feat(sdk): disable http keepalive

joe0BAB · joe0BAB · commit e78a764e9b20 · 2025-07-02T10:34:29.000+02:00
diff --git a/internal/ipc/design.md b/internal/ipc/design.md
@@ -51,5 +51,30 @@ Yamux is a full-featured, multiplexing protocol that allows multiple streams to
 Using Yamux we get Go's `net/http` out-of-the-box.
 
 
+## Decisions
 
+---
+
+2025-07-02 IPC stack
+
+The IPC stack consists of multiple parts that need to play well together:
+- socket multiplexing
+- API format (includes networking protocol + serialization format)
+
+At this point in time we have decided to go with yamux + connect rpc. 
+Connect rpc in itself uses protobuf for data serialization combined with gRPC over http for networking.
+A main advantage is that we can keep using Go's standard library's `net/http` stack for server and client.
+See [Connect: A better gRPC](https://buf.build/blog/connect-a-better-grpc) for a detailed comparison against e.g.`grpc-go`.
+Also connect rpc is part of CNCF ([source](https://www.cncf.io/projects/connect-rpc/)).
+
+Potential drawbacks: Performance
+
+Using [nri/net/multiplex](https://github.com/containerd/nri/tree/main/pkg/net/multiplex) with [ttrpc](https://github.com/containerd/ttrpc) probably would be the most performance optimised solution. 
+It re-uses one stream over the multiplexed socket per direction and has overhead of the http protocol as protobuf gets streamed directly over the multiplexer. 
+However, it has stopped evolving and e.g. has not caught up on latest improvements on protobuf. 
+Another major downside is that it's mainly Go only, i.e., supporting alternative languages for plugins would come at a high cost.
+We argue that in our use case, as the networking only happens locally so the overhead of grpc over http and the cost of opening a new yamux stream are negligible.
+In addition, the main performance bottleneck will be within the actual plugins, e.g., because authentication needs to happen, disk access or because (slow) external networking access is required.
+
+---
 
diff --git a/internal/ipc/ipc.go b/internal/ipc/ipc.go
@@ -132,9 +132,7 @@ func waitForClientToDisconnect(s *yamux.Session, t time.Duration) {
 			return
 		}
 		streams := s.NumStreams()
-		// 1 stream is the control stream (todo: verify)
-		// TODO: https://github.com/docker/secrets-engine/issues/71
-		if streams <= 1 {
+		if streams <= 0 {
 			return
 		}
 	}
@@ -149,6 +147,7 @@ func createYamuxedClient(session *yamux.Session) *http.Client {
 		DialContext: func(context.Context, string, string) (net.Conn, error) {
 			return session.Open()
 		},
+		DisableKeepAlives: true,
 	}
 	return &http.Client{Transport: transport}
 }

Original file line number	Diff line number	Diff line change
`@@ -132,9 +132,7 @@ func waitForClientToDisconnect(s *yamux.Session, t time.Duration) {`
`132`	`132`	`return`
`133`	`133`	`}`
`134`	`134`	`streams := s.NumStreams()`
`135`		`- // 1 stream is the control stream (todo: verify)`
`136`		`- // TODO: https://github.com/docker/secrets-engine/issues/71`
`137`		`- if streams <= 1 {`
	`135`	`+ if streams <= 0 {`
`138`	`136`	`return`
`139`	`137`	`}`
`140`	`138`	`}`
`@@ -149,6 +147,7 @@ func createYamuxedClient(session yamux.Session) http.Client {`
`149`	`147`	`DialContext: func(context.Context, string, string) (net.Conn, error) {`
`150`	`148`	`return session.Open()`
`151`	`149`	`},`
	`150`	`+ DisableKeepAlives: true,`
`152`	`151`	`}`
`153`	`152`	`return &http.Client{Transport: transport}`
`154`	`153`	`}`