├── .bazelversion ├── .gitignore ├── .clang-format ├── .azure-pipelines └── linux.yml ├── source ├── exe │ └── BUILD └── extensions │ └── filters │ └── network │ └── postgresql_proxy │ ├── config.proto │ ├── config.h │ ├── postgresql_utils.h │ ├── postgresql_session.h │ ├── config.cc │ ├── BUILD │ ├── postgresql_utils.cc │ ├── postgresql_decoder.h │ ├── postgresql_filter.h │ ├── postgresql_filter.cc │ └── postgresql_decoder.cc ├── WORKSPACE ├── README.md ├── configs └── postgresql.yaml ├── bazel └── get_workspace_status ├── .bazelrc └── LICENSE /.bazelversion: -------------------------------------------------------------------------------- 1 | 1.2.0 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /bazel-* 2 | .idea/* 3 | docker/envoy 4 | *.iml 5 | *.swp 6 | *.test 7 | /artifacts 8 | clang.bazelrc 9 | user.bazelrc 10 | **/plugin.wasm 11 | compile_commands.json 12 | -------------------------------------------------------------------------------- /.clang-format: -------------------------------------------------------------------------------- 1 | --- 2 | Language: Cpp 3 | AccessModifierOffset: -2 4 | ColumnLimit: 100 5 | DerivePointerAlignment: false 6 | PointerAlignment: Left 7 | SortIncludes: false 8 | ... 9 | 10 | --- 11 | Language: Proto 12 | ColumnLimit: 100 13 | SpacesInContainerLiterals: false 14 | AllowShortFunctionsOnASingleLine: false 15 | ... 16 | -------------------------------------------------------------------------------- /.azure-pipelines/linux.yml: -------------------------------------------------------------------------------- 1 | trigger: 2 | - master 3 | 4 | jobs: 5 | - job: build 6 | dependsOn: [] 7 | pool: 8 | name: Default 9 | demands: agent.name -equals RBE 10 | steps: 11 | - bash: | 12 | cp /home/diorahman/azure/bazelrc/*.bazelrc . 13 | bazel build //source/exe:postgresql-proxy 14 | displayName: "Build postgresql-proxy" 15 | -------------------------------------------------------------------------------- /source/exe/BUILD: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//visibility:public"]) 2 | 3 | licenses(["notice"]) # Apache 2 4 | 5 | load( 6 | "@envoy//bazel:envoy_build_system.bzl", 7 | "envoy_cc_binary", 8 | ) 9 | 10 | envoy_cc_binary( 11 | name = "postgresql-proxy", 12 | repository = "@envoy", 13 | deps = [ 14 | "//source/extensions/filters/network/postgresql_proxy:config", 15 | "@envoy//source/exe:envoy_main_entry_lib", 16 | ], 17 | ) 18 | -------------------------------------------------------------------------------- /source/extensions/filters/network/postgresql_proxy/config.proto: -------------------------------------------------------------------------------- 1 | syntax = "proto3"; 2 | 3 | package envoy.config.filter.network.postgresql_proxy.v1alpha1; 4 | 5 | option java_package = "io.envoyproxy.envoy.config.filter.network.postgresql_proxy.v1alpha1"; 6 | option java_outer_classname = "PostgreSQLProxyProto"; 7 | option java_multiple_files = true; 8 | 9 | import "validate/validate.proto"; 10 | 11 | // [#protodoc-title: PostgreSQL proxy] 12 | // PostgreSQL Proxy. 13 | // [#extension: envoy.filters.network.postgresql_proxy] 14 | message PostgreSQLProxy { 15 | // The human readable prefix to use when emitting statistics. 16 | string stat_prefix = 1 [(validate.rules).string = {min_bytes: 1}]; 17 | } 18 | -------------------------------------------------------------------------------- /WORKSPACE: -------------------------------------------------------------------------------- 1 | workspace(name = "envoy_postgres_extension") 2 | 3 | load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") 4 | 5 | ENVOY_SHA = "bb7ceff4c3c5bd4555dff28b6e56d27f2f8be0a7" 6 | 7 | http_archive( 8 | name = "envoy", 9 | strip_prefix = "envoy-" + ENVOY_SHA, 10 | url = "https://github.com/envoyproxy/envoy/archive/" + ENVOY_SHA + ".zip", 11 | ) 12 | 13 | load("@envoy//bazel:api_binding.bzl", "envoy_api_binding") 14 | 15 | envoy_api_binding() 16 | 17 | load("@envoy//bazel:api_repositories.bzl", "envoy_api_dependencies") 18 | 19 | envoy_api_dependencies() 20 | 21 | load("@envoy//bazel:repositories.bzl", "envoy_dependencies") 22 | 23 | envoy_dependencies() 24 | 25 | load("@envoy//bazel:dependency_imports.bzl", "envoy_dependency_imports") 26 | 27 | envoy_dependency_imports() 28 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## PostgreSQL Proxy 2 | 3 | [![Build Status](https://dev.azure.com/envoy-postgres/postgresql-proxy/_apis/build/status/envoy-postgres.postgresql-proxy?branchName=master)](https://dev.azure.com/envoy-postgres/postgresql-proxy/_build/latest?definitionId=1&branchName=master) 4 | 5 | To build this project, please prepare your machine following the instructions [here](https://github.com/envoyproxy/envoy/blob/master/bazel/README.md). 6 | 7 | TL;DR 8 | 9 | ``` 10 | $ bazel build //source/exe:postgresql-proxy 11 | $ ./bazel-bin/source/exe/postgresql-proxy --version 12 | 13 | ./bazel-bin/source/exe/postgresql-proxy version: 7565c76ca39cda76c9a7e7c3ba73ecadb6e42c67/1.13.0-dev/Clean/DEBUG/BoringSSL 14 | 15 | $ ./bazel-bin/source/exe/postgresql-proxy -c configs/postgresql.yaml 16 | $ # from another terminal session 17 | $ # e.g. you have: docker run --rm -it -p 5432:5432 -e POSTGRES_PASSWORD=testing -e POSTGRES_DB=testing circleci/postgres:11.1-alpine-ram running in localhost. 18 | $ PGPASSWORD=testing psql -U postgres -h localhost -p 54322 -d testing 19 | Type "help" for help. 20 | 21 | testing=# 22 | ``` 23 | 24 | ### License 25 | 26 | [LICENSE](LICENSE). 