You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "M. Nunberg (JIRA)" <ji...@apache.org> on 2011/05/26 17:22:47 UTC
[jira] [Created] (TS-803) Fix SOCKS breakage and allow for setting
next-hop SOCKS
Fix SOCKS breakage and allow for setting next-hop SOCKS
-------------------------------------------------------
Key: TS-803
URL: https://issues.apache.org/jira/browse/TS-803
Project: Traffic Server
Issue Type: New Feature
Components: Network
Environment: Wherever ATS might run
Reporter: M. Nunberg
Here is a patch I drew up a few months ago against a snapshot of ATS/2.1.7 unstable/git. There are some quirks here, and I'm not that sure any more what this patch does exactly. However it:
1) Does fix SOCKS connections in general
2) Allows setting next-hop SOCKS proxy via the API
Problems:
See https://issues.apache.org/jira/browse/TS-802
This has no effect on connections which are drawn from the connection pool, as it seems ATS currently doesn't maintain unique identities for peripheral connection params (source IP, SOCKS etc); i.e. this only affects new TCP connections to an OS.
diff -x '*.o' -ru tsorig/iocore/net/I_NetVConnection.h tsgit217/iocore/net/I_NetVConnection.h
--- tsorig/iocore/net/I_NetVConnection.h 2011-03-09 21:43:58.000000000 +0000
+++ tsgit217/iocore/net/I_NetVConnection.h 2011-03-17 14:37:18.000000000 +0000
@@ -120,6 +120,13 @@
/// Version of SOCKS to use.
unsigned char socks_version;
+ struct {
+ unsigned int ip;
+ int port;
+ char *username;
+ char *password;
+ } socks_override;
+
int socket_recv_bufsize;
int socket_send_bufsize;
Only in tsgit217/iocore/net: Makefile
Only in tsgit217/iocore/net: Makefile.in
diff -x '*.o' -ru tsorig/iocore/net/P_Socks.h tsgit217/iocore/net/P_Socks.h
--- tsorig/iocore/net/P_Socks.h 2011-03-09 21:43:58.000000000 +0000
+++ tsgit217/iocore/net/P_Socks.h 2011-03-17 13:17:20.000000000 +0000
@@ -126,7 +126,7 @@
unsigned char version;
bool write_done;
-
+ bool manual_parent_selection;
SocksAuthHandler auth_handler;
unsigned char socks_cmd;
@@ -145,7 +145,8 @@
SocksEntry():Continuation(NULL), netVConnection(0),
ip(0), port(0), server_ip(0), server_port(0), nattempts(0),
- lerrno(0), timeout(0), version(5), write_done(false), auth_handler(NULL), socks_cmd(NORMAL_SOCKS)
+ lerrno(0), timeout(0), version(5), write_done(false), manual_parent_selection(false),
+ auth_handler(NULL), socks_cmd(NORMAL_SOCKS)
{
}
};
diff -x '*.o' -ru tsorig/iocore/net/Socks.cc tsgit217/iocore/net/Socks.cc
--- tsorig/iocore/net/Socks.cc 2011-03-09 21:43:58.000000000 +0000
+++ tsgit217/iocore/net/Socks.cc 2011-03-17 13:46:07.000000000 +0000
@@ -73,7 +73,8 @@
nattempts = 0;
findServer();
- timeout = this_ethread()->schedule_in(this, HRTIME_SECONDS(netProcessor.socks_conf_stuff->server_connect_timeout));
+// timeout = this_ethread()->schedule_in(this, HRTIME_SECONDS(netProcessor.socks_conf_stuff->server_connect_timeout));
+ timeout = this_ethread()->schedule_in(this, HRTIME_SECONDS(5));
write_done = false;
}
@@ -81,6 +82,15 @@
SocksEntry::findServer()
{
nattempts++;
+ if(manual_parent_selection) {
+ if(nattempts > 1) {
+ //Nullify IP and PORT
+ server_ip = -1;
+ server_port = 0;
+ }
+ Debug("mndebug(Socks)", "findServer() is a noop with manual socks selection");
+ return;
+ }
#ifdef SOCKS_WITH_TS
if (nattempts == 1) {
@@ -187,7 +197,6 @@
}
Debug("Socks", "Failed to connect to %u.%u.%u.%u:%d", PRINT_IP(server_ip), server_port);
-
findServer();
if (server_ip == (uint32_t) - 1) {
diff -x '*.o' -ru tsorig/iocore/net/UnixNetProcessor.cc tsgit217/iocore/net/UnixNetProcessor.cc
--- tsorig/iocore/net/UnixNetProcessor.cc 2011-03-09 21:43:58.000000000 +0000
+++ tsgit217/iocore/net/UnixNetProcessor.cc 2011-03-17 15:48:38.000000000 +0000
@@ -228,6 +228,11 @@
!socks_conf_stuff->ip_range.match(ip))
#endif
);
+ if(opt->socks_override.ip >= 1) {
+ using_socks = true;
+ Debug("mndebug", "trying to set using_socks to true");
+ }
+
SocksEntry *socksEntry = NULL;
#endif
NET_SUM_GLOBAL_DYN_STAT(net_connections_currently_open_stat, 1);
@@ -242,6 +247,16 @@
if (using_socks) {
Debug("Socks", "Using Socks ip: %u.%u.%u.%u:%d\n", PRINT_IP(ip), port);
socksEntry = socksAllocator.alloc();
+
+ if (opt->socks_override.ip) {
+ //Needs to be done before socksEntry->init()
+ socksEntry->server_ip = opt->socks_override.ip;
+ socksEntry->server_port = opt->socks_override.port;
+ socksEntry->manual_parent_selection = true;
+ opt->socks_support = NORMAL_SOCKS;
+ Debug("mndebug(Socks)", "SOCKS proxy selected manually");
+ }
+
socksEntry->init(cont->mutex, vc, opt->socks_support, opt->socks_version); /*XXXX remove last two args */
socksEntry->action_ = cont;
cont = socksEntry;
diff -x '*.o' -ru tsorig/proxy/InkAPI.cc tsgit217/proxy/InkAPI.cc
--- tsorig/proxy/InkAPI.cc 2011-03-09 21:43:58.000000000 +0000
+++ tsgit217/proxy/InkAPI.cc 2011-03-17 15:43:23.000000000 +0000
@@ -5239,6 +5239,15 @@
}
void
+TSHttpTxnSocksProxySet(TSHttpTxn txnp, unsigned int ipaddr, int port)
+{
+ sdk_assert(sdk_sanity_check_txn(txnp) == TS_SUCCESS);
+ HttpSM *sm = (HttpSM*) txnp;
+ sm->t_state.api_info.socks_proxy_ipaddr = ipaddr;
+ sm->t_state.api_info.socks_proxy_port = port;
+}
+
+void
TSHttpTxnUntransformedRespCache(TSHttpTxn txnp, int on)
{
sdk_assert(sdk_sanity_check_txn(txnp) == TS_SUCCESS);
diff -x '*.o' -ru tsorig/proxy/api/ts/ts.h.in tsgit217/proxy/api/ts/ts.h.in
--- tsorig/proxy/api/ts/ts.h.in 2011-03-09 21:43:58.000000000 +0000
+++ tsgit217/proxy/api/ts/ts.h.in 2011-03-17 15:43:04.000000000 +0000
@@ -2134,6 +2134,7 @@
*/
tsapi void TSHttpTxnParentProxySet(TSHttpTxn txnp, char* hostname, int port);
+ tsapi void TSHttpTxnSocksProxySet(TSHttpTxn txnp, unsigned int ipaddr, int port);
tsapi void TSHttpTxnUntransformedRespCache(TSHttpTxn txnp, int on);
tsapi void TSHttpTxnTransformedRespCache(TSHttpTxn txnp, int on);
diff -x '*.o' -ru tsorig/proxy/http/HttpSM.cc tsgit217/proxy/http/HttpSM.cc
--- tsorig/proxy/http/HttpSM.cc 2011-03-09 21:43:58.000000000 +0000
+++ tsgit217/proxy/http/HttpSM.cc 2011-03-17 15:53:07.000000000 +0000
@@ -3658,6 +3658,7 @@
// before we return from this function for forward proxy
t_state.pristine_url.create(t_state.hdr_info.client_request.url_get()->m_heap);
t_state.pristine_url.copy(t_state.hdr_info.client_request.url_get());
+ Debug("url_rewrite", "URL is %s", t_state.pristine_url.string_get_ref(NULL));
if (!ret) {
Debug("url_rewrite", "Could not find a valid remapping entry for this request [%" PRId64 "]", sm_id);
@@ -4077,6 +4078,8 @@
opt.addr_binding = NetVCOptions::FOREIGN_ADDR;
opt.local_addr = t_state.client_info.ip;
}
+ opt.socks_override.ip = t_state.api_info.socks_proxy_ipaddr;
+ opt.socks_override.port = t_state.api_info.socks_proxy_port;
Debug("http", "[%" PRId64 "] open connection to %s: %u.%u.%u.%u",
sm_id, t_state.current.server->name, PRINT_IP(t_state.current.server->ip));
@@ -4124,6 +4127,11 @@
// to do this but as far I can tell the code that prevented keep-alive if
// there is a request body has been removed.
+ //FIXME: We won't always be using from the shared connection pool. In the new architecture, the only time
+ //We don't need a new connection is in the case of chaining HTTP proxies. Otherwise the session manager
+ //Doesn't keep track of src IPs or SOCKS proxies.
+
+
if (raw == false && t_state.http_config_param->share_server_sessions &&
(t_state.txn_conf->keep_alive_post_out == 1 || t_state.hdr_info.request_content_length == 0) &&
ua_session != NULL) {
diff -x '*.o' -ru tsorig/proxy/http/HttpTransact.h tsgit217/proxy/http/HttpTransact.h
--- tsorig/proxy/http/HttpTransact.h 2011-03-09 21:43:58.000000000 +0000
+++ tsgit217/proxy/http/HttpTransact.h 2011-03-17 15:39:05.000000000 +0000
@@ -317,6 +317,8 @@
{
char *parent_proxy_name;
int parent_proxy_port;
+ unsigned int socks_proxy_ipaddr;
+ int socks_proxy_port;
bool cache_untransformed;
bool cache_transformed;
bool logging_enabled;
@@ -325,6 +327,8 @@
_HttpApiInfo()
: parent_proxy_name(NULL),
parent_proxy_port(-1),
+ socks_proxy_ipaddr(0),
+ socks_proxy_port(0),
cache_untransformed(false), cache_transformed(true), logging_enabled(true), retry_intercept_failures(false)
{ }
} HttpApiInfo;
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (TS-803) Fix SOCKS breakage and allow for
setting next-hop SOCKS
Posted by "Leif Hedstrom (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-803?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13106631#comment-13106631 ]
Leif Hedstrom commented on TS-803:
----------------------------------
Moving out again, until we can get a "fresh" patch :)
> Fix SOCKS breakage and allow for setting next-hop SOCKS
> -------------------------------------------------------
>
> Key: TS-803
> URL: https://issues.apache.org/jira/browse/TS-803
> Project: Traffic Server
> Issue Type: New Feature
> Components: Network
> Environment: Wherever ATS might run
> Reporter: M. Nunberg
> Fix For: 3.1.1
>
>
> Here is a patch I drew up a few months ago against a snapshot of ATS/2.1.7 unstable/git. There are some quirks here, and I'm not that sure any more what this patch does exactly. However it:
> 1) Does fix SOCKS connections in general
> 2) Allows setting next-hop SOCKS proxy via the API
> Problems:
> See https://issues.apache.org/jira/browse/TS-802
> This has no effect on connections which are drawn from the connection pool, as it seems ATS currently doesn't maintain unique identities for peripheral connection params (source IP, SOCKS etc); i.e. this only affects new TCP connections to an OS.
> diff -x '*.o' -ru tsorig/iocore/net/I_NetVConnection.h tsgit217/iocore/net/I_NetVConnection.h
> --- tsorig/iocore/net/I_NetVConnection.h 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/I_NetVConnection.h 2011-03-17 14:37:18.000000000 +0000
> @@ -120,6 +120,13 @@
> /// Version of SOCKS to use.
> unsigned char socks_version;
> + struct {
> + unsigned int ip;
> + int port;
> + char *username;
> + char *password;
> + } socks_override;
> +
> int socket_recv_bufsize;
> int socket_send_bufsize;
> Only in tsgit217/iocore/net: Makefile
> Only in tsgit217/iocore/net: Makefile.in
> diff -x '*.o' -ru tsorig/iocore/net/P_Socks.h tsgit217/iocore/net/P_Socks.h
> --- tsorig/iocore/net/P_Socks.h 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/P_Socks.h 2011-03-17 13:17:20.000000000 +0000
> @@ -126,7 +126,7 @@
> unsigned char version;
> bool write_done;
> -
> + bool manual_parent_selection;
> SocksAuthHandler auth_handler;
> unsigned char socks_cmd;
> @@ -145,7 +145,8 @@
> SocksEntry():Continuation(NULL), netVConnection(0),
> ip(0), port(0), server_ip(0), server_port(0), nattempts(0),
> - lerrno(0), timeout(0), version(5), write_done(false), auth_handler(NULL), socks_cmd(NORMAL_SOCKS)
> + lerrno(0), timeout(0), version(5), write_done(false), manual_parent_selection(false),
> + auth_handler(NULL), socks_cmd(NORMAL_SOCKS)
> {
> }
> };
> diff -x '*.o' -ru tsorig/iocore/net/Socks.cc tsgit217/iocore/net/Socks.cc
> --- tsorig/iocore/net/Socks.cc 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/Socks.cc 2011-03-17 13:46:07.000000000 +0000
> @@ -73,7 +73,8 @@
> nattempts = 0;
> findServer();
> - timeout = this_ethread()->schedule_in(this, HRTIME_SECONDS(netProcessor.socks_conf_stuff->server_connect_timeout));
> +// timeout = this_ethread()->schedule_in(this, HRTIME_SECONDS(netProcessor.socks_conf_stuff->server_connect_timeout));
> + timeout = this_ethread()->schedule_in(this, HRTIME_SECONDS(5));
> write_done = false;
> }
> @@ -81,6 +82,15 @@
> SocksEntry::findServer()
> {
> nattempts++;
> + if(manual_parent_selection) {
> + if(nattempts > 1) {
> + //Nullify IP and PORT
> + server_ip = -1;
> + server_port = 0;
> + }
> + Debug("mndebug(Socks)", "findServer() is a noop with manual socks selection");
> + return;
> + }
> #ifdef SOCKS_WITH_TS
> if (nattempts == 1) {
> @@ -187,7 +197,6 @@
> }
> Debug("Socks", "Failed to connect to %u.%u.%u.%u:%d", PRINT_IP(server_ip), server_port);
> -
> findServer();
> if (server_ip == (uint32_t) - 1) {
> diff -x '*.o' -ru tsorig/iocore/net/UnixNetProcessor.cc tsgit217/iocore/net/UnixNetProcessor.cc
> --- tsorig/iocore/net/UnixNetProcessor.cc 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/UnixNetProcessor.cc 2011-03-17 15:48:38.000000000 +0000
> @@ -228,6 +228,11 @@
> !socks_conf_stuff->ip_range.match(ip))
> #endif
> );
> + if(opt->socks_override.ip >= 1) {
> + using_socks = true;
> + Debug("mndebug", "trying to set using_socks to true");
> + }
> +
> SocksEntry *socksEntry = NULL;
> #endif
> NET_SUM_GLOBAL_DYN_STAT(net_connections_currently_open_stat, 1);
> @@ -242,6 +247,16 @@
> if (using_socks) {
> Debug("Socks", "Using Socks ip: %u.%u.%u.%u:%d\n", PRINT_IP(ip), port);
> socksEntry = socksAllocator.alloc();
> +
> + if (opt->socks_override.ip) {
> + //Needs to be done before socksEntry->init()
> + socksEntry->server_ip = opt->socks_override.ip;
> + socksEntry->server_port = opt->socks_override.port;
> + socksEntry->manual_parent_selection = true;
> + opt->socks_support = NORMAL_SOCKS;
> + Debug("mndebug(Socks)", "SOCKS proxy selected manually");
> + }
> +
> socksEntry->init(cont->mutex, vc, opt->socks_support, opt->socks_version); /*XXXX remove last two args */
> socksEntry->action_ = cont;
> cont = socksEntry;
> diff -x '*.o' -ru tsorig/proxy/InkAPI.cc tsgit217/proxy/InkAPI.cc
> --- tsorig/proxy/InkAPI.cc 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/InkAPI.cc 2011-03-17 15:43:23.000000000 +0000
> @@ -5239,6 +5239,15 @@
> }
> void
> +TSHttpTxnSocksProxySet(TSHttpTxn txnp, unsigned int ipaddr, int port)
> +{
> + sdk_assert(sdk_sanity_check_txn(txnp) == TS_SUCCESS);
> + HttpSM *sm = (HttpSM*) txnp;
> + sm->t_state.api_info.socks_proxy_ipaddr = ipaddr;
> + sm->t_state.api_info.socks_proxy_port = port;
> +}
> +
> +void
> TSHttpTxnUntransformedRespCache(TSHttpTxn txnp, int on)
> {
> sdk_assert(sdk_sanity_check_txn(txnp) == TS_SUCCESS);
> diff -x '*.o' -ru tsorig/proxy/api/ts/ts.h.in tsgit217/proxy/api/ts/ts.h.in
> --- tsorig/proxy/api/ts/ts.h.in 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/api/ts/ts.h.in 2011-03-17 15:43:04.000000000 +0000
> @@ -2134,6 +2134,7 @@
> */
> tsapi void TSHttpTxnParentProxySet(TSHttpTxn txnp, char* hostname, int port);
> + tsapi void TSHttpTxnSocksProxySet(TSHttpTxn txnp, unsigned int ipaddr, int port);
> tsapi void TSHttpTxnUntransformedRespCache(TSHttpTxn txnp, int on);
> tsapi void TSHttpTxnTransformedRespCache(TSHttpTxn txnp, int on);
> diff -x '*.o' -ru tsorig/proxy/http/HttpSM.cc tsgit217/proxy/http/HttpSM.cc
> --- tsorig/proxy/http/HttpSM.cc 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/http/HttpSM.cc 2011-03-17 15:53:07.000000000 +0000
> @@ -3658,6 +3658,7 @@
> // before we return from this function for forward proxy
> t_state.pristine_url.create(t_state.hdr_info.client_request.url_get()->m_heap);
> t_state.pristine_url.copy(t_state.hdr_info.client_request.url_get());
> + Debug("url_rewrite", "URL is %s", t_state.pristine_url.string_get_ref(NULL));
> if (!ret) {
> Debug("url_rewrite", "Could not find a valid remapping entry for this request [%" PRId64 "]", sm_id);
> @@ -4077,6 +4078,8 @@
> opt.addr_binding = NetVCOptions::FOREIGN_ADDR;
> opt.local_addr = t_state.client_info.ip;
> }
> + opt.socks_override.ip = t_state.api_info.socks_proxy_ipaddr;
> + opt.socks_override.port = t_state.api_info.socks_proxy_port;
> Debug("http", "[%" PRId64 "] open connection to %s: %u.%u.%u.%u",
> sm_id, t_state.current.server->name, PRINT_IP(t_state.current.server->ip));
> @@ -4124,6 +4127,11 @@
> // to do this but as far I can tell the code that prevented keep-alive if
> // there is a request body has been removed.
> + //FIXME: We won't always be using from the shared connection pool. In the new architecture, the only time
> + //We don't need a new connection is in the case of chaining HTTP proxies. Otherwise the session manager
> + //Doesn't keep track of src IPs or SOCKS proxies.
> +
> +
> if (raw == false && t_state.http_config_param->share_server_sessions &&
> (t_state.txn_conf->keep_alive_post_out == 1 || t_state.hdr_info.request_content_length == 0) &&
> ua_session != NULL) {
> diff -x '*.o' -ru tsorig/proxy/http/HttpTransact.h tsgit217/proxy/http/HttpTransact.h
> --- tsorig/proxy/http/HttpTransact.h 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/http/HttpTransact.h 2011-03-17 15:39:05.000000000 +0000
> @@ -317,6 +317,8 @@
> {
> char *parent_proxy_name;
> int parent_proxy_port;
> + unsigned int socks_proxy_ipaddr;
> + int socks_proxy_port;
> bool cache_untransformed;
> bool cache_transformed;
> bool logging_enabled;
> @@ -325,6 +327,8 @@
> _HttpApiInfo()
> : parent_proxy_name(NULL),
> parent_proxy_port(-1),
> + socks_proxy_ipaddr(0),
> + socks_proxy_port(0),
> cache_untransformed(false), cache_transformed(true), logging_enabled(true), retry_intercept_failures(false)
> { }
> } HttpApiInfo;
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (TS-803) Fix SOCKS breakage and allow for setting
next-hop SOCKS
Posted by "Leif Hedstrom (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-803?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Leif Hedstrom updated TS-803:
-----------------------------
Fix Version/s: 3.1.0
> Fix SOCKS breakage and allow for setting next-hop SOCKS
> -------------------------------------------------------
>
> Key: TS-803
> URL: https://issues.apache.org/jira/browse/TS-803
> Project: Traffic Server
> Issue Type: New Feature
> Components: Network
> Environment: Wherever ATS might run
> Reporter: M. Nunberg
> Fix For: 3.1.0
>
>
> Here is a patch I drew up a few months ago against a snapshot of ATS/2.1.7 unstable/git. There are some quirks here, and I'm not that sure any more what this patch does exactly. However it:
> 1) Does fix SOCKS connections in general
> 2) Allows setting next-hop SOCKS proxy via the API
> Problems:
> See https://issues.apache.org/jira/browse/TS-802
> This has no effect on connections which are drawn from the connection pool, as it seems ATS currently doesn't maintain unique identities for peripheral connection params (source IP, SOCKS etc); i.e. this only affects new TCP connections to an OS.
> diff -x '*.o' -ru tsorig/iocore/net/I_NetVConnection.h tsgit217/iocore/net/I_NetVConnection.h
> --- tsorig/iocore/net/I_NetVConnection.h 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/I_NetVConnection.h 2011-03-17 14:37:18.000000000 +0000
> @@ -120,6 +120,13 @@
> /// Version of SOCKS to use.
> unsigned char socks_version;
> + struct {
> + unsigned int ip;
> + int port;
> + char *username;
> + char *password;
> + } socks_override;
> +
> int socket_recv_bufsize;
> int socket_send_bufsize;
> Only in tsgit217/iocore/net: Makefile
> Only in tsgit217/iocore/net: Makefile.in
> diff -x '*.o' -ru tsorig/iocore/net/P_Socks.h tsgit217/iocore/net/P_Socks.h
> --- tsorig/iocore/net/P_Socks.h 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/P_Socks.h 2011-03-17 13:17:20.000000000 +0000
> @@ -126,7 +126,7 @@
> unsigned char version;
> bool write_done;
> -
> + bool manual_parent_selection;
> SocksAuthHandler auth_handler;
> unsigned char socks_cmd;
> @@ -145,7 +145,8 @@
> SocksEntry():Continuation(NULL), netVConnection(0),
> ip(0), port(0), server_ip(0), server_port(0), nattempts(0),
> - lerrno(0), timeout(0), version(5), write_done(false), auth_handler(NULL), socks_cmd(NORMAL_SOCKS)
> + lerrno(0), timeout(0), version(5), write_done(false), manual_parent_selection(false),
> + auth_handler(NULL), socks_cmd(NORMAL_SOCKS)
> {
> }
> };
> diff -x '*.o' -ru tsorig/iocore/net/Socks.cc tsgit217/iocore/net/Socks.cc
> --- tsorig/iocore/net/Socks.cc 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/Socks.cc 2011-03-17 13:46:07.000000000 +0000
> @@ -73,7 +73,8 @@
> nattempts = 0;
> findServer();
> - timeout = this_ethread()->schedule_in(this, HRTIME_SECONDS(netProcessor.socks_conf_stuff->server_connect_timeout));
> +// timeout = this_ethread()->schedule_in(this, HRTIME_SECONDS(netProcessor.socks_conf_stuff->server_connect_timeout));
> + timeout = this_ethread()->schedule_in(this, HRTIME_SECONDS(5));
> write_done = false;
> }
> @@ -81,6 +82,15 @@
> SocksEntry::findServer()
> {
> nattempts++;
> + if(manual_parent_selection) {
> + if(nattempts > 1) {
> + //Nullify IP and PORT
> + server_ip = -1;
> + server_port = 0;
> + }
> + Debug("mndebug(Socks)", "findServer() is a noop with manual socks selection");
> + return;
> + }
> #ifdef SOCKS_WITH_TS
> if (nattempts == 1) {
> @@ -187,7 +197,6 @@
> }
> Debug("Socks", "Failed to connect to %u.%u.%u.%u:%d", PRINT_IP(server_ip), server_port);
> -
> findServer();
> if (server_ip == (uint32_t) - 1) {
> diff -x '*.o' -ru tsorig/iocore/net/UnixNetProcessor.cc tsgit217/iocore/net/UnixNetProcessor.cc
> --- tsorig/iocore/net/UnixNetProcessor.cc 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/UnixNetProcessor.cc 2011-03-17 15:48:38.000000000 +0000
> @@ -228,6 +228,11 @@
> !socks_conf_stuff->ip_range.match(ip))
> #endif
> );
> + if(opt->socks_override.ip >= 1) {
> + using_socks = true;
> + Debug("mndebug", "trying to set using_socks to true");
> + }
> +
> SocksEntry *socksEntry = NULL;
> #endif
> NET_SUM_GLOBAL_DYN_STAT(net_connections_currently_open_stat, 1);
> @@ -242,6 +247,16 @@
> if (using_socks) {
> Debug("Socks", "Using Socks ip: %u.%u.%u.%u:%d\n", PRINT_IP(ip), port);
> socksEntry = socksAllocator.alloc();
> +
> + if (opt->socks_override.ip) {
> + //Needs to be done before socksEntry->init()
> + socksEntry->server_ip = opt->socks_override.ip;
> + socksEntry->server_port = opt->socks_override.port;
> + socksEntry->manual_parent_selection = true;
> + opt->socks_support = NORMAL_SOCKS;
> + Debug("mndebug(Socks)", "SOCKS proxy selected manually");
> + }
> +
> socksEntry->init(cont->mutex, vc, opt->socks_support, opt->socks_version); /*XXXX remove last two args */
> socksEntry->action_ = cont;
> cont = socksEntry;
> diff -x '*.o' -ru tsorig/proxy/InkAPI.cc tsgit217/proxy/InkAPI.cc
> --- tsorig/proxy/InkAPI.cc 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/InkAPI.cc 2011-03-17 15:43:23.000000000 +0000
> @@ -5239,6 +5239,15 @@
> }
> void
> +TSHttpTxnSocksProxySet(TSHttpTxn txnp, unsigned int ipaddr, int port)
> +{
> + sdk_assert(sdk_sanity_check_txn(txnp) == TS_SUCCESS);
> + HttpSM *sm = (HttpSM*) txnp;
> + sm->t_state.api_info.socks_proxy_ipaddr = ipaddr;
> + sm->t_state.api_info.socks_proxy_port = port;
> +}
> +
> +void
> TSHttpTxnUntransformedRespCache(TSHttpTxn txnp, int on)
> {
> sdk_assert(sdk_sanity_check_txn(txnp) == TS_SUCCESS);
> diff -x '*.o' -ru tsorig/proxy/api/ts/ts.h.in tsgit217/proxy/api/ts/ts.h.in
> --- tsorig/proxy/api/ts/ts.h.in 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/api/ts/ts.h.in 2011-03-17 15:43:04.000000000 +0000
> @@ -2134,6 +2134,7 @@
> */
> tsapi void TSHttpTxnParentProxySet(TSHttpTxn txnp, char* hostname, int port);
> + tsapi void TSHttpTxnSocksProxySet(TSHttpTxn txnp, unsigned int ipaddr, int port);
> tsapi void TSHttpTxnUntransformedRespCache(TSHttpTxn txnp, int on);
> tsapi void TSHttpTxnTransformedRespCache(TSHttpTxn txnp, int on);
> diff -x '*.o' -ru tsorig/proxy/http/HttpSM.cc tsgit217/proxy/http/HttpSM.cc
> --- tsorig/proxy/http/HttpSM.cc 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/http/HttpSM.cc 2011-03-17 15:53:07.000000000 +0000
> @@ -3658,6 +3658,7 @@
> // before we return from this function for forward proxy
> t_state.pristine_url.create(t_state.hdr_info.client_request.url_get()->m_heap);
> t_state.pristine_url.copy(t_state.hdr_info.client_request.url_get());
> + Debug("url_rewrite", "URL is %s", t_state.pristine_url.string_get_ref(NULL));
> if (!ret) {
> Debug("url_rewrite", "Could not find a valid remapping entry for this request [%" PRId64 "]", sm_id);
> @@ -4077,6 +4078,8 @@
> opt.addr_binding = NetVCOptions::FOREIGN_ADDR;
> opt.local_addr = t_state.client_info.ip;
> }
> + opt.socks_override.ip = t_state.api_info.socks_proxy_ipaddr;
> + opt.socks_override.port = t_state.api_info.socks_proxy_port;
> Debug("http", "[%" PRId64 "] open connection to %s: %u.%u.%u.%u",
> sm_id, t_state.current.server->name, PRINT_IP(t_state.current.server->ip));
> @@ -4124,6 +4127,11 @@
> // to do this but as far I can tell the code that prevented keep-alive if
> // there is a request body has been removed.
> + //FIXME: We won't always be using from the shared connection pool. In the new architecture, the only time
> + //We don't need a new connection is in the case of chaining HTTP proxies. Otherwise the session manager
> + //Doesn't keep track of src IPs or SOCKS proxies.
> +
> +
> if (raw == false && t_state.http_config_param->share_server_sessions &&
> (t_state.txn_conf->keep_alive_post_out == 1 || t_state.hdr_info.request_content_length == 0) &&
> ua_session != NULL) {
> diff -x '*.o' -ru tsorig/proxy/http/HttpTransact.h tsgit217/proxy/http/HttpTransact.h
> --- tsorig/proxy/http/HttpTransact.h 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/http/HttpTransact.h 2011-03-17 15:39:05.000000000 +0000
> @@ -317,6 +317,8 @@
> {
> char *parent_proxy_name;
> int parent_proxy_port;
> + unsigned int socks_proxy_ipaddr;
> + int socks_proxy_port;
> bool cache_untransformed;
> bool cache_transformed;
> bool logging_enabled;
> @@ -325,6 +327,8 @@
> _HttpApiInfo()
> : parent_proxy_name(NULL),
> parent_proxy_port(-1),
> + socks_proxy_ipaddr(0),
> + socks_proxy_port(0),
> cache_untransformed(false), cache_transformed(true), logging_enabled(true), retry_intercept_failures(false)
> { }
> } HttpApiInfo;
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (TS-803) Fix SOCKS breakage and allow for setting
next-hop SOCKS
Posted by "Leif Hedstrom (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-803?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Leif Hedstrom updated TS-803:
-----------------------------
Fix Version/s: (was: 3.1.6)
3.3.0
Moving out to v3.3.0, move back to 3.1.4 if this will be work on *soon*.
> Fix SOCKS breakage and allow for setting next-hop SOCKS
> -------------------------------------------------------
>
> Key: TS-803
> URL: https://issues.apache.org/jira/browse/TS-803
> Project: Traffic Server
> Issue Type: New Feature
> Components: Network
> Affects Versions: 3.0.0
> Environment: Wherever ATS might run
> Reporter: M. Nunberg
> Fix For: 3.3.0
>
>
> Here is a patch I drew up a few months ago against a snapshot of ATS/2.1.7 unstable/git. There are some quirks here, and I'm not that sure any more what this patch does exactly. However it:
> 1) Does fix SOCKS connections in general
> 2) Allows setting next-hop SOCKS proxy via the API
> Problems:
> See https://issues.apache.org/jira/browse/TS-802
> This has no effect on connections which are drawn from the connection pool, as it seems ATS currently doesn't maintain unique identities for peripheral connection params (source IP, SOCKS etc); i.e. this only affects new TCP connections to an OS.
> diff -x '*.o' -ru tsorig/iocore/net/I_NetVConnection.h tsgit217/iocore/net/I_NetVConnection.h
> --- tsorig/iocore/net/I_NetVConnection.h 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/I_NetVConnection.h 2011-03-17 14:37:18.000000000 +0000
> @@ -120,6 +120,13 @@
> /// Version of SOCKS to use.
> unsigned char socks_version;
> + struct {
> + unsigned int ip;
> + int port;
> + char *username;
> + char *password;
> + } socks_override;
> +
> int socket_recv_bufsize;
> int socket_send_bufsize;
> Only in tsgit217/iocore/net: Makefile
> Only in tsgit217/iocore/net: Makefile.in
> diff -x '*.o' -ru tsorig/iocore/net/P_Socks.h tsgit217/iocore/net/P_Socks.h
> --- tsorig/iocore/net/P_Socks.h 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/P_Socks.h 2011-03-17 13:17:20.000000000 +0000
> @@ -126,7 +126,7 @@
> unsigned char version;
> bool write_done;
> -
> + bool manual_parent_selection;
> SocksAuthHandler auth_handler;
> unsigned char socks_cmd;
> @@ -145,7 +145,8 @@
> SocksEntry():Continuation(NULL), netVConnection(0),
> ip(0), port(0), server_ip(0), server_port(0), nattempts(0),
> - lerrno(0), timeout(0), version(5), write_done(false), auth_handler(NULL), socks_cmd(NORMAL_SOCKS)
> + lerrno(0), timeout(0), version(5), write_done(false), manual_parent_selection(false),
> + auth_handler(NULL), socks_cmd(NORMAL_SOCKS)
> {
> }
> };
> diff -x '*.o' -ru tsorig/iocore/net/Socks.cc tsgit217/iocore/net/Socks.cc
> --- tsorig/iocore/net/Socks.cc 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/Socks.cc 2011-03-17 13:46:07.000000000 +0000
> @@ -73,7 +73,8 @@
> nattempts = 0;
> findServer();
> - timeout = this_ethread()->schedule_in(this, HRTIME_SECONDS(netProcessor.socks_conf_stuff->server_connect_timeout));
> +// timeout = this_ethread()->schedule_in(this, HRTIME_SECONDS(netProcessor.socks_conf_stuff->server_connect_timeout));
> + timeout = this_ethread()->schedule_in(this, HRTIME_SECONDS(5));
> write_done = false;
> }
> @@ -81,6 +82,15 @@
> SocksEntry::findServer()
> {
> nattempts++;
> + if(manual_parent_selection) {
> + if(nattempts > 1) {
> + //Nullify IP and PORT
> + server_ip = -1;
> + server_port = 0;
> + }
> + Debug("mndebug(Socks)", "findServer() is a noop with manual socks selection");
> + return;
> + }
> #ifdef SOCKS_WITH_TS
> if (nattempts == 1) {
> @@ -187,7 +197,6 @@
> }
> Debug("Socks", "Failed to connect to %u.%u.%u.%u:%d", PRINT_IP(server_ip), server_port);
> -
> findServer();
> if (server_ip == (uint32_t) - 1) {
> diff -x '*.o' -ru tsorig/iocore/net/UnixNetProcessor.cc tsgit217/iocore/net/UnixNetProcessor.cc
> --- tsorig/iocore/net/UnixNetProcessor.cc 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/UnixNetProcessor.cc 2011-03-17 15:48:38.000000000 +0000
> @@ -228,6 +228,11 @@
> !socks_conf_stuff->ip_range.match(ip))
> #endif
> );
> + if(opt->socks_override.ip >= 1) {
> + using_socks = true;
> + Debug("mndebug", "trying to set using_socks to true");
> + }
> +
> SocksEntry *socksEntry = NULL;
> #endif
> NET_SUM_GLOBAL_DYN_STAT(net_connections_currently_open_stat, 1);
> @@ -242,6 +247,16 @@
> if (using_socks) {
> Debug("Socks", "Using Socks ip: %u.%u.%u.%u:%d\n", PRINT_IP(ip), port);
> socksEntry = socksAllocator.alloc();
> +
> + if (opt->socks_override.ip) {
> + //Needs to be done before socksEntry->init()
> + socksEntry->server_ip = opt->socks_override.ip;
> + socksEntry->server_port = opt->socks_override.port;
> + socksEntry->manual_parent_selection = true;
> + opt->socks_support = NORMAL_SOCKS;
> + Debug("mndebug(Socks)", "SOCKS proxy selected manually");
> + }
> +
> socksEntry->init(cont->mutex, vc, opt->socks_support, opt->socks_version); /*XXXX remove last two args */
> socksEntry->action_ = cont;
> cont = socksEntry;
> diff -x '*.o' -ru tsorig/proxy/InkAPI.cc tsgit217/proxy/InkAPI.cc
> --- tsorig/proxy/InkAPI.cc 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/InkAPI.cc 2011-03-17 15:43:23.000000000 +0000
> @@ -5239,6 +5239,15 @@
> }
> void
> +TSHttpTxnSocksProxySet(TSHttpTxn txnp, unsigned int ipaddr, int port)
> +{
> + sdk_assert(sdk_sanity_check_txn(txnp) == TS_SUCCESS);
> + HttpSM *sm = (HttpSM*) txnp;
> + sm->t_state.api_info.socks_proxy_ipaddr = ipaddr;
> + sm->t_state.api_info.socks_proxy_port = port;
> +}
> +
> +void
> TSHttpTxnUntransformedRespCache(TSHttpTxn txnp, int on)
> {
> sdk_assert(sdk_sanity_check_txn(txnp) == TS_SUCCESS);
> diff -x '*.o' -ru tsorig/proxy/api/ts/ts.h.in tsgit217/proxy/api/ts/ts.h.in
> --- tsorig/proxy/api/ts/ts.h.in 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/api/ts/ts.h.in 2011-03-17 15:43:04.000000000 +0000
> @@ -2134,6 +2134,7 @@
> */
> tsapi void TSHttpTxnParentProxySet(TSHttpTxn txnp, char* hostname, int port);
> + tsapi void TSHttpTxnSocksProxySet(TSHttpTxn txnp, unsigned int ipaddr, int port);
> tsapi void TSHttpTxnUntransformedRespCache(TSHttpTxn txnp, int on);
> tsapi void TSHttpTxnTransformedRespCache(TSHttpTxn txnp, int on);
> diff -x '*.o' -ru tsorig/proxy/http/HttpSM.cc tsgit217/proxy/http/HttpSM.cc
> --- tsorig/proxy/http/HttpSM.cc 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/http/HttpSM.cc 2011-03-17 15:53:07.000000000 +0000
> @@ -3658,6 +3658,7 @@
> // before we return from this function for forward proxy
> t_state.pristine_url.create(t_state.hdr_info.client_request.url_get()->m_heap);
> t_state.pristine_url.copy(t_state.hdr_info.client_request.url_get());
> + Debug("url_rewrite", "URL is %s", t_state.pristine_url.string_get_ref(NULL));
> if (!ret) {
> Debug("url_rewrite", "Could not find a valid remapping entry for this request [%" PRId64 "]", sm_id);
> @@ -4077,6 +4078,8 @@
> opt.addr_binding = NetVCOptions::FOREIGN_ADDR;
> opt.local_addr = t_state.client_info.ip;
> }
> + opt.socks_override.ip = t_state.api_info.socks_proxy_ipaddr;
> + opt.socks_override.port = t_state.api_info.socks_proxy_port;
> Debug("http", "[%" PRId64 "] open connection to %s: %u.%u.%u.%u",
> sm_id, t_state.current.server->name, PRINT_IP(t_state.current.server->ip));
> @@ -4124,6 +4127,11 @@
> // to do this but as far I can tell the code that prevented keep-alive if
> // there is a request body has been removed.
> + //FIXME: We won't always be using from the shared connection pool. In the new architecture, the only time
> + //We don't need a new connection is in the case of chaining HTTP proxies. Otherwise the session manager
> + //Doesn't keep track of src IPs or SOCKS proxies.
> +
> +
> if (raw == false && t_state.http_config_param->share_server_sessions &&
> (t_state.txn_conf->keep_alive_post_out == 1 || t_state.hdr_info.request_content_length == 0) &&
> ua_session != NULL) {
> diff -x '*.o' -ru tsorig/proxy/http/HttpTransact.h tsgit217/proxy/http/HttpTransact.h
> --- tsorig/proxy/http/HttpTransact.h 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/http/HttpTransact.h 2011-03-17 15:39:05.000000000 +0000
> @@ -317,6 +317,8 @@
> {
> char *parent_proxy_name;
> int parent_proxy_port;
> + unsigned int socks_proxy_ipaddr;
> + int socks_proxy_port;
> bool cache_untransformed;
> bool cache_transformed;
> bool logging_enabled;
> @@ -325,6 +327,8 @@
> _HttpApiInfo()
> : parent_proxy_name(NULL),
> parent_proxy_port(-1),
> + socks_proxy_ipaddr(0),
> + socks_proxy_port(0),
> cache_untransformed(false), cache_transformed(true), logging_enabled(true), retry_intercept_failures(false)
> { }
> } HttpApiInfo;
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (TS-803) Fix SOCKS breakage and allow for
setting next-hop SOCKS
Posted by "Leif Hedstrom (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-803?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13073333#comment-13073333 ]
Leif Hedstrom commented on TS-803:
----------------------------------
Can we get a patch against current trunk, and attached as an attachment? That'd make review and inclusion much easier :).
Thanks!
-- leif
> Fix SOCKS breakage and allow for setting next-hop SOCKS
> -------------------------------------------------------
>
> Key: TS-803
> URL: https://issues.apache.org/jira/browse/TS-803
> Project: Traffic Server
> Issue Type: New Feature
> Components: Network
> Environment: Wherever ATS might run
> Reporter: M. Nunberg
> Fix For: 3.1.0
>
>
> Here is a patch I drew up a few months ago against a snapshot of ATS/2.1.7 unstable/git. There are some quirks here, and I'm not that sure any more what this patch does exactly. However it:
> 1) Does fix SOCKS connections in general
> 2) Allows setting next-hop SOCKS proxy via the API
> Problems:
> See https://issues.apache.org/jira/browse/TS-802
> This has no effect on connections which are drawn from the connection pool, as it seems ATS currently doesn't maintain unique identities for peripheral connection params (source IP, SOCKS etc); i.e. this only affects new TCP connections to an OS.
> diff -x '*.o' -ru tsorig/iocore/net/I_NetVConnection.h tsgit217/iocore/net/I_NetVConnection.h
> --- tsorig/iocore/net/I_NetVConnection.h 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/I_NetVConnection.h 2011-03-17 14:37:18.000000000 +0000
> @@ -120,6 +120,13 @@
> /// Version of SOCKS to use.
> unsigned char socks_version;
> + struct {
> + unsigned int ip;
> + int port;
> + char *username;
> + char *password;
> + } socks_override;
> +
> int socket_recv_bufsize;
> int socket_send_bufsize;
> Only in tsgit217/iocore/net: Makefile
> Only in tsgit217/iocore/net: Makefile.in
> diff -x '*.o' -ru tsorig/iocore/net/P_Socks.h tsgit217/iocore/net/P_Socks.h
> --- tsorig/iocore/net/P_Socks.h 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/P_Socks.h 2011-03-17 13:17:20.000000000 +0000
> @@ -126,7 +126,7 @@
> unsigned char version;
> bool write_done;
> -
> + bool manual_parent_selection;
> SocksAuthHandler auth_handler;
> unsigned char socks_cmd;
> @@ -145,7 +145,8 @@
> SocksEntry():Continuation(NULL), netVConnection(0),
> ip(0), port(0), server_ip(0), server_port(0), nattempts(0),
> - lerrno(0), timeout(0), version(5), write_done(false), auth_handler(NULL), socks_cmd(NORMAL_SOCKS)
> + lerrno(0), timeout(0), version(5), write_done(false), manual_parent_selection(false),
> + auth_handler(NULL), socks_cmd(NORMAL_SOCKS)
> {
> }
> };
> diff -x '*.o' -ru tsorig/iocore/net/Socks.cc tsgit217/iocore/net/Socks.cc
> --- tsorig/iocore/net/Socks.cc 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/Socks.cc 2011-03-17 13:46:07.000000000 +0000
> @@ -73,7 +73,8 @@
> nattempts = 0;
> findServer();
> - timeout = this_ethread()->schedule_in(this, HRTIME_SECONDS(netProcessor.socks_conf_stuff->server_connect_timeout));
> +// timeout = this_ethread()->schedule_in(this, HRTIME_SECONDS(netProcessor.socks_conf_stuff->server_connect_timeout));
> + timeout = this_ethread()->schedule_in(this, HRTIME_SECONDS(5));
> write_done = false;
> }
> @@ -81,6 +82,15 @@
> SocksEntry::findServer()
> {
> nattempts++;
> + if(manual_parent_selection) {
> + if(nattempts > 1) {
> + //Nullify IP and PORT
> + server_ip = -1;
> + server_port = 0;
> + }
> + Debug("mndebug(Socks)", "findServer() is a noop with manual socks selection");
> + return;
> + }
> #ifdef SOCKS_WITH_TS
> if (nattempts == 1) {
> @@ -187,7 +197,6 @@
> }
> Debug("Socks", "Failed to connect to %u.%u.%u.%u:%d", PRINT_IP(server_ip), server_port);
> -
> findServer();
> if (server_ip == (uint32_t) - 1) {
> diff -x '*.o' -ru tsorig/iocore/net/UnixNetProcessor.cc tsgit217/iocore/net/UnixNetProcessor.cc
> --- tsorig/iocore/net/UnixNetProcessor.cc 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/UnixNetProcessor.cc 2011-03-17 15:48:38.000000000 +0000
> @@ -228,6 +228,11 @@
> !socks_conf_stuff->ip_range.match(ip))
> #endif
> );
> + if(opt->socks_override.ip >= 1) {
> + using_socks = true;
> + Debug("mndebug", "trying to set using_socks to true");
> + }
> +
> SocksEntry *socksEntry = NULL;
> #endif
> NET_SUM_GLOBAL_DYN_STAT(net_connections_currently_open_stat, 1);
> @@ -242,6 +247,16 @@
> if (using_socks) {
> Debug("Socks", "Using Socks ip: %u.%u.%u.%u:%d\n", PRINT_IP(ip), port);
> socksEntry = socksAllocator.alloc();
> +
> + if (opt->socks_override.ip) {
> + //Needs to be done before socksEntry->init()
> + socksEntry->server_ip = opt->socks_override.ip;
> + socksEntry->server_port = opt->socks_override.port;
> + socksEntry->manual_parent_selection = true;
> + opt->socks_support = NORMAL_SOCKS;
> + Debug("mndebug(Socks)", "SOCKS proxy selected manually");
> + }
> +
> socksEntry->init(cont->mutex, vc, opt->socks_support, opt->socks_version); /*XXXX remove last two args */
> socksEntry->action_ = cont;
> cont = socksEntry;
> diff -x '*.o' -ru tsorig/proxy/InkAPI.cc tsgit217/proxy/InkAPI.cc
> --- tsorig/proxy/InkAPI.cc 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/InkAPI.cc 2011-03-17 15:43:23.000000000 +0000
> @@ -5239,6 +5239,15 @@
> }
> void
> +TSHttpTxnSocksProxySet(TSHttpTxn txnp, unsigned int ipaddr, int port)
> +{
> + sdk_assert(sdk_sanity_check_txn(txnp) == TS_SUCCESS);
> + HttpSM *sm = (HttpSM*) txnp;
> + sm->t_state.api_info.socks_proxy_ipaddr = ipaddr;
> + sm->t_state.api_info.socks_proxy_port = port;
> +}
> +
> +void
> TSHttpTxnUntransformedRespCache(TSHttpTxn txnp, int on)
> {
> sdk_assert(sdk_sanity_check_txn(txnp) == TS_SUCCESS);
> diff -x '*.o' -ru tsorig/proxy/api/ts/ts.h.in tsgit217/proxy/api/ts/ts.h.in
> --- tsorig/proxy/api/ts/ts.h.in 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/api/ts/ts.h.in 2011-03-17 15:43:04.000000000 +0000
> @@ -2134,6 +2134,7 @@
> */
> tsapi void TSHttpTxnParentProxySet(TSHttpTxn txnp, char* hostname, int port);
> + tsapi void TSHttpTxnSocksProxySet(TSHttpTxn txnp, unsigned int ipaddr, int port);
> tsapi void TSHttpTxnUntransformedRespCache(TSHttpTxn txnp, int on);
> tsapi void TSHttpTxnTransformedRespCache(TSHttpTxn txnp, int on);
> diff -x '*.o' -ru tsorig/proxy/http/HttpSM.cc tsgit217/proxy/http/HttpSM.cc
> --- tsorig/proxy/http/HttpSM.cc 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/http/HttpSM.cc 2011-03-17 15:53:07.000000000 +0000
> @@ -3658,6 +3658,7 @@
> // before we return from this function for forward proxy
> t_state.pristine_url.create(t_state.hdr_info.client_request.url_get()->m_heap);
> t_state.pristine_url.copy(t_state.hdr_info.client_request.url_get());
> + Debug("url_rewrite", "URL is %s", t_state.pristine_url.string_get_ref(NULL));
> if (!ret) {
> Debug("url_rewrite", "Could not find a valid remapping entry for this request [%" PRId64 "]", sm_id);
> @@ -4077,6 +4078,8 @@
> opt.addr_binding = NetVCOptions::FOREIGN_ADDR;
> opt.local_addr = t_state.client_info.ip;
> }
> + opt.socks_override.ip = t_state.api_info.socks_proxy_ipaddr;
> + opt.socks_override.port = t_state.api_info.socks_proxy_port;
> Debug("http", "[%" PRId64 "] open connection to %s: %u.%u.%u.%u",
> sm_id, t_state.current.server->name, PRINT_IP(t_state.current.server->ip));
> @@ -4124,6 +4127,11 @@
> // to do this but as far I can tell the code that prevented keep-alive if
> // there is a request body has been removed.
> + //FIXME: We won't always be using from the shared connection pool. In the new architecture, the only time
> + //We don't need a new connection is in the case of chaining HTTP proxies. Otherwise the session manager
> + //Doesn't keep track of src IPs or SOCKS proxies.
> +
> +
> if (raw == false && t_state.http_config_param->share_server_sessions &&
> (t_state.txn_conf->keep_alive_post_out == 1 || t_state.hdr_info.request_content_length == 0) &&
> ua_session != NULL) {
> diff -x '*.o' -ru tsorig/proxy/http/HttpTransact.h tsgit217/proxy/http/HttpTransact.h
> --- tsorig/proxy/http/HttpTransact.h 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/http/HttpTransact.h 2011-03-17 15:39:05.000000000 +0000
> @@ -317,6 +317,8 @@
> {
> char *parent_proxy_name;
> int parent_proxy_port;
> + unsigned int socks_proxy_ipaddr;
> + int socks_proxy_port;
> bool cache_untransformed;
> bool cache_transformed;
> bool logging_enabled;
> @@ -325,6 +327,8 @@
> _HttpApiInfo()
> : parent_proxy_name(NULL),
> parent_proxy_port(-1),
> + socks_proxy_ipaddr(0),
> + socks_proxy_port(0),
> cache_untransformed(false), cache_transformed(true), logging_enabled(true), retry_intercept_failures(false)
> { }
> } HttpApiInfo;
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (TS-803) Fix SOCKS breakage and allow for setting
next-hop SOCKS
Posted by "Leif Hedstrom (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-803?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Leif Hedstrom updated TS-803:
-----------------------------
Fix Version/s: (was: 3.1.0)
3.1.1
Moving out, at least until we get a new patch that can be applied / tested / reviewed.
> Fix SOCKS breakage and allow for setting next-hop SOCKS
> -------------------------------------------------------
>
> Key: TS-803
> URL: https://issues.apache.org/jira/browse/TS-803
> Project: Traffic Server
> Issue Type: New Feature
> Components: Network
> Environment: Wherever ATS might run
> Reporter: M. Nunberg
> Fix For: 3.1.1
>
>
> Here is a patch I drew up a few months ago against a snapshot of ATS/2.1.7 unstable/git. There are some quirks here, and I'm not that sure any more what this patch does exactly. However it:
> 1) Does fix SOCKS connections in general
> 2) Allows setting next-hop SOCKS proxy via the API
> Problems:
> See https://issues.apache.org/jira/browse/TS-802
> This has no effect on connections which are drawn from the connection pool, as it seems ATS currently doesn't maintain unique identities for peripheral connection params (source IP, SOCKS etc); i.e. this only affects new TCP connections to an OS.
> diff -x '*.o' -ru tsorig/iocore/net/I_NetVConnection.h tsgit217/iocore/net/I_NetVConnection.h
> --- tsorig/iocore/net/I_NetVConnection.h 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/I_NetVConnection.h 2011-03-17 14:37:18.000000000 +0000
> @@ -120,6 +120,13 @@
> /// Version of SOCKS to use.
> unsigned char socks_version;
> + struct {
> + unsigned int ip;
> + int port;
> + char *username;
> + char *password;
> + } socks_override;
> +
> int socket_recv_bufsize;
> int socket_send_bufsize;
> Only in tsgit217/iocore/net: Makefile
> Only in tsgit217/iocore/net: Makefile.in
> diff -x '*.o' -ru tsorig/iocore/net/P_Socks.h tsgit217/iocore/net/P_Socks.h
> --- tsorig/iocore/net/P_Socks.h 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/P_Socks.h 2011-03-17 13:17:20.000000000 +0000
> @@ -126,7 +126,7 @@
> unsigned char version;
> bool write_done;
> -
> + bool manual_parent_selection;
> SocksAuthHandler auth_handler;
> unsigned char socks_cmd;
> @@ -145,7 +145,8 @@
> SocksEntry():Continuation(NULL), netVConnection(0),
> ip(0), port(0), server_ip(0), server_port(0), nattempts(0),
> - lerrno(0), timeout(0), version(5), write_done(false), auth_handler(NULL), socks_cmd(NORMAL_SOCKS)
> + lerrno(0), timeout(0), version(5), write_done(false), manual_parent_selection(false),
> + auth_handler(NULL), socks_cmd(NORMAL_SOCKS)
> {
> }
> };
> diff -x '*.o' -ru tsorig/iocore/net/Socks.cc tsgit217/iocore/net/Socks.cc
> --- tsorig/iocore/net/Socks.cc 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/Socks.cc 2011-03-17 13:46:07.000000000 +0000
> @@ -73,7 +73,8 @@
> nattempts = 0;
> findServer();
> - timeout = this_ethread()->schedule_in(this, HRTIME_SECONDS(netProcessor.socks_conf_stuff->server_connect_timeout));
> +// timeout = this_ethread()->schedule_in(this, HRTIME_SECONDS(netProcessor.socks_conf_stuff->server_connect_timeout));
> + timeout = this_ethread()->schedule_in(this, HRTIME_SECONDS(5));
> write_done = false;
> }
> @@ -81,6 +82,15 @@
> SocksEntry::findServer()
> {
> nattempts++;
> + if(manual_parent_selection) {
> + if(nattempts > 1) {
> + //Nullify IP and PORT
> + server_ip = -1;
> + server_port = 0;
> + }
> + Debug("mndebug(Socks)", "findServer() is a noop with manual socks selection");
> + return;
> + }
> #ifdef SOCKS_WITH_TS
> if (nattempts == 1) {
> @@ -187,7 +197,6 @@
> }
> Debug("Socks", "Failed to connect to %u.%u.%u.%u:%d", PRINT_IP(server_ip), server_port);
> -
> findServer();
> if (server_ip == (uint32_t) - 1) {
> diff -x '*.o' -ru tsorig/iocore/net/UnixNetProcessor.cc tsgit217/iocore/net/UnixNetProcessor.cc
> --- tsorig/iocore/net/UnixNetProcessor.cc 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/UnixNetProcessor.cc 2011-03-17 15:48:38.000000000 +0000
> @@ -228,6 +228,11 @@
> !socks_conf_stuff->ip_range.match(ip))
> #endif
> );
> + if(opt->socks_override.ip >= 1) {
> + using_socks = true;
> + Debug("mndebug", "trying to set using_socks to true");
> + }
> +
> SocksEntry *socksEntry = NULL;
> #endif
> NET_SUM_GLOBAL_DYN_STAT(net_connections_currently_open_stat, 1);
> @@ -242,6 +247,16 @@
> if (using_socks) {
> Debug("Socks", "Using Socks ip: %u.%u.%u.%u:%d\n", PRINT_IP(ip), port);
> socksEntry = socksAllocator.alloc();
> +
> + if (opt->socks_override.ip) {
> + //Needs to be done before socksEntry->init()
> + socksEntry->server_ip = opt->socks_override.ip;
> + socksEntry->server_port = opt->socks_override.port;
> + socksEntry->manual_parent_selection = true;
> + opt->socks_support = NORMAL_SOCKS;
> + Debug("mndebug(Socks)", "SOCKS proxy selected manually");
> + }
> +
> socksEntry->init(cont->mutex, vc, opt->socks_support, opt->socks_version); /*XXXX remove last two args */
> socksEntry->action_ = cont;
> cont = socksEntry;
> diff -x '*.o' -ru tsorig/proxy/InkAPI.cc tsgit217/proxy/InkAPI.cc
> --- tsorig/proxy/InkAPI.cc 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/InkAPI.cc 2011-03-17 15:43:23.000000000 +0000
> @@ -5239,6 +5239,15 @@
> }
> void
> +TSHttpTxnSocksProxySet(TSHttpTxn txnp, unsigned int ipaddr, int port)
> +{
> + sdk_assert(sdk_sanity_check_txn(txnp) == TS_SUCCESS);
> + HttpSM *sm = (HttpSM*) txnp;
> + sm->t_state.api_info.socks_proxy_ipaddr = ipaddr;
> + sm->t_state.api_info.socks_proxy_port = port;
> +}
> +
> +void
> TSHttpTxnUntransformedRespCache(TSHttpTxn txnp, int on)
> {
> sdk_assert(sdk_sanity_check_txn(txnp) == TS_SUCCESS);
> diff -x '*.o' -ru tsorig/proxy/api/ts/ts.h.in tsgit217/proxy/api/ts/ts.h.in
> --- tsorig/proxy/api/ts/ts.h.in 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/api/ts/ts.h.in 2011-03-17 15:43:04.000000000 +0000
> @@ -2134,6 +2134,7 @@
> */
> tsapi void TSHttpTxnParentProxySet(TSHttpTxn txnp, char* hostname, int port);
> + tsapi void TSHttpTxnSocksProxySet(TSHttpTxn txnp, unsigned int ipaddr, int port);
> tsapi void TSHttpTxnUntransformedRespCache(TSHttpTxn txnp, int on);
> tsapi void TSHttpTxnTransformedRespCache(TSHttpTxn txnp, int on);
> diff -x '*.o' -ru tsorig/proxy/http/HttpSM.cc tsgit217/proxy/http/HttpSM.cc
> --- tsorig/proxy/http/HttpSM.cc 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/http/HttpSM.cc 2011-03-17 15:53:07.000000000 +0000
> @@ -3658,6 +3658,7 @@
> // before we return from this function for forward proxy
> t_state.pristine_url.create(t_state.hdr_info.client_request.url_get()->m_heap);
> t_state.pristine_url.copy(t_state.hdr_info.client_request.url_get());
> + Debug("url_rewrite", "URL is %s", t_state.pristine_url.string_get_ref(NULL));
> if (!ret) {
> Debug("url_rewrite", "Could not find a valid remapping entry for this request [%" PRId64 "]", sm_id);
> @@ -4077,6 +4078,8 @@
> opt.addr_binding = NetVCOptions::FOREIGN_ADDR;
> opt.local_addr = t_state.client_info.ip;
> }
> + opt.socks_override.ip = t_state.api_info.socks_proxy_ipaddr;
> + opt.socks_override.port = t_state.api_info.socks_proxy_port;
> Debug("http", "[%" PRId64 "] open connection to %s: %u.%u.%u.%u",
> sm_id, t_state.current.server->name, PRINT_IP(t_state.current.server->ip));
> @@ -4124,6 +4127,11 @@
> // to do this but as far I can tell the code that prevented keep-alive if
> // there is a request body has been removed.
> + //FIXME: We won't always be using from the shared connection pool. In the new architecture, the only time
> + //We don't need a new connection is in the case of chaining HTTP proxies. Otherwise the session manager
> + //Doesn't keep track of src IPs or SOCKS proxies.
> +
> +
> if (raw == false && t_state.http_config_param->share_server_sessions &&
> (t_state.txn_conf->keep_alive_post_out == 1 || t_state.hdr_info.request_content_length == 0) &&
> ua_session != NULL) {
> diff -x '*.o' -ru tsorig/proxy/http/HttpTransact.h tsgit217/proxy/http/HttpTransact.h
> --- tsorig/proxy/http/HttpTransact.h 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/http/HttpTransact.h 2011-03-17 15:39:05.000000000 +0000
> @@ -317,6 +317,8 @@
> {
> char *parent_proxy_name;
> int parent_proxy_port;
> + unsigned int socks_proxy_ipaddr;
> + int socks_proxy_port;
> bool cache_untransformed;
> bool cache_transformed;
> bool logging_enabled;
> @@ -325,6 +327,8 @@
> _HttpApiInfo()
> : parent_proxy_name(NULL),
> parent_proxy_port(-1),
> + socks_proxy_ipaddr(0),
> + socks_proxy_port(0),
> cache_untransformed(false), cache_transformed(true), logging_enabled(true), retry_intercept_failures(false)
> { }
> } HttpApiInfo;
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (TS-803) Fix SOCKS breakage and allow for setting
next-hop SOCKS
Posted by "Leif Hedstrom (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-803?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Leif Hedstrom updated TS-803:
-----------------------------
Fix Version/s: (was: 3.1.2)
3.1.3
I'm moving all 3.1.2 bugs out to 3.1.3, and we can move some 3.1.1 bugs out to 3.1.2, to get some release action going.
> Fix SOCKS breakage and allow for setting next-hop SOCKS
> -------------------------------------------------------
>
> Key: TS-803
> URL: https://issues.apache.org/jira/browse/TS-803
> Project: Traffic Server
> Issue Type: New Feature
> Components: Network
> Environment: Wherever ATS might run
> Reporter: M. Nunberg
> Fix For: 3.1.3
>
>
> Here is a patch I drew up a few months ago against a snapshot of ATS/2.1.7 unstable/git. There are some quirks here, and I'm not that sure any more what this patch does exactly. However it:
> 1) Does fix SOCKS connections in general
> 2) Allows setting next-hop SOCKS proxy via the API
> Problems:
> See https://issues.apache.org/jira/browse/TS-802
> This has no effect on connections which are drawn from the connection pool, as it seems ATS currently doesn't maintain unique identities for peripheral connection params (source IP, SOCKS etc); i.e. this only affects new TCP connections to an OS.
> diff -x '*.o' -ru tsorig/iocore/net/I_NetVConnection.h tsgit217/iocore/net/I_NetVConnection.h
> --- tsorig/iocore/net/I_NetVConnection.h 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/I_NetVConnection.h 2011-03-17 14:37:18.000000000 +0000
> @@ -120,6 +120,13 @@
> /// Version of SOCKS to use.
> unsigned char socks_version;
> + struct {
> + unsigned int ip;
> + int port;
> + char *username;
> + char *password;
> + } socks_override;
> +
> int socket_recv_bufsize;
> int socket_send_bufsize;
> Only in tsgit217/iocore/net: Makefile
> Only in tsgit217/iocore/net: Makefile.in
> diff -x '*.o' -ru tsorig/iocore/net/P_Socks.h tsgit217/iocore/net/P_Socks.h
> --- tsorig/iocore/net/P_Socks.h 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/P_Socks.h 2011-03-17 13:17:20.000000000 +0000
> @@ -126,7 +126,7 @@
> unsigned char version;
> bool write_done;
> -
> + bool manual_parent_selection;
> SocksAuthHandler auth_handler;
> unsigned char socks_cmd;
> @@ -145,7 +145,8 @@
> SocksEntry():Continuation(NULL), netVConnection(0),
> ip(0), port(0), server_ip(0), server_port(0), nattempts(0),
> - lerrno(0), timeout(0), version(5), write_done(false), auth_handler(NULL), socks_cmd(NORMAL_SOCKS)
> + lerrno(0), timeout(0), version(5), write_done(false), manual_parent_selection(false),
> + auth_handler(NULL), socks_cmd(NORMAL_SOCKS)
> {
> }
> };
> diff -x '*.o' -ru tsorig/iocore/net/Socks.cc tsgit217/iocore/net/Socks.cc
> --- tsorig/iocore/net/Socks.cc 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/Socks.cc 2011-03-17 13:46:07.000000000 +0000
> @@ -73,7 +73,8 @@
> nattempts = 0;
> findServer();
> - timeout = this_ethread()->schedule_in(this, HRTIME_SECONDS(netProcessor.socks_conf_stuff->server_connect_timeout));
> +// timeout = this_ethread()->schedule_in(this, HRTIME_SECONDS(netProcessor.socks_conf_stuff->server_connect_timeout));
> + timeout = this_ethread()->schedule_in(this, HRTIME_SECONDS(5));
> write_done = false;
> }
> @@ -81,6 +82,15 @@
> SocksEntry::findServer()
> {
> nattempts++;
> + if(manual_parent_selection) {
> + if(nattempts > 1) {
> + //Nullify IP and PORT
> + server_ip = -1;
> + server_port = 0;
> + }
> + Debug("mndebug(Socks)", "findServer() is a noop with manual socks selection");
> + return;
> + }
> #ifdef SOCKS_WITH_TS
> if (nattempts == 1) {
> @@ -187,7 +197,6 @@
> }
> Debug("Socks", "Failed to connect to %u.%u.%u.%u:%d", PRINT_IP(server_ip), server_port);
> -
> findServer();
> if (server_ip == (uint32_t) - 1) {
> diff -x '*.o' -ru tsorig/iocore/net/UnixNetProcessor.cc tsgit217/iocore/net/UnixNetProcessor.cc
> --- tsorig/iocore/net/UnixNetProcessor.cc 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/UnixNetProcessor.cc 2011-03-17 15:48:38.000000000 +0000
> @@ -228,6 +228,11 @@
> !socks_conf_stuff->ip_range.match(ip))
> #endif
> );
> + if(opt->socks_override.ip >= 1) {
> + using_socks = true;
> + Debug("mndebug", "trying to set using_socks to true");
> + }
> +
> SocksEntry *socksEntry = NULL;
> #endif
> NET_SUM_GLOBAL_DYN_STAT(net_connections_currently_open_stat, 1);
> @@ -242,6 +247,16 @@
> if (using_socks) {
> Debug("Socks", "Using Socks ip: %u.%u.%u.%u:%d\n", PRINT_IP(ip), port);
> socksEntry = socksAllocator.alloc();
> +
> + if (opt->socks_override.ip) {
> + //Needs to be done before socksEntry->init()
> + socksEntry->server_ip = opt->socks_override.ip;
> + socksEntry->server_port = opt->socks_override.port;
> + socksEntry->manual_parent_selection = true;
> + opt->socks_support = NORMAL_SOCKS;
> + Debug("mndebug(Socks)", "SOCKS proxy selected manually");
> + }
> +
> socksEntry->init(cont->mutex, vc, opt->socks_support, opt->socks_version); /*XXXX remove last two args */
> socksEntry->action_ = cont;
> cont = socksEntry;
> diff -x '*.o' -ru tsorig/proxy/InkAPI.cc tsgit217/proxy/InkAPI.cc
> --- tsorig/proxy/InkAPI.cc 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/InkAPI.cc 2011-03-17 15:43:23.000000000 +0000
> @@ -5239,6 +5239,15 @@
> }
> void
> +TSHttpTxnSocksProxySet(TSHttpTxn txnp, unsigned int ipaddr, int port)
> +{
> + sdk_assert(sdk_sanity_check_txn(txnp) == TS_SUCCESS);
> + HttpSM *sm = (HttpSM*) txnp;
> + sm->t_state.api_info.socks_proxy_ipaddr = ipaddr;
> + sm->t_state.api_info.socks_proxy_port = port;
> +}
> +
> +void
> TSHttpTxnUntransformedRespCache(TSHttpTxn txnp, int on)
> {
> sdk_assert(sdk_sanity_check_txn(txnp) == TS_SUCCESS);
> diff -x '*.o' -ru tsorig/proxy/api/ts/ts.h.in tsgit217/proxy/api/ts/ts.h.in
> --- tsorig/proxy/api/ts/ts.h.in 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/api/ts/ts.h.in 2011-03-17 15:43:04.000000000 +0000
> @@ -2134,6 +2134,7 @@
> */
> tsapi void TSHttpTxnParentProxySet(TSHttpTxn txnp, char* hostname, int port);
> + tsapi void TSHttpTxnSocksProxySet(TSHttpTxn txnp, unsigned int ipaddr, int port);
> tsapi void TSHttpTxnUntransformedRespCache(TSHttpTxn txnp, int on);
> tsapi void TSHttpTxnTransformedRespCache(TSHttpTxn txnp, int on);
> diff -x '*.o' -ru tsorig/proxy/http/HttpSM.cc tsgit217/proxy/http/HttpSM.cc
> --- tsorig/proxy/http/HttpSM.cc 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/http/HttpSM.cc 2011-03-17 15:53:07.000000000 +0000
> @@ -3658,6 +3658,7 @@
> // before we return from this function for forward proxy
> t_state.pristine_url.create(t_state.hdr_info.client_request.url_get()->m_heap);
> t_state.pristine_url.copy(t_state.hdr_info.client_request.url_get());
> + Debug("url_rewrite", "URL is %s", t_state.pristine_url.string_get_ref(NULL));
> if (!ret) {
> Debug("url_rewrite", "Could not find a valid remapping entry for this request [%" PRId64 "]", sm_id);
> @@ -4077,6 +4078,8 @@
> opt.addr_binding = NetVCOptions::FOREIGN_ADDR;
> opt.local_addr = t_state.client_info.ip;
> }
> + opt.socks_override.ip = t_state.api_info.socks_proxy_ipaddr;
> + opt.socks_override.port = t_state.api_info.socks_proxy_port;
> Debug("http", "[%" PRId64 "] open connection to %s: %u.%u.%u.%u",
> sm_id, t_state.current.server->name, PRINT_IP(t_state.current.server->ip));
> @@ -4124,6 +4127,11 @@
> // to do this but as far I can tell the code that prevented keep-alive if
> // there is a request body has been removed.
> + //FIXME: We won't always be using from the shared connection pool. In the new architecture, the only time
> + //We don't need a new connection is in the case of chaining HTTP proxies. Otherwise the session manager
> + //Doesn't keep track of src IPs or SOCKS proxies.
> +
> +
> if (raw == false && t_state.http_config_param->share_server_sessions &&
> (t_state.txn_conf->keep_alive_post_out == 1 || t_state.hdr_info.request_content_length == 0) &&
> ua_session != NULL) {
> diff -x '*.o' -ru tsorig/proxy/http/HttpTransact.h tsgit217/proxy/http/HttpTransact.h
> --- tsorig/proxy/http/HttpTransact.h 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/http/HttpTransact.h 2011-03-17 15:39:05.000000000 +0000
> @@ -317,6 +317,8 @@
> {
> char *parent_proxy_name;
> int parent_proxy_port;
> + unsigned int socks_proxy_ipaddr;
> + int socks_proxy_port;
> bool cache_untransformed;
> bool cache_transformed;
> bool logging_enabled;
> @@ -325,6 +327,8 @@
> _HttpApiInfo()
> : parent_proxy_name(NULL),
> parent_proxy_port(-1),
> + socks_proxy_ipaddr(0),
> + socks_proxy_port(0),
> cache_untransformed(false), cache_transformed(true), logging_enabled(true), retry_intercept_failures(false)
> { }
> } HttpApiInfo;
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira