Merge remote-tracking branch 'upstream/main' into update_overload_doc

Signed-off-by: Boteng Yao <boteng@google.com>
envoyproxy · Apr 29, 2024 · ebd4652 · ebd4652
2 parents 94215c1 + f9c1457
commit ebd4652
Show file tree

Hide file tree

Showing 72 changed files with 914 additions and 374 deletions.
diff --git a/api/envoy/extensions/filters/http/ext_proc/v3/ext_proc.proto b/api/envoy/extensions/filters/http/ext_proc/v3/ext_proc.proto
@@ -11,6 +11,7 @@ import "envoy/type/matcher/v3/string.proto";
 import "google/protobuf/duration.proto";
 import "google/protobuf/struct.proto";
 
+import "udpa/annotations/migrate.proto";
 import "udpa/annotations/status.proto";
 import "validate/validate.proto";
 
@@ -97,8 +98,27 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // <arch_overview_advanced_filter_state_sharing>` object in a namespace matching the filter
 // name.
 //
-// [#next-free-field: 18]
+// [#next-free-field: 19]
 message ExternalProcessor {
+  // Describes the route cache action to be taken when an external processor response
+  // is received in response to request headers.
+  enum RouteCacheAction {
+    // The default behavior is to clear the route cache only when the
+    // :ref:`clear_route_cache <envoy_v3_api_field_service.ext_proc.v3.CommonResponse.clear_route_cache>`
+    // field is set in an external processor response.
+    DEFAULT = 0;
+
+    // Always clear the route cache irrespective of the clear_route_cache bit in
+    // the external processor response.
+    CLEAR = 1;
+
+    // Do not clear the route cache irrespective of the clear_route_cache bit in
+    // the external processor response. Setting to RETAIN is equivalent to set the
+    // :ref:`disable_clear_route_cache <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.disable_clear_route_cache>`
+    // to true.
+    RETAIN = 2;
+  }
+
   reserved 4;
 
   reserved "async_mode";
@@ -172,11 +192,6 @@ message ExternalProcessor {
     gte {}
   }];
 
-  // Prevents clearing the route-cache when the
-  // :ref:`clear_route_cache <envoy_v3_api_field_service.ext_proc.v3.CommonResponse.clear_route_cache>`
-  // field is set in an external processor response.
-  bool disable_clear_route_cache = 11;
-
   // Allow headers matching the ``forward_rules`` to be forwarded to the external processing server.
   // If not set, all headers are forwarded to the external processing server.
   HeaderForwardingRules forward_rules = 12;
@@ -226,6 +241,22 @@ message ExternalProcessor {
   //    This work is currently tracked under https://github.com/envoyproxy/envoy/issues/33319.
   //
   bool observability_mode = 17;
+
+  // Prevents clearing the route-cache when the
+  // :ref:`clear_route_cache <envoy_v3_api_field_service.ext_proc.v3.CommonResponse.clear_route_cache>`
+  // field is set in an external processor response.
+  // Only one of ``disable_clear_route_cache`` or ``route_cache_action`` can be set.
+  // It is recommended to set ``route_cache_action`` which supersedes ``disable_clear_route_cache``.
+  bool disable_clear_route_cache = 11
+      [(udpa.annotations.field_migrate).oneof_promotion = "clear_route_cache_type"];
+
+  // [#not-implemented-hide:]
+  // Specifies the action to be taken when an external processor response is
+  // received in response to request headers. It is recommended to set this field than set
+  // :ref:`disable_clear_route_cache <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.disable_clear_route_cache>`.
+  // Only one of ``disable_clear_route_cache`` or ``route_cache_action`` can be set.
+  RouteCacheAction route_cache_action = 18
+      [(udpa.annotations.field_migrate).oneof_promotion = "clear_route_cache_type"];
 }
 
 // The MetadataOptions structure defines options for the sending and receiving of

diff --git a/bazel/external/quiche.BUILD b/bazel/external/quiche.BUILD
@@ -44,7 +44,6 @@ src_files = glob([
 test_suite(
     name = "ci_tests",
     tests = [
-        "http2_adapter_callback_visitor_test",
         "http2_adapter_event_forwarder_test",
         "http2_adapter_header_validator_test",
         "http2_adapter_impl_comparison_test",
@@ -77,35 +76,25 @@ envoy_cc_test_library(
 )
 
 envoy_cc_library(
-    name = "http2_adapter_callback_visitor",
-    srcs = ["quiche/http2/adapter/callback_visitor.cc"],
-    hdrs = ["quiche/http2/adapter/callback_visitor.h"],
+    name = "http2_adapter_chunked_buffer",
+    srcs = ["quiche/http2/adapter/chunked_buffer.cc"],
+    hdrs = ["quiche/http2/adapter/chunked_buffer.h"],
     copts = quiche_copts,
-    local_defines = ["NGHTTP2_16"],
     repository = "@envoy",
     deps = [
-        ":http2_adapter_http2_util",
-        ":http2_adapter_http2_visitor_interface",
-        ":http2_adapter_nghttp2_include",
-        ":http2_adapter_nghttp2_util",
-        ":quiche_common_callbacks",
+        ":quiche_common_circular_deque_lib",
         ":quiche_common_platform_export",
     ],
 )
 
 envoy_cc_test(
-    name = "http2_adapter_callback_visitor_test",
-    srcs = ["quiche/http2/adapter/callback_visitor_test.cc"],
+    name = "http2_adapter_chunked_buffer_test",
+    srcs = ["quiche/http2/adapter/chunked_buffer_test.cc"],
     copts = quiche_copts,
     repository = "@envoy",
     deps = [
-        ":http2_adapter_callback_visitor",
-        ":http2_adapter_mock_nghttp2_callbacks",
-        ":http2_adapter_nghttp2_adapter",
-        ":http2_adapter_nghttp2_test_utils",
-        ":http2_adapter_test_frame_sequence",
-        ":http2_adapter_test_utils",
         ":quiche_common_platform_test",
+        "@com_google_absl//absl/strings",
     ],
 )
 
@@ -285,7 +274,6 @@ envoy_cc_library(
     copts = quiche_copts,
     repository = "@envoy",
     deps = [
-        ":http2_adapter_callback_visitor",
         ":http2_adapter_data_source",
         ":http2_adapter_http2_protocol",
         ":http2_adapter_http2_util",
@@ -450,7 +438,7 @@ envoy_cc_library(
     ],
     repository = "@envoy",
     deps = [
-        ":http2_adapter_callback_visitor",
+        ":http2_adapter_chunked_buffer",
         ":http2_adapter_data_source",
         ":http2_adapter_event_forwarder",
         ":http2_adapter_header_validator",
@@ -2023,6 +2011,31 @@ envoy_quic_cc_library(
     deps = [":quic_platform_export"],
 )
 
+envoy_quic_cc_library(
+    name = "quic_core_blocked_writer_list_lib",
+    srcs = ["quiche/quic/core/quic_blocked_writer_list.cc"],
+    hdrs = ["quiche/quic/core/quic_blocked_writer_list.h"],
+    deps = [
+        ":quic_core_blocked_writer_interface_lib",
+        ":quic_platform_base",
+        ":quic_platform_bug_tracker",
+        ":quiche_common_lib",
+    ],
+)
+
+envoy_cc_test(
+    name = "quic_core_blocked_writer_list_test",
+    srcs = ["quiche/quic/core/quic_blocked_writer_list_test.cc"],
+    copts = quiche_copts,
+    repository = "@envoy",
+    tags = ["nofips"],
+    deps = [
+        ":quic_core_blocked_writer_interface_lib",
+        ":quic_core_blocked_writer_list_lib",
+        ":quic_platform_test",
+    ],
+)
+
 envoy_quic_cc_library(
     name = "quic_core_arena_scoped_ptr_lib",
     hdrs = ["quiche/quic/core/quic_arena_scoped_ptr.h"],
@@ -3904,6 +3917,7 @@ envoy_quic_cc_library(
         ":quic_core_alarm_factory_lib",
         ":quic_core_alarm_lib",
         ":quic_core_blocked_writer_interface_lib",
+        ":quic_core_blocked_writer_list_lib",
         ":quic_core_connection_id_generator_interface_lib",
         ":quic_core_connection_lib",
         ":quic_core_crypto_crypto_handshake_lib",

diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl
@@ -218,12 +218,12 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_name = "c-ares",
         project_desc = "C library for asynchronous DNS requests",
         project_url = "https://c-ares.haxx.se/",
-        version = "1.19.1",
-        sha256 = "321700399b72ed0e037d0074c629e7741f6b2ec2dda92956abe3e9671d3e268e",
+        version = "1.20.1",
+        sha256 = "de24a314844cb157909730828560628704f4f896d167dd7da0fa2fb93ea18b10",
         strip_prefix = "c-ares-{version}",
         urls = ["https://github.com/c-ares/c-ares/releases/download/cares-{underscore_version}/c-ares-{version}.tar.gz"],
         use_category = ["dataplane_core", "controlplane"],
-        release_date = "2023-05-22",
+        release_date = "2023-10-08",
         cpe = "cpe:2.3:a:c-ares_project:c-ares:*",
         license = "c-ares",
         license_url = "https://github.com/c-ares/c-ares/blob/cares-{underscore_version}/LICENSE.md",
@@ -1192,12 +1192,12 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_name = "QUICHE",
         project_desc = "QUICHE (QUIC, HTTP/2, Etc) is Google‘s implementation of QUIC and related protocols",
         project_url = "https://github.com/google/quiche",
-        version = "62f5f6c9caabe019240b2a4377090bb657012c3f",
-        sha256 = "d4d976917b173167a8d600b87f01a4b9c169d15b92625894bfce2802362c76ad",
+        version = "e08f8dde2d09ad28f0c3458be3703cb1c8a9c9fb",
+        sha256 = "749752c27151ba9dfef1676866178131bc6abb4ff9a8360e12789732ab738544",
         urls = ["https://github.com/google/quiche/archive/{version}.tar.gz"],
         strip_prefix = "quiche-{version}",
         use_category = ["controlplane", "dataplane_core"],
-        release_date = "2024-04-19",
+        release_date = "2024-04-24",
         cpe = "N/A",
         license = "BSD-3-Clause",
         license_url = "https://github.com/google/quiche/blob/{version}/LICENSE",

diff --git a/changelogs/current.yaml b/changelogs/current.yaml
@@ -13,6 +13,11 @@ minor_behavior_changes:
 - area: tracers
   change: |
     Set status code for OpenTelemetry tracers (previously unset).
+- area: udp
+  change: |
+    Change GRO read buffer to 64kB to avoid MSG_TRUNC. And change the way to limit the number of packets processed per event
+    loop to work with GRO. This behavior can be reverted by setting runtime guard
+    ``envoy.reloadable_features.udp_socket_apply_aggregated_read_limit`` to false.
 
 bug_fixes:
 # *Changes expected to improve the state of the world and are unlikely to have negative effects*
@@ -25,7 +30,14 @@ bug_fixes:
   change: |
     Fix a RELEASE_ASSERT when using :ref:`auto_sni <envoy_v3_api_field_config.core.v3.UpstreamHttpProtocolOptions.auto_sni>`
     if the downstream request ``:authority`` was longer than 255 characters.
-
+- area: http
+  change: |
+    Fix a crash when reloading the HTTP Connection Manager via ECDS.
+- area: cares
+  change: |
+    Upgraded c-ares library to 1.20.1 and added fix to c-ares DNS implementation to additionally check for ``ARES_EREFUSED``,
+    ``ARES_ESERVFAIL``and ``ARES_ENOTIMP`` status. Without this fix, ``DestroyChannelOnRefused`` and
+    ``CustomResolverValidAfterChannelDestruction`` unit test will break.
 
 removed_config_or_runtime:
 # *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`
@@ -41,6 +53,9 @@ removed_config_or_runtime:
 - area: http
   change: |
     Removed ``envoy.reloadable_features.lowercase_scheme`` runtime flag and lagacy code paths.
+- area: router
+  change: |
+    Removed ``envoy.reloadable_features.copy_response_code_to_downstream_stream_info`` runtime flag and legacy code paths.
 
 new_features:
 - area: matching

diff --git a/contrib/dlb/source/BUILD b/contrib/dlb/source/BUILD
@@ -15,6 +15,7 @@ envoy_contrib_package()
 
 make(
     name = "dlb",
+    env = {"DLB_DISABLE_DOMAIN_SERVER": "TRUE"},
     includes = [],
     lib_source = "@intel_dlb//:libdlb",
     out_static_libs = ["libdlb.a"],

diff --git a/docs/root/configuration/observability/access_log/usage.rst b/docs/root/configuration/observability/access_log/usage.rst
@@ -498,7 +498,7 @@ The following command operators are supported:
 
 %RESPONSE_FLAGS% / %RESPONSE_FLAGS_LONG%
   Additional details about the response or connection, if any. For TCP connections, the response codes mentioned in
-  the descriptions do not apply. %RESPONSE_FLAGS% will outout a short string. %RESPONSE_FLAGS% will outout a Pascal case string.
+  the descriptions do not apply. %RESPONSE_FLAGS% will output a short string. %RESPONSE_FLAGS_LONG% will output a Pascal case string.
   Possible values are:
 
 HTTP and TCP

diff --git a/envoy/config/config_provider_manager.h b/envoy/config/config_provider_manager.h
@@ -4,6 +4,7 @@
 
 #include "envoy/config/config_provider.h"
 #include "envoy/server/filter_config.h"
+#include "envoy/singleton/instance.h"
 
 #include "source/common/protobuf/protobuf.h"
 
@@ -23,7 +24,7 @@ namespace Config {
  * growth based on the size of the configuration set, regardless of the number of threads/objects
  * that must hold a reference/pointer to them.
  */
-class ConfigProviderManager {
+class ConfigProviderManager : public Singleton::Instance {
 public:
   class OptionalArg {
   public:

diff --git a/envoy/router/BUILD b/envoy/router/BUILD
@@ -32,6 +32,7 @@ envoy_cc_library(
     hdrs = ["route_config_provider_manager.h"],
     deps = [
         ":rds_interface",
+        "//envoy/config:config_provider_manager_interface",
         "//envoy/event:dispatcher_interface",
         "//envoy/json:json_object_interface",
         "//envoy/local_info:local_info_interface",

diff --git a/envoy/router/route_config_provider_manager.h b/envoy/router/route_config_provider_manager.h
@@ -3,7 +3,9 @@
 #include <memory>
 #include <string>
 
+#include "envoy/config/config_provider_manager.h"
 #include "envoy/config/route/v3/route.pb.h"
+#include "envoy/config/typed_config.h"
 #include "envoy/event/dispatcher.h"
 #include "envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.pb.h"
 #include "envoy/json/json_object.h"
@@ -59,5 +61,30 @@ class RouteConfigProviderManager {
 using RouteConfigProviderManagerPtr = std::unique_ptr<RouteConfigProviderManager>;
 using RouteConfigProviderManagerSharedPtr = std::shared_ptr<RouteConfigProviderManager>;
 
+// This factory exists to avoid direct-linking the SRDS libraries into Envoy so
+// they can be compiled or substituted out.
+class SrdsFactory : public Envoy::Config::UntypedFactory {
+public:
+  // UntypedFactory
+  virtual std::string category() const override { return "envoy.srds_factory"; }
+  virtual std::unique_ptr<Envoy::Config::ConfigProviderManager>
+  createScopedRoutesConfigProviderManager(
+      Server::Configuration::ServerFactoryContext& factory_context,
+      Router::RouteConfigProviderManager& route_config_provider_manager) PURE;
+  // If enabled in the HttpConnectionManager config, returns a ConfigProvider for scoped routing
+  // configuration.
+  virtual Envoy::Config::ConfigProviderPtr createConfigProvider(
+      const envoy::extensions::filters::network::http_connection_manager::v3::HttpConnectionManager&
+          config,
+      Server::Configuration::ServerFactoryContext& factory_context, const std::string& stat_prefix,
+      Envoy::Config::ConfigProviderManager& scoped_routes_config_provider_manager) PURE;
+
+  // If enabled in the HttpConnectionManager config, returns a ConfigProvider for scoped routing
+  // configuration.
+  virtual ScopeKeyBuilderPtr createScopeKeyBuilder(
+      const envoy::extensions::filters::network::http_connection_manager::v3::HttpConnectionManager&
+          config) PURE;
+};
+
 } // namespace Router
 } // namespace Envoy
diff --git a/examples/ext_authz/Dockerfile-opa b/examples/ext_authz/Dockerfile-opa
@@ -1 +1 @@
-FROM openpolicyagent/opa:0.63.0-istio@sha256:b2b0cd720c91c0cffe15d05c900aebe5fc103e04b6a6cc24bd34e6bdad413306
+FROM openpolicyagent/opa:0.64.1-istio@sha256:a4ac508c1b9a60636c940226632c012319efa293c47cca9e4834e1af1c0a8736
diff --git a/examples/local_ratelimit/Dockerfile-nginx b/examples/local_ratelimit/Dockerfile-nginx
@@ -1 +1 @@
-FROM nginx@sha256:f1f025c6b59fd95ea9423beb3b2a068f0e806a590250c88db74fdc3085252450
+FROM nginx@sha256:ed6d2c43c8fbcd3eaa44c9dab6d94cb346234476230dc1681227aa72d07181ee
diff --git a/examples/redis/Dockerfile-redis b/examples/redis/Dockerfile-redis
@@ -1 +1 @@
-FROM redis@sha256:fa6cafb17588a96358de724c629a1a4ad0e34c7e7362e11c0515c86696940c07
+FROM redis@sha256:f14f42fc7e824b93c0e2fe3cdf42f68197ee0311c3d2e0235be37480b2e208e6
diff --git a/examples/shared/postgres/Dockerfile b/examples/shared/postgres/Dockerfile
@@ -1,3 +1,3 @@
-FROM postgres:latest@sha256:c3ae2edaab802159e3c3528c51002441ed2e0ddc7ac58f66628f74eca2869535
+FROM postgres:latest@sha256:4aea012537edfad80f98d870a36e6b90b4c09b27be7f4b4759d72db863baeebb
 COPY docker-healthcheck.sh /usr/local/bin/
 HEALTHCHECK CMD ["docker-healthcheck.sh"]
diff --git a/examples/single-page-app/ui/package.json b/examples/single-page-app/ui/package.json
@@ -16,12 +16,12 @@
     "@emotion/styled": "^11.11.5",
     "framer-motion": "^11.1.7",
     "mdi-react": "^9.3.0",
-    "react": "^18.2.0",
+    "react": "^18.3.1",
     "react-dom": "^18.2.0",
     "react-router-dom": "^6.23.0"
   },
   "devDependencies": {
-    "@types/react": "^18.2.79",
+    "@types/react": "^18.3.1",
     "@types/react-dom": "^18.2.25",
     "@typescript-eslint/eslint-plugin": "^6.21.0",
     "@typescript-eslint/parser": "^6.21.0",
@@ -32,7 +32,7 @@
     "eslint-plugin-n": "^15.0.0 || ^16.0.0 ",
     "eslint-plugin-promise": "^6.0.0",
     "eslint-plugin-react": "^7.34.1",
-    "eslint-plugin-react-hooks": "^4.6.0",
+    "eslint-plugin-react-hooks": "^4.6.2",
     "eslint-plugin-react-refresh": "^0.4.6",
     "typescript": "*",
     "vite": "^5.2.10"