* add access log to health check
Signed-off-by: Boteng Yao <boteng@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 881bc030a8f1cdc904311de6c1cdba38ef8cc98a
Commit Message: accesslog: support CEL command in the formatter
Risk Level: low
Testing: unit
Docs Changes: none
Release Notes: yes
Mirrored from https://github.com/envoyproxy/envoy @ 8cfeabd5bd0b15b5e6ef029bf9fef4dcaa1c8254
While we return the connection to the pool, the idle timeout starts ticking until the connection is reused.
If the timeout fires, we closes the connection and let the pool knows.
Fixes#23699
Signed-off-by: kuochunghsu <kuochunghsu@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ 57b1c7213327ce6a505d7a8e2209db31561f85d0
This filter is configured with request_rules that will be matched against requests. A field_selector of a rule represents the head of a linked list, each node of the linked list has a name for logging and an id for matching. The field_selector is tied to a payload field when the linked list corresponds to a downward path which rooted in the top-level of the request message structure. on_present is triggered when corresponding the payload is present. Otherwise, on_missing is triggered.
This filter is designed to support payload passthrough. By performing payload to metadata filter can do deserialization once, and pass the metadata to other filters. This means that load balancing decisions, consumed from log and routing could all use payload information with a single parse. Also notably performing the parsing in payload passthrough buffer will mean deserialization once and not re-serializing, which is the most performant outcome.
Risk Level: low
Testing: unit
Docs Changes: multiple rst
Fixes#23322
Signed-off-by: kuochunghsu <kuochunghsu@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ cd208a5dbc281dcc27a8155a210037267c08ff6f
Add dubbo codec for generic proxy to support proxy dubbo traffic by the generic proxy. It's simple wrapper to the common dubbo codec (`/source/extensions/common/dubbo`).
Risk Level: n/a. new feature.
Testing: Unit.
Docs Changes: n/a.
Release Notes: Added.
Platform Specific Features: n/a.
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
Mirrored from https://github.com/envoyproxy/envoy @ ab0abb640b1e501c66762c45b164529378c6bf66
make QUIC connection ID generation an extension point with currently in-use EnvoyDeterministicConnectionIdGenerator as the default implementation.
Additional Description: fix some previously unused QUICHE build targets.
Risk Level: low, control plane change
Testing: added new unit tests
Docs Changes: docs/root/api-v3/config/quic/quic_extensions.rst
Release Notes: N/A
API Considerations: interface naming and documentation
Signed-off-by: Dan Zhang <danzh@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 02ebc03205cfae5b26ce890050b9d1b6e0c2d1f5
This PR will implement issue detailed here and described below: #7763
Match Patterns and Templates
Wildcard support based on match patterns and templates.
A match pattern matches an incoming URL path.
Match patterns support glob operators to match URL text and variable definitions to bind matched text to names.
Template patterns are used to re-write URLs.
Template patterns build new URLs and may reference variables bound by a match pattern.
Match Examples
/**.m3u8 would match /foo.m3u8 and /foo/bar.m3u8.
/{dir_name}/*.ts would match /example/file.ts and bind dir_name="example" for a later template match to use.
/{dir_name}/**.ts would match /example/path/file.ts and bind dir_name="example" for a later template match to use. This would also match /example/.ts, which may or may not be a desired behavior.
/{path=v1/*}/{file=*.ts} would match /v1/example/movie.ts (binding path="v1/example" and file="movie"), but would not match /v0/example/movie.ts.
See post for full details and example:
#7763 (comment)
Risk Level:
Testing:
Unit tests. Both both internal matching/rewrite library and config/data plane changes.
Signed-off-by: silverstar195 <seanmaloney@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8cfc61f916cf52ce8bce6710686e9d4fca2c06bd
* initial draft for the meta protocol proxy
Signed-off-by: wbpcode <comems@msn.com>
* minor update
Signed-off-by: wbpcode <comems@msn.com>
* add match implemented
Signed-off-by: wbpcode <comems@msn.com>
* add some simple test
Signed-off-by: wbpcode <wbphub@live.com>
* add more test for route matcher
Signed-off-by: wbpcode <wbphub@live.com>
* partial commit
Signed-off-by: wbpcode <wbphub@live.com>
* complete basic unit test
Signed-off-by: wbpcode <comems@msn.com>
* fix format
Signed-off-by: wbpcode <comems@msn.com>
* fix error after merge
Signed-off-by: wbpcode <wbphub@live.com>
* add some more test
Signed-off-by: wbpcode <wbphub@live.com>
* minor fix
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* fix test
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* just make it run
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* just make it run
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* first integration test
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* complete almost all the tests and fix docs and format
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* fix proto format
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* minor update
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* add cleanup
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* update for clang tidy and type error
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* lower coverage threshould
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* fix unexpected include
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* fix window build
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* rename to generic proxy to avoid name conflict
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* fix docs
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* remove unnecessary readme
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* update comments and name of matcher
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* fix format
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* add name method
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* move everything to contrib
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* simple release note
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* fix format
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
Signed-off-by: wbpcode <comems@msn.com>
Signed-off-by: wbpcode <wbphub@live.com>
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
Mirrored from https://github.com/envoyproxy/envoy @ 51c0d6f47c98087c7e3288205cbf8edf50ae0196
This changes the Upstream Filter code to creating the codec filter via factory which
requires adding all UpstreamRequest/CodecFilter interactions to an UpstreamCallback interface accessible through the filter manager
requires unhiding the configuration because the presubmit cross-checks for the registered factory require all the config be unhidden
allows configuring the codec filter in configuration, in case of eventual alternate terminal filter
allows fixing up the filter dependency validator to validate the entire upstream filter chain.
Upstream filters flipped on for CI, SHOULD BE FLIPPED OFF BEFORE SUBMITTING
Risk Level: low assuming it's flipped back off
Testing: updated unit tests, covered by filter integration tests
Docs Changes: n/a
Release Notes: n/a (off by default)
Part of #10455
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 978004308203aa9e86886512adf6b26376958405
Commit Message: contrib: add Hyperscan regex engine
Additional Description: Hyperscan has been introduced as an input matcher earlier this year. Since the regex engine interface has been completed, the patch extent the usage of Hyperscan into a contrib regex engine.
Risk Level: Low
Testing: Unit
Docs Changes: API
Release Notes: N/A
Platform Specific Features: Requires processor with SSSE3 support (nearly any modern x86 processor)
Signed-off-by: Xie Zhihao <zhihao.xie@intel.com>
Mirrored from https://github.com/envoyproxy/envoy @ 725d0b4b3e6fb84aa7dfd1ca4d5792f2dc4558b2
This PR is the first of a series to implement pattern matching and rewrite functionality for Envoy.
These specific proto changes:
Add the foundation for two extension configs
Change the API to expose the extension configs to end users
Risk Level: Low
Signed-off-by: silverstar195 <seanmaloney@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 25654b97cdd2647c258ae459e6607f51e99c99cc
Next generation Intel® QAT support with Intel® Xeon® Scalable processors
will feature an Intel® QAT cryptography and compression acceleration
engine.
QAT private key provider extension will use qatlib library
(https://github.com/intel/qatlib) to accelerate RSA operations in
handshakes. The extension will look a bit like the existing cryptomb
private key provider. The use case is to move the expensive
cryptographic operations away from the CPU to the accelerator device,
leaving CPU cycles for other use.
Support for Intel® QAT is already present in the mainline Linux kernel
and in Kubernetes device plugins (to expose the device files to
containers). There are previous generations of Intel QAT® hardware
devices, but they are not supported by this extension.
Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9447ff5bfa8081fc2ddd5918b8ee9c1fd6720c7a
This can be used when using the system resolver is desired. For
example, on Android.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 516b3f304bccf451691224c71a357f9c62840b2b
Creates a transport socket for HTP/1.1 proxy support.
With the combination of the transport socket, and a filter putting the proxy stream info in place this will
redirect TCP connections to the proxy IP address
prefix TLS connections with cleartext CONECT headers to the destination host, and strip CONNECT response
change cleartext HTTP/1.1 to send fully qualified URLs
Risk Level: medium (intended as a no op but it does have data plane refactory)
Testing: new unit, integration tests
Docs Changes: n/a
Part of envoyproxy/envoy-mobile#1622
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 095f4ca336d3d705e629b207fb2cbbc22d29db8f
Signed-off-by: Sergii Tkachenko <sergiitk@google.com>
Co-authored-by: Yan Avlasov <yavlasov@google.com>
Co-authored-by: Matt Klein <mattklein123@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 259d76ef89bc008db6620497c424a3ca3fe97d88
Implements a special transport socket for transferring state (metadata and filter state) over the internal connection.
This transport socket captures a subset of endpoint metadata, cluster metadata, and stream filter state in the user space socket. When an internal listener accepts a user space socket connection, it immediately merges this passthrough state into the connection stream info. Because the state can be transferred from HTTP stream to TCP stream, this transport socket also participates in the hashing decisions in the HTTP connection pools.
Commit Message: Add passhtrough state over internal connection.
Risk Level: low, new extension
Testing: WIP
Docs Changes: yes
Release Notes: yes
Platform Specific Features:
Fixes: #19274
Signed-off-by: Kuat Yessenov <kuat@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 637a92a56e2739b5f78441c337171968f18b46ee
Add support for injecting regex engine with its options on startup in a bootstrap option. These are some API, runtime and implementation changes.
* google_re2 in safe_regex will be deprecated and no longer be required. Regex::parseRegex will choose the registered regex engine to parse expressions into matchers.
* A new bootstrap option default_regex_engine will be introduced for regex engine selection.
* For compatibility, GoogleRE2 will be chosen as default regex engine if no regex engine is designated.
Signed-off-by: Xie Zhihao <zhihao.xie@intel.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0a92cc86e7f8b88d5af0eb2e27b5c7ef64719e56
API for Unified Header Validators
Signed-off-by: Yan Avlasov <yavlasov@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ e569ce06101932cfe3ccb710c3c60b92dd09464b
udp: Add a udp_packet_packet_writer_config option to UdpListenerConfig.
Fixes#21200
Risk Level: Low
Testing: Existing and additional tests
Docs Changes: None
Release Notes: Added
Platform Specific Features: N/A
Signed-off-by: Ryan Hamilton <rch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 3a7b26aa3909488a8561a232b82845b8b4cd38bb
Commit Message: make HTTP/3 upstream sends 0-RTT (early data) requests if it has cached 0-RTT credentials. Add a config knob in RouteAction to specify which request can be sent over early data, which by default are HTTP safe methods.
Risk Level: high, changes to conn pool behavior though should only take effect for h3 pool
Testing: added h3 upstream integration tests.
Docs Changes: N/A
Release Notes: changes to docs/root/version_history/current.rst
Platform Specific Features: N/A
Runtime guard: envoy.reloadable_features.http3_sends_early_data
Fixes#18715, #19542
Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Dan Zhang <danzh@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8ce13d75a982ddd347db5a333a4bb080922f7514