Skip to content

inbound: Apply loop detection on the connect stack#660

Merged
olix0r merged 1 commit intomainfrom
ver/admit-gateway
Sep 18, 2020
Merged

inbound: Apply loop detection on the connect stack#660
olix0r merged 1 commit intomainfrom
ver/admit-gateway

Conversation

@olix0r
Copy link
Member

@olix0r olix0r commented Sep 18, 2020

a233e1a altered the accept stack so that both TCP and HTTP stacks are
instantiated prior to performing detection on a socket. This will allow
us to cache these stacks for each destination.

However, this eager binding broke the gateway fallback logic, since the
TCP stack's failure invalidated the HTTP stacks' fallback to the
gateway.

This change moves loop detection onto the TCP connection stack so this
eager binding does not fail.

Fixes linkerd/linkerd2#4943

@olix0r
inbound: Apply loop detection on the connect stack
615e3ef 
a233e1a altered the accept stack so that both TCP and HTTP stacks are
instantiated prior to performing detection on a socket. This will allow
us to cache these stacks for each destination.

However, this eager binding broke the gateway fallback logic, since the
TCP stack's failure invalidated the HTTP stacks' fallback to the
gateway.

This change moves loop detection onto the TCP connection stack so this
eager binding does not fail.

Fixes linkerd/linkerd2#4943
@olix0r olix0r requested a review from a team September 18, 2020 03:33
kleimkuhler
kleimkuhler approved these changes Sep 18, 2020
View reviewed changes
Copy link
Contributor

@kleimkuhler kleimkuhler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

olix0r added a commit that referenced this pull request Sep 18, 2020
@olix0r
inbound: Split HTTP detection stack from TLS
869bba6 
The DetectTls module only operates on `TcpStream`s (because it uses the
`TcpStream::peek` api); but this complicates writing tests on the HTTP
stack to validate changes like #660.

This change decouples these accept stacks so that they can be tested
more easily.
@olix0r olix0r mentioned this pull request Sep 18, 2020
Merged
@olix0r olix0r merged commit 308a730 into main Sep 18, 2020
@olix0r olix0r deleted the ver/admit-gateway branch September 18, 2020 18:56
olix0r added a commit that referenced this pull request Sep 18, 2020
@olix0r
inbound: Split HTTP detection stack from TLS (#664)
d5c10bd 
The `DetectTls` module only operates on `TcpStream`s (because it uses
the `TcpStream::peek` api); but this complicates writing tests on the HTTP
stack to validate changes like #660.

This change decouples these accept stacks so that they can be tested
more easily.
olix0r added a commit to linkerd/linkerd2 that referenced this pull request Sep 18, 2020
@olix0r
proxy: v2.110.0
7305cdd 
This release fixes a recent regression in multicluster gateway
configurations that would forbid inbound gateway traffic. It also fixes
URI normalization for orig-proto-upgrade requests that do not include a
`Host` header.

---

* http: Simplify stacks and target types (linkerd/linkerd2-proxy#656)
* Make SkipDetect more generic as stack::MakeSwitch (linkerd/linkerd2-proxy#657)
* introduce tests for isolated services (linkerd/linkerd2-proxy#655)
* http: Put normalize_uri back on the stack (linkerd/linkerd2-proxy#659)
* inbound: Apply loop detection on the connect stack (linkerd/linkerd2-proxy#660)
* tracing: Elide redundant info in tracing contexts (linkerd/linkerd2-proxy#661)
* outbound: Reorganize outbound stacks (linkerd/linkerd2-proxy#662)
* app: Decouple stacks from listeners (linkerd/linkerd2-proxy#663)
* inbound: Split HTTP detection stack from TLS (linkerd/linkerd2-proxy#664)
* integration: Bundle tests in src (linkerd/linkerd2-proxy#665)
@olix0r olix0r mentioned this pull request Sep 18, 2020
Merged
olix0r added a commit to linkerd/linkerd2 that referenced this pull request Sep 19, 2020
@olix0r
proxy: v2.110.0 (#4987)
d98c11b 
This release fixes a recent regression in multicluster gateway
configurations that would forbid inbound gateway traffic. It also fixes
URI normalization for orig-proto-upgrade requests that do not include a
`Host` header.

---

* http: Simplify stacks and target types (linkerd/linkerd2-proxy#656)
* Make SkipDetect more generic as stack::MakeSwitch (linkerd/linkerd2-proxy#657)
* introduce tests for isolated services (linkerd/linkerd2-proxy#655)
* http: Put normalize_uri back on the stack (linkerd/linkerd2-proxy#659)
* inbound: Apply loop detection on the connect stack (linkerd/linkerd2-proxy#660)
* tracing: Elide redundant info in tracing contexts (linkerd/linkerd2-proxy#661)
* outbound: Reorganize outbound stacks (linkerd/linkerd2-proxy#662)
* app: Decouple stacks from listeners (linkerd/linkerd2-proxy#663)
* inbound: Split HTTP detection stack from TLS (linkerd/linkerd2-proxy#664)
* integration: Bundle tests in src (linkerd/linkerd2-proxy#665)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@kleimkuhler kleimkuhler kleimkuhler approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Multicluster check failed with custom Prometheus

2 participants

@olix0r @kleimkuhler