destination.ip not sent as []byte

[douglas-reid]

Expected to receive attribute destination.ip as a []byte. Instead, received string.

Example from attribute bag dump in latest Mixer:

destination.ip                : 10.56.2.185
source.ip                     : [10 150 0 5]

Note the key difference between the way in which source.ip and destination.ip are received.

[qiwzhang]

It could not be.

They are switched to use Bytes in the same PR.
Here is the code: https://github.com/istio/proxy/blob/master/src/envoy/mixer/mixer_control.cc

Here is the PR: istio/proxy@0561c1d#diff-01d13090008b70b5a4e706e9babc542a

I need more evident.

[douglas-reid]

@qiwzhang Running from istio/istio HEAD.

PILOT_TAG="e5681371e971d20b89823e55e394b2f773e7f07a"
PROXY_TAG="c7785bd97bd3d1610bafdda9ceaa3a061a641bad"

I then just dumped logs. Maybe destination.ip isn't being sent by the proxy, but generated elsewhere?

[kyessenov]

Caused by this https://github.com/istio/pilot/blob/master/proxy/envoy/mixer.go#L108?

[kyessenov]

@qiwzhang which IP does your filter use? Service IP (external) or pod IP (internal)?

[qiwzhang]

@kyessenov

Proxy is using

upstreamHost->address()->ip();

I guess it is the service host ip in the cluster manager. Pilot set it.

[qiwzhang]

Definitely caused by https://github.com/istio/pilot/blob/master/proxy/envoy/mixer.go#L128

In the Tcp Check, Proxy extracts it from Envoy config, which is string.
In the Tcp Report, Proxy over write it. which is BYTES.

I guess, Proxy should not just blindly copy the string. It should check ".ip" suffix, and convert it to bytes when copying from Mixer config

[qiwzhang]

Ultimate solution is to allow Pilot to write attribute type for the mesh attributes. Now it only supports string type. Leave this as 0.3 feature.

[douglas-reid]

Are we sure? I haven't debugged fully. It might be related to issues with:

https://github.com/istio/mixer/blob/master/testdata/configroot/scopes/global/subjects/global/rules.yml#L22

[qiwzhang]

Filed https://github.com/istio/proxy/issues/483 to fix this.

[qiwzhang]

@douglas-reid assigned it to you so you can debug it first. If it is caused by https://github.com/istio/pilot/blob/master/proxy/envoy/mixer.go#L128. I have another issue to cover it. so you can close it.

[douglas-reid]

It looks like it isn't coming from the mixer attribute derivation stuff:

I0923 01:07:39.430774       1 grpcServer.go:152] Attribute Bag:
context.protocol              : http
destination.ip                : 10.56.2.185
destination.service           : productpage.default.svc.cluster.local
destination.uid               : kubernetes://productpage-v1-2488187180-wzkkm.default
quota.amount                  : 1
quota.name                    : RequestCount
request.headers               : map[x-b3-traceid:0000d392e006806f :authority:75.22.199.35.bc.googleusercontent.com x-forwarded-proto:http x-ot-span-context:0000d392e006806f;0000d392e006806f;0000000000000000 x-b3-sampled:1 x-envoy-expected-rq-timeout-ms:15000 x-request-id:c9fbec6f-6202-98e6-838b-944fc6661857 x-forwarded-for:10.150.0.5 pragma:no-cache accept-charset:iso-8859-1,utf-8;q=0.9,*;q=0.1 x-b3-spanid:0000d392e006806f x-envoy-internal:true :path:/login accept-language:en :method:GET content-length:0 accept:image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* user-agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GoogleSecurityScanner; go/SecopsSecurityScan 1.337)]
request.host                  : 75.22.199.35.bc.googleusercontent.com
request.method                : GET
request.path                  : /login
request.scheme                : http
request.time                  : 2017-09-23 01:07:39.429065888 +0000 UTC
request.useragent             : Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GoogleSecurityScanner; go/SecopsSecurityScan 1.337)
source.ip                     : [10 56 3 154]
source.port                   : 53742
source.uid                    : kubernetes://istio-ingress-3820240895-vsxdq.istio-system
---
destination.labels            : map[app:productpage pod-template-hash:2488187180 version:v1]
destination.namespace         : default
destination.service           : productpage.default.svc.cluster.local
destination.serviceAccount    : default
source.labels                 : map[istio:ingress pod-template-hash:3820240895]
source.namespace              : istio-system
source.service                : ingress.istio-system.svc.cluster.local
source.serviceAccount         : istio-ingress-service-account

Everything above the --- is from the original proto bag. So, hopefully, the fix you guys have identified is ready to go soon.

[qiwzhang]

The issue
Allow Pilot to pass any type of mesh attributes to Mixer #483
is not easy to fix. It requires both Pilot and Proxy code change. It will be 0.2 after.

[geeknoid]

Is this issue resolved, or is there a different issue to track the problem? Otherwise, it shouldn't be closed right?

…

On Sat, Sep 23, 2017 at 8:57 PM, Wayne Zhang ***@***.***> wrote: The issue Allow Pilot to pass any type of mesh attributes to Mixer #483 is not easy to fix. It requires both Pilot and Proxy code change. It will be 0.2 after. — You are receiving this because you were assigned. Reply to this email directly, view it on GitHub <#112 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AVucHa-XZIUSP_tpsxbZ5Ji0hRf-OyClks5sldM-gaJpZM4Pehqh> .

[qiwzhang]

It is covered by https://github.com/istio/proxy/issues/483