From 45d991c4fdeda2dc487c6684f5bedf6a9d544560 Mon Sep 17 00:00:00 2001
From: "qqustc@gmail.com" <qqin@google.com>
Date: Fri, 4 Dec 2020 17:07:56 -0500
Subject: [PATCH 1/2] config header

Signed-off-by: qqustc@gmail.com <qqin@google.com>
---
 .../http/kill_request/v3/kill_request.proto   |  3 +++
 .../http/http_filters/kill_request_filter.rst |  2 +-
 docs/root/version_history/current.rst         |  1 +
 .../http/kill_request/kill_request_filter.cc  |  7 +++++-
 .../kill_request_filter_integration_test.cc   | 25 ++++++++++++++++++-
 .../kill_request/kill_request_filter_test.cc  | 11 ++++++++
 6 files changed, 46 insertions(+), 3 deletions(-)

diff --git a/api/envoy/extensions/filters/http/kill_request/v3/kill_request.proto b/api/envoy/extensions/filters/http/kill_request/v3/kill_request.proto
index fd7a3d3397c0..fc531923aeaf 100644
--- a/api/envoy/extensions/filters/http/kill_request/v3/kill_request.proto
+++ b/api/envoy/extensions/filters/http/kill_request/v3/kill_request.proto
@@ -20,4 +20,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 message KillRequest {
   // The probability that a Kill request will be triggered.
   type.v3.FractionalPercent probability = 1;
+
+  // The name of the kill request header. If this field is not empty, it will override the :ref:`default header <config_http_filters_kill_request_http_header>` name. Otherwise the default header name will be used.
+  string kill_request_header = 2;
 }
diff --git a/docs/root/configuration/http/http_filters/kill_request_filter.rst b/docs/root/configuration/http/http_filters/kill_request_filter.rst
index a391baa56bb1..efd7b2685fa1 100644
--- a/docs/root/configuration/http/http_filters/kill_request_filter.rst
+++ b/docs/root/configuration/http/http_filters/kill_request_filter.rst
@@ -16,7 +16,7 @@ Configuration
 Enable Kill Request via HTTP header
 --------------------------------------------
 
-The KillRequest filter requires the following header in the request:
+The KillRequest filter requires a kill header in the request. If *kill_request_header* is not empty in *KillRequest* proto, the name of the kill header must match *KillRequest.kill_request_header*, otherwise it must match the default kill header below:
 
 x-envoy-kill-request
   whether the request is a Kill request.
diff --git a/docs/root/version_history/current.rst b/docs/root/version_history/current.rst
index 02135001dcf6..ddceb64a66ad 100644
--- a/docs/root/version_history/current.rst
+++ b/docs/root/version_history/current.rst
@@ -19,6 +19,7 @@ Minor Behavior Changes
 * grpc_web filter: if a `grpc-accept-encoding` header is present it's passed as-is to the upstream and if it isn't `grpc-accept-encoding:identity` is sent instead. The header was always overwriten with `grpc-accept-encoding:identity,deflate,gzip` before.
 * http: upstream protocol will now only be logged if an upstream stream was established.
 * jwt_authn filter: added support of Jwt time constraint verification with a clock skew (default to 60 seconds) and added a filter config field :ref:`clock_skew_seconds <envoy_v3_api_field_extensions.filters.http.jwt_authn.v3.JwtProvider.clock_skew_seconds>` to configure it.
+* kill_request: enable a way to configure kill header name in KillRequest proto.
 * memory: enable new tcmalloc with restartable sequences for aarch64 builds.
 * mongo proxy metrics: swapped network connection remote and local closed counters previously set reversed (`cx_destroy_local_with_active_rq` and `cx_destroy_remote_with_active_rq`).
 * tls: removed RSA key transport and SHA-1 cipher suites from the client-side defaults.
diff --git a/source/extensions/filters/http/kill_request/kill_request_filter.cc b/source/extensions/filters/http/kill_request/kill_request_filter.cc
index 9c5c825a786a..3ecd90e00cac 100644
--- a/source/extensions/filters/http/kill_request/kill_request_filter.cc
+++ b/source/extensions/filters/http/kill_request/kill_request_filter.cc
@@ -15,7 +15,12 @@ bool KillRequestFilter::isKillRequestEnabled() {
 }
 
 Http::FilterHeadersStatus KillRequestFilter::decodeHeaders(Http::RequestHeaderMap& headers, bool) {
-  const auto kill_request_header = headers.get(KillRequestHeaders::get().KillRequest);
+  // If not empty, configured kill header name will override the default header name.
+  const Http::LowerCaseString kill_request_header_name =
+      kill_request_.kill_request_header().empty()
+          ? KillRequestHeaders::get().KillRequest
+          : Http::LowerCaseString(kill_request_.kill_request_header());
+  const auto kill_request_header = headers.get(kill_request_header_name);
   bool is_kill_request = false;
   // This is an implicitly untrusted header, so per the API documentation only
   // the first value is used.
diff --git a/test/extensions/filters/http/kill_request/kill_request_filter_integration_test.cc b/test/extensions/filters/http/kill_request/kill_request_filter_integration_test.cc
index 35b011a858b5..b7372bb79b74 100644
--- a/test/extensions/filters/http/kill_request/kill_request_filter_integration_test.cc
+++ b/test/extensions/filters/http/kill_request/kill_request_filter_integration_test.cc
@@ -32,7 +32,7 @@ INSTANTIATE_TEST_SUITE_P(Protocols, KillRequestFilterIntegrationTestAllProtocols
                          testing::ValuesIn(HttpProtocolIntegrationTest::getProtocolTestParams()),
                          HttpProtocolIntegrationTest::protocolTestParamsToString);
 
-// Request abort controlled via header configuration.
+// Request crash Envoy controlled via header configuration.
 TEST_P(KillRequestFilterIntegrationTestAllProtocols, KillRequestCrashEnvoy) {
   initializeFilter(filter_config_);
   codec_client_ = makeHttpConnection(makeClientConnection(lookupPort("http")));
@@ -46,6 +46,29 @@ TEST_P(KillRequestFilterIntegrationTestAllProtocols, KillRequestCrashEnvoy) {
                "");
 }
 
+TEST_P(KillRequestFilterIntegrationTestAllProtocols, KillRequestCrashEnvoyWithCustomKillHeader) {
+  const std::string filter_config_with_custom_kill_header =
+      R"EOF(
+name: envoy.filters.http.kill_request
+typed_config:
+  "@type": type.googleapis.com/envoy.extensions.filters.http.kill_request.v3.KillRequest
+  probability:
+    numerator: 100
+  kill_request_header: "x-custom-kill-request"
+)EOF";
+
+  initializeFilter(filter_config_with_custom_kill_header);
+  codec_client_ = makeHttpConnection(makeClientConnection(lookupPort("http")));
+  Http::TestRequestHeaderMapImpl request_headers{{":method", "GET"},
+                                                 {":path", "/test/long/url"},
+                                                 {":scheme", "http"},
+                                                 {":authority", "host"},
+                                                 {"x-custom-kill-request", "true"}};
+
+  EXPECT_DEATH(sendRequestAndWaitForResponse(request_headers, 0, default_response_headers_, 1024),
+               "");
+}
+
 TEST_P(KillRequestFilterIntegrationTestAllProtocols, KillRequestDisabledWhenHeaderIsMissing) {
   initializeFilter(filter_config_);
   codec_client_ = makeHttpConnection(makeClientConnection(lookupPort("http")));
diff --git a/test/extensions/filters/http/kill_request/kill_request_filter_test.cc b/test/extensions/filters/http/kill_request/kill_request_filter_test.cc
index ff101f241c0f..af202dcfa1c6 100644
--- a/test/extensions/filters/http/kill_request/kill_request_filter_test.cc
+++ b/test/extensions/filters/http/kill_request/kill_request_filter_test.cc
@@ -42,6 +42,17 @@ TEST_F(KillRequestFilterTest, KillRequestCrashEnvoy) {
   EXPECT_DEATH(filter_->decodeHeaders(request_headers_, false), "");
 }
 
+TEST_F(KillRequestFilterTest, KillRequestCrashEnvoyWithCustomKillHeader) {
+  envoy::extensions::filters::http::kill_request::v3::KillRequest kill_request;
+  kill_request.mutable_probability()->set_numerator(1);
+  kill_request.set_kill_request_header("x-custom-kill-request");
+  setUpTest(kill_request);
+  request_headers_.addCopy("x-custom-kill-request", "true");
+
+  ON_CALL(random_generator_, random()).WillByDefault(Return(0));
+  EXPECT_DEATH(filter_->decodeHeaders(request_headers_, false), "");
+}
+
 TEST_F(KillRequestFilterTest, KillRequestWithMillionDenominatorCrashEnvoy) {
   envoy::extensions::filters::http::kill_request::v3::KillRequest kill_request;
   kill_request.mutable_probability()->set_numerator(1);

From 1377bc5ce75a257f0ddaa59481ebf01cf9663ccb Mon Sep 17 00:00:00 2001
From: "qqustc@gmail.com" <qqin@google.com>
Date: Fri, 4 Dec 2020 19:23:08 -0500
Subject: [PATCH 2/2] fix

Signed-off-by: qqustc@gmail.com <qqin@google.com>
---
 .../extensions/filters/http/kill_request/v3/kill_request.proto | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/generated_api_shadow/envoy/extensions/filters/http/kill_request/v3/kill_request.proto b/generated_api_shadow/envoy/extensions/filters/http/kill_request/v3/kill_request.proto
index fd7a3d3397c0..fc531923aeaf 100644
--- a/generated_api_shadow/envoy/extensions/filters/http/kill_request/v3/kill_request.proto
+++ b/generated_api_shadow/envoy/extensions/filters/http/kill_request/v3/kill_request.proto
@@ -20,4 +20,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 message KillRequest {
   // The probability that a Kill request will be triggered.
   type.v3.FractionalPercent probability = 1;
+
+  // The name of the kill request header. If this field is not empty, it will override the :ref:`default header <config_http_filters_kill_request_http_header>` name. Otherwise the default header name will be used.
+  string kill_request_header = 2;
 }