Skip to content

orig_proto: don't set connection: close on errors #2171

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
hawkw merged 4 commits into from
Jan 20, 2023
Merged

orig_proto: don't set connection: close on errors #2171

hawkw merged 4 commits into from
Jan 20, 2023

Conversation

@hawkw
Copy link
Contributor

@hawkw hawkw commented Jan 19, 2023
edited
Loading

When the inbound proxy's ClientRescue layer sees a client connection
error for a connection initiated for an HTTP/1 request, it will add a
connection: close header to the synthesized error response. The
ClientRescue layer is not currently aware of whether an HTTP/1 request
was recieved from an upstream proxy as part of an orig-proto upgrade or
not. If the request is part of an orig-proto upgrade, the server side
of the inbound proxy is an HTTP/2 server. When Hyper's HTTP/2 server
sees a response with a connection: close header, it emits a warning,
because connection headers are illegal in HTTP/2.

The inbound proxy does strip any headers set by the server that are
illegal in HTTP/2 when performing an orig-proto downgrade. However, this
stripping occurs only when handling a response received from the server
peer, and not on synthesized error responses generated by the proxy.
Therefore, if a connection-level error occurs on a downgraded request,
the inbound proxy will log an illegal header warning. This can be
confusing to users, as this is not the actual root cause of the error
(see linkerd/linkerd2#10090).

This branch changes the ErrorRespond middleware to only add
connection: close to synthesized HTTP/1 responses that are not part
of an orig-proto downgrade. This is accomplished by adding a request
extension which is set in the orig_proto::Downgrade layer indicating
that a request was downgraded to the original protocol. The
connection: close header is now only added if the downgrade marker
extension is not present, and the warning is now no longer logged.

Fixes linkerd/linkerd2#10090

@hawkw hawkw requested a review from a team as a code owner January 19, 2023 19:53
@hawkw hawkw merged commit 09cdcdf into main Jan 20, 2023
@hawkw hawkw deleted the eliza/connection-close branch January 20, 2023 17:07
olix0r added a commit to linkerd/linkerd2 that referenced this pull request Feb 16, 2023
@olix0r
proxy: v2.190.0
75b75f8 
This release includes many internal changes to prepare for the new
client policy API. Stack metric label values have changed to reflect the
new shape of the outbound proxy.

---

* build(deps): bump try-lock from 0.2.3 to 0.2.4 (linkerd/linkerd2-proxy#2139)
* build(deps): bump regex from 1.7.0 to 1.7.1 (linkerd/linkerd2-proxy#2145)
* build(deps): bump tokio from 1.24.0 to 1.24.1 (linkerd/linkerd2-proxy#2144)
* Parameterize the load balancer stack (linkerd/linkerd2-proxy#2142)
* build(deps): bump prost-types from 0.11.5 to 0.11.6 (linkerd/linkerd2-proxy#2147)
* build(deps): bump prost from 0.11.5 to 0.11.6 (linkerd/linkerd2-proxy#2148)
* build(deps): bump prost-build from 0.11.5 to 0.11.6 (linkerd/linkerd2-proxy#2149)
* stack: add `AnnotateError` middleware (linkerd/linkerd2-proxy#2158)
* Fix proxy-core dependencies (linkerd/linkerd2-proxy#2163)
* build(deps): bump tj-actions/changed-files from 35.3.1 to 35.4.1 (linkerd/linkerd2-proxy#2153)
* orig_proto: don't set `connection: close` on errors (linkerd/linkerd2-proxy#2171)
* build(deps): bump bumpalo from 3.11.1 to 3.12.0 (linkerd/linkerd2-proxy#2166)
* build(deps): bump proc-macro2 from 1.0.49 to 1.0.50 (linkerd/linkerd2-proxy#2165)
* build(deps): bump tj-actions/changed-files from 35.4.1 to 35.4.4 (linkerd/linkerd2-proxy#2172)
* build(deps): bump windows_x86_64_msvc from 0.42.0 to 0.42.1 (linkerd/linkerd2-proxy#2164)
* configure buffers from target `Param`s (linkerd/linkerd2-proxy#2173)
* Simplify profile discovery (linkerd/linkerd2-proxy#2170)
* stack: Unify AnnotateError and MapErr (linkerd/linkerd2-proxy#2180)
* build(deps): bump windows_aarch64_msvc from 0.42.0 to 0.42.1 (linkerd/linkerd2-proxy#2176)
* build(deps): bump async-trait from 0.1.61 to 0.1.63 (linkerd/linkerd2-proxy#2177)
* build(deps): bump tokio from 1.24.1 to 1.24.2 (linkerd/linkerd2-proxy#2178)
* Add the `meshtls-boring-fips` feature flag (linkerd/linkerd2-proxy#2168)
* Update HTTP error responder to log version info (linkerd/linkerd2-proxy#2182)
* build(deps): bump which from 4.3.0 to 4.4.0 (linkerd/linkerd2-proxy#2185)
* build(deps): bump derive_arbitrary from 1.2.2 to 1.2.3 (linkerd/linkerd2-proxy#2184)
* build(deps): bump unicode-bidi from 0.3.8 to 0.3.10 (linkerd/linkerd2-proxy#2183)
* build(deps): bump linkerd/dev from 38 to 39 (linkerd/linkerd2-proxy#2175)
* add target metadata to error contexts (linkerd/linkerd2-proxy#2162)
* build(deps): bump rustls from 0.20.7 to 0.20.8 (linkerd/linkerd2-proxy#2187)
* build(deps): bump ahash from 0.8.2 to 0.8.3 (linkerd/linkerd2-proxy#2188)
* build(deps): bump matches from 0.1.9 to 0.1.10 (linkerd/linkerd2-proxy#2189)
* Rename MakeThunk to NewThunk (linkerd/linkerd2-proxy#2197)
* Add `NewQueueWithoutTimeout` (linkerd/linkerd2-proxy#2196)
* Cache discovery results independently of proxy stacks  (linkerd/linkerd2-proxy#2195)
* core: Rename Stack utilities for clarity (linkerd/linkerd2-proxy#2199)
* gateway: Unify discovery for HTTP & opaque stacks (linkerd/linkerd2-proxy#2198)
* build(deps): bump libfuzzer-sys from 0.4.5 to 0.4.6 (linkerd/linkerd2-proxy#2193)
* build(deps): bump arbitrary from 1.2.2 to 1.2.3 (linkerd/linkerd2-proxy#2191)
* http: Remove `Clone` requirement in servers (linkerd/linkerd2-proxy#2200)
* build(deps): bump either from 1.8.0 to 1.8.1 (linkerd/linkerd2-proxy#2192)
* build(deps): bump bytes from 1.3.0 to 1.4.0 (linkerd/linkerd2-proxy#2202)
* build(deps): bump cc from 1.0.78 to 1.0.79 (linkerd/linkerd2-proxy#2203)
* build(deps): bump tj-actions/changed-files from 35.4.4 to 35.5.1 (linkerd/linkerd2-proxy#2211)
* build(deps): bump tokio from 1.24.2 to 1.25.0 (linkerd/linkerd2-proxy#2206)
* build(deps): bump miniz_oxide from 0.6.2 to 0.6.4 (linkerd/linkerd2-proxy#2207)
* build(deps): bump async-trait from 0.1.63 to 0.1.64 (linkerd/linkerd2-proxy#2205)
* Split outbound test modules into files (linkerd/linkerd2-proxy#2213)
* Disable broken tests (linkerd/linkerd2-proxy#2214)
* Add traceparent header parsing for w3c tracecontext (linkerd/linkerd2-proxy#2179)
* Simplify the `Resolve` trait alias (linkerd/linkerd2-proxy#2218)
* downgrade `miniz_oxide` from yanked 0.6.4 to 0.6.2 (linkerd/linkerd2-proxy#2219)
* build(deps): bump heck from 0.4.0 to 0.4.1 (linkerd/linkerd2-proxy#2215)
* ci: Fix check-each workflow (linkerd/linkerd2-proxy#2222)
* Use a cascading stack with protocol detection (linkerd/linkerd2-proxy#2221)
* ci: Fix quotation in list-crates (linkerd/linkerd2-proxy#2225)
* outbound: Split out separate 'opaq' modules (linkerd/linkerd2-proxy#2224)
* Update `linkerd2-proxy-api` to v0.8.0 (linkerd/linkerd2-proxy#2223)
* outbound: Lint stack target types (linkerd/linkerd2-proxy#2226)
* outbound: Split sidecar and ingress stack modules (linkerd/linkerd2-proxy#2227)
* gateway: Split 'http' and 'opaq' modules (linkerd/linkerd2-proxy#2230)
* test: Disable tap::rejects_incorrect_identity_when_identity_is_expected (linkerd/linkerd2-proxy#2231)
* outbound: Improve discovery cache test (linkerd/linkerd2-proxy#2233)
* integration: add destination update builders (linkerd/linkerd2-proxy#2232)
* Rename linkerd-server-policy to linkerd-proxy-server-policy (linkerd/linkerd2-proxy#2235)
* integration: add test for direct HTTP connections (linkerd/linkerd2-proxy#2234)
* outbound: Refactor stack target types (linkerd/linkerd2-proxy#2210)
* Add client-policy types (linkerd/linkerd2-proxy#2236)

Signed-off-by: Oliver Gould <[email protected]>
@olix0r olix0r mentioned this pull request Feb 16, 2023
Merged
olix0r added a commit to linkerd/linkerd2 that referenced this pull request Feb 17, 2023
@olix0r
proxy: v2.190.1 (#10342)
16d648d 
This release includes many internal changes to prepare for the new
client policy API. Stack metric label values have changed to reflect the
new shape of the outbound proxy.

This change also includes some test improvements that helped debug an
issue while merging this.

---

* build(deps): bump try-lock from 0.2.3 to 0.2.4 (linkerd/linkerd2-proxy#2139)
* build(deps): bump regex from 1.7.0 to 1.7.1 (linkerd/linkerd2-proxy#2145)
* build(deps): bump tokio from 1.24.0 to 1.24.1 (linkerd/linkerd2-proxy#2144)
* Parameterize the load balancer stack (linkerd/linkerd2-proxy#2142)
* build(deps): bump prost-types from 0.11.5 to 0.11.6 (linkerd/linkerd2-proxy#2147)
* build(deps): bump prost from 0.11.5 to 0.11.6 (linkerd/linkerd2-proxy#2148)
* build(deps): bump prost-build from 0.11.5 to 0.11.6 (linkerd/linkerd2-proxy#2149)
* stack: add `AnnotateError` middleware (linkerd/linkerd2-proxy#2158)
* Fix proxy-core dependencies (linkerd/linkerd2-proxy#2163)
* build(deps): bump tj-actions/changed-files from 35.3.1 to 35.4.1 (linkerd/linkerd2-proxy#2153)
* orig_proto: don't set `connection: close` on errors (linkerd/linkerd2-proxy#2171)
* build(deps): bump bumpalo from 3.11.1 to 3.12.0 (linkerd/linkerd2-proxy#2166)
* build(deps): bump proc-macro2 from 1.0.49 to 1.0.50 (linkerd/linkerd2-proxy#2165)
* build(deps): bump tj-actions/changed-files from 35.4.1 to 35.4.4 (linkerd/linkerd2-proxy#2172)
* build(deps): bump windows_x86_64_msvc from 0.42.0 to 0.42.1 (linkerd/linkerd2-proxy#2164)
* configure buffers from target `Param`s (linkerd/linkerd2-proxy#2173)
* Simplify profile discovery (linkerd/linkerd2-proxy#2170)
* stack: Unify AnnotateError and MapErr (linkerd/linkerd2-proxy#2180)
* build(deps): bump windows_aarch64_msvc from 0.42.0 to 0.42.1 (linkerd/linkerd2-proxy#2176)
* build(deps): bump async-trait from 0.1.61 to 0.1.63 (linkerd/linkerd2-proxy#2177)
* build(deps): bump tokio from 1.24.1 to 1.24.2 (linkerd/linkerd2-proxy#2178)
* Add the `meshtls-boring-fips` feature flag (linkerd/linkerd2-proxy#2168)
* Update HTTP error responder to log version info (linkerd/linkerd2-proxy#2182)
* build(deps): bump which from 4.3.0 to 4.4.0 (linkerd/linkerd2-proxy#2185)
* build(deps): bump derive_arbitrary from 1.2.2 to 1.2.3 (linkerd/linkerd2-proxy#2184)
* build(deps): bump unicode-bidi from 0.3.8 to 0.3.10 (linkerd/linkerd2-proxy#2183)
* build(deps): bump linkerd/dev from 38 to 39 (linkerd/linkerd2-proxy#2175)
* add target metadata to error contexts (linkerd/linkerd2-proxy#2162)
* build(deps): bump rustls from 0.20.7 to 0.20.8 (linkerd/linkerd2-proxy#2187)
* build(deps): bump ahash from 0.8.2 to 0.8.3 (linkerd/linkerd2-proxy#2188)
* build(deps): bump matches from 0.1.9 to 0.1.10 (linkerd/linkerd2-proxy#2189)
* Rename MakeThunk to NewThunk (linkerd/linkerd2-proxy#2197)
* Add `NewQueueWithoutTimeout` (linkerd/linkerd2-proxy#2196)
* Cache discovery results independently of proxy stacks  (linkerd/linkerd2-proxy#2195)
* core: Rename Stack utilities for clarity (linkerd/linkerd2-proxy#2199)
* gateway: Unify discovery for HTTP & opaque stacks (linkerd/linkerd2-proxy#2198)
* build(deps): bump libfuzzer-sys from 0.4.5 to 0.4.6 (linkerd/linkerd2-proxy#2193)
* build(deps): bump arbitrary from 1.2.2 to 1.2.3 (linkerd/linkerd2-proxy#2191)
* http: Remove `Clone` requirement in servers (linkerd/linkerd2-proxy#2200)
* build(deps): bump either from 1.8.0 to 1.8.1 (linkerd/linkerd2-proxy#2192)
* build(deps): bump bytes from 1.3.0 to 1.4.0 (linkerd/linkerd2-proxy#2202)
* build(deps): bump cc from 1.0.78 to 1.0.79 (linkerd/linkerd2-proxy#2203)
* build(deps): bump tj-actions/changed-files from 35.4.4 to 35.5.1 (linkerd/linkerd2-proxy#2211)
* build(deps): bump tokio from 1.24.2 to 1.25.0 (linkerd/linkerd2-proxy#2206)
* build(deps): bump miniz_oxide from 0.6.2 to 0.6.4 (linkerd/linkerd2-proxy#2207)
* build(deps): bump async-trait from 0.1.63 to 0.1.64 (linkerd/linkerd2-proxy#2205)
* Split outbound test modules into files (linkerd/linkerd2-proxy#2213)
* Disable broken tests (linkerd/linkerd2-proxy#2214)
* Add traceparent header parsing for w3c tracecontext (linkerd/linkerd2-proxy#2179)
* Simplify the `Resolve` trait alias (linkerd/linkerd2-proxy#2218)
* downgrade `miniz_oxide` from yanked 0.6.4 to 0.6.2 (linkerd/linkerd2-proxy#2219)
* build(deps): bump heck from 0.4.0 to 0.4.1 (linkerd/linkerd2-proxy#2215)
* ci: Fix check-each workflow (linkerd/linkerd2-proxy#2222)
* Use a cascading stack with protocol detection (linkerd/linkerd2-proxy#2221)
* ci: Fix quotation in list-crates (linkerd/linkerd2-proxy#2225)
* outbound: Split out separate 'opaq' modules (linkerd/linkerd2-proxy#2224)
* Update `linkerd2-proxy-api` to v0.8.0 (linkerd/linkerd2-proxy#2223)
* outbound: Lint stack target types (linkerd/linkerd2-proxy#2226)
* outbound: Split sidecar and ingress stack modules (linkerd/linkerd2-proxy#2227)
* gateway: Split 'http' and 'opaq' modules (linkerd/linkerd2-proxy#2230)
* test: Disable tap::rejects_incorrect_identity_when_identity_is_expected (linkerd/linkerd2-proxy#2231)
* outbound: Improve discovery cache test (linkerd/linkerd2-proxy#2233)
* integration: add destination update builders (linkerd/linkerd2-proxy#2232)
* Rename linkerd-server-policy to linkerd-proxy-server-policy (linkerd/linkerd2-proxy#2235)
* integration: add test for direct HTTP connections (linkerd/linkerd2-proxy#2234)
* outbound: Refactor stack target types (linkerd/linkerd2-proxy#2210)
* Add client-policy types (linkerd/linkerd2-proxy#2236)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@olix0r olix0r olix0r approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Connection header illegal in HTTP/2: connection

3 participants

@hawkw @olix0r