trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bri...@apache.org
Subject [2/3] trafficserver git commit: TS-3558: Fix proxy.config.http.auth_server_session_private
Date Tue, 28 Apr 2015 02:55:22 GMT
TS-3558: Fix proxy.config.http.auth_server_session_private


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/300cdbae
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/300cdbae
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/300cdbae

Branch: refs/heads/master
Commit: 300cdbae992eb21d5cca233e91467f7902b726d8
Parents: a1af594
Author: Brian Geffon <briang@apache.org>
Authored: Mon Apr 27 19:54:41 2015 -0700
Committer: Brian Geffon <briang@apache.org>
Committed: Mon Apr 27 19:54:41 2015 -0700

----------------------------------------------------------------------
 lib/ts/apidefs.h.in      |  1 +
 proxy/InkAPI.cc          |  7 +++++++
 proxy/InkAPITest.cc      |  1 +
 proxy/http/HttpConfig.cc |  4 ++++
 proxy/http/HttpSM.cc     | 46 ++++++++++++++++++++++++++++---------------
 proxy/http/HttpSM.h      |  7 +++++++
 6 files changed, 50 insertions(+), 16 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/300cdbae/lib/ts/apidefs.h.in
----------------------------------------------------------------------
diff --git a/lib/ts/apidefs.h.in b/lib/ts/apidefs.h.in
index 329adf2..a3e0d93 100644
--- a/lib/ts/apidefs.h.in
+++ b/lib/ts/apidefs.h.in
@@ -679,6 +679,7 @@ extern "C"
     TS_CONFIG_HTTP_KEEP_ALIVE_ENABLED_IN,
     TS_CONFIG_HTTP_KEEP_ALIVE_ENABLED_OUT,
     TS_CONFIG_HTTP_KEEP_ALIVE_POST_OUT,
+    TS_CONFIG_HTTP_AUTH_SERVER_SESSION_PRIVATE,
     TS_CONFIG_HTTP_SHARE_SERVER_SESSIONS, // DEPRECATED
     TS_CONFIG_HTTP_SERVER_SESSION_SHARING_POOL,
     TS_CONFIG_HTTP_SERVER_SESSION_SHARING_MATCH,

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/300cdbae/proxy/InkAPI.cc
----------------------------------------------------------------------
diff --git a/proxy/InkAPI.cc b/proxy/InkAPI.cc
index 55def42..cfc1411 100644
--- a/proxy/InkAPI.cc
+++ b/proxy/InkAPI.cc
@@ -7660,6 +7660,9 @@ _conf_to_memberp(TSOverridableConfigKey conf, OverridableHttpConfigParams
*overr
   case TS_CONFIG_HTTP_KEEP_ALIVE_POST_OUT:
     ret = &overridableHttpConfig->keep_alive_post_out;
     break;
+  case TS_CONFIG_HTTP_AUTH_SERVER_SESSION_PRIVATE:
+    ret = &overridableHttpConfig->auth_server_session_private;
+    break;
   case TS_CONFIG_HTTP_SHARE_SERVER_SESSIONS:
     ink_assert("Deprecated config key value - TS_CONFIG_HTTP_SHARE_SERVER_SESSIONS");
     //    ret = &overridableHttpConfig->share_server_sessions;
@@ -8438,6 +8441,10 @@ TSHttpTxnConfigFind(const char *name, int length, TSOverridableConfigKey
*conf,
       if (0 == strncmp(name, "proxy.config.http.server_session_sharing.pool", length))
         cnf = TS_CONFIG_HTTP_SERVER_SESSION_SHARING_POOL;
       break;
+    case 'e':
+      if (0 == strncmp(name, "proxy.config.http.auth_server_session_private", length))
+        cnf = TS_CONFIG_HTTP_AUTH_SERVER_SESSION_PRIVATE;
+      break;
     }
     break;
 

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/300cdbae/proxy/InkAPITest.cc
----------------------------------------------------------------------
diff --git a/proxy/InkAPITest.cc b/proxy/InkAPITest.cc
index de5e319..8a7ec68 100644
--- a/proxy/InkAPITest.cc
+++ b/proxy/InkAPITest.cc
@@ -7170,6 +7170,7 @@ const char *SDK_Overridable_Configs[TS_CONFIG_LAST_ENTRY] = {
   "proxy.config.url_remap.pristine_host_hdr", "proxy.config.http.chunking_enabled", "proxy.config.http.negative_caching_enabled",
   "proxy.config.http.negative_caching_lifetime", "proxy.config.http.cache.when_to_revalidate",
   "proxy.config.http.keep_alive_enabled_in", "proxy.config.http.keep_alive_enabled_out",
"proxy.config.http.keep_alive_post_out",
+  "proxy.config.http.auth_server_session_private",
   "proxy.config.http.share_server_sessions", "proxy.config.http.server_session_sharing.pool",
   "proxy.config.http.server_session_sharing.match", "proxy.config.net.sock_recv_buffer_size_out",
   "proxy.config.net.sock_send_buffer_size_out", "proxy.config.net.sock_option_flag_out",

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/300cdbae/proxy/http/HttpConfig.cc
----------------------------------------------------------------------
diff --git a/proxy/http/HttpConfig.cc b/proxy/http/HttpConfig.cc
index a5bfc63..50d0b45 100644
--- a/proxy/http/HttpConfig.cc
+++ b/proxy/http/HttpConfig.cc
@@ -987,6 +987,8 @@ HttpConfig::startup()
   http_config_enum_read("proxy.config.http.server_session_sharing.match", SessionSharingMatchStrings,
                         c.oride.server_session_sharing_match);
 
+  HttpEstablishStaticConfigByte(c.oride.auth_server_session_private, "proxy.config.http.auth_server_session_private");
+
   HttpEstablishStaticConfigByte(c.oride.keep_alive_post_out, "proxy.config.http.keep_alive_post_out");
 
   HttpEstablishStaticConfigLongLong(c.oride.keep_alive_no_activity_timeout_in,
@@ -1232,6 +1234,8 @@ HttpConfig::reconfigure()
   params->oride.keep_alive_enabled_in = INT_TO_BOOL(m_master.oride.keep_alive_enabled_in);
   params->oride.keep_alive_enabled_out = INT_TO_BOOL(m_master.oride.keep_alive_enabled_out);
   params->oride.chunking_enabled = INT_TO_BOOL(m_master.oride.chunking_enabled);
+  params->oride.auth_server_session_private = INT_TO_BOOL(m_master.oride.auth_server_session_private);
+
   params->oride.http_chunking_size = m_master.oride.http_chunking_size;
 
   params->oride.post_check_content_length_enabled = INT_TO_BOOL(m_master.oride.post_check_content_length_enabled);

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/300cdbae/proxy/http/HttpSM.cc
----------------------------------------------------------------------
diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index 99f3aa1..0e8918a 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -292,7 +292,7 @@ HttpSM::HttpSM()
     enable_redirection(false), redirect_url(NULL), redirect_url_len(0), redirection_tries(0),
transfered_bytes(0),
     post_failed(false), debug_on(false), plugin_tunnel_type(HTTP_NO_PLUGIN_TUNNEL), plugin_tunnel(NULL),
reentrancy_count(0),
     history_pos(0), tunnel(), ua_entry(NULL), ua_session(NULL), background_fill(BACKGROUND_FILL_NONE),
ua_raw_buffer_reader(NULL),
-    server_entry(NULL), server_session(NULL), shared_session_retries(0), server_buffer_reader(NULL),
transform_info(),
+    server_entry(NULL), server_session(NULL), will_be_private_ss(false), shared_session_retries(0),
server_buffer_reader(NULL), transform_info(),
     post_transform_info(), has_active_plugin_agents(false), second_cache_sm(NULL), default_handler(NULL),
pending_action(NULL),
     historical_action(NULL), last_action(HttpTransact::SM_ACTION_UNDEFINED),
     // TODO:  Now that bodies can be empty, should the body counters be set to -1 ? TS-2213
@@ -4569,6 +4569,32 @@ HttpSM::do_http_server_open(bool raw)
   // to do this but as far I can tell the code that prevented keep-alive if
   // there is a request body has been removed.
 
+  // If we are sending authorizations headers, mark the connection private
+  //
+  // We do this here because it means that we will not waste a connection from the pool if
we already
+  // know that the session will be private. This is overridable meaning that if a plugin
later decides
+  // it shouldn't be private it can still be returned to a shared pool.
+  //
+  if (t_state.txn_conf->auth_server_session_private == 1 &&
+      t_state.hdr_info.server_request.presence(MIME_PRESENCE_AUTHORIZATION | MIME_PRESENCE_PROXY_AUTHORIZATION
|
+                                               MIME_PRESENCE_WWW_AUTHENTICATE)) {
+    DebugSM("http_ss_auth", "Setting server session to private for authorization header");
+    will_be_private_ss = true;
+  }
+
+  if (t_state.method == HTTP_WKSIDX_POST || t_state.method == HTTP_WKSIDX_PUT) {
+     // don't share the session if keep-alive for post is not on
+     if (t_state.txn_conf->keep_alive_post_out == 0) {
+       DebugSM("http_ss", "Setting server session to private because of keep-alive post out");
+       will_be_private_ss = true;
+     }
+  }
+
+  // If there is already an attached server session mark it as private.
+  if (server_session != NULL && will_be_private_ss) {
+    set_server_session_private(true);
+  }
+
   if (raw == false && TS_SERVER_SESSION_SHARING_MATCH_NONE != t_state.txn_conf->server_session_sharing_match
&&
       (t_state.txn_conf->keep_alive_post_out == 1 || t_state.hdr_info.request_content_length
== 0) && !is_private() &&
       ua_session != NULL) {
@@ -5581,13 +5607,6 @@ HttpSM::attach_server_session(HttpServerSession *s)
 
   if (t_state.method == HTTP_WKSIDX_POST || t_state.method == HTTP_WKSIDX_PUT) {
     connect_timeout = t_state.txn_conf->post_connect_attempts_timeout;
-
-    // don't share the session if keep-alive for post is not on
-    if (t_state.txn_conf->keep_alive_post_out == 0) {
-      DebugSM("http_ss", "Setting server session to private because of keep-alive post out");
-      set_server_session_private(true);
-    }
-
   } else if (t_state.current.server == &t_state.parent_info) {
     connect_timeout = t_state.http_config_param->parent_connect_timeout;
   } else {
@@ -5608,7 +5627,7 @@ HttpSM::attach_server_session(HttpServerSession *s)
     server_session->get_netvc()->set_active_timeout(HRTIME_SECONDS(t_state.txn_conf->transaction_active_timeout_out));
   }
 
-  if (plugin_tunnel_type != HTTP_NO_PLUGIN_TUNNEL) {
+  if (plugin_tunnel_type != HTTP_NO_PLUGIN_TUNNEL || will_be_private_ss) {
     DebugSM("http_ss", "Setting server session to private");
     set_server_session_private(true);
   }
@@ -5652,13 +5671,6 @@ HttpSM::setup_server_send_request()
     server_request_body_bytes = msg_len;
   }
 
-  // If we are sending authorizations headers, mark the connection private
-  if (t_state.txn_conf->auth_server_session_private == 1 &&
-      t_state.hdr_info.server_request.presence(MIME_PRESENCE_AUTHORIZATION | MIME_PRESENCE_PROXY_AUTHORIZATION
|
-                                               MIME_PRESENCE_WWW_AUTHENTICATE)) {
-    DebugSM("http_ss", "Setting server session to private for authorization header");
-    set_server_session_private(true);
-  }
   milestones.server_begin_write = ink_get_hrtime();
   server_entry->write_vio = server_entry->vc->do_io_write(this, hdr_length, buf_start);
 }
@@ -7602,6 +7614,8 @@ HttpSM::is_private()
     HttpServerSession *ss = ua_session->get_server_session();
     if (ss) {
       res = ss->private_session;
+    } else if (will_be_private_ss) {
+      res = will_be_private_ss;
     }
   }
   return res;

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/300cdbae/proxy/http/HttpSM.h
----------------------------------------------------------------------
diff --git a/proxy/http/HttpSM.h b/proxy/http/HttpSM.h
index 4edd7d5..16844ce 100644
--- a/proxy/http/HttpSM.h
+++ b/proxy/http/HttpSM.h
@@ -316,6 +316,13 @@ protected:
 
   HttpVCTableEntry *server_entry;
   HttpServerSession *server_session;
+
+  /* Because we don't want to take a session from a shared pool if we know that it will be
private,
+   * but we cannot set it to private until we have an attached server session.
+   * So we use this variable to indicate that
+   * we should create a new connection and then once we attach the session we'll mark it
as private.
+   */
+  bool will_be_private_ss;
   int shared_session_retries;
   IOBufferReader *server_buffer_reader;
   void remove_server_entry();


Mime
View raw message