Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

stats: convert tag extractor regexs to Re2 #14519

Merged
merged 26 commits into from
Jan 14, 2021
Merged

stats: convert tag extractor regexs to Re2 #14519

merged 26 commits into from
Jan 14, 2021

Conversation

rojkov
Copy link
Member

@rojkov rojkov commented Dec 24, 2020

Commit Message: stats: convert tag extractor regexs to Re2
Additional Description:
Risk Level: high, the regexes are updated to match more specific patterns.
Testing: unit tests
Docs Changes: N/A
Release Notes: N/A
Fixes #14439

@rojkov
Copy link
Member Author

rojkov commented Dec 24, 2020

The added benchmark gives these numbers for the currently used regexes

-----------------------------------------------------------
Benchmark                 Time             CPU   Iterations
-----------------------------------------------------------
bmExtractTags/0        5489 ns         5482 ns       116242
bmExtractTags/1        1750 ns         1747 ns       404362
bmExtractTags/2        1346 ns         1344 ns       507597
bmExtractTags/3        1705 ns         1703 ns       412873
bmExtractTags/4        2645 ns         2641 ns       271216
bmExtractTags/5        1555 ns         1553 ns       450419
bmExtractTags/6         622 ns          622 ns      1164196
bmExtractTags/7        1662 ns         1659 ns       423913
bmExtractTags/8        4497 ns         4491 ns       152800
bmExtractTags/9        4064 ns         4058 ns       173024
bmExtractTags/10       4959 ns         4951 ns       145306
bmExtractTags/11        911 ns          910 ns       754577
bmExtractTags/12        894 ns          893 ns       791770
bmExtractTags/13       6537 ns         6528 ns       105229
bmExtractTags/14      10092 ns        10077 ns        68439
bmExtractTags/15       5058 ns         5051 ns       136795
bmExtractTags/16       3404 ns         3399 ns       207761
bmExtractTags/17       3361 ns         3356 ns       214349
bmExtractTags/18       3292 ns         3287 ns       212676
bmExtractTags/19       2049 ns         2046 ns       341955
bmExtractTags/20       1080 ns         1078 ns       640417
bmExtractTags/21       1233 ns         1231 ns       565355
bmExtractTags/22       1583 ns         1581 ns       446222
bmExtractTags/23       2463 ns         2460 ns       288727
bmExtractTags/24       2427 ns         2424 ns       276382
bmExtractTags/25        505 ns          505 ns      1361377
bmExtractTags/26        277 ns          276 ns      2503746
bmExtractTags/27       3651 ns         3646 ns       185178

With regexes converted to RE2

-----------------------------------------------------------
Benchmark                 Time             CPU   Iterations
-----------------------------------------------------------
bmExtractTags/0        1832 ns         1829 ns       382449
bmExtractTags/1         512 ns          512 ns      1361810
bmExtractTags/2         808 ns          807 ns       879382
bmExtractTags/3        1254 ns         1252 ns       554894
bmExtractTags/4        1336 ns         1334 ns       525821
bmExtractTags/5         858 ns          857 ns       824452
bmExtractTags/6         339 ns          339 ns      2086426
bmExtractTags/7         991 ns          989 ns       701679
bmExtractTags/8        2850 ns         2847 ns       239643
bmExtractTags/9        2541 ns         2537 ns       278245
bmExtractTags/10       3400 ns         3395 ns       208227
bmExtractTags/11        716 ns          715 ns       937773
bmExtractTags/12        510 ns          509 ns      1382508
bmExtractTags/13       2973 ns         2968 ns       231524
bmExtractTags/14       4958 ns         4950 ns       141460
bmExtractTags/15       3606 ns         3601 ns       194652
bmExtractTags/16       2104 ns         2100 ns       338673
bmExtractTags/17       1204 ns         1203 ns       566432
bmExtractTags/18       1226 ns         1224 ns       582547
bmExtractTags/19       1273 ns         1271 ns       529859
bmExtractTags/20        867 ns          866 ns       819005
bmExtractTags/21       1157 ns         1156 ns       606544
bmExtractTags/22       1370 ns         1368 ns       518921
bmExtractTags/23       1567 ns         1565 ns       447355
bmExtractTags/24       2137 ns         2134 ns       323261
bmExtractTags/25        319 ns          318 ns      2231632
bmExtractTags/26        296 ns          295 ns      2330274
bmExtractTags/27        500 ns          499 ns      1402414

I assumed that <operation_name>, <table_name>, <callsite> tags and some others can't contain dots in their values.
<stat_prefix>, <virtual_host_name> can contain dots (though not in the case of http.(<stat_prefix>.)* - this is also the current behavior). The benchmark results would be better if neither could contain dots. Particularly for tcp.(<stat_prefix>.)<base_stat>, udp.(<stat_prefix>.)<base_stat>, auth.clientssl.(<stat_prefix>.)<base_stat> the result could be 3 times better, because there would be no need to maintain full match (that is to have \w+?$ at the end of the patterns).


// http.(<stat_prefix>.)*
addRegex(HTTP_CONN_MANAGER_PREFIX, "^http\\.((.*?)\\.)");
addRe2(HTTP_CONN_MANAGER_PREFIX, R"(^http\.(([\w-]+)\.))");
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

BTW, is it OK to have two patterns with the same name like in the lines 100 and 103?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good question. I think the semantics of this pre-date my involvement with this code, but it relates to runtime configuration of stat tag extraction regexes.

Regardless, this situation is pre-existing and it doesn't look like you've caused it to regress.

Copy link
Contributor

@jmarantz jmarantz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This in general looks right to me, though I wonder if we can have even more speedup by hand-tweaking each RE2 more. I don't have any specific ideas, but that could also be done as a follow-up, maybe once informed by actual need once #14167 lands and we can understand detailed regex overheads in context.

Can you also confirm that we have correctness test for each regex? I think we probably do, but it is worth making sure.


// http.(<stat_prefix>.)*
addRegex(HTTP_CONN_MANAGER_PREFIX, "^http\\.((.*?)\\.)");
addRe2(HTTP_CONN_MANAGER_PREFIX, R"(^http\.(([\w-]+)\.))");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good question. I think the semantics of this pre-date my involvement with this code, but it relates to runtime configuration of stat tag extraction regexes.

Regardless, this situation is pre-existing and it doesn't look like you've caused it to regress.

@jmarantz
Copy link
Contributor

/wait

and some other parts as they are known not to contain dots.

Signed-off-by: Dmitry Rozhkov <[email protected]>
Signed-off-by: Dmitry Rozhkov <[email protected]>
Signed-off-by: Dmitry Rozhkov <[email protected]>
Signed-off-by: Dmitry Rozhkov <[email protected]>
@rojkov
Copy link
Member Author

rojkov commented Dec 28, 2020

I checked every regex has a corresponding test. Also I modified the tests to contain dashes where they can be theoretically used.

From the old regexes for UDP, TCP, HTTP prefixes and others I inferred that dots are not allowed in <stat_prefix>, so this led to getting rid of some unneeded complexity. Then I realized that "stat_name is not mutated until all the extraction is done". This let me simplify the regexes even more.

Now the benchmarks for the old and new regexes look like this

old

-----------------------------------------------------------
Benchmark                 Time             CPU   Iterations
-----------------------------------------------------------
bmExtractTags/0        5534 ns         5526 ns       118957
bmExtractTags/1        1734 ns         1732 ns       405390
bmExtractTags/2        1294 ns         1292 ns       539449
bmExtractTags/3        1678 ns         1676 ns       417579
bmExtractTags/4        2559 ns         2555 ns       270832
bmExtractTags/5        1484 ns         1482 ns       471794
bmExtractTags/6         607 ns          606 ns      1186264
bmExtractTags/7        1616 ns         1614 ns       436987
bmExtractTags/8        4517 ns         4510 ns       156829
bmExtractTags/9        3991 ns         3985 ns       174039
bmExtractTags/10        886 ns          885 ns       809248
bmExtractTags/11        880 ns          879 ns       818406
bmExtractTags/12       6712 ns         6701 ns       105144
bmExtractTags/13      10088 ns        10072 ns        69762
bmExtractTags/14       5113 ns         5105 ns       135417
bmExtractTags/15       3366 ns         3361 ns       212136
bmExtractTags/16       3291 ns         3286 ns       213164
bmExtractTags/17       3304 ns         3299 ns       208676
bmExtractTags/18       2014 ns         2012 ns       351865
bmExtractTags/19       1062 ns         1060 ns       662142
bmExtractTags/20       1217 ns         1215 ns       574421
bmExtractTags/21       1539 ns         1537 ns       450240
bmExtractTags/22       2452 ns         2449 ns       281554
bmExtractTags/23       2413 ns         2409 ns       290230
bmExtractTags/24        495 ns          494 ns      1426162
bmExtractTags/25        282 ns          282 ns      2444675
bmExtractTags/26       3716 ns         3711 ns       186759

new

-----------------------------------------------------------
Benchmark                 Time             CPU   Iterations
-----------------------------------------------------------
bmExtractTags/0        1803 ns         1801 ns       387066
bmExtractTags/1         508 ns          507 ns      1000000
bmExtractTags/2         790 ns          789 ns       876999
bmExtractTags/3         644 ns          643 ns      1010080
bmExtractTags/4        1317 ns         1315 ns       526524
bmExtractTags/5         853 ns          852 ns       819996
bmExtractTags/6         334 ns          333 ns      2126458
bmExtractTags/7         577 ns          576 ns      1218636
bmExtractTags/8        1352 ns         1350 ns       493885
bmExtractTags/9        1779 ns         1776 ns       390343
bmExtractTags/10        317 ns          316 ns      2246623
bmExtractTags/11        510 ns          509 ns      1317685
bmExtractTags/12       1150 ns         1148 ns       611562
bmExtractTags/13       1354 ns         1352 ns       514080
bmExtractTags/14       1654 ns         1652 ns       444191
bmExtractTags/15        960 ns          959 ns       741186
bmExtractTags/16        816 ns          815 ns       845007
bmExtractTags/17        804 ns          803 ns       891785
bmExtractTags/18        827 ns          826 ns       842946
bmExtractTags/19        336 ns          336 ns      2103591
bmExtractTags/20        344 ns          344 ns      2051805
bmExtractTags/21        393 ns          392 ns      1769019
bmExtractTags/22        882 ns          881 ns       790379
bmExtractTags/23       2071 ns         2069 ns       336449
bmExtractTags/24        317 ns          317 ns      2190476
bmExtractTags/25        310 ns          310 ns      2327887
bmExtractTags/26        495 ns          494 ns      1412560


// cluster.(<cluster_name>.)*
addRe2(CLUSTER_NAME, "^cluster\\.(([^\\.]+)\\.).*");
addRe2(CLUSTER_NAME, R"(^cluster\.(([\w-]+)\.))");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have a question on the use of \w here -- does this possibly reject expressions that the original one did not? I think the answer is "yes". E.g. punctuation other than "." or "-" that might be expected to work. I think cluster-names are in control of the user, so this might be a visible change in behavior.

Is there a speed difference for using \w- vs ^\. ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

^\. seems to perform better. Perhaps this is a negated comparison with a single symbol vs comparisons with multiple symbols. Replaced with ^\. everywhere.

"capacity(?=\\.).*?(\\.__partition_id=(\\w{7}))$",
".dynamodb.table.");
addRe2(DYNAMO_PARTITION_ID,
R"(^http\.[\w-]+\.dynamodb\.table\.[\w-]+\.capacity\.[\w-]+(\.__partition_id=(\w{7}))$)",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

one thought on how these segments are expressed in code: I wonder if we should define some infrastructure like macros or helper functions to provide some of these symbolically rather than spelling out the full regexes. That might make them easier to read for non-regex-experts, and also have a single point where we define what a "word" means, e.g. (alphanumerics plus -) vs (everything except .)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how about the expandRegex() function I added?

@jmarantz
Copy link
Contributor

FYI your coverage fails with Code coverage for source/common/network is lower than limit of 95.3 (95.2). Not sure why that would appear in your PR but maybe just try merging main?

@rojkov
Copy link
Member Author

rojkov commented Dec 30, 2020

/retest

@repokitteh-read-only
Copy link

Retrying Azure Pipelines:
Retried failed jobs in: envoy-presubmit

🐱

Caused by: a #14519 (comment) was created by @rojkov.

see: more, trace.

jmarantz
jmarantz previously approved these changes Dec 30, 2020
Copy link
Contributor

@jmarantz jmarantz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2 nits, but I think this is ready for @envoyproxy/senior-maintainers review.

}

void TagNameValues::addRegex(const std::string& name, const std::string& regex,
const std::string& substr) {
descriptor_vec_.emplace_back(Descriptor{name, regex, substr, Regex::Type::StdRegex});
descriptor_vec_.emplace_back(Descriptor{name, expandRegex(regex), substr, Regex::Type::StdRegex});
Copy link
Contributor

@jmarantz jmarantz Dec 30, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: I think TagNameValues::addRegex is not called now. Delete?


regex_tester.testRegex("cluster.ratelimit.upstream_rq_timeout", "cluster.upstream_rq_timeout",
regex_tester.testRegex("cluster.rate_limit-14.upstream_rq_timeout", "cluster.upstream_rq_timeout",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: you could revert the changes to add dashes as dashes are no longer special in your regexes.

@rojkov
Copy link
Member Author

rojkov commented Jan 8, 2021

Here it is. Will continue on Monday

jmarantz
jmarantz previously approved these changes Jan 8, 2021
Copy link
Contributor

@jmarantz jmarantz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just did a pass over a patched version of this PR with the following changes:

  • made the tag-extractor-stats log more greppable (added keyword TagStats) and switched it to an 'error' so I don't have to do trace-logging which is slow
  • commented out tag_extractor_impl_test.cc in the BUILD file
  • ran `bazel test --cache_test_results=no //test/... --test_output=all | fgrep TagStats >/tmp/tag_extraction.log

Then I hacked the output with cut/sort/unique and just scanned through it, convincing myself that every tag-matcher expression had at least one match in the test suite.

So I'm good to go with this PR, modulo Matt's comment about adding some comments to the extractRegex function.

@rojkov
Copy link
Member Author

rojkov commented Jan 11, 2021

Thanks!

I've added TagStats to the output string for greppability and updated expandRegex()'s comment.

jmarantz
jmarantz previously approved these changes Jan 11, 2021
Copy link
Contributor

@jmarantz jmarantz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@envoyproxy/senior-maintainers for a final pass?

Copy link
Member

@htuch htuch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome, just a handful of comments.
/wait

source/common/config/well_known_names.cc Outdated Show resolved Hide resolved
source/common/config/well_known_names.cc Outdated Show resolved Hide resolved
source/common/config/well_known_names.cc Show resolved Hide resolved
source/common/config/well_known_names.cc Show resolved Hide resolved
} \
std::unique_ptr<Counters> var

#define PERF_TAG_COUNTERS_INIT(var) var = std::make_unique<Counters>()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: wrap the expansion in parens or do/while for safety.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Out of curiosity, what's the scenario where this would parse unexpectedly?

Usually I'd use do/while in a macro if there were multiple statements in the expansion.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if I make the macros non-parameterized as they are used only once?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes that makes sense. You could also have

#define PERF_TAG_INC(member) ++counters->member

and then you only need one macro rather than one each for skipped/missed/matched, but I am not too concerned about this; whatever you prefer.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! This simplifies the code a bit. Updated.

@mattklein123 mattklein123 assigned htuch and unassigned mattklein123 Jan 13, 2021
Copy link
Member

@htuch htuch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM modulo nits


// http.[<stat_prefix>.]rds.(<route_config_name>.)<base_stat>
addRegex(RDS_ROUTE_CONFIG, R"(^http(?=\.).*?\.rds\.((.*?)\.)\w+?$)", ".rds.");
addRe2(RDS_ROUTE_CONFIG, R"(^http\.<NAME>\.rds\.((<ROUTE_CONFIG_NAME>)\.)\w+?$)", ".rds.");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Out of curiosity, why not drop the base_stat at the end in this case?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

<ROUTE_CONFIG_NAME> can contain dots and there's no any other anchor after it except EOL. This makes the regex slower unfortunately.
Added a comment to explain it to my future self.

};

#define PERF_TAG_COUNTERS \
~TagExtractorImplBase() override { \
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: putting the whole destructor here is a bit magical, I think I would prefer it under an explicit #ifdef

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@rojkov
Copy link
Member Author

rojkov commented Jan 14, 2021

/retest

@repokitteh-read-only
Copy link

Retrying Azure Pipelines:
Retried failed jobs in: envoy-presubmit

🐱

Caused by: a #14519 (comment) was created by @rojkov.

see: more, trace.

Copy link
Contributor

@jmarantz jmarantz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

explicit ifdef'd destructor is much more readable; thanks.

Copy link
Member

@htuch htuch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@htuch htuch merged commit de02955 into envoyproxy:master Jan 14, 2021
@jmarantz
Copy link
Contributor

And thanks for doing this @rojkov !

qinggniq added a commit to qinggniq/envoy that referenced this pull request Jan 25, 2021
Signed-off-by: qinggniq <[email protected]>

add auth helper

Signed-off-by: qinggniq <[email protected]>

refactor mysql server greeting codec

Signed-off-by: qinggniq <[email protected]>

codec encode

Signed-off-by: qinggniq <[email protected]>

add unit test for mysql greeting codec

Signed-off-by: qinggniq <[email protected]>

complete login resp codec

Signed-off-by: qinggniq <[email protected]>

add login message test

Signed-off-by: qinggniq <[email protected]>

feat link error

Signed-off-by: qinggniq <[email protected]>

refactor mysql login resp

Signed-off-by: qinggniq <[email protected]>

pass all codec test

Signed-off-by: qinggniq <[email protected]>

only contain codec change

Signed-off-by: qinggniq <[email protected]>

remove header

Signed-off-by: qinggniq <[email protected]>

http: expose encoded headers/trailers via callbacks (envoyproxy#14544)

In order to support upstream filters passing ownership of headers and
then being able to reference them after the fact, expose a HTTP filter
function that allows reading the header maps back.

Signed-off-by: Snow Pettersen <[email protected]>

Implement request header processing in ext_proc (envoyproxy#14385)

Send request headers to the server and apply header mutations based
on the response. The rest of the protocol is still ignored.

Signed-off-by: Gregory Brail <[email protected]>

1.17.0 release (envoyproxy#14624)

Signed-off-by: Matt Klein <[email protected]>

kick off v1.18.0 (envoyproxy#14637)

Signed-off-by: Matt Klein <[email protected]>

filter manager: drop assert (envoyproxy#14633)

Signed-off-by: Raul Gutierrez Segales <[email protected]>

docs: update ext_proc docs to reflect implementation status (envoyproxy#14636)

Signed-off-by: Gregory Brail <[email protected]>

[tls] Expose ServerContextImpl::selectTlsContext (envoyproxy#14592)

Signed-off-by: Chad Retz <[email protected]>

http: support creating filters with match tree (envoyproxy#14430)

Adds support for wrapping a HTTP filter with an ExtensionWithMatcher proto to create the filters with an associated match tree.

Under the hood this makes use of a wrapper filter factory that manages creating the match tree and adding it to the FM
alongside the associated filter.

Also includes some code to register factories for input/actions, allowing them to be referenced in the proto configuration.

Signed-off-by: Snow Pettersen <[email protected]>

fix empty connection debug logs (envoyproxy#14666)

Fixes envoyproxy#14661

Signed-off-by: Rama Chavali <[email protected]>

tcp_proxy: ignore transfer encoding in HTTP/1.1 CONNECT responses (envoyproxy#14623)

Commit Message: Ignore the transfer encoding header in CONNECT responses
Additional Description: NONE
Risk Level: low
Testing: integration test
Docs Changes: NONE
Release Notes: https://github.com/irozzo-1A/envoy/blob/ignore-transfer-encoding/docs/root/version_history/current.rst#new-features
Platform Specific Features: NONE
Fixes envoyproxy#11308

Signed-off-by: Iacopo Rozzo <[email protected]>

ci: fix docs tag build (envoyproxy#14653)

Signed-off-by: Lizan Zhou <[email protected]>

HTTP health checker: handle GOAWAY from HTTP2 upstreams (envoyproxy#13599)

Makes the HTTP health checker handle GOAWAY properly. When the NO_ERROR
code is received, any in flight request will be allowed to complete, at
which time the connection will be closed and a new connection created on
the next interval.

GOAWAY frames with codes other than NO_ERROR are treated as a health
check failure, and immediately close the connection.

Signed-off-by: Michael Puncel <[email protected]>

upstream: clean up feature parsing code (envoyproxy#14629)

Fixing a perfectly safe and fairly terrible version merge in the ALPN pr the "refactor all upstream config" PRs.
the original code created the new options for new config, and parseFeatures handled parsing features from either the new options, or the old config.  I decided that was too complicated, changed the code to always create the new options struct and forgot to clean up parseFeatures to assume the presence of the new options struct and remove handling things the old style way.

Risk Level: low (clean up inaccessible code)
Testing: added one extra unit test just because
Docs Changes: n/a
Release Notes:  n/a

Signed-off-by: Alyssa Wilk <[email protected]>

upstream: force a full rebuild on host weight changes (envoyproxy#14569)

This will allow us to build load balancers that pre-compute data
structures based on host weights (for example using weighted queues),
to work around some of the deficiencies of EDF scheduling.

This behavior can be temporarily disabled by setting the
envoy.reloadable_features.upstream_host_weight_change_causes_rebuild
feature flag to false.

Fixes envoyproxy#14360

Signed-off-by: Matt Klein <[email protected]>

access log: add support for command formatter extensions (envoyproxy#14512)

Signed-off-by: Raul Gutierrez Segales <[email protected]>

test: improving dynamic_forward_proxy coverage (envoyproxy#14672)

Risk Level: n/a (test only)

Signed-off-by: Alyssa Wilk <[email protected]>

access_logs: removing disallow_unbounded_access_logs (envoyproxy#14677)

Signed-off-by: Alyssa Wilk <[email protected]>

wasm: replace the obsolete contents in wasm-cc's README with docs link (envoyproxy#14628)

Signed-off-by: Kenjiro Nakayama <[email protected]>

grpc-json-transcoder: support root path (envoyproxy#14585)

Signed-off-by: Xuyang Tao <[email protected]>

ecds: add config source for network filter configs (envoyproxy#14674)

Signed-off-by: Kuat Yessenov <[email protected]>

fix comment for parameters end_stream of decodeData/encodeData. (envoyproxy#14620)

Signed-off-by: wangfakang <[email protected]>

[fuzz] Fix bugs in HPACK fuzz test (envoyproxy#14638)

- Use after free because nghttp2_nv object has pointers to the underlying strings and copying them resulted in a use after free when the copy was used after the original was destroyed
- Fixed sorting issues and tested leading/trailing whitespace headers (I can no longer reproduce an issue I saw where a null byte appeared after decoding whitespace, maybe the former fix fixed this)

Risk Level: Low
Testing: Added regression tests and cases for whitespace headers

Fixes
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28880
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28869

Signed-off-by: Asra Ali <[email protected]>

v3 packages updates for omit_canary_hosts proto (envoyproxy#14117)

Risk Level: LOW
Testing: unit ( proto_format and docs )

part of envoyproxy#12841

Signed-off-by: Abhay Narayan Katare <[email protected]>

streaminfo/mocks: delay filter_state_ dereference (envoyproxy#14612)

By dereferencing filter_state_ in the constructor, any test that sets
filter_state_ will dereference an invalid pointer. This may not be a
common use-case, but it came up when writing some microbenchmarks for
a custom filter where I needed to reset the FilterState on each
iteration of the benchmark.

Signed-off-by: Brian Wolfe <[email protected]>

http: support passing match result action to filter (envoyproxy#14462)

Adds support for passing through a match action from a match tree to the associated HTTP filter.

Some care has to be taken here around dual filters, so we introduce an abstraction that moves handling HttpMatchingData
updates and applying the match result into a FilterMatchState object that is shared between all filter wrappers for a given filter.

This should also avoid having to match twice for dual filters: the match result is shared for both filters, instead of both of
them having to independently arrive at it with the same data.

Signed-off-by: Snow Pettersen <[email protected]>

refactor: use unitfloat in more places (envoyproxy#14396)

Commit Message: Use UnitFloat in place of float in more locations
Additional Description:
UnitFloat represents a floating point value that is guaranteed to be in the range [0, 1]. Use
it in place of floats that also have the same expectation in OverloadActionState and
connection listeners.

This PR introduces no functional changes.

Risk Level: low
Testing: ran affected tests
Docs Changes: n/a
Release Notes: n/a
Platform Specific Features: n/a

Signed-off-by: Alex Konradi <[email protected]>

[tls] add missing built in cipher stat names (envoyproxy#14676)

* add missing ciphers

Signed-off-by: Asra Ali <[email protected]>

docs: adding coverage walkthroguh (envoyproxy#14688)

Risk Level: n/a
Testing: n/a
Docs Changes: adding developer docs
Release Notes: n/a

Signed-off-by: Alyssa Wilk <[email protected]>

local ratelimit: Add descriptor support in HTTP Local Rate Limiting (envoyproxy#14588)

Signed-off-by: Kuat Yessenov <[email protected]>
Co-authored-by: gargnupur <[email protected]>

http: prefetch for upstreams (envoyproxy#14143)

Commit Message: Adding predictive prefetch (useful mainly for HTTP/1.1 and TCP proxying) and uncommenting prefetch config.
Additional Description:
Risk Level: low (mostly config guarded)
Testing: unit, integration tests
Docs Changes: APIs unhidden
Release Notes: inline
Fixes envoyproxy#2755

Signed-off-by: Alyssa Wilk <[email protected]>

docs: Give a hint to specify type_url instead (envoyproxy#14562)

Signed-off-by: Dhi Aurrahman <[email protected]>

Remove flaky_on_windows tag from proxy_filter_integration_test (envoyproxy#14680)

Testing: Ran proxy_filter_integration_test thousands of times

Signed-off-by: Randy Miller <[email protected]>

upstream: Fix moving EDS hosts between priorities. (envoyproxy#14483)

At present if health checks are enabled and passing then moving an EDS host from P0->P1 is a NOOP, and P1->P0 results in an abort.

In the first case:
* P0 processing treats A as being removed because it's not in P0's list of endpoints anymore.
* P0 marks A's existing Host as PENDING_DYNAMIC_REMOVAL. It marks A as having been updated in this config apply.
* P1 skips over A because it is marked as updated in this update cycle already.

In the second case:
* P0 updates the priority on the existing Host. It is appended to the vector of added hosts.
* P1 marks A's existing Host as PENDING_DYNAMIC_REMOVAL. It does adjust the removed host vector as the host is still pending removal.
* A's Host is now in both priorities and is PENDING_DYNAMIC_REMOVAL. This is wrong, and would cause problems later but doesn't have a chance to because:
* onClusterMemberUpdate fires with A's existing Host in the added vector (remember it wasn't removed from P1!)
* HealthChecker attempts to create a new health check session on A, which results in an abort from the destructor of the already existing one.

This was masked in tests by the tests enabling ignore_health_on_host_removal.

We fix this by passing in the set of addresses that appear in the endpoint update. If a host being considered for removal appears in this set,
and it isn't being duplicated into the current priority as a result of a health check address change, then we assume it's being moved and will
immediately remove it.

