From cd775607ea813c2c117be2a9a4430a43c8bc21f8 Mon Sep 17 00:00:00 2001
From: Masakazu Kitajo <maskit@apache.org>
Date: Fri, 28 Jul 2023 19:46:34 -0600
Subject: [PATCH 1/2] Unrequire remap rules for OCSP

The change to use FetchSM for OCSP requests unintentionally made ATS rely on remap rules, and that effectively broke OCSP if a user
sets remap_required to 1. To recover the original behavior which does not rely on remap rules, this introduces a new flag for
FetchSM, TS_FETCH_FLAGS_SKIP_REMAP, and the flag enables skipping remap on a transaction initiated by FetchSM even if
remap_required is set to 1.

Since the flag is part of TS API, this also enables plugins to make HTTP requests for other servers without remap rules.
---
 include/ts/experimental.h     |  3 ++-
 iocore/net/I_NetVConnection.h | 13 +++++++++++++
 iocore/net/OCSPStapling.cc    |  4 ++--
 proxy/http/HttpSM.cc          |  1 +
 src/traffic_server/FetchSM.cc |  5 +++++
 5 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/include/ts/experimental.h b/include/ts/experimental.h
index d550d2d24c4..759d1768dc0 100644
--- a/include/ts/experimental.h
+++ b/include/ts/experimental.h
@@ -47,7 +47,8 @@ typedef enum {
   TS_FETCH_FLAGS_STREAM               = 1 << 1, // enable stream IO
   TS_FETCH_FLAGS_DECHUNK              = 1 << 2, // dechunk body content
   TS_FETCH_FLAGS_NEWLOCK              = 1 << 3, // allocate new lock for fetch sm
-  TS_FETCH_FLAGS_NOT_INTERNAL_REQUEST = 1 << 4  // Allow this fetch to be created as a non-internal request.
+  TS_FETCH_FLAGS_NOT_INTERNAL_REQUEST = 1 << 4, // Allow this fetch to be created as a non-internal request.
+  TS_FETCH_FLAGS_SKIP_REMAP           = 1 << 5, // Skip remapping and allow requesting arbitary URL
 } TSFetchFlags;
 
 /* Forward declaration of in_addr, any user of these APIs should probably
diff --git a/iocore/net/I_NetVConnection.h b/iocore/net/I_NetVConnection.h
index 09954cad441..20cb5ae7cde 100644
--- a/iocore/net/I_NetVConnection.h
+++ b/iocore/net/I_NetVConnection.h
@@ -419,6 +419,18 @@ class NetVConnection : public VConnection, public PluginUserArgs<TS_USER_ARGS_VC
     is_internal_request = val;
   }
 
+  bool
+  is_unmanaged() const
+  {
+    return _is_unmanaged;
+  }
+
+  void
+  set_unmanaged(bool val)
+  {
+    _is_unmanaged = val;
+  }
+
   /// Get the transparency state.
   bool
   get_is_transparent() const
@@ -529,6 +541,7 @@ class NetVConnection : public VConnection, public PluginUserArgs<TS_USER_ARGS_VC
   bool got_remote_addr = false;
 
   bool is_internal_request = false;
+  bool _is_unmanaged       = false;
   /// Set if this connection is transparent.
   bool is_transparent = false;
   /// Set if proxy protocol is enabled
diff --git a/iocore/net/OCSPStapling.cc b/iocore/net/OCSPStapling.cc
index d111ac21bbd..e5ac6919f4f 100644
--- a/iocore/net/OCSPStapling.cc
+++ b/iocore/net/OCSPStapling.cc
@@ -309,9 +309,9 @@ class HTTPRequest : public Continuation
 
     this->_fsm = FetchSMAllocator.alloc();
     if (use_post) {
-      this->_fsm->ext_init(this, "POST", uri, "HTTP/1.1", reinterpret_cast<sockaddr *>(&sin), 0);
+      this->_fsm->ext_init(this, "POST", uri, "HTTP/1.1", reinterpret_cast<sockaddr *>(&sin), TS_FETCH_FLAGS_SKIP_REMAP);
     } else {
-      this->_fsm->ext_init(this, "GET", uri, "HTTP/1.1", reinterpret_cast<sockaddr *>(&sin), 0);
+      this->_fsm->ext_init(this, "GET", uri, "HTTP/1.1", reinterpret_cast<sockaddr *>(&sin), TS_FETCH_FLAGS_SKIP_REMAP);
     }
   }
 
diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index ca05063aedb..c2d42a999af 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -409,6 +409,7 @@ HttpSM::attach_client_session(ProxyTransaction *client_vc)
   }
 
   t_state.setup_per_txn_configs();
+  t_state.api_skip_all_remapping = netvc->is_unmanaged();
 
   ink_assert(_ua.get_txn()->get_proxy_ssn());
   ink_assert(_ua.get_txn()->get_proxy_ssn()->accept_options);
diff --git a/src/traffic_server/FetchSM.cc b/src/traffic_server/FetchSM.cc
index d5f7ea24df0..c44abdc83b1 100644
--- a/src/traffic_server/FetchSM.cc
+++ b/src/traffic_server/FetchSM.cc
@@ -92,6 +92,11 @@ FetchSM::httpConnect()
     }
   }
 
+  if (fetch_flags & TS_FETCH_FLAGS_SKIP_REMAP) {
+    PluginVC *other_side = reinterpret_cast<PluginVC *>(http_vc)->get_other_side();
+    other_side->set_unmanaged(true);
+  }
+
   read_vio  = http_vc->do_io_read(this, INT64_MAX, resp_buffer);
   write_vio = http_vc->do_io_write(this, getReqLen() + req_content_length, req_reader);
 }

From 346e9894212fc633aac9bcbfd13a594baeff53de Mon Sep 17 00:00:00 2001
From: Masakazu Kitajo <maskit@apache.org>
Date: Mon, 7 Aug 2023 15:54:35 -0600
Subject: [PATCH 2/2] Rename the variable and functions for consistency

---
 iocore/net/I_NetVConnection.h | 12 ++++++------
 proxy/http/HttpSM.cc          |  2 +-
 src/traffic_server/FetchSM.cc |  2 +-
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/iocore/net/I_NetVConnection.h b/iocore/net/I_NetVConnection.h
index 20cb5ae7cde..441545304fe 100644
--- a/iocore/net/I_NetVConnection.h
+++ b/iocore/net/I_NetVConnection.h
@@ -420,15 +420,15 @@ class NetVConnection : public VConnection, public PluginUserArgs<TS_USER_ARGS_VC
   }
 
   bool
-  is_unmanaged() const
+  get_is_unmanaged_request() const
   {
-    return _is_unmanaged;
+    return is_unmanaged_request;
   }
 
   void
-  set_unmanaged(bool val)
+  set_is_unmanaged_request(bool val = false)
   {
-    _is_unmanaged = val;
+    is_unmanaged_request = val;
   }
 
   /// Get the transparency state.
@@ -540,8 +540,8 @@ class NetVConnection : public VConnection, public PluginUserArgs<TS_USER_ARGS_VC
   bool got_local_addr  = false;
   bool got_remote_addr = false;
 
-  bool is_internal_request = false;
-  bool _is_unmanaged       = false;
+  bool is_internal_request  = false;
+  bool is_unmanaged_request = false;
   /// Set if this connection is transparent.
   bool is_transparent = false;
   /// Set if proxy protocol is enabled
diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index c2d42a999af..a9c30dbaf60 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -409,7 +409,7 @@ HttpSM::attach_client_session(ProxyTransaction *client_vc)
   }
 
   t_state.setup_per_txn_configs();
-  t_state.api_skip_all_remapping = netvc->is_unmanaged();
+  t_state.api_skip_all_remapping = netvc->get_is_unmanaged_request();
 
   ink_assert(_ua.get_txn()->get_proxy_ssn());
   ink_assert(_ua.get_txn()->get_proxy_ssn()->accept_options);
diff --git a/src/traffic_server/FetchSM.cc b/src/traffic_server/FetchSM.cc
index c44abdc83b1..0fae526bdf5 100644
--- a/src/traffic_server/FetchSM.cc
+++ b/src/traffic_server/FetchSM.cc
@@ -94,7 +94,7 @@ FetchSM::httpConnect()
 
   if (fetch_flags & TS_FETCH_FLAGS_SKIP_REMAP) {
     PluginVC *other_side = reinterpret_cast<PluginVC *>(http_vc)->get_other_side();
-    other_side->set_unmanaged(true);
+    other_side->set_is_unmanaged_request(true);
   }
 
   read_vio  = http_vc->do_io_read(this, INT64_MAX, resp_buffer);