Feat rpings

.github/workflows/envoy-dependency.yml

@@ -243,7 +243,7 @@ jobs:
       run: |
         TODAY_DATE=$(date -u -I"date")
         export TODAY_DATE
-        bazel run --config=ci //tools/dependency:check --action_env=TODAY_DATE -- -c release_issues --fix
-        bazel run --config=ci //tools/dependency:check --action_env=TODAY_DATE -- -c cves -w error
+        bazel run --config=ci //tools/dependency:check -- -c release_issues --fix
+        # bazel run --config=ci //tools/dependency:check --action_env=TODAY_DATE -- -c cves -w error
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/mobile-coverage.yml

@@ -60,13 +60,6 @@ jobs:
           run: |
             cd mobile
             tar -czf coverage.tar.gz generated/coverage
-      # TODO(phlax): This is a highly undesirable workaround - remove once
-      #   https://github.com/bazelbuild/bazel/issues/23247 is resolved/available
-      steps-pre: |
-        - name: Inject bazel version
-          shell: bash
-          run: |
-            echo "7.1.2" > .bazelversion
       target: mobile-coverage
       timeout-minutes: 120
       upload-name: coverage.tar.gz

api/envoy/extensions/bootstrap/reverse_tunnel/upstream_socket_interface/v3/upstream_reverse_connection_socket_interface.proto

@@ -2,7 +2,10 @@ syntax = "proto3";
 
 package envoy.extensions.bootstrap.reverse_tunnel.upstream_socket_interface.v3;
 
+import "google/protobuf/wrappers.proto";
+
 import "udpa/annotations/status.proto";
+import "validate/validate.proto";
 
 option java_package = "io.envoyproxy.envoy.extensions.bootstrap.reverse_tunnel.upstream_socket_interface.v3";
 option java_outer_classname = "UpstreamReverseConnectionSocketInterfaceProto";
@@ -17,4 +20,8 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 message UpstreamReverseConnectionSocketInterface {
   // Stat prefix to be used for upstream reverse connection socket interface stats.
   string stat_prefix = 1;
+
+  // Number of consecutive ping failures before an idle reverse connection socket is marked dead.
+  // Defaults to 3 if unset. Must be at least 1.
+  google.protobuf.UInt32Value ping_failure_threshold = 2 [(validate.rules).uint32 = {gte: 1}];
 }

api/envoy/extensions/filters/network/tcp_proxy/v3/tcp_proxy.proto

@@ -9,6 +9,7 @@ import "envoy/config/core/v3/config_source.proto";
 import "envoy/config/core/v3/proxy_protocol.proto";
 import "envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto";
 import "envoy/type/v3/hash_policy.proto";
+import "envoy/type/v3/percent.proto";
 
 import "google/protobuf/duration.proto";
 import "google/protobuf/wrappers.proto";
@@ -28,7 +29,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // TCP Proxy :ref:`configuration overview <config_network_filters_tcp_proxy>`.
 // [#extension: envoy.filters.network.tcp_proxy]
 
-// [#next-free-field: 20]
+// [#next-free-field: 21]
 message TcpProxy {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.filter.network.tcp_proxy.v2.TcpProxy";
@@ -247,6 +248,12 @@ message TcpProxy {
   google.protobuf.Duration max_downstream_connection_duration = 13
       [(validate.rules).duration = {gte {nanos: 1000000}}];
 
+  // Percentage-based jitter for max_downstream_connection_duration. The jitter will increase
+  // the max_downstream_connection_duration by some random duration up to the provided percentage.
+  // This field is ignored if max_downstream_connection_duration is not set.
+  // If not set, no jitter will be added.
+  type.v3.Percent max_downstream_connection_duration_jitter_percentage = 20;
+
   // Note that if both this field and :ref:`access_log_flush_interval
   // <envoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.TcpAccessLogOptions.access_log_flush_interval>`
   // are specified, the former (deprecated field) is ignored.

