sync from master. #3
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1. Adds localhost to the upstreamcert.cfg 2. Makes fake_upstream TcpListenerSocket connect to the localhost instead of any address. 3. GRPC tests are no longer failing on windows. Risk Level: Low Testing: N/A Signed-off-by: Sotiris Nanopoulos <sonanopo@microsoft.com>
This implements a host_rewrite_path option for rewriting the Host header based on path. See rational in the linked issue. Note: the regex is executed on the path with query/fragment stripped. This is analogues to what regex_rewrite option is doing. Risk Level: Low Testing: added unit tests Docs Changes: document the new option in proto file Release Notes: added to current.rst Fixes #12430 Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
This is the first step in implementing OCSP stapling as described [here](https://docs.google.com/document/d/14Ji0Vq7Xbe9LXM6IsWQo8mgEnOB8Bo6TH75sSmFbCEE/edit#heading=h.v4mph477rsju), adding the capability on top of BoringSSL to parse and validate DER-encoded OCSP responses. It extracts enough to determine the revocation status of a single SSL certificate and the window of time for which the OCSP response can be considered valid. OCSP extensions are not currently processed. Signed-off-by: Daniel Goldstein <danielgold95@gmail.com>
…include/ and source/common/] (#12502) This is a part of efforts to get rid of all the exception throwing semantics in envoy header files, as discussed here #12469. This PR deals with all instances that throw plain envoy exceptions in the described sub modules. Signed-off-by: Yifan Yang <needyyang@google.com>
Signed-off-by: Lizan Zhou <lizan@tetrate.io>
Clarify that resource instance version can be reused across stream restarts. Also a few other small fixes and improvements. Risk Level: Low Testing: N/A Docs Changes: Included in PR Release Notes: N/A Signed-off-by: Mark D. Roth <roth@google.com>
Commit Message: The bazel.output.txt file is created by bazel build but it is not a part of source code. It is better to be ignored. Signed-off-by: DongRyeol Cha dr83.cha@samsung.com Additional Description: None Risk Level: Low Testing: git status Docs Changes: None Release Notes: None Signed-off-by: DongRyeol Cha <dr83.cha@samsung.com>
* the EXPECT_EQ / EXPECT_TRUE calls cause errors to be logged but the fuzzer does not crash, meaning discrepancies do not show up on oss-fuzz * removed the updateRoute() function from the verifier since it is redundant Signed-off-by: Sam Flattery <samflattery@google.com>
Change the Overload Manager API to extend the overload action state with non-binary values. This will allow future overload actions to take effect in response to increasing load, instead of to the existing inactive/active binary values. This PR also adds a range field to the overload trigger config, though no actions currently trigger on the 'scaling' state. The existing behavior is preserved by replacing all places where OverloadActionState::Active was being used with OverloadActionState::saturated(). This is a minimal re-hashing of #11697 for ##11427. Risk Level: medium Testing: ran unit and integration tests Docs Changes: none Release Notes: add "scaling" trigger for OverloadManager actions Signed-off-by: Alex Konradi <akonradi@google.com>
Signed-off-by: Dmitri Dolguikh <ddolguik@redhat.com>
IoHandle specific, implicitly, socket interface specific, implementations of listen and accept are now used to accept new IoHandles, instead of the os specific sycalls libevent leverages internally for listeners. Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Lizan Zhou <lizan@tetrate.io>
Adds PlatformDefaultTriggerType which is used to create file events. The main motivation for using this is the following: 1) Easier to swap out between FileTriggerType. This is useful for UNIX devs to debug issues that might affect Windows. 2) Removes various #ifdefs around the codebase. With this change, proxy_protocol_test now passes on Windows. Signed-off-by: Sotiris Nanopoulos <sonanopo@microsoft.com>
… tree to a separate header file (#12576) Refactored registration of inline headers in the CacheFilter tree to a separate header file. Signed-off-by: Yosry Ahmed <yosryahmed@google.com>
Signed-off-by: Florin Coras <fcoras@cisco.com>
Un-Reverts 048583b, with fix for high cpu consumption. This PR implements fault injection for Redis; specifically delay and error faults (which themselves can have delays added). I chose not to implement a separate filter after discussing with Henry; we concluded that the faults we felt were useful didn't need many levels- just a delay on top of the original fault, if any. In addition, as the Redis protocol doesn't support headers that makes it a bit different again from Envoy's http fault injection. This PR fixes the issue previously seen with redis fault injection where excessive cpu was used on connection creation. Faults record metrics on the original request- and the delay fault adds extra latency which is included in the command latency for that request. Also, faults can apply only to certain commands. Future work: Add several other faults, including cache misses and connection failures. Signed-off-by: FAYiEKcbD0XFqF2QK2E4viAHg8rMm2VbjYKdjTg <nflacco@lyft.com>
Added an node field to csds request to identify the CSDS client to the CSDS server, and removed the [#not-implemented-hide:] for the endpoint_config since it has been implemented in #11577 Risk Level: Low Testing: N/A Docs Changes: N/A Release Notes: N/A Signed-off-by: Yutong Li <yutongli@google.com>
Signed-off-by: Sotiris Nanopoulos <sonanopo@microsoft.com>
Signed-off-by: Kevin Baichoo <kbaichoo@google.com> Commit Message: Updated the extending envoy documentation to include a missing extension point. Additional Description: See PR #12416 for additional context of this. Risk Level: low Testing: built the documents to ensure they generate correctly. Docs Changes: Release Notes:
Commit Message: This is a regression of 887637c that should be retained. This patch re-add it into the gitignore file. Additional Description: None Risk Level: Low Testing: git status Docs Changes: None Release Notes: None Signed-off-by: DongRyeol Cha <dr83.cha@samsung.com>
Commit Message: reverts visibility of the statd sink to public. Risk Level: low Testing: local build, CI Signed-off-by: Jose Nino <jnino@lyft.com>
This new header formatter acts in the opposite direction of the header-to-metadata filter. That is, it allows setting a header from what's available in a request's metadata. We need this to populate some request headers based on what was previously extracted and transformed via the header-to-metadata filter. Risk Level: low Testing: unit test Docs Changes: yes Release Notes: added Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>
Establish an extension point for actions to run based on Watch Dog Events. Signed-off-by: Kevin Baichoo <kbaichoo@google.com>
…nt numerator > denominator (#12068) Signed-off-by: Konstantin Belyalov <arsenicus@mail.ru>
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: jianwen <jianwendong@google.com>
This PR implements a new retry back off strategy that uses values from response headers like Retry-After or X-RateLimit-Reset (the headers are configurable) to decide the back off interval before retrying a request. Signed-off-by: Martin Matusiak <numerodix@gmail.com>
…the rest] (#12611) getting rid of exception-throwing behaviors in header files Signed-off-by: Yifan Yang <needyyang@google.com>
This change makes possible (and simpler) a later change in which we allow users to modify the behavior of the handshaker (i.e. to add new branches for handing SSL_ERRORs) by using an extension point. Signed-off-by: James Buckland <jbuckland@google.com>
* Refactored health_checker_impl_test for use in fuzzing Signed-off-by: Zach <zasweq@google.com>
Signed-off-by: Bill Gallagher <bgallagher@lyft.com>
Sometimes there's error flow control in the hot path that deserves logging, but plain logging there risks generating a large amount of log spam. It would be great to have a low-barrier and easy-to-consume way to emit a single or bounded number of log lines in these cases. This proposes a means to emit a single log line in those cases. Cross referencing Nighthawk issue to prompted this: envoyproxy/nighthawk#484 Signed-off-by: Otto van der Schaaf <oschaaf@we-amp.com>
Add shellcheck to ci and fix some scripts that fail linting This PR adds the framework for running shellcheck in ci Im not sure if where i have hooked it in is the best place, apart from anything shellcheck does not give very reliable fixes - so it does not provide a patch to remedy as other code formatting ci does. I have fixed some of the low-hanging fruit, but figured that it would probably be a good idea to fix other parts in separate PRs as they touch other parts of the code base Additional Description: Risk Level: low/medium Partial fix for #7793 Signed-off-by: Ryan Northey <ryan@synca.io>
This removes unused FilterRequestType enum. Risk Level: N/A Testing: bazel test //test/extensions/filters/http/ext_authz/... , //test/extensions/filters/common/... Docs Changes: N/A Release Notes: N/A Signed-off-by: Martin Matusiak <numerodix@gmail.com>
* grammar fix * small style fix splitting sentence up Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>
Signed-off-by: wbpcode <comems@msn.com>
emit logs in case listener filter reject or timeout incoming connections. Moved the stream info ownership to the active TCP socket. There are three cases that have to be handled separately: ownership transfer to TCP connection (how it works today), deferred deletion of TCP socket (via unlinking), direct deletion of TCP socket Fixes: #12809 Signed-off-by: Kuat Yessenov <kuat@google.com>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
…2870) Currently, the maglev hash algorithm default to table size to 65537. It is the recommended size by a paper but it is better if the user can set this value. This patch introduces a new MaglevLbConfig that contains table size of maglev. So, now, the user can set the table size of maglev by their situation. Signed-off-by: DongRyeol Cha <dr83.cha@samsung.com>
Commit Message: increase dynamic forward proxy coverage. Risk Level: low Testing: added tests Signed-off-by: Jose Nino <jnino@lyft.com>
Allowing unexpected disconnects by default. Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
…12943) @moderation suggested a better approach in baze://github.com//pull/12639#issuecomment-676606571. Signed-off-by: Harvey Tuch <htuch@google.com>
This removes set_allow_unexpected_disconnects in the Lua filter integration test. Risk Level: Low Testing: Fix test Docs Changes: N/A Release Notes: N/A Signed-off-by: Dhi Aurrahman <dio@tetrate.io>
This introduces an option to entirely omit null values from the access log. Risk Level: Low Testing: Unit and integration tests Docs Changes: New option documented in proto file Release Notes: Updated Fixes #12735 Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
…2941) Signed-off-by: Harvey Tuch <htuch@google.com>
Change some NOT_IMPLEMENTED to NOT_REACHED in case of actually cannot be reached cases. The NOT_IMPLEMENTED means that it can be filled with meaningful code later but not yet. The NOT_REACHED means that it never occur so, it is a bug if reach here. So, I change it to NOT_REACHED actually cannot be reached. And a default value for protobuf of oneof cannot be selected by config and there is no valid meaning for logic so I removed it as well. Signed-off-by: DongRyeol Cha <dr83.cha@samsung.com>
…o a headers-only request/response (#12832) This is done through adding a new FilterHeadersStatus::ContinueAndDontEndStream. This allows a filter to continue headers iteration without ending the stream. The filter can then add the request/response body by using injectEncodedDataToFilterChain/injectDecodedDataToFilterChain. Signed-off-by: Yosry Ahmed <yosryahmed@google.com>
Signed-off-by: Florin Coras <fcoras@cisco.com>
Commit Message: add bytes reporting to trailers. Risk Level: low Testing: updated unit and integration tests Docs Changes: updated Release Notes: updated Signed-off-by: Jose Nino <jnino@lyft.com>
Signed-off-by: Kevin Burek <kburek@lyft.com>
Signed-off-by: Sotiris Nanopoulos <sonanopo@microsoft.com>
wangfakang
pushed a commit
that referenced
this pull request
Jan 11, 2022
This PR fixes two compilation error that are happening in the oss-fuzz build of Envoy. Note that the latest oss-fuzz build errors out with only the error related to AsyncStream but AFAIR when it is fixed, a different compilation error has to be fixed which I fixed in the first commit that changes the socket.h file.
Fixes an oss-fuzz Envoy compilation error:
```
Execution platform: @local_config_platform//:host
In file included from source/common/network/socket_option_impl.cc:1:
In file included from ./source/common/network/socket_option_impl.h:6:
In file included from ./envoy/network/listen_socket.h:14:
./envoy/network/socket.h:26:3: error: definition of implicit copy assignment operator for 'SocketOptionName' is deprecated because it has a user-declared copy constructor [-Werror,-Wdeprecated-copy]
SocketOptionName(const SocketOptionName&) = default;
^
source/common/network/socket_option_impl.cc:52:14: note: in implicit copy assignment operator for 'Envoy::Network::SocketOptionName' first required here
info.name_ = optname_;
^
1 error generated.
INFO: Elapsed time: 2620.084s, Critical Path: 126.35s
INFO: 4237 processes: 154 internal, 4083 local.
FAILED: Build did NOT complete successfully
ERROR:root:Building fuzzers failed.
```
Signed-off-by: disconnect3d <dominik.b.czarnota@gmail.com>
* types_async_client.h: fix deprecated defaulted copy ctor
Fixes an oss-fuzz Envoy compilation error:
```
Step #3 - "compile-afl-address-x86_64": Execution platform: @local_config_platform//:host
Step #3 - "compile-afl-address-x86_64": In file included from source/extensions/filters/http/ext_proc/client_impl.cc:1:
Step #3 - "compile-afl-address-x86_64": In file included from ./source/extensions/filters/http/ext_proc/client_impl.h:11:
Step #3 - "compile-afl-address-x86_64": �[1m./source/common/grpc/typed_async_client.h:38:3: �[0m�[0;1;31merror: �[0m�[1mdefinition of implicit copy assignment operator for 'AsyncStream<envoy::service::ext_proc::v3::ProcessingRequest>' is deprecated because it has a user-declared copy constructor [-Werror,-Wdeprecated-copy]�[0m
Step #3 - "compile-afl-address-x86_64": AsyncStream(const AsyncStream& other) = default;
Step #3 - "compile-afl-address-x86_64": �[0;1;32m ^
Step #3 - "compile-afl-address-x86_64": �[0m�[1msource/extensions/filters/http/ext_proc/client_impl.cc:34:11: �[0m�[0;1;30mnote: �[0min implicit copy assignment operator for 'Envoy::Grpc::AsyncStream<envoy::service::ext_proc::v3::ProcessingRequest>' first required here�[0m
Step #3 - "compile-afl-address-x86_64": stream_ = client_.start(*descriptor, *this, options);
Step #3 - "compile-afl-address-x86_64": �[0;1;32m ^
Step #3 - "compile-afl-address-x86_64": �[0m1 error generated.
```
Signed-off-by: disconnect3d <dominik.b.czarnota@gmail.com>
* socket.h: delete default assignment operator
Signed-off-by: disconnect3d <dominik.b.czarnota@gmail.com>
* typed_async_client.h: remove default assignment op
Signed-off-by: disconnect3d <dominik.b.czarnota@gmail.com>
wangfakang
pushed a commit
that referenced
this pull request
May 30, 2022
…yproxy#20170) * test: adding a multi-envoy test (envoyproxy#20016) Functionally this handles the multi-envoy signal handler crash skips instantiating a runtime singleton (off by default, must stay off until remove global runtime: rebase runtime features on ABSL_flags envoyproxy#19847 is closed) Multi-envoy does not correctly support runtime flags or deprecation stats due to envoyproxy#19847 being incomplete. It can still handle proxy traffic client - L1 - L2 - upstream as shown in test. Risk Level: low Testing: yes Docs Changes: n/a Release Notes: n/a Part of envoyproxy/envoy-mobile#2003 Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * Add a congestionWindowInBytes method to Envoy::Network::Connection (envoyproxy#20105) Signed-off-by: Bin Wu <wub@google.com> Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * Update QUICHE from 50f15e7a5 to cf1588207 (envoyproxy#20154) https://github.com/google/quiche/compare/50f15e7a5..cf1588207 $ git log 50f15e7a5..cf1588207 --date=short --no-merges --format="%ad %al %s" 2022-02-28 wub Deprecate --gfe2_reloadable_flag_quic_crypto_noop_if_disconnected_after_process_chlo. 2022-02-27 vasilvv Remove QuicheMemSlice(QuicUniqueBufferPtr, size_t) constructor. 2022-02-26 fayang Use std::string instead of absl::string_view in CryptoBufferMap. 2022-02-25 bnc Ignore incoming HTTP/3 MAX_PUSH_ID frames. 2022-02-25 bnc Remove Http3DebugVisitor::OnMaxPushIdFrameSent(). 2022-02-25 bnc Remove QuicSpdySession::CanCreatePushStreamWithId(). 2022-02-25 fayang Deprecate gfe2_reloadable_flag_quic_single_ack_in_packet2. Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * build(deps): bump actions/stale from 4.1.0 to 5 (envoyproxy#20159) Bumps [actions/stale](https://github.com/actions/stale) from 4.1.0 to 5. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@v4.1.0...v5) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * admin: improve test coverage and increase the coverage-percent threshold (envoyproxy#20025) Adds a missing test for recent lookups now that there are no more fake symbol tables. Adds tests for a variety of override methods defined in admin.h that were previously hard to hit. Adds a benchmark test to establish a baseline for the speedups in envoyproxy#19693 Signed-off-by: Joshua Marantz <jmarantz@google.com> Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * test: removing a bunch of direct runtime singleton access (envoyproxy#19993) Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * build(deps): bump grpcio-tools in /examples/grpc-bridge/client (envoyproxy#20040) Bumps [grpcio-tools](https://github.com/grpc/grpc) from 1.43.0 to 1.44.0. - [Release notes](https://github.com/grpc/grpc/releases) - [Changelog](https://github.com/grpc/grpc/blob/master/doc/grpc_release_schedule.md) - [Commits](grpc/grpc@v1.43.0...v1.44.0) --- updated-dependencies: - dependency-name: grpcio-tools dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * adds to spellcheck Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * xray tracer: set subsegment type for child spans (#2) * xray tracer: set subsegment type for child spans Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * adds test coverage Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * Xray subsegment (#3) * xray tracer: set subsegment type for child spans Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * adds test coverage Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * updates xray subsegment name to use operation name (instead of parent's span name) Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * updates doc Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * updates doc Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * Xray subsegment (#4) * xray tracer: set subsegment type for child spans Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * adds test coverage Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * updates xray subsegment name to use operation name (instead of parent's span name) Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * updates doc Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * updates doc Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * adds to spell check dictionary Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * fixes spellcheck Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * adds to spellcheck Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> xray tracer: set subsegment type for child spans (#2) * xray tracer: set subsegment type for child spans Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * adds test coverage Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> Xray subsegment (#3) * xray tracer: set subsegment type for child spans Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * adds test coverage Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * updates xray subsegment name to use operation name (instead of parent's span name) Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * updates doc Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * updates doc Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> Xray subsegment (#4) * xray tracer: set subsegment type for child spans Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * adds test coverage Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * updates xray subsegment name to use operation name (instead of parent's span name) Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * updates doc Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * updates doc Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * adds to spell check dictionary Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> fixes spellcheck Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * fixes spell check Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> Co-authored-by: alyssawilk <alyssar@chromium.org> Co-authored-by: Bin Wu <46450037+wu-bin@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Joshua Marantz <jmarantz@google.com>
wangfakang
pushed a commit
that referenced
this pull request
Sep 15, 2022
…roxy#22689) Commit Message: stream_idle_timer_ is armed to timeout the sending of the bufferred response payload in the quic stream send buffer after the end stream is buffered in the stream. But today this timer is armed even if the the encoding of the payload causes the stream to be closed, in which case the timer can never be cancelled till the stream destruction with ASSERT hit as below: [2022-08-12 22:23:38.843][12][critical][backtrace] [./source/server/backtrace.h:104] Caught Aborted, suspect faulting address 0x50e8d0000000c [2022-08-12 22:23:38.844][12][critical][backtrace] [./source/server/backtrace.h:91] Backtrace (use tools/stack_decode.py to get line numbers): [2022-08-12 22:23:38.844][12][critical][backtrace] [./source/server/backtrace.h:92] Envoy version: 0/1.24.0-dev/test/DEBUG/BoringSSL [2022-08-12 22:23:38.858][12][critical][backtrace] [./source/server/backtrace.h:96] #0: Envoy::SignalAction::sigHandler() [0x3480b28] [2022-08-12 22:23:38.858][12][critical][backtrace] [./source/server/backtrace.h:96] #1: __restore_rt [0x7f94b072c200] [2022-08-12 22:23:38.872][12][critical][backtrace] [./source/server/backtrace.h:96] #2: Envoy::Quic::EnvoyQuicStream::~EnvoyQuicStream() [0x2a2fe98] [2022-08-12 22:23:38.885][12][critical][backtrace] [./source/server/backtrace.h:96] #3: Envoy::Quic::EnvoyQuicServerStream::~EnvoyQuicServerStream() [0x2a78058] [2022-08-12 22:23:38.899][12][critical][backtrace] [./source/server/backtrace.h:96] #4: Envoy::Quic::EnvoyQuicServerStream::~EnvoyQuicServerStream() [0x2a77d30] [2022-08-12 22:23:38.912][12][critical][backtrace] [./source/server/backtrace.h:96] #5: Envoy::Quic::EnvoyQuicServerStream::~EnvoyQuicServerStream() [0x2a77d69] This change check stream close in this case, so that the idle timer will not be armed for closed streams. Risk Level: low Testing: new unit test Docs Changes: N/A Release Notes: N/A Platform Specific Features: N/A Signed-off-by: Dan Zhang <danzh@google.com>
wangfakang
pushed a commit
that referenced
this pull request
Sep 15, 2022
…voyproxy#22856) `//test/integration:tcp_proxy_odcds_integration_test` was observed to fail as follows: ``` ==================== Test output for //test/integration:tcp_proxy_odcds_integration_test: [==========] Running 24 tests from 1 test suite. [----------] Global test environment set-up. [----------] 24 tests from IpVersionsClientType/TcpProxyOdcdsIntegrationTest [ RUN ] IpVersionsClientType/TcpProxyOdcdsIntegrationTest.SingleTcpClient/0 [2022-08-25 20:22:46.750][3969][critical][assert] [test/integration/fake_upstream.cc:832] assert failure: !dispatcher_->isThreadSafe(). [2022-08-25 20:22:46.752][3969][critical][backtrace] [./source/server/backtrace.h:104] Caught Aborted, suspect faulting address 0x6b00000f81 [2022-08-25 20:22:46.752][3969][critical][backtrace] [./source/server/backtrace.h:91] Backtrace (use tools/stack_decode.py to get line numbers): [2022-08-25 20:22:46.752][3969][critical][backtrace] [./source/server/backtrace.h:92] Envoy version: 0/1.24.0-dev/test/DEBUG/BoringSSL [2022-08-25 20:22:46.773][3969][critical][backtrace] [./source/server/backtrace.h:96] #0: Envoy::SignalAction::sigHandler() [0x4c46a78]->[0x2cf2a78] external/com_google_googletest/googlemock/include/gmock/gmock-spec-builders.h:1267 [2022-08-25 20:22:46.773][3969][critical][backtrace] [./source/server/backtrace.h:96] #1: __restore_rt [0x7ffbdaa79420]->[0x7ffbd8b25420] ??:0 [2022-08-25 20:22:46.802][3969][critical][backtrace] [./source/server/backtrace.h:96] #2: Envoy::FakeUpstream::assertPendingConnectionsEmpty() [0x245bf0b]->[0x507f0b] ??:0 [2022-08-25 20:22:46.846][3969][critical][backtrace] [./source/server/backtrace.h:96] #3: Envoy::(anonymous namespace)::TcpProxyOdcdsIntegrationTest_SingleTcpClient_Test::TestBody() [0x1f596cb]->[0x56cb] ??:0 [2022-08-25 20:22:46.877][3969][critical][backtrace] [./source/server/backtrace.h:96] #4: testing::internal::HandleSehExceptionsInMethodIfSupported<>() [0x588b61b]->[0x393761b] ??:0 [2022-08-25 20:22:46.924][3969][critical][backtrace] [./source/server/backtrace.h:96] #5: testing::internal::HandleExceptionsInMethodIfSupported<>() [0x587c2bd]->[0x39282bd] ??:0 [2022-08-25 20:22:46.966][3969][critical][backtrace] [./source/server/backtrace.h:96] #6: testing::Test::Run() [0x5864ba3]->[0x3910ba3] /usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_vector.h:0 [2022-08-25 20:22:47.003][3969][critical][backtrace] [./source/server/backtrace.h:96] #7: testing::TestInfo::Run() [0x586576a]->[0x391176a] external/com_google_absl/absl/container/internal/raw_hash_set.h:1259 [2022-08-25 20:22:47.037][3969][critical][backtrace] [./source/server/backtrace.h:96] #8: testing::TestSuite::Run() [0x5865fbb]->[0x3911fbb] /usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_algo.h:1925 [2022-08-25 20:22:47.089][3969][critical][backtrace] [./source/server/backtrace.h:96] #9: testing::internal::UnitTestImpl::RunAllTests() [0x5874a28]->[0x3920a28] envoy/registry/registry.h:509 [2022-08-25 20:22:47.114][3969][critical][backtrace] [./source/server/backtrace.h:96] #10: testing::internal::HandleSehExceptionsInMethodIfSupported<>() [0x588ddbb]->[0x3939dbb] envoy/registry/registry.h:0 [2022-08-25 20:22:47.160][3969][critical][backtrace] [./source/server/backtrace.h:96] #11: testing::internal::HandleExceptionsInMethodIfSupported<>() [0x587e683]->[0x392a683] /usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/unique_ptr.h:154 [2022-08-25 20:22:47.191][3969][critical][backtrace] [./source/server/backtrace.h:96] #12: testing::UnitTest::Run() [0x5874568]->[0x3920568] envoy/registry/registry.h:508 [2022-08-25 20:22:47.237][3969][critical][backtrace] [./source/server/backtrace.h:96] #13: RUN_ALL_TESTS() [0x4878d51]->[0x2924d51] external/com_google_googletest/googlemock/include/gmock/gmock-spec-builders.h:1203 [2022-08-25 20:22:47.284][3969][critical][backtrace] [./source/server/backtrace.h:96] #14: Envoy::TestRunner::RunTests() [0x48783b1]->[0x29243b1] external/com_google_googletest/googlemock/include/gmock/gmock-actions.h:485 [2022-08-25 20:22:47.316][3969][critical][backtrace] [./source/server/backtrace.h:96] #15: main [0x4874c3a]->[0x2920c3a] external/com_google_googletest/googlemock/include/gmock/gmock-spec-builders.h:1181 [2022-08-25 20:22:47.316][3969][critical][backtrace] [./source/server/backtrace.h:96] #16: __libc_start_main [0x7ffbda897083]->[0x7ffbd8943083] ??:0 ================================================================================ ``` This is due to the race described by envoyproxy#22855. Making sure the dispatcher thread is running before starting the test avoids this problem. Signed-off-by: Benjamin Peterson <benjamin@engflow.com>
hatappi
pushed a commit
to hatappi/envoy-go-extension
that referenced
this pull request
Nov 15, 2022
This test sends a large number of metadata frames in order to trigger a disconnect. However, it was possible for the disconnect to happen and the connection to be torn down before all the metadata frames had been sent. If that happened, ASAN detected a UAF:
```
==95==ERROR: AddressSanitizer: heap-use-after-free on address 0x60700037e5a0 at pc 0x000004811f9e bp 0x7ffc903af990 sp 0x7ffc903af988
READ of size 8 at 0x60700037e5a0 thread T0
#0 0x4811f9d in Envoy::IntegrationCodecClient::sendMetadata(Envoy::Http::RequestEncoder&, Envoy::Http::MetadataMap) /proc/self/cwd/test/integration/http_integration.cc:168:3
#1 0x46ed711 in Envoy::Http2FloodMitigationTest_RequestMetadata_Test::TestBody() /proc/self/cwd/test/integration/http2_flood_integration_test.cc:1486:20
wangfakang#2 0xd380e64 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2580:10
wangfakang#3 0xd348dc2 in testing::Test::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2655:5
wangfakang#4 0xd34a927 in testing::TestInfo::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2832:11
wangfakang#5 0xd34ccc4 in testing::TestSuite::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2986:28
wangfakang#6 0xd36f07a in testing::internal::UnitTestImpl::RunAllTests() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5697:44
wangfakang#7 0xd384e63 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/
gtest.cc:2580:10
wangfakang#8 0xd36dd86 in testing::UnitTest::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5280:10
wangfakang#9 0xa0e53a4 in Envoy::TestRunner::RunTests(int, char**) /proc/self/cwd/external/com_google_googletest/googletest/include/gtest/gtest.h:2485:46
wangfakang#10 0xa0e0af7 in main /proc/self/cwd/test/main.cc:34:10
wangfakang#11 0x7f442ef69082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
wangfakang#12 0x45ed36d in _start (/mnt/ssd/cas/work/1/exec/bazel-out/k8-dbg/bin/test/integration/http2_flood_integration_test.runfiles/envoy/test/integration/http2_flood_integration_test+0x45ed36d)
0x60700037e5a0 is located 48 bytes inside of 80-byte region [0x60700037e570,0x60700037e5c0)
freed by thread T0 here:
#0 0x466f7d2 in free /local/mnt/workspace/bcain_clang_hu-bcain-lv_22036/final/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:52:3
#1 0x831dde8 in Envoy::Http::CodecClient::ActiveRequest::~ActiveRequest() /proc/self/cwd/./source/common/http/codec_client.h:220:10
wangfakang#2 0x5aa33f9 in std::__1::unique_ptr<Envoy::Event::DeferredDeletable, std::__1::default_delete<Envoy::Event::DeferredDeletable> >::reset(Envoy::Event::DeferredDeletable*) /opt/llvm/bin/../include/c++/v1/__memory/unique_ptr.h:54:5
wangfakang#3 0xa3218e8 in Envoy::Event::DispatcherImpl::clearDeferredDeleteList() /proc/self/cwd/source/common/event/dispatcher_impl.cc:142:21
wangfakang#4 0xa3348df in void std::__1::__invoke_void_return_wrapper<void, true>::__call<Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&
, Envoy::Random::RandomGenerator&, Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&
, std::__1::shared_ptr<Envoy::Buffer::WatermarkFactory> const&)::$_2&>(Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&, Envoy::Rand
om::RandomGenerator&, Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&, std::__1::s
hared_ptr<Envoy::Buffer::WatermarkFactory> const&)::$_2&) /proc/self/cwd/source/common/event/dispatcher_impl.cc:79:30
wangfakang#5 0xa334603 in std::__1::__function::__func<Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&, Envoy::Random::RandomGenerator&,
Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&, std::__1::shared_ptr<Envoy::Buffe
r::WatermarkFactory> const&)::$_2, std::__1::allocator<Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&, Envoy::Random::RandomGenera
tor&, Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&, std::__1::shared_ptr<Envoy:
:Buffer::WatermarkFactory> const&)::$_2>, void ()>::operator()() /opt/llvm/bin/../include/c++/v1/__functional/function.h:180:16
wangfakang#6 0x4897039 in std::__1::__function::__value_func<void ()>::operator()() const /opt/llvm/bin/../include/c++/v1/__functional/function.h:507:16
wangfakang#7 0xa8e6aa4 in Envoy::Event::SchedulableCallbackImpl::SchedulableCallbackImpl(Envoy::CSmartPtr<event_base, &(event_base_free)>&, std::__1::function<void ()>)::$_0::__invoke(int, short, void*) /opt/llvm/bin/../include/c++/v1/__functional/function.h:1184:12
wangfakang#8 0xb557c5e in event_process_active_single_queue /mnt/ssd/cas/work/2/exec/external/com_github_libevent_libevent/event.c:1713:4
wangfakang#9 0xb539252 in event_process_active /mnt/ssd/cas/work/2/exec/external/com_github_libevent_libevent/event.c
wangfakang#10 0xb539252 in event_base_loop /mnt/ssd/cas/work/2/exec/external/com_github_libevent_libevent/event.c:2047:12
wangfakang#11 0xa8e1e3c in Envoy::Event::LibeventScheduler::run(Envoy::Event::Dispatcher::RunType) /proc/self/cwd/source/common/event/libevent_scheduler.cc:60:3
wangfakang#12 0xa32bd94 in Envoy::Event::DispatcherImpl::run(Envoy::Event::Dispatcher::RunType) /proc/self/cwd/source/common/event/dispatcher_impl.cc:299:19
wangfakang#13 0x480faad in Envoy::IntegrationCodecClient::flushWrite() /proc/self/cwd/test/integration/http_integration.cc:100:29
wangfakang#14 0x4811e94 in Envoy::IntegrationCodecClient::sendMetadata(Envoy::Http::RequestEncoder&, Envoy::Http::MetadataMap) /proc/self/cwd/test/integration/http_integration.cc:169:3
wangfakang#15 0x46ed711 in Envoy::Http2FloodMitigationTest_RequestMetadata_Test::TestBody() /proc/self/cwd/test/integration/http2_flood_integration_test.cc:1486:20
wangfakang#16 0xd380e64 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2580:10
wangfakang#17 0xd348dc2 in testing::Test::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2655:5
wangfakang#18 0xd34a927 in testing::TestInfo::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2832:11
wangfakang#19 0xd34ccc4 in testing::TestSuite::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2986:28
wangfakang#20 0xd36f07a in testing::internal::UnitTestImpl::RunAllTests() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5697:44
wangfakang#21 0xd384e63 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2580:10
wangfakang#22 0xd36dd86 in testing::UnitTest::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5280:10
wangfakang#23 0xa0e53a4 in Envoy::TestRunner::RunTests(int, char**) /proc/self/cwd/external/com_google_googletest/googletest/include/gtest/gtest.h:2485:46
wangfakang#24 0xa0e0af7 in main /proc/self/cwd/test/main.cc:34:10
wangfakang#25 0x7f442ef69082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
```
To fix that, write all metadata frames at once.
Signed-off-by: Benjamin Peterson <benjamin@engflow.com>
wangfakang
pushed a commit
that referenced
this pull request
Nov 29, 2022
When building the jni dylib for android, we previously stripped all debug info to decrease the artifact size. With this change we now produce the same stripped binary as before, but before stripping it we create a dump of the debug info suitable for crash reporting. This is made overly difficult for a few reasons: 1. Bazel doesn't support fission for Android bazelbuild/bazel#14765 2. Extra outputs from rules are not propagated up the dependency tree, so just building `android_dist` at the top level, isn't enough to get the extra outputs built as well 3. Building the library manually alongside the android artifact on the command line results in 2 separate builds, one for android as a transitive dependency of `android_dist` and one for the host platform This change avoids #1 fission for now, but the same approach could be used once that change makes its way to a bazel release. This change fixes #2 by using a separate output group that can be depended on by the genrule that writes to dist while avoiding #3 because the custom rule producing these uses the android transition. Signed-off-by: Keith Smiley <keithbsmiley@gmail.com> Signed-off-by: JP Simard <jp@jpsim.com>
wangfakang
pushed a commit
that referenced
this pull request
Nov 30, 2022
When building the jni dylib for android, we previously stripped all debug info to decrease the artifact size. With this change we now produce the same stripped binary as before, but before stripping it we create a dump of the debug info suitable for crash reporting. This is made overly difficult for a few reasons: 1. Bazel doesn't support fission for Android bazelbuild/bazel#14765 2. Extra outputs from rules are not propagated up the dependency tree, so just building `android_dist` at the top level, isn't enough to get the extra outputs built as well 3. Building the library manually alongside the android artifact on the command line results in 2 separate builds, one for android as a transitive dependency of `android_dist` and one for the host platform This change avoids #1 fission for now, but the same approach could be used once that change makes its way to a bazel release. This change fixes #2 by using a separate output group that can be depended on by the genrule that writes to dist while avoiding #3 because the custom rule producing these uses the android transition. Signed-off-by: Keith Smiley <keithbsmiley@gmail.com> Signed-off-by: JP Simard <jp@jpsim.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
For an explanation of how to fill out the fields, please see the relevant section
in PULL_REQUESTS.md
Commit Message:
Additional Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Deprecated:]