You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by br...@apache.org on 2015/04/28 04:55:21 UTC
[1/3] trafficserver git commit: TS-3558: Update Docs
Repository: trafficserver
Updated Branches:
refs/heads/master e709f7c08 -> 62d391db9
TS-3558: Update Docs
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/a1af594d
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/a1af594d
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/a1af594d
Branch: refs/heads/master
Commit: a1af594d99019df93a647d31b397dfc60bab7e05
Parents: e709f7c
Author: Brian Geffon <br...@apache.org>
Authored: Mon Apr 27 19:53:40 2015 -0700
Committer: Brian Geffon <br...@apache.org>
Committed: Mon Apr 27 19:53:40 2015 -0700
----------------------------------------------------------------------
doc/reference/configuration/records.config.en.rst | 6 ++++++
1 file changed, 6 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a1af594d/doc/reference/configuration/records.config.en.rst
----------------------------------------------------------------------
diff --git a/doc/reference/configuration/records.config.en.rst b/doc/reference/configuration/records.config.en.rst
index b218011..685a092 100644
--- a/doc/reference/configuration/records.config.en.rst
+++ b/doc/reference/configuration/records.config.en.rst
@@ -728,6 +728,12 @@ Value Effect
Note that setting this parameter to (``2``) will not work correctly unless
the dedicated SSL threads are disabled (:ts:cv:`proxy.config.ssl.number.threads`
is set to (``-1``)).
+
+.. ts:cv:: CONFIG proxy.config.http.auth_server_session_private INT 1
+
+ If enabled (``1``) anytime a request contains a (``Authorization``), (``Proxy-Authorization``)
+ or (``Www-Authenticate``) header the connection will be closed and not reused. This marks
+ the connection as private. When disabled (``0``) the connection will be available for reuse.
.. ts:cv:: CONFIG proxy.config.http.server_session_sharing.match STRING both
[2/3] trafficserver git commit: TS-3558: Fix
proxy.config.http.auth_server_session_private
Posted by br...@apache.org.
TS-3558: Fix proxy.config.http.auth_server_session_private
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/300cdbae
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/300cdbae
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/300cdbae
Branch: refs/heads/master
Commit: 300cdbae992eb21d5cca233e91467f7902b726d8
Parents: a1af594
Author: Brian Geffon <br...@apache.org>
Authored: Mon Apr 27 19:54:41 2015 -0700
Committer: Brian Geffon <br...@apache.org>
Committed: Mon Apr 27 19:54:41 2015 -0700
----------------------------------------------------------------------
lib/ts/apidefs.h.in | 1 +
proxy/InkAPI.cc | 7 +++++++
proxy/InkAPITest.cc | 1 +
proxy/http/HttpConfig.cc | 4 ++++
proxy/http/HttpSM.cc | 46 ++++++++++++++++++++++++++++---------------
proxy/http/HttpSM.h | 7 +++++++
6 files changed, 50 insertions(+), 16 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/300cdbae/lib/ts/apidefs.h.in
----------------------------------------------------------------------
diff --git a/lib/ts/apidefs.h.in b/lib/ts/apidefs.h.in
index 329adf2..a3e0d93 100644
--- a/lib/ts/apidefs.h.in
+++ b/lib/ts/apidefs.h.in
@@ -679,6 +679,7 @@ extern "C"
