You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Today, when an http.Server has a ConnContext function set, ConnContext is called inline in the accept loop, before forking off a separate goroutine to run the HTTP serving logic.
If ConnContext takes time, this ends up driving tail latency for all incoming connections in the accept queue behind the slow invocation. We originally hit this while investigating high latency in GKE and ASM when using GKE Workload Identity; the flow involves a ConnContext function that looks up callers by IP to authenticate them).
If ConnContext were invoked as the first step after forking the goroutine, then long-running ConnContext calls would not block accept() for other incoming connections. This would technically be a behavior change, which is why I'm submitting a proposal, but I don't really see how it could cause a problem.
The text was updated successfully, but these errors were encountered:
It seems to me that both features are useful, having it inline in the loop allows to apply back-pressure and avoid runaway memory usage.
Let's assume someone is DOSing you, and you are doing IP based rate limiting inside ConnContext.
If this is done after the fork you may have a transient where the attacker can spawn thousands of goroutines before the rate limiting code is being executed.
Someone wary of that could also implement this by wrapping net.Listener object and doing inline validation in the .Accept method.
Proposal Details
Code link: https://cs.opensource.google/go/go/+/refs/tags/go1.21.5:src/net/http/server.go;l=3077
Today, when an http.Server has a ConnContext function set, ConnContext is called inline in the accept loop, before forking off a separate goroutine to run the HTTP serving logic.
If ConnContext takes time, this ends up driving tail latency for all incoming connections in the accept queue behind the slow invocation. We originally hit this while investigating high latency in GKE and ASM when using GKE Workload Identity; the flow involves a ConnContext function that looks up callers by IP to authenticate them).
If ConnContext were invoked as the first step after forking the goroutine, then long-running ConnContext calls would not block accept() for other incoming connections. This would technically be a behavior change, which is why I'm submitting a proposal, but I don't really see how it could cause a problem.
The text was updated successfully, but these errors were encountered: