listener

package
v0.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 25, 2018 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrInvalidLengthListener = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowListener   = fmt.Errorf("proto: integer overflow")
)

Functions

This section is empty.

Types

type Filter

type Filter struct {
	// The name of the filter to instantiate. The name must match a supported
	// filter. The built-in filters are:
	//
	// [#comment:TODO(mattklein123): Auto generate the following list]
	// * :ref:`envoy.client_ssl_auth<config_network_filters_client_ssl_auth>`
	// * :ref:`envoy.echo <config_network_filters_echo>`
	// * :ref:`envoy.http_connection_manager <config_http_conn_man>`
	// * :ref:`envoy.mongo_proxy <config_network_filters_mongo_proxy>`
	// * :ref:`envoy.ratelimit <config_network_filters_rate_limit>`
	// * :ref:`envoy.redis_proxy <config_network_filters_redis_proxy>`
	// * :ref:`envoy.tcp_proxy <config_network_filters_tcp_proxy>`
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Filter specific configuration which depends on the filter being
	// instantiated. See the supported filters for further documentation.
	Config *types.Struct `protobuf:"bytes,2,opt,name=config" json:"config,omitempty"`
	// [#not-implemented-hide:]
	DeprecatedV1         *Filter_DeprecatedV1 `protobuf:"bytes,3,opt,name=deprecated_v1,json=deprecatedV1" json:"deprecated_v1,omitempty"` // Deprecated: Do not use.
	XXX_NoUnkeyedLiteral struct{}             `json:"-"`
	XXX_unrecognized     []byte               `json:"-"`
	XXX_sizecache        int32                `json:"-"`
}

func (*Filter) Descriptor

func (*Filter) Descriptor() ([]byte, []int)

func (*Filter) Equal

func (this *Filter) Equal(that interface{}) bool

func (*Filter) GetConfig

func (m *Filter) GetConfig() *types.Struct

func (*Filter) GetDeprecatedV1 deprecated

func (m *Filter) GetDeprecatedV1() *Filter_DeprecatedV1

Deprecated: Do not use.

func (*Filter) GetName

func (m *Filter) GetName() string

func (*Filter) Marshal

func (m *Filter) Marshal() (dAtA []byte, err error)

func (*Filter) MarshalTo

func (m *Filter) MarshalTo(dAtA []byte) (int, error)

func (*Filter) ProtoMessage

func (*Filter) ProtoMessage()

func (*Filter) Reset

func (m *Filter) Reset()

func (*Filter) Size

func (m *Filter) Size() (n int)

func (*Filter) String

func (m *Filter) String() string

func (*Filter) Unmarshal

func (m *Filter) Unmarshal(dAtA []byte) error

func (*Filter) Validate

func (m *Filter) Validate() error

Validate checks the field values on Filter with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*Filter) XXX_DiscardUnknown

func (m *Filter) XXX_DiscardUnknown()

func (*Filter) XXX_Marshal

func (m *Filter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Filter) XXX_Merge

func (dst *Filter) XXX_Merge(src proto.Message)

func (*Filter) XXX_Size

func (m *Filter) XXX_Size() int

func (*Filter) XXX_Unmarshal

func (m *Filter) XXX_Unmarshal(b []byte) error

type FilterChain

type FilterChain struct {
	// The criteria to use when matching a connection to this filter chain.
	FilterChainMatch *FilterChainMatch `protobuf:"bytes,1,opt,name=filter_chain_match,json=filterChainMatch" json:"filter_chain_match,omitempty"`
	// The TLS context for this filter chain.
	TlsContext *auth.DownstreamTlsContext `protobuf:"bytes,2,opt,name=tls_context,json=tlsContext" json:"tls_context,omitempty"`
	// A list of individual network filters that make up the filter chain for
	// connections established with the listener. Order matters as the filters are
	// processed sequentially as connection events happen. Note: If the filter
	// list is empty, the connection will close by default.
	Filters []Filter `protobuf:"bytes,3,rep,name=filters" json:"filters"`
	// Whether the listener should expect a PROXY protocol V1 header on new
	// connections. If this option is enabled, the listener will assume that that
	// remote address of the connection is the one specified in the header. Some
	// load balancers including the AWS ELB support this option. If the option is
	// absent or set to false, Envoy will use the physical peer address of the
	// connection as the remote address.
	UseProxyProto *types.BoolValue `protobuf:"bytes,4,opt,name=use_proxy_proto,json=useProxyProto" json:"use_proxy_proto,omitempty"`
	// [#not-implemented-hide:] filter chain metadata.
	Metadata *core.Metadata `protobuf:"bytes,5,opt,name=metadata" json:"metadata,omitempty"`
	// See :ref:`base.TransportSocket<envoy_api_msg_core.TransportSocket>` description.
	TransportSocket      *core.TransportSocket `protobuf:"bytes,6,opt,name=transport_socket,json=transportSocket" json:"transport_socket,omitempty"`
	XXX_NoUnkeyedLiteral struct{}              `json:"-"`
	XXX_unrecognized     []byte                `json:"-"`
	XXX_sizecache        int32                 `json:"-"`
}

A filter chain wraps a set of match criteria, an option TLS context, a set of filters, and various other parameters.

func (*FilterChain) Descriptor

func (*FilterChain) Descriptor() ([]byte, []int)

func (*FilterChain) Equal

func (this *FilterChain) Equal(that interface{}) bool

func (*FilterChain) GetFilterChainMatch

func (m *FilterChain) GetFilterChainMatch() *FilterChainMatch

func (*FilterChain) GetFilters

func (m *FilterChain) GetFilters() []Filter

func (*FilterChain) GetMetadata

func (m *FilterChain) GetMetadata() *core.Metadata

func (*FilterChain) GetTlsContext

func (m *FilterChain) GetTlsContext() *auth.DownstreamTlsContext

func (*FilterChain) GetTransportSocket

func (m *FilterChain) GetTransportSocket() *core.TransportSocket

func (*FilterChain) GetUseProxyProto

func (m *FilterChain) GetUseProxyProto() *types.BoolValue

func (*FilterChain) Marshal

func (m *FilterChain) Marshal() (dAtA []byte, err error)

func (*FilterChain) MarshalTo

func (m *FilterChain) MarshalTo(dAtA []byte) (int, error)

func (*FilterChain) ProtoMessage

func (*FilterChain) ProtoMessage()

func (*FilterChain) Reset

func (m *FilterChain) Reset()

func (*FilterChain) Size

func (m *FilterChain) Size() (n int)

func (*FilterChain) String

func (m *FilterChain) String() string

func (*FilterChain) Unmarshal

func (m *FilterChain) Unmarshal(dAtA []byte) error

func (*FilterChain) Validate

func (m *FilterChain) Validate() error

Validate checks the field values on FilterChain with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*FilterChain) XXX_DiscardUnknown

func (m *FilterChain) XXX_DiscardUnknown()

func (*FilterChain) XXX_Marshal

func (m *FilterChain) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*FilterChain) XXX_Merge

func (dst *FilterChain) XXX_Merge(src proto.Message)

func (*FilterChain) XXX_Size

func (m *FilterChain) XXX_Size() int

func (*FilterChain) XXX_Unmarshal

func (m *FilterChain) XXX_Unmarshal(b []byte) error

type FilterChainMatch

type FilterChainMatch struct {
	// Optional destination port to consider when use_original_dst is set on the
	// listener in determining a filter chain match.
	DestinationPort *types.UInt32Value `protobuf:"bytes,8,opt,name=destination_port,json=destinationPort" json:"destination_port,omitempty"`
	// If non-empty, an IP address and prefix length to match addresses when the
	// listener is bound to 0.0.0.0/:: or when use_original_dst is specified.
	PrefixRanges []*core.CidrRange `protobuf:"bytes,3,rep,name=prefix_ranges,json=prefixRanges" json:"prefix_ranges,omitempty"`
	// If non-empty, an IP address and suffix length to match addresses when the
	// listener is bound to 0.0.0.0/:: or when use_original_dst is specified.
	// [#not-implemented-hide:]
	AddressSuffix string `protobuf:"bytes,4,opt,name=address_suffix,json=addressSuffix,proto3" json:"address_suffix,omitempty"`
	// [#not-implemented-hide:]
	SuffixLen *types.UInt32Value `protobuf:"bytes,5,opt,name=suffix_len,json=suffixLen" json:"suffix_len,omitempty"`
	// The criteria is satisfied if the source IP address of the downstream
	// connection is contained in at least one of the specified subnets. If the
	// parameter is not specified or the list is empty, the source IP address is
	// ignored.
	// [#not-implemented-hide:]
	SourcePrefixRanges []*core.CidrRange `protobuf:"bytes,6,rep,name=source_prefix_ranges,json=sourcePrefixRanges" json:"source_prefix_ranges,omitempty"`
	// The criteria is satisfied if the source port of the downstream connection
	// is contained in at least one of the specified ports. If the parameter is
	// not specified, the source port is ignored.
	// [#not-implemented-hide:]
	SourcePorts []*types.UInt32Value `protobuf:"bytes,7,rep,name=source_ports,json=sourcePorts" json:"source_ports,omitempty"`
	// If non-empty, a list of server names (e.g. SNI for TLS protocol) to consider when determining
	// a filter chain match. Those values will be compared against the server names of a new
	// connection, when detected by one of the listener filters.
	//
	// The server name will be matched against all wildcard domains, i.e. “www.example.com“
	// will be first matched against “www.example.com“, then “*.example.com“, then “*.com“.
	//
	// Note that partial wildcards are not supported, and values like “*w.example.com“ are invalid.
	//
	// .. attention::
	//
	//   See the :ref:`FAQ entry <faq_how_to_setup_sni>` on how to configure SNI for more
	//   information.
	ServerNames []string `protobuf:"bytes,11,rep,name=server_names,json=serverNames" json:"server_names,omitempty"`
	// If non-empty, a transport protocol to consider when determining a filter chain match.
	// This value will be compared against the transport protocol of a new connection, when
	// it's detected by one of the listener filters.
	//
	// Suggested values include:
	//
	// * “raw_buffer“ - default, used when no transport protocol is detected,
	// * “tls“ - set by :ref:`envoy.listener.tls_inspector <config_listener_filters_tls_inspector>`
	//   when TLS protocol is detected.
	TransportProtocol string `protobuf:"bytes,9,opt,name=transport_protocol,json=transportProtocol,proto3" json:"transport_protocol,omitempty"`
	// If non-empty, a list of application protocols (e.g. ALPN for TLS protocol) to consider when
	// determining a filter chain match. Those values will be compared against the application
	// protocols of a new connection, when detected by one of the listener filters.
	//
	// Suggested values include:
	//
	// * “http/1.1“ - set by :ref:`envoy.listener.tls_inspector
	//   <config_listener_filters_tls_inspector>`,
	// * “h2“ - set by :ref:`envoy.listener.tls_inspector <config_listener_filters_tls_inspector>`
	//
	// .. attention::
	//
	//   Currently, only :ref:`TLS Inspector <config_listener_filters_tls_inspector>` provides
	//   application protocol detection based on the requested
	//   `ALPN <https://en.wikipedia.org/wiki/Application-Layer_Protocol_Negotiation>`_ values.
	//
	//   However, the use of ALPN is pretty much limited to the HTTP/2 traffic on the Internet,
	//   and matching on values other than “h2“ is going to lead to a lot of false negatives,
	//   unless all connecting clients are known to use ALPN.
	ApplicationProtocols []string `protobuf:"bytes,10,rep,name=application_protocols,json=applicationProtocols" json:"application_protocols,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Specifies the match criteria for selecting a specific filter chain for a listener.

In order for a filter chain to be selected, *ALL* of its criteria must be fulfilled by the incoming connection, properties of which are set by the networking stack and/or listener filters.

The following order applies:

1. Destination port. 2. Destination IP address. 3. Server name (e.g. SNI for TLS protocol), 4. Transport protocol. 5. Application protocols (e.g. ALPN for TLS protocol).

For criterias that allow ranges or wildcards, the most specific value in any of the configured filter chains that matches the incoming connection is going to be used (e.g. for SNI “www.example.com“ the most specific match would be “www.example.com“, then “*.example.com“, then “*.com“, then any filter chain without “server_names“ requirements).

[#comment: Implemented rules are kept in the preference order, with deprecated fields listed at the end, because that's how we want to list them in the docs.

[#comment:TODO(PiotrSikora): Add support for configurable precedence of the rules]

func (*FilterChainMatch) Descriptor

func (*FilterChainMatch) Descriptor() ([]byte, []int)

func (*FilterChainMatch) Equal

func (this *FilterChainMatch) Equal(that interface{}) bool

func (*FilterChainMatch) GetAddressSuffix

func (m *FilterChainMatch) GetAddressSuffix() string

func (*FilterChainMatch) GetApplicationProtocols

func (m *FilterChainMatch) GetApplicationProtocols() []string

func (*FilterChainMatch) GetDestinationPort

func (m *FilterChainMatch) GetDestinationPort() *types.UInt32Value

func (*FilterChainMatch) GetPrefixRanges

func (m *FilterChainMatch) GetPrefixRanges() []*core.CidrRange

func (*FilterChainMatch) GetServerNames

func (m *FilterChainMatch) GetServerNames() []string

func (*FilterChainMatch) GetSourcePorts

func (m *FilterChainMatch) GetSourcePorts() []*types.UInt32Value

func (*FilterChainMatch) GetSourcePrefixRanges

func (m *FilterChainMatch) GetSourcePrefixRanges() []*core.CidrRange

func (*FilterChainMatch) GetSuffixLen

func (m *FilterChainMatch) GetSuffixLen() *types.UInt32Value

func (*FilterChainMatch) GetTransportProtocol

func (m *FilterChainMatch) GetTransportProtocol() string

func (*FilterChainMatch) Marshal

func (m *FilterChainMatch) Marshal() (dAtA []byte, err error)

func (*FilterChainMatch) MarshalTo

func (m *FilterChainMatch) MarshalTo(dAtA []byte) (int, error)

func (*FilterChainMatch) ProtoMessage

func (*FilterChainMatch) ProtoMessage()

func (*FilterChainMatch) Reset

func (m *FilterChainMatch) Reset()

func (*FilterChainMatch) Size

func (m *FilterChainMatch) Size() (n int)

func (*FilterChainMatch) String

func (m *FilterChainMatch) String() string

func (*FilterChainMatch) Unmarshal

func (m *FilterChainMatch) Unmarshal(dAtA []byte) error

func (*FilterChainMatch) Validate

func (m *FilterChainMatch) Validate() error

Validate checks the field values on FilterChainMatch with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*FilterChainMatch) XXX_DiscardUnknown

func (m *FilterChainMatch) XXX_DiscardUnknown()

func (*FilterChainMatch) XXX_Marshal

func (m *FilterChainMatch) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*FilterChainMatch) XXX_Merge

func (dst *FilterChainMatch) XXX_Merge(src proto.Message)

func (*FilterChainMatch) XXX_Size

func (m *FilterChainMatch) XXX_Size() int

func (*FilterChainMatch) XXX_Unmarshal

func (m *FilterChainMatch) XXX_Unmarshal(b []byte) error

type FilterChainMatchValidationError

type FilterChainMatchValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

FilterChainMatchValidationError is the validation error returned by FilterChainMatch.Validate if the designated constraints aren't met.

func (FilterChainMatchValidationError) Error

Error satisfies the builtin error interface

type FilterChainValidationError

type FilterChainValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

FilterChainValidationError is the validation error returned by FilterChain.Validate if the designated constraints aren't met.

func (FilterChainValidationError) Error

Error satisfies the builtin error interface

type FilterValidationError

type FilterValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

FilterValidationError is the validation error returned by Filter.Validate if the designated constraints aren't met.

func (FilterValidationError) Error

func (e FilterValidationError) Error() string

Error satisfies the builtin error interface

type Filter_DeprecatedV1

type Filter_DeprecatedV1 struct {
	Type                 string   `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

[#not-implemented-hide:]

func (*Filter_DeprecatedV1) Descriptor

func (*Filter_DeprecatedV1) Descriptor() ([]byte, []int)

func (*Filter_DeprecatedV1) Equal

func (this *Filter_DeprecatedV1) Equal(that interface{}) bool

func (*Filter_DeprecatedV1) GetType

func (m *Filter_DeprecatedV1) GetType() string

func (*Filter_DeprecatedV1) Marshal

func (m *Filter_DeprecatedV1) Marshal() (dAtA []byte, err error)

func (*Filter_DeprecatedV1) MarshalTo

func (m *Filter_DeprecatedV1) MarshalTo(dAtA []byte) (int, error)

func (*Filter_DeprecatedV1) ProtoMessage

func (*Filter_DeprecatedV1) ProtoMessage()

func (*Filter_DeprecatedV1) Reset

func (m *Filter_DeprecatedV1) Reset()

func (*Filter_DeprecatedV1) Size

func (m *Filter_DeprecatedV1) Size() (n int)

func (*Filter_DeprecatedV1) String

func (m *Filter_DeprecatedV1) String() string

func (*Filter_DeprecatedV1) Unmarshal

func (m *Filter_DeprecatedV1) Unmarshal(dAtA []byte) error

func (*Filter_DeprecatedV1) Validate

func (m *Filter_DeprecatedV1) Validate() error

Validate checks the field values on Filter_DeprecatedV1 with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*Filter_DeprecatedV1) XXX_DiscardUnknown

func (m *Filter_DeprecatedV1) XXX_DiscardUnknown()

func (*Filter_DeprecatedV1) XXX_Marshal

func (m *Filter_DeprecatedV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Filter_DeprecatedV1) XXX_Merge

func (dst *Filter_DeprecatedV1) XXX_Merge(src proto.Message)

func (*Filter_DeprecatedV1) XXX_Size

func (m *Filter_DeprecatedV1) XXX_Size() int

func (*Filter_DeprecatedV1) XXX_Unmarshal

func (m *Filter_DeprecatedV1) XXX_Unmarshal(b []byte) error

type Filter_DeprecatedV1ValidationError

type Filter_DeprecatedV1ValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

Filter_DeprecatedV1ValidationError is the validation error returned by Filter_DeprecatedV1.Validate if the designated constraints aren't met.

func (Filter_DeprecatedV1ValidationError) Error

Error satisfies the builtin error interface

type ListenerFilter

type ListenerFilter struct {
	// The name of the filter to instantiate. The name must match a supported
	// filter. The built-in filters are:
	//
	// [#comment:TODO(mattklein123): Auto generate the following list]
	// * :ref:`envoy.listener.original_dst <config_listener_filters_original_dst>`
	// * :ref:`envoy.listener.tls_inspector <config_listener_filters_tls_inspector>`
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Filter specific configuration which depends on the filter being
	// instantiated. See the supported filters for further documentation.
	Config               *types.Struct `protobuf:"bytes,2,opt,name=config" json:"config,omitempty"`
	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
	XXX_unrecognized     []byte        `json:"-"`
	XXX_sizecache        int32         `json:"-"`
}

func (*ListenerFilter) Descriptor

func (*ListenerFilter) Descriptor() ([]byte, []int)

func (*ListenerFilter) Equal

func (this *ListenerFilter) Equal(that interface{}) bool

func (*ListenerFilter) GetConfig

func (m *ListenerFilter) GetConfig() *types.Struct

func (*ListenerFilter) GetName

func (m *ListenerFilter) GetName() string

func (*ListenerFilter) Marshal

func (m *ListenerFilter) Marshal() (dAtA []byte, err error)

func (*ListenerFilter) MarshalTo

func (m *ListenerFilter) MarshalTo(dAtA []byte) (int, error)

func (*ListenerFilter) ProtoMessage

func (*ListenerFilter) ProtoMessage()

func (*ListenerFilter) Reset

func (m *ListenerFilter) Reset()

func (*ListenerFilter) Size

func (m *ListenerFilter) Size() (n int)

func (*ListenerFilter) String

func (m *ListenerFilter) String() string

func (*ListenerFilter) Unmarshal

func (m *ListenerFilter) Unmarshal(dAtA []byte) error

func (*ListenerFilter) Validate

func (m *ListenerFilter) Validate() error

Validate checks the field values on ListenerFilter with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*ListenerFilter) XXX_DiscardUnknown

func (m *ListenerFilter) XXX_DiscardUnknown()

func (*ListenerFilter) XXX_Marshal

func (m *ListenerFilter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ListenerFilter) XXX_Merge

func (dst *ListenerFilter) XXX_Merge(src proto.Message)

func (*ListenerFilter) XXX_Size

func (m *ListenerFilter) XXX_Size() int

func (*ListenerFilter) XXX_Unmarshal

func (m *ListenerFilter) XXX_Unmarshal(b []byte) error

type ListenerFilterValidationError

type ListenerFilterValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

ListenerFilterValidationError is the validation error returned by ListenerFilter.Validate if the designated constraints aren't met.

func (ListenerFilterValidationError) Error

Error satisfies the builtin error interface

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL