Skip to content

/ linkerd2-proxy

A purpose-built proxy for the Linkerd service mesh. Written in Rust.

linkerd.io
Apache-2.0 License
1.1k stars 144 forks
Star
Notifications
main
Switch branches/tags
152 branches 181 tags
Go to file
Code
Clone

Use Git or checkout with SVN using the web URL.

Latest commit

@hawkw
hawkw fuzz: don't panic when the proxy closes the conn (#986)
5dec0de Apr 21, 2021
fuzz: don't panic when the proxy closes the conn (#986) 
Currently, the inbound HTTP fuzz tests are failing. This is because they
reuse the test-support code for making an HTTP request to a proxy stack
and running the futures necessary to drive that request in the
background. This code currently unwraps both the `JoinHandle`s of the
spawned tasks (which would be `Err` if the task panicked) _and_ the
returned `Result` from those `JoinHandle`s (which is an `Err` if the
`Service::call` future returned an error, or if the client returned an
error). If the future completes with an error, then the proxy simply
tears down the connection.

In the integration tests, we currently `expect` _both_ of these
`Results` --- since the inputs are valid, we want to assert the proxy
doesn't return an error incorrectly. However, the fuzz tests can and
will generate malformed HTTP requests, and in this case, the proxy will
reject those requests by returning an error and closing the connection.
This is *not* incorrect behavior. Instead, we want to ensure that the
proxy doesn't panic in the face of potentially malformed requests.

This branch changes the test-support HTTP code to return the `Result` of
serving a request, and unwrap it in the integration tests rather than in
the support code. The fuzz logic is updated to simply log errors
returned here, since returning an error is expected behavior when we
receive invalid inputs.

If we wanted to be _really_ fancy, a potential follow-up would be to
extend the fuzz logic to determine whether or not a fuzz spec should
result in an error, and assert that errors are only returned for invalid
requests...but, doing this without using any of the code that's being
exercised in the fuzz test (e.g. all of `hyper`'s request parsing etc)
would be a _lot_ of work...

Depends on #985

Signed-off-by: Eliza Weisman <eliza@buoyant.io>
5dec0de

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.github
Log warnings when controller components do not resolve (#913)
Feb 12, 2021
hyper-balance
update Tower to v0.4.5 (#911)
Feb 11, 2021
linkerd
fuzz: don't panic when the proxy closes the conn (#986)
Apr 21, 2021
linkerd2-proxy
transport: introduce Bind trait and move orig dst to the type level (#…
Mar 31, 2021
opencensus-proto
Update tonic to v0.4 (#849)
Jan 15, 2021
.clippy.toml
Enforce clippy lints (#774)
Dec 16, 2020
.dockerignore
Add proxy_build_info metric (#600)
Jul 24, 2020
.gitattributes
Migrate `conduit-proxy` to `linkerd2-proxy`
Jul 7, 2018
.gitignore
Migrate `conduit-proxy` to `linkerd2-proxy`
Jul 7, 2018
CONTRIBUTING.md
Change docs references from "master" to "main" (#571)
Jun 16, 2020
Cargo.lock
chore: Fix deprecations on nightly (#983)
Apr 21, 2021
Cargo.toml
Update trust-dns to fix possible panic (#975)
Apr 12, 2021
DCO
Add contributing doc and DCO file (#88)
Dec 22, 2017
Dockerfile
transport: introduce Bind trait and move orig dst to the type level (#…
Mar 31, 2021
GOVERNANCE.md
Update MAINTAINERS to point at the main repo (#950)
Mar 18, 2021
LICENSE
Introducing Conduit, the ultralight service mesh
Dec 5, 2017
MAINTAINERS.md
Update MAINTAINERS to point at the main repo (#950)
Mar 18, 2021
Makefile
Apply clippy to all targets, including tests (#779)
Dec 16, 2020
README.md
internal: Spilt app from linkerd2-proxy (#375)
Oct 16, 2019
checksec.sh
Add checksec to the release process (#476)
Apr 15, 2020
deny.toml
Update trust-dns to fix possible panic (#975)
Apr 12, 2021
rust-toolchain
Update Rust to 1.49.0 (#822)
Jan 4, 2021
update-rust-version.sh
Update to Rust 1.42.0 (#483)
Apr 17, 2020
Building the project Cargo Repository Structure Code of conduct License

README.md

linkerd2

GitHub license Slack Status

This repo contains the transparent proxy component of Linkerd2. While the Linkerd2 proxy is heavily influenced by the Linkerd 1.X proxy, it comprises an entirely new codebase implemented in the Rust programming language.

This proxy's features include:

  • Transparent, zero-config proxying for HTTP, HTTP/2, and arbitrary TCP protocols.
  • Automatic Prometheus metrics export for HTTP and TCP traffic;
  • Transparent, zero-config WebSocket proxying;
  • Automatic, latency-aware, layer-7 load balancing;
  • Automatic layer-4 load balancing for non-HTTP traffic;
  • Automatic TLS (experimental);
  • An on-demand diagnostic tap API.

This proxy is primarily intended to run on Linux in containerized environments like Kubernetes, though it may also work on other Unix-like systems (like macOS).

The proxy supports service discovery via DNS and the linkerd2 Destination gRPC API.

The Linkerd project is hosted by the Cloud Native Computing Foundation (CNCF).

Building the project

A Makefile is provided to automate most build tasks. It provides the following targets:

  • make build -- Compiles the proxy on your local system using cargo
  • make clean -- Cleans the build target on the local system using cargo clean
  • make test -- Runs unit and integration tests on your local system using cargo
  • make test-flakey -- Runs all tests, including those that may fail spuriously
  • make package -- Builds a tarball at target/release/linkerd2-proxy-${PACKAGE_VERSION}.tar.gz. If PACKAGE_VERSION is not set in the environment, the local git SHA is used.
  • make docker -- Builds a Docker container image that can be used for testing. If the DOCKER_TAG environment variable is set, the image is given this name. Otherwise, the image is not named.

Cargo

Usually, Cargo, Rust's package manager, is used to build and test this project. If you don't have Cargo installed, we suggest getting it via https://rustup.rs/.

Repository Structure

This project is broken into many small libraries, or crates, so that components may be compiled & tested independently. The following crate targets are especially important:

Code of conduct

This project is for everyone. We ask that our users and contributors take a few minutes to review our code of conduct.

License

linkerd2-proxy is copyright 2018 the linkerd2-proxy authors. All rights reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use these files except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

About

A purpose-built proxy for the Linkerd service mesh. Written in Rust.

linkerd.io

Topics

rust cncf service-mesh linkerd

Resources

Readme

License

Apache-2.0 License

Releases 181

v2.142.0 Latest
Apr 21, 2021
+ 180 releases

Packages

No packages published

Contributors 36

+ 25 contributors

Languages