sync from master. #3
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1. Adds localhost to the upstreamcert.cfg 2. Makes fake_upstream TcpListenerSocket connect to the localhost instead of any address. 3. GRPC tests are no longer failing on windows. Risk Level: Low Testing: N/A Signed-off-by: Sotiris Nanopoulos <[email protected]>
This implements a host_rewrite_path option for rewriting the Host header based on path. See rational in the linked issue. Note: the regex is executed on the path with query/fragment stripped. This is analogues to what regex_rewrite option is doing. Risk Level: Low Testing: added unit tests Docs Changes: document the new option in proto file Release Notes: added to current.rst Fixes #12430 Signed-off-by: Petr Pchelko <[email protected]>
This is the first step in implementing OCSP stapling as described [here](https://docs.google.com/document/d/14Ji0Vq7Xbe9LXM6IsWQo8mgEnOB8Bo6TH75sSmFbCEE/edit#heading=h.v4mph477rsju), adding the capability on top of BoringSSL to parse and validate DER-encoded OCSP responses. It extracts enough to determine the revocation status of a single SSL certificate and the window of time for which the OCSP response can be considered valid. OCSP extensions are not currently processed. Signed-off-by: Daniel Goldstein <[email protected]>
…include/ and source/common/] (#12502) This is a part of efforts to get rid of all the exception throwing semantics in envoy header files, as discussed here #12469. This PR deals with all instances that throw plain envoy exceptions in the described sub modules. Signed-off-by: Yifan Yang <[email protected]>
Signed-off-by: Lizan Zhou <[email protected]>
Clarify that resource instance version can be reused across stream restarts. Also a few other small fixes and improvements. Risk Level: Low Testing: N/A Docs Changes: Included in PR Release Notes: N/A Signed-off-by: Mark D. Roth <[email protected]>
Commit Message: The bazel.output.txt file is created by bazel build but it is not a part of source code. It is better to be ignored. Signed-off-by: DongRyeol Cha [email protected] Additional Description: None Risk Level: Low Testing: git status Docs Changes: None Release Notes: None Signed-off-by: DongRyeol Cha <[email protected]>
* the EXPECT_EQ / EXPECT_TRUE calls cause errors to be logged but the fuzzer does not crash, meaning discrepancies do not show up on oss-fuzz * removed the updateRoute() function from the verifier since it is redundant Signed-off-by: Sam Flattery <[email protected]>
Change the Overload Manager API to extend the overload action state with non-binary values. This will allow future overload actions to take effect in response to increasing load, instead of to the existing inactive/active binary values. This PR also adds a range field to the overload trigger config, though no actions currently trigger on the 'scaling' state. The existing behavior is preserved by replacing all places where OverloadActionState::Active was being used with OverloadActionState::saturated(). This is a minimal re-hashing of #11697 for ##11427. Risk Level: medium Testing: ran unit and integration tests Docs Changes: none Release Notes: add "scaling" trigger for OverloadManager actions Signed-off-by: Alex Konradi <[email protected]>
Signed-off-by: Dmitri Dolguikh <[email protected]>
IoHandle specific, implicitly, socket interface specific, implementations of listen and accept are now used to accept new IoHandles, instead of the os specific sycalls libevent leverages internally for listeners. Signed-off-by: Florin Coras <[email protected]>
Signed-off-by: Lizan Zhou <[email protected]>
Adds PlatformDefaultTriggerType which is used to create file events. The main motivation for using this is the following: 1) Easier to swap out between FileTriggerType. This is useful for UNIX devs to debug issues that might affect Windows. 2) Removes various #ifdefs around the codebase. With this change, proxy_protocol_test now passes on Windows. Signed-off-by: Sotiris Nanopoulos <[email protected]>
… tree to a separate header file (#12576) Refactored registration of inline headers in the CacheFilter tree to a separate header file. Signed-off-by: Yosry Ahmed <[email protected]>
Signed-off-by: Florin Coras <[email protected]>
Un-Reverts 048583b, with fix for high cpu consumption. This PR implements fault injection for Redis; specifically delay and error faults (which themselves can have delays added). I chose not to implement a separate filter after discussing with Henry; we concluded that the faults we felt were useful didn't need many levels- just a delay on top of the original fault, if any. In addition, as the Redis protocol doesn't support headers that makes it a bit different again from Envoy's http fault injection. This PR fixes the issue previously seen with redis fault injection where excessive cpu was used on connection creation. Faults record metrics on the original request- and the delay fault adds extra latency which is included in the command latency for that request. Also, faults can apply only to certain commands. Future work: Add several other faults, including cache misses and connection failures. Signed-off-by: FAYiEKcbD0XFqF2QK2E4viAHg8rMm2VbjYKdjTg <[email protected]>
Added an node field to csds request to identify the CSDS client to the CSDS server, and removed the [#not-implemented-hide:] for the endpoint_config since it has been implemented in #11577 Risk Level: Low Testing: N/A Docs Changes: N/A Release Notes: N/A Signed-off-by: Yutong Li <[email protected]>
) Signed-off-by: Yosry Ahmed <[email protected]>
Signed-off-by: Sotiris Nanopoulos <[email protected]>
Signed-off-by: Kevin Baichoo <[email protected]> Commit Message: Updated the extending envoy documentation to include a missing extension point. Additional Description: See PR #12416 for additional context of this. Risk Level: low Testing: built the documents to ensure they generate correctly. Docs Changes: Release Notes:
Commit Message: This is a regression of 887637c that should be retained. This patch re-add it into the gitignore file. Additional Description: None Risk Level: Low Testing: git status Docs Changes: None Release Notes: None Signed-off-by: DongRyeol Cha <[email protected]>
Commit Message: reverts visibility of the statd sink to public. Risk Level: low Testing: local build, CI Signed-off-by: Jose Nino <[email protected]>
This new header formatter acts in the opposite direction of the header-to-metadata filter. That is, it allows setting a header from what's available in a request's metadata. We need this to populate some request headers based on what was previously extracted and transformed via the header-to-metadata filter. Risk Level: low Testing: unit test Docs Changes: yes Release Notes: added Signed-off-by: Raul Gutierrez Segales <[email protected]>
Establish an extension point for actions to run based on Watch Dog Events. Signed-off-by: Kevin Baichoo <[email protected]>
…nt numerator > denominator (#12068) Signed-off-by: Konstantin Belyalov <[email protected]>
Signed-off-by: Florin Coras <[email protected]>
Signed-off-by: jianwen <[email protected]>
This PR implements a new retry back off strategy that uses values from response headers like Retry-After or X-RateLimit-Reset (the headers are configurable) to decide the back off interval before retrying a request. Signed-off-by: Martin Matusiak <[email protected]>
…the rest] (#12611) getting rid of exception-throwing behaviors in header files Signed-off-by: Yifan Yang <[email protected]>
This change makes possible (and simpler) a later change in which we allow users to modify the behavior of the handshaker (i.e. to add new branches for handing SSL_ERRORs) by using an extension point. Signed-off-by: James Buckland <[email protected]>
* Refactored health_checker_impl_test for use in fuzzing Signed-off-by: Zach <[email protected]>
Signed-off-by: Bill Gallagher <[email protected]>
Sometimes there's error flow control in the hot path that deserves logging, but plain logging there risks generating a large amount of log spam. It would be great to have a low-barrier and easy-to-consume way to emit a single or bounded number of log lines in these cases. This proposes a means to emit a single log line in those cases. Cross referencing Nighthawk issue to prompted this: envoyproxy/nighthawk#484 Signed-off-by: Otto van der Schaaf <[email protected]>
Add shellcheck to ci and fix some scripts that fail linting This PR adds the framework for running shellcheck in ci Im not sure if where i have hooked it in is the best place, apart from anything shellcheck does not give very reliable fixes - so it does not provide a patch to remedy as other code formatting ci does. I have fixed some of the low-hanging fruit, but figured that it would probably be a good idea to fix other parts in separate PRs as they touch other parts of the code base Additional Description: Risk Level: low/medium Partial fix for #7793 Signed-off-by: Ryan Northey <[email protected]>
This removes unused FilterRequestType enum. Risk Level: N/A Testing: bazel test //test/extensions/filters/http/ext_authz/... , //test/extensions/filters/common/... Docs Changes: N/A Release Notes: N/A Signed-off-by: Martin Matusiak <[email protected]>
* grammar fix * small style fix splitting sentence up Signed-off-by: Raul Gutierrez Segales <[email protected]>
Signed-off-by: wbpcode <[email protected]>
emit logs in case listener filter reject or timeout incoming connections. Moved the stream info ownership to the active TCP socket. There are three cases that have to be handled separately: ownership transfer to TCP connection (how it works today), deferred deletion of TCP socket (via unlinking), direct deletion of TCP socket Fixes: #12809 Signed-off-by: Kuat Yessenov <[email protected]>
Signed-off-by: Alyssa Wilk <[email protected]>
…2870) Currently, the maglev hash algorithm default to table size to 65537. It is the recommended size by a paper but it is better if the user can set this value. This patch introduces a new MaglevLbConfig that contains table size of maglev. So, now, the user can set the table size of maglev by their situation. Signed-off-by: DongRyeol Cha <[email protected]>
Commit Message: increase dynamic forward proxy coverage. Risk Level: low Testing: added tests Signed-off-by: Jose Nino <[email protected]>
Allowing unexpected disconnects by default. Signed-off-by: Alyssa Wilk <[email protected]>
…12943) @moderation suggested a better approach in baze://github.com//pull/12639#issuecomment-676606571. Signed-off-by: Harvey Tuch <[email protected]>
This removes set_allow_unexpected_disconnects in the Lua filter integration test. Risk Level: Low Testing: Fix test Docs Changes: N/A Release Notes: N/A Signed-off-by: Dhi Aurrahman <[email protected]>
This introduces an option to entirely omit null values from the access log. Risk Level: Low Testing: Unit and integration tests Docs Changes: New option documented in proto file Release Notes: Updated Fixes #12735 Signed-off-by: Petr Pchelko <[email protected]>
…2941) Signed-off-by: Harvey Tuch <[email protected]>
Change some NOT_IMPLEMENTED to NOT_REACHED in case of actually cannot be reached cases. The NOT_IMPLEMENTED means that it can be filled with meaningful code later but not yet. The NOT_REACHED means that it never occur so, it is a bug if reach here. So, I change it to NOT_REACHED actually cannot be reached. And a default value for protobuf of oneof cannot be selected by config and there is no valid meaning for logic so I removed it as well. Signed-off-by: DongRyeol Cha <[email protected]>
…o a headers-only request/response (#12832) This is done through adding a new FilterHeadersStatus::ContinueAndDontEndStream. This allows a filter to continue headers iteration without ending the stream. The filter can then add the request/response body by using injectEncodedDataToFilterChain/injectDecodedDataToFilterChain. Signed-off-by: Yosry Ahmed <[email protected]>
Signed-off-by: Florin Coras <[email protected]>
Commit Message: add bytes reporting to trailers. Risk Level: low Testing: updated unit and integration tests Docs Changes: updated Release Notes: updated Signed-off-by: Jose Nino <[email protected]>
Signed-off-by: Kevin Burek <[email protected]>
Signed-off-by: Sotiris Nanopoulos <[email protected]>
wangfakang
pushed a commit
that referenced
this pull request
Jan 11, 2022
This PR fixes two compilation error that are happening in the oss-fuzz build of Envoy. Note that the latest oss-fuzz build errors out with only the error related to AsyncStream but AFAIR when it is fixed, a different compilation error has to be fixed which I fixed in the first commit that changes the socket.h file.
Fixes an oss-fuzz Envoy compilation error:
```
Execution platform: @local_config_platform//:host
In file included from source/common/network/socket_option_impl.cc:1:
In file included from ./source/common/network/socket_option_impl.h:6:
In file included from ./envoy/network/listen_socket.h:14:
./envoy/network/socket.h:26:3: error: definition of implicit copy assignment operator for 'SocketOptionName' is deprecated because it has a user-declared copy constructor [-Werror,-Wdeprecated-copy]
SocketOptionName(const SocketOptionName&) = default;
^
source/common/network/socket_option_impl.cc:52:14: note: in implicit copy assignment operator for 'Envoy::Network::SocketOptionName' first required here
info.name_ = optname_;
^
1 error generated.
INFO: Elapsed time: 2620.084s, Critical Path: 126.35s
INFO: 4237 processes: 154 internal, 4083 local.
FAILED: Build did NOT complete successfully
ERROR:root:Building fuzzers failed.
```
Signed-off-by: disconnect3d <[email protected]>
* types_async_client.h: fix deprecated defaulted copy ctor
Fixes an oss-fuzz Envoy compilation error:
```
Step #3 - "compile-afl-address-x86_64": Execution platform: @local_config_platform//:host
Step #3 - "compile-afl-address-x86_64": In file included from source/extensions/filters/http/ext_proc/client_impl.cc:1:
Step #3 - "compile-afl-address-x86_64": In file included from ./source/extensions/filters/http/ext_proc/client_impl.h:11:
Step #3 - "compile-afl-address-x86_64": �[1m./source/common/grpc/typed_async_client.h:38:3: �[0m�[0;1;31merror: �[0m�[1mdefinition of implicit copy assignment operator for 'AsyncStream<envoy::service::ext_proc::v3::ProcessingRequest>' is deprecated because it has a user-declared copy constructor [-Werror,-Wdeprecated-copy]�[0m
Step #3 - "compile-afl-address-x86_64": AsyncStream(const AsyncStream& other) = default;
Step #3 - "compile-afl-address-x86_64": �[0;1;32m ^
Step #3 - "compile-afl-address-x86_64": �[0m�[1msource/extensions/filters/http/ext_proc/client_impl.cc:34:11: �[0m�[0;1;30mnote: �[0min implicit copy assignment operator for 'Envoy::Grpc::AsyncStream<envoy::service::ext_proc::v3::ProcessingRequest>' first required here�[0m
Step #3 - "compile-afl-address-x86_64": stream_ = client_.start(*descriptor, *this, options);
Step #3 - "compile-afl-address-x86_64": �[0;1;32m ^
Step #3 - "compile-afl-address-x86_64": �[0m1 error generated.
```
Signed-off-by: disconnect3d <[email protected]>
* socket.h: delete default assignment operator
Signed-off-by: disconnect3d <[email protected]>
* typed_async_client.h: remove default assignment op
Signed-off-by: disconnect3d <[email protected]>
wangfakang
pushed a commit
that referenced
this pull request
May 30, 2022
…yproxy#20170) * test: adding a multi-envoy test (envoyproxy#20016) Functionally this handles the multi-envoy signal handler crash skips instantiating a runtime singleton (off by default, must stay off until remove global runtime: rebase runtime features on ABSL_flags envoyproxy#19847 is closed) Multi-envoy does not correctly support runtime flags or deprecation stats due to envoyproxy#19847 being incomplete. It can still handle proxy traffic client - L1 - L2 - upstream as shown in test. Risk Level: low Testing: yes Docs Changes: n/a Release Notes: n/a Part of envoyproxy/envoy-mobile#2003 Signed-off-by: Alyssa Wilk <[email protected]> Signed-off-by: Rex Chang <[email protected]> * Add a congestionWindowInBytes method to Envoy::Network::Connection (envoyproxy#20105) Signed-off-by: Bin Wu <[email protected]> Signed-off-by: Rex Chang <[email protected]> * Update QUICHE from 50f15e7a5 to cf1588207 (envoyproxy#20154) https://github.com/google/quiche/compare/50f15e7a5..cf1588207 $ git log 50f15e7a5..cf1588207 --date=short --no-merges --format="%ad %al %s" 2022-02-28 wub Deprecate --gfe2_reloadable_flag_quic_crypto_noop_if_disconnected_after_process_chlo. 2022-02-27 vasilvv Remove QuicheMemSlice(QuicUniqueBufferPtr, size_t) constructor. 2022-02-26 fayang Use std::string instead of absl::string_view in CryptoBufferMap. 2022-02-25 bnc Ignore incoming HTTP/3 MAX_PUSH_ID frames. 2022-02-25 bnc Remove Http3DebugVisitor::OnMaxPushIdFrameSent(). 2022-02-25 bnc Remove QuicSpdySession::CanCreatePushStreamWithId(). 2022-02-25 fayang Deprecate gfe2_reloadable_flag_quic_single_ack_in_packet2. Signed-off-by: Alyssa Wilk <[email protected]> Signed-off-by: Rex Chang <[email protected]> * build(deps): bump actions/stale from 4.1.0 to 5 (envoyproxy#20159) Bumps [actions/stale](https://github.com/actions/stale) from 4.1.0 to 5. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@v4.1.0...v5) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Rex Chang <[email protected]> * admin: improve test coverage and increase the coverage-percent threshold (envoyproxy#20025) Adds a missing test for recent lookups now that there are no more fake symbol tables. Adds tests for a variety of override methods defined in admin.h that were previously hard to hit. Adds a benchmark test to establish a baseline for the speedups in envoyproxy#19693 Signed-off-by: Joshua Marantz <[email protected]> Signed-off-by: Rex Chang <[email protected]> * test: removing a bunch of direct runtime singleton access (envoyproxy#19993) Signed-off-by: Alyssa Wilk <[email protected]> Signed-off-by: Rex Chang <[email protected]> * build(deps): bump grpcio-tools in /examples/grpc-bridge/client (envoyproxy#20040) Bumps [grpcio-tools](https://github.com/grpc/grpc) from 1.43.0 to 1.44.0. - [Release notes](https://github.com/grpc/grpc/releases) - [Changelog](https://github.com/grpc/grpc/blob/master/doc/grpc_release_schedule.md) - [Commits](grpc/grpc@v1.43.0...v1.44.0) --- updated-dependencies: - dependency-name: grpcio-tools dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Rex Chang <[email protected]> * adds to spellcheck Signed-off-by: Rex Chang <[email protected]> * xray tracer: set subsegment type for child spans (#2) * xray tracer: set subsegment type for child spans Signed-off-by: Rex Chang <[email protected]> * adds test coverage Signed-off-by: Rex Chang <[email protected]> * Xray subsegment (#3) * xray tracer: set subsegment type for child spans Signed-off-by: Rex Chang <[email protected]> * adds test coverage Signed-off-by: Rex Chang <[email protected]> * updates xray subsegment name to use operation name (instead of parent's span name) Signed-off-by: Rex Chang <[email protected]> * updates doc Signed-off-by: Rex Chang <[email protected]> * updates doc Signed-off-by: Rex Chang <[email protected]> * Xray subsegment (#4) * xray tracer: set subsegment type for child spans Signed-off-by: Rex Chang <[email protected]> * adds test coverage Signed-off-by: Rex Chang <[email protected]> * updates xray subsegment name to use operation name (instead of parent's span name) Signed-off-by: Rex Chang <[email protected]> * updates doc Signed-off-by: Rex Chang <[email