I'd propose adding new TS APIs that make overriding configuration
variables more flexible.
```
TS_RECORDDATATYPE_VARIANT
using TSConfigValue = std::variant;
TSReturnCode TSHttpTxnConfigParse(TSConfigValue &dst,
TSOverridableConfigKey key, const char *value, size_t length);
TSReturnCode TSHttpTxnC
>From my understanding, "elliptic_curves" are used in the past, but TLS
1.3 starts calling it as "group" for both ECDHE and DHE.[*1]
If the proposed `cqssg` treats `cqssu` as a subset, that matches this
naming change. I'd also suggest making `cqssu` as deprecated.
For implementation, please note t
+1
— Masaori
On Wed, Feb 26, 2025 at 1:22 AM Evan Zelkowitz wrote:
>
> I'd like to propose deprecating parent.config with ATS 10.1. Allow this to
> continue through the 10x series and then remove it with ATS 11.x in favor
> of strategies
>
> Strategies has been considered production ready for ma
+1 - built and tested on macOS 15.2 with LLVM-19.
— Masaori
On Thu, Jan 30, 2025 at 6:39 AM Evan Zelkowitz wrote:
>
> I've prepared a release for 9.2.8. The release notes are available at:
>
> https://github.com/apache/trafficserver/milestone/80?closed=1
>
> https://docs.trafficserver.apache
+1 - built and tested on macOS 15.2 with LLVM-19.
— Masaori
On Wed, Jan 29, 2025 at 11:12 PM Chris McFarlen wrote:
>
> There were a couple of issues found with 10.0.3-rc0 (thanks to those that
> reported problems), so I have created 10.0.3-rc1. Please give this a try and
> verify fixes.
>
> I
Unfortunately, I have to say -1. We faced a crash today and 10.0.3-rc0
is affected too. Please take a look at PR #11997.
https://github.com/apache/trafficserver/pull/11997
ー Masaori
On Mon, Jan 27, 2025 at 11:00 PM Chris McFarlen wrote:
>
> I've prepared a release for 10.0.3. The release notes
+1 for option 2, rename the allow/deny action names eventually.
Thanks for explaining the current situation.
Historically, ATS has the same action names ("allow" and "deny") in the
remap.config ACL and ip_allow.yaml, but different behaviors.
I understand option 1 has the advantage of consistency
) don't state the difference in
> behavior - they just say that these ACL filter rules act like ip_allow.yaml
> rules.
>
> In addition to being confusing, the legacy 9.x behavior cannot even do the
> intention of the above. With the new policy, they can both add methods to
> allow
they're denied in
ip_allow.yaml in default.
I assume, you're proposing the `add_deny` action for this case and suggesting
use it instead of the `deny` action. However, even if it has additional knobs,
this is still a trap.
Thanks,
Masaori
On Wed, Jul 17, 2024 at 6:32 AM Brian Neradt
I'm +1 for removing them. It's abandoned and other tools and metrics
give us better information.
— Masaori
On Tue, Oct 31, 2023 at 5:25 AM Leif Hedstrom wrote:
>
> I’d like to propose that we remove these pages from the ATS v10 release. Not
> only are they not maintained (and haven’t been for a
+1
Actually, autotools build is already broken by recent changes (at
least on my macOS with LLVM16).
```
» ./configure
...
configure: creating ./config.status
config.status: error: cannot find input file: `Makefile.in'
```
— Masaori
On Fri, Oct 20, 2023 at 12:36 AM Chris McFarlen wrote:
>
> Wi
that we understand that dropping internal wildcard
> matching doesn't just limit fqdn item match in the sni.yaml, it also limits
> the tunnel_route group feature. As far as I know, no one at Yahoo uses
> match groups from within the SNI rather than from the left. So I'm OK
&g
Susan or Brian, would you describe more about these use cases?
a). * in the middle - "foo.*.com"
b). multiple * - "*.bar.*.com"
Why it's required or how it's useful?
