confighttp: Including lz4 as supported compression encoding #11108
Conversation
MovieStoreGuy
force-pushed
the
msg/feature-include-lz4-compression
branch
from
0e22c51
to
623ae28
Compare
|
Fixes #9128 |
MovieStoreGuy
force-pushed
the
msg/feature-include-lz4-compression
branch
from
d84a596
to
4c355ac
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #11108 +/- ##
=======================================
Coverage 91.91% 91.92%
=======================================
Files 430 430
Lines 20313 20327 +14
=======================================
+ Hits 18671 18685 +14
Misses 1268 1268
Partials 374 374 ☔ View full report in Codecov by Sentry. |
MovieStoreGuy
force-pushed
the
msg/feature-include-lz4-compression
branch
2 times, most recently
from
d068cd4
to
bc5b681
Compare
There was a problem hiding this comment.
This looks good. I reviewed the library's code as well, and I don't think it would be affected by a situation similar to the CVE we had a couple of months ago. That said, would you be able to do a positive confirmation? The test would be to encode a huge blob that compressed to a tiny payload, and see if the decoding would explode the collector.
MovieStoreGuy
force-pushed
the
msg/feature-include-lz4-compression
branch
from
12f1972
to
5cf5312
Compare
So this somewhat blew out the original PR intent but, I also noticed that snappy would also be subject to a similar attack considering the steps it would take:
To work around this, I wrote a small wrapper that effectively delays the read until it is actually needed however, since we are no longer reading the entire compressed body, that buffer is also coupled with the compressed reader. This allows the wrapper on close to discard any remaining compressed values and return the result of the original buffer's closed state. |
|
Turns out I don't actually need the wrapper, I could move the logic into the ServeHTTP method. I will clean up the commit history once the pipeline is happy. |
MovieStoreGuy
force-pushed
the
msg/feature-include-lz4-compression
branch
2 times, most recently
from
171bcdc
to
5ea30fc
Compare
MovieStoreGuy
force-pushed
the
msg/feature-include-lz4-compression
branch
3 times, most recently
from
e77f66c
to
3f6fb5f
Compare
MovieStoreGuy
force-pushed
the
msg/feature-include-lz4-compression
branch
2 times, most recently
from
a27996b
to
34f2030
Compare
MovieStoreGuy
force-pushed
the
msg/feature-include-lz4-compression
branch
4 times, most recently
from
2e2827d
to
a4c6dac
Compare
Having trialed out the compression algorithm in a differnt project, the performance impact has greatly reduced the amount of resource overhead with similar compression ratios when compared to flate or gzip.
MovieStoreGuy
force-pushed
the
msg/feature-include-lz4-compression
branch
from
9e77f44
to
51ddec9
Compare
Description
Adding in support for lz4 compression into the project, I have seen it perform amazing well in other projects that send a lot of traffic and were originally using
gziporflate.It would be really great to have for environments that are cpu, memory sensitive.
Link to tracking issue
Fixes 9128
Testing
I've updated the existing test frameworks to include lz4 in their suite
Documentation
I've updated the readmes to include lz4 but I suspect there might be more places to update.