From df4157e2f989dd2ccbed55d8c3e4357f79537658 Mon Sep 17 00:00:00 2001
From: "data-plane-api(CircleCI)" <data-plane-api@users.noreply.github.com>
Date: Fri, 1 May 2020 17:05:59 +0000
Subject: [PATCH] dns_filter: Add request parsing (#10697)

This change adds DNS Request Parsing to the DNS filter. The filter will parse and decode DNS requests for A and AAAA records. Tests simply validate that the filter can consume queries.

Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>

Mirrored from https://github.com/envoyproxy/envoy @ 54cd4d49e895befb8ecb10ebb14585cd8fc71ee7
---
 BUILD                                         |  3 +-
 .../filter/udp/dns_filter/v2alpha/BUILD       | 13 -----
 .../udp/dns_filter/v2alpha/dns_filter.proto   | 48 -------------------
 .../udp/dns_filter/v3alpha/BUILD              |  1 -
 .../udp/dns_filter/v3alpha/dns_filter.proto   | 40 +++++++++++-----
 versioning/BUILD                              |  3 +-
 6 files changed, 31 insertions(+), 77 deletions(-)
 delete mode 100644 envoy/config/filter/udp/dns_filter/v2alpha/BUILD
 delete mode 100644 envoy/config/filter/udp/dns_filter/v2alpha/dns_filter.proto
 rename envoy/extensions/{filter => filters}/udp/dns_filter/v3alpha/BUILD (84%)
 rename envoy/extensions/{filter => filters}/udp/dns_filter/v3alpha/dns_filter.proto (50%)

diff --git a/BUILD b/BUILD
index d52653eb..fe373e45 100644
--- a/BUILD
+++ b/BUILD
@@ -81,7 +81,6 @@ proto_library(
         "//envoy/config/filter/network/zookeeper_proxy/v1alpha1:pkg",
         "//envoy/config/filter/thrift/rate_limit/v2alpha1:pkg",
         "//envoy/config/filter/thrift/router/v2alpha1:pkg",
-        "//envoy/config/filter/udp/dns_filter/v2alpha:pkg",
         "//envoy/config/filter/udp/udp_proxy/v2alpha:pkg",
         "//envoy/config/grpc_credential/v2alpha:pkg",
         "//envoy/config/health_checker/redis/v2:pkg",
@@ -162,7 +161,6 @@ proto_library(
         "//envoy/extensions/common/dynamic_forward_proxy/v3:pkg",
         "//envoy/extensions/common/ratelimit/v3:pkg",
         "//envoy/extensions/common/tap/v3:pkg",
-        "//envoy/extensions/filter/udp/dns_filter/v3alpha:pkg",
         "//envoy/extensions/filters/common/fault/v3:pkg",
         "//envoy/extensions/filters/http/adaptive_concurrency/v3:pkg",
         "//envoy/extensions/filters/http/aws_lambda/v3:pkg",
@@ -221,6 +219,7 @@ proto_library(
         "//envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v3:pkg",
         "//envoy/extensions/filters/network/thrift_proxy/v3:pkg",
         "//envoy/extensions/filters/network/zookeeper_proxy/v3:pkg",
+        "//envoy/extensions/filters/udp/dns_filter/v3alpha:pkg",
         "//envoy/extensions/retry/host/omit_host_metadata/v3:pkg",
         "//envoy/extensions/retry/priority/previous_priorities/v3:pkg",
         "//envoy/extensions/transport_sockets/alts/v3:pkg",
diff --git a/envoy/config/filter/udp/dns_filter/v2alpha/BUILD b/envoy/config/filter/udp/dns_filter/v2alpha/BUILD
deleted file mode 100644
index c6f01577..00000000
--- a/envoy/config/filter/udp/dns_filter/v2alpha/BUILD
+++ /dev/null
@@ -1,13 +0,0 @@
-# DO NOT EDIT. This file is generated by tools/proto_sync.py.
-
-load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
-
-licenses(["notice"])  # Apache 2
-
-api_proto_package(
-    deps = [
-        "//envoy/api/v2/core:pkg",
-        "//envoy/data/dns/v2alpha:pkg",
-        "@com_github_cncf_udpa//udpa/annotations:pkg",
-    ],
-)
diff --git a/envoy/config/filter/udp/dns_filter/v2alpha/dns_filter.proto b/envoy/config/filter/udp/dns_filter/v2alpha/dns_filter.proto
deleted file mode 100644
index de2608d4..00000000
--- a/envoy/config/filter/udp/dns_filter/v2alpha/dns_filter.proto
+++ /dev/null
@@ -1,48 +0,0 @@
-syntax = "proto3";
-
-package envoy.config.filter.udp.dns_filter.v2alpha;
-
-import "envoy/api/v2/core/base.proto";
-import "envoy/data/dns/v2alpha/dns_table.proto";
-
-import "udpa/annotations/migrate.proto";
-import "udpa/annotations/status.proto";
-import "validate/validate.proto";
-
-option java_package = "io.envoyproxy.envoy.config.filter.udp.dns_filter.v2alpha";
-option java_outer_classname = "DnsFilterProto";
-option java_multiple_files = true;
-option (udpa.annotations.file_migrate).move_to_package =
-    "envoy.extensions.filter.udp.dns_filter.v3alpha";
-option (udpa.annotations.file_status).work_in_progress = true;
-option (udpa.annotations.file_status).package_version_status = FROZEN;
-
-// [#protodoc-title: DNS Filter]
-// DNS Filter :ref:`configuration overview <config_udp_listener_filters_dns_filter>`.
-// [#extension: envoy.filters.udp_listener.dns_filter]
-
-// Configuration for the DNS filter.
-message DnsFilterConfig {
-  // This message contains the configuration for the Dns Filter operating
-  // in a server context. This message will contain the virtual hosts and
-  // associated addresses with which Envoy will respond to queries
-  message ServerContextConfig {
-    oneof config_source {
-      option (validate.required) = true;
-
-      // Load the configuration specified from the control plane
-      data.dns.v2alpha.DnsTable inline_dns_table = 1;
-
-      // Seed the filter configuration from an external path. This source
-      // is a yaml formatted file that contains the DnsTable driving Envoy's
-      // responses to DNS queries
-      api.v2.core.DataSource external_dns_table = 2;
-    }
-  }
-
-  // The stat prefix used when emitting DNS filter statistics
-  string stat_prefix = 1 [(validate.rules).string = {min_len: 1}];
-
-  // Server context configuration
-  ServerContextConfig server_config = 2;
-}
diff --git a/envoy/extensions/filter/udp/dns_filter/v3alpha/BUILD b/envoy/extensions/filters/udp/dns_filter/v3alpha/BUILD
similarity index 84%
rename from envoy/extensions/filter/udp/dns_filter/v3alpha/BUILD
rename to envoy/extensions/filters/udp/dns_filter/v3alpha/BUILD
index d011b4d8..dbf0a33e 100644
--- a/envoy/extensions/filter/udp/dns_filter/v3alpha/BUILD
+++ b/envoy/extensions/filters/udp/dns_filter/v3alpha/BUILD
@@ -7,7 +7,6 @@ licenses(["notice"])  # Apache 2
 api_proto_package(
     deps = [
         "//envoy/config/core/v3:pkg",
-        "//envoy/config/filter/udp/dns_filter/v2alpha:pkg",
         "//envoy/data/dns/v3:pkg",
         "@com_github_cncf_udpa//udpa/annotations:pkg",
     ],
diff --git a/envoy/extensions/filter/udp/dns_filter/v3alpha/dns_filter.proto b/envoy/extensions/filters/udp/dns_filter/v3alpha/dns_filter.proto
similarity index 50%
rename from envoy/extensions/filter/udp/dns_filter/v3alpha/dns_filter.proto
rename to envoy/extensions/filters/udp/dns_filter/v3alpha/dns_filter.proto
index 38a8872d..ed9d1c27 100644
--- a/envoy/extensions/filter/udp/dns_filter/v3alpha/dns_filter.proto
+++ b/envoy/extensions/filters/udp/dns_filter/v3alpha/dns_filter.proto
@@ -1,15 +1,16 @@
 syntax = "proto3";
 
-package envoy.extensions.filter.udp.dns_filter.v3alpha;
+package envoy.extensions.filters.udp.dns_filter.v3alpha;
 
 import "envoy/config/core/v3/base.proto";
 import "envoy/data/dns/v3/dns_table.proto";
 
+import "google/protobuf/duration.proto";
+
 import "udpa/annotations/status.proto";
-import "udpa/annotations/versioning.proto";
 import "validate/validate.proto";
 
-option java_package = "io.envoyproxy.envoy.extensions.filter.udp.dns_filter.v3alpha";
+option java_package = "io.envoyproxy.envoy.extensions.filters.udp.dns_filter.v3alpha";
 option java_outer_classname = "DnsFilterProto";
 option java_multiple_files = true;
 option (udpa.annotations.file_status).work_in_progress = true;
@@ -21,16 +22,10 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 
 // Configuration for the DNS filter.
 message DnsFilterConfig {
-  option (udpa.annotations.versioning).previous_message_type =
-      "envoy.config.filter.udp.dns_filter.v2alpha.DnsFilterConfig";
-
-  // This message contains the configuration for the Dns Filter operating
+  // This message contains the configuration for the DNS Filter operating
   // in a server context. This message will contain the virtual hosts and
   // associated addresses with which Envoy will respond to queries
   message ServerContextConfig {
-    option (udpa.annotations.versioning).previous_message_type =
-        "envoy.config.filter.udp.dns_filter.v2alpha.DnsFilterConfig.ServerContextConfig";
-
     oneof config_source {
       option (validate.required) = true;
 
@@ -44,9 +39,32 @@ message DnsFilterConfig {
     }
   }
 
+  // This message contains the configuration for the DNS Filter operating
+  // in a client context. This message will contain the timeouts, retry,
+  // and forwarding configuration for Envoy to make DNS requests to other
+  // resolvers
+  message ClientContextConfig {
+    // Sets the maximum time we will wait for the upstream query to complete
+    // We allow 5s for the upstream resolution to complete, so the minimum
+    // value here is 5
+    google.protobuf.Duration resolver_timeout = 1 [(validate.rules).duration = {gte {seconds: 5}}];
+
+    // A list of DNS servers to which we can forward queries
+    repeated string upstream_resolvers = 2 [(validate.rules).repeated = {
+      min_items: 1
+      items {string {min_len: 3}}
+    }];
+  }
+
   // The stat prefix used when emitting DNS filter statistics
   string stat_prefix = 1 [(validate.rules).string = {min_len: 1}];
 
-  // Server context configuration
+  // Server context configuration contains the data that the filter uses to respond
+  // to DNS requests.
   ServerContextConfig server_config = 2;
+
+  // Client context configuration controls Envoy's behavior when it must use external
+  // resolvers to answer a query. This object is optional and if omitted instructs
+  // the filter to resolve queries from the data in the server_config
+  ClientContextConfig client_config = 3;
 }
diff --git a/versioning/BUILD b/versioning/BUILD
index f1a0d244..992e9a33 100644
--- a/versioning/BUILD
+++ b/versioning/BUILD
@@ -44,7 +44,6 @@ proto_library(
         "//envoy/extensions/common/dynamic_forward_proxy/v3:pkg",
         "//envoy/extensions/common/ratelimit/v3:pkg",
         "//envoy/extensions/common/tap/v3:pkg",
-        "//envoy/extensions/filter/udp/dns_filter/v3alpha:pkg",
         "//envoy/extensions/filters/common/fault/v3:pkg",
         "//envoy/extensions/filters/http/adaptive_concurrency/v3:pkg",
         "//envoy/extensions/filters/http/aws_lambda/v3:pkg",
@@ -103,6 +102,7 @@ proto_library(
         "//envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v3:pkg",
         "//envoy/extensions/filters/network/thrift_proxy/v3:pkg",
         "//envoy/extensions/filters/network/zookeeper_proxy/v3:pkg",
+        "//envoy/extensions/filters/udp/dns_filter/v3alpha:pkg",
         "//envoy/extensions/retry/host/omit_host_metadata/v3:pkg",
         "//envoy/extensions/retry/priority/previous_priorities/v3:pkg",
         "//envoy/extensions/transport_sockets/alts/v3:pkg",
@@ -211,7 +211,6 @@ proto_library(
         "//envoy/config/filter/network/thrift_proxy/v2alpha1:pkg",
         "//envoy/config/filter/network/zookeeper_proxy/v1alpha1:pkg",
         "//envoy/config/filter/thrift/rate_limit/v2alpha1:pkg",
-        "//envoy/config/filter/udp/dns_filter/v2alpha:pkg",
         "//envoy/config/grpc_credential/v2alpha:pkg",
         "//envoy/config/listener/v2:pkg",
         "//envoy/config/metrics/v2:pkg",