►
From YouTube: WebAssembly Filters Meeting (June 28th, 2021)
Description
WebAssembly Filters Meeting - June 28th, 2021
Join the community at https://layer5.io/community
Find Layer5 on:
GitHub: https://github.com/layer5io
Twitter: https://twitter.com/layer5
LinkedIn: https://www.linkedin.com/company/layer5
Docker Hub: https://hub.docker.com/u/layer5/
A
A
Maybe
I
will
remember
that
this
is
a
45
minute
meeting,
I'm
not
sure
either
way,
it'll
give
pranav
something
to
make
fun
of
me
about
which
is
always
good,
and
so
this
meeting
runs
really
similar
to
the
rest
of
the
meetings
inside
the
layer,
5
io
or
the
layer
5
community,
which
is
which
is
well
I'll.
Just
I'll.
Let
you
internally
I'll.
Let
you
see
those
as
we
go.
A
One
of
them
is
to
check
to
see
if
we
have
any
newcomers
on
the
call
any
new
faces,
and
if
so
we
get
a
chance
to
say
hi
and
so
anand.
I
wonder
anand
have
we
gotten
a
chance
to
say
hi?
Have
you
been
able
to
introduce
on
a
call
before.
B
Hello,
hello,
yeah,
so
this
is
actually
my
first
call,
I
think
you
know
maybe
my
second
one
of
them
was
the
newcomers
and
which
was
just
an
introduction
and
the
other
one
was
a
community
meeting.
A
Yeah,
sorry,
third
one,
oh
cool
yeah
see
they
all
start
to
blend
together
after
a
while
yeah
good
did
we
get?
Did
you
see?
Okay,
well,
and
so
the
addendum
to
that
tradition
is
that
each
call
had
interests
different
parties,
different
contributors
and
so
you're
for
you're,
you're,
forced
to
say,
hi
and
introduce
yourself
on
each
call.
Because
then,
when
that's
done,
then
you'll
have
made
the
full
circle.
B
Got
it
so
my
name's
anand,
I'm
from
bangalore,
india,
and
I
just
I
mean
I
wanted
to
contribute
to
open
source,
and
I
found
this
layer.
5
community
really
cool,
so
I
just
wanted
to
you
know
get
more
into
it,
but
because
of
my
exam,
so
I'm
studying
my
third
year
of
engineering
and
so
because
of
my
exams.
I
was
just
a
little
held
back,
so
I
think
it's
time
to
make
progress.
Now,
since
it's
getting
to
the
end
good.
A
B
A
B
A
C
Knows
who
knows
they
might
just
yeah?
There's
I
learned
today,
there's
no
word
called
pre-porn
in
english
and
it's
just
an
indian
thing
to
say
free
phone.
So,
but
I
guess
it
gets
the
meaning
of
close
okay
anyway
I'll
get
on
to
my
topic.
So
last
week
I,
what
do
you
say
after
many
many
requests
from
samir?
Finally,
I
got
around
creating
the
jot
manipulator
9000,
so
this
was
to
facilitate
one
of
his
requirements
in
his.
C
I
guess
in
his
project
where
he
has
to
there's
a
header
section,
a
payload
section
and
then
there's
a
third
section
which
talks
about
the
actual
verification
parts.
That's
not
what
you
say.
That's
not
important
to
this,
but
mainly
he
wanted
to
take
headers
within
the
payload
section.
So
I
I'll
just
call
them
key
value
pairs
because
it
gets
a
little.
It's
a
mouthful
just
saying
header
headers.
C
So
he
wants
to
take
key
value
pairs
from
the
payload
and
put
them
into
the
header
section,
and
for
that
he
thought
they
had
a
microservice
deployed
doing
that
job.
But
this
is
something
that
wasn't
filter
can
easily
intercept,
modify
and
send
back,
and
so
I
got
to
work,
I
modified
the
rate
limit
filter.
I
guess
I
use
it
as
a
template
to
get
started
on
that
and
how
I
did
was
there
was
a
I'm
on
my
phone
right
now.
I
can't
really
show
it
hopefully
sami.
C
Can
you
know
if
he
has
that
sample
json
configuration,
so
he
could
post
that
on
in
the
chat,
but
basically
you
pass
in
this
configuration.
You
say:
okay,
these
are
the
key
value
pairs.
I
expect
in
the
payload
section.
C
These
are
the
key
value
pairs
I
expect
in
the
header
section
and
then
you
can
say
that
okay
sort
of
like
okay,
if
you
see
this
header
in
the
payload
shift
it
up
and
you
can,
you
can
perform
all
sorts
of
operations
based
on
the
configurations
you
pass
basically-
and
I
deployed
it
to
I
deployed
to
imagehub
so
since
this
is
something
that
can
that
should
work
with
all
jots,
so
imagehub
also
uses
the
jot
format
to
validate
plans
and
the
user,
and
I
kind
of
tested
it
out
on
that
using
mesherie.
C
I
deployed
it
over
there
I
had
to
currently
manually.
You
know,
change
some
lines
in
the
code
and
I
had
to
sort
of
change
the
value
in
that
filter
application
yaml.
But
apart
from
that,
it
was
pretty
smooth.
I
applied,
it
did
some
debugging
and
got
it
working.
The
issue
was
okay,
so
one
of
the
ways
to
test
was
directly.
You
know
access
image
hub
and
you
know
access
the
paths
that
the
filter
was
operating
on
and
the
issue
with
that
is.
C
It's
it's
clunky,
you
have
to
access
it
manually,
you
have
to
configure
stuff,
and
so
measuri
provides
this
patterns
patterns,
testing
page,
which
lets
you
put
in
a
url.
It
lets
you
put
in
whatever
headers
you
want
cookies.
You
want
anything
and
you
can
access
it
in
testing
and
it
was
pretty
good.
I
could,
you
know,
run
the
test,
but
I
couldn't
find
anything
useful
because
I
don't
know
if
it
was.
You
know
a
lack
of
lack
of
knowledge,
but
I
did
not
see
what
request
responses
were
being
sent.
C
So
I
ran
the
test.
I
ran
say:
okay,
fine
every
once
I
can
send
a
request
to
this
url
I
set
the
jot.
I
set
all
the
header
values
and
I
just
ran
it.
It
gave
me
a
countdown
timer
for
10
seconds,
which
is
what
I
had
set
it
for,
but
so
one
of
the
things
was,
I
did
not
know
when
the
countdown
was
going
on.
I
did
not
know
if
my
how
my
requests
were
looking
so
a
console
output
or
something
like
that
beside
the
timer
that
would
have
been
amazing.
C
A
close
button
would
have
been
amazing
in
case
I
to
abruptly
abort
the
performance
test.
So
that's
something
I
didn't
find.
I
tried
clicking
outside.
It
didn't
work
for
me,
so
I
don't
know
if
it's
something
wrong
with
my
deployment
or
what,
but
I
couldn't
abort
the
test.
I
could
not
see
the
outputs
of
the
request
responses
and
once
the
test
was
done,
I
was
not
able
to
observe
my
request
responses,
so
I
could
not
use
the
patterns
to
test
out
my
form
like
for
my
use
case.
C
Unfortunately,
so
I
had
to
stick
to
the
manually
deploying
and
you
know
doing
ctrl
shift,
I
in
chrome,
sorry,
firefox
and
seeing
my
request
response,
but
long
story
short.
The
filter
worked,
and
I
showed
it
to
me
saying
it
was
a
ghoul
and
I
got
my
first
star
on
my
personal
repo,
but
sadly
I
had
to
I
mean
happily,
I
had
to
put
it
on
the
volson
filter,
so
I
guess
I'm
gonna
I'll
those
that
one
star
will
be
there
on
my
wrapper
forever
I'll
cherish
it.
A
Good
deal
so
do
you?
Will
you
have
access
to
your
keyboard
later?
Yeah,
okay
and
I
say
good
yeah.
As
a
topic
later
in
the
meeting,
it
will
it'll
probably
be
helpful
to
look
at
the
well
to
understand
what
additional
tooling
measures
should
have
to
facilitate
part
of
the
process
that
you
were
just
talking
about.
The
ability
to
see
requests,
look
at
them
before
and
after
get
some
telemetry.
You
know
like
yeah,.
A
Yeah,
nice,
okay,
good!
Well,
I'm
not
sure
if
we'll
be
able
to
answer
this
right
now
or
not,
but
one
of
the
questions
you
would
you
had
asked
was
like
you
know:
it
was
about
jwt
in
general
and
whether
or
not
jots
in
general
support
updating
their
headers
or
having
their.
C
Headers
updated,
not
necessarily
head
is
updated,
so
updation
of
the
headers.
Yes,
it's
completely
supported
the
existing
values
like
the
algorithm
type
and
the
key
id
is
supported
very
much
and
a
lot
of
them
are
optional,
but
there
are
some,
you
know
default
required
headers.
C
What
I
was
saying
was,
if
you
want
to
add
a
custom
header,
let's
say,
email
that
ad
addition,
like
addition
of
your
own,
like
header,
key
value
that
I
could
not
find
any
evidence
of
it
existing.
Hopefully,
samir
has
an
update
since
he
said
his
team
was.
C
A
C
Place
there
are
total
of
eight
like
from
whatever
I
could
see.
There
are
total
of
eight
possible
values
that
can
be
inserted
into
a
header,
because
how
rust
works
is
you
can
take
a
json
and
you
can
sort
of
deserialize
it
to
a
struct
in
rust,
so
that
struct,
of
course,
will
have
fixed
number
of
values
and
in
this
case
each
header.
C
You
know
that
was
header
section
that
was
defined
by
the
jot
libraries
that
exist.
You
know
in
the
rust
ecosystem.
They
didn't
allow
you
to
add
your
own
headers.
They
always
said.
Okay,
fine.
If
you
want
to
configure
you
can
configure
any
of
these
eight
values.
You
cannot
add
your
own
values
if
that
makes
sense.
What
I'm
saying
yeah.
A
So
does
anybody?
Can
anyone
else
verify
confirm
that
that's
the
case.
C
D
So
headers
in
a
jwd
is
basically
it
has
a
key
value
pads
of
what,
for
example,
what
algorithm
is
used
and.
C
What
yeah
yeah?
What
key
id
you
have,
the
I
think
particular
I
guess
there
are
eight
of
them.
I
I'm
not
too
sure,
and
this
this
last
week
was
the
first
time
I
was
directly
working
with
john,
so
yeah
I'll
just
share
my
screen
is
that
fine,
no.
A
F
So
when
you
said,
is
it
like
that
only
that
shot?
So
I
think
there
are
three
parts
hit
up
period
and
signature
so
is
it
is
it
has
to
be
absolutely
in
heather
or
can
it
be
in
payload?
Also,
that's.
C
All
yes,
samir,
okay,
I
think
we
can
like.
Could
you
hold
these
questions
because
sameers
is
going
to
be
also
talking
about
the
testing
of
the
jot?
What
is
a
jot
manipulator
and
then
I
guess
it'll
wrap
up
nicely
and
the
requirements
that
he
needs
will
also
be
clarified
to
you.
C
So
to
answer
the
question
until
a
few
days
ago,
yes,
it
was
required
that
you
know
some
of
the
key
value
pairs
of
the
headers
had
to
be
shifted
from
the
payload
to
the
header,
and
that
was
a
requirement,
but
then,
after
you
know,
I
raised
the
concern
that
headers
might
not
support.
You
know
adding
whatever
you
wanted
to
them.
I
guess
his
team
has
made
some
changes,
so
I
guess
samir
you
could
start
your.
E
G
G
G
E
Yeah,
so
what
exactly
like
you
know
what
prana
was
explaining?
So
if
I
was
like
you
know,
please
correct
me
if
I'm
wrong.
So
currently,
this
is
the
jrwt
okay,
which
is
being
passed.
So,
as
you
see,
there
are
three
like
you
know,
portion
to
it,
one
once
one
is
with
red
which
is
corresponding
to
header.
E
E
Yeah,
so
if
you
can
see
this
one
so
it
it
will
take
one
easier
which
is
particularly
this
website,
which
is
our
zero
website
and
from
there
we
get
the
jwks
uri,
which
is
also
from
this,
like
you
know,
from
this
particular
or
zero
application
or
website.
E
So
when
we
pass
this
particular
like
no
request,
let's
say
there
are
two
requests,
so
one
is
being
front
end
and
another
being
backend.
So
whenever
there
is
a
request
goes
to
the
back
end.
It
get
like
you
know,
evaluated
depending
upon
depending
upon
these
values,
which
is
email
and
another
is
sub.
E
These
two
value
get
like
you
know
faced
by
our
backend
or
the
backend
system,
and
then
the
request
has
been
evaluated.
So
what
we
are
following
is
we
are
just
like
you
know,
passing
these
two
values
to
this
jwt
header,
not
the
http
header.
So
this
essentially
comes
with
a
like.
You
know:
authorization
header,
if
you
see
from
here,
we
have
this
token,
which
goes
as
a
authorization,
okay
and
from
this
authorization.
E
What
we
are
doing,
we
are
manipulating
this
payload
and
moving
this
email
as
well
as
this
sub.
To
the
header
of
this
jwt
token,
and
when
this
particular
thing
hits
the
another
api,
so
those
two
things
get
captured
and
then
the
request
happens
or
the
response
has
been
executed
or
anything
like
whatever
response
or
whatever
business
logic.
It
has
to
run.
It
is
running.
E
It
is
not
giving
any
error
because
it
is
being
evaluated
first
in
the
ny
proxy,
which
is
in
our
in
ingress
gateway,
istio,
ingress
gateway
and
from
there
once
the
it
passes
that
then
this
particular
thing,
like
you
know,
get
omitted
or
get
deleted
by
the
filter
which
pronoun
has
created.
So
there
is
no
evaluation
in
any
of
the
other
envoy
proxies
so
far.
That
is
why
it
is
not
giving
a
problem,
but
whenever
the
architecture
changes,
whether
you
need
this
authorization
or
authentication
happens
in
every
invoice
and
why
proxy?
E
C
Yeah
pretty
much
so
one
of
the
things
is
okay,
so
you
have
now
decided
to
maintain
the
fields.
E
Can
you
see
this
decode
jw
and
put
serving
to
the
request
header
yeah,
but
this
is
not
been
implemented
by
istio
yet
so
that
is
where
I
have.
I
have
also
asked
them,
and
they
told
claims
are
not
something
which
directly
handles
you
can
add.
More
claims
here
there
is,
doesn't
seem
to
be
anything
in
the
request,
authentication
resource
that
would
allow
you
to
pull
out
of
the
specific
claims
in
the
headers,
because
the
crd
which,
like
you
know
this
particular
thing,
is
part
of
request,
authentication.
C
E
Okay,
is
it
not
capable
of
doing
like
you
know,
getting
the
specific
claims,
specific
claims?
Oh
one.
Second,
I
don't
know
where
it
is
coming
then
specific
claims
from
this
payload
and
put
it
as
a
header,
so
in
instead,
what
it
can
do
is
what
it
can
do
is
it
can
just
provide
you,
the
output
payload
to
header,
so
this
particular
payload.
What
you
have
you
can
pass
these
things
as
a
custom
header
to
the
next
available
microservices
or
wherever
you
need
and
from
there
you
can
fetch
it
from
here.
E
Like
you
know,
if
you
give
some
name
to
here,
sorry,
if
you
give
some
name
like
my
jwt
header
or
something
they
have
given
so
in
this
header,
all
those
claims
values
will
be
there
and
in
in
your
application,
wherever
you
want
to
do
any
of
the
manipulation
you
have
to
extract
those
value
using
this
particular
header,
because
now
this
particular
header
holds
all
your
claims,
but
the
direct
adding
of
claims
which
is
basically
of
this
kind
like
it
has
been
opened
in
very
much
to
2019
and
still
it
is
active
and
they
are
planning
to.
E
So.
If
you
see
currently
ist
authorization
or
the
op
ad
after
true
or
false
results,
it
doesn't
modify
the
headers
if
it
comes
popular
requirement.
We
may
consider
supporting
this,
so
this
particular
thing
has
not
been
supported
yet
so
what
you
can
do
is
you
have
to
write
a
lua
filter
if
you
want
to
go
through
or
you
have
to
make
use
of
the
rust
filter,
the
way
which
we
are
doing
right
now.
C
E
C
E
C
E
So
now
why
it
has
come
up,
so
we
have,
like
you
know,
did
some
kind
of
those
things
and
whenever
we
had
a
like
on
a
security
audit,
two
days
back,
we
saw
there
are
unauthorized
requests
happen
to
our
backend
or
the
services,
and
when
we
like,
you
know
understood,
or
we
thought
what
exactly
the
issues
is
happening
that
we
found
out.
C
E
C
Sent
a
particular
link
that
goes
to
an
rfc,
I'm
on
my
phone,
so
the
hyperlink
is
not
working
properly,
but
if
could
you
open
it
on
your
screen,
perhaps.
E
E
D
A
Pranav,
did
you
also
look
at
the
well
the
other,
jot
utilities
that
monda
jog
was
writing
the
there
was
a
link
I'd
sent
to
an
istio
repo.
C
Right,
I
did
check
it.
It
looked
a
bit
complicated,
so
I
didn't
really
get
the
complete
picture.
As
of
yet
okay.
C
Right
that
is
no,
we
are
not
signing
it
again.
That's
another
concern
I
had
because
we
are
manipulating
it
right
so
like
according
to
samir.
His
use
case
was
just
what
do
you
say,
modify
it
and
the
authorization,
the
authentication
is
already
done,
so
you
can
modify
it
freely.
So
I
didn't
bother
too
much
about
the
signature.
E
That
is
why,
after
like
you
know-
and
this
is
also
the
context-
is
gateway,
so
it
doesn't
have
anything
to
do
with
the
authentication,
and
this
is
also
insert
after.
E
C
So
the
thing
is,
since
this
filter
is
supposed
to
be
general
purpose,
I'm
just
thinking
about
the
decision
to
like
maintain
what
you
say:
the
ability
to
manipulate
header
values.
So,
like
you
have,
what
do
you
say?
Maybe
I
could
fork
the
existing.
What
do
you
say
the
existing
jot
filter?
I
mean
jot
libraries
and
try
and
add
stuff,
not
sure
how
much
time
that
will
take,
but
okay
yeah.
C
So
my
only
concern
is
that,
because
you
want
to
keep
the,
what
do
you
say,
you
want
to
be
able
to
add
custom
values
to
your
header.
Yes,.
C
Right
but
again,
the
thing
is:
if
it
is
not
too
spec,
should
we
allow
that
because,
like
again
it,
this
is
supposed,
the
spec
exists
for
the
reason
that
everything
should
just
work
like
you
should
trust
the
interfaces,
a
particular
library
or
a
particular
program,
provides
so
if
you're
getting
custom
headers
as
well,
and
that
is
not
too
spec
that
might
cause
other
issues,
sure
you
can
experiment
and
whatnot,
and
this
jot
manipulation
thing
will
be
there,
but
should
it
be
supported
further
now
like
further
on
and
like
utkarsh
said
well
after
manipulation,
one
would
want
to
what
do
you
say,
regenerate
the
signature,
so
for
you,
you
might
not
need
that,
but
for
others
who
want
that
job
to
manipulate,
like
you
know,
maintain
its
integrity.
E
Yes,
yes,
so
it
should
be.
That
should
be
a
standard
one
and
I'll
just
show
you
this
one.
So
if
you
can
like
want
to
see
how
exactly
a
lua
filter
looks,
so
that
will
give
you
more
idea.
Okay,
so
here
is
the
lua
filter
way
of
doing
it.
Can
you
see
this
much
code?
This
is
something
and
finally,
finally,
it
is
just
two
lines
here
which
they
are
adding.
E
Yeah
so
payload
is
here:
I
don't
know
where
it
is
now.
I
guess
it's
in
jwdio
yeah.
This
is
the
payload
part,
so
you
need
only
two
of
these
fields
to
be
replicated
on
the
header
right.
E
Anything
like
you
know,
most
of
people
need
email
yeah.
So
what
I
was
thinking
is,
basically,
you
can
annotate
the
fields
so
that
would
read
and
pass
away
the
pass
away
those
fields
to
the
http
headers
like,
for
example,
if
you
need
email
in
http
editor,
what
you
can
do
is
you
can
name
it
as
http
underscore,
email
or
or
maybe
some
kind
of
a
general
annotation
that
we
can
come
up
with,
so
that
you
can
annotate
those
many
fields
and
the
filter
would
read
them
and
replicate
those.
C
E
Issue
with
having
this
generic,
it
cannot
be
generic.
It
cannot
be
generic
because
the
jwt
payload
can
be
like
you
know,
declared
by
users,
so
there
can
be
much
much
more
values
and
fields
so.
C
That's
so
payload
and
claim
are
interchangeable
from
what
I
yeah.
So
I
like
the
claims
are
user
defined
the
headers.
They
have
fixed
number
of
fields,
eight
in
total,
including
the
algorithm
type
and
the
key
id
so
on
and
so
forth
and
those
those
two
are,
I
think,
the
compa,
the
required
ones
other
than
that
all
the
others
are
optional.
But
you
cannot
add.
Custom
headers
is
the
conclusion.
C
C
Yeah,
you
cannot
touch
it
like.
You
can
modify
the
values
of
the
existing
fields,
but
you
cannot
touch
the
I
mean
you
cannot
change
or
add
your
own
stuff.
E
Yeah,
so
basically,
I
didn't
understand
why
it
cannot
be
dynamic
in
case
of
payload.
So
basically,
I
understood
that
there
can
be
multiple,
more
values
for
different
jwd
tokens,
but
the
intention
is
to
replicate
the
end,
those
number
of
fields
that
are
two
http
headers
right.
E
Yes,
yes,
yes,
so
like
basically
one
thing
that
you're
saying
is
that
you
pass
or
you
give
it
as
an
input
saying
that
these
are
the
fields
are
needed
for
hdd
behaviors
you're.
C
What
I
mean
is,
there's
a
what
do
you
say,
a
json
that
is
passed
to
the
filter
when
the
volume
vm
loads
up
and
then
this
json
tells
okay.
These
are
the
it's
custom
defined
so
depending.
A
E
C
E
Instead
of
having
a
separate
json,
if
you
annotate
the
current
fields
and
if
the
filter
understands
saying
that,
let's
say
if
this
particular
field
has
a
prefix,
let's
start
with.
C
It
needs
to
be
no,
that's
not
an
issue
yeah.
That's
that's
pretty
easy.
That's
not
an
issue!
I'm
just
saying
that
if
you
have
this
already
the
configuration,
why
would
you
need
that
as
well.
D
So
I
don't
understand
what
the
challenge
is
like
basically.
C
No,
no,
no,
there's
no
challenge
as
such,
so
currently
again.
Jot
manipulator
has
there's
a
decision
being
made
whether
to
continue
support
the
addition
adding
and
deleting
headers
or-
and
there
is
a
challenge
that
you
know
if
we
do
continue,
how
we
gonna
again
regenerate
that
what
do
you
say,
signature,
and
if
we
decide
to
go
with
regenerating
the
signature,
then
I
would
have
to
use
a
default
library
which
would
then
again
bring
us
back
to
stage
one
where
you
cannot
change.
E
E
Yes,
so
why
we
are
doing
that
because,
as
I
told
we
are,
we
were
just
like
you
know
progressing
in
our
development,
so
we
thought
to
take
the
authentication
already
happening
in
the
istio
ingress
gateway.
So
there
is
no
need
of
this,
but
whenever
it
goes
by
the
security
center
of
azure,
it
can
catch
it.
E
A
C
But
what
will
be
what
I
will
be
changing?
Potentially,
if
you
know
everyone
agrees,
this
is
the
best
way
to
move
forward.
Is
that
I
would
be
using
a
standard
jot
library,
to
you,
know,
regenerate
the
signature
and
to
modify
the
claims
and
to
also
be
able
to
provide
an
interface
to
change
the
values
in
the
header
for
the
existing
values.
C
So
I
will
remove
the
ability
to
add
your
own
headers
and
delete
your
own
headers
deletion.
I
think
it's
fine,
since
it's
an
option.
Okay,
never
mind
that
deletion
is
fine,
but
the
addition
of
your
own
headers,
I
will
be
removed.
A
But
we
can
yeah,
I
guess
the
to
comment
on
that
is
all
of
the
above
is
fine
like
to
insert
a
virus
to
blow
up
your
computer
to
send
a
nuclear
missile
to
what
you
know
like
these
aren't
things
that
it's
not
to
say
that
we're
proponents
of
these
things
of
but
to
but
these
get
included
as
descriptions
in
the
readme
that
say:
hey.
If
you
were,
if
you
do
this,
then
your
signature
will
be
invalid.
A
Here's
the
ability
to
you,
know,
update
your
signature
like
it's,
not
we're,
not
implicitly
we're
not
delivering
we're,
not
building
a
nuclear
bomb
and
delivering
it
to
people.
Rather
we're
saying
this
is
how
one
could
do
it
and
and
it's
your
environment.
So
if
it's
okay
with
you
not
to
have
you're
not
to
have
your
signature
be
off,
then
then
that's
your
decision
on
in
your
infrastructure,
so
so
yeah.
A
C
A
Yeah
we
want
to
start
and
like
in,
like
it's
a
it's,
a
an
appropriate
conversation
to
have,
and
it's
an
appropriate
thing
to
document
it's
an
appropriate
thing
to
make
not
the
default.
You
know
like.
I
don't
know
that
that
applies
in
this
case
about
defaults,
but
just
in
general
to
like
make
cab
notes
and
caveats
about
and
to
make
it
such
that
people
are
opting
in
or
that
they
would.
A
You
know
they
have
to
know
what
they're
doing
things
like
things
like
that,
like
you
know,
reasonable
things
of
like,
like
it's
like
part
of
this,
comes
to
a
question
I'll
give
a
quick
example
of
when
you
go
buy
a
wireless
router
today.
If
you
go,
buy
a
router
and
plug
it
in
at
home,
it
will
undoubtedly
it
will
undoubtedly
have
a
default
password
at
a
minimum.
Maybe
it
has
other
secure
security
considerations.
A
It
used
to
be
the
case
that
that
wasn't
true
like
hey,
you
just
set
them
up
and
they're
open
by
default
and
or
they
have
a
default
password.
They
don't
make
you
reset
it.
So
if
you
bought
a
very
popular
wi-fi
router
that
you
can
get
cracked
easily
and
so
like
as
a
as
an
industry,
people
have
reflected
and
trying
to
do
better,
secure
practices.
But
but
even
then,
it
was
legitimate
that,
like
hey
you,
the
user
should
have
changed
it
or
you
should
have
anyway.
People
really
do
know
what
they're
they'll
be
aware
of.
A
E
Yes,
yeah
just
want
to
tell
if
they
are
using
something
kind,
like
you
know,
as
as
your
as
their
as
your
defender
services
and
all
it
may
catch,
but
from
the
security
point
of
view,
if
you
see
it
is,
it
is
like
you
know
it,
it
is
secured
because
whenever
a
request
comes,
it
goes
via
your,
like.
You
know,
istio
ingress,
where
already
the
request
has
been
set
and
everything
like
you
know,
whatever
communication
happens
inside
the
cluster,
that
already
has
the
cluster
ips,
not
the
load
balancers.
E
A
Yeah
yep,
so
it's
it's,
a
good
can
yeah
great
moving
on.
I
could
say
it's
an
appropriate
thing
question
to
be
asked
like,
and
it
can
make
sense
that
maybe
there's
a
there's
another
version
that
doesn't
allow
that
or
that,
like
there's,
it's
kind
of
it's
one
of
those
things
too.
It's
sort
of
like
another
good
example
that
gets
into
gray
area
is
like
well,
let's
say
that
we're
we're
hosting
filter
hub.
A
Let's
say
that,
because
actually
it's
funny,
I
was
going
to
use
the
example
of
like
docker
hub
there's,
all
kinds
of
docker
images
out
there
container
images
out
there
and
they're
laden
they're
laden
with
security
issues,
vulnerability,
issues,
okay,
well,
what
stock
are
doing,
disseminating
and
letting
the
world
you
know
share
those
things
well
like
there's
a
difference
between
official
images
and
other
images
and
like
docker,
gives
integrates
with
snick
now
and
helps
people
sneak
and
helps.
A
People
like
I
guess
what
I'm
saying
is
like
these
types
of
issues
are
everywhere
and
it
would
be
another
one
of
those
like
it'll
happen
where,
if
we
do
end
up
with
a
filter
hub
or
or
something
similar
that
that'll
be
a,
this
will
be
kind
of
one
of
those
same
questions.
If
someone
intentionally
designed
a
filter
that
like
is
built
for
purposes
of
extracting
emails,
and
then
you
know,
posting
them
on
the
internet
and
sending
them
to
to
spam
generators
like
well,
maybe
we
would
decide
that
that
goes
against
policy.
A
You
were
over
like
overarchingly
success,
but
we
need
we'll
need
to
get
the
pr
sameers
or
pronouns
pr
merged.
Yes,.
E
So
yeah,
I
would
like
to
thank
him
because
it
really
made
our
work
done
so,
but
yes,
so
the
additional
requirement
which
is
which
we
got
that
I
would
say
that
is
because
of
pranam.
Somehow
he
has
to
take
it
up
so
you're
welcome.
A
Fantastic
well
we'll
we
will
there's
some
things
to
follow
up,
then
I'm
so
garov,
let's
get
into
let's
get
into
your
area
and
see
if
we
can
make
this
so
now
that
samir
has
at
least
the
first
the
start
of
the
tool
that
he
needs
like.
How
do
we
make
this
easy
to
consume
easy
to
deploy
easy
to
monitor
ongoing?
A
How
does
samir
know
which
envoy
filters
have
the
filter
and
like
he
can
answer
some
of
those
questions
today,
but
how
do
we
make
it
just
a
lot
easier.
G
G
G
So
I
have
just
implemented
the
schema
for
the
filter,
ui
for
supporting
and
handling
the
wasm
configurations,
so
yeah.
Based
on
that,
I
have
also
updated
my
changes
in
the
pr
itself
and
I
was
supposed
to
finish
it
off
by
weekend,
but
yeah
due
to
vaccination
and
it's
the
fact
I
was
not
able
to
complete
it.
So
we
completed
it
soon,
so
yeah.
What
I've
just
done
over
here
is
I've
added
a
add
button
icon
over
here,
which,
when
we
hover
over
it,
it
shows
filter
configuration
when
we
click
over.
G
Here
we
got
a
rgfs
react
reaction,
schema
so
where
we
can
add
on
our
rules
for
the
for
the
version
files,
and
we
can
just
define
our
parameters
and
all
rate
limiter
and
all
so.
Based
on
previous
discussions
with
turner,
I
have
implemented
this
one.
G
Yeah
is
this
kind
of
a
schema
fine
yeah.
C
Be
manually
like
you'll
have
a
button
or
something
that
will
toggle
to
the
notepad
view,
which
you
can
manually
add
your
json
right.
G
Yeah
that
would
be
also
done
over
here.
Okay,.
C
G
So
currently
it's
not
accepting
any
pre-rendered
values
or
when
we
add
a
rule
type.
C
C
Or
do
you
want
to
say
key
value,
I
I
don't
know
which
one's
more
generic
so
key
value.
I.
G
Think
key
value
would
be
more
efficient
and
precise,
yeah
yeah,
so
is
this:
what's?
Is
this
some
kind
of
a
similar
based
on
what
we
discussed.
G
C
Others
would,
I
guess,
once
it's
an
action,
we
would
be
able
to
ask
for
a
solid
feedback
about.
G
Because
I
referenced
it
from
soham's
filter,
rgfs
filter
from
the.
G
E
Not
really
worsening,
because
that
is
again
a
tool
so
just
to
see
what
exactly.
If
I
could
go
to
my
like
you
know
at
least
last
two
history.
It
should
show
me
what
exactly
so.
C
I
I
guess
later
down
the
line,
what
I
was
once
this
feature
is
sort
of
baked
in
well
enough.
I
was
thinking
that
there
should
be
sort
of
a
list
of
previous
configurations,
so
you
would
be
able
to,
I
guess,
copy
it
and
make
a
new
one
and
rename
the
new
one
so
for
each
filter.
When
you
click
on
it,
could
you
click
on
one
for
right
now,
yeah.
G
C
Okay,
okay,
so
okay
hold
up,
could
you
could
you
go
back
to
that
page
where
the
filter
config
you
could
enter
like.
F
C
Right
so,
okay
yeah
one
one
thing
I
want
I
was
hoping
for
was
instead
of
having
that
plus
button.
You
know
over
there
on
top
of
that
thing
next
to
each
filter,
that's
where
it
should
belong,
so
you
would
have
one
filter
like
that.
You
would
upload.
One
was
in
file
and
linked
to
each
version.
File
would
be
multiple
filters,
so
this
form
should
be
actually
associated
with
the
filter,
not
the
entire.
C
G
Yeah,
that
makes
sense,
but
as
you
told
that
we
should
have
a
button
that
when
a
user
is
not
having
a
default
filter
file
or
anything
so
that
he
can
also
like
add
up
from
here
itself.
No.
C
A
direct
one:
okay,
so
you,
okay,
fine
cool
yeah.
That
clears
it
up.
G
Uid
evolution
yeah.
I
want
to
ask
currently
that,
should
I
implement
this,
enable
this
check
box
feature
in
the
application
and
patents
too.
A
Do
I
might
have
missed
it,
but
did
do
we
have
the
ability
to
apply
deploy?
These
apply
them?
No,
not
here
so.
A
C
F
So
yeah
as
saying
that
applying
configuration
in
onward
filter
configuration
that's
done,
but
in
terms
of
pattern
at
least
you
can
actually
deploy
that.
However,
this
particular
custom
configuration
that
is
the
filter
configuration,
that's
not
something
I
I'm
basically
I
I
also
think,
but
I'm
not
quite
sure
that
what
the
progress
there
is.
F
I
also
had
one
question
for
regard
so
here
when
gaurav
actually
pressed
on
that
I
like
that,
render
out
of
the
form
this
form
is.
I
think
this
is
specific
to
the
rate
limit.
F
C
It
was
the
exact
question
I
was
posing
last
time
so
when
we
had
a
conversation
with
gaurav
about
this,
and
the
conclusion
was
basically
that
you
know
we're
going
to
have
a
format,
and
I
guess
I
saw
also
he
sort
of
told
that
you
know
you
can
specify
adjacent
manually
and
you
can
give
that
option
which
I
was
you
know
completely
for,
but,
as
I
mentioned
last
time,
the
format
I
came
up
was
specific
to
what
is
an
application,
which
would
so.
C
C
So,
in
that
sense,
if
you
see
the
rate
limit
filter,
you
know
the
project,
that's
on
up
on
image
hub,
so
over
there
you
will
see.
I
have
structured
the
rust
code
in
a
way
that
you
can
add
more
rules,
so
not
just
rate
limit
filter.
I
can
add
the
jot
manipulator
as
well
to
it.
I
can
do
a
lot
more,
so
it's
supposed
to
be
one
filter
to
rule
them
all
sort
of
thing.
C
So
with
that
in
mind,
this
is
the
format
I
have
come
up
with
where,
depending
on
what
path
you,
depending
on
a
route,
you
have
there's
a
particular
filter
for
that
rule
for
that
route.
Sorry,
so
no
it's
not
only
for
the
rate
limit
filter,
but
yes
to
in
the
sense
that
you
have
this
fixed
format,
and
I
guess
it
was
decided
that
you
know
it's
up
to
the
people
whether
they
want
to
follow
this
format
or
specify
something
custom.
That
is
what
was
the
conclusion
last
time.
C
G
E
And
just
one
thing
like
you
know,
I
couldn't
understand
how
exactly
the
filter
config
work
work
at
the
back
end,
and
that
is
why
I
have
just
you
know:
use
the
config
map
to
store
this
filter
and
do
it
from
there.
E
A
E
Yes,
and
and
also
does
it
create
an
additional
sidecar,
or
does
it
directly
goes
to
the
invoice
side
car,
which
is
there.
A
Right,
yeah
or
yeah,
and
in
addition
to
that
like
is
well
yeah.
So
there's
that
and
then
at
the
point
by
which
it
it
is
applied.
A
A
A
Yeah,
I
think
that
end
up
being
probably
end
up
being
both
that
one
that
you're
right,
that
it's
probably
easier
to
be
done
in
mesh
map,
because
you'll
have
you'll
visually,
be
able
to
see
the
fact
that
these
things
are
flowing
in
this
direction
and
before
or
after
one
another,
yes,
but
but
we
we
also
do
want
to
facilitate
a
well
a
form
based
of
the
conventional
measure.
A
Ui
based
configuration
I
mean
just
it
might
be
yeah,
you
know,
since
it
isn't
as
visual
in
nature,
it
may
be
harder
to
understand,
but
that's,
but
we
still
want
to
allow
people
to
achieve
that
in
even
outside
of
those
two
visual
clients
we
do
the
same.
We
do
need
to
support
this
a
way
of
people
describing
those
in
pattern
files
to
describe
the
fact
that
this
one
comes
before
that
one
or
is
it
you
know
like
and
so
carson
gorov
like
I
don't.
A
A
It
sounds
like
what
isn't
necessarily
supported
is
the
right.
I
don't
know,
I
guess,
is
it
not
the
registration
of
that
capability
or
where
are
we
at.
F
So
right
now
the
state
like
on
onward
filter
state
in
pattern
is
that
you
can
actually
configure
basically
pass
in
a
conveyor
filter
configuration
the
same
configuration
that
you
may
do,
while
just
while
writing
the
manifest
the
html
is
the
only
filter
manifest
you
can
do.
All
of
that
using
patterns
you
can
pass
in
custom
configuration.
There
are
also
the
input
in
p64.
F
So
that's
all
is
supported,
however
uploading,
so
what's
not
supported
is
which
I
think
that
navindo
was
working
on
was
basically
uploading,
your
custom
binaries
or
wasn't
binaries
to
the
server
using
buttons.
The
reason
that
we
chose
patents
was
was
because
of
some
limitations
that
we
have
right
now,
the
communication
limitation
that
we
have
between
adapters
and
server,
but
yeah.
That's
something.
That's
not
supported
uploading.
The
binaries,
however
configuration
and
those
kind
of
things
that's
completely
supported.
F
A
That
makes
sense,
I
mean
so
to
re-articulate
that
what
we're
saying
right
now
is
that
it's
a
there's
like
a
two-step
operation,
to
using
a
custom
filter
or
like
potentially
three-step,
but
that
one
you
would,
as
a
user
upload
your
filter,
binary
and
your
filter,
config
and
then
two
in
a
pattern
file.
You
would
reference
that
filter.
A
And
potentially,
then,
from
there
just
apply
the
pattern.
The
pattern
references,
the
filter
as
it's
loaded
in
meshri.
C
So,
like
the
worst
case
scenario
for
the
uploading
thing,
if
it's
not
possible
from
the
you
know,
just
using
the
pattern
patterns
directly
or
you
know
just
by
pushing
it
is
that
currently
the
way
it's
being
done
is
that
there
is
an
intermediate
instance
being
created
which
then
handles
you
know
deploying
the
binary
itself
and
this
instance.
Then
what
one
can
do
is
that
j,
it's
it's
basically
a
json
file
and
over
there
it's
manu.
It's
like
curl.
C
It's
like
you,
know
doing
curl
on
a
url
pulling
it
from
some.
You
know
internet
resource
and
then
getting
it
through.
So
if
you
can
provide
that
path
or
that
uri,
for
you
know
the
json,
so
basically
I'm
saying
generate
the
json
and
point
it
towards
some
resource
that
is
available.
You
know
to
be
pulled
by
the
curl
path
or
if
you
attach
a
volume
to
that
intermediate
instance,
then
you'll
be
able
to
what
do
you
say,
give
that
binary
without
really
having
to
use?
E
E
Now
I
take
the
reference
from
this
particular
article,
but
yes,
that
is
why
I
was
like
not
asking
like
if
we
can
see
how
exactly
the
things
are
working
like
you
know
from
where
this
configure
taken
and
how
it
is
being
applied
if
it
is
working
as
a
separate
instance
of
a
sidecar,
or
is
it
a
kind
of
this
config
which
is
applied
on
the
side
curve
which
works
as
a
involved
filter
in
live
stream?
So
that
because
why
I'm
telling
you
that
will
help
us
to
understand
the
load
of
the
workload
like
what?
A
Yep,
there's
a
yeah
there's
a
lot
of
more
value
to
add
here,
which
one
which
filters
are
deployed,
how
you
know
what
what
config
are
they
currently
running?
What's
the
overhead
that
they're
incurring
like
a
lot
of
so
as
we
go
to
wrap
up
because
we're
over,
I
just
wanted
to
say
hi
to
anirban
real,
quick,
so
anirban,
I
I
can't
recall
if
you
had
a
chance
to
introduce
okay.
D
Sure
sure
so
hi
this
is
anirban.
So
I
I
had
a
meeting
I
I
joined
the
meeting
for
the
normal,
the
normal
missionary,
which
we
have-
and
I
think
I
had
attended
it
last
week,
but
I
was
little
busy
due
to
certain
events,
so
this
is
the
first
time
I'm
I'm
just
attending
it.
So
I
am
basically
a
cc
plus
guy
and
have
knowledge
on
pearl
and
shell
scripting
and
to
some
extent
python
and
colon,
so
I
am
purely
from
networking
domain.
D
So
I
worked
a
lot
of
stuffs
on
networking,
so
I
wish
to
contribute
on
the
vassam
filters,
which
is
written
rust
to
be
migrated
to
c
plus
plus,
so
I'm
still
trying
to
understand
the
stuff,
because
I
am
also
working.
So
I
have
15
plus
years
of
experience
and
I'm
I'm
trying
to
spend
some
time
on
this-
probably
late
office
hours
af
after
I'm
done
with
my
meetings
and
all
and
so
that
I
can
contribute
very
soon.
So
I'm
going
through
the
newcomers,
videos
and
all
the
documents
and
minutes
so
guys.
D
Please
help
me
to
so
that
I
can
quickly
come
up
to.
C
D
C
A
Printer,
oh
yeah,
sure,
yes,
there's
and
plaque,
and
so
do
you
very
very
briefly.
One
of
the
use
cases
is
to
take
advantage
of
the
fact
that
envoy
can
capture
packets
and
envoy
can
well
mirror
packets,
one
and
then
also
capture
packets,
and
then
we
can
replay
those
and
so
there's
a
lot
of
use
cases
around
those
capabilities
so
and
you're
gone.
D
Thanks
a
lot
lee
thanks
a
lot
lee,
so
it
might
take
some
time
because,
as
I
said,
I'm
also
working-
and
I
have
to
I'm
also
part
of
a
team,
and
I
need
to
do
some
individual
contributions
as
well.
So
I
need
to
kind
of
balance
my
time
between
this
and
the
open
source
freelance
work.
A
You
that's
perfect,
you
know.
Actually
one
thing
that
we
could
potentially
do
is
is
put
together
start
to
learn,
envoy's
capabilities
around
mirroring
traffic,
capturing
and
sort
of
you
know.
D
Yeah,
that
would
be
really
great
because
when
we
talk
about
vasim
filters,
I
I'm
not
purely
from
that
background,
so
I'm
not
from
the
web
services
background,
so
I'm
more
interested
in
packet
stuff.
So
but
anyway,
I'm
trying
to
get
over
it,
but.
C
If
there
is
something,
if
you
would
like
you
and
I
could
have
a
meeting-
and
I
could
just
give
you
a
brief-
you
know
walk
through
so
you
could
understand
what
exactly
was
it.
I
I
mean
I
myself
don't
know
like.
Hopefully,.
D
Let
me
know
when
we
can
meet
up
so
tomorrow.
I
will
have
a
very
hectic
schedule
and
like
that.
C
So
just
message
me
on
slack:
we
can
then
sure
sure
sure.
C
Can
you,
please
include
me
on
that
yeah
sure
sure
samir,
so
one
thing
I'll
try
to
do
that
header
thing
and
we'll
talk
about
that
also.
A
Okay,
awesome
see
you
guys
next
week
see
you
in
slack
it's
a
great
meeting.