Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

outbound: Preserve opaqueness on unknown endpoints #1617

Merged
merged 2 commits into from
Apr 19, 2022

Conversation

olix0r
Copy link
Member

@olix0r olix0r commented Apr 19, 2022

The outbound stack only honors opaqueness when the profile response
clearly indicates that the target is a known endpoint or logical
service. This ignores the case when the target is unknown but the target
port is in the default opaque ports list, in which case the profile
response has no metadata except for the opaqueness setting.

This change handles this case explicitly and adds a test for the
switch_logical stack to ensure that these profile responses are
honored.

Fixes linkerd/linkerd2#8273

Signed-off-by: Oliver Gould [email protected]

The outbound stack only honors opaqueness when the profile response
clearly indicates that the target is a known endpoint or logical
service. This ignores the case when the target is unknown but the target
port is in the default opaque ports list, in which case the profile
response has no metadata except for the opaqueness setting.

This change handles this case explicitly and adds a test for the
`switch_logical` stack to ensure that these profile responses are
honored.

Fixes linkerd/linkerd2#8273

Signed-off-by: Oliver Gould <[email protected]>
Copy link
Contributor

@hawkw hawkw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this change looks good to me, makes sense. i left a handful of minor comments on the comments you added, but none of them are blockers.

linkerd/app/outbound/src/switch_logical.rs Outdated Show resolved Hide resolved
linkerd/app/outbound/src/switch_logical.rs Outdated Show resolved Hide resolved
Comment on lines 57 to 60
// If there was a profile but it didn't include an
// endpoint or logical address, create a bare
// endpoint from the original destination address,
// using the profile-provided opaqeuness. This
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

super unimportant nit, take it or leave it: this sentence is kind of long, i might break it up

Suggested change
// If there was a profile but it didn't include an
// endpoint or logical address, create a bare
// endpoint from the original destination address,
// using the profile-provided opaqeuness. This
// There was a profile but it didn't include an
// endpoint or logical address. Create a bare
// endpoint from the original destination address,
// using the profile-provided opaqueness. This

linkerd/app/outbound/src/switch_logical.rs Outdated Show resolved Hide resolved
Copy link
Contributor

@kleimkuhler kleimkuhler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

Signed-off-by: Oliver Gould <[email protected]>
@olix0r olix0r merged commit e81c6a6 into main Apr 19, 2022
@olix0r olix0r deleted the ver/external-opaque-fix branch April 19, 2022 20:40
olix0r added a commit that referenced this pull request Apr 19, 2022
The outbound stack only honors opaqueness when the profile response
clearly indicates that the target is a known endpoint or logical
service. This ignores the case when the target is unknown but the target
port is in the default opaque ports list, in which case the profile
response has no metadata except for the opaqueness setting.

This change handles this case explicitly and adds a test for the
`switch_logical` stack to ensure that these profile responses are
honored.

Fixes linkerd/linkerd2#8273

Signed-off-by: Oliver Gould <[email protected]>
olix0r added a commit that referenced this pull request Apr 19, 2022
The outbound stack only honors opaqueness when the profile response
clearly indicates that the target is a known endpoint or logical
service. This ignores the case when the target is unknown but the target
port is in the default opaque ports list, in which case the profile
response has no metadata except for the opaqueness setting.

This change handles this case explicitly and adds a test for the
`switch_logical` stack to ensure that these profile responses are
honored.

Fixes linkerd/linkerd2#8273

Signed-off-by: Oliver Gould <[email protected]>
olix0r added a commit to linkerd/linkerd2 that referenced this pull request Apr 19, 2022
This release fixes an issue where proxies would not honor the cluster's
opaqueness settings for non-pod/service addresses. This could cause
protocol detection to be peformed, for instance, when using off-cluster
databases.

This release also disables the use of regexes in Linkerd log filters
(i.e., as set by `LINKERD2_PROXY_LOG`). Malformed log directices could,
in theory, cause a proxy to stop responding.

---

* build(deps): bump redox_syscall from 0.2.11 to 0.2.12 (linkerd/linkerd2-proxy#1561)
* build(deps): bump tokio-util from 0.7.0 to 0.7.1 (linkerd/linkerd2-proxy#1566)
* build(deps): bump async-trait from 0.1.52 to 0.1.53 (linkerd/linkerd2-proxy#1562)
* build(deps): bump quote from 1.0.16 to 1.0.17 (linkerd/linkerd2-proxy#1563)
* build(deps): bump getrandom from 0.2.5 to 0.2.6 (linkerd/linkerd2-proxy#1564)
* build(deps): bump syn from 1.0.89 to 1.0.90 (linkerd/linkerd2-proxy#1569)
* build(deps): bump tj-actions/changed-files from 18.4 to 18.5 (linkerd/linkerd2-proxy#1571)
* build(deps): bump indexmap from 1.8.0 to 1.8.1 (linkerd/linkerd2-proxy#1572)
* build(deps): bump lock_api from 0.4.6 to 0.4.7 (linkerd/linkerd2-proxy#1576)
* build(deps): bump parking_lot_core from 0.9.1 to 0.9.2 (linkerd/linkerd2-proxy#1575)
* build(deps): bump h2 from 0.3.12 to 0.3.13 (linkerd/linkerd2-proxy#1579)
* build(deps): bump trust-dns-resolver from 0.21.1 to 0.21.2 (linkerd/linkerd2-proxy#1577)
* build(deps): bump tracing-subscriber from 0.3.9 to 0.3.10 (linkerd/linkerd2-proxy#1582)
* build(deps): bump EmbarkStudios/cargo-deny-action from 1.2.12 to 1.2.15 (linkerd/linkerd2-proxy#1581)
* build(deps): bump slab from 0.4.5 to 0.4.6 (linkerd/linkerd2-proxy#1583)
* build(deps): bump tj-actions/changed-files from 18.5 to 18.7 (linkerd/linkerd2-proxy#1589)
* build(deps): bump js-sys from 0.3.56 to 0.3.57 (linkerd/linkerd2-proxy#1585)
* build(deps): bump proc-macro2 from 1.0.36 to 1.0.37 (linkerd/linkerd2-proxy#1588)
* build(deps): bump web-sys from 0.3.56 to 0.3.57 (linkerd/linkerd2-proxy#1590)
* build(deps): bump syn from 1.0.90 to 1.0.91 (linkerd/linkerd2-proxy#1586)
* build(deps): bump redox_syscall from 0.2.12 to 0.2.13 (linkerd/linkerd2-proxy#1578)
* build(deps): bump codecov/codecov-action from 2.1.0 to 3 (linkerd/linkerd2-proxy#1584)
* build(deps): bump libc from 0.2.121 to 0.2.122 (linkerd/linkerd2-proxy#1591)
* tracing: disable regular expression matching in log filters (linkerd/linkerd2-proxy#1580)
* readme: Fix broken link to fuzzing report (linkerd/linkerd2-proxy#1573)
* Fix inbound fuzzing build (linkerd/linkerd2-proxy#1594)
* ci: Run the release workflow on changes (linkerd/linkerd2-proxy#1595)
* ci: Only run the release workflow on PRs that touch the workflow (linkerd/linkerd2-proxy#1601)
* ci: Fix check-each workflow(#1597)
* build(deps): bump tracing-subscriber from 0.3.10 to 0.3.11 (linkerd/linkerd2-proxy#1600)
* build(deps): bump tracing from 0.1.32 to 0.1.33 (linkerd/linkerd2-proxy#1599)
* build(deps): bump quote from 1.0.17 to 1.0.18 (linkerd/linkerd2-proxy#1598)
* Update to linkerd2-proxy-api v0.5 and tonic v0.7 (linkerd/linkerd2-proxy#1596)
* build(deps): bump httparse from 1.6.0 to 1.7.0 (linkerd/linkerd2-proxy#1602)
* build(deps): bump flate2 from 1.0.22 to 1.0.23 (linkerd/linkerd2-proxy#1603)
* dev: Limit devcontainer memory usage to 8GB (linkerd/linkerd2-proxy#1604)
* build(deps): bump libc from 0.2.122 to 0.2.123 (linkerd/linkerd2-proxy#1605)
* build(deps): bump actions/checkout from 3.0.0 to 3.0.1 (linkerd/linkerd2-proxy#1607)
* build(deps): bump tracing from 0.1.33 to 0.1.34 (linkerd/linkerd2-proxy#1609)
* tracing: record errors as `&dyn Error`s when possible (linkerd/linkerd2-proxy#1606)
* build(deps): bump rustls-pemfile from 0.3.0 to 1.0.0 (linkerd/linkerd2-proxy#1611)
* build(deps): bump ipnet from 2.4.0 to 2.5.0 (linkerd/linkerd2-proxy#1613)
* outbound: Add logging for endpoint opaqueness (linkerd/linkerd2-proxy#1614)
* outbound: Preserve opaqueness on unknown endpoints (linkerd/linkerd2-proxy#1617)
* build(deps): bump libc from 0.2.123 to 0.2.124 (linkerd/linkerd2-proxy#1616)
* Update Rust to v1.60 (linkerd/linkerd2-proxy#1615)

Signed-off-by: Oliver Gould <[email protected]>
olix0r added a commit to linkerd/linkerd2 that referenced this pull request Apr 19, 2022
This release fixes opaqueness settings when communicating with
non-pod/service addresses.

---

d4c9fb2f outbound: Add logging for endpoint opaqueness (linkerd/linkerd2-proxy#1614)
c6d79c9d outbound: Preserve opaqueness on unknown endpoints (linkerd/linkerd2-proxy#1617)
42c5d8a5 Merge branch 'ver/2.161/opaque' into release/v2.161
olix0r added a commit to linkerd/linkerd2 that referenced this pull request Apr 19, 2022
This release fixes an issue where proxies would not honor the cluster's
opaqueness settings for non-pod/service addresses. This could cause
protocol detection to be peformed, for instance, when using off-cluster
databases.

This release also disables the use of regexes in Linkerd log filters
(i.e., as set by `LINKERD2_PROXY_LOG`). Malformed log directices could,
in theory, cause a proxy to stop responding.

---

* build(deps): bump redox_syscall from 0.2.11 to 0.2.12 (linkerd/linkerd2-proxy#1561)
* build(deps): bump tokio-util from 0.7.0 to 0.7.1 (linkerd/linkerd2-proxy#1566)
* build(deps): bump async-trait from 0.1.52 to 0.1.53 (linkerd/linkerd2-proxy#1562)
* build(deps): bump quote from 1.0.16 to 1.0.17 (linkerd/linkerd2-proxy#1563)
* build(deps): bump getrandom from 0.2.5 to 0.2.6 (linkerd/linkerd2-proxy#1564)
* build(deps): bump syn from 1.0.89 to 1.0.90 (linkerd/linkerd2-proxy#1569)
* build(deps): bump tj-actions/changed-files from 18.4 to 18.5 (linkerd/linkerd2-proxy#1571)
* build(deps): bump indexmap from 1.8.0 to 1.8.1 (linkerd/linkerd2-proxy#1572)
* build(deps): bump lock_api from 0.4.6 to 0.4.7 (linkerd/linkerd2-proxy#1576)
* build(deps): bump parking_lot_core from 0.9.1 to 0.9.2 (linkerd/linkerd2-proxy#1575)
* build(deps): bump h2 from 0.3.12 to 0.3.13 (linkerd/linkerd2-proxy#1579)
* build(deps): bump trust-dns-resolver from 0.21.1 to 0.21.2 (linkerd/linkerd2-proxy#1577)
* build(deps): bump tracing-subscriber from 0.3.9 to 0.3.10 (linkerd/linkerd2-proxy#1582)
* build(deps): bump EmbarkStudios/cargo-deny-action from 1.2.12 to 1.2.15 (linkerd/linkerd2-proxy#1581)
* build(deps): bump slab from 0.4.5 to 0.4.6 (linkerd/linkerd2-proxy#1583)
* build(deps): bump tj-actions/changed-files from 18.5 to 18.7 (linkerd/linkerd2-proxy#1589)
* build(deps): bump js-sys from 0.3.56 to 0.3.57 (linkerd/linkerd2-proxy#1585)
* build(deps): bump proc-macro2 from 1.0.36 to 1.0.37 (linkerd/linkerd2-proxy#1588)
* build(deps): bump web-sys from 0.3.56 to 0.3.57 (linkerd/linkerd2-proxy#1590)
* build(deps): bump syn from 1.0.90 to 1.0.91 (linkerd/linkerd2-proxy#1586)
* build(deps): bump redox_syscall from 0.2.12 to 0.2.13 (linkerd/linkerd2-proxy#1578)
* build(deps): bump codecov/codecov-action from 2.1.0 to 3 (linkerd/linkerd2-proxy#1584)
* build(deps): bump libc from 0.2.121 to 0.2.122 (linkerd/linkerd2-proxy#1591)
* tracing: disable regular expression matching in log filters (linkerd/linkerd2-proxy#1580)
* readme: Fix broken link to fuzzing report (linkerd/linkerd2-proxy#1573)
* Fix inbound fuzzing build (linkerd/linkerd2-proxy#1594)
* ci: Run the release workflow on changes (linkerd/linkerd2-proxy#1595)
* ci: Only run the release workflow on PRs that touch the workflow (linkerd/linkerd2-proxy#1601)
* ci: Fix check-each workflow(#1597)
* build(deps): bump tracing-subscriber from 0.3.10 to 0.3.11 (linkerd/linkerd2-proxy#1600)
* build(deps): bump tracing from 0.1.32 to 0.1.33 (linkerd/linkerd2-proxy#1599)
* build(deps): bump quote from 1.0.17 to 1.0.18 (linkerd/linkerd2-proxy#1598)
* Update to linkerd2-proxy-api v0.5 and tonic v0.7 (linkerd/linkerd2-proxy#1596)
* build(deps): bump httparse from 1.6.0 to 1.7.0 (linkerd/linkerd2-proxy#1602)
* build(deps): bump flate2 from 1.0.22 to 1.0.23 (linkerd/linkerd2-proxy#1603)
* dev: Limit devcontainer memory usage to 8GB (linkerd/linkerd2-proxy#1604)
* build(deps): bump libc from 0.2.122 to 0.2.123 (linkerd/linkerd2-proxy#1605)
* build(deps): bump actions/checkout from 3.0.0 to 3.0.1 (linkerd/linkerd2-proxy#1607)
* build(deps): bump tracing from 0.1.33 to 0.1.34 (linkerd/linkerd2-proxy#1609)
* tracing: record errors as `&dyn Error`s when possible (linkerd/linkerd2-proxy#1606)
* build(deps): bump rustls-pemfile from 0.3.0 to 1.0.0 (linkerd/linkerd2-proxy#1611)
* build(deps): bump ipnet from 2.4.0 to 2.5.0 (linkerd/linkerd2-proxy#1613)
* outbound: Add logging for endpoint opaqueness (linkerd/linkerd2-proxy#1614)
* outbound: Preserve opaqueness on unknown endpoints (linkerd/linkerd2-proxy#1617)
* build(deps): bump libc from 0.2.123 to 0.2.124 (linkerd/linkerd2-proxy#1616)
* Update Rust to v1.60 (linkerd/linkerd2-proxy#1615)

Signed-off-by: Oliver Gould <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Support disabling protocol detection for non-meshed destinations
3 participants