Adding direct connect support. (#21942)
Creates a transport socket for HTP/1.1 proxy support. With the combination of the transport socket, and a filter putting the proxy stream info in place this will redirect TCP connections to the proxy IP address prefix TLS connections with cleartext CONECT headers to the destination host, and strip CONNECT response change cleartext HTTP/1.1 to send fully qualified URLs Risk Level: medium (intended as a no op but it does have data plane refactory) Testing: new unit, integration tests Docs Changes: n/a Part of envoyproxy/envoy-mobile#1622 Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Mirrored from https://github.com/envoyproxy/envoy @ 095f4ca336d3d705e629b207fb2cbbc22d29db8fpull/626/head
parent
550d48b46f
commit
c460ae3d26
4 changed files with 50 additions and 0 deletions
@ -0,0 +1,12 @@ |
|||||||
|
# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py. |
||||||
|
|
||||||
|
load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") |
||||||
|
|
||||||
|
licenses(["notice"]) # Apache 2 |
||||||
|
|
||||||
|
api_proto_package( |
||||||
|
deps = [ |
||||||
|
"//envoy/config/core/v3:pkg", |
||||||
|
"@com_github_cncf_udpa//udpa/annotations:pkg", |
||||||
|
], |
||||||
|
) |
@ -0,0 +1,36 @@ |
|||||||
|
syntax = "proto3"; |
||||||
|
|
||||||
|
package envoy.extensions.transport_sockets.http_11_proxy.v3; |
||||||
|
|
||||||
|
import "envoy/config/core/v3/base.proto"; |
||||||
|
|
||||||
|
import "udpa/annotations/status.proto"; |
||||||
|
import "validate/validate.proto"; |
||||||
|
|
||||||
|
option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.http_11_proxy.v3"; |
||||||
|
option java_outer_classname = "UpstreamHttp11ConnectProto"; |
||||||
|
option java_multiple_files = true; |
||||||
|
option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/http_11_proxy/v3;http_11_proxyv3"; |
||||||
|
option (udpa.annotations.file_status).package_version_status = ACTIVE; |
||||||
|
|
||||||
|
// [#protodoc-title: Upstream HTTP/1.1 Proxy] |
||||||
|
// [#extension: envoy.transport_sockets.http_11_proxy] |
||||||
|
|
||||||
|
// Configuration for HTTP/1.1 proxy transport sockets. |
||||||
|
// This is intended for use in Envoy Mobile, though may eventually be extended |
||||||
|
// for upstream Envoy use. |
||||||
|
// If this transport socket is configured, and an intermediate filter adds the |
||||||
|
// stream info necessary for proxying to the stream info (as the test filter |
||||||
|
// does :repo:`here <test/integration/filters/header_to_proxy_filter.cc>`) then |
||||||
|
// |
||||||
|
// * Upstream connections will be directed to the specified proxy address rather |
||||||
|
// than the host's address |
||||||
|
// * Upstream TLS connections will have a raw HTTP/1.1 CONNECT header prefaced |
||||||
|
// to the payload, and 200 response stripped (if less than 200 bytes) |
||||||
|
// * Plaintext HTTP/1.1 connections will be sent with a fully qualified URL. |
||||||
|
// |
||||||
|
// This transport socket is not compatible with HTTP/3, plaintext HTTP/2, or raw TCP. |
||||||
|
message Http11ProxyUpstreamTransport { |
||||||
|
// The underlying transport socket being wrapped. |
||||||
|
config.core.v3.TransportSocket transport_socket = 1 [(validate.rules).message = {required: true}]; |
||||||
|
} |
Loading…
Reference in new issue