admin: Handle connections that fail protocol detection (#960)

olix0r · web-flow · commit 110e9bea59ed · 2021-03-30T10:43:39.000-07:00
The HTTP detect module may fail to detect an HTTP protocol if the first read does not return at least 14 bytes. This has caused spurious failures as described in linkerd/linkerd2#5672. This change updates the admin server's protocol detection to handle these connections as HTTP/1 so that the HTTP server can try to process them and fail on its own if the connection really is not HTTP.
diff --git a/linkerd/app/src/admin.rs b/linkerd/app/src/admin.rs
@@ -13,8 +13,9 @@ use crate::{
     inbound::target::{HttpAccept, Target, TcpAccept},
     svc,
 };
-use std::{fmt, net::SocketAddr, pin::Pin, time::Duration};
+use std::{net::SocketAddr, pin::Pin, time::Duration};
 use tokio::sync::mpsc;
+use tracing::debug;
 
 #[derive(Clone, Debug)]
 pub struct Config {
@@ -28,9 +29,6 @@ pub struct Admin {
     pub serve: Pin<Box<dyn std::future::Future<Output = ()> + Send + 'static>>,
 }
 
-#[derive(Debug, Default)]
-pub struct AdminHttpOnly(());
-
 // === impl Config ===
 
 impl Config {
@@ -62,15 +60,17 @@ impl Config {
             )
             .push_map_target(Target::from)
             .push(http::NewServeHttp::layer(Default::default(), drain.clone()))
-            .push(svc::Filter::<TcpAccept, _>::layer(
+            .push_map_target(
                 |(version, tcp): (Result<Option<http::Version>, detect::DetectTimeout<_>>, _)| {
                     match version {
-                        Ok(Some(version)) => Ok(HttpAccept::from((version, tcp))),
-                        Ok(None) => Err(Error::from(AdminHttpOnly(()))),
-                        Err(timeout) => Err(Error::from(timeout)),
+                        Ok(Some(version)) => HttpAccept::from((version, tcp)),
+                        Ok(None) | Err(_) => {
+                            debug!("Failed to parse HTTP request; handling as HTTP/1");
+                            HttpAccept::from((http::Version::Http1, tcp))
+                        }
                     }
                 },
-            ))
+            )
             .push(detect::NewDetectService::layer(
                 DETECT_TIMEOUT,
                 http::DetectHttp::default(),
@@ -89,13 +89,3 @@ impl Config {
         })
     }
 }
-
-// === impl AdminHttpOnly ===
-
-impl fmt::Display for AdminHttpOnly {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        f.pad("proxy admin server is HTTP-only")
-    }
-}
-
-impl std::error::Error for AdminHttpOnly {}
