Chiebot-Mirror
/
data-plane-api
mirror of https://github.com/envoyproxy/data-plane-api.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

listener: add support for multiple filter chains. (#3217)

Browse Source 
* listener: add support for multiple filter chains.

*Risk Level*: Medium
*Testing*: bazel test //test/...
*Docs Changes*: Added
*Release Notes*: Added

Fixes #1843.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>

Mirrored from https://github.com/envoyproxy/envoy @ 93780c1663a89c596e46a43ff17cffc25bb00b18
pull/620/head
data-plane-api(CircleCI) 7 years ago
parent 34f853253a
commit ba9086de65
2 changed files with 37 additions and 13 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 11
      envoy/api/v2/lds.proto
  2. 39
      envoy/api/v2/listener/listener.proto

11
envoy/api/v2/lds.proto
Unescape View File

@ -55,15 +55,8 @@ message Listener {
// :ref:`FilterChainMatch <envoy_api_msg_listener.FilterChainMatch>` criteria is used on a
// connection.
//
// .. attention::
//
// In the current version, multiple filter chains are supported **only** so that SNI can be
// configured. See the :ref:`FAQ entry <faq_how_to_setup_sni>` on how to configure SNI for more
// information. When multiple filter chains are configured, each filter chain must have an
// **identical** set of :ref:`filters <envoy_api_field_listener.FilterChain.filters>`. If the
// filters differ, the configuration will fail to load. In the future, this limitation will be
// relaxed such that different filters can be used depending on which filter chain matches
// (based on SNI or some other parameter).
// Example using SNI for filter chain selection can be found in the
// :ref:`FAQ entry <faq_how_to_setup_sni>`.
repeated listener.FilterChain filter_chains = 3
[(validate.rules).repeated .min_items = 1, (gogoproto.nullable) = false];

39
envoy/api/v2/listener/listener.proto
Unescape View File

@ -47,12 +47,32 @@ message Filter {
// Specifies the match criteria for selecting a specific filter chain for a
// listener.
//
// In order for a filter chain to be selected, *ALL* of its criteria must be
// fulfilled by the incoming connection, properties of which are set by the
// networking stack and/or listener filters.
//
// The following order applies:
//
// [#comment:TODO(PiotrSikora): destination IP / ranges are going to be 1.]
// 1. Server name (e.g. SNI for TLS protocol),
// 2. Transport protocol.
// [#comment:TODO(PiotrSikora): application protocols are going to be 4.]
//
// For criterias that allow ranges or wildcards, the most specific value in any
// of the configured filter chains that matches the incoming connection is going
// to be used (e.g. for SNI ``www.example.com`` the most specific match would be
// ``www.example.com``, then ``*.example.com``, then any filter chain without
// ``sni_domains`` requirements).
//
// [#comment:TODO(PiotrSikora): Add support for configurable precedence of the rules]
message FilterChainMatch {
// If non-empty, the SNI domain names to consider. May contain a wildcard prefix for
// the bottom-level domain of a domain name, e.g. ``*.example.com``. Note that
// ``foo.example.com`` will be matched by ``foo.example.com`` and ``*.example.com``
// SNI domain names, but **not** by ``*foo.example.com``, ``*oo.example.com``,
// ``*example.com``, ``*.com`` or ``*``.
// the bottom-level domain of a domain name, e.g. ``*.example.com``.
//
// Note that ``foo.example.com`` will be matched by ``foo.example.com``
// and ``*.example.com`` SNI domain names, but **not** by ``*foo.example.com``,
// ``*oo.example.com``, ``*example.com``, ``*.com`` or ``*``.
//
// .. attention::
//
@ -90,6 +110,17 @@ message FilterChainMatch {
// listener in determining a filter chain match.
// [#not-implemented-hide:]
google.protobuf.UInt32Value destination_port = 8;
// If non-empty, a transport protocol to consider when determining a filter chain match.
// This value will be compared against the transport protocol of a new connection, when
// it's detected by one of the listener filters (this needs to be configured separately).
//
// Valid values include:
//
// * ``raw_buffer`` - default, used when no transport protocol is detected,
// * ``tls`` - set by :ref:`envoy.listener.tls_inspector <config_listener_filters_tls_inspector>`
// when TLS protocol is detected.
string transport_protocol = 9;
}
// A filter chain wraps a set of match criteria, an option TLS context, a set of filters, and

Write Preview
Loading…
Cancel
Save