protoxform: normal next free field annotation (#8433)

Generate or format next free field annotation via protoxform. Risk Level: low Testing: N/A Docs Changes: N/A Release Notes: N/A Fixes #8429 Signed-off-by: Yi Tang <ssnailtang@gmail.com> Mirrored from https://github.com/envoyproxy/envoy @ 986173ed516dcc1c3dea7db90659ed993d0aad75
5 years ago · 1dd3555a28
parent c83ed7ea9e
commit 1dd3555a28
107 changed files with 198 additions and 0 deletions
--- a/envoy/admin/v2alpha/certs.proto
+++ b/envoy/admin/v2alpha/certs.proto
@ -26,6 +26,7 @@ message Certificate {
  repeated CertificateDetails cert_chain = 2;
 }

+// [#next-free-field: 7]
 message CertificateDetails {
  // Path of the certificate.
  string path = 1;
--- a/envoy/admin/v2alpha/clusters.proto
+++ b/envoy/admin/v2alpha/clusters.proto
@ -21,6 +21,7 @@ message Clusters {
 }

 // Details an individual cluster's current status.
+// [#next-free-field: 6]
 message ClusterStatus {
  // Name of the cluster.
  string name = 1;
@ -69,6 +70,7 @@ message ClusterStatus {
 }

 // Current state of a particular host.
+// [#next-free-field: 9]
 message HostStatus {
  // Address of this host.
  api.v2.core.Address address = 1;
@ -119,6 +121,7 @@ message HostStatus {
 }

 // Health status for a host.
+// [#next-free-field: 7]
 message HostHealthStatus {
  // The host is currently failing active health checks.
  bool failed_active_health_check = 1;
--- a/envoy/admin/v2alpha/config_dump.proto
+++ b/envoy/admin/v2alpha/config_dump.proto
@ -48,6 +48,7 @@ message BootstrapConfigDump {
 // Envoy's listener manager fills this message with all currently known listeners. Listener
 // configuration information can be used to recreate an Envoy configuration by populating all
 // listeners as static listeners or by returning them in a LDS response.
+// [#next-free-field: 6]
 message ListenersConfigDump {
  // Describes a statically loaded listener.
  message StaticListener {
--- a/envoy/admin/v2alpha/memory.proto
+++ b/envoy/admin/v2alpha/memory.proto
@ -11,6 +11,7 @@ option java_package = "io.envoyproxy.envoy.admin.v2alpha";
 // Proto representation of the internal memory consumption of an Envoy instance. These represent
 // values extracted from an internal TCMalloc instance. For more information, see the section of the
 // docs entitled ["Generic Tcmalloc Status"](https://gperftools.github.io/gperftools/tcmalloc.html).
+// [#next-free-field: 6]
 message Memory {
  // The number of bytes allocated by the heap for Envoy. This is an alias for
  // `generic.current_allocated_bytes`.
--- a/envoy/admin/v2alpha/server_info.proto
+++ b/envoy/admin/v2alpha/server_info.proto
@ -12,6 +12,7 @@ import "google/protobuf/duration.proto";

 // Proto representation of the value returned by /server_info, containing
 // server version/server status information.
+// [#next-free-field: 7]
 message ServerInfo {
  enum State {
    // Server is live and serving traffic.
@ -46,6 +47,7 @@ message ServerInfo {
  CommandLineOptions command_line_options = 6;
 }

+// [#next-free-field: 27]
 message CommandLineOptions {
  enum IpVersion {
    v4 = 0;
--- a/envoy/admin/v3alpha/certs.proto
+++ b/envoy/admin/v3alpha/certs.proto
@ -26,6 +26,7 @@ message Certificate {
  repeated CertificateDetails cert_chain = 2;
 }

+// [#next-free-field: 7]
 message CertificateDetails {
  // Path of the certificate.
  string path = 1;
--- a/envoy/admin/v3alpha/clusters.proto
+++ b/envoy/admin/v3alpha/clusters.proto
@ -21,6 +21,7 @@ message Clusters {
 }

 // Details an individual cluster's current status.
+// [#next-free-field: 6]
 message ClusterStatus {
  // Name of the cluster.
  string name = 1;
@ -69,6 +70,7 @@ message ClusterStatus {
 }

 // Current state of a particular host.
+// [#next-free-field: 9]
 message HostStatus {
  // Address of this host.
  api.v3alpha.core.Address address = 1;
@ -119,6 +121,7 @@ message HostStatus {
 }

 // Health status for a host.
+// [#next-free-field: 7]
 message HostHealthStatus {
  // The host is currently failing active health checks.
  bool failed_active_health_check = 1;
--- a/envoy/admin/v3alpha/config_dump.proto
+++ b/envoy/admin/v3alpha/config_dump.proto
@ -48,6 +48,7 @@ message BootstrapConfigDump {
 // Envoy's listener manager fills this message with all currently known listeners. Listener
 // configuration information can be used to recreate an Envoy configuration by populating all
 // listeners as static listeners or by returning them in a LDS response.
+// [#next-free-field: 6]
 message ListenersConfigDump {
  // Describes a statically loaded listener.
  message StaticListener {
--- a/envoy/admin/v3alpha/memory.proto
+++ b/envoy/admin/v3alpha/memory.proto
@ -11,6 +11,7 @@ option java_package = "io.envoyproxy.envoy.admin.v3alpha";
 // Proto representation of the internal memory consumption of an Envoy instance. These represent
 // values extracted from an internal TCMalloc instance. For more information, see the section of the
 // docs entitled ["Generic Tcmalloc Status"](https://gperftools.github.io/gperftools/tcmalloc.html).
+// [#next-free-field: 6]
 message Memory {
  // The number of bytes allocated by the heap for Envoy. This is an alias for
  // `generic.current_allocated_bytes`.
--- a/envoy/admin/v3alpha/server_info.proto
+++ b/envoy/admin/v3alpha/server_info.proto
@ -12,6 +12,7 @@ import "google/protobuf/duration.proto";

 // Proto representation of the value returned by /server_info, containing
 // server version/server status information.
+// [#next-free-field: 7]
 message ServerInfo {
  enum State {
    // Server is live and serving traffic.
@ -46,6 +47,7 @@ message ServerInfo {
  CommandLineOptions command_line_options = 6;
 }

+// [#next-free-field: 27]
 message CommandLineOptions {
  enum IpVersion {
    v4 = 0;
--- a/envoy/api/v2/auth/cert.proto
+++ b/envoy/api/v2/auth/cert.proto
@ -116,6 +116,7 @@ message PrivateKeyProvider {
  }
 }

+// [#next-free-field: 7]
 message TlsCertificate {
  // The TLS certificate chain.
  core.DataSource certificate_chain = 1;
@ -170,6 +171,7 @@ message TlsSessionTicketKeys {
  repeated core.DataSource keys = 1 [(validate.rules).repeated = {min_items: 1}];
 }

+// [#next-free-field: 9]
 message CertificateValidationContext {
  // TLS certificate data containing certificate authority certificates to use in verifying
  // a presented peer certificate (e.g. server certificate for clusters or client certificate
@ -282,6 +284,7 @@ message CertificateValidationContext {
 }

 // TLS context shared by both client and server TLS contexts.
+// [#next-free-field: 9]
 message CommonTlsContext {
  message CombinedCertificateValidationContext {
    // How to validate peer certificates.
@ -361,6 +364,7 @@ message UpstreamTlsContext {
  google.protobuf.UInt32Value max_session_keys = 4;
 }

+// [#next-free-field: 6]
 message DownstreamTlsContext {
  // Common TLS context settings.
  CommonTlsContext common_tls_context = 1;
--- a/envoy/api/v2/cds.proto
+++ b/envoy/api/v2/cds.proto
@ -48,6 +48,7 @@ service ClusterDiscoveryService {

 // Configuration for a single upstream cluster.
 // [#comment:next free field: 45]
+// [#next-free-field: 45]
 message Cluster {
  // Refer to :ref:`service discovery type <arch_overview_service_discovery_types>`
  // for an explanation on each type.
@ -192,6 +193,7 @@ message Cluster {

  // Optionally divide the endpoints in this cluster into subsets defined by
  // endpoint metadata and selected by route and weighted cluster metadata.
+  // [#next-free-field: 8]
  message LbSubsetConfig {
    // If NO_FALLBACK is selected, a result
    // equivalent to no healthy hosts is reported. If ANY_ENDPOINT is selected,
@ -351,6 +353,7 @@ message Cluster {
  }

  // Common configuration for all load balancer implementations.
+  // [#next-free-field: 7]
  message CommonLbConfig {
    // Configuration for :ref:`zone aware routing
    // <arch_overview_load_balancing_zone_aware_routing>`.
--- a/envoy/api/v2/cluster/circuit_breaker.proto
+++ b/envoy/api/v2/cluster/circuit_breaker.proto
@ -19,6 +19,7 @@ import "google/protobuf/wrappers.proto";
 message CircuitBreakers {
  // A Thresholds defines CircuitBreaker settings for a
  // :ref:`RoutingPriority<envoy_api_enum_core.RoutingPriority>`.
+  // [#next-free-field: 8]
  message Thresholds {
    // The :ref:`RoutingPriority<envoy_api_enum_core.RoutingPriority>`
    // the specified CircuitBreaker settings apply to.
--- a/envoy/api/v2/cluster/outlier_detection.proto
+++ b/envoy/api/v2/cluster/outlier_detection.proto
@ -17,6 +17,7 @@ import "validate/validate.proto";

 // See the :ref:`architecture overview <arch_overview_outlier_detection>` for
 // more information on outlier detection.
+// [#next-free-field: 21]
 message OutlierDetection {
  // The number of consecutive 5xx responses or local origin errors that are mapped
  // to 5xx error codes before a consecutive 5xx ejection
--- a/envoy/api/v2/core/address.proto
+++ b/envoy/api/v2/core/address.proto
@ -22,6 +22,7 @@ message Pipe {
  string path = 1 [(validate.rules).string = {min_bytes: 1}];
 }

+// [#next-free-field: 7]
 message SocketAddress {
  enum Protocol {
    TCP = 0;
--- a/envoy/api/v2/core/base.proto
+++ b/envoy/api/v2/core/base.proto
@ -79,6 +79,7 @@ message Locality {
 // Identifies a specific Envoy instance. The node identifier is presented to the
 // management server, which may use this identifier to distinguish per Envoy
 // configuration for serving.
+// [#next-free-field: 6]
 message Node {
  // An opaque node identifier for the Envoy node. This also provides the local
  // service node name. It should be set if any of the following features are
@ -247,6 +248,7 @@ message TransportSocket {

 // Generic socket option message. This would be used to set socket options that
 // might not exist in upstream kernels or precompiled Envoy binaries.
+// [#next-free-field: 7]
 message SocketOption {
  enum SocketState {
    // Socket options are applied after socket creation but before binding the socket to a port
--- a/envoy/api/v2/core/config_source.proto
+++ b/envoy/api/v2/core/config_source.proto
@ -17,6 +17,7 @@ import "validate/validate.proto";

 // API configuration source. This identifies the API type and cluster that Envoy
 // will use to fetch an xDS API.
+// [#next-free-field: 8]
 message ApiConfigSource {
  // APIs may be fetched via either REST or gRPC.
  enum ApiType {
@ -102,6 +103,7 @@ message RateLimitSettings {
 // filesystem or from an xDS API source. Filesystem configs are watched with
 // inotify for updates.
 // [#comment:next free field: 6]
+// [#next-free-field: 6]
 message ConfigSource {
  oneof config_source_specifier {
    option (validate.required) = true;
--- a/envoy/api/v2/core/grpc_service.proto
+++ b/envoy/api/v2/core/grpc_service.proto
@ -19,6 +19,7 @@ import "validate/validate.proto";

 // gRPC service configuration. This is used by :ref:`ApiConfigSource
 // <envoy_api_msg_core.ApiConfigSource>` and filter configurations.
+// [#next-free-field: 6]
 message GrpcService {
  message EnvoyGrpc {
    // The name of the upstream gRPC cluster. SSL credentials will be supplied
@ -27,6 +28,7 @@ message GrpcService {
    string cluster_name = 1 [(validate.rules).string = {min_bytes: 1}];
  }

+  // [#next-free-field: 7]
  message GoogleGrpc {
    // See https://grpc.io/grpc/cpp/structgrpc_1_1_ssl_credentials_options.html.
    message SslCredentials {
@ -60,6 +62,7 @@ message GrpcService {
      }
    }

+    // [#next-free-field: 7]
    message CallCredentials {
      message ServiceAccountJWTAccessCredentials {
        string json_key = 1;
--- a/envoy/api/v2/core/health_check.proto
+++ b/envoy/api/v2/core/health_check.proto
@ -48,6 +48,7 @@ enum HealthStatus {
  DEGRADED = 5;
 }

+// [#next-free-field: 21]
 message HealthCheck {
  // Describes the encoding of the payload bytes in the payload.
  message Payload {
@ -63,6 +64,7 @@ message HealthCheck {
  }

  // [#comment:next free field: 10]
+  // [#next-free-field: 10]
  message HttpHealthCheck {
    // The value of the host header in the HTTP health check request. If
    // left empty (default value), the name of the cluster this health check is associated
--- a/envoy/api/v2/core/protocol.proto
+++ b/envoy/api/v2/core/protocol.proto
@ -54,6 +54,7 @@ message Http1ProtocolOptions {
 }

 // [#comment:next free field: 13]
+// [#next-free-field: 13]
 message Http2ProtocolOptions {
  // `Maximum table size <https://httpwg.org/specs/rfc7541.html#rfc.section.4.2>`_
  // (in octets) that the encoder is permitted to use for the dynamic HPACK table. Valid values
--- a/envoy/api/v2/discovery.proto
+++ b/envoy/api/v2/discovery.proto
@ -15,6 +15,7 @@ import "google/rpc/status.proto";

 // A DiscoveryRequest requests a set of versioned resources of the same type for
 // a given Envoy node on some API.
+// [#next-free-field: 7]
 message DiscoveryRequest {
  // The version_info provided in the request messages will be the version_info
  // received with the most recent successfully processed response or empty on
@ -56,6 +57,7 @@ message DiscoveryRequest {
  google.rpc.Status error_detail = 6;
 }

+// [#next-free-field: 7]
 message DiscoveryResponse {
  // The version of the response data.
  string version_info = 1;
@ -130,6 +132,7 @@ message DiscoveryResponse {
 // In particular, initial_resource_versions being sent at the "start" of every
 // gRPC stream actually entails a message for each type_url, each with its own
 // initial_resource_versions.
+// [#next-free-field: 8]
 message DeltaDiscoveryRequest {
  // The node making the request.
  core.Node node = 1;
@ -186,6 +189,7 @@ message DeltaDiscoveryRequest {
  google.rpc.Status error_detail = 7;
 }

+// [#next-free-field: 7]
 message DeltaDiscoveryResponse {
  // The version of the response data (used for debugging).
  string system_version_info = 1;
--- a/envoy/api/v2/eds.proto
+++ b/envoy/api/v2/eds.proto
@ -46,8 +46,10 @@ service EndpointDiscoveryService {
 // for each endpoint is determined by both its load_balancing_weight, and the
 // load_balancing_weight of its locality. First, a locality will be selected,
 // then an endpoint within that locality will be chose based on its weight.
+// [#next-free-field: 6]
 message ClusterLoadAssignment {
  // Load balancing policy settings.
+  // [#next-free-field: 6]
  message Policy {
    message DropOverload {
      // Identifier for the policy specifying the drop.
--- a/envoy/api/v2/endpoint/endpoint.proto
+++ b/envoy/api/v2/endpoint/endpoint.proto
@ -51,6 +51,7 @@ message Endpoint {
 }

 // An Endpoint that Envoy can route traffic to.
+// [#next-free-field: 6]
 message LbEndpoint {
  // Upstream host identifier or a named reference.
  oneof host_identifier {
@ -86,6 +87,7 @@ message LbEndpoint {
 // One can have multiple LocalityLbEndpoints for a locality, but this is
 // generally only done if the different groups need to have different load
 // balancing weights or different priorities.
+// [#next-free-field: 7]
 message LocalityLbEndpoints {
  // Identifies location of where the upstream hosts run.
  core.Locality locality = 1;
--- a/envoy/api/v2/endpoint/load_report.proto
+++ b/envoy/api/v2/endpoint/load_report.proto
@ -19,6 +19,7 @@ import "validate/validate.proto";
 // :ref:`LoadStatsResponse.load_reporting_interval<envoy_api_field_service.load_stats.v2.LoadStatsResponse.load_reporting_interval>`.
 // Stats per upstream region/zone and optionally per subzone.
 // [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs.
+// [#next-free-field: 9]
 message UpstreamLocalityStats {
  // Name of zone, region and optionally endpoint group these metrics were
  // collected from. Zone and region names could be empty if unknown.
@ -54,6 +55,7 @@ message UpstreamLocalityStats {
 }

 // [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs.
+// [#next-free-field: 8]
 message UpstreamEndpointStats {
  // Upstream host address.
  core.Address address = 1;
@ -109,6 +111,7 @@ message EndpointLoadMetricStats {
 // :ref:`LoadStatsRequest<envoy_api_msg_service.load_stats.v2.LoadStatsRequest>`
 // [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs.
 // Next ID: 7
+// [#next-free-field: 7]
 message ClusterStats {
  message DroppedRequests {
    // Identifier for the policy specifying the drop.
--- a/envoy/api/v2/lds.proto
+++ b/envoy/api/v2/lds.proto
@ -43,6 +43,7 @@ service ListenerDiscoveryService {
 }

 // [#comment:next free field: 21]
+// [#next-free-field: 21]
 message Listener {
  enum DrainType {
    // Drain in response to calling /healthcheck/fail admin endpoint (along with the health check
--- a/envoy/api/v2/listener/listener.proto
+++ b/envoy/api/v2/listener/listener.proto
@ -65,6 +65,7 @@ message Filter {
 // listed at the end, because that's how we want to list them in the docs.
 //
 // [#comment:TODO(PiotrSikora): Add support for configurable precedence of the rules]
+// [#next-free-field: 13]
 message FilterChainMatch {
  enum ConnectionSourceType {
    // Any connection source matches.
@ -160,6 +161,7 @@ message FilterChainMatch {

 // A filter chain wraps a set of match criteria, an option TLS context, a set of filters, and
 // various other parameters.
+// [#next-free-field: 8]
 message FilterChain {
  // The criteria to use when matching a connection to this filter chain.
  FilterChainMatch filter_chain_match = 1;
--- a/envoy/api/v2/rds.proto
+++ b/envoy/api/v2/rds.proto
@ -57,6 +57,7 @@ service VirtualHostDiscoveryService {
 }

 // [#comment:next free field: 11]
+// [#next-free-field: 11]
 message RouteConfiguration {
  // The name of the route configuration. For example, it might match
  // :ref:`route_config_name
--- a/envoy/api/v2/route/route.proto
+++ b/envoy/api/v2/route/route.proto
@ -29,6 +29,7 @@ import "validate/validate.proto";
 // a virtual host is selected based on the domain, the routes are processed in order to see which
 // upstream cluster to route to or whether to perform a redirect.
 // [#comment:next free field: 18]
+// [#next-free-field: 18]
 message VirtualHost {
  enum TlsRequirementType {
    // No TLS requirement for the virtual host.
@ -155,6 +156,7 @@ message VirtualHost {
 //   Envoy supports routing on HTTP method via :ref:`header matching
 //   <envoy_api_msg_route.HeaderMatcher>`.
 // [#comment:next free field: 15]
+// [#next-free-field: 16]
 message Route {
  reserved 6;

@ -240,6 +242,7 @@ message Route {
 // weights.
 // [#comment:next free field: 11]
 message WeightedCluster {
+  // [#next-free-field: 11]
  message ClusterWeight {
    reserved 7;

@ -321,6 +324,7 @@ message WeightedCluster {
  string runtime_key_prefix = 2;
 }

+// [#next-free-field: 11]
 message RouteMatch {
  message GrpcRouteMatchOptions {
  }
@ -414,6 +418,7 @@ message RouteMatch {
 }

 // [#comment:next free field: 11]
+// [#next-free-field: 12]
 message CorsPolicy {
  // Specifies the origins that will be allowed to do CORS requests.
  //
@ -487,6 +492,7 @@ message CorsPolicy {
 }

 // [#comment:next free field: 30]
+// [#next-free-field: 30]
 message RouteAction {
  enum ClusterNotFoundResponseCode {
    // HTTP status code - 503 Service Unavailable.
@ -844,6 +850,7 @@ message RouteAction {

 // HTTP retry :ref:`architecture overview <arch_overview_http_routing_retry>`.
 // [#comment:next free field: 10]
+// [#next-free-field: 11]
 message RetryPolicy {
  message RetryPriority {
    string name = 1 [(validate.rules).string = {min_bytes: 1}];
@ -965,6 +972,7 @@ message HedgePolicy {
  bool hedge_on_per_try_timeout = 3;
 }

+// [#next-free-field: 9]
 message RedirectAction {
  enum RedirectResponseCode {
    // Moved Permanently HTTP Status Code - 301.
@ -1133,6 +1141,7 @@ message VirtualCluster {

 // Global rate limiting :ref:`architecture overview <arch_overview_rate_limit>`.
 message RateLimit {
+  // [#next-free-field: 7]
  message Action {
    // The following descriptor entry is appended to the descriptor:
    //
@ -1289,6 +1298,7 @@ message RateLimit {
 //   value.
 //
 //  [#next-major-version: HeaderMatcher should be refactored to use StringMatcher.]
+// [#next-free-field: 12]
 message HeaderMatcher {
  reserved 2, 3;

@ -1366,6 +1376,7 @@ message HeaderMatcher {

 // Query parameter matching treats the query string of a request's :path header
 // as an ampersand-separated list of keys and/or key=value elements.
+// [#next-free-field: 7]
 message QueryParameterMatcher {
  // Specifies the name of a key that must be present in the requested
  // *path*'s query string.
--- a/envoy/api/v3alpha/auth/cert.proto
+++ b/envoy/api/v3alpha/auth/cert.proto
@ -116,6 +116,7 @@ message PrivateKeyProvider {
  }
 }

+// [#next-free-field: 7]
 message TlsCertificate {
  // The TLS certificate chain.
  core.DataSource certificate_chain = 1;
@ -171,6 +172,7 @@ message TlsSessionTicketKeys {
  repeated core.DataSource keys = 1 [(validate.rules).repeated = {min_items: 1}];
 }

+// [#next-free-field: 9]
 message CertificateValidationContext {
  // TLS certificate data containing certificate authority certificates to use in verifying
  // a presented peer certificate (e.g. server certificate for clusters or client certificate
@ -285,6 +287,7 @@ message CertificateValidationContext {
 }

 // TLS context shared by both client and server TLS contexts.
+// [#next-free-field: 9]
 message CommonTlsContext {
  message CombinedCertificateValidationContext {
    // How to validate peer certificates.
@ -364,6 +367,7 @@ message UpstreamTlsContext {
  google.protobuf.UInt32Value max_session_keys = 4;
 }

+// [#next-free-field: 6]
 message DownstreamTlsContext {
  // Common TLS context settings.
  CommonTlsContext common_tls_context = 1;
--- a/envoy/api/v3alpha/cds.proto
+++ b/envoy/api/v3alpha/cds.proto
@ -48,6 +48,7 @@ service ClusterDiscoveryService {

 // Configuration for a single upstream cluster.
 // [#comment:next free field: 45]
+// [#next-free-field: 45]
 message Cluster {
  // Refer to :ref:`service discovery type <arch_overview_service_discovery_types>`
  // for an explanation on each type.
@ -187,6 +188,7 @@ message Cluster {

  // Optionally divide the endpoints in this cluster into subsets defined by
  // endpoint metadata and selected by route and weighted cluster metadata.
+  // [#next-free-field: 8]
  message LbSubsetConfig {
    // If NO_FALLBACK is selected, a result
    // equivalent to no healthy hosts is reported. If ANY_ENDPOINT is selected,
@ -346,6 +348,7 @@ message Cluster {
  }

  // Common configuration for all load balancer implementations.
+  // [#next-free-field: 7]
  message CommonLbConfig {
    // Configuration for :ref:`zone aware routing
    // <arch_overview_load_balancing_zone_aware_routing>`.
--- a/envoy/api/v3alpha/cluster/circuit_breaker.proto
+++ b/envoy/api/v3alpha/cluster/circuit_breaker.proto
@ -17,6 +17,7 @@ import "google/protobuf/wrappers.proto";
 message CircuitBreakers {
  // A Thresholds defines CircuitBreaker settings for a
  // :ref:`RoutingPriority<envoy_api_enum_api.v3alpha.core.RoutingPriority>`.
+  // [#next-free-field: 8]
  message Thresholds {
    // The :ref:`RoutingPriority<envoy_api_enum_api.v3alpha.core.RoutingPriority>`
    // the specified CircuitBreaker settings apply to.
--- a/envoy/api/v3alpha/cluster/outlier_detection.proto
+++ b/envoy/api/v3alpha/cluster/outlier_detection.proto
@ -15,6 +15,7 @@ import "validate/validate.proto";

 // See the :ref:`architecture overview <arch_overview_outlier_detection>` for
 // more information on outlier detection.
+// [#next-free-field: 21]
 message OutlierDetection {
  // The number of consecutive 5xx responses or local origin errors that are mapped
  // to 5xx error codes before a consecutive 5xx ejection
--- a/envoy/api/v3alpha/core/address.proto
+++ b/envoy/api/v3alpha/core/address.proto
@ -22,6 +22,7 @@ message Pipe {
  string path = 1 [(validate.rules).string = {min_bytes: 1}];
 }

+// [#next-free-field: 7]
 message SocketAddress {
  enum Protocol {
    TCP = 0;
--- a/envoy/api/v3alpha/core/base.proto
+++ b/envoy/api/v3alpha/core/base.proto
@ -80,6 +80,7 @@ message Locality {
 // Identifies a specific Envoy instance. The node identifier is presented to the
 // management server, which may use this identifier to distinguish per Envoy
 // configuration for serving.
+// [#next-free-field: 6]
 message Node {
  // An opaque node identifier for the Envoy node. This also provides the local
  // service node name. It should be set if any of the following features are
@ -248,6 +249,7 @@ message TransportSocket {

 // Generic socket option message. This would be used to set socket options that
 // might not exist in upstream kernels or precompiled Envoy binaries.
+// [#next-free-field: 7]
 message SocketOption {
  enum SocketState {
    // Socket options are applied after socket creation but before binding the socket to a port
--- a/envoy/api/v3alpha/core/config_source.proto
+++ b/envoy/api/v3alpha/core/config_source.proto
@ -17,6 +17,7 @@ import "validate/validate.proto";

 // API configuration source. This identifies the API type and cluster that Envoy
 // will use to fetch an xDS API.
+// [#next-free-field: 8]
 message ApiConfigSource {
  // APIs may be fetched via either REST or gRPC.
  enum ApiType {
@ -102,6 +103,7 @@ message RateLimitSettings {
 // filesystem or from an xDS API source. Filesystem configs are watched with
 // inotify for updates.
 // [#comment:next free field: 6]
+// [#next-free-field: 6]
 message ConfigSource {
  oneof config_source_specifier {
    option (validate.required) = true;
--- a/envoy/api/v3alpha/core/grpc_service.proto
+++ b/envoy/api/v3alpha/core/grpc_service.proto
@ -19,6 +19,7 @@ import "validate/validate.proto";

 // gRPC service configuration. This is used by :ref:`ApiConfigSource
 // <envoy_api_msg_api.v3alpha.core.ApiConfigSource>` and filter configurations.
+// [#next-free-field: 6]
 message GrpcService {
  message EnvoyGrpc {
    // The name of the upstream gRPC cluster. SSL credentials will be supplied
@ -27,6 +28,7 @@ message GrpcService {
    string cluster_name = 1 [(validate.rules).string = {min_bytes: 1}];
  }

+  // [#next-free-field: 7]
  message GoogleGrpc {
    // See https://grpc.io/grpc/cpp/structgrpc_1_1_ssl_credentials_options.html.
    message SslCredentials {
@ -60,6 +62,7 @@ message GrpcService {
      }
    }

+    // [#next-free-field: 7]
    message CallCredentials {
      message ServiceAccountJWTAccessCredentials {
        string json_key = 1;
--- a/envoy/api/v3alpha/core/health_check.proto
+++ b/envoy/api/v3alpha/core/health_check.proto
@ -48,6 +48,7 @@ enum HealthStatus {
  DEGRADED = 5;
 }

+// [#next-free-field: 21]
 message HealthCheck {
  // Describes the encoding of the payload bytes in the payload.
  message Payload {
@ -63,6 +64,7 @@ message HealthCheck {
  }

  // [#comment:next free field: 10]
+  // [#next-free-field: 10]
  message HttpHealthCheck {
    reserved 7;

--- a/envoy/api/v3alpha/core/protocol.proto
+++ b/envoy/api/v3alpha/core/protocol.proto
@ -54,6 +54,7 @@ message Http1ProtocolOptions {
 }

 // [#comment:next free field: 13]
+// [#next-free-field: 13]
 message Http2ProtocolOptions {
  // `Maximum table size <https://httpwg.org/specs/rfc7541.html#rfc.section.4.2>`_
  // (in octets) that the encoder is permitted to use for the dynamic HPACK table. Valid values
--- a/envoy/api/v3alpha/discovery.proto
+++ b/envoy/api/v3alpha/discovery.proto
@ -15,6 +15,7 @@ import "google/rpc/status.proto";

 // A DiscoveryRequest requests a set of versioned resources of the same type for
 // a given Envoy node on some API.
+// [#next-free-field: 7]
 message DiscoveryRequest {
  // The version_info provided in the request messages will be the version_info
  // received with the most recent successfully processed response or empty on
@ -57,6 +58,7 @@ message DiscoveryRequest {
  google.rpc.Status error_detail = 6;
 }

+// [#next-free-field: 7]
 message DiscoveryResponse {
  // The version of the response data.
  string version_info = 1;
@ -131,6 +133,7 @@ message DiscoveryResponse {
 // In particular, initial_resource_versions being sent at the "start" of every
 // gRPC stream actually entails a message for each type_url, each with its own
 // initial_resource_versions.
+// [#next-free-field: 8]
 message DeltaDiscoveryRequest {
  // The node making the request.
  core.Node node = 1;
@ -187,6 +190,7 @@ message DeltaDiscoveryRequest {
  google.rpc.Status error_detail = 7;
 }

+// [#next-free-field: 7]
 message DeltaDiscoveryResponse {
  // The version of the response data (used for debugging).
  string system_version_info = 1;
--- a/envoy/api/v3alpha/eds.proto
+++ b/envoy/api/v3alpha/eds.proto
@ -46,8 +46,10 @@ service EndpointDiscoveryService {
 // for each endpoint is determined by both its load_balancing_weight, and the
 // load_balancing_weight of its locality. First, a locality will be selected,
 // then an endpoint within that locality will be chose based on its weight.
+// [#next-free-field: 6]
 message ClusterLoadAssignment {
  // Load balancing policy settings.
+  // [#next-free-field: 6]
  message Policy {
    message DropOverload {
      // Identifier for the policy specifying the drop.
--- a/envoy/api/v3alpha/endpoint/endpoint.proto
+++ b/envoy/api/v3alpha/endpoint/endpoint.proto
@ -51,6 +51,7 @@ message Endpoint {
 }

 // An Endpoint that Envoy can route traffic to.
+// [#next-free-field: 6]
 message LbEndpoint {
  // Upstream host identifier or a named reference.
  oneof host_identifier {
@ -86,6 +87,7 @@ message LbEndpoint {
 // One can have multiple LocalityLbEndpoints for a locality, but this is
 // generally only done if the different groups need to have different load
 // balancing weights or different priorities.
+// [#next-free-field: 7]
 message LocalityLbEndpoints {
  // Identifies location of where the upstream hosts run.
  core.Locality locality = 1;
--- a/envoy/api/v3alpha/endpoint/load_report.proto
+++ b/envoy/api/v3alpha/endpoint/load_report.proto
@ -19,6 +19,7 @@ import "validate/validate.proto";
 // :ref:`LoadStatsResponse.load_reporting_interval<envoy_api_field_service.load_stats.v3alpha.LoadStatsResponse.load_reporting_interval>`.
 // Stats per upstream region/zone and optionally per subzone.
 // [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs.
+// [#next-free-field: 9]
 message UpstreamLocalityStats {
  // Name of zone, region and optionally endpoint group these metrics were
  // collected from. Zone and region names could be empty if unknown.
@ -54,6 +55,7 @@ message UpstreamLocalityStats {
 }

 // [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs.
+// [#next-free-field: 8]
 message UpstreamEndpointStats {
  // Upstream host address.
  core.Address address = 1;
@ -109,6 +111,7 @@ message EndpointLoadMetricStats {
 // :ref:`LoadStatsRequest<envoy_api_msg_service.load_stats.v3alpha.LoadStatsRequest>`
 // [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs.
 // Next ID: 7
+// [#next-free-field: 7]
 message ClusterStats {
  message DroppedRequests {
    // Identifier for the policy specifying the drop.
--- a/envoy/api/v3alpha/lds.proto
+++ b/envoy/api/v3alpha/lds.proto
@ -43,6 +43,7 @@ service ListenerDiscoveryService {
 }

 // [#comment:next free field: 21]
+// [#next-free-field: 21]
 message Listener {
  enum DrainType {
    // Drain in response to calling /healthcheck/fail admin endpoint (along with the health check
--- a/envoy/api/v3alpha/listener/listener.proto
+++ b/envoy/api/v3alpha/listener/listener.proto
@ -63,6 +63,7 @@ message Filter {
 // listed at the end, because that's how we want to list them in the docs.
 //
 // [#comment:TODO(PiotrSikora): Add support for configurable precedence of the rules]
+// [#next-free-field: 13]
 message FilterChainMatch {
  enum ConnectionSourceType {
    // Any connection source matches.
@ -158,6 +159,7 @@ message FilterChainMatch {

 // A filter chain wraps a set of match criteria, an option TLS context, a set of filters, and
 // various other parameters.
+// [#next-free-field: 8]
 message FilterChain {
  // The criteria to use when matching a connection to this filter chain.
  FilterChainMatch filter_chain_match = 1;
--- a/envoy/api/v3alpha/rds.proto
+++ b/envoy/api/v3alpha/rds.proto
@ -58,6 +58,7 @@ service VirtualHostDiscoveryService {
 }

 // [#comment:next free field: 11]
+// [#next-free-field: 11]
 message RouteConfiguration {
  // The name of the route configuration. For example, it might match
  // :ref:`route_config_name
--- a/envoy/api/v3alpha/route/route.proto
+++ b/envoy/api/v3alpha/route/route.proto
@ -29,6 +29,7 @@ import "validate/validate.proto";
 // a virtual host is selected based on the domain, the routes are processed in order to see which
 // upstream cluster to route to or whether to perform a redirect.
 // [#comment:next free field: 18]
+// [#next-free-field: 18]
 message VirtualHost {
  enum TlsRequirementType {
    // No TLS requirement for the virtual host.
@ -155,6 +156,7 @@ message VirtualHost {
 //   Envoy supports routing on HTTP method via :ref:`header matching
 //   <envoy_api_msg_api.v3alpha.route.HeaderMatcher>`.
 // [#comment:next free field: 15]
+// [#next-free-field: 16]
 message Route {
  reserved 6;

@ -240,6 +242,7 @@ message Route {
 // weights.
 // [#comment:next free field: 11]
 message WeightedCluster {
+  // [#next-free-field: 11]
  message ClusterWeight {
    reserved 7;

@ -322,6 +325,7 @@ message WeightedCluster {
  string runtime_key_prefix = 2;
 }

+// [#next-free-field: 11]
 message RouteMatch {
  message GrpcRouteMatchOptions {
  }
@ -399,6 +403,7 @@ message RouteMatch {
 }

 // [#comment:next free field: 11]
+// [#next-free-field: 12]
 message CorsPolicy {
  reserved 1, 8, 7;

@ -450,6 +455,7 @@ message CorsPolicy {
 }

 // [#comment:next free field: 30]
+// [#next-free-field: 30]
 message RouteAction {
  enum ClusterNotFoundResponseCode {
    // HTTP status code - 503 Service Unavailable.
@ -798,6 +804,7 @@ message RouteAction {

 // HTTP retry :ref:`architecture overview <arch_overview_http_routing_retry>`.
 // [#comment:next free field: 10]
+// [#next-free-field: 11]
 message RetryPolicy {
  message RetryPriority {
    string name = 1 [(validate.rules).string = {min_bytes: 1}];
@ -919,6 +926,7 @@ message HedgePolicy {
  bool hedge_on_per_try_timeout = 3;
 }

+// [#next-free-field: 9]
 message RedirectAction {
  enum RedirectResponseCode {
    // Moved Permanently HTTP Status Code - 301.
@ -1070,6 +1078,7 @@ message VirtualCluster {

 // Global rate limiting :ref:`architecture overview <arch_overview_rate_limit>`.
 message RateLimit {
+  // [#next-free-field: 7]
  message Action {
    // The following descriptor entry is appended to the descriptor:
    //
@ -1228,6 +1237,7 @@ message RateLimit {
 //   regardless of the header's value.
 //
 //  [#next-major-version: HeaderMatcher should be refactored to use StringMatcher.]
+// [#next-free-field: 12]
 message HeaderMatcher {
  reserved 2, 3, 5;

@ -1291,6 +1301,7 @@ message HeaderMatcher {

 // Query parameter matching treats the query string of a request's :path header
 // as an ampersand-separated list of keys and/or key=value elements.
+// [#next-free-field: 7]
 message QueryParameterMatcher {
  reserved 3, 4;

--- a/envoy/config/bootstrap/v2/bootstrap.proto
+++ b/envoy/config/bootstrap/v2/bootstrap.proto
@ -28,6 +28,7 @@ import "validate/validate.proto";
 // <config_overview_v2_bootstrap>` for more detail.

 // Bootstrap :ref:`configuration overview <config_overview_v2_bootstrap>`.
+// [#next-free-field: 20]
 message Bootstrap {
  message StaticResources {
    // Static :ref:`Listeners <envoy_api_msg_Listener>`. These listeners are
@ -263,6 +264,7 @@ message Runtime {
  google.protobuf.Struct base = 4;
 }

+// [#next-free-field: 6]
 message RuntimeLayer {
  // :ref:`Disk runtime <config_runtime_local_disk>` layer.
  message DiskLayer {
--- a/envoy/config/bootstrap/v3alpha/bootstrap.proto
+++ b/envoy/config/bootstrap/v3alpha/bootstrap.proto
@ -28,6 +28,7 @@ import "validate/validate.proto";
 // <config_overview_v2_bootstrap>` for more detail.

 // Bootstrap :ref:`configuration overview <config_overview_v2_bootstrap>`.
+// [#next-free-field: 20]
 message Bootstrap {
  message StaticResources {
    // Static :ref:`Listeners <envoy_api_msg_api.v3alpha.Listener>`. These listeners are
@ -259,6 +260,7 @@ message Runtime {
  google.protobuf.Struct base = 4;
 }

+// [#next-free-field: 6]
 message RuntimeLayer {
  // :ref:`Disk runtime <config_runtime_local_disk>` layer.
  message DiskLayer {
--- a/envoy/config/common/dynamic_forward_proxy/v2alpha/dns_cache.proto
+++ b/envoy/config/common/dynamic_forward_proxy/v2alpha/dns_cache.proto
@ -17,6 +17,7 @@ import "validate/validate.proto";

 // Configuration for the dynamic forward proxy DNS cache. See the :ref:`architecture overview
 // <arch_overview_http_dynamic_forward_proxy>` for more information.
+// [#next-free-field: 6]
 message DnsCacheConfig {
  // The name of the cache. Multiple named caches allow independent dynamic forward proxy
  // configurations to operate within a single Envoy process using different configurations. All
--- a/envoy/config/common/dynamic_forward_proxy/v3alpha/dns_cache.proto
+++ b/envoy/config/common/dynamic_forward_proxy/v3alpha/dns_cache.proto
@ -17,6 +17,7 @@ import "validate/validate.proto";

 // Configuration for the dynamic forward proxy DNS cache. See the :ref:`architecture overview
 // <arch_overview_http_dynamic_forward_proxy>` for more information.
+// [#next-free-field: 6]
 message DnsCacheConfig {
  // The name of the cache. Multiple named caches allow independent dynamic forward proxy
  // configurations to operate within a single Envoy process using different configurations. All
--- a/envoy/config/filter/accesslog/v2/accesslog.proto
+++ b/envoy/config/filter/accesslog/v2/accesslog.proto
@ -45,6 +45,7 @@ message AccessLog {
  }
 }

+// [#next-free-field: 12]
 message AccessLogFilter {
  oneof filter_specifier {
    option (validate.required) = true;
--- a/envoy/config/filter/accesslog/v3alpha/accesslog.proto
+++ b/envoy/config/filter/accesslog/v3alpha/accesslog.proto
@ -45,6 +45,7 @@ message AccessLog {
  }
 }

+// [#next-free-field: 12]
 message AccessLogFilter {
  oneof filter_specifier {
    option (validate.required) = true;
--- a/envoy/config/filter/fault/v2/fault.proto
+++ b/envoy/config/filter/fault/v2/fault.proto
@ -16,6 +16,7 @@ import "validate/validate.proto";

 // Delay specification is used to inject latency into the
 // HTTP/gRPC/Mongo/Redis operation or delay proxying of TCP connections.
+// [#next-free-field: 6]
 message FaultDelay {
  enum FaultDelayType {
    // Unused and deprecated.
--- a/envoy/config/filter/fault/v3alpha/fault.proto
+++ b/envoy/config/filter/fault/v3alpha/fault.proto
@ -16,6 +16,7 @@ import "validate/validate.proto";

 // Delay specification is used to inject latency into the
 // HTTP/gRPC/Mongo/Redis operation or delay proxying of TCP connections.
+// [#next-free-field: 6]
 message FaultDelay {
  enum FaultDelayType {
    // Unused and deprecated.
--- a/envoy/config/filter/http/ext_authz/v2/ext_authz.proto
+++ b/envoy/config/filter/http/ext_authz/v2/ext_authz.proto
@ -17,6 +17,7 @@ import "validate/validate.proto";
 // [#protodoc-title: External Authorization]
 // External Authorization :ref:`configuration overview <config_http_filters_ext_authz>`.

+// [#next-free-field: 9]
 message ExtAuthz {
  // External authorization service configuration.
  oneof services {
@ -121,6 +122,7 @@ message BufferSettings {
 // metadata as well as body may be added to the client's response. See :ref:`allowed_client_headers
 // <envoy_api_field_config.filter.http.ext_authz.v2.AuthorizationResponse.allowed_client_headers>`
 // for details.
+// [#next-free-field: 9]
 message HttpService {
  reserved 3, 4, 5, 6;

--- a/envoy/config/filter/http/ext_authz/v3alpha/ext_authz.proto
+++ b/envoy/config/filter/http/ext_authz/v3alpha/ext_authz.proto
@ -17,6 +17,7 @@ import "validate/validate.proto";
 // [#protodoc-title: External Authorization]
 // External Authorization :ref:`configuration overview <config_http_filters_ext_authz>`.

+// [#next-free-field: 9]
 message ExtAuthz {
  reserved 4;

@ -119,6 +120,7 @@ message BufferSettings {
 // metadata as well as body may be added to the client's response. See :ref:`allowed_client_headers
 // <envoy_api_field_config.filter.http.ext_authz.v3alpha.AuthorizationResponse.allowed_client_headers>`
 // for details.
+// [#next-free-field: 9]
 message HttpService {
  reserved 3, 4, 5, 6;

--- a/envoy/config/filter/http/fault/v2/fault.proto
+++ b/envoy/config/filter/http/fault/v2/fault.proto
@ -32,6 +32,7 @@ message FaultAbort {
  type.FractionalPercent percentage = 3;
 }

+// [#next-free-field: 14]
 message HTTPFault {
  // If specified, the filter will inject delays based on the values in the
  // object.
--- a/envoy/config/filter/http/fault/v3alpha/fault.proto
+++ b/envoy/config/filter/http/fault/v3alpha/fault.proto
@ -32,6 +32,7 @@ message FaultAbort {
  type.v3alpha.FractionalPercent percentage = 3;
 }

+// [#next-free-field: 14]
 message HTTPFault {
  // If specified, the filter will inject delays based on the values in the
  // object.
--- a/envoy/config/filter/http/gzip/v2/gzip.proto
+++ b/envoy/config/filter/http/gzip/v2/gzip.proto
@ -13,6 +13,7 @@ import "validate/validate.proto";
 // [#protodoc-title: Gzip]
 // Gzip :ref:`configuration overview <config_http_filters_gzip>`.

+// [#next-free-field: 10]
 message Gzip {
  enum CompressionStrategy {
    DEFAULT = 0;
--- a/envoy/config/filter/http/header_to_metadata/v2/header_to_metadata.proto
+++ b/envoy/config/filter/http/header_to_metadata/v2/header_to_metadata.proto
@ -37,6 +37,7 @@ message Config {
    BASE64 = 1;
  }

+  // [#next-free-field: 6]
  message KeyValuePair {
    // The namespace — if this is empty, the filter's namespace will be used.
    string metadata_namespace = 1;
--- a/envoy/config/filter/http/health_check/v2/health_check.proto
+++ b/envoy/config/filter/http/health_check/v2/health_check.proto
@ -17,6 +17,7 @@ import "validate/validate.proto";
 // [#protodoc-title: Health check]
 // Health check :ref:`configuration overview <config_http_filters_health_check>`.

+// [#next-free-field: 6]
 message HealthCheck {
  reserved 2;

--- a/envoy/config/filter/http/health_check/v3alpha/health_check.proto
+++ b/envoy/config/filter/http/health_check/v3alpha/health_check.proto
@ -17,6 +17,7 @@ import "validate/validate.proto";
 // [#protodoc-title: Health check]
 // Health check :ref:`configuration overview <config_http_filters_health_check>`.

+// [#next-free-field: 6]
 message HealthCheck {
  reserved 2;

--- a/envoy/config/filter/http/jwt_authn/v2alpha/config.proto
+++ b/envoy/config/filter/http/jwt_authn/v2alpha/config.proto
@ -47,6 +47,7 @@ import "validate/validate.proto";
 //       cache_duration:
 //         seconds: 300
 //
+// [#next-free-field: 10]
 message JwtProvider {
  // Specify the `principal <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_ that issued
  // the JWT, usually a URL or an email address.
@ -261,6 +262,7 @@ message ProviderWithAudiences {
 //          - provider_name: provider-B
 //          - provider_name: provider-C
 //
+// [#next-free-field: 6]
 message JwtRequirement {
  oneof requires_type {
    // Specify a required provider name.
--- a/envoy/config/filter/http/jwt_authn/v3alpha/config.proto
+++ b/envoy/config/filter/http/jwt_authn/v3alpha/config.proto
@ -47,6 +47,7 @@ import "validate/validate.proto";
 //       cache_duration:
 //         seconds: 300
 //
+// [#next-free-field: 10]
 message JwtProvider {
  // Specify the `principal <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_ that issued
  // the JWT, usually a URL or an email address.
@ -261,6 +262,7 @@ message ProviderWithAudiences {
 //          - provider_name: provider-B
 //          - provider_name: provider-C
 //
+// [#next-free-field: 6]
 message JwtRequirement {
  oneof requires_type {
    // Specify a required provider name.
--- a/envoy/config/filter/http/rate_limit/v2/rate_limit.proto
+++ b/envoy/config/filter/http/rate_limit/v2/rate_limit.proto
@ -15,6 +15,7 @@ import "validate/validate.proto";
 // [#protodoc-title: Rate limit]
 // Rate limit :ref:`configuration overview <config_http_filters_rate_limit>`.

+// [#next-free-field: 8]
 message RateLimit {
  // The rate limit domain to use when calling the rate limit service.
  string domain = 1 [(validate.rules).string = {min_bytes: 1}];
--- a/envoy/config/filter/http/rate_limit/v3alpha/rate_limit.proto
+++ b/envoy/config/filter/http/rate_limit/v3alpha/rate_limit.proto
@ -15,6 +15,7 @@ import "validate/validate.proto";
 // [#protodoc-title: Rate limit]
 // Rate limit :ref:`configuration overview <config_http_filters_rate_limit>`.

+// [#next-free-field: 8]
 message RateLimit {
  // The rate limit domain to use when calling the rate limit service.
  string domain = 1 [(validate.rules).string = {min_bytes: 1}];
--- a/envoy/config/filter/http/router/v2/router.proto
+++ b/envoy/config/filter/http/router/v2/router.proto
@ -15,6 +15,7 @@ import "validate/validate.proto";
 // [#protodoc-title: Router]
 // Router :ref:`configuration overview <config_http_filters_router>`.

+// [#next-free-field: 7]
 message Router {
  // Whether the router generates dynamic cluster statistics. Defaults to
  // true. Can be disabled in high performance scenarios.
--- a/envoy/config/filter/http/router/v3alpha/router.proto
+++ b/envoy/config/filter/http/router/v3alpha/router.proto
@ -15,6 +15,7 @@ import "validate/validate.proto";
 // [#protodoc-title: Router]
 // Router :ref:`configuration overview <config_http_filters_router>`.

+// [#next-free-field: 7]
 message Router {
  // Whether the router generates dynamic cluster statistics. Defaults to
  // true. Can be disabled in high performance scenarios.
--- a/envoy/config/filter/http/squash/v2/squash.proto
+++ b/envoy/config/filter/http/squash/v2/squash.proto
@ -14,6 +14,7 @@ import "validate/validate.proto";
 // [#protodoc-title: Squash]
 // Squash :ref:`configuration overview <config_http_filters_squash>`.

+// [#next-free-field: 6]
 message Squash {
  // The name of the cluster that hosts the Squash server.
  string cluster = 1 [(validate.rules).string = {min_bytes: 1}];
--- a/envoy/config/filter/http/transcoder/v2/transcoder.proto
+++ b/envoy/config/filter/http/transcoder/v2/transcoder.proto
@ -11,6 +11,7 @@ import "validate/validate.proto";
 // [#protodoc-title: gRPC-JSON transcoder]
 // gRPC-JSON transcoder :ref:`configuration overview <config_http_filters_grpc_json_transcoder>`.

+// [#next-free-field: 10]
 message GrpcJsonTranscoder {
  message PrintOptions {
    // Whether to add spaces, line breaks and indentation to make the JSON
--- a/envoy/config/filter/network/dubbo_proxy/v2alpha1/dubbo_proxy.proto
+++ b/envoy/config/filter/network/dubbo_proxy/v2alpha1/dubbo_proxy.proto
@ -28,6 +28,7 @@ enum SerializationType {
 }

 // [#comment:next free field: 6]
+// [#next-free-field: 6]
 message DubboProxy {
  // The human readable prefix to use when emitting statistics.
  string stat_prefix = 1 [(validate.rules).string = {min_bytes: 1}];
--- a/envoy/config/filter/network/dubbo_proxy/v2alpha1/route.proto
+++ b/envoy/config/filter/network/dubbo_proxy/v2alpha1/route.proto
@ -18,6 +18,7 @@ import "validate/validate.proto";
 // Dubbo Proxy :ref:`configuration overview <config_network_filters_dubbo_proxy>`.

 // [#comment:next free field: 6]
+// [#next-free-field: 6]
 message RouteConfiguration {
  // The name of the route configuration. Reserved for future use in asynchronous route discovery.
  string name = 1;
--- a/envoy/config/filter/network/dubbo_proxy/v3alpha/dubbo_proxy.proto
+++ b/envoy/config/filter/network/dubbo_proxy/v3alpha/dubbo_proxy.proto
@ -28,6 +28,7 @@ enum SerializationType {
 }

 // [#comment:next free field: 6]
+// [#next-free-field: 6]
 message DubboProxy {
  // The human readable prefix to use when emitting statistics.
  string stat_prefix = 1 [(validate.rules).string = {min_bytes: 1}];
--- a/envoy/config/filter/network/dubbo_proxy/v3alpha/route.proto
+++ b/envoy/config/filter/network/dubbo_proxy/v3alpha/route.proto
@ -18,6 +18,7 @@ import "validate/validate.proto";
 // Dubbo Proxy :ref:`configuration overview <config_network_filters_dubbo_proxy>`.

 // [#comment:next free field: 6]
+// [#next-free-field: 6]
 message RouteConfiguration {
  // The name of the route configuration. Reserved for future use in asynchronous route discovery.
  string name = 1;
--- a/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto
+++ b/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto
@ -24,6 +24,7 @@ import "validate/validate.proto";
 // HTTP connection manager :ref:`configuration overview <config_http_conn_man>`.

 // [#comment:next free field: 36]
+// [#next-free-field: 36]
 message HttpConnectionManager {
  enum CodecType {
    // For every new connection, the connection manager will determine which
@ -83,6 +84,7 @@ message HttpConnectionManager {
    ALWAYS_FORWARD_ONLY = 4;
  }

+  // [#next-free-field: 8]
  message Tracing {
    enum OperationName {
      // The HTTP listener is used for ingress/incoming requests.
@ -147,6 +149,7 @@ message HttpConnectionManager {
  }

  // [#comment:next free field: 7]
+  // [#next-free-field: 7]
  message SetCurrentClientCertDetails {
    reserved 2;

@ -485,6 +488,7 @@ message ScopedRouteConfigurationsList {
      [(validate.rules).repeated = {min_items: 1}];
 }

+// [#next-free-field: 6]
 message ScopedRoutes {
  // Specifies the mechanism for constructing "scope keys" based on HTTP request attributes. These
  // keys are matched against a set of :ref:`Key<envoy_api_msg_ScopedRouteConfiguration.Key>`
--- a/envoy/config/filter/network/http_connection_manager/v3alpha/http_connection_manager.proto
+++ b/envoy/config/filter/network/http_connection_manager/v3alpha/http_connection_manager.proto
@ -24,6 +24,7 @@ import "validate/validate.proto";
 // HTTP connection manager :ref:`configuration overview <config_http_conn_man>`.

 // [#comment:next free field: 36]
+// [#next-free-field: 36]
 message HttpConnectionManager {
  enum CodecType {
    // For every new connection, the connection manager will determine which
@ -83,6 +84,7 @@ message HttpConnectionManager {
    ALWAYS_FORWARD_ONLY = 4;
  }

+  // [#next-free-field: 8]
  message Tracing {
    enum OperationName {
      // The HTTP listener is used for ingress/incoming requests.
@ -142,6 +144,7 @@ message HttpConnectionManager {
  }

  // [#comment:next free field: 7]
+  // [#next-free-field: 7]
  message SetCurrentClientCertDetails {
    reserved 2;

@ -472,6 +475,7 @@ message ScopedRouteConfigurationsList {
      [(validate.rules).repeated = {min_items: 1}];
 }

+// [#next-free-field: 6]
 message ScopedRoutes {
  // Specifies the mechanism for constructing "scope keys" based on HTTP request attributes. These
  // keys are matched against a set of
--- a/envoy/config/filter/network/rate_limit/v2/rate_limit.proto
+++ b/envoy/config/filter/network/rate_limit/v2/rate_limit.proto
@ -16,6 +16,7 @@ import "validate/validate.proto";
 // [#protodoc-title: Rate limit]
 // Rate limit :ref:`configuration overview <config_network_filters_rate_limit>`.

+// [#next-free-field: 7]
 message RateLimit {
  // The prefix to use when emitting :ref:`statistics <config_network_filters_rate_limit_stats>`.
  string stat_prefix = 1 [(validate.rules).string = {min_bytes: 1}];
--- a/envoy/config/filter/network/rate_limit/v3alpha/rate_limit.proto
+++ b/envoy/config/filter/network/rate_limit/v3alpha/rate_limit.proto
@ -16,6 +16,7 @@ import "validate/validate.proto";
 // [#protodoc-title: Rate limit]
 // Rate limit :ref:`configuration overview <config_network_filters_rate_limit>`.

+// [#next-free-field: 7]
 message RateLimit {
  // The prefix to use when emitting :ref:`statistics <config_network_filters_rate_limit_stats>`.
  string stat_prefix = 1 [(validate.rules).string = {min_bytes: 1}];
--- a/envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto
+++ b/envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto
@ -16,8 +16,10 @@ import "validate/validate.proto";
 // [#protodoc-title: Redis Proxy]
 // Redis Proxy :ref:`configuration overview <config_network_filters_redis_proxy>`.

+// [#next-free-field: 7]
 message RedisProxy {
  // Redis connection pool settings.
+  // [#next-free-field: 9]
  message ConnPoolSettings {
    // ReadPolicy controls how Envoy routes read commands to Redis nodes. This is currently
    // supported for Redis Cluster. All ReadPolicy settings except MASTER may return stale data
--- a/envoy/config/filter/network/redis_proxy/v3alpha/redis_proxy.proto
+++ b/envoy/config/filter/network/redis_proxy/v3alpha/redis_proxy.proto
@ -16,8 +16,10 @@ import "validate/validate.proto";
 // [#protodoc-title: Redis Proxy]
 // Redis Proxy :ref:`configuration overview <config_network_filters_redis_proxy>`.

+// [#next-free-field: 7]
 message RedisProxy {
  // Redis connection pool settings.
+  // [#next-free-field: 9]
  message ConnPoolSettings {
    // ReadPolicy controls how Envoy routes read commands to Redis nodes. This is currently
    // supported for Redis Cluster. All ReadPolicy settings except MASTER may return stale data
--- a/envoy/config/filter/network/tcp_proxy/v2/tcp_proxy.proto
+++ b/envoy/config/filter/network/tcp_proxy/v2/tcp_proxy.proto
@ -18,6 +18,7 @@ import "validate/validate.proto";
 // [#protodoc-title: TCP Proxy]
 // TCP Proxy :ref:`configuration overview <config_network_filters_tcp_proxy>`.

+// [#next-free-field: 11]
 message TcpProxy {
  // [#not-implemented-hide:] Deprecated.
  // TCP Proxy filter configuration using V1 format.
@ -31,6 +32,7 @@ message TcpProxy {
    // specified until a match is found. If no match is found, the connection
    // is closed. A route with no criteria is valid and always produces a
    // match.
+    // [#next-free-field: 6]
    message TCPRoute {
      // The cluster to connect to when a the downstream network connection
      // matches the specified criteria.
--- a/envoy/config/filter/network/tcp_proxy/v3alpha/tcp_proxy.proto
+++ b/envoy/config/filter/network/tcp_proxy/v3alpha/tcp_proxy.proto
@ -18,6 +18,7 @@ import "validate/validate.proto";
 // [#protodoc-title: TCP Proxy]
 // TCP Proxy :ref:`configuration overview <config_network_filters_tcp_proxy>`.

+// [#next-free-field: 11]
 message TcpProxy {

  // Allows for specification of multiple upstream clusters along with weights
--- a/envoy/config/filter/network/thrift_proxy/v2alpha1/thrift_proxy.proto
+++ b/envoy/config/filter/network/thrift_proxy/v2alpha1/thrift_proxy.proto
@ -55,6 +55,7 @@ enum ProtocolType {
 }

 // [#comment:next free field: 6]
+// [#next-free-field: 6]
 message ThriftProxy {
  // Supplies the type of transport that the Thrift proxy should use. Defaults to
  // :ref:`AUTO_TRANSPORT<envoy_api_enum_value_config.filter.network.thrift_proxy.v2alpha1.TransportType.AUTO_TRANSPORT>`.
--- a/envoy/config/filter/network/thrift_proxy/v3alpha/thrift_proxy.proto
+++ b/envoy/config/filter/network/thrift_proxy/v3alpha/thrift_proxy.proto
@ -55,6 +55,7 @@ enum ProtocolType {
 }

 // [#comment:next free field: 6]
+// [#next-free-field: 6]
 message ThriftProxy {
  // Supplies the type of transport that the Thrift proxy should use. Defaults to
  // :ref:`AUTO_TRANSPORT<envoy_api_enum_value_config.filter.network.thrift_proxy.v3alpha.TransportType.AUTO_TRANSPORT>`.
--- a/envoy/config/filter/thrift/rate_limit/v2alpha1/rate_limit.proto
+++ b/envoy/config/filter/thrift/rate_limit/v2alpha1/rate_limit.proto
@ -16,6 +16,7 @@ import "validate/validate.proto";
 // Rate limit :ref:`configuration overview <config_thrift_filters_rate_limit>`.

 // [#comment:next free field: 5]
+// [#next-free-field: 6]
 message RateLimit {
  // The rate limit domain to use in the rate limit service request.
  string domain = 1 [(validate.rules).string = {min_bytes: 1}];
--- a/envoy/config/filter/thrift/rate_limit/v3alpha/rate_limit.proto
+++ b/envoy/config/filter/thrift/rate_limit/v3alpha/rate_limit.proto
@ -16,6 +16,7 @@ import "validate/validate.proto";
 // Rate limit :ref:`configuration overview <config_thrift_filters_rate_limit>`.

 // [#comment:next free field: 5]
+// [#next-free-field: 6]
 message RateLimit {
  // The rate limit domain to use in the rate limit service request.
  string domain = 1 [(validate.rules).string = {min_bytes: 1}];
--- a/envoy/config/rbac/v2/rbac.proto
+++ b/envoy/config/rbac/v2/rbac.proto
@ -99,6 +99,7 @@ message Policy {
 }

 // Permission defines an action (or actions) that a principal can take.
+// [#next-free-field: 10]
 message Permission {
  // Used in the `and_rules` and `or_rules` fields in the `rule` oneof. Depending on the context,
  // each are applied with the associated behavior.
@ -160,6 +161,7 @@ message Permission {
 }

 // Principal defines an identity or a group of identities for a downstream subject.
+// [#next-free-field: 9]
 message Principal {
  // Used in the `and_ids` and `or_ids` fields in the `identifier` oneof. Depending on the context,
  // each are applied with the associated behavior.
--- a/envoy/config/rbac/v3alpha/rbac.proto
+++ b/envoy/config/rbac/v3alpha/rbac.proto
@ -99,6 +99,7 @@ message Policy {
 }

 // Permission defines an action (or actions) that a principal can take.
+// [#next-free-field: 10]
 message Permission {
  // Used in the `and_rules` and `or_rules` fields in the `rule` oneof. Depending on the context,
  // each are applied with the associated behavior.
@ -160,6 +161,7 @@ message Permission {
 }

 // Principal defines an identity or a group of identities for a downstream subject.
+// [#next-free-field: 9]
 message Principal {
  // Used in the `and_ids` and `or_ids` fields in the `identifier` oneof. Depending on the context,
  // each are applied with the associated behavior.
--- a/envoy/config/trace/v2/trace.proto
+++ b/envoy/config/trace/v2/trace.proto
@ -66,6 +66,7 @@ message LightstepConfig {
 }

 // Configuration for the Zipkin tracer.
+// [#next-free-field: 6]
 message ZipkinConfig {
  // Available Zipkin collector endpoint versions.
  enum CollectorEndpointVersion {
@ -134,6 +135,7 @@ message DatadogConfig {
 }

 // Configuration for the OpenCensus tracer.
+// [#next-free-field: 13]
 message OpenCensusConfig {
  enum TraceContext {
    // No-op default, no trace context is utilized.
--- a/envoy/config/trace/v3alpha/trace.proto
+++ b/envoy/config/trace/v3alpha/trace.proto
@ -66,6 +66,7 @@ message LightstepConfig {
 }

 // Configuration for the Zipkin tracer.
+// [#next-free-field: 6]
 message ZipkinConfig {
  // Available Zipkin collector endpoint versions.
  enum CollectorEndpointVersion {
@ -134,6 +135,7 @@ message DatadogConfig {
 }

 // Configuration for the OpenCensus tracer.
+// [#next-free-field: 13]
 message OpenCensusConfig {
  enum TraceContext {
    // No-op default, no trace context is utilized.
--- a/envoy/data/accesslog/v2/accesslog.proto
+++ b/envoy/data/accesslog/v2/accesslog.proto
@ -66,6 +66,7 @@ message ConnectionProperties {
 }

 // Defines fields that are shared by all Envoy access logs.
+// [#next-free-field: 21]
 message AccessLogCommon {
  // [#not-implemented-hide:]
  // This field indicates the rate at which this log entry was sampled.
@ -164,6 +165,7 @@ message AccessLogCommon {
 }

 // Flags indicating occurrences during request/response processing.
+// [#next-free-field: 19]
 message ResponseFlags {
  message Unauthorized {
    // Reasons why the request was unauthorized
@ -234,6 +236,7 @@ message ResponseFlags {
 }

 // Properties of a negotiated TLS connection.
+// [#next-free-field: 7]
 message TLSProperties {
  enum TLSVersion {
    VERSION_UNSPECIFIED = 0;
@ -283,6 +286,7 @@ message TLSProperties {
  string tls_session_id = 6;
 }

+// [#next-free-field: 14]
 message HTTPRequestProperties {
  // The request method (RFC 7231/2616).
  // [#comment:TODO(htuch): add (validate.rules).enum.defined_only = true once
@ -337,6 +341,7 @@ message HTTPRequestProperties {
  map<string, string> request_headers = 13;
 }

+// [#next-free-field: 7]
 message HTTPResponseProperties {
  // The HTTP response code returned by Envoy.
  google.protobuf.UInt32Value response_code = 1;
--- a/envoy/data/accesslog/v3alpha/accesslog.proto
+++ b/envoy/data/accesslog/v3alpha/accesslog.proto
@ -66,6 +66,7 @@ message ConnectionProperties {
 }

 // Defines fields that are shared by all Envoy access logs.
+// [#next-free-field: 21]
 message AccessLogCommon {
  // [#not-implemented-hide:]
  // This field indicates the rate at which this log entry was sampled.
@ -164,6 +165,7 @@ message AccessLogCommon {
 }

 // Flags indicating occurrences during request/response processing.
+// [#next-free-field: 19]
 message ResponseFlags {
  message Unauthorized {
    // Reasons why the request was unauthorized
@ -234,6 +236,7 @@ message ResponseFlags {
 }

 // Properties of a negotiated TLS connection.
+// [#next-free-field: 7]
 message TLSProperties {
  enum TLSVersion {
    VERSION_UNSPECIFIED = 0;
@ -283,6 +286,7 @@ message TLSProperties {
  string tls_session_id = 6;
 }

+// [#next-free-field: 14]
 message HTTPRequestProperties {
  // The request method (RFC 7231/2616).
  // [#comment:TODO(htuch): add (validate.rules).enum.defined_only = true once
@ -337,6 +341,7 @@ message HTTPRequestProperties {
  map<string, string> request_headers = 13;
 }

+// [#next-free-field: 7]
 message HTTPResponseProperties {
  // The HTTP response code returned by Envoy.
  google.protobuf.UInt32Value response_code = 1;
--- a/envoy/data/cluster/v2alpha/outlier_detection_event.proto
+++ b/envoy/data/cluster/v2alpha/outlier_detection_event.proto
@ -70,6 +70,7 @@ enum Action {
  UNEJECT = 1;
 }

+// [#next-free-field: 12]
 message OutlierDetectionEvent {
  // In case of eject represents type of ejection that took place.
  OutlierEjectionType type = 1 [(validate.rules).enum = {defined_only: true}];
--- a/envoy/data/core/v2alpha/health_check_event.proto
+++ b/envoy/data/core/v2alpha/health_check_event.proto
@ -28,6 +28,7 @@ enum HealthCheckerType {
  REDIS = 3;
 }

+// [#next-free-field: 10]
 message HealthCheckEvent {
  HealthCheckerType health_checker_type = 1 [(validate.rules).enum = {defined_only: true}];

--- a/envoy/data/core/v3alpha/health_check_event.proto
+++ b/envoy/data/core/v3alpha/health_check_event.proto
@ -28,6 +28,7 @@ enum HealthCheckerType {
  REDIS = 3;
 }

+// [#next-free-field: 10]
 message HealthCheckEvent {
  HealthCheckerType health_checker_type = 1 [(validate.rules).enum = {defined_only: true}];

--- a/envoy/data/tap/v2alpha/http.proto
+++ b/envoy/data/tap/v2alpha/http.proto
@ -33,6 +33,7 @@ message HttpBufferedTrace {
 }

 // A streamed HTTP trace segment. Multiple segments make up a full trace.
+// [#next-free-field: 8]
 message HttpStreamedTraceSegment {
  // Trace ID unique to the originating Envoy only. Trace IDs can repeat and should not be used
  // for long term stable uniqueness.
--- a/envoy/data/tap/v2alpha/transport.proto
+++ b/envoy/data/tap/v2alpha/transport.proto
@ -62,6 +62,7 @@ message SocketEvent {
 }

 // Sequence of read/write events that constitute a buffered trace on a socket.
+// [#next-free-field: 6]
 message SocketBufferedTrace {
  // Trace ID unique to the originating Envoy only. Trace IDs can repeat and should not be used
  // for long term stable uniqueness. Matches connection IDs used in Envoy logs.
--- a/envoy/data/tap/v3alpha/http.proto
+++ b/envoy/data/tap/v3alpha/http.proto
@ -33,6 +33,7 @@ message HttpBufferedTrace {
 }

 // A streamed HTTP trace segment. Multiple segments make up a full trace.
+// [#next-free-field: 8]
 message HttpStreamedTraceSegment {
  // Trace ID unique to the originating Envoy only. Trace IDs can repeat and should not be used
  // for long term stable uniqueness.
--- a/envoy/data/tap/v3alpha/transport.proto
+++ b/envoy/data/tap/v3alpha/transport.proto
@ -62,6 +62,7 @@ message SocketEvent {
 }

 // Sequence of read/write events that constitute a buffered trace on a socket.
+// [#next-free-field: 6]
 message SocketBufferedTrace {
  // Trace ID unique to the originating Envoy only. Trace IDs can repeat and should not be used
  // for long term stable uniqueness. Matches connection IDs used in Envoy logs.
--- a/envoy/service/auth/v2/attribute_context.proto
+++ b/envoy/service/auth/v2/attribute_context.proto
@ -33,6 +33,7 @@ import "google/protobuf/timestamp.proto";
 // - field mask to send
 // - which return values from request_context are copied back
 // - which return values are copied into request_headers]
+// [#next-free-field: 12]
 message AttributeContext {
  // This message defines attributes for a node that handles a network request.
  // The node can be either a service or an application that sends, forwards,
@ -78,6 +79,7 @@ message AttributeContext {

  // This message defines attributes for an HTTP request.
  // HTTP/1.x, HTTP/2, gRPC are all considered as HTTP requests.
+  // [#next-free-field: 12]
  message HttpRequest {
    // The unique ID for a request, which can be propagated to downstream
    // systems. The ID should have low probability of collision
--- a/Show More
+++ b/Show More