dns_filter: Use a trie for determining a known domain (#16862)

Signed-off-by: abaptiste <abaptiste@users.noreply.github.com> Mirrored from https://github.com/envoyproxy/envoy @ 78ccd005a629ba99fee489411e223472c4a34666
3 years ago · bb44774f9d
parent 63192a4ab7
commit bb44774f9d
4 changed files with 12 additions and 9 deletions
--- a/envoy/data/dns/v3/BUILD
+++ b/envoy/data/dns/v3/BUILD
@ -6,6 +6,7 @@ licenses(["notice"])  # Apache 2

 api_proto_package(
    deps = [
+        "//envoy/annotations:pkg",
        "//envoy/data/dns/v2alpha:pkg",
        "//envoy/type/matcher/v3:pkg",
        "@com_github_cncf_udpa//udpa/annotations:pkg",
--- a/envoy/data/dns/v3/dns_table.proto
+++ b/envoy/data/dns/v3/dns_table.proto
@ -6,6 +6,7 @@ import "envoy/type/matcher/v3/string.proto";

 import "google/protobuf/duration.proto";

+import "envoy/annotations/deprecation.proto";
 import "udpa/annotations/status.proto";
 import "udpa/annotations/versioning.proto";
 import "validate/validate.proto";
@ -143,8 +144,13 @@ message DnsTable {
  // list empty, Envoy will forward all queries to external resolvers
  repeated DnsVirtualDomain virtual_domains = 2;

+  // This field is deprecated and no longer used in Envoy. The filter's behavior has changed
+  // internally to use a different data structure allowing the filter to determine whether a
+  // query is for known domain without the use of this field.
+  //
  // This field serves to help Envoy determine whether it can authoritatively answer a query
  // for a name matching a suffix in this list. If the query name does not match a suffix in
  // this list, Envoy will forward the query to an upstream DNS server
-  repeated type.matcher.v3.StringMatcher known_suffixes = 3;
+  repeated type.matcher.v3.StringMatcher known_suffixes = 3
+      [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
 }
--- a/envoy/data/dns/v4alpha/BUILD
+++ b/envoy/data/dns/v4alpha/BUILD
@ -7,7 +7,6 @@ licenses(["notice"])  # Apache 2
 api_proto_package(
    deps = [
        "//envoy/data/dns/v3:pkg",
-        "//envoy/type/matcher/v4alpha:pkg",
        "@com_github_cncf_udpa//udpa/annotations:pkg",
    ],
 )
--- a/envoy/data/dns/v4alpha/dns_table.proto
+++ b/envoy/data/dns/v4alpha/dns_table.proto
@ -2,8 +2,6 @@ syntax = "proto3";

 package envoy.data.dns.v4alpha;

-import "envoy/type/matcher/v4alpha/string.proto";
-
 import "google/protobuf/duration.proto";

 import "udpa/annotations/status.proto";
@ -148,15 +146,14 @@ message DnsTable {
    google.protobuf.Duration answer_ttl = 3 [(validate.rules).duration = {gte {seconds: 30}}];
  }

+  reserved 3;
+
+  reserved "known_suffixes";
+
  // Control how many times Envoy makes an attempt to forward a query to an external DNS server
  uint32 external_retry_count = 1 [(validate.rules).uint32 = {lte: 3}];

  // Fully qualified domain names for which Envoy will respond to DNS queries. By leaving this
  // list empty, Envoy will forward all queries to external resolvers
  repeated DnsVirtualDomain virtual_domains = 2;
-
-  // This field serves to help Envoy determine whether it can authoritatively answer a query
-  // for a name matching a suffix in this list. If the query name does not match a suffix in
-  // this list, Envoy will forward the query to an upstream DNS server
-  repeated type.matcher.v4alpha.StringMatcher known_suffixes = 3;
 }