istio
diff --git a/‎docs/root/configuration/listeners/stats.rst‎
Lines changed: 11 additions & 9 deletions b/‎docs/root/configuration/listeners/stats.rst‎
Lines changed: 11 additions & 9 deletions
diff --git a/‎docs/root/version_history/current.rst‎
Lines changed: 3 additions & 0 deletions b/‎docs/root/version_history/current.rst‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎include/envoy/network/connection_handler.h‎
Lines changed: 1 addition & 1 deletion b/‎include/envoy/network/connection_handler.h‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎source/common/runtime/runtime_features.cc‎
Lines changed: 1 addition & 0 deletions b/‎source/common/runtime/runtime_features.cc‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎source/server/connection_handler_impl.cc‎
Lines changed: 5 additions & 19 deletions b/‎source/server/connection_handler_impl.cc‎
Lines changed: 5 additions & 19 deletions
diff --git a/‎source/server/connection_handler_impl.h‎
Lines changed: 0 additions & 2 deletions b/‎source/server/connection_handler_impl.h‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎source/server/filter_chain_manager_impl.h‎
Lines changed: 4 additions & 0 deletions b/‎source/server/filter_chain_manager_impl.h‎
Lines changed: 4 additions & 0 deletions
@@ -64,13 +64,15 @@ statistics. Any ``:`` character in the stats name is replaced with ``_``.
    :header: Name, Type, Description
    :widths: 1, 1, 2
 
-   listener_added, Counter, Total listeners added (either via static config or LDS)
-   listener_modified, Counter, Total listeners modified (via LDS)
-   listener_removed, Counter, Total listeners removed (via LDS)
-   listener_stopped, Counter, Total listeners stopped
-   listener_create_success, Counter, Total listener objects successfully added to workers
-   listener_create_failure, Counter, Total failed listener object additions to workers
-   total_listeners_warming, Gauge, Number of currently warming listeners
-   total_listeners_active, Gauge, Number of currently active listeners
-   total_listeners_draining, Gauge, Number of currently draining listeners
+   listener_added, Counter, Total listeners added (either via static config or LDS).
+   listener_modified, Counter, Total listeners modified (via LDS).
+   listener_removed, Counter, Total listeners removed (via LDS).
+   listener_stopped, Counter, Total listeners stopped.
+   listener_create_success, Counter, Total listener objects successfully added to workers.
+   listener_create_failure, Counter, Total failed listener object additions to workers.
+   listener_in_place_updated, Counter, Total listener objects created to execute filter chain update path.
+   total_filter_chains_draining, Gauge, Number of currently draining filter chains.
+   total_listeners_warming, Gauge, Number of currently warming listeners.
+   total_listeners_active, Gauge, Number of currently active listeners.
+   total_listeners_draining, Gauge, Number of currently draining listeners.
    workers_started, Gauge, A boolean (1 if started and 0 otherwise) that indicates whether listeners have been initialized on workers.
@@ -24,6 +24,9 @@ Changes
   Can be reverted temporarily by setting runtime feature `envoy.reloadable_features.fix_upgrade_response` to false.
 * http: remove legacy connection pool code and their runtime features: `envoy.reloadable_features.new_http1_connection_pool_behavior` and
   `envoy.reloadable_features.new_http2_connection_pool_behavior`.
+* listener: added in place filter chain update flow for tcp listener update which doesn't close connections if the corresponding network filter chain is equivalent during the listener update.
+  Can be disabled by setting runtime feature `envoy.reloadable_features.listener_in_place_filterchain_update` to false.
+  Also added additional draining filter chain stat for :ref:`listener manager <config_listener_manager_stats>` to track the number of draining filter chains and the number of in place update attempts.
 * logger: added :ref:`--log-format-prefix-with-location <operations_cli>` command line option to prefix '%v' with file path and line number.
 * network filters: added a :ref:`postgres proxy filter <config_network_filters_postgres_proxy>`.
 * network filters: added a :ref:`rocketmq proxy filter <config_network_filters_rocketmq_proxy>`.
 
@@ -159,4 +159,4 @@ class ActiveUdpListenerFactory {
 using ActiveUdpListenerFactoryPtr = std::unique_ptr<ActiveUdpListenerFactory>;
 
 } // namespace Network
-} // namespace Envoy
+} // namespace Envoy
@@ -62,6 +62,7 @@ constexpr const char* runtime_features[] = {
     "envoy.deprecated_features.allow_deprecated_extension_names",
     "envoy.reloadable_features.ext_authz_http_service_enable_case_sensitive_string_matcher",
     "envoy.reloadable_features.fix_upgrade_response",
+    "envoy.reloadable_features.listener_in_place_filterchain_update",
 };
 
 // This is a section for officially sanctioned runtime features which are too
 
@@ -67,27 +67,15 @@ void ConnectionHandlerImpl::removeListeners(uint64_t listener_tag) {
 void ConnectionHandlerImpl::removeFilterChains(
     uint64_t listener_tag, const std::list<const Network::FilterChain*>& filter_chains,
     std::function<void()> completion) {
-  // TODO(lambdai): Merge the optimistic path and the pessimistic path.
   for (auto& listener : listeners_) {
-    // Optimistic path: The listener tag provided by arg is not stale.
     if (listener.second.listener_->listenerTag() == listener_tag) {
       listener.second.tcp_listener_->get().deferredRemoveFilterChains(filter_chains);
       // Completion is deferred because the above removeFilterChains() may defer delete connection.
       Event::DeferredTaskUtil::deferredRun(dispatcher_, std::move(completion));
       return;
     }
   }
-  // Fallback to iterate over all listeners. The reason is that the target listener might have began
-  // another update and the previous tag is lost.
-  // TODO(lambdai): Remove this once we decide to use the same listener tag during intelligent
-  // update.
-  for (auto& listener : listeners_) {
-    if (listener.second.tcp_listener_.has_value()) {
-      listener.second.tcp_listener_->get().deferredRemoveFilterChains(filter_chains);
-    }
-  }
-  // Completion is deferred because the above removeFilterChains() may defer delete connection.
-  Event::DeferredTaskUtil::deferredRun(dispatcher_, std::move(completion));
+  NOT_REACHED_GCOVR_EXCL_LINE;
 }
 
 void ConnectionHandlerImpl::stopListeners(uint64_t listener_tag) {
@@ -399,7 +387,7 @@ void ConnectionHandlerImpl::ActiveTcpListener::newConnection(
       std::move(socket), std::move(transport_socket), *stream_info);
   ActiveTcpConnectionPtr active_connection(
       new ActiveTcpConnection(active_connections, std::move(server_conn_ptr),
-                              parent_.dispatcher_.timeSource(), *config_, std::move(stream_info)));
+                              parent_.dispatcher_.timeSource(), std::move(stream_info)));
   active_connection->connection_->setBufferLimits(config_->perConnectionBufferLimitBytes());
 
   const bool empty_filter_chain = !config_->filterChainFactory().createNetworkFilterChain(
@@ -498,13 +486,11 @@ ConnectionHandlerImpl::ActiveConnections::~ActiveConnections() {
 
 ConnectionHandlerImpl::ActiveTcpConnection::ActiveTcpConnection(
     ActiveConnections& active_connections, Network::ConnectionPtr&& new_connection,
-    TimeSource& time_source, Network::ListenerConfig& config,
-    std::unique_ptr<StreamInfo::StreamInfo>&& stream_info)
+    TimeSource& time_source, std::unique_ptr<StreamInfo::StreamInfo>&& stream_info)
     : stream_info_(std::move(stream_info)), active_connections_(active_connections),
       connection_(std::move(new_connection)),
       conn_length_(new Stats::HistogramCompletableTimespanImpl(
-          active_connections_.listener_.stats_.downstream_cx_length_ms_, time_source)),
-      config_(config) {
+          active_connections_.listener_.stats_.downstream_cx_length_ms_, time_source)) {
   // We just universally set no delay on connections. Theoretically we might at some point want
   // to make this configurable.
   connection_->noDelay(true);
@@ -521,7 +507,7 @@ ConnectionHandlerImpl::ActiveTcpConnection::ActiveTcpConnection(
 }
 
 ConnectionHandlerImpl::ActiveTcpConnection::~ActiveTcpConnection() {
-  emitLogs(config_, *stream_info_);
+  emitLogs(*active_connections_.listener_.config_, *stream_info_);
 
   active_connections_.listener_.stats_.downstream_cx_active_.dec();
   active_connections_.listener_.stats_.downstream_cx_destroy_.inc();
 
@@ -199,7 +199,6 @@ class ConnectionHandlerImpl : public Network::ConnectionHandler,
                                public Network::ConnectionCallbacks {
     ActiveTcpConnection(ActiveConnections& active_connections,
                         Network::ConnectionPtr&& new_connection, TimeSource& time_system,
-                        Network::ListenerConfig& config,
                         std::unique_ptr<StreamInfo::StreamInfo>&& stream_info);
     ~ActiveTcpConnection() override;
 
@@ -218,7 +217,6 @@ class ConnectionHandlerImpl : public Network::ConnectionHandler,
     ActiveConnections& active_connections_;
     Network::ConnectionPtr connection_;
     Stats::TimespanPtr conn_length_;
-    Network::ListenerConfig& config_;
   };
 
   /**
 
@@ -193,6 +193,10 @@ class FilterChainManagerImpl : public Network::FilterChainManager,
       FilterChainFactoryBuilder& b, FilterChainFactoryContextCreator& context_creator);
   static bool isWildcardServerName(const std::string& name);
 
+  // Return the current view of filter chains, keyed by filter chain message. Used by the owning
+  // listener to calculate the intersection of filter chains with another listener.
+  const FcContextMap& filterChainsByMessage() const { return fc_contexts_; }
+
 private:
   void convertIPsToTries();
   using SourcePortsMap = absl::flat_hash_map<uint16_t, Network::FilterChainSharedPtr>;