This includes two major changes:
1. An additional credentials option `sni_override` with the type `optional<string>`. If `nullopt`, it has no effect, and if set to the empty string it disables sending SNI entirely. Otherwise, the specified string will be sent.
2. The implementation of [gRFC A101](https://github.com/grpc/proposal/blob/master/A101-SNI-setting-and-SNI-SAN-validation.md) using that new option. This includes options to set SNI and to validate SAN values against the set SNI value.
Closes#41051
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/41051 from murgatroid99:xds_sni_support 6a1f8667dedc19947532720495b2932889236a12
PiperOrigin-RevId: 855765736
This temporarily disables the bzlmod version consistency check, because the new version of the xDS protos winds up pulling in a lot of upgraded dependencies that will take some work to get working.
Closes#41242
PiperOrigin-RevId: 852345420
Change was **not** created by the release automation script, because it doesn't handle a +2 version bump. See go/grpc-release
Closes#41291
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/41291 from murgatroid99:v1.79.0-dev_bump 9a9bf54e5a891459390792dc9d547bdc17b7dd4d
PiperOrigin-RevId: 848168598
Add a new config to enable active call inspection with channelz, disabled by default. Plumb through promise_based_filter, call-v3.
PiperOrigin-RevId: 837614415
Allow servers to set max outstanding streams limit per server. This pull request only adds the BUILD changes required for this. The core logic will follow in a later PR.
Closes#41076
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/41076 from siddharthnohria:max_outstanding_streams 392d962fc78be66c075952977bc3a28f2298b7ce
PiperOrigin-RevId: 833196338
[PH2][BUILD] Adding new file for IncomingMetadataTracker
Closes#41058
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/41058 from tanvi-jagtap:new_files 6c0da18b7c8980d6ab133cb8e543e6ad13e5d69d
PiperOrigin-RevId: 832130354
This refactors the call buffering code for the v1 stack, which avoids some repetition between the resolver queue and the LB pick queue. This code will also be used in the future in the subchannel as part of implementing the MAX_CONCURRENT_STREAMS design.
As part of this, I also eliminated the subclassing in the v1 client channel implementation, which has not been necessary since the v2 code was removed.
Closes#40945
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/40945 from markdroth:call_buffer_v1_refactoring 0a471be6ed862c3cc3225644fb2a3e1456e60fbf
PiperOrigin-RevId: 829566551
Change was created by the release automation script. See go/grpc-release.
Closes#40796
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/40796 from sergiitk:bump_dev_version_202509291139 e7aa910253d1706a72822da986b8b8e7bc87931d
PiperOrigin-RevId: 812961524
Add Stream quota, to allow users to set server wide max_outstanding_streams, in addition to the per-connection limit.
Closes#39125
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/39125 from siddharthnohria:max_outstanding_streams 32ae21514d5321a76b41b8445d16753a095914f8
PiperOrigin-RevId: 807985441
See `grpc_check.h`. This code redefines the abseil `CHECK*` macros using custom gRPC macros when building tests. In `bazel test ...` builds, on check failure, `PostMortemEmit()` will dump state to the log before crashing.
Caveat: to prevent circular dependencies, code that `postmortem` relies on cannot use the custom gRPC CHECK macros. This is not much code, ~50 source files. grep for the `absl/log:check` bazel dependency.
Closes#39945
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/39945 from drfloob:grpc_check ca8e46718f2021e0df79aa67a3a0b0c751b3ce44
PiperOrigin-RevId: 807452496
Introduce a centralized Resource Tracking mechanism in gRPC core, to provide a centralized way to access job-level resources.
There are multiple features in gRPC which can benefit from having better visibility into the job-level resource usage.
* Debuggability: Knowing that the Client / Server was experiencing high CPU usage at the time of some request can serve as a valuable insight for debugging poor latencies / failures.
* Load Shedding: gRPC’s ResourceQuota currently depends upon users defining limits, and only track gRPC channel-level usage. Configuring this can be difficult at times, especially if the application level usage for different requests varies significantly. In addition, visibility into Container memory usage can allow us to enable ResourceQuota by default in the future.
Closes#40698
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/40698 from siddharthnohria:container-memory b058a0ed7ef801fdd0be2bfc04e1a481f0908a5d
PiperOrigin-RevId: 807142322
Roll forward of a prior change, this change includes fixes and also memory reclamation support for orphaned domain storage.
PiperOrigin-RevId: 802204833
[PH2][Settings][Refactor] Move out a class into a separate file
Closes#40559
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/40559 from tanvi-jagtap:new_build_changes b65e26c235d7b6b981b0a1bf234894831b9bf48f
PiperOrigin-RevId: 800294338
As title
Closes#40484
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/40484 from apolcyn:bump_dev_version_202508191952 e788be57e9dc7f5e8316bee4baadec26fba3f6e6
PiperOrigin-RevId: 798331971
This change introduces a new `ResourceQuotaDomain` and registers Resource Quota related counters (`rq_calls_dropped`, `rq_calls_rejected`, `rq_connections_dropped`) within this domain. Each `MemoryQuota` now holds a reference to a `ResourceQuotaDomain` Storage instance, allowing these metrics to be tracked per resource quota. The usage sites in `chttp2_transport.cc` and `parsing.cc` are updated to use the new per-quota telemetry storage. The old global stats definitions for these counters are removed.
Introduce gauges also, and use them to report current memory pressure.
PiperOrigin-RevId: 796613444
Integrate stream data queue and List of writable streams for PH2 client
Closes#40404
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/40404 from ac-patel:streamq7 b67dbe8440a0c56f7649bdaca4592f3d7436b7ef
PiperOrigin-RevId: 795330822
1. update cfstream endpoint to open accepted socket
2. add cfsocket listener
3. enabled event engine server test in mac and ios
4. fix an issue cfstream endpoint not releasing streams
5. endpoint config is not supported
5. unix and vsock are not supported
6. e2e tests and samples will be added later
Closes#40097
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/40097 from HannahShiSFB:cfstream-server bb504c91cb5ea23d55a1093848391fc31d9a1924
PiperOrigin-RevId: 789089100
Roll forward after rollback of #39708 with the change to move `JsonLoader` impls from the `spiffe_utils.h` to `spiffe_utils.cc`. There was potential to cause a linker issue with the impls in the header.
Closes#40279
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/40279 from gtcooke94:spiffe_xds 66fce6de7a546d4cb638d79cacdd0f18718e52b4
PiperOrigin-RevId: 786762336
Change up latent-see so that it's an always-on thing.
Most of the testing code we've got so far should be updated to use `grpc_core::latent_see::Collect()` - there's a JSON exporter there, and I plan to implement a Fuchsia Trace Format one eventually too (much more compact trace representaton!).
Also added is a service (visibility protected!) that we'll be able to share with partners to allow collecting this data from real systems. That part is strictly opt-in for the moment.
Closes#39781
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/39781 from ctiller:nicety b2e855d9279ee4724961f479ba5c714c823e48a2
PiperOrigin-RevId: 786425381
Includes:
- An experiment for the v1 service, start using only the v2 api from channelz, and downgrade using the conversion library.
- An experiment to move the C APIs that wrapped languages can use to implement channelz v1.
PiperOrigin-RevId: 786039931
In order for gRPC podspecs to have the same version of Abseil as others.
Closes#40252
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/40252 from veblush:absl-ios cf3c0c6baf8eb3e3dd088c49afdf9a47a8a00925
PiperOrigin-RevId: 785457782
This is a large PR, so I wanted to provide an outline:
In the end, this is basically just changing the piping of roots around gRPC. We used to just have a single `std::string root_certificate`. Now, we can have that **OR** a `SpiffeBundleMap`. Thus, the piping was changed to use `std::variant`. The `SpiffeBundleMap` is passed around as a `shared_ptr` to reduce copies while working within the existing complex lifetime management structure.
This PR pipes from the configuration of a provider to the OpenSSL integration layer in `ssl_transport_security.cc`. It _does not_ actually configure this value in OpenSSL or use this value to do verification yet, that will be a follow-up PR.
It also handles the live updates of roots, being either spiffe bundles or a raw certificate. There's a lot of existing complex conditionals here, so I tried to add named booleans to make the different states clear and make the code more readable.
In addition, I took many of the existing tests, copied them, and swapped root certificates for SpiffeBundleMaps. As a warning, several of the testing setups are pretty dense. Further confidence with this will be built in the follow-up PR when we are actually using these values for verification in end2end flows.
Closes#39708
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/39708 from gtcooke94:spiffe_xds 1e1503af150e697dc66f4a96ee6ba9990a703acb
PiperOrigin-RevId: 784333570
The target is still a no-op for mobile platforms like android and ios
Closes#40231
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/40231 from Vignesh2208:fusion-integrate dcf2ce1b6723e2e2827ea0f728d7cf2afde478af
PiperOrigin-RevId: 783907814
We have a set of C APIs that wrapped languages can use to implement channelz v1.
Migrate these to use the conversion library, and isolate them into a new file.
An experiment is added so we can do a gradual rollout.
PiperOrigin-RevId: 783581214
[PH2] Fixing circular dependency
`Http2SettingsManager` needs `frame.h`.
Our new validation code in frame.h needs `Http2Settings`.
So we split `Http2Settings` and `Http2SettingsManager` into 2 separate header files to resolve the circular dependency.
Closes#40204
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/40204 from tanvi-jagtap:ph2_fixing_circular_dependency 17718955eb455aa8d20840d9d0a9a8712c63dd01
PiperOrigin-RevId: 783114803
Defines a new src/core:fused_filters containing registrations of fused filters and also makes changes to filter_fusion to ensure it compiles.
This PR enables registration of the fused filters under a new experiment.
Closes#39697
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/39697 from Vignesh2208:fusing-filters 34303b21c162597d54a2fbe02fcd76eaa88f5150
PiperOrigin-RevId: 780146277
Change was created by the release automation script. See go/grpc-release.
Closes#40120
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/40120 from veblush:bump_dev_version_202507041728 e403e80e566f334809e93e421d552d0b99076f68
PiperOrigin-RevId: 779336318
