You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by am...@apache.org on 2012/03/23 19:36:45 UTC
git commit: TS-1165: Fix heart beat denied.
Updated Branches:
refs/heads/master a26f1d9b3 -> 225f26fa3
TS-1165: Fix heart beat denied.
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/225f26fa
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/225f26fa
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/225f26fa
Branch: refs/heads/master
Commit: 225f26fa3d7cdcb54197245dd4728f7f0e75171d
Parents: a26f1d9
Author: Alan M. Carroll <am...@network-geographics.com>
Authored: Fri Mar 23 13:39:50 2012 -0500
Committer: Alan M. Carroll <am...@network-geographics.com>
Committed: Fri Mar 23 13:39:50 2012 -0500
----------------------------------------------------------------------
proxy/IPAllow.cc | 2 +-
proxy/IPAllow.h | 5 +++++
proxy/http/HttpAccept.cc | 4 +++-
proxy/http/HttpTransact.cc | 4 ++++
4 files changed, 13 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/225f26fa/proxy/IPAllow.cc
----------------------------------------------------------------------
diff --git a/proxy/IPAllow.cc b/proxy/IPAllow.cc
index fe81282..984bebd 100644
--- a/proxy/IPAllow.cc
+++ b/proxy/IPAllow.cc
@@ -52,7 +52,7 @@ IpAllow* IpAllow::_instance = NULL;
// Mask for all methods.
// This can't be computed properly at process start, so it's delayed
// until the instance is initialized.
-uint32_t ALL_METHOD_MASK;
+uint32_t IpAllow::ALL_METHOD_MASK;
static Ptr<ProxyMutex> ip_reconfig_mutex;
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/225f26fa/proxy/IPAllow.h
----------------------------------------------------------------------
diff --git a/proxy/IPAllow.h b/proxy/IPAllow.h
index f8befa3..80018e9 100644
--- a/proxy/IPAllow.h
+++ b/proxy/IPAllow.h
@@ -80,6 +80,10 @@ public:
static self* instance();
static bool CheckMask(uint32_t, int);
+ /// @return A mask that permits all methods.
+ static uint32_t AllMethodMask() {
+ return ALL_METHOD_MASK;
+ }
private:
static void InitInstance();
@@ -92,6 +96,7 @@ private:
const char *action;
IpMap _map;
Vec<AclRecord> _acls;
+ static uint32_t ALL_METHOD_MASK;
static self* _instance;
};
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/225f26fa/proxy/http/HttpAccept.cc
----------------------------------------------------------------------
diff --git a/proxy/http/HttpAccept.cc b/proxy/http/HttpAccept.cc
index b239e20..5efcd19 100644
--- a/proxy/http/HttpAccept.cc
+++ b/proxy/http/HttpAccept.cc
@@ -45,7 +45,9 @@ HttpAccept::mainEvent(int event, void *data)
// The backdoor port is now only bound to "localhost", so reason to
// check for if it's incoming from "localhost" or not.
- if (!backdoor && IpAllow::instance() && ((acl_method_mask = IpAllow::instance()->match(client_ip)) == 0)) {
+ if (backdoor) {
+ acl_method_mask = IpAllow::AllMethodMask();
+ } else if (IpAllow::instance() && ((acl_method_mask = IpAllow::instance()->match(client_ip)) == 0)) {
Warning("connect by disallowed client %s, closing", ats_ip_ntop(client_ip, ipb, sizeof(ipb)));
netvc->do_io_close();
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/225f26fa/proxy/http/HttpTransact.cc
----------------------------------------------------------------------
diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc
index 5576e6d..109ff4a 100644
--- a/proxy/http/HttpTransact.cc
+++ b/proxy/http/HttpTransact.cc
@@ -6542,6 +6542,10 @@ HttpTransact::process_quick_http_filter(State* s, int method)
}
if (!IpAllow::CheckMask(s->state_machine->ua_session->acl_method_mask, method)) {
+ if (is_debug_tag_set("ip-allow")) {
+ ip_text_buffer ipb;
+ Debug("ip-allow", "Quick filter denial on %s:%s with mask %x", ats_ip_ntop(&s->client_info.addr.sa, ipb, sizeof(ipb)), hdrtoken_index_to_wks(method), s->state_machine->ua_session->acl_method_mask);
+ }
s->client_connection_enabled = false;
}
}