From ad02e514982173326b4175c39ab42115aa23b3cf Mon Sep 17 00:00:00 2001 From: Brian Olsen Date: Tue, 11 Apr 2023 20:30:24 +0000 Subject: [PATCH 1/3] make config.proxy.http.no_dns_just_forward_to_parent overridable --- doc/admin-guide/files/records.yaml.en.rst | 1 + .../functions/TSHttpOverridableConfig.en.rst | 1 + .../api/types/TSOverridableConfigKey.en.rst | 1 + include/ts/apidefs.h.in | 3 +- proxy/http/HttpConfig.cc | 5 +- proxy/http/HttpConfig.h | 14 +-- proxy/http/HttpSM.cc | 4 +- proxy/http/HttpTransact.cc | 19 ++- src/shared/overridable_txn_vars.cc | 2 + src/traffic_server/InkAPI.cc | 3 + src/traffic_server/InkAPITest.cc | 113 +++++++++--------- 11 files changed, 88 insertions(+), 78 deletions(-) diff --git a/doc/admin-guide/files/records.yaml.en.rst b/doc/admin-guide/files/records.yaml.en.rst index 359bceaadd1..35982acd6e2 100644 --- a/doc/admin-guide/files/records.yaml.en.rst +++ b/doc/admin-guide/files/records.yaml.en.rst @@ -1355,6 +1355,7 @@ Parent Proxy Configuration .. ts:cv:: CONFIG proxy.config.http.no_dns_just_forward_to_parent INT 0 :reloadable: + :overridable: Don't try to resolve DNS, forward all DNS requests to the parent. This is off (``0``) by default. diff --git a/doc/developer-guide/api/functions/TSHttpOverridableConfig.en.rst b/doc/developer-guide/api/functions/TSHttpOverridableConfig.en.rst index 1389f9b3170..38567a35e36 100644 --- a/doc/developer-guide/api/functions/TSHttpOverridableConfig.en.rst +++ b/doc/developer-guide/api/functions/TSHttpOverridableConfig.en.rst @@ -139,6 +139,7 @@ TSOverridableConfigKey Value Config :c:enumerator:`TS_CONFIG_HTTP_NEGATIVE_CACHING_LIFETIME` :ts:cv:`proxy.config.http.negative_caching_lifetime` :c:enumerator:`TS_CONFIG_HTTP_NEGATIVE_REVALIDATING_ENABLED` :ts:cv:`proxy.config.http.negative_revalidating_enabled` :c:enumerator:`TS_CONFIG_HTTP_NEGATIVE_REVALIDATING_LIFETIME` :ts:cv:`proxy.config.http.negative_revalidating_lifetime` +:c:enumerator:`TS_CONFIG_HTTP_NO_DNS_JUST_FORWARD_TO_PARENT` :ts:cv:`proxy.config.http.no_dns_just_forward_to_parent` :c:enumerator:`TS_CONFIG_HTTP_NORMALIZE_AE` :ts:cv:`proxy.config.http.normalize_ae` :c:enumerator:`TS_CONFIG_HTTP_NUMBER_OF_REDIRECTIONS` :ts:cv:`proxy.config.http.number_of_redirections` :c:enumerator:`TS_CONFIG_HTTP_PARENT_PROXY_FAIL_THRESHOLD` :ts:cv:`proxy.config.http.parent_proxy.fail_threshold` diff --git a/doc/developer-guide/api/types/TSOverridableConfigKey.en.rst b/doc/developer-guide/api/types/TSOverridableConfigKey.en.rst index 9b30e52a900..796fe563ac8 100644 --- a/doc/developer-guide/api/types/TSOverridableConfigKey.en.rst +++ b/doc/developer-guide/api/types/TSOverridableConfigKey.en.rst @@ -154,6 +154,7 @@ Enumeration Members .. c:enumerator:: TS_CONFIG_NET_SOCK_NOTSENT_LOWAT .. c:enumerator:: TS_CONFIG_BODY_FACTORY_RESPONSE_SUPPRESSION_MODE .. c:enumerator:: TS_CONFIG_NET_DEFAULT_INACTIVITY_TIMEOUT +.. c:enumerator:: TS_CONFIG_HTTP_NO_DNS_JUST_FORWARD_TO_PARENT Description diff --git a/include/ts/apidefs.h.in b/include/ts/apidefs.h.in index 0e579576396..cbf0cf7574b 100644 --- a/include/ts/apidefs.h.in +++ b/include/ts/apidefs.h.in @@ -887,7 +887,8 @@ typedef enum { TS_CONFIG_HTTP_ENABLE_PARENT_TIMEOUT_MARKDOWNS, TS_CONFIG_HTTP_DISABLE_PARENT_MARKDOWNS, TS_CONFIG_NET_DEFAULT_INACTIVITY_TIMEOUT, - TS_CONFIG_LAST_ENTRY + TS_CONFIG_LAST_ENTRY, + TS_CONFIG_HTTP_NO_DNS_JUST_FORWARD_TO_PARENT, } TSOverridableConfigKey; /* The TASK pool of threads is the primary method of off-loading continuations from the diff --git a/proxy/http/HttpConfig.cc b/proxy/http/HttpConfig.cc index 8be8e841cba..cd6785b7ed7 100644 --- a/proxy/http/HttpConfig.cc +++ b/proxy/http/HttpConfig.cc @@ -1179,7 +1179,7 @@ HttpConfig::startup() HttpEstablishStaticConfigByte(c.disable_ssl_parenting, "proxy.local.http.parent_proxy.disable_connect_tunneling"); HttpEstablishStaticConfigByte(c.oride.forward_connect_method, "proxy.config.http.forward_connect_method"); - HttpEstablishStaticConfigByte(c.no_dns_forward_to_parent, "proxy.config.http.no_dns_just_forward_to_parent"); + HttpEstablishStaticConfigByte(c.oride.no_dns_forward_to_parent, "proxy.config.http.no_dns_just_forward_to_parent"); HttpEstablishStaticConfigByte(c.oride.uncacheable_requests_bypass_parent, "proxy.config.http.uncacheable_requests_bypass_parent"); HttpEstablishStaticConfigByte(c.oride.doc_in_cache_skip_dns, "proxy.config.http.doc_in_cache_skip_dns"); @@ -1456,7 +1456,7 @@ HttpConfig::reconfigure() params->proxy_hostname = ats_strdup(m_master.proxy_hostname); params->proxy_hostname_len = (params->proxy_hostname) ? strlen(params->proxy_hostname) : 0; - params->no_dns_forward_to_parent = INT_TO_BOOL(m_master.no_dns_forward_to_parent); + params->oride.no_dns_forward_to_parent = INT_TO_BOOL(m_master.oride.no_dns_forward_to_parent); params->oride.uncacheable_requests_bypass_parent = INT_TO_BOOL(m_master.oride.uncacheable_requests_bypass_parent); params->no_origin_server_dns = INT_TO_BOOL(m_master.no_origin_server_dns); params->use_client_target_addr = m_master.use_client_target_addr; @@ -1556,6 +1556,7 @@ HttpConfig::reconfigure() params->oride.parent_fail_threshold = m_master.oride.parent_fail_threshold; params->oride.per_parent_connect_attempts = m_master.oride.per_parent_connect_attempts; params->oride.parent_failures_update_hostdb = m_master.oride.parent_failures_update_hostdb; + params->oride.no_dns_forward_to_parent = m_master.oride.no_dns_forward_to_parent; params->oride.enable_parent_timeout_markdowns = m_master.oride.enable_parent_timeout_markdowns; params->oride.disable_parent_markdowns = m_master.oride.disable_parent_markdowns; diff --git a/proxy/http/HttpConfig.h b/proxy/http/HttpConfig.h index 8bb9d83ff1a..3bb02447883 100644 --- a/proxy/http/HttpConfig.h +++ b/proxy/http/HttpConfig.h @@ -579,9 +579,9 @@ struct OverridableHttpConfigParams { MgmtByte insert_request_via_string = 1; MgmtByte insert_response_via_string = 0; - ////////////////////// - // DOC IN CACHE NO DNS// - ////////////////////// + ///////////////////////// + // DOC IN CACHE NO DNS // + ///////////////////////// MgmtByte doc_in_cache_skip_dns = 1; MgmtByte flow_control_enabled = 0; @@ -595,6 +595,7 @@ struct OverridableHttpConfigParams { ////////////////////////// MgmtByte srv_enabled = 0; MgmtByte parent_failures_update_hostdb = 0; + MgmtByte no_dns_forward_to_parent = 0; MgmtByte cache_open_write_fail_action = 0; @@ -822,10 +823,9 @@ struct HttpConfigParams : public ConfigInfo { /////////////////////////////////////////////////////////////////// MgmtByte disable_ssl_parenting = 0; - MgmtByte no_dns_forward_to_parent = 0; - MgmtByte no_origin_server_dns = 0; - MgmtByte use_client_target_addr = 0; - MgmtByte use_client_source_port = 0; + MgmtByte no_origin_server_dns = 0; + MgmtByte use_client_target_addr = 0; + MgmtByte use_client_source_port = 0; MgmtByte enable_http_stats = 1; // Can be "slow" diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc index a34d8ad8697..22a80696fb1 100644 --- a/proxy/http/HttpSM.cc +++ b/proxy/http/HttpSM.cc @@ -4530,7 +4530,7 @@ HttpSM::do_hostdb_lookup() milestones[TS_MILESTONE_DNS_LOOKUP_BEGIN] = Thread::get_hrtime(); // If directed to not look up fqdns then mark as resolved - if (t_state.http_config_param->no_dns_forward_to_parent && t_state.parent_result.result == PARENT_UNDEFINED) { + if (t_state.txn_conf->no_dns_forward_to_parent && t_state.parent_result.result == PARENT_UNDEFINED) { t_state.dns_info.resolved_p = true; call_transact_and_set_next_state(nullptr); return; @@ -7923,7 +7923,7 @@ HttpSM::set_next_state() call_transact_and_set_next_state(nullptr); break; - } else if (t_state.dns_info.looking_up == ResolveInfo::ORIGIN_SERVER && t_state.http_config_param->no_dns_forward_to_parent && + } else if (t_state.dns_info.looking_up == ResolveInfo::ORIGIN_SERVER && t_state.txn_conf->no_dns_forward_to_parent && t_state.parent_result.result != PARENT_UNDEFINED) { t_state.dns_info.resolved_p = true; // seems dangerous - where's the IP address? call_transact_and_set_next_state(nullptr); diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc index f27439f8ddc..32966716323 100644 --- a/proxy/http/HttpTransact.cc +++ b/proxy/http/HttpTransact.cc @@ -585,7 +585,7 @@ find_server_and_update_current_info(HttpTransact::State *s) TxnDebug("http_trans", "request not cacheable, so bypass parent"); s->parent_result.result = PARENT_DIRECT; } - } else if (s->txn_conf->uncacheable_requests_bypass_parent && s->http_config_param->no_dns_forward_to_parent == 0 && + } else if (s->txn_conf->uncacheable_requests_bypass_parent && s->txn_conf->no_dns_forward_to_parent == 0 && !HttpTransact::is_request_cache_lookupable(s)) { // request not lookupable and cacheable, so bypass parent if the parent is not an origin server. // Note that the configuration of the proxy as well as the request @@ -614,7 +614,7 @@ find_server_and_update_current_info(HttpTransact::State *s) // We already have a parent that failed, if we are now told // to go the origin server, we can only obey this if we // dns'ed the origin server - if (s->parent_result.result == PARENT_DIRECT && s->http_config_param->no_dns_forward_to_parent != 0) { + if (s->parent_result.result == PARENT_DIRECT && s->txn_conf->no_dns_forward_to_parent != 0) { ink_assert(!s->server_info.dst_addr.isValid()); s->parent_result.result = PARENT_FAIL; } @@ -625,7 +625,7 @@ find_server_and_update_current_info(HttpTransact::State *s) // 1) the config permitted us to dns the origin server // 2) the config permits us // 3) the parent was not set from API - if (s->http_config_param->no_dns_forward_to_parent == 0 && bypass_ok(s) && parent_is_proxy(s) && + if (s->txn_conf->no_dns_forward_to_parent == 0 && bypass_ok(s) && parent_is_proxy(s) && !s->parent_params->apiParentExists(&s->request_data)) { s->parent_result.result = PARENT_DIRECT; } @@ -658,7 +658,7 @@ find_server_and_update_current_info(HttpTransact::State *s) case PARENT_DIRECT: // if the configuration does not allow the origin to be dns'd // we're unable to go direct to the origin. - if (s->http_config_param->no_dns_forward_to_parent) { + if (s->txn_conf->no_dns_forward_to_parent) { Warning("no available parents and the config proxy.config.http.no_dns_just_forward_to_parent, prevents origin lookups."); s->parent_result.result = PARENT_FAIL; return ResolveInfo::HOST_NONE; @@ -1600,8 +1600,7 @@ HttpTransact::HandleRequest(State *s) TRANSACT_RETURN(SM_ACTION_INTERNAL_CACHE_NOOP, nullptr); } - if (s->http_config_param->no_dns_forward_to_parent && s->scheme != URL_WKSIDX_HTTPS && - strcmp(s->server_info.name, "127.0.0.1") != 0) { + if (s->txn_conf->no_dns_forward_to_parent && s->scheme != URL_WKSIDX_HTTPS && strcmp(s->server_info.name, "127.0.0.1") != 0) { // for HTTPS requests, we must go directly to the // origin server. Ignore the no_dns_just_forward_to_parent setting. // we need to see if the hostname is an @@ -1811,7 +1810,7 @@ HttpTransact::PPDNSLookup(State *s) if (!s->current.server->dst_addr.isValid()) { if (s->current.request_to == ResolveInfo::PARENT_PROXY) { TRANSACT_RETURN(SM_ACTION_DNS_LOOKUP, PPDNSLookupAPICall); - } else if (s->parent_result.result == PARENT_DIRECT && s->http_config_param->no_dns_forward_to_parent != 1) { + } else if (s->parent_result.result == PARENT_DIRECT && s->txn_conf->no_dns_forward_to_parent != 1) { // We ran out of parents but parent configuration allows us to go to Origin Server directly CallOSDNSLookup(s); return; @@ -2019,7 +2018,7 @@ HttpTransact::OSDNSLookup(State *s) // therefore no more backtracking - return to trying the server. TRANSACT_RETURN(how_to_open_connection(s), HttpTransact::HandleResponse); } else if (s->dns_info.lookup_name[0] <= '9' && s->dns_info.lookup_name[0] >= '0' && s->parent_params->parent_table->hostMatch && - !s->http_config_param->no_dns_forward_to_parent) { + !s->txn_conf->no_dns_forward_to_parent) { // note, broken logic: ACC fudges the OR stmt to always be true, // 'AuthHttpAdapter' should do the rev-dns if needed, not here . TRANSACT_RETURN(SM_ACTION_DNS_REVERSE_LOOKUP, HttpTransact::StartAccessControl); @@ -3311,8 +3310,8 @@ HttpTransact::HandleCacheOpenReadMiss(State *s) } if (!s->current.server->dst_addr.isValid()) { ink_release_assert(s->parent_result.result == PARENT_DIRECT || s->current.request_to == ResolveInfo::PARENT_PROXY || - s->http_config_param->no_dns_forward_to_parent != 0); - if (s->parent_result.result == PARENT_DIRECT && s->http_config_param->no_dns_forward_to_parent != 1) { + s->txn_conf->no_dns_forward_to_parent != 0); + if (s->parent_result.result == PARENT_DIRECT && s->txn_conf->no_dns_forward_to_parent != 1) { return CallOSDNSLookup(s); } if (s->current.request_to == ResolveInfo::PARENT_PROXY) { diff --git a/src/shared/overridable_txn_vars.cc b/src/shared/overridable_txn_vars.cc index 855c34a8d11..6e6c3c60a6e 100644 --- a/src/shared/overridable_txn_vars.cc +++ b/src/shared/overridable_txn_vars.cc @@ -152,6 +152,7 @@ const std::unordered_maphost_res_data; conv = &HttpTransact::HOST_RES_CONV; break; + case TS_CONFIG_HTTP_NO_DNS_JUST_FORWARD_TO_PARENT: + ret = _memberp_to_generic(&overridableHttpConfig->no_dns_forward_to_parent, conv); + break; case TS_CONFIG_PLUGIN_VC_DEFAULT_BUFFER_INDEX: ret = _memberp_to_generic(&overridableHttpConfig->plugin_vc_default_buffer_index, conv); break; diff --git a/src/traffic_server/InkAPITest.cc b/src/traffic_server/InkAPITest.cc index 57093c06ce0..ed8e498dfa0 100644 --- a/src/traffic_server/InkAPITest.cc +++ b/src/traffic_server/InkAPITest.cc @@ -8580,61 +8580,61 @@ EXCLUSIVE_REGRESSION_TEST(SDK_API_TSHttpConnectServerIntercept)(RegressionTest * // The order of these should be the same as TSOverridableConfigKey std::array SDK_Overridable_Configs = { - {"proxy.config.url_remap.pristine_host_hdr", - "proxy.config.http.chunking_enabled", "proxy.config.http.negative_caching_enabled", - "proxy.config.http.negative_caching_lifetime", "proxy.config.http.cache.when_to_revalidate", - "proxy.config.http.keep_alive_enabled_in", "proxy.config.http.keep_alive_enabled_out", - "proxy.config.http.keep_alive_post_out", "proxy.config.http.server_session_sharing.match", - "proxy.config.net.sock_recv_buffer_size_out", "proxy.config.net.sock_send_buffer_size_out", - "proxy.config.net.sock_option_flag_out", "proxy.config.http.forward.proxy_auth_to_parent", - "proxy.config.http.anonymize_remove_from", "proxy.config.http.anonymize_remove_referer", - "proxy.config.http.anonymize_remove_user_agent", "proxy.config.http.anonymize_remove_cookie", - "proxy.config.http.anonymize_remove_client_ip", "proxy.config.http.insert_client_ip", - "proxy.config.http.response_server_enabled", "proxy.config.http.insert_squid_x_forwarded_for", - "proxy.config.http.send_http11_requests", "proxy.config.http.cache.http", - "proxy.config.http.cache.ignore_client_no_cache", "proxy.config.http.cache.ignore_client_cc_max_age", - "proxy.config.http.cache.ims_on_client_no_cache", "proxy.config.http.cache.ignore_server_no_cache", - "proxy.config.http.cache.cache_responses_to_cookies", "proxy.config.http.cache.ignore_authentication", - "proxy.config.http.cache.cache_urls_that_look_dynamic", "proxy.config.http.cache.required_headers", - "proxy.config.http.insert_request_via_str", "proxy.config.http.insert_response_via_str", - "proxy.config.http.cache.heuristic_min_lifetime", "proxy.config.http.cache.heuristic_max_lifetime", - "proxy.config.http.cache.guaranteed_min_lifetime", "proxy.config.http.cache.guaranteed_max_lifetime", - "proxy.config.http.cache.max_stale_age", "proxy.config.http.keep_alive_no_activity_timeout_in", - "proxy.config.http.keep_alive_no_activity_timeout_out", "proxy.config.http.transaction_no_activity_timeout_in", - "proxy.config.http.transaction_no_activity_timeout_out", "proxy.config.http.transaction_active_timeout_out", - "proxy.config.http.connect_attempts_max_retries", "proxy.config.http.connect_attempts_max_retries_dead_server", - "proxy.config.http.connect_attempts_rr_retries", "proxy.config.http.connect_attempts_timeout", - "proxy.config.http.down_server.cache_time", "proxy.config.http.doc_in_cache_skip_dns", - "proxy.config.http.background_fill_active_timeout", "proxy.config.http.response_server_str", - "proxy.config.http.cache.heuristic_lm_factor", "proxy.config.http.background_fill_completed_threshold", - "proxy.config.net.sock_packet_mark_out", "proxy.config.net.sock_packet_tos_out", - "proxy.config.http.insert_age_in_response", "proxy.config.http.chunking.size", - "proxy.config.http.flow_control.enabled", "proxy.config.http.flow_control.low_water", - "proxy.config.http.flow_control.high_water", "proxy.config.http.cache.range.lookup", - "proxy.config.http.default_buffer_size", "proxy.config.http.default_buffer_water_mark", - "proxy.config.http.request_header_max_size", "proxy.config.http.response_header_max_size", - "proxy.config.http.negative_revalidating_enabled", "proxy.config.http.negative_revalidating_lifetime", - "proxy.config.ssl.hsts_max_age", "proxy.config.ssl.hsts_include_subdomains", - "proxy.config.http.cache.open_read_retry_time", "proxy.config.http.cache.max_open_read_retries", - "proxy.config.http.cache.range.write", "proxy.config.http.post.check.content_length.enabled", - "proxy.config.http.global_user_agent_header", "proxy.config.http.auth_server_session_private", - "proxy.config.http.slow.log.threshold", "proxy.config.http.cache.generation", - "proxy.config.body_factory.template_base", "proxy.config.http.cache.open_write_fail_action", - "proxy.config.http.number_of_redirections", "proxy.config.http.cache.max_open_write_retries", - "proxy.config.http.cache.max_open_write_retry_timeout", "proxy.config.http.redirect_use_orig_cache_key", - "proxy.config.http.attach_server_session_to_client", "proxy.config.websocket.no_activity_timeout", - "proxy.config.websocket.active_timeout", "proxy.config.http.uncacheable_requests_bypass_parent", - "proxy.config.http.parent_proxy.total_connect_attempts", "proxy.config.http.transaction_active_timeout_in", - "proxy.config.srv_enabled", "proxy.config.http.forward_connect_method", - "proxy.config.ssl.client.cert.filename", "proxy.config.ssl.client.cert.path", - "proxy.config.http.parent_proxy.mark_down_hostdb", "proxy.config.http.cache.ignore_accept_mismatch", - "proxy.config.http.cache.ignore_accept_language_mismatch", "proxy.config.http.cache.ignore_accept_encoding_mismatch", - "proxy.config.http.cache.ignore_accept_charset_mismatch", "proxy.config.http.parent_proxy.fail_threshold", - "proxy.config.http.parent_proxy.retry_time", "proxy.config.http.parent_proxy.per_parent_connect_attempts", - "proxy.config.http.normalize_ae", "proxy.config.http.insert_forwarded", - "proxy.config.http.proxy_protocol_out", "proxy.config.http.allow_multi_range", - "proxy.config.http.request_buffer_enabled", "proxy.config.http.allow_half_open", - OutboundConnTrack::CONFIG_VAR_MIN, + { + "proxy.config.url_remap.pristine_host_hdr", "proxy.config.http.chunking_enabled", + "proxy.config.http.negative_caching_enabled", "proxy.config.http.negative_caching_lifetime", + "proxy.config.http.cache.when_to_revalidate", "proxy.config.http.keep_alive_enabled_in", + "proxy.config.http.keep_alive_enabled_out", "proxy.config.http.keep_alive_post_out", + "proxy.config.http.server_session_sharing.match", "proxy.config.net.sock_recv_buffer_size_out", + "proxy.config.net.sock_send_buffer_size_out", "proxy.config.net.sock_option_flag_out", + "proxy.config.http.forward.proxy_auth_to_parent", "proxy.config.http.anonymize_remove_from", + "proxy.config.http.anonymize_remove_referer", "proxy.config.http.anonymize_remove_user_agent", + "proxy.config.http.anonymize_remove_cookie", "proxy.config.http.anonymize_remove_client_ip", + "proxy.config.http.insert_client_ip", "proxy.config.http.response_server_enabled", + "proxy.config.http.insert_squid_x_forwarded_for", "proxy.config.http.send_http11_requests", + "proxy.config.http.cache.http", "proxy.config.http.cache.ignore_client_no_cache", + "proxy.config.http.cache.ignore_client_cc_max_age", "proxy.config.http.cache.ims_on_client_no_cache", + "proxy.config.http.cache.ignore_server_no_cache", "proxy.config.http.cache.cache_responses_to_cookies", + "proxy.config.http.cache.ignore_authentication", "proxy.config.http.cache.cache_urls_that_look_dynamic", + "proxy.config.http.cache.required_headers", "proxy.config.http.insert_request_via_str", + "proxy.config.http.insert_response_via_str", "proxy.config.http.cache.heuristic_min_lifetime", + "proxy.config.http.cache.heuristic_max_lifetime", "proxy.config.http.cache.guaranteed_min_lifetime", + "proxy.config.http.cache.guaranteed_max_lifetime", "proxy.config.http.cache.max_stale_age", + "proxy.config.http.keep_alive_no_activity_timeout_in", "proxy.config.http.keep_alive_no_activity_timeout_out", + "proxy.config.http.transaction_no_activity_timeout_in", "proxy.config.http.transaction_no_activity_timeout_out", + "proxy.config.http.transaction_active_timeout_out", "proxy.config.http.connect_attempts_max_retries", + "proxy.config.http.connect_attempts_max_retries_dead_server", "proxy.config.http.connect_attempts_rr_retries", + "proxy.config.http.connect_attempts_timeout", "proxy.config.http.down_server.cache_time", + "proxy.config.http.doc_in_cache_skip_dns", "proxy.config.http.background_fill_active_timeout", + "proxy.config.http.response_server_str", "proxy.config.http.cache.heuristic_lm_factor", + "proxy.config.http.background_fill_completed_threshold", "proxy.config.net.sock_packet_mark_out", + "proxy.config.net.sock_packet_tos_out", "proxy.config.http.insert_age_in_response", + "proxy.config.http.chunking.size", "proxy.config.http.flow_control.enabled", + "proxy.config.http.flow_control.low_water", "proxy.config.http.flow_control.high_water", + "proxy.config.http.cache.range.lookup", "proxy.config.http.default_buffer_size", + "proxy.config.http.default_buffer_water_mark", "proxy.config.http.request_header_max_size", + "proxy.config.http.response_header_max_size", "proxy.config.http.negative_revalidating_enabled", + "proxy.config.http.negative_revalidating_lifetime", "proxy.config.ssl.hsts_max_age", + "proxy.config.ssl.hsts_include_subdomains", "proxy.config.http.cache.open_read_retry_time", + "proxy.config.http.cache.max_open_read_retries", "proxy.config.http.cache.range.write", + "proxy.config.http.post.check.content_length.enabled", "proxy.config.http.global_user_agent_header", + "proxy.config.http.auth_server_session_private", "proxy.config.http.slow.log.threshold", + "proxy.config.http.cache.generation", "proxy.config.body_factory.template_base", + "proxy.config.http.cache.open_write_fail_action", "proxy.config.http.number_of_redirections", + "proxy.config.http.cache.max_open_write_retries", "proxy.config.http.cache.max_open_write_retry_timeout", + "proxy.config.http.redirect_use_orig_cache_key", "proxy.config.http.attach_server_session_to_client", + "proxy.config.websocket.no_activity_timeout", "proxy.config.websocket.active_timeout", + "proxy.config.http.uncacheable_requests_bypass_parent", "proxy.config.http.parent_proxy.total_connect_attempts", + "proxy.config.http.transaction_active_timeout_in", "proxy.config.srv_enabled", + "proxy.config.http.forward_connect_method", "proxy.config.ssl.client.cert.filename", + "proxy.config.ssl.client.cert.path", "proxy.config.http.parent_proxy.mark_down_hostdb", + "proxy.config.http.cache.ignore_accept_mismatch", "proxy.config.http.cache.ignore_accept_language_mismatch", + "proxy.config.http.cache.ignore_accept_encoding_mismatch", "proxy.config.http.cache.ignore_accept_charset_mismatch", + "proxy.config.http.parent_proxy.fail_threshold", "proxy.config.http.parent_proxy.retry_time", + "proxy.config.http.parent_proxy.per_parent_connect_attempts", "proxy.config.http.normalize_ae", + "proxy.config.http.insert_forwarded", "proxy.config.http.proxy_protocol_out", + "proxy.config.http.allow_multi_range", "proxy.config.http.request_buffer_enabled", + "proxy.config.http.allow_half_open", OutboundConnTrack::CONFIG_VAR_MIN, OutboundConnTrack::CONFIG_VAR_MAX, OutboundConnTrack::CONFIG_VAR_MATCH, "proxy.config.ssl.client.verify.server.policy", "proxy.config.ssl.client.verify.server.properties", @@ -8644,7 +8644,8 @@ std::array SDK_Overridable_Configs = { "proxy.config.http.max_proxy_cycles", "proxy.config.plugin.vc.default_buffer_index", "proxy.config.plugin.vc.default_buffer_water_mark", "proxy.config.net.sock_notsent_lowat", "proxy.config.body_factory.response_suppression_mode", "proxy.config.http.parent_proxy.enable_parent_timeout_markdowns", - "proxy.config.http.parent_proxy.disable_parent_markdowns", "proxy.config.net.default_inactivity_timeout"} + "proxy.config.http.parent_proxy.disable_parent_markdowns", "proxy.config.net.default_inactivity_timeout", + "proxy.config.http.no_dns_just_forward_to_parent", } }; extern ClassAllocator httpSMAllocator; From bbf7cfaaae0c4986582ae9912f6d6e72d0a29b39 Mon Sep 17 00:00:00 2001 From: Brian Olsen Date: Tue, 11 Apr 2023 21:01:54 +0000 Subject: [PATCH 2/3] add no_dns_just_forward_to_parent to lua --- include/ts/apidefs.h.in | 2 +- plugins/lua/ts_lua_http_config.c | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/include/ts/apidefs.h.in b/include/ts/apidefs.h.in index cbf0cf7574b..729da51bae4 100644 --- a/include/ts/apidefs.h.in +++ b/include/ts/apidefs.h.in @@ -887,8 +887,8 @@ typedef enum { TS_CONFIG_HTTP_ENABLE_PARENT_TIMEOUT_MARKDOWNS, TS_CONFIG_HTTP_DISABLE_PARENT_MARKDOWNS, TS_CONFIG_NET_DEFAULT_INACTIVITY_TIMEOUT, - TS_CONFIG_LAST_ENTRY, TS_CONFIG_HTTP_NO_DNS_JUST_FORWARD_TO_PARENT, + TS_CONFIG_LAST_ENTRY, } TSOverridableConfigKey; /* The TASK pool of threads is the primary method of off-loading continuations from the diff --git a/plugins/lua/ts_lua_http_config.c b/plugins/lua/ts_lua_http_config.c index 95d3e2f4607..c2055e8b731 100644 --- a/plugins/lua/ts_lua_http_config.c +++ b/plugins/lua/ts_lua_http_config.c @@ -145,6 +145,7 @@ typedef enum { TS_LUA_CONFIG_ENABLE_PARENT_TIMEOUT_MARKDOWNS = TS_CONFIG_HTTP_ENABLE_PARENT_TIMEOUT_MARKDOWNS, TS_LUA_CONFIG_DISABLE_PARENT_MARKDOWNS = TS_CONFIG_HTTP_DISABLE_PARENT_MARKDOWNS, TS_LUA_CONFIG_NET_DEFAULT_INACTIVITY_TIMEOUT = TS_CONFIG_NET_DEFAULT_INACTIVITY_TIMEOUT, + TS_LUA_CONFIG_HTTP_NO_DNS_JUST_FORWARD_TO_PARENT = TS_CONFIG_HTTP_NO_DNS_JUST_FORWARD_TO_PARENT, TS_LUA_CONFIG_LAST_ENTRY = TS_CONFIG_LAST_ENTRY, } TSLuaOverridableConfigKey; @@ -282,6 +283,7 @@ ts_lua_var_item ts_lua_http_config_vars[] = { TS_LUA_MAKE_VAR_ITEM(TS_LUA_CONFIG_ENABLE_PARENT_TIMEOUT_MARKDOWNS), TS_LUA_MAKE_VAR_ITEM(TS_LUA_CONFIG_DISABLE_PARENT_MARKDOWNS), TS_LUA_MAKE_VAR_ITEM(TS_LUA_CONFIG_NET_DEFAULT_INACTIVITY_TIMEOUT), + TS_LUA_MAKE_VAR_ITEM(TS_LUA_CONFIG_HTTP_NO_DNS_JUST_FORWARD_TO_PARENT), TS_LUA_MAKE_VAR_ITEM(TS_LUA_CONFIG_LAST_ENTRY), }; From b123873045fdfc866c96724ae210473f9b309ca9 Mon Sep 17 00:00:00 2001 From: Brian Olsen Date: Tue, 23 May 2023 15:12:14 +0000 Subject: [PATCH 3/3] header_rewrite: add debug in case set-config operator fails --- plugins/header_rewrite/operators.cc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/plugins/header_rewrite/operators.cc b/plugins/header_rewrite/operators.cc index 1f6f6327c5a..0d7a7faf179 100644 --- a/plugins/header_rewrite/operators.cc +++ b/plugins/header_rewrite/operators.cc @@ -51,16 +51,22 @@ OperatorSetConfig::exec(const Resources &res) const case TS_RECORDDATATYPE_INT: if (TS_SUCCESS == TSHttpTxnConfigIntSet(res.txnp, _key, _value.get_int_value())) { TSDebug(PLUGIN_NAME, "OperatorSetConfig::exec() invoked on %s=%d", _config.c_str(), _value.get_int_value()); + } else { + TSDebug(PLUGIN_NAME, "OperatorSetConfig::exec() invocation failed on %s=%d", _config.c_str(), _value.get_int_value()); } break; case TS_RECORDDATATYPE_FLOAT: if (TS_SUCCESS == TSHttpTxnConfigFloatSet(res.txnp, _key, _value.get_float_value())) { TSDebug(PLUGIN_NAME, "OperatorSetConfig::exec() invoked on %s=%f", _config.c_str(), _value.get_float_value()); + } else { + TSDebug(PLUGIN_NAME, "OperatorSetConfig::exec() invocation failed on %s=%f", _config.c_str(), _value.get_float_value()); } break; case TS_RECORDDATATYPE_STRING: if (TS_SUCCESS == TSHttpTxnConfigStringSet(res.txnp, _key, _value.get_value().c_str(), _value.size())) { TSDebug(PLUGIN_NAME, "OperatorSetConfig::exec() invoked on %s=%s", _config.c_str(), _value.get_value().c_str()); + } else { + TSDebug(PLUGIN_NAME, "OperatorSetConfig::exec() invocation failed on %s=%s", _config.c_str(), _value.get_value().c_str()); } break; default: