RubyGems - grpc - Versions diffs - 1.69.0 → 1.70.1 - Mend

grpc 1.69.0 → 1.70.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (640) hide show

data/src/core/ext/transport/chttp2/server/chttp2_server.cc CHANGED Viewed

@@ -82,6 +82,7 @@
 #include "src/core/lib/transport/transport.h"
 #include "src/core/server/server.h"
 #include "src/core/util/debug_location.h"
+#include "src/core/util/match.h"
 #include "src/core/util/orphanable.h"
 #include "src/core/util/ref_counted_ptr.h"
 #include "src/core/util/status_helper.h"
@@ -107,24 +108,26 @@ const char kUnixUriPrefix[] = "unix:";
 const char kUnixAbstractUriPrefix[] = "unix-abstract:";
 const char kVSockUriPrefix[] = "vsock:";
-struct AcceptorDeleter {
-  void operator()(grpc_tcp_server_acceptor* acceptor) const {
-    gpr_free(acceptor);
-  }
-};
+namespace {
+Timestamp GetConnectionDeadline(const ChannelArgs& args) {
+  return Timestamp::Now() +
+         std::max(
+             Duration::Milliseconds(1),
+             args.GetDurationFromIntMillis(GRPC_ARG_SERVER_HANDSHAKE_TIMEOUT_MS)
+                 .value_or(Duration::Minutes(2)));
+}
+}  // namespace
 using AcceptorPtr = std::unique_ptr<grpc_tcp_server_acceptor, AcceptorDeleter>;
 class Chttp2ServerListener : public Server::ListenerInterface {
  public:
   static grpc_error_handle Create(Server* server,
                                   const EventEngine::ResolvedAddress& addr,
-                                  const ChannelArgs& args,
-                                  Chttp2ServerArgsModifier args_modifier,
-                                  int* port_num);
+                                  const ChannelArgs& args, int* port_num);
-  static grpc_error_handle CreateWithAcceptor(
-      Server* server, const char* name, const ChannelArgs& args,
-      Chttp2ServerArgsModifier args_modifier);
+  static grpc_error_handle CreateWithAcceptor(Server* server, const char* name,
+                                              const ChannelArgs& args);
   static Chttp2ServerListener* CreateForPassiveListener(
       Server* server, const ChannelArgs& args,
@@ -132,14 +135,12 @@ class Chttp2ServerListener : public Server::ListenerInterface {
   // Do not instantiate directly.  Use one of the factory methods above.
   Chttp2ServerListener(Server* server, const ChannelArgs& args,
-                       Chttp2ServerArgsModifier args_modifier,
-                       grpc_server_config_fetcher* config_fetcher,
+                       ServerConfigFetcher* config_fetcher,
                        std::shared_ptr<experimental::PassiveListenerImpl>
                            passive_listener = nullptr);
   ~Chttp2ServerListener() override;
-  void Start(Server* server,
-             const std::vector<grpc_pollset*>* pollsets) override;
+  void Start() override;
   void AcceptConnectedEndpoint(std::unique_ptr<EventEngine::Endpoint> endpoint);
@@ -147,6 +148,15 @@ class Chttp2ServerListener : public Server::ListenerInterface {
     return channelz_listen_socket_.get();
   }
+  void SetServerListenerState(
+      RefCountedPtr<Server::ListenerState> /*listener_state*/) override {}
+  const grpc_resolved_address* resolved_address() const override {
+    // Should only be invoked with experiment server_listener
+    Crash("Illegal");
+    return nullptr;
+  }
   void SetOnDestroyDone(grpc_closure* on_destroy_done) override;
   void Orphan() override;
@@ -154,14 +164,13 @@ class Chttp2ServerListener : public Server::ListenerInterface {
  private:
   friend class experimental::PassiveListenerImpl;
-  class ConfigFetcherWatcher
-      : public grpc_server_config_fetcher::WatcherInterface {
+  class ConfigFetcherWatcher : public ServerConfigFetcher::WatcherInterface {
    public:
     explicit ConfigFetcherWatcher(RefCountedPtr<Chttp2ServerListener> listener)
         : listener_(std::move(listener)) {}
     void UpdateConnectionManager(
-        RefCountedPtr<grpc_server_config_fetcher::ConnectionManager>
+        RefCountedPtr<ServerConfigFetcher::ConnectionManager>
             connection_manager) override;
     void StopServing() override;
@@ -267,12 +276,11 @@ class Chttp2ServerListener : public Server::ListenerInterface {
   Server* const server_ = nullptr;
   grpc_tcp_server* tcp_server_ = nullptr;
   grpc_resolved_address resolved_address_;
-  Chttp2ServerArgsModifier const args_modifier_;
   ConfigFetcherWatcher* config_fetcher_watcher_ = nullptr;
   ChannelArgs args_;
   Mutex mu_;
-  RefCountedPtr<grpc_server_config_fetcher::ConnectionManager>
-      connection_manager_ ABSL_GUARDED_BY(mu_);
+  RefCountedPtr<ServerConfigFetcher::ConnectionManager> connection_manager_
+      ABSL_GUARDED_BY(mu_);
   // Signals whether grpc_tcp_server_start() has been called.
   bool started_ ABSL_GUARDED_BY(mu_) = false;
   // Signals whether grpc_tcp_server_start() has completed.
@@ -288,7 +296,7 @@ class Chttp2ServerListener : public Server::ListenerInterface {
   RefCountedPtr<channelz::ListenSocketNode> channelz_listen_socket_;
   MemoryQuotaRefPtr memory_quota_;
   ConnectionQuotaRefPtr connection_quota_;
-  grpc_server_config_fetcher* config_fetcher_ = nullptr;
+  ServerConfigFetcher* config_fetcher_ = nullptr;
   // TODO(yashykt): consider using absl::variant<> to minimize memory usage for
   // disjoint cases where different fields are used.
   std::shared_ptr<experimental::PassiveListenerImpl> passive_listener_;
@@ -299,9 +307,8 @@ class Chttp2ServerListener : public Server::ListenerInterface {
 //
 void Chttp2ServerListener::ConfigFetcherWatcher::UpdateConnectionManager(
-    RefCountedPtr<grpc_server_config_fetcher::ConnectionManager>
-        connection_manager) {
-  RefCountedPtr<grpc_server_config_fetcher::ConnectionManager>
+    RefCountedPtr<ServerConfigFetcher::ConnectionManager> connection_manager) {
+  RefCountedPtr<ServerConfigFetcher::ConnectionManager>
       connection_manager_to_destroy;
   class GracefulShutdownExistingConnections {
    public:
@@ -369,14 +376,6 @@ void Chttp2ServerListener::ConfigFetcherWatcher::StopServing() {
 // Chttp2ServerListener::ActiveConnection::HandshakingState
 //
-Timestamp GetConnectionDeadline(const ChannelArgs& args) {
-  return Timestamp::Now() +
-         std::max(
-             Duration::Milliseconds(1),
-             args.GetDurationFromIntMillis(GRPC_ARG_SERVER_HANDSHAKE_TIMEOUT_MS)
-                 .value_or(Duration::Seconds(120)));
-}
 Chttp2ServerListener::ActiveConnection::HandshakingState::HandshakingState(
     RefCountedPtr<ActiveConnection> connection_ref,
     grpc_pollset* accepting_pollset, AcceptorPtr acceptor,
@@ -708,11 +707,10 @@ void Chttp2ServerListener::ActiveConnection::OnDrainGraceTimeExpiry() {
 grpc_error_handle Chttp2ServerListener::Create(
     Server* server, const EventEngine::ResolvedAddress& addr,
-    const ChannelArgs& args, Chttp2ServerArgsModifier args_modifier,
-    int* port_num) {
+    const ChannelArgs& args, int* port_num) {
   // Create Chttp2ServerListener.
   OrphanablePtr<Chttp2ServerListener> listener =
-      MakeOrphanable<Chttp2ServerListener>(server, args, args_modifier,
+      MakeOrphanable<Chttp2ServerListener>(server, args,
                                            server->config_fetcher());
   // The tcp_server will be unreffed when the listener is orphaned, which could
   // be at the end of this function if the listener was not added to the
@@ -752,10 +750,9 @@ grpc_error_handle Chttp2ServerListener::Create(
 }
 grpc_error_handle Chttp2ServerListener::CreateWithAcceptor(
-    Server* server, const char* name, const ChannelArgs& args,
-    Chttp2ServerArgsModifier args_modifier) {
+    Server* server, const char* name, const ChannelArgs& args) {
   auto listener = MakeOrphanable<Chttp2ServerListener>(
-      server, args, args_modifier, server->config_fetcher());
+      server, args, server->config_fetcher());
   grpc_error_handle error = grpc_tcp_server_create(
       &listener->tcp_server_shutdown_complete_, ChannelArgsEndpointConfig(args),
       OnAccept, listener.get(), &listener->tcp_server_);
@@ -772,9 +769,7 @@ Chttp2ServerListener* Chttp2ServerListener::CreateForPassiveListener(
     std::shared_ptr<experimental::PassiveListenerImpl> passive_listener) {
   // TODO(hork): figure out how to handle channelz in this case
   auto listener = MakeOrphanable<Chttp2ServerListener>(
-      server, args, /*args_modifier=*/
-      [](const ChannelArgs& args, grpc_error_handle*) { return args; }, nullptr,
-      std::move(passive_listener));
+      server, args, nullptr, std::move(passive_listener));
   auto listener_ptr = listener.get();
   server->AddListener(std::move(listener));
   return listener_ptr;
@@ -782,11 +777,9 @@ Chttp2ServerListener* Chttp2ServerListener::CreateForPassiveListener(
 Chttp2ServerListener::Chttp2ServerListener(
     Server* server, const ChannelArgs& args,
-    Chttp2ServerArgsModifier args_modifier,
-    grpc_server_config_fetcher* config_fetcher,
+    ServerConfigFetcher* config_fetcher,
     std::shared_ptr<experimental::PassiveListenerImpl> passive_listener)
     : server_(server),
-      args_modifier_(args_modifier),
       args_(args),
       memory_quota_(args.GetObject<ResourceQuota>()->memory_quota()),
       connection_quota_(MakeRefCounted<ConnectionQuota>()),
@@ -812,8 +805,7 @@ Chttp2ServerListener::~Chttp2ServerListener() {
 }
 // Server callback: start listening on our ports
-void Chttp2ServerListener::Start(
-    Server* /*server*/, const std::vector<grpc_pollset*>* /* pollsets */) {
+void Chttp2ServerListener::Start() {
   if (config_fetcher_ != nullptr) {
     auto watcher = std::make_unique<ConfigFetcherWatcher>(
         RefAsSubclass<Chttp2ServerListener>());
@@ -848,6 +840,27 @@ void Chttp2ServerListener::AcceptConnectedEndpoint(
            /*accepting_pollset=*/nullptr, /*acceptor=*/nullptr);
 }
+namespace {
+ChannelArgs ModifyArgsForConnection(const ChannelArgs& args,
+                                    grpc_error_handle* error) {
+  auto* server_credentials = args.GetObject<grpc_server_credentials>();
+  if (server_credentials == nullptr) {
+    *error = GRPC_ERROR_CREATE("Could not find server credentials");
+    return args;
+  }
+  auto security_connector = server_credentials->create_security_connector(args);
+  if (security_connector == nullptr) {
+    *error = GRPC_ERROR_CREATE(
+        absl::StrCat("Unable to create secure server with credentials of type ",
+                     server_credentials->type().name()));
+    return args;
+  }
+  return args.SetObject(security_connector);
+}
+}  // namespace
 void Chttp2ServerListener::OnAccept(void* arg, grpc_endpoint* tcp,
                                     grpc_pollset* accepting_pollset,
                                     grpc_tcp_server_acceptor* server_acceptor) {
@@ -855,8 +868,7 @@ void Chttp2ServerListener::OnAccept(void* arg, grpc_endpoint* tcp,
   ChannelArgs args = self->args_;
   OrphanablePtr<grpc_endpoint> endpoint(tcp);
   AcceptorPtr acceptor(server_acceptor);
-  RefCountedPtr<grpc_server_config_fetcher::ConnectionManager>
-      connection_manager;
+  RefCountedPtr<ServerConfigFetcher::ConnectionManager> connection_manager;
   {
     MutexLock lock(&self->mu_);
     connection_manager = self->connection_manager_;
@@ -875,7 +887,7 @@ void Chttp2ServerListener::OnAccept(void* arg, grpc_endpoint* tcp,
       return;
     }
     grpc_error_handle error;
-    args = self->args_modifier_(*args_result, &error);
+    args = ModifyArgsForConnection(*args_result, &error);
     if (!error.ok()) {
       return;
     }
@@ -953,19 +965,498 @@ void Chttp2ServerListener::Orphan() {
 }
 //
-// Chttp2ServerAddPort()
+// NewChttp2ServerListener::ActiveConnection::HandshakingState
+//
+NewChttp2ServerListener::ActiveConnection::HandshakingState::HandshakingState(
+    RefCountedPtr<ActiveConnection> connection_ref, grpc_tcp_server* tcp_server,
+    grpc_pollset* accepting_pollset, AcceptorPtr acceptor,
+    const ChannelArgs& args, OrphanablePtr<grpc_endpoint> endpoint)
+    : connection_(std::move(connection_ref)),
+      tcp_server_(tcp_server),
+      accepting_pollset_(accepting_pollset),
+      acceptor_(std::move(acceptor)),
+      interested_parties_(grpc_pollset_set_create()),
+      deadline_(GetConnectionDeadline(args)),
+      endpoint_(std::move(endpoint)),
+      handshake_mgr_(MakeRefCounted<HandshakeManager>()) {
+  if (accepting_pollset != nullptr) {
+    grpc_pollset_set_add_pollset(interested_parties_, accepting_pollset_);
+  }
+}
+NewChttp2ServerListener::ActiveConnection::HandshakingState::
+    ~HandshakingState() {
+  if (accepting_pollset_ != nullptr) {
+    grpc_pollset_set_del_pollset(interested_parties_, accepting_pollset_);
+  }
+  grpc_pollset_set_destroy(interested_parties_);
+  if (tcp_server_ != nullptr) {
+    grpc_tcp_server_unref(tcp_server_);
+  }
+}
+void NewChttp2ServerListener::ActiveConnection::HandshakingState::Orphan() {
+  connection_->work_serializer_.Run(
+      [this] {
+        ShutdownLocked(absl::UnavailableError("Listener stopped serving."));
+        Unref();
+      },
+      DEBUG_LOCATION);
+}
+void NewChttp2ServerListener::ActiveConnection::HandshakingState::StartLocked(
+    const ChannelArgs& channel_args) {
+  if (handshake_mgr_ == nullptr) {
+    // The connection is already shutting down.
+    return;
+  }
+  CoreConfiguration::Get().handshaker_registry().AddHandshakers(
+      HANDSHAKER_SERVER, channel_args, interested_parties_,
+      handshake_mgr_.get());
+  handshake_mgr_->DoHandshake(
+      std::move(endpoint_), channel_args, deadline_, acceptor_.get(),
+      [self = Ref()](absl::StatusOr<HandshakerArgs*> result) mutable {
+        auto* self_ptr = self.get();
+        self_ptr->connection_->work_serializer_.Run(
+            [self = std::move(self), result = std::move(result)]() mutable {
+              self->OnHandshakeDoneLocked(std::move(result));
+            },
+            DEBUG_LOCATION);
+      });
+}
+void NewChttp2ServerListener::ActiveConnection::HandshakingState::
+    ShutdownLocked(absl::Status status) {
+  if (handshake_mgr_ != nullptr) {
+    handshake_mgr_->Shutdown(std::move(status));
+  }
+}
+void NewChttp2ServerListener::ActiveConnection::HandshakingState::
+    OnTimeoutLocked() {
+  if (!timer_handle_.has_value()) {
+    return;
+  }
+  timer_handle_.reset();
+  auto t = absl::get<RefCountedPtr<grpc_chttp2_transport>>(connection_->state_);
+  t->DisconnectWithError(GRPC_ERROR_CREATE(
+      "Did not receive HTTP/2 settings before handshake timeout"));
+}
+void NewChttp2ServerListener::ActiveConnection::HandshakingState::
+    OnReceiveSettings(void* arg, grpc_error_handle /* error */) {
+  HandshakingState* self = static_cast<HandshakingState*>(arg);
+  self->connection_->work_serializer_.Run(
+      [self] {
+        if (self->timer_handle_.has_value()) {
+          self->connection_->listener_state_->event_engine()->Cancel(
+              *self->timer_handle_);
+          self->timer_handle_.reset();
+        }
+        self->Unref();
+      },
+      DEBUG_LOCATION);
+}
+void NewChttp2ServerListener::ActiveConnection::HandshakingState::
+    OnHandshakeDoneLocked(absl::StatusOr<HandshakerArgs*> result) {
+  OrphanablePtr<HandshakingState> handshaking_state_ref;
+  RefCountedPtr<HandshakeManager> handshake_mgr;
+  // If the handshaking succeeded but there is no endpoint, then the
+  // handshaker may have handed off the connection to some external
+  // code, so we can just clean up here without creating a transport.
+  if (!connection_->shutdown_ && result.ok() &&
+      (*result)->endpoint != nullptr) {
+    RefCountedPtr<Transport> transport =
+        grpc_create_chttp2_transport((*result)->args,
+                                     std::move((*result)->endpoint), false)
+            ->Ref();
+    grpc_error_handle channel_init_err =
+        connection_->listener_state_->server()->SetupTransport(
+            transport.get(), accepting_pollset_, (*result)->args,
+            grpc_chttp2_transport_get_socket_node(transport.get()));
+    if (channel_init_err.ok()) {
+      // Use notify_on_receive_settings callback to enforce the
+      // handshake deadline.
+      connection_->state_ =
+          DownCast<grpc_chttp2_transport*>(transport.get())->Ref();
+      Ref().release();  // Held by OnReceiveSettings().
+      GRPC_CLOSURE_INIT(&on_receive_settings_, OnReceiveSettings, this,
+                        grpc_schedule_on_exec_ctx);
+      grpc_closure* on_close = &connection_->on_close_;
+      // Refs helds by OnClose()
+      connection_->Ref().release();
+      grpc_chttp2_transport_start_reading(
+          transport.get(), (*result)->read_buffer.c_slice_buffer(),
+          &on_receive_settings_, nullptr, on_close);
+      timer_handle_ = connection_->listener_state_->event_engine()->RunAfter(
+          deadline_ - Timestamp::Now(), [self = Ref()]() mutable {
+            // HandshakingState deletion might require an active ExecCtx.
+            ApplicationCallbackExecCtx callback_exec_ctx;
+            ExecCtx exec_ctx;
+            auto* self_ptr = self.get();
+            self_ptr->connection_->work_serializer_.Run(
+                [self = std::move(self)]() { self->OnTimeoutLocked(); },
+                DEBUG_LOCATION);
+          });
+    } else {
+      // Failed to create channel from transport. Clean up.
+      LOG(ERROR) << "Failed to create channel: "
+                 << StatusToString(channel_init_err);
+      transport->Orphan();
+    }
+  }
+  // Since the handshake manager is done, the connection no longer needs to
+  // shutdown the handshake when the listener needs to stop serving.
+  handshake_mgr_.reset();
+  connection_->listener_state_->OnHandshakeDone(connection_.get());
+  // Clean up if we don't have a transport
+  if (!absl::holds_alternative<RefCountedPtr<grpc_chttp2_transport>>(
+          connection_->state_)) {
+    connection_->listener_state_->connection_quota()->ReleaseConnections(1);
+    connection_->listener_state_->RemoveLogicalConnection(connection_.get());
+  }
+}
+//
+// NewChttp2ServerListener::ActiveConnection
+//
+NewChttp2ServerListener::ActiveConnection::ActiveConnection(
+    RefCountedPtr<Server::ListenerState> listener_state,
+    grpc_tcp_server* tcp_server, grpc_pollset* accepting_pollset,
+    AcceptorPtr acceptor, const ChannelArgs& args, MemoryOwner memory_owner,
+    OrphanablePtr<grpc_endpoint> endpoint)
+    : listener_state_(std::move(listener_state)),
+      work_serializer_(
+          args.GetObjectRef<grpc_event_engine::experimental::EventEngine>()),
+      state_(memory_owner.MakeOrphanable<HandshakingState>(
+          RefAsSubclass<ActiveConnection>(), tcp_server, accepting_pollset,
+          std::move(acceptor), args, std::move(endpoint))) {
+  GRPC_CLOSURE_INIT(&on_close_, ActiveConnection::OnClose, this,
+                    grpc_schedule_on_exec_ctx);
+}
+void NewChttp2ServerListener::ActiveConnection::Orphan() {
+  work_serializer_.Run(
+      [this]() {
+        // If ActiveConnection is orphaned before handshake is established,
+        // shutdown the handshaker. If the server is stopping to serve or
+        // shutting down and a transport has already been established, GOAWAYs
+        // should be sent separately.
+        shutdown_ = true;
+        if (absl::holds_alternative<OrphanablePtr<HandshakingState>>(state_)) {
+          state_ = OrphanablePtr<HandshakingState>(nullptr);
+        }
+        Unref();
+      },
+      DEBUG_LOCATION);
+}
+void NewChttp2ServerListener::ActiveConnection::SendGoAway() {
+  work_serializer_.Run(
+      [self = RefAsSubclass<ActiveConnection>()]() mutable {
+        self->SendGoAwayImplLocked();
+      },
+      DEBUG_LOCATION);
+}
+void NewChttp2ServerListener::ActiveConnection::DisconnectImmediately() {
+  work_serializer_.Run(
+      [self = RefAsSubclass<ActiveConnection>()]() mutable {
+        self->DisconnectImmediatelyImplLocked();
+      },
+      DEBUG_LOCATION);
+}
+void NewChttp2ServerListener::ActiveConnection::Start(const ChannelArgs& args) {
+  work_serializer_.Run(
+      [self = RefAsSubclass<ActiveConnection>(), args]() mutable {
+        // If the Connection is already shutdown at this point, it implies the
+        // owning NewChttp2ServerListener and all associated
+        // ActiveConnections have been orphaned.
+        if (self->shutdown_) return;
+        absl::get<OrphanablePtr<HandshakingState>>(self->state_)
+            ->StartLocked(args);
+      },
+      DEBUG_LOCATION);
+}
+void NewChttp2ServerListener::ActiveConnection::OnClose(
+    void* arg, grpc_error_handle /* error */) {
+  ActiveConnection* self = static_cast<ActiveConnection*>(arg);
+  self->listener_state_->RemoveLogicalConnection(self);
+  self->listener_state_->connection_quota()->ReleaseConnections(1);
+  self->Unref();
+}
+void NewChttp2ServerListener::ActiveConnection::SendGoAwayImplLocked() {
+  if (!shutdown_) {
+    shutdown_ = true;
+    Match(
+        state_,
+        [](const OrphanablePtr<HandshakingState>& handshaking_state) {
+          // Shutdown the handshaker if it's still in progress.
+          if (handshaking_state != nullptr) {
+            handshaking_state->ShutdownLocked(
+                absl::UnavailableError("Connection going away"));
+          }
+        },
+        [](const RefCountedPtr<grpc_chttp2_transport>& transport) {
+          // Send a GOAWAY if the transport exists
+          if (transport != nullptr) {
+            grpc_transport_op* op = grpc_make_transport_op(nullptr);
+            op->goaway_error =
+                GRPC_ERROR_CREATE("Server is stopping to serve requests.");
+            transport->PerformOp(op);
+          }
+        });
+  }
+}
+void NewChttp2ServerListener::ActiveConnection::
+    DisconnectImmediatelyImplLocked() {
+  shutdown_ = true;
+  Match(
+      state_,
+      [](const OrphanablePtr<HandshakingState>& handshaking_state) {
+        // Shutdown the handshaker if it's still in progress.
+        if (handshaking_state != nullptr) {
+          handshaking_state->ShutdownLocked(
+              absl::UnavailableError("Connection to be disconnected"));
+        }
+      },
+      [](const RefCountedPtr<grpc_chttp2_transport>& transport) {
+        // Disconnect immediately if the transport exists
+        if (transport != nullptr) {
+          grpc_transport_op* op = grpc_make_transport_op(nullptr);
+          op->disconnect_with_error = GRPC_ERROR_CREATE(
+              "Drain grace time expired. Closing connection immediately.");
+          transport->PerformOp(op);
+        }
+      });
+}
+//
+// NewChttp2ServerListener
 //
+grpc_error_handle NewChttp2ServerListener::Create(
+    Server* server, const EventEngine::ResolvedAddress& addr,
+    const ChannelArgs& args, int* port_num) {
+  // Create NewChttp2ServerListener.
+  OrphanablePtr<NewChttp2ServerListener> listener =
+      MakeOrphanable<NewChttp2ServerListener>(args);
+  // The tcp_server will be unreffed when the listener is orphaned, which
+  // could be at the end of this function if the listener was not added to the
+  // server's set of listeners.
+  grpc_error_handle error = grpc_tcp_server_create(
+      &listener->tcp_server_shutdown_complete_, ChannelArgsEndpointConfig(args),
+      OnAccept, listener.get(), &listener->tcp_server_);
+  if (!error.ok()) return error;
+  // TODO(yijiem): remove this conversion when we remove all
+  // grpc_resolved_address usages.
+  grpc_resolved_address iomgr_addr =
+      grpc_event_engine::experimental::CreateGRPCResolvedAddress(addr);
+  if (server->config_fetcher() != nullptr) {
+    // TODO(yashykt): Consider binding so as to be able to return the port
+    // number.
+    listener->resolved_address_ = iomgr_addr;
+    {
+      MutexLock lock(&listener->mu_);
+      listener->add_port_on_start_ = true;
+    }
+  } else {
+    error =
+        grpc_tcp_server_add_port(listener->tcp_server_, &iomgr_addr, port_num);
+    if (!error.ok()) return error;
+  }
+  // Create channelz node.
+  if (args.GetBool(GRPC_ARG_ENABLE_CHANNELZ)
+          .value_or(GRPC_ENABLE_CHANNELZ_DEFAULT)) {
+    auto string_address =
+        grpc_event_engine::experimental::ResolvedAddressToString(addr);
+    if (!string_address.ok()) {
+      return GRPC_ERROR_CREATE(string_address.status().ToString());
+    }
+    listener->channelz_listen_socket_ =
+        MakeRefCounted<channelz::ListenSocketNode>(
+            *string_address, absl::StrCat("chttp2 listener ", *string_address));
+  }
+  // Register with the server only upon success
+  server->AddListener(std::move(listener));
+  return absl::OkStatus();
+}
+grpc_error_handle NewChttp2ServerListener::CreateWithAcceptor(
+    Server* server, const char* name, const ChannelArgs& args) {
+  auto listener = MakeOrphanable<NewChttp2ServerListener>(args);
+  grpc_error_handle error = grpc_tcp_server_create(
+      &listener->tcp_server_shutdown_complete_, ChannelArgsEndpointConfig(args),
+      OnAccept, listener.get(), &listener->tcp_server_);
+  if (!error.ok()) return error;
+  // TODO(yangg) channelz
+  TcpServerFdHandler** arg_val = args.GetPointer<TcpServerFdHandler*>(name);
+  *arg_val = grpc_tcp_server_create_fd_handler(listener->tcp_server_);
+  server->AddListener(std::move(listener));
+  return absl::OkStatus();
+}
+NewChttp2ServerListener* NewChttp2ServerListener::CreateForPassiveListener(
+    Server* server, const ChannelArgs& args,
+    std::shared_ptr<experimental::PassiveListenerImpl> passive_listener) {
+  // TODO(hork): figure out how to handle channelz in this case
+  auto listener = MakeOrphanable<NewChttp2ServerListener>(
+      args, std::move(passive_listener));
+  auto listener_ptr = listener.get();
+  server->AddListener(std::move(listener));
+  return listener_ptr;
+}
+NewChttp2ServerListener::NewChttp2ServerListener(
+    const ChannelArgs& args,
+    std::shared_ptr<experimental::PassiveListenerImpl> passive_listener)
+    : args_(args), passive_listener_(std::move(passive_listener)) {
+  GRPC_CLOSURE_INIT(&tcp_server_shutdown_complete_, TcpServerShutdownComplete,
+                    this, grpc_schedule_on_exec_ctx);
+}
+NewChttp2ServerListener::~NewChttp2ServerListener() {
+  if (passive_listener_ != nullptr) {
+    passive_listener_->ListenerDestroyed();
+  }
+  if (on_destroy_done_ != nullptr) {
+    ExecCtx::Run(DEBUG_LOCATION, on_destroy_done_, absl::OkStatus());
+  }
+}
+void NewChttp2ServerListener::Start() {
+  bool should_add_port = false;
+  grpc_tcp_server* tcp_server = nullptr;
+  {
+    MutexLock lock(&mu_);
+    if (!shutdown_) {
+      should_add_port = std::exchange(add_port_on_start_, false);
+      // Hold a ref while we start the server
+      if (tcp_server_ != nullptr) {
+        grpc_tcp_server_ref(tcp_server_);
+        tcp_server = tcp_server_;
+      }
+    }
+  }
+  if (should_add_port) {
+    int port_temp;
+    grpc_error_handle error =
+        grpc_tcp_server_add_port(tcp_server_, resolved_address(), &port_temp);
+    if (!error.ok()) {
+      LOG(ERROR) << "Error adding port to server: " << StatusToString(error);
+      // TODO(yashykt): We wouldn't need to assert here if we bound to the
+      // port earlier during AddPort.
+      CHECK(0);
+    }
+  }
+  if (tcp_server != nullptr) {
+    grpc_tcp_server_start(tcp_server, &listener_state_->server()->pollsets());
+    // Give up the ref we took earlier
+    grpc_tcp_server_unref(tcp_server);
+  }
+}
+void NewChttp2ServerListener::SetOnDestroyDone(grpc_closure* on_destroy_done) {
+  MutexLock lock(&mu_);
+  on_destroy_done_ = on_destroy_done;
+}
+void NewChttp2ServerListener::AcceptConnectedEndpoint(
+    std::unique_ptr<EventEngine::Endpoint> endpoint) {
+  OnAccept(this, grpc_event_engine_endpoint_create(std::move(endpoint)),
+           /*accepting_pollset=*/nullptr, /*acceptor=*/nullptr);
+}
+void NewChttp2ServerListener::OnAccept(
+    void* arg, grpc_endpoint* tcp, grpc_pollset* accepting_pollset,
+    grpc_tcp_server_acceptor* server_acceptor) {
+  NewChttp2ServerListener* self = static_cast<NewChttp2ServerListener*>(arg);
+  OrphanablePtr<grpc_endpoint> endpoint(tcp);
+  AcceptorPtr acceptor(server_acceptor);
+  if (!self->listener_state_->connection_quota()->AllowIncomingConnection(
+          self->listener_state_->memory_quota(),
+          grpc_endpoint_get_peer(endpoint.get()))) {
+    return;
+  }
+  {
+    // The ref for the tcp_server need to be taken in the critical region
+    // after having made sure that the listener has not been Orphaned, so as
+    // to avoid heap-use-after-free issues where `Ref()` is invoked when the
+    // listener is already shutdown. Note that the listener holds a ref to the
+    // tcp_server but this ref is given away when the listener is orphaned
+    // (shutdown). A connection needs the tcp_server to outlast the handshake
+    // since the acceptor needs it.
+    MutexLock lock(&self->mu_);
+    if (self->shutdown_) {
+      self->listener_state_->connection_quota()->ReleaseConnections(1);
+      return;
+    }
+    if (self->tcp_server_ != nullptr) {
+      grpc_tcp_server_ref(self->tcp_server_);
+    }
+  }
+  auto memory_owner =
+      self->listener_state_->memory_quota()->CreateMemoryOwner();
+  auto connection = memory_owner.MakeOrphanable<ActiveConnection>(
+      self->listener_state_, self->tcp_server_, accepting_pollset,
+      std::move(acceptor), self->args_, std::move(memory_owner),
+      std::move(endpoint));
+  RefCountedPtr<ActiveConnection> connection_ref =
+      connection->RefAsSubclass<ActiveConnection>();
+  absl::optional<ChannelArgs> new_args =
+      self->listener_state_->AddLogicalConnection(std::move(connection),
+                                                  self->args_, tcp);
+  if (new_args.has_value()) {
+    connection_ref->Start(*new_args);
+  } else {
+    self->listener_state_->connection_quota()->ReleaseConnections(1);
+  }
+}
+void NewChttp2ServerListener::TcpServerShutdownComplete(
+    void* arg, grpc_error_handle /*error*/) {
+  NewChttp2ServerListener* self = static_cast<NewChttp2ServerListener*>(arg);
+  self->channelz_listen_socket_.reset();
+  self->Unref();
+}
+// Server callback: destroy the tcp listener (so we don't generate further
+// callbacks)
+void NewChttp2ServerListener::Orphan() {
+  grpc_tcp_server* tcp_server;
+  {
+    MutexLock lock(&mu_);
+    shutdown_ = true;
+    tcp_server = tcp_server_;
+  }
+  if (tcp_server != nullptr) {
+    grpc_tcp_server_shutdown_listeners(tcp_server);
+    grpc_tcp_server_unref(tcp_server);
+  } else {
+    Unref();
+  }
+}
+namespace {
 grpc_error_handle Chttp2ServerAddPort(Server* server, const char* addr,
-                                      const ChannelArgs& args,
-                                      Chttp2ServerArgsModifier args_modifier,
-                                      int* port_num) {
+                                      const ChannelArgs& args, int* port_num) {
   if (addr == nullptr) {
     return GRPC_ERROR_CREATE("Invalid address: addr cannot be a nullptr.");
   }
   if (strncmp(addr, "external:", 9) == 0) {
-    return Chttp2ServerListener::CreateWithAcceptor(server, addr, args,
-                                                    args_modifier);
+    if (IsServerListenerEnabled()) {
+      return NewChttp2ServerListener::CreateWithAcceptor(server, addr, args);
+    } else {
+      return Chttp2ServerListener::CreateWithAcceptor(server, addr, args);
+    }
   }
   *port_num = -1;
   absl::StatusOr<std::vector<grpc_resolved_address>> resolved;
@@ -1029,8 +1520,11 @@ grpc_error_handle Chttp2ServerAddPort(Server* server, const char* addr,
                                                                 *port_num);
       }
       int port_temp = -1;
-      error = Chttp2ServerListener::Create(server, addr, args, args_modifier,
-                                           &port_temp);
+      if (IsServerListenerEnabled()) {
+        error = NewChttp2ServerListener::Create(server, addr, args, &port_temp);
+      } else {
+        error = Chttp2ServerListener::Create(server, addr, args, &port_temp);
+      }
       if (!error.ok()) {
         error_list.push_back(error);
       } else {
@@ -1063,25 +1557,6 @@ grpc_error_handle Chttp2ServerAddPort(Server* server, const char* addr,
   return error;
 }
-namespace {
-ChannelArgs ModifyArgsForConnection(const ChannelArgs& args,
-                                    grpc_error_handle* error) {
-  auto* server_credentials = args.GetObject<grpc_server_credentials>();
-  if (server_credentials == nullptr) {
-    *error = GRPC_ERROR_CREATE("Could not find server credentials");
-    return args;
-  }
-  auto security_connector = server_credentials->create_security_connector(args);
-  if (security_connector == nullptr) {
-    *error = GRPC_ERROR_CREATE(
-        absl::StrCat("Unable to create secure server with credentials of type ",
-                     server_credentials->type().name()));
-    return args;
-  }
-  return args.SetObject(security_connector);
-}
 }  // namespace
 namespace experimental {
@@ -1089,19 +1564,40 @@ namespace experimental {
 absl::Status PassiveListenerImpl::AcceptConnectedEndpoint(
     std::unique_ptr<EventEngine::Endpoint> endpoint) {
   CHECK_NE(server_.get(), nullptr);
-  RefCountedPtr<Chttp2ServerListener> listener;
-  {
-    MutexLock lock(&mu_);
-    if (listener_ != nullptr) {
-      listener =
-          listener_->RefIfNonZero().TakeAsSubclass<Chttp2ServerListener>();
+  if (IsServerListenerEnabled()) {
+    RefCountedPtr<NewChttp2ServerListener> new_listener;
+    {
+      MutexLock lock(&mu_);
+      auto* new_listener_ptr =
+          absl::get_if<NewChttp2ServerListener*>(&listener_);
+      if (new_listener_ptr != nullptr && *new_listener_ptr != nullptr) {
+        new_listener = (*new_listener_ptr)
+                           ->RefIfNonZero()
+                           .TakeAsSubclass<NewChttp2ServerListener>();
+      }
     }
+    if (new_listener == nullptr) {
+      return absl::UnavailableError("passive listener already shut down");
+    }
+    ExecCtx exec_ctx;
+    new_listener->AcceptConnectedEndpoint(std::move(endpoint));
+  } else {
+    RefCountedPtr<Chttp2ServerListener> listener;
+    {
+      MutexLock lock(&mu_);
+      auto* listener_ptr = absl::get_if<Chttp2ServerListener*>(&listener_);
+      if (listener_ptr != nullptr && *listener_ptr != nullptr) {
+        listener = (*listener_ptr)
+                       ->RefIfNonZero()
+                       .TakeAsSubclass<Chttp2ServerListener>();
+      }
+    }
+    if (listener == nullptr) {
+      return absl::UnavailableError("passive listener already shut down");
+    }
+    ExecCtx exec_ctx;
+    listener->AcceptConnectedEndpoint(std::move(endpoint));
   }
-  if (listener == nullptr) {
-    return absl::UnavailableError("passive listener already shut down");
-  }
-  ExecCtx exec_ctx;
-  listener->AcceptConnectedEndpoint(std::move(endpoint));
   return absl::OkStatus();
 }
@@ -1123,7 +1619,7 @@ absl::Status PassiveListenerImpl::AcceptConnectedFd(int fd) {
 void PassiveListenerImpl::ListenerDestroyed() {
   MutexLock lock(&mu_);
-  listener_ = nullptr;
+  listener_ = static_cast<Chttp2ServerListener*>(nullptr);
 }
 }  // namespace experimental
@@ -1169,8 +1665,7 @@ int grpc_server_add_http2_port(grpc_server* server, const char* addr,
     args = args.SetObject(creds->Ref()).SetObject(sc);
   }
   // Add server port.
-  err = grpc_core::Chttp2ServerAddPort(
-      core_server, addr, args, grpc_core::ModifyArgsForConnection, &port_num);
+  err = grpc_core::Chttp2ServerAddPort(core_server, addr, args, &port_num);
 done:
   sc.reset(DEBUG_LOCATION, "server");
   if (!err.ok()) {
@@ -1250,9 +1745,16 @@ absl::Status grpc_server_add_passive_listener(
   auto args = server->channel_args()
                   .SetObject(credentials->Ref())
                   .SetObject(std::move(sc));
-  passive_listener->listener_ =
-      grpc_core::Chttp2ServerListener::CreateForPassiveListener(
-          server, args, passive_listener);
+  if (grpc_core::IsServerListenerEnabled()) {
+    passive_listener->listener_ =
+        grpc_core::NewChttp2ServerListener::CreateForPassiveListener(
+            server, args, passive_listener);
+  } else {
+    passive_listener->listener_ =
+        grpc_core::Chttp2ServerListener::CreateForPassiveListener(
+            server, args, passive_listener);
+  }
   passive_listener->server_ = server->Ref();
   return absl::OkStatus();
 }