Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Drain proxy CONNECT response before starting TLS handshake #2692

Merged
merged 2 commits into from
Sep 14, 2023
Merged

Drain proxy CONNECT response before starting TLS handshake #2692

merged 2 commits into from
Sep 14, 2023

Conversation

idelpivnitskiy
Copy link
Member

@idelpivnitskiy idelpivnitskiy commented Sep 13, 2023
edited

Motivation:

  1. Successful response to CONNECT never has a message body, and we are not interested in payload body for any non-200 status code. Drain it asap to free connection and RS resources before starting TLS handshake.
  2. Result of the proxy tunneling is incorrectly offloaded, response offloading can be different from users-configured ConnectExecutionStrategy.

Modifications:

  • Drain response message body before invoking handleConnectResponse;
  • Use computed ExecutionStrategy to decide when newConnection should be offloaded, similar to what AbstractLBHttpConnectionFactory does;
  • Update ProxyConnectConnectionFactoryFilterTest to assert new behavior;

Result:

Response to CONNECT request is drained and all publishers are released before starting any new activity on this connection.

@idelpivnitskiy
Drain proxy CONNECT response before starting TLS handshake
a9af649 
Motivation:

Successful response to `CONNECT` never has a message body, and we are
not interested in payload body for any non-200 status code.
Drain it asap to free connection and RS resources before starting TLS
handshake.

Modifications:
- Drain response message body before invoking `handleConnectResponse`;
- Use computed `ExecutionStrategy` to decide when `newConnection` should
be offloaded, similar to what `AbstractLBHttpConnectionFactory` does;
- Update `ProxyConnectConnectionFactoryFilterTest` to assert new
behavior;

Result:

Response to `CONNECT` request is drained and all publishers are released
before starting any new activity on this connection.
@idelpivnitskiy idelpivnitskiy self-assigned this Sep 13, 2023
@idelpivnitskiy idelpivnitskiy marked this pull request as ready for review September 13, 2023 05:40
idelpivnitskiy
idelpivnitskiy commented Sep 13, 2023
View reviewed changes
...-http-netty/src/main/java/io/servicetalk/http/netty/ProxyConnectConnectionFactoryFilter.java
// payload body for any non-200 status code. Drain it asap to free connection and RS
// resources before starting TLS handshake.
.flatMap(response -> response.messageBody().ignoreElements()
.concat(Single.defer(() -> handleConnectResponse(c, response)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tried to minimize git diff, added draining here instead of changing indentation inside handleConnectResponse

@idelpivnitskiy idelpivnitskiy merged commit 6f9bdba into apple:main Sep 14, 2023
15 checks passed
@idelpivnitskiy idelpivnitskiy deleted the connect-drain branch September 14, 2023 04:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daschl daschl daschl approved these changes

Assignees

@idelpivnitskiy idelpivnitskiy

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@idelpivnitskiy @daschl