network filters: add tcp bandwidth limit

[AntonKanug]

Fixes #26754

Commit Message: network filters: add tcp bandwidth limit
Additional Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
Platform Specific Features:

[repokitteh-read-only]

As a reminder, PRs marked as draft will not be automatically assigned reviewers,
or be handled by maintainer-oncall triage.

Please mark your PR as ready when you want it to be reviewed!

🐱

Caused by: #42996 was opened by AntonKanug.

see: more, trace.

[repokitteh-read-only]

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to (api/envoy/|docs/root/api-docs/).
envoyproxy/api-shepherds assignee is @markdroth
CC @envoyproxy/api-watchers: FYI only for changes made to (api/envoy/|docs/root/api-docs/).

🐱

Caused by: #42996 was opened by AntonKanug.

see: more, trace.

[AntonKanug]

/coverage

[repokitteh-read-only]

Coverage for this Pull Request will be rendered here:

https://storage.googleapis.com/envoy-cncf-pr/42996/coverage/index.html

For comparison, current coverage on main branch is here:

https://storage.googleapis.com/envoy-cncf-postsubmit/main/coverage/index.html

The coverage results are (re-)rendered each time the CI Envoy/Checks (coverage) job completes.

🐱

Caused by: a #42996 (comment) was created by @AntonKanug.

see: more, trace.

[tyxia]

@AntonKanug Thanks for your contribution!

We will need owner here as well as maintainer sponsorship.

cc HTTP bandwith_limit owners @nitgoy @mattklein123 @yanavlasov @tonya11en for inputs

[agrawroh]

@AntonKanug Did you consider using Dynamic Modules for this use-case instead?

cc @wbpcode as well. I think these use-cases could be easily built on top of Dynamic Modules now and we should have a discussion to come up with a policy on new CPP extensions as they do add some maintenance burden on the maintainers.

[nezdolik]

cc @ggreenway (who may be interested to sponsor this extension)

[yanavlasov]

I can sponsor this filter.

[nezdolik]

@AntonKanug please add @yanavlasov and @nezdolik and yourself as code owners. But next time before starting to write the code for new extension you should first find sponsors (among maintainers). Envoy extension policy: https://github.com/envoyproxy/envoy/blob/main/EXTENSION_POLICY.md

[KBaichoo]

/wait-any

This seems to be pending either finding a maintainer to sponsor or authoring this as a dynamic module.

[nezdolik]

this section is repetitive with what we already have in api proto file (api/envoy/extensions/filters/network/tcp_bandwidth_limit/v3/tcp_bandwidth_limit.proto). Could you move the missing information there?

[nezdolik]

you could get rid of 2 boolean fields has_download_limit_, has_upload_limit_ and instead initialize relevant fields like this:

download_token_bucket_(config.has_download_limit_kbps() ? std::make_shared<SharedTokenBucketImpl>(
        limit_bytes_per_sec, time_source_, static_cast<double>(kiloBytesToBytes(download_limit_kbps_))) : nullptr)

[nezdolik]

in filter destructor you will need to disable the timers like so (to avoid any race conditions when filter is being destroyed and timer gets invoked on half destroyed object):

   if (download_timer_) {
      download_timer_->disableTimer();
      download_timer_.reset();
}

[nezdolik]

i think we want to use watermark buffer (Buffer::WatermarkBuffer) here?

[markdroth]

/lgtm api

[yanavlasov]

Looks good. Would you be able to also add an integration test, that tests this filter in a complete Envoy setup, please? It does not need to be complicated, maybe just two tests for upload and download.

/wait-any

[AntonKanug]

@yanavlasov @nezdolik ready for review, addressed the comments and added integrations tests.

precheck is failing but its failing with same error on main as well, tests are passing locally (edit: rebased with the fix)