trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sor...@apache.org
Subject git commit: Revert commits that were accidentally pushed.
Date Thu, 19 Jun 2014 00:24:26 GMT
Repository: trafficserver
Updated Branches:
  refs/heads/4.2.x 940489d7a -> 617983c34


Revert commits that were accidentally pushed.

This reverts commits 9fdb7f3 to 940489d.


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/617983c3
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/617983c3
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/617983c3

Branch: refs/heads/4.2.x
Commit: 617983c34694cec41589f612dc82f37f8de3120c
Parents: 940489d
Author: Phil Sorber <sorber@apache.org>
Authored: Wed Jun 18 18:07:18 2014 -0600
Committer: Phil Sorber <sorber@apache.org>
Committed: Wed Jun 18 18:07:18 2014 -0600

----------------------------------------------------------------------
 CHANGES                                  |   3 -
 build/ax_check_openssl.m4                |   8 --
 iocore/net/P_Net.h                       |   3 +
 iocore/net/SSLNetVConnection.cc          |   2 +-
 iocore/net/UnixNetVConnection.cc         |  14 +--
 lib/ts/ink_stack_trace.cc                |  19 ++--
 mgmt/RecordsConfig.cc                    |   2 -
 proxy/IPAllow.cc                         |  44 +++-----
 proxy/IPAllow.h                          |  69 +++++-------
 proxy/Main.cc                            |   3 -
 proxy/PluginVC.cc                        |  12 +--
 proxy/config/records.config.default.in   |   9 --
 proxy/hdrs/HTTP.cc                       |  13 ---
 proxy/hdrs/HTTP.h                        |   1 -
 proxy/hdrs/HdrHeap.cc                    |  48 ++-------
 proxy/hdrs/HdrHeap.h                     |   6 +-
 proxy/hdrs/MIME.cc                       |  29 +----
 proxy/hdrs/MIME.h                        |   2 -
 proxy/hdrs/URL.cc                        |  17 ---
 proxy/hdrs/URL.h                         |   1 -
 proxy/http/HttpAccept.cc                 |   8 +-
 proxy/http/HttpClientSession.cc          |   2 +-
 proxy/http/HttpClientSession.h           |   5 +-
 proxy/http/HttpSM.cc                     |  21 +---
 proxy/http/HttpTransact.cc               |  27 ++---
 proxy/http/HttpTransact.h                |   1 -
 proxy/http/remap/AclFiltering.cc         |  29 ++---
 proxy/http/remap/AclFiltering.h          |  16 ++-
 proxy/http/remap/RemapConfig.cc          |  49 +++++++--
 proxy/http/remap/UrlRewrite.cc           |  73 ++++++-------
 proxy/logging/LogConfig.cc               |  18 ----
 proxy/logging/LogConfig.h                |   8 --
 proxy/logging/LogUtils.cc                |  82 +++++----------
 proxy/logging/Makefile.am                |  11 +-
 proxy/logging/QueryParamsEscaper.cc      |  81 --------------
 proxy/logging/QueryParamsEscaper.h       |  53 ----------
 proxy/logging/test_QueryParamsEscaper.cc | 146 --------------------------
 37 files changed, 212 insertions(+), 723 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 88cb753..013fe5c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,9 +3,6 @@ Changes with Apache Traffic Server 4.2.2
 
   *) [TS-2822] Crash in LogBufferIterator::next
 
-  *) [TS-2665] Clean up ink_stack_trace_dump code
-   Thanks to Alexey Ivanov <aivanov@linkedin.com> for reporting this issue.
-
   *) [TS-2784] Make header_rewrite plugins compile on FBSD.
 
   *) [TS-2778] Websockets remap doesn't properly handle the implicit port for wss.

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/build/ax_check_openssl.m4
----------------------------------------------------------------------
diff --git a/build/ax_check_openssl.m4 b/build/ax_check_openssl.m4
index b490c91..e0c4029 100644
--- a/build/ax_check_openssl.m4
+++ b/build/ax_check_openssl.m4
@@ -37,7 +37,6 @@
 AU_ALIAS([CHECK_SSL], [AX_CHECK_OPENSSL])
 AC_DEFUN([AX_CHECK_OPENSSL], [
     found=false
-    overriden_with_ssl=false
     AC_ARG_WITH([openssl],
         [AS_HELP_STRING([--with-openssl=DIR],
             [root of the OpenSSL directory])],
@@ -47,7 +46,6 @@ AC_DEFUN([AX_CHECK_OPENSSL], [
             AC_MSG_ERROR([Invalid --with-openssl value])
               ;;
             *) ssldirs="$withval"
-               overriden_with_ssl=true
               ;;
             esac
         ], [
@@ -82,14 +80,8 @@ AC_DEFUN([AX_CHECK_OPENSSL], [
                 OPENSSL_INCLUDES="-I$ssldir/include"
                 if test -d "$ssldir/lib64"; then
                   OPENSSL_LDFLAGS="-L$ssldir/lib64"
-                  if test "$overriden_with_ssl"; then
-                    TS_ADDTO(LIBTOOL_LINK_FLAGS, [-rpath ${ssldir}/lib64])
-                  fi
                 else
                   OPENSSL_LDFLAGS="-L$ssldir/lib"
-                  if test "$overriden_with_ssl"; then
-                    TS_ADDTO(LIBTOOL_LINK_FLAGS, [-rpath ${ssldir}/lib])
-                  fi
                 fi
                 OPENSSL_LIBS="-lssl -lcrypto"
                 found=true

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/iocore/net/P_Net.h
----------------------------------------------------------------------
diff --git a/iocore/net/P_Net.h b/iocore/net/P_Net.h
index 35b0920..13ab617 100644
--- a/iocore/net/P_Net.h
+++ b/iocore/net/P_Net.h
@@ -61,6 +61,9 @@ extern RecRawStatBlock *net_rsb;
 #define SSL_HANDSHAKE_WANT_ACCEPT 8
 #define SSL_HANDSHAKE_WANT_CONNECT 9
 
+#define NET_DEBUG_COUNT_DYN_STAT(_x, _y) \
+RecIncrRawStatCount(net_rsb, mutex->thread_holding, (int)_x, _y)
+
 #define NET_INCREMENT_DYN_STAT(_x)  \
 RecIncrRawStatSum(net_rsb, mutex->thread_holding, (int)_x, 1)
 

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/iocore/net/SSLNetVConnection.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index 5b274a0..b04de64 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -386,7 +386,7 @@ SSLNetVConnection::load_buffer_and_write(int64_t towrite, int64_t &wattempted, i
     }
 
     Debug("ssl", "SSLNetVConnection::loadBufferAndCallWrite,Number of bytes written=%" PRId64" , total=%" PRId64"", r, total_wrote);
-    NET_INCREMENT_DYN_STAT(net_calls_to_write_stat);
+    NET_DEBUG_COUNT_DYN_STAT(net_calls_to_write_stat, 1);
   } while (r == l && total_wrote < towrite && b);
 
   if (r > 0) {

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/iocore/net/UnixNetVConnection.cc
----------------------------------------------------------------------
diff --git a/iocore/net/UnixNetVConnection.cc b/iocore/net/UnixNetVConnection.cc
index 2307776..bf1dc0a 100644
--- a/iocore/net/UnixNetVConnection.cc
+++ b/iocore/net/UnixNetVConnection.cc
@@ -264,9 +264,9 @@ read_from_net(NetHandler *nh, UnixNetVConnection *vc, EThread *thread)
       } else {
         r = socketManager.readv(vc->con.fd, &tiovec[0], niov);
       }
-      NET_INCREMENT_DYN_STAT(net_calls_to_read_stat);
+      NET_DEBUG_COUNT_DYN_STAT(net_calls_to_read_stat, 1);
       total_read += rattempted;
-    } while (rattempted && r == rattempted && total_read < toread);
+    } while (r == rattempted && total_read < toread);
 
     // if we have already moved some bytes successfully, summarize in r
     if (total_read != rattempted) {
@@ -279,7 +279,7 @@ read_from_net(NetHandler *nh, UnixNetVConnection *vc, EThread *thread)
     if (r <= 0) {
 
       if (r == -EAGAIN || r == -ENOTCONN) {
-        NET_INCREMENT_DYN_STAT(net_calls_to_read_nodata_stat);
+        NET_DEBUG_COUNT_DYN_STAT(net_calls_to_read_nodata_stat, 1);
         vc->read.triggered = 0;
         nh->read_ready_list.remove(vc);
         return;
@@ -345,8 +345,8 @@ write_to_net(NetHandler *nh, UnixNetVConnection *vc, EThread *thread)
 {
   ProxyMutex *mutex = thread->mutex;
 
-  NET_INCREMENT_DYN_STAT(net_calls_to_writetonet_stat);
-  NET_INCREMENT_DYN_STAT(net_calls_to_writetonet_afterpoll_stat);
+  NET_DEBUG_COUNT_DYN_STAT(net_calls_to_writetonet_stat, 1);
+  NET_DEBUG_COUNT_DYN_STAT(net_calls_to_writetonet_afterpoll_stat, 1);
 
   write_to_net_io(nh, vc, thread);
 }
@@ -454,7 +454,7 @@ write_to_net_io(NetHandler *nh, UnixNetVConnection *vc, EThread *thread)
   // check for errors
   if (r <= 0) {                 // if the socket was not ready,add to WaitList
     if (r == -EAGAIN || r == -ENOTCONN) {
-      NET_INCREMENT_DYN_STAT(net_calls_to_write_nodata_stat);
+      NET_DEBUG_COUNT_DYN_STAT(net_calls_to_write_nodata_stat, 1);
       if((needs & EVENTIO_WRITE) == EVENTIO_WRITE) {
         vc->write.triggered = 0;
         nh->write_ready_list.remove(vc);
@@ -882,7 +882,7 @@ UnixNetVConnection::load_buffer_and_write(int64_t towrite, int64_t &wattempted,
     else
       r = socketManager.writev(con.fd, &tiovec[0], niov);
     ProxyMutex *mutex = thread->mutex;
-    NET_INCREMENT_DYN_STAT(net_calls_to_write_stat);
+    NET_DEBUG_COUNT_DYN_STAT(net_calls_to_write_stat, 1);
   } while (r == wattempted && total_wrote < towrite);
 
   needs |= EVENTIO_WRITE;

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/lib/ts/ink_stack_trace.cc
----------------------------------------------------------------------
diff --git a/lib/ts/ink_stack_trace.cc b/lib/ts/ink_stack_trace.cc
index 17f9ddc..3e194dd 100644
--- a/lib/ts/ink_stack_trace.cc
+++ b/lib/ts/ink_stack_trace.cc
@@ -29,10 +29,6 @@
 #include <stdlib.h>
 #include <unistd.h>
 
-#ifndef STDERR_FILENO
-#define STDERR_FILENO 2
-#endif
-
 #if TS_HAS_BACKTRACE
 
 #include <execinfo.h>           /* for backtrace_symbols, etc. */
@@ -44,22 +40,19 @@ ink_stack_trace_dump()
   int btl;
 
   // Recopy and re-terminate the app name in case it has been trashed.
+  char name[256];
   const char *msg = " - STACK TRACE: \n";
-  if (write(STDERR_FILENO, program_name, strlen(program_name)) == -1)
+  ink_strlcpy(name, program_name, sizeof(name));
+  if (write(2, name, strlen(name)) == -1)
     return;
-  if (write(STDERR_FILENO, msg, strlen(msg)) == -1)
+  if (write(2, msg, strlen(msg)) == -1)
     return;
 
-  // In certain situations you can get stuck in malloc waiting for a lock
-  // that your program held when it segfaulted. We set an alarm so that
-  // if this situation happens it will allow traffic_server to exit.
-  alarm(10);
-
   void *stack[INK_STACK_TRACE_MAX_LEVELS + 1];
   memset(stack, 0, sizeof(stack));
   if ((btl = backtrace(stack, INK_STACK_TRACE_MAX_LEVELS)) > 2) {
     // dump the backtrace to stderr
-    backtrace_symbols_fd(stack + 2, btl - 2, STDERR_FILENO);
+    backtrace_symbols_fd(stack + 2, btl - 2, 2);
   }
 }
 
@@ -69,7 +62,7 @@ void
 ink_stack_trace_dump()
 {
   const char msg[] = "ink_stack_trace_dump not implemented on this operating system\n";
-  if (write(STDERR_FILENO, msg, sizeof(msg) - 1) == -1)
+  if (write(2, msg, sizeof(msg) - 1) == -1)
       return;
 }
 

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/mgmt/RecordsConfig.cc
----------------------------------------------------------------------
diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc
index 18095f0..db8c531 100644
--- a/mgmt/RecordsConfig.cc
+++ b/mgmt/RecordsConfig.cc
@@ -1184,8 +1184,6 @@ RecordElement RecordsConfig[] = {
   ,
   {RECT_CONFIG, "proxy.config.log.search_log_filters", RECD_STRING, NULL, RECU_DYNAMIC, RR_NULL, RECC_NULL, NULL, RECA_NULL}
   ,
-  {RECT_CONFIG, "proxy.config.log.hide_query_parameters", RECD_STRING, NULL, RECU_RESTART_TS, RR_NULL, RECC_NULL, NULL, RECA_NULL}
-  ,
   // End    HCL Modifications.
 
   //##############################################################################

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/IPAllow.cc
----------------------------------------------------------------------
diff --git a/proxy/IPAllow.cc b/proxy/IPAllow.cc
index 600ff51..07c9eee 100644
--- a/proxy/IPAllow.cc
+++ b/proxy/IPAllow.cc
@@ -44,7 +44,10 @@ enum AclOp {
   ACL_OP_DENY, ///< Deny access.
 };
 
-const AclRecord IpAllow::ALL_METHOD_ACL(AclRecord::ALL_METHOD_MASK);
+// Mask for all methods.
+// This can't be computed properly at process start, so it's delayed
+// until the instance is initialized.
+uint32_t IpAllow::ALL_METHOD_MASK;
 
 int IpAllow::configid = 0;
 
@@ -59,6 +62,8 @@ IpAllow::startup()
   // Should not have been initialized before
   ink_assert(IpAllow::configid == 0);
 
+  ALL_METHOD_MASK = ~0;
+
   ipAllowUpdate = NEW(new ConfigUpdateHandler<IpAllow>());
   ipAllowUpdate->attach("proxy.config.cache.ip_allow.filename");
 
@@ -133,8 +138,8 @@ IpAllow::Print() {
       s << " - " << ats_ip_ntop(spot->max(), text, sizeof text);
     }
     s << " method=";
-    uint32_t mask = AclRecord::ALL_METHOD_MASK & ar->_method_mask;
-    if (AclRecord::ALL_METHOD_MASK == mask) {
+    uint32_t mask = ALL_METHOD_MASK & ar->_method_mask;
+    if (ALL_METHOD_MASK == mask) {
       s << "ALL";
     } else if (0 == mask) {
       s << "NONE";
@@ -150,18 +155,6 @@ IpAllow::Print() {
         }
       }
     }
-    if (!ar->_nonstandard_methods.empty()) {
-      s << " nonstandard method=";
-      bool leader = false; // need leading vbar?
-      for (AclRecord::MethodSet::iterator iter = ar->_nonstandard_methods.begin(),
-             end = ar->_nonstandard_methods.end(); iter != end; ++iter) {
-        if (leader) {
-          s << '|';
-        }
-        s << *iter;
-        leader = true;
-      }
-    }
   }
   Debug("ip-allow", "%s", s.str().c_str());
 }
@@ -223,8 +216,6 @@ IpAllow::BuildTable()
           // Search for "action=ip_allow method=PURGE method=GET ..." or "action=ip_deny method=PURGE method=GET ...".
           char *label, *val;
           uint32_t acl_method_mask = 0;
-          AclRecord::MethodSet nonstandard_methods;
-          bool deny_nonstandard_methods = false;
           AclOp op = ACL_OP_DENY; // "shut up", I explained to the compiler.
           bool op_found = false, method_found = false;
           for (int i = 0; i < MATCHER_MAX_TOKENS; i++) {
@@ -257,35 +248,30 @@ IpAllow::BuildTable()
                     method_found = false;  // in case someone does method=GET|ALL
                     break;
                   } else {
-                    int method_name_len = strlen(method_name);
-                    int method_idx = hdrtoken_tokenize(method_name, method_name_len);
+                    int method_idx = hdrtoken_tokenize(method_name, strlen(method_name));
                     if (method_idx < HTTP_WKSIDX_CONNECT || method_idx >= HTTP_WKSIDX_CONNECT + HTTP_WKSIDX_METHODS_CNT) {
-                      nonstandard_methods.insert(method_name);
-                      Debug("ip-allow", "Found nonstandard method [%s] on line %d", method_name, line_num);
+                      Warning("Method name '%s' on line %d is not valid. Ignoring.", method_name, line_num);
                     } else { // valid method.
-                      acl_method_mask |= AclRecord::MethodIdxToMask(method_idx);
+                      method_found = true;
+                      acl_method_mask |= MethodIdxToMask(method_idx);
                     }
-                    method_found = true;
                   }
                 }
               }
             }
             // If method not specified, default to ALL
             if (!method_found) {
-              method_found = true;
-              acl_method_mask = AclRecord::ALL_METHOD_MASK;
-              nonstandard_methods.clear();
+              method_found = true, acl_method_mask = ALL_METHOD_MASK;
             }
             // When deny, use bitwise complement.  (Make the rule 'allow for all
             // methods except those specified')
             if (op == ACL_OP_DENY) {
-              acl_method_mask = AclRecord::ALL_METHOD_MASK & ~acl_method_mask;
-              deny_nonstandard_methods = true;
+              acl_method_mask = ALL_METHOD_MASK & ~acl_method_mask;
             }
           }
 
           if (method_found) {
-            _acls.push_back(AclRecord(acl_method_mask, line_num, nonstandard_methods, deny_nonstandard_methods));
+            _acls.push_back(AclRecord(acl_method_mask, line_num));
             // Color with index because at this point the address
             // is volatile.
             _map.fill(

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/IPAllow.h
----------------------------------------------------------------------
diff --git a/proxy/IPAllow.h b/proxy/IPAllow.h
index 695d351..2c2d232 100644
--- a/proxy/IPAllow.h
+++ b/proxy/IPAllow.h
@@ -37,9 +37,6 @@
 #include "ts/Vec.h"
 #include "ProxyConfig.h"
 
-#include <string>
-#include <set>
-
 // forward declare in name only so it can be a friend.
 struct IpAllowUpdate;
 
@@ -54,41 +51,14 @@ static uint64_t const IP_ALLOW_TIMEOUT = HRTIME_HOUR;
     It has the methods permitted and the source line.
 */
 struct AclRecord {
-  uint32_t _method_mask;
+  int _method_mask;
   int _src_line;
-  typedef std::set<std::string> MethodSet;
-  MethodSet _nonstandard_methods;
-  bool _deny_nonstandard_methods;
-  static const uint32_t ALL_METHOD_MASK = ~0; // Mask for all methods.
 
   /// Default constructor.
   /// Present only to make Vec<> happy, do not use.
-  AclRecord() : _method_mask(0), _src_line(0), _deny_nonstandard_methods(false) { }
-
-  AclRecord(uint32_t method_mask) : _method_mask(method_mask), _src_line(0),
-                                    _deny_nonstandard_methods(false) { }
-
-  AclRecord(uint32_t method_mask, int ln, const MethodSet &nonstandard_methods, bool deny_nonstandard_methods)
-    : _method_mask(method_mask), _src_line(ln), _nonstandard_methods(nonstandard_methods),
-      _deny_nonstandard_methods(deny_nonstandard_methods) { }
-
-  static uint32_t MethodIdxToMask(int wksidx) { return 1 << (wksidx - HTTP_WKSIDX_CONNECT); }
+  AclRecord() : _method_mask(0), _src_line(0) { }
 
-  bool isEmpty() const {
-    return (_method_mask == 0) && _nonstandard_methods.empty();
-  }
-
-  bool isMethodAllowed(int method_wksidx) const {
-    return _method_mask & MethodIdxToMask(method_wksidx);
-  }
-  
-  bool isNonstandardMethodAllowed(const std::string &method_str) const {
-    if (_method_mask == ALL_METHOD_MASK) {
-      return true;
-    }
-    bool method_in_set = _nonstandard_methods.count(method_str);
-    return _deny_nonstandard_methods ? !method_in_set : method_in_set;
-  }
+  AclRecord(uint32_t method_mask, int ln) : _method_mask(method_mask), _src_line(ln) { }
 };
 
 /** Singleton class for access controls.
@@ -104,8 +74,8 @@ public:
   IpAllow(const char *config_var, const char *name, const char *action_val);
    ~IpAllow();
   void Print();
-  AclRecord *match(IpEndpoint const* ip) const;
-  AclRecord *match(sockaddr const* ip) const;
+  uint32_t match(IpEndpoint const* ip) const;
+  uint32_t match(sockaddr const* ip) const;
 
   static void startup();
   static void reconfigure();
@@ -113,16 +83,18 @@ public:
   static IpAllow * acquire();
   static void release(IpAllow * params);
 
+  static bool CheckMask(uint32_t, int);
   /// @return A mask that permits all methods.
-  static const AclRecord *AllMethodAcl() {
-    return &ALL_METHOD_ACL;
+  static uint32_t AllMethodMask() {
+    return ALL_METHOD_MASK;
   }
 
   typedef ConfigProcessor::scoped_config<IpAllow, IpAllow> scoped_config;
 
 private:
+  static uint32_t MethodIdxToMask(int);
+  static uint32_t ALL_METHOD_MASK;
   static int configid;
-  static const AclRecord ALL_METHOD_ACL;
 
   int BuildTable();
 
@@ -133,18 +105,29 @@ private:
   Vec<AclRecord> _acls;
 };
 
-inline AclRecord *
+inline uint32_t IpAllow::MethodIdxToMask(int idx) { return 1 << (idx - HTTP_WKSIDX_CONNECT); }
+
+inline uint32_t
 IpAllow::match(IpEndpoint const* ip) const {
   return this->match(&ip->sa);
 }
 
-inline AclRecord *
+inline uint32_t
 IpAllow::match(sockaddr const* ip) const {
-  void *raw;
+  uint32_t zret = 0;
+  void* raw;
   if (_map.contains(ip, &raw)) {
-    return static_cast<AclRecord*>(raw);
+    AclRecord* acl = static_cast<AclRecord*>(raw);
+    if (acl) {
+      zret = acl->_method_mask;
+    }
   }
-  return NULL;
+  return zret;
+}
+
+inline bool
+IpAllow::CheckMask(uint32_t mask, int method_idx) {
+  return ((mask & MethodIdxToMask(method_idx)) != 0);
 }
 
 #endif

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/Main.cc
----------------------------------------------------------------------
diff --git a/proxy/Main.cc b/proxy/Main.cc
index 5386a70..fd07c09 100644
--- a/proxy/Main.cc
+++ b/proxy/Main.cc
@@ -1523,10 +1523,7 @@ main(int /* argc ATS_UNUSED */, char **argv)
     NetProcessor::accept_mss = accept_mss;
     netProcessor.start(0, stacksize);
 
-    uid_t curr_euid = geteuid();
-    seteuid(0); // need to be root to read SSL certs
     sslNetProcessor.start(getNumSSLThreads(), stacksize);
-    seteuid(curr_euid);
 
     dnsProcessor.start(0, stacksize);
     if (hostDBProcessor.start() < 0)

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/PluginVC.cc
----------------------------------------------------------------------
diff --git a/proxy/PluginVC.cc b/proxy/PluginVC.cc
index 9b0727e..66a4a7b 100644
--- a/proxy/PluginVC.cc
+++ b/proxy/PluginVC.cc
@@ -127,8 +127,7 @@ PluginVC::main_handler(int event, void *data)
     read_mutex_held = MUTEX_TAKE_TRY_LOCK(read_side_mutex, my_ethread);
 
     if (!read_mutex_held) {
-      if (call_event != inactive_event)
-        call_event->schedule_in(PVC_LOCK_RETRY_TIME);
+      call_event->schedule_in(PVC_LOCK_RETRY_TIME);
       return 0;
     }
 
@@ -136,8 +135,7 @@ PluginVC::main_handler(int event, void *data)
       // It's possible some swapped the mutex on us before
       //  we were able to grab it
       Mutex_unlock(read_side_mutex, my_ethread);
-      if (call_event != inactive_event)
-        call_event->schedule_in(PVC_LOCK_RETRY_TIME);
+      call_event->schedule_in(PVC_LOCK_RETRY_TIME);
       return 0;
     }
   }
@@ -149,8 +147,7 @@ PluginVC::main_handler(int event, void *data)
       if (read_mutex_held) {
         Mutex_unlock(read_side_mutex, my_ethread);
       }
-      if (call_event != inactive_event)
-        call_event->schedule_in(PVC_LOCK_RETRY_TIME);
+      call_event->schedule_in(PVC_LOCK_RETRY_TIME);
       return 0;
     }
 
@@ -161,8 +158,7 @@ PluginVC::main_handler(int event, void *data)
       if (read_mutex_held) {
         Mutex_unlock(read_side_mutex, my_ethread);
       }
-      if (call_event != inactive_event)
-        call_event->schedule_in(PVC_LOCK_RETRY_TIME);
+      call_event->schedule_in(PVC_LOCK_RETRY_TIME);
       return 0;
     }
   }

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/config/records.config.default.in
----------------------------------------------------------------------
diff --git a/proxy/config/records.config.default.in b/proxy/config/records.config.default.in
index ae69faa..91b0969 100644
--- a/proxy/config/records.config.default.in
+++ b/proxy/config/records.config.default.in
@@ -467,15 +467,6 @@ CONFIG proxy.config.log.auto_delete_rolled_files INT 1
 CONFIG proxy.config.log.sampling_frequency INT 1
 ##############################################################################
 #
-# This config can be used to hide values of certain query parameters. This 
-# config is specified as a space-separated list of substrings. Any query 
-# containing a specified substring will have it's value filled with asterisks.
-# Example: "login password"
-#
-##############################################################################
-CONFIG proxy.config.log.hide_query_parameters STRING NULL
-##############################################################################
-#
 # Reverse Proxy
 #
 ##############################################################################

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/hdrs/HTTP.cc
----------------------------------------------------------------------
diff --git a/proxy/hdrs/HTTP.cc b/proxy/hdrs/HTTP.cc
index 24ad43b..4ce25c8 100644
--- a/proxy/hdrs/HTTP.cc
+++ b/proxy/hdrs/HTTP.cc
@@ -1687,19 +1687,6 @@ HTTPHdrImpl::move_strings(HdrStrHeap *new_heap)
   }
 }
 
-size_t
-HTTPHdrImpl::strings_length()
-{
-  size_t ret = 0;
-
-  if (m_polarity == HTTP_TYPE_REQUEST) {
-   ret += u.req.m_len_method;
-  } else if (m_polarity == HTTP_TYPE_RESPONSE) {
-   ret += u.resp.m_len_reason;
-  }
-  return ret;
-}
-
 void
 HTTPHdrImpl::check_strings(HeapCheck *heaps, int num_heaps)
 {

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/hdrs/HTTP.h
----------------------------------------------------------------------
diff --git a/proxy/hdrs/HTTP.h b/proxy/hdrs/HTTP.h
index cddd2fe..e6eabac 100644
--- a/proxy/hdrs/HTTP.h
+++ b/proxy/hdrs/HTTP.h
@@ -267,7 +267,6 @@ struct HTTPHdrImpl:public HdrHeapObjImpl
   int marshal(MarshalXlate *ptr_xlate, int num_ptr, MarshalXlate *str_xlate, int num_str);
   void unmarshal(intptr_t offset);
   void move_strings(HdrStrHeap *new_heap);
-  size_t strings_length();
 
   // Sanity Check Functions
   void check_strings(HeapCheck *heaps, int num_heaps);

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/hdrs/HdrHeap.cc
----------------------------------------------------------------------
diff --git a/proxy/hdrs/HdrHeap.cc b/proxy/hdrs/HdrHeap.cc
index 296f766..a70c0ab 100644
--- a/proxy/hdrs/HdrHeap.cc
+++ b/proxy/hdrs/HdrHeap.cc
@@ -369,7 +369,15 @@ HdrHeap::coalesce_str_heaps(int incoming_size)
   ink_assert(incoming_size >= 0);
   ink_assert(m_writeable);
 
-  new_heap_size += required_space_for_evacuation();
+  if (m_read_write_heap) {
+    new_heap_size += m_read_write_heap->m_heap_size;
+  }
+
+  for (int i = 0; i < HDR_BUF_RONLY_HEAPS; i++) {
+    if (m_ronly_heap[i].m_heap_start != NULL) {
+      new_heap_size += m_ronly_heap[i].m_heap_len;
+    }
+  }
 
   HdrStrHeap *new_heap = new_HdrStrHeap(new_heap_size);
   evacuate_from_str_heaps(new_heap);
@@ -440,44 +448,6 @@ HdrHeap::evacuate_from_str_heaps(HdrStrHeap * new_heap)
   }
 }
 
-size_t
-HdrHeap::required_space_for_evacuation()
-{
-  size_t ret = 0;
-  HdrHeap *h = this;
-  while (h) {
-    char *data = h->m_data_start;
-
-    while (data < h->m_free_start) {
-      HdrHeapObjImpl *obj = (HdrHeapObjImpl *) data;
-
-      switch (obj->m_type) {
-      case HDR_HEAP_OBJ_URL:
-        ret += ((URLImpl *) obj)->strings_length();
-        break;
-      case HDR_HEAP_OBJ_HTTP_HEADER:
-        ret += ((HTTPHdrImpl *) obj)->strings_length();
-        break;
-      case HDR_HEAP_OBJ_MIME_HEADER:
-        ret += ((MIMEHdrImpl *) obj)->strings_length();
-        break;
-      case HDR_HEAP_OBJ_FIELD_BLOCK:
-        ret += ((MIMEFieldBlockImpl *) obj)->strings_length();
-        break;
-      case HDR_HEAP_OBJ_EMPTY:
-      case HDR_HEAP_OBJ_RAW:
-        // Nothing to do
-        break;
-      default:
-        ink_release_assert(0);
-      }
-      data = data + obj->m_length;
-    }
-    h = h->m_next;
-  }
-  return ret;
-}
-
 void
 HdrHeap::sanity_check_strs()
 {

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/hdrs/HdrHeap.h
----------------------------------------------------------------------
diff --git a/proxy/hdrs/HdrHeap.h b/proxy/hdrs/HdrHeap.h
index 07d681b..787d99a 100644
--- a/proxy/hdrs/HdrHeap.h
+++ b/proxy/hdrs/HdrHeap.h
@@ -51,10 +51,11 @@
 //  heaps are hand unrolled in the code.  Chaning
 //  this value requires a full pass through HdrBuf.cc
 //  to fix the unrolled operations
-#define HDR_BUF_RONLY_HEAPS   3 
+#define HDR_BUF_RONLY_HEAPS   3
 
+// Changed these so they for sure fit one normal TCP packet full of headers.
 #define HDR_HEAP_DEFAULT_SIZE   2048
-#define HDR_STR_HEAP_DEFAULT_SIZE  2048 
+#define HDR_STR_HEAP_DEFAULT_SIZE   2048
 
 #define HDR_MAX_ALLOC_SIZE (HDR_HEAP_DEFAULT_SIZE - sizeof(HdrHeap))
 #define HDR_HEAP_HDR_SIZE ROUND(sizeof(HdrHeap), HDR_PTR_SIZE)
@@ -261,7 +262,6 @@ public:
   int demote_rw_str_heap();
   void coalesce_str_heaps(int incoming_size = 0);
   void evacuate_from_str_heaps(HdrStrHeap * new_heap);
-  size_t required_space_for_evacuation();
   int attach_str_heap(char *h_start, int h_len, RefCountObj * h_ref_obj, int *index);
 
   /** Struct to prevent garbage collection on heaps.

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/hdrs/MIME.cc
----------------------------------------------------------------------
diff --git a/proxy/hdrs/MIME.cc b/proxy/hdrs/MIME.cc
index d52ef24..26a2a20 100644
--- a/proxy/hdrs/MIME.cc
+++ b/proxy/hdrs/MIME.cc
@@ -1797,10 +1797,8 @@ mime_field_value_get_comma_list(MIMEField *field, StrList *list)
   // if field doesn't support commas, don't rip apart.
   if (!field->supports_commas())
     list->append_string(str, len);
-  else {
-	  // we don't need to trim quotes at this point
-	  HttpCompat::parse_tok_list(list, 0, str, len, ',');
-  }
+  else
+    HttpCompat::parse_tok_list(list, 1, str, len, ',');
 
   return list->count;
 }
@@ -3604,23 +3602,6 @@ MIMEFieldBlockImpl::move_strings(HdrStrHeap *new_heap)
   }
 }
 
-size_t
-MIMEFieldBlockImpl::strings_length()
-{
-  size_t ret = 0;
-
-  for (uint32_t index = 0; index < m_freetop; index++) {
-    MIMEField *field = &(m_field_slots[index]);
-
-    if (field->m_readiness == MIME_FIELD_SLOT_READINESS_LIVE ||
-        field->m_readiness == MIME_FIELD_SLOT_READINESS_DETACHED) {
-      ret += field->m_len_name;
-      ret += field->m_len_value;
-    }
-  }
-  return ret;
-}
-
 void
 MIMEFieldBlockImpl::check_strings(HeapCheck *heaps, int num_heaps)
 {
@@ -3657,12 +3638,6 @@ MIMEHdrImpl::move_strings(HdrStrHeap *new_heap)
   m_first_fblock.move_strings(new_heap);
 }
 
-size_t
-MIMEHdrImpl::strings_length()
-{
-  return m_first_fblock.strings_length();
-}
-
 void
 MIMEHdrImpl::check_strings(HeapCheck *heaps, int num_heaps)
 {

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/hdrs/MIME.h
----------------------------------------------------------------------
diff --git a/proxy/hdrs/MIME.h b/proxy/hdrs/MIME.h
index 92b42cb..3e57b5a 100644
--- a/proxy/hdrs/MIME.h
+++ b/proxy/hdrs/MIME.h
@@ -167,7 +167,6 @@ struct MIMEFieldBlockImpl:public HdrHeapObjImpl
   int marshal(MarshalXlate * ptr_xlate, int num_ptr, MarshalXlate * str_xlate, int num_str);
   void unmarshal(intptr_t offset);
   void move_strings(HdrStrHeap * new_heap);
-  size_t strings_length();
 
   // Sanity Check Functions
   void check_strings(HeapCheck * heaps, int num_heaps);
@@ -240,7 +239,6 @@ struct MIMEHdrImpl:public HdrHeapObjImpl
   int marshal(MarshalXlate * ptr_xlate, int num_ptr, MarshalXlate * str_xlate, int num_str);
   void unmarshal(intptr_t offset);
   void move_strings(HdrStrHeap * new_heap);
-  size_t strings_length();
 
   // Sanity Check Functions
   void check_strings(HeapCheck * heaps, int num_heaps);

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/hdrs/URL.cc
----------------------------------------------------------------------
diff --git a/proxy/hdrs/URL.cc b/proxy/hdrs/URL.cc
index e9b64cd..71c0bb7 100644
--- a/proxy/hdrs/URL.cc
+++ b/proxy/hdrs/URL.cc
@@ -359,23 +359,6 @@ URLImpl::move_strings(HdrStrHeap * new_heap)
 //    HDR_MOVE_STR(m_ptr_printed_string, m_len_printed_string);
 }
 
-size_t
-URLImpl::strings_length()
-{
-  size_t ret = 0;
-
-  ret += m_len_scheme;
-  ret += m_len_user;
-  ret += m_len_password;
-  ret += m_len_host;
-  ret += m_len_port;
-  ret += m_len_path;
-  ret += m_len_params;
-  ret += m_len_query;
-  ret += m_len_fragment;
-  return ret;
-}
-
 void
 URLImpl::check_strings(HeapCheck * heaps, int num_heaps)
 {

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/hdrs/URL.h
----------------------------------------------------------------------
diff --git a/proxy/hdrs/URL.h b/proxy/hdrs/URL.h
index 0a6cd81..c60d1c2 100644
--- a/proxy/hdrs/URL.h
+++ b/proxy/hdrs/URL.h
@@ -80,7 +80,6 @@ struct URLImpl:public HdrHeapObjImpl
   int marshal(MarshalXlate *str_xlate, int num_xlate);
   void unmarshal(intptr_t offset);
   void move_strings(HdrStrHeap *new_heap);
-  size_t strings_length();
 
   // Sanity Check Functions
   void check_strings(HeapCheck *heaps, int num_heaps);

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/http/HttpAccept.cc
----------------------------------------------------------------------
diff --git a/proxy/http/HttpAccept.cc b/proxy/http/HttpAccept.cc
index 36ddb47..9fb0066 100644
--- a/proxy/http/HttpAccept.cc
+++ b/proxy/http/HttpAccept.cc
@@ -39,15 +39,15 @@ HttpAccept::mainEvent(int event, void *data)
     ////////////////////////////////////////////////////
     NetVConnection *netvc = static_cast<NetVConnection *>(data);
     sockaddr const* client_ip = netvc->get_remote_addr();
-    const AclRecord *acl_record = NULL;
+    uint32_t acl_method_mask = 0;
     ip_port_text_buffer ipb;
     IpAllow::scoped_config ipallow;
 
     // The backdoor port is now only bound to "localhost", so no
     // reason to check for if it's incoming from "localhost" or not.
     if (backdoor) {
-      acl_record = IpAllow::AllMethodAcl();
-    } else if (ipallow && (((acl_record = ipallow->match(client_ip)) == NULL) || (acl_record->isEmpty()))) {
+      acl_method_mask = IpAllow::AllMethodMask();
+    } else if (ipallow && ((acl_method_mask = ipallow->match(client_ip)) == 0)) {
       Warning("client '%s' prohibited by ip-allow policy", ats_ip_ntop(client_ip, ipb, sizeof(ipb)));
       netvc->do_io_close();
 
@@ -68,7 +68,7 @@ HttpAccept::mainEvent(int event, void *data)
     new_session->outbound_ip6 = outbound_ip6;
     new_session->outbound_port = outbound_port;
     new_session->host_res_style = ats_host_res_from(client_ip->sa_family, host_res_preference);
-    new_session->acl_record = acl_record;
+    new_session->acl_method_mask = acl_method_mask;
 
     new_session->new_connection(netvc, backdoor);
 

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/http/HttpClientSession.cc
----------------------------------------------------------------------
diff --git a/proxy/http/HttpClientSession.cc b/proxy/http/HttpClientSession.cc
index b7102af..c518044 100644
--- a/proxy/http/HttpClientSession.cc
+++ b/proxy/http/HttpClientSession.cc
@@ -67,7 +67,7 @@ HttpClientSession::HttpClientSession()
     cur_hooks(0), proxy_allocated(false), backdoor_connect(false),
     hooks_set(0),
     outbound_port(0), f_outbound_transparent(false),
-    host_res_style(HOST_RES_IPV4), acl_record(NULL),
+    host_res_style(HOST_RES_IPV4), acl_method_mask(0),
     m_active(false), debug_on(false)
 {
   memset(user_args, 0, sizeof(user_args));

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/http/HttpClientSession.h
----------------------------------------------------------------------
diff --git a/proxy/http/HttpClientSession.h b/proxy/http/HttpClientSession.h
index d05f706..e80743b 100644
--- a/proxy/http/HttpClientSession.h
+++ b/proxy/http/HttpClientSession.h
@@ -37,7 +37,6 @@
 #include "InkAPIInternal.h"
 #include "HTTP.h"
 #include "HttpConfig.h"
-#include "IPAllow.h"
 
 extern ink_mutex debug_cs_list_mutex;
 
@@ -156,8 +155,8 @@ public:
   bool f_transparent_passthrough;
   /// DNS resolution preferences.
   HostResStyle host_res_style;
-  /// acl record - cache IpAllow::match() call
-  const AclRecord *acl_record;
+  /// acl method mask - cache IpAllow::match() call
+  uint32_t acl_method_mask;
 
   // for DI. An active connection is one that a request has
   // been successfully parsed (PARSE_DONE) and it remains to

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/http/HttpSM.cc
----------------------------------------------------------------------
diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index 330b1e8..8618728 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -3143,19 +3143,10 @@ HttpSM::tunnel_handler_ua(int event, HttpTunnelConsumer * c)
   if (close_connection) {
     // If the client could be pipelining or is doing a POST, we need to
     //   set the ua_session into half close mode
-
-	  // only external POSTs should be subject to this logic; ruling out internal POSTs here
-	  bool is_eligible_post_request = (t_state.method == HTTP_WKSIDX_POST);
-	  if (is_eligible_post_request) {
-	   NetVConnection *vc = ua_session->get_netvc();
-	   if (vc) {
-		  is_eligible_post_request = vc->get_is_internal_request() ? false : true;
-	   }
-	  }
-	  if ((is_eligible_post_request || t_state.client_info.pipeline_possible == true) &&
-			  event == VC_EVENT_WRITE_COMPLETE) {
-		  ua_session->set_half_close_flag();
-	  }
+    if ((t_state.method == HTTP_WKSIDX_POST || t_state.client_info.pipeline_possible == true)
+        && event == VC_EVENT_WRITE_COMPLETE) {
+      ua_session->set_half_close_flag();
+    }
 
     ua_session->do_io_close();
     ua_session = NULL;
@@ -4986,18 +4977,16 @@ HttpSM::handle_post_failure()
   // have the full post and it's deallocating the post buffers here
   enable_redirection = false;
   tunnel.deallocate_redirect_postdata_buffers();
+  tunnel.reset();
 
   // Don't even think about doing keep-alive after this debacle
   t_state.client_info.keep_alive = HTTP_NO_KEEPALIVE;
   t_state.current.server->keep_alive = HTTP_NO_KEEPALIVE;
 
   if (server_buffer_reader->read_avail() > 0) {
-    tunnel.reset();
     // There's data from the server so try to read the header
     setup_server_read_response_header();
   } else {
-    tunnel.deallocate_buffers();
-    tunnel.reset();
     // Server died
     vc_table.cleanup_entry(server_entry);
     server_entry = NULL;

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/http/HttpTransact.cc
----------------------------------------------------------------------
diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc
index 08d1a69..61cff99 100644
--- a/proxy/http/HttpTransact.cc
+++ b/proxy/http/HttpTransact.cc
@@ -964,8 +964,6 @@ done:
     otherwise, 502/404 the request right now. /eric
   */
   if (!s->reverse_proxy && s->state_machine->plugin_tunnel_type == HTTP_NO_PLUGIN_TUNNEL) {
-    // TS-2879: Let's initialize the state variables so the connection can be kept alive.
-    initialize_state_variables_from_request(s, &s->hdr_info.client_request);
     DebugTxn("http_trans", "END HttpTransact::EndRemapRequest");
     HTTP_INCREMENT_TRANS_STAT(http_invalid_client_requests_stat);
     TRANSACT_RETURN(PROXY_SEND_ERROR_CACHE_NOOP, NULL);
@@ -6563,25 +6561,12 @@ HttpTransact::process_quick_http_filter(State* s, int method)
     return;
   }
 
-  if (s->state_machine->ua_session) {
-    const AclRecord *acl_record = s->state_machine->ua_session->acl_record;
-    bool deny_request = (acl_record == NULL);
-    if (acl_record && (acl_record->_method_mask != AclRecord::ALL_METHOD_MASK)) {
-      if (method != -1) {
-        deny_request = !acl_record->isMethodAllowed(method);
-      } else {
-        int method_str_len;
-        const char *method_str = s->hdr_info.client_request.method_get(&method_str_len);
-        deny_request = !acl_record->isNonstandardMethodAllowed(std::string(method_str, method_str_len));
-      }
-    }
-    if (deny_request) {
-      if (is_debug_tag_set("ip-allow")) {
-        ip_text_buffer ipb;
-        Debug("ip-allow", "Quick filter denial on %s:%s with mask %x", ats_ip_ntop(&s->client_info.addr.sa, ipb, sizeof(ipb)), hdrtoken_index_to_wks(method), acl_record->_method_mask);
-      }
-      s->client_connection_enabled = false;
+  if (s->state_machine->ua_session && (!IpAllow::CheckMask(s->state_machine->ua_session->acl_method_mask, method))) {
+    if (is_debug_tag_set("ip-allow")) {
+      ip_text_buffer ipb;
+      Debug("ip-allow", "Quick filter denial on %s:%s with mask %x", ats_ip_ntop(&s->client_info.addr.sa, ipb, sizeof(ipb)), hdrtoken_index_to_wks(method), s->state_machine->ua_session->acl_method_mask);
     }
+    s->client_connection_enabled = false;
   }
 }
 
@@ -8102,7 +8087,7 @@ HttpTransact::build_error_response(State *s, HTTPStatus status_code, const char
     SET_VIA_STRING(VIA_ERROR_TYPE, VIA_ERROR_DNS_FAILURE);
     break;
   case HTTP_STATUS_MOVED_TEMPORARILY:
-    SET_VIA_STRING(VIA_ERROR_TYPE, VIA_ERROR_MOVED_TEMPORARILY);
+    SET_VIA_STRING(VIA_ERROR_TYPE, VIA_ERROR_SERVER);
     break;
   case HTTP_STATUS_PROXY_AUTHENTICATION_REQUIRED:
     SET_VIA_STRING(VIA_CLIENT_REQUEST, VIA_CLIENT_ERROR);

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/http/HttpTransact.h
----------------------------------------------------------------------
diff --git a/proxy/http/HttpTransact.h b/proxy/http/HttpTransact.h
index 569f55c..21d8a40 100644
--- a/proxy/http/HttpTransact.h
+++ b/proxy/http/HttpTransact.h
@@ -190,7 +190,6 @@ enum ViaString_t
   VIA_ERROR_SERVER = 'S',
   VIA_ERROR_TIMEOUT = 'T',
   VIA_ERROR_CACHE_READ = 'R',
-  VIA_ERROR_MOVED_TEMPORARILY = 'M',
   //
   // Now the detailed stuff
   //

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/http/remap/AclFiltering.cc
----------------------------------------------------------------------
diff --git a/proxy/http/remap/AclFiltering.cc b/proxy/http/remap/AclFiltering.cc
index 79d6954..105eeff 100644
--- a/proxy/http/remap/AclFiltering.cc
+++ b/proxy/http/remap/AclFiltering.cc
@@ -24,7 +24,6 @@
 #include "AclFiltering.h"
 #include "Main.h"
 #include "Error.h"
-#include "HTTP.h"
 
 // ===============================================================================
 //                              acl_filter_rule
@@ -37,11 +36,11 @@ acl_filter_rule::reset(void)
   for (i = (argc = 0); i < ACL_FILTER_MAX_ARGV; i++) {
     argv[i] = (char *)ats_free_null(argv[i]);
   }
-  method_restriction_enabled = false;
-  for (i = 0; i < HTTP_WKSIDX_METHODS_CNT; i++) {
-    standard_method_lookup[i] = false;
+  for (i = (method_cnt = 0); i < ACL_FILTER_MAX_METHODS; i++) {
+    method_array[i] = 0;
+    method_idx[i] = 0;
   }
-  nonstandard_methods.clear();
+  method_valid = 0;
   for (i = (src_ip_cnt = 0); i < ACL_FILTER_MAX_SRC_IP; i++) {
     src_ip_array[i].reset();
   }
@@ -49,9 +48,8 @@ acl_filter_rule::reset(void)
 }
 
 acl_filter_rule::acl_filter_rule():next(NULL), filter_name_size(0), filter_name(NULL), allow_flag(1),
-src_ip_valid(0), active_queue_flag(0), argc(0)
+method_valid(0), src_ip_valid(0), active_queue_flag(0), argc(0)
 {
-  standard_method_lookup.resize(HTTP_WKSIDX_METHODS_CNT);
   ink_zero(argv);
   reset();
 }
@@ -93,19 +91,12 @@ acl_filter_rule::print(void)
 {
   int i;
   printf("-----------------------------------------------------------------------------------------\n");
-  printf("Filter \"%s\" status: allow_flag=%d, src_ip_valid=%d, active_queue_flag=%d\n",
-         filter_name ? filter_name : "<NONAME>", (int) allow_flag,
+  printf("Filter \"%s\" status: allow_flag=%d, method_valid=%d, src_ip_valid=%d, active_queue_flag=%d\n",
+         filter_name ? filter_name : "<NONAME>", (int) allow_flag, (int) method_valid,
          (int) src_ip_valid, (int) active_queue_flag);
-  printf("standard methods=");
-  for (i = 0; i < HTTP_WKSIDX_METHODS_CNT; i++) {
-    if (standard_method_lookup[i]) {
-      printf("0x%x ", HTTP_WKSIDX_CONNECT + i);
-    }
-  }
-  printf("nonstandard methods=");
-  for (MethodMap::iterator iter = nonstandard_methods.begin(), end = nonstandard_methods.end(); iter != end; ++iter) {
-    printf("%s ", iter->c_str());
-  }
+  printf("method_cnt=%d %s", method_cnt, method_cnt > 0 ? ": " : "");
+  for (i = 0; i < method_cnt; i++)
+    printf("0x%X ", method_array[i]);
   printf("\n");
   printf("src_ip_cnt=%d\n", src_ip_cnt);
   for (i = 0; i < src_ip_cnt; i++) {

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/http/remap/AclFiltering.h
----------------------------------------------------------------------
diff --git a/proxy/http/remap/AclFiltering.h b/proxy/http/remap/AclFiltering.h
index a8d187a..4dd684a 100644
--- a/proxy/http/remap/AclFiltering.h
+++ b/proxy/http/remap/AclFiltering.h
@@ -27,13 +27,10 @@
 #include "Main.h"
 //#include "YAddr.h"
 
-#include <string>
-#include <set>
-#include <vector>
-
 // ===============================================================================
 // ACL like filtering defs (per one remap rule)
 
+static int const ACL_FILTER_MAX_METHODS = 16;
 static int const ACL_FILTER_MAX_SRC_IP = 128;
 static int const ACL_FILTER_MAX_ARGV = 512;
 
@@ -67,6 +64,7 @@ public:
   int filter_name_size;         // size of optional filter name
   char *filter_name;            // optional filter name
   unsigned int allow_flag:1,    // action allow deny
+    method_valid:1,             // method valid for verification
     src_ip_valid:1,             // src_ip range valid
     active_queue_flag:1;        // filter is in active state (used by .useflt directive)
 
@@ -74,12 +72,10 @@ public:
   int argc;                     // argument counter (only for filter defs)
   char *argv[ACL_FILTER_MAX_ARGV];      // argument strings (only for filter defs)
 
-  // methods
-  bool method_restriction_enabled;
-  std::vector<bool> standard_method_lookup;
-
-  typedef std::set<std::string> MethodMap;
-  MethodMap nonstandard_methods;
+  // method
+  int method_cnt;               // how many valid methods we have
+  int method_array[ACL_FILTER_MAX_METHODS];     // any HTTP method (actually only WKSIDX from HTTP.cc)
+  int method_idx[ACL_FILTER_MAX_METHODS];       // HTTP method index (actually method flag)
 
   // src_ip
   int src_ip_cnt;               // how many valid src_ip rules we have

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/http/remap/RemapConfig.cc
----------------------------------------------------------------------
diff --git a/proxy/http/remap/RemapConfig.cc b/proxy/http/remap/RemapConfig.cc
index 2406f0c..90d8de3 100644
--- a/proxy/http/remap/RemapConfig.cc
+++ b/proxy/http/remap/RemapConfig.cc
@@ -390,9 +390,18 @@ remap_validate_filter_args(acl_filter_rule ** rule_pp, const char ** argv, int a
     }
 
     if (ul & REMAP_OPTFLG_METHOD) {     /* "method=" option */
+      if (rule->method_cnt >= ACL_FILTER_MAX_METHODS) {
+        Debug("url_rewrite", "[validate_filter_args] Too many \"method=\" filters");
+        snprintf(errStrBuf, errStrBufSize, "Defined more than %d \"method=\" filters!", ACL_FILTER_MAX_METHODS);
+        errStrBuf[errStrBufSize - 1] = 0;
+        if (new_rule_flg) {
+          delete rule;
+          *rule_pp = NULL;
+        }
+        return (const char *) errStrBuf;
+      }
       // Please remember that the order of hash idx creation is very important and it is defined
       // in HTTP.cc file
-      m = -1;
       if (!strcasecmp(argptr, "CONNECT"))
         m = HTTP_WKSIDX_CONNECT;
       else if (!strcasecmp(argptr, "DELETE"))
@@ -415,14 +424,38 @@ remap_validate_filter_args(acl_filter_rule ** rule_pp, const char ** argv, int a
         m = HTTP_WKSIDX_TRACE;
       else if (!strcasecmp(argptr, "PUSH"))
         m = HTTP_WKSIDX_PUSH;
-      if (m != -1) {
-        m = m - HTTP_WKSIDX_CONNECT;    // get method index
-        rule->standard_method_lookup[m] = true;
-      } else {
-        Debug("url_rewrite", "[validate_filter_args] Using nonstandard method [%s]", argptr);
-        rule->nonstandard_methods.insert(argptr);
+      else {
+        Debug("url_rewrite", "[validate_filter_args] Unknown method value %s", argptr);
+        snprintf(errStrBuf, errStrBufSize, "Unknown method \"%s\"", argptr);
+        errStrBuf[errStrBufSize - 1] = 0;
+        if (new_rule_flg) {
+          delete rule;
+          *rule_pp = NULL;
+        }
+        return (const char *) errStrBuf;
+      }
+      for (j = 0; j < rule->method_cnt; j++) {
+        if (rule->method_array[j] == m) {
+          m = 0;
+          break;                /* we already have it in the list */
+        }
+      }
+      if ((j = m) != 0) {
+        j = j - HTTP_WKSIDX_CONNECT;    // get method index
+        if (j<0 || j>= ACL_FILTER_MAX_METHODS) {
+          Debug("url_rewrite", "[validate_filter_args] Incorrect method index! Method sequence in HTTP.cc is broken");
+          snprintf(errStrBuf, errStrBufSize, "Incorrect method index %d", j);
+          errStrBuf[errStrBufSize - 1] = 0;
+          if (new_rule_flg) {
+            delete rule;
+            *rule_pp = NULL;
+          }
+          return (const char *) errStrBuf;
+        }
+        rule->method_idx[j] = m;
+        rule->method_array[rule->method_cnt++] = m;
+        rule->method_valid = 1;
       }
-      rule->method_restriction_enabled = true;
     } else if (ul & REMAP_OPTFLG_SRC_IP) {      /* "src_ip=" option */
       if (rule->src_ip_cnt >= ACL_FILTER_MAX_SRC_IP) {
         Debug("url_rewrite", "[validate_filter_args] Too many \"src_ip=\" filters");

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/http/remap/UrlRewrite.cc
----------------------------------------------------------------------
diff --git a/proxy/http/remap/UrlRewrite.cc b/proxy/http/remap/UrlRewrite.cc
index 96d4ea8..e2d15ee 100644
--- a/proxy/http/remap/UrlRewrite.cc
+++ b/proxy/http/remap/UrlRewrite.cc
@@ -424,50 +424,45 @@ UrlRewrite::PerformACLFiltering(HttpTransact::State *s, url_mapping *map)
   s->acl_filtering_performed = true;    // small protection against reverse mapping
 
   if (map->filter) {
-    int res;
-    int method = s->hdr_info.client_request.method_get_wksidx();
-    int method_wksidx = (method != -1) ? (method - HTTP_WKSIDX_CONNECT) : -1;
-    bool client_enabled_flag = true;
-    ink_release_assert(ats_is_ip(&s->client_info.addr));
-    for (acl_filter_rule * rp = map->filter; rp; rp = rp->next) {
-      bool match = true;
-      if (rp->method_restriction_enabled) {
-        if (method_wksidx != -1) {
-          match = rp->standard_method_lookup[method_wksidx];
+    int i, res, method;
+    i = (method = s->hdr_info.client_request.method_get_wksidx()) - HTTP_WKSIDX_CONNECT;
+    if (likely(i >= 0 && i < ACL_FILTER_MAX_METHODS)) {
+      bool client_enabled_flag = true;
+      ink_release_assert(ats_is_ip(&s->client_info.addr));
+      for (acl_filter_rule * rp = map->filter; rp; rp = rp->next) {
+        bool match = true;
+        if (rp->method_valid) {
+          if (rp->method_idx[i] != method)
+            match = false;
         }
-        else if (!rp->nonstandard_methods.empty()) {
-          int method_str_len;
-          const char *method_str = s->hdr_info.client_request.method_get(&method_str_len);
-          match = rp->nonstandard_methods.count(std::string(method_str, method_str_len));
-        }
-      }
-      if (match && rp->src_ip_valid) {
-        match = false;
-        for (int j = 0; j < rp->src_ip_cnt && !match; j++) {
-          res = rp->src_ip_array[j].contains(s->client_info.addr) ? 1 : 0;
-          if (rp->src_ip_array[j].invert) {
-            if (res != 1)
-              match = true;
-          } else {
-            if (res == 1)
-              match = true;
+        if (match && rp->src_ip_valid) {
+          match = false;
+          for (int j = 0; j < rp->src_ip_cnt && !match; j++) {
+            res = rp->src_ip_array[j].contains(s->client_info.addr) ? 1 : 0;
+            if (rp->src_ip_array[j].invert) {
+              if (res != 1)
+                match = true;
+            } else {
+              if (res == 1)
+                match = true;
+            }
           }
         }
-      }
-      if (match && client_enabled_flag) {     //make sure that a previous filter did not DENY
-        Debug("url_rewrite", "matched ACL filter rule, %s request", rp->allow_flag ? "allowing" : "denying");
-        client_enabled_flag = rp->allow_flag ? true : false;
-      } else {
-        if (!client_enabled_flag) {
-          Debug("url_rewrite", "Previous ACL filter rule denied request, continuing to deny it");
+        if (match && client_enabled_flag) {     //make sure that a previous filter did not DENY
+          Debug("url_rewrite", "matched ACL filter rule, %s request", rp->allow_flag ? "allowing" : "denying");
+          client_enabled_flag = rp->allow_flag ? true : false;
         } else {
-          Debug("url_rewrite", "did NOT match ACL filter rule, %s request", rp->allow_flag ? "denying" : "allowing");
-          client_enabled_flag = rp->allow_flag ? false : true;
+          if (!client_enabled_flag) {
+            Debug("url_rewrite", "Previous ACL filter rule denied request, continuing to deny it");
+          } else {
+            Debug("url_rewrite", "did NOT match ACL filter rule, %s request", rp->allow_flag ? "denying" : "allowing");
+              client_enabled_flag = rp->allow_flag ? false : true;
+          }
         }
-      }
-      
-    }                         /* end of for(rp = map->filter;rp;rp = rp->next) */
-    s->client_connection_enabled = client_enabled_flag;
+
+      }                         /* end of for(rp = map->filter;rp;rp = rp->next) */
+      s->client_connection_enabled = client_enabled_flag;
+    }
   }
 }
 

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/logging/LogConfig.cc
----------------------------------------------------------------------
diff --git a/proxy/logging/LogConfig.cc b/proxy/logging/LogConfig.cc
index 78a9e26..6b381ce 100644
--- a/proxy/logging/LogConfig.cc
+++ b/proxy/logging/LogConfig.cc
@@ -66,9 +66,6 @@
 
 #define PARTITION_HEADROOM_MB 	10
 
-#include <boost/algorithm/string/classification.hpp>
-#include <boost/algorithm/string/split.hpp>
-
 void
 LogConfig::setup_default_values()
 {
@@ -514,18 +511,6 @@ LogConfig::read_configuration_variables()
   if (val > 0) {
     search_rolling_interval_sec = val;
   }
-
-  ptr = REC_ConfigReadString("proxy.config.log.hide_query_parameters");
-  if (ptr != NULL) {
-    std::vector<std::string> raw_params;
-    std::string paramsStr(ptr);
-    boost::split(raw_params, paramsStr, boost::is_any_of(" "));
-    for (size_t i = 0; i < raw_params.size(); ++i) {
-      if (raw_params[i].size()) {
-        query_parameters_to_hide.push_back(raw_params[i]);
-      }
-    }
-  }
 }
 
 /*-------------------------------------------------------------------------
@@ -1288,9 +1273,6 @@ LogConfig::register_stat_callbacks()
   RecRegisterRawStat(log_rsb, RECT_PROCESS,
                      "proxy.process.log.log_files_space_used",
                      RECD_INT, RECP_NON_PERSISTENT, (int) log_stat_log_files_space_used_stat, RecRawStatSyncSum);
-  RecRegisterRawStat(log_rsb, RECT_PROCESS,
-                     "proxy.process.log.params_masked_url_count",
-                     RECD_COUNTER, RECP_PERSISTENT, (int) log_stat_params_masked_url_count, RecRawStatSyncCount);
 }
 
 /*-------------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/logging/LogConfig.h
----------------------------------------------------------------------
diff --git a/proxy/logging/LogConfig.h b/proxy/logging/LogConfig.h
index b452577..ab1cb40 100644
--- a/proxy/logging/LogConfig.h
+++ b/proxy/logging/LogConfig.h
@@ -26,9 +26,6 @@
 #ifndef LOG_CONFIG_H
 #define LOG_CONFIG_H
 
-#include <string>
-#include <vector>
-
 #include "libts.h"
 #include "P_RecProcess.h"
 #include "ProxyConfig.h"
@@ -72,7 +69,6 @@ enum
   log_stat_log_files_open_stat,
   log_stat_log_files_space_used_stat,
 
-  log_stat_params_masked_url_count,
   log_stat_count
 };
 
@@ -254,9 +250,6 @@ public:
   char *xml_config_file;
   char *hosts_config_file;
 
-  const std::vector<std::string> &get_query_parameters_to_hide() const {
-    return query_parameters_to_hide;
-  }
 private:
 
   void read_xml_log_config(int from_memory);
@@ -293,7 +286,6 @@ private:
   // -- member functions not allowed --
   LogConfig(const LogConfig &);
   LogConfig & operator=(const LogConfig &);
-  std::vector<std::string> query_parameters_to_hide;
 };
 
 /*-------------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/logging/LogUtils.cc
----------------------------------------------------------------------
diff --git a/proxy/logging/LogUtils.cc b/proxy/logging/LogUtils.cc
index ef356e9..8d42258 100644
--- a/proxy/logging/LogUtils.cc
+++ b/proxy/logging/LogUtils.cc
@@ -49,11 +49,6 @@
 
 #include "LogUtils.h"
 #include "LogLimits.h"
-#include "LogFormat.h"
-#include "LogObject.h"
-#include "LogConfig.h"
-#include "Log.h"
-#include "QueryParamsEscaper.h"
 
 
 /*-------------------------------------------------------------------------
@@ -310,9 +305,8 @@ LogUtils::escapify_url(Arena *arena, char *url, size_t len_in, int *len_out, cha
     return NULL;
   }
 
-  if (!map) {
+  if (!map)
     map = codes_to_escape;
-  }
 
   // Count specials in the url, assuming that there won't be any.
   //
@@ -328,39 +322,25 @@ LogUtils::escapify_url(Arena *arena, char *url, size_t len_in, int *len_out, cha
     ++p;
   }
 
-  QueryParamsEscaper params_escaper(Log::config->get_query_parameters_to_hide());
-
   if (!count) {
     // The common case, no escapes, so just return the source string.
+    //
     *len_out = len_in;
-    bool params_escaping_required = params_escaper.is_escaping_required_for_url(url, len_in);
-    if (params_escaping_required && !dst) {
-      dst = (char *) arena->str_alloc(len_in);
-    }
-    if (dst) {
-      memcpy(dst, url, len_in);
-      if (params_escaping_required) {
-        params_escaper.escape_url(dst);
-        RecIncrRawStat(log_rsb, this_ethread(), (int) log_stat_params_masked_url_count, 1);
-        url = dst;
-      }
-    }
+    if (dst)
+      ink_strlcpy(dst, url, dst_size);
     return url;
   }
 
-  size_t out_len = len_in; // default
-  if (count) {
-    // For each special char found, we'll need an escape string, which is
-    // three characters long.  Count this and allocate the string required.
-    //
-    // make sure we take into account the characters we are substituting
-    // for when we calculate out_len !!! in other words,
-    // out_len = len_in + 3*count - count
-    //
-    out_len = len_in + 2 * count;
-  }
+  // For each special char found, we'll need an escape string, which is
+  // three characters long.  Count this and allocate the string required.
+  //
+  // make sure we take into account the characters we are substituting
+  // for when we calculate out_len !!! in other words,
+  // out_len = len_in + 3*count - count
+  //
+  size_t out_len = len_in + 2 * count;
 
-  if (dst && (dst_size < out_len + 1)) {
+  if (dst && out_len > dst_size) {
     *len_out = 0;
     return NULL;
   }
@@ -376,33 +356,23 @@ LogUtils::escapify_url(Arena *arena, char *url, size_t len_in, int *len_out, cha
   else
     new_url = (char *) arena->str_alloc(out_len + 1);
 
-  if (count) {
-    char *from = url;
-    char *to = new_url;
-    
-    while (from < in_url_end) {
-      register unsigned char c = *from;
-      if (map[c / 8] & (1 << (7 - c % 8))) {
-        *to++ = '%';
-        *to++ = hex_digit[c / 16];
-        *to++ = hex_digit[c % 16];
-      } else {
-        *to++ = *from;
-      }
-      from++;
+  char *from = url;
+  char *to = new_url;
+
+  while (from < in_url_end) {
+    unsigned char c = *from;
+    if (map[c / 8] & (1 << (7 - c % 8))) {
+      *to++ = '%';
+      *to++ = hex_digit[c / 16];
+      *to++ = hex_digit[c % 16];
+    } else {
+      *to++ = *from;
     }
-  } else {
-    memcpy(new_url, url, len_in);
+    from++;
   }
+  *to = '\0';                      // null terminate string
 
-  new_url[out_len] = '\0';                      // null terminate string
   *len_out = out_len;
-
-  if (params_escaper.is_escaping_required_for_url(new_url, out_len)) {
-    params_escaper.escape_url(new_url);
-    RecIncrRawStat(log_rsb, this_ethread(), (int) log_stat_params_masked_url_count, 1);
-  }
-
   return new_url;
 }
 

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/logging/Makefile.am
----------------------------------------------------------------------
diff --git a/proxy/logging/Makefile.am b/proxy/logging/Makefile.am
index e94a66a..6014bb4 100644
--- a/proxy/logging/Makefile.am
+++ b/proxy/logging/Makefile.am
@@ -16,9 +16,6 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 
-check_PROGRAMS = test_QueryParamsEscaper
-TESTS = $(check_PROGRAMS)
-
 AM_CPPFLAGS = \
   $(iocore_include_dirs) \
   -I$(top_srcdir)/lib \
@@ -73,9 +70,7 @@ liblogging_a_SOURCES = \
   LogSock.cc \
   LogSock.h \
   LogUtils.cc \
-  LogUtils.h \
-  QueryParamsEscaper.h \
-  QueryParamsEscaper.cc
+  LogUtils.h
 
 liblogcollation_a_SOURCES = \
   LogCollationAccept.cc \
@@ -89,7 +84,3 @@ liblogcollation_a_SOURCES = \
 #test_UNUSED_SOURCES = \
 #  LogAccessTest.cc \
 #  LogAccessTest.h
-
-test_QueryParamsEscaper_SOURCES = test_QueryParamsEscaper.cc
-test_QueryParamsEscaper_LDADD = liblogging.a
-test_QueryParamsEscaper_LDFLAGS = @EXTRA_CXX_LDFLAGS@ @LIBTOOL_LINK_FLAGS@

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/logging/QueryParamsEscaper.cc
----------------------------------------------------------------------
diff --git a/proxy/logging/QueryParamsEscaper.cc b/proxy/logging/QueryParamsEscaper.cc
deleted file mode 100644
index 9aabe9b..0000000
--- a/proxy/logging/QueryParamsEscaper.cc
+++ /dev/null
@@ -1,81 +0,0 @@
-/** @file
-
- This file contains a set of utility routines that are used throughout the
- logging implementation.
-
-  @section license License
-
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements.  See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership.  The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License.  You may obtain a copy of the License at
-
-      http://www.apache.org/licenses/LICENSE-2.0
-
-  Unless required by applicable law or agreed to in writing, software
-  distributed under the License is distributed on an "AS IS" BASIS,
-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  See the License for the specific language governing permissions and
-  limitations under the License.
- */
-
-#include "QueryParamsEscaper.h"
-
-using std::list;
-using std::string;
-using std::vector;
-
-bool QueryParamsEscaper::is_escaping_required_for_url(const char *url, size_t url_len)
-{
-  if (!_num_targets) {
-    return false;
-  }
-  size_t start;
-  for (start = 0; (start < url_len) && (url[start] != '?'); ++start); // find start of query
-  if (start == url_len) { // no query
-    return false;
-  }
-  ++start;
-  string param_name;
-  bool save_value_range = false;
-  for (size_t i = start; i < url_len; ++i) {
-    if (url[i] == '=') {
-      if (i - start) {
-        param_name.assign(url + start /* start */, i - start /* num bytes */);
-        for (size_t j = 0; j < _num_targets; ++j) {
-          if (param_name.find(_targets[j]) != string::npos) {
-            save_value_range = true;
-            break; // no need to check for other targets
-          }
-        }
-      }
-      start = i + 1;
-    }
-    else if ((url[i] == '&') || (i == url_len - 1) || (url[i] == '#')) { // end of query/value
-      if (save_value_range) {
-        size_t end = (url[i] == '&') || (url[i] == '#') ? i - 1 : i;
-        if (end >= start) {
-          _ranges_to_escape.push_back(IndexRange(start, end));
-        }
-        save_value_range = false;
-      }
-      start = i + 1;
-      if (url[i] == '#') {
-        break;
-      }
-    }
-  }
-  return !_ranges_to_escape.empty();
-}
-
-void QueryParamsEscaper::escape_url(char *mutable_url)
-{
-  for (list<IndexRange>::iterator iter = _ranges_to_escape.begin(); iter != _ranges_to_escape.end(); ++iter) {
-    for (size_t i = iter->first; i <= iter->second; ++i) {
-      mutable_url[i] = '*';
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/logging/QueryParamsEscaper.h
----------------------------------------------------------------------
diff --git a/proxy/logging/QueryParamsEscaper.h b/proxy/logging/QueryParamsEscaper.h
deleted file mode 100644
index d7fb602..0000000
--- a/proxy/logging/QueryParamsEscaper.h
+++ /dev/null
@@ -1,53 +0,0 @@
-/** @file
-
- This file contains a set of utility routines that are used throughout the
- logging implementation.
-
-  @section license License
-
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements.  See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership.  The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License.  You may obtain a copy of the License at
-
-      http://www.apache.org/licenses/LICENSE-2.0
-
-  Unless required by applicable law or agreed to in writing, software
-  distributed under the License is distributed on an "AS IS" BASIS,
-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  See the License for the specific language governing permissions and
-  limitations under the License.
- */
-
-#ifndef TS_PROXY_LOGGING_QUERY_PARAMS_ESCAPER
-
-#define TS_PROXY_LOGGING_QUERY_PARAMS_ESCAPER
-
-#include <list>
-#include <string>
-#include <vector>
-
-class QueryParamsEscaper
-{
-public:
-  QueryParamsEscaper(const std::vector<std::string> &params_to_hide)
-    : _targets(params_to_hide), _num_targets(_targets.size()) { };
-  bool is_escaping_required_for_url(const char *immutable_url, size_t url_len);
-
-  // arg should point to mutable version of url tested previously via
-  // is_escaping_required_for_url()
-  void escape_url(char *mutable_url);
-
-  // resets state about URL currently being worked on
-  void reset() { _ranges_to_escape.clear(); }
-private:
-  const std::vector<std::string> &_targets;
-  const size_t _num_targets;
-  typedef std::pair<size_t, size_t> IndexRange;
-  std::list<IndexRange> _ranges_to_escape;
-};
-
-#endif

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/617983c3/proxy/logging/test_QueryParamsEscaper.cc
----------------------------------------------------------------------
diff --git a/proxy/logging/test_QueryParamsEscaper.cc b/proxy/logging/test_QueryParamsEscaper.cc
deleted file mode 100644
index db38084..0000000
--- a/proxy/logging/test_QueryParamsEscaper.cc
+++ /dev/null
@@ -1,146 +0,0 @@
-/** @file
-
-  A brief file description
-
-  @section license License
-
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements.  See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership.  The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License.  You may obtain a copy of the License at
-
-      http://www.apache.org/licenses/LICENSE-2.0
-
-  Unless required by applicable law or agreed to in writing, software
-  distributed under the License is distributed on an "AS IS" BASIS,
-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  See the License for the specific language governing permissions and
-  limitations under the License.
- */
-
-/*
-  QueryParamsEscaper(const std::vector<std::string> &params_to_hide)
-    : _targets(params_to_hide), _num_targets(_targets.size()) { };
-  bool is_escaping_required_for_url(const char *immutable_url, size_t url_len);
-
-  // arg should point to mutable version of url tested previously via
-  // is_escaping_required_for_url()
-  void escape_url(char *mutable_url);
-*/
-
-#include "QueryParamsEscaper.h"
-#include <assert.h>
-#include <string.h>
-#include <stdio.h>
-
-using std::list;
-using std::string;
-using std::vector;
-
-int
-main(int argc, const char *argv[])
-{
-  {
-    vector<string> params_to_hide;
-    QueryParamsEscaper escaper(params_to_hide); // no params
-    char url[] = { "http://server/path?login=blah&password=blah123" };
-    assert(!escaper.is_escaping_required_for_url(url, sizeof(url) - 1));
-    assert(!escaper.is_escaping_required_for_url(url, 0));
-    assert(!escaper.is_escaping_required_for_url(0, 0));
-  }
-
-  {
-    vector<string> params_to_hide;
-    params_to_hide.push_back("login");
-    QueryParamsEscaper escaper(params_to_hide);
-    char url1[] = { "http://server/path?login=blah&password=blah123" };
-    assert(escaper.is_escaping_required_for_url(url1, sizeof(url1) - 1));
-    escaper.escape_url(url1);
-    assert(strcmp(url1, "http://server/path?login=****&password=blah123") == 0);
-    assert(!escaper.is_escaping_required_for_url(url1, 0));
-    assert(!escaper.is_escaping_required_for_url(0, 0));
-    escaper.reset();
-    char url2[] = { "http://server/path?blah=login&password=blah123" }; // login is param value, not name
-    assert(!escaper.is_escaping_required_for_url(url2, sizeof(url2) - 1));
-    escaper.reset();
-    char url3[] = { "http://server/login=blahpath?foo=bar" }; // login= is not a param, but part of path
-    assert(!escaper.is_escaping_required_for_url(url3, sizeof(url3) - 1));
-    escaper.reset();
-    char url4[] = { "http://login=blahserver/path?foo=bar" }; // login= is not a param, but part of server name
-    assert(!escaper.is_escaping_required_for_url(url4, sizeof(url4) - 1));
-    escaper.reset();
-    char url5[] = { "http://server/path?foo=bar&login=login1&login=login2&foo2=bar2" }; // multiple occurences
-    assert(escaper.is_escaping_required_for_url(url5, sizeof(url5) - 1));
-    escaper.escape_url(url5);
-    assert(strcmp(url5, "http://server/path?foo=bar&login=******&login=******&foo2=bar2") == 0);
-  }
-
-  {
-    vector<string> params_to_hide;
-    params_to_hide.push_back("login");
-    params_to_hide.push_back("password"); // multiple params to hide
-    QueryParamsEscaper escaper(params_to_hide);
-    char url1[] = { "http://server/path?login=blah&password=blah123" };
-    assert(escaper.is_escaping_required_for_url(url1, sizeof(url1) - 1));
-    escaper.escape_url(url1);
-    assert(strcmp(url1, "http://server/path?login=****&password=*******") == 0);
-    assert(!escaper.is_escaping_required_for_url(url1, 0));
-    assert(!escaper.is_escaping_required_for_url(0, 0));
-    escaper.reset();
-    char url2[] = { "http://server/path?login=blah&password=blah123&login=blah&password=blah123" };
-    assert(escaper.is_escaping_required_for_url(url2, sizeof(url2) - 1));
-    escaper.escape_url(url2);
-    assert(strcmp(url2, "http://server/path?login=****&password=*******&login=****&password=*******") == 0);
-    escaper.reset();
-    char url3[] = { "http://server/path?login=blah&password=&login=blah&password=" }; // empty values
-    assert(escaper.is_escaping_required_for_url(url3, sizeof(url3) - 1));
-    escaper.escape_url(url3);
-    assert(strcmp(url3, "http://server/path?login=****&password=&login=****&password=") == 0);
-    escaper.reset();
-
-    // sub string test
-    char url4[] = { "http://server/path?user_login=blah&new_password=123&login=test&old_password=456" };
-    assert(escaper.is_escaping_required_for_url(url4, sizeof(url4) - 1));
-    escaper.escape_url(url4);
-    assert(strcmp(url4, "http://server/path?user_login=****&new_password=***&login=****&old_password=***") == 0);
-
-    escaper.reset();
-    char url5[] = { "http://127.0.0.1:12175/uas/js/userspace?v=0.0.2000-RC1.24082-1337&apiKey=consumer_key_7&" };
-    assert(!escaper.is_escaping_required_for_url(url5, sizeof(url5) - 1));
-
-    escaper.reset();
-    char url6[] = { "http://127.0.0.1:12175/uas/js/userspace?v=0.0.2000-RC1.24082-1337&password=consumer_key_7&" };
-    assert(escaper.is_escaping_required_for_url(url6, sizeof(url6) - 1));
-    escaper.escape_url(url6);
-    assert(
-      strcmp(url6,
-             "http://127.0.0.1:12175/uas/js/userspace?v=0.0.2000-RC1.24082-1337&password=**************&") == 0);
-
-    escaper.reset();
-    char url7[] = { "http://127.0.0.1:12175/uas/js/userspace?v=0.0.2000-RC1.24082-1337&apiKey=consumer_key_7#" };
-    assert(!escaper.is_escaping_required_for_url(url7, sizeof(url7) - 1));
-
-    escaper.reset();
-    char url8[] = { "http://127.0.0.1:12175/uas/js/userspace?v=0.0.2000-RC1.24082-1337&password=" };
-    assert(!escaper.is_escaping_required_for_url(url8, sizeof(url8) - 1));
-
-    escaper.reset();
-    char url9[] = { "http://127.0.0.1:12175/uas/js/js?login=0.0.2000-RC1.24082-1337&password=" };
-    assert(escaper.is_escaping_required_for_url(url9, sizeof(url9) - 1));
-    escaper.escape_url(url9);
-    assert(strcmp(url9, "http://127.0.0.1:12175/uas/js/js?login=***********************&password=") == 0);
-
-    escaper.reset();
-    char url10[] = { "http://127.0.0.1/path?=b&=c&=d" };
-    assert(!escaper.is_escaping_required_for_url(url10, sizeof(url10) - 1));
-
-    escaper.reset();
-    char url11[] = { ".?a=b&c=d" };
-    url11[0] = '\0';
-    assert(!escaper.is_escaping_required_for_url(url11, sizeof(url11) - 1));
-  }
-  return 0;
-}


Mime
View raw message