1// Copyright 2020 Istio Authors
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15package networking
16
17import (
18	xdsapi "github.com/envoyproxy/go-control-plane/envoy/api/v2"
19	auth "github.com/envoyproxy/go-control-plane/envoy/api/v2/auth"
20	core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core"
21	listener "github.com/envoyproxy/go-control-plane/envoy/api/v2/listener"
22	http_conn "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/http_connection_manager/v2"
23	thrift_proxy "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/thrift_proxy/v2alpha1"
24
25	"istio.io/istio/pilot/pkg/features"
26	"istio.io/istio/pilot/pkg/model"
27	"istio.io/istio/pkg/config/protocol"
28)
29
30// ListenerProtocol is the protocol associated with the listener.
31type ListenerProtocol int
32
33const (
34	// ListenerProtocolUnknown is an unknown type of listener.
35	ListenerProtocolUnknown = iota
36	// ListenerProtocolTCP is a TCP listener.
37	ListenerProtocolTCP
38	// ListenerProtocolHTTP is an HTTP listener.
39	ListenerProtocolHTTP
40	// ListenerProtocolThrift is a Thrift listener.
41	ListenerProtocolThrift
42	// ListenerProtocolAuto enables auto protocol detection
43	ListenerProtocolAuto
44)
45
46// ModelProtocolToListenerProtocol converts from a config.Protocol to its corresponding plugin.ListenerProtocol
47func ModelProtocolToListenerProtocol(node *model.Proxy, p protocol.Instance,
48	trafficDirection core.TrafficDirection) ListenerProtocol {
49	// If protocol sniffing is not enabled, the default value is TCP
50	if p == protocol.Unsupported {
51		switch trafficDirection {
52		case core.TrafficDirection_INBOUND:
53			if !features.EnableProtocolSniffingForInbound {
54				p = protocol.TCP
55			}
56		case core.TrafficDirection_OUTBOUND:
57			if !features.EnableProtocolSniffingForOutbound {
58				p = protocol.TCP
59			}
60		default:
61			// Should not reach here.
62		}
63	}
64
65	switch p {
66	case protocol.HTTP, protocol.HTTP2, protocol.GRPC, protocol.GRPCWeb:
67		return ListenerProtocolHTTP
68	case protocol.TCP, protocol.HTTPS, protocol.TLS,
69		protocol.Mongo, protocol.Redis, protocol.MySQL:
70		return ListenerProtocolTCP
71	case protocol.Thrift:
72		if features.EnableThriftFilter {
73			return ListenerProtocolThrift
74		}
75		return ListenerProtocolTCP
76	case protocol.UDP:
77		return ListenerProtocolUnknown
78	case protocol.Unsupported:
79		return ListenerProtocolAuto
80	default:
81		// Should not reach here.
82		return ListenerProtocolAuto
83	}
84}
85
86// FilterChain describes a set of filters (HTTP or TCP) with a shared TLS context.
87type FilterChain struct {
88	// FilterChainMatch is the match used to select the filter chain.
89	FilterChainMatch *listener.FilterChainMatch
90	// TLSContext is the TLS settings for this filter chains.
91	TLSContext *auth.DownstreamTlsContext
92	// ListenerFilters are the filters needed for the whole listener, not particular to this
93	// filter chain.
94	ListenerFilters []*listener.ListenerFilter
95	// ListenerProtocol indicates whether this filter chain is for HTTP or TCP
96	// Note that HTTP filter chains can also have network filters
97	ListenerProtocol ListenerProtocol
98	// HTTP is the set of HTTP filters for this filter chain
99	HTTP []*http_conn.HttpFilter
100	// Thrift is the set of Thrift filters for this filter chain
101	Thrift []*thrift_proxy.ThriftFilter
102	// TCP is the set of network (TCP) filters for this filter chain.
103	TCP []*listener.Filter
104	// IsFallthrough indicates if the filter chain is fallthrough.
105	IsFallThrough bool
106}
107
108// MutableObjects is a set of objects passed to On*Listener callbacks. Fields may be nil or empty.
109// Any lists should not be overridden, but rather only appended to.
110// Non-list fields may be mutated; however it's not recommended to do this since it can affect other plugins in the
111// chain in unpredictable ways.
112type MutableObjects struct {
113	// Listener is the listener being built. Must be initialized before Plugin methods are called.
114	Listener *xdsapi.Listener
115
116	// FilterChains is the set of filter chains that will be attached to Listener.
117	FilterChains []FilterChain
118}
119