Correctly handle http conn state when origin responds before LastHttpContent is sent (#2129)

This PR ensures we close the origin connection (rather than returning it
to the pool) when an HTTP/1.1 origin sends a response before zuul
finishes streaming the request body to it.

If an origin responds before zuul finishes sending the request body
without signally to close the connection, the outbound `HttpClientCodec`
encoder is left mid-body (state `ST_CONTENT_NON_CHUNK`). When the
connection is reused for the next request, the encoder rejects it with
`IllegalStateException: unexpected message type: DefaultHttpRequest,
state: 1`, resulting in a HTTP 500 response to an unrelated request.

Per RFC 9112 / RFC 7230, an origin that produces a response without
consuming the full request body is expected to signal `Connection:
close` so the connection is not reused. However, some origins don't, so
we ensure the connection pool correctly protects against this case.

Author: gavinbunney

zuul-core/src/main/java/com/netflix/netty/common/HttpClientLifecycleChannelHandler.java

@@ -24,6 +24,7 @@
 import io.netty.handler.codec.http.HttpRequest;
 import io.netty.handler.codec.http.HttpResponse;
 import io.netty.handler.codec.http.LastHttpContent;
+import io.netty.util.AttributeKey;
 
 /**
  * @author michaels
@@ -32,6 +33,9 @@ public class HttpClientLifecycleChannelHandler extends HttpLifecycleChannelHandl
     public static final ChannelHandler INBOUND_CHANNEL_HANDLER = new HttpClientLifecycleInboundChannelHandler();
     public static final ChannelHandler OUTBOUND_CHANNEL_HANDLER = new HttpClientLifecycleOutboundChannelHandler();
 
+    public static final AttributeKey<Boolean> ATTR_OUTBOUND_LAST_CONTENT_PENDING =
+            AttributeKey.newInstance("_outbound_last_content_pending");
+
     @ChannelHandler.Sharable
     private static class HttpClientLifecycleInboundChannelHandler extends ChannelInboundHandlerAdapter {
         @Override
@@ -64,9 +68,19 @@ private static class HttpClientLifecycleOutboundChannelHandler extends ChannelOu
         @Override
         public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise) throws Exception {
             if (msg instanceof HttpRequest httpRequest) {
+                ctx.channel().attr(ATTR_OUTBOUND_LAST_CONTENT_PENDING).set(Boolean.TRUE);
                 fireStartEvent(ctx, httpRequest);
             }
 
+            if (msg instanceof LastHttpContent) {
+                // only clear after content write succeeds to account for retrans
+                promise.addListener(future -> {
+                    if (future.isSuccess()) {
+                        ctx.channel().attr(ATTR_OUTBOUND_LAST_CONTENT_PENDING).set(null);
+                    }
+                });
+            }
+
             super.write(ctx, msg, promise);
         }
 

zuul-core/src/main/java/com/netflix/zuul/netty/connectionpool/ConnectionPoolHandler.java

@@ -19,6 +19,7 @@
 import static com.netflix.netty.common.HttpLifecycleChannelHandler.CompleteEvent;
 import static com.netflix.netty.common.HttpLifecycleChannelHandler.CompleteReason;
 
+import com.netflix.netty.common.HttpClientLifecycleChannelHandler;
 import com.netflix.spectator.api.Spectator;
 import com.netflix.zuul.netty.ChannelUtils;
 import com.netflix.zuul.origins.OriginName;
@@ -81,6 +82,15 @@ public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exc
                                 + ChannelUtils.channelInfoForLogging(ctx.channel());
                         metrics.headerCloseCounter().increment();
                         closeConnection(ctx, msg);
+                    } else if (isOutboundLastContentPending(ctx)) {
+                        // response arrived before zuul finished writing the request body; the
+                        // HttpClientCodec encoder is mid-body and the connection cannot be reused
+                        metrics.outboundIncompleteCounter().increment();
+                        String msg = "Origin channel for origin - " + originName
+                                + " - response completed before request body fully written, closing. "
+                                + ChannelUtils.channelInfoForLogging(ctx.channel());
+                        LOG.warn(msg);
+                        closeConnection(ctx, msg);
                     } else {
                         conn.setConnectionState(PooledConnection.ConnectionState.WRITE_READY);
                         conn.release();
@@ -148,6 +158,12 @@ private void flagCloseAndReleaseConnection(PooledConnection pooledConnection) {
         }
     }
 
+    private static boolean isOutboundLastContentPending(ChannelHandlerContext ctx) {
+        return Boolean.TRUE.equals(ctx.channel()
+                .attr(HttpClientLifecycleChannelHandler.ATTR_OUTBOUND_LAST_CONTENT_PENDING)
+                .get());
+    }
+
     private static String getConnectionHeader(CompleteEvent completeEvt) {
         HttpResponse response = completeEvt.getResponse();
         if (response != null) {

zuul-core/src/main/java/com/netflix/zuul/netty/connectionpool/ConnectionPoolMetrics.java

@@ -50,7 +50,8 @@ public record ConnectionPoolMetrics(
         Counter inactiveCounter,
         Counter errorCounter,
         Counter headerCloseCounter,
-        Counter sslCloseCompletionCounter) {
+        Counter sslCloseCompletionCounter,
+        Counter outboundIncompleteCounter) {
 
     public static ConnectionPoolMetrics create(OriginName originName, Registry registry) {
         Counter createNewConnCounter = newCounter("connectionpool_create", originName, registry);
@@ -77,6 +78,7 @@ public static ConnectionPoolMetrics create(OriginName originName, Registry regis
         Counter errorCounter = newCounter("connectionpool_error", originName, registry);
         Counter headerCloseCounter = newCounter("connectionpool_headerClose", originName, registry);
         Counter sslCloseCompletionCounter = newCounter("connectionpool_sslClose", originName, registry);
+        Counter outboundIncompleteCounter = newCounter("connectionpool_outboundIncomplete", originName, registry);
 
         PercentileTimer connEstablishTimer = PercentileTimer.get(
                 registry, registry.createId("connectionpool_createTiming", "id", originName.getMetricId()));
@@ -107,7 +109,8 @@ public static ConnectionPoolMetrics create(OriginName originName, Registry regis
                 inactiveCounter,
                 errorCounter,
                 headerCloseCounter,
-                sslCloseCompletionCounter);
+                sslCloseCompletionCounter,
+                outboundIncompleteCounter);
     }
 
     private static Counter newCounter(String metricName, OriginName originName, Registry registry) {

zuul-core/src/test/java/com/netflix/netty/common/HttpClientLifecycleChannelHandlerTest.java

@@ -0,0 +1,83 @@
+/*
+ * Copyright 2026 Netflix, Inc.
+ *
+ *      Licensed under the Apache License, Version 2.0 (the "License");
+ *      you may not use this file except in compliance with the License.
+ *      You may obtain a copy of the License at
+ *
+ *          http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing, software
+ *      distributed under the License is distributed on an "AS IS" BASIS,
+ *      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *      See the License for the specific language governing permissions and
+ *      limitations under the License.
+ */
+
+package com.netflix.netty.common;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import io.netty.buffer.Unpooled;
+import io.netty.channel.embedded.EmbeddedChannel;
+import io.netty.handler.codec.http.DefaultHttpContent;
+import io.netty.handler.codec.http.DefaultHttpRequest;
+import io.netty.handler.codec.http.DefaultLastHttpContent;
+import io.netty.handler.codec.http.HttpMethod;
+import io.netty.handler.codec.http.HttpVersion;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+
+class HttpClientLifecycleChannelHandlerTest {
+
+    private EmbeddedChannel channel;
+
+    @BeforeEach
+    void setup() {
+        channel = new EmbeddedChannel(HttpClientLifecycleChannelHandler.OUTBOUND_CHANNEL_HANDLER);
+    }
+
+    @AfterEach
+    void tearDown() {
+        channel.finishAndReleaseAll();
+    }
+
+    @Test
+    void lastContentPendingAfterRequestHeadersOnly() {
+        channel.writeOutbound(new DefaultHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.POST, "/foo"));
+        channel.writeOutbound(new DefaultHttpContent(Unpooled.wrappedBuffer(new byte[] {1, 2, 3})));
+
+        assertThat(channel.attr(HttpClientLifecycleChannelHandler.ATTR_OUTBOUND_LAST_CONTENT_PENDING)
+                        .get())
+                .isEqualTo(Boolean.TRUE);
+    }
+
+    @Test
+    void lastContentPendingClearedAfterLastHttpContent() {
+        channel.writeOutbound(new DefaultHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.POST, "/foo"));
+        channel.writeOutbound(new DefaultHttpContent(Unpooled.wrappedBuffer(new byte[] {1, 2, 3})));
+        channel.writeOutbound(new DefaultLastHttpContent());
+
+        assertThat(channel.attr(HttpClientLifecycleChannelHandler.ATTR_OUTBOUND_LAST_CONTENT_PENDING)
+                        .get())
+                .isNull();
+    }
+
+    @Test
+    void lastContentPendingResetsOnNewRequest() {
+        channel.writeOutbound(new DefaultHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, "/first"));
+        channel.writeOutbound(new DefaultLastHttpContent());
+        assertThat(channel.attr(HttpClientLifecycleChannelHandler.ATTR_OUTBOUND_LAST_CONTENT_PENDING)
+                        .get())
+                .isNull();
+
+        // mimic the response side completing the previous request so a second start event will fire
+        channel.attr(HttpLifecycleChannelHandler.ATTR_STATE).set(null);
+
+        channel.writeOutbound(new DefaultHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.POST, "/second"));
+        assertThat(channel.attr(HttpClientLifecycleChannelHandler.ATTR_OUTBOUND_LAST_CONTENT_PENDING)
+                        .get())
+                .isEqualTo(Boolean.TRUE);
+    }
+}

zuul-core/src/test/java/com/netflix/zuul/netty/connectionpool/ConnectionPoolHandlerTest.java

