Adds a new filter that makes use of the new matching API to allow specifying a filter configuration to use for specific match
results. Once a configuration is selected, the desired filter is created and all callbacks delegated to the specific filter.
Risk Level: Low, new filter
Testing: IT + UT
Docs Changes: Inline proto comments
Signed-off-by: Snow Pettersen <snowp@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ d31ba23d494c310973ceaf1e053393697821e4d3
Commit Message: allow HCM to config Http3Options and use it with other HCM configs, i.e. max_request_headers_kb and headers_with_underscores_action, to setup QuicHttpServerConnectionImpl. And support these configurations in QUIC. Currently the only Http3Options configuration is override_stream_error_on_invalid_http_message.
Additional Description: added Http3 codec stats. Pass it along with Http3Options and other HCM configs.
Risk Level: low
Testing: enable related tests in quic_protocol_integration_test
Docs Changes: updated docs/root/configuration/http/http_conn_man/response_code_details.rst
Part of #12930#2557
Signed-off-by: Dan Zhang <danzh@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ c93d486c2d303dbf2cc9f88717de0bfd66e1afdb
Adds some basic structure for validating match tree constructions, only
with support for validating the data input. Updates the HTTP filter
factory to be able to specify data input requirements and wires it up.
Signed-off-by: Snow Pettersen <snowp@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ afb751344c93f6eb02ea1bd1630a282c55c7aef2
Fixes a few issues with the generated Go protobuf code:
a) the OT protos are not copied over, which means that their importpath
needs to reference a path where it can pull the protos down from. The
"logs" importpath was nonsensical and couldn't be resolved
b) Bunching several proto packages into one target did not work well
with the go package system. This splits the common protos out into its
own target so that it can reference a different importpath than the
other logs protos
Signed-off-by: Snow Pettersen <snowp@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8037370ce45d8c10654114b2b46e27377525c156
Adds support for a "generic input" extension point that allows specifying inputs that are not dependent on protocol data.
Adds an environment variable generic input that allows matching on the value of an environment variable.
Signed-off-by: Snow Pettersen <snowp@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 758a9a90c15331fbfd093f23170454c5a2fbf903
Adding a deprecated API version annotation to deprecated fields and enum values in proto files.
This is part of the work on adding minor/patch versioning work.
Risk Level: Low (adding annotation to existing protos).
Testing: Added and modified tests for the tooling (in tools/testdata).
Signed-off-by: Adi Suissa-Peleg <adip@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 5a8bfa20dc3c85ecb61826d122696ecaa75dffa0
Part of https://github.com/envoyproxy/envoy/issues/12829. The transport
extension will stay a built-in extension since it fits well. UDP
listener and UDP writer extension points have been removed. GSO is
still only enabled for QUIC because it currently depends on QUICHE, has
some obvious perf issues, and is failing non-QUIC integration tests.
Futher work is needed to remove codec extension factories.
Part of https://github.com/envoyproxy/envoy/issues/12829
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8e8a21d20ef0e90ef31ea16f5b5c85ac08d922ae
This adds the foundations of support for glob collections in CDS/SRDS
(in addition to LDS from #14311) and singleton collections in RDS/EDS.
xdstp:// URLs are not normalized across the internal resource graph yet,
so this is only safe to use for sorted context parameters (followup PRs
planned on this).
Part of #11264.
Risk level: Low (opt-in)
Testing: ADS/SRDS integration tests added, various unit tests in
//test/common/config/...
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ fbb7f9ae4171b89a5b622587fec0564820e400ce
Fixes#15579
Risk Level: n/a (no functional change)
Testing: Unit test to verify case added to docs
Docs Changes: Added definition of default value
Signed-off-by: Eric Anderson <ejona@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 54fc5dc459c06d15494fd759ac3e4c4785f6a7b5
some of the category annotations are not in the correct place - this is one of them
Signed-off-by: Ryan Northey <ryan@synca.io>
Mirrored from https://github.com/envoyproxy/envoy @ 5b875969d4571fc5bda77d6340d100142ed98797
Alas I didn't end up moving all of the protocol options over, as the cluster has its own timeout params so most of the QuicProtocolOptions are listener-specific.
Commit Message: adding quic protocol config to quic upstream
Risk Level: n/a (quic only)
Testing: unit tests
Docs Changes: n/a
Release Notes: n/a
part of #14829
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 255f78b3cc66d9ed3aa86cb491d98759314294b9
This PR adds an OTLP logger to Envoy, which allows users to flexibly configure their log structure (according to OpenTelemetry protos).
The API users the common gRPC configuration, used in ALS, for gRPC settings. The flexible OT fields (body, attributes) are completely configurable and are filled with request/response information based on Envoy access log formatting.
There are still a couple of TODOs -
The 'filter_state_objects_to_log' from the common gRPC config isn't added to the log
Resource attributes are not configurable, and only Envoy node info is added.
Note: this extension was added as v3alpha API.
Risk Level: Low - a new extension, so unlikely to break any existing setups (marked as v3alpha API).
Testing: Unit tests.
Docs Changes:
Release Notes: access log: added a new :ref:OpenTelemetry access logger <envoy_v3_api_msg_extensions.access_loggers.open_telemetry.v3alpha.OpenTelemetryAccessLogConfig> extension, allowing a flexible log structure with native Envoy access log formatting.
Signed-off-by: Itamar Kaminski <itamark@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4f52f9ef554e1522e763c0eaf6ef6833aab283e5
Since ext_proc is a request/response protocol on a gRPC stream, a server may fail to respond in a timely way. The "message_timeout" field in the configuration controls how long the proxy will wait for an external processing server to respond to an individual message before giving up and returning an error (or not depending on configuration).
Signed-off-by: Gregory Brail <gregbrail@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 5204a63a49ff09fcd57f189c2addf7f36ffac87c
This is a fast follow from https://github.com/envoyproxy/envoy/pull/15388.
I realized that I made a mistake in not using a common configuration
message. There will be more configuration options such as GRO, etc. that
will be configured similarly in multiple places. I'm correcting this
mistake now since the other change just landed within the last couple of
days.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ bd05ab7b74c2ee288aea9772a03d521cd761bd59
Release notes linked to explanatory docs not API changes, so didn't catch it was still hidden.
h/t @ggreenway for noticing.
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 0acf24ed2580c787227dc7c31f394ac583a598ae
As of today no route found and route is found but the cluster in that route is not ready are sharing the same error detail.
However, this make big difference. The latter is likely a RDS config problem, or explicit blackhole.
The latter might be a slow CDS.
Address #15448
Signed-off-by: Yuchen Dai <silentdai@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ a11d48368c62eb2c238d6d3087c16ffa355243d1
1) Add configuration for max packet size to UDP listeners
2) Add configuration for max packet size to UDP proxy filter
3) Fix crashing issue when a GRO receive is truncated. This
was fixed in the open because GRO recieve does not support
IP fragmentation, thus the previous size of 24000 bytes was
large enough to receive a jumbo frame size datagram. The issue
is now exposed by allowing packet size to be configured larger.
4) Reorganize code and some config around UDP listeners to streamline
the logic when the listener is a UDP listener. Also moved the UDP
batch writer configuration to a better place since it's still
effectively alpha and was marked not implemented.
Fixes https://github.com/envoyproxy/envoy/issues/15327
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 73eec645a39343eec33b5d61bf492ba49c397cfe
Adds support for matching on HTTP request and response trailers.
Also fixes a bug around skipping filter iteration where we would not
skip encoding trailers even if the skip_filter_ flag was set.
Signed-off-by: Snow Pettersen <snowp@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 40964cc30d4e691df5c5f0c32a449a7b4462115a
This replaces prior logic where the :scheme header was consistently overwritten based on the encryption level of the upstream connection.
Risk Level: High (l7 change)
Testing: new integration tests, unit tests
Docs Changes: api docs updated
Release Notes: inline
Runtime guard: envoy.reloadable_features.preserve_downstream_scheme
Part of #14587
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 8ac28e233538f0636b6e079f9d5569707b0ca815
This introduces a new matcher that allows matching on an input value by
computing a hash value and matching if the value % (configured value) is
greater than a configured threshold. This is useful in being able to
define match criteria that should match for a certain % of input values
in a way that is consistent between independent Envoy instances (e.g. it
does not rely on a random input).
Risk Level: Low, new extension
Testing: UTs
Docs Changes: Inline proto docs
Release Notes: n/a
Platform Specific Features: n/a
Fixes#14782
Signed-off-by: Snow Pettersen <snowp@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7fe3d358f7e7e4d4c7282d50c498a7ab0e759a36
This commit adds an API on VmConfig so that users can configure env vars to be injected to Wasm VMs. Resolves#14958
Signed-off-by: Takeshi Yoneda <takeshi@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 789f8a0831acac9bfe5a95f9b8c5331af43437d0
This is useful when there are more than 1 RBAC filter configured
with shadow rules to distinguish the shadow stats generated
by different filters.
Signed-off-by: Yangmin Zhu <ymzhu@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ fa81296e53a040ccebf45bfc6c67044e6d0d8b62
This ensures Envoy can core dump when the dumpability bit might have
been unset (e.g.: running inside a container with fewer capabilities
than the ones Envoy itself has).
Fixes#15242.
Mirrored from https://github.com/envoyproxy/envoy @ 4f1ec4f5c863560ea2da86c5b4cdc9135cd6a5da
* Configuration for path normalization so that normalization can be configured for internal only use and/or forwarding.
Signed-off-by: Asra Ali <asraa@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 236107df5d15381ccf5040c0cb0f163ece9627a2
1) Promote the default UUID request_id implementation to
an actual extension that is required in the build and wire
up all documentation.
2) Add a configuration option to the extension that allows trace
reason packing to be disabled (the default continues to be for it
to be enabled to match existing behavior).
3) Update all documentation for the new behavior.
4) Substantial cleanup of these code paths for clarity and robustness.
Fixes https://github.com/envoyproxy/envoy/issues/11532
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 07c4c17be61c77d87d2c108b0775f2e606a7ae12
Only the BUFFERED body mode is supported in this commit.
In addition, clean up the close stream handling code so that
we only close the stream in the onDestroy callback.
Signed-off-by: Gregory Brail <gregbrail@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 667d99539971130e882d7e86085f4dc9f146857b
This allows us to more easily test response crashes.
Risk Level: low (this is a test-only filter AFAIK)
Testing: unit test, integration test
Docs Changes: Included
Release Notes: Included
Platform Specific Features: N/A
Related Issue #14249
Signed-off-by: Kevin Baichoo <kbaichoo@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 53dc7afdf139b921157155188eaf90188bf78205
data-plane-api(Azure Pipelines)