Prior to this PR the name field in HeaderValueExtractor could have been any string. This limits it to valid HTTP header names.
Risk Level: low
Testing: Added fuzz test
Fixes fuzz issue 60277
Signed-off-by: Adi Suissa-Peleg <adip@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 61a1a867c276e81bc0cb5ccd4a11fced7500d03f
* compression: add per-route remove_accept_encoding_header
The use case: envoy is handling compression for all routes by default,
but some routes _may_ be able to handle compression better than
envoy (e.g. by serving precompressed assets), or they may not, in which
case envoy should still compress. The existing per-route compression
configuration, which only consists of "entirely disabling compression",
is not acceptable for this use case.
Signed-off-by: Ian Kerins <git@isk.haus>
Mirrored from https://github.com/envoyproxy/envoy @ 24efd20cfc69f664cb1c94e83537e940fcbb1e2d
Commit Message: docs: add warnings about client cert validation
Additional Description:
Add a warning to TlsContextMatchOptions.validated that the validation
status will always be false for resumed TLS sessions, as validation is
not currently performed upon TLS session resumption.
Add a similar warning to the Lua filter API documentation, regarding the
peerCertificateValidated() method. Fix a couple of existing typos here.
Risk Level: low
Testing: manual (built docs site)
Docs Changes: proto comments and Lua filter API docs
Release Notes: n/a
Platform Specific Features: n/a
Related to #21235
Mirrored from https://github.com/envoyproxy/envoy @ cd92acff8ed6b8f6a513c11b20a8ddb8b16ea14f
Commit Message: Adds a new extension to set the filter state
Risk Level: low
Testing: done
Docs Changes: yes
Release Notes: yes
Issue: #29813
Signed-off-by: Kuat Yessenov <kuat@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 025d49f78410841e6caa26c1e42465c17f168e91
Commit Message: The API is now used in many places and must follow safe deprecation practices.
Additional Description:
Risk Level: low
Testing: none
Docs Changes:
Release Notes:
Platform Specific Features:
Mirrored from https://github.com/envoyproxy/envoy @ be01f8ae38ab48d38ab28dac9a682d789fa4bc09
Commit Message: Fix the default config for port migration. It's supposed to be 4 PTOs, but it was incorrectly set to 1.
Risk Level: low
Testing: integration tests
Docs Changes: n/a
Release Notes: n/a
Platform Specific Features: client only.
Signed-off-by: Renjie Tang <renjietang@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 61afc661ba3b02ae01dd74951c3bee4a1bfb2326
Clean up erroneous toolshed dependency. Noop name update to libcirclhist.
Signed-off-by: moderation <michael@sooper.org>
Mirrored from https://github.com/envoyproxy/envoy @ 147c893e867dc7a8cd5967efcccc8ab394fcdfee
As this is used in the api as well as Envoy itself the dep has
been moved there.
Signed-off-by: phlax <phlax@users.noreply.github.com>
Mirrored from https://github.com/envoyproxy/envoy @ b0fec2ecdd54cf8a92a04a6d2481cdacd65c9d36
Additional Description:
Risk Level: Low
Testing: Ut/Integrated Test
Docs Changes:
Release Notes:
Platform Specific Features:
Signed-off-by: Felix Du <durd07@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6092cdcc2f4cce51c7c6409b4452e52d0a185f42
[ZK filter] Add per opcode request/response byte counters
Additional Description: Currently, the ZK filter only reports total request/response bytes. This PR adds the feature to report per opcode request/response bytes counters. These new metrics will be controlled by enable_per_opcode_request_response_bytes. Its default value is false, which means these metrics will not be emitted by default.
With the per opcode request/response bytes counters, plus existing per opcode request/response counters, we are able to get the average request/response size of each opcode. This gives us more observability of ZK.
Risk Level: low
Testing: unit tests
Docs Changes: This PR updates the ZK filter doc.
Release Notes: See changelogs/current.yaml
API Considerations: Add enable_per_opcode_request_bytes and enable_per_opcode_response_bytes to ZK proto.
Signed-off-by: Zhewei Hu <zhu@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ 91fd29408f0e788f2180746c55bc34d395d24e11
*Composite filter has already been declared as stable in extensions_metadata.yaml
*matching API and its extensions have been used for a while. So I think breaking API changes are not allowed.
Signed-off-by: tyxia <tyxia@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 2c29797bd4744ab0910dc2f3103b48bec852e967
This reverts commit e95324541b0e1cbfa07b43cbf87490cff7383f27.
This change broke the compile_time_options CI job.
Signed-off-by: Greg Greenway <ggreenway@apple.com>
Mirrored from https://github.com/envoyproxy/envoy @ de85ff2a125a2c23378bd463259fbea3e05442f9
This is a revival of #25535 with changes for previous review comments.
Risk level: low
Testing: integration tested
Docs changes: n/a
Release notes: makes the ext_authz filter a dual filter.
See also: #23071 (model), #10455
Signed-off-by: Eugene Chan <eugenechan@google.com>
Signed-off-by: pianiststickman <34144687+pianiststickman@users.noreply.github.com>
Co-authored-by: Greg Greenway <ggreenway@apple.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9918a0a06deaf0cb3c935566523ab3fdd7a2bab1
Commit Message: Add interfaces for QUIC listener filter chain. The filters still use the same config API as TCP listener filters and also get installed before connection creation. The difference is that if the iteration through the chain on onAccept() gets paused, the connection will still be created, though the rest filters will be skipped. The contract of returning StopIteration means the connection socket gets closed, the corresponding connection should be closed.
Additional Message: this change introduced a new extension category envoy.filters.quic_listener.
Risk Level: low, not in use
Testing: new unit tests and integration tests.
Docs Changes: yes
Release Notes: yes
Platform Specific Features: N/A
Signed-off-by: Dan Zhang <danzh@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9d8cb4b0c6892452741fc41e87d50934bf58acc3
* Allow custom local address resolvers.
#27881 introduces the concept of EDS clusters with hosts that have multiple (potentially > 2) IP addresses.
The current implementation of UpstreamLocalAddressSelector limits the number of source addresses in BindConfig artificially to 2, and further requires that the addresses be of different address families.
The workaround for this (if we need to specify more than 2 source addresses or have multiple addresses from the same family) is to use a custom address resolver that resolves the bind config address to nullptr (and therefore ignore it) and call bind in a customised SocketInterfaceImpl to a local source address determined by the SocketInterfaceImpl specialisation.
This PR makes it possible to define a custom local address selector, that makes it easy to work with a custom address resolver to pick the right source address based on the upstream address selected by HappyEyeballsConnectionImpl
Signed-off-by: pcrao <pcrao@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ da47a54a8ccbaa384c4cb62a5f4fcd4745a72c37
Current fill_rate must be above 0.0 (PGV constraint).
However, a low double value can cause an infinite value when computing 1/fill_rate and its cast to uint64_t fails.
This PR changes the minimal fill_rate to be once-per-year, and if a lower value is given, it is overridden and set to once-per-year.
Alternatives considered: changing the PGV value to 3.1709792e-8 (once-per-year).
Risk Level: Low - minor change in behavior
Testing: Added fuzz test case
Docs Changes: Updated API comments
Release Notes: Added.
Platform Specific Features: N/A
Fixes fuzz bug 60974
Signed-off-by: Adi Suissa-Peleg <adip@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ ffddd03ece01d9a542037bbf275e81a714fd6b8c
Adds a config option to set a stat prefix for all stats flushed by the otlp stats sink. Resolves#28962.
Risk Level: low
Testing: Unit tests, integration tests
Docs Changes: API docs
Signed-off-by: ohadvano <ohadvano@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ a19966b92bc3afcdd68ebeffe53c4b6848733e79
update-envoy[bot]