[HeaderMap] Eliminate non-const header access functions follow-up

[asraa]

Action item for CVE-2019-15226

Following up on the patch for CVE-2019-15226 (#8520), where we added a cached_byte_size_ optional in HeaderMap that is updated with modifications to the HeaderMap, we should take steps to maintain an always-valid internal byte size count:

This would involve eliminating the non-const inline header access functions defined here:

envoy/include/envoy/http/header_map.h

Lines 351 to 355 in 48c7c20

	#define DEFINE_INLINE_HEADER(name) \
	virtual const HeaderEntry* name() const PURE; \
	virtual HeaderEntry* name() PURE; \
	virtual HeaderEntry& insert##name() PURE; \
	virtual void remove##name() PURE;

And the non-const get method for any HeaderEntry:

envoy/include/envoy/http/header_map.h

Line 502 in 48c7c20

virtual HeaderEntry* get(const LowerCaseString& key) PURE;

After removing these accessors and changing uses of them to favor other HeaderMap modifiers, we should remove refreshByteSize().

Detail

• Add functionality for modifying inline headers directly.
  • Port over any sets to inline header macros for setReference, setCopy and setInteger
• Add functionality for appending and adding Header values to inline headers.
  • Grepping for insert[A-Z] shows we have 8 references of insert##name left. 4 of these are for using appendToHeader. 2 are const, and 2 are to set GrpcTimeout with Common::toGrpcTimeout.
• Remove non-const inline header entry accessor: ##name() and insert##name()
• Remove non-const HeaderEntry* HeaderMapImpl::get(const LowerCaseString& key).
  • Grepping for get([^)] shows we have 2 non-const refs for get(const LowerCaseString& key):
    source/extensions/filters/http/lua/wrappers.cc:84
source/extensions/filters/http/ext_authz/ext_authz.cc:169
• Fuzz inline header methods
• Remove unnecessary inline header methods for integer types.
• Wrap up misc TODOs in header_map.h, i.e. string -> string_view conversions

[asraa]

I'm taking care of what I thought were some mechanical changes, but have a performance impact. I'd like to drive by some of the changes that this would require.

Part of the challenge is that these inline header methods allow direct access to an inline HeaderEntry, bypassing the need for a lookup in HeaderMap methods that take a LowerCaseString key. For example, one mechanical change was to switch from using a common pattern of:
headers.insertConnection().value().setReference(value);
to:
headers.setReference(Headers::get().Connection, value);

The former's HeaderMap::insert##name() method will grab the reference to the inline header, and directly modify the value. The latter has to perform the lookup to grab the inline HeaderEntry and then can proceed the same way.

This adds about 100ns in my benchmarks, but it's a constant time lookup. It would ideally be great to figure out a way to uniformly handle inline and non-inline headers through the HeaderMap API. Of course I could add inline header functions that directly reflect the HeaderMap API (like headers.setReferenceConnection(value)) but that would add many redundant methods.

Any ideas? Do you think this is too much of a performance hit?
@jmarantz @htuch @mattklein123

[jmarantz]

Can we add an API:

headers.insertConnection(value)

that would avoid exposing the non-const ref but still be O(1)?

I realize that such a change would involve hacking some non-trivial macros, but it seems feasible, no?

[mattklein123]

@asraa how many different cases are there that you need to cover? Per @jmarantz I'm wondering if we should just add the extra methods? It's all done by macro and everything mostly gets inlined so it doesn't seem that bad to me?

[asraa]

Yeah, that would be easiest. I would prefer to do it the macro way so long as it doesn't seem too messy. I would need to handle the cases of adding values that will or will not be copied (addReference/addReferenceKey), and similar for setReference/setReferenceKey.

[asraa]

OK I dug around a little bit and need to edit the comment above:
It would only require set methods. I'd add a set##name##Reference, set##name##Copy, and set##name##Integer.

All of the calls to add a header value to an inline header by comma concatenation go through the addReference API call, with the O(1) added lookup:

envoy/source/common/router/router.cc

Line 395 in 373af75

response_headers.addReferenceKey(Http::Headers::get().Location, new_path);

since there's no other way to do so. There are not many of these callsites. I can later on add these if we want the performance uptick, but I think for the initial goal I'll start with the sets.

[mattklein123]

@asraa SGTM