fix(cache): bound retained entries and expose cache stats#1371
Open
maybeknott wants to merge 3 commits into
Open
fix(cache): bound retained entries and expose cache stats#1371maybeknott wants to merge 3 commits into
maybeknott wants to merge 3 commits into
Conversation
The MITM certificate manager caches generated rustls ServerConfig instances by domain so repeated HTTPS interception does not regenerate a leaf certificate for every connection. That cache was an unbounded HashMap, so long-running sessions that touched many hostnames could retain every generated leaf configuration until process exit. Add an explicit leaf-cache capacity and maintain a small LRU order alongside the existing domain map. Cache hits refresh their eviction position, replacements remove stale order entries, and inserts evict the oldest cached domain once the configured capacity is reached. The default limit keeps hot domains reusable while preventing unbounded growth in generated certificate chains, private-key material wrapped in rustls configs, and per-domain server state. Add focused tests for capacity eviction and hit-refresh behavior using a reduced test capacity. The public MITM API, CA storage layout, generated leaf contents, ALPN settings, and certificate validity rules remain unchanged; only cache retention policy changes.
The response cache is byte-bounded and evicts from an order queue when inserting a new entry would exceed the configured capacity. Before this change, that queue only reflected insertion order: a frequently reused cached response could still be evicted ahead of colder entries if it happened to be inserted earlier. Refresh the cache order on successful, unexpired get calls. The cached bytes are cloned before mutating the order queue, the hit counter behavior is preserved, and expired entries still remove their stored bytes and order entry before recording a miss. Update the eviction regression test so it exercises true least-recently-used behavior: after warming entry a, inserting entry f evicts b rather than the recently read a. Cache size accounting, TTL parsing, cacheability rules, entry-size rejection, and the public ResponseCache API remain unchanged.
maybeknott
changed the title
Add a small read-only cache snapshot for the MITM certificate manager so callers can inspect the generated leaf certificate cache without reaching into private storage. The snapshot reports current leaf entries, configured capacity, and cumulative LRU evictions. Track leaf-cache evictions when capacity pressure removes an older generated ServerConfig. This preserves the existing bounded LRU behavior while making retention pressure measurable in tests and future diagnostics. Update the guide to describe the response cache as LRU rather than FIFO and note that generated MITM leaf configs are retained in a bounded LRU cache.
maybeknott
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This consolidates cache-retention correctness for the two in-memory caches that can grow or evict under long browsing sessions.
The response cache now refreshes recency on successful cache hits. Entries still expire by TTL and remain bounded by the configured byte budget, but a hot response is no longer evicted just because it was inserted earlier than colder entries. The existing full-cache test now asserts LRU behavior instead of FIFO behavior.
The MITM generated leaf certificate cache is now capacity-bounded with LRU eviction. Reusing a cached leaf refreshes its recency, and inserting beyond the configured capacity evicts the least-recently-used generated ServerConfig. This prevents unbounded retention when long-running browser sessions encounter many distinct HTTPS hostnames.
The MITM manager also exposes a read-only cache snapshot containing current leaf entries, capacity, and cumulative eviction count. That keeps retention pressure measurable without exposing the private cache maps directly. The guide now describes the response cache as LRU and notes that generated MITM leaf configs are held in a bounded LRU cache.
Validation:
git diff --check HEAD~1..HEADcargo test cache_stats --libcargo test leaf_cache --libcargo test least_recently_used_entry_is_evicted_when_full --lib