Cargo.lock

@@ -87,7 +87,7 @@ dependencies = [
  "nom",
  "num-traits",
  "rusticata-macros",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "time",
 ]
 
@@ -353,9 +353,9 @@ dependencies = [
 
 [[package]]
 name = "cfg-if"
-version = "1.0.3"
+version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2fd1289c04a9ea8cb22300a459a72a385d7c73d3259e2ed7dcb2af674838cfa9"
+checksum = "9555578bc9e57714c812a1f84e4fc5b4d21fcb063490c624de019f7464c91268"
 
 [[package]]
 name = "clang-sys"
@@ -910,7 +910,7 @@ dependencies = [
  "once_cell",
  "rand 0.9.2",
  "ring",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tinyvec",
  "tokio",
  "tracing",
@@ -933,7 +933,7 @@ dependencies = [
  "rand 0.9.2",
  "resolv-conf",
  "smallvec",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tokio",
  "tracing",
 ]
@@ -996,14 +996,13 @@ checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9"
 
 [[package]]
 name = "hyper"
-version = "1.7.0"
+version = "1.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eb3aa54a13a0dfe7fbe3a59e0c76093041720fdc77b110cc0fc260fafb4dc51e"
+checksum = "cc2b571658e38e0c01b1fdca3bbbe93c00d3d71693ff2770043f8c29bc7d6f80"
 dependencies = [
- "atomic-waker",
  "bytes",
  "futures-channel",
- "futures-core",
+ "futures-util",
  "h2",
  "http",
  "http-body",
@@ -1011,7 +1010,6 @@ dependencies = [
  "httpdate",
  "itoa",
  "pin-project-lite",
- "pin-utils",
  "smallvec",
  "tokio",
  "want",
@@ -1354,7 +1352,7 @@ dependencies = [
  "http",
  "ipnet",
  "linkerd-dns-name",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
 ]
 
 [[package]]
@@ -1375,7 +1373,7 @@ dependencies = [
  "linkerd-workers",
  "rangemap",
  "regex",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tokio",
  "tokio-stream",
  "tonic",
@@ -1400,7 +1398,7 @@ dependencies = [
  "pprof",
  "serde",
  "serde_json",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tokio",
  "tower",
  "tracing",
@@ -1448,7 +1446,6 @@ dependencies = [
  "linkerd-proxy-transport",
  "linkerd-reconnect",
  "linkerd-router",
- "linkerd-rustls",
  "linkerd-service-profiles",
  "linkerd-stack",
  "linkerd-stack-metrics",
@@ -1461,8 +1458,9 @@ dependencies = [
  "pin-project",
  "prometheus-client",
  "semver",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tokio",
+ "tokio-rustls",
  "tokio-stream",
  "tonic",
  "tower",
@@ -1482,7 +1480,7 @@ dependencies = [
  "linkerd-proxy-client-policy",
  "linkerd-proxy-server-policy",
  "once_cell",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tokio",
  "tokio-test",
  "tonic",
@@ -1520,7 +1518,7 @@ dependencies = [
  "once_cell",
  "parking_lot",
  "rangemap",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tokio",
  "tokio-test",
  "tonic",
@@ -1604,7 +1602,7 @@ dependencies = [
  "parking_lot",
  "pin-project",
  "prometheus-client",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tokio",
  "tokio-rustls",
  "tokio-test",
@@ -1630,7 +1628,7 @@ dependencies = [
  "linkerd-proxy-client-policy",
  "parking_lot",
  "pin-project",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tokio",
  "tokio-stream",
  "tokio-test",
@@ -1665,7 +1663,7 @@ dependencies = [
  "linkerd-dns-name",
  "linkerd-error",
  "prometheus-client",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tokio",
  "tracing",
 ]
@@ -1674,7 +1672,7 @@ dependencies = [
 name = "linkerd-dns-name"
 version = "0.1.0"
 dependencies = [
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "untrusted",
 ]
 
@@ -1699,7 +1697,7 @@ name = "linkerd-error"
 version = "0.1.0"
 dependencies = [
  "futures",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
 ]
 
 [[package]]
@@ -1720,7 +1718,7 @@ dependencies = [
  "pin-project",
  "quickcheck",
  "rand 0.9.2",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tokio",
 ]
 
@@ -1784,7 +1782,7 @@ dependencies = [
  "linkerd-stack",
  "linkerd-tracing",
  "prometheus-client",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tokio",
  "tokio-test",
  "tracing",
@@ -1847,7 +1845,7 @@ dependencies = [
  "linkerd-stack",
  "pin-project",
  "prometheus-client",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tokio",
 ]
 
@@ -1880,7 +1878,7 @@ dependencies = [
  "linkerd-tracing",
  "parking_lot",
  "pin-project",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tokio",
  "tower",
  "tracing",
@@ -1894,7 +1892,7 @@ dependencies = [
  "linkerd2-proxy-api",
  "rand 0.9.2",
  "regex",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tracing",
  "url",
 ]
@@ -1910,7 +1908,7 @@ dependencies = [
  "linkerd-stack",
  "parking_lot",
  "pin-project",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tokio",
  "tracing",
 ]
@@ -1932,7 +1930,7 @@ dependencies = [
  "linkerd-io",
  "linkerd-stack",
  "pin-project",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tokio",
  "tower",
  "tracing",
@@ -1944,7 +1942,7 @@ name = "linkerd-http-variant"
 version = "0.1.0"
 dependencies = [
  "http",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
 ]
 
 [[package]]
@@ -1955,7 +1953,7 @@ dependencies = [
  "linkerd-error",
  "linkerd-metrics",
  "prometheus-client",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tracing",
  "url",
 ]
@@ -2005,7 +2003,7 @@ dependencies = [
  "rcgen",
  "rustls-pemfile",
  "rustls-webpki",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tokio",
  "tokio-rustls",
  "tracing",
@@ -2103,7 +2101,7 @@ dependencies = [
  "linkerd-pool",
  "linkerd-stack",
  "parking_lot",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tokio",
  "tower-test",
  "tracing",
@@ -2214,7 +2212,7 @@ dependencies = [
  "linkerd2-proxy-api",
  "once_cell",
  "prost-types 0.13.5",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tonic",
 ]
 
@@ -2273,7 +2271,7 @@ dependencies = [
  "linkerd-stack",
  "linkerd-tracing",
  "pin-project",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tokio",
  "tokio-test",
  "tower",
@@ -2291,7 +2289,7 @@ dependencies = [
  "linkerd-identity",
  "linkerd-stack",
  "linkerd2-proxy-api",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tokio",
  "tonic",
  "tracing",
@@ -2305,7 +2303,7 @@ dependencies = [
  "linkerd-error",
  "linkerd-proxy-core",
  "pin-project",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tower",
  "tracing",
 ]
@@ -2323,7 +2321,7 @@ dependencies = [
  "maplit",
  "prost-types 0.13.5",
  "quickcheck",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tokio",
 ]
 
@@ -2340,7 +2338,7 @@ dependencies = [
  "rcgen",
  "simple_asn1",
  "spiffe-proto",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tokio",
  "tonic",
  "tower",
@@ -2371,7 +2369,7 @@ dependencies = [
  "pin-project",
  "prost-types 0.13.5",
  "quickcheck",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tokio",
  "tonic",
  "tower",
@@ -2401,7 +2399,7 @@ dependencies = [
  "linkerd-io",
  "linkerd-stack",
  "socket2 0.6.0",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tokio",
  "tokio-stream",
  "tracing",
@@ -2472,7 +2470,7 @@ dependencies = [
  "prost-types 0.13.5",
  "quickcheck",
  "regex",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tokio",
  "tokio-stream",
  "tonic",
@@ -2497,7 +2495,7 @@ dependencies = [
  "linkerd-tracing",
  "parking_lot",
  "pin-project",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tokio",
  "tokio-test",
  "tokio-util",
@@ -2541,7 +2539,7 @@ dependencies = [
  "linkerd-stack",
  "linkerd-tracing",
  "pin-project",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tokio",
  "tracing",
  "untrusted",
@@ -2554,7 +2552,7 @@ dependencies = [
  "linkerd-dns",
  "linkerd-tls",
  "linkerd2-proxy-api",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tracing",
 ]
 
@@ -2686,7 +2684,7 @@ dependencies = [
  "prost 0.13.5",
  "prost-types 0.13.5",
  "quickcheck",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tonic",
 ]
 
@@ -2959,7 +2957,7 @@ dependencies = [
  "futures-sink",
  "js-sys",
  "pin-project-lite",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "tracing",
 ]
 
@@ -2986,7 +2984,7 @@ dependencies = [
  "opentelemetry",
  "percent-encoding",
  "rand 0.9.2",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
 ]
 
 [[package]]
@@ -3128,7 +3126,7 @@ dependencies = [
  "spin",
  "symbolic-demangle",
  "tempfile",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
 ]
 
 [[package]]
@@ -3142,9 +3140,9 @@ dependencies = [
 
 [[package]]
 name = "prettyplease"
-version = "0.2.37"
+version = "0.2.36"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b"
+checksum = "ff24dfcda44452b9816fff4cd4227e1bb73ff5a2f1bc1105aa92fb8565ce44d2"
 dependencies = [
  "proc-macro2",
  "syn",
@@ -3632,9 +3630,9 @@ dependencies = [
 
 [[package]]
 name = "serde_json"
-version = "1.0.143"
+version = "1.0.142"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d401abef1d108fbd9cbaebc3e46611f4b1021f714a0597a71f41ee463f5f4a5a"
+checksum = "030fedb782600dcbd6f02d479bf0d817ac3bb40d644745b769d6a96bc3afc5a7"
 dependencies = [
  "itoa",
  "memchr",
@@ -3685,7 +3683,7 @@ checksum = "297f631f50729c8c99b84667867963997ec0b50f32b2a7dbcab828ef0541e8bb"
 dependencies = [
  "num-bigint",
  "num-traits",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "time",
 ]
 
@@ -3819,9 +3817,9 @@ checksum = "7b2093cf4c8eb1e67749a6762251bc9cd836b6fc171623bd0a9d324d37af2417"
 
 [[package]]
 name = "tempfile"
-version = "3.21.0"
+version = "3.20.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "15b61f8f20e3a6f7e0649d825294eaf317edce30f82cf6026e7e4cb9222a7d1e"
+checksum = "e8a64e3985349f2441a1a9ef0b853f869006c3855f2cda6862a94d26ebb9d6a1"
 dependencies = [
  "fastrand",
  "getrandom 0.3.1",
@@ -3851,11 +3849,11 @@ dependencies = [
 
 [[package]]
 name = "thiserror"
-version = "2.0.16"
+version = "2.0.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3467d614147380f2e4e374161426ff399c91084acd2363eaf549172b3d5e60c0"
+checksum = "80d76d3f064b981389ecb4b6b7f45a0bf9fdac1d5b9204c7bd6714fecc302850"
 dependencies = [
- "thiserror-impl 2.0.16",
+ "thiserror-impl 2.0.15",
 ]
 
 [[package]]
@@ -3871,9 +3869,9 @@ dependencies = [
 
 [[package]]
 name = "thiserror-impl"
-version = "2.0.16"
+version = "2.0.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6c5e1be1c48b9172ee610da68fd9cd2770e7a4056cb3fc98710ee6906f0c7960"
+checksum = "44d29feb33e986b6ea906bd9c3559a856983f92371b3eaa5e83782a351623de0"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -3952,9 +3950,9 @@ dependencies = [
 
 [[package]]
 name = "tinyvec"
-version = "1.10.0"
+version = "1.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bfa5fdc3bce6191a1dbc8c02d5c8bffcf557bafa17c124c5264a458f1b0613fa"
+checksum = "09b3661f17e86524eccd4371ab0429194e0d7c008abb45f7a7495b1719463c71"
 dependencies = [
  "tinyvec_macros",
 ]
@@ -4704,7 +4702,7 @@ dependencies = [
  "nom",
  "oid-registry",
  "rusticata-macros",
- "thiserror 2.0.16",
+ "thiserror 2.0.15",
  "time",
 ]
 

linkerd/app/core/Cargo.toml

@@ -22,6 +22,7 @@ ipnet = "2.11"
 prometheus-client = { workspace = true }
 thiserror = "2"
 tokio = { version = "1", features = ["macros", "sync", "parking_lot"] }
+tokio-rustls = { workspace = true }
 tokio-stream = { version = "0.1", features = ["time"] }
 tonic = { workspace = true, default-features = false, features = ["prost"] }
 tracing = { workspace = true }
@@ -56,7 +57,6 @@ linkerd-proxy-tcp = { path = "../../proxy/tcp" }
 linkerd-proxy-transport = { path = "../../proxy/transport" }
 linkerd-reconnect = { path = "../../reconnect" }
 linkerd-router = { path = "../../router" }
-linkerd-rustls = { path = "../../rustls" }
 linkerd-service-profiles = { path = "../../service-profiles" }
 linkerd-stack = { path = "../../stack" }
 linkerd-stack-metrics = { path = "../../stack/metrics" }

linkerd/app/core/src/classify.rs

@@ -1,4 +1,5 @@
 use crate::profiles;
+pub use classify::gate;
 use linkerd_error::Error;
 use linkerd_proxy_client_policy as client_policy;
 use linkerd_proxy_http::{classify, HasH2Reason, ResponseTimeoutError};

linkerd/app/core/src/tls_info.rs

@@ -4,6 +4,7 @@ use std::{
     fmt::{Error, Write},
     sync::{Arc, OnceLock},
 };
+use tracing::error;
 
 static TLS_INFO: OnceLock<Arc<TlsInfo>> = OnceLock::new();
 
@@ -44,9 +45,14 @@ pub fn metric() -> prom::Family<TlsInfo, prom::ConstGauge> {
         prom::ConstGauge::new(1)
     });
 
-    let tls_info = TLS_INFO.get_or_init(|| {
-        let provider = linkerd_rustls::get_default_provider();
+    let Some(provider) = tokio_rustls::rustls::crypto::CryptoProvider::get_default() else {
+        // If the crypto provider hasn't been initialized, we return the metrics family with an
+        // empty set of metrics.
+        error!("Initializing TLS info metric before crypto provider initialized, this is a bug!");
+        return fam;
+    };
 
+    let tls_info = TLS_INFO.get_or_init(|| {
         let tls_suites = provider
             .cipher_suites
             .iter()

linkerd/app/src/lib.rs

@@ -252,6 +252,9 @@ impl Config {
             export_hostname_labels,
         );
 
+        let dst_addr = dst.addr.clone();
+        // registry.sub_registry_with_prefix("gateway"),
+
         let gateway = gateway::Gateway::new(gateway, inbound.clone(), outbound.clone()).stack(
             dst.resolve.clone(),
             dst.profiles.clone(),
@@ -329,7 +332,7 @@ impl Config {
 
         Ok(App {
             admin,
-            dst: dst.addr,
+            dst: dst_addr,
             drain: drain_tx,
             identity,
             inbound_addr,

linkerd/http/classify/src/channel.rs

@@ -2,7 +2,7 @@ use super::{ClassifyEos, ClassifyResponse};
 use futures::{prelude::*, ready};
 use http_body::Frame;
 use linkerd_error::Error;
-use linkerd_stack::Service;
+use linkerd_stack::{layer, ExtractParam, NewService, Service};
 use pin_project::{pin_project, pinned_drop};
 use std::{
     fmt::Debug,
@@ -12,6 +12,18 @@ use std::{
 };
 use tokio::sync::mpsc;
 
+/// Constructs new [`BroadcastClassification`] services.
+///
+/// `X` is an [`ExtractParam`] implementation that extracts a [`Tx`] from each
+/// target. The [`Tx`] is used to broadcast the classification of each response
+/// from the constructed [`BroadcastClassification`] service.
+#[derive(Debug)]
+pub struct NewBroadcastClassification<C, X, N> {
+    inner: N,
+    extract: X,
+    _marker: PhantomData<fn() -> C>,
+}
+
 /// A HTTP `Service` that applies a [`ClassifyResponse`] to each response, and
 /// broadcasts the classification over a [`mpsc`] channel.
 #[derive(Debug)]
@@ -21,6 +33,14 @@ pub struct BroadcastClassification<C: ClassifyResponse, S> {
     _marker: PhantomData<fn() -> C>,
 }
 
+/// A handle to a [`mpsc`] channel over which response classifications are
+/// broadcasted.
+///
+/// This is extracted from a target value by [`NewBroadcastClassification`] when
+/// constructing a [`BroadcastClassification`] service.
+#[derive(Clone, Debug)]
+pub struct Tx<C>(pub mpsc::Sender<C>);
+
 #[pin_project]
 pub struct ResponseFuture<C: ClassifyResponse, B, F> {
     #[pin]
@@ -42,6 +62,59 @@ struct State<C, T> {
     tx: mpsc::Sender<T>,
 }
 
+// === impl NewBroadcastClassification ===
+
+impl<C, X: Clone, N> NewBroadcastClassification<C, X, N> {
+    pub fn new(extract: X, inner: N) -> Self {
+        Self {
+            inner,
+            extract,
+            _marker: PhantomData,
+        }
+    }
+
+    /// Returns a [`layer::Layer`] that constructs `NewBroadcastClassification`
+    /// [`NewService`]s, using the provided [`ExtractParam`] implementation to
+    /// extract a classification [`Tx`] from the target.
+    pub fn layer_via(extract: X) -> impl layer::Layer<N, Service = Self> + Clone {
+        layer::mk(move |inner| Self::new(extract.clone(), inner))
+    }
+}
+
+impl<C, N> NewBroadcastClassification<C, (), N> {
+    /// Returns a [`layer::Layer`] that constructs `NewBroadcastClassification`
+    /// [`NewService`]s when the target type implements
+    /// [`linkerd_stack::Param`]`<`[`Tx`]`>`.
+    pub fn layer() -> impl layer::Layer<N, Service = Self> + Clone {
+        Self::layer_via(())
+    }
+}
+
+impl<T, C, X, N> NewService<T> for NewBroadcastClassification<C, X, N>
+where
+    C: ClassifyResponse,
+    X: ExtractParam<Tx<C::Class>, T>,
+    N: NewService<T>,
+{
+    type Service = BroadcastClassification<C, N::Service>;
+
+    fn new_service(&self, target: T) -> Self::Service {
+        let Tx(tx) = self.extract.extract_param(&target);
+        let inner = self.inner.new_service(target);
+        BroadcastClassification::new(tx, inner)
+    }
+}
+
+impl<C, X: Clone, N: Clone> Clone for NewBroadcastClassification<C, X, N> {
+    fn clone(&self) -> Self {
+        Self {
+            inner: self.inner.clone(),
+            extract: self.extract.clone(),
+            _marker: PhantomData,
+        }
+    }
+}
+
 // === impl BroadcastClassification ===
 
 impl<C: ClassifyResponse, S> BroadcastClassification<C, S> {

linkerd/http/classify/src/lib.rs

@@ -4,12 +4,12 @@
 use linkerd_error::Error;
 
 pub use self::{
-    channel::BroadcastClassification,
+    channel::{BroadcastClassification, NewBroadcastClassification, Tx},
     gate::{NewClassifyGate, NewClassifyGateSet},
     insert::{InsertClassifyResponse, NewInsertClassifyResponse},
 };
 
-mod channel;
+pub mod channel;
 pub mod gate;
 mod insert;