1// Copyright 2020 Istio Authors 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15package networking 16 17import ( 18 xdsapi "github.com/envoyproxy/go-control-plane/envoy/api/v2" 19 auth "github.com/envoyproxy/go-control-plane/envoy/api/v2/auth" 20 core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" 21 listener "github.com/envoyproxy/go-control-plane/envoy/api/v2/listener" 22 http_conn "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/http_connection_manager/v2" 23 thrift_proxy "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/thrift_proxy/v2alpha1" 24 25 "istio.io/istio/pilot/pkg/features" 26 "istio.io/istio/pilot/pkg/model" 27 "istio.io/istio/pkg/config/protocol" 28) 29 30// ListenerProtocol is the protocol associated with the listener. 31type ListenerProtocol int 32 33const ( 34 // ListenerProtocolUnknown is an unknown type of listener. 35 ListenerProtocolUnknown = iota 36 // ListenerProtocolTCP is a TCP listener. 37 ListenerProtocolTCP 38 // ListenerProtocolHTTP is an HTTP listener. 39 ListenerProtocolHTTP 40 // ListenerProtocolThrift is a Thrift listener. 41 ListenerProtocolThrift 42 // ListenerProtocolAuto enables auto protocol detection 43 ListenerProtocolAuto 44) 45 46// ModelProtocolToListenerProtocol converts from a config.Protocol to its corresponding plugin.ListenerProtocol 47func ModelProtocolToListenerProtocol(node *model.Proxy, p protocol.Instance, 48 trafficDirection core.TrafficDirection) ListenerProtocol { 49 // If protocol sniffing is not enabled, the default value is TCP 50 if p == protocol.Unsupported { 51 switch trafficDirection { 52 case core.TrafficDirection_INBOUND: 53 if !features.EnableProtocolSniffingForInbound { 54 p = protocol.TCP 55 } 56 case core.TrafficDirection_OUTBOUND: 57 if !features.EnableProtocolSniffingForOutbound { 58 p = protocol.TCP 59 } 60 default: 61 // Should not reach here. 62 } 63 } 64 65 switch p { 66 case protocol.HTTP, protocol.HTTP2, protocol.GRPC, protocol.GRPCWeb: 67 return ListenerProtocolHTTP 68 case protocol.TCP, protocol.HTTPS, protocol.TLS, 69 protocol.Mongo, protocol.Redis, protocol.MySQL: 70 return ListenerProtocolTCP 71 case protocol.Thrift: 72 if features.EnableThriftFilter { 73 return ListenerProtocolThrift 74 } 75 return ListenerProtocolTCP 76 case protocol.UDP: 77 return ListenerProtocolUnknown 78 case protocol.Unsupported: 79 return ListenerProtocolAuto 80 default: 81 // Should not reach here. 82 return ListenerProtocolAuto 83 } 84} 85 86// FilterChain describes a set of filters (HTTP or TCP) with a shared TLS context. 87type FilterChain struct { 88 // FilterChainMatch is the match used to select the filter chain. 89 FilterChainMatch *listener.FilterChainMatch 90 // TLSContext is the TLS settings for this filter chains. 91 TLSContext *auth.DownstreamTlsContext 92 // ListenerFilters are the filters needed for the whole listener, not particular to this 93 // filter chain. 94 ListenerFilters []*listener.ListenerFilter 95 // ListenerProtocol indicates whether this filter chain is for HTTP or TCP 96 // Note that HTTP filter chains can also have network filters 97 ListenerProtocol ListenerProtocol 98 // HTTP is the set of HTTP filters for this filter chain 99 HTTP []*http_conn.HttpFilter 100 // Thrift is the set of Thrift filters for this filter chain 101 Thrift []*thrift_proxy.ThriftFilter 102 // TCP is the set of network (TCP) filters for this filter chain. 103 TCP []*listener.Filter 104 // IsFallthrough indicates if the filter chain is fallthrough. 105 IsFallThrough bool 106} 107 108// MutableObjects is a set of objects passed to On*Listener callbacks. Fields may be nil or empty. 109// Any lists should not be overridden, but rather only appended to. 110// Non-list fields may be mutated; however it's not recommended to do this since it can affect other plugins in the 111// chain in unpredictable ways. 112type MutableObjects struct { 113 // Listener is the listener being built. Must be initialized before Plugin methods are called. 114 Listener *xdsapi.Listener 115 116 // FilterChains is the set of filter chains that will be attached to Listener. 117 FilterChains []FilterChain 118} 119