Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

envoy: Bump envoy version to v1.32 #1009

Merged
merged 5 commits into from
Dec 18, 2024
Merged

envoy: Bump envoy version to v1.32 #1009

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
caee9bd
envoy: Sync up with upstream 1.32.x
sayboras Nov 19, 2024
493e6df
patches: Adjust cilium patches
sayboras Nov 19, 2024
066d15b
cilium: Adjust cilium filter build and implementation
sayboras Nov 19, 2024
e626961
api: Regenerate Go API files
sayboras Nov 19, 2024
df09c0d
renovate: Update config for 1.31
sayboras Nov 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions .github/renovate.json5
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
pruneStaleBranches: true,
baseBranches: [
'main',
'v1.31',
'v1.30'
],
labels: [
Expand Down Expand Up @@ -57,6 +58,7 @@
],
matchBaseBranches: [
'main',
'v1.31',
'v1.30',
],
},
Expand All @@ -76,6 +78,7 @@
],
matchBaseBranches: [
'main',
'v1.31',
'v1.30',
],
},
Expand All @@ -90,6 +93,7 @@
allowedVersions: '22.04',
matchBaseBranches: [
'main',
'v1.31',
'v1.30',
],
},
Expand All @@ -113,6 +117,7 @@
allowedVersions: '<=1.23',
matchBaseBranches: [
'main',
'v1.31'
],
},
{
Expand Down Expand Up @@ -144,6 +149,16 @@
'envoyproxy/envoy',
],
allowedVersions: '<=1.31',
matchBaseBranches: [
'v1.31',
],
},
{
groupName: 'envoy 1.32.x',
matchDepNames: [
'envoyproxy/envoy',
],
allowedVersions: '<=1.32',
matchBaseBranches: [
'main',
],
Expand Down
2 changes: 1 addition & 1 deletion ENVOY_VERSION
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
envoy-1.31.4
envoy-1.32.2
8 changes: 6 additions & 2 deletions WORKSPACE
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,8 @@ ENVOY_REPO = "envoy"
#
# No other line in this file may have ENVOY_SHA followed by an equals sign!
#
# renovate: datasource=github-releases depName=envoyproxy/envoy digestVersion=v1.31.4
ENVOY_SHA = "d045f4201477d50bc64a3bd38c28cfec67c272ca"
# renovate: datasource=github-releases depName=envoyproxy/envoy digestVersion=v1.32.2
ENVOY_SHA = "a0504e87c5a246cb097b37049b1e4dc7706c2a90"

# // clang-format off: unexpected @bazel_tools reference, please indirect via a definition in //bazel
load("@bazel_tools//tools/build_defs/repo:git.bzl", "git_repository")
Expand Down Expand Up @@ -71,6 +71,10 @@ load("@envoy//bazel:api_repositories.bzl", "envoy_api_dependencies")

envoy_api_dependencies()

load("@envoy//bazel:repo.bzl", "envoy_repo")

envoy_repo()

load("@envoy//bazel:repositories.bzl", "envoy_dependencies")

envoy_dependencies()
Expand Down
2 changes: 1 addition & 1 deletion cilium/BUILD
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,12 +130,12 @@ envoy_cc_library(
"websocket_config.h",
"websocket_protocol.h",
],
external_deps = ["http_parser"],
repository = "@envoy",
deps = [
"//cilium:accesslog_lib",
"//cilium:socket_option_lib",
"//cilium/api:websocket_cc_proto",
"@envoy//bazel/external/http_parser",
"@envoy//envoy/common/crypto:crypto_interface",
"@envoy//source/common/common:base64_lib",
"@envoy//source/common/common:hex_lib",
Expand Down
4 changes: 2 additions & 2 deletions cilium/grpc_subscription.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -136,11 +136,11 @@ subscribe(const std::string& type_url, const LocalInfo::LocalInfo& local_info,
std::make_unique<NopConfigValidatorsImpl>();
auto factory_or_error = Config::Utility::factoryForGrpcApiConfigSource(
cm.grpcAsyncClientManager(), api_config_source, scope, true, 0);
THROW_IF_STATUS_NOT_OK(factory_or_error, throw);
THROW_IF_NOT_OK_REF(factory_or_error.status());

absl::StatusOr<Config::RateLimitSettings> rate_limit_settings_or_error =
Config::Utility::parseRateLimitSettings(api_config_source);
THROW_IF_STATUS_NOT_OK(rate_limit_settings_or_error, throw);
THROW_IF_NOT_OK_REF(rate_limit_settings_or_error.status());

Config::GrpcMuxContext grpc_mux_context{
factory_or_error.value()->createUncachedRawAsyncClient(),
Expand Down
5 changes: 3 additions & 2 deletions cilium/network_filter.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -220,7 +220,8 @@ Network::FilterStatus Instance::onData(Buffer::Instance& data, bool end_stream)
if (go_parser_) {
FilterResult res =
go_parser_->OnIO(false, data, end_stream); // 'false' marks original direction data
ENVOY_CONN_LOG(trace, "cilium.network::onData: \'GoFilter::OnIO\' returned {}", conn, res);
ENVOY_CONN_LOG(trace, "cilium.network::onData: \'GoFilter::OnIO\' returned {}", conn,
Envoy::Cilium::toString(res));

if (res != FILTER_OK) {
// Drop the connection due to an error
Expand Down Expand Up @@ -287,7 +288,7 @@ Network::FilterStatus Instance::onWrite(Buffer::Instance& data, bool end_stream)
FilterResult res =
go_parser_->OnIO(true, data, end_stream); // 'true' marks reverse direction data
ENVOY_CONN_LOG(trace, "cilium.network::OnWrite: \'GoFilter::OnIO\' returned {}",
callbacks_->connection(), res);
callbacks_->connection(), Envoy::Cilium::toString(res));

if (res != FILTER_OK) {
// Drop the connection due to an error
Expand Down
7 changes: 4 additions & 3 deletions cilium/network_policy.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -201,9 +201,10 @@ class HttpNetworkPolicyRule : public Logger::Loggable<Logger::Id::config> {
"Cilium L7 HttpNetworkPolicyRule(): HeaderMatch {}={} (match: {}, mismatch: {})",
header_match.name_.get(),
header_match.secret_ ? fmt::format("<SECRET {}>", header_match.secret_->name())
: header_match.value_.length() > 0 ? header_match.value_
: "<PRESENT>",
header_match.match_action_, header_match.mismatch_action_);
: !header_match.value_.empty() ? header_match.value_
: "<PRESENT>",
cilium::HeaderMatch::MatchAction_Name(header_match.match_action_),
cilium::HeaderMatch::MismatchAction_Name(header_match.mismatch_action_));
}
}

Expand Down
37 changes: 5 additions & 32 deletions cilium/proxylib.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,32 +81,6 @@ GoFilter::~GoFilter() {
}
}

namespace {

const char* filter_strerror(FilterResult res) {
switch (res) {
case FILTER_OK:
return "No error";
case FILTER_PARSER_ERROR:
return "Parser error";
case FILTER_UNKNOWN_CONNECTION:
return "Unknown connection";
case FILTER_UNKNOWN_PARSER:
return "Unknown parser";
case FILTER_INVALID_ADDRESS:
return "Invalid address";
case FILTER_POLICY_DROP:
return "Connection rejected";
case FILTER_INVALID_INSTANCE:
return "Invalid proxylib instance";
case FILTER_UNKNOWN_ERROR:
break;
}
return "Unknown error";
}

} // namespace

GoFilter::InstancePtr GoFilter::NewInstance(Network::Connection& conn, const std::string& go_proto,
bool ingress, uint32_t src_id, uint32_t dst_id,
const std::string& src_addr,
Expand All @@ -123,7 +97,7 @@ GoFilter::InstancePtr GoFilter::NewInstance(Network::Connection& conn, const std
parser->connection_id_ = conn.id();
} else {
ENVOY_CONN_LOG(warn, "Cilium Network: Connection with parser \"{}\" rejected: {}", conn,
go_proto, filter_strerror(res));
go_proto, toString(res));
parser.reset(nullptr);
}
}
Expand Down Expand Up @@ -240,8 +214,8 @@ FilterResult GoFilter::Instance::OnIO(bool reply, Buffer::Instance& data, bool e
ENVOY_CONN_LOG(trace, "Cilium Network::OnIO: Calling go module with {} bytes of data", conn_,
total_length);
res = (*parent_.go_on_data_)(connection_id_, reply, end_stream, &input_slices, &ops);
ENVOY_CONN_LOG(trace, "Cilium Network::OnIO: \'go_on_data\' returned {}, ops({})", conn_, res,
ops.len());
ENVOY_CONN_LOG(trace, "Cilium Network::OnIO: \'go_on_data\' returned {}, ops({})", conn_,
toString(res), ops.len());
if (res == FILTER_OK) {
// Process all returned filter operations.
for (int i = 0; i < ops.len(); i++) {
Expand All @@ -257,7 +231,7 @@ FilterResult GoFilter::Instance::OnIO(bool reply, Buffer::Instance& data, bool e
if (terminal_op_seen) {
ENVOY_CONN_LOG(warn,
"Cilium Network::OnIO: Filter operation {} after "
"terminal opertion.",
"terminal operation.",
conn_, op);
return FILTER_PARSER_ERROR;
}
Expand Down Expand Up @@ -319,8 +293,7 @@ FilterResult GoFilter::Instance::OnIO(bool reply, Buffer::Instance& data, bool e
}
} else {
// Close the connection an any error
ENVOY_CONN_LOG(warn, "Cilium Network::OnIO: FILTER_POLICY_DROP {}", conn_,
filter_strerror(res));
ENVOY_CONN_LOG(warn, "Cilium Network::OnIO: FILTER_POLICY_DROP {}", conn_, toString(res));
return FILTER_PARSER_ERROR;
}

Expand Down
22 changes: 22 additions & 0 deletions cilium/proxylib.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,28 @@ template <typename T> struct GoSlice {
GoInt cap_;
};

inline std::string toString(const FilterResult res) {
switch (res) {
case FILTER_OK:
return "No error";
case FILTER_PARSER_ERROR:
return "Parser error";
case FILTER_UNKNOWN_CONNECTION:
return "Unknown connection";
case FILTER_UNKNOWN_PARSER:
return "Unknown parser";
case FILTER_INVALID_ADDRESS:
return "Invalid address";
case FILTER_POLICY_DROP:
return "Connection rejected";
case FILTER_INVALID_INSTANCE:
return "Invalid proxylib instance";
case FILTER_UNKNOWN_ERROR:
break;
}
return "Unknown error";
}

// Slice that remembers the base pointer and that can be reset.
// Note that these have more header data than GoSlices and therefore may not
// used as array elements passed to Go!
Expand Down
2 changes: 1 addition & 1 deletion cilium/secret_watcher.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ DownstreamTLSContext::DownstreamTLSContext(const NetworkPolicyMap& parent,
server_names_.emplace_back(config.server_names(i));
}
auto server_config_or_error = Extensions::TransportSockets::Tls::ServerContextConfigImpl::create(
context_config, parent.transportFactoryContext());
context_config, parent.transportFactoryContext(), false);
THROW_IF_NOT_OK(server_config_or_error.status());
server_config_ = std::move(server_config_or_error.value());

Expand Down
2 changes: 1 addition & 1 deletion cilium/websocket_codec.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ class HttpParser : public Logger::Loggable<Logger::Id::filter> {

ssize_t rc = http_parser_execute(&parser_, &settings, msg.data(), msg.length());
ENVOY_LOG(trace, "websocket: http_parser parsed {} chars, error code: {}", rc,
HTTP_PARSER_ERRNO(&parser_));
static_cast<int>(HTTP_PARSER_ERRNO(&parser_)));

// Errors in parsing HTTP.
if (HTTP_PARSER_ERRNO(&parser_) != HPE_OK) {
Expand Down
2 changes: 1 addition & 1 deletion cilium/websocket_config.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ Config::Config(Server::Configuration::FactoryContext& context, bool client,
x_rid_config.mutable_typed_config()->PackFrom(
envoy::extensions::request_id::uuid::v3::UuidRequestIdConfig());
auto extension_or_error = Http::RequestIDExtensionFactory::fromProto(x_rid_config, context);
THROW_IF_STATUS_NOT_OK(extension_or_error, throw);
THROW_IF_NOT_OK_REF(extension_or_error.status());
request_id_extension_ = extension_or_error.value();

// Base64 encode the given/expected key, if any.
Expand Down
45 changes: 18 additions & 27 deletions envoy.bazelrc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ build --copt=-DABSL_MIN_LOG_LEVEL=4
build --define envoy_mobile_listener=enabled
build --experimental_repository_downloader_retries=2
build --enable_platform_specific_config
build --incompatible_merge_fixed_and_default_shell_env

# Pass CC, CXX and LLVM_CONFIG variables from the environment.
# We assume they have stable values, so this won't cause action cache misses.
Expand Down Expand Up @@ -94,7 +95,7 @@ build:clang-pch --spawn_strategy=local
build:clang-pch --define=ENVOY_CLANG_PCH=1

# Use gold linker for gcc compiler.
build:gcc --linkopt=-fuse-ld=gold
build:gcc --linkopt=-fuse-ld=gold --host_linkopt=-fuse-ld=gold
build:gcc --test_env=HEAPCHECK=
build:gcc --action_env=BAZEL_COMPILER=gcc
build:gcc --action_env=CC=gcc --action_env=CXX=g++
Expand Down Expand Up @@ -256,24 +257,24 @@ build:cache-local --remote_cache=grpc://localhost:9092
build:rbe-toolchain --action_env=BAZEL_DO_NOT_DETECT_CPP_TOOLCHAIN=1

build:rbe-toolchain-clang --config=rbe-toolchain
build:rbe-toolchain-clang --platforms=@envoy_build_tools//toolchains:rbe_linux_clang_platform
build:rbe-toolchain-clang --host_platform=@envoy_build_tools//toolchains:rbe_linux_clang_platform
build:rbe-toolchain-clang --crosstool_top=@envoy_build_tools//toolchains/configs/linux/clang/cc:toolchain
build:rbe-toolchain-clang --extra_toolchains=@envoy_build_tools//toolchains/configs/linux/clang/config:cc-toolchain
build:rbe-toolchain-clang --action_env=CC=clang --action_env=CXX=clang++ --action_env=PATH=/usr/sbin:/usr/bin:/sbin:/bin:/opt/llvm/bin
build:rbe-toolchain-clang --platforms=@envoy//bazel/rbe/toolchains:rbe_linux_clang_platform
build:rbe-toolchain-clang --host_platform=@envoy//bazel/rbe/toolchains:rbe_linux_clang_platform
build:rbe-toolchain-clang --crosstool_top=@envoy//bazel/rbe/toolchains/configs/linux/clang/cc:toolchain
build:rbe-toolchain-clang --extra_toolchains=@envoy//bazel/rbe/toolchains/configs/linux/clang/config:cc-toolchain
build:rbe-toolchain-clang --action_env=CC=clang --action_env=CXX=clang++

build:rbe-toolchain-clang-libc++ --config=rbe-toolchain
build:rbe-toolchain-clang-libc++ --platforms=@envoy_build_tools//toolchains:rbe_linux_clang_libcxx_platform
build:rbe-toolchain-clang-libc++ --host_platform=@envoy_build_tools//toolchains:rbe_linux_clang_libcxx_platform
build:rbe-toolchain-clang-libc++ --crosstool_top=@envoy_build_tools//toolchains/configs/linux/clang_libcxx/cc:toolchain
build:rbe-toolchain-clang-libc++ --extra_toolchains=@envoy_build_tools//toolchains/configs/linux/clang_libcxx/config:cc-toolchain
build:rbe-toolchain-clang-libc++ --action_env=CC=clang --action_env=CXX=clang++ --action_env=PATH=/usr/sbin:/usr/bin:/sbin:/bin:/opt/llvm/bin
build:rbe-toolchain-clang-libc++ --platforms=@envoy//bazel/rbe/toolchains:rbe_linux_clang_libcxx_platform
build:rbe-toolchain-clang-libc++ --host_platform=@envoy//bazel/rbe/toolchains:rbe_linux_clang_libcxx_platform
build:rbe-toolchain-clang-libc++ --crosstool_top=@envoy//bazel/rbe/toolchains/configs/linux/clang_libcxx/cc:toolchain
build:rbe-toolchain-clang-libc++ --extra_toolchains=@envoy//bazel/rbe/toolchains/configs/linux/clang_libcxx/config:cc-toolchain
build:rbe-toolchain-clang-libc++ --action_env=CC=clang --action_env=CXX=clang++
build:rbe-toolchain-clang-libc++ --action_env=CXXFLAGS=-stdlib=libc++
build:rbe-toolchain-clang-libc++ --action_env=LDFLAGS=-stdlib=libc++
build:rbe-toolchain-clang-libc++ --define force_libcpp=enabled

# Do not inherit from "clang-asan" to avoid picking up flags from local clang.bazelrc.
build:rbe-toolchain-asan --config=asan

build:rbe-toolchain-asan --config=clang-asan
build:rbe-toolchain-asan --linkopt -fuse-ld=lld
build:rbe-toolchain-asan --action_env=ENVOY_UBSAN_VPTR=1
build:rbe-toolchain-asan --copt=-fsanitize=vptr,function
Expand All @@ -291,20 +292,10 @@ build:rbe-toolchain-tsan --linkopt=-Wl,-rpath,/opt/libcxx_tsan/lib
build:rbe-toolchain-tsan --config=clang-tsan

build:rbe-toolchain-gcc --config=rbe-toolchain
build:rbe-toolchain-gcc --platforms=@envoy_build_tools//toolchains:rbe_linux_gcc_platform
build:rbe-toolchain-gcc --host_platform=@envoy_build_tools//toolchains:rbe_linux_gcc_platform
build:rbe-toolchain-gcc --crosstool_top=@envoy_build_tools//toolchains/configs/linux/gcc/cc:toolchain
build:rbe-toolchain-gcc --extra_toolchains=@envoy_build_tools//toolchains/configs/linux/gcc/config:cc-toolchain

build:rbe-toolchain-msvc-cl --host_platform=@envoy_build_tools//toolchains:rbe_windows_msvc_cl_platform
build:rbe-toolchain-msvc-cl --platforms=@envoy_build_tools//toolchains:rbe_windows_msvc_cl_platform
build:rbe-toolchain-msvc-cl --crosstool_top=@envoy_build_tools//toolchains/configs/windows/msvc-cl/cc:toolchain
build:rbe-toolchain-msvc-cl --extra_toolchains=@envoy_build_tools//toolchains/configs/windows/msvc-cl/config:cc-toolchain

build:rbe-toolchain-clang-cl --host_platform=@envoy_build_tools//toolchains:rbe_windows_clang_cl_platform
build:rbe-toolchain-clang-cl --platforms=@envoy_build_tools//toolchains:rbe_windows_clang_cl_platform
build:rbe-toolchain-clang-cl --crosstool_top=@envoy_build_tools//toolchains/configs/windows/clang-cl/cc:toolchain
build:rbe-toolchain-clang-cl --extra_toolchains=@envoy_build_tools//toolchains/configs/windows/clang-cl/config:cc-toolchain
build:rbe-toolchain-gcc --platforms=@envoy//bazel/rbe/toolchains:rbe_linux_gcc_platform
build:rbe-toolchain-gcc --host_platform=@envoy//bazel/rbe/toolchains:rbe_linux_gcc_platform
build:rbe-toolchain-gcc --crosstool_top=@envoy//bazel/rbe/toolchains/configs/linux/gcc/cc:toolchain
build:rbe-toolchain-gcc --extra_toolchains=@envoy//bazel/rbe/toolchains/configs/linux/gcc/config:cc-toolchain

build:remote --spawn_strategy=remote,sandboxed,local
build:remote --strategy=Javac=remote,sandboxed,local
Expand Down
Loading
Loading