dns_filter: Initial commit for dns_filter skeleton (#10376)
This commit is this base structure and api definition for the DNS filter. The code itself takes no action on packets. Tests will be added later. Signed-off-by: Alvin Baptiste <alvinsb@gmail.com> Mirrored from https://github.com/envoyproxy/envoy @ b3949eaf2080809b8a3a6cf720eba2cfdf864472master-ci-test
data-plane-api(CircleCI)
5 years ago
parent
d2cbe1240c
commit
c163a62b6a
10 changed files with 317 additions and 0 deletions
@ -0,0 +1,13 @@ |
||||
# DO NOT EDIT. This file is generated by tools/proto_sync.py. |
||||
|
||||
load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") |
||||
|
||||
licenses(["notice"]) # Apache 2 |
||||
|
||||
api_proto_package( |
||||
deps = [ |
||||
"//envoy/api/v2/core:pkg", |
||||
"//envoy/data/dns/v2alpha:pkg", |
||||
"@com_github_cncf_udpa//udpa/annotations:pkg", |
||||
], |
||||
) |
||||
@ -0,0 +1,48 @@ |
||||
syntax = "proto3"; |
||||
|
||||
package envoy.config.filter.udp.dns_filter.v2alpha; |
||||
|
||||
import "envoy/api/v2/core/base.proto"; |
||||
import "envoy/data/dns/v2alpha/dns_table.proto"; |
||||
|
||||
import "udpa/annotations/migrate.proto"; |
||||
import "udpa/annotations/status.proto"; |
||||
import "validate/validate.proto"; |
||||
|
||||
option java_package = "io.envoyproxy.envoy.config.filter.udp.dns_filter.v2alpha"; |
||||
option java_outer_classname = "DnsFilterProto"; |
||||
option java_multiple_files = true; |
||||
option (udpa.annotations.file_migrate).move_to_package = |
||||
"envoy.extensions.filter.udp.dns_filter.v3alpha"; |
||||
option (udpa.annotations.file_status).work_in_progress = true; |
||||
option (udpa.annotations.file_status).package_version_status = ACTIVE; |
||||
|
||||
// [#protodoc-title: DNS Filter] |
||||
// DNS Filter :ref:`configuration overview <config_udp_listener_filters_dns_filter>`. |
||||
// [#extension: envoy.filters.udp_listener.dns_filter] |
||||
|
||||
// Configuration for the DNS filter. |
||||
message DnsFilterConfig { |
||||
// This message contains the configuration for the Dns Filter operating |
||||
// in a server context. This message will contain the virtual hosts and |
||||
// associated addresses with which Envoy will respond to queries |
||||
message ServerContextConfig { |
||||
oneof config_source { |
||||
option (validate.required) = true; |
||||
|
||||
// Load the configuration specified from the control plane |
||||
data.dns.v2alpha.DnsTable inline_dns_table = 1; |
||||
|
||||
// Seed the filter configuration from an external path. This source |
||||
// is a yaml formatted file that contains the DnsTable driving Envoy's |
||||
// responses to DNS queries |
||||
api.v2.core.DataSource external_dns_table = 2; |
||||
} |
||||
} |
||||
|
||||
// The stat prefix used when emitting DNS filter statistics |
||||
string stat_prefix = 1 [(validate.rules).string = {min_len: 1}]; |
||||
|
||||
// Server context configuration |
||||
ServerContextConfig server_config = 2; |
||||
} |
||||
@ -0,0 +1,12 @@ |
||||
# DO NOT EDIT. This file is generated by tools/proto_sync.py. |
||||
|
||||
load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") |
||||
|
||||
licenses(["notice"]) # Apache 2 |
||||
|
||||
api_proto_package( |
||||
deps = [ |
||||
"//envoy/type/matcher:pkg", |
||||
"@com_github_cncf_udpa//udpa/annotations:pkg", |
||||
], |
||||
) |
||||
@ -0,0 +1,74 @@ |
||||
syntax = "proto3"; |
||||
|
||||
package envoy.data.dns.v2alpha; |
||||
|
||||
import "envoy/type/matcher/string.proto"; |
||||
|
||||
import "google/protobuf/duration.proto"; |
||||
|
||||
import "udpa/annotations/status.proto"; |
||||
import "validate/validate.proto"; |
||||
|
||||
option java_package = "io.envoyproxy.envoy.data.dns.v2alpha"; |
||||
option java_outer_classname = "DnsTableProto"; |
||||
option java_multiple_files = true; |
||||
option (udpa.annotations.file_status).work_in_progress = true; |
||||
option (udpa.annotations.file_status).package_version_status = ACTIVE; |
||||
|
||||
// [#protodoc-title: DNS Filter Table Data] |
||||
// :ref:`DNS Filter config overview <config_udp_listener_filters_dns_filter>`. |
||||
|
||||
// This message contains the configuration for the DNS Filter if populated |
||||
// from the control plane |
||||
message DnsTable { |
||||
// This message contains a list of IP addresses returned for a query for a known name |
||||
message AddressList { |
||||
// This field contains a well formed IP address that is returned |
||||
// in the answer for a name query. The address field can be an |
||||
// IPv4 or IPv6 address. Address family detection is done automatically |
||||
// when Envoy parses the string. Since this field is repeated, |
||||
// Envoy will return one randomly chosen entry from this list in the |
||||
// DNS response. The random index will vary per query so that we prevent |
||||
// clients pinning on a single address for a configured domain |
||||
repeated string address = 1 [(validate.rules).repeated = { |
||||
min_items: 1 |
||||
items {string {min_len: 3}} |
||||
}]; |
||||
} |
||||
|
||||
// This message type is extensible and can contain a list of addresses |
||||
// or dictate some other method for resolving the addresses for an |
||||
// endpoint |
||||
message DnsEndpoint { |
||||
oneof endpoint_config { |
||||
option (validate.required) = true; |
||||
|
||||
AddressList address_list = 1; |
||||
} |
||||
} |
||||
|
||||
message DnsVirtualDomain { |
||||
// The domain name for which Envoy will respond to query requests |
||||
string name = 1 [(validate.rules).string = {min_len: 2 well_known_regex: HTTP_HEADER_NAME}]; |
||||
|
||||
// The configuration containing the method to determine the address |
||||
// of this endpoint |
||||
DnsEndpoint endpoint = 2; |
||||
|
||||
// Sets the TTL in dns answers from Envoy returned to the client |
||||
google.protobuf.Duration answer_ttl = 3 [(validate.rules).duration = {gt {}}]; |
||||
} |
||||
|
||||
// Control how many times envoy makes an attempt to forward a query to |
||||
// an external server |
||||
uint32 external_retry_count = 1; |
||||
|
||||
// Fully qualified domain names for which Envoy will respond to queries |
||||
repeated DnsVirtualDomain virtual_domains = 2 [(validate.rules).repeated = {min_items: 1}]; |
||||
|
||||
// This field serves to help Envoy determine whether it can authoritatively |
||||
// answer a query for a name matching a suffix in this list. If the query |
||||
// name does not match a suffix in this list, Envoy will forward |
||||
// the query to an upstream DNS server |
||||
repeated type.matcher.StringMatcher known_suffixes = 3; |
||||
} |
||||
@ -0,0 +1,13 @@ |
||||
# DO NOT EDIT. This file is generated by tools/proto_sync.py. |
||||
|
||||
load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") |
||||
|
||||
licenses(["notice"]) # Apache 2 |
||||
|
||||
api_proto_package( |
||||
deps = [ |
||||
"//envoy/data/dns/v2alpha:pkg", |
||||
"//envoy/type/matcher/v3:pkg", |
||||
"@com_github_cncf_udpa//udpa/annotations:pkg", |
||||
], |
||||
) |
||||
@ -0,0 +1,85 @@ |
||||
syntax = "proto3"; |
||||
|
||||
package envoy.data.dns.v3; |
||||
|
||||
import "envoy/type/matcher/v3/string.proto"; |
||||
|
||||
import "google/protobuf/duration.proto"; |
||||
|
||||
import "udpa/annotations/status.proto"; |
||||
import "udpa/annotations/versioning.proto"; |
||||
import "validate/validate.proto"; |
||||
|
||||
option java_package = "io.envoyproxy.envoy.data.dns.v3"; |
||||
option java_outer_classname = "DnsTableProto"; |
||||
option java_multiple_files = true; |
||||
option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; |
||||
|
||||
// [#protodoc-title: DNS Filter Table Data] |
||||
// :ref:`DNS Filter config overview <config_udp_listener_filters_dns_filter>`. |
||||
|
||||
// This message contains the configuration for the DNS Filter if populated |
||||
// from the control plane |
||||
message DnsTable { |
||||
option (udpa.annotations.versioning).previous_message_type = "envoy.data.dns.v2alpha.DnsTable"; |
||||
|
||||
// This message contains a list of IP addresses returned for a query for a known name |
||||
message AddressList { |
||||
option (udpa.annotations.versioning).previous_message_type = |
||||
"envoy.data.dns.v2alpha.DnsTable.AddressList"; |
||||
|
||||
// This field contains a well formed IP address that is returned |
||||
// in the answer for a name query. The address field can be an |
||||
// IPv4 or IPv6 address. Address family detection is done automatically |
||||
// when Envoy parses the string. Since this field is repeated, |
||||
// Envoy will return one randomly chosen entry from this list in the |
||||
// DNS response. The random index will vary per query so that we prevent |
||||
// clients pinning on a single address for a configured domain |
||||
repeated string address = 1 [(validate.rules).repeated = { |
||||
min_items: 1 |
||||
items {string {min_len: 3}} |
||||
}]; |
||||
} |
||||
|
||||
// This message type is extensible and can contain a list of addresses |
||||
// or dictate some other method for resolving the addresses for an |
||||
// endpoint |
||||
message DnsEndpoint { |
||||
option (udpa.annotations.versioning).previous_message_type = |
||||
"envoy.data.dns.v2alpha.DnsTable.DnsEndpoint"; |
||||
|
||||
oneof endpoint_config { |
||||
option (validate.required) = true; |
||||
|
||||
AddressList address_list = 1; |
||||
} |
||||
} |
||||
|
||||
message DnsVirtualDomain { |
||||
option (udpa.annotations.versioning).previous_message_type = |
||||
"envoy.data.dns.v2alpha.DnsTable.DnsVirtualDomain"; |
||||
|
||||
// The domain name for which Envoy will respond to query requests |
||||
string name = 1 [(validate.rules).string = {min_len: 2 well_known_regex: HTTP_HEADER_NAME}]; |
||||
|
||||
// The configuration containing the method to determine the address |
||||
// of this endpoint |
||||
DnsEndpoint endpoint = 2; |
||||
|
||||
// Sets the TTL in dns answers from Envoy returned to the client |
||||
google.protobuf.Duration answer_ttl = 3 [(validate.rules).duration = {gt {}}]; |
||||
} |
||||
|
||||
// Control how many times envoy makes an attempt to forward a query to |
||||
// an external server |
||||
uint32 external_retry_count = 1; |
||||
|
||||
// Fully qualified domain names for which Envoy will respond to queries |
||||
repeated DnsVirtualDomain virtual_domains = 2 [(validate.rules).repeated = {min_items: 1}]; |
||||
|
||||
// This field serves to help Envoy determine whether it can authoritatively |
||||
// answer a query for a name matching a suffix in this list. If the query |
||||
// name does not match a suffix in this list, Envoy will forward |
||||
// the query to an upstream DNS server |
||||
repeated type.matcher.v3.StringMatcher known_suffixes = 3; |
||||
} |
||||
@ -0,0 +1,14 @@ |
||||
# DO NOT EDIT. This file is generated by tools/proto_sync.py. |
||||
|
||||
load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") |
||||
|
||||
licenses(["notice"]) # Apache 2 |
||||
|
||||
api_proto_package( |
||||
deps = [ |
||||
"//envoy/config/core/v3:pkg", |
||||
"//envoy/config/filter/udp/dns_filter/v2alpha:pkg", |
||||
"//envoy/data/dns/v3:pkg", |
||||
"@com_github_cncf_udpa//udpa/annotations:pkg", |
||||
], |
||||
) |
||||
@ -0,0 +1,52 @@ |
||||
syntax = "proto3"; |
||||
|
||||
package envoy.extensions.filter.udp.dns_filter.v3alpha; |
||||
|
||||
import "envoy/config/core/v3/base.proto"; |
||||
import "envoy/data/dns/v3/dns_table.proto"; |
||||
|
||||
import "udpa/annotations/status.proto"; |
||||
import "udpa/annotations/versioning.proto"; |
||||
import "validate/validate.proto"; |
||||
|
||||
option java_package = "io.envoyproxy.envoy.extensions.filter.udp.dns_filter.v3alpha"; |
||||
option java_outer_classname = "DnsFilterProto"; |
||||
option java_multiple_files = true; |
||||
option (udpa.annotations.file_status).work_in_progress = true; |
||||
option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; |
||||
|
||||
// [#protodoc-title: DNS Filter] |
||||
// DNS Filter :ref:`configuration overview <config_udp_listener_filters_dns_filter>`. |
||||
// [#extension: envoy.filters.udp_listener.dns_filter] |
||||
|
||||
// Configuration for the DNS filter. |
||||
message DnsFilterConfig { |
||||
option (udpa.annotations.versioning).previous_message_type = |
||||
"envoy.config.filter.udp.dns_filter.v2alpha.DnsFilterConfig"; |
||||
|
||||
// This message contains the configuration for the Dns Filter operating |
||||
// in a server context. This message will contain the virtual hosts and |
||||
// associated addresses with which Envoy will respond to queries |
||||
message ServerContextConfig { |
||||
option (udpa.annotations.versioning).previous_message_type = |
||||
"envoy.config.filter.udp.dns_filter.v2alpha.DnsFilterConfig.ServerContextConfig"; |
||||
|
||||
oneof config_source { |
||||
option (validate.required) = true; |
||||
|
||||
// Load the configuration specified from the control plane |
||||
data.dns.v3.DnsTable inline_dns_table = 1; |
||||
|
||||
// Seed the filter configuration from an external path. This source |
||||
// is a yaml formatted file that contains the DnsTable driving Envoy's |
||||
// responses to DNS queries |
||||
config.core.v3.DataSource external_dns_table = 2; |
||||
} |
||||
} |
||||
|
||||
// The stat prefix used when emitting DNS filter statistics |
||||
string stat_prefix = 1 [(validate.rules).string = {min_len: 1}]; |
||||
|
||||
// Server context configuration |
||||
ServerContextConfig server_config = 2; |
||||
} |
||||
Loading…
Reference in new issue