Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

perf: really, really stop nagle's algorithm #1062

Merged
merged 1 commit into from
May 16, 2024
Merged

perf: really, really stop nagle's algorithm #1062

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions src/dns/server.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,9 +106,9 @@ impl Server {
.tcp_bind(addr)
.map_err(|e| Error::Bind(addr, e))?;
// Save the bound address.
let tcp_addr = tcp_listener.local_addr().unwrap();
let tcp_addr = tcp_listener.local_addr();
server.register_listener(
tcp_listener,
tcp_listener.inner(),
Duration::from_secs(DEFAULT_TCP_REQUEST_TIMEOUT),
);

Expand Down
29 changes: 20 additions & 9 deletions src/inpod/config.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,9 @@
// See the License for the specific language governing permissions and
// limitations under the License.

use crate::config;
use crate::{config, socket};
use std::sync::Arc;
use tokio::net::TcpSocket;

use super::netns::InpodNetns;

Expand Down Expand Up @@ -79,17 +80,27 @@ impl InPodSocketFactory {

impl crate::proxy::SocketFactory for InPodSocketFactory {
fn new_tcp_v4(&self) -> std::io::Result<tokio::net::TcpSocket> {
self.configure(tokio::net::TcpSocket::new_v4)
self.configure(|| {
TcpSocket::new_v4().and_then(|s| {
s.set_nodelay(true)?;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

Ok(s)
})
})
}

fn new_tcp_v6(&self) -> std::io::Result<tokio::net::TcpSocket> {
self.configure(tokio::net::TcpSocket::new_v6)
self.configure(|| {
TcpSocket::new_v6().and_then(|s| {
s.set_nodelay(true)?;
Ok(s)
})
})
}

fn tcp_bind(&self, addr: std::net::SocketAddr) -> std::io::Result<tokio::net::TcpListener> {
fn tcp_bind(&self, addr: std::net::SocketAddr) -> std::io::Result<socket::Listener> {
let std_sock = self.configure(|| std::net::TcpListener::bind(addr))?;
std_sock.set_nonblocking(true)?;
tokio::net::TcpListener::from_std(std_sock)
tokio::net::TcpListener::from_std(std_sock).map(socket::Listener::new)
}

fn udp_bind(&self, addr: std::net::SocketAddr) -> std::io::Result<tokio::net::UdpSocket> {
Expand Down Expand Up @@ -119,7 +130,7 @@ impl crate::proxy::SocketFactory for InPodSocketPortReuseFactory {
self.sf.new_tcp_v6()
}

fn tcp_bind(&self, addr: std::net::SocketAddr) -> std::io::Result<tokio::net::TcpListener> {
fn tcp_bind(&self, addr: std::net::SocketAddr) -> std::io::Result<socket::Listener> {
let sock = self.sf.configure(|| match addr {
std::net::SocketAddr::V4(_) => tokio::net::TcpSocket::new_v4(),
std::net::SocketAddr::V6(_) => tokio::net::TcpSocket::new_v6(),
Expand All @@ -130,7 +141,7 @@ impl crate::proxy::SocketFactory for InPodSocketPortReuseFactory {
}

sock.bind(addr)?;
sock.listen(128)
sock.listen(128).map(socket::Listener::new)
}

fn udp_bind(&self, addr: std::net::SocketAddr) -> std::io::Result<tokio::net::UdpSocket> {
Expand Down Expand Up @@ -210,7 +221,7 @@ mod test {

let sock_addr: std::net::SocketAddr = "127.0.0.1:8080".parse().unwrap();
{
let s = sf.tcp_bind(sock_addr).unwrap();
let s = sf.tcp_bind(sock_addr).unwrap().inner();

// make sure mark nad port re-use are set
let sock_ref = socket2::SockRef::from(&s);
Expand Down Expand Up @@ -257,7 +268,7 @@ mod test {

let sock_addr: std::net::SocketAddr = "127.0.0.1:8080".parse().unwrap();
{
let s = sf.tcp_bind(sock_addr).unwrap();
let s = sf.tcp_bind(sock_addr).unwrap().inner();

// make sure mark nad port re-use are set
let sock_ref = socket2::SockRef::from(&s);
Expand Down
22 changes: 14 additions & 8 deletions src/proxy.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ pub trait SocketFactory {

fn new_tcp_v6(&self) -> std::io::Result<TcpSocket>;

fn tcp_bind(&self, addr: SocketAddr) -> std::io::Result<TcpListener>;
fn tcp_bind(&self, addr: SocketAddr) -> std::io::Result<socket::Listener>;

fn udp_bind(&self, addr: SocketAddr) -> std::io::Result<tokio::net::UdpSocket>;
}
Expand All @@ -69,17 +69,23 @@ pub struct DefaultSocketFactory;

impl SocketFactory for DefaultSocketFactory {
fn new_tcp_v4(&self) -> std::io::Result<TcpSocket> {
TcpSocket::new_v4()
TcpSocket::new_v4().and_then(|s| {
s.set_nodelay(true)?;
Ok(s)
})
}

fn new_tcp_v6(&self) -> std::io::Result<TcpSocket> {
TcpSocket::new_v6()
TcpSocket::new_v6().and_then(|s| {
s.set_nodelay(true)?;
Ok(s)
})
}

fn tcp_bind(&self, addr: SocketAddr) -> std::io::Result<TcpListener> {
fn tcp_bind(&self, addr: SocketAddr) -> std::io::Result<socket::Listener> {
let std_sock = std::net::TcpListener::bind(addr)?;
std_sock.set_nonblocking(true)?;
TcpListener::from_std(std_sock)
TcpListener::from_std(std_sock).map(socket::Listener::new)
}

fn udp_bind(&self, addr: SocketAddr) -> std::io::Result<tokio::net::UdpSocket> {
Expand Down Expand Up @@ -411,12 +417,12 @@ impl TryFrom<&str> for TraceParent {

pub(super) fn maybe_set_transparent(
pi: &ProxyInputs,
listener: &TcpListener,
listener: &socket::Listener,
) -> Result<bool, Error> {
Ok(match pi.cfg.enable_original_source {
Some(true) => {
// Explicitly enabled. Return error if we cannot set it.
socket::set_transparent(listener)?;
listener.set_transparent()?;
true
}
Some(false) => {
Expand All @@ -425,7 +431,7 @@ pub(super) fn maybe_set_transparent(
}
None => {
// Best effort
socket::set_transparent(listener).is_ok()
listener.set_transparent().is_ok()
}
})
}
Expand Down
25 changes: 12 additions & 13 deletions src/proxy/inbound.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ use futures::stream::StreamExt;

use http::{Method, Response, StatusCode};

use tokio::net::{TcpListener, TcpStream};
use tokio::net::TcpStream;

use tracing::{debug, info, instrument, trace_span, Instrument};

Expand All @@ -41,7 +41,7 @@ use crate::socket::to_canonical;
use crate::state::service::Service;
use crate::state::workload::address::Address;
use crate::state::workload::application_tunnel::Protocol as AppProtocol;
use crate::{assertions, copy, proxy, strng, tls};
use crate::{assertions, copy, proxy, socket, strng, tls};

use crate::proxy::h2;
use crate::state::workload::{self, NetworkAddress, Workload};
Expand All @@ -50,14 +50,14 @@ use crate::strng::Strng;
use crate::tls::TlsError;

pub(super) struct Inbound {
listener: TcpListener,
listener: socket::Listener,
drain: Watch,
pi: ProxyInputs,
}

impl Inbound {
pub(super) async fn new(mut pi: ProxyInputs, drain: Watch) -> Result<Inbound, Error> {
let listener: TcpListener = pi
let listener = pi
.socket_factory
.tcp_bind(pi.cfg.inbound_addr)
.map_err(|e| Error::Bind(pi.cfg.inbound_addr, e))?;
Expand All @@ -69,7 +69,7 @@ impl Inbound {
pi.cfg = Arc::new(cfg);
}
info!(
address=%listener.local_addr().expect("local_addr available"),
address=%listener.local_addr(),
component="inbound",
transparent,
"listener established",
Expand All @@ -82,7 +82,7 @@ impl Inbound {
}

pub(super) fn address(&self) -> SocketAddr {
self.listener.local_addr().expect("local_addr available")
self.listener.local_addr()
}

pub(super) async fn run(self, illegal_ports: Arc<HashSet<u16>>) {
Expand All @@ -91,7 +91,10 @@ impl Inbound {
cert_manager: self.pi.cert_manager.clone(),
network: strng::new(&self.pi.cfg.network),
};
let stream = crate::hyper_util::tls_server(acceptor, self.listener);

// Safety: we set nodelay directly in tls_server, so it is safe to convert to a normal listener.
// Although, that is *after* the TLS handshake; in theory we may get some benefits to setting it earlier.
let stream = crate::hyper_util::tls_server(acceptor, self.listener.inner());
let mut stream = stream.take_until(Box::pin(self.drain.signaled()));

let (sub_drain_signal, sub_drain) = drain::channel();
Expand Down Expand Up @@ -289,12 +292,8 @@ impl Inbound {
};

let orig_src = enable_original_source.then_some(source_ip);
let stream = super::freebind_connect(orig_src, upstream_addr, pi.socket_factory.as_ref())
.await
.and_then(|s| {
s.set_nodelay(true)?;
Ok(s)
});
let stream =
super::freebind_connect(orig_src, upstream_addr, pi.socket_factory.as_ref()).await;
let mut stream = match stream {
Err(err) => {
result_tracker.record(Err(err));
Expand Down
10 changes: 5 additions & 5 deletions src/proxy/inbound_passthrough.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ use std::sync::Arc;
use std::time::Instant;

use drain::Watch;
use tokio::net::{TcpListener, TcpStream};
use tokio::net::TcpStream;

use tracing::{error, info, trace, Instrument};