27 | -------------------------------------------------------------------------------- /configs/postgresql.yaml: -------------------------------------------------------------------------------- 1 | admin: 2 | access_log_path: /dev/null 3 | address: 4 | socket_address: 5 | address: 0.0.0.0 6 | port_value: 8000 7 | 8 | static_resources: 9 | clusters: 10 | - name: postgresql_cluster 11 | connect_timeout: 1s 12 | type: STRICT_DNS 13 | load_assignment: 14 | cluster_name: postgresql_cluster 15 | endpoints: 16 | - lb_endpoints: 17 | - endpoint: 18 | address: 19 | socket_address: 20 | address: 0.0.0.0 21 | port_value: 5432 22 | 23 | listeners: 24 | - name: listener 25 | address: 26 | socket_address: 27 | address: 0.0.0.0 28 | port_value: 54322 29 | filter_chains: 30 | - filters: 31 | - name: envoy.filters.network.postgresql_proxy 32 | typed_config: 33 | "@type": type.googleapis.com/envoy.config.filter.network.postgresql_proxy.v1alpha1.PostgreSQLProxy 34 | stat_prefix: egress_postgresql 35 | - name: envoy.tcp_proxy 36 | typed_config: 37 | "@type": type.googleapis.com/envoy.config.filter.network.tcp_proxy.v2.TcpProxy 38 | stat_prefix: tcp_postgresql 39 | cluster: postgresql_cluster 40 | -------------------------------------------------------------------------------- /source/extensions/filters/network/postgresql_proxy/config.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "extensions/filters/network/common/factory_base.h" 4 | #include "extensions/filters/network/postgresql_proxy/postgresql_filter.h" 5 | 6 | // TODO(dio): Move this to qpi directory when merging to upstream. 7 | #include "source/extensions/filters/network/postgresql_proxy/config.pb.h" 8 | #include "source/extensions/filters/network/postgresql_proxy/config.pb.validate.h" 9 | 10 | namespace Envoy { 11 | namespace Extensions { 12 | namespace NetworkFilters { 13 | namespace PostgreSQLProxy { 14 | 15 | /** 16 | * Config registration for the PostgreSQL proxy filter. 17 | */ 18 | class PostgreSQLConfigFactory 19 | : public Common::FactoryBase< 20 | envoy::config::filter::network::postgresql_proxy::v1alpha1::PostgreSQLProxy> { 21 | public: 22 | // TODO(dio): Put this filter name in well_known_names.h. 23 | PostgreSQLConfigFactory() : FactoryBase{"envoy.filters.network.postgresql_proxy"} {} 24 | 25 | private: 26 | Network::FilterFactoryCb createFilterFactoryFromProtoTyped( 27 | const envoy::config::filter::network::postgresql_proxy::v1alpha1::PostgreSQLProxy& 28 | proto_config, 29 | Server::Configuration::FactoryContext& context) override; 30 | }; 31 | 32 | } // namespace PostgreSQLProxy 33 | } // namespace NetworkFilters 34 | } // namespace Extensions 35 | } // namespace Envoy 36 | -------------------------------------------------------------------------------- /source/extensions/filters/network/postgresql_proxy/postgresql_utils.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | 4 | #include "envoy/common/platform.h" 5 | 6 | #include "common/buffer/buffer_impl.h" 7 | #include "common/common/byte_order.h" 8 | #include "common/common/logger.h" 9 | 10 | namespace Envoy { 11 | namespace Extensions { 12 | namespace NetworkFilters { 13 | namespace PostgreSQLProxy { 14 | 15 | constexpr int POSTGRESQL_SUCCESS = 0; 16 | constexpr int POSTGRESQL_FAILURE = -1; 17 | constexpr char POSTGRESQL_STR_END = '\0'; 18 | 19 | /** 20 | * IO helpers for reading PostgreSQL data from a buffer. 21 | */ 22 | class BufferHelper : public Logger::Loggable { 23 | public: 24 | static bool endOfBuffer(Buffer::Instance& buffer); 25 | static int readUint8(Buffer::Instance& buffer, uint8_t& val); 26 | static int readUint16(Buffer::Instance& buffer, uint16_t& val); 27 | static int readUint32(Buffer::Instance& buffer, uint32_t& val); 28 | static int readBytes(Buffer::Instance& buffer, size_t skip_bytes); 29 | static int readString(Buffer::Instance& buffer, std::string& str); 30 | static int readStringBySize(Buffer::Instance& buffer, size_t len, std::string& str); 31 | static int peekUint32(Buffer::Instance& buffer, uint32_t& val); 32 | }; 33 | 34 | } // namespace PostgreSQLProxy 35 | } // namespace NetworkFilters 36 | } // namespace Extensions 37 | } // namespace Envoy 38 | -------------------------------------------------------------------------------- /source/extensions/filters/network/postgresql_proxy/postgresql_session.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | 4 | #include "common/common/logger.h" 5 | 6 | namespace Envoy { 7 | namespace Extensions { 8 | namespace NetworkFilters { 9 | namespace PostgreSQLProxy { 10 | 11 | class PostgreSQLSession : Logger::Loggable { 12 | public: 13 | enum class ProtocolDirection { 14 | Frontend, 15 | Backend, 16 | Both 17 | }; 18 | 19 | enum class ProtocolType { 20 | Simple, 21 | Extended 22 | }; 23 | 24 | void setProtocolDirection(PostgreSQLSession::ProtocolDirection protocol_direction) { protocol_direction_ = protocol_direction; } 25 | PostgreSQLSession::ProtocolDirection getProtocolDirection() { return protocol_direction_; } 26 | 27 | void setProtocolType(PostgreSQLSession::ProtocolType protocol_type) { protocol_type_ = protocol_type; } 28 | PostgreSQLSession::ProtocolType getProtocolType() { return protocol_type_; } 29 | 30 | bool inTransaction() { return in_transaction_; }; 31 | void setInTransaction(bool in_transaction) { in_transaction_ = in_transaction; }; 32 | 33 | private: 34 | PostgreSQLSession::ProtocolDirection protocol_direction_; 35 | PostgreSQLSession::ProtocolType protocol_type_; 36 | bool in_transaction_{false}; 37 | }; 38 | 39 | } // namespace PostgreSQLProxy 40 | } // namespace NetworkFilters 41 | } // namespace Extensions 42 | } // namespace Envoy 43 | -------------------------------------------------------------------------------- /source/extensions/filters/network/postgresql_proxy/config.cc: -------------------------------------------------------------------------------- 1 | #include "extensions/filters/network/postgresql_proxy/config.h" 2 | 3 | namespace Envoy { 4 | namespace Extensions { 5 | namespace NetworkFilters { 6 | namespace PostgreSQLProxy { 7 | 8 | /** 9 | * Config registration for the PostgreSQL proxy filter. @see NamedNetworkFilterConfigFactory. 10 | */ 11 | Network::FilterFactoryCb 12 | NetworkFilters::PostgreSQLProxy::PostgreSQLConfigFactory::createFilterFactoryFromProtoTyped( 13 | const envoy::config::filter::network::postgresql_proxy::v1alpha1::PostgreSQLProxy& proto_config, 14 | Server::Configuration::FactoryContext& context) { 15 | ASSERT(!proto_config.stat_prefix().empty()); 16 | 17 | const std::string stat_prefix = fmt::format("postgresql.{}", proto_config.stat_prefix()); 18 | 19 | PostgreSQLFilterConfigSharedPtr filter_config( 20 | std::make_shared(stat_prefix, context.scope())); 21 | return [filter_config](Network::FilterManager& filter_manager) -> void { 22 | filter_manager.addFilter(std::make_shared(filter_config)); 23 | }; 24 | } 25 | 26 | /** 27 | * Static registration for the PostgreSQL proxy filter. @see RegisterFactory. 28 | */ 29 | REGISTER_FACTORY(PostgreSQLConfigFactory, Server::Configuration::NamedNetworkFilterConfigFactory); 30 | 31 | } // namespace PostgreSQLProxy 32 | } // namespace NetworkFilters 33 | } // namespace Extensions 34 | } // namespace Envoy -------------------------------------------------------------------------------- /source/extensions/filters/network/postgresql_proxy/BUILD: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//visibility:public"]) 2 | 3 | licenses(["notice"]) # Apache 2 4 | 5 | # PostgresSQL proxy L7 network filter. 6 | # Public docs: docs/root/configuration/network_filters/postgres_proxy_filter.rst 7 | 8 | load( 9 | "@envoy//bazel:envoy_build_system.bzl", 10 | "envoy_cc_library", 11 | ) 12 | load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") 13 | 14 | api_proto_package() 15 | 16 | envoy_cc_library( 17 | name = "filter", 18 | srcs = [ 19 | "postgresql_filter.cc", 20 | "postgresql_utils.cc", 21 | "postgresql_decoder.cc" 22 | ], 23 | hdrs = [ 24 | "postgresql_filter.h", 25 | "postgresql_utils.h", 26 | "postgresql_decoder.h", 27 | "postgresql_session.h" 28 | ], 29 | repository = "@envoy", 30 | deps = [ 31 | "@envoy//include/envoy/network:filter_interface", 32 | "@envoy//include/envoy/server:filter_config_interface", 33 | "@envoy//include/envoy/stats:stats_interface", 34 | "@envoy//include/envoy/stats:stats_macros", 35 | "@envoy//source/common/buffer:buffer_lib", 36 | "@envoy//source/common/network:filter_lib", 37 | ], 38 | ) 39 | 40 | envoy_cc_library( 41 | name = "config", 42 | srcs = ["config.cc"], 43 | hdrs = ["config.h"], 44 | repository = "@envoy", 45 | deps = [ 46 | ":filter", 47 | ":pkg_cc_proto", 48 | "@envoy//source/extensions/filters/network/common:factory_base_lib", 49 | ], 50 | ) 51 | -------------------------------------------------------------------------------- /bazel/get_workspace_status: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file was imported from https://github.com/bazelbuild/bazel at d6fec93. 4 | 5 | # This script will be run bazel when building process starts to 6 | # generate key-value information that represents the status of the 7 | # workspace. The output should be like 8 | # 9 | # KEY1 VALUE1 10 | # KEY2 VALUE2 11 | # 12 | # If the script exits with non-zero code, it's considered as a failure 13 | # and the output will be discarded. 14 | 15 | # For Envoy in particular, we want to force binaries to relink when the Git 16 | # SHA changes (https://github.com/envoyproxy/envoy/issues/2551). This can be 17 | # done by prefixing keys with "STABLE_". To avoid breaking compatibility with 18 | # other status scripts, this one still echos the non-stable ("volatile") names. 19 | 20 | # If this SOURCE_VERSION file exists then it must have been placed here by a 21 | # distribution doing a non-git, source build. 22 | # Distributions would be expected to echo the commit/tag as BUILD_SCM_REVISION 23 | if [ -f SOURCE_VERSION ] 24 | then 25 | echo "BUILD_SCM_REVISION $(cat SOURCE_VERSION)" 26 | echo "STABLE_BUILD_SCM_REVISION $(cat SOURCE_VERSION)" 27 | echo "BUILD_SCM_STATUS Distribution" 28 | exit 0 29 | fi 30 | 31 | # The code below presents an implementation that works for git repository 32 | git_rev=$(git rev-parse HEAD) 33 | if [[ $? != 0 ]]; 34 | then 35 | exit 1 36 | fi 37 | echo "BUILD_SCM_REVISION ${git_rev}" 38 | echo "STABLE_BUILD_SCM_REVISION ${git_rev}" 39 | 40 | # Check whether there are any uncommitted changes 41 | git diff-index --quiet HEAD -- 42 | if [[ $? == 0 ]]; 43 | then 44 | tree_status="Clean" 45 | else 46 | tree_status="Modified" 47 | fi 48 | echo "BUILD_SCM_STATUS ${tree_status}" 49 | echo "STABLE_BUILD_SCM_STATUS ${tree_status}" 50 | -------------------------------------------------------------------------------- /source/extensions/filters/network/postgresql_proxy/postgresql_utils.cc: -------------------------------------------------------------------------------- 1 | #include "extensions/filters/network/postgresql_proxy/postgresql_utils.h" 2 | 3 | namespace Envoy { 4 | namespace Extensions { 5 | namespace NetworkFilters { 6 | namespace PostgreSQLProxy { 7 | 8 | bool BufferHelper::endOfBuffer(Buffer::Instance& buffer) { 9 | return buffer.length() == 0; 10 | } 11 | 12 | int BufferHelper::readUint8(Buffer::Instance& buffer, uint8_t& val) { 13 | try { 14 | val = buffer.peekLEInt(0); 15 | buffer.drain(sizeof(uint8_t)); 16 | return POSTGRESQL_SUCCESS; 17 | } catch (EnvoyException& e) { 18 | // buffer underflow 19 | return POSTGRESQL_FAILURE; 20 | } 21 | } 22 | 23 | int BufferHelper::readUint16(Buffer::Instance& buffer, uint16_t& val) { 24 | try { 25 | val = buffer.peekLEInt(0); 26 | buffer.drain(sizeof(uint16_t)); 27 | return POSTGRESQL_SUCCESS; 28 | } catch (EnvoyException& e) { 29 | // buffer underflow 30 | return POSTGRESQL_FAILURE; 31 | } 32 | } 33 | 34 | int BufferHelper::readUint32(Buffer::Instance& buffer, uint32_t& val) { 35 | try { 36 | val = buffer.peekLEInt(0); 37 | buffer.drain(sizeof(uint32_t)); 38 | return POSTGRESQL_SUCCESS; 39 | } catch (EnvoyException& e) { 40 | // buffer underflow 41 | return POSTGRESQL_FAILURE; 42 | } 43 | } 44 | 45 | int BufferHelper::readBytes(Buffer::Instance& buffer, size_t skip_bytes) { 46 | if (buffer.length() < skip_bytes) { 47 | return POSTGRESQL_FAILURE; 48 | } 49 | //buffer.drain(skip_bytes); 50 | return POSTGRESQL_SUCCESS; 51 | } 52 | 53 | int BufferHelper::readString(Buffer::Instance& buffer, std::string& str) { 54 | char end = POSTGRESQL_STR_END; 55 | ssize_t index = buffer.search(&end, sizeof(end), 0); 56 | if (index == -1) { 57 | return POSTGRESQL_FAILURE; 58 | } 59 | if (static_cast(buffer.length()) < (index + 1)) { 60 | return POSTGRESQL_FAILURE; 61 | } 62 | str.assign(std::string(static_cast(buffer.linearize(index)), index)); 63 | str = str.substr(0); 64 | buffer.drain(index + 1); 65 | return POSTGRESQL_SUCCESS; 66 | } 67 | 68 | int BufferHelper::readStringBySize(Buffer::Instance& buffer, size_t len, std::string& str) { 69 | if (buffer.length() < len) { 70 | return POSTGRESQL_FAILURE; 71 | } 72 | str.assign(std::string(static_cast(buffer.linearize(len)), len)); 73 | str = str.substr(0); 74 | buffer.drain(len); 75 | return POSTGRESQL_SUCCESS; 76 | } 77 | 78 | int BufferHelper::peekUint32(Buffer::Instance& buffer, uint32_t& val) { 79 | try { 80 | val = buffer.peekLEInt(0); 81 | return POSTGRESQL_SUCCESS; 82 | } catch (EnvoyException& e) { 83 | // buffer underflow 84 | return POSTGRESQL_FAILURE; 85 | } 86 | } 87 | 88 | } // namespace PostgreSQLProxy 89 | } // namespace NetworkFilters 90 | } // namespace Extensions 91 | } // namespace Envoy 92 | -------------------------------------------------------------------------------- /source/extensions/filters/network/postgresql_proxy/postgresql_decoder.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | 4 | #include "envoy/common/platform.h" 5 | 6 | #include "common/buffer/buffer_impl.h" 7 | #include "common/common/logger.h" 8 | 9 | #include "extensions/filters/network/postgresql_proxy/postgresql_session.h" 10 | 11 | namespace Envoy { 12 | namespace Extensions { 13 | namespace NetworkFilters { 14 | namespace PostgreSQLProxy { 15 | 16 | /** 17 | * General callbacks for dispatching decoded PostgreSQL messages to a sink. 18 | */ 19 | class DecoderCallbacks { 20 | public: 21 | virtual ~DecoderCallbacks() = default; 22 | 23 | virtual void incErrors() PURE; 24 | virtual void incSessions() PURE; 25 | virtual void incStatements() PURE; 26 | virtual void incStatementsDelete() PURE; 27 | virtual void incStatementsInsert() PURE; 28 | virtual void incStatementsOther() PURE; 29 | virtual void incStatementsSelect() PURE; 30 | virtual void incStatementsUpdate() PURE; 31 | virtual void incTransactions() PURE; 32 | virtual void incTransactionsCommit() PURE; 33 | virtual void incTransactionsRollback() PURE; 34 | virtual void incWarnings() PURE; 35 | }; 36 | 37 | /** 38 | * PostgreSQL message decoder. 39 | */ 40 | class Decoder { 41 | public: 42 | virtual ~Decoder() = default; 43 | 44 | virtual void onData(Buffer::Instance& data) PURE; 45 | virtual PostgreSQLSession& getSession() PURE; 46 | }; 47 | 48 | using DecoderPtr = std::unique_ptr; 49 | 50 | class DecoderImpl : public Decoder, Logger::Loggable { 51 | public: 52 | DecoderImpl(DecoderCallbacks& callbacks) : callbacks_(callbacks) {} 53 | 54 | // PostgreSQLProxy::Decoder 55 | void onData(Buffer::Instance& data) override; 56 | PostgreSQLSession& getSession() override { return session_; } 57 | 58 | // Temp stuff for testing purposes 59 | void setCommand(std::string command) { command_ = command; } 60 | std::string getCommand() { return command_; } 61 | 62 | void setMessage(std::string message) { message_ = message; } 63 | std::string getMessage() { return message_; } 64 | 65 | void setMessageLength(uint32_t message_len) { message_len_ = message_len; } 66 | uint32_t getMessageLength() { return message_len_; } 67 | private: 68 | void parseMessage(Buffer::Instance& data); 69 | void decode(Buffer::Instance& data); 70 | void decodeBackend(); 71 | void decodeBackendStatements(); 72 | void decodeBackendErrorResponse(); 73 | void decodeBackendNoticeResponse(); 74 | void decodeBackendRowDescription(); 75 | 76 | void decodeFrontend(); 77 | bool isFrontend(); 78 | bool isBackend(); 79 | 80 | DecoderCallbacks& callbacks_; 81 | PostgreSQLSession session_; 82 | 83 | std::string command_; 84 | std::string message_; 85 | uint32_t message_len_; 86 | bool in_transaction_{false}; 87 | }; 88 | 89 | } // namespace PostgreSQLProxy 90 | } // namespace NetworkFilters 91 | } // namespace Extensions 92 | } // namespace Envoy 93 | -------------------------------------------------------------------------------- /source/extensions/filters/network/postgresql_proxy/postgresql_filter.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "envoy/network/filter.h" 4 | #include "envoy/stats/scope.h" 5 | #include "envoy/stats/stats.h" 6 | #include "envoy/stats/stats_macros.h" 7 | 8 | #include "common/buffer/buffer_impl.h" 9 | #include "common/common/logger.h" 10 | 11 | #include "extensions/filters/network/postgresql_proxy/postgresql_decoder.h" 12 | 13 | namespace Envoy { 14 | namespace Extensions { 15 | namespace NetworkFilters { 16 | namespace PostgreSQLProxy { 17 | 18 | /** 19 | * All PostgreSQL proxy stats. @see stats_macros.h 20 | */ 21 | #define ALL_POSTGRESQL_PROXY_STATS(COUNTER) \ 22 | COUNTER(sessions) \ 23 | COUNTER(errors) \ 24 | COUNTER(statements) \ 25 | COUNTER(statements_insert) \ 26 | COUNTER(statements_delete) \ 27 | COUNTER(statements_update) \ 28 | COUNTER(statements_select) \ 29 | COUNTER(statements_other) \ 30 | COUNTER(transactions) \ 31 | COUNTER(transactions_commit) \ 32 | COUNTER(transactions_rollback) \ 33 | COUNTER(warnings) 34 | 35 | /** 36 | * Struct definition for all PostgreSQL proxy stats. @see stats_macros.h 37 | */ 38 | struct PostgreSQLProxyStats { 39 | ALL_POSTGRESQL_PROXY_STATS(GENERATE_COUNTER_STRUCT) 40 | }; 41 | 42 | /** 43 | * Configuration for the PostgreSQL proxy filter. 44 | */ 45 | class PostgreSQLFilterConfig { 46 | public: 47 | PostgreSQLFilterConfig(const std::string& stat_prefix, Stats::Scope& scope); 48 | 49 | const std::string stat_prefix_; 50 | Stats::Scope& scope_; 51 | PostgreSQLProxyStats stats_; 52 | 53 | private: 54 | PostgreSQLProxyStats generateStats(const std::string& prefix, Stats::Scope& scope) { 55 | return PostgreSQLProxyStats{ALL_POSTGRESQL_PROXY_STATS(POOL_COUNTER_PREFIX(scope, prefix))}; 56 | } 57 | }; 58 | 59 | using PostgreSQLFilterConfigSharedPtr = std::shared_ptr; 60 | 61 | class PostgreSQLFilter : public Network::Filter, DecoderCallbacks, Logger::Loggable { 62 | public: 63 | PostgreSQLFilter(PostgreSQLFilterConfigSharedPtr config); 64 | ~PostgreSQLFilter() override = default; 65 | 66 | // Network::ReadFilter 67 | Network::FilterStatus onData(Buffer::Instance& data, bool end_stream) override; 68 | Network::FilterStatus onNewConnection() override; 69 | void initializeReadFilterCallbacks(Network::ReadFilterCallbacks& callbacks) override; 70 | 71 | // Network::WriteFilter 72 | Network::FilterStatus onWrite(Buffer::Instance& data, bool end_stream) override; 73 | 74 | // PostgreSQLProxy::DecoderCallback 75 | void incErrors() override; 76 | void incSessions() override; 77 | void incStatements() override; 78 | void incStatementsDelete() override; 79 | void incStatementsInsert() override; 80 | void incStatementsOther() override; 81 | void incStatementsSelect() override; 82 | void incStatementsUpdate() override; 83 | void incTransactions() override; 84 | void incTransactionsCommit() override; 85 | void incTransactionsRollback() override; 86 | void incWarnings() override; 87 | 88 | void doDecode(Buffer::Instance& data); 89 | DecoderPtr createDecoder(DecoderCallbacks& callbacks); 90 | private: 91 | Network::ReadFilterCallbacks* read_callbacks_{}; 92 | PostgreSQLFilterConfigSharedPtr config_; 93 | Buffer::OwnedImpl frontend_buffer_; 94 | Buffer::OwnedImpl backend_buffer_; 95 | std::unique_ptr decoder_; 96 | }; 97 | 98 | } // namespace PostgreSQLProxy 99 | } // namespace NetworkFilters 100 | } // namespace Extensions 101 | } // namespace Envoy 102 | -------------------------------------------------------------------------------- /source/extensions/filters/network/postgresql_proxy/postgresql_filter.cc: -------------------------------------------------------------------------------- 1 | #include "extensions/filters/network/postgresql_proxy/postgresql_decoder.h" 2 | #include "extensions/filters/network/postgresql_proxy/postgresql_filter.h" 3 | #include "extensions/filters/network/postgresql_proxy/postgresql_utils.h" 4 | 5 | #include "envoy/buffer/buffer.h" 6 | #include "envoy/network/connection.h" 7 | 8 | namespace Envoy { 9 | namespace Extensions { 10 | namespace NetworkFilters { 11 | namespace PostgreSQLProxy { 12 | 13 | PostgreSQLFilterConfig::PostgreSQLFilterConfig(const std::string& stat_prefix, Stats::Scope& scope) 14 | : stat_prefix_{stat_prefix}, scope_{scope}, stats_{generateStats(stat_prefix, scope)} {} 15 | 16 | PostgreSQLFilter::PostgreSQLFilter(PostgreSQLFilterConfigSharedPtr config) : config_{config} { 17 | if (!decoder_) { 18 | decoder_ = createDecoder(*this); 19 | } 20 | } 21 | 22 | // Network::ReadFilter 23 | Network::FilterStatus PostgreSQLFilter::onData(Buffer::Instance& data, bool) { 24 | ENVOY_CONN_LOG(trace, "echo: got {} bytes", read_callbacks_->connection(), data.length()); 25 | 26 | // Frontend Buffer 27 | frontend_buffer_.add(data); 28 | decoder_->getSession().setProtocolDirection(PostgreSQLSession::ProtocolDirection::Frontend); 29 | doDecode(frontend_buffer_); 30 | 31 | return Network::FilterStatus::Continue; 32 | } 33 | 34 | Network::FilterStatus PostgreSQLFilter::onNewConnection() { return Network::FilterStatus::Continue; } 35 | 36 | void PostgreSQLFilter::initializeReadFilterCallbacks(Network::ReadFilterCallbacks& callbacks) { 37 | read_callbacks_ = &callbacks; 38 | } 39 | 40 | // Network::WriteFilter 41 | Network::FilterStatus PostgreSQLFilter::onWrite(Buffer::Instance& data, bool) { 42 | 43 | // Backend Buffer 44 | backend_buffer_.add(data); 45 | decoder_->getSession().setProtocolDirection(PostgreSQLSession::ProtocolDirection::Backend); 46 | doDecode(backend_buffer_); 47 | 48 | return Network::FilterStatus::Continue; 49 | } 50 | 51 | DecoderPtr PostgreSQLFilter::createDecoder(DecoderCallbacks& callbacks) { 52 | return std::make_unique(callbacks); 53 | } 54 | 55 | void PostgreSQLFilter::incErrors() { config_->stats_.errors_.inc(); } 56 | 57 | void PostgreSQLFilter::incSessions() { config_->stats_.sessions_.inc(); } 58 | 59 | void PostgreSQLFilter::incStatements() { config_->stats_.statements_.inc(); } 60 | 61 | void PostgreSQLFilter::incStatementsDelete() { 62 | config_->stats_.statements_delete_.inc(); 63 | incTransactions(); 64 | } 65 | 66 | void PostgreSQLFilter::incStatementsInsert() { 67 | config_->stats_.statements_insert_.inc(); 68 | incTransactions(); 69 | } 70 | 71 | void PostgreSQLFilter::incStatementsOther() { 72 | config_->stats_.statements_other_.inc(); 73 | incTransactions(); 74 | } 75 | 76 | void PostgreSQLFilter::incStatementsSelect() { 77 | config_->stats_.statements_select_.inc(); 78 | incTransactions(); 79 | } 80 | 81 | void PostgreSQLFilter::incStatementsUpdate() { 82 | config_->stats_.statements_update_.inc(); 83 | incTransactions(); 84 | } 85 | 86 | void PostgreSQLFilter::incTransactions() { 87 | if (!decoder_->getSession().inTransaction()) { 88 | config_->stats_.transactions_.inc(); 89 | } 90 | } 91 | 92 | void PostgreSQLFilter::incTransactionsCommit() { 93 | if (!decoder_->getSession().inTransaction()) { 94 | config_->stats_.transactions_commit_.inc(); 95 | } 96 | } 97 | 98 | void PostgreSQLFilter::incTransactionsRollback() { 99 | if (!decoder_->getSession().inTransaction()) { 100 | config_->stats_.transactions_rollback_.inc(); 101 | } 102 | } 103 | 104 | void PostgreSQLFilter::incWarnings() { config_->stats_.warnings_.inc(); } 105 | 106 | void PostgreSQLFilter::doDecode(Buffer::Instance& data) { 107 | try { 108 | decoder_->onData(data); 109 | } catch (EnvoyException& e) { 110 | ENVOY_LOG(info, "postgresql_proxy: decoding error: {}", e.what()); 111 | frontend_buffer_.drain(frontend_buffer_.length()); 112 | backend_buffer_.drain(backend_buffer_.length()); 113 | } 114 | 115 | } 116 | 117 | } // namespace PostgreSQLProxy 118 | } // namespace NetworkFilters 119 | } // namespace Extensions 120 | } // namespace Envoy 121 | -------------------------------------------------------------------------------- /source/extensions/filters/network/postgresql_proxy/postgresql_decoder.cc: -------------------------------------------------------------------------------- 1 | #include "extensions/filters/network/postgresql_proxy/postgresql_decoder.h" 2 | #include "extensions/filters/network/postgresql_proxy/postgresql_utils.h" 3 | 4 | namespace Envoy { 5 | namespace Extensions { 6 | namespace NetworkFilters { 7 | namespace PostgreSQLProxy { 8 | 9 | void DecoderImpl::parseMessage(Buffer::Instance& data) { 10 | ENVOY_LOG(trace, "postgresql_proxy: parsing message, len {}", data.length()); 11 | 12 | std::string cmd; 13 | std::string message; 14 | uint32_t length; 15 | 16 | setMessageLength(data.length()); 17 | 18 | BufferHelper::readStringBySize(data, 1, cmd); 19 | setCommand(cmd); 20 | 21 | BufferHelper::readUint32(data, length); // just drain the four bytes 22 | 23 | BufferHelper::readStringBySize(data, data.length(), message); 24 | setMessage(message); 25 | 26 | ENVOY_LOG(trace, "postgresql_proxy: msg parsed"); 27 | } 28 | 29 | void DecoderImpl::decode(Buffer::Instance& data) { 30 | ENVOY_LOG(trace, "postgresql_proxy: decoding {} bytes", data.length()); 31 | 32 | parseMessage(data); 33 | 34 | if (isBackend()) { 35 | decodeBackend(); 36 | } else { 37 | decodeFrontend(); 38 | } 39 | 40 | ENVOY_LOG(trace, "postgresql_proxy: {} bytes remaining in buffer", data.length()); 41 | } 42 | 43 | void DecoderImpl::decodeBackend() { 44 | ENVOY_LOG(debug, "(Backend) command = {}", getCommand()); 45 | ENVOY_LOG(debug, "(Backend) length = {}", getMessageLength()); 46 | ENVOY_LOG(debug, "(Backend) message = {}", getMessage()); 47 | 48 | // Decode the backend commands 49 | switch (getCommand()[0]) 50 | { 51 | case 'C': // CommandComplete 52 | case '2': // BindComplete 53 | case 'S': // ParameterStatus 54 | decodeBackendStatements(); 55 | break; 56 | 57 | case '1': // ParseComplete 58 | callbacks_.incStatements(); 59 | callbacks_.incStatementsOther(); 60 | break; 61 | 62 | case 'T': // RowDescription 63 | decodeBackendRowDescription(); 64 | break; 65 | 66 | case 'R': // AuthenticationOk 67 | callbacks_.incSessions(); 68 | break; 69 | 70 | case 'E': // ErrorResponse 71 | decodeBackendErrorResponse(); 72 | break; 73 | 74 | case 'N': // NoticeResponse 75 | decodeBackendNoticeResponse(); 76 | break; 77 | } 78 | } 79 | 80 | void DecoderImpl::decodeBackendStatements() { 81 | callbacks_.incStatements(); 82 | if (getMessage().find("BEGIN") != std::string::npos) { 83 | callbacks_.incStatementsOther(); 84 | session_.setInTransaction(true); 85 | } else if (getMessage().find("START TRANSACTION") != std::string::npos) { 86 | callbacks_.incStatementsOther(); 87 | session_.setInTransaction(true); 88 | } else if (getMessage().find("ROLLBACK") != std::string::npos) { 89 | callbacks_.incStatementsOther(); 90 | session_.setInTransaction(false); 91 | callbacks_.incTransactionsRollback(); 92 | } else if (getMessage().find("COMMIT") != std::string::npos) { 93 | callbacks_.incStatementsOther(); 94 | session_.setInTransaction(false); 95 | callbacks_.incTransactionsCommit(); 96 | } else if (getMessage().find("INSERT") != std::string::npos) { 97 | callbacks_.incStatementsInsert(); 98 | callbacks_.incTransactionsCommit(); 99 | } else if (getMessage().find("UPDATE") != std::string::npos) { 100 | callbacks_.incStatementsUpdate(); 101 | callbacks_.incTransactionsCommit(); 102 | } else if (getMessage().find("DELETE") != std::string::npos) { 103 | callbacks_.incStatementsDelete(); 104 | callbacks_.incTransactionsCommit(); 105 | } else { 106 | callbacks_.incStatementsOther(); 107 | callbacks_.incTransactionsCommit(); 108 | } 109 | } 110 | 111 | void DecoderImpl::decodeBackendErrorResponse() { 112 | if (getMessage().find("VERROR") != std::string::npos) { 113 | callbacks_.incErrors(); 114 | } 115 | } 116 | 117 | void DecoderImpl::decodeBackendNoticeResponse() { 118 | if (getMessage().find("VWARNING") != std::string::npos) { 119 | callbacks_.incWarnings(); 120 | } 121 | } 122 | 123 | void DecoderImpl::decodeBackendRowDescription() { 124 | callbacks_.incStatements(); 125 | callbacks_.incStatementsSelect(); 126 | callbacks_.incTransactionsCommit(); 127 | } 128 | 129 | void DecoderImpl::decodeFrontend() { 130 | ENVOY_LOG(debug, "(Frontend) command = {}", getCommand()); 131 | ENVOY_LOG(debug, "(Frontend) length = {}", getMessageLength()); 132 | ENVOY_LOG(debug, "(Frontend) message = {}", getMessage()); 133 | 134 | switch (getCommand()[0]) 135 | { 136 | case 'Q': 137 | session_.setProtocolType(PostgreSQLSession::ProtocolType::Simple); 138 | break; 139 | 140 | case 'P': 141 | case 'B': 142 | session_.setProtocolType(PostgreSQLSession::ProtocolType::Extended); 143 | break; 144 | } 145 | } 146 | 147 | bool DecoderImpl::isBackend() { 148 | return (session_.getProtocolDirection() == PostgreSQLSession::ProtocolDirection::Backend); 149 | } 150 | 151 | bool DecoderImpl::isFrontend() { 152 | return (session_.getProtocolDirection() == PostgreSQLSession::ProtocolDirection::Frontend); 153 | } 154 | 155 | void DecoderImpl::onData(Buffer::Instance& data) { 156 | decode(data); 157 | } 158 | 159 | } // namespace PostgreSQLProxy 160 | } // namespace NetworkFilters 161 | } // namespace Extensions 162 | } // namespace Envoy 163 | -------------------------------------------------------------------------------- /.bazelrc: -------------------------------------------------------------------------------- 1 | # Envoy specific Bazel build/test options. 2 | 3 | # Bazel doesn't need more than 200MB of memory for local build based on memory profiling: 4 | # https://docs.bazel.build/versions/master/skylark/performance.html#memory-profiling 5 | # The default JVM max heapsize is 1/4 of physical memory up to 32GB which could be large 6 | # enough to consume all memory constrained by cgroup in large host, which is the case in CircleCI. 7 | # Limiting JVM heapsize here to let it do GC more when approaching the limit to 8 | # leave room for compiler/linker. 9 | # The number 2G is choosed heuristically to both support in CircleCI and large enough for RBE. 10 | # Startup options cannot be selected via config. 11 | startup --host_jvm_args=-Xmx2g 12 | 13 | build --workspace_status_command=bazel/get_workspace_status 14 | build --experimental_remap_main_repo 15 | build --experimental_local_memory_estimate 16 | build --experimental_strict_action_env=true 17 | build --host_force_python=PY2 18 | build --action_env=BAZEL_LINKLIBS=-l%:libstdc++.a 19 | build --action_env=BAZEL_LINKOPTS=-lm 20 | build --host_javabase=@bazel_tools//tools/jdk:remote_jdk11 21 | build --javabase=@bazel_tools//tools/jdk:remote_jdk11 22 | build --enable_platform_specific_config 23 | 24 | # Enable position independent code, this option is not supported on Windows and default on on macOS. 25 | build:linux --copt=-fPIC 26 | 27 | # We already have absl in the build, define absl=1 to tell googletest to use absl for backtrace. 28 | build --define absl=1 29 | 30 | # Pass PATH, CC, CXX and LLVM_CONFIG variables from the environment. 31 | build --action_env=CC 32 | build --action_env=CXX 33 | build --action_env=LLVM_CONFIG 34 | build --action_env=PATH 35 | 36 | # Common flags for sanitizers 37 | build:sanitizer --define tcmalloc=disabled 38 | build:sanitizer --linkopt -ldl 39 | build:sanitizer --build_tag_filters=-no_san 40 | build:sanitizer --test_tag_filters=-no_san 41 | 42 | # Common flags for Clang 43 | build:clang --action_env=BAZEL_COMPILER=clang 44 | build:clang --linkopt=-fuse-ld=lld 45 | 46 | # Basic ASAN/UBSAN that works for gcc 47 | build:asan --action_env=ENVOY_ASAN=1 48 | build:asan --config=sanitizer 49 | # ASAN install its signal handler, disable ours so the stacktrace will be printed by ASAN 50 | build:asan --define signal_trace=disabled 51 | build:asan --define ENVOY_CONFIG_ASAN=1 52 | build:asan --copt -fsanitize=address,undefined 53 | build:asan --linkopt -fsanitize=address,undefined 54 | # TODO(lizan): vptr and function requires C++ UBSAN runtime which we're not currently linking to. 55 | # Enable them when bazel has better support for that or with explicit linker options. 56 | build:asan --copt -fno-sanitize=vptr,function 57 | build:asan --linkopt -fno-sanitize=vptr,function 58 | build:asan --copt -DADDRESS_SANITIZER=1 59 | build:asan --copt -D__SANITIZE_ADDRESS__ 60 | build:asan --test_env=ASAN_OPTIONS=handle_abort=1:allow_addr2line=true:check_initialization_order=true:strict_init_order=true:detect_odr_violation=1 61 | build:asan --test_env=UBSAN_OPTIONS=halt_on_error=true:print_stacktrace=1 62 | build:asan --test_env=ASAN_SYMBOLIZER_PATH 63 | 64 | # Clang ASAN/UBSAN 65 | build:clang-asan --config=asan 66 | build:clang-asan --linkopt -fuse-ld=lld 67 | 68 | # macOS ASAN/UBSAN 69 | build:macos-asan --config=asan 70 | # Workaround, see https://github.com/bazelbuild/bazel/issues/6932 71 | build:macos-asan --copt -Wno-macro-redefined 72 | build:macos-asan --copt -D_FORTIFY_SOURCE=0 73 | # Workaround, see https://github.com/bazelbuild/bazel/issues/4341 74 | build:macos-asan --copt -DGRPC_BAZEL_BUILD 75 | # Dynamic link cause issues like: `dyld: malformed mach-o: load commands size (59272) > 32768` 76 | build:macos-asan --dynamic_mode=off 77 | 78 | # Clang TSAN 79 | build:clang-tsan --action_env=ENVOY_TSAN=1 80 | build:clang-tsan --config=sanitizer 81 | build:clang-tsan --define ENVOY_CONFIG_TSAN=1 82 | build:clang-tsan --copt -fsanitize=thread 83 | build:clang-tsan --linkopt -fsanitize=thread 84 | build:clang-tsan --linkopt -fuse-ld=lld 85 | # Needed due to https://github.com/libevent/libevent/issues/777 86 | build:clang-tsan --copt -DEVENT__DISABLE_DEBUG_MODE 87 | 88 | # Clang MSAN - this is the base config for remote-msan and docker-msan. To run this config without 89 | # our build image, follow https://github.com/google/sanitizers/wiki/MemorySanitizerLibcxxHowTo 90 | # with libc++ instruction and provide corresponding `--copt` and `--linkopt` as well. 91 | build:clang-msan --action_env=ENVOY_MSAN=1 92 | build:clang-msan --config=sanitizer 93 | build:clang-msan --define ENVOY_CONFIG_MSAN=1 94 | build:clang-msan --copt -fsanitize=memory 95 | build:clang-msan --linkopt -fsanitize=memory 96 | build:clang-msan --copt -fsanitize-memory-track-origins=2 97 | # MSAN needs -O1 to get reasonable performance. 98 | build:clang-msan --copt -O1 99 | 100 | # Clang with libc++ 101 | build:libc++ --config=clang 102 | build:libc++ --action_env=CXXFLAGS=-stdlib=libc++ 103 | build:libc++ --action_env=LDFLAGS=-stdlib=libc++ 104 | build:libc++ --action_env=BAZEL_CXXOPTS=-stdlib=libc++ 105 | build:libc++ --action_env=BAZEL_LINKLIBS=-l%:libc++.a:-l%:libc++abi.a:-lm 106 | build:libc++ --define force_libcpp=enabled 107 | 108 | # Optimize build for binary size reduction. 109 | build:sizeopt -c opt --copt -Os 110 | 111 | # Test options 112 | build --test_env=HEAPCHECK=normal --test_env=PPROF_PATH 113 | 114 | # Remote execution: https://docs.bazel.build/versions/master/remote-execution.html 115 | build:rbe-toolchain --host_platform=@envoy_build_tools//toolchains:rbe_ubuntu_clang_platform 116 | build:rbe-toolchain --platforms=@envoy_build_tools//toolchains:rbe_ubuntu_clang_platform 117 | build:rbe-toolchain --action_env=BAZEL_DO_NOT_DETECT_CPP_TOOLCHAIN=1 118 | 119 | build:rbe-toolchain-clang --config=rbe-toolchain 120 | build:rbe-toolchain-clang --crosstool_top=@rbe_ubuntu_clang//cc:toolchain 121 | build:rbe-toolchain-clang --extra_toolchains=@rbe_ubuntu_clang//config:cc-toolchain 122 | build:rbe-toolchain-clang --action_env=CC=clang --action_env=CXX=clang++ --action_env=PATH=/usr/sbin:/usr/bin:/sbin:/bin:/opt/llvm/bin 123 | 124 | build:rbe-toolchain-clang-libc++ --config=rbe-toolchain 125 | build:rbe-toolchain-clang-libc++ --crosstool_top=@rbe_ubuntu_clang_libcxx//cc:toolchain 126 | build:rbe-toolchain-clang-libc++ --extra_toolchains=@rbe_ubuntu_clang_libcxx//config:cc-toolchain 127 | build:rbe-toolchain-clang-libc++ --action_env=CC=clang --action_env=CXX=clang++ --action_env=PATH=/usr/sbin:/usr/bin:/sbin:/bin:/opt/llvm/bin 128 | build:rbe-toolchain-clang-libc++ --action_env=CXXFLAGS=-stdlib=libc++ 129 | build:rbe-toolchain-clang-libc++ --action_env=LDFLAGS=-stdlib=libc++ 130 | build:rbe-toolchain-clang-libc++ --define force_libcpp=enabled 131 | 132 | build:rbe-toolchain-msan --linkopt=-L/opt/libcxx_msan/lib 133 | build:rbe-toolchain-msan --linkopt=-Wl,-rpath,/opt/libcxx_msan/lib 134 | build:rbe-toolchain-msan --config=clang-msan 135 | 136 | build:rbe-toolchain-gcc --config=rbe-toolchain 137 | build:rbe-toolchain-gcc --crosstool_top=@rbe_ubuntu_gcc//cc:toolchain 138 | build:rbe-toolchain-gcc --extra_toolchains=@rbe_ubuntu_gcc//config:cc-toolchain 139 | 140 | build:remote --spawn_strategy=remote,sandboxed,local 141 | build:remote --strategy=Javac=remote,sandboxed,local 142 | build:remote --strategy=Closure=remote,sandboxed,local 143 | build:remote --strategy=Genrule=remote,sandboxed,local 144 | build:remote --remote_timeout=7200 145 | build:remote --auth_enabled=true 146 | build:remote --remote_download_toplevel 147 | 148 | build:remote-clang --config=remote 149 | build:remote-clang --config=rbe-toolchain-clang 150 | 151 | build:remote-clang-libc++ --config=remote 152 | build:remote-clang-libc++ --config=rbe-toolchain-clang-libc++ 153 | 154 | build:remote-gcc --config=remote 155 | build:remote-gcc --config=rbe-toolchain-gcc 156 | 157 | build:remote-msan --config=remote 158 | build:remote-msan --config=rbe-toolchain-clang-libc++ 159 | build:remote-msan --config=rbe-toolchain-msan 160 | 161 | # Docker sandbox 162 | # NOTE: Update this from https://github.com/envoyproxy/envoy-build-tools/blob/master/toolchains/rbe_toolchains_config.bzl#L7 163 | build:docker-sandbox --experimental_docker_image=envoyproxy/envoy-build-ubuntu@sha256:f0b2453c3587e3297f5caf5e97fbf57c97592c96136209ec13fe2795aae2c896 164 | build:docker-sandbox --spawn_strategy=docker 165 | build:docker-sandbox --strategy=Javac=docker 166 | build:docker-sandbox --strategy=Closure=docker 167 | build:docker-sandbox --strategy=Genrule=docker 168 | build:docker-sandbox --define=EXECUTOR=remote 169 | build:docker-sandbox --experimental_docker_verbose 170 | build:docker-sandbox --experimental_enable_docker_sandbox 171 | 172 | build:docker-clang --config=docker-sandbox 173 | build:docker-clang --config=rbe-toolchain-clang 174 | 175 | build:docker-clang-libc++ --config=docker-sandbox 176 | build:docker-clang-libc++ --config=rbe-toolchain-clang-libc++ 177 | 178 | build:docker-gcc --config=docker-sandbox 179 | build:docker-gcc --config=rbe-toolchain-gcc 180 | 181 | build:docker-msan --config=docker-sandbox 182 | build:docker-msan --config=rbe-toolchain-clang-libc++ 183 | build:docker-msan --config=rbe-toolchain-msan 184 | 185 | # CI configurations 186 | build:remote-ci --remote_cache=grpcs://remotebuildexecution.googleapis.com 187 | build:remote-ci --remote_executor=grpcs://remotebuildexecution.googleapis.com 188 | 189 | # Fuzz builds 190 | build:asan-fuzzer --config=clang-asan 191 | build:asan-fuzzer --define=FUZZING_ENGINE=libfuzzer 192 | build:asan-fuzzer --copt=-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 193 | build:asan-fuzzer --copt=-fsanitize=fuzzer-no-link 194 | # Remove UBSAN halt_on_error to avoid crashing on protobuf errors. 195 | build:asan-fuzzer --test_env=UBSAN_OPTIONS=print_stacktrace=1 196 | 197 | try-import %workspace%/clang.bazelrc 198 | try-import %workspace%/user.bazelrc 199 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | 179 | APPENDIX: How to apply the Apache License to your work. 180 | 181 | To apply the Apache License to your work, attach the following 182 | boilerplate notice, with the fields enclosed by brackets "[]" 183 | replaced with your own identifying information. (Don't include 184 | the brackets!) The text should be enclosed in the appropriate 185 | comment syntax for the file format. We also recommend that a 186 | file or class name and description of purpose be included on the 187 | same "printed page" as the copyright notice for easier 188 | identification within third-party archives. 189 | 190 | Copyright [yyyy] [name of copyright owner]. 191 | 192 | Licensed under the Apache License, Version 2.0 (the "License"); 193 | you may not use this file except in compliance with the License. 194 | You may obtain a copy of the License at 195 | 196 | http://www.apache.org/licenses/LICENSE-2.0 197 | 198 | Unless required by applicable law or agreed to in writing, software 199 | distributed under the License is distributed on an "AS IS" BASIS, 200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 201 | See the License for the specific language governing permissions and 202 | limitations under the License. --------------------------------------------------------------------------------