In the request direction, it's more straight-forward to pass the metadata to downstream filters only. But to be consistent with the response direction, shall I pass metadata through all filters? I think we may be able to do something similar on the response direction to enable downstream only filter pass. What do you think?

Yeah, I think I'd prefer consistency over a one off

Mind adding a trace log here, to make it clear what we're doing?

I'm not sure if this plays well with ContinueAndEndStream where we set decoding_headers_only_ true. Can we do some tests with GrpcHttp1ReverseBridge to make sure we don't get a body payload but we do get an end stream correctly?

Apologize for the long response!

Added a trace log.

Great catch!! It wasn't working with decoding_headers_only_! To solve this problem, I tried to pass the empty data frame (added by addDecodedData) through filters when decoding_headers_only_ is true, but failed. The main problem is hard to distinguish this empty data frame with the data frames that are received from downstream (which we will ignore because of decoding_headers_only_). We could add more conditions to allow empty data frame to go through the filters here:

A very hacky solution I used is to add an empty data in router filter when end_stream in headers is true and we still have metadata to send. The downside is the data frame won't go through filters (Since filters decides to process headers only, it might be OK). The upside is it's simple.

But now the code is messy: if metadata is added in headers only request, the added empty data frame will go through filters. If metadata is added with decoding_headers_only_ true, the added empty data will not go through filters. I could merge those two cases to one: only add new empty data in router filters. What do you think?

About test: GrpcHttp1ReverseBridge returns ContinueAndEndStream in encodeHeaders(). So I used decode-headers-only to test, which returns ContinueAndEndStream in decodeHeaders(). Did I miss anything?

Please let me know any suggestions/thoughts. Thanks!!

Hmmm. Could we bypass this problem if we allowed metadata to end stream or do you think it would just be shifting complexity around?

I'd be interested in the opinion of @lizan and @mattklein123 - decoding_headers_only_ path was added for gRPC translations where we want to move the body into a header-only response, but now for metadata we're adding back a 0-byte body to pass on the end-stream, and want to make sure we don't reintroduce the actual payload.

Metadata is sent as h2 extension frames. Some implementations may ignore or mishandle this frame type. It could potentially cause problems if we allow metadata to carry end_stream. But if we think it is not a concern, I can change to allow end_stream. If we do so, we may differ from GFE implementation.

it's a bit of a bummer we need these code blocks draining metadata in all these locations. I can't think of anything more elegant but maybe @mattklein123 can?

Meanwhile if we leave it in, it might be worth a utility function (moving the "add 0 byte data frame out of the block above) just to minimize code in the already long functions.

Added a utility function. Thanks!

mind commenting what metadata ends up here and why?

Fixed. Thanks!

2 things for thought:

1. Related to some of my other comments, can we potentially just be directly storing pointers to metadata maps so that we can avoid copies?
2. I'm wondering if we want to actually have some type of metadata storage structure that is created on demand? So few people will be using this feature that I'm wondering if it's worth the memory and small init cost in the common case? Thoughts?

To answer 1: Storing metadata as unique_ptr instead of MetadataMapVector (aka std::vector<unique_ptr>) will merge two metadata with the same key value into one. This may cause some problem when multiple copies of the same metadata are expected, for example, for logging purpose.

To answer 2: I think that's good suggestion. Do you mind I make that change in a followup PR? Added a TODO.

To answer 2: I think that's good suggestion. Do you mind I make that change in a followup PR? Added a TODO.

I think that's OK, but will you do it relatively quickly? I think we need to be mindful of the performance/memory impact of rarely used code in the hottest paths.

I see. Fixed in this PR.

Store -> Storing

Fixed. Thanks!

Can we have a test for metadata and upstream retries? I think we're going to have to store this somewhere. Ditto shadowing, and internal redirects, where we call recreateStream.

I'm also OK TODOing either or both since both are complicated and this PR is already complicated. It's possible designing for them may inform how and where we store and clear frames so it's worth at least thinking about it now.

Happy to give you pointers to code or tests if you have trouble finding them.

Great point!! Thanks! I didn't think of those cases at all.

I am still working on this part. But I agree we should have a design for them before submitting this PR in case there are changes. Will update this thread when I make progress.

I only have looked at the internal redirect case. Since those cases all call recreateStream(), I think they can be solved similarly.

recreateStream() calls decodeHeaders() to go through all filters at the end of the the function.

The issue is in nghttp2. In the redirect case, metadata ends up in session->ob_reg: https://github.com/nghttp2/nghttp2/blob/d93842db3eb481fc6953ec70a81ed2f7863ffb45/lib/nghttp2_session.c#L2352, and the redirect headers ends up in session->ob_syn: https://github.com/nghttp2/nghttp2/blob/d93842db3eb481fc6953ec70a81ed2f7863ffb45/lib/nghttp2_session.c#L2360 . Because session->ob_reg is parsed before session->ob_syn, metadata is received before headers (no new stream has created), and caused failure.

I switched the positions of the pointed code, and I don't see new test failures in nghttp2. And a simple internal redirect test case passed with metadata in envoy. (cl/231599606. If others are interested in the change, I can make a public available PR).

What do you think about making the nghttp2 change? If we go with this, we can submit this PR first, and deal with shadowing, internal rediects and retries after the change is pushed to nghttp2. But it may take longer. I notice envoy still uses an old version of nghttp2.

To add more details about why the nghttp2 fix (here) is needed in redirect, etc cases, but not needed in regular case.

In the regular case, when we call encodeHeaders() in onPoolReady(), we will submit the headers by calling sendPendingFrames() before encoding any other frames. Calling sendPendingFrames() will make sure headers (session->ob_syn) are popped for processing first, because that's the only frame available. In redirect case, sendPendingFrames() in encodeHeaders() will be skipped because we are still dispatching (dispatching_ is true here). So we accumulate both headers and metadata. When sendPendingFrames is executed at the end of dispatch(), metadata shows up first because it is in session->ob_reg (here), which is processed before session->ob_syn(here).

It's easiest, and I think it also makes sense to fix in nghttp2. (sync frame should always process before regular frames?). If it takes too long, I will try to find some hacky ways to fix it in Envoy.

As said I'm totally fine dealing with this later, I'd just like a tracking TODO :-)

Fixed. Thanks!

Sorry when does this happen? Does this somehow happen if inside the headers callback the filter adds metadata? Can you clarify that if so in the comment?

That's right. Added comments to clarify.

nit: savedMetadata()

Fixed. Thanks!

Perhaps ASSERT that the storage vector pointer is not nullptr so we don't end up creating an empty vector anyway? Can you audit other calls to make sure we aren't accidentally creating a vector just to check that it's empty?

Good point! Fixed in both request and response direction.

Should we have a parallel assert in drainSavedResponseMetadata?

Fixed. Thanks!

I notice that we have similar storage on a per-filter basis as well as on a connection basis. Is it possible to collapse that somehow? If not can you add some clarifying comments on why we need both types of storage? It's not immediately clear.

Added comments and removed not used variables.

nit: const

Fixed. Thanks!

return -> returns

Fixed.

Should we have a parallel assert in drainSavedResponseMetadata?