* http api: new disable flag to disable a filter in the filter chain by default
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* complete development
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* more tests to verify the new feature
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* add release note
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* fix link
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* fix test
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* Update api/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
Co-authored-by: Matt Klein <mattklein123@gmail.com>
Signed-off-by: code <wangbaiping@corp.netease.com>
* Update changelogs/current.yaml
Co-authored-by: Matt Klein <mattklein123@gmail.com>
Signed-off-by: code <wangbaiping@corp.netease.com>
* Update source/common/http/filter_chain_helper.h
Co-authored-by: Matt Klein <mattklein123@gmail.com>
Signed-off-by: code <wangbaiping@corp.netease.com>
* fix spelling error
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* fix ci
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
---------
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
Signed-off-by: code <wangbaiping@corp.netease.com>
Co-authored-by: Matt Klein <mattklein123@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9be3183433f30e9a726add174c80fd32cf6b7202
Prior to this PR the name field in HeaderValueExtractor could have been any string. This limits it to valid HTTP header names.
Risk Level: low
Testing: Added fuzz test
Fixes fuzz issue 60277
Signed-off-by: Adi Suissa-Peleg <adip@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 61a1a867c276e81bc0cb5ccd4a11fced7500d03f
* compression: add per-route remove_accept_encoding_header
The use case: envoy is handling compression for all routes by default,
but some routes _may_ be able to handle compression better than
envoy (e.g. by serving precompressed assets), or they may not, in which
case envoy should still compress. The existing per-route compression
configuration, which only consists of "entirely disabling compression",
is not acceptable for this use case.
Signed-off-by: Ian Kerins <git@isk.haus>
Mirrored from https://github.com/envoyproxy/envoy @ 24efd20cfc69f664cb1c94e83537e940fcbb1e2d
Commit Message: docs: add warnings about client cert validation
Additional Description:
Add a warning to TlsContextMatchOptions.validated that the validation
status will always be false for resumed TLS sessions, as validation is
not currently performed upon TLS session resumption.
Add a similar warning to the Lua filter API documentation, regarding the
peerCertificateValidated() method. Fix a couple of existing typos here.
Risk Level: low
Testing: manual (built docs site)
Docs Changes: proto comments and Lua filter API docs
Release Notes: n/a
Platform Specific Features: n/a
Related to #21235
Mirrored from https://github.com/envoyproxy/envoy @ cd92acff8ed6b8f6a513c11b20a8ddb8b16ea14f
Commit Message: Adds a new extension to set the filter state
Risk Level: low
Testing: done
Docs Changes: yes
Release Notes: yes
Issue: #29813
Signed-off-by: Kuat Yessenov <kuat@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 025d49f78410841e6caa26c1e42465c17f168e91
Commit Message: The API is now used in many places and must follow safe deprecation practices.
Additional Description:
Risk Level: low
Testing: none
Docs Changes:
Release Notes:
Platform Specific Features:
Mirrored from https://github.com/envoyproxy/envoy @ be01f8ae38ab48d38ab28dac9a682d789fa4bc09
Commit Message: Fix the default config for port migration. It's supposed to be 4 PTOs, but it was incorrectly set to 1.
Risk Level: low
Testing: integration tests
Docs Changes: n/a
Release Notes: n/a
Platform Specific Features: client only.
Signed-off-by: Renjie Tang <renjietang@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 61afc661ba3b02ae01dd74951c3bee4a1bfb2326
Clean up erroneous toolshed dependency. Noop name update to libcirclhist.
Signed-off-by: moderation <michael@sooper.org>
Mirrored from https://github.com/envoyproxy/envoy @ 147c893e867dc7a8cd5967efcccc8ab394fcdfee
As this is used in the api as well as Envoy itself the dep has
been moved there.
Signed-off-by: phlax <phlax@users.noreply.github.com>
Mirrored from https://github.com/envoyproxy/envoy @ b0fec2ecdd54cf8a92a04a6d2481cdacd65c9d36
Additional Description:
Risk Level: Low
Testing: Ut/Integrated Test
Docs Changes:
Release Notes:
Platform Specific Features:
Signed-off-by: Felix Du <durd07@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6092cdcc2f4cce51c7c6409b4452e52d0a185f42
[ZK filter] Add per opcode request/response byte counters
Additional Description: Currently, the ZK filter only reports total request/response bytes. This PR adds the feature to report per opcode request/response bytes counters. These new metrics will be controlled by enable_per_opcode_request_response_bytes. Its default value is false, which means these metrics will not be emitted by default.
With the per opcode request/response bytes counters, plus existing per opcode request/response counters, we are able to get the average request/response size of each opcode. This gives us more observability of ZK.
Risk Level: low
Testing: unit tests
Docs Changes: This PR updates the ZK filter doc.
Release Notes: See changelogs/current.yaml
API Considerations: Add enable_per_opcode_request_bytes and enable_per_opcode_response_bytes to ZK proto.
Signed-off-by: Zhewei Hu <zhu@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ 91fd29408f0e788f2180746c55bc34d395d24e11
*Composite filter has already been declared as stable in extensions_metadata.yaml
*matching API and its extensions have been used for a while. So I think breaking API changes are not allowed.
Signed-off-by: tyxia <tyxia@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 2c29797bd4744ab0910dc2f3103b48bec852e967
This reverts commit e95324541b0e1cbfa07b43cbf87490cff7383f27.
This change broke the compile_time_options CI job.
Signed-off-by: Greg Greenway <ggreenway@apple.com>
Mirrored from https://github.com/envoyproxy/envoy @ de85ff2a125a2c23378bd463259fbea3e05442f9
This is a revival of #25535 with changes for previous review comments.
Risk level: low
Testing: integration tested
Docs changes: n/a
Release notes: makes the ext_authz filter a dual filter.
See also: #23071 (model), #10455
Signed-off-by: Eugene Chan <eugenechan@google.com>
Signed-off-by: pianiststickman <34144687+pianiststickman@users.noreply.github.com>
Co-authored-by: Greg Greenway <ggreenway@apple.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9918a0a06deaf0cb3c935566523ab3fdd7a2bab1
Commit Message: Add interfaces for QUIC listener filter chain. The filters still use the same config API as TCP listener filters and also get installed before connection creation. The difference is that if the iteration through the chain on onAccept() gets paused, the connection will still be created, though the rest filters will be skipped. The contract of returning StopIteration means the connection socket gets closed, the corresponding connection should be closed.
Additional Message: this change introduced a new extension category envoy.filters.quic_listener.
Risk Level: low, not in use
Testing: new unit tests and integration tests.
Docs Changes: yes
Release Notes: yes
Platform Specific Features: N/A
Signed-off-by: Dan Zhang <danzh@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9d8cb4b0c6892452741fc41e87d50934bf58acc3
update-envoy[bot]