Traffic Dump: dump server-side protocol stack #6972
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This also adds some TLS information in the protocol stack, such as the
verify_mode applied to the SSL session and whether the server requested
a client certificate.
With this change, there are now two kinds of protocol stacks that are
dumped. There is a session-level one that describes the client-side
protocol stack. It can look something like this:
"sessions": [
{
"connection-time": 1593796698149511642,
"protocol": {
"h2": {},
"ipv4": {},
"tcp": {},
"tls": {
"proxy-provided-cert": true,
"proxy-verify-mode": 0,
"sni": "www.tls.com",
"version": "TLSv1.2"
}
},
"transactions": [
...
In addition, there is now a server-side protocol stack that will be printed in
every proxy-request node. It can look something like this:
"protocol": {
"http/1.1": {},
"ipv4": {},
"tcp": {},
"tls": {
"proxy-provided-cert": false,
"proxy-verify-mode": 1,
"sni": "www.tls.com",
"version": "TLSv1.2"
}
},
Note that the dump provides TLS information from the perspective of the proxy,
therefore the TLS nodes are prefixed by "proxy-". The schema is also updated to
anticipate verifier directives that dictate client and server TLS behavior
("verify-mode" and "request-certificate").
|
You say protocol stack but you don't care the order? "protocol": [
{
"name": "ip",
"version" : "4"
},
{
"name": "tcp"
},
{
"name": "tls",
"version" : "1.2",
"alpn": "h2",
"sni": "example.com"
},
{
"name": "http",
"version": "2"
},
]Also, I'd be curious what the format for QUIC would be like. It could be "udp", "quic" and "tls", but technically "tls" is not on top of "quic". |
|
[approve ci] |
Oh, good point. The JSON pretty printer I used changed the order around. I'll fix that. That said, the way I wrote the plugin, the "tls" node is handled separately and is always placed at the end. I'll see whether I can fix that. |
With the latest commit, the stack now looks like the following (note that the protocols are in order, from higher to lower layers): And the server side: |
|
Thanks for the update, but that's not my point unfortunately. I'm saying "protocol" should be an array. |
Ah, that makes sense. Sorry, I was thinking that you were pointing out that the map elements weren't ordered according to the protocol layers. I think you're absolutely right. Making the protocol an array is the right thing to do. I've done that, using the scheme you described, in the latest commit. Thanks for your feedback, I think this improves things a lot. |
Note that I updated the PR comment with a description of what the protocol nodes look like now. |
maskit
reviewed
Jul 8, 2020
maskit
reviewed
Jul 8, 2020
|
The output looks good to me now. Thank you for updating. I haven't looked into the detail yet but I left a few comments. Since you're adding new TS APIs, please follow the API review process below. |
Thank you Masakazu. I wasn't aware of this review process. I sent an email to the dev list concerning these functions. |
shinrich
approved these changes
Jul 10, 2020
maskit
added a commit
that referenced
this pull request
Jul 14, 2020
* master: Test and fix connection timeout and retries (#6897) Improve client_vc tracking (#6889) Open UDP ports on traffic_manager if ports are configured for QUIC (#6808) Issue 6847 Fixing documentation for secondary_mode (#6851) Add maxmind acl plugin (#6980) fix leak in early data (#6957) Traffic Dump: dump server-side protocol stack (#6972) Preserve cert name through ssl vc migration (#6977) Adds null check (#6994) hostdb: don't use next_sync_time - now() as TTL (it can be negative) (#6979)
maskit
added a commit
to maskit/trafficserver
that referenced
this pull request
Jul 14, 2020
commit a1952d8a53feb66b0722d0dca252e098c9320f0a
Author: Masakazu Kitajo <maskit@apache.org>
Date: Tue Jul 14 11:14:45 2020 +0900
Comment out an unused const value
commit f7893992358606565c156e6f9964fa02f5425e87
Author: Masakazu Kitajo <maskit@apache.org>
Date: Tue Jul 14 11:06:57 2020 +0900
Don't process write_vio on initialization if there is no data
commit d7d00c2b838c46b761ac9dcd72fa5ae391a8ab19
Merge: 00d78836a 89b6b91d4
Author: Masakazu Kitajo <maskit@apache.org>
Date: Tue Jul 14 10:19:18 2020 +0900
Merge branch 'master' into quic-latest
* master:
Test and fix connection timeout and retries (#6897)
Improve client_vc tracking (#6889)
Open UDP ports on traffic_manager if ports are configured for QUIC (#6808)
Issue 6847 Fixing documentation for secondary_mode (#6851)
Add maxmind acl plugin (#6980)
fix leak in early data (#6957)
Traffic Dump: dump server-side protocol stack (#6972)
Preserve cert name through ssl vc migration (#6977)
Adds null check (#6994)
hostdb: don't use next_sync_time - now() as TTL (it can be negative) (#6979)
commit 00d78836a62346511dd1ffecde4a2d067bf9b196
Author: Masakazu Kitajo <maskit@apache.org>
Date: Mon Jul 13 16:21:45 2020 +0900
Update tests
commit 32fb67f89e8314479b1457e83a278bd46edd0e94
Merge: fbc8d4a67 da888769f
Author: Masakazu Kitajo <maskit@apache.org>
Date: Fri Jul 10 11:27:30 2020 +0900
Merge branch 'master' into quic-latest
* master:
Fix a build issue with BoringSSL (#6988)
Update autest to version 1.8.0. (#6981)
Updates path to reflect new location in tree (#6993)
Fix memory leak in header_rewrite (#6986)
Fix typo in Http2ConnectionState (#6991)
Fixes use after free when boringssl is used (#6985)
Fix out of source tree builds for QUIC (#6984)
remap doc correction (#6974)
Use print mode with length in validate_sni debug (#6976)
Assert non-zero HdrHeap object size (#6954)
AuTest: Properly handle experimental plugins. (#6971)
Add new test and fix for float configuration failure in conf_remap (#6967)
Cleanup: Break down HpackIndexingTable::lookup() into static table lookup & dynamic table lookup (#6509)
Perf: Use LocalBuffer in HTTP/2 (#6536)
RateLimiting and Connection Config changes (#6968)
Update docs for some DNS config settings (#6969)
Log whether client certs were exchanged in TLS handshake (#6699)
Fix support for openssl async engine (#6910)
Make the log_pipe test more efficient. (#6966)
Cleanup: Simplify Http2Stream::update_write_request() (#6962)
Assert on valid boundaries for UserArgTable access (#6953)
Fix format string for int64_t (#6963)
Fixes icap build on macOS (#6958)
Metrics for origin close (#6873)
Cleanup: Remove unnecessary member from Http2Stream (#6951)
Prevent buffer overflow during log filter actions (#6950)
Make HostDBInfo class safer to use. (#6858)
Remove two unused includes in HdrHeap.h. (#6905)
Set the default thread count factor to 1x the number of logical cores (#6949)
Build test C/C++ files with Automake. (#6945)
remove useless code (#6952)
Add CI verbose and debug options for autest (#6947)
Remove dup code in QUICMultiCertConfigLoader (#6942)
Retry read when fastopen_bread() get non fatal error (#6841)
Cleanup: Remove unused arguments (#6943)
AuTest: New log and When condition for ATS initialized (#6931)
Add IPCAP Plugin (#6484)
Load combined file with bogus key path (#6933)
plugins: Move to blocklists and allowlists (#6940)
Move to blocklists and allowlists (#6941)
Prevent use-after-free of TransactionPlugin (#6937)
Update buffer-writer.en.rst (wrong header link) (#6934)
Fixed bug in the calculation of the header block fragment length (#6923)
Disable max_connections_active_in default now that featur works (#6903)
Make compress Au test less flakey. (#6915)
Enable only squash and merge for GitHub
example: Move to blocklists and allowlists
Fix dual_cert_select test to run with older openssl binary (#6896)
Prevent stale netvc access on SSL Callbacks (#6925)
commit fbc8d4a670026d1fbc38c00107d6f06c283d9852
Author: scw00 <616955249@qq.com>
Date: Fri Jun 26 19:56:58 2020 +0800
Document qlog_dir configuration (#6935)
commit 5d3cecf6b5fc0820f6b3cb608caa2a9d31345a4b
Author: Masakazu Kitajo <maskit@apache.org>
Date: Fri Jun 26 10:22:52 2020 +0900
Update tests
commit 8d09233a75eb5d34097c17ccf7ed69be1bea6440
Author: Masakazu Kitajo <maskit@apache.org>
Date: Mon Jun 22 11:36:09 2020 +0900
clang-format
commit 4f54576cbc56e630b6104e1a52d4c3b9a52aa76e
Merge: 5c50ff382 763aa8e14
Author: Masakazu Kitajo <maskit@apache.org>
Date: Mon Jun 22 11:34:21 2020 +0900
Merge branch 'master' into quic-latest
* master:
Make QPACK.h self-contained
build: Require OCSP headers for OCSP-enablement
Fix old MIMEHdr handling of HPACK
Customize Max IOBuffer Size (#6869)
Ensure read_avail is set for the first non-empty block (#6916)
Removes SSLNetVConnection::sslContextSet
Disable lua_stats autest until we can reliably wait for stats
set sni_name with remapped origin name if sni_policy is not the default value (#6898)
Make h2spec test more resiliant by extending timeout (#6891)
Make Http2ClientSession inactive on EOS event
Fix assert when client aborts during backfill (#6809)
Traffic Dump: Add server response HTTP version (#6856)
AuTest: Pipfile update to use microserver 1.0.5 (#6893)
Fix compiler issue with ICC 19.1
change overridable var type for proxy.config.http.server_session_sharing.match from int to string (#6822)
Fix the relative path for template_sets_dir to be install directory (#6203)
microserver error handling: SSLError check and debug. (#6884)
Track thread changes during origin connect and cache open write (#6872)
Fix for Ubuntu 16 and Clang 5
AuTest: port selection improvements. (#6888)
Revert "Avoid stale client_vc (#6732)" (#6879)
Return null when do_io_write called on closed stream (#6826)
Handle immediate as inactivity timeout (#6689)
Avoid stale client_vc (#6732)
Protect against nullptr access during SSL Callback (#6866)
avoid dynamic_cast to get Pi-tag for non_internal requests (#6868)
Adding HTTP status 451 in apidefs as well (See PR#6789) (#6797)
Fix session pool to add and fetch to beginning of hash chain rather than end (#6805)
Conflicts:
iocore/net/quic/QUICPacketPayloadProtector.cc
commit 5c50ff382560a22fab2e6ac65d5dcaa2d528247a
Author: scw00 <scw00@apache.org>
Date: Tue Jun 16 09:17:15 2020 +0800
make compiler happy
commit 344ede3200f4de10f6319fc58a49c18abda09d6f
Author: scw00 <scw00@apache.org>
Date: Fri Jun 12 10:53:31 2020 +0800
Chang qlog_file configuration to qlog_dir
commit 511ac7ecc1b95b445e432f7c1e0b0c3094217aa3
Author: scw00 <scw00@apache.org>
Date: Sun Jun 7 18:43:37 2020 +0800
make qlog configurable
commit 1a5669a48defbb39a3059021e397c05e9a5dc05f
Author: scw00 <scw00@apache.org>
Date: Fri Jun 5 15:58:23 2020 +0800
add metrics update
commit a126b84f4318c52cdb8e6b81d239ed505ade6bce
Author: scw00 <scw00@apache.org>
Date: Thu Jun 4 17:48:32 2020 +0800
remove useless INCLUDE_YAML
commit 82b51076ad0f28b1df8a6b367297643cfbc72504
Author: scw00 <scw00@apache.org>
Date: Thu Jun 4 17:40:32 2020 +0800
make qlog configurable
commit da958f1c91f7a1ed7af472eedad4b3da55981f5e
Author: scw00 <scw00@apache.org>
Date: Mon May 25 13:54:49 2020 +0800
QUIC: add qlog support
commit a2e788b8b5337a7225a456df56de853fece7e17c
Merge: db1a85c5a 02a60b200
Author: Masakazu Kitajo <maskit@apache.org>
Date: Tue Jun 9 11:44:47 2020 +0900
Merge branch 'master' into quic-latest
* master:
Fix a crash on TLS resumption
Make format specifier for time_t portable
Fix pointer overflow in XPACK
Add include so BROTLI constants are available to plugin (#6862)
We should remove whitespace from fieldname in http response due to RFC7230:3.2.4(#6793)
Fix missing virtual destructor in TLSSessionResumptionSupport. (#6812)
Generalize KA check logic
LGTM: fix hiding a global variable with the same name
LGTM: add header guard
Removes refcounting from compress and s3_auth plugins
Schedule Transform on the same thread as the continuation (#6843)
traffic_dump: debug_tag and lock improvements
Issue 6838 Fixing the comparison in waited_enough (drain functionality) (#6839)
Drastically improve generator.so performance for /nocache (#6834)
Slice plugin: recover out of sync slices, better handling of non 206s
commit db1a85c5a029260761e65f86917c2c583bd33583
Author: Masakazu Kitajo <maskit@apache.org>
Date: Thu Jun 4 14:08:07 2020 +0900
Add support for BoringSSL API version 10 (QUIC)
commit 3a41eb4286b8955db80a3bcb8ef72a504dbbf558
Author: Masakazu Kitajo <maskit@apache.org>
Date: Wed Jun 3 10:18:53 2020 +0900
Ignore QUIC Short packets during handshake
commit 81d52e4c80dc3caf913527a5d817c6cec8f49fa9
Author: Masakazu Kitajo <maskit@apache.org>
Date: Wed Jun 3 09:46:52 2020 +0900
Increment ndone with th amount of data actually read
ndone was not updated correctly and it caused a problem on setting FIN flag on a
QUIC stream.
commit a788cc38ca803a0f3c5901b14db5f6a7ce6361e4
Author: Masakazu Kitajo <maskit@apache.org>
Date: Tue Jun 2 11:33:40 2020 +0900
Cleanup dependency for QUIC module
commit 88d4597c257c00859c29f77616c96d2090a699f1
Merge: 9c358d48e 78028cf5b
Author: Masakazu Kitajo <maskit@apache.org>
Date: Mon Jun 1 16:22:08 2020 +0900
Merge branch 'master' into quic-latest
* master:
Change AM_LDFLAGS to be an addition, not an overwrite, in the plugin makefile. This allows the various libpaths, and specifically the rpath, to be transferred over to plugins when used for tests. Currently separate test applications will build properly against things like a custom openssl installation, however when they run they do not know the correct location unless you have set the LD path on the system to include that directory. Passing this information around allows the ATS library rpath to also be used for the test applications so they can determine at runtime where to look for libraries (#6835)
Adding a basic ip_allow test.
Add CSV output as an optional format for stats_over_http (#6818)
HostDB - change HostResPreferenceOrder type to std::array.
cache_range_request: Overhaul and clean up the core autest.
lua plugin: fix for incorrectly injecting global plugin stats
Clear handling tracked events of Http2Stream
Add le32toh and htole32 for macOS (#6807)
Make chunked encoding test more resilient (#6827)
regex_remap: Adjust regex recursion limit down due to crashes in testing. (#6819)
Fix test certs in client_context_dump (#6824)
Doc updates for tunnel_route and ip_allow interaction.
ip_resolve - Make config variable overridable
Fixes remaining memory leaks with nexthop strategy unit tests found by ASAN. This should close issue 6765
Make post_slow_server Au test work in Docker container.
Add an optional ramcache setting to volume.config to be able to disable it (#6746)
Fixes to hostDB to avoid event and memory leaks (#6686)
Add TXN_CLOSE hook to CPPAPI TransactionPlugin (#6800)
clang-analyzer: uninitialized va_list (#6798)
commit 9c358d48e1791bc86e61e99114775a973b82055c
Author: Masakazu Kitajo <maskit@apache.org>
Date: Mon May 25 14:19:28 2020 +0900
Update tests
TP format was changed but binaries in test cases were not updated
commit 3444f4108dfb9bb7c41bc9536b26272eb7312736
Author: Masakazu Kitajo <maskit@apache.org>
Date: Tue May 5 16:25:07 2020 +0900
Add TLSSessionResumptionSupport to QUICNetVC
commit 221c5b5f37738c65ba9d1787a047eec6ba200d2a
Merge: 7f9338f62 16fb8092e
Author: Masakazu Kitajo <maskit@apache.org>
Date: Wed May 20 08:36:52 2020 +0900
Merge branch 'master' into quic-latest
* master:
Generalize callbacks for TLS session resumption
fixes issue 6765, memleak in unit test mocked Machine class in nexthop_test_stubs.cc
Fix HPACK Dynamic Table Cleanup
clang-analyzer: code clone in get_proxy_protocol_addr (#6791)
clang-analyzer: eliminate identical conditions (#6790)
Adding HTTP Status code 451 for Unavailable For Legal Reasons (RFC 7725) (#6789)
HPACK: send back an error to the client when the index is invalid
Use Proxy-Connection iff parent_is_proxy=true
1. Set a non-zero default value for TLS Client Handshake Timeout (#6781)
Update existingh formatting with new clang-format package
Updates clang-format to LLVM v10.0.0
Fixed `AddressSanitizer: odr-violation`
Weird characters in debug message
Add back reading config for handshake timeout (#6773)
Lua plugin: add ts.server_response.get_maxage()
Ensure inactivity timeout is not set when passed in timeout value is 0 (#6772)
clang-analyzer: Fix dead nested assignment issues
Do not fail multicert load if line does not create entry (#6760)
Accept Handling VIO events SSL (#6764)
Accept handling VIO events (#6763)
Promote netvc to ProxySession (#6759)
Add metrics to track default inactivity timed out connections (#6755)
Script to find mutexes/futexes that are contending
Enforce Active Connection limits (#6754)
Add HttpTransact::get_max_age and TSHttpTxnGetMaxAge
Make chunked_encoding test more reliable by killing nc process (#6762)
Disable remap-stats test until we can reliably wait for metrics (#6761)
Fix set manipulation in dual cert resolution (#6758)
Correct `schedule_every_local` to schedule locally
ASAN: Fixed one definition rule violation
gcc10: fixed clearing an object of non-trivial type for wccp
traffic_dump: refactor to make transactions atomically written
Cleans up doubled words in documentation
Doc: Add example for ipv4/6 on dns nameserver
Doc: Remove build warning
Fix typos in comments
Remove unused index for SSL application specific data
SSL: Introduce proxy.config.ssl.server.session_ticket.number
Lua Plugin - Extend the crypto API with SHA-256 and HMAC functions.
