Skip to content
This repository was archived by the owner on Apr 24, 2025. It is now read-only.
This repository was archived by the owner on Apr 24, 2025. It is now read-only.

No output for GetProperty method - network filter #377

Closed
Closed
No output for GetProperty method - network filter#377
@paulchoi

Description

@paulchoi
paulchoi
opened on Apr 26, 2023

Describe the bug / error

GetProperty call returns no output. This is in a network WASM filter.
I can tell the WASM filter is receiving data, because GetDownstreamData returns the data from downstream.

What is your Envoy/Istio version?

Envoy 1.26

What is the SDK version?

v0.22.0

What is your TinyGo version?

tinygo version 0.27.0 darwin/amd64 (using go version go1.20.3 and LLVM version 15.0.0)

URL or snippet of your code including Envoy configuration

package main

import (
	"github.com/tetratelabs/proxy-wasm-go-sdk/proxywasm"
	"github.com/tetratelabs/proxy-wasm-go-sdk/proxywasm/types"
)

func main() {
	proxywasm.SetVMContext(&vmContext{})
}

type vmContext struct {
	types.DefaultVMContext
}

func (c *vmContext) NewPluginContext(contextID uint32) types.PluginContext {
	return &pluginContext{}
}

type pluginContext struct {
	// Embed the default plugin context here,
	// so that we don't need to reimplement all the methods.
	types.DefaultPluginContext
}

type networkContext struct {
	types.DefaultTcpContext
}

// Override types.DefaultPluginContext.
func (ctx *pluginContext) NewTcpContext(contextID uint32) types.TcpContext {
	return &networkContext{}
}

func (ctx *networkContext) OnNewConnection() types.Action {
	proxywasm.LogInfo("New connection!")
	return types.ActionContinue
}

func (ctx *networkContext) OnDownstreamData(dataSize int, endOfStream bool) types.Action {
	if dataSize == 0 {
		return types.ActionContinue
	}

	data, err := proxywasm.GetDownstreamData(0, dataSize)
	if err != nil && err != types.ErrorStatusNotFound {
		proxywasm.LogCriticalf("failed to get downstream data: %v", err)
		return types.ActionContinue
	}

	proxywasm.LogInfof(">>>>>> downstream data received >>>>>>\n%s", string(data))

	vmConfiguration, err := proxywasm.GetVMConfiguration()
	proxywasm.LogInfof("vm configuration: %v", vmConfiguration)

	certFound := false
	// Connection attributes at:
	// https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/advanced/attributes#connection-attributes

	requestScheme, err := proxywasm.GetProperty([]string{"request", "scheme"})
	proxywasm.LogInfof("Request scheme: %s", string(requestScheme))

	connectionId, err := proxywasm.GetProperty([]string{"connection", "id"})
	proxywasm.LogInfof("mTLS?: %s", connectionId)

	connectionMtls, err := proxywasm.GetProperty([]string{"connection", "mtls"})
	proxywasm.LogInfof("mTLS?: %v", connectionMtls)

	subjectPeerCert, err := proxywasm.GetProperty([]string{"connection", "subject_peer_certificate"})
	if err != nil {
		proxywasm.LogWarnf("Failed to get downstream subject peer cert: %v", err)
	} else {
		proxywasm.LogInfof("subject peer cert: %s", string(subjectPeerCert))
		certFound = true
	}

	dnsSanPeerCert, err := proxywasm.GetProperty([]string{"connection", "dns_san_peer_certificate"})
	if err != nil {
		proxywasm.LogWarnf("Failed to get downstream DNS SAN peer cert: %v", err)
	} else {
		proxywasm.LogInfof("DNS SAN peer cert: %s", string(dnsSanPeerCert))
		certFound = true
	}

	uriSanPeerCert, err := proxywasm.GetProperty([]string{"connection", "uri_san_peer_certificate"})
	if err != nil {
		proxywasm.LogWarnf("Failed to get downstream URI SAN peer cert: %v", err)
	} else {
		proxywasm.LogInfof("URI SAN peer cert: %s", string(uriSanPeerCert))
		certFound = true
	}

	pluginVmId, err := proxywasm.GetProperty([]string{"plugin_vm_id"})
	proxywasm.LogInfof("plugin vm id: %v", pluginVmId)

	connectionInfo, err := proxywasm.GetPropertyMap([]string{"connection"})
	proxywasm.LogInfof("connection info: %v", connectionInfo)

	if !certFound {
		proxywasm.LogWarnf("No peer cert found!")
	}

	return types.ActionContinue
}

// Override types.DefaultTcpContext.
func (ctx *networkContext) OnDownstreamClose(types.PeerType) {
	proxywasm.LogInfo("downstream connection close!")
	return
}

envoy.yaml:

---
admin:
  address:
    socket_address:
      address: 127.0.0.1
      port_value: 9901

static_resources:
  listeners:
  - address:
      socket_address:
        address: 0.0.0.0
        port_value: 1443
    filter_chains:
    - filters:
    # TCP Proxy
      - name: envoy.filters.network.wasm
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
          config:
            name: "tls-auth"
            root_id: "tls-auth"
            vm_config:
              runtime: "envoy.wasm.runtime.v8"
              code:
                local:
                  filename: "/etc/envoy/main.wasm"
              allow_precompiled: true
            fail_open: true

      - name: envoy.filters.network.tcp_proxy
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
          cluster: api
          stat_prefix: api

      transport_socket:
        name: envoy.transport_sockets.tls
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
          common_tls_context:
            tls_certificates:
              - certificate_chain: 
                  filename: "/etc/envoy/chain.pem"
                private_key: 
                  filename: "/etc/envoy/private.pem"

  clusters:
  - name: api
    load_assignment:
      cluster_name: api
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: 192.168.64.1
                port_value: 8080

Additional context (Optional)

Log output from Envoy/WASM:

[2023-04-26 04:26:15.230][1][info][main] [external/envoy/source/server/server.cc:894] starting main dispatch loop
[2023-04-26 04:26:18.483][13][info][wasm] [external/envoy/source/extensions/common/wasm/context.cc:1148] wasm log tls-auth tls-auth: New connection!
[2023-04-26 04:26:18.713][13][info][wasm] [external/envoy/source/extensions/common/wasm/context.cc:1148] wasm log tls-auth tls-auth: >>>>>> downstream data received >>>>>>
GET / HTTP/1.1
Host: 192.168.64.2:1443
User-Agent: curl/7.87.0
Accept: */*


[2023-04-26 04:26:18.718][13][info][wasm] [external/envoy/source/extensions/common/wasm/context.cc:1148] wasm log tls-auth tls-auth: vm configuration: []
[2023-04-26 04:26:18.718][13][info][wasm] [external/envoy/source/extensions/common/wasm/context.cc:1148] wasm log tls-auth tls-auth: Request scheme:
[2023-04-26 04:26:18.718][13][info][wasm] [external/envoy/source/extensions/common/wasm/context.cc:1148] wasm log tls-auth tls-auth: mTLS?:
[2023-04-26 04:26:18.718][13][info][wasm] [external/envoy/source/extensions/common/wasm/context.cc:1148] wasm log tls-auth tls-auth: mTLS?: [0]
[2023-04-26 04:26:18.718][13][info][wasm] [external/envoy/source/extensions/common/wasm/context.cc:1148] wasm log tls-auth tls-auth: subject peer cert:
[2023-04-26 04:26:18.718][13][warning][wasm] [external/envoy/source/extensions/common/wasm/context.cc:1151] wasm log tls-auth tls-auth: Failed to get downstream DNS SAN peer cert: error status returned by host: not found
[2023-04-26 04:26:18.718][13][warning][wasm] [external/envoy/source/extensions/common/wasm/context.cc:1151] wasm log tls-auth tls-auth: Failed to get downstream URI SAN peer cert: error status returned by host: not found
[2023-04-26 04:26:18.718][13][info][wasm] [external/envoy/source/extensions/common/wasm/context.cc:1148] wasm log tls-auth tls-auth: plugin vm id: []
[2023-04-26 04:26:18.718][13][info][wasm] [external/envoy/source/extensions/common/wasm/context.cc:1148] wasm log tls-auth tls-auth: connection info: []
[2023-04-26 04:26:18.718][13][info][wasm] [external/envoy/source/extensions/common/wasm/context.cc:1148] wasm log tls-auth tls-auth: vm configuration: []
[2023-04-26 04:26:18.718][13][info][wasm] [external/envoy/source/extensions/common/wasm/context.cc:1148] wasm log tls-auth tls-auth: Request scheme:
[2023-04-26 04:26:18.718][13][info][wasm] [external/envoy/source/extensions/common/wasm/context.cc:1148] wasm log tls-auth tls-auth: mTLS?:
[2023-04-26 04:26:18.718][13][info][wasm] [external/envoy/source/extensions/common/wasm/context.cc:1148] wasm log tls-auth tls-auth: mTLS?: [0]
[2023-04-26 04:26:18.718][13][info][wasm] [external/envoy/source/extensions/common/wasm/context.cc:1148] wasm log tls-auth tls-auth: subject peer cert:
[2023-04-26 04:26:18.718][13][warning][wasm] [external/envoy/source/extensions/common/wasm/context.cc:1151] wasm log tls-auth tls-auth: Failed to get downstream DNS SAN peer cert: error status returned by host: not found
[2023-04-26 04:26:18.718][13][warning][wasm] [external/envoy/source/extensions/common/wasm/context.cc:1151] wasm log tls-auth tls-auth: Failed to get downstream URI SAN peer cert: error status returned by host: not found
[2023-04-26 04:26:18.718][13][info][wasm] [external/envoy/source/extensions/common/wasm/context.cc:1148] wasm log tls-auth tls-auth: plugin vm id: []
[2023-04-26 04:26:18.718][13][info][wasm] [external/envoy/source/extensions/common/wasm/context.cc:1148] wasm log tls-auth tls-auth: connection info: []
[2023-04-26 04:26:18.724][13][info][wasm] [external/envoy/source/extensions/common/wasm/context.cc:1148] wasm log tls-auth tls-auth: downstream connection close!
[2023-04-26 04:26:18.724][13][info][wasm] [external/envoy/source/extensions/common/wasm/context.cc:1148] wasm log tls-auth tls-auth: connection complete!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions