From 787d32b2f50d71a4772875d8488ec926a71bfcdf Mon Sep 17 00:00:00 2001 From: Teju Nareddy Date: Tue, 12 Mar 2024 15:28:21 -0500 Subject: [PATCH 01/29] Code changes Signed-off-by: Teju Nareddy --- .../proxy_protocol/v3/proxy_protocol.proto | 15 + .../listener/proxy_protocol/proxy_protocol.cc | 104 ++++- .../listener/proxy_protocol/proxy_protocol.h | 57 ++- .../proxy_protocol/proxy_protocol_test.cc | 381 +++++++++++++++++- 4 files changed, 538 insertions(+), 19 deletions(-) diff --git a/api/envoy/extensions/filters/listener/proxy_protocol/v3/proxy_protocol.proto b/api/envoy/extensions/filters/listener/proxy_protocol/v3/proxy_protocol.proto index 4431d5463932..40978fe9866e 100644 --- a/api/envoy/extensions/filters/listener/proxy_protocol/v3/proxy_protocol.proto +++ b/api/envoy/extensions/filters/listener/proxy_protocol/v3/proxy_protocol.proto @@ -70,4 +70,19 @@ message ProxyProtocol { // :ref:`core.v3.ProxyProtocolConfig.pass_through_tlvs `, // which controls pass-through for the upstream. config.core.v3.ProxyProtocolPassThroughTLVs pass_through_tlvs = 3; + + // The PROXY protocol versions to match. See https://www.haproxy.org/download/2.1/doc/proxy-protocol.txt for details. + // By default, the filter will match any version. + // + // When the filter receives PROXY protocol data that does not match the specified versions, + // it will reject the connection. + // + // .. attention:: + // + // When used in conjunction with the :ref:`extensions.filters.listener.proxy_protocol.v3.ProxyProtocol.allow_requests_without_proxy_protocol `, + // the filter will only attempt to match signatures for the allowed versions. + // For example, when `allowed_versions=V1`, `allow_requests_without_proxy_protocol=true`, and an incoming request matches + // the V2 signature, the filter will allow the request through as if it did not contain + // PROXY protocol information. + repeated config.core.v3.ProxyProtocolConfig.Version allowed_versions = 4; } diff --git a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc index 265eb570a0b3..72fdbcad6985 100644 --- a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc +++ b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc @@ -13,6 +13,7 @@ #include "envoy/event/dispatcher.h" #include "envoy/network/listen_socket.h" #include "envoy/stats/scope.h" +#include "envoy/stats/stats_macros.h" #include "source/common/api/os_sys_calls_impl.h" #include "source/common/common/assert.h" @@ -42,16 +43,48 @@ using Envoy::Extensions::Common::ProxyProtocol::PROXY_PROTO_V2_SIGNATURE_LEN; using Envoy::Extensions::Common::ProxyProtocol::PROXY_PROTO_V2_TRANSPORT_DGRAM; using Envoy::Extensions::Common::ProxyProtocol::PROXY_PROTO_V2_TRANSPORT_STREAM; using Envoy::Extensions::Common::ProxyProtocol::PROXY_PROTO_V2_VERSION; +using envoy::config::core::v3::ProxyProtocolConfig; namespace Envoy { namespace Extensions { namespace ListenerFilters { namespace ProxyProtocol { +constexpr absl::string_view kVersionedStatsPrefix = "downstream_cx_proxy_proto."; + +ProxyProtocolStats ProxyProtocolStats::create(Stats::Scope &scope) { + return { + /*general_stats_=*/{GENERAL_PROXY_PROTOCOL_STATS(POOL_COUNTER(scope))}, + /*unknown_=*/{VERSIONED_PROXY_PROTOCOL_STATS(POOL_COUNTER_PREFIX(scope, absl::StrCat(kVersionedStatsPrefix, "unknown.")))}, + /*v1_=*/{VERSIONED_PROXY_PROTOCOL_STATS(POOL_COUNTER_PREFIX(scope, absl::StrCat(kVersionedStatsPrefix, "v1.")))}, + /*v2_=*/{VERSIONED_PROXY_PROTOCOL_STATS(POOL_COUNTER_PREFIX(scope, absl::StrCat(kVersionedStatsPrefix, "v2.")))}, + }; +} + +void VersionedProxyProtocolStats::increment(ReadOrParseState decision) { + switch (decision) { + case ReadOrParseState::Done: + allowed_.inc(); + break; + case ReadOrParseState::TryAgainLater: + // Do nothing. + break; + case ReadOrParseState::Error: + error_.inc(); + break; + case ReadOrParseState::SkipFilter: + allowed_.inc(); + break; + case ReadOrParseState::Denied: + denied_.inc(); + break; + } +} + Config::Config( Stats::Scope& scope, const envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol& proto_config) - : stats_{ALL_PROXY_PROTOCOL_STATS(POOL_COUNTER(scope))}, + : stats_(ProxyProtocolStats::create(scope)), allow_requests_without_proxy_protocol_(proto_config.allow_requests_without_proxy_protocol()), pass_all_tlvs_(proto_config.has_pass_through_tlvs() ? proto_config.pass_through_tlvs().match_type() == @@ -67,6 +100,25 @@ Config::Config( pass_through_tlvs_.insert(0xFF & tlv_type); } } + + if (proto_config.allowed_versions().empty()) { + ENVOY_LOG(info, "No allowed_versions specified, allowing all PROXY protocol versions."); + allow_v1_ = true; + allow_v2_ = true; + } else { + for (const auto& version : proto_config.allowed_versions()) { + switch (version) { + case ProxyProtocolConfig::V1: + allow_v1_ = true; + break; + case ProxyProtocolConfig::V2: + allow_v2_ = true; + break; + default: + throw EnvoyException(absl::StrCat("Unknown proxy protocol version (enum int cast): ", version)); + } + } + } } const KeyValuePair* Config::isTlvTypeNeeded(uint8_t type) const { @@ -87,8 +139,27 @@ bool Config::isPassThroughTlvTypeNeeded(uint8_t tlv_type) const { size_t Config::numberOfNeededTlvTypes() const { return tlv_types_.size(); } -bool Config::allowRequestsWithoutProxyProtocol() const { - return allow_requests_without_proxy_protocol_; +bool Config::isVersionAllowed(ProxyProtocolVersion version) const { + switch (version) { + case Unknown: + return allow_requests_without_proxy_protocol_; + case ProxyProtocolVersion::V1: + return allow_v1_; + case ProxyProtocolVersion::V2: + return allow_v2_; + } +} + +VersionedProxyProtocolStats& Config::versionToStatsStruct(ProxyProtocolVersion version) { + switch (version) { + case Unknown: + return stats_.unknown_; + case ProxyProtocolVersion::V1: + return stats_.v1_; + case ProxyProtocolVersion::V2: + return stats_.v2_; + } + return stats_.unknown_; // Should never happen. } Network::FilterStatus Filter::onAccept(Network::ListenerFilterCallbacks& cb) { @@ -99,10 +170,17 @@ Network::FilterStatus Filter::onAccept(Network::ListenerFilterCallbacks& cb) { } Network::FilterStatus Filter::onData(Network::ListenerFilterBuffer& buffer) { - const ReadOrParseState read_state = parseBuffer(buffer); + const ReadOrParseState read_state = parseBuffer(buffer); // Implicitly updates proxy_protocol_version_ + + VersionedProxyProtocolStats& versioned_stats = config_->versionToStatsStruct(header_version_); + versioned_stats.increment(read_state); + switch (read_state) { + case ReadOrParseState::Denied: + cb_->socket().ioHandle().close(); + return Network::FilterStatus::StopIteration; case ReadOrParseState::Error: - config_->stats_.downstream_cx_proxy_proto_error_.inc(); + config_->stats_.general_stats_.downstream_cx_proxy_proto_error_.inc(); // Keep for backwards-compatibility cb_->socket().ioHandle().close(); return Network::FilterStatus::StopIteration; case ReadOrParseState::TryAgainLater: @@ -497,10 +575,12 @@ ReadOrParseState Filter::readProxyHeader(Network::ListenerFilterBuffer& buffer) auto raw_slice = buffer.rawSlice(); const char* buf = static_cast(raw_slice.mem_); - if (config_.get()->allowRequestsWithoutProxyProtocol()) { - auto matchv2 = !memcmp(buf, PROXY_PROTO_V2_SIGNATURE, + if (config_->isVersionAllowed(ProxyProtocolVersion::Unknown)) { + auto matchv2 = config_->isVersionAllowed(ProxyProtocolVersion::V2) + && !memcmp(buf, PROXY_PROTO_V2_SIGNATURE, std::min(PROXY_PROTO_V2_SIGNATURE_LEN, raw_slice.len_)); - auto matchv1 = !memcmp(buf, PROXY_PROTO_V1_SIGNATURE, + auto matchv1 = config_->isVersionAllowed(ProxyProtocolVersion::V1) + && !memcmp(buf, PROXY_PROTO_V1_SIGNATURE, std::min(PROXY_PROTO_V1_SIGNATURE_LEN, raw_slice.len_)); if (!matchv2 && !matchv1) { // The bytes we have seen so far do not match v1 or v2 proxy protocol, so we can safely @@ -522,6 +602,10 @@ ReadOrParseState Filter::readProxyHeader(Network::ListenerFilterBuffer& buffer) } if (header_version_ == V2) { + if (!config_->isVersionAllowed(ProxyProtocolVersion::V2)) { + ENVOY_LOG(trace, "Filter is not configured to allow v2 proxy protocol requests"); + return ReadOrParseState::Denied; + } const int ver_cmd = buf[PROXY_PROTO_V2_SIGNATURE_LEN]; if (((ver_cmd & 0xf0) >> 4) != PROXY_PROTO_V2_VERSION) { ENVOY_LOG(debug, "Unsupported V2 proxy protocol version"); @@ -572,6 +656,10 @@ ReadOrParseState Filter::readProxyHeader(Network::ListenerFilterBuffer& buffer) } if (header_version_ == V1) { + if (!config_->isVersionAllowed(ProxyProtocolVersion::V1)) { + ENVOY_LOG(trace, "Filter is not configured to allow v1 proxy protocol requests"); + return ReadOrParseState::Denied; + } if (parseV1Header(buf, search_index_)) { return ReadOrParseState::Done; } else { diff --git a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.h b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.h index 228dc6f366fb..81fd1cf130da 100644 --- a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.h +++ b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.h @@ -23,19 +23,54 @@ namespace ProxyProtocol { using KeyValuePair = envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol::KeyValuePair; +enum ProxyProtocolVersion { Unknown = 0, V1 = 1, V2 = 2 }; + +enum class ReadOrParseState { Done, TryAgainLater, Error, SkipFilter, Denied }; + /** - * All stats for the proxy protocol. @see stats_macros.h + * Non-versioned general stats for the filter. + * Kept for backwards compatibility. + * @see stats_macros.h */ // clang-format off -#define ALL_PROXY_PROTOCOL_STATS(COUNTER) \ +#define GENERAL_PROXY_PROTOCOL_STATS(COUNTER) \ COUNTER(downstream_cx_proxy_proto_error) // clang-format on +struct GeneralProxyProtocolStats { + GENERAL_PROXY_PROTOCOL_STATS(GENERATE_COUNTER_STRUCT) +}; + +/** + * Stats reported for each version of the proxy protocol. + * @see stats_macros.h + */ +// clang-format off +#define VERSIONED_PROXY_PROTOCOL_STATS(COUNTER) \ + COUNTER(allowed) \ + COUNTER(denied) \ + COUNTER(error) +// clang-format on + +struct VersionedProxyProtocolStats { + VERSIONED_PROXY_PROTOCOL_STATS(GENERATE_COUNTER_STRUCT) + + /** + * Increment the stats for the given filter decision. + */ + void increment(ReadOrParseState decision); +}; + /** * Definition of all stats for the proxy protocol. @see stats_macros.h */ struct ProxyProtocolStats { - ALL_PROXY_PROTOCOL_STATS(GENERATE_COUNTER_STRUCT) + GeneralProxyProtocolStats general_stats_; + VersionedProxyProtocolStats unknown_; + VersionedProxyProtocolStats v1_; + VersionedProxyProtocolStats v2_; + + static ProxyProtocolStats create(Stats::Scope& scope); }; /** @@ -66,24 +101,26 @@ class Config : public Logger::Loggable { bool isPassThroughTlvTypeNeeded(uint8_t type) const; /** - * Filter configuration that determines if we should pass-through requests without - * proxy protocol. Should only be configured to true for trusted downstreams. + * Return true if the given PROXY protocol version should be parsed by the filter. */ - bool allowRequestsWithoutProxyProtocol() const; + bool isVersionAllowed(ProxyProtocolVersion version) const; + + /** + * Return the stats for the given PROXY protocol version. + */ + VersionedProxyProtocolStats& versionToStatsStruct(ProxyProtocolVersion version); private: absl::flat_hash_map tlv_types_; const bool allow_requests_without_proxy_protocol_; const bool pass_all_tlvs_; absl::flat_hash_set pass_through_tlvs_{}; + bool allow_v1_{false}; + bool allow_v2_{false}; }; using ConfigSharedPtr = std::shared_ptr; -enum ProxyProtocolVersion { Unknown = 0, V1 = 1, V2 = 2 }; - -enum class ReadOrParseState { Done, TryAgainLater, Error, SkipFilter }; - /** * Implementation the PROXY Protocol listener filter * (https://github.com/haproxy/haproxy/blob/master/doc/proxy-protocol.txt) diff --git a/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc b/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc index 26f55921fa3e..5e0ddb61355e 100644 --- a/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc +++ b/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc @@ -35,6 +35,7 @@ #include "gtest/gtest.h" using envoy::config::core::v3::ProxyProtocolPassThroughTLVs; +using envoy::config::core::v3::ProxyProtocolConfig; using Envoy::Extensions::Common::ProxyProtocol::PROXY_PROTO_V1_SIGNATURE_LEN; using Envoy::Extensions::Common::ProxyProtocol::PROXY_PROTO_V2_SIGNATURE_LEN; using testing::_; @@ -242,6 +243,7 @@ TEST_P(ProxyProtocolTest, V1UnsupportedIPv4) { Cleanup cleaner = Network::Address::Ipv4Instance::forceProtocolUnsupportedForTest(true); write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, V1UnsupportedIPv6) { @@ -249,6 +251,7 @@ TEST_P(ProxyProtocolTest, V1UnsupportedIPv6) { Cleanup cleaner = Network::Address::Ipv6Instance::forceProtocolUnsupportedForTest(true); write("PROXY TCP6 1:2:3::4 5:6::7:8 65535 1234\r\nmore data"); expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, V1Basic) { @@ -262,6 +265,7 @@ TEST_P(ProxyProtocolTest, V1Basic) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.allowed").value(), 1); } TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocol) { @@ -279,6 +283,7 @@ TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocol) { write(msg); expectData(msg); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.unknown.allowed").value(), 1); } TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocolPartialMatchesV1First) { @@ -298,6 +303,7 @@ TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocolPartialMatchesV1First) { write(msg); expectData(msg); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.unknown.allowed").value(), 1); } TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocolPartialMatchesV2First) { @@ -317,6 +323,7 @@ TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocolPartialMatchesV2First) { write(msg); expectData(msg); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.unknown.allowed").value(), 1); } TEST_P(ProxyProtocolTest, AllowLargeNoProxyProtocol) { @@ -334,6 +341,7 @@ TEST_P(ProxyProtocolTest, AllowLargeNoProxyProtocol) { write(msg); expectData(msg); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.unknown.allowed").value(), 1); } TEST_P(ProxyProtocolTest, V1Minimal) { @@ -352,6 +360,7 @@ TEST_P(ProxyProtocolTest, V1Minimal) { EXPECT_FALSE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.allowed").value(), 1); } TEST_P(ProxyProtocolTest, V2Basic) { @@ -370,6 +379,7 @@ TEST_P(ProxyProtocolTest, V2Basic) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); } TEST_P(ProxyProtocolTest, BasicV6) { @@ -383,6 +393,7 @@ TEST_P(ProxyProtocolTest, BasicV6) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.allowed").value(), 1); } TEST_P(ProxyProtocolTest, V2BasicV6) { @@ -403,6 +414,7 @@ TEST_P(ProxyProtocolTest, V2BasicV6) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); } TEST_P(ProxyProtocolTest, V2UnsupportedIPv4) { @@ -416,6 +428,7 @@ TEST_P(ProxyProtocolTest, V2UnsupportedIPv4) { Cleanup cleaner = Network::Address::Ipv4Instance::forceProtocolUnsupportedForTest(true); write(buffer, sizeof(buffer)); expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2UnsupportedIPv6) { @@ -431,6 +444,7 @@ TEST_P(ProxyProtocolTest, V2UnsupportedIPv6) { Cleanup cleaner = Network::Address::Ipv6Instance::forceProtocolUnsupportedForTest(true); write(buffer, sizeof(buffer)); expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2UnsupportedAF) { @@ -443,6 +457,7 @@ TEST_P(ProxyProtocolTest, V2UnsupportedAF) { write(buffer, sizeof(buffer)); expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, ErrorRecv_2) { @@ -625,6 +640,7 @@ TEST_P(ProxyProtocolTest, V2NotLocalOrOnBehalf) { write(buffer, sizeof(buffer)); expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2LocalConnection) { @@ -646,6 +662,7 @@ TEST_P(ProxyProtocolTest, V2LocalConnection) { } EXPECT_FALSE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); } TEST_P(ProxyProtocolTest, V2LocalConnectionExtension) { @@ -667,6 +684,7 @@ TEST_P(ProxyProtocolTest, V2LocalConnectionExtension) { } EXPECT_FALSE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); } TEST_P(ProxyProtocolTest, V2LocalConnectionFilterState) { @@ -695,6 +713,7 @@ TEST_P(ProxyProtocolTest, V2LocalConnectionFilterState) { } EXPECT_FALSE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); } TEST_P(ProxyProtocolTest, V2ShortV4) { @@ -706,6 +725,7 @@ TEST_P(ProxyProtocolTest, V2ShortV4) { write(buffer, sizeof(buffer)); expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ShortV4WithAllowNoProxyProtocol) { @@ -719,6 +739,7 @@ TEST_P(ProxyProtocolTest, V2ShortV4WithAllowNoProxyProtocol) { write(buffer, sizeof(buffer)); expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ShortAddrV4) { @@ -731,6 +752,7 @@ TEST_P(ProxyProtocolTest, V2ShortAddrV4) { write(buffer, sizeof(buffer)); expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ShortV6) { @@ -743,6 +765,7 @@ TEST_P(ProxyProtocolTest, V2ShortV6) { write(buffer, sizeof(buffer)); expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ShortAddrV6) { @@ -757,6 +780,7 @@ TEST_P(ProxyProtocolTest, V2ShortAddrV6) { write(buffer, sizeof(buffer)); expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2AF_UNIX) { @@ -769,6 +793,7 @@ TEST_P(ProxyProtocolTest, V2AF_UNIX) { write(buffer, sizeof(buffer)); expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2BadCommand) { @@ -781,6 +806,7 @@ TEST_P(ProxyProtocolTest, V2BadCommand) { write(buffer, sizeof(buffer)); expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2WrongVersion) { @@ -792,6 +818,7 @@ TEST_P(ProxyProtocolTest, V2WrongVersion) { connect(false); write(buffer, sizeof(buffer)); expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V1TooLong) { @@ -802,6 +829,8 @@ TEST_P(ProxyProtocolTest, V1TooLong) { write(buffer, sizeof(buffer)); } expectProxyProtoError(); + // Not tracked as v1 due to missing /r/n at end + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.unknown.error").value(), 1); } TEST_P(ProxyProtocolTest, V1TooLongWithAllowNoProxyProtocol) { @@ -814,6 +843,11 @@ TEST_P(ProxyProtocolTest, V1TooLongWithAllowNoProxyProtocol) { write(buffer, sizeof(buffer)); } expectProxyProtoError(); + // Not allowed as unknown because of PROXY v1 signature match. + // Not tracked as v1 due to missing /r/n at end. + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 0); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.unknown.allowed").value(), 0); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.unknown.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ParseExtensions) { @@ -834,6 +868,7 @@ TEST_P(ProxyProtocolTest, V2ParseExtensions) { write(data, sizeof(data)); expectData("DATA"); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); } TEST_P(ProxyProtocolTest, V2ParseExtensionsRecvError) { @@ -961,6 +996,7 @@ TEST_P(ProxyProtocolTest, V2ParseExtensionsFrag) { write(data, sizeof(data)); expectData("DATA"); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); } TEST_P(ProxyProtocolTest, Fragmented) { @@ -982,6 +1018,7 @@ TEST_P(ProxyProtocolTest, Fragmented) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.allowed").value(), 1); } TEST_P(ProxyProtocolTest, V2Fragmented1) { @@ -1004,6 +1041,7 @@ TEST_P(ProxyProtocolTest, V2Fragmented1) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); } TEST_P(ProxyProtocolTest, V2Fragmented2) { @@ -1026,6 +1064,7 @@ TEST_P(ProxyProtocolTest, V2Fragmented2) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); } TEST_P(ProxyProtocolTest, V2Fragmented3) { @@ -1050,6 +1089,7 @@ TEST_P(ProxyProtocolTest, V2Fragmented3) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); } TEST_P(ProxyProtocolTest, V2Fragmented4Error) { @@ -1291,6 +1331,7 @@ TEST_P(ProxyProtocolTest, PartialRead) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.allowed").value(), 1); } TEST_P(ProxyProtocolTest, PartialV1ReadWithAllowNoProxyProtocol) { @@ -1312,6 +1353,7 @@ TEST_P(ProxyProtocolTest, PartialV1ReadWithAllowNoProxyProtocol) { "254.254.254.254"); EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.allowed").value(), 1); } TEST_P(ProxyProtocolTest, TinyPartialV1ReadWithAllowNoProxyProtocol) { @@ -1337,6 +1379,7 @@ TEST_P(ProxyProtocolTest, TinyPartialV1ReadWithAllowNoProxyProtocol) { "254.254.254.254"); EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.allowed").value(), 1); } TEST_P(ProxyProtocolTest, V2PartialRead) { @@ -1362,6 +1405,7 @@ TEST_P(ProxyProtocolTest, V2PartialRead) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); } TEST_P(ProxyProtocolTest, PartialV2ReadWithAllowNoProxyProtocol) { @@ -1391,6 +1435,7 @@ TEST_P(ProxyProtocolTest, PartialV2ReadWithAllowNoProxyProtocol) { "1.2.3.4"); EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); } TEST_P(ProxyProtocolTest, TinyPartialV2ReadWithAllowNoProxyProtocol) { @@ -1420,6 +1465,7 @@ TEST_P(ProxyProtocolTest, TinyPartialV2ReadWithAllowNoProxyProtocol) { "1.2.3.4"); EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); } const std::string ProxyProtocol = "envoy.filters.listener.proxy_protocol"; @@ -1463,6 +1509,7 @@ TEST_P(ProxyProtocolTest, V2ParseExtensionsLargeThanInitMaxReadBytes) { EXPECT_EQ(tlv_data, value_s); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractTlvOfInterest) { @@ -1502,6 +1549,7 @@ TEST_P(ProxyProtocolTest, V2ExtractTlvOfInterest) { auto value_s = fields.at("PP2 type authority").string_value(); ASSERT_THAT(value_s, ElementsAre(0x66, 0x6f, 0x6f, 0x2e, 0x63, 0x6f, 0x6d)); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractTlvOfInterestAndEmitWithSpecifiedMetadataNamespace) { @@ -1542,6 +1590,7 @@ TEST_P(ProxyProtocolTest, V2ExtractTlvOfInterestAndEmitWithSpecifiedMetadataName auto value_s = fields.at("PP2 type authority").string_value(); ASSERT_THAT(value_s, ElementsAre(0x66, 0x6f, 0x6f, 0x2e, 0x63, 0x6f, 0x6d)); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractMultipleTlvsOfInterest) { @@ -1601,6 +1650,7 @@ TEST_P(ProxyProtocolTest, V2ExtractMultipleTlvsOfInterest) { ElementsAre(0x01, 0x76, 0x70, 0x63, 0x2d, 0x30, 0x32, 0x35, 0x74, 0x65, 0x73, 0x74, 0x32, 0x66, 0x61, 0x36, 0x63, 0x36, 0x33, 0x68, 0x61, 0x37)); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractMultipleTlvsOfInterestAndSanitiseNonUtf8) { @@ -1665,6 +1715,7 @@ TEST_P(ProxyProtocolTest, V2ExtractMultipleTlvsOfInterestAndSanitiseNonUtf8) { ElementsAre(0x01, 0x76, 0x70, 0x63, 0x2d, 0x30, replacement, 0x35, 0x74, 0x65, 0x73, 0x74, 0x32, 0x66, 0x61, 0x36, 0x63, 0x36, 0x33, 0x68, replacement, 0x37)); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); } TEST_P(ProxyProtocolTest, V2WillNotOverwriteTLV) { @@ -1714,6 +1765,7 @@ TEST_P(ProxyProtocolTest, V2WillNotOverwriteTLV) { ASSERT_THAT(value_type_authority, ElementsAre(0x66, 0x6f, 0x6f, 0x2e, 0x63, 0x6f, 0x6d)); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); } TEST_P(ProxyProtocolTest, V2WrongTLVLength) { @@ -1736,6 +1788,7 @@ TEST_P(ProxyProtocolTest, V2WrongTLVLength) { write(tlv, sizeof(tlv)); expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2IncompleteTLV) { @@ -1765,6 +1818,7 @@ TEST_P(ProxyProtocolTest, V2IncompleteTLV) { write(tlv2, sizeof(tlv2)); expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterState) { @@ -1812,6 +1866,7 @@ TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterState) { proxy_proto_data.tlv_vector_[1].value.end())); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterStateIncludeEmpty) { @@ -1848,6 +1903,7 @@ TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterStateIncludeEmpty) { EXPECT_EQ(0, proxy_proto_data.tlv_vector_.size()); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterStateIncludeTlV) { @@ -1888,6 +1944,7 @@ TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterStateIncludeTlV) { EXPECT_EQ("foo.com", std::string(proxy_proto_data.tlv_vector_[0].value.begin(), proxy_proto_data.tlv_vector_[0].value.end())); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); } TEST_P(ProxyProtocolTest, MalformedProxyLine) { @@ -1898,6 +1955,22 @@ TEST_P(ProxyProtocolTest, MalformedProxyLine) { write("\n"); expectProxyProtoError(); + // Tracked as v1 because of trailing \r\n + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); +} + +TEST_P(ProxyProtocolTest, MalformedProxyLineWithAllowNoProxyProtocol) { + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config; + proto_config.set_allow_requests_without_proxy_protocol(true); + connect(true, &proto_config); + + std::string msg = "BOGUS\r\n"; + write(msg); + expectData(msg); + disconnect(); + // Tracked as unknown because `set_allow_requests_without_proxy_protocol` matches v1 signature + // differently that previous test case. + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.unknown.allowed").value(), 1); } TEST_P(ProxyProtocolTest, ProxyLineTooLarge) { @@ -1905,66 +1978,77 @@ TEST_P(ProxyProtocolTest, ProxyLineTooLarge) { write("012345678901234567890123456789012345678901234567890123456789" "012345678901234567890123456789012345678901234567890123456789"); expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.unknown.error").value(), 1); } TEST_P(ProxyProtocolTest, NotEnoughFields) { connect(false); write("PROXY TCP6 1:2:3::4 5:6::7:8 1234\r\nmore data"); expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, UnsupportedProto) { connect(false); write("PROXY UDP6 1:2:3::4 5:6::7:8 1234 5678\r\nmore data"); expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, InvalidSrcAddress) { connect(false); write("PROXY TCP4 230.0.0.1 10.1.1.3 1234 5678\r\nmore data"); expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, InvalidDstAddress) { connect(false); write("PROXY TCP4 10.1.1.2 0.0.0.0 1234 5678\r\nmore data"); expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, BadPort) { connect(false); write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, NegativePort) { connect(false); write("PROXY TCP6 1:2:3::4 5:6::7:8 -1 1234\r\nmore data"); expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, PortOutOfRange) { connect(false); write("PROXY TCP6 1:2:3::4 5:6::7:8 66776 1234\r\nmore data"); expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, BadAddress) { connect(false); write("PROXY TCP6 1::2:3::4 5:6::7:8 1234 5678\r\nmore data"); expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, AddressVersionsNotMatch) { connect(false); write("PROXY TCP4 [1:2:3::4] 1.2.3.4 1234 5678\r\nmore data"); expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, AddressVersionsNotMatch2) { connect(false); write("PROXY TCP4 1.2.3.4 [1:2:3: 1234 4]:5678\r\nmore data"); expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, Truncated) { @@ -2089,9 +2173,302 @@ TEST_P(ProxyProtocolTest, DrainError) { write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); } #endif +class ProxyProtocolAllowedVersionsTest : public ProxyProtocolTest { + public: + virtual envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol createConfig(std::vector allowed_versions) const { + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config; + for (const auto& version : allowed_versions) { + proto_config.mutable_allowed_versions()->Add(version); + } + return proto_config; + } +}; + +// Parameterize the listener socket address version. +INSTANTIATE_TEST_SUITE_P(IpVersions, ProxyProtocolAllowedVersionsTest, + testing::ValuesIn(TestEnvironment::getIpVersionsForTest()), + TestUtility::ipTestParamsToString); + +TEST_P(ProxyProtocolAllowedVersionsTest, V2InConfigAndV2BasicAllowed) { + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V2}); + connect(true, &proto_config); + + // A well-formed ipv4/tcp message, no extensions + constexpr uint8_t buffer[] = {0x0d, 0x0a, 0x0d, 0x0a, 0x00, 0x0d, 0x0a, 0x51, 0x55, 0x49, + 0x54, 0x0a, 0x21, 0x11, 0x00, 0x0c, 0x01, 0x02, 0x03, 0x04, + 0x00, 0x01, 0x01, 0x02, 0x03, 0x05, 0x00, 0x02, 'm', 'o', + 'r', 'e', ' ', 'd', 'a', 't', 'a'}; + write(buffer, sizeof(buffer)); + expectData("more data"); + disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); +} + +TEST_P(ProxyProtocolAllowedVersionsTest, V1V2InConfigAndV2BasicAllowed) { + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V2, ProxyProtocolConfig::V1}); + connect(true, &proto_config); + + // A well-formed ipv4/tcp message, no extensions + constexpr uint8_t buffer[] = {0x0d, 0x0a, 0x0d, 0x0a, 0x00, 0x0d, 0x0a, 0x51, 0x55, 0x49, + 0x54, 0x0a, 0x21, 0x11, 0x00, 0x0c, 0x01, 0x02, 0x03, 0x04, + 0x00, 0x01, 0x01, 0x02, 0x03, 0x05, 0x00, 0x02, 'm', 'o', + 'r', 'e', ' ', 'd', 'a', 't', 'a'}; + write(buffer, sizeof(buffer)); + expectData("more data"); + disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); +} + +TEST_P(ProxyProtocolAllowedVersionsTest, V1InConfigAndV2BasicRejected) { + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V1}); + connect(false, &proto_config); + + // A well-formed ipv4/tcp message, no extensions + constexpr uint8_t buffer[] = {0x0d, 0x0a, 0x0d, 0x0a, 0x00, 0x0d, 0x0a, 0x51, 0x55, 0x49, + 0x54, 0x0a, 0x21, 0x11, 0x00, 0x0c, 0x01, 0x02, 0x03, 0x04, + 0x00, 0x01, 0x01, 0x02, 0x03, 0x05, 0x00, 0x02, 'm', 'o', + 'r', 'e', ' ', 'd', 'a', 't', 'a'}; + write(buffer, sizeof(buffer)); + expectConnectionError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.denied").value(), 1); +} + +TEST_P(ProxyProtocolAllowedVersionsTest, V2InConfigAndV2ShortError) { + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V2}); + connect(false, &proto_config); + + // An ipv4/tcp connection that has incorrect addr-len encoded + constexpr uint8_t buffer[] = {0x0d, 0x0a, 0x0d, 0x0a, 0x00, 0x0d, 0x0a, 0x51, 0x55, 0x49, + 0x54, 0x0a, 0x21, 0x21, 0x00, 0x04, 0x00, 0x08, 0x00, 0x02, + 'm', 'o', 'r', 'e', ' ', 'd', 'a', 't', 'a'}; + write(buffer, sizeof(buffer)); + expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); +} + +TEST_P(ProxyProtocolAllowedVersionsTest, V1V2InConfigAndV2ShortError) { + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V1}); + proto_config.mutable_allowed_versions()->Add(ProxyProtocolConfig::V2); + connect(false, &proto_config); + + // An ipv4/tcp connection that has incorrect addr-len encoded + constexpr uint8_t buffer[] = {0x0d, 0x0a, 0x0d, 0x0a, 0x00, 0x0d, 0x0a, 0x51, 0x55, 0x49, + 0x54, 0x0a, 0x21, 0x21, 0x00, 0x04, 0x00, 0x08, 0x00, 0x02, + 'm', 'o', 'r', 'e', ' ', 'd', 'a', 't', 'a'}; + write(buffer, sizeof(buffer)); + expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); +} + +TEST_P(ProxyProtocolAllowedVersionsTest, V1InConfigAndV2ShortRejected) { + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V1}); + connect(false, &proto_config); + + // An ipv4/tcp connection that has incorrect addr-len encoded + constexpr uint8_t buffer[] = {0x0d, 0x0a, 0x0d, 0x0a, 0x00, 0x0d, 0x0a, 0x51, 0x55, 0x49, + 0x54, 0x0a, 0x21, 0x21, 0x00, 0x04, 0x00, 0x08, 0x00, 0x02, + 'm', 'o', 'r', 'e', ' ', 'd', 'a', 't', 'a'}; + write(buffer, sizeof(buffer)); + expectConnectionError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.denied").value(), 1); +} + +TEST_P(ProxyProtocolAllowedVersionsTest, V1InConfigAndV1BasicAllowed) { + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V1}); + connect(true, &proto_config); + + write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); + expectData("more data"); + disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.allowed").value(), 1); +} + +TEST_P(ProxyProtocolAllowedVersionsTest, V1V2InConfigAndV1BasicAllowed) { + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V1}); + proto_config.mutable_allowed_versions()->Add(ProxyProtocolConfig::V2); + connect(true, &proto_config); + + write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); + expectData("more data"); + disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.allowed").value(), 1); +} + +TEST_P(ProxyProtocolAllowedVersionsTest, V2InConfigAndV1BasicRejected) { + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V2}); + connect(false, &proto_config); + + write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); + expectConnectionError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.denied").value(), 1); +} + +TEST_P(ProxyProtocolAllowedVersionsTest, V1InConfigAndV1BadPortError) { + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V1}); + connect(false, &proto_config); + + write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); + expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); +} + +TEST_P(ProxyProtocolAllowedVersionsTest, V1V2InConfigAndV1BadPortError) { + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V1}); + proto_config.mutable_allowed_versions()->Add(ProxyProtocolConfig::V2); + connect(false, &proto_config); + + write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); + expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); +} + +TEST_P(ProxyProtocolAllowedVersionsTest, V2InConfigAndV1BadPortError) { + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V2}); + connect(false, &proto_config); + + write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); + expectConnectionError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.denied").value(), 1); +} + +// Tests a combination of `allowed_versions` and `allow_requests_without_proxy_protocol`. +class ProxyProtocolAllowedVersionsWithNoProxyProtoTest : public ProxyProtocolAllowedVersionsTest { + public: + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol createConfig(std::vector allowed_versions) const override { + auto proto_config = ProxyProtocolAllowedVersionsTest::createConfig(allowed_versions); + proto_config.set_allow_requests_without_proxy_protocol(true); + return proto_config; + } +}; + +// Parameterize the listener socket address version. +INSTANTIATE_TEST_SUITE_P(IpVersions, ProxyProtocolAllowedVersionsWithNoProxyProtoTest, + testing::ValuesIn(TestEnvironment::getIpVersionsForTest()), + TestUtility::ipTestParamsToString); + +TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V2InConfigAndV2BasicAllowed) { + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V2}); + connect(true, &proto_config); + + // A well-formed ipv4/tcp message, no extensions + constexpr uint8_t buffer[] = {0x0d, 0x0a, 0x0d, 0x0a, 0x00, 0x0d, 0x0a, 0x51, 0x55, 0x49, + 0x54, 0x0a, 0x21, 0x11, 0x00, 0x0c, 0x01, 0x02, 0x03, 0x04, + 0x00, 0x01, 0x01, 0x02, 0x03, 0x05, 0x00, 0x02, 'm', 'o', + 'r', 'e', ' ', 'd', 'a', 't', 'a'}; + write(buffer, sizeof(buffer)); + expectData("more data"); + disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); +} + +TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V1InConfigAndV2BasicAllowed) { + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V1}); + connect(true, &proto_config); + + // A well-formed ipv4/tcp message, no extensions + constexpr uint8_t buffer[] = {0x0d, 0x0a, 0x0d, 0x0a, 0x00, 0x0d, 0x0a, 0x51, 0x55, 0x49, + 0x54, 0x0a, 0x21, 0x11, 0x00, 0x0c, 0x01, 0x02, 0x03, 0x04, + 0x00, 0x01, 0x01, 0x02, 0x03, 0x05, 0x00, 0x02, 'm', 'o', + 'r', 'e', ' ', 'd', 'a', 't', 'a'}; + write(buffer, sizeof(buffer)); + disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.unknown.allowed").value(), 1); +} + +TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V2InConfigAndV2ShortError) { + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V2}); + connect(false, &proto_config); + + // An ipv4/tcp connection that has incorrect addr-len encoded + constexpr uint8_t buffer[] = {0x0d, 0x0a, 0x0d, 0x0a, 0x00, 0x0d, 0x0a, 0x51, 0x55, 0x49, + 0x54, 0x0a, 0x21, 0x21, 0x00, 0x04, 0x00, 0x08, 0x00, 0x02, + 'm', 'o', 'r', 'e', ' ', 'd', 'a', 't', 'a'}; + write(buffer, sizeof(buffer)); + expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); +} + +TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V1InConfigAndV2ShortAllowed) { + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V1}); + connect(true, &proto_config); + + // An ipv4/tcp connection that has incorrect addr-len encoded + constexpr uint8_t buffer[] = {0x0d, 0x0a, 0x0d, 0x0a, 0x00, 0x0d, 0x0a, 0x51, 0x55, 0x49, + 0x54, 0x0a, 0x21, 0x21, 0x00, 0x04, 0x00, 0x08, 0x00, 0x02, + 'm', 'o', 'r', 'e', ' ', 'd', 'a', 't', 'a'}; + write(buffer, sizeof(buffer)); + disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.unknown.allowed").value(), 1); +} + +TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V1InConfigAndV1BasicAllowed) { + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V1}); + connect(true, &proto_config); + + write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); + expectData("more data"); + disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.allowed").value(), 1); +} + +TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V2InConfigAndV1BasicAllowed) { + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V2}); + connect(true, &proto_config); + + write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); + expectData("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); + disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.unknown.allowed").value(), 1); +} + +TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V1InConfigAndV1BadPortError) { + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V1}); + connect(false, &proto_config); + + write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); + expectProxyProtoError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); +} + +TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V2InConfigAndV1BadPortAllowed) { + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V2}); + connect(true, &proto_config); + + write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); + expectData("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); + disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.unknown.allowed").value(), 1); +} + +// In direct comparison to V1TooLongWithAllowNoProxyProtocol. +TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V2InConfigAllowNoProxyProtocolAndV1NotMatched) { + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V2}); + connect(true, &proto_config); + + write("PROXY TCP4 1.2.3.4 2.3.4.5 100 100 RANDOM ENDING"); + expectData("PROXY TCP4 1.2.3.4 2.3.4.5 100 100 RANDOM ENDING"); + disconnect(); + // Not tracked as v1 due to missing /r/n at end. + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.unknown.allowed").value(), 1); +} + +TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V1InConfigAndAllowTinyNoProxyProtocol) { + // Allows a small request (less bytes than v1/v2 signature) through even though it doesn't use + // proxy protocol + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V1}); // Essentially NOOP. + connect(true, &proto_config); + + std::string msg = "data"; + write(msg); + expectData(msg); + disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.unknown.allowed").value(), 1); +} + class WildcardProxyProtocolTest : public testing::TestWithParam, public Network::ListenerConfig, public Network::FilterChainManager, @@ -2220,7 +2597,7 @@ class WildcardProxyProtocolTest : public testing::TestWithParam runtime_; testing::NiceMock random_; - Stats::IsolatedStoreImpl stats_store_; + Stats::TestUtil::TestStore stats_store_; Api::ApiPtr api_; Event::DispatcherPtr dispatcher_; BasicResourceLimitImpl open_connections_; @@ -2260,6 +2637,7 @@ TEST_P(WildcardProxyProtocolTest, Basic) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.allowed").value(), 1); } TEST_P(WildcardProxyProtocolTest, BasicV6) { @@ -2275,6 +2653,7 @@ TEST_P(WildcardProxyProtocolTest, BasicV6) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.allowed").value(), 1); } TEST(ProxyProtocolConfigFactoryTest, TestCreateFactory) { From 3010892ada89004353d5c76fb0e51a7edd03ba98 Mon Sep 17 00:00:00 2001 From: Teju Nareddy Date: Tue, 12 Mar 2024 16:04:25 -0500 Subject: [PATCH 02/29] Format Signed-off-by: Teju Nareddy --- .../listener/proxy_protocol/proxy_protocol.cc | 77 ++++++++++-------- .../proxy_protocol/proxy_protocol_test.cc | 81 ++++++++++++------- 2 files changed, 96 insertions(+), 62 deletions(-) diff --git a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc index 72fdbcad6985..358cc3afd182 100644 --- a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc +++ b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc @@ -28,6 +28,7 @@ #include "source/common/protobuf/utility.h" #include "source/extensions/common/proxy_protocol/proxy_protocol_header.h" +using envoy::config::core::v3::ProxyProtocolConfig; using envoy::config::core::v3::ProxyProtocolPassThroughTLVs; using Envoy::Extensions::Common::ProxyProtocol::PROXY_PROTO_V1_SIGNATURE; using Envoy::Extensions::Common::ProxyProtocol::PROXY_PROTO_V1_SIGNATURE_LEN; @@ -43,7 +44,6 @@ using Envoy::Extensions::Common::ProxyProtocol::PROXY_PROTO_V2_SIGNATURE_LEN; using Envoy::Extensions::Common::ProxyProtocol::PROXY_PROTO_V2_TRANSPORT_DGRAM; using Envoy::Extensions::Common::ProxyProtocol::PROXY_PROTO_V2_TRANSPORT_STREAM; using Envoy::Extensions::Common::ProxyProtocol::PROXY_PROTO_V2_VERSION; -using envoy::config::core::v3::ProxyProtocolConfig; namespace Envoy { namespace Extensions { @@ -52,32 +52,38 @@ namespace ProxyProtocol { constexpr absl::string_view kVersionedStatsPrefix = "downstream_cx_proxy_proto."; -ProxyProtocolStats ProxyProtocolStats::create(Stats::Scope &scope) { +ProxyProtocolStats ProxyProtocolStats::create(Stats::Scope& scope) { return { /*general_stats_=*/{GENERAL_PROXY_PROTOCOL_STATS(POOL_COUNTER(scope))}, - /*unknown_=*/{VERSIONED_PROXY_PROTOCOL_STATS(POOL_COUNTER_PREFIX(scope, absl::StrCat(kVersionedStatsPrefix, "unknown.")))}, - /*v1_=*/{VERSIONED_PROXY_PROTOCOL_STATS(POOL_COUNTER_PREFIX(scope, absl::StrCat(kVersionedStatsPrefix, "v1.")))}, - /*v2_=*/{VERSIONED_PROXY_PROTOCOL_STATS(POOL_COUNTER_PREFIX(scope, absl::StrCat(kVersionedStatsPrefix, "v2.")))}, + /*unknown_=*/ + {VERSIONED_PROXY_PROTOCOL_STATS( + POOL_COUNTER_PREFIX(scope, absl::StrCat(kVersionedStatsPrefix, "unknown.")))}, + /*v1_=*/ + {VERSIONED_PROXY_PROTOCOL_STATS( + POOL_COUNTER_PREFIX(scope, absl::StrCat(kVersionedStatsPrefix, "v1.")))}, + /*v2_=*/ + {VERSIONED_PROXY_PROTOCOL_STATS( + POOL_COUNTER_PREFIX(scope, absl::StrCat(kVersionedStatsPrefix, "v2.")))}, }; } void VersionedProxyProtocolStats::increment(ReadOrParseState decision) { switch (decision) { - case ReadOrParseState::Done: - allowed_.inc(); - break; - case ReadOrParseState::TryAgainLater: - // Do nothing. - break; - case ReadOrParseState::Error: - error_.inc(); - break; - case ReadOrParseState::SkipFilter: - allowed_.inc(); - break; - case ReadOrParseState::Denied: - denied_.inc(); - break; + case ReadOrParseState::Done: + allowed_.inc(); + break; + case ReadOrParseState::TryAgainLater: + // Do nothing. + break; + case ReadOrParseState::Error: + error_.inc(); + break; + case ReadOrParseState::SkipFilter: + allowed_.inc(); + break; + case ReadOrParseState::Denied: + denied_.inc(); + break; } } @@ -115,8 +121,9 @@ Config::Config( allow_v2_ = true; break; default: - throw EnvoyException(absl::StrCat("Unknown proxy protocol version (enum int cast): ", version)); - } + throw EnvoyException( + absl::StrCat("Unknown proxy protocol version (enum int cast): ", version)); + } } } } @@ -152,12 +159,12 @@ bool Config::isVersionAllowed(ProxyProtocolVersion version) const { VersionedProxyProtocolStats& Config::versionToStatsStruct(ProxyProtocolVersion version) { switch (version) { - case Unknown: - return stats_.unknown_; - case ProxyProtocolVersion::V1: - return stats_.v1_; - case ProxyProtocolVersion::V2: - return stats_.v2_; + case Unknown: + return stats_.unknown_; + case ProxyProtocolVersion::V1: + return stats_.v1_; + case ProxyProtocolVersion::V2: + return stats_.v2_; } return stats_.unknown_; // Should never happen. } @@ -170,7 +177,8 @@ Network::FilterStatus Filter::onAccept(Network::ListenerFilterCallbacks& cb) { } Network::FilterStatus Filter::onData(Network::ListenerFilterBuffer& buffer) { - const ReadOrParseState read_state = parseBuffer(buffer); // Implicitly updates proxy_protocol_version_ + const ReadOrParseState read_state = + parseBuffer(buffer); // Implicitly updates proxy_protocol_version_ VersionedProxyProtocolStats& versioned_stats = config_->versionToStatsStruct(header_version_); versioned_stats.increment(read_state); @@ -180,7 +188,8 @@ Network::FilterStatus Filter::onData(Network::ListenerFilterBuffer& buffer) { cb_->socket().ioHandle().close(); return Network::FilterStatus::StopIteration; case ReadOrParseState::Error: - config_->stats_.general_stats_.downstream_cx_proxy_proto_error_.inc(); // Keep for backwards-compatibility + config_->stats_.general_stats_.downstream_cx_proxy_proto_error_ + .inc(); // Keep for backwards-compatibility cb_->socket().ioHandle().close(); return Network::FilterStatus::StopIteration; case ReadOrParseState::TryAgainLater: @@ -576,11 +585,11 @@ ReadOrParseState Filter::readProxyHeader(Network::ListenerFilterBuffer& buffer) const char* buf = static_cast(raw_slice.mem_); if (config_->isVersionAllowed(ProxyProtocolVersion::Unknown)) { - auto matchv2 = config_->isVersionAllowed(ProxyProtocolVersion::V2) - && !memcmp(buf, PROXY_PROTO_V2_SIGNATURE, + auto matchv2 = config_->isVersionAllowed(ProxyProtocolVersion::V2) && + !memcmp(buf, PROXY_PROTO_V2_SIGNATURE, std::min(PROXY_PROTO_V2_SIGNATURE_LEN, raw_slice.len_)); - auto matchv1 = config_->isVersionAllowed(ProxyProtocolVersion::V1) - && !memcmp(buf, PROXY_PROTO_V1_SIGNATURE, + auto matchv1 = config_->isVersionAllowed(ProxyProtocolVersion::V1) && + !memcmp(buf, PROXY_PROTO_V1_SIGNATURE, std::min(PROXY_PROTO_V1_SIGNATURE_LEN, raw_slice.len_)); if (!matchv2 && !matchv1) { // The bytes we have seen so far do not match v1 or v2 proxy protocol, so we can safely diff --git a/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc b/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc index 5e0ddb61355e..5108a3be6a6e 100644 --- a/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc +++ b/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc @@ -34,8 +34,8 @@ #include "gmock/gmock.h" #include "gtest/gtest.h" -using envoy::config::core::v3::ProxyProtocolPassThroughTLVs; using envoy::config::core::v3::ProxyProtocolConfig; +using envoy::config::core::v3::ProxyProtocolPassThroughTLVs; using Envoy::Extensions::Common::ProxyProtocol::PROXY_PROTO_V1_SIGNATURE_LEN; using Envoy::Extensions::Common::ProxyProtocol::PROXY_PROTO_V2_SIGNATURE_LEN; using testing::_; @@ -2178,8 +2178,9 @@ TEST_P(ProxyProtocolTest, DrainError) { #endif class ProxyProtocolAllowedVersionsTest : public ProxyProtocolTest { - public: - virtual envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol createConfig(std::vector allowed_versions) const { +public: + virtual envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol + createConfig(std::vector allowed_versions) const { envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config; for (const auto& version : allowed_versions) { proto_config.mutable_allowed_versions()->Add(version); @@ -2194,7 +2195,8 @@ INSTANTIATE_TEST_SUITE_P(IpVersions, ProxyProtocolAllowedVersionsTest, TestUtility::ipTestParamsToString); TEST_P(ProxyProtocolAllowedVersionsTest, V2InConfigAndV2BasicAllowed) { - envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V2}); + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = + createConfig({ProxyProtocolConfig::V2}); connect(true, &proto_config); // A well-formed ipv4/tcp message, no extensions @@ -2209,7 +2211,8 @@ TEST_P(ProxyProtocolAllowedVersionsTest, V2InConfigAndV2BasicAllowed) { } TEST_P(ProxyProtocolAllowedVersionsTest, V1V2InConfigAndV2BasicAllowed) { - envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V2, ProxyProtocolConfig::V1}); + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = + createConfig({ProxyProtocolConfig::V2, ProxyProtocolConfig::V1}); connect(true, &proto_config); // A well-formed ipv4/tcp message, no extensions @@ -2224,7 +2227,8 @@ TEST_P(ProxyProtocolAllowedVersionsTest, V1V2InConfigAndV2BasicAllowed) { } TEST_P(ProxyProtocolAllowedVersionsTest, V1InConfigAndV2BasicRejected) { - envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V1}); + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = + createConfig({ProxyProtocolConfig::V1}); connect(false, &proto_config); // A well-formed ipv4/tcp message, no extensions @@ -2238,7 +2242,8 @@ TEST_P(ProxyProtocolAllowedVersionsTest, V1InConfigAndV2BasicRejected) { } TEST_P(ProxyProtocolAllowedVersionsTest, V2InConfigAndV2ShortError) { - envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V2}); + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = + createConfig({ProxyProtocolConfig::V2}); connect(false, &proto_config); // An ipv4/tcp connection that has incorrect addr-len encoded @@ -2251,7 +2256,8 @@ TEST_P(ProxyProtocolAllowedVersionsTest, V2InConfigAndV2ShortError) { } TEST_P(ProxyProtocolAllowedVersionsTest, V1V2InConfigAndV2ShortError) { - envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V1}); + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = + createConfig({ProxyProtocolConfig::V1}); proto_config.mutable_allowed_versions()->Add(ProxyProtocolConfig::V2); connect(false, &proto_config); @@ -2265,7 +2271,8 @@ TEST_P(ProxyProtocolAllowedVersionsTest, V1V2InConfigAndV2ShortError) { } TEST_P(ProxyProtocolAllowedVersionsTest, V1InConfigAndV2ShortRejected) { - envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V1}); + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = + createConfig({ProxyProtocolConfig::V1}); connect(false, &proto_config); // An ipv4/tcp connection that has incorrect addr-len encoded @@ -2278,7 +2285,8 @@ TEST_P(ProxyProtocolAllowedVersionsTest, V1InConfigAndV2ShortRejected) { } TEST_P(ProxyProtocolAllowedVersionsTest, V1InConfigAndV1BasicAllowed) { - envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V1}); + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = + createConfig({ProxyProtocolConfig::V1}); connect(true, &proto_config); write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); @@ -2288,7 +2296,8 @@ TEST_P(ProxyProtocolAllowedVersionsTest, V1InConfigAndV1BasicAllowed) { } TEST_P(ProxyProtocolAllowedVersionsTest, V1V2InConfigAndV1BasicAllowed) { - envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V1}); + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = + createConfig({ProxyProtocolConfig::V1}); proto_config.mutable_allowed_versions()->Add(ProxyProtocolConfig::V2); connect(true, &proto_config); @@ -2299,7 +2308,8 @@ TEST_P(ProxyProtocolAllowedVersionsTest, V1V2InConfigAndV1BasicAllowed) { } TEST_P(ProxyProtocolAllowedVersionsTest, V2InConfigAndV1BasicRejected) { - envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V2}); + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = + createConfig({ProxyProtocolConfig::V2}); connect(false, &proto_config); write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); @@ -2308,7 +2318,8 @@ TEST_P(ProxyProtocolAllowedVersionsTest, V2InConfigAndV1BasicRejected) { } TEST_P(ProxyProtocolAllowedVersionsTest, V1InConfigAndV1BadPortError) { - envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V1}); + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = + createConfig({ProxyProtocolConfig::V1}); connect(false, &proto_config); write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); @@ -2317,7 +2328,8 @@ TEST_P(ProxyProtocolAllowedVersionsTest, V1InConfigAndV1BadPortError) { } TEST_P(ProxyProtocolAllowedVersionsTest, V1V2InConfigAndV1BadPortError) { - envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V1}); + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = + createConfig({ProxyProtocolConfig::V1}); proto_config.mutable_allowed_versions()->Add(ProxyProtocolConfig::V2); connect(false, &proto_config); @@ -2327,7 +2339,8 @@ TEST_P(ProxyProtocolAllowedVersionsTest, V1V2InConfigAndV1BadPortError) { } TEST_P(ProxyProtocolAllowedVersionsTest, V2InConfigAndV1BadPortError) { - envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V2}); + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = + createConfig({ProxyProtocolConfig::V2}); connect(false, &proto_config); write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); @@ -2337,8 +2350,9 @@ TEST_P(ProxyProtocolAllowedVersionsTest, V2InConfigAndV1BadPortError) { // Tests a combination of `allowed_versions` and `allow_requests_without_proxy_protocol`. class ProxyProtocolAllowedVersionsWithNoProxyProtoTest : public ProxyProtocolAllowedVersionsTest { - public: - envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol createConfig(std::vector allowed_versions) const override { +public: + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol + createConfig(std::vector allowed_versions) const override { auto proto_config = ProxyProtocolAllowedVersionsTest::createConfig(allowed_versions); proto_config.set_allow_requests_without_proxy_protocol(true); return proto_config; @@ -2351,7 +2365,8 @@ INSTANTIATE_TEST_SUITE_P(IpVersions, ProxyProtocolAllowedVersionsWithNoProxyProt TestUtility::ipTestParamsToString); TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V2InConfigAndV2BasicAllowed) { - envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V2}); + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = + createConfig({ProxyProtocolConfig::V2}); connect(true, &proto_config); // A well-formed ipv4/tcp message, no extensions @@ -2366,7 +2381,8 @@ TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V2InConfigAndV2BasicAll } TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V1InConfigAndV2BasicAllowed) { - envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V1}); + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = + createConfig({ProxyProtocolConfig::V1}); connect(true, &proto_config); // A well-formed ipv4/tcp message, no extensions @@ -2380,7 +2396,8 @@ TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V1InConfigAndV2BasicAll } TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V2InConfigAndV2ShortError) { - envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V2}); + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = + createConfig({ProxyProtocolConfig::V2}); connect(false, &proto_config); // An ipv4/tcp connection that has incorrect addr-len encoded @@ -2393,7 +2410,8 @@ TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V2InConfigAndV2ShortErr } TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V1InConfigAndV2ShortAllowed) { - envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V1}); + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = + createConfig({ProxyProtocolConfig::V1}); connect(true, &proto_config); // An ipv4/tcp connection that has incorrect addr-len encoded @@ -2406,7 +2424,8 @@ TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V1InConfigAndV2ShortAll } TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V1InConfigAndV1BasicAllowed) { - envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V1}); + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = + createConfig({ProxyProtocolConfig::V1}); connect(true, &proto_config); write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); @@ -2416,7 +2435,8 @@ TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V1InConfigAndV1BasicAll } TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V2InConfigAndV1BasicAllowed) { - envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V2}); + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = + createConfig({ProxyProtocolConfig::V2}); connect(true, &proto_config); write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); @@ -2426,7 +2446,8 @@ TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V2InConfigAndV1BasicAll } TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V1InConfigAndV1BadPortError) { - envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V1}); + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = + createConfig({ProxyProtocolConfig::V1}); connect(false, &proto_config); write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); @@ -2435,7 +2456,8 @@ TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V1InConfigAndV1BadPortE } TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V2InConfigAndV1BadPortAllowed) { - envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V2}); + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = + createConfig({ProxyProtocolConfig::V2}); connect(true, &proto_config); write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); @@ -2445,8 +2467,10 @@ TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V2InConfigAndV1BadPortA } // In direct comparison to V1TooLongWithAllowNoProxyProtocol. -TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V2InConfigAllowNoProxyProtocolAndV1NotMatched) { - envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V2}); +TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, + V2InConfigAllowNoProxyProtocolAndV1NotMatched) { + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = + createConfig({ProxyProtocolConfig::V2}); connect(true, &proto_config); write("PROXY TCP4 1.2.3.4 2.3.4.5 100 100 RANDOM ENDING"); @@ -2459,7 +2483,8 @@ TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V2InConfigAllowNoProxyP TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V1InConfigAndAllowTinyNoProxyProtocol) { // Allows a small request (less bytes than v1/v2 signature) through even though it doesn't use // proxy protocol - envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V1}); // Essentially NOOP. + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = + createConfig({ProxyProtocolConfig::V1}); // Essentially NOOP. connect(true, &proto_config); std::string msg = "data"; From c285452af75212f1af8192a00729977c9c04fbf0 Mon Sep 17 00:00:00 2001 From: Teju Nareddy Date: Tue, 12 Mar 2024 17:03:06 -0500 Subject: [PATCH 03/29] Docs Signed-off-by: Teju Nareddy --- .../proxy_protocol/v3/proxy_protocol.proto | 10 ++++---- .../listener_filters/proxy_protocol.rst | 25 +++++++++++++++---- .../proxy_protocol/proxy_protocol_test.cc | 4 +-- 3 files changed, 27 insertions(+), 12 deletions(-) diff --git a/api/envoy/extensions/filters/listener/proxy_protocol/v3/proxy_protocol.proto b/api/envoy/extensions/filters/listener/proxy_protocol/v3/proxy_protocol.proto index 40978fe9866e..9faf282840d0 100644 --- a/api/envoy/extensions/filters/listener/proxy_protocol/v3/proxy_protocol.proto +++ b/api/envoy/extensions/filters/listener/proxy_protocol/v3/proxy_protocol.proto @@ -79,10 +79,10 @@ message ProxyProtocol { // // .. attention:: // - // When used in conjunction with the :ref:`extensions.filters.listener.proxy_protocol.v3.ProxyProtocol.allow_requests_without_proxy_protocol `, - // the filter will only attempt to match signatures for the allowed versions. - // For example, when `allowed_versions=V1`, `allow_requests_without_proxy_protocol=true`, and an incoming request matches - // the V2 signature, the filter will allow the request through as if it did not contain - // PROXY protocol information. + // When used in conjunction with the :ref:`allow_requests_without_proxy_protocol `, + // the filter will only attempt to match signatures for the allowed versions. + // For example, when `allowed_versions=V1`, `allow_requests_without_proxy_protocol=true`, and an incoming request matches + // the V2 signature, the filter will allow the request through as if it did not contain + // PROXY protocol information. repeated config.core.v3.ProxyProtocolConfig.Version allowed_versions = 4; } diff --git a/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst b/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst index 90eb7743acb7..37994db80d81 100644 --- a/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst +++ b/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst @@ -16,9 +16,13 @@ the TLV will be emitted as dynamic metadata with user-specified key. This implementation supports both version 1 and version 2, it automatically determines on a per-connection basis which of the two -versions is present. Note: if the filter is enabled, the Proxy Protocol -must be present on the connection (either version 1 or version 2), -the standard does not allow parsing to determine if it is present or not. +versions is present. + +.. note:: + If the filter is enabled, the Proxy Protocol must be present on the connection (either version 1 or version 2). + The standard does not allow parsing to determine if it is present or not. However, the filter can be configured + to allow the connection to be accepted without the Proxy Protocol header (against the standard). + See :ref:`allow_requests_without_proxy_protocol `. If there is a protocol error or an unsupported address family (e.g. AF_UNIX) the connection will be closed and an error thrown. @@ -29,10 +33,21 @@ If there is a protocol error or an unsupported address family Statistics ---------- -This filter emits the following statistics: +This filter emits the following general statistics: + +.. csv-table:: + :header: Name, Type, Description + :widths: 1, 1, 2 + + downstream_cx_proxy_proto_error, Counter, Total number of connections with proxy protocol errors + +The filter also emits the statistics rooted at *downstream_cx_proxy_proto..* for each matched proxy protocol version. +Proxy protocol versions include `v1`, `v2`, and `unknown`. .. csv-table:: :header: Name, Type, Description :widths: 1, 1, 2 - downstream_cx_proxy_proto_error, Counter, Total proxy protocol errors + allowed, Counter, Total number of connections allowed + denied, Counter, Total number of connections rejected due to :ref:`allowed_versions `. + error, Counter, Total number of connections rejected due to parsing error \ No newline at end of file diff --git a/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc b/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc index 5108a3be6a6e..a50d097b1719 100644 --- a/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc +++ b/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc @@ -2180,7 +2180,7 @@ TEST_P(ProxyProtocolTest, DrainError) { class ProxyProtocolAllowedVersionsTest : public ProxyProtocolTest { public: virtual envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol - createConfig(std::vector allowed_versions) const { + createConfig(const std::vector& allowed_versions) const { envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config; for (const auto& version : allowed_versions) { proto_config.mutable_allowed_versions()->Add(version); @@ -2352,7 +2352,7 @@ TEST_P(ProxyProtocolAllowedVersionsTest, V2InConfigAndV1BadPortError) { class ProxyProtocolAllowedVersionsWithNoProxyProtoTest : public ProxyProtocolAllowedVersionsTest { public: envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol - createConfig(std::vector allowed_versions) const override { + createConfig(const std::vector& allowed_versions) const override { auto proto_config = ProxyProtocolAllowedVersionsTest::createConfig(allowed_versions); proto_config.set_allow_requests_without_proxy_protocol(true); return proto_config; From c846b2e18b777b9637f0abdc19b072259df767b2 Mon Sep 17 00:00:00 2001 From: Teju Nareddy Date: Tue, 12 Mar 2024 17:12:00 -0500 Subject: [PATCH 04/29] Docs fix Signed-off-by: Teju Nareddy --- .../configuration/listeners/listener_filters/proxy_protocol.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst b/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst index 37994db80d81..6a9931f8fcb8 100644 --- a/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst +++ b/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst @@ -50,4 +50,4 @@ Proxy protocol versions include `v1`, `v2`, and `unknown`. allowed, Counter, Total number of connections allowed denied, Counter, Total number of connections rejected due to :ref:`allowed_versions `. - error, Counter, Total number of connections rejected due to parsing error \ No newline at end of file + error, Counter, Total number of connections rejected due to parsing error From 0a8f787b8588393d2ae6b73b4438218981a4fba7 Mon Sep 17 00:00:00 2001 From: Teju Nareddy Date: Tue, 12 Mar 2024 18:12:02 -0500 Subject: [PATCH 05/29] Add release notes Signed-off-by: Teju Nareddy --- changelogs/current.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/changelogs/current.yaml b/changelogs/current.yaml index e77a0bfda18e..ba700c0eb517 100644 --- a/changelogs/current.yaml +++ b/changelogs/current.yaml @@ -298,6 +298,13 @@ new_features: Update ``aws_request_signing`` filter to support optionally sending the aws signature in query parameters rather than headers, by specifying the :ref:`query_string ` configuration section. +- area: proxy_protocol + change: | + Added :ref:`allowed_versions ` + to enforce the filter only matches specific PROXY protocol versions. +- area: proxy_protocol + change: | + Added new statistics to the proxy protocol filter to track connections allowed/denied/error by PROXY protocol version. deprecated: - area: listener From ebcb7ddb1a4a098ecf4a108d04e8da7ec23f08d4 Mon Sep 17 00:00:00 2001 From: Teju Nareddy Date: Tue, 12 Mar 2024 18:19:17 -0500 Subject: [PATCH 06/29] Fix typo Signed-off-by: Teju Nareddy --- .../filters/listener/proxy_protocol/proxy_protocol.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc index 358cc3afd182..5c404aa2f8cb 100644 --- a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc +++ b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc @@ -178,7 +178,7 @@ Network::FilterStatus Filter::onAccept(Network::ListenerFilterCallbacks& cb) { Network::FilterStatus Filter::onData(Network::ListenerFilterBuffer& buffer) { const ReadOrParseState read_state = - parseBuffer(buffer); // Implicitly updates proxy_protocol_version_ + parseBuffer(buffer); // Implicitly updates header_version_ VersionedProxyProtocolStats& versioned_stats = config_->versionToStatsStruct(header_version_); versioned_stats.increment(read_state); From cfb3be7d19348cc96b1429529ca1b16a65562ead Mon Sep 17 00:00:00 2001 From: Teju Nareddy Date: Tue, 12 Mar 2024 18:23:11 -0500 Subject: [PATCH 07/29] Fix typo Signed-off-by: Teju Nareddy --- .../filters/listener/proxy_protocol/proxy_protocol.cc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc index 5c404aa2f8cb..8e16f574c0ef 100644 --- a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc +++ b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc @@ -177,8 +177,7 @@ Network::FilterStatus Filter::onAccept(Network::ListenerFilterCallbacks& cb) { } Network::FilterStatus Filter::onData(Network::ListenerFilterBuffer& buffer) { - const ReadOrParseState read_state = - parseBuffer(buffer); // Implicitly updates header_version_ + const ReadOrParseState read_state = parseBuffer(buffer); // Implicitly updates header_version_ VersionedProxyProtocolStats& versioned_stats = config_->versionToStatsStruct(header_version_); versioned_stats.increment(read_state); From ae9c3e3f4b62f6d59a75211e7d3efb182b34aede Mon Sep 17 00:00:00 2001 From: Teju Nareddy Date: Wed, 13 Mar 2024 10:21:40 -0500 Subject: [PATCH 08/29] review comments Signed-off-by: Teju Nareddy --- .../listener/proxy_protocol/proxy_protocol.cc | 23 +++++++------- .../listener/proxy_protocol/proxy_protocol.h | 6 ++-- .../proxy_protocol/proxy_protocol_test.cc | 30 +++++++++---------- 3 files changed, 29 insertions(+), 30 deletions(-) diff --git a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc index 8e16f574c0ef..c6a99ea7eaf5 100644 --- a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc +++ b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc @@ -55,9 +55,9 @@ constexpr absl::string_view kVersionedStatsPrefix = "downstream_cx_proxy_proto." ProxyProtocolStats ProxyProtocolStats::create(Stats::Scope& scope) { return { /*general_stats_=*/{GENERAL_PROXY_PROTOCOL_STATS(POOL_COUNTER(scope))}, - /*unknown_=*/ + /*not_found_=*/ {VERSIONED_PROXY_PROTOCOL_STATS( - POOL_COUNTER_PREFIX(scope, absl::StrCat(kVersionedStatsPrefix, "unknown.")))}, + POOL_COUNTER_PREFIX(scope, absl::StrCat(kVersionedStatsPrefix, "not_found.")))}, /*v1_=*/ {VERSIONED_PROXY_PROTOCOL_STATS( POOL_COUNTER_PREFIX(scope, absl::StrCat(kVersionedStatsPrefix, "v1.")))}, @@ -108,7 +108,7 @@ Config::Config( } if (proto_config.allowed_versions().empty()) { - ENVOY_LOG(info, "No allowed_versions specified, allowing all PROXY protocol versions."); + ENVOY_LOG(debug, "No allowed_versions specified, allowing all PROXY protocol versions."); allow_v1_ = true; allow_v2_ = true; } else { @@ -148,7 +148,7 @@ size_t Config::numberOfNeededTlvTypes() const { return tlv_types_.size(); } bool Config::isVersionAllowed(ProxyProtocolVersion version) const { switch (version) { - case Unknown: + case ProxyProtocolVersion::NotFound: return allow_requests_without_proxy_protocol_; case ProxyProtocolVersion::V1: return allow_v1_; @@ -159,14 +159,13 @@ bool Config::isVersionAllowed(ProxyProtocolVersion version) const { VersionedProxyProtocolStats& Config::versionToStatsStruct(ProxyProtocolVersion version) { switch (version) { - case Unknown: - return stats_.unknown_; + case ProxyProtocolVersion::NotFound: + return stats_.not_found_; case ProxyProtocolVersion::V1: return stats_.v1_; case ProxyProtocolVersion::V2: return stats_.v2_; } - return stats_.unknown_; // Should never happen. } Network::FilterStatus Filter::onAccept(Network::ListenerFilterCallbacks& cb) { @@ -583,7 +582,7 @@ ReadOrParseState Filter::readProxyHeader(Network::ListenerFilterBuffer& buffer) auto raw_slice = buffer.rawSlice(); const char* buf = static_cast(raw_slice.mem_); - if (config_->isVersionAllowed(ProxyProtocolVersion::Unknown)) { + if (config_->isVersionAllowed(ProxyProtocolVersion::NotFound)) { auto matchv2 = config_->isVersionAllowed(ProxyProtocolVersion::V2) && !memcmp(buf, PROXY_PROTO_V2_SIGNATURE, std::min(PROXY_PROTO_V2_SIGNATURE_LEN, raw_slice.len_)); @@ -601,7 +600,7 @@ ReadOrParseState Filter::readProxyHeader(Network::ListenerFilterBuffer& buffer) if (raw_slice.len_ >= PROXY_PROTO_V2_HEADER_LEN) { const char* sig = PROXY_PROTO_V2_SIGNATURE; if (!memcmp(buf, sig, PROXY_PROTO_V2_SIGNATURE_LEN)) { - header_version_ = V2; + header_version_ = ProxyProtocolVersion::V2; } else if (memcmp(buf, PROXY_PROTO_V1_SIGNATURE, PROXY_PROTO_V1_SIGNATURE_LEN)) { // It is not v2, and can't be v1, so no sense hanging around: it is invalid ENVOY_LOG(debug, "failed to read proxy protocol (exceed max v1 header len)"); @@ -609,7 +608,7 @@ ReadOrParseState Filter::readProxyHeader(Network::ListenerFilterBuffer& buffer) } } - if (header_version_ == V2) { + if (header_version_ == ProxyProtocolVersion::V2) { if (!config_->isVersionAllowed(ProxyProtocolVersion::V2)) { ENVOY_LOG(trace, "Filter is not configured to allow v2 proxy protocol requests"); return ReadOrParseState::Denied; @@ -652,7 +651,7 @@ ReadOrParseState Filter::readProxyHeader(Network::ListenerFilterBuffer& buffer) // for more data. break; } else { - header_version_ = V1; + header_version_ = ProxyProtocolVersion::V1; search_index_++; } break; @@ -663,7 +662,7 @@ ReadOrParseState Filter::readProxyHeader(Network::ListenerFilterBuffer& buffer) return ReadOrParseState::Error; } - if (header_version_ == V1) { + if (header_version_ == ProxyProtocolVersion::V1) { if (!config_->isVersionAllowed(ProxyProtocolVersion::V1)) { ENVOY_LOG(trace, "Filter is not configured to allow v1 proxy protocol requests"); return ReadOrParseState::Denied; diff --git a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.h b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.h index 81fd1cf130da..3cef04b73a4d 100644 --- a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.h +++ b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.h @@ -23,7 +23,7 @@ namespace ProxyProtocol { using KeyValuePair = envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol::KeyValuePair; -enum ProxyProtocolVersion { Unknown = 0, V1 = 1, V2 = 2 }; +enum class ProxyProtocolVersion { NotFound = 0, V1 = 1, V2 = 2 }; enum class ReadOrParseState { Done, TryAgainLater, Error, SkipFilter, Denied }; @@ -66,7 +66,7 @@ struct VersionedProxyProtocolStats { */ struct ProxyProtocolStats { GeneralProxyProtocolStats general_stats_; - VersionedProxyProtocolStats unknown_; + VersionedProxyProtocolStats not_found_; VersionedProxyProtocolStats v1_; VersionedProxyProtocolStats v2_; @@ -171,7 +171,7 @@ class Filter : public Network::ListenerFilter, Logger::Loggable, From 5df93bb4a9fc9e3ab6e5e78ed73267b610c6bc24 Mon Sep 17 00:00:00 2001 From: Teju Nareddy Date: Wed, 13 Mar 2024 10:23:27 -0500 Subject: [PATCH 09/29] update doc Signed-off-by: Teju Nareddy --- .../configuration/listeners/listener_filters/proxy_protocol.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst b/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst index 6a9931f8fcb8..39602bae4284 100644 --- a/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst +++ b/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst @@ -42,7 +42,7 @@ This filter emits the following general statistics: downstream_cx_proxy_proto_error, Counter, Total number of connections with proxy protocol errors The filter also emits the statistics rooted at *downstream_cx_proxy_proto..* for each matched proxy protocol version. -Proxy protocol versions include `v1`, `v2`, and `unknown`. +Proxy protocol versions include `v1`, `v2`, and `not_found`. .. csv-table:: :header: Name, Type, Description From 03b353e19d9cf54de67b8418a534bdcc7b25d050 Mon Sep 17 00:00:00 2001 From: Teju Nareddy Date: Wed, 13 Mar 2024 10:37:25 -0500 Subject: [PATCH 10/29] Fix docs Signed-off-by: Teju Nareddy --- .../filters/listener/proxy_protocol/v3/proxy_protocol.proto | 4 ++-- .../listeners/listener_filters/proxy_protocol.rst | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/api/envoy/extensions/filters/listener/proxy_protocol/v3/proxy_protocol.proto b/api/envoy/extensions/filters/listener/proxy_protocol/v3/proxy_protocol.proto index 9faf282840d0..37a67481a159 100644 --- a/api/envoy/extensions/filters/listener/proxy_protocol/v3/proxy_protocol.proto +++ b/api/envoy/extensions/filters/listener/proxy_protocol/v3/proxy_protocol.proto @@ -81,8 +81,8 @@ message ProxyProtocol { // // When used in conjunction with the :ref:`allow_requests_without_proxy_protocol `, // the filter will only attempt to match signatures for the allowed versions. - // For example, when `allowed_versions=V1`, `allow_requests_without_proxy_protocol=true`, and an incoming request matches - // the V2 signature, the filter will allow the request through as if it did not contain + // For example, when ``allowed_versions=V1``, ``allow_requests_without_proxy_protocol=true``, + // and an incoming request matches the V2 signature, the filter will allow the request through as if it did not contain // PROXY protocol information. repeated config.core.v3.ProxyProtocolConfig.Version allowed_versions = 4; } diff --git a/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst b/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst index 39602bae4284..ba156180f3b3 100644 --- a/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst +++ b/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst @@ -42,7 +42,7 @@ This filter emits the following general statistics: downstream_cx_proxy_proto_error, Counter, Total number of connections with proxy protocol errors The filter also emits the statistics rooted at *downstream_cx_proxy_proto..* for each matched proxy protocol version. -Proxy protocol versions include `v1`, `v2`, and `not_found`. +Proxy protocol versions include ``v1``, ``v2``, and ``not_found``. .. csv-table:: :header: Name, Type, Description From ed99e3c6b84f0009d4e59c61d36f5a3d22c548c6 Mon Sep 17 00:00:00 2001 From: Teju Nareddy Date: Wed, 13 Mar 2024 11:10:15 -0500 Subject: [PATCH 11/29] Fix windows build Signed-off-by: Teju Nareddy --- .../filters/listener/proxy_protocol/proxy_protocol.cc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc index c6a99ea7eaf5..28579b8f8140 100644 --- a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc +++ b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc @@ -155,6 +155,7 @@ bool Config::isVersionAllowed(ProxyProtocolVersion version) const { case ProxyProtocolVersion::V2: return allow_v2_; } + return false; // Should never reach here, but needed for windows compiler warning. } VersionedProxyProtocolStats& Config::versionToStatsStruct(ProxyProtocolVersion version) { @@ -166,6 +167,7 @@ VersionedProxyProtocolStats& Config::versionToStatsStruct(ProxyProtocolVersion v case ProxyProtocolVersion::V2: return stats_.v2_; } + return stats_.not_found_; // Should never reach here, but needed for windows compiler warning. } Network::FilterStatus Filter::onAccept(Network::ListenerFilterCallbacks& cb) { From c0614b3c23d2aefa9f75227c9208e1088dd2b6f1 Mon Sep 17 00:00:00 2001 From: Teju Nareddy Date: Wed, 13 Mar 2024 13:01:26 -0500 Subject: [PATCH 12/29] Attempt to fix test failure Signed-off-by: Teju Nareddy --- .../filters/listener/proxy_protocol/proxy_protocol_test.cc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc b/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc index 570098f8e505..5844a0325ce4 100644 --- a/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc +++ b/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc @@ -2391,6 +2391,7 @@ TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V1InConfigAndV2BasicAll 0x00, 0x01, 0x01, 0x02, 0x03, 0x05, 0x00, 0x02, 'm', 'o', 'r', 'e', ' ', 'd', 'a', 't', 'a'}; write(buffer, sizeof(buffer)); + expectData(std::string(buffer, buffer + sizeof(buffer))); disconnect(); EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found.allowed").value(), 1); } @@ -2419,6 +2420,7 @@ TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V1InConfigAndV2ShortAll 0x54, 0x0a, 0x21, 0x21, 0x00, 0x04, 0x00, 0x08, 0x00, 0x02, 'm', 'o', 'r', 'e', ' ', 'd', 'a', 't', 'a'}; write(buffer, sizeof(buffer)); + expectData(std::string(buffer, buffer + sizeof(buffer))); disconnect(); EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found.allowed").value(), 1); } From 7eded4e7780e48cf2eddc88bc9edbb361c9a102c Mon Sep 17 00:00:00 2001 From: Teju Nareddy Date: Mon, 18 Mar 2024 16:45:05 -0500 Subject: [PATCH 13/29] Review comments: switch to disallowed_versions Signed-off-by: Teju Nareddy --- .../proxy_protocol/v3/proxy_protocol.proto | 18 +-- changelogs/current.yaml | 2 +- .../listener_filters/proxy_protocol.rst | 2 +- .../listener/proxy_protocol/proxy_protocol.cc | 28 ++-- .../listener/proxy_protocol/proxy_protocol.h | 4 +- .../proxy_protocol/proxy_protocol_test.cc | 142 +++++++----------- 6 files changed, 81 insertions(+), 115 deletions(-) diff --git a/api/envoy/extensions/filters/listener/proxy_protocol/v3/proxy_protocol.proto b/api/envoy/extensions/filters/listener/proxy_protocol/v3/proxy_protocol.proto index 37a67481a159..31ca8a6950e4 100644 --- a/api/envoy/extensions/filters/listener/proxy_protocol/v3/proxy_protocol.proto +++ b/api/envoy/extensions/filters/listener/proxy_protocol/v3/proxy_protocol.proto @@ -71,18 +71,18 @@ message ProxyProtocol { // which controls pass-through for the upstream. config.core.v3.ProxyProtocolPassThroughTLVs pass_through_tlvs = 3; - // The PROXY protocol versions to match. See https://www.haproxy.org/download/2.1/doc/proxy-protocol.txt for details. - // By default, the filter will match any version. + // The PROXY protocol versions that won't be matched. Useful to limit the scope and attack surface of the filter. // - // When the filter receives PROXY protocol data that does not match the specified versions, - // it will reject the connection. + // When the filter receives PROXY protocol data that is disallowed, it will reject the connection. + // By default, the filter will match all PROXY protocol versions. + // See https://www.haproxy.org/download/2.1/doc/proxy-protocol.txt for details. // // .. attention:: // // When used in conjunction with the :ref:`allow_requests_without_proxy_protocol `, - // the filter will only attempt to match signatures for the allowed versions. - // For example, when ``allowed_versions=V1``, ``allow_requests_without_proxy_protocol=true``, - // and an incoming request matches the V2 signature, the filter will allow the request through as if it did not contain - // PROXY protocol information. - repeated config.core.v3.ProxyProtocolConfig.Version allowed_versions = 4; + // the filter will not attempt to match signatures for the disallowed versions. + // For example, when ``disallowed_versions=V2``, ``allow_requests_without_proxy_protocol=true``, + // and an incoming request matches the V2 signature, the filter will allow the request through without any modification. + // The filter treats this request as if it did not have any PROXY protocol information. + repeated config.core.v3.ProxyProtocolConfig.Version disallowed_versions = 4; } diff --git a/changelogs/current.yaml b/changelogs/current.yaml index 8c8842625738..924a39c26ca1 100644 --- a/changelogs/current.yaml +++ b/changelogs/current.yaml @@ -341,7 +341,7 @@ new_features: configuration section. - area: proxy_protocol change: | - Added :ref:`allowed_versions ` + Added :ref:`disallowed_versions ` to enforce the filter only matches specific PROXY protocol versions. - area: proxy_protocol change: | diff --git a/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst b/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst index ba156180f3b3..e76a623510dc 100644 --- a/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst +++ b/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst @@ -49,5 +49,5 @@ Proxy protocol versions include ``v1``, ``v2``, and ``not_found``. :widths: 1, 1, 2 allowed, Counter, Total number of connections allowed - denied, Counter, Total number of connections rejected due to :ref:`allowed_versions `. + denied, Counter, Total number of connections rejected due to :ref:`allowed_versions `. error, Counter, Total number of connections rejected due to parsing error diff --git a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc index 28579b8f8140..563d34ade993 100644 --- a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc +++ b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc @@ -107,23 +107,17 @@ Config::Config( } } - if (proto_config.allowed_versions().empty()) { - ENVOY_LOG(debug, "No allowed_versions specified, allowing all PROXY protocol versions."); - allow_v1_ = true; - allow_v2_ = true; - } else { - for (const auto& version : proto_config.allowed_versions()) { - switch (version) { - case ProxyProtocolConfig::V1: - allow_v1_ = true; - break; - case ProxyProtocolConfig::V2: - allow_v2_ = true; - break; - default: - throw EnvoyException( - absl::StrCat("Unknown proxy protocol version (enum int cast): ", version)); - } + for (const auto& version : proto_config.disallowed_versions()) { + switch (version) { + case ProxyProtocolConfig::V1: + allow_v1_ = false; + break; + case ProxyProtocolConfig::V2: + allow_v2_ = false; + break; + default: + throw EnvoyException( + absl::StrCat("Unknown proxy protocol version (enum int cast): ", version)); } } } diff --git a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.h b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.h index 3cef04b73a4d..bbe82c1eb50b 100644 --- a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.h +++ b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.h @@ -115,8 +115,8 @@ class Config : public Logger::Loggable { const bool allow_requests_without_proxy_protocol_; const bool pass_all_tlvs_; absl::flat_hash_set pass_through_tlvs_{}; - bool allow_v1_{false}; - bool allow_v2_{false}; + bool allow_v1_{true}; + bool allow_v2_{true}; }; using ConfigSharedPtr = std::shared_ptr; diff --git a/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc b/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc index 5844a0325ce4..833d45084b69 100644 --- a/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc +++ b/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc @@ -2177,26 +2177,26 @@ TEST_P(ProxyProtocolTest, DrainError) { } #endif -class ProxyProtocolAllowedVersionsTest : public ProxyProtocolTest { +class ProxyProtocolDisallowedVersionsTest : public ProxyProtocolTest { public: virtual envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol - createConfig(const std::vector& allowed_versions) const { + createConfig(const std::vector& disallowed_versions) const { envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config; - for (const auto& version : allowed_versions) { - proto_config.mutable_allowed_versions()->Add(version); + for (const auto& version : disallowed_versions) { + proto_config.mutable_disallowed_versions()->Add(version); } return proto_config; } }; // Parameterize the listener socket address version. -INSTANTIATE_TEST_SUITE_P(IpVersions, ProxyProtocolAllowedVersionsTest, +INSTANTIATE_TEST_SUITE_P(IpVersions, ProxyProtocolDisallowedVersionsTest, testing::ValuesIn(TestEnvironment::getIpVersionsForTest()), TestUtility::ipTestParamsToString); -TEST_P(ProxyProtocolAllowedVersionsTest, V2InConfigAndV2BasicAllowed) { +TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV2BasicAllowed) { envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = - createConfig({ProxyProtocolConfig::V2}); + createConfig({ProxyProtocolConfig::V1}); connect(true, &proto_config); // A well-formed ipv4/tcp message, no extensions @@ -2210,10 +2210,10 @@ TEST_P(ProxyProtocolAllowedVersionsTest, V2InConfigAndV2BasicAllowed) { EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); } -TEST_P(ProxyProtocolAllowedVersionsTest, V1V2InConfigAndV2BasicAllowed) { +TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV2BasicRejected) { envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = - createConfig({ProxyProtocolConfig::V2, ProxyProtocolConfig::V1}); - connect(true, &proto_config); + createConfig({ProxyProtocolConfig::V2}); + connect(false, &proto_config); // A well-formed ipv4/tcp message, no extensions constexpr uint8_t buffer[] = {0x0d, 0x0a, 0x0d, 0x0a, 0x00, 0x0d, 0x0a, 0x51, 0x55, 0x49, @@ -2221,14 +2221,13 @@ TEST_P(ProxyProtocolAllowedVersionsTest, V1V2InConfigAndV2BasicAllowed) { 0x00, 0x01, 0x01, 0x02, 0x03, 0x05, 0x00, 0x02, 'm', 'o', 'r', 'e', ' ', 'd', 'a', 't', 'a'}; write(buffer, sizeof(buffer)); - expectData("more data"); - disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); + expectConnectionError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.denied").value(), 1); } -TEST_P(ProxyProtocolAllowedVersionsTest, V1InConfigAndV2BasicRejected) { +TEST_P(ProxyProtocolDisallowedVersionsTest, V1V2DisallowedV2BasicRejected) { envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = - createConfig({ProxyProtocolConfig::V1}); + createConfig({ProxyProtocolConfig::V1, ProxyProtocolConfig::V2}); connect(false, &proto_config); // A well-formed ipv4/tcp message, no extensions @@ -2241,24 +2240,9 @@ TEST_P(ProxyProtocolAllowedVersionsTest, V1InConfigAndV2BasicRejected) { EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.denied").value(), 1); } -TEST_P(ProxyProtocolAllowedVersionsTest, V2InConfigAndV2ShortError) { - envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = - createConfig({ProxyProtocolConfig::V2}); - connect(false, &proto_config); - - // An ipv4/tcp connection that has incorrect addr-len encoded - constexpr uint8_t buffer[] = {0x0d, 0x0a, 0x0d, 0x0a, 0x00, 0x0d, 0x0a, 0x51, 0x55, 0x49, - 0x54, 0x0a, 0x21, 0x21, 0x00, 0x04, 0x00, 0x08, 0x00, 0x02, - 'm', 'o', 'r', 'e', ' ', 'd', 'a', 't', 'a'}; - write(buffer, sizeof(buffer)); - expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); -} - -TEST_P(ProxyProtocolAllowedVersionsTest, V1V2InConfigAndV2ShortError) { +TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV2ShortError) { envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V1}); - proto_config.mutable_allowed_versions()->Add(ProxyProtocolConfig::V2); connect(false, &proto_config); // An ipv4/tcp connection that has incorrect addr-len encoded @@ -2270,9 +2254,9 @@ TEST_P(ProxyProtocolAllowedVersionsTest, V1V2InConfigAndV2ShortError) { EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); } -TEST_P(ProxyProtocolAllowedVersionsTest, V1InConfigAndV2ShortRejected) { +TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV2ShortRejected) { envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = - createConfig({ProxyProtocolConfig::V1}); + createConfig({ProxyProtocolConfig::V2}); connect(false, &proto_config); // An ipv4/tcp connection that has incorrect addr-len encoded @@ -2284,9 +2268,9 @@ TEST_P(ProxyProtocolAllowedVersionsTest, V1InConfigAndV2ShortRejected) { EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.denied").value(), 1); } -TEST_P(ProxyProtocolAllowedVersionsTest, V1InConfigAndV1BasicAllowed) { +TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV1BasicAllowed) { envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = - createConfig({ProxyProtocolConfig::V1}); + createConfig({ProxyProtocolConfig::V2}); connect(true, &proto_config); write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); @@ -2295,21 +2279,9 @@ TEST_P(ProxyProtocolAllowedVersionsTest, V1InConfigAndV1BasicAllowed) { EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.allowed").value(), 1); } -TEST_P(ProxyProtocolAllowedVersionsTest, V1V2InConfigAndV1BasicAllowed) { +TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV1BasicRejected) { envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = createConfig({ProxyProtocolConfig::V1}); - proto_config.mutable_allowed_versions()->Add(ProxyProtocolConfig::V2); - connect(true, &proto_config); - - write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); - expectData("more data"); - disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.allowed").value(), 1); -} - -TEST_P(ProxyProtocolAllowedVersionsTest, V2InConfigAndV1BasicRejected) { - envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = - createConfig({ProxyProtocolConfig::V2}); connect(false, &proto_config); write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); @@ -2317,9 +2289,9 @@ TEST_P(ProxyProtocolAllowedVersionsTest, V2InConfigAndV1BasicRejected) { EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.denied").value(), 1); } -TEST_P(ProxyProtocolAllowedVersionsTest, V1InConfigAndV1BadPortError) { +TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV1BadPortError) { envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = - createConfig({ProxyProtocolConfig::V1}); + createConfig({ProxyProtocolConfig::V2}); connect(false, &proto_config); write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); @@ -2327,20 +2299,19 @@ TEST_P(ProxyProtocolAllowedVersionsTest, V1InConfigAndV1BadPortError) { EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); } -TEST_P(ProxyProtocolAllowedVersionsTest, V1V2InConfigAndV1BadPortError) { +TEST_P(ProxyProtocolDisallowedVersionsTest, V1V2DisallowedV1BasicRejected) { envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = - createConfig({ProxyProtocolConfig::V1}); - proto_config.mutable_allowed_versions()->Add(ProxyProtocolConfig::V2); + createConfig({ProxyProtocolConfig::V1, ProxyProtocolConfig::V2}); connect(false, &proto_config); - write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); - expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); + write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); + expectConnectionError(); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.denied").value(), 1); } -TEST_P(ProxyProtocolAllowedVersionsTest, V2InConfigAndV1BadPortError) { +TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV1BadPortError) { envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = - createConfig({ProxyProtocolConfig::V2}); + createConfig({ProxyProtocolConfig::V1}); connect(false, &proto_config); write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); @@ -2348,25 +2319,26 @@ TEST_P(ProxyProtocolAllowedVersionsTest, V2InConfigAndV1BadPortError) { EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.denied").value(), 1); } -// Tests a combination of `allowed_versions` and `allow_requests_without_proxy_protocol`. -class ProxyProtocolAllowedVersionsWithNoProxyProtoTest : public ProxyProtocolAllowedVersionsTest { +// Tests a combination of `disallowed_versions` and `allow_requests_without_proxy_protocol`. +class ProxyProtocolDisallowedVersionsWithNoProxyProtoTest + : public ProxyProtocolDisallowedVersionsTest { public: - envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol - createConfig(const std::vector& allowed_versions) const override { - auto proto_config = ProxyProtocolAllowedVersionsTest::createConfig(allowed_versions); + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol createConfig( + const std::vector& disallowed_versions) const override { + auto proto_config = ProxyProtocolDisallowedVersionsTest::createConfig(disallowed_versions); proto_config.set_allow_requests_without_proxy_protocol(true); return proto_config; } }; // Parameterize the listener socket address version. -INSTANTIATE_TEST_SUITE_P(IpVersions, ProxyProtocolAllowedVersionsWithNoProxyProtoTest, +INSTANTIATE_TEST_SUITE_P(IpVersions, ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, testing::ValuesIn(TestEnvironment::getIpVersionsForTest()), TestUtility::ipTestParamsToString); -TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V2InConfigAndV2BasicAllowed) { +TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV2BasicAllowed) { envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = - createConfig({ProxyProtocolConfig::V2}); + createConfig({ProxyProtocolConfig::V1}); connect(true, &proto_config); // A well-formed ipv4/tcp message, no extensions @@ -2380,9 +2352,9 @@ TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V2InConfigAndV2BasicAll EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); } -TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V1InConfigAndV2BasicAllowed) { +TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV2BasicAllowed) { envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = - createConfig({ProxyProtocolConfig::V1}); + createConfig({ProxyProtocolConfig::V2}); connect(true, &proto_config); // A well-formed ipv4/tcp message, no extensions @@ -2396,9 +2368,9 @@ TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V1InConfigAndV2BasicAll EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found.allowed").value(), 1); } -TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V2InConfigAndV2ShortError) { +TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV2ShortError) { envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = - createConfig({ProxyProtocolConfig::V2}); + createConfig({ProxyProtocolConfig::V1}); connect(false, &proto_config); // An ipv4/tcp connection that has incorrect addr-len encoded @@ -2410,9 +2382,9 @@ TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V2InConfigAndV2ShortErr EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); } -TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V1InConfigAndV2ShortAllowed) { +TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV2ShortAllowed) { envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = - createConfig({ProxyProtocolConfig::V1}); + createConfig({ProxyProtocolConfig::V2}); connect(true, &proto_config); // An ipv4/tcp connection that has incorrect addr-len encoded @@ -2425,9 +2397,9 @@ TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V1InConfigAndV2ShortAll EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found.allowed").value(), 1); } -TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V1InConfigAndV1BasicAllowed) { +TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV1BasicAllowed) { envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = - createConfig({ProxyProtocolConfig::V1}); + createConfig({ProxyProtocolConfig::V2}); connect(true, &proto_config); write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); @@ -2436,9 +2408,9 @@ TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V1InConfigAndV1BasicAll EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.allowed").value(), 1); } -TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V2InConfigAndV1BasicAllowed) { +TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV1BasicAllowed) { envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = - createConfig({ProxyProtocolConfig::V2}); + createConfig({ProxyProtocolConfig::V1}); connect(true, &proto_config); write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); @@ -2447,9 +2419,9 @@ TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V2InConfigAndV1BasicAll EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found.allowed").value(), 1); } -TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V1InConfigAndV1BadPortError) { +TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV1BadPortError) { envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = - createConfig({ProxyProtocolConfig::V1}); + createConfig({ProxyProtocolConfig::V2}); connect(false, &proto_config); write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); @@ -2457,9 +2429,9 @@ TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V1InConfigAndV1BadPortE EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); } -TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V2InConfigAndV1BadPortAllowed) { +TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV1BadPortAllowed) { envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = - createConfig({ProxyProtocolConfig::V2}); + createConfig({ProxyProtocolConfig::V1}); connect(true, &proto_config); write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); @@ -2469,10 +2441,10 @@ TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V2InConfigAndV1BadPortA } // In direct comparison to V1TooLongWithAllowNoProxyProtocol. -TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, - V2InConfigAllowNoProxyProtocolAndV1NotMatched) { +TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, + V1DisallowedAllowNoProxyProtocolAndV1NotMatched) { envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = - createConfig({ProxyProtocolConfig::V2}); + createConfig({ProxyProtocolConfig::V1}); connect(true, &proto_config); write("PROXY TCP4 1.2.3.4 2.3.4.5 100 100 RANDOM ENDING"); @@ -2482,11 +2454,11 @@ TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found.allowed").value(), 1); } -TEST_P(ProxyProtocolAllowedVersionsWithNoProxyProtoTest, V1InConfigAndAllowTinyNoProxyProtocol) { +TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedAllowTinyNoProxyProtocol) { // Allows a small request (less bytes than v1/v2 signature) through even though it doesn't use // proxy protocol envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = - createConfig({ProxyProtocolConfig::V1}); // Essentially NOOP. + createConfig({ProxyProtocolConfig::V2}); // Essentially NOOP. connect(true, &proto_config); std::string msg = "data"; From eca88f99af3b729cf55f8d6ca735ea2ad4ac8338 Mon Sep 17 00:00:00 2001 From: Teju Nareddy Date: Mon, 18 Mar 2024 16:56:06 -0500 Subject: [PATCH 14/29] Fix doc Signed-off-by: Teju Nareddy --- .../configuration/listeners/listener_filters/proxy_protocol.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst b/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst index e76a623510dc..01ced9d8007c 100644 --- a/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst +++ b/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst @@ -49,5 +49,5 @@ Proxy protocol versions include ``v1``, ``v2``, and ``not_found``. :widths: 1, 1, 2 allowed, Counter, Total number of connections allowed - denied, Counter, Total number of connections rejected due to :ref:`allowed_versions `. + denied, Counter, Total number of connections rejected due to :ref:`disallowed_versions `. error, Counter, Total number of connections rejected due to parsing error From 0414a49196b6938d7bae5c50103327dd53a90761 Mon Sep 17 00:00:00 2001 From: Teju Nareddy Date: Tue, 19 Mar 2024 12:01:11 -0500 Subject: [PATCH 15/29] Review comments: doc and enum handling Signed-off-by: Teju Nareddy --- .../listeners/listener_filters/proxy_protocol.rst | 10 ++++++++++ .../filters/listener/proxy_protocol/proxy_protocol.cc | 8 +++----- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst b/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst index 01ced9d8007c..31a6d0559545 100644 --- a/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst +++ b/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst @@ -51,3 +51,13 @@ Proxy protocol versions include ``v1``, ``v2``, and ``not_found``. allowed, Counter, Total number of connections allowed denied, Counter, Total number of connections rejected due to :ref:`disallowed_versions `. error, Counter, Total number of connections rejected due to parsing error + +Some per-version statistics are emitted only under certain filter configurations, as captured in the matrix below: + +.. csv-table:: + :header: , not_found, v1, v2 + :widths: 1, 1, 1, 1 + + allowed, Emitted only when ``allow_requests_without_proxy_protocol=true``, Emitted by default, Emitted by default + denied, N/A, Emitted only when ``disallowed_versions`` contains ``v1``, Emitted only when ``disallowed_versions`` contains ``v2`` + error, Emitted only when ``allow_requests_without_proxy_protocol=false``, Emitted by default, Emitted by default diff --git a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc index 563d34ade993..6d36477af7ab 100644 --- a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc +++ b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc @@ -109,15 +109,13 @@ Config::Config( for (const auto& version : proto_config.disallowed_versions()) { switch (version) { + PANIC_ON_PROTO_ENUM_SENTINEL_VALUES; case ProxyProtocolConfig::V1: allow_v1_ = false; break; case ProxyProtocolConfig::V2: allow_v2_ = false; break; - default: - throw EnvoyException( - absl::StrCat("Unknown proxy protocol version (enum int cast): ", version)); } } } @@ -149,7 +147,7 @@ bool Config::isVersionAllowed(ProxyProtocolVersion version) const { case ProxyProtocolVersion::V2: return allow_v2_; } - return false; // Should never reach here, but needed for windows compiler warning. + PANIC_DUE_TO_CORRUPT_ENUM; } VersionedProxyProtocolStats& Config::versionToStatsStruct(ProxyProtocolVersion version) { @@ -161,7 +159,7 @@ VersionedProxyProtocolStats& Config::versionToStatsStruct(ProxyProtocolVersion v case ProxyProtocolVersion::V2: return stats_.v2_; } - return stats_.not_found_; // Should never reach here, but needed for windows compiler warning. + PANIC_DUE_TO_CORRUPT_ENUM; } Network::FilterStatus Filter::onAccept(Network::ListenerFilterCallbacks& cb) { From b65c3aacd71ead66a15e296eae8c0c40148dea39 Mon Sep 17 00:00:00 2001 From: Teju Nareddy Date: Tue, 19 Mar 2024 15:40:32 -0500 Subject: [PATCH 16/29] Review comments: enums and integration test Signed-off-by: Teju Nareddy --- .../listener/proxy_protocol/proxy_protocol.cc | 26 ++++++------- .../listener/proxy_protocol/proxy_protocol.h | 11 +++++- .../proxy_proto_integration_test.cc | 39 ++++++++++++++++++- .../proxy_proto_integration_test.h | 5 +++ 4 files changed, 62 insertions(+), 19 deletions(-) diff --git a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc index 6d36477af7ab..0fa8aabb85a5 100644 --- a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc +++ b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc @@ -138,18 +138,14 @@ bool Config::isPassThroughTlvTypeNeeded(uint8_t tlv_type) const { size_t Config::numberOfNeededTlvTypes() const { return tlv_types_.size(); } -bool Config::isVersionAllowed(ProxyProtocolVersion version) const { - switch (version) { - case ProxyProtocolVersion::NotFound: - return allow_requests_without_proxy_protocol_; - case ProxyProtocolVersion::V1: - return allow_v1_; - case ProxyProtocolVersion::V2: - return allow_v2_; - } - PANIC_DUE_TO_CORRUPT_ENUM; +bool Config::allowRequestsWithoutProxyProtocol() const { + return allow_requests_without_proxy_protocol_; } +bool Config::isVersionV1Allowed() const { return allow_v1_; } + +bool Config::isVersionV2Allowed() const { return allow_v2_; } + VersionedProxyProtocolStats& Config::versionToStatsStruct(ProxyProtocolVersion version) { switch (version) { case ProxyProtocolVersion::NotFound: @@ -576,11 +572,11 @@ ReadOrParseState Filter::readProxyHeader(Network::ListenerFilterBuffer& buffer) auto raw_slice = buffer.rawSlice(); const char* buf = static_cast(raw_slice.mem_); - if (config_->isVersionAllowed(ProxyProtocolVersion::NotFound)) { - auto matchv2 = config_->isVersionAllowed(ProxyProtocolVersion::V2) && + if (config_->allowRequestsWithoutProxyProtocol()) { + auto matchv2 = config_->isVersionV2Allowed() && !memcmp(buf, PROXY_PROTO_V2_SIGNATURE, std::min(PROXY_PROTO_V2_SIGNATURE_LEN, raw_slice.len_)); - auto matchv1 = config_->isVersionAllowed(ProxyProtocolVersion::V1) && + auto matchv1 = config_->isVersionV1Allowed() && !memcmp(buf, PROXY_PROTO_V1_SIGNATURE, std::min(PROXY_PROTO_V1_SIGNATURE_LEN, raw_slice.len_)); if (!matchv2 && !matchv1) { @@ -603,7 +599,7 @@ ReadOrParseState Filter::readProxyHeader(Network::ListenerFilterBuffer& buffer) } if (header_version_ == ProxyProtocolVersion::V2) { - if (!config_->isVersionAllowed(ProxyProtocolVersion::V2)) { + if (!config_->isVersionV2Allowed()) { ENVOY_LOG(trace, "Filter is not configured to allow v2 proxy protocol requests"); return ReadOrParseState::Denied; } @@ -657,7 +653,7 @@ ReadOrParseState Filter::readProxyHeader(Network::ListenerFilterBuffer& buffer) } if (header_version_ == ProxyProtocolVersion::V1) { - if (!config_->isVersionAllowed(ProxyProtocolVersion::V1)) { + if (!config_->isVersionV1Allowed()) { ENVOY_LOG(trace, "Filter is not configured to allow v1 proxy protocol requests"); return ReadOrParseState::Denied; } diff --git a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.h b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.h index bbe82c1eb50b..7f3462d87174 100644 --- a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.h +++ b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.h @@ -101,9 +101,16 @@ class Config : public Logger::Loggable { bool isPassThroughTlvTypeNeeded(uint8_t type) const; /** - * Return true if the given PROXY protocol version should be parsed by the filter. + * Filter configuration that determines if we should pass-through requests without + * proxy protocol. Should only be configured to true for trusted downstreams. */ - bool isVersionAllowed(ProxyProtocolVersion version) const; + bool allowRequestsWithoutProxyProtocol() const; + + /** + * Filter configuration that determines if a version is disallowed. + */ + bool isVersionV1Allowed() const; + bool isVersionV2Allowed() const; /** * Return the stats for the given PROXY protocol version. diff --git a/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc b/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc index cc365938b0ef..35b4eb3e0131 100644 --- a/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc +++ b/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc @@ -16,6 +16,8 @@ namespace Envoy { +constexpr absl::string_view kProxyProtoFilterName = "envoy.listener.proxy_protocol"; + static void insertProxyProtocolFilterConfigModifier(envoy::config::bootstrap::v3::Bootstrap& bootstrap) { ::envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proxy_protocol; @@ -25,8 +27,8 @@ insertProxyProtocolFilterConfigModifier(envoy::config::bootstrap::v3::Bootstrap& auto* listener = bootstrap.mutable_static_resources()->mutable_listeners(0); auto* ppv_filter = listener->add_listener_filters(); - ppv_filter->set_name("envoy.listener.proxy_protocol"); - ppv_filter->mutable_typed_config()->PackFrom(proxy_protocol); + ppv_filter->set_name(kProxyProtoFilterName); + ASSERT_TRUE(ppv_filter->mutable_typed_config()->PackFrom(proxy_protocol)); } ProxyProtoIntegrationTest::ProxyProtoIntegrationTest() @@ -355,4 +357,37 @@ TEST_P(ProxyProtoFilterChainMatchIntegrationTest, MoreSpecificDirectSource) { absl::StrCat("- ", StreamInfo::ResponseCodeDetails::get().FilterChainNotFound))); } +ProxyProtoDisallowedVersionsIntegrationTest::ProxyProtoDisallowedVersionsIntegrationTest() { + config_helper_.skipPortUsageValidation(); + config_helper_.addConfigModifier([&](envoy::config::bootstrap::v3::Bootstrap& bootstrap) -> void { + // This test doesn't need to deal with upstream connections at all, so make sure none occur. + bootstrap.mutable_static_resources()->mutable_clusters(0)->clear_load_assignment(); + + // V1 is disallowed. + ::envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proxy_protocol; + proxy_protocol.add_disallowed_versions(::envoy::config::core::v3::ProxyProtocolConfig::V1); + + auto* listener = bootstrap.mutable_static_resources()->mutable_listeners(0); + auto* ppv_filter = listener->mutable_listener_filters(0); + ASSERT_EQ(ppv_filter->name(), kProxyProtoFilterName); + // Overwrite. + ASSERT_TRUE(ppv_filter->mutable_typed_config()->PackFrom(proxy_protocol)); + }); +} + +INSTANTIATE_TEST_SUITE_P(IpVersions, ProxyProtoDisallowedVersionsIntegrationTest, + testing::ValuesIn(TestEnvironment::getIpVersionsForTest()), + TestUtility::ipTestParamsToString); + +// Validate Envoy closes connection when PROXY protocol version 1 is used. +TEST_P(ProxyProtoDisallowedVersionsIntegrationTest, V1Rejected) { + initialize(); + + IntegrationTcpClientPtr tcp_client = makeTcpConnection(lookupPort("tcp_proxy")); + ASSERT_TRUE(tcp_client->write("PROXY TCP4 1.2.3.4 254.254.254.254 12345 1234\r\nhello", + /*end_stream=*/false, /*verify=*/false)); + tcp_client->waitForDisconnect(); + EXPECT_EQ(test_server_->counter("downstream_cx_proxy_proto.v1.denied"), 1); +} + } // namespace Envoy diff --git a/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.h b/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.h index bdc45933b7ff..64fb19c833f5 100644 --- a/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.h +++ b/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.h @@ -31,4 +31,9 @@ class ProxyProtoFilterChainMatchIntegrationTest : public ProxyProtoTcpIntegratio void send(const std::string& data); }; +class ProxyProtoDisallowedVersionsIntegrationTest : public ProxyProtoTcpIntegrationTest { +public: + ProxyProtoDisallowedVersionsIntegrationTest(); +}; + } // namespace Envoy From 1780d1782d5a6676f769142e4961a6f438e358d7 Mon Sep 17 00:00:00 2001 From: Teju Nareddy Date: Tue, 19 Mar 2024 16:07:12 -0500 Subject: [PATCH 17/29] Make new stats rooted under listener Signed-off-by: Teju Nareddy --- .../listener_filters/proxy_protocol.rst | 4 +- .../filters/listener/proxy_protocol/config.cc | 3 +- .../listener/proxy_protocol/proxy_protocol.cc | 12 +- .../listener/proxy_protocol/proxy_protocol.h | 10 +- .../proxy_proto_integration_test.cc | 3 +- .../proxy_protocol_fuzz_test.cc | 3 +- .../proxy_protocol/proxy_protocol_test.cc | 354 +++++++++++++----- 7 files changed, 280 insertions(+), 109 deletions(-) diff --git a/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst b/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst index 31a6d0559545..63000cd70242 100644 --- a/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst +++ b/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst @@ -41,8 +41,8 @@ This filter emits the following general statistics: downstream_cx_proxy_proto_error, Counter, Total number of connections with proxy protocol errors -The filter also emits the statistics rooted at *downstream_cx_proxy_proto..* for each matched proxy protocol version. -Proxy protocol versions include ``v1``, ``v2``, and ``not_found``. +The filter also emits the statistics rooted at *listener..downstream_cx_proxy_proto..* +for each matched proxy protocol version. Proxy protocol versions include ``v1``, ``v2``, and ``not_found``. .. csv-table:: :header: Name, Type, Description diff --git a/source/extensions/filters/listener/proxy_protocol/config.cc b/source/extensions/filters/listener/proxy_protocol/config.cc index 8044b2deb31f..bcc54edd7a33 100644 --- a/source/extensions/filters/listener/proxy_protocol/config.cc +++ b/source/extensions/filters/listener/proxy_protocol/config.cc @@ -28,7 +28,8 @@ class ProxyProtocolConfigFactory : public Server::Configuration::NamedListenerFi const envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol&>( message, context.messageValidationVisitor()); - ConfigSharedPtr config = std::make_shared(context.scope(), proto_config); + ConfigSharedPtr config = + std::make_shared(context.scope(), context.listenerScope(), proto_config); return [listener_filter_matcher, config](Network::ListenerFilterManager& filter_manager) -> void { filter_manager.addAcceptFilter(listener_filter_matcher, std::make_unique(config)); diff --git a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc index 0fa8aabb85a5..238d430a4660 100644 --- a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc +++ b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc @@ -52,18 +52,18 @@ namespace ProxyProtocol { constexpr absl::string_view kVersionedStatsPrefix = "downstream_cx_proxy_proto."; -ProxyProtocolStats ProxyProtocolStats::create(Stats::Scope& scope) { +ProxyProtocolStats ProxyProtocolStats::create(Stats::Scope& scope, Stats::Scope& listener_scope) { return { /*general_stats_=*/{GENERAL_PROXY_PROTOCOL_STATS(POOL_COUNTER(scope))}, /*not_found_=*/ {VERSIONED_PROXY_PROTOCOL_STATS( - POOL_COUNTER_PREFIX(scope, absl::StrCat(kVersionedStatsPrefix, "not_found.")))}, + POOL_COUNTER_PREFIX(listener_scope, absl::StrCat(kVersionedStatsPrefix, "not_found.")))}, /*v1_=*/ {VERSIONED_PROXY_PROTOCOL_STATS( - POOL_COUNTER_PREFIX(scope, absl::StrCat(kVersionedStatsPrefix, "v1.")))}, + POOL_COUNTER_PREFIX(listener_scope, absl::StrCat(kVersionedStatsPrefix, "v1.")))}, /*v2_=*/ {VERSIONED_PROXY_PROTOCOL_STATS( - POOL_COUNTER_PREFIX(scope, absl::StrCat(kVersionedStatsPrefix, "v2.")))}, + POOL_COUNTER_PREFIX(listener_scope, absl::StrCat(kVersionedStatsPrefix, "v2.")))}, }; } @@ -88,9 +88,9 @@ void VersionedProxyProtocolStats::increment(ReadOrParseState decision) { } Config::Config( - Stats::Scope& scope, + Stats::Scope& scope, Stats::Scope& listener_scope, const envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol& proto_config) - : stats_(ProxyProtocolStats::create(scope)), + : stats_(ProxyProtocolStats::create(scope, listener_scope)), allow_requests_without_proxy_protocol_(proto_config.allow_requests_without_proxy_protocol()), pass_all_tlvs_(proto_config.has_pass_through_tlvs() ? proto_config.pass_through_tlvs().match_type() == diff --git a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.h b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.h index 7f3462d87174..a478da1d10a6 100644 --- a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.h +++ b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.h @@ -70,7 +70,13 @@ struct ProxyProtocolStats { VersionedProxyProtocolStats v1_; VersionedProxyProtocolStats v2_; - static ProxyProtocolStats create(Stats::Scope& scope); + /** + * Create an instance of the stats struct, with both general (legacy) and versioned stats. + * + * For backwards compatibility, the general (legacy) stats are rooted at this filter's own scope. + * The versioned stats are correctly rooted at the listener's scope. + */ + static ProxyProtocolStats create(Stats::Scope& scope, Stats::Scope& listener_scope); }; /** @@ -79,7 +85,7 @@ struct ProxyProtocolStats { class Config : public Logger::Loggable { public: Config( - Stats::Scope& scope, + Stats::Scope& scope, Stats::Scope& listener_scope, const envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol& proto_config); ProxyProtocolStats stats_; diff --git a/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc b/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc index 35b4eb3e0131..53bf071dddcb 100644 --- a/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc +++ b/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc @@ -26,6 +26,7 @@ insertProxyProtocolFilterConfigModifier(envoy::config::bootstrap::v3::Bootstrap& rule->mutable_on_tlv_present()->set_key("PP2TypeAuthority"); auto* listener = bootstrap.mutable_static_resources()->mutable_listeners(0); + listener->set_stat_prefix("test_listener"); auto* ppv_filter = listener->add_listener_filters(); ppv_filter->set_name(kProxyProtoFilterName); ASSERT_TRUE(ppv_filter->mutable_typed_config()->PackFrom(proxy_protocol)); @@ -387,7 +388,7 @@ TEST_P(ProxyProtoDisallowedVersionsIntegrationTest, V1Rejected) { ASSERT_TRUE(tcp_client->write("PROXY TCP4 1.2.3.4 254.254.254.254 12345 1234\r\nhello", /*end_stream=*/false, /*verify=*/false)); tcp_client->waitForDisconnect(); - EXPECT_EQ(test_server_->counter("downstream_cx_proxy_proto.v1.denied"), 1); + EXPECT_EQ(test_server_->counter("listener.test_listener.downstream_cx_proxy_proto.v1.denied"), 1); } } // namespace Envoy diff --git a/test/extensions/filters/listener/proxy_protocol/proxy_protocol_fuzz_test.cc b/test/extensions/filters/listener/proxy_protocol/proxy_protocol_fuzz_test.cc index f8400374608b..921e4a72057f 100644 --- a/test/extensions/filters/listener/proxy_protocol/proxy_protocol_fuzz_test.cc +++ b/test/extensions/filters/listener/proxy_protocol/proxy_protocol_fuzz_test.cc @@ -19,7 +19,8 @@ DEFINE_PROTO_FUZZER( } Stats::IsolatedStoreImpl store; - ConfigSharedPtr cfg = std::make_shared(*store.rootScope(), input.config()); + ConfigSharedPtr cfg = std::make_shared( + *store.rootScope(), *store.createScope("listener.test"), input.config()); auto filter = std::make_unique(std::move(cfg)); ListenerFilterWithDataFuzzer fuzzer; diff --git a/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc b/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc index 833d45084b69..8368daf6db02 100644 --- a/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc +++ b/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc @@ -98,7 +98,9 @@ class ProxyProtocolTest : public testing::TestWithParam bool { filter_manager.addAcceptFilter( nullptr, std::make_unique(std::make_shared( - listenerScope(), (nullptr != proto_config) - ? *proto_config - : envoy::extensions::filters::listener:: - proxy_protocol::v3::ProxyProtocol()))); + *stats_store_.rootScope(), listenerScope(), + (nullptr != proto_config) ? *proto_config + : envoy::extensions::filters::listener:: + proxy_protocol::v3::ProxyProtocol()))); maybeExitDispatcher(); return true; })); @@ -243,7 +245,8 @@ TEST_P(ProxyProtocolTest, V1UnsupportedIPv4) { Cleanup cleaner = Network::Address::Ipv4Instance::forceProtocolUnsupportedForTest(true); write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, V1UnsupportedIPv6) { @@ -251,7 +254,8 @@ TEST_P(ProxyProtocolTest, V1UnsupportedIPv6) { Cleanup cleaner = Network::Address::Ipv6Instance::forceProtocolUnsupportedForTest(true); write("PROXY TCP6 1:2:3::4 5:6::7:8 65535 1234\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, V1Basic) { @@ -265,7 +269,9 @@ TEST_P(ProxyProtocolTest, V1Basic) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.allowed").value(), + 1); } TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocol) { @@ -283,7 +289,10 @@ TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocol) { write(msg); expectData(msg); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.allowed") + .value(), + 1); } TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocolPartialMatchesV1First) { @@ -303,7 +312,10 @@ TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocolPartialMatchesV1First) { write(msg); expectData(msg); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.allowed") + .value(), + 1); } TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocolPartialMatchesV2First) { @@ -323,7 +335,10 @@ TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocolPartialMatchesV2First) { write(msg); expectData(msg); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.allowed") + .value(), + 1); } TEST_P(ProxyProtocolTest, AllowLargeNoProxyProtocol) { @@ -341,7 +356,10 @@ TEST_P(ProxyProtocolTest, AllowLargeNoProxyProtocol) { write(msg); expectData(msg); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.allowed") + .value(), + 1); } TEST_P(ProxyProtocolTest, V1Minimal) { @@ -360,7 +378,9 @@ TEST_P(ProxyProtocolTest, V1Minimal) { EXPECT_FALSE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.allowed").value(), + 1); } TEST_P(ProxyProtocolTest, V2Basic) { @@ -379,7 +399,9 @@ TEST_P(ProxyProtocolTest, V2Basic) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), + 1); } TEST_P(ProxyProtocolTest, BasicV6) { @@ -393,7 +415,9 @@ TEST_P(ProxyProtocolTest, BasicV6) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.allowed").value(), + 1); } TEST_P(ProxyProtocolTest, V2BasicV6) { @@ -414,7 +438,9 @@ TEST_P(ProxyProtocolTest, V2BasicV6) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), + 1); } TEST_P(ProxyProtocolTest, V2UnsupportedIPv4) { @@ -428,7 +454,8 @@ TEST_P(ProxyProtocolTest, V2UnsupportedIPv4) { Cleanup cleaner = Network::Address::Ipv4Instance::forceProtocolUnsupportedForTest(true); write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2UnsupportedIPv6) { @@ -444,7 +471,8 @@ TEST_P(ProxyProtocolTest, V2UnsupportedIPv6) { Cleanup cleaner = Network::Address::Ipv6Instance::forceProtocolUnsupportedForTest(true); write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2UnsupportedAF) { @@ -457,7 +485,8 @@ TEST_P(ProxyProtocolTest, V2UnsupportedAF) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, ErrorRecv_2) { @@ -640,7 +669,8 @@ TEST_P(ProxyProtocolTest, V2NotLocalOrOnBehalf) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2LocalConnection) { @@ -662,7 +692,9 @@ TEST_P(ProxyProtocolTest, V2LocalConnection) { } EXPECT_FALSE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), + 1); } TEST_P(ProxyProtocolTest, V2LocalConnectionExtension) { @@ -684,7 +716,9 @@ TEST_P(ProxyProtocolTest, V2LocalConnectionExtension) { } EXPECT_FALSE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), + 1); } TEST_P(ProxyProtocolTest, V2LocalConnectionFilterState) { @@ -713,7 +747,9 @@ TEST_P(ProxyProtocolTest, V2LocalConnectionFilterState) { } EXPECT_FALSE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), + 1); } TEST_P(ProxyProtocolTest, V2ShortV4) { @@ -725,7 +761,8 @@ TEST_P(ProxyProtocolTest, V2ShortV4) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ShortV4WithAllowNoProxyProtocol) { @@ -739,7 +776,8 @@ TEST_P(ProxyProtocolTest, V2ShortV4WithAllowNoProxyProtocol) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ShortAddrV4) { @@ -752,7 +790,8 @@ TEST_P(ProxyProtocolTest, V2ShortAddrV4) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ShortV6) { @@ -765,7 +804,8 @@ TEST_P(ProxyProtocolTest, V2ShortV6) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ShortAddrV6) { @@ -780,7 +820,8 @@ TEST_P(ProxyProtocolTest, V2ShortAddrV6) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2AF_UNIX) { @@ -793,7 +834,8 @@ TEST_P(ProxyProtocolTest, V2AF_UNIX) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2BadCommand) { @@ -806,7 +848,8 @@ TEST_P(ProxyProtocolTest, V2BadCommand) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2WrongVersion) { @@ -818,7 +861,8 @@ TEST_P(ProxyProtocolTest, V2WrongVersion) { connect(false); write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V1TooLong) { @@ -830,7 +874,9 @@ TEST_P(ProxyProtocolTest, V1TooLong) { } expectProxyProtoError(); // Not tracked as v1 due to missing /r/n at end - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found.error").value(), 1); + EXPECT_EQ(stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, V1TooLongWithAllowNoProxyProtocol) { @@ -845,9 +891,15 @@ TEST_P(ProxyProtocolTest, V1TooLongWithAllowNoProxyProtocol) { expectProxyProtoError(); // Not allowed as unknown because of PROXY v1 signature match. // Not tracked as v1 due to missing /r/n at end. - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 0); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found.allowed").value(), 0); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 0); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.allowed") + .value(), + 0); + EXPECT_EQ(stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2ParseExtensions) { @@ -868,7 +920,9 @@ TEST_P(ProxyProtocolTest, V2ParseExtensions) { write(data, sizeof(data)); expectData("DATA"); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), + 1); } TEST_P(ProxyProtocolTest, V2ParseExtensionsRecvError) { @@ -996,7 +1050,9 @@ TEST_P(ProxyProtocolTest, V2ParseExtensionsFrag) { write(data, sizeof(data)); expectData("DATA"); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), + 1); } TEST_P(ProxyProtocolTest, Fragmented) { @@ -1018,7 +1074,9 @@ TEST_P(ProxyProtocolTest, Fragmented) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.allowed").value(), + 1); } TEST_P(ProxyProtocolTest, V2Fragmented1) { @@ -1041,7 +1099,9 @@ TEST_P(ProxyProtocolTest, V2Fragmented1) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), + 1); } TEST_P(ProxyProtocolTest, V2Fragmented2) { @@ -1064,7 +1124,9 @@ TEST_P(ProxyProtocolTest, V2Fragmented2) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), + 1); } TEST_P(ProxyProtocolTest, V2Fragmented3) { @@ -1089,7 +1151,9 @@ TEST_P(ProxyProtocolTest, V2Fragmented3) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), + 1); } TEST_P(ProxyProtocolTest, V2Fragmented4Error) { @@ -1331,7 +1395,9 @@ TEST_P(ProxyProtocolTest, PartialRead) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.allowed").value(), + 1); } TEST_P(ProxyProtocolTest, PartialV1ReadWithAllowNoProxyProtocol) { @@ -1353,7 +1419,9 @@ TEST_P(ProxyProtocolTest, PartialV1ReadWithAllowNoProxyProtocol) { "254.254.254.254"); EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.allowed").value(), + 1); } TEST_P(ProxyProtocolTest, TinyPartialV1ReadWithAllowNoProxyProtocol) { @@ -1379,7 +1447,9 @@ TEST_P(ProxyProtocolTest, TinyPartialV1ReadWithAllowNoProxyProtocol) { "254.254.254.254"); EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.allowed").value(), + 1); } TEST_P(ProxyProtocolTest, V2PartialRead) { @@ -1405,7 +1475,9 @@ TEST_P(ProxyProtocolTest, V2PartialRead) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), + 1); } TEST_P(ProxyProtocolTest, PartialV2ReadWithAllowNoProxyProtocol) { @@ -1435,7 +1507,9 @@ TEST_P(ProxyProtocolTest, PartialV2ReadWithAllowNoProxyProtocol) { "1.2.3.4"); EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), + 1); } TEST_P(ProxyProtocolTest, TinyPartialV2ReadWithAllowNoProxyProtocol) { @@ -1465,7 +1539,9 @@ TEST_P(ProxyProtocolTest, TinyPartialV2ReadWithAllowNoProxyProtocol) { "1.2.3.4"); EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), + 1); } const std::string ProxyProtocol = "envoy.filters.listener.proxy_protocol"; @@ -1509,7 +1585,9 @@ TEST_P(ProxyProtocolTest, V2ParseExtensionsLargeThanInitMaxReadBytes) { EXPECT_EQ(tlv_data, value_s); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), + 1); } TEST_P(ProxyProtocolTest, V2ExtractTlvOfInterest) { @@ -1549,7 +1627,9 @@ TEST_P(ProxyProtocolTest, V2ExtractTlvOfInterest) { auto value_s = fields.at("PP2 type authority").string_value(); ASSERT_THAT(value_s, ElementsAre(0x66, 0x6f, 0x6f, 0x2e, 0x63, 0x6f, 0x6d)); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), + 1); } TEST_P(ProxyProtocolTest, V2ExtractTlvOfInterestAndEmitWithSpecifiedMetadataNamespace) { @@ -1590,7 +1670,9 @@ TEST_P(ProxyProtocolTest, V2ExtractTlvOfInterestAndEmitWithSpecifiedMetadataName auto value_s = fields.at("PP2 type authority").string_value(); ASSERT_THAT(value_s, ElementsAre(0x66, 0x6f, 0x6f, 0x2e, 0x63, 0x6f, 0x6d)); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), + 1); } TEST_P(ProxyProtocolTest, V2ExtractMultipleTlvsOfInterest) { @@ -1650,7 +1732,9 @@ TEST_P(ProxyProtocolTest, V2ExtractMultipleTlvsOfInterest) { ElementsAre(0x01, 0x76, 0x70, 0x63, 0x2d, 0x30, 0x32, 0x35, 0x74, 0x65, 0x73, 0x74, 0x32, 0x66, 0x61, 0x36, 0x63, 0x36, 0x33, 0x68, 0x61, 0x37)); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), + 1); } TEST_P(ProxyProtocolTest, V2ExtractMultipleTlvsOfInterestAndSanitiseNonUtf8) { @@ -1715,7 +1799,9 @@ TEST_P(ProxyProtocolTest, V2ExtractMultipleTlvsOfInterestAndSanitiseNonUtf8) { ElementsAre(0x01, 0x76, 0x70, 0x63, 0x2d, 0x30, replacement, 0x35, 0x74, 0x65, 0x73, 0x74, 0x32, 0x66, 0x61, 0x36, 0x63, 0x36, 0x33, 0x68, replacement, 0x37)); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), + 1); } TEST_P(ProxyProtocolTest, V2WillNotOverwriteTLV) { @@ -1765,7 +1851,9 @@ TEST_P(ProxyProtocolTest, V2WillNotOverwriteTLV) { ASSERT_THAT(value_type_authority, ElementsAre(0x66, 0x6f, 0x6f, 0x2e, 0x63, 0x6f, 0x6d)); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), + 1); } TEST_P(ProxyProtocolTest, V2WrongTLVLength) { @@ -1788,7 +1876,8 @@ TEST_P(ProxyProtocolTest, V2WrongTLVLength) { write(tlv, sizeof(tlv)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2IncompleteTLV) { @@ -1818,7 +1907,8 @@ TEST_P(ProxyProtocolTest, V2IncompleteTLV) { write(tlv2, sizeof(tlv2)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterState) { @@ -1866,7 +1956,9 @@ TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterState) { proxy_proto_data.tlv_vector_[1].value.end())); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), + 1); } TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterStateIncludeEmpty) { @@ -1903,7 +1995,9 @@ TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterStateIncludeEmpty) { EXPECT_EQ(0, proxy_proto_data.tlv_vector_.size()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), + 1); } TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterStateIncludeTlV) { @@ -1944,7 +2038,9 @@ TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterStateIncludeTlV) { EXPECT_EQ("foo.com", std::string(proxy_proto_data.tlv_vector_[0].value.begin(), proxy_proto_data.tlv_vector_[0].value.end())); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), + 1); } TEST_P(ProxyProtocolTest, MalformedProxyLine) { @@ -1956,7 +2052,8 @@ TEST_P(ProxyProtocolTest, MalformedProxyLine) { expectProxyProtoError(); // Tracked as v1 because of trailing \r\n - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, MalformedProxyLineWithAllowNoProxyProtocol) { @@ -1970,7 +2067,10 @@ TEST_P(ProxyProtocolTest, MalformedProxyLineWithAllowNoProxyProtocol) { disconnect(); // Tracked as unknown because `set_allow_requests_without_proxy_protocol` matches v1 signature // differently that previous test case. - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.allowed") + .value(), + 1); } TEST_P(ProxyProtocolTest, ProxyLineTooLarge) { @@ -1978,77 +2078,89 @@ TEST_P(ProxyProtocolTest, ProxyLineTooLarge) { write("012345678901234567890123456789012345678901234567890123456789" "012345678901234567890123456789012345678901234567890123456789"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found.error").value(), 1); + EXPECT_EQ(stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, NotEnoughFields) { connect(false); write("PROXY TCP6 1:2:3::4 5:6::7:8 1234\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, UnsupportedProto) { connect(false); write("PROXY UDP6 1:2:3::4 5:6::7:8 1234 5678\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, InvalidSrcAddress) { connect(false); write("PROXY TCP4 230.0.0.1 10.1.1.3 1234 5678\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, InvalidDstAddress) { connect(false); write("PROXY TCP4 10.1.1.2 0.0.0.0 1234 5678\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, BadPort) { connect(false); write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, NegativePort) { connect(false); write("PROXY TCP6 1:2:3::4 5:6::7:8 -1 1234\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, PortOutOfRange) { connect(false); write("PROXY TCP6 1:2:3::4 5:6::7:8 66776 1234\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, BadAddress) { connect(false); write("PROXY TCP6 1::2:3::4 5:6::7:8 1234 5678\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, AddressVersionsNotMatch) { connect(false); write("PROXY TCP4 [1:2:3::4] 1.2.3.4 1234 5678\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, AddressVersionsNotMatch2) { connect(false); write("PROXY TCP4 1.2.3.4 [1:2:3: 1234 4]:5678\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, Truncated) { @@ -2173,7 +2285,8 @@ TEST_P(ProxyProtocolTest, DrainError) { write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); } #endif @@ -2207,7 +2320,9 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV2BasicAllowed) { write(buffer, sizeof(buffer)); expectData("more data"); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), + 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV2BasicRejected) { @@ -2222,7 +2337,9 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV2BasicRejected) { 'r', 'e', ' ', 'd', 'a', 't', 'a'}; write(buffer, sizeof(buffer)); expectConnectionError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.denied").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.denied").value(), + 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V1V2DisallowedV2BasicRejected) { @@ -2237,7 +2354,9 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1V2DisallowedV2BasicRejected) { 'r', 'e', ' ', 'd', 'a', 't', 'a'}; write(buffer, sizeof(buffer)); expectConnectionError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.denied").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.denied").value(), + 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV2ShortError) { @@ -2251,7 +2370,8 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV2ShortError) { 'm', 'o', 'r', 'e', ' ', 'd', 'a', 't', 'a'}; write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV2ShortRejected) { @@ -2265,7 +2385,9 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV2ShortRejected) { 'm', 'o', 'r', 'e', ' ', 'd', 'a', 't', 'a'}; write(buffer, sizeof(buffer)); expectConnectionError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.denied").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.denied").value(), + 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV1BasicAllowed) { @@ -2276,7 +2398,9 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV1BasicAllowed) { write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectData("more data"); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.allowed").value(), + 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV1BasicRejected) { @@ -2286,7 +2410,9 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV1BasicRejected) { write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectConnectionError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.denied").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.denied").value(), + 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV1BadPortError) { @@ -2296,7 +2422,8 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV1BadPortError) { write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V1V2DisallowedV1BasicRejected) { @@ -2306,7 +2433,9 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1V2DisallowedV1BasicRejected) { write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectConnectionError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.denied").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.denied").value(), + 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV1BadPortError) { @@ -2316,7 +2445,9 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV1BadPortError) { write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); expectConnectionError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.denied").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.denied").value(), + 1); } // Tests a combination of `disallowed_versions` and `allow_requests_without_proxy_protocol`. @@ -2349,7 +2480,9 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV2BasicA write(buffer, sizeof(buffer)); expectData("more data"); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), + 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV2BasicAllowed) { @@ -2365,7 +2498,10 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV2BasicA write(buffer, sizeof(buffer)); expectData(std::string(buffer, buffer + sizeof(buffer))); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.allowed") + .value(), + 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV2ShortError) { @@ -2379,7 +2515,8 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV2ShortE 'm', 'o', 'r', 'e', ' ', 'd', 'a', 't', 'a'}; write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v2.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV2ShortAllowed) { @@ -2394,7 +2531,10 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV2ShortA write(buffer, sizeof(buffer)); expectData(std::string(buffer, buffer + sizeof(buffer))); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.allowed") + .value(), + 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV1BasicAllowed) { @@ -2405,7 +2545,9 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV1BasicA write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectData("more data"); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.allowed").value(), + 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV1BasicAllowed) { @@ -2416,7 +2558,10 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV1BasicA write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectData("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.allowed") + .value(), + 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV1BadPortError) { @@ -2426,7 +2571,8 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV1BadPor write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.error").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV1BadPortAllowed) { @@ -2437,7 +2583,10 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV1BadPor write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); expectData("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.allowed") + .value(), + 1); } // In direct comparison to V1TooLongWithAllowNoProxyProtocol. @@ -2451,7 +2600,10 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, expectData("PROXY TCP4 1.2.3.4 2.3.4.5 100 100 RANDOM ENDING"); disconnect(); // Not tracked as v1 due to missing /r/n at end. - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.allowed") + .value(), + 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedAllowTinyNoProxyProtocol) { @@ -2465,7 +2617,10 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedAllowTin write(msg); expectData(msg); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.allowed") + .value(), + 1); } class WildcardProxyProtocolTest : public testing::TestWithParam, @@ -2506,7 +2661,7 @@ class WildcardProxyProtocolTest : public testing::TestWithParam(std::make_shared( - listenerScope(), + *stats_store_.rootScope(), listenerScope(), envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol()))); return true; })); @@ -2524,7 +2679,9 @@ class WildcardProxyProtocolTest : public testing::TestWithParamconnectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.allowed").value(), + 1); } TEST_P(WildcardProxyProtocolTest, BasicV6) { @@ -2652,7 +2811,9 @@ TEST_P(WildcardProxyProtocolTest, BasicV6) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.v1.allowed").value(), 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.allowed").value(), + 1); } TEST(ProxyProtocolConfigFactoryTest, TestCreateFactory) { @@ -2676,6 +2837,7 @@ TEST(ProxyProtocolConfigFactoryTest, TestCreateFactory) { Server::Configuration::MockListenerFactoryContext context; EXPECT_CALL(context, scope()); + EXPECT_CALL(context, listenerScope()); EXPECT_CALL(context, messageValidationVisitor()); Network::ListenerFilterFactoryCb cb = factory->createListenerFilterFactoryFromProto(*proto_config, nullptr, context); From e1fa890eab335a580df1b22120abe9145ec570a6 Mon Sep 17 00:00:00 2001 From: Teju Nareddy Date: Tue, 19 Mar 2024 16:47:14 -0500 Subject: [PATCH 18/29] fix test Signed-off-by: Teju Nareddy --- .../common/proxy_protocol/proxy_protocol_regression_test.cc | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/test/extensions/common/proxy_protocol/proxy_protocol_regression_test.cc b/test/extensions/common/proxy_protocol/proxy_protocol_regression_test.cc index ee5732e61735..bf575b7d084b 100644 --- a/test/extensions/common/proxy_protocol/proxy_protocol_regression_test.cc +++ b/test/extensions/common/proxy_protocol/proxy_protocol_regression_test.cc @@ -80,7 +80,9 @@ class ProxyProtocolRegressionTest : public testing::TestWithParam( std::make_shared( - listenerScope(), + *stats_store_.rootScope(), listenerScope(), envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol()))); maybeExitDispatcher(); return true; From ee28b67f080cff21e186f5888faea0b5cc8263e7 Mon Sep 17 00:00:00 2001 From: Teju Nareddy Date: Wed, 20 Mar 2024 14:27:41 -0500 Subject: [PATCH 19/29] Review comments: rename stats and make `not_found` a non-versioned stat Signed-off-by: Teju Nareddy --- .../listener_filters/proxy_protocol.rst | 34 +-- .../listener/proxy_protocol/proxy_protocol.cc | 75 +++--- .../listener/proxy_protocol/proxy_protocol.h | 46 ++-- .../proxy_proto_integration_test.cc | 4 +- .../proxy_protocol/proxy_protocol_test.cc | 252 ++++++++---------- 5 files changed, 211 insertions(+), 200 deletions(-) diff --git a/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst b/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst index 63000cd70242..bd060c04827d 100644 --- a/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst +++ b/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst @@ -33,31 +33,35 @@ If there is a protocol error or an unsupported address family Statistics ---------- -This filter emits the following general statistics: +This filter emits the following general statistics, rooted at *listener..downstream_cx_proxy_proto* .. csv-table:: :header: Name, Type, Description - :widths: 1, 1, 2 + :widths: 4, 1, 8 - downstream_cx_proxy_proto_error, Counter, Total number of connections with proxy protocol errors + not_found_disallowed, Counter, "Total number of connections that don't contain the PROXY protocol header and are rejected." + not_found_allowed, Counter, "Total number of connections that don't contain the PROXY protocol header, but are allowed due to :ref:`allow_requests_without_proxy_protocol `." -The filter also emits the statistics rooted at *listener..downstream_cx_proxy_proto..* -for each matched proxy protocol version. Proxy protocol versions include ``v1``, ``v2``, and ``not_found``. + +The filter also emits the statistics rooted at *listener..downstream_cx_proxy_proto.versions.* +for each matched PROXY protocol version. Proxy protocol versions include ``v1`` and ``v2``. .. csv-table:: :header: Name, Type, Description - :widths: 1, 1, 2 + :widths: 4, 1, 8 - allowed, Counter, Total number of connections allowed - denied, Counter, Total number of connections rejected due to :ref:`disallowed_versions `. - error, Counter, Total number of connections rejected due to parsing error + found, Counter, "Total number of connections where the PROXY protocol header was found and parsed correctly." + disallowed, Counter, "Total number of ``found`` connections that are rejected due to :ref:`disallowed_versions `." + error, Counter, "Total number of connections where the PROXY protocol header was malformed (and the connection was rejected)." -Some per-version statistics are emitted only under certain filter configurations, as captured in the matrix below: +The filter also emits the following legacy statistics, rooted at its own scope: .. csv-table:: - :header: , not_found, v1, v2 - :widths: 1, 1, 1, 1 + :header: Name, Type, Description + :widths: 4, 1, 8 + + downstream_cx_proxy_proto_error, Counter, "Total number of connections with proxy protocol errors, i.e. ``v1.error``, ``v2.error``, and ``not_found_disallowed``." - allowed, Emitted only when ``allow_requests_without_proxy_protocol=true``, Emitted by default, Emitted by default - denied, N/A, Emitted only when ``disallowed_versions`` contains ``v1``, Emitted only when ``disallowed_versions`` contains ``v2`` - error, Emitted only when ``allow_requests_without_proxy_protocol=false``, Emitted by default, Emitted by default +.. attention:: + The legacy statistics are deprecated and kept for backwards compatibility. + Prefer using the other statistics above, which are emitted on a per-listener basis and are more detailed. diff --git a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc index 238d430a4660..4066f5a2fbfd 100644 --- a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc +++ b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc @@ -50,39 +50,51 @@ namespace Extensions { namespace ListenerFilters { namespace ProxyProtocol { -constexpr absl::string_view kVersionedStatsPrefix = "downstream_cx_proxy_proto."; +constexpr absl::string_view kProxyProtoStatsPrefix = "downstream_cx_proxy_proto."; +constexpr absl::string_view kVersionStatsPrefix = "versions."; ProxyProtocolStats ProxyProtocolStats::create(Stats::Scope& scope, Stats::Scope& listener_scope) { return { - /*general_stats_=*/{GENERAL_PROXY_PROTOCOL_STATS(POOL_COUNTER(scope))}, - /*not_found_=*/ - {VERSIONED_PROXY_PROTOCOL_STATS( - POOL_COUNTER_PREFIX(listener_scope, absl::StrCat(kVersionedStatsPrefix, "not_found.")))}, + /*legacy_=*/{LEGACY_PROXY_PROTOCOL_STATS(POOL_COUNTER(scope))}, + /*general_=*/ + {GENERAL_PROXY_PROTOCOL_STATS(POOL_COUNTER_PREFIX(listener_scope, kProxyProtoStatsPrefix))}, /*v1_=*/ {VERSIONED_PROXY_PROTOCOL_STATS( - POOL_COUNTER_PREFIX(listener_scope, absl::StrCat(kVersionedStatsPrefix, "v1.")))}, + POOL_COUNTER_PREFIX(listener_scope, absl::StrCat(kProxyProtoStatsPrefix, kVersionStatsPrefix, "v1.")))}, /*v2_=*/ {VERSIONED_PROXY_PROTOCOL_STATS( - POOL_COUNTER_PREFIX(listener_scope, absl::StrCat(kVersionedStatsPrefix, "v2.")))}, + POOL_COUNTER_PREFIX(listener_scope, absl::StrCat(kProxyProtoStatsPrefix, kVersionStatsPrefix, "v2.")))}, }; } -void VersionedProxyProtocolStats::increment(ReadOrParseState decision) { +void GeneralProxyProtocolStats::increment(ReadOrParseState decision) { switch (decision) { case ReadOrParseState::Done: - allowed_.inc(); + not_found_allowed_.inc(); break; case ReadOrParseState::TryAgainLater: - // Do nothing. + break; // Do nothing. + case ReadOrParseState::Error: + not_found_disallowed_.inc(); + break; + case ReadOrParseState::Denied: + PANIC_DUE_TO_CORRUPT_ENUM; // Should never happen. + } +} + +void VersionedProxyProtocolStats::increment(ReadOrParseState decision) { + switch (decision) { + case ReadOrParseState::Done: + found_.inc(); break; + case ReadOrParseState::TryAgainLater: + break; // Do nothing. case ReadOrParseState::Error: error_.inc(); break; - case ReadOrParseState::SkipFilter: - allowed_.inc(); - break; case ReadOrParseState::Denied: - denied_.inc(); + found_.inc(); + disallowed_.inc(); break; } } @@ -146,18 +158,6 @@ bool Config::isVersionV1Allowed() const { return allow_v1_; } bool Config::isVersionV2Allowed() const { return allow_v2_; } -VersionedProxyProtocolStats& Config::versionToStatsStruct(ProxyProtocolVersion version) { - switch (version) { - case ProxyProtocolVersion::NotFound: - return stats_.not_found_; - case ProxyProtocolVersion::V1: - return stats_.v1_; - case ProxyProtocolVersion::V2: - return stats_.v2_; - } - PANIC_DUE_TO_CORRUPT_ENUM; -} - Network::FilterStatus Filter::onAccept(Network::ListenerFilterCallbacks& cb) { ENVOY_LOG(debug, "proxy_protocol: New connection accepted"); cb_ = &cb; @@ -168,22 +168,29 @@ Network::FilterStatus Filter::onAccept(Network::ListenerFilterCallbacks& cb) { Network::FilterStatus Filter::onData(Network::ListenerFilterBuffer& buffer) { const ReadOrParseState read_state = parseBuffer(buffer); // Implicitly updates header_version_ - VersionedProxyProtocolStats& versioned_stats = config_->versionToStatsStruct(header_version_); - versioned_stats.increment(read_state); + switch (header_version_) { + case ProxyProtocolVersion::V1: + config_->stats_.v1_.increment(read_state); + break; + case ProxyProtocolVersion::V2: + config_->stats_.v2_.increment(read_state); + break; + case ProxyProtocolVersion::NotFound: + config_->stats_.general_.increment(read_state); + break; + } switch (read_state) { case ReadOrParseState::Denied: cb_->socket().ioHandle().close(); return Network::FilterStatus::StopIteration; case ReadOrParseState::Error: - config_->stats_.general_stats_.downstream_cx_proxy_proto_error_ + config_->stats_.legacy_.downstream_cx_proxy_proto_error_ .inc(); // Keep for backwards-compatibility cb_->socket().ioHandle().close(); return Network::FilterStatus::StopIteration; case ReadOrParseState::TryAgainLater: return Network::FilterStatus::StopIteration; - case ReadOrParseState::SkipFilter: - return Network::FilterStatus::Continue; case ReadOrParseState::Done: return Network::FilterStatus::Continue; } @@ -200,6 +207,10 @@ ReadOrParseState Filter::parseBuffer(Network::ListenerFilterBuffer& buffer) { if (read_header_state != ReadOrParseState::Done) { return read_header_state; } + if (header_version_ == ProxyProtocolVersion::NotFound) { + // Filter is skipped and request is allowed through. + return ReadOrParseState::Done; + } } // After parse the header, the extensions size is discovered. Then extend the buffer @@ -583,7 +594,7 @@ ReadOrParseState Filter::readProxyHeader(Network::ListenerFilterBuffer& buffer) // The bytes we have seen so far do not match v1 or v2 proxy protocol, so we can safely // short-circuit ENVOY_LOG(trace, "request does not use v1 or v2 proxy protocol, forwarding as is"); - return ReadOrParseState::SkipFilter; + return ReadOrParseState::Done; } } diff --git a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.h b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.h index a478da1d10a6..ef6b19579a48 100644 --- a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.h +++ b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.h @@ -25,20 +25,39 @@ using KeyValuePair = enum class ProxyProtocolVersion { NotFound = 0, V1 = 1, V2 = 2 }; -enum class ReadOrParseState { Done, TryAgainLater, Error, SkipFilter, Denied }; +enum class ReadOrParseState { Done, TryAgainLater, Error, Denied }; /** - * Non-versioned general stats for the filter. - * Kept for backwards compatibility. + * Legacy stats that are under the root scope. Kept for backwards compatibility. + * @deprecated Use GeneralProxyProtocolStats instead. * @see stats_macros.h */ // clang-format off -#define GENERAL_PROXY_PROTOCOL_STATS(COUNTER) \ +#define LEGACY_PROXY_PROTOCOL_STATS(COUNTER) \ COUNTER(downstream_cx_proxy_proto_error) // clang-format on +struct LegacyProxyProtocolStats { + LEGACY_PROXY_PROTOCOL_STATS(GENERATE_COUNTER_STRUCT) +}; + +/** + * Stats reported for the filter. + * @see stats_macros.h + */ +// clang-format off +#define GENERAL_PROXY_PROTOCOL_STATS(COUNTER) \ + COUNTER(not_found_allowed) \ + COUNTER(not_found_disallowed) +// clang-format on + struct GeneralProxyProtocolStats { GENERAL_PROXY_PROTOCOL_STATS(GENERATE_COUNTER_STRUCT) + + /** + * Increment the stats for the given filter decision. + */ + void increment(ReadOrParseState decision); }; /** @@ -47,8 +66,8 @@ struct GeneralProxyProtocolStats { */ // clang-format off #define VERSIONED_PROXY_PROTOCOL_STATS(COUNTER) \ - COUNTER(allowed) \ - COUNTER(denied) \ + COUNTER(found) \ + COUNTER(disallowed) \ COUNTER(error) // clang-format on @@ -65,16 +84,16 @@ struct VersionedProxyProtocolStats { * Definition of all stats for the proxy protocol. @see stats_macros.h */ struct ProxyProtocolStats { - GeneralProxyProtocolStats general_stats_; - VersionedProxyProtocolStats not_found_; + LegacyProxyProtocolStats legacy_; + GeneralProxyProtocolStats general_; VersionedProxyProtocolStats v1_; VersionedProxyProtocolStats v2_; /** - * Create an instance of the stats struct, with both general (legacy) and versioned stats. + * Create an instance of the stats struct with all stats for the filter. * - * For backwards compatibility, the general (legacy) stats are rooted at this filter's own scope. - * The versioned stats are correctly rooted at the listener's scope. + * For backwards compatibility, the legacy stats are rooted at this filter's own scope. + * The general and versioned stats are correctly rooted at the listener's scope. */ static ProxyProtocolStats create(Stats::Scope& scope, Stats::Scope& listener_scope); }; @@ -118,11 +137,6 @@ class Config : public Logger::Loggable { bool isVersionV1Allowed() const; bool isVersionV2Allowed() const; - /** - * Return the stats for the given PROXY protocol version. - */ - VersionedProxyProtocolStats& versionToStatsStruct(ProxyProtocolVersion version); - private: absl::flat_hash_map tlv_types_; const bool allow_requests_without_proxy_protocol_; diff --git a/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc b/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc index 53bf071dddcb..e7a3f3c7ce98 100644 --- a/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc +++ b/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc @@ -388,7 +388,9 @@ TEST_P(ProxyProtoDisallowedVersionsIntegrationTest, V1Rejected) { ASSERT_TRUE(tcp_client->write("PROXY TCP4 1.2.3.4 254.254.254.254 12345 1234\r\nhello", /*end_stream=*/false, /*verify=*/false)); tcp_client->waitForDisconnect(); - EXPECT_EQ(test_server_->counter("listener.test_listener.downstream_cx_proxy_proto.v1.denied"), 1); + EXPECT_EQ(test_server_->counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found"), 1); + EXPECT_EQ(test_server_->counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.disallowed"), + 1); } } // namespace Envoy diff --git a/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc b/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc index 8368daf6db02..46144499bbd5 100644 --- a/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc +++ b/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc @@ -246,7 +246,7 @@ TEST_P(ProxyProtocolTest, V1UnsupportedIPv4) { write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, V1UnsupportedIPv6) { @@ -255,7 +255,7 @@ TEST_P(ProxyProtocolTest, V1UnsupportedIPv6) { write("PROXY TCP6 1:2:3::4 5:6::7:8 65535 1234\r\nmore data"); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, V1Basic) { @@ -270,8 +270,7 @@ TEST_P(ProxyProtocolTest, V1Basic) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocol) { @@ -290,7 +289,7 @@ TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocol) { expectData(msg); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.allowed") + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_allowed") .value(), 1); } @@ -313,7 +312,7 @@ TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocolPartialMatchesV1First) { expectData(msg); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.allowed") + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_allowed") .value(), 1); } @@ -336,7 +335,7 @@ TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocolPartialMatchesV2First) { expectData(msg); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.allowed") + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_allowed") .value(), 1); } @@ -357,7 +356,7 @@ TEST_P(ProxyProtocolTest, AllowLargeNoProxyProtocol) { expectData(msg); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.allowed") + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_allowed") .value(), 1); } @@ -379,8 +378,7 @@ TEST_P(ProxyProtocolTest, V1Minimal) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolTest, V2Basic) { @@ -400,8 +398,7 @@ TEST_P(ProxyProtocolTest, V2Basic) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, BasicV6) { @@ -416,8 +413,7 @@ TEST_P(ProxyProtocolTest, BasicV6) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolTest, V2BasicV6) { @@ -439,8 +435,7 @@ TEST_P(ProxyProtocolTest, V2BasicV6) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2UnsupportedIPv4) { @@ -455,7 +450,7 @@ TEST_P(ProxyProtocolTest, V2UnsupportedIPv4) { write(buffer, sizeof(buffer)); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2UnsupportedIPv6) { @@ -472,7 +467,7 @@ TEST_P(ProxyProtocolTest, V2UnsupportedIPv6) { write(buffer, sizeof(buffer)); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2UnsupportedAF) { @@ -486,7 +481,7 @@ TEST_P(ProxyProtocolTest, V2UnsupportedAF) { expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, ErrorRecv_2) { @@ -670,7 +665,7 @@ TEST_P(ProxyProtocolTest, V2NotLocalOrOnBehalf) { expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2LocalConnection) { @@ -693,8 +688,7 @@ TEST_P(ProxyProtocolTest, V2LocalConnection) { EXPECT_FALSE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2LocalConnectionExtension) { @@ -717,8 +711,7 @@ TEST_P(ProxyProtocolTest, V2LocalConnectionExtension) { EXPECT_FALSE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2LocalConnectionFilterState) { @@ -748,8 +741,7 @@ TEST_P(ProxyProtocolTest, V2LocalConnectionFilterState) { EXPECT_FALSE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ShortV4) { @@ -762,7 +754,7 @@ TEST_P(ProxyProtocolTest, V2ShortV4) { write(buffer, sizeof(buffer)); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ShortV4WithAllowNoProxyProtocol) { @@ -777,7 +769,7 @@ TEST_P(ProxyProtocolTest, V2ShortV4WithAllowNoProxyProtocol) { write(buffer, sizeof(buffer)); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ShortAddrV4) { @@ -791,7 +783,7 @@ TEST_P(ProxyProtocolTest, V2ShortAddrV4) { write(buffer, sizeof(buffer)); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ShortV6) { @@ -805,7 +797,7 @@ TEST_P(ProxyProtocolTest, V2ShortV6) { write(buffer, sizeof(buffer)); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ShortAddrV6) { @@ -821,7 +813,7 @@ TEST_P(ProxyProtocolTest, V2ShortAddrV6) { write(buffer, sizeof(buffer)); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2AF_UNIX) { @@ -835,7 +827,7 @@ TEST_P(ProxyProtocolTest, V2AF_UNIX) { expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2BadCommand) { @@ -849,7 +841,7 @@ TEST_P(ProxyProtocolTest, V2BadCommand) { expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2WrongVersion) { @@ -862,7 +854,7 @@ TEST_P(ProxyProtocolTest, V2WrongVersion) { write(buffer, sizeof(buffer)); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V1TooLong) { @@ -874,9 +866,10 @@ TEST_P(ProxyProtocolTest, V1TooLong) { } expectProxyProtoError(); // Not tracked as v1 due to missing /r/n at end - EXPECT_EQ(stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.error") - .value(), - 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_disallowed") + .value(), + 1); } TEST_P(ProxyProtocolTest, V1TooLongWithAllowNoProxyProtocol) { @@ -892,14 +885,15 @@ TEST_P(ProxyProtocolTest, V1TooLongWithAllowNoProxyProtocol) { // Not allowed as unknown because of PROXY v1 signature match. // Not tracked as v1 due to missing /r/n at end. EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 0); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 0); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.allowed") + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_allowed") .value(), 0); - EXPECT_EQ(stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.error") - .value(), - 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_disallowed") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2ParseExtensions) { @@ -921,8 +915,7 @@ TEST_P(ProxyProtocolTest, V2ParseExtensions) { expectData("DATA"); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ParseExtensionsRecvError) { @@ -1051,8 +1044,7 @@ TEST_P(ProxyProtocolTest, V2ParseExtensionsFrag) { expectData("DATA"); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, Fragmented) { @@ -1075,8 +1067,7 @@ TEST_P(ProxyProtocolTest, Fragmented) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolTest, V2Fragmented1) { @@ -1100,8 +1091,7 @@ TEST_P(ProxyProtocolTest, V2Fragmented1) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2Fragmented2) { @@ -1125,8 +1115,7 @@ TEST_P(ProxyProtocolTest, V2Fragmented2) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2Fragmented3) { @@ -1152,8 +1141,7 @@ TEST_P(ProxyProtocolTest, V2Fragmented3) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2Fragmented4Error) { @@ -1396,8 +1384,7 @@ TEST_P(ProxyProtocolTest, PartialRead) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolTest, PartialV1ReadWithAllowNoProxyProtocol) { @@ -1420,8 +1407,7 @@ TEST_P(ProxyProtocolTest, PartialV1ReadWithAllowNoProxyProtocol) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolTest, TinyPartialV1ReadWithAllowNoProxyProtocol) { @@ -1448,8 +1434,7 @@ TEST_P(ProxyProtocolTest, TinyPartialV1ReadWithAllowNoProxyProtocol) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolTest, V2PartialRead) { @@ -1476,8 +1461,7 @@ TEST_P(ProxyProtocolTest, V2PartialRead) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, PartialV2ReadWithAllowNoProxyProtocol) { @@ -1508,8 +1492,7 @@ TEST_P(ProxyProtocolTest, PartialV2ReadWithAllowNoProxyProtocol) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, TinyPartialV2ReadWithAllowNoProxyProtocol) { @@ -1540,8 +1523,7 @@ TEST_P(ProxyProtocolTest, TinyPartialV2ReadWithAllowNoProxyProtocol) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); } const std::string ProxyProtocol = "envoy.filters.listener.proxy_protocol"; @@ -1586,8 +1568,7 @@ TEST_P(ProxyProtocolTest, V2ParseExtensionsLargeThanInitMaxReadBytes) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractTlvOfInterest) { @@ -1628,8 +1609,7 @@ TEST_P(ProxyProtocolTest, V2ExtractTlvOfInterest) { ASSERT_THAT(value_s, ElementsAre(0x66, 0x6f, 0x6f, 0x2e, 0x63, 0x6f, 0x6d)); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractTlvOfInterestAndEmitWithSpecifiedMetadataNamespace) { @@ -1671,8 +1651,7 @@ TEST_P(ProxyProtocolTest, V2ExtractTlvOfInterestAndEmitWithSpecifiedMetadataName ASSERT_THAT(value_s, ElementsAre(0x66, 0x6f, 0x6f, 0x2e, 0x63, 0x6f, 0x6d)); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractMultipleTlvsOfInterest) { @@ -1733,8 +1712,7 @@ TEST_P(ProxyProtocolTest, V2ExtractMultipleTlvsOfInterest) { 0x32, 0x66, 0x61, 0x36, 0x63, 0x36, 0x33, 0x68, 0x61, 0x37)); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractMultipleTlvsOfInterestAndSanitiseNonUtf8) { @@ -1800,8 +1778,7 @@ TEST_P(ProxyProtocolTest, V2ExtractMultipleTlvsOfInterestAndSanitiseNonUtf8) { 0x74, 0x32, 0x66, 0x61, 0x36, 0x63, 0x36, 0x33, 0x68, replacement, 0x37)); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2WillNotOverwriteTLV) { @@ -1852,8 +1829,7 @@ TEST_P(ProxyProtocolTest, V2WillNotOverwriteTLV) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2WrongTLVLength) { @@ -1877,7 +1853,7 @@ TEST_P(ProxyProtocolTest, V2WrongTLVLength) { expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2IncompleteTLV) { @@ -1908,7 +1884,7 @@ TEST_P(ProxyProtocolTest, V2IncompleteTLV) { expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterState) { @@ -1957,8 +1933,7 @@ TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterState) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterStateIncludeEmpty) { @@ -1996,8 +1971,7 @@ TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterStateIncludeEmpty) { EXPECT_EQ(0, proxy_proto_data.tlv_vector_.size()); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterStateIncludeTlV) { @@ -2039,8 +2013,7 @@ TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterStateIncludeTlV) { proxy_proto_data.tlv_vector_[0].value.end())); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, MalformedProxyLine) { @@ -2053,7 +2026,7 @@ TEST_P(ProxyProtocolTest, MalformedProxyLine) { expectProxyProtoError(); // Tracked as v1 because of trailing \r\n EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, MalformedProxyLineWithAllowNoProxyProtocol) { @@ -2068,7 +2041,7 @@ TEST_P(ProxyProtocolTest, MalformedProxyLineWithAllowNoProxyProtocol) { // Tracked as unknown because `set_allow_requests_without_proxy_protocol` matches v1 signature // differently that previous test case. EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.allowed") + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_allowed") .value(), 1); } @@ -2078,9 +2051,10 @@ TEST_P(ProxyProtocolTest, ProxyLineTooLarge) { write("012345678901234567890123456789012345678901234567890123456789" "012345678901234567890123456789012345678901234567890123456789"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.error") - .value(), - 1); + EXPECT_EQ( + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_disallowed") + .value(), + 1); } TEST_P(ProxyProtocolTest, NotEnoughFields) { @@ -2088,7 +2062,7 @@ TEST_P(ProxyProtocolTest, NotEnoughFields) { write("PROXY TCP6 1:2:3::4 5:6::7:8 1234\r\nmore data"); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, UnsupportedProto) { @@ -2096,7 +2070,7 @@ TEST_P(ProxyProtocolTest, UnsupportedProto) { write("PROXY UDP6 1:2:3::4 5:6::7:8 1234 5678\r\nmore data"); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, InvalidSrcAddress) { @@ -2104,7 +2078,7 @@ TEST_P(ProxyProtocolTest, InvalidSrcAddress) { write("PROXY TCP4 230.0.0.1 10.1.1.3 1234 5678\r\nmore data"); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, InvalidDstAddress) { @@ -2112,7 +2086,7 @@ TEST_P(ProxyProtocolTest, InvalidDstAddress) { write("PROXY TCP4 10.1.1.2 0.0.0.0 1234 5678\r\nmore data"); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, BadPort) { @@ -2120,7 +2094,7 @@ TEST_P(ProxyProtocolTest, BadPort) { write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, NegativePort) { @@ -2128,7 +2102,7 @@ TEST_P(ProxyProtocolTest, NegativePort) { write("PROXY TCP6 1:2:3::4 5:6::7:8 -1 1234\r\nmore data"); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, PortOutOfRange) { @@ -2136,7 +2110,7 @@ TEST_P(ProxyProtocolTest, PortOutOfRange) { write("PROXY TCP6 1:2:3::4 5:6::7:8 66776 1234\r\nmore data"); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, BadAddress) { @@ -2144,7 +2118,7 @@ TEST_P(ProxyProtocolTest, BadAddress) { write("PROXY TCP6 1::2:3::4 5:6::7:8 1234 5678\r\nmore data"); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, AddressVersionsNotMatch) { @@ -2152,7 +2126,7 @@ TEST_P(ProxyProtocolTest, AddressVersionsNotMatch) { write("PROXY TCP4 [1:2:3::4] 1.2.3.4 1234 5678\r\nmore data"); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, AddressVersionsNotMatch2) { @@ -2160,7 +2134,7 @@ TEST_P(ProxyProtocolTest, AddressVersionsNotMatch2) { write("PROXY TCP4 1.2.3.4 [1:2:3: 1234 4]:5678\r\nmore data"); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, Truncated) { @@ -2286,7 +2260,7 @@ TEST_P(ProxyProtocolTest, DrainError) { expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); } #endif @@ -2321,8 +2295,7 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV2BasicAllowed) { expectData("more data"); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV2BasicRejected) { @@ -2338,8 +2311,10 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV2BasicRejected) { write(buffer, sizeof(buffer)); expectConnectionError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.denied").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.disallowed") + .value(), + 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V1V2DisallowedV2BasicRejected) { @@ -2355,8 +2330,10 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1V2DisallowedV2BasicRejected) { write(buffer, sizeof(buffer)); expectConnectionError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.denied").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.disallowed") + .value(), + 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV2ShortError) { @@ -2371,7 +2348,7 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV2ShortError) { write(buffer, sizeof(buffer)); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV2ShortRejected) { @@ -2386,8 +2363,10 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV2ShortRejected) { write(buffer, sizeof(buffer)); expectConnectionError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.denied").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.disallowed") + .value(), + 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV1BasicAllowed) { @@ -2399,8 +2378,7 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV1BasicAllowed) { expectData("more data"); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV1BasicRejected) { @@ -2411,8 +2389,10 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV1BasicRejected) { write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectConnectionError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.denied").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.disallowed") + .value(), + 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV1BadPortError) { @@ -2423,7 +2403,7 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV1BadPortError) { write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V1V2DisallowedV1BasicRejected) { @@ -2434,8 +2414,10 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1V2DisallowedV1BasicRejected) { write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectConnectionError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.denied").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.disallowed") + .value(), + 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV1BadPortError) { @@ -2446,8 +2428,10 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV1BadPortError) { write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); expectConnectionError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.denied").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.disallowed") + .value(), + 1); } // Tests a combination of `disallowed_versions` and `allow_requests_without_proxy_protocol`. @@ -2481,8 +2465,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV2BasicA expectData("more data"); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV2BasicAllowed) { @@ -2499,7 +2482,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV2BasicA expectData(std::string(buffer, buffer + sizeof(buffer))); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.allowed") + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_allowed") .value(), 1); } @@ -2516,7 +2499,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV2ShortE write(buffer, sizeof(buffer)); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV2ShortAllowed) { @@ -2532,7 +2515,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV2ShortA expectData(std::string(buffer, buffer + sizeof(buffer))); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.allowed") + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_allowed") .value(), 1); } @@ -2546,8 +2529,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV1BasicA expectData("more data"); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV1BasicAllowed) { @@ -2559,7 +2541,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV1BasicA expectData("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.allowed") + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_allowed") .value(), 1); } @@ -2572,7 +2554,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV1BadPor write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV1BadPortAllowed) { @@ -2584,7 +2566,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV1BadPor expectData("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.allowed") + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_allowed") .value(), 1); } @@ -2601,7 +2583,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, disconnect(); // Not tracked as v1 due to missing /r/n at end. EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.allowed") + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_allowed") .value(), 1); } @@ -2618,7 +2600,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedAllowTin expectData(msg); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found.allowed") + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_allowed") .value(), 1); } @@ -2794,8 +2776,7 @@ TEST_P(WildcardProxyProtocolTest, Basic) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found").value(), 1); } TEST_P(WildcardProxyProtocolTest, BasicV6) { @@ -2812,8 +2793,7 @@ TEST_P(WildcardProxyProtocolTest, BasicV6) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.v1.allowed").value(), - 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found").value(), 1); } TEST(ProxyProtocolConfigFactoryTest, TestCreateFactory) { From e0a1147c9be89f5fc7c9d583ca89a7685976274f Mon Sep 17 00:00:00 2001 From: Teju Nareddy Date: Wed, 20 Mar 2024 16:33:21 -0500 Subject: [PATCH 20/29] Add tag extracted names for stats Signed-off-by: Teju Nareddy --- source/common/config/well_known_names.cc | 3 + source/common/config/well_known_names.h | 2 + .../listener/proxy_protocol/proxy_protocol.cc | 8 +- test/common/stats/tag_extractor_impl_test.cc | 10 + .../proxy_proto_integration_test.cc | 62 +++- .../proxy_protocol/proxy_protocol_test.cc | 314 +++++++++++++----- 6 files changed, 311 insertions(+), 88 deletions(-) diff --git a/source/common/config/well_known_names.cc b/source/common/config/well_known_names.cc index 104b182bfb1a..6105fb7352ca 100644 --- a/source/common/config/well_known_names.cc +++ b/source/common/config/well_known_names.cc @@ -210,6 +210,9 @@ TagNameValues::TagNameValues() { // http..rbac.(.)* addTokenized(RBAC_HTTP_PREFIX, "http.*.rbac.$.**"); + + // listener.[
.]downstream_cx_proxy_proto.versions.().** + addRe2(PROXY_PROTOCOL_VERSION, R"(downstream_cx_proxy_proto\.versions(\.()))", ""); } void TagNameValues::addRe2(const std::string& name, const std::string& regex, diff --git a/source/common/config/well_known_names.h b/source/common/config/well_known_names.h index 8cf5fbd14715..9af3ca60ce53 100644 --- a/source/common/config/well_known_names.h +++ b/source/common/config/well_known_names.h @@ -161,6 +161,8 @@ class TagNameValues { const std::string THRIFT_PREFIX = "envoy.thrift_prefix"; // Stats prefix for the Redis Proxy network filter const std::string REDIS_PREFIX = "envoy.redis_prefix"; + // Proxy Protocol version for a connection (Proxy Protocol listener filter). + const std::string PROXY_PROTOCOL_VERSION = "envoy.proxy_protocol_version"; // Mapping from the names above to their respective regex strings. const std::vector> name_regex_pairs_; diff --git a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc index 4066f5a2fbfd..ada94d7e1b0e 100644 --- a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc +++ b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc @@ -59,11 +59,11 @@ ProxyProtocolStats ProxyProtocolStats::create(Stats::Scope& scope, Stats::Scope& /*general_=*/ {GENERAL_PROXY_PROTOCOL_STATS(POOL_COUNTER_PREFIX(listener_scope, kProxyProtoStatsPrefix))}, /*v1_=*/ - {VERSIONED_PROXY_PROTOCOL_STATS( - POOL_COUNTER_PREFIX(listener_scope, absl::StrCat(kProxyProtoStatsPrefix, kVersionStatsPrefix, "v1.")))}, + {VERSIONED_PROXY_PROTOCOL_STATS(POOL_COUNTER_PREFIX( + listener_scope, absl::StrCat(kProxyProtoStatsPrefix, kVersionStatsPrefix, "v1.")))}, /*v2_=*/ - {VERSIONED_PROXY_PROTOCOL_STATS( - POOL_COUNTER_PREFIX(listener_scope, absl::StrCat(kProxyProtoStatsPrefix, kVersionStatsPrefix, "v2.")))}, + {VERSIONED_PROXY_PROTOCOL_STATS(POOL_COUNTER_PREFIX( + listener_scope, absl::StrCat(kProxyProtoStatsPrefix, kVersionStatsPrefix, "v2.")))}, }; } diff --git a/test/common/stats/tag_extractor_impl_test.cc b/test/common/stats/tag_extractor_impl_test.cc index 747f9daca0c1..a235d9be951e 100644 --- a/test/common/stats/tag_extractor_impl_test.cc +++ b/test/common/stats/tag_extractor_impl_test.cc @@ -461,6 +461,16 @@ TEST(TagExtractorTest, DefaultTagExtractors) { rbac_http_prefix.value_ = "prefix"; regex_tester.testRegex("http.hcm_prefix.rbac.prefix.allowed", "http.rbac.allowed", {rbac_http_hcm_prefix, rbac_http_prefix}); + + // Proxy Protocol version prefix + Tag proxy_protocol_version; + proxy_protocol_version.name_ = tag_names.PROXY_PROTOCOL_VERSION; + proxy_protocol_version.value_ = "v2"; + + listener_address.value_ = "[__1]_443"; + regex_tester.testRegex("listener.[__1]_443.downstream_cx_proxy_proto.versions.v2.error", + "listener.downstream_cx_proxy_proto.versions.error", + {listener_address, proxy_protocol_version}); } TEST(TagExtractorTest, ExtAuthzTagExtractors) { diff --git a/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc b/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc index e7a3f3c7ce98..ab2cc40785af 100644 --- a/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc +++ b/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc @@ -16,6 +16,8 @@ namespace Envoy { +using ::testing::IsSupersetOf; + constexpr absl::string_view kProxyProtoFilterName = "envoy.listener.proxy_protocol"; static void @@ -112,6 +114,16 @@ TEST_P(ProxyProtoIntegrationTest, V2RouterRequestAndResponseWithBodyNoBufferV6) }; testRouterRequestAndResponseWithBody(1024, 512, false, false, &creator); + + // Verify stats (with tags for proxy protocol version). + const auto found_counter = + test_server_->counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found"); + EXPECT_EQ(found_counter->value(), 1UL); + EXPECT_EQ(found_counter->tagExtractedName(), "listener.downstream_cx_proxy_proto.versions.found"); + EXPECT_THAT(found_counter->tags(), IsSupersetOf(Stats::TagVector{ + {"envoy.listener_address", "test_listener"}, + {"envoy.proxy_protocol_version", "v2"}, + })); } TEST_P(ProxyProtoIntegrationTest, RouterProxyUnknownRequestAndResponseWithBodyNoBuffer) { @@ -381,16 +393,58 @@ INSTANTIATE_TEST_SUITE_P(IpVersions, ProxyProtoDisallowedVersionsIntegrationTest TestUtility::ipTestParamsToString); // Validate Envoy closes connection when PROXY protocol version 1 is used. -TEST_P(ProxyProtoDisallowedVersionsIntegrationTest, V1Rejected) { +TEST_P(ProxyProtoDisallowedVersionsIntegrationTest, V1Disallowed) { initialize(); IntegrationTcpClientPtr tcp_client = makeTcpConnection(lookupPort("tcp_proxy")); ASSERT_TRUE(tcp_client->write("PROXY TCP4 1.2.3.4 254.254.254.254 12345 1234\r\nhello", /*end_stream=*/false, /*verify=*/false)); tcp_client->waitForDisconnect(); - EXPECT_EQ(test_server_->counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found"), 1); - EXPECT_EQ(test_server_->counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.disallowed"), - 1); + + // Verify stats (with tags for proxy protocol version). + const auto found_counter = + test_server_->counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found"); + EXPECT_EQ(found_counter->value(), 1UL); + EXPECT_EQ(found_counter->tagExtractedName(), "listener.downstream_cx_proxy_proto.versions.found"); + EXPECT_THAT(found_counter->tags(), IsSupersetOf(Stats::TagVector{ + {"envoy.listener_address", "test_listener"}, + {"envoy.proxy_protocol_version", "v1"}, + })); + + const auto disallowed_counter = test_server_->counter( + "listener.test_listener.downstream_cx_proxy_proto.versions.v1.disallowed"); + EXPECT_EQ(disallowed_counter->value(), 1UL); + EXPECT_EQ(disallowed_counter->tagExtractedName(), + "listener.downstream_cx_proxy_proto.versions.disallowed"); + EXPECT_THAT(disallowed_counter->tags(), IsSupersetOf(Stats::TagVector{ + {"envoy.listener_address", "test_listener"}, + {"envoy.proxy_protocol_version", "v1"}, + })); +} + +// Validate Envoy closes connection when PROXY protocol version 2 has parsing error. +TEST_P(ProxyProtoDisallowedVersionsIntegrationTest, V2Error) { + // A well-formed message with an unsupported address family + constexpr uint8_t buffer[] = {0x0d, 0x0a, 0x0d, 0x0a, 0x00, 0x0d, 0x0a, 0x51, 0x55, 0x49, + 0x54, 0x0a, 0x21, 0x41, 0x00, 0x0c, 0x01, 0x02, 0x03, 0x04, + 0x00, 0x01, 0x01, 0x02, 0x03, 0x05, 0x00, 0x02, 'm', 'o', + 'r', 'e', ' ', 'd', 'a', 't', 'a'}; + + initialize(); + IntegrationTcpClientPtr tcp_client = makeTcpConnection(lookupPort("tcp_proxy")); + Buffer::OwnedImpl buf(buffer, sizeof(buffer)); + ASSERT_TRUE(tcp_client->write(buf.toString(), /*end_stream=*/false, /*verify=*/false)); + tcp_client->waitForDisconnect(); + + // Verify stats (with tags for proxy protocol version). + const auto found_counter = + test_server_->counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error"); + EXPECT_EQ(found_counter->value(), 1UL); + EXPECT_EQ(found_counter->tagExtractedName(), "listener.downstream_cx_proxy_proto.versions.error"); + EXPECT_THAT(found_counter->tags(), IsSupersetOf(Stats::TagVector{ + {"envoy.listener_address", "test_listener"}, + {"envoy.proxy_protocol_version", "v2"}, + })); } } // namespace Envoy diff --git a/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc b/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc index 46144499bbd5..a92673f733a2 100644 --- a/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc +++ b/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc @@ -246,7 +246,9 @@ TEST_P(ProxyProtocolTest, V1UnsupportedIPv4) { write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, V1UnsupportedIPv6) { @@ -255,7 +257,9 @@ TEST_P(ProxyProtocolTest, V1UnsupportedIPv6) { write("PROXY TCP6 1:2:3::4 5:6::7:8 65535 1234\r\nmore data"); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, V1Basic) { @@ -270,7 +274,9 @@ TEST_P(ProxyProtocolTest, V1Basic) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found") + .value(), + 1); } TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocol) { @@ -378,7 +384,9 @@ TEST_P(ProxyProtocolTest, V1Minimal) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2Basic) { @@ -398,7 +406,9 @@ TEST_P(ProxyProtocolTest, V2Basic) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") + .value(), + 1); } TEST_P(ProxyProtocolTest, BasicV6) { @@ -413,7 +423,9 @@ TEST_P(ProxyProtocolTest, BasicV6) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2BasicV6) { @@ -435,7 +447,9 @@ TEST_P(ProxyProtocolTest, V2BasicV6) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2UnsupportedIPv4) { @@ -450,7 +464,9 @@ TEST_P(ProxyProtocolTest, V2UnsupportedIPv4) { write(buffer, sizeof(buffer)); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2UnsupportedIPv6) { @@ -467,7 +483,9 @@ TEST_P(ProxyProtocolTest, V2UnsupportedIPv6) { write(buffer, sizeof(buffer)); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2UnsupportedAF) { @@ -481,7 +499,9 @@ TEST_P(ProxyProtocolTest, V2UnsupportedAF) { expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, ErrorRecv_2) { @@ -665,7 +685,9 @@ TEST_P(ProxyProtocolTest, V2NotLocalOrOnBehalf) { expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2LocalConnection) { @@ -688,7 +710,9 @@ TEST_P(ProxyProtocolTest, V2LocalConnection) { EXPECT_FALSE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2LocalConnectionExtension) { @@ -711,7 +735,9 @@ TEST_P(ProxyProtocolTest, V2LocalConnectionExtension) { EXPECT_FALSE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2LocalConnectionFilterState) { @@ -741,7 +767,9 @@ TEST_P(ProxyProtocolTest, V2LocalConnectionFilterState) { EXPECT_FALSE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2ShortV4) { @@ -754,7 +782,9 @@ TEST_P(ProxyProtocolTest, V2ShortV4) { write(buffer, sizeof(buffer)); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2ShortV4WithAllowNoProxyProtocol) { @@ -769,7 +799,9 @@ TEST_P(ProxyProtocolTest, V2ShortV4WithAllowNoProxyProtocol) { write(buffer, sizeof(buffer)); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2ShortAddrV4) { @@ -783,7 +815,9 @@ TEST_P(ProxyProtocolTest, V2ShortAddrV4) { write(buffer, sizeof(buffer)); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2ShortV6) { @@ -797,7 +831,9 @@ TEST_P(ProxyProtocolTest, V2ShortV6) { write(buffer, sizeof(buffer)); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2ShortAddrV6) { @@ -813,7 +849,9 @@ TEST_P(ProxyProtocolTest, V2ShortAddrV6) { write(buffer, sizeof(buffer)); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2AF_UNIX) { @@ -827,7 +865,9 @@ TEST_P(ProxyProtocolTest, V2AF_UNIX) { expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2BadCommand) { @@ -841,7 +881,9 @@ TEST_P(ProxyProtocolTest, V2BadCommand) { expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2WrongVersion) { @@ -854,7 +896,9 @@ TEST_P(ProxyProtocolTest, V2WrongVersion) { write(buffer, sizeof(buffer)); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, V1TooLong) { @@ -885,7 +929,9 @@ TEST_P(ProxyProtocolTest, V1TooLongWithAllowNoProxyProtocol) { // Not allowed as unknown because of PROXY v1 signature match. // Not tracked as v1 due to missing /r/n at end. EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 0); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") + .value(), + 0); EXPECT_EQ( stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_allowed") .value(), @@ -915,7 +961,9 @@ TEST_P(ProxyProtocolTest, V2ParseExtensions) { expectData("DATA"); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2ParseExtensionsRecvError) { @@ -1044,7 +1092,9 @@ TEST_P(ProxyProtocolTest, V2ParseExtensionsFrag) { expectData("DATA"); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") + .value(), + 1); } TEST_P(ProxyProtocolTest, Fragmented) { @@ -1067,7 +1117,9 @@ TEST_P(ProxyProtocolTest, Fragmented) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2Fragmented1) { @@ -1091,7 +1143,9 @@ TEST_P(ProxyProtocolTest, V2Fragmented1) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2Fragmented2) { @@ -1115,7 +1169,9 @@ TEST_P(ProxyProtocolTest, V2Fragmented2) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2Fragmented3) { @@ -1141,7 +1197,9 @@ TEST_P(ProxyProtocolTest, V2Fragmented3) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2Fragmented4Error) { @@ -1384,7 +1442,9 @@ TEST_P(ProxyProtocolTest, PartialRead) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found") + .value(), + 1); } TEST_P(ProxyProtocolTest, PartialV1ReadWithAllowNoProxyProtocol) { @@ -1407,7 +1467,9 @@ TEST_P(ProxyProtocolTest, PartialV1ReadWithAllowNoProxyProtocol) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found") + .value(), + 1); } TEST_P(ProxyProtocolTest, TinyPartialV1ReadWithAllowNoProxyProtocol) { @@ -1434,7 +1496,9 @@ TEST_P(ProxyProtocolTest, TinyPartialV1ReadWithAllowNoProxyProtocol) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2PartialRead) { @@ -1461,7 +1525,9 @@ TEST_P(ProxyProtocolTest, V2PartialRead) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") + .value(), + 1); } TEST_P(ProxyProtocolTest, PartialV2ReadWithAllowNoProxyProtocol) { @@ -1492,7 +1558,9 @@ TEST_P(ProxyProtocolTest, PartialV2ReadWithAllowNoProxyProtocol) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") + .value(), + 1); } TEST_P(ProxyProtocolTest, TinyPartialV2ReadWithAllowNoProxyProtocol) { @@ -1523,7 +1591,9 @@ TEST_P(ProxyProtocolTest, TinyPartialV2ReadWithAllowNoProxyProtocol) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") + .value(), + 1); } const std::string ProxyProtocol = "envoy.filters.listener.proxy_protocol"; @@ -1568,7 +1638,9 @@ TEST_P(ProxyProtocolTest, V2ParseExtensionsLargeThanInitMaxReadBytes) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2ExtractTlvOfInterest) { @@ -1609,7 +1681,9 @@ TEST_P(ProxyProtocolTest, V2ExtractTlvOfInterest) { ASSERT_THAT(value_s, ElementsAre(0x66, 0x6f, 0x6f, 0x2e, 0x63, 0x6f, 0x6d)); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2ExtractTlvOfInterestAndEmitWithSpecifiedMetadataNamespace) { @@ -1651,7 +1725,9 @@ TEST_P(ProxyProtocolTest, V2ExtractTlvOfInterestAndEmitWithSpecifiedMetadataName ASSERT_THAT(value_s, ElementsAre(0x66, 0x6f, 0x6f, 0x2e, 0x63, 0x6f, 0x6d)); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2ExtractMultipleTlvsOfInterest) { @@ -1712,7 +1788,9 @@ TEST_P(ProxyProtocolTest, V2ExtractMultipleTlvsOfInterest) { 0x32, 0x66, 0x61, 0x36, 0x63, 0x36, 0x33, 0x68, 0x61, 0x37)); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2ExtractMultipleTlvsOfInterestAndSanitiseNonUtf8) { @@ -1778,7 +1856,9 @@ TEST_P(ProxyProtocolTest, V2ExtractMultipleTlvsOfInterestAndSanitiseNonUtf8) { 0x74, 0x32, 0x66, 0x61, 0x36, 0x63, 0x36, 0x33, 0x68, replacement, 0x37)); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2WillNotOverwriteTLV) { @@ -1829,7 +1909,9 @@ TEST_P(ProxyProtocolTest, V2WillNotOverwriteTLV) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2WrongTLVLength) { @@ -1853,7 +1935,9 @@ TEST_P(ProxyProtocolTest, V2WrongTLVLength) { expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2IncompleteTLV) { @@ -1884,7 +1968,9 @@ TEST_P(ProxyProtocolTest, V2IncompleteTLV) { expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterState) { @@ -1933,7 +2019,9 @@ TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterState) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterStateIncludeEmpty) { @@ -1971,7 +2059,9 @@ TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterStateIncludeEmpty) { EXPECT_EQ(0, proxy_proto_data.tlv_vector_.size()); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") + .value(), + 1); } TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterStateIncludeTlV) { @@ -2013,7 +2103,9 @@ TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterStateIncludeTlV) { proxy_proto_data.tlv_vector_[0].value.end())); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") + .value(), + 1); } TEST_P(ProxyProtocolTest, MalformedProxyLine) { @@ -2026,7 +2118,9 @@ TEST_P(ProxyProtocolTest, MalformedProxyLine) { expectProxyProtoError(); // Tracked as v1 because of trailing \r\n EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, MalformedProxyLineWithAllowNoProxyProtocol) { @@ -2062,7 +2156,9 @@ TEST_P(ProxyProtocolTest, NotEnoughFields) { write("PROXY TCP6 1:2:3::4 5:6::7:8 1234\r\nmore data"); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, UnsupportedProto) { @@ -2070,7 +2166,9 @@ TEST_P(ProxyProtocolTest, UnsupportedProto) { write("PROXY UDP6 1:2:3::4 5:6::7:8 1234 5678\r\nmore data"); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, InvalidSrcAddress) { @@ -2078,7 +2176,9 @@ TEST_P(ProxyProtocolTest, InvalidSrcAddress) { write("PROXY TCP4 230.0.0.1 10.1.1.3 1234 5678\r\nmore data"); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, InvalidDstAddress) { @@ -2086,7 +2186,9 @@ TEST_P(ProxyProtocolTest, InvalidDstAddress) { write("PROXY TCP4 10.1.1.2 0.0.0.0 1234 5678\r\nmore data"); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, BadPort) { @@ -2094,7 +2196,9 @@ TEST_P(ProxyProtocolTest, BadPort) { write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, NegativePort) { @@ -2102,7 +2206,9 @@ TEST_P(ProxyProtocolTest, NegativePort) { write("PROXY TCP6 1:2:3::4 5:6::7:8 -1 1234\r\nmore data"); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, PortOutOfRange) { @@ -2110,7 +2216,9 @@ TEST_P(ProxyProtocolTest, PortOutOfRange) { write("PROXY TCP6 1:2:3::4 5:6::7:8 66776 1234\r\nmore data"); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, BadAddress) { @@ -2118,7 +2226,9 @@ TEST_P(ProxyProtocolTest, BadAddress) { write("PROXY TCP6 1::2:3::4 5:6::7:8 1234 5678\r\nmore data"); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, AddressVersionsNotMatch) { @@ -2126,7 +2236,9 @@ TEST_P(ProxyProtocolTest, AddressVersionsNotMatch) { write("PROXY TCP4 [1:2:3::4] 1.2.3.4 1234 5678\r\nmore data"); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, AddressVersionsNotMatch2) { @@ -2134,7 +2246,9 @@ TEST_P(ProxyProtocolTest, AddressVersionsNotMatch2) { write("PROXY TCP4 1.2.3.4 [1:2:3: 1234 4]:5678\r\nmore data"); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") + .value(), + 1); } TEST_P(ProxyProtocolTest, Truncated) { @@ -2260,7 +2374,9 @@ TEST_P(ProxyProtocolTest, DrainError) { expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") + .value(), + 1); } #endif @@ -2295,7 +2411,9 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV2BasicAllowed) { expectData("more data"); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") + .value(), + 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV2BasicRejected) { @@ -2311,8 +2429,11 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV2BasicRejected) { write(buffer, sizeof(buffer)); expectConnectionError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); - EXPECT_EQ(stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.disallowed") + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") + .value(), + 1); + EXPECT_EQ(stats_store_ + .counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.disallowed") .value(), 1); } @@ -2330,8 +2451,11 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1V2DisallowedV2BasicRejected) { write(buffer, sizeof(buffer)); expectConnectionError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); - EXPECT_EQ(stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.disallowed") + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") + .value(), + 1); + EXPECT_EQ(stats_store_ + .counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.disallowed") .value(), 1); } @@ -2348,7 +2472,9 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV2ShortError) { write(buffer, sizeof(buffer)); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") + .value(), + 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV2ShortRejected) { @@ -2363,8 +2489,11 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV2ShortRejected) { write(buffer, sizeof(buffer)); expectConnectionError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); - EXPECT_EQ(stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.disallowed") + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") + .value(), + 1); + EXPECT_EQ(stats_store_ + .counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.disallowed") .value(), 1); } @@ -2378,7 +2507,9 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV1BasicAllowed) { expectData("more data"); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found") + .value(), + 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV1BasicRejected) { @@ -2389,8 +2520,11 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV1BasicRejected) { write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectConnectionError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found").value(), 1); - EXPECT_EQ(stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.disallowed") + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found") + .value(), + 1); + EXPECT_EQ(stats_store_ + .counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.disallowed") .value(), 1); } @@ -2403,7 +2537,9 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV1BadPortError) { write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") + .value(), + 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V1V2DisallowedV1BasicRejected) { @@ -2414,8 +2550,11 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1V2DisallowedV1BasicRejected) { write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectConnectionError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found").value(), 1); - EXPECT_EQ(stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.disallowed") + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found") + .value(), + 1); + EXPECT_EQ(stats_store_ + .counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.disallowed") .value(), 1); } @@ -2428,8 +2567,11 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV1BadPortError) { write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); expectConnectionError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found").value(), 1); - EXPECT_EQ(stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.disallowed") + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found") + .value(), + 1); + EXPECT_EQ(stats_store_ + .counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.disallowed") .value(), 1); } @@ -2465,7 +2607,9 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV2BasicA expectData("more data"); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") + .value(), + 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV2BasicAllowed) { @@ -2499,7 +2643,9 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV2ShortE write(buffer, sizeof(buffer)); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") + .value(), + 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV2ShortAllowed) { @@ -2529,7 +2675,9 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV1BasicA expectData("more data"); disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found") + .value(), + 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV1BasicAllowed) { @@ -2554,7 +2702,9 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV1BadPor write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); expectProxyProtoError(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") + .value(), + 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV1BadPortAllowed) { @@ -2776,7 +2926,9 @@ TEST_P(WildcardProxyProtocolTest, Basic) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found") + .value(), + 1); } TEST_P(WildcardProxyProtocolTest, BasicV6) { @@ -2793,7 +2945,9 @@ TEST_P(WildcardProxyProtocolTest, BasicV6) { disconnect(); EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found").value(), 1); + stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found") + .value(), + 1); } TEST(ProxyProtocolConfigFactoryTest, TestCreateFactory) { From 4a26f8eabc4389ae6128b50c93355c8f7ee8efc7 Mon Sep 17 00:00:00 2001 From: Teju Nareddy Date: Wed, 20 Mar 2024 17:25:17 -0500 Subject: [PATCH 21/29] runtime safetey for enum Signed-off-by: Teju Nareddy --- .../filters/listener/proxy_protocol/proxy_protocol.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc index ada94d7e1b0e..18cd2d2ffc17 100644 --- a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc +++ b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc @@ -78,7 +78,8 @@ void GeneralProxyProtocolStats::increment(ReadOrParseState decision) { not_found_disallowed_.inc(); break; case ReadOrParseState::Denied: - PANIC_DUE_TO_CORRUPT_ENUM; // Should never happen. + IS_ENVOY_BUG("ReadOrParseState can never be Denied when proxy protocol is not found"); + break; } } From ccfdb1bdc5f679b0387aa9db058841380ce9e9b5 Mon Sep 17 00:00:00 2001 From: Teju Nareddy Date: Mon, 25 Mar 2024 17:53:17 -0500 Subject: [PATCH 22/29] review comments: remove listener scope, throw validation exception, improve stat tag Signed-off-by: Teju Nareddy --- .../listener_filters/proxy_protocol.rst | 6 +- source/common/config/well_known_names.cc | 4 +- .../filters/listener/proxy_protocol/config.cc | 3 +- .../listener/proxy_protocol/proxy_protocol.cc | 18 +- .../listener/proxy_protocol/proxy_protocol.h | 21 +- test/common/stats/tag_extractor_impl_test.cc | 7 +- .../proxy_protocol_regression_test.cc | 6 +- .../proxy_proto_integration_test.cc | 25 +- .../proxy_protocol_fuzz_test.cc | 3 +- .../proxy_protocol/proxy_protocol_test.cc | 509 ++++-------------- 10 files changed, 145 insertions(+), 457 deletions(-) diff --git a/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst b/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst index bd060c04827d..fcdf48c2ac7f 100644 --- a/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst +++ b/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst @@ -33,7 +33,7 @@ If there is a protocol error or an unsupported address family Statistics ---------- -This filter emits the following general statistics, rooted at *listener..downstream_cx_proxy_proto* +This filter emits the following general statistics, rooted at *downstream_cx_proxy_proto* .. csv-table:: :header: Name, Type, Description @@ -43,7 +43,7 @@ This filter emits the following general statistics, rooted at *listener.`." -The filter also emits the statistics rooted at *listener..downstream_cx_proxy_proto.versions.* +The filter also emits the statistics rooted at *downstream_cx_proxy_proto.versions.* for each matched PROXY protocol version. Proxy protocol versions include ``v1`` and ``v2``. .. csv-table:: @@ -64,4 +64,4 @@ The filter also emits the following legacy statistics, rooted at its own scope: .. attention:: The legacy statistics are deprecated and kept for backwards compatibility. - Prefer using the other statistics above, which are emitted on a per-listener basis and are more detailed. + Prefer using the other statistics above, which are more detailed. diff --git a/source/common/config/well_known_names.cc b/source/common/config/well_known_names.cc index 975292ac589f..a970f0a5267e 100644 --- a/source/common/config/well_known_names.cc +++ b/source/common/config/well_known_names.cc @@ -212,8 +212,8 @@ TagNameValues::TagNameValues() { // http..rbac.(.)* addTokenized(RBAC_HTTP_PREFIX, "http.*.rbac.$.**"); - // listener.[
.]downstream_cx_proxy_proto.versions.().** - addRe2(PROXY_PROTOCOL_VERSION, R"(downstream_cx_proxy_proto\.versions(\.()))", ""); + // downstream_cx_proxy_proto.versions.().** + addTokenized(PROXY_PROTOCOL_VERSION, "downstream_cx_proxy_proto.versions.$.**"); } void TagNameValues::addRe2(const std::string& name, const std::string& regex, diff --git a/source/extensions/filters/listener/proxy_protocol/config.cc b/source/extensions/filters/listener/proxy_protocol/config.cc index bcc54edd7a33..8044b2deb31f 100644 --- a/source/extensions/filters/listener/proxy_protocol/config.cc +++ b/source/extensions/filters/listener/proxy_protocol/config.cc @@ -28,8 +28,7 @@ class ProxyProtocolConfigFactory : public Server::Configuration::NamedListenerFi const envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol&>( message, context.messageValidationVisitor()); - ConfigSharedPtr config = - std::make_shared(context.scope(), context.listenerScope(), proto_config); + ConfigSharedPtr config = std::make_shared(context.scope(), proto_config); return [listener_filter_matcher, config](Network::ListenerFilterManager& filter_manager) -> void { filter_manager.addAcceptFilter(listener_filter_matcher, std::make_unique(config)); diff --git a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc index 18cd2d2ffc17..40c42955bd2f 100644 --- a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc +++ b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc @@ -53,17 +53,17 @@ namespace ProxyProtocol { constexpr absl::string_view kProxyProtoStatsPrefix = "downstream_cx_proxy_proto."; constexpr absl::string_view kVersionStatsPrefix = "versions."; -ProxyProtocolStats ProxyProtocolStats::create(Stats::Scope& scope, Stats::Scope& listener_scope) { +ProxyProtocolStats ProxyProtocolStats::create(Stats::Scope& scope) { return { /*legacy_=*/{LEGACY_PROXY_PROTOCOL_STATS(POOL_COUNTER(scope))}, /*general_=*/ - {GENERAL_PROXY_PROTOCOL_STATS(POOL_COUNTER_PREFIX(listener_scope, kProxyProtoStatsPrefix))}, + {GENERAL_PROXY_PROTOCOL_STATS(POOL_COUNTER_PREFIX(scope, kProxyProtoStatsPrefix))}, /*v1_=*/ {VERSIONED_PROXY_PROTOCOL_STATS(POOL_COUNTER_PREFIX( - listener_scope, absl::StrCat(kProxyProtoStatsPrefix, kVersionStatsPrefix, "v1.")))}, + scope, absl::StrCat(kProxyProtoStatsPrefix, kVersionStatsPrefix, "v1.")))}, /*v2_=*/ {VERSIONED_PROXY_PROTOCOL_STATS(POOL_COUNTER_PREFIX( - listener_scope, absl::StrCat(kProxyProtoStatsPrefix, kVersionStatsPrefix, "v2.")))}, + scope, absl::StrCat(kProxyProtoStatsPrefix, kVersionStatsPrefix, "v2.")))}, }; } @@ -101,9 +101,9 @@ void VersionedProxyProtocolStats::increment(ReadOrParseState decision) { } Config::Config( - Stats::Scope& scope, Stats::Scope& listener_scope, + Stats::Scope& scope, const envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol& proto_config) - : stats_(ProxyProtocolStats::create(scope, listener_scope)), + : stats_(ProxyProtocolStats::create(scope)), allow_requests_without_proxy_protocol_(proto_config.allow_requests_without_proxy_protocol()), pass_all_tlvs_(proto_config.has_pass_through_tlvs() ? proto_config.pass_through_tlvs().match_type() == @@ -131,6 +131,12 @@ Config::Config( break; } } + + // Remove this check if PPv3 ever becomes a standard. + if (!allow_v1_ && !allow_v2_) { + throw ProtoValidationException( + "Proxy Protocol filter is misconfigured: all proxy protocol versions are disallowed."); + } } const KeyValuePair* Config::isTlvTypeNeeded(uint8_t type) const { diff --git a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.h b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.h index ef6b19579a48..b3507e1a6071 100644 --- a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.h +++ b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.h @@ -28,12 +28,13 @@ enum class ProxyProtocolVersion { NotFound = 0, V1 = 1, V2 = 2 }; enum class ReadOrParseState { Done, TryAgainLater, Error, Denied }; /** - * Legacy stats that are under the root scope. Kept for backwards compatibility. + * Legacy stats that are under the root scope, not under the filter's scope. + * Kept for backwards compatibility. * @deprecated Use GeneralProxyProtocolStats instead. * @see stats_macros.h */ // clang-format off -#define LEGACY_PROXY_PROTOCOL_STATS(COUNTER) \ +#define LEGACY_PROXY_PROTOCOL_STATS(COUNTER) \ COUNTER(downstream_cx_proxy_proto_error) // clang-format on @@ -42,11 +43,11 @@ struct LegacyProxyProtocolStats { }; /** - * Stats reported for the filter. + * Stats reported for the filter, rooted under the filter's scope. * @see stats_macros.h */ // clang-format off -#define GENERAL_PROXY_PROTOCOL_STATS(COUNTER) \ +#define GENERAL_PROXY_PROTOCOL_STATS(COUNTER) \ COUNTER(not_found_allowed) \ COUNTER(not_found_disallowed) // clang-format on @@ -66,8 +67,8 @@ struct GeneralProxyProtocolStats { */ // clang-format off #define VERSIONED_PROXY_PROTOCOL_STATS(COUNTER) \ - COUNTER(found) \ - COUNTER(disallowed) \ + COUNTER(found) \ + COUNTER(disallowed) \ COUNTER(error) // clang-format on @@ -92,10 +93,10 @@ struct ProxyProtocolStats { /** * Create an instance of the stats struct with all stats for the filter. * - * For backwards compatibility, the legacy stats are rooted at this filter's own scope. - * The general and versioned stats are correctly rooted at the listener's scope. + * For backwards compatibility, the legacy stats are rooted under their own scope. + * The general and versioned stats are correctly rooted at this filter's own scope. */ - static ProxyProtocolStats create(Stats::Scope& scope, Stats::Scope& listener_scope); + static ProxyProtocolStats create(Stats::Scope& scope); }; /** @@ -104,7 +105,7 @@ struct ProxyProtocolStats { class Config : public Logger::Loggable { public: Config( - Stats::Scope& scope, Stats::Scope& listener_scope, + Stats::Scope& scope, const envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol& proto_config); ProxyProtocolStats stats_; diff --git a/test/common/stats/tag_extractor_impl_test.cc b/test/common/stats/tag_extractor_impl_test.cc index a235d9be951e..28ce479ca542 100644 --- a/test/common/stats/tag_extractor_impl_test.cc +++ b/test/common/stats/tag_extractor_impl_test.cc @@ -466,11 +466,8 @@ TEST(TagExtractorTest, DefaultTagExtractors) { Tag proxy_protocol_version; proxy_protocol_version.name_ = tag_names.PROXY_PROTOCOL_VERSION; proxy_protocol_version.value_ = "v2"; - - listener_address.value_ = "[__1]_443"; - regex_tester.testRegex("listener.[__1]_443.downstream_cx_proxy_proto.versions.v2.error", - "listener.downstream_cx_proxy_proto.versions.error", - {listener_address, proxy_protocol_version}); + regex_tester.testRegex("downstream_cx_proxy_proto.versions.v2.error", + "downstream_cx_proxy_proto.versions.error", {proxy_protocol_version}); } TEST(TagExtractorTest, ExtAuthzTagExtractors) { diff --git a/test/extensions/common/proxy_protocol/proxy_protocol_regression_test.cc b/test/extensions/common/proxy_protocol/proxy_protocol_regression_test.cc index bf575b7d084b..ee5732e61735 100644 --- a/test/extensions/common/proxy_protocol/proxy_protocol_regression_test.cc +++ b/test/extensions/common/proxy_protocol/proxy_protocol_regression_test.cc @@ -80,9 +80,7 @@ class ProxyProtocolRegressionTest : public testing::TestWithParam( std::make_shared( - *stats_store_.rootScope(), listenerScope(), + listenerScope(), envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol()))); maybeExitDispatcher(); return true; diff --git a/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc b/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc index ab2cc40785af..02191c8698a2 100644 --- a/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc +++ b/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc @@ -116,12 +116,10 @@ TEST_P(ProxyProtoIntegrationTest, V2RouterRequestAndResponseWithBodyNoBufferV6) testRouterRequestAndResponseWithBody(1024, 512, false, false, &creator); // Verify stats (with tags for proxy protocol version). - const auto found_counter = - test_server_->counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found"); + const auto found_counter = test_server_->counter("downstream_cx_proxy_proto.versions.v2.found"); EXPECT_EQ(found_counter->value(), 1UL); - EXPECT_EQ(found_counter->tagExtractedName(), "listener.downstream_cx_proxy_proto.versions.found"); + EXPECT_EQ(found_counter->tagExtractedName(), "downstream_cx_proxy_proto.versions.found"); EXPECT_THAT(found_counter->tags(), IsSupersetOf(Stats::TagVector{ - {"envoy.listener_address", "test_listener"}, {"envoy.proxy_protocol_version", "v2"}, })); } @@ -402,22 +400,19 @@ TEST_P(ProxyProtoDisallowedVersionsIntegrationTest, V1Disallowed) { tcp_client->waitForDisconnect(); // Verify stats (with tags for proxy protocol version). - const auto found_counter = - test_server_->counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found"); + const auto found_counter = test_server_->counter("downstream_cx_proxy_proto.versions.v1.found"); EXPECT_EQ(found_counter->value(), 1UL); - EXPECT_EQ(found_counter->tagExtractedName(), "listener.downstream_cx_proxy_proto.versions.found"); + EXPECT_EQ(found_counter->tagExtractedName(), "downstream_cx_proxy_proto.versions.found"); EXPECT_THAT(found_counter->tags(), IsSupersetOf(Stats::TagVector{ - {"envoy.listener_address", "test_listener"}, {"envoy.proxy_protocol_version", "v1"}, })); - const auto disallowed_counter = test_server_->counter( - "listener.test_listener.downstream_cx_proxy_proto.versions.v1.disallowed"); + const auto disallowed_counter = + test_server_->counter("downstream_cx_proxy_proto.versions.v1.disallowed"); EXPECT_EQ(disallowed_counter->value(), 1UL); EXPECT_EQ(disallowed_counter->tagExtractedName(), - "listener.downstream_cx_proxy_proto.versions.disallowed"); + "downstream_cx_proxy_proto.versions.disallowed"); EXPECT_THAT(disallowed_counter->tags(), IsSupersetOf(Stats::TagVector{ - {"envoy.listener_address", "test_listener"}, {"envoy.proxy_protocol_version", "v1"}, })); } @@ -437,12 +432,10 @@ TEST_P(ProxyProtoDisallowedVersionsIntegrationTest, V2Error) { tcp_client->waitForDisconnect(); // Verify stats (with tags for proxy protocol version). - const auto found_counter = - test_server_->counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error"); + const auto found_counter = test_server_->counter("downstream_cx_proxy_proto.versions.v2.error"); EXPECT_EQ(found_counter->value(), 1UL); - EXPECT_EQ(found_counter->tagExtractedName(), "listener.downstream_cx_proxy_proto.versions.error"); + EXPECT_EQ(found_counter->tagExtractedName(), "downstream_cx_proxy_proto.versions.error"); EXPECT_THAT(found_counter->tags(), IsSupersetOf(Stats::TagVector{ - {"envoy.listener_address", "test_listener"}, {"envoy.proxy_protocol_version", "v2"}, })); } diff --git a/test/extensions/filters/listener/proxy_protocol/proxy_protocol_fuzz_test.cc b/test/extensions/filters/listener/proxy_protocol/proxy_protocol_fuzz_test.cc index 921e4a72057f..f8400374608b 100644 --- a/test/extensions/filters/listener/proxy_protocol/proxy_protocol_fuzz_test.cc +++ b/test/extensions/filters/listener/proxy_protocol/proxy_protocol_fuzz_test.cc @@ -19,8 +19,7 @@ DEFINE_PROTO_FUZZER( } Stats::IsolatedStoreImpl store; - ConfigSharedPtr cfg = std::make_shared( - *store.rootScope(), *store.createScope("listener.test"), input.config()); + ConfigSharedPtr cfg = std::make_shared(*store.rootScope(), input.config()); auto filter = std::make_unique(std::move(cfg)); ListenerFilterWithDataFuzzer fuzzer; diff --git a/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc b/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc index a92673f733a2..fd5859aacc43 100644 --- a/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc +++ b/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc @@ -53,8 +53,16 @@ namespace ListenerFilters { namespace ProxyProtocol { namespace { -// Build again on the basis of the connection_handler_test.cc +TEST(ConfigTest, AllVersionsCannotBeDisallowed) { + envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config; + proto_config.mutable_disallowed_versions()->Add(ProxyProtocolConfig::V1); + proto_config.mutable_disallowed_versions()->Add(ProxyProtocolConfig::V2); + Stats::TestUtil::TestStore stats_store; + EXPECT_THROW(ProxyProtocol::Config(*stats_store.rootScope(), proto_config), + ProtoValidationException); +} +// Build again on the basis of the connection_handler_test.cc class ProxyProtocolTest : public testing::TestWithParam, public Network::ListenerConfig, public Network::FilterChainManager, @@ -143,7 +151,7 @@ class ProxyProtocolTest : public testing::TestWithParam bool { filter_manager.addAcceptFilter( nullptr, std::make_unique(std::make_shared( - *stats_store_.rootScope(), listenerScope(), + *stats_store_.rootScope(), (nullptr != proto_config) ? *proto_config : envoy::extensions::filters::listener:: proxy_protocol::v3::ProxyProtocol()))); @@ -245,10 +253,7 @@ TEST_P(ProxyProtocolTest, V1UnsupportedIPv4) { Cleanup cleaner = Network::Address::Ipv4Instance::forceProtocolUnsupportedForTest(true); write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, V1UnsupportedIPv6) { @@ -256,10 +261,7 @@ TEST_P(ProxyProtocolTest, V1UnsupportedIPv6) { Cleanup cleaner = Network::Address::Ipv6Instance::forceProtocolUnsupportedForTest(true); write("PROXY TCP6 1:2:3::4 5:6::7:8 65535 1234\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, V1Basic) { @@ -273,10 +275,7 @@ TEST_P(ProxyProtocolTest, V1Basic) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocol) { @@ -294,10 +293,7 @@ TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocol) { write(msg); expectData(msg); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_allowed") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_allowed").value(), 1); } TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocolPartialMatchesV1First) { @@ -317,10 +313,7 @@ TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocolPartialMatchesV1First) { write(msg); expectData(msg); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_allowed") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_allowed").value(), 1); } TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocolPartialMatchesV2First) { @@ -340,10 +333,7 @@ TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocolPartialMatchesV2First) { write(msg); expectData(msg); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_allowed") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_allowed").value(), 1); } TEST_P(ProxyProtocolTest, AllowLargeNoProxyProtocol) { @@ -361,10 +351,7 @@ TEST_P(ProxyProtocolTest, AllowLargeNoProxyProtocol) { write(msg); expectData(msg); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_allowed") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_allowed").value(), 1); } TEST_P(ProxyProtocolTest, V1Minimal) { @@ -383,10 +370,7 @@ TEST_P(ProxyProtocolTest, V1Minimal) { EXPECT_FALSE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolTest, V2Basic) { @@ -405,10 +389,7 @@ TEST_P(ProxyProtocolTest, V2Basic) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, BasicV6) { @@ -422,10 +403,7 @@ TEST_P(ProxyProtocolTest, BasicV6) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolTest, V2BasicV6) { @@ -446,10 +424,7 @@ TEST_P(ProxyProtocolTest, V2BasicV6) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2UnsupportedIPv4) { @@ -463,10 +438,7 @@ TEST_P(ProxyProtocolTest, V2UnsupportedIPv4) { Cleanup cleaner = Network::Address::Ipv4Instance::forceProtocolUnsupportedForTest(true); write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2UnsupportedIPv6) { @@ -482,10 +454,7 @@ TEST_P(ProxyProtocolTest, V2UnsupportedIPv6) { Cleanup cleaner = Network::Address::Ipv6Instance::forceProtocolUnsupportedForTest(true); write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2UnsupportedAF) { @@ -498,10 +467,7 @@ TEST_P(ProxyProtocolTest, V2UnsupportedAF) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, ErrorRecv_2) { @@ -684,10 +650,7 @@ TEST_P(ProxyProtocolTest, V2NotLocalOrOnBehalf) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2LocalConnection) { @@ -709,10 +672,7 @@ TEST_P(ProxyProtocolTest, V2LocalConnection) { } EXPECT_FALSE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2LocalConnectionExtension) { @@ -734,10 +694,7 @@ TEST_P(ProxyProtocolTest, V2LocalConnectionExtension) { } EXPECT_FALSE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2LocalConnectionFilterState) { @@ -766,10 +723,7 @@ TEST_P(ProxyProtocolTest, V2LocalConnectionFilterState) { } EXPECT_FALSE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ShortV4) { @@ -781,10 +735,7 @@ TEST_P(ProxyProtocolTest, V2ShortV4) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ShortV4WithAllowNoProxyProtocol) { @@ -798,10 +749,7 @@ TEST_P(ProxyProtocolTest, V2ShortV4WithAllowNoProxyProtocol) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ShortAddrV4) { @@ -814,10 +762,7 @@ TEST_P(ProxyProtocolTest, V2ShortAddrV4) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ShortV6) { @@ -830,10 +775,7 @@ TEST_P(ProxyProtocolTest, V2ShortV6) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ShortAddrV6) { @@ -848,10 +790,7 @@ TEST_P(ProxyProtocolTest, V2ShortAddrV6) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2AF_UNIX) { @@ -864,10 +803,7 @@ TEST_P(ProxyProtocolTest, V2AF_UNIX) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2BadCommand) { @@ -880,10 +816,7 @@ TEST_P(ProxyProtocolTest, V2BadCommand) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2WrongVersion) { @@ -895,10 +828,7 @@ TEST_P(ProxyProtocolTest, V2WrongVersion) { connect(false); write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V1TooLong) { @@ -910,10 +840,7 @@ TEST_P(ProxyProtocolTest, V1TooLong) { } expectProxyProtoError(); // Not tracked as v1 due to missing /r/n at end - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_disallowed") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_disallowed").value(), 1); } TEST_P(ProxyProtocolTest, V1TooLongWithAllowNoProxyProtocol) { @@ -928,18 +855,9 @@ TEST_P(ProxyProtocolTest, V1TooLongWithAllowNoProxyProtocol) { expectProxyProtoError(); // Not allowed as unknown because of PROXY v1 signature match. // Not tracked as v1 due to missing /r/n at end. - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") - .value(), - 0); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_allowed") - .value(), - 0); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_disallowed") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 0); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_allowed").value(), 0); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_disallowed").value(), 1); } TEST_P(ProxyProtocolTest, V2ParseExtensions) { @@ -960,10 +878,7 @@ TEST_P(ProxyProtocolTest, V2ParseExtensions) { write(data, sizeof(data)); expectData("DATA"); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ParseExtensionsRecvError) { @@ -1091,10 +1006,7 @@ TEST_P(ProxyProtocolTest, V2ParseExtensionsFrag) { write(data, sizeof(data)); expectData("DATA"); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, Fragmented) { @@ -1116,10 +1028,7 @@ TEST_P(ProxyProtocolTest, Fragmented) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolTest, V2Fragmented1) { @@ -1142,10 +1051,7 @@ TEST_P(ProxyProtocolTest, V2Fragmented1) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2Fragmented2) { @@ -1168,10 +1074,7 @@ TEST_P(ProxyProtocolTest, V2Fragmented2) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2Fragmented3) { @@ -1196,10 +1099,7 @@ TEST_P(ProxyProtocolTest, V2Fragmented3) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2Fragmented4Error) { @@ -1441,10 +1341,7 @@ TEST_P(ProxyProtocolTest, PartialRead) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolTest, PartialV1ReadWithAllowNoProxyProtocol) { @@ -1466,10 +1363,7 @@ TEST_P(ProxyProtocolTest, PartialV1ReadWithAllowNoProxyProtocol) { "254.254.254.254"); EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolTest, TinyPartialV1ReadWithAllowNoProxyProtocol) { @@ -1495,10 +1389,7 @@ TEST_P(ProxyProtocolTest, TinyPartialV1ReadWithAllowNoProxyProtocol) { "254.254.254.254"); EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolTest, V2PartialRead) { @@ -1524,10 +1415,7 @@ TEST_P(ProxyProtocolTest, V2PartialRead) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, PartialV2ReadWithAllowNoProxyProtocol) { @@ -1557,10 +1445,7 @@ TEST_P(ProxyProtocolTest, PartialV2ReadWithAllowNoProxyProtocol) { "1.2.3.4"); EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, TinyPartialV2ReadWithAllowNoProxyProtocol) { @@ -1590,10 +1475,7 @@ TEST_P(ProxyProtocolTest, TinyPartialV2ReadWithAllowNoProxyProtocol) { "1.2.3.4"); EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); } const std::string ProxyProtocol = "envoy.filters.listener.proxy_protocol"; @@ -1637,10 +1519,7 @@ TEST_P(ProxyProtocolTest, V2ParseExtensionsLargeThanInitMaxReadBytes) { EXPECT_EQ(tlv_data, value_s); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractTlvOfInterest) { @@ -1680,10 +1559,7 @@ TEST_P(ProxyProtocolTest, V2ExtractTlvOfInterest) { auto value_s = fields.at("PP2 type authority").string_value(); ASSERT_THAT(value_s, ElementsAre(0x66, 0x6f, 0x6f, 0x2e, 0x63, 0x6f, 0x6d)); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractTlvOfInterestAndEmitWithSpecifiedMetadataNamespace) { @@ -1724,10 +1600,7 @@ TEST_P(ProxyProtocolTest, V2ExtractTlvOfInterestAndEmitWithSpecifiedMetadataName auto value_s = fields.at("PP2 type authority").string_value(); ASSERT_THAT(value_s, ElementsAre(0x66, 0x6f, 0x6f, 0x2e, 0x63, 0x6f, 0x6d)); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractMultipleTlvsOfInterest) { @@ -1787,10 +1660,7 @@ TEST_P(ProxyProtocolTest, V2ExtractMultipleTlvsOfInterest) { ElementsAre(0x01, 0x76, 0x70, 0x63, 0x2d, 0x30, 0x32, 0x35, 0x74, 0x65, 0x73, 0x74, 0x32, 0x66, 0x61, 0x36, 0x63, 0x36, 0x33, 0x68, 0x61, 0x37)); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractMultipleTlvsOfInterestAndSanitiseNonUtf8) { @@ -1855,10 +1725,7 @@ TEST_P(ProxyProtocolTest, V2ExtractMultipleTlvsOfInterestAndSanitiseNonUtf8) { ElementsAre(0x01, 0x76, 0x70, 0x63, 0x2d, 0x30, replacement, 0x35, 0x74, 0x65, 0x73, 0x74, 0x32, 0x66, 0x61, 0x36, 0x63, 0x36, 0x33, 0x68, replacement, 0x37)); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2WillNotOverwriteTLV) { @@ -1908,10 +1775,7 @@ TEST_P(ProxyProtocolTest, V2WillNotOverwriteTLV) { ASSERT_THAT(value_type_authority, ElementsAre(0x66, 0x6f, 0x6f, 0x2e, 0x63, 0x6f, 0x6d)); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2WrongTLVLength) { @@ -1934,10 +1798,7 @@ TEST_P(ProxyProtocolTest, V2WrongTLVLength) { write(tlv, sizeof(tlv)); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2IncompleteTLV) { @@ -1967,10 +1828,7 @@ TEST_P(ProxyProtocolTest, V2IncompleteTLV) { write(tlv2, sizeof(tlv2)); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterState) { @@ -2018,10 +1876,7 @@ TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterState) { proxy_proto_data.tlv_vector_[1].value.end())); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterStateIncludeEmpty) { @@ -2058,10 +1913,7 @@ TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterStateIncludeEmpty) { EXPECT_EQ(0, proxy_proto_data.tlv_vector_.size()); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterStateIncludeTlV) { @@ -2102,10 +1954,7 @@ TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterStateIncludeTlV) { EXPECT_EQ("foo.com", std::string(proxy_proto_data.tlv_vector_[0].value.begin(), proxy_proto_data.tlv_vector_[0].value.end())); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, MalformedProxyLine) { @@ -2117,10 +1966,7 @@ TEST_P(ProxyProtocolTest, MalformedProxyLine) { expectProxyProtoError(); // Tracked as v1 because of trailing \r\n - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, MalformedProxyLineWithAllowNoProxyProtocol) { @@ -2134,10 +1980,7 @@ TEST_P(ProxyProtocolTest, MalformedProxyLineWithAllowNoProxyProtocol) { disconnect(); // Tracked as unknown because `set_allow_requests_without_proxy_protocol` matches v1 signature // differently that previous test case. - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_allowed") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_allowed").value(), 1); } TEST_P(ProxyProtocolTest, ProxyLineTooLarge) { @@ -2145,110 +1988,77 @@ TEST_P(ProxyProtocolTest, ProxyLineTooLarge) { write("012345678901234567890123456789012345678901234567890123456789" "012345678901234567890123456789012345678901234567890123456789"); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_disallowed") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_disallowed").value(), 1); } TEST_P(ProxyProtocolTest, NotEnoughFields) { connect(false); write("PROXY TCP6 1:2:3::4 5:6::7:8 1234\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, UnsupportedProto) { connect(false); write("PROXY UDP6 1:2:3::4 5:6::7:8 1234 5678\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, InvalidSrcAddress) { connect(false); write("PROXY TCP4 230.0.0.1 10.1.1.3 1234 5678\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, InvalidDstAddress) { connect(false); write("PROXY TCP4 10.1.1.2 0.0.0.0 1234 5678\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, BadPort) { connect(false); write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, NegativePort) { connect(false); write("PROXY TCP6 1:2:3::4 5:6::7:8 -1 1234\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, PortOutOfRange) { connect(false); write("PROXY TCP6 1:2:3::4 5:6::7:8 66776 1234\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, BadAddress) { connect(false); write("PROXY TCP6 1::2:3::4 5:6::7:8 1234 5678\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, AddressVersionsNotMatch) { connect(false); write("PROXY TCP4 [1:2:3::4] 1.2.3.4 1234 5678\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, AddressVersionsNotMatch2) { connect(false); write("PROXY TCP4 1.2.3.4 [1:2:3: 1234 4]:5678\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, Truncated) { @@ -2373,10 +2183,7 @@ TEST_P(ProxyProtocolTest, DrainError) { write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); } #endif @@ -2410,10 +2217,7 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV2BasicAllowed) { write(buffer, sizeof(buffer)); expectData("more data"); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV2BasicRejected) { @@ -2428,36 +2232,8 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV2BasicRejected) { 'r', 'e', ' ', 'd', 'a', 't', 'a'}; write(buffer, sizeof(buffer)); expectConnectionError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") - .value(), - 1); - EXPECT_EQ(stats_store_ - .counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.disallowed") - .value(), - 1); -} - -TEST_P(ProxyProtocolDisallowedVersionsTest, V1V2DisallowedV2BasicRejected) { - envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = - createConfig({ProxyProtocolConfig::V1, ProxyProtocolConfig::V2}); - connect(false, &proto_config); - - // A well-formed ipv4/tcp message, no extensions - constexpr uint8_t buffer[] = {0x0d, 0x0a, 0x0d, 0x0a, 0x00, 0x0d, 0x0a, 0x51, 0x55, 0x49, - 0x54, 0x0a, 0x21, 0x11, 0x00, 0x0c, 0x01, 0x02, 0x03, 0x04, - 0x00, 0x01, 0x01, 0x02, 0x03, 0x05, 0x00, 0x02, 'm', 'o', - 'r', 'e', ' ', 'd', 'a', 't', 'a'}; - write(buffer, sizeof(buffer)); - expectConnectionError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") - .value(), - 1); - EXPECT_EQ(stats_store_ - .counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.disallowed") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.disallowed").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV2ShortError) { @@ -2471,10 +2247,7 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV2ShortError) { 'm', 'o', 'r', 'e', ' ', 'd', 'a', 't', 'a'}; write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV2ShortRejected) { @@ -2488,14 +2261,8 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV2ShortRejected) { 'm', 'o', 'r', 'e', ' ', 'd', 'a', 't', 'a'}; write(buffer, sizeof(buffer)); expectConnectionError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") - .value(), - 1); - EXPECT_EQ(stats_store_ - .counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.disallowed") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.disallowed").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV1BasicAllowed) { @@ -2506,10 +2273,7 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV1BasicAllowed) { write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectData("more data"); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV1BasicRejected) { @@ -2519,14 +2283,8 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV1BasicRejected) { write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectConnectionError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found") - .value(), - 1); - EXPECT_EQ(stats_store_ - .counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.disallowed") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.disallowed").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV1BadPortError) { @@ -2536,27 +2294,7 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV1BadPortError) { write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") - .value(), - 1); -} - -TEST_P(ProxyProtocolDisallowedVersionsTest, V1V2DisallowedV1BasicRejected) { - envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol proto_config = - createConfig({ProxyProtocolConfig::V1, ProxyProtocolConfig::V2}); - connect(false, &proto_config); - - write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); - expectConnectionError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found") - .value(), - 1); - EXPECT_EQ(stats_store_ - .counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.disallowed") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV1BadPortError) { @@ -2566,14 +2304,8 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV1BadPortError) { write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); expectConnectionError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found") - .value(), - 1); - EXPECT_EQ(stats_store_ - .counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.disallowed") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.disallowed").value(), 1); } // Tests a combination of `disallowed_versions` and `allow_requests_without_proxy_protocol`. @@ -2606,10 +2338,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV2BasicA write(buffer, sizeof(buffer)); expectData("more data"); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV2BasicAllowed) { @@ -2625,10 +2354,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV2BasicA write(buffer, sizeof(buffer)); expectData(std::string(buffer, buffer + sizeof(buffer))); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_allowed") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_allowed").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV2ShortError) { @@ -2642,10 +2368,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV2ShortE 'm', 'o', 'r', 'e', ' ', 'd', 'a', 't', 'a'}; write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v2.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV2ShortAllowed) { @@ -2660,10 +2383,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV2ShortA write(buffer, sizeof(buffer)); expectData(std::string(buffer, buffer + sizeof(buffer))); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_allowed") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_allowed").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV1BasicAllowed) { @@ -2674,10 +2394,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV1BasicA write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectData("more data"); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV1BasicAllowed) { @@ -2688,10 +2405,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV1BasicA write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectData("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_allowed") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_allowed").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV1BadPortError) { @@ -2701,10 +2415,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV1BadPor write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.error") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV1BadPortAllowed) { @@ -2715,10 +2426,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV1BadPor write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); expectData("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_allowed") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_allowed").value(), 1); } // In direct comparison to V1TooLongWithAllowNoProxyProtocol. @@ -2732,10 +2440,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, expectData("PROXY TCP4 1.2.3.4 2.3.4.5 100 100 RANDOM ENDING"); disconnect(); // Not tracked as v1 due to missing /r/n at end. - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_allowed") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_allowed").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedAllowTinyNoProxyProtocol) { @@ -2749,10 +2454,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedAllowTin write(msg); expectData(msg); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.not_found_allowed") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_allowed").value(), 1); } class WildcardProxyProtocolTest : public testing::TestWithParam, @@ -2793,7 +2495,7 @@ class WildcardProxyProtocolTest : public testing::TestWithParam(std::make_shared( - *stats_store_.rootScope(), listenerScope(), + *stats_store_.rootScope(), envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol()))); return true; })); @@ -2925,10 +2627,7 @@ TEST_P(WildcardProxyProtocolTest, Basic) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.found").value(), 1); } TEST_P(WildcardProxyProtocolTest, BasicV6) { @@ -2944,10 +2643,7 @@ TEST_P(WildcardProxyProtocolTest, BasicV6) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ( - stats_store_.counter("listener.test_listener.downstream_cx_proxy_proto.versions.v1.found") - .value(), - 1); + EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.found").value(), 1); } TEST(ProxyProtocolConfigFactoryTest, TestCreateFactory) { @@ -2971,7 +2667,6 @@ TEST(ProxyProtocolConfigFactoryTest, TestCreateFactory) { Server::Configuration::MockListenerFactoryContext context; EXPECT_CALL(context, scope()); - EXPECT_CALL(context, listenerScope()); EXPECT_CALL(context, messageValidationVisitor()); Network::ListenerFilterFactoryCb cb = factory->createListenerFilterFactoryFromProto(*proto_config, nullptr, context); From bed5d6a6720e3ded7e59057d0d727664a475ffcd Mon Sep 17 00:00:00 2001 From: Teju Nareddy Date: Mon, 25 Mar 2024 18:04:06 -0500 Subject: [PATCH 23/29] fix changelog Signed-off-by: Teju Nareddy --- changelogs/current.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/changelogs/current.yaml b/changelogs/current.yaml index 4a641e2880db..1f1734bf8f28 100644 --- a/changelogs/current.yaml +++ b/changelogs/current.yaml @@ -296,8 +296,7 @@ new_features: change: | Add ``Envoy::ExecutionContext``, which is notified by ``ScopeTrackerScopeState``'s constructor and destructor. This feature is disabled by default, it can be enabled by runtime feature flag ``envoy.restart_features.enable_execution_context``. For more details, - please see https://github.com/envoy_p - /envoy/issues/32012. + please see https://github.com/envoy_proxy/envoy/issues/32012. - area: rbac change: | Added :ref:`uri_template` which uses existing From f5640d6ee95d4e1f564e50ea3c306ab295d70c0f Mon Sep 17 00:00:00 2001 From: Teju Nareddy Date: Mon, 25 Mar 2024 18:04:31 -0500 Subject: [PATCH 24/29] fix changelog Signed-off-by: Teju Nareddy --- changelogs/current.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelogs/current.yaml b/changelogs/current.yaml index 1f1734bf8f28..9583030d0d47 100644 --- a/changelogs/current.yaml +++ b/changelogs/current.yaml @@ -296,7 +296,7 @@ new_features: change: | Add ``Envoy::ExecutionContext``, which is notified by ``ScopeTrackerScopeState``'s constructor and destructor. This feature is disabled by default, it can be enabled by runtime feature flag ``envoy.restart_features.enable_execution_context``. For more details, - please see https://github.com/envoy_proxy/envoy/issues/32012. + please see https://github.com/envoyproxy/envoy/issues/32012. - area: rbac change: | Added :ref:`uri_template` which uses existing From 84e63ac7a45e4b7cb9590ad5e1b10184b7015c70 Mon Sep 17 00:00:00 2001 From: Teju Nareddy Date: Mon, 25 Mar 2024 18:06:47 -0500 Subject: [PATCH 25/29] fix changelog Signed-off-by: Teju Nareddy --- changelogs/current.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelogs/current.yaml b/changelogs/current.yaml index 9583030d0d47..e7f35c78d163 100644 --- a/changelogs/current.yaml +++ b/changelogs/current.yaml @@ -379,7 +379,7 @@ new_features: to enforce the filter only matches specific PROXY protocol versions. - area: proxy_protocol change: | - Added new statistics to the proxy protocol filter to track connections allowed/denied/error by PROXY protocol version. + Added new statistics to the proxy protocol filter to track connections found/disallowed/errored by PROXY protocol version. - area: rbac change: | Added :ref:`rules_stat_prefix ` From f9c33a18c7e87a96b5a91194e7ce2fefcd049def Mon Sep 17 00:00:00 2001 From: Teju Nareddy Date: Tue, 26 Mar 2024 09:39:02 -0500 Subject: [PATCH 26/29] fix spelling Signed-off-by: Teju Nareddy --- .../filters/listener/proxy_protocol/proxy_protocol.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc index 40c42955bd2f..c599becd2f02 100644 --- a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc +++ b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc @@ -132,7 +132,7 @@ Config::Config( } } - // Remove this check if PPv3 ever becomes a standard. + // Remove this check if PROXY protocol v3 is ever introduced. if (!allow_v1_ && !allow_v2_) { throw ProtoValidationException( "Proxy Protocol filter is misconfigured: all proxy protocol versions are disallowed."); From 4a02c6254f935ab3563ff1488670bc9289240ecb Mon Sep 17 00:00:00 2001 From: Teju Nareddy Date: Tue, 26 Mar 2024 16:57:46 -0500 Subject: [PATCH 27/29] review comments: change root stats scope, fix docs Signed-off-by: Teju Nareddy --- .../listener_filters/proxy_protocol.rst | 8 +- source/common/config/well_known_names.cc | 4 +- .../listener/proxy_protocol/proxy_protocol.cc | 2 +- test/common/stats/tag_extractor_impl_test.cc | 4 +- .../proxy_proto_integration_test.cc | 17 +- .../proxy_protocol/proxy_protocol_test.cc | 182 +++++++++--------- 6 files changed, 107 insertions(+), 110 deletions(-) diff --git a/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst b/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst index fcdf48c2ac7f..e96d457e7725 100644 --- a/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst +++ b/docs/root/configuration/listeners/listener_filters/proxy_protocol.rst @@ -33,7 +33,7 @@ If there is a protocol error or an unsupported address family Statistics ---------- -This filter emits the following general statistics, rooted at *downstream_cx_proxy_proto* +This filter emits the following general statistics, rooted at *downstream_proxy_proto* .. csv-table:: :header: Name, Type, Description @@ -42,8 +42,7 @@ This filter emits the following general statistics, rooted at *downstream_cx_pro not_found_disallowed, Counter, "Total number of connections that don't contain the PROXY protocol header and are rejected." not_found_allowed, Counter, "Total number of connections that don't contain the PROXY protocol header, but are allowed due to :ref:`allow_requests_without_proxy_protocol `." - -The filter also emits the statistics rooted at *downstream_cx_proxy_proto.versions.* +The filter also emits the statistics rooted at *downstream_proxy_proto.versions.* for each matched PROXY protocol version. Proxy protocol versions include ``v1`` and ``v2``. .. csv-table:: @@ -63,5 +62,4 @@ The filter also emits the following legacy statistics, rooted at its own scope: downstream_cx_proxy_proto_error, Counter, "Total number of connections with proxy protocol errors, i.e. ``v1.error``, ``v2.error``, and ``not_found_disallowed``." .. attention:: - The legacy statistics are deprecated and kept for backwards compatibility. - Prefer using the other statistics above, which are more detailed. + Prefer using the more-detailed non-legacy statistics above. diff --git a/source/common/config/well_known_names.cc b/source/common/config/well_known_names.cc index a970f0a5267e..b389fe25b5d9 100644 --- a/source/common/config/well_known_names.cc +++ b/source/common/config/well_known_names.cc @@ -212,8 +212,8 @@ TagNameValues::TagNameValues() { // http..rbac.(.)* addTokenized(RBAC_HTTP_PREFIX, "http.*.rbac.$.**"); - // downstream_cx_proxy_proto.versions.().** - addTokenized(PROXY_PROTOCOL_VERSION, "downstream_cx_proxy_proto.versions.$.**"); + // downstream_proxy_proto.versions.().** + addTokenized(PROXY_PROTOCOL_VERSION, "downstream_proxy_proto.versions.$.**"); } void TagNameValues::addRe2(const std::string& name, const std::string& regex, diff --git a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc index c599becd2f02..c3bd2eba781d 100644 --- a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc +++ b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc @@ -50,7 +50,7 @@ namespace Extensions { namespace ListenerFilters { namespace ProxyProtocol { -constexpr absl::string_view kProxyProtoStatsPrefix = "downstream_cx_proxy_proto."; +constexpr absl::string_view kProxyProtoStatsPrefix = "downstream_proxy_proto."; constexpr absl::string_view kVersionStatsPrefix = "versions."; ProxyProtocolStats ProxyProtocolStats::create(Stats::Scope& scope) { diff --git a/test/common/stats/tag_extractor_impl_test.cc b/test/common/stats/tag_extractor_impl_test.cc index 28ce479ca542..a0b3600a83da 100644 --- a/test/common/stats/tag_extractor_impl_test.cc +++ b/test/common/stats/tag_extractor_impl_test.cc @@ -466,8 +466,8 @@ TEST(TagExtractorTest, DefaultTagExtractors) { Tag proxy_protocol_version; proxy_protocol_version.name_ = tag_names.PROXY_PROTOCOL_VERSION; proxy_protocol_version.value_ = "v2"; - regex_tester.testRegex("downstream_cx_proxy_proto.versions.v2.error", - "downstream_cx_proxy_proto.versions.error", {proxy_protocol_version}); + regex_tester.testRegex("downstream_proxy_proto.versions.v2.error", + "downstream_proxy_proto.versions.error", {proxy_protocol_version}); } TEST(TagExtractorTest, ExtAuthzTagExtractors) { diff --git a/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc b/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc index 02191c8698a2..813620ca54f9 100644 --- a/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc +++ b/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc @@ -116,9 +116,9 @@ TEST_P(ProxyProtoIntegrationTest, V2RouterRequestAndResponseWithBodyNoBufferV6) testRouterRequestAndResponseWithBody(1024, 512, false, false, &creator); // Verify stats (with tags for proxy protocol version). - const auto found_counter = test_server_->counter("downstream_cx_proxy_proto.versions.v2.found"); + const auto found_counter = test_server_->counter("downstream_proxy_proto.versions.v2.found"); EXPECT_EQ(found_counter->value(), 1UL); - EXPECT_EQ(found_counter->tagExtractedName(), "downstream_cx_proxy_proto.versions.found"); + EXPECT_EQ(found_counter->tagExtractedName(), "downstream_proxy_proto.versions.found"); EXPECT_THAT(found_counter->tags(), IsSupersetOf(Stats::TagVector{ {"envoy.proxy_protocol_version", "v2"}, })); @@ -400,18 +400,17 @@ TEST_P(ProxyProtoDisallowedVersionsIntegrationTest, V1Disallowed) { tcp_client->waitForDisconnect(); // Verify stats (with tags for proxy protocol version). - const auto found_counter = test_server_->counter("downstream_cx_proxy_proto.versions.v1.found"); + const auto found_counter = test_server_->counter("downstream_proxy_proto.versions.v1.found"); EXPECT_EQ(found_counter->value(), 1UL); - EXPECT_EQ(found_counter->tagExtractedName(), "downstream_cx_proxy_proto.versions.found"); + EXPECT_EQ(found_counter->tagExtractedName(), "downstream_proxy_proto.versions.found"); EXPECT_THAT(found_counter->tags(), IsSupersetOf(Stats::TagVector{ {"envoy.proxy_protocol_version", "v1"}, })); const auto disallowed_counter = - test_server_->counter("downstream_cx_proxy_proto.versions.v1.disallowed"); + test_server_->counter("downstream_proxy_proto.versions.v1.disallowed"); EXPECT_EQ(disallowed_counter->value(), 1UL); - EXPECT_EQ(disallowed_counter->tagExtractedName(), - "downstream_cx_proxy_proto.versions.disallowed"); + EXPECT_EQ(disallowed_counter->tagExtractedName(), "downstream_proxy_proto.versions.disallowed"); EXPECT_THAT(disallowed_counter->tags(), IsSupersetOf(Stats::TagVector{ {"envoy.proxy_protocol_version", "v1"}, })); @@ -432,9 +431,9 @@ TEST_P(ProxyProtoDisallowedVersionsIntegrationTest, V2Error) { tcp_client->waitForDisconnect(); // Verify stats (with tags for proxy protocol version). - const auto found_counter = test_server_->counter("downstream_cx_proxy_proto.versions.v2.error"); + const auto found_counter = test_server_->counter("downstream_proxy_proto.versions.v2.error"); EXPECT_EQ(found_counter->value(), 1UL); - EXPECT_EQ(found_counter->tagExtractedName(), "downstream_cx_proxy_proto.versions.error"); + EXPECT_EQ(found_counter->tagExtractedName(), "downstream_proxy_proto.versions.error"); EXPECT_THAT(found_counter->tags(), IsSupersetOf(Stats::TagVector{ {"envoy.proxy_protocol_version", "v2"}, })); diff --git a/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc b/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc index fd5859aacc43..8a6e2d45bf62 100644 --- a/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc +++ b/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc @@ -253,7 +253,7 @@ TEST_P(ProxyProtocolTest, V1UnsupportedIPv4) { Cleanup cleaner = Network::Address::Ipv4Instance::forceProtocolUnsupportedForTest(true); write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, V1UnsupportedIPv6) { @@ -261,7 +261,7 @@ TEST_P(ProxyProtocolTest, V1UnsupportedIPv6) { Cleanup cleaner = Network::Address::Ipv6Instance::forceProtocolUnsupportedForTest(true); write("PROXY TCP6 1:2:3::4 5:6::7:8 65535 1234\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, V1Basic) { @@ -275,7 +275,7 @@ TEST_P(ProxyProtocolTest, V1Basic) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocol) { @@ -293,7 +293,7 @@ TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocol) { write(msg); expectData(msg); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_allowed").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_allowed").value(), 1); } TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocolPartialMatchesV1First) { @@ -313,7 +313,7 @@ TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocolPartialMatchesV1First) { write(msg); expectData(msg); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_allowed").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_allowed").value(), 1); } TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocolPartialMatchesV2First) { @@ -333,7 +333,7 @@ TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocolPartialMatchesV2First) { write(msg); expectData(msg); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_allowed").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_allowed").value(), 1); } TEST_P(ProxyProtocolTest, AllowLargeNoProxyProtocol) { @@ -351,7 +351,7 @@ TEST_P(ProxyProtocolTest, AllowLargeNoProxyProtocol) { write(msg); expectData(msg); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_allowed").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_allowed").value(), 1); } TEST_P(ProxyProtocolTest, V1Minimal) { @@ -370,7 +370,7 @@ TEST_P(ProxyProtocolTest, V1Minimal) { EXPECT_FALSE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolTest, V2Basic) { @@ -389,7 +389,7 @@ TEST_P(ProxyProtocolTest, V2Basic) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, BasicV6) { @@ -403,7 +403,7 @@ TEST_P(ProxyProtocolTest, BasicV6) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolTest, V2BasicV6) { @@ -424,7 +424,7 @@ TEST_P(ProxyProtocolTest, V2BasicV6) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2UnsupportedIPv4) { @@ -438,7 +438,7 @@ TEST_P(ProxyProtocolTest, V2UnsupportedIPv4) { Cleanup cleaner = Network::Address::Ipv4Instance::forceProtocolUnsupportedForTest(true); write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2UnsupportedIPv6) { @@ -454,7 +454,7 @@ TEST_P(ProxyProtocolTest, V2UnsupportedIPv6) { Cleanup cleaner = Network::Address::Ipv6Instance::forceProtocolUnsupportedForTest(true); write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2UnsupportedAF) { @@ -467,7 +467,7 @@ TEST_P(ProxyProtocolTest, V2UnsupportedAF) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, ErrorRecv_2) { @@ -650,7 +650,7 @@ TEST_P(ProxyProtocolTest, V2NotLocalOrOnBehalf) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2LocalConnection) { @@ -672,7 +672,7 @@ TEST_P(ProxyProtocolTest, V2LocalConnection) { } EXPECT_FALSE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2LocalConnectionExtension) { @@ -694,7 +694,7 @@ TEST_P(ProxyProtocolTest, V2LocalConnectionExtension) { } EXPECT_FALSE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2LocalConnectionFilterState) { @@ -723,7 +723,7 @@ TEST_P(ProxyProtocolTest, V2LocalConnectionFilterState) { } EXPECT_FALSE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ShortV4) { @@ -735,7 +735,7 @@ TEST_P(ProxyProtocolTest, V2ShortV4) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ShortV4WithAllowNoProxyProtocol) { @@ -749,7 +749,7 @@ TEST_P(ProxyProtocolTest, V2ShortV4WithAllowNoProxyProtocol) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ShortAddrV4) { @@ -762,7 +762,7 @@ TEST_P(ProxyProtocolTest, V2ShortAddrV4) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ShortV6) { @@ -775,7 +775,7 @@ TEST_P(ProxyProtocolTest, V2ShortV6) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ShortAddrV6) { @@ -790,7 +790,7 @@ TEST_P(ProxyProtocolTest, V2ShortAddrV6) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2AF_UNIX) { @@ -803,7 +803,7 @@ TEST_P(ProxyProtocolTest, V2AF_UNIX) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2BadCommand) { @@ -816,7 +816,7 @@ TEST_P(ProxyProtocolTest, V2BadCommand) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2WrongVersion) { @@ -828,7 +828,7 @@ TEST_P(ProxyProtocolTest, V2WrongVersion) { connect(false); write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V1TooLong) { @@ -840,7 +840,7 @@ TEST_P(ProxyProtocolTest, V1TooLong) { } expectProxyProtoError(); // Not tracked as v1 due to missing /r/n at end - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_disallowed").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_disallowed").value(), 1); } TEST_P(ProxyProtocolTest, V1TooLongWithAllowNoProxyProtocol) { @@ -855,9 +855,9 @@ TEST_P(ProxyProtocolTest, V1TooLongWithAllowNoProxyProtocol) { expectProxyProtoError(); // Not allowed as unknown because of PROXY v1 signature match. // Not tracked as v1 due to missing /r/n at end. - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 0); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_allowed").value(), 0); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_disallowed").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 0); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_allowed").value(), 0); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_disallowed").value(), 1); } TEST_P(ProxyProtocolTest, V2ParseExtensions) { @@ -878,7 +878,7 @@ TEST_P(ProxyProtocolTest, V2ParseExtensions) { write(data, sizeof(data)); expectData("DATA"); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ParseExtensionsRecvError) { @@ -1006,7 +1006,7 @@ TEST_P(ProxyProtocolTest, V2ParseExtensionsFrag) { write(data, sizeof(data)); expectData("DATA"); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, Fragmented) { @@ -1028,7 +1028,7 @@ TEST_P(ProxyProtocolTest, Fragmented) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolTest, V2Fragmented1) { @@ -1051,7 +1051,7 @@ TEST_P(ProxyProtocolTest, V2Fragmented1) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2Fragmented2) { @@ -1074,7 +1074,7 @@ TEST_P(ProxyProtocolTest, V2Fragmented2) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2Fragmented3) { @@ -1099,7 +1099,7 @@ TEST_P(ProxyProtocolTest, V2Fragmented3) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2Fragmented4Error) { @@ -1341,7 +1341,7 @@ TEST_P(ProxyProtocolTest, PartialRead) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolTest, PartialV1ReadWithAllowNoProxyProtocol) { @@ -1363,7 +1363,7 @@ TEST_P(ProxyProtocolTest, PartialV1ReadWithAllowNoProxyProtocol) { "254.254.254.254"); EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolTest, TinyPartialV1ReadWithAllowNoProxyProtocol) { @@ -1389,7 +1389,7 @@ TEST_P(ProxyProtocolTest, TinyPartialV1ReadWithAllowNoProxyProtocol) { "254.254.254.254"); EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolTest, V2PartialRead) { @@ -1415,7 +1415,7 @@ TEST_P(ProxyProtocolTest, V2PartialRead) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, PartialV2ReadWithAllowNoProxyProtocol) { @@ -1445,7 +1445,7 @@ TEST_P(ProxyProtocolTest, PartialV2ReadWithAllowNoProxyProtocol) { "1.2.3.4"); EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, TinyPartialV2ReadWithAllowNoProxyProtocol) { @@ -1475,7 +1475,7 @@ TEST_P(ProxyProtocolTest, TinyPartialV2ReadWithAllowNoProxyProtocol) { "1.2.3.4"); EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); } const std::string ProxyProtocol = "envoy.filters.listener.proxy_protocol"; @@ -1519,7 +1519,7 @@ TEST_P(ProxyProtocolTest, V2ParseExtensionsLargeThanInitMaxReadBytes) { EXPECT_EQ(tlv_data, value_s); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractTlvOfInterest) { @@ -1559,7 +1559,7 @@ TEST_P(ProxyProtocolTest, V2ExtractTlvOfInterest) { auto value_s = fields.at("PP2 type authority").string_value(); ASSERT_THAT(value_s, ElementsAre(0x66, 0x6f, 0x6f, 0x2e, 0x63, 0x6f, 0x6d)); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractTlvOfInterestAndEmitWithSpecifiedMetadataNamespace) { @@ -1600,7 +1600,7 @@ TEST_P(ProxyProtocolTest, V2ExtractTlvOfInterestAndEmitWithSpecifiedMetadataName auto value_s = fields.at("PP2 type authority").string_value(); ASSERT_THAT(value_s, ElementsAre(0x66, 0x6f, 0x6f, 0x2e, 0x63, 0x6f, 0x6d)); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractMultipleTlvsOfInterest) { @@ -1660,7 +1660,7 @@ TEST_P(ProxyProtocolTest, V2ExtractMultipleTlvsOfInterest) { ElementsAre(0x01, 0x76, 0x70, 0x63, 0x2d, 0x30, 0x32, 0x35, 0x74, 0x65, 0x73, 0x74, 0x32, 0x66, 0x61, 0x36, 0x63, 0x36, 0x33, 0x68, 0x61, 0x37)); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractMultipleTlvsOfInterestAndSanitiseNonUtf8) { @@ -1725,7 +1725,7 @@ TEST_P(ProxyProtocolTest, V2ExtractMultipleTlvsOfInterestAndSanitiseNonUtf8) { ElementsAre(0x01, 0x76, 0x70, 0x63, 0x2d, 0x30, replacement, 0x35, 0x74, 0x65, 0x73, 0x74, 0x32, 0x66, 0x61, 0x36, 0x63, 0x36, 0x33, 0x68, replacement, 0x37)); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2WillNotOverwriteTLV) { @@ -1775,7 +1775,7 @@ TEST_P(ProxyProtocolTest, V2WillNotOverwriteTLV) { ASSERT_THAT(value_type_authority, ElementsAre(0x66, 0x6f, 0x6f, 0x2e, 0x63, 0x6f, 0x6d)); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2WrongTLVLength) { @@ -1798,7 +1798,7 @@ TEST_P(ProxyProtocolTest, V2WrongTLVLength) { write(tlv, sizeof(tlv)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2IncompleteTLV) { @@ -1828,7 +1828,7 @@ TEST_P(ProxyProtocolTest, V2IncompleteTLV) { write(tlv2, sizeof(tlv2)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterState) { @@ -1876,7 +1876,7 @@ TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterState) { proxy_proto_data.tlv_vector_[1].value.end())); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterStateIncludeEmpty) { @@ -1913,7 +1913,7 @@ TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterStateIncludeEmpty) { EXPECT_EQ(0, proxy_proto_data.tlv_vector_.size()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterStateIncludeTlV) { @@ -1954,7 +1954,7 @@ TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterStateIncludeTlV) { EXPECT_EQ("foo.com", std::string(proxy_proto_data.tlv_vector_[0].value.begin(), proxy_proto_data.tlv_vector_[0].value.end())); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, MalformedProxyLine) { @@ -1966,7 +1966,7 @@ TEST_P(ProxyProtocolTest, MalformedProxyLine) { expectProxyProtoError(); // Tracked as v1 because of trailing \r\n - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, MalformedProxyLineWithAllowNoProxyProtocol) { @@ -1980,7 +1980,7 @@ TEST_P(ProxyProtocolTest, MalformedProxyLineWithAllowNoProxyProtocol) { disconnect(); // Tracked as unknown because `set_allow_requests_without_proxy_protocol` matches v1 signature // differently that previous test case. - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_allowed").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_allowed").value(), 1); } TEST_P(ProxyProtocolTest, ProxyLineTooLarge) { @@ -1988,77 +1988,77 @@ TEST_P(ProxyProtocolTest, ProxyLineTooLarge) { write("012345678901234567890123456789012345678901234567890123456789" "012345678901234567890123456789012345678901234567890123456789"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_disallowed").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_disallowed").value(), 1); } TEST_P(ProxyProtocolTest, NotEnoughFields) { connect(false); write("PROXY TCP6 1:2:3::4 5:6::7:8 1234\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, UnsupportedProto) { connect(false); write("PROXY UDP6 1:2:3::4 5:6::7:8 1234 5678\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, InvalidSrcAddress) { connect(false); write("PROXY TCP4 230.0.0.1 10.1.1.3 1234 5678\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, InvalidDstAddress) { connect(false); write("PROXY TCP4 10.1.1.2 0.0.0.0 1234 5678\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, BadPort) { connect(false); write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, NegativePort) { connect(false); write("PROXY TCP6 1:2:3::4 5:6::7:8 -1 1234\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, PortOutOfRange) { connect(false); write("PROXY TCP6 1:2:3::4 5:6::7:8 66776 1234\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, BadAddress) { connect(false); write("PROXY TCP6 1::2:3::4 5:6::7:8 1234 5678\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, AddressVersionsNotMatch) { connect(false); write("PROXY TCP4 [1:2:3::4] 1.2.3.4 1234 5678\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, AddressVersionsNotMatch2) { connect(false); write("PROXY TCP4 1.2.3.4 [1:2:3: 1234 4]:5678\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, Truncated) { @@ -2183,7 +2183,7 @@ TEST_P(ProxyProtocolTest, DrainError) { write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); } #endif @@ -2217,7 +2217,7 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV2BasicAllowed) { write(buffer, sizeof(buffer)); expectData("more data"); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV2BasicRejected) { @@ -2232,8 +2232,8 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV2BasicRejected) { 'r', 'e', ' ', 'd', 'a', 't', 'a'}; write(buffer, sizeof(buffer)); expectConnectionError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.disallowed").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.disallowed").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV2ShortError) { @@ -2247,7 +2247,7 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV2ShortError) { 'm', 'o', 'r', 'e', ' ', 'd', 'a', 't', 'a'}; write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV2ShortRejected) { @@ -2261,8 +2261,8 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV2ShortRejected) { 'm', 'o', 'r', 'e', ' ', 'd', 'a', 't', 'a'}; write(buffer, sizeof(buffer)); expectConnectionError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.disallowed").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.disallowed").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV1BasicAllowed) { @@ -2273,7 +2273,7 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV1BasicAllowed) { write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectData("more data"); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV1BasicRejected) { @@ -2283,8 +2283,8 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV1BasicRejected) { write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectConnectionError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.found").value(), 1); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.disallowed").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.disallowed").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV1BadPortError) { @@ -2294,7 +2294,7 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV1BadPortError) { write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV1BadPortError) { @@ -2304,8 +2304,8 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV1BadPortError) { write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); expectConnectionError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.found").value(), 1); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.disallowed").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.disallowed").value(), 1); } // Tests a combination of `disallowed_versions` and `allow_requests_without_proxy_protocol`. @@ -2338,7 +2338,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV2BasicA write(buffer, sizeof(buffer)); expectData("more data"); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV2BasicAllowed) { @@ -2354,7 +2354,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV2BasicA write(buffer, sizeof(buffer)); expectData(std::string(buffer, buffer + sizeof(buffer))); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_allowed").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_allowed").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV2ShortError) { @@ -2368,7 +2368,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV2ShortE 'm', 'o', 'r', 'e', ' ', 'd', 'a', 't', 'a'}; write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV2ShortAllowed) { @@ -2383,7 +2383,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV2ShortA write(buffer, sizeof(buffer)); expectData(std::string(buffer, buffer + sizeof(buffer))); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_allowed").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_allowed").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV1BasicAllowed) { @@ -2394,7 +2394,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV1BasicA write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectData("more data"); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV1BasicAllowed) { @@ -2405,7 +2405,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV1BasicA write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectData("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_allowed").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_allowed").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV1BadPortError) { @@ -2415,7 +2415,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV1BadPor write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV1BadPortAllowed) { @@ -2426,7 +2426,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV1BadPor write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); expectData("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_allowed").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_allowed").value(), 1); } // In direct comparison to V1TooLongWithAllowNoProxyProtocol. @@ -2440,7 +2440,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, expectData("PROXY TCP4 1.2.3.4 2.3.4.5 100 100 RANDOM ENDING"); disconnect(); // Not tracked as v1 due to missing /r/n at end. - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_allowed").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_allowed").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedAllowTinyNoProxyProtocol) { @@ -2454,7 +2454,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedAllowTin write(msg); expectData(msg); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.not_found_allowed").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_allowed").value(), 1); } class WildcardProxyProtocolTest : public testing::TestWithParam, @@ -2627,7 +2627,7 @@ TEST_P(WildcardProxyProtocolTest, Basic) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.found").value(), 1); } TEST_P(WildcardProxyProtocolTest, BasicV6) { @@ -2643,7 +2643,7 @@ TEST_P(WildcardProxyProtocolTest, BasicV6) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_cx_proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.found").value(), 1); } TEST(ProxyProtocolConfigFactoryTest, TestCreateFactory) { From 5ae09543841012ea9fe271bf875fc960cdb9a48b Mon Sep 17 00:00:00 2001 From: Teju Nareddy Date: Wed, 27 Mar 2024 17:36:43 -0500 Subject: [PATCH 28/29] review comments: fix stats tag extraction Signed-off-by: Teju Nareddy --- source/common/config/well_known_names.cc | 5 +++-- test/common/stats/tag_extractor_impl_test.cc | 2 +- .../proxy_protocol/proxy_proto_integration_test.cc | 8 ++++---- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/source/common/config/well_known_names.cc b/source/common/config/well_known_names.cc index b389fe25b5d9..e1987e0250b4 100644 --- a/source/common/config/well_known_names.cc +++ b/source/common/config/well_known_names.cc @@ -212,8 +212,9 @@ TagNameValues::TagNameValues() { // http..rbac.(.)* addTokenized(RBAC_HTTP_PREFIX, "http.*.rbac.$.**"); - // downstream_proxy_proto.versions.().** - addTokenized(PROXY_PROTOCOL_VERSION, "downstream_proxy_proto.versions.$.**"); + // downstream_proxy_proto.versions.v().** + addRe2(PROXY_PROTOCOL_VERSION, R"(^downstream_proxy_proto\.(versions\.v(\d)\.)\w+)", + "downstream_proxy_proto.versions"); } void TagNameValues::addRe2(const std::string& name, const std::string& regex, diff --git a/test/common/stats/tag_extractor_impl_test.cc b/test/common/stats/tag_extractor_impl_test.cc index a0b3600a83da..c8913015e1cc 100644 --- a/test/common/stats/tag_extractor_impl_test.cc +++ b/test/common/stats/tag_extractor_impl_test.cc @@ -465,7 +465,7 @@ TEST(TagExtractorTest, DefaultTagExtractors) { // Proxy Protocol version prefix Tag proxy_protocol_version; proxy_protocol_version.name_ = tag_names.PROXY_PROTOCOL_VERSION; - proxy_protocol_version.value_ = "v2"; + proxy_protocol_version.value_ = "2"; regex_tester.testRegex("downstream_proxy_proto.versions.v2.error", "downstream_proxy_proto.versions.error", {proxy_protocol_version}); } diff --git a/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc b/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc index 813620ca54f9..10b787754835 100644 --- a/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc +++ b/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc @@ -120,7 +120,7 @@ TEST_P(ProxyProtoIntegrationTest, V2RouterRequestAndResponseWithBodyNoBufferV6) EXPECT_EQ(found_counter->value(), 1UL); EXPECT_EQ(found_counter->tagExtractedName(), "downstream_proxy_proto.versions.found"); EXPECT_THAT(found_counter->tags(), IsSupersetOf(Stats::TagVector{ - {"envoy.proxy_protocol_version", "v2"}, + {"envoy.proxy_protocol_version", "2"}, })); } @@ -404,7 +404,7 @@ TEST_P(ProxyProtoDisallowedVersionsIntegrationTest, V1Disallowed) { EXPECT_EQ(found_counter->value(), 1UL); EXPECT_EQ(found_counter->tagExtractedName(), "downstream_proxy_proto.versions.found"); EXPECT_THAT(found_counter->tags(), IsSupersetOf(Stats::TagVector{ - {"envoy.proxy_protocol_version", "v1"}, + {"envoy.proxy_protocol_version", "1"}, })); const auto disallowed_counter = @@ -412,7 +412,7 @@ TEST_P(ProxyProtoDisallowedVersionsIntegrationTest, V1Disallowed) { EXPECT_EQ(disallowed_counter->value(), 1UL); EXPECT_EQ(disallowed_counter->tagExtractedName(), "downstream_proxy_proto.versions.disallowed"); EXPECT_THAT(disallowed_counter->tags(), IsSupersetOf(Stats::TagVector{ - {"envoy.proxy_protocol_version", "v1"}, + {"envoy.proxy_protocol_version", "1"}, })); } @@ -435,7 +435,7 @@ TEST_P(ProxyProtoDisallowedVersionsIntegrationTest, V2Error) { EXPECT_EQ(found_counter->value(), 1UL); EXPECT_EQ(found_counter->tagExtractedName(), "downstream_proxy_proto.versions.error"); EXPECT_THAT(found_counter->tags(), IsSupersetOf(Stats::TagVector{ - {"envoy.proxy_protocol_version", "v2"}, + {"envoy.proxy_protocol_version", "2"}, })); } From 9674dbf7946711613138bb4fe9ce4727a084eb96 Mon Sep 17 00:00:00 2001 From: Teju Nareddy Date: Wed, 27 Mar 2024 18:03:23 -0500 Subject: [PATCH 29/29] review comments: stats prefix name Signed-off-by: Teju Nareddy --- source/common/config/well_known_names.cc | 5 +- .../listener/proxy_protocol/proxy_protocol.cc | 2 +- test/common/stats/tag_extractor_impl_test.cc | 4 +- .../proxy_proto_integration_test.cc | 17 +- .../proxy_protocol/proxy_protocol_test.cc | 182 +++++++++--------- 5 files changed, 104 insertions(+), 106 deletions(-) diff --git a/source/common/config/well_known_names.cc b/source/common/config/well_known_names.cc index e1987e0250b4..cb1a8c7d3eb1 100644 --- a/source/common/config/well_known_names.cc +++ b/source/common/config/well_known_names.cc @@ -212,9 +212,8 @@ TagNameValues::TagNameValues() { // http..rbac.(.)* addTokenized(RBAC_HTTP_PREFIX, "http.*.rbac.$.**"); - // downstream_proxy_proto.versions.v().** - addRe2(PROXY_PROTOCOL_VERSION, R"(^downstream_proxy_proto\.(versions\.v(\d)\.)\w+)", - "downstream_proxy_proto.versions"); + // proxy_proto.(versions.v.)** + addRe2(PROXY_PROTOCOL_VERSION, R"(^proxy_proto\.(versions\.v(\d)\.)\w+)", "proxy_proto.versions"); } void TagNameValues::addRe2(const std::string& name, const std::string& regex, diff --git a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc index c3bd2eba781d..953e38561e1e 100644 --- a/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc +++ b/source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc @@ -50,7 +50,7 @@ namespace Extensions { namespace ListenerFilters { namespace ProxyProtocol { -constexpr absl::string_view kProxyProtoStatsPrefix = "downstream_proxy_proto."; +constexpr absl::string_view kProxyProtoStatsPrefix = "proxy_proto."; constexpr absl::string_view kVersionStatsPrefix = "versions."; ProxyProtocolStats ProxyProtocolStats::create(Stats::Scope& scope) { diff --git a/test/common/stats/tag_extractor_impl_test.cc b/test/common/stats/tag_extractor_impl_test.cc index c8913015e1cc..62c533f91ee4 100644 --- a/test/common/stats/tag_extractor_impl_test.cc +++ b/test/common/stats/tag_extractor_impl_test.cc @@ -466,8 +466,8 @@ TEST(TagExtractorTest, DefaultTagExtractors) { Tag proxy_protocol_version; proxy_protocol_version.name_ = tag_names.PROXY_PROTOCOL_VERSION; proxy_protocol_version.value_ = "2"; - regex_tester.testRegex("downstream_proxy_proto.versions.v2.error", - "downstream_proxy_proto.versions.error", {proxy_protocol_version}); + regex_tester.testRegex("proxy_proto.versions.v2.error", "proxy_proto.error", + {proxy_protocol_version}); } TEST(TagExtractorTest, ExtAuthzTagExtractors) { diff --git a/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc b/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc index 10b787754835..2eb53b88f229 100644 --- a/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc +++ b/test/extensions/filters/listener/proxy_protocol/proxy_proto_integration_test.cc @@ -116,9 +116,9 @@ TEST_P(ProxyProtoIntegrationTest, V2RouterRequestAndResponseWithBodyNoBufferV6) testRouterRequestAndResponseWithBody(1024, 512, false, false, &creator); // Verify stats (with tags for proxy protocol version). - const auto found_counter = test_server_->counter("downstream_proxy_proto.versions.v2.found"); + const auto found_counter = test_server_->counter("proxy_proto.versions.v2.found"); EXPECT_EQ(found_counter->value(), 1UL); - EXPECT_EQ(found_counter->tagExtractedName(), "downstream_proxy_proto.versions.found"); + EXPECT_EQ(found_counter->tagExtractedName(), "proxy_proto.found"); EXPECT_THAT(found_counter->tags(), IsSupersetOf(Stats::TagVector{ {"envoy.proxy_protocol_version", "2"}, })); @@ -400,17 +400,16 @@ TEST_P(ProxyProtoDisallowedVersionsIntegrationTest, V1Disallowed) { tcp_client->waitForDisconnect(); // Verify stats (with tags for proxy protocol version). - const auto found_counter = test_server_->counter("downstream_proxy_proto.versions.v1.found"); + const auto found_counter = test_server_->counter("proxy_proto.versions.v1.found"); EXPECT_EQ(found_counter->value(), 1UL); - EXPECT_EQ(found_counter->tagExtractedName(), "downstream_proxy_proto.versions.found"); + EXPECT_EQ(found_counter->tagExtractedName(), "proxy_proto.found"); EXPECT_THAT(found_counter->tags(), IsSupersetOf(Stats::TagVector{ {"envoy.proxy_protocol_version", "1"}, })); - const auto disallowed_counter = - test_server_->counter("downstream_proxy_proto.versions.v1.disallowed"); + const auto disallowed_counter = test_server_->counter("proxy_proto.versions.v1.disallowed"); EXPECT_EQ(disallowed_counter->value(), 1UL); - EXPECT_EQ(disallowed_counter->tagExtractedName(), "downstream_proxy_proto.versions.disallowed"); + EXPECT_EQ(disallowed_counter->tagExtractedName(), "proxy_proto.disallowed"); EXPECT_THAT(disallowed_counter->tags(), IsSupersetOf(Stats::TagVector{ {"envoy.proxy_protocol_version", "1"}, })); @@ -431,9 +430,9 @@ TEST_P(ProxyProtoDisallowedVersionsIntegrationTest, V2Error) { tcp_client->waitForDisconnect(); // Verify stats (with tags for proxy protocol version). - const auto found_counter = test_server_->counter("downstream_proxy_proto.versions.v2.error"); + const auto found_counter = test_server_->counter("proxy_proto.versions.v2.error"); EXPECT_EQ(found_counter->value(), 1UL); - EXPECT_EQ(found_counter->tagExtractedName(), "downstream_proxy_proto.versions.error"); + EXPECT_EQ(found_counter->tagExtractedName(), "proxy_proto.error"); EXPECT_THAT(found_counter->tags(), IsSupersetOf(Stats::TagVector{ {"envoy.proxy_protocol_version", "2"}, })); diff --git a/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc b/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc index 8a6e2d45bf62..bd40f59e11eb 100644 --- a/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc +++ b/test/extensions/filters/listener/proxy_protocol/proxy_protocol_test.cc @@ -253,7 +253,7 @@ TEST_P(ProxyProtocolTest, V1UnsupportedIPv4) { Cleanup cleaner = Network::Address::Ipv4Instance::forceProtocolUnsupportedForTest(true); write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, V1UnsupportedIPv6) { @@ -261,7 +261,7 @@ TEST_P(ProxyProtocolTest, V1UnsupportedIPv6) { Cleanup cleaner = Network::Address::Ipv6Instance::forceProtocolUnsupportedForTest(true); write("PROXY TCP6 1:2:3::4 5:6::7:8 65535 1234\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, V1Basic) { @@ -275,7 +275,7 @@ TEST_P(ProxyProtocolTest, V1Basic) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocol) { @@ -293,7 +293,7 @@ TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocol) { write(msg); expectData(msg); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_allowed").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.not_found_allowed").value(), 1); } TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocolPartialMatchesV1First) { @@ -313,7 +313,7 @@ TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocolPartialMatchesV1First) { write(msg); expectData(msg); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_allowed").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.not_found_allowed").value(), 1); } TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocolPartialMatchesV2First) { @@ -333,7 +333,7 @@ TEST_P(ProxyProtocolTest, AllowTinyNoProxyProtocolPartialMatchesV2First) { write(msg); expectData(msg); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_allowed").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.not_found_allowed").value(), 1); } TEST_P(ProxyProtocolTest, AllowLargeNoProxyProtocol) { @@ -351,7 +351,7 @@ TEST_P(ProxyProtocolTest, AllowLargeNoProxyProtocol) { write(msg); expectData(msg); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_allowed").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.not_found_allowed").value(), 1); } TEST_P(ProxyProtocolTest, V1Minimal) { @@ -370,7 +370,7 @@ TEST_P(ProxyProtocolTest, V1Minimal) { EXPECT_FALSE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolTest, V2Basic) { @@ -389,7 +389,7 @@ TEST_P(ProxyProtocolTest, V2Basic) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, BasicV6) { @@ -403,7 +403,7 @@ TEST_P(ProxyProtocolTest, BasicV6) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolTest, V2BasicV6) { @@ -424,7 +424,7 @@ TEST_P(ProxyProtocolTest, V2BasicV6) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2UnsupportedIPv4) { @@ -438,7 +438,7 @@ TEST_P(ProxyProtocolTest, V2UnsupportedIPv4) { Cleanup cleaner = Network::Address::Ipv4Instance::forceProtocolUnsupportedForTest(true); write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2UnsupportedIPv6) { @@ -454,7 +454,7 @@ TEST_P(ProxyProtocolTest, V2UnsupportedIPv6) { Cleanup cleaner = Network::Address::Ipv6Instance::forceProtocolUnsupportedForTest(true); write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2UnsupportedAF) { @@ -467,7 +467,7 @@ TEST_P(ProxyProtocolTest, V2UnsupportedAF) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, ErrorRecv_2) { @@ -650,7 +650,7 @@ TEST_P(ProxyProtocolTest, V2NotLocalOrOnBehalf) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2LocalConnection) { @@ -672,7 +672,7 @@ TEST_P(ProxyProtocolTest, V2LocalConnection) { } EXPECT_FALSE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2LocalConnectionExtension) { @@ -694,7 +694,7 @@ TEST_P(ProxyProtocolTest, V2LocalConnectionExtension) { } EXPECT_FALSE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2LocalConnectionFilterState) { @@ -723,7 +723,7 @@ TEST_P(ProxyProtocolTest, V2LocalConnectionFilterState) { } EXPECT_FALSE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ShortV4) { @@ -735,7 +735,7 @@ TEST_P(ProxyProtocolTest, V2ShortV4) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ShortV4WithAllowNoProxyProtocol) { @@ -749,7 +749,7 @@ TEST_P(ProxyProtocolTest, V2ShortV4WithAllowNoProxyProtocol) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ShortAddrV4) { @@ -762,7 +762,7 @@ TEST_P(ProxyProtocolTest, V2ShortAddrV4) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ShortV6) { @@ -775,7 +775,7 @@ TEST_P(ProxyProtocolTest, V2ShortV6) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ShortAddrV6) { @@ -790,7 +790,7 @@ TEST_P(ProxyProtocolTest, V2ShortAddrV6) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2AF_UNIX) { @@ -803,7 +803,7 @@ TEST_P(ProxyProtocolTest, V2AF_UNIX) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2BadCommand) { @@ -816,7 +816,7 @@ TEST_P(ProxyProtocolTest, V2BadCommand) { write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2WrongVersion) { @@ -828,7 +828,7 @@ TEST_P(ProxyProtocolTest, V2WrongVersion) { connect(false); write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V1TooLong) { @@ -840,7 +840,7 @@ TEST_P(ProxyProtocolTest, V1TooLong) { } expectProxyProtoError(); // Not tracked as v1 due to missing /r/n at end - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_disallowed").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.not_found_disallowed").value(), 1); } TEST_P(ProxyProtocolTest, V1TooLongWithAllowNoProxyProtocol) { @@ -855,9 +855,9 @@ TEST_P(ProxyProtocolTest, V1TooLongWithAllowNoProxyProtocol) { expectProxyProtoError(); // Not allowed as unknown because of PROXY v1 signature match. // Not tracked as v1 due to missing /r/n at end. - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 0); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_allowed").value(), 0); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_disallowed").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.error").value(), 0); + EXPECT_EQ(stats_store_.counter("proxy_proto.not_found_allowed").value(), 0); + EXPECT_EQ(stats_store_.counter("proxy_proto.not_found_disallowed").value(), 1); } TEST_P(ProxyProtocolTest, V2ParseExtensions) { @@ -878,7 +878,7 @@ TEST_P(ProxyProtocolTest, V2ParseExtensions) { write(data, sizeof(data)); expectData("DATA"); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ParseExtensionsRecvError) { @@ -1006,7 +1006,7 @@ TEST_P(ProxyProtocolTest, V2ParseExtensionsFrag) { write(data, sizeof(data)); expectData("DATA"); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, Fragmented) { @@ -1028,7 +1028,7 @@ TEST_P(ProxyProtocolTest, Fragmented) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolTest, V2Fragmented1) { @@ -1051,7 +1051,7 @@ TEST_P(ProxyProtocolTest, V2Fragmented1) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2Fragmented2) { @@ -1074,7 +1074,7 @@ TEST_P(ProxyProtocolTest, V2Fragmented2) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2Fragmented3) { @@ -1099,7 +1099,7 @@ TEST_P(ProxyProtocolTest, V2Fragmented3) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2Fragmented4Error) { @@ -1341,7 +1341,7 @@ TEST_P(ProxyProtocolTest, PartialRead) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolTest, PartialV1ReadWithAllowNoProxyProtocol) { @@ -1363,7 +1363,7 @@ TEST_P(ProxyProtocolTest, PartialV1ReadWithAllowNoProxyProtocol) { "254.254.254.254"); EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolTest, TinyPartialV1ReadWithAllowNoProxyProtocol) { @@ -1389,7 +1389,7 @@ TEST_P(ProxyProtocolTest, TinyPartialV1ReadWithAllowNoProxyProtocol) { "254.254.254.254"); EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolTest, V2PartialRead) { @@ -1415,7 +1415,7 @@ TEST_P(ProxyProtocolTest, V2PartialRead) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, PartialV2ReadWithAllowNoProxyProtocol) { @@ -1445,7 +1445,7 @@ TEST_P(ProxyProtocolTest, PartialV2ReadWithAllowNoProxyProtocol) { "1.2.3.4"); EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, TinyPartialV2ReadWithAllowNoProxyProtocol) { @@ -1475,7 +1475,7 @@ TEST_P(ProxyProtocolTest, TinyPartialV2ReadWithAllowNoProxyProtocol) { "1.2.3.4"); EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.found").value(), 1); } const std::string ProxyProtocol = "envoy.filters.listener.proxy_protocol"; @@ -1519,7 +1519,7 @@ TEST_P(ProxyProtocolTest, V2ParseExtensionsLargeThanInitMaxReadBytes) { EXPECT_EQ(tlv_data, value_s); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractTlvOfInterest) { @@ -1559,7 +1559,7 @@ TEST_P(ProxyProtocolTest, V2ExtractTlvOfInterest) { auto value_s = fields.at("PP2 type authority").string_value(); ASSERT_THAT(value_s, ElementsAre(0x66, 0x6f, 0x6f, 0x2e, 0x63, 0x6f, 0x6d)); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractTlvOfInterestAndEmitWithSpecifiedMetadataNamespace) { @@ -1600,7 +1600,7 @@ TEST_P(ProxyProtocolTest, V2ExtractTlvOfInterestAndEmitWithSpecifiedMetadataName auto value_s = fields.at("PP2 type authority").string_value(); ASSERT_THAT(value_s, ElementsAre(0x66, 0x6f, 0x6f, 0x2e, 0x63, 0x6f, 0x6d)); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractMultipleTlvsOfInterest) { @@ -1660,7 +1660,7 @@ TEST_P(ProxyProtocolTest, V2ExtractMultipleTlvsOfInterest) { ElementsAre(0x01, 0x76, 0x70, 0x63, 0x2d, 0x30, 0x32, 0x35, 0x74, 0x65, 0x73, 0x74, 0x32, 0x66, 0x61, 0x36, 0x63, 0x36, 0x33, 0x68, 0x61, 0x37)); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractMultipleTlvsOfInterestAndSanitiseNonUtf8) { @@ -1725,7 +1725,7 @@ TEST_P(ProxyProtocolTest, V2ExtractMultipleTlvsOfInterestAndSanitiseNonUtf8) { ElementsAre(0x01, 0x76, 0x70, 0x63, 0x2d, 0x30, replacement, 0x35, 0x74, 0x65, 0x73, 0x74, 0x32, 0x66, 0x61, 0x36, 0x63, 0x36, 0x33, 0x68, replacement, 0x37)); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2WillNotOverwriteTLV) { @@ -1775,7 +1775,7 @@ TEST_P(ProxyProtocolTest, V2WillNotOverwriteTLV) { ASSERT_THAT(value_type_authority, ElementsAre(0x66, 0x6f, 0x6f, 0x2e, 0x63, 0x6f, 0x6d)); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2WrongTLVLength) { @@ -1798,7 +1798,7 @@ TEST_P(ProxyProtocolTest, V2WrongTLVLength) { write(tlv, sizeof(tlv)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2IncompleteTLV) { @@ -1828,7 +1828,7 @@ TEST_P(ProxyProtocolTest, V2IncompleteTLV) { write(tlv2, sizeof(tlv2)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterState) { @@ -1876,7 +1876,7 @@ TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterState) { proxy_proto_data.tlv_vector_[1].value.end())); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterStateIncludeEmpty) { @@ -1913,7 +1913,7 @@ TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterStateIncludeEmpty) { EXPECT_EQ(0, proxy_proto_data.tlv_vector_.size()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterStateIncludeTlV) { @@ -1954,7 +1954,7 @@ TEST_P(ProxyProtocolTest, V2ExtractTLVToFilterStateIncludeTlV) { EXPECT_EQ("foo.com", std::string(proxy_proto_data.tlv_vector_[0].value.begin(), proxy_proto_data.tlv_vector_[0].value.end())); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolTest, MalformedProxyLine) { @@ -1966,7 +1966,7 @@ TEST_P(ProxyProtocolTest, MalformedProxyLine) { expectProxyProtoError(); // Tracked as v1 because of trailing \r\n - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, MalformedProxyLineWithAllowNoProxyProtocol) { @@ -1980,7 +1980,7 @@ TEST_P(ProxyProtocolTest, MalformedProxyLineWithAllowNoProxyProtocol) { disconnect(); // Tracked as unknown because `set_allow_requests_without_proxy_protocol` matches v1 signature // differently that previous test case. - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_allowed").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.not_found_allowed").value(), 1); } TEST_P(ProxyProtocolTest, ProxyLineTooLarge) { @@ -1988,77 +1988,77 @@ TEST_P(ProxyProtocolTest, ProxyLineTooLarge) { write("012345678901234567890123456789012345678901234567890123456789" "012345678901234567890123456789012345678901234567890123456789"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_disallowed").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.not_found_disallowed").value(), 1); } TEST_P(ProxyProtocolTest, NotEnoughFields) { connect(false); write("PROXY TCP6 1:2:3::4 5:6::7:8 1234\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, UnsupportedProto) { connect(false); write("PROXY UDP6 1:2:3::4 5:6::7:8 1234 5678\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, InvalidSrcAddress) { connect(false); write("PROXY TCP4 230.0.0.1 10.1.1.3 1234 5678\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, InvalidDstAddress) { connect(false); write("PROXY TCP4 10.1.1.2 0.0.0.0 1234 5678\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, BadPort) { connect(false); write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, NegativePort) { connect(false); write("PROXY TCP6 1:2:3::4 5:6::7:8 -1 1234\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, PortOutOfRange) { connect(false); write("PROXY TCP6 1:2:3::4 5:6::7:8 66776 1234\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, BadAddress) { connect(false); write("PROXY TCP6 1::2:3::4 5:6::7:8 1234 5678\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, AddressVersionsNotMatch) { connect(false); write("PROXY TCP4 [1:2:3::4] 1.2.3.4 1234 5678\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, AddressVersionsNotMatch2) { connect(false); write("PROXY TCP4 1.2.3.4 [1:2:3: 1234 4]:5678\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolTest, Truncated) { @@ -2183,7 +2183,7 @@ TEST_P(ProxyProtocolTest, DrainError) { write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.error").value(), 1); } #endif @@ -2217,7 +2217,7 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV2BasicAllowed) { write(buffer, sizeof(buffer)); expectData("more data"); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV2BasicRejected) { @@ -2232,8 +2232,8 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV2BasicRejected) { 'r', 'e', ' ', 'd', 'a', 't', 'a'}; write(buffer, sizeof(buffer)); expectConnectionError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.disallowed").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.disallowed").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV2ShortError) { @@ -2247,7 +2247,7 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV2ShortError) { 'm', 'o', 'r', 'e', ' ', 'd', 'a', 't', 'a'}; write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV2ShortRejected) { @@ -2261,8 +2261,8 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV2ShortRejected) { 'm', 'o', 'r', 'e', ' ', 'd', 'a', 't', 'a'}; write(buffer, sizeof(buffer)); expectConnectionError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.disallowed").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.disallowed").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV1BasicAllowed) { @@ -2273,7 +2273,7 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV1BasicAllowed) { write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectData("more data"); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV1BasicRejected) { @@ -2283,8 +2283,8 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV1BasicRejected) { write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectConnectionError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.found").value(), 1); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.disallowed").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.disallowed").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV1BadPortError) { @@ -2294,7 +2294,7 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V2DisallowedV1BadPortError) { write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV1BadPortError) { @@ -2304,8 +2304,8 @@ TEST_P(ProxyProtocolDisallowedVersionsTest, V1DisallowedV1BadPortError) { write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); expectConnectionError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.found").value(), 1); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.disallowed").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.disallowed").value(), 1); } // Tests a combination of `disallowed_versions` and `allow_requests_without_proxy_protocol`. @@ -2338,7 +2338,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV2BasicA write(buffer, sizeof(buffer)); expectData("more data"); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.found").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV2BasicAllowed) { @@ -2354,7 +2354,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV2BasicA write(buffer, sizeof(buffer)); expectData(std::string(buffer, buffer + sizeof(buffer))); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_allowed").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.not_found_allowed").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV2ShortError) { @@ -2368,7 +2368,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV2ShortE 'm', 'o', 'r', 'e', ' ', 'd', 'a', 't', 'a'}; write(buffer, sizeof(buffer)); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v2.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v2.error").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV2ShortAllowed) { @@ -2383,7 +2383,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV2ShortA write(buffer, sizeof(buffer)); expectData(std::string(buffer, buffer + sizeof(buffer))); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_allowed").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.not_found_allowed").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV1BasicAllowed) { @@ -2394,7 +2394,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV1BasicA write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectData("more data"); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.found").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV1BasicAllowed) { @@ -2405,7 +2405,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV1BasicA write("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); expectData("PROXY TCP4 1.2.3.4 253.253.253.253 65535 1234\r\nmore data"); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_allowed").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.not_found_allowed").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV1BadPortError) { @@ -2415,7 +2415,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedV1BadPor write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); expectProxyProtoError(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.error").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.error").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV1BadPortAllowed) { @@ -2426,7 +2426,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V1DisallowedV1BadPor write("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); expectData("PROXY TCP6 1:2:3::4 5:6::7:8 1234 abc\r\nmore data"); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_allowed").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.not_found_allowed").value(), 1); } // In direct comparison to V1TooLongWithAllowNoProxyProtocol. @@ -2440,7 +2440,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, expectData("PROXY TCP4 1.2.3.4 2.3.4.5 100 100 RANDOM ENDING"); disconnect(); // Not tracked as v1 due to missing /r/n at end. - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_allowed").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.not_found_allowed").value(), 1); } TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedAllowTinyNoProxyProtocol) { @@ -2454,7 +2454,7 @@ TEST_P(ProxyProtocolDisallowedVersionsWithNoProxyProtoTest, V2DisallowedAllowTin write(msg); expectData(msg); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.not_found_allowed").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.not_found_allowed").value(), 1); } class WildcardProxyProtocolTest : public testing::TestWithParam, @@ -2627,7 +2627,7 @@ TEST_P(WildcardProxyProtocolTest, Basic) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.found").value(), 1); } TEST_P(WildcardProxyProtocolTest, BasicV6) { @@ -2643,7 +2643,7 @@ TEST_P(WildcardProxyProtocolTest, BasicV6) { EXPECT_TRUE(server_connection_->connectionInfoProvider().localAddressRestored()); disconnect(); - EXPECT_EQ(stats_store_.counter("downstream_proxy_proto.versions.v1.found").value(), 1); + EXPECT_EQ(stats_store_.counter("proxy_proto.versions.v1.found").value(), 1); } TEST(ProxyProtocolConfigFactoryTest, TestCreateFactory) {