wso2 · renuka-fernando · Nov 21, 2023 · Nov 20, 2023 · Nov 21, 2023
@@ -182,6 +182,7 @@ var defaultConfig = &Config{
 				},
 			},
 		},
+		PerConnectionBufferLimitBytes: 1048576,
 	},
 	Enforcer: enforcer{
 		Management: management{

@@ -122,6 +122,7 @@ type envoy struct {
 	AwsLambda                        awsLambda
 	UseRemoteAddress                 bool
 	Filters                          filters
+	PerConnectionBufferLimitBytes    uint32
 }
 
 type connectionTimeouts struct {

@@ -36,6 +36,7 @@ import (
 	logger "github.com/wso2/product-microgateway/adapter/internal/loggers"
 	"google.golang.org/protobuf/types/known/anypb"
 	"google.golang.org/protobuf/types/known/durationpb"
+	"google.golang.org/protobuf/types/known/wrapperspb"
 )
 
 // CreateRoutesConfigForRds generates the default RouteConfiguration.
@@ -185,6 +186,7 @@ func createListeners(conf *config.Config) []*listenerv3.Listener {
 				Filters: filters,
 			},
 			},
+			PerConnectionBufferLimitBytes: wrapperspb.UInt32(conf.Envoy.PerConnectionBufferLimitBytes),
 		}
 
 		tlsCert := generateTLSCert(conf.Envoy.KeyStore.KeyPath, conf.Envoy.KeyStore.CertPath)
@@ -263,6 +265,7 @@ func createListeners(conf *config.Config) []*listenerv3.Listener {
 				Filters: filters,
 			},
 			},
+			PerConnectionBufferLimitBytes: wrapperspb.UInt32(conf.Envoy.PerConnectionBufferLimitBytes),
 		}
 		listeners = append(listeners, &listener)
 		logger.LoggerOasparser.Infof("Non-secured Listener is added. %s : %d", listenerHostAddress, conf.Envoy.ListenerPort)

@@ -46,6 +46,8 @@ func TestCreateListenerWithRds(t *testing.T) {
 	assert.NotEmpty(t, securedListener.FilterChains, "Filter chain for listener should not be null.")
 	assert.NotNil(t, securedListener.FilterChains[0].GetTransportSocket(),
 		"Transport Socket should not be null for secured listener")
+	assert.Equal(t, uint32(1048576), securedListener.PerConnectionBufferLimitBytes.GetValue(),
+		"Buffered payload limit mismatch for secured Listener.")
 
 	nonSecuredListener := listeners[1]
 	if nonSecuredListener.Validate() != nil {
@@ -58,6 +60,8 @@ func TestCreateListenerWithRds(t *testing.T) {
 	assert.NotEmpty(t, nonSecuredListener.FilterChains, "Filter chain for listener should not be null.")
 	assert.Nil(t, nonSecuredListener.FilterChains[0].GetTransportSocket(),
 		"Transport Socket should be null for non-secured listener")
+	assert.Equal(t, uint32(1048576), nonSecuredListener.PerConnectionBufferLimitBytes.GetValue(),
+		"Buffered payload limit mismatch for non-secured Listener.")
 }
 
 func TestCreateVirtualHost(t *testing.T) {

@@ -125,6 +125,8 @@ soapErrorInXMLEnabled = false
   systemHost = "localhost"
   # If configured true, router appends the immediate downstream ip address to the x-forward-for header
   useRemoteAddress = false
+  # If configured with a custom value, the buffer limit per connection will be set to the provided value.
+  perConnectionBufferLimitBytes = 1048576
 
 # Configurations of key store used in Choreo Connect Router
 [router.keystore]
-Original file line number
+Diff line change
@@ Expand Up / @@ -182,6 +182,7 @@ var defaultConfig = &Config{ @@
     				},
     			},
     		},
+    		PerConnectionBufferLimitBytes: 1048576,
     	},
     	Enforcer: enforcer{
     		Management: management{
@@ Expand Down @@