merge with main upstream

Signed-off-by: Xin Zhuang <stevenzzz@google.com>
stevenzzzz · Feb 16, 2024 · bf3497a · bf3497a
2 parents ce942c1 + 4994e59
commit bf3497a
Show file tree

Hide file tree

Showing 226 changed files with 4,056 additions and 773 deletions.
diff --git a/.bazelversion b/.bazelversion
@@ -1 +1 @@
-6.3.2
+6.5.0
diff --git a/.gitattributes b/.gitattributes
@@ -1,3 +1,5 @@
+* text=auto eol=lf
+
 /generated_api_shadow/envoy/** linguist-generated=true
 /generated_api_shadow/bazel/** linguist-generated=true
 *.svg binary

diff --git a/.github/config.yml b/.github/config.yml
@@ -254,6 +254,7 @@ run:
   mobile-core:
     paths:
     - "**/*"
+    - "*"
   mobile-format:
     paths:
     - .bazelrc

diff --git a/.github/workflows/codeql-daily.yml b/.github/workflows/codeql-daily.yml
@@ -8,7 +8,7 @@ on:
   - cron: '0 12 * * 4'
 
 concurrency:
-  group: ${{ github.head_ref-github.workflow || github.run_id }}
+  group: ${{ github.head_ref || github.run_id }}-${{ github.workflow }}
   cancel-in-progress: true
 
 
@@ -29,6 +29,12 @@ jobs:
     - name: Checkout repository
       uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # v4.1.1
 
+    - name: Free disk space
+      uses: envoyproxy/toolshed/gh-actions/diskspace@680d414be3f56cbb161dfdebebece85d81c3f686  # actions-v0.2.24
+      with:
+        to_remove: |
+          /usr/local/lib/android
+
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
       uses: github/codeql-action/init@cdcdbb579706841c47f7063dda365e292e5cad7a  # codeql-bundle-v2.13.4

diff --git a/.github/workflows/codeql-push.yml b/.github/workflows/codeql-push.yml
@@ -13,7 +13,7 @@ on:
   pull_request:
 
 concurrency:
-  group: ${{ github.head_ref-github.workflow || github.run_id }}
+  group: ${{ github.head_ref || github.run_id }}-${{ github.workflow }}
   cancel-in-progress: true
 
 env:

diff --git a/OWNERS.md b/OWNERS.md
@@ -40,7 +40,7 @@ routing PRs, questions, etc. to the right place.
   * Stats, abseil, scalability, and performance.
 * Adi Peleg ([adisuissa](https://github.com/adisuissa)) (adip@google.com)
   * xDS APIs, configuration, control plane, fuzzing.
-* Kevin Baichoo ([KBaichoo](https://github.com/KBaichoo)) (kbaichoo@google.com)
+* Kevin Baichoo ([KBaichoo](https://github.com/KBaichoo)) (envoy@kevinbaichoo.com)
   * Data plane, overload management, flow control.
 * Keith Smiley ([keith](https://github.com/keith)) (keithbsmiley@gmail.com)
   * Bazel, CI, compilers, linkers, general build issues, etc.
@@ -80,7 +80,7 @@ without further review.
 * Pradeep Rao ([pradeepcrao](https://github.com/pradeepcrao)) (pcrao@google.com)
 * Kateryna Nezdolii ([nezdolik](https://github.com/nezdolik)) (kateryna.nezdolii@gmail.com)
 * Boteng Yao ([botengyao](https://github.com/botengyao)) (boteng@google.com)
-* Kevin Baichoo ([KBaichoo](https://github.com/KBaichoo)) (kbaichoo@google.com)
+* Kevin Baichoo ([KBaichoo](https://github.com/KBaichoo)) (envoy@kevinbaichoo.com)
 * Tianyu Xia ([tyxia](https://github.com/tyxia)) (tyxia@google.com)
 
 # Emeritus maintainers

diff --git a/api/BUILD b/api/BUILD
@@ -292,6 +292,8 @@ proto_library(
         "//envoy/extensions/network/dns_resolver/cares/v3:pkg",
         "//envoy/extensions/network/dns_resolver/getaddrinfo/v3:pkg",
         "//envoy/extensions/network/socket_interface/v3:pkg",
+        "//envoy/extensions/outlier_detection_monitors/common/v3:pkg",
+        "//envoy/extensions/outlier_detection_monitors/consecutive_errors/v3:pkg",
         "//envoy/extensions/path/match/uri_template/v3:pkg",
         "//envoy/extensions/path/rewrite/uri_template/v3:pkg",
         "//envoy/extensions/quic/connection_id_generator/v3:pkg",

diff --git a/api/envoy/config/bootstrap/v3/bootstrap.proto b/api/envoy/config/bootstrap/v3/bootstrap.proto
@@ -41,7 +41,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // <config_overview_bootstrap>` for more detail.
 
 // Bootstrap :ref:`configuration overview <config_overview_bootstrap>`.
-// [#next-free-field: 41]
+// [#next-free-field: 42]
 message Bootstrap {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.bootstrap.v2.Bootstrap";
@@ -411,6 +411,9 @@ message Bootstrap {
 
   // Optional gRPC async manager config.
   GrpcAsyncClientManagerConfig grpc_async_client_manager_config = 40;
+
+  // Optional configuration for memory allocation manager.
+  MemoryAllocatorManager memory_allocator_manager = 41;
 }
 
 // Administration interface :ref:`operations documentation
@@ -734,3 +737,14 @@ message CustomInlineHeader {
   // The type of the header that is expected to be set as the inline header.
   InlineHeaderType inline_header_type = 2 [(validate.rules).enum = {defined_only: true}];
 }
+
+message MemoryAllocatorManager {
+  // Configures tcmalloc to perform background release of free memory in amount of bytes per ``memory_release_interval`` interval.
+  // If equals to ``0``, no memory release will occur. Defaults to ``0``.
+  uint64 bytes_to_release = 1 [(validate.rules).uint64 = {gte: 1}];
+
+  // Interval in milliseconds for memory releasing. If specified, during every
+  // interval Envoy will try to ``release bytes_to_release`` of free memory back to operating system for reuse.
+  // Defaults to 1000 milliseconds.
+  google.protobuf.Duration memory_release_interval = 2;
+}
diff --git a/api/envoy/config/cluster/v3/outlier_detection.proto b/api/envoy/config/cluster/v3/outlier_detection.proto
@@ -2,6 +2,8 @@ syntax = "proto3";
 
 package envoy.config.cluster.v3;
 
+import "envoy/config/core/v3/extension.proto";
+
 import "google/protobuf/duration.proto";
 import "google/protobuf/wrappers.proto";
 
@@ -19,7 +21,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 
 // See the :ref:`architecture overview <arch_overview_outlier_detection>` for
 // more information on outlier detection.
-// [#next-free-field: 24]
+// [#next-free-field: 25]
 message OutlierDetection {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.api.v2.cluster.OutlierDetection";
@@ -167,4 +169,8 @@ message OutlierDetection {
   // To change this default behavior set this config to ``false`` where active health checking will not uneject the host.
   // Defaults to true.
   google.protobuf.BoolValue successful_active_health_check_uneject_host = 23;
+
+  // Set of host's passive monitors.
+  // [#not-implemented-hide:]
+  repeated core.v3.TypedExtensionConfig monitors = 24;
 }
diff --git a/api/envoy/config/core/v3/protocol.proto b/api/envoy/config/core/v3/protocol.proto
@@ -56,7 +56,7 @@ message QuicKeepAliveSettings {
 }
 
 // QUIC protocol options which apply to both downstream and upstream connections.
-// [#next-free-field: 8]
+// [#next-free-field: 9]
 message QuicProtocolOptions {
   // Maximum number of streams that the client can negotiate per connection. 100
   // if not specified.
@@ -102,6 +102,15 @@ message QuicProtocolOptions {
   // A comma-separated list of strings representing QUIC client connection options defined in
   // `QUICHE <https://github.com/google/quiche/blob/main/quiche/quic/core/crypto/crypto_protocol.h>`_ and to be sent by upstream connections.
   string client_connection_options = 7;
+
+  // The duration that a QUIC connection stays idle before it closes itself. If this field is not present, QUICHE
+  // default 600s will be applied.
+  // For internal corporate network, a long timeout is often fine.
+  // But for client facing network, 30s is usually a good choice.
+  google.protobuf.Duration idle_network_timeout = 8 [(validate.rules).duration = {
+    lte {seconds: 600}
+    gte {seconds: 1}
+  }];
 }
 
 message UpstreamHttpProtocolOptions {

diff --git a/api/envoy/config/listener/v3/quic_config.proto b/api/envoy/config/listener/v3/quic_config.proto
@@ -72,7 +72,7 @@ message QuicProtocolOptions {
   core.v3.TypedExtensionConfig connection_id_generator_config = 8;
 
   // Configure the server's preferred address to advertise so that client can migrate to it. See :ref:`example <envoy_v3_api_msg_extensions.quic.server_preferred_address.v3.FixedServerPreferredAddressConfig>` which configures a pair of v4 and v6 preferred addresses.
-  // The current QUICHE implementation will advertise only one of the preferred IPv4 and IPv6 addresses based on the address family the client initially connects with, and only if the client is also QUICHE-based.
+  // The current QUICHE implementation will advertise only one of the preferred IPv4 and IPv6 addresses based on the address family the client initially connects with.
   // If not specified, Envoy will not advertise any server's preferred address.
   // [#extension-category: envoy.quic.server_preferred_address]
   core.v3.TypedExtensionConfig server_preferred_address_config = 9

diff --git a/api/envoy/extensions/outlier_detection_monitors/common/v3/BUILD b/api/envoy/extensions/outlier_detection_monitors/common/v3/BUILD
@@ -0,0 +1,12 @@
+# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py.
+
+load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
+
+licenses(["notice"])  # Apache 2
+
+api_proto_package(
+    deps = [
+        "//envoy/type/v3:pkg",
+        "@com_github_cncf_xds//udpa/annotations:pkg",
+    ],
+)
diff --git a/api/envoy/extensions/outlier_detection_monitors/common/v3/error_types.proto b/api/envoy/extensions/outlier_detection_monitors/common/v3/error_types.proto
@@ -0,0 +1,44 @@
+syntax = "proto3";
+
+package envoy.extensions.outlier_detection_monitors.common.v3;
+
+import "envoy/type/v3/range.proto";
+
+import "udpa/annotations/status.proto";
+
+option java_package = "io.envoyproxy.envoy.extensions.outlier_detection_monitors.common.v3";
+option java_outer_classname = "ErrorTypesProto";
+option java_multiple_files = true;
+option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/outlier_detection_monitors/common/v3;commonv3";
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: Outlier detection error buckets]
+// Error bucket for HTTP codes.
+// [#not-implemented-hide:]
+message HttpErrors {
+  type.v3.Int32Range range = 1;
+}
+
+// Error bucket for locally originated errors.
+// [#not-implemented-hide:]
+message LocalOriginErrors {
+}
+
+// Error bucket for database errors.
+// Sub-parameters may be added later, like malformed response, error on write, etc.
+// [#not-implemented-hide:]
+message DatabaseErrors {
+}
+
+// Union of possible error buckets.
+// [#not-implemented-hide:]
+message ErrorBuckets {
+  // List of buckets "catching" HTTP codes.
+  repeated HttpErrors http_errors = 1;
+
+  // List of buckets "catching" locally originated errors.
+  repeated LocalOriginErrors local_origin_errors = 2;
+
+  // List of buckets "catching" database errors.
+  repeated DatabaseErrors database_errors = 3;
+}
diff --git a/api/envoy/extensions/outlier_detection_monitors/consecutive_errors/v3/BUILD b/api/envoy/extensions/outlier_detection_monitors/consecutive_errors/v3/BUILD
@@ -0,0 +1,12 @@
+# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py.
+
+load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
+
+licenses(["notice"])  # Apache 2
+
+api_proto_package(
+    deps = [
+        "//envoy/extensions/outlier_detection_monitors/common/v3:pkg",
+        "@com_github_cncf_xds//udpa/annotations:pkg",
+    ],
+)
diff --git a/...nvoy/extensions/outlier_detection_monitors/consecutive_errors/v3/consecutive_errors.proto b/...nvoy/extensions/outlier_detection_monitors/consecutive_errors/v3/consecutive_errors.proto
@@ -0,0 +1,34 @@
+syntax = "proto3";
+
+package envoy.extensions.outlier_detection_monitors.consecutive_errors.v3;
+
+import "envoy/extensions/outlier_detection_monitors/common/v3/error_types.proto";
+
+import "google/protobuf/wrappers.proto";
+
+import "udpa/annotations/status.proto";
+import "validate/validate.proto";
+
+option java_package = "io.envoyproxy.envoy.extensions.outlier_detection_monitors.consecutive_errors.v3";
+option java_outer_classname = "ConsecutiveErrorsProto";
+option java_multiple_files = true;
+option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/outlier_detection_monitors/consecutive_errors/v3;consecutive_errorsv3";
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// Monitor which counts consecutive errors.
+// If number of consecutive errors exceeds the threshold, monitor will report that the host
+// is unhealthy.
+// [#not-implemented-hide:]
+message ConsecutiveErrors {
+  // Monitor name.
+  string name = 1;
+
+  // The number of consecutive errors before ejection occurs.
+  google.protobuf.UInt32Value threshold = 2 [(validate.rules).uint32 = {lte: 100}];
+
+  // The % chance that a host is actually ejected. Defaults to 100.
+  google.protobuf.UInt32Value enforcing = 3 [(validate.rules).uint32 = {lte: 100}];
+
+  // Error buckets.
+  common.v3.ErrorBuckets error_buckets = 4;
+}
diff --git a/api/envoy/service/ext_proc/v3/BUILD b/api/envoy/service/ext_proc/v3/BUILD
@@ -7,6 +7,7 @@ licenses(["notice"])  # Apache 2
 api_proto_package(
     has_services = True,
     deps = [
+        "//envoy/annotations:pkg",
         "//envoy/config/core/v3:pkg",
         "//envoy/extensions/filters/http/ext_proc/v3:pkg",
         "//envoy/type/v3:pkg",

diff --git a/api/envoy/service/ext_proc/v3/external_processor.proto b/api/envoy/service/ext_proc/v3/external_processor.proto
@@ -9,6 +9,7 @@ import "envoy/type/v3/http_status.proto";
 import "google/protobuf/duration.proto";
 import "google/protobuf/struct.proto";
 
+import "envoy/annotations/deprecation.proto";
 import "udpa/annotations/status.proto";
 import "validate/validate.proto";
 
@@ -56,7 +57,7 @@ service ExternalProcessor {
 
 // This represents the different types of messages that Envoy can send
 // to an external processing server.
-// [#next-free-field: 9]
+// [#next-free-field: 10]
 message ProcessingRequest {
   // Specify whether the filter that sent this request is running in synchronous
   // or asynchronous mode. The choice of synchronous or asynchronous mode
@@ -112,6 +113,12 @@ message ProcessingRequest {
 
   // Dynamic metadata associated with the request.
   config.core.v3.Metadata metadata_context = 8;
+
+  // The values of properties selected by the ``request_attributes``
+  // or ``response_attributes`` list in the configuration. Each entry
+  // in the list is populated from the standard
+  // :ref:`attributes <arch_overview_attributes>` supported across Envoy.
+  map<string, google.protobuf.Struct> attributes = 9;
 }
 
 // For every ProcessingRequest received by the server with the ``async_mode`` field
@@ -204,12 +211,11 @@ message HttpHeaders {
   config.core.v3.HeaderMap headers = 1;
 
   // [#not-implemented-hide:]
-  // The values of properties selected by the ``request_attributes``
-  // or ``response_attributes`` list in the configuration. Each entry
-  // in the list is populated
-  // from the standard :ref:`attributes <arch_overview_attributes>`
-  // supported across Envoy.
-  map<string, google.protobuf.Struct> attributes = 2;
+  // This field is deprecated and not implemented. Attributes will be sent in
+  // the  top-level :ref:`attributes <envoy_v3_api_field_service.ext_proc.v3.ProcessingRequest.attributes`
+  // field.
+  map<string, google.protobuf.Struct> attributes = 2
+      [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
 
   // If true, then there is no message body associated with this
   // request or response.

diff --git a/api/envoy/type/http/v3/cookie.proto b/api/envoy/type/http/v3/cookie.proto
@@ -22,7 +22,7 @@ message Cookie {
   string name = 1 [(validate.rules).string = {min_len: 1}];
 
   // Duration of cookie. This will be used to set the expiry time of a new cookie when it is
-  // generated. Set this to 0 to use a session cookie.
+  // generated. Set this to 0s to use a session cookie and disable cookie expiration.
   google.protobuf.Duration ttl = 2 [(validate.rules).duration = {gte {}}];
 
   // Path of cookie. This will be used to set the path of a new cookie when it is generated.

diff --git a/api/versioning/BUILD b/api/versioning/BUILD
@@ -231,6 +231,8 @@ proto_library(
         "//envoy/extensions/network/dns_resolver/cares/v3:pkg",
         "//envoy/extensions/network/dns_resolver/getaddrinfo/v3:pkg",
         "//envoy/extensions/network/socket_interface/v3:pkg",
+        "//envoy/extensions/outlier_detection_monitors/common/v3:pkg",
+        "//envoy/extensions/outlier_detection_monitors/consecutive_errors/v3:pkg",
         "//envoy/extensions/path/match/uri_template/v3:pkg",
         "//envoy/extensions/path/rewrite/uri_template/v3:pkg",
         "//envoy/extensions/quic/connection_id_generator/v3:pkg",

diff --git a/bazel/BUILD b/bazel/BUILD
@@ -481,6 +481,14 @@ config_setting(
     values = {"define": "boringssl=disabled"},
 )
 
+selects.config_setting_group(
+    name = "boringssl_fips_x86",
+    match_all = [
+        ":boringssl_fips",
+        "@platforms//cpu:x86_64",
+    ],
+)
+
 config_setting(
     name = "zlib_ng",
     constraint_values = [
-Original file line number
+Diff line change
@@ Expand Up / @@ -254,6 +254,7 @@ run: @@
       mobile-core:
         paths:
         - "**/*"
+        - "*"
       mobile-format:
         paths:
         - .bazelrc
@@ Expand Down @@