fix: record recovered local address #13581
Conversation
Signed-off-by: Kuat Yessenov <kuat@google.com>
| @@ -458,6 +458,9 @@ void ConnectionHandlerImpl::ActiveTcpListener::resumeListening() { | |||
|
|
|||
| void ConnectionHandlerImpl::ActiveTcpListener::newConnection( | |||
| Network::ConnectionSocketPtr&& socket, std::unique_ptr<StreamInfo::StreamInfo> stream_info) { | |||
| // Update local address in case it is restored by a listener filter | |||
There was a problem hiding this comment.
Can you add the TODO? This is good since we known original_dst could change setDownstreamLocalAddress but we don't know if other crazy listener filter could do (proxy protocol?)
There was a problem hiding this comment.
Without exposing stream info to listener filters, we just have to fix this case by case. Is there something else that is changed by listener filters?
There was a problem hiding this comment.
TransportProtocol applicationProtocol. It depends on the overlap of stream info and socket info.
Also newConnection() is not the only termination of the socket. For a closed socket the small discrepancy is not ideal but should be fine for waiting for the further solution.
There was a problem hiding this comment.
I'm having some trouble understanding the issue being fixed in this PR. Should original_dst be calling setDownstreamLocalAddress? I'm guessing that the answer is no.
I'm concerned that this change breaks other intended behavior, but I can see the counter argument involving no existing tests breaking. That said, a lot of functionality is covered by small tests, which wouldn't detect breakages due to changes like this one which involve interaction between multiple extensions.
There was a problem hiding this comment.
The history is that this is a regression. Prior to #13554, stream info was instantiated after listener filters, so the value of downstream local address is the modified value. After that PR, stream info is instantiated before listener filters, so the value has changed. This is a fix to restore the original behavior.
The real issue is lack of any integration testing for original_dst. I think we would have caught the regression sooner if we had any test that exercised original_dst and logging. I don't know why it's like that, maybe it was difficult to set up iptables in a test.
There was a problem hiding this comment.
Is socket->localAdress() the actual address coming from the socket or a modified value set by orig dst filter?
Basically, I'm having trouble understanding new behavior based on the comment added here.
There was a problem hiding this comment.
It's the modified value AFAICT.
There was a problem hiding this comment.
Can you update the comment to something like:
// Refresh local address in case it was restored by a listener filter like the original dst filter.
| @@ -458,6 +458,9 @@ void ConnectionHandlerImpl::ActiveTcpListener::resumeListening() { | |||
|
|
|||
| void ConnectionHandlerImpl::ActiveTcpListener::newConnection( | |||
| Network::ConnectionSocketPtr&& socket, std::unique_ptr<StreamInfo::StreamInfo> stream_info) { | |||
| // Update local address in case it is restored by a listener filter | |||
There was a problem hiding this comment.
I'm having some trouble understanding the issue being fixed in this PR. Should original_dst be calling setDownstreamLocalAddress? I'm guessing that the answer is no.
I'm concerned that this change breaks other intended behavior, but I can see the counter argument involving no existing tests breaking. That said, a lot of functionality is covered by small tests, which wouldn't detect breakages due to changes like this one which involve interaction between multiple extensions.
| Invoke([&](const Http::RequestHeaderMap*, const Http::ResponseHeaderMap*, | ||
| const Http::ResponseTrailerMap*, const StreamInfo::StreamInfo& stream_info) { | ||
| EXPECT_EQ(alt_address, stream_info.downstreamLocalAddress()); | ||
| })); |
There was a problem hiding this comment.
It would be good to exercise this fix in an integration test to fully capture the full implications.
There was a problem hiding this comment.
Agree, but there is no integration test for original_dst, unfortunately.
There was a problem hiding this comment.
Could you work with the owners of original_dst to improve test coverage?
There was a problem hiding this comment.
Who's the owner of original_dst? It's not in CODEOWNERS.
There was a problem hiding this comment.
I don't know who originally wrote the code (someone in Istio I'm sure). The problem is I'm not sure we can have an integration test that is sandboxed. It requires iptables. If this is possible we should do it.
|
@mattklein123 Want to take a look or should I merge once CI is green? |
Signed-off-by: Kuat Yessenov <kuat@google.com>
|
/retest |
|
Retrying Azure Pipelines. |
Signed-off-by: Kuat Yessenov <kuat@google.com>
Signed-off-by: Kuat Yessenov <kuat@google.com>
* master: (22 commits) ci: various improvements (envoyproxy#13660) dns: fix defunct fd bug in apple resolver (envoyproxy#13641) build: support ppc64le with wasm (envoyproxy#13657) [fuzz] Added random load balancer fuzz (envoyproxy#13400) dependencies: compute and check release dates via GitHub API. (envoyproxy#13582) mac ci: try ignoring update failure (envoyproxy#13658) watchdog: Optimize WatchdogImpl::touch in preparation to more frequent petting of the watchdog. (envoyproxy#13103) typos: fix a couple 'enovy' mispellings (envoyproxy#13645) lua: Expose stream info downstreamLocalAddress and downstreamDirectRemoteAddress for Lua filter (envoyproxy#13536) tap: fix upstream streamed transport socket taps (envoyproxy#13638) Revert "delay health checks until transport socket secrets are ready. (envoyproxy#13516)" (envoyproxy#13639) Watchdog: use abort action as a default if killing is enabled. (envoyproxy#13523) [fuzz] Fixed divide by zero bug (envoyproxy#13545) wasm: flip the meaning of the "repository" in envoy_wasm_cc_binary(). (envoyproxy#13621) fix: record recovered local address (envoyproxy#13581) docs: fix incorrect compressor filter doc (envoyproxy#13611) docs: clean up docs for azp migration (envoyproxy#13558) wasm: fix building Wasm example. (envoyproxy#13619) test: Refactor flood tests into a separate test file (envoyproxy#13556) wasm: re-enable tests with precompiled modules. (envoyproxy#13583) ... Signed-off-by: Michael Puncel <mpuncel@squareup.com>
Signed-off-by: Kuat Yessenov kuat@google.com
Commit Message: fixes #13554
Risk Level: low (bug fix)
Testing: unit
Docs Changes: none
Release Notes:
Platform Specific Features: