Add support for http+unix scheme to remap config (#12338)

maskit · web-flow · commit 5938298950be · 2025-09-12T11:49:08.000-06:00
* Add support for http+uds scheme to remap config

* Change the suffix to +unix

* Update the error message about supported schemes

* Add unit tests

* Add autest

* Add documentation
diff --git a/doc/admin-guide/files/remap.config.en.rst b/doc/admin-guide/files/remap.config.en.rst
@@ -323,6 +323,35 @@ Examples
     regex_map http://x([0-9]+).z.com/ http://real-x$1.z.com/
     regex_redirect http://old.(.*).z.com http://new.$1.z.com
 
+.. _map_with_recv_port:
+
+map_with_recv_port
+==================
+
+Format::
+
+    map_with_recv_port client-URL origin-server-URL
+
+``map_with_recv_port`` supports two special URL schemes, ``http+unix`` and ``https+unix``.
+These are useful if you want to have different mapping rules or differnt plugin configuration for requests recevied via Unix Domain Socket.
+
+map_with_recv_port Examples
+---------------------------
+
+::
+
+   map_with_recv_port http://foo.example.com:8000/ http://x.example.com/
+   map_with_recv_port http://foo.example.com:8888/ http://y.example.com/
+
+Explanation: Requests received on port 8000 and 8888 are forwarded to different servers.
+
+::
+
+   map                     http://foo.example.com/ http://x.example.com/ @plugin=plugin1.so
+   map_with_recv_port http+unix://foo.example.com/ http://x.example.com/
+
+Explanation: All requests are forwarded to the same server, but plugin1 does not run for requests received via Unix Domain Socket.
+
 .. _map_with_referer:
 
 map_with_referer
diff --git a/include/proxy/hdrs/URL.h b/include/proxy/hdrs/URL.h
@@ -125,7 +125,9 @@ extern c_str_view URL_SCHEME_FILE;
 extern c_str_view URL_SCHEME_FTP;
 extern c_str_view URL_SCHEME_GOPHER;
 extern c_str_view URL_SCHEME_HTTP;
+extern c_str_view URL_SCHEME_HTTP_UDS;
 extern c_str_view URL_SCHEME_HTTPS;
+extern c_str_view URL_SCHEME_HTTPS_UDS;
 extern c_str_view URL_SCHEME_WS;
 extern c_str_view URL_SCHEME_WSS;
 extern c_str_view URL_SCHEME_MAILTO;
@@ -591,6 +593,9 @@ inline int
 URL::port_get() const
 {
   ink_assert(valid());
+  if (auto scheme = m_url_impl->get_scheme(); scheme.length() >= 8 && scheme.ends_with("+unix")) {
+    return 0;
+  }
   return url_canonicalize_port(m_url_impl->get_type(), m_url_impl->get_port());
 }
 
diff --git a/include/proxy/http/remap/UrlMappingPathIndex.h b/include/proxy/http/remap/UrlMappingPathIndex.h
@@ -76,7 +76,7 @@ class UrlMappingPathIndex
     idx = url->scheme_get_wksidx();
     // If the scheme is empty (e.g. because of a CONNECT method), guess it
     // based on port
-    if (idx == -1) {
+    if (idx == -1 && url->scheme_get().empty()) {
       if (port == 80) {
         idx = URL_WKSIDX_HTTP;
       } else {
diff --git a/src/proxy/hdrs/URL.cc b/src/proxy/hdrs/URL.cc
@@ -34,7 +34,9 @@ c_str_view URL_SCHEME_FILE;
 c_str_view URL_SCHEME_FTP;
 c_str_view URL_SCHEME_GOPHER;
 c_str_view URL_SCHEME_HTTP;
+c_str_view URL_SCHEME_HTTP_UDS;
 c_str_view URL_SCHEME_HTTPS;
+c_str_view URL_SCHEME_HTTPS_UDS;
 c_str_view URL_SCHEME_WSS;
 c_str_view URL_SCHEME_WS;
 c_str_view URL_SCHEME_MAILTO;
@@ -142,32 +144,35 @@ url_init()
 
     hdrtoken_init();
 
-    URL_SCHEME_FILE     = hdrtoken_string_to_wks_sv("file");
-    URL_SCHEME_FTP      = hdrtoken_string_to_wks_sv("ftp");
-    URL_SCHEME_GOPHER   = hdrtoken_string_to_wks_sv("gopher");
-    URL_SCHEME_HTTP     = hdrtoken_string_to_wks_sv("http");
-    URL_SCHEME_HTTPS    = hdrtoken_string_to_wks_sv("https");
-    URL_SCHEME_WSS      = hdrtoken_string_to_wks_sv("wss");
-    URL_SCHEME_WS       = hdrtoken_string_to_wks_sv("ws");
-    URL_SCHEME_MAILTO   = hdrtoken_string_to_wks_sv("mailto");
-    URL_SCHEME_NEWS     = hdrtoken_string_to_wks_sv("news");
-    URL_SCHEME_NNTP     = hdrtoken_string_to_wks_sv("nntp");
-    URL_SCHEME_PROSPERO = hdrtoken_string_to_wks_sv("prospero");
-    URL_SCHEME_TELNET   = hdrtoken_string_to_wks_sv("telnet");
-    URL_SCHEME_TUNNEL   = hdrtoken_string_to_wks_sv("tunnel");
-    URL_SCHEME_WAIS     = hdrtoken_string_to_wks_sv("wais");
-    URL_SCHEME_PNM      = hdrtoken_string_to_wks_sv("pnm");
-    URL_SCHEME_RTSP     = hdrtoken_string_to_wks_sv("rtsp");
-    URL_SCHEME_RTSPU    = hdrtoken_string_to_wks_sv("rtspu");
-    URL_SCHEME_MMS      = hdrtoken_string_to_wks_sv("mms");
-    URL_SCHEME_MMSU     = hdrtoken_string_to_wks_sv("mmsu");
-    URL_SCHEME_MMST     = hdrtoken_string_to_wks_sv("mmst");
+    URL_SCHEME_FILE      = hdrtoken_string_to_wks_sv("file");
+    URL_SCHEME_FTP       = hdrtoken_string_to_wks_sv("ftp");
+    URL_SCHEME_GOPHER    = hdrtoken_string_to_wks_sv("gopher");
+    URL_SCHEME_HTTP      = hdrtoken_string_to_wks_sv("http");
+    URL_SCHEME_HTTP_UDS  = c_str_view("http+unix", 9);
+    URL_SCHEME_HTTPS     = hdrtoken_string_to_wks_sv("https");
+    URL_SCHEME_HTTPS_UDS = c_str_view("https+unix", 10);
+    URL_SCHEME_WSS       = hdrtoken_string_to_wks_sv("wss");
+    URL_SCHEME_WS        = hdrtoken_string_to_wks_sv("ws");
+    URL_SCHEME_MAILTO    = hdrtoken_string_to_wks_sv("mailto");
+    URL_SCHEME_NEWS      = hdrtoken_string_to_wks_sv("news");
+    URL_SCHEME_NNTP      = hdrtoken_string_to_wks_sv("nntp");
+    URL_SCHEME_PROSPERO  = hdrtoken_string_to_wks_sv("prospero");
+    URL_SCHEME_TELNET    = hdrtoken_string_to_wks_sv("telnet");
+    URL_SCHEME_TUNNEL    = hdrtoken_string_to_wks_sv("tunnel");
+    URL_SCHEME_WAIS      = hdrtoken_string_to_wks_sv("wais");
+    URL_SCHEME_PNM       = hdrtoken_string_to_wks_sv("pnm");
+    URL_SCHEME_RTSP      = hdrtoken_string_to_wks_sv("rtsp");
+    URL_SCHEME_RTSPU     = hdrtoken_string_to_wks_sv("rtspu");
+    URL_SCHEME_MMS       = hdrtoken_string_to_wks_sv("mms");
+    URL_SCHEME_MMSU      = hdrtoken_string_to_wks_sv("mmsu");
+    URL_SCHEME_MMST      = hdrtoken_string_to_wks_sv("mmst");
 
     ink_assert(URL_SCHEME_FILE.c_str() && URL_SCHEME_FTP.c_str() && URL_SCHEME_GOPHER.c_str() && URL_SCHEME_HTTP.c_str() &&
-               URL_SCHEME_HTTPS.c_str() && URL_SCHEME_WS.c_str() && URL_SCHEME_WSS.c_str() && URL_SCHEME_MAILTO.c_str() &&
-               URL_SCHEME_NEWS.c_str() && URL_SCHEME_NNTP.c_str() && URL_SCHEME_PROSPERO.c_str() && URL_SCHEME_TELNET.c_str() &&
-               URL_SCHEME_TUNNEL.c_str() && URL_SCHEME_WAIS.c_str() && URL_SCHEME_PNM.c_str() && URL_SCHEME_RTSP.c_str() &&
-               URL_SCHEME_RTSPU.c_str() && URL_SCHEME_MMS.c_str() && URL_SCHEME_MMSU.c_str() && URL_SCHEME_MMST.c_str());
+               URL_SCHEME_HTTP_UDS.c_str() && URL_SCHEME_HTTPS.c_str() && URL_SCHEME_HTTPS_UDS.c_str() && URL_SCHEME_WS.c_str() &&
+               URL_SCHEME_WSS.c_str() && URL_SCHEME_MAILTO.c_str() && URL_SCHEME_NEWS.c_str() && URL_SCHEME_NNTP.c_str() &&
+               URL_SCHEME_PROSPERO.c_str() && URL_SCHEME_TELNET.c_str() && URL_SCHEME_TUNNEL.c_str() && URL_SCHEME_WAIS.c_str() &&
+               URL_SCHEME_PNM.c_str() && URL_SCHEME_RTSP.c_str() && URL_SCHEME_RTSPU.c_str() && URL_SCHEME_MMS.c_str() &&
+               URL_SCHEME_MMSU.c_str() && URL_SCHEME_MMST.c_str());
 
     URL_WKSIDX_FILE     = hdrtoken_wks_to_index(URL_SCHEME_FILE.c_str());
     URL_WKSIDX_FTP      = hdrtoken_wks_to_index(URL_SCHEME_FTP.c_str());
@@ -398,7 +403,15 @@ URLImpl::set_scheme(HdrHeap *heap, std::string_view value, int scheme_wks_idx, b
     scheme_wks = nullptr;
   }
 
-  if (scheme_wks == URL_SCHEME_HTTP.c_str() || scheme_wks == URL_SCHEME_WS.c_str()) {
+  if (scheme_wks == nullptr) {
+    if (value == static_cast<std::string_view>(URL_SCHEME_HTTP_UDS)) {
+      this->m_url_type = URLType::HTTP;
+    } else if (value == static_cast<std::string_view>(URL_SCHEME_HTTPS_UDS)) {
+      this->m_url_type = URLType::HTTPS;
+    } else {
+      this->m_url_type = URLType::HTTP;
+    }
+  } else if (scheme_wks == URL_SCHEME_HTTP.c_str() || scheme_wks == URL_SCHEME_WS.c_str()) {
     this->m_url_type = URLType::HTTP;
   } else if (scheme_wks == URL_SCHEME_HTTPS.c_str() || scheme_wks == URL_SCHEME_WSS.c_str()) {
     this->m_url_type = URLType::HTTPS;
diff --git a/src/proxy/hdrs/unit_tests/test_URL.cc b/src/proxy/hdrs/unit_tests/test_URL.cc
@@ -68,6 +68,8 @@ TEST_CASE("Validate Scheme", "[proxy][validscheme]")
     {"example.",   true },
     {"example++",  true },
     {"example--.", true },
+    {"http+unix",  true },
+    {"https+unix", true },
     {"++example",  false},
     {"--example",  false},
     {".example",   false},
diff --git a/src/proxy/http/remap/RemapConfig.cc b/src/proxy/http/remap/RemapConfig.cc
@@ -1255,11 +1255,12 @@ remap_parse_config_bti(const char *path, BUILD_TABLE_INFO *bti)
     // includes support for FILE scheme
     if ((fromScheme != std::string_view{URL_SCHEME_HTTP} && fromScheme != std::string_view{URL_SCHEME_HTTPS} &&
          fromScheme != std::string_view{URL_SCHEME_FILE} && fromScheme != std::string_view{URL_SCHEME_TUNNEL} &&
-         fromScheme != std::string_view{URL_SCHEME_WS} && fromScheme != std::string_view{URL_SCHEME_WSS}) ||
+         fromScheme != std::string_view{URL_SCHEME_WS} && fromScheme != std::string_view{URL_SCHEME_WSS} &&
+         fromScheme != std::string_view{URL_SCHEME_HTTP_UDS} && fromScheme != std::string_view{URL_SCHEME_HTTPS_UDS}) ||
         (toScheme != std::string_view{URL_SCHEME_HTTP} && toScheme != std::string_view{URL_SCHEME_HTTPS} &&
          toScheme != std::string_view{URL_SCHEME_TUNNEL} && toScheme != std::string_view{URL_SCHEME_WS} &&
          toScheme != std::string_view{URL_SCHEME_WSS})) {
-      errStr = "only http, https, ws, wss, and tunnel remappings are supported";
+      errStr = "only http, https, http+unix, https+unix, ws, wss, and tunnel remappings are supported";
       goto MAP_ERROR;
     }
 
diff --git a/src/proxy/http/remap/RemapProcessor.cc b/src/proxy/http/remap/RemapProcessor.cc
@@ -82,8 +82,29 @@ RemapProcessor::setup_for_remap(HttpTransact::State *s, UrlRewrite *table)
   if (table->num_rules_forward_with_recv_port) {
     Dbg(dbg_ctl_url_rewrite, "[lookup] forward mappings with recv port found; Using recv port %d",
         s->client_info.dst_addr.host_order_port());
-    if (table->forwardMappingWithRecvPortLookup(request_url, s->client_info.dst_addr.host_order_port(), request_host.data(),
-                                                static_cast<int>(request_host.length()), s->url_map)) {
+
+    bool ret;
+    if (s->client_info.dst_addr.host_order_port() == 0) {
+      // Port number 0 means that UDS is used.
+      // Adjust the scheme so that we can find rules with +unix suffix.
+      URL adjusted_url;
+      adjusted_url.create(nullptr);
+      adjusted_url.copy(request_url);
+      if (auto scheme = adjusted_url.scheme_get_wksidx(); scheme == URL_WKSIDX_HTTP) {
+        adjusted_url.scheme_set("http+unix");
+      } else if (scheme == URL_WKSIDX_HTTPS) {
+        adjusted_url.scheme_set("https+unix");
+      }
+      Dbg(dbg_ctl_url_rewrite, "[lookup] scheme was adjusted to %.*s", static_cast<int>(adjusted_url.scheme_get().size()),
+          adjusted_url.scheme_get().data());
+      ret = table->forwardMappingWithRecvPortLookup(&adjusted_url, s->client_info.dst_addr.host_order_port(), request_host.data(),
+                                                    static_cast<int>(request_host.length()), s->url_map);
+      adjusted_url.destroy();
+    } else {
+      ret = table->forwardMappingWithRecvPortLookup(request_url, s->client_info.dst_addr.host_order_port(), request_host.data(),
+                                                    static_cast<int>(request_host.length()), s->url_map);
+    }
+    if (ret) {
       Dbg(dbg_ctl_url_rewrite, "Found forward mapping with recv port");
       mapping_found = true;
     } else if (table->num_rules_forward == 0) {
diff --git a/src/proxy/http/remap/unit-tests/test_RemapRules.cc b/src/proxy/http/remap/unit-tests/test_RemapRules.cc
@@ -168,4 +168,60 @@ map https://h1.example.com \
       REQUIRE(urlmap.getMapping()->filter->src_ip_array[0].match_all_addresses);
     }
   }
+  GIVEN("map_with_recv_port keyword with a special URL scheme for Unix Domain Socket")
+  {
+    std::unique_ptr<UrlRewrite> urlrw = std::make_unique<UrlRewrite>();
+
+    std::string config = R"RMCFG(
+map_with_recv_port http+unix://front.example.com \
+    http://origin.example.com
+  )RMCFG";
+
+    auto cpath = write_test_remap(config, "unix-scheme");
+    printf("wrote config to path: %s\n", cpath.c_str());
+    int         rc = urlrw->BuildTable(cpath.c_str());
+    EasyURL     url("http+unix://front.example.com");
+    const char *host = "front.example.com";
+
+    THEN("only requests via unix domain socket matches")
+    {
+      // Checck if the rule is loaded
+      REQUIRE(rc == TS_SUCCESS);
+      REQUIRE(urlrw->rule_count() == 1);
+      UrlMappingContainer urlmap;
+
+      // The rule must not match if a port number is available (the request is made on IP interface)
+      REQUIRE(urlrw->forwardMappingWithRecvPortLookup(&url.url, 80, host, strlen(host), urlmap) == false);
+      // The rule must match if a port number is unavailable (the request is made on Unix Domain Socket)
+      REQUIRE(urlrw->forwardMappingWithRecvPortLookup(&url.url, 0, host, strlen(host), urlmap) == true);
+    }
+  }
+  GIVEN("map_with_recv_port keyword with a regular URL scheme")
+  {
+    std::unique_ptr<UrlRewrite> urlrw = std::make_unique<UrlRewrite>();
+
+    std::string config = R"RMCFG(
+map_with_recv_port http://front.example.com \
+    http://origin.example.com
+  )RMCFG";
+
+    auto cpath = write_test_remap(config, "regular-scheme");
+    printf("wrote config to path: %s\n", cpath.c_str());
+    int         rc = urlrw->BuildTable(cpath.c_str());
+    EasyURL     url("http://front.example.com");
+    const char *host = "front.example.com";
+
+    THEN("only request via IP interface matches")
+    {
+      // Checck if the rule is loaded
+      REQUIRE(rc == TS_SUCCESS);
+      REQUIRE(urlrw->rule_count() == 1);
+      UrlMappingContainer urlmap;
+
+      // The rule must match if a port number is available (the request is made on IP interface)
+      REQUIRE(urlrw->forwardMappingWithRecvPortLookup(&url.url, 80, host, strlen(host), urlmap) == true);
+      // The rule must not match if a port number is unavailable (the request is made on Unix Domain Socket)
+      REQUIRE(urlrw->forwardMappingWithRecvPortLookup(&url.url, 0, host, strlen(host), urlmap) == false);
+    }
+  }
 }
diff --git a/tests/gold_tests/remap/gold/map-with-recv-port-ip.gold b/tests/gold_tests/remap/gold/map-with-recv-port-ip.gold
@@ -0,0 +1,13 @@
+``
+> GET /``
+> Host: test.example.com``
+> User-Agent: curl/``
+> Accept: */*
+``
+< HTTP/1.1 200 OK
+< Content-Length: 2
+< Date: ``
+< Age: ``
+< Server: ATS/``
+< 
+``
diff --git a/tests/gold_tests/remap/gold/map-with-recv-port-unix.gold b/tests/gold_tests/remap/gold/map-with-recv-port-unix.gold
@@ -0,0 +1,13 @@
+``
+> GET /``
+> Host: test.example.com``
+> User-Agent: curl/``
+> Accept: */*
+``
+< HTTP/1.1 200 OK
+< Content-Length: 4
+< Date: ``
+< Age: ``
+< Server: ATS/``
+< 
+``
diff --git a/tests/gold_tests/remap/map_with_recv_port.test.py b/tests/gold_tests/remap/map_with_recv_port.test.py
@@ -0,0 +1,82 @@
+'''
+Verify correct behavior of regex_map in remap.config.
+'''
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+Test.Summary = '''
+Verify correct behavior of map_with_recv_port in remap.config.
+'''
+
+Test.ContinueOnFail = True
+ts = Test.MakeATSProcess("ts")
+server = Test.MakeOriginServer("server")
+dns = Test.MakeDNServer("dns", default='127.0.0.1')
+
+Test.testName = ""
+request_header_ip = {"headers": "GET /ip HTTP/1.1\r\nHost: origin.example.com\r\n\r\n", "timestamp": "1469733493.993", "body": ""}
+response_header_ip = {"headers": "HTTP/1.1 200 OK\r\nConnection: close\r\n\r\n", "timestamp": "1469733493.993", "body": "ip"}
+request_header_unix = {
+    "headers": "GET /unix HTTP/1.1\r\nHost: origin.example.com\r\n\r\n",
+    "timestamp": "1469733493.993",
+    "body": ""
+}
+response_header_unix = {"headers": "HTTP/1.1 200 OK\r\nConnection: close\r\n\r\n", "timestamp": "1469733493.993", "body": "unix"}
+request_header_error = {
+    "headers": "GET /error HTTP/1.1\r\nHost: origin.example.com\r\n\r\n",
+    "timestamp": "1469733493.993",
+    "body": ""
+}
+response_header_error = {"headers": "HTTP/1.1 200 OK\r\nConnection: close\r\n\r\n", "timestamp": "1469733493.993", "body": "error"}
+server.addResponse("sessionfile.log", request_header_ip, response_header_ip)
+server.addResponse("sessionfile.log", request_header_unix, response_header_unix)
+server.addResponse("sessionfile.log", request_header_error, response_header_error)
+
+ts.Disk.records_config.update(
+    {
+        'proxy.config.diags.debug.enabled': 1,
+        'proxy.config.diags.debug.tags': 'http|dns',
+        'proxy.config.dns.nameservers': '127.0.0.1:{0}'.format(dns.Variables.Port),
+        'proxy.config.dns.resolv_conf': 'NULL'
+    })
+
+# This map rule should not match
+ts.Disk.remap_config.AddLine(
+    r'map '
+    r'http://test.example.com '
+    r'http://origin.example.com:{}/error'.format(server.Variables.Port))
+# Rule for IP interface
+ts.Disk.remap_config.AddLine(
+    r'map_with_recv_port '
+    r'http://test.example.com:{}/ '
+    r'http://origin.example.com:{}/ip'.format(ts.Variables.port, server.Variables.Port))
+# Rule for Unix Domain Socket
+ts.Disk.remap_config.AddLine(
+    r'map_with_recv_port '
+    r'http+unix://test.example.com '
+    r'http://origin.example.com:{}/unix'.format(server.Variables.Port))
+
+tr = Test.AddTestRun()
+tr.MakeCurlCommand('-H"Host: test.example.com" http://127.0.0.1:{0}/ --verbose'.format(ts.Variables.port), ts)
+tr.Processes.Default.ReturnCode = 0
+tr.Processes.Default.StartBefore(server)
+tr.Processes.Default.StartBefore(dns)
+tr.Processes.Default.StartBefore(Test.Processes.ts)
+if Condition.CurlUsingUnixDomainSocket():
+    tr.Processes.Default.Streams.stderr = "gold/map-with-recv-port-unix.gold"
+else:
+    tr.Processes.Default.Streams.stderr = "gold/map-with-recv-port-ip.gold"
+tr.StillRunningAfter = server
