You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Leif Hedstrom (JIRA)" <ji...@apache.org> on 2011/07/31 10:12:09 UTC

[jira] [Commented] (TS-803) Fix SOCKS breakage and allow for setting next-hop SOCKS

    [ https://issues.apache.org/jira/browse/TS-803?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13073333#comment-13073333 ] 

Leif Hedstrom commented on TS-803:
----------------------------------

Can we get a patch against current trunk, and attached as an attachment? That'd make review and inclusion much easier :).

Thanks!

-- leif


> Fix SOCKS breakage and allow for setting next-hop SOCKS
> -------------------------------------------------------
>
>                 Key: TS-803
>                 URL: https://issues.apache.org/jira/browse/TS-803
>             Project: Traffic Server
>          Issue Type: New Feature
>          Components: Network
>         Environment: Wherever ATS might run
>            Reporter: M. Nunberg
>             Fix For: 3.1.0
>
>
> Here is a patch I drew up a few months ago against a snapshot of ATS/2.1.7 unstable/git. There are some quirks here, and I'm not that sure any more what this patch does exactly. However it:
> 1) Does fix SOCKS connections in general
> 2) Allows setting next-hop SOCKS proxy via the API
> Problems:
> See https://issues.apache.org/jira/browse/TS-802
> This has no effect on connections which are drawn from the connection pool, as it seems ATS currently doesn't maintain unique identities for peripheral connection params (source IP, SOCKS etc); i.e. this only affects new TCP connections to an OS.
> diff -x '*.o' -ru tsorig/iocore/net/I_NetVConnection.h tsgit217/iocore/net/I_NetVConnection.h
> --- tsorig/iocore/net/I_NetVConnection.h    2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/I_NetVConnection.h    2011-03-17 14:37:18.000000000 +0000
> @@ -120,6 +120,13 @@
>    /// Version of SOCKS to use.
>    unsigned char socks_version;
> +  struct {
> +      unsigned int ip;
> +      int port;
> +      char *username;
> +      char *password;
> +  } socks_override;
> +
>    int socket_recv_bufsize;
>    int socket_send_bufsize;
> Only in tsgit217/iocore/net: Makefile
> Only in tsgit217/iocore/net: Makefile.in
> diff -x '*.o' -ru tsorig/iocore/net/P_Socks.h tsgit217/iocore/net/P_Socks.h
> --- tsorig/iocore/net/P_Socks.h    2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/P_Socks.h    2011-03-17 13:17:20.000000000 +0000
> @@ -126,7 +126,7 @@
>    unsigned char version;
>    bool write_done;
> -
> +  bool manual_parent_selection;
>    SocksAuthHandler auth_handler;
>    unsigned char socks_cmd;
> @@ -145,7 +145,8 @@
>      SocksEntry():Continuation(NULL), netVConnection(0),
>      ip(0), port(0), server_ip(0), server_port(0), nattempts(0),
> -    lerrno(0), timeout(0), version(5), write_done(false), auth_handler(NULL), socks_cmd(NORMAL_SOCKS)
> +    lerrno(0), timeout(0), version(5), write_done(false), manual_parent_selection(false),
> +    auth_handler(NULL), socks_cmd(NORMAL_SOCKS)
>    {
>    }
>  };
> diff -x '*.o' -ru tsorig/iocore/net/Socks.cc tsgit217/iocore/net/Socks.cc
> --- tsorig/iocore/net/Socks.cc    2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/Socks.cc    2011-03-17 13:46:07.000000000 +0000
> @@ -73,7 +73,8 @@
>    nattempts = 0;
>    findServer();
> -  timeout = this_ethread()->schedule_in(this, HRTIME_SECONDS(netProcessor.socks_conf_stuff->server_connect_timeout));
> +//  timeout = this_ethread()->schedule_in(this, HRTIME_SECONDS(netProcessor.socks_conf_stuff->server_connect_timeout));
> +  timeout = this_ethread()->schedule_in(this, HRTIME_SECONDS(5));
>    write_done = false;
>  }
> @@ -81,6 +82,15 @@
>  SocksEntry::findServer()
>  {
>    nattempts++;
> +  if(manual_parent_selection) {
> +      if(nattempts > 1) {
> +          //Nullify IP and PORT
> +          server_ip = -1;
> +          server_port = 0;
> +      }
> +      Debug("mndebug(Socks)", "findServer() is a noop with manual socks selection");
> +      return;
> +  }
>  #ifdef SOCKS_WITH_TS
>    if (nattempts == 1) {
> @@ -187,7 +197,6 @@
>      }
>      Debug("Socks", "Failed to connect to %u.%u.%u.%u:%d", PRINT_IP(server_ip), server_port);
> -
>      findServer();
>      if (server_ip == (uint32_t) - 1) {
> diff -x '*.o' -ru tsorig/iocore/net/UnixNetProcessor.cc tsgit217/iocore/net/UnixNetProcessor.cc
> --- tsorig/iocore/net/UnixNetProcessor.cc    2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/iocore/net/UnixNetProcessor.cc    2011-03-17 15:48:38.000000000 +0000
> @@ -228,6 +228,11 @@
>                            !socks_conf_stuff->ip_range.match(ip))
>  #endif
>      );
> +  if(opt->socks_override.ip >= 1) {
> +      using_socks = true;
> +      Debug("mndebug", "trying to set using_socks to true");
> +  }
> +
>    SocksEntry *socksEntry = NULL;
>  #endif
>    NET_SUM_GLOBAL_DYN_STAT(net_connections_currently_open_stat, 1);
> @@ -242,6 +247,16 @@
>    if (using_socks) {
>      Debug("Socks", "Using Socks ip: %u.%u.%u.%u:%d\n", PRINT_IP(ip), port);
>      socksEntry = socksAllocator.alloc();
> +
> +    if (opt->socks_override.ip) {
> +        //Needs to be done before socksEntry->init()
> +        socksEntry->server_ip = opt->socks_override.ip;
> +        socksEntry->server_port = opt->socks_override.port;
> +        socksEntry->manual_parent_selection = true;
> +        opt->socks_support = NORMAL_SOCKS;
> +        Debug("mndebug(Socks)", "SOCKS proxy selected manually");
> +    }
> +
>      socksEntry->init(cont->mutex, vc, opt->socks_support, opt->socks_version);        /*XXXX remove last two args */
>      socksEntry->action_ = cont;
>      cont = socksEntry;
> diff -x '*.o' -ru tsorig/proxy/InkAPI.cc tsgit217/proxy/InkAPI.cc
> --- tsorig/proxy/InkAPI.cc    2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/InkAPI.cc    2011-03-17 15:43:23.000000000 +0000
> @@ -5239,6 +5239,15 @@
>  }
>  void
> +TSHttpTxnSocksProxySet(TSHttpTxn txnp, unsigned int ipaddr, int port)
> +{
> +    sdk_assert(sdk_sanity_check_txn(txnp) == TS_SUCCESS);
> +    HttpSM *sm = (HttpSM*) txnp;
> +    sm->t_state.api_info.socks_proxy_ipaddr = ipaddr;
> +    sm->t_state.api_info.socks_proxy_port = port;
> +}
> +
> +void
>  TSHttpTxnUntransformedRespCache(TSHttpTxn txnp, int on)
>  {
>    sdk_assert(sdk_sanity_check_txn(txnp) == TS_SUCCESS);
> diff -x '*.o' -ru tsorig/proxy/api/ts/ts.h.in tsgit217/proxy/api/ts/ts.h.in
> --- tsorig/proxy/api/ts/ts.h.in    2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/api/ts/ts.h.in    2011-03-17 15:43:04.000000000 +0000
> @@ -2134,6 +2134,7 @@
>     */
>    tsapi void TSHttpTxnParentProxySet(TSHttpTxn txnp, char* hostname, int port);
> +  tsapi void TSHttpTxnSocksProxySet(TSHttpTxn txnp, unsigned int ipaddr, int port);
>    tsapi void TSHttpTxnUntransformedRespCache(TSHttpTxn txnp, int on);
>    tsapi void TSHttpTxnTransformedRespCache(TSHttpTxn txnp, int on);
> diff -x '*.o' -ru tsorig/proxy/http/HttpSM.cc tsgit217/proxy/http/HttpSM.cc
> --- tsorig/proxy/http/HttpSM.cc    2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/http/HttpSM.cc    2011-03-17 15:53:07.000000000 +0000
> @@ -3658,6 +3658,7 @@
>    // before we return from this function for forward proxy
>    t_state.pristine_url.create(t_state.hdr_info.client_request.url_get()->m_heap);
>    t_state.pristine_url.copy(t_state.hdr_info.client_request.url_get());
> +  Debug("url_rewrite", "URL is %s", t_state.pristine_url.string_get_ref(NULL));
>    if (!ret) {
>      Debug("url_rewrite", "Could not find a valid remapping entry for this request [%" PRId64 "]", sm_id);
> @@ -4077,6 +4078,8 @@
>      opt.addr_binding = NetVCOptions::FOREIGN_ADDR;
>      opt.local_addr = t_state.client_info.ip;
>    }
> +  opt.socks_override.ip = t_state.api_info.socks_proxy_ipaddr;
> +  opt.socks_override.port = t_state.api_info.socks_proxy_port;
>    Debug("http", "[%" PRId64 "] open connection to %s: %u.%u.%u.%u",
>          sm_id, t_state.current.server->name, PRINT_IP(t_state.current.server->ip));
> @@ -4124,6 +4127,11 @@
>    // to do this but as far I can tell the code that prevented keep-alive if
>    // there is a request body has been removed.
> +  //FIXME: We won't always be using from the shared connection pool. In the new architecture, the only time
> +  //We don't need a new connection is in the case of chaining HTTP proxies. Otherwise the session manager
> +  //Doesn't keep track of src IPs or SOCKS proxies.
> +
> +
>    if (raw == false && t_state.http_config_param->share_server_sessions &&
>        (t_state.txn_conf->keep_alive_post_out == 1 || t_state.hdr_info.request_content_length == 0) &&
>        ua_session != NULL) {
> diff -x '*.o' -ru tsorig/proxy/http/HttpTransact.h tsgit217/proxy/http/HttpTransact.h
> --- tsorig/proxy/http/HttpTransact.h    2011-03-09 21:43:58.000000000 +0000
> +++ tsgit217/proxy/http/HttpTransact.h    2011-03-17 15:39:05.000000000 +0000
> @@ -317,6 +317,8 @@
>  {
>    char *parent_proxy_name;
>    int parent_proxy_port;
> +  unsigned int socks_proxy_ipaddr;
> +  int socks_proxy_port;
>    bool cache_untransformed;
>    bool cache_transformed;
>    bool logging_enabled;
> @@ -325,6 +327,8 @@
>    _HttpApiInfo()
>    : parent_proxy_name(NULL),
>      parent_proxy_port(-1),
> +    socks_proxy_ipaddr(0),
> +    socks_proxy_port(0),
>      cache_untransformed(false), cache_transformed(true), logging_enabled(true), retry_intercept_failures(false)
>    { }
>  } HttpApiInfo; 

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira