grpc 1.78.0 → 1.80.0.pre1

data/src/core/credentials/transport/tls/tls_security_connector.h

@@ -99,7 +99,7 @@ class TlsChannelSecurityConnector final
     return pem_key_cert_pair_list_;
   }
 
-  std::shared_ptr<RootCertInfo> RootCertInfoForTesting() {
+  std::shared_ptr<tsi::RootCertInfo> RootCertInfoForTesting() {
     MutexLock lock(&mu_);
     return root_cert_info_;
   }
@@ -115,7 +115,7 @@ class TlsChannelSecurityConnector final
         TlsChannelSecurityConnector* security_connector)
         : security_connector_(security_connector) {}
     void OnCertificatesChanged(
-        std::shared_ptr<RootCertInfo> root_certs,
+        std::shared_ptr<tsi::RootCertInfo> root_certs,
         std::optional<PemKeyCertPairList> key_cert_pairs) override;
     void OnError(grpc_error_handle root_cert_error,
                  grpc_error_handle identity_cert_error) override;
@@ -158,7 +158,9 @@ class TlsChannelSecurityConnector final
   Mutex verifier_request_map_mu_;
   RefCountedPtr<grpc_tls_credentials_options> options_;
   grpc_tls_certificate_distributor::TlsCertificatesWatcherInterface*
-      certificate_watcher_ = nullptr;
+      root_certificate_watcher_ = nullptr;
+  grpc_tls_certificate_distributor::TlsCertificatesWatcherInterface*
+      identity_certificate_watcher_ = nullptr;
   std::string target_name_;
   std::string overridden_target_name_;
   tsi_ssl_client_handshaker_factory* client_handshaker_factory_
@@ -167,7 +169,7 @@ class TlsChannelSecurityConnector final
   RefCountedPtr<TlsSessionKeyLogger> tls_session_key_logger_;
   std::optional<PemKeyCertPairList> pem_key_cert_pair_list_
       ABSL_GUARDED_BY(mu_);
-  std::shared_ptr<RootCertInfo> root_cert_info_ ABSL_GUARDED_BY(mu_);
+  std::shared_ptr<tsi::RootCertInfo> root_cert_info_ ABSL_GUARDED_BY(mu_);
   std::map<grpc_closure* /*on_peer_checked*/, ChannelPendingVerifierRequest*>
       pending_verifier_requests_ ABSL_GUARDED_BY(verifier_request_map_mu_);
 };
@@ -209,7 +211,7 @@ class TlsServerSecurityConnector final : public grpc_server_security_connector {
     return pem_key_cert_pair_list_;
   }
 
-  std::shared_ptr<RootCertInfo> RootCertInfoForTesting() {
+  std::shared_ptr<tsi::RootCertInfo> RootCertInfoForTesting() {
     MutexLock lock(&mu_);
     return root_cert_info_;
   }
@@ -225,7 +227,7 @@ class TlsServerSecurityConnector final : public grpc_server_security_connector {
         TlsServerSecurityConnector* security_connector)
         : security_connector_(security_connector) {}
     void OnCertificatesChanged(
-        std::shared_ptr<RootCertInfo> roots,
+        std::shared_ptr<tsi::RootCertInfo> roots,
         std::optional<PemKeyCertPairList> key_cert_pairs) override;
 
     void OnError(grpc_error_handle root_cert_error,
@@ -269,12 +271,14 @@ class TlsServerSecurityConnector final : public grpc_server_security_connector {
   Mutex verifier_request_map_mu_;
   RefCountedPtr<grpc_tls_credentials_options> options_;
   grpc_tls_certificate_distributor::TlsCertificatesWatcherInterface*
-      certificate_watcher_ = nullptr;
+      root_certificate_watcher_ = nullptr;
+  grpc_tls_certificate_distributor::TlsCertificatesWatcherInterface*
+      identity_certificate_watcher_ = nullptr;
   tsi_ssl_server_handshaker_factory* server_handshaker_factory_
       ABSL_GUARDED_BY(mu_) = nullptr;
   std::optional<PemKeyCertPairList> pem_key_cert_pair_list_
       ABSL_GUARDED_BY(mu_);
-  std::shared_ptr<RootCertInfo> root_cert_info_ ABSL_GUARDED_BY(mu_);
+  std::shared_ptr<tsi::RootCertInfo> root_cert_info_ ABSL_GUARDED_BY(mu_);
   RefCountedPtr<TlsSessionKeyLogger> tls_session_key_logger_;
   std::map<grpc_closure* /*on_peer_checked*/, ServerPendingVerifierRequest*>
       pending_verifier_requests_ ABSL_GUARDED_BY(verifier_request_map_mu_);

data/src/core/credentials/transport/xds/xds_credentials.cc

@@ -30,7 +30,9 @@
 #include "src/core/credentials/transport/tls/tls_utils.h"
 #include "src/core/lib/channel/channel_args.h"
 #include "src/core/load_balancing/xds/xds_channel_args.h"
+#include "src/core/util/env.h"
 #include "src/core/util/grpc_check.h"
+#include "src/core/util/host_port.h"
 #include "src/core/util/useful.h"
 #include "src/core/xds/grpc/xds_certificate_provider.h"
 
@@ -38,6 +40,15 @@ namespace grpc_core {
 
 namespace {
 
+// TODO(mlumish): Remove this after 1.80
+bool UseChannelAuthorityIfNoSNIApplicable() {
+  auto value = GetEnv("GRPC_USE_CHANNEL_AUTHORITY_IF_NO_SNI_APPLICABLE");
+  if (!value.has_value()) return false;
+  bool parsed_value;
+  bool parse_succeeded = gpr_parse_bool_value(value->c_str(), &parsed_value);
+  return parse_succeeded && parsed_value;
+}
+
 bool XdsVerifySubjectAlternativeNames(
     const char* const* subject_alternative_names,
     size_t subject_alternative_names_size,
@@ -73,28 +84,40 @@ bool XdsVerifySubjectAlternativeNames(
 //
 
 XdsCertificateVerifier::XdsCertificateVerifier(
-    RefCountedPtr<XdsCertificateProvider> xds_certificate_provider)
-    : xds_certificate_provider_(std::move(xds_certificate_provider)) {}
+    RefCountedPtr<XdsCertificateProvider> xds_certificate_provider,
+    absl::string_view sni_name)
+    : xds_certificate_provider_(std::move(xds_certificate_provider)),
+      sni_name_(sni_name) {}
 
 bool XdsCertificateVerifier::Verify(
     grpc_tls_custom_verification_check_request* request,
     std::function<void(absl::Status)>, absl::Status* sync_status) {
   GRPC_CHECK_NE(request, nullptr);
-  if (!XdsVerifySubjectAlternativeNames(
-          request->peer_info.san_names.uri_names,
-          request->peer_info.san_names.uri_names_size,
-          xds_certificate_provider_->san_matchers()) &&
-      !XdsVerifySubjectAlternativeNames(
-          request->peer_info.san_names.ip_names,
-          request->peer_info.san_names.ip_names_size,
-          xds_certificate_provider_->san_matchers()) &&
-      !XdsVerifySubjectAlternativeNames(
-          request->peer_info.san_names.dns_names,
-          request->peer_info.san_names.dns_names_size,
-          xds_certificate_provider_->san_matchers())) {
-    *sync_status = absl::Status(
-        absl::StatusCode::kUnauthenticated,
-        "SANs from certificate did not match SANs from xDS control plane");
+  if (xds_certificate_provider_->auto_sni_san_validation()) {
+    if (!XdsVerifySubjectAlternativeNames(
+            request->peer_info.san_names.dns_names,
+            request->peer_info.san_names.dns_names_size,
+            {StringMatcher::Create(StringMatcher::Type::kExact, sni_name_, true)
+                 .value()})) {
+      *sync_status = absl::UnauthenticatedError(
+          "SANs from certificate did not match SNI from xDS control plane");
+    }
+  } else {
+    if (!XdsVerifySubjectAlternativeNames(
+            request->peer_info.san_names.uri_names,
+            request->peer_info.san_names.uri_names_size,
+            xds_certificate_provider_->san_matchers()) &&
+        !XdsVerifySubjectAlternativeNames(
+            request->peer_info.san_names.ip_names,
+            request->peer_info.san_names.ip_names_size,
+            xds_certificate_provider_->san_matchers()) &&
+        !XdsVerifySubjectAlternativeNames(
+            request->peer_info.san_names.dns_names,
+            request->peer_info.san_names.dns_names_size,
+            xds_certificate_provider_->san_matchers())) {
+      *sync_status = absl::UnauthenticatedError(
+          "SANs from certificate did not match SANs from xDS control plane");
+    }
   }
   return true;  // synchronous check
 }
@@ -105,12 +128,19 @@ void XdsCertificateVerifier::Cancel(
 int XdsCertificateVerifier::CompareImpl(
     const grpc_tls_certificate_verifier* other) const {
   auto* o = static_cast<const XdsCertificateVerifier*>(other);
+  int compare_cert_provider;
   if (xds_certificate_provider_ == nullptr ||
       o->xds_certificate_provider_ == nullptr) {
-    return QsortCompare(xds_certificate_provider_,
-                        o->xds_certificate_provider_);
+    compare_cert_provider =
+        QsortCompare(xds_certificate_provider_, o->xds_certificate_provider_);
+  } else {
+    compare_cert_provider =
+        xds_certificate_provider_->Compare(o->xds_certificate_provider_.get());
+  }
+  if (compare_cert_provider != 0) {
+    return compare_cert_provider;
   }
-  return xds_certificate_provider_->Compare(o->xds_certificate_provider_.get());
+  return sni_name_.compare(o->sni_name_);
 }
 
 UniqueTypeName XdsCertificateVerifier::type() const {
@@ -145,20 +175,33 @@ XdsCredentials::create_security_connector(
     if (watch_root || use_system_root_certs || watch_identity) {
       auto tls_credentials_options =
           MakeRefCounted<grpc_tls_credentials_options>();
-      if (watch_root || watch_identity) {
-        tls_credentials_options->set_certificate_provider(
+      if (watch_root) {
+        tls_credentials_options->set_root_certificate_provider(
+            xds_certificate_provider);
+      }
+      if (watch_identity) {
+        tls_credentials_options->set_identity_certificate_provider(
             xds_certificate_provider);
-        if (watch_root) {
-          tls_credentials_options->set_watch_root_cert(true);
-        }
-        if (watch_identity) {
-          tls_credentials_options->set_watch_identity_pair(true);
-        }
       }
       tls_credentials_options->set_verify_server_cert(true);
+      auto hostname = args->GetOwnedString(GRPC_ARG_ADDRESS_NAME);
+      if (xds_certificate_provider->auto_host_sni() && hostname.has_value()) {
+        std::string host;
+        std::string port;
+        SplitHostPort(*hostname, &host, &port);
+        tls_credentials_options->set_sni_override(host);
+      } else if (!xds_certificate_provider->sni().empty()) {
+        tls_credentials_options->set_sni_override(
+            xds_certificate_provider->sni());
+      } else {
+        if (!UseChannelAuthorityIfNoSNIApplicable()) {
+          tls_credentials_options->set_sni_override("");
+        }
+      }
       tls_credentials_options->set_certificate_verifier(
           MakeRefCounted<XdsCertificateVerifier>(
-              std::move(xds_certificate_provider)));
+              std::move(xds_certificate_provider),
+              tls_credentials_options->sni_override().value_or("")));
       tls_credentials_options->set_check_call_host(false);
       auto tls_credentials =
           MakeRefCounted<TlsCredentials>(std::move(tls_credentials_options));
@@ -188,10 +231,11 @@ XdsServerCredentials::create_security_connector(const ChannelArgs& args) {
       xds_certificate_provider->ProvidesIdentityCerts()) {
     auto tls_credentials_options =
         MakeRefCounted<grpc_tls_credentials_options>();
-    tls_credentials_options->set_watch_identity_pair(true);
-    tls_credentials_options->set_certificate_provider(xds_certificate_provider);
+    tls_credentials_options->set_identity_certificate_provider(
+        xds_certificate_provider);
     if (xds_certificate_provider->ProvidesRootCerts()) {
-      tls_credentials_options->set_watch_root_cert(true);
+      tls_credentials_options->set_root_certificate_provider(
+          xds_certificate_provider);
       tls_credentials_options->set_cert_request_type(
           xds_certificate_provider->require_client_certificate()
               ? GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY

data/src/core/credentials/transport/xds/xds_credentials.h

@@ -44,8 +44,9 @@ namespace grpc_core {
 
 class XdsCertificateVerifier : public grpc_tls_certificate_verifier {
  public:
-  explicit XdsCertificateVerifier(
-      RefCountedPtr<XdsCertificateProvider> xds_certificate_provider);
+  XdsCertificateVerifier(
+      RefCountedPtr<XdsCertificateProvider> xds_certificate_provider,
+      absl::string_view sni_name);
 
   bool Verify(grpc_tls_custom_verification_check_request* request,
               std::function<void(absl::Status)>,
@@ -58,6 +59,7 @@ class XdsCertificateVerifier : public grpc_tls_certificate_verifier {
   int CompareImpl(const grpc_tls_certificate_verifier* other) const override;
 
   RefCountedPtr<XdsCertificateProvider> xds_certificate_provider_;
+  std::string sni_name_;
 };
 
 class XdsCredentials final : public grpc_channel_credentials {

data/src/core/ext/filters/fault_injection/fault_injection_filter.cc

@@ -34,6 +34,7 @@
 #include "src/core/ext/filters/fault_injection/fault_injection_service_config_parser.h"
 #include "src/core/lib/channel/channel_stack.h"
 #include "src/core/lib/debug/trace.h"
+#include "src/core/lib/experiments/experiments.h"
 #include "src/core/lib/promise/context.h"
 #include "src/core/lib/promise/sleep.h"
 #include "src/core/lib/promise/try_seq.h"
@@ -50,6 +51,63 @@
 
 namespace grpc_core {
 
+bool FaultInjectionFilter::Config::Equals(const FilterConfig& other) const {
+  const auto& o = DownCast<const Config&>(other);
+  return abort_code == o.abort_code && abort_message == o.abort_message &&
+         abort_code_header == o.abort_code_header &&
+         abort_percentage_header == o.abort_percentage_header &&
+         delay == o.delay && delay_header == o.delay_header &&
+         delay_percentage_header == o.delay_percentage_header &&
+         delay_percentage_numerator == o.delay_percentage_numerator &&
+         delay_percentage_denominator == o.delay_percentage_denominator &&
+         max_faults == o.max_faults;
+}
+
+std::string FaultInjectionFilter::Config::ToString() const {
+  std::vector<std::string> parts;
+  if (abort_code != GRPC_STATUS_OK || !abort_code_header.empty()) {
+    if (abort_code != GRPC_STATUS_OK) {
+      parts.push_back(
+          absl::StrCat("abort_code=", grpc_status_code_to_string(abort_code)));
+    }
+    if (!abort_code_header.empty()) {
+      parts.push_back(
+          absl::StrCat("abort_code_header=\"", abort_code_header, "\""));
+    }
+    parts.push_back(absl::StrCat("abort_message=\"", abort_message, "\""));
+    if (!abort_percentage_header.empty()) {
+      parts.push_back(absl::StrCat("abort_percentage_header=\"",
+                                   abort_percentage_header, "\""));
+    }
+    if (abort_percentage_numerator > 0) {
+      parts.push_back(absl::StrCat("abort_percentage_numerator=",
+                                   abort_percentage_numerator));
+      parts.push_back(absl::StrCat("abort_percentage_denominator=",
+                                   abort_percentage_denominator));
+    }
+  }
+  if (delay != Duration::Zero() || !delay_header.empty()) {
+    if (delay != Duration::Zero()) {
+      parts.push_back(absl::StrCat("delay=", delay.ToString()));
+    }
+    if (!delay_header.empty()) {
+      parts.push_back(absl::StrCat("delay_header=\"", delay_header, "\""));
+    }
+    if (!delay_percentage_header.empty()) {
+      parts.push_back(absl::StrCat("delay_percentage_header=\"",
+                                   delay_percentage_header, "\""));
+    }
+    if (delay_percentage_numerator > 0) {
+      parts.push_back(absl::StrCat("delay_percentage_numerator=",
+                                   delay_percentage_numerator));
+      parts.push_back(absl::StrCat("delay_percentage_denominator=",
+                                   delay_percentage_denominator));
+    }
+  }
+  parts.push_back(absl::StrCat("max_faults=", max_faults));
+  return absl::StrCat("{", absl::StrJoin(parts, ", "), "}");
+}
+
 namespace {
 
 std::atomic<uint32_t> g_active_faults{0};
@@ -128,13 +186,24 @@ class FaultInjectionFilter::InjectionDecision {
 absl::StatusOr<std::unique_ptr<FaultInjectionFilter>>
 FaultInjectionFilter::Create(const ChannelArgs&,
                              ChannelFilter::Args filter_args) {
+  if (IsXdsChannelFilterChainPerRouteEnabled()) {
+    if (filter_args.config() == nullptr) {
+      return absl::InternalError("no config passed to fault injection filter");
+    }
+    if (filter_args.config()->type() != Config::Type()) {
+      return absl::InternalError(
+          absl::StrCat("wrong config type passed to fault injection filter: ",
+                       filter_args.config()->type().name()));
+    }
+  }
   return std::make_unique<FaultInjectionFilter>(filter_args);
 }
 
 FaultInjectionFilter::FaultInjectionFilter(ChannelFilter::Args filter_args)
     : index_(filter_args.instance_id()),
       service_config_parser_index_(
-          FaultInjectionServiceConfigParser::ParserIndex()) {}
+          FaultInjectionServiceConfigParser::ParserIndex()),
+      config_(filter_args.config().TakeAsSubclass<const Config>()) {}
 
 // Construct a promise for one call.
 ArenaPromise<absl::Status> FaultInjectionFilter::Call::OnClientInitialMetadata(
@@ -152,62 +221,75 @@ ArenaPromise<absl::Status> FaultInjectionFilter::Call::OnClientInitialMetadata(
 FaultInjectionFilter::InjectionDecision
 FaultInjectionFilter::MakeInjectionDecision(
     const ClientMetadata& initial_metadata) {
-  // Fetch the fault injection policy from the service config, based on the
-  // relative index for which policy should this CallData use.
-  auto* service_config_call_data = GetContext<ServiceConfigCallData>();
-  auto* method_params = static_cast<FaultInjectionMethodParsedConfig*>(
-      service_config_call_data->GetMethodParsedConfig(
-          service_config_parser_index_));
-  const FaultInjectionMethodParsedConfig::FaultInjectionPolicy* fi_policy =
-      nullptr;
-  if (method_params != nullptr) {
-    fi_policy = method_params->fault_injection_policy(index_);
+  if (!IsXdsChannelFilterChainPerRouteEnabled()) {
+    // Fetch the fault injection policy from the service config, based on the
+    // relative index for which policy should this CallData use.
+    auto* service_config_call_data = GetContext<ServiceConfigCallData>();
+    auto* method_params = static_cast<FaultInjectionMethodParsedConfig*>(
+        service_config_call_data->GetMethodParsedConfig(
+            service_config_parser_index_));
+    const FaultInjectionMethodParsedConfig::FaultInjectionPolicy* fi_policy =
+        nullptr;
+    if (method_params != nullptr) {
+      fi_policy = method_params->fault_injection_policy(index_);
+    }
+    // Shouldn't ever be null, but just in case, return a no-op decision.
+    if (fi_policy == nullptr) {
+      return InjectionDecision(/*max_faults=*/0,
+                               /*delay_time=*/Duration::Zero(),
+                               /*abort_request=*/std::nullopt);
+    }
+    return MakeInjectionDecision(initial_metadata, *fi_policy);
   }
-
   // Shouldn't ever be null, but just in case, return a no-op decision.
-  if (fi_policy == nullptr) {
+  if (config_ == nullptr) {
     return InjectionDecision(/*max_faults=*/0, /*delay_time=*/Duration::Zero(),
                              /*abort_request=*/std::nullopt);
   }
+  return MakeInjectionDecision(initial_metadata, *config_);
+}
 
-  grpc_status_code abort_code = fi_policy->abort_code;
-  uint32_t abort_percentage_numerator = fi_policy->abort_percentage_numerator;
-  uint32_t delay_percentage_numerator = fi_policy->delay_percentage_numerator;
-  Duration delay = fi_policy->delay;
+template <typename T>
+FaultInjectionFilter::InjectionDecision
+FaultInjectionFilter::MakeInjectionDecision(
+    const ClientMetadata& initial_metadata, const T& config) {
+  grpc_status_code abort_code = config.abort_code;
+  uint32_t abort_percentage_numerator = config.abort_percentage_numerator;
+  uint32_t delay_percentage_numerator = config.delay_percentage_numerator;
+  Duration delay = config.delay;
 
   // Update the policy with values in initial metadata.
-  if (!fi_policy->abort_code_header.empty() ||
-      !fi_policy->abort_percentage_header.empty() ||
-      !fi_policy->delay_header.empty() ||
-      !fi_policy->delay_percentage_header.empty()) {
+  if (!config.abort_code_header.empty() ||
+      !config.abort_percentage_header.empty() || !config.delay_header.empty() ||
+      !config.delay_percentage_header.empty()) {
     std::string buffer;
-    if (!fi_policy->abort_code_header.empty() && abort_code == GRPC_STATUS_OK) {
-      auto value = initial_metadata.GetStringValue(fi_policy->abort_code_header,
-                                                   &buffer);
+    if (!config.abort_code_header.empty() && abort_code == GRPC_STATUS_OK) {
+      auto value =
+          initial_metadata.GetStringValue(config.abort_code_header, &buffer);
       if (value.has_value()) {
         grpc_status_code_from_int(
             AsInt<int>(*value).value_or(GRPC_STATUS_UNKNOWN), &abort_code);
       }
     }
-    if (!fi_policy->abort_percentage_header.empty()) {
+    if (!config.abort_percentage_header.empty()) {
       auto value = initial_metadata.GetStringValue(
-          fi_policy->abort_percentage_header, &buffer);
+          config.abort_percentage_header, &buffer);
       if (value.has_value()) {
         abort_percentage_numerator = std::min(
             AsInt<uint32_t>(*value).value_or(-1), abort_percentage_numerator);
       }
     }
-    if (!fi_policy->delay_header.empty() && delay == Duration::Zero()) {
+    if (!config.delay_header.empty() && delay == Duration::Zero()) {
       auto value =
-          initial_metadata.GetStringValue(fi_policy->delay_header, &buffer);
+          initial_metadata.GetStringValue(config.delay_header, &buffer);
       if (value.has_value()) {
         delay = Duration::Milliseconds(
             std::max(AsInt<int64_t>(*value).value_or(0), int64_t{0}));
       }
     }
-    if (!fi_policy->delay_percentage_header.empty()) {
+    if (!config.delay_percentage_header.empty()) {
       auto value = initial_metadata.GetStringValue(
-          fi_policy->delay_percentage_header, &buffer);
+          config.delay_percentage_header, &buffer);
       if (value.has_value()) {
         delay_percentage_numerator = std::min(
             AsInt<uint32_t>(*value).value_or(-1), delay_percentage_numerator);
@@ -222,20 +304,20 @@ FaultInjectionFilter::MakeInjectionDecision(
     if (delay_request) {
       delay_request =
           UnderFraction(&delay_rand_generator_, delay_percentage_numerator,
-                        fi_policy->delay_percentage_denominator);
+                        config.delay_percentage_denominator);
     }
     if (abort_request) {
       abort_request =
           UnderFraction(&abort_rand_generator_, abort_percentage_numerator,
-                        fi_policy->abort_percentage_denominator);
+                        config.abort_percentage_denominator);
     }
   }
 
   return InjectionDecision(
-      fi_policy->max_faults, delay_request ? delay : Duration::Zero(),
+      config.max_faults, delay_request ? delay : Duration::Zero(),
       abort_request ? std::optional<absl::Status>(absl::Status(
                           static_cast<absl::StatusCode>(abort_code),
-                          fi_policy->abort_message))
+                          config.abort_message))
                     : std::nullopt);
 }
 
@@ -264,7 +346,7 @@ std::string FaultInjectionFilter::InjectionDecision::ToString() const {
                       " abort=", abort_request_.has_value());
 }
 
-const grpc_channel_filter FaultInjectionFilter::kFilter =
+const grpc_channel_filter FaultInjectionFilter::kFilterVtable =
     MakePromiseBasedFilter<FaultInjectionFilter, FilterEndpoint::kClient>();
 
 void FaultInjectionFilterRegister(CoreConfiguration::Builder* builder) {

data/src/core/ext/filters/fault_injection/fault_injection_filter.h

@@ -17,11 +17,11 @@
 #ifndef GRPC_SRC_CORE_EXT_FILTERS_FAULT_INJECTION_FAULT_INJECTION_FILTER_H
 #define GRPC_SRC_CORE_EXT_FILTERS_FAULT_INJECTION_FAULT_INJECTION_FILTER_H
 
-#include <grpc/support/port_platform.h>
 #include <stddef.h>
 
 #include <memory>
 
+#include "src/core/filter/filter_args.h"
 #include "src/core/lib/channel/channel_args.h"
 #include "src/core/lib/channel/channel_fwd.h"
 #include "src/core/lib/channel/promise_based_filter.h"
@@ -41,7 +41,37 @@ namespace grpc_core {
 class FaultInjectionFilter
     : public ImplementChannelFilter<FaultInjectionFilter> {
  public:
-  static const grpc_channel_filter kFilter;
+  // TODO(roth): The config structure here does not map cleanly to the
+  // xDS representation, and I suspect that we are not handling all of
+  // the edge cases correctly (e.g., abort_code=OK).  When we have time,
+  // restructure this.
+  struct Config : public FilterConfig {
+    static UniqueTypeName Type() {
+      return GRPC_UNIQUE_TYPE_NAME_HERE("fault_injection_filter_config");
+    }
+    UniqueTypeName type() const override { return Type(); }
+
+    bool Equals(const FilterConfig& other) const override;
+    std::string ToString() const override;
+
+    grpc_status_code abort_code = GRPC_STATUS_OK;
+    std::string abort_message = "Fault injected";
+    std::string abort_code_header;
+    std::string abort_percentage_header;
+    uint32_t abort_percentage_numerator = 0;
+    uint32_t abort_percentage_denominator = 100;
+
+    Duration delay;
+    std::string delay_header;
+    std::string delay_percentage_header;
+    uint32_t delay_percentage_numerator = 0;
+    uint32_t delay_percentage_denominator = 100;
+
+    // By default, the max allowed active faults are unlimited.
+    uint32_t max_faults = std::numeric_limits<uint32_t>::max();
+  };
+
+  static const grpc_channel_filter kFilterVtable;
 
   static absl::string_view TypeName() { return "fault_injection_filter"; }
 
@@ -68,12 +98,20 @@ class FaultInjectionFilter
 
  private:
   class InjectionDecision;
+
   InjectionDecision MakeInjectionDecision(
       const ClientMetadata& initial_metadata);
 
-  // The relative index of instances of the same filter.
-  size_t index_;
+  // TODO(roth): Remove this method and these data members as part of
+  // removing the xds_channel_filter_chain_per_route experiment.
+  template <typename T>
+  InjectionDecision MakeInjectionDecision(
+      const ClientMetadata& initial_metadata, const T& config);
+  size_t index_;  // The relative index of instances of the same filter.
   const size_t service_config_parser_index_;
+
+  const RefCountedPtr<const Config> config_;
+
   Mutex mu_;
   absl::InsecureBitGen abort_rand_generator_ ABSL_GUARDED_BY(mu_);
   absl::InsecureBitGen delay_rand_generator_ ABSL_GUARDED_BY(mu_);