You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Leif Hedstrom (JIRA)" <ji...@apache.org> on 2011/08/03 19:05:27 UTC
[jira] [Updated] (TS-803) Fix SOCKS breakage and allow for setting
next-hop SOCKS
[ https://issues.apache.org/jira/browse/TS-803?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Leif Hedstrom updated TS-803:
-----------------------------
Fix Version/s: (was: 3.1.0)
3.1.1
Moving out, at least until we get a new patch that can be applied / tested / reviewed.
> Fix SOCKS breakage and allow for setting next-hop SOCKS
> -------------------------------------------------------
>
> Key: TS-803
> URL: https://issues.apache.org/jira/browse/TS-803
> Project: Traffic Server
> Issue Type: New Feature
> Components: Network
> Environment: Wherever ATS might run
> Reporter: M. Nunberg
> Fix For: 3.1.1
>
>
> Here is a patch I drew up a few months ago against a snapshot of ATS/2.1.7 unstable/git. There are some quirks here, and I'm not that sure any more what this patch does exactly. However it:
> 1) Does fix SOCKS connections in general
> 2) Allows setting next-hop SOCKS proxy via the API
> Problems:
> See https://issues.apache.org/jira/browse/TS-802
> This has no effect on connections which are drawn from the connection pool, as it seems ATS currently doesn't maintain unique identities for peripheral connection params (source IP, SOCKS etc); i.e. this only affects new TCP connections to an OS.
> diff -x '*.o' -ru tsorig/iocore/net/I_NetVConnection.h tsgit217/iocore/net/I_NetVConnection.h
> --- tsorig/iocore/net/I_NetVConnection.h 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/I_NetVConnection.h 2011-03-17 14:37:18.000000000 +0000
> @@ -120,6 +120,13 @@
> /// Version of SOCKS to use.
> unsigned char socks_version;
> + struct {
> + unsigned int ip;
> + int port;
> + char *username;
> + char *password;
> + } socks_override;
> +
> int socket_recv_bufsize;
> int socket_send_bufsize;
> Only in tsgit217/iocore/net: Makefile
> Only in tsgit217/iocore/net: Makefile.in
> diff -x '*.o' -ru tsorig/iocore/net/P_Socks.h tsgit217/iocore/net/P_Socks.h
> --- tsorig/iocore/net/P_Socks.h 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/P_Socks.h 2011-03-17 13:17:20.000000000 +0000
> @@ -126,7 +126,7 @@
> unsigned char version;
> bool write_done;
> -
> + bool manual_parent_selection;
> SocksAuthHandler auth_handler;
> unsigned char socks_cmd;
> @@ -145,7 +145,8 @@
> SocksEntry():Continuation(NULL), netVConnection(0),
> ip(0), port(0), server_ip(0), server_port(0), nattempts(0),
> - lerrno(0), timeout(0), version(5), write_done(false), auth_handler(NULL), socks_cmd(NORMAL_SOCKS)
> + lerrno(0), timeout(0), version(5), write_done(false), manual_parent_selection(false),
> + auth_handler(NULL), socks_cmd(NORMAL_SOCKS)
> {
> }
> };
> diff -x '*.o' -ru tsorig/iocore/net/Socks.cc tsgit217/iocore/net/Socks.cc
> --- tsorig/iocore/net/Socks.cc 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/Socks.cc 2011-03-17 13:46:07.000000000 +0000
> @@ -73,7 +73,8 @@
> nattempts = 0;
> findServer();
> - timeout = this_ethread()->schedule_in(this, HRTIME_SECONDS(netProcessor.socks_conf_stuff->server_connect_timeout));
> +// timeout = this_ethread()->schedule_in(this, HRTIME_SECONDS(netProcessor.socks_conf_stuff->server_connect_timeout));
> + timeout = this_ethread()->schedule_in(this, HRTIME_SECONDS(5));
> write_done = false;
> }
> @@ -81,6 +82,15 @@
> SocksEntry::findServer()
> {
> nattempts++;
> + if(manual_parent_selection) {
> + if(nattempts > 1) {
> + //Nullify IP and PORT
> + server_ip = -1;
> + server_port = 0;
> + }
> + Debug("mndebug(Socks)", "findServer() is a noop with manual socks selection");
> + return;
> + }
> #ifdef SOCKS_WITH_TS
> if (nattempts == 1) {
> @@ -187,7 +197,6 @@
> }
> Debug("Socks", "Failed to connect to %u.%u.%u.%u:%d", PRINT_IP(server_ip), server_port);
> -
> findServer();
> if (server_ip == (uint32_t) - 1) {
> diff -x '*.o' -ru tsorig/iocore/net/UnixNetProcessor.cc tsgit217/iocore/net/UnixNetProcessor.cc
> --- tsorig/iocore/net/UnixNetProcessor.cc 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/UnixNetProcessor.cc 2011-03-17 15:48:38.000000000 +0000
> @@ -228,6 +228,11 @@
> !socks_conf_stuff->ip_range.match(ip))
> #endif
> );
> + if(opt->socks_override.ip >= 1) {
> + using_socks = true;
> + Debug("mndebug", "trying to set using_socks to true");
> + }
> +
> SocksEntry *socksEntry = NULL;
> #endif