GCC 10: Update traffic_via to use string_view to avoid compile errors.
GCC 10 fixes - simple fixes.
Update expired test certificates for cert_update
Lua plugin: add ts.server_response.is_cacheable()
HttpSM cleaning up non-sense pointer indirection (#6721)
python: Remove unused imports
python: Fix dangerous default argument
python: Remove unused variables
python: Remove unnecessary comprehension
Conflicts:
iocore/net/UnixUDPNet.cc
commit 7f9338f62e41543243fd3aff6770b25b8996ed6f
Author: Masakazu Kitajo <maskit@apache.org>
Date: Tue May 5 17:49:03 2020 +0900
Enable QUIC 0-RTT with Tatsuhiro's OpenSSL
commit 42a0c656067ed117e7c729be30c7f91a744922c8
Merge: 05b7ab887 59ff1d846
Author: Masakazu Kitajo <maskit@apache.org>
Date: Mon May 4 17:33:54 2020 +0900
Merge branch 'master' into quic-latest
* master:
Fix ink_endian.h to include an appropriate header file
Fix a bug that current_active_client_connections doesn't decrease
Extendible asan simple (#6650)
Rework stats over http so that it supports both a config file and the original path parameter (#6542)
Commenting EventIO methods (#6712)
Document ip_allow in sni.yaml (#6723)
traffic_dump: add tls information to dump. (#6727)
gcc10: fixed warning about returning local variable in int64_to_str()
Au test: HTTP/2 client sends POST, server delays 2 minutes, sends 200 KB.
Fixup .gitignores to match repo reality
put events into local queue when scheduling on the same thread as the scheduler
Fix typo in DiagsConfig
Updated docs for guaranteed_{min,max}_lifetime
Remove tls_versions from host sni policy check
remove TSContSchedule, then rename TSContScheduleOnPool to TSContSchedule
slice plugin: add --include-regex, --exclude-regex parameters (#6701)
Add Access log fields for ProxyProtocol Context
Adding logging fields for collapsed forwarding metrics (#6708)
Added more of the main sub-trees
Fix lost fragments when update object
Removes ATS version from gold files
traffic_dump: add nullptr check for sni string (#6700)
Fix crash when folloing redirect
Fix deprecated-copy warning in cache tool
Fixed memory leak in header unit test
Increase the default max_record_entries to match the original compiled in value (#6697)
commit 05b7ab8874379e527712580210b41253601e54e9
Merge: d2232313c 7320d5c53
Author: Masakazu Kitajo <maskit@apache.org>
Date: Wed Apr 22 16:11:34 2020 +0900
Merge branch 'master' into quic-latest
* master:
Normalizes function names to match hook names in intercept plugins
Added Apache notifications file
Test PUSHing an object into the cache and the GETting it with a few variations on the client connection protocol.
Fix link issue of test_libhttp2 on FreeBSD 12 with --enable-debug
Traffic Dump: Adding an SNI filtering option. (#6645)
code and documentation for lua states configuration and stats printing (#6571)
Fixes minor memory leak in configure_net
Update TSStatFindName to check that sync callback is set on the stat
Fixes memory leak during log configuration
Removes commented out code from example
chdir into src before running git commands
Added / renamed config.h -> configs.h, to avoid our .gitignore
Added new flag to documentation
Cleanup for consistency
Add PolicyManager, basic functionality
Refactor the cache_promote policies
Format to match perferred if/else formatting for sh scripts
Adds the 8.1 stuff that's already running and building
Skip running autests for ci builds that don't have relevant changed files
Skip running autests for ci builds that don't have relevant changed files
Added a basic CODEOWNERS
remove unnecessary Last-Modified header from tests
Bug fixes to h2 buffering
Added bonded interface support to system stats plugin (#6668)
Fix memory leak of HPACK
Fixes memory leak loading certs
Check sni against SSL object (#6656)
Fix origin scheme selection with partial-blind addition (#6655)
traffic_top bug fixes for client connections
Run httpbin as an origin server of AuTest
Removing whitespace and closing file elsewhere
complete change
change suggested during discussion
close the file after use
Augment autest to exercise combined cert and key file
Optimize HTTPHdr conversion of HTTP/1.1 to HTTP/2
Convert HTTP/2 regression tests to use Catch
Introduce LocalBuffer
Add hashname to the configuration definition (#6647)
Adds important config notes for TLS v1/1.1 (#6646)
Add docs for memory leak detection configs
Add more options to session_sharing.match (#6566)
Fixes crash loading combined(cert+key) certs
traffic_dump: don't dump cookies from the wire (#6586)
Adding a log pipe buffer size test.
Adds partial_blind_route sni action
Make next_cs_id a private member variable.
Use default rwlock attributes on initialize
Fix migrate use after free (#6578)
Add a new log tag %<vbn> AppVersionInfo.BldNumStr
s3_auth_v4: multiple same name fields signing fix
Fix ASAN detected crash in test_LogUtils. This is cause by double linking BufferWriterFormat.cc, so don't do that.
Fixes a bug where the nexthop markNextHop method to mark a host down is not called when because the wrapper function was not used.
SNI: Add support to match/replace captured group from fqdn into tunnel_route. (#6613)
Add ready checks for the microserver and ATS test instances. (#6625)
Updated ink_rwlock to be a real reader writer lock
Patch to catch and invalidate an HTTP asset with negative bytes after cache_seek.
Fix missing virtual destructor for PluginUserArgsMixin.
Don't be overly aggressive on stream failures and closing
commit d2232313ce0d6baa2fb746b82596916256c72a69
Merge: 69713f57f ba98187ef
Author: Masakazu Kitajo <maskit@apache.org>
Date: Tue Apr 7 12:45:14 2020 +0900
Merge branch 'master' into quic-latest
* master:
Remove configure option --max-api-stats which does not do anything. Should have been removed as part of commit ea1fb0c87261b1fbf375fa6ade26deda1d01995b
Add extension ip.test.ext to Au Test, with Test method to allocate extra TCP ports.
Optimize HTTPHdr conversion of HTTP/2 to HTTP/1.1
Return TSFetchSM from TSFetchUrl so TSFetchFlagSet can set fetch flags
READ_RESPONSE_HDR_HOOK is invoked only when the response is from the Origin Server
Fix typo in system stats, change loadavg 10min to be 15min (#6608)
Making client session id unique across HTTP/1 and 2 sessions
Add support for a simple_server_retry_responses list (#6605)
AuTest for server_push_preload plugin
fix sed matching
Improving the messaging around the use of TSSslSessionGetBuffer
Fix PUSH_PROMISE frame payload length
Cleanup: fix a inline function style
Doc updates to TSContSchedule* API
Skip compressible content type check with null strings.
Include start line of HTTP messages in xdebug probe output.
Convert mgmt/utils unit tests to use Catch.
[Doc][DevGuide][TSStatSync] Fixing documentation for SUM and COUNT types
Support body factory template suppression for internal requests
Fix tunnel crash
When using TSContSchedule() and TSContScheduleAPI() set the calling thread as the thread affinity when not already set
Ensure TSContSchedule API family are called from an EThread.
Make request/response body as an option for AuTest microserver
Moved printing the incoming headers for debug before remapping
SSL: Always renew TLS Session Tickets iff TLSv1.3 is being used
Convert proxy/logging unit tests to use Catch.
Convert single regression test in iocore/eventsystem/SocketManager.cc to Catch.
Enable logging autests on macOS, clarify why Linux is required
In Au tests, poll for excretion of log file rather than waiting fixed delay. (#6506)
Fixed build issue with Ubuntu 16 debug
Removed some unused declarations in HttpTransact
Convert Mime and URL unit tests in proxy/hdrs to Catch.
Convert unit tests for sslheaders plugin to Catch.
free(map) -> delete map
Removes copypasta curl text from tests and removes checks for curl
Fixes some tls autests on macOS
Add FetchSM support to dechunking in non-streaming mode. Add new TS API TSFetchFlagSet()
Doc: Add mention for sleep time variance
Allow lo interface in list of system stats (#6531)
Remove unused unit test source files in src/tscore.
better handling of TSVIO calls and TSVConnAbort (#6239)
Convert tscore regression tests to Catch unit tests.
Disables "virtual host not used with AWS auth v4" error in s3_auth
Created remap_stats au test. This tests 2 remaps, one for a 2xx response and one for a 4xx response and then checks the stats output (#6505)
Adds support for configure option --enable-yaml-headers (#6519)
Require 1.1.1 as minimum openssl lib version for tls_check_dual_cert_selection Au test.
Removes noisy log statement from xdebug
Make traffic_ctl limp along for now with large records.snap (#6517)
Fixes a bug where getHostStatus() will create a host status record when none is found. A Host status record should only be created when a host is marked up or down when traffic_ctl is used to mark a host up or down.
Moves hosting.config finished loading message outside of parsing loop
Refactor and generalize the User Arg concept, add global (#6468)
Check the exit value of the regression test
Fix SDK_API_TSSslServerContextCreate
Exponential backoff - Make values used configurable - Add config support for ceiling time and retry cap. - Add small variance when sleeping.
Cleanup: check activity of Http2Stream by ActivityCop
Rework server side SSL_CTX creation to better handle dual_cert mismatches (#6483)
XDebug: Always append to the X- header, rather than prepend
Doc: connection.match default value update
Charge Proxy Header Regression tests into Catch unit tests.
traffic_dump: Make client-request gathered in a global hook (#6500)
Remove method that does nothing. (#6501)
Doc: traffic_manager - Add documentation for exp backoff and configuration
Make all_headers test more resilient to timimng
remove pthread_cancel, use atomic flags to ensure cross thread safety, and some other cleanups
Add null check to fix error tunnel crash
LGTM: Fix comparing int8_t with wider type
Fix a compile warning
Bikeshedding some code structures for reloadable plugins config (#6488)
Issue 3546: Add "overridable" to the configuration variable description.
Remove some outdated files.
Be explicit about RTLD_LOCAL, defaults varies on platforms (#6485)
[CPPAPI] Provide access to TSRemapRequestInfo in RemapPlugins.
Conflicts:
iocore/net/quic/QUICTLS_boringssl.cc
commit 69713f57fc0398a489de9ffddcfa0c51564a3b67
Author: Masakazu Kitajo <maskit@apache.org>
Date: Mon Mar 2 12:36:27 2020 +0900
Update QUIC TP format
commit c6221cf2377cb6fef11e94a63e22d6449d4e37ee
Author: Masakazu Kitajo <maskit@apache.org>
Date: Wed Feb 26 17:14:14 2020 +0900
Update QUIC draft version numbers to 27
commit 4f69d0018064a16bfcd9bec246da227eb52c2dee
Author: Masakazu Kitajo <maskit@apache.org>
Date: Thu Mar 5 17:51:42 2020 +0900
Fix a bug around IPv6
commit 63e8470330050cee29f57647299bb316a72d25c3
Author: Masakazu Kitajo <maskit@apache.org>
Date: Thu Mar 5 15:15:46 2020 +0900
Following changes for UDPBind interface change
commit 93a1e7c453cfba0454a1fe33d73c2e32c7cafd07
Merge: febec04ee ddaf9e5f4
Author: Masakazu Kitajo <maskit@apache.org>
Date: Thu Mar 5 11:35:37 2020 +0900
Merge branch 'master' into quic-latest
* master:
traffic_dump: Fixing content:size collection.
Delay cleanup when cache write continues after early client response
Reduce minimum config files neeed for golden_tests.
Removes some things deprecated from older versions (#6471)
Fixed logging docs typos
Use same filename variable to keep consistency
Fix clang-format on SSLUtils.cc
Add more flexible error handling when open a config file.
Remove --read_core option
Remove noisy mutex warning
AUTest MakeATSProcess default ports records.config
Using dynamic ports in AUtest
Issue #6400 - Adds config option to enable/disable dynamic reload feature for plugins => proxy.config.plugin.dynamic_reload_mode - 1 (default) enables the dynamic reload feature, 0 disables it => Adds to and refactors unit-tests for the dynamic plugin reload feature
cache_range_requests plugin: detect and handle TSCacheUrlSet failures which poison the cache (#6464)
Fix clang-format
Make traffic_manager be flexible when opening config files.
make sure time is consistent between calculations
Remove update to unused variable
commit febec04eee0f28cec84a94fe5ea68e1eb9d127e4
Author: Masakazu Kitajo <maskit@apache.org>
Date: Thu Mar 5 09:13:03 2020 +0900
Update doc
commit 62a0465ef36549432f14d2e9f69c016d563ec08f
Author: Masakazu Kitajo <maskit@apache.org>
Date: Tue Mar 3 22:36:16 2020 +0900
Use file descriptor passed by TM for QUIC
commit fb0400a72976a0c162732bad69437923d75c22e1
Author: Masakazu Kitajo <maskit@apache.org>
Date: Tue Mar 3 22:14:59 2020 +0900
Open UDP ports on traffic_manager if ports are configured for QUIC
commit 0b776127316ecfc0b1f500fb201f1c8892109b84
Author: Masakazu Kitajo <maskit@apache.org>
Date: Thu Mar 5 08:52:16 2020 +0900
fix compile error
commit 26007a5162e8c68ba80b7ab71b8d4fe830b41f39
Author: Masakazu Kitajo <maskit@apache.org>
Date: Wed Mar 4 22:07:02 2020 +0900
Fix compile warnings
commit 0462bb7e918db3b8a64e5034a9a9fb67d2696b1e
Author: Masakazu Kitajo <maskit@apache.org>
Date: Wed Mar 4 15:12:08 2020 +0900
Add a setting for disable_active_migration Transport Parameter
commit e622acc6edcbd32b1a190f0b00b244ee9777ad42
Merge: 7ea257aa0 b63879cbb
Author: Masakazu Kitajo <maskit@apache.org>
Date: Tue Mar 3 09:48:34 2020 +0900
Merge branch 'master' into quic-latest
* master:
Try to avoid mixing curl headers and body for disjoing-wait-for-cache test
Move TestClientAction to SNIConfig class
Add mechanism to enforce SNI policy
x-remap ignoring age in gold file
Adjust consume logic in data frame read
Skipping log_retention.test.py because it is flaky in CI
Fix code to avoid HostDBContinuation use after free
Fix crash when H2 client does not set End-of-data bit
Signal VC_EVENT_READ_COMPLETE when ATS received END_STREAM flag
if transaction status nonzero, bypass the slice plugin (#6417)
Turn on debug for the bash script test_logstats_summary
Fix port selection for ssl ipv6
SSLNetVConnection, fixed/removed assert when running debug build
traffic_dump post_process.py
commit 7ea257aa06a5ed5cfa9d075d558ca1b8813abc15
Author: Masakazu Kitajo <maskit@apache.org>
Date: Mon Mar 2 18:04:02 2020 +0900
Enable QUIC 0-RTT with BoringSSL
commit 0da1abcff2b9ec2b37d79b4b0743dd6b4c6ef232
Author: Masakazu Kitajo <maskit@apache.org>
Date: Thu Feb 27 17:02:40 2020 +0900
Fix an error with the old OpenSSL
commit 68be51aa442d2b5c07de6c4df9c769c62b9f741d
Merge: b3aa9226b e2a3e2951
Author: Masakazu Kitajo <maskit@apache.org>
Date: Wed Feb 26 17:02:26 2020 +0900
Merge branch 'master' into quic-latest
* master:
SSL: Introduce proxy.config.ssl.server.prioritize_chacha
Traffic Dump: fix client request target parsing
Remove documentation for removed TSIOBufferReader API functions.
Revert "Disable the chunked_encoding test"
Avoid a weird name collision between HRW and tscore (#6446)
Move log line length configuration to records.config docs.
Cleaned up smuggle-client
Cleaned up ssl-port
Another option to fix potential HTTP/2 vio stall
Disable the chunked_encoding test
Reset captive_action.cancelled during open read retry to prevent assert
Fixed encoding test to work with OpenSSL 1.0.2
Export headers for internal YAML-CPP library. This allows plugins to use the library in the same way and version as the TS core.
Replace python with python3 in AuTest
Set default encoding UTF-8 for AuTest on Linux
Cleanup RamCacheCLFUS
Doc: Add link from proxy.config.proxy_binary_opts to traffic_server options. Document the traffic_server -m, -M options, sort the options a bit better.
Syntax Error fixed in URI sig Plugin (#6420)
URI Sig Null Check for Clang Warning (#6419)
commit b3aa9226bcbcd37375e297af252abb4d8f256081
Author: Masakazu Kitajo <maskit@apache.org>
Date: Wed Feb 26 17:01:40 2020 +0900
Update unit tests
commit e4ac336bf4067be6bf8c39c65b253754a93df805
Author: Masakazu Kitajo <maskit@apache.org>
Date: Wed Feb 26 16:47:36 2020 +0900
traffic_quic: Add an option to specify a server name for SNI
commit eeff49abddb0ff5dca8aafd8d5b5f1cfc86536df
Author: Masakazu Kitajo <maskit@apache.org>
Date: Tue Feb 25 14:37:04 2020 +0900
Fix memory leaks arond QUIC packet encryption
commit 8bfdc08856719f4bc5ab7501b43b0227d48f63cc
Author: scw00 <scw00@apache.org>
Date: Mon Feb 24 15:58:49 2020 +0800
Using std::string for QUICConnectionId::hex
commit bfbea17a5e6060d90c2f4807d126ade76431062a
Author: Masakazu Kitajo <maskit@apache.org>
Date: Thu Feb 20 23:13:50 2020 +0900
Add -r option for stateless reset excersice to traffic_quic
commit cc223b0e42cf8530cea23370414a5984a6131669
Author: Masakazu Kitajo <maskit@apache.org>
Date: Thu Feb 20 23:12:32 2020 +0900
Add QUICConnection::reset_connection()
commit 0f09b5967f9bd9b67f653c5785e98038c92bb3c3
Author: Masakazu Kitajo <maskit@apache.org>
Date: Wed Feb 19 15:05:25 2020 +0900
Handle stateless reset
commit 7fea981ee4f305631fc0761028b725c097a02e79
Author: Masakazu Kitajo <maskit@apache.org>
Date: Thu Feb 13 10:13:26 2020 +0900
Update comments
commit 1598518319f71f48dbe6b2460c772c9029d93f92
Author: Masakazu Kitajo <maskit@apache.org>
Date: Thu Feb 13 08:59:29 2020 +0900
Update files for OpenSSL with BoringSSL APIs to compile those
commit 6ae995bccd5348ad535447352b23ea05f82587f4
Author: Masakazu Kitajo <maskit@apache.org>
Date: Wed Feb 12 23:45:09 2020 +0900
Update configure script and Makefile to use files for OpenSSL with BoringSSL APIs
commit 7d04123057499b3ddc0098a15ecd0e318666ccff
Author: Masakazu Kitajo <maskit@apache.org>
Date: Wed Feb 12 23:29:08 2020 +0900
Copy files for BoringSSL as files for OpenSSL with BoringSSL APIs
commit 5c181b4a95b7177a29b44df6f7696e3a685e99e4
Author: Masakazu Kitajo <maskit@apache.org>
Date: Wed Feb 12 23:27:33 2020 +0900
Use _legacy as suffix for files for hacked OpenSSL
commit 4c1236efa11e0c133d712cb6999700b042d2548f
Author: Masakazu Kitajo <maskit@apache.org>
Date: Thu Feb 13 10:13:41 2020 +0900
Restore one more tests disabled for BoringSSL
commit 292619ed11c13922943374dfe3412b639f5dc96f
Author: Masakazu Kitajo <maskit@apache.org>
Date: Mon Feb 17 10:42:03 2020 +0900
Remove a possible null pointer dereference
commit 48cca203f44508a3706cb58fbdde65bfacc4c686
Author: Masakazu Kitajo <maskit@apache.org>
Date: Thu Feb 13 12:19:16 2020 +0900
Update a test for handshake error
commit 00d3f7fb1a586abd4872be6535a9f71c14d9821e
Author: Masakazu Kitajo <maskit@apache.org>
Date: Wed Feb 12 21:45:28 2020 +0900
Add missing AL header
commit 40f8a594dd7bbda2fabfda2f3442c39eec266c85
Author: Masakazu Kitajo <maskit@apache.org>
Date: Wed Feb 12 21:43:46 2020 +0900
Add a length check to TP parser
commit b75169ab6bdcee21f8c8af47ab42d42b1b8d0ba8
Author: Masakazu Kitajo <maskit@apache.org>
Date: Wed Feb 12 21:43:03 2020 +0900
Reenable tests for handshake that didn't pass with BoringSSL
commit 01e6daf2c840c797b9723319c49d49d887bd6aaa
Author: Masakazu Kitajo <maskit@apache.org>
Date: Wed Jan 22 11:37:32 2020 +0900
Send and receive Transport Parameters with BoringSSL API
commit da6062a45e9d9d1ded78001979a2596903f51a0b
Author: Masakazu Kitajo <maskit@apache.org>
Date: Wed Jan 22 09:53:24 2020 +0900
Update tests
commit d86fa83b427ffdc6fafb0b4a2724f30da88b4f65
Author: Masakazu Kitajo <maskit@apache.org>
Date: Wed Jan 22 00:14:52 2020 +0900
Update tests
commit 4cd59ce984fd3e6e49edcde4a8abc57dce37be56
Author: Masakazu Kitajo <maskit@apache.org>
Date: Tue Jan 21 23:16:23 2020 +0900
Fix compile error with OpenSSL
commit 70f86f553c9eee2318f2269910db84a836ba719b
Author: Masakazu Kitajo <maskit@apache.org>
Date: Tue Jan 21 22:57:09 2020 +0900
Handshake with BoringSSL
commit c694fd25c3d8cdb719412988bbdd1b00097f8ce7
Author: Masakazu Kitajo <maskit@apache.org>
Date: Tue Jan 21 20:23:21 2020 +0900
Update OpenSSL impl
commit 4d4c07f5b6ec278be314b25fdb12ed81f179c717
Author: Masakazu Kitajo <maskit@apache.org>
Date: Tue Jan 21 16:38:45 2020 +0900
Read ClientHello with BoringSSL
commit 22b7d9f309b3da33de81123e00d05bac0024190c
Author: Masakazu Kitajo <maskit@apache.org>
Date: Mon Jan 20 11:54:20 2020 +0900
fixup
commit 7611b5894cf29e25a1052b570e7a42b1d19afb6b
Author: Masakazu Kitajo <maskit@apache.org>
Date: Wed Jan 8 17:05:07 2020 +0900
Use some of BoringSSL APIs
commit 715566abd0985380914b21d1003a8b3c65f772e7
Author: Masakazu Kitajo <maskit@apache.org>
Date: Mon Jan 6 11:19:40 2020 +0900
Make QUIC code work with BoringSSL
commit 886bb0910f1feac2d66618d21ede49cbba1c8821
Author: Masakazu Kitajo <maskit@apache.org>
Date: Fri Feb 14 10:51:21 2020 +0900
Warn if quic is specified to a port configuration on a binary that doesn't support it.
commit 4034130ab0d4dca21fff4509e2d8ab9b78b78833
Merge: db258fb55 4bdde5d48
Author: Masakazu Kitajo <maskit@apache.org>
Date: Thu Feb 13 11:29:16 2020 +0900
Merge branch 'master' into quic-latest
* master:
Change gold files to be less restrictive since some of the headers include can be in a different order (#6410)
Avoid cross-thread mutex conflicts
Auto port select slow_post test
Remove unnecesary HttpSM handler call with VC_EVENT_ERROR
Fix for lua plugin coredump problem during reload
Update inactive_timeout_at in Http2Stream::signal_read_event()
Fix localstatedir and runtimedir for Debian layout
Including stdexcept
Change to use throw std::runtime_error instead of removal
Removing throw since there is no context and could cause a crash
Ensure that extra data beyond the chunked body is not tunneled
Free TSMgmtString after using it.
