SNIConfig: tunnel_route - Change the way we extract matched subgroups from the servename#8589
Merged
brbzull0 merged 1 commit intoapache:masterfrom Jan 19, 2022
Merged
Conversation
Contributor
Author
|
After some comments from @bneradt there could be another issue in here. I may need to change this a little bit more. Changing it to draft till I make more changes. |
38fc1aa to
cc77074
Compare
iocore/net/SSLSNIConfig.cc
Outdated
| return {&retval.actions, context}; | ||
| groups.emplace_back(servername.data() + start, length); | ||
| } | ||
| return {&retval.actions, {groups}}; |
Member
There was a problem hiding this comment.
Shouldn't that be {std::move(groups)}?
… from the server name. This now uses the provided offsets from pcre_exec to read each matched group, this avoids allocating memory for the subgroups. There was a memory leak here as well which is now eliminated. This also changes the ActionItem::Context vector of strings to a vector of views to keep each matched group.
cc77074 to
2e485a1
Compare
SolidWallOfCode
approved these changes
Jan 10, 2022
bneradt
reviewed
Jan 10, 2022
Contributor
bneradt
left a comment
There was a problem hiding this comment.
Looks good to me. Thanks Damian.
zwoop
pushed a commit
that referenced
this pull request
Jan 25, 2022
… from the server name. (#8589) This now uses the provided offsets from pcre_exec to read each matched group, this avoids allocating memory for the subgroups. There was a memory leak here as well which is now eliminated. This also changes the ActionItem::Context vector of strings to a vector of views to keep each matched group. (cherry picked from commit 4f0c4f2)
Contributor
|
Cherry-picked to v9.2.x |
moonchen
pushed a commit
to moonchen/trafficserver
that referenced
this pull request
Mar 17, 2022
* asf/9.2.x: Updated ChangeLog Add SSLSessionDup for older OpenSSL and BoringSSL (apache#8578) use shared pointer to help with high memory utilization (apache#8498) Commenting TSHttpTxnCacheLookupStatusGet need_to_revalidate (apache#8621) check size of session, and free sessions the ATS way (apache#8330) free sessions when timeout (apache#8356) Fix 32bit build failure on Odroid Xu-4 (apache#8626) TSHttpTxnCacheLookupStatusGet: call need_to_revalidate (apache#8617) SNIConfig (tunnel_route): Change the way we extract matched subgroups from the server name. (apache#8589) fix for collapsed forwarding ink_abort for CacheHitFresh fail (apache#8613) Do not turn off cache for internal requests (apache#8266) Rate Limit Plugin: Re-enable VConnection when SNI is empty (apache#8625) Removes hard dependency on having perl installed (apache#8611)
bryancall
pushed a commit
that referenced
this pull request
Jun 15, 2022
… from the server name. (#8589) This now uses the provided offsets from pcre_exec to read each matched group, this avoids allocating memory for the subgroups. There was a memory leak here as well which is now eliminated. This also changes the ActionItem::Context vector of strings to a vector of views to keep each matched group. (cherry picked from commit 4f0c4f2) Conflicts: iocore/net/SSLSNIConfig.cc
moonchen
pushed a commit
to moonchen/trafficserver
that referenced
this pull request
Jul 26, 2022
* change MemArena::make test to remove memory leak (apache#8352) (cherry picked from commit 2a6156f) * Fix leaks in ConfigManager::configName (apache#8269) This fixes an ASan reported leak of ConfigManager::configName. It used to be strdup'd but not freed in the destructor. This simply changes it to a std::string. ASan also reported a leak in AddConfigFilesHere which is fixed with an ats_free as well. (cherry picked from commit ee820c7) * Lua plugin memory leak on remap configuration reloads (apache#8764) This fix adds reference counting for the Lua plugin remap instance handles. The reference counting allows us to eliminate an existing memory leak of the instance handles. In addition, this means that the old Lua memory allocated by LuaJIT may also be freed via LuaJIT garbage collection. This fix also adds the '--ljgc' remap instance plugin parameter to the Lua plugin. This paramter enables on-demand LuaJIT garbage collection while the remap instances are created and deleted. This is useful when operating close to the LuaJIT memory limit, which is currently 2GB on Linux using LuaJIT v2.1.0-beta3 from 2017. Fixes apache#8728 (cherry picked from commit b6f83f1) * Fixes leak of SNI config filename on load (cherry picked from commit e99f33c) * Fixes leak of ssl_ocsp_response_path_only on reload (cherry picked from commit 18c5404) * SNIConfig (tunnel_route): Change the way we extract matched subgroups from the server name. (apache#8589) This now uses the provided offsets from pcre_exec to read each matched group, this avoids allocating memory for the subgroups. There was a memory leak here as well which is now eliminated. This also changes the ActionItem::Context vector of strings to a vector of views to keep each matched group. (cherry picked from commit 4f0c4f2) Conflicts: iocore/net/P_SSLSNI.h iocore/net/TLSSNISupport.cc * Fixes leak in SNIAction name globbing (apache#8827) pcre_compile allocated object is never pcre_free-ed (cherry picked from commit efaf441) Conflicts: iocore/net/P_SSLSNI.h Co-authored-by: Brian Olsen <bnolsen@gmail.com> Co-authored-by: Brian Neradt <brian.neradt@gmail.com> Co-authored-by: pbchou <pbchou@labs.att.com> Co-authored-by: Damian Meden <damian.meden@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR is created to fix the leak around the non-freed memory happening when there is more than one matched group detected when we try to rearrange the servername destination base on the SNI
tunnel_routeconfiguration.The allocation for the subgroups is removed and instead this now uses the provided offsets to read each matched sub-group from the server name, this avoids allocating(by
pcre_get_substring) memory for each substring.This change also removes the
std::vector<std::string>to avoid an extra allocation for the string and instead it now holds only a view of the subgroup string.Note:
servernamegets allocated and copied inside theTLSSNISupportobject, this chunk of memory is kept around for the durations of the perform_sni_action call. With the string around it looks safe to hold the views instead of a copy of the substrings inside theActionItem::Context.This fixes #8564