Using proto.MarshalAny results in unstable output due to non-deterministic map ordering. This in turn causes Envoy's diff to reload a config since the hash of the structure changes.
Enable stable marshaler for gogoproto to avoid this problem. See #6252
Risk Level: low
Testing: n/a
Signed-off-by: Kuat Yessenov <kuat@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 15a19b9cb1cc8bd5a5ec71d125177b3f6c9a3cf5
1) Add stat to track number of active injected faults
2) Add config/runtime control over how many concurrent
faults can be injected. This is useful in cases where
we want to allow 100% fault injection, but want to
protect against too many concurrent requests using too
many resources.
3) Add stat for faults that overflowed.
4) Misc code cleanup / modernization.
Part of https://github.com/envoyproxy/envoy/issues/5942.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 191c8b02b4908f212f800ed0185f6ee689ba8126
Bump up max configurable max_request_headers_kb to 96 KiB.
Add a check to http1/codec_impl.cc for headers size.
Raise the default library limits in http_parser nghttp2 so we'll rely on our own codec check.
Risk Level: Medium.
Testing: Moved all the large request headers tests to ProtocolIntegrationTest.
Part of #5626.
Signed-off-by: Auni Ahsan <auni@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ df3d47f478c29188d22b517d1a0d05793dfe2c62
This PR replaces deprecated HTTP links by HTTPS links for security and consistency.
Signed-off-by: Vu Cong Tuan <tuanvc@vn.fujitsu.com>
Mirrored from https://github.com/envoyproxy/envoy @ b47112f62b5186bb087bdf335f6df6fb072e2a46
Updates the health check filter to treat degraded hosts as healthy for
the purpose of computing the "health" of each cluster. This captures the
idea that these hosts are still available for routing: if the upstream
cluster is fully degraded it's still available, so there shouldn't be a
need for Envoy to declare itself unhealthy.
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ 2e6bd24617f9c9c7085353095e196008370821c6
Co-Authored-By: Nguyen Phuong An <AnNP@vn.fujitsu.com>
Signed-off-by: Kim Bao Long <longkb@vn.fujitsu.com>
Mirrored from https://github.com/envoyproxy/envoy @ 15f1c56397ff404fc98fb3381725bbe48c205234
This adds a new response flag SI that is set when the request is
canceled due to a stream idle timeout.
_Risk Level_: Low
_Testing_: Updated existing access log UTs, added test for setting flag
_Docs Changes_: Updated list of response flags
_Release Notes_: Added release note
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ a22d983cc87170677243d4aeba6457a4972d7980
This commit refactors the tap transport socket to use the common
tap extension configuration and tap matching infrastructure. More
match conditions will be added in a future PR as well as additional
cleanups that have been marked with TODOs.
One result of this PR is that the HTTP tap filter can now have a static
configuration as well as write to a file per tap sink.
All future tap PRs should be smaller and more targeted after this one.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ f37ebdc14f4c0adf0e90aabddae833355c0cec1b
Renaming max_request_headers_size_kb to max_request_headers_kb.
It just merged so hopefully no one is using it yet.
Risk Level: Low.
Testing/docs: Updated docs and config test from #5654.
Signed-off-by: Auni Ahsan <auni@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 71afb134c528ded99510172a65e30cac6503d213
Description: Add a field to http conn manager, max_request_headers_size_kb. Currently you can set the field from 1 to 63, to stay under both http1 (~80K) and http2 (64K) codec limits. I'm experimenting with how high I can configure the codecs to accept, so the limit will likely change.
Risk Level: High. Incorrectly configured max size can cause requests to be rejected.
Testing: Integration and unit testing.
Docs Changes: added release notes and .proto comments
Part of #5626.
Signed-off-by: Auni Ahsan <auni@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0fb9325f7716294b465003fca852065d9c36d016
Configuration of the TCP proxy's deprecated source ip and port
feature comes up periodically and since it was non-trivial for
me to figure out how to even configure it, I thought I'd add
a README with an example.
*Risk Level*: low, docs only
*Testing*: manually tested example
*Docs Changes*: added example for TCP proxy deprecated_v1
*Release Notes*: n/a
Signed-off-by: Stephan Zuercher <zuercher@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ fb47139b8f1e4d47f649c39ddee1a1e04e6e62f8
This is a rename PR only. It renames the capture transport socket
and associated tools to the tap transport socket. It also updates
some documentation. In a subsequent PR I'm going to refactor the
tap transport socket to use the new common tap framework so that
the tap transport socket can be configured via admin, the HTTP
tap filter can write to a file, the tap transport socket can have
matching, etc.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7a5849f2a8bcc55fa16da3eaee94d9c99a11147c
This is a MVP for the HTTP tap filter. It includes minimal
infrastructure for the following:
1. Generic tap configuration which in the future will be used for
static config, XDS config, etc. In this MVP the tap can be
configured via a /tap admin endpoint.
2. Generic output configuration which in the future will be used for
different output sinks such as files, gRPC API, etc. In this MVP
the tap results are streamed back out the /tap admin endpoint.
3. Matching infrastructure. In this MVP only matching on request and
response headers are implemented. Both logical AND and logical OR
matches are possible.
4. In this MVP request/response body is not considered at all.
5. All docs are included and with all the caveats the filter is ready
to use for the limited cases it supports (which are likely still to
be useful).
There is a lot of follow on work which I will do in subsequent PRs.
This includes:
1. Merging the existing capture transport socket into this framework.
2. Implementing body support, both for matching on body contents as
well as outputting body data.
3. Tap rate limiting so too many streams do not get tapped.
4. gRPC matching. Using reflection and loaded proto definitions, it will
be possible to match on gRPC fields.
5. JSON matching. If the body parses as JSON, we can allow matching on
JSON fields.
Part of https://github.com/envoyproxy/envoy/issues/1413.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ cf80045587240d494e54e9772949bc9af5eda61f
This filter contains the logic to decode the mysql wire protocol and SQL queries (SQL99 only).
The code is based on our internal version at VMware. The SQL parser can be found at https://github.com/rshriram/sql-parser. Its a cleaned up version of Hyrise SQL parser. I am keeping the code as a separate library as importing the sources into envoy will cause a lot of changes to the code.
Signed-off-by: Giorgio Valentini <gvalentini@vmware.com>
Signed-off-by: Deepa Kalani <dkalani@vmware.com>
Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>
Signed-off-by: Venil Noronha <veniln@vmware.com>
Mirrored from https://github.com/envoyproxy/envoy @ b3be5713f2100ab5c40316e73ce34581245bd26a
Add support of Any as opaque config for extensions. Deprecates Struct configs. Fixes#4475.
Risk Level: Low
Testing: CI
Docs Changes: Added.
Release Notes: Added.
Signed-off-by: Lizan Zhou <lizan@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 851f591f4ed84594e5e5041e7ada4167a4f3a273
Adds a filter that allows converting a gRPC request into an HTTP/1.1
request with a custom content-type. Allows a vanilla HTTP/1.1 upstream
to handle incoming requests by reading and responding with protobuf
messages in binary octet format.
For now this shields the upstream from any gRPC association: the filter
removes the gRPC specific message prefix and manages the conversion of
the HTTP status code into grpc-status.
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ a97e138ffc58c13dc5be277b877c6a5949083023
* api: add proto options for java
* add ci for checking proto options
Signed-off-by: Penn (Dapeng) Zhang <zdapeng@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 02659d411332e9f20d229f482931c15304ea17fd
Description: The new request_timeout in http connection manager covers the filter chain.
Risk Level: N/A
Fixes#4830
Signed-off-by: Auni Ahsan <auni@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 92e932a9a26ca178ad77a8e3616fadd57d3f807d
This identifies downstream disconnects from within the HTTP Connection
Manager and eventually echoes it out via the access log.
Signed-off-by: Venil Noronha <veniln@vmware.com>
Mirrored from https://github.com/envoyproxy/envoy @ 988f7d81f973e17c76db3f900cf145c371d6e8b3