Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

udp: properly handle truncated/dropped datagrams #14122

Merged
merged 13 commits into from Nov 20, 2020

Conversation

cpakulski
Copy link
Contributor

Commit Message:
properly handle truncated/dropped datagrams

Additional Description:
Risk Level: Med
Testing:Unit tests
Docs Changes: No
Release Notes: Yes

Fixes #14113

Matt Klein and others added 11 commits October 16, 2020 18:01
Signed-off-by: Matt Klein <mklein@lyft.com>
Signed-off-by: Matt Klein <mklein@lyft.com>
fix
Signed-off-by: Matt Klein <mklein@lyft.com>
Signed-off-by: Matt Klein <mklein@lyft.com>
Signed-off-by: Matt Klein <mklein@lyft.com>
Signed-off-by: Matt Klein <mklein@lyft.com>
fix
Signed-off-by: Matt Klein <mklein@lyft.com>
Signed-off-by: Matt Klein <mklein@lyft.com>
Signed-off-by: Matt Klein <mklein@lyft.com>
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
mattklein123
mattklein123 previously approved these changes Nov 20, 2020
mattklein123
mattklein123 previously approved these changes Nov 20, 2020
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
@mattklein123 mattklein123 merged commit 1ed6ddf into envoyproxy:master Nov 20, 2020
cpakulski added a commit to cpakulski/envoy that referenced this pull request Nov 20, 2020
Signed-off-by: Matt Klein <mklein@lyft.com>
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Co-authored-by: Matt Klein <mklein@lyft.com>
Co-authored-by: Christoph Pakulski <christoph@tetrate.io>
cpakulski added a commit to cpakulski/envoy that referenced this pull request Nov 24, 2020
Signed-off-by: Matt Klein <mklein@lyft.com>
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Co-authored-by: Matt Klein <mklein@lyft.com>
Co-authored-by: Christoph Pakulski <christoph@tetrate.io>
andreyprezotto pushed a commit to andreyprezotto/envoy that referenced this pull request Nov 24, 2020
Signed-off-by: Matt Klein <mklein@lyft.com>
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Co-authored-by: Matt Klein <mklein@lyft.com>
Co-authored-by: Christoph Pakulski <christoph@tetrate.io>
qqustc pushed a commit to qqustc/envoy that referenced this pull request Nov 24, 2020
Signed-off-by: Matt Klein <mklein@lyft.com>
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Co-authored-by: Matt Klein <mklein@lyft.com>
Co-authored-by: Christoph Pakulski <christoph@tetrate.io>
Signed-off-by: Qin Qin <qqin@google.com>
cpakulski added a commit to cpakulski/envoy that referenced this pull request Nov 25, 2020
Signed-off-by: Matt Klein <mklein@lyft.com>
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Co-authored-by: Matt Klein <mklein@lyft.com>
Co-authored-by: Christoph Pakulski <christoph@tetrate.io>
cpakulski added a commit to cpakulski/envoy that referenced this pull request Nov 26, 2020
Signed-off-by: Matt Klein <mklein@lyft.com>
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Co-authored-by: Matt Klein <mklein@lyft.com>
Co-authored-by: Christoph Pakulski <christoph@tetrate.io>
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
antoniovicente pushed a commit that referenced this pull request Dec 1, 2020
…14122) (#14192)

* udp: properly handle truncated/dropped datagrams (#14122)

Signed-off-by: Matt Klein <mklein@lyft.com>
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Co-authored-by: Matt Klein <mklein@lyft.com>
Co-authored-by: Christoph Pakulski <christoph@tetrate.io>
antoniovicente pushed a commit that referenced this pull request Dec 1, 2020
…14122) (#14198)

Signed-off-by: Matt Klein <mklein@lyft.com>
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Co-authored-by: Matt Klein <mklein@lyft.com>
Co-authored-by: Christoph Pakulski <christoph@tetrate.io>
antoniovicente pushed a commit that referenced this pull request Dec 1, 2020
…14122) (#14166)

Signed-off-by: Matt Klein <mklein@lyft.com>
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Co-authored-by: Matt Klein <mklein@lyft.com>
Co-authored-by: Christoph Pakulski <christoph@tetrate.io>
itamarkam pushed a commit to itamarkam/envoy that referenced this pull request Dec 8, 2020
Signed-off-by: Matt Klein <mklein@lyft.com>
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Co-authored-by: Matt Klein <mklein@lyft.com>
Co-authored-by: Christoph Pakulski <christoph@tetrate.io>
itamarkam added a commit to itamarkam/envoy that referenced this pull request Dec 9, 2020
Signed-off-by: Itamar Kaminski <itamark@google.com>

Delete some leftovers

Signed-off-by: Itamar Kaminski <itamark@google.com>

Delete some leftovers

Signed-off-by: Itamar Kaminski <itamark@google.com>

clang-format

Signed-off-by: Itamar Kaminski <itamark@google.com>

Revert "clang-format"

This reverts commit 4576bc86fdb8baa2f161bde2dbdd7871169f725f.

Signed-off-by: Itamar Kaminski <itamark@google.com>

Fix error message formatting test

docs: remove spurious comment marker (#13848)

Signed-off-by: Snow Pettersen <snowp@lyft.com>

[fuzz] Added Round Robin load balancer fuzz test (#13722)

* Added Round Robin load balancer fuzz test

Signed-off-by: Zach <zasweq@google.com>

[fuzz] Added status frame support to h2 fuzz test (#13807)

* Added status frame support to h2 fuzz test

Signed-off-by: Zach <zasweq@google.com>

Fix divide-by-zero in GradientController (#13823)

Fixes https://oss-fuzz.com/testcase-detail/6268043707285504

Signed-off-by: Joseph Griego <jjgriego@google.com>

docs: cluster configuration updated directly on Envoy container's filesystem (#13854)

Signed-off-by: Andrea Di Lisio <andrea.dilisio91@gmail.com>

tls: allow 4096-bit RSA keys in FIPS mode. (#13851)

4096-bit keys are allowed per latest Implementation Guide:
https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/fips140-2/fips1402ig.pdf

Based on a similar change in BoringSSL:
https://boringssl.googlesource.com/boringssl/+/80e3f957e46bf2af828d67065bc19d9471f368fd

Signed-off-by: Piotr Sikora <piotrsikora@google.com>

tls: Remove tls slot callback replacement-value (#13849)

Commit Message: Removes the return-value semantics for runOnAllThreads callbacks; now the function type has void return, so we can remove the ASSERTs and simplify the code.

Also changes a few more instances of SlotPtr to TypedSlot. Still about 30 remain.

Moves Slot::runOnAllThreads to the protected section to prevent new dynamically uses from emerging.
Additional Description:
Risk Level: low
Testing: //test/...
Docs Changes: n/a
Release Notes: n/a

Signed-off-by: Joshua Marantz <jmarantz@google.com>

build: exclude wee8/out from inputs (#13866)

If you build without sandboxing for performance, the output files from
this custom build genrule contained timestamps which caused it to
rebuild every single build.

Signed-off-by: Keith Smiley <keithbsmiley@gmail.com>

add OAuth documentation and fix filter inconsistencies (#13750)

Signed-off-by: William Fu <wfu@pinterest.com>

docs/examples: Update dynamic fs sandbox (#13861)

Signed-off-by: Ryan Northey <ryan@synca.io>

tls: remove deprecated cipher suites from client defaults. (#13850)

Signed-off-by: Piotr Sikora <piotrsikora@google.com>

jwt_authn: Support per-route config (#13773)

Adding support on per-route config with following goal:  not to do RouteMatch twice.   Currently the filter is using RouteMatch to match a request with a specific Jwt requirement.   But RouteMatch is also performed at routing, so the RouteMatch is done twice.

If a Jwt requirement can be specified at the per-route config,  one of RouteMatch can be eliminated.

1) Add a `requirement_map`  to associate a requirement_name with a JwtRequirement in the filter config `JwtAuthentication`.
2) Add per-route-config as followings:
*  a requirement_name to specify a JwtRequirement. or
*  `disabled` flag to bypass Jwt verification if it is true.

Risk Level:  None.  Added a new feature, old features are not impacted.
Testing:  Added unit-tests and integration tests.
Docs Changes: Yes
Release Notes: Added
Platform Specific Features: None

Signed-off-by: Wayne Zhang <qiwzhang@google.com>

Add Connection_Termination_Details as a CEL property (#13821)

Commit Message: Add Connection_Termination_Details as a CEL property
Additional Description:
Risk Level: low
Testing: unit tests
Docs Changes: yes
Release Notes: yes

Signed-off-by: gargnupur <gargnupur@google.com>

tap: warn when using admin tap and admin is listening on a pipe (#13838)

Docs were done in a previous PR.

Fixes #6387

Risk Level: Low
Testing: New UT
Docs Changes: Already done
Release Notes: N/A
Platform Specific Features: N/A
Signed-off-by: Matt Klein <mklein@lyft.com>

examples: Fix verify.sh sed commands for mac compatibility (#13876)

Signed-off-by: Ryan Northey <ryan@synca.io>

[Windows] Address status/fix various flaky_on_windows tests (#13837)

These fixes reflect that the timing on windows is often less
synchronous than linux observations, due to the design of the
underlying socket stack.

- Correct listener_impl_test, fixes
    TcpListenerImplTest.SetListenerRejectFractionIntermediate

- In QuicHttpIntegrationTest, the MultipleQuicConnectionsWithBPF is renamed to
    capture the intent of the test.

- Enable no-longer-failing tests (no failure observed in RBE or locally)
    //test/extensions/grpc_credentials/file_based_metadata:integration_test
    //test/extensions/transport_sockets/alts:tsi_handshaker_test
    //test/integration:http2_flood_integration_test
    //test/integration:http2_upstream_integration_test
    //test/integration:overload_integration_test
    //test/server:guarddog_impl_test

Co-authored-by: Sunjay Bhatia <sunjayb@vmware.com>
Co-authored-by: William A Rowe Jr <wrowe@vmware.com>
Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>
Signed-off-by: William A Rowe Jr <wrowe@vmware.com>

[ci] limit number of codeql targets conservatively to 3 (#13881)

Signed-off-by: Asra Ali <asraa@google.com>

http2: moving functionality from http2 pool to client (#13869)

As part of #3431 we need to move the logic from HTTP/1 and HTTP/2 connection pools to the active client, so the new mixed connection pool can just create an active client of the right type and have all the logic in the client, not split between the client and the pool.

This removes functions for the HTTP/2 pool not moved in #13867

Risk Level: Medium (data plane refactor)
Testing: existing tests pass
Docs Changes: n/a
Release Notes: n/a
Part of #3431

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

Revert "sds: keep warming when dynamic inserted cluster can't be extracted secret entity (#13344)" (#13886)

This reverts commit e5a8c21b53eab49770c7ab94c1dd357d4191d413.

Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>

codeowners: adding ggreenway to some extensions (#13888)

Signed-off-by: Greg Greenway <ggreenway@apple.com>

tracer: Add SkyWalking tracer (#13060)

This patch adds a new tracer to support the SkyWalking tracing mechanism and format.

Risk Level: Low, a new extension.
Testing: Unit
Docs Changes: Added
Release Notes: Added

Signed-off-by: wbpcode <comems@msn.com>

proxy_proto: fixing hashing bug (#13768)

Fix a bug where the transport socket options for the first downstream got reused for subsequent upstream connections.

Risk Level: low
Testing: new integration test
Docs Changes: n/a
Release Notes:
Platform Specific Features:
Fixes #13659

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

ci: Update build hashes (#13895)

Signed-off-by: Ryan Northey <ryan@synca.io>

metrics service: use snapshot time for all metrics flushed (#13825)

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

tls: allow nullptr as slot value (#13883)

Commit Message: add support for null data to tls slot typed API, using optional references. To make these less cumbersome at call-sites, add a struct OptRef wrapper for absl::optional<std::reference_wrapper> that allows directly accessing via -> syntax if the caller can guarantee the optional reference is populated.
Additional Description:
Risk Level: low
Testing: //test/...
Docs Changes: n/a
Release Notes: n/a

Signed-off-by: Joshua Marantz <jmarantz@google.com>

http: moving functions and member variables out of http1 pool (#13867)

As part of #3431 we need to move the logic from HTTP/1 and HTTP/2 connection pools to the active client,
so the new mixed connection pool can just create an active client of the right type.

This removes member variables from the HTTP/1.1 connection pool in preparation for that move.
a follow-up PR will do the same for HTTP/2, then the two classes will be removed in favor of the base http connection
pool being created with an instantiate_active_client_ closure which creates the right type of clients.

The alpn pool will eventually create an active client of the right type based on initial ALPN.

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

tcp: make it possible for TCP connections to be creatd by non-TCP pool) (#13889)

As part of #3431 making sure the ALPN pool can create raw TCP active clients by allowing them to be created by a generic connection pool.

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

watchdog: Touch Watchdog before executing most event loop callbacks to avoid spurious misses when there are many queued callbacks. (#13104)

This change assumes that the primary purposes of the watchdog is to terminate the proxy if worker threads are deadlocked, and aid in the debugging of long-running operations that end up scheduled in worker threads through monitoring for miss/megamiss events and auxiliary watchdog actions like the recently added watchdog profile action.

Signed-off-by: Antonio Vicente <avd@google.com>

docs/ci: Update docs artifact publishing in CI (#13826)

Signed-off-by: Ryan Northey <ryan@synca.io>

[fuzz] Added coverage for onGoAway in gRPC Health Checking (#13822)

* Added coverage for onGoAway in gRPC Health Checking

Signed-off-by: Zach <zasweq@google.com>

tls: fix detection of the upstream connection close event. (#13858)

Fixes #13856.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>

[fuzz] Fixed load balancer fuzz test bug (#13887)

* Fixed load balancer fuzz test bug

Signed-off-by: Zach <zasweq@google.com>

Remove spelling terms. (#13902)

Cleaning tools/spelling/spelling_dictionary.txt which are single-use keywords.
Includes a partial fix to #12807

Signed-off-by: Manish Kumar <manish.kumar1@india.nec.com>

ci: allow apt-get update failure in azure pipeline (#13908)

Signed-off-by: Yuchen Dai <silentdai@gmail.com>

[http] Handle faulty filters from removing required request headers (#13470)

Signed-off-by: Asra Ali <asraa@google.com>

[dnsfilter] Fix query ID mismatch in response generation (#13767)

Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>

conn_pool: allowing multiple protocols in ALPN (#13901)

Extending the TransportSocketOptions to allow for multiple fallback ALPN for the upcoming connection pool which supports
both HTTP/1 and HTTP/2

Risk Level: Low (data plane refactor, but a pretty minor one)
Testing: new unit tests
Docs Changes: n/a
Release Notes: n/a
Part of #3431

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

conn_pool: making TCP upstreams pluggable (#13548)

Risk Level: Medium (some refactory)
Testing: existing tests pass
Docs Changes: n/a
Release Notes: n/a
Fixes #13185

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

tls: make test more representative of the production code. (#13912)

Fixes test from #13858.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>

Fixed grpc health check bug (#13870)

* Fixed grpc health check bug caused by a faulty upstream response

Signed-off-by: Zach <zasweq@google.com>

lua: update config examples to use typed_pre_filter_config (#13909)

Signed-off-by: JaredTan95 <jian.tan@daocloud.io>

[fuzz] Fixed fuzz bug in health check fuzzing (#13923)

* Fixed false positive fuzz bugs in health checking

Signed-off-by: Zach <zasweq@google.com>

[fuzz] Added Least request load balancer fuzz test (#13841)

* Added Least request load balancer fuzz test

Signed-off-by: Zach <zasweq@google.com>

cluster: unstuck cluster manager when update the initializing cluster (#13875)

Signed-off-by: Yuchen Dai <silentdai@gmail.com>

docs: Add page about securing envoy to quick-start (#13880)

Signed-off-by: Ryan Northey <ryan@synca.io>

http: add request header timer (#13341)

Add a new config field for an additional timeout that will cancel
streams that take too long to send headers, and implement it in the
HTTP Connection Manager.

Signed-off-by: Alex Konradi <akonradi@google.com>

ci/docs: Use commit sha for all pull request artifact uploads (#13917)

Follow up from #13826

Risk Level: Low
Testing:
Docs Changes:
Release Notes:

Signed-off-by: Ryan Northey <ryan@synca.io>

Adding AsyncClientSingleton to store all the cache and use GetState to initialize gRPC (#13842)

Signed-off-by: Fangpeng Liu <fpliu@google.com>

fix: Envoy not being started as PID 1 (#13946)

Previously, su-exec was starting Envoy as a child process of PID 1, instead of PID 1 directly. Signals like SIGTERM sent by the container runtime did not reach Envoy, therefore preventing it from shutting down gracefully. This commit ensures that Envoy always start as PID 1.

Risk Level: low
Testing: did not build an official Envoy image, but verified with a minimal Dockerfile on top of an Envoy image that the change works. docker exec <container> ps show that Envoy is PID 1 and docker stop <container> && docker logs <container> shows that Envoy does receive SIGTERMs from the container runtime.
Fixes #13944

Signed-off-by: Anatole Beuzon <anatole.beuzon@datadoghq.com>

repokitteh: Fix for welcome message (#13937)

Signed-off-by: Ryan Northey <ryan@synca.io>

docs: Add quick-start admin page (#13847)

Signed-off-by: Ryan Northey <ryan@synca.io>

grpc: upstream disconnect test (#13898)

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

fix dubbo proxy parse hessian2 missing some case in switch (#13924)

Signed-off-by: liushuai06 <liushuai06@baidu.com>

docs/ci: Publish master docs after docker (#13859)

Signed-off-by: Ryan Northey <ryan@synca.io>

Minor update of bazel doc (#13715)

Signed-off-by: Yitao Hu <harmonyharmo@users.noreply.github.com>

docs: Update quick-start (#13927)

Signed-off-by: Ryan Northey <ryan@synca.io>

examples: Add double proxy sandbox (#13748)

Signed-off-by: Ryan Northey <ryan@synca.io>

[fuzz] Got rid of all uninteresting call logs in health check fuzzing (#13891)

* Got rid of all uninteresting call logs in health check fuzzing

Signed-off-by: Zach <zasweq@google.com>

[fuzz] Increased fuzz coverage for health check fuzz (#13905)

* Increased fuzz coverage for health check fuzz

Signed-off-by: Zach <zasweq@google.com>

update grpc-httpjson-transcoding to a fix to support verb (#13957)

Signed-off-by: Wayne Zhang <qiwzhang@google.com>

config: requiring upgrade_type have letters (#13968)

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

apple dns: retry connection establishment (#13942)

Commit Message: apple dns - retry connection establishment
Risk Level: med
Testing: added new tests.

Signed-off-by: Jose Nino <jnino@lyft.com>

wasm: Force stop iteration after local response is sent (#13930)

Resolves https://github.com/envoyproxy/envoy/issues/13857

ref:
-https://github.com/proxy-wasm/proxy-wasm-rust-sdk/issues/44
-https://github.com/proxy-wasm/proxy-wasm-cpp-host/pull/88
-https://github.com/proxy-wasm/proxy-wasm-cpp-host/pull/93

Signed-off-by: mathetake <takeshi@tetrate.io>

examples: Add TLS sandbox (#13844)

Signed-off-by: Ryan Northey <ryan@synca.io>

event: reduce log level for min range timer complete message (#13970)

Signed-off-by: Louis Opter <louis@dropbox.com>

http: removing the http1 and http2 connection pools (#13967)

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

config: v2 fatal-by-default. (#13950)

This patch makes the v2 xDS API fatal-by-default. It's possible to still
use v2 by:
* Providing --bootstrap-version 2 on the CLI for v2 bootstrap files.
* Setting envoy.reloadable_features.enable_deprecated_v2_api in the
  runtime.

Many tests required fixups:
* Unit tests were either upgraded to v3 (where there was no significant
  reason to remain v2) or a test runtime was introduced permitting v2
  for deprecated feature tests.
* Integration tests were generally migrated to v3. This now means that
  our integration tests coverage focuses on v3 (it was previously
  focused on v2). We have some limited v2 coverage still provided by the
  v2 ads_integration_tests.

Risk level: High (this will break anyone who is still using v2 and has
  not enabled CLI or runtime override)
Testing: Various tests updated as described above. New unit test added
  for bootstrap to server_test and to ads_integration_test for dynamic
  rejection behavior.
Release Notes: Added.

Signed-off-by: Harvey Tuch <htuch@google.com>

bazelci: exclude wasm (#13974)

Signed-off-by: Lizan Zhou <lizan@tetrate.io>

api: add unified matching API (#13926)

* api: add unified matching API

Signed-off-by: Snow Pettersen <snowp@lyft.com>

examples: Add WebSocket sandbox (#13846)

Signed-off-by: Ryan Northey <ryan@synca.io>

api: mark matching API as WIP (#13990)

Signed-off-by: Snow Pettersen <snowp@lyft.com>

wasm: add wasmtime runtime (#13932)

Commit Message: wasm: Add Wasmtime as a new runtime
Additional Description: add a new wasm runtime named Wasmtime
Risk Level: low
Testing: run in `bazel.compile_time_options` build target as WAVM.
Docs Changes: Docs will be provided in subsequent PRs.
Release Notes: enable Wasmtime as a Wasm filter runtime optionally.
ref: https://github.com/proxy-wasm/proxy-wasm-cpp-host/pull/73

Signed-off-by: mathetake <takeshi@tetrate.io>
Co-authored-by: Piotr Sikora <piotrsikora@google.com>

configs: Separate and add stdout access logger to demo config in Docker container (#13935)

This will make it easier to document request access logging based on a demo config

Signed-off-by: Ryan Northey <ryan@synca.io>

deps: replace third party statusor with absl (#13988)

Signed-off-by: Kuat Yessenov <kuat@google.com>

router: call chargeStats() in recreateStream() when handling internal redirects (#13585)

Commit Message:
Call chargeStats when handling an internal redirect to correctly identify the requests as 3xx when logging stats. Without this change, internal redirects are classified as 0xx since the response code is never set on the underlying stream_info.

Additional Description:
The call to chargeStats() is generally made in encodeHeaders(), but that is skipped when handling internal redirects (the stream is recreated instead).

Risk Level: Low
Testing: Unit tests to confirm that most existing behavior is unchanged, and integration test to check that the stats are logged as expected.
Docs Changes: N/A
Release Notes: N/A

Signed-off-by: Elena Cokova <ecokova@google.com>

Added DurationTimeout as response flag for HCM. (#13671)

Commit Message: Added DurationTimeout as a response flag for HCM.
Additional Description: In #12495, "DurationTimeout" as a response flag produced at the TCP connection timeout. The timeout flag should have the same behavior for TCP and HTTP connection-level.
Risk Level:
Testing:
Docs Changes:
Release Notes:
Platform Specific Features:
Fixes #13142

Signed-off-by: Manish Kumar <manish.kumar1@india.nec.com>

server: split thread_local_object.h and overload_manager.h (#13999)

Move the interfaces declared in these files into separate files to allow the
Dispatcher to reference the ThreadLocalOverloadState without creating circular dependencies.

Signed-off-by: Alex Konradi <akonradi@google.com>

docs: Update quick-start logging info (#13993)

Signed-off-by: Ryan Northey <ryan@synca.io>

wasm: allow execution of multiple instances of the same plugin. (#13753)

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Co-authored-by: mathetake <takeshi@tetrate.io>

docs: Minor cleanup of config render (#14002)

Signed-off-by: Ryan Northey <ryan@synca.io>

build: Fix some unused variable warnings (#13987)

Signed-off-by: Taylor Barrella <tabarr@google.com>

log: Add "%_" to print message with escaped newlines (#13832)

This patch adds a new custom flag `%_` to the log pattern to print the
actual message to log, but with escaped newlines.

Signed-off-by: Dhi Aurrahman <dio@tetrate.io>

jwt_authn: change allow_missing implementation under RequiresAny (#13839)

Signed-off-by: Wayne Zhang <qiwzhang@google.com>

memory: enable tcmalloc for aarch64 (#13830)

Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@intel.com>

api: Add boolean do_not_cache field to Resource message. (#13969)

Signed-off-by: Mark D. Roth <roth@google.com>

deps: update cel-cpp (#13984)

Commit Message: Update cel-cpp. The protobuf fix for CEL will be released with 3.14, and cel-cpp will be updated then.
Additional Description:
Risk Level: low
Testing:
Docs Changes:
Release Notes:
Platform Specific Features:

Signed-off-by: Kuat Yessenov <kuat@google.com>

wasm: fix order of callbacks for paused requests. (#13840)

Fixes proxy-wasm/proxy-wasm-rust-sdk#43.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>

docs: fix udp proxy example yaml file (#14011)

Signed-off-by: fear <1@linux.com>

logging: Remove --log-format-prefix-with-location option (#14010)

Signed-off-by: Ruslan Nigmatullin <elessar@dropbox.com>

docs: document attributes for RBAC and Wasm (#13971)

Organize the list of attributes better.

Signed-off-by: Kuat Yessenov <kuat@google.com>

cluster manager: make add/update and initial host set update atomic (#13906)

Previously, we would do a separate TLS set to add/update the cluster,
and then another TLS operation to populate the initial host set. For
cluster updates for a server already in operation this can lead to a
gap of no hosts.

Signed-off-by: Matt Klein <mklein@lyft.com>

docs: Sandbox cleanups/updates (#13989)

Signed-off-by: Ryan Northey <ryan@synca.io>

sds: additional support for symlink-based key rotation. (#13721)

There are a few limitations in our existing support for symlink-based
key rotation:

We don't atomically resolve symlinks, so a single snapshot might have
inconsistent symlink resolutions for different watched files.
Watches are on parent directories, e.g. for /foo/bar/baz on /foo/bar,
which doesn't support common key rotation schemes were /foo/new/baz
is rotated via a mv -Tf /foo/new /foo/bar.
The solution is to provide a structured WatchedDirectory for Secrets to
opt into when monitoring DataSources. SDS will used WatchedDirectory
to setup the inotify watch instead of the DataSource path. On update, it will
read key/cert twice, verifying file content hash consistency.

Risk level: Low (opt-in feature)
Testing: Unit and integration tests added.

Fixes #13663
Fixes #10979
Fixes #13370

Signed-off-by: Harvey Tuch <htuch@google.com>

CDS: remove warming cluster if CDS response desired (#13997)

Signed-off-by: Yuchen Dai <silentdai@gmail.com>

docs: Bump sphinxext-rediraffe version (#13996)

Signed-off-by: Ryan Northey <ryan@synca.io>

wasm: fix CPE for Wasmtime. (#14024)

Signed-off-by: Piotr Sikora <piotrsikora@google.com>

log the internal error message from *SSL when the cert and private key doesn't match (#14023)

Fixes #14022

Signed-off-by: Dongfang Qu <qudongfang@gmail.com>

sds: improve watched directory documentation. (#14029)

Some followup docs tweaks to #13721.

Signed-off-by: Harvey Tuch <htuch@google.com>

quiche: update QUICHE tar (#13949)

Signed-off-by: Dan Zhang <danzh@google.com>

jwt_authn: update to jwt_verify_lib with 1 minute clock skew (#13872)

When verifying Jwt clock constraint,  it is recommend to use some clock skew.   grpc is using 1 minute clock [skew](https://github.com/grpc/grpc/blob/4645da201ae2c7d0b15fe56d86b41354fa4af0ca/src/core/lib/security/credentials/jwt/jwt_verifier.cc#L388-L389).

[jwt_verify_lib](https://github.com/google/jwt_verify_lib/pull/57) has been updated to add 1 minute clock skew.

In the old code,  time constraint verification is done in jwt_authn filter, and jwt_verify_lib::verifyJwt() is doing time constraint verification again.

Change  jwt_verify_lib to split the time constraint verification to Jwt class so it can be called separately. And call verify() without the time checking.

Risk Level: None
Testing:  unit-test is done in jwt_verify_lib repo
Docs Changes: None
Release Notes: Added

Signed-off-by: Wayne Zhang <qiwzhang@google.com>

[test host utils] use make_shared to avoid memory leaks (#14042)

Commit Message: Switch to using std::make_shared in host util test code. Clang tidy is unhappy about current state of code and has been complaining about potential memory leaks, sample log here: https://dev.azure.com/cncf/envoy/_build/results?buildId=57303&view=logs&jobId=b7634614-24f3-5416-e791-4f3affaaed6c&j=b7634614-24f3-5416-e791-4f3affaaed6c&t=21e6aa7d-f369-5abd-5e4e-e888cac18e9c. Issue discovered in this PR. We may need to create dedicated issue to fix problem globally.
Risk Level: Low
Testing: Covered by existing tests
Docs Changes: NA
Release Notes: NA

Signed-off-by: Kateryna Nezdolii <nezdolik@spotify.com>

Build: Propagate user-supplied tags to external headers library. (#14016)

This change applies user supplied tags to the _with_external_headers
cc_library created by envoy_cc_library.

This is useful for cases where builds are filtered or modified by tag
(e.g., tags = manual, no-remmote, etc).

Signed-off-by: Angus Davis <angus@secureclouddb.com>

config: fix crash when type URL doesn't match proto. (#14031)

Fixes #13681.

Risk level: Low
Testing: Unit and integration regression tests added.

Signed-off-by: Harvey Tuch <htuch@google.com>

ci: fix CodeQL-build by removing deprecated set-env command (#14046)

Signed-off-by: Taylor Barrella <tabarr@google.com>

grpc-json-transcoder: Add support for configuring unescaping behavior (#14009)

Functionality is implemented in grpc-ecosystem/grpc-httpjson-transcoding#45, add configuration options and wire them into filter.

The reasoning is provided in grpc-ecosystem/grpc-httpjson-transcoding#44.

Risk Level: Low
Testing: added unit test
Docs Changes: added proto docs
Release Notes: updated

Signed-off-by: Ruslan Nigmatullin <elessar@dropbox.com>

wasm: use static registration for runtimes (#14014)

Partially addresses #12574. Refactored test instantiate to removes many ifdefs.

Commit Message:
Additional Description:
Risk Level: Low
Testing: CI
Docs Changes:
Release Notes:
Platform Specific Features:

Signed-off-by: Lizan Zhou <lizan@tetrate.io>

stats: use RE2 and a better pattern to accelerate a single stats tag-extraction RE (#8831)

Description: Improves startup latency by 10% on 10k clusters, and I see no reason for that not to scale, or to be expandable to other regexes that we find to be heavy over time.

Risk Level: low
Testing: //test/...
Docs Changes: n/a
Release Notes: n/a

Signed-off-by: Joshua Marantz <jmarantz@google.com>

tidy: use last_github_commit script instead of target branch (#14052)

Signed-off-by: Lizan Zhou <lizan@tetrate.io>

quiche: fix stream trailer decoding issue (#13871)

Fix decoding trailer implementations in EnvoyQuicServer(Client)Stream for IETF quic. Previously assumption was IETF quic would always deliver trailers after finish delivering body, but it actually always deliver trailers before delivering body.

Fix missing stream reset callback when QuicStream::ResetStream() is called.

Risk Level: low
Testing: Added trailer integration test, and more stream unit tests

Part of #12930
Signed-off-by: Dan Zhang <danzh@google.com>

docs: updating 100-continue docs (#14040)

Risk Level: n/a (test, docs only)
Testing: new tests of 100-continue + logging
Docs Changes: docs of how 100-continue works with logging
Release Notes: n/a
Fixes #14008
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

wasm: make dependency clearer (#14062)

Partially addresses #12574, makes split the monolithic wasm_lib into multiple libraries. Clear up dependency metadata due to select.

Risk Level: Low
Testing: CI

Signed-off-by: Lizan Zhou <lizan@tetrate.io>

[http1] fix H/1 response pipelining (#13983)

* Fix HTTP/1 response pipelining. Extraneous data after a response complete when the connection is still open should not be processed.

Signed-off-by: Asra Ali <asraa@google.com>

vrp: allow supervisord to open its log file (#14066)

Change the default location of the log file and give supervisord
permissions to write to it.

Signed-off-by: Alex Konradi <akonradi@google.com>

Fix sandboxes doc (#14058)

Signed-off-by: 杨阳 10014842 <yangyang1@zte.com.cn>

comments: clarify comment for IoHandle::write (#13982)

Signed-off-by: Antonio Vicente <avd@google.com>

Added Fatal Action extension point. (#13676)

Signed-off-by: Kevin Baichoo <kbaichoo@google.com>

conn_pool: track streams across the pool (#13684)

Tracking active, pending, and available capacity for each thread local cluster, for eventual use in cluster-wide prefetch

Risk Level: low
Testing: new unit tests
Docs Changes: n/a
Release Notes: n/a

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

dispatcher: Remove obsolete runtime feature envoy.reloadable_features.activate_fds_next_event_loop (#14055)

Feature flag was introduced in PR #11750 on 2020-06-27. Would be good to obsolete in preparation to changes to activate/setEnable behavior which should make activate behavior more intuitive and simplify edge trigger emulation and userspace file event implementations.

Signed-off-by: Antonio Vicente <avd@google.com>

fix sds_dynamic_key_rotation_setup.sh running from other repos (#14086)

Signed-off-by: Lizan Zhou <lizan@tetrate.io>

matching: only provide string matcher in SinglePredicate (#14084)

Signed-off-by: Snow Pettersen <snowp@lyft.com>

doc fix (#14093)

Signed-off-by: Yuchen Dai <silentdai@gmail.com>

test: Adding zerolen headers upstream flood tests (#14035)

Signed-off-by: Adi Suissa-Peleg <adip@google.com>

listener: allow setting only a default filter chain (#14025)

Signed-off-by: Taylor Barrella <tabarr@google.com>

wasm: fix network leak (#13836)

Signed-off-by: Kuat Yessenov <kuat@google.com>

http2: fixing upstream sending metadata after ending the stream (#14061)

Signed-off-by: Adi Suissa-Peleg <adip@google.com>

test: improve docs and robustness of coverage script. (#14021)

I ended up burning several hours dealing with issues around this the
other day, I'm hoping others don't :)

Signed-off-by: Harvey Tuch <htuch@google.com>

tls: update BoringSSL to 1ce6682c (4280). (#14072)

Signed-off-by: Piotr Sikora <piotrsikora@google.com>

test: avoid use after free in oauth_integration_test (#14103)

The client request stream can be deleted under the call stack of Envoy::IntegrationCodecClient::startRequest if the proxy replies quickly enough. Attempts to send an end stream on that request result in use-after-free on the client stream in cases where the client processed the full reply inside startRequest.

Fixes #12960

Signed-off-by: Antonio Vicente <avd@google.com>

buffer: add a method for getting only the first slice (#14050)

Signed-off-by: Greg Greenway <ggreenway@apple.com>

[Level Events] manage level events registration mask (#13787)

Signed-off-by: Sotiris Nanopoulos <sonanopo@microsoft.com>

examples: Update SkyWalking version (#13938)

Signed-off-by: JaredTan95 <jian.tan@daocloud.io>

examples: add VRP runtime validation to verify_examples. (#14099)

This is a regression test to cover the issue underlying
https://github.com/envoyproxy/envoy/pull/14066.

Risk level: Low
Testing: Validating manually verify.sh passes, CI.

Signed-off-by: Harvey Tuch <htuch@google.com>

udp: properly handle truncated/dropped datagrams (#14122)

Signed-off-by: Matt Klein <mklein@lyft.com>
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Co-authored-by: Matt Klein <mklein@lyft.com>
Co-authored-by: Christoph Pakulski <christoph@tetrate.io>

mongo: swap cx destroy metrics (#13991)

Signed-off-by: Bill Chung <bill@mercari.com>

Windows CI: Upload test results to AZP (#14083)

- Requires removing --output_base flag to Bazel startup options
- The TEST_TMPDIR and BUILD_DIR bind mounts from the host are where
  Bazel will place build output etc.
- Allowing Bazel to place build and test output there will give the host
  access to the data to upload

Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>
Co-authored-by: William A Rowe Jr <wrowe@vmware.com>

proxy protocol: set downstreamRemoteAddress on StreamInfo (#14131)

This fixes a regression which resulted in the downstreamRemoteAddress
on the StreamInfo for a connection not having the address supplied by
the proxy protocol filter, but instead having the address of the
directly connected peer.

This issue does not affect HTTP filters.

Fixes #14087

Signed-off-by: Greg Greenway <ggreenway@apple.com>

lua: reset downstream_ssl_connection in StreamInfoWrapper when object is marked dead by Lua GC (#14092)

Fixes #14091

The problem and fix is similiar to #4312

Risk Level: Low
Testing: regression test, manual testing
Docs Changes: N/A
Release Notes: N/A

Signed-off-by: Marcin Falkowski <marcin.falkowski@allegro.pl>

fix default codec in integration tests (#14101)

Swapped test flag use in compile time options to refer to legacy codecs. By default, we use new codecs unless the flag is set FOR legacy.

Signed-off-by: Asra Ali <asraa@google.com>

Initial support for upstream HTTP/1.1 tunneling (#13293)

Commit Message:
Additional Description:
Risk Level: Low
Testing: unit test, integration, manual testing
Docs Changes: Added documentation on how to configure Envoy for tunneling TCP over HTTP/1
Release Notes: n/a (still hidden)
Part of #11308

Signed-off-by: Iacopo Rozzo <iacopo@kubermatic.com>

extension: add per host cluster upstream extension test (#13915)

Add extra test case to guard that cluster upstream extension support header rewrite.

Signed-off-by: Yuchen Dai <silentdai@gmail.com>

tracer: fix zipkin proto documentation (#14112)

Risk Level: Low
Testing: N/A

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

Update link of "life of a request" (#14097)

Updated link of "life of a request" in STYLE.md. Currently redirecting to 404.

Fixes #13397

Signed-off-by: Manish Kumar <manish.kumar1@india.nec.com>

perf: add annotations for non-concurrent cross-scoped duration measurements (#13960)

Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@intel.com>

overload: allow creation of custom scaled timers (#14077)

Add a method to the ThreadLocalOverloadState to support creating
arbitrary scaled timers. This can be used by extension filters to scale
their behavior in response to load without requiring a separate overload
action registration.

Filter factories can obtain a reference to the OverloadManager and use
that to pass references to the thread-local state into the constructed
filters, which can in turn be used to create scaled timers.

Signed-off-by: Alex Konradi <akonradi@google.com>

test: fix use-after-free in fake upstream (#14067)

Fix a test-only use-after-free that causes flakes of //test/integration:tcp_tunneling_integration_test.

Signed-off-by: Alex Konradi <akonradi@google.com>

coverage: reset expectations for source/common/event/... (#14140)

Signed-off-by: Joshua Marantz <jmarantz@google.com>

Use simulated time for Envoy server (#14144)

Use simulated time for the integration test to ensure that timers don't
time out due to the test running slow. This prevents test flakes, and
TSAN errors when running in that mode.

Signed-off-by: Alex Konradi <akonradi@google.com>

Only check sh format for repository files (#14146)

Right now, the shellcheck format checks all files under the directory,
which is unfriendly for a number of reasons (git worktrees, dev scripts,
autogenerated code). Instead of using find, use `git ls-files` to list
files which can then be filtered.

