Closed
Conversation
…oyproxy#6505) Signed-off-by: Gabriel <gsagula@gmail.com>
…y#6558) Signed-off-by: Elisha Ziskind <eziskind@google.com>
…roxy#6556) Signed-off-by: Derek Argueta <dereka@pinterest.com>
Signed-off-by: Derek Argueta <dereka@pinterest.com>
Users will want to know how often connection pool overflows are happening. Count them. Signed-off-by: Kyle Larose <kyle@agilicus.com>
Link to RFC 8441 rather than the earlier working group draft. Fixes envoyproxy#6528 Signed-off-by: James Synge <jamessynge@google.com>
…ers (envoyproxy#6561) This was inspired by the same problem that PR#6448 is fixing, namely an overly strict string match. Elisha wanted a more focused fix, so I'm offering this for the next such case, enabling a test in test/common/router/config_impl_test.cc such as: EXPECT_THAT_THROWS_MESSAGE( TestConfigImpl(parseRouteConfigurationFromV2Yaml(yaml), factory_context_, true), EnvoyException, AllOf(HasSubstr("Unable to parse"), HasSubstr("virtual_hosts[0].routes[0].route.cors.enabled.value"), HasSubstr("invalid value 0 for type TYPE_BOOL"))); Signed-off-by: James Synge <jamessynge@google.com>
Description: Refactor the DubboProxy filter Risk Level: low Testing: unit test Docs Changes: inline Release Notes: add routing capabilities for the Dubbo protocol Signed-off-by: leilei.gll <leilei.gll@alibaba-inc.com>
* Implement QuicStreamBufferAllocator Signed-off-by: Dan Zhang <danzh@google.com>
…r flush (envoyproxy#6437) Change the behavior of the delayed_close_timeout such that it won't trigger unless there has been at least a delayed_close_timeout period of inactivity after the last write event on the socket pending to be closed. This mitigates a race where a slow client and/or low timeout value would cause the socket to be closed while data was actively being written to the socket. Note that this change does not eliminate this race since a slow client could still be considered idle by the updated timeout logic, but this should be very rare when useful values (i.e., >1s to avoid the race condition on close that this timer addresses) are configured. Risk Level: Medium Testing: New unit tests added Docs Changes: Updated version history and HttpConnectionManager proto doc Fixes envoyproxy#6392 Signed-off-by: Andres Guedez <aguedez@google.com>
Signed-off-by: Maxime Bedard <maxime.bedard@shopify.com>
…#6549) There's a few paths within the Thrift Proxy where we should ensure the connection is not closed, before trying to write. This change ensures that sendLocalReply() will return early if the connection is gone. It also adds a check for transformEnd(), which gets called from upstreamData(). Risk Level: low Testing: unit tests added Fixes: envoyproxy#6496 Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>
Signed-off-by: Dan Zhang <danzh@google.com>
… for hds_integration_test. (envoyproxy#6541) Description: It is hard to reason about tests that push time forward from more than one thread. This was happening in contention-tests. This adds some asserts to ensure that we don't do this in future tests, and fixes those tests that were doing it. Risk Level: low Testing: //test/..., and hds_integration_test witih tsan and --runs_per_test=1000 Docs Changes: n/a Release Notes: n/a Fixes: envoyproxy#6239 Signed-off-by: Joshua Marantz <jmarantz@google.com>
…envoyproxy#6491) In the fix patch for CVE-2019-9900, we introduced some basic HTTP/2 manual fuzzing, where single bytes were corrupted in a HEADERS frame, to attempt to show that NUL/CR/LF were handled. However, testing that relies on codec_impl_test has nghttp2 as both client and server. This implies that Huffman coding may be present, and single byte corruptions of 0x00 don't imply a NUL for example. In this patch, we take a more principled approach and use artisinal HEADERS frames that have no Huffman or dynamic table compression to validate the above single byte corruption property. A nice side effect of this is that we can derived from this infrastructure stateless request/response HEADERS fuzzers that can cover uncompressed (specifically no Huffman) paths, which is more likely to provide a direct access to nghttp2 codec header sanitization logic. Risk level: Low Testing: Unit tests and ran both fuzzers under oss-fuzz Docker image. Seems reasonably fast and no crashes locally. Signed-off-by: Harvey Tuch <htuch@google.com>
- issue separate, preceding "asking" command instead of prefixing "asking" to the redirected command. - combined all derived requests' onChildRedirection() methods into a single method. - fixed affected unit and integration tests. Signed-off-by: Mitch Sukalski <mitch.sukalski@workday.com>
Signed-off-by: Yaroslav Skopets <y.skopets@gmail.com>
…xy#6577) Fixes envoyproxy#6513. This issue has existed for quite some time, so I'm unclear why we just started seeing this. It's possible it's chance and it's also possible it's in some way related to the init changes, but either way, this is the correct fix. Risk Level: Low Testing: New UT Signed-off-by: Matt Klein <mklein@lyft.com>
Flakes noticed in CI: backing this out for now to keep CI healthy Risk Level: low Testing:just the one test Signed-off-by: Joshua Marantz <jmarantz@google.com>
…6574) Signed-off-by: Chris Paika <paika.christopher@gmail.com>
Description: Use StopAllIteration status for ext_authz filter. Risk Level: high. Testing: unit testing. Docs Changes: No behavior change expected. Release Notes: n/a Signed-off-by: Yang Song <yasong@google.com>
Signed-off-by: Elisha Ziskind <eziskind@google.com>
…#6578) Previously we were doing this when we create a new stream, but on a reused connection this can lead to us missing an upstream disconnection when the connection is placed back in the pool. Fixes envoyproxy#6190 Signed-off-by: Matt Klein <mklein@lyft.com>
Add per-thread dispatcher statistics for loop duration and poll delay, based on new "prepare" and "check" watchers added in libevent (libevent/libevent#793). See discussion in envoyproxy#4952. Risk Level: medium Testing: Added unit test, all existing tests pass, and running locally yields sane results. Docs Changes: Added a new page on "performance" discussing event loop. Release Notes: Added an entry noting new stats. Signed-off-by: Dan Rosen <mergeconflict@google.com>
…y#6460) This allows retrieving the pid/uid/gid from the connection if the connection is made using a unix socket. Signed-off-by: Snow Pettersen <snowp@squareup.com>
…#6585) Risk Level: Low Testing: Manual Signed-off-by: Matt Klein <mklein@lyft.com>
…oxy#6540) This is in preparation for implementing envoyproxy#5841 which will introduce request racing. As of this commit there is no situation where there will be more than one upstream request in flight, however it organizes the code in such a way that doing so will cause less code churn. Signed-off-by: Michael Puncel <mpuncel@squareup.com>
Signed-off-by: Maxime Bedard <maxime.bedard@shopify.com>
…nvoyproxy#6564) Remove the `HeaderString::c_str()` API, and migrate all callers of it to `getStringView()` and `string_view` style usage (ie, `absl::string_view::find` instead of C style comparisons) wherever appropriate. Risk Level: Medium. No logic changes intended, but this is delicate and risky code and a large portion of the code base was touched. Testing: `bazel test //test/...` Docs Changes: None Release Notes: None Fixes envoyproxy#6494 Signed-off-by: Dan Noé <dpn@google.com>
This fixes a performance regression that was introduced when support for degraded hosts was added: the list of hosts would be iterated over four times instead of the previous two (one for the hosts list, one for the hosts per locality list). This PR changes both partition operations to only iterate over the list of hosts once. Signed-off-by: Snow Pettersen <snowp@squareup.com>
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Brought back support for build recipes for V8 & WAVM. Signed-off-by: Piotr Sikora <piotrsikora@google.com>
jplevyak
pushed a commit
that referenced
this pull request
May 17, 2019
This is a manually minified variant of https://chromium.googlesource.com/chromium/src.git/+archive/74.0.3729.15/url.tar.gz, providing just the parts needed for url::CanonicalizePath(). This is intended to support a security release fix for CVE-2019-9901. Long term we need this to be moved to absl or QUICHE for upgrades and long-term support. Some specific transforms of interest: * url_parse.h is minified to just Component and flattened back into the URL directory. It does not contain any non-Chromium authored code any longer and so does not have a separate LICENSE. * envoy_shim.h adapts various macros to the Envoy context. 8 Anything not reachable from url::CanonicalizePath() has been dropped. * Header include paths have changed as needed. * BUILD was manually written. * Various clang-tidy and format fixes. Risk level: Low Testing: Validated with WiP PR for CVE-2019-9901. Signed-off-by: Harvey Tuch <htuch@google.com>
jplevyak
pushed a commit
that referenced
this pull request
Sep 5, 2019
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
jplevyak
pushed a commit
that referenced
this pull request
Oct 10, 2019
recover gogoproto annotation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
For an explanation of how to fill out the fields, please see the relevant section
in PULL_REQUESTS.md
Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
[Optional Fixes #Issue]
[Optional Deprecated:]