-
Notifications
You must be signed in to change notification settings - Fork 94
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: use independent deadline for sending error #79
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
moio
previously approved these changes
Jun 13, 2024
aruiz14
added a commit
to aruiz14/remotedialer
that referenced
this pull request
Jun 13, 2024
aruiz14
added a commit
to rancher/rancher
that referenced
this pull request
Jun 13, 2024
aruiz14
added a commit
to rancher/rancher
that referenced
this pull request
Jun 14, 2024
aruiz14
added a commit
to rancher/rancher
that referenced
this pull request
Jun 26, 2024
The other side of the connection relies on this error message being received in order to close the connection, indefinitely keeping it open otherwise. Taking this into account, this should be considered a control message, not part of the connection but the session instead. However, since c.writeDeadline is being used (which is indeed controlled via net.Conn interface), the upper crypto/tls.Conn is setting this deadline to an invalid value in order to prevent further writes. This causes the error messages to never be sent.
8e454cb
to
a409494
Compare
moio
approved these changes
Jul 1, 2024
maxsokolovsky
approved these changes
Jul 1, 2024
Thanks for the review, can this be merged @maxsokolovsky ? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue: 44576
Complementary (but not mutually blocking) to #74
Problem
remotedialer connections (those multiplexed over a single websocket) rely on receiving an Error message (
io.EOF
in the case of success), in order to consider a connection closed. In some cases, this message is never received, causing associated resources to be kept indefinitely.Solution
#74 mitigates this problem by adding a synchronization mechanism to detect those stale connections by sharing ids of the active connections. That PR is complementary in the sense that it will make the protocol more robust, while this one should provide a fix for the original problem that caused the
Error
message not to be sent. I was able to troubleshoot this thanks to the errors printed by the changes from #67.connection
implements the net.Conn interface (includingSetWriteDeadline
), and is created from a Dialer.In the case of Rancher, one of the uses is to create a Kubernetes client to access the API of downstream clusters. This client is configured to use remotedialer as part of is Transport, hence using HTTPS over the remotedialer
connection
.The HTTP client used seems to be configured by default with a
IdleConnTimeout
of 90 seconds, after which the connection is automatically closed. However, the intermediate TLS connection layer will send an alert, then proceed to callSetWriteDeadline
on the underlying connection with an invalid value in order to prevent any further writes, which makeswriteErr
to fail, because it uses the value ofwriteDeadline
for sending theError
message.Given that this is a control message (at the
Session
level), it should use its own deadline and not rely on the connection anymore.CheckList