From 8d36997708b791af28f21a8b03b71eab81a90c6a Mon Sep 17 00:00:00 2001 From: Gal Ovadia Date: Fri, 24 Apr 2026 15:38:44 -0400 Subject: [PATCH 01/10] update to 1.38 Signed-off-by: Gal Ovadia --- Dockerfile | 2 +- README.md | 2 +- integration/.envoy-version | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index c765f48..799ece3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -46,7 +46,7 @@ RUN CC="zig cc -target aarch64-linux-gnu" CXX="zig c++ -target aarch64-linux-gnu RUN CC="zig cc -target x86_64-linux-gnu" CXX="zig c++ -target x86_64-linux-gnu" CGO_ENABLED=1 GOARCH=amd64 go build -buildmode=c-shared -o /build/amd64_libgo_module.so . ##### Build the final image ##### -FROM envoyproxy/envoy:v1.37.0 AS envoy +FROM envoyproxy/envoy:v1.38.0 AS envoy ARG TARGETARCH ENV ENVOY_DYNAMIC_MODULES_SEARCH_PATH=/usr/local/lib COPY --from=rust_builder /build/${TARGETARCH}_librust_module.so /usr/local/lib/librust_module.so diff --git a/README.md b/README.md index 39e0b4e..2624d67 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Dynamic Modules Examples -> Envoy Version: v1.37.0 +> Envoy Version: v1.38.0 > > Since dynamic modules are tied with a specific Envoy version, this repository is based on the specific commit of Envoy. > For examples for a specific Envoy version, please check out `release/v` branches: diff --git a/integration/.envoy-version b/integration/.envoy-version index e4dce85..4afb1d2 100644 --- a/integration/.envoy-version +++ b/integration/.envoy-version @@ -1 +1 @@ -1.37.0 \ No newline at end of file +1.38.0 \ No newline at end of file From 3680b53eacb3baa3210128221a650508d68ecc7d Mon Sep 17 00:00:00 2001 From: Gal Ovadia Date: Fri, 24 Apr 2026 15:39:34 -0400 Subject: [PATCH 02/10] Update Cargo.toml Signed-off-by: Gal Ovadia --- rust/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/Cargo.toml b/rust/Cargo.toml index 1324a41..ed844f5 100644 --- a/rust/Cargo.toml +++ b/rust/Cargo.toml @@ -7,7 +7,7 @@ repository = "https://github.com/envoyproxy/dynamic-modules-example" [dependencies] # The SDK version must match the Envoy version due to the strict compatibility requirements. -envoy-proxy-dynamic-modules-rust-sdk = { git = "https://github.com/envoyproxy/envoy", rev = "6d9bb7d9a85d616b220d1f8fe67b61f82bbdb8d3" } +envoy-proxy-dynamic-modules-rust-sdk = { git = "https://github.com/envoyproxy/envoy", rev = "f1dd21b16c244bda00edfb5ffce577e12d0d2ec2" } serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" rand = "0.9.0" From d776d50e58ddd0cee4cc5be41abdb3bbd537c533 Mon Sep 17 00:00:00 2001 From: Gal Ovadia Date: Fri, 24 Apr 2026 15:39:37 -0400 Subject: [PATCH 03/10] Update Cargo.lock Signed-off-by: Gal Ovadia --- rust/Cargo.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/Cargo.lock b/rust/Cargo.lock index cfabf0d..a9e56f1 100644 --- a/rust/Cargo.lock +++ b/rust/Cargo.lock @@ -150,7 +150,7 @@ dependencies = [ [[package]] name = "envoy-proxy-dynamic-modules-rust-sdk" version = "0.1.0" -source = "git+https://github.com/envoyproxy/envoy?rev=6d9bb7d9a85d616b220d1f8fe67b61f82bbdb8d3#6d9bb7d9a85d616b220d1f8fe67b61f82bbdb8d3" +source = "git+https://github.com/envoyproxy/envoy?rev=f1dd21b16c244bda00edfb5ffce577e12d0d2ec2#f1dd21b16c244bda00edfb5ffce577e12d0d2ec2" dependencies = [ "bindgen", "mockall", From 037eb71ed0afeecc44eadc25b203868d88ee6ad1 Mon Sep 17 00:00:00 2001 From: Gal Ovadia Date: Fri, 24 Apr 2026 15:43:28 -0400 Subject: [PATCH 04/10] fixes Signed-off-by: Gal Ovadia --- rust/src/http_access_logger.rs | 4 ++-- rust/src/http_header_mutation.rs | 4 ++-- rust/src/http_random_auth.rs | 2 +- rust/src/http_zero_copy_regex_waf.rs | 10 +++++----- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/rust/src/http_access_logger.rs b/rust/src/http_access_logger.rs index 6bc072a..ef88c90 100644 --- a/rust/src/http_access_logger.rs +++ b/rust/src/http_access_logger.rs @@ -186,10 +186,10 @@ mod tests { let mut envoy_filter = envoy_proxy_dynamic_modules_rust_sdk::MockEnvoyHttpFilter::new(); envoy_filter .expect_get_request_headers() - .returning(|| vec![(EnvoyBuffer::new("host"), EnvoyBuffer::new("example.com"))]); + .returning(|| vec![(EnvoyBuffer::new(b"host"), EnvoyBuffer::new(b"example.com"))]); envoy_filter .expect_get_response_headers() - .returning(|| vec![(EnvoyBuffer::new("content-length"), EnvoyBuffer::new("123"))]); + .returning(|| vec![(EnvoyBuffer::new(b"content-length"), EnvoyBuffer::new(b"123"))]); access_logger_filter.on_request_headers(&mut envoy_filter, false); access_logger_filter.on_response_headers(&mut envoy_filter, false); diff --git a/rust/src/http_header_mutation.rs b/rust/src/http_header_mutation.rs index a066f90..e04d380 100644 --- a/rust/src/http_header_mutation.rs +++ b/rust/src/http_header_mutation.rs @@ -118,10 +118,10 @@ mod tests { .expect_get_attribute_string() .returning(|id| match id { abi::envoy_dynamic_module_type_attribute_id::SourceAddress => { - return Some(EnvoyBuffer::new("1.1.1.1:12345")); + return Some(EnvoyBuffer::new(b"1.1.1.1:12345")); } abi::envoy_dynamic_module_type_attribute_id::UpstreamAddress => { - return Some(EnvoyBuffer::new("2.2.2.2:12345")); + return Some(EnvoyBuffer::new(b"2.2.2.2:12345")); } _ => panic!("Unexpected attribute id"), }); diff --git a/rust/src/http_random_auth.rs b/rust/src/http_random_auth.rs index 59db1af..adc4390 100644 --- a/rust/src/http_random_auth.rs +++ b/rust/src/http_random_auth.rs @@ -37,7 +37,7 @@ impl HttpFilter for Filter { ) -> abi::envoy_dynamic_module_type_on_http_filter_request_headers_status { let reject = rand::rng().random::(); if reject { - envoy_filter.send_response(403, vec![], Some(b"Access forbidden"), None); + envoy_filter.send_response(403, &[], Some(b"Access forbidden"), None); return abi::envoy_dynamic_module_type_on_http_filter_request_headers_status::StopIteration; } abi::envoy_dynamic_module_type_on_http_filter_request_headers_status::Continue diff --git a/rust/src/http_zero_copy_regex_waf.rs b/rust/src/http_zero_copy_regex_waf.rs index aaf7278..2ddb91d 100644 --- a/rust/src/http_zero_copy_regex_waf.rs +++ b/rust/src/http_zero_copy_regex_waf.rs @@ -70,7 +70,7 @@ impl HttpFilter for Filter { .expect("Failed to do regex match"); if matched { // If the regex matches, we send a 403 response. - envoy_filter.send_response(403, vec![], Some(b"Access forbidden"), None); + envoy_filter.send_response(403, &[], Some(b"Access forbidden"), None); return abi::envoy_dynamic_module_type_on_http_filter_request_body_status::StopIterationNoBuffer; } abi::envoy_dynamic_module_type_on_http_filter_request_body_status::Continue @@ -141,8 +141,8 @@ mod tests { static mut HELLO: [u8; 6] = *b"Hello "; static mut WORLD: [u8; 6] = *b"World!"; Some(vec![ - EnvoyMutBuffer::new(unsafe { &mut HELLO }), - EnvoyMutBuffer::new(unsafe { &mut WORLD }), + unsafe { EnvoyMutBuffer::new(&raw mut HELLO) }, + unsafe { EnvoyMutBuffer::new(&raw mut WORLD) }, ]) }) .times(1); @@ -160,8 +160,8 @@ mod tests { static mut GOOD: [u8; 5] = *b"Good "; static mut MORNING: [u8; 8] = *b"Morning!"; Some(vec![ - EnvoyMutBuffer::new(unsafe { &mut GOOD }), - EnvoyMutBuffer::new(unsafe { &mut MORNING }), + unsafe { EnvoyMutBuffer::new(&raw mut GOOD) }, + unsafe { EnvoyMutBuffer::new(&raw mut MORNING) }, ]) }) .times(1); From 41ff75ec4043233b5e390b593d6c7625fe0630e9 Mon Sep 17 00:00:00 2001 From: Gal Ovadia Date: Fri, 24 Apr 2026 15:46:31 -0400 Subject: [PATCH 05/10] biump Signed-off-by: Gal Ovadia --- rust/src/http_access_logger.rs | 9 +++++--- rust/src/lib.rs | 39 +++++++++++++++++++++++++++++++++- 2 files changed, 44 insertions(+), 4 deletions(-) diff --git a/rust/src/http_access_logger.rs b/rust/src/http_access_logger.rs index ef88c90..e77ad7e 100644 --- a/rust/src/http_access_logger.rs +++ b/rust/src/http_access_logger.rs @@ -187,9 +187,12 @@ mod tests { envoy_filter .expect_get_request_headers() .returning(|| vec![(EnvoyBuffer::new(b"host"), EnvoyBuffer::new(b"example.com"))]); - envoy_filter - .expect_get_response_headers() - .returning(|| vec![(EnvoyBuffer::new(b"content-length"), EnvoyBuffer::new(b"123"))]); + envoy_filter.expect_get_response_headers().returning(|| { + vec![( + EnvoyBuffer::new(b"content-length"), + EnvoyBuffer::new(b"123"), + )] + }); access_logger_filter.on_request_headers(&mut envoy_filter, false); access_logger_filter.on_response_headers(&mut envoy_filter, false); diff --git a/rust/src/lib.rs b/rust/src/lib.rs index d87865d..c7dbdd8 100644 --- a/rust/src/lib.rs +++ b/rust/src/lib.rs @@ -60,7 +60,14 @@ pub mod listener_ip_allowlist; pub mod listener_sni_router; pub mod listener_tls_detector; -declare_init_functions!(init, new_http_filter_config_fn); +// DNS gateway filter examples. +pub mod dns_gateway; + +declare_all_init_functions!(init, + http: new_http_filter_config_fn, + network: new_network_filter_config_fn, + udp_listener: new_udp_listener_filter_config_fn +); /// This implements the [`envoy_proxy_dynamic_modules_rust_sdk::ProgramInitFunction`]. /// @@ -102,3 +109,33 @@ fn new_http_filter_config_fn( _ => panic!("Unknown filter name: {filter_name}"), } } + +fn new_network_filter_config_fn( + _envoy_filter_config: &mut EC, + filter_name: &str, + filter_config: &[u8], +) -> Option>> { + match filter_name { + "cache_lookup" => Some(Box::new( + dns_gateway::cache_lookup::CacheLookupFilterConfig::new(filter_config), + )), + _ => panic!("Unknown network filter name: {filter_name}"), + } +} + +fn new_udp_listener_filter_config_fn< + EC: EnvoyUdpListenerFilterConfig, + ELF: EnvoyUdpListenerFilter, +>( + _envoy_filter_config: &mut EC, + filter_name: &str, + filter_config: &[u8], +) -> Option>> { + match filter_name { + "dns_gateway" => { + let config = dns_gateway::DnsGatewayFilterConfig::new(filter_config)?; + Some(Box::new(config)) + } + _ => panic!("Unknown UDP listener filter name: {filter_name}"), + } +} From 46eb45e09bd51b393cc936c733a7b02c03e55722 Mon Sep 17 00:00:00 2001 From: Gal Ovadia Date: Fri, 24 Apr 2026 15:53:34 -0400 Subject: [PATCH 06/10] clean Signed-off-by: Gal Ovadia --- go/go.mod | 2 +- go/go.sum | 4 ++-- rust/src/lib.rs | 2 ++ 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/go/go.mod b/go/go.mod index d7b378e..75a92e6 100644 --- a/go/go.mod +++ b/go/go.mod @@ -11,7 +11,7 @@ tool ( require ( github.com/dop251/goja v0.0.0-20250630131328-58d95d85e994 - github.com/envoyproxy/envoy/source/extensions/dynamic_modules v0.0.0-20260129014508-e8c1dc7dcbcd + github.com/envoyproxy/envoy/source/extensions/dynamic_modules v0.0.0-20260423231439-f1dd21b16c24 ) require ( diff --git a/go/go.sum b/go/go.sum index 1d5cde7..bd6867f 100644 --- a/go/go.sum +++ b/go/go.sum @@ -140,8 +140,8 @@ github.com/dop251/goja v0.0.0-20250630131328-58d95d85e994 h1:aQYWswi+hRL2zJqGacd github.com/dop251/goja v0.0.0-20250630131328-58d95d85e994/go.mod h1:MxLav0peU43GgvwVgNbLAj1s/bSGboKkhuULvq/7hx4= github.com/ebitengine/purego v0.9.0 h1:mh0zpKBIXDceC63hpvPuGLiJ8ZAa3DfrFTudmfi8A4k= github.com/ebitengine/purego v0.9.0/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ= -github.com/envoyproxy/envoy/source/extensions/dynamic_modules v0.0.0-20260129014508-e8c1dc7dcbcd h1:IQMTVU/I2HaXkUUYvHD3gtUrFAGLZm8DcH/4Z20vRQQ= -github.com/envoyproxy/envoy/source/extensions/dynamic_modules v0.0.0-20260129014508-e8c1dc7dcbcd/go.mod h1:NpQosaDAX20s0ak0o/4b5dLOdvkbk15XqoakhSNX1Gg= +github.com/envoyproxy/envoy/source/extensions/dynamic_modules v0.0.0-20260423231439-f1dd21b16c24 h1:NM/c/D2pvvSpEqmF2p8tWnZPbeiZ1B8gS5TPH764qao= +github.com/envoyproxy/envoy/source/extensions/dynamic_modules v0.0.0-20260423231439-f1dd21b16c24/go.mod h1:NpQosaDAX20s0ak0o/4b5dLOdvkbk15XqoakhSNX1Gg= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= diff --git a/rust/src/lib.rs b/rust/src/lib.rs index c7dbdd8..ea4e93f 100644 --- a/rust/src/lib.rs +++ b/rust/src/lib.rs @@ -1,3 +1,5 @@ +#![allow(unpredictable_function_pointer_comparisons)] // <- can be removed once https://github.com/envoyproxy/envoy/pull/44654 is released + //! Envoy Dynamic Modules Rust SDK Examples //! //! This crate contains example implementations of Envoy dynamic modules using the Rust SDK. From 38251e8e589499472f85086b72040544bfe94f16 Mon Sep 17 00:00:00 2001 From: Gal Ovadia Date: Fri, 24 Apr 2026 15:58:41 -0400 Subject: [PATCH 07/10] safe Signed-off-by: Gal Ovadia --- go/delay.go | 3 +++ go/header_auth.go | 7 +++++-- go/javascript.go | 7 +++++-- go/passthrough.go | 31 +++++++++++++++++-------------- 4 files changed, 30 insertions(+), 18 deletions(-) diff --git a/go/delay.go b/go/delay.go index 3ee24e6..af841ee 100644 --- a/go/delay.go +++ b/go/delay.go @@ -35,6 +35,9 @@ func (p *delayFilterFactory) Create(handle shared.HttpFilterHandle) shared.HttpF return &delayFilter{handle: handle} } +// OnDestroy implements [shared.HttpFilterFactory]. +func (p *delayFilterFactory) OnDestroy() {} + // OnRequestHeaders implements [shared.HttpFilter]. func (p *delayFilter) OnRequestHeaders(headers shared.HeaderMap, endOfStream bool) shared.HeadersStatus { // Check if the headers contain the "do-delay" header to trigger the delay. diff --git a/go/header_auth.go b/go/header_auth.go index eb6128c..31820aa 100644 --- a/go/header_auth.go +++ b/go/header_auth.go @@ -36,14 +36,17 @@ func (p *headerAuthFilterFactory) Create(handle shared.HttpFilterHandle) shared. return &headerAuthFilter{handle: handle, authHeaderName: p.authHeaderName} } +// OnDestroy implements [shared.HttpFilterFactory]. +func (p *headerAuthFilterFactory) OnDestroy() {} + // OnRequestHeaders implements [shared.HttpFilter]. func (p *headerAuthFilter) OnRequestHeaders(headers shared.HeaderMap, endOfStream bool) shared.HeadersStatus { v := headers.GetOne(p.authHeaderName) - if v == "" { + if v.Len == 0 { p.handle.SendLocalResponse(http.StatusUnauthorized, [][2]string{{"Content-Type", "text/plain"}}, []byte("Unauthorized by Go Module at on_request_headers\n"), "unauthorized") return shared.HeadersStatusStop } - p.sendOnResponseHeaderPhase = v == "on_response_headers" + p.sendOnResponseHeaderPhase = v.ToString() == "on_response_headers" return shared.HeadersStatusContinue } diff --git a/go/javascript.go b/go/javascript.go index 9818f5b..bae338f 100644 --- a/go/javascript.go +++ b/go/javascript.go @@ -61,6 +61,9 @@ func (p *javaScriptFilterConfigFactory) Create(handle shared.HttpFilterConfigHan return c, nil } +// OnDestroy implements [shared.HttpFilterFactory]. +func (p *javaScriptFilterFactory) OnDestroy() {} + // Create implements [shared.HttpFilterFactory]. func (p *javaScriptFilterFactory) Create(handle shared.HttpFilterHandle) shared.HttpFilter { vm := p.vms[rand.Intn(numberOfVMPool)] @@ -122,7 +125,7 @@ func newJavaScriptVM(script string, w io.Writer) (*javaScriptVM, error) { // OnRequestHeaders implements [shared.HttpFilter]. func (p *javaScriptFilter) OnRequestHeaders(headers shared.HeaderMap, _ bool) shared.HeadersStatus { for _, header := range headers.GetAll() { - p.requestHeaders[header[0]] = header[1] + p.requestHeaders[header[0].ToString()] = header[1].ToString() } p.vm.mux.Lock() defer p.vm.mux.Unlock() @@ -155,7 +158,7 @@ func (p *javaScriptFilter) OnRequestHeaders(headers shared.HeaderMap, _ bool) sh // OnResponseHeaders implements [shared.HttpFilter]. func (p *javaScriptFilter) OnResponseHeaders(headers shared.HeaderMap, _ bool) shared.HeadersStatus { for _, header := range headers.GetAll() { - p.responseHeaders[header[0]] = header[1] + p.responseHeaders[header[0].ToString()] = header[1].ToString() } p.vm.mux.Lock() defer p.vm.mux.Unlock() diff --git a/go/passthrough.go b/go/passthrough.go index 64ab144..21e767b 100644 --- a/go/passthrough.go +++ b/go/passthrough.go @@ -30,20 +30,23 @@ func (p *passthroughFilterFactory) Create(handle shared.HttpFilterHandle) shared return &passthroughFilter{handle: handle} } +// OnDestroy implements [shared.HttpFilterFactory]. +func (p *passthroughFilterFactory) OnDestroy() {} + // OnRequestHeaders implements [shared.HttpFilter]. func (p *passthroughFilter) OnRequestHeaders(headers shared.HeaderMap, endOfStream bool) shared.HeadersStatus { fooValue := headers.GetOne("foo") - fmt.Printf("gosdk: RequestHeaders, foo: %v\n", fooValue) + fmt.Printf("gosdk: RequestHeaders, foo: %v\n", fooValue.ToString()) fmt.Printf("gosdk: RequestHeaders, endOfStream: %v\n", endOfStream) for _, header := range headers.GetAll() { - fmt.Printf("gosdk: RequestHeaders, header: %s: %s\n", header[0], header[1]) + fmt.Printf("gosdk: RequestHeaders, header: %s: %s\n", header[0].ToString(), header[1].ToString()) } sourceAddr, _ := p.handle.GetAttributeString(shared.AttributeIDSourceAddress) destAddr, _ := p.handle.GetAttributeString(shared.AttributeIDDestinationAddress) protocol, _ := p.handle.GetAttributeString(shared.AttributeIDRequestProtocol) - fmt.Printf("gosdk: RequestHeaders, source address: %s\n", sourceAddr) - fmt.Printf("gosdk: RequestHeaders, destination address: %s\n", destAddr) - fmt.Printf("gosdk: RequestHeaders, request protocol: %s\n", protocol) + fmt.Printf("gosdk: RequestHeaders, source address: %s\n", sourceAddr.ToString()) + fmt.Printf("gosdk: RequestHeaders, destination address: %s\n", destAddr.ToString()) + fmt.Printf("gosdk: RequestHeaders, request protocol: %s\n", protocol.ToString()) return shared.HeadersStatusContinue } @@ -57,7 +60,7 @@ func (p *passthroughFilter) OnRequestBody(body shared.BodyBuffer, endOfStream bo chunks := body.GetChunks() var original []byte for _, chunk := range chunks { - original = append(original, chunk...) + original = append(original, chunk.ToBytes()...) } fmt.Printf("gosdk: RequestBody, body: %s\n", original) body.Drain(uint64(len(original))) @@ -65,7 +68,7 @@ func (p *passthroughFilter) OnRequestBody(body shared.BodyBuffer, endOfStream bo chunks = body.GetChunks() var modified []byte for _, chunk := range chunks { - modified = append(modified, chunk...) + modified = append(modified, chunk.ToBytes()...) } if string(modified) != "hello world" { panic("request body should be modified") @@ -77,7 +80,7 @@ func (p *passthroughFilter) OnRequestBody(body shared.BodyBuffer, endOfStream bo chunks = body.GetChunks() modified = nil for _, chunk := range chunks { - modified = append(modified, chunk...) + modified = append(modified, chunk.ToBytes()...) } if string(modified) != string(original) { panic("request body should be modified") @@ -88,13 +91,13 @@ func (p *passthroughFilter) OnRequestBody(body shared.BodyBuffer, endOfStream bo // OnResponseHeaders implements [shared.HttpFilter]. func (p *passthroughFilter) OnResponseHeaders(headers shared.HeaderMap, endOfStream bool) shared.HeadersStatus { status := headers.GetOne(":status") - if status == "" { + if status.Len == 0 { panic("x-status header should be set") } - fmt.Printf("gosdk: ResponseHeaders, status: %v\n", status) + fmt.Printf("gosdk: ResponseHeaders, status: %v\n", status.ToString()) headers.Set("x-passthrough-response-header", "true") for _, header := range headers.GetAll() { - fmt.Printf("gosdk: ResponseHeaders, header: %s: %s\n", header[0], header[1]) + fmt.Printf("gosdk: ResponseHeaders, header: %s: %s\n", header[0].ToString(), header[1].ToString()) } return shared.HeadersStatusContinue } @@ -109,7 +112,7 @@ func (p *passthroughFilter) OnResponseBody(body shared.BodyBuffer, endOfStream b chunks := body.GetChunks() var original []byte for _, chunk := range chunks { - original = append(original, chunk...) + original = append(original, chunk.ToBytes()...) } fmt.Printf("gosdk: ResponseBody, body: %s\n", original) body.Drain(uint64(len(original))) @@ -117,7 +120,7 @@ func (p *passthroughFilter) OnResponseBody(body shared.BodyBuffer, endOfStream b chunks = body.GetChunks() var modified []byte for _, chunk := range chunks { - modified = append(modified, chunk...) + modified = append(modified, chunk.ToBytes()...) } if string(modified) != "hello world" { panic("response body should be modified") @@ -128,7 +131,7 @@ func (p *passthroughFilter) OnResponseBody(body shared.BodyBuffer, endOfStream b chunks = body.GetChunks() modified = nil for _, chunk := range chunks { - modified = append(modified, chunk...) + modified = append(modified, chunk.ToBytes()...) } if string(modified) != string(original) { panic("response body should be modified") From 3ee040d7623df52f1c9c92b625b49670376db780 Mon Sep 17 00:00:00 2001 From: Gal Ovadia Date: Fri, 24 Apr 2026 16:08:42 -0400 Subject: [PATCH 08/10] Update Dockerfile --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 799ece3..e5005c2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -42,6 +42,7 @@ RUN curl -L "https://ziglang.org/download/${ZIG_VERSION}/zig-linux-$(uname -m)-$ RUN mkdir /build COPY ./go /build WORKDIR /build +ENV CGO_LDFLAGS_DISALLOW="-Wl,--unresolved-symbols.*" RUN CC="zig cc -target aarch64-linux-gnu" CXX="zig c++ -target aarch64-linux-gnu" CGO_ENABLED=1 GOARCH=arm64 go build -buildmode=c-shared -o /build/arm64_libgo_module.so . RUN CC="zig cc -target x86_64-linux-gnu" CXX="zig c++ -target x86_64-linux-gnu" CGO_ENABLED=1 GOARCH=amd64 go build -buildmode=c-shared -o /build/amd64_libgo_module.so . From 3c63df1e12bb7eb7ac78501e9ba13ffb777da2fc Mon Sep 17 00:00:00 2001 From: Gal Ovadia Date: Fri, 24 Apr 2026 16:12:05 -0400 Subject: [PATCH 09/10] Update network_rate_limiter.rs --- rust/src/network_rate_limiter.rs | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/rust/src/network_rate_limiter.rs b/rust/src/network_rate_limiter.rs index 943746c..4a33808 100644 --- a/rust/src/network_rate_limiter.rs +++ b/rust/src/network_rate_limiter.rs @@ -218,16 +218,16 @@ impl NetworkFilter for RateLimiterFilter { ) { match event { abi::envoy_dynamic_module_type_network_connection_event::RemoteClose - | abi::envoy_dynamic_module_type_network_connection_event::LocalClose => { - if self.connection_counted { - let previous = self - .shared_state - .active_connections - .fetch_sub(1, Ordering::SeqCst); - let _ = envoy_filter - .set_gauge(self.active_connections_gauge, previous.saturating_sub(1)); - envoy_log_debug!("Connection closed. Active connections: {}", previous - 1); - } + | abi::envoy_dynamic_module_type_network_connection_event::LocalClose + if self.connection_counted => + { + let previous = self + .shared_state + .active_connections + .fetch_sub(1, Ordering::SeqCst); + let _ = envoy_filter + .set_gauge(self.active_connections_gauge, previous.saturating_sub(1)); + envoy_log_debug!("Connection closed. Active connections: {}", previous - 1); } _ => {} } From 3e072b88cdf08c43b59f849f0a777c066a743559 Mon Sep 17 00:00:00 2001 From: Gal Ovadia Date: Fri, 24 Apr 2026 16:21:27 -0400 Subject: [PATCH 10/10] Update Dockerfile --- Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index e5005c2..799ece3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -42,7 +42,6 @@ RUN curl -L "https://ziglang.org/download/${ZIG_VERSION}/zig-linux-$(uname -m)-$ RUN mkdir /build COPY ./go /build WORKDIR /build -ENV CGO_LDFLAGS_DISALLOW="-Wl,--unresolved-symbols.*" RUN CC="zig cc -target aarch64-linux-gnu" CXX="zig c++ -target aarch64-linux-gnu" CGO_ENABLED=1 GOARCH=arm64 go build -buildmode=c-shared -o /build/arm64_libgo_module.so . RUN CC="zig cc -target x86_64-linux-gnu" CXX="zig c++ -target x86_64-linux-gnu" CGO_ENABLED=1 GOARCH=amd64 go build -buildmode=c-shared -o /build/amd64_libgo_module.so .