From 97222399cf1e5dee9a0a050f40a3ecf60be70ae7 Mon Sep 17 00:00:00 2001 From: "update-envoy[bot]" <135279899+update-envoy[bot]@users.noreply.github.com> Date: Fri, 1 Sep 2023 06:46:28 +0000 Subject: [PATCH] TLS Inspector: Enable tls_inspector buffer to dynamically size. (#27860) * Enable tls_inspector buffer to dynamically size listener filter buffer. Signed-off-by: Kevin Baichoo Mirrored from https://github.com/envoyproxy/envoy @ a0fed8f481914b099431cfece6a719b306b3bfca --- .../listener/tls_inspector/v3/tls_inspector.proto | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/envoy/extensions/filters/listener/tls_inspector/v3/tls_inspector.proto b/envoy/extensions/filters/listener/tls_inspector/v3/tls_inspector.proto index 8e5350cc..db2d07c8 100644 --- a/envoy/extensions/filters/listener/tls_inspector/v3/tls_inspector.proto +++ b/envoy/extensions/filters/listener/tls_inspector/v3/tls_inspector.proto @@ -6,6 +6,7 @@ import "google/protobuf/wrappers.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.listener.tls_inspector.v3"; option java_outer_classname = "TlsInspectorProto"; @@ -23,4 +24,12 @@ message TlsInspector { // Populate ``JA3`` fingerprint hash using data from the TLS Client Hello packet. Default is false. google.protobuf.BoolValue enable_ja3_fingerprinting = 1; + + // The size in bytes of the initial buffer requested by the tls_inspector. + // If the filter needs to read additional bytes from the socket, the + // filter will double the buffer up to it's default maximum of 64KiB. + // If this size is not defined, defaults to maximum 64KiB that the + // tls inspector will consume. + google.protobuf.UInt32Value initial_read_buffer_size = 2 + [(validate.rules).uint32 = {lt: 65537 gt: 255}]; }