You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by GitBox <gi...@apache.org> on 2021/03/16 20:30:55 UTC
[GitHub] [trafficserver] zwoop opened a new issue #7607: Inefficiency in SNI policy parsing
zwoop opened a new issue #7607:
URL: https://github.com/apache/trafficserver/issues/7607
It seems that rather than parsing these types of "text" configs once, we parse it over and over again (strcmp()) on each transaction hitting this code:
```
std::string_view
HttpSM::get_outbound_sni() const
{
using namespace ts::literals;
ts::TextView zret;
ts::TextView policy{t_state.txn_conf->ssl_client_sni_policy, ts::TextView::npos};
if (policy.empty() || !strcmp(policy, "host"_tv)) {
// By default the host header field value is used for the SNI.
int len;
char const *ptr = t_state.hdr_info.server_request.host_get(&len);
zret.assign(ptr, len);
} else if (ua_txn && !strcmp(policy, "server_name"_tv)) {
zret.assign(ua_txn->get_netvc()->get_server_name(), ts::TextView::npos);
} else if (policy.front() == '@') { // guaranteed non-empty from previous clause
zret = policy.remove_prefix(1);
} else {
// If other is specified, like "remap" and "verify_with_name_source", the remapped origin name is used for the SNI value
zret.assign(t_state.server_info.name, ts::TextView::npos);
}
return zret;
}
````
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] github-actions[bot] commented on issue #7607: Inefficiency in SNI policy parsing
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on issue #7607:
URL: https://github.com/apache/trafficserver/issues/7607#issuecomment-1083989395
This issue has been automatically marked as stale because it has not had recent activity. Marking it stale to flag it for further consideration by the community.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@trafficserver.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] masaori335 commented on issue #7607: Inefficiency in SNI policy parsing
Posted by GitBox <gi...@apache.org>.
masaori335 commented on issue #7607:
URL: https://github.com/apache/trafficserver/issues/7607#issuecomment-800674236
`set_tls_options` has the same issue (`proxy.config.ssl.client.verify.server.policy`/`proxy.config.ssl.client.verify.server.properties`), I think.
https://github.com/apache/trafficserver/blob/d4fc16f64d3104d3682d496e47f2a53511fa77e0/proxy/http/HttpSM.cc#L4810-L4849
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] ywkaras commented on issue #7607: Inefficiency in SNI policy parsing
Posted by GitBox <gi...@apache.org>.
ywkaras commented on issue #7607:
URL: https://github.com/apache/trafficserver/issues/7607#issuecomment-809423364
Yup https://github.com/apache/trafficserver/pull/7624/files#diff-c2f4153a7fbd17ff9e386fa7e9460927d1eb82b473bb3ec59e23dcccbdaa2037R456 .
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] ywkaras commented on issue #7607: Inefficiency in SNI policy parsing
Posted by GitBox <gi...@apache.org>.
ywkaras commented on issue #7607:
URL: https://github.com/apache/trafficserver/issues/7607#issuecomment-809757670
It's unclear to me how using this function, https://github.com/apache/trafficserver/blob/6b28f19d2b863201f87ed31bc933998f26b55f5b/proxy/http/HttpConfig.cc#L74 , leads to a simpler resolution of this issue. It is roughly equivalent to just: https://github.com/ywkaras/trafficserver/blob/b0453b157dba0b4d26bf8856f5f7198e2d9241e6/include/tscpp/util/CodeOrStr.h#L180
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] ywkaras edited a comment on issue #7607: Inefficiency in SNI policy parsing
Posted by GitBox <gi...@apache.org>.
ywkaras edited a comment on issue #7607:
URL: https://github.com/apache/trafficserver/issues/7607#issuecomment-809423364
Agreed https://github.com/ywkaras/trafficserver/blob/e21287f4da9bdb7b670e94c97736f5dd30b2a8ac/include/tscpp/util/CodeOrStr.h#L456 .
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] SolidWallOfCode commented on issue #7607: Inefficiency in SNI policy parsing
Posted by GitBox <gi...@apache.org>.
SolidWallOfCode commented on issue #7607:
URL: https://github.com/apache/trafficserver/issues/7607#issuecomment-809417545
The tricky bit here is the value is not strictly an enumeration. It can have an arbitrary value as long as that value starts with "@". In such a case, the "@" is removed and the literal value is used as the outbound SNI. This means a string is required in some cases. What would be needed is an enumeration and a string, with the string set only when it's explicitly specified by a plugin.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org