hcm: forbid use of detection extensions with use_remote_addr/xff_num_trusted_hops#17558
Merged
mattklein123 merged 7 commits intoenvoyproxy:mainfrom Aug 9, 2021
Merged
Conversation
…um_trusted_hops Mixing extensions with previously existing knobs leads to undefined behavior, so this removes the deprecation around xff_num_trusted_hops and ensures that it's not mixed with extensions. Note that a unit test already exists for the original bug report, where use_remote_address is used with xff_num_trusted_hops > 0. However it uses the XFF extension instead of the old knob. Given this is now forbidden, there's no need for additional tests wrt that config combination. Fixes envoyproxy#17554. Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>
|
CC @envoyproxy/api-shepherds: Your approval is needed for changes made to |
Member
Author
|
One possible wrinkle is: which means, if you are using an extension (or a list of them) you won't be able to treat requests as edge. However, if you are using an extension you most likely are not on the edge. So we can punt solving this one, until an extension writer comes along with the need to label requests as edge. |
Member
Author
|
/retest |
|
Retrying Azure Pipelines: |
mattklein123
requested changes
Aug 2, 2021
Member
mattklein123
left a comment
mattklein123
left a comment
There was a problem hiding this comment.
Thanks this makes sense to me. I feel like there should be more documentation around this. Can we explain this somewhere in the arch overview or HTTP docs where we already talk about XFF, num trusted hops, etc.?
/wait
Member
Author
Added some, looking for additional spots that could use warnings around the mix of extensions and the pre-existing knobs. |
Member
Author
|
/wait |
Member
Author
|
/wait |
added 2 commits
August 4, 2021 17:56
Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>
Member
|
Oops looks like you need a main merge. /wait |
Member
Author
|
Err this seems unrelated: cc: @phlax |
Member
Author
|
/retest |
|
Retrying Azure Pipelines: |
Member
Author
|
In the case of ARM: |
Member
Author
|
/retest |
|
Retrying Azure Pipelines: |
mpuncel
added a commit
to mpuncel/envoy
that referenced
this pull request
Aug 11, 2021
* main: (687 commits) ci: set build debug information from env (envoyproxy#17635) ext_authz: do the authentication even the direct response is set (envoyproxy#17546) upstream: various cleanups in connection pool code (envoyproxy#17644) owners: promote Dmitry to maintainer (envoyproxy#17642) quiche: client session supports creating bidi stream (envoyproxy#17543) Update HTTP/2 METADATA documentation. (envoyproxy#17637) ext_proc: Check validity of the :status header (envoyproxy#17596) test: add ASSERT indicating that gRPC stream has not been started yet (envoyproxy#17614) ensure that the inline cookie header will be folded correctly (envoyproxy#17560) cluster_manager: Make ClusterEntry a class instead of a struct (envoyproxy#17616) owners: make Raúl a Thrift senior extension maintainer (envoyproxy#17641) quiche: update QUICHE dependency (envoyproxy#17618) Delete mock for removed RouteEntry::perFilterConfig() method (envoyproxy#17623) REPO_LAYOUT.md: fix outdated link (envoyproxy#17626) hcm: forbid use of detection extensions with use_remote_addr/xff_num_trusted_hops (envoyproxy#17558) thrift proxy: add request shadowing support (envoyproxy#17544) ext_proc: Ensure that timer is always cancelled (envoyproxy#17569) Proposal: Add CachePolicy interface to allow for custom cache behavior (envoyproxy#17362) proto: fix verify to point at v3 only (envoyproxy#17622) api: move generic matcher proto to its own package (envoyproxy#17096) ...
mpuncel
added a commit
to mpuncel/envoy
that referenced
this pull request
Aug 16, 2021
* main: (687 commits) ci: set build debug information from env (envoyproxy#17635) ext_authz: do the authentication even the direct response is set (envoyproxy#17546) upstream: various cleanups in connection pool code (envoyproxy#17644) owners: promote Dmitry to maintainer (envoyproxy#17642) quiche: client session supports creating bidi stream (envoyproxy#17543) Update HTTP/2 METADATA documentation. (envoyproxy#17637) ext_proc: Check validity of the :status header (envoyproxy#17596) test: add ASSERT indicating that gRPC stream has not been started yet (envoyproxy#17614) ensure that the inline cookie header will be folded correctly (envoyproxy#17560) cluster_manager: Make ClusterEntry a class instead of a struct (envoyproxy#17616) owners: make Raúl a Thrift senior extension maintainer (envoyproxy#17641) quiche: update QUICHE dependency (envoyproxy#17618) Delete mock for removed RouteEntry::perFilterConfig() method (envoyproxy#17623) REPO_LAYOUT.md: fix outdated link (envoyproxy#17626) hcm: forbid use of detection extensions with use_remote_addr/xff_num_trusted_hops (envoyproxy#17558) thrift proxy: add request shadowing support (envoyproxy#17544) ext_proc: Ensure that timer is always cancelled (envoyproxy#17569) Proposal: Add CachePolicy interface to allow for custom cache behavior (envoyproxy#17362) proto: fix verify to point at v3 only (envoyproxy#17622) api: move generic matcher proto to its own package (envoyproxy#17096) ... Signed-off-by: Michael Puncel <mpuncel@squareup.com>
leyao-daily
pushed a commit
to leyao-daily/envoy
that referenced
this pull request
Sep 30, 2021
…trusted_hops (envoyproxy#17558) Mixing extensions with previously existing knobs leads to undefined behavior, so this removes the deprecation around xff_num_trusted_hops and ensures that it's not mixed with extensions. Note that a unit test already exists for the original bug report, where use_remote_address is used with xff_num_trusted_hops > 0. However it uses the XFF extension instead of the old knob. Given this is now forbidden, there's no need for additional tests wrt that config combination. Fixes envoyproxy#17554. Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Mixing extensions with previously existing knobs leads to undefined behavior,
so this removes the deprecation around xff_num_trusted_hops and ensures that
it's not mixed with extensions.
Note that a unit test already exists for the original bug report, where
use_remote_address is used with xff_num_trusted_hops > 0. However it uses
the old knob instead of XFF extension. Given this is now forbidden,
there's no need for additional tests wrt that config combination.
Fixes #17554.
Signed-off-by: Raul Gutierrez Segales rgs@pinterest.com