protected]> * updates doc Signed-off-by: Rex Chang <[email protected]> * adds to spell check dictionary Signed-off-by: Rex Chang <[email protected]> * fixes spellcheck Signed-off-by: Rex Chang <[email protected]> * adds to spellcheck Signed-off-by: Rex Chang <[email protected]> xray tracer: set subsegment type for child spans (#2) * xray tracer: set subsegment type for child spans Signed-off-by: Rex Chang <[email protected]> * adds test coverage Signed-off-by: Rex Chang <[email protected]> Xray subsegment (#3) * xray tracer: set subsegment type for child spans Signed-off-by: Rex Chang <[email protected]> * adds test coverage Signed-off-by: Rex Chang <[email protected]> * updates xray subsegment name to use operation name (instead of parent's span name) Signed-off-by: Rex Chang <[email protected]> * updates doc Signed-off-by: Rex Chang <[email protected]> * updates doc Signed-off-by: Rex Chang <[email protected]> Xray subsegment (#4) * xray tracer: set subsegment type for child spans Signed-off-by: Rex Chang <[email protected]> * adds test coverage Signed-off-by: Rex Chang <[email protected]> * updates xray subsegment name to use operation name (instead of parent's span name) Signed-off-by: Rex Chang <[email protected]> * updates doc Signed-off-by: Rex Chang <[email protected]> * updates doc Signed-off-by: Rex Chang <[email protected]> * adds to spell check dictionary Signed-off-by: Rex Chang <[email protected]> fixes spellcheck Signed-off-by: Rex Chang <[email protected]> * fixes spell check Signed-off-by: Rex Chang <[email protected]> Co-authored-by: alyssawilk <[email protected]> Co-authored-by: Bin Wu <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Joshua Marantz <[email protected]>
wangfakang
pushed a commit
that referenced
this pull request
Sep 15, 2022
…roxy#22689) Commit Message: stream_idle_timer_ is armed to timeout the sending of the bufferred response payload in the quic stream send buffer after the end stream is buffered in the stream. But today this timer is armed even if the the encoding of the payload causes the stream to be closed, in which case the timer can never be cancelled till the stream destruction with ASSERT hit as below: [2022-08-12 22:23:38.843][12][critical][backtrace] [./source/server/backtrace.h:104] Caught Aborted, suspect faulting address 0x50e8d0000000c [2022-08-12 22:23:38.844][12][critical][backtrace] [./source/server/backtrace.h:91] Backtrace (use tools/stack_decode.py to get line numbers): [2022-08-12 22:23:38.844][12][critical][backtrace] [./source/server/backtrace.h:92] Envoy version: 0/1.24.0-dev/test/DEBUG/BoringSSL [2022-08-12 22:23:38.858][12][critical][backtrace] [./source/server/backtrace.h:96] #0: Envoy::SignalAction::sigHandler() [0x3480b28] [2022-08-12 22:23:38.858][12][critical][backtrace] [./source/server/backtrace.h:96] #1: __restore_rt [0x7f94b072c200] [2022-08-12 22:23:38.872][12][critical][backtrace] [./source/server/backtrace.h:96] #2: Envoy::Quic::EnvoyQuicStream::~EnvoyQuicStream() [0x2a2fe98] [2022-08-12 22:23:38.885][12][critical][backtrace] [./source/server/backtrace.h:96] #3: Envoy::Quic::EnvoyQuicServerStream::~EnvoyQuicServerStream() [0x2a78058] [2022-08-12 22:23:38.899][12][critical][backtrace] [./source/server/backtrace.h:96] #4: Envoy::Quic::EnvoyQuicServerStream::~EnvoyQuicServerStream() [0x2a77d30] [2022-08-12 22:23:38.912][12][critical][backtrace] [./source/server/backtrace.h:96] #5: Envoy::Quic::EnvoyQuicServerStream::~EnvoyQuicServerStream() [0x2a77d69] This change check stream close in this case, so that the idle timer will not be armed for closed streams. Risk Level: low Testing: new unit test Docs Changes: N/A Release Notes: N/A Platform Specific Features: N/A Signed-off-by: Dan Zhang <[email protected]>
wangfakang
pushed a commit
that referenced
this pull request
Sep 15, 2022
…voyproxy#22856) `//test/integration:tcp_proxy_odcds_integration_test` was observed to fail as follows: ``` ==================== Test output for //test/integration:tcp_proxy_odcds_integration_test: [==========] Running 24 tests from 1 test suite. [----------] Global test environment set-up. [----------] 24 tests from IpVersionsClientType/TcpProxyOdcdsIntegrationTest [ RUN ] IpVersionsClientType/TcpProxyOdcdsIntegrationTest.SingleTcpClient/0 [2022-08-25 20:22:46.750][3969][critical][assert] [test/integration/fake_upstream.cc:832] assert failure: !dispatcher_->isThreadSafe(). [2022-08-25 20:22:46.752][3969][critical][backtrace] [./source/server/backtrace.h:104] Caught Aborted, suspect faulting address 0x6b00000f81 [2022-08-25 20:22:46.752][3969][critical][backtrace] [./source/server/backtrace.h:91] Backtrace (use tools/stack_decode.py to get line numbers): [2022-08-25 20:22:46.752][3969][critical][backtrace] [./source/server/backtrace.h:92] Envoy version: 0/1.24.0-dev/test/DEBUG/BoringSSL [2022-08-25 20:22:46.773][3969][critical][backtrace] [./source/server/backtrace.h:96] #0: Envoy::SignalAction::sigHandler() [0x4c46a78]->[0x2cf2a78] external/com_google_googletest/googlemock/include/gmock/gmock-spec-builders.h:1267 [2022-08-25 20:22:46.773][3969][critical][backtrace] [./source/server/backtrace.h:96] #1: __restore_rt [0x7ffbdaa79420]->[0x7ffbd8b25420] ??:0 [2022-08-25 20:22:46.802][3969][critical][backtrace] [./source/server/backtrace.h:96] #2: Envoy::FakeUpstream::assertPendingConnectionsEmpty() [0x245bf0b]->[0x507f0b] ??:0 [2022-08-25 20:22:46.846][3969][critical][backtrace] [./source/server/backtrace.h:96] #3: Envoy::(anonymous namespace)::TcpProxyOdcdsIntegrationTest_SingleTcpClient_Test::TestBody() [0x1f596cb]->[0x56cb] ??:0 [2022-08-25 20:22:46.877][3969][critical][backtrace] [./source/server/backtrace.h:96] #4: testing::internal::HandleSehExceptionsInMethodIfSupported<>() [0x588b61b]->[0x393761b] ??:0 [2022-08-25 20:22:46.924][3969][critical][backtrace] [./source/server/backtrace.h:96] #5: testing::internal::HandleExceptionsInMethodIfSupported<>() [0x587c2bd]->[0x39282bd] ??:0 [2022-08-25 20:22:46.966][3969][critical][backtrace] [./source/server/backtrace.h:96] #6: testing::Test::Run() [0x5864ba3]->[0x3910ba3] /usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_vector.h:0 [2022-08-25 20:22:47.003][3969][critical][backtrace] [./source/server/backtrace.h:96] #7: testing::TestInfo::Run() [0x586576a]->[0x391176a] external/com_google_absl/absl/container/internal/raw_hash_set.h:1259 [2022-08-25 20:22:47.037][3969][critical][backtrace] [./source/server/backtrace.h:96] #8: testing::TestSuite::Run() [0x5865fbb]->[0x3911fbb] /usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_algo.h:1925 [2022-08-25 20:22:47.089][3969][critical][backtrace] [./source/server/backtrace.h:96] #9: testing::internal::UnitTestImpl::RunAllTests() [0x5874a28]->[0x3920a28] envoy/registry/registry.h:509 [2022-08-25 20:22:47.114][3969][critical][backtrace] [./source/server/backtrace.h:96] #10: testing::internal::HandleSehExceptionsInMethodIfSupported<>() [0x588ddbb]->[0x3939dbb] envoy/registry/registry.h:0 [2022-08-25 20:22:47.160][3969][critical][backtrace] [./source/server/backtrace.h:96] #11: testing::internal::HandleExceptionsInMethodIfSupported<>() [0x587e683]->[0x392a683] /usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/unique_ptr.h:154 [2022-08-25 20:22:47.191][3969][critical][backtrace] [./source/server/backtrace.h:96] #12: testing::UnitTest::Run() [0x5874568]->[0x3920568] envoy/registry/registry.h:508 [2022-08-25 20:22:47.237][3969][critical][backtrace] [./source/server/backtrace.h:96] #13: RUN_ALL_TESTS() [0x4878d51]->[0x2924d51] external/com_google_googletest/googlemock/include/gmock/gmock-spec-builders.h:1203 [2022-08-25 20:22:47.284][3969][critical][backtrace] [./source/server/backtrace.h:96] #14: Envoy::TestRunner::RunTests() [0x48783b1]->[0x29243b1] external/com_google_googletest/googlemock/include/gmock/gmock-actions.h:485 [2022-08-25 20:22:47.316][3969][critical][backtrace] [./source/server/backtrace.h:96] #15: main [0x4874c3a]->[0x2920c3a] external/com_google_googletest/googlemock/include/gmock/gmock-spec-builders.h:1181 [2022-08-25 20:22:47.316][3969][critical][backtrace] [./source/server/backtrace.h:96] #16: __libc_start_main [0x7ffbda897083]->[0x7ffbd8943083] ??:0 ================================================================================ ``` This is due to the race described by envoyproxy#22855. Making sure the dispatcher thread is running before starting the test avoids this problem. Signed-off-by: Benjamin Peterson <[email protected]>
hatappi
pushed a commit
to hatappi/envoy-go-extension
that referenced
this pull request
Nov 15, 2022
This test sends a large number of metadata frames in order to trigger a disconnect. However, it was possible for the disconnect to happen and the connection to be torn down before all the metadata frames had been sent. If that happened, ASAN detected a UAF:
```
==95==ERROR: AddressSanitizer: heap-use-after-free on address 0x60700037e5a0 at pc 0x000004811f9e bp 0x7ffc903af990 sp 0x7ffc903af988
READ of size 8 at 0x60700037e5a0 thread T0
#0 0x4811f9d in Envoy::IntegrationCodecClient::sendMetadata(Envoy::Http::RequestEncoder&, Envoy::Http::MetadataMap) /proc/self/cwd/test/integration/http_integration.cc:168:3
#1 0x46ed711 in Envoy::Http2FloodMitigationTest_RequestMetadata_Test::TestBody() /proc/self/cwd/test/integration/http2_flood_integration_test.cc:1486:20
wangfakang#2 0xd380e64 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2580:10
wangfakang#3 0xd348dc2 in testing::Test::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2655:5
wangfakang#4 0xd34a927 in testing::TestInfo::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2832:11
wangfakang#5 0xd34ccc4 in testing::TestSuite::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2986:28
wangfakang#6 0xd36f07a in testing::internal::UnitTestImpl::RunAllTests() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5697:44
wangfakang#7 0xd384e63 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/
gtest.cc:2580:10
wangfakang#8 0xd36dd86 in testing::UnitTest::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5280:10
wangfakang#9 0xa0e53a4 in Envoy::TestRunner::RunTests(int, char**) /proc/self/cwd/external/com_google_googletest/googletest/include/gtest/gtest.h:2485:46
wangfakang#10 0xa0e0af7 in main /proc/self/cwd/test/main.cc:34:10
wangfakang#11 0x7f442ef69082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
wangfakang#12 0x45ed36d in _start (/mnt/ssd/cas/work/1/exec/bazel-out/k8-dbg/bin/test/integration/http2_flood_integration_test.runfiles/envoy/test/integration/http2_flood_integration_test+0x45ed36d)
0x60700037e5a0 is located 48 bytes inside of 80-byte region [0x60700037e570,0x60700037e5c0)
freed by thread T0 here:
#0 0x466f7d2 in free /local/mnt/workspace/bcain_clang_hu-bcain-lv_22036/final/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:52:3
#1 0x831dde8 in Envoy::Http::CodecClient::ActiveRequest::~ActiveRequest() /proc/self/cwd/./source/common/http/codec_client.h:220:10
wangfakang#2 0x5aa33f9 in std::__1::unique_ptr<Envoy::Event::DeferredDeletable, std::__1::default_delete<Envoy::Event::DeferredDeletable> >::reset(Envoy::Event::DeferredDeletable*) /opt/llvm/bin/../include/c++/v1/__memory/unique_ptr.h:54:5
wangfakang#3 0xa3218e8 in Envoy::Event::DispatcherImpl::clearDeferredDeleteList() /proc/self/cwd/source/common/event/dispatcher_impl.cc:142:21
wangfakang#4 0xa3348df in void std::__1::__invoke_void_return_wrapper<void, true>::__call<Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&
, Envoy::Random::RandomGenerator&, Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&
, std::__1::shared_ptr<Envoy::Buffer::WatermarkFactory> const&)::$_2&>(Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&, Envoy::Rand
om::RandomGenerator&, Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&, std::__1::s
hared_ptr<Envoy::Buffer::WatermarkFactory> const&)::$_2&) /proc/self/cwd/source/common/event/dispatcher_impl.cc:79:30
wangfakang#5 0xa334603 in std::__1::__function::__func<Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&, Envoy::Random::RandomGenerator&,
Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&, std::__1::shared_ptr<Envoy::Buffe
r::WatermarkFactory> const&)::$_2, std::__1::allocator<Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&, Envoy::Random::RandomGenera
tor&, Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&, std::__1::shared_ptr<Envoy:
:Buffer::WatermarkFactory> const&)::$_2>, void ()>::operator()() /opt/llvm/bin/../include/c++/v1/__functional/function.h:180:16
wangfakang#6 0x4897039 in std::__1::__function::__value_func<void ()>::operator()() const /opt/llvm/bin/../include/c++/v1/__functional/function.h:507:16
wangfakang#7 0xa8e6aa4 in Envoy::Event::SchedulableCallbackImpl::SchedulableCallbackImpl(Envoy::CSmartPtr<event_base, &(event_base_free)>&, std::__1::function<void ()>)::$_0::__invoke(int, short, void*) /opt/llvm/bin/../include/c++/v1/__functional/function.h:1184:12
wangfakang#8 0xb557c5e in event_process_active_single_queue /mnt/ssd/cas/work/2/exec/external/com_github_libevent_libevent/event.c:1713:4
wangfakang#9 0xb539252 in event_process_active /mnt/ssd/cas/work/2/exec/external/com_github_libevent_libevent/event.c
wangfakang#10 0xb539252 in event_base_loop /mnt/ssd/cas/work/2/exec/external/com_github_libevent_libevent/event.c:2047:12
wangfakang#11 0xa8e1e3c in Envoy::Event::LibeventScheduler::run(Envoy::Event::Dispatcher::RunType) /proc/self/cwd/source/common/event/libevent_scheduler.cc:60:3
wangfakang#12 0xa32bd94 in Envoy::Event::DispatcherImpl::run(Envoy::Event::Dispatcher::RunType) /proc/self/cwd/source/common/event/dispatcher_impl.cc:299:19
wangfakang#13 0x480faad in Envoy::IntegrationCodecClient::flushWrite() /proc/self/cwd/test/integration/http_integration.cc:100:29
wangfakang#14 0x4811e94 in Envoy::IntegrationCodecClient::sendMetadata(Envoy::Http::RequestEncoder&, Envoy::Http::MetadataMap) /proc/self/cwd/test/integration/http_integration.cc:169:3
wangfakang#15 0x46ed711 in Envoy::Http2FloodMitigationTest_RequestMetadata_Test::TestBody() /proc/self/cwd/test/integration/http2_flood_integration_test.cc:1486:20
wangfakang#16 0xd380e64 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2580:10
wangfakang#17 0xd348dc2 in testing::Test::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2655:5
wangfakang#18 0xd34a927 in testing::TestInfo::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2832:11
wangfakang#19 0xd34ccc4 in testing::TestSuite::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2986:28
wangfakang#20 0xd36f07a in testing::internal::UnitTestImpl::RunAllTests() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5697:44
wangfakang#21 0xd384e63 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2580:10
wangfakang#22 0xd36dd86 in testing::UnitTest::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5280:10
wangfakang#23 0xa0e53a4 in Envoy::TestRunner::RunTests(int, char**) /proc/self/cwd/external/com_google_googletest/googletest/include/gtest/gtest.h:2485:46
wangfakang#24 0xa0e0af7 in main /proc/self/cwd/test/main.cc:34:10
wangfakang#25 0x7f442ef69082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
```
To fix that, write all metadata frames at once.
Signed-off-by: Benjamin Peterson <[email protected]>
wangfakang
pushed a commit
that referenced
this pull request
Nov 29, 2022
When building the jni dylib for android, we previously stripped all debug info to decrease the artifact size. With this change we now produce the same stripped binary as before, but before stripping it we create a dump of the debug info suitable for crash reporting. This is made overly difficult for a few reasons: 1. Bazel doesn't support fission for Android bazelbuild/bazel#14765 2. Extra outputs from rules are not propagated up the dependency tree, so just building `android_dist` at the top level, isn't enough to get the extra outputs built as well 3. Building the library manually alongside the android artifact on the command line results in 2 separate builds, one for android as a transitive dependency of `android_dist` and one for the host platform This change avoids #1 fission for now, but the same approach could be used once that change makes its way to a bazel release. This change fixes #2 by using a separate output group that can be depended on by the genrule that writes to dist while avoiding #3 because the custom rule producing these uses the android transition. Signed-off-by: Keith Smiley <[email protected]> Signed-off-by: JP Simard <[email protected]>
wangfakang
pushed a commit
that referenced
this pull request
Nov 30, 2022
When building the jni dylib for android, we previously stripped all debug info to decrease the artifact size. With this change we now produce the same stripped binary as before, but before stripping it we create a dump of the debug info suitable for crash reporting. This is made overly difficult for a few reasons: 1. Bazel doesn't support fission for Android bazelbuild/bazel#14765 2. Extra outputs from rules are not propagated up the dependency tree, so just building `android_dist` at the top level, isn't enough to get the extra outputs built as well 3. Building the library manually alongside the android artifact on the command line results in 2 separate builds, one for android as a transitive dependency of `android_dist` and one for the host platform This change avoids #1 fission for now, but the same approach could be used once that change makes its way to a bazel release. This change fixes #2 by using a separate output group that can be depended on by the genrule that writes to dist while avoiding #3 because the custom rule producing these uses the android transition. Signed-off-by: Keith Smiley <[email protected]> Signed-off-by: JP Simard <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
For an explanation of how to fill out the fields, please see the relevant section
in PULL_REQUESTS.md
Commit Message:
Additional Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Deprecated:]