TS_CONFIG_HTTP_KEEP_ALIVE_ENABLED_IN,
TS_CONFIG_HTTP_KEEP_ALIVE_ENABLED_OUT,
TS_CONFIG_HTTP_KEEP_ALIVE_POST_OUT,
+ TS_CONFIG_HTTP_AUTH_SERVER_SESSION_PRIVATE,
TS_CONFIG_HTTP_SHARE_SERVER_SESSIONS, // DEPRECATED
TS_CONFIG_HTTP_SERVER_SESSION_SHARING_POOL,
TS_CONFIG_HTTP_SERVER_SESSION_SHARING_MATCH,
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/300cdbae/proxy/InkAPI.cc
----------------------------------------------------------------------
diff --git a/proxy/InkAPI.cc b/proxy/InkAPI.cc
index 55def42..cfc1411 100644
--- a/proxy/InkAPI.cc
+++ b/proxy/InkAPI.cc
@@ -7660,6 +7660,9 @@ _conf_to_memberp(TSOverridableConfigKey conf, OverridableHttpConfigParams *overr
case TS_CONFIG_HTTP_KEEP_ALIVE_POST_OUT:
ret = &overridableHttpConfig->keep_alive_post_out;
break;
+ case TS_CONFIG_HTTP_AUTH_SERVER_SESSION_PRIVATE:
+ ret = &overridableHttpConfig->auth_server_session_private;
+ break;
case TS_CONFIG_HTTP_SHARE_SERVER_SESSIONS:
ink_assert("Deprecated config key value - TS_CONFIG_HTTP_SHARE_SERVER_SESSIONS");
// ret = &overridableHttpConfig->share_server_sessions;
@@ -8438,6 +8441,10 @@ TSHttpTxnConfigFind(const char *name, int length, TSOverridableConfigKey *conf,
if (0 == strncmp(name, "proxy.config.http.server_session_sharing.pool", length))
cnf = TS_CONFIG_HTTP_SERVER_SESSION_SHARING_POOL;
break;
+ case 'e':
+ if (0 == strncmp(name, "proxy.config.http.auth_server_session_private", length))
+ cnf = TS_CONFIG_HTTP_AUTH_SERVER_SESSION_PRIVATE;
+ break;
}
break;
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/300cdbae/proxy/InkAPITest.cc
----------------------------------------------------------------------
diff --git a/proxy/InkAPITest.cc b/proxy/InkAPITest.cc
index de5e319..8a7ec68 100644
--- a/proxy/InkAPITest.cc
+++ b/proxy/InkAPITest.cc
@@ -7170,6 +7170,7 @@ const char *SDK_Overridable_Configs[TS_CONFIG_LAST_ENTRY] = {
"proxy.config.url_remap.pristine_host_hdr", "proxy.config.http.chunking_enabled", "proxy.config.http.negative_caching_enabled",
"proxy.config.http.negative_caching_lifetime", "proxy.config.http.cache.when_to_revalidate",
"proxy.config.http.keep_alive_enabled_in", "proxy.config.http.keep_alive_enabled_out", "proxy.config.http.keep_alive_post_out",
+ "proxy.config.http.auth_server_session_private",
"proxy.config.http.share_server_sessions", "proxy.config.http.server_session_sharing.pool",
"proxy.config.http.server_session_sharing.match", "proxy.config.net.sock_recv_buffer_size_out",
"proxy.config.net.sock_send_buffer_size_out", "proxy.config.net.sock_option_flag_out",
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/300cdbae/proxy/http/HttpConfig.cc
----------------------------------------------------------------------
diff --git a/proxy/http/HttpConfig.cc b/proxy/http/HttpConfig.cc
index a5bfc63..50d0b45 100644
--- a/proxy/http/HttpConfig.cc
+++ b/proxy/http/HttpConfig.cc
@@ -987,6 +987,8 @@ HttpConfig::startup()
http_config_enum_read("proxy.config.http.server_session_sharing.match", SessionSharingMatchStrings,
c.oride.server_session_sharing_match);
+ HttpEstablishStaticConfigByte(c.oride.auth_server_session_private, "proxy.config.http.auth_server_session_private");
+
HttpEstablishStaticConfigByte(c.oride.keep_alive_post_out, "proxy.config.http.keep_alive_post_out");
HttpEstablishStaticConfigLongLong(c.oride.keep_alive_no_activity_timeout_in,
@@ -1232,6 +1234,8 @@ HttpConfig::reconfigure()
params->oride.keep_alive_enabled_in = INT_TO_BOOL(m_master.oride.keep_alive_enabled_in);
params->oride.keep_alive_enabled_out = INT_TO_BOOL(m_master.oride.keep_alive_enabled_out);
params->oride.chunking_enabled = INT_TO_BOOL(m_master.oride.chunking_enabled);
+ params->oride.auth_server_session_private = INT_TO_BOOL(m_master.oride.auth_server_session_private);
+
params->oride.http_chunking_size = m_master.oride.http_chunking_size;
params->oride.post_check_content_length_enabled = INT_TO_BOOL(m_master.oride.post_check_content_length_enabled);
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/300cdbae/proxy/http/HttpSM.cc
----------------------------------------------------------------------
diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index 99f3aa1..0e8918a 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -292,7 +292,7 @@ HttpSM::HttpSM()
enable_redirection(false), redirect_url(NULL), redirect_url_len(0), redirection_tries(0), transfered_bytes(0),
post_failed(false), debug_on(false), plugin_tunnel_type(HTTP_NO_PLUGIN_TUNNEL), plugin_tunnel(NULL), reentrancy_count(0),
history_pos(0), tunnel(), ua_entry(NULL), ua_session(NULL), background_fill(BACKGROUND_FILL_NONE), ua_raw_buffer_reader(NULL),
- server_entry(NULL), server_session(NULL), shared_session_retries(0), server_buffer_reader(NULL), transform_info(),
+ server_entry(NULL), server_session(NULL), will_be_private_ss(false), shared_session_retries(0), server_buffer_reader(NULL), transform_info(),
post_transform_info(), has_active_plugin_agents(false), second_cache_sm(NULL), default_handler(NULL), pending_action(NULL),
historical_action(NULL), last_action(HttpTransact::SM_ACTION_UNDEFINED),
// TODO: Now that bodies can be empty, should the body counters be set to -1 ? TS-2213
@@ -4569,6 +4569,32 @@ HttpSM::do_http_server_open(bool raw)
// to do this but as far I can tell the code that prevented keep-alive if
// there is a request body has been removed.
+ // If we are sending authorizations headers, mark the connection private
+ //
+ // We do this here because it means that we will not waste a connection from the pool if we already
+ // know that the session will be private. This is overridable meaning that if a plugin later decides
+ // it shouldn't be private it can still be returned to a shared pool.
+ //
+ if (t_state.txn_conf->auth_server_session_private == 1 &&
+ t_state.hdr_info.server_request.presence(MIME_PRESENCE_AUTHORIZATION | MIME_PRESENCE_PROXY_AUTHORIZATION |
+ MIME_PRESENCE_WWW_AUTHENTICATE)) {
+ DebugSM("http_ss_auth", "Setting server session to private for authorization header");
+ will_be_private_ss = true;
+ }
+
+ if (t_state.method == HTTP_WKSIDX_POST || t_state.method == HTTP_WKSIDX_PUT) {
+ // don't share the session if keep-alive for post is not on
+ if (t_state.txn_conf->keep_alive_post_out == 0) {
+ DebugSM("http_ss", "Setting server session to private because of keep-alive post out");
+ will_be_private_ss = true;
+ }
+ }
+
+ // If there is already an attached server session mark it as private.
+ if (server_session != NULL && will_be_private_ss) {
+ set_server_session_private(true);
+ }
+
if (raw == false && TS_SERVER_SESSION_SHARING_MATCH_NONE != t_state.txn_conf->server_session_sharing_match &&
(t_state.txn_conf->keep_alive_post_out == 1 || t_state.hdr_info.request_content_length == 0) && !is_private() &&
ua_session != NULL) {
@@ -5581,13 +5607,6 @@ HttpSM::attach_server_session(HttpServerSession *s)
if (t_state.method == HTTP_WKSIDX_POST || t_state.method == HTTP_WKSIDX_PUT) {
connect_timeout = t_state.txn_conf->post_connect_attempts_timeout;
-
- // don't share the session if keep-alive for post is not on
- if (t_state.txn_conf->keep_alive_post_out == 0) {
- DebugSM("http_ss", "Setting server session to private because of keep-alive post out");
- set_server_session_private(true);
- }
-
} else if (t_state.current.server == &t_state.parent_info) {
connect_timeout = t_state.http_config_param->parent_connect_timeout;
} else {
@@ -5608,7 +5627,7 @@ HttpSM::attach_server_session(HttpServerSession *s)
server_session->get_netvc()->set_active_timeout(HRTIME_SECONDS(t_state.txn_conf->transaction_active_timeout_out));
}
- if (plugin_tunnel_type != HTTP_NO_PLUGIN_TUNNEL) {
+ if (plugin_tunnel_type != HTTP_NO_PLUGIN_TUNNEL || will_be_private_ss) {
DebugSM("http_ss", "Setting server session to private");
set_server_session_private(true);
}
@@ -5652,13 +5671,6 @@ HttpSM::setup_server_send_request()
server_request_body_bytes = msg_len;
}
- // If we are sending authorizations headers, mark the connection private
- if (t_state.txn_conf->auth_server_session_private == 1 &&
- t_state.hdr_info.server_request.presence(MIME_PRESENCE_AUTHORIZATION | MIME_PRESENCE_PROXY_AUTHORIZATION |
- MIME_PRESENCE_WWW_AUTHENTICATE)) {
- DebugSM("http_ss", "Setting server session to private for authorization header");
- set_server_session_private(true);
- }
milestones.server_begin_write = ink_get_hrtime();
server_entry->write_vio = server_entry->vc->do_io_write(this, hdr_length, buf_start);
}
@@ -7602,6 +7614,8 @@ HttpSM::is_private()
HttpServerSession *ss = ua_session->get_server_session();
if (ss) {
res = ss->private_session;
+ } else if (will_be_private_ss) {
+ res = will_be_private_ss;
}
}
return res;
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/300cdbae/proxy/http/HttpSM.h
----------------------------------------------------------------------
diff --git a/proxy/http/HttpSM.h b/proxy/http/HttpSM.h
index 4edd7d5..16844ce 100644
--- a/proxy/http/HttpSM.h
+++ b/proxy/http/HttpSM.h
@@ -316,6 +316,13 @@ protected:
HttpVCTableEntry *server_entry;
HttpServerSession *server_session;
+
+ /* Because we don't want to take a session from a shared pool if we know that it will be private,
+ * but we cannot set it to private until we have an attached server session.
+ * So we use this variable to indicate that
+ * we should create a new connection and then once we attach the session we'll mark it as private.
+ */
+ bool will_be_private_ss;
int shared_session_retries;
IOBufferReader *server_buffer_reader;
void remove_server_entry();
[3/3] trafficserver git commit: TS-3558: Update Changes
Posted by br...@apache.org.
TS-3558: Update Changes
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/62d391db
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/62d391db
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/62d391db
Branch: refs/heads/master
Commit: 62d391db901a2eff87ea1a03bf966d19d4ac37be
Parents: 300cdba
Author: Brian Geffon <br...@apache.org>
Authored: Mon Apr 27 19:55:05 2015 -0700
Committer: Brian Geffon <br...@apache.org>
Committed: Mon Apr 27 19:55:05 2015 -0700
----------------------------------------------------------------------
CHANGES | 2 ++
1 file changed, 2 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/62d391db/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 7a81370..3ddf51b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
-*- coding: utf-8 -*-
Changes with Apache Traffic Server 6.0.0
+ *) [TS-3558] Fix proxy.config.http.auth_server_session_private
+
*) [TS-3552] Move the check for the api_server_response_no_store flag
earlier.