fix(cache): bound retained entries and refresh cache usage#1371
Open
maybeknott wants to merge 2 commits into
Open
fix(cache): bound retained entries and refresh cache usage#1371maybeknott wants to merge 2 commits into
maybeknott wants to merge 2 commits into
Conversation
The MITM certificate manager caches generated rustls ServerConfig instances by domain so repeated HTTPS interception does not regenerate a leaf certificate for every connection. That cache was an unbounded HashMap, so long-running sessions that touched many hostnames could retain every generated leaf configuration until process exit. Add an explicit leaf-cache capacity and maintain a small LRU order alongside the existing domain map. Cache hits refresh their eviction position, replacements remove stale order entries, and inserts evict the oldest cached domain once the configured capacity is reached. The default limit keeps hot domains reusable while preventing unbounded growth in generated certificate chains, private-key material wrapped in rustls configs, and per-domain server state. Add focused tests for capacity eviction and hit-refresh behavior using a reduced test capacity. The public MITM API, CA storage layout, generated leaf contents, ALPN settings, and certificate validity rules remain unchanged; only cache retention policy changes.
The response cache is byte-bounded and evicts from an order queue when inserting a new entry would exceed the configured capacity. Before this change, that queue only reflected insertion order: a frequently reused cached response could still be evicted ahead of colder entries if it happened to be inserted earlier. Refresh the cache order on successful, unexpired get calls. The cached bytes are cloned before mutating the order queue, the hit counter behavior is preserved, and expired entries still remove their stored bytes and order entry before recording a miss. Update the eviction regression test so it exercises true least-recently-used behavior: after warming entry a, inserting entry f evicts b rather than the recently read a. Cache size accounting, TTL parsing, cacheability rules, entry-size rejection, and the public ResponseCache API remain unchanged.
maybeknott
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Cache retention now has bounded ownership and true recency refresh behavior.
This PR has two focused cache-correctness changes:
MitmCertManagerbounds the generated leaf certificateServerConfigcache with a small LRU order, so long-running HTTPS interception sessions do not retain every generated per-domain server config until process exit;ResponseCacherefreshes an entry's eviction position on successful, unexpired cache hits, so frequently reused response entries are not evicted ahead of colder entries only because they were inserted earlier.The MITM cache change preserves the public MITM API, CA storage layout, generated leaf contents, ALPN settings, and certificate validity rules. It only changes retention policy for generated leaf configs and associated per-domain state.
The response-cache change preserves TTL handling, hit/miss counters, byte accounting, cacheability rules, entry-size rejection, and the public
ResponseCacheAPI. Expired entries still remove their stored bytes and order entry before recording a miss.Focused tests cover MITM cache capacity eviction, MITM hit-refresh behavior, and response-cache least-recently-used eviction after a hit refresh.