Access Control causes timeout on intercepted requests

[oteffahi]

Describe the bug

Using ACL to block request messages causes the instance performing the request to timeout on the handling of the expected responses. Ideally a blocked request should instantly resolve to an empty response, simulating the absence of destinations. This applies to query and liveliness_query messages.

To reproduce

Deny in egress a query or a liveliness_query message. The instance will wait until a timeout then log an error.

System info

Zenoh 1.2.1
All platforms

[DenisBiryukov91]

@oteffahi Maybe it is worth returning a error response, explaining that user does not have required permission ?

[oteffahi]

@oteffahi Maybe it is worth returning a error response, explaining that user does not have required permission ?

Suppose you perform a get on ** and have egress filters for certain connected peers that should not receive the get, in this case you receive responses from the authorized peers, and timeout on the peers that never received the get. Returning an Error wouldn't make sense, since blocking the get at egress was intended behavior.
In another case, if the get is blocked at ingress by the destination, the timeout issue will also occur on the sender of the get, and in this case responding with an error that they do not have the permission makes more sense than the previous scenario. However access control should ideally not leak the information that the remote instance is blocking the get, and should instead create the illusion that there was no matching destination for the query.