You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2010/05/07 17:02:23 UTC
svn commit: r942095 - in /trafficserver/traffic/trunk/proxy:
http2/HttpConfig.cc http2/HttpConfig.h http2/HttpTransact.cc
http2/HttpTransact.h mgmt2/RecordsConfig.cc
Author: zwoop
Date: Fri May 7 15:02:23 2010
New Revision: 942095
URL: http://svn.apache.org/viewvc?rev=942095&view=rev
Log:
TS-295: Added a new configuration option:
proxy.config.http.connect_ports
which has the same defaults as the old SSL ports. Use this to
configure which ports a CONNECT is allowed to connect to.
Modified:
trafficserver/traffic/trunk/proxy/http2/HttpConfig.cc
trafficserver/traffic/trunk/proxy/http2/HttpConfig.h
trafficserver/traffic/trunk/proxy/http2/HttpTransact.cc
trafficserver/traffic/trunk/proxy/http2/HttpTransact.h
trafficserver/traffic/trunk/proxy/mgmt2/RecordsConfig.cc
Modified: trafficserver/traffic/trunk/proxy/http2/HttpConfig.cc
URL: http://svn.apache.org/viewvc/trafficserver/traffic/trunk/proxy/http2/HttpConfig.cc?rev=942095&r1=942094&r2=942095&view=diff
==============================================================================
--- trafficserver/traffic/trunk/proxy/http2/HttpConfig.cc (original)
+++ trafficserver/traffic/trunk/proxy/http2/HttpConfig.cc Fri May 7 15:02:23 2010
@@ -1170,6 +1170,8 @@ HttpConfig::startup()
HttpEstablishStaticConfigStringAlloc(c.ssl_ports_string, "proxy.config.http.ssl_ports");
+ HttpEstablishStaticConfigStringAlloc(c.connect_ports_string, "proxy.config.http.connect_ports");
+
HttpEstablishStaticConfigLongLong(c.request_hdr_max_size, "proxy.config.http.request_header_max_size");
HttpEstablishStaticConfigLongLong(c.response_hdr_max_size, "proxy.config.http.response_header_max_size");
@@ -1490,7 +1492,10 @@ HttpConfig::reconfigure()
params->cache_range_lookup = INT_TO_BOOL(m_master.cache_range_lookup);
params->ssl_ports_string = xstrdup(m_master.ssl_ports_string);
- params->ssl_ports = parse_ssl_ports(params->ssl_ports_string);
+ params->ssl_ports = parse_ports_list(params->ssl_ports_string);
+
+ params->connect_ports_string = xstrdup(m_master.connect_ports_string);
+ params->connect_ports = parse_ports_list(params->connect_ports_string);
params->request_hdr_max_size = m_master.request_hdr_max_size;
params->response_hdr_max_size = m_master.response_hdr_max_size;
@@ -1831,31 +1836,31 @@ HttpUserAgent_RegxEntry::create(char *_r
////////////////////////////////////////////////////////////////
//
-// HttpConfig::parse_ssl_ports()
+// HttpConfig::parse_ports_list()
//
////////////////////////////////////////////////////////////////
-HttpConfigSSLPortRange *
-HttpConfig::parse_ssl_ports(char *ssl_ports)
+HttpConfigPortRange *
+HttpConfig::parse_ports_list(char *ports_string)
{
- HttpConfigSSLPortRange *ssl_config = 0;
+ HttpConfigPortRange *ports_list = 0;
- if (!ssl_ports)
+ if (!ports_string)
return (0);
- if (strchr(ssl_ports, '*')) {
- ssl_config = NEW(new HttpConfigSSLPortRange);
- ssl_config->low = -1;
- ssl_config->high = -1;
- ssl_config->next = NULL;
+ if (strchr(ports_string, '*')) {
+ ports_list = NEW(new HttpConfigPortRange);
+ ports_list->low = -1;
+ ports_list->high = -1;
+ ports_list->next = NULL;
} else {
- HttpConfigSSLPortRange *pr, *prev;
+ HttpConfigPortRange *pr, *prev;
char *start;
char *end;
pr = NULL;
prev = NULL;
- start = ssl_ports;
+ start = ports_string;
while (1) { // eat whitespace
while ((start[0] != '\0') && ParseRules::is_space(start[0]))
