envoyproxy / envoy

Cloud-native high-performance edge/middle/service proxy
https://www.envoyproxy.io
Apache License 2.0
24.95k stars 4.8k forks source link

allow_chunked_length not removing headers #17310

Closed emilchitas closed 3 years ago

emilchitas commented 3 years ago

If you are reporting any crash or any potential security issue, do not open an issue in this repo. Please report the issue via emailing envoy-security@googlegroups.com where the issue will be triaged appropriately.

Title: allow_chunked_length does not remove the header

Description: With the allow_chunked_header enabled, we get the http/1.1 protocol error: both 'Content-Length' and 'Transfer-Encoding' are set. Istio version: 1.10

Repro steps:

Admin and Stats Output:

{
 "version": "436f365a8007cd8a13a9f1321e7cce94bcc8883e/1.18.3/Clean/RELEASE/BoringSSL",
 "state": "LIVE",
 "hot_restart_version": "disabled",
 "command_line_options": {
  "base_id": "0",
  "use_dynamic_base_id": false,
  "base_id_path": "",
  "concurrency": 2,
  "config_path": "etc/istio/proxy/envoy-rev0.json",
  "config_yaml": "",
  "allow_unknown_static_fields": false,
  "reject_unknown_dynamic_fields": false,
  "ignore_unknown_dynamic_fields": false,
  "admin_address_path": "",
  "local_address_ip_version": "v4",
  "log_level": "warning",
  "component_log_level": "misc:error",
  "log_format": "%Y-%m-%dT%T.%fZ\t%l\tenvoy %n\t%v",
  "log_format_escaped": false,
  "log_path": "",
  "service_cluster": "app-com-d-app--5f28cdfe1b4a49e9f51d1938102a8127c2da8ecbc398c5ec9d3f10321e3e584c-ten.demo",
  "service_node": "sidecar~<IP>~app-com-d-app--5f28cdfe1b4a49e9f51dkwlhc.demo~demo.svc.cluster.local",
  "service_zone": "",
  "drain_strategy": "Immediate",
  "mode": "Serve",
  "disable_hot_restart": true,
  "enable_mutex_tracing": false,
  "restart_epoch": 0,
  "cpuset_threads": false,
  "disabled_extensions": [],
  "bootstrap_version": 0,
  "enable_fine_grain_logging": false,
  "socket_path": "@envoy_domain_socket",
  "socket_mode": 0,
  "enable_core_dump": false,
  "hidden_envoy_deprecated_max_stats": "0",
  "hidden_envoy_deprecated_max_obj_name_len": "0",
  "file_flush_interval": "10s",
  "drain_time": "45s",
  "parent_shutdown_time": "60s"
 },
 "node": {
  "id": "sidecar~<IP>~app-com-d-app--5f28cdfe1b4a49e9f51dkwlhc.demo~demo.svc.cluster.local",
  "cluster": "app-com-d-app--5f28cdfe1b4a49e9f51d1938102a8127c2da8ecbc398c5ec9d3f10321e3e584c-ten.demo",
  "metadata": {
   "ISTIO_PROXY_SHA": "istio-proxy:436f365a8007cd8a13a9f1321e7cce94bcc8883e",
   "SERVICE_ACCOUNT": "apps",
   "NAMESPACE": "demo",
   "NAME": "app-com-d-app--5f28cdfe1b4a49e9f51dkwlhc",
   "kubernetes.io/psp": "eks.privileged",
   "PROXY_VIA_AGENT": true,
   "INSTANCE_IPS": "<IP>",
   "com.d.man/revision": "3",
   "com.d.man/checksum": "5F28CDFE1B4A49E9F51D1938102A8127C2DA8ECBC398C5EC9D3F10321E3E584C",
   "POD_PORTS": "[{\"containerPort\":3000,\"protocol\":\"TCP\"}]",
   "PROV_CERT": "var/run/secrets/istio/root-cert.pem",
   "ISTIO_VERSION": "1.10.0",
   "INTERCEPTION_MODE": "REDIRECT",
   "OWNER": "kubernetes://apis/apps/v1/namespaces/demo/deployments/app-com-d-app--5f28cdfe1b4a49e9f51d1938102a8127c2da8ecbc398c5ec9d3f10321e3e584c-ten",
   "LABELS": {
    "com.d.man/ten": "",
    "security.istio.io/tlsMode": "istio",
    "service.istio.io/canonical-name": "com.d.app",
    "app.kubernetes.io/name": "com.d.app",
    "istio.io/rev": "default",
    "com.d.man/managedByman": "true",
    "service.istio.io/canonical-revision": "latest",
    "com.d.man/appName": "com.d.app",
    "pod-template-hash": "7d75b6d7f"
   },
   "WORKLOAD_NAME": "app-com-d-app--5f28cdfe1b4a49e9f51d1938102a8127c2da8ecbc398c5ec9d3f10321e3e584c-ten",
   "PROXY_CONFIG": {
    "binaryPath": "/usr/local/bin/envoy",
    "tracing": {
     "zipkin": {
      "address": "zipkin.istio-system:9411"
     }
    },
    "terminationDrainDuration": "5s",
    "drainDuration": "45s",
    "concurrency": 2,
    "discoveryAddress": "istiod.istio-system.svc:15012",
    "statusPort": 15020,
    "proxyAdminPort": 15000,
    "statNameLength": 189,
    "configPath": "./etc/istio/proxy",
    "serviceCluster": "app-com-d-app--5f28cdfe1b4a49e9f51d1938102a8127c2da8ecbc398c5ec9d3f10321e3e584c-ten.demo",
    "parentShutdownDuration": "60s",
    "controlPlaneAuthPolicy": "MUTUAL_TLS"
   },
   "CLUSTER_ID": "Kubernetes",
   "APP_CONTAINERS": "runtime",
   "PILOT_CERT_PROVIDER": "istiod",
   "PILOT_SAN": [
    "istiod.istio-system.svc"
   ],
   "MESH_ID": "cluster.local"
  },
  "dynamic_parameters": {},
  "locality": {
   "region": "",
   "zone": "",
   "sub_zone": ""
  },
  "user_agent_name": "envoy",
  "user_agent_build_version": {
   "version": {
    "major_number": 1,
    "minor_number": 18,
    "patch": 3
   },
   "metadata": {
    "revision.sha": "436f365a8007cd8a13a9f1321e7cce94bcc8883e",
    "build.type": "RELEASE",
    "ssl.version": "BoringSSL",
    "revision.status": "Clean"
   }
  },
  "extensions": [
   {
    "name": "envoy.filters.thrift.rate_limit",
    "category": "envoy.thrift_proxy.filters",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.thrift.router",
    "category": "envoy.thrift_proxy.filters",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.retry_priorities.previous_priorities",
    "category": "envoy.retry_priorities",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.cluster.eds",
    "category": "envoy.clusters",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.cluster.logical_dns",
    "category": "envoy.clusters",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.cluster.original_dst",
    "category": "envoy.clusters",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.cluster.static",
    "category": "envoy.clusters",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.cluster.strict_dns",
    "category": "envoy.clusters",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.clusters.aggregate",
    "category": "envoy.clusters",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.clusters.dynamic_forward_proxy",
    "category": "envoy.clusters",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.clusters.redis",
    "category": "envoy.clusters",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.internal_redirect_predicates.allow_listed_routes",
    "category": "envoy.internal_redirect_predicates",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.internal_redirect_predicates.previous_routes",
    "category": "envoy.internal_redirect_predicates",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.internal_redirect_predicates.safe_cross_scheme",
    "category": "envoy.internal_redirect_predicates",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "composite-action",
    "category": "envoy.matching.action",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "skip",
    "category": "envoy.matching.action",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.grpc_credentials.aws_iam",
    "category": "envoy.grpc_credentials",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.grpc_credentials.default",
    "category": "envoy.grpc_credentials",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.grpc_credentials.file_based_metadata",
    "category": "envoy.grpc_credentials",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.rate_limit_descriptors.expr",
    "category": "envoy.rate_limit_descriptors",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.tls.cert_validator.default",
    "category": "envoy.tls.cert_validator",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.tls.cert_validator.spiffe",
    "category": "envoy.tls.cert_validator",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.bootstrap.wasm",
    "category": "envoy.bootstrap",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.extensions.network.socket_interface.default_socket_interface",
    "category": "envoy.bootstrap",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.transport_sockets.alts",
    "category": "envoy.transport_sockets.downstream",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.transport_sockets.quic",
    "category": "envoy.transport_sockets.downstream",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.transport_sockets.raw_buffer",
    "category": "envoy.transport_sockets.downstream",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.transport_sockets.starttls",
    "category": "envoy.transport_sockets.downstream",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.transport_sockets.tap",
    "category": "envoy.transport_sockets.downstream",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.transport_sockets.tls",
    "category": "envoy.transport_sockets.downstream",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "raw_buffer",
    "category": "envoy.transport_sockets.downstream",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "starttls",
    "category": "envoy.transport_sockets.downstream",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "tls",
    "category": "envoy.transport_sockets.downstream",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.udp.dns_filter",
    "category": "envoy.filters.udp_listener",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.udp_listener.udp_proxy",
    "category": "envoy.filters.udp_listener",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.resource_monitors.fixed_heap",
    "category": "envoy.resource_monitors",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.resource_monitors.injected_resource",
    "category": "envoy.resource_monitors",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.matching.matchers.consistent_hashing",
    "category": "envoy.matching.input_matchers",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.access_loggers.file",
    "category": "envoy.access_loggers",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.access_loggers.http_grpc",
    "category": "envoy.access_loggers",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.access_loggers.open_telemetry",
    "category": "envoy.access_loggers",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.access_loggers.stderr",
    "category": "envoy.access_loggers",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.access_loggers.stdout",
    "category": "envoy.access_loggers",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.access_loggers.tcp_grpc",
    "category": "envoy.access_loggers",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.access_loggers.wasm",
    "category": "envoy.access_loggers",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.file_access_log",
    "category": "envoy.access_loggers",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.http_grpc_access_log",
    "category": "envoy.access_loggers",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.open_telemetry_access_log",
    "category": "envoy.access_loggers",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.stderr_access_log",
    "category": "envoy.access_loggers",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.stdout_access_log",
    "category": "envoy.access_loggers",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.tcp_grpc_access_log",
    "category": "envoy.access_loggers",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.wasm_access_log",
    "category": "envoy.access_loggers",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.watchdog.abort_action",
    "category": "envoy.guarddog_actions",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.watchdog.profile_action",
    "category": "envoy.guarddog_actions",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "auto",
    "category": "envoy.thrift_proxy.protocols",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "binary",
    "category": "envoy.thrift_proxy.protocols",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "binary/non-strict",
    "category": "envoy.thrift_proxy.protocols",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "compact",
    "category": "envoy.thrift_proxy.protocols",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "twitter",
    "category": "envoy.thrift_proxy.protocols",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.request_id.uuid",
    "category": "envoy.request_id",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "dubbo",
    "category": "envoy.dubbo_proxy.protocols",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.retry_host_predicates.omit_canary_hosts",
    "category": "envoy.retry_host_predicates",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.retry_host_predicates.omit_host_metadata",
    "category": "envoy.retry_host_predicates",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.retry_host_predicates.previous_hosts",
    "category": "envoy.retry_host_predicates",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "dubbo.hessian2",
    "category": "envoy.dubbo_proxy.serializers",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.extensions.http.cache.simple",
    "category": "envoy.http.cache",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "request-headers",
    "category": "envoy.matching.http.input",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "request-trailers",
    "category": "envoy.matching.http.input",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "response-headers",
    "category": "envoy.matching.http.input",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "response-trailers",
    "category": "envoy.matching.http.input",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.matching.common_inputs.environment_variable",
    "category": "envoy.matching.common_inputs",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.buffer",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.cors",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.csrf",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.ext_authz",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.ext_proc",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.fault",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.adaptive_concurrency",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.admission_control",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.aws_lambda",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.aws_request_signing",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.buffer",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.cache",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.cdn_loop",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.composite",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.compressor",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.cors",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.csrf",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.decompressor",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.dynamic_forward_proxy",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.dynamo",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.ext_authz",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.ext_proc",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.fault",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.grpc_http1_bridge",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.grpc_http1_reverse_bridge",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.grpc_json_transcoder",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.grpc_stats",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.grpc_web",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.gzip",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.header_to_metadata",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.health_check",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.ip_tagging",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.jwt_authn",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.local_ratelimit",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.lua",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.oauth2",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.on_demand",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.original_src",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.ratelimit",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.rbac",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.router",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.squash",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.tap",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.http.wasm",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.grpc_http1_bridge",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.grpc_json_transcoder",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.grpc_web",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.gzip",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.health_check",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.http_dynamo_filter",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.ip_tagging",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.local_rate_limit",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.lua",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.rate_limit",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.router",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.squash",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "istio.alpn",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "istio_authn",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "match-wrapper",
    "category": "envoy.filters.http",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "default",
    "category": "envoy.dubbo_proxy.route_matchers",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "auto",
    "category": "envoy.thrift_proxy.transports",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "framed",
    "category": "envoy.thrift_proxy.transports",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "header",
    "category": "envoy.thrift_proxy.transports",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "unframed",
    "category": "envoy.thrift_proxy.transports",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.dog_statsd",
    "category": "envoy.stats_sinks",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.metrics_service",
    "category": "envoy.stats_sinks",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.stat_sinks.dog_statsd",
    "category": "envoy.stats_sinks",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.stat_sinks.hystrix",
    "category": "envoy.stats_sinks",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.stat_sinks.metrics_service",
    "category": "envoy.stats_sinks",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.stat_sinks.statsd",
    "category": "envoy.stats_sinks",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.stat_sinks.wasm",
    "category": "envoy.stats_sinks",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.statsd",
    "category": "envoy.stats_sinks",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.connection_pools.tcp.generic",
    "category": "envoy.upstreams",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "preserve_case",
    "category": "envoy.http.stateful_header_formatters",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.client_ssl_auth",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.echo",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.ext_authz",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.network.client_ssl_auth",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.network.direct_response",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.network.dubbo_proxy",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.network.echo",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.network.ext_authz",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.network.http_connection_manager",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.network.kafka_broker",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.network.local_ratelimit",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.network.metadata_exchange",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.network.mongo_proxy",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.network.mysql_proxy",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.network.postgres_proxy",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.network.ratelimit",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.network.rbac",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.network.redis_proxy",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.network.rocketmq_proxy",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.network.sni_cluster",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.network.sni_dynamic_forward_proxy",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.network.tcp_cluster_rewrite",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.network.tcp_proxy",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.network.thrift_proxy",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.network.wasm",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.network.zookeeper_proxy",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.http_connection_manager",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.mongo_proxy",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.ratelimit",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.redis_proxy",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.tcp_proxy",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "forward_downstream_sni",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "sni_verifier",
    "category": "envoy.filters.network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.dubbo.router",
    "category": "envoy.dubbo_proxy.filters",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.compression.brotli.compressor",
    "category": "envoy.compression.compressor",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.compression.gzip.compressor",
    "category": "envoy.compression.compressor",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.compression.brotli.decompressor",
    "category": "envoy.compression.decompressor",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.compression.gzip.decompressor",
    "category": "envoy.compression.decompressor",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.listener.http_inspector",
    "category": "envoy.filters.listener",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.listener.original_dst",
    "category": "envoy.filters.listener",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.listener.original_src",
    "category": "envoy.filters.listener",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.listener.proxy_protocol",
    "category": "envoy.filters.listener",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.listener.tls_inspector",
    "category": "envoy.filters.listener",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.listener.http_inspector",
    "category": "envoy.filters.listener",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.listener.original_dst",
    "category": "envoy.filters.listener",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.listener.original_src",
    "category": "envoy.filters.listener",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.listener.proxy_protocol",
    "category": "envoy.filters.listener",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.listener.tls_inspector",
    "category": "envoy.filters.listener",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.wasm.runtime.null",
    "category": "envoy.wasm.runtime",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.wasm.runtime.v8",
    "category": "envoy.wasm.runtime",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.transport_sockets.alts",
    "category": "envoy.transport_sockets.upstream",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.transport_sockets.quic",
    "category": "envoy.transport_sockets.upstream",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.transport_sockets.raw_buffer",
    "category": "envoy.transport_sockets.upstream",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.transport_sockets.tap",
    "category": "envoy.transport_sockets.upstream",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.transport_sockets.tls",
    "category": "envoy.transport_sockets.upstream",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.transport_sockets.upstream_proxy_protocol",
    "category": "envoy.transport_sockets.upstream",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "raw_buffer",
    "category": "envoy.transport_sockets.upstream",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "tls",
    "category": "envoy.transport_sockets.upstream",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
    "category": "envoy.upstream_options",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.upstreams.http.http_protocol_options",
    "category": "envoy.upstream_options",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.filters.network.upstream.metadata_exchange",
    "category": "envoy.filters.upstream_network",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.health_checkers.redis",
    "category": "envoy.health_checkers",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.dynamic.ot",
    "category": "envoy.tracers",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.lightstep",
    "category": "envoy.tracers",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.tracers.datadog",
    "category": "envoy.tracers",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.tracers.dynamic_ot",
    "category": "envoy.tracers",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.tracers.lightstep",
    "category": "envoy.tracers",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.tracers.opencensus",
    "category": "envoy.tracers",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.tracers.skywalking",
    "category": "envoy.tracers",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.tracers.xray",
    "category": "envoy.tracers",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.tracers.zipkin",
    "category": "envoy.tracers",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.zipkin",
    "category": "envoy.tracers",
    "type_descriptor": "",
    "disabled": false
   },
   {
    "name": "envoy.ip",
    "category": "envoy.resolvers",
    "type_descriptor": "",
    "disabled": false
   }
  ],
  "client_features": [],
  "listening_addresses": [],
  "hidden_envoy_deprecated_build_version": "436f365a8007cd8a13a9f1321e7cce94bcc8883e/1.18.3/Clean/RELEASE/BoringSSL"
 },
 "uptime_current_epoch": "1247s",
 "uptime_all_epochs": "1247s"
}

Config: Envoy filter configuration:

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: allow-chunked-length
spec:
  configPatches:
    - applyTo: NETWORK_FILTER
      match:
        listener:
          filterChain:
            filter:
              name: "envoy.filters.network.http_connection_manager"
      patch:
        operation: MERGE
        value:
          typed_config:
            "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
            http_protocol_options:
              allow_chunked_length: true
---
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: envoy-filter
spec:
  configPatches:
    - applyTo: CLUSTER
      match:
        context: ANY
      patch:
        operation: MERGE
        value:
          http_protocol_options:
            allow_chunked_length: true

Logs:

...
2021-07-13T12:53:04.526488Z trace   envoy http  [C114] completed header: key=x-scheme value=https
2021-07-13T12:53:04.526490Z trace   envoy http  [C114] completed header: key=content-type value=application/json; charset=utf-8
2021-07-13T12:53:04.526494Z trace   envoy http  [C114] completed header: key=content-length value=2
2021-07-13T12:53:04.526498Z trace   envoy http  [C114] completed header: key=Date value=Tue, 13 Jul 2021 12:53:04 GMT
2021-07-13T12:53:04.526501Z trace   envoy http  [C114] completed header: key=Connection value=keep-alive
2021-07-13T12:53:04.526505Z trace   envoy http  [C114] onHeadersCompleteBase
2021-07-13T12:53:04.526507Z trace   envoy http  [C114] completed header: key=Keep-Alive value=timeout=5
2021-07-13T12:53:04.526514Z debug   envoy client    [C114] Error dispatching received data: http/1.1 protocol error: both 'Content-Length' and 'Transfer-Encoding' are set.
2021-07-13T12:53:04.526517Z debug   envoy connection    [C114] closing data_to_write=0 type=1
2021-07-13T12:53:04.526519Z debug   envoy connection    [C114] closing socket: 1
2021-07-13T12:53:04.526540Z trace   envoy connection    [C114] raising connection event 1
2021-07-13T12:53:04.526547Z debug   envoy client    [C114] disconnect. resetting 1 pending requests
2021-07-13T12:53:04.526552Z debug   envoy client    [C114] request reset

Note: If there are privacy concerns, sanitize the data prior to sharing.

Call Stack:

If the Envoy binary is crashing, a call stack is required. Please refer to the Bazel Stack trace documentation.

alyssawilk commented 3 years ago

cc @lambdai

lambdai commented 3 years ago

@emilchitas You can use explicitly set false at runtime flag envoy.reloadable_features.require_strict_1xx_and_204_response_headers See https://github.com/envoyproxy/envoy/pull/15880

Istio should be able to override bootstrap config to inject this runtime flag value at proxy startup but I forgot how...

lambdai commented 3 years ago

Here: https://github.com/istio/istio/blob/master/samples/custom-bootstrap/README.md

Hmm, istio should have done it for you https://github.com/istio/istio/blob/master/tools/packaging/common/envoy_bootstrap.json#L30

lambdai commented 3 years ago

you can run istioctl proxy-config bootstrap <pod-name[.namespace]> to confirm the existence of nvoy.reloadable_features.require_strict_1xx_and_204_response_headers in bootstrap https://istio.io/latest/docs/reference/commands/istioctl/#istioctl-proxy-config-bootstrap%20Examples

emilchitas commented 3 years ago

Actually, it seems to be set to false, if it's envoy.reloadable_features.strict_1xx_and_204_response_headers". I've attached the whole output. botstrap.txt

lambdai commented 3 years ago

I was insane when I commented days back.

Content-length with Transfer-Encoding is a completely different issue. Let me check...

github-actions[bot] commented 3 years ago

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.

github-actions[bot] commented 3 years ago

This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted" or "no stalebot". Thank you for your contributions.