Skip to content

4399 invalid refresh#4400

Merged
nigoroll merged 5 commits intovarnishcache:masterfrom
nigoroll:4399_invalid_refresh
Oct 15, 2025
Merged

4399 invalid refresh#4400
nigoroll merged 5 commits intovarnishcache:masterfrom
nigoroll:4399_invalid_refresh

Conversation

@nigoroll
Copy link
Member

@nigoroll nigoroll commented Sep 24, 2025
edited
Loading

This PR addresses the experience documented in #4399: It makes no sense to attempt a conditional GET if we are going to fail it anyway later when sub vcl_builtin_backend_refresh / sub vcl_refresh_status run. In particular, even if the VCL has a retry in vcl_backend_error {}, we would attempt the same failing conditional request again.

There are three trivial commits:

  • The first is taken from c461fb2, which @dridi had proposed in condfetch: Skip revalidation of an invalidated stale_oc #4082 after he pointed out that he had already written the same code as I proposed, but including a vtc. Here we avoid initializing a conditional request if the stale object is already dying when we make the bereq0.
  • The second commit is to clear the conditional headers for each (new) fetch (after retries) in case conditions have changed. This addresses, in particular, the case described above.
  • The third commit is to disambiguate the error between the two cases where we fail a 304 response and to give guidance on the 304 of non-200 objects use case (which does not conform with http).

@nigoroll nigoroll marked this pull request as draft September 24, 2025 13:38
dridi
dridi reviewed Sep 24, 2025
View reviewed changes
@nigoroll nigoroll force-pushed the 4399_invalid_refresh branch 3 times, most recently from f35bd5a to aaa56ef Compare September 25, 2025 14:48
@nigoroll nigoroll marked this pull request as ready for review September 25, 2025 14:56
dridi
dridi reviewed Sep 25, 2025
View reviewed changes
@nigoroll nigoroll force-pushed the 4399_invalid_refresh branch from aaa56ef to 9c069fb Compare September 25, 2025 15:23
dridi
dridi reviewed Sep 25, 2025
View reviewed changes
dridi
dridi reviewed Sep 25, 2025
View reviewed changes
@nigoroll nigoroll self-assigned this Sep 29, 2025
@nigoroll
Copy link
Member Author

nigoroll commented Sep 29, 2025

bugwash: phk ok, I need to work thorugh dridis feedback

@nigoroll nigoroll mentioned this pull request Oct 6, 2025
Open
dridi and others added 5 commits October 15, 2025 08:08
@dridi @nigoroll
condfetch: Demote to fetch for dying stale_oc
8b41c8c 
When it is time to decide between making a bereq for a regular or conditional
fetch, we need to ensure that the stale object is still valid. There is a window
between the lookup and the begining of a fetch task during which the object
could have been invalidated, in particular if the fetch task was queued.

Catching it early allows to proceed with a regular fetch.

Comitter edit: Minor wording change above, because the mkbereq step is not
entered for retries.

Ref varnishcache#4399
@nigoroll
fetch: No conditional GET if our stale object is dying
f084558 
Similar to the previous commit, but we also need to re-check the condition for
each backend request because we might have re-tried.

Ref varnishcache#4399
@nigoroll
builtin.vcl: Explain backend refresh errros better
8802338 
We now use a specific reason for the cases of a late fail of a 304 response and
also explain how the "wrong status" case can happen and, if intentional, what
needs to be done to make it work.
@dridi @nigoroll
condfetch: Test retrying a bereq on a dying stale object
671b93b 
The built-in vcl_refresh_valid returns a 503 error if the stale object used for
revalidation gets invalidated while the backend fetch is in progress.

One alternative is to not dismiss the stale object, but that can lead to
invalidated objects being re-instantiated through concurrent refreshes (varnishcache#4082).

This test case covers the other alternative, which is to retry the fetch. We
could use

       sub vcl_refresh_valid {
               if (!obj_stale.is_valid) {
                       # core code removes conditional headers INM/IMS
                       return (retry);
               }
       }

but more realisticly, real world VCL will retry in v_b_e, so we take that route
and keep the built-in vcl_refresh_valid {}

The plain retry works because core code detects the invalidated stale object and
removes the conditional headers.

Committer edit: Removed code change from original commit, edited test case and,
rewrote commit message. See
varnishcache#4400 (comment)
@nigoroll
doc: Explain vcl_refresh_* better
bb1259f 
as suggested by Dridi here: varnishcache#4400 (comment)
@nigoroll nigoroll force-pushed the 4399_invalid_refresh branch from 9c069fb to bb1259f Compare October 15, 2025 07:59
@nigoroll nigoroll merged commit bb1259f into varnishcache:master Oct 15, 2025
1 of 10 checks passed
@nigoroll nigoroll deleted the 4399_invalid_refresh branch October 15, 2025 08:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dridi dridi dridi left review comments

Assignees

@nigoroll nigoroll

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nigoroll @dridi