@@ -1870,7 +1875,7 @@ HttpConfig::parse_ssl_ports(char *ssl_po
if (start == end)
break;
- pr = NEW(new HttpConfigSSLPortRange);
+ pr = NEW(new HttpConfigPortRange);
pr->low = atoi(start);
pr->high = pr->low;
pr->next = NULL;
@@ -1878,7 +1883,7 @@ HttpConfig::parse_ssl_ports(char *ssl_po
if (prev)
prev->next = pr;
else
- ssl_config = pr;
+ ports_list = pr;
prev = pr;
// if the next character after the current port
@@ -1903,7 +1908,7 @@ HttpConfig::parse_ssl_ports(char *ssl_po
HTTP_ASSERT(pr->low <= pr->high);
}
}
- return (ssl_config);
+ return (ports_list);
}
////////////////////////////////////////////////////////////////
Modified: trafficserver/traffic/trunk/proxy/http2/HttpConfig.h
URL: http://svn.apache.org/viewvc/trafficserver/traffic/trunk/proxy/http2/HttpConfig.h?rev=942095&r1=942094&r2=942095&view=diff
==============================================================================
--- trafficserver/traffic/trunk/proxy/http2/HttpConfig.h (original)
+++ trafficserver/traffic/trunk/proxy/http2/HttpConfig.h Fri May 7 15:02:23 2010
@@ -341,24 +341,24 @@ class ostream;
/////////////////////////////////////////////////////////////
//
-// struct HttpConfigSSLPortRange
+// struct HttpConfigPortRange
//
// configuration parameters for a range of valid SSL ports
// if "low" == "high" a single port is part of this range
// if "low" == "high" == -1 any port number is allowed
// (corresponds to a "*" in the config file)
/////////////////////////////////////////////////////////////
-struct HttpConfigSSLPortRange
+struct HttpConfigPortRange
{
int low;
int high;
- HttpConfigSSLPortRange *next;
+ HttpConfigPortRange *next;
- HttpConfigSSLPortRange()
+ HttpConfigPortRange()
: low(0), high(0), next(0)
{
}
- ~HttpConfigSSLPortRange()
+ ~HttpConfigPortRange()
{
if (next)
delete next;
@@ -575,7 +575,13 @@ public:
// SSL //
/////////
char *ssl_ports_string;
- HttpConfigSSLPortRange *ssl_ports;
+ HttpConfigPortRange *ssl_ports;
+
+ ////////////////////////////////////////////
+ // CONNECT ports (used to be == ssl_ports //
+ ////////////////////////////////////////////
+ char *connect_ports_string;
+ HttpConfigPortRange *connect_ports;
///////////////
// Hdr Limit //
@@ -806,7 +812,7 @@ public:
static void dump_config();
// parse ssl ports configuration string
- static HttpConfigSSLPortRange *parse_ssl_ports(char *ssl_ports_str);
+ static HttpConfigPortRange *parse_ports_list(char *ssl_ports_str);
// parse DNS URL expansions string
static char **parse_url_expansions(char *url_expansions_str, int *num_expansions);
@@ -941,6 +947,8 @@ cache_when_to_add_no_cache_to_msie_reque
cache_required_headers(CACHE_REQUIRED_HEADERS_NONE),
ssl_ports_string(0),
ssl_ports(0),
+connect_ports_string(0),
+connect_ports(0),
request_hdr_max_size(0),
response_hdr_max_size(0),
push_method_enabled(0),
@@ -1008,12 +1016,17 @@ HttpConfigParams()
xfree(cache_vary_default_images);
xfree(cache_vary_default_other);
xfree(ssl_ports_string);
+ xfree(connect_ports_string);
xfree(reverse_proxy_no_host_redirect);
if (ssl_ports) {
delete ssl_ports;
}
+ if (connect_ports) {
+ delete connect_ports;
+ }
+
if (url_expansions) {
xfree(url_expansions);
}
Modified: trafficserver/traffic/trunk/proxy/http2/HttpTransact.cc
URL: http://svn.apache.org/viewvc/trafficserver/traffic/trunk/proxy/http2/HttpTransact.cc?rev=942095&r1=942094&r2=942095&view=diff
