http: Teardown serverside connections on error (#747)

When the proxy encounters an error, it's usually the case that we want
to gracefully teardown the serverside connection so that the
application's client has an opportunity to re-resolve the endpoint
before reconnecting.

This change configures HTTP servers so that the error-handling layer
initiates server shutdown when an error is not a request timeout. Socket
errors, failfast errors, etc, are now met with a 502 Bad Gateway, as
they were before; but after in-flight requests are responded to, the
proxy's server closes its connection with the application client.

Addresses linkerd/linkerd2#5209
Co-authored-by: Eliza Weisman <[email protected]>

Author: olix0r

Cargo.lock

@@ -732,9 +732,9 @@ dependencies = [
 
 [[package]]
 name = "lazy_static"
-version = "1.3.0"
+version = "1.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bc5729f27f159ddd61f4df6228e827e86643d4d3e7c32183cb30a1c08f604a14"
+checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
 
 [[package]]
 name = "libc"
@@ -916,6 +916,7 @@ dependencies = [
  "bytes 0.5.4",
  "futures 0.3.5",
  "http 0.2.1",
+ "hyper",
  "indexmap",
  "ipnet 1.0.0",
  "linkerd2-app-core",
@@ -979,7 +980,7 @@ dependencies = [
  "futures 0.3.5",
  "linkerd2-error",
  "linkerd2-stack",
- "parking_lot 0.11.0",
+ "parking_lot",
  "tokio",
  "tower",
  "tracing",
@@ -1548,15 +1549,6 @@ dependencies = [
  "tracing-subscriber",
 ]
 
-[[package]]
-name = "lock_api"
-version = "0.3.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c4da24a77a3d8a6d4862d95f72e6fdb9c09a643ecdb402d754004a557f2bec75"
-dependencies = [
- "scopeguard",
-]
-
 [[package]]
 name = "lock_api"
 version = "0.4.1"
@@ -1808,39 +1800,15 @@ dependencies = [
  "tonic-build",
 ]
 
-[[package]]
-name = "parking_lot"
-version = "0.10.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d3a704eb390aafdc107b0e392f56a82b668e3a71366993b5340f5833fd62505e"
-dependencies = [
- "lock_api 0.3.4",
- "parking_lot_core 0.7.2",
-]
-
 [[package]]
 name = "parking_lot"
 version = "0.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a4893845fa2ca272e647da5d0e46660a314ead9c2fdd9a883aabc32e481a8733"
 dependencies = [
  "instant",
- "lock_api 0.4.1",
- "parking_lot_core 0.8.0",
-]
-
-[[package]]
-name = "parking_lot_core"
-version = "0.7.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d58c7c768d4ba344e3e8d72518ac13e259d7c7ade24167003b8488e10b6740a3"
-dependencies = [
- "cfg-if 0.1.10",
- "cloudabi 0.0.3",
- "libc",
- "redox_syscall",
- "smallvec",
- "winapi 0.3.8",
+ "lock_api",
+ "parking_lot_core",
 ]
 
 [[package]]
@@ -2522,9 +2490,9 @@ dependencies = [
 
 [[package]]
 name = "tokio"
-version = "0.2.22"
+version = "0.2.23"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5d34ca54d84bf2b5b4d7d31e901a8464f7b60ac145a284fba25ceb801f2ddccd"
+checksum = "a6d7ad61edd59bfcc7e80dababf0f4aed2e6d5e0ba1659356ae889752dfc12ff"
 dependencies = [
  "bytes 0.5.4",
  "fnv",
@@ -2537,7 +2505,7 @@ dependencies = [
  "mio-named-pipes",
  "mio-uds",
  "num_cpus",
- "parking_lot 0.10.2",
+ "parking_lot",
  "pin-project-lite",
  "signal-hook-registry",
  "slab",
@@ -2578,9 +2546,9 @@ dependencies = [
 
 [[package]]
 name = "tokio-macros"
-version = "0.2.5"
+version = "0.2.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f0c3acc6aa564495a0f2e1d59fab677cd7f81a19994cfc7f3ad0e64301560389"
+checksum = "e44da00bfc73a25f814cd8d7e57a68a5c31b74b3152a0a1d1f590c97ed06265a"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -2825,7 +2793,7 @@ dependencies = [
  "chrono",
  "lazy_static",
  "matchers",
- "parking_lot 0.11.0",
+ "parking_lot",
  "regex 1.3.9",
  "serde",
  "serde_json",

linkerd/app/core/src/admin/mod.rs

@@ -4,11 +4,11 @@
 //! * `/ready` -- returns 200 when the proxy is ready to participate in meshed traffic.
 
 use crate::{
-    proxy::http::{ClientAddr, SetClientAddr},
+    proxy::http::{ClientHandle, SetClientHandle},
     svc, trace,
     transport::{io, tls},
 };
-use futures::{future, TryFutureExt};
+use futures::future;
 use http::StatusCode;
 use hyper::{Body, Request, Response};
 use linkerd2_error::{Error, Never};
@@ -98,8 +98,8 @@ impl<M> Admin<M> {
 
     fn client_is_localhost<B>(req: &Request<B>) -> bool {
         req.extensions()
-            .get::<ClientAddr>()
-            .map(|a| a.as_ref().ip().is_loopback())
+            .get::<ClientHandle>()
+            .map(|a| a.addr.ip().is_loopback())
             .unwrap_or(false)
     }
 }
@@ -178,9 +178,20 @@ impl<M: FmtMetrics + Clone + Send + 'static> svc::Service<io::BoxedIo> for Serve
         // Since the `/proxy-log-level` controls access based on the
         // client's IP address, we wrap the service with a new service
         // that adds the remote IP as a request extension.
-        let svc = SetClientAddr::new(meta.addrs.peer(), svc.clone());
+        let (svc, closed) = SetClientHandle::new(meta.addrs.peer(), svc.clone());
+        let mut conn = server.serve_connection(io, svc);
+
+        Box::pin(async move {
+            tokio::select! {
+                res = &mut conn => res?,
+                () = closed => {
+                    Pin::new(&mut conn).graceful_shutdown();
+                    conn.await?;
+                }
+            }
 
-        Box::pin(server.serve_connection(io, svc).map_err(Into::into))
+            Ok(())
+        })
     }
 }
 

linkerd/app/core/src/errors.rs

@@ -5,7 +5,7 @@ use linkerd2_error::Error;
 use linkerd2_error_metrics as metrics;
 use linkerd2_error_respond as respond;
 pub use linkerd2_error_respond::RespondLayer;
-use linkerd2_proxy_http::HasH2Reason;
+use linkerd2_proxy_http::{client_handle::Close, ClientHandle, HasH2Reason};
 use linkerd2_timeout::{error::ResponseTimeout, FailFastError};
 use pin_project::pin_project;
 use std::pin::Pin;
@@ -51,10 +51,11 @@ pub enum Reason {
 #[derive(Copy, Clone, Debug)]
 pub struct NewRespond(());
 
-#[derive(Copy, Clone, Debug)]
-pub enum Respond {
-    Http1(http::Version),
-    Http2 { is_grpc: bool },
+#[derive(Clone, Debug)]
+pub struct Respond {
+    version: http::Version,
+    is_grpc: bool,
+    close: Option<Close>,
 }
 
 #[pin_project(project = ResponseBodyProj)]
@@ -139,30 +140,39 @@ impl<ReqB, RspB: Default + hyper::body::HttpBody>
     type Respond = Respond;
 
     fn new_respond(&self, req: &http::Request<ReqB>) -> Self::Respond {
+        let close = req
+            .extensions()
+            .get::<ClientHandle>()
+            .map(|h| h.close.clone());
         match req.version() {
             http::Version::HTTP_2 => {
                 let is_grpc = req
                     .headers()
                     .get(http::header::CONTENT_TYPE)
                     .and_then(|v| v.to_str().ok().map(|s| s.starts_with("application/grpc")))
                     .unwrap_or(false);
-                Respond::Http2 { is_grpc }
+                Respond {
+                    is_grpc,
+                    close,
+                    version: http::Version::HTTP_2,
+                }
             }
-            version => Respond::Http1(version),
+            version => Respond {
+                version,
+                close,
+                is_grpc: false,
+            },
         }
     }
 }
 
 impl<RspB: Default + hyper::body::HttpBody> respond::Respond<http::Response<RspB>> for Respond {
     type Response = http::Response<ResponseBody<RspB>>;
 
-    fn respond(
-        &self,
-        reseponse: Result<http::Response<RspB>, Error>,
-    ) -> Result<Self::Response, Error> {
-        match reseponse {
+    fn respond(&self, res: Result<http::Response<RspB>, Error>) -> Result<Self::Response, Error> {
+        match res {
             Ok(response) => Ok(response.map(|b| match *self {
-                Respond::Http2 { is_grpc } if is_grpc == true => ResponseBody::Grpc {
+                Respond { is_grpc: true, .. } => ResponseBody::Grpc {
                     inner: b,
                     trailers: None,
                 },
@@ -171,33 +181,36 @@ impl<RspB: Default + hyper::body::HttpBody> respond::Respond<http::Response<RspB
             Err(error) => {
                 warn!("Failed to proxy request: {}", error);
 
-                if let Respond::Http2 { is_grpc } = self {
+                if self.version == http::Version::HTTP_2 {
                     if let Some(reset) = error.h2_reason() {
                         debug!(%reset, "Propagating HTTP2 reset");
                         return Err(error);
                     }
+                }
 
-                    if *is_grpc {
-                        let mut rsp = http::Response::builder()
-                            .version(http::Version::HTTP_2)
-                            .header(http::header::CONTENT_LENGTH, "0")
-                            .body(ResponseBody::default())
-                            .expect("app::errors response is valid");
-                        let code = set_grpc_status(&*error, rsp.headers_mut());
-                        debug!(?code, "Handling error with gRPC status");
-                        return Ok(rsp);
+                // Gracefully teardown the server-side connection.
+                if should_teardown_connection(&*error) {
+                    if let Some(c) = self.close.as_ref() {
+                        debug!("Closing server-side connection");
+                        c.close();
                     }
                 }
 
-                let version = match self {
-                    Respond::Http1(ref version) => version.clone(),
-                    Respond::Http2 { .. } => http::Version::HTTP_2,
-                };
+                if self.is_grpc {
+                    let mut rsp = http::Response::builder()
+                        .version(http::Version::HTTP_2)
+                        .header(http::header::CONTENT_LENGTH, "0")
+                        .body(ResponseBody::default())
+                        .expect("app::errors response is valid");
+                    let code = set_grpc_status(&*error, rsp.headers_mut());
+                    debug!(?code, "Handling error with gRPC status");
+                    return Ok(rsp);
+                }
 
                 let status = http_status(&*error);
-                debug!(%status, ?version, "Handling error with HTTP response");
+                debug!(%status, version = ?self.version, "Handling error with HTTP response");
                 Ok(http::Response::builder()
-                    .version(version)
+                    .version(self.version)
                     .status(status)
                     .header(http::header::CONTENT_LENGTH, "0")
                     .body(ResponseBody::default())
@@ -207,6 +220,18 @@ impl<RspB: Default + hyper::body::HttpBody> respond::Respond<http::Response<RspB
     }
 }
 
+fn should_teardown_connection(error: &(dyn std::error::Error + 'static)) -> bool {
+    if error.is::<ResponseTimeout>() {
+        false
+    } else if error.is::<tower::timeout::error::Elapsed>() {
+        false
+    } else if let Some(e) = error.source() {
+        should_teardown_connection(e)
+    } else {
+        true
+    }
+}
+
 fn http_status(error: &(dyn std::error::Error + 'static)) -> StatusCode {
     if let Some(HttpError { http, .. }) = error.downcast_ref::<HttpError>() {
         *http

linkerd/app/outbound/Cargo.toml

@@ -30,8 +30,9 @@ features = [
 ]
 
 [dev-dependencies]
+hyper = "0.13"
 ipnet = "1.0"
-linkerd2-io = { path = "../../io", features = ["tokio-test"] }
 linkerd2-app-test = { path = "../test" }
+linkerd2-io = { path = "../../io", features = ["tokio-test"] }
 tokio = { version = "0.2", features = ["full", "macros"]}
 tracing-futures = "0.2"

linkerd/app/outbound/src/http/logical.rs

@@ -123,13 +123,7 @@ where
         .push_switch(
             Logical::should_resolve,
             svc::stack(endpoint)
-                .push_on_response(
-                    svc::layers()
-                        .push(svc::layer::mk(
-                            svc::stack::FailOnError::<std::io::Error, S>::new,
-                        ))
-                        .box_http_request(),
-                )
+                .push_on_response(svc::layers().box_http_request())
                 .push_map_target(Endpoint::from_logical(
                     ReasonForNoPeerName::NotProvidedByServiceDiscovery,
                 ))

linkerd/app/outbound/src/http/mod.rs

@@ -2,14 +2,17 @@ pub mod endpoint;
 pub mod logical;
 mod require_identity_on_endpoint;
 
+#[cfg(test)]
+mod tests;
+
 use crate::tcp;
 use indexmap::IndexMap;
 pub use linkerd2_app_core::proxy::http::*;
 use linkerd2_app_core::{
     dst, profiles,
     proxy::{
         api_resolve::ProtocolHint,
-        http::{self, CanOverrideAuthority, ClientAddr},
+        http::{self, CanOverrideAuthority, ClientHandle},
         identity, tap,
     },
     transport::tls,
@@ -71,9 +74,7 @@ impl CanOverrideAuthority for Endpoint {
 
 impl tap::Inspect for Endpoint {
     fn src_addr<B>(&self, req: &http::Request<B>) -> Option<SocketAddr> {
-        req.extensions()
-            .get::<ClientAddr>()
-            .map(|c| c.as_ref().clone())
+        req.extensions().get::<ClientHandle>().map(|c| c.addr)
     }
 
     fn src_tls<'a, B>(