proxy_protocolv3

package
v1.36.11-2026011520535... Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: unknown License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ProxyProtocol_TlvLocation_name = map[int32]string{
		0: "DYNAMIC_METADATA",
		1: "FILTER_STATE",
	}
	ProxyProtocol_TlvLocation_value = map[string]int32{
		"DYNAMIC_METADATA": 0,
		"FILTER_STATE":     1,
	}
)

Enum value maps for ProxyProtocol_TlvLocation.

View Source 
var File_envoy_extensions_filters_listener_proxy_protocol_v3_proxy_protocol_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type ProxyProtocol 

type ProxyProtocol struct {

	// The list of rules to apply to requests.
	Rules []*ProxyProtocol_Rule `protobuf:"bytes,1,rep,name=rules,proto3" json:"rules,omitempty"`
	// Allow requests through that don't use proxy protocol. Defaults to false.
	//
	// .. attention::
	//
	//	This breaks conformance with the specification.
	//	Only enable if ALL traffic to the listener comes from a trusted source.
	//	For more information on the security implications of this feature, see
	//	https://www.haproxy.org/download/2.1/doc/proxy-protocol.txt
	//
	// .. attention::
	//
	//	Requests of 12 or fewer bytes that match the proxy protocol v2 signature
	//	and requests of 6 or fewer bytes that match the proxy protocol v1
	//	signature will timeout (Envoy is unable to differentiate these requests
	//	from incomplete proxy protocol requests).
	AllowRequestsWithoutProxyProtocol bool `` /* 167-byte string literal not displayed */
	// This config controls which TLVs can be passed to filter state if it is Proxy Protocol
	// V2 header. If there is no setting for this field, no TLVs will be passed through.
	//
	// .. note::
	//
	//	If this is configured, you likely also want to set
	//	:ref:`core.v3.ProxyProtocolConfig.pass_through_tlvs <envoy_v3_api_field_config.core.v3.ProxyProtocolConfig.pass_through_tlvs>`,
	//	which controls pass-through for the upstream.
	PassThroughTlvs *v3.ProxyProtocolPassThroughTLVs `protobuf:"bytes,3,opt,name=pass_through_tlvs,json=passThroughTlvs,proto3" json:"pass_through_tlvs,omitempty"`
	// The PROXY protocol versions that won't be matched. Useful to limit the scope and attack surface of the filter.
	//
	// When the filter receives PROXY protocol data that is disallowed, it will reject the connection.
	// By default, the filter will match all PROXY protocol versions.
	// See https://www.haproxy.org/download/2.1/doc/proxy-protocol.txt for details.
	//
	// .. attention::
	//
	//	When used in conjunction with the :ref:`allow_requests_without_proxy_protocol <envoy_v3_api_field_extensions.filters.listener.proxy_protocol.v3.ProxyProtocol.allow_requests_without_proxy_protocol>`,
	//	the filter will not attempt to match signatures for the disallowed versions.
	//	For example, when “disallowed_versions=V2“, “allow_requests_without_proxy_protocol=true“,
	//	and an incoming request matches the V2 signature, the filter will allow the request through without any modification.
	//	The filter treats this request as if it did not have any PROXY protocol information.
	DisallowedVersions []v3.ProxyProtocolConfig_Version `` /* 177-byte string literal not displayed */
	// The human readable prefix to use when emitting statistics for the filter.
	// If not configured, statistics will be emitted without the prefix segment.
	// See the :ref:`filter's statistics documentation <config_listener_filters_proxy_protocol>` for
	// more information.
	StatPrefix string `protobuf:"bytes,5,opt,name=stat_prefix,json=statPrefix,proto3" json:"stat_prefix,omitempty"`
	// Controls where TLV values are stored when rules match. Defaults to DYNAMIC_METADATA.
	TlvLocation ProxyProtocol_TlvLocation `` /* 178-byte string literal not displayed */
	// contains filtered or unexported fields
}

[#next-free-field: 7]

func (*ProxyProtocol) ClearPassThroughTlvs 

func (x *ProxyProtocol) ClearPassThroughTlvs()

func (*ProxyProtocol) GetAllowRequestsWithoutProxyProtocol 

func (x *ProxyProtocol) GetAllowRequestsWithoutProxyProtocol() bool

func (*ProxyProtocol) GetDisallowedVersions 

func (x *ProxyProtocol) GetDisallowedVersions() []v3.ProxyProtocolConfig_Version

func (*ProxyProtocol) GetPassThroughTlvs 

func (x *ProxyProtocol) GetPassThroughTlvs() *v3.ProxyProtocolPassThroughTLVs

func (*ProxyProtocol) GetRules 

func (x *ProxyProtocol) GetRules() []*ProxyProtocol_Rule

func (*ProxyProtocol) GetStatPrefix 

func (x *ProxyProtocol) GetStatPrefix() string

func (*ProxyProtocol) GetTlvLocation 

func (x *ProxyProtocol) GetTlvLocation() ProxyProtocol_TlvLocation

func (*ProxyProtocol) HasPassThroughTlvs 

func (x *ProxyProtocol) HasPassThroughTlvs() bool

func (*ProxyProtocol) ProtoMessage 

func (*ProxyProtocol) ProtoMessage()

func (*ProxyProtocol) ProtoReflect 

func (x *ProxyProtocol) ProtoReflect() protoreflect.Message

func (*ProxyProtocol) Reset 

func (x *ProxyProtocol) Reset()

func (*ProxyProtocol) SetAllowRequestsWithoutProxyProtocol 

func (x *ProxyProtocol) SetAllowRequestsWithoutProxyProtocol(v bool)

func (*ProxyProtocol) SetDisallowedVersions 

func (x *ProxyProtocol) SetDisallowedVersions(v []v3.ProxyProtocolConfig_Version)

func (*ProxyProtocol) SetPassThroughTlvs 

func (x *ProxyProtocol) SetPassThroughTlvs(v *v3.ProxyProtocolPassThroughTLVs)

func (*ProxyProtocol) SetRules 

func (x *ProxyProtocol) SetRules(v []*ProxyProtocol_Rule)

func (*ProxyProtocol) SetStatPrefix 

func (x *ProxyProtocol) SetStatPrefix(v string)

func (*ProxyProtocol) SetTlvLocation 

func (x *ProxyProtocol) SetTlvLocation(v ProxyProtocol_TlvLocation)

func (*ProxyProtocol) String 

func (x *ProxyProtocol) String() string

type ProxyProtocol_KeyValuePair 

type ProxyProtocol_KeyValuePair struct {

	// The namespace — if this is empty, the filter's namespace will be used.
	MetadataNamespace string `protobuf:"bytes,1,opt,name=metadata_namespace,json=metadataNamespace,proto3" json:"metadata_namespace,omitempty"`
	// The key to use within the namespace.
	Key string `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"`
	// contains filtered or unexported fields
}

func (*ProxyProtocol_KeