cilium · jrajahalme · Nov 7, 2018 · Nov 5, 2018 · Nov 6, 2018 · Nov 5, 2018
diff --git a/tools/bazel.rc → .bazelrc b/tools/bazel.rc → .bazelrc
@@ -3,6 +3,7 @@
 build --workspace_status_command=bazel/get_workspace_status
 
 # Basic ASAN/UBSAN that works for gcc
+build:asan --define ENVOY_CONFIG_ASAN=1
 build:asan --copt -fsanitize=address,undefined
 build:asan --linkopt -fsanitize=address,undefined
 build:asan --copt -fno-sanitize=vptr
@@ -12,8 +13,10 @@ build:asan --define tcmalloc=disabled
 build:asan --build_tag_filters=-no_asan
 build:asan --test_tag_filters=-no_asan
 build:asan --define signal_trace=disabled
+build:asan --copt -DADDRESS_SANITIZER=1
 
-# Clang 5.0 ASAN
+# Clang 5.0 ASAN/UBSAN
+build:clang-asan --define ENVOY_CONFIG_ASAN=1
 build:clang-asan --copt -D__SANITIZE_ADDRESS__
 build:clang-asan --copt -fsanitize=address,undefined
 build:clang-asan --linkopt -fsanitize=address,undefined
@@ -25,19 +28,26 @@ build:clang-asan --define tcmalloc=disabled
 build:clang-asan --build_tag_filters=-no_asan
 build:clang-asan --test_tag_filters=-no_asan
 build:clang-asan --define signal_trace=disabled
+build:clang-asan --copt -DADDRESS_SANITIZER=1
 build:clang-asan --test_env=ASAN_SYMBOLIZER_PATH
+build:clang-asan --test_env=ASAN_OPTIONS=handle_abort=1
+build:clang-asan --linkopt -fuse-ld=lld
 
 # Clang 5.0 TSAN
+build:clang-tsan --define ENVOY_CONFIG_TSAN=1
 build:clang-tsan --copt -fsanitize=thread
 build:clang-tsan --linkopt -fsanitize=thread
 build:clang-tsan --define tcmalloc=disabled
+build:clang-tsan --linkopt -fuse-ld=lld
 
 # Clang 5.0 MSAN - broken today since we need to rebuild lib[std]c++ and external deps with MSAN
-# support (see https://github.com/lyft/envoy/issues/443).
+# support (see https://github.com/envoyproxy/envoy/issues/443).
+build:clang-msan --define ENVOY_CONFIG_MSAN=1
 build:clang-msan --copt -fsanitize=memory
 build:clang-msan --linkopt -fsanitize=memory
 build:clang-msan --define tcmalloc=disabled
 build:clang-msan --copt -fsanitize-memory-track-origins=2
+build:clang-msan --linkopt -fuse-ld=lld
 
 # Test options
 test --test_env=HEAPCHECK=normal --test_env=PPROF_PATH
diff --git a/BAZEL_VERSION b/BAZEL_VERSION
@@ -1 +1 @@
-0.17.1
+0.19.0
diff --git a/BUILD b/BUILD
@@ -5,27 +5,6 @@ load(
     "envoy_cc_binary",
     "envoy_cc_library",
     "envoy_cc_test",
-    "envoy_proto_library",
-)
-
-load(
-    "@envoy_api//bazel:api_build_system.bzl",
-    "api_proto_library",
-)
-
-api_proto_library(
-    name = "cilium_bpf_metadata",
-    srcs = ["cilium/cilium_bpf_metadata.proto"],
-)
-
-api_proto_library(
-    name = "cilium_network_filter",
-    srcs = ["cilium/cilium_network_filter.proto"],
-)
-
-api_proto_library(
-    name = "cilium_l7policy",
-    srcs = ["cilium/cilium_l7policy.proto"],
 )
 
 envoy_cc_binary(
@@ -62,33 +41,6 @@ envoy_cc_binary(
     ],
 )
 
-envoy_proto_library(
-    name = "accesslog_proto",
-    srcs = ["cilium/accesslog.proto"],
-)
-
-# TODO: Replace has_services=1 with a new api_go_grpc_library target after rebasing to use data-plane-api's master.
-api_proto_library(
-    name = "npds",
-    srcs = ["cilium/npds.proto"],
-    has_services = 1,
-    deps = [
-        "@envoy_api//envoy/api/v2:discovery",
-        "@envoy_api//envoy/api/v2/core:address",
-        "@envoy_api//envoy/api/v2/route:route",
-    ],
-)
-
-# TODO: Replace has_services=1 with a new api_go_grpc_library target after rebasing to use data-plane-api's master.
-api_proto_library(
-    name = "nphds",
-    srcs = ["cilium/nphds.proto"],
-    has_services = 1,
-    deps = [
-        "@envoy_api//envoy/api/v2:discovery",
-    ],
-)
-
 envoy_cc_library(
     name = "cilium_socket_option_lib",
     hdrs = [
@@ -102,14 +54,6 @@ envoy_cc_library(
     ],
 )
 
-api_proto_library(
-    name = "config_source",
-    srcs = [],
-    deps = [
-        "@envoy_api//envoy/api/v2/core:config_source",
-    ],
-)
-
 envoy_cc_library(
     name = "grpc_subscription_lib",
     hdrs = [
@@ -119,7 +63,7 @@ envoy_cc_library(
     deps = [
         "@envoy//source/exe:envoy_common_lib",
         "@envoy//source/common/config:subscription_factory_lib",
-        ":config_source_cc",
+        "@envoy_api//envoy/api/v2/core:config_source_cc",
     ],
 )
 
@@ -138,14 +82,14 @@ envoy_cc_library(
     repository = "@envoy",
     deps = [
         ":cilium_socket_option_lib",
-        ":accesslog_proto_cc",
-        ":cilium_l7policy_cc",
+        "//cilium:accesslog_proto_cc",
+        "//cilium:cilium_l7policy_cc",
         "@envoy//source/exe:envoy_common_lib",
         "@envoy//source/common/network:address_lib",
         "@envoy//include/envoy/config:subscription_interface",
         "@envoy//include/envoy/singleton:manager_interface",
         "@envoy//source/common/local_info:local_info_lib",
-        ":npds_cc",
+        "//cilium:npds_cc",
         ":grpc_subscription_lib",
     ],
 )
@@ -214,7 +158,7 @@ envoy_cc_library(
         "@envoy//source/common/network:address_lib",
         ":proxymap_lib",
         ":cilium_proxylib_lib",
-        ":cilium_network_filter_cc",
+        "//cilium:cilium_network_filter_cc",
         ":cilium_socket_option_lib",
     ],
 )
@@ -243,9 +187,9 @@ envoy_cc_library(
         "@envoy//include/envoy/config:subscription_interface",
         "@envoy//include/envoy/singleton:manager_interface",
         "@envoy//source/common/local_info:local_info_lib",
-        ":nphds_cc",
+        "//cilium:nphds_cc",
         ":proxymap_lib",
-        ":cilium_bpf_metadata_cc",
+        "//cilium:cilium_bpf_metadata_cc",
         ":cilium_socket_option_lib",
         ":grpc_subscription_lib",
     ],

diff --git a/Makefile b/Makefile
@@ -40,15 +40,20 @@ ISTIO_VERSION = 1.0.2
 
 DOCKER=$(QUIET)docker
 
+BAZEL_BUILD_OPTS ?= --jobs=3
+
 # Dockerfile builds require special options
 ifdef PKG_BUILD
-BAZEL_BUILD_OPTS = --spawn_strategy=standalone --genrule_strategy=standalone --local_resources 4096,2.0,1.0 --jobs=3
-all: clean-bins release shutdown-bazel
+BAZEL_BUILD_OPTS += --local_resources 4096,2.0,1.0
+all: install-bazel clean-bins release shutdown-bazel
 else
-BAZEL_BUILD_OPTS = --experimental_strict_action_env --local_resources 4096,2.0,1.0 --jobs=3
-all: clean-bins envoy-default api shutdown-bazel
+all: install-bazel clean-bins envoy-default api shutdown-bazel
 endif
 
+# Fetch and install Bazel if needed
+install-bazel:
+	tools/install_bazel.sh `cat BAZEL_VERSION`
+
 ifdef KEEP_BAZEL_RUNNING
 shutdown-bazel:
 else
@@ -175,6 +180,8 @@ debug-tests: force-non-root
 	$(BAZEL) $(BAZEL_OPTS) test $(BAZEL_BUILD_OPTS) -c debug $(BAZEL_TEST_OPTS) //:cilium_integration_test $(BAZEL_FILTER)
 
 .PHONY: \
+	install-bazel \
+	shutdown-bazel \
 	bazel-restore \
 	docker-istio-proxy \
 	docker-istio-proxy-debug \

diff --git a/WORKSPACE b/WORKSPACE
@@ -7,7 +7,9 @@ workspace(name = "cilium")
 #
 # No other line in this file may have ENVOY_SHA followed by an equals sign!
 #
-ENVOY_SHA = "f936fc60f488cfae07f5e5d20d7381f0f23482fe"
+ENVOY_SHA = "4ef8562b2194f222ce8a3d733fb04c629eaf0667"
+
+load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
 
 http_archive(
     name = "envoy",
@@ -23,7 +25,7 @@ http_archive(
 #   the workspace above.
 # - loads of "//..." need to be renamed as "@envoy//..."
 #
-load("@envoy//bazel:repositories.bzl", "envoy_dependencies")
+load("@envoy//bazel:repositories.bzl", "envoy_dependencies", "GO_VERSION")
 load("@envoy//bazel:cc_configure.bzl", "cc_configure")
 
 envoy_dependencies()
@@ -33,10 +35,8 @@ load("@envoy_api//bazel:repositories.bzl", "api_dependencies")
 api_dependencies()
 
 load("@io_bazel_rules_go//go:def.bzl", "go_rules_dependencies", "go_register_toolchains")
-load("@com_lyft_protoc_gen_validate//bazel:go_proto_library.bzl", "go_proto_repositories")
-go_proto_repositories(shared=0)
 go_rules_dependencies()
-go_register_toolchains()
+go_register_toolchains(go_version = GO_VERSION)
 
 
 # Dependencies for Istio filters.

diff --git a/accesslog.cc b/accesslog.cc
@@ -58,7 +58,7 @@ AccessLog::~AccessLog() {}
 
 void AccessLog::Entry::InitFromRequest(
     std::string policy_name, bool ingress, const Network::Connection *conn,
-    const Http::HeaderMap &headers, const RequestInfo::RequestInfo &info) {
+    const Http::HeaderMap &headers, const StreamInfo::StreamInfo &info) {
   auto time = info.startTime();
   entry.set_timestamp(std::chrono::duration_cast<std::chrono::nanoseconds>(
                           time.time_since_epoch())
@@ -133,7 +133,7 @@ void AccessLog::Entry::InitFromRequest(
 }
 
 void AccessLog::Entry::UpdateFromResponse(
-    const Http::HeaderMap &headers, const RequestInfo::RequestInfo &info) {
+    const Http::HeaderMap &headers, const StreamInfo::StreamInfo &info) {
   auto time = info.startTime();
   if (info.lastUpstreamRxByteReceived()) {
     time += info.lastUpstreamRxByteReceived().value();

diff --git a/accesslog.h b/accesslog.h
@@ -6,7 +6,7 @@
 
 #include "envoy/http/header_map.h"
 #include "envoy/network/connection.h"
-#include "envoy/request_info/request_info.h"
+#include "envoy/stream_info/stream_info.h"
 #include "envoy/router/router.h"
 
 #include "common/common/logger.h"
@@ -25,8 +25,8 @@ class AccessLog : Logger::Loggable<Logger::Id::router> {
   class Entry {
   public:
     void InitFromRequest(std::string policy_name, bool ingress, const Network::Connection *,
-                         const Http::HeaderMap &, const RequestInfo::RequestInfo &);
-    void UpdateFromResponse(const Http::HeaderMap &, const RequestInfo::RequestInfo &);
+                         const Http::HeaderMap &, const StreamInfo::StreamInfo &);
+    void UpdateFromResponse(const Http::HeaderMap &, const StreamInfo::StreamInfo &);
 
     ::cilium::LogEntry entry{};
   };

diff --git a/cilium/BUILD b/cilium/BUILD
@@ -0,0 +1,56 @@
+licenses(["notice"])  # Apache 2
+
+load(
+    "@envoy//bazel:envoy_build_system.bzl",
+    "envoy_proto_library",
+)
+
+load(
+    "@envoy_api//bazel:api_build_system.bzl",
+    "api_proto_library",
+)
+
+api_proto_library(
+    name = "cilium_bpf_metadata",
+    srcs = ["cilium_bpf_metadata.proto"],
+    visibility = ["//visibility:public"],
+)
+
+api_proto_library(
+    name = "cilium_network_filter",
+    srcs = ["cilium_network_filter.proto"],
+    visibility = ["//visibility:public"],
+)
+
+api_proto_library(
+    name = "cilium_l7policy",
+    srcs = ["cilium_l7policy.proto"],
+    visibility = ["//visibility:public"],
+)
+
+envoy_proto_library(
+    name = "accesslog_proto",
+    srcs = ["accesslog.proto"],
+)
+
+# TODO: Replace has_services=1 with a new api_go_grpc_library target after rebasing to use data-plane-api's master.
+api_proto_library(
+    name = "npds",
+    srcs = ["npds.proto"],
+    visibility = ["//visibility:public"],
+    deps = [
+        "@envoy_api//envoy/api/v2:discovery_export",
+        "@envoy_api//envoy/api/v2/core:address_export",
+        "@envoy_api//envoy/api/v2/route:route_export",
+    ],
+)
+
+# TODO: Replace has_services=1 with a new api_go_grpc_library target after rebasing to use data-plane-api's master.
+api_proto_library(
+    name = "nphds",
+    srcs = ["nphds.proto"],
+    visibility = ["//visibility:public"],
+    deps = [
+        "@envoy_api//envoy/api/v2:discovery_export",
+    ],
+)
diff --git a/cilium_integration_test.cc b/cilium_integration_test.cc
@@ -434,7 +434,7 @@ class CiliumHttpIntegrationTest
 
 public:
   CiliumHttpIntegrationTest(const std::string& config)
-    : HttpIntegrationTest(Http::CodecClient::Type::HTTP1, GetParam(), config),
+    : HttpIntegrationTest(Http::CodecClient::Type::HTTP1, GetParam(), realTime(), config),
       accessLogServer_(TestEnvironment::unixDomainSocketPath("access_log.sock")) {
     // Undo legacy compat rename done by HttpIntegrationTest constructor.
     // config_helper_.renameListener("cilium");

diff --git a/cilium_l7policy.cc b/cilium_l7policy.cc
@@ -167,7 +167,7 @@ Http::FilterHeadersStatus AccessFilter::decodeHeaders(Http::HeaderMap& headers,
 
   // Fill in the log entry
   log_entry_.InitFromRequest(config_->policy_name_, ingress, callbacks_->connection(),
-                             headers, callbacks_->requestInfo());
+                             headers, callbacks_->streamInfo());
   if (!allowed) {
     denied_ = true;
     config_->stats_.access_denied_.inc();
@@ -183,7 +183,7 @@ Http::FilterHeadersStatus AccessFilter::decodeHeaders(Http::HeaderMap& headers,
 
 Http::FilterHeadersStatus AccessFilter::encodeHeaders(Http::HeaderMap &headers,
                                                       bool) {
-  log_entry_.UpdateFromResponse(headers, callbacks_->requestInfo());
+  log_entry_.UpdateFromResponse(headers, callbacks_->streamInfo());
   config_->Log(log_entry_, denied_ ? ::cilium::EntryType::Denied
                                    : ::cilium::EntryType::Response);
   return Http::FilterHeadersStatus::Continue;