You are viewing a plain text version of this content. The canonical link for it is here.
Posted to github@trafficserver.apache.org by "SolidWallOfCode (via GitHub)" <gi...@apache.org> on 2023/03/19 23:29:06 UTC
[GitHub] [trafficserver] SolidWallOfCode opened a new pull request, #9541: Remove IpMap dependency from NetVConnection infrastructure.
SolidWallOfCode opened a new pull request, #9541:
URL: https://github.com/apache/trafficserver/pull/9541
This is kind of a scattered PR but as usual the dependencies are interconnected. I was able to split part of it out to #9539.
This depends on PR #9539.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@trafficserver.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] SolidWallOfCode merged pull request #9541: Remove IpMap dependency from NetVConnection infrastructure.
Posted by "SolidWallOfCode (via GitHub)" <gi...@apache.org>.
SolidWallOfCode merged PR #9541:
URL: https://github.com/apache/trafficserver/pull/9541
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@trafficserver.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] bneradt commented on a diff in pull request #9541: Remove IpMap dependency from NetVConnection infrastructure.
Posted by "bneradt (via GitHub)" <gi...@apache.org>.
bneradt commented on code in PR #9541:
URL: https://github.com/apache/trafficserver/pull/9541#discussion_r1142287683
##########
iocore/net/SNIActionPerformer.cc:
##########
@@ -70,26 +69,26 @@ int
SNI_IpAllow::SNIAction(TLSSNISupport *snis, ActionItem::Context const &ctx) const
{
// i.e, ip filtering is not required
- if (ip_map.count() == 0) {
+ if (ip_addrs.count() == 0) {
return SSL_TLSEXT_ERR_OK;
}
auto ssl_vc = dynamic_cast<SSLNetVConnection *>(snis);
- auto ip = ssl_vc->get_remote_endpoint();
+ auto ip = swoc::IPAddr(ssl_vc->get_remote_endpoint());
// check the allowed ips
- if (ip_map.contains(ip)) {
+ if (ip_addrs.contains(ip)) {
return SSL_TLSEXT_ERR_OK;
} else {
- char buff[256];
- ats_ip_ntop(&ip.sa, buff, sizeof(buff));
- Debug("ssl_sni", "%s is not allowed. Denying connection", buff);
+ swoc::LocalBufferWriter<256> w;
+ w.print("{} is not allowed - denyint connection\0", ip);
Review Comment:
`denyint`: I assume this should be `denying`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@trafficserver.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] bneradt commented on a diff in pull request #9541: Remove IpMap dependency from NetVConnection infrastructure.
Posted by "bneradt (via GitHub)" <gi...@apache.org>.
bneradt commented on code in PR #9541:
URL: https://github.com/apache/trafficserver/pull/9541#discussion_r1142283140
##########
include/records/I_RecHttp.h:
##########
@@ -40,9 +41,13 @@ void RecHttpLoadIp(const char *name, ///< Name of value in configuration file.
);
/// Load up an IpMap with IP addresses from the configuration file.
-void RecHttpLoadIpMap(const char *name, ///< Name of value in configuration file.
- IpMap &ipmap ///< [out] IpMap.
-);
+
+/** Load a se of IP address from a configuration variable.
Review Comment:
`se` -> `set`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@trafficserver.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org