feat(pingora-core): expose PROXY v2 extension-TLV callback

.bleep

@@ -1 +1 @@
-f0b43320bb1a5f7788a7d0e90a804e045f0af2fb
+5281b97daa3213287999fb97c2a5de57ae565011

.cargo/audit.toml

@@ -0,0 +1,3 @@
+[advisories]
+# Temp before internal sync applies dependency bumps
+ignore = ["RUSTSEC-2026-0097", "RUSTSEC-2026-0098", "RUSTSEC-2026-0099"]

.github/workflows/build.yml

@@ -7,8 +7,10 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        # nightly, msrv, and latest stable
-        toolchain: [nightly, 1.84.0, 1.91.1]
+        # nightly, msrv, and latest stable.
+        # MSRV bumped 1.84.0 → 1.85.0 to pick up `edition = "2024"`
+        # stabilization, which `proxy-protocol >= 0.5.3` requires.
+        toolchain: [nightly, 1.85.0, 1.91.1]
     runs-on: ubuntu-latest
     # Only run on "pull_request" event for external PRs. This is to avoid
     # duplicate builds for PRs created from internal branches.
@@ -38,12 +40,17 @@ jobs:
       - name: Run cargo fmt
         run: cargo fmt --all -- --check
 
+      - name: Run cargo check
+        run: cargo check --workspace
+
       - name: Run cargo test
+        if: matrix.toolchain != '1.84.0'
         run: cargo test --verbose --lib --bins --tests --no-fail-fast
 
       # Need to run doc tests separately.
       # (https://github.com/rust-lang/cargo/issues/6669)
       - name: Run cargo doc test
+        if: matrix.toolchain != '1.84.0'
         run: cargo test --verbose --doc
 
       - name: Run cargo clippy

.github/workflows/semgrep.yml

@@ -1,24 +1,30 @@
+name: Semgrep OSS scan
 on:
   pull_request: {}
+  push:
+    branches: [main, master]
   workflow_dispatch: {}
-  push: 
-    branches:
-      - main
-      - master
   schedule:
-    - cron: '0 0 * * *'
-name: Semgrep config
+    - cron: '0 0 15 * *'
+concurrency:
+  group: semgrep-${{ github.event_name }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+permissions:
+  contents: read
 jobs:
   semgrep:
-    name: semgrep/ci
-    runs-on: ubuntu-latest
-    env:
-      SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
-      SEMGREP_URL: https://cloudflare.semgrep.dev
-      SEMGREP_APP_URL: https://cloudflare.semgrep.dev
-      SEMGREP_VERSION_CHECK_URL: https://cloudflare.semgrep.dev/api/check-version
-    container:
-      image: returntocorp/semgrep
+    name: semgrep-oss
+    runs-on: ubuntu-slim
     steps:
-      - uses: actions/checkout@v4
-      - run: semgrep ci
+      - uses: actions/checkout@v5
+        with:
+          fetch-depth: 1
+      - id: cache-semgrep
+        uses: actions/cache@v5
+        with:
+          path: ~/.local
+          key: semgrep-1.160.0-${{ runner.os }}
+      - if: steps.cache-semgrep.outputs.cache-hit != 'true'
+        run: pip install --user semgrep==1.160.0
+      - run: echo "$HOME/.local/bin" >> "$GITHUB_PATH"
+      - run: semgrep scan --config=auto

.gitignore

@@ -5,4 +5,5 @@ dhat-heap.json
 .vscode
 .idea
 .cover
-bleeper.user.toml
+bleeper.user.toml
+.DS_Store

Cargo.toml

@@ -25,6 +25,7 @@ members = [
     "pingora-ketama",
     "pingora-load-balancing",
     "pingora-memory-cache",
+    "pingora-prometheus",
     "tinyufo",
 ]
 

docs/user_guide/conf.md

@@ -23,12 +23,16 @@ group: webusers
 | threads | number of threads per service | number |
 | user | the user the pingora server should be run under after daemonization | string |
 | group | the group the pingora server should be run under after daemonization | string |
+| working_directory | the working directory for the daemonized process | string |
 | client_bind_to_ipv4 | source IPv4 addresses to bind to when connecting to server | list of string |
 | client_bind_to_ipv6 | source IPv6 addresses to bind to when connecting to server| list of string |
 | ca_file | The path to the root CA file | string |
 | s2n_config_cache_size | The maximum number of unique s2n configs to cache. A value of 0 disables the cache. Default: 10 (s2n-tls only) | number |
 | work_stealing | Enable work stealing runtime (default true). See Pingora runtime (WIP) section for more info | bool |
 | upstream_keepalive_pool_size | The number of total connections to keep in the connection pool | number |
+| daemon_wait_for_ready | When `true` and `daemon` is `true`, the parent process waits for the daemon to signal readiness (via `SIGUSR1`) before exiting. This causes systemd to delay sending `SIGQUIT` to the old process until the new instance is fully bootstrapped. Default: `false` | bool |
+| daemon_ready_timeout_seconds | How long (in seconds) the parent waits for the daemon to signal readiness when `daemon_wait_for_ready` is `true`. If the daemon does not signal in time the parent exits with a non-zero code, causing systemd to abort the reload. Default: `600` | number |
+| daemon_notify_timeout_seconds | How long (in seconds) the daemon retries sending `SIGUSR1` to the parent when the attempt fails with a permission error. This covers the brief window after the fork where the parent has not yet dropped its UID to match the daemon. Default: `60` | number |
 
 ## Extension
 Any unknown settings will be ignored. This allows extending the conf file to add and pass user defined settings. See User defined configuration section.

docs/user_guide/modify_filter.md

@@ -123,8 +123,7 @@ impl ProxyHttp for MyGateway {
 
 fn main() {
    ...
-    let mut prometheus_service_http =
-        pingora::services::listening::Service::prometheus_http_service();
+    let mut prometheus_service_http = pingora_prometheus::prometheus_http_service();
     prometheus_service_http.add_tcp("127.0.0.1:6192");
     my_server.add_service(prometheus_service_http);
 

docs/user_guide/phase.md

@@ -29,7 +29,8 @@ Pingora-proxy allows users to insert arbitrary logic into the life of a request.
     upstream_request_filter --> request_body_filter;
     request_body_filter --> SendReq{{IO: send request to upstream}};
     SendReq-->RecvResp{{IO: read response from upstream}};
-    RecvResp-->upstream_response_filter-->response_filter-->upstream_response_body_filter-->response_body_filter-->logging-->endreq("request done");
+    RecvResp-.feature: adjust_upstream_modules.->adjust_upstream_modules;
+    adjust_upstream_modules-->upstream_response_filter-->response_filter-->upstream_response_body_filter-->response_body_filter-->logging-->endreq("request done");
 
     fail_to_connect --can retry-->upstream_peer;
     fail_to_connect --can't retry-->fail_to_proxy--send error response-->logging;
@@ -92,6 +93,11 @@ If the error is not retry-able, the request will end.
 ### `upstream_request_filter()`
 This phase is to modify requests before sending to upstream.
 
+### `adjust_upstream_modules()` _(feature: `adjust_upstream_modules`)_
+This phase is triggered when the upstream response header arrives, before upstream modules (such as `upstream_compression`) process it.
+
+Use this to configure upstream module behavior based on the response header, e.g. setting a dictionary for dictionary-based content encoding. The response header is provided as an immutable reference; to modify the response header itself, use `upstream_response_filter()` instead.
+
 ### `upstream_response_filter()/upstream_response_body_filter()/upstream_response_trailer_filter()`
 This phase is triggered after an upstream response header/body/trailer is received.
 

docs/user_guide/phase_chart.md

@@ -14,7 +14,8 @@ Pingora proxy phases without caching
     upstream_request_filter --> request_body_filter;
     request_body_filter --> SendReq{{IO: send request to upstream}};
     SendReq-->RecvResp{{IO: read response from upstream}};
-    RecvResp-->upstream_response_filter-->response_filter-->upstream_response_body_filter-->response_body_filter-->logging-->endreq("request done");
+    RecvResp-.feature: adjust_upstream_modules.->adjust_upstream_modules;
+    adjust_upstream_modules-->upstream_response_filter-->response_filter-->upstream_response_body_filter-->response_body_filter-->logging-->endreq("request done");
 
     fail_to_connect --can retry-->upstream_peer;
     fail_to_connect --can't retry-->fail_to_proxy--send error response-->logging;

docs/user_guide/prom.md

@@ -1,29 +1,21 @@
 # Prometheus
 
-Pingora has a built-in prometheus HTTP metric server for scraping.
+The [`pingora-prometheus`](https://docs.rs/pingora-prometheus) crate provides a
+Prometheus HTTP metrics server for scraping.
 
-## Enabling Prometheus Support
+## Adding the Dependency
 
-Prometheus support is an optional feature in Pingora. To use it, you need to enable the `prometheus` feature in your `Cargo.toml`:
+Add `pingora-prometheus` to your `Cargo.toml`:
 
 ```toml
-# If using the main pingora crate
-pingora = { version = "0.8.0", features = ["prometheus"] }
-
-# If using pingora-core directly
-pingora-core = { version = "0.8.0", features = ["prometheus"] }
-
-# If using pingora-proxy crate
-pingora-proxy = { version = "0.8.0", features = ["prometheus"] }
+pingora-prometheus = "0.8.0"
 ```
 
 ## Setting up a Prometheus Metrics Endpoint
 
-Once the feature is enabled, you can set up a Prometheus metrics endpoint like this:
-
 ```rust
     ...
-    let mut prometheus_service_http = Service::prometheus_http_service();
+    let mut prometheus_service_http = pingora_prometheus::prometheus_http_service();
     prometheus_service_http.add_tcp("0.0.0.0:1234");
     my_server.add_service(prometheus_service_http);
     my_server.run_forever();

pingora-cache/Cargo.toml

@@ -37,8 +37,8 @@ httpdate = "1.0.2"
 log = { workspace = true }
 async-trait = { workspace = true }
 parking_lot = "0.12"
-cf-rustracing = "1.0"
-cf-rustracing-jaeger = "1.0"
+cf-rustracing = { version = "1.0", optional = true }
+cf-rustracing-jaeger = { version = "1.0", optional = true }
 rmp = "0.8.14"
 tokio = { workspace = true }
 lru = { workspace = true }
@@ -49,6 +49,8 @@ strum = { version = "0.26", features = ["derive"] }
 rand = "0.8"
 
 [dev-dependencies]
+cf-rustracing = "1.0"
+cf-rustracing-jaeger = "1.0"
 tokio-test = "0.4"
 tokio = { workspace = true, features = ["fs"] }
 env_logger = "0.11"
@@ -73,3 +75,4 @@ openssl = ["pingora-core/openssl"]
 boringssl = ["pingora-core/boringssl"]
 rustls = ["pingora-core/rustls"]
 s2n = ["pingora-core/s2n"]
+trace = ["dep:cf-rustracing", "dep:cf-rustracing-jaeger"]