linkerd
diff --git a/‎Cargo.lock
Lines changed: 18 additions & 17 deletions b/‎Cargo.lock
Lines changed: 18 additions & 17 deletions
diff --git a/‎Cargo.toml
Lines changed: 1 addition & 1 deletion b/‎Cargo.toml
Lines changed: 1 addition & 1 deletion
diff --git a/‎linkerd/app/admin/src/stack.rs
Lines changed: 7 additions & 7 deletions b/‎linkerd/app/admin/src/stack.rs
Lines changed: 7 additions & 7 deletions
diff --git a/‎linkerd/app/core/Cargo.toml
Lines changed: 0 additions & 1 deletion b/‎linkerd/app/core/Cargo.toml
Lines changed: 0 additions & 1 deletion
diff --git a/‎linkerd/app/core/src/config.rs
Lines changed: 2 additions & 10 deletions b/‎linkerd/app/core/src/config.rs
Lines changed: 2 additions & 10 deletions
diff --git a/‎linkerd/app/core/src/lib.rs
Lines changed: 0 additions & 1 deletion b/‎linkerd/app/core/src/lib.rs
Lines changed: 0 additions & 1 deletion
diff --git a/‎linkerd/app/inbound/src/detect.rs
Lines changed: 45 additions & 40 deletions b/‎linkerd/app/inbound/src/detect.rs
Lines changed: 45 additions & 40 deletions
diff --git a/‎linkerd/app/outbound/src/ingress.rs
Lines changed: 23 additions & 16 deletions b/‎linkerd/app/outbound/src/ingress.rs
Lines changed: 23 additions & 16 deletions
@@ -1350,7 +1350,6 @@ dependencies = [
  "ipnet",
  "linkerd-addr",
  "linkerd-conditional",
- "linkerd-detect",
  "linkerd-dns",
  "linkerd-duplex",
  "linkerd-errno",
@@ -1578,21 +1577,6 @@ dependencies = [
 name = "linkerd-conditional"
 version = "0.1.0"
 
-[[package]]
-name = "linkerd-detect"
-version = "0.1.0"
-dependencies = [
- "async-trait",
- "bytes",
- "linkerd-error",
- "linkerd-io",
- "linkerd-stack",
- "thiserror 2.0.11",
- "tokio",
- "tower",
- "tracing",
-]
-
 [[package]]
 name = "linkerd-distribute"
 version = "0.1.0"
@@ -1730,6 +1714,23 @@ dependencies = [
  "tracing",
 ]
 
+[[package]]
+name = "linkerd-http-detect"
+version = "0.1.0"
+dependencies = [
+ "bytes",
+ "httparse",
+ "linkerd-error",
+ "linkerd-http-variant",
+ "linkerd-io",
+ "linkerd-stack",
+ "linkerd-tracing",
+ "thiserror 2.0.11",
+ "tokio",
+ "tokio-test",
+ "tracing",
+]
+
 [[package]]
 name = "linkerd-http-executor"
 version = "0.1.0"
@@ -2265,11 +2266,11 @@ dependencies = [
  "httparse",
  "hyper",
  "hyper-balance",
- "linkerd-detect",
  "linkerd-duplex",
  "linkerd-error",
  "linkerd-http-box",
  "linkerd-http-classify",
+ "linkerd-http-detect",
  "linkerd-http-executor",
  "linkerd-http-h2",
  "linkerd-http-insert",
 
@@ -16,7 +16,6 @@ members = [
     "linkerd/app",
     "linkerd/conditional",
     "linkerd/distribute",
-    "linkerd/detect",
     "linkerd/dns/name",
     "linkerd/dns",
     "linkerd/duplex",
@@ -28,6 +27,7 @@ members = [
     "linkerd/http/body-compat",
     "linkerd/http/box",
     "linkerd/http/classify",
+    "linkerd/http/detect",
     "linkerd/http/executor",
     "linkerd/http/h2",
     "linkerd/http/insert",
 
@@ -1,7 +1,7 @@
 use linkerd_app_core::{
     classify,
     config::ServerConfig,
-    detect, drain, errors, identity,
+    drain, errors, identity,
     metrics::{self, FmtMetrics},
     proxy::http,
     serve,
@@ -136,19 +136,19 @@ impl Config {
             }))
             .push_filter(
                 |(http, tcp): (
-                    Result<Option<http::Variant>, detect::DetectTimeoutError<_>>,
+                    http::Detection,
                     Tcp,
                 )| {
                     match http {
-                        Ok(Some(version)) => Ok(Http { version, tcp }),
+                        http::Detection::Http(version) => Ok(Http { version, tcp }),
                         // If detection timed out, we can make an educated guess at the proper
                         // behavior:
                         // - If the connection was meshed, it was most likely transported over
                         //   HTTP/2.
                         // - If the connection was unmeshed, it was mostly likely HTTP/1.
                         // - If we received some unexpected SNI, the client is mostly likely
                         //   confused/stale.
-                        Err(_timeout) => {
+                        http::Detection::ReadTimeout(_timeout) => {
                             let version = match tcp.tls {
                                 tls::ConditionalServerTls::None(_) => http::Variant::Http1,
                                 tls::ConditionalServerTls::Some(tls::ServerTls::Established {
@@ -166,7 +166,7 @@ impl Config {
                         }
                         // If the connection failed HTTP detection, check if we detected TLS for
                         // another target. This might indicate that the client is confused/stale.
-                        Ok(None) => match tcp.tls {
+                        http::Detection::Empty | http::Detection::NotHttp => match tcp.tls {
                             tls::ConditionalServerTls::Some(tls::ServerTls::Passthru { sni }) => {
                                 Err(UnexpectedSni(sni, tcp.client).into())
                             }
@@ -177,8 +177,8 @@ impl Config {
             )
             .arc_new_tcp()
             .lift_new_with_target()
-            .push(detect::NewDetectService::layer(svc::stack::CloneParam::from(
-                detect::Config::<http::DetectHttp>::from_timeout(DETECT_TIMEOUT),
+            .push(http::NewDetect::layer(svc::stack::CloneParam::from(
+                http::DetectParams { read_timeout: DETECT_TIMEOUT }
             )))
             .push(transport::metrics::NewServer::layer(metrics.proxy.transport))
             .push_map_target(move |(tls, addrs): (tls::ConditionalServerTls, B::Addrs)| {
 
@@ -34,7 +34,6 @@ pin-project = "1"
 linkerd-addr = { path = "../../addr" }
 linkerd-conditional = { path = "../../conditional" }
 linkerd-dns = { path = "../../dns" }
-linkerd-detect = { path = "../../detect" }
 linkerd-duplex = { path = "../../duplex" }
 linkerd-errno = { path = "../../errno" }
 linkerd-error = { path = "../../error" }
 
@@ -1,7 +1,7 @@
 pub use crate::exp_backoff::ExponentialBackoff;
 use crate::{
-    proxy::http::{self, h1, h2},
-    svc::{queue, CloneParam, ExtractParam, Param},
+    proxy::http::{h1, h2},
+    svc::{queue, ExtractParam, Param},
     transport::{DualListenAddr, Keepalive, ListenAddr, UserTimeout},
 };
 use std::time::Duration;
@@ -59,14 +59,6 @@ impl<T> ExtractParam<queue::Timeout, T> for QueueConfig {
     }
 }
 
-// === impl ProxyConfig ===
-
-impl ProxyConfig {
-    pub fn detect_http(&self) -> CloneParam<linkerd_detect::Config<http::DetectHttp>> {
-        linkerd_detect::Config::from_timeout(self.detect_protocol_timeout).into()
-    }
-}
-
 // === impl ServerConfig ===
 
 impl Param<DualListenAddr> for ServerConfig {
 
@@ -32,7 +32,6 @@ pub use drain;
 pub use ipnet::{IpNet, Ipv4Net, Ipv6Net};
 pub use linkerd_addr::{self as addr, Addr, AddrMatch, IpMatch, NameAddr, NameMatch};
 pub use linkerd_conditional::Conditional;
-pub use linkerd_detect as detect;
 pub use linkerd_dns;
 pub use linkerd_error::{cause_ref, is_caused_by, Error, Infallible, Recover, Result};
 pub use linkerd_exp_backoff as exp_backoff;
 
@@ -3,7 +3,7 @@ use crate::{
     Inbound,
 };
 use linkerd_app_core::{
-    detect, identity, io,
+    identity, io,
     metrics::ServerLabel,
     proxy::http,
     svc, tls,
@@ -48,9 +48,6 @@ struct Detect {
     tls: Tls,
 }
 
-#[derive(Copy, Clone, Debug)]
-struct ConfigureHttpDetect;
-
 #[derive(Clone)]
 struct TlsParams {
     timeout: tls::server::Timeout,
@@ -111,42 +108,58 @@ impl Inbound<svc::ArcNewTcp<Http, io::BoxedIo>> {
                 .push_switch(
                     |(detected, Detect { tls, .. })| -> Result<_, Infallible> {
                         match detected {
-                            Ok(Some(http)) => Ok(svc::Either::A(Http { http, tls })),
-                            Ok(None) => Ok(svc::Either::B(tls)),
+                            http::Detection::Http(http) => Ok(svc::Either::A(Http { http, tls })),
+                            http::Detection::Empty | http::Detection::NotHttp => {
+                                Ok(svc::Either::B(tls))
+                            }
                             // When HTTP detection fails, forward the connection to the application as
                             // an opaque TCP stream.
-                            Err(timeout) => match tls.policy.protocol() {
-                                Protocol::Http1 { .. } => {
-                                    // If the protocol was hinted to be HTTP/1.1 but detection
-                                    // failed, we'll usually be handling HTTP/1, but we may actually
-                                    // be handling HTTP/2 via protocol upgrade. Our options are:
-                                    // handle the connection as HTTP/1, assuming it will be rare for
-                                    // a proxy to initiate TLS, etc and not send the 16B of
-                                    // connection header; or we can handle it as opaque--but there's
-                                    // no chance the server will be able to handle the H2 protocol
-                                    // upgrade. So, it seems best to assume it's HTTP/1 and let the
-                                    // proxy handle the protocol error if we're in an edge case.
-                                    info!(%timeout, "Handling connection as HTTP/1 due to policy");
-                                    Ok(svc::Either::A(Http {
-                                        http: http::Variant::Http1,
-                                        tls,
-                                    }))
+                            http::Detection::ReadTimeout(timeout) => {
+                                match tls.policy.protocol() {
+                                    Protocol::Http1 { .. } => {
+                                        // If the protocol was hinted to be HTTP/1.1 but detection
+                                        // failed, we'll usually be handling HTTP/1, but we may actually
+                                        // be handling HTTP/2 via protocol upgrade. Our options are:
+                                        // handle the connection as HTTP/1, assuming it will be rare for
+                                        // a proxy to initiate TLS, etc and not send the 16B of
+                                        // connection header; or we can handle it as opaque--but there's
+                                        // no chance the server will be able to handle the H2 protocol
+                                        // upgrade. So, it seems best to assume it's HTTP/1 and let the
+                                        // proxy handle the protocol error if we're in an edge case.
+                                        info!(
+                                            ?timeout,
+                                            "Handling connection as HTTP/1 due to policy"
+                                        );
+                                        Ok(svc::Either::A(Http {
+                                            http: http::Variant::Http1,
+                                            tls,
+                                        }))
+                                    }
+                                    // Otherwise, the protocol hint must have
+                                    // been `Detect` or the protocol was updated
+                                    // after detection was initiated, otherwise
+                                    // we would have avoided detection below.
+                                    // Continue handling the connection as if it
+                                    // were opaque.
+                                    _ => {
+                                        info!(
+                                            ?timeout,
+                                            "Handling connection as opaque due to policy"
+                                        );
+                                        Ok(svc::Either::B(tls))
+                                    }
                                 }
-                                // Otherwise, the protocol hint must have been `Detect` or the
-                                // protocol was updated after detection was initiated, otherwise we
-                                // would have avoided detection below. Continue handling the
-                                // connection as if it were opaque.
-                                _ => {
-                                    info!(%timeout, "Handling connection as opaque");
-                                    Ok(svc::Either::B(tls))
-                                }
-                            },
+                            }
                         }
                     },
                     forward.into_inner(),
                 )
                 .lift_new_with_target()
-                .push(detect::NewDetectService::layer(ConfigureHttpDetect))
+                .push(http::NewDetect::layer(|Detect { timeout, .. }: &Detect| {
+                    http::DetectParams {
+                        read_timeout: *timeout,
+                    }
+                }))
                 .arc_new_tcp();
 
             http.push_on_service(svc::MapTargetLayer::new(io::BoxedIo::new))
@@ -332,14 +345,6 @@ impl svc::Param<tls::ConditionalServerTls> for Tls {
     }
 }
 
-// === impl ConfigureHttpDetect ===
-
-impl svc::ExtractParam<detect::Config<http::DetectHttp>, Detect> for ConfigureHttpDetect {
-    fn extract_param(&self, detect: &Detect) -> detect::Config<http::DetectHttp> {
-        detect::Config::from_timeout(detect.timeout)
-    }
-}
-
 // === impl Http ===
 
 impl svc::Param<http::Variant> for Http {
 
@@ -1,6 +1,6 @@
 use crate::{http, opaq, policy, Discovery, Outbound, ParentRef};
 use linkerd_app_core::{
-    detect, errors, io, profiles,
+    errors, io, profiles,
     proxy::{
         api_resolve::{ConcreteAddr, Metadata},
         core::Resolve,
@@ -274,8 +274,6 @@ impl<N> Outbound<N> {
         NSvc::Future: Send,
     {
         self.map_stack(|config, rt, inner| {
-            let detect_http = config.proxy.detect_http();
-
             // Route requests with destinations that can be discovered via the
             // `l5d-dst-override` header through the (load balanced) logical
             // stack. Route requests without the header through the endpoint
@@ -292,10 +290,12 @@ impl<N> Outbound<N> {
                 .push_on_service(
                     svc::layers()
                         .push(http::BoxRequest::layer())
-                        .push(http::strip_header::request::layer(DST_OVERRIDE_HEADER))
+                        .push(http::strip_header::request::layer(DST_OVERRIDE_HEADER)),
                 )
                 .lift_new()
-                .push(svc::NewOneshotRoute::layer_via(|t: &Http<T>| SelectTarget(t.clone())))
+                .push(svc::NewOneshotRoute::layer_via(|t: &Http<T>| {
+                    SelectTarget(t.clone())
+                }))
                 .check_new_service::<Http<T>, http::Request<_>>();
 
             // HTTP detection is **always** performed. If detection fails, then we
@@ -307,26 +307,33 @@ impl<N> Outbound<N> {
                     let h2 = config.proxy.server.http2.clone();
                     let drain = rt.drain.clone();
                     move |http: &Http<T>| http::ServerParams {
-                            version: http.version,
-                            http2: h2.clone(),
-                            drain: drain.clone()
+                        version: http.version,
+                        http2: h2.clone(),
+                        drain: drain.clone(),
                     }
                 }))
                 .check_new_service::<Http<T>, I>()
                 .push_switch(
-                    |(detected, target): (detect::Result<http::Variant>, T)| -> Result<_, Infallible> {
-                        if let Some(version) = detect::allow_timeout(detected) {
-                            return Ok(svc::Either::A(Http {
-                                version,
-                                parent: target,
-                            }));
+                    |(detected, parent): (http::Detection, T)| -> Result<_, Infallible> {
+                        match detected {
+                            http::Detection::Http(version) => {
+                                return Ok(svc::Either::A(Http { version, parent }));
+                            }
+                            http::Detection::ReadTimeout(timeout) => {
+                                tracing::info!("Continuing after timeout: {timeout:?}");
+                            }
+                            _ => {}
                         }
-                        Ok(svc::Either::B(target))
+                        Ok(svc::Either::B(parent))
                     },
                     fallback,
                 )
                 .lift_new_with_target()
-                .push(detect::NewDetectService::layer(detect_http))
+                .push(http::NewDetect::layer(svc::CloneParam::from(
+                    http::DetectParams {
+                        read_timeout: config.proxy.detect_protocol_timeout,
+                    },
+                )))
                 .arc_new_tcp()
         })
     }