache#7479) Updating to use Proxy Verifier 2.1.0 (apache#7534) update the session reuse tests (apache#7529) commit 99ff68f Author: Masakazu Kitajo <[email protected]> Date: Wed Feb 17 11:14:40 2021 +0900 Fix link error commit c4ad0c0 Merge: c40d95a cd33010 Author: Masakazu Kitajo <[email protected]> Date: Wed Feb 17 09:56:25 2021 +0900 Merge branch 'master' into quic-latest * master: Select lua context per thread (apache#7465) Fix out of bounds access error in jtest (apache#7526) Disable compiling Inline.cc on macOS (apache#7389) Makes sure the types are correct, avoiding compiler warnings (apache#7523) Move has_request_body to ProxyTransaction (apache#7499) Make the H3 build script work properly on Debian platforms (apache#7522) slice/handleFirstServerHeader: return sooner on requested range errors (apache#7486) Add new log field for negotiated ALPN Protocol ID with the client (apache#7491) Add Outbound PROXY Protocol (v1/v2) Support (apache#7446) Updates the Dockerfile for debian (apache#7518) Disable client inactivity timeout while server is processing POST request (apache#7309) Upgrade Catch.hpp to v2.13.4 (apache#7464) Move reopen_moved_log_files to log flushing thread (apache#7450) replace psutil.pid() with psutil.process_iter() for safer execution (apache#7515) Fix spacing in clang-analyzer.sh script (apache#7480) Fix out of bounds access error in ats_base64_decode (apache#7490) Updated to build lastest versions of Fedora and CentOS docker images (apache#7505) Fix QUIC unit tests build issue on GNU ld (apache#7496) Fix QUIC unit test failures (apache#7497) Fixed build issues with Fedora 34 (apache#7506) Fixing DNS local_ipv* config option (apache#7507) traffic_dump: AuTests to use Proxy Verifier. (apache#7502) Disable ja3 plugin when building with boringssl (apache#7500) Avoid -Warray-bounds on PROXY Protocol Builder (apache#7488) AuTest: Upgrade to Proxy Verifier 2.0.2 (apache#7493) fix certs (apache#7494) Add zlib1g-dev to Debian dependencies in README (apache#7495) Unit Test - Increase openssl's key size. Place test certs into a common test folder. (apache#7451) Add basic type aliases for std::chrono types to ink_time.h for future use. (apache#7482) traffic_ctl - Fix lookup key for run-root option (apache#7484) update thread config tests (apache#7370) Perf: Replace casecmp with memcmp in HPACK static table lookup (apache#6521) Add PROXY Protocol Builder (apache#7445) Adjust so transfer-encoding header can be treated hop-by-hop (apache#7473) Convert auxkey form 2 uint32_t to 1 uint64_t. (apache#7350) Remove the queuing option from proxy.config.http.per_server.connection (apache#7302) Remove unused function ink_microseconds. (apache#7481) use std::unordered_map to store sessions (apache#7405) drop use of BIO_f_base64 and EVP_PKEY_new_mac_key (apache#7106) Do not write to the cache if the plugin decides not to write to the cache (apache#7461) API to retrieve NoStore set by plugins (apache#7439) Update AuTest version update directions for pipenv (apache#7469) Add command line utility to help convert remap plugin usage to ATS9. (apache#7426) Cleanup: Get rid of MIMEFieldWrapper from HPACK encoding (apache#6520) Proxy Verifier: Making use of delay directives for caching tests. (apache#7468) Cleanup: Add SNIRoutingType (apache#7453) Updating to Proxy Verifier v2.0.0 (apache#7454) Adjust to actually try a server address more than once (apache#7288) Change atoi to atol, causing obvious issues on what needs to be int64's (apache#7466) Cleans up duplicated TSOutboundConnectionMatchType definition (apache#7090) Fixing compress expectation for new microserver (apache#7463) Update to the new MicroServer 1.0.6 release (apache#7460) CacheRead: clear dir entry if doc is found to be truncated (apache#7064) Do not provide a stale negative cache (apache#7422) Generalize SNI support (apache#6870) Add synchronization between UDPNetProcessor::UDPBind in main Thread and initialize_thread_for_udp_net in ET_UDP Thread (apache#7407) Fix heap use after free in DNSProcessor::getby() (apache#3871) Fix comment in include/tscore/Filenames.h. (apache#7457) Fix Makefile target for creating changelogs (apache#7455) Change squid log code for self looping (apache#7443) Enhancements for compress plugin (apache#7416) Add incoming PROXY Protocol v2 support (apache#7340) Cleanup: Remove unused members of NextHopProperty (apache#7436) Small fix to regex_remap PR # 7347. (apache#7437) PoolableSession (apache#6828) option to disable compression for range request's response (apache#7287) Make TSUrlSchemeGet() return scheme implied by URL type when there is no explicit scheme. (apache#7262) commit c40d95a Merge: 573035c ecd70df Author: Masakazu Kitajo <[email protected]> Date: Wed Jan 20 09:39:34 2021 +0900 Merge branch 'master' into quic-latest * master: Fix a link error on traffi_quic command (apache#7433) Fix stall on outbound TLS handshake (apache#7432) Fix the Proxy Verifier AuTest extension to handle cert paths correctly (apache#7415) Update documentation for TSSslSessionInsert (apache#7420) Improve zlib detection logic (apache#7430) Fix parent connect fail segfault (apache#7429) commit 573035c Merge: 5704095 95b8d57 Author: Masakazu Kitajo <[email protected]> Date: Fri Jan 15 23:24:29 2021 +0900 Merge branch 'master' into quic-latest * master: Doc: Fix typo in negative_revalidating_lifetime (apache#7427) Change comment handling for long lines in url_sig plugin (apache#7421) Add unit tests for PROXY Protocol v1 parser (apache#7332) LGTM: Remove superfluous const qualifier in return type (apache#7412) Fix issue with unavailable server retry codes (apache#7410) Remove the warning statement (apache#7414) default to throttling and subsequently simplify the transfer code (apache#7257) Improvement to lua plugin (apache#7413) Make places to bind/unbind SSL object with/from NetVC (apache#7399) traffic_ctl - plugin msg now require only the tag as mandatory field data field is now optional. (apache#7364) API - Add new api function TSHttpTxnServerSsnTransactionCount() to retrieve the number of transactions between TS proxy and the origin server from a single session. (apache#7387) Fix clang compiler complaint about an unused parameter in SNIAction. (apache#7409) Add compression support to stats_over_http (apache#7393) Doc: Fix INPUT tag of Doxyfile (apache#7404) Remove unneeded variables in UnixNetVConnection (apache#7403) Correctly pass back errno to HttpSM (apache#7402) Reverting to old negative_caching conditional behavior (apache#7401) Remove unused MAYBE_ABORT state (apache#7400) traffic_manager should not retry on disk failure (apache#7397) Eliminate dangling pointer into stack space. (apache#7392) This PR aims to address some of the lock contention found and (apache#7377) Remove a special treatment for SSLNetVC in migrateToCurrentThread() (apache#7384) Replace ::exit() with _exit() to avoid secondary cleanup cores (apache#7395) [Doc] Fix build warnings (apache#7391) Clear call_sm on tunnel reset (apache#7352) Unused code: HostDBContinuation::removeEvent (apache#7383) Traffic Dump: Fix stream-id printing after first transaction. (apache#7311) Add comments to ink_queue.h. (apache#7376) Cleanup incoming PROXY Protocol v1 (apache#7331) In CI, only run autopep8 on branches that enforce autopep8 (apache#7270) Fix FreeBSD 12 link issue in test_libhttp2. (apache#7367) Adjust flags to ensure tunnel producer is cleaned up (apache#7336) Cleanup: Remove SSL Wire Trace releated code in UnixNetVConnection (apache#7368) Use EVP MAC API if available (apache#7363) Use EVP API instead of MD5_Init/Update/Final (secure_link plugin) (apache#7355) Use ERR_get_error_all if available (apache#7354) Use OpeSSL EVP API instead of SHA256_Init/Update/Final (apache#7342) Cleanup: Get rid of NetVConnection::outstanding() (apache#7366) Cleanup: Remove unused functions (apache#7365) Add a post case to the conn_timeout test (apache#7334) Fix sni ip_allow and host_sni_policy (apache#7349) AuTest for Split DNS (apache#7325) Make reloading client certificate configuration more reliable (apache#7313) Add negative caching tests and fixes. (apache#7361) ESI: Ensure gzip header is always initialized (apache#7360) Allow for regex_remap of pristine URL. (apache#7347) Set thread mutex to the DNSHandler mutex of SplitDNS (apache#7321) Fix lookup split dns rule with fast path (apache#7320) Add note to background fetch about include/exclude (apache#7343) AuTest for incoming PROXY Protocol v1 (apache#7326) Fix vc close migration race condition (apache#7337) TLS Session Reuse: Downgrade add_session messages to debug (apache#7345) TLS Session Reuse: Downgrade noisy log to debug (apache#7344) Remove the last remnants of the enable_url_expandomatic (apache#7276) Remove unnecessary cast from ReverseProxy. (apache#7329) Updates the Dockerfile with more packages (apache#7323) fixup in HttpSM to only set [TS_MILESTONE_SERVER_CLOSE if TS_MILESTONE_SERVER_CONNECT has been set (apache#7259) Add option for hybrid global and thread session pools (apache#6978) Get appropriate locks on SSN_START hook delays (apache#7295) s3_auth: demote noisy errors around configuration that doesn't affect plugin usability (apache#7306) Follow the comments in I_Thread.h, add an independent ink_thread_key for EThread. (apache#6288) Reduce the number of write operation on H2 (apache#7282) commit 5704095 Merge: 882a79d 0c88b24 Author: Masakazu Kitajo <[email protected]> Date: Wed Oct 28 21:06:11 2020 +0900 Merge branch 'master' into quic-latest * master: Adds a shell script to help build the H3 toolchains (apache#7299) Remove unfinished h2c support (apache#7286) Allow disabling SO_MARK and IP_TOS usage (apache#7292) Enable all h2spec test (apache#7289) Fix bad HTTP/2 post client causing stuck HttpSM (apache#7237) Sticky server does not work with H2 client (apache#7261) 7096: Synchronize Server Session Management and Network I/O (apache#7278) HostDB: remove unused field in HostDBApplicationInfo, and update remaining types in http_data to fix broken padding. (apache#7264) Add support for a new (TSMgmtDataTypeGet) mgmt API function to retrieve the record data type (apache#7221) Fix example in default sni.yaml configuration. (apache#7277) Fix proxy.process.http.current_client_transactions (apache#7258) Add AuTest for HTTP/2 Graceful Shutdown (apache#7271) Fix truncated reponse on HTTP/2 graceful shutdown (apache#7267) url_sig add 'ignore_expiry = true' option for log replay testing (apache#7231) Respecting default rolling_enabled in plugins. (apache#7275) gracefully handle TSReleaseAsserts in statichit and generator plugins (apache#7269) Removes commented out code from esi plugin (apache#7273) Allow initial // in request targets. (apache#7266) Document external log rotation support via SIGUSR2 (apache#7265) Let Dedicated EThreads use `EThread::schedule` (apache#7228) HostDB: Fix cache data version checking to use full version, not major version. (apache#7263) Bugfix: set a default inactivity timeout only if a read or write I/O operation was set (apache#7226) Treat objects with negative max-age CC directives as stale. (apache#7260) Remove some usless defines, which just obsfucates code (apache#7252) Remove useless if for port set assertion. (apache#7250) Fix test_error_page_selection memory leaks and logic errors (apache#7248) [multiplexer] option to skip post/put requests (apache#7233) Incorporates the latest CI build changes (apache#7251) Add support for server protocol stack API (apache#7239) Fix for plugins ASAN suppression file (apache#7249) RolledLogDeleter: do not sort on each candidate consideration. (apache#7243) Make double Au test more reliable. (apache#7216) Ensure that ca override does not get lost (apache#7219) Stop crash on disk failure (apache#7218) Do not cache Transfer-Encoding header (apache#7234) clean up body factory tests (apache#7236) Revert "Create an explicit runroot.yaml for AuTests (apache#7177)" (apache#7235) New option to dead server to not retry during dead period (apache#7142) Increment ssl_error_syscall only if not EOF (apache#7225) Fix renamed setting in default config (apache#7224) Log config reload: use new config for initialization (apache#7215) Introduce proxy-verifier to AuTests (apache#7211) Follow redirection responses when refreshing stale cache objects. (apache#7213) Create an explicit runroot.yaml for AuTests (apache#7177) Support external log rotation tools via SIGUSR2 (apache#6806) Add support for TS API for Note, Status, Warning, Alert (apache#7208) If the weight is 0, the SRV record should be selected from the highest priority group (apache#7206) Cleanup: remove unnecessary memset() within dns_process() (apache#7209) Docs cleanup (apache#7210) Strip whitespaces after field-name and before the colon in headers from the origin (apache#7202) Adds new plugin: statichit (apache#7173) Add duplicate header field processing when creating outgoing response (apache#7207) commit 882a79d Merge: 2a9887f bb5c390 Author: Masakazu Kitajo <[email protected]> Date: Fri Sep 18 10:01:14 2020 +0900 Merge branch 'master' into quic-latest * master: Rename ambiguous log variable (apache#7199) KWF useless member function HttpSM::kill_this_async_hook(). (apache#7198) Fix the active_timeout test to work without quic enabled (apache#7197) Remove obsolete cdn_ HttpTransact vars (apache#7182) Remove unused HttpUpdate mechanism (apache#7194) Updates the list of supported / linked Docs versions (apache#7152) Make custom xdebug HTTP header name available to other plugins. (apache#7193) Update sni outbound policy to allow directly setting the outbound SNI. (apache#7188) commit 2a9887f Author: Masakazu Kitajo <[email protected]> Date: Wed Sep 16 17:54:01 2020 +0900 Avoid unnecessary QUIC CID randomization commit 42e8898 Author: Masakazu Kitajo <[email protected]> Date: Tue Sep 15 12:41:28 2020 +0900 Simplify interface between H3 and QUIC, and remove memcopy between them commit 112fc71 Merge: ac31ada b090964 Author: Masakazu Kitajo <[email protected]> Date: Tue Sep 15 09:21:25 2020 +0900 Merge branch 'master' into quic-latest * master: Add an autest testcase for HTTP3 (apache#7063) Fix TSHttpTxnServerPacket* API's to correctly update existing server connections (apache#7175) Do not lose original inactivity timeout on disable (apache#7134) Emits log when OCSP fails to connect to server (apache#7183) autopep8: avoid running on non-tracked files. (apache#7186) TextView: Add additional constructor tests. (apache#7189) Remove duplicate code (apache#7180) TextView: add constructor size values to enable strlen even for null pointers. (apache#7185) Add virtual destructor to QUICRTTProvider. (apache#7184) AuTest: Reuse venv if it exists already (apache#7178) TS_API for Note,Status,Warning,Alert,Fatal (apache#7181) Traffic Dump: Record HTTP/2 priority. (apache#7149) leaks in logs (apache#7172) Additions to enable loading qat_engine (apache#7150) Removes references to non-existent function handle_conditional_headers (apache#7162) Fix apache#7164 Chaning Warning to Debug and creating a stat for inserting duplicates to pending dns (apache#7166) Fix apache#7167, make autopep8 failure (apache#7168) MicroDNS Extension: handle different 'default' types (apache#7159) Traffic Dump documentation for post_process.py (apache#7161) Fix memory leaks in multiplexer plugin (apache#7160) rc: fixes systemd unit file stopping (apache#7157) Fix lua plugin mem leak problem (apache#7158) Don't make an error on duplicated RETIRE_CONNECTION frames (apache#7131) URL::parse fixes for empty paths (apache#7119) Replace ACTION_RESULT_NONE with nullptr (apache#7135) Add metric tracking async job pauses (apache#7153) PluginFactory - Remove unused code that was left from last PluginFactory change(TSPluginDSOReloadEnable) (apache#7155) Fix stale pointer due to SSL config reload (apache#7148) slice: check if vio is still valid before calling TSVIODone* on shutdown (apache#7147) Deprecate cqhv field (apache#7143) Don't return QUIC frame if the size exceeds maximum frame size (apache#7121) Check VIO availability before acquiring a lock for it (apache#7145) Fix apache#7116, skip the insertion of the same continuation to pending dns (apache#7117) Allow override of CA certs for cert from client based on SNI server name sent by client. (apache#7130) Fix typo in cache docs (apache#7144) remove useless shortopt (apache#7138) Protect TSActionCancel from null INKContInternal actions (apache#7128) Check VIO availability before checking whether the VIO has data (apache#7120) Accept NAT rebinding on a QUIC connection (apache#7123) Fixes garbled logs when using %<vbn> log tag (apache#7140) Removes duplicated listing of files in same Makefile target (apache#7137) Updated gdb mutex script to get process file for Fedora 32 (apache#7133) SSLConfig mem leak fix (apache#7125) Replaces "smart" quotes with ASCII equivalents (apache#7126) Comment out a wrong assertion in QUIC Loss Detection logic (apache#7129) Add member initialization to the Errata class. (apache#7132) Cancel active/inactive timeout on closing Http2Stream (apache#7111) Add modsecurity lua script to example (apache#7105) Expose remap config file callback (apache#7073) Make tls_hooks tests more likely to pass (apache#7122) commit ac31ada Merge: 4d579f4 e904dbc Author: Masakazu Kitajo <[email protected]> Date: Mon Aug 17 09:14:14 2020 +0900 Merge branch 'master' into quic-latest * master: Backing out my update of our jenkin's autest file. (apache#7118) Don't send image/webp responses from cache to broswers that don't support it (apache#7104) Updating our autest suite to require Python3.6 (apache#7113) Squashed commit of the following: (apache#7110) Supporting out of source builds for AuTests. (apache#7109) Fixes uninitialized variables found by Xcode (apache#7100) Add cross references between server session sharing match and upstream connection tracking match. (apache#7038)
Squashed commit of the following: commit d232a12 Merge: 837bd0e 2edeae4 Author: Masakazu Kitajo <[email protected]> Date: Tue Jun 29 15:41:34 2021 +0900 Merge branch 'master' into quic-latest * master: reuse multiple times (#7992) Test bad request behavior (#7884) Fix BoringSSL build (#8001) Update TSHttpTxnAborted API to distinguish client/server aborts (#7901) Enforce case for well known methods (#7886) Add null checks for http_load (#7995) commit 837bd0e Author: Masakazu Kitajo <[email protected]> Date: Mon Jun 28 15:11:03 2021 +0900 Fix unit tests for QUICStreamState commit c5bb9e0 Merge: 0a63fa9 202b250 Author: Masakazu Kitajo <[email protected]> Date: Mon Jun 28 10:02:54 2021 +0900 Merge branch 'master' into quic-latest * master: Implement TLSBasicSupport for QUICNetVC (#7959) Reload server session inactivity timeout before placing a session into the pool (#7618) Use OpeSSL EVP API if SHA1 API is unavailable (cache_promote) (#7447) Cleanup: Get rid of HTTP2_SESSION_EVENT_RECV (#7879) Timing and permissions update for regex_revalidate test (#7998) limit m_current_range to max value in RangeTransform (#4843) Allow to TLS handshake to error out on TSVConnReenable (#7994) Cleanup: Get rid of HTTP2_SESSION_EVENT_INIT (#7878) Add hook for loading certificate and key data from plugin (#6609) Doc: Now's Minute invocation error (#7990) Fix typo in configure.ac (#7993) commit 0a63fa9 Merge: 312cf39 bd93f2a Author: Masakazu Kitajo <[email protected]> Date: Fri Jun 25 14:34:55 2021 +0900 Merge branch 'master' into quic-latest * master: Don't rely on SSLNetVC when HttpSM gathers info about SSL (#7961) conf_remap: demote 'Invalid configuration' to warning (#7991) Cleans up the code bit, including milliseconds consistency (#7989) Pass through expect header and handle 100-continue response (#7962) Treat TRACE with body as bad request (#7905) Thread safe Mersenne Twister 64 using c++11 (#7859) ESI plugin documentation updates. (#7970) Add log name configuration and stderr/stdout support. (#7937) Cleanup: Constify MIMEHdr (#7949) Fixed compile error with Linux AIO unit test (#7958) Note YAML parser library bug, and work-around, in documentation. (#7963) Ensure that the content-length value is only digits (#7964) String the url fragment for outgoing requests (#7966) Fix for HTTP/2 frames (#7965) Improve parsing error messages for strategies.yaml. (#7948) fix the scheme of h2 0rtt tests (#7957) Fix double test flakiness due to EOS/TXN_CLOSE race (#7956) Use proxy.config.log.hostname for rotated log filenames (#7943) Fixed memory leak in the QUIC stream manager (#7951) Fixup TS_USE_LINUX_NATIVE_AIO AIO_MODE_NATIVE (#7832) Update GitHub stale action to auto close old PRs (#7952) Revert "Do not invalidate cached resources upon error responses to unsafe methods (#7864)" (#7954) regex_revalidate: add stats for miss/stale counts (#7950) Do not invalidate cached resources upon error responses to unsafe methods (#7864) Add an HTTP/2 304 "Not Modified" AuTest. (#7882) regex_revalidate: optionally retain rule epoch state across restarts (#7939) Fixed memory leak in QUIC ack frame unit test (#7947) cache_promote: Don't promote on uncacheable requests (#7942) Fix dynamic-stack-buffer-overflow of cachekey plugin (#7945) Compilation error fixes for QUIC unit tests (#7944) Adds bytes counting as a trigger to the cache_promote LRU (#7765) Add a JSON schema for strategies.yaml (#7932) Remove second call to TRANSACT_RETURN while handling cache write lock (#7873) Close connection after every bad request for HTTP/1.1 (#7885) Pin Sphinx to 3.x to unblock `make html` (#7940) Add support for Remap rule hit stats (#7936) Remove scrap log object dead code (#7935) Add STL forward iterators to DLL container. (#7934) Add log SQUID code testing to redirect.test.py Au test. (#7870) Fix race condition on server session state (#7921) regex_reval: bug where rule type is always reported as the first (#7928) Remove duplicate entry in overridable txn vars. (#7930) Satisfy ci/jenkins/bin/clang-format.sh (#7929) Add a basic Au test using strategies.yaml, with consistent hashing. (#7911) Add a chunked negative revalidating test. (#7907) Ensure that URL components are valid when alternate eviction is logged (#7924) fix grammar (#7927) AuTest: Enable h2spec generic test cases (#7926) Adjust vc read errors (#7923) Remove bucket search from IntrusiveHashMap::erase (#7848) Ensure TS_VCONN_CLOSE_HOOK hook is called during TS_EVENT_VCONN_CLOSE. (#7913) Update docs languages file to add 9.1.x for en and ja (#7917) * Adds a new peering ring mode to next hop selection strategies. (#7897) Add Au test for strategies.yaml, with consistent hashing, with fallover. (#7914) Make HttpSM server reference a Transaction instead of a Session (#7849) Set accept_options of Http1Transaction in Http1ClientSession::new_connection() (#7894) Reset Http1Transaction before adding vc to keep_alive_queue (#7892) Add dead server policy control and metric. Improve messages. (#7757) Ensure the HTTP protion of the protocol string is upper case (#7904) Fixed spelling mistakes in the docs (#7896) add MISS capability to the regex_revalidate plugin (#7899) docs: fix capitalization of Linux (#7898) Redirect - Make TS to honour the number_of_redirections configuration value (#7867) Clean up producer more regularly (#7386) Fix crash in open_close_h2 (#7586) Cleanup Http2ClientSession SessionHandler (#7876) Enforce HTTP parsing restrictions on HTTP versions supported (#7875) Do not delete the continuation twice (#7862) Cleanup: refer Http2ClientSession::mutex (#7853) Autest - Proxy Verifier Extension, add context template $-base string substitution in the replay file. (#7866) Fixed some spelling mistakes in comments (#7869) Fixed ASAN issues with MMH test (#7868) Cleanup: Move member functions defined inside of class definitions of Http2ConnectionState & Http2ConnectionSettings (#7854) Add URI Signing cdnistd Claim Implementation (#7822) Adds a new --enable-all-asserts configure option (#7858) Unifdef test code for MMH and moved it into its own test file (#7841) Clean up lua plugin doc for overridable configurations (#7844) Save and propagate epoll network error (#7809) Add method to write an IpAddr value to a sockaddr. (#7821) Add proxy.config.http.max_proxy_cycles (#7657) Update NextHop strategies so that unavailable server retry codes (#7837) generator: allow for POST requests (#7635) Fixed double declaration types for log buffer tracking (#7847) Extra braces for clang 5 / ubuntu 16.04 on array initialization (#7842) Conflicts: iocore/net/quic/QUICStreamFactory.cc commit 312cf39 Merge: f90e8dd 5cdc145 Author: Masakazu Kitajo <[email protected]> Date: Mon May 17 10:07:42 2021 +0900 Merge branch 'master' into quic-latest * master: Get rid of code for OpenSSL that has old QUIC API (#7599) Fixed warning in gcc 11 about array not being initalized (#7840) Don't call next next dup on destroyed mime field mloc. (#7833) build_h3_tools: use OpenSSL_1_1_1k+quic (#7836) Address assert on captive_action (#7807) Fix so EOS are delivered to sessions in the pool (#7828) Fix a format specifier for size_t (#7830) Fix stall on sending response for request with trailer header (#7831) Simplification dir_init_done (#7817) Remove unused member from HttpSM (#7835) AuTest: use exteneded help output to determin curl feature support (#7834) Apply fmt compile time argument checking to log functions (#7829) Adds new X-Cache-Info header to the xdebug plugin (#7784) Cleanup: Remove unused members of Http2Stream (#7813) Cleanup: unused functions of Http2ClientSession (#7812) Cancel cross_thread_event on clear_io_events (#7815) Cleanup: Remove a meaningless Http2Stream::do_io_close() call (#7814) Eliminate next dup call using stale mime field mloc is s3_auth plugin. (#7825) NetEvent cleanup - replace #define with constexpr (#7804) fix origin session related crashes (#7808) Update HTTP version info in HostDB on new outbound connection (#7816) Remove a redundant argument (#7811) SSL Cert lookup using PP dest ip when ProxyProtocol is enabled (#7802) Fix MLoc assert caused by s3auth (#7790) Fix cpu utilization problem in session cache (#7719) Fix to cookie_remap.cc tp avoid Intel compiler warning. (#7792) TSHttpTxnCacheDiskPathGet - tighten up the code a bit. (#7806) Doc: tcpinfo plugin table formatting (#7805) fix DNS spike issue for TCP_RETRY mode (#7307) Adds new TS API TSHttpTxnCacheDiskPathGet (#7783) tests: Fixes spelling (#7789) Traffic Dump: Add an HTTP/3 AuTest (#7758) use sendmsg and recvmsg (#7793) HTTP: clean up the http_hdr_describe format error (#7797) Fixes an issue where next hop unit tests crash when run on macOS. (#7787) Apply log throttling to HTTP/2 session error rate messages (#7772) Cleans up uninitialized warning in LogMessage.cc (#7788) Short circuit remap reload when a valid remap file is not specified (#7782) DNS: Clean up argument passing to DNS queries. (#7778) Remove extra verify-callback (#7540) Augment test cases for tls_verify_override test (#7736) Make when_to_revalidate setting available on HTTPS (#7753) Add traffic_server command line option for debugging in Au test. (#7762) Test: Update tls_partial_blind_tunnel to have a nameserver. (#7773) Test: update tls_forward_nonhttp to have a nameserver. (#7774) Test: add nameserver to log-filter test. (#7776) BWF: Add support for std::error_code. (#7777) Test: add nameserver to log-field test. (#7779) Test: add nameserver to regex_remap test. (#7775) Elevate privileges for traffic_manager during SSL cert reload (#7770) Clean up HTTP version processing (#7766) Remove proxy.config.http.down_server.abort_threshold (#7748) Remove undocumented keepalive_internal_vc setting (#7693) doc: header_rewrite random function not inclusive (#7760) Experimental Cache fill plugin (#7470) Remove references to removed options (#7756) Propagate TLS errors (#7714) AuTest extension: check for unrecognized configurations (#7752) Fixes errors in the strategies.yaml documentation. (#7745) Updates to Nexthop strategies to limit the number of simultaneous (#7744) Fixes Issue #7739 - Next hop strategy with bad 'to' URL causes TS crash. (#7749) header_rewrite: Various fixes for MaxMind support (#7746) Remove unused variable is_revalidation_necessary (#7747) Fix simple remapping in regex_remap plugin. (#7718) Adding DNS TTL AuTests. (#7742) Add a chunked disabled test. (#7743) Fix monitor threads in lib records to exit on system shutdown. (#7731) Add overload for memcpy to take a destination buffer and source string_view / TextView (#7732) Test: Add nameserver to TLS tunnel forward test. (#7733) AIO_NOT_IN_PROGRESS should not be 0 (#7734) if transaction status non-success, bypass intercept plugin (#7724) ink_utf8_to_latin1 is not defined, removing declaration (#7737) Fix build on FreeBSD 13 (#7730) Update VSCode CPP Standard (#7723) Updating to use Proxy Verifier 2.2.0 (#7729) header_rewrite: Allow for relative path to geo database files (#7727) Override proxy.config.ssl.client.sni_policy from sni.yaml (#7703) compress.test.py: Reference config file from Test.RunDirectory (#7725) Ran clang-tidy over the code (#7708) Deny unknown transfer encoding values (#7694) Fix doc for http2.no_activity_timeout_in (#7721) Add DynamicStats (#7704) header_rewrite: allow for use of maxminddb as source of geo truth (#7695) Include in parentselectdefs.h in install target (#7713) uri_signing: fix warning which affects ubuntu:20.04 builds (#7717) Increase the maximum slice block size from 32MB to 128MB (#7709) commit f90e8dd Author: Masakazu Kitajo <[email protected]> Date: Tue Jan 12 12:21:51 2021 +0900 Add QUICStreamStateListener commit f66646c Merge: be9837c 9f9594f Author: Masakazu Kitajo <[email protected]> Date: Sat Apr 17 13:57:50 2021 +0900 Merge branch 'master' into quic-latest * master: Fix ALPN support on QUIC connections (#7593) fix mem leak in session cache (#7707) Parent Select Plugin (#7467) Add new TS API function TSUrlRawPortGet. (#7568) Add NixOS support (#7697) Remove support for --enable-remote-cov-commit (#7700) Remove configure-time loopback interface detection (#7702) Add sqpv log field for server protocol (#7680) Call do_io_close instead of HTTP2_SESSION_EVENT_FINI handler (#7594) Fix a bug in tspush that pushes corrupted content to cache (#7696) Automatically marks PRs and issues stale (#7675) New rate_limit plugin for simple resource limitations (#7623) Remove undefined method HttpSM::perform_nca_cache_action (#7692) Remove undefined method HttpSM::setup_client_header_nca (#7691) Scalar; Move "tag" struct to be inside the "ts" namespace to avoid collisions. (#7690) Rollback LAZY_BUF_ALLOC remove in HttpTunnel (#7583) Add class to normalize handling of pending action (#7667) Make HTTP/2 Curl AuTest gold files case insensitive (#7683) Add STL compliant field iteration to MIMEHdr. - rebase. (#7476) Fix use of -mcx16 flag - only use if it compiles cleanly. (#7684) Refine connection failure logging and messages and eliminate suprious connection errors (#7580) Add close header normalize openclose test (#7679) Fix has_consumer_besides_client to deal with no clients (#7685) create a new cache status RWW_HIT (#7670) Updating to AuTest 1.10.0 (#7682) sslheaders AuTest: Skip if plugin does not exist (#7678) Add AuTest for Background Fill (#7613) Do NOT kill tunnel if it has any consumer besides HT_HTTP_CLIENT (#7641) AuTest: address various permissions issues (#7668) Adding TCP Info header support to header rewrite (#7516) Refine Inline.cc carveout for arm64 darwin builds (#7662) Comment why log eviction isn't implemented via a log field. (#7648) Fixing Throttler.h for older clang and gcc compilers (#7651) Update -with-profile and add some profiling documentation (#7601) Use correct default value for verify.server.policy (#7636) Update server_response_body_bytes when background fill worked (#7621) Remove erroneous manager.log mesg with remap include file reload (#7646) Change ROUNDUP from function-like macro to function template. (#7614) Document http.default_buffer_water_mark (#7612) Add proxy.config.cache.log.alternate.eviction (#7629) Fix HttpSessionManager::acquireSession from previous rebase error (#7631) Fix tls_client_versions and tls_hooks18 tests (#7645) Updating documentation for negative_revalidating_lifetime (#7633) Remove reference to client.verify.server from tests and other bits (#7639) Add pooled_server_connections metric (#7627) Expose URL element methods through HTTPHdr (#7628) Add default implementation for allow_half_open (#7630) Add thread yeield to avoid busy waiting in LogObject::_checkout_write(). (#7576) Add proxy.process.http.background_fill_total_count (#7625) statichit: misc. fixes (#7634) Remove unused variables (#7626) Adding negative revalidating AuTests. (#7620) Add failed state to hostdb to better track failing origins (#7291) Use standard isdigit library function (#7619) Typo in output when forcing kqueue for configure (#7617) Implement log throttling (#7279) Increase Proxy Verifier caching delay. (#7616) Set pcre_malloc/free function pointers in core main() only. (#7608) commit be9837c Merge: 99ff68f d4fc16f Author: Masakazu Kitajo <[email protected]> Date: Wed Mar 17 09:38:59 2021 +0900 Merge branch 'master' into quic-latest * master: Fix the connection limit crash while using parents (#7604) Remove inline for detail::cache::CacheData::idAddr (#7592) Remove UnixNetVConnection::startEvent - not actually called. (#7596) Use return values to fix ubuntu release build error (#7591) Fix double destuct on Http2Stream termination (#7600) Add pointer/reference upcast function that is checked in debug builds. (#7582) Call constructors and destructors for H1/2 Session/Transaction via ClassAllocator (#7584) Add gold test for remap config .include directive. (#7589) Change the default value for verify.server.policy (#7587) Build the test library for tls_engine consistently (#7588) Generalize ALPN logic (#7555) Fix the final consumer write size from unchunked to chunked tunnel (#7577) Reactivate accept_no_activity_timeout (#7408) Tidy up session/transaction destruction process (#7571) Remove ProxyTransaction::set_proxy_ssn (#7567) Introduce TLSBasicSupport interface (#7556) Cleanup: Rename IOBufferReader of Http2ClientSession (#7569) Add a check for compress response, if from server and 304, then check cache for headers instead of the 304 response (#7564) Updates the STATUS file with all recent releases (#7566) Make Allocator.h less silly (no creepy "proto" object). (#6241) Cleanup: Remove unused member of Http2ClientSession (#7570) enable origin server session cache by default (#7537) Add tscontdestroy when transaction is closed and pacing rate is reset (#7572) Remove reference to CoreUtils (#7557) Remove unused enums from YamlSNIConfig struct. (#7565) Removes deprecated sni.yaml option: disable_h2 (#7547) This PR updates parent selection to limit the number of simultaneous (#7485) Fix KA header not checking strategy (#7483) Get rid of kruft LogObject copy constructor. (#7553) For TSHttpHdrEffectiveUrlBufGet(), include scheme for request to server URL. (#7545) Adding lower_ support to stats and bonding_slave data points for port status (#7560) Change cookie_remap plugin to allow use of pre-remap URL (and components). (#7519) check verify policy and properties (#7559) Fix parent.config to 504 not 502 on timeout (#7558) use SSL_CTX address as part of the lookup key (#7552) Add ALPN support on TLS Partial Blind Tunnel (#7511) Add server_name option to proxy.config.ssl.client.sni_policy (#7533) Fix a crash on origin session reuse (#7543) Removes the test plugins from the .spec file / RPM (#7551) Convert the inactive_client_timeout test to use Proxy Verifier (#7535) Fix ja3_fingerprint configure syntax (#7550) Fix asserts in multiplexer plugin. (#7532) parse expiration time and reload config at time out (#7281) Fix origin_session_reuse test (#7542) Fix tls_session_reuse test (#7541) Split SSL_CTX initialization logic into small functions (#7434) Remove dependency for SSL stuff from P_Net.h (#7531) Unify all the connect timeouts into one (#7335) Fix lua_states_stats Au test. (#7232) origin session reuse (#7479) Updating to use Proxy Verifier 2.1.0 (#7534) update the session reuse tests (#7529) commit 99ff68f Author: Masakazu Kitajo <[email protected]> Date: Wed Feb 17 11:14:40 2021 +0900 Fix link error commit c4ad0c0 Merge: c40d95a cd33010 Author: Masakazu Kitajo <[email protected]> Date: Wed Feb 17 09:56:25 2021 +0900 Merge branch 'master' into quic-latest * master: Select lua context per thread (#7465) Fix out of bounds access error in jtest (#7526) Disable compiling Inline.cc on macOS (#7389) Makes sure the types are correct, avoiding compiler warnings (#7523) Move has_request_body to ProxyTransaction (#7499) Make the H3 build script work properly on Debian platforms (#7522) slice/handleFirstServerHeader: return sooner on requested range errors (#7486) Add new log field for negotiated ALPN Protocol ID with the client (#7491) Add Outbound PROXY Protocol (v1/v2) Support (#7446) Updates the Dockerfile for debian (#7518) Disable client inactivity timeout while server is processing POST request (#7309) Upgrade Catch.hpp to v2.13.4 (#7464) Move reopen_moved_log_files to log flushing thread (#7450) replace psutil.pid() with psutil.process_iter() for safer execution (#7515) Fix spacing in clang-analyzer.sh script (#7480) Fix out of bounds access error in ats_base64_decode (#7490) Updated to build lastest versions of Fedora and CentOS docker images (#7505) Fix QUIC unit tests build issue on GNU ld (#7496) Fix QUIC unit test failures (#7497) Fixed build issues with Fedora 34 (#7506) Fixing DNS local_ipv* config option (#7507) traffic_dump: AuTests to use Proxy Verifier. (#7502) Disable ja3 plugin when building with boringssl (#7500) Avoid -Warray-bounds on PROXY Protocol Builder (#7488) AuTest: Upgrade to Proxy Verifier 2.0.2 (#7493) fix certs (#7494) Add zlib1g-dev to Debian dependencies in README (#7495) Unit Test - Increase openssl's key size. Place test certs into a common test folder. (#7451) Add basic type aliases for std::chrono types to ink_time.h for future use. (#7482) traffic_ctl - Fix lookup key for run-root option (#7484) update thread config tests (#7370) Perf: Replace casecmp with memcmp in HPACK static table lookup (#6521) Add PROXY Protocol Builder (#7445) Adjust so transfer-encoding header can be treated hop-by-hop (#7473) Convert auxkey form 2 uint32_t to 1 uint64_t. (#7350) Remove the queuing option from proxy.config.http.per_server.connection (#7302) Remove unused function ink_microseconds. (#7481) use std::unordered_map to store sessions (#7405) drop use of BIO_f_base64 and EVP_PKEY_new_mac_key (#7106) Do not write to the cache if the plugin decides not to write to the cache (#7461) API to retrieve NoStore set by plugins (#7439) Update AuTest version update directions for pipenv (#7469) Add command line utility to help convert remap plugin usage to ATS9. (#7426) Cleanup: Get rid of MIMEFieldWrapper from HPACK encoding (#6520) Proxy Verifier: Making use of delay directives for caching tests. (#7468) Cleanup: Add SNIRoutingType (#7453) Updating to Proxy Verifier v2.0.0 (#7454) Adjust to actually try a server address more than once (#7288) Change atoi to atol, causing obvious issues on what needs to be int64's (#7466) Cleans up duplicated TSOutboundConnectionMatchType definition (#7090) Fixing compress expectation for new microserver (#7463) Update to the new MicroServer 1.0.6 release (#7460) CacheRead: clear dir entry if doc is found to be truncated (#7064) Do not provide a stale negative cache (#7422) Generalize SNI support (#6870) Add synchronization between UDPNetProcessor::UDPBind in main Thread and initialize_thread_for_udp_net in ET_UDP Thread (#7407) Fix heap use after free in DNSProcessor::getby() (#3871) Fix comment in include/tscore/Filenames.h. (#7457) Fix Makefile target for creating changelogs (#7455) Change squid log code for self looping (#7443) Enhancements for compress plugin (#7416) Add incoming PROXY Protocol v2 support (#7340) Cleanup: Remove unused members of NextHopProperty (#7436) Small fix to regex_remap PR # 7347. (#7437) PoolableSession (#6828) option to disable compression for range request's response (#7287) Make TSUrlSchemeGet() return scheme implied by URL type when there is no explicit scheme. (#7262) commit c40d95a Merge: 573035c ecd70df Author: Masakazu Kitajo <[email protected]> Date: Wed Jan 20 09:39:34 2021 +0900 Merge branch 'master' into quic-latest * master: Fix a link error on traffi_quic command (#7433) Fix stall on outbound TLS handshake (#7432) Fix the Proxy Verifier AuTest extension to handle cert paths correctly (#7415) Update documentation for TSSslSessionInsert (#7420) Improve zlib detection logic (#7430) Fix parent connect fail segfault (#7429) commit 573035c Merge: 5704095 95b8d57 Author: Masakazu Kitajo <[email protected]> Date: Fri Jan 15 23:24:29 2021 +0900 Merge branch 'master' into quic-latest * master: Doc: Fix typo in negative_revalidating_lifetime (#7427) Change comment handling for long lines in url_sig plugin (#7421) Add unit tests for PROXY Protocol v1 parser (#7332) LGTM: Remove superfluous const qualifier in return type (#7412) Fix issue with unavailable server retry codes (#7410) Remove the warning statement (#7414) default to throttling and subsequently simplify the transfer code (#7257) Improvement to lua plugin (#7413) Make places to bind/unbind SSL object with/from NetVC (#7399) traffic_ctl - plugin msg now require only the tag as mandatory field data field is now optional. (#7364) API - Add new api function TSHttpTxnServerSsnTransactionCount() to retrieve the number of transactions between TS proxy and the origin server from a single session. (#7387) Fix clang compiler complaint about an unused parameter in SNIAction. (#7409) Add compression support to stats_over_http (#7393) Doc: Fix INPUT tag of Doxyfile (#7404) Remove unneeded variables in UnixNetVConnection (#7403) Correctly pass back errno to HttpSM (#7402) Reverting to old negative_caching conditional behavior (#7401) Remove unused MAYBE_ABORT state (#7400) traffic_manager should not retry on disk failure (#7397) Eliminate dangling pointer into stack space. (#7392) This PR aims to address some of the lock contention found and (#7377) Remove a special treatment for SSLNetVC in migrateToCurrentThread() (#7384) Replace ::exit() with _exit() to avoid secondary cleanup cores (#7395) [Doc] Fix build warnings (#7391) Clear call_sm on tunnel reset (#7352) Unused code: HostDBContinuation::removeEvent (#7383) Traffic Dump: Fix stream-id printing after first transaction. (#7311) Add comments to ink_queue.h. (#7376) Cleanup incoming PROXY Protocol v1 (#7331) In CI, only run autopep8 on branches that enforce autopep8 (#7270) Fix FreeBSD 12 link issue in test_libhttp2. (#7367) Adjust flags to ensure tunnel producer is cleaned up (#7336) Cleanup: Remove SSL Wire Trace releated code in UnixNetVConnection (#7368) Use EVP MAC API if available (#7363) Use EVP API instead of MD5_Init/Update/Final (secure_link plugin) (#7355) Use ERR_get_error_all if available (#7354) Use OpeSSL EVP API instead of SHA256_Init/Update/Final (#7342) Cleanup: Get rid of NetVConnection::outstanding() (#7366) Cleanup: Remove unused functions (#7365) Add a post case to the conn_timeout test (#7334) Fix sni ip_allow and host_sni_policy (#7349) AuTest for Split DNS (#7325) Make reloading client certificate configuration more reliable (#7313) Add negative caching tests and fixes. (#7361) ESI: Ensure gzip header is always initialized (#7360) Allow for regex_remap of pristine URL. (#7347) Set thread mutex to the DNSHandler mutex of SplitDNS (#7321) Fix lookup split dns rule with fast path (#7320) Add note to background fetch about include/exclude (#7343) AuTest for incoming PROXY Protocol v1 (#7326) Fix vc close migration race condition (#7337) TLS Session Reuse: Downgrade add_session messages to debug (#7345) TLS Session Reuse: Downgrade noisy log to debug (#7344) Remove the last remnants of the enable_url_expandomatic (#7276) Remove unnecessary cast from ReverseProxy. (#7329) Updates the Dockerfile with more packages (#7323) fixup in HttpSM to only set [TS_MILESTONE_SERVER_CLOSE if TS_MILESTONE_SERVER_CONNECT has been set (#7259) Add option for hybrid global and thread session pools (#6978) Get appropriate locks on SSN_START hook delays (#7295) s3_auth: demote noisy errors around configuration that doesn't affect plugin usability (#7306) Follow the comments in I_Thread.h, add an independent ink_thread_key for EThread. (#6288) Reduce the number of write operation on H2 (#7282) commit 5704095 Merge: 882a79d 0c88b24 Author: Masakazu Kitajo <[email protected]> Date: Wed Oct 28 21:06:11 2020 +0900 Merge branch 'master' into quic-latest * master: Adds a shell script to help build the H3 toolchains (#7299) Remove unfinished h2c support (#7286) Allow disabling SO_MARK and IP_TOS usage (#7292) Enable all h2spec test (#7289) Fix bad HTTP/2 post client causing stuck HttpSM (#7237) Sticky server does not work with H2 client (#7261) 7096: Synchronize Server Session Management and Network I/O (#7278) HostDB: remove unused field in HostDBApplicationInfo, and update remaining types in http_data to fix broken padding. (#7264) Add support for a new (TSMgmtDataTypeGet) mgmt API function to retrieve the record data type (#7221) Fix example in default sni.yaml configuration. (#7277) Fix proxy.process.http.current_client_transactions (#7258) Add AuTest for HTTP/2 Graceful Shutdown (#7271) Fix truncated reponse on HTTP/2 graceful shutdown (#7267) url_sig add 'ignore_expiry = true' option for log replay testing (#7231) Respecting default rolling_enabled in plugins. (#7275) gracefully handle TSReleaseAsserts in statichit and generator plugins (#7269) Removes commented out code from esi plugin (#7273) Allow initial // in request targets. (#7266) Document external log rotation support via SIGUSR2 (#7265) Let Dedicated EThreads use `EThread::schedule` (#7228) HostDB: Fix cache data version checking to use full version, not major version. (#7263) Bugfix: set a default inactivity timeout only if a read or write I/O operation was set (#7226) Treat objects with negative max-age CC directives as stale. (#7260) Remove some usless defines, which just obsfucates code (#7252) Remove useless if for port set assertion. (#7250) Fix test_error_page_selection memory leaks and logic errors (#7248) [multiplexer] option to skip post/put requests (#7233) Incorporates the latest CI build changes (#7251) Add support for server protocol stack API (#7239) Fix for plugins ASAN suppression file (#7249) RolledLogDeleter: do not sort on each candidate consideration. (#7243) Make double Au test more reliable. (#7216) Ensure that ca override does not get lost (#7219) Stop crash on disk failure (#7218) Do not cache Transfer-Encoding header (#7234) clean up body factory tests (#7236) Revert "Create an explicit runroot.yaml for AuTests (#7177)" (#7235) New option to dead server to not retry during dead period (#7142) Increment ssl_error_syscall only if not EOF (#7225) Fix renamed setting in default config (#7224) Log config reload: use new config for initialization (#7215) Introduce proxy-verifier to AuTests (#7211) Follow redirection responses when refreshing stale cache objects. (#7213) Create an explicit runroot.yaml for AuTests (#7177) Support external log rotation tools via SIGUSR2 (#6806) Add support for TS API for Note, Status, Warning, Alert (#7208) If the weight is 0, the SRV record should be selected from the highest priority group (#7206) Cleanup: remove unnecessary memset() within dns_process() (#7209) Docs cleanup (#7210) Strip whitespaces after field-name and before the colon in headers from the origin (#7202) Adds new plugin: statichit (#7173) Add duplicate header field processing when creating outgoing response (#7207) commit 882a79d Merge: 2a9887f bb5c390 Author: Masakazu Kitajo <[email protected]> Date: Fri Sep 18 10:01:14 2020 +0900 Merge branch 'master' into quic-latest * master: Rename ambiguous log variable (#7199) KWF useless member function HttpSM::kill_this_async_hook(). (#7198) Fix the active_timeout test to work without quic enabled (#7197) Remove obsolete cdn_ HttpTransact vars (#7182) Remove unused HttpUpdate mechanism (#7194) Updates the list of supported / linked Docs versions (#7152) Make custom xdebug HTTP header name available to other plugins. (#7193) Update sni outbound policy to allow directly setting the outbound SNI. (#7188) commit 2a9887f Author: Masakazu Kitajo <[email protected]> Date: Wed Sep 16 17:54:01 2020 +0900 Avoid unnecessary QUIC CID randomization commit 42e8898 Author: Masakazu Kitajo <[email protected]> Date: Tue Sep 15 12:41:28 2020 +0900 Simplify interface between H3 and QUIC, and remove memcopy between them commit 112fc71 Merge: ac31ada b090964 Author: Masakazu Kitajo <[email protected]> Date: Tue Sep 15 09:21:25 2020 +0900 Merge branch 'master' into quic-latest * master: Add an autest testcase for HTTP3 (#7063) Fix TSHttpTxnServerPacket* API's to correctly update existing server connections (#7175) Do not lose original inactivity timeout on disable (#7134) Emits log when OCSP fails to connect to server (#7183) autopep8: avoid running on non-tracked files. (#7186) TextView: Add additional constructor tests. (#7189) Remove duplicate code (#7180) TextView: add constructor size values to enable strlen even for null pointers. (#7185) Add virtual destructor to QUICRTTProvider. (#7184) AuTest: Reuse venv if it exists already (#7178) TS_API for Note,Status,Warning,Alert,Fatal (#7181) Traffic Dump: Record HTTP/2 priority. (#7149) leaks in logs (#7172) Additions to enable loading qat_engine (#7150) Removes references to non-existent function handle_conditional_headers (#7162) Fix #7164 Chaning Warning to Debug and creating a stat for inserting duplicates to pending dns (#7166) Fix #7167, make autopep8 failure (#7168) MicroDNS Extension: handle different 'default' types (#7159) Traffic Dump documentation for post_process.py (#7161) Fix memory leaks in multiplexer plugin (#7160) rc: fixes systemd unit file stopping (#7157) Fix lua plugin mem leak problem (#7158) Don't make an error on duplicated RETIRE_CONNECTION frames (#7131) URL::parse fixes for empty paths (#7119) Replace ACTION_RESULT_NONE with nullptr (#7135) Add metric tracking async job pauses (#7153) PluginFactory - Remove unused code that was left from last PluginFactory change(TSPluginDSOReloadEnable) (#7155) Fix stale pointer due to SSL config reload (#7148) slice: check if vio is still valid before calling TSVIODone* on shutdown (#7147) Deprecate cqhv field (#7143) Don't return QUIC frame if the size exceeds maximum frame size (#7121) Check VIO availability before acquiring a lock for it (#7145) Fix #7116, skip the insertion of the same continuation to pending dns (#7117) Allow override of CA certs for cert from client based on SNI server name sent by client. (#7130) Fix typo in cache docs (#7144) remove useless shortopt (#7138) Protect TSActionCancel from null INKContInternal actions (#7128) Check VIO availability before checking whether the VIO has data (#7120) Accept NAT rebinding on a QUIC connection (#7123) Fixes garbled logs when using %<vbn> log tag (#7140) Removes duplicated listing of files in same Makefile target (#7137) Updated gdb mutex script to get process file for Fedora 32 (#7133) SSLConfig mem leak fix (#7125) Replaces "smart" quotes with ASCII equivalents (#7126) Comment out a wrong assertion in QUIC Loss Detection logic (#7129) Add member initialization to the Errata class. (#7132) Cancel active/inactive timeout on closing Http2Stream (#7111) Add modsecurity lua script to example (#7105) Expose remap config file callback (#7073) Make tls_hooks tests more likely to pass (#7122) commit ac31ada Merge: 4d579f4 e904dbc Author: Masakazu Kitajo <[email protected]> Date: Mon Aug 17 09:14:14 2020 +0900 Merge branch 'master' into quic-latest * master: Backing out my update of our jenkin's autest file. (#7118) Don't send image/webp responses from cache to broswers that don't support it (#7104) Updating our autest suite to require Python3.6 (#7113) Squashed commit of the following: (#7110) Supporting out of source builds for AuTests. (#7109) Fixes uninitialized variables found by Xcode (#7100) Add cross references between server session sharing match and upstream connection tracking match. (#7038)
* asf/9.1.x: (26 commits) Updated ChangeLog Use return values to fix ubuntu release build error (apache#7591) Build the test library for tls_engine consistently (apache#7588) if transaction status non-success, bypass intercept plugin (apache#7724) Fix build on FreeBSD 13 (apache#7730) Fix use of -mcx16 flag - only use if it compiles cleanly. (apache#7684) Add class to normalize handling of pending action (apache#7667) Fix a bug in tspush that pushes corrupted content to cache (apache#7696) Add new TS API function TSUrlRawPortGet. (apache#7568) fix mem leak in session cache (apache#7707) Fix doc for http2.no_activity_timeout_in (apache#7721) Add a chunked disabled test. (apache#7743) Adding DNS TTL AuTests. (apache#7742) header_rewrite: Various fixes for MaxMind support (apache#7746) header_rewrite: Allow for relative path to geo database files (apache#7727) header_rewrite: allow for use of maxminddb as source of geo truth (apache#7695) Propagate TLS errors (apache#7714) Experimental Cache fill plugin (apache#7470) Make when_to_revalidate setting available on HTTPS (apache#7753) Clean up HTTP version processing (apache#7766) ...
…ache#7695) (cherry picked from commit 2f36ec6) Conflicts: doc/admin-guide/plugins/header_rewrite.en.rst
* Removes down_server.abort_threshold completely (#8077) * url_sig: add url_type = pristine config file option (#8100) * Remove unused multicast functions (#8158) * Defer canceling UA inactivity timeout for chunked bodies too (#8084) * Update INSTALL for URLs and version number (#8173) * Fix clearing all stats function (#8172) Co-authored-by: Damian Meden <[email protected]> * ensure hostname_offset is initialized to '0' to indicate null hostname (#8162) * Remove used url_copy_onto_as_server_url (#8169) * Fix typo in documentation (#8177) * Remove unused HdrCsvIter methods (#8167) * Remove unused configuration related methods from Store and Span. (#8160) * Add plugin parent_select reloading (#8075) * Added missing milestones and updated slow log report script (#8168) Moved the cache open read end milestone to the end of the method * Make the rest of InkAPI allocators Proxy Allocated (#8106) * Make the rest of InkAPI allocators Proxy Allocated * As per Walt the all-knowing oracle, remove from test * Various maxmind_acl fixes (#8181) * Various maxmind_acl fixes - Add a check for non-nullptr client addr - Add null termination for iso_codes. They are stored unterminated in the database so to properly lookup in the map we need to terminate ourselves * Review fixes * Abstract adding Connection: close header to avoid triggering H2 draining logic (#8178) * Merge quic-latest into master (#8010) Squashed commit of the following: commit d232a12ec5ae461235f4a4d6f7c7644d05651aed Merge: 837bd0e41 2edeae477 Author: Masakazu Kitajo <[email protected]> Date: Tue Jun 29 15:41:34 2021 +0900 Merge branch 'master' into quic-latest * master: reuse multiple times (#7992) Test bad request behavior (#7884) Fix BoringSSL build (#8001) Update TSHttpTxnAborted API to distinguish client/server aborts (#7901) Enforce case for well known methods (#7886) Add null checks for http_load (#7995) commit 837bd0e413c27b4f2132864c9a0a377a45fabaf5 Author: Masakazu Kitajo <[email protected]> Date: Mon Jun 28 15:11:03 2021 +0900 Fix unit tests for QUICStreamState commit c5bb9e0dd41cba2198c5632f85f89f9b343eee34 Merge: 0a63fa977 202b2505c Author: Masakazu Kitajo <[email protected]> Date: Mon Jun 28 10:02:54 2021 +0900 Merge branch 'master' into quic-latest * master: Implement TLSBasicSupport for QUICNetVC (#7959) Reload server session inactivity timeout before placing a session into the pool (#7618) Use OpeSSL EVP API if SHA1 API is unavailable (cache_promote) (#7447) Cleanup: Get rid of HTTP2_SESSION_EVENT_RECV (#7879) Timing and permissions update for regex_revalidate test (#7998) limit m_current_range to max value in RangeTransform (#4843) Allow to TLS handshake to error out on TSVConnReenable (#7994) Cleanup: Get rid of HTTP2_SESSION_EVENT_INIT (#7878) Add hook for loading certificate and key data from plugin (#6609) Doc: Now's Minute invocation error (#7990) Fix typo in configure.ac (#7993) commit 0a63fa977f97919143f45508f1f6c5b656324d80 Merge: 312cf393c bd93f2a40 Author: Masakazu Kitajo <[email protected]> Date: Fri Jun 25 14:34:55 2021 +0900 Merge branch 'master' into quic-latest * master: Don't rely on SSLNetVC when HttpSM gathers info about SSL (#7961) conf_remap: demote 'Invalid configuration' to warning (#7991) Cleans up the code bit, including milliseconds consistency (#7989) Pass through expect header and handle 100-continue response (#7962) Treat TRACE with body as bad request (#7905) Thread safe Mersenne Twister 64 using c++11 (#7859) ESI plugin documentation updates. (#7970) Add log name configuration and stderr/stdout support. (#7937) Cleanup: Constify MIMEHdr (#7949) Fixed compile error with Linux AIO unit test (#7958) Note YAML parser library bug, and work-around, in documentation. (#7963) Ensure that the content-length value is only digits (#7964) String the url fragment for outgoing requests (#7966) Fix for HTTP/2 frames (#7965) Improve parsing error messages for strategies.yaml. (#7948) fix the scheme of h2 0rtt tests (#7957) Fix double test flakiness due to EOS/TXN_CLOSE race (#7956) Use proxy.config.log.hostname for rotated log filenames (#7943) Fixed memory leak in the QUIC stream manager (#7951) Fixup TS_USE_LINUX_NATIVE_AIO AIO_MODE_NATIVE (#7832) Update GitHub stale action to auto close old PRs (#7952) Revert "Do not invalidate cached resources upon error responses to unsafe methods (#7864)" (#7954) regex_revalidate: add stats for miss/stale counts (#7950) Do not invalidate cached resources upon error responses to unsafe methods (#7864) Add an HTTP/2 304 "Not Modified" AuTest. (#7882) regex_revalidate: optionally retain rule epoch state across restarts (#7939) Fixed memory leak in QUIC ack frame unit test (#7947) cache_promote: Don't promote on uncacheable requests (#7942) Fix dynamic-stack-buffer-overflow of cachekey plugin (#7945) Compilation error fixes for QUIC unit tests (#7944) Adds bytes counting as a trigger to the cache_promote LRU (#7765) Add a JSON schema for strategies.yaml (#7932) Remove second call to TRANSACT_RETURN while handling cache write lock (#7873) Close connection after every bad request for HTTP/1.1 (#7885) Pin Sphinx to 3.x to unblock `make html` (#7940) Add support for Remap rule hit stats (#7936) Remove scrap log object dead code (#7935) Add STL forward iterators to DLL container. (#7934) Add log SQUID code testing to redirect.test.py Au test. (#7870) Fix race condition on server session state (#7921) regex_reval: bug where rule type is always reported as the first (#7928) Remove duplicate entry in overridable txn vars. (#7930) Satisfy ci/jenkins/bin/clang-format.sh (#7929) Add a basic Au test using strategies.yaml, with consistent hashing. (#7911) Add a chunked negative revalidating test. (#7907) Ensure that URL components are valid when alternate eviction is logged (#7924) fix grammar (#7927) AuTest: Enable h2spec generic test cases (#7926) Adjust vc read errors (#7923) Remove bucket search from IntrusiveHashMap::erase (#7848) Ensure TS_VCONN_CLOSE_HOOK hook is called during TS_EVENT_VCONN_CLOSE. (#7913) Update docs languages file to add 9.1.x for en and ja (#7917) * Adds a new peering ring mode to next hop selection strategies. (#7897) Add Au test for strategies.yaml, with consistent hashing, with fallover. (#7914) Make HttpSM server reference a Transaction instead of a Session (#7849) Set accept_options of Http1Transaction in Http1ClientSession::new_connection() (#7894) Reset Http1Transaction before adding vc to keep_alive_queue (#7892) Add dead server policy control and metric. Improve messages. (#7757) Ensure the HTTP protion of the protocol string is upper case (#7904) Fixed spelling mistakes in the docs (#7896) add MISS capability to the regex_revalidate plugin (#7899) docs: fix capitalization of Linux (#7898) Redirect - Make TS to honour the number_of_redirections configuration value (#7867) Clean up producer more regularly (#7386) Fix crash in open_close_h2 (#7586) Cleanup Http2ClientSession SessionHandler (#7876) Enforce HTTP parsing restrictions on HTTP versions supported (#7875) Do not delete the continuation twice (#7862) Cleanup: refer Http2ClientSession::mutex (#7853) Autest - Proxy Verifier Extension, add context template $-base string substitution in the replay file. (#7866) Fixed some spelling mistakes in comments (#7869) Fixed ASAN issues with MMH test (#7868) Cleanup: Move member functions defined inside of class definitions of Http2ConnectionState & Http2ConnectionSettings (#7854) Add URI Signing cdnistd Claim Implementation (#7822) Adds a new --enable-all-asserts configure option (#7858) Unifdef test code for MMH and moved it into its own test file (#7841) Clean up lua plugin doc for overridable configurations (#7844) Save and propagate epoll network error (#7809) Add method to write an IpAddr value to a sockaddr. (#7821) Add proxy.config.http.max_proxy_cycles (#7657) Update NextHop strategies so that unavailable server retry codes (#7837) generator: allow for POST requests (#7635) Fixed double declaration types for log buffer tracking (#7847) Extra braces for clang 5 / ubuntu 16.04 on array initialization (#7842) Conflicts: iocore/net/quic/QUICStreamFactory.cc commit 312cf393c170bbf1ee6c945907868137197afdfa Merge: f90e8dde9 5cdc1459f Author: Masakazu Kitajo <[email protected]> Date: Mon May 17 10:07:42 2021 +0900 Merge branch 'master' into quic-latest * master: Get rid of code for OpenSSL that has old QUIC API (#7599) Fixed warning in gcc 11 about array not being initalized (#7840) Don't call next next dup on destroyed mime field mloc. (#7833) build_h3_tools: use OpenSSL_1_1_1k+quic (#7836) Address assert on captive_action (#7807) Fix so EOS are delivered to sessions in the pool (#7828) Fix a format specifier for size_t (#7830) Fix stall on sending response for request with trailer header (#7831) Simplification dir_init_done (#7817) Remove unused member from HttpSM (#7835) AuTest: use exteneded help output to determin curl feature support (#7834) Apply fmt compile time argument checking to log functions (#7829) Adds new X-Cache-Info header to the xdebug plugin (#7784) Cleanup: Remove unused members of Http2Stream (#7813) Cleanup: unused functions of Http2ClientSession (#7812) Cancel cross_thread_event on clear_io_events (#7815) Cleanup: Remove a meaningless Http2Stream::do_io_close() call (#7814) Eliminate next dup call using stale mime field mloc is s3_auth plugin. (#7825) NetEvent cleanup - replace #define with constexpr (#7804) fix origin session related crashes (#7808) Update HTTP version info in HostDB on new outbound connection (#7816) Remove a redundant argument (#7811) SSL Cert lookup using PP dest ip when ProxyProtocol is enabled (#7802) Fix MLoc assert caused by s3auth (#7790) Fix cpu utilization problem in session cache (#7719) Fix to cookie_remap.cc tp avoid Intel compiler warning. (#7792) TSHttpTxnCacheDiskPathGet - tighten up the code a bit. (#7806) Doc: tcpinfo plugin table formatting (#7805) fix DNS spike issue for TCP_RETRY mode (#7307) Adds new TS API TSHttpTxnCacheDiskPathGet (#7783) tests: Fixes spelling (#7789) Traffic Dump: Add an HTTP/3 AuTest (#7758) use sendmsg and recvmsg (#7793) HTTP: clean up the http_hdr_describe format error (#7797) Fixes an issue where next hop unit tests crash when run on macOS. (#7787) Apply log throttling to HTTP/2 session error rate messages (#7772) Cleans up uninitialized warning in LogMessage.cc (#7788) Short circuit remap reload when a valid remap file is not specified (#7782) DNS: Clean up argument passing to DNS queries. (#7778) Remove extra verify-callback (#7540) Augment test cases for tls_verify_override test (#7736) Make when_to_revalidate setting available on HTTPS (#7753) Add traffic_server command line option for debugging in Au test. (#7762) Test: Update tls_partial_blind_tunnel to have a nameserver. (#7773) Test: update tls_forward_nonhttp to have a nameserver. (#7774) Test: add nameserver to log-filter test. (#7776) BWF: Add support for std::error_code. (#7777) Test: add nameserver to log-field test. (#7779) Test: add nameserver to regex_remap test. (#7775) Elevate privileges for traffic_manager during SSL cert reload (#7770) Clean up HTTP version processing (#7766) Remove proxy.config.http.down_server.abort_threshold (#7748) Remove undocumented keepalive_internal_vc setting (#7693) doc: header_rewrite random function not inclusive (#7760) Experimental Cache fill plugin (#7470) Remove references to removed options (#7756) Propagate TLS errors (#7714) AuTest extension: check for unrecognized configurations (#7752) Fixes errors in the strategies.yaml documentation. (#7745) Updates to Nexthop strategies to limit the number of simultaneous (#7744) Fixes Issue #7739 - Next hop strategy with bad 'to' URL causes TS crash. (#7749) header_rewrite: Various fixes for MaxMind support (#7746) Remove unused variable is_revalidation_necessary (#7747) Fix simple remapping in regex_remap plugin. (#7718) Adding DNS TTL AuTests. (#7742) Add a chunked disabled test. (#7743) Fix monitor threads in lib records to exit on system shutdown. (#7731) Add overload for memcpy to take a destination buffer and source string_view / TextView (#7732) Test: Add nameserver to TLS tunnel forward test. (#7733) AIO_NOT_IN_PROGRESS should not be 0 (#7734) if transaction status non-success, bypass intercept plugin (#7724) ink_utf8_to_latin1 is not defined, removing declaration (#7737) Fix build on FreeBSD 13 (#7730) Update VSCode CPP Standard (#7723) Updating to use Proxy Verifier 2.2.0 (#7729) header_rewrite: Allow for relative path to geo database files (#7727) Override proxy.config.ssl.client.sni_policy from sni.yaml (#7703) compress.test.py: Reference config file from Test.RunDirectory (#7725) Ran clang-tidy over the code (#7708) Deny unknown transfer encoding values (#7694) Fix doc for http2.no_activity_timeout_in (#7721) Add DynamicStats (#7704) header_rewrite: allow for use of maxminddb as source of geo truth (#7695) Include in parentselectdefs.h in install target (#7713) uri_signing: fix warning which affects ubuntu:20.04 builds (#7717) Increase the maximum slice block size from 32MB to 128MB (#7709) commit f90e8dde99564ff4270f2ae63e8592b0948b6130 Author: Masakazu Kitajo <[email protected]> Date: Tue Jan 12 12:21:51 2021 +0900 Add QUICStreamStateListener commit f66646cb1907f7079eaf41aa81da9705934eff18 Merge: be9837c03 9f9594fd3 Author: Masakazu Kitajo <[email protected]> Date: Sat Apr 17 13:57:50 2021 +0900 Merge branch 'master' into quic-latest * master: Fix ALPN support on QUIC connections (#7593) fix mem leak in session cache (#7707) Parent Select Plugin (#7467) Add new TS API function TSUrlRawPortGet. (#7568) Add NixOS support (#7697) Remove support for --enable-remote-cov-commit (#7700) Remove configure-time loopback interface detection (#7702) Add sqpv log field for server protocol (#7680) Call do_io_close instead of HTTP2_SESSION_EVENT_FINI handler (#7594) Fix a bug in tspush that pushes corrupted content to cache (#7696) Automatically marks PRs and issues stale (#7675) New rate_limit plugin for simple resource limitations (#7623) Remove undefined method HttpSM::perform_nca_cache_action (#7692) Remove undefined method HttpSM::setup_client_header_nca (#7691) Scalar; Move "tag" struct to be inside the "ts" namespace to avoid collisions. (#7690) Rollback LAZY_BUF_ALLOC remove in HttpTunnel (#7583) Add class to normalize handling of pending action (#7667) Make HTTP/2 Curl AuTest gold files case insensitive (#7683) Add STL compliant field iteration to MIMEHdr. - rebase. (#7476) Fix use of -mcx16 flag - only use if it compiles cleanly. (#7684) Refine connection failure logging and messages and eliminate suprious connection errors (#7580) Add close header normalize openclose test (#7679) Fix has_consumer_besides_client to deal with no clients (#7685) create a new cache status RWW_HIT (#7670) Updating to AuTest 1.10.0 (#7682) sslheaders AuTest: Skip if plugin does not exist (#7678) Add AuTest for Background Fill (#7613) Do NOT kill tunnel if it has any consumer besides HT_HTTP_CLIENT (#7641) AuTest: address various permissions issues (#7668) Adding TCP Info header support to header rewrite (#7516) Refine Inline.cc carveout for arm64 darwin builds (#7662) Comment why log eviction isn't implemented via a log field. (#7648) Fixing Throttler.h for older clang and gcc compilers (#7651) Update -with-profile and add some profiling documentation (#7601) Use correct default value for verify.server.policy (#7636) Update server_response_body_bytes when background fill worked (#7621) Remove erroneous manager.log mesg with remap include file reload (#7646) Change ROUNDUP from function-like macro to function template. (#7614) Document http.default_buffer_water_mark (#7612) Add proxy.config.cache.log.alternate.eviction (#7629) Fix HttpSessionManager::acquireSession from previous rebase error (#7631) Fix tls_client_versions and tls_hooks18 tests (#7645) Updating documentation for negative_revalidating_lifetime (#7633) Remove reference to client.verify.server from tests and other bits (#7639) Add pooled_server_connections metric (#7627) Expose URL element methods through HTTPHdr (#7628) Add default implementation for allow_half_open (#7630) Add thread yeield to avoid busy waiting in LogObject::_checkout_write(). (#7576) Add proxy.process.http.background_fill_total_count (#7625) statichit: misc. fixes (#7634) Remove unused variables (#7626) Adding negative revalidating AuTests. (#7620) Add failed state to hostdb to better track failing origins (#7291) Use standard isdigit library function (#7619) Typo in output when forcing kqueue for configure (#7617) Implement log throttling (#7279) Increase Proxy Verifier caching delay. (#7616) Set pcre_malloc/free function pointers in core main() only. (#7608) commit be9837c03219f2cb9efbd4981d13dbc78294ce51 Merge: 99ff68fa3 d4fc16f64 Author: Masakazu Kitajo <[email protected]> Date: Wed Mar 17 09:38:59 2021 +0900 Merge branch 'master' into quic-latest * master: Fix the connection limit crash while using parents (#7604) Remove inline for detail::cache::CacheData::idAddr (#7592) Remove UnixNetVConnection::startEvent - not actually called. (#7596) Use return values to fix ubuntu release build error (#7591) Fix double destuct on Http2Stream termination (#7600) Add pointer/reference upcast function that is checked in debug builds. (#7582) Call constructors and destructors for H1/2 Session/Transaction via ClassAllocator (#7584) Add gold test for remap config .include directive. (#7589) Change the default value for verify.server.policy (#7587) Build the test library for tls_engine consistently (#7588) Generalize ALPN logic (#7555) Fix the final consumer write size from unchunked to chunked tunnel (#7577) Reactivate accept_no_activity_timeout (#7408) Tidy up session/transaction destruction process (#7571) Remove ProxyTransaction::set_proxy_ssn (#7567) Introduce TLSBasicSupport interface (#7556) Cleanup: Rename IOBufferReader of Http2ClientSession (#7569) Add a check for compress response, if from server and 304, then check cache for headers instead of the 304 response (#7564) Updates the STATUS file with all recent releases (#7566) Make Allocator.h less silly (no creepy "proto" object). (#6241) Cleanup: Remove unused member of Http2ClientSession (#7570) enable origin server session cache by default (#7537) Add tscontdestroy when transaction is closed and pacing rate is reset (#7572) Remove reference to CoreUtils (#7557) Remove unused enums from YamlSNIConfig struct. (#7565) Removes deprecated sni.yaml option: disable_h2 (#7547) This PR updates parent selection to limit the number of simultaneous (#7485) Fix KA header not checking strategy (#7483) Get rid of kruft LogObject copy constructor. (#7553) For TSHttpHdrEffectiveUrlBufGet(), include scheme for request to server URL. (#7545) Adding lower_ support to stats and bonding_slave data points for port status (#7560) Change cookie_remap plugin to allow use of pre-remap URL (and components). (#7519) check verify policy and properties (#7559) Fix parent.config to 504 not 502 on timeout (#7558) use SSL_CTX address as part of the lookup key (#7552) Add ALPN support on TLS Partial Blind Tunnel (#7511) Add server_name option to proxy.config.ssl.client.sni_policy (#7533) Fix a crash on origin session reuse (#7543) Removes the test plugins from the .spec file / RPM (#7551) Convert the inactive_client_timeout test to use Proxy Verifier (#7535) Fix ja3_fingerprint configure syntax (#7550) Fix asserts in multiplexer plugin. (#7532) parse expiration time and reload config at time out (#7281) Fix origin_session_reuse test (#7542) Fix tls_session_reuse test (#7541) Split SSL_CTX initialization logic into small functions (#7434) Remove dependency for SSL stuff from P_Net.h (#7531) Unify all the connect timeouts into one (#7335) Fix lua_states_stats Au test. (#7232) origin session reuse (#7479) Updating to use Proxy Verifier 2.1.0 (#7534) update the session reuse tests (#7529) commit 99ff68fa395a6e3f8ab2e27e98049ceb00a0a7c8 Author: Masakazu Kitajo <[email protected]> Date: Wed Feb 17 11:14:40 2021 +0900 Fix link error commit c4ad0c071d53fb888d8b2ffac34b848524f4fe68 Merge: c40d95a91 cd33010ff Author: Masakazu Kitajo <[email protected]> Date: Wed Feb 17 09:56:25 2021 +0900 Merge branch 'master' into quic-latest * master: Select lua context per thread (#7465) Fix out of bounds access error in jtest (#7526) Disable compiling Inline.cc on macOS (#7389) Makes sure the types are correct, avoiding compiler warnings (#7523) Move has_request_body to ProxyTransaction (#7499) Make the H3 build script work properly on Debian platforms (#7522) slice/handleFirstServerHeader: return sooner on requested range errors (#7486) Add new log field for negotiated ALPN Protocol ID with the client (#7491) Add Outbound PROXY Protocol (v1/v2) Support (#7446) Updates the Dockerfile for debian (#7518) Disable client inactivity timeout while server is processing POST request (#7309) Upgrade Catch.hpp to v2.13.4 (#7464) Move reopen_moved_log_files to log flushing thread (#7450) replace psutil.pid() with psutil.process_iter() for safer execution (#7515) Fix spacing in clang-analyzer.sh script (#7480) Fix out of bounds access error in ats_base64_decode (#7490) Updated to build lastest versions of Fedora and CentOS docker images (#7505) Fix QUIC unit tests build issue on GNU ld (#7496) Fix QUIC unit test failures (#7497) Fixed build issues with Fedora 34 (#7506) Fixing DNS local_ipv* config option (#7507) traffic_dump: AuTests to use Proxy Verifier. (#7502) Disable ja3 plugin when building with boringssl (#7500) Avoid -Warray-bounds on PROXY Protocol Builder (#7488) AuTest: Upgrade to Proxy Verifier 2.0.2 (#7493) fix certs (#7494) Add zlib1g-dev to Debian dependencies in README (#7495) Unit Test - Increase openssl's key size. Place test certs into a common test folder. (#7451) Add basic type aliases for std::chrono types to ink_time.h for future use. (#7482) traffic_ctl - Fix lookup key for run-root option (#7484) update thread config tests (#7370) Perf: Replace casecmp with memcmp in HPACK static table lookup (#6521) Add PROXY Protocol Builder (#7445) Adjust so transfer-encoding header can be treated hop-by-hop (#7473) Convert auxkey form 2 uint32_t to 1 uint64_t. (#7350) Remove the queuing option from proxy.config.http.per_server.connection (#7302) Remove unused function ink_microseconds. (#7481) use std::unordered_map to store sessions (#7405) drop use of BIO_f_base64 and EVP_PKEY_new_mac_key (#7106) Do not write to the cache if the plugin decides not to write to the cache (#7461) API to retrieve NoStore set by plugins (#7439) Update AuTest version update directions for pipenv (#7469) Add command line utility to help convert remap plugin usage to ATS9. (#7426) Cleanup: Get rid of MIMEFieldWrapper from HPACK encoding (#6520) Proxy Verifier: Making use of delay directives for caching tests. (#7468) Cleanup: Add SNIRoutingType (#7453) Updating to Proxy Verifier v2.0.0 (#7454) Adjust to actually try a server address more than once (#7288) Change atoi to atol, causing obvious issues on what needs to be int64's (#7466) Cleans up duplicated TSOutboundConnectionMatchType definition (#7090) Fixing compress expectation for new microserver (#7463) Update to the new MicroServer 1.0.6 release (#7460) CacheRead: clear dir entry if doc is found to be truncated (#7064) Do not provide a stale negative cache (#7422) Generalize SNI support (#6870) Add synchronization between UDPNetProcessor::UDPBind in main Thread and initialize_thread_for_udp_net in ET_UDP Thread (#7407) Fix heap use after free in DNSProcessor::getby() (#3871) Fix comment in include/tscore/Filenames.h. (#7457) Fix Makefile target for creating changelogs (#7455) Change squid log code for self looping (#7443) Enhancements for compress plugin (#7416) Add incoming PROXY Protocol v2 support (#7340) Cleanup: Remove unused members of NextHopProperty (#7436) Small fix to regex_remap PR # 7347. (#7437) PoolableSession (#6828) option to disable compression for range request's response (#7287) Make TSUrlSchemeGet() return scheme implied by URL type when there is no explicit scheme. (#7262) commit c40d95a912166224e517b07d6dc3ffd273907fc9 Merge: 573035c60 ecd70df36 Author: Masakazu Kitajo <[email protected]> Date: Wed Jan 20 09:39:34 2021 +0900 Merge branch 'master' into quic-latest * master: Fix a link error on traffi_quic command (#7433) Fix stall on outbound TLS handshake (#7432) Fix the Proxy Verifier AuTest extension to handle cert paths correctly (#7415) Update documentation for TSSslSessionInsert (#7420) Improve zlib detection logic (#7430) Fix parent connect fail segfault (#7429) commit 573035c606fa088349420de35f0cdabe38649f5e Merge: 5704095ba 95b8d575a Author: Masakazu Kitajo <[email protected]> Date: Fri Jan 15 23:24:29 2021 +0900 Merge branch 'master' into quic-latest * master: Doc: Fix typo in negative_revalidating_lifetime (#7427) Change comment handling for long lines in url_sig plugin (#7421) Add unit tests for PROXY Protocol v1 parser (#7332) LGTM: Remove superfluous const qualifier in return type (#7412) Fix issue with unavailable server retry codes (#7410) Remove the warning statement (#7414) default to throttling and subsequently simplify the transfer code (#7257) Improvement to lua plugin (#7413) Make places to bind/unbind SSL object with/from NetVC (#7399) traffic_ctl - plugin msg now require only the tag as mandatory field data field is now optional. (#7364) API - Add new api function TSHttpTxnServerSsnTransactionCount() to retrieve the number of transactions between TS proxy and the origin server from a single session. (#7387) Fix clang compiler complaint about an unused parameter in SNIAction. (#7409) Add compression support to stats_over_http (#7393) Doc: Fix INPUT tag of Doxyfile (#7404) Remove unneeded variables in UnixNetVConnection (#7403) Correctly pass back errno to HttpSM (#7402) Reverting to old negative_caching conditional behavior (#7401) Remove unused MAYBE_ABORT state (#7400) traffic_manager should not retry on disk failure (#7397) Eliminate dangling pointer into stack space. (#7392) This PR aims to address some of the lock contention found and (#7377) Remove a special treatment for SSLNetVC in migrateToCurrentThread() (#7384) Replace ::exit() with _exit() to avoid secondary cleanup cores (#7395) [Doc] Fix build warnings (#7391) Clear call_sm on tunnel reset (#7352) Unused code: HostDBContinuation::removeEvent (#7383) Traffic Dump: Fix stream-id printing after first transaction. (#7311) Add comments to ink_queue.h. (#7376) Cleanup incoming PROXY Protocol v1 (#7331) In CI, only run autopep8 on branches that enforce autopep8 (#7270) Fix FreeBSD 12 link issue in test_libhttp2. (#7367) Adjust flags to ensure tunnel producer is cleaned up (#7336) Cleanup: Remove SSL Wire Trace releated code in UnixNetVConnection (#7368) Use EVP MAC API if available (#7363) Use EVP API instead of MD5_Init/Update/Final (secure_link plugin) (#7355) Use ERR_get_error_all if available (#7354) Use OpeSSL EVP API instead of SHA256_Init/Update/Final (#7342) Cleanup: Get rid of NetVConnection::outstanding() (#7366) Cleanup: Remove unused functions (#7365) Add a post case to the conn_timeout test (#7334) Fix sni ip_allow and host_sni_policy (#7349) AuTest for Split DNS (#7325) Make reloading client certificate configuration more reliable (#7313) Add negative caching tests and fixes. (#7361) ESI: Ensure gzip header is always initialized (#7360) Allow for regex_remap of pristine URL. (#7347) Set thread mutex to the DNSHandler mutex of SplitDNS (#7321) Fix lookup split dns rule with fast path (#7320) Add note to background fetch about include/exclude (#7343) AuTest for incoming PROXY Protocol v1 (#7326) Fix vc close migration race condition (#7337) TLS Session Reuse: Downgrade add_session messages to debug (#7345) TLS Session Reuse: Downgrade noisy log to debug (#7344) Remove the last remnants of the enable_url_expandomatic (#7276) Remove unnecessary cast from ReverseProxy. (#7329) Updates the Dockerfile with more packages (#7323) fixup in HttpSM to only set [TS_MILESTONE_SERVER_CLOSE if TS_MILESTONE_SERVER_CONNECT has been set (#7259) Add option for hybrid global and thread session pools (#6978) Get appropriate locks on SSN_START hook delays (#7295) s3_auth: demote noisy errors around configuration that doesn't affect plugin usability (#7306) Follow the comments in I_Thread.h, add an independent ink_thread_key for EThread. (#6288) Reduce the number of write operation on H2 (#7282) commit 5704095ba63316e672d9fae67d2757fff084e03c Merge: 882a79d87 0c88b24a0 Author: Masakazu Kitajo <[email protected]> Date: Wed Oct 28 21:06:11 2020 +0900 Merge branch 'master' into quic-latest * master: Adds a shell script to help build the H3 toolchains (#7299) Remove unfinished h2c support (#7286) Allow disabling SO_MARK and IP_TOS usage (#7292) Enable all h2spec test (#7289) Fix bad HTTP/2 post client causing stuck HttpSM (#7237) Sticky server does not work with H2 client (#7261) 7096: Synchronize Server Session Management and Network I/O (#7278) HostDB: remove unused field in HostDBApplicationInfo, and update remaining types in http_data to fix broken padding. (#7264) Add support for a new (TSMgmtDataTypeGet) mgmt API function to retrieve the record data type (#7221) Fix example in default sni.yaml configuration. (#7277) Fix proxy.process.http.current_client_transactions (#7258) Add AuTest for HTTP/2 Graceful Shutdown (#7271) Fix truncated reponse on HTTP/2 graceful shutdown (#7267) url_sig add 'ignore_expiry = true' option for log replay testing (#7231) Respecting default rolling_enabled in plugins. (#7275) gracefully handle TSReleaseAsserts in statichit and generator plugins (#7269) Removes commented out code from esi plugin (#7273) Allow initial // in request targets. (#7266) Document external log rotation support via SIGUSR2 (#7265) Let Dedicated EThreads use `EThread::schedule` (#7228) HostDB: Fix cache data version checking to use full version, not major version. (#7263) Bugfix: set a default inactivity timeout only if a read or write I/O operation was set (#7226) Treat objects with negative max-age CC directives as stale. (#7260) Remove some usless defines, which just obsfucates code (#7252) Remove useless if for port set assertion. (#7250) Fix test_error_page_selection memory leaks and logic errors (#7248) [multiplexer] option to skip post/put requests (#7233) Incorporates the latest CI build changes (#7251) Add support for server protocol stack API (#7239) Fix for plugins ASAN suppression file (#7249) RolledLogDeleter: do not sort on each candidate consideration. (#7243) Make double Au test more reliable. (#7216) Ensure that ca override does not get lost (#7219) Stop crash on disk failure (#7218) Do not cache Transfer-Encoding header (#7234) clean up body factory tests (#7236) Revert "Create an explicit runroot.yaml for AuTests (#7177)" (#7235) New option to dead server to not retry during dead period (#7142) Increment ssl_error_syscall only if not EOF (#7225) Fix renamed setting in default config (#7224) Log config reload: use new config for initialization (#7215) Introduce proxy-verifier to AuTests (#7211) Follow redirection responses when refreshing stale cache objects. (#7213) Create an explicit runroot.yaml for AuTests (#7177) Support external log rotation tools via SIGUSR2 (#6806) Add support for TS API for Note, Status, Warning, Alert (#7208) If the weight is 0, the SRV record should be selected from the highest priority group (#7206) Cleanup: remove unnecessary memset() within dns_process() (#7209) Docs cleanup (#7210) Strip whitespaces after