Signed-off-by: Alex Konradi <akonradi@google.com>

cleanup: Replace deprecated thread annotations macros (#14150)

Abseil thread annotation macros are now prefixed by `ABSL_`. There is no semantic change; this is just a rename.

Signed-off-by: Teju Nareddy <nareddyt@google.com>

utilities: Implemented an ostream that writes to a user provided buffer  (#13797)

Signed-off-by: Kevin Baichoo <kbaichoo@google.com>

test: reorder and remove conflicts in coverages file (#14159)

Commit Message: remove a conflict entry for source/common/event, and alphabetize generally so that conflicts are more likely to be avoided.
Risk Level: low
Testing: none -- just went straight to CI. 'coverage' test is the only one that matters.
Docs Changes: n/a
Release Notes: n/a
Platform Specific Features: n/a

Signed-off-by: Joshua Marantz <jmarantz@google.com>

[test] Add emptydata/continuation to upstream flood tests (#14100)

* add upstream flood tests to detect empty data and empty continuation frames

Signed-off-by: Asra Ali <asraa@google.com>

Revert "ext_auth: add option to measure timeout when check request is created. (#12778)" (#14152)

This reverts commit dfa85e8ed4457cab6fac012fab79ecd7823e3b2a.

Signed-off-by: Yuval Kohavi <yuval.kohavi@gmail.com>

ci: compile_time_options fixes (#14105)

- Always exercise the code path that using filter-example to test Envoy, to catch issues like #14086 in CI.
- Removed no longer existing legacy_codecs_in_integration_tests definition.

Signed-off-by: Lizan Zhou <lizan@tetrate.io>

xdstp: rename UDPA to xDS. (#14157)

As per the decision to move the cncf/udpa repository to cncf/xds branding.

Also updated cncf/udpa hash and updated identifier handling (moved from repeated to a flat string).

Risk level: Low (the only breaking API changes affect not-implemented-hide fields).
Testing: New unit tests for path components.

Signed-off-by: Harvey Tuch <htuch@google.com>

vrp: fix local build flow, add to examples CI validation. (#14164)

Changes to .dockerignore broke the flow described at
https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/google_vrp#rebuilding-the-docker-image.

This PR fixes and adds a CI verify-example test.

Risk level: Low
Testing: New verify-examples case.

Signed-off-by: Harvey Tuch <htuch@google.com>

http: fixing a protocol TODO (#14145)

Delaying protocol detection until after a protocol can definitely be established.
This means for fixed HTTP/1 HTTP/2 connection pools protocol won't be logged if the upstream connection times out.

Risk Level: Medium
Testing: existing tests verify protocol is still set
Docs Changes: n/a
Release Notes: inline

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

Fixed typo. (#14171)

Signed-off-by: Kevin Baichoo <kbaichoo@google.com>

[fuzz] add back fuzzing build macro to CLI (#14182)

Adds back FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION macro to CLI.

This is the actual fix for #10322, after nocopts was a dead end from RE2 issue google/re2#272.

Now when running real unit tests in fuzzing mode, we ignore the test result since we aren't testing for functionality. (config_impl_test doesn't need to succeed for route_fuzz_test to build).

Risk Level: Low
Testing: Testing fuzz mode fuzzers and regression style fuzzers locally

Signed-off-by: Asra Ali <asraa@google.com>

kafka: fix broker integration test (#14177)

Follow up to #13950

Commit Message: kafka: fix broker integration test
Additional Description: fixes manually executed kafka integration test; started to crash due to using now-fatal v2 config AFACT
Risk Level: Low
Testing: manual; bazel test //test/extensions/filters/network/kafka/broker/integration_test:kafka_broker_integration_test

Signed-off-by: Adam Kotwasinski <adam.kotwasinski@gmail.com>

Introduce creation_time field into host description (#13631)

Signed-off-by: Kateryna Nezdolii <nezdolik@spotify.com>

dependencies: automated OSSF Scorecard runs for Envoy deps. (#14191)

This script runs https://github.com/ossf/scorecard against the runtime Envoy deps. The criteria for
use_category and scorecard selection are described at
https://docs.google.com/document/d/1HbREo7pv7rgeIIjQn6mNpySzQE5rx2Yv9dXm5NqR2N8/edit#heading=h.xnpvc6pk0h0v.

Example output is at
https://docs.google.com/spreadsheets/d/1caO4qMmG8o5i2nGoEof1qMpD5_WicfiC5WcxA_5isTY/edit#gid=0.

The goal will be to evolve this script to help generate and validate metadata describing dependency
conformance.

Part of #10471.

Signed-off-by: Harvey Tuch <htuch@google.com>

deps: update Abseil library (#14041)

Risk Level: Low
Testing: run integration tests
Docs Changes: N/A
Release Notes: N/A
Platform Specific Features: N/A
Fixes #13973

Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@intel.com>

filter contract: clarification around local replies (#14193)

Follow-up to #13678.

Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>

Removed `--use-fake-symbol-table` option. (#14178)

Signed-off-by: Manish Kumar <manish.kumar1@india.nec.com>

doc: mention gperftools explicitly in PPROF.md (#14199)

Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@intel.com>

kafka: add missing unit tests (#14195)

Signed-off-by: Adam Kotwasinski <adam.kotwasinski@gmail.com>

[Windows] Fix thrift proxy tests (#13220)

Signed-off-by: Sotiris Nanopoulos <sonanopo@microsoft.com>

server: Return nullopt when process_context is nullptr (#14181)

The InstanceImpl::processContext() function returns a ProcessContextOptRef
a.k.a. absl::optional<std::reference_wrapper<ProcessContext>>.  When
InstanceImpl::process_context_ is nullptr, the returned value an
absl::optional with a value of std::reference_wrapper<>(nullptr),
better known as an illegal reference to nullptr.  While everything is
fine in the InstanceImpl, anyone who tries to use the returned
reference will be greeted with a crash.

This commit follows the lead of the initializer of InstanceImpl::api_
and returns absl::nullopt when InstanceImpl::process_context_ is
nullptr.

Risk: Low
Testing: bazel test //test/server:server_test
Documentation: N/A
Release Notes: N/A

Signed-off-by: Justin Mazzola Paluska <justinmp@google.com>

[grpc] validate grpc config for illegal characters (#14129)

Signed-off-by: Asra Ali <asraa@google.com>

repokitteh: add support for randomized auto-assign. (#14185)

This will allow us to pick dedicated API shepherds for each PR, ensuring
we have clear review ownership.

Fixes #13350

Signed-off-by: Harvey Tuch <htuch@google.com>

docs: clarify behavior of hedge_on_per_try_timeout (#12983)

Signed-off-by: Ilya Konstantinov <ilya.konstantinov@gmail.com>

update cares (#14213)

Update c-ares library to version 1.17.1

Signed-off-by: Asra Ali <asraa@google.com>

thrift filter: support skip decoding data after metadata in the thrift message (#13592)

Fixes #13082

Support skip decoding data after metadata in the thrift message.

In payload_passthrough mode, there are some issues:

Envoy cannot detect some errors and exceptions ( e.g. a reply that contains exceptions ). It's possible to improve this by peeking beginning of the payload.

payload_passthrough controls both request and response path. It can be split into two options if we want more fine-grained control.

FilterStatus passthroughData(Buffer::Instance& data, uint64_t bytes_to_passthrough) will not prohibit custom filters to modify buffer. Now it is assumed custom filters won't do that, otherwise behavior is undefined.

Risk Level: Medium
Testing:

unit test:

config
decoder
router
conn_manager
integration:

add an parameter payload_passthrough
manual:

send requests and verify responses

Signed-off-by: Tong Cai <caitong93@gmail.com>

dependencies: fix release_dates error behavior. (#14216)

Previously was exiting 0, so failures still passed CI.

Signed-off-by: Harvey Tuch <htuch@google.com>

http: add Kill Request HTTP filter (#14170)

Add a KillRequest HTTP filter which can crash Envoy when receiving a Kill request. It will be used to fault inject kill request to Envoy and measure the blast radius.

Risk Level: Low, new feature.
Testing: Unit/integration tests.
Docs Changes: Added
Release Notes: Added
Issue: #13978

Signed-off-by: Qin Qin <qqin@google.com>

Windows: enable tests and envoy-static.exe pdb file (#13688)

Introduce debugging output for msvc-cl and clang-cl opt binaries in
order to be able to unwind stack traces from windows core files.

Mark additional tests fails on windows based on clang-cl build
observed test failures

Work around problematic googletests with clang-cl compilation

Solve problematic missing override declarations of mocks by temporarilly
adding -Wno-inconsistent-missing-override for clang. (It appears
googletest on clang-cl isn't handling something that our gcc, clang and
msvc-cl builds all ignore without the warning override.

Workaround THROW tests which googletest with clang-cl are framing as
as -Wdiscard errors.

Workaround nodiscard next() method error

Follow up about discarded results of singleton construction and other
discarded odd or apparently irrelevant function call results.

Holding on adding clang-cl CI until LLVM 11.0.0 can be used on Windows
with Bazel (requires Bazel 3.7.1 and 4.0.0 releases)

Risk Level: Low (only affects Windows build)
Testing: Verified locally
Docs Changes: N/A
Release Notes: N/A
Platform Specific Features: N/A
Related to #11974 (partially addresses)

Co-authored-by: Sunjay Bhatia <sunjayb@vmware.com>
Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>
Co-authored-by: William A Rowe Jr <wrowe@vmware.com>
Signed-off-by: William A Rowe Jr <wrowe@vmware.com>

Fix some errors in the switch statement when decode dubbo response (#14207)

Signed-off-by: wbpcode <comems@msn.com>

Update docs for skywalking tracer (#14210)

Commit Message: update docs for skywalking tracer
Additional Description:

Add some docs for SkyWalking tracer. This is a supplement for #13060. It has been delayed until now for personal reasons.

Risk Level: Low
Testing: N/A
Docs Changes: Docs Only
Release Notes: N/A
Platform Specific Features: N/A

Signed-off-by: wbpcode <comems@msn.com>

cleanup: replace ad-hoc [0, 1] value types with UnitFloat (#14081)

Add IntervalValue and its specialization UnitFloat, and use them to
guarantee that ScaledMinimum's scale_factor_ is in the range [0, 1].
Also do the same for OverloadActionState, and replace
ScaledTimerManagerImpl::DurationScaleFactor with UnitFloat, which is a
functional no-op.

Signed-off-by: Alex Konradi <akonradi@google.com>

dependencies: allowlist CVE-2020-8277 to prevent false positives. (#14228)

The CVE scanner is alerting on CVE-2020-8277 despite the c-ares
upgrade in #14213, since the CVE applies to nodejs (and http-parser)
rather than c-ares.

Signed-off-by: Harvey Tuch <htuch@google.com>

bazelci: add fuzz coverage (#14179)

Signed-off-by: Lizan Zhou <lizan@tetrate.io>

upstream: avoid reset after end_stream in TCP HTTP upstream (#14106)

Signed-off-by: Snow Pettersen <snowp@lyft.com>

Windows: Enable flaky test result processing (#14102)

Signed-off-by: William A Rowe Jr <wrowe@vmware.com>
Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>

[access log] Refactor gRPC access logger to support log sinks with different proto messages (#14175)

Refactor gRPC access logger to support log sinks with different proto messages

Signed-off-by: Yan Avlasov <yavlasov@google.com>

dependencies: allowlist CVE-2020-7768 to prevent false positives. (#14239)

This only appears to affect Javascript gRPC. cve_scan.py runs cleanly
after adding this.

Signed-off-by: Harvey Tuch <htuch@google.com>

cluster manager: use clusters() instead of get() for main thread cluster validation (#14204)

This is a follow up to #13906. It replaces use of the thread local
clusters with the main thread clusters() output for static route
validation. This will enable further cleanups in the cluster manager
code.

Signed-off-by: Matt Klein <mklein@lyft.com>

config: reworking HTTP upstream config (#14079)

Replacing the http-protocol-specific fields in the cluster config with a new plugin

Risk Level: medium
Testing: updated tests to use the new config
Docs Changes: updated docs to use the new config
Release Notes: deprecation notes in the PR
Deprecated: all http-specific cluster config.

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

protodoc: Add label for field. (#14227)

Add label for the field in protobuf. See #3458

Risk Level: High
Testing: format

Fixes #3458

Signed-off-by: Manish Kumar <manish.kumar1@india.nec.com>

postgres: Fix incorrect transaction metrics calculation (#14068)

This patch fixes incorrect transaction metrics calculation on the Postgres filter. In Postgres, all single statements are considered as an implicit transaction if they are not executed inside an explicit transaction block, but if they are so the transaction metrics should be increased once per transaction block and not for each statement.

Risk Level: Low
Testing: Improved unit tests
Docs Changes: N/A
Release Notes: N/A
Platform-Specific Features: N/A
Fixes #14065

Signed-off-by: Fabrízio de Royes Mello <fabrizio@ongres.com>

External processing filter protos (#13893)

This introduces a new filter called the "external processing filter." It is intended to allow an external service to be able to operate as if it were part of the filter chain using a gRPC stream. It is intended to support a variety of use cases in which processing of HTTP requests and responses by an external service is desired.

A document that describes the filter can be found here:

https://docs.google.com/document/d/1IZqm5IUnG9gc2VqwGaN5C2TZAD9_QbsY9Vvy5vr9Zmw/edit#heading=h.3zlthggr9vvv

Signed-off-by: Gregory Brail <gregbrail@google.com>

wasm: use wasm_cc_binary from cpp-sdk and simplify BUILD rules (#14114)

Signed-off-by: Lizan Zhou <lizan@tetrate.io>

Clean up exceptions in proxy protocol listener (#14015)

replace exceptions with enum state|bool|optional (as appropriate) in proxy protocol listener extension.

Signed-off-by: Erica Manno <erica.manno@gmail.com>

connection: skip read activate call when reading from transport socket if the connection is read disabled (#14043)

Also, rename setReadBufferReady to setTransportSocketIsReadable to make its intended use more clear.

Signed-off-by: Antonio Vicente <avd@google.com>

xds: refactor and update API principles. (#14243)

* xds: refactor and update API principles.

* Remove API_OVERVIEW.md, the content here is really stale and reflects
  the v1 -> v2 migration. There is little content here of use.

* Move API principles from API_OVERVIEW.md to STYLE.md.

* Update some of the principles, in particular expressing client/server
  directional neutrality and avoiding breaking changes that don't bring
  major user facing wins.

* APIs should be human readable.

Signed-off-by: Harvey Tuch <htuch@google.com>

[Windows CI] Fix issue with Slack message for flaky tests (#14252)

Signed-off-by: Sotiris Nanopoulos <sonanopo@microsoft.com>

Fix fake_upstreams_ index for xds_upstream_ in tests (#14251)

Fix fake_upstreams_ index for xds_upstream_ in tests
fake_upstreams_ could have more or less than 2 elements depending on fake_upstream_count_

Additional Description: See createUpstreams() in BaseIntegrationTest::initialize()
Risk Level: n/a (test only)
Testing: Run integration tests that set fake_upstream_count_ != 2 (protocol_integration_test and tcp_proxy_integration_test)
Docs Changes: N/A
Release Notes: N/A

Signed-off-by: Taylor Barrella <tabarr@google.com>

skip parsing HttpBody field and pass query params as-is (#13679)

Check the request url, if there is any HttpBody, and `method_info->request_body_field_path` is not  a prefix of `resolved_binding.field_path`, skip parsing HttpBody field. This avoid we may skip some HttpBody objects which were intended to be configurable by query arguments.
Testing: Add a new unit test to cover the changes.
Docs Changes: n/a
Fixes #13634

Signed-off-by: Curry Xu <sakura8mery@gmail.com>

matching: initial implementation of matching API (#14038)

This introduces the main types behind the matching API and partially implements the matching logic.

This is based on the POC in #13365, and so includes many of the concepts necessary
to support matching on a stream of data (e.g. HTTP bodies).

Signed-off-by: Snow Pettersen <snowp@lyft.com>

xdstp: flatten resource locators/names to strings. (#14241)

As per discussion summarized in
xdstp:// names/locators in the API initially. Instead, we will re-use existing string fields for
names and special case any name with a xdstp: prefix. We leave open the option of introducing
structured representation, in particular for efficiency wins, at a later point.

Risk level: Low (not in use yet)
Testing: CI

Signed-off-by: Harvey Tuch <htuch@google.com>

buffer: Optimize memory layout for buffer slices so it is better aligned with the 16KB transport socket read size (#14111)

* buffer: Use external control block for owned slices

Signed-off-by: Antonio Vicente <avd@google.com>

Add ability for callbacks subscribed via addBytesSentCallback to (#14245)

add ability for callbacks subscribed via addBytesSentCallback to unsubscribe from subsequent calls.

Additional Description:
This is pre-requisite for startTls transport socket. StartTls transport socket wants to be notified via BytesSentCB only at the beginning of the session and once initial data has been sent out, it wants to unsubscribe from receiving subsequent calls.

Risk Level: Low
Testing: Added unit test.
Docs Changes: No.
Release Notes: No

Signed-off-by: Christoph Pakulski <christoph@tetrate.io>

stack_decode: ignore decoding errors (#14267)

This can be a problem when setting logging level to trace mode.

Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>

http perf: move data instead of copying it for large http/1 bodies (#14236)

Signed-off-by: Greg Greenway <ggreenway@apple.com>

http: add functionality to configure kill header in KillRequest proto (#14288)

Add functionality to configure kill header in KillRequest proto. If configured in the proto, it will override the default kill header.

Risk Level: Low, new feature.
Testing: Unit/integration tests.
Docs Changes: Added
Release Notes: Added
Issue: #13978

Signed-off-by: qqustc@gmail.com <qqin@google.com>

test: disable flaky xds_integration_test. (#14287)

As per #14286.

Signed-off-by: Harvey Tuch <htuch@google.com>

fix http2 flaky test (#14261)

Signed-off-by: Sotiris Nanopoulos <sonanopo@microsoft.com>

access_loggers: removed redundant dep (#14274)

Signed-off-by: Adi Suissa-Peleg <adip@google.com>

typo in redis doc (#14248)

Signed-off-by: Abhay Narayan Katare <abhay.katare@india.nec.com>

dependencies: allowlist CVE-2018-21270 to prevent false positives. (#14294)

This does not relate to http-parser.

Signed-off-by: Harvey Tuch <htuch@google.com>

docs: fix typo (#14237)

Signed-off-by: Albert <shuaizhexu@gmail.com>

wasm: use Bazel rules from Proxy-Wasm Rust SDK. (#14292)

Signed-off-by: Piotr Sikora <piotrsikora@google.com>

test: putting fake upstream config in a struct (#14266)

This allows adding arguments without changing many function across helper functions, autonomous upstream and fake upstream.

Risk Level: n/a (test only)
Testing: tests pass
Docs Changes: n/a
Release Notes: n/a
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

matcher: fix UB bug caused by dereferencing a bad optional (#14271)

Signed-off-by: Snow Pettersen <snowp@lyft.com>

config: v2 transport API fatal-by-default. (#14223)

This is a followup to #13950 in which the transport API is also
fatal-by-default.

Risk level: High (this will break anyone who is still using v2 and has
not enabled CLI or runtime override)
Testing: Various tests updated as described above. New unit test added
for bootstrap to server_test and to ads_integration_test for
dynamic rejection behavior. api_version_integration_test continues to
provide the definitive cross-version transport API integration test.
Release Notes: Same as #13950.

Signed-off-by: Harvey Tuch <htuch@google.com>

[Win32 Signals] Add term and ctrl-c signal handlers (#13954)

Part 1 of #13188. Adds support for ctrl+c and ctrl+break for Envoy on Windows.

The implementation for this following:

* On platform_impl we register a CtrlHandler which runs on a separate thread.
* On signal_impl we register a read event reader.
Thread (1) and (2) communicate via a socket pair and the event is handled on Windows the same way as it is handled on POSIX

Signed-off-by: Sotiris Nanopoulos <sonanopo@microsoft.com>

test: add scaled timer integration test (#14290)

Add an integration test that verifies that when the resource pressure
attached to the reduce_timeouts overload action changes, it affects
streams that were created previously.

This also sets up for creating integration tests for other scaled
timeouts.

Signed-off-by: Alex Konradi <akonradi@google.com>

stats: Factor out creation of cluster-stats StatNames from creation of the stats, to save CPU during xDS updates (#14028)

Commit Message: Adds a new set of macros in stat_macros.h for separately declaring the names of stats, to hold in a factory, and then for creating the stats based on the symbolized names. This removes a symbol-table contention bottleneck for stats that are created by name during operation. Two such instances are resolved in this PR: Cluster stats and Route filter stats.
Additional Description: There were two infrastructural issues expanding the file-count in this PR, but hopefully not the conceptual complexity:

the addition of Router::Context and plumbing that through various factories and their mocks
the saving of StatNames in mock structures that are subsequently used elsewhere requires that a global symbol table be used. This was not difficult as there was already a mechanism for a test-only global symbol table, but it turned out to be easiest to move the declaration of the global symbol table structure from test/mocks/stats/mocks.h to test/common/stats/stat_test_utility.h. Doing this avoided switching from IsolatedStoreImpl to the mock version, which has some subtle functional changes.
Risk Level: low
Testing: //test/...
Docs Changes: will update stats.md as a follow-up
Release Notes: n/a
Platform Specific Features: n/a

Signed-off-by: Joshua Marantz <jmarantz@google.com>

Fix lint

Signed-off-by: Itamar Kaminski <itamark@google.com>

extension: use bool_flag to control extension link (#14240)

Pulling bazel stuff out of #14094. Use the new kill request extension as example.

Signed-off-by: Lizan Zhou <lizan@tetrate.io>

 lua: update deprecated lua_open to luaL_newstate (#14297)

 lua_open is deprecated in Lua 5.1 and removed in the later version,
 though LuaJIT might keep the API unchanged.

 In LuaJIT, lua_open is just an alias of luaL_newstate.

Signed-off-by: spacewander <spacewanderlzx@gmail.com>

[conn_pool] fix use after free in H/1 connection pool (#14220)

Fixes use after free when dispatcher tries to run conn_pool->onUpstreamReady() after the connection pool was destroyed. Reverts back to a schedulable callback per https://github.com/envoyproxy/envoy/pull/13867/files

Signed-off-by: Asra Ali <asraa@google.com>

tracing: Add hostname to Zipkin config.  (#14186) (#14187)

Signed-off-by: John Esmet <john.esmet@gmail.com>

Fix TSAN bug in integration test (#14327)

Don't delete the HTTP stream prematurely.

Signed-off-by: Alex Konradi <akonradi@google.com>

event: Remove a source of non-determinism by always running deferred deletion before post callbacks (#14293)

Signed-off-by: Antonio Vicente <avd@google.com>

Fix error message formatting test

Signed-off-by: Itamar Kaminski <itamark@google.com>

docs: remove spurious comment marker (#13848)

Signed-off-by: Snow Pettersen <snowp@lyft.com>

[fuzz] Added Round Robin load balancer fuzz test (#13722)

* Added Round Robin load balancer fuzz test

Signed-off-by: Zach <zasweq@google.com>

[fuzz] Added status frame support to h2 fuzz test (#13807)

* Added status frame support to h2 fuzz test

Signed-off-by: Zach <zasweq@google.com>

Fix divide-by-zero in GradientController (#13823)

Fixes https://oss-fuzz.com/testcase-detail/6268043707285504

Signed-off-by: Joseph Griego <jjgriego@google.com>

docs: cluster configuration updated directly on Envoy container's filesystem (#13854)

Signed-off-by: Andrea Di Lisio <andrea.dilisio91@gmail.com>

tls: allow 4096-bit RSA keys in FIPS mode. (#13851)

4096-bit keys are allowed per latest Implementation Guide:
https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/fips140-2/fips1402ig.pdf

Based on a similar change in BoringSSL:
https://boringssl.googlesource.com/boringssl/+/80e3f957e46bf2af828d67065bc19d9471f368fd

Signed-off-by: Piotr Sikora <piotrsikora@google.com>

tls: Remove tls slot callback replacement-value (#13849)

Commit Message: Removes the return-value semantics for runOnAllThreads callbacks; now the function type has void return, so we can remove the ASSERTs and simplify the code.

Also changes a few more instances of SlotPtr to TypedSlot. Still about 30 remain.

Moves Slot::runOnAllThreads to the protected section to prevent new dynamically uses from emerging.
Additional Description:
Risk Level: low
Testing: //test/...
Docs Changes: n/a
Release Notes: n/a

Signed-off-by: Joshua Marantz <jmarantz@google.com>

build: exclude wee8/out from inputs (#13866)

If you build without sandboxing for performance, the output files from
this custom build genrule contained timestamps which caused it to
rebuild every single build.

Signed-off-by: Keith Smiley <keithbsmiley@gmail.com>

add OAuth documentation and fix filter inconsistencies (#13750)

Signed-off-by: William Fu <wfu@pinterest.com>

docs/examples: Update dynamic fs sandbox (#13861)

Signed-off-by: Ryan Northey <ryan@synca.io>

tls: remove deprecated cipher suites from client defaults. (#13850)

Signed-off-by: Piotr Sikora <piotrsikora@google.com>

jwt_authn: Support per-route config (#13773)

Adding support on per-route config with following goal:  not to do RouteMatch twice.   Currently the filter is using RouteMatch to match a request with a specific Jwt requirement.   But RouteMatch is also performed at routing, so the RouteMatch is done twice.

If a Jwt requirement can be specified at the per-route config,  one of RouteMatch can be eliminated.

1) Add a `requirement_map`  to associate a requirement_name with a JwtRequirement in the filter config `JwtAuthentication`.
2) Add per-route-config as followings:
*  a requirement_name to specify a JwtRequirement. or
*  `disabled` flag to bypass Jwt verification if it is true.

Risk Level:  None.  Added a new feature, old features are not impacted.
Testing:  Added unit-tests and integration tests.
Docs Changes: Yes
Release Notes: Added
Platform Specific Features: None

Signed-off-by: Wayne Zhang <qiwzhang@google.com>

Add Connection_Termination_Details as a CEL property (#13821)

Commit Message: Add Connection_Termination_Details as a CEL property
Additional Description:
Risk Level: low
Testing: unit tests
Docs Changes: yes
Release Notes: yes

Signed-off-by: gargnupur <gargnupur@google.com>

tap: warn when using admin tap and admin is listening on a pipe (#13838)

Docs were done in a previous PR.

Fixes #6387

Risk Level: Low
Testing: New UT
Docs Changes: Already done
Release Notes: N/A
Platform Specific Features: N/A
Signed-off-by: Matt Klein <mklein@lyft.com>

examples: Fix verify.sh sed commands for mac compatibility (#13876)

Signed-off-by: Ryan Northey <ryan@synca.io>

[Windows] Address status/fix various flaky_on_windows tests (#13837)

These fixes reflect that the timing on windows is often less
synchronous than linux observations, due to the design of the
underlying socket stack.

- Correct listener_impl_test, fixes
    TcpListenerImplTest.SetListenerRejectFractionIntermediate

- In QuicHttpIntegrationTest, the MultipleQuicConnectionsWithBPF is renamed to
    capture the intent of the test.

- Enable no-longer-failing tests (no failure observed in RBE or locally)
    //test/extensions/grpc_credentials/file_based_metadata:integration_test
    //test/extensions/transport_sockets/alts:tsi_handshaker_test
    //test/integration:http2_flood_integration_test
    //test/integration:http2_upstream_integration_test
    //test/integration:overload_integration_test
    //test/server:guarddog_impl_test

Co-authored-by: Sunjay Bhatia <sunjayb@vmware.com>
Co-authored-by: William A Rowe Jr <wrowe@vmware.com>
Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>
Signed-off-by: William A Rowe Jr <wrowe@vmware.com>

[ci] limit number of codeql targets conservatively to 3 (#13881)

Signed-off-by: Asra Ali <asraa@google.com>

http2: moving functionality from http2 pool to client (#13869)

As part of #3431 we need to move the logic from HTTP/1 and HTTP/2 connection pools to the active client, so the new mixed connection pool can just create an active client of the right type and have all the logic in the client, not split between the client and the pool.

This removes functions for the HTTP/2 pool not moved in #13867

Risk Level: Medium (data plane refactor)
Testing: existing tests pass
Docs Changes: n/a
Release Notes: n/a
Part of #3431

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

Revert "sds: keep warming when dynamic inserted cluster can't be extracted secret entity (#13344)" (#13886)

This reverts commit e5a8c21b53eab49770c7ab94c1dd357d4191d413.

Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>

codeowners: adding ggreenway to some extensions (#13888)

Signed-off-by: Greg Greenway <ggreenway@apple.com>

tracer: Add SkyWalking tracer (#13060)

This patch adds a new tracer to support the SkyWalking tracing mechanism and format.

Risk Level: Low, a new extension.
Testing: Unit
Docs Changes: Added
Release Notes: Added

Signed-off-by: wbpcode <comems@msn.com>

proxy_proto: fixing hashing bug (#13768)

Fix a bug where the transport socket options for the first downstream got reused for subsequent upstream connections.

Risk Level: low
Testing: new integration test
Docs Changes: n/a
Rele…
@cpakulski cpakulski deleted the issue/14113 branch December 14, 2020 21:10
istio-testing pushed a commit to istio/envoy that referenced this pull request Jan 8, 2021
* docs: kick-off 1.15.1 release. (envoyproxy#12166)

Signed-off-by: Piotr Sikora <piotrsikora@google.com>

* tls: update BoringSSL-FIPS to 20190808. (envoyproxy#12170)

Signed-off-by: Piotr Sikora <piotrsikora@google.com>

* test: Exclude wasm_vm_test from CI by making it a "manual" test. (#207)

The wee v8 build times out in CI under --config=asan because the machine the job is scheduled on is too small.

Signed-off-by: Antonio Vicente <avd@google.com>

* [v1.15] http: header map security fixes for duplicate headers (#197) (#200)

Previously header matching did not match on all headers for
non-inline headers. This patch changes the default behavior to
always logically match on all headers. Multiple individual
headers will be logically concatenated with ',' similar to what
is done with inline headers. This makes the behavior effectively
consistent. This behavior can be temporary reverted by setting
the runtime value "envoy.reloadable_features.header_match_on_all_headers"
to "false".

Targeted fixes have been additionally performed on the following
extensions which make them consider all duplicate headers by default as
a comma concatenated list:
1) Any extension using CEL matching on headers.
2) The header to metadata filter.
3) The JWT filter.
4) The Lua filter.
Like primary header matching used in routing, RBAC, etc. this behavior
can be disabled by setting the runtime value
"envoy.reloadable_features.header_match_on_all_headers" to false.

Finally, the setCopy() header map API previously only set the first
header in the case of duplicate non-inline headers. setCopy() now
behaves similiarly to the other set*() APIs and replaces all found
headers with a single value. This may have had security implications
in the extauth filter which uses this API. This behavior can be disabled
by setting the runtime value
"envoy.reloadable_features.http_set_copy_replace_all_headers" to false.

Fixes https://github.com/envoyproxy/envoy-setec/issues/188

Signed-off-by: Matt Klein <mklein@lyft.com>

* backport to v1.15: Fix Kafka Repository Location (#223)

Update mirror used to fetch kafka dependency to a valid, working mirror.

Based on envoyproxy#13025
Resolves envoyproxy#13011

Signed-off-by: Antonio Vicente <avd@google.com>

* release: cutting 1.15.1 (#217)

Signed-off-by: Antonio Vicente <avd@google.com>

* docs: Fix release notes for v1.15.1 release. (envoyproxy#13318)

Signed-off-by: Antonio Vicente <avd@google.com>

* Backport flaky test and tsan fixes to releases/v1.15 branch (envoyproxy#13337)

* hds: fix integration test flakes (envoyproxy#12214)

Part of envoyproxy#12184

Signed-off-by: Matt Klein <mklein@lyft.com>
Signed-off-by: Antonio Vicente <avd@google.com>

* Switch to a tsan-instrumented libc++ for tsan tests (envoyproxy#12134)

This fixes envoyproxy#9784 and re-enables vhds_integration_test

Risk Level: Low, but will most likely increase memory usage

Signed-off-by: Dmitri Dolguikh <ddolguik@redhat.com>

Signed-off-by: Antonio Vicente <avd@google.com>

* test: shard hds_integration_test (envoyproxy#12482)

This should avoid TSAN timeout flakes.

Signed-off-by: Matt Klein <mklein@lyft.com>
Signed-off-by: Antonio Vicente <avd@google.com>

* test: shard http2_integration_test (envoyproxy#11939)

This should mitigate TSAN timeout.

Signed-off-by: Lizan Zhou <lizan@tetrate.io>
Signed-off-by: Antonio Vicente <avd@google.com>

* test: fix http2_integration_test flake (envoyproxy#12450)

Fixes envoyproxy#12442

Signed-off-by: Matt Klein <mklein@lyft.com>
Signed-off-by: Antonio Vicente <avd@google.com>

* Kick CI

Signed-off-by: Antonio Vicente <avd@google.com>

Co-authored-by: Matt Klein <mklein@lyft.com>
Co-authored-by: Dmitri Dolguikh <ddolguik@redhat.com>
Co-authored-by: Lizan Zhou <lizan@tetrate.io>

* docs: kick off v1.15.3-dev (envoyproxy#13695)

Signed-off-by: Christoph Pakulski <christoph@tetrate.io>

* 1.15: CI fixes backport (envoyproxy#13697)

Backport following commits to 1.15:
748b2ab (mac ci: try ignoring update failure (envoyproxy#13658), 2020-10-20)
f95f539 (ci: various improvements (envoyproxy#13660), 2020-10-20)
73d78f8 (ci: use multiple stage (envoyproxy#13557), 2020-10-15)
b7a4756 (ci: use azp for api and go-control-plane sync (envoyproxy#13550), 2020-10-14)
876a6bb (ci use azp to sync filter example (envoyproxy#13501), 2020-10-12)
a0f31ee (ci: use azp to generate docs (envoyproxy#13481), 2020-10-12)

Signed-off-by: Lizan Zhou <lizan@tetrate.io>
Co-authored-by: asraa <asraa@google.com>

* 1.15: fix CI script (envoyproxy#13724)

Signed-off-by: Lizan Zhou <lizan@tetrate.io>

* Prevent SEGFAULT when disabling listener (envoyproxy#13515) (envoyproxy#13903)

This prevents the stop_listening overload action from causing
segmentation faults that can occur if the action is enabled after the
listener has already shut down.

Signed-off-by: Alex Konradi <akonradi@google.com>
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>

* proxy protocol: set downstreamRemoteAddress on StreamInfo (envoyproxy#14131) (envoyproxy#14169)

This fixes a regression which resulted in the downstreamRemoteAddress
on the StreamInfo for a connection not having the address supplied by
the proxy protocol filter, but instead having the address of the
directly connected peer.

This issue does not affect HTTP filters.

Fixes envoyproxy#14087

Signed-off-by: Greg Greenway <ggreenway@apple.com>
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>

* ci: temproray disable vhds_integration_test in TSAN (envoyproxy#12067) (envoyproxy#14217)

Signed-off-by: Lizan Zhou <lizan@tetrate.io>

* tcmalloc changed and the data coming out of tcmalloc::MallocExtension::GetNumericProperty("generic.current_allocated_bytes") (envoyproxy#14165)

Commit Message: tcmalloc changed and the data coming out of tcmalloc::MallocExtension::GetNumericProperty("generic.current_allocated_bytes") no longer appears to be deterministic, even in unthreaded tests. So disable exact mem checks till we sort that out
Additional Description:
Risk Level: low
Testing: just thread_local_store_test
Docs Changes: n/a
Release Notes: n/a

no longer appears to be deterministic, even in unthreaded tests. So disable exact mem checks till we sort that out

Signed-off-by: Joshua Marantz <jmarantz@google.com>
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>

Co-authored-by: Joshua Marantz <jmarantz@google.com>

* backport to v1.15: connection: Remember transport socket read resumption requests and replay them when re-enabling read. (envoyproxy#13772) (envoyproxy#14173)

* connection: Remember transport socket read resumption requests and replay them when re-enabling read. (envoyproxy#13772)

Fixes SslSocket read resumption after readDisable when processing the SSL record that contains the last bytes of the HTTP message

Signed-off-by: Antonio Vicente <avd@google.com>

* backport to 1.15: udp: properly handle truncated/dropped datagrams (envoyproxy#14122) (envoyproxy#14166)

Signed-off-by: Matt Klein <mklein@lyft.com>
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Co-authored-by: Matt Klein <mklein@lyft.com>
Co-authored-by: Christoph Pakulski <christoph@tetrate.io>

* backport to 1.15: vrp: allow supervisord to open its log file (envoyproxy#14066) (envoyproxy#14280)

Commit Message: Allow supervisord to open its log file
Additional Description:
Change the default location of the log file and give supervisord
permissions to write to it.

Risk Level: low
Testing: built image locally
Docs Changes: n/a
Release Notes: n/a
Platform Specific Features: n/a

Signed-off-by: Alex Konradi <akonradi@google.com>
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>

* rel 1.15: close release 1.15.3 (envoyproxy#14303)

Signed-off-by: Christoph Pakulski <christoph@tetrate.io>

* Kick off rel 1.15.4. (envoyproxy#14323)

Signed-off-by: Christoph Pakulski <christoph@tetrate.io>

* backport to 1.15: http: fix datadog and squash handling of responses without body (envoyproxy#13328) (envoyproxy#14458)

Commit Message: Fixing bugs in datadog and sqaush where unexpected bodyless responses would crash Envoy
Risk Level: low
Testing: new unit tests, updated certs
Docs Changes: n/a
Release Notes: inline
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Co-authored-by: alyssawilk <alyssar@chromium.org>

* backport 1.15: http: fixing a bug with IPv6 hosts (envoyproxy#14273)

Fixing a bug where HTTP parser offsets for IPv6 hosts did not include [] and Envoy assumed it did.
This results in mis-parsing addresses for IPv6 CONNECT requests and IPv6 hosts in fully URLs over HTTP/1.1

Risk Level: low
Testing: new unit, integration tests
Docs Changes: n/a
Release Notes: inline

Signed-off-by: Shikugawa <rei@tetrate.io>
Co-authored-by: alyssawilk <alyssar@chromium.org>

* backport to 1.15: tls: fix detection of the upstream connection close event. (envoyproxy#13858) (envoyproxy#14568)

Fixes envoyproxy#13856.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>

Co-authored-by: Piotr Sikora <piotrsikora@google.com>
Co-authored-by: antonio <avd@google.com>
Co-authored-by: Matt Klein <mklein@lyft.com>
Co-authored-by: Dmitri Dolguikh <ddolguik@redhat.com>
Co-authored-by: Lizan Zhou <lizan@tetrate.io>
Co-authored-by: Christoph Pakulski <christoph@tetrate.io>
Co-authored-by: asraa <asraa@google.com>
Co-authored-by: Joshua Marantz <jmarantz@google.com>
Co-authored-by: Rei Shimizu <Shikugawa@gmail.com>
Co-authored-by: alyssawilk <alyssar@chromium.org>
@asraa asraa mentioned this pull request Feb 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

crash when udp packet size large than 1500
2 participants