* tap/fuzz: transport socket extension for traffic capture.
This PR introduces a transport socket extension that wraps a given transport socket, interposes on its
plain text traffic and records it into a proto trace file on the filesystem. This can be used for a
number of purposes:
1. As a corpus for fuzzing the data plane.
2. Converted to PCAP using a soon-to-be-written utility, allowing existing tools such as Wireshark
to be used to decode L4/L7 protocol history in the trace. Essentially this lets us take advantage
of the PCAP ecosystem.
Relates to #1413 and #508.
Risk Level: Low (opt-in).
Testing: New SSL integration tests, demonstrating plain text intercept.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6c7a91733469f76381487f9ca78bdece6825c8c9
envoyproxy/envoy#2971 adds warning-checks that mutations should be POSTed. This documents that status. In a future PR, mutations will fail if they are not POSTs.
See envoyproxy/envoy#2763 for more detail.
Signed-off-by: Joshua Marantz <jmarantz@google.com>
This unhides request headers to add field for HTTP health check and put a
release note line in the version history.
Signed-off-by: Dhi Aurrahman <dio@rockybars.com>
This PR includes the necessary modifications in support of envoyproxy/envoy#2828.
Added additional configuration to ext_authz.proto so that the filter is able to call an HTTP/1.1 authorization service.
In external_auth.proto, added a nested message to CheckResponse that allows the authorization service to pass additional HTTP response attributes back to the authz filter.
Signed-off-by: Gabriel <gsagula@gmail.com>
The current build.sh file will attempt to use the default python version (in my case 3.6) instead of python2.7 which seems to be the required version due to the standard library having removed StringIO from python3.
Signed-off-by: Nicholas Johns <nicholas.a.johns5@gmail.com>
This patch adds info of /stats/prometheus as an alternative endpoint to
get server stats in prometheus format.
Signed-off-by: Dhi Aurrahman <dio@rockybars.com>
Introduce the concept of locality weighted LB (as distinct from zone
aware LB) in the docs and a new field in Cluster, locality_weighted_lb,
for configuring this behavior.
Signed-off-by: Harvey Tuch <htuch@google.com>
Document the behavior when each option is set to true, set to false,
or unset.
Document that the transparent option should be used in conjunction
the original_dst_filter to restore the original destination address.
Signed-off-by: Romain Lenglet <romain@covalent.io>
Due to there's actually no `HTTP/1.1` with gRPC format link. To avoid misunderstanding, I've adjusted the sequence and placed the **similar** wire format in gRPC over HTTP/2. The updated link is equivalent to wire format link in gRPC guide.
Signed-off-by: Tzu-Chiao Yeh <su3g4284zo6y7@gmail.com>
We are changing the procedure to require contributors to add
release notes directly to this repo as they do changes. It's
too much work for the releaser to transfer them over. I'm
going to do this for 1.6.0 but I'm putting this stub in here
so that any ungoing changes that are going to sneak into 1.6.0
can get added directly.
Signed-off-by: Matt Klein <mklein@lyft.com>
Unhide the request_headers_to_add, response_headers_to_add, and response_headers_to_remove fields in ClusterWeight. Update HTTP conn manager docs related to same.
Doc update for envoyproxy/envoy#2765.
Signed-off-by: Stephan Zuercher stephan@turbinelabs.io