feat: Allow configuring TCP listen backlog

[relu]

This is an attempt to implement the enhancement proposal from linkerd/linkerd2#14801.

I would like to be able to build a proxy image with this patch and test it live. Any help with that would be greatly appreciated.

Full disclosure: I'm not very familiar with Rust, so I've used Claude to generate most of the changes in this patch, including the tests.

[cratelyn]

hi there, thanks for opening this, i appreciate your patience.

my main questions are about how to polish the defaults here. we obtain defaults in more than one way, and i'd like if we can clean that up.

there are also some changes here introducing additional trait bounds to impl's that i think might be extraneous.

beyond the scope of this pull request, i also don't have a clear picture of how this would fit together with the proxy injector, which would likely need to be made aware of these changes as well, alongside changes to our helm charts.

I would like to be able to build a proxy image with this patch and test it live. Any help with that would be greatly appreciated.

regarding this, you can use the just docker command to build an image. you can note the image tag, and load that into a cluster. then, you can use the config.linkerd.io/proxy-version annotation on a namespace to use your image.

[relu]

regarding this, you can use the just docker command to build an image. you can note the image tag, and load that into a cluster.

Thank you. I was under the impression that it wouldn't build the correct target, as I saw that the actual release image build is a bit more involved. I did manage to build the image that way, so I should be able to test.

[relu]

I managed to test this successfully. I had to configure the proxy.additionalEnv on the Linkerd Helm release in one of our clusters to configure the LINKERD2_PROXY_INBOUND_TCP_LISTEN_BACKLOG override, and it does indeed work correctly

Before (with default value):

$ ss -talp | grep :4143
LISTEN                            0                                 128                                                                0.0.0.0:4143                                                              0.0.0.0:*

After (set to 1024):

$ ss -talp | grep :4143
LISTEN                            0                                 1024                                                               0.0.0.0:4143                                                              0.0.0.0:*

[cratelyn]

this looks good to me. thank you very much, @relu!