Fixed how we handle uknown schemes
Change header validation
Change default connection match config value from ip to both
Remove dependencies on include/tscore
Skip unnecessary HostDB update on a fall back to serving stale record
Remove trailing white space from json formatter
Document the order of the X-Cache header
Format config_describe output logs. Pretty format using BufferWritter
Add compressible content-types example and 1Kb min
Fix rare SSN/TXN Start/Close Hook misorderings (#6364)
Add header rewrite test to make sure we are not injecting end of rule char (#6340)
Change bitfields to be unsigned explicitly (#6373)
commit db258fb551044c6811d0ba56d9f9bf9f7fe9df1e
Author: Masakazu Kitajo <maskit@apache.org>
Date: Wed Feb 5 00:13:27 2020 +0900
Fix a bug that receiving multiple Retry packets makes PN calculation wrong
commit f8741de2364916c31c260951a05d1f73300d674a
Author: Masakazu Kitajo <maskit@apache.org>
Date: Tue Feb 4 22:10:50 2020 +0900
Fix debug log
commit e93a9a58e28def940a19d53516dbc6bec8577fe0
Author: Masakazu Kitajo <maskit@apache.org>
Date: Tue Feb 4 20:55:23 2020 +0900
Fix a buffer size for address validation token
commit 99a19e8c5cbef73c0a1ac689b4d78d8283158a46
Author: Masakazu Kitajo <maskit@apache.org>
Date: Mon Feb 3 23:29:50 2020 +0900
Fix zero-length CID
commit 550adb320db62739d6dd4676da08fbf1fd03ceb5
Author: Masakazu Kitajo <maskit@apache.org>
Date: Mon Feb 3 22:34:21 2020 +0900
Fix preferred_address
commit e1e06e12fd5603407dbe113f66c9c5dd5c27bd07
Author: Masakazu Kitajo <maskit@apache.org>
Date: Mon Feb 3 21:47:56 2020 +0900
Fix QUIC Version Negotiation
commit 212ae79222e756bb149e718bd7976d963b84fc52
Author: Masakazu Kitajo <maskit@apache.org>
Date: Mon Feb 3 20:45:04 2020 +0900
Check buffer len while parsing QUIC Packet
commit cf7f741f645b1ce933ae4c9b3e2c11068085bf3d
Author: Masakazu Kitajo <maskit@apache.org>
Date: Fri Jan 31 14:13:21 2020 +0900
Fix a stack overflow at read_essential_info()
commit 5c6063e97440908748fc999a048441e86c7efd02
Author: Masakazu Kitajo <maskit@apache.org>
Date: Thu Jan 30 16:20:02 2020 +0900
Add QUICRetryIntegrityTag
commit d233b3f415da3f16f86778f230a3bbbfed478be4
Author: Masakazu Kitajo <maskit@apache.org>
Date: Thu Jan 30 16:08:26 2020 +0900
Fix a bug in Stateless Reset Packet generation
commit 5cf73159b56513f13858e09c4b72d486ffc64b97
Merge: 8e1dd61f3 614bbe0a4
Author: Masakazu Kitajo <maskit@apache.org>
Date: Thu Jan 30 15:40:18 2020 +0900
Merge branch 'master' into quic-latest
* master:
Change alloca usage to malloc/free
Fixing shadowed variables, both global and local: (#6371)
Cleanup: Remove unused accessors of HttpVCTableEntry
Removing always true/false comparisons (#6363)
Change localtime/gmtime usages to use the threadsafe versions with local storage (#6362)
Cleanup: Remove empty function
Add header guard (#6358)
Update git-versions
Fix heap-use-after-free on Http2Stream::destroy()
Add virtual destructors for Http2TxFrame, Http2FrequencyCounter
Perf: Optimize sending HTTP/2 frame
Fixes an issue where a debug build of ATS will fail the assertion in HttpTransact::handle_parent_died() when proxy.config.http.no_dns_just_forward_to_parent is enabled and there is no parent.config or strategy rule for the request. Also this provides a log warning for both debug and release builds of this condition.
Fixes an issue where NextHopSelectionStrategy did not implement an available nexthop or parent check when proxy.config.http.no_dns_just_forward_to_parent is enabled.
Fixes Issue #6321 caused when proxy.config.http.no_dns_just_forward_to_parent is enabled. When this configuration variable is enabled, a parent selection strategies findParent() function is called twice on each transaction resulting in unexpected results such as every other parent is only used in a strict round robin strategy.
Fix problems with "Probe" option for X-Debug MIME header field. (#6197)
Make compress plugin normalization of Accept-Encoding header compatible with normalization in core TS.
Adding max line length configuration documentation.
Fixed build issues on macOS after 0-RTT merge
Fixes typo in TLS Bridge illustration
Fix strict round robin cur_index increment
remove dequeue_timed since it is not being used anymore
fix doc build error
Simple and miscellaneous fixes/additions for lua plugin
fix freebsd build error
Remove unused variable
Improvements on ESI plugin
Add new log field to output server name sent by client in TLS handshake.
Fixes clang-format issues
TLSv1.3 0-RTT support (#5450)
Add simple autest and subsequent fixes
Clear all pointers in API Hooks clear function.
Fix closed flag from #6287
Doc bugs
Add tests to exercise H2 and chunked encoding
commit 8e1dd61f323596f5d7204ab918884c0b0f32e35e
Author: Masakazu Kitajo <maskit@apache.org>
Date: Thu Jan 30 15:35:39 2020 +0900
Count CIDs used on Initial and PreferredAddress as active CIDs
commit bc33fc37c122dfd89140421b8c446328e9e71b1d
Author: Masakazu Kitajo <maskit@apache.org>
Date: Wed Jan 29 23:16:29 2020 +0900
Update RETRY packet
commit bf08848e654e75c66d7e47bb6aea89f2f9e04c37
Author: Masakazu Kitajo <maskit@apache.org>
Date: Tue Jan 28 16:14:53 2020 +0900
Send INVALID_TOKEN error
commit 593be74801b18a98b0a137e4bcf95c8e759fa288
Author: Masakazu Kitajo <maskit@apache.org>
Date: Mon Jan 27 12:04:16 2020 +0900
Use CONNECTION_ID_LIMIT_ERROR
commit b7c4f1c8c3668486c1bc975ff08cf6d983b70317
Author: Masakazu Kitajo <maskit@apache.org>
Date: Mon Jan 27 11:59:06 2020 +0900
Add CONNECTION_ID_LIMIT_ERROR and INVALID_TOKEN
commit df36ca7bfb6c14c001ab50e42f1ad77aa18c4b7c
Author: Masakazu Kitajo <maskit@apache.org>
Date: Mon Jan 27 11:45:00 2020 +0900
Update idle_timeout to max_idle_timeout and follow the new behavior
commit 0ee4a7adca60d2f9f4bc5f271e1582e7910883da
Author: Masakazu Kitajo <maskit@apache.org>
Date: Thu Jan 23 21:46:10 2020 +0900
Update tests
commit 3e191ce71057ecd161e2c434eff6a6f2b8609ff5
Author: Masakazu Kitajo <maskit@apache.org>
Date: Thu Jan 23 21:24:41 2020 +0900
Support HANDSHAKE_DONE frame
commit 137451f24cd7d02a91a79a0e1b9e74e77ca0d578
Author: Masakazu Kitajo <maskit@apache.org>
Date: Thu Jan 23 21:35:16 2020 +0900
Update QUIC draft version numbers to 25
commit 7b82a93d93ab143edf85bf1765aff1b882c9a10b
Author: Masakazu Kitajo <maskit@apache.org>
Date: Wed Jan 8 17:21:40 2020 +0900
Fix an wrong assert and add a test for it
commit 983cd002288f82c6eb36d11d7cec24b961d2355a
Author: Masakazu Kitajo <maskit@apache.org>
Date: Tue Jan 7 16:06:28 2020 +0900
Rename QUICConnection::close to QUICConnection::close_quic_connection
There was a name conflict.
commit 7e6c192633658bc8a84da34a2ed54e6171686108
Merge: b15cf0991 f63027569
Author: Masakazu Kitajo <maskit@apache.org>
Date: Tue Jan 7 15:24:37 2020 +0900
Merge branch 'master' into quic-latest
* master:
Introduce NetEvent to split UnixNetVConnection and NetHandler
Reduce process duration of test_Http2FrequencyCounter
Make sure shutdown_cont_event isn't holding any garbage references.
Add in_destroy to Http2ConnectionState to prevent double delete (similar to Http2ClientSession)
Fixes a corner case where the NextHop consistent hash ring may not be searched in it's entirety for an available host due to a premature wrapped ring indication.
Adjust debug tag for ssl_sni_whitelist plugin to match plugin
Add invalid config warning when cache open write fail and read retry are inconsistent
Add links to RWW sections
Fix rst errors for collapsed forwarding plugin
Set wrap after checking all the parents
Perf: replace dynamic_cast with static_cast in this_thread()
Fixes a few Sphinx build warnings (#6290)
Moving / adding the Roadmap to the release notes (#6257)
These features are in 9.0.x release notes (#6286)
Removes the remaining references to TSQA
LGTM: Fix unused imports
Assure no SM survives plugin factory deactivation.
Remove remnants of obsolete remap thread.
Update the admin-guide hierachical caching and remap.config documentation to include the NextHop strategies feature.
For combo_handler plugin, add an optional whitelist of allowed values for Content-Type.
Copy the Client SNI Server Name out of the openssl SSL object and ensure it is null-terminated.
For per-transaction config override, crossing the const-correctness event horizon.
Remove -j from lgtm build (#6274)
LGTM: Add header guards
LGTM: Fix wrong type of arguments to formatting function
Change HTTP/2 error rate log to warning
LGTM: fixes a shadowed variable in ParentSelection::PreprocessParents().
LGTM: fix a comparison that is always false.
Fixes various crashers loading/reloading parent.config
TCL: cleanup in HostLookup.cc, make sure keys are stable. (#6263)
Fix TS_USE_DIAGS usage for --disable-diags option
Initial revision of .lgtm.yml config file (#6258)
auto delete rolled log file fixes
remap_stats: restore handling of remap/hostname to remove memory leak
Avoid unnecesarry copy on POST request over HTTP/2
Add some stats collections to cache_promote.
Some tweaks to reloading-plugins.en.rst (#6251)
Fix sni.yaml fqdn to match complete name string
Adding verify plugin TS maintenance commands
Removing traffic_cop reference in Admin Guide introduction.
commit b15cf0991e0bfbf3e8d7a8445169da8d440f294c
Author: Masakazu Kitajo <maskit@apache.org>
Date: Thu Dec 12 14:44:35 2019 +0900
Use individual classes for receiving packet
commit e0d4e22324e52fb43ca47412a074b143fd1445a2
Author: Masakazu Kitajo <maskit@apache.org>
Date: Fri Nov 22 15:03:18 2019 +0900
Update tests and add accessor functions
commit a79707fadd990d403cfb352c40555f813d4b28bf
Author: Masakazu Kitajo <maskit@apache.org>
Date: Fri Nov 15 15:15:39 2019 +0900
Use a buffer on stack for sending packet instances
commit 6718a5a78026de2ef7feada907b9013ff0355cf1
Author: Masakazu Kitajo <maskit@apache.org>
Date: Fri Nov 8 22:47:05 2019 +0900
Use individual classes for sending packets
commit f2e27565a2c4f01453151c99f5e1fb4d00ec20d6
Author: Masakazu Kitajo <maskit@apache.org>
Date: Thu Dec 26 11:11:43 2019 +0900
Add debug log about retry token
commit 64b76fcd245b58ab827bfb7d14ca8f602de6169b
Author: Masakazu Kitajo <maskit@apache.org>
Date: Fri Dec 20 10:18:55 2019 +0900
Fix a bug that QUICFlowController generates frames regardless of max_frame_size
commit c18cd3a4ace2cf7603f86efce24316950966fa94
Author: Masakazu Kitajo <maskit@apache.org>
Date: Mon Dec 9 17:34:22 2019 +0900
Fix a bug
commit 8e7597f04c34216f6d4b896ee3718cd8e526591d
Author: Masakazu Kitajo <maskit@apache.org>
Date: Mon Dec 9 11:13:47 2019 +0900
Don't use the allocator for receiving QUICPacket
commit 1ea2ba6757126977e9442b658c895299b33340ba
Author: Masakazu Kitajo <maskit@apache.org>
Date: Mon Dec 9 10:54:21 2019 +0900
Fix compile warnings
commit 4bcb41acee6ae3fc26c85c21036abce5b349a5f4
Author: Masakazu Kitajo <maskit@apache.org>
Date: Fri Dec 6 17:33:21 2019 +0900
Completely ignore the second and following RETRY packets
commit 152a42efbf5c516ecc59894952961b6dba4abdcb
Merge: ba48f6b66 080889f68
Author: Masakazu Kitajo <maskit@apache.org>
Date: Thu Dec 5 16:55:53 2019 +0900
Merge branch 'master' into quic-latest
* master:
Fixes sphinx build warning with the strategies.yaml document in the admin-guide.
Adds strategies.yaml to install target
cache_range_request plugin: add support for opt X-CRR-IMS reval header
Adjust the refcounts to avoid Mutex leak
Following catch test naming standards.
Review comments.
Fixing rolled log cleanup parsing for <blah>.log.<blah> files.
Fixed build issue with clang5 and Extendible
Remove never implemented regex descriptions
Fix out of bound array access in ssl_session_reuse plugin (#6235)
Don't sleep if ProtectedQueue.localQueue is not empty. (#6234)
fix stringstream crash during shutdown
Correct handle the value return from mgmt socket read and write (#6220)
commit ba48f6b66397b31e8c6836037f6667e82c2cc636
Author: scw00 <scw00@apache.org>
Date: Mon Nov 25 19:12:08 2019 +0800
Fix build error in QUICTypes.cc
commit 91d7b743c65c5f3ba8270c52cd4c1f5186c9faa0
Merge: ecab2b84c aba5c2c6f
Author: Masakazu Kitajo <maskit@apache.org>
Date: Fri Nov 22 15:10:31 2019 +0900
Merge branch 'master' into quic-latest
* master:
Docker builds do not need build numbers in workspace (#6221)
Add autest for cache_range_request, add xdebug x-parentselection-key
Move logging before session could be freed
Do not reenable txnp with TS_EVENT_HTTP_ERROR if received TS_EVENT_HTTP_TXN_CLOSE event (PR #6215)
Fixed next hop tests for out of tree builds
This fixes next hop unit tests that segfault due to missing (#6216)
Add autopep8 & pyflakes in dev-packages for AuTest
Set END_STREAM flag when write_vio ntodo is 0
Add 100-continue expectation support on H2 connection
Run dos2unix on all files in tree
Lua plugin fix: Account for null in output from TSUrlPercentDecode.
Cleanup: Remove useless UDPConnection function
Check Range header for stale content
Fixes spelling in strategies.yaml docs
Adds WS check, and some cleanup (#6213)
Cleanup trailing whitespaces, and YAML formatting (#6210)
ssl_session_reuse optimization to check if diags is on
Fix the strategies.yaml documentation.
Add a remap @strategy tag and nexthop selection strategies to remap.
Add test to catch regressions in sni and override configs (#6170)
Upgrade Catch.hpp to v2.11 (#6185)
Fix ssl_session_reuse to compile on macOS and FreeBSD
Remove header conversion functions for HTTP/0.9
remap_stats: Fix BufferWriter usage error.
Limit this check to Linux, where ldd always works (#6191)
Fixed issue with macOS Catalina and pcre 8.43 enabling pcre-jit (#6189)
Replaces Python -> Python3 in a few utilities (#6187)
Fix compile warnings in Catch checks for TextView (#6186)
Dockerfile for Debian package managers (#6183)
RBTree - fix potential nullptr dereference
Doc: Remove local path to MathJax.
Removes the ssn_close hook, it can never work (#6175)
tslua: Exposes set/get version for server request objects
Remove unimplement UDP function
Remove HttpTransact::build_upgrade_response
Fixes cppcheck issues for cookie_remap plugin
Fixed gcc7 issue with yaml-cpp 0.6.3
Updates yaml-cpp to 0.6.3
Remove unused functions of IOBuffer
Re-order READ_REQUEST_ HDR_HOOK and PRE_REMAP_HOOK
tslua: Exposes set/get method for server request objects
Cleans up some of the filenames mess (#6144)
Fixed build issues with hwloc 2.x API changes
Remove Cache v23 support
detect bogus jemalloc version
Move websocket upgrade later in state machine
Change API to return a TSReturnCode code.
Promote server_push_preload plugin.
Move TSHttpTxnServerPush to the stable API interface.
Only decrement log_stat_log_files_open_stat when the file is closed.
Normalize loopback usage in session_match autest
tests: Adds autest for WebSocket mappings
Fix building Catch on macOS
Reverse debug specific check.
thread ready check
tests: Cleans up local variable is assigned to but never used warnings
tests: Cleans up imported but unused imports
Rename test to lua_watermark.test.py
Add apache header to watermark lua test
Add lua watermark test to check for existence of lua watermark upstream API call
Internal link needs _
Reduce doc build errors
Disable the most expensive "make check" tests by default
slice plugin add support for using effective url with remap host.
Make MIOBufferWriter unit tests work when compiled without -DDEBUG.
Remove including sys/sysctl.h for Linux
A couple simple tweaks.
Update docs for SSL Handshake stats
Remove using namespace std
Avoid IOBufferReader::read_avail() call from MIOBuffer::high_water()
Remove remnants of http/1.1 pipeline logic.
Cleaned up the changelog command for making our release notes
Updated to clang-format v9.0.0
Remove never implemented HttpTransact::service_transaction_in_proxy_only_mode
Add Metrics to track SSL Handshake attempts
Removes the records.config.shadow alternative config file
Fixing include synopsis rendering for API docs.
Adding an autest for traffic_dump.
Issue #4294: Handle return value of SSL_write() properly.
Fix null pointer dereference reported by clang-analyzer
Add an appropriate warning where behavior has changed
Fixes misc. spelling and whitespace
For remap_stats, removes configure time dependency on search.h
Removes proxy.config.cache.storage_filename
set host name in TLS extension for SNI Host check in service side with sni policy verify_with_name_source.
Minor fixes.
Fixes misc. spelling and whitespace
Docs: cachekey: fixed non-ascii table characters
Docs: clarify remap plugin inst init params
cleanup the eventloop
Script used for comparing commits on internal branch and seeing if they are on the remote master or release branch. It uses a combination of cherry-mark and searching the commit message for cherry-pick -x hashes.
doc + unittest TSRemap(Init|NewInstance) failures
Updating the autest version pin to 1.7.4.
Fixing log cleanup candidate selection and adding a test for it.
Replace container of HPACK dynamic table from std::vector to std::deque
Allow txn handler to be set from ssn on same hook
Add basic SystemTap markers support
Issue #6072: Make If-Range date compare to be exact match.
Cleanup: Ignore checkprograms of remap
Issue 4635: Address pipe reuse after configuration reload issues
Fix the malformed threads table
Disable tests using exceptions in MIOBufferWriter UT.
Updated API header and ssl_session_reuse for new TSSslSessionInsert changes
Premature DSO unload with "suicidal" continuations
support for listening on all the net threads uses epollexclusive flag and soreuseport
Fixing session sharing with IP matching.
Promote 'Enable_Config_Var' from HttpConnectionCount to HttpConfig. This is so other configuration can use it.
Cleanup: Remove use of obsolete class TSConstBuffer from MIME.cc
Add example to retrieve request body using Lua
Dechunk chunked contents on HttpTunnel if client protocol is HTTP/2 or HTTP/3
Add MIMEHdr Garbage Collection to HPACK Dynamic Table
Fix some long lines and reduntant plugin_config SO additions.
Updates references to OSX to macOS
Fixes help message for traffic_top's sleep switch
commit ecab2b84c79b456658a04e3163048b642a63b147
Author: Masakazu Kitajo <maskit@apache.org>
Date: Fri Nov 22 10:22:43 2019 +0900
Fix typos
commit 4cd5ec022e6924b32e9e4708b90770557fcf20d9
Author: Masakazu Kitajo <maskit@apache.org>
Date: Wed Nov 20 14:39:38 2019 +0900
Fix a crash on reading malformed packet
commit 0fd40f358d6865b76bae95a94e9403015baf61e8
Author: Masakazu Kitajo <maskit@apache.org>
Date: Tue Nov 19 15:54:17 2019 +0900
Ignore dup NCID frames
commit ded20f5fa04bc6bd2a608a2d1cd2ec26beaa3e30
Author: Masakazu Kitajo <maskit@apache.org>
Date: Sun Nov 17 10:45:01 2019 +0900
Fix an issue that early data on the 2nd initial packet is not processed
commit 26910cf2284dcbf5a8731296881053b505ae6971
Author: Masakazu Kitajo <maskit@apache.org>
Date: Fri Nov 15 10:34:32 2019 +0900
Fix tests
commit c53e4094c84378870d9642b7ca20563a2d9306ef
Author: Masakazu Kitajo <maskit@apache.org>
Date: Tue Nov 12 14:24:08 2019 +0900
QUIC Connection Close frame is not ack-eliciting
commit 500b22ac2c0daa1457224c6995fb10b55c5d28f2
Author: Masakazu Kitajo <maskit@apache.org>
Date: Tue Nov 12 13:59:48 2019 +0900
Add settings for QUIC quantum readiness test
proxy.config.quic.client.quantum_readiness_test_enabled
proxy.config.quic.server.quantum_readiness_test_enabled
commit 4766128cacf0dd27c17badb71a3b12c7195b0cb0
Author: Masakazu Kitajo <maskit@apache.org>
Date: Tue Nov 12 13:58:54 2019 +0900
Handle multiple INITIAL packets from a client
commit 77a5dd1028850598719be37c184da0265d8c608f
Author: Masakazu Kitajo <maskit@apache.org>
Date: Mon Nov 11 16:18:57 2019 +0900
Allow sending PING at any encryption level
This reverts #5859
commit ce0efc2db4d1ff4b49bf318d5a2d5fb13607580f
Author: Masakazu Kitajo <maskit@apache.org>
Date: Mon Nov 11 16:16:29 2019 +0900
Update QUIC draft version numbers to 24
commit af2f854085d00f32f4aa55a8ec669a9989d84e09
Author: Masakazu Kitajo <maskit@apache.org>
Date: Tue Nov 12 15:06:35 2019 +0900
Don't migrate connection until a client sends non-probing frame
commit e892988c32506d7e609a94b99594b3e17cd670aa
Author: Masakazu Kitajo <maskit@apache.org>
Date: Mon Oct 28 17:23:44 2019 +0900
traffic_quic: Support close exercise option on H3 session
commit 9e4b0586a51cca83f531752acbf7b024f30bd7e8
Author: Masakazu Kitajo <maskit@apache.org>
Date: Mon Oct 28 12:15:23 2019 +0900
Fix a bug in stream count limit
This fixes #5995.
commit 673575fd1542261be1d3f992f3687338746585bb
Author: Masakazu Kitajo <maskit@apache.org>
Date: Mon Oct 28 10:09:18 2019 +0900
Fix a bug in sending QUIC ConnectionClose frame
This closes #6057.
commit 8d59375108f52b14a90c29f1d41b43fde78bbaa5
Author: scw00 <scw00@apache.org>
Date: Wed Oct 23 17:14:02 2019 +0800
QUIC: Every two ack-elicting packet one ack frame
commit 95717cdcfcd4fe0cf6be7caeeb18922ee97ee52f
Merge: cbbc6a5de 9c05e64df
Author: scw00 <scw00@apache.org>
Date: Thu Oct 24 16:00:19 2019 +0800
Merge branch 'master' into quic-latest
* master:
Add a config for internal HPACK header table size limit
Add tests for MIMEHdr::get_host_port_values
Clarify relation of nameservers and resolv.conf
Ignore MgmtMessageHdr if ProcessManager is not running
Remove obsolete pipeline_max variable
Add Example URI Signer Python Script
Adding connection close headers to regex_remap test.
Rewrote remap_stats plugin to use C++
Doc: Fixed the logging mode of pipe to be ascii_pipe
Enhance Connection Collapse in ATS core
Doc: improve documentation for event loop statistics.
Doc: Fix :units: options for statistics.
Doc: clean up build errors.
Restore the MIOBufferWriter unit tests.
Log H2 priority information
"Plugin (un)used" post reload notification
do not schedule stuff during shutdown
Remove obsolete 4-2-0-fixup
Cleanup: unifdef TRACK_BUFFER_USER
cachekey: allow multiple values for `--key-type`
Revert "Optimize: If failed on migrateToCurrentThread, put the server session back to global server session pool"
url_sig: fix memory leak with urlParse and pristine flag
make proxy.config.http.request_buffer_enabled configurable and bug fix
Update TSVConnSslConnectionGet name to match others in the TSVConnSsl* family
Minor cleanup of proxy/logging/Log.h .
Add QUIC draft-23 support
Fix TSHttpTxnReenable to schedule back to original SM thread
Fix dynamic update for conntrack (HttpConnectionCount) configuration variables.
These are the current settings we're running on docs
do not reload configs periodically
Mark host as partial when subdmains are more than default table depth
Fix our doc build system to handle non-source dir configure locations.
Destroy MIMEFieldBlockImpl that doesn't have fields in use
clang-analyzer: Add a null check
ProxySession cleanup: moving inline functions to .h
Cleanup: do not re-define _proxy_ssn variable in local
Cache SSL EC explicitly
add some documentation to the action class to avoid confusion
a general autoconf cleanup
Updating the default cipher-suite lists for the 9.x release.
Removed hardcoded logging.yaml filename in logs
Conflicts:
iocore/net/QUICNetVConnection.cc
iocore/net/quic/Mock.h
iocore/net/quic/QUICContext.cc
iocore/net/quic/QUICContext.h
iocore/net/quic/QUICPathManager.cc
iocore/net/quic/QUICPathManager.h
iocore/net/quic/QUICStreamManager.cc
iocore/net/quic/QUICStreamManager.h
iocore/net/quic/test/test_QUICFrameDispatcher.cc
commit cbbc6a5de0e4282097227fef510d911c282ea8d5
Author: scw00 <scw00@apache.org>
Date: Tue Oct 22 10:30:29 2019 +0800
QUIC: add Context to QUICStreamManager
commit 4ef3d3a3084dec2bdfdbc35c292f9f2d5cc2bf0d
Author: scw00 <scw00@apache.org>
Date: Wed Oct 9 10:37:12 2019 +0800
QUIC: sink path manager to stream manager
brbzull0
pushed a commit
to brbzull0/trafficserver
that referenced
this pull request
Sep 2, 2020
This also adds some TLS information in the protocol stack, such as the verify_mode applied to the SSL session and whether the server requested a client certificate. Co-authored-by: bneradt <bneradt@verizonmedia.com>
whutwhu
pushed a commit
to whutwhu/trafficserver
that referenced
this pull request
Nov 1, 2020
This also adds some TLS information in the protocol stack, such as the verify_mode applied to the SSL session and whether the server requested a client certificate. Co-authored-by: bneradt <bneradt@verizonmedia.com>
bneradt
added a commit
to bneradt/trafficserver
that referenced
this pull request
Nov 19, 2020
This also adds some TLS information in the protocol stack, such as the verify_mode applied to the SSL session and whether the server requested a client certificate. Co-authored-by: bneradt <bneradt@verizonmedia.com> (cherry picked from commit 5926385) Conflicts: plugins/experimental/traffic_dump/session_data.cc tests/gold_tests/pluginTest/traffic_dump/traffic_dump.test.py tests/gold_tests/pluginTest/traffic_dump/verify_replay.py
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This also adds some TLS information in the protocol stack, such as the
verify_mode applied to the SSL session and whether the server requested
a client certificate.
With this change, there are now two kinds of protocol stacks that are
dumped. There is a session-level one that describes the client-side
protocol stack. It can look something like this:
In addition, there is now a server-side protocol stack that will be printed in
every proxy-request node. It can look something like this:
Note that the dump provides TLS information from the perspective of the proxy,
therefore the TLS nodes are prefixed by "proxy-". The schema is also updated to
anticipate verifier directives that dictate client and server TLS behavior
("verify-mode" and "request-certificate").