network: delayed conn close (#4382)

Mitigate client read/close race issues on downstream HTTP connections by adding a new connection close type 'FlushWriteAndDelay'. This new close type flushes the write buffer on a connection but does not immediately close after emptying the buffer (unlike ConnectionCloseType::FlushWrite). A timer has been added to track delayed closes for both 'FlushWrite' and 'FlushWriteAndDelay'. Upon triggering, the socket will be closed and the connection will be cleaned up. Delayed close processing can be disabled by setting the newly added HCM 'delayed_close_timeout' config option to 0. Risk Level: Medium (changes common case behavior for closing of downstream HTTP connections) Testing: Unit tests and integration tests added. Fixes #2929. Signed-off-by: Andres Guedez <aguedez@google.com> Mirrored from https://github.com/envoyproxy/envoy @ aa9478f06d613cd7b845e609a8c20c1ce116dad5
6 years ago · c8e91ece6c
parent b4ae300f61
commit c8e91ece6c
1 changed files with 20 additions and 1 deletions
--- a/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto
+++ b/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto
@ -19,7 +19,7 @@ import "gogoproto/gogo.proto";
 // [#protodoc-title: HTTP connection manager]
 // HTTP connection manager :ref:`configuration overview <config_http_conn_man>`.

-// [#comment:next free field: 25]
+// [#comment:next free field: 27]
 message HttpConnectionManager {
  enum CodecType {
    option (gogoproto.goproto_enum_prefix) = false;
@ -175,6 +175,25 @@ message HttpConnectionManager {
  // option is not specified.
  google.protobuf.Duration drain_timeout = 12 [(gogoproto.stdduration) = true];

+  // The delayed close timeout is for downstream connections managed by the HTTP connection manager.
+  // It is defined as a grace period after connection close processing has been locally initiated
+  // during which Envoy will flush the write buffers for the connection and await the peer to close
+  // (i.e., a TCP FIN/RST is received by Envoy from the downstream connection).
+  //
+  // Delaying Envoy's connection close and giving the peer the opportunity to initate the close
+  // sequence mitigates a race condition that exists when downstream clients do not drain/process
+  // data in a connection's receive buffer after a remote close has been detected via a socket
+  // write(). This race leads to such clients failing to process the response code sent by Envoy,
+  // which could result in erroneous downstream processing.
+  //
+  // If the timeout triggers, Envoy will close the connection's socket.
+  //
+  // The default timeout is 1000 ms if this option is not specified.
+  //
+  // A value of 0 will completely disable delayed close processing, and the downstream connection's
+  // socket will be closed immediately after the write flush is completed.
+  google.protobuf.Duration delayed_close_timeout = 26 [(gogoproto.stdduration) = true];
+
  // Configuration for :ref:`HTTP access logs <arch_overview_access_logs>`
  // emitted by the connection manager.
  repeated envoy.config.filter.accesslog.v2.AccessLog access_log = 13;