Add TCP_FASTOPEN listener option

Signed-off-by: Bjoern Metzdorf <bmetzdorf@apple.com>
envoyproxy · Mar 13, 2018 · 87bb932 · 87bb932
1 parent 96c645c
commit 87bb932
Show file tree

Hide file tree

Showing 23 changed files with 208 additions and 127 deletions.
diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl
@@ -76,7 +76,7 @@ REPOSITORY_LOCATIONS = dict(
         urls = ["https://github.com/google/protobuf/archive/v3.5.0.tar.gz"],
     ),
     envoy_api = dict(
-        commit = "15dc537b6078988ac6f7de5ffec697e876a4652f",
+        commit = "b6925003b383f6f1213f5c62f96cd2cfd0c072be",
         remote = "https://github.com/envoyproxy/data-plane-api",
     ),
     grpc_httpjson_transcoding = dict(

diff --git a/include/envoy/event/dispatcher.h b/include/envoy/event/dispatcher.h
@@ -102,6 +102,7 @@ class Dispatcher {
    */
   virtual Network::ListenerPtr createListener(Network::Socket& socket,
                                               Network::ListenerCallbacks& cb, bool bind_to_port,
+                                              bool enable_tcp_fast_open,
                                               bool hand_off_restored_destination_connections) PURE;
 
   /**

diff --git a/include/envoy/network/listener.h b/include/envoy/network/listener.h
@@ -44,6 +44,11 @@ class ListenerConfig {
    */
   virtual bool bindToPort() PURE;
 
+  /**
+   * @return bool specifies whether the listener should support TCP Fast Open.
+   */
+  virtual bool enableTcpFastOpen() PURE;
+
   /**
    * @return bool if a connection should be handed off to another Listener after the original
    *         destination address has been restored. 'true' when 'use_original_dst' flag in listener

diff --git a/source/common/event/dispatcher_impl.cc b/source/common/event/dispatcher_impl.cc
@@ -109,9 +109,11 @@ Filesystem::WatcherPtr DispatcherImpl::createFilesystemWatcher() {
 
 Network::ListenerPtr
 DispatcherImpl::createListener(Network::Socket& socket, Network::ListenerCallbacks& cb,
-                               bool bind_to_port, bool hand_off_restored_destination_connections) {
+                               bool bind_to_port, bool enable_tcp_fast_open,
+                               bool hand_off_restored_destination_connections) {
   ASSERT(isThreadSafe());
   return Network::ListenerPtr{new Network::ListenerImpl(*this, socket, cb, bind_to_port,
+                                                        enable_tcp_fast_open,
                                                         hand_off_restored_destination_connections)};
 }
 

diff --git a/source/common/event/dispatcher_impl.h b/source/common/event/dispatcher_impl.h
@@ -47,7 +47,7 @@ class DispatcherImpl : Logger::Loggable<Logger::Id::main>, public Dispatcher {
                                uint32_t events) override;
   Filesystem::WatcherPtr createFilesystemWatcher() override;
   Network::ListenerPtr createListener(Network::Socket& socket, Network::ListenerCallbacks& cb,
-                                      bool bind_to_port,
+                                      bool bind_to_port, bool enable_tcp_fast_open,
                                       bool hand_off_restored_destination_connections) override;
   TimerPtr createTimer(TimerCb cb) override;
   void deferredDelete(DeferredDeletablePtr&& to_delete) override;

diff --git a/source/common/network/listener_impl.cc b/source/common/network/listener_impl.cc
@@ -1,5 +1,6 @@
 #include "common/network/listener_impl.h"
 
+#include <netinet/tcp.h>
 #include <sys/un.h>
 
 #include "envoy/common/exception.h"
@@ -13,6 +14,16 @@
 
 #include "event2/listener.h"
 
+// On macOS the socket MUST be listening already for TCP_FASTOPEN to be set and backlog MUST be 1
+// (the actual value is set via the net.inet.tcp.fastopen_backlog kernel parameter.
+// For Linux we default to 128, which libevent is using in
+// https://github.com/libevent/libevent/blob/release-2.1.8-stable/listener.c#L176
+#if defined(__APPLE__)
+#define TFO_BACKLOG 1
+#else
+#define TFO_BACKLOG 128
+#endif
+
 namespace Envoy {
 namespace Network {
 
@@ -45,7 +56,8 @@ void ListenerImpl::listenCallback(evconnlistener*, evutil_socket_t fd, sockaddr*
 }
 
 ListenerImpl::ListenerImpl(Event::DispatcherImpl& dispatcher, Socket& socket, ListenerCallbacks& cb,
-                           bool bind_to_port, bool hand_off_restored_destination_connections)
+                           bool bind_to_port, bool enable_tcp_fast_open,
+                           bool hand_off_restored_destination_connections)
     : local_address_(nullptr), cb_(cb),
       hand_off_restored_destination_connections_(hand_off_restored_destination_connections),
       listener_(nullptr) {
@@ -66,6 +78,48 @@ ListenerImpl::ListenerImpl(Event::DispatcherImpl& dispatcher, Socket& socket, Li
           fmt::format("cannot listen on socket: {}", socket.localAddress()->asString()));
     }
 
+    // TODO: cleanup redundant setsockopt logic
+    if (enable_tcp_fast_open) {
+      int backlog = TFO_BACKLOG;
+      int fd = socket.fd();
+      int rc = setsockopt(fd, IPPROTO_TCP, TCP_FASTOPEN, &backlog, sizeof(backlog));
+      if (rc == -1) {
+        if (errno == ENOPROTOOPT) {
+          throw EnvoyException(fmt::format(
+              "TCP Fast Open is unsupported on listening socket fd {} : {}", fd, strerror(errno)));
+        } else {
+          throw EnvoyException(
+              fmt::format("Failed to enable TCP Fast Open on listening socket fd {} : {}", fd,
+                          strerror(errno)));
+        }
+      } else {
+        ENVOY_LOG_MISC(debug, "Enabled TFO on listening socket fd {}.", fd);
+      }
+    } else {
+      int curbacklog;
+      int fd = socket.fd();
+      socklen_t optlen = sizeof(curbacklog);
+      int rc = getsockopt(fd, IPPROTO_TCP, TCP_FASTOPEN, &curbacklog, &optlen);
+      // curbacklog == 0 means TFO is supported and already disabled
+      if (rc != -1 && curbacklog != 0) {
+        int backlog = 0;
+        int rc = setsockopt(fd, IPPROTO_TCP, TCP_FASTOPEN, &backlog, sizeof(backlog));
+        if (rc == -1) {
+          if (errno == ENOPROTOOPT) {
+            throw EnvoyException(
+                fmt::format("TCP Fast Open is unsupported on listening socket fd {} : {}", fd,
+                            strerror(errno)));
+          } else {
+            throw EnvoyException(
+                fmt::format("Failed to disable TCP Fast Open on listening socket fd {} : {}", fd,
+                            strerror(errno)));
+          }
+        } else {
+          ENVOY_LOG_MISC(debug, "Disabled TFO on listening socket fd {}.", fd);
+        }
+      }
+    }
+
     evconnlistener_set_error_cb(listener_.get(), errorCallback);
   }
 }

diff --git a/source/common/network/listener_impl.h b/source/common/network/listener_impl.h
@@ -17,7 +17,8 @@ namespace Network {
 class ListenerImpl : public Listener {
 public:
   ListenerImpl(Event::DispatcherImpl& dispatcher, Socket& socket, ListenerCallbacks& cb,
-               bool bind_to_port, bool hand_off_restored_destination_connections);
+               bool bind_to_port, bool enable_tcp_fast_open,
+               bool hand_off_restored_destination_connections);
 
 protected:
   virtual Address::InstanceConstSharedPtr getLocalAddress(int fd);

diff --git a/source/server/config_validation/dispatcher.cc b/source/server/config_validation/dispatcher.cc
@@ -17,7 +17,8 @@ Network::DnsResolverSharedPtr ValidationDispatcher::createDnsResolver(
 }
 
 Network::ListenerPtr ValidationDispatcher::createListener(Network::Socket&,
-                                                          Network::ListenerCallbacks&, bool, bool) {
+                                                          Network::ListenerCallbacks&, bool, bool,
+                                                          bool) {
   NOT_IMPLEMENTED;
 }
 

diff --git a/source/server/config_validation/dispatcher.h b/source/server/config_validation/dispatcher.h
@@ -21,7 +21,7 @@ class ValidationDispatcher : public DispatcherImpl {
   Network::DnsResolverSharedPtr createDnsResolver(
       const std::vector<Network::Address::InstanceConstSharedPtr>& resolvers) override;
   Network::ListenerPtr createListener(Network::Socket&, Network::ListenerCallbacks&,
-                                      bool bind_to_port,
+                                      bool bind_to_port, bool enable_tcp_fast_open,
                                       bool hand_off_restored_destination_connections) override;
 };
 

diff --git a/source/server/connection_handler_impl.cc b/source/server/connection_handler_impl.cc
@@ -60,11 +60,11 @@ void ConnectionHandlerImpl::ActiveListener::removeConnection(ActiveConnection& c
 
 ConnectionHandlerImpl::ActiveListener::ActiveListener(ConnectionHandlerImpl& parent,
                                                       Network::ListenerConfig& config)
-    : ActiveListener(
-          parent,
-          parent.dispatcher_.createListener(config.socket(), *this, config.bindToPort(),
-                                            config.handOffRestoredDestinationConnections()),
-          config) {}
+    : ActiveListener(parent,
+                     parent.dispatcher_.createListener(
+                         config.socket(), *this, config.bindToPort(), config.enableTcpFastOpen(),
+                         config.handOffRestoredDestinationConnections()),
+                     config) {}
 
 ConnectionHandlerImpl::ActiveListener::ActiveListener(ConnectionHandlerImpl& parent,
                                                       Network::ListenerPtr&& listener,

diff --git a/source/server/http/admin.h b/source/server/http/admin.h
@@ -181,6 +181,7 @@ class AdminImpl : public Admin,
       return parent_.transport_socket_factory_;
     }
     bool bindToPort() override { return true; }
+    bool enableTcpFastOpen() override { return false; }
     bool handOffRestoredDestinationConnections() const override { return false; }
     uint32_t perConnectionBufferLimitBytes() override { return 0; }
     Stats::Scope& listenerScope() override { return *scope_; }

diff --git a/source/server/listener_manager_impl.cc b/source/server/listener_manager_impl.cc
@@ -112,6 +112,7 @@ ListenerImpl::ListenerImpl(const envoy::api::v2::Listener& config, ListenerManag
       listener_scope_(
           parent_.server_.stats().createScope(fmt::format("listener.{}.", address_->asString()))),
       bind_to_port_(PROTOBUF_GET_WRAPPED_OR_DEFAULT(config.deprecated_v1(), bind_to_port, true)),
+      enable_tcp_fast_open_(config.enable_tcp_fast_open()),
       hand_off_restored_destination_connections_(
           PROTOBUF_GET_WRAPPED_OR_DEFAULT(config, use_original_dst, false)),
       per_connection_buffer_limit_bytes_(

diff --git a/source/server/listener_manager_impl.h b/source/server/listener_manager_impl.h
@@ -48,7 +48,6 @@ class ProdListenerComponentFactory : public ListenerComponentFactory,
       Configuration::ListenerFactoryContext& context) override {
     return createListenerFilterFactoryList_(filters, context);
   }
-
   Network::SocketSharedPtr createListenSocket(Network::Address::InstanceConstSharedPtr address,
                                               bool bind_to_port) override;
   DrainManagerPtr createDrainManager(envoy::api::v2::Listener::DrainType drain_type) override;
@@ -213,6 +212,7 @@ class ListenerImpl : public Network::ListenerConfig,
   Network::FilterChainFactory& filterChainFactory() override { return *this; }
   Network::Socket& socket() override { return *socket_; }
   bool bindToPort() override { return bind_to_port_; }
+  bool enableTcpFastOpen() override { return enable_tcp_fast_open_; }
   bool handOffRestoredDestinationConnections() const override {
     return hand_off_restored_destination_connections_;
   }
@@ -270,6 +270,7 @@ class ListenerImpl : public Network::ListenerConfig,
   std::vector<Ssl::ServerContextPtr> tls_contexts_;
   std::vector<Network::TransportSocketFactoryPtr> transport_socket_factories_;
   const bool bind_to_port_;
+  const bool enable_tcp_fast_open_;
   const bool hand_off_restored_destination_connections_;
   const uint32_t per_connection_buffer_limit_bytes_;
   const uint64_t listener_tag_;

diff --git a/test/common/http/codec_client_test.cc b/test/common/http/codec_client_test.cc
@@ -179,7 +179,8 @@ class CodecNetworkTest : public testing::TestWithParam<Network::Address::IpVersi
 public:
   CodecNetworkTest() {
     dispatcher_.reset(new Event::DispatcherImpl);
-    upstream_listener_ = dispatcher_->createListener(socket_, listener_callbacks_, true, false);
+    upstream_listener_ =
+        dispatcher_->createListener(socket_, listener_callbacks_, true, false, false);
     Network::ClientConnectionPtr client_connection = dispatcher_->createClientConnection(
         socket_.localAddress(), source_address_, Network::Test::createRawBufferSocket(), nullptr);
     client_connection_ = client_connection.get();

diff --git a/test/common/network/connection_impl_test.cc b/test/common/network/connection_impl_test.cc
@@ -82,7 +82,7 @@ class ConnectionImplTest : public testing::TestWithParam<Address::IpVersion> {
     if (dispatcher_.get() == nullptr) {
       dispatcher_.reset(new Event::DispatcherImpl);
     }
-    listener_ = dispatcher_->createListener(socket_, listener_callbacks_, true, false);
+    listener_ = dispatcher_->createListener(socket_, listener_callbacks_, true, false, false);
 
     client_connection_ = dispatcher_->createClientConnection(
         socket_.localAddress(), source_address_, Network::Test::createRawBufferSocket(), nullptr);
@@ -765,7 +765,7 @@ TEST_P(ConnectionImplTest, BindFailureTest) {
         new Network::Address::Ipv6Instance(address_string, 0)};
   }
   dispatcher_.reset(new Event::DispatcherImpl);
-  listener_ = dispatcher_->createListener(socket_, listener_callbacks_, true, false);
+  listener_ = dispatcher_->createListener(socket_, listener_callbacks_, true, false, false);
 
   client_connection_ = dispatcher_->createClientConnection(
       socket_.localAddress(), source_address_, Network::Test::createRawBufferSocket(), nullptr);
@@ -1159,7 +1159,7 @@ class ReadBufferLimitTest : public ConnectionImplTest {
   void readBufferLimitTest(uint32_t read_buffer_limit, uint32_t expected_chunk_size) {
     const uint32_t buffer_size = 256 * 1024;
     dispatcher_.reset(new Event::DispatcherImpl);
-    listener_ = dispatcher_->createListener(socket_, listener_callbacks_, true, false);
+    listener_ = dispatcher_->createListener(socket_, listener_callbacks_, true, false, false);
 
     client_connection_ = dispatcher_->createClientConnection(
         socket_.localAddress(), Network::Address::InstanceConstSharedPtr(),

diff --git a/test/common/network/dns_impl_test.cc b/test/common/network/dns_impl_test.cc
@@ -350,7 +350,7 @@ class DnsImplTest : public testing::TestWithParam<Address::IpVersion> {
     server_.reset(new TestDnsServer(dispatcher_));
     socket_.reset(
         new Network::TcpListenSocket(Network::Test::getCanonicalLoopbackAddress(GetParam()), true));
-    listener_ = dispatcher_.createListener(*socket_, *server_, true, false);
+    listener_ = dispatcher_.createListener(*socket_, *server_, true, false, false);
 
     // Point c-ares at the listener with no search domains and TCP-only.
     peer_.reset(new DnsResolverImplPeer(dynamic_cast<DnsResolverImpl*>(resolver_.get())));

diff --git a/test/common/network/listener_impl_test.cc b/test/common/network/listener_impl_test.cc
@@ -28,7 +28,7 @@ static void errorCallbackTest(Address::IpVersion version) {
   Network::MockListenerCallbacks listener_callbacks;
   Network::MockConnectionHandler connection_handler;
   Network::ListenerPtr listener =
-      dispatcher.createListener(socket, listener_callbacks, true, false);
+      dispatcher.createListener(socket, listener_callbacks, true, false, false);
 
   Network::ClientConnectionPtr client_connection = dispatcher.createClientConnection(
       socket.localAddress(), Network::Address::InstanceConstSharedPtr(),
@@ -62,8 +62,9 @@ TEST_P(ListenerImplDeathTest, ErrorCallback) {
 class TestListenerImpl : public ListenerImpl {
 public:
   TestListenerImpl(Event::DispatcherImpl& dispatcher, Socket& socket, ListenerCallbacks& cb,
-                   bool bind_to_port, bool hand_off_restored_destination_connections)
-      : ListenerImpl(dispatcher, socket, cb, bind_to_port,
+                   bool bind_to_port, bool enable_tcp_fast_open,
+                   bool hand_off_restored_destination_connections)
+      : ListenerImpl(dispatcher, socket, cb, bind_to_port, enable_tcp_fast_open,
                      hand_off_restored_destination_connections) {}
 
   MOCK_METHOD1(getLocalAddress, Address::InstanceConstSharedPtr(int fd));
@@ -90,9 +91,10 @@ TEST_P(ListenerImplTest, UseActualDst) {
   Network::MockListenerCallbacks listener_callbacks1;
   Network::MockConnectionHandler connection_handler;
   // Do not redirect since use_original_dst is false.
-  Network::TestListenerImpl listener(dispatcher, socket, listener_callbacks1, true, true);
+  Network::TestListenerImpl listener(dispatcher, socket, listener_callbacks1, true, false, true);
   Network::MockListenerCallbacks listener_callbacks2;
-  Network::TestListenerImpl listenerDst(dispatcher, socketDst, listener_callbacks2, false, false);
+  Network::TestListenerImpl listenerDst(dispatcher, socketDst, listener_callbacks2, false, false,
+                                        false);
 
   Network::ClientConnectionPtr client_connection = dispatcher.createClientConnection(
       socket.localAddress(), Network::Address::InstanceConstSharedPtr(),
@@ -126,7 +128,7 @@ TEST_P(ListenerImplTest, WildcardListenerUseActualDst) {
   Network::MockListenerCallbacks listener_callbacks;
   Network::MockConnectionHandler connection_handler;
   // Do not redirect since use_original_dst is false.
-  Network::TestListenerImpl listener(dispatcher, socket, listener_callbacks, true, true);
+  Network::TestListenerImpl listener(dispatcher, socket, listener_callbacks, true, false, true);
 
   auto local_dst_address = Network::Utility::getAddressWithPort(
       *Network::Test::getCanonicalLoopbackAddress(version_), socket.localAddress()->ip()->port());
@@ -168,7 +170,7 @@ TEST_P(ListenerImplTest, WildcardListenerIpv4Compat) {
   ASSERT_TRUE(socket.localAddress()->ip()->isAnyAddress());
 
   // Do not redirect since use_original_dst is false.
-  Network::TestListenerImpl listener(dispatcher, socket, listener_callbacks, true, true);
+  Network::TestListenerImpl listener(dispatcher, socket, listener_callbacks, true, false, true);
 
   auto listener_address = Network::Utility::getAddressWithPort(
       *Network::Test::getCanonicalLoopbackAddress(version_), socket.localAddress()->ip()->port());

diff --git a/test/common/network/proxy_protocol_test.cc b/test/common/network/proxy_protocol_test.cc
@@ -56,6 +56,7 @@ class ProxyProtocolTest : public testing::TestWithParam<Address::IpVersion>,
     return transport_socket_factory_;
   }
   bool bindToPort() override { return true; }
+  bool enableTcpFastOpen() override { return false; }
   bool handOffRestoredDestinationConnections() const override { return false; }
   uint32_t perConnectionBufferLimitBytes() override { return 0; }
   Stats::Scope& listenerScope() override { return stats_store_; }
@@ -348,6 +349,7 @@ class WildcardProxyProtocolTest : public testing::TestWithParam<Address::IpVersi
   Network::Socket& socket() override { return socket_; }
   TransportSocketFactory& transportSocketFactory() override { return transport_socket_factory_; }
   bool bindToPort() override { return true; }
+  bool enableTcpFastOpen() override { return false; }
   bool handOffRestoredDestinationConnections() const override { return false; }
   uint32_t perConnectionBufferLimitBytes() override { return 0; }
   Stats::Scope& listenerScope() override { return stats_store_; }