network: add close through network filter_manager support to check filter's close status#38778
Conversation
Signed-off-by: Boteng Yao <boteng@google.com>
Signed-off-by: Boteng Yao <boteng@google.com>
Signed-off-by: Boteng Yao <boteng@google.com>
botengyao
changed the title
Signed-off-by: Boteng Yao <boteng@google.com>
…ger_close Signed-off-by: Boteng Yao <boteng@google.com>
Signed-off-by: Boteng Yao <boteng@google.com>
Signed-off-by: Boteng Yao <boteng@google.com>
Signed-off-by: Boteng Yao <boteng@google.com>
Signed-off-by: Boteng Yao <boteng@google.com>
|
@yanavlasov @KBaichoo this is a PR to let network filter manager manage the close for connections, and introduced a cc @envoyproxy/envoy-maintainers |
Signed-off-by: Boteng Yao <boteng@google.com>
Signed-off-by: Boteng Yao <boteng@google.com>
Signed-off-by: Boteng Yao <boteng@google.com>
botengyao
changed the title
Signed-off-by: Boteng Yao <boteng@google.com>
Signed-off-by: Boteng Yao <boteng@google.com>
Signed-off-by: Boteng Yao <boteng@google.com>
…ger_close Signed-off-by: Boteng Yao <boteng@google.com>
Signed-off-by: Boteng Yao <boteng@google.com>
Signed-off-by: Boteng Yao <boteng@google.com>
Yeah. I think it may need more comment to these additional branch to explain why for me and future developers. Sorry, I don't want to block this new feature, but help ensure it maintainable for future. |
Signed-off-by: Boteng Yao <boteng@google.com>
Signed-off-by: Boteng Yao <boteng@google.com>
Signed-off-by: Boteng Yao <boteng@google.com>
agreed, added more comments. PTAL, and thank you! |
Signed-off-by: Boteng Yao <boteng@google.com>
|
/retest |
wbpcode
left a comment
wbpcode
left a comment
There was a problem hiding this comment.
Thanks for the update. I think I gradually get the code. Although it take some time. Some comments are added. My core concern is still the complexity. I am trying to make it more simpler and without effect the feature you want.
But basically, I think this is fine.
| FilterManagerImpl& parent_; | ||
| ReadFilterSharedPtr filter_; | ||
| bool initialized_{}; | ||
| bool pending_close_{false}; |
There was a problem hiding this comment.
I didn't get the usage of this bool flag.
There was a problem hiding this comment.
This is a flag to indicate if a filter is gating the close, and this flag will impact the counter and disableClose() will change its status.
There was a problem hiding this comment.
Yeah. I got it's usage. But I am not sure if it's necessary to use it. Why cannot we just increment the count when the closeDisable(true) is called?
We have a similar practice on the read, the readDisable(true/false). I think use the similar parttern may be better?
There was a problem hiding this comment.
The key design here is to simplify the usage and lose the counter check, and we only count and check each filter's status, and the counter will only ++ when the filter status is changing.
disableClose(true)marks the filter as unable to close by delaying the closure process.- Calling
disableClose(true)again has no additional effect, as the closure is already marked as pending. - One
disableClose(false)can unblock the close, meaning the filter has done its job.
readDisable is kind of ++ and -- mapped for each call due to the buffer scenario and some initialization scenario are very simple. But close scenario can be more complicated depending on many things which it is possible that there is no a strict start and end.
There was a problem hiding this comment.
disableClose(true) marks the filter as unable to close by delaying the closure process.
Calling disableClose(true) again has no additional effect, as the closure is already marked as pending.
One disableClose(false) can unblock the close, meaning the filter has done its job.
I knew this behavior. I was thinking if there are multiple async actions block the closing, I think may be we should call the disableClose(true) multiple time and increment the count. And everytime once an action is done we can call the disableClose(false) to decrement the count.
That's say, I think the disableClose(true) and disableClose(false) should be a pair. wdyt?
There was a problem hiding this comment.
Discussed offline, and we will lose the counter check by the filter manager through only checking all filters status. We will let the filter itself to maintain the final close check.
…ger_close Signed-off-by: Boteng Yao <boteng@google.com>
Signed-off-by: Boteng Yao <boteng@google.com>
Signed-off-by: Boteng Yao <boteng@google.com>
| FilterManagerImpl& parent_; | ||
| ReadFilterSharedPtr filter_; | ||
| bool initialized_{}; | ||
| bool pending_close_{false}; |
There was a problem hiding this comment.
This is a flag to indicate if a filter is gating the close, and this flag will impact the counter and disableClose() will change its status.
|
/retest |
Signed-off-by: Boteng Yao <boteng@google.com>
|
/retest |
wbpcode
left a comment
wbpcode
left a comment
There was a problem hiding this comment.
LGTM overall with a minor comment. I think we will cut a release next week. I will prefer to merge this after next week as IMO this is a high-risk PR. Thanks for the contribution again. 🌷
Signed-off-by: Boteng Yao <boteng@google.com>
Thanks @wbpcode for the dedicated time to review this PR. This is guarded by a false runtime guard meaning it is not enabled, and I want to bake it some time before enabling it, so I think there should be no-risk, wdyt? |
|
/retest |
sgtm. |
Added the basic ext_proc gRPC callout functions without the data loss that was addressed in #38778. gRPC client was shared with HTTP ext_proc that was templated by #38898 Pending: * COUNTER will be in the followup RPs. * filter_metadata handling is pending. * log info is pending. * timeout setting is pending * flow control is pending Commit Message: Additional Description: Risk Level: low Testing: #38721 --------- Signed-off-by: Boteng Yao <boteng@google.com>
4 participants
To solve the data loss issue during the close sequence especially for the middle external processing network filter in the filter chain. #38779
This PR will let the close manage by filter manager for some cases, and also introduce an enum
StopIterationAndDontClosefor network filter, which acontinueClosing()is expected if the filter manger is closing the connection. It will check all the networks' filter status before closing.Alternative Design
To provide more flexibility, we can split the disable close and
StopIterationfunctionalities, and introduce an disableClose(bool) to change a filter'spending_close_status.Key changes in ConnectionImpl
For the read path directly from socket:
RemoteClosewill close the socket when the socket is closed when half close is not enabled or both ways are half closed if half close is enabled immediately. With this PR right now theRemoteClosewill be managed by the filter manager. Since a filter could returnStopIterationAndDontClose, thecloseThroughFilerManager()will pause the close until the filter callscontinueClosing.For the write path directly from socket:
FlushWriteorFlushWriteAndDelaystatus that is triggered byclose(), the socket will close immediately since the close() is managed by the filter manager.For the
close()that is initialized by Envoy's connection:FlushWriteandFlushWriteAndDelayAbort,NoFlush, andAbortResetwill still close the socket immediately.closeSocket(LocalClose).For remote early close:
Key changes in Filter_manager
StopIterationAndDontClosefor filter status andconntinueClosing()state_in filter manager to check the pending close statusNote:
StopIterationAndDontClose.injectWriteDataToFilterChainandinjectReadDataToFilterChainis called.Commit Message:
Additional Description:
Risk Level: Low for normal case, and High if feature is used.
Testing:
Docs Changes:
Release Notes:
Platform Specific Features: