- Download Diff

Summary:

Bug-227: "authorization" header is not supported by SLB "Header" policy |AS-8101|

Review Request #228 — Created April 19, 2024 and updated Feb. 26, 2025, 12:43 p.m.

Information
Owner:	rvempati
Repository:	APV10
Branch:	rel_apv_10_7
Bugs:	https://bugzilla.arraynetworks.net/show_bug.cgi?id=227
Depends On:
Reviewers
Groups:
People:	kdutta, pradeep, prajesh

Description

"authorization" header is not supported by SLB "Header" policy |AS-8101|

Testing Done

login as: array

array@192.168.162.169's password:

ArrayOS Beta.APV.10.7.2.2 - untagged unofficial build by uid=0(root) gid=0(root) groups=0(root) on devrohit: on Mon Jul 29 13:49:52 2024

Copyright (c) 2000-2024 Array Networks Inc. All rights reserved.
Type "?" for available commands
!!Reminder!! Please log on to the WebUI to register this system.


APV-2>en

Enable password:
APV-2#c t
APV-2(config)#

APV-2(config)#show version
ArrayOS Beta.APV.10.7.2.2 - untagged unofficial build by uid=0(root) gid=0(root) groups=0(root) on devrohit: on Mon Jul 29 13:49:52 2024
    Host name : APV-2
   System CPU : Intel(R) Xeon(R) CPU
   System RAM : 3879500 kbytes.

System boot time : Mon Jul 29 18:38:50 GMT (+0000) 2024

     Current time : Mon Jul 29 18:40:50 GMT (+0000) 2024

   System up time : 2 mins, 30 secs

Platform Bld Date : Mon Jul 29 18:38:10 GMT 2024

           SSL HW : No HW Available

   Compression HW : No HW Available

Network Interface : 4 x 10Gigabit Ethernet fiber

            Model : Array vAPV

    Serial Number : 242D68BFB1C3800005012644705634

  Licensed Limits : vCPUs(x2), NICs(x8), RAM(16 GB), Bandwidth(1024 Mbps)

Licensed Features : WebWall  Clustering  L4SLB  L7SLB  Caching

                    SSL  tProxy  SwCompression  LLB  GSLB  QoS

                    MultiLang  DynRoute  IPv6

      License Key : aaefb5c9-56238f64-4051c9c8-b79e1c50-ad706abd-177ffe00-0455d8ab-20240312-99999999
Array Networks Customer Support

Telephone         : 1-877-992-7729 (1-877-99-ARRAY)

Email             : support@arraynetworks.com

Update            : please contact support for instructions

Website           : http://www.arraynetworks.com
Other Root Version

Rel.APV.10.7.0.15 build on Tue Mar 19 07:19:11 2024
APV-2(config)#

APV-2(config)#slb policy header "test2" "Naveen_http_75_43" "test_http_grp" "a$
APV-2(config)#

Issues

Description	From	Last Updated
is this all the changes needed? this will only allow the configuration to go through. what about slb policy when …	tanya	July 30, 2024, 3:58 a.m.
Please add ut as discussed use curl to generate header request.	kdutta	April 28, 2024, 9:09 p.m.
"cache-control" is not removed. I checked the code as well, the below block of code available in the rel_apv_10_7 branch: …	rvempati	June 7, 2024, 2:40 p.m.
why did we remove cache-control ? is this intentional?	prajesh	June 7, 2024, 2:41 p.m.

Ship it!

```
Ship It!
```

Ship it!

I dont think we should commit to 10.4.x branch. Ask Tanya whether you should commit it to 10.7.1 branch.

rvempati April 20, 2024, 6:12 p.m.

Sure Praveen.
I checked with Tanya, and she suggested to commit to rel_apv_10_7 / rel_apv_10_7_1. Will do the same as mentioned.

```
Ship It!
```

Fix it!

branches/rel_apv_10_4_3/usr/src/sys/click/app/slb/slb_kern.h (Diff revision 1)
Show all issues
```
Please add ut as discussed use curl to generate header request.
```

Testing Done:

~		Reproduced the issue on vAPV 10.4.3 version and did the changes in the release branch of APV_10_4_3.
	~	login as: array
	+	array@192.168.162.171's password:
	+	Last login: Mon Apr 29 03:59:43 2024 from 192.168.162.170
	+	ArrayOS Rel.APV.10.7.0.6 - untagged unofficial build by uid=0(root) gid=0(root) groups=0(root) on devrohit: on Sun Apr 21 07:47:21 2024
	+	Copyright (c) 2000-2024 Array Networks Inc. All rights reserved.
	+
	+	Type "?" for available commands
	+
	+	!!Reminder!! Please log on to the WebUI to register this system.
	+
	+
	+
	+
	+
	+	AN>en
	+	Enable password:
	+
	+	AN#c t
	+
	+	AN(config)#slb policy header "test2" "Naveen_http_75_43" "test_http_grp" "auth$
	+	header policy "test2" is already configured
	+
	+	AN(config)#
	+	*System is busy. No longer in config mode.*
	+
	+
	+
	+
	+
	+	AN#c t
	+
	+	AN(config)#slb policy header "test2" "Naveen_http_75_43" "test_http_grp" "auth$
	+
	+	AN(config)#

Branch:

+	rel_apv_10_7

Change Summary:

"authorization" header is not supported by SLB "Header" policy, Changes are made on rel_apv_10_7 branch as well

Diff:

Revision 2 (+1 -2)

Show changes

branches/rel_apv_10_7/usr/src/sys/click/app/slb/slb_kern.h

branches/rel_apv_10_7/usr/src/sys/click/app/slb/slb_kern.h (Diff revision 2)

Show all issues

why did we remove cache-control ? is this intentional?

rvempati July 30, 2024, 4 a.m.

No, it is not removed.
"cache-control" is available in the slb_header_not_supported list.

branches/rel_apv_10_7/usr/src/sys/click/app/slb/slb_kern.h (Diff revision 2)

Show all issues

"cache-control" is not removed. 
I checked the code as well, the below block of code available in the rel_apv_10_7 branch: 

static __inline uint8_t

slb_header_not_supported(char *name)

{
    if (!strcmp(name, "cache-control") ||
        !strcmp(name, "connection") ||
        !strcmp(name, "cookie") ||
        !strcmp(name, "date") ||

Thanks,

Rohith

Change Summary:

Checked the "authorization"header_policy acceptance and did the ut.

Diff:

Revision 3 (+1 -2)

Show changes

branches/rel_apv_10_7/usr/src/sys/click/app/slb/slb_kern.h

Testing Done:

		login as: array
~		array@192.168.162.171's password:
~		Last login: Mon Apr 29 03:59:43 2024 from 192.168.162.170
	~	array@192.168.162.169's password:
	~	ArrayOS Beta.APV.10.7.2.2 - untagged unofficial build by uid=0(root) gid=0(root) groups=0(root) on devrohit: on Mon Jul 29 13:49:52 2024
-		ArrayOS Rel.APV.10.7.0.6 - untagged unofficial build by uid=0(root) gid=0(root) groups=0(root) on devrohit: on Sun Apr 21 07:47:21 2024
		Copyright (c) 2000-2024 Array Networks Inc. All rights reserved.

		Type "?" for available commands

		!!Reminder!! Please log on to the WebUI to register this system.





~		AN>en
	~	APV-2>en
		Enable password:

~		AN#c t
	~	APV-2#c t

~		AN(config)#slb policy header "test2" "Naveen_http_75_43" "test_http_grp" "auth$
~		header policy "test2" is already configured
	~	APV-2(config)#
	~	APV-2(config)#show version

~		AN(config)#
	~	ArrayOS Beta.APV.10.7.2.2 - untagged unofficial build by uid=0(root) gid=0(root) groups=0(root) on devrohit: on Mon Jul 29 13:49:52 2024
-		*System is busy. No longer in config mode.*

~
	~	`Host name : APV-2`
	+	System CPU : Intel(R) Xeon(R) CPU
	+	System RAM : 3879500 kbytes.
	+

~
	~	System boot time : Mon Jul 29 18:38:50 GMT (+0000) 2024
	+	Current time : Mon Jul 29 18:40:50 GMT (+0000) 2024
	+	System up time : 2 mins, 30 secs
	+	Platform Bld Date : Mon Jul 29 18:38:10 GMT 2024
	+	SSL HW : No HW Available
	+	Compression HW : No HW Available
	+	Network Interface : 4 x 10Gigabit Ethernet fiber
	+	Model : Array vAPV
	+	Serial Number : 242D68BFB1C3800005012644705634
	+	Licensed Limits : vCPUs(x2), NICs(x8), RAM(16 GB), Bandwidth(1024 Mbps)
	+	Licensed Features : WebWall Clustering L4SLB L7SLB Caching
	+	SSL tProxy SwCompression LLB GSLB QoS
	+	MultiLang DynRoute IPv6
	+	License Key : aaefb5c9-56238f64-4051c9c8-b79e1c50-ad706abd-177ffe00-0455d8ab-20240312-99999999
	+
	+	Array Networks Customer Support
	+	Telephone : 1-877-992-7729 (1-877-99-ARRAY)
	+	Email : support@arraynetworks.com
	+	Update : please contact support for instructions
	+	Website : http://www.arraynetworks.com

~		AN#c t
	~	Other Root Version
	+	Rel.APV.10.7.0.15 build on Tue Mar 19 07:19:11 2024

~		AN(config)#slb policy header "test2" "Naveen_http_75_43" "test_http_grp" "auth$
	~	APV-2(config)#
	+	APV-2(config)#slb policy header "test2" "Naveen_http_75_43" "test_http_grp" "a$

~		AN(config)#
	~	APV-2(config)#

Fix it!

Show all issues

is this all the changes needed? this will only allow the configuration to go through. what about slb policy when traffic comes with the new header. could you provide unit test for that.

tanya Feb. 26, 2025, 5:58 a.m.

I cannot mark it ship until the issuer is resolved or explanation is provided

prajesh Feb. 26, 2025, 12:43 p.m.

Yes. I relooked at the changes, the ask is to enable SLB using authorization header. But the fix seesm to be blocking the authorization header policy. This fix does seem inappropriate to me as well. This need to be fixed before this fix can be committed.

You have a pending review.

Review Board 5.0.5

Bug-227: "authorization" header is not supported by SLB "Header" policy |AS-8101|

Testing Done:

Branch:

Change Summary:

Diff:

Change Summary:

Diff:

Testing Done: