grpc 1.69.0 → 1.70.1

data/src/core/ext/transport/chttp2/server/chttp2_server.cc

@@ -82,6 +82,7 @@
 #include "src/core/lib/transport/transport.h"
 #include "src/core/server/server.h"
 #include "src/core/util/debug_location.h"
+#include "src/core/util/match.h"
 #include "src/core/util/orphanable.h"
 #include "src/core/util/ref_counted_ptr.h"
 #include "src/core/util/status_helper.h"
@@ -107,24 +108,26 @@ const char kUnixUriPrefix[] = "unix:";
 const char kUnixAbstractUriPrefix[] = "unix-abstract:";
 const char kVSockUriPrefix[] = "vsock:";
 
-struct AcceptorDeleter {
-  void operator()(grpc_tcp_server_acceptor* acceptor) const {
-    gpr_free(acceptor);
-  }
-};
+namespace {
+Timestamp GetConnectionDeadline(const ChannelArgs& args) {
+  return Timestamp::Now() +
+         std::max(
+             Duration::Milliseconds(1),
+             args.GetDurationFromIntMillis(GRPC_ARG_SERVER_HANDSHAKE_TIMEOUT_MS)
+                 .value_or(Duration::Minutes(2)));
+}
+}  // namespace
+
 using AcceptorPtr = std::unique_ptr<grpc_tcp_server_acceptor, AcceptorDeleter>;
 
 class Chttp2ServerListener : public Server::ListenerInterface {
  public:
   static grpc_error_handle Create(Server* server,
                                   const EventEngine::ResolvedAddress& addr,
-                                  const ChannelArgs& args,
-                                  Chttp2ServerArgsModifier args_modifier,
-                                  int* port_num);
+                                  const ChannelArgs& args, int* port_num);
 
-  static grpc_error_handle CreateWithAcceptor(
-      Server* server, const char* name, const ChannelArgs& args,
-      Chttp2ServerArgsModifier args_modifier);
+  static grpc_error_handle CreateWithAcceptor(Server* server, const char* name,
+                                              const ChannelArgs& args);
 
   static Chttp2ServerListener* CreateForPassiveListener(
       Server* server, const ChannelArgs& args,
@@ -132,14 +135,12 @@ class Chttp2ServerListener : public Server::ListenerInterface {
 
   // Do not instantiate directly.  Use one of the factory methods above.
   Chttp2ServerListener(Server* server, const ChannelArgs& args,
-                       Chttp2ServerArgsModifier args_modifier,
-                       grpc_server_config_fetcher* config_fetcher,
+                       ServerConfigFetcher* config_fetcher,
                        std::shared_ptr<experimental::PassiveListenerImpl>
                            passive_listener = nullptr);
   ~Chttp2ServerListener() override;
 
-  void Start(Server* server,
-             const std::vector<grpc_pollset*>* pollsets) override;
+  void Start() override;
 
   void AcceptConnectedEndpoint(std::unique_ptr<EventEngine::Endpoint> endpoint);
 
@@ -147,6 +148,15 @@ class Chttp2ServerListener : public Server::ListenerInterface {
     return channelz_listen_socket_.get();
   }
 
+  void SetServerListenerState(
+      RefCountedPtr<Server::ListenerState> /*listener_state*/) override {}
+
+  const grpc_resolved_address* resolved_address() const override {
+    // Should only be invoked with experiment server_listener
+    Crash("Illegal");
+    return nullptr;
+  }
+
   void SetOnDestroyDone(grpc_closure* on_destroy_done) override;
 
   void Orphan() override;
@@ -154,14 +164,13 @@ class Chttp2ServerListener : public Server::ListenerInterface {
  private:
   friend class experimental::PassiveListenerImpl;
 
-  class ConfigFetcherWatcher
-      : public grpc_server_config_fetcher::WatcherInterface {
+  class ConfigFetcherWatcher : public ServerConfigFetcher::WatcherInterface {
    public:
     explicit ConfigFetcherWatcher(RefCountedPtr<Chttp2ServerListener> listener)
         : listener_(std::move(listener)) {}
 
     void UpdateConnectionManager(
-        RefCountedPtr<grpc_server_config_fetcher::ConnectionManager>
+        RefCountedPtr<ServerConfigFetcher::ConnectionManager>
             connection_manager) override;
 
     void StopServing() override;
@@ -267,12 +276,11 @@ class Chttp2ServerListener : public Server::ListenerInterface {
   Server* const server_ = nullptr;
   grpc_tcp_server* tcp_server_ = nullptr;
   grpc_resolved_address resolved_address_;
-  Chttp2ServerArgsModifier const args_modifier_;
   ConfigFetcherWatcher* config_fetcher_watcher_ = nullptr;
   ChannelArgs args_;
   Mutex mu_;
-  RefCountedPtr<grpc_server_config_fetcher::ConnectionManager>
-      connection_manager_ ABSL_GUARDED_BY(mu_);
+  RefCountedPtr<ServerConfigFetcher::ConnectionManager> connection_manager_
+      ABSL_GUARDED_BY(mu_);
   // Signals whether grpc_tcp_server_start() has been called.
   bool started_ ABSL_GUARDED_BY(mu_) = false;
   // Signals whether grpc_tcp_server_start() has completed.
@@ -288,7 +296,7 @@ class Chttp2ServerListener : public Server::ListenerInterface {
   RefCountedPtr<channelz::ListenSocketNode> channelz_listen_socket_;
   MemoryQuotaRefPtr memory_quota_;
   ConnectionQuotaRefPtr connection_quota_;
-  grpc_server_config_fetcher* config_fetcher_ = nullptr;
+  ServerConfigFetcher* config_fetcher_ = nullptr;
   // TODO(yashykt): consider using absl::variant<> to minimize memory usage for
   // disjoint cases where different fields are used.
   std::shared_ptr<experimental::PassiveListenerImpl> passive_listener_;
@@ -299,9 +307,8 @@ class Chttp2ServerListener : public Server::ListenerInterface {
 //
 
 void Chttp2ServerListener::ConfigFetcherWatcher::UpdateConnectionManager(
-    RefCountedPtr<grpc_server_config_fetcher::ConnectionManager>
-        connection_manager) {
-  RefCountedPtr<grpc_server_config_fetcher::ConnectionManager>
+    RefCountedPtr<ServerConfigFetcher::ConnectionManager> connection_manager) {
+  RefCountedPtr<ServerConfigFetcher::ConnectionManager>
       connection_manager_to_destroy;
   class GracefulShutdownExistingConnections {
    public:
@@ -369,14 +376,6 @@ void Chttp2ServerListener::ConfigFetcherWatcher::StopServing() {
 // Chttp2ServerListener::ActiveConnection::HandshakingState
 //
 
-Timestamp GetConnectionDeadline(const ChannelArgs& args) {
-  return Timestamp::Now() +
-         std::max(
-             Duration::Milliseconds(1),
-             args.GetDurationFromIntMillis(GRPC_ARG_SERVER_HANDSHAKE_TIMEOUT_MS)
-                 .value_or(Duration::Seconds(120)));
-}
-
 Chttp2ServerListener::ActiveConnection::HandshakingState::HandshakingState(
     RefCountedPtr<ActiveConnection> connection_ref,
     grpc_pollset* accepting_pollset, AcceptorPtr acceptor,
@@ -708,11 +707,10 @@ void Chttp2ServerListener::ActiveConnection::OnDrainGraceTimeExpiry() {
 
 grpc_error_handle Chttp2ServerListener::Create(
     Server* server, const EventEngine::ResolvedAddress& addr,
-    const ChannelArgs& args, Chttp2ServerArgsModifier args_modifier,
-    int* port_num) {
+    const ChannelArgs& args, int* port_num) {
   // Create Chttp2ServerListener.
   OrphanablePtr<Chttp2ServerListener> listener =
-      MakeOrphanable<Chttp2ServerListener>(server, args, args_modifier,
+      MakeOrphanable<Chttp2ServerListener>(server, args,
                                            server->config_fetcher());
   // The tcp_server will be unreffed when the listener is orphaned, which could
   // be at the end of this function if the listener was not added to the
@@ -752,10 +750,9 @@ grpc_error_handle Chttp2ServerListener::Create(
 }
 
 grpc_error_handle Chttp2ServerListener::CreateWithAcceptor(
-    Server* server, const char* name, const ChannelArgs& args,
-    Chttp2ServerArgsModifier args_modifier) {
+    Server* server, const char* name, const ChannelArgs& args) {
   auto listener = MakeOrphanable<Chttp2ServerListener>(
-      server, args, args_modifier, server->config_fetcher());
+      server, args, server->config_fetcher());
   grpc_error_handle error = grpc_tcp_server_create(
       &listener->tcp_server_shutdown_complete_, ChannelArgsEndpointConfig(args),
       OnAccept, listener.get(), &listener->tcp_server_);
@@ -772,9 +769,7 @@ Chttp2ServerListener* Chttp2ServerListener::CreateForPassiveListener(
     std::shared_ptr<experimental::PassiveListenerImpl> passive_listener) {
   // TODO(hork): figure out how to handle channelz in this case
   auto listener = MakeOrphanable<Chttp2ServerListener>(
-      server, args, /*args_modifier=*/
-      [](const ChannelArgs& args, grpc_error_handle*) { return args; }, nullptr,
-      std::move(passive_listener));
+      server, args, nullptr, std::move(passive_listener));
   auto listener_ptr = listener.get();
   server->AddListener(std::move(listener));
   return listener_ptr;
@@ -782,11 +777,9 @@ Chttp2ServerListener* Chttp2ServerListener::CreateForPassiveListener(
 
 Chttp2ServerListener::Chttp2ServerListener(
     Server* server, const ChannelArgs& args,
-    Chttp2ServerArgsModifier args_modifier,
-    grpc_server_config_fetcher* config_fetcher,
+    ServerConfigFetcher* config_fetcher,
     std::shared_ptr<experimental::PassiveListenerImpl> passive_listener)
     : server_(server),
-      args_modifier_(args_modifier),
       args_(args),
       memory_quota_(args.GetObject<ResourceQuota>()->memory_quota()),
       connection_quota_(MakeRefCounted<ConnectionQuota>()),
@@ -812,8 +805,7 @@ Chttp2ServerListener::~Chttp2ServerListener() {
 }
 
 // Server callback: start listening on our ports
-void Chttp2ServerListener::Start(
-    Server* /*server*/, const std::vector<grpc_pollset*>* /* pollsets */) {
+void Chttp2ServerListener::Start() {
   if (config_fetcher_ != nullptr) {
     auto watcher = std::make_unique<ConfigFetcherWatcher>(
         RefAsSubclass<Chttp2ServerListener>());
@@ -848,6 +840,27 @@ void Chttp2ServerListener::AcceptConnectedEndpoint(
            /*accepting_pollset=*/nullptr, /*acceptor=*/nullptr);
 }
 
+namespace {
+
+ChannelArgs ModifyArgsForConnection(const ChannelArgs& args,
+                                    grpc_error_handle* error) {
+  auto* server_credentials = args.GetObject<grpc_server_credentials>();
+  if (server_credentials == nullptr) {
+    *error = GRPC_ERROR_CREATE("Could not find server credentials");
+    return args;
+  }
+  auto security_connector = server_credentials->create_security_connector(args);
+  if (security_connector == nullptr) {
+    *error = GRPC_ERROR_CREATE(
+        absl::StrCat("Unable to create secure server with credentials of type ",
+                     server_credentials->type().name()));
+    return args;
+  }
+  return args.SetObject(security_connector);
+}
+
+}  // namespace
+
 void Chttp2ServerListener::OnAccept(void* arg, grpc_endpoint* tcp,
                                     grpc_pollset* accepting_pollset,
                                     grpc_tcp_server_acceptor* server_acceptor) {
@@ -855,8 +868,7 @@ void Chttp2ServerListener::OnAccept(void* arg, grpc_endpoint* tcp,
   ChannelArgs args = self->args_;
   OrphanablePtr<grpc_endpoint> endpoint(tcp);
   AcceptorPtr acceptor(server_acceptor);
-  RefCountedPtr<grpc_server_config_fetcher::ConnectionManager>
-      connection_manager;
+  RefCountedPtr<ServerConfigFetcher::ConnectionManager> connection_manager;
   {
     MutexLock lock(&self->mu_);
     connection_manager = self->connection_manager_;
@@ -875,7 +887,7 @@ void Chttp2ServerListener::OnAccept(void* arg, grpc_endpoint* tcp,
       return;
     }
     grpc_error_handle error;
-    args = self->args_modifier_(*args_result, &error);
+    args = ModifyArgsForConnection(*args_result, &error);
     if (!error.ok()) {
       return;
     }
@@ -953,19 +965,498 @@ void Chttp2ServerListener::Orphan() {
 }
 
 //
-// Chttp2ServerAddPort()
+// NewChttp2ServerListener::ActiveConnection::HandshakingState
+//
+
+NewChttp2ServerListener::ActiveConnection::HandshakingState::HandshakingState(
+    RefCountedPtr<ActiveConnection> connection_ref, grpc_tcp_server* tcp_server,
+    grpc_pollset* accepting_pollset, AcceptorPtr acceptor,
+    const ChannelArgs& args, OrphanablePtr<grpc_endpoint> endpoint)
+    : connection_(std::move(connection_ref)),
+      tcp_server_(tcp_server),
+      accepting_pollset_(accepting_pollset),
+      acceptor_(std::move(acceptor)),
+      interested_parties_(grpc_pollset_set_create()),
+      deadline_(GetConnectionDeadline(args)),
+      endpoint_(std::move(endpoint)),
+      handshake_mgr_(MakeRefCounted<HandshakeManager>()) {
+  if (accepting_pollset != nullptr) {
+    grpc_pollset_set_add_pollset(interested_parties_, accepting_pollset_);
+  }
+}
+
+NewChttp2ServerListener::ActiveConnection::HandshakingState::
+    ~HandshakingState() {
+  if (accepting_pollset_ != nullptr) {
+    grpc_pollset_set_del_pollset(interested_parties_, accepting_pollset_);
+  }
+  grpc_pollset_set_destroy(interested_parties_);
+  if (tcp_server_ != nullptr) {
+    grpc_tcp_server_unref(tcp_server_);
+  }
+}
+
+void NewChttp2ServerListener::ActiveConnection::HandshakingState::Orphan() {
+  connection_->work_serializer_.Run(
+      [this] {
+        ShutdownLocked(absl::UnavailableError("Listener stopped serving."));
+        Unref();
+      },
+      DEBUG_LOCATION);
+}
+
+void NewChttp2ServerListener::ActiveConnection::HandshakingState::StartLocked(
+    const ChannelArgs& channel_args) {
+  if (handshake_mgr_ == nullptr) {
+    // The connection is already shutting down.
+    return;
+  }
+  CoreConfiguration::Get().handshaker_registry().AddHandshakers(
+      HANDSHAKER_SERVER, channel_args, interested_parties_,
+      handshake_mgr_.get());
+  handshake_mgr_->DoHandshake(
+      std::move(endpoint_), channel_args, deadline_, acceptor_.get(),
+      [self = Ref()](absl::StatusOr<HandshakerArgs*> result) mutable {
+        auto* self_ptr = self.get();
+        self_ptr->connection_->work_serializer_.Run(
+            [self = std::move(self), result = std::move(result)]() mutable {
+              self->OnHandshakeDoneLocked(std::move(result));
+            },
+            DEBUG_LOCATION);
+      });
+}
+
+void NewChttp2ServerListener::ActiveConnection::HandshakingState::
+    ShutdownLocked(absl::Status status) {
+  if (handshake_mgr_ != nullptr) {
+    handshake_mgr_->Shutdown(std::move(status));
+  }
+}
+
+void NewChttp2ServerListener::ActiveConnection::HandshakingState::
+    OnTimeoutLocked() {
+  if (!timer_handle_.has_value()) {
+    return;
+  }
+  timer_handle_.reset();
+  auto t = absl::get<RefCountedPtr<grpc_chttp2_transport>>(connection_->state_);
+  t->DisconnectWithError(GRPC_ERROR_CREATE(
+      "Did not receive HTTP/2 settings before handshake timeout"));
+}
+
+void NewChttp2ServerListener::ActiveConnection::HandshakingState::
+    OnReceiveSettings(void* arg, grpc_error_handle /* error */) {
+  HandshakingState* self = static_cast<HandshakingState*>(arg);
+  self->connection_->work_serializer_.Run(
+      [self] {
+        if (self->timer_handle_.has_value()) {
+          self->connection_->listener_state_->event_engine()->Cancel(
+              *self->timer_handle_);
+          self->timer_handle_.reset();
+        }
+        self->Unref();
+      },
+      DEBUG_LOCATION);
+}
+
+void NewChttp2ServerListener::ActiveConnection::HandshakingState::
+    OnHandshakeDoneLocked(absl::StatusOr<HandshakerArgs*> result) {
+  OrphanablePtr<HandshakingState> handshaking_state_ref;
+  RefCountedPtr<HandshakeManager> handshake_mgr;
+  // If the handshaking succeeded but there is no endpoint, then the
+  // handshaker may have handed off the connection to some external
+  // code, so we can just clean up here without creating a transport.
+  if (!connection_->shutdown_ && result.ok() &&
+      (*result)->endpoint != nullptr) {
+    RefCountedPtr<Transport> transport =
+        grpc_create_chttp2_transport((*result)->args,
+                                     std::move((*result)->endpoint), false)
+            ->Ref();
+    grpc_error_handle channel_init_err =
+        connection_->listener_state_->server()->SetupTransport(
+            transport.get(), accepting_pollset_, (*result)->args,
+            grpc_chttp2_transport_get_socket_node(transport.get()));
+    if (channel_init_err.ok()) {
+      // Use notify_on_receive_settings callback to enforce the
+      // handshake deadline.
+      connection_->state_ =
+          DownCast<grpc_chttp2_transport*>(transport.get())->Ref();
+      Ref().release();  // Held by OnReceiveSettings().
+      GRPC_CLOSURE_INIT(&on_receive_settings_, OnReceiveSettings, this,
+                        grpc_schedule_on_exec_ctx);
+      grpc_closure* on_close = &connection_->on_close_;
+      // Refs helds by OnClose()
+      connection_->Ref().release();
+      grpc_chttp2_transport_start_reading(
+          transport.get(), (*result)->read_buffer.c_slice_buffer(),
+          &on_receive_settings_, nullptr, on_close);
+      timer_handle_ = connection_->listener_state_->event_engine()->RunAfter(
+          deadline_ - Timestamp::Now(), [self = Ref()]() mutable {
+            // HandshakingState deletion might require an active ExecCtx.
+            ApplicationCallbackExecCtx callback_exec_ctx;
+            ExecCtx exec_ctx;
+            auto* self_ptr = self.get();
+            self_ptr->connection_->work_serializer_.Run(
+                [self = std::move(self)]() { self->OnTimeoutLocked(); },
+                DEBUG_LOCATION);
+          });
+    } else {
+      // Failed to create channel from transport. Clean up.
+      LOG(ERROR) << "Failed to create channel: "
+                 << StatusToString(channel_init_err);
+      transport->Orphan();
+    }
+  }
+  // Since the handshake manager is done, the connection no longer needs to
+  // shutdown the handshake when the listener needs to stop serving.
+  handshake_mgr_.reset();
+  connection_->listener_state_->OnHandshakeDone(connection_.get());
+  // Clean up if we don't have a transport
+  if (!absl::holds_alternative<RefCountedPtr<grpc_chttp2_transport>>(
+          connection_->state_)) {
+    connection_->listener_state_->connection_quota()->ReleaseConnections(1);
+    connection_->listener_state_->RemoveLogicalConnection(connection_.get());
+  }
+}
+
+//
+// NewChttp2ServerListener::ActiveConnection
+//
+
+NewChttp2ServerListener::ActiveConnection::ActiveConnection(
+    RefCountedPtr<Server::ListenerState> listener_state,
+    grpc_tcp_server* tcp_server, grpc_pollset* accepting_pollset,
+    AcceptorPtr acceptor, const ChannelArgs& args, MemoryOwner memory_owner,
+    OrphanablePtr<grpc_endpoint> endpoint)
+    : listener_state_(std::move(listener_state)),
+      work_serializer_(
+          args.GetObjectRef<grpc_event_engine::experimental::EventEngine>()),
+      state_(memory_owner.MakeOrphanable<HandshakingState>(
+          RefAsSubclass<ActiveConnection>(), tcp_server, accepting_pollset,
+          std::move(acceptor), args, std::move(endpoint))) {
+  GRPC_CLOSURE_INIT(&on_close_, ActiveConnection::OnClose, this,
+                    grpc_schedule_on_exec_ctx);
+}
+
+void NewChttp2ServerListener::ActiveConnection::Orphan() {
+  work_serializer_.Run(
+      [this]() {
+        // If ActiveConnection is orphaned before handshake is established,
+        // shutdown the handshaker. If the server is stopping to serve or
+        // shutting down and a transport has already been established, GOAWAYs
+        // should be sent separately.
+        shutdown_ = true;
+        if (absl::holds_alternative<OrphanablePtr<HandshakingState>>(state_)) {
+          state_ = OrphanablePtr<HandshakingState>(nullptr);
+        }
+        Unref();
+      },
+      DEBUG_LOCATION);
+}
+
+void NewChttp2ServerListener::ActiveConnection::SendGoAway() {
+  work_serializer_.Run(
+      [self = RefAsSubclass<ActiveConnection>()]() mutable {
+        self->SendGoAwayImplLocked();
+      },
+      DEBUG_LOCATION);
+}
+
+void NewChttp2ServerListener::ActiveConnection::DisconnectImmediately() {
+  work_serializer_.Run(
+      [self = RefAsSubclass<ActiveConnection>()]() mutable {
+        self->DisconnectImmediatelyImplLocked();
+      },
+      DEBUG_LOCATION);
+}
+
+void NewChttp2ServerListener::ActiveConnection::Start(const ChannelArgs& args) {
+  work_serializer_.Run(
+      [self = RefAsSubclass<ActiveConnection>(), args]() mutable {
+        // If the Connection is already shutdown at this point, it implies the
+        // owning NewChttp2ServerListener and all associated
+        // ActiveConnections have been orphaned.
+        if (self->shutdown_) return;
+        absl::get<OrphanablePtr<HandshakingState>>(self->state_)
+            ->StartLocked(args);
+      },
+      DEBUG_LOCATION);
+}
+
+void NewChttp2ServerListener::ActiveConnection::OnClose(
+    void* arg, grpc_error_handle /* error */) {
+  ActiveConnection* self = static_cast<ActiveConnection*>(arg);
+  self->listener_state_->RemoveLogicalConnection(self);
+  self->listener_state_->connection_quota()->ReleaseConnections(1);
+  self->Unref();
+}
+
+void NewChttp2ServerListener::ActiveConnection::SendGoAwayImplLocked() {
+  if (!shutdown_) {
+    shutdown_ = true;
+    Match(
+        state_,
+        [](const OrphanablePtr<HandshakingState>& handshaking_state) {
+          // Shutdown the handshaker if it's still in progress.
+          if (handshaking_state != nullptr) {
+            handshaking_state->ShutdownLocked(
+                absl::UnavailableError("Connection going away"));
+          }
+        },
+        [](const RefCountedPtr<grpc_chttp2_transport>& transport) {
+          // Send a GOAWAY if the transport exists
+          if (transport != nullptr) {
+            grpc_transport_op* op = grpc_make_transport_op(nullptr);
+            op->goaway_error =
+                GRPC_ERROR_CREATE("Server is stopping to serve requests.");
+            transport->PerformOp(op);
+          }
+        });
+  }
+}
+
+void NewChttp2ServerListener::ActiveConnection::
+    DisconnectImmediatelyImplLocked() {
+  shutdown_ = true;
+  Match(
+      state_,
+      [](const OrphanablePtr<HandshakingState>& handshaking_state) {
+        // Shutdown the handshaker if it's still in progress.
+        if (handshaking_state != nullptr) {
+          handshaking_state->ShutdownLocked(
+              absl::UnavailableError("Connection to be disconnected"));
+        }
+      },
+      [](const RefCountedPtr<grpc_chttp2_transport>& transport) {
+        // Disconnect immediately if the transport exists
+        if (transport != nullptr) {
+          grpc_transport_op* op = grpc_make_transport_op(nullptr);
+          op->disconnect_with_error = GRPC_ERROR_CREATE(
+              "Drain grace time expired. Closing connection immediately.");
+          transport->PerformOp(op);
+        }
+      });
+}
+
+//
+// NewChttp2ServerListener
 //
 
+grpc_error_handle NewChttp2ServerListener::Create(
+    Server* server, const EventEngine::ResolvedAddress& addr,
+    const ChannelArgs& args, int* port_num) {
+  // Create NewChttp2ServerListener.
+  OrphanablePtr<NewChttp2ServerListener> listener =
+      MakeOrphanable<NewChttp2ServerListener>(args);
+  // The tcp_server will be unreffed when the listener is orphaned, which
+  // could be at the end of this function if the listener was not added to the
+  // server's set of listeners.
+  grpc_error_handle error = grpc_tcp_server_create(
+      &listener->tcp_server_shutdown_complete_, ChannelArgsEndpointConfig(args),
+      OnAccept, listener.get(), &listener->tcp_server_);
+  if (!error.ok()) return error;
+  // TODO(yijiem): remove this conversion when we remove all
+  // grpc_resolved_address usages.
+  grpc_resolved_address iomgr_addr =
+      grpc_event_engine::experimental::CreateGRPCResolvedAddress(addr);
+  if (server->config_fetcher() != nullptr) {
+    // TODO(yashykt): Consider binding so as to be able to return the port
+    // number.
+    listener->resolved_address_ = iomgr_addr;
+    {
+      MutexLock lock(&listener->mu_);
+      listener->add_port_on_start_ = true;
+    }
+  } else {
+    error =
+        grpc_tcp_server_add_port(listener->tcp_server_, &iomgr_addr, port_num);
+    if (!error.ok()) return error;
+  }
+  // Create channelz node.
+  if (args.GetBool(GRPC_ARG_ENABLE_CHANNELZ)
+          .value_or(GRPC_ENABLE_CHANNELZ_DEFAULT)) {
+    auto string_address =
+        grpc_event_engine::experimental::ResolvedAddressToString(addr);
+    if (!string_address.ok()) {
+      return GRPC_ERROR_CREATE(string_address.status().ToString());
+    }
+    listener->channelz_listen_socket_ =
+        MakeRefCounted<channelz::ListenSocketNode>(
+            *string_address, absl::StrCat("chttp2 listener ", *string_address));
+  }
+  // Register with the server only upon success
+  server->AddListener(std::move(listener));
+  return absl::OkStatus();
+}
+
+grpc_error_handle NewChttp2ServerListener::CreateWithAcceptor(
+    Server* server, const char* name, const ChannelArgs& args) {
+  auto listener = MakeOrphanable<NewChttp2ServerListener>(args);
+  grpc_error_handle error = grpc_tcp_server_create(
+      &listener->tcp_server_shutdown_complete_, ChannelArgsEndpointConfig(args),
+      OnAccept, listener.get(), &listener->tcp_server_);
+  if (!error.ok()) return error;
+  // TODO(yangg) channelz
+  TcpServerFdHandler** arg_val = args.GetPointer<TcpServerFdHandler*>(name);
+  *arg_val = grpc_tcp_server_create_fd_handler(listener->tcp_server_);
+  server->AddListener(std::move(listener));
+  return absl::OkStatus();
+}
+
+NewChttp2ServerListener* NewChttp2ServerListener::CreateForPassiveListener(
+    Server* server, const ChannelArgs& args,
+    std::shared_ptr<experimental::PassiveListenerImpl> passive_listener) {
+  // TODO(hork): figure out how to handle channelz in this case
+  auto listener = MakeOrphanable<NewChttp2ServerListener>(
+      args, std::move(passive_listener));
+  auto listener_ptr = listener.get();
+  server->AddListener(std::move(listener));
+  return listener_ptr;
+}
+
+NewChttp2ServerListener::NewChttp2ServerListener(
+    const ChannelArgs& args,
+    std::shared_ptr<experimental::PassiveListenerImpl> passive_listener)
+    : args_(args), passive_listener_(std::move(passive_listener)) {
+  GRPC_CLOSURE_INIT(&tcp_server_shutdown_complete_, TcpServerShutdownComplete,
+                    this, grpc_schedule_on_exec_ctx);
+}
+
+NewChttp2ServerListener::~NewChttp2ServerListener() {
+  if (passive_listener_ != nullptr) {
+    passive_listener_->ListenerDestroyed();
+  }
+  if (on_destroy_done_ != nullptr) {
+    ExecCtx::Run(DEBUG_LOCATION, on_destroy_done_, absl::OkStatus());
+  }
+}
+
+void NewChttp2ServerListener::Start() {
+  bool should_add_port = false;
+  grpc_tcp_server* tcp_server = nullptr;
+  {
+    MutexLock lock(&mu_);
+    if (!shutdown_) {
+      should_add_port = std::exchange(add_port_on_start_, false);
+      // Hold a ref while we start the server
+      if (tcp_server_ != nullptr) {
+        grpc_tcp_server_ref(tcp_server_);
+        tcp_server = tcp_server_;
+      }
+    }
+  }
+  if (should_add_port) {
+    int port_temp;
+    grpc_error_handle error =
+        grpc_tcp_server_add_port(tcp_server_, resolved_address(), &port_temp);
+    if (!error.ok()) {
+      LOG(ERROR) << "Error adding port to server: " << StatusToString(error);
+      // TODO(yashykt): We wouldn't need to assert here if we bound to the
+      // port earlier during AddPort.
+      CHECK(0);
+    }
+  }
+  if (tcp_server != nullptr) {
+    grpc_tcp_server_start(tcp_server, &listener_state_->server()->pollsets());
+    // Give up the ref we took earlier
+    grpc_tcp_server_unref(tcp_server);
+  }
+}
+
+void NewChttp2ServerListener::SetOnDestroyDone(grpc_closure* on_destroy_done) {
+  MutexLock lock(&mu_);
+  on_destroy_done_ = on_destroy_done;
+}
+
+void NewChttp2ServerListener::AcceptConnectedEndpoint(
+    std::unique_ptr<EventEngine::Endpoint> endpoint) {
+  OnAccept(this, grpc_event_engine_endpoint_create(std::move(endpoint)),
+           /*accepting_pollset=*/nullptr, /*acceptor=*/nullptr);
+}
+
+void NewChttp2ServerListener::OnAccept(
+    void* arg, grpc_endpoint* tcp, grpc_pollset* accepting_pollset,
+    grpc_tcp_server_acceptor* server_acceptor) {
+  NewChttp2ServerListener* self = static_cast<NewChttp2ServerListener*>(arg);
+  OrphanablePtr<grpc_endpoint> endpoint(tcp);
+  AcceptorPtr acceptor(server_acceptor);
+  if (!self->listener_state_->connection_quota()->AllowIncomingConnection(
+          self->listener_state_->memory_quota(),
+          grpc_endpoint_get_peer(endpoint.get()))) {
+    return;
+  }
+  {
+    // The ref for the tcp_server need to be taken in the critical region
+    // after having made sure that the listener has not been Orphaned, so as
+    // to avoid heap-use-after-free issues where `Ref()` is invoked when the
+    // listener is already shutdown. Note that the listener holds a ref to the
+    // tcp_server but this ref is given away when the listener is orphaned
+    // (shutdown). A connection needs the tcp_server to outlast the handshake
+    // since the acceptor needs it.
+    MutexLock lock(&self->mu_);
+    if (self->shutdown_) {
+      self->listener_state_->connection_quota()->ReleaseConnections(1);
+      return;
+    }
+    if (self->tcp_server_ != nullptr) {
+      grpc_tcp_server_ref(self->tcp_server_);
+    }
+  }
+  auto memory_owner =
+      self->listener_state_->memory_quota()->CreateMemoryOwner();
+  auto connection = memory_owner.MakeOrphanable<ActiveConnection>(
+      self->listener_state_, self->tcp_server_, accepting_pollset,
+      std::move(acceptor), self->args_, std::move(memory_owner),
+      std::move(endpoint));
+  RefCountedPtr<ActiveConnection> connection_ref =
+      connection->RefAsSubclass<ActiveConnection>();
+  absl::optional<ChannelArgs> new_args =
+      self->listener_state_->AddLogicalConnection(std::move(connection),
+                                                  self->args_, tcp);
+  if (new_args.has_value()) {
+    connection_ref->Start(*new_args);
+  } else {
+    self->listener_state_->connection_quota()->ReleaseConnections(1);
+  }
+}
+
+void NewChttp2ServerListener::TcpServerShutdownComplete(
+    void* arg, grpc_error_handle /*error*/) {
+  NewChttp2ServerListener* self = static_cast<NewChttp2ServerListener*>(arg);
+  self->channelz_listen_socket_.reset();
+  self->Unref();
+}
+
+// Server callback: destroy the tcp listener (so we don't generate further
+// callbacks)
+void NewChttp2ServerListener::Orphan() {
+  grpc_tcp_server* tcp_server;
+  {
+    MutexLock lock(&mu_);
+    shutdown_ = true;
+    tcp_server = tcp_server_;
+  }
+  if (tcp_server != nullptr) {
+    grpc_tcp_server_shutdown_listeners(tcp_server);
+    grpc_tcp_server_unref(tcp_server);
+  } else {
+    Unref();
+  }
+}
+
+namespace {
+
 grpc_error_handle Chttp2ServerAddPort(Server* server, const char* addr,
-                                      const ChannelArgs& args,
-                                      Chttp2ServerArgsModifier args_modifier,
-                                      int* port_num) {
+                                      const ChannelArgs& args, int* port_num) {
   if (addr == nullptr) {
     return GRPC_ERROR_CREATE("Invalid address: addr cannot be a nullptr.");
   }
   if (strncmp(addr, "external:", 9) == 0) {
-    return Chttp2ServerListener::CreateWithAcceptor(server, addr, args,
-                                                    args_modifier);
+    if (IsServerListenerEnabled()) {
+      return NewChttp2ServerListener::CreateWithAcceptor(server, addr, args);
+    } else {
+      return Chttp2ServerListener::CreateWithAcceptor(server, addr, args);
+    }
   }
   *port_num = -1;
   absl::StatusOr<std::vector<grpc_resolved_address>> resolved;
@@ -1029,8 +1520,11 @@ grpc_error_handle Chttp2ServerAddPort(Server* server, const char* addr,
                                                                 *port_num);
       }
       int port_temp = -1;
-      error = Chttp2ServerListener::Create(server, addr, args, args_modifier,
-                                           &port_temp);
+      if (IsServerListenerEnabled()) {
+        error = NewChttp2ServerListener::Create(server, addr, args, &port_temp);
+      } else {
+        error = Chttp2ServerListener::Create(server, addr, args, &port_temp);
+      }
       if (!error.ok()) {
         error_list.push_back(error);
       } else {
@@ -1063,25 +1557,6 @@ grpc_error_handle Chttp2ServerAddPort(Server* server, const char* addr,
   return error;
 }
 
-namespace {
-
-ChannelArgs ModifyArgsForConnection(const ChannelArgs& args,
-                                    grpc_error_handle* error) {
-  auto* server_credentials = args.GetObject<grpc_server_credentials>();
-  if (server_credentials == nullptr) {
-    *error = GRPC_ERROR_CREATE("Could not find server credentials");
-    return args;
-  }
-  auto security_connector = server_credentials->create_security_connector(args);
-  if (security_connector == nullptr) {
-    *error = GRPC_ERROR_CREATE(
-        absl::StrCat("Unable to create secure server with credentials of type ",
-                     server_credentials->type().name()));
-    return args;
-  }
-  return args.SetObject(security_connector);
-}
-
 }  // namespace
 
 namespace experimental {
@@ -1089,19 +1564,40 @@ namespace experimental {
 absl::Status PassiveListenerImpl::AcceptConnectedEndpoint(
     std::unique_ptr<EventEngine::Endpoint> endpoint) {
   CHECK_NE(server_.get(), nullptr);
-  RefCountedPtr<Chttp2ServerListener> listener;
-  {
-    MutexLock lock(&mu_);
-    if (listener_ != nullptr) {
-      listener =
-          listener_->RefIfNonZero().TakeAsSubclass<Chttp2ServerListener>();
+  if (IsServerListenerEnabled()) {
+    RefCountedPtr<NewChttp2ServerListener> new_listener;
+    {
+      MutexLock lock(&mu_);
+      auto* new_listener_ptr =
+          absl::get_if<NewChttp2ServerListener*>(&listener_);
+      if (new_listener_ptr != nullptr && *new_listener_ptr != nullptr) {
+        new_listener = (*new_listener_ptr)
+                           ->RefIfNonZero()
+                           .TakeAsSubclass<NewChttp2ServerListener>();
+      }
     }
+    if (new_listener == nullptr) {
+      return absl::UnavailableError("passive listener already shut down");
+    }
+    ExecCtx exec_ctx;
+    new_listener->AcceptConnectedEndpoint(std::move(endpoint));
+  } else {
+    RefCountedPtr<Chttp2ServerListener> listener;
+    {
+      MutexLock lock(&mu_);
+      auto* listener_ptr = absl::get_if<Chttp2ServerListener*>(&listener_);
+      if (listener_ptr != nullptr && *listener_ptr != nullptr) {
+        listener = (*listener_ptr)
+                       ->RefIfNonZero()
+                       .TakeAsSubclass<Chttp2ServerListener>();
+      }
+    }
+    if (listener == nullptr) {
+      return absl::UnavailableError("passive listener already shut down");
+    }
+    ExecCtx exec_ctx;
+    listener->AcceptConnectedEndpoint(std::move(endpoint));
   }
-  if (listener == nullptr) {
-    return absl::UnavailableError("passive listener already shut down");
-  }
-  ExecCtx exec_ctx;
-  listener->AcceptConnectedEndpoint(std::move(endpoint));
   return absl::OkStatus();
 }
 
@@ -1123,7 +1619,7 @@ absl::Status PassiveListenerImpl::AcceptConnectedFd(int fd) {
 
 void PassiveListenerImpl::ListenerDestroyed() {
   MutexLock lock(&mu_);
-  listener_ = nullptr;
+  listener_ = static_cast<Chttp2ServerListener*>(nullptr);
 }
 
 }  // namespace experimental
@@ -1169,8 +1665,7 @@ int grpc_server_add_http2_port(grpc_server* server, const char* addr,
     args = args.SetObject(creds->Ref()).SetObject(sc);
   }
   // Add server port.
-  err = grpc_core::Chttp2ServerAddPort(
-      core_server, addr, args, grpc_core::ModifyArgsForConnection, &port_num);
+  err = grpc_core::Chttp2ServerAddPort(core_server, addr, args, &port_num);
 done:
   sc.reset(DEBUG_LOCATION, "server");
   if (!err.ok()) {
@@ -1250,9 +1745,16 @@ absl::Status grpc_server_add_passive_listener(
   auto args = server->channel_args()
                   .SetObject(credentials->Ref())
                   .SetObject(std::move(sc));
-  passive_listener->listener_ =
-      grpc_core::Chttp2ServerListener::CreateForPassiveListener(
-          server, args, passive_listener);
+  if (grpc_core::IsServerListenerEnabled()) {
+    passive_listener->listener_ =
+        grpc_core::NewChttp2ServerListener::CreateForPassiveListener(
+            server, args, passive_listener);
+  } else {
+    passive_listener->listener_ =
+        grpc_core::Chttp2ServerListener::CreateForPassiveListener(
+            server, args, passive_listener);
+  }
+
   passive_listener->server_ = server->Ref();
   return absl::OkStatus();
 }