This is an automated email from the ASF dual-hosted git repository.

bneradt pushed a commit to branch 11-Dev
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit 90f8301a8d6aab139e319707f8bd7c044174a4ba
Merge: ce18c3f23f c9fb43eac2
Author: Brian Neradt <[email protected]>
AuthorDate: Fri Oct 10 21:46:46 2025 +0000

    Merge master into 11-Dev
    
       Conflicts:
              include/iocore/net/TLSSessionResumptionSupport.h
              src/iocore/net/SSLSessionCache.cc
              src/iocore/net/TLSSessionResumptionSupport.cc

 CMakeLists.txt                                     |    2 +
 cmake/ExperimentalPlugins.cmake                    |    1 +
 contrib/docker/ubuntu/noble/Dockerfile             |    5 +-
 doc/admin-guide/configuration/hrw4u.en.rst         |   75 +-
 doc/admin-guide/files/records.yaml.en.rst          |    7 +-
 doc/admin-guide/files/remap.config.en.rst          |   29 +
 doc/admin-guide/files/sni.yaml.en.rst              |    2 +-
 doc/admin-guide/logging/formatting.en.rst          |   12 +
 .../monitoring/statistics/core/ssl.en.rst          |   10 +-
 doc/admin-guide/plugins/compress.en.rst            |   12 +
 doc/admin-guide/plugins/header_rewrite.en.rst      |   19 +-
 doc/admin-guide/plugins/index.en.rst               |    4 +
 doc/admin-guide/plugins/realip.en.rst              |   86 ++
 doc/admin-guide/plugins/xdebug.en.rst              |   27 +-
 .../api/functions/TSHttpHdrStatusSet.en.rst        |   15 +
 .../api/functions/TSHttpTxnStatusSet.en.rst        |   67 +
 .../api/functions/TSHttpTxnVerifiedAddrSet.en.rst  |   69 +
 doc/static/languages.json                          |    2 +
 example/plugins/c-api/basic_auth/basic_auth.cc     |    2 +-
 example/plugins/c-api/denylist_0/denylist_0.cc     |    2 +-
 example/plugins/c-api/denylist_1/denylist_1.cc     |    2 +-
 example/plugins/c-api/redirect_1/redirect_1.cc     |    2 +-
 example/plugins/c-api/remap/remap.cc               |    2 +-
 example/plugins/c-api/secure_link/secure_link.cc   |    2 +-
 include/cripts/Connections.hpp                     |    4 +
 include/cripts/Context.hpp                         |    6 +
 include/iocore/net/TLSBasicSupport.h               |   20 +-
 include/iocore/net/TLSSessionResumptionSupport.h   |   73 +-
 include/proxy/IPAllow.h                            |    2 +-
 include/proxy/ProxyTransaction.h                   |   20 +
 include/proxy/hdrs/URL.h                           |   10 +
 include/proxy/http/HttpTransact.h                  |    5 +-
 include/proxy/http/HttpUserAgent.h                 |   34 +-
 include/proxy/http/remap/UrlMappingPathIndex.h     |    2 +-
 include/proxy/logging/LogAccess.h                  |   36 +-
 include/ts/ts.h                                    |   37 +-
 include/tscore/ink_config.h.cmake.in               |    2 +
 include/tsutil/Regex.h                             |   26 +
 lib/swoc/CMakeLists.txt                            |    4 +-
 lib/swoc/include/swoc/IPRange.h                    |   29 +-
 lib/swoc/include/swoc/swoc_version.h               |    4 +-
 plugins/authproxy/authproxy.cc                     |    2 +-
 plugins/background_fetch/background_fetch.cc       |    4 +
 plugins/cachekey/CMakeLists.txt                    |    9 +
 plugins/cachekey/tests/pattern_test.cc             |   66 -
 plugins/cachekey/unit_tests/pattern_test.cc        |  121 ++
 plugins/compress/compress.cc                       |    5 +-
 plugins/compress/configuration.cc                  |   32 +-
 plugins/compress/configuration.h                   |   15 +-
 plugins/compress/misc.h                            |    2 +-
 plugins/esi/CMakeLists.txt                         |    4 +-
 plugins/esi/combo_handler.cc                       |   23 +-
 plugins/esi/esi.cc                                 |  171 ++-
 plugins/esi/http_utils.cc                          |   62 +
 plugins/esi/{lib/EsiGunzip.h => http_utils.h}      |   48 +-
 plugins/esi/lib/EsiGunzip.h                        |    5 +-
 plugins/esi/lib/EsiGzip.cc                         |    2 +-
 plugins/esi/lib/EsiGzip.h                          |    7 +-
 plugins/esi/lib/EsiParser.cc                       |   10 +-
 plugins/esi/lib/EsiParser.h                        |    4 +-
 plugins/esi/lib/EsiProcessor.cc                    |    9 +-
 plugins/esi/lib/EsiProcessor.h                     |    4 +-
 plugins/esi/serverIntercept.cc                     |    5 +-
 plugins/experimental/CMakeLists.txt                |    3 +
 plugins/experimental/access_control/plugin.cc      |   10 +-
 .../experimental/cache_fill/background_fetch.cc    |    4 +
 plugins/experimental/cookie_remap/cookie_remap.cc  |    8 +-
 plugins/experimental/geoip_acl/geoip_acl.cc        |    2 +-
 plugins/experimental/http_stats/http_stats.cc      |    2 +-
 plugins/experimental/icap/icap_plugin.cc           |    2 +-
 plugins/experimental/maxmind_acl/maxmind_acl.cc    |    2 +-
 plugins/experimental/mp4/mp4.cc                    |    2 +-
 plugins/experimental/rate_limit/rate_limit.cc      |    2 +-
 plugins/experimental/rate_limit/txn_limiter.cc     |    2 +-
 .../realip}/CMakeLists.txt                         |   11 +-
 plugins/experimental/realip/address_setter.cc      |   43 +
 plugins/experimental/realip/address_setter.h       |   36 +
 plugins/experimental/realip/address_source.cc      |   72 +
 plugins/experimental/realip/address_source.h       |   41 +
 plugins/experimental/realip/pp.cc                  |   52 +
 plugins/experimental/realip/pp.h                   |   34 +
 plugins/experimental/realip/realip.cc              |   67 +
 plugins/experimental/realip/realip.h               |   23 +
 plugins/experimental/realip/simple.cc              |   76 +
 plugins/experimental/realip/simple.h               |   34 +
 plugins/experimental/tls_bridge/tls_bridge.cc      |    2 +-
 plugins/experimental/txn_box/plugin/src/ts_util.cc |    4 +-
 plugins/experimental/uri_signing/uri_signing.cc    |    2 +-
 plugins/experimental/url_sig/url_sig.cc            |    2 +-
 plugins/experimental/wasm/ats_context.cc           |    4 +-
 plugins/header_rewrite/conditions.cc               |    3 +
 plugins/header_rewrite/conditions.h                |    6 +
 plugins/header_rewrite/factory.cc                  |    2 +
 plugins/header_rewrite/header_rewrite.cc           |  133 +-
 plugins/header_rewrite/operators.cc                |   56 +-
 plugins/header_rewrite/operators.h                 |   25 +
 plugins/header_rewrite/parser.cc                   |   23 +-
 plugins/header_rewrite/resources.cc                |   12 +-
 plugins/header_rewrite/statement.h                 |    6 +-
 plugins/lua/ts_lua_client_response.cc              |    4 +-
 plugins/lua/ts_lua_http.cc                         |    4 +-
 plugins/lua/ts_lua_server_response.cc              |    2 +-
 plugins/origin_server_auth/origin_server_auth.cc   |    4 +-
 plugins/prefetch/plugin.cc                         |    2 +-
 plugins/regex_remap/regex_remap.cc                 |    6 +-
 plugins/remap_purge/remap_purge.cc                 |    2 +-
 plugins/statichit/statichit.cc                     |    4 +-
 plugins/stats_over_http/stats_over_http.cc         |    2 +-
 plugins/xdebug/CMakeLists.txt                      |    9 +-
 plugins/xdebug/unit_tests/test_xdebug_utils.cc     |  195 +++
 plugins/xdebug/xdebug.cc                           |   72 +-
 plugins/xdebug/xdebug_transforms.cc                |  141 +-
 plugins/xdebug/xdebug_types.h                      |   14 +
 plugins/xdebug/xdebug_utils.cc                     |  108 ++
 plugins/xdebug/xdebug_utils.h                      |   57 +
 src/api/InkAPI.cc                                  |   60 +-
 src/cripts/Error.cc                                |    2 +-
 src/cripts/Headers.cc                              |    4 +-
 src/cripts/Urls.cc                                 |   29 +-
 src/iocore/cache/CacheVC.cc                        |    5 +-
 src/iocore/cache/CacheVC.h                         |    3 +-
 src/iocore/net/P_QUICNetVConnection.h              |    7 +-
 src/iocore/net/P_SSLNetVConnection.h               |    6 +-
 src/iocore/net/P_SSLUtils.h                        |    5 +-
 src/iocore/net/QUICNetVConnection.cc               |   18 +-
 src/iocore/net/ReadWriteEventIO.cc                 |    3 +-
 src/iocore/net/SSLNetVConnection.cc                |   65 +-
 src/iocore/net/SSLSessionCache.cc                  |   10 +-
 src/iocore/net/SSLSessionCache.h                   |   20 +-
 src/iocore/net/SSLStats.cc                         |    4 +
 src/iocore/net/SSLStats.h                          |   16 +-
 src/iocore/net/SSLUtils.cc                         |   26 +
 src/iocore/net/Server.cc                           |    3 +-
 src/iocore/net/TLSBasicSupport.cc                  |   17 +-
 src/iocore/net/TLSSessionResumptionSupport.cc      |   63 +-
 src/iocore/net/UnixNetVConnection.cc               |    5 +
 src/mgmt/rpc/handlers/server/Server.cc             |   14 +
 src/proxy/ControlMatcher.cc                        |   21 +-
 src/proxy/IPAllow.cc                               |    3 +
 src/proxy/hdrs/HdrHeap.cc                          |    2 +-
 src/proxy/hdrs/HdrToken.cc                         |    2 +-
 src/proxy/hdrs/MIME.cc                             |   22 +-
 src/proxy/hdrs/URL.cc                              |   92 +-
 src/proxy/hdrs/test_urlhash.cc                     |    4 +-
 src/proxy/hdrs/unit_tests/test_URL.cc              |    2 +
 src/proxy/http/HttpDebugNames.cc                   |    6 -
 src/proxy/http/HttpSM.cc                           |   52 +-
 src/proxy/http/HttpSessionManager.cc               |    6 +
 src/proxy/http/HttpTransact.cc                     |    6 +-
 src/proxy/http/remap/RemapConfig.cc                |    5 +-
 src/proxy/http/remap/RemapProcessor.cc             |   25 +-
 src/proxy/http/remap/UrlMappingPathIndex.cc        |   10 +-
 src/proxy/http/remap/UrlRewrite.cc                 |   16 +
 src/proxy/http/remap/unit-tests/test_RemapRules.cc |   56 +
 src/proxy/http2/Http2ConnectionState.cc            |    5 +-
 src/proxy/logging/Log.cc                           |   10 +
 src/proxy/logging/LogAccess.cc                     |  118 +-
 src/proxy/logging/LogFile.cc                       |   37 +-
 src/records/RecordsConfig.cc                       |    2 +-
 src/traffic_logstats/logstats.cc                   |   22 +-
 src/traffic_server/traffic_server.cc               |    4 +-
 src/tscore/unit_tests/test_layout.cc               |    5 +
 src/tscpp/api/Transaction.cc                       |    2 +-
 src/tsutil/Regex.cc                                |   55 +-
 src/tsutil/unit_tests/test_Regex.cc                |   42 +-
 tests/gold_tests/autest-site/curl.test.ext         |    8 +-
 .../gold_tests/autest-site/trafficserver.test.ext  |   23 +-
 tests/gold_tests/cache/background_fill.test.py     |   27 +-
 .../cache/cache-generation-clear.test.py           |    1 -
 .../cache/cache-generation-disjoint.test.py        |    1 -
 .../cache/disjoint-wait-for-cache.test.py          |    1 -
 .../cache/gold/background_fill_0_stderr_H.gold     |    6 +-
 .../cache/gold/background_fill_0_stderr_W.gold     |   15 -
 .../cache/gold/background_fill_1_stderr_H.gold     |    6 +-
 .../cache/gold/background_fill_1_stderr_W.gold     |   15 -
 .../cache/gold/background_fill_2_stderr_H.gold     |    6 +-
 .../cache/gold/background_fill_2_stderr_W.gold     |   15 -
 .../cache/gold/background_fill_3_stdout.gold       |    4 +-
 tests/gold_tests/cache/replay/bg_fill.yaml         |    2 +
 tests/gold_tests/connect/connect.test.py           |    2 +-
 tests/gold_tests/cripts/cripts.test.py             |   19 +-
 tests/gold_tests/h2/h2spec.test.py                 |    2 +-
 .../gold_tests/h2/http2_concurrent_streams.test.py |   58 +
 tests/gold_tests/h2/httpbin.test.py                |    2 +-
 tests/gold_tests/h2/nghttp.test.py                 |    2 +-
 .../h2/replay/http2_concurrent_streams.replay.yaml |   93 ++
 tests/gold_tests/ip_allow/gold/log.gold            |    6 +-
 tests/gold_tests/ip_allow/ip_allow.test.py         |   24 +-
 tests/gold_tests/ip_allow/run_sed.sh               |    4 +-
 tests/gold_tests/logging/log-filenames.test.py     |    8 +-
 tests/gold_tests/logging/new_log_flds.test.py      |    2 +-
 .../compress/compress-content-type-params.test.py  |   68 +
 .../compress/etc/ignore-params-false.config        |    6 +
 .../compress/etc/ignore-params-true.config         |    6 +
 .../compress-content-type-params.replay.yaml       |   73 +
 tests/gold_tests/pluginTest/esi/esi.test.py        |    2 +-
 .../pluginTest/esi/esi_nested_include.replay.yaml  |   77 +
 .../pluginTest/esi/esi_nested_include.test.py      |  130 +-
 .../header_rewrite/gold/header_rewrite-502.gold    |    5 +
 .../gold/header_rewrite_effective_address.gold     |    7 +
 .../header_rewrite/gold/plugin-status-test.gold    |    2 +
 .../header_rewrite/header_rewrite.test.py          |   46 +-
 .../header_rewrite_effective_address.test.py       |   56 +
 .../pluginTest/header_rewrite/rules/rule.conf      |    6 +-
 .../{rule.conf => rule_effective_address.conf}     |    8 +-
 .../polite_hook_wait/polite_hook_wait.cc           |    2 +-
 tests/gold_tests/pluginTest/tsapi/CMakeLists.txt   |    1 +
 .../rule.conf => tsapi/hrw_verified_addr.conf}     |    4 +-
 .../pluginTest/tsapi/test_TSHttpSsnInfo.test.py    |    2 +-
 .../pluginTest/tsapi/test_TSHttpTxnVerifiedAddr.cc |   81 ++
 .../tsapi/test_TSHttpTxnVerifiedAddr.test.py       |   65 +
 .../pluginTest/tsapi/test_TSVConnPPInfo.test.py    |    2 +-
 .../xdebug/x_probe_full_json/gold/jq.gold          |    3 -
 .../xdebug/x_probe_full_json/gold/jq_escaped.gold  |    3 +
 .../xdebug/x_probe_full_json/gold/jq_hex.gold      |    3 +
 .../xdebug/x_probe_full_json/gold/jq_nobody.gold   |    3 +
 .../x_probe_full_json.replay.yaml                  |   80 +-
 .../x_probe_full_json/x_probe_full_json.test.py    |   55 +-
 .../remap/gold/map-with-recv-port-ip.gold          |   13 +
 .../remap/gold/map-with-recv-port-unix.gold        |   13 +
 tests/gold_tests/remap/map_with_recv_port.test.py  |   82 ++
 tests/gold_tests/remap/remap_acl.test.py           |  134 +-
 tests/gold_tests/tls/ssl_key_dialog.test.py        |   12 +-
 tests/gold_tests/traffic_ctl/gold/diff.gold        |    3 +
 tests/gold_tests/traffic_ctl/gold/diff_yaml.gold   |    1 +
 .../traffic_ctl/traffic_ctl_server_output.test.py  |   13 +-
 tests/tools/plugins/custom204plugin.cc             |    2 +-
 tests/tools/plugins/user_args.cc                   |    2 +-
 tools/hrw4u/LSP_README.md                          |   59 +
 tools/hrw4u/Makefile                               |   94 +-
 tools/hrw4u/bootstrap.sh                           |    4 +
 tools/hrw4u/grammar/hrw4u.g4                       |   28 +-
 tools/hrw4u/grammar/u4wrh.g4                       |   33 +-
 tools/hrw4u/pyproject.toml                         |    6 +-
 tools/hrw4u/requirements.txt                       |    1 +
 tools/hrw4u/scripts/hrw4u                          |   12 +-
 tools/hrw4u/scripts/hrw4u-kg                       |  308 ++++
 tools/hrw4u/scripts/hrw4u-lsp                      |  611 ++++++++
 tools/hrw4u/scripts/testcase.py                    |   10 +-
 tools/hrw4u/scripts/u4wrh                          |   12 +-
 tools/hrw4u/src/common.py                          |  240 +++-
 tools/hrw4u/src/debugging.py                       |   20 +-
 tools/hrw4u/src/errors.py                          |  116 +-
 tools/hrw4u/src/generators.py                      |  177 +++
 tools/hrw4u/src/hrw_symbols.py                     |  147 +-
 tools/hrw4u/src/hrw_visitor.py                     |  504 ++++---
 tools/hrw4u/src/interning.py                       |  112 ++
 tools/hrw4u/src/kg_visitor.py                      |  560 ++++++++
 .../run_sed.sh => tools/hrw4u/src/lsp/__init__.py  |   11 +-
 tools/hrw4u/src/lsp/completions.py                 |  287 ++++
 tools/hrw4u/src/lsp/documentation.py               | 1485 ++++++++++++++++++++
 tools/hrw4u/src/lsp/hover.py                       |  664 +++++++++
 tools/hrw4u/src/lsp/strings.py                     |  305 ++++
 tools/hrw4u/src/lsp/types.py                       |  114 ++
 tools/hrw4u/src/script_common.py                   |  145 --
 tools/hrw4u/src/states.py                          |  133 +-
 tools/hrw4u/src/suggestions.py                     |  156 ++
 tools/hrw4u/src/symbols.py                         |  251 ++--
 tools/hrw4u/src/symbols_base.py                    |  144 ++
 tools/hrw4u/src/tables.py                          |  367 +++--
 tools/hrw4u/src/types.py                           |   98 +-
 tools/hrw4u/src/validation.py                      |  121 +-
 tools/hrw4u/src/visitor.py                         |  621 +++++---
 tools/hrw4u/src/visitor_base.py                    |  449 ++++++
 tools/hrw4u/tests/data/conds/access.ast.txt        |    2 +-
 .../tests/data/conds/bad_regex.fail.error.txt      |    3 +
 .../tests/data/conds/bad_regex.fail.input.txt      |    5 +
 tools/hrw4u/tests/data/conds/cache.ast.txt         |    2 +-
 tools/hrw4u/tests/data/conds/capture.ast.txt       |    2 +-
 tools/hrw4u/tests/data/conds/certs.ast.txt         |    1 +
 tools/hrw4u/tests/data/conds/certs.input.txt       |   28 +
 tools/hrw4u/tests/data/conds/certs.output.txt      |   23 +
 tools/hrw4u/tests/data/conds/cidr.ast.txt          |    2 +-
 tools/hrw4u/tests/data/conds/cookie.ast.txt        |    2 +-
 tools/hrw4u/tests/data/conds/exceptions.txt        |    5 +
 tools/hrw4u/tests/data/conds/from-url.ast.txt      |    2 +-
 tools/hrw4u/tests/data/conds/geo.ast.txt           |    2 +-
 tools/hrw4u/tests/data/conds/http-cntl.ast.txt     |    2 +-
 tools/hrw4u/tests/data/conds/if-elif.ast.txt       |    2 +-
 tools/hrw4u/tests/data/conds/impl-expr.ast.txt     |    2 +-
 .../hrw4u/tests/data/conds/implicit-cmp.input.txt  |   13 +
 .../hrw4u/tests/data/conds/implicit-cmp.output.txt |   11 +
 tools/hrw4u/tests/data/conds/in-sets.ast.txt       |    1 +
 tools/hrw4u/tests/data/conds/in-sets.input.txt     |    5 +
 tools/hrw4u/tests/data/conds/in-sets.output.txt    |    3 +
 tools/hrw4u/tests/data/conds/inbound.ast.txt       |    2 +-
 tools/hrw4u/tests/data/conds/internal.ast.txt      |    2 +-
 tools/hrw4u/tests/data/conds/ip.ast.txt            |    2 +-
 tools/hrw4u/tests/data/conds/long-if.ast.txt       |    2 +-
 tools/hrw4u/tests/data/conds/method.ast.txt        |    2 +-
 tools/hrw4u/tests/data/conds/multi-if.ast.txt      |    2 +-
 tools/hrw4u/tests/data/conds/now.ast.txt           |    2 +-
 tools/hrw4u/tests/data/conds/outbound.ast.txt      |    2 +-
 tools/hrw4u/tests/data/conds/split-if.ast.txt      |    2 +-
 tools/hrw4u/tests/data/conds/to-url.ast.txt        |    2 +-
 tools/hrw4u/tests/data/conds/true_false.ast.txt    |    2 +-
 tools/hrw4u/tests/data/conds/txn-count.ast.txt     |    2 +-
 .../hrw4u/tests/data/examples/add-cc-path.ast.txt  |    2 +-
 .../hrw4u/tests/data/examples/all-nonsense.ast.txt |    1 +
 .../tests/data/examples/all-nonsense.input.txt     |  215 +++
 .../tests/data/examples/all-nonsense.output.txt    |  254 ++++
 tools/hrw4u/tests/data/examples/conn-drain.ast.txt |    2 +-
 tools/hrw4u/tests/data/examples/dbg-req.ast.txt    |    2 +-
 tools/hrw4u/tests/data/examples/exceptions.txt     |    5 +
 tools/hrw4u/tests/data/examples/hdr-exists.ast.txt |    2 +-
 tools/hrw4u/tests/data/examples/hsts.ast.txt       |    2 +-
 tools/hrw4u/tests/data/examples/int-header.ast.txt |    2 +-
 .../hrw4u/tests/data/examples/int-header.input.txt |    1 +
 .../tests/data/examples/int-header.output.txt      |    1 +
 .../tests/data/examples/meth-resp-hdr.ast.txt      |    2 +-
 .../hrw4u/tests/data/examples/norm_status.ast.txt  |    2 +-
 tools/hrw4u/tests/data/examples/path-ext.ast.txt   |    2 +-
 .../hrw4u/tests/data/examples/rem_org_auth.ast.txt |    2 +-
 tools/hrw4u/tests/data/examples/rm-cc-out.ast.txt  |    2 +-
 .../hrw4u/tests/data/examples/rm-cc-out.input.txt  |    1 +
 .../hrw4u/tests/data/examples/rm-cc-out.output.txt |    1 +
 tools/hrw4u/tests/data/examples/rm-int-hdr.ast.txt |    2 +-
 tools/hrw4u/tests/data/examples/rm-query.ast.txt   |    2 +-
 tools/hrw4u/tests/data/examples/run-plugin.ast.txt |    2 +-
 tools/hrw4u/tests/data/examples/teapots.ast.txt    |    2 +-
 tools/hrw4u/tests/data/examples/useless.ast.txt    |    2 +-
 tools/hrw4u/tests/data/examples/uuid.ast.txt       |    2 +-
 tools/hrw4u/tests/data/examples/x-debug.ast.txt    |    2 +-
 .../data/hooks/invalid_section.fail.error.txt      |    2 +-
 tools/hrw4u/tests/data/hooks/read_response.ast.txt |    2 +-
 tools/hrw4u/tests/data/hooks/remap.ast.txt         |    2 +-
 tools/hrw4u/tests/data/hooks/send_request.ast.txt  |    2 +-
 tools/hrw4u/tests/data/hooks/send_response.ast.txt |    2 +-
 tools/hrw4u/tests/data/ops/dscp.ast.txt            |    2 +-
 tools/hrw4u/tests/data/ops/dscp.input.txt          |    1 +
 tools/hrw4u/tests/data/ops/dscp.output.txt         |    1 +
 tools/hrw4u/tests/data/ops/expansion.ast.txt       |    2 +-
 .../data/ops/http_cntl_invalid_bool.fail.error.txt |    1 +
 .../data/ops/http_cntl_invalid_bool.fail.input.txt |    3 +
 .../data/ops/http_cntl_quoted_bool.fail.error.txt  |    1 +
 .../data/ops/http_cntl_quoted_bool.fail.input.txt  |    3 +
 .../tests/data/ops/http_cntl_valid_bools.ast.txt   |    1 +
 .../tests/data/ops/http_cntl_valid_bools.input.txt |   19 +
 .../data/ops/http_cntl_valid_bools.output.txt      |   18 +
 tools/hrw4u/tests/data/ops/no-op.ast.txt           |    2 +-
 tools/hrw4u/tests/data/ops/qsa.input.txt           |    2 +
 tools/hrw4u/tests/data/ops/qsa.output.txt          |    3 +-
 tools/hrw4u/tests/data/ops/redirect.ast.txt        |    2 +-
 tools/hrw4u/tests/data/ops/set-body.ast.txt        |    2 +-
 tools/hrw4u/tests/data/ops/set-conf.ast.txt        |    2 +-
 tools/hrw4u/tests/data/ops/set-destination.ast.txt |    1 +
 .../hrw4u/tests/data/ops/set-destination.input.txt |    7 +
 .../tests/data/ops/set-destination.output.txt      |    5 +
 tools/hrw4u/tests/data/ops/set-plugin-cntl.ast.txt |    1 +
 .../hrw4u/tests/data/ops/set-plugin-cntl.input.txt |    9 +
 .../tests/data/ops/set-plugin-cntl.output.txt      |    7 +
 tools/hrw4u/tests/data/ops/skip-remap.ast.txt      |    2 +-
 tools/hrw4u/tests/data/ops/skip-remap.output.txt   |    2 +-
 .../data/ops/skip_remap_quoted_bool.fail.error.txt |    1 +
 .../data/ops/skip_remap_quoted_bool.fail.input.txt |    3 +
 tools/hrw4u/tests/data/ops/status.ast.txt          |    2 +-
 tools/hrw4u/tests/data/vars/assign.ast.txt         |    2 +-
 tools/hrw4u/tests/data/vars/bool.ast.txt           |    2 +-
 tools/hrw4u/tests/data/vars/int16.ast.txt          |    2 +-
 tools/hrw4u/tests/data/vars/int8.ast.txt           |    2 +-
 tools/hrw4u/tests/data/vars/typos.fail.error.txt   |    3 +
 tools/hrw4u/tests/data/vars/typos.fail.input.txt   |    7 +
 tools/hrw4u/tests/lsp_asserts.py                   |  197 +++
 tools/hrw4u/tests/test_conds.py                    |    8 +
 tools/hrw4u/tests/test_conds_reverse.py            |    2 +-
 tools/hrw4u/tests/test_examples_reverse.py         |    2 +-
 tools/hrw4u/tests/test_hooks_reverse.py            |    2 +-
 tools/hrw4u/tests/test_lsp.py                      |  652 +++++++++
 tools/hrw4u/tests/test_ops.py                      |    7 +
 tools/hrw4u/tests/test_ops_reverse.py              |    2 +-
 tools/hrw4u/tests/test_units.py                    |  288 ++++
 tools/hrw4u/tests/test_vars_reverse.py             |    2 +-
 tools/hrw4u/tests/utils.py                         |  201 ++-
 373 files changed, 13563 insertions(+), 2249 deletions(-)

diff --cc include/iocore/net/TLSSessionResumptionSupport.h
index 086ccbfaf5,80c25d96d6..38eb5d4a5c
--- a/include/iocore/net/TLSSessionResumptionSupport.h
+++ b/include/iocore/net/TLSSessionResumptionSupport.h
@@@ -48,12 -73,44 +73,31 @@@ public
    int processSessionTicket(SSL *ssl, unsigned char *keyname, unsigned char 
*iv, EVP_CIPHER_CTX *cipher_ctx, HMAC_CTX *hctx,
                             int enc);
  #endif
-   bool         getSSLSessionCacheHit() const;
-   bool         getSSLOriginSessionCacheHit() const;
-   ssl_curve_id getSSLCurveNID() const;
  
+   // 
---------------------------------------------------------------------------
+   // TLS Session Resumption Support Via Server Session Caching
+   // 
---------------------------------------------------------------------------
 -
 -  /** Retrieves a cached SSL session from the session cache.
 -   *
 -   * This function is used to retrieve a cached SSL session from the session 
cache.
 -   *
 -   * @param[in]  ssl         The SSL connection object.
 -   * @param[in]  id          The session ID to lookup.
 -   * @param[in]  len         The length of the session ID.
 -   * @param[out] copy        Pointer to an integer indicating if the session 
ID should be copied.
 -   * @return                A pointer to the cached SSL session, or nullptr 
if not found.
 -   */
 -  SSL_SESSION *getSession(SSL *ssl, const unsigned char *id, int len, int 
*copy);
 -
+   /**
+    * @brief Retrieves a cached SSL session from the origin session cache.
+    *
+    * This function is used to retrieve a cached SSL session from the origin 
session cache.
+    *
+    * @param[in]  lookup_key  The key to lookup the session in the cache.
+    * @return                A pointer to the cached SSL session, or nullptr 
if not found.
+    */
    std::shared_ptr<SSL_SESSION> getOriginSession(const std::string 
&lookup_key);
  
+   // 
---------------------------------------------------------------------------
+   // Getters used for both ticket and session caching
+   // 
---------------------------------------------------------------------------
+ 
+   bool             getIsResumedSSLSession() const;
+   bool             getIsResumedOriginSSLSession() const;
+   bool             getIsResumedFromSessionCache() const;
+   bool             getIsResumedFromSessionTicket() const;
+   ssl_curve_id     getSSLCurveNID() const;
+   std::string_view getSSLGroupName() const;
+ 
  protected:
    void                      clear();
    virtual const IpEndpoint &_getLocalEndpoint() = 0;
diff --cc src/iocore/net/SSLSessionCache.h
index 501df2a0a3,769c20adf1..ff78e8f0e1
--- a/src/iocore/net/SSLSessionCache.h
+++ b/src/iocore/net/SSLSessionCache.h
@@@ -37,8 -46,160 +46,11 @@@
  
  struct ssl_session_cache_exdata {
    ssl_curve_id curve = 0;
+ 
+   /** The TLS group name, gauranteed to be null-terminated. */
+   char group_name[SSL_MAX_GROUP_NAME_SIZE] = {'\0'};
  };
  
 -inline void
 -hash_combine(uint64_t &seed, uint64_t hash)
 -{
 -  // using boost's version of hash combine, substituting magic number with a 
64bit version
 -  // 
https://www.boost.org/doc/libs/1_43_0/doc/html/hash/reference.html#boost.hash_combine
 -  seed ^= hash + 0x9E3779B97F4A7C15 + (seed << 6) + (seed >> 2);
 -}
 -
 -struct SSLSessionID : public TSSslSessionID {
 -  SSLSessionID(const unsigned char *s, size_t l)
 -  {
 -    len = l;
 -    ink_release_assert(l <= sizeof(bytes));
 -    memcpy(bytes, s, l);
 -    hash();
 -  }
 -
 -  SSLSessionID(const SSLSessionID &other)
 -  {
 -    if (other.len) {
 -      memcpy(bytes, other.bytes, other.len);
 -    }
 -
 -    len = other.len;
 -    hash();
 -  }
 -
 -  bool
 -  operator<(const SSLSessionID &other) const
 -  {
 -    if (len != other.len) {
 -      return len < other.len;
 -    }
 -
 -    return (memcmp(bytes, other.bytes, len) < 0);
 -  }
 -
 -  SSLSessionID &
 -  operator=(const SSLSessionID &other)
 -  {
 -    if (other.len) {
 -      memcpy(bytes, other.bytes, other.len);
 -    }
 -
 -    len = other.len;
 -    return *this;
 -  }
 -
 -  bool
 -  operator==(const SSLSessionID &other) const
 -  {
 -    if (len != other.len) {
 -      return false;
 -    }
 -
 -    // memcmp returns 0 on equal
 -    return (memcmp(bytes, other.bytes, len) == 0);
 -  }
 -
 -  const char *
 -  toString(char *buf, size_t buflen) const
 -  {
 -    char *cur_pos = buf;
 -    for (size_t i = 0; i < len && buflen > 0; ++i) {
 -      if (buflen > 2) { // we have enough space for 3 bytes, 2 hex and 1 null 
terminator
 -        snprintf(cur_pos, 3 /* including a null terminator */, "%02hhX", 
static_cast<unsigned char>(bytes[i]));
 -        cur_pos += 2;
 -        buflen  -= 2;
 -      } else { // not enough space for any more hex bytes, just null terminate
 -        *cur_pos = '\0';
 -        break;
 -      }
 -    }
 -    return buf;
 -  }
 -
 -  uint64_t
 -  hash() const
 -  {
 -    // because the session ids should be uniformly random, we can treat the 
bits as a hash value
 -    // however we need to combine them if the length is longer than 64bits
 -    if (len >= sizeof(uint64_t)) {
 -      uint64_t seed = 0;
 -      for (uint64_t i = 0; i < len; i += sizeof(uint64_t)) {
 -        hash_combine(seed, static_cast<uint64_t>(bytes[i]));
 -      }
 -      return seed;
 -    } else if (len) {
 -      return static_cast<uint64_t>(bytes[0]);
 -    } else {
 -      return 0;
 -    }
 -  }
 -};
 -
 -class SSLSession
 -{
 -public:
 -  SSLSessionID      session_id;
 -  Ptr<IOBufferData> asn1_data; /* this is the ASN1 representation of the 
SSL_CTX */
 -  size_t            len_asn1_data;
 -  Ptr<IOBufferData> extra_data;
 -
 -  SSLSession(const SSLSessionID &id, const Ptr<IOBufferData> &ssl_asn1_data, 
size_t len_asn1, Ptr<IOBufferData> &exdata)
 -    : session_id(id), asn1_data(ssl_asn1_data), len_asn1_data(len_asn1), 
extra_data(exdata)
 -  {
 -  }
 -
 -  LINK(SSLSession, link);
 -};
 -
 -class SSLSessionBucket
 -{
 -public:
 -  SSLSessionBucket();
 -  ~SSLSessionBucket();
 -  void insertSession(const SSLSessionID &sid, SSL_SESSION *sess, SSL *ssl);
 -  bool getSession(const SSLSessionID &sid, SSL_SESSION **sess, 
ssl_session_cache_exdata **data);
 -  int  getSessionBuffer(const SSLSessionID &sid, char *buffer, int &len);
 -  void removeSession(const SSLSessionID &sid);
 -
 -private:
 -  /* these method must be used while hold the lock */
 -  void print(const char *) const;
 -  void removeOldestSession(const std::unique_lock<ts::shared_mutex> &lock);
 -
 -  mutable ts::shared_mutex             mutex;
 -  CountQueue<SSLSession>               bucket_que;
 -  std::map<SSLSessionID, SSLSession *> bucket_map;
 -};
 -
 -class SSLSessionCache
 -{
 -public:
 -  bool getSession(const SSLSessionID &sid, SSL_SESSION **sess, 
ssl_session_cache_exdata **data) const;
 -  int  getSessionBuffer(const SSLSessionID &sid, char *buffer, int &len) 
const;
 -  void insertSession(const SSLSessionID &sid, SSL_SESSION *sess, SSL *ssl);
 -  void removeSession(const SSLSessionID &sid);
 -  SSLSessionCache();
 -  ~SSLSessionCache();
 -
 -  SSLSessionCache(const SSLSessionCache &)            = delete;
 -  SSLSessionCache &operator=(const SSLSessionCache &) = delete;
 -
 -private:
 -  SSLSessionBucket *session_bucket = nullptr;
 -  size_t            nbuckets;
 -};
 -
  class SSLOriginSession
  {
  public:
diff --cc src/iocore/net/SSLStats.h
index 8f879487c6,9e2cdc428f..552d0b2407
--- a/src/iocore/net/SSLStats.h
+++ b/src/iocore/net/SSLStats.h
@@@ -96,10 -98,17 +97,17 @@@ struct SSLStatsBlock 
    Metrics::Counter::AtomicType *user_agent_version_too_high                   
 = nullptr;
    Metrics::Counter::AtomicType *user_agent_version_too_low                    
 = nullptr;
    Metrics::Counter::AtomicType *user_agent_wrong_version                      
 = nullptr;
-   Metrics::Gauge::AtomicType   *user_agent_session_hit                        
 = nullptr;
-   Metrics::Gauge::AtomicType   *user_agent_session_miss                       
 = nullptr;
-   Metrics::Gauge::AtomicType   *user_agent_session_timeout                    
 = nullptr;
-   Metrics::Gauge::AtomicType   *user_agent_sessions                           
 = nullptr;
+ 
 -  // Note: The following user_agent_session_* metrics are implemented as 
Gauge types
 -  // even though they semantically represent cumulative counters. This is 
because
 -  // they are periodically synchronized from external counter sources 
(OpenSSL's
 -  // built-in session cache or ATS's session cache) and need to be "set" to 
specific
 -  // values rather than incremented. From a monitoring perspective, these 
should be
++  // Note: The following user_agent_session_* metrics are implemented as Gauge
++  // types even though they semantically represent cumulative counters. This 
is
++  // because they are periodically synchronized from external counter sources
++  // (OpenSSL's built-in session cache) and need to be "set" to specific 
values
++  // rather than incremented. From a monitoring perspective, these should be
+   // treated as counters for calculating rates.
+   Metrics::Gauge::AtomicType *user_agent_session_hit     = nullptr;
+   Metrics::Gauge::AtomicType *user_agent_session_miss    = nullptr;
+   Metrics::Gauge::AtomicType *user_agent_session_timeout = nullptr;
+   Metrics::Gauge::AtomicType *user_agent_sessions        = nullptr;
  };
  
  extern SSLStatsBlock                                                   
ssl_rsb;
diff --cc src/iocore/net/TLSSessionResumptionSupport.cc
index 21d5a02c20,1fac030a7c..1bd93bcc64
--- a/src/iocore/net/TLSSessionResumptionSupport.cc
+++ b/src/iocore/net/TLSSessionResumptionSupport.cc
@@@ -141,6 -158,62 +158,12 @@@ TLSSessionResumptionSupport::getSSLCurv
    return this->_sslCurveNID;
  }
  
+ std::string_view
+ TLSSessionResumptionSupport::getSSLGroupName() const
+ {
+   return this->_sslGroupName;
+ }
+ 
 -SSL_SESSION *
 -TLSSessionResumptionSupport::getSession(SSL *ssl, const unsigned char *id, 
int len, int *copy)
 -{
 -  SSLSessionID sid(id, len);
 -
 -  *copy = 0;
 -  if (diags()->on()) {
 -    static DbgCtl dbg_ctl("ssl.session_cache.get");
 -    if (dbg_ctl.tag_on()) {
 -      char printable_buf[(len * 2) + 1];
 -      sid.toString(printable_buf, sizeof(printable_buf));
 -      DbgPrint(dbg_ctl, "ssl_get_cached_session cached session '%s' context 
%p", printable_buf, SSL_get_SSL_CTX(ssl));
 -    }
 -  }
 -
 -  APIHook *hook = 
SSLAPIHooks::instance()->get(TSSslHookInternalID(TS_SSL_SESSION_HOOK));
 -  while (hook) {
 -    hook->invoke(TS_EVENT_SSL_SESSION_GET, &sid);
 -    hook = hook->m_link.next;
 -  }
 -
 -  SSL_SESSION              *session = nullptr;
 -  ssl_session_cache_exdata *exdata  = nullptr;
 -  if (session_cache->getSession(sid, &session, &exdata)) {
 -    ink_assert(session);
 -    ink_assert(exdata);
 -
 -    // Double check the timeout
 -    if (is_ssl_session_timed_out(session)) {
 -      Metrics::Counter::increment(ssl_rsb.session_cache_miss);
 -      Metrics::Counter::increment(ssl_rsb.session_cache_timeout);
 -// Due to bug in openssl, the timeout is checked, but only removed
 -// from the openssl built-in hash table.  The external remove cb is not called
 -#if 0 // This is currently eliminated, since it breaks things in odd ways 
(see TS-3710)
 -      ssl_rm_cached_session(SSL_get_SSL_CTX(ssl), session);
 -#endif
 -      SSL_SESSION_free(session);
 -      session = nullptr;
 -    } else {
 -      Metrics::Counter::increment(ssl_rsb.session_cache_hit);
 -      this->_setResumptionType(ResumptionType::RESUMED_FROM_SESSION_CACHE, 
!IS_RESUMED_ORIGIN_SESSION);
 -      this->_setSSLCurveNID(exdata->curve);
 -      this->_setSSLGroupName(exdata->group_name);
 -    }
 -  } else {
 -    Metrics::Counter::increment(ssl_rsb.session_cache_miss);
 -  }
 -  return session;
 -}
 -
  std::shared_ptr<SSL_SESSION>
  TLSSessionResumptionSupport::getOriginSession(const std::string &lookup_key)
  {


Reply via email to