proposal: net/http: Server.ConnContext should be invoked *after* forking go c.serve(...)
#64837
Comments
|
It seems to me that both features are useful, having it inline in the loop allows to apply back-pressure and avoid runaway memory usage. Let's assume someone is DOSing you, and you are doing IP based rate limiting inside Someone wary of that could also implement this by wrapping |
|
Good point... Maybe there should be a separate PostForkConnContext function. |
|
(attn @neild) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Proposal Details
Code link: https://cs.opensource.google/go/go/+/refs/tags/go1.21.5:src/net/http/server.go;l=3077
Today, when an http.Server has a ConnContext function set, ConnContext is called inline in the accept loop, before forking off a separate goroutine to run the HTTP serving logic.
If ConnContext takes time, this ends up driving tail latency for all incoming connections in the accept queue behind the slow invocation. We originally hit this while investigating high latency in GKE and ASM when using GKE Workload Identity; the flow involves a ConnContext function that looks up callers by IP to authenticate them).
If ConnContext were invoked as the first step after forking the goroutine, then long-running ConnContext calls would not block accept() for other incoming connections. This would technically be a behavior change, which is why I'm submitting a proposal, but I don't really see how it could cause a problem.
The text was updated successfully, but these errors were encountered: