From artous at uplex.de Fri Jun 13 09:59:21 2025 From: artous at uplex.de (Thibaut Artis) Date: Fri, 13 Jun 2025 11:59:21 +0200 Subject: Stuck on implementing and integrating VRE_encode/decode function Message-ID: Hi everyone, I'm currently working on implementing and integrating VRE_encode/decode functions as evoked here https://github.com/varnishcache/varnish-cache/issues/4334 The goal here is to properly de/serialize bans using pcre2_serialize_encode/decode functions What is currently done is that the ban spec is simply written to a VSB, so what I attempted is to iterate over the ban spec, write the non-regex parts to the VSB just as it is done now, but when I encounter then I de/serialize it and then write it to the VSB. Here is my WIP https://github.com/varnishcache/varnish-cache/compare/master...cartoush:varnish-cache:pcre_serialize_bans But what I'm stuck with is that simply iterating over a ban spec causes crashes like so: ``` ***? v1? ? debug|Assert error in ban_get_lump(), cache/cache_ban.c line 212: ***? v1? ? debug|? Condition(PAOK(*bs)) not true. ``` even though I took example from other places in VC where ban_iter is used and seems to work correctly. Here is a minimal demonstration of how to reproduce that: https://github.com/varnishcache/varnish-cache/compare/master...cartoush:varnish-cache:test_iter_cache_ban So my question here is: Is ban_iter simply not the tool I should be using to iterate over bans here and if not what could I use ? And if yes what am I doing wrong here ? Best regards, From dridi at varni.sh Wed Jun 18 10:13:43 2025 From: dridi at varni.sh (Dridi Boukelmoune) Date: Wed, 18 Jun 2025 10:13:43 +0000 Subject: Stuck on implementing and integrating VRE_encode/decode function In-Reply-To: References: Message-ID: On Fri, Jun 13, 2025 at 10:00?AM Thibaut Artis wrote: > > Hi everyone, > > > I'm currently working on implementing and integrating VRE_encode/decode > functions as evoked here > https://github.com/varnishcache/varnish-cache/issues/4334 This would normally be a topic for the varnish-dev list, or the github issue itself. > The goal here is to properly de/serialize bans using > pcre2_serialize_encode/decode functions > > What is currently done is that the ban spec is simply written to a VSB, > so what I attempted is to iterate over the ban spec, write the non-regex > parts to the VSB just as it is done now, but when I encounter then I > de/serialize it and then write it to the VSB. > > Here is my WIP > https://github.com/varnishcache/varnish-cache/compare/master...cartoush:varnish-cache:pcre_serialize_bans Looking at the pcre2 API, there are so many constraints with the encoding and decoding that it would probably be much simpler to to serialize the regular expression as a string. > But what I'm stuck with is that simply iterating over a ban spec causes > crashes like so: > > ``` > > *** v1 debug|Assert error in ban_get_lump(), cache/cache_ban.c line 212: > *** v1 debug| Condition(PAOK(*bs)) not true. > ``` > > even though I took example from other places in VC where ban_iter is > used and seems to work correctly. > > Here is a minimal demonstration of how to reproduce that: > https://github.com/varnishcache/varnish-cache/compare/master...cartoush:varnish-cache:test_iter_cache_ban > > So my question here is: Is ban_iter simply not the tool I should be > using to iterate over bans here and if not what could I use ? And if yes > what am I doing wrong here ? This is an alignment problem, so there may be a missing padding to preserve pointer alignment. Dridi From Tom.Anheyer at berlinonline.de Fri Jun 20 09:13:54 2025 From: Tom.Anheyer at berlinonline.de (Tom Anheyer | BerlinOnline) Date: Fri, 20 Jun 2025 09:13:54 +0000 Subject: varnish (plus) http/2 and websockets, server sent events Message-ID: Hello, I don't know if this is specific to varnish plus: If I enable pipe-mode for server sent events in vcl_recv this way: if (?) { set req.http.connection = "close"; return(pipe); } the log shows: - VCL_return pipe - VCL_call HASH - VCL_return lookup - VCL_Error vcl_recv{} returns pipe/connect for HTTP/2 request. Doing pass. - VCL_call PASS Is it possible to use server sent events, websockets with http/2 requests? I've opened a varnish software ticket but I think that's public interest. tom -- Tom Anheyer Senior Developer BerlinOnline GmbH Stefan-Heym-Platz 1 10367 Berlin Germany Tel.: +49-30-5771180-62 Fax: +49 30 5771180-95 E-Mail: tom.anheyer at berlinonline.de berlin.de | berlinonline.net Amtsgericht Berlin-Charlottenburg, HRB 266384 Sitz der Gesellschaft: Berlin, Deutschland USt.-IdNr.: DE219483549 Gesch?ftsf?hrung: Andreas M?ngel, Katrin Dorgeist Vorsitzender des Aufsichtsrats: Nicolas Zimmer -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: This is a digitally signed message part URL: From guillaume.quintard at gmail.com Fri Jun 20 09:37:02 2025 From: guillaume.quintard at gmail.com (Guillaume Quintard) Date: Fri, 20 Jun 2025 11:37:02 +0200 Subject: varnish (plus) http/2 and websockets, server sent events In-Reply-To: References: Message-ID: Hi Tom, This is a base behavior, so Varnish Enterprise inherits it, but it's present in Varnish Cache too. Piping involves foregoing HTTP parsing and just passing all the connection bytes back and forth. It's possible on HTTP 1.x since there's only at most one request per connection, but this breaks with HTTP2 multiplexing, so Varnish does the best thing it can and uses a pass instead. Interestingly, H/2 didn't plan an upgrade path to websockets (or to anything else, really) for a relatively sane reason: H/2 requires TLS and TLS has ALPN that allows you to go to websockets directly, without the upgrade hop. So, to my (maybe outdated) knowledge of H/2, upgrading to websockets isn't possible. Please let me know if I'm not being clear. -- Guillaume Quintard On Fri, Jun 20, 2025, 11:15 Tom Anheyer | BerlinOnline < Tom.Anheyer at berlinonline.de> wrote: > Hello, > > I don't know if this is specific to varnish plus: > > > If I enable pipe-mode for server sent events in vcl_recv this way: > > if (?) { > set req.http.connection = "close"; > return(pipe); > } > > the log shows: > > - VCL_return pipe > - VCL_call HASH > - VCL_return lookup > - VCL_Error vcl_recv{} returns pipe/connect for HTTP/2 request. > Doing pass. > - VCL_call PASS > > > Is it possible to use server sent events, websockets with http/2 requests? > > > I've opened a varnish software ticket but I think that's public interest. > > tom > > -- > Tom Anheyer > Senior Developer > > BerlinOnline GmbH > Stefan-Heym-Platz 1 > 10367 Berlin > Germany > > Tel.: +49-30-5771180-62 > Fax: +49 30 5771180-95 > E-Mail: tom.anheyer at berlinonline.de > > berlin.de | berlinonline.net > > Amtsgericht Berlin-Charlottenburg, HRB 266384 > Sitz der Gesellschaft: Berlin, Deutschland > USt.-IdNr.: DE219483549 > > Gesch?ftsf?hrung: Andreas M?ngel, Katrin Dorgeist > Vorsitzender des Aufsichtsrats: Nicolas Zimmer > > > _______________________________________________ > varnish-misc mailing list > varnish-misc at varnish-cache.org > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Tom.Anheyer at berlinonline.de Mon Jun 23 06:31:50 2025 From: Tom.Anheyer at berlinonline.de (Tom Anheyer | BerlinOnline) Date: Mon, 23 Jun 2025 06:31:50 +0000 Subject: varnish (plus) http/2 and websockets, server sent events In-Reply-To: References: <5c4f3c11a955e836256c9d4e5271c57e6bb95978.camel@BerlinOnline.de> Message-ID: <7da65a9c2a8d56052f5ad326a9cf83597c0bace8.camel@BerlinOnline.de> Good morning, OK, one more. Server-Sent-Events are streaming GET requests. I've tried sub vcl_recv { ? return(pass); } sub vcl_backend_fetch { set bereq.first_byte_timeout = 30s; set bereq.between_bytes_timeout = 30s; } sub vcl_backend_response { set beresp.do_esi = false; set beresp.do_stream = true; } without success. The request is forwarded to the SSE server but comes never back and does not show up in varnishlog. Is there any chance to get this work without `pipe`?? thanks in advance? tom Am Freitag, dem 20.06.2025 um 15:05 +0200 schrieb Guillaume Quintard: > Always a pleasure! Let us know if you have any further questions! > > -- > Guillaume Quintard > > On Fri, Jun 20, 2025, 13:30 Tom Anheyer | BerlinOnline > wrote: > > > > Hi Guillaume, > > > > thank you for your very quick (as always) and clear answer. > > > > tom > > > > Am Freitag, dem 20.06.2025 um 11:37 +0200 schrieb Guillaume Quintard: > > > Hi Tom, > > > This is a base behavior, so Varnish Enterprise inherits it, but it's > > present > > > in Varnish Cache too. > > > Piping involves foregoing HTTP parsing and just passing all the connection > > > bytes back and forth. It's possible on HTTP 1.x since there's only at most > > one > > > request per connection, but this breaks with HTTP2 multiplexing, so > > Varnish > > > does the best thing it can and uses a pass instead. > > > Interestingly, H/2 didn't plan an upgrade path to websockets (or to > > anything > > > else, really) for a relatively sane reason: H/2 requires TLS and TLS has > > ALPN > > > that allows you to go to websockets directly, without the upgrade hop. > > > So, to my (maybe outdated) knowledge of H/2, upgrading to websockets isn't > > > possible. > > > Please let me know if I'm not being clear. > > > -- > > > Guillaume Quintard > > > > > > On Fri, Jun 20, 2025, 11:15 Tom Anheyer | BerlinOnline > > > wrote: > > > > Hello, > > > > > > > > I don't know if this is specific to varnish plus: > > > > > > > > > > > > If I enable pipe-mode for server sent events in vcl_recv this way: > > > > > > > > if (?) { > > > > ? ? set req.http.connection = "close"; > > > > ? ? return(pipe); > > > > } > > > > > > > > the log shows: > > > > > > > > -? ?VCL_return? ? ?pipe > > > > -? ?VCL_call? ? ? ?HASH > > > > -? ?VCL_return? ? ?lookup > > > > -? ?VCL_Error? ? ? vcl_recv{} returns pipe/connect for HTTP/2 request.? > > > > Doing pass. > > > > -? ?VCL_call? ? ? ?PASS > > > > > > > > > > > > Is it possible to use server sent events, websockets with http/2 > > requests? > > > > > > > > > > > > I've opened a varnish software ticket but I thin [1]k that's public > > interest. > > > > > > > > tom? > > > > > > -- Tom Anheyer Senior Developer BerlinOnline GmbH Stefan-Heym-Platz 1 10367 Berlin Germany Tel.: +49-30-5771180-62 Fax: +49 30 5771180-95 E-Mail: tom.anheyer at berlinonline.de berlin.de | berlinonline.net Amtsgericht Berlin-Charlottenburg, HRB 266384 Sitz der Gesellschaft: Berlin, Deutschland USt.-IdNr.: DE219483549 Gesch?ftsf?hrung: Andreas M?ngel, Katrin Dorgeist Vorsitzender des Aufsichtsrats: Nicolas Zimmer [1] pened a varnish software ticket but I thin https://www.google.com/maps/search/pened+a+varnish+software+ticket+but+I+thin?entry=gmail&source=g -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: This is a digitally signed message part URL: From guillaume.quintard at gmail.com Tue Jun 24 07:46:11 2025 From: guillaume.quintard at gmail.com (Guillaume Quintard) Date: Tue, 24 Jun 2025 09:46:11 +0200 Subject: varnish (plus) http/2 and websockets, server sent events In-Reply-To: <7da65a9c2a8d56052f5ad326a9cf83597c0bace8.camel@BerlinOnline.de> References: <5c4f3c11a955e836256c9d4e5271c57e6bb95978.camel@BerlinOnline.de> <7da65a9c2a8d56052f5ad326a9cf83597c0bace8.camel@BerlinOnline.de> Message-ID: Hi Tom, I have a hard time believing this doesn't work with pass, but let's check. Would you be able to run `varnishlig -g raw` as the transaction is going on ? (You don't want extra traffic otherwise things will be hard to follow) -- Guillaume Quintard On Mon, Jun 23, 2025, 08:31 Tom Anheyer | BerlinOnline < Tom.Anheyer at berlinonline.de> wrote: > Good morning, > > OK, one more. Server-Sent-Events are streaming GET requests. I've tried > > sub vcl_recv { > > ? > > return(pass); > > } > > > sub vcl_backend_fetch { > > set bereq.first_byte_timeout = 30s; > > set bereq.between_bytes_timeout = 30s; > > } > > > sub vcl_backend_response { > > set beresp.do_esi = false; > > set beresp.do_stream = true; > > } > > > without success. The request is forwarded to the SSE server but comes > never back and does not show up in varnishlog. Is there any chance to get > this work without `pipe`? > > thanks in advance > tom > > Am Freitag, dem 20.06.2025 um 15:05 +0200 schrieb Guillaume Quintard: > > Always a pleasure! Let us know if you have any further questions! > > -- > Guillaume Quintard > > On Fri, Jun 20, 2025, 13:30 Tom Anheyer | BerlinOnline < > Tom.Anheyer at berlinonline.de> wrote: > > > Hi Guillaume, > > thank you for your very quick (as always) and clear answer. > > tom > > Am Freitag, dem 20.06.2025 um 11:37 +0200 schrieb Guillaume Quintard: > > Hi Tom, > > This is a base behavior, so Varnish Enterprise inherits it, but it's > present > > in Varnish Cache too. > > Piping involves foregoing HTTP parsing and just passing all the > connection > > bytes back and forth. It's possible on HTTP 1.x since there's only at > most one > > request per connection, but this breaks with HTTP2 multiplexing, so > Varnish > > does the best thing it can and uses a pass instead. > > Interestingly, H/2 didn't plan an upgrade path to websockets (or to > anything > > else, really) for a relatively sane reason: H/2 requires TLS and TLS has > ALPN > > that allows you to go to websockets directly, without the upgrade hop. > > So, to my (maybe outdated) knowledge of H/2, upgrading to websockets > isn't > > possible. > > Please let me know if I'm not being clear. > > -- > > Guillaume Quintard > > > > On Fri, Jun 20, 2025, 11:15 Tom Anheyer | BerlinOnline > > wrote: > > > Hello, > > > > > > I don't know if this is specific to varnish plus: > > > > > > > > > If I enable pipe-mode for server sent events in vcl_recv this way: > > > > > > if (?) { > > > set req.http.connection = "close"; > > > return(pipe); > > > } > > > > > > the log shows: > > > > > > - VCL_return pipe > > > - VCL_call HASH > > > - VCL_return lookup > > > - VCL_Error vcl_recv{} returns pipe/connect for HTTP/2 request. > > > Doing pass. > > > - VCL_call PASS > > > > > > > > > Is it possible to use server sent events, websockets with http/2 > requests? > > > > > > > > > I've opened a varnish software ticket but I thin > k > that's public interest. > > > > > > tom > > > > > > -- > > Tom Anheyer > Senior Developer > > BerlinOnline GmbHStefan-Heym-Platz 1 > 10367 Berlin > Germany > > Tel.: +49-30-5771180-62 > Fax: +49 30 5771180-95 > E-Mail: tom.anheyer at berlinonline.de > berlin.de | berlinonline.net > > Amtsgericht Berlin-Charlottenburg, HRB 266384 > Sitz der Gesellschaft: Berlin, Deutschland > USt.