dns_filter: Add request parsing (#10697)

This change adds DNS Request Parsing to the DNS filter. The filter will parse and decode DNS requests for A and AAAA records. Tests simply validate that the filter can consume queries. Signed-off-by: Alvin Baptiste <alvinsb@gmail.com> Mirrored from https://github.com/envoyproxy/envoy @ 54cd4d49e895befb8ecb10ebb14585cd8fc71ee7
5 years ago · df4157e2f9
parent 594536496f
commit df4157e2f9
6 changed files with 31 additions and 77 deletions
--- a/3
+++ b/3
@ -81,7 +81,6 @@ proto_library(
        "//envoy/config/filter/network/zookeeper_proxy/v1alpha1:pkg",
        "//envoy/config/filter/thrift/rate_limit/v2alpha1:pkg",
        "//envoy/config/filter/thrift/router/v2alpha1:pkg",
-        "//envoy/config/filter/udp/dns_filter/v2alpha:pkg",
        "//envoy/config/filter/udp/udp_proxy/v2alpha:pkg",
        "//envoy/config/grpc_credential/v2alpha:pkg",
        "//envoy/config/health_checker/redis/v2:pkg",
@ -162,7 +161,6 @@ proto_library(
        "//envoy/extensions/common/dynamic_forward_proxy/v3:pkg",
        "//envoy/extensions/common/ratelimit/v3:pkg",
        "//envoy/extensions/common/tap/v3:pkg",
-        "//envoy/extensions/filter/udp/dns_filter/v3alpha:pkg",
        "//envoy/extensions/filters/common/fault/v3:pkg",
        "//envoy/extensions/filters/http/adaptive_concurrency/v3:pkg",
        "//envoy/extensions/filters/http/aws_lambda/v3:pkg",
@ -221,6 +219,7 @@ proto_library(
        "//envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v3:pkg",
        "//envoy/extensions/filters/network/thrift_proxy/v3:pkg",
        "//envoy/extensions/filters/network/zookeeper_proxy/v3:pkg",
+        "//envoy/extensions/filters/udp/dns_filter/v3alpha:pkg",
        "//envoy/extensions/retry/host/omit_host_metadata/v3:pkg",
        "//envoy/extensions/retry/priority/previous_priorities/v3:pkg",
        "//envoy/extensions/transport_sockets/alts/v3:pkg",
--- a/envoy/config/filter/udp/dns_filter/v2alpha/BUILD
+++ b/envoy/config/filter/udp/dns_filter/v2alpha/BUILD
@ -1,13 +0,0 @@
-# DO NOT EDIT. This file is generated by tools/proto_sync.py.
-
-load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
-
-licenses(["notice"])  # Apache 2
-
-api_proto_package(
-    deps = [
-        "//envoy/api/v2/core:pkg",
-        "//envoy/data/dns/v2alpha:pkg",
-        "@com_github_cncf_udpa//udpa/annotations:pkg",
-    ],
-)
--- a/envoy/config/filter/udp/dns_filter/v2alpha/dns_filter.proto
+++ b/envoy/config/filter/udp/dns_filter/v2alpha/dns_filter.proto
@ -1,48 +0,0 @@
-syntax = "proto3";
-
-package envoy.config.filter.udp.dns_filter.v2alpha;
-
-import "envoy/api/v2/core/base.proto";
-import "envoy/data/dns/v2alpha/dns_table.proto";
-
-import "udpa/annotations/migrate.proto";
-import "udpa/annotations/status.proto";
-import "validate/validate.proto";
-
-option java_package = "io.envoyproxy.envoy.config.filter.udp.dns_filter.v2alpha";
-option java_outer_classname = "DnsFilterProto";
-option java_multiple_files = true;
-option (udpa.annotations.file_migrate).move_to_package =
-    "envoy.extensions.filter.udp.dns_filter.v3alpha";
-option (udpa.annotations.file_status).work_in_progress = true;
-option (udpa.annotations.file_status).package_version_status = FROZEN;
-
-// [#protodoc-title: DNS Filter]
-// DNS Filter :ref:`configuration overview <config_udp_listener_filters_dns_filter>`.
-// [#extension: envoy.filters.udp_listener.dns_filter]
-
-// Configuration for the DNS filter.
-message DnsFilterConfig {
-  // This message contains the configuration for the Dns Filter operating
-  // in a server context. This message will contain the virtual hosts and
-  // associated addresses with which Envoy will respond to queries
-  message ServerContextConfig {
-    oneof config_source {
-      option (validate.required) = true;
-
-      // Load the configuration specified from the control plane
-      data.dns.v2alpha.DnsTable inline_dns_table = 1;
-
-      // Seed the filter configuration from an external path. This source
-      // is a yaml formatted file that contains the DnsTable driving Envoy's
-      // responses to DNS queries
-      api.v2.core.DataSource external_dns_table = 2;
-    }
-  }
-
-  // The stat prefix used when emitting DNS filter statistics
-  string stat_prefix = 1 [(validate.rules).string = {min_len: 1}];
-
-  // Server context configuration
-  ServerContextConfig server_config = 2;
-}
--- a/envoy/extensions/filters/udp/dns_filter/v3alpha/BUILD
+++ b/envoy/extensions/filters/udp/dns_filter/v3alpha/BUILD
@ -7,7 +7,6 @@ licenses(["notice"])  # Apache 2
 api_proto_package(
    deps = [
        "//envoy/config/core/v3:pkg",
-        "//envoy/config/filter/udp/dns_filter/v2alpha:pkg",
        "//envoy/data/dns/v3:pkg",
        "@com_github_cncf_udpa//udpa/annotations:pkg",
    ],
--- a/envoy/extensions/filters/udp/dns_filter/v3alpha/dns_filter.proto
+++ b/envoy/extensions/filters/udp/dns_filter/v3alpha/dns_filter.proto
@ -1,15 +1,16 @@
 syntax = "proto3";

-package envoy.extensions.filter.udp.dns_filter.v3alpha;
+package envoy.extensions.filters.udp.dns_filter.v3alpha;

 import "envoy/config/core/v3/base.proto";
 import "envoy/data/dns/v3/dns_table.proto";

+import "google/protobuf/duration.proto";
+
 import "udpa/annotations/status.proto";
-import "udpa/annotations/versioning.proto";
 import "validate/validate.proto";

-option java_package = "io.envoyproxy.envoy.extensions.filter.udp.dns_filter.v3alpha";
+option java_package = "io.envoyproxy.envoy.extensions.filters.udp.dns_filter.v3alpha";
 option java_outer_classname = "DnsFilterProto";
 option java_multiple_files = true;
 option (udpa.annotations.file_status).work_in_progress = true;
@ -21,16 +22,10 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;

 // Configuration for the DNS filter.
 message DnsFilterConfig {
-  option (udpa.annotations.versioning).previous_message_type =
-      "envoy.config.filter.udp.dns_filter.v2alpha.DnsFilterConfig";
-
-  // This message contains the configuration for the Dns Filter operating
+  // This message contains the configuration for the DNS Filter operating
  // in a server context. This message will contain the virtual hosts and
  // associated addresses with which Envoy will respond to queries
  message ServerContextConfig {
-    option (udpa.annotations.versioning).previous_message_type =
-        "envoy.config.filter.udp.dns_filter.v2alpha.DnsFilterConfig.ServerContextConfig";
-
    oneof config_source {
      option (validate.required) = true;

@ -44,9 +39,32 @@ message DnsFilterConfig {
    }
  }

+  // This message contains the configuration for the DNS Filter operating
+  // in a client context. This message will contain the timeouts, retry,
+  // and forwarding configuration for Envoy to make DNS requests to other
+  // resolvers
+  message ClientContextConfig {
+    // Sets the maximum time we will wait for the upstream query to complete
+    // We allow 5s for the upstream resolution to complete, so the minimum
+    // value here is 5
+    google.protobuf.Duration resolver_timeout = 1 [(validate.rules).duration = {gte {seconds: 5}}];
+
+    // A list of DNS servers to which we can forward queries
+    repeated string upstream_resolvers = 2 [(validate.rules).repeated = {
+      min_items: 1
+      items {string {min_len: 3}}
+    }];
+  }
+
  // The stat prefix used when emitting DNS filter statistics
  string stat_prefix = 1 [(validate.rules).string = {min_len: 1}];

-  // Server context configuration
+  // Server context configuration contains the data that the filter uses to respond
+  // to DNS requests.
  ServerContextConfig server_config = 2;
+
+  // Client context configuration controls Envoy's behavior when it must use external
+  // resolvers to answer a query. This object is optional and if omitted instructs
+  // the filter to resolve queries from the data in the server_config
+  ClientContextConfig client_config = 3;
 }
--- a/versioning/BUILD
+++ b/versioning/BUILD
@ -44,7 +44,6 @@ proto_library(
        "//envoy/extensions/common/dynamic_forward_proxy/v3:pkg",
        "//envoy/extensions/common/ratelimit/v3:pkg",
        "//envoy/extensions/common/tap/v3:pkg",
-        "//envoy/extensions/filter/udp/dns_filter/v3alpha:pkg",
        "//envoy/extensions/filters/common/fault/v3:pkg",
        "//envoy/extensions/filters/http/adaptive_concurrency/v3:pkg",
        "//envoy/extensions/filters/http/aws_lambda/v3:pkg",
@ -103,6 +102,7 @@ proto_library(
        "//envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v3:pkg",
        "//envoy/extensions/filters/network/thrift_proxy/v3:pkg",
        "//envoy/extensions/filters/network/zookeeper_proxy/v3:pkg",
+        "//envoy/extensions/filters/udp/dns_filter/v3alpha:pkg",
        "//envoy/extensions/retry/host/omit_host_metadata/v3:pkg",
        "//envoy/extensions/retry/priority/previous_priorities/v3:pkg",
        "//envoy/extensions/transport_sockets/alts/v3:pkg",
@ -211,7 +211,6 @@ proto_library(
        "//envoy/config/filter/network/thrift_proxy/v2alpha1:pkg",
        "//envoy/config/filter/network/zookeeper_proxy/v1alpha1:pkg",
        "//envoy/config/filter/thrift/rate_limit/v2alpha1:pkg",
-        "//envoy/config/filter/udp/dns_filter/v2alpha:pkg",
        "//envoy/config/grpc_credential/v2alpha:pkg",
        "//envoy/config/listener/v2:pkg",
        "//envoy/config/metrics/v2:pkg",