envoyproxy · mattklein123 · Jul 7, 2021 · Jun 30, 2021 · Jul 1, 2021 · Jul 1, 2021
diff --git a/api/envoy/extensions/common/dynamic_forward_proxy/v3/dns_cache.proto b/api/envoy/extensions/common/dynamic_forward_proxy/v3/dns_cache.proto
@@ -119,5 +119,5 @@ message DnsCacheConfig {
   // used by the underlying DNS implementation (e.g., c-areas and Apple DNS) which are opaque.
   // Setting this timeout will ensure that queries succeed or fail within the specified time frame
   // and are then retried using the standard refresh rates. Defaults to 5s if not set.
-  google.protobuf.Duration dns_query_timeout = 11;
+  google.protobuf.Duration dns_query_timeout = 11 [(validate.rules).duration = {gt {}}];
 }
diff --git a/api/envoy/extensions/common/dynamic_forward_proxy/v4alpha/dns_cache.proto b/api/envoy/extensions/common/dynamic_forward_proxy/v4alpha/dns_cache.proto
diff --git a/docs/root/configuration/http/http_filters/dynamic_forward_proxy_filter.rst b/docs/root/configuration/http/http_filters/dynamic_forward_proxy_filter.rst
@@ -49,6 +49,7 @@ namespace.
   dns_query_attempt, Counter, Number of DNS query attempts.
   dns_query_success, Counter, Number of DNS query successes.
   dns_query_failure, Counter, Number of DNS query failures.
+  dns_query_timeout, Counter, Number of DNS query :ref:`timeouts <envoy_v3_api_field_extensions.common.dynamic_forward_proxy.v3.DnsCacheConfig.dns_query_timeout>`.
   host_address_changed, Counter, Number of DNS queries that resulted in a host address change.
   host_added, Counter, Number of hosts that have been added to the cache.
   host_removed, Counter, Number of hosts that have been removed from the cache.

diff --git a/envoy/network/dns.h b/envoy/network/dns.h
@@ -19,10 +19,20 @@ class ActiveDnsQuery {
 public:
   virtual ~ActiveDnsQuery() = default;
 
+  enum class CancelReason {
+    // The caller no longer needs the answer to the query.
+    QueryAbandoned,
+    // The query timed out from the perspective of the caller. The DNS implementation may take
+    // a different action in this case (e.g., destroying existing DNS connections) in an effort
+    // to get an answer to future queries.
+    Timeout
+  };
+
   /**
    * Cancel an outstanding DNS request.
+   * @param reason supplies the cancel reason.
    */
-  virtual void cancel() PURE;
+  virtual void cancel(CancelReason reason) PURE;
 };
 
 /**

diff --git a/generated_api_shadow/envoy/extensions/common/dynamic_forward_proxy/v3/dns_cache.proto b/generated_api_shadow/envoy/extensions/common/dynamic_forward_proxy/v3/dns_cache.proto
diff --git a/generated_api_shadow/envoy/extensions/common/dynamic_forward_proxy/v4alpha/dns_cache.proto b/generated_api_shadow/envoy/extensions/common/dynamic_forward_proxy/v4alpha/dns_cache.proto
diff --git a/source/common/network/apple_dns_impl.cc b/source/common/network/apple_dns_impl.cc
@@ -265,7 +265,9 @@ AppleDnsResolverImpl::PendingResolution::~PendingResolution() {
   }
 }
 
-void AppleDnsResolverImpl::PendingResolution::cancel() {
+void AppleDnsResolverImpl::PendingResolution::cancel(Network::ActiveDnsQuery::CancelReason) {
+  // TODO(mattklein123): If cancel reason is timeout, do something more aggressive about destroying
+  // and recreating the DNS system to maximize the chance of success in following queries.
   ENVOY_LOG(debug, "Cancelling PendingResolution for {}", dns_name_);
   ASSERT(owned_);
   if (pending_cb_) {

diff --git a/source/common/network/apple_dns_impl.h b/source/common/network/apple_dns_impl.h
@@ -90,7 +90,7 @@ class AppleDnsResolverImpl : public DnsResolver, protected Logger::Loggable<Logg
     ~PendingResolution();
 
     // Network::ActiveDnsQuery
-    void cancel() override;
+    void cancel(Network::ActiveDnsQuery::CancelReason reason) override;
 
     static DnsResponse buildDnsResponse(const struct sockaddr* address, uint32_t ttl);
     // Wrapper for the API call.

diff --git a/source/common/network/dns_impl.h b/source/common/network/dns_impl.h
@@ -44,9 +44,10 @@ class DnsResolverImpl : public DnsResolver, protected Logger::Loggable<Logger::I
         : parent_(parent), callback_(callback), dispatcher_(dispatcher), channel_(channel),
           dns_name_(dns_name) {}
 
-    void cancel() override {
+    void cancel(CancelReason) override {
       // c-ares only supports channel-wide cancellation, so we just allow the
       // network events to continue but don't invoke the callback on completion.
+      // TODO(mattklein123): Potentially use timeout to destroy and recreate the channel.
       cancelled_ = true;
     }
 

diff --git a/source/common/upstream/logical_dns_cluster.cc b/source/common/upstream/logical_dns_cluster.cc
@@ -93,7 +93,7 @@ void LogicalDnsCluster::startPreInit() { startResolve(); }
 
 LogicalDnsCluster::~LogicalDnsCluster() {
   if (active_dns_query_) {
-    active_dns_query_->cancel();
+    active_dns_query_->cancel(Network::ActiveDnsQuery::CancelReason::QueryAbandoned);
   }
 }
 

diff --git a/source/common/upstream/strict_dns_cluster.cc b/source/common/upstream/strict_dns_cluster.cc
@@ -97,7 +97,7 @@ StrictDnsClusterImpl::ResolveTarget::ResolveTarget(
 
 StrictDnsClusterImpl::ResolveTarget::~ResolveTarget() {
   if (active_query_) {
-    active_query_->cancel();
+    active_query_->cancel(Network::ActiveDnsQuery::CancelReason::QueryAbandoned);
   }
 }
 

@@ -149,7 +149,7 @@ RedisCluster::DnsDiscoveryResolveTarget::DnsDiscoveryResolveTarget(RedisCluster&
 
 RedisCluster::DnsDiscoveryResolveTarget::~DnsDiscoveryResolveTarget() {
   if (active_query_) {
-    active_query_->cancel();
+    active_query_->cancel(Network::ActiveDnsQuery::CancelReason::QueryAbandoned);
   }
   // Disable timer for mock tests.
   if (resolve_timer_) {

@@ -58,7 +58,8 @@ DnsCacheImpl::DnsCacheImpl(
 DnsCacheImpl::~DnsCacheImpl() {
   for (const auto& primary_host : primary_hosts_) {
     if (primary_host.second->active_query_ != nullptr) {
-      primary_host.second->active_query_->cancel();
+      primary_host.second->active_query_->cancel(
+          Network::ActiveDnsQuery::CancelReason::QueryAbandoned);
     }
   }
 
@@ -210,6 +211,9 @@ void DnsCacheImpl::startCacheLoad(const std::string& host, uint16_t default_port
 }
 
 DnsCacheImpl::PrimaryHostInfo& DnsCacheImpl::getPrimaryHost(const std::string& host) {
+  // Functions modify primary_hosts_ are only called in the main thread so we
+  // know it is safe to use the PrimaryHostInfo pointers outside of the lock.
+  ASSERT(main_thread_dispatcher_.isThreadSafe());
   absl::ReaderMutexLock reader_lock{&primary_hosts_lock_};
   const auto primary_host_it = primary_hosts_.find(host);
   ASSERT(primary_host_it != primary_hosts_.end());
@@ -222,7 +226,7 @@ void DnsCacheImpl::onResolveTimeout(const std::string& host) {
   auto& primary_host = getPrimaryHost(host);
   ENVOY_LOG(debug, "host='{}' resolution timeout", host);
   stats_.dns_query_timeout_.inc();
-  primary_host.active_query_->cancel();
+  primary_host.active_query_->cancel(Network::ActiveDnsQuery::CancelReason::Timeout);
   finishResolve(host, Network::DnsResolver::ResolutionStatus::Failure, {});
 }
 
@@ -233,10 +237,7 @@ void DnsCacheImpl::onReResolve(const std::string& host) {
   // use-after-free issues
   PrimaryHostInfoPtr host_to_erase;
 
-  // Functions like this one that modify primary_hosts_ are only called in the main thread so we
-  // know it is safe to use the PrimaryHostInfo pointers outside of the lock.
   auto& primary_host = getPrimaryHost(host);
-
   const std::chrono::steady_clock::duration now_duration =
       main_thread_dispatcher_.timeSource().monotonicTime().time_since_epoch();
   auto last_used_time = primary_host.host_info_->lastUsedTime();

diff --git a/test/common/network/apple_dns_impl_test.cc b/test/common/network/apple_dns_impl_test.cc
@@ -137,7 +137,7 @@ TEST_F(AppleDnsImplTest, InvalidConfigOptions) {
 TEST_F(AppleDnsImplTest, DestructPending) {
   ActiveDnsQuery* query = resolveWithUnreferencedParameters("", DnsLookupFamily::V4Only, 0);
   ASSERT_NE(nullptr, query);
-  query->cancel();
+  query->cancel(Network::ActiveDnsQuery::CancelReason::QueryAbandoned);
 }
 
 TEST_F(AppleDnsImplTest, LocalLookup) {
@@ -194,7 +194,7 @@ TEST_F(AppleDnsImplTest, Cancel) {
                                              DnsResolver::ResolutionStatus::Success, true));
 
   ASSERT_NE(nullptr, query);
-  query->cancel();
+  query->cancel(Network::ActiveDnsQuery::CancelReason::QueryAbandoned);
 
   dispatcher_->run(Event::Dispatcher::RunType::Block);
 }

diff --git a/test/common/network/dns_impl_test.cc b/test/common/network/dns_impl_test.cc
@@ -572,7 +572,7 @@ INSTANTIATE_TEST_SUITE_P(IpVersions, DnsImplTest,
 TEST_P(DnsImplTest, DestructPending) {
   ActiveDnsQuery* query = resolveWithUnreferencedParameters("", DnsLookupFamily::V4Only, false);
   ASSERT_NE(nullptr, query);
-  query->cancel();
+  query->cancel(Network::ActiveDnsQuery::CancelReason::QueryAbandoned);
   // Also validate that pending events are around to exercise the resource
   // reclamation path.
   EXPECT_GT(peer_->events().size(), 0U);
@@ -806,7 +806,7 @@ TEST_P(DnsImplTest, Cancel) {
                                              {"201.134.56.7"}, {}, absl::nullopt));
 
   ASSERT_NE(nullptr, query);
-  query->cancel();
+  query->cancel(Network::ActiveDnsQuery::CancelReason::QueryAbandoned);
 
   dispatcher_->run(Event::Dispatcher::RunType::Block);
 }

diff --git a/test/common/upstream/logical_dns_cluster_test.cc b/test/common/upstream/logical_dns_cluster_test.cc
@@ -188,7 +188,7 @@ class LogicalDnsClusterTest : public Event::TestUsingSimulatedTime, public testi
     logical_host->createConnection(dispatcher_, nullptr, nullptr);
 
     // Make sure we cancel.
-    EXPECT_CALL(active_dns_query_, cancel());
+    EXPECT_CALL(active_dns_query_, cancel(Network::ActiveDnsQuery::CancelReason::QueryAbandoned));
     expectResolve(Network::DnsLookupFamily::V4Only, expected_address);
     resolve_timer_->invokeCallback();
 

diff --git a/test/common/upstream/upstream_impl_test.cc b/test/common/upstream/upstream_impl_test.cc
@@ -457,8 +457,10 @@ TEST_F(StrictDnsClusterImplTest, Basic) {
   resolver2.expectResolve(*dns_resolver_);
   resolver2.timer_->invokeCallback();
 
-  EXPECT_CALL(resolver1.active_dns_query_, cancel());
-  EXPECT_CALL(resolver2.active_dns_query_, cancel());
+  EXPECT_CALL(resolver1.active_dns_query_,
+              cancel(Network::ActiveDnsQuery::CancelReason::QueryAbandoned));
+  EXPECT_CALL(resolver2.active_dns_query_,
+              cancel(Network::ActiveDnsQuery::CancelReason::QueryAbandoned));
 }
 
 // Verifies that host removal works correctly when hosts are being health checked
@@ -854,9 +856,12 @@ TEST_F(StrictDnsClusterImplTest, LoadAssignmentBasic) {
   resolver3.expectResolve(*dns_resolver_);
   resolver3.timer_->invokeCallback();
 
-  EXPECT_CALL(resolver1.active_dns_query_, cancel());
-  EXPECT_CALL(resolver2.active_dns_query_, cancel());
-  EXPECT_CALL(resolver3.active_dns_query_, cancel());
+  EXPECT_CALL(resolver1.active_dns_query_,
+              cancel(Network::ActiveDnsQuery::CancelReason::QueryAbandoned));
+  EXPECT_CALL(resolver2.active_dns_query_,
+              cancel(Network::ActiveDnsQuery::CancelReason::QueryAbandoned));
+  EXPECT_CALL(resolver3.active_dns_query_,
+              cancel(Network::ActiveDnsQuery::CancelReason::QueryAbandoned));
 }
 
 TEST_F(StrictDnsClusterImplTest, LoadAssignmentBasicMultiplePriorities) {
@@ -993,9 +998,12 @@ TEST_F(StrictDnsClusterImplTest, LoadAssignmentBasicMultiplePriorities) {
   resolver3.expectResolve(*dns_resolver_);
   resolver3.timer_->invokeCallback();
 
-  EXPECT_CALL(resolver1.active_dns_query_, cancel());
-  EXPECT_CALL(resolver2.active_dns_query_, cancel());
-  EXPECT_CALL(resolver3.active_dns_query_, cancel());
+  EXPECT_CALL(resolver1.active_dns_query_,
+              cancel(Network::ActiveDnsQuery::CancelReason::QueryAbandoned));
+  EXPECT_CALL(resolver2.active_dns_query_,
+              cancel(Network::ActiveDnsQuery::CancelReason::QueryAbandoned));
+  EXPECT_CALL(resolver3.active_dns_query_,
+              cancel(Network::ActiveDnsQuery::CancelReason::QueryAbandoned));
 }
 
 // Verifies that specifying a custom resolver when using STRICT_DNS fails

@@ -544,10 +544,9 @@ class RedisClusterTest : public testing::Test,
                              Network::DnsResolver::ResolveCb) -> Network::ActiveDnsQuery* {
           return &active_dns_query_;
         }));
-    ;
     resolver_target.startResolveDns();
 
-    EXPECT_CALL(active_dns_query_, cancel());
+    EXPECT_CALL(active_dns_query_, cancel(Network::ActiveDnsQuery::CancelReason::QueryAbandoned));
   }
 
   Stats::TestUtil::TestStore stats_store_;

@@ -481,7 +481,7 @@ TEST_F(DnsCacheImplTest, ResolveTimeout) {
   checkStats(1 /* attempt */, 0 /* success */, 0 /* failure */, 0 /* address changed */,
              1 /* added */, 0 /* removed */, 1 /* num hosts */);
 
-  EXPECT_CALL(resolver_->active_query_, cancel());
+  EXPECT_CALL(resolver_->active_query_, cancel(Network::ActiveDnsQuery::CancelReason::Timeout));
   EXPECT_CALL(*timeout_timer, disableTimer());
   EXPECT_CALL(update_callbacks_, onDnsHostAddOrUpdate(_, _)).Times(0);
   EXPECT_CALL(callbacks, onLoadDnsCacheComplete(DnsHostInfoAddressIsNull()));
@@ -783,7 +783,8 @@ TEST_F(DnsCacheImplTest, CancelActiveQueriesOnDestroy) {
   EXPECT_NE(result.handle_, nullptr);
   EXPECT_EQ(absl::nullopt, result.host_info_);
 
-  EXPECT_CALL(resolver_->active_query_, cancel());
+  EXPECT_CALL(resolver_->active_query_,
+              cancel(Network::ActiveDnsQuery::CancelReason::QueryAbandoned));
   dns_cache_.reset();
 }
 

diff --git a/test/mocks/network/mocks.h b/test/mocks/network/mocks.h
@@ -37,7 +37,7 @@ class MockActiveDnsQuery : public ActiveDnsQuery {
   ~MockActiveDnsQuery() override;
 
   // Network::ActiveDnsQuery
-  MOCK_METHOD(void, cancel, ());
+  MOCK_METHOD(void, cancel, (CancelReason reason));
 };
 
 class MockDnsResolver : public DnsResolver {