Three findings against the ASGI PROXY protocol path:
- High: an untrusted peer could send a PROXY v1/v2 header and have the
client address surfaced to the app. _setup_callback_parser now passes
proxy_protocol='off' to the parser when the peer is not in
proxy_allow_ips. _effective_peername adds a defensive re-check.
- Medium: PROXY v1 TCP4/TCP6 addresses were copied as strings without
validation. Validate with socket.inet_pton, mirroring the WSGI parser.
- Medium: PROXY v2 quietly mapped non-STREAM (DGRAM) protocols to
UDP4/UDP6. gunicorn is an HTTP server; reject non-STREAM with
InvalidProxyHeader, mirroring the WSGI parser.
- WSGI fast parser now applies the same per-header policy as the Python
parser (Expect, secure_scheme_headers, forwarded_allow_ips trust gate,
forwarder_headers / header_map). Shared helpers extracted on Message.
- ASGI keepalive no longer resets the parser when the previous request
body was not fully framed; the connection closes instead, preventing
request smuggling on pipelined connections.
- BodyReceiver._wait_for_data timeout flips _closed and yields
http.disconnect rather than synthesizing more_body=False. Timeout
honors cfg.timeout.
- ASGI chunked encoding now skips HEAD, 204, and 304 (matches
Response.is_chunked in the WSGI path) via a small helper.
- _setup_callback_parser passes proxy_protocol to PythonProtocol; auto
falls back to the Python parser when proxy_protocol != off (the C
parser does not implement PROXY framing). _effective_peername swaps
the transport peer with the PROXY-supplied client address.
- Parser.finish_body accepts a deadline and a 64KiB byte cap; gthread
passes a deadline and abandons keepalive on incomplete drain so a
stalled client cannot tie up a worker thread.
- Fix body receiver timeout handling to prevent infinite loops
- Add WebSocket data forwarding via callbacks instead of StreamReader
- Fix HTTP/2 stream race condition where DATA frames arrive before first read
- Update WebSocketProtocol constructor (removed reader parameter)
Wire HttpParser to ASGI hot path, replacing AsyncRequest.parse() with
direct buffer-based parsing. Add FastAsyncRequest wrapper for body
reading. Replace per-request Queue/Task with BodyReceiver for on-demand
body reading. Keep headers as bytes end-to-end to avoid conversion
overhead. Add backpressure control and keepalive timer. Cache response
status lines and Date header.
Benchmark shows 3x improvement: ~875K req/s for simple GET (was ~340K).
Add a new ASGI worker type that provides native async support using
gunicorn's own HTTP parsing infrastructure adapted for asyncio.
Features:
- HTTP/1.1 with keepalive support
- WebSocket connections (RFC 6455)
- ASGI lifespan protocol for startup/shutdown hooks
- Optional uvloop support for improved performance
- Full proxy protocol support (inherited from gunicorn)
New configuration options:
- --asgi-loop: Event loop selection (auto/asyncio/uvloop)
- --asgi-lifespan: Lifespan protocol control (auto/on/off)
- --root-path: ASGI root path for reverse proxy setups
Usage: gunicorn -k asgi myapp:app