Avoid boxing I/O types for optional TLS (#817)

Our tls client and server currently box the underlying I/O types so that
TcpStreams and TlsStreams can be returned and used interchangeably.

This change introduces a new `EitherIo` type that implements
`AsyncRead`, `AsyncWrite`, and `PeerAddr` to replace uses of `BoxedIo`
in the data path.

Author: olix0r

linkerd/app/core/src/admin/mod.rs

@@ -36,7 +36,7 @@ pub struct Admin<M> {
 pub struct Accept<M>(Admin<M>, hyper::server::conn::Http);
 
 #[derive(Clone)]
-pub struct Serve<M: FmtMetrics>(tls::accept::Meta, Accept<M>);
+pub struct Serve<M>(tls::accept::Meta, Accept<M>);
 
 pub type ResponseFuture =
     Pin<Box<dyn Future<Output = Result<Response<Body>, Never>> + Send + 'static>>;
@@ -199,15 +199,19 @@ impl<M: FmtMetrics> tower::Service<http::Request<Body>> for Admin<M> {
     }
 }
 
-impl<M: FmtMetrics + Clone + Send + 'static> svc::NewService<tls::accept::Meta> for Accept<M> {
+impl<M: Clone> svc::NewService<tls::accept::Meta> for Accept<M> {
     type Service = Serve<M>;
 
     fn new_service(&mut self, meta: tls::accept::Meta) -> Self::Service {
         Serve(meta, self.clone())
     }
 }
 
-impl<M: FmtMetrics + Clone + Send + 'static> svc::Service<io::BoxedIo> for Serve<M> {
+impl<I, M> svc::Service<I> for Serve<M>
+where
+    I: io::AsyncRead + io::AsyncWrite + Send + Unpin + 'static,
+    M: FmtMetrics + Clone + Send + 'static,
+{
     type Response = ();
     type Error = Error;
     type Future = Pin<Box<dyn Future<Output = Result<(), Error>> + Send + 'static>>;
@@ -216,7 +220,7 @@ impl<M: FmtMetrics + Clone + Send + 'static> svc::Service<io::BoxedIo> for Serve
         Poll::Ready(Ok(()))
     }
 
-    fn call(&mut self, io: io::BoxedIo) -> Self::Future {
+    fn call(&mut self, io: I) -> Self::Future {
         let Self(ref meta, Accept(ref svc, ref server)) = self;
 
         // Since the `/proxy-log-level` controls access based on the

linkerd/app/inbound/src/lib.rs

@@ -396,7 +396,7 @@ impl Config {
     > + Clone
     where
         D: svc::NewService<TcpAccept, Service = DSvc> + Clone + Send + 'static,
-        DSvc: svc::Service<SensorIo<io::BoxedIo>, Response = ()> + Send + 'static,
+        DSvc: svc::Service<SensorIo<tls::accept::Io>, Response = ()> + Send + 'static,
         DSvc::Error: Into<Error>,
         DSvc::Future: Send,
         F: svc::NewService<TcpEndpoint, Service = FSvc> + Clone + 'static,

linkerd/app/src/tap.rs

@@ -5,7 +5,7 @@ use linkerd2_app_core::{
     drain,
     proxy::{identity, tap},
     serve,
-    transport::{io, tls},
+    transport::tls,
     Error,
 };
 use std::{net::SocketAddr, pin::Pin};
@@ -55,7 +55,7 @@ impl Config {
                     identity,
                     move |meta: tls::accept::Meta| {
                         let service = service.clone();
-                        service_fn(move |io: io::BoxedIo| {
+                        service_fn(move |io| {
                             let fut = service.clone().oneshot((meta.clone(), io));
                             Box::pin(async move {
                                 fut.err_into::<Error>().await?.err_into::<Error>().await

linkerd/io/src/either.rs

@@ -0,0 +1,76 @@
+use super::{AsyncRead, AsyncWrite, IoSlice, PeerAddr, Poll, ReadBuf, Result};
+use pin_project::pin_project;
+use std::{pin::Pin, task::Context};
+
+#[pin_project(project = EitherIoProj)]
+#[derive(Debug)]
+pub enum EitherIo<L, R> {
+    Left(#[pin] L),
+    Right(#[pin] R),
+}
+
+impl<L: PeerAddr, R: PeerAddr> PeerAddr for EitherIo<L, R> {
+    #[inline]
+    fn peer_addr(&self) -> Result<std::net::SocketAddr> {
+        match self {
+            Self::Left(l) => l.peer_addr(),
+            Self::Right(r) => r.peer_addr(),
+        }
+    }
+}
+
+impl<L: AsyncRead, R: AsyncRead> AsyncRead for EitherIo<L, R> {
+    #[inline]
+    fn poll_read(self: Pin<&mut Self>, cx: &mut Context, buf: &mut ReadBuf<'_>) -> Poll<()> {
+        match self.project() {
+            EitherIoProj::Left(l) => l.poll_read(cx, buf),
+            EitherIoProj::Right(r) => r.poll_read(cx, buf),
+        }
+    }
+}
+
+impl<L: AsyncWrite, R: AsyncWrite> AsyncWrite for EitherIo<L, R> {
+    #[inline]
+    fn poll_shutdown(self: Pin<&mut Self>, cx: &mut Context) -> Poll<()> {
+        match self.project() {
+            EitherIoProj::Left(l) => l.poll_shutdown(cx),
+            EitherIoProj::Right(r) => r.poll_shutdown(cx),
+        }
+    }
+
+    #[inline]
+    fn poll_flush(self: Pin<&mut Self>, cx: &mut Context) -> Poll<()> {
+        match self.project() {
+            EitherIoProj::Left(l) => l.poll_flush(cx),
+            EitherIoProj::Right(r) => r.poll_flush(cx),
+        }
+    }
+
+    #[inline]
+    fn poll_write(self: Pin<&mut Self>, cx: &mut Context, buf: &[u8]) -> Poll<usize> {
+        match self.project() {
+            EitherIoProj::Left(l) => l.poll_write(cx, buf),
+            EitherIoProj::Right(r) => r.poll_write(cx, buf),
+        }
+    }
+
+    #[inline]
+    fn poll_write_vectored(
+        self: Pin<&mut Self>,
+        cx: &mut Context,
+        buf: &[IoSlice<'_>],
+    ) -> Poll<usize> {
+        match self.project() {
+            EitherIoProj::Left(l) => l.poll_write_vectored(cx, buf),
+            EitherIoProj::Right(r) => r.poll_write_vectored(cx, buf),
+        }
+    }
+
+    #[inline]
+    fn is_write_vectored(&self) -> bool {
+        match self {
+            EitherIo::Left(l) => l.is_write_vectored(),
+            EitherIo::Right(r) => r.is_write_vectored(),
+        }
+    }
+}

linkerd/io/src/lib.rs

@@ -1,9 +1,11 @@
 mod boxed;
+mod either;
 mod prefixed;
 mod sensor;
 
 pub use self::{
     boxed::BoxedIo,
+    either::EitherIo,
     prefixed::PrefixedIo,
     sensor::{Sensor, SensorIo},
 };

linkerd/io/src/prefixed.rs

@@ -33,6 +33,7 @@ impl<S> From<S> for PrefixedIo<S> {
 }
 
 impl<S: PeerAddr> PeerAddr for PrefixedIo<S> {
+    #[inline]
     fn peer_addr(&self) -> Result<std::net::SocketAddr> {
         self.io.peer_addr()
     }
@@ -63,28 +64,34 @@ impl<S: AsyncRead> AsyncRead for PrefixedIo<S> {
 }
 
 impl<S: io::Write> io::Write for PrefixedIo<S> {
+    #[inline]
     fn write(&mut self, buf: &[u8]) -> Result<usize> {
         self.io.write(buf)
     }
 
+    #[inline]
     fn flush(&mut self) -> Result<()> {
         self.io.flush()
     }
 }
 
 impl<S: AsyncWrite> AsyncWrite for PrefixedIo<S> {
+    #[inline]
     fn poll_shutdown(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<()> {
         self.project().io.poll_shutdown(cx)
     }
 
+    #[inline]
     fn poll_flush(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<()> {
         self.project().io.poll_flush(cx)
     }
 
+    #[inline]
     fn poll_write(self: Pin<&mut Self>, cx: &mut Context<'_>, buf: &[u8]) -> Poll<usize> {
         self.project().io.poll_write(cx, buf)
     }
 
+    #[inline]
     fn poll_write_vectored(
         self: Pin<&mut Self>,
         cx: &mut Context<'_>,
@@ -93,6 +100,7 @@ impl<S: AsyncWrite> AsyncWrite for PrefixedIo<S> {
         self.project().io.poll_write_vectored(cx, bufs)
     }
 
+    #[inline]
     fn is_write_vectored(&self) -> bool {
         self.io.is_write_vectored()
     }

linkerd/proxy/tap/src/accept.rs

@@ -5,8 +5,10 @@ use linkerd2_error::Error;
 use linkerd2_identity as identity;
 use linkerd2_proxy_api::tap::tap_server::{Tap, TapServer};
 use linkerd2_proxy_http::{trace, HyperServerSvc};
-use linkerd2_proxy_transport::io::BoxedIo;
-use linkerd2_proxy_transport::tls::{accept::Connection, Conditional, ReasonForNoPeerName};
+use linkerd2_proxy_transport::{
+    io,
+    tls::{accept::Connection, Conditional, ReasonForNoPeerName},
+};
 use std::future::Future;
 use std::pin::Pin;
 use std::sync::Arc;
@@ -29,8 +31,9 @@ impl AcceptPermittedClients {
         }
     }
 
-    fn serve<T>(&self, io: BoxedIo, tap: T) -> ServeFuture
+    fn serve<I, T>(&self, io: I, tap: T) -> ServeFuture
     where
+        I: io::AsyncRead + io::AsyncWrite + Send + Unpin + 'static,
         T: Tap + Send + 'static,
         T::ObserveStream: Send + 'static,
     {
@@ -45,11 +48,17 @@ impl AcceptPermittedClients {
         })
     }
 
-    fn serve_authenticated(&self, io: BoxedIo) -> ServeFuture {
+    fn serve_authenticated<I>(&self, io: I) -> ServeFuture
+    where
+        I: io::AsyncRead + io::AsyncWrite + Send + Unpin + 'static,
+    {
         self.serve(io, self.server.clone())
     }
 
-    fn serve_unauthenticated(&self, io: BoxedIo, msg: impl Into<String>) -> ServeFuture {
+    fn serve_unauthenticated<I>(&self, io: I, msg: impl Into<String>) -> ServeFuture
+    where
+        I: io::AsyncRead + io::AsyncWrite + Send + Unpin + 'static,
+    {
         self.serve(io, unauthenticated::new(msg))
     }
 }

linkerd/proxy/transport/src/lib.rs

@@ -14,7 +14,6 @@ pub mod tls;
 pub use self::{
     connect::ConnectTcp,
     detect::{Detect, DetectService, NewDetectService},
-    io::BoxedIo,
     listen::{BindTcp, DefaultOrigDstAddr, NoOrigDstAddr, OrigDstAddr},
 };