Merge branch 'master' into quic-latest

* master:
  Rename ambiguous log variable (apache#7199)
  KWF useless member function HttpSM::kill_this_async_hook(). (apache#7198)
  Fix the active_timeout test to work without quic enabled (apache#7197)
  Remove obsolete cdn_ HttpTransact vars (apache#7182)
  Remove unused HttpUpdate mechanism (apache#7194)
  Updates the list of supported / linked Docs versions (apache#7152)
  Make custom xdebug HTTP header name available to other plugins. (apache#7193)
  Update sni outbound policy to allow directly setting the outbound SNI. (apache#7188)

doc/admin-guide/files/records.config.en.rst

@@ -3621,23 +3621,35 @@ Client-Related Configuration
 .. ts:cv:: CONFIG proxy.config.ssl.client.sni_policy STRING NULL
    :overridable:
 
-   Indicate how the SNI value for the TLS connection to the origin is selected.  By default it is
-   `host` which means the host header field value is used for the SNI.  If `remap` is specified, the
-   remapped origin name is used for the SNI value.  If `verify_with_name_source` is specified, the
-   SNI will be the host header value and the name to check in the server certificate will be the
-   remap header value.
+   Indicate how the SNI value for the TLS connection to the origin is selected.
+
+   ``host``
+      This is the default. The value of the ``Host`` field in the proxy request is used.
+
+   ``remap``
+      The remapped upstream name is used.
+
+   ``verify_with_name_source``
+      The value of the ``Host`` field in the proxy request is used. In addition, if the names in the
+      server certificate of the upstream are checked, they are checked against the remapped upstream
+      name, not the SNI.
+
+   ``@...``
+      If the policy starts with the ``@`` character, it is treated as a literal, less the leading
+      ``@``. E.g. if the policy is "@apache.org" the SNI will be "apache.org".
+
    We have two names that could be used in the transaction host header and the SNI value to the
    origin. These could be the host header from the client or the remap host name. Unless you have
    pristine host header enabled, these are likely the same values.
-   If sni_policy = host, both the sni and the host header to origin will be the same.
-   If sni_policy = remap, the sni value with be the remap host name and the host header will be the
-   host header from the client.
-   In addition, We may want to set the SNI and host headers the same (makes some common web servers
-   happy), but the certificate served by the origin may have a name that corresponds to the remap
-   name. So instead of using the SNI name for the name check, we may want to use the remap name.
-   So if sni_policy = verify_with_name_source, the sni will be the host header value and the name to
-   check in the server certificate will be the remap header value.
+   If sni_policy = ``host``, both the sni and the value of the ``Host`` field to origin will be the
+   same. If sni_policy = ``remap``, the sni value will be the remap host name and the host header
+   will be the host header from the client.
 
+   In addition, We may want to set the SNI and host headers the same (makes some common web servers
+   happy), but the server certificate for the upstream may have a name that corresponds to the remap
+   name. So instead of using the SNI name for the name check, we may want to use the remap name. So
+   if sni_policy = ``verify_with_name_source``, the sni will be the host header value and the name
+   to check in the server certificate will be the remap header value.
 
 .. ts:cv:: CONFIG proxy.config.ssl.client.TLSv1 INT 0
 

doc/static/languages.json

@@ -4,19 +4,17 @@
         "versions": [
             "latest",
             "9.0.x",
-            "8.0.x",
-            "7.1.x",
-            "6.2.x"
+            "8.1.x",
+            "7.1.x"
         ]
     },
     "ja": {
         "name": "日本語",
         "versions": [
             "latest",
             "9.0.x",
-            "8.0.x",
-            "7.1.x",
-            "6.2.x"
+            "8.1.x",
+            "7.1.x"
         ]
     }
 }

example/plugins/cpp-api/logger_example/LoggerExample.cc

@@ -33,7 +33,7 @@ using std::string;
 
 namespace
 {
-Logger log;
+Logger logger;
 GlobalPlugin *plugin;
 } // namespace
 
@@ -61,7 +61,7 @@ class GlobalHookPlugin : public GlobalPlugin
   void
   handleReadRequestHeadersPostRemap(Transaction &transaction) override
   {
-    LOG_DEBUG(log,
+    LOG_DEBUG(logger,
               "handleReadRequestHeadersPostRemap.\n"
               "\tRequest URL: %s\n"
               "\tRequest Path: %s\n"
@@ -74,23 +74,23 @@ class GlobalHookPlugin : public GlobalPlugin
     // Next, to demonstrate how you can change logging levels:
     if (transaction.getClientRequest().getUrl().getPath() == "change_log_level") {
       if (transaction.getClientRequest().getUrl().getQuery().find("level=debug") != string::npos) {
-        log.setLogLevel(Logger::LOG_LEVEL_DEBUG);
-        LOG_DEBUG(log, "Changed log level to DEBUG");
+        logger.setLogLevel(Logger::LOG_LEVEL_DEBUG);
+        LOG_DEBUG(logger, "Changed log level to DEBUG");
       } else if (transaction.getClientRequest().getUrl().getQuery().find("level=info") != string::npos) {
-        log.setLogLevel(Logger::LOG_LEVEL_INFO);
-        LOG_INFO(log, "Changed log level to INFO");
+        logger.setLogLevel(Logger::LOG_LEVEL_INFO);
+        LOG_INFO(logger, "Changed log level to INFO");
       } else if (transaction.getClientRequest().getUrl().getQuery().find("level=error") != string::npos) {
-        log.setLogLevel(Logger::LOG_LEVEL_ERROR);
-        LOG_ERROR(log, "Changed log level to ERROR");
+        logger.setLogLevel(Logger::LOG_LEVEL_ERROR);
+        LOG_ERROR(logger, "Changed log level to ERROR");
       }
     }
 
     // One drawback to using the Traffic Server Text Loggers is that you're limited in the size of the log
     // lines, this limit is now set at 8kb for atscppapi, but this limit might be removed in the future.
-    LOG_INFO(log, "This message will be dropped (see error.log) because it's just too big: %s", big_buffer_14kb_);
+    LOG_INFO(logger, "This message will be dropped (see error.log) because it's just too big: %s", big_buffer_14kb_);
 
     // This should work though:
-    LOG_INFO(log, "%s", big_buffer_6kb_);
+    LOG_INFO(logger, "%s", big_buffer_6kb_);
 
     transaction.resume();
   }
@@ -119,24 +119,24 @@ TSPluginInit(int argc ATSCPPAPI_UNUSED, const char *argv[] ATSCPPAPI_UNUSED)
   // The fifth argument is to enable log rolling, this is enabled by default.
   // The sixth argument is the frequency in which we will roll the logs, 300 seconds is very low,
   //  the default for this argument is 3600.
-  log.init("logger_example", true, true, Logger::LOG_LEVEL_DEBUG, true, 300);
+  logger.init("logger_example", true, true, Logger::LOG_LEVEL_DEBUG, true, 300);
 
   // Now that we've initialized a logger we can do all kinds of fun things on it:
-  log.setRollingEnabled(true);        // already done via log.init, just an example.
-  log.setRollingIntervalSeconds(300); // already done via log.init
+  logger.setRollingEnabled(true);        // already done via log.init, just an example.
+  logger.setRollingIntervalSeconds(300); // already done via log.init
 
   // You have two ways to log to a logger, you can log directly on the object itself:
-  log.logInfo("Hello World from: %s", argv[0]);
+  logger.logInfo("Hello World from: %s", argv[0]);
 
   // Alternatively you can take advantage of the super helper macros for logging
   // that will include the file, function, and line number automatically as part
   // of the log message:
-  LOG_INFO(log, "Hello World with more info from: %s", argv[0]);
+  LOG_INFO(logger, "Hello World with more info from: %s", argv[0]);
 
   // This will hurt performance, but it's an option that's always available to you
   // to force flush the logs. Otherwise TrafficServer will flush the logs around
   // once every second. You should really avoid flushing the log unless it's really necessary.
-  log.flush();
+  logger.flush();
 
   plugin = new GlobalHookPlugin();
 }

plugins/xdebug/xdebug.cc

@@ -706,6 +706,13 @@ TSPluginInit(int argc, const char *argv[])
   }
   xDebugHeader.len = strlen(xDebugHeader.str);
 
+  // Make xDebugHeader available to other plugins, as a C-style string.
+  //
+  int idx = -1;
+  TSReleaseAssert(TSUserArgIndexReserve(TS_USER_ARGS_GLB, "XDebugHeader", "XDebug header name", &idx) == TS_SUCCESS);
+  TSReleaseAssert(idx >= 0);
+  TSUserArgSet(nullptr, idx, const_cast<char *>(xDebugHeader.str));
+
   AuxDataMgr::init("xdebug");
 
   // Setup the global hook

proxy/http/HttpDebugNames.cc

@@ -27,7 +27,6 @@
 #include "HttpTunnel.h"
 #include "Transform.h"
 #include "HttpSM.h"
-#include "HttpUpdateSM.h"
 #include <ts/apidefs.h>
 #include <I_Event.h>
 
@@ -231,22 +230,6 @@ HttpDebugNames::get_event_name(int event)
     static_assert(static_cast<int>(HTTP_API_ERROR) == static_cast<int>(TS_EVENT_HTTP_ERROR));
     return "HTTP_API_ERROR/TS_EVENT_HTTP_ERROR";
 
-  ///////////////////////////////
-  //  Scheduled Update Events
-  ///////////////////////////////
-  case HTTP_SCH_UPDATE_EVENT_WRITTEN:
-    return "HTTP_SCH_UPDATE_EVENT_WRITTEN";
-  case HTTP_SCH_UPDATE_EVENT_UPDATED:
-    return "HTTP_SCH_UPDATE_EVENT_UPDATED";
-  case HTTP_SCH_UPDATE_EVENT_DELETED:
-    return "HTTP_SCH_UPDATE_EVENT_DELETED";
-  case HTTP_SCH_UPDATE_EVENT_NOT_CACHED:
-    return "HTTP_SCH_UPDATE_EVENT_NOT_CACHED";
-  case HTTP_SCH_UPDATE_EVENT_ERROR:
-    return "HTTP_SCH_UPDATE_EVENT_ERROR";
-  case HTTP_SCH_UPDATE_EVENT_NO_ACTION:
-    return "HTTP_SCH_UPDATE_EVENT_NO_ACTION";
-
   case TS_EVENT_NET_ACCEPT_FAILED:
     return "TS_EVENT_NET_ACCEPT_FAILED";
   case TS_EVENT_INTERNAL_206:

proxy/http/HttpProxyServerMain.cc

@@ -27,7 +27,6 @@
 #include "HttpSessionAccept.h"
 #include "ReverseProxy.h"
 #include "HttpSessionManager.h"
-#include "HttpUpdateSM.h"
 #ifdef USE_HTTP_DEBUG_LISTS
 #include "Http1ClientSession.h"
 #endif
@@ -360,12 +359,6 @@ start_HttpProxyServer()
     // NULL. It would be useful to be able to detect errors and spew them here though.
   }
 
-#if TS_HAS_TESTS
-  if (is_action_tag_set("http_update_test")) {
-    init_http_update_test();
-  }
-#endif
-
   // Set up stat page for http connection count
   statPagesManager.register_http("connection_count", register_ShowConnectionCount);
 

proxy/http/HttpSM.cc

@@ -464,16 +464,7 @@ HttpSM::state_remove_from_list(int event, void * /* data ATS_UNUSED */)
     HttpSMList[bucket].sm_list.remove(this);
   }
 
-  return this->kill_this_async_hook(EVENT_NONE, nullptr);
-}
-
-int
-HttpSM::kill_this_async_hook(int /* event ATS_UNUSED */, void * /* data ATS_UNUSED */)
-{
-  // In the base HttpSM, we don't have anything to
-  //   do here.  subclasses can override this function
-  //   to do their own asynchronous cleanup
-  // So We're now ready to finish off the state machine
+  // We're now ready to finish off the state machine
   terminate_sm         = true;
   kill_this_async_done = true;
 
@@ -4820,17 +4811,21 @@ HttpSM::get_outbound_cert() const
 std::string_view
 HttpSM::get_outbound_sni() const
 {
-  const char *sni_name = nullptr;
-  size_t len           = 0;
-  if (t_state.txn_conf->ssl_client_sni_policy == nullptr || !strcmp(t_state.txn_conf->ssl_client_sni_policy, "host")) {
+  using namespace ts::literals;
+  ts::TextView zret;
+  ts::TextView policy{t_state.txn_conf->ssl_client_sni_policy, ts::TextView::npos};
+  if (policy.empty() || !strcmp(policy, "host"_tv)) {
     // By default the host header field value is used for the SNI.
-    sni_name = t_state.hdr_info.server_request.host_get(reinterpret_cast<int *>(&len));
+    int len;
+    char const *ptr = t_state.hdr_info.server_request.host_get(&len);
+    zret.assign(ptr, len);
+  } else if (policy.front() == '@') { // guaranteed non-empty from previous clause
+    zret = policy.remove_prefix(1);
   } else {
     // If other is specified, like "remap" and "verify_with_name_source", the remapped origin name is used for the SNI value
-    len      = strlen(t_state.server_info.name);
-    sni_name = t_state.server_info.name;
+    zret.assign(t_state.server_info.name, ts::TextView::npos);
   }
-  return std::string_view(sni_name, len);
+  return zret;
 }
 
 //////////////////////////////////////////////////////////////////////////

proxy/http/HttpSM.h

@@ -593,7 +593,6 @@ class HttpSM : public Continuation, public PluginUserArgs<TS_USER_ARGS_TXN>
   bool terminate_sm         = false;
   bool kill_this_async_done = false;
   bool parse_range_done     = false;
-  virtual int kill_this_async_hook(int event, void *data);
   void kill_this();
   void update_stats();
   void transform_cleanup(TSHttpHookID hook, HttpTransformInfo *info);

proxy/http/HttpTransact.cc

@@ -757,15 +757,13 @@ how_to_open_connection(HttpTransact::State *s)
     break;
   }
 
-  s->cdn_saved_next_action = HttpTransact::SM_ACTION_ORIGIN_SERVER_OPEN;
+  HttpTransact::StateMachineAction_t connect_next_action = HttpTransact::SM_ACTION_ORIGIN_SERVER_OPEN;
 
   // Setting up a direct CONNECT tunnel enters OriginServerRawOpen. We always do that if we
   // are not forwarding CONNECT and are not going to a parent proxy.
   if (s->method == HTTP_WKSIDX_CONNECT) {
-    if (s->txn_conf->forward_connect_method == 1 || s->parent_result.result == PARENT_SPECIFIED) {
-      s->cdn_saved_next_action = HttpTransact::SM_ACTION_ORIGIN_SERVER_OPEN;
-    } else {
-      s->cdn_saved_next_action = HttpTransact::SM_ACTION_ORIGIN_SERVER_RAW_OPEN;
+    if (s->txn_conf->forward_connect_method != 1 && s->parent_result.result != PARENT_SPECIFIED) {
+      connect_next_action = HttpTransact::SM_ACTION_ORIGIN_SERVER_RAW_OPEN;
     }
   }
 
@@ -774,9 +772,7 @@ how_to_open_connection(HttpTransact::State *s)
     HttpTransactHeaders::convert_request(s->current.server->http_version, &s->hdr_info.server_request);
   }
 
-  ink_assert(s->cdn_saved_next_action == HttpTransact::SM_ACTION_ORIGIN_SERVER_OPEN ||
-             s->cdn_saved_next_action == HttpTransact::SM_ACTION_ORIGIN_SERVER_RAW_OPEN);
-  return s->cdn_saved_next_action;
+  return connect_next_action;
 }
 
 /*****************************************************************************
@@ -2020,19 +2016,8 @@ HttpTransact::OSDNSLookup(State *s)
   // After SM_ACTION_DNS_LOOKUP, goto the saved action/state ORIGIN_SERVER_(RAW_)OPEN.
   // Should we skip the StartAccessControl()? why?
 
-  if (s->cdn_remap_complete) {
-    TxnDebug("cdn", "This is a late DNS lookup.  We are going to the OS, "
-                    "not to HandleFiltering.");
-
-    ink_assert(s->cdn_saved_next_action == SM_ACTION_ORIGIN_SERVER_OPEN ||
-               s->cdn_saved_next_action == SM_ACTION_ORIGIN_SERVER_RAW_OPEN);
-    TxnDebug("cdn", "outgoing version -- (pre  conversion) %d", s->hdr_info.server_request.m_http->m_version);
-    (&s->hdr_info.server_request)->version_set(HTTPVersion(1, 1));
-    HttpTransactHeaders::convert_request(s->current.server->http_version, &s->hdr_info.server_request);
-    TxnDebug("cdn", "outgoing version -- (post conversion) %d", s->hdr_info.server_request.m_http->m_version);
-    TRANSACT_RETURN(s->cdn_saved_next_action, nullptr);
-  } else if (DNSLookupInfo::OS_Addr::OS_ADDR_USE_CLIENT == s->dns_info.os_addr_style ||
-             DNSLookupInfo::OS_Addr::OS_ADDR_USE_HOSTDB == s->dns_info.os_addr_style) {
+  if (DNSLookupInfo::OS_Addr::OS_ADDR_USE_CLIENT == s->dns_info.os_addr_style ||
+      DNSLookupInfo::OS_Addr::OS_ADDR_USE_HOSTDB == s->dns_info.os_addr_style) {
     // we've come back after already trying the server to get a better address
     // and finished with all backtracking - return to trying the server.
     TRANSACT_RETURN(how_to_open_connection(s), HttpTransact::HandleResponse);

proxy/http/HttpTransact.h

@@ -702,12 +702,6 @@ class HttpTransact
     //  able to defer some work in building the request
     TransactFunc_t pending_work = nullptr;
 
-    // Sandbox of Variables
-    StateMachineAction_t cdn_saved_next_action        = SM_ACTION_UNDEFINED;
-    void (*cdn_saved_transact_return_point)(State *s) = nullptr;
-    bool cdn_remap_complete                           = false;
-    bool first_dns_lookup                             = true;
-
     HttpRequestData request_data;
     ParentConfigParams *parent_params                           = nullptr;
     std::shared_ptr<NextHopSelectionStrategy> next_hop_strategy = nullptr;