> NET_SUM_GLOBAL_DYN_STAT(net_connections_currently_open_stat, 1);
> @@ -242,6 +247,16 @@
> if (using_socks) {
> Debug("Socks", "Using Socks ip: %u.%u.%u.%u:%d\n", PRINT_IP(ip), port);
> socksEntry = socksAllocator.alloc();
> +
> + if (opt->socks_override.ip) {
> + //Needs to be done before socksEntry->init()
> + socksEntry->server_ip = opt->socks_override.ip;
> + socksEntry->server_port = opt->socks_override.port;
> + socksEntry->manual_parent_selection = true;
> + opt->socks_support = NORMAL_SOCKS;
> + Debug("mndebug(Socks)", "SOCKS proxy selected manually");
> + }
> +
> socksEntry->init(cont->mutex, vc, opt->socks_support, opt->socks_version); /*XXXX remove last two args */
> socksEntry->action_ = cont;
> cont = socksEntry;
> diff -x '*.o' -ru tsorig/proxy/InkAPI.cc tsgit217/proxy/InkAPI.cc
> --- tsorig/proxy/InkAPI.cc 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/InkAPI.cc 2011-03-17 15:43:23.000000000 +0000
> @@ -5239,6 +5239,15 @@
> }
> void
> +TSHttpTxnSocksProxySet(TSHttpTxn txnp, unsigned int ipaddr, int port)
> +{
> + sdk_assert(sdk_sanity_check_txn(txnp) == TS_SUCCESS);
> + HttpSM *sm = (HttpSM*) txnp;
> + sm->t_state.api_info.socks_proxy_ipaddr = ipaddr;
> + sm->t_state.api_info.socks_proxy_port = port;
> +}
> +
> +void
> TSHttpTxnUntransformedRespCache(TSHttpTxn txnp, int on)
> {
> sdk_assert(sdk_sanity_check_txn(txnp) == TS_SUCCESS);
> diff -x '*.o' -ru tsorig/proxy/api/ts/ts.h.in tsgit217/proxy/api/ts/ts.h.in
> --- tsorig/proxy/api/ts/ts.h.in 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/api/ts/ts.h.in 2011-03-17 15:43:04.000000000 +0000
> @@ -2134,6 +2134,7 @@
> */
> tsapi void TSHttpTxnParentProxySet(TSHttpTxn txnp, char* hostname, int port);
> + tsapi void TSHttpTxnSocksProxySet(TSHttpTxn txnp, unsigned int ipaddr, int port);
> tsapi void TSHttpTxnUntransformedRespCache(TSHttpTxn txnp, int on);
> tsapi void TSHttpTxnTransformedRespCache(TSHttpTxn txnp, int on);
> diff -x '*.o' -ru tsorig/proxy/http/HttpSM.cc tsgit217/proxy/http/HttpSM.cc
> --- tsorig/proxy/http/HttpSM.cc 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/http/HttpSM.cc 2011-03-17 15:53:07.000000000 +0000
> @@ -3658,6 +3658,7 @@
> // before we return from this function for forward proxy
> t_state.pristine_url.create(t_state.hdr_info.client_request.url_get()->m_heap);
> t_state.pristine_url.copy(t_state.hdr_info.client_request.url_get());
> + Debug("url_rewrite", "URL is %s", t_state.pristine_url.string_get_ref(NULL));
> if (!ret) {
> Debug("url_rewrite", "Could not find a valid remapping entry for this request [%" PRId64 "]", sm_id);
> @@ -4077,6 +4078,8 @@
> opt.addr_binding = NetVCOptions::FOREIGN_ADDR;
> opt.local_addr = t_state.client_info.ip;
> }
> + opt.socks_override.ip = t_state.api_info.socks_proxy_ipaddr;
> + opt.socks_override.port = t_state.api_info.socks_proxy_port;
> Debug("http", "[%" PRId64 "] open connection to %s: %u.%u.%u.%u",
> sm_id, t_state.current.server->name, PRINT_IP(t_state.current.server->ip));
> @@ -4124,6 +4127,11 @@
> // to do this but as far I can tell the code that prevented keep-alive if
> // there is a request body has been removed.
> + //FIXME: We won't always be using from the shared connection pool. In the new architecture, the only time
> + //We don't need a new connection is in the case of chaining HTTP proxies. Otherwise the session manager
> + //Doesn't keep track of src IPs or SOCKS proxies.
> +
> +
> if (raw == false && t_state.http_config_param->share_server_sessions &&
> (t_state.txn_conf->keep_alive_post_out == 1 || t_state.hdr_info.request_content_length == 0) &&
> ua_session != NULL) {
> diff -x '*.o' -ru tsorig/proxy/http/HttpTransact.h tsgit217/proxy/http/HttpTransact.h
> --- tsorig/proxy/http/HttpTransact.h 2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/http/HttpTransact.h 2011-03-17 15:39:05.000000000 +0000
> @@ -317,6 +317,8 @@
> {
> char *parent_proxy_name;
> int parent_proxy_port;
> + unsigned int socks_proxy_ipaddr;
> + int socks_proxy_port;
> bool cache_untransformed;
> bool cache_transformed;
> bool logging_enabled;
> @@ -325,6 +327,8 @@
> _HttpApiInfo()
> : parent_proxy_name(NULL),
> parent_proxy_port(-1),
> + socks_proxy_ipaddr(0),
> + socks_proxy_port(0),
> cache_untransformed(false), cache_transformed(true), logging_enabled(true), retry_intercept_failures(false)
> { }
> } HttpApiInfo;
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira