mobile: Filter reserved IP address ranges in IPv6 probing#40345
mobile: Filter reserved IP address ranges in IPv6 probing#40345abeyad merged 3 commits intoenvoyproxy:mainfrom
Conversation
IPv6 probing will now filter out: * Link-local IP addresses * Site-local IPv6 addresses * Unique Local IPv6 addresses * Teredo addresses This is the same as Chromium's logic for IPv6 connectivity probing: https://source.chromium.org/chromium/chromium/src/+/main:net/dns/host_resolver_manager.cc;l=1572-1581;drc=d0260a368e65b2be56d179d21fab90976fd494b8. Though it doesn't seem like Chromium filters out site-local addresses, local testing has shown that the IPv6 probe socket will successfully connect but the local address will be site-local on non-IPv6 networks/machines. Signed-off-by: Ali Beyad <abeyad@google.com>
|
/assign-from @envoyproxy/senior-maintainers |
|
@envoyproxy/senior-maintainers assignee is @RyanTheOptimist |
|
/assign @adisuissa since Ryan is OOO |
adisuissa
left a comment
There was a problem hiding this comment.
OVerall LGTM!
2 questions:
- should there be tests to cover the different error cases?
- as this is mobile-only change, does this need to wait until the new Envoy release is cut?
Thanks for the review Adi!
Unfortunately, this class doesn't have unit tests, and it's a bit challenging to mock. We figured we'd try this out in an experimental arm in YouTube and see if it improves IPv6 probing.
I don't think it needs to wait, since it shouldn't effect any other users other than Google internally with Envoy Mobile. Would you feel more comfortable with waiting? |
That's up to you as an Envoy-Mobile maintainer. I'm not sure what the latest release process is for Envoy-mobile. |
Yes, we haven't been cutting Envoy Mobile releases in a long time, so I think it's safe to merge now, thanks again! |
…40802) Adds two runtime guards to experiment with filtering reserved IP ranges in the IPv6 probing check that were introduced in #40345: 1. `envoy_reloadable_features_mobile_ipv6_probe_simple_filtering` 2. `envoy_reloadable_features_mobile_ipv6_probe_advanced_filtering` Signed-off-by: Ali Beyad <abeyad@google.com>
…nvoyproxy#40802) Adds two runtime guards to experiment with filtering reserved IP ranges in the IPv6 probing check that were introduced in envoyproxy#40345: 1. `envoy_reloadable_features_mobile_ipv6_probe_simple_filtering` 2. `envoy_reloadable_features_mobile_ipv6_probe_advanced_filtering` Signed-off-by: Ali Beyad <abeyad@google.com> Signed-off-by: Melissa Ginaldi <mginaldi@google.com>
…nvoyproxy#40802) Adds two runtime guards to experiment with filtering reserved IP ranges in the IPv6 probing check that were introduced in envoyproxy#40345: 1. `envoy_reloadable_features_mobile_ipv6_probe_simple_filtering` 2. `envoy_reloadable_features_mobile_ipv6_probe_advanced_filtering` Signed-off-by: Ali Beyad <abeyad@google.com> Signed-off-by: Melissa Ginaldi <mginaldi@google.com>
…nvoyproxy#40802) Adds two runtime guards to experiment with filtering reserved IP ranges in the IPv6 probing check that were introduced in envoyproxy#40345: 1. `envoy_reloadable_features_mobile_ipv6_probe_simple_filtering` 2. `envoy_reloadable_features_mobile_ipv6_probe_advanced_filtering` Signed-off-by: Ali Beyad <abeyad@google.com>
IPv6 probing will now filter out:
This is the same as Chromium's logic for IPv6 connectivity probing: https://source.chromium.org/chromium/chromium/src/+/main:net/dns/host_resolver_manager.cc;l=1572-1581;drc=d0260a368e65b2be56d179d21fab90976fd494b8.
Though it doesn't seem like Chromium filters out site-local addresses, local testing has shown that the IPv6 probe socket will successfully connect but the local address will be site-local on non-IPv6 networks/machines.