From 31172b91f2bad512c3d03ab6a0bd07d1cfefd54b Mon Sep 17 00:00:00 2001 From: "data-plane-api(CircleCI)" Date: Thu, 6 Dec 2018 21:02:20 +0000 Subject: [PATCH] listener: create generic listener filter timeout (#5231) Move the hard-coded 15s timeout in TLS inspector into the connection handler such that it covers all listener filters. Also make it configurable as well as add useful stats to see how many connections are currently undergoing listener filter processing. Fixes https://github.com/envoyproxy/envoy/issues/5217 Signed-off-by: Matt Klein Mirrored from https://github.com/envoyproxy/envoy @ e96425aabcce10ab2030de66f69cbb20a867322f --- envoy/api/v2/lds.proto | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/envoy/api/v2/lds.proto b/envoy/api/v2/lds.proto index 22547864..ae649a1f 100644 --- a/envoy/api/v2/lds.proto +++ b/envoy/api/v2/lds.proto @@ -10,6 +10,7 @@ import "envoy/api/v2/discovery.proto"; import "envoy/api/v2/listener/listener.proto"; import "google/api/annotations.proto"; +import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; import "validate/validate.proto"; @@ -36,6 +37,7 @@ service ListenerDiscoveryService { } } +// [#comment:next free field: 16] message Listener { // The unique name by which this listener is known. If no name is provided, // Envoy will allocate an internal UUID for the listener. If the listener is to be dynamically @@ -120,6 +122,11 @@ message Listener { // before a connection is created. repeated listener.ListenerFilter listener_filters = 9 [(gogoproto.nullable) = false]; + // The timeout to wait for all listener filters to complete operation. If the timeout is reached, + // the accepted socket is closed without a connection being created. Specify 0 to disable the + // timeout. If not specified, a default timeout of 15s is used. + google.protobuf.Duration listener_filters_timeout = 15 [(gogoproto.stdduration) = true]; + // Whether the listener should be set as a transparent socket. // When this flag is set to true, connections can be redirected to the listener using an // *iptables* *TPROXY* target, in which case the original source and destination addresses and