diff --git a/iocore/net/I_Net.h b/iocore/net/I_Net.h index 050777c3875..93662583b3e 100644 --- a/iocore/net/I_Net.h +++ b/iocore/net/I_Net.h @@ -89,8 +89,4 @@ extern std::string_view net_ccp_out; #define ET_NET ET_CALL -#include "I_NetVConnection.h" -#include "I_NetProcessor.h" -#include "I_SessionAccept.h" - void ink_net_init(ts::ModuleVersion version); diff --git a/iocore/net/I_NetProcessor.h b/iocore/net/I_NetProcessor.h index 842ce082d3e..893f89da8e7 100644 --- a/iocore/net/I_NetProcessor.h +++ b/iocore/net/I_NetProcessor.h @@ -27,6 +27,7 @@ #include "tscore/IpMap.h" #include "I_EventSystem.h" #include "I_Socks.h" +#include "I_NetVConnection.h" struct socks_conf_struct; #define NET_CONNECT_TIMEOUT 30 diff --git a/iocore/net/I_NetVConnection.h b/iocore/net/I_NetVConnection.h index 12a889040aa..cd23fdac682 100644 --- a/iocore/net/I_NetVConnection.h +++ b/iocore/net/I_NetVConnection.h @@ -24,6 +24,7 @@ #pragma once #include "ProxyProtocol.h" +#include "I_Net.h" #include #include @@ -355,6 +356,52 @@ struct NetVCOptions { NetVCOptions(const NetVCOptions &) = delete; }; +inline void +NetVCOptions::reset() +{ + ip_proto = USE_TCP; + ip_family = AF_INET; + local_ip.invalidate(); + local_port = 0; + addr_binding = ANY_ADDR; + f_blocking = false; + f_blocking_connect = false; + socks_support = NORMAL_SOCKS; + socks_version = SOCKS_DEFAULT_VERSION; + socket_recv_bufsize = +#if defined(RECV_BUF_SIZE) + RECV_BUF_SIZE; +#else + 0; +#endif + socket_send_bufsize = 0; + sockopt_flags = 0; + packet_mark = 0; + packet_tos = 0; + packet_notsent_lowat = 0; + + etype = ET_NET; + + sni_servername = nullptr; + ssl_servername = nullptr; + sni_hostname = nullptr; + ssl_client_cert_name = nullptr; + ssl_client_private_key_name = nullptr; + outbound_sni_policy = nullptr; +} + +inline void +NetVCOptions::set_sock_param(int _recv_bufsize, int _send_bufsize, unsigned long _opt_flags, unsigned long _packet_mark, + unsigned long _packet_tos, unsigned long _packet_notsent_lowat) +{ + socket_recv_bufsize = _recv_bufsize; + socket_send_bufsize = _send_bufsize; + sockopt_flags = _opt_flags; + packet_mark = _packet_mark; + packet_tos = _packet_tos; + packet_notsent_lowat = _packet_notsent_lowat; +} + /** A VConnection for a network socket. Abstraction for a net connection. Similar to a socket descriptor VConnections are IO handles to diff --git a/iocore/net/I_SessionAccept.h b/iocore/net/I_SessionAccept.h index 7d746ae533f..2fbd1cab31e 100644 --- a/iocore/net/I_SessionAccept.h +++ b/iocore/net/I_SessionAccept.h @@ -25,6 +25,7 @@ #include "I_Net.h" #include "I_VConnection.h" +#include "I_NetVConnection.h" struct AclRecord; struct HttpProxyPort; diff --git a/iocore/net/Makefile.am b/iocore/net/Makefile.am index 9c112839d03..313285c21fe 100644 --- a/iocore/net/Makefile.am +++ b/iocore/net/Makefile.am @@ -152,7 +152,6 @@ libinknet_a_SOURCES = \ P_SSLNetVConnection.h \ P_SSLNextProtocolAccept.h \ P_SSLNextProtocolSet.h \ - P_SSLSNI.h \ P_SSLUtils.h \ P_SSLClientCoordinator.h \ P_SSLClientUtils.h \ @@ -184,6 +183,7 @@ libinknet_a_SOURCES = \ SSLNetVConnection.cc \ SSLNextProtocolAccept.cc \ SSLNextProtocolSet.cc \ + SSLSNIConfig.h \ SSLSNIConfig.cc \ SSLStats.cc \ SSLSessionCache.cc \ diff --git a/iocore/net/P_SNIActionPerformer.h b/iocore/net/P_SNIActionPerformer.h index 32d803dea08..29b7e8c1f23 100644 --- a/iocore/net/P_SNIActionPerformer.h +++ b/iocore/net/P_SNIActionPerformer.h @@ -32,45 +32,14 @@ #include "I_EventSystem.h" #include "P_SSLNextProtocolAccept.h" +#include "P_SSLNetVConnection.h" +#include "SNIActionPerformer.h" #include "SSLTypes.h" #include "tscore/ink_inet.h" #include -class ActionItem -{ -public: - /** - * Context should contain extra data needed to be passed to the actual SNIAction. - */ - struct Context { - using CapturedGroupViewVec = std::vector; - /** - * if any, fqdn_wildcard_captured_groups will hold the captured groups from the `fqdn` - * match which will be used to construct the tunnel destination. This vector contains only - * partial views of the original server name, group views are valid as long as the original - * string from where the groups were obtained lives. - */ - std::optional _fqdn_wildcard_captured_groups; - }; - - virtual int SNIAction(TLSSNISupport *snis, const Context &ctx) const = 0; - - /** - This method tests whether this action would have been triggered by a - particularly SNI value and IP address combination. This is run after the - TLS exchange finished to see if the client used an SNI name different from - the host name to avoid SNI-based policy - */ - virtual bool - TestClientSNIAction(const char *servername, const IpEndpoint &ep, int &policy) const - { - return false; - } - virtual ~ActionItem(){}; -}; - class ControlH2 : public ActionItem { public: diff --git a/iocore/net/P_SSLNextProtocolAccept.h b/iocore/net/P_SSLNextProtocolAccept.h index 2c2c5de82a7..b32c81be8a4 100644 --- a/iocore/net/P_SSLNextProtocolAccept.h +++ b/iocore/net/P_SSLNextProtocolAccept.h @@ -26,7 +26,6 @@ #include "P_Net.h" #include "P_EventSystem.h" #include "P_UnixNet.h" -#include "P_SSLNetVConnection.h" #include "P_SSLNextProtocolSet.h" #include "I_IOBuffer.h" #include "records/I_RecHttp.h" diff --git a/iocore/net/P_UnixNetProcessor.h b/iocore/net/P_UnixNetProcessor.h index 238e75a4bc7..9b96f7ae774 100644 --- a/iocore/net/P_UnixNetProcessor.h +++ b/iocore/net/P_UnixNetProcessor.h @@ -23,6 +23,8 @@ #pragma once #include "I_Net.h" +#include "I_NetProcessor.h" +#include "I_SessionAccept.h" #include "P_NetAccept.h" class UnixNetVConnection; diff --git a/iocore/net/P_UnixNetVConnection.h b/iocore/net/P_UnixNetVConnection.h index a214b98f66f..da0e1a4ff4e 100644 --- a/iocore/net/P_UnixNetVConnection.h +++ b/iocore/net/P_UnixNetVConnection.h @@ -42,52 +42,6 @@ class UnixNetVConnection; class NetHandler; struct PollDescriptor; -inline void -NetVCOptions::reset() -{ - ip_proto = USE_TCP; - ip_family = AF_INET; - local_ip.invalidate(); - local_port = 0; - addr_binding = ANY_ADDR; - f_blocking = false; - f_blocking_connect = false; - socks_support = NORMAL_SOCKS; - socks_version = SOCKS_DEFAULT_VERSION; - socket_recv_bufsize = -#if defined(RECV_BUF_SIZE) - RECV_BUF_SIZE; -#else - 0; -#endif - socket_send_bufsize = 0; - sockopt_flags = 0; - packet_mark = 0; - packet_tos = 0; - packet_notsent_lowat = 0; - - etype = ET_NET; - - sni_servername = nullptr; - ssl_servername = nullptr; - sni_hostname = nullptr; - ssl_client_cert_name = nullptr; - ssl_client_private_key_name = nullptr; - outbound_sni_policy = nullptr; -} - -inline void -NetVCOptions::set_sock_param(int _recv_bufsize, int _send_bufsize, unsigned long _opt_flags, unsigned long _packet_mark, - unsigned long _packet_tos, unsigned long _packet_notsent_lowat) -{ - socket_recv_bufsize = _recv_bufsize; - socket_send_bufsize = _send_bufsize; - sockopt_flags = _opt_flags; - packet_mark = _packet_mark; - packet_tos = _packet_tos; - packet_notsent_lowat = _packet_notsent_lowat; -} - enum tcp_congestion_control_t { CLIENT_SIDE, SERVER_SIDE }; class UnixNetVConnection : public NetVConnection, public NetEvent diff --git a/iocore/net/SNIActionPerformer.h b/iocore/net/SNIActionPerformer.h new file mode 100644 index 00000000000..ba40c73a26f --- /dev/null +++ b/iocore/net/SNIActionPerformer.h @@ -0,0 +1,69 @@ +/** @file + + A brief file description + + @section license License + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + */ + +/*************************** -*- Mod: C++ -*- ****************************** + P_ActionProcessor.h + Created On : 05/02/2017 + + Description: + SNI based Configuration in ATS + ****************************************************************************/ +#pragma once + +#include +#include +#include "TLSSNISupport.h" +#include "tscore/ink_inet.h" + +class ActionItem +{ +public: + /** + * Context should contain extra data needed to be passed to the actual SNIAction. + */ + struct Context { + using CapturedGroupViewVec = std::vector; + /** + * if any, fqdn_wildcard_captured_groups will hold the captured groups from the `fqdn` + * match which will be used to construct the tunnel destination. This vector contains only + * partial views of the original server name, group views are valid as long as the original + * string from where the groups were obtained lives. + */ + std::optional _fqdn_wildcard_captured_groups; + }; + + virtual int SNIAction(TLSSNISupport *snis, const Context &ctx) const = 0; + + /** + This method tests whether this action would have been triggered by a + particularly SNI value and IP address combination. This is run after the + TLS exchange finished to see if the client used an SNI name different from + the host name to avoid SNI-based policy + */ + virtual bool + TestClientSNIAction(const char *servername, const IpEndpoint &ep, int &policy) const + { + return false; + } + virtual ~ActionItem(){}; +}; diff --git a/iocore/net/SSLClientCoordinator.cc b/iocore/net/SSLClientCoordinator.cc index 8c994b1988c..1a36d811c43 100644 --- a/iocore/net/SSLClientCoordinator.cc +++ b/iocore/net/SSLClientCoordinator.cc @@ -23,7 +23,7 @@ #include "P_SSLClientCoordinator.h" #include "P_SSLConfig.h" -#include "P_SSLSNI.h" +#include "SSLSNIConfig.h" std::unique_ptr> sslClientUpdate; diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc index 0c75cd9baba..6857915f9b7 100644 --- a/iocore/net/SSLConfig.cc +++ b/iocore/net/SSLConfig.cc @@ -47,9 +47,7 @@ #include "P_Net.h" #include "P_SSLClientUtils.h" -#include "P_SSLSNI.h" #include "P_SSLCertLookup.h" -#include "P_SSLSNI.h" #include "P_TLSKeyLogger.h" #include "SSLDiags.h" #include "SSLSessionCache.h" diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc index bee4f5c073d..b9401165bf8 100644 --- a/iocore/net/SSLNetVConnection.cc +++ b/iocore/net/SSLNetVConnection.cc @@ -30,13 +30,14 @@ #include "HttpTunnel.h" #include "ProxyProtocol.h" #include "HttpConfig.h" +#include "SSLSNIConfig.h" #include "P_Net.h" #include "P_SSLUtils.h" #include "P_SSLNextProtocolSet.h" #include "P_SSLConfig.h" #include "P_SSLClientUtils.h" -#include "P_SSLSNI.h" +#include "P_SSLNetVConnection.h" #include "BIO_fastopen.h" #include "SSLStats.h" #include "SSLInternal.h" diff --git a/iocore/net/SSLNextProtocolAccept.cc b/iocore/net/SSLNextProtocolAccept.cc index 650e57b1edb..fcec559086f 100644 --- a/iocore/net/SSLNextProtocolAccept.cc +++ b/iocore/net/SSLNextProtocolAccept.cc @@ -22,6 +22,7 @@ */ #include "P_SSLNextProtocolAccept.h" +#include "P_SSLNetVConnection.h" static void send_plugin_event(Continuation *plugin, int event, void *edata) diff --git a/iocore/net/SSLSNIConfig.cc b/iocore/net/SSLSNIConfig.cc index e810f87cf5c..012f1b7acc8 100644 --- a/iocore/net/SSLSNIConfig.cc +++ b/iocore/net/SSLSNIConfig.cc @@ -29,7 +29,8 @@ SNI based Configuration in ATS ****************************************************************************/ -#include "P_SSLSNI.h" +#include "SSLSNIConfig.h" +#include "P_SNIActionPerformer.h" #include "PreWarmManager.h" diff --git a/iocore/net/P_SSLSNI.h b/iocore/net/SSLSNIConfig.h similarity index 98% rename from iocore/net/P_SSLSNI.h rename to iocore/net/SSLSNIConfig.h index 2d25982ce0e..123e66f5c14 100644 --- a/iocore/net/P_SSLSNI.h +++ b/iocore/net/SSLSNIConfig.h @@ -22,7 +22,7 @@ */ /*************************** -*- Mod: C++ -*- ****************************** - P_SSLSNI.h + SSLSNIConfig.h Created On : 05/02/2017 Description: @@ -36,7 +36,7 @@ #include #include "ProxyConfig.h" -#include "P_SNIActionPerformer.h" +#include "SNIActionPerformer.h" #include "YamlSNIConfig.h" // Properties for the next hop server diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc index d5b1c6a25a1..22f170ce8ca 100644 --- a/iocore/net/SSLUtils.cc +++ b/iocore/net/SSLUtils.cc @@ -36,7 +36,6 @@ #include "InkAPIInternal.h" #include "P_OCSPStapling.h" -#include "P_SSLSNI.h" #include "P_SSLConfig.h" #include "P_TLSKeyLogger.h" #include "BoringSSLUtils.h" @@ -46,6 +45,8 @@ #include "SSLDynlock.h" #include "SSLDiags.h" #include "SSLStats.h" +#include "TLSSessionResumptionSupport.h" +#include "P_SSLNetVConnection.h" #include #include diff --git a/iocore/net/TLSSNISupport.cc b/iocore/net/TLSSNISupport.cc index b39f8f90468..e36049ad17e 100644 --- a/iocore/net/TLSSNISupport.cc +++ b/iocore/net/TLSSNISupport.cc @@ -23,7 +23,7 @@ #include "TLSSNISupport.h" #include "tscore/ink_assert.h" #include "tscore/Diags.h" -#include "P_SSLSNI.h" +#include "SSLSNIConfig.h" int TLSSNISupport::_ex_data_index = -1; diff --git a/iocore/net/test_I_UDPNet.cc b/iocore/net/test_I_UDPNet.cc index dca7e0ae92e..7452edfd4cc 100644 --- a/iocore/net/test_I_UDPNet.cc +++ b/iocore/net/test_I_UDPNet.cc @@ -30,6 +30,7 @@ #include "I_EventSystem.h" #include "I_Net.h" +#include "I_NetVConnection.h" #include "I_UDPNet.h" #include "I_UDPPacket.h" #include "I_UDPConnection.h" diff --git a/plugins/experimental/memcache/tsmemcache.cc b/plugins/experimental/memcache/tsmemcache.cc index 9bc11981df3..9443c97cc63 100644 --- a/plugins/experimental/memcache/tsmemcache.cc +++ b/plugins/experimental/memcache/tsmemcache.cc @@ -22,6 +22,8 @@ */ #include "tsmemcache.h" +#include "I_NetVConnection.h" +#include "I_NetProcessor.h" /* TODO diff --git a/plugins/experimental/memcache/tsmemcache.h b/plugins/experimental/memcache/tsmemcache.h index 5c591ca1ff3..7b0d5c34133 100644 --- a/plugins/experimental/memcache/tsmemcache.h +++ b/plugins/experimental/memcache/tsmemcache.h @@ -55,6 +55,8 @@ #define WRITE(_s) write(_s "", sizeof(_s "") - 1) #define STRLEN(_s) (sizeof(_s "") - 1) +class NetVConnection; + struct MCCacheHeader { uint32_t magic; uint32_t flags; diff --git a/proxy/PluginVC.h b/proxy/PluginVC.h index 4ba3ffb7505..81b484d9238 100644 --- a/proxy/PluginVC.h +++ b/proxy/PluginVC.h @@ -37,6 +37,7 @@ #include "Plugin.h" #include "I_Net.h" +#include "I_NetVConnection.h" #include "tscore/ink_atomic.h" class PluginVCCore; diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc index 84356189504..baaabc4b5b3 100644 --- a/proxy/http/HttpSM.cc +++ b/proxy/http/HttpSM.cc @@ -43,7 +43,11 @@ #include "RemapProcessor.h" #include "Transform.h" #include "P_SSLConfig.h" -#include "P_SSLSNI.h" +#include "SSLSNIConfig.h" +#include "P_ALPNSupport.h" +#include "TLSBasicSupport.h" +#include "TLSSessionResumptionSupport.h" +#include "TLSTunnelSupport.h" #include "HttpPages.h" #include "IPAllow.h" diff --git a/proxy/http/HttpSessionAccept.h b/proxy/http/HttpSessionAccept.h index 0890279095e..588fa265352 100644 --- a/proxy/http/HttpSessionAccept.h +++ b/proxy/http/HttpSessionAccept.h @@ -29,6 +29,7 @@ #include "HttpConfig.h" #include "HTTP.h" #include "I_Net.h" +#include "I_SessionAccept.h" #include namespace detail diff --git a/proxy/http/PreWarmManager.cc b/proxy/http/PreWarmManager.cc index ffddf5d9364..dd67fc9cf66 100644 --- a/proxy/http/PreWarmManager.cc +++ b/proxy/http/PreWarmManager.cc @@ -25,7 +25,9 @@ #include "PreWarmConfig.h" #include "HttpConfig.h" -#include "P_SSLSNI.h" +#include "SSLSNIConfig.h" +#include "P_VConnection.h" +#include "I_NetProcessor.h" #include "tscore/ink_time.h" #include "tscpp/util/PostScript.h" diff --git a/src/traffic_crashlog/Makefile.inc b/src/traffic_crashlog/Makefile.inc index f665ab63d06..71656d98bc3 100644 --- a/src/traffic_crashlog/Makefile.inc +++ b/src/traffic_crashlog/Makefile.inc @@ -41,6 +41,7 @@ traffic_crashlog_traffic_crashlog_LDADD = \ $(top_builddir)/mgmt/libmgmt_p.la \ $(top_builddir)/proxy/shared/libUglyLogStubs.a \ $(top_builddir)/iocore/eventsystem/libinkevent.a \ + $(top_builddir)/iocore/net/libinknet.a \ $(top_builddir)/mgmt/api/libtsmgmt.la \ $(top_builddir)/src/tscore/libtscore.la \ $(top_builddir)/src/tscpp/util/libtscpputil.la \ diff --git a/src/traffic_server/InkAPI.cc b/src/traffic_server/InkAPI.cc index 1b19095e7b1..f470bbb8d19 100644 --- a/src/traffic_server/InkAPI.cc +++ b/src/traffic_server/InkAPI.cc @@ -44,6 +44,7 @@ #include "HttpConfig.h" #include "P_Net.h" #include "P_SSLNextProtocolAccept.h" +#include "P_SSLNetVConnection.h" #include "P_UDPNet.h" #include "P_HostDB.h" #include "P_Cache.h" diff --git a/src/traffic_server/traffic_server.cc b/src/traffic_server/traffic_server.cc index a9b7009d68b..3a1a868a5dd 100644 --- a/src/traffic_server/traffic_server.cc +++ b/src/traffic_server/traffic_server.cc @@ -102,7 +102,6 @@ extern "C" int plock(int); #include "InkAPIInternal.h" #include "HTTP2.h" #include "tscore/ink_config.h" -#include "P_SSLSNI.h" #include "P_SSLClientUtils.h" #if TS_USE_QUIC == 1