Add extra state for allow_half_open setting

Author: shinrich

doc/admin-guide/files/records.config.en.rst

@@ -4198,12 +4198,16 @@ Sockets
    exception being if you run |TS| with a protocol plugin, and would
    like for it to not support HTTP requests at all.
 
-.. ts:cv:: CONFIG proxy.config.http.allow_half_open INT 1
+.. ts:cv:: CONFIG proxy.config.http.allow_half_open INT 0
    :reloadable:
    :overridable:
 
-   Turn on or off support for connection half open for client side. Default is on, so
-   after client sends FIN, the connection is still there.
+   Controls whether ATS will continue to send data over a connection when the client side
+   closes (operating in a half open state).  The client would have to be be written to 
+   expect this to process the extra data.  A value of 0 disables the half open connection from 
+   consideration. A value of 1 cause |TS| to send data after receiving a FIN on non TLS connections.
+   A value of 2 will cause |TS| to also send data over TLS connections after the client sends a
+   FIN.
 
 .. ts:cv:: CONFIG proxy.config.http.wait_for_cache INT 0
 

mgmt/RecordsConfig.cc

@@ -303,7 +303,7 @@ static const RecordElement RecordsConfig[] =
   //        # basics #
   //        ##########
   //       #
-  {RECT_CONFIG, "proxy.config.http.allow_half_open", RECD_INT, "1", RECU_DYNAMIC, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
+  {RECT_CONFIG, "proxy.config.http.allow_half_open", RECD_INT, "0", RECU_DYNAMIC, RR_NULL, RECC_INT, "[0-2]", RECA_NULL}
   ,
   {RECT_CONFIG, "proxy.config.http.enabled", RECD_INT, "1", RECU_RESTART_TM, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
   ,

plugins/experimental/slice/intercept.cc

@@ -57,14 +57,14 @@ intercept_hook(TSCont contp, TSEvent event, void *edata)
     if (data->m_dnstream.m_read.isOpen() && edata == data->m_dnstream.m_read.m_vio) {
       if (handle_client_req(contp, event, data)) {
         // DEBUG_LOG("shutting down read from client pipe");
-        TSVConnShutdown(data->m_dnstream.m_vc, 1, 0);
+        // TSVConnShutdown(data->m_dnstream.m_vc, 1, 0);
       }
     }
     // server wants more data from us, should never happen
     // every time TSHttpConnect is called this resets
     else if (data->m_upstream.m_write.isOpen() && edata == data->m_upstream.m_write.m_vio) {
       // DEBUG_LOG("shutting down send to server pipe");
-      TSVConnShutdown(data->m_upstream.m_vc, 0, 1);
+      // TSVConnShutdown(data->m_upstream.m_vc, 0, 1);
     }
     // server has data for us, typically handle just the header
     else if (data->m_upstream.m_read.isOpen() && edata == data->m_upstream.m_read.m_vio) {

proxy/http/Http1ClientSession.cc

@@ -523,10 +523,14 @@ Http1ClientSession::start()
 }
 
 bool
-Http1ClientSession::allow_half_open() const
+Http1ClientSession::allow_half_open(bool allow_half_open_tls) const
 {
-  // Only allow half open connections if the not over TLS
-  return (client_vc && dynamic_cast<SSLNetVConnection *>(client_vc) == nullptr);
+  if (allow_half_open_tls) {
+    return true;
+  } else {
+    // Only allow half open connections if the not over TLS
+    return (client_vc && dynamic_cast<SSLNetVConnection *>(client_vc) == nullptr);
+  }
 }
 
 void

proxy/http/Http1ClientSession.h

@@ -72,7 +72,7 @@ class Http1ClientSession : public ProxySession
   void reenable(VIO *vio) override;
 
   // Accessor Methods
-  bool allow_half_open() const;
+  bool allow_half_open(bool half_open_tls) const;
   void set_half_close_flag(bool flag) override;
   bool get_half_close_flag() const override;
   bool is_chunked_encoding_supported() const override;

proxy/http/Http1Transaction.cc

@@ -68,10 +68,11 @@ Http1Transaction::reenable(VIO *vio)
 bool
 Http1Transaction::allow_half_open() const
 {
-  bool config_allows_it = (_sm) ? _sm->t_state.txn_conf->allow_half_open > 0 : true;
+  bool config_allows_it            = (_sm) ? _sm->t_state.txn_conf->allow_half_open > 0 : false;
+  bool config_allows_tls_half_open = (_sm) ? _sm->t_state.txn_conf->allow_half_open > 1 : false;
   if (config_allows_it) {
     // Check with the session to make sure the underlying transport allows the half open scenario
-    return static_cast<Http1ClientSession *>(_proxy_ssn)->allow_half_open();
+    return static_cast<Http1ClientSession *>(_proxy_ssn)->allow_half_open(config_allows_tls_half_open);
   }
   return false;
 }

proxy/http/HttpSM.cc

@@ -3296,8 +3296,8 @@ HttpSM::tunnel_handler_ua(int event, HttpTunnelConsumer *c)
     // only external POSTs should be subject to this logic; ruling out internal POSTs here
     bool is_eligible_post_request = ((t_state.method == HTTP_WKSIDX_POST) && !is_internal);
 
-    if ((is_eligible_post_request || t_state.client_info.pipeline_possible == true) && c->producer->vc_type != HT_STATIC &&
-        event == VC_EVENT_WRITE_COMPLETE) {
+    if ((is_eligible_post_request || t_state.client_info.pipeline_possible == true) && ua_txn->allow_half_open() &&
+        c->producer->vc_type != HT_STATIC && event == VC_EVENT_WRITE_COMPLETE) {
       ua_txn->set_half_close_flag(true);
     }
 

tests/gold_tests/body_factory/data/www.customplugin204.test_get.txt

@@ -1,2 +1,3 @@
 GET HTTP://www.customplugin204.test/ HTTP/1.1
+Connection:close
 

tests/gold_tests/body_factory/data/www.customtemplate204.test_get.txt

@@ -1,2 +1,3 @@
 GET HTTP://www.customtemplate204.test/ HTTP/1.1
+Connection:close
 

tests/gold_tests/body_factory/data/www.default204.test_get.txt

@@ -1,2 +1,3 @@
 GET HTTP://www.default204.test/ HTTP/1.1
+Connection:close