<!--
!!!ATTENTION!!!
If you are fixing *any* crash or *any* potential security issue, *do
not*
open a pull request in this repo. Please report the issue via emailing
envoy-security@googlegroups.com where the issue will be triaged
appropriately.
Thank you in advance for helping to keep Envoy secure.
!!!ATTENTION!!!
For an explanation of how to fill out the fields, please see the
relevant section
in
[PULL_REQUESTS.md](https://github.com/envoyproxy/envoy/blob/main/PULL_REQUESTS.md)
-->
Commit Message:
Additional Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional [API
Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):]
---------
Signed-off-by: wbpcode <wbphub@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 44ad1a7db101abe2d42752c21a24913060da8e06
Looks like it broke prechecks
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 6145b7e9cc68061aaaa1c003d6f995e3e4499269
Commit Message: generic proxy: move generic proxy from contrib into
extensions
Additional Description:
The generic proxy is designed as a framework to empower the developers
to develop new L7 proxy for various L7 protocols.
It's be used for multiple different private protocols now in the
production env of our users. And recently, I complete the last part of
generic proxy: the filter chain support to the variable length stream.
And except the private protocols, we use the generic proxy implement the
kafka proxing and pulsar proxing and conditional traffic routing. (part
of these works are contributed back to the envoy).
After an offline discussion with other maintainers, I prepare to move
the generic proxy to the extensions now.
Risk Level: low.
Testing: n/a.
Docs Changes: n/a.
Release Notes: n/a.
Platform Specific Features: n/a.
---------
Signed-off-by: wbpcode <wbphub@live.com>
Signed-off-by: wbpcode <wbphub@gmail.com>
Co-authored-by: wbpcode <wbphub@live.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0dbd4418f6a4b2c649b7c88cff4ec2bec872a9c6
Commit Message: Add a way to configure a quic connection debug visitor factory that will be used to attach a debug visitor to all quic connections on the listener. Adds an interface for this new type of factory.
Additional Description:
Risk Level: Low
Testing: Added new tests and modified existing tests in /test/common/quic. Also performed manual testing on a real machine and sent traffic to it using quic_client.
Docs Changes: Update envoy.config.listener.v3.quic_config.proto inline.
Release Notes: N/A
Platform Specific Features: N/A
Signed-off-by: Will Lampert <wlampert@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0c28205942066b2b5b2ef2a344c9357f27f642c7
For apache thrift compatible HTTP requests and responses, this filter parses the thrift metadata and put them into filter dynamic metadata for other filter usage.
This is the initial proto design, which refers to other filters like json_to_metadata and payload_to_metadata.
Risk Level: low
Testing: build
Docs Changes: yes
#29371
Signed-off-by: kuochunghsu <kuochunghsu@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7081e5637c2cb0ecc90f1d1949c8acf27d576979
* generic proxy: complete the development of HTTP1 codec
Signed-off-by: wbpcode <wbphub@live.com>
* minor update
Signed-off-by: wbpcode <wbphub@live.com>
* add TODOs
Signed-off-by: wbpcode <wbphub@live.com>
* more validation and single frame mode for HTTP
Signed-off-by: wbpcode <wbphub@live.com>
* more test and validation
Signed-off-by: wbpcode <wbphub@live.com>
* handle the 100 continue and the 1xx response
Signed-off-by: wbpcode <wbphub@live.com>
* minor update
Signed-off-by: wbpcode <wbphub@live.com>
* address comments
Signed-off-by: wbpcode <wbphub@live.com>
* address comments
Signed-off-by: wbpcode <wbphub@live.com>
---------
Signed-off-by: wbpcode <wbphub@live.com>
Mirrored from https://github.com/envoyproxy/envoy @ ffcc257e16c9046b2fec7497a6bf9293d8ada286
* API for defining HTTP errors, locally originated errors and database errors.
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
* Adjusted next free field.
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
* Use Any for monitor extensions.
Moved proto for errors and consecutive errors monitor to envoy/extensions.
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
* Adjusted main api's BUILD file.
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
* Renamed common to error_types.
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
* Fixed docs.
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
* Used TypedExtensionConfig instead of user-define message.
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
* Redesign ErrorBucket to avoid using oneof.
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
* Renamed error buckets.
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
---------
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6e71eb87e5d1c5b1853763afce64738bce13b586
The repo has been renamed from cncf/udpa to cncf/xds long time ago, this is just to reflect this in the bazel repo name.
Otherwise this is a noop.
Risk Level: Low
Testing: do_ci.sh
Signed-off-by: Sergii Tkachenko <sergiitk@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ f66bd34bf2060e71516456354202abb8ea23ba71
Commit Message: Allow specifying resource detectors for the OpenTelemetry tracer via a new configuration resource_detectors. The resource detector reads from the env variable OTEL_RESOURCE_ATTRIBUTES which is defined by the OTel specification. The detector returns a resource object populated with the detected attributes, which is sent as part of the OTLP request.
Additional Description: This PR adds the "foundation" for building other resource detectors in Envoy. It is based on the OTel collector implementation. Users can configure multiple resource detectors, and they work together to "merge" all the detected attributes into a single resource object, which is then part of the OTLP message exported.
Risk Level: Low
Testing: Multiple unit tests, that cover all new code/scenarios. I also did manual testing, running Envoy locally with the OTel tracer + env resource detector enabled. Resource attributes detected from my environment is successfully exported as seen in the Jaeger screenshot.
resource-detectors-env-jaeger
Docs Changes: Not sure if I should add/where. Happy to do it.
Release Notes: N/A
Platform Specific Features: N/A
[Optional Runtime guard:] N/A
[Optional Fixes#28929]
Here is how the new config is used:
tracing:
provider:
name: envoy.tracers.opentelemetry
typed_config:
"@type": type.googleapis.com/envoy.config.trace.v3.OpenTelemetryConfig
grpc_service:
envoy_grpc:
cluster_name: opentelemetry_collector
timeout: 0.250s
service_name: envoy-gRPC-exporter
resource_detectors: # --> NEW CONFIG
- name: envoy.tracers.opentelemetry.resource_detectors.environment
typed_config:
"@type": type.googleapis.com/envoy.extensions.tracers.opentelemetry.resource_detectors.v3.EnvironmentResourceDetectorConfig
Signed-off-by: Joao Grassi <joao.grassi@dynatrace.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4eaa1f866164eee5d51e46406bcb31d8dec99bdd
Commit Message: Adds a new extension to set the filter state
Risk Level: low
Testing: done
Docs Changes: yes
Release Notes: yes
Issue: #29813
Signed-off-by: Kuat Yessenov <kuat@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 025d49f78410841e6caa26c1e42465c17f168e91
This reverts commit e95324541b0e1cbfa07b43cbf87490cff7383f27.
This change broke the compile_time_options CI job.
Signed-off-by: Greg Greenway <ggreenway@apple.com>
Mirrored from https://github.com/envoyproxy/envoy @ de85ff2a125a2c23378bd463259fbea3e05442f9
* Allow custom local address resolvers.
#27881 introduces the concept of EDS clusters with hosts that have multiple (potentially > 2) IP addresses.
The current implementation of UpstreamLocalAddressSelector limits the number of source addresses in BindConfig artificially to 2, and further requires that the addresses be of different address families.
The workaround for this (if we need to specify more than 2 source addresses or have multiple addresses from the same family) is to use a custom address resolver that resolves the bind config address to nullptr (and therefore ignore it) and call bind in a customised SocketInterfaceImpl to a local source address determined by the SocketInterfaceImpl specialisation.
This PR makes it possible to define a custom local address selector, that makes it easy to work with a custom address resolver to pick the right source address based on the upstream address selected by HappyEyeballsConnectionImpl
Signed-off-by: pcrao <pcrao@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ da47a54a8ccbaa384c4cb62a5f4fcd4745a72c37
Commit Message: add the proto for the new http filter GrpcFieldExtraction we are going to contribute.
Additional Description: please see the proto comments for this filter's behavior. Thanks @yanavlasov who is willing to be the sponsor.
Risk Level:NA
Testing:NA
Docs Changes:NA
Release Notes:NA
Mirrored from https://github.com/envoyproxy/envoy @ 46a05a6e79b17b64406c83930d3065a545a04cbd
Commit Message:
This commit adds CONNECT-UDP (RFC 9298) support. UdpConnPool is added to create a UDP socket for a new CONNECT-UDP request, and UDPUpstream is added to maintain the socket and other relevant data associated with UDP upstreams.
We added an integration test for the terminating CONNECT-UDP proxy, but not the forwarding proxy in this commit. We are going to add test cases to cover the forwarding proxy scenario in a subsequent commit.
Additional Description:
Risk Level: Medium, the feature can only be enabled by the new configuration added in this commit.
Testing: Integration test
Runtime guard: envoy.reloadable_features.enable_connect_udp_support
Release Notes: added support for CONNECT-UDP (RFC 9298). Can be disabled by setting runtime feature envoy.reloadable_features.enable_connect_udp_support to false.
Signed-off-by: Jeongseok Son <jeongseok.son@gmail.com>
Co-authored-by: asingh-g <abhisinghx@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ b4f37553d6887447f942a1aedbc8c2dacae45537
* add access log to health check
Signed-off-by: Boteng Yao <boteng@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 881bc030a8f1cdc904311de6c1cdba38ef8cc98a
Commit Message: accesslog: support CEL command in the formatter
Risk Level: low
Testing: unit
Docs Changes: none
Release Notes: yes
Mirrored from https://github.com/envoyproxy/envoy @ 8cfeabd5bd0b15b5e6ef029bf9fef4dcaa1c8254
While we return the connection to the pool, the idle timeout starts ticking until the connection is reused.
If the timeout fires, we closes the connection and let the pool knows.
Fixes#23699
Signed-off-by: kuochunghsu <kuochunghsu@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ 57b1c7213327ce6a505d7a8e2209db31561f85d0