The default value of most_specific_header_mutations_wins is false.
Signed-off-by: derekguo001 <dong.guo@intel.com>
Mirrored from https://github.com/envoyproxy/envoy @ 774bcedf31ac495f4ccb9df5d702f2be6d169079
API for Unified Header Validators
Signed-off-by: Yan Avlasov <yavlasov@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ e569ce06101932cfe3ccb710c3c60b92dd09464b
Based off #20596, this preserves the current behavior by default.
Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>
Co-authored-by: fishy
Mirrored from https://github.com/envoyproxy/envoy @ 53867ab5cc97c945f8c7f6a771d28443b1bcec43
udp: Add a udp_packet_packet_writer_config option to UdpListenerConfig.
Fixes#21200
Risk Level: Low
Testing: Existing and additional tests
Docs Changes: None
Release Notes: Added
Platform Specific Features: N/A
Signed-off-by: Ryan Hamilton <rch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 3a7b26aa3909488a8561a232b82845b8b4cd38bb
Commit Message: make HTTP/3 upstream sends 0-RTT (early data) requests if it has cached 0-RTT credentials. Add a config knob in RouteAction to specify which request can be sent over early data, which by default are HTTP safe methods.
Risk Level: high, changes to conn pool behavior though should only take effect for h3 pool
Testing: added h3 upstream integration tests.
Docs Changes: N/A
Release Notes: changes to docs/root/version_history/current.rst
Platform Specific Features: N/A
Runtime guard: envoy.reloadable_features.http3_sends_early_data
Fixes#18715, #19542
Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Dan Zhang <danzh@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8ce13d75a982ddd347db5a333a4bb080922f7514
* Add an option to RouteConfiguration, when enabled, ignore port contained in host header during host matching.
Signed-off-by: Xin Zhuang <stevenzzz@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 2f99e0c9f83b6c91b42d215a148ed49ce0f174fd
Note: support for logging headers (via %REQ()%) will happen in a follow-up.
Risk Level: medium
Testing: unit tests
Doc Changes: included
Release Notes: updated
Fixes#17898.
Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ 01a0ff52ed3a1e55b14c3bbff4daede6c61fd5fb
Allows users to opt-in to functionality to auto-detect proxy protocol if present, and skip the filter if it's not present.
Signed-off-by: Kevin Dorosh <kevin.dorosh@solo.io>
Mirrored from https://github.com/envoyproxy/envoy @ 18c59eaf1b78c5b6bbe4d6ad96009ec3ecd895e1
This adds an odcds_config field to the extension's config, and also allows the extension to be configured per-route. As it stands, it currently works only with routes using cluster-header config.
Risk Level: Medium, extending one extension in an opt-in way.
Testing: Added unit tests and integration tests.
Fixes#2500
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
Mirrored from https://github.com/envoyproxy/envoy @ a41b254a4e8f1faf40033c50c7122aa654186f63
To avoid HOL blocking impacts on slow connections.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ d0befbbb952c979782857bdb986bec562d9a3c2f
By default the router closes downstream connection if the current request is not routable or the upstream connection is broken. This causes oneway (or async) requests pending on wire or in kernel buffers will be also dropped even if they are routable and their target cluster is perfectly healthy.
Risk Level: low
Testing: unit test
Docs Changes: Comment added to the new API field.
Fixes#12836
Signed-off-by: Tamas Kovacs <tamas.2.kovacs@nokia-sbell.com>
Mirrored from https://github.com/envoyproxy/envoy @ 65a4fc4977c4e50e722461a1d68278d404610342
This is a continuation of #20577.
Additional Description:
Risk Level: low
Testing: unit test
Signed-off-by: kuochunghsu <kuochunghsu@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0be448e6d92dff8d609142a8e5492ebf03884779
Allow configs with both typed and non typed san matchers specified to allow config servers to use the same config for Envoys across multiple versions. The match_subject_alt_names field is ignored if match_typed_subject_alt_names is set.
Signed-off-by: Pradeep Rao <pcrao@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ ef08b1c3d0cf9c2af84d32529a11b3e2056e9dcb
If set, the resolver will avoid the system's heuristics to only return
IPv4 or IPv6 addresses that it considers to be "routable", instead
returning all possible IPv4 or IPv6 addresses. This setting is
ignored if the DNS lookup family is set to v4-only or v6-only.
This may be a useful setting to specify if the addresses considered
unroutable by the system's heuristics may in practice be routable.
Signed-off-by: JP Simard <jp@jpsim.com>
Mirrored from https://github.com/envoyproxy/envoy @ 60a13f30a4e425c907607fab96efee0ed2afcf22
ComparisonFilter's value now marked as required in validate to ensure valid
input to fuzz tests.
Signed-off-by: Andre Vehreschild <vehre@x41-dsec.de>
Mirrored from https://github.com/envoyproxy/envoy @ 8df3136bcc00c701bf5c30d090937e5f37585652
This adds the ability to change the GrpcService used by the ext_proc filter on a per-route basis.
Risk Level: Low. Not triggered unless configured.
Testing: New unit and integration tests added.
Docs Changes: Addition of new config field.
Signed-off-by: Michael Warres <mpw@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0e8899c90213b39d8f4a1a083d4fd31e9c2fe8c1
Add unified matcher for network streams, as a replacement for filter chain match.
See previous discussion in #18871
Signed-off-by: Kuat Yessenov <kuat@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7eb3a87b8757e030aedfdc4959adc509e89ac788
This change introduces a new output sink type for admin /tap requests which buffers traces internally before responding to the client.
This sink is best used to collect traces for requests that are frequently matched, or to work around system limitations such as improper support for streaming HTTP responses.
Signed-off-by: David Peet <davidpeet@tutanota.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0fd80eef63bc9770186c4f4aa345ee63e464cab3
Use type_url to look up extensions. This prevents the undesirable practice of putting invalid protobufs to avoid a type lookup or duplicating the type URL.
Risk Level: medium, affects extensions with duplicated type URLs or no configuration
Testing: yes
Docs Changes: yes, this has been the recommendation for awhile.
Release Notes: yes
Runtime Guard: envoy.reloadable_features.no_extension_lookup_by_name
Signed-off-by: Kuat Yessenov <kuat@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8cb6862fe6099cd8583a64ff037ecdeaf0e939fa