Skip to content

grpc: Add support for max frame length in gPRC frame decoding#32511

Merged
yanavlasov merged 9 commits intoenvoyproxy:mainfrom
tyxia:grpc_codec
Mar 6, 2024
Merged

grpc: Add support for max frame length in gPRC frame decoding#32511
yanavlasov merged 9 commits intoenvoyproxy:mainfrom
tyxia:grpc_codec

Conversation

@tyxia
Copy link
Copy Markdown
Member

@tyxia tyxia commented Feb 22, 2024
edited
Loading

The workflow:

  • Client of gRPC decoder configure the max_frame_length via setMaxFrameLength()
  • If max_frame_length is configured and total length exceeds the limit, the future decoding process will be skipped and returned

The use case/ motivation: Enable max_receive_message_length in Envoy-gRPC (which use gRPC decoder) .

  • When the message is over limit, it can be rejected before frame data is fully decoded (i.e. expanded).
  • This can prevent malicious attack , for example, unbounded and huge message is sent over channel and is injected and buffered in Envoy over Envoy-gRPC.

Next step:

  • Refactor bool Decoder::decode method: Change the return type from bool to absl:status so that the caller can identify whether it is decoding error or over-limit error.

@tyxia
grpc: Add support for max frame length in gPRC frame decoding
c941c7f 
Signed-off-by: tyxia <tyxia@google.com>
@repokitteh-read-only
Copy link
Copy Markdown

repokitteh-read-only bot commented Feb 22, 2024

As a reminder, PRs marked as draft will not be automatically assigned reviewers,
or be handled by maintainer-oncall triage.

Please mark your PR as ready when you want it to be reviewed!

🐱

Caused by: #32511 was opened by tyxia.

see: more, trace.

tyxia added 3 commits February 22, 2024 03:34
@tyxia
add test
533aa90 
Signed-off-by: tyxia <tyxia@google.com>
@tyxia
remove blank line
e4f0381 
Signed-off-by: tyxia <tyxia@google.com>
@tyxia
tweak
fa10c72 
Signed-off-by: tyxia <tyxia@google.com>
@tyxia tyxia marked this pull request as ready for review February 22, 2024 17:54
@tyxia
Copy link
Copy Markdown
Member Author

tyxia commented Feb 22, 2024

/assign @htuch

PTAL, Thanks!

@tyxia
Copy link
Copy Markdown
Member Author

tyxia commented Feb 28, 2024

/assign @yanavlasov

Add Yan per offline discussion

htuch
htuch reviewed Mar 1, 2024
View reviewed changes
htuch
htuch reviewed Mar 1, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@htuch htuch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

tyxia added 5 commits March 1, 2024 19:51
@tyxia
add a new test
26f2ade 
Signed-off-by: tyxia <tyxia@google.com>
@tyxia
update
c27c51f 
Signed-off-by: tyxia <tyxia@google.com>
@tyxia
test
fe130af 
Signed-off-by: tyxia <tyxia@google.com>
@tyxia
test
eb8694c 
Signed-off-by: tyxia <tyxia@google.com>
@tyxia
test
1723bff 
Signed-off-by: tyxia <tyxia@google.com>
yanavlasov
yanavlasov reviewed Mar 4, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@yanavlasov yanavlasov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/wait-any

@tyxia tyxia requested review from htuch and yanavlasov March 5, 2024 17:09
@yanavlasov yanavlasov merged commit 4fa98b2 into envoyproxy:main Mar 6, 2024
This was referenced Mar 6, 2024
Merged
Merged
@tyxia tyxia deleted the grpc_codec branch March 6, 2024 16:44
mattjo added a commit to mattjo/envoy that referenced this pull request Mar 6, 2024
@mattjo
Merge remote-tracking branch 'origin' into sub_check
a12c531 
* origin: (34 commits)
  update CODEOWNER (envoyproxy#32457)
  Delete unused runtime flag. (envoyproxy#32739)
  mobile: Use direct ByteBuffer to pass data between C++ and Java (envoyproxy#32715)
  quic: support cert selection by SNI, non-PEM formats (envoyproxy#32260)
  mobile: Replace std::thread with Envoy::Thread::PosixThread (envoyproxy#32610)
  grpc: Add support for max frame length in gPRC frame decoding (envoyproxy#32511)
  build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (envoyproxy#32728)
  build(deps): bump the examples-golang-network group in /examples/golang-network/simple with 1 update (envoyproxy#32732)
  build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /contrib/golang/filters/http/test/test_data/property (envoyproxy#32731)
  build(deps): bump otel/opentelemetry-collector from `246dfe9` to `71ac13c` in /examples/opentelemetry (envoyproxy#32730)
  build(deps): bump the examples-grpc-bridge group in /examples/grpc-bridge/server with 2 updates (envoyproxy#32720)
  build(deps): bump the contrib-golang group in /contrib/golang/router/cluster_specifier/test/test_data/simple with 1 update (envoyproxy#32721)
  build(deps): bump the contrib-golang group in /contrib/golang/filters/http/test/test_data/echo with 1 update (envoyproxy#32722)
  build(deps): bump the examples-ext-authz group in /examples/ext_authz/auth/grpc-service with 1 update (envoyproxy#32723)
  build(deps): bump the contrib-golang group in /contrib/golang/filters/http/test/test_data/routeconfig with 1 update (envoyproxy#32724)
  build(deps): bump the examples-load-reporting group in /examples/load-reporting-service with 1 update (envoyproxy#32726)
  build(deps): bump the contrib-golang group in /contrib/golang/filters/http/test/test_data/buffer with 1 update (envoyproxy#32727)
  build(deps): bump the examples-golang-http group in /examples/golang-http/simple with 1 update (envoyproxy#32729)
  opentelemetrytracer: Add User-Agent header to OTLP trace exporters (envoyproxy#32659)
  build: remove incorrect cc_library after tls code move (envoyproxy#32714)
  ...
htuch pushed a commit that referenced this pull request Mar 29, 2024
@tyxia
grpc: Refactor decode method (#32676)
77458ea 
This PR is to improve the error status/code

In PR #32511, we introduce a max_frame_length feature (optional) . Now gRPC frame decoding can fail EITHER (1) due to decoding error OR (2) due to over-frame-limit error.

To better surface the error message, this PR refactor return type from bool to absl::status , so that the caller site can differentiate the error status. source/common/grpc/async_client_impl.cc in this PR can be an user example

Risk level: Low
Testing: Unit tests

Signed-off-by: tyxia <tyxia@google.com>
alyssawilk pushed a commit to alyssawilk/envoy that referenced this pull request Apr 29, 2024
@tyxia @alyssawilk
grpc: Refactor decode method (envoyproxy#32676)
f2c6dfc 
This PR is to improve the error status/code

In PR envoyproxy#32511, we introduce a max_frame_length feature (optional) . Now gRPC frame decoding can fail EITHER (1) due to decoding error OR (2) due to over-frame-limit error.

To better surface the error message, this PR refactor return type from bool to absl::status , so that the caller site can differentiate the error status. source/common/grpc/async_client_impl.cc in this PR can be an user example

Risk level: Low
Testing: Unit tests

Signed-off-by: tyxia <tyxia@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yanavlasov yanavlasov yanavlasov approved these changes

@htuch htuch Awaiting requested review from htuch

Assignees

@yanavlasov yanavlasov

@htuch htuch

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tyxia @yanavlasov @htuch