fix(translator): Fix panic with request mirror + grpcroute#6875
Merged
arkodg merged 13 commits intoenvoyproxy:mainfrom Sep 2, 2025
Merged
fix(translator): Fix panic with request mirror + grpcroute#6875arkodg merged 13 commits intoenvoyproxy:mainfrom
arkodg merged 13 commits intoenvoyproxy:mainfrom
Conversation
AndyMoreland
force-pushed
the
fix/6874-fix-request-mirror
branch
2 times, most recently
from
0261526 to
da5dfd6
Compare
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #6875 +/- ##
==========================================
- Coverage 71.10% 71.08% -0.03%
==========================================
Files 225 225
Lines 39859 39868 +9
==========================================
- Hits 28343 28340 -3
- Misses 9848 9857 +9
- Partials 1668 1671 +3 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
AndyMoreland
force-pushed
the
fix/6874-fix-request-mirror
branch
from
c2e5f76 to
fea450c
Compare
arkodg
reviewed
Aug 30, 2025
internal/gatewayapi/filters.go
Outdated
Contributor
There was a problem hiding this comment.
can we eliminate this ?
validateBackendRef already accepts a backend interface
gateway/internal/gatewayapi/validate.go
Line 29 in c181d47
Contributor
Author
There was a problem hiding this comment.
@arkodg I think we need some kind of split in the concrete type of the iface approximately here, because validateBackendRefFilters needs GRPCRoutes to have a GRPCRouteFilter-containing-backendref, and HTTPRoutes to have an HTTPRouteFilter-containing-backendref -- the panic was caused by the existing unification causing the downstream cast to fail.
Contributor
Author
There was a problem hiding this comment.
(I'm not a go expert or familiar with the types in play, but this was the smallest code diff way I found to avoid the unchecked cast panic)
Member
|
@AndyMoreland e.g. var mirrorBackendRef BackendRefContext
routeType := GetRouteType(filterContext.Route)
if routeType == resource.KindGRPCRoute {
mirrorBackendRef = gwapiv1.GRPCBackendRef{
BackendRef: gwapiv1.BackendRef{
BackendObjectReference: mirrorBackend,
Weight: &weight,
},
}
} else {
mirrorBackendRef = gwapiv1.HTTPBackendRef{
BackendRef: gwapiv1.BackendRef{
BackendObjectReference: mirrorBackend,
Weight: &weight,
},
}
}
// This sets the status on the HTTPRoute, should the usage be changed so that the status message reflects that the backendRef is from the filter?
filterNs := filterContext.Route.GetNamespace()
serviceNamespace := NamespaceDerefOr(mirrorBackend.Namespace, filterNs)
err = t.validateBackendRef(mirrorBackendRef, filterContext.Route,
resources, serviceNamespace, routeType) |
Contributor
|
+1 to #6875 (comment) |
Signed-off-by: Andrew Moreland <[email protected]>
Signed-off-by: Andrew Moreland <[email protected]>
Signed-off-by: Andrew Moreland <[email protected]>
Signed-off-by: Andrew Moreland <[email protected]>
Signed-off-by: Andrew Moreland <[email protected]>
Signed-off-by: Andrew Moreland <[email protected]>
Signed-off-by: Andrew Moreland <[email protected]>
The validateBackendRefFilters function casts the Filters field to the specific filter type (HTTPRouteFilter vs GRPCRouteFilter) based on the routeKind. Using the wrong wrapper type causes a type assertion panic, so we must keep the typed wrappers despite the duplication. Signed-off-by: Andrew Moreland <[email protected]>
Signed-off-by: Andrew Moreland <[email protected]>
Simplified the RequestMirror filter processing by: - Getting RouteType directly from filterContext - Creating appropriate BackendRef type (HTTP or gRPC) based on RouteType - Consolidating logic into single processRequestMirrorFilter function - Keeping processGRPCRequestMirrorFilter as a delegate for compatibility This approach follows the review feedback and maintains the fix for GRPCRoute panic while simplifying the code structure. Signed-off-by: Andrew Moreland <[email protected]>
AndyMoreland
force-pushed
the
fix/6874-fix-request-mirror
branch
from
521204e to
4740589
Compare
Contributor
Author
|
I've applied the suggested change |
ProcessGRPCFilters now calls processRequestMirrorFilter directly since it already handles both HTTP and gRPC routes based on RouteType. Signed-off-by: Andrew Moreland <[email protected]>
Signed-off-by: Andrew Moreland <[email protected]>
arkodg
reviewed
Sep 2, 2025
Contributor
|
thanks for addressing the comments @AndyMoreland, added one minor comment |
Co-authored-by: Arko Dasgupta <[email protected]> Signed-off-by: Andrew Moreland <[email protected]>
Contributor
Author
|
I've merged your suggestion |
zirain
approved these changes
Sep 2, 2025
shawnh2
pushed a commit
to shawnh2/gateway
that referenced
this pull request
Oct 15, 2025
…y#6875) Signed-off-by: Andrew Moreland <[email protected]> Signed-off-by: shawnh2 <[email protected]>
arkodg
added a commit
that referenced
this pull request
Oct 15, 2025
* fix(xds-server): clear snapshot on stream close (#6618) * fix(xds-server): clear snapshot on stream close Signed-off-by: Zachary Vacura <[email protected]> * check if there are other active connections before clearning the snapshot Signed-off-by: Zachary Vacura <[email protected]> Signed-off-by: shawnh2 <[email protected]> * bug: disable x-envoy-ratelimited by default (#7110) * bug: disable x-envoy-ratelimited by default * can be enabled with `enableEnvoyHeaders` in CTP Relates to #7034 Signed-off-by: Arko Dasgupta <[email protected]> * fix tests and release note Signed-off-by: Arko Dasgupta <[email protected]> * fix testdata Signed-off-by: Arko Dasgupta <[email protected]> --------- Signed-off-by: Arko Dasgupta <[email protected]> Signed-off-by: shawnh2 <[email protected]> * fix(translator): Fix panic with request mirror + grpcroute (#6875) Signed-off-by: Andrew Moreland <[email protected]> Signed-off-by: shawnh2 <[email protected]> * fix: bug in overlap detection of cert SANs (#7234) Signed-off-by: shawnh2 <[email protected]> * bump golang for crypto/x509 reggression (#7236) Signed-off-by: zirain <[email protected]> Signed-off-by: shawnh2 <[email protected]> * fix gen-check Signed-off-by: shawnh2 <[email protected]> --------- Signed-off-by: Zachary Vacura <[email protected]> Signed-off-by: shawnh2 <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> Signed-off-by: Andrew Moreland <[email protected]> Signed-off-by: zirain <[email protected]> Co-authored-by: Zach Vacura <[email protected]> Co-authored-by: Arko Dasgupta <[email protected]> Co-authored-by: Andrew Moreland <[email protected]> Co-authored-by: Rudrakh Panigrahi <[email protected]> Co-authored-by: zirain <[email protected]>
zirain
pushed a commit
to zirain/gateway
that referenced
this pull request
Nov 14, 2025
…y#6875) Signed-off-by: Andrew Moreland <[email protected]> Signed-off-by: zirain <[email protected]>
zirain
added a commit
that referenced
this pull request
Nov 14, 2025
* fix: bug in overlap detection of cert SANs (#7234) Signed-off-by: zirain <[email protected]> * fix(translator): Fix panic with request mirror + grpcroute (#6875) Signed-off-by: Andrew Moreland <[email protected]> Signed-off-by: zirain <[email protected]> * fix: watch change for the ca cert in the Backend (#7294) * watch change for the ca cert in the Backend Signed-off-by: Huabing Zhao <[email protected]> Signed-off-by: zirain <[email protected]> * fix ipFamily not set in UDPListener (#7313) fix: set ipfamily in udpistener (#7312) Signed-off-by: cong <[email protected]> Signed-off-by: zirain <[email protected]> * coalesce updates to reduce intermediate updates (#7328) * coalesce updates to reduce redundant processing in subscription handler Signed-off-by: Huabing Zhao <[email protected]> * retain order Signed-off-by: Huabing Zhao <[email protected]> * keep intermediate delete updates Signed-off-by: Huabing Zhao <[email protected]> * minor wording Signed-off-by: Huabing Zhao <[email protected]> * treat delete as normal operations Signed-off-by: Huabing Zhao <[email protected]> * retain the original order of the last updates for each key Signed-off-by: Huabing Zhao <[email protected]> * address comments Signed-off-by: Huabing Zhao <[email protected]> * fix test Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> Signed-off-by: zirain <[email protected]> * fix: port typo (#7397) Signed-off-by: cong <[email protected]> Signed-off-by: zirain <[email protected]> * fix: validate EnvoyGateway configuration before reload (#7412) Signed-off-by: zirain <[email protected]> * fix: missing jwt provider when jwt is configured on multiple listeners sharing the same port (#7337) * fix jwt provider missing when jwt is configured at multiple ir listeners Signed-off-by: Huabing Zhao <[email protected]> Signed-off-by: zirain <[email protected]> * fix: memory leak (#7429) Fix memory leak. Two watchable.Maps were never closed when shutting down the provider: - GatewayClassStatuses.Close() - missing in GatewayAPIStatuses.Close() - BackendTrafficPolicyStatuses.Close() - missing in PolicyStatuses.Close() Each unclosed map leaked 3 goroutines: 1. Internal watchable.Map.coalesce goroutine 2. HandleSubscription goroutine blocked on channel read 3. Error handler goroutine blocked on channel read Signed-off-by: Gonzalo Serrano <[email protected]> Signed-off-by: zirain <[email protected]> * fix gen after cherry-pick Signed-off-by: zirain <[email protected]> * fix watchutil test Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: zirain <[email protected]> Signed-off-by: Andrew Moreland <[email protected]> Signed-off-by: Huabing Zhao <[email protected]> Signed-off-by: cong <[email protected]> Signed-off-by: Gonzalo Serrano <[email protected]> Co-authored-by: Rudrakh Panigrahi <[email protected]> Co-authored-by: Andrew Moreland <[email protected]> Co-authored-by: Huabing (Robin) Zhao <[email protected]> Co-authored-by: 聪 <[email protected]> Co-authored-by: Gonzalo Serrano <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
This fixes an unconditional panic when the RequestMirror filter is used with GRPCRoutes
Which issue(s) this PR fixes:
Fixes #6874
Release Notes: No