bazel/foreign_cc/vpp_vcl.patch

@@ -1,7 +1,7 @@
-diff --git src/CMakeLists.txt src/CMakeLists.txt
-index 68d0a4f..9bf7ade 100644
---- src/CMakeLists.txt
-+++ src/CMakeLists.txt
+diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
+index 68d0a4fe6..9bf7adede 100644
+--- a/src/CMakeLists.txt
++++ b/src/CMakeLists.txt
 @@ -50,13 +50,8 @@ include(cmake/ccache.cmake)
  ##############################################################################
  # VPP Version
@@ -27,10 +27,10 @@ index 68d0a4f..9bf7ade 100644
    )
  elseif("${CMAKE_SYSTEM_NAME}" STREQUAL "Darwin")
    set(SUBDIRS vppinfra)
-diff --git src/cmake/ccache.cmake src/cmake/ccache.cmake
-index a7b395b..d6a4c5b 100644
---- src/cmake/ccache.cmake
-+++ src/cmake/ccache.cmake
+diff --git a/src/cmake/ccache.cmake b/src/cmake/ccache.cmake
+index a7b395bc6..d6a4c5b30 100644
+--- a/src/cmake/ccache.cmake
++++ b/src/cmake/ccache.cmake
 @@ -14,7 +14,7 @@
  ##############################################################################
  # ccache
@@ -40,10 +40,10 @@ index a7b395b..d6a4c5b 100644
  if(VPP_USE_CCACHE)
    find_program(CCACHE_FOUND ccache)
    message(STATUS "Looking for ccache")
-diff --git src/cmake/library.cmake src/cmake/library.cmake
-index 45b3944..b1dcc56 100644
---- src/cmake/library.cmake
-+++ src/cmake/library.cmake
+diff --git a/src/cmake/library.cmake b/src/cmake/library.cmake
+index 45b3944eb..b1dcc56e1 100644
+--- a/src/cmake/library.cmake
++++ b/src/cmake/library.cmake
 @@ -24,7 +24,7 @@ macro(add_vpp_library lib)
    set_target_properties(${lo} PROPERTIES POSITION_INDEPENDENT_CODE ON)
    target_compile_options(${lo} PUBLIC ${VPP_DEFAULT_MARCH_FLAGS})
@@ -53,10 +53,10 @@ index 45b3944..b1dcc56 100644
    target_sources(${lib} PRIVATE $<TARGET_OBJECTS:${lo}>)
 
    if(VPP_LIB_VERSION)
-diff --git src/tools/vppapigen/CMakeLists.txt src/tools/vppapigen/CMakeLists.txt
-index 04ebed5..bfabc3a 100644
---- src/tools/vppapigen/CMakeLists.txt
-+++ src/tools/vppapigen/CMakeLists.txt
+diff --git a/src/tools/vppapigen/CMakeLists.txt b/src/tools/vppapigen/CMakeLists.txt
+index 04ebed548..bfabc3a67 100644
+--- a/src/tools/vppapigen/CMakeLists.txt
++++ b/src/tools/vppapigen/CMakeLists.txt
 @@ -11,22 +11,6 @@
  # See the License for the specific language governing permissions and
  # limitations under the License.
@@ -80,28 +80,29 @@ index 04ebed5..bfabc3a 100644
  install(
    FILES vppapigen.py
    RENAME vppapigen
-diff --git src/tools/vppapigen/vppapigen.py src/tools/vppapigen/vppapigen.py
-index 2b0ce99..f28a173 100755
---- src/tools/vppapigen/vppapigen.py
-+++ src/tools/vppapigen/vppapigen.py
-@@ -7,6 +7,13 @@ import logging
+diff --git a/src/tools/vppapigen/vppapigen.py b/src/tools/vppapigen/vppapigen.py
+index 2b0ce9999..f8a7586ea 100755
+--- a/src/tools/vppapigen/vppapigen.py
++++ b/src/tools/vppapigen/vppapigen.py
+@@ -7,6 +7,14 @@ import logging
  import binascii
  import os
  from subprocess import Popen, PIPE
 +
++
 +# Put ply on the path ...
 +plypath = os.path.join(
 +    os.environ["EXT_BUILD_ROOT"],
-+    os.path.dirname(os.environ["PLYPATHS"].split()[0]))
++    os.path.dirname(os.path.dirname(os.environ["PLYPATHS"].split()[0])))
 +sys.path += [plypath]
 +
  import ply.lex as lex
  import ply.yacc as yacc
 
-diff --git src/vcl/CMakeLists.txt src/vcl/CMakeLists.txt
-index 610b422..c5e6f8c 100644
---- src/vcl/CMakeLists.txt
-+++ src/vcl/CMakeLists.txt
+diff --git a/src/vcl/CMakeLists.txt b/src/vcl/CMakeLists.txt
+index 610b422d1..c5e6f8ca8 100644
+--- a/src/vcl/CMakeLists.txt
++++ b/src/vcl/CMakeLists.txt
 @@ -35,6 +35,8 @@ if (LDP_HAS_GNU_SOURCE)
    add_compile_definitions(HAVE_GNU_SOURCE)
  endif(LDP_HAS_GNU_SOURCE)
@@ -111,10 +112,10 @@ index 610b422..c5e6f8c 100644
  add_vpp_library(vcl_ldpreload
    SOURCES
    ldp_socket_wrapper.c
-diff --git src/vppinfra/CMakeLists.txt src/vppinfra/CMakeLists.txt
-index f34ceed..51fd2be 100644
---- src/vppinfra/CMakeLists.txt
-+++ src/vppinfra/CMakeLists.txt
+diff --git a/src/vppinfra/CMakeLists.txt b/src/vppinfra/CMakeLists.txt
+index f34ceed9d..51fd2becf 100644
+--- a/src/vppinfra/CMakeLists.txt
++++ b/src/vppinfra/CMakeLists.txt
 @@ -233,13 +233,28 @@ option(VPP_USE_EXTERNAL_LIBEXECINFO "Use external libexecinfo (useful for non-gl
  if(VPP_USE_EXTERNAL_LIBEXECINFO)
    set(EXECINFO_LIB execinfo)

bazel/repositories.bzl

@@ -1021,6 +1021,7 @@ def _com_github_fdio_vpp_vcl():
         name = "com_github_fdio_vpp_vcl",
         build_file_content = _build_all_content(exclude = ["**/*doc*/**", "**/examples/**", "**/plugins/**"]),
         patches = ["@envoy//bazel/foreign_cc:vpp_vcl.patch"],
+        patch_args = ["-p1"],
     )
 
 def _rules_ruby():

bazel/repository_locations.bzl

@@ -1095,9 +1095,9 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_name = "Python rules for Bazel",
         project_desc = "Bazel rules for the Python language",
         project_url = "https://github.com/bazelbuild/rules_python",
-        version = "1.4.1",
-        sha256 = "9f9f3b300a9264e4c77999312ce663be5dee9a56e361a1f6fe7ec60e1beef9a3",
-        release_date = "2025-05-08",
+        version = "1.6.3",
+        sha256 = "2f5c284fbb4e86045c2632d3573fc006facbca5d1fa02976e89dc0cd5488b590",
+        release_date = "2025-09-21",
         strip_prefix = "rules_python-{version}",
         urls = ["https://github.com/bazelbuild/rules_python/archive/{version}.tar.gz"],
         use_category = ["build", "controlplane", "dataplane_core"],

changelogs/current.yaml

@@ -76,6 +76,15 @@ minor_behavior_changes:
     This can be accessed through the ``%UPSTREAM_DECOMPRESSED_HEADER_BYTES_RECEIVED%``,
     ``%DOWNSTREAM_DECOMPRESSED_HEADER_BYTES_RECEIVED%``, ``%UPSTREAM_DECOMPRESSED_HEADER_BYTES_SENT%``, and
     ``%DOWNSTREAM_DECOMPRESSED_HEADER_BYTES_SENT%`` access log command operators.
+- area: formatter
+  change: |
+    Deprecated legacy header formatter support for ``%DYNAMIC_METADATA(["namespace", "key", ...])%``
+    , ``%UPSTREAM_METADATA(["namespace", "key", ...])%`` and ``%PER_REQUEST_STATE(key)%``. Please use
+    ``%DYNAMIC_METADATA(namespace:key:...])%``, ``%UPSTREAM_METADATA(namespace:key:...])%``
+    and ``%FILTER_STATE(key:PLAIN)%`` as alternatives.
+    This change is guarded by the runtime flag
+    ``envoy.reloadable_features.remove_legacy_route_formatter`` and default to ``false`` for now
+    and will be flipped to ``true`` after two release periods.
 - area: oauth2
   change: |
     Added response code details to ``401`` local responses generated by the OAuth2 filter.
@@ -490,5 +499,9 @@ new_features:
     <envoy_v3_api_field_extensions.network.dns_resolver.cares.v3.CaresDnsResolverConfig.max_udp_channel_duration>`
     configuration field to the c-ares DNS resolver. This allows periodic refresh of the UDP channel
     to help avoid stale socket states and provide better load distribution across UDP ports.
+- area: tcp_proxy
+  change: |
+    Added ``max_downstream_connection_duration_jitter_percentage`` to allow adding a jitter to the max downstream connection duration.
+    This can be used to avoid thundering herd problems with many clients being disconnected and possibly reconnecting at the same time.
 
 deprecated:

docs/root/configuration/http/http_conn_man/headers.rst

@@ -702,7 +702,7 @@ headers are modified before the request is sent upstream and the response is not
 
 .. attention::
 
-  The following legacy header formatters are still supported, but will be deprecated in the future.
+  The following legacy header formatters are deprecated and will be removed soon.
   The equivalent information can be accessed using indicated substitutes.
 
   ``%DYNAMIC_METADATA(["namespace", "key", ...])%``

envoy/upstream/load_balancer.h

@@ -333,6 +333,14 @@ using ThreadAwareLoadBalancerPtr = std::unique_ptr<ThreadAwareLoadBalancer>;
 class LoadBalancerConfig {
 public:
   virtual ~LoadBalancerConfig() = default;
+
+  /**
+   * Optional method to allow a load balancer to validate endpoints before they're applied. If an
+   * error is returned from this method, the endpoints are rejected. If this method does not return
+   * an error, the load balancer must be able to use these endpoints in an update from the priority
+   * set.
+   */
+  virtual absl::Status validateEndpoints(const PriorityState&) const { return absl::OkStatus(); }
 };
 using LoadBalancerConfigPtr = std::unique_ptr<LoadBalancerConfig>;
 

envoy/upstream/upstream.h

@@ -499,10 +499,10 @@ using HostSetPtr = std::unique_ptr<HostSet>;
 class PrioritySet {
 public:
   using MemberUpdateCb =
-      std::function<absl::Status(const HostVector& hosts_added, const HostVector& hosts_removed)>;
+      std::function<void(const HostVector& hosts_added, const HostVector& hosts_removed)>;
 
-  using PriorityUpdateCb = std::function<absl::Status(
-      uint32_t priority, const HostVector& hosts_added, const HostVector& hosts_removed)>;
+  using PriorityUpdateCb = std::function<void(uint32_t priority, const HostVector& hosts_added,
+                                              const HostVector& hosts_removed)>;
 
   virtual ~PrioritySet() = default;
 

mobile/.bazelrc

@@ -203,15 +203,6 @@ test:mobile-remote-ci-linux-tsan --test_env=ENVOY_IP_TEST_VERSIONS=v4only
 #############################################################################
 # Clang environment variables (keep in sync with //third_party/rbe_configs)
 # Coverage environment variables (keep in sync with //third_party/rbe_configs)
-build:mobile-ci-linux-coverage --action_env=GCOV=/opt/llvm/bin/llvm-profdata
-build:mobile-ci-linux-coverage --test_env=GCOV=/opt/llvm/bin/llvm-profdata
-build:mobile-ci-linux-coverage --repo_env=GCOV=/opt/llvm/bin/llvm-profdata
-build:mobile-ci-linux-coverage --action_env=BAZEL_LLVM_COV=/opt/llvm/bin/llvm-cov
-build:mobile-ci-linux-coverage --test_env=BAZEL_LLVM_COV=/opt/llvm/bin/llvm-cov
-build:mobile-ci-linux-coverage --repo_env=BAZEL_LLVM_COV=/opt/llvm/bin/llvm-cov
-build:mobile-ci-linux-coverage --action_env=BAZEL_USE_LLVM_NATIVE_COVERAGE=1
-build:mobile-ci-linux-coverage --test_env=BAZEL_USE_LLVM_NATIVE_COVERAGE=1
-build:mobile-ci-linux-coverage --repo_env=BAZEL_USE_LLVM_NATIVE_COVERAGE=1
 build:mobile-ci-linux-coverage --build_tests_only
 build:mobile-ci-linux-coverage --@envoy//tools/coverage:config=@envoy_mobile//test:coverage_config
 

mobile/third_party/rbe_configs/cc/BUILD

@@ -95,7 +95,7 @@ cc_toolchain_config(
         "cpp": "/usr/bin/cpp",
         "gcc": "/opt/llvm/bin/clang",
         "dwp": "/usr/bin/dwp",
-        "gcov": "/opt/llvm/bin/llvm-cov",
+        "gcov": "/opt/llvm/bin/llvm-profdata",
         "nm": "/usr/bin/nm",
         "objcopy": "/usr/bin/objcopy",
         "objdump": "/usr/bin/objdump",
@@ -128,8 +128,11 @@ cc_toolchain_config(
     "-D__DATE__=\"redacted\"",
     "-D__TIMESTAMP__=\"redacted\"",
     "-D__TIME__=\"redacted\""],
-    coverage_compile_flags = ["--coverage"],
-    coverage_link_flags = ["--coverage"],
+    coverage_compile_flags = [
+        "-fprofile-instr-generate",
+        "-fcoverage-mapping",
+    ],
+    coverage_link_flags = ["-fprofile-instr-generate"],
     supports_start_end_lib = True,
 )
 

source/common/common/assert.cc

@@ -45,12 +45,12 @@ class EnvoyBugState {
   static EnvoyBugState& get() { MUTABLE_CONSTRUCT_ON_FIRST_USE(EnvoyBugState); }
 
   void clear() {
-    absl::MutexLock lock(&mutex_);
+    absl::MutexLock lock(mutex_);
     counters_.clear();
   }
 
   uint64_t inc(absl::string_view bug_name) {
-    absl::MutexLock lock(&mutex_);
+    absl::MutexLock lock(mutex_);
     return ++counters_[bug_name];
   }
 

source/common/common/callback_impl.h

@@ -21,9 +21,9 @@ namespace Common {
  *
  * @see ThreadSafeCallbackManager for dealing with callbacks across multiple threads
  */
-template <typename... CallbackArgs> class CallbackManager {
+template <typename ReturnType, typename... CallbackArgs> class CallbackManager {
 public:
-  using Callback = std::function<absl::Status(CallbackArgs...)>;
+  using Callback = std::function<ReturnType(CallbackArgs...)>;
 
   /**
    * Add a callback.
@@ -46,12 +46,16 @@ template <typename... CallbackArgs> class CallbackManager {
    *       to change (specifically, it will crash if the next callback in the list is deleted).
    * @param args supplies the callback arguments.
    */
-  absl::Status runCallbacks(CallbackArgs... args) {
+  ReturnType runCallbacks(CallbackArgs... args) {
     for (auto it = callbacks_.cbegin(); it != callbacks_.cend();) {
       auto current = *(it++);
-      RETURN_IF_NOT_OK(current->cb_(args...));
+      if constexpr (std::is_same_v<absl::Status, ReturnType>) {
+        RETURN_IF_NOT_OK(current->cb_(args...));
+      } else {
+        current->cb_(args...);
+      }
     }
-    return absl::OkStatus();
+    return defaultReturn();
   }
 
   /**
@@ -62,12 +66,16 @@ template <typename... CallbackArgs> class CallbackManager {
    * @param run_with function that is responsible for generating inputs to callbacks. This will be
    * executed once for each callback.
    */
-  absl::Status runCallbacksWith(std::function<std::tuple<CallbackArgs...>(void)> run_with) {
+  ReturnType runCallbacksWith(std::function<std::tuple<CallbackArgs...>(void)> run_with) {
     for (auto it = callbacks_.cbegin(); it != callbacks_.cend();) {
       auto cb = *(it++);
-      RETURN_IF_NOT_OK(std::apply(cb->cb_, run_with()));
+      if constexpr (std::is_same_v<absl::Status, ReturnType>) {
+        RETURN_IF_NOT_OK(std::apply(cb->cb_, run_with()));
+      } else {
+        std::apply(cb->cb_, run_with());
+      }
     }
-    return absl::OkStatus();
+    return defaultReturn();
   }
 
   size_t size() const noexcept { return callbacks_.size(); }
@@ -100,6 +108,15 @@ template <typename... CallbackArgs> class CallbackManager {
    */
   void remove(typename std::list<CallbackHolder*>::iterator& it) { callbacks_.erase(it); }
 
+  // Templating helper
+  ReturnType defaultReturn() {
+    if constexpr (std::is_same_v<absl::Status, ReturnType>) {
+      return absl::OkStatus();
+    } else {
+      return void();
+    }
+  }
+
   std::list<CallbackHolder*> callbacks_;
   // This is a sentinel shared_ptr used for keeping track of whether the manager is still alive.
   // It is only held by weak reference in the callback holder above. This is used versus having