Fixes envoyproxy#11990.

Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>

Adds new retry policy envoy-ratelimited that retries responses
containing the header x-envoy-ratelimited.

Signed-off-by: Martin Matusiak <numerodix@gmail.com>

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

- ensure that all listeners are in the correct state using config dumps and stats
- adds a verification class that holds an abstract representation of the state Envoy should be in which is then compared to Envoy's actual state from the config dumps
- currently working on also actually draining the listeners to ensure they are in the correct state during/after but Envoy crashes when trying to drain using simulated time so I'm looking into this for a future PR
- I also added a few more corpus entries that had failed previously on libfuzzer removed removeRoute since RDS cannot explicitly remove routes, it's up to Envoy to remove them when no listeners refer to them

Risk Level: Low
Testing: ran with libfuzzer, fixes previous timeouts/crashes
Docs Changes: N/A
Release Notes: N/A

Signed-off-by: Sam Flattery <samflattery@google.com>

…#12034)

Previously, a hard-coded set of buckets were used, which were not appropriate for the range or required precision of some histograms.

Fixes envoyproxy#7599

Signed-off-by: Greg Greenway <ggreenway@apple.com>

Until a real solution for envoyproxy#12209
is found.:

Signed-off-by: Matt Klein <mklein@lyft.com>

Commit Message: Fix crash in filter fuzz test due to validation not running until after cleaning
since the input config message contains an Any field, validation is not run on it, so I added a check to make sure that there was at least one sink before trying to deference
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24301
Signed-off-by: Sam Flattery <samflattery@google.com>

The stat is incremented before the socket close.

Risk Level: None
Testing: N/A
Docs Changes: N/A
Release Notes: N/A

Signed-off-by: Matt Klein <mklein@lyft.com>

envoyproxy#12160 changed
the behavior of remove() to not first look in the inline
header map for a header. This is a subtle change in
behavior that specifically breaks attempting to remove
":authority" via the "host" mapping. This restores that
behavior and is thus a bug fix and low risk.

Signed-off-by: Matt Klein <mklein@lyft.com>

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

envoyproxy#12037)

This PR provides intentional semantics for:

Multiple-100 headers; these are always coalesced to a single 100 header when proxying.
101 headers: these are always passed to decodeHeaders().
Non-{100,101} 1xx headers, e.g. 102/103, are always ignored by Envoy.
UpstreamRequest is responsible for guaranteeing that HCM observes the above properties. Codecs should pass 100 headers to decode100ContinueHeaders and all other 1xx to decodeHeaders.

This PR follows the discussion in envoyproxy#11433 (comment).

Risk level: Medium
Testing: Unit tests for codecs and UpstreamRequest added. Integration tests for non-101 and multiple 101 headers added.

Fixes OSS-fuzz issue https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21628.
Fixes envoyproxy#11433

Signed-off-by: Harvey Tuch <htuch@google.com>

Signed-off-by: Kuat Yessenov <kuat@google.com>

- refactored cache setup script

Signed-off-by: Lizan Zhou <lizan@tetrate.io>

… up test compilation (envoyproxy#12048)

breakdown test/mocks/upstream/mocks.h into different mock classes

test/mocks/upstream/mocks.h is a wide-used mock header included by various test files. However it's very huge and most test files only used a small portion of it. Splitting it up into different mock classes will be helpful to reduce compilation time. (similar to envoyproxy#11797 )

Risk Level: low
Testing: existing tests
Docs Changes: N/A
Release Notes: no
Related Issues: envoyproxy#10917

Signed-off-by: Muge Chen <mugechen@google.com>

Until envoyproxy#12258 is fixed.

Signed-off-by: Matt Klein <mklein@lyft.com>

Currently, in scope route discovery service, when resources are received from a management server, for each added, updated and removed scope route, a callback is fired. If several update callbacks are combined into a single update callback, less performance penalty will be incurred. This can be achieved by moving applyConfigUpdate out of the for loop and applying all the updates in a single callback. In this case, partial update won't be accepted both in sotw and delta srds. Scope key and scope name conflicts will be checked before any config update is applied.

Risk Level: Low
Testing: Modify a unit test related to change.
Docs Changes: The behavior of delta srds will be changed, partial update won't be accepted.

Signed-off-by: chaoqinli <chaoqinli@google.com>

Waiting on a load stats response can race with resetting
the counters when initializing a watch. Moving the counter
increment prevents the race.

Fixes envoyproxy#11784

Signed-off-by: Matt Klein <mklein@lyft.com>

…enchmark_test_benchmark_test timeouts under tsan (envoyproxy#12264)

also, bump up the googlebenchmark version to pickup the fix to SkipWithError, google/benchmark#938

Signed-off-by: Antonio Vicente <avd@google.com>

…voyproxy#12173)

Adds support for DOWNSTREAM_PEER_FINGERPRINT_1 that sends SHA1 finger print of peer cert as a custom header.

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

…envoyproxy#12069)

To fix envoyproxy#11877, we need to handle safely the case where two
watches point at the same resource, and a WatchMap onConfigUpdate() causes one watch to
remove the other watch during its invoked onConfigUpdate().

While working on this, it made sense to fix envoyproxy#11674,
avoiding spurious ClusterLoadAssignment discovery requests in the regression integration test.

Risk level: Medium (this has xDS wire-level implications).
Testing: New unit tests for pause/resume, regression unit and integration tests for watch map
removal behaviors.

Fixes envoyproxy#11877 envoyproxy#11674

Signed-off-by: Harvey Tuch <htuch@google.com>
Co-authored-by: Sebastian Schepens <sebastian.schepens@mercadolibre.com>

Althought this filter is deprecated in favor of the compressor
filter, let's go ahead and fix the incorrect reference to the
now optional runtime feature flag.

Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>

… changes (envoyproxy#12240)

Signed-off-by: Greg Greenway <ggreenway@apple.com>

Signed-off-by: Asra Ali <asraa@google.com>

We need to wait for all listeners to be up.

Fixes envoyproxy#12253 (and maybe other flakes)

Risk Level: None
Testing: Existing tests
Docs Changes: N/A
Release Notes: N/A

Signed-off-by: Matt Klein <mklein@lyft.com>

We heard back from Istio that release adjacency to EOQ wasn't great, and from other internal teams
that more details on the CVEs in the distributor mailout would be helpful.

Signed-off-by: Harvey Tuch <htuch@google.com>

Signed-off-by: Dhi Aurrahman <dio@tetrate.io>

Signed-off-by: Martin Matusiak <numerodix@gmail.com>

Signed-off-by: Kuat Yessenov <kuat@google.com>

I found that the code block in `grpc_bridge.rst` hasn't been displayed well.
So I fixed it.

Signed-off-by: zawawahoge <zawawahoge@gmail.com>

…nvoyproxy#12089)

By default, jwt_authn filter extracts JWT token from `Authorization` header and
 `access_token` query parameter. A request may have multiple JWT tokens, and will be
forwarded to the backend if one of the tokens is good. 

It poses a security risk: a hacker can put a good token in the query parameter and an invalid one in
the Authorization header. Envoy will forward the request to the backend,
and the backend will use the bad token in Authorization header.

This PR try to patch such security hole: all tokens in a request should be valid. 

Risk Level: Low.  This change only impacts the requests with multiple JWT tokens. In production traffic,
  it will be very rare that a request have multiple JWT tokens. 
Testing: Unit-test
Docs Changes: None
Release Notes: None

Signed-off-by: Wayne Zhang <qiwzhang@google.com>

…lancing configuration section (envoyproxy#12249)

Signed-off-by: Josef Podaný <josef.podany.ml@gmail.com>

Risk Level: n/a
Testing: n/a
Docs Changes: n/a
Release Notes: n/a
Fixes envoyproxy#12282

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

* added generic freamework for testing filters.
This is a fuzzer for testing network-layer(L3/L4) filters.
Now Envoy has 20 network-layer filters which will deal with raw bytes from untrusted networks and thus they are security-critical to some extent. The idea of this is to write a fuzzer which can be applied to different kinds of network filters(potentially cover all the filters), and when new filters are added to Envoy, we won't need to write dedicated fuzzers one by one to give them fuzz coverage.

Signed-off-by: jianwen <jianwendong@google.com>

On Windows, getsockopt fails if the socket driver is performing another
non-blocking operation. For example if we query for a specific socket
option while the socket is connecting then the getsockopt is going to
fail with error (10022).

When we create an ipv6 socket we set it to be ipv6 only. Now we cache
this configuration and we query it before we connect to the socket

This fixes IpVersions/TcpClientConnectionImplTest.BadConnectConnRefused/IPv6 test on Windows.

Signed-off-by: Sotiris Nanopoulos <sonanopo@microsoft.com>

…#12237)

Signed-off-by: Mark D. Roth <roth@google.com>

…12270)

Risk Level: Low

Signed-off-by: Lizan Zhou <lizan@tetrate.io>

This PR is the final step in porting envoy to C++17. After this change, all envoy builds including envoy-mobile will be built in C++17 mode. See this for the PR that make envoy-mobile built in C++17 envoyproxy/envoy-mobile#964.

Risk Level: low, as the master has been running with c++17 mode for almost two weeks now and envoy mobile is also building with C++17
Testing: All existing tests have been passed.
Docs Changes:
Release Notes:

Signed-off-by: Yifan Yang <needyyang@google.com>

This was missed in envoyproxy#7825.

Risk Level: low
Docs Change: docs only
Release Notes: n/a
Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

Updated creatStatSink function to take in Server::Configuration::ServerFactoryContext as a parameter instead of Server::Instance.

Risk Level: Low

Signed-off-by: Aakash Shukla <aakashshukla@google.com>

Signed-off-by: Yifan Yang <needyyang@google.com>

- Replace with absl::node_hash_map/set
  - Primarily for performance optimizations and to root out any
     assumptions made about iteration order in tests or otherwise (the
     replacement absl containers have a non-deterministic iteration
     order
  - absl::node_hash_map/set should be drop-in replacements for
     std::unordered_map/set
- Note that a future refactor should reevaluate and move to
   absl::flat_hash_map/set where possible for memory optimizations
- Add format check to disallow future usage of std::unordered_map/set
- Small changes made where absl containers required it or tests needed
   to be modified for correctness

Additional Description:
- There may be an issue we should open with abseil about `emplace` and `try_emplace` when attempting to do in-place construction
  - When a constructor throws an exception, as far as I can tell the c++ language standard says the container should not be affected, however this does not seem to be the case for the absl containers so their guarantees are not the same (though they may be intended to have the same guarantees)
  - //test/server:overload_manager_impl_test demonstrates this
  - see abseil/abseil-cpp#388

Risk Level: Low, absl::node_hash_map/set should be drop-in replacements for std::unordered_map/set though this may shake loose more assumptions in tests over time we weren't able to catch locally
Testing: Small changes to unit tests, repeatedly run on Windows and Linux/clang
Docs Changes: N/A
Release Notes: N/A
Fixes envoyproxy#11825

Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>
Co-authored-by: William A Rowe Jr <wrowe@vmware.com>

Moves all the filter handling into an inner class, in preparation for
splitting the behavior out of the HCM. As an initial PR, this relies on
delegating to the ActiveStream for basically all operations not directly
related to the filters.

This is a relatively minor refactor in that most of the FM logic just
delegates back up to the ActiveStream. In subsequent PRs this logic will
be migrated to the FM piece by piece, until the AS and the FM no longer
are tightly coupled, at which point FM can be moved out into its own file.

Risk Level: Medium
Testing: Existing tests
Docs Changes: n/a
Release Notes: n/a
Part of envoyproxy#10455

Signed-off-by: Snow Pettersen <kpettersen@netflix.com>

Commit Message: Add proxy proto transport socket

Additional Description: This is the part 1 PR described in envoyproxy#10682. It adds the transports socket / unit tests, a transport socket options struct for the proxy proto header, and does a refactor to make the listener filter use the common proxy proto constants (potentially want to move these now since the proxy proto config api type is not in extensions?)

Risk Level: Small
Testing: Unit
Docs Changes: None
Release Notes: None
Part Of: envoyproxy#1031

Signed-off-by: Weston Carlson <wez470@gmail.com>
Co-authored-by: Lizan Zhou <lizan@tetrate.io>

…t verifies parsing gRPC channel args from config. (envoyproxy#12318)

Commit Message: test: Ignore grpc.primary_user_agent grpc library version in test that verifies parsing gRPC channel args from config.
Additional Description:
Risk Level: n/a test-only change
Testing: n/a
Docs Changes: n/a
Release Notes: n/a

Signed-off-by: Antonio Vicente <avd@google.com>

Commit Message: Add unit tests to xDS verifier
* add new file xds_verifier_test.cc with unit tests
* add tests for main paths through verifier

Signed-off-by: Sam Flattery <samflattery@google.com>

This fixes two different issues:
1) Previously there was no locking around log sink replacement,
   so it was possibles for a log sink to get removed by one
   thread while getting written to by another thread.
2) Even with locking, the base class destructor pattern would
   do the swap after the derived class was destroyed, leading to
   undefined behavior.

This was easy to reproduce in cx_limit_integration_test but is
an issue anywhere the log expectations are used, or previously in the death test
stderr workaround (EXPECT_DEATH_LOG_TO_STDERR) for coverage which has 
been removed because coverage no longer logs to a file and instead logs to stderr
like the rest of the tests.

Fixes envoyproxy#11841

Risk Level: Medium, code is a bit scary, though only really in tests
Testing: Existing tests
Docs Changes: N/A
Release Notes: N/A

Signed-off-by: Matt Klein <mklein@lyft.com>

…nvoyproxy#12312)

This ensures that the configuration is valid.

Note that this adds stricter validation to an existing proto field, but the field was only added 5 days ago, so only someone running HEAD, using this new config, with invalid/non-sensical config should be affected.

Signed-off-by: Greg Greenway <ggreenway@apple.com>

Adds the helper function const std::string& TestEnvironment::newLine() in the test environment that can be used in test code for cross platform comparison of strings that contain new lines.

Risk Level: low
Testing: N/A
Docs Changes: N/A
Release Notes: N/A

Signed-off-by: davinci26 <sotirisnan@gmail.com>
Signed-off-by: Sotiris Nanopoulos <sonanopo@microsoft.com>

…voyproxy#12329)

Risk Level: n/a (test only)
Testing: yes
Docs Changes: no
Release Notes: no

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

This is a docs only change, mostly on how to refer to LuaPerRoute info.

Signed-off-by: Dhi Aurrahman <dio@tetrate.io>

When Envoy rejects a listener because it has a listener with the same name on a different address, it just logs the new address. It would help to log the existing address also.

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

Implementing per-upstream prefetching, useful for high QPS or latency-sensitive services.

Risk Level: low (off by default)
Testing: new unit tests, integration test
Docs Changes: n/a
Release Notes: not yet 

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

Risk Level: None
Testing: Existing tests
Docs Changes: N/A
Release Notes: N/A
Fixes envoyproxy#12325

Signed-off-by: Matt Klein <mklein@lyft.com>

The write can see disconnect upon completion.

Fixes envoyproxy#12294

Risk Level: None
Testing: Existing test
Docs Changes: N/A
Release Notes: N/A

Signed-off-by: Matt Klein <mklein@lyft.com>

Commit Message:add transport failure reason to body
Additional Description: Adds transport failure reason to response body . This is specially useful to detect tls related failures when the client does not use Envoy. Otherwise cert expiration related errors just come as connection failure and it takes some digging to figure out the reason.
Risk Level: Low, but changes the existing response body.
Testing: Updated
Docs Changes: N/A
Release Notes: Updated
Runtime guard: yes

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

…n getOriginalDst. (envoyproxy#12250)

Fixed uninitialized memory in network utility  Utility::getOriginalDst
Initializing variable which may be used in an uninitialized fashion as reported by the test case. 
Using uninitialized memory can be a security issue, such as potentially leaking previous stack contents. By zero-initializing, we avoid such potential leaks.
Running with the specific input case after this PR is applied no longer results in any error findings (credits: the input case was found using google/clusterfuzz).
Note that this PR only avoids the uninitialized memory use identified in that bug, and is unaware of the functionality or semantics of the rest of the code. The project owners are welcome to suggest alternate fixes on this PR or address other behavioral concerns in a separate PR.

Signed-off-by: Rui Maranhao <rui@computer.org>

…roxy#12342)

Signed-off-by: Kuat Yessenov <kuat@google.com>

Commit Message: removing well known names file for host retry extensions
Risk Level: n/a
Testing: n/a
Docs Changes: n/a
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

A malformed packet or buggy server could trigger the ASSERT(),
so let's deal with it.

Reported-by: @jianwen612

Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>

Commit Message: Limiting the number of a loop iterations in stats/utility_fuzz_test.
Additional Description: This avoids test timeout when the input is large.

Signed-off-by: Adi Suissa-Peleg <adip@google.com>

…ds in cel filter extension (envoyproxy#12316)

Commit Message: Add upstream_local_address and upstream_transport_failure_reason fields in cel filter extension
Additional Description:
Risk Level: Low
Testing: Added unit test
Docs Changes:
Release Notes:

Signed-off-by: gargnupur <gargnupur@google.com>

Create metadata similar to MySQL based on SQL query sent by Postgres client. The metadata may be used by other filters like RBAC.

Risk Level: Low. 
Testing: Added unit tests.
Docs Changes: Yes - updated Postgres section.
Release Notes: Yes.

Fixes envoyproxy#11065

Signed-off-by: Christoph Pakulski <christoph@tetrate.io>

…oxy#11822)

Implement a new logger called Fancy Logger with fine-grained control, e.g. file, function and line level.

Additional Description: Some new macros are defined for basic usage but not hooked with any existing log macros. API for the logger is still in progress.

Risk Level: Low
Testing: unit test & benchmark
Docs Changes: None
Release Notes: None

Signed-off-by: Jinhui Song <jinhuisong@google.com>

Merge in changes from envoyproxy/envoy-wasm in the bazel/ directory as part of upstreaming Wasm.
Risk Level: Low
Testing: Unit tests pass.
Docs Changes: N/A
Release Notes: N/A

Signed-off-by: John Plevyak <jplevyak@gmail.com>

…sFactory (envoyproxy#12234)

Commit Message:
Plumb ProtocolOptionsFactoryContext to the ProtocolOptionsFactory
Additional Description:
We have a use-case of needing a timer in the context of protocol-options.
Risk Level: Low, adding a field that is only used in extensions. and is no-op of existing extensions
Testing: N/A
Docs Changes: N/A
Release Notes: N/A

Signed-off-by: Yuval Kohavi <yuval.kohavi@gmail.com>

…op) (envoyproxy#12303)

Swap default codec to legacy codec implementation while codec error handling is improved. Backport some non-backported changes.

Signed-off-by: Asra Ali <asraa@google.com>

)

header-to-metadata filter supports adding a header's value to a metadata key which is later used for subset load balancing.

This PR adds support for extracting a specific cookie value before it's added as metadata.

Signed-off-by: Radha Kumari <rkumari@slack-corp.com>

In this patch, it will enable the envoyproxy/envoy arm image to build
in community arm CI environments.
1. Do some modifications in docker_ci.sh script for building arm images
   by buildx. It will firstly set up environments. Then use the buildx
   tool to build the envoyproxy/envoy arm images on x86 platform.
2. Modify the docker build job for building multi-arch images.
   It will firstly download the arm64 and amd64 envoy binaries. Then
   invoke the docker_ci.sh scripts to generate images.

Risk Level: Medium (of breaking images)
Testing: CI
Docs Changes: N/A
Release Notes: Added
Fixes envoyproxy#1861 

Signed-off-by: Jingzhao.Ni <Jingzhao.Ni@arm.com>

…ointers (envoyproxy#12366)

The prior regression was due to variable shadowing.
ActiveTcpClient::ActiveTcpClient sets real_host_description_ in the constructor. Here it set its own real_host_description_ where it was supposed to set the base class real_host_description_
When onPoollFailure was called, it was called with the base class real_host_description_ (nullptr) So in the TCP filter
read_callbacks_->upstreamHost(host); set a null pointer.
and in void Filter::onUpstreamEvent read_callbacks_->upstreamHost()->outlierDetector().putResult( would segfault.

Risk Level: n/a (flag disabled code)
Testing: new regression test of upstream failure, unit test assert
Docs Changes: n/a
Release Notes: n/a

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

NOLINTNEXTLINE doesn't work well within macro expansion. Do it inline or disable with #if.

Signed-off-by: Lizan Zhou <lizan@tetrate.io>

…y#12251)

Commit Message: Add timeouts to waiting for counters/gauges in integration tests
add a default timeout of 0s which will not enable the timeout for the existing tests
raise an assertionfailure if they timeout

Signed-off-by: Sam Flattery <samflattery@google.com>

This patch adds Lua APIs to access SSL connection info of a connection.

Signed-off-by: Dhi Aurrahman <dio@tetrate.io>

)

Setting response details on all HTTP/1.1 response paths, and adding an ASSERT invariant.
This also fixes two timeout paths to use the new sendLocalReply functionality, so send response headers and body if possible.

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

Commit Message: Reactive xds_fuzz_test after tsan fix
passes locally with --config=clang-tsan --runs_per_test=1000 without tsan failures
Signed-off-by: Sam Flattery <samflattery@google.com>

This reverts commit 048583b.

Signed-off-by: FAYiEKcbD0XFqF2QK2E4viAHg8rMm2VbjYKdjTg <nflacco@lyft.com>

)

Signed-off-by: Lizan Zhou <lizan@tetrate.io>

dropping is_head_request as it can be inferred by the HCM.

Annoyingly we now can't in all cases - I did tweaks to the HTTP/1.1 codec a few weeks back which make use of this for incomplete HTTP/1.1 headers. Given that behavior landed recently and it's only for responses failing mid-headers I'm going to see if folks think it's Ok to lose since it makes the API simpler for the other 90% of callers.

Risk Level: low
Testing: adjusted unit tests
Docs Changes: n/a
Release Notes: n/a

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

…oyproxy#12378)

Fix clang-tidy errors in the LinkedObject::moveIntoList* methods
Signed-off-by: Yan Avlasov <yavlasov@google.com>

Signed-off-by: Asra Ali <asraa@google.com>

Description: Upstream Wasm proto files from envoy-wasm.
Risk Level: Low
Testing: Unit tests in envoy-wasm, integration tests in istio/proxy.
Docs Changes: N/A
Release Notes: N/A

Signed-off-by: John Plevyak <jplevyak@gmail.com>

…2368)

Commit Message: Increase code coverage in AWS Lambda filter
Additional Description: Removing unreachable/dead lines of code, remove aws_lambda from per_file_coverage.sh
Risk Level: Low
Testing: bazel test //test/extensions/filters/http/aws_lambda/...
Docs Changes: N/A
Release Notes: N/A
Fixes envoyproxy#11989

Signed-off-by: Nolan Varani <landesherr@users.noreply.github.com>

…ields (envoyproxy#12385)

Signed-off-by: Radha Kumari <rkumari@slack-corp.com>

Co-authored-by: Sunjay Bhatia <sunjayb@vmware.com>
Co-authored-by: William A Rowe Jr <wrowe@vmware.com>
Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>
Signed-off-by: William A Rowe Jr <wrowe@vmware.com>

- test/test_common/environment.cc was reading config files for
  substitution in binary (preserving \r) and then writing the
  substituted resulting file in text (replacing \n with \r\n),
  ending up with \r\r\n line endings.

- //test/common/runtime:runtime_impl_test now generates multiline
  strings on the fly to ensure line endings are treated in string
  as a binary blob

Co-authored-by: Sunjay Bhatia <sunjayb@vmware.com>
Co-authored-by: William A Rowe Jr <wrowe@vmware.com>
Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>
Signed-off-by: William A Rowe Jr <wrowe@vmware.com>

Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>

Signed-off-by: davinci26 <sotirisnan@gmail.com>

Follow up to https://github.com/envoyproxy/envoy/pull/11813/files

Signed-off-by: Matt Klein <mklein@lyft.com>

Signed-off-by: Kevin Baichoo <kbaichoo@google.com>

Signed-off-by: Florin Coras <fcoras@cisco.com>

Remove all throw statements from H/2 codec and replace error plumbing with Status and StatusOr objects.

Signed-off-by: Yan Avlasov <yavlasov@google.com>

…#12330)

Introduces FilterManagerCallbacks which can be used by the FM to call
back out with the encoded data. This interface will be expanded as more
functionality is split between the ActiveStream and the FilterManager.

Makes the majority of FM functions private, relying on befriending
the filter wrappers and a more well defined interface for the ActiveStream
to pass headers/data to be decoded by the FM.

Moves the buffers and watermark handling into the FM.

Signed-off-by: Snow Pettersen <kpettersen@netflix.com>

Change default log format and values of the corresponding compatibility flag as was previously stated in the 0.15 release's documentation.

Signed-off-by: Ruslan Nigmatullin <elessar@dropbox.com>

Adding a filter for access logs that will decide whether to log based on dynamic metadata.

Signed-off-by: davidraskin <draskin@google.com>

…sing (envoyproxy#12396)

If a request lacks a Cache-Control header, but has a Pragma header with a no-cache directive, treat it as if it was Cache-Control: no-cache.

Signed-off-by: Yosry Ahmed <yosryahmed@google.com>

…xy#12162)

Change the Buffer::OwnedImpl::linearize implementation so it only moves the requested number of bytes to the a flat buffer slice at the beginning of the buffer. Linearizing beyond the requested size can result in the excess bytes needing to be copied again as part of the next linearize call if the buffer ends up with more than 1 buffer slice when the linearize operation completes. Typical usage of linearize involves flattening the first 16kb in a buffer in a loop to construct inputs appropriate to SSL_write; the original implementation ended up copying an extra 4032 bytes when linearizing a 16KB block.

Signed-off-by: Antonio Vicente <avd@google.com>