You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2018/03/26 20:59:44 UTC
[trafficserver] branch 7.1.x updated (0ca9ca3 -> c09fbcb)
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a change to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git.
from 0ca9ca3 Handle rescheduled transaction close event via tunnel.
new 1c6cd4b Revert "Fix 7.1.x build"
new eb8e4bf Revert "prevents connecting to INADDR_ANY hosts"
new c09fbcb prevents connecting to INADDR_ANY hosts
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
tests/gold_tests/basic/.gitignore | 1 -
tests/gold_tests/basic/deny0.test.py | 103 -----------------------------------
2 files changed, 104 deletions(-)
delete mode 100644 tests/gold_tests/basic/.gitignore
delete mode 100644 tests/gold_tests/basic/deny0.test.py
--
To stop receiving notification emails like this one, please contact
zwoop@apache.org.
[trafficserver] 02/03: Revert "prevents connecting to INADDR_ANY
hosts"
Posted by zw...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit eb8e4bf101155a73481c5515f1d2ee205fbfa6cb
Author: Derek Dagit <de...@oath.com>
AuthorDate: Mon Mar 26 11:02:24 2018 -0500
Revert "prevents connecting to INADDR_ANY hosts"
This reverts commit 0fd63fd6c8a148f827e198cc8cc6ecd268cf7518.
---
proxy/http/HttpTransact.cc | 8 ---
tests/gold_tests/basic/.gitignore | 1 -
tests/gold_tests/basic/deny0.test.py | 103 -----------------------------------
3 files changed, 112 deletions(-)
diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc
index 16deb78..b91c06d 100644
--- a/proxy/http/HttpTransact.cc
+++ b/proxy/http/HttpTransact.cc
@@ -1678,14 +1678,6 @@ HttpTransact::OSDNSLookup(State *s)
DebugTxn("http_trans", "[HttpTransact::OSDNSLookup] This was attempt %d", s->dns_info.attempts);
++s->dns_info.attempts;
- // It's never valid to connect *to* INADDR_ANY, so let's reject the request now.
- if (ats_is_ip_any(s->host_db_info.ip())) {
- TxnDebug("http_trans", "[OSDNSLookup] Invalid request IP: INADDR_ANY");
- build_error_response(s, HTTP_STATUS_BAD_REQUEST, "Bad Destination Address", "request#syntax_error");
- SET_VIA_STRING(VIA_DETAIL_TUNNEL, VIA_DETAIL_TUNNEL_NO_FORWARD);
- TRANSACT_RETURN(SM_ACTION_SEND_ERROR_CACHE_NOOP, nullptr);
- }
-
// detect whether we are about to self loop. the client may have
// specified the proxy as the origin server (badness).
// Check if this procedure is already done - YTS Team, yamsat
diff --git a/tests/gold_tests/basic/.gitignore b/tests/gold_tests/basic/.gitignore
deleted file mode 100644
index b7d65ed..0000000
--- a/tests/gold_tests/basic/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-generated_test_data
diff --git a/tests/gold_tests/basic/deny0.test.py b/tests/gold_tests/basic/deny0.test.py
deleted file mode 100644
index 8b45163..0000000
--- a/tests/gold_tests/basic/deny0.test.py
+++ /dev/null
@@ -1,103 +0,0 @@
-'''
-Test that Trafficserver rejects requests for host 0
-'''
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-import os
-import socket
-Test.Summary = '''
-Test that Trafficserver rejects requests for host 0
-'''
-
-Test.ContinueOnFail = True
-
-HOST1='redirect.test'
-
-redirect_serv = Test.MakeOriginServer("redirect_serv", ip='0.0.0.0')
-
-dns = Test.MakeDNServer("dns")
-dns.addRecords(records={HOST1: ['127.0.0.1']})
-
-ts = Test.MakeATSProcess("ts")
-ts.Disk.records_config.update({
- 'proxy.config.diags.debug.enabled': 1
- ,'proxy.config.diags.debug.tags': 'http|dns|redirect'
- ,'proxy.config.http.redirection_enabled': 1
- ,'proxy.config.http.number_of_redirections': 1
- ,'proxy.config.http.cache.http': 0
- ,'proxy.config.dns.nameservers': '127.0.0.1:{0}'.format(dns.Variables.Port)
- ,'proxy.config.dns.resolv_conf': 'NULL'
- ,'proxy.config.url_remap.remap_required': 0 # need this so the domain gets a chance to be evaluated through DNS
-})
-
-Test.Setup.Copy(os.path.join(Test.Variables.AtsTestToolsDir,'tcp_client.py'))
-
-data_dirname = 'generated_test_data'
-data_path = os.path.join(Test.TestDirectory, data_dirname)
-os.makedirs(data_path, exist_ok=True)
-gold_filepath = os.path.join(data_path, 'deny0.gold')
-with open(os.path.join(data_path, 'deny0.gold'), 'w') as f:
- f.write('HTTP/1.1 400 Bad Destination Address\r\n')
-
-isFirstTest = True
-def buildMetaTest(testName, requestString):
- tr = Test.AddTestRun(testName)
- global isFirstTest
- if isFirstTest:
- isFirstTest = False
- tr.Processes.Default.StartBefore(ts, ready=When.PortOpen(ts.Variables.port))
- tr.Processes.Default.StartBefore(redirect_serv, ready=When.PortOpen(redirect_serv.Variables.Port))
- tr.Processes.Default.StartBefore(dns)
- with open(os.path.join(data_path, tr.Name), 'w') as f:
- f.write(requestString)
- tr.Processes.Default.Command = "python tcp_client.py 127.0.0.1 {0} {1} | head -1".format(ts.Variables.port, os.path.join(data_dirname, tr.Name))
- tr.ReturnCode = 0
- tr.Processes.Default.Streams.stdout = gold_filepath
- tr.StillRunningAfter = ts
- tr.StillRunningAfter = redirect_serv
- tr.StillRunningAfter = dns
-
-
-buildMetaTest('RejectInterfaceAnyIpv4',
- 'GET / HTTP/1.1\r\nHost: 0:{port}\r\nConnection: close\r\n\r\n'.format(port=ts.Variables.port))
-
-
-buildMetaTest('RejectInterfaceAnyIpv6',
- 'GET / HTTP/1.1\r\nHost: [::]:{port}\r\nConnection: close\r\n\r\n'.format(port=ts.Variables.portv6))
-
-
-# Sets up redirect to IPv4 ANY address
-redirect_request_header = {"headers": "GET /redirect-0 HTTP/1.1\r\nHost: *\r\n\r\n", "timestamp": "5678", "body": ""}
-redirect_response_header = {"headers": "HTTP/1.1 302 Found\r\nLocation: http://0:{0}/\r\nConnection: close\r\n\r\n".format(
- ts.Variables.port), "timestamp": "5678", "body": ""}
-redirect_serv.addResponse("sessionfile.log", redirect_request_header, redirect_response_header)
-
-buildMetaTest('RejectRedirectToInterfaceAnyIpv4',
- 'GET /redirect-0 HTTP/1.1\r\nHost: {host}:{port}\r\n\r\n'.format(host=HOST1, port=redirect_serv.Variables.Port))
-
-
-# Sets up redirect to IPv6 ANY address
-redirect_request_header = {"headers": "GET /redirect-0v6 HTTP/1.1\r\nHost: *\r\n\r\n", "timestamp": "5678", "body": ""}
-redirect_response_header = {"headers": "HTTP/1.1 302 Found\r\nLocation: http://[::]:{0}/\r\nConnection: close\r\n\r\n".format(
- ts.Variables.port), "timestamp": "5678", "body": ""}
-redirect_serv.addResponse("sessionfile.log", redirect_request_header, redirect_response_header)
-
-buildMetaTest('RejectRedirectToInterfaceAnyIpv6',
- 'GET /redirect-0v6 HTTP/1.1\r\nHost: {host}:{port}\r\n\r\n'.format(host=HOST1, port=redirect_serv.Variables.Port))
-
-
-Test.Setup.Copy(data_path)
--
To stop receiving notification emails like this one, please contact
zwoop@apache.org.
[trafficserver] 01/03: Revert "Fix 7.1.x build"
Posted by zw...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 1c6cd4b4117441d7383e064b1e4b26115ec5c5f1
Author: Derek Dagit <de...@oath.com>
AuthorDate: Mon Mar 26 11:02:20 2018 -0500
Revert "Fix 7.1.x build"
This reverts commit 4894dae6925fb336564dfd44ccb8cd3b598a77cc.
---
proxy/http/HttpTransact.cc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc
index eaadead..16deb78 100644
--- a/proxy/http/HttpTransact.cc
+++ b/proxy/http/HttpTransact.cc
@@ -1680,8 +1680,8 @@ HttpTransact::OSDNSLookup(State *s)
// It's never valid to connect *to* INADDR_ANY, so let's reject the request now.
if (ats_is_ip_any(s->host_db_info.ip())) {
- DebugTxn("http_trans", "[OSDNSLookup] Invalid request IP: INADDR_ANY");
- build_error_response(s, HTTP_STATUS_BAD_REQUEST, "Bad Destination Address", "request#syntax_error", nullptr);
+ TxnDebug("http_trans", "[OSDNSLookup] Invalid request IP: INADDR_ANY");
+ build_error_response(s, HTTP_STATUS_BAD_REQUEST, "Bad Destination Address", "request#syntax_error");
SET_VIA_STRING(VIA_DETAIL_TUNNEL, VIA_DETAIL_TUNNEL_NO_FORWARD);
TRANSACT_RETURN(SM_ACTION_SEND_ERROR_CACHE_NOOP, nullptr);
}
--
To stop receiving notification emails like this one, please contact
zwoop@apache.org.
[trafficserver] 03/03: prevents connecting to INADDR_ANY hosts
Posted by zw...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit c09fbcb5fa0343382c677ed3f2761fb79c1b1adc
Author: Derek Dagit <de...@oath.com>
AuthorDate: Mon Mar 26 17:33:28 2018 +0000
prevents connecting to INADDR_ANY hosts
(cherry picked from commit 582a6731f9701acdc2739ee60676180227050d51)
omits test due to missing uDNS test dependency.
changes two function calls to use older versions
---
proxy/http/HttpTransact.cc | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc
index b91c06d..eaadead 100644
--- a/proxy/http/HttpTransact.cc
+++ b/proxy/http/HttpTransact.cc
@@ -1678,6 +1678,14 @@ HttpTransact::OSDNSLookup(State *s)
DebugTxn("http_trans", "[HttpTransact::OSDNSLookup] This was attempt %d", s->dns_info.attempts);
++s->dns_info.attempts;
+ // It's never valid to connect *to* INADDR_ANY, so let's reject the request now.
+ if (ats_is_ip_any(s->host_db_info.ip())) {
+ DebugTxn("http_trans", "[OSDNSLookup] Invalid request IP: INADDR_ANY");
+ build_error_response(s, HTTP_STATUS_BAD_REQUEST, "Bad Destination Address", "request#syntax_error", nullptr);
+ SET_VIA_STRING(VIA_DETAIL_TUNNEL, VIA_DETAIL_TUNNEL_NO_FORWARD);
+ TRANSACT_RETURN(SM_ACTION_SEND_ERROR_CACHE_NOOP, nullptr);
+ }
+
// detect whether we are about to self loop. the client may have
// specified the proxy as the origin server (badness).
// Check if this procedure is already done - YTS Team, yamsat
--
To stop receiving notification emails like this one, please contact
zwoop@apache.org.