Chiebot-Mirror
/
data-plane-api
mirror of https://github.com/envoyproxy/data-plane-api.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

listener: filter chain selection based on destination IP/port. (#3851)

Browse Source 
*Risk Level*: Medium
*Testing*: bazel test //test/...
*Docs Changes*: Minimal
*Release Notes*: Added

Signed-off-by: Piotr Sikora <piotrsikora@google.com>

Mirrored from https://github.com/envoyproxy/envoy @ 01d2e16e973a76cc05f5e9e5c7a74f73498bc6c2
pull/620/head
data-plane-api(CircleCI) 7 years ago
parent 47177045ed
commit 56f0268e5d
1 changed files with 9 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 19
      envoy/api/v2/listener/listener.proto

19
envoy/api/v2/listener/listener.proto
Unescape View File

@ -55,10 +55,11 @@ message Filter {
//
// The following order applies:
//
// [#comment:TODO(PiotrSikora): destination IP / ranges are going to be 1.]
// 1. Server name (e.g. SNI for TLS protocol),
// 2. Transport protocol.
// 3. Application protocols (e.g. ALPN for TLS protocol).
// 1. Destination port.
// 2. Destination IP address.
// 3. Server name (e.g. SNI for TLS protocol),
// 4. Transport protocol.
// 5. Application protocols (e.g. ALPN for TLS protocol).
//
// For criterias that allow ranges or wildcards, the most specific value in any
// of the configured filter chains that matches the incoming connection is going
@ -71,9 +72,12 @@ message Filter {
//
// [#comment:TODO(PiotrSikora): Add support for configurable precedence of the rules]
message FilterChainMatch {
// Optional destination port to consider when use_original_dst is set on the
// listener in determining a filter chain match.
google.protobuf.UInt32Value destination_port = 8 [(validate.rules).uint32 = {gte: 1, lte: 65535}];
// If non-empty, an IP address and prefix length to match addresses when the
// listener is bound to 0.0.0.0/:: or when use_original_dst is specified.
// [#not-implemented-hide:]
repeated core.CidrRange prefix_ranges = 3;
// If non-empty, an IP address and suffix length to match addresses when the
@ -97,11 +101,6 @@ message FilterChainMatch {
// [#not-implemented-hide:]
repeated google.protobuf.UInt32Value source_ports = 7;
// Optional destination port to consider when use_original_dst is set on the
// listener in determining a filter chain match.
// [#not-implemented-hide:]
google.protobuf.UInt32Value destination_port = 8;
// If non-empty, a list of server names (e.g. SNI for TLS protocol) to consider when determining
// a filter chain match. Those values will be compared against the server names of a new
// connection, when detected by one of the listener filters.

Write Preview
Loading…
Cancel
Save