Closed
Conversation
Signed-off-by: Fred Douglas <fredlas@google.com>
…voyproxy#5975) Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com>
…n & code layout (envoyproxy#6158) Signed-off-by: Michael Payne <michael@sooper.org>
Avoid stack overflows and bound actions to avoid OOM. Fixes oss-fuzz issues: - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13493 - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13494 Risk level: Low Testing: Corpus entry added. Signed-off-by: Harvey Tuch <htuch@google.com>
Description: Fixes merge race with envoyproxy#6049. Risk Level: Low Testing: Docs Changes: Release Notes: Signed-off-by: Lizan Zhou <lizan@tetrate.io>
This brings in buffer correctness fixes for libevent/libevent#774 and libevent/libevent#778. This will temporarily take us away from a released version until 2.1.9. Fixes oss-fuzz issue https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13400. Risk level: Low (since we're already at 2.1.9-beta, which is pretty near in history). Testing: regression unit tests added upstream in libevent, corpus entry added. Signed-off-by: Harvey Tuch <htuch@google.com>
Signed-off-by: Nicolas Flacco <nflacco@lyft.com>
…proxy#6152) Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
mpuncel
commented
Mar 5, 2019
include/envoy/http/filter.h
Outdated
Owner
Author
There was a problem hiding this comment.
removing, i'm not using this yet
snowp
reviewed
Mar 5, 2019
source/common/router/router.cc
Outdated
There was a problem hiding this comment.
Would this ever be null? are these reset anywhere else?
snowp
reviewed
Mar 5, 2019
source/common/router/router.cc
Outdated
There was a problem hiding this comment.
Do you populate this with nulls at some point? If not i would imagine you can just check that this is not empty?
…oyproxy#6170) As discovered back in envoyproxy#5867, we have some situations where we expect the codecs to reject embedded NULLs in header key/values. This PR improves codec_impl_fuzz_test by having it ignore such invalid values and also adds a bunch of ASSERTs to HeaderMapImpl to document/guard against any potential NULL creep, since its correctness is predicated on this. Fixes oss-fuzz issue https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13447. Risk level: Low Testing: Corpus entry added. Signed-off-by: Harvey Tuch <htuch@google.com>
Description: implement recvfrom(2) in os_sys_calls and use in udp_listener_impl Risk Level: Low - same functionality but different implementation Testing: bazel test //test/common/network:udp_listener_impl_test Docs Changes: N/A Release Notes: N/A Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>
Bump up max configurable max_request_headers_kb to 96 KiB. Add a check to http1/codec_impl.cc for headers size. Raise the default library limits in http_parser nghttp2 so we'll rely on our own codec check. Risk Level: Medium. Testing: Moved all the large request headers tests to ProtocolIntegrationTest. Part of envoyproxy#5626. Signed-off-by: Auni Ahsan <auni@google.com>
…roxy#6176) This is needed to enable Bazel native coverage (without, we don't get coverage files generated). Risk level: Low Testing: bazel coverage run inside CI image. Signed-off-by: Harvey Tuch <htuch@google.com>
…im-time are sorted out. (envoyproxy#6175) Signed-off-by: Joshua Marantz <jmarantz@google.com>
This provides genhtml, which is needed for Bazel native coverage report generation. Signed-off-by: Harvey Tuch <htuch@google.com>
Remove the last prebuilt dependencies and switches to foreign_cc with a slight wrapper script. Risk Level: Low Testing: CI Signed-off-by: Lizan Zhou <lizan@tetrate.io>
In order to compile envoy for iOS we need this commit protocolbuffers/protobuf@0894e07 from protobuf. This also includes the previous commits that required us to use a non-release version. Signed-off-by: Keith Smiley <keithbsmiley@gmail.com>
…database, bazelbuild/bazel-skylib, gogo/protobuf (envoyproxy#6183) Signed-off-by: Michael Payne <michael@sooper.org>
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
Follow up of envoyproxy#6168. Risk Level: Low Signed-off-by: Lizan Zhou <lizan@tetrate.io>
Signed-off-by: Lizan Zhou <lizan@tetrate.io>
…voyproxy#6174) Description: Add quic_thread_impl.h to QUICHE platform implementation. QuicThreadImpl is implemented on top of Envoy::Thread. It is used by some tests and utility programs in QUICHE, but not in core QUICHE code. Risk Level: minimal: code not used yet Testing: bazel test test/extensions/quic_listeners/quiche/platform:quic_platform_test --test_output=all --define quiche=enabled --experimental_remap_main_repo bazel test test/extensions/quic_listeners/quiche/platform:quic_platform_test --test_output=all --define quiche=enabled --experimental_remap_main_repo -c opt Docs Changes: none Release Notes: none Signed-off-by: Bin Wu <wub@google.com>
Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>
…lang/protobuf (envoyproxy#6192) Signed-off-by: Michael Payne <michael@sooper.org>
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
…roxy#6146) Signed-off-by: Bin Wu <wub@google.com>
Description: Running make directly in LuaJIT source will break sandbox as the source directly is not writable. Copy it into current directly (which is tmpdir) to write into writable path. Risk Level: Low Testing: locally Docs Changes: Release Notes: Fixes envoyproxy#6188. Signed-off-by: Lizan Zhou <lizan@tetrate.io>
Update to rules_go 0.17.1 (release notes). Risk Level: Low Testing: bazel test //test/..., bazel build @envoy_api//envoy/... and local usage testing Signed-off-by: Michael Payne <michael@sooper.org>
Signed-off-by: Lizan Zhou <lizan@tetrate.io>
Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com>
Description: Code for Envoy to speak delta CDS with a management server. DELTA_GRPC added to config_source.proto's ApiTypes, to allow bootstrap configs to ask for incremental xDS. Part of envoyproxy#4991. Was envoyproxy#5466; giving up on broken DCO craziness. Risk Level: medium Testing: new integration test Signed-off-by: Fred Douglas <fredlas@google.com>
…nvoyproxy#6058) Add quic_test_output_impl.(h|cc) to QUICHE platform implementation. If environment variable "QUIC_TEST_OUTPUT_DIR" is set, tests using the QuicRecordTestOutput() function can save test output files to the $QUIC_TEST_OUTPUT_DIR directory. Risk Level: minimal: code not used yet Testing: [No test output:] bazel test test/extensions/quic_listeners/quiche/platform:quic_platform_test --test_output=all --define quiche=enabled --experimental_remap_main_repo [Test output saved to /tmp:] bazel test test/extensions/quic_listeners/quiche/platform:quic_platform_test --test_output=all --define quiche=enabled --experimental_remap_main_repo --action_env=QUIC_TEST_OUTPUT_DIR=/tmp Docs Changes: none Release Notes: none Signed-off-by: Bin Wu <wub@google.com>
…6200) This is needed to unblock envoyproxy#6196 while libevent/libevent#741 (and consequently envoyproxy#6083) go unresolved. It's not particularly wonderful, but it will allow us to make progress independent of the libevent work. Risk level: Low Testing: TSAN runs with envoyproxy#6196. Signed-off-by: Harvey Tuch <htuch@google.com>
This otherwise conflicts with bazel's BUILD file naming so doing a `bazel query` on this directory would result in an error. Risk Level: Low Signed-off-by: Keith Smiley <keithbsmiley@gmail.com>
Signed-off-by: Henry Yang <hyang@lyft.com>
…#6177) Signed-off-by: Nicolas Flacco <nflacco@lyft.com>
Previously onUpstreamReset handled 3 separate cases: per try timeout, global timeout, and a stream reset by the upstream. In anticipation of adding a new case for envoyproxy#5841, it might make things cleaner to pull it out. This commit extracts the functionality of the old onUpstreamReset into separate methods, and then has onPerTryTimeout, onGlobalTimeout, and onUpstreamReset call the helper functions with the the appropriate arguments. Signed-off-by: Michael Puncel <mpuncel@squareup.com>
Signed-off-by: Michael Puncel <mpuncel@squareup.com>
Signed-off-by: Michael Puncel <mpuncel@squareup.com>
Signed-off-by: Michael Puncel <mpuncel@squareup.com>
Signed-off-by: Michael Puncel <mpuncel@squareup.com>
Signed-off-by: Michael Puncel <mpuncel@squareup.com>
Implements the hedge_on_per_try_timeout option in HedgePolicy config which instructs the router filter to not cancel requests that hit the per try timeout before sending a retry. This means the router must be able to manage multiple simultaneous upstream requests and handle deciding which response "wins" and canceling any other in flight requests. Finishes envoyproxy#5841.
3da23a9 to
374094a
Compare
mpuncel
pushed a commit
that referenced
this pull request
Apr 8, 2019
Provide the HTTP path normalization per RFC 3986 (sans case normalization). This addresses CVE-2019-9901. The config HttpConnectionManager.normalize_path needs to be set for each HCM configuration to enable (default is off). There is also a runtime optione http_connection_manager.normalize_path to change this default when not set in HCM. Risk level: Low Testing: New unit and integration tests added. Signed-off-by: Yuchen Dai <silentdai@gmail.com> Signed-off-by: Harvey Tuch <htuch@google.com>
mpuncel
added a commit
that referenced
this pull request
Apr 8, 2019
* master: (137 commits) test: router upstream log to v2 config stubs (envoyproxy#6499) remove idle timeout validation (envoyproxy#6500) build: Change namespace of chromium_url. (envoyproxy#6506) coverage: exclude chromium_url (envoyproxy#6498) fix(tracing): allow 256 chars in path tag (envoyproxy#6492) Common: Introduce StopAllIteration filter status for decoding and encoding filters (envoyproxy#5954) build: update PGV url (envoyproxy#6495) subset lb: avoid partitioning host lists on worker threads (envoyproxy#6302) ci: Make envoy_select_quiche no-op. (envoyproxy#6393) watcher: notify when watched files are modified (envoyproxy#6215) stat: Add counterFromStatName(), gaugeFromStatName(), and histogramFromStatName() (envoyproxy#6475) bump to 1.11.0-dev (envoyproxy#6490) release: bump to 1.10.0 (envoyproxy#6489) hcm: path normalization. (#1) build: import manually minified Chrome URL lib. (envoyproxy#3) codec: reject embedded NUL in headers. (envoyproxy#2) Added veryfication if path contains query params and add them to path header (envoyproxy#6466) redis: basic integration test for redis_proxy (envoyproxy#6450) stats: report sample count as an integer to prevent loss of precision (envoyproxy#6274) Added VHDS protobuf message and updated RouteConfig to include it. (envoyproxy#6418) ... Signed-off-by: Michael Puncel <mpuncel@squareup.com>
mpuncel
pushed a commit
that referenced
this pull request
Aug 8, 2022
Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
15 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
For an explanation of how to fill out the fields, please see the relevant section
in PULL_REQUESTS.md
Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
[Optional Fixes #Issue]
[Optional Deprecated:]