You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by sh...@apache.org on 2022/10/15 02:17:08 UTC

[trafficserver] 01/01: Fix transparent tr-pass

This is an automated email from the ASF dual-hosted git repository.

shinrich pushed a commit to branch skh/fix-transparent-pass-through
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit 6c00faf88646c0371ca62a7c99bcbe738583cdce
Author: Susan Hinrichs <sh...@ieee.org>
AuthorDate: Fri Oct 14 21:16:47 2022 -0500

    Fix transparent tr-pass
---
 proxy/http/HttpSM.cc | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index e349181bf..69ee672a6 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -651,17 +651,22 @@ HttpSM::setup_blind_tunnel_port()
   NetVConnection *netvc = ua_txn->get_netvc();
   ink_release_assert(netvc);
   int host_len;
-  if (auto *tts = dynamic_cast<TLSTunnelSupport *>(netvc)) {
-    if (!t_state.hdr_info.client_request.url_get()->host_get(&host_len)) {
-      // the URL object has not been created in the start of the transaction. Hence, we need to create the URL here
-      URL u;
 
-      t_state.hdr_info.client_request.create(HTTP_TYPE_REQUEST);
-      t_state.hdr_info.client_request.method_set(HTTP_METHOD_CONNECT, HTTP_LEN_CONNECT);
-      t_state.hdr_info.client_request.url_create(&u);
-      u.scheme_set(URL_SCHEME_TUNNEL, URL_LEN_TUNNEL);
-      t_state.hdr_info.client_request.url_set(&u);
+  // This applies to both the TLS and non TLS cases
+  if (!t_state.hdr_info.client_request.url_get()->host_get(&host_len)) {
+    // the URL object has not been created in the start of the transaction. Hence, we need to create the URL here
+    URL u;
+
+    t_state.hdr_info.client_request.create(HTTP_TYPE_REQUEST);
+    t_state.hdr_info.client_request.method_set(HTTP_METHOD_CONNECT, HTTP_LEN_CONNECT);
+    t_state.hdr_info.client_request.url_create(&u);
+    u.scheme_set(URL_SCHEME_TUNNEL, URL_LEN_TUNNEL);
+    t_state.hdr_info.client_request.url_set(&u);
+  }
 
+  TLSTunnelSupport *tts = nullptr;
+  if (!ua_txn->is_outbound_transparent() && (tts = dynamic_cast<TLSTunnelSupport *>(netvc))) {
+    if (!t_state.hdr_info.client_request.url_get()->host_get(&host_len)) {
       if (tts->has_tunnel_destination()) {
         const char *tunnel_host = tts->get_tunnel_host();
         t_state.hdr_info.client_request.url_get()->host_set(tunnel_host, strlen(tunnel_host));
@@ -675,7 +680,7 @@ HttpSM::setup_blind_tunnel_port()
         t_state.hdr_info.client_request.url_get()->port_set(netvc->get_local_port());
       }
     }
-  } else {
+  } else { // If outbound transparent or not TLS, just use the local IP as the origin
     char new_host[INET6_ADDRSTRLEN];
     ats_ip_ntop(netvc->get_local_addr(), new_host, sizeof(new_host));