@@ -0,0 +1,93 @@
+/*
+ * Copyright 2026 Netflix, Inc.
+ *
+ *      Licensed under the Apache License, Version 2.0 (the "License");
+ *      you may not use this file except in compliance with the License.
+ *      You may obtain a copy of the License at
+ *
+ *          http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing, software
+ *      distributed under the License is distributed on an "AS IS" BASIS,
+ *      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *      See the License for the specific language governing permissions and
+ *      limitations under the License.
+ */
+
+package com.netflix.zuul.netty.connectionpool;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.verify;
+
+import com.netflix.netty.common.HttpClientLifecycleChannelHandler;
+import com.netflix.netty.common.HttpLifecycleChannelHandler.CompleteEvent;
+import com.netflix.netty.common.HttpLifecycleChannelHandler.CompleteReason;
+import com.netflix.spectator.api.DefaultRegistry;
+import com.netflix.zuul.discovery.DiscoveryResult;
+import com.netflix.zuul.origins.OriginName;
+import io.netty.channel.embedded.EmbeddedChannel;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+@ExtendWith(MockitoExtension.class)
+class ConnectionPoolHandlerTest {
+
+    @Mock
+    private ClientChannelManager channelManager;
+
+    private DefaultRegistry registry;
+    private ConnectionPoolMetrics metrics;
+    private ConnectionPoolHandler handler;
+    private EmbeddedChannel channel;
+
+    @BeforeEach
+    void setup() {
+        registry = new DefaultRegistry();
+        OriginName originName = OriginName.fromVipAndApp("whatever", "whatever");
+        metrics = ConnectionPoolMetrics.create(originName, registry);
+        handler = new ConnectionPoolHandler(metrics);
+        channel = new EmbeddedChannel(handler);
+    }
+
+    @AfterEach
+    void tearDown() {
+        channel.finishAndReleaseAll();
+    }
+
+    @Test
+    void sessionCompleteReleasesConnectionToPoolWhenNothingPending() {
+        PooledConnection conn = newPooledConnection();
+
+        channel.pipeline().fireUserEventTriggered(new CompleteEvent(CompleteReason.SESSION_COMPLETE, null, null));
+
+        verify(channelManager).release(conn);
+        assertThat(metrics.outboundIncompleteCounter().count()).isZero();
+        assertThat(channel.isOpen()).isTrue();
+    }
+
+    @Test
+    void sessionCompleteClosesConnectionWhenLastContentStillPending() {
+        PooledConnection conn = newPooledConnection();
+        channel.attr(HttpClientLifecycleChannelHandler.ATTR_OUTBOUND_LAST_CONTENT_PENDING)
+                .set(Boolean.TRUE);
+
+        channel.pipeline().fireUserEventTriggered(new CompleteEvent(CompleteReason.SESSION_COMPLETE, null, null));
+
+        assertThat(metrics.outboundIncompleteCounter().count()).isEqualTo(1);
+        assertThat(conn.isShouldClose()).isTrue();
+        verify(channelManager).release(conn);
+    }
+
+    private PooledConnection newPooledConnection() {
+        return new PooledConnection(
+                channel,
+                DiscoveryResult.EMPTY,
+                channelManager,
+                registry.counter("close"),
+                registry.counter("closeBusy"));
+    }
+}

zuul-core/src/test/java/com/netflix/zuul/netty/connectionpool/ConnectionPoolMetricsTest.java

@@ -60,6 +60,7 @@ public void validateMetricNames() {
         validateCounter("connectionpool_error", metrics.errorCounter());
         validateCounter("connectionpool_headerClose", metrics.headerCloseCounter());
         validateCounter("connectionpool_sslClose", metrics.sslCloseCompletionCounter());
+        validateCounter("connectionpool_outboundIncomplete", metrics.outboundIncompleteCounter());
     }
 
     private void validateCounter(String name, Counter counter) {

zuul-integration-test/build.gradle

@@ -14,7 +14,7 @@ dependencies {
 
     testImplementation 'org.wiremock:wiremock:3.10.0'
     testImplementation 'javax.servlet:javax.servlet-api:4.0.1'
-    testImplementation libraries.assertj, libraries.jupiterApi, libraries.jupiterParams, libraries.jupiterEngine, libraries.junitPlatformLauncher, libraries.jupiterMockito, libraries.okhttp
+    testImplementation libraries.assertj, libraries.awaitility, libraries.jupiterApi, libraries.jupiterParams, libraries.jupiterEngine, libraries.junitPlatformLauncher, libraries.jupiterMockito, libraries.okhttp
     testImplementation "io.netty:netty-transport-native-io_uring"
 //    testImplementation "io.netty.incubator:netty-transport-native-io_uring::linux-x86_64"
     testImplementation "org.slf4j:slf4j-api:2.0.16"