gzip filter: make sure the stream ends properly

[dio]

gzip filter: make sure the stream ends properly

This patch adds additional call of Z_FINISH to properly ends gzip
stream. This also provides a reset functionality since an ended stream
needs to be re-init'ed.

Risk Level: Low

Testing:

• Maintain the corresponding unit and integration tests to be PASSED.
• Manual test by following repro steps defined in GZip Filter doesn't work on some clients #2909

Docs Changes:
N/A

Release Notes:
N/A

Fixes #2909

Signed-off-by: Dhi Aurrahman dio@rockybars.com

[dio]

@gsagula this is an attempt to try to cure #2909. Thanks!

[gsagula]

@dio I'll take a look at. Thank you for fixing it!

[mattklein123]

Nice, thanks for fixing. Will defer to @gsagula for review but some quick comments.

[mattklein123]

nit: prefer to do this in a loop vs recursively (even though I know the recursion depth will be small).

[gsagula]

You could do something similar to deflateNext():

while (deflateNext(Z_FINISH)) {
    if (zstream_ptr_->avail_out == 0) {
      updateOutput(output_buffer);
    }
  }

... and then handle the logic inside deflateNext(..):

const int result = deflate(zstream_ptr_.get(), flush_state);
  
  switch (flush_state) {  
  case Z_FINISH:
    if (result != Z_OK && result != Z_BUF_ERROR) { 
      RELEASE_ASSERT(result == Z_STREAM_END);
      return false;
    }

  default:
    if (result == Z_BUF_ERROR && zstream_ptr_->avail_in == 0) {
      return false; // This means that zlib needs more input, so stop here.
    }
    RELEASE_ASSERT(result == Z_OK);
  }

  return true;

Just a suggestion, but it is up to you :)

[dio]

Thanks. This is nicer. 👍

[mattklein123]

I haven't look at this code much at all, but it seems like flush/finish finish can be logically combined? Shouldn't finish implicitly flush before finishing?

[gsagula]

@dio My apologies for missing the GH notifications about the issue and, thank you again for this fix! It looks great, just a few comments.

[gsagula]

One problem that I found when implementing this extension using Z_FINISH in combination with transfer-encoding chunked, is that large payloads cause the stream to fail. The only way that I could make this to work was using Z_SYNC_FLUSH, or buffering the entire stream, compressing it and applying Z_FINISH. I'm not one hundred percent sure why, but I would recommend trying to stream something over 100MB just for the sake. I'll try testing this use-case a bit later if I have a chance. Thanks!

[gsagula]

I think it's important to have testing coverage here too.

[gsagula]

I think we need some death tests to exercise this logic.

[dio]

OK. Will try to have it.

[gsagula]

You could do something similar to deflateNext():

while (deflateNext(Z_FINISH)) {
    if (zstream_ptr_->avail_out == 0) {
      updateOutput(output_buffer);
    }
  }

... and then handle the logic inside deflateNext(..):

const int result = deflate(zstream_ptr_.get(), flush_state);
  
  switch (flush_state) {  
  case Z_FINISH:
    if (result != Z_OK && result != Z_BUF_ERROR) { 
      RELEASE_ASSERT(result == Z_STREAM_END);
      return false;
    }

  default:
    if (result == Z_BUF_ERROR && zstream_ptr_->avail_in == 0) {
      return false; // This means that zlib needs more input, so stop here.
    }
    RELEASE_ASSERT(result == Z_OK);
  }

  return true;

Just a suggestion, but it is up to you :)

[gsagula]

I think deflateReset() does not deallocate memory. It just reset the counters and returns the stream results. Can you add a line to the comment explaining this?
From zlib manual:

This function is equivalent to deflateEnd followed by deflateInit, but does 
not free and reallocate the internal compression state. The stream will leave 
the compression level and any other attributes that may have been 
set unchanged.

[dio]

Got it.

[dio]

@gsagula yes, that came into my mind while proposing this PR. Will try to have a test on it.

[dio]

@gsagula, so I have this simple test server in node (sorry for some .js 😆) serving a small .txt file and an over 100MB .pdf file. The following gives you Transfer-Encoding: chunked,

const Server = require("http").Server;
const fs = require("fs");
const server = new Server((req, res) => {
  return fs
    .createReadStream(req.url == "/book" ? "book.pdf" : "a.txt")
    .pipe(res);
});

server.listen(1234);

Then,

1. Run and put the server as an upstream host
2. Get the book.pdf using curl localhost:9000/book -H 'Host: test-server.com' -H 'Accept-Encoding: gzip' -o book1.pdf.gz
3. gunzip the dumped file.
4. Open the file.

Seems fine.

[gsagula]

@dio That's awesome! I will do a final pass and some more manual testing.
Thank you for all the work 👍

ps. (Js and Crypto) are the two words that make things popular these days :)

[gsagula]

Thanks for adding more death tests.

[gsagula]

This looks much cleaner!

[gsagula]

LGTM, I will defer to @dnoe if he also wants to take a quick look. Thanks for the fix.

[mattklein123]

nit/question: IMO it's a bit strange to finish in the context of a sync_flush operation. They are distinct operations from the deflate perspective. Since I think now when we call flush() we actually want to finish(), should we remove the flush() method for now and just add a direct finish() method?

[dio]

@mattklein123 yes, from my test it works fine to just calling finish() from the filter.

Since the flush() would not be used anymore, I think I need to: update the tests as well. Since the current tests are around Z_SYNC_FLUSH.

Or should we just keep the flush() method in ZlibCompressorImp?

[mattklein123]

I would prefer we delete methods we don't actually need. We can always add them back later. @gsagula WDYT?

[gsagula]

@mattklein123 I'm in favor of deleting any method that is not being used. @dio It makes sense to replace flush() with finish(), but we still use Z_SYNC_FLUSH internally, correct? FYI, as soon as I get a chance I would like to revisit this entire implementation anyway, so don't worry too much about the design.

[dio]

It makes sense to replace flush() with finish(), but we still use Z_SYNC_FLUSH internally, correct?

I think without Z_SYNC_FLUSH-ing it is fine. Z_SYNC_FLUSH adds that 0000ffff right before crc32 and isize, which probably it is not necessary?

Will push a commit and let you know.

FYI, as soon as I get a chance I would like to revisit this entire implementation anyway, so don't worry too much about the design.

Fantastic! Probably we can include deflate and deflateRaw as well 🙂

[gsagula]

I think without Z_SYNC_FLUSH-ing it is fine. Z_SYNC_FLUSH adds that 0000ffff right before crc32 and isize, which probably it is not necessary?

@dio Good point, but I think we still need sync for byte padding (I need to look into it). Here is what others have done. It seems that Z_SYNC_FLUSH is still broadly used.

https://github.com/apache/trafficserver/blob/711c4f4be103b44c1971196297c373d7684a0db5/plugins/gzip/gzip.cc#L319

https://github.com/facebook/proxygen/blob/1084545a0015b65882e3256fe18f505942472d40/proxygen/lib/utils/ZlibStreamCompressor.cpp#L146

https://github.com/nginx/nginx/blob/53eae18826d13cb4c7db6680029cac53bfb2a18a/src/http/modules/ngx_http_gzip_filter_module.c#L745

Fantastic! Probably we can include deflate and deflateRaw as well

I think to do one for Brotli as well would be cool. Some interesting use-cases can be explored when multiple compression types are available :)

[gsagula]

@dio Did you see my comment about Z_SYNC_FLUSH? I'm not sure if we can remove it. I'll need to look into it.

[dio]

@gsagula sorry for missing that. Will revert back and investigate.

[gsagula]

I see that you found a way to use no_flush. Did you check if it works with multiple slices?

[dio]

I have a test in here a291b5c.

[gsagula]

Thanks @dio! Just couple comments. I would also make sure that the following use cases work:

• stream a large text file and save it in .gz format (the actual bug)
• stream a large text to clients (browser/curl --compressed)
• stream a non-compressible file (it actually expands)

[gsagula]

Would this logic work with any other zlib flush state, e.g. Z_PARTIAL_FLUSH?

[dio]

Will definitely check this out.

[dio]

@gsagula the Z_PARTIAL_FLUSH works confirmed by a quick manual test for a small and big file stream from upstream. (the unit tests obviously need to be adapted, do you want me to make it an option i.e. either to use SYNC_FLUSH or PARTIAL_FLUSH?).

[gsagula]

No, I was just wondering if other states also work since the currently logic will default to any that is not Z_FINISH. Thanks for testing it.

[dio]

@gsagula

• stream a large text file and save it in .gz format (the actual bug)

I have manually tested it. And I think it is passed.

• stream a large text to clients (browser/curl --compressed)

I have manually tested it. And I think it is passed.

• stream a non-compressible file (it actually expands)

I can see that currently, the filter by default compresses the stream (if the accept-encoding is required and transferred as chunks). I think we should by default don't compress and only care for whitelisted content-type.

I can do detection (of the magic numbers) but it seems too much and will introduce false-positive?

[gsagula]

I can see that currently, the filter by default compresses the stream (if the accept-encoding is required and transferred as chunks). I think we should by default don't compress and only care for whitelisted content-type.

I'm not sure I follow this one. Would mind to elaborate it, please?

I can do detection (of the magic numbers) but it seems too much and will introduce false-positive?

I think checking for the magic number is still not reliable. One common idiom is to buffer the entire response, compress it and, verify that didn't expand. However, this approach would have other side-effects such as latency and memory. For now, we just compress anything and assume that most of the time this filter will be receiving compressible content.

[dio]

I'm not sure I follow this one. Would mind to elaborate it, please?

@gsagula e.g. having this:

          http_filters:
          - name: envoy.gzip
            config:
              memory_level: 9
              compression_level: BEST

when a client asks for Accept-Encoding: gzip, the filter compresses the upstream's stream regardless Content-Type (hence even when the chunks from the upstream are already compressed, the filter compresses again)

[gsagula]

the filter compresses the upstream's stream regardless Content-Type

I don't think so, it validates against the default ist if none is specified in the config:

A response does not contain a content-type value that matches one of the selected mime-types, which default to application/javascript, application/json, application/xhtml+xml, image/svg+xml, text/css, text/html, text/plain, text/xml.

https://www.envoyproxy.io/docs/envoy/latest/configuration/http_filters/gzip_filter.html?highlight=gzip#how-it-works

envoy/source/extensions/filters/http/gzip/gzip_filter.cc

Line 32 in 55a95f4

CONSTRUCT_ON_FIRST_USE(std::vector<std::string>,

[dio]

@gsagula Hum, it seems my test server doesn't send Content-Type. Haha. So it is being hit by

https://github.com/envoyproxy/envoy/blob/master/source/extensions/filters/http/gzip/gzip_filter.cc#L205

Sorry for false alarm.

So yeah, I think I have your concerns tested now.

[gsagula]

That's a nice helper! Can you add a small comment explaining where this 10 is coming from?

[dio]

Think this one is part of my debugging artifacts. Guess it should be 6, but I will remove it for now to avoid confusion.

[gsagula]

I think we should use this for all the other tests too, but no worries for now. We can do that in a separated PR when revisiting this implementation.

[dio]

OK.

[gsagula]

Where is this being used?

[dio]

https://github.com/dio/envoy/blob/3f3a1757b08128dcd7f21c9a6980c5d4c9f33e69/test/common/compressor/zlib_compressor_impl_test.cc#L60 to check the correctness of stored ISIZE after a buffer is Z_FINISH-ed

[gsagula]

Oh sorry, I didn't see.

[gsagula]

LGTM, Thanks for correcting it. Just one minor comment.

[mattklein123]

LGTM, just a small question/comment and also needs a master merge.

[mattklein123]

Can you specify that the buffer contents will be replaced inline with compressed data?

[mattklein123]

Can you add an ASSERT into process that confirms that in the case of Z_NO_FLUSH no data is added to the buffer? Is that always guaranteed? I'm still a little concerned about the in/out buffer behavior here. Otherwise can you add more comments?

[dio]

It turns out if with RLE, SPEED and 1 as memory level, I can see a case when data is being added to the buffer when flush_state == Z_NO_FLUSH. Will try to debug it.

[gsagula]

Hi @mattklein123 You probably saw something that we didn't see. Question, even if data is added to the buffer, what the consequences would be?

[mattklein123]

I think it will work, because you add data to the end, and you drain from the beginning. Also, you snap the slices before you start adding, so you should never drain compressed data. However, it's not super intuitive how this works, so if you keep it this way I would add a bunch of comments (I think it's probably fine w/ comments).

[gsagula]

I agree that this is not the most intuitive design. I'm planning on revisiting this implementation as soon as I get some stuff out of my way. What @dio and I agreed, was to go for correctness first. We will add the comments though. Thanks for the input.

[dio]

Thanks, @mattklein123! I have added the comments and done a master merge.

[mattklein123]

Thank you @dio and @gsagula! Awesome work!