-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove proxymap entry after closing connection #3190
Conversation
// ProxyMapKey is the generic type for Proxy6Key or Proxy4Key | ||
type ProxyMapKey interface{} | ||
|
||
type ProxyMapValue interface { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
exported type ProxyMapValue should have comment or be unexported
type name will be used as proxymap.ProxyMapValue by other packages, and that stutters; consider calling this Value
pkg/maps/proxymap/proxymap.go
Outdated
) | ||
|
||
// ProxyMapKey is the generic type for Proxy6Key or Proxy4Key | ||
type ProxyMapKey interface{} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
type name will be used as proxymap.ProxyMapKey by other packages, and that stutters; consider calling this Key
pkg/maps/proxymap/ipv6.go
Outdated
@@ -47,6 +47,10 @@ type Proxy6Value struct { | |||
Lifetime uint32 | |||
} | |||
|
|||
func (v *Proxy6Value) GetSourceIdentity() uint32 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
exported method Proxy6Value.GetSourceIdentity should have comment or be unexported
pkg/maps/proxymap/ipv4.go
Outdated
@@ -50,6 +50,10 @@ type Proxy4Value struct { | |||
Lifetime uint32 | |||
} | |||
|
|||
func (v *Proxy4Value) GetSourceIdentity() uint32 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
exported method Proxy4Value.GetSourceIdentity should have comment or be unexported
// ProxyMapKey is the generic type for Proxy6Key or Proxy4Key | ||
type ProxyMapKey interface{} | ||
|
||
type ProxyMapValue interface { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
exported type ProxyMapValue should have comment or be unexported
type name will be used as proxymap.ProxyMapValue by other packages, and that stutters; consider calling this Value
pkg/maps/proxymap/proxymap.go
Outdated
) | ||
|
||
// ProxyMapKey is the generic type for Proxy6Key or Proxy4Key | ||
type ProxyMapKey interface{} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
type name will be used as proxymap.ProxyMapKey by other packages, and that stutters; consider calling this Key
2a7e2f6
to
041ff36
Compare
test-me-please |
041ff36
to
9e092d6
Compare
) | ||
|
||
// ProxyMapKey is the generic type for Proxy6Key or Proxy4Key | ||
type ProxyMapKey interface{} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
type name will be used as proxymap.ProxyMapKey by other packages, and that stutters; consider calling this Key
test-me-please |
pkg/proxy/kafka.go
Outdated
// The proxymap contains an entry with metadata for the receive side of the | ||
// connection, remove it after the connection has been closed. | ||
if pair.Rx != nil { | ||
if err := k.redirect.removeProxyMapEntryOnClose(pair.Rx.conn); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It can take up to 1 minute for the rx connection to get actually closed, because that’s the delay we set for SO_LINGER. Therefore, we need to wait for at least 1 minute before removing the proxy map entry. Otherwise, the connection may still hang for the client.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If 1 minute is too long, we can reduce the SO_LINGER delay. But we should always wait for at least that delay before removing the map entry.
Good point. I'm not sure lingering is actually better though. 1 minute is definitely too long just to send out some existing data. I agree that we should wait though.
If 1 minute is too long, we can reduce the SO_LINGER delay. But we should always wait for at least that delay before removing the map entry. |
9e092d6
to
3dcf094
Compare
test-me-please |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. I would just add a small buffer to the sleep.
pkg/proxy/kafka.go
Outdated
// We are running in our own go routine here so we can just | ||
// block this go routine until after the connection is | ||
// guaranteed to have been closed | ||
time.Sleep(proxyConnectionCloseTimeout) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would add a small buffer, to let an eventual RST packet get through. In the worst case, the IP stack will decide to send an RST just around that time. We need to give it a chance to get through. How about adding like 1 second?
time.Sleep(proxyConnectionCloseTimeout + 1 * time.Second)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done, can't hurt. It's probably unlikely though that we can transmit an RST if we can't flush out the data and close the connection within the timeout. It's likely a connectivity problem anyway.
Signed-off-by: Thomas Graf <thomas@cilium.io>
When the receive side of the proxied connection is closed, after the SO_LINGER timeout has passed, remove the proxymap entry as we no longer need access to the metadata. This relaxes the garbage collector and pressure on the map capacity. Fixes: #3172 Signed-off-by: Thomas Graf <thomas@cilium.io>
The existing value of 1 minute can put a lot of stress on the proxymap table in an environment with many concurrent, short lived connections. Signed-off-by: Thomas Graf <thomas@cilium.io>
3dcf094
to
3ee259d
Compare
test-me-please |
No description provided.