|
|
|
syntax = "proto3";
|
|
|
|
|
|
|
|
package envoy.api.v2.core;
|
|
|
|
|
|
|
|
import "google/protobuf/duration.proto";
|
|
|
|
import "google/protobuf/wrappers.proto";
|
|
|
|
|
|
|
|
import "udpa/annotations/migrate.proto";
|
|
|
|
import "validate/validate.proto";
|
|
|
|
|
|
|
|
option java_package = "io.envoyproxy.envoy.api.v2.core";
|
|
|
|
option java_outer_classname = "ProtocolProto";
|
|
|
|
option java_multiple_files = true;
|
|
|
|
option (udpa.annotations.file_migrate).move_to_package = "envoy.config.core.v3alpha";
|
|
|
|
|
|
|
|
// [#protodoc-title: Protocol options]
|
|
|
|
|
|
|
|
// [#not-implemented-hide:]
|
|
|
|
message TcpProtocolOptions {
|
|
|
|
}
|
|
|
|
|
|
|
|
message HttpProtocolOptions {
|
|
|
|
// The idle timeout for connections. The idle timeout is defined as the
|
|
|
|
// period in which there are no active requests. If not set, there is no idle timeout. When the
|
|
|
|
// idle timeout is reached the connection will be closed. If the connection is an HTTP/2
|
|
|
|
// downstream connection a drain sequence will occur prior to closing the connection, see
|
|
|
|
// :ref:`drain_timeout
|
|
|
|
// <envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.drain_timeout>`.
|
|
|
|
// Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive.
|
|
|
|
// If not specified, this defaults to 1 hour. To disable idle timeouts explicitly set this to 0.
|
|
|
|
//
|
|
|
|
// .. warning::
|
|
|
|
// Disabling this timeout has a highly likelihood of yielding connection leaks due to lost TCP
|
|
|
|
// FIN packets, etc.
|
|
|
|
google.protobuf.Duration idle_timeout = 1;
|
|
|
|
|
|
|
|
// The maximum duration of a connection. The duration is defined as a period since a connection
|
|
|
|
// was established. If not set, there is no max duration. When max_connection_duration is reached
|
|
|
|
// the connection will be closed. Drain sequence will occur prior to closing the connection if
|
|
|
|
// if's applicable. See :ref:`drain_timeout
|
|
|
|
// <envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.drain_timeout>`.
|
|
|
|
// Note: not implemented for upstream connections.
|
|
|
|
google.protobuf.Duration max_connection_duration = 3;
|
|
|
|
|
|
|
|
// The maximum number of headers. If unconfigured, the default
|
|
|
|
// maximum number of request headers allowed is 100. Requests that exceed this limit will receive
|
|
|
|
// a 431 response for HTTP/1.x and cause a stream reset for HTTP/2.
|
|
|
|
google.protobuf.UInt32Value max_headers_count = 2 [(validate.rules).uint32 = {gte: 1}];
|
|
|
|
}
|
|
|
|
|
|
|
|
// [#next-free-field: 6]
|
|
|
|
message Http1ProtocolOptions {
|
|
|
|
message HeaderKeyFormat {
|
|
|
|
message ProperCaseWords {
|
|
|
|
}
|
|
|
|
|
|
|
|
oneof header_format {
|
|
|
|
option (validate.required) = true;
|
|
|
|
|
|
|
|
// Formats the header by proper casing words: the first character and any character following
|
|
|
|
// a special character will be capitalized if it's an alpha character. For example,
|
|
|
|
// "content-type" becomes "Content-Type", and "foo$b#$are" becomes "Foo$B#$Are".
|
|
|
|
// Note that while this results in most headers following conventional casing, certain headers
|
|
|
|
// are not covered. For example, the "TE" header will be formatted as "Te".
|
|
|
|
ProperCaseWords proper_case_words = 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Handle HTTP requests with absolute URLs in the requests. These requests
|
|
|
|
// are generally sent by clients to forward/explicit proxies. This allows clients to configure
|
|
|
|
// envoy as their HTTP proxy. In Unix, for example, this is typically done by setting the
|
|
|
|
// *http_proxy* environment variable.
|
|
|
|
google.protobuf.BoolValue allow_absolute_url = 1;
|
|
|
|
|
|
|
|
// Handle incoming HTTP/1.0 and HTTP 0.9 requests.
|
|
|
|
// This is off by default, and not fully standards compliant. There is support for pre-HTTP/1.1
|
|
|
|
// style connect logic, dechunking, and handling lack of client host iff
|
|
|
|
// *default_host_for_http_10* is configured.
|
|
|
|
bool accept_http_10 = 2;
|
|
|
|
|
|
|
|
// A default host for HTTP/1.0 requests. This is highly suggested if *accept_http_10* is true as
|
|
|
|
// Envoy does not otherwise support HTTP/1.0 without a Host header.
|
|
|
|
// This is a no-op if *accept_http_10* is not true.
|
|
|
|
string default_host_for_http_10 = 3;
|
|
|
|
|
|
|
|
// Describes how the keys for response headers should be formatted. By default, all header keys
|
|
|
|
// are lower cased.
|
|
|
|
HeaderKeyFormat header_key_format = 4;
|
|
|
|
|
|
|
|
// Enables trailers for HTTP/1. By default the HTTP/1 codec drops proxied trailers.
|
|
|
|
//
|
|
|
|
// .. attention::
|
|
|
|
//
|
|
|
|
// Note that this only happens when Envoy is chunk encoding which occurs when:
|
|
|
|
// - The request is HTTP/1.1.
|
|
|
|
// - Is neither a HEAD only request nor a HTTP Upgrade.
|
|
|
|
// - Not a response to a HEAD request.
|
|
|
|
// - The content length header is not present.
|
|
|
|
bool enable_trailers = 5;
|
|
|
|
}
|
|
|
|
|
|
|
|
// [#next-free-field: 13]
|
|
|
|
message Http2ProtocolOptions {
|
|
|
|
// `Maximum table size <https://httpwg.org/specs/rfc7541.html#rfc.section.4.2>`_
|
|
|
|
// (in octets) that the encoder is permitted to use for the dynamic HPACK table. Valid values
|
|
|
|
// range from 0 to 4294967295 (2^32 - 1) and defaults to 4096. 0 effectively disables header
|
|
|
|
// compression.
|
|
|
|
google.protobuf.UInt32Value hpack_table_size = 1;
|
|
|
|
|
|
|
|
// `Maximum concurrent streams <https://httpwg.org/specs/rfc7540.html#rfc.section.5.1.2>`_
|
|
|
|
// allowed for peer on one HTTP/2 connection. Valid values range from 1 to 2147483647 (2^31 - 1)
|
|
|
|
// and defaults to 2147483647.
|
|
|
|
google.protobuf.UInt32Value max_concurrent_streams = 2
|
api: protoxform tool and API reformat. (#8309)
This patch introduces a new tool, protoxform, that will be the basis of
the v2 -> v3 migration tooling. It operates as a Python protoc plugin,
within the same framework as protodoc, and provides the ability to
operate on protoc AST input and generate proto output.
As a first step, the tool is applied reflexively on v2, and functions as
a formatting tool. In later patches, this will be added to
check_format/fix_format scripts and CI.
Part of #8082.
Risk level: medium (it's possible that some inadvertent wire changes
occur, if they do, this patch should be rolled back).
Testing: manual inspection of diff, bazel test //test/..., some
grep/diff scripts to ensure we haven't lost any comments.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 08b123a8321d359ea66cbbc0e2926545798dabd3
5 years ago
|
|
|
[(validate.rules).uint32 = {lte: 2147483647 gte: 1}];
|
|
|
|
|
|
|
|
// `Initial stream-level flow-control window
|
|
|
|
// <https://httpwg.org/specs/rfc7540.html#rfc.section.6.9.2>`_ size. Valid values range from 65535
|
|
|
|
// (2^16 - 1, HTTP/2 default) to 2147483647 (2^31 - 1, HTTP/2 maximum) and defaults to 268435456
|
|
|
|
// (256 * 1024 * 1024).
|
|
|
|
//
|
|
|
|
// NOTE: 65535 is the initial window size from HTTP/2 spec. We only support increasing the default
|
|
|
|
// window size now, so it's also the minimum.
|
|
|
|
//
|
|
|
|
// This field also acts as a soft limit on the number of bytes Envoy will buffer per-stream in the
|
|
|
|
// HTTP/2 codec buffers. Once the buffer reaches this pointer, watermark callbacks will fire to
|
|
|
|
// stop the flow of data to the codec buffers.
|
|
|
|
google.protobuf.UInt32Value initial_stream_window_size = 3
|
api: protoxform tool and API reformat. (#8309)
This patch introduces a new tool, protoxform, that will be the basis of
the v2 -> v3 migration tooling. It operates as a Python protoc plugin,
within the same framework as protodoc, and provides the ability to
operate on protoc AST input and generate proto output.
As a first step, the tool is applied reflexively on v2, and functions as
a formatting tool. In later patches, this will be added to
check_format/fix_format scripts and CI.
Part of #8082.
Risk level: medium (it's possible that some inadvertent wire changes
occur, if they do, this patch should be rolled back).
Testing: manual inspection of diff, bazel test //test/..., some
grep/diff scripts to ensure we haven't lost any comments.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 08b123a8321d359ea66cbbc0e2926545798dabd3
5 years ago
|
|
|
[(validate.rules).uint32 = {lte: 2147483647 gte: 65535}];
|
|
|
|
|
|
|
|
// Similar to *initial_stream_window_size*, but for connection-level flow-control
|
|
|
|
// window. Currently, this has the same minimum/maximum/default as *initial_stream_window_size*.
|
|
|
|
google.protobuf.UInt32Value initial_connection_window_size = 4
|
api: protoxform tool and API reformat. (#8309)
This patch introduces a new tool, protoxform, that will be the basis of
the v2 -> v3 migration tooling. It operates as a Python protoc plugin,
within the same framework as protodoc, and provides the ability to
operate on protoc AST input and generate proto output.
As a first step, the tool is applied reflexively on v2, and functions as
a formatting tool. In later patches, this will be added to
check_format/fix_format scripts and CI.
Part of #8082.
Risk level: medium (it's possible that some inadvertent wire changes
occur, if they do, this patch should be rolled back).
Testing: manual inspection of diff, bazel test //test/..., some
grep/diff scripts to ensure we haven't lost any comments.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 08b123a8321d359ea66cbbc0e2926545798dabd3
5 years ago
|
|
|
[(validate.rules).uint32 = {lte: 2147483647 gte: 65535}];
|
|
|
|
|
|
|
|
// Allows proxying Websocket and other upgrades over H2 connect.
|
|
|
|
bool allow_connect = 5;
|
|
|
|
|
|
|
|
// [#not-implemented-hide:] Hiding until envoy has full metadata support.
|
|
|
|
// Still under implementation. DO NOT USE.
|
|
|
|
//
|
|
|
|
// Allows metadata. See [metadata
|
|
|
|
// docs](https://github.com/envoyproxy/envoy/blob/master/source/docs/h2_metadata.md) for more
|
|
|
|
// information.
|
|
|
|
bool allow_metadata = 6;
|
|
|
|
|
|
|
|
// Limit the number of pending outbound downstream frames of all types (frames that are waiting to
|
|
|
|
// be written into the socket). Exceeding this limit triggers flood mitigation and connection is
|
|
|
|
// terminated. The ``http2.outbound_flood`` stat tracks the number of terminated connections due
|
|
|
|
// to flood mitigation. The default limit is 10000.
|
|
|
|
// [#comment:TODO: implement same limits for upstream outbound frames as well.]
|
|
|
|
google.protobuf.UInt32Value max_outbound_frames = 7 [(validate.rules).uint32 = {gte: 1}];
|
|
|
|
|
|
|
|
// Limit the number of pending outbound downstream frames of types PING, SETTINGS and RST_STREAM,
|
|
|
|
// preventing high memory utilization when receiving continuous stream of these frames. Exceeding
|
|
|
|
// this limit triggers flood mitigation and connection is terminated. The
|
|
|
|
// ``http2.outbound_control_flood`` stat tracks the number of terminated connections due to flood
|
|
|
|
// mitigation. The default limit is 1000.
|
|
|
|
// [#comment:TODO: implement same limits for upstream outbound frames as well.]
|
|
|
|
google.protobuf.UInt32Value max_outbound_control_frames = 8 [(validate.rules).uint32 = {gte: 1}];
|
|
|
|
|
|
|
|
// Limit the number of consecutive inbound frames of types HEADERS, CONTINUATION and DATA with an
|
|
|
|
// empty payload and no end stream flag. Those frames have no legitimate use and are abusive, but
|
|
|
|
// might be a result of a broken HTTP/2 implementation. The `http2.inbound_empty_frames_flood``
|
|
|
|
// stat tracks the number of connections terminated due to flood mitigation.
|
|
|
|
// Setting this to 0 will terminate connection upon receiving first frame with an empty payload
|
|
|
|
// and no end stream flag. The default limit is 1.
|
|
|
|
// [#comment:TODO: implement same limits for upstream inbound frames as well.]
|
|
|
|
google.protobuf.UInt32Value max_consecutive_inbound_frames_with_empty_payload = 9;
|
|
|
|
|
|
|
|
// Limit the number of inbound PRIORITY frames allowed per each opened stream. If the number
|
|
|
|
// of PRIORITY frames received over the lifetime of connection exceeds the value calculated
|
|
|
|
// using this formula::
|
|
|
|
//
|
|
|
|
// max_inbound_priority_frames_per_stream * (1 + inbound_streams)
|
|
|
|
//
|
|
|
|
// the connection is terminated. The ``http2.inbound_priority_frames_flood`` stat tracks
|
|
|
|
// the number of connections terminated due to flood mitigation. The default limit is 100.
|
|
|
|
// [#comment:TODO: implement same limits for upstream inbound frames as well.]
|
|
|
|
google.protobuf.UInt32Value max_inbound_priority_frames_per_stream = 10;
|
|
|
|
|
|
|
|
// Limit the number of inbound WINDOW_UPDATE frames allowed per DATA frame sent. If the number
|
|
|
|
// of WINDOW_UPDATE frames received over the lifetime of connection exceeds the value calculated
|
|
|
|
// using this formula::
|
|
|
|
//
|
|
|
|
// 1 + 2 * (inbound_streams +
|
|
|
|
// max_inbound_window_update_frames_per_data_frame_sent * outbound_data_frames)
|
|
|
|
//
|
|
|
|
// the connection is terminated. The ``http2.inbound_priority_frames_flood`` stat tracks
|
|
|
|
// the number of connections terminated due to flood mitigation. The default limit is 10.
|
|
|
|
// Setting this to 1 should be enough to support HTTP/2 implementations with basic flow control,
|
|
|
|
// but more complex implementations that try to estimate available bandwidth require at least 2.
|
|
|
|
// [#comment:TODO: implement same limits for upstream inbound frames as well.]
|
|
|
|
google.protobuf.UInt32Value max_inbound_window_update_frames_per_data_frame_sent = 11
|
|
|
|
[(validate.rules).uint32 = {gte: 1}];
|
|
|
|
|
|
|
|
// Allows invalid HTTP messaging and headers. When this option is disabled (default), then
|
|
|
|
// the whole HTTP/2 connection is terminated upon receiving invalid HEADERS frame. However,
|
|
|
|
// when this option is enabled, only the offending stream is terminated.
|
|
|
|
//
|
|
|
|
// See `RFC7540, sec. 8.1 <https://tools.ietf.org/html/rfc7540#section-8.1>`_ for details.
|
|
|
|
bool stream_error_on_invalid_http_messaging = 12;
|
|
|
|
}
|
|
|
|
|
|
|
|
// [#not-implemented-hide:]
|
|
|
|
message GrpcProtocolOptions {
|
|
|
|
Http2ProtocolOptions http2_protocol_options = 1;
|
|
|
|
}
|