api: add listener_address_restriction_hint in Node to hint known listening ports on the node (#10370)

Signed-off-by: Sanjay Pujare <sanjaypujare@users.noreply.github.com>

Mirrored from https://github.com/envoyproxy/envoy @ 404d73c73c08b8d470b3ead6395cbc9c531f199d

envoy/api/v2/core/address.proto

@@ -2,7 +2,7 @@ syntax = "proto3";
 
 package envoy.api.v2.core;
 
-import "envoy/api/v2/core/base.proto";
+import "envoy/api/v2/core/socket_option.proto";
 
 import "google/protobuf/wrappers.proto";
 

envoy/api/v2/core/base.proto

@@ -2,6 +2,7 @@ syntax = "proto3";
 
 package envoy.api.v2.core;
 
+import "envoy/api/v2/core/address.proto";
 import "envoy/api/v2/core/backoff.proto";
 import "envoy/api/v2/core/http_uri.proto";
 import "envoy/type/percent.proto";
@@ -15,6 +16,8 @@ import "google/protobuf/wrappers.proto";
 import "udpa/annotations/migrate.proto";
 import "validate/validate.proto";
 
+import public "envoy/api/v2/core/socket_option.proto";
+
 option java_package = "io.envoyproxy.envoy.api.v2.core";
 option java_outer_classname = "BaseProto";
 option java_multiple_files = true;
@@ -123,7 +126,7 @@ message Extension {
 // Identifies a specific Envoy instance. The node identifier is presented to the
 // management server, which may use this identifier to distinguish per Envoy
 // configuration for serving.
-// [#next-free-field: 11]
+// [#next-free-field: 12]
 message Node {
   // An opaque node identifier for the Envoy node. This also provides the local
   // service node name. It should be set if any of the following features are
@@ -182,6 +185,12 @@ message Node {
   // See :ref:`the list of features <client_features>` that xDS client may
   // support.
   repeated string client_features = 10;
+
+  // Known listening ports on the node as a generic hint to the management server
+  // for filtering :ref:`listeners <config_listeners>` to be returned. For example,
+  // if there is a listener bound to port 80, the list can optionally contain the
+  // SocketAddress `(0.0.0.0,80)`. The field is optional and just a hint.
+  repeated Address listening_addresses = 11;
 }
 
 // Metadata provides additional inputs to filters based on matched listeners,
@@ -335,46 +344,6 @@ message TransportSocket {
   }
 }
 
-// Generic socket option message. This would be used to set socket options that
-// might not exist in upstream kernels or precompiled Envoy binaries.
-// [#next-free-field: 7]
-message SocketOption {
-  enum SocketState {
-    // Socket options are applied after socket creation but before binding the socket to a port
-    STATE_PREBIND = 0;
-
-    // Socket options are applied after binding the socket to a port but before calling listen()
-    STATE_BOUND = 1;
-
-    // Socket options are applied after calling listen()
-    STATE_LISTENING = 2;
-  }
-
-  // An optional name to give this socket option for debugging, etc.
-  // Uniqueness is not required and no special meaning is assumed.
-  string description = 1;
-
-  // Corresponding to the level value passed to setsockopt, such as IPPROTO_TCP
-  int64 level = 2;
-
-  // The numeric name as passed to setsockopt
-  int64 name = 3;
-
-  oneof value {
-    option (validate.required) = true;
-
-    // Because many sockopts take an int value.
-    int64 int_value = 4;
-
-    // Otherwise it's a byte buffer.
-    bytes buf_value = 5;
-  }
-
-  // The state in which the option will be applied. When used in BindConfig
-  // STATE_PREBIND is currently the only valid value.
-  SocketState state = 6 [(validate.rules).enum = {defined_only: true}];
-}
-
 // Runtime derived FractionalPercent with defaults for when the numerator or denominator is not
 // specified via a runtime key.
 //

envoy/api/v2/core/socket_option.proto

@@ -0,0 +1,53 @@
+syntax = "proto3";
+
+package envoy.api.v2.core;
+
+import "udpa/annotations/migrate.proto";
+import "validate/validate.proto";
+
+option java_package = "io.envoyproxy.envoy.api.v2.core";
+option java_outer_classname = "SocketOptionProto";
+option java_multiple_files = true;
+option (udpa.annotations.file_migrate).move_to_package = "envoy.config.core.v3";
+
+// [#protodoc-title: Socket Option ]
+
+// Generic socket option message. This would be used to set socket options that
+// might not exist in upstream kernels or precompiled Envoy binaries.
+// [#next-free-field: 7]
+message SocketOption {
+  enum SocketState {
+    // Socket options are applied after socket creation but before binding the socket to a port
+    STATE_PREBIND = 0;
+
+    // Socket options are applied after binding the socket to a port but before calling listen()
+    STATE_BOUND = 1;
+
+    // Socket options are applied after calling listen()
+    STATE_LISTENING = 2;
+  }
+
+  // An optional name to give this socket option for debugging, etc.
+  // Uniqueness is not required and no special meaning is assumed.
+  string description = 1;
+
+  // Corresponding to the level value passed to setsockopt, such as IPPROTO_TCP
+  int64 level = 2;
+
+  // The numeric name as passed to setsockopt
+  int64 name = 3;
+
+  oneof value {
+    option (validate.required) = true;
+
+    // Because many sockopts take an int value.
+    int64 int_value = 4;
+
+    // Otherwise it's a byte buffer.
+    bytes buf_value = 5;
+  }
+
+  // The state in which the option will be applied. When used in BindConfig
+  // STATE_PREBIND is currently the only valid value.
+  SocketState state = 6 [(validate.rules).enum = {defined_only: true}];
+}

envoy/api/v2/listener.proto

@@ -4,6 +4,7 @@ package envoy.api.v2;
 
 import "envoy/api/v2/core/address.proto";
 import "envoy/api/v2/core/base.proto";
+import "envoy/api/v2/core/socket_option.proto";
 import "envoy/api/v2/listener/listener_components.proto";
 import "envoy/api/v2/listener/udp_listener_config.proto";
 import "envoy/config/listener/v2/api_listener.proto";

envoy/config/bootstrap/v2/bootstrap.proto

@@ -7,6 +7,7 @@ import "envoy/api/v2/cluster.proto";
 import "envoy/api/v2/core/address.proto";
 import "envoy/api/v2/core/base.proto";
 import "envoy/api/v2/core/config_source.proto";
+import "envoy/api/v2/core/socket_option.proto";
 import "envoy/api/v2/listener.proto";
 import "envoy/config/metrics/v2/stats.proto";
 import "envoy/config/overload/v2alpha/overload.proto";

envoy/config/bootstrap/v3/bootstrap.proto

@@ -6,6 +6,7 @@ import "envoy/config/cluster/v3/cluster.proto";
 import "envoy/config/core/v3/address.proto";
 import "envoy/config/core/v3/base.proto";
 import "envoy/config/core/v3/config_source.proto";
+import "envoy/config/core/v3/socket_option.proto";
 import "envoy/config/listener/v3/listener.proto";
 import "envoy/config/metrics/v3/stats.proto";
 import "envoy/config/overload/v3/overload.proto";

envoy/config/core/v3/address.proto

@@ -2,7 +2,7 @@ syntax = "proto3";
 
 package envoy.config.core.v3;
 
-import "envoy/config/core/v3/base.proto";
+import "envoy/config/core/v3/socket_option.proto";
 
 import "google/protobuf/wrappers.proto";
 

envoy/config/core/v3/base.proto

@@ -2,6 +2,7 @@ syntax = "proto3";
 
 package envoy.config.core.v3;
 
+import "envoy/config/core/v3/address.proto";
 import "envoy/config/core/v3/backoff.proto";
 import "envoy/config/core/v3/http_uri.proto";
 import "envoy/type/v3/percent.proto";
@@ -129,7 +130,7 @@ message Extension {
 // Identifies a specific Envoy instance. The node identifier is presented to the
 // management server, which may use this identifier to distinguish per Envoy
 // configuration for serving.
-// [#next-free-field: 11]
+// [#next-free-field: 12]
 message Node {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.Node";
 
@@ -188,6 +189,12 @@ message Node {
   // See :ref:`the list of features <client_features>` that xDS client may
   // support.
   repeated string client_features = 10;
+
+  // Known listening ports on the node as a generic hint to the management server
+  // for filtering :ref:`listeners <config_listeners>` to be returned. For example,
+  // if there is a listener bound to port 80, the list can optionally contain the
+  // SocketAddress `(0.0.0.0,80)`. The field is optional and just a hint.
+  repeated Address listening_addresses = 11;
 }
 
 // Metadata provides additional inputs to filters based on matched listeners,
@@ -367,48 +374,6 @@ message TransportSocket {
   }
 }
 
-// Generic socket option message. This would be used to set socket options that
-// might not exist in upstream kernels or precompiled Envoy binaries.
-// [#next-free-field: 7]
-message SocketOption {
-  option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.SocketOption";
-
-  enum SocketState {
-    // Socket options are applied after socket creation but before binding the socket to a port
-    STATE_PREBIND = 0;
-
-    // Socket options are applied after binding the socket to a port but before calling listen()
-    STATE_BOUND = 1;
-
-    // Socket options are applied after calling listen()
-    STATE_LISTENING = 2;
-  }
-
-  // An optional name to give this socket option for debugging, etc.
-  // Uniqueness is not required and no special meaning is assumed.
-  string description = 1;
-
-  // Corresponding to the level value passed to setsockopt, such as IPPROTO_TCP
-  int64 level = 2;
-
-  // The numeric name as passed to setsockopt
-  int64 name = 3;
-
-  oneof value {
-    option (validate.required) = true;
-
-    // Because many sockopts take an int value.
-    int64 int_value = 4;
-
-    // Otherwise it's a byte buffer.
-    bytes buf_value = 5;
-  }
-
-  // The state in which the option will be applied. When used in BindConfig
-  // STATE_PREBIND is currently the only valid value.
-  SocketState state = 6 [(validate.rules).enum = {defined_only: true}];
-}
-
 // Runtime derived FractionalPercent with defaults for when the numerator or denominator is not
 // specified via a runtime key.
 //

envoy/config/core/v3/socket_option.proto

@@ -0,0 +1,55 @@
+syntax = "proto3";
+
+package envoy.config.core.v3;
+
+import "udpa/annotations/versioning.proto";
+
+import "validate/validate.proto";
+
+option java_package = "io.envoyproxy.envoy.config.core.v3";
+option java_outer_classname = "SocketOptionProto";
+option java_multiple_files = true;
+
+// [#protodoc-title: Socket Option ]
+
+// Generic socket option message. This would be used to set socket options that
+// might not exist in upstream kernels or precompiled Envoy binaries.
+// [#next-free-field: 7]
+message SocketOption {
+  option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.SocketOption";
+
+  enum SocketState {
+    // Socket options are applied after socket creation but before binding the socket to a port
+    STATE_PREBIND = 0;
+
+    // Socket options are applied after binding the socket to a port but before calling listen()
+    STATE_BOUND = 1;
+
+    // Socket options are applied after calling listen()
+    STATE_LISTENING = 2;
+  }
+
+  // An optional name to give this socket option for debugging, etc.
+  // Uniqueness is not required and no special meaning is assumed.
+  string description = 1;
+
+  // Corresponding to the level value passed to setsockopt, such as IPPROTO_TCP
+  int64 level = 2;
+
+  // The numeric name as passed to setsockopt
+  int64 name = 3;
+
+  oneof value {
+    option (validate.required) = true;
+
+    // Because many sockopts take an int value.
+    int64 int_value = 4;
+
+    // Otherwise it's a byte buffer.
+    bytes buf_value = 5;
+  }
+
+  // The state in which the option will be applied. When used in BindConfig
+  // STATE_PREBIND is currently the only valid value.
+  SocketState state = 6 [(validate.rules).enum = {defined_only: true}];
+}

envoy/config/listener/v3/listener.proto

@@ -4,6 +4,7 @@ package envoy.config.listener.v3;
 
 import "envoy/config/core/v3/address.proto";
 import "envoy/config/core/v3/base.proto";
+import "envoy/config/core/v3/socket_option.proto";
 import "envoy/config/listener/v3/api_listener.proto";
 import "envoy/config/listener/v3/listener_components.proto";
 import "envoy/config/listener/v3/udp_listener_config.proto";