This patch adds a new tracer to support the SkyWalking tracing mechanism and format.
Risk Level: Low, a new extension.
Testing: Unit
Docs Changes: Added
Release Notes: Added
Signed-off-by: wbpcode <comems@msn.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7d0f89b1011503ecd22f28e347cf7f76cba73057
Adds a configurable timeout for the amount of time a downstream client is allowed to finish the transport-level connect before the connection is forcefully terminated. This can be used to require that a client finishes the TLS handshake in a bounded amount of time.
Signed-off-by: Alex Konradi <akonradi@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 2d0a2f67eccc741f8d093c56b1ed4ea3f1382c06
Add flag protected checks for frame flood and abuse by upstream servers
Signed-off-by: Yan Avlasov <yavlasov@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6b0f592dd34819fe094de9c6d11695e806bdd1d2
The match all filter chain is chosen when no other filter chain matches
the request.
Signed-off-by: Yuchen Dai <silentdai@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ e62c994fac7ba18babfe2742b5595217ae2569c4
Modifies ratelimit filter to be able to use information
from the route's filter metadata as one of its actions
Signed-off-by: András Czigány <andras.czigany@strivacity.com>
Mirrored from https://github.com/envoyproxy/envoy @ 06813b2c42721489470ec94b2bc75a9771d6e403
Adds a no_traffic_healthy_interval for when a cluster is marked healthy
and we want to use a different interval than no_traffic_interval
Fixes https://github.com/envoyproxy/envoy/issues/13246
Risk level: Low
Testing: Unit test
Signed-off-by: Chuong Vu <chuongv@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 593be2274c3cba09873f162dd1d0c4d1fcf18641
This is a follow up to 2c60632.
This forces all callers to think about multiple header values. There may be places that we want
to support multiple values, but none of them are security critical and this change should be
functionally equivalent to what exists today.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4d77fc802c3bc1c517e66c54e9c9507ed7ae8d9b
This patch allows to set parent context which carries the current request stream info to a gRPC async client instance.
Risk Level: Low
Testing: Added
Docs Changes: Updated
Release Notes: Added
Fixes#13345
Signed-off-by: Dhi Aurrahman <dio@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ e5aa69658c6182dd41b6217ec7f6c4c00cac84b4
Commit Message: Implementing the new stream duration fields, and deprecating the old ones.
This does change the gRPC status code (to the correct code) for prior HCM duration timeouts. It's behind an existing guard but the status code change is not separately guarded.
Risk Level: low - config guarded with the exception of the gRPC status code change.
Testing: new unit tests, updated integration tests
Docs Changes: n/a
Release Notes: deprecation notes include new fields.
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ ce8a901c8f9f754a78ca4b3e03f4df120cc1e75b
Risk Level: LOW
Testing: Unit and format
Fixes#10535
Signed-off-by: Abhay Narayan Katare <abhay.katare@india.nec.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6321e5d95f7e435625d762ea82316b7a9f7071a4
This fixes the docs for REQ command operator usage example in LocalReplyConfig and SubstitutionFormatString protos. $REQ(:path)% is an invalid command operator, it should be %REQ(:path)%.
Risk Level: N/A
Testing: N/A
Docs Changes: This is a docs change.
Release Notes: N/A
Signed-off-by: Dhi Aurrahman <dio@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 130c7c4e271fe306ae4dd747daa5f09ff31aef79
Commit Message: Added max_connection_duration for tcp_proxy
Additional Description: Added max_connection_duration for downstream connection. After reaching max_connection_duration the connection will be closed.
Risk Level:
Testing:
Docs Changes:
Release Notes:
includes partial fix to #12077
Signed-off-by: Manish Kumar <manish.kumar1@india.nec.com>
Mirrored from https://github.com/envoyproxy/envoy @ 84f538f1ddcb5c16d98627df8b5e8c38f0f26720
This does predictive (peekahead) prefetch for WRR, RR, and Random schedulers, and plumbing it up to the connection manager, which will currently only use it to prefetch 1 connection (see TODO for follow-up plans)
Risk Level: Medium (refactors LBs somewhat - should be no-op)
Testing: new unit tests
Docs Changes: n/a
Release Notes: n/a
Part of #2755
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 5875f23b60aeeb49e038596d8de36446c6728f5d
Prior to this fix only text_format and json_format were supported which would result in text/plain or application/json content-type. This Introduces content_type field which supports setting content-type for body_format / body_format_override in local_reply_config.
Risk Level: low
Testing: Unit Testing, Manual Testing
Docs Changes: Introduces new field content_type in substitution_format_string.proto that supports setting content-type for body_format / body_format_override in local_reply_config.
Release Notes: Added release notes.
Fixes#11313
Co-authored-by: Devesh Kandpal <devesh.kandpal@dkandpal-ltm.internal.salesforce.com>
Mirrored from https://github.com/envoyproxy/envoy @ a8b946e1c30618dfcab6c7e90333301c16b56a65
Deprecated include_vh_rate_limits in favor of an enum setting vh_rate_limits.
Signed-off-by: Clara Andrew-Wani <candrewwani@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 433e88463fa52986b8071b2738bfdda5b8062b4d
Add a max_stream_duration field and sub-message to RouteAction. This allows overriding the max_stream_duration set via the HTTP Connection Manager. It also moves the max_grpc_timeout and grpc_timeout_offset fields into it, as gRPC timeouts specify the maximum stream time, not response time.
Risk Level: Low
Testing: N/A
Docs Changes: Included in PR.
Release Notes: N/A
Fixes#12578
Signed-off-by: Doug Fawley <dfawley@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4dee4abe1d6285102014f215748ce938f5bfcd0b
This is the first PR towards filesystem support for file:/// URLs
compatible with #11264. Currently it plumbs in only LDS filesystem
support for list collections with only inline entries.
Risk level: Low (opt in)
Testing: Unit and integration tests added.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 108d2bcc884a0249eda26213e5dbdd0124134558
Commit Message: CacheFilter: parses the allowed_vary_headers from the cache config.
Additional Description:
Parses the allowlist from the cache config proto; this allows users to define a set of rules to control which headers can be varied in the cache.
Risk Level: Low
Testing: Unit testing
Docs Changes: Updated cache proto's comments regarding allowed_vary_headers
Release Notes: N/A
Fixes#10131
Signed-off-by: Caio <caiomelo@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6a994d5afcd7fa038beac5113951afe6daaaf677
Tweak the HTTP upgrades documentation to mention RFC8841 in the
documentation body (complementing the existing link to the RFC).
Minor fix to the warning text for CONNECT support.
Make explicit mention of "Extended CONNECT" in the API docs for
`RouteMatch`.
Closes#13044.
Signed-off-by: Nick Travers <n.e.travers@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 12d7b17906df69749990a9f481bc4fce087c22e6
This patch introduces the xDS transport++ context parameter encoding
algorithm.
Risk level: Low
Testing: Unit tests added.
Part of #11264
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8613b8ebbb2e9465177eb1d437f28363b92225c3
Add a field to the current protobuf of ScopedRouteConfiguration to enable on demand scoped route table loading. The on demand scope route tables will be loaded lazily. The lazy loading feature of route table associated with scope is achieved by extending the current vhds on_demand filter to support lazy loading of RouteConfigurationscoped route discovery service.If a scoped route configuration is set to be loaded lazily, upon a http request using SRDS, when the corresponding route table of a scope is not found, post a callback to control plane, request the route table from the management server, after the route table has been initialized, continue the filter chain.
https://docs.google.com/document/d/15GX30U5CH2bsWUyQRkiiQ_nbMCoklvgP_ObrDaSlkuc/edit?usp=sharing
Risk Level: Low
Testing: add unit tests and integration test to verifiy behavior changes
Fixes#10641
Signed-off-by: chaoqinli <chaoqinli@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 709d1c31749a6ba2eab2865927f10300570ac533
This introduces an option to entirely omit null values from the access log.
Risk Level: Low
Testing: Unit and integration tests
Docs Changes: New option documented in proto file
Release Notes: Updated
Fixes#12735
Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
Mirrored from https://github.com/envoyproxy/envoy @ 9d466c71ab217317d3e989b261eb496877348a47
Currently, the maglev hash algorithm default to table size to 65537.
It is the recommended size by a paper but it is better if the user
can set this value.
This patch introduces a new MaglevLbConfig that contains table
size of maglev.
So, now, the user can set the table size of maglev by their situation.
Signed-off-by: DongRyeol Cha <dr83.cha@samsung.com>
Mirrored from https://github.com/envoyproxy/envoy @ 5fd73ca889aa12618c626c96bb33fde4707f8bf0
This can be used in similar situations to maglev/ring, but can be used when the host selection must remain the same for existing sessions even if more hosts are added to the cluster.
In a test with 1500 endpoints, updating 50 (remove 50, add 50 different ones) took:
without new setting: ~500ms
with new setting (this PR): ~4ms
Signed-off-by: Greg Greenway <ggreenway@apple.com>
Mirrored from https://github.com/envoyproxy/envoy @ 724df08c329c8270509e2a8568be90fd43d597c1
opt-in for serving requests/responses with Content-Length and Transfer-Encoding: chunked. Per RFC remove Content-Length header before forwarding it to upstream.
Signed-off-by: Oleg Guba <oleg@dropbox.com>
Mirrored from https://github.com/envoyproxy/envoy @ 954c93c28dfd6f152bed1ab81534c79faf154490
This is as described in the paper https://arxiv.org/abs/1608.01350; Logic followed is similar to what's in haproxy.
Signed-off-by: Santosh Cheler <santosh.cheler@appdynamics.com>
Mirrored from https://github.com/envoyproxy/envoy @ 760a164640acf75a8009ac89b5ff06f78a733221
Add connect_pool_per_downstream_connection flag to the cluster config (disabled by default)
Add a hashKey method to Connection in order to be able to hash on the connection ID
Signed-off-by: Craig Radcliffe <craig.radcliffe@broadcom.com>
Mirrored from https://github.com/envoyproxy/envoy @ 76a1b24dd511bb5b3a38da3e84c9003ccadc64ce
In the closed-source implementation of the AWS X-Ray tracer extension
there was additional span metadata that was hard-coded for the AWS App Mesh
service. This was expectedly removed from the implementation that was
upstreamed but there was a miss in adding an API to re-add this metadata
to spans.
Signed-off-by: Scott LaVigne <lavignes@amazon.com>
Mirrored from https://github.com/envoyproxy/envoy @ 64731cece4fb1c7a63251007e3f8bf319d1cb895
For matching values in the header that might be somewhere in the middle of the header, the present option is to use Regex in the form .Search-Pattern.. This can cause catastrophic backtracking as described in #7728
As a solution, I have introduced another header match type called contains which is based on absl::StrContains().
Risk Level: Low
Testing: Unit tests are included and manual testing was performed.
Fixes#12590
Signed-off-by: Shivanshu Goswami <shigoswami@ebay.com>
Mirrored from https://github.com/envoyproxy/envoy @ e322daaf0ca70fd3fcb1c1405830c73395510d93