Support a l5d-proxy-connection: close header#1281
Merged
Conversation
In 6cf1b28, we updated the outbound proxy to automatically teardown connections when the peer proxy sets the `l5d-proxy-error` response header; but this header may be set in some situations when disconnecting isn't appropriate and will only generate more load on the system. This change introduces a `l5d-proxy-connection` header (like the `connection` and `proxy-connection` headers) that the proxy can use to signal that the proxied connection should be closed, independently of the informational `l5d-proxy-error` message. Some TODOs have been marked for followup improvements.
olix0r
changed the title
l5d-proxy-connection: close header
hawkw
approved these changes
Sep 21, 2021
Contributor
hawkw
left a comment
hawkw
left a comment
There was a problem hiding this comment.
looks good to me (assuming there'll be some follow-ups for the TODO comments)
Comment on lines
+88
to
+89
| if let Some(proxy_conn) = rsp.headers().get(L5D_PROXY_CONNECTION) { | ||
| if proxy_conn == "close" { |
Contributor
There was a problem hiding this comment.
nit: I think this could just be
Suggested change
| if let Some(proxy_conn) = rsp.headers().get(L5D_PROXY_CONNECTION) { | |
| if proxy_conn == "close" { | |
| if let Some("close") = rsp.headers().get(L5D_PROXY_CONNECTION) { |
Member
Author
There was a problem hiding this comment.
Unfortunately not.
--> linkerd/app/outbound/src/http/proxy_connection_close.rs:88:29
|
88 | if Some("close") == rsp.headers().get(L5D_PROXY_CONNECTION) {
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expected `str`, found struct `http::HeaderValue`
|
= note: expected enum `std::option::Option<&str>`
found enum `std::option::Option<&http::HeaderValue>`
HeaderValue impls PartialEq<str>; but I assume that Option<T> doesn't impl PartialEq<Option<U>> where T: PartialEq<U>
Member
Author
There was a problem hiding this comment.
olix0r
added a commit
to linkerd/linkerd2
that referenced
this pull request
Sep 23, 2021
This release improves the proxy's error handling, introducing a new `l5d-proxy-connection` header to signal from an inbound proxy when its peers outbound connections should be torn down. Furthermore, error handling has been improved so that the `l5d-proxy-error` header is only sent to trusted peers--the inbound proxy only emits this header when its client is meshed; and the outbound proxy can be configured to disable these headers via configuration. --- * build(deps): bump hyper from 0.14.12 to 0.14.13 (linkerd/linkerd2-proxy#1273) * build(deps): bump tracing-subscriber from 0.2.22 to 0.2.23 (linkerd/linkerd2-proxy#1274) * tracing: use `Span::or_current` when spawning tasks (linkerd/linkerd2-proxy#1272) * dns: Log TTL with resolution (linkerd/linkerd2-proxy#1275) * error-respond: Support stack target configuration (linkerd/linkerd2-proxy#1276) * build(deps): bump tracing-subscriber from 0.2.23 to 0.2.24 (linkerd/linkerd2-proxy#1277) * build(deps): bump tracing from 0.1.27 to 0.1.28 (linkerd/linkerd2-proxy#1278) * build(deps): bump tokio from 1.11.0 to 1.12.0 (linkerd/linkerd2-proxy#1279) * build(deps): bump http from 0.2.4 to 0.2.5 (linkerd/linkerd2-proxy#1280) * Support a `l5d-proxy-connection: close` header (linkerd/linkerd2-proxy#1281) * Avoid emitting informational headers to untrusted clients (linkerd/linkerd2-proxy#1282) * outbound: Only honor the `l5d-proxy-connection` header when meshed (linkerd/linkerd2-proxy#1283) * outbound: Disable informational headers by config (linkerd/linkerd2-proxy#1284) * outbound: Strip peer-sent `l5d-proxy-error` headers (linkerd/linkerd2-proxy#1285)
alpeb
pushed a commit
to linkerd/linkerd2
that referenced
this pull request
Sep 23, 2021
This release improves the proxy's error handling, introducing a new `l5d-proxy-connection` header to signal from an inbound proxy when its peers outbound connections should be torn down. Furthermore, error handling has been improved so that the `l5d-proxy-error` header is only sent to trusted peers--the inbound proxy only emits this header when its client is meshed; and the outbound proxy can be configured to disable these headers via configuration. --- * build(deps): bump hyper from 0.14.12 to 0.14.13 (linkerd/linkerd2-proxy#1273) * build(deps): bump tracing-subscriber from 0.2.22 to 0.2.23 (linkerd/linkerd2-proxy#1274) * tracing: use `Span::or_current` when spawning tasks (linkerd/linkerd2-proxy#1272) * dns: Log TTL with resolution (linkerd/linkerd2-proxy#1275) * error-respond: Support stack target configuration (linkerd/linkerd2-proxy#1276) * build(deps): bump tracing-subscriber from 0.2.23 to 0.2.24 (linkerd/linkerd2-proxy#1277) * build(deps): bump tracing from 0.1.27 to 0.1.28 (linkerd/linkerd2-proxy#1278) * build(deps): bump tokio from 1.11.0 to 1.12.0 (linkerd/linkerd2-proxy#1279) * build(deps): bump http from 0.2.4 to 0.2.5 (linkerd/linkerd2-proxy#1280) * Support a `l5d-proxy-connection: close` header (linkerd/linkerd2-proxy#1281) * Avoid emitting informational headers to untrusted clients (linkerd/linkerd2-proxy#1282) * outbound: Only honor the `l5d-proxy-connection` header when meshed (linkerd/linkerd2-proxy#1283) * outbound: Disable informational headers by config (linkerd/linkerd2-proxy#1284) * outbound: Strip peer-sent `l5d-proxy-error` headers (linkerd/linkerd2-proxy#1285)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In 6cf1b28, we updated the outbound proxy to automatically teardown
connections when the peer proxy sets the
l5d-proxy-errorresponseheader; but this header may be set in some situations when disconnecting
isn't appropriate and will only generate more load on the system.
This change introduces a
l5d-proxy-connectionheader (like theconnectionandproxy-connectionheaders) that the proxy can use tosignal that the proxied connection should be closed, independently of
the informational
l5d-proxy-errormessage.Some TODOs have been marked for followup improvements.