Strange cache bypass on curl requests

[krizhanovsky]

Our website VM's are configured with keepalived checking Tempesta FW's status with

curl -s -k --http2 --output /dev/null -H 'User-Agent: ka-probe' https://tempesta-tech.com/

ran inside a VM with Tempesta FW and the VMs are configured with static address for tempesta-tech.com as 127.0.0.1.

For some reason I see that all the requests are passed to the upstream WordPress container, while I'd expect that they should be serviced from the cache. /proc/tempesta/perfstat also shows that all the requests are cache misses.

Need to understand why Tempesta doesn't service the requests from the cache - whether it's a bug or does RFC requires that by default content isn't serviced from the cache. In this case need to figure out which header we should pass to curl (and verify that Tempesta does service such requests from the cache) and commit the changes to the website repo keepalived.conf. After that please reassign the task to me that I'll deploy the changes on the production website.

[mbabitski-t]

Could not reproduce on:

• TempestaFW 0.7.0 with 5.10.35.tfw-4c9ba16 (release)
• TempestaFW 52a16e5 with 5.10.35 978c1d24f4be931a001f63a6803490fe62fbb963 (master)
• curl 7.81.0 (x86_64-pc-linux-gnu) libcurl/7.81.0 OpenSSL/3.0.2 zlib/1.2.11 brotli/1.0.9 zstd/1.4.8 libidn2/2.3.2 libpsl/0.21.0 (+libidn2/2.3.2) libssh/0.9.6/openssl/zlib nghttp2/1.43.0 librtmp/2.3 OpenLDAP/2.5.16

Observed behavior is ok:

• TempestaFW reports correct, incrementing age header.
• First request takes time, all subsqeuent requests are served instantly from cache.
• Keep-Alive, HTTP2 options do not affect caching behavior.

[krizhanovsky]

Curl headers session on the production:

GET / HTTP/2
Host: tempesta-tech.com
accept: */*
user-agent: ka-probe

HTTP/2 200 
date: Sat, 06 Jan 2024 20:57:32 GMT
link: <https://tempesta-tech.com/wp-json/>; rel="https://api.w.org/"
link: <https://tempesta-tech.com/wp-json/wp/v2/pages/25>; rel="alternate"; type="application/json"
link: <https://tempesta-tech.com/>; rel=shortlink
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
via: 2.0 tempesta_fw (Tempesta FW 0.7.0)
content-length: 297989
server: Tempesta FW/0.7.0
strict-transport-security: max-age=31536000; includeSubDomains

There are also a lot of error messages like

[2166992.111753] [tdb] ERROR: out of free space
[2166992.112402] [tdb] ERROR: Cannot allocate cache entry for key=0xe27f622998a5fc01
[2166992.113948] [tempesta fw] 127.0.0.1 "default" "GET / HTTP/2.0" 200 0 "-" "ka-probe"

in the Tempesta VM, so probbly linked with #522.

[krizhanovsky]

With the VM reboot the upstream container stops receiving the keep-alive probes and I see increasing cache hits on the Tempesta FW perfstat, so I close the task as a #522 duplicate.