You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by ma...@apache.org on 2022/08/04 00:44:23 UTC
[trafficserver] branch master updated: Cleanup: Simplify dependency around SSLNetVC and SNIConfig (#8995)
This is an automated email from the ASF dual-hosted git repository.
maskit pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new ffaf1aa4e Cleanup: Simplify dependency around SSLNetVC and SNIConfig (#8995)
ffaf1aa4e is described below
commit ffaf1aa4e8839dade0d5e517d31e2a8aeb262d04
Author: Masakazu Kitajo <ma...@apache.org>
AuthorDate: Thu Aug 4 09:44:18 2022 +0900
Cleanup: Simplify dependency around SSLNetVC and SNIConfig (#8995)
* Cleanup: Simplify dependency around SSLNetVC and SNIConfig
* Fix a compile error
* Address undefined symbol
* Address link issues
* Fix tests
---
iocore/net/I_Net.h | 4 --
iocore/net/I_NetProcessor.h | 1 +
iocore/net/I_NetVConnection.h | 47 ++++++++++++++++++++
iocore/net/I_SessionAccept.h | 1 +
iocore/net/Makefile.am | 2 +-
iocore/net/P_SNIActionPerformer.h | 35 +--------------
iocore/net/P_SSLNextProtocolAccept.h | 1 -
iocore/net/P_UnixNetProcessor.h | 2 +
iocore/net/P_UnixNetVConnection.h | 46 -------------------
iocore/net/SNIActionPerformer.h | 69 +++++++++++++++++++++++++++++
iocore/net/SSLClientCoordinator.cc | 2 +-
iocore/net/SSLConfig.cc | 2 -
iocore/net/SSLNetVConnection.cc | 3 +-
iocore/net/SSLNextProtocolAccept.cc | 1 +
iocore/net/SSLSNIConfig.cc | 3 +-
iocore/net/{P_SSLSNI.h => SSLSNIConfig.h} | 4 +-
iocore/net/SSLUtils.cc | 3 +-
iocore/net/TLSSNISupport.cc | 2 +-
iocore/net/test_I_UDPNet.cc | 1 +
plugins/experimental/memcache/tsmemcache.cc | 2 +
plugins/experimental/memcache/tsmemcache.h | 2 +
proxy/PluginVC.h | 1 +
proxy/http/HttpSM.cc | 6 ++-
proxy/http/HttpSessionAccept.h | 1 +
proxy/http/PreWarmManager.cc | 4 +-
src/traffic_crashlog/Makefile.inc | 1 +
src/traffic_server/InkAPI.cc | 1 +
src/traffic_server/traffic_server.cc | 1 -
28 files changed, 151 insertions(+), 97 deletions(-)
diff --git a/iocore/net/I_Net.h b/iocore/net/I_Net.h
index 050777c38..93662583b 100644
--- a/iocore/net/I_Net.h
+++ b/iocore/net/I_Net.h
@@ -89,8 +89,4 @@ extern std::string_view net_ccp_out;
#define ET_NET ET_CALL
-#include "I_NetVConnection.h"
-#include "I_NetProcessor.h"
-#include "I_SessionAccept.h"
-
void ink_net_init(ts::ModuleVersion version);
diff --git a/iocore/net/I_NetProcessor.h b/iocore/net/I_NetProcessor.h
index 842ce082d..893f89da8 100644
--- a/iocore/net/I_NetProcessor.h
+++ b/iocore/net/I_NetProcessor.h
@@ -27,6 +27,7 @@
#include "tscore/IpMap.h"
#include "I_EventSystem.h"
#include "I_Socks.h"
+#include "I_NetVConnection.h"
struct socks_conf_struct;
#define NET_CONNECT_TIMEOUT 30
diff --git a/iocore/net/I_NetVConnection.h b/iocore/net/I_NetVConnection.h
index 12a889040..cd23fdac6 100644
--- a/iocore/net/I_NetVConnection.h
+++ b/iocore/net/I_NetVConnection.h
@@ -24,6 +24,7 @@
#pragma once
#include "ProxyProtocol.h"
+#include "I_Net.h"
#include <string_view>
#include <optional>
@@ -355,6 +356,52 @@ struct NetVCOptions {
NetVCOptions(const NetVCOptions &) = delete;
};
+inline void
+NetVCOptions::reset()
+{
+ ip_proto = USE_TCP;
+ ip_family = AF_INET;
+ local_ip.invalidate();
+ local_port = 0;
+ addr_binding = ANY_ADDR;
+ f_blocking = false;
+ f_blocking_connect = false;
+ socks_support = NORMAL_SOCKS;
+ socks_version = SOCKS_DEFAULT_VERSION;
+ socket_recv_bufsize =
+#if defined(RECV_BUF_SIZE)
+ RECV_BUF_SIZE;
+#else
+ 0;
+#endif
+ socket_send_bufsize = 0;
+ sockopt_flags = 0;
+ packet_mark = 0;
+ packet_tos = 0;
+ packet_notsent_lowat = 0;
+
+ etype = ET_NET;
+
+ sni_servername = nullptr;
+ ssl_servername = nullptr;
+ sni_hostname = nullptr;
+ ssl_client_cert_name = nullptr;
+ ssl_client_private_key_name = nullptr;
+ outbound_sni_policy = nullptr;
+}
+
+inline void
+NetVCOptions::set_sock_param(int _recv_bufsize, int _send_bufsize, unsigned long _opt_flags, unsigned long _packet_mark,
+ unsigned long _packet_tos, unsigned long _packet_notsent_lowat)
+{
+ socket_recv_bufsize = _recv_bufsize;
+ socket_send_bufsize = _send_bufsize;
+ sockopt_flags = _opt_flags;
+ packet_mark = _packet_mark;
+ packet_tos = _packet_tos;
+ packet_notsent_lowat = _packet_notsent_lowat;
+}
+
/**
A VConnection for a network socket. Abstraction for a net connection.
Similar to a socket descriptor VConnections are IO handles to
diff --git a/iocore/net/I_SessionAccept.h b/iocore/net/I_SessionAccept.h
index 7d746ae53..2fbd1cab3 100644
--- a/iocore/net/I_SessionAccept.h
+++ b/iocore/net/I_SessionAccept.h
@@ -25,6 +25,7 @@
#include "I_Net.h"
#include "I_VConnection.h"
+#include "I_NetVConnection.h"
struct AclRecord;
struct HttpProxyPort;
diff --git a/iocore/net/Makefile.am b/iocore/net/Makefile.am
index 9c112839d..313285c21 100644
--- a/iocore/net/Makefile.am
+++ b/iocore/net/Makefile.am
@@ -152,7 +152,6 @@ libinknet_a_SOURCES = \
P_SSLNetVConnection.h \
P_SSLNextProtocolAccept.h \
P_SSLNextProtocolSet.h \
- P_SSLSNI.h \
P_SSLUtils.h \
P_SSLClientCoordinator.h \
P_SSLClientUtils.h \
@@ -184,6 +183,7 @@ libinknet_a_SOURCES = \
SSLNetVConnection.cc \
SSLNextProtocolAccept.cc \
SSLNextProtocolSet.cc \
+ SSLSNIConfig.h \
SSLSNIConfig.cc \
SSLStats.cc \
SSLSessionCache.cc \
diff --git a/iocore/net/P_SNIActionPerformer.h b/iocore/net/P_SNIActionPerformer.h
index 32d803dea..29b7e8c1f 100644
--- a/iocore/net/P_SNIActionPerformer.h
+++ b/iocore/net/P_SNIActionPerformer.h
@@ -32,45 +32,14 @@
#include "I_EventSystem.h"
#include "P_SSLNextProtocolAccept.h"
+#include "P_SSLNetVConnection.h"
+#include "SNIActionPerformer.h"
#include "SSLTypes.h"
#include "tscore/ink_inet.h"
#include <vector>
-class ActionItem
-{
-public:
- /**
- * Context should contain extra data needed to be passed to the actual SNIAction.
- */
- struct Context {
- using CapturedGroupViewVec = std::vector<std::string_view>;
- /**
- * if any, fqdn_wildcard_captured_groups will hold the captured groups from the `fqdn`
- * match which will be used to construct the tunnel destination. This vector contains only
- * partial views of the original server name, group views are valid as long as the original
- * string from where the groups were obtained lives.
- */
- std::optional<CapturedGroupViewVec> _fqdn_wildcard_captured_groups;
- };
-
- virtual int SNIAction(TLSSNISupport *snis, const Context &ctx) const = 0;
-
- /**
- This method tests whether this action would have been triggered by a
- particularly SNI value and IP address combination. This is run after the
- TLS exchange finished to see if the client used an SNI name different from
- the host name to avoid SNI-based policy
- */
- virtual bool
- TestClientSNIAction(const char *servername, const IpEndpoint &ep, int &policy) const
- {
- return false;
- }
- virtual ~ActionItem(){};
-};
-
class ControlH2 : public ActionItem
{
public:
diff --git a/iocore/net/P_SSLNextProtocolAccept.h b/iocore/net/P_SSLNextProtocolAccept.h
index 2c2c5de82..b32c81be8 100644
--- a/iocore/net/P_SSLNextProtocolAccept.h
+++ b/iocore/net/P_SSLNextProtocolAccept.h
@@ -26,7 +26,6 @@
#include "P_Net.h"
#include "P_EventSystem.h"
#include "P_UnixNet.h"
-#include "P_SSLNetVConnection.h"
#include "P_SSLNextProtocolSet.h"
#include "I_IOBuffer.h"
#include "records/I_RecHttp.h"
diff --git a/iocore/net/P_UnixNetProcessor.h b/iocore/net/P_UnixNetProcessor.h
index 238e75a4b..9b96f7ae7 100644
--- a/iocore/net/P_UnixNetProcessor.h
+++ b/iocore/net/P_UnixNetProcessor.h
@@ -23,6 +23,8 @@
#pragma once
#include "I_Net.h"
+#include "I_NetProcessor.h"
+#include "I_SessionAccept.h"
#include "P_NetAccept.h"
class UnixNetVConnection;
diff --git a/iocore/net/P_UnixNetVConnection.h b/iocore/net/P_UnixNetVConnection.h
index a214b98f6..da0e1a4ff 100644
--- a/iocore/net/P_UnixNetVConnection.h
+++ b/iocore/net/P_UnixNetVConnection.h
@@ -42,52 +42,6 @@ class UnixNetVConnection;
class NetHandler;
struct PollDescriptor;
-inline void
-NetVCOptions::reset()
-{
- ip_proto = USE_TCP;
- ip_family = AF_INET;
- local_ip.invalidate();
- local_port = 0;
- addr_binding = ANY_ADDR;
- f_blocking = false;
- f_blocking_connect = false;
- socks_support = NORMAL_SOCKS;
- socks_version = SOCKS_DEFAULT_VERSION;
- socket_recv_bufsize =
-#if defined(RECV_BUF_SIZE)
- RECV_BUF_SIZE;
-#else
- 0;
-#endif
- socket_send_bufsize = 0;
- sockopt_flags = 0;
- packet_mark = 0;
- packet_tos = 0;
- packet_notsent_lowat = 0;
-
- etype = ET_NET;
-
- sni_servername = nullptr;
- ssl_servername = nullptr;
- sni_hostname = nullptr;
- ssl_client_cert_name = nullptr;
- ssl_client_private_key_name = nullptr;
- outbound_sni_policy = nullptr;
-}
-
-inline void
-NetVCOptions::set_sock_param(int _recv_bufsize, int _send_bufsize, unsigned long _opt_flags, unsigned long _packet_mark,
- unsigned long _packet_tos, unsigned long _packet_notsent_lowat)
-{
- socket_recv_bufsize = _recv_bufsize;
- socket_send_bufsize = _send_bufsize;
- sockopt_flags = _opt_flags;
- packet_mark = _packet_mark;
- packet_tos = _packet_tos;
- packet_notsent_lowat = _packet_notsent_lowat;
-}
-
enum tcp_congestion_control_t { CLIENT_SIDE, SERVER_SIDE };
class UnixNetVConnection : public NetVConnection, public NetEvent
diff --git a/iocore/net/SNIActionPerformer.h b/iocore/net/SNIActionPerformer.h
new file mode 100644
index 000000000..ba40c73a2
--- /dev/null
+++ b/iocore/net/SNIActionPerformer.h
@@ -0,0 +1,69 @@
+/** @file
+
+ A brief file description
+
+ @section license License
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+
+/*************************** -*- Mod: C++ -*- ******************************
+ P_ActionProcessor.h
+ Created On : 05/02/2017
+
+ Description:
+ SNI based Configuration in ATS
+ ****************************************************************************/
+#pragma once
+
+#include <vector>
+#include <optional>
+#include "TLSSNISupport.h"
+#include "tscore/ink_inet.h"
+
+class ActionItem
+{
+public:
+ /**
+ * Context should contain extra data needed to be passed to the actual SNIAction.
+ */
+ struct Context {
+ using CapturedGroupViewVec = std::vector<std::string_view>;
+ /**
+ * if any, fqdn_wildcard_captured_groups will hold the captured groups from the `fqdn`
+ * match which will be used to construct the tunnel destination. This vector contains only
+ * partial views of the original server name, group views are valid as long as the original
+ * string from where the groups were obtained lives.
+ */
+ std::optional<CapturedGroupViewVec> _fqdn_wildcard_captured_groups;
+ };
+
+ virtual int SNIAction(TLSSNISupport *snis, const Context &ctx) const = 0;
+
+ /**
+ This method tests whether this action would have been triggered by a
+ particularly SNI value and IP address combination. This is run after the
+ TLS exchange finished to see if the client used an SNI name different from
+ the host name to avoid SNI-based policy
+ */
+ virtual bool
+ TestClientSNIAction(const char *servername, const IpEndpoint &ep, int &policy) const
+ {
+ return false;
+ }
+ virtual ~ActionItem(){};
+};
diff --git a/iocore/net/SSLClientCoordinator.cc b/iocore/net/SSLClientCoordinator.cc
index 8c994b198..1a36d811c 100644
--- a/iocore/net/SSLClientCoordinator.cc
+++ b/iocore/net/SSLClientCoordinator.cc
@@ -23,7 +23,7 @@
#include "P_SSLClientCoordinator.h"
#include "P_SSLConfig.h"
-#include "P_SSLSNI.h"
+#include "SSLSNIConfig.h"
std::unique_ptr<ConfigUpdateHandler<SSLClientCoordinator>> sslClientUpdate;
diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc
index 0c75cd9ba..6857915f9 100644
--- a/iocore/net/SSLConfig.cc
+++ b/iocore/net/SSLConfig.cc
@@ -47,9 +47,7 @@
#include "P_Net.h"
#include "P_SSLClientUtils.h"
-#include "P_SSLSNI.h"
#include "P_SSLCertLookup.h"
-#include "P_SSLSNI.h"
#include "P_TLSKeyLogger.h"
#include "SSLDiags.h"
#include "SSLSessionCache.h"
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index bee4f5c07..b9401165b 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -30,13 +30,14 @@
#include "HttpTunnel.h"
#include "ProxyProtocol.h"
#include "HttpConfig.h"
+#include "SSLSNIConfig.h"
#include "P_Net.h"
#include "P_SSLUtils.h"
#include "P_SSLNextProtocolSet.h"
#include "P_SSLConfig.h"
#include "P_SSLClientUtils.h"
-#include "P_SSLSNI.h"
+#include "P_SSLNetVConnection.h"
#include "BIO_fastopen.h"
#include "SSLStats.h"
#include "SSLInternal.h"
diff --git a/iocore/net/SSLNextProtocolAccept.cc b/iocore/net/SSLNextProtocolAccept.cc
index 650e57b1e..fcec55908 100644
--- a/iocore/net/SSLNextProtocolAccept.cc
+++ b/iocore/net/SSLNextProtocolAccept.cc
@@ -22,6 +22,7 @@
*/
#include "P_SSLNextProtocolAccept.h"
+#include "P_SSLNetVConnection.h"
static void
send_plugin_event(Continuation *plugin, int event, void *edata)
diff --git a/iocore/net/SSLSNIConfig.cc b/iocore/net/SSLSNIConfig.cc
index e810f87cf..012f1b7ac 100644
--- a/iocore/net/SSLSNIConfig.cc
+++ b/iocore/net/SSLSNIConfig.cc
@@ -29,7 +29,8 @@
SNI based Configuration in ATS
****************************************************************************/
-#include "P_SSLSNI.h"
+#include "SSLSNIConfig.h"
+#include "P_SNIActionPerformer.h"
#include "PreWarmManager.h"
diff --git a/iocore/net/P_SSLSNI.h b/iocore/net/SSLSNIConfig.h
similarity index 98%
rename from iocore/net/P_SSLSNI.h
rename to iocore/net/SSLSNIConfig.h
index 2d25982ce..123e66f5c 100644
--- a/iocore/net/P_SSLSNI.h
+++ b/iocore/net/SSLSNIConfig.h
@@ -22,7 +22,7 @@
*/
/*************************** -*- Mod: C++ -*- ******************************
- P_SSLSNI.h
+ SSLSNIConfig.h
Created On : 05/02/2017
Description:
@@ -36,7 +36,7 @@
#include <memory>
#include "ProxyConfig.h"
-#include "P_SNIActionPerformer.h"
+#include "SNIActionPerformer.h"
#include "YamlSNIConfig.h"
// Properties for the next hop server
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index d5b1c6a25..22f170ce8 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -36,7 +36,6 @@
#include "InkAPIInternal.h"
#include "P_OCSPStapling.h"
-#include "P_SSLSNI.h"
#include "P_SSLConfig.h"
#include "P_TLSKeyLogger.h"
#include "BoringSSLUtils.h"
@@ -46,6 +45,8 @@
#include "SSLDynlock.h"
#include "SSLDiags.h"
#include "SSLStats.h"
+#include "TLSSessionResumptionSupport.h"
+#include "P_SSLNetVConnection.h"
#include <string>
#include <unistd.h>
diff --git a/iocore/net/TLSSNISupport.cc b/iocore/net/TLSSNISupport.cc
index b39f8f904..e36049ad1 100644
--- a/iocore/net/TLSSNISupport.cc
+++ b/iocore/net/TLSSNISupport.cc
@@ -23,7 +23,7 @@
#include "TLSSNISupport.h"
#include "tscore/ink_assert.h"
#include "tscore/Diags.h"
-#include "P_SSLSNI.h"
+#include "SSLSNIConfig.h"
int TLSSNISupport::_ex_data_index = -1;
diff --git a/iocore/net/test_I_UDPNet.cc b/iocore/net/test_I_UDPNet.cc
index dca7e0ae9..7452edfd4 100644
--- a/iocore/net/test_I_UDPNet.cc
+++ b/iocore/net/test_I_UDPNet.cc
@@ -30,6 +30,7 @@
#include "I_EventSystem.h"
#include "I_Net.h"
+#include "I_NetVConnection.h"
#include "I_UDPNet.h"
#include "I_UDPPacket.h"
#include "I_UDPConnection.h"
diff --git a/plugins/experimental/memcache/tsmemcache.cc b/plugins/experimental/memcache/tsmemcache.cc
index 9bc11981d..9443c97cc 100644
--- a/plugins/experimental/memcache/tsmemcache.cc
+++ b/plugins/experimental/memcache/tsmemcache.cc
@@ -22,6 +22,8 @@
*/
#include "tsmemcache.h"
+#include "I_NetVConnection.h"
+#include "I_NetProcessor.h"
/*
TODO
diff --git a/plugins/experimental/memcache/tsmemcache.h b/plugins/experimental/memcache/tsmemcache.h
index 5c591ca1f..7b0d5c341 100644
--- a/plugins/experimental/memcache/tsmemcache.h
+++ b/plugins/experimental/memcache/tsmemcache.h
@@ -55,6 +55,8 @@
#define WRITE(_s) write(_s "", sizeof(_s "") - 1)
#define STRLEN(_s) (sizeof(_s "") - 1)
+class NetVConnection;
+
struct MCCacheHeader {
uint32_t magic;
uint32_t flags;
diff --git a/proxy/PluginVC.h b/proxy/PluginVC.h
index 4ba3ffb75..81b484d92 100644
--- a/proxy/PluginVC.h
+++ b/proxy/PluginVC.h
@@ -37,6 +37,7 @@
#include "Plugin.h"
#include "I_Net.h"
+#include "I_NetVConnection.h"
#include "tscore/ink_atomic.h"
class PluginVCCore;
diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index 843561895..baaabc4b5 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -43,7 +43,11 @@
#include "RemapProcessor.h"
#include "Transform.h"
#include "P_SSLConfig.h"
-#include "P_SSLSNI.h"
+#include "SSLSNIConfig.h"
+#include "P_ALPNSupport.h"
+#include "TLSBasicSupport.h"
+#include "TLSSessionResumptionSupport.h"
+#include "TLSTunnelSupport.h"
#include "HttpPages.h"
#include "IPAllow.h"
diff --git a/proxy/http/HttpSessionAccept.h b/proxy/http/HttpSessionAccept.h
index 089027909..588fa2653 100644
--- a/proxy/http/HttpSessionAccept.h
+++ b/proxy/http/HttpSessionAccept.h
@@ -29,6 +29,7 @@
#include "HttpConfig.h"
#include "HTTP.h"
#include "I_Net.h"
+#include "I_SessionAccept.h"
#include <records/I_RecHttp.h>
namespace detail
diff --git a/proxy/http/PreWarmManager.cc b/proxy/http/PreWarmManager.cc
index ffddf5d93..dd67fc9cf 100644
--- a/proxy/http/PreWarmManager.cc
+++ b/proxy/http/PreWarmManager.cc
@@ -25,7 +25,9 @@
#include "PreWarmConfig.h"
#include "HttpConfig.h"
-#include "P_SSLSNI.h"
+#include "SSLSNIConfig.h"
+#include "P_VConnection.h"
+#include "I_NetProcessor.h"
#include "tscore/ink_time.h"
#include "tscpp/util/PostScript.h"
diff --git a/src/traffic_crashlog/Makefile.inc b/src/traffic_crashlog/Makefile.inc
index f665ab63d..71656d98b 100644
--- a/src/traffic_crashlog/Makefile.inc
+++ b/src/traffic_crashlog/Makefile.inc
@@ -41,6 +41,7 @@ traffic_crashlog_traffic_crashlog_LDADD = \
$(top_builddir)/mgmt/libmgmt_p.la \
$(top_builddir)/proxy/shared/libUglyLogStubs.a \
$(top_builddir)/iocore/eventsystem/libinkevent.a \
+ $(top_builddir)/iocore/net/libinknet.a \
$(top_builddir)/mgmt/api/libtsmgmt.la \
$(top_builddir)/src/tscore/libtscore.la \
$(top_builddir)/src/tscpp/util/libtscpputil.la \
diff --git a/src/traffic_server/InkAPI.cc b/src/traffic_server/InkAPI.cc
index 1b19095e7..f470bbb8d 100644
--- a/src/traffic_server/InkAPI.cc
+++ b/src/traffic_server/InkAPI.cc
@@ -44,6 +44,7 @@
#include "HttpConfig.h"
#include "P_Net.h"
#include "P_SSLNextProtocolAccept.h"
+#include "P_SSLNetVConnection.h"
#include "P_UDPNet.h"
#include "P_HostDB.h"
#include "P_Cache.h"
diff --git a/src/traffic_server/traffic_server.cc b/src/traffic_server/traffic_server.cc
index a9b7009d6..3a1a868a5 100644
--- a/src/traffic_server/traffic_server.cc
+++ b/src/traffic_server/traffic_server.cc
@@ -102,7 +102,6 @@ extern "C" int plock(int);
#include "InkAPIInternal.h"
#include "HTTP2.h"
#include "tscore/ink_config.h"
-#include "P_SSLSNI.h"
#include "P_SSLClientUtils.h"
#if TS_USE_QUIC == 1