Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

grpc: Add support for max frame length in gPRC frame decoding #32511

Merged
merged 9 commits into from
Mar 6, 2024

Conversation

tyxia
Copy link
Member

@tyxia tyxia commented Feb 22, 2024

The workflow:

  • Client of gRPC decoder configure the max_frame_length via setMaxFrameLength()
  • If max_frame_length is configured and total length exceeds the limit, the future decoding process will be skipped and returned

The use case/ motivation: Enable max_receive_message_length in Envoy-gRPC (which use gRPC decoder) .

  • When the message is over limit, it can be rejected before frame data is fully decoded (i.e. expanded).
  • This can prevent malicious attack , for example, unbounded and huge message is sent over channel and is injected and buffered in Envoy over Envoy-gRPC.

Next step:

  • Refactor bool Decoder::decode method: Change the return type from bool to absl:status so that the caller can identify whether it is decoding error or over-limit error.

Copy link

As a reminder, PRs marked as draft will not be automatically assigned reviewers,
or be handled by maintainer-oncall triage.

Please mark your PR as ready when you want it to be reviewed!

🐱

Caused by: #32511 was opened by tyxia.

see: more, trace.

Signed-off-by: tyxia <[email protected]>
Signed-off-by: tyxia <[email protected]>
Signed-off-by: tyxia <[email protected]>
@tyxia tyxia marked this pull request as ready for review February 22, 2024 17:54
@tyxia
Copy link
Member Author

tyxia commented Feb 22, 2024

/assign @htuch

PTAL, Thanks!

@tyxia
Copy link
Member Author

tyxia commented Feb 28, 2024

/assign @yanavlasov

Add Yan per offline discussion

Copy link
Member

@htuch htuch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Signed-off-by: tyxia <[email protected]>
Signed-off-by: tyxia <[email protected]>
Signed-off-by: tyxia <[email protected]>
Signed-off-by: tyxia <[email protected]>
Signed-off-by: tyxia <[email protected]>
Copy link
Contributor

@yanavlasov yanavlasov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/wait-any

source/common/grpc/codec.h Show resolved Hide resolved
@yanavlasov yanavlasov merged commit 4fa98b2 into envoyproxy:main Mar 6, 2024
54 checks passed
@tyxia tyxia deleted the grpc_codec branch March 6, 2024 16:44
mattjo added a commit to mattjo/envoy that referenced this pull request Mar 6, 2024
* origin: (34 commits)
  update CODEOWNER (envoyproxy#32457)
  Delete unused runtime flag. (envoyproxy#32739)
  mobile: Use direct ByteBuffer to pass data between C++ and Java (envoyproxy#32715)
  quic: support cert selection by SNI, non-PEM formats (envoyproxy#32260)
  mobile: Replace std::thread with Envoy::Thread::PosixThread (envoyproxy#32610)
  grpc: Add support for max frame length in gPRC frame decoding (envoyproxy#32511)
  build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (envoyproxy#32728)
  build(deps): bump the examples-golang-network group in /examples/golang-network/simple with 1 update (envoyproxy#32732)
  build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /contrib/golang/filters/http/test/test_data/property (envoyproxy#32731)
  build(deps): bump otel/opentelemetry-collector from `246dfe9` to `71ac13c` in /examples/opentelemetry (envoyproxy#32730)
  build(deps): bump the examples-grpc-bridge group in /examples/grpc-bridge/server with 2 updates (envoyproxy#32720)
  build(deps): bump the contrib-golang group in /contrib/golang/router/cluster_specifier/test/test_data/simple with 1 update (envoyproxy#32721)
  build(deps): bump the contrib-golang group in /contrib/golang/filters/http/test/test_data/echo with 1 update (envoyproxy#32722)
  build(deps): bump the examples-ext-authz group in /examples/ext_authz/auth/grpc-service with 1 update (envoyproxy#32723)
  build(deps): bump the contrib-golang group in /contrib/golang/filters/http/test/test_data/routeconfig with 1 update (envoyproxy#32724)
  build(deps): bump the examples-load-reporting group in /examples/load-reporting-service with 1 update (envoyproxy#32726)
  build(deps): bump the contrib-golang group in /contrib/golang/filters/http/test/test_data/buffer with 1 update (envoyproxy#32727)
  build(deps): bump the examples-golang-http group in /examples/golang-http/simple with 1 update (envoyproxy#32729)
  opentelemetrytracer: Add User-Agent header to OTLP trace exporters (envoyproxy#32659)
  build: remove incorrect cc_library after tls code move (envoyproxy#32714)
  ...
htuch pushed a commit that referenced this pull request Mar 29, 2024
This PR is to improve the error status/code

In PR #32511, we introduce a max_frame_length feature (optional) . Now gRPC frame decoding can fail EITHER (1) due to decoding error OR (2) due to over-frame-limit error.

To better surface the error message, this PR refactor return type from bool to absl::status , so that the caller site can differentiate the error status. source/common/grpc/async_client_impl.cc in this PR can be an user example

Risk level: Low
Testing: Unit tests

Signed-off-by: tyxia <[email protected]>
alyssawilk pushed a commit to alyssawilk/envoy that referenced this pull request Apr 29, 2024
This PR is to improve the error status/code

In PR envoyproxy#32511, we introduce a max_frame_length feature (optional) . Now gRPC frame decoding can fail EITHER (1) due to decoding error OR (2) due to over-frame-limit error.

To better surface the error message, this PR refactor return type from bool to absl::status , so that the caller site can differentiate the error status. source/common/grpc/async_client_impl.cc in this PR can be an user example

Risk level: Low
Testing: Unit tests

Signed-off-by: tyxia <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants