dns_filter: Generate responses to queries#11074
Conversation
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
|
@sumukhs do you mind taking a first pass? |
|
Will take a look today |
sumukhs
left a comment
sumukhs
left a comment
There was a problem hiding this comment.
I haven't looked at the parser changes yet. But had a few clarifications in the response path for clusters.
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
sumukhs
left a comment
sumukhs
left a comment
There was a problem hiding this comment.
had missed submitting these
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
sumukhs
left a comment
sumukhs
left a comment
There was a problem hiding this comment.
Thanks for addressing the feedback. Things look good from the config and basic flow.
Will let @mattklein123 take a look.
mattklein123
left a comment
mattklein123
left a comment
There was a problem hiding this comment.
Thanks, this looks awesome from a high level skim. Thanks a ton for adding the fuzz test and the integration test. I've asked @asraa to take a quick look at the fuzz test as she is our fuzz guru. Thank you!
/wait
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
asraa
left a comment
asraa
left a comment
There was a problem hiding this comment.
Wow, thank you so much! This is looking great.
How is the execution speed of the fuzzer, and can you try running test/run_envoy_bazel_coverage.sh //test/extensions/filters/udp/dns_filter:dns_filter_fuzz_test_with_libfuzzer and see the coverage over the dns parser code?
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
|
Looking into the coverage test failures. EDIT: Issues with the dns filter tests in the coverage build are resolved. |
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
|
OSX issue is known, see #11290 |
mattklein123
left a comment
mattklein123
left a comment
There was a problem hiding this comment.
LGTM to ship and iterate, thank you!
|
@asraa any further comments on this? |
|
LGTM for now! Thanks so much for adding a fuzzer. Was waiting for an update on the coverage for the parser code specifically, but that can be checked manually and improved later. |
7 participants
Commit Message: dns_filter: Generate responses to DNS queries
Additional Description: This change adds the DNS filter response generation. The filter can now operate and respond to queries for domains that have been statically configured. The filter will also return addresses for names that match clusters.
Documentation has been updated to reflect the V3 api and the ability to specify an external DNS table.
Multiple unit tests have been added along with a fuzz test for the DNS Filter.
Signed-off-by: Alvin Baptiste alvinsb@gmail.com
Risk Level: Low
Testing: Unit tests, Coverage, Clang-tidy, Fuzz
Docs Changes: Filter configuration and description updates
[#Issue] #6748