grpc 1.50.0-x86_64-linux → 1.51.0-x86_64-linux
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +131 -42
- data/include/grpc/event_engine/event_engine.h +10 -3
- data/include/grpc/event_engine/slice_buffer.h +17 -0
- data/include/grpc/grpc.h +0 -10
- data/include/grpc/impl/codegen/grpc_types.h +1 -5
- data/include/grpc/impl/codegen/port_platform.h +0 -3
- data/src/core/ext/filters/channel_idle/channel_idle_filter.cc +19 -13
- data/src/core/ext/filters/channel_idle/channel_idle_filter.h +1 -0
- data/src/core/ext/filters/client_channel/backup_poller.cc +3 -3
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +7 -5
- data/src/core/ext/filters/client_channel/client_channel.cc +120 -140
- data/src/core/ext/filters/client_channel/client_channel.h +3 -4
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +0 -2
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +1 -1
- data/src/core/ext/filters/client_channel/client_channel_service_config.cc +153 -0
- data/src/core/ext/filters/client_channel/{resolver_result_parsing.h → client_channel_service_config.h} +26 -23
- data/src/core/ext/filters/client_channel/connector.h +1 -1
- data/src/core/ext/filters/client_channel/dynamic_filters.cc +20 -47
- data/src/core/ext/filters/client_channel/dynamic_filters.h +7 -8
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +3 -4
- data/src/core/ext/filters/client_channel/http_proxy.cc +0 -1
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +3 -4
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +5 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +8 -7
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +35 -44
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +0 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +1 -3
- data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +3 -4
- data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +41 -29
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.h +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +9 -11
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +15 -12
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +8 -10
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +26 -27
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +7 -9
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +44 -26
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +17 -27
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_attributes.cc +42 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/{xds.h → xds_attributes.h} +15 -17
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +13 -7
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +48 -47
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +40 -126
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +364 -0
- data/src/core/ext/filters/client_channel/resolver/binder/binder_resolver.cc +9 -9
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +23 -32
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +1 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +22 -23
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +50 -52
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +2 -4
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +1 -3
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +34 -26
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +3 -4
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +4 -7
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +63 -46
- data/src/core/ext/filters/client_channel/retry_filter.cc +80 -102
- data/src/core/ext/filters/client_channel/retry_service_config.cc +192 -234
- data/src/core/ext/filters/client_channel/retry_service_config.h +20 -23
- data/src/core/ext/filters/client_channel/retry_throttle.cc +8 -8
- data/src/core/ext/filters/client_channel/retry_throttle.h +8 -7
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +2 -2
- data/src/core/ext/filters/client_channel/subchannel.cc +21 -25
- data/src/core/ext/filters/client_channel/subchannel.h +2 -2
- data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +11 -12
- data/src/core/ext/filters/deadline/deadline_filter.cc +13 -14
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +1 -1
- data/src/core/ext/filters/fault_injection/fault_injection_filter.h +0 -4
- data/src/core/ext/filters/fault_injection/fault_injection_service_config_parser.cc +118 -0
- data/src/core/ext/filters/fault_injection/{service_config_parser.h → fault_injection_service_config_parser.h} +20 -12
- data/src/core/ext/filters/http/client/http_client_filter.cc +16 -16
- data/src/core/ext/filters/http/client_authority_filter.cc +1 -1
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +13 -13
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +34 -34
- data/src/core/ext/filters/http/server/http_server_filter.cc +26 -25
- data/src/core/ext/filters/message_size/message_size_filter.cc +86 -117
- data/src/core/ext/filters/message_size/message_size_filter.h +22 -15
- data/src/core/ext/filters/rbac/rbac_filter.cc +12 -12
- data/src/core/ext/filters/rbac/rbac_service_config_parser.cc +728 -530
- data/src/core/ext/filters/rbac/rbac_service_config_parser.h +4 -3
- data/src/core/ext/filters/server_config_selector/server_config_selector.h +1 -1
- data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +6 -7
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +17 -21
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +57 -72
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +5 -5
- data/src/core/ext/transport/chttp2/transport/bin_encoder.h +1 -1
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +212 -253
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +42 -11
- data/src/core/ext/transport/chttp2/transport/flow_control.h +4 -3
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +16 -15
- data/src/core/ext/transport/chttp2/transport/frame_data.h +1 -1
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +13 -13
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +4 -3
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +10 -7
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +15 -17
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +5 -4
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +5 -6
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +1 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +2 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +31 -39
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +7 -6
- data/src/core/ext/transport/chttp2/transport/internal.h +24 -8
- data/src/core/ext/transport/chttp2/transport/parsing.cc +51 -52
- data/src/core/ext/transport/chttp2/transport/varint.cc +2 -3
- data/src/core/ext/transport/chttp2/transport/varint.h +11 -8
- data/src/core/ext/transport/chttp2/transport/writing.cc +16 -16
- data/src/core/ext/transport/inproc/inproc_transport.cc +97 -115
- data/src/core/ext/xds/certificate_provider_store.cc +4 -4
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +4 -7
- data/src/core/ext/xds/xds_api.cc +15 -68
- data/src/core/ext/xds/xds_api.h +3 -7
- data/src/core/ext/xds/xds_bootstrap.h +0 -1
- data/src/core/ext/xds/xds_bootstrap_grpc.cc +3 -12
- data/src/core/ext/xds/xds_bootstrap_grpc.h +16 -1
- data/src/core/ext/xds/xds_certificate_provider.cc +22 -25
- data/src/core/ext/xds/xds_channel_stack_modifier.cc +0 -1
- data/src/core/ext/xds/xds_client.cc +122 -90
- data/src/core/ext/xds/xds_client.h +7 -2
- data/src/core/ext/xds/xds_client_grpc.cc +5 -24
- data/src/core/ext/xds/xds_cluster.cc +291 -183
- data/src/core/ext/xds/xds_cluster.h +11 -15
- data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +32 -29
- data/src/core/ext/xds/xds_cluster_specifier_plugin.h +35 -16
- data/src/core/ext/xds/xds_common_types.cc +208 -141
- data/src/core/ext/xds/xds_common_types.h +19 -13
- data/src/core/ext/xds/xds_endpoint.cc +214 -129
- data/src/core/ext/xds/xds_endpoint.h +4 -7
- data/src/core/ext/xds/xds_http_fault_filter.cc +56 -43
- data/src/core/ext/xds/xds_http_fault_filter.h +13 -21
- data/src/core/ext/xds/xds_http_filters.cc +60 -73
- data/src/core/ext/xds/xds_http_filters.h +67 -19
- data/src/core/ext/xds/xds_http_rbac_filter.cc +152 -207
- data/src/core/ext/xds/xds_http_rbac_filter.h +12 -15
- data/src/core/ext/xds/xds_lb_policy_registry.cc +122 -169
- data/src/core/ext/xds/xds_lb_policy_registry.h +10 -11
- data/src/core/ext/xds/xds_listener.cc +459 -417
- data/src/core/ext/xds/xds_listener.h +43 -47
- data/src/core/ext/xds/xds_resource_type.h +3 -11
- data/src/core/ext/xds/xds_resource_type_impl.h +8 -13
- data/src/core/ext/xds/xds_route_config.cc +94 -80
- data/src/core/ext/xds/xds_route_config.h +10 -10
- data/src/core/ext/xds/xds_routing.cc +2 -1
- data/src/core/ext/xds/xds_routing.h +2 -0
- data/src/core/ext/xds/xds_server_config_fetcher.cc +109 -94
- data/src/core/ext/xds/xds_transport_grpc.cc +4 -5
- data/src/core/lib/address_utils/parse_address.cc +11 -10
- data/src/core/lib/channel/channel_args.h +16 -1
- data/src/core/lib/channel/channel_stack.cc +23 -20
- data/src/core/lib/channel/channel_stack.h +17 -4
- data/src/core/lib/channel/channel_stack_builder.cc +4 -7
- data/src/core/lib/channel/channel_stack_builder.h +14 -6
- data/src/core/lib/channel/channel_stack_builder_impl.cc +25 -7
- data/src/core/lib/channel/channel_stack_builder_impl.h +2 -0
- data/src/core/lib/channel/channel_trace.cc +4 -5
- data/src/core/lib/channel/channelz.cc +1 -1
- data/src/core/lib/channel/connected_channel.cc +695 -35
- data/src/core/lib/channel/connected_channel.h +0 -4
- data/src/core/lib/channel/promise_based_filter.cc +1004 -140
- data/src/core/lib/channel/promise_based_filter.h +364 -87
- data/src/core/lib/compression/message_compress.cc +5 -5
- data/src/core/lib/debug/event_log.cc +88 -0
- data/src/core/lib/debug/event_log.h +81 -0
- data/src/core/lib/debug/histogram_view.cc +69 -0
- data/src/core/lib/{slice/slice_refcount.cc → debug/histogram_view.h} +15 -13
- data/src/core/lib/debug/stats.cc +22 -119
- data/src/core/lib/debug/stats.h +29 -35
- data/src/core/lib/debug/stats_data.cc +224 -73
- data/src/core/lib/debug/stats_data.h +263 -122
- data/src/core/lib/event_engine/common_closures.h +71 -0
- data/src/core/lib/event_engine/default_event_engine.cc +38 -15
- data/src/core/lib/event_engine/default_event_engine.h +15 -3
- data/src/core/lib/event_engine/default_event_engine_factory.cc +2 -4
- data/src/core/lib/event_engine/memory_allocator.cc +1 -1
- data/src/core/lib/event_engine/poller.h +10 -4
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +618 -0
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.h +129 -0
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +901 -0
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.h +97 -0
- data/src/core/lib/event_engine/posix_engine/event_poller.h +111 -0
- data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +74 -0
- data/src/core/lib/event_engine/{executor/threaded_executor.cc → posix_engine/event_poller_posix_default.h} +13 -16
- data/src/core/lib/event_engine/posix_engine/internal_errqueue.cc +77 -0
- data/src/core/lib/event_engine/posix_engine/internal_errqueue.h +179 -0
- data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +267 -0
- data/src/core/lib/event_engine/posix_engine/lockfree_event.h +73 -0
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +1270 -0
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +682 -0
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +453 -18
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +148 -24
- data/src/core/lib/event_engine/posix_engine/posix_engine_closure.h +80 -0
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +1081 -0
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +361 -0
- data/src/core/lib/event_engine/posix_engine/timer.h +9 -8
- data/src/core/lib/event_engine/posix_engine/timer_manager.cc +57 -194
- data/src/core/lib/event_engine/posix_engine/timer_manager.h +21 -49
- data/src/core/lib/event_engine/posix_engine/traced_buffer_list.cc +301 -0
- data/src/core/lib/event_engine/posix_engine/traced_buffer_list.h +179 -0
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.cc +126 -0
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.h +45 -0
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.cc +151 -0
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.h +45 -0
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix.h +76 -0
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.cc +67 -0
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.h +37 -0
- data/src/core/lib/event_engine/slice.cc +7 -6
- data/src/core/lib/event_engine/slice_buffer.cc +2 -2
- data/src/core/lib/event_engine/thread_pool.cc +106 -25
- data/src/core/lib/event_engine/thread_pool.h +32 -9
- data/src/core/lib/event_engine/windows/win_socket.cc +7 -7
- data/src/core/lib/event_engine/windows/windows_engine.cc +18 -12
- data/src/core/lib/event_engine/windows/windows_engine.h +8 -4
- data/src/core/lib/experiments/config.cc +1 -1
- data/src/core/lib/experiments/experiments.cc +13 -2
- data/src/core/lib/experiments/experiments.h +8 -1
- data/src/core/lib/gpr/cpu_linux.cc +6 -2
- data/src/core/lib/gpr/log_linux.cc +3 -4
- data/src/core/lib/gpr/string.h +1 -1
- data/src/core/lib/gpr/tmpfile_posix.cc +3 -2
- data/src/core/lib/gprpp/load_file.cc +75 -0
- data/src/core/lib/gprpp/load_file.h +33 -0
- data/src/core/lib/gprpp/per_cpu.h +46 -0
- data/src/core/lib/gprpp/stat_posix.cc +5 -4
- data/src/core/lib/gprpp/stat_windows.cc +3 -2
- data/src/core/lib/gprpp/status_helper.h +1 -3
- data/src/core/lib/gprpp/strerror.cc +41 -0
- data/src/core/{ext/xds/xds_resource_type.cc → lib/gprpp/strerror.h} +9 -13
- data/src/core/lib/gprpp/thd_windows.cc +1 -2
- data/src/core/lib/gprpp/time.cc +3 -4
- data/src/core/lib/gprpp/time.h +13 -2
- data/src/core/lib/gprpp/validation_errors.h +18 -1
- data/src/core/lib/http/httpcli.cc +40 -44
- data/src/core/lib/http/httpcli.h +6 -5
- data/src/core/lib/http/httpcli_security_connector.cc +4 -6
- data/src/core/lib/http/parser.cc +54 -65
- data/src/core/lib/iomgr/buffer_list.cc +105 -116
- data/src/core/lib/iomgr/buffer_list.h +60 -44
- data/src/core/lib/iomgr/call_combiner.cc +11 -10
- data/src/core/lib/iomgr/call_combiner.h +3 -4
- data/src/core/lib/iomgr/cfstream_handle.cc +13 -16
- data/src/core/lib/iomgr/closure.h +49 -5
- data/src/core/lib/iomgr/combiner.cc +2 -2
- data/src/core/lib/iomgr/endpoint.h +1 -1
- data/src/core/lib/iomgr/endpoint_cfstream.cc +26 -25
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +2 -2
- data/src/core/lib/iomgr/error.cc +27 -42
- data/src/core/lib/iomgr/error.h +22 -152
- data/src/core/lib/iomgr/ev_apple.cc +4 -4
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +26 -25
- data/src/core/lib/iomgr/ev_poll_posix.cc +27 -31
- data/src/core/lib/iomgr/exec_ctx.cc +3 -4
- data/src/core/lib/iomgr/exec_ctx.h +2 -3
- data/src/core/lib/iomgr/executor.cc +1 -2
- data/src/core/lib/iomgr/internal_errqueue.cc +3 -1
- data/src/core/lib/iomgr/iocp_windows.cc +1 -0
- data/src/core/lib/iomgr/iomgr_posix.cc +2 -2
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +2 -1
- data/src/core/lib/iomgr/iomgr_windows.cc +2 -1
- data/src/core/lib/iomgr/load_file.cc +5 -9
- data/src/core/lib/iomgr/lockfree_event.cc +10 -10
- data/src/core/lib/iomgr/pollset_windows.cc +4 -4
- data/src/core/lib/iomgr/python_util.h +2 -2
- data/src/core/lib/iomgr/resolve_address.cc +8 -3
- data/src/core/lib/iomgr/resolve_address.h +3 -4
- data/src/core/lib/iomgr/resolve_address_impl.h +1 -1
- data/src/core/lib/iomgr/resolve_address_posix.cc +14 -25
- data/src/core/lib/iomgr/resolve_address_posix.h +1 -2
- data/src/core/lib/iomgr/resolve_address_windows.cc +14 -17
- data/src/core/lib/iomgr/resolve_address_windows.h +1 -2
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +30 -29
- data/src/core/lib/iomgr/socket_utils_posix.cc +1 -0
- data/src/core/lib/iomgr/socket_utils_posix.h +2 -2
- data/src/core/lib/iomgr/socket_windows.cc +2 -2
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +6 -10
- data/src/core/lib/iomgr/tcp_client_posix.cc +31 -35
- data/src/core/lib/iomgr/tcp_client_windows.cc +8 -12
- data/src/core/lib/iomgr/tcp_posix.cc +92 -108
- data/src/core/lib/iomgr/tcp_server_posix.cc +34 -34
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +1 -1
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +18 -21
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +12 -13
- data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +1 -1
- data/src/core/lib/iomgr/tcp_server_windows.cc +26 -29
- data/src/core/lib/iomgr/tcp_windows.cc +27 -34
- data/src/core/lib/iomgr/timer.h +8 -8
- data/src/core/lib/iomgr/timer_generic.cc +9 -15
- data/src/core/lib/iomgr/unix_sockets_posix.cc +2 -4
- data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +4 -3
- data/src/core/lib/iomgr/wakeup_fd_pipe.cc +10 -8
- data/src/core/lib/json/json_channel_args.h +42 -0
- data/src/core/lib/json/json_object_loader.cc +7 -2
- data/src/core/lib/json/json_object_loader.h +22 -0
- data/src/core/lib/json/json_util.cc +5 -5
- data/src/core/lib/json/json_util.h +4 -4
- data/src/core/lib/load_balancing/lb_policy.cc +1 -1
- data/src/core/lib/load_balancing/lb_policy.h +4 -0
- data/src/core/lib/load_balancing/subchannel_interface.h +0 -7
- data/src/core/lib/matchers/matchers.cc +3 -4
- data/src/core/lib/promise/activity.cc +16 -2
- data/src/core/lib/promise/activity.h +38 -15
- data/src/core/lib/promise/arena_promise.h +80 -51
- data/src/core/lib/promise/context.h +13 -6
- data/src/core/lib/promise/detail/basic_seq.h +9 -28
- data/src/core/lib/promise/detail/promise_factory.h +58 -10
- data/src/core/lib/promise/detail/status.h +28 -0
- data/src/core/lib/promise/detail/switch.h +1455 -0
- data/src/core/lib/promise/exec_ctx_wakeup_scheduler.h +3 -1
- data/src/core/lib/promise/for_each.h +129 -0
- data/src/core/lib/promise/loop.h +7 -5
- data/src/core/lib/promise/map_pipe.h +87 -0
- data/src/core/lib/promise/pipe.cc +19 -0
- data/src/core/lib/promise/pipe.h +505 -0
- data/src/core/lib/promise/poll.h +13 -0
- data/src/core/lib/promise/seq.h +3 -5
- data/src/core/lib/promise/sleep.cc +5 -4
- data/src/core/lib/promise/sleep.h +1 -2
- data/src/core/lib/promise/try_concurrently.h +341 -0
- data/src/core/lib/promise/try_seq.h +10 -13
- data/src/core/lib/resolver/server_address.cc +1 -0
- data/src/core/lib/resolver/server_address.h +1 -3
- data/src/core/lib/resource_quota/api.cc +0 -1
- data/src/core/lib/resource_quota/arena.cc +19 -0
- data/src/core/lib/resource_quota/arena.h +89 -0
- data/src/core/lib/resource_quota/memory_quota.cc +1 -0
- data/src/core/lib/security/authorization/grpc_authorization_engine.cc +1 -3
- data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +4 -2
- data/src/core/lib/security/authorization/matchers.cc +25 -22
- data/src/core/lib/security/authorization/rbac_policy.cc +2 -3
- data/src/core/lib/security/context/security_context.h +10 -0
- data/src/core/lib/security/credentials/channel_creds_registry_init.cc +3 -4
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +1 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +77 -55
- data/src/core/lib/security/credentials/external/aws_request_signer.cc +4 -3
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +40 -51
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +17 -21
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +21 -25
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +27 -24
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +1 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +1 -2
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +1 -1
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +5 -5
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +24 -30
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +6 -5
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +3 -3
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +19 -27
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +4 -11
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +29 -41
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc +1 -1
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +6 -11
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +8 -15
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +2 -2
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +2 -6
- data/src/core/lib/security/security_connector/load_system_roots_supported.cc +1 -4
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +7 -11
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +9 -14
- data/src/core/lib/security/security_connector/ssl_utils.cc +5 -7
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +21 -27
- data/src/core/lib/security/transport/client_auth_filter.cc +1 -1
- data/src/core/lib/security/transport/secure_endpoint.cc +26 -28
- data/src/core/lib/security/transport/security_handshaker.cc +53 -53
- data/src/core/lib/security/transport/server_auth_filter.cc +21 -21
- data/src/core/lib/security/transport/tsi_error.cc +6 -3
- data/src/core/lib/security/util/json_util.cc +4 -5
- data/src/core/lib/service_config/service_config.h +1 -1
- data/src/core/lib/service_config/service_config_impl.cc +111 -158
- data/src/core/lib/service_config/service_config_impl.h +14 -17
- data/src/core/lib/service_config/service_config_parser.cc +14 -31
- data/src/core/lib/service_config/service_config_parser.h +14 -10
- data/src/core/lib/slice/b64.cc +2 -2
- data/src/core/lib/slice/slice.cc +7 -1
- data/src/core/lib/slice/slice.h +19 -6
- data/src/core/lib/slice/slice_buffer.cc +13 -14
- data/src/core/lib/slice/slice_internal.h +13 -21
- data/src/core/lib/slice/slice_refcount.h +34 -19
- data/src/core/lib/surface/byte_buffer.cc +3 -4
- data/src/core/lib/surface/byte_buffer_reader.cc +4 -4
- data/src/core/lib/surface/call.cc +1366 -239
- data/src/core/lib/surface/call.h +44 -0
- data/src/core/lib/surface/call_details.cc +3 -3
- data/src/core/lib/surface/call_trace.cc +113 -0
- data/src/core/lib/surface/call_trace.h +30 -0
- data/src/core/lib/surface/channel.cc +44 -49
- data/src/core/lib/surface/channel.h +9 -1
- data/src/core/lib/surface/channel_ping.cc +1 -1
- data/src/core/lib/surface/channel_stack_type.cc +4 -0
- data/src/core/lib/surface/channel_stack_type.h +2 -0
- data/src/core/lib/surface/completion_queue.cc +38 -52
- data/src/core/lib/surface/init.cc +8 -39
- data/src/core/lib/surface/init_internally.h +8 -0
- data/src/core/lib/surface/lame_client.cc +10 -8
- data/src/core/lib/surface/server.cc +48 -70
- data/src/core/lib/surface/server.h +3 -4
- data/src/core/lib/surface/validate_metadata.cc +11 -12
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/connectivity_state.cc +2 -2
- data/src/core/lib/transport/error_utils.cc +34 -28
- data/src/core/lib/transport/error_utils.h +3 -3
- data/src/core/lib/transport/handshaker.cc +14 -14
- data/src/core/lib/transport/handshaker.h +1 -1
- data/src/core/lib/transport/handshaker_factory.h +26 -0
- data/src/core/lib/transport/handshaker_registry.cc +8 -2
- data/src/core/lib/transport/handshaker_registry.h +3 -4
- data/src/core/lib/transport/http_connect_handshaker.cc +23 -24
- data/src/core/lib/transport/metadata_batch.h +17 -1
- data/src/core/lib/transport/parsed_metadata.cc +2 -6
- data/src/core/lib/transport/tcp_connect_handshaker.cc +15 -20
- data/src/core/lib/transport/transport.cc +63 -17
- data/src/core/lib/transport/transport.h +64 -68
- data/src/core/lib/transport/transport_impl.h +1 -1
- data/src/core/lib/transport/transport_op_string.cc +7 -6
- data/src/core/plugin_registry/grpc_plugin_registry.cc +6 -10
- data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +2 -14
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +10 -10
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +8 -8
- data/src/core/tsi/alts/handshaker/alts_tsi_utils.cc +2 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +7 -7
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc +7 -6
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +1 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +5 -5
- data/src/core/tsi/fake_transport_security.cc +3 -3
- data/src/core/tsi/ssl/key_logging/ssl_key_logging.cc +7 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -1
- data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +6 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +0 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +0 -3
- data/src/ruby/lib/grpc/2.6/grpc_c.so +0 -0
- data/src/ruby/lib/grpc/2.7/grpc_c.so +0 -0
- data/src/ruby/lib/grpc/3.0/grpc_c.so +0 -0
- data/src/ruby/lib/grpc/3.1/grpc_c.so +0 -0
- data/src/ruby/lib/grpc/grpc_c.so +0 -0
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/spec/channel_spec.rb +0 -43
- data/src/ruby/spec/generic/active_call_spec.rb +12 -3
- data/third_party/abseil-cpp/absl/cleanup/cleanup.h +140 -0
- data/third_party/abseil-cpp/absl/cleanup/internal/cleanup.h +100 -0
- data/third_party/zlib/compress.c +3 -3
- data/third_party/zlib/crc32.c +21 -12
- data/third_party/zlib/deflate.c +112 -106
- data/third_party/zlib/deflate.h +2 -2
- data/third_party/zlib/gzlib.c +1 -1
- data/third_party/zlib/gzread.c +3 -5
- data/third_party/zlib/gzwrite.c +1 -1
- data/third_party/zlib/infback.c +10 -7
- data/third_party/zlib/inflate.c +5 -2
- data/third_party/zlib/inftrees.c +2 -2
- data/third_party/zlib/inftrees.h +1 -1
- data/third_party/zlib/trees.c +61 -62
- data/third_party/zlib/uncompr.c +2 -2
- data/third_party/zlib/zconf.h +16 -3
- data/third_party/zlib/zlib.h +10 -10
- data/third_party/zlib/zutil.c +9 -7
- data/third_party/zlib/zutil.h +1 -0
- metadata +55 -18
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +0 -188
- data/src/core/ext/filters/fault_injection/service_config_parser.cc +0 -187
- data/src/core/lib/event_engine/executor/threaded_executor.h +0 -44
- data/src/core/lib/gpr/murmur_hash.cc +0 -82
- data/src/core/lib/gpr/murmur_hash.h +0 -29
- data/src/core/lib/gpr/tls.h +0 -156
- data/src/core/lib/promise/call_push_pull.h +0 -148
- data/src/core/lib/slice/slice_api.cc +0 -39
- data/src/core/lib/slice/slice_buffer_api.cc +0 -35
- data/src/core/lib/slice/slice_refcount_base.h +0 -60
|
@@ -23,13 +23,11 @@
|
|
|
23
23
|
#include <set>
|
|
24
24
|
#include <utility>
|
|
25
25
|
|
|
26
|
-
#include "absl/memory/memory.h"
|
|
27
26
|
#include "absl/status/status.h"
|
|
28
27
|
#include "absl/status/statusor.h"
|
|
29
28
|
#include "absl/strings/str_cat.h"
|
|
30
29
|
#include "absl/strings/str_format.h"
|
|
31
30
|
#include "absl/strings/str_join.h"
|
|
32
|
-
#include "absl/strings/strip.h"
|
|
33
31
|
#include "envoy/config/core/v3/address.upb.h"
|
|
34
32
|
#include "envoy/config/core/v3/base.upb.h"
|
|
35
33
|
#include "envoy/config/core/v3/config_source.upb.h"
|
|
@@ -57,44 +55,32 @@
|
|
|
57
55
|
#include "src/core/lib/address_utils/sockaddr_utils.h"
|
|
58
56
|
#include "src/core/lib/debug/trace.h"
|
|
59
57
|
#include "src/core/lib/gprpp/host_port.h"
|
|
60
|
-
#include "src/core/lib/gprpp/
|
|
61
|
-
#include "src/core/lib/
|
|
58
|
+
#include "src/core/lib/gprpp/match.h"
|
|
59
|
+
#include "src/core/lib/gprpp/validation_errors.h"
|
|
62
60
|
#include "src/core/lib/iomgr/sockaddr.h"
|
|
63
|
-
#include "src/core/lib/
|
|
61
|
+
#include "src/core/lib/matchers/matchers.h"
|
|
64
62
|
|
|
65
63
|
namespace grpc_core {
|
|
66
64
|
|
|
67
|
-
//
|
|
68
|
-
// XdsListenerResource::DownstreamTlsContext
|
|
69
|
-
//
|
|
70
|
-
|
|
71
|
-
std::string XdsListenerResource::DownstreamTlsContext::ToString() const {
|
|
72
|
-
return absl::StrFormat("common_tls_context=%s, require_client_certificate=%s",
|
|
73
|
-
common_tls_context.ToString(),
|
|
74
|
-
require_client_certificate ? "true" : "false");
|
|
75
|
-
}
|
|
76
|
-
|
|
77
|
-
bool XdsListenerResource::DownstreamTlsContext::Empty() const {
|
|
78
|
-
return common_tls_context.Empty();
|
|
79
|
-
}
|
|
80
|
-
|
|
81
65
|
//
|
|
82
66
|
// XdsListenerResource::HttpConnectionManager
|
|
83
67
|
//
|
|
84
68
|
|
|
85
69
|
std::string XdsListenerResource::HttpConnectionManager::ToString() const {
|
|
86
70
|
std::vector<std::string> contents;
|
|
87
|
-
contents.push_back(
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
71
|
+
contents.push_back(Match(
|
|
72
|
+
route_config,
|
|
73
|
+
[](const std::string& rds_name) {
|
|
74
|
+
return absl::StrCat("rds_name=", rds_name);
|
|
75
|
+
},
|
|
76
|
+
[](const XdsRouteConfigResource& route_config) {
|
|
77
|
+
return absl::StrCat("route_config=", route_config.ToString());
|
|
78
|
+
}));
|
|
79
|
+
contents.push_back(absl::StrCat("http_max_stream_duration=",
|
|
80
|
+
http_max_stream_duration.ToString()));
|
|
96
81
|
if (!http_filters.empty()) {
|
|
97
82
|
std::vector<std::string> filter_strings;
|
|
83
|
+
filter_strings.reserve(http_filters.size());
|
|
98
84
|
for (const auto& http_filter : http_filters) {
|
|
99
85
|
filter_strings.push_back(http_filter.ToString());
|
|
100
86
|
}
|
|
@@ -105,7 +91,7 @@ std::string XdsListenerResource::HttpConnectionManager::ToString() const {
|
|
|
105
91
|
}
|
|
106
92
|
|
|
107
93
|
//
|
|
108
|
-
// XdsListenerResource::HttpFilter
|
|
94
|
+
// XdsListenerResource::HttpConnectionManager::HttpFilter
|
|
109
95
|
//
|
|
110
96
|
|
|
111
97
|
std::string XdsListenerResource::HttpConnectionManager::HttpFilter::ToString()
|
|
@@ -113,6 +99,20 @@ std::string XdsListenerResource::HttpConnectionManager::HttpFilter::ToString()
|
|
|
113
99
|
return absl::StrCat("{name=", name, ", config=", config.ToString(), "}");
|
|
114
100
|
}
|
|
115
101
|
|
|
102
|
+
//
|
|
103
|
+
// XdsListenerResource::DownstreamTlsContext
|
|
104
|
+
//
|
|
105
|
+
|
|
106
|
+
std::string XdsListenerResource::DownstreamTlsContext::ToString() const {
|
|
107
|
+
return absl::StrFormat("common_tls_context=%s, require_client_certificate=%s",
|
|
108
|
+
common_tls_context.ToString(),
|
|
109
|
+
require_client_certificate ? "true" : "false");
|
|
110
|
+
}
|
|
111
|
+
|
|
112
|
+
bool XdsListenerResource::DownstreamTlsContext::Empty() const {
|
|
113
|
+
return common_tls_context.Empty();
|
|
114
|
+
}
|
|
115
|
+
|
|
116
116
|
//
|
|
117
117
|
// XdsListenerResource::FilterChainData
|
|
118
118
|
//
|
|
@@ -165,6 +165,7 @@ std::string FilterChain::FilterChainMatch::ToString() const {
|
|
|
165
165
|
}
|
|
166
166
|
if (!prefix_ranges.empty()) {
|
|
167
167
|
std::vector<std::string> prefix_ranges_content;
|
|
168
|
+
prefix_ranges_content.reserve(prefix_ranges.size());
|
|
168
169
|
for (const auto& range : prefix_ranges) {
|
|
169
170
|
prefix_ranges_content.push_back(range.ToString());
|
|
170
171
|
}
|
|
@@ -180,6 +181,7 @@ std::string FilterChain::FilterChainMatch::ToString() const {
|
|
|
180
181
|
}
|
|
181
182
|
if (!source_prefix_ranges.empty()) {
|
|
182
183
|
std::vector<std::string> source_prefix_ranges_content;
|
|
184
|
+
source_prefix_ranges_content.reserve(source_prefix_ranges.size());
|
|
183
185
|
for (const auto& range : source_prefix_ranges) {
|
|
184
186
|
source_prefix_ranges_content.push_back(range.ToString());
|
|
185
187
|
}
|
|
@@ -244,26 +246,36 @@ std::string XdsListenerResource::FilterChainMap::ToString() const {
|
|
|
244
246
|
}
|
|
245
247
|
|
|
246
248
|
//
|
|
247
|
-
// XdsListenerResource
|
|
249
|
+
// XdsListenerResource::TcpListener
|
|
248
250
|
//
|
|
249
251
|
|
|
250
|
-
std::string XdsListenerResource::ToString() const {
|
|
252
|
+
std::string XdsListenerResource::TcpListener::ToString() const {
|
|
251
253
|
std::vector<std::string> contents;
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
258
|
-
default_filter_chain->ToString()));
|
|
259
|
-
}
|
|
260
|
-
} else if (type == ListenerType::kHttpApiListener) {
|
|
261
|
-
contents.push_back(absl::StrFormat("http_connection_manager=%s",
|
|
262
|
-
http_connection_manager.ToString()));
|
|
254
|
+
contents.push_back(absl::StrCat("address=", address));
|
|
255
|
+
contents.push_back(
|
|
256
|
+
absl::StrCat("filter_chain_map=", filter_chain_map.ToString()));
|
|
257
|
+
if (default_filter_chain.has_value()) {
|
|
258
|
+
contents.push_back(absl::StrCat("default_filter_chain=",
|
|
259
|
+
default_filter_chain->ToString()));
|
|
263
260
|
}
|
|
264
261
|
return absl::StrCat("{", absl::StrJoin(contents, ", "), "}");
|
|
265
262
|
}
|
|
266
263
|
|
|
264
|
+
//
|
|
265
|
+
// XdsListenerResource
|
|
266
|
+
//
|
|
267
|
+
|
|
268
|
+
std::string XdsListenerResource::ToString() const {
|
|
269
|
+
return Match(
|
|
270
|
+
listener,
|
|
271
|
+
[](const HttpConnectionManager& hcm) {
|
|
272
|
+
return absl::StrCat("{http_connection_manager=", hcm.ToString(), "}");
|
|
273
|
+
},
|
|
274
|
+
[](const TcpListener& tcp) {
|
|
275
|
+
return absl::StrCat("{tcp_listener=", tcp.ToString(), "}");
|
|
276
|
+
});
|
|
277
|
+
}
|
|
278
|
+
|
|
267
279
|
//
|
|
268
280
|
// XdsListenerResourceType
|
|
269
281
|
//
|
|
@@ -287,111 +299,136 @@ void MaybeLogHttpConnectionManager(
|
|
|
287
299
|
}
|
|
288
300
|
}
|
|
289
301
|
|
|
290
|
-
|
|
291
|
-
HttpConnectionManagerParse(
|
|
302
|
+
XdsListenerResource::HttpConnectionManager HttpConnectionManagerParse(
|
|
292
303
|
bool is_client, const XdsResourceType::DecodeContext& context,
|
|
293
|
-
|
|
294
|
-
|
|
295
|
-
|
|
304
|
+
XdsExtension extension, ValidationErrors* errors) {
|
|
305
|
+
if (extension.type !=
|
|
306
|
+
"envoy.extensions.filters.network.http_connection_manager.v3"
|
|
307
|
+
".HttpConnectionManager") {
|
|
308
|
+
errors->AddError("unsupported filter type");
|
|
309
|
+
return {};
|
|
310
|
+
}
|
|
311
|
+
auto* serialized_hcm_config =
|
|
312
|
+
absl::get_if<absl::string_view>(&extension.value);
|
|
313
|
+
if (serialized_hcm_config == nullptr) {
|
|
314
|
+
errors->AddError("could not parse HttpConnectionManager config");
|
|
315
|
+
return {};
|
|
316
|
+
}
|
|
317
|
+
const auto* http_connection_manager_proto =
|
|
318
|
+
envoy_extensions_filters_network_http_connection_manager_v3_HttpConnectionManager_parse(
|
|
319
|
+
serialized_hcm_config->data(), serialized_hcm_config->size(),
|
|
320
|
+
context.arena);
|
|
321
|
+
if (http_connection_manager_proto == nullptr) {
|
|
322
|
+
errors->AddError("could not parse HttpConnectionManager config");
|
|
323
|
+
return {};
|
|
324
|
+
}
|
|
296
325
|
MaybeLogHttpConnectionManager(context, http_connection_manager_proto);
|
|
297
|
-
std::vector<std::string> errors;
|
|
298
326
|
XdsListenerResource::HttpConnectionManager http_connection_manager;
|
|
299
|
-
//
|
|
300
|
-
// original_ip_detection_extensions` as mentioned in
|
|
327
|
+
// xff_num_trusted_hops -- must be zero as per
|
|
301
328
|
// https://github.com/grpc/proposal/blob/master/A41-xds-rbac.md
|
|
302
329
|
if (envoy_extensions_filters_network_http_connection_manager_v3_HttpConnectionManager_xff_num_trusted_hops(
|
|
303
330
|
http_connection_manager_proto) != 0) {
|
|
304
|
-
errors.
|
|
331
|
+
ValidationErrors::ScopedField field(errors, ".xff_num_trusted_hops");
|
|
332
|
+
errors->AddError("must be zero");
|
|
305
333
|
}
|
|
334
|
+
// original_ip_detection_extensions -- must be empty as per
|
|
335
|
+
// https://github.com/grpc/proposal/blob/master/A41-xds-rbac.md
|
|
306
336
|
if (envoy_extensions_filters_network_http_connection_manager_v3_HttpConnectionManager_has_original_ip_detection_extensions(
|
|
307
337
|
http_connection_manager_proto)) {
|
|
308
|
-
errors
|
|
338
|
+
ValidationErrors::ScopedField field(errors,
|
|
339
|
+
".original_ip_detection_extensions");
|
|
340
|
+
errors->AddError("must be empty");
|
|
309
341
|
}
|
|
310
|
-
//
|
|
342
|
+
// common_http_protocol_options
|
|
311
343
|
const envoy_config_core_v3_HttpProtocolOptions* options =
|
|
312
344
|
envoy_extensions_filters_network_http_connection_manager_v3_HttpConnectionManager_common_http_protocol_options(
|
|
313
345
|
http_connection_manager_proto);
|
|
314
346
|
if (options != nullptr) {
|
|
347
|
+
// max_stream_duration
|
|
315
348
|
const google_protobuf_Duration* duration =
|
|
316
349
|
envoy_config_core_v3_HttpProtocolOptions_max_stream_duration(options);
|
|
317
350
|
if (duration != nullptr) {
|
|
351
|
+
ValidationErrors::ScopedField field(
|
|
352
|
+
errors, ".common_http_protocol_options.max_stream_duration");
|
|
318
353
|
http_connection_manager.http_max_stream_duration =
|
|
319
|
-
ParseDuration(duration);
|
|
354
|
+
ParseDuration(duration, errors);
|
|
320
355
|
}
|
|
321
356
|
}
|
|
322
|
-
//
|
|
323
|
-
|
|
357
|
+
// http_filters
|
|
358
|
+
{
|
|
359
|
+
ValidationErrors::ScopedField field(errors, ".http_filters");
|
|
360
|
+
const auto& http_filter_registry =
|
|
361
|
+
static_cast<const GrpcXdsBootstrap&>(context.client->bootstrap())
|
|
362
|
+
.http_filter_registry();
|
|
324
363
|
size_t num_filters = 0;
|
|
325
364
|
const auto* http_filters =
|
|
326
365
|
envoy_extensions_filters_network_http_connection_manager_v3_HttpConnectionManager_http_filters(
|
|
327
366
|
http_connection_manager_proto, &num_filters);
|
|
328
367
|
std::set<absl::string_view> names_seen;
|
|
368
|
+
const size_t original_error_size = errors->size();
|
|
329
369
|
for (size_t i = 0; i < num_filters; ++i) {
|
|
370
|
+
ValidationErrors::ScopedField field(errors, absl::StrCat("[", i, "]"));
|
|
330
371
|
const auto* http_filter = http_filters[i];
|
|
372
|
+
// name
|
|
331
373
|
absl::string_view name = UpbStringToAbsl(
|
|
332
374
|
envoy_extensions_filters_network_http_connection_manager_v3_HttpFilter_name(
|
|
333
375
|
http_filter));
|
|
334
|
-
|
|
335
|
-
|
|
336
|
-
|
|
337
|
-
|
|
338
|
-
|
|
339
|
-
|
|
340
|
-
|
|
376
|
+
{
|
|
377
|
+
ValidationErrors::ScopedField field(errors, ".name");
|
|
378
|
+
if (name.empty()) {
|
|
379
|
+
errors->AddError("empty filter name");
|
|
380
|
+
continue;
|
|
381
|
+
}
|
|
382
|
+
if (names_seen.find(name) != names_seen.end()) {
|
|
383
|
+
errors->AddError(absl::StrCat("duplicate HTTP filter name: ", name));
|
|
384
|
+
continue;
|
|
385
|
+
}
|
|
341
386
|
}
|
|
342
387
|
names_seen.insert(name);
|
|
388
|
+
// is_optional
|
|
343
389
|
const bool is_optional =
|
|
344
390
|
envoy_extensions_filters_network_http_connection_manager_v3_HttpFilter_is_optional(
|
|
345
391
|
http_filter);
|
|
346
|
-
|
|
347
|
-
|
|
348
|
-
|
|
349
|
-
|
|
350
|
-
|
|
351
|
-
|
|
352
|
-
|
|
392
|
+
// typed_config
|
|
393
|
+
{
|
|
394
|
+
ValidationErrors::ScopedField field(errors, ".typed_config");
|
|
395
|
+
const google_protobuf_Any* typed_config =
|
|
396
|
+
envoy_extensions_filters_network_http_connection_manager_v3_HttpFilter_typed_config(
|
|
397
|
+
http_filter);
|
|
398
|
+
if (typed_config == nullptr) {
|
|
399
|
+
if (!is_optional) errors->AddError("field not present");
|
|
400
|
+
continue;
|
|
353
401
|
}
|
|
354
|
-
|
|
355
|
-
|
|
356
|
-
|
|
357
|
-
|
|
358
|
-
errors.emplace_back(absl::StrCat("filter name ", name, ": ",
|
|
359
|
-
filter_type.status().message()));
|
|
360
|
-
continue;
|
|
361
|
-
}
|
|
362
|
-
const XdsHttpFilterImpl* filter_impl =
|
|
363
|
-
XdsHttpFilterRegistry::GetFilterForType(filter_type->type);
|
|
364
|
-
if (filter_impl == nullptr) {
|
|
365
|
-
if (!is_optional) {
|
|
366
|
-
errors.emplace_back(absl::StrCat(
|
|
367
|
-
"no filter registered for config type ", filter_type->type));
|
|
402
|
+
auto extension = ExtractXdsExtension(context, typed_config, errors);
|
|
403
|
+
const XdsHttpFilterImpl* filter_impl = nullptr;
|
|
404
|
+
if (extension.has_value()) {
|
|
405
|
+
filter_impl = http_filter_registry.GetFilterForType(extension->type);
|
|
368
406
|
}
|
|
369
|
-
|
|
370
|
-
|
|
371
|
-
|
|
372
|
-
|
|
373
|
-
if (!
|
|
374
|
-
|
|
375
|
-
|
|
376
|
-
|
|
407
|
+
if (filter_impl == nullptr) {
|
|
408
|
+
if (!is_optional) errors->AddError("unsupported filter type");
|
|
409
|
+
continue;
|
|
410
|
+
}
|
|
411
|
+
if ((is_client && !filter_impl->IsSupportedOnClients()) ||
|
|
412
|
+
(!is_client && !filter_impl->IsSupportedOnServers())) {
|
|
413
|
+
if (!is_optional) {
|
|
414
|
+
errors->AddError(absl::StrCat("filter is not supported on ",
|
|
415
|
+
is_client ? "clients" : "servers"));
|
|
416
|
+
}
|
|
417
|
+
continue;
|
|
418
|
+
}
|
|
419
|
+
absl::optional<XdsHttpFilterImpl::FilterConfig> filter_config =
|
|
420
|
+
filter_impl->GenerateFilterConfig(std::move(*extension),
|
|
421
|
+
context.arena, errors);
|
|
422
|
+
if (filter_config.has_value()) {
|
|
423
|
+
http_connection_manager.http_filters.emplace_back(
|
|
424
|
+
XdsListenerResource::HttpConnectionManager::HttpFilter{
|
|
425
|
+
std::string(name), std::move(*filter_config)});
|
|
377
426
|
}
|
|
378
|
-
continue;
|
|
379
|
-
}
|
|
380
|
-
absl::StatusOr<XdsHttpFilterImpl::FilterConfig> filter_config =
|
|
381
|
-
filter_impl->GenerateFilterConfig(google_protobuf_Any_value(any),
|
|
382
|
-
context.arena);
|
|
383
|
-
if (!filter_config.ok()) {
|
|
384
|
-
errors.emplace_back(absl::StrCat(
|
|
385
|
-
"filter config for type ", filter_type->type,
|
|
386
|
-
" failed to parse: ", StatusToString(filter_config.status())));
|
|
387
|
-
continue;
|
|
388
427
|
}
|
|
389
|
-
http_connection_manager.http_filters.emplace_back(
|
|
390
|
-
XdsListenerResource::HttpConnectionManager::HttpFilter{
|
|
391
|
-
std::string(name), std::move(*filter_config)});
|
|
392
428
|
}
|
|
393
|
-
if (
|
|
394
|
-
|
|
429
|
+
if (errors->size() == original_error_size &&
|
|
430
|
+
http_connection_manager.http_filters.empty()) {
|
|
431
|
+
errors->AddError("expected at least one HTTP filter");
|
|
395
432
|
}
|
|
396
433
|
// Make sure that the last filter is terminal and non-last filters are
|
|
397
434
|
// non-terminal. Note that this check is being performed in a separate loop
|
|
@@ -399,12 +436,12 @@ HttpConnectionManagerParse(
|
|
|
399
436
|
// out of which only one gets added in the final list.
|
|
400
437
|
for (const auto& http_filter : http_connection_manager.http_filters) {
|
|
401
438
|
const XdsHttpFilterImpl* filter_impl =
|
|
402
|
-
|
|
439
|
+
http_filter_registry.GetFilterForType(
|
|
403
440
|
http_filter.config.config_proto_type_name);
|
|
404
441
|
if (&http_filter != &http_connection_manager.http_filters.back()) {
|
|
405
442
|
// Filters before the last filter must not be terminal.
|
|
406
443
|
if (filter_impl->IsTerminalFilter()) {
|
|
407
|
-
errors
|
|
444
|
+
errors->AddError(
|
|
408
445
|
absl::StrCat("terminal filter for config type ",
|
|
409
446
|
http_filter.config.config_proto_type_name,
|
|
410
447
|
" must be the last filter in the chain"));
|
|
@@ -412,187 +449,176 @@ HttpConnectionManagerParse(
|
|
|
412
449
|
} else {
|
|
413
450
|
// The last filter must be terminal.
|
|
414
451
|
if (!filter_impl->IsTerminalFilter()) {
|
|
415
|
-
errors
|
|
452
|
+
errors->AddError(
|
|
416
453
|
absl::StrCat("non-terminal filter for config type ",
|
|
417
454
|
http_filter.config.config_proto_type_name,
|
|
418
455
|
" is the last filter in the chain"));
|
|
419
456
|
}
|
|
420
457
|
}
|
|
421
458
|
}
|
|
459
|
+
}
|
|
460
|
+
// Found inlined route_config. Parse it to find the cluster_name.
|
|
461
|
+
if (envoy_extensions_filters_network_http_connection_manager_v3_HttpConnectionManager_has_route_config(
|
|
462
|
+
http_connection_manager_proto)) {
|
|
463
|
+
const envoy_config_route_v3_RouteConfiguration* route_config =
|
|
464
|
+
envoy_extensions_filters_network_http_connection_manager_v3_HttpConnectionManager_route_config(
|
|
465
|
+
http_connection_manager_proto);
|
|
466
|
+
auto rds_update = XdsRouteConfigResource::Parse(context, route_config);
|
|
467
|
+
if (!rds_update.ok()) {
|
|
468
|
+
ValidationErrors::ScopedField field(errors, ".route_config");
|
|
469
|
+
errors->AddError(rds_update.status().message());
|
|
470
|
+
} else {
|
|
471
|
+
http_connection_manager.route_config = std::move(*rds_update);
|
|
472
|
+
}
|
|
422
473
|
} else {
|
|
423
|
-
//
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
|
|
428
|
-
|
|
429
|
-
"router", {kXdsHttpRouterFilterConfigName, Json()}});
|
|
430
|
-
}
|
|
431
|
-
// Guarding parsing of RouteConfig on the server side with the environmental
|
|
432
|
-
// variable since that's the first feature on the server side that will be
|
|
433
|
-
// using this.
|
|
434
|
-
if (is_client || XdsRbacEnabled()) {
|
|
435
|
-
// Found inlined route_config. Parse it to find the cluster_name.
|
|
436
|
-
if (envoy_extensions_filters_network_http_connection_manager_v3_HttpConnectionManager_has_route_config(
|
|
437
|
-
http_connection_manager_proto)) {
|
|
438
|
-
const envoy_config_route_v3_RouteConfiguration* route_config =
|
|
439
|
-
envoy_extensions_filters_network_http_connection_manager_v3_HttpConnectionManager_route_config(
|
|
440
|
-
http_connection_manager_proto);
|
|
441
|
-
auto rds_update = XdsRouteConfigResource::Parse(context, route_config);
|
|
442
|
-
if (!rds_update.ok()) {
|
|
443
|
-
errors.emplace_back(rds_update.status().message());
|
|
444
|
-
} else {
|
|
445
|
-
http_connection_manager.rds_update = std::move(*rds_update);
|
|
446
|
-
}
|
|
474
|
+
// Validate that RDS must be used to get the route_config dynamically.
|
|
475
|
+
const envoy_extensions_filters_network_http_connection_manager_v3_Rds* rds =
|
|
476
|
+
envoy_extensions_filters_network_http_connection_manager_v3_HttpConnectionManager_rds(
|
|
477
|
+
http_connection_manager_proto);
|
|
478
|
+
if (rds == nullptr) {
|
|
479
|
+
errors->AddError("neither route_config nor rds fields are present");
|
|
447
480
|
} else {
|
|
448
|
-
//
|
|
449
|
-
|
|
450
|
-
|
|
451
|
-
|
|
452
|
-
if (rds == nullptr) {
|
|
453
|
-
return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
|
454
|
-
"HttpConnectionManager neither has inlined route_config nor RDS.");
|
|
455
|
-
}
|
|
481
|
+
// Get the route_config_name.
|
|
482
|
+
http_connection_manager.route_config = UpbStringToStdString(
|
|
483
|
+
envoy_extensions_filters_network_http_connection_manager_v3_Rds_route_config_name(
|
|
484
|
+
rds));
|
|
456
485
|
// Check that the ConfigSource specifies ADS.
|
|
457
486
|
const envoy_config_core_v3_ConfigSource* config_source =
|
|
458
487
|
envoy_extensions_filters_network_http_connection_manager_v3_Rds_config_source(
|
|
459
488
|
rds);
|
|
489
|
+
ValidationErrors::ScopedField field(errors, ".rds.config_source");
|
|
460
490
|
if (config_source == nullptr) {
|
|
461
|
-
errors
|
|
462
|
-
"HttpConnectionManager missing config_source for RDS.");
|
|
491
|
+
errors->AddError("field not present");
|
|
463
492
|
} else if (!envoy_config_core_v3_ConfigSource_has_ads(config_source) &&
|
|
464
493
|
!envoy_config_core_v3_ConfigSource_has_self(config_source)) {
|
|
465
|
-
errors
|
|
466
|
-
"HttpConnectionManager ConfigSource for RDS does not specify ADS "
|
|
467
|
-
"or SELF.");
|
|
468
|
-
} else {
|
|
469
|
-
// Get the route_config_name.
|
|
470
|
-
http_connection_manager.route_config_name = UpbStringToStdString(
|
|
471
|
-
envoy_extensions_filters_network_http_connection_manager_v3_Rds_route_config_name(
|
|
472
|
-
rds));
|
|
494
|
+
errors->AddError("ConfigSource does not specify ADS or SELF");
|
|
473
495
|
}
|
|
474
496
|
}
|
|
475
497
|
}
|
|
476
|
-
// Return result.
|
|
477
|
-
if (!errors.empty()) {
|
|
478
|
-
return absl::InvalidArgumentError(
|
|
479
|
-
absl::StrCat("Errors parsing HttpConnectionManager config: [",
|
|
480
|
-
absl::StrJoin(errors, "; "), "]"));
|
|
481
|
-
}
|
|
482
498
|
return http_connection_manager;
|
|
483
499
|
}
|
|
484
500
|
|
|
485
501
|
absl::StatusOr<XdsListenerResource> LdsResourceParseClient(
|
|
486
502
|
const XdsResourceType::DecodeContext& context,
|
|
487
|
-
const envoy_config_listener_v3_ApiListener* api_listener
|
|
488
|
-
const upb_StringView encoded_api_listener = google_protobuf_Any_value(
|
|
489
|
-
envoy_config_listener_v3_ApiListener_api_listener(api_listener));
|
|
490
|
-
const auto* http_connection_manager =
|
|
491
|
-
envoy_extensions_filters_network_http_connection_manager_v3_HttpConnectionManager_parse(
|
|
492
|
-
encoded_api_listener.data, encoded_api_listener.size, context.arena);
|
|
493
|
-
if (http_connection_manager == nullptr) {
|
|
494
|
-
return absl::InvalidArgumentError(
|
|
495
|
-
"Could not parse HttpConnectionManager config from ApiListener");
|
|
496
|
-
}
|
|
497
|
-
auto hcm = HttpConnectionManagerParse(true /* is_client */, context,
|
|
498
|
-
http_connection_manager, is_v2);
|
|
499
|
-
if (!hcm.ok()) return hcm.status();
|
|
503
|
+
const envoy_config_listener_v3_ApiListener* api_listener) {
|
|
500
504
|
XdsListenerResource lds_update;
|
|
501
|
-
|
|
502
|
-
|
|
503
|
-
|
|
505
|
+
ValidationErrors errors;
|
|
506
|
+
ValidationErrors::ScopedField field(&errors, "api_listener.api_listener");
|
|
507
|
+
auto* api_listener_field =
|
|
508
|
+
envoy_config_listener_v3_ApiListener_api_listener(api_listener);
|
|
509
|
+
if (api_listener_field == nullptr) {
|
|
510
|
+
errors.AddError("field not present");
|
|
511
|
+
} else {
|
|
512
|
+
auto extension = ExtractXdsExtension(context, api_listener_field, &errors);
|
|
513
|
+
if (extension.has_value()) {
|
|
514
|
+
lds_update.listener = HttpConnectionManagerParse(
|
|
515
|
+
/*is_client=*/true, context, std::move(*extension), &errors);
|
|
516
|
+
}
|
|
517
|
+
}
|
|
518
|
+
if (!errors.ok()) return errors.status("errors validating ApiListener");
|
|
519
|
+
return std::move(lds_update);
|
|
504
520
|
}
|
|
505
521
|
|
|
506
|
-
|
|
507
|
-
DownstreamTlsContextParse(
|
|
522
|
+
XdsListenerResource::DownstreamTlsContext DownstreamTlsContextParse(
|
|
508
523
|
const XdsResourceType::DecodeContext& context,
|
|
509
|
-
const envoy_config_core_v3_TransportSocket* transport_socket
|
|
524
|
+
const envoy_config_core_v3_TransportSocket* transport_socket,
|
|
525
|
+
ValidationErrors* errors) {
|
|
526
|
+
ValidationErrors::ScopedField field(errors, ".typed_config");
|
|
510
527
|
const auto* typed_config =
|
|
511
528
|
envoy_config_core_v3_TransportSocket_typed_config(transport_socket);
|
|
512
|
-
|
|
513
|
-
|
|
514
|
-
|
|
515
|
-
absl::string_view type_url = absl::StripPrefix(
|
|
516
|
-
UpbStringToAbsl(google_protobuf_Any_type_url(typed_config)),
|
|
517
|
-
"type.googleapis.com/");
|
|
518
|
-
if (type_url !=
|
|
529
|
+
auto extension = ExtractXdsExtension(context, typed_config, errors);
|
|
530
|
+
if (!extension.has_value()) return {};
|
|
531
|
+
if (extension->type !=
|
|
519
532
|
"envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext") {
|
|
520
|
-
|
|
521
|
-
|
|
533
|
+
ValidationErrors::ScopedField field(errors, ".type_url");
|
|
534
|
+
errors->AddError("unsupported transport socket type");
|
|
535
|
+
return {};
|
|
536
|
+
}
|
|
537
|
+
absl::string_view* serialized_downstream_tls_context =
|
|
538
|
+
absl::get_if<absl::string_view>(&extension->value);
|
|
539
|
+
if (serialized_downstream_tls_context == nullptr) {
|
|
540
|
+
errors->AddError("can't decode DownstreamTlsContext");
|
|
541
|
+
return {};
|
|
522
542
|
}
|
|
523
|
-
const upb_StringView encoded_downstream_tls_context =
|
|
524
|
-
google_protobuf_Any_value(typed_config);
|
|
525
543
|
const auto* downstream_tls_context_proto =
|
|
526
544
|
envoy_extensions_transport_sockets_tls_v3_DownstreamTlsContext_parse(
|
|
527
|
-
|
|
528
|
-
|
|
545
|
+
serialized_downstream_tls_context->data(),
|
|
546
|
+
serialized_downstream_tls_context->size(), context.arena);
|
|
529
547
|
if (downstream_tls_context_proto == nullptr) {
|
|
530
|
-
|
|
548
|
+
errors->AddError("can't decode DownstreamTlsContext");
|
|
549
|
+
return {};
|
|
531
550
|
}
|
|
532
|
-
std::vector<std::string> errors;
|
|
533
551
|
XdsListenerResource::DownstreamTlsContext downstream_tls_context;
|
|
534
552
|
auto* common_tls_context =
|
|
535
553
|
envoy_extensions_transport_sockets_tls_v3_DownstreamTlsContext_common_tls_context(
|
|
536
554
|
downstream_tls_context_proto);
|
|
537
555
|
if (common_tls_context != nullptr) {
|
|
538
|
-
|
|
539
|
-
|
|
540
|
-
|
|
541
|
-
|
|
542
|
-
|
|
556
|
+
ValidationErrors::ScopedField field(errors, ".common_tls_context");
|
|
557
|
+
downstream_tls_context.common_tls_context =
|
|
558
|
+
CommonTlsContext::Parse(context, common_tls_context, errors);
|
|
559
|
+
// Note: We can't be more specific about the field name for this
|
|
560
|
+
// error, because we don't know which fields they were found in
|
|
561
|
+
// inside of CommonTlsContext, so we make the error message a bit
|
|
562
|
+
// more verbose to compensate.
|
|
563
|
+
if (!downstream_tls_context.common_tls_context
|
|
564
|
+
.certificate_validation_context.match_subject_alt_names.empty()) {
|
|
565
|
+
errors->AddError("match_subject_alt_names not supported on servers");
|
|
543
566
|
}
|
|
544
567
|
}
|
|
568
|
+
// Note: We can't be more specific about the field name for this
|
|
569
|
+
// error, because we don't know which fields they were found in
|
|
570
|
+
// inside of CommonTlsContext, so we make the error message a bit
|
|
571
|
+
// more verbose to compensate.
|
|
572
|
+
if (downstream_tls_context.common_tls_context
|
|
573
|
+
.tls_certificate_provider_instance.instance_name.empty()) {
|
|
574
|
+
errors->AddError(
|
|
575
|
+
"TLS configuration provided but no "
|
|
576
|
+
"tls_certificate_provider_instance found");
|
|
577
|
+
}
|
|
545
578
|
auto* require_client_certificate =
|
|
546
579
|
envoy_extensions_transport_sockets_tls_v3_DownstreamTlsContext_require_client_certificate(
|
|
547
580
|
downstream_tls_context_proto);
|
|
548
581
|
if (require_client_certificate != nullptr) {
|
|
549
582
|
downstream_tls_context.require_client_certificate =
|
|
550
583
|
google_protobuf_BoolValue_value(require_client_certificate);
|
|
584
|
+
if (downstream_tls_context.require_client_certificate &&
|
|
585
|
+
downstream_tls_context.common_tls_context.certificate_validation_context
|
|
586
|
+
.ca_certificate_provider_instance.instance_name.empty()) {
|
|
587
|
+
ValidationErrors::ScopedField field(errors,
|
|
588
|
+
".require_client_certificate");
|
|
589
|
+
errors->AddError(
|
|
590
|
+
"client certificate required but no certificate "
|
|
591
|
+
"provider instance specified for validation");
|
|
592
|
+
}
|
|
551
593
|
}
|
|
552
594
|
auto* require_sni =
|
|
553
595
|
envoy_extensions_transport_sockets_tls_v3_DownstreamTlsContext_require_sni(
|
|
554
596
|
downstream_tls_context_proto);
|
|
555
597
|
if (require_sni != nullptr && google_protobuf_BoolValue_value(require_sni)) {
|
|
556
|
-
errors.
|
|
598
|
+
ValidationErrors::ScopedField field(errors, ".require_sni");
|
|
599
|
+
errors->AddError("field unsupported");
|
|
557
600
|
}
|
|
558
601
|
if (envoy_extensions_transport_sockets_tls_v3_DownstreamTlsContext_ocsp_staple_policy(
|
|
559
602
|
downstream_tls_context_proto) !=
|
|
560
603
|
envoy_extensions_transport_sockets_tls_v3_DownstreamTlsContext_LENIENT_STAPLING) {
|
|
561
|
-
errors.
|
|
562
|
-
|
|
563
|
-
if (downstream_tls_context.common_tls_context
|
|
564
|
-
.tls_certificate_provider_instance.instance_name.empty()) {
|
|
565
|
-
errors.emplace_back(
|
|
566
|
-
"TLS configuration provided but no "
|
|
567
|
-
"tls_certificate_provider_instance found.");
|
|
568
|
-
}
|
|
569
|
-
if (downstream_tls_context.require_client_certificate &&
|
|
570
|
-
downstream_tls_context.common_tls_context.certificate_validation_context
|
|
571
|
-
.ca_certificate_provider_instance.instance_name.empty()) {
|
|
572
|
-
errors.emplace_back(
|
|
573
|
-
"TLS configuration requires client certificates but no certificate "
|
|
574
|
-
"provider instance specified for validation.");
|
|
575
|
-
}
|
|
576
|
-
if (!downstream_tls_context.common_tls_context.certificate_validation_context
|
|
577
|
-
.match_subject_alt_names.empty()) {
|
|
578
|
-
errors.emplace_back("match_subject_alt_names not supported on servers");
|
|
579
|
-
}
|
|
580
|
-
// Return result.
|
|
581
|
-
if (!errors.empty()) {
|
|
582
|
-
return absl::InvalidArgumentError(
|
|
583
|
-
absl::StrCat("Errors parsing DownstreamTlsContext: [",
|
|
584
|
-
absl::StrJoin(errors, "; "), "]"));
|
|
604
|
+
ValidationErrors::ScopedField field(errors, ".ocsp_staple_policy");
|
|
605
|
+
errors->AddError("value must be LENIENT_STAPLING");
|
|
585
606
|
}
|
|
586
607
|
return downstream_tls_context;
|
|
587
608
|
}
|
|
588
609
|
|
|
589
|
-
absl::
|
|
590
|
-
const envoy_config_core_v3_CidrRange* cidr_range_proto
|
|
610
|
+
absl::optional<XdsListenerResource::FilterChainMap::CidrRange> CidrRangeParse(
|
|
611
|
+
const envoy_config_core_v3_CidrRange* cidr_range_proto,
|
|
612
|
+
ValidationErrors* errors) {
|
|
613
|
+
ValidationErrors::ScopedField field(errors, ".address_prefix");
|
|
591
614
|
XdsListenerResource::FilterChainMap::CidrRange cidr_range;
|
|
592
615
|
std::string address_prefix = UpbStringToStdString(
|
|
593
616
|
envoy_config_core_v3_CidrRange_address_prefix(cidr_range_proto));
|
|
594
617
|
auto address = StringToSockaddr(address_prefix, /*port=*/0);
|
|
595
|
-
if (!address.ok())
|
|
618
|
+
if (!address.ok()) {
|
|
619
|
+
errors->AddError(address.status().message());
|
|
620
|
+
return absl::nullopt;
|
|
621
|
+
}
|
|
596
622
|
cidr_range.address = *address;
|
|
597
623
|
cidr_range.prefix_len = 0;
|
|
598
624
|
auto* prefix_len_proto =
|
|
@@ -610,10 +636,12 @@ absl::StatusOr<XdsListenerResource::FilterChainMap::CidrRange> CidrRangeParse(
|
|
|
610
636
|
return cidr_range;
|
|
611
637
|
}
|
|
612
638
|
|
|
613
|
-
absl::
|
|
614
|
-
const envoy_config_listener_v3_FilterChainMatch* filter_chain_match_proto
|
|
615
|
-
|
|
639
|
+
absl::optional<FilterChain::FilterChainMatch> FilterChainMatchParse(
|
|
640
|
+
const envoy_config_listener_v3_FilterChainMatch* filter_chain_match_proto,
|
|
641
|
+
ValidationErrors* errors) {
|
|
616
642
|
FilterChain::FilterChainMatch filter_chain_match;
|
|
643
|
+
const size_t original_error_size = errors->size();
|
|
644
|
+
// destination_port
|
|
617
645
|
auto* destination_port =
|
|
618
646
|
envoy_config_listener_v3_FilterChainMatch_destination_port(
|
|
619
647
|
filter_chain_match_proto);
|
|
@@ -621,51 +649,56 @@ absl::StatusOr<FilterChain::FilterChainMatch> FilterChainMatchParse(
|
|
|
621
649
|
filter_chain_match.destination_port =
|
|
622
650
|
google_protobuf_UInt32Value_value(destination_port);
|
|
623
651
|
}
|
|
652
|
+
// prefix_ranges
|
|
624
653
|
size_t size = 0;
|
|
625
654
|
auto* prefix_ranges = envoy_config_listener_v3_FilterChainMatch_prefix_ranges(
|
|
626
655
|
filter_chain_match_proto, &size);
|
|
627
656
|
filter_chain_match.prefix_ranges.reserve(size);
|
|
628
657
|
for (size_t i = 0; i < size; i++) {
|
|
629
|
-
|
|
630
|
-
|
|
631
|
-
|
|
632
|
-
|
|
633
|
-
|
|
658
|
+
ValidationErrors::ScopedField field(
|
|
659
|
+
errors, absl::StrCat(".prefix_ranges[", i, "]"));
|
|
660
|
+
auto cidr_range = CidrRangeParse(prefix_ranges[i], errors);
|
|
661
|
+
if (cidr_range.has_value()) {
|
|
662
|
+
filter_chain_match.prefix_ranges.push_back(*cidr_range);
|
|
634
663
|
}
|
|
635
|
-
filter_chain_match.prefix_ranges.push_back(*cidr_range);
|
|
636
664
|
}
|
|
665
|
+
// source_type
|
|
637
666
|
filter_chain_match.source_type =
|
|
638
667
|
static_cast<XdsListenerResource::FilterChainMap::ConnectionSourceType>(
|
|
639
668
|
envoy_config_listener_v3_FilterChainMatch_source_type(
|
|
640
669
|
filter_chain_match_proto));
|
|
670
|
+
// source_prefix_ranges
|
|
641
671
|
auto* source_prefix_ranges =
|
|
642
672
|
envoy_config_listener_v3_FilterChainMatch_source_prefix_ranges(
|
|
643
673
|
filter_chain_match_proto, &size);
|
|
644
674
|
filter_chain_match.source_prefix_ranges.reserve(size);
|
|
645
675
|
for (size_t i = 0; i < size; i++) {
|
|
646
|
-
|
|
647
|
-
|
|
648
|
-
|
|
649
|
-
|
|
650
|
-
|
|
676
|
+
ValidationErrors::ScopedField field(
|
|
677
|
+
errors, absl::StrCat(".source_prefix_ranges[", i, "]"));
|
|
678
|
+
auto cidr_range = CidrRangeParse(source_prefix_ranges[i], errors);
|
|
679
|
+
if (cidr_range.has_value()) {
|
|
680
|
+
filter_chain_match.source_prefix_ranges.push_back(*cidr_range);
|
|
651
681
|
}
|
|
652
|
-
filter_chain_match.source_prefix_ranges.push_back(*cidr_range);
|
|
653
682
|
}
|
|
683
|
+
// source_ports
|
|
654
684
|
auto* source_ports = envoy_config_listener_v3_FilterChainMatch_source_ports(
|
|
655
685
|
filter_chain_match_proto, &size);
|
|
656
686
|
filter_chain_match.source_ports.reserve(size);
|
|
657
687
|
for (size_t i = 0; i < size; i++) {
|
|
658
688
|
filter_chain_match.source_ports.push_back(source_ports[i]);
|
|
659
689
|
}
|
|
690
|
+
// server_names
|
|
660
691
|
auto* server_names = envoy_config_listener_v3_FilterChainMatch_server_names(
|
|
661
692
|
filter_chain_match_proto, &size);
|
|
662
693
|
for (size_t i = 0; i < size; i++) {
|
|
663
694
|
filter_chain_match.server_names.push_back(
|
|
664
695
|
UpbStringToStdString(server_names[i]));
|
|
665
696
|
}
|
|
697
|
+
// transport_protocol
|
|
666
698
|
filter_chain_match.transport_protocol = UpbStringToStdString(
|
|
667
699
|
envoy_config_listener_v3_FilterChainMatch_transport_protocol(
|
|
668
700
|
filter_chain_match_proto));
|
|
701
|
+
// application_protocols
|
|
669
702
|
auto* application_protocols =
|
|
670
703
|
envoy_config_listener_v3_FilterChainMatch_application_protocols(
|
|
671
704
|
filter_chain_match_proto, &size);
|
|
@@ -674,112 +707,93 @@ absl::StatusOr<FilterChain::FilterChainMatch> FilterChainMatchParse(
|
|
|
674
707
|
UpbStringToStdString(application_protocols[i]));
|
|
675
708
|
}
|
|
676
709
|
// Return result.
|
|
677
|
-
if (
|
|
678
|
-
return absl::InvalidArgumentError(
|
|
679
|
-
absl::StrCat("errors parsing filter chain match: [",
|
|
680
|
-
absl::StrJoin(errors, "; "), "]"));
|
|
681
|
-
}
|
|
710
|
+
if (errors->size() != original_error_size) return absl::nullopt;
|
|
682
711
|
return filter_chain_match;
|
|
683
712
|
}
|
|
684
713
|
|
|
685
|
-
absl::
|
|
714
|
+
absl::optional<FilterChain> FilterChainParse(
|
|
686
715
|
const XdsResourceType::DecodeContext& context,
|
|
687
716
|
const envoy_config_listener_v3_FilterChain* filter_chain_proto,
|
|
688
|
-
|
|
717
|
+
ValidationErrors* errors) {
|
|
689
718
|
FilterChain filter_chain;
|
|
690
|
-
|
|
719
|
+
const size_t original_error_size = errors->size();
|
|
720
|
+
// filter_chain_match
|
|
691
721
|
auto* filter_chain_match =
|
|
692
722
|
envoy_config_listener_v3_FilterChain_filter_chain_match(
|
|
693
723
|
filter_chain_proto);
|
|
694
724
|
if (filter_chain_match != nullptr) {
|
|
695
|
-
|
|
696
|
-
|
|
697
|
-
|
|
698
|
-
} else {
|
|
725
|
+
ValidationErrors::ScopedField field(errors, ".filter_chain_match");
|
|
726
|
+
auto match = FilterChainMatchParse(filter_chain_match, errors);
|
|
727
|
+
if (match.has_value()) {
|
|
699
728
|
filter_chain.filter_chain_match = std::move(*match);
|
|
700
729
|
}
|
|
701
730
|
}
|
|
702
|
-
|
|
703
|
-
|
|
704
|
-
|
|
705
|
-
|
|
706
|
-
|
|
707
|
-
|
|
708
|
-
|
|
709
|
-
|
|
710
|
-
|
|
711
|
-
|
|
712
|
-
|
|
713
|
-
|
|
714
|
-
|
|
715
|
-
|
|
716
|
-
|
|
717
|
-
|
|
718
|
-
|
|
719
|
-
|
|
720
|
-
|
|
721
|
-
|
|
722
|
-
|
|
723
|
-
|
|
724
|
-
|
|
725
|
-
|
|
726
|
-
const upb_StringView encoded_http_connection_manager =
|
|
727
|
-
google_protobuf_Any_value(typed_config);
|
|
728
|
-
const auto* http_connection_manager =
|
|
729
|
-
envoy_extensions_filters_network_http_connection_manager_v3_HttpConnectionManager_parse(
|
|
730
|
-
encoded_http_connection_manager.data,
|
|
731
|
-
encoded_http_connection_manager.size, context.arena);
|
|
732
|
-
if (http_connection_manager == nullptr) {
|
|
733
|
-
errors.emplace_back(
|
|
734
|
-
"Could not parse HttpConnectionManager config from filter "
|
|
735
|
-
"typed_config");
|
|
736
|
-
} else {
|
|
737
|
-
auto hcm = HttpConnectionManagerParse(
|
|
738
|
-
/*is_client=*/false, context, http_connection_manager, is_v2);
|
|
739
|
-
if (!hcm.ok()) {
|
|
740
|
-
errors.emplace_back(hcm.status().message());
|
|
741
|
-
} else {
|
|
742
|
-
filter_chain.filter_chain_data->http_connection_manager =
|
|
743
|
-
std::move(*hcm);
|
|
744
|
-
}
|
|
745
|
-
}
|
|
731
|
+
// filters
|
|
732
|
+
{
|
|
733
|
+
ValidationErrors::ScopedField field(errors, ".filters");
|
|
734
|
+
filter_chain.filter_chain_data =
|
|
735
|
+
std::make_shared<XdsListenerResource::FilterChainData>();
|
|
736
|
+
size_t size = 0;
|
|
737
|
+
auto* filters =
|
|
738
|
+
envoy_config_listener_v3_FilterChain_filters(filter_chain_proto, &size);
|
|
739
|
+
if (size != 1) {
|
|
740
|
+
errors->AddError(
|
|
741
|
+
"must have exactly one filter (HttpConnectionManager -- "
|
|
742
|
+
"no other filter is supported at the moment)");
|
|
743
|
+
}
|
|
744
|
+
// entries in filters list
|
|
745
|
+
for (size_t i = 0; i < size; ++i) {
|
|
746
|
+
ValidationErrors::ScopedField field(
|
|
747
|
+
errors, absl::StrCat("[", i, "].typed_config"));
|
|
748
|
+
auto* typed_config =
|
|
749
|
+
envoy_config_listener_v3_Filter_typed_config(filters[i]);
|
|
750
|
+
auto extension = ExtractXdsExtension(context, typed_config, errors);
|
|
751
|
+
if (extension.has_value()) {
|
|
752
|
+
filter_chain.filter_chain_data->http_connection_manager =
|
|
753
|
+
HttpConnectionManagerParse(/*is_client=*/false, context,
|
|
754
|
+
std::move(*extension), errors);
|
|
746
755
|
}
|
|
747
756
|
}
|
|
748
757
|
}
|
|
758
|
+
// transport_socket
|
|
749
759
|
auto* transport_socket =
|
|
750
760
|
envoy_config_listener_v3_FilterChain_transport_socket(filter_chain_proto);
|
|
751
761
|
if (transport_socket != nullptr) {
|
|
752
|
-
|
|
753
|
-
|
|
754
|
-
|
|
755
|
-
errors.emplace_back(downstream_context.status().message());
|
|
756
|
-
} else {
|
|
757
|
-
filter_chain.filter_chain_data->downstream_tls_context =
|
|
758
|
-
std::move(*downstream_context);
|
|
759
|
-
}
|
|
762
|
+
ValidationErrors::ScopedField field(errors, ".transport_socket");
|
|
763
|
+
filter_chain.filter_chain_data->downstream_tls_context =
|
|
764
|
+
DownstreamTlsContextParse(context, transport_socket, errors);
|
|
760
765
|
}
|
|
761
766
|
// Return result.
|
|
762
|
-
if (
|
|
763
|
-
return absl::InvalidArgumentError(absl::StrCat(
|
|
764
|
-
"Errors parsing FilterChain: [", absl::StrJoin(errors, "; "), "]"));
|
|
765
|
-
}
|
|
767
|
+
if (errors->size() != original_error_size) return absl::nullopt;
|
|
766
768
|
return filter_chain;
|
|
767
769
|
}
|
|
768
770
|
|
|
769
|
-
absl::
|
|
770
|
-
const envoy_config_core_v3_Address* address_proto
|
|
771
|
+
absl::optional<std::string> AddressParse(
|
|
772
|
+
const envoy_config_core_v3_Address* address_proto,
|
|
773
|
+
ValidationErrors* errors) {
|
|
774
|
+
if (address_proto == nullptr) {
|
|
775
|
+
errors->AddError("field not present");
|
|
776
|
+
return absl::nullopt;
|
|
777
|
+
}
|
|
778
|
+
ValidationErrors::ScopedField field(errors, ".socket_address");
|
|
771
779
|
const auto* socket_address =
|
|
772
780
|
envoy_config_core_v3_Address_socket_address(address_proto);
|
|
773
781
|
if (socket_address == nullptr) {
|
|
774
|
-
|
|
775
|
-
|
|
776
|
-
|
|
777
|
-
|
|
778
|
-
|
|
782
|
+
errors->AddError("field not present");
|
|
783
|
+
return absl::nullopt;
|
|
784
|
+
}
|
|
785
|
+
{
|
|
786
|
+
ValidationErrors::ScopedField field(errors, ".protocol");
|
|
787
|
+
if (envoy_config_core_v3_SocketAddress_protocol(socket_address) !=
|
|
788
|
+
envoy_config_core_v3_SocketAddress_TCP) {
|
|
789
|
+
errors->AddError("value must be TCP");
|
|
790
|
+
}
|
|
779
791
|
}
|
|
792
|
+
ValidationErrors::ScopedField field2(errors, ".port_value");
|
|
780
793
|
uint32_t port = envoy_config_core_v3_SocketAddress_port_value(socket_address);
|
|
781
794
|
if (port > 65535) {
|
|
782
|
-
|
|
795
|
+
errors->AddError("invalid port");
|
|
796
|
+
return absl::nullopt;
|
|
783
797
|
}
|
|
784
798
|
return JoinHostPort(
|
|
785
799
|
UpbStringToAbsl(
|
|
@@ -803,97 +817,103 @@ struct InternalFilterChainMap {
|
|
|
803
817
|
DestinationIpMap destination_ip_map;
|
|
804
818
|
};
|
|
805
819
|
|
|
806
|
-
|
|
820
|
+
void AddFilterChainDataForSourcePort(
|
|
807
821
|
const FilterChain& filter_chain, uint32_t port,
|
|
808
|
-
XdsListenerResource::FilterChainMap::SourcePortsMap* ports_map
|
|
822
|
+
XdsListenerResource::FilterChainMap::SourcePortsMap* ports_map,
|
|
823
|
+
ValidationErrors* errors) {
|
|
809
824
|
auto insert_result = ports_map->emplace(
|
|
810
825
|
port, XdsListenerResource::FilterChainMap::FilterChainDataSharedPtr{
|
|
811
826
|
filter_chain.filter_chain_data});
|
|
812
827
|
if (!insert_result.second) {
|
|
813
|
-
|
|
814
|
-
"
|
|
828
|
+
errors->AddError(absl::StrCat(
|
|
829
|
+
"duplicate matching rules detected when adding filter chain: ",
|
|
815
830
|
filter_chain.filter_chain_match.ToString()));
|
|
816
831
|
}
|
|
817
|
-
return absl::OkStatus();
|
|
818
832
|
}
|
|
819
833
|
|
|
820
|
-
|
|
834
|
+
void AddFilterChainDataForSourcePorts(
|
|
821
835
|
const FilterChain& filter_chain,
|
|
822
|
-
XdsListenerResource::FilterChainMap::SourcePortsMap* ports_map
|
|
836
|
+
XdsListenerResource::FilterChainMap::SourcePortsMap* ports_map,
|
|
837
|
+
ValidationErrors* errors) {
|
|
823
838
|
if (filter_chain.filter_chain_match.source_ports.empty()) {
|
|
824
|
-
|
|
839
|
+
AddFilterChainDataForSourcePort(filter_chain, 0, ports_map, errors);
|
|
825
840
|
} else {
|
|
826
841
|
for (uint32_t port : filter_chain.filter_chain_match.source_ports) {
|
|
827
|
-
|
|
828
|
-
AddFilterChainDataForSourcePort(filter_chain, port, ports_map);
|
|
829
|
-
if (!status.ok()) return status;
|
|
842
|
+
AddFilterChainDataForSourcePort(filter_chain, port, ports_map, errors);
|
|
830
843
|
}
|
|
831
844
|
}
|
|
832
|
-
return absl::OkStatus();
|
|
833
845
|
}
|
|
834
846
|
|
|
835
|
-
|
|
847
|
+
void AddFilterChainDataForSourceIpRange(
|
|
836
848
|
const FilterChain& filter_chain,
|
|
837
|
-
InternalFilterChainMap::SourceIpMap* source_ip_map
|
|
849
|
+
InternalFilterChainMap::SourceIpMap* source_ip_map,
|
|
850
|
+
ValidationErrors* errors) {
|
|
838
851
|
if (filter_chain.filter_chain_match.source_prefix_ranges.empty()) {
|
|
839
852
|
auto insert_result = source_ip_map->emplace(
|
|
840
853
|
"", XdsListenerResource::FilterChainMap::SourceIp());
|
|
841
|
-
|
|
842
|
-
filter_chain, &insert_result.first->second.ports_map);
|
|
854
|
+
AddFilterChainDataForSourcePorts(
|
|
855
|
+
filter_chain, &insert_result.first->second.ports_map, errors);
|
|
843
856
|
} else {
|
|
844
857
|
for (const auto& prefix_range :
|
|
845
858
|
filter_chain.filter_chain_match.source_prefix_ranges) {
|
|
846
859
|
auto addr_str = grpc_sockaddr_to_string(&prefix_range.address, false);
|
|
847
|
-
if (!addr_str.ok())
|
|
860
|
+
if (!addr_str.ok()) {
|
|
861
|
+
errors->AddError(absl::StrCat(
|
|
862
|
+
"error parsing source IP sockaddr (should not happen): ",
|
|
863
|
+
addr_str.status().message()));
|
|
864
|
+
continue;
|
|
865
|
+
}
|
|
848
866
|
auto insert_result = source_ip_map->emplace(
|
|
849
867
|
absl::StrCat(*addr_str, "/", prefix_range.prefix_len),
|
|
850
868
|
XdsListenerResource::FilterChainMap::SourceIp());
|
|
851
869
|
if (insert_result.second) {
|
|
852
870
|
insert_result.first->second.prefix_range.emplace(prefix_range);
|
|
853
871
|
}
|
|
854
|
-
|
|
855
|
-
filter_chain, &insert_result.first->second.ports_map);
|
|
856
|
-
if (!status.ok()) return status;
|
|
872
|
+
AddFilterChainDataForSourcePorts(
|
|
873
|
+
filter_chain, &insert_result.first->second.ports_map, errors);
|
|
857
874
|
}
|
|
858
875
|
}
|
|
859
|
-
return absl::OkStatus();
|
|
860
876
|
}
|
|
861
877
|
|
|
862
|
-
|
|
878
|
+
void AddFilterChainDataForSourceType(
|
|
863
879
|
const FilterChain& filter_chain,
|
|
864
|
-
InternalFilterChainMap::DestinationIp* destination_ip
|
|
880
|
+
InternalFilterChainMap::DestinationIp* destination_ip,
|
|
881
|
+
ValidationErrors* errors) {
|
|
865
882
|
GPR_ASSERT(static_cast<unsigned int>(
|
|
866
883
|
filter_chain.filter_chain_match.source_type) < 3);
|
|
867
|
-
|
|
868
|
-
filter_chain,
|
|
869
|
-
|
|
884
|
+
AddFilterChainDataForSourceIpRange(
|
|
885
|
+
filter_chain,
|
|
886
|
+
&destination_ip->source_types_array[static_cast<int>(
|
|
887
|
+
filter_chain.filter_chain_match.source_type)],
|
|
888
|
+
errors);
|
|
870
889
|
}
|
|
871
890
|
|
|
872
|
-
|
|
891
|
+
void AddFilterChainDataForApplicationProtocols(
|
|
873
892
|
const FilterChain& filter_chain,
|
|
874
|
-
InternalFilterChainMap::DestinationIp* destination_ip
|
|
893
|
+
InternalFilterChainMap::DestinationIp* destination_ip,
|
|
894
|
+
ValidationErrors* errors) {
|
|
875
895
|
// Only allow filter chains that do not mention application protocols
|
|
876
|
-
if (
|
|
877
|
-
|
|
896
|
+
if (filter_chain.filter_chain_match.application_protocols.empty()) {
|
|
897
|
+
AddFilterChainDataForSourceType(filter_chain, destination_ip, errors);
|
|
878
898
|
}
|
|
879
|
-
return AddFilterChainDataForSourceType(filter_chain, destination_ip);
|
|
880
899
|
}
|
|
881
900
|
|
|
882
|
-
|
|
901
|
+
void AddFilterChainDataForTransportProtocol(
|
|
883
902
|
const FilterChain& filter_chain,
|
|
884
|
-
InternalFilterChainMap::DestinationIp* destination_ip
|
|
903
|
+
InternalFilterChainMap::DestinationIp* destination_ip,
|
|
904
|
+
ValidationErrors* errors) {
|
|
885
905
|
const std::string& transport_protocol =
|
|
886
906
|
filter_chain.filter_chain_match.transport_protocol;
|
|
887
907
|
// Only allow filter chains with no transport protocol or "raw_buffer"
|
|
888
908
|
if (!transport_protocol.empty() && transport_protocol != "raw_buffer") {
|
|
889
|
-
return
|
|
909
|
+
return;
|
|
890
910
|
}
|
|
891
911
|
// If for this configuration, we've already seen filter chains that mention
|
|
892
912
|
// the transport protocol as "raw_buffer", we will never match filter chains
|
|
893
913
|
// that do not mention it.
|
|
894
914
|
if (destination_ip->transport_protocol_raw_buffer_provided &&
|
|
895
915
|
transport_protocol.empty()) {
|
|
896
|
-
return
|
|
916
|
+
return;
|
|
897
917
|
}
|
|
898
918
|
if (!transport_protocol.empty() &&
|
|
899
919
|
!destination_ip->transport_protocol_raw_buffer_provided) {
|
|
@@ -903,45 +923,50 @@ absl::Status AddFilterChainDataForTransportProtocol(
|
|
|
903
923
|
destination_ip->source_types_array =
|
|
904
924
|
InternalFilterChainMap::ConnectionSourceTypesArray();
|
|
905
925
|
}
|
|
906
|
-
|
|
907
|
-
|
|
926
|
+
AddFilterChainDataForApplicationProtocols(filter_chain, destination_ip,
|
|
927
|
+
errors);
|
|
908
928
|
}
|
|
909
929
|
|
|
910
|
-
|
|
930
|
+
void AddFilterChainDataForServerNames(
|
|
911
931
|
const FilterChain& filter_chain,
|
|
912
|
-
InternalFilterChainMap::DestinationIp* destination_ip
|
|
932
|
+
InternalFilterChainMap::DestinationIp* destination_ip,
|
|
933
|
+
ValidationErrors* errors) {
|
|
913
934
|
// Don't continue adding filter chains with server names mentioned
|
|
914
|
-
if (
|
|
915
|
-
|
|
935
|
+
if (filter_chain.filter_chain_match.server_names.empty()) {
|
|
936
|
+
AddFilterChainDataForTransportProtocol(filter_chain, destination_ip,
|
|
937
|
+
errors);
|
|
916
938
|
}
|
|
917
|
-
return AddFilterChainDataForTransportProtocol(filter_chain, destination_ip);
|
|
918
939
|
}
|
|
919
940
|
|
|
920
|
-
|
|
941
|
+
void AddFilterChainDataForDestinationIpRange(
|
|
921
942
|
const FilterChain& filter_chain,
|
|
922
|
-
InternalFilterChainMap::DestinationIpMap* destination_ip_map
|
|
943
|
+
InternalFilterChainMap::DestinationIpMap* destination_ip_map,
|
|
944
|
+
ValidationErrors* errors) {
|
|
923
945
|
if (filter_chain.filter_chain_match.prefix_ranges.empty()) {
|
|
924
946
|
auto insert_result = destination_ip_map->emplace(
|
|
925
947
|
"", InternalFilterChainMap::DestinationIp());
|
|
926
|
-
|
|
927
|
-
|
|
948
|
+
AddFilterChainDataForServerNames(filter_chain, &insert_result.first->second,
|
|
949
|
+
errors);
|
|
928
950
|
} else {
|
|
929
951
|
for (const auto& prefix_range :
|
|
930
952
|
filter_chain.filter_chain_match.prefix_ranges) {
|
|
931
953
|
auto addr_str = grpc_sockaddr_to_string(&prefix_range.address, false);
|
|
932
|
-
if (!addr_str.ok())
|
|
954
|
+
if (!addr_str.ok()) {
|
|
955
|
+
errors->AddError(absl::StrCat(
|
|
956
|
+
"error parsing destination IP sockaddr (should not happen): ",
|
|
957
|
+
addr_str.status().message()));
|
|
958
|
+
continue;
|
|
959
|
+
}
|
|
933
960
|
auto insert_result = destination_ip_map->emplace(
|
|
934
961
|
absl::StrCat(*addr_str, "/", prefix_range.prefix_len),
|
|
935
962
|
InternalFilterChainMap::DestinationIp());
|
|
936
963
|
if (insert_result.second) {
|
|
937
964
|
insert_result.first->second.prefix_range.emplace(prefix_range);
|
|
938
965
|
}
|
|
939
|
-
|
|
940
|
-
|
|
941
|
-
if (!status.ok()) return status;
|
|
966
|
+
AddFilterChainDataForServerNames(filter_chain,
|
|
967
|
+
&insert_result.first->second, errors);
|
|
942
968
|
}
|
|
943
969
|
}
|
|
944
|
-
return absl::OkStatus();
|
|
945
970
|
}
|
|
946
971
|
|
|
947
972
|
XdsListenerResource::FilterChainMap BuildFromInternalFilterChainMap(
|
|
@@ -963,68 +988,86 @@ XdsListenerResource::FilterChainMap BuildFromInternalFilterChainMap(
|
|
|
963
988
|
return filter_chain_map;
|
|
964
989
|
}
|
|
965
990
|
|
|
966
|
-
|
|
967
|
-
const std::vector<FilterChain>& filter_chains) {
|
|
991
|
+
XdsListenerResource::FilterChainMap BuildFilterChainMap(
|
|
992
|
+
const std::vector<FilterChain>& filter_chains, ValidationErrors* errors) {
|
|
968
993
|
InternalFilterChainMap internal_filter_chain_map;
|
|
969
994
|
for (const auto& filter_chain : filter_chains) {
|
|
970
995
|
// Discard filter chain entries that specify destination port
|
|
971
996
|
if (filter_chain.filter_chain_match.destination_port != 0) continue;
|
|
972
|
-
|
|
973
|
-
filter_chain, &internal_filter_chain_map.destination_ip_map);
|
|
974
|
-
if (!status.ok()) return status;
|
|
997
|
+
AddFilterChainDataForDestinationIpRange(
|
|
998
|
+
filter_chain, &internal_filter_chain_map.destination_ip_map, errors);
|
|
975
999
|
}
|
|
976
1000
|
return BuildFromInternalFilterChainMap(&internal_filter_chain_map);
|
|
977
1001
|
}
|
|
978
1002
|
|
|
979
1003
|
absl::StatusOr<XdsListenerResource> LdsResourceParseServer(
|
|
980
1004
|
const XdsResourceType::DecodeContext& context,
|
|
981
|
-
const envoy_config_listener_v3_Listener* listener
|
|
982
|
-
|
|
983
|
-
|
|
984
|
-
|
|
985
|
-
|
|
986
|
-
|
|
987
|
-
|
|
988
|
-
|
|
989
|
-
|
|
990
|
-
|
|
991
|
-
|
|
992
|
-
|
|
993
|
-
|
|
1005
|
+
const envoy_config_listener_v3_Listener* listener) {
|
|
1006
|
+
ValidationErrors errors;
|
|
1007
|
+
XdsListenerResource::TcpListener tcp_listener;
|
|
1008
|
+
// address
|
|
1009
|
+
{
|
|
1010
|
+
ValidationErrors::ScopedField field(&errors, "address");
|
|
1011
|
+
auto address = AddressParse(
|
|
1012
|
+
envoy_config_listener_v3_Listener_address(listener), &errors);
|
|
1013
|
+
if (address.has_value()) tcp_listener.address = std::move(*address);
|
|
1014
|
+
}
|
|
1015
|
+
// use_original_dst
|
|
1016
|
+
{
|
|
1017
|
+
ValidationErrors::ScopedField field(&errors, "use_original_dst");
|
|
1018
|
+
const auto* use_original_dst =
|
|
1019
|
+
envoy_config_listener_v3_Listener_use_original_dst(listener);
|
|
1020
|
+
if (use_original_dst != nullptr &&
|
|
1021
|
+
google_protobuf_BoolValue_value(use_original_dst)) {
|
|
1022
|
+
errors.AddError("field not supported");
|
|
994
1023
|
}
|
|
995
1024
|
}
|
|
996
|
-
|
|
997
|
-
|
|
998
|
-
|
|
999
|
-
|
|
1000
|
-
|
|
1001
|
-
|
|
1002
|
-
|
|
1003
|
-
|
|
1004
|
-
|
|
1005
|
-
|
|
1006
|
-
|
|
1007
|
-
|
|
1008
|
-
|
|
1009
|
-
|
|
1010
|
-
|
|
1011
|
-
|
|
1012
|
-
|
|
1013
|
-
|
|
1014
|
-
|
|
1015
|
-
|
|
1016
|
-
|
|
1025
|
+
// filter_chains
|
|
1026
|
+
size_t num_filter_chains = 0;
|
|
1027
|
+
{
|
|
1028
|
+
ValidationErrors::ScopedField field(&errors, "filter_chains");
|
|
1029
|
+
auto* filter_chains = envoy_config_listener_v3_Listener_filter_chains(
|
|
1030
|
+
listener, &num_filter_chains);
|
|
1031
|
+
std::vector<FilterChain> parsed_filter_chains;
|
|
1032
|
+
parsed_filter_chains.reserve(num_filter_chains);
|
|
1033
|
+
for (size_t i = 0; i < num_filter_chains; i++) {
|
|
1034
|
+
ValidationErrors::ScopedField field(&errors, absl::StrCat("[", i, "]"));
|
|
1035
|
+
auto filter_chain = FilterChainParse(context, filter_chains[i], &errors);
|
|
1036
|
+
if (filter_chain.has_value()) {
|
|
1037
|
+
parsed_filter_chains.push_back(std::move(*filter_chain));
|
|
1038
|
+
}
|
|
1039
|
+
}
|
|
1040
|
+
tcp_listener.filter_chain_map =
|
|
1041
|
+
BuildFilterChainMap(parsed_filter_chains, &errors);
|
|
1042
|
+
}
|
|
1043
|
+
// default_filter_chain
|
|
1044
|
+
{
|
|
1045
|
+
ValidationErrors::ScopedField field(&errors, "default_filter_chain");
|
|
1046
|
+
auto* default_filter_chain =
|
|
1047
|
+
envoy_config_listener_v3_Listener_default_filter_chain(listener);
|
|
1048
|
+
if (default_filter_chain != nullptr) {
|
|
1049
|
+
auto filter_chain =
|
|
1050
|
+
FilterChainParse(context, default_filter_chain, &errors);
|
|
1051
|
+
if (filter_chain.has_value() &&
|
|
1052
|
+
filter_chain->filter_chain_data != nullptr) {
|
|
1053
|
+
tcp_listener.default_filter_chain =
|
|
1054
|
+
std::move(*filter_chain->filter_chain_data);
|
|
1055
|
+
}
|
|
1056
|
+
} else if (num_filter_chains == 0) {
|
|
1057
|
+
// Make sure that there is at least one filter chain to use.
|
|
1058
|
+
errors.AddError("must be set if filter_chains is unset");
|
|
1017
1059
|
}
|
|
1018
1060
|
}
|
|
1019
|
-
|
|
1020
|
-
|
|
1021
|
-
|
|
1061
|
+
// Return result.
|
|
1062
|
+
if (!errors.ok()) return errors.status("errors validating server Listener");
|
|
1063
|
+
XdsListenerResource lds_update;
|
|
1064
|
+
lds_update.listener = std::move(tcp_listener);
|
|
1022
1065
|
return lds_update;
|
|
1023
1066
|
}
|
|
1024
1067
|
|
|
1025
1068
|
absl::StatusOr<XdsListenerResource> LdsResourceParse(
|
|
1026
1069
|
const XdsResourceType::DecodeContext& context,
|
|
1027
|
-
const envoy_config_listener_v3_Listener* listener
|
|
1070
|
+
const envoy_config_listener_v3_Listener* listener) {
|
|
1028
1071
|
// Check whether it's a client or server listener.
|
|
1029
1072
|
const envoy_config_listener_v3_ApiListener* api_listener =
|
|
1030
1073
|
envoy_config_listener_v3_Listener_api_listener(listener);
|
|
@@ -1043,9 +1086,9 @@ absl::StatusOr<XdsListenerResource> LdsResourceParse(
|
|
|
1043
1086
|
// If api_listener is present, it's for a client; otherwise, it's
|
|
1044
1087
|
// for a server.
|
|
1045
1088
|
if (api_listener != nullptr) {
|
|
1046
|
-
return LdsResourceParseClient(context, api_listener
|
|
1089
|
+
return LdsResourceParseClient(context, api_listener);
|
|
1047
1090
|
}
|
|
1048
|
-
return LdsResourceParseServer(context, listener
|
|
1091
|
+
return LdsResourceParseServer(context, listener);
|
|
1049
1092
|
}
|
|
1050
1093
|
|
|
1051
1094
|
void MaybeLogListener(const XdsResourceType::DecodeContext& context,
|
|
@@ -1064,7 +1107,7 @@ void MaybeLogListener(const XdsResourceType::DecodeContext& context,
|
|
|
1064
1107
|
|
|
1065
1108
|
XdsResourceType::DecodeResult XdsListenerResourceType::Decode(
|
|
1066
1109
|
const XdsResourceType::DecodeContext& context,
|
|
1067
|
-
absl::string_view serialized_resource
|
|
1110
|
+
absl::string_view serialized_resource) const {
|
|
1068
1111
|
DecodeResult result;
|
|
1069
1112
|
// Parse serialized proto.
|
|
1070
1113
|
auto* resource = envoy_config_listener_v3_Listener_parse(
|
|
@@ -1078,7 +1121,7 @@ XdsResourceType::DecodeResult XdsListenerResourceType::Decode(
|
|
|
1078
1121
|
// Validate resource.
|
|
1079
1122
|
result.name =
|
|
1080
1123
|
UpbStringToStdString(envoy_config_listener_v3_Listener_name(resource));
|
|
1081
|
-
auto listener = LdsResourceParse(context, resource
|
|
1124
|
+
auto listener = LdsResourceParse(context, resource);
|
|
1082
1125
|
if (!listener.ok()) {
|
|
1083
1126
|
if (GRPC_TRACE_FLAG_ENABLED(*context.tracer)) {
|
|
1084
1127
|
gpr_log(GPR_ERROR, "[xds_client %p] invalid Listener %s: %s",
|
|
@@ -1092,9 +1135,8 @@ XdsResourceType::DecodeResult XdsListenerResourceType::Decode(
|
|
|
1092
1135
|
context.client, result.name->c_str(),
|
|
1093
1136
|
listener->ToString().c_str());
|
|
1094
1137
|
}
|
|
1095
|
-
|
|
1096
|
-
|
|
1097
|
-
result.resource = std::move(resource);
|
|
1138
|
+
result.resource =
|
|
1139
|
+
std::make_unique<XdsListenerResource>(std::move(*listener));
|
|
1098
1140
|
}
|
|
1099
1141
|
return result;
|
|
1100
1142
|
}
|