field-name and before the colon in headers from the origin (#7202) Adds new plugin: statichit (#7173) Add duplicate header field processing when creating outgoing response (#7207) commit 882a79d87126a27482b2d1dc5a172ef042acad6b Merge: 2a9887f4c bb5c39086 Author: Masakazu Kitajo <[email protected]> Date: Fri Sep 18 10:01:14 2020 +0900 Merge branch 'master' into quic-latest * master: Rename ambiguous log variable (#7199) KWF useless member function HttpSM::kill_this_async_hook(). (#7198) Fix the active_timeout test to work without quic enabled (#7197) Remove obsolete cdn_ HttpTransact vars (#7182) Remove unused HttpUpdate mechanism (#7194) Updates the list of supported / linked Docs versions (#7152) Make custom xdebug HTTP header name available to other plugins. (#7193) Update sni outbound policy to allow directly setting the outbound SNI. (#7188) commit 2a9887f4c4c5a9259cdd64bf24c76b1618d78d29 Author: Masakazu Kitajo <[email protected]> Date: Wed Sep 16 17:54:01 2020 +0900 Avoid unnecessary QUIC CID randomization commit 42e8898aafbdb8f17fefb1da99d7ae7cdc019a19 Author: Masakazu Kitajo <[email protected]> Date: Tue Sep 15 12:41:28 2020 +0900 Simplify interface between H3 and QUIC, and remove memcopy between them commit 112fc71a324397a590c1cad6a4b2cfed27a551c2 Merge: ac31adaa8 b09096481 Author: Masakazu Kitajo <[email protected]> Date: Tue Sep 15 09:21:25 2020 +0900 Merge branch 'master' into quic-latest * master: Add an autest testcase for HTTP3 (#7063) Fix TSHttpTxnServerPacket* API's to correctly update existing server connections (#7175) Do not lose original inactivity timeout on disable (#7134) Emits log when OCSP fails to connect to server (#7183) autopep8: avoid running on non-tracked files. (#7186) TextView: Add additional constructor tests. (#7189) Remove duplicate code (#7180) TextView: add constructor size values to enable strlen even for null pointers. (#7185) Add virtual destructor to QUICRTTProvider. (#7184) AuTest: Reuse venv if it exists already (#7178) TS_API for Note,Status,Warning,Alert,Fatal (#7181) Traffic Dump: Record HTTP/2 priority. (#7149) leaks in logs (#7172) Additions to enable loading qat_engine (#7150) Removes references to non-existent function handle_conditional_headers (#7162) Fix #7164 Chaning Warning to Debug and creating a stat for inserting duplicates to pending dns (#7166) Fix #7167, make autopep8 failure (#7168) MicroDNS Extension: handle different 'default' types (#7159) Traffic Dump documentation for post_process.py (#7161) Fix memory leaks in multiplexer plugin (#7160) rc: fixes systemd unit file stopping (#7157) Fix lua plugin mem leak problem (#7158) Don't make an error on duplicated RETIRE_CONNECTION frames (#7131) URL::parse fixes for empty paths (#7119) Replace ACTION_RESULT_NONE with nullptr (#7135) Add metric tracking async job pauses (#7153) PluginFactory - Remove unused code that was left from last PluginFactory change(TSPluginDSOReloadEnable) (#7155) Fix stale pointer due to SSL config reload (#7148) slice: check if vio is still valid before calling TSVIODone* on shutdown (#7147) Deprecate cqhv field (#7143) Don't return QUIC frame if the size exceeds maximum frame size (#7121) Check VIO availability before acquiring a lock for it (#7145) Fix #7116, skip the insertion of the same continuation to pending dns (#7117) Allow override of CA certs for cert from client based on SNI server name sent by client. (#7130) Fix typo in cache docs (#7144) remove useless shortopt (#7138) Protect TSActionCancel from null INKContInternal actions (#7128) Check VIO availability before checking whether the VIO has data (#7120) Accept NAT rebinding on a QUIC connection (#7123) Fixes garbled logs when using %<vbn> log tag (#7140) Removes duplicated listing of files in same Makefile target (#7137) Updated gdb mutex script to get process file for Fedora 32 (#7133) SSLConfig mem leak fix (#7125) Replaces "smart" quotes with ASCII equivalents (#7126) Comment out a wrong assertion in QUIC Loss Detection logic (#7129) Add member initialization to the Errata class. (#7132) Cancel active/inactive timeout on closing Http2Stream (#7111) Add modsecurity lua script to example (#7105) Expose remap config file callback (#7073) Make tls_hooks tests more likely to pass (#7122) commit ac31adaa82f9271f902de2f45c071e328f620271 Merge: 4d579f49a e904dbcef Author: Masakazu Kitajo <[email protected]> Date: Mon Aug 17 09:14:14 2020 +0900 Merge branch 'master' into quic-latest * master: Backing out my update of our jenkin's autest file. (#7118) Don't send image/webp responses from cache to broswers that don't support it (#7104) Updating our autest suite to require Python3.6 (#7113) Squashed commit of the following: (#7110) Supporting out of source builds for AuTests. (#7109) Fixes uninitialized variables found by Xcode (#7100) Add cross references between server session sharing match and upstream connection tracking match. (#7038) * Cancel active timeout when releasing session (#8083) * Add TSMgmtConfigFileAdd api doc (#8190) * Fixes an issue in ParentSelection and NextHop strategies where a down parent may not retried (#8159) Alternative to https://github.com/apache/trafficserver/pull/8098 Fixes and issue in ParentSelection and Nexthop strategies introduced with #7744 where a down parent may not be retried due to retriers limiting. Avoids race conditions in incrementing, decrementing and clearing retriers count. * Fixing TS_HTTP_REQUEST_BUFFER_READ_COMPLETE_HOOK enum value. (#8066) The value for TS_HTTP_REQUEST_BUFFER_READ_COMPLETE_HOOK was out of sync with the corresponding event, TS_EVENT_HTTP_REQUEST_BUFFER_READ_COMPLETE. This caused the handler for TS_HTTP_REQUEST_BUFFER_READ_COMPLETE_HOOK to never be invoked with the TS_EVENT_HTTP_REQUEST_BUFFER_READ_COMPLETE event. This patch fixes this problem and adds comments explaining the otherwise implicit but very important requirement that these values correspond as they do. The naming of the event and hook were off too. A hook with name TS_HTTP_X_HOOK should have an event of name TS_EVENT_HTTP_X, but these got out of sync somehow for request buffer read complete. This adjusts the event name appropriately. * Ran clang-tidy over the master branch (#8187) * Revert "Remove UnixNetVConnection::startEvent - not actually called. (#7596) * Revert "Remove UnixNetVConnection::startEvent - not actually called. (#7596)" This reverts commit a56638f8ba92c48e2cc8b677438c36e13f393e2b. * Fix a use-after-free reported by clang-analyzer Co-authored-by: Tomoaki Tanaka <[email protected]> * Clean up Machine implementation for issue #4159. (#8095) * Remove global g_rec_config_contents_llq (#8194) AFAICT, this is manipulated on records.config load, but is never actually used beyond that. * Update documentation of the url log fields (#8015) * Fix error connection logging crash (#8191) * Minor updates to HTTP version validation (#8189) Renamed the functions to be more explicit about only supporting HTTP/1.x Changed the version check to be only a logic statement * Allow variable buffer sizes and watermarks with transaction intercept plugins (#8088) * Allow variable buffer sizes and watermarks with transaction intercept plugins. * Added and updated docs for new and modified APIs. * Modified TSHttpConnectPlugin() to take a TSHttpConnectPluginOptions struct as an argument. * Added TSConnectType enum to convey information about underlying data stored inside an instance of TSHttpConnectOptions. * Fixed a typo of a type name in the docs. * * Added a getter API function for the type TSHttpConnectOptions * Added an enum for default water mark values * Refactored dependencies * Added and updated docs * Reformatted apidefs.h.in. * Changed evaluation of buffer indexes from a hardcoded value to an enum-based value. * Reverted inadvertently committed change to TSSslSession doc. * Document TSHttpTxnPostBufferReaderGet (#8068) This adds documentation for the TSHttpTxnPostBufferReaderGet transaction function and for the corresponding TS_HTTP_REQUEST_BUFFER_READ_COMPLETE_HOOK. * Fix mutex use after free (#8209) * Fix mutex use after free * One more try * Try again * Avoid the strdup, albeit safe, annoys CA (#8211) * uri_signing: embed config into the unit test (#8210) * lua: add ts.is_debug_tag_set function (#8188) * Modified slice to leverage APIs to specify buffer size and watermark. (#8089) * Modified slice to leverage APIs to specify buffer size and watermark. * * Refactored dependencies based on changes made in PR #8088 * Reverted changes to Makefile.inc. * Remove some const casting (#8207) * uri_signing: fix for copying too many bytes and compiler warnings (#8217) * Fix heap-use-after-free of ts-lua plugin (#8215) * Add the origin IP to the error message for invalid server response in OSDNSLookup (#8031) * Include cstring.h to make debian builds happier (#8224) * Disambiguate overloads of Machine::is_self. (#8225) * Fix client ip debug logging for the entire transaction (#8214) This fixes debug client ip logging so that the remote address and debug tag are set on the thread and netvc earlier so that the debug logs for the entire transaction. * Add normalize_ae option 3 (#8226) * Add normalize_ae option 3 This normalizes when both `br` and `gzip` are present to `br,gzip`. In the other cases the AE gets stripped down a single value, eliminating options for origin responses. In this case the origin still has the option to send back br or gzip while normalizing the cached AE header to still keep alternates to a minimum and still have compression. If both are not present then it acts like the existing option `2` if br is present, then option `1` if `br` is not present but `gzip` is * check-unused-dependencies: add librt for clang/asan case (#8220) * Docs: Fix doc links for cookie_remap doc file. (#8218) Co-authored-by: Damian Meden <[email protected]> * Doc: Fix TSUrlPercentEncode documentation(#8228) Co-authored-by: Damian Meden <[email protected]> * Upgrade Catch.hpp to v2.13.7 (#8231) * Updating our AuTests to use Proxy Verifier v2.2.2 (#8230) Updating autest to use Proxy Verifier v2.2.2 which improves the handling of manually crafted chunk encoded bodies. * Updates yaml-cpp to 0.7.0 (#8232) * transaction data sink: only stream body bytes (#8204) This changes the transaction data sink logic to only stream the HTTP response body bytes to the plugin's consumers rather than all the bytes of the response. Body bytes are what the docs imply and what any user of the sink interface will expect. * mptcp: Missing socket-option in case of SO_REUSEPORT code-path (#8241) When SO_REUSEPORT is being configured, the socket-options take a different code-path. MPTCP was missing in that section. * UglyLogStubs: properly fill out the Machine stub struct (#8240) * rc: Emit Stopping message when stop called (#8244) This fixes issue #8242 * Fix crash in lua host lookup (#8236) * Fix crash in lua host lookup * fix typo in comment * Docs: Fix typo in CONTRIBUTING.md (#8250) * Add links to docs for debugging (#8251) * Cleanup: Get rid of deprecated functions of NetVConnection (#8252) * Update lua.en.rst (#8255) * Traffic Dump: dump response bodies and filter by client IP (#8247) This adds the -b option to traffic dump to dump server response body data. It also adds the -4 and -6 options so that the client can filter what is dumped based upon a client IP address. * Upgrade to latest fastlz version (#8245) Move to lib/fastlz to remind people it exists Removed reference to lib/wcpp and lib/tsconfig from NOTICE. These were dropped in ATS 9.x * Doc: Clarify connection direction of configs in sni.yaml (#7676) * Fix log filters for IP conditions. (#8249) Our log filter mechanism for IP addresses did not compare the filter's specified IP address with the log field's IP address correctly. This fixes that matching mechanism. Fixes #6405 * Add some header tests (#8221) * uri_signing: address memory leak with the internal jwt struct (#8229) * Allow for graceful handling of ip_allow.yaml format errors (#8257) Also, when a bad config is attempted to be reloaded, we won't overwrite a good working config. * Doc: Notes of setting Environment Variables for traffic_server (#8258) * Fail requests with incomplete line ends (#8096) * Bubble up ssl_multicert.config load failures (#8256) * Remove unnecessary IPAddr cast. (#8259) Removing a cast to IpAddr for a variable which is already an IpAddr in the LogFilterIP code. * fix Http2Stream leaks (#8260) * Add missing #include directive (#8270) Signed-off-by: Randy DuCharme <[email protected]> * Align strategies.yaml loading logging with other config files (#8262) * Add ACCEPT_FILTER Support on FreeBSD (#8263) * Add warning message about why enhance your calm is being sent (#8271) * Use better done file locations for some AuTests (#8274) Some of the AuTests used a done file for AuTest process Ready conditions. These files got left around in the test directory. This change puts these done files in the sandbox instead. Fixes #5546 * AuTests: Avoid capture_output subprocess command (#8278) The subprocess capture_output is a Python 3.9 parameter. This changes the AuTests that used it to instead use the older stdout/stderr parameters because that's compatible with Python 3.9. * Align TS API Au test with Yahoo interal version. (#8267) * Report to user correct configurable to tweak on error (#8280) * Updated STATUS file (#8223) * Add cache condition in header_rewrite plugin for lookup results (#8085) Co-authored-by: Serris Lew <[email protected]> * Add support for header_table for lua plugin (#8261) * Add support for header_table for lua plugin * Update gold test * fix test * fix test * Fix some minor issues with loading the self identifying data in the Machine class. (#8275) * In preparation for H2 outbound, split out common Session (#8281) * autest: double the initial port pool for get_port (#8292) We're running into issues with port selection with our tests. This seems to be an issue with recycled ports. This temporarily expands the number of ports in the port pool to avert this problem while we investigate this issue further. * Use flynt to convert contrib,doc and plugins to f-strings (#8289) * stats_over_http: don't show config file error when not specified (#8279) * log port # when port is recycled (#8284) * Fix the skipping logic for autest and docs (#8227) * Fixes an issue with next hop self detection, issue #8254 (#8276) * Fixes a typo in the Rate Limit plugin (#8293) * Use OpenSSL EVP API if SHA1 API is not available (prefetch) (#7448) * use thread_local to speed things up (#8028) * Cleanup generated LDFLAGS for jemalloc (#8285) Use the already expanded jemalloc_ldflags instead of overwriting what was previously specified earlier in the file. Also, drop use --add-needed,--no-as-needed * Fix H2 logic when setting EOS flag on DATA frame (#8201) * Fix leaks in ConfigManager::configName (#8269) This fixes an ASan reported leak of ConfigManager::configName. It used to be strdup'd but not freed in the destructor. This simply changes it to a std::string. ASan also reported a leak in AddConfigFilesHere which is fixed with an ats_free as well. * Do not log all errors with HTTP status 500/internal error as DNS failures. (#8290) * Update nghttp gold file based on previous h2 fix (#8298) * AuTest: Use OrderedSetQueue for port selection. (#8296) Our port queue wound up having duplicates in it. We never want duplicates in our port queue as this results in multiple processes trying to use the same port leading to EADDRINUSE errors. Since unique port entries is a requirement, this changes the port queue to be an ordered set queue which, by design, will only contain unique port values. * Revert "autest: double the initial port pool for get_port (#8292)" (#8300) This reverts commit d15a0422eedf526de90ee5f76243e5fb8d8bd185. This port pool expansion should no longer be needed now that the port queue was made a unique set (see #8299). This commit therefore reverts what was intended to be temporary. * Revert "Fail requests with incomplete line ends (#8096)" (#8305) This reverts commit 2c8bb98b2cb364b1a820236dc83271af082e7434. * Truly treat multiple certs with the same SAN as a warning (#8303) * Fix corner cases in rate limiting plugin (#8312) Fixes an issue that led to release() being called too frequently Fixes a crash that occurs when the SNI string is nullptr and length is non-zero * For peering ring, make upstream group of hosts optional. (#7925) Add Au tests for strategies.yaml, with consistent hashing, with peering. Caching is disabled when the next hop is a peer (in the first host group). * Remove incompatible changes for 9.2.0 (#8316) * Revert "Removes down_server.abort_threshold completely (#8077)" This reverts commit c214c9f40096afbe580c0ee90647933ad8b21bcd. * Revert "Fixing TS_HTTP_REQUEST_BUFFER_READ_COMPLETE_HOOK enum value. (#8066)" This reverts commit 1fb81dfbf41110f3e0b088b29c4d778e0e04da84. * Revert "Update TSHttpTxnAborted API to distinguish client/server aborts (#7901)" This reverts commit e44ca802404ed99899d43163fc65e1811ba791af. * Revert "Remove undocumented keepalive_internal_vc setting (#7693)" This reverts commit 5129f14183a5169e118c450bf884673987a5ef06. * Revert "Change the default value for verify.server.policy (#7587)" This reverts commit ba23fe23b2d00c7aafebdba75b2787958f2ced64. * Revert "Removes deprecated sni.yaml option: disable_h2 (#7547)" This reverts commit 0c4857db3e296f3e74065ca6fb79f8638c10baf2. * Revert "Remove references to removed options (#7756)" This reverts commit 09ea857afecbb53b86f0020da0375c0414586f6b. * Revert "Unify all the connect timeouts into one (#7335)" This reverts commit ea44614ae833090ab3364856a6fc457ee14bd665. * Revert "Remove the queuing option from proxy.config.http.per_server.connection (#7302)" This reverts commit 87800c424416e544ae04099a2fcadb1a1e86e554. * Revert "remove TSContSchedule, then rename TSContScheduleOnPool to TSContSchedule" This reverts commit cefe4826c919847385aa9d8459b9d5cfc20377f9. * doc: Fixes curl syntax for PUSH example (#8315) * statichit: allow exact path matching to be optional (#8307) * Fix a compile error in rate_limit plugin (#8310) * Fix a compile error in SSLCertLookup (#8309) * Fix crash during raw connect failures (#8306) In the case of raw open, the server_txn will generally be a nullptr. We tried to use server_txn when calling set_connect_fail, which resulted in a crash. This change simply removes the call. Note that a generic call to set_connect_fail was already called previous to calling this function. * Fix yamlcpp include folder by using the YAMLCPP_INCLUDE variable (#8319) so if we configure our own version of yamlcpp then the right include files will be picked up. This will avoid mixin up the internal and the configured yamlcpp library * Cleanup url_*_get/set functions (#8237) * Access URLImpl's detail via accessor functions * Make some of url_*_get/set functions to methods of URLImpl * Fix a link error * Update unit tests * Add virtual destructor to Http2CommonSession because it now has virtual methods. (#8320) * Removed unused dirname from LoadRefCountCacheFromPath (#8322) AOCC flagged the parameter `dirname` from LoadRefCountCacheFromPath as unused. This patch removes it. * Add mTLS scenario documentation (#8314) * Add mTLS scenario documentation * Remove trailing whitespace * Cleanup: Move member function definitions of HttpSM & HttpTunnel (#8324) * Make separate read and write vc_handlers (#8301) * Make separate read and write vc_handlers * Remove server handlers cross routing * Cannot null out the vio, must check the write_buffer otherwise, function is not dispatched * docs: Update host_sni_policy for some behaviors (#8332) This expands the documentation for a few behaviors of the `host_sni_policy` feature that can be unexpected for users. Namely: * `host_sni_policy` is keyed off of the Host header field instead of the SNI value in the handshake. * The records.config global `host_sni_policy` only applies when there is a relevant security policy set for the host in the sni.yaml file but no specific `host_sni_policy` is set there. * Prefetch plugin: add --fetch-query option (#8264) * Prefetch plugin: add --fetch-query option * Fix Error: Trailing whitespaces are not allowed! in docs * Ooops forgot to rm .orig file Co-authored-by: Jan van Doorn <[email protected]> * Updated the CODEOWNERS for me (#8336) * Updated the CODEOWNERS for me * Update age in header_rewrite_cond_cache autest (#8339) Co-authored-by: Serris Lew <[email protected]> * Make fqdn of sni.yaml match case insensitively. (#8327) SNI and fqdn of sni.yaml should be matched case insensitvely. This changes the matching mechanism for these to be case insensitive. * Doc: multiplixer plugin documentation updates (#8325) A user was confused about the nature of `pparam=proxy.config.multiplexer.skip_post_put` for the multiplexer plugin. This updates the documentation to more clearly describe its behavior. * Revert "Fixed issue with macOS Catalina and pcre 8.43 enabling pcre-jit (#6189)" (#8341) This reverts commit 093317c808b01304abf0a6b4aaf9c34791e3e08e. * Fix missing outbound_conntrack config assigment(from master config to global parameter configs) (#8328) * Add debug message when there is a header parse error for http/2 (#8234) * SNI: updating SNI/hostname mismatch logging (#8326) This updates SNI/hostname mismatch logging to add visibility to its functionality: * Adds an error.log entry if a mismatch is found. * Adds debug logging (there was none). * Add current active SNI Routing Tunnel stats (#8323) - A new stats: `proxy.process.tunnel.current_active_connections` - A new config: `proxy.config.tunnel.activity_check_period` * Add <limits> include to BufferWriterForward.h (#8345) Adding the include of <limits> in BufferWriterForward.h because it uses numeric_limits. Certain compilers require this. Fixes: #8342 * remove unused RecConfigFileEntry from RecConfigParse (#8348) * Rename outbound_conntrack to global_outbound_conntrack to reduce confusion. (#8343) Co-authored-by: Damian Meden <[email protected]> * Updated version * Added ChangeLog * Added support for verifying cacheability before attempting to force an object into cache (#8364) (cherry picked from commit 44d1be681245f73e82eee59699ad0660dea91290) * Locking around SSLSecret::secret_map access (#8358) This fixes an infrequent crash that would happen in getOrLoadSecret. Looking at the core, the iterators for SSLSecret::secret_map in SSLSecret::getOrLoadSecret were corrupted. This patch serializes access to the structure so that multiple threads don't stomp on each other. (cherry picked from commit 470c48982c5f192a4e6935ef55d0769e20ad8783) * Stabilize regex_revalidate Au test. (#559) (#8360) Delay sufficiently between writes of config file so the differences in the write times will be greater than the granualirity of the timestamp used by the plugin. (cherry picked from commit 9031965889ab430bd182dd5485ecda451ecb6a8a) (cherry picked from commit 1a353b23106fed9de98c8d4b0e0bbdc751337606) * [doc] Add a note for TSLifecycleHookAdd. Warn users that a contp could eventually be executed in a ET_NET when it was originally scheduled in the ET_TASK. (#8344) (cherry picked from commit 46bd1211f210623a45a21ded51763d2c35a40760) * change MemArena::make test to remove memory leak (#8352) (cherry picked from commit 2a6156fed0e82fd7992567633750f040951a72ab) * remove trailing spaces from inside CHANGELOG-9.2.0 * Autest Fix server line to ignore version (#8374) * Fixes issue #8329 crash in NextHopConsistentHash where when the only (#8365) host in a strategy is unavailable due to DNS lookup failures. - refactored NextHopConsistentHash::findNextHop() to fix the crash and simplify it. - fixed the unit tests in test_NextHopConsistentHash.cc so that test failure checks using strcmp() do not crash with a nullptr hostname result. (cherry picked from commit 6ccae6c52bde6f0af0ab385cac99ffbd35ce4f22) * Adding TLS session key logging capability (#8337) Adding the ability to log TLS session keys to a log file for packet capture decryption purposes. This adds the following reloadable configuration: proxy.config.ssl.keylog_file Since this can work for QUIC as well, this also deprecates: proxy.config.quic.client.keylog_file (cherry picked from commit b26795d307024570eda96c30aaf96a8af4e85bde) * Adds support for TCP_NOTSENT_LOWAT sockopt (#8354) (cherry picked from commit b53e74581b9fc7517280451c3d5e9799f2e7d9fa) * Added support for promoting internal (plugin-initiated) requests. (#8363) (cherry picked from commit 3d9d5e7618ce0ad75c72fabc8eca9a7de97db03e) * Pre-warming TLS Tunnel (#7661) (cherry picked from commit d1e2dd8aac6a1c2cd340418b9534923413d1650c) * Traffic Dump: update json-schema for new tuple requirements (#8370) More recent versions of json-schema have tuple array element specifications described with "prefixItems" rather than with "items". This updates our Traffic Dump schema to match this requirement. I verified that our tests that use this work with both the older jsonschema 3.2.0 pip package and the current 4.0.1 package. Fixes: 8369 (cherry picked from commit cba5e85cb4cfd8f49b1ff1ac358f7cfba8ee3715) * Updated ChangeLog * Fix regex_remap plugin redirection. (#8359) (cherry picked from commit c2d35047faf21b917e1cf9e6418280fcbb507eca) * AuTest: Execute Test Python Scripts with sys.executable (#8412) A handful of our AuTests execute their own Python scripts. Generally these just ran with whatever `python3` picked up. This changes those to use {sys.executable} which will run those scripts with the same Python being used for autest itself rather than some other system Python which may not have the required dependencies installed in it. This way any requirements for the scripts can be placed in the tests/Pipfile and it should be available for those scripts. (cherry picked from commit 6c3e9d22a072aa8ab55cc21b4b041a2d635577b5) * Add stats for concurrent stream limits exceeded (#8409) Introduce two new stats tracking when the limits on maximum concurrent streams are exceeded for both inbound and outbount streams, respectively proxy.process.http2.max_concurrent_streams_exceeded_in and proxy.process.http2.max_concurrent_streams_exceeded_out. See https://datatracker.ietf.org/doc/html/rfc7540#section-5.1.2 (cherry picked from commit 92fd44fb5540fd0928493bc08f8ad28a1dc15789) * Fix map_with_recv_port URL remapping type. (#8406) (cherry picked from commit 85e73b753ec730c55f34d556185a82ee904d5d96) * Update CacheWrite.cc (#8405) code optimize for cache_evac debug log (cherry picked from commit a54abe771df8e7d0546d0107b8a24690b9941222) * Update the feature lists available for autest (#8392) This closes #7075. (cherry picked from commit d2e57c4182086717f25be94201d8a3bc97c7eccd) * body factory does not respect runroot (#8388) (cherry picked from commit d19ef809cce96a684e1854b249231c909e0bad02) * Fix a potential H2 stall issue (#8381) (cherry picked from commit 870b857bbbc1d993d6c66672a09b561c13f087d5) * Add Au test for pqsi and pqsp log fields. (#8372) (cherry picked from commit a7c0f794813b17329b421da38f869884287cece0) * Updated ChangeLog * Add set-body ability to header rewrite (#8411) (cherry picked from commit d91620daf2247ec0a701ffee65a1bd24ec5eedef) * Remove operatorbody class, its not needed at this time (#8424) (cherry picked from commit bb431907fa35b786185b52a512af03b0776365c3) * Updated ChangeLog * Make sure the include files are built first (#8427) (cherry picked from commit 3679ebed4bac5d322dda722290f2c76d1a487359) * Updated ChangeLog * For verify_global_plugin test, check for platform independent error message (#8442) This allows the test to work on something other than Linux (cherry picked from commit 0746ec2c307eb8de201b7112992c529da45303b8) * Exports all symbols for missing_mangled_definition.so test plugin (#8444) This fixes the tests verify_global_plugin and verify_remap_plugin when using lld and LTO (cherry picked from commit 20adcb42ccc51075d61833110e577667259e8b5a) * UnixNetVConnection: add check for nh in fail block (#8479) (cherry picked from commit 6663d7b3de53c8e7ee85eae39db0fa4164638ed8) * Fix SSLAddressLookup Test (#8436) (cherry picked from commit c92cef82a835390776069463316959773d23fd39) * Fix traffic_top build when using -Werror=format-security (#8437) (cherry picked from commit 66c86c6b082903a92b9db33c60e3ed947e77d540) * Fix traffic_manager build when mime-sanity-check is enabled (#8438) (ch…
No description provided.