IP Matcher on a list of CIDR ranges (#16592)
Input matcher that checks that an IP{v4,v6} belongs to a list of CIDR ranges
Signed-off-by: Adrien Guinet <adrien@reblaze.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6cd6a0cab68c757c785e62e0d73d881f57c97839
pull/624/head
data-plane-api(Azure Pipelines)
4 years ago
parent
efc1a59d1a
commit
7a2b442171
4 changed files with 52 additions and 0 deletions
@ -0,0 +1,12 @@ |
|||||||
|
# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py. |
||||||
|
|
||||||
|
load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") |
||||||
|
|
||||||
|
licenses(["notice"]) # Apache 2 |
||||||
|
|
||||||
|
api_proto_package( |
||||||
|
deps = [ |
||||||
|
"//envoy/config/core/v3:pkg", |
||||||
|
"@com_github_cncf_udpa//udpa/annotations:pkg", |
||||||
|
], |
||||||
|
) |
||||||
@ -0,0 +1,38 @@ |
|||||||
|
syntax = "proto3"; |
||||||
|
|
||||||
|
package envoy.extensions.matching.input_matchers.ip.v3; |
||||||
|
|
||||||
|
import "envoy/config/core/v3/address.proto"; |
||||||
|
|
||||||
|
import "udpa/annotations/status.proto"; |
||||||
|
import "validate/validate.proto"; |
||||||
|
|
||||||
|
option java_package = "io.envoyproxy.envoy.extensions.matching.input_matchers.ip.v3"; |
||||||
|
option java_outer_classname = "IpProto"; |
||||||
|
option java_multiple_files = true; |
||||||
|
option (udpa.annotations.file_status).package_version_status = ACTIVE; |
||||||
|
|
||||||
|
// [#protodoc-title: IP matcher] |
||||||
|
// [#extension: envoy.matching.input_matchers.ip] |
||||||
|
|
||||||
|
// This input matcher matches IPv4 or IPv6 addresses against a list of CIDR |
||||||
|
// ranges. It returns true if and only if the input IP belongs to at least one |
||||||
|
// of these CIDR ranges. Internally, it uses a Level-Compressed trie, as |
||||||
|
// described in the paper `IP-address lookup using LC-tries |
||||||
|
// <https://www.nada.kth.se/~snilsson/publications/IP-address-lookup-using-LC-tries/>`_ |
||||||
|
// by S. Nilsson and G. Karlsson. For "big" lists of IPs, this matcher is more |
||||||
|
// efficient than multiple single IP matcher, that would have a linear cost. |
||||||
|
message Ip { |
||||||
|
// Match if the IP belongs to any of these CIDR ranges. |
||||||
|
repeated config.core.v3.CidrRange cidr_ranges = 1 [(validate.rules).repeated = {min_items: 1}]; |
||||||
|
|
||||||
|
// The human readable prefix to use when emitting statistics for the IP input |
||||||
|
// matcher. Names in the table below are concatenated to this prefix. |
||||||
|
// |
||||||
|
// .. csv-table:: |
||||||
|
// :header: Name, Type, Description |
||||||
|
// :widths: 1, 1, 2 |
||||||
|
// |
||||||
|
// ip_parsing_failed, Counter, Total number of IP addresses the matcher was unable to parse |
||||||
|
string stat_prefix = 2 [(validate.rules).string = {min_len: 1}]; |
||||||
|
} |
||||||
Loading…
Reference in new issue