Skip to content

forward proxy: ip host headers#7565

Merged
mattklein123 merged 15 commits intomasterfrom
ip_host_headers
Jul 22, 2019
Merged

forward proxy: ip host headers#7565
mattklein123 merged 15 commits intomasterfrom
ip_host_headers

Conversation

@mattklein123
Copy link
Copy Markdown
Member

@mattklein123 mattklein123 commented Jul 12, 2019

Support IP addresses in host headers.

This completes the MVP of dynamic forward proxy.

Fixes #1606

Risk Level: Low
Testing: Unit and integration tests
Docs Changes: N/A
Release Notes: N/A

@mattklein123
forward proxy: ip host headers
56d6ee2 
Support IP addresses in host headers.

This completes the MVP of dynamic forward proxy.

Fixes #1606

Signed-off-by: Matt Klein <mklein@lyft.com>
@mattklein123 mattklein123 requested a review from alyssawilk as a code owner July 12, 2019 22:53
@mattklein123
Copy link
Copy Markdown
Member Author

mattklein123 commented Jul 12, 2019

@lizan @PiotrSikora PTAL I'm sure I got something wrong here either on the TLS or spec side. cc @alyssawilk

alyssawilk
alyssawilk reviewed Jul 15, 2019
View reviewed changes
Copy link
Copy Markdown
Contributor

@alyssawilk alyssawilk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! (modulo defering TLS magic to TLS folks =P)

@mattklein123
Merge remote-tracking branch 'origin/master' into ip_host_headers
698a924 
Signed-off-by: Matt Klein <mklein@lyft.com>
PiotrSikora
PiotrSikora reviewed Jul 15, 2019
View reviewed changes
@mattklein123
Merge remote-tracking branch 'origin/master' into ip_host_headers
7da7546 
Signed-off-by: Matt Klein <mklein@lyft.com>
@mattklein123
Merge remote-tracking branch 'origin/master' into ip_host_headers
a2d50fc 
Signed-off-by: Matt Klein <mklein@lyft.com>
@mattklein123
comment
c581b8b 
Signed-off-by: Matt Klein <mklein@lyft.com>
@mattklein123
Merge remote-tracking branch 'origin/master' into ip_host_headers
8581f66 
Signed-off-by: Matt Klein <mklein@lyft.com>
@mattklein123
fix
f35e9aa 
Signed-off-by: Matt Klein <mklein@lyft.com>
@mattklein123
Copy link
Copy Markdown
Member Author

mattklein123 commented Jul 16, 2019

@alyssawilk @lizan @PiotrSikora updated per comments.

@mattklein123
Merge remote-tracking branch 'origin/master' into ip_host_headers
143b7f9 
Signed-off-by: Matt Klein <mklein@lyft.com>
alyssawilk
alyssawilk previously approved these changes Jul 17, 2019
View reviewed changes
lizan
lizan previously approved these changes Jul 17, 2019
View reviewed changes
Copy link
Copy Markdown
Member

@lizan lizan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you merge master to pick #7608?

PiotrSikora
PiotrSikora reviewed Jul 17, 2019
View reviewed changes
Copy link
Copy Markdown
Contributor

@PiotrSikora PiotrSikora left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, I was sure that I saw it before, but I cannot find it now... Could you add a test that verifies that using IP address in "verify_subject_alt_name" works against peer with "upstreamlocalhostcert.pem"?

@mattklein123
Copy link
Copy Markdown
Member Author

mattklein123 commented Jul 18, 2019

Hmm, I was sure that I saw it before, but I cannot find it now... Could you add a test that verifies that using IP address in "verify_subject_alt_name" works against peer with "upstreamlocalhostcert.pem"?

Will do.

@mattklein123
Merge remote-tracking branch 'origin/master' into ip_host_headers
a4255d3 
Signed-off-by: Matt Klein <mklein@lyft.com>
@mattklein123
comment
da94cde 
Signed-off-by: Matt Klein <mklein@lyft.com>
@mattklein123 mattklein123 dismissed stale reviews from lizan and alyssawilk via da94cde July 19, 2019 04:10
@mattklein123
Merge remote-tracking branch 'origin/master' into ip_host_headers
3e45358 
Signed-off-by: Matt Klein <mklein@lyft.com>
@mattklein123
Copy link
Copy Markdown
Member Author

mattklein123 commented Jul 19, 2019

@PiotrSikora updated with the test you asked for.

lizan
lizan reviewed Jul 19, 2019
View reviewed changes
lizan
lizan reviewed Jul 19, 2019
View reviewed changes
lizan
lizan reviewed Jul 19, 2019
View reviewed changes
@mattklein123
Merge remote-tracking branch 'origin/master' into ip_host_headers
23e77da 
Signed-off-by: Matt Klein <mklein@lyft.com>
@mattklein123
comments
f8c9f31 
Signed-off-by: Matt Klein <mklein@lyft.com>
@mattklein123
Copy link
Copy Markdown
Member Author

mattklein123 commented Jul 20, 2019

/retest

@repokitteh-read-only
Copy link
Copy Markdown

repokitteh-read-only bot commented Jul 20, 2019

🔨 rebuilding ci/circleci: coverage (failed build)

🐱

Caused by: a #7565 (comment) was created by @mattklein123.

see: more, trace.

PiotrSikora
PiotrSikora previously approved these changes Jul 21, 2019
View reviewed changes
Copy link
Copy Markdown
Contributor

@PiotrSikora PiotrSikora left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, sans the explicit IPv4 and IPv6 tests.

@mattklein123
comment
27dbe14 
Signed-off-by: Matt Klein <mklein@lyft.com>
@mattklein123
Copy link
Copy Markdown
Member Author

mattklein123 commented Jul 21, 2019

@PiotrSikora @lizan I pushed an update per your comments, but I'm seeing what I think is a persistent flake in coverage which I don't think is due to my changes:

[ RUN      ] IpVersions/SslReadBufferLimitTest.SomeLimit/IPv4
test/extensions/transport_sockets/tls/ssl_socket_test.cc:3854: Failure
Expected: (expected_chunk_size) >= (data.length()), actual: 32768 vs 65440
test/extensions/transport_sockets/tls/ssl_socket_test.cc:3854: Failure
Expected: (expected_chunk_size) >= (data.length()), actual: 32768 vs 65440
test/extensions/transport_sockets/tls/ssl_socket_test.cc:3854: Failure
Expected: (expected_chunk_size) >= (data.length()), actual: 32768 vs 65440
test/extensions/transport_sockets/tls/ssl_socket_test.cc:3854: Failure
Expected: (expected_chunk_size) >= (data.length()), actual: 32768 vs 65440
[  FAILED  ] IpVersions/SslReadBufferLimitTest.SomeLimit/IPv4, where GetParam() = 4-byte object <00-00 00-00> (28 ms)

I will take a look tonight or tomorrow but LMK if you have any thoughts. I'm assuming it's somehow due to the sharding we now have.

PiotrSikora
PiotrSikora previously approved these changes Jul 21, 2019
View reviewed changes
@mattklein123
comment
c6b8704 
Signed-off-by: Matt Klein <mklein@lyft.com>
@PiotrSikora
Copy link
Copy Markdown
Contributor

PiotrSikora commented Jul 21, 2019

I don't see anything in the code that should break that test.

@mattklein123 mattklein123 merged commit 81654d1 into master Jul 22, 2019
@mattklein123 mattklein123 deleted the ip_host_headers branch July 22, 2019 02:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

3 more reviewers

@PiotrSikora PiotrSikora PiotrSikora approved these changes

@lizan lizan lizan approved these changes

@alyssawilk alyssawilk alyssawilk left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@PiotrSikora PiotrSikora

@lizan lizan

@alyssawilk alyssawilk

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support generic outbound proxy

4 participants

@mattklein123 @PiotrSikora @lizan @alyssawilk