==============================================================================
--- trafficserver/traffic/trunk/proxy/http2/HttpTransact.cc (original)
+++ trafficserver/traffic/trunk/proxy/http2/HttpTransact.cc Fri May 7 15:02:23 2010
@@ -178,12 +178,8 @@ is_request_conditional(HTTPHdr * header)
}
static inline bool
-is_ssl_port_ok(HttpTransact::State * s, int port)
+is_port_in_range(int port, HttpConfigPortRange *pr)
{
- HttpConfigSSLPortRange *pr;
-
- pr = s->http_config_param->ssl_ports;
-
while (pr) {
if (pr->low == -1) {
return true;
@@ -5667,9 +5663,9 @@ HttpTransact::RequestError_t HttpTransac
if (!HttpTransactHeaders::is_this_method_supported(scheme, method)) {
return METHOD_NOT_SUPPORTED;
}
- if ((method == HTTP_WKSIDX_CONNECT) && (!is_ssl_port_ok(s, incoming_hdr->url_get()->port_get()))) {
+ if ((method == HTTP_WKSIDX_CONNECT) && (!is_port_in_range(incoming_hdr->url_get()->port_get(), s->http_config_param->connect_ports))) {
- return BAD_SSL_PORT;
+ return BAD_CONNECT_PORT;
}
if ((scheme == URL_WKSIDX_HTTP || scheme == URL_WKSIDX_HTTPS) &&
@@ -6855,15 +6851,15 @@ HttpTransact::is_request_valid(State * s
Debug("http_trans", "[is_request_valid]" "unsupported method");
s->current.mode = TUNNELLING_PROXY;
return TRUE;
- case BAD_SSL_PORT:
+ case BAD_CONNECT_PORT:
int port;
port = url ? url->port_get() : 0;
- Debug("http_trans", "[is_request_valid]" "%d is an invalid ssl port", port);
+ Debug("http_trans", "[is_request_valid]" "%d is an invalid connect port", port);
SET_VIA_STRING(VIA_DETAIL_TUNNEL, VIA_DETAIL_TUNNEL_NO_FORWARD);
build_error_response(s,
HTTP_STATUS_FORBIDDEN,
- "Tunnel or SSL Forbidden",
- "access#ssl_forbidden", "%d is not an allowed port for Tunnel or SSL connections", port);
+ "Tunnel Forbidden",
+ "access#connect_forbidden", "%d is not an allowed port for Tunnel connections", port);
return FALSE;
case NO_POST_CONTENT_LENGTH:
{
Modified: trafficserver/traffic/trunk/proxy/http2/HttpTransact.h
URL: http://svn.apache.org/viewvc/trafficserver/traffic/trunk/proxy/http2/HttpTransact.h?rev=942095&r1=942094&r2=942095&view=diff
==============================================================================
--- trafficserver/traffic/trunk/proxy/http2/HttpTransact.h (original)
+++ trafficserver/traffic/trunk/proxy/http2/HttpTransact.h Fri May 7 15:02:23 2010
@@ -467,7 +467,7 @@ public:
{
NO_REQUEST_HEADER_ERROR,
BAD_HTTP_HEADER_SYNTAX,
- BAD_SSL_PORT,
+ BAD_CONNECT_PORT,
FAILED_PROXY_AUTHORIZATION,
METHOD_NOT_SUPPORTED,
MISSING_HOST_FIELD,
Modified: trafficserver/traffic/trunk/proxy/mgmt2/RecordsConfig.cc
URL: http://svn.apache.org/viewvc/trafficserver/traffic/trunk/proxy/mgmt2/RecordsConfig.cc?rev=942095&r1=942094&r2=942095&view=diff
==============================================================================
--- trafficserver/traffic/trunk/proxy/mgmt2/RecordsConfig.cc (original)
+++ trafficserver/traffic/trunk/proxy/mgmt2/RecordsConfig.cc Fri May 7 15:02:23 2010
@@ -2374,6 +2374,13 @@ RecordElement RecordsConfig[] = {
{CONFIG, "proxy.config.http.ssl_ports", "", INK_STRING, "443 563", RU_REREAD, RR_NULL, RC_STR,
"^[[:digit:][:space:]]+$", RA_NULL}
,
+ //##########################################################################
+ // ###########
+ // # CONNECT #
+ // ###########
+ {CONFIG, "proxy.config.http.connect_ports", "", INK_STRING, "443 563", RU_REREAD, RR_NULL, RC_STR,
+ "^[[:digit:][:space:]]+$", RA_NULL}
+ ,
// #########
// # Stats #
// #########