A collection of Rust-based WebAssembly programs that are deployed as Envoy filters.

pushedAt 1 month ago


Shows a dark layer5 logo in light mode and a white logo in dark mode

GitHub contributors GitHub GitHub issues by-label Slack Twitter Follow

WebAssembly Filters for Envoy

A collection of WebAssemby filters for Envoy proxy written in C,C++,C# and Rust for exercising different features provided by envoy-wasm.

See the Image Hub as a related project (a sample application). Also, see Meshery's filter management capabitilies.

Weekly Meeting Details

See all community meeting details --> https://meet.layer5.io

Join the Community!

Our projects are community-built and welcome collaboration. 👍 Be sure to see the Layer5 Community Welcome Guide for a tour of resources available to you and jump into our Slack!

Shows an illustrated light mode meshery logo in light color mode and a dark mode meshery logo dark color mode.

Layer5 Community

✔️ Join community meetings. See details on the Layer5 community calendar.
✔️ Watch community meeting recordings.
✔️ Access the Community Drive by completing a community Member Form.
✔️ Discuss in the Community Forum.

Not sure where to start? Grab an open issue with the help-wanted label.


About Layer5

Layer5's cloud native application and infrastructure management software enables organizations to expect more from their infrastructure. We embrace developer-defined infrastructure. We empower engineer to change how they write applications, support operators in rethinking how they run modern infrastructure and enable product owners to regain full control over their product portfolio.

Get the Rust toolchain

To compile Rust filters to WASM, the nightly toolchain and support for wasm compilation target is needed. Make sure you have Rust and Cargo installed using Rustup. If you're on a *nix system (Unix, Linux, MacOS), in the project root directory, run:

make rust-toolchain

This will also install wasm-pack for you. Also, take a look at installing wasm-pack for OS other than *nix.


Upstream is a webserver which is used by few of the filters mentioned above. It provides a route for :

  • Mock authentication
  • Storing Metrics
  • Retrieving Metrics

Build the docker Image for Upstream before proceeding with the examples.

Build Image:

cd upstream


Simulates handling authentication of requests at proxy level. Requests with a header token with value hello are accepted as authorized while the rest unauthorized. The actual authentication is handled by the Upstream server. Whenever the proxy recieves a request it extracts the token header and makes a request to the Upstream server which validates the token and returns a response.

Build and deploy:

cd http-auth
make run-filtered


curl  -H "token":"hello" -v # Authorized
curl  -H "token":"world" -v # Unauthorized


Collects simple metrics for every TCP packet and logs it.

Build and deploy:

cd tcp-metrics
make run-filtered


curl -v -d "request body"

Check the logs for the metrics.


Parses the contents of every TCP packet the proxy receives and logs it.

Build and deploy:

cd tcp-packet-parse
make run-filtered


curl -v -d "request body"

Check the logs for the packet contents.


An example which depicts an singleton HTTP WASM service which does an HTTP call once every 2 seconds.

Build and deploy:

cd singleton-http-call
make run-filtered

Check the logs for the response of the request.


This example showcases communication between a WASM filter and a service via shared queue. It combines the Singleton-HTTP-Call and TCP-Metrics examples. The filter collects metrics and enqueues it onto the queue while the service dequeues it and sends it to upstream server where it is stored.

Build and deploy:

cd metrics-store
make run-filtered


curl -v -d "request body" # make a few of these calls
curl -v # Retrieves the stored stats
# x | y | z  === x : downstream bytes, y : upstream bytes, z: the latency for application server to respond