Bump from upstream #5
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit introduces a new framework for adding implementing custom application protocols. This enables bidirectional message streams alongside standard HTTP flows and provides seamless proxying between HTTP/1.1, HTTP/2, and custom protocols. This should have a zero, or near-zero performance impact on existin HTTP/1.1 and HTTP/2 use cases. Co-authored-by: Abhishek Aiyer <aaiyer@cloudflare.com>
Saw this in logs:
```
2025-08-16T11:11:42.859488Z ERROR ThreadId(36) pingora_proxy: /usr/local/cargo/registry/src/index.crates.~~~cf8c6b5b557f/pingora-~~~.5.0/src/lib.rs:148: Fail to proxy: Downstream InvalidHTTPHeader context: buf: \u{16}\u{3}\u{1}\u{0}\u{fffd}\u{1}\u{0}\u{0}\u{fffd}\u{3}\u{3}\u{fffd}\u{17}\u{b}0\u{fffd}!\u{fffd}T\u{fffd}\u{fffd}\u{b}\u{fffd}\u{1e}\u{fffd}\u{fffd}\u{fffd}i\u{2e4}\u{fffd}\u{fffd}\u{fffd}\u{fffd}\u{fffd}BD\u{12}k m\u{fffd}&:\u{fffd}\u{fffd}\u{fffd}\u{fffd}\u{fffd}\u{14}\u{fffd}]\u{fffd}?\u{7a4}a\u{fffd}\u{1f}\u{fffd}m\u{fffd}\u{1c}L\u{c}I\u{fffd}\u{14}N\u{fffd}\u{fffd}\u{0}&\u{328}\u{329}\u{fffd}/\u{fffd}0\u{fffd}+\u{fffd},\u{fffd}\u{13}\u{fffd}\t\u{fffd}\u{14}\u{fffd}\n\u{0}\u{fffd}\u{0}\u{fffd}\u{0}/\u{0}5\u{fffd}\u{12}\u{0}\n\u{13}\u{3}\u{13}\u{1}\u{13}\u{2}\u{1}\u{0}\u{0}{\u{0}\u{5}\u{0}\u{5}\u{1}\u{0}\u{0}\u{0}\u{0}\u{0}\n\u{0}\n\u{0}\u{8}\u{0}\u{1d}\u{0}\u{17}\u{0}\u{18}\u{0}\u{19}\u{0}\u{b}\u{0}\u{2}\u{1}\u{0}\u{0}\r\u{0}\u{1a}\u{0}\u{18}\u{8}\u{4}\u{4}\u{3}\u{8}\u{7}\u{8}\u{5}\u{8}\u{6}\u{4}\u{1}\u{5}\u{1}\u{6}\u{1}\u{5}\u{3}\u{6}\u{3}\u{2}\u{1}\u{2}\u{3}\u{fffd}\u{1}\u{0}\u{1}\u{0}\u{0}\u{12}\u{0}\u{0}\u{0}+\u{0}\t\u{8}\u{3}\u{4}\u{3}\u{3}\u{3}\u{2}\u{3}\u{1}\u{0}3\u{0}&\u{0}$\u{0}\u{1d}\u{0} \u{e}\u{fffd}\u{fffd}Q\u{f}\u{fffd}\u{fffd}\u{fffd}\u{79bc}:\u{fffd}\r\u{fffd}\u{fffd}\\\u{fffd}\u{c}\u{fffd}E\u{7f}\u{fffd}b\u{fffd}\u{fffd}\u{fffd}H\u{fffd}HHz cause: invalid token
```
There are two issues here:
- it is too verbose
- it is lossy (which might help if we need to actually decode these bytes)
`bstr` crate is designed to print such strings. It is popular crate
developed by a person known in Rust community, so this dependency
is fine.
Includes-commit: 5fcc52e
Replicated-from: cloudflare#683
Co-authored-by: Matthew Gumport <mbg@cloudflare.com>
Previously the downstream error was only ignored once ServeFromCache had miss enabled (when partial read support exists and we have a confirmed miss). The proxy state machines now also ignore errors prior to the header being received.
This enables enriching lock wait spans for user-defined CacheKeyLock implementations.
Additionally a max_size param is added to the increment_weight APIs for eviction manager consumption.
httparse itself does not treat the terminating chunk (0 + CRLF) any differently when parsing its chunk size, and the body reader does not validate the following CRLF required to close the body. Additionally, that current parsing scheme will not consider trailers before the end CRLF. Now the trailers are considered but simply discarded. The CRLFs between the trailers (and now, the CRLFs after the body payloads) are validated, however.
--- chore: address clippy::single_match --- Fix connection filter inheritance for endpoints added after filter setup Previously, endpoints added to Listeners after set_connection_filter() was called would not inherit the filter. This change stores the filter in the Listeners struct and applies it to all subsequently added endpoints. - Store connection filter in Listeners for future endpoints - Apply stored filter when adding new endpoints via add_endpoint() - Update Service to propagate filter to its Listeners - Add test to verify filter inheritance behavior - Add example demonstrating connection filter usage --- chore: no unicode --- feat: add connection_filter feature for early TCP-level connection filtering --- feat: add connection_filter feature flag to main pingora crate --- fix: clean up connection_filter implementation and remove debug code --- fix: clippy unused import --- fix: use expect() for consistency and document performance choice in filter --- Merge remote-tracking branch 'upstream/main' into feat/connection-filter --- fix: removed unused Includes-commit: 1b8bd90 Includes-commit: 69e94d0 Includes-commit: 755c9e5 Includes-commit: 81d5962 Includes-commit: 9b891bc Includes-commit: 9fd7fb9 Includes-commit: a04da3b Includes-commit: d353953 Includes-commit: d919e10 Includes-commit: ee7fac4 Includes-commit: f9d9f4c Replicated-from: cloudflare#671
While reader timeouts should still attempt to fetch without locking, writer age timeouts can cause thundering herds if they force existing readers to give up.
Cacheable responses http versions are already internally set to H1, but there were cases in which HTTP/1.0 origins could have HTTP/1.0 version responses proxied on miss with transfer-encoding which is not RFC compliant and rejected by some major clients.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.