TUN-5128: Enforce maximum grace period

This maximum grace period will be honored by Cloudflare edge such that
either side will close the connection after unregistration at most
by this time (3min as of this commit):
 - If the connection is unused, it is already closed as soon as possible.
 - If the connection is still used, it is closed on the cloudflared configured grace-period.

Even if cloudflared does not close the connection by the grace-period time,
the edge will do so.
This commit is contained in:
Nuno Diegues 2021-09-21 11:02:59 +01:00
parent d54c8cc745
commit f985ed567f
3 changed files with 20 additions and 2 deletions

View File

@ -384,7 +384,11 @@ func StartServer(
observer.RegisterSink(app) observer.RegisterSink(app)
} }
return waitToShutdown(&wg, cancel, errC, graceShutdownC, c.Duration("grace-period"), log) gracePeriod, err := gracePeriod(c)
if err != nil {
return err
}
return waitToShutdown(&wg, cancel, errC, graceShutdownC, gracePeriod, log)
} }
func waitToShutdown(wg *sync.WaitGroup, func waitToShutdown(wg *sync.WaitGroup,

View File

@ -7,6 +7,7 @@ import (
"os" "os"
"path/filepath" "path/filepath"
"strings" "strings"
"time"
"github.com/google/uuid" "github.com/google/uuid"
homedir "github.com/mitchellh/go-homedir" homedir "github.com/mitchellh/go-homedir"
@ -260,9 +261,13 @@ func prepareTunnelConfig(
} }
originProxy := origin.NewOriginProxy(ingressRules, warpRoutingService, tags, log) originProxy := origin.NewOriginProxy(ingressRules, warpRoutingService, tags, log)
gracePeriod, err := gracePeriod(c)
if err != nil {
return nil, ingress.Ingress{}, err
}
connectionConfig := &connection.Config{ connectionConfig := &connection.Config{
OriginProxy: originProxy, OriginProxy: originProxy,
GracePeriod: c.Duration("grace-period"), GracePeriod: gracePeriod,
ReplaceExisting: c.Bool("force"), ReplaceExisting: c.Bool("force"),
} }
muxerConfig := &connection.MuxerConfig{ muxerConfig := &connection.MuxerConfig{
@ -300,6 +305,14 @@ func prepareTunnelConfig(
}, ingressRules, nil }, ingressRules, nil
} }
func gracePeriod(c *cli.Context) (time.Duration, error) {
period := c.Duration("grace-period")
if period > connection.MaxGracePeriod {
return time.Duration(0), fmt.Errorf("grace-period must be equal or less than %v", connection.MaxGracePeriod)
}
return period, nil
}
func isWarpRoutingEnabled(warpConfig config.WarpRoutingConfig, isNamedTunnel bool) bool { func isWarpRoutingEnabled(warpConfig config.WarpRoutingConfig, isNamedTunnel bool) bool {
return warpConfig.Enabled && isNamedTunnel return warpConfig.Enabled && isNamedTunnel
} }

View File

@ -18,6 +18,7 @@ import (
const ( const (
lbProbeUserAgentPrefix = "Mozilla/5.0 (compatible; Cloudflare-Traffic-Manager/1.0; +https://www.cloudflare.com/traffic-manager/;" lbProbeUserAgentPrefix = "Mozilla/5.0 (compatible; Cloudflare-Traffic-Manager/1.0; +https://www.cloudflare.com/traffic-manager/;"
LogFieldConnIndex = "connIndex" LogFieldConnIndex = "connIndex"
MaxGracePeriod = time.Minute * 3
) )
var switchingProtocolText = fmt.Sprintf("%d %s", http.StatusSwitchingProtocols, http.StatusText(http.StatusSwitchingProtocols)) var switchingProtocolText = fmt.Sprintf("%d %s", http.StatusSwitchingProtocols, http.StatusText(http.StatusSwitchingProtocols))