|
|
@ -63,9 +63,12 @@ message Filter { |
|
|
|
// 3. Server name (e.g. SNI for TLS protocol), |
|
|
|
// 3. Server name (e.g. SNI for TLS protocol), |
|
|
|
// 4. Transport protocol. |
|
|
|
// 4. Transport protocol. |
|
|
|
// 5. Application protocols (e.g. ALPN for TLS protocol). |
|
|
|
// 5. Application protocols (e.g. ALPN for TLS protocol). |
|
|
|
// 6. Source type (e.g. any, local or external network). |
|
|
|
// 6. Directly connected source IP address (this will only be different from the source IP address |
|
|
|
// 7. Source IP address. |
|
|
|
// when using a listener filter that overrides the source address, such as the :ref:`Proxy Protocol |
|
|
|
// 8. Source port. |
|
|
|
// listener filter <config_listener_filters_proxy_protocol>`). |
|
|
|
|
|
|
|
// 7. Source type (e.g. any, local or external network). |
|
|
|
|
|
|
|
// 8. Source IP address. |
|
|
|
|
|
|
|
// 9. Source port. |
|
|
|
// |
|
|
|
// |
|
|
|
// For criteria that allow ranges or wildcards, the most specific value in any |
|
|
|
// For criteria that allow ranges or wildcards, the most specific value in any |
|
|
|
// of the configured filter chains that matches the incoming connection is going |
|
|
|
// of the configured filter chains that matches the incoming connection is going |
|
|
@ -89,7 +92,7 @@ message Filter { |
|
|
|
// listed at the end, because that's how we want to list them in the docs. |
|
|
|
// listed at the end, because that's how we want to list them in the docs. |
|
|
|
// |
|
|
|
// |
|
|
|
// [#comment:TODO(PiotrSikora): Add support for configurable precedence of the rules] |
|
|
|
// [#comment:TODO(PiotrSikora): Add support for configurable precedence of the rules] |
|
|
|
// [#next-free-field: 13] |
|
|
|
// [#next-free-field: 14] |
|
|
|
message FilterChainMatch { |
|
|
|
message FilterChainMatch { |
|
|
|
option (udpa.annotations.versioning).previous_message_type = |
|
|
|
option (udpa.annotations.versioning).previous_message_type = |
|
|
|
"envoy.config.listener.v3.FilterChainMatch"; |
|
|
|
"envoy.config.listener.v3.FilterChainMatch"; |
|
|
@ -123,6 +126,11 @@ message FilterChainMatch { |
|
|
|
// [#not-implemented-hide:] |
|
|
|
// [#not-implemented-hide:] |
|
|
|
google.protobuf.UInt32Value suffix_len = 5; |
|
|
|
google.protobuf.UInt32Value suffix_len = 5; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// The criteria is satisfied if the directly connected source IP address of the downstream |
|
|
|
|
|
|
|
// connection is contained in at least one of the specified subnets. If the parameter is not |
|
|
|
|
|
|
|
// specified or the list is empty, the directly connected source IP address is ignored. |
|
|
|
|
|
|
|
repeated core.v4alpha.CidrRange direct_source_prefix_ranges = 13; |
|
|
|
|
|
|
|
|
|
|
|
// Specifies the connection source IP match type. Can be any, local or external network. |
|
|
|
// Specifies the connection source IP match type. Can be any, local or external network. |
|
|
|
ConnectionSourceType source_type = 12 [(validate.rules).enum = {defined_only: true}]; |
|
|
|
ConnectionSourceType source_type = 12 [(validate.rules).enum = {defined_only: true}]; |
|
|
|
|
|
|
|
|
|
|
|