http:: sending http/1.1 errors via HCM#11714
Merged
alyssawilk merged 2 commits intoenvoyproxy:masterfrom Jun 25, 2020
Merged
Conversation
asraa
reviewed
Jun 23, 2020
Contributor
There was a problem hiding this comment.
@yanavlasov Correct me if I'm wrong, this is my read on this
sendLocalReply will encodeHeaders, which currently may throw and will be moved to RELEASE_ASSERTs and then proper clean-up with the exception removal process. Before this PR, these were outside a dispatching callstack and are uncaught.
Here, we are in a dispatching callstack. We would need to do two things to mesh well with this PR. (1) add return status for sendProtocolError/sendLocalReply and handle the way we've been handling error statuses while dispatching and (2) wrap RELEASE_ASSERTs in things like encodeHeaders that add for future clean-up (https://github.com/envoyproxy/envoy/pull/11575/files#r443142918) with a test for isNotDispatching().
Contributor
Author
There was a problem hiding this comment.
Have we started work for the HTTP/1 codec? I saw Yan's PR for the HTTP/2 codec but I wasn't sure what the plans were for HTTP/1. Is he doing both? If so I assume I can just land as it'll be at least a few weeks until HTTP/2 is done and HTTP/1 changes matter
Contributor
There was a problem hiding this comment.
I made an H/1 PR a while ago (it was reverted, it is not merged) #11101
There is one exception still there in that PR in encodeHeaders (non-dispatching), which I will handle however Yan decides to settle the RELEASE_ASSERT todo
Contributor
There was a problem hiding this comment.
I think going ahead makes sense, I can implement the status return values for sendProtocolError I mentioned above if this PR is added.
Contributor
There was a problem hiding this comment.
I did not think that H/1 codec's encodeHeader() was throwing. If it did not throw before then there should be no problem with this change.
Contributor
There was a problem hiding this comment.
Oh, maybe it will only call the responseencoder's? If so, that makes this easier.
envoy/source/common/http/http1/codec_impl.cc
Line 390 in 77efb47
alyssawilk
changed the title
yanavlasov
previously approved these changes
Jun 24, 2020
mattklein123
requested changes
Jun 24, 2020
Member
mattklein123
left a comment
mattklein123
left a comment
There was a problem hiding this comment.
Nice! Just some small nits.
/wait
| * build: run as non-root inside Docker containers. Existing behaviour can be restored by setting the environment variable `ENVOY_UID` to `0`. `ENVOY_UID` and `ENVOY_GID` can be used to set the envoy user's `uid` and `gid` respectively. | ||
| * health check: in the health check filter the :ref:`percentage of healthy servers in upstream clusters <envoy_api_field_config.filter.http.health_check.v2.HealthCheck.cluster_min_healthy_percentages>` is now interpreted as an integer. | ||
| * hot restart: added the option :option:`--use-dynamic-base-id` to select an unused base ID at startup and the option :option:`--base-id-path` to write the base id to a file (for reuse with later hot restarts). | ||
| * http: changed early error path for HTTP/1.1 so that responses consistently flow through the http connection manager, and the http filter chains. This behavior may be temporarily reverted by setitng runtime feature `envoy.reloadable_features.early_errors_via_hcm` to false. |
Member
There was a problem hiding this comment.
Suggested change
| * http: changed early error path for HTTP/1.1 so that responses consistently flow through the http connection manager, and the http filter chains. This behavior may be temporarily reverted by setitng runtime feature `envoy.reloadable_features.early_errors_via_hcm` to false. | |
| * http: changed early error path for HTTP/1.1 so that responses consistently flow through the http connection manager, and the http filter chains. This behavior may be temporarily reverted by setting runtime feature `envoy.reloadable_features.early_errors_via_hcm` to false. |
| is_grpc_request = | ||
| Grpc::Common::isGrpcRequestHeaders(*absl::get<RequestHeaderMapPtr>(headers_or_trailers_)); | ||
| } | ||
| bool is_head_request = parser_.method == HTTP_HEAD; |
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
mattklein123
approved these changes
Jun 24, 2020
songhu
pushed a commit
to songhu/envoy
that referenced
this pull request
Jun 25, 2020
Solving the problem where early response errors look different, and don't have HCM tracking, by sending them through the hcm. This means early responses will get all of the usual Envoy standard header additions, get accounted for in listener stats, be visible in access logs, etc. Risk Level: high (changes to HTTP early response path) Testing: new unit tests Docs Changes: n/a Release Notes: inline Runtime guard: envoy.reloadable_features.early_errors_via_hcm Fixes envoyproxy#8545 Part of envoyproxy#9846 Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
alyssawilk
added a commit
that referenced
this pull request
Jul 16, 2020
This unifies HTTP/1.1 and HTTP/2 stream error on invalid messaging. Previously HTTP/1.1 defaulted permissive and HTTP/2 defaulted to strict. This defaults both to strict, resetting connections on invalid requests. This will have a major latency impact if downstream is sending a mix of valid and invalid requests over HTTP/1.1 Additional Description: This change is runtime guarded per default behavioral change rules. It can also be reverted by setting the default to permissive (for prior HTTP/1 behvior) then overriding HTTP/2 to struct (for prior HTTP/2 behavior). This works in conjunction with #11714, as the HTTP connection manager enforces the strictness, so the responses need to be sent via the HTTP connection manager to have strictness applied correctly. Risk Level: High (HCM changes) Testing: new unit tests, updated integration tests Docs Changes: n/a Release Notes: inline Runtime guard: envoy.reloadable_features.hcm_stream_error_on_invalid_message Fixes #9846 Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
yashwant121
pushed a commit
to yashwant121/envoy
that referenced
this pull request
Jul 24, 2020
Solving the problem where early response errors look different, and don't have HCM tracking, by sending them through the hcm. This means early responses will get all of the usual Envoy standard header additions, get accounted for in listener stats, be visible in access logs, etc. Risk Level: high (changes to HTTP early response path) Testing: new unit tests Docs Changes: n/a Release Notes: inline Runtime guard: envoy.reloadable_features.early_errors_via_hcm Fixes envoyproxy#8545 Part of envoyproxy#9846 Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: yashwant121 <yadavyashwant36@gmail.com>
KBaichoo
pushed a commit
to KBaichoo/envoy
that referenced
this pull request
Jul 30, 2020
This unifies HTTP/1.1 and HTTP/2 stream error on invalid messaging. Previously HTTP/1.1 defaulted permissive and HTTP/2 defaulted to strict. This defaults both to strict, resetting connections on invalid requests. This will have a major latency impact if downstream is sending a mix of valid and invalid requests over HTTP/1.1 Additional Description: This change is runtime guarded per default behavioral change rules. It can also be reverted by setting the default to permissive (for prior HTTP/1 behvior) then overriding HTTP/2 to struct (for prior HTTP/2 behavior). This works in conjunction with envoyproxy#11714, as the HTTP connection manager enforces the strictness, so the responses need to be sent via the HTTP connection manager to have strictness applied correctly. Risk Level: High (HCM changes) Testing: new unit tests, updated integration tests Docs Changes: n/a Release Notes: inline Runtime guard: envoy.reloadable_features.hcm_stream_error_on_invalid_message Fixes envoyproxy#9846 Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: Kevin Baichoo <kbaichoo@google.com>
scheler
pushed a commit
to scheler/envoy
that referenced
this pull request
Aug 4, 2020
This unifies HTTP/1.1 and HTTP/2 stream error on invalid messaging. Previously HTTP/1.1 defaulted permissive and HTTP/2 defaulted to strict. This defaults both to strict, resetting connections on invalid requests. This will have a major latency impact if downstream is sending a mix of valid and invalid requests over HTTP/1.1 Additional Description: This change is runtime guarded per default behavioral change rules. It can also be reverted by setting the default to permissive (for prior HTTP/1 behvior) then overriding HTTP/2 to struct (for prior HTTP/2 behavior). This works in conjunction with envoyproxy#11714, as the HTTP connection manager enforces the strictness, so the responses need to be sent via the HTTP connection manager to have strictness applied correctly. Risk Level: High (HCM changes) Testing: new unit tests, updated integration tests Docs Changes: n/a Release Notes: inline Runtime guard: envoy.reloadable_features.hcm_stream_error_on_invalid_message Fixes envoyproxy#9846 Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: scheler <santosh.cheler@appdynamics.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Solving the problem where early response errors look different, and don't have HCM tracking, by sending them through the hcm.
This means early responses will get all of the usual Envoy standard header additions, get accounted for in listener stats, be visible in access logs, etc.
Risk Level: high (changes to HTTP early response path)
Testing: new unit tests
Docs Changes: n/a
Release Notes: inline
Runtime guard: envoy.reloadable_features.early_errors_via_hcm
Fixes #8545
Part of #9846