Skip to content

Extend pipeline autest to verify HTTP/1.1 request framing#13402

Open
bneradt wants to merge 1 commit into
apache:masterfrom
bneradt:request-framing-autest
Open

Extend pipeline autest to verify HTTP/1.1 request framing#13402
bneradt wants to merge 1 commit into
apache:masterfrom
bneradt:request-framing-autest

Conversation

@bneradt

@bneradt bneradt commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

Traffic Server already handles these request shapes correctly; this
patch adds no product code and changes no behavior. It only adds test
coverage so that the currently correct handling cannot regress
unnoticed.

A proxy that disagrees with its origin about where a request body ends
can be desynchronized from that origin. Two common shapes provoke this:
pipelining a body-less POST (Content-Length: 0) ahead of a second
request, and sending a request with conflicting Content-Length header
fields. Traffic Server must keep such request boundaries intact.

This extends the pipeline autest with two runs that exercise those
shapes. This confirms that Traffic Server delivers the pipelined
requests to the origin as two independent requests, so the second
request cannot be folded into the first, and that it rejects the
ambiguously-framed request rather than forwarding it.

@bneradt bneradt added this to the 11.0.0 milestone Jul 17, 2026
Copilot AI review requested due to automatic review settings July 17, 2026 23:10
@bneradt bneradt self-assigned this Jul 17, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR strengthens ATS’s HTTP/1.1 request-framing regression coverage in the existing pipeline gold test suite by adding a purpose-built origin recorder and a raw-socket client to validate that pipelined boundaries are preserved and that ambiguous framing (conflicting Content-Length) is rejected.

Changes:

  • Add a recording origin helper that parses headers and a Content-Length body to log request boundaries as received.
  • Add a raw-socket client helper that can send either a Content-Length: 0 POST followed by a pipelined request, or a request with conflicting Content-Length headers.
  • Extend pipeline.test.py with two new runs that exercise these framing shapes against ATS as a reverse proxy.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File Description
tests/gold_tests/pipeline/request_framing_server.py New origin helper to parse/log request framing and respond per-request so tests can verify boundaries.
tests/gold_tests/pipeline/request_framing_client.py New client helper to generate the two framing scenarios and print received responses for assertions.
tests/gold_tests/pipeline/pipeline.test.py Adds TestRequestFraming runs and assertions to validate correct pipelining behavior and rejection of conflicting Content-Length.

Comment thread tests/gold_tests/pipeline/request_framing_client.py
Comment thread tests/gold_tests/pipeline/request_framing_server.py Outdated
Comment thread tests/gold_tests/pipeline/pipeline.test.py
@bneradt bneradt removed the Tests label Jul 17, 2026
Traffic Server already handles these request shapes correctly; this
patch adds no product code and changes no behavior. It only adds test
coverage so that the currently correct handling cannot regress
unnoticed.

A proxy that disagrees with its origin about where a request body ends
can be desynchronized from that origin. Two common shapes provoke this:
pipelining a body-less POST (Content-Length: 0) ahead of a second
request, and sending a request with conflicting Content-Length header
fields. Traffic Server must keep such request boundaries intact.

This extends the pipeline autest with two runs that exercise those
shapes. This confirms that Traffic Server delivers the pipelined
requests to the origin as two independent requests, so the second
request cannot be folded into the first, and that it rejects the
ambiguously-framed request rather than forwarding it.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings July 17, 2026 23:17
@bneradt
bneradt force-pushed the request-framing-autest branch from 5d60042 to 81a3b0d Compare July 17, 2026 23:17

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

Comment on lines +96 to +110
sock.settimeout(5.0)
responses = b""
try:
while True:
data = sock.recv(4096)
if not data:
break
responses += data
# We expect at most two responses; stop once we have both status
# lines and the connection goes quiet.
if responses.count(b'HTTP/1.1') >= 2 and responses.endswith(b'\n'):
break
except socket.timeout:
print('Read timed out.')

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

Status: No status
Status: No status

Development

Successfully merging this pull request may close these issues.

2 participants