V1.29.0 tproxy fix #110
Open
V1.29.0 tproxy fix #110
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com>
Commit Message: add ecds support for composite filter Additional Description: Currrently ECDS does not support composite filter. This would help to use composite filter for use cases like WASM filters Risk Level: Low Testing: Updated Docs Changes: Updated Release Notes: Added Signed-off-by: Rama Chavali <[email protected]>
…xy#31311) Introducing an interface for GrpcStream to make it easier to test (as part of the work of xDS-Failover support envoyproxy#28099) Signed-off-by: Adi Suissa-Peleg <[email protected]>
Signed-off-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com>
Signed-off-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com>
Signed-off-by: Alyssa Wilk <[email protected]>
…roxy#31287) Prior to OpenSSL 1.1.0, the certificate depth limit in OpenSSL omitted the leaf but included the trust anchor. That is, if your chain was Leaf, Intermediate, Root, any depth limit of 2 or more allowed the certificate. OpenSSL 1.1.0 included d9b8b89bec4480de3a10bdaf9425db371c19145b, which was described as a cleanup change to X509_verify_cert. However, this change the semantics of the depth limit to omit *both* the leaf and trust anchor. So the example above was accepted also at depth limit 1. This is also why common.proto had a comment about different semantics between the libraries. BoringSSL originally forked a little before 1.0.2, so it had the older OpenSSL behavior. Now that the new behavior has been in OpenSSL upstream for a while, BoringSSL plans to match the new behavior in https://boringssl-review.googlesource.com/c/boringssl/+/64707/ This change makes Envoy compatible with BoringSSLs before and after that change. When BORINGSSL_API_VERSION is new enough, we adjust the value before passing it in, to preserve the original semantics. I'm assuming here that Envoy would prefer to maintain its existing semantics, rather than change the test expectation. I've also removed the comment about backend-specific behavior difference. Supposing Envoy prefers to maintain existing semantics, any OpenSSL port of Envoy should similarly adjust the value on OpenSSL 1.1.0 and up. Along the way, fix an overflow. maxVerifyDepth is a uint32_t, but the OpenSSL API takes an int. When we exceed INT_MAX, saturate the cast. Signed-off-by: David Benjamin <[email protected]>
…nvoyproxy#30818) Signed-off-by: Kuat Yessenov <[email protected]> Signed-off-by: Tony Allen <[email protected]> Co-authored-by: Kuat Yessenov <[email protected]>
…c957f0` in /ci (envoyproxy#31389) build(deps): bump distroless/base-nossl-debian12 in /ci Bumps distroless/base-nossl-debian12 from `8a0cabc` to `8c957f0`. --- updated-dependencies: - dependency-name: distroless/base-nossl-debian12 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…1385) Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3 to 4. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v3...v4) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v3...v4) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Ryan Northey <[email protected]>
envoyproxy#31390) Bumps mysql from `6057dec` to `ceb9891`. --- updated-dependencies: - dependency-name: mysql dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…hared/postgres (envoyproxy#31388) build(deps): bump postgres in /examples/shared/postgres Bumps postgres from `a2282ad` to `1f703fa`. --- updated-dependencies: - dependency-name: postgres dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…#31397) Signed-off-by: Ryan Northey <[email protected]>
…yproxy#31385)" This reverts commit ade6a2b. Signed-off-by: Ryan Northey <[email protected]>
…roxy#31386)" This reverts commit b435805. Signed-off-by: Ryan Northey <[email protected]>
…y#31364) As part of this change, a new test Runtime was added: TestScopedStaticReloadableFeaturesRuntime. It should be used in build environments, like Envoy Mobile, where the admin layer is not available (which is required by TestScopedRuntime). Signed-off-by: Ali Beyad <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
…envoyproxy#31384) --------- Signed-off-by: Yanjun Xiang <[email protected]>
…1417) Until envoyproxy#31416 is resolved. Signed-off-by: Ali Beyad <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
…ols/base (envoyproxy#31421) build(deps): bump envoy-dependency-check in /tools/base Bumps [envoy-dependency-check](https://github.com/envoyproxy/toolshed) from 0.1.11 to 0.1.12. - [Release notes](https://github.com/envoyproxy/toolshed/releases) - [Commits](envoyproxy/toolshed@0.1.11...0.1.12) --- updated-dependencies: - dependency-name: envoy-dependency-check dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
) Remove decommissioned (in v5.x) bazel attribute Signed-off-by: Yan Avlasov <[email protected]>
Commit Message: with this patch, it's able send `xds.node.id` or `xds.node.metadata[xxx]` with command `%(CEL(xds.node.id))%`, this's useful when send log with OpenTelemetry sink. Additional Description: tests and release notes will be added if this's right forward. Risk Level: Testing: Docs Changes: Release Notes: Platform Specific Features:
) * route: allow empty FilterConfig in the route configuration Signed-off-by: wbpcode <[email protected]> * change log Signed-off-by: wbpcode <[email protected]> * more detailed change log Signed-off-by: wbpcode <[email protected]> * fix test Signed-off-by: wbpcode <[email protected]> * minor update Signed-off-by: wbpcode <[email protected]> * Update changelogs/current.yaml Co-authored-by: Adi (Suissa) Peleg <[email protected]> Signed-off-by: code <[email protected]> * revert code change and update docs Signed-off-by: wbpcode <[email protected]> * docs update Signed-off-by: wbpcode <[email protected]> * Update docs/root/intro/arch_overview/http/http_filters.rst Co-authored-by: Adi (Suissa) Peleg <[email protected]> Signed-off-by: code <[email protected]> * Update docs/root/intro/arch_overview/http/http_filters.rst Co-authored-by: Adi (Suissa) Peleg <[email protected]> Signed-off-by: code <[email protected]> * Update docs/root/intro/arch_overview/http/http_filters.rst Co-authored-by: Adi (Suissa) Peleg <[email protected]> Signed-off-by: code <[email protected]> * minor update Signed-off-by: wbpcode <[email protected]> --------- Signed-off-by: wbpcode <[email protected]> Signed-off-by: code <[email protected]> Co-authored-by: Adi (Suissa) Peleg <[email protected]>
Signed-off-by: Ryan Northey <[email protected]> Co-authored-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com>
…red/golang (envoyproxy#31794) build(deps): bump golang in /examples/shared/golang Bumps golang from `688ad7f` to `cbee5d2`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…al_ratelimit with 1 update (envoyproxy#31795) build(deps): bump the examples-local-ratelimit group Bumps the examples-local-ratelimit group in /examples/local_ratelimit with 1 update: nginx. Updates `nginx` from `2bdc49f` to `88ba8be` --- updated-dependencies: - dependency-name: nginx dependency-type: direct:production dependency-group: examples-local-ratelimit ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…hared/postgres (envoyproxy#31796) build(deps): bump postgres in /examples/shared/postgres Bumps postgres from `b09f256` to `8877c95`. --- updated-dependencies: - dependency-name: postgres dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…` in /examples/shared/jaeger (envoyproxy#31765) build(deps): bump jaegertracing/all-in-one in /examples/shared/jaeger Bumps jaegertracing/all-in-one from `c7f7e94` to `50974de`. --- updated-dependencies: - dependency-name: jaegertracing/all-in-one dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…red/golang (envoyproxy#31769) build(deps): bump debian in /examples/shared/golang Bumps debian from `f80c454` to `f4a83aa`. --- updated-dependencies: - dependency-name: debian dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
* Add streaming POST support to h3_request tool this doesn't work if there's input delays, because aiortc/aioquic#449 but it also doesn't break anything right now and should work when the library works correctly. Signed-off-by: Raven Black <[email protected]>
…oxy#31811) It is no longer in use anywhere. Signed-off-by: Ali Beyad <[email protected]>
Signed-off-by: Matthieu MOREL <[email protected]>
Signed-off-by: Kuat Yessenov <[email protected]>
Adding a simple xds-Failover support that is essentially a no-op, just a pass-through to the underlying primary GrpcStream and the callbacks. Risk Level: low - not plumbed anywhere. Testing: Added unit test, and mock for GrpcStream. Docs Changes: N/A Release Notes: N/A Platform Specific Features: N/A Part of the work on envoyproxy#28099 Signed-off-by: Adi Suissa-Peleg <[email protected]>
…al_ratelimit with 1 update (envoyproxy#31822) build(deps): bump the examples-local-ratelimit group Bumps the examples-local-ratelimit group in /examples/local_ratelimit with 1 update: nginx. Updates `nginx` from `88ba8be` to `4c0fdaa` --- updated-dependencies: - dependency-name: nginx dependency-type: direct:production dependency-group: examples-local-ratelimit ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…d/node (envoyproxy#31823) build(deps): bump node in /examples/shared/node Bumps node from `17782cc` to `9df2170`. --- updated-dependencies: - dependency-name: node dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
envoyproxy#31825) Bumps redis from `88741d8` to `b5ddcd5`. --- updated-dependencies: - dependency-name: redis dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…xamples/zipkin (envoyproxy#31826) build(deps): bump openzipkin/zipkin in /examples/zipkin Bumps openzipkin/zipkin from `c138164` to `4fb7fa5`. --- updated-dependencies: - dependency-name: openzipkin/zipkin dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…` in /examples/shared/jaeger (envoyproxy#31827) build(deps): bump jaegertracing/all-in-one in /examples/shared/jaeger Bumps jaegertracing/all-in-one from `50974de` to `a8749c7`. --- updated-dependencies: - dependency-name: jaegertracing/all-in-one dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…hared/postgres (envoyproxy#31821) build(deps): bump postgres in /examples/shared/postgres Bumps postgres from `8877c95` to `49c276f`. --- updated-dependencies: - dependency-name: postgres dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1. I have checked that only these two flags are missing. 2. I put these two flags according to the order in envoy/stream_info/stream_info.h Signed-off-by: spacewander <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Yan Avlasov <[email protected]> Signed-off-by: phlax <[email protected]>
) Commit Message: http: abort filter chain after reset stream was called Additional Description: To close envoyproxy#26994. The envoyproxy#26994 is caused by that the filter chain still continue and try to send reply after the whole stream is closed. We should abort the filter chain to avoid any possible further logic after the stream is reset. Also see envoyproxy#30835 for more context. Risk Level: low. Testing: integration. Docs Changes: n/a. Release Notes: n/a. Platform Specific Features: n/a. Signed-off-by: wbpcode <[email protected]>
…` in /examples/shared/jaeger (envoyproxy#31833) build(deps): bump jaegertracing/all-in-one in /examples/shared/jaeger Bumps jaegertracing/all-in-one from `a8749c7` to `040857c`. --- updated-dependencies: - dependency-name: jaegertracing/all-in-one dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…1762) * Fix the wrong server response match for pg upstream tls Signed-off-by: Abdul Matin <[email protected]> * Update postgres_decoder_test.cc Signed-off-by: Abdul Matin <[email protected]> * Update postgres_decoder_test.cc Signed-off-by: Abdul Matin <[email protected]> * Update postgres_integration_test.cc Signed-off-by: Abdul Matin <[email protected]> --------- Signed-off-by: Abdul Matin <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Ryan Northey <[email protected]> Co-authored-by: htuch <[email protected]>
**Summary of changes**:
* Envoy Mobile can now be built without C++ exceptions using the `--define=envoy_exceptions=disabled` Bazel flag.
* Add the logical `OR` operation to value matchers.
* Add xDS support for Envoy Mobile Android (AAR) library.
* Add configurable HTTP status when a global rate limit service fails.
* Opentelemetry tracer: add support for environment resource detector.
* Added HTTP basic auth extension.
* Add support for ext_authz to send route metadata.
* Allow per route body buffering configuration in ext_authz.
* Datadog: honor extracted sampling decisions to avoid dropping samples.
* gRPC side streams: make idle connection timeout configurable.
* Support CEL expressions in ext_proc for extraction of request or response atributes.
* HTTP: clear hop by hop `Transfer-Encoding` header.
* Redis: Add support for the `WATCH` and `GETDEL` commands.
* Adds strict mode for stateful session filter, that rejects requests if destination host is not available.
* Internal redirects: support passing headers from response to request.
* Add implementation of the `drop_overload` Cluster API.
* HTTP/2: discard the `Host` header when `:authority` is present.
* grpc_http1_bridge: add `<ignore_query_params>` option.
* Access Log: Add `EMIT_TIME` command operator.
* ECDS now supports composite filter.
* Enable new oghttp2 codec for HTTP/2 connections.
**Docker images**:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.29.0
**Docs**:
https://www.envoyproxy.io/docs/envoy/v1.29.0/
**Release notes**:
https://www.envoyproxy.io/docs/envoy/v1.29.0/version_history/v1.29/v1.29.0
**Full changelog**:
envoyproxy/envoy@v1.28.0...v1.29.0
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Yan Avlasov <[email protected]>
|
|
- use localAddress if sock is transparent - 7b46bce7 - originally by @tomastigera more notes: .rc_ is now .return_value_ update addressProvider => connectionInfoProvider
electricjesus
force-pushed
the
v1.29.0-tproxy-fix
branch
from
375e14b
to
680a700
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Commit Message:
Additional Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Deprecated:]
[Optional API Considerations:]