To simplify the case where a host's health check address is being changed AND it is being moved between priorities we always apply priority moves in
place before we attempt any other modifications. This means such a case is treated as a separate priority move, followed by the health check address change.

fixes envoyproxy#11517

Signed-off-by: Jonathan Oddy <[email protected]>

examples: Add TLS SNI sandbox (envoyproxy#13975)

Signed-off-by: Ryan Northey <[email protected]>

[utility]: Change behavior of main thread verification utility (envoyproxy#14660)

Currently, the isMainThread function can only be called during the lifetime of thread local instance because the singleton that store main thread id is initialized in the constructor of tls instance and cleared in the destructor of tls instance. Change the utility so that outside the lifetime of tls instance, the function return true by default because everything is in main thread when threading is off.

Risk Level: low
Testing: change unit to reflect change of behavior.

Signed-off-by: chaoqin-li1123 <[email protected]>

Windows build: Add repository cache to CI (envoyproxy#14678)

Signed-off-by: Sunjay Bhatia <[email protected]>

ext-proc: Support "immediate_response" options for request headers  (envoyproxy#14652)

This lets ext_proc servers return an immediate HTTP response (such as to indicate an error) in response to a request_headers message.

Signed-off-by: Gregory Brail <[email protected]>

stats: convert tag extractor regexs to Re2 (envoyproxy#14519)

Risk Level: high, the regexes are updated to match more specific patterns.
Testing: unit tests

Fixes envoyproxy#14439

Signed-off-by: Dmitry Rozhkov <[email protected]>

hcm: removing envoy.reloadable_features.early_errors_via_hcm envoyproxy#14641 (envoyproxy#14684)

Risk Level: Low (removal of deprecated disabled code)
Testing: n/a
Docs Changes: n/a
Release Notes: inline
Fixes envoyproxy#14641

Signed-off-by: Alyssa Wilk <[email protected]>

test: Fix O(1/32k) flakiness in H2 flood tests that disable writes based on source port of outgoing connections. (envoyproxy#14695)

It is possible for the kernel to assign the same source port to both the client connection used by
the test framework to connect to the Envoy and the Envoy's client connection to the upstream. When
the source port is reused by both connections, the test client times out while trying to send the
request because disabling write on the upstream connection also disabled writes on the test's client
connection.

Signed-off-by: Antonio Vicente <[email protected]>

tls: add missing stats for signature algorithms. (envoyproxy#14703)

While there, refresh supported cipher suites and add more warnings.

Signed-off-by: Piotr Sikora <[email protected]>

connection: tighten network connection buffer limits (envoyproxy#14333)

Signed-off-by: Antonio Vicente <[email protected]>

xdstp: LDS glob collection support. (envoyproxy#14311)

This patch introduces support for LDS xdstp:// collection URLs for glob collections over ADS. Context
parameters are currently computed from node and resource URLs. Followup PRs will add support for
other collection types (CDS, SRDS), non-ADS, provide dynamic context parameter update, extend support to
singleton resources and then other xdstp:// features (list collections, redirects, alternatives,
etc.)

Part of envoyproxy#11264.

Risk level: Low (opt-in)
Testing: ADS integration test added. Various unit tests following implementation.

Signed-off-by: Harvey Tuch <[email protected]>

listener manager: avoid unique -> shared conversion (envoyproxy#14693)

buildFilterChainInternal() returns a shared_ptr, so let's make
that instead of unique_ptr.

Signed-off-by: Raul Gutierrez Segales <[email protected]>

proto: re-implement RepeatedPtrUtil::hash(). (envoyproxy#14701)

This changes RepeatedPtrUtil::hash() implementation to match
MessageUtil::hash(), which was re-implemented in envoyproxy#8231.

Reported by Tomoaki Fujii (Google).

Signed-off-by: Piotr Sikora <[email protected]>

tcp: setting nodelay on all connections (envoyproxy#14574)

This should have minimal effect, new server side connections had no-delay, codecs set no-delay, and upstream pools set no-delay. Traffic not using the tcp connection pool may be affected as well as raw use of the TCP client.

Risk Level: Medium (data plane)
Testing: new unit tests
Docs Changes: n/a
Release Notes: inline
Runtime guard: envoy.reloadable_features.always_nodelay

Signed-off-by: Alyssa Wilk <[email protected]>

test: Add multiheader TE + Content-Length test (envoyproxy#14686)

Signed-off-by: Yan Avlasov <[email protected]>

http2: Flip the upstream H2 frame flood and abuse checks to ON by default (envoyproxy#14443)

Signed-off-by: Yan Avlasov <[email protected]>

Fix the emsdk patching. (envoyproxy#14673)

If the patch fails, because of `|| true`, bazel continues
the build.

Signed-off-by: Jonh Wendell <[email protected]>

test: print test parameters meaningfully (envoyproxy#14604)

Signed-off-by: Alex Konradi <[email protected]>

Migrate v2 thrift_filter to v3 api and corresponding docs changes. (envoyproxy#13885)

part of envoyproxy#12841

Signed-off-by: Abhay Narayan Katare <[email protected]>

http: reinstating prior connect timeout behavior (envoyproxy#14685)

Signed-off-by: Alyssa Wilk <[email protected]>

Fix typo (envoyproxy#14716)

Signed-off-by: Hu Shuai <[email protected]>

master -> main (envoyproxy#14729)

Various fixes

Signed-off-by: Matt Klein <[email protected]>

readme: fix logo URL (envoyproxy#14733)

Signed-off-by: Matt Klein <[email protected]>

Bump nghttp2 to 1.42.0 (envoyproxy#14730)

- Drops nghttp2 PR1468 patch
- Requires bazel_external_cmake to support copts, defines to drop the rest

Risk Level: low
Testing: CI

Fixes envoyproxy#1417

Signed-off-by: William A Rowe Jr <[email protected]>

Pick up current bazel-build-tools tag (envoyproxy#14734)

Signed-off-by: William A Rowe Jr <[email protected]>

access-logger: support request/response headers size (envoyproxy#14692)

Add following command operator in access logger

%REQUEST_HEADER_BYTES%
%RESPONSE_HEADER_BYTES%
%RESPONSE_TRAILER_BYTES%
Risk Level: Low
Testing: unit test
Docs Changes: done
Release Notes: done

Signed-off-by: Xuyang Tao <[email protected]>

dynamic_forward_proxy: envoy.reloadable_features.enable_dns_cache_circuit_breakers deprecation (envoyproxy#14683)

* dynamic_forward_proxy:  deprecation

Signed-off-by: Shikugawa <[email protected]>

Add support for google::protobuf::ListValue formatting (envoyproxy#14518)

Signed-off-by: Itamar Kaminski <[email protected]>

tls: improve TLS handshake/read/write error log (envoyproxy#14600)

Signed-off-by: Shikugawa <[email protected]>

config: switch from std::set to absl::flat_hash_set for resource names. (envoyproxy#14739)

This was a cleanup deferred from the review of envoyproxy#14311. The idea is to switch to the more efficient
unordered absl::flat_hash_set across the resource subscription code base. Internally, we still use
std::set (and even explicitly sort in the http_subscription_impl) to avoid changing any wire
ordering. It seems desirable to preserve this for two reasons: (1) this derisks this PR as an
internal-only change and (2) having deterministic wire ordering makes debug of xDS issues somewhat
easier.

Risk level: Low
Testing: Updated tests.

Signed-off-by: Harvey Tuch <[email protected]>

network filters: avoid unnecessary std::shared_ptrs (envoyproxy#14711)

While debugging a crash in:

envoyproxy#13592

I ended up discussing with @lambdai and @mattklein123 whether
network filters can hold references to things owned by their
corresponding FactoryFilterCb. The answer is yes and the HCM
and some other notable filters already use references instead
of std::shared_ptrs.

So let's consistently do this everywhere to avoid someone
else asking this same question in the future. Plus, it's
always nice to create fewer std::shared_ptrs.

Follow-up on: envoyproxy#8633

Signed-off-by: Raul Gutierrez Segales <[email protected]>

docs: Updated version history with 1.13.8 release notes. (envoyproxy#14742)

Signed-off-by: Christoph Pakulski <[email protected]>

Dispatcher: keeps a stack of tracked objects. (envoyproxy#14573)

Dispatcher will now keep a stack of tracked objects; on crash it'll "unwind" and have those objects dump their state. Moreover, it'll invoke fatal actions with the tracked objects. This allows us to dump more information during crash.

See related PR: envoyproxy#14509

Will follow up with another PR dumping information at the codec/parser level.

Signed-off-by: Kevin Baichoo <[email protected]>

bootstrap-extensions: fix a crash on http callout (envoyproxy#14478)

Currently when the ServerFactoryContext is passed to bootstrap extensions, it is only partially initialized. Specifically, attempting to access the cluster manager will cause a nullptr access (and hence a crash)

This PR splits the creation and initialized to 2 seperate fucntions. Early creation is required to not break the `default_socket_interface` feature. Once created, the extension will receive the ServerFactoryContext in a different callback (the newly added `serverInitialized`), once they are fully initialized.

Commit Message:
Fix a crash that happens when bootstrap extensions perform http calls.

Additional Description:
Risk Level: Low (small bug-fix)
Testing: Unit tests updated; tested manually with the changes as well.
Docs Changes: N/A
Release Notes: N/A

Fixes envoyproxy#14420

Signed-off-by: Yuval Kohavi <[email protected]>

overload: create scaled timers via the dispatcher (envoyproxy#14679)

Refactor the existing pathway for creating scaled Timer objects away from the
ThreadLocalOverloadState and into the Dispatcher interface. This allows scaled
timers to be created without plumbing through a bunch of extra state.

Signed-off-by: Alex Konradi <[email protected]>

http: removing nvoy.reloadable_features.fix_upgrade_response  envoyproxy#14643 (envoyproxy#14706)

Risk Level: Low (removing deprecated disabled code)
Testing: n/a
Docs Changes: n/a
Release Notes: inline
Fixes envoyproxy#14643

Signed-off-by: Alyssa Wilk <[email protected]>

http: removing envoy.reloadable_features.fixed_connection_close (envoyproxy#14705)

Risk Level: Low (removing deprecated guarded code)
Testing: n/a
Docs Changes: n/a
Release Notes: inline
Fixes envoyproxy#14645

Signed-off-by: Alyssa Wilk <[email protected]>

Revert "network filters: avoid unnecessary std::shared_ptrs (envoyproxy#14711)" (envoyproxy#14755)

This reverts commit 72db81d.

Per discussion in envoyproxy#14717 and via Slack, we'll come up with a different
approach since using a std::function to keep state presents a few
challenges.

Signed-off-by: Raul Gutierrez Segales <[email protected]>

Clarify Consecutive Gateway Failure docs (envoyproxy#14738)

It was initially unclear to me that when
split_external_local_origin_errors is in the default setting of false
that local origin failures will be counted as Consecutive Gateway
Failures. It is clear above that they are counted by the Consecutive 5xx
detection type but since I had that disabled I was surprised to find
them counted in Consecutive Gateway Failure. I think the logic makes
sense though so just attempting to clarify the docs here.

Signed-off-by: Matthew Mead-Briggs <[email protected]>

thrift proxy: fix crash when using payload_passthrough (envoyproxy#14723)

We started seeing crashes triggered by ConnectionManager::passthroughEnabled()
once we enabled `payload_passthrough`. That code assumes that there will
_always_ be an active RPC. However, this is not true after a local response
has been sent (e.g.: no healthy upstream, no cluster, no route, etc.).

Risk Level: low
Testing: unit tests added
Doc Changes: n/a
Release Notes: n/a
Signed-off-by: Raul Gutierrez Segales <[email protected]>

thrift proxy: add comments explaining local replies (envoyproxy#14754)

Risk Level: low
Testing: n/a
Docs Changes: n/a
Release Notes: n/a
Signed-off-by: Raul Gutierrez Segales <[email protected]>

wasm: update V8 to v8.9.255.6. (envoyproxy#14764)

Signed-off-by: Piotr Sikora <[email protected]>

Request headers to add (envoyproxy#14747)

Being consistent about treating Host: and :authority the same way in Envoy header modification.

Risk Level: Medium (changes allowed modifiable headers)
Testing: new unit tests
Docs Changes: yes
Release Notes: inline

Signed-off-by: Alyssa Wilk <[email protected]>

tls: update BoringSSL to fbbf8781 (4324). (envoyproxy#14763)

Signed-off-by: Piotr Sikora <[email protected]>

docs: change getting started order (envoyproxy#14774)

Sandboxes are more relevant to new users than the other sections.

Signed-off-by: Matt Klein <[email protected]>

oauth2: set accept header on access_token request (envoyproxy#14538)

Co-authored-by: Dhi Aurrahman <[email protected]>
Signed-off-by: Richard Patel <[email protected]>

router: Remove envoy.reloadable_features.consume_all_retry_headers (envoyproxy#14662)

This patch removes the
envoy.reloadable_features.consume_all_retry_headers runtime flag.

Signed-off-by: Martin Matusiak <[email protected]>

docs: API review checklist (envoyproxy#14399)

* API review checklist

Signed-off-by: Mark D. Roth <[email protected]>

[docs] Add guidance on ENVOY_BUG in STYLE.md (envoyproxy#14575)

* Add guidanceon ENVOY_BUG and macro usage to STYLE.md

Signed-off-by: Asra Ali <[email protected]>

filters: Add test/server:filter_config_test (envoyproxy#14746)

As part of envoyproxy#14470, I'll be modifying the base filter interface to include an overridable dependencies() function. This is prep work.

Risk Level: Low (test only)
Doc Change: n/a
Release Notes: n/a
Signed-off-by: Auni Ahsan <[email protected]>

dns: removing envoy.reloadable_features.fix_wildcard_matching envoyproxy#14644 (envoyproxy#14768)

Signed-off-by: Alyssa Wilk <[email protected]>

test: FakeUpstream threading fixes (envoyproxy#14526)

Signed-off-by: Antonio Vicente <[email protected]>

server: add FIPS mode statistic indicating FIPS compliance (envoyproxy#14719)

Signed-off-by: Ravindra Akella <[email protected]>

Add error_state to all config dump resources (envoyproxy#14689)

Store the NACKed resource in each resources

Risk Level: None

Fixes: envoyproxy#14431

Signed-off-by: Lidi Zheng <[email protected]>

docs: fix two typos in jwt_authn_filter (envoyproxy#14796)

Signed-off-by: Lukasz Jernas <[email protected]>

 tcp: adding logs and debug checks (envoyproxy#14771)

Adding some logs and one ENVOY_BUG around the new TCP pool.

Signed-off-by: Alyssa Wilk <[email protected]>

google_grpc: attempt to reduce lock contention between completionThread() and onCompletedOps() (envoyproxy#14777)

Holding a stream's lock while running handleOpCompletion can result in the completion queue having to wait until the lock is released before adding messages on that stream to completed_ops_. In cases where the completion queue is shared across multiple gRPC streams, delivery of new messages on all streams is blocked until the lock held by the first stream while executing onCompletedOps.

Signed-off-by: Antonio Vicente <[email protected]>

filters: Add dependencies.proto (envoyproxy#14750)

Introduces the FilterDependency proto. This isn't quite an extension, but it's a common proto to be used by all filter extensions.

Risk Level: Low (proto addition only)

Signed-off-by: Auni Ahsan <[email protected]>

tools: Syncing api/BUILD file to generated_api_shadow (envoyproxy#14792)

After chatting with @akonradi on Slack, it seems the generated_api_shadow/BUILD file was not being updated by proto_format since PR envoyproxy#9719. This PR copies the api/BUILD file to generated_api_shadow.

Risk Level: Low (relevant for development)

Signed-off-by: Adi Suissa-Peleg <[email protected]>

Add debug log for slow config updates for GRPC subscriptions (envoyproxy#14343)

Risk Level: Low
Testing:
Docs Changes: N/A
Release Notes: N/A

Signed-off-by: Adam Schaub <[email protected]>

oauth2 filter: Make OAuth scopes configurable.  (envoyproxy#14168)

New optional parameter 'auth_scopes' added to the filter. The default value is 'user' (if not provided) to avoid breaking changes to users updating to the latest version.

Signed-off-by: andreyprezotto <[email protected]>

Co-authored-by: Nitin Goyal <[email protected]>

upstream: Optimize LoadStatsReporter::startLoadReportPeriod implementation (envoyproxy#14803)

cm_.clusters() is not O(1) in part due to it creating maps and returning by value. This means that startLoadReportPeriod was effectively O(n**2) on number of clusters since cm_.clusters() is called for every active cluster.

Risk Level: low, functional no-op
Testing: Existing tests. We may want a benchmark.

Signed-off-by: Antonio Vicente <[email protected]>

ext_proc: Implement response path for headers only (envoyproxy#14713)

Implement header processing on the response path by sending the
response_headers message to the processor and handling the result.

Also update the docs in the .proto file.

Signed-off-by: Gregory Brail <[email protected]>

reformat code

Signed-off-by: qinggniq <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

std::regex overhead is too high during CDS updates
4 participants