-IdNr.: DE219483549 > > Gesch?ftsf?hrung: Andreas M?ngel, Katrin Dorgeist > Vorsitzender des Aufsichtsrats: Nicolas Zimmer > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Tom.Anheyer at berlinonline.de Tue Jun 24 13:34:39 2025 From: Tom.Anheyer at berlinonline.de (Tom Anheyer | BerlinOnline) Date: Tue, 24 Jun 2025 13:34:39 +0000 Subject: varnish (plus) http/2 and websockets, server sent events In-Reply-To: References: <5c4f3c11a955e836256c9d4e5271c57e6bb95978.camel@BerlinOnline.de> <7da65a9c2a8d56052f5ad326a9cf83597c0bace8.camel@BerlinOnline.de> Message-ID: <8086ff1619e43f055761efaa1c05acf29d08ac15.camel@BerlinOnline.de> Hello Guillaume, You are right - it should work and :drumroll: it works! I've enabled nearly all debug settings and see: ? 327685 VCL_call b BACKEND_RESPONSE 327685 TTL b VCL -1 3600 0 1750771561 uncacheable 327685 TTL b VCL -1 3600 300 1750771561 uncacheable 327685 VCL_Log b server_sent_events_vcl_backend_response 327685 VCL_return b pass 327685 VCL_call b VHA_INTERNAL 327685 VCL_return b ok 327685 Timestamp b Process: 1750771560.572744 0.837391 0.000332 327685 BerespHeader b Content-Encoding: gzip 327685 BerespHeader b Vary: Accept-Encoding 327685 Storage b mse s0 327685 Fetch_Body b 2 chunked stream ? ? 327685 VCL_call ? ? ? b BACKEND_RESPONSE ? ? 327685 TTL ? ? ? ? ? ?b VCL -1 3600 0 1750771561 uncacheable ? ? 327685 TTL ? ? ? ? ? ?b VCL -1 3600 300 1750771561 uncacheable ? ? 327685 VCL_Log ? ? ? ?b server_sent_events_vcl_backend_response ? ? 327685 VCL_return ? ? b pass ? ? 327685 VCL_call ? ? ? b VHA_INTERNAL ? ? 327685 VCL_return ? ? b ok ? ? 327685 Timestamp ? ? ?b Process: 1750771560.572744 0.837391 0.000332 ? ? 327685 BerespHeader ? b Content-Encoding: gzip ? ? 327685 BerespHeader ? b Vary: Accept-Encoding ? ? 327685 Storage ? ? ? ?b mse s0 ? ? 327685 Fetch_Body ? ? b 2 chunked stream Varnishd is waiting for compressable bytes and stops the stream. I've added `set beresp.do_gzip = false;` and it works. Current config looks like: sub server_sent_events_vcl_recv { set req.backend_hint = server_sent_events.backend(); unset req.http.Accept-Encoding; return(pass); } sub server_sent_events_vcl_backend_fetch { if (bereq.backend == server_sent_events.backend()) { std.log("server_sent_events_vcl_backend_fetch"); set bereq.first_byte_timeout = 30s; set bereq.between_bytes_timeout = 30s; } } sub server_sent_events_vcl_backend_response { if (bereq.backend == server_sent_events.backend()) { if (beresp.http.content-type == "text/event-stream") { std.log("server_sent_events_vcl_backend_response"); set beresp.do_esi = false; set beresp.do_gzip = false; set beresp.do_stream = true; return (pass); } } } Thank you tom Am Dienstag, dem 24.06.2025 um 09:46 +0200 schrieb Guillaume Quintard: > Hi Tom, > I have a hard time believing this doesn't work with pass, but let's check. > Would you be able to run `varnishlig -g raw` as the transaction is going on ? > (You don't want extra traffic otherwise things will be hard to follow) > > --? > Guillaume Quintard > > On Mon, Jun 23, 2025, 08:31 Tom Anheyer | BerlinOnline > wrote: > > Good morning, > > > > OK, one more. Server-Sent-Events are streaming GET requests. I've tried > > > > sub vcl_recv { > > ? > > return(pass); > > } > > > > sub vcl_backend_fetch { > > set bereq.first_byte_timeout = 30s; > > set bereq.between_bytes_timeout = 30s; > > } > > > > sub vcl_backend_response { > > set beresp.do_esi = false; > > set beresp.do_stream = true; > > } > > > > > > without success. The request is forwarded to the SSE server but comes never > > back and does not show up in varnishlog. Is there any chance to get this > > work without `pipe`?? > > > > thanks in advance? > > tom > > > > Am Freitag, dem 20.06.2025 um 15:05 +0200 schrieb Guillaume Quintard: > > > Always a pleasure! Let us know if you have any further questions! > > > > > > -- > > > Guillaume Quintard > > > > > > On Fri, Jun 20, 2025, 13:30 Tom Anheyer | BerlinOnline > > > wrote: > > > > > > > > Hi Guillaume, > > > > > > > > thank you for your very quick (as always) and clear answer. > > > > > > > > tom > > > > > > > > Am Freitag, dem 20.06.2025 um 11:37 +0200 schrieb Guillaume Quintard: > > > > > Hi Tom, > > > > > This is a base behavior, so Varnish Enterprise inherits it, but it's > > > > present > > > > > in Varnish Cache too. > > > > > Piping involves foregoing HTTP parsing and just passing all the > > > > connection > > > > > bytes back and forth. It's possible on HTTP 1.x since there's only at > > > > most one > > > > > request per connection, but this breaks with HTTP2 multiplexing, so > > > > Varnish > > > > > does the best thing it can and uses a pass instead. > > > > > Interestingly, H/2 didn't plan an upgrade path to websockets (or to > > > > anything > > > > > else, really) for a relatively sane reason: H/2 requires TLS and TLS > > > > has ALPN > > > > > that allows you to go to websockets directly, without the upgrade hop. > > > > > So, to my (maybe outdated) knowledge of H/2, upgrading to websockets > > > > isn't > > > > > possible. > > > > > Please let me know if I'm not being clear. > > > > > -- > > > > > Guillaume Quintard > > > > > > > > > > On Fri, Jun 20, 2025, 11:15 Tom Anheyer | BerlinOnline > > > > > wrote: > > > > > > Hello, > > > > > > > > > > > > I don't know if this is specific to varnish plus: > > > > > > > > > > > > > > > > > > If I enable pipe-mode for server sent events in vcl_recv this way: > > > > > > > > > > > > if (?) { > > > > > > ? ? set req.http.connection = "close"; > > > > > > ? ? return(pipe); > > > > > > } > > > > > > > > > > > > the log shows: > > > > > > > > > > > > -? ?VCL_return? ? ?pipe > > > > > > -? ?VCL_call? ? ? ?HASH > > > > > > -? ?VCL_return? ? ?lookup > > > > > > -? ?VCL_Error? ? ? vcl_recv{} returns pipe/connect for HTTP/2 > > > > request.? > > > > > > Doing pass. > > > > > > -? ?VCL_call? ? ? ?PASS > > > > > > > > > > > > > > > > > > Is it possible to use server sent events, websockets with http/2 > > > > requests? > > > > > > > > > > > > > > > > > > I've opened a varnish software ticket but I thin [1]k that's public > > > > interest. > > > > > > > > > > > > tom? > > > > > > > > > > > > > > -- Tom Anheyer Senior Developer BerlinOnline GmbH Stefan-Heym-Platz 1 10367 Berlin Germany Tel.: +49-30-5771180-62 Fax: +49 30 5771180-95 E-Mail: tom.anheyer at berlinonline.de berlin.de | berlinonline.net Amtsgericht Berlin-Charlottenburg, HRB 266384 Sitz der Gesellschaft: Berlin, Deutschland USt.-IdNr.: DE219483549 Gesch?ftsf?hrung: Andreas M?ngel, Katrin Dorgeist Vorsitzender des Aufsichtsrats: Nicolas Zimmer [1] pened a varnish software ticket but I thin https://www.google.com/maps/search/pened+a+varnish+software+ticket+but+I+thin?entry=gmail&source=g -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: This is a digitally signed message part URL: