From ebd0460d7e5e736069dd28d81726d585062ca818 Mon Sep 17 00:00:00 2001
From: bneradt <bneradt@yahooinc.com>
Date: Wed, 9 Feb 2022 18:17:59 -0600
Subject: [PATCH] Making 9.2.x backwards compatible with 9.1.x

In order to make 9.2.x backwards compatible against plugins compiled
with 9.1.x, this PR does the following:

1. Adds back exposed enum values removed in 9.2.x
2. Any added enum values are put at the end of their enumeration lists.
3. Adds back the TSHttpTxnCntl function
---
 include/ts/apidefs.h.in          |  9 +++-
 include/ts/experimental.h        | 23 ++++++++++
 plugins/lua/ts_lua_http_config.c | 32 ++++++++------
 src/traffic_server/InkAPI.cc     | 72 ++++++++++++++++++++++++++++++++
 src/traffic_server/InkAPITest.cc | 13 +++++-
 5 files changed, 133 insertions(+), 16 deletions(-)

diff --git a/include/ts/apidefs.h.in b/include/ts/apidefs.h.in
index e3ebe46528d..ac550a95fd6 100644
--- a/include/ts/apidefs.h.in
+++ b/include/ts/apidefs.h.in
@@ -437,8 +437,8 @@ typedef enum {
   TS_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED_HOOK,
   TS_LIFECYCLE_MSG_HOOK,
   TS_LIFECYCLE_TASK_THREADS_READY_HOOK,
-  TS_LIFECYCLE_SSL_SECRET_HOOK,
   TS_LIFECYCLE_SHUTDOWN_HOOK,
+  TS_LIFECYCLE_SSL_SECRET_HOOK,
   TS_LIFECYCLE_LAST_HOOK
 } TSLifecycleHookID;
 
@@ -827,7 +827,6 @@ typedef enum {
   TS_CONFIG_HTTP_CACHE_MAX_OPEN_WRITE_RETRIES,
   TS_CONFIG_HTTP_REDIRECT_USE_ORIG_CACHE_KEY,
   TS_CONFIG_HTTP_ATTACH_SERVER_SESSION_TO_CLIENT,
-  TS_CONFIG_HTTP_MAX_PROXY_CYCLES,
   TS_CONFIG_WEBSOCKET_NO_ACTIVITY_TIMEOUT,
   TS_CONFIG_WEBSOCKET_ACTIVE_TIMEOUT,
   TS_CONFIG_HTTP_UNCACHEABLE_REQUESTS_BYPASS_PARENT,
@@ -856,6 +855,11 @@ typedef enum {
   TS_CONFIG_HTTP_SERVER_MIN_KEEP_ALIVE_CONNS,
   TS_CONFIG_HTTP_PER_SERVER_CONNECTION_MAX,
   TS_CONFIG_HTTP_PER_SERVER_CONNECTION_MATCH,
+#if TS_VERSION_MAJOR < 10
+  /* This is kept in the 9.x releases to preserve the ABI. Remove this in the
+   * 10 release. */
+  TS_CONFIG_SSL_CLIENT_VERIFY_SERVER,
+#endif
   TS_CONFIG_SSL_CLIENT_VERIFY_SERVER_POLICY,
   TS_CONFIG_SSL_CLIENT_VERIFY_SERVER_PROPERTIES,
   TS_CONFIG_SSL_CLIENT_SNI_POLICY,
@@ -863,6 +867,7 @@ typedef enum {
   TS_CONFIG_SSL_CLIENT_CA_CERT_FILENAME,
   TS_CONFIG_HTTP_HOST_RESOLUTION_PREFERENCE,
   TS_CONFIG_HTTP_CONNECT_DEAD_POLICY,
+  TS_CONFIG_HTTP_MAX_PROXY_CYCLES,
   TS_CONFIG_PLUGIN_VC_DEFAULT_BUFFER_INDEX,
   TS_CONFIG_PLUGIN_VC_DEFAULT_BUFFER_WATER_MARK,
   TS_CONFIG_NET_SOCK_NOTSENT_LOWAT,
diff --git a/include/ts/experimental.h b/include/ts/experimental.h
index deef0ab3f6c..b2d020f4724 100644
--- a/include/ts/experimental.h
+++ b/include/ts/experimental.h
@@ -73,6 +73,29 @@ int64_t TSCacheHttpInfoSizeGet(TSCacheHttpInfo infop);
 tsapi int TSMimeHdrFieldEqual(TSMBuffer bufp, TSMLoc hdr_obj, TSMLoc field1, TSMLoc field2);
 tsapi TSReturnCode TSHttpTxnHookRegisteredFor(TSHttpTxn txnp, TSHttpHookID id, TSEventFunc funcp);
 
+#if TS_VERSION_MAJOR < 10
+
+/* These are kept in the 9.x releases to preserve the ABI. These should be
+ * removed in the ATS 10 release. */
+
+/* Various HTTP "control" modes */
+typedef enum {
+  TS_HTTP_CNTL_GET_LOGGING_MODE,
+  TS_HTTP_CNTL_SET_LOGGING_MODE,
+  TS_HTTP_CNTL_GET_INTERCEPT_RETRY_MODE,
+  TS_HTTP_CNTL_SET_INTERCEPT_RETRY_MODE
+} TSHttpCntlTypeExperimental;
+
+#define TS_HTTP_CNTL_OFF (void *)0
+#define TS_HTTP_CNTL_ON (void *)1
+/* usage:
+   void *onoff = 0;
+   TSHttpTxnCntl(.., TS_HTTP_CNTL_GET_LOGGING_MODE, &onoff);
+   if (onoff == TS_HTTP_CNTL_ON) ....
+*/
+tsapi TSReturnCode TSHttpTxnCntl(TSHttpTxn txnp, TSHttpCntlTypeExperimental cntl, void *data);
+
+#endif
 /* Protocols APIs */
 tsapi void TSVConnCacheHttpInfoSet(TSVConn connp, TSCacheHttpInfo infop);
 
diff --git a/plugins/lua/ts_lua_http_config.c b/plugins/lua/ts_lua_http_config.c
index 9d5463a70ae..5bcc583dd69 100644
--- a/plugins/lua/ts_lua_http_config.c
+++ b/plugins/lua/ts_lua_http_config.c
@@ -133,19 +133,22 @@ typedef enum {
   TS_LUA_CONFIG_HTTP_ALLOW_MULTI_RANGE                        = TS_CONFIG_HTTP_ALLOW_MULTI_RANGE,
   TS_LUA_CONFIG_HTTP_REQUEST_BUFFER_ENABLED                   = TS_CONFIG_HTTP_REQUEST_BUFFER_ENABLED,
   TS_LUA_CONFIG_HTTP_ALLOW_HALF_OPEN                          = TS_CONFIG_HTTP_ALLOW_HALF_OPEN,
-  TS_LUA_CONFIG_SSL_CLIENT_VERIFY_SERVER_POLICY               = TS_CONFIG_SSL_CLIENT_VERIFY_SERVER_POLICY,
-  TS_LUA_CONFIG_SSL_CLIENT_VERIFY_SERVER_PROPERTIES           = TS_CONFIG_SSL_CLIENT_VERIFY_SERVER_PROPERTIES,
-  TS_LUA_CONFIG_SSL_CLIENT_SNI_POLICY                         = TS_CONFIG_SSL_CLIENT_SNI_POLICY,
-  TS_LUA_CONFIG_SSL_CLIENT_PRIVATE_KEY_FILENAME               = TS_CONFIG_SSL_CLIENT_PRIVATE_KEY_FILENAME,
-  TS_LUA_CONFIG_SSL_CLIENT_CA_CERT_FILENAME                   = TS_CONFIG_SSL_CLIENT_CA_CERT_FILENAME,
-  TS_LUA_CONFIG_HTTP_HOST_RESOLUTION_PREFERENCE               = TS_CONFIG_HTTP_HOST_RESOLUTION_PREFERENCE,
-  TS_LUA_CONFIG_PLUGIN_VC_DEFAULT_BUFFER_INDEX                = TS_CONFIG_PLUGIN_VC_DEFAULT_BUFFER_INDEX,
-  TS_LUA_CONFIG_PLUGIN_VC_DEFAULT_BUFFER_WATER_MARK           = TS_CONFIG_PLUGIN_VC_DEFAULT_BUFFER_WATER_MARK,
-  TS_LUA_CONFIG_NET_SOCK_NOTSENT_LOWAT                        = TS_CONFIG_NET_SOCK_NOTSENT_LOWAT,
-  TS_LUA_CONFIG_BODY_FACTORY_RESPONSE_SUPPRESSION_MODE        = TS_CONFIG_BODY_FACTORY_RESPONSE_SUPPRESSION_MODE,
-  TS_LUA_CONFIG_ENABLE_PARENT_TIMEOUT_MARKDOWNS               = TS_CONFIG_HTTP_ENABLE_PARENT_TIMEOUT_MARKDOWNS,
-  TS_LUA_CONFIG_DISABLE_PARENT_MARKDOWNS                      = TS_CONFIG_HTTP_DISABLE_PARENT_MARKDOWNS,
-  TS_LUA_CONFIG_LAST_ENTRY                                    = TS_CONFIG_LAST_ENTRY,
+#if TS_VERSION_MAJOR < 10
+  TS_LUA_CONFIG_SSL_CLIENT_VERIFY_SERVER = TS_CONFIG_SSL_CLIENT_VERIFY_SERVER,
+#endif
+  TS_LUA_CONFIG_SSL_CLIENT_VERIFY_SERVER_POLICY        = TS_CONFIG_SSL_CLIENT_VERIFY_SERVER_POLICY,
+  TS_LUA_CONFIG_SSL_CLIENT_VERIFY_SERVER_PROPERTIES    = TS_CONFIG_SSL_CLIENT_VERIFY_SERVER_PROPERTIES,
+  TS_LUA_CONFIG_SSL_CLIENT_SNI_POLICY                  = TS_CONFIG_SSL_CLIENT_SNI_POLICY,
+  TS_LUA_CONFIG_SSL_CLIENT_PRIVATE_KEY_FILENAME        = TS_CONFIG_SSL_CLIENT_PRIVATE_KEY_FILENAME,
+  TS_LUA_CONFIG_SSL_CLIENT_CA_CERT_FILENAME            = TS_CONFIG_SSL_CLIENT_CA_CERT_FILENAME,
+  TS_LUA_CONFIG_HTTP_HOST_RESOLUTION_PREFERENCE        = TS_CONFIG_HTTP_HOST_RESOLUTION_PREFERENCE,
+  TS_LUA_CONFIG_PLUGIN_VC_DEFAULT_BUFFER_INDEX         = TS_CONFIG_PLUGIN_VC_DEFAULT_BUFFER_INDEX,
+  TS_LUA_CONFIG_PLUGIN_VC_DEFAULT_BUFFER_WATER_MARK    = TS_CONFIG_PLUGIN_VC_DEFAULT_BUFFER_WATER_MARK,
+  TS_LUA_CONFIG_NET_SOCK_NOTSENT_LOWAT                 = TS_CONFIG_NET_SOCK_NOTSENT_LOWAT,
+  TS_LUA_CONFIG_BODY_FACTORY_RESPONSE_SUPPRESSION_MODE = TS_CONFIG_BODY_FACTORY_RESPONSE_SUPPRESSION_MODE,
+  TS_LUA_CONFIG_ENABLE_PARENT_TIMEOUT_MARKDOWNS        = TS_CONFIG_HTTP_ENABLE_PARENT_TIMEOUT_MARKDOWNS,
+  TS_LUA_CONFIG_DISABLE_PARENT_MARKDOWNS               = TS_CONFIG_HTTP_DISABLE_PARENT_MARKDOWNS,
+  TS_LUA_CONFIG_LAST_ENTRY                             = TS_CONFIG_LAST_ENTRY,
 } TSLuaOverridableConfigKey;
 
 typedef enum {
@@ -267,6 +270,9 @@ ts_lua_var_item ts_lua_http_config_vars[] = {
   TS_LUA_MAKE_VAR_ITEM(TS_LUA_CONFIG_HTTP_ALLOW_MULTI_RANGE),
   TS_LUA_MAKE_VAR_ITEM(TS_LUA_CONFIG_HTTP_REQUEST_BUFFER_ENABLED),
   TS_LUA_MAKE_VAR_ITEM(TS_LUA_CONFIG_HTTP_ALLOW_HALF_OPEN),
+#if TS_VERSION_MAJOR < 10
+  TS_LUA_MAKE_VAR_ITEM(TS_CONFIG_SSL_CLIENT_VERIFY_SERVER),
+#endif
   TS_LUA_MAKE_VAR_ITEM(TS_CONFIG_SSL_CLIENT_VERIFY_SERVER_POLICY),
   TS_LUA_MAKE_VAR_ITEM(TS_CONFIG_SSL_CLIENT_VERIFY_SERVER_PROPERTIES),
   TS_LUA_MAKE_VAR_ITEM(TS_CONFIG_SSL_CLIENT_SNI_POLICY),
diff --git a/src/traffic_server/InkAPI.cc b/src/traffic_server/InkAPI.cc
index 4db07a10c51..a8b1890fe4c 100644
--- a/src/traffic_server/InkAPI.cc
+++ b/src/traffic_server/InkAPI.cc
@@ -6536,6 +6536,72 @@ TSHttpTxnStatusGet(TSHttpTxn txnp)
   return static_cast<TSHttpStatus>(sm->t_state.http_return_code);
 }
 
+#if TS_VERSION_MAJOR < 10
+/* control channel for HTTP */
+TSReturnCode
+TSHttpTxnCntl(TSHttpTxn txnp, TSHttpCntlTypeExperimental cntl, void *data)
+{
+  sdk_assert(sdk_sanity_check_txn(txnp) == TS_SUCCESS);
+
+  HttpSM *sm = (HttpSM *)txnp;
+
+  switch (cntl) {
+  case TS_HTTP_CNTL_GET_LOGGING_MODE: {
+    if (data == nullptr) {
+      return TS_ERROR;
+    }
+
+    intptr_t *rptr = static_cast<intptr_t *>(data);
+
+    if (sm->t_state.api_info.logging_enabled) {
+      *rptr = (intptr_t)TS_HTTP_CNTL_ON;
+    } else {
+      *rptr = (intptr_t)TS_HTTP_CNTL_OFF;
+    }
+
+    return TS_SUCCESS;
+  }
+
+  case TS_HTTP_CNTL_SET_LOGGING_MODE:
+    if (data != TS_HTTP_CNTL_ON && data != TS_HTTP_CNTL_OFF) {
+      return TS_ERROR;
+    } else {
+      sm->t_state.api_info.logging_enabled = (bool)data;
+      return TS_SUCCESS;
+    }
+    break;
+
+  case TS_HTTP_CNTL_GET_INTERCEPT_RETRY_MODE: {
+    if (data == nullptr) {
+      return TS_ERROR;
+    }
+
+    intptr_t *rptr = static_cast<intptr_t *>(data);
+
+    if (sm->t_state.api_info.retry_intercept_failures) {
+      *rptr = (intptr_t)TS_HTTP_CNTL_ON;
+    } else {
+      *rptr = (intptr_t)TS_HTTP_CNTL_OFF;
+    }
+
+    return TS_SUCCESS;
+  }
+
+  case TS_HTTP_CNTL_SET_INTERCEPT_RETRY_MODE:
+    if (data != TS_HTTP_CNTL_ON && data != TS_HTTP_CNTL_OFF) {
+      return TS_ERROR;
+    } else {
+      sm->t_state.api_info.retry_intercept_failures = (bool)data;
+      return TS_SUCCESS;
+    }
+  default:
+    return TS_ERROR;
+  }
+
+  return TS_ERROR;
+}
+
+#endif
 TSReturnCode
 TSHttpTxnCntlSet(TSHttpTxn txnp, TSHttpCntlType cntl, bool data)
 {
@@ -8970,6 +9036,12 @@ _conf_to_memberp(TSOverridableConfigKey conf, OverridableHttpConfigParams *overr
   // This helps avoiding compiler warnings, yet detect unhandled enum members.
   case TS_CONFIG_NULL:
   case TS_CONFIG_LAST_ENTRY:
+#if TS_VERSION_MAJOR < 10
+
+  // The following is not used in 9.2.x, but preserved for ABI compatibility.
+  case TS_CONFIG_SSL_CLIENT_VERIFY_SERVER:
+
+#endif
     break;
   }
 
diff --git a/src/traffic_server/InkAPITest.cc b/src/traffic_server/InkAPITest.cc
index 62d452033de..cd000967bbf 100644
--- a/src/traffic_server/InkAPITest.cc
+++ b/src/traffic_server/InkAPITest.cc
@@ -8660,7 +8660,6 @@ std::array<std::string_view, TS_CONFIG_LAST_ENTRY> SDK_Overridable_Configs = {
    "proxy.config.http.cache.max_open_write_retries",
    "proxy.config.http.redirect_use_orig_cache_key",
    "proxy.config.http.attach_server_session_to_client",
-   "proxy.config.http.max_proxy_cycles",
    "proxy.config.websocket.no_activity_timeout",
    "proxy.config.websocket.active_timeout",
    "proxy.config.http.uncacheable_requests_bypass_parent",
@@ -8688,6 +8687,9 @@ std::array<std::string_view, TS_CONFIG_LAST_ENTRY> SDK_Overridable_Configs = {
    OutboundConnTrack::CONFIG_VAR_MIN,
    OutboundConnTrack::CONFIG_VAR_MAX,
    OutboundConnTrack::CONFIG_VAR_MATCH,
+#if TS_VERSION_MAJOR < 10
+   "proxy.config.ssl.client.verify.server",
+#endif
    "proxy.config.ssl.client.verify.server.policy",
    "proxy.config.ssl.client.verify.server.properties",
    "proxy.config.ssl.client.sni_policy",
@@ -8695,6 +8697,7 @@ std::array<std::string_view, TS_CONFIG_LAST_ENTRY> SDK_Overridable_Configs = {
    "proxy.config.ssl.client.CA.cert.filename",
    "proxy.config.hostdb.ip_resolve",
    "proxy.config.http.connect.dead.policy",
+   "proxy.config.http.max_proxy_cycles",
    "proxy.config.plugin.vc.default_buffer_index",
    "proxy.config.plugin.vc.default_buffer_water_mark",
    "proxy.config.net.sock_notsent_lowat",
@@ -8723,6 +8726,14 @@ REGRESSION_TEST(SDK_API_OVERRIDABLE_CONFIGS)(RegressionTest *test, int /* atype
   *pstatus = REGRESSION_TEST_INPROGRESS;
   for (int i = 0; i < static_cast<int>(SDK_Overridable_Configs.size()); ++i) {
     std::string_view conf{SDK_Overridable_Configs[i]};
+#if TS_VERSION_MAJOR < 10
+    if (conf == "proxy.config.ssl.client.verify.server") {
+      // TODO: remove this in 10.x. Kept here because we keep the
+      // `TS_CONFIG_SSL_CLIENT_VERIFY_SERVER` in 9.x to preserve ABI
+      // compatibility in the 9.x releases.
+      continue;
+    }
+#endif
 
     if (TS_SUCCESS == TSHttpTxnConfigFind(conf.data(), -1, &key, &type)) {
       if (key != i) {