You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by bn...@apache.org on 2022/06/28 19:22:59 UTC
[trafficserver] 01/01: Merge the latest ASF master into 10-Dev
This is an automated email from the ASF dual-hosted git repository.
bneradt pushed a commit to branch 10-Dev
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit ddb9a0d281d2bead49895c8185e09b1e99cf5e9d
Merge: bf5d2594a 952bf25a3
Author: Brian Neradt <br...@gmail.com>
AuthorDate: Tue Jun 28 19:22:18 2022 +0000
Merge the latest ASF master into 10-Dev
Conflicts:
tests/gold_tests/autest-site/trafficserver.test.ext
tests/gold_tests/cont_schedule/schedule.test.py
tests/gold_tests/pluginTest/lua/lua_states_stats.test.py
tests/gold_tests/pluginTest/transform/transaction_data_sink.test.py
build/crypto.m4 | 2 +-
configure.ac | 1 +
doc/admin-guide/logging/formatting.en.rst | 8 +-
doc/admin-guide/plugins/index.en.rst | 4 +
doc/admin-guide/plugins/remap_stats.en.rst | 71 ++++++++++
example/plugins/lua-api/modsecurity/README.md | 4 +-
example/plugins/lua-api/modsecurity/owasp.conf | 1 +
include/tscore/HKDF.h | 15 ++-
.../cache/test/test_Alternate_S_to_L_remove_L.cc | 2 +-
.../cache/test/test_Alternate_S_to_L_remove_S.cc | 2 +-
iocore/net/P_SSLSNI.h | 101 +++++----------
iocore/net/SSLNetVConnection.cc | 10 +-
iocore/net/SSLSNIConfig.cc | 99 ++++++++++----
iocore/net/quic/QUICHKDF.h | 2 +-
iocore/net/quic/QUICKeyGenerator.cc | 6 +-
iocore/net/quic/QUICTLS.h | 2 +-
iocore/net/quic/QUICTLS_boringssl.cc | 6 +-
iocore/net/quic/QUICTLS_openssl.cc | 6 +-
.../access_control/unit_tests/test_utils.cc | 8 ++
plugins/experimental/uri_signing/jwt.c | 5 +
plugins/experimental/uri_signing/parse.c | 12 +-
plugins/stats_over_http/stats_over_http.c | 16 +--
proxy/http/HttpSM.cc | 5 +-
proxy/http/PreWarmManager.cc | 4 +-
proxy/http/remap/PluginDso.cc | 3 -
proxy/http2/HPACK.cc | 7 +-
proxy/logging/Log.cc | 87 ++++++-------
proxy/logging/LogAccess.cc | 144 ++++++++++++++++++++-
proxy/logging/LogAccess.h | 4 +-
proxy/logging/LogBuffer.cc | 8 +-
proxy/logging/LogBuffer.h | 4 +-
proxy/logging/LogField.cc | 42 +++---
proxy/logging/LogField.h | 17 ++-
proxy/logging/LogFile.cc | 7 +-
proxy/logging/LogFile.h | 9 +-
proxy/logging/LogFormat.cc | 8 +-
proxy/logging/LogFormat.h | 8 +-
proxy/logging/LogObject.cc | 4 +-
proxy/logging/Makefile.am | 1 +
proxy/logging/YamlLogConfigDecoders.cc | 18 ++-
src/tscore/HKDF_boringssl.cc | 10 +-
src/tscore/HKDF_openssl.cc | 7 +-
src/tscore/HKDF_openssl3.cc | 85 ++++++++++++
src/tscore/Makefile.am | 4 +
src/tscore/unit_tests/test_HKDF.cc | 14 +-
.../gold_tests/autest-site/trafficserver.test.ext | 41 ++++--
.../chunked_encoding/bad_chunked_encoding.test.py | 2 +-
.../cont_schedule/schedule_on_pool.test.py | 4 +-
.../cont_schedule/schedule_on_thread.test.py | 4 +-
.../cont_schedule/thread_affinity.test.py | 4 +-
tests/gold_tests/continuations/session_id.test.py | 2 +-
tests/gold_tests/h2/nghttp.test.py | 2 +-
tests/gold_tests/ip_allow/ip_allow.test.py | 4 +-
tests/gold_tests/logging/gold/field-json-test.gold | 3 +
.../gold_tests/logging/log-debug-client-ip.test.py | 8 +-
tests/gold_tests/logging/log-field-json.test.py | 109 ++++++++++++++++
tests/gold_tests/logging/log-filenames.test.py | 2 +-
tests/gold_tests/logging/log_pipe.test.py | 14 +-
tests/gold_tests/logging/log_retention.test.py | 88 ++++++-------
.../next_hop/strategies_ch/strategies_ch.test.py | 2 +-
.../next_hop/strategies_ch2/strategies_ch2.test.py | 2 +-
.../zzz_strategies_peer.test.py | 2 +-
.../zzz_strategies_peer2.test.py | 2 +-
.../null_transform/null_transform.test.py | 2 +-
.../pluginTest/cert_update/cert_update.test.py | 4 +-
.../pluginTest/cookie_remap/bucketcookie.test.py | 2 +-
.../cookie_remap/collapseslashes.test.py | 2 +-
.../pluginTest/cookie_remap/connector.test.py | 2 +-
.../pluginTest/cookie_remap/existscookie.test.py | 2 +-
.../pluginTest/cookie_remap/matchcookie.test.py | 2 +-
.../pluginTest/cookie_remap/matchuri.test.py | 2 +-
.../pluginTest/cookie_remap/matrixparams.test.py | 2 +-
.../cookie_remap/notexistscookie.test.py | 2 +-
.../cookie_remap/pcollapseslashes.test.py | 2 +-
.../pluginTest/cookie_remap/psubstitute.test.py | 2 +-
.../pluginTest/cookie_remap/regexcookie.test.py | 2 +-
.../pluginTest/cookie_remap/setstatus.test.py | 2 +-
.../pluginTest/cookie_remap/subcookie.test.py | 2 +-
.../pluginTest/cookie_remap/substitute.test.py | 2 +-
.../header_rewrite/header_rewrite.test.py | 2 +-
.../header_rewrite/header_rewrite_l_value.test.py | 2 +-
.../header_rewrite/header_rewrite_url.test.py | 4 +-
tests/gold_tests/pluginTest/lua/lifecycle_stats.sh | 2 +-
.../pluginTest/lua/lua_states_stats.test.py | 6 +-
.../pluginTest/lua/lua_watermark.test.py | 2 +-
.../pluginTest/parent_select/parent_select.test.py | 2 +-
.../parent_select_optional_scheme_matching.test.py | 2 +-
.../parent_select/parent_select_peer.test.py | 2 +-
.../parent_select/parent_select_peer2.test.py | 2 +-
.../prefetch_simple/prefetch_simple.test.py | 2 +-
.../gold/stats_over_http_0_stderr.gold | 2 +-
.../pluginTest/stek_share/stek_share.test.py | 10 +-
.../pluginTest/test_hooks/hook_add.test.py | 2 +-
.../test_hooks/ssn_start_delay_hook.test.py | 2 +-
.../pluginTest/traffic_dump/traffic_dump.test.py | 8 +-
.../traffic_dump/traffic_dump_http3.test.py | 6 +-
.../traffic_dump/traffic_dump_ip_filter.test.py | 4 +-
.../traffic_dump_response_body.test.py | 2 +-
.../traffic_dump/traffic_dump_sni_filter.test.py | 4 +-
.../transform/transaction_data_sink.test.py | 14 +-
.../pluginTest/uri_signing/uri_signing.test.py | 15 ++-
.../proxy_protocol/gold/proxy_serve_stale.gold | 58 ---------
.../proxy_protocol/proxy_serve_stale.test.py | 101 +++++++--------
.../replay/proxy_serve_stale.replay.yaml | 142 ++++++++++++++++++++
.../session_sharing/session_match.test.py | 4 +-
tests/gold_tests/shutdown/emergency.test.py | 2 +-
tests/gold_tests/shutdown/fatal.test.py | 2 +-
tests/gold_tests/tls/ssl_multicert_loader.test.py | 2 +-
tests/gold_tests/tls/tls_engine.test.py | 2 +-
.../gold_tests/tls/tls_hooks_client_verify.test.py | 8 +-
tests/gold_tests/tls/tls_hooks_verify.test.py | 14 +-
.../tls/tls_origin_session_reuse.test.py | 14 +-
.../tls_hooks/gold/ts-close-out-close.gold | 1 +
tests/gold_tests/tls_hooks/tls_hooks.test.py | 4 +-
tests/gold_tests/tls_hooks/tls_hooks10.test.py | 2 +-
tests/gold_tests/tls_hooks/tls_hooks11.test.py | 4 +-
tests/gold_tests/tls_hooks/tls_hooks12.test.py | 2 +-
tests/gold_tests/tls_hooks/tls_hooks13.test.py | 2 +-
tests/gold_tests/tls_hooks/tls_hooks14.test.py | 2 +-
tests/gold_tests/tls_hooks/tls_hooks15.test.py | 2 +-
tests/gold_tests/tls_hooks/tls_hooks16.test.py | 4 +-
tests/gold_tests/tls_hooks/tls_hooks17.test.py | 4 +-
tests/gold_tests/tls_hooks/tls_hooks18.test.py | 6 +-
tests/gold_tests/tls_hooks/tls_hooks2.test.py | 4 +-
tests/gold_tests/tls_hooks/tls_hooks3.test.py | 4 +-
tests/gold_tests/tls_hooks/tls_hooks4.test.py | 10 +-
tests/gold_tests/tls_hooks/tls_hooks6.test.py | 6 +-
tests/gold_tests/tls_hooks/tls_hooks7.test.py | 6 +-
tests/gold_tests/tls_hooks/tls_hooks8.test.py | 6 +-
tests/gold_tests/tls_hooks/tls_hooks9.test.py | 4 +-
130 files changed, 1167 insertions(+), 564 deletions(-)
diff --cc tests/gold_tests/autest-site/trafficserver.test.ext
index e4f1b1921,fc0acd90b..3d4b5197f
--- a/tests/gold_tests/autest-site/trafficserver.test.ext
+++ b/tests/gold_tests/autest-site/trafficserver.test.ext
@@@ -40,7 -40,8 +40,8 @@@ default_log_data =
def MakeATSProcess(obj, name, command='traffic_server', select_ports=True,
enable_tls=False, enable_cache=True, enable_quic=False,
- block_for_debug=False, log_data=default_log_data, dump_runroot=True):
+ block_for_debug=False, log_data=default_log_data,
- use_traffic_out=True):
++ use_traffic_out=True, dump_runroot=True):
#####################################
# common locations
diff --cc tests/gold_tests/pluginTest/lua/lua_states_stats.test.py
index 3ac32328f,7061f5eb8..e9239e47c
--- a/tests/gold_tests/pluginTest/lua/lua_states_stats.test.py
+++ b/tests/gold_tests/pluginTest/lua/lua_states_stats.test.py
@@@ -28,11 -28,7 +28,7 @@@ Test.ContinueOnFail = Tru
# Define default ATS
server = Test.MakeOriginServer("server")
- # It is necessary to redirect stderr to a file so it will be available for examination by a test run.
- ts = Test.MakeATSProcess(
- "ts", command="traffic_server 2> " + Test.RunDirectory + "/ts.stderr.txt", select_ports=True)
-
- ts.ReturnCode = 0
-ts = Test.MakeATSProcess("ts", command="traffic_manager", select_ports=True)
++ts = Test.MakeATSProcess("ts", select_ports=True)
Test.testName = "Lua states and stats"
diff --cc tests/gold_tests/pluginTest/transform/transaction_data_sink.test.py
index ecbe08068,172cc1c87..63686d772
--- a/tests/gold_tests/pluginTest/transform/transaction_data_sink.test.py
+++ b/tests/gold_tests/pluginTest/transform/transaction_data_sink.test.py
@@@ -24,75 -26,26 +24,75 @@@ Test.SkipUnless
Condition.PluginExists('txn_data_sink.so'),
)
-replay_file = "transaction-with-body.replays.yaml"
-server = Test.MakeVerifierServerProcess("server", replay_file)
-ts = Test.MakeATSProcess("ts", enable_cache=False)
-ts.Disk.records_config.update({
- 'proxy.config.diags.debug.enabled': 1,
- 'proxy.config.diags.debug.tags': 'txn_data_sink',
-})
-ts.Disk.remap_config.AddLine(
- f'map / http://localhost:{server.Variables.http_port}/'
-)
-ts.Disk.plugin_config.AddLine('txn_data_sink.so')
-
-# Verify that the various aspects of the expected debug output for the
-# transaction are logged.
-ts.Disk.traffic_out.Content = Testers.ContainsExpression(
- '"http1.1_response_body"',
- "The response body should be printed by the plugin.")
