This patch allows setting an additional prefix for HTTP filter stats. This lets the emitted statistics from configured ext_authz HTTP filters in an HTTP filter chain can be distinguished from each other.
Risk Level: Low
Testing: Added a test on additional prefix.
Docs Changes: Added
Release Notes: Added
Fixes#12666
Signed-off-by: Dhi Aurrahman <dio@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 720348b822aed159dc4ec8243fffe95a8775a4cd
Add support for the letting the authorization service tell Envoy which auth related headers to remove once the authorization server is done with them, so that the upstream does not see them.
Signed-off-by: Martin Matusiak <numerodix@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 228c8ad78433c19b61eeaf9aad1c38ec1f2c75cc
Risk Level: LOW
Testing: Unit and format
Fixes#10535
Signed-off-by: Abhay Narayan Katare <abhay.katare@india.nec.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6321e5d95f7e435625d762ea82316b7a9f7071a4
The CdnLoopFilter implements an HTTP filter that detects and prevents
CDN loops using the RFC 8586 CDN-Loop header. The filter can be
configured with the CDN identifier to look for as well as the number
of times the CDN identifier can be seen before responding with an
error.
Signed-off-by: Justin Mazzola Paluska <justinmp@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ c71ec2729cc3c0708223d303e0f24e3bf9a5d0eb
Add OCSP stapling support with configurable stapling policy. A pre-fetched OCSP response can be configured with its corresponding certificate via the new ocsp_staple field in the TlsCertificate message. The new ocsp_staple_policy field on DownstreamTlsContext determines whether an OCSP response is required and whether to continue using the TLS certificate for new connections once its OCSP response expires. The ocsp_staple_policy defaults to LENIENT_STAPLING, which allows the operator to omit ocsp_staples from the configuration and will only use OCSP responses that are present and valid. This should therefore not break any existing configurations.
Risk Level: Medium - touches some core functionality of certificate selection but does not alter any existing behavior
Testing: added
Docs Changes: Added OCSP Stapling subsection in the SSL section of the architecture overview.
Release Notes: Added
Runtime flags:
envoy.reloadable_features.check_ocsp_policy
envoy.reloadable_features.require_ocsp_response_for_must_staple_certs
Signed-off-by: Daniel Goldstein <danielgold95@gmail.com>
Signed-off-by: Stephan Zuercher <zuercher@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ cdd3a837056dc6935c0d8e0fb693d4de89b998e9
This fixes the docs for REQ command operator usage example in LocalReplyConfig and SubstitutionFormatString protos. $REQ(:path)% is an invalid command operator, it should be %REQ(:path)%.
Risk Level: N/A
Testing: N/A
Docs Changes: This is a docs change.
Release Notes: N/A
Signed-off-by: Dhi Aurrahman <dio@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 130c7c4e271fe306ae4dd747daa5f09ff31aef79
As the CSDS service definition described, it has the potential to be used to expose xDS config from a client or proxy. gRPC wants to utilize this service to improve its debuggability. But the ConfigStatus is designed from the control plane point of view. Especially, the client cannot predict if there is new config on its way, so it can't accurately claim any xDS config status as SYNCED. We need another config status to indicate the status that the client received the status and sent out ACK.
Risk Level: Low
Signed-off-by: Lidi Zheng <lidiz@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 22061a275d5fb53132fd1f104dd53cb533922707
Commit Message: Added max_connection_duration for tcp_proxy
Additional Description: Added max_connection_duration for downstream connection. After reaching max_connection_duration the connection will be closed.
Risk Level:
Testing:
Docs Changes:
Release Notes:
includes partial fix to #12077
Signed-off-by: Manish Kumar <manish.kumar1@india.nec.com>
Mirrored from https://github.com/envoyproxy/envoy @ 84f538f1ddcb5c16d98627df8b5e8c38f0f26720
This does predictive (peekahead) prefetch for WRR, RR, and Random schedulers, and plumbing it up to the connection manager, which will currently only use it to prefetch 1 connection (see TODO for follow-up plans)
Risk Level: Medium (refactors LBs somewhat - should be no-op)
Testing: new unit tests
Docs Changes: n/a
Release Notes: n/a
Part of #2755
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 5875f23b60aeeb49e038596d8de36446c6728f5d
Prior to this fix only text_format and json_format were supported which would result in text/plain or application/json content-type. This Introduces content_type field which supports setting content-type for body_format / body_format_override in local_reply_config.
Risk Level: low
Testing: Unit Testing, Manual Testing
Docs Changes: Introduces new field content_type in substitution_format_string.proto that supports setting content-type for body_format / body_format_override in local_reply_config.
Release Notes: Added release notes.
Fixes#11313
Co-authored-by: Devesh Kandpal <devesh.kandpal@dkandpal-ltm.internal.salesforce.com>
Mirrored from https://github.com/envoyproxy/envoy @ a8b946e1c30618dfcab6c7e90333301c16b56a65
Deprecated include_vh_rate_limits in favor of an enum setting vh_rate_limits.
Signed-off-by: Clara Andrew-Wani <candrewwani@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 433e88463fa52986b8071b2738bfdda5b8062b4d
Add a max_stream_duration field and sub-message to RouteAction. This allows overriding the max_stream_duration set via the HTTP Connection Manager. It also moves the max_grpc_timeout and grpc_timeout_offset fields into it, as gRPC timeouts specify the maximum stream time, not response time.
Risk Level: Low
Testing: N/A
Docs Changes: Included in PR.
Release Notes: N/A
Fixes#12578
Signed-off-by: Doug Fawley <dfawley@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4dee4abe1d6285102014f215748ce938f5bfcd0b
This is the first PR towards filesystem support for file:/// URLs
compatible with #11264. Currently it plumbs in only LDS filesystem
support for list collections with only inline entries.
Risk level: Low (opt in)
Testing: Unit and integration tests added.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 108d2bcc884a0249eda26213e5dbdd0124134558
Commit Message: CacheFilter: parses the allowed_vary_headers from the cache config.
Additional Description:
Parses the allowlist from the cache config proto; this allows users to define a set of rules to control which headers can be varied in the cache.
Risk Level: Low
Testing: Unit testing
Docs Changes: Updated cache proto's comments regarding allowed_vary_headers
Release Notes: N/A
Fixes#10131
Signed-off-by: Caio <caiomelo@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6a994d5afcd7fa038beac5113951afe6daaaf677
Tweak the HTTP upgrades documentation to mention RFC8841 in the
documentation body (complementing the existing link to the RFC).
Minor fix to the warning text for CONNECT support.
Make explicit mention of "Extended CONNECT" in the API docs for
`RouteMatch`.
Closes#13044.
Signed-off-by: Nick Travers <n.e.travers@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 12d7b17906df69749990a9f481bc4fce087c22e6
Additional Description: This PR necessitated decoupling SslHandshakerImpl from ContextConfig a bit. We now pass an int representing the index of the extended_info struct rather than the ContextConfig.
This PR moves SslHandshakerImpl to its own build target, moves SslHandshaker construction into the ContextConfig, and adds a HandshakerFactoryContext and HandshakerFactory for modifying the ContextConfig's behavior when constructing a Handshaker. This PR also adds a control (requireCertificates) to turn off the release asserts that a context must have certificates.
This PR builds off work in https://github.com/envoyproxy/envoy/pull/12571 and refines work done (and abandoned) in https://github.com/envoyproxy/envoy/pull/12075/. For more discussion please see the comments section of https://github.com/envoyproxy/envoy/pull/12075/.
Risk Level: Low. This PR does not modify existing handshaking behavior, it just adds an extension point for modifying it.
Testing: A representative alternative implementation was added under :handshaker_test.
Docs Changes: N/a
Release Notes: N/a
Signed-off-by: James Buckland <jbuckland@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7d6e7a4e559bdf0346687f7f404412e2412ea6fb
This patch introduces the xDS transport++ context parameter encoding
algorithm.
Risk level: Low
Testing: Unit tests added.
Part of #11264
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8613b8ebbb2e9465177eb1d437f28363b92225c3
Description: Taking advantage of the new feature introduced in [#12035](https://github.com/envoyproxy/envoy/pull/12035), which introduced quick visibility for init managers to check unready targets, this pull request adds protobuf message for unready targets and enables admin to dump configs of unready targets. An example of config dump for listeners’ unready targets is given in this pull request.
Introduce ```InitDumpHandler``` with ```handlerInitDump``` method to help dump information of unready targets.
Add ```dumpUnreadyTargets``` function for ```init::manager```.
Risk Level: Low
Docs Changes: protodoc
Release Notes: Added
Signed-off-by: pingsun <pingsun@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8aef76370877c66b09f7791f0577ca83aad7d608
Simplified Profile Action to have a per-process limit rather than a per thread limit which simplifies disk-filling concerns.
We want to prevent the profiler from filling the disk, and using a per thread limit creates more complexity and profiles (i.e. for the "global" limit would be #threads * limit per thread vs limit per process. The former is harder to reason about.
Signed-off-by: Kevin Baichoo <kbaichoo@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ faab20c8477827643ae2e22b25b28fef631f0d89
Add a field to the current protobuf of ScopedRouteConfiguration to enable on demand scoped route table loading. The on demand scope route tables will be loaded lazily. The lazy loading feature of route table associated with scope is achieved by extending the current vhds on_demand filter to support lazy loading of RouteConfigurationscoped route discovery service.If a scoped route configuration is set to be loaded lazily, upon a http request using SRDS, when the corresponding route table of a scope is not found, post a callback to control plane, request the route table from the management server, after the route table has been initialized, continue the filter chain.
https://docs.google.com/document/d/15GX30U5CH2bsWUyQRkiiQ_nbMCoklvgP_ObrDaSlkuc/edit?usp=sharing
Risk Level: Low
Testing: add unit tests and integration test to verifiy behavior changes
Fixes#10641
Signed-off-by: chaoqinli <chaoqinli@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 709d1c31749a6ba2eab2865927f10300570ac533
In order to support TLS in a health check connection, a TransportSocket proto must be matched to build the proper TLS connection factory. These are matched by the repeated field transport_socket_matches in the cluster proto, which HDS is currently leaving blank when building this proto. As a result, there is not way to specify a TLS transport socket or any transport socket listed in the docs.
This change adds the transport_socket_matches field to the HDS health check specifier, and adds it to the Cluster config generated by HDS, to support transport socket matches per-health check.
Risk Level: Low
Testing: HDS Unit tests and integration tests pass. Added unit test to test that the transport socket matcher receives the correct fields. Added two integration tests with a TLS configuration, one over HTTP and one over HTTP/2.
Docs Changes: Added comments about the new transport_socket_maches field in the HDS specifier proto.
Release Notes: Included
Signed-off-by: Drew S. Ortega <drewortega@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ bf6b9ba65495175e164b4ef0051b94cd66e7dbf5
This introduces an option to entirely omit null values from the access log.
Risk Level: Low
Testing: Unit and integration tests
Docs Changes: New option documented in proto file
Release Notes: Updated
Fixes#12735
Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
Mirrored from https://github.com/envoyproxy/envoy @ 9d466c71ab217317d3e989b261eb496877348a47
Currently, the maglev hash algorithm default to table size to 65537.
It is the recommended size by a paper but it is better if the user
can set this value.
This patch introduces a new MaglevLbConfig that contains table
size of maglev.
So, now, the user can set the table size of maglev by their situation.
Signed-off-by: DongRyeol Cha <dr83.cha@samsung.com>
Mirrored from https://github.com/envoyproxy/envoy @ 5fd73ca889aa12618c626c96bb33fde4707f8bf0
This patch introduces hash based routing functionality.
It is very similar to tcp's one.
Previously, the udp proxy does not support hash based routing.
So, even if the lb_policy is set, load balancing algorithms will
select a host randomly.
This patch may very useful if some packets should be routed to same host
continuously.
Signed-off-by: DongRyeol Cha <dr83.cha@samsung.com>
Mirrored from https://github.com/envoyproxy/envoy @ a92c496754f04f624729937b9812c5fc4c44b371
This can be used in similar situations to maglev/ring, but can be used when the host selection must remain the same for existing sessions even if more hosts are added to the cluster.
In a test with 1500 endpoints, updating 50 (remove 50, add 50 different ones) took:
without new setting: ~500ms
with new setting (this PR): ~4ms
Signed-off-by: Greg Greenway <ggreenway@apple.com>
Mirrored from https://github.com/envoyproxy/envoy @ 724df08c329c8270509e2a8568be90fd43d597c1
opt-in for serving requests/responses with Content-Length and Transfer-Encoding: chunked. Per RFC remove Content-Length header before forwarding it to upstream.
Signed-off-by: Oleg Guba <oleg@dropbox.com>
Mirrored from https://github.com/envoyproxy/envoy @ 954c93c28dfd6f152bed1ab81534c79faf154490
This is as described in the paper https://arxiv.org/abs/1608.01350; Logic followed is similar to what's in haproxy.
Signed-off-by: Santosh Cheler <santosh.cheler@appdynamics.com>
Mirrored from https://github.com/envoyproxy/envoy @ 760a164640acf75a8009ac89b5ff06f78a733221
Added a watchdog extension that triggers profiling.
Risk Level: Medium (new extension that is optional)
Testing: Unit tests
Docs Changes: Included (added a reference to the generated extension proto.rst)
Release Notes: Included
Fixes#11388
Signed-off-by: Kevin Baichoo <kbaichoo@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ c88515fc0c8a291992732947671190b37949bbbd
Add connect_pool_per_downstream_connection flag to the cluster config (disabled by default)
Add a hashKey method to Connection in order to be able to hash on the connection ID
Signed-off-by: Craig Radcliffe <craig.radcliffe@broadcom.com>
Mirrored from https://github.com/envoyproxy/envoy @ 76a1b24dd511bb5b3a38da3e84c9003ccadc64ce