From nils.goroll at uplex.de Mon Mar 3 08:47:06 2025 From: nils.goroll at uplex.de (Nils Goroll) Date: Mon, 3 Mar 2025 08:47:06 +0000 (UTC) Subject: [master] e553ea3c7 cache_deliver_proc: Polish VDP_Close() Message-ID: <20250303084706.4CD99A5906@lists.varnish-cache.org> commit e553ea3c71bcd32f6e8fd279b16fc2e1d49dcc8d Author: Nils Goroll Date: Mon Mar 3 09:19:19 2025 +0100 cache_deliver_proc: Polish VDP_Close() someone(tm) added some unmotivated logic way back in 1e82f502a027b89caa94be88496b20aaf3970c8d: As long as the VDP list is not empty, there is a first VDP on the list, so why would we have statements like AN(vdpe) or check if (vdpe != NULL) ? Diff best viewed ignoring whitespace (git log -pb) diff --git a/bin/varnishd/cache/cache_deliver_proc.c b/bin/varnishd/cache/cache_deliver_proc.c index d9c20603a..83ee48e61 100644 --- a/bin/varnishd/cache/cache_deliver_proc.c +++ b/bin/varnishd/cache/cache_deliver_proc.c @@ -221,20 +221,15 @@ VDP_Close(struct vdp_ctx *vdc, struct objcore *oc, struct boc *boc) CHECK_OBJ_ORNULL(oc, OBJCORE_MAGIC); CHECK_OBJ_ORNULL(boc, BOC_MAGIC); - while (!VTAILQ_EMPTY(&vdc->vdp)) { - vdpe = VTAILQ_FIRST(&vdc->vdp); + while ((vdpe = VTAILQ_FIRST(&vdc->vdp)) != NULL) { + CHECK_OBJ(vdpe, VDP_ENTRY_MAGIC); rv = vdpe->bytes_in; VSLb(vdc->vsl, SLT_VdpAcct, "%s %ju %ju", vdpe->vdp->name, (uintmax_t)vdpe->calls, (uintmax_t)rv); - if (vdc->retval >= 0) - AN(vdpe); - if (vdpe != NULL) { - CHECK_OBJ(vdpe, VDP_ENTRY_MAGIC); - if (vdpe->vdp->fini != NULL) - AZ(vdpe->vdp->fini(vdc, &vdpe->priv)); - AZ(vdpe->priv); - VTAILQ_REMOVE(&vdc->vdp, vdpe, list); - } + if (vdpe->vdp->fini != NULL) + AZ(vdpe->vdp->fini(vdc, &vdpe->priv)); + AZ(vdpe->priv); + VTAILQ_REMOVE(&vdc->vdp, vdpe, list); vdc->nxt = VTAILQ_FIRST(&vdc->vdp); #ifdef VDP_PEDANTIC_ARMED // enable when we are confident to get VDP_END right From dridi at varni.sh Mon Mar 3 12:39:35 2025 From: dridi at varni.sh (Dridi Boukelmoune) Date: Mon, 3 Mar 2025 12:39:35 +0000 Subject: [master] e553ea3c7 cache_deliver_proc: Polish VDP_Close() In-Reply-To: <20250303084706.4CD99A5906@lists.varnish-cache.org> References: <20250303084706.4CD99A5906@lists.varnish-cache.org> Message-ID: On Mon, Mar 3, 2025 at 8:47?AM Nils Goroll wrote: > > > commit e553ea3c71bcd32f6e8fd279b16fc2e1d49dcc8d > Author: Nils Goroll > Date: Mon Mar 3 09:19:19 2025 +0100 > > cache_deliver_proc: Polish VDP_Close() > > someone(tm) added some unmotivated logic way back in > 1e82f502a027b89caa94be88496b20aaf3970c8d: > > As long as the VDP list is not empty, there is a first VDP on the list, so why > would we have statements like AN(vdpe) or check if (vdpe != NULL) ? > > Diff best viewed ignoring whitespace (git log -pb) FYI it should work with any git command displaying a diff: git show -b e553ea3c71b That's why I tend to use a more neutral "better diff with --foo option(s)". From nils.goroll at uplex.de Mon Mar 3 14:15:56 2025 From: nils.goroll at uplex.de (Nils Goroll) Date: Mon, 3 Mar 2025 15:15:56 +0100 Subject: [master] e553ea3c7 cache_deliver_proc: Polish VDP_Close() In-Reply-To: References: <20250303084706.4CD99A5906@lists.varnish-cache.org> Message-ID: <2d1b836b-13fb-460c-b73d-f480cf8b128a@uplex.de> On 03.03.25 13:39, Dridi Boukelmoune wrote: > FYI it should work with any git command displaying a diff: > > git show -b e553ea3c71b good point, thank you -- Nils Goroll (he/him) ** * * UPLEX - Nils Goroll Systemoptimierung Scheffelstra?e 32 22301 Hamburg tel +49 40 28805731 mob +49 170 2723133 fax +49 40 42949753 xmpp://slink at jabber.int.uplex.de/ http://uplex.de/ -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_0x1DCD8F57A3868BD7.asc Type: application/pgp-keys Size: 3943 bytes Desc: OpenPGP public key URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From nils.goroll at uplex.de Mon Mar 3 15:34:05 2025 From: nils.goroll at uplex.de (Nils Goroll) Date: Mon, 3 Mar 2025 15:34:05 +0000 (UTC) Subject: [master] f463c682d http2: Improve timestamps Message-ID: <20250303153405.E0C925DCE@lists.varnish-cache.org> commit f463c682d557ffb9faf5a0a5f4e6d4466df24ca1 Author: Nils Goroll Date: Mon Feb 24 22:18:26 2025 +0100 http2: Improve timestamps A newly created request's t_first is now when the first (partial) read of the HEADERS frame is complete. t_req is now when all headers are complete. This should match http1 more closely Implements #4282 diff --git a/bin/varnishd/http2/cache_http2.h b/bin/varnishd/http2/cache_http2.h index 8794db23d..ba036b84d 100644 --- a/bin/varnishd/http2/cache_http2.h +++ b/bin/varnishd/http2/cache_http2.h @@ -196,6 +196,7 @@ struct h2_sess { struct h2_settings local_settings; struct req *new_req; + vtim_real t1; // t_first for new_req uint32_t goaway_last_stream; VTAILQ_HEAD(,h2_req) txqueue; diff --git a/bin/varnishd/http2/cache_http2_proto.c b/bin/varnishd/http2/cache_http2_proto.c index 3ef036145..d7309913c 100644 --- a/bin/varnishd/http2/cache_http2_proto.c +++ b/bin/varnishd/http2/cache_http2_proto.c @@ -329,6 +329,7 @@ h2_rx_push_promise(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2) CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC); ASSERT_RXTHR(h2); CHECK_OBJ_ORNULL(r2, H2_REQ_MAGIC); + // rfc7540,l,2262,2267 H2S_Lock_VSLb(h2, SLT_SessError, "H2: rx push promise"); return (H2CE_PROTOCOL_ERROR); @@ -654,6 +655,7 @@ h2_end_headers(struct worker *wrk, struct h2_sess *h2, h2_del_req(wrk, r2); return (h2e); } + req->t_req = VTIM_real(); VSLb_ts_req(req, "Req", req->t_req); // XXX: Smarter to do this already at HPACK time into tail end of @@ -774,8 +776,7 @@ h2_rx_headers(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2) req->sp = h2->sess; req->transport = &HTTP2_transport; - req->t_first = VTIM_real(); - req->t_req = VTIM_real(); + req->t_first = h2->t1; req->t_prev = req->t_first; VSLb_ts_req(req, "Start", req->t_first); req->acct.req_hdrbytes += h2->rxf_len; @@ -1479,8 +1480,9 @@ h2_rxframe(struct worker *wrk, struct h2_sess *h2) if (h2->goaway && h2->open_streams == 0) return (0); + h2->t1 = NAN; VTCP_blocking(*h2->htc->rfd); - hs = HTC_RxStuff(h2->htc, h2_frame_complete, NULL, NULL, NAN, + hs = HTC_RxStuff(h2->htc, h2_frame_complete, &h2->t1, NULL, NAN, VTIM_real() + 0.5, NAN, h2->local_settings.max_frame_size + 9); h2e = NULL; diff --git a/doc/changes.rst b/doc/changes.rst index a132c45cf..0df080469 100644 --- a/doc/changes.rst +++ b/doc/changes.rst @@ -41,6 +41,26 @@ Varnish Cache NEXT (2025-03-15) .. PLEASE keep this roughly in commit order as shown by git-log / tig (new to old) +* (Add a prominent note to announcement) Timestamps for http/2 requests have + been corrected and made similar to how they are taken for http/1. + + For http/1, the start time, internally called "t_first", is taken as soon as + any part of the request (headers) is received. Previously, http/2 took it + later, possibly much later if long header lines were involved. http/2 now + takes it the same way as http/1 when the first bit of the first HEADERS frame + of the request arrives. + + Timing behavior for http/1 and http/2 is different and can not be directly + compared. But with this change, the ``Timestamp`` VSL records for http/2 now + at least reflect reality better. + + NOTE that after upgrading Varnish-Cache, processing and response times for + http/2 will now be reported as worse than before the upgrade, potentially + *much* worse. This is **NOT** a performance regression, but rather due to the + corrected timestamps, which arguably were wrong for http/2. + +.. MISSING commits + * The ``hitmiss`` and ``hitpass`` handling indicators have been added to the ``Varnish:handling`` format of ``varnishncsa``. From nils.goroll at uplex.de Mon Mar 3 16:52:03 2025 From: nils.goroll at uplex.de (Nils Goroll) Date: Mon, 3 Mar 2025 16:52:03 +0000 (UTC) Subject: [master] 2a1804216 http2: The client closing the connection is not an error Message-ID: <20250303165203.AF92C6081E@lists.varnish-cache.org> commit 2a18042168c9d66346007ac9f3f6b173a9eb6b01 Author: Nils Goroll Date: Mon Feb 24 14:51:03 2025 +0100 http2: The client closing the connection is not an error It is fine for a client to close the connection, we should say a friendly goodbye and log this as no error. Closes #4281 Related to #4283 diff --git a/bin/varnishd/http2/cache_http2_proto.c b/bin/varnishd/http2/cache_http2_proto.c index d7309913c..a6bdaee3c 100644 --- a/bin/varnishd/http2/cache_http2_proto.c +++ b/bin/varnishd/http2/cache_http2_proto.c @@ -1487,6 +1487,9 @@ h2_rxframe(struct worker *wrk, struct h2_sess *h2) h2e = NULL; switch (hs) { + case HTC_S_EOF: + h2e = H2CE_NO_ERROR; + break; case HTC_S_COMPLETE: h2->sess->t_idle = VTIM_real(); if (h2->do_sweep) From nils.goroll at uplex.de Mon Mar 3 16:52:03 2025 From: nils.goroll at uplex.de (Nils Goroll) Date: Mon, 3 Mar 2025 16:52:03 +0000 (UTC) Subject: [master] 6fa6b34fd http2: Add Debug output with some more detail on EOF Message-ID: <20250303165203.C6C3460821@lists.varnish-cache.org> commit 6fa6b34fd6977a4e4c673270b20379a990612dfb Author: Nils Goroll Date: Mon Feb 24 20:25:30 2025 +0100 http2: Add Debug output with some more detail on EOF diff --git a/bin/varnishd/http2/cache_http2_proto.c b/bin/varnishd/http2/cache_http2_proto.c index a6bdaee3c..b624050a6 100644 --- a/bin/varnishd/http2/cache_http2_proto.c +++ b/bin/varnishd/http2/cache_http2_proto.c @@ -1451,6 +1451,22 @@ h2_sweep(struct worker *wrk, struct h2_sess *h2) return (h2e); } +/* + * if we have received end_headers, the new request is started + * if we have not received end_stream, DATA frames are expected later + * + * neither of these make much sense to output here + * + * goaway currently is always 0, see #4285 + */ +static void +h2_eof_debug(struct h2_sess *h2) +{ + + H2S_Lock_VSLb(h2, SLT_Debug, "H2: eof frame=%s goaway=%d", + h2->htc->rxbuf_b == h2->htc->rxbuf_e ? "complete" : "partial", + h2->goaway); +} /*********************************************************************** * Called in loop from h2_new_session() @@ -1488,6 +1504,8 @@ h2_rxframe(struct worker *wrk, struct h2_sess *h2) h2e = NULL; switch (hs) { case HTC_S_EOF: + h2_eof_debug(h2); + h2e = H2CE_NO_ERROR; break; case HTC_S_COMPLETE: From nils.goroll at uplex.de Mon Mar 3 16:52:03 2025 From: nils.goroll at uplex.de (Nils Goroll) Date: Mon, 3 Mar 2025 16:52:03 +0000 (UTC) Subject: [master] b465674de http2/vtc: Test various conditions to WR_SHUT the client side Message-ID: <20250303165203.DE0A060825@lists.varnish-cache.org> commit b465674de0356a1b9be64233cea4359f756ef568 Author: Nils Goroll Date: Mon Feb 24 20:25:52 2025 +0100 http2/vtc: Test various conditions to WR_SHUT the client side diff --git a/bin/varnishtest/tests/t02027.vtc b/bin/varnishtest/tests/t02027.vtc new file mode 100644 index 000000000..b88dd9953 --- /dev/null +++ b/bin/varnishtest/tests/t02027.vtc @@ -0,0 +1,89 @@ +varnishtest "H2 RxStuff conditions" + +varnish v1 -arg "-p feature=+http2" -arg "-p debug=+syncvsl" -vcl { + backend none none; + sub vcl_recv { + return (synth(200)); + } +} -start + +logexpect l0 -v v1 -g vxid -q "Begin ~ sess" { + expect * * Debug {^H2: Got pu PRISM} + expect 0 = Debug {^H2: eof frame=complete goaway=0} + expect 0 = SessError {^H2: HTC eof} + expect 0 = Debug {^H2 CLEANUP H2CE_NO_ERROR} + expect 0 = ReqAcct {^0 0 0 18 26 44} + expect 0 = SessClose {^REM_CLOSE} + expect 0 = End +} -start + +# no streams open +client c0 { + txpri + shutdown -write +} -run + +logexpect l1 -v v1 -g vxid -q "Begin ~ sess" { + expect * * Debug {^H2: eof frame=complete goaway=0} + expect 0 = SessError {^H2: HTC eof} + expect 0 = Debug {^H2 CLEANUP H2CE_NO_ERROR} + expect 9 = ReqAcct {^27 0 27 27 26 53} + expect 0 = SessClose {^REM_CLOSE} + expect 0 = End +} -start + +# after frame, no END_HEADERS +client c1 { + stream 1 { + txreq -nohdrend + } -run + shutdown -write +} -run + +logexpect l2 -v v1 -g vxid -q "Begin ~ sess" { + expect * * Debug {^H2: eof frame=complete goaway=0} + expect 0 = SessError {^H2: HTC eof} + expect 0 = Debug {^H2 CLEANUP H2CE_NO_ERROR} + expect 9 = ReqAcct {^27 0 27 27 26 53} + expect 0 = SessClose {^REM_CLOSE} + expect 0 = End +} -start + +# after frame, no END_STREAM +client c2 { + stream 1 { + txreq -nostrend + } -run + shutdown -write +} -run + +logexpect l3 -v v1 -g vxid -q "Begin ~ sess" { + expect * * Debug {^H2: eof frame=partial goaway=0} + expect 0 = SessError {^H2: HTC eof} + expect 0 = Debug {^H2 CLEANUP H2CE_NO_ERROR} + expect 0 = ReqAcct {^18 0 18 27 26 53} + expect 0 = SessClose {^REM_CLOSE} + expect 0 = End +} -start + +# middle of frame +client c3 { + stream 1 { + # +- 01 END_STREAM + # +- 04 END_HEADERS + # | + # len ty fl strmid + sendhex { + 000024 01 05 00000001 + 00053a70617468012f00073a6d6574686f640347455400073a736368656d6504687474 + } + # ori: + # 00053a70617468012f00073a6d6574686f640347455400073a736368656d650468747470 + } -run + shutdown -write +} -run + +logexpect l0 -wait +logexpect l1 -wait +logexpect l2 -wait +logexpect l3 -wait From nils.goroll at uplex.de Mon Mar 3 16:52:03 2025 From: nils.goroll at uplex.de (Nils Goroll) Date: Mon, 3 Mar 2025 16:52:03 +0000 (UTC) Subject: [master] b909dd5c3 http2: Do not log SessError for HTC_S_TIMEOUT and HTC_S_EOF Message-ID: <20250303165204.027FB6082C@lists.varnish-cache.org> commit b909dd5c363c2c75f081f4740fc246d3ecf5a4ec Author: Nils Goroll Date: Mon Mar 3 17:15:45 2025 +0100 http2: Do not log SessError for HTC_S_TIMEOUT and HTC_S_EOF We no longer send "real" H2CE error codes when the connection is simply EOF or timed out, but we did still emit SessError. We now limit it to unhandled HTC status and add to the additional Debug output the HTC status. diff --git a/bin/varnishd/http2/cache_http2_proto.c b/bin/varnishd/http2/cache_http2_proto.c index b624050a6..254275ebd 100644 --- a/bin/varnishd/http2/cache_http2_proto.c +++ b/bin/varnishd/http2/cache_http2_proto.c @@ -1460,11 +1460,16 @@ h2_sweep(struct worker *wrk, struct h2_sess *h2) * goaway currently is always 0, see #4285 */ static void -h2_eof_debug(struct h2_sess *h2) +h2_htc_debug(enum htc_status_e hs, struct h2_sess *h2) { + const char *s, *r; + + if (LIKELY(VSL_tag_is_masked(SLT_Debug))) + return; - H2S_Lock_VSLb(h2, SLT_Debug, "H2: eof frame=%s goaway=%d", - h2->htc->rxbuf_b == h2->htc->rxbuf_e ? "complete" : "partial", + HTC_Status(hs, &s, &r); + H2S_Lock_VSLb(h2, SLT_Debug, "H2: HTC %s (%s) frame=%s goaway=%d", + s, r, h2->htc->rxbuf_b == h2->htc->rxbuf_e ? "complete" : "partial", h2->goaway); } @@ -1504,8 +1509,7 @@ h2_rxframe(struct worker *wrk, struct h2_sess *h2) h2e = NULL; switch (hs) { case HTC_S_EOF: - h2_eof_debug(h2); - + h2_htc_debug(hs, h2); h2e = H2CE_NO_ERROR; break; case HTC_S_COMPLETE: @@ -1514,15 +1518,17 @@ h2_rxframe(struct worker *wrk, struct h2_sess *h2) h2e = h2_sweep(wrk, h2); break; case HTC_S_TIMEOUT: + //// #4279 + // h2_htc_debug(hs, h2); h2e = h2_sweep(wrk, h2); break; default: + HTC_Status(hs, &s, &r); + H2S_Lock_VSLb(h2, SLT_SessError, "H2: HTC %s (%s)", s, r); h2e = H2CE_ENHANCE_YOUR_CALM; } if (h2e != NULL && h2e->connection) { - HTC_Status(hs, &s, &r); - H2S_Lock_VSLb(h2, SLT_SessError, "H2: HTC %s (%s)", s, r); h2->error = h2e; h2_tx_goaway(wrk, h2, h2e); return (0); diff --git a/bin/varnishtest/tests/t02027.vtc b/bin/varnishtest/tests/t02027.vtc index b88dd9953..02bad0f7c 100644 --- a/bin/varnishtest/tests/t02027.vtc +++ b/bin/varnishtest/tests/t02027.vtc @@ -8,13 +8,14 @@ varnish v1 -arg "-p feature=+http2" -arg "-p debug=+syncvsl" -vcl { } -start logexpect l0 -v v1 -g vxid -q "Begin ~ sess" { + fail add * SessError expect * * Debug {^H2: Got pu PRISM} - expect 0 = Debug {^H2: eof frame=complete goaway=0} - expect 0 = SessError {^H2: HTC eof} + expect 0 = Debug {^H2: HTC eof.*frame=complete goaway=0} expect 0 = Debug {^H2 CLEANUP H2CE_NO_ERROR} expect 0 = ReqAcct {^0 0 0 18 26 44} expect 0 = SessClose {^REM_CLOSE} expect 0 = End + fail clear } -start # no streams open @@ -24,12 +25,13 @@ client c0 { } -run logexpect l1 -v v1 -g vxid -q "Begin ~ sess" { - expect * * Debug {^H2: eof frame=complete goaway=0} - expect 0 = SessError {^H2: HTC eof} + fail add * SessError + expect * * Debug {^H2: HTC eof.*frame=complete goaway=0} expect 0 = Debug {^H2 CLEANUP H2CE_NO_ERROR} expect 9 = ReqAcct {^27 0 27 27 26 53} expect 0 = SessClose {^REM_CLOSE} expect 0 = End + fail clear } -start # after frame, no END_HEADERS @@ -41,12 +43,13 @@ client c1 { } -run logexpect l2 -v v1 -g vxid -q "Begin ~ sess" { - expect * * Debug {^H2: eof frame=complete goaway=0} - expect 0 = SessError {^H2: HTC eof} + fail add * SessError + expect * * Debug {^H2: HTC eof.*frame=complete goaway=0} expect 0 = Debug {^H2 CLEANUP H2CE_NO_ERROR} expect 9 = ReqAcct {^27 0 27 27 26 53} expect 0 = SessClose {^REM_CLOSE} expect 0 = End + fail clear } -start # after frame, no END_STREAM @@ -58,12 +61,13 @@ client c2 { } -run logexpect l3 -v v1 -g vxid -q "Begin ~ sess" { - expect * * Debug {^H2: eof frame=partial goaway=0} - expect 0 = SessError {^H2: HTC eof} + fail add * SessError + expect * * Debug {^H2: HTC eof.*frame=partial goaway=0} expect 0 = Debug {^H2 CLEANUP H2CE_NO_ERROR} expect 0 = ReqAcct {^18 0 18 27 26 53} expect 0 = SessClose {^REM_CLOSE} expect 0 = End + fail clear } -start # middle of frame From nils.goroll at uplex.de Mon Mar 3 17:47:04 2025 From: nils.goroll at uplex.de (Nils Goroll) Date: Mon, 3 Mar 2025 17:47:04 +0000 (UTC) Subject: [master] 4038cbacc http2/vtc: Test that stream errors do not close the connection Message-ID: <20250303174704.C31E962EBE@lists.varnish-cache.org> commit 4038cbaccc95959d3c4ace3cfbc4b5c2a6d65883 Author: Nils Goroll Date: Mon Mar 3 18:45:59 2025 +0100 http2/vtc: Test that stream errors do not close the connection Closes #4283 diff --git a/bin/varnishtest/tests/t02023.vtc b/bin/varnishtest/tests/t02023.vtc index 4ca8306c4..bdc722ce3 100644 --- a/bin/varnishtest/tests/t02023.vtc +++ b/bin/varnishtest/tests/t02023.vtc @@ -32,6 +32,11 @@ client c1 { rxrst expect rst.err == PROTOCOL_ERROR } -run + stream 3 { + txreq + rxresp + expect resp.status == 200 + } -run } -run client c1 { @@ -40,6 +45,11 @@ client c1 { rxrst expect rst.err == PROTOCOL_ERROR } -run + stream 3 { + txreq + rxresp + expect resp.status == 200 + } -run } -run client c1 { @@ -48,6 +58,11 @@ client c1 { rxrst expect rst.err == PROTOCOL_ERROR } -run + stream 3 { + txreq + rxresp + expect resp.status == 200 + } -run } -run client c1 { @@ -56,6 +71,11 @@ client c1 { rxresp expect resp.status == 200 } -run + stream 3 { + txreq + rxresp + expect resp.status == 200 + } -run } -run varnish v1 -vsl_catchup @@ -66,6 +86,11 @@ client c1 { rxrst expect rst.err == PROTOCOL_ERROR } -run + stream 3 { + txreq + rxresp + expect resp.status == 200 + } -run } -run client c1 { @@ -74,6 +99,11 @@ client c1 { rxrst expect rst.err == PROTOCOL_ERROR } -run + stream 3 { + txreq + rxresp + expect resp.status == 200 + } -run } -run client c1 { @@ -82,6 +112,11 @@ client c1 { rxrst expect rst.err == PROTOCOL_ERROR } -run + stream 3 { + txreq + rxresp + expect resp.status == 200 + } -run } -run client c1 { @@ -90,6 +125,11 @@ client c1 { rxrst expect rst.err == PROTOCOL_ERROR } -run + stream 3 { + txreq + rxresp + expect resp.status == 200 + } -run } -run client c1 { @@ -98,6 +138,11 @@ client c1 { rxrst expect rst.err == PROTOCOL_ERROR } -run + stream 3 { + txreq + rxresp + expect resp.status == 200 + } -run } -run client c1 { @@ -106,6 +151,11 @@ client c1 { rxrst expect rst.err == PROTOCOL_ERROR } -run + stream 3 { + txreq + rxresp + expect resp.status == 200 + } -run } -run client c1 { @@ -114,6 +164,11 @@ client c1 { rxrst expect rst.err == PROTOCOL_ERROR } -run + stream 3 { + txreq + rxresp + expect resp.status == 200 + } -run } -run client c1 { @@ -122,6 +177,11 @@ client c1 { rxrst expect rst.err == PROTOCOL_ERROR } -run + stream 3 { + txreq + rxresp + expect resp.status == 200 + } -run } -run client c1 { From nils.goroll at uplex.de Mon Mar 3 19:29:05 2025 From: nils.goroll at uplex.de (Nils Goroll) Date: Mon, 3 Mar 2025 19:29:05 +0000 (UTC) Subject: [master] 115da2ee8 http2: Log H2_Send_Frame() write error details Message-ID: <20250303192905.393DD6EAD1@lists.varnish-cache.org> commit 115da2ee807dba868268309b090ac9eaf02ba8cd Author: Nils Goroll Date: Mon Mar 3 20:27:34 2025 +0100 http2: Log H2_Send_Frame() write error details Trying to understand if this is the place where #4293 happens diff --git a/bin/varnishd/http2/cache_http2_send.c b/bin/varnishd/http2/cache_http2_send.c index 880fb9876..d4e66aab8 100644 --- a/bin/varnishd/http2/cache_http2_send.c +++ b/bin/varnishd/http2/cache_http2_send.c @@ -212,6 +212,11 @@ H2_Send_Frame(struct worker *wrk, struct h2_sess *h2, H2S_Lock_VSLb(h2, SLT_SessError, "H2: stream %u: Hit idle_send_timeout", stream); } + else { + H2S_Lock_VSLb(h2, SLT_Debug, + "H2: stream %u: write error s=%zd/%zu errno=%d", + stream, s, sizeof hdr + len, errno); + } /* * There is no point in being nice here, we will be unable * to send a GOAWAY once the code unrolls, so go directly From nils.goroll at uplex.de Mon Mar 3 20:22:05 2025 From: nils.goroll at uplex.de (Nils Goroll) Date: Mon, 3 Mar 2025 20:22:05 +0000 (UTC) Subject: [master] e3c2808ab http2/vtc: Stabilize WR_SHUT test Message-ID: <20250303202205.C599B1018A8@lists.varnish-cache.org> commit e3c2808abf3a957c7c699b91fe4f9c046f297483 Author: Nils Goroll Date: Mon Mar 3 21:18:31 2025 +0100 http2/vtc: Stabilize WR_SHUT test If a shutdown command is last in the vtc client, it closes the file descriptor right after the shutdown, such that varnishd can not reliably send the GOAWAY, which in turn changes the H2 error message. Ref #4283 Ref #4284 Closes #4293 diff --git a/bin/varnishtest/tests/t02027.vtc b/bin/varnishtest/tests/t02027.vtc index 02bad0f7c..5bc7b4816 100644 --- a/bin/varnishtest/tests/t02027.vtc +++ b/bin/varnishtest/tests/t02027.vtc @@ -22,6 +22,12 @@ logexpect l0 -v v1 -g vxid -q "Begin ~ sess" { client c0 { txpri shutdown -write + stream 0 { + rxsettings + rxgoaway + expect goaway.laststream == 0 + expect goaway.err == NO_ERROR + } -run } -run logexpect l1 -v v1 -g vxid -q "Begin ~ sess" { @@ -40,6 +46,11 @@ client c1 { txreq -nohdrend } -run shutdown -write + stream 0 { + rxgoaway + expect goaway.laststream == 1 + expect goaway.err == NO_ERROR + } -run } -run logexpect l2 -v v1 -g vxid -q "Begin ~ sess" { @@ -58,6 +69,11 @@ client c2 { txreq -nostrend } -run shutdown -write + stream 0 { + rxgoaway + expect goaway.laststream == 1 + expect goaway.err == NO_ERROR + } -run } -run logexpect l3 -v v1 -g vxid -q "Begin ~ sess" { @@ -85,6 +101,11 @@ client c3 { # 00053a70617468012f00073a6d6574686f640347455400073a736368656d650468747470 } -run shutdown -write + stream 0 { + rxgoaway + expect goaway.laststream == 0 + expect goaway.err == NO_ERROR + } -run } -run logexpect l0 -wait From walid.boudebouda at gmail.com Thu Mar 6 13:57:07 2025 From: walid.boudebouda at gmail.com (Walid Boudebouda) Date: Thu, 6 Mar 2025 13:57:07 +0000 (UTC) Subject: [master] 628b7542a vcl_var.rst: Fix server.ip doc Message-ID: <20250306135707.2806611962D@lists.varnish-cache.org> commit 628b7542a6984adc290ccaa8ab7065b84108fbbf Author: Walid Boudebouda Date: Thu Mar 6 14:53:40 2025 +0100 vcl_var.rst: Fix server.ip doc When there is no proxy, server.ip is the same as local.ip diff --git a/doc/sphinx/reference/vcl_var.rst b/doc/sphinx/reference/vcl_var.rst index b9ef20e0d..f59abf263 100644 --- a/doc/sphinx/reference/vcl_var.rst +++ b/doc/sphinx/reference/vcl_var.rst @@ -97,7 +97,7 @@ server.ip The IP address of the socket on which the client - connection was received, either the same as ``server.ip`` + connection was received, either the same as ``local.ip`` or what the PROXY protocol told us. From nils.goroll at uplex.de Thu Mar 6 14:52:05 2025 From: nils.goroll at uplex.de (Nils Goroll) Date: Thu, 6 Mar 2025 14:52:05 +0000 (UTC) Subject: [master] 468c55fe6 varnishtest: plug isignificant leak in vtc_proxy_tlv() Message-ID: <20250306145205.B95AE11B496@lists.varnish-cache.org> commit 468c55fe675c2bc71cbf2c941140bc28f071ae30 Author: Nils Goroll Date: Thu Mar 6 15:28:44 2025 +0100 varnishtest: plug isignificant leak in vtc_proxy_tlv() CID 1643159 diff --git a/bin/varnishtest/vtc_proxy.c b/bin/varnishtest/vtc_proxy.c index 4734ff77b..e8ec45ec6 100644 --- a/bin/varnishtest/vtc_proxy.c +++ b/bin/varnishtest/vtc_proxy.c @@ -133,6 +133,7 @@ vtc_proxy_tlv(struct vtclog *vl, struct vsb *vsb, const char *kva) AZ(VSB_finish(vsb2)); } AN(vsb2); + free(kv); sz = VSB_len(vsb2); assert(sz >= 0); From nils.goroll at uplex.de Thu Mar 6 14:52:05 2025 From: nils.goroll at uplex.de (Nils Goroll) Date: Thu, 6 Mar 2025 14:52:05 +0000 (UTC) Subject: [master] 1e16a6d9d varnishtest: Coveritification Message-ID: <20250306145205.CD14411B499@lists.varnish-cache.org> commit 1e16a6d9d06e61c0a3f756f8f4bf8247022c055a Author: Nils Goroll Date: Thu Mar 6 15:31:05 2025 +0100 varnishtest: Coveritification CID 1643158 diff --git a/bin/varnishtest/vtc_proxy.c b/bin/varnishtest/vtc_proxy.c index e8ec45ec6..583748c59 100644 --- a/bin/varnishtest/vtc_proxy.c +++ b/bin/varnishtest/vtc_proxy.c @@ -203,6 +203,8 @@ vtc_send_proxy(int fd, int version, const struct suckaddr *sac, else l = VSB_len(tlv); + assert(l <= UINT16_MAX - 0x24); + if (version == 1) { VSB_bcat(vsb, vpx1_sig, sizeof(vpx1_sig)); if (proto == PF_INET6) From nils.goroll at uplex.de Tue Mar 11 11:13:10 2025 From: nils.goroll at uplex.de (Nils Goroll) Date: Tue, 11 Mar 2025 11:13:10 +0000 (UTC) Subject: [master] 96c5580f0 vtc: Rename to the right category Message-ID: <20250311111310.245C462636@lists.varnish-cache.org> commit 96c5580f04ddc4d818950ee3647dac0f7fbb69ca Author: Nils Goroll Date: Mon Mar 10 09:23:25 2025 +0100 vtc: Rename to the right category this is a varnishtest test diff --git a/bin/varnishtest/tests/b00086.vtc b/bin/varnishtest/tests/a00016.vtc similarity index 100% rename from bin/varnishtest/tests/b00086.vtc rename to bin/varnishtest/tests/a00016.vtc From nils.goroll at uplex.de Wed Mar 12 16:59:06 2025 From: nils.goroll at uplex.de (Nils Goroll) Date: Wed, 12 Mar 2025 16:59:06 +0000 (UTC) Subject: [master] 71771dc5d doc: polish varnishncsa documentation on header logging Message-ID: <20250312165906.39C301197EE@lists.varnish-cache.org> commit 71771dc5d8fd7628d6f641cb83ae167f7a04fef0 Author: Nils Goroll Date: Wed Mar 12 17:08:58 2025 +0100 doc: polish varnishncsa documentation on header logging Ref 30bfe667ad7d1ca990d55a0849d8f7c35be7c31d Ref #3528 diff --git a/doc/sphinx/reference/varnishncsa.rst b/doc/sphinx/reference/varnishncsa.rst index 82bd4a4cf..435072e8f 100644 --- a/doc/sphinx/reference/varnishncsa.rst +++ b/doc/sphinx/reference/varnishncsa.rst @@ -239,22 +239,22 @@ SIGNALS NOTES ===== -The %r formatter is equivalent to ``%m http://%{Host}i%U%q %H``. This -differs from apache's %r behavior, equivalent to "%m %U%q %H". - -Note that request fields are collected on a first match basis in client mode -and last match basis in backend mode. Similarly, response fields are collected -on a first match basis in backend mode and last match basis in client mode. - -In other words, this means that requests are represented as they were received -from the client and as they were sent to the backend, while responses are -represented as they were sent to the client and as they were received from -the backend. - -Furthermore, these rules also apply for items that appear multiple times in a -transaction. For exampe, if a header appears multiple times in a client request, -the first occurence would be shown in client mode, while the last one would be -used in backend mode. +The ``%r`` formatter is equivalent to ``%m http://%{Host}i%U%q %H``. This +differs from the Apache HTTP Server ``%r`` behavior, equivalent to ``%m %U%q +%H``. + +Note that request fields are collected on a first match basis in client mode and +last match basis in backend mode. Similarly, response fields are collected on a +first match basis in backend mode and last match basis in client mode. + +In other words, request headers are logged as they were received from the client +and as they were sent to the backend, while response headers are logged as they +were sent to the client and as they were received from the backend. + +Furthermore, these rules also apply to items that appear multiple times in a +transaction. For example, if a header appears multiple times in a client +request, the first occurrence is logged in client mode, while in backend mode +the last occurrence is logged. EXAMPLE ======= From nils.goroll at uplex.de Wed Mar 12 16:59:06 2025 From: nils.goroll at uplex.de (Nils Goroll) Date: Wed, 12 Mar 2025 16:59:06 +0000 (UTC) Subject: [master] 0338875b0 doc/changes.rst: Document all relevant changes (I hope) since 7.6.1 Message-ID: <20250312165906.536651197F2@lists.varnish-cache.org> commit 0338875b06ce8120a34ed6bb6860a37d30eb29c8 Author: Nils Goroll Date: Wed Mar 12 17:10:46 2025 +0100 doc/changes.rst: Document all relevant changes (I hope) since 7.6.1 diff --git a/doc/changes.rst b/doc/changes.rst index 0df080469..115f39104 100644 --- a/doc/changes.rst +++ b/doc/changes.rst @@ -41,6 +41,15 @@ Varnish Cache NEXT (2025-03-15) .. PLEASE keep this roughly in commit order as shown by git-log / tig (new to old) +.. _4281: https://github.com/varnishcache/varnish-cache/issues/4281 + +* For http/2, normal client behavior like timeouts or closed connection was + logged with a ``SessError`` tag and ``ENHANCE_YOUR_CALM`` in additional + ``Debug`` log records. This behavior was misleading and has been corrected + (`4281`_). + +.. _4282: https://github.com/varnishcache/varnish-cache/issues/4282 + * (Add a prominent note to announcement) Timestamps for http/2 requests have been corrected and made similar to how they are taken for http/1. @@ -57,16 +66,117 @@ Varnish Cache NEXT (2025-03-15) NOTE that after upgrading Varnish-Cache, processing and response times for http/2 will now be reported as worse than before the upgrade, potentially *much* worse. This is **NOT** a performance regression, but rather due to the - corrected timestamps, which arguably were wrong for http/2. + corrected timestamps, which arguably were wrong for http/2. (`4282`_) + +.. _4283: https://github.com/varnishcache/varnish-cache/issues/4283 + +* For http/2, an issue has been fixed where stream errors could indirectly cause + connection errors. (`4283`_) + +* http/2 error detail reporting in ``Debug`` log records has been clarified: + Connection errors are now prefixed with ``H2CE_``, and stream errors with + ``H2SE_``, respectively. -.. MISSING commits +* http/2 ``BogoHeader`` log records now contain the first offending byte value + in hex. + +* ``varnishtest`` can now send arbitrary http/2 settings frames and arbitrary + PROXY2 tlvs. + +* Pressing the ``0`` key in ``varnishstat`` interactive (curses) mode now resets + averages. + +* ``varnishtest`` has been changed to always set a ``VARNISH_DEFAULT_N`` + environment variable to ensure that ``varnish`` invoked from ``varnishtest`` + always has a valid workdir. + +.. _4276: https://github.com/varnishcache/varnish-cache/issues/4276 + +* An issue has been fixed which could cause a crash when ``varnishd`` receives + an invalid ``Content-Range`` header from a backend. (`4276`_) * The ``hitmiss`` and ``hitpass`` handling indicators have been added to the ``Varnish:handling`` format of ``varnishncsa``. -* The scope of VCL variables `req.is_hitmiss` and `req.is_hitpass` is now restricted - to `vcl_miss, vcl_deliver, vcl_pass, vcl_synth` and `vcl_pass, vcl_deliver, vcl_synth` - respectively. +* All bitfield parameters (like ``feature`` or ``vsl_mask``) now support the + special values ``all`` and ``none``. + + The output format of ``varnishadm param.show`` has been adjusted accordingly. + +* Behavior of the VCL ``include`` statement with the ``+glob`` option has been + clarified to not search directories in ``vcl_path``. + +* The ``linux`` jail gained control of transparent huge pages (THP) settings: + The ``transparent_hugepage`` suboption can be set to ``ignore`` to do nothing, + ``enable`` to enable THP (actually, disable the disable), ``disable`` to + disable THP or ``try-disable`` to try do disable, but not emit an error if + disabling fails. ``try-disable`` is the default. + +.. _4273: https://github.com/varnishcache/varnish-cache/issues/4273 + +* Error handling from the jail subsystem has been streamlined to avoid some + confusing and/or contradictory error messages as well as turn assertion + failures into error messages (`4273`_) + +* ``miniobj.h``: Helper macros ``SIZEOF_FLEX_OBJ()`` and ``ALLOC_FLEX_OBJ()`` + have been added to facilitate use of structs with flexible array members. + +.. _3963: https://github.com/varnishcache/varnish-cache/issues/3963 + +* Validation of the ``PROXY2`` ``PP2_TYPE_AUTHORITY`` TLV sent with ``.via`` + backends has been corrected: IP addresses are no longer accepted as an + authority and port numbers are automatically removed. (`3963`_) + +.. _3757: https://github.com/varnishcache/varnish-cache/issues/3757 + +* Handling of curses errors in the interactive mode of ``varnishstat``, + ``varnishtop`` and ``varnishhist`` has been streamlined and one wrong + assertion has been fixed. (`3757`_) + +.. not mentioning #4260 because it was introduced within this release cycle with + 818ca099105e3ebe1d96fb8deaa91aed6ff1280e + +.. _4228: https://github.com/varnishcache/varnish-cache/issues/4228 + +* The ``Content-Length`` header is now consistently removed after ``unset + bereq.body`` on the backend side. (`4228`_) + +.. _2735: https://github.com/varnishcache/varnish-cache/issues/2735 + +* The new ``http_req_overflow_status`` parameter now allows to optionally send a + response with a status between ``400`` and ``499`` (inclusive) if a request + exceeds ``http_req_size``. The default of ``0`` keeps the existing behavior + to just close the connection in this case. (`2735`_) + +.. _4142: https://github.com/varnishcache/varnish-cache/pull/4142 +.. _4259: https://github.com/varnishcache/varnish-cache/pull/4259 + +* Internal handling of iterations on directors (like the cli command + ``backend.list`` command) has been improved to better interoperate with + concurrent director creation and destruction operations, avoiding most + deadlocks in this area (`4142`_, some cases remain for now, see `4259`_). + +.. _4253: https://github.com/varnishcache/varnish-cache/pull/4253 + +* The new ``ban_any_variant`` parameter allows to configure the maximum number + of possibly non matching variants evaluated against the ban list during + lookup. The default value of 10000 avoids excessive time spent for ban checks + during lookups, which could cause noticeable delays for cases with a very high + number of bans and/or variants (in the 1000s). + + Setting ``ban_any_variant`` to ``0`` changes the behavior of the lookup-time + ban check to only consider matching objects for tests against the ban list, + which can be considered a bugfix, depending on the exact interpretation of the + semantics of ban expressions with regards to variants. ``0`` will become the + new default in a future release of Varnish-Cache. (`4253`_) + +.. _3528: https://github.com/varnishcache/varnish-cache/pull/3528 + +* ``varnishncsa`` now handles headers unset and changed from VCL more + consistently: request headers are logged as they were received from the client + and as they were sent to the backend, while response headers are logged as + they were sent to the client and as they were received from the backend + (`3528`_) * Two fields have been added to the VMOD data registered with varnish-cache: @@ -77,7 +187,7 @@ Varnish Cache NEXT (2025-03-15) - ``version`` is intended as a more user friendly identifier as to which version of a vmod a binary represents. - Panics and the ``debug.vmod`` CLI command output now contain these + The panic output and the ``debug.vmod`` CLI command output now contain these identifiers. Where supported by the compiler and linker, the ``vcs`` identifier is also @@ -104,10 +214,44 @@ Varnish Cache NEXT (2025-03-15) an attempt is made to extract ``PACKAGE_STRING`` from an automake ``Makefile``, otherwise ``NOVERSION`` is used as the version identifier. +* Connection pools are now cleaned up asynchronously. + +.. _4233: https://github.com/varnishcache/varnish-cache/pull/4233 + +* A concurrency issue in the backend connection queuing feature as configured + through the ``backend_wait_*`` parameters and ``wait_*`` backend attributes + has been fixed which could lead to under-utilization of the allowed number of + backend connections. (`4233`_) + +* An edge case in director handling has been fixed which could lead to premature + retirement of backends during assignments. + +* A new facility has been added allowing transport delivery functions to + disembark the worker thread which had been handling a request's VCL code + during delivery by returning ``VTR_D_DISEMBARK`` from the ``vtr_deliver_f`` + function. + + This will enable future optimizations to make transport protocol code more + efficient. + + To enable this facility, a new request processing step ``finish`` has been + added once delivery is complete. + +* VCL now supports ``unset req.grace`` and ``unset req.ttl`` to reset the + respective variables to the "no effect" value, which is also the default. + * The scope of VCL variables ``req.is_hitmiss`` and ``req.is_hitpass`` is now restricted to ``vcl_miss, vcl_deliver, vcl_pass, vcl_synth`` and ``vcl_pass, vcl_deliver, vcl_synth`` respectively. +.. _4201: https://github.com/varnishcache/varnish-cache/issues/4201 + +* The backend ``happy`` VSC bitfield is now set to all ones for backends with no + configured probe. (`4201`_) + +* The acceptor code has been refactored for basic support of pluggable + acceptors. + ================================ Varnish Cache 7.6.1 (2024-11-08) ================================ From nils.goroll at uplex.de Thu Mar 13 08:57:06 2025 From: nils.goroll at uplex.de (Nils Goroll) Date: Thu, 13 Mar 2025 08:57:06 +0000 (UTC) Subject: [master] 33725056b Start skeleton release notes for the next version. Message-ID: <20250313085706.8305C113C29@lists.varnish-cache.org> commit 33725056bccf28a2491e3b29609a226f961a5a26 Author: Geoff Simmons Date: Tue Sep 25 16:31:17 2018 +0200 Start skeleton release notes for the next version. Restructured so that: * 'Upgrading' is limited to work that has to be done to upgrade from a current deployment to the new version. * 'Changes' is a comprehensive, user-level description of changes and new features. Conflicts: doc/sphinx/whats-new/index.rst diff --git a/doc/sphinx/whats-new/changes-trunk.rst b/doc/sphinx/whats-new/changes-trunk.rst new file mode 100644 index 000000000..2070fadd5 --- /dev/null +++ b/doc/sphinx/whats-new/changes-trunk.rst @@ -0,0 +1,69 @@ +.. _whatsnew_changes_CURRENT: + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +Changes in Varnish **${NEXT_RELEASE}** +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +For information about updating your current Varnish deployment to the +new version, see :ref:`whatsnew_upgrading_CURRENT`. + +A more detailed and technical account of changes in Varnish, with +links to issues that have been fixed and pull requests that have been +merged, may be found in the `change log`_. + +.. _change log: https://github.com/varnishcache/varnish-cache/blob/master/doc/changes.rst + +varnishd +======== + +Parameters +~~~~~~~~~~ + +**XXX changes in -p parameters** + +Other changes in varnishd +~~~~~~~~~~~~~~~~~~~~~~~~~ + +Changes to VCL +============== + +VCL variables +~~~~~~~~~~~~~ + +**XXX new, deprecated or removed variables, or changed semantics** + +Other changes to VCL +~~~~~~~~~~~~~~~~~~~~ + +VMODs +===== + +**XXX changes in the bundled VMODs** + +varnishlog +========== + +**XXX changes concerning varnishlog(1) and/or vsl(7)** + +varnishadm +========== + +**XXX changes concerning varnishadm(1) and/or varnish-cli(7)** + +varnishstat +=========== + +**XXX changes concerning varnishstat(1) and/or varnish-counters(7)** + +varnishtest +=========== + +**XXX changes concerning varnishtest(1) and/or vtc(7)** + +Changes for developers and VMOD authors +======================================= + +**XXX changes concerning VRT, the public APIs, source code organization, +builds etc.** + +*eof* diff --git a/doc/sphinx/whats-new/index.rst b/doc/sphinx/whats-new/index.rst index d0ec73421..1054242f3 100644 --- a/doc/sphinx/whats-new/index.rst +++ b/doc/sphinx/whats-new/index.rst @@ -13,13 +13,22 @@ This section describes the changes and improvements between different versions of Varnish, and what upgrading between the different versions entail. -Varnish 7.6 ------------ +Varnish **$NEXT_RELEASE** +------------------------- **Note: These are working documents for a future release, with running updates for changes in the development branch. For changes in the released versions of Varnish, see the chapters listed below.** +.. toctree:: + :maxdepth: 2 + + changes-trunk + upgrading-trunk + +Varnish 7.6 +----------- + .. toctree:: :maxdepth: 2 diff --git a/doc/sphinx/whats-new/upgrading-trunk.rst b/doc/sphinx/whats-new/upgrading-trunk.rst new file mode 100644 index 000000000..6143fde99 --- /dev/null +++ b/doc/sphinx/whats-new/upgrading-trunk.rst @@ -0,0 +1,33 @@ +**Note: This is a working document for a future release, with running +updates for changes in the development branch. For changes in the +released versions of Varnish, see:** :ref:`whats-new-index` + +.. _whatsnew_upgrading_CURRENT: + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +Upgrading to Varnish **$NEXT_RELEASE** +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +**XXX: how to upgrade from previous deployments to this +version. Limited to work that has to be done for an upgrade, new +features are listed in "Changes". Explicitly mention what does *not* +have to be changed, especially in VCL. May include, but is not limited +to:** + +* Elements of VCL that have been removed or are deprecated, or whose + semantics have changed. + +* -p parameters that have been removed or are deprecated, or whose + semantics have changed. + +* Changes in the CLI. + +* Changes in the output or interpretation of stats or the log, including + changes affecting varnishncsa/-hist/-top. + +* Changes that may be necessary in VTCs or in the use of varnishtest. + +* Changes in public APIs that may require changes in VMODs or VAPI/VUT + clients. + +*eof* From nils.goroll at uplex.de Thu Mar 13 08:57:06 2025 From: nils.goroll at uplex.de (Nils Goroll) Date: Thu, 13 Mar 2025 08:57:06 +0000 (UTC) Subject: [master] 6415d5a88 doc/changes: Trust the release manager to remember Message-ID: <20250313085706.B3BF8113C2D@lists.varnish-cache.org> commit 6415d5a886ae9aeb2fb00d2038ecc35df26ebaa9 Author: Nils Goroll Date: Thu Mar 13 09:56:50 2025 +0100 doc/changes: Trust the release manager to remember diff --git a/doc/changes.rst b/doc/changes.rst index 115f39104..37dadc83b 100644 --- a/doc/changes.rst +++ b/doc/changes.rst @@ -50,8 +50,8 @@ Varnish Cache NEXT (2025-03-15) .. _4282: https://github.com/varnishcache/varnish-cache/issues/4282 -* (Add a prominent note to announcement) Timestamps for http/2 requests have - been corrected and made similar to how they are taken for http/1. +* Timestamps for http/2 requests have been corrected and made similar to how + they are taken for http/1. For http/1, the start time, internally called "t_first", is taken as soon as any part of the request (headers) is received. Previously, http/2 took it From nils.goroll at uplex.de Thu Mar 13 09:59:05 2025 From: nils.goroll at uplex.de (Nils Goroll) Date: Thu, 13 Mar 2025 09:59:05 +0000 (UTC) Subject: [master] 1eb39cc09 doc: 7.7 Release documentation Message-ID: <20250313095905.DBE85116926@lists.varnish-cache.org> commit 1eb39cc093a4af5bd8bfcb3c14df3bbe689fe3cb Author: Nils Goroll Date: Thu Mar 13 10:15:31 2025 +0100 doc: 7.7 Release documentation diff --git a/doc/sphinx/whats-new/changes-trunk.rst b/doc/sphinx/whats-new/changes-trunk.rst index 2070fadd5..eda8249fa 100644 --- a/doc/sphinx/whats-new/changes-trunk.rst +++ b/doc/sphinx/whats-new/changes-trunk.rst @@ -1,15 +1,19 @@ .. _whatsnew_changes_CURRENT: -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -Changes in Varnish **${NEXT_RELEASE}** -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +Changes in Varnish-Cache **${NEXT_RELEASE}** +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -For information about updating your current Varnish deployment to the -new version, see :ref:`whatsnew_upgrading_CURRENT`. +For information about updating your current Varnish deployment to the new +version, see :ref:`whatsnew_upgrading_CURRENT`. -A more detailed and technical account of changes in Varnish, with -links to issues that have been fixed and pull requests that have been -merged, may be found in the `change log`_. +**NOTE**: In this Varnish-Cache release, we changed how timestamps are taken for +the http2 protocol, which could look like a performance regression, but is not. +See :ref:`whatsnew_changes_CURRENT_h2_timestamps`. + +A more detailed and technical account of changes in Varnish-Cache, with links to +issues that have been fixed and pull requests that have been merged, may be +found in the `change log`_. .. _change log: https://github.com/varnishcache/varnish-cache/blob/master/doc/changes.rst @@ -19,51 +23,192 @@ varnishd Parameters ~~~~~~~~~~ -**XXX changes in -p parameters** +The bitfield parameters ``debug``, ``experimental``, ``feature``, +``vcc_feature`` and ``vsl_mask`` now consistently support the special values +``all`` and ``none``. The output format of ``varnishadm param.show`` has been +adjusted to always output the parameter value relative to either ``all`` or +``none`` in a format which would also be accepted by ``varnishadm param.set`` +and the ``varnishd -p`` option. + +The new ``http_req_overflow_status`` parameter now allows to optionally send a +response with a status between ``400`` and ``499`` (inclusive) if a request +exceeds ``http_req_size``. The default of ``0`` keeps the existing behavior +to just close the connection in this case. + +The new ``ban_any_variant`` parameter allows to configure the maximum number +of possibly non matching variants evaluated against the ban list during +lookup. The default value of 10000 avoids excessive time spent for ban checks +during lookups, which could cause noticeable delays for cases with a very high +number of bans and/or variants (in the 1000s). + +Setting ``ban_any_variant`` to ``0`` changes the behavior of the lookup-time +ban check to only consider matching objects for tests against the ban list, +which can be considered a bugfix, depending on the exact interpretation of the +semantics of ban expressions with regards to variants. ``0`` will become the +new default in a future release of Varnish-Cache. + +Jails +~~~~~ + +The ``linux`` jail gained control of transparent huge pages (THP) settings: The +``transparent_hugepage`` suboption can be set to ``ignore`` to do nothing, +``enable`` to enable THP (actually, disable the disable), ``disable`` to disable +THP or ``try-disable`` to try do disable, but not emit an error if disabling +fails. ``try-disable`` is the default. + +Error handling from the jail subsystem has been streamlined to avoid some +confusing and/or contradictory error messages as well as turn assertion failures +into error messages. Other changes in varnishd ~~~~~~~~~~~~~~~~~~~~~~~~~ +An issue has been fixed which could cause a crash when ``varnishd`` receives +an invalid ``Content-Range`` header from a backend. + Changes to VCL ============== VCL variables ~~~~~~~~~~~~~ -**XXX new, deprecated or removed variables, or changed semantics** +VCL now supports ``unset req.grace`` and ``unset req.ttl`` to reset the +respective variables to the "no effect" value, which is also the default. + +The scope of VCL variables ``req.is_hitmiss`` and ``req.is_hitpass`` is now +restricted to ``vcl_miss, vcl_deliver, vcl_pass, vcl_synth`` and ``vcl_pass, +vcl_deliver, vcl_synth``, respectively. + +The ``Content-Length`` header is now consistently removed after ``unset +bereq.body`` on the backend side. Other changes to VCL ~~~~~~~~~~~~~~~~~~~~ -VMODs -===== +Behavior of the VCL ``include`` statement with the ``+glob`` option has been +clarified to not search directories in ``vcl_path``. + +Validation of the ``PROXY2`` ``PP2_TYPE_AUTHORITY`` TLV sent with ``.via`` +backends has been corrected: IP addresses are no longer accepted as an +authority and port numbers are automatically removed. + +Generic Logging (VSL) +===================== + +affecting ``varnishlog``, ``varnishncsa`` and ``varnishtop``: + +.. _whatsnew_changes_CURRENT_h2_timestamps: -**XXX changes in the bundled VMODs** +http2 related timestamps +~~~~~~~~~~~~~~~~~~~~~~~~ -varnishlog -========== +Timestamps for http/2 requests have been corrected and made similar to how they +are taken for http/1. -**XXX changes concerning varnishlog(1) and/or vsl(7)** +For http/1, the start time, internally called "t_first", is taken as soon as any +part of the request (headers) is received. Previously, http/2 took it later, +possibly much later if long header lines were involved. http/2 now takes it the +same way as http/1 when the first bit of the first HEADERS frame of the request +arrives. -varnishadm -========== +Timing behavior for http/1 and http/2 is different and can not be directly +compared. But with this change, the ``Timestamp`` VSL records for http/2 now at +least reflect reality better. -**XXX changes concerning varnishadm(1) and/or varnish-cli(7)** +**NOTE** that after upgrading Varnish-Cache, processing and response times for +http/2 will now be reported as worse than before the upgrade, potentially *much* +worse. This is **NOT** a performance regression, but rather due to the corrected +timestamps, which arguably were wrong for http/2. + +http2 logging +~~~~~~~~~~~~~ + +For http/2, normal client behavior like timeouts or closed connection was logged +with a ``SessError`` tag and ``ENHANCE_YOUR_CALM`` in additional ``Debug`` log +records. This behavior was misleading and has been corrected. + +http/2 error detail reporting in ``Debug`` log records has been clarified: +Connection errors are now prefixed with ``H2CE_``, and stream errors with +``H2SE_``, respectively. + +http/2 ``BogoHeader`` log records now contain the first offending byte value in +hex. + +Interactive mode in varnishstat, varnishtop and varnishhist +=========================================================== + +Handling of curses errors in the interactive mode of ``varnishstat``, +``varnishtop`` and ``varnishhist`` has been streamlined and one wrong assertion +has been fixed, which could cause a crash with certain terminal types as set +through the ``TERM`` environment variable. + +varnishncsa +=========== + +The ``hitmiss`` and ``hitpass`` handling indicators have been added to the +``Varnish:handling`` format of ``varnishncsa``. + +``varnishncsa`` now handles headers unset and changed from VCL more +consistently: request headers are logged as they were received from the client +and as they were sent to the backend, while response headers are logged as they +were sent to the client and as they were received from the backend. varnishstat =========== -**XXX changes concerning varnishstat(1) and/or varnish-counters(7)** +Pressing the ``0`` key in ``varnishstat`` interactive (curses) mode now resets +averages. + +The backend ``happy`` VSC bitfield is now set to all ones for backends with no +configured probe. varnishtest =========== -**XXX changes concerning varnishtest(1) and/or vtc(7)** +``varnishtest`` can now send arbitrary http/2 settings frames and arbitrary +PROXY2 tlvs. + +``varnishtest`` has been changed to always set a ``VARNISH_DEFAULT_N`` +environment variable to ensure that ``varnish`` invoked from ``varnishtest`` +always has a valid workdir. Changes for developers and VMOD authors ======================================= -**XXX changes concerning VRT, the public APIs, source code organization, -builds etc.** +``miniobj.h``: Helper macros ``SIZEOF_FLEX_OBJ()`` and ``ALLOC_FLEX_OBJ()`` have +been added to facilitate use of structs with flexible array members. + +The acceptor code has been refactored for basic support of pluggable acceptors. + +Two fields have been added to the VMOD data registered with varnish-cache: + +- ``vcs`` for Version Control System is intended as an identifier from the + source code management system, e.g. the git revision, to identify the exact + source code which was used to build a VMOD binary. + +- ``version`` is intended as a more user friendly identifier as to which + version of a vmod a binary represents. + +The panic output and the ``debug.vmod`` CLI command output now contain these +identifiers. + +Where supported by the compiler and linker, the ``vcs`` identifier is also +reachable via the ``.vmod_vcs`` section of the vmod shared object ELF file and +can be extracted, for example, using ``readelf -p.vmod_vcs `` + +To set the version, ``vmodtool.py`` now accepts a ``$Version`` stanza in vmod +vcc files. If ``$Version`` is not present, an attempt is made to extract +``PACKAGE_STRING`` from an automake ``Makefile``, otherwise ``NOVERSION`` is +used as the version identifier. + +A new facility has been added allowing transport delivery functions to disembark +the worker thread which had been handling a request's VCL code during delivery +by returning ``VTR_D_DISEMBARK`` from the ``vtr_deliver_f`` function. + +This will enable future optimizations to make transport protocol code more +efficient. + +To enable this facility, a new request processing step ``finish`` has been added +once delivery is complete. *eof* diff --git a/doc/sphinx/whats-new/upgrading-trunk.rst b/doc/sphinx/whats-new/upgrading-trunk.rst index 6143fde99..d2b7611a6 100644 --- a/doc/sphinx/whats-new/upgrading-trunk.rst +++ b/doc/sphinx/whats-new/upgrading-trunk.rst @@ -8,26 +8,39 @@ released versions of Varnish, see:** :ref:`whats-new-index` Upgrading to Varnish **$NEXT_RELEASE** %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -**XXX: how to upgrade from previous deployments to this -version. Limited to work that has to be done for an upgrade, new -features are listed in "Changes". Explicitly mention what does *not* -have to be changed, especially in VCL. May include, but is not limited -to:** +In general, upgrading from Varnish 7.6 to 7.7 should not require any changes +besides the actual upgrade. -* Elements of VCL that have been removed or are deprecated, or whose - semantics have changed. +Note, however, that some log messages and in particular timestamps have changed, +see :ref:`whatsnew_changes_CURRENT` and +:ref:`whatsnew_changes_CURRENT_h2_timestamps` in particular. Here, we only +summarize the changes: -* -p parameters that have been removed or are deprecated, or whose - semantics have changed. +* We have changed how http/2 timestamps are taken. -* Changes in the CLI. +* Details of http/2 related log entries have changed. -* Changes in the output or interpretation of stats or the log, including - changes affecting varnishncsa/-hist/-top. +* The ``varnishncsa`` format ``Varnish:handling`` now also outputs ``hitmiss`` + and ``hitpass``. -* Changes that may be necessary in VTCs or in the use of varnishtest. +* ``varnishncsa`` now outputs headers as they are received and sent. + +Upgrade notes for VMOD developers +================================= + +``vmodtool.py`` now creates a file ``vmod_vcs_version.txt`` in the current +working directory when called from a git tree. This file is intended to +transport version control system information to builds from distribution +bundles. + +VMOD authors should add it to the distribution and otherwise ignore it for SCM. + +Where git and automake are used, this can be accomplished by adding +``vmod_vcs_version.txt`` to the ``.gitignore`` file and to the ``EXTRA_DIST`` +and ``DISTCLEANFILES`` variables in ``Makefile.am``. + +If neither git is used nor ``vmod_vcs_version.txt`` present, ``vmodtool.py`` +will add ``NOGIT`` to the vmod as the vcs identifier. -* Changes in public APIs that may require changes in VMODs or VAPI/VUT - clients. *eof* From nils.goroll at uplex.de Thu Mar 13 09:59:05 2025 From: nils.goroll at uplex.de (Nils Goroll) Date: Thu, 13 Mar 2025 09:59:05 +0000 (UTC) Subject: [master] 30aa96fa3 doc: Rename files for 7.7 Message-ID: <20250313095906.08A70116929@lists.varnish-cache.org> commit 30aa96fa3db94c1d472eda4bb2e15ae97d901411 Author: Nils Goroll Date: Thu Mar 13 10:53:39 2025 +0100 doc: Rename files for 7.7 diff --git a/doc/sphinx/whats-new/changes-trunk.rst b/doc/sphinx/whats-new/changes-7.7.rst similarity index 100% rename from doc/sphinx/whats-new/changes-trunk.rst rename to doc/sphinx/whats-new/changes-7.7.rst diff --git a/doc/sphinx/whats-new/index.rst b/doc/sphinx/whats-new/index.rst index 1054242f3..724dce921 100644 --- a/doc/sphinx/whats-new/index.rst +++ b/doc/sphinx/whats-new/index.rst @@ -13,18 +13,14 @@ This section describes the changes and improvements between different versions of Varnish, and what upgrading between the different versions entail. -Varnish **$NEXT_RELEASE** -------------------------- - -**Note: These are working documents for a future release, with running -updates for changes in the development branch. For changes in the -released versions of Varnish, see the chapters listed below.** +Varnish 7.7 +----------- .. toctree:: :maxdepth: 2 - changes-trunk - upgrading-trunk + changes-7.7 + upgrading-7.7 Varnish 7.6 ----------- diff --git a/doc/sphinx/whats-new/upgrading-trunk.rst b/doc/sphinx/whats-new/upgrading-7.7.rst similarity index 100% rename from doc/sphinx/whats-new/upgrading-trunk.rst rename to doc/sphinx/whats-new/upgrading-7.7.rst From nils.goroll at uplex.de Thu Mar 13 09:59:06 2025 From: nils.goroll at uplex.de (Nils Goroll) Date: Thu, 13 Mar 2025 09:59:06 +0000 (UTC) Subject: [master] f7b6ff552 doc: Change next release version to 7.7 Message-ID: <20250313095906.253EB11692D@lists.varnish-cache.org> commit f7b6ff552aade0a14010498fac5afad5d811da22 Author: Nils Goroll Date: Thu Mar 13 10:55:58 2025 +0100 doc: Change next release version to 7.7 diff --git a/doc/changes.rst b/doc/changes.rst index 37dadc83b..292f8b456 100644 --- a/doc/changes.rst +++ b/doc/changes.rst @@ -34,9 +34,9 @@ http://varnish-cache.org/docs/trunk/whats-new/index.html and via individual releases. These documents are updated as part of the release process. -=============================== -Varnish Cache NEXT (2025-03-15) -=============================== +============================== +Varnish-Cache 7.7 (2025-03-15) +============================== .. PLEASE keep this roughly in commit order as shown by git-log / tig (new to old) diff --git a/doc/sphinx/whats-new/changes-7.7.rst b/doc/sphinx/whats-new/changes-7.7.rst index eda8249fa..9c1281902 100644 --- a/doc/sphinx/whats-new/changes-7.7.rst +++ b/doc/sphinx/whats-new/changes-7.7.rst @@ -1,15 +1,15 @@ -.. _whatsnew_changes_CURRENT: +.. _whatsnew_changes_7.7: -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -Changes in Varnish-Cache **${NEXT_RELEASE}** -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%% +Changes in Varnish-Cache 7.7 +%%%%%%%%%%%%%%%%%%%%%%%%%%%% For information about updating your current Varnish deployment to the new -version, see :ref:`whatsnew_upgrading_CURRENT`. +version, see :ref:`whatsnew_upgrading_7.7`. **NOTE**: In this Varnish-Cache release, we changed how timestamps are taken for the http2 protocol, which could look like a performance regression, but is not. -See :ref:`whatsnew_changes_CURRENT_h2_timestamps`. +See :ref:`whatsnew_changes_7.7_h2_timestamps`. A more detailed and technical account of changes in Varnish-Cache, with links to issues that have been fixed and pull requests that have been merged, may be @@ -97,7 +97,7 @@ Generic Logging (VSL) affecting ``varnishlog``, ``varnishncsa`` and ``varnishtop``: -.. _whatsnew_changes_CURRENT_h2_timestamps: +.. _whatsnew_changes_7.7_h2_timestamps: http2 related timestamps ~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/doc/sphinx/whats-new/upgrading-7.7.rst b/doc/sphinx/whats-new/upgrading-7.7.rst index d2b7611a6..af1228e75 100644 --- a/doc/sphinx/whats-new/upgrading-7.7.rst +++ b/doc/sphinx/whats-new/upgrading-7.7.rst @@ -1,19 +1,15 @@ -**Note: This is a working document for a future release, with running -updates for changes in the development branch. For changes in the -released versions of Varnish, see:** :ref:`whats-new-index` +.. _whatsnew_upgrading_7.7: -.. _whatsnew_upgrading_CURRENT: - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -Upgrading to Varnish **$NEXT_RELEASE** -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +Upgrading to Varnish-Cache 7.7 +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% In general, upgrading from Varnish 7.6 to 7.7 should not require any changes besides the actual upgrade. Note, however, that some log messages and in particular timestamps have changed, -see :ref:`whatsnew_changes_CURRENT` and -:ref:`whatsnew_changes_CURRENT_h2_timestamps` in particular. Here, we only +see :ref:`whatsnew_changes_7.7` and +:ref:`whatsnew_changes_7.7_h2_timestamps` in particular. Here, we only summarize the changes: * We have changed how http/2 timestamps are taken. From nils.goroll at uplex.de Thu Mar 13 10:05:05 2025 From: nils.goroll at uplex.de (Nils Goroll) Date: Thu, 13 Mar 2025 10:05:05 +0000 (UTC) Subject: [master] d84e12682 doc: Make release doc titles consistent wrt boldface Message-ID: <20250313100505.D028B11709C@lists.varnish-cache.org> commit d84e126822bc76a8f5424d18a66c6317f3a25e42 Author: Nils Goroll Date: Thu Mar 13 11:03:39 2025 +0100 doc: Make release doc titles consistent wrt boldface diff --git a/doc/sphinx/whats-new/changes-7.4.rst b/doc/sphinx/whats-new/changes-7.4.rst index a39e2c16b..55ad2d890 100644 --- a/doc/sphinx/whats-new/changes-7.4.rst +++ b/doc/sphinx/whats-new/changes-7.4.rst @@ -1,8 +1,8 @@ .. _whatsnew_changes_7.4: -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -Changes in Varnish **7.4** -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%%%%%%%%%%%%%%%%% +Changes in Varnish 7.4 +%%%%%%%%%%%%%%%%%%%%%% For information about updating your current Varnish deployment to the new version, see :ref:`whatsnew_upgrading_7.4`. diff --git a/doc/sphinx/whats-new/changes-7.5.rst b/doc/sphinx/whats-new/changes-7.5.rst index e55acb1f9..807770912 100644 --- a/doc/sphinx/whats-new/changes-7.5.rst +++ b/doc/sphinx/whats-new/changes-7.5.rst @@ -1,8 +1,8 @@ .. _whatsnew_changes_7.5: -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -Changes in Varnish **7.5** -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%%%%%%%%%%%%%%%%% +Changes in Varnish 7.5 +%%%%%%%%%%%%%%%%%%%%%% For information about updating your current Varnish deployment to the new version, see :ref:`whatsnew_upgrading_7.5`. diff --git a/doc/sphinx/whats-new/upgrading-7.5.rst b/doc/sphinx/whats-new/upgrading-7.5.rst index ac068ec86..67d8beb34 100644 --- a/doc/sphinx/whats-new/upgrading-7.5.rst +++ b/doc/sphinx/whats-new/upgrading-7.5.rst @@ -1,8 +1,8 @@ .. _whatsnew_upgrading_7.5: -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -Upgrading to Varnish **7.5** -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%%%%%%%%%%%%%%%%%%% +Upgrading to Varnish 7.5 +%%%%%%%%%%%%%%%%%%%%%%%% Logs ==== From walid.boudebouda at gmail.com Thu Mar 13 15:16:05 2025 From: walid.boudebouda at gmail.com (Walid Boudebouda) Date: Thu, 13 Mar 2025 15:16:05 +0000 (UTC) Subject: [master] ee2006e6e changes: Be more specific about changes introduced in #4257 Message-ID: <20250313151605.EA1457715@lists.varnish-cache.org> commit ee2006e6ec8b535be4b5c5518f817ebc5cbc3dab Author: Walid Boudebouda Date: Thu Mar 13 14:41:35 2025 +0100 changes: Be more specific about changes introduced in #4257 diff --git a/doc/changes.rst b/doc/changes.rst index 292f8b456..170299f0a 100644 --- a/doc/changes.rst +++ b/doc/changes.rst @@ -104,7 +104,9 @@ Varnish-Cache 7.7 (2025-03-15) The output format of ``varnishadm param.show`` has been adjusted accordingly. * Behavior of the VCL ``include`` statement with the ``+glob`` option has been - clarified to not search directories in ``vcl_path``. + clarified to not search directories in ``vcl_path``. Using ``+glob`` includes + with a relative path that does not start with "./" will now result in a VCL + compile failure. * The ``linux`` jail gained control of transparent huge pages (THP) settings: The ``transparent_hugepage`` suboption can be set to ``ignore`` to do nothing, diff --git a/doc/sphinx/whats-new/changes-7.7.rst b/doc/sphinx/whats-new/changes-7.7.rst index 9c1281902..4284214f0 100644 --- a/doc/sphinx/whats-new/changes-7.7.rst +++ b/doc/sphinx/whats-new/changes-7.7.rst @@ -86,7 +86,9 @@ Other changes to VCL ~~~~~~~~~~~~~~~~~~~~ Behavior of the VCL ``include`` statement with the ``+glob`` option has been -clarified to not search directories in ``vcl_path``. +clarified to not search directories in ``vcl_path``. Using ``+glob`` includes +with a relative path that does not start with "./" will now result in a VCL +compile failure. Validation of the ``PROXY2`` ``PP2_TYPE_AUTHORITY`` TLV sent with ``.via`` backends has been corrected: IP addresses are no longer accepted as an From walid.boudebouda at gmail.com Thu Mar 13 15:16:06 2025 From: walid.boudebouda at gmail.com (Walid Boudebouda) Date: Thu, 13 Mar 2025 15:16:06 +0000 (UTC) Subject: [master] 25eb04146 changes: Mention #4257 Message-ID: <20250313151606.152AE7725@lists.varnish-cache.org> commit 25eb04146e511377c8047e3a0ca9c356df2a593f Author: Walid Boudebouda Date: Thu Mar 13 15:11:29 2025 +0100 changes: Mention #4257 diff --git a/doc/changes.rst b/doc/changes.rst index 170299f0a..8d105980c 100644 --- a/doc/changes.rst +++ b/doc/changes.rst @@ -254,6 +254,10 @@ Varnish-Cache 7.7 (2025-03-15) * The acceptor code has been refactored for basic support of pluggable acceptors. +.. _4170: https://github.com/varnishcache/varnish-cache/issues/4170 + +* ``return (fail(...))`` can now take strings returned from a vmod. (`4170`_) + ================================ Varnish Cache 7.6.1 (2024-11-08) ================================ diff --git a/doc/sphinx/whats-new/changes-7.7.rst b/doc/sphinx/whats-new/changes-7.7.rst index 4284214f0..7bda4530d 100644 --- a/doc/sphinx/whats-new/changes-7.7.rst +++ b/doc/sphinx/whats-new/changes-7.7.rst @@ -94,6 +94,8 @@ Validation of the ``PROXY2`` ``PP2_TYPE_AUTHORITY`` TLV sent with ``.via`` backends has been corrected: IP addresses are no longer accepted as an authority and port numbers are automatically removed. +``return (fail(...))`` can now take strings returned from a vmod. + Generic Logging (VSL) ===================== From walid.boudebouda at gmail.com Thu Mar 13 15:16:06 2025 From: walid.boudebouda at gmail.com (Walid Boudebouda) Date: Thu, 13 Mar 2025 15:16:06 +0000 (UTC) Subject: [master] fad3f583e changes: Mention #4197 Message-ID: <20250313151606.2F2BC7734@lists.varnish-cache.org> commit fad3f583ee973d27a40a6c5c66c2bfc108486580 Author: Walid Boudebouda Date: Thu Mar 13 15:20:37 2025 +0100 changes: Mention #4197 diff --git a/doc/changes.rst b/doc/changes.rst index 8d105980c..5ab7a0ff3 100644 --- a/doc/changes.rst +++ b/doc/changes.rst @@ -254,6 +254,8 @@ Varnish-Cache 7.7 (2025-03-15) * The acceptor code has been refactored for basic support of pluggable acceptors. +* The CLI command ``backend.list -j`` now outputs IPs/port information. + .. _4170: https://github.com/varnishcache/varnish-cache/issues/4170 * ``return (fail(...))`` can now take strings returned from a vmod. (`4170`_) diff --git a/doc/sphinx/whats-new/changes-7.7.rst b/doc/sphinx/whats-new/changes-7.7.rst index 7bda4530d..6b7ad5666 100644 --- a/doc/sphinx/whats-new/changes-7.7.rst +++ b/doc/sphinx/whats-new/changes-7.7.rst @@ -96,6 +96,11 @@ authority and port numbers are automatically removed. ``return (fail(...))`` can now take strings returned from a vmod. +varnishadm +========== + +* The CLI command ``backend.list -j`` now outputs IPs/port information. + Generic Logging (VSL) ===================== diff --git a/doc/sphinx/whats-new/upgrading-7.7.rst b/doc/sphinx/whats-new/upgrading-7.7.rst index af1228e75..a6838cea0 100644 --- a/doc/sphinx/whats-new/upgrading-7.7.rst +++ b/doc/sphinx/whats-new/upgrading-7.7.rst @@ -21,6 +21,8 @@ summarize the changes: * ``varnishncsa`` now outputs headers as they are received and sent. +* The CLI command ``backend.list -j`` now outputs IPs/port information. + Upgrade notes for VMOD developers ================================= From walid.boudebouda at gmail.com Thu Mar 13 15:16:06 2025 From: walid.boudebouda at gmail.com (Walid Boudebouda) Date: Thu, 13 Mar 2025 15:16:06 +0000 (UTC) Subject: [master] 28812b57f changes: Mention #4035 Message-ID: <20250313151606.4AC4A7738@lists.varnish-cache.org> commit 28812b57f34a73fcf5035845df200a4c3cd305b7 Author: Walid Boudebouda Date: Thu Mar 13 15:38:29 2025 +0100 changes: Mention #4035 diff --git a/doc/changes.rst b/doc/changes.rst index 5ab7a0ff3..e81abfa05 100644 --- a/doc/changes.rst +++ b/doc/changes.rst @@ -254,6 +254,10 @@ Varnish-Cache 7.7 (2025-03-15) * The acceptor code has been refactored for basic support of pluggable acceptors. +* Two new VCL variables ``req.filters`` and ``bereq.filters`` can now be used to + pass request bodies through a list of VFPs and backend request bodies through a + list of VDPs respectively. + * The CLI command ``backend.list -j`` now outputs IPs/port information. .. _4170: https://github.com/varnishcache/varnish-cache/issues/4170 diff --git a/doc/sphinx/whats-new/changes-7.7.rst b/doc/sphinx/whats-new/changes-7.7.rst index 6b7ad5666..603312293 100644 --- a/doc/sphinx/whats-new/changes-7.7.rst +++ b/doc/sphinx/whats-new/changes-7.7.rst @@ -72,6 +72,12 @@ Changes to VCL VCL variables ~~~~~~~~~~~~~ +Two new VCL variables ``req.filters`` and ``bereq.filters`` can now be used to +pass request bodies through a list of VFPs and backend request bodies through a +list of VDPs respectively. This can be useful for processing or transforming +request bodies as they go through varnish. See :ref:`vcl-var(7)` for more +details. + VCL now supports ``unset req.grace`` and ``unset req.ttl`` to reset the respective variables to the "no effect" value, which is also the default. From walid.boudebouda at gmail.com Thu Mar 13 15:16:06 2025 From: walid.boudebouda at gmail.com (Walid Boudebouda) Date: Thu, 13 Mar 2025 15:16:06 +0000 (UTC) Subject: [master] 320e6356f changes: Mention #4139 Message-ID: <20250313151606.6B7C37742@lists.varnish-cache.org> commit 320e6356f9f7d18e7db3c00fb31767866e2d96ac Author: Walid Boudebouda Date: Thu Mar 13 15:42:28 2025 +0100 changes: Mention #4139 diff --git a/doc/changes.rst b/doc/changes.rst index e81abfa05..3eba22f84 100644 --- a/doc/changes.rst +++ b/doc/changes.rst @@ -254,6 +254,9 @@ Varnish-Cache 7.7 (2025-03-15) * The acceptor code has been refactored for basic support of pluggable acceptors. +* The management process now logs the PID of the process from which it + received a signal. + * Two new VCL variables ``req.filters`` and ``bereq.filters`` can now be used to pass request bodies through a list of VFPs and backend request bodies through a list of VDPs respectively. diff --git a/doc/sphinx/whats-new/changes-7.7.rst b/doc/sphinx/whats-new/changes-7.7.rst index 603312293..19c308522 100644 --- a/doc/sphinx/whats-new/changes-7.7.rst +++ b/doc/sphinx/whats-new/changes-7.7.rst @@ -66,6 +66,9 @@ Other changes in varnishd An issue has been fixed which could cause a crash when ``varnishd`` receives an invalid ``Content-Range`` header from a backend. +The management process now logs the PID of the process from which it +received a signal. + Changes to VCL ============== From walid.boudebouda at gmail.com Thu Mar 13 15:16:06 2025 From: walid.boudebouda at gmail.com (Walid Boudebouda) Date: Thu, 13 Mar 2025 15:16:06 +0000 (UTC) Subject: [master] 7d6a7f376 changes: Mention db5314e Message-ID: <20250313151606.81C81774D@lists.varnish-cache.org> commit 7d6a7f3761e468853be671f508722a728df517f4 Author: Walid Boudebouda Date: Thu Mar 13 15:50:31 2025 +0100 changes: Mention db5314e diff --git a/doc/changes.rst b/doc/changes.rst index 3eba22f84..5a0076b23 100644 --- a/doc/changes.rst +++ b/doc/changes.rst @@ -150,6 +150,8 @@ Varnish-Cache 7.7 (2025-03-15) exceeds ``http_req_size``. The default of ``0`` keeps the existing behavior to just close the connection in this case. (`2735`_) +* ``req.hash`` is now also readable from ``vcl_synth`` and ``vcl_pipe``. + .. _4142: https://github.com/varnishcache/varnish-cache/pull/4142 .. _4259: https://github.com/varnishcache/varnish-cache/pull/4259 diff --git a/doc/sphinx/whats-new/changes-7.7.rst b/doc/sphinx/whats-new/changes-7.7.rst index 19c308522..4accd1213 100644 --- a/doc/sphinx/whats-new/changes-7.7.rst +++ b/doc/sphinx/whats-new/changes-7.7.rst @@ -91,6 +91,8 @@ vcl_deliver, vcl_synth``, respectively. The ``Content-Length`` header is now consistently removed after ``unset bereq.body`` on the backend side. +``req.hash`` is now also readable from ``vcl_synth`` and ``vcl_pipe``. + Other changes to VCL ~~~~~~~~~~~~~~~~~~~~ From walid.boudebouda at gmail.com Thu Mar 13 15:16:06 2025 From: walid.boudebouda at gmail.com (Walid Boudebouda) Date: Thu, 13 Mar 2025 15:16:06 +0000 (UTC) Subject: [master] 673fe1c8d changes: Mention 0f935cc and 1970515 Message-ID: <20250313151606.9A496775B@lists.varnish-cache.org> commit 673fe1c8de085c22c7db09429a3341ef68052b2b Author: Walid Boudebouda Date: Thu Mar 13 16:01:45 2025 +0100 changes: Mention 0f935cc and 1970515 diff --git a/doc/changes.rst b/doc/changes.rst index 5a0076b23..9f81776b9 100644 --- a/doc/changes.rst +++ b/doc/changes.rst @@ -129,6 +129,11 @@ Varnish-Cache 7.7 (2025-03-15) backends has been corrected: IP addresses are no longer accepted as an authority and port numbers are automatically removed. (`3963`_) +* The varnishd parameters ``max_restarts`` and ``max_retries`` have been + made more consistent, which prevents a potential panic that could be + triggered when reducing the value of ``max_restarts`` under certain + conditions. + .. _3757: https://github.com/varnishcache/varnish-cache/issues/3757 * Handling of curses errors in the interactive mode of ``varnishstat``, diff --git a/doc/sphinx/whats-new/changes-7.7.rst b/doc/sphinx/whats-new/changes-7.7.rst index 4accd1213..526c0a25e 100644 --- a/doc/sphinx/whats-new/changes-7.7.rst +++ b/doc/sphinx/whats-new/changes-7.7.rst @@ -47,6 +47,11 @@ which can be considered a bugfix, depending on the exact interpretation of the semantics of ban expressions with regards to variants. ``0`` will become the new default in a future release of Varnish-Cache. +The varnishd parameters ``max_restarts`` and ``max_retries`` have been +made more consistent, which prevents a potential panic that could be +triggered when reducing the value of ``max_restarts`` under certain +conditions. + Jails ~~~~~ From walid.boudebouda at gmail.com Thu Mar 13 15:16:06 2025 From: walid.boudebouda at gmail.com (Walid Boudebouda) Date: Thu, 13 Mar 2025 15:16:06 +0000 (UTC) Subject: [master] 097bc420d param: Add delayed flag to max_{restarts,retries} Message-ID: <20250313151606.BA25F7774@lists.varnish-cache.org> commit 097bc420dfb4fc3e0675ba15a5efc2e17bf4ff7a Author: Walid Boudebouda Date: Thu Mar 13 14:46:23 2025 +0100 param: Add delayed flag to max_{restarts,retries} Refs 1970515d8a4ae770cb610c98a155d456fe4e42e9 Refs 0f935ccecfb66c5058099875f281ec4bb41306a7 diff --git a/include/tbl/params.h b/include/tbl/params.h index 65404cf21..7c2c7a667 100644 --- a/include/tbl/params.h +++ b/include/tbl/params.h @@ -771,7 +771,8 @@ PARAM_SIMPLE( /* def */ "4", /* units */ "restarts", /* descr */ - "Upper limit on how many times a request can restart." + "Upper limit on how many times a request can restart.", + /* flags */ DELAYED_EFFECT ) PARAM_SIMPLE( @@ -782,7 +783,8 @@ PARAM_SIMPLE( /* def */ "4", /* units */ "retries", /* descr */ - "Upper limit on how many times a backend fetch can retry." + "Upper limit on how many times a backend fetch can retry.", + /* flags */ DELAYED_EFFECT ) PARAM_SIMPLE( From dridi.boukelmoune at gmail.com Mon Mar 17 06:50:07 2025 From: dridi.boukelmoune at gmail.com (Dridi Boukelmoune) Date: Mon, 17 Mar 2025 06:50:07 +0000 (UTC) Subject: [master] d253db5fb remove redundant 'if' Message-ID: <20250317065007.6A4101168B4@lists.varnish-cache.org> commit d253db5fb64101613d173fa3021888ff25067398 Author: Kim Klotz Date: Sat Mar 15 23:49:32 2025 +0100 remove redundant 'if' diff --git a/doc/sphinx/phk/notes.rst b/doc/sphinx/phk/notes.rst index 2830b0705..1695dd8b7 100644 --- a/doc/sphinx/phk/notes.rst +++ b/doc/sphinx/phk/notes.rst @@ -184,7 +184,7 @@ of RAM and move on. On a Multi-CPU system, and it doesn't matter if the CPUs share a socket or have their own, we first have to check if any of the other CPUs have a modified copy of n_foo stored in their caches, so a -special bus-transaction goes out to find this out, if if some cpu +special bus-transaction goes out to find this out, if some cpu comes back and says "yeah, I have it" that cpu gets to write it to RAM. On good hardware designs, our CPU will listen in on the bus during that write operation, on bad designs it will have to do a From walid.boudebouda at gmail.com Mon Mar 17 13:51:03 2025 From: walid.boudebouda at gmail.com (Walid Boudebouda) Date: Mon, 17 Mar 2025 13:51:03 +0000 (UTC) Subject: [7.7] 8ef69a03b req_fsm: Close the connection on a malformed request Message-ID: <20250317135103.23FFC63214@lists.varnish-cache.org> commit 8ef69a03b36aeac5f364c01eb20f821860e47f14 Author: Dag Haavi Finstad Date: Fri Jan 10 13:07:54 2025 +0100 req_fsm: Close the connection on a malformed request diff --git a/bin/varnishd/cache/cache_req_fsm.c b/bin/varnishd/cache/cache_req_fsm.c index 1004cbc5f..803810210 100644 --- a/bin/varnishd/cache/cache_req_fsm.c +++ b/bin/varnishd/cache/cache_req_fsm.c @@ -962,6 +962,7 @@ cnt_recv(struct worker *wrk, struct req *req) if (http_CountHdr(req->http0, H_Host) > 1) { VSLb(req->vsl, SLT_BogoHeader, "Multiple Host: headers"); wrk->stats->client_req_400++; + req->doclose = SC_RX_BAD; (void)req->transport->minimal_response(req, 400); return (REQ_FSM_DONE); } @@ -969,6 +970,7 @@ cnt_recv(struct worker *wrk, struct req *req) if (http_CountHdr(req->http0, H_Content_Length) > 1) { VSLb(req->vsl, SLT_BogoHeader, "Multiple Content-Length: headers"); wrk->stats->client_req_400++; + req->doclose = SC_RX_BAD; (void)req->transport->minimal_response(req, 400); return (REQ_FSM_DONE); } diff --git a/bin/varnishtest/tests/b00037.vtc b/bin/varnishtest/tests/b00037.vtc index ce0e84112..e6185bd07 100644 --- a/bin/varnishtest/tests/b00037.vtc +++ b/bin/varnishtest/tests/b00037.vtc @@ -11,6 +11,7 @@ client c1 { varnish v1 -vsl_catchup varnish v1 -expect client_req_400 == 1 +varnish v1 -expect sc_rx_bad == 1 client c1 { txreq -method POST -hdr "Content-Length: 12" -hdr "Content-Length: 12" -bodylen 12 @@ -20,6 +21,7 @@ client c1 { varnish v1 -vsl_catchup varnish v1 -expect client_req_400 == 2 +varnish v1 -expect sc_rx_bad == 2 varnish v1 -cliok "param.set feature +http2" From walid.boudebouda at gmail.com Mon Mar 17 13:51:03 2025 From: walid.boudebouda at gmail.com (Walid Boudebouda) Date: Mon, 17 Mar 2025 13:51:03 +0000 (UTC) Subject: [7.7] 083b5f884 changes: Mention VSV 15 Message-ID: <20250317135103.49AAA63218@lists.varnish-cache.org> commit 083b5f8848e4dddf1a46419f269ad73add897891 Author: Walid Boudebouda Date: Mon Mar 17 10:11:46 2025 +0100 changes: Mention VSV 15 diff --git a/doc/changes.rst b/doc/changes.rst index 9f81776b9..35a15d8bc 100644 --- a/doc/changes.rst +++ b/doc/changes.rst @@ -41,6 +41,11 @@ Varnish-Cache 7.7 (2025-03-15) .. PLEASE keep this roughly in commit order as shown by git-log / tig (new to old) +.. _VSV00015: https://varnish-cache.org/security/VSV00015.html + +* The client connection is now always closed when a malformed request + is received. (VSV00015_) + .. _4281: https://github.com/varnishcache/varnish-cache/issues/4281 * For http/2, normal client behavior like timeouts or closed connection was diff --git a/doc/sphinx/whats-new/changes-7.7.rst b/doc/sphinx/whats-new/changes-7.7.rst index 526c0a25e..bf7777d24 100644 --- a/doc/sphinx/whats-new/changes-7.7.rst +++ b/doc/sphinx/whats-new/changes-7.7.rst @@ -17,6 +17,15 @@ found in the `change log`_. .. _change log: https://github.com/varnishcache/varnish-cache/blob/master/doc/changes.rst +Security +======== + +VSV 15: +~~~~~~~ + +The client connection is now always closed when a malformed request +is received. + varnishd ======== From walid.boudebouda at gmail.com Mon Mar 17 13:51:03 2025 From: walid.boudebouda at gmail.com (Walid Boudebouda) Date: Mon, 17 Mar 2025 13:51:03 +0000 (UTC) Subject: [7.7] c7a8b5d2b vrt: Populate vrt change list for 7.7 release Message-ID: <20250317135103.789886321E@lists.varnish-cache.org> commit c7a8b5d2b9a92d817320e32bb85e028ab60e0a19 Author: Walid Boudebouda Date: Mon Mar 17 11:17:41 2025 +0100 vrt: Populate vrt change list for 7.7 release diff --git a/include/vrt.h b/include/vrt.h index 23cb77776..1f3c6d400 100644 --- a/include/vrt.h +++ b/include/vrt.h @@ -58,6 +58,12 @@ * binary/load-time compatible, increment MAJOR version * * NEXT (2025-03-15) + * VRT_u_req_grace() added + * VRT_u_req_ttl() added + * VRT_r_req_filters() added + * VRT_l_req_filters() added + * VRT_r_bereq_filters() added + * VRT_l_bereq_filters() added * 20.1 (2024-11-08 7.6.1) * VDI_EVENT_SICK added to enum vcl_event_e * 20.0 (2024-09-13) From walid.boudebouda at gmail.com Mon Mar 17 13:51:03 2025 From: walid.boudebouda at gmail.com (Walid Boudebouda) Date: Mon, 17 Mar 2025 13:51:03 +0000 (UTC) Subject: [7.7] 71fc9d211 Prepare for 7.7.0 Message-ID: <20250317135103.A62EE63222@lists.varnish-cache.org> commit 71fc9d211c471106e4be590f3816a56ba156a833 Author: Walid Boudebouda Date: Mon Mar 17 10:27:43 2025 +0100 Prepare for 7.7.0 diff --git a/bin/varnishtest/tests/m00003.vtc b/bin/varnishtest/tests/m00003.vtc index 635b3f0aa..22bd4ba71 100644 --- a/bin/varnishtest/tests/m00003.vtc +++ b/bin/varnishtest/tests/m00003.vtc @@ -96,7 +96,7 @@ filewrite -a ${tmpdir}/libvmod_wrong.so "\x03" varnish v1 -errvcl {VMOD wants ABI version 1.0} { import wrong; } ############################################################# -# NB: in the tests below "20" should track VRT_MAJOR_VERSION +# NB: in the tests below "21" should track VRT_MAJOR_VERSION filewrite ${tmpdir}/libvmod_wrong.so "VMOD_JSON_SPEC\x02" filewrite -a ${tmpdir}/libvmod_wrong.so { @@ -108,7 +108,7 @@ filewrite -a ${tmpdir}/libvmod_wrong.so { "Vmod_vmod_wrong_Func", "0000000000000000000000000000000000000000000000000000000000000000", "0000000000000000000000000000000000000000000000000000000000000000", - "20", + "21", "0" ], [ "$FOOBAR" @@ -128,7 +128,7 @@ filewrite -a ${tmpdir}/libvmod_wrong.so { "Vmod_vmod_wrong_Func", "0000000000000000000000000000000000000000000000000000000000000000", "0000000000000000000000000000000000000000000000000000000000000000", - "20", + "21", "0" ] ] @@ -146,7 +146,7 @@ filewrite -a ${tmpdir}/libvmod_wrong.so { "Vmod_vmod_wrong_Func", "0000000000000000000000000000000000000000000000000000000000000000", "0000000000000000000000000000000000000000000000000000000000000000", - "20", + "21", "0" ], [ "$CPROTO" @@ -168,7 +168,7 @@ filewrite -a ${tmpdir}/libvmod_wrong.so { "Vmod_vmod_std_Func", "0000000000000000000000000000000000000000000000000000000000000000", "0000000000000000000000000000000000000000000000000000000000000000", - "20", + "21", "0" ], [ "$CPROTO", "/* blabla */" diff --git a/bin/varnishtest/tests/m00055.vtc b/bin/varnishtest/tests/m00055.vtc index 7d17010aa..7c4c70342 100644 --- a/bin/varnishtest/tests/m00055.vtc +++ b/bin/varnishtest/tests/m00055.vtc @@ -21,7 +21,7 @@ filewrite -a ${tmpdir}/libvmod_wrong.so { "Vmod_vmod_wrong_Func", "0000000000000000000000000000000000000000000000000000000000000000", "0000000000000000000000000000000000000000000000000000000000000000", - "20", + "21", "0" ], [ diff --git a/configure.ac b/configure.ac index 8e683eb02..e2779521f 100644 --- a/configure.ac +++ b/configure.ac @@ -1,9 +1,9 @@ AC_PREREQ([2.69]) AC_COPYRIGHT([Copyright (c) 2006 Verdens Gang AS -Copyright (c) 2006-2024 Varnish Software -Copyright 2010-2024 UPLEX - Nils Goroll Systemoptimierung]) +Copyright (c) 2006-2025 Varnish Software +Copyright 2010-2025 UPLEX - Nils Goroll Systemoptimierung]) AC_REVISION([$Id$]) -AC_INIT([Varnish], [trunk], [varnish-dev at varnish-cache.org]) +AC_INIT([Varnish], [7.7.0], [varnish-dev at varnish-cache.org]) AC_CONFIG_SRCDIR(include/miniobj.h) AC_CONFIG_HEADERS([config.h]) AC_CONFIG_MACRO_DIR([m4]) diff --git a/doc/changes.rst b/doc/changes.rst index 35a15d8bc..61ee71669 100644 --- a/doc/changes.rst +++ b/doc/changes.rst @@ -35,7 +35,7 @@ individual releases. These documents are updated as part of the release process. ============================== -Varnish-Cache 7.7 (2025-03-15) +Varnish-Cache 7.7 (2025-03-17) ============================== .. PLEASE keep this roughly in commit order as shown by git-log / tig diff --git a/doc/sphinx/index.rst b/doc/sphinx/index.rst index 489910406..59678cebf 100644 --- a/doc/sphinx/index.rst +++ b/doc/sphinx/index.rst @@ -40,9 +40,9 @@ Conventions used in this manual include: Longer listings like example command output and VCL look like this:: $ /opt/varnish/sbin/varnishd -V - varnishd (varnish-7.5.0 revision 1234567) + varnishd (varnish-7.7.0 revision 1234567) Copyright (c) 2006 Verdens Gang AS - Copyright (c) 2006-2024 Varnish Software + Copyright (c) 2006-2025 Varnish Software .. For maintainers: diff --git a/include/vrt.h b/include/vrt.h index 1f3c6d400..49e3f5960 100644 --- a/include/vrt.h +++ b/include/vrt.h @@ -46,9 +46,9 @@ # error "include vdef.h before vrt.h" #endif -#define VRT_MAJOR_VERSION 20U +#define VRT_MAJOR_VERSION 21U -#define VRT_MINOR_VERSION 1U +#define VRT_MINOR_VERSION 0U /*********************************************************************** * Major and minor VRT API versions. @@ -57,7 +57,7 @@ * Whenever something is deleted or changed in a way which is not * binary/load-time compatible, increment MAJOR version * - * NEXT (2025-03-15) + * 21.0 (2025-03-17) * VRT_u_req_grace() added * VRT_u_req_ttl() added * VRT_r_req_filters() added diff --git a/lib/libvarnish/version.c b/lib/libvarnish/version.c index 4f5983c0d..651e739f6 100644 --- a/lib/libvarnish/version.c +++ b/lib/libvarnish/version.c @@ -76,8 +76,8 @@ VCS_String(const char *which) ")" "\n" "Copyright (c) 2006 Verdens Gang AS\n" - "Copyright (c) 2006-2024 Varnish Software\n" - "Copyright 2010-2024 UPLEX - Nils Goroll Systemoptimierung\n" + "Copyright (c) 2006-2025 Varnish Software\n" + "Copyright 2010-2025 UPLEX - Nils Goroll Systemoptimierung\n" ); default: WRONG("Wrong argument to VCS_String"); From walid.boudebouda at gmail.com Mon Mar 17 14:11:05 2025 From: walid.boudebouda at gmail.com (Walid Boudebouda) Date: Mon, 17 Mar 2025 14:11:05 +0000 (UTC) Subject: [master] 8ef69a03b req_fsm: Close the connection on a malformed request Message-ID: <20250317141105.54C3F6442D@lists.varnish-cache.org> commit 8ef69a03b36aeac5f364c01eb20f821860e47f14 Author: Dag Haavi Finstad Date: Fri Jan 10 13:07:54 2025 +0100 req_fsm: Close the connection on a malformed request diff --git a/bin/varnishd/cache/cache_req_fsm.c b/bin/varnishd/cache/cache_req_fsm.c index 1004cbc5f..803810210 100644 --- a/bin/varnishd/cache/cache_req_fsm.c +++ b/bin/varnishd/cache/cache_req_fsm.c @@ -962,6 +962,7 @@ cnt_recv(struct worker *wrk, struct req *req) if (http_CountHdr(req->http0, H_Host) > 1) { VSLb(req->vsl, SLT_BogoHeader, "Multiple Host: headers"); wrk->stats->client_req_400++; + req->doclose = SC_RX_BAD; (void)req->transport->minimal_response(req, 400); return (REQ_FSM_DONE); } @@ -969,6 +970,7 @@ cnt_recv(struct worker *wrk, struct req *req) if (http_CountHdr(req->http0, H_Content_Length) > 1) { VSLb(req->vsl, SLT_BogoHeader, "Multiple Content-Length: headers"); wrk->stats->client_req_400++; + req->doclose = SC_RX_BAD; (void)req->transport->minimal_response(req, 400); return (REQ_FSM_DONE); } diff --git a/bin/varnishtest/tests/b00037.vtc b/bin/varnishtest/tests/b00037.vtc index ce0e84112..e6185bd07 100644 --- a/bin/varnishtest/tests/b00037.vtc +++ b/bin/varnishtest/tests/b00037.vtc @@ -11,6 +11,7 @@ client c1 { varnish v1 -vsl_catchup varnish v1 -expect client_req_400 == 1 +varnish v1 -expect sc_rx_bad == 1 client c1 { txreq -method POST -hdr "Content-Length: 12" -hdr "Content-Length: 12" -bodylen 12 @@ -20,6 +21,7 @@ client c1 { varnish v1 -vsl_catchup varnish v1 -expect client_req_400 == 2 +varnish v1 -expect sc_rx_bad == 2 varnish v1 -cliok "param.set feature +http2" From walid.boudebouda at gmail.com Mon Mar 17 14:11:05 2025 From: walid.boudebouda at gmail.com (Walid Boudebouda) Date: Mon, 17 Mar 2025 14:11:05 +0000 (UTC) Subject: [master] 083b5f884 changes: Mention VSV 15 Message-ID: <20250317141105.6EF9E64432@lists.varnish-cache.org> commit 083b5f8848e4dddf1a46419f269ad73add897891 Author: Walid Boudebouda Date: Mon Mar 17 10:11:46 2025 +0100 changes: Mention VSV 15 diff --git a/doc/changes.rst b/doc/changes.rst index 9f81776b9..35a15d8bc 100644 --- a/doc/changes.rst +++ b/doc/changes.rst @@ -41,6 +41,11 @@ Varnish-Cache 7.7 (2025-03-15) .. PLEASE keep this roughly in commit order as shown by git-log / tig (new to old) +.. _VSV00015: https://varnish-cache.org/security/VSV00015.html + +* The client connection is now always closed when a malformed request + is received. (VSV00015_) + .. _4281: https://github.com/varnishcache/varnish-cache/issues/4281 * For http/2, normal client behavior like timeouts or closed connection was diff --git a/doc/sphinx/whats-new/changes-7.7.rst b/doc/sphinx/whats-new/changes-7.7.rst index 526c0a25e..bf7777d24 100644 --- a/doc/sphinx/whats-new/changes-7.7.rst +++ b/doc/sphinx/whats-new/changes-7.7.rst @@ -17,6 +17,15 @@ found in the `change log`_. .. _change log: https://github.com/varnishcache/varnish-cache/blob/master/doc/changes.rst +Security +======== + +VSV 15: +~~~~~~~ + +The client connection is now always closed when a malformed request +is received. + varnishd ======== From walid.boudebouda at gmail.com Mon Mar 17 14:11:05 2025 From: walid.boudebouda at gmail.com (Walid Boudebouda) Date: Mon, 17 Mar 2025 14:11:05 +0000 (UTC) Subject: [master] c7a8b5d2b vrt: Populate vrt change list for 7.7 release Message-ID: <20250317141105.8966764437@lists.varnish-cache.org> commit c7a8b5d2b9a92d817320e32bb85e028ab60e0a19 Author: Walid Boudebouda Date: Mon Mar 17 11:17:41 2025 +0100 vrt: Populate vrt change list for 7.7 release diff --git a/include/vrt.h b/include/vrt.h index 23cb77776..1f3c6d400 100644 --- a/include/vrt.h +++ b/include/vrt.h @@ -58,6 +58,12 @@ * binary/load-time compatible, increment MAJOR version * * NEXT (2025-03-15) + * VRT_u_req_grace() added + * VRT_u_req_ttl() added + * VRT_r_req_filters() added + * VRT_l_req_filters() added + * VRT_r_bereq_filters() added + * VRT_l_bereq_filters() added * 20.1 (2024-11-08 7.6.1) * VDI_EVENT_SICK added to enum vcl_event_e * 20.0 (2024-09-13) From walid.boudebouda at gmail.com Mon Mar 17 14:11:05 2025 From: walid.boudebouda at gmail.com (Walid Boudebouda) Date: Mon, 17 Mar 2025 14:11:05 +0000 (UTC) Subject: [master] 71fc9d211 Prepare for 7.7.0 Message-ID: <20250317141105.A8B7964442@lists.varnish-cache.org> commit 71fc9d211c471106e4be590f3816a56ba156a833 Author: Walid Boudebouda Date: Mon Mar 17 10:27:43 2025 +0100 Prepare for 7.7.0 diff --git a/bin/varnishtest/tests/m00003.vtc b/bin/varnishtest/tests/m00003.vtc index 635b3f0aa..22bd4ba71 100644 --- a/bin/varnishtest/tests/m00003.vtc +++ b/bin/varnishtest/tests/m00003.vtc @@ -96,7 +96,7 @@ filewrite -a ${tmpdir}/libvmod_wrong.so "\x03" varnish v1 -errvcl {VMOD wants ABI version 1.0} { import wrong; } ############################################################# -# NB: in the tests below "20" should track VRT_MAJOR_VERSION +# NB: in the tests below "21" should track VRT_MAJOR_VERSION filewrite ${tmpdir}/libvmod_wrong.so "VMOD_JSON_SPEC\x02" filewrite -a ${tmpdir}/libvmod_wrong.so { @@ -108,7 +108,7 @@ filewrite -a ${tmpdir}/libvmod_wrong.so { "Vmod_vmod_wrong_Func", "0000000000000000000000000000000000000000000000000000000000000000", "0000000000000000000000000000000000000000000000000000000000000000", - "20", + "21", "0" ], [ "$FOOBAR" @@ -128,7 +128,7 @@ filewrite -a ${tmpdir}/libvmod_wrong.so { "Vmod_vmod_wrong_Func", "0000000000000000000000000000000000000000000000000000000000000000", "0000000000000000000000000000000000000000000000000000000000000000", - "20", + "21", "0" ] ] @@ -146,7 +146,7 @@ filewrite -a ${tmpdir}/libvmod_wrong.so { "Vmod_vmod_wrong_Func", "0000000000000000000000000000000000000000000000000000000000000000", "0000000000000000000000000000000000000000000000000000000000000000", - "20", + "21", "0" ], [ "$CPROTO" @@ -168,7 +168,7 @@ filewrite -a ${tmpdir}/libvmod_wrong.so { "Vmod_vmod_std_Func", "0000000000000000000000000000000000000000000000000000000000000000", "0000000000000000000000000000000000000000000000000000000000000000", - "20", + "21", "0" ], [ "$CPROTO", "/* blabla */" diff --git a/bin/varnishtest/tests/m00055.vtc b/bin/varnishtest/tests/m00055.vtc index 7d17010aa..7c4c70342 100644 --- a/bin/varnishtest/tests/m00055.vtc +++ b/bin/varnishtest/tests/m00055.vtc @@ -21,7 +21,7 @@ filewrite -a ${tmpdir}/libvmod_wrong.so { "Vmod_vmod_wrong_Func", "0000000000000000000000000000000000000000000000000000000000000000", "0000000000000000000000000000000000000000000000000000000000000000", - "20", + "21", "0" ], [ diff --git a/configure.ac b/configure.ac index 8e683eb02..e2779521f 100644 --- a/configure.ac +++ b/configure.ac @@ -1,9 +1,9 @@ AC_PREREQ([2.69]) AC_COPYRIGHT([Copyright (c) 2006 Verdens Gang AS -Copyright (c) 2006-2024 Varnish Software -Copyright 2010-2024 UPLEX - Nils Goroll Systemoptimierung]) +Copyright (c) 2006-2025 Varnish Software +Copyright 2010-2025 UPLEX - Nils Goroll Systemoptimierung]) AC_REVISION([$Id$]) -AC_INIT([Varnish], [trunk], [varnish-dev at varnish-cache.org]) +AC_INIT([Varnish], [7.7.0], [varnish-dev at varnish-cache.org]) AC_CONFIG_SRCDIR(include/miniobj.h) AC_CONFIG_HEADERS([config.h]) AC_CONFIG_MACRO_DIR([m4]) diff --git a/doc/changes.rst b/doc/changes.rst index 35a15d8bc..61ee71669 100644 --- a/doc/changes.rst +++ b/doc/changes.rst @@ -35,7 +35,7 @@ individual releases. These documents are updated as part of the release process. ============================== -Varnish-Cache 7.7 (2025-03-15) +Varnish-Cache 7.7 (2025-03-17) ============================== .. PLEASE keep this roughly in commit order as shown by git-log / tig diff --git a/doc/sphinx/index.rst b/doc/sphinx/index.rst index 489910406..59678cebf 100644 --- a/doc/sphinx/index.rst +++ b/doc/sphinx/index.rst @@ -40,9 +40,9 @@ Conventions used in this manual include: Longer listings like example command output and VCL look like this:: $ /opt/varnish/sbin/varnishd -V - varnishd (varnish-7.5.0 revision 1234567) + varnishd (varnish-7.7.0 revision 1234567) Copyright (c) 2006 Verdens Gang AS - Copyright (c) 2006-2024 Varnish Software + Copyright (c) 2006-2025 Varnish Software .. For maintainers: diff --git a/include/vrt.h b/include/vrt.h index 1f3c6d400..49e3f5960 100644 --- a/include/vrt.h +++ b/include/vrt.h @@ -46,9 +46,9 @@ # error "include vdef.h before vrt.h" #endif -#define VRT_MAJOR_VERSION 20U +#define VRT_MAJOR_VERSION 21U -#define VRT_MINOR_VERSION 1U +#define VRT_MINOR_VERSION 0U /*********************************************************************** * Major and minor VRT API versions. @@ -57,7 +57,7 @@ * Whenever something is deleted or changed in a way which is not * binary/load-time compatible, increment MAJOR version * - * NEXT (2025-03-15) + * 21.0 (2025-03-17) * VRT_u_req_grace() added * VRT_u_req_ttl() added * VRT_r_req_filters() added diff --git a/lib/libvarnish/version.c b/lib/libvarnish/version.c index 4f5983c0d..651e739f6 100644 --- a/lib/libvarnish/version.c +++ b/lib/libvarnish/version.c @@ -76,8 +76,8 @@ VCS_String(const char *which) ")" "\n" "Copyright (c) 2006 Verdens Gang AS\n" - "Copyright (c) 2006-2024 Varnish Software\n" - "Copyright 2010-2024 UPLEX - Nils Goroll Systemoptimierung\n" + "Copyright (c) 2006-2025 Varnish Software\n" + "Copyright 2010-2025 UPLEX - Nils Goroll Systemoptimierung\n" ); default: WRONG("Wrong argument to VCS_String"); From walid.boudebouda at gmail.com Mon Mar 17 14:11:05 2025 From: walid.boudebouda at gmail.com (Walid Boudebouda) Date: Mon, 17 Mar 2025 14:11:05 +0000 (UTC) Subject: [master] 9014bf837 Merge tag 'varnish-7.7.0' Message-ID: <20250317141105.C65AE6445C@lists.varnish-cache.org> commit 9014bf8373cb50fe14f26801b756aa18ea5ac142 Merge: c7a8b5d2b 71fc9d211 Author: Walid Boudebouda Date: Mon Mar 17 15:04:50 2025 +0100 Merge tag 'varnish-7.7.0' Releasing 7.7.0 diff --cc configure.ac index 8e683eb02,e2779521f..f457af5d5 --- a/configure.ac +++ b/configure.ac @@@ -1,9 -1,9 +1,9 @@@ AC_PREREQ([2.69]) AC_COPYRIGHT([Copyright (c) 2006 Verdens Gang AS - Copyright (c) 2006-2024 Varnish Software - Copyright 2010-2024 UPLEX - Nils Goroll Systemoptimierung]) + Copyright (c) 2006-2025 Varnish Software + Copyright 2010-2025 UPLEX - Nils Goroll Systemoptimierung]) AC_REVISION([$Id$]) -AC_INIT([Varnish], [7.7.0], [varnish-dev at varnish-cache.org]) +AC_INIT([Varnish], [trunk], [varnish-dev at varnish-cache.org]) AC_CONFIG_SRCDIR(include/miniobj.h) AC_CONFIG_HEADERS([config.h]) AC_CONFIG_MACRO_DIR([m4]) From walid.boudebouda at gmail.com Mon Mar 17 14:37:03 2025 From: walid.boudebouda at gmail.com (Walid Boudebouda) Date: Mon, 17 Mar 2025 14:37:03 +0000 (UTC) Subject: [7.6] a9640a132 req_fsm: Close the connection on a malformed request Message-ID: <20250317143703.8AB2E659FC@lists.varnish-cache.org> commit a9640a13276048815cc51a12cda2603f4d4444e4 Author: Dag Haavi Finstad Date: Fri Jan 10 13:07:54 2025 +0100 req_fsm: Close the connection on a malformed request diff --git a/bin/varnishd/cache/cache_req_fsm.c b/bin/varnishd/cache/cache_req_fsm.c index 20e4eb13b..b0995605c 100644 --- a/bin/varnishd/cache/cache_req_fsm.c +++ b/bin/varnishd/cache/cache_req_fsm.c @@ -941,6 +941,7 @@ cnt_recv(struct worker *wrk, struct req *req) if (http_CountHdr(req->http0, H_Host) > 1) { VSLb(req->vsl, SLT_BogoHeader, "Multiple Host: headers"); wrk->stats->client_req_400++; + req->doclose = SC_RX_BAD; (void)req->transport->minimal_response(req, 400); return (REQ_FSM_DONE); } @@ -948,6 +949,7 @@ cnt_recv(struct worker *wrk, struct req *req) if (http_CountHdr(req->http0, H_Content_Length) > 1) { VSLb(req->vsl, SLT_BogoHeader, "Multiple Content-Length: headers"); wrk->stats->client_req_400++; + req->doclose = SC_RX_BAD; (void)req->transport->minimal_response(req, 400); return (REQ_FSM_DONE); } diff --git a/bin/varnishtest/tests/b00037.vtc b/bin/varnishtest/tests/b00037.vtc index ce0e84112..e6185bd07 100644 --- a/bin/varnishtest/tests/b00037.vtc +++ b/bin/varnishtest/tests/b00037.vtc @@ -11,6 +11,7 @@ client c1 { varnish v1 -vsl_catchup varnish v1 -expect client_req_400 == 1 +varnish v1 -expect sc_rx_bad == 1 client c1 { txreq -method POST -hdr "Content-Length: 12" -hdr "Content-Length: 12" -bodylen 12 @@ -20,6 +21,7 @@ client c1 { varnish v1 -vsl_catchup varnish v1 -expect client_req_400 == 2 +varnish v1 -expect sc_rx_bad == 2 varnish v1 -cliok "param.set feature +http2" From walid.boudebouda at gmail.com Mon Mar 17 14:37:03 2025 From: walid.boudebouda at gmail.com (Walid Boudebouda) Date: Mon, 17 Mar 2025 14:37:03 +0000 (UTC) Subject: [7.6] f8def6b3b changes: Populate changelog for 7.6.2 Message-ID: <20250317143703.A46BA659FF@lists.varnish-cache.org> commit f8def6b3bd6f6d2a9360e0566fddad6ad8524167 Author: Walid Boudebouda Date: Mon Mar 17 11:40:06 2025 +0100 changes: Populate changelog for 7.6.2 diff --git a/doc/changes.rst b/doc/changes.rst index fa91d93e9..51b8a8c3b 100644 --- a/doc/changes.rst +++ b/doc/changes.rst @@ -34,6 +34,15 @@ http://varnish-cache.org/docs/trunk/whats-new/index.html and via individual releases. These documents are updated as part of the release process. +================================ +Varnish Cache 7.6.2 (unreleased) +================================ + +.. _VSV00015: https://varnish-cache.org/security/VSV00015.html + +* The client connection is now always closed when a malformed request + is received. (VSV00015_) + ================================ Varnish Cache 7.6.1 (2024-11-08) ================================ From walid.boudebouda at gmail.com Mon Mar 17 14:37:03 2025 From: walid.boudebouda at gmail.com (Walid Boudebouda) Date: Mon, 17 Mar 2025 14:37:03 +0000 (UTC) Subject: [7.6] 2154ba2cc Prepare for 7.6.2 Message-ID: <20250317143703.C383565A03@lists.varnish-cache.org> commit 2154ba2ccb95c8768450b0144645a88da5696812 Author: Walid Boudebouda Date: Mon Mar 17 11:45:59 2025 +0100 Prepare for 7.6.2 diff --git a/configure.ac b/configure.ac index 7db4c1375..e861a5f2b 100644 --- a/configure.ac +++ b/configure.ac @@ -1,9 +1,9 @@ AC_PREREQ([2.69]) AC_COPYRIGHT([Copyright (c) 2006 Verdens Gang AS -Copyright (c) 2006-2024 Varnish Software -Copyright 2010-2024 UPLEX - Nils Goroll Systemoptimierung]) +Copyright (c) 2006-2025 Varnish Software +Copyright 2010-2025 UPLEX - Nils Goroll Systemoptimierung]) AC_REVISION([$Id$]) -AC_INIT([Varnish], [7.6.1], [varnish-dev at varnish-cache.org]) +AC_INIT([Varnish], [7.6.2], [varnish-dev at varnish-cache.org]) AC_CONFIG_SRCDIR(include/miniobj.h) AC_CONFIG_HEADERS([config.h]) AC_CONFIG_MACRO_DIR([m4]) diff --git a/doc/changes.rst b/doc/changes.rst index 51b8a8c3b..e1af49eb6 100644 --- a/doc/changes.rst +++ b/doc/changes.rst @@ -35,7 +35,7 @@ individual releases. These documents are updated as part of the release process. ================================ -Varnish Cache 7.6.2 (unreleased) +Varnish Cache 7.6.2 (2025-03-17) ================================ .. _VSV00015: https://varnish-cache.org/security/VSV00015.html diff --git a/doc/sphinx/index.rst b/doc/sphinx/index.rst index 489910406..27ca2554b 100644 --- a/doc/sphinx/index.rst +++ b/doc/sphinx/index.rst @@ -40,9 +40,9 @@ Conventions used in this manual include: Longer listings like example command output and VCL look like this:: $ /opt/varnish/sbin/varnishd -V - varnishd (varnish-7.5.0 revision 1234567) + varnishd (varnish-7.6.2 revision 1234567) Copyright (c) 2006 Verdens Gang AS - Copyright (c) 2006-2024 Varnish Software + Copyright (c) 2006-2025 Varnish Software .. For maintainers: diff --git a/lib/libvarnish/version.c b/lib/libvarnish/version.c index 4f5983c0d..651e739f6 100644 --- a/lib/libvarnish/version.c +++ b/lib/libvarnish/version.c @@ -76,8 +76,8 @@ VCS_String(const char *which) ")" "\n" "Copyright (c) 2006 Verdens Gang AS\n" - "Copyright (c) 2006-2024 Varnish Software\n" - "Copyright 2010-2024 UPLEX - Nils Goroll Systemoptimierung\n" + "Copyright (c) 2006-2025 Varnish Software\n" + "Copyright 2010-2025 UPLEX - Nils Goroll Systemoptimierung\n" ); default: WRONG("Wrong argument to VCS_String"); From phk at FreeBSD.org Mon Mar 17 16:48:05 2025 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Mon, 17 Mar 2025 16:48:05 +0000 (UTC) Subject: [master] 680057e61 Dont attempt to process the H2-upgrade settings header until we are in H2 mode. Message-ID: <20250317164805.C631110379F@lists.varnish-cache.org> commit 680057e61ba5f49202ca2530979f9e9a1a2fedbb Author: Poul-Henning Kamp Date: Mon Mar 17 16:46:45 2025 +0000 Dont attempt to process the H2-upgrade settings header until we are in H2 mode. Fixes: #4298 diff --git a/bin/varnishtest/tests/r04298.vtc b/bin/varnishtest/tests/r04298.vtc new file mode 100644 index 000000000..a794cf182 --- /dev/null +++ b/bin/varnishtest/tests/r04298.vtc @@ -0,0 +1,21 @@ +varnishtest "Test HPACK dictionary sizing in upgrade settings" + +server s1 { + rxreq + upgrade + stream 1 { + rxreq + txresp + } -run + +} -start + +client c1 -connect ${s1_sock} { + txreq -up AAMAAABkAAQAAP__AAkAAAAB + stream 1 { + txreq + rxresp + } -run +} -run + +server s1 -wait diff --git a/bin/varnishtest/vtc_http.c b/bin/varnishtest/vtc_http.c index 0f57aada6..4ed2be366 100644 --- a/bin/varnishtest/vtc_http.c +++ b/bin/varnishtest/vtc_http.c @@ -1058,8 +1058,6 @@ cmd_http_upgrade(CMD_ARGS) " -hdr \"Upgrade: h2c\"\n" ); - b64_settings(hp, h); - parse_string(vl, hp, "rxpri\n" "stream 0 {\n" @@ -1070,6 +1068,9 @@ cmd_http_upgrade(CMD_ARGS) " expect settings.ack == true\n" "} -start\n" ); + + b64_settings(hp, h); + } /********************************************************************** diff --git a/bin/varnishtest/vtc_http2.c b/bin/varnishtest/vtc_http2.c index f89bb187e..822abbae1 100644 --- a/bin/varnishtest/vtc_http2.c +++ b/bin/varnishtest/vtc_http2.c @@ -2892,10 +2892,16 @@ b64_settings(const struct http *hp, const char *s) buf = "unknown"; if (v == 1) { - if (hp->sfd) - assert(HPK_ResizeTbl(hp->encctx, v) != hpk_err); - else - assert(HPK_ResizeTbl(hp->decctx, v) != hpk_err); + enum hpk_result hrs; + if (hp->sfd) { + AN(hp->encctx); + hrs = HPK_ResizeTbl(hp->encctx, v); + } else { + AN(hp->decctx); + hrs = HPK_ResizeTbl(hp->decctx, v); + } + if (hrs != hpk_done) + vtc_fatal(hp->vl, "HPK resize failed %d\n", hrs); } vtc_log(hp->vl, 4, "Upgrade: %s (%d): %ju", From walid.boudebouda at gmail.com Tue Mar 18 13:10:07 2025 From: walid.boudebouda at gmail.com (Walid Boudebouda) Date: Tue, 18 Mar 2025 13:10:07 +0000 (UTC) Subject: [7.7] bb7a91861 Dont attempt to process the H2-upgrade settings header until we are in H2 mode. Message-ID: <20250318131007.DFBB0105FEA@lists.varnish-cache.org> commit bb7a918611ee85d17aefd07115fb8c66015151b5 Author: Poul-Henning Kamp Date: Mon Mar 17 16:46:45 2025 +0000 Dont attempt to process the H2-upgrade settings header until we are in H2 mode. Fixes: #4298 diff --git a/bin/varnishtest/tests/r04298.vtc b/bin/varnishtest/tests/r04298.vtc new file mode 100644 index 000000000..a794cf182 --- /dev/null +++ b/bin/varnishtest/tests/r04298.vtc @@ -0,0 +1,21 @@ +varnishtest "Test HPACK dictionary sizing in upgrade settings" + +server s1 { + rxreq + upgrade + stream 1 { + rxreq + txresp + } -run + +} -start + +client c1 -connect ${s1_sock} { + txreq -up AAMAAABkAAQAAP__AAkAAAAB + stream 1 { + txreq + rxresp + } -run +} -run + +server s1 -wait diff --git a/bin/varnishtest/vtc_http.c b/bin/varnishtest/vtc_http.c index 0f57aada6..4ed2be366 100644 --- a/bin/varnishtest/vtc_http.c +++ b/bin/varnishtest/vtc_http.c @@ -1058,8 +1058,6 @@ cmd_http_upgrade(CMD_ARGS) " -hdr \"Upgrade: h2c\"\n" ); - b64_settings(hp, h); - parse_string(vl, hp, "rxpri\n" "stream 0 {\n" @@ -1070,6 +1068,9 @@ cmd_http_upgrade(CMD_ARGS) " expect settings.ack == true\n" "} -start\n" ); + + b64_settings(hp, h); + } /********************************************************************** diff --git a/bin/varnishtest/vtc_http2.c b/bin/varnishtest/vtc_http2.c index f89bb187e..822abbae1 100644 --- a/bin/varnishtest/vtc_http2.c +++ b/bin/varnishtest/vtc_http2.c @@ -2892,10 +2892,16 @@ b64_settings(const struct http *hp, const char *s) buf = "unknown"; if (v == 1) { - if (hp->sfd) - assert(HPK_ResizeTbl(hp->encctx, v) != hpk_err); - else - assert(HPK_ResizeTbl(hp->decctx, v) != hpk_err); + enum hpk_result hrs; + if (hp->sfd) { + AN(hp->encctx); + hrs = HPK_ResizeTbl(hp->encctx, v); + } else { + AN(hp->decctx); + hrs = HPK_ResizeTbl(hp->decctx, v); + } + if (hrs != hpk_done) + vtc_fatal(hp->vl, "HPK resize failed %d\n", hrs); } vtc_log(hp->vl, 4, "Upgrade: %s (%d): %ju", From walid.boudebouda at gmail.com Tue Mar 18 13:13:04 2025 From: walid.boudebouda at gmail.com (Walid Boudebouda) Date: Tue, 18 Mar 2025 13:13:04 +0000 (UTC) Subject: [refs/tags/varnish-7.7.0] bb7a91861 Dont attempt to process the H2-upgrade settings header until we are in H2 mode. Message-ID: <20250318131305.09E191062D1@lists.varnish-cache.org> commit bb7a918611ee85d17aefd07115fb8c66015151b5 Author: Poul-Henning Kamp Date: Mon Mar 17 16:46:45 2025 +0000 Dont attempt to process the H2-upgrade settings header until we are in H2 mode. Fixes: #4298 diff --git a/bin/varnishtest/tests/r04298.vtc b/bin/varnishtest/tests/r04298.vtc new file mode 100644 index 000000000..a794cf182 --- /dev/null +++ b/bin/varnishtest/tests/r04298.vtc @@ -0,0 +1,21 @@ +varnishtest "Test HPACK dictionary sizing in upgrade settings" + +server s1 { + rxreq + upgrade + stream 1 { + rxreq + txresp + } -run + +} -start + +client c1 -connect ${s1_sock} { + txreq -up AAMAAABkAAQAAP__AAkAAAAB + stream 1 { + txreq + rxresp + } -run +} -run + +server s1 -wait diff --git a/bin/varnishtest/vtc_http.c b/bin/varnishtest/vtc_http.c index 0f57aada6..4ed2be366 100644 --- a/bin/varnishtest/vtc_http.c +++ b/bin/varnishtest/vtc_http.c @@ -1058,8 +1058,6 @@ cmd_http_upgrade(CMD_ARGS) " -hdr \"Upgrade: h2c\"\n" ); - b64_settings(hp, h); - parse_string(vl, hp, "rxpri\n" "stream 0 {\n" @@ -1070,6 +1068,9 @@ cmd_http_upgrade(CMD_ARGS) " expect settings.ack == true\n" "} -start\n" ); + + b64_settings(hp, h); + } /********************************************************************** diff --git a/bin/varnishtest/vtc_http2.c b/bin/varnishtest/vtc_http2.c index f89bb187e..822abbae1 100644 --- a/bin/varnishtest/vtc_http2.c +++ b/bin/varnishtest/vtc_http2.c @@ -2892,10 +2892,16 @@ b64_settings(const struct http *hp, const char *s) buf = "unknown"; if (v == 1) { - if (hp->sfd) - assert(HPK_ResizeTbl(hp->encctx, v) != hpk_err); - else - assert(HPK_ResizeTbl(hp->decctx, v) != hpk_err); + enum hpk_result hrs; + if (hp->sfd) { + AN(hp->encctx); + hrs = HPK_ResizeTbl(hp->encctx, v); + } else { + AN(hp->decctx); + hrs = HPK_ResizeTbl(hp->decctx, v); + } + if (hrs != hpk_done) + vtc_fatal(hp->vl, "HPK resize failed %d\n", hrs); } vtc_log(hp->vl, 4, "Upgrade: %s (%d): %ju", From walid.boudebouda at gmail.com Tue Mar 18 13:52:07 2025 From: walid.boudebouda at gmail.com (Walid Boudebouda) Date: Tue, 18 Mar 2025 13:52:07 +0000 (UTC) Subject: [master] bb7a91861 Dont attempt to process the H2-upgrade settings header until we are in H2 mode. Message-ID: <20250318135207.37A9F1077E2@lists.varnish-cache.org> commit bb7a918611ee85d17aefd07115fb8c66015151b5 Author: Poul-Henning Kamp Date: Mon Mar 17 16:46:45 2025 +0000 Dont attempt to process the H2-upgrade settings header until we are in H2 mode. Fixes: #4298 diff --git a/bin/varnishtest/tests/r04298.vtc b/bin/varnishtest/tests/r04298.vtc new file mode 100644 index 000000000..a794cf182 --- /dev/null +++ b/bin/varnishtest/tests/r04298.vtc @@ -0,0 +1,21 @@ +varnishtest "Test HPACK dictionary sizing in upgrade settings" + +server s1 { + rxreq + upgrade + stream 1 { + rxreq + txresp + } -run + +} -start + +client c1 -connect ${s1_sock} { + txreq -up AAMAAABkAAQAAP__AAkAAAAB + stream 1 { + txreq + rxresp + } -run +} -run + +server s1 -wait diff --git a/bin/varnishtest/vtc_http.c b/bin/varnishtest/vtc_http.c index 0f57aada6..4ed2be366 100644 --- a/bin/varnishtest/vtc_http.c +++ b/bin/varnishtest/vtc_http.c @@ -1058,8 +1058,6 @@ cmd_http_upgrade(CMD_ARGS) " -hdr \"Upgrade: h2c\"\n" ); - b64_settings(hp, h); - parse_string(vl, hp, "rxpri\n" "stream 0 {\n" @@ -1070,6 +1068,9 @@ cmd_http_upgrade(CMD_ARGS) " expect settings.ack == true\n" "} -start\n" ); + + b64_settings(hp, h); + } /********************************************************************** diff --git a/bin/varnishtest/vtc_http2.c b/bin/varnishtest/vtc_http2.c index f89bb187e..822abbae1 100644 --- a/bin/varnishtest/vtc_http2.c +++ b/bin/varnishtest/vtc_http2.c @@ -2892,10 +2892,16 @@ b64_settings(const struct http *hp, const char *s) buf = "unknown"; if (v == 1) { - if (hp->sfd) - assert(HPK_ResizeTbl(hp->encctx, v) != hpk_err); - else - assert(HPK_ResizeTbl(hp->decctx, v) != hpk_err); + enum hpk_result hrs; + if (hp->sfd) { + AN(hp->encctx); + hrs = HPK_ResizeTbl(hp->encctx, v); + } else { + AN(hp->decctx); + hrs = HPK_ResizeTbl(hp->decctx, v); + } + if (hrs != hpk_done) + vtc_fatal(hp->vl, "HPK resize failed %d\n", hrs); } vtc_log(hp->vl, 4, "Upgrade: %s (%d): %ju", From walid.boudebouda at gmail.com Tue Mar 18 13:52:07 2025 From: walid.boudebouda at gmail.com (Walid Boudebouda) Date: Tue, 18 Mar 2025 13:52:07 +0000 (UTC) Subject: [master] 624ee3b37 Merge tag 'varnish-7.7.0' Message-ID: <20250318135207.4B3F51077E5@lists.varnish-cache.org> commit 624ee3b376424e2a965eba8a6c151ebbeb9918f3 Merge: 680057e61 bb7a91861 Author: Walid Boudebouda Date: Tue Mar 18 14:47:20 2025 +0100 Merge tag 'varnish-7.7.0' Releasing 7.7.0 From walid.boudebouda at gmail.com Tue Mar 18 13:56:05 2025 From: walid.boudebouda at gmail.com (Walid Boudebouda) Date: Tue, 18 Mar 2025 13:56:05 +0000 (UTC) Subject: [7.6] 49168df45 Dont attempt to process the H2-upgrade settings header until we are in H2 mode. Message-ID: <20250318135605.6AB5D107CAE@lists.varnish-cache.org> commit 49168df457f8965fe5b3d257e95afaa2f41498c9 Author: Poul-Henning Kamp Date: Mon Mar 17 16:46:45 2025 +0000 Dont attempt to process the H2-upgrade settings header until we are in H2 mode. Fixes: #4298 diff --git a/bin/varnishtest/tests/r04298.vtc b/bin/varnishtest/tests/r04298.vtc new file mode 100644 index 000000000..a794cf182 --- /dev/null +++ b/bin/varnishtest/tests/r04298.vtc @@ -0,0 +1,21 @@ +varnishtest "Test HPACK dictionary sizing in upgrade settings" + +server s1 { + rxreq + upgrade + stream 1 { + rxreq + txresp + } -run + +} -start + +client c1 -connect ${s1_sock} { + txreq -up AAMAAABkAAQAAP__AAkAAAAB + stream 1 { + txreq + rxresp + } -run +} -run + +server s1 -wait diff --git a/bin/varnishtest/vtc_http.c b/bin/varnishtest/vtc_http.c index 352054a59..bbecc6d93 100644 --- a/bin/varnishtest/vtc_http.c +++ b/bin/varnishtest/vtc_http.c @@ -1050,8 +1050,6 @@ cmd_http_upgrade(CMD_ARGS) " -hdr \"Upgrade: h2c\"\n" ); - b64_settings(hp, h); - parse_string(vl, hp, "rxpri\n" "stream 0 {\n" @@ -1062,6 +1060,9 @@ cmd_http_upgrade(CMD_ARGS) " expect settings.ack == true\n" "} -start\n" ); + + b64_settings(hp, h); + } /********************************************************************** diff --git a/bin/varnishtest/vtc_http2.c b/bin/varnishtest/vtc_http2.c index 1caeeb5a3..49a47e91f 100644 --- a/bin/varnishtest/vtc_http2.c +++ b/bin/varnishtest/vtc_http2.c @@ -2879,10 +2879,16 @@ b64_settings(const struct http *hp, const char *s) buf = "unknown"; if (v == 1) { - if (hp->sfd) - assert(HPK_ResizeTbl(hp->encctx, v) != hpk_err); - else - assert(HPK_ResizeTbl(hp->decctx, v) != hpk_err); + enum hpk_result hrs; + if (hp->sfd) { + AN(hp->encctx); + hrs = HPK_ResizeTbl(hp->encctx, v); + } else { + AN(hp->decctx); + hrs = HPK_ResizeTbl(hp->decctx, v); + } + if (hrs != hpk_done) + vtc_fatal(hp->vl, "HPK resize failed %d\n", hrs); } vtc_log(hp->vl, 4, "Upgrade: %s (%d): %ju", From walid.boudebouda at gmail.com Tue Mar 18 13:58:05 2025 From: walid.boudebouda at gmail.com (Walid Boudebouda) Date: Tue, 18 Mar 2025 13:58:05 +0000 (UTC) Subject: [refs/tags/varnish-7.6.2] 49168df45 Dont attempt to process the H2-upgrade settings header until we are in H2 mode. Message-ID: <20250318135805.45388107F28@lists.varnish-cache.org> commit 49168df457f8965fe5b3d257e95afaa2f41498c9 Author: Poul-Henning Kamp Date: Mon Mar 17 16:46:45 2025 +0000 Dont attempt to process the H2-upgrade settings header until we are in H2 mode. Fixes: #4298 diff --git a/bin/varnishtest/tests/r04298.vtc b/bin/varnishtest/tests/r04298.vtc new file mode 100644 index 000000000..a794cf182 --- /dev/null +++ b/bin/varnishtest/tests/r04298.vtc @@ -0,0 +1,21 @@ +varnishtest "Test HPACK dictionary sizing in upgrade settings" + +server s1 { + rxreq + upgrade + stream 1 { + rxreq + txresp + } -run + +} -start + +client c1 -connect ${s1_sock} { + txreq -up AAMAAABkAAQAAP__AAkAAAAB + stream 1 { + txreq + rxresp + } -run +} -run + +server s1 -wait diff --git a/bin/varnishtest/vtc_http.c b/bin/varnishtest/vtc_http.c index 352054a59..bbecc6d93 100644 --- a/bin/varnishtest/vtc_http.c +++ b/bin/varnishtest/vtc_http.c @@ -1050,8 +1050,6 @@ cmd_http_upgrade(CMD_ARGS) " -hdr \"Upgrade: h2c\"\n" ); - b64_settings(hp, h); - parse_string(vl, hp, "rxpri\n" "stream 0 {\n" @@ -1062,6 +1060,9 @@ cmd_http_upgrade(CMD_ARGS) " expect settings.ack == true\n" "} -start\n" ); + + b64_settings(hp, h); + } /********************************************************************** diff --git a/bin/varnishtest/vtc_http2.c b/bin/varnishtest/vtc_http2.c index 1caeeb5a3..49a47e91f 100644 --- a/bin/varnishtest/vtc_http2.c +++ b/bin/varnishtest/vtc_http2.c @@ -2879,10 +2879,16 @@ b64_settings(const struct http *hp, const char *s) buf = "unknown"; if (v == 1) { - if (hp->sfd) - assert(HPK_ResizeTbl(hp->encctx, v) != hpk_err); - else - assert(HPK_ResizeTbl(hp->decctx, v) != hpk_err); + enum hpk_result hrs; + if (hp->sfd) { + AN(hp->encctx); + hrs = HPK_ResizeTbl(hp->encctx, v); + } else { + AN(hp->decctx); + hrs = HPK_ResizeTbl(hp->decctx, v); + } + if (hrs != hpk_done) + vtc_fatal(hp->vl, "HPK resize failed %d\n", hrs); } vtc_log(hp->vl, 4, "Upgrade: %s (%d): %ju", From nils.goroll at uplex.de Wed Mar 19 20:54:06 2025 From: nils.goroll at uplex.de (Nils Goroll) Date: Wed, 19 Mar 2025 20:54:06 +0000 (UTC) Subject: [master] 459a636f1 vmod_blob: Account for NUL to simplify alphabet initialization Message-ID: <20250319205406.6B19E6EBCD@lists.varnish-cache.org> commit 459a636f137c48328af64677ac426af5f4af7654 Author: Nils Goroll Date: Wed Mar 19 16:31:23 2025 +0100 vmod_blob: Account for NUL to simplify alphabet initialization Alphabets for base64 and hex are 64 and 16 bytes long, respectively, but initializing them with a string needs one additional byte for the final NUL. Fixes #4300 diff --git a/vmod/vmod_blob.h b/vmod/vmod_blob.h index 90872b61a..f775dd6c9 100644 --- a/vmod/vmod_blob.h +++ b/vmod/vmod_blob.h @@ -140,7 +140,7 @@ len_f hex_decode_l; encode_f hex_encode; decode_f hex_decode; -extern const char hex_alphabet[][16]; +extern const char hex_alphabet[][17]; extern const uint8_t hex_nibble[]; /* url.c */ diff --git a/vmod/vmod_blob_base64.c b/vmod/vmod_blob_base64.c index 74a895754..971a05e91 100644 --- a/vmod/vmod_blob_base64.c +++ b/vmod/vmod_blob_base64.c @@ -37,7 +37,7 @@ #include "vmod_blob.h" static const struct b64_alphabet { - const char b64[64]; + const char b64[65]; const int8_t i64[256]; const int padding; } b64_alphabet[] = { diff --git a/vmod/vmod_blob_hex.c b/vmod/vmod_blob_hex.c index 539ab87a7..b11701940 100644 --- a/vmod/vmod_blob_hex.c +++ b/vmod/vmod_blob_hex.c @@ -38,7 +38,7 @@ #include "vmod_blob.h" -const char hex_alphabet[][16] = { +const char hex_alphabet[][17] = { "0123456789abcdef", "0123456789ABCDEF" }; From nils.goroll at uplex.de Fri Mar 21 14:05:11 2025 From: nils.goroll at uplex.de (Nils Goroll) Date: Fri, 21 Mar 2025 14:05:11 +0000 (UTC) Subject: [master] 75aa1a805 cache_ban: Add obj.last_hit Message-ID: <20250321140511.4383010AA62@lists.varnish-cache.org> commit 75aa1a8056c56d9b2c7350bf4e2be44b0a4115e4 Author: Nils Goroll Date: Tue Feb 25 17:13:25 2025 +0100 cache_ban: Add obj.last_hit This commit adds bans by last LRU time, basically equivalent to the existing obj.age from b06cdbbab4099a351e188106add56b5e1eb0b927 (the code was trivial to add). The primary use case is to remove objects from cache which have not been accessed for a long time, and, in particular, to get rid of request bans by removing all objects which have not been touched since the request ban. diff --git a/bin/varnishd/cache/cache_ban.c b/bin/varnishd/cache/cache_ban.c index d611445d6..ce54c5c3d 100644 --- a/bin/varnishd/cache/cache_ban.c +++ b/bin/varnishd/cache/cache_ban.c @@ -498,8 +498,8 @@ ban_evaluate(struct worker *wrk, const uint8_t *bsarg, struct objcore *oc, int rv; /* - * for ttl and age, fix the point in time such that banning refers to - * the same point in time when the ban is evaluated + * for ttl, age and last_hit, fix the point in time such that banning + * refers to the same point in time when the ban is evaluated * * for grace/keep, we assume that the absolute values are pola and that * users will most likely also specify a ttl criterion if they want to @@ -546,6 +546,12 @@ ban_evaluate(struct worker *wrk, const uint8_t *bsarg, struct objcore *oc, darg1 = oc->keep; darg2 = bt.arg2_double; break; + case BANS_ARG_OBJLASTHIT: + if (isnan(oc->last_lru)) + return (0); + darg1 = 0.0 - oc->last_lru; + darg2 = 0.0 - (ban_time(bsarg) - bt.arg2_double); + break; default: WRONG("Wrong BAN_ARG code"); } diff --git a/bin/varnishd/cache/cache_ban.h b/bin/varnishd/cache/cache_ban.h index d3339eef0..468c54747 100644 --- a/bin/varnishd/cache/cache_ban.h +++ b/bin/varnishd/cache/cache_ban.h @@ -97,7 +97,8 @@ #define BANS_ARG_OBJAGE 0x1d #define BANS_ARG_OBJGRACE 0x1e #define BANS_ARG_OBJKEEP 0x1f -#define BANS_ARG_LIM (BANS_ARG_OBJKEEP + 1) +#define BANS_ARG_OBJLASTHIT 0x20 +#define BANS_ARG_LIM (BANS_ARG_OBJLASTHIT + 1) #define BAN_ARGIDX(x) ((x) - BANS_ARG_OFF_) #define BAN_ARGARRSZ (BANS_ARG_LIM - BANS_ARG_OFF_) @@ -116,7 +117,7 @@ // has an arg2_double (BANS_FLAG_DURATION at build time) #define BANS_HAS_ARG2_DOUBLE(arg) \ ((arg) >= BANS_ARG_OBJTTL && \ - (arg) <= BANS_ARG_OBJKEEP) + (arg) <= BANS_ARG_OBJLASTHIT) /*--------------------------------------------------------------------*/ diff --git a/bin/varnishtest/tests/c00059.vtc b/bin/varnishtest/tests/c00059.vtc index 410e794a4..4bee69add 100644 --- a/bin/varnishtest/tests/c00059.vtc +++ b/bin/varnishtest/tests/c00059.vtc @@ -3,6 +3,9 @@ varnishtest "test ban obj.* except obj.http.*" # see c00021.vtc for obj.http.* tests server s1 { + rxreq + expect req.url == "/old" + txresp -status 204 rxreq txresp -bodylen 1 rxreq @@ -15,11 +18,25 @@ server s1 { txresp -bodylen 5 rxreq txresp -bodylen 6 + rxreq + txresp -bodylen 7 } -start -varnish v1 -vcl+backend {} -start +varnish v1 -vcl+backend { + sub vcl_deliver { + set resp.http.hits = obj.hits; + } +} -start client c1 { + txreq -url "/old" + rxresp + expect resp.status == 204 + + txreq -url "/old" + rxresp + expect resp.status == 204 + txreq rxresp expect resp.bodylen == 1 @@ -55,7 +72,7 @@ client c1 { expect resp.bodylen == 2 } -run -varnish v1 -cliok "ban obj.ttl <= 2m" +varnish v1 -cliok "ban obj.status == 200 && obj.ttl <= 2m" client c1 { txreq @@ -75,7 +92,7 @@ client c1 { expect resp.bodylen == 3 } -run -varnish v1 -cliok "ban obj.age < 1m" +varnish v1 -cliok "ban obj.status == 200 && obj.age < 1m" client c1 { txreq @@ -95,7 +112,7 @@ client c1 { expect resp.bodylen == 4 } -run -varnish v1 -cliok "ban obj.grace == 10s" +varnish v1 -cliok "ban obj.status == 200 && obj.grace == 10s" client c1 { txreq @@ -115,12 +132,37 @@ client c1 { expect resp.bodylen == 5 } -run -varnish v1 -cliok "ban obj.keep == 0s" +varnish v1 -cli "param.set ban_lurker_age 0.1" +varnish v1 -cliok "ban obj.status == 200 && obj.keep == 0s" +delay 1 client c1 { txreq rxresp expect resp.bodylen == 6 + + txreq + rxresp + expect resp.bodylen == 6 + expect resp.http.hits == 1 +} -run + +# now we should have two objects, /old from the beginning and the len==6 object +varnish v1 -cliexpect { 2 C} "ban.list" +varnish v1 -cli "param.set ban_lurker_age 600" +varnish v1 -cliok "ban obj.last_hit < 1s" + +# /old survives, but len==6 gets removed +client c1 { + txreq -url "/old" + rxresp + expect resp.http.age > 0 + expect resp.http.hits == 2 + + txreq + rxresp + expect resp.bodylen == 7 + expect resp.http.hits == 0 } -run # duration formatting - 0s is being tested above diff --git a/include/tbl/ban_arg_oper.h b/include/tbl/ban_arg_oper.h index d139e08a6..b118d697c 100644 --- a/include/tbl/ban_arg_oper.h +++ b/include/tbl/ban_arg_oper.h @@ -52,6 +52,7 @@ ARGOPER(BANS_ARG_OBJTTL, BANS_OPER_DURATION) ARGOPER(BANS_ARG_OBJAGE, BANS_OPER_DURATION) ARGOPER(BANS_ARG_OBJGRACE, BANS_OPER_DURATION) ARGOPER(BANS_ARG_OBJKEEP, BANS_OPER_DURATION) +ARGOPER(BANS_ARG_OBJLASTHIT, BANS_OPER_DURATION) #undef ARGOPER #undef BANS_OPER_STRING diff --git a/include/tbl/ban_vars.h b/include/tbl/ban_vars.h index 015cef817..efafff8ec 100644 --- a/include/tbl/ban_vars.h +++ b/include/tbl/ban_vars.h @@ -57,6 +57,9 @@ PVAR("obj.grace", PVAR("obj.keep", BANS_FLAG_OBJ | BANS_FLAG_DURATION, BANS_ARG_OBJKEEP) +PVAR("obj.last_hit", + BANS_FLAG_OBJ | BANS_FLAG_DURATION | BANS_FLAG_NODEDUP, + BANS_ARG_OBJLASTHIT) #undef PVAR /*lint -restore */ diff --git a/vmod/vmod_std.vcc b/vmod/vmod_std.vcc index b5ab2a8aa..9320147e8 100644 --- a/vmod/vmod_std.vcc +++ b/vmod/vmod_std.vcc @@ -612,10 +612,15 @@ The format of *STRING* is:: * duration fields: - * ``obj.ttl``: Remaining ttl at the time the ban is issued - * ``obj.age``: Object age at the time the ban is issued + * ``obj.ttl``: Remaining ttl + * ``obj.age``: Object age * ``obj.grace``: The grace time of the object * ``obj.keep``: The keep time of the object + * ``obj.last_hit``: Time since the last hit + + ``obj.ttl``, ``obj.age`` and ``obj.last_hit`` are relative to the submission + time of the ban, such that they represent a fixed point in time despite + being specified as a duration. * **: @@ -662,6 +667,19 @@ non-existing header, the operators ``==`` and ``~`` always evaluate as false, while the operators ``!=`` and ``!~`` always evaluate as true, respectively, for any value of **. +``obj.last_hit`` can be used almost as a "last accessed" time, so, for example, +``ban obj.last_hit > 1d`` removes all objects which were last accessed more than +one day ago. Also, it can be used to remove objects stuck at request bans by +issuing ``ban obj.last_hit > X``, with X being slightly less than the time since +the request ban. + +``obj.last_hit`` is based on an internal last LRU time, which might not be +implemented by all storage engines. Where it is not available, ban expressions +using ``obj.last_hit`` evaluate to ``false``, which means that the respective +ban behaves as if it was not present. Where implemented, the last LRU time might +only get updated by the ``lru_interval`` parameter, which therefore is the +maximum precision of ``obj.last_hit`` bans. + $Function STRING ban_error() Returns a textual error description of the last `std.ban()`_ call from From nils.goroll at uplex.de Mon Mar 24 14:33:07 2025 From: nils.goroll at uplex.de (Nils Goroll) Date: Mon, 24 Mar 2025 14:33:07 +0000 (UTC) Subject: [master] 25c33dbc4 vmodtool: New --noinst option for vmod_debug Message-ID: <20250324143307.1594F103BA7@lists.varnish-cache.org> commit 25c33dbc4aa5ce7c8de14bdf37367d64f2db0bfa Author: Dridi Boukelmoune Date: Fri Mar 21 14:20:10 2025 +0100 vmodtool: New --noinst option for vmod_debug The problem with vmod_debug is that we don't want to distribute it, but the automake boilerplate unilaterally adds all VMODs to $(vmoddir). This results in the installation of libvmod_debug.so but not vmod_debug.vcc and the responsibility of not redistributing libvmod_debug.so to our downstream maintainers. A new --noinst option cuts down the amount of circumventions we have for vmod_debug and ensures that vmod_debug does not accidentally land in packages. diff --git a/lib/libvcc/vmodtool.py b/lib/libvcc/vmodtool.py index 308e53dae..12fde6947 100755 --- a/lib/libvcc/vmodtool.py +++ b/lib/libvcc/vmodtool.py @@ -52,11 +52,8 @@ import time AMBOILERPLATE = '''\ ## Generated by vmodtool.py --boilerplate. -vmod_XXX_vcc ?= $(srcdir)/VCC - -vmod_vcc_files += $(vmod_XXX_vcc) - -vmod_LTLIBRARIES += libvmod_XXX.la +LIBDIR_LTLIBRARIES += libvmod_XXX.la +dist_VCCDIR_DATA += $(srcdir)/VCC libvmod_XXX_la_SOURCES = \\ \tSRC @@ -1089,7 +1086,14 @@ class vcc(): src.sort() fn = "automake_boilerplate_" + self.modname + ".am" fo = self.openfile(fn) + libdir = "vmod" + vccdir = "vcc" + if opts.noinst: + libdir = "noinst" + vccdir = "noinst" fo.write(AMBOILERPLATE.replace("XXX", self.modname) + .replace("LIBDIR", libdir) + .replace("VCCDIR", vccdir) .replace("VCC", vcc) .replace("PFX", self.pfx) .replace("SRC", " \\\n\t".join(src))) @@ -1341,6 +1345,9 @@ if __name__ == "__main__": help="Create automake_boilerplate.am") oparser.add_option('-N', '--strict', action='store_true', default=False, help="Be strict when parsing the input file") + oparser.add_option('-n', '--noinst', action='store_true', + default=False, + help="Do not install files in automake_boilerplate.am") oparser.add_option('-o', '--output', metavar="prefix", default='vcc_if', help='Output file prefix (default: "vcc_if")') oparser.add_option('-w', '--rstdir', metavar="directory", default='.', diff --git a/vmod/Makefile.am b/vmod/Makefile.am index 0449eaf4b..7608c0b50 100644 --- a/vmod/Makefile.am +++ b/vmod/Makefile.am @@ -24,10 +24,9 @@ vccdir=$(datarootdir)/$(PACKAGE)/vcc # Prepare variables populated by includes vmod_LTLIBRARIES = -vmod_vcc_files = - -# Prevent vmod_debug.vcc installation upfront -vmod_debug_vcc = +noinst_LTLIBRARIES = +dist_vcc_DATA = +dist_noinst_DATA = include $(srcdir)/automake_boilerplate_blob.am include $(srcdir)/automake_boilerplate_h2.am @@ -54,9 +53,5 @@ BUILT_SOURCES = $(VSC_GEN) # Allow Vmod_wrong*_Data to be exported vmod_debug_symbols_regex = 'Vmod_.*_Data' -# not --strict -vmodtoolargs_debug = --boilerplate -o vcc_debug_if - -dist_noinst_DATA = $(srcdir)/vmod_debug.vcc - -dist_vcc_DATA = $(vmod_vcc_files) +# not --strict, not installed +vmodtoolargs_debug = --boilerplate --noinst -o vcc_debug_if diff --git a/vmod/automake_boilerplate_blob.am b/vmod/automake_boilerplate_blob.am index 1d732af00..173fffa30 100644 --- a/vmod/automake_boilerplate_blob.am +++ b/vmod/automake_boilerplate_blob.am @@ -1,10 +1,7 @@ ## Generated by vmodtool.py --boilerplate. -vmod_blob_vcc ?= $(srcdir)/vmod_blob.vcc - -vmod_vcc_files += $(vmod_blob_vcc) - vmod_LTLIBRARIES += libvmod_blob.la +dist_vcc_DATA += $(srcdir)/vmod_blob.vcc libvmod_blob_la_SOURCES = \ vmod_blob.c \ diff --git a/vmod/automake_boilerplate_cookie.am b/vmod/automake_boilerplate_cookie.am index 156bb4a72..bb0c4d9c6 100644 --- a/vmod/automake_boilerplate_cookie.am +++ b/vmod/automake_boilerplate_cookie.am @@ -1,10 +1,7 @@ ## Generated by vmodtool.py --boilerplate. -vmod_cookie_vcc ?= $(srcdir)/vmod_cookie.vcc - -vmod_vcc_files += $(vmod_cookie_vcc) - vmod_LTLIBRARIES += libvmod_cookie.la +dist_vcc_DATA += $(srcdir)/vmod_cookie.vcc libvmod_cookie_la_SOURCES = \ vmod_cookie.c diff --git a/vmod/automake_boilerplate_debug.am b/vmod/automake_boilerplate_debug.am index 0021d59e7..441d13ad5 100644 --- a/vmod/automake_boilerplate_debug.am +++ b/vmod/automake_boilerplate_debug.am @@ -1,10 +1,7 @@ ## Generated by vmodtool.py --boilerplate. -vmod_debug_vcc ?= $(srcdir)/vmod_debug.vcc - -vmod_vcc_files += $(vmod_debug_vcc) - -vmod_LTLIBRARIES += libvmod_debug.la +noinst_LTLIBRARIES += libvmod_debug.la +dist_noinst_DATA += $(srcdir)/vmod_debug.vcc libvmod_debug_la_SOURCES = \ vmod_debug.c \ diff --git a/vmod/automake_boilerplate_directors.am b/vmod/automake_boilerplate_directors.am index a2e5a6ce4..e65d3886f 100644 --- a/vmod/automake_boilerplate_directors.am +++ b/vmod/automake_boilerplate_directors.am @@ -1,10 +1,7 @@ ## Generated by vmodtool.py --boilerplate. -vmod_directors_vcc ?= $(srcdir)/vmod_directors.vcc - -vmod_vcc_files += $(vmod_directors_vcc) - vmod_LTLIBRARIES += libvmod_directors.la +dist_vcc_DATA += $(srcdir)/vmod_directors.vcc libvmod_directors_la_SOURCES = \ vmod_directors.c \ diff --git a/vmod/automake_boilerplate_h2.am b/vmod/automake_boilerplate_h2.am index 30fa5e2b9..66b62e794 100644 --- a/vmod/automake_boilerplate_h2.am +++ b/vmod/automake_boilerplate_h2.am @@ -1,10 +1,7 @@ ## Generated by vmodtool.py --boilerplate. -vmod_h2_vcc ?= $(srcdir)/vmod_h2.vcc - -vmod_vcc_files += $(vmod_h2_vcc) - vmod_LTLIBRARIES += libvmod_h2.la +dist_vcc_DATA += $(srcdir)/vmod_h2.vcc libvmod_h2_la_SOURCES = \ vmod_h2.c diff --git a/vmod/automake_boilerplate_proxy.am b/vmod/automake_boilerplate_proxy.am index 480d82b83..181b3d3b5 100644 --- a/vmod/automake_boilerplate_proxy.am +++ b/vmod/automake_boilerplate_proxy.am @@ -1,10 +1,7 @@ ## Generated by vmodtool.py --boilerplate. -vmod_proxy_vcc ?= $(srcdir)/vmod_proxy.vcc - -vmod_vcc_files += $(vmod_proxy_vcc) - vmod_LTLIBRARIES += libvmod_proxy.la +dist_vcc_DATA += $(srcdir)/vmod_proxy.vcc libvmod_proxy_la_SOURCES = \ vmod_proxy.c diff --git a/vmod/automake_boilerplate_purge.am b/vmod/automake_boilerplate_purge.am index 00656497e..fc7813ad3 100644 --- a/vmod/automake_boilerplate_purge.am +++ b/vmod/automake_boilerplate_purge.am @@ -1,10 +1,7 @@ ## Generated by vmodtool.py --boilerplate. -vmod_purge_vcc ?= $(srcdir)/vmod_purge.vcc - -vmod_vcc_files += $(vmod_purge_vcc) - vmod_LTLIBRARIES += libvmod_purge.la +dist_vcc_DATA += $(srcdir)/vmod_purge.vcc libvmod_purge_la_SOURCES = \ vmod_purge.c diff --git a/vmod/automake_boilerplate_std.am b/vmod/automake_boilerplate_std.am index 738e97d9b..3933bf0f7 100644 --- a/vmod/automake_boilerplate_std.am +++ b/vmod/automake_boilerplate_std.am @@ -1,10 +1,7 @@ ## Generated by vmodtool.py --boilerplate. -vmod_std_vcc ?= $(srcdir)/vmod_std.vcc - -vmod_vcc_files += $(vmod_std_vcc) - vmod_LTLIBRARIES += libvmod_std.la +dist_vcc_DATA += $(srcdir)/vmod_std.vcc libvmod_std_la_SOURCES = \ vmod_std.c \ diff --git a/vmod/automake_boilerplate_unix.am b/vmod/automake_boilerplate_unix.am index ab5e982f7..b65c724c2 100644 --- a/vmod/automake_boilerplate_unix.am +++ b/vmod/automake_boilerplate_unix.am @@ -1,10 +1,7 @@ ## Generated by vmodtool.py --boilerplate. -vmod_unix_vcc ?= $(srcdir)/vmod_unix.vcc - -vmod_vcc_files += $(vmod_unix_vcc) - vmod_LTLIBRARIES += libvmod_unix.la +dist_vcc_DATA += $(srcdir)/vmod_unix.vcc libvmod_unix_la_SOURCES = \ vmod_unix.c \ diff --git a/vmod/automake_boilerplate_vtc.am b/vmod/automake_boilerplate_vtc.am index 0a2bd1228..7b7b401c8 100644 --- a/vmod/automake_boilerplate_vtc.am +++ b/vmod/automake_boilerplate_vtc.am @@ -1,10 +1,7 @@ ## Generated by vmodtool.py --boilerplate. -vmod_vtc_vcc ?= $(srcdir)/vmod_vtc.vcc - -vmod_vcc_files += $(vmod_vtc_vcc) - vmod_LTLIBRARIES += libvmod_vtc.la +dist_vcc_DATA += $(srcdir)/vmod_vtc.vcc libvmod_vtc_la_SOURCES = \ vmod_vtc.c From nils.goroll at uplex.de Mon Mar 24 14:33:07 2025 From: nils.goroll at uplex.de (Nils Goroll) Date: Mon, 24 Mar 2025 14:33:07 +0000 (UTC) Subject: [master] f37cebe89 SQUASHME: force the creation of libvmod_debug.so Message-ID: <20250324143307.2E341103BAA@lists.varnish-cache.org> commit f37cebe89eadb4bdb00b8825a6677044ddca7c9e Author: Dridi Boukelmoune Date: Fri Mar 21 17:21:39 2025 +0100 SQUASHME: force the creation of libvmod_debug.so The '-shared' option wasn't enough for libtool, it wants to know where to install the shared object to make one, but we don't install this one. diff --git a/lib/libvcc/vmodtool.py b/lib/libvcc/vmodtool.py index 12fde6947..a2e8969ee 100755 --- a/lib/libvcc/vmodtool.py +++ b/lib/libvcc/vmodtool.py @@ -66,7 +66,8 @@ vmod_XXX_symbols_regex ?= Vmod_XXX_Data libvmod_XXX_la_LDFLAGS = \\ \t-export-symbols-regex $(vmod_XXX_symbols_regex) \\ \t$(AM_LDFLAGS) \\ -\t$(VMOD_LDFLAGS) +\t$(VMOD_LDFLAGS) \\ +\t-rpath $(vmoddir) nodist_libvmod_XXX_la_SOURCES = PFX.c PFX.h diff --git a/vmod/automake_boilerplate_blob.am b/vmod/automake_boilerplate_blob.am index 173fffa30..787a16f41 100644 --- a/vmod/automake_boilerplate_blob.am +++ b/vmod/automake_boilerplate_blob.am @@ -21,7 +21,8 @@ vmod_blob_symbols_regex ?= Vmod_blob_Data libvmod_blob_la_LDFLAGS = \ -export-symbols-regex $(vmod_blob_symbols_regex) \ $(AM_LDFLAGS) \ - $(VMOD_LDFLAGS) + $(VMOD_LDFLAGS) \ + -rpath $(vmoddir) nodist_libvmod_blob_la_SOURCES = vcc_blob_if.c vcc_blob_if.h diff --git a/vmod/automake_boilerplate_cookie.am b/vmod/automake_boilerplate_cookie.am index bb0c4d9c6..99109759e 100644 --- a/vmod/automake_boilerplate_cookie.am +++ b/vmod/automake_boilerplate_cookie.am @@ -14,7 +14,8 @@ vmod_cookie_symbols_regex ?= Vmod_cookie_Data libvmod_cookie_la_LDFLAGS = \ -export-symbols-regex $(vmod_cookie_symbols_regex) \ $(AM_LDFLAGS) \ - $(VMOD_LDFLAGS) + $(VMOD_LDFLAGS) \ + -rpath $(vmoddir) nodist_libvmod_cookie_la_SOURCES = vcc_cookie_if.c vcc_cookie_if.h diff --git a/vmod/automake_boilerplate_debug.am b/vmod/automake_boilerplate_debug.am index 441d13ad5..5eb8eadc4 100644 --- a/vmod/automake_boilerplate_debug.am +++ b/vmod/automake_boilerplate_debug.am @@ -20,7 +20,8 @@ vmod_debug_symbols_regex ?= Vmod_debug_Data libvmod_debug_la_LDFLAGS = \ -export-symbols-regex $(vmod_debug_symbols_regex) \ $(AM_LDFLAGS) \ - $(VMOD_LDFLAGS) + $(VMOD_LDFLAGS) \ + -rpath $(vmoddir) nodist_libvmod_debug_la_SOURCES = vcc_debug_if.c vcc_debug_if.h diff --git a/vmod/automake_boilerplate_directors.am b/vmod/automake_boilerplate_directors.am index e65d3886f..42c06b98a 100644 --- a/vmod/automake_boilerplate_directors.am +++ b/vmod/automake_boilerplate_directors.am @@ -24,7 +24,8 @@ vmod_directors_symbols_regex ?= Vmod_directors_Data libvmod_directors_la_LDFLAGS = \ -export-symbols-regex $(vmod_directors_symbols_regex) \ $(AM_LDFLAGS) \ - $(VMOD_LDFLAGS) + $(VMOD_LDFLAGS) \ + -rpath $(vmoddir) nodist_libvmod_directors_la_SOURCES = vcc_directors_if.c vcc_directors_if.h diff --git a/vmod/automake_boilerplate_h2.am b/vmod/automake_boilerplate_h2.am index 66b62e794..c3eb4ab9f 100644 --- a/vmod/automake_boilerplate_h2.am +++ b/vmod/automake_boilerplate_h2.am @@ -14,7 +14,8 @@ vmod_h2_symbols_regex ?= Vmod_h2_Data libvmod_h2_la_LDFLAGS = \ -export-symbols-regex $(vmod_h2_symbols_regex) \ $(AM_LDFLAGS) \ - $(VMOD_LDFLAGS) + $(VMOD_LDFLAGS) \ + -rpath $(vmoddir) nodist_libvmod_h2_la_SOURCES = vcc_h2_if.c vcc_h2_if.h diff --git a/vmod/automake_boilerplate_proxy.am b/vmod/automake_boilerplate_proxy.am index 181b3d3b5..0809a85ee 100644 --- a/vmod/automake_boilerplate_proxy.am +++ b/vmod/automake_boilerplate_proxy.am @@ -14,7 +14,8 @@ vmod_proxy_symbols_regex ?= Vmod_proxy_Data libvmod_proxy_la_LDFLAGS = \ -export-symbols-regex $(vmod_proxy_symbols_regex) \ $(AM_LDFLAGS) \ - $(VMOD_LDFLAGS) + $(VMOD_LDFLAGS) \ + -rpath $(vmoddir) nodist_libvmod_proxy_la_SOURCES = vcc_proxy_if.c vcc_proxy_if.h diff --git a/vmod/automake_boilerplate_purge.am b/vmod/automake_boilerplate_purge.am index fc7813ad3..5ff02c5cf 100644 --- a/vmod/automake_boilerplate_purge.am +++ b/vmod/automake_boilerplate_purge.am @@ -14,7 +14,8 @@ vmod_purge_symbols_regex ?= Vmod_purge_Data libvmod_purge_la_LDFLAGS = \ -export-symbols-regex $(vmod_purge_symbols_regex) \ $(AM_LDFLAGS) \ - $(VMOD_LDFLAGS) + $(VMOD_LDFLAGS) \ + -rpath $(vmoddir) nodist_libvmod_purge_la_SOURCES = vcc_purge_if.c vcc_purge_if.h diff --git a/vmod/automake_boilerplate_std.am b/vmod/automake_boilerplate_std.am index 3933bf0f7..fe5585fc0 100644 --- a/vmod/automake_boilerplate_std.am +++ b/vmod/automake_boilerplate_std.am @@ -17,7 +17,8 @@ vmod_std_symbols_regex ?= Vmod_std_Data libvmod_std_la_LDFLAGS = \ -export-symbols-regex $(vmod_std_symbols_regex) \ $(AM_LDFLAGS) \ - $(VMOD_LDFLAGS) + $(VMOD_LDFLAGS) \ + -rpath $(vmoddir) nodist_libvmod_std_la_SOURCES = vcc_std_if.c vcc_std_if.h diff --git a/vmod/automake_boilerplate_unix.am b/vmod/automake_boilerplate_unix.am index b65c724c2..4da138f19 100644 --- a/vmod/automake_boilerplate_unix.am +++ b/vmod/automake_boilerplate_unix.am @@ -15,7 +15,8 @@ vmod_unix_symbols_regex ?= Vmod_unix_Data libvmod_unix_la_LDFLAGS = \ -export-symbols-regex $(vmod_unix_symbols_regex) \ $(AM_LDFLAGS) \ - $(VMOD_LDFLAGS) + $(VMOD_LDFLAGS) \ + -rpath $(vmoddir) nodist_libvmod_unix_la_SOURCES = vcc_unix_if.c vcc_unix_if.h diff --git a/vmod/automake_boilerplate_vtc.am b/vmod/automake_boilerplate_vtc.am index 7b7b401c8..2a681e4fd 100644 --- a/vmod/automake_boilerplate_vtc.am +++ b/vmod/automake_boilerplate_vtc.am @@ -14,7 +14,8 @@ vmod_vtc_symbols_regex ?= Vmod_vtc_Data libvmod_vtc_la_LDFLAGS = \ -export-symbols-regex $(vmod_vtc_symbols_regex) \ $(AM_LDFLAGS) \ - $(VMOD_LDFLAGS) + $(VMOD_LDFLAGS) \ + -rpath $(vmoddir) nodist_libvmod_vtc_la_SOURCES = vcc_vtc_if.c vcc_vtc_if.h From phk at FreeBSD.org Wed Mar 26 09:27:06 2025 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 26 Mar 2025 09:27:06 +0000 (UTC) Subject: [master] 3a1eb57d8 Add more HTTP2 Settings to the table Message-ID: <20250326092707.02EA610FA67@lists.varnish-cache.org> commit 3a1eb57d8bd57205db7d2c766aed39cf73c4f578 Author: Poul-Henning Kamp Date: Wed Mar 26 09:24:17 2025 +0000 Add more HTTP2 Settings to the table diff --git a/include/tbl/h2_settings.h b/include/tbl/h2_settings.h index 2dbac671f..273f157fe 100644 --- a/include/tbl/h2_settings.h +++ b/include/tbl/h2_settings.h @@ -102,7 +102,39 @@ H2_SETTING( // rfc7540,l,2159,2167 0xffffffff, 0 ) -#endif + +H2_SETTING( // rfc8441 + ENABLE_CONNECT_PROTOCOL, + enable_connect_protocol, + 0x8, + 0, + 0, + 1, + H2CE_PROTOCOL_ERROR +) + +H2_SETTING( // rfc9218 + NO_RFC7540_PRIORITIES, + no_rfc7540_priorities, + 0x9, + 0, + 0, + 1, + H2CE_PROTOCOL_ERROR +) + +H2_SETTING( // [MS-HTTP2E] + // [Gabriel_Montenegro] + TLS_RENEG_PERMITTED, + tls_reneg_permitted, + 0x10, + 0, + 0, + 3, + H2CE_PROTOCOL_ERROR +) +#endif /* !H2_SETTINGS_PARAM_ONLY */ + #undef H2_SETTING /*lint -restore */ From phk at FreeBSD.org Wed Mar 26 09:27:07 2025 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 26 Mar 2025 09:27:07 +0000 (UTC) Subject: [master] 95e41dfa5 If the client sends NO_RFC7540_PRIORITIES, "rxprio" verbs become no-ops. Message-ID: <20250326092707.1E8A910FA6A@lists.varnish-cache.org> commit 95e41dfa584d108e444949534c7ce5801cffeacc Author: Poul-Henning Kamp Date: Wed Mar 26 09:25:43 2025 +0000 If the client sends NO_RFC7540_PRIORITIES, "rxprio" verbs become no-ops. Fixes: #4298 Tested by: @ingvarha diff --git a/bin/varnishtest/vtc.h b/bin/varnishtest/vtc.h index 2e5d4161a..b765fe60a 100644 --- a/bin/varnishtest/vtc.h +++ b/bin/varnishtest/vtc.h @@ -148,7 +148,7 @@ struct http; void cmd_stream(CMD_ARGS); void start_h2(struct http *hp); void stop_h2(struct http *hp); -void b64_settings(const struct http *hp, const char *s); +void b64_settings(struct http *hp, const char *s); /* vtc_gzip.c */ void vtc_gunzip(struct http *, char *, long *); diff --git a/bin/varnishtest/vtc_http.h b/bin/varnishtest/vtc_http.h index 7a86de8da..62c598a55 100644 --- a/bin/varnishtest/vtc_http.h +++ b/bin/varnishtest/vtc_http.h @@ -83,6 +83,7 @@ struct http { /* H/2 */ unsigned h2; int wf; + int no_rfc7540_priorities; pthread_t tp; VTAILQ_HEAD(, stream) streams; diff --git a/bin/varnishtest/vtc_http2.c b/bin/varnishtest/vtc_http2.c index 822abbae1..7feeb42b0 100644 --- a/bin/varnishtest/vtc_http2.c +++ b/bin/varnishtest/vtc_http2.c @@ -629,7 +629,7 @@ parse_settings(const struct stream *s, struct frame *f) buf = "unknown"; u += 4; - if (t == 1) { + if (t == SETTINGS_HEADER_TABLE_SIZE) { r = HPK_ResizeTbl(s->hp->encctx, v); assert(r == hpk_done); } @@ -2460,28 +2460,47 @@ cmd_rxsettings(CMD_ARGS) hp->h2_win_peer->init = val; } } +/* SECTION: stream.spec.prio_rxprio rxprio + * + * Receive a PRIORITY frame. + */ +static void +cmd_rxprio (CMD_ARGS) +{ + struct stream *s; + (void)av; + CAST_OBJ_NOTNULL(s, priv, STREAM_MAGIC); + if (s->hp->no_rfc7540_priorities) { + vtc_log(vl, 4, "skipping rxprio: no_rfc7540_priorities is set"); + return; + } + s->frame = rxstuff(s); + if (s->frame != NULL && s->frame->type != TYPE_PRIORITY) { + vtc_fatal(vl, + "Wrong frame type %s (%d) wanted %s", + s->frame->type < TYPE_MAX ? + h2_types[s->frame->type] : "?", + s->frame->type, "PRIORITY"); + } +} #define RXFUNC(lctype, upctype) \ static void \ - cmd_rx ## lctype(CMD_ARGS) { \ + cmd_rx ## lctype(CMD_ARGS) \ + { \ struct stream *s; \ (void)av; \ CAST_OBJ_NOTNULL(s, priv, STREAM_MAGIC); \ s->frame = rxstuff(s); \ - if (s->frame != NULL && s->frame->type != TYPE_ ## upctype) \ + if (s->frame != NULL && s->frame->type != TYPE_ ## upctype) { \ vtc_fatal(vl, \ "Wrong frame type %s (%d) wanted %s", \ s->frame->type < TYPE_MAX ? \ h2_types[s->frame->type] : "?", \ s->frame->type, #upctype); \ + } \ } -/* SECTION: stream.spec.prio_rxprio rxprio - * - * Receive a PRIORITY frame. - */ -RXFUNC(prio, PRIORITY) - /* SECTION: stream.spec.reset_rxrst rxrst * * Receive a RST_STREAM frame. @@ -2857,7 +2876,7 @@ cmd_stream(CMD_ARGS) } void -b64_settings(const struct http *hp, const char *s) +b64_settings(struct http *hp, const char *s) { uint16_t i; uint64_t v, vv; @@ -2891,7 +2910,10 @@ b64_settings(const struct http *hp, const char *s) else buf = "unknown"; - if (v == 1) { + if (i == SETTINGS_NO_RFC7540_PRIORITIES) { + hp->no_rfc7540_priorities = v; + } + if (i == SETTINGS_HEADER_TABLE_SIZE) { enum hpk_result hrs; if (hp->sfd) { AN(hp->encctx);