-
-tr = Test.AddTestRun()
-tr.Processes.Default.StartBefore(server)
-tr.Processes.Default.StartBefore(ts)
-tr.AddVerifierClientProcess("client-1", replay_file, http_ports=[ts.Variables.port])
+class TransactionDataSyncTest:
+
+ replay_file = "transaction-with-body.replays.yaml"
+
+ def __init__(self):
+ self._setupOriginServer()
+ self._setupTS()
+
+ def _setupOriginServer(self):
+ self.server = Test.MakeVerifierServerProcess(
+ "server", self.replay_file)
+
+ def _setupTS(self):
+ self.ts = Test.MakeATSProcess("ts", enable_cache=False, enable_tls=True)
+ self.ts.Disk.records_config.update({
+ "proxy.config.ssl.server.cert.path": f'{self.ts.Variables.SSLDir}',
+ "proxy.config.ssl.server.private_key.path": f'{self.ts.Variables.SSLDir}',
+ "proxy.config.ssl.client.verify.server.policy": 'PERMISSIVE',
+
+ 'proxy.config.diags.debug.enabled': 1,
+ 'proxy.config.diags.debug.tags': 'http|txn_data_sink',
+ })
+ self.ts.addDefaultSSLFiles()
+ self.ts.Disk.remap_config.AddLine(
+ f'map / http://localhost:{self.server.Variables.http_port}/'
+ )
+ self.ts.Disk.ssl_multicert_config.AddLine(
+ 'dest_ip=* ssl_cert_name=server.pem ssl_key_name=server.key'
+ )
+ self.ts.Disk.plugin_config.AddLine('txn_data_sink.so')
+
+ # All of the bodies that contained "not_dumped" were not configured to
+ # be dumped. Therefore it is a bug if they show up in the logs.
- self.ts.Streams.stderr += Testers.ExcludesExpression(
++ self.ts.Disk.traffic_out.Content += Testers.ExcludesExpression(
+ 'body_not_dumped',
+ "An unexpected body was dumped.")
+
+ # Verify that each of the configured transaction bodies were dumped.
- self.ts.Streams.stderr += Testers.ContainsExpression(
++ self.ts.Disk.traffic_out.Content += Testers.ContainsExpression(
+ 'http1.1_cl_response_body_dumped',
+ "The expected HTTP/1.1 Content-Length response body was dumped.")
- self.ts.Streams.stderr += Testers.ContainsExpression(
++ self.ts.Disk.traffic_out.Content += Testers.ContainsExpression(
+ 'http1.1_chunked_response_body_dumped',
+ "The expected HTTP/1.1 chunked response body was dumped.")
- self.ts.Streams.stderr += Testers.ContainsExpression(
++ self.ts.Disk.traffic_out.Content += Testers.ContainsExpression(
+ 'http1.1_cl_request_body_dumped',
+ "The expected HTTP/1.1 Content-Length request body was dumped.")
- self.ts.Streams.stderr += Testers.ContainsExpression(
++ self.ts.Disk.traffic_out.Content += Testers.ContainsExpression(
+ 'http1.1_chunked_request_body_dumped',
+ "The expected HTTP/1.1 chunked request body was dumped.")
- self.ts.Streams.stderr += Testers.ContainsExpression(
++ self.ts.Disk.traffic_out.Content += Testers.ContainsExpression(
+ '"http2_response_body_dumped"',
+ "The expected HTTP/2 response body was dumped.")
- self.ts.Streams.stderr += Testers.ContainsExpression(
++ self.ts.Disk.traffic_out.Content += Testers.ContainsExpression(
+ 'http2_request_body_dumped',
+ "The expected HTTP/2 request body was dumped.")
+
+ def run(self):
+ """Configure a TestRun for the test."""
+ tr = Test.AddTestRun()
+ tr.Processes.Default.StartBefore(self.server)
+ tr.Processes.Default.StartBefore(self.ts)
+ tr.AddVerifierClientProcess(
+ "client",
+ self.replay_file,
+ http_ports=[self.ts.Variables.port],
+ https_ports=[self.ts.Variables.ssl_port],
+ other_args='--thread-limit 1')
+
+
+TransactionDataSyncTest().run()
diff --cc tests/gold_tests/tls/ssl_multicert_loader.test.py
index d22c7a5cc,6d8b2f5a0..5865c048d
--- a/tests/gold_tests/tls/ssl_multicert_loader.test.py
+++ b/tests/gold_tests/tls/ssl_multicert_loader.test.py
@@@ -105,9 -105,9 +105,9 @@@ tr4.Processes.Default.Command = 'echo W
tr4.Processes.Default.ReturnCode = 0
tr4.Processes.Default.StartBefore(ts2)
-ts2.ReturnCode = 2
+ts2.ReturnCode = 70 # ink_fatal will exit with EX_SOFTWARE.
ts2.Ready = 0 # Need this to be 0 because we are testing shutdown, this is to make autest not think ats went away for a bad reason.
- ts2.Streams.All = Testers.ExcludesExpression(
+ ts.Disk.traffic_out.Content = Testers.ExcludesExpression(
'Traffic Server is fully initialized',
'process should fail when invalid certificate specified')
ts2.Disk.diags_log.Content = Testers.IncludesExpression('FATAL: failed to load SSL certificate file', 'check diags.log"')