I agree with we don't need to follow the wildcard certificats
semantics (RFC6125 6.4.3) in the fqdn field if we want. However, I'
Hello, ATS Developers
I'd like to hear your thoughts about the regex support in the fqdn
field of sni.yaml.
Recently, we have discussions across PRs (#9736 and #9767), and I have
a question.
# Short version
Does anybody use complicated regex other than `*` in the fqdn filed of
the sni.yaml?
- e
Looks reasonable to me. Some configs in the sni.yaml have almost the same
behavior, overriding records.config (yaml) from sni.yaml.
- e.g. verify_server_policy, verify_server_properties.
Do you have any concerns with this approach?
— Masaori
On Wed, May 24, 2023 at 5:14 AM Fei Deng wrote:
> Hi
Awesome! Thanks for your work!
— Masaori
On Fri, Jun 17, 2022 at 12:26 AM Jered Floyd wrote:
>
> To (finally) follow up on this, ATS 9.1.2 is now in the Fedora and EPEL8
> repos, and should land in EPEL7 and EPEL9 shortly:
> https://bodhi.fedoraproject.org/updates/?packages=trafficserver
>
>
time for Slack (too many chat programs at once...) but
> please do send me an invite and I'll drop in when it's helpful.
>
> Fedora packages are in the review queue now, so hopefully that is approved
> shortly and I can request EPEL branches after.
>
> Regards,
> --Jered
Great news! I'm really happy to hear we'll have official Fedora/EPEL
repo. Because we've received requests for a long time.
Actually, we had a little discussion at ASF slack channel recently. If
you're not there, let me know. I'll invite you.
— Masaori
On Tue, Apr 19, 2022 at 7:13 AM Jered Floyd
Hello Rajesh,
"#7353 static link"[*1] is the issue for it. Brian is working, I think.
[*1] https://github.com/apache/trafficserver/issues/7353
Thanks,
Masaori
On Fri, Feb 18, 2022 at 10:16 PM rajesh adapa
wrote:
> Hi
>
> I am building ATS server using the latest code at:
> https://github.com/
Hello Randy,
The change looks straightforward as C++, apart from your interesting
device. Please open a PR.
Thanks,
Masaori
On Fri, Jan 21, 2022 at 10:03 AM Randy DuCharme
wrote:
> Greetings,
>
> This fixes a build that breaks a build on an oddball ARM device (ODroid
> XU-4). It's a 32bit dev
This is a proposal to add TS_HTTP_VALUE_BROTLI and TS_HTTP_LEN_BROTLI.
# Proposal
```
tsapi const char *TS_HTTP_VALUE_BROTLI; //< "br"
tsapi int TS_HTTP_LEN_BROTLI; //< 2
```
The whole code change is https://github.com/apache/trafficserver/pull/8477.
# Motivation
Brotli Compressed Data Format i
Ubuntu 16.04 has been in Extended Security Maintenance (ESM) support phase
since May 2021. It requires Ubuntu Advantage or Ubuntu Pro subscription to
get support.
I'm +1 on dropping a Ubuntu LTS version support when their maintenance
updates support phase is over.
- Ubuntu 16.04 LTS transitions t
Hi Hongfei,
Recently, we faced a memory leak on the following redirect with 8.1.1[*1].
The fix[*2] is coming in the next release, 8.1.2 and 9.0.1.
If you didn't have your leak with 8.1.0, it might be the same leak.
> 1. Inside HttpSM, which states require allocate/re-use ioBuf? Is there a
way to
+0, some issues are not backported or fixed yet. These will go to the next
patch release?
1). 9.0.x SplitDNS is not working #7319
This is fixed. Please cherry-pick the below commits.
https://github.com/apache/trafficserver/commit/4e2ac3b2be8b535ab89d0f5762b3201647e5efba
https://github.com/apache/
> tsapi TSReturnCode TSHttpTxnClientStreamIdGet(TSHttpTxn txnp,
TSHttpStreamId *stream_id);
> tsapi TSReturnCode TSHttpTxnClientStreamPriorityGet(TSHttpTxn txnp,
TSHttpPriority *priority);
+1
On Wed, Sep 2, 2020 at 7:35 AM Brian Neradt wrote:
> I updated the protocol draft with this input (noti
I totally agree with less API is better.
> tsapi TSReturnCode TSHttpTxnClientStreamIdGet(TSHttpTxn txnp,
uint64_t *stream_id);
Stripping "Http2" looks reasonable. We can use this API for protocols that
have stream id.
> tsapi TSReturnCode TSHttpTxnClientPriorityGet(TSHttpTxn txnp,
uint64_t *stre
The form on the page doesn't work. As Bryan shared on slack, this is the
direct link of the form. It worked for me at least.
https://docs.google.com/forms/d/17tTM7BvpZHi-FDIUhX-w1XxvfjmpShnto4rcWX5104g
- Masaori
On Tue, Jul 23, 2019 at 2:02 AM Vasanth Mathivanan <
vasant...@evolutiondigital.com>
+1
OpenSSL support TLSv1.2 from v1.0.1, and our minimum requirements of it is
v1.0.2. from v9.0.0. There're no problems.
- Masaori
On Wed, Jun 5, 2019 at 8:19 AM Patrick O'Brien <
patrickobr...@tetrisblocks.net> wrote:
> +1
>
>
> On Tue, Jun 4, 2019 at 4:02 PM Sudheer Vinukonda <
> sudheervinuk
+1
On Fri, May 31, 2019 at 10:27 AM John Rushford wrote:
> +1
>
> > On May 30, 2019, at 5:39 PM, Randall Meyer
> wrote:
> >
> > I'd like to rename ssl_server_name.yaml to sni.yaml for ATS 9. This
> would also affect the toplevel key in the yaml config file (making the
> contents rooted under "s
> Here is the issue associated with this task:
https://github.com/apache/trafficserver/issues/new
This is a link to create a new issue.
On Tue, May 21, 2019 at 4:58 PM Bryan Call wrote:
> At the ATS Spring Summit we talked about removing Solaris support in ATS
> for the 9.0.0 release. Anyone r
2 choice:
> >>
> >> 1. Pulls related types and definitions from P_ files into I_ files (be
> >> careful to do it).
> >> 2. Do not include that P_ files (figure out why the P_ files is needed).
> >>
> >> If you just don't like the I_ and P_ pre
We have a naming convention for header files, P_ or I_ prefix. Details are
described in below.
> # Header files
> In most subsystems, header files are named with a P_ or I_ prefix. P_
files should contain
> any types and definitions that are private to the subsystem, while the
public interface
> s
For people who looking for how to generate compile_commands.json for clang
based tools like rtags on macOS.
https://cwiki.apache.org/confluence/display/TS/macOS#macOS-GeneratesacompilationdatabaseforclangtoolingwithBear
Enjoy!
Masaori
>
> 2) We remove the following configurations from records.config, and only
> support the default config files names (e.g. ip_allow.yaml).
> proxy.config.cache.storage_filename
> proxy.config.cache.control.filename
> proxy.config.cache.ip_allow.filename
> proxy.confi
I opened Pull Request for this. Please take a look.
https://github.com/apache/trafficserver/pull/5074
- Masaori
2019年2月27日(水) 6:32 Bryan Call :
> +1
>
> -Bryan
>
> > On Feb 25, 2019, at 5:06 PM, Masaori Koshiba wrote:
> >
> > Our conclusion is below
> >
>
he vulnerabilities in 1.0.1, RedHat has been cherry-picking back
> security fixes from newer openssl's into their Openssl 1.0.1 version, so it
> is probably not that dangerous to use it.
>
> Susan
>
> On Sun, Feb 24, 2019 at 7:25 PM Masaori Koshiba
> wrote:
>
> > Th
SSLs, but I think we should be
> > cautious recommending people to enable “rogue” yum repos in general.
> >
> > Cheers,
> >
> > — Leif
> >
> > >
> > > On Fri, Feb 22, 2019 at 9:53 AM Leif Hedstrom
> wrote:
> > >
> > >>
Hi all,
Could we bump minimum requirements of OpenSSL version to 1.0.2 on next
major release?
I just noticed that SSLUtils says that Traffic Server requires an OpenSSL
library version 0.9.4 or greater [*1].
But I think nobody is using such old OpenSSL. So we can bump minimum
version of OpenSSL.
> >> x
> >> commit 08dc4910f329b8003ff4d4f1f1e130232723f0d2
> (official/make_hwloc_required)
> >> Author: Phil Sorber
> >> Date: Thu Sep 8 13:19:14 2016 -0600
> >>
> >> Checkpoint
> >> commit 8213ca0293f5b47b0291c0eb3ae083afe145
ys be ssl.
> >
> > Also, I would be for modernizing the stats and configuration and calling
> > everything tls instead of ssl.
> >
> > -Bryan
> >
> >
> >
> > On Oct 15, 2018, at 7:23 PM, Masaori Koshiba wrote:
> >
> > Hi all,
>
Hi all,
I’d like to propose some HTTP metrics changes. Because current HTTP metrics
doesn’t have consistent naming rules.
1. Define `proxy.process.http.*` is HTTP version general metrics.
2. Introduce `proxy.process.http1.*` metrics for HTTP/1.1 specific metrics.
3. Split general metric into
Hi,
It looks like #1 violate the Semantic Versioning(*1) which we're following
now. Do we really stop following the versioning?
IMO, we should keep following it, becasue it's easy to indicate that new
release has only bug fixes, new features, or incompatible changes.
I prefer #2 and we should rel
I created draft-07 branch*. Because some implementations will remain on
draft-07 at next interop session.
* https://github.com/apache/trafficserver/tree/quic-07
- Masaori
2017年12月8日(金) 14:49 Masakazu Kitajo :
> Hi there,
>
> We have been catching up QUIC draft-07 and it's almost done, there are
it is worth a try.
>
> Susan
>
> Sent from Yahoo Mail on Android
> <https://overview.mail.yahoo.com/mobile/?.src=Android>
>
> On Mon, Nov 27, 2017 at 7:52 PM, Masaori Koshiba
> wrote:
> Hi HTTP/2 hackers,
>
> I’m fighting with #2795. And I’m really confused b
Hi HTTP/2 hackers,
I’m fighting with #2795. And I’m really confused by
`Http2Stream::update_write_request()`.
Why do we need to copy over data from `write_vio` to `response_buffer`?
(
https://github.com/apache/trafficserver/blob/master/proxy/http2/Http2Stream.cc#L538-L556
)
It looks like this mak
I think your question is same to "MSS and MTU" #592 on quicwg.
- MSS and MTU
https://github.com/quicwg/base-drafts/issues/592
- Masaori
2017年11月9日(木) 21:17 Chao Xu :
> Hi Masaori , Maskit , Scw00
>
> Is it a RFC mistake ?
>
> The max size of QUIC Packet is 1280 but the default MSS for loose
> d
Nice catch! I didn't noticed that. Actually, when I added the AEAD
encrypt/decrypt code, I followed that wiki page.
This is same question to https://github.com/openssl/openssl/issues/1624
Also it looks like the latest docs has been changed.
https://www.openssl.org/docs/manmaster/man3/EVP_EncryptI
You can also attache your diagrams on our wiki page of QUIC project.
- https://cwiki.apache.org/confluence/display/TS/QUIC
Off course, those should be added on Developer's Guid of docs eventually.
But until we get concrete design, wiki is useful to change diagrams
frequently.
- Masaori
2017年11月
the readyQueue.
>>>
>>> Similar to PollCont, it returns a set of QUICNetVC from readyQueue to
>>> implement a `QUICPollCont`.
>>>
>>> Override the `net_read_io` and `load_buffer_and_write` in the QUICNetVC,
>>> it will be managed by NetHandler jus
Anybody looked at libcds[1]? It says it's mostly header-only template
library of concurrent data structures. It sounds like what we're looking
for. And performance looks similar to TBB.
( I'm not -1 to TBB )
- [1] libcds
https://github.com/khizmax/libcds
- Masaori
2017年10月5日(木) 7:37 Jason Kenny
-1 - Memory leak is found around HTTP/2 Server Push API. IMO, we should
backport PR #2276, because it looks like many people are interested in
using HTTP/2 Server Push API in production.
https://github.com/apache/trafficserver/pull/2276
- Masaori
2017年7月18日(火) 5:17 Susan Hinrichs :
> +1I ha
Hi trafficserver-dev,
Now, all python code of ATS are formatted by autopep8 after some
discussions on some PRs (#2097 and #2121).
So, please run autopep8 before sending PRs include python code.
Especially when you're adding tests using autest.
Steps are below.
1. Install autopep8
In most cases,
an automated email from the ASF dual-hosted git repository.
>
> masaori pushed a commit to branch master
> in repository https://git-dual.apache.org/repos/asf/trafficserver.git
>
> commit 58d7710b9bdfbd35eabc3545c8c501d933c40d34
> Merge: cbd094c e7951c6
> Author: Masaori Koshiba
> A
+1
2016年4月11日(月) 9:57 Uri Shachar :
> > On Apr 10, 2016, at 7:42 AM, Phil Sorber wrote:
> >
> > I'd like to propose that we deprecate SSLv2 and SSLv3 in ATS 6.2.0 and
> > remove it in 7.0.0.
> >
> > Currently our defaults do not enable them and have been that way for
> about
> > a year now. For
http://git-wip-us.apache.org/repos/asf/trafficserver/diff/0e6e5c15
> >
> > Branch: refs/heads/master
> > Commit: 0e6e5c151cde5f06c15e295f663a98b2b7d37a6d
> > Parents: 1e9c948
> > Author: Masaori Koshiba
> > Authored: Mon Feb 15 20:57:25 2016 +0900
> > Committer:
Hi Bryan,
6.0.0-rc2 breaks 2 tests of h2spec. Those tests are passed in 6.0.0-rc1.
Please take a look at TS-3902.
-1
Thanks,
Masaori
> 2015/09/12 7:46、Bryan Call のメール:
>
> 2
smime.p7s
Description: S/MIME cryptographic signature
Hi,
I agree with "h2i" is useful command line tool.
And I recommend "h2spec" too.
It is testing tool for HTTP/2 and build on same library of "h2i".
# h2spec
https://github.com/summerwind/h2spec
## Install
https://github.com/summerwind/h2spec/releases
Testing ATS by h2spec, there are a lot of w
I forgot to add the CC, sorry.
2014年2月26日水曜日、Masaori Koshibaさんは書きました:
> Thank you for merging and adding our names in the change log.
>
> You do not need to take any settings from trafficserver-ja on the RTD.
> Because, RTD needs projects for each languages. And trafficserver-ja h
; >
> >https://github.com/apache/trafficserver/pull/45.patch
> >
> > To close this pull request, make a commit to your master/trunk branch
> > with (at least) the following in the commit message:
> >
> > This closes #45
> >
> >
> > commit dac67d2
Hi all,
If you all would have the ATS Summit or some events in Japan in the future,
Yahoo! JAPAN can host the event.
The office is in Roppongi Tokyo. I’m looking forward to meet you in JAPAN.
Thanks,
masaori
-Original Message-
From: Leif Hedstrom [mailto:zw...@apache.org]
Sent: Sunday,
60 matches
Mail list logo