Expand All @@ -32,7 +32,7 @@ use crate::{assertions, copy, rbac, strng};
use crate::{proxy, socket};

pub(super) struct InboundPassthrough {
listener: TcpListener,
listener: socket::Listener,
pi: ProxyInputs,
drain: Watch,
}
Expand All @@ -42,7 +42,7 @@ impl InboundPassthrough {
mut pi: ProxyInputs,
drain: Watch,
) -> Result<InboundPassthrough, Error> {
let listener: TcpListener = pi
let listener = pi
.socket_factory
.tcp_bind(pi.cfg.inbound_plaintext_addr)
.map_err(|e| Error::Bind(pi.cfg.inbound_plaintext_addr, e))?;
Expand All @@ -56,7 +56,7 @@ impl InboundPassthrough {
}

info!(
address=%listener.local_addr().expect("local_addr available"),
address=%listener.local_addr(),
component="inbound plaintext",
transparent,
"listener established",
Expand All @@ -69,7 +69,7 @@ impl InboundPassthrough {
}

pub(super) fn address(&self) -> SocketAddr {
self.listener.local_addr().expect("local_addr available")
self.listener.local_addr()
}

pub(super) async fn run(self, illegal_ports: Arc<HashSet<u16>>) {
Expand Down
11 changes: 6 additions & 5 deletions src/proxy/outbound.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ use drain::Watch;

use hyper::header::FORWARDED;

use tokio::net::{TcpListener, TcpStream};
use tokio::net::TcpStream;

use tracing::{debug, error, info, info_span, trace_span, warn, Instrument};

Expand All @@ -43,12 +43,12 @@ use crate::{assertions, copy, proxy, socket, strng};
pub struct Outbound {
pi: ProxyInputs,
drain: Watch,
listener: TcpListener,
listener: socket::Listener,
}

impl Outbound {
pub(super) async fn new(mut pi: ProxyInputs, drain: Watch) -> Result<Outbound, Error> {
let listener: TcpListener = pi
let listener = pi
.socket_factory
.tcp_bind(pi.cfg.outbound_addr)
.map_err(|e| Error::Bind(pi.cfg.outbound_addr, e))?;
Expand All @@ -61,7 +61,7 @@ impl Outbound {
}

info!(
address=%listener.local_addr().expect("local_addr available"),
address=%listener.local_addr(),
component="outbound",
transparent,
"listener established",
Expand All @@ -74,7 +74,7 @@ impl Outbound {
}

pub(super) fn address(&self) -> SocketAddr {
self.listener.local_addr().expect("local_addr available")
self.listener.local_addr()
}

pub(super) async fn run(self) {
Expand Down Expand Up @@ -104,6 +104,7 @@ impl Outbound {
id: TraceParent::new(),
pool: pool.clone(),
};
stream.set_nodelay(true).unwrap();
let span = info_span!("outbound", id=%oc.id);
let serve_outbound_connection = (async move {
debug!(dur=?start_outbound_instant.elapsed(), id=%oc.id, "outbound spawn START");
Expand Down
1 change: 0 additions & 1 deletion src/proxy/pool.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,6 @@ impl ConnSpawner {
let connector = cert.outbound_connector(key.dst_id.clone())?;
let tcp_stream =
super::freebind_connect(local, key.dst, self.socket_factory.as_ref()).await?;
tcp_stream.set_nodelay(true)?;
let tls_stream = connector.connect(tcp_stream).await?;
trace!("connector connected, handshaking");
let sender =
Expand Down
10 changes: 5 additions & 5 deletions src/proxy/socks5.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ use std::sync::Arc;

use tokio::io::AsyncReadExt;
use tokio::io::AsyncWriteExt;
use tokio::net::{TcpListener, TcpStream};
use tokio::net::TcpStream;
use tracing::{error, info};

use crate::proxy::outbound::OutboundConnection;
Expand All @@ -30,19 +30,19 @@ use crate::socket;

pub(super) struct Socks5 {
pi: ProxyInputs,
listener: TcpListener,
listener: socket::Listener,
drain: Watch,
}

impl Socks5 {
pub(super) async fn new(pi: ProxyInputs, drain: Watch) -> Result<Socks5, Error> {
let listener: TcpListener = pi
let listener = pi
.socket_factory
.tcp_bind(pi.cfg.socks5_addr.unwrap())
.map_err(|e| Error::Bind(pi.cfg.socks5_addr.unwrap(), e))?;

info!(
address=%listener.local_addr().expect("local_addr available"),
address=%listener.local_addr(),
component="socks5",
"listener established",
);
Expand All @@ -55,7 +55,7 @@ impl Socks5 {
}

pub(super) fn address(&self) -> SocketAddr {
self.listener.local_addr().expect("local_addr available")
self.listener.local_addr()
}

pub async fn run(self) {
Expand Down
Loading