From bb44774f9db1f0ef95edfcec0391213fb6e2c232 Mon Sep 17 00:00:00 2001 From: "data-plane-api(Azure Pipelines)" Date: Mon, 14 Jun 2021 18:41:17 +0000 Subject: [PATCH] dns_filter: Use a trie for determining a known domain (#16862) Signed-off-by: abaptiste Mirrored from https://github.com/envoyproxy/envoy @ 78ccd005a629ba99fee489411e223472c4a34666 --- envoy/data/dns/v3/BUILD | 1 + envoy/data/dns/v3/dns_table.proto | 8 +++++++- envoy/data/dns/v4alpha/BUILD | 1 - envoy/data/dns/v4alpha/dns_table.proto | 11 ++++------- 4 files changed, 12 insertions(+), 9 deletions(-) diff --git a/envoy/data/dns/v3/BUILD b/envoy/data/dns/v3/BUILD index 24703c78..372e9d4d 100644 --- a/envoy/data/dns/v3/BUILD +++ b/envoy/data/dns/v3/BUILD @@ -6,6 +6,7 @@ licenses(["notice"]) # Apache 2 api_proto_package( deps = [ + "//envoy/annotations:pkg", "//envoy/data/dns/v2alpha:pkg", "//envoy/type/matcher/v3:pkg", "@com_github_cncf_udpa//udpa/annotations:pkg", diff --git a/envoy/data/dns/v3/dns_table.proto b/envoy/data/dns/v3/dns_table.proto index 4398403b..5cc04440 100644 --- a/envoy/data/dns/v3/dns_table.proto +++ b/envoy/data/dns/v3/dns_table.proto @@ -6,6 +6,7 @@ import "envoy/type/matcher/v3/string.proto"; import "google/protobuf/duration.proto"; +import "envoy/annotations/deprecation.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; import "validate/validate.proto"; @@ -143,8 +144,13 @@ message DnsTable { // list empty, Envoy will forward all queries to external resolvers repeated DnsVirtualDomain virtual_domains = 2; + // This field is deprecated and no longer used in Envoy. The filter's behavior has changed + // internally to use a different data structure allowing the filter to determine whether a + // query is for known domain without the use of this field. + // // This field serves to help Envoy determine whether it can authoritatively answer a query // for a name matching a suffix in this list. If the query name does not match a suffix in // this list, Envoy will forward the query to an upstream DNS server - repeated type.matcher.v3.StringMatcher known_suffixes = 3; + repeated type.matcher.v3.StringMatcher known_suffixes = 3 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; } diff --git a/envoy/data/dns/v4alpha/BUILD b/envoy/data/dns/v4alpha/BUILD index 4c5278c0..e32ed76c 100644 --- a/envoy/data/dns/v4alpha/BUILD +++ b/envoy/data/dns/v4alpha/BUILD @@ -7,7 +7,6 @@ licenses(["notice"]) # Apache 2 api_proto_package( deps = [ "//envoy/data/dns/v3:pkg", - "//envoy/type/matcher/v4alpha:pkg", "@com_github_cncf_udpa//udpa/annotations:pkg", ], ) diff --git a/envoy/data/dns/v4alpha/dns_table.proto b/envoy/data/dns/v4alpha/dns_table.proto index f142cfa7..4f8626ed 100644 --- a/envoy/data/dns/v4alpha/dns_table.proto +++ b/envoy/data/dns/v4alpha/dns_table.proto @@ -2,8 +2,6 @@ syntax = "proto3"; package envoy.data.dns.v4alpha; -import "envoy/type/matcher/v4alpha/string.proto"; - import "google/protobuf/duration.proto"; import "udpa/annotations/status.proto"; @@ -148,15 +146,14 @@ message DnsTable { google.protobuf.Duration answer_ttl = 3 [(validate.rules).duration = {gte {seconds: 30}}]; } + reserved 3; + + reserved "known_suffixes"; + // Control how many times Envoy makes an attempt to forward a query to an external DNS server uint32 external_retry_count = 1 [(validate.rules).uint32 = {lte: 3}]; // Fully qualified domain names for which Envoy will respond to DNS queries. By leaving this // list empty, Envoy will forward all queries to external resolvers repeated DnsVirtualDomain virtual_domains = 2; - - // This field serves to help Envoy determine whether it can authoritatively answer a query - // for a name matching a suffix in this list. If the query name does not match a suffix in - // this list, Envoy will forward the query to an upstream DNS server - repeated type.matcher.v4alpha.StringMatcher known_suffixes = 3; }