|
|
|
|
@ -63,23 +63,13 @@ message Filter { |
|
|
|
|
// of the configured filter chains that matches the incoming connection is going |
|
|
|
|
// to be used (e.g. for SNI ``www.example.com`` the most specific match would be |
|
|
|
|
// ``www.example.com``, then ``*.example.com``, then any filter chain without |
|
|
|
|
// ``sni_domains`` requirements). |
|
|
|
|
// ``server_names`` requirements). |
|
|
|
|
// |
|
|
|
|
// [#comment: Implemented rules are kept in the preference order, with deprecated fields |
|
|
|
|
// listed at the end, because that's how we want to list them in the docs. |
|
|
|
|
// |
|
|
|
|
// [#comment:TODO(PiotrSikora): Add support for configurable precedence of the rules] |
|
|
|
|
message FilterChainMatch { |
|
|
|
|
// If non-empty, the SNI domain names to consider. May contain a wildcard prefix for |
|
|
|
|
// the bottom-level domain of a domain name, e.g. ``*.example.com``. |
|
|
|
|
// |
|
|
|
|
// Note that ``foo.example.com`` will be matched by ``foo.example.com`` |
|
|
|
|
// and ``*.example.com`` SNI domain names, but **not** by ``*foo.example.com``, |
|
|
|
|
// ``*oo.example.com``, ``*example.com``, ``*.com`` or ``*``. |
|
|
|
|
// |
|
|
|
|
// .. attention:: |
|
|
|
|
// |
|
|
|
|
// See the :ref:`FAQ entry <faq_how_to_setup_sni>` on how to configure SNI for more |
|
|
|
|
// information. |
|
|
|
|
repeated string sni_domains = 1; |
|
|
|
|
|
|
|
|
|
// If non-empty, an IP address and prefix length to match addresses when the |
|
|
|
|
// listener is bound to 0.0.0.0/:: or when use_original_dst is specified. |
|
|
|
|
// [#not-implemented-hide:] |
|
|
|
|
@ -111,6 +101,23 @@ message FilterChainMatch { |
|
|
|
|
// [#not-implemented-hide:] |
|
|
|
|
google.protobuf.UInt32Value destination_port = 8; |
|
|
|
|
|
|
|
|
|
// If non-empty, a list of server names (e.g. SNI for TLS protocol) to consider when determining |
|
|
|
|
// a filter chain match. Those values will be compared against the server names of a new connection, |
|
|
|
|
// when detected by one of the listener filters. |
|
|
|
|
// |
|
|
|
|
// The values may contain a wildcard prefix for the bottom-level domain of a domain name, |
|
|
|
|
// e.g. ``*.example.com``. |
|
|
|
|
// |
|
|
|
|
// Note that ``foo.example.com`` will be matched by ``foo.example.com`` and ``*.example.com`` |
|
|
|
|
// server names, but **not** by ``*foo.example.com``, ``*oo.example.com``, ``*example.com``, |
|
|
|
|
// ``*.com`` or ``*``. |
|
|
|
|
// |
|
|
|
|
// .. attention:: |
|
|
|
|
// |
|
|
|
|
// See the :ref:`FAQ entry <faq_how_to_setup_sni>` on how to configure SNI for more |
|
|
|
|
// information. |
|
|
|
|
repeated string server_names = 11; |
|
|
|
|
|
|
|
|
|
// If non-empty, a transport protocol to consider when determining a filter chain match. |
|
|
|
|
// This value will be compared against the transport protocol of a new connection, when |
|
|
|
|
// it's detected by one of the listener filters. |
|
|
|
|
@ -122,9 +129,9 @@ message FilterChainMatch { |
|
|
|
|
// when TLS protocol is detected. |
|
|
|
|
string transport_protocol = 9; |
|
|
|
|
|
|
|
|
|
// If non-empty, a list of application protocols to consider when determining a filter chain |
|
|
|
|
// match. Those values will be compared against the application protocols of a new connection, |
|
|
|
|
// when detected by one of the listener filters. |
|
|
|
|
// If non-empty, a list of application protocols (e.g. ALPN for TLS protocol) to consider when |
|
|
|
|
// determining a filter chain match. Those values will be compared against the application protocols |
|
|
|
|
// of a new connection, when detected by one of the listener filters. |
|
|
|
|
// |
|
|
|
|
// Suggested values include: |
|
|
|
|
// |
|
|
|
|
@ -141,6 +148,22 @@ message FilterChainMatch { |
|
|
|
|
// and matching on values other than ``h2`` is going to lead to a lot of false negatives, |
|
|
|
|
// unless all connecting clients are known to use ALPN. |
|
|
|
|
repeated string application_protocols = 10; |
|
|
|
|
|
|
|
|
|
// If non-empty, a list of server names (e.g. SNI for TLS protocol) to consider when determining |
|
|
|
|
// a filter chain match. Those values will be compared against the server names of a new connection, |
|
|
|
|
// when detected by one of the listener filters. |
|
|
|
|
// |
|
|
|
|
// The values may contain a wildcard prefix for the bottom-level domain of a domain name, |
|
|
|
|
// e.g. ``*.example.com``. |
|
|
|
|
// |
|
|
|
|
// Note that ``foo.example.com`` will be matched by ``foo.example.com`` and ``*.example.com`` |
|
|
|
|
// server names, but **not** by ``*foo.example.com``, ``*oo.example.com``, ``*example.com``, |
|
|
|
|
// ``*.com`` or ``*``. |
|
|
|
|
// |
|
|
|
|
// .. attention:: |
|
|
|
|
// |
|
|
|
|
// Deprecated. Use :ref:`server_names <envoy_api_field_listener.FilterChainMatch.server_names>` instead. |
|
|
|
|
repeated string sni_domains = 1 [deprecated = true]; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// A filter chain wraps a set of match criteria, an option TLS context, a set of filters, and |
|
|
|
|
|
data-plane-api(CircleCI)
7 years ago