You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by am...@apache.org on 2017/08/25 11:50:11 UTC
[trafficserver] branch master updated: TS-4976: Regularize plugins
- ssl_preaccept.
This is an automated email from the ASF dual-hosted git repository.
amc pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 0eeedac TS-4976: Regularize plugins - ssl_preaccept.
0eeedac is described below
commit 0eeedac4f4fbd58e4ec47722b884e6254690bf7c
Author: Alan M. Carroll <am...@apache.org>
AuthorDate: Fri Aug 18 06:27:31 2017 -0500
TS-4976: Regularize plugins - ssl_preaccept.
---
example/Makefile.am | 4 +-
example/ssl-preaccept/ats-util.h | 64 ----------------------
.../ssl_preaccept.cc} | 37 +++++++------
.../ssl_preaccept.config | 0
4 files changed, 21 insertions(+), 84 deletions(-)
diff --git a/example/Makefile.am b/example/Makefile.am
index becc50b..b17b33e 100644
--- a/example/Makefile.am
+++ b/example/Makefile.am
@@ -51,7 +51,7 @@ example_Plugins = \
server_push.la \
server_transform.la \
session_hooks.la \
- ssl-preaccept.la \
+ ssl_preaccept.la \
ssl-sni-whitelist.la \
ssl-sni.la \
statistic.la \
@@ -117,7 +117,7 @@ response_header_1_la_SOURCES = response_header_1/response_header_1.c
secure_link_la_SOURCES = secure_link/secure_link.c
server_push_la_SOURCES = server_push/server_push.c
server_transform_la_SOURCES = server_transform/server_transform.c
-ssl_preaccept_la_SOURCES = ssl-preaccept/ssl-preaccept.cc
+ssl_preaccept_la_SOURCES = ssl_preaccept/ssl_preaccept.cc
ssl_sni_la_SOURCES = ssl-sni/ssl-sni.cc
ssl_sni_la_LIBADD = $(libtsconfig)
ssl_sni_whitelist_la_SOURCES = ssl-sni-whitelist/ssl-sni-whitelist.cc
diff --git a/example/ssl-preaccept/ats-util.h b/example/ssl-preaccept/ats-util.h
deleted file mode 100644
index 8973b14..0000000
--- a/example/ssl-preaccept/ats-util.h
+++ /dev/null
@@ -1,64 +0,0 @@
-/** @file
-
- Copies of some ATS core utilities that aren't exposed to plugins.
-
- @section license License
-
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- */
-
-#if !defined(_ats_util_h)
-#define _ats_util_h
-
-#if defined(__cplusplus)
-/** Set data to zero.
-
- Calls @c memset on @a t with a value of zero and a length of @c
- sizeof(t). This can be used on ordinary and array variables. While
- this can be used on variables of intrinsic type it's inefficient.
-
- @note Because this uses templates it cannot be used on unnamed or
- locally scoped structures / classes. This is an inherent
- limitation of templates.
-
- Examples:
- @code
- foo bar; // value.
- ink_zero(bar); // zero bar.
-
- foo *bar; // pointer.
- ink_zero(bar); // WRONG - makes the pointer @a bar zero.
- ink_zero(*bar); // zero what bar points at.
-
- foo bar[ZOMG]; // Array of structs.
- ink_zero(bar); // Zero all structs in array.
-
- foo *bar[ZOMG]; // array of pointers.
- ink_zero(bar); // zero all pointers in the array.
- @endcode
-
- */
-template <typename T>
-inline void
-ink_zero(T &t ///< Object to zero.
- )
-{
- memset(&t, 0, sizeof(t));
-}
-#endif /* __cplusplus */
-
-#endif // ats-util.h
diff --git a/example/ssl-preaccept/ssl-preaccept.cc b/example/ssl_preaccept/ssl_preaccept.cc
similarity index 86%
rename from example/ssl-preaccept/ssl-preaccept.cc
rename to example/ssl_preaccept/ssl_preaccept.cc
index 42b8115..925a28d 100644
--- a/example/ssl-preaccept/ssl-preaccept.cc
+++ b/example/ssl_preaccept/ssl_preaccept.cc
@@ -1,6 +1,7 @@
/** @file
- SSL Preaccept test plugin
+ SSL Preaccept test plugin.
+
Implements blind tunneling based on the client IP address
The client ip addresses are specified in the plugin's
config file as an array of IP addresses or IP address ranges under the
@@ -31,13 +32,14 @@
#include <ts/ts.h>
#include <tsconfig/TsValue.h>
#include <ts/ink_inet.h>
+#include <algorithm>
#include <getopt.h>
using ts::config::Configuration;
using ts::config::Value;
-#define PN "ssl-preaccept"
-#define PCP "[" PN " Plugin] "
+#define PLUGIN_NAME "ssl-preaccept"
+#define PCP "[" PLUGIN_NAME "] "
namespace
{
@@ -123,28 +125,27 @@ CB_Pre_Accept(TSCont, TSEvent event, void *edata)
IpAddr ip_client(TSNetVConnRemoteAddrGet(ssl_vc));
char buff2[INET6_ADDRSTRLEN];
- TSDebug("skh", "Pre accept callback %p - event is %s, target address %s, client address %s", ssl_vc,
- event == TS_EVENT_VCONN_PRE_ACCEPT ? "good" : "bad", ip.toString(buff, sizeof(buff)),
- ip_client.toString(buff2, sizeof(buff2)));
-
// Not the worlds most efficient address comparison. For short lists
// shouldn't be too bad. If the client IP is in any of the ranges,
// flip the tunnel to be blind tunneled instead of decrypted and proxied
bool proxy_tunnel = true;
- IpRangeQueue::iterator iter;
- for (iter = ClientBlindTunnelIp.begin(); iter != ClientBlindTunnelIp.end() && proxy_tunnel; iter++) {
- if (ip_client >= iter->first && ip_client <= iter->second) {
+
+ for (auto const &r : ClientBlindTunnelIp) {
+ if (r.first <= ip_client && ip_client <= r.second) {
proxy_tunnel = false;
+ break;
}
}
+
if (!proxy_tunnel) {
- TSDebug("skh", "Blind tunnel");
// Push everything to blind tunnel
TSVConnTunnel(ssl_vc);
- } else {
- TSDebug("skh", "Proxy tunnel");
}
+ TSDebug(PLUGIN_NAME, "Pre accept callback %p - event is %s, target address %s, client address %s%s", ssl_vc,
+ event == TS_EVENT_VCONN_PRE_ACCEPT ? "good" : "bad", ip.toString(buff, sizeof(buff)),
+ ip_client.toString(buff2, sizeof(buff2)), proxy_tunnel ? "" : " blind tunneled");
+
// All done, reactivate things
TSVConnReenable(ssl_vc);
return TS_SUCCESS;
@@ -163,9 +164,9 @@ TSPluginInit(int argc, const char *argv[])
{const_cast<char *>("config"), required_argument, nullptr, 'c'}, {nullptr, no_argument, nullptr, '\0'},
};
- info.plugin_name = const_cast<char *>("SSL Preaccept test");
- info.vendor_name = const_cast<char *>("Network Geographics");
- info.support_email = const_cast<char *>("shinrich@network-geographics.com");
+ info.plugin_name = PLUGIN_NAME;
+ info.vendor_name = "Apache Software Foundation";
+ info.support_email = "dev@trafficserver.apache.org";
int opt = 0;
while (opt >= 0) {
@@ -180,7 +181,7 @@ TSPluginInit(int argc, const char *argv[])
if (ConfigPath.length() == 0) {
static const char *const DEFAULT_CONFIG_PATH = "ssl_preaccept.config";
ConfigPath = std::string(TSConfigDirGet()) + '/' + std::string(DEFAULT_CONFIG_PATH);
- TSDebug(PN, "No config path set in arguments, using default: %s", DEFAULT_CONFIG_PATH);
+ TSDebug(PLUGIN_NAME, "No config path set in arguments, using default: %s", DEFAULT_CONFIG_PATH);
}
if (TS_SUCCESS != TSPluginRegister(&info)) {
@@ -199,7 +200,7 @@ TSPluginInit(int argc, const char *argv[])
if (!success) {
TSError(PCP "not initialized");
}
- TSDebug(PN, "Plugin %s", success ? "online" : "offline");
+ TSDebug(PLUGIN_NAME, "Plugin %s", success ? "online" : "offline");
return;
}
diff --git a/example/ssl-preaccept/ssl_preaccept.config b/example/ssl_preaccept/ssl_preaccept.config
similarity index 100%
rename from example/ssl-preaccept/ssl_preaccept.config
rename to example/ssl_preaccept/ssl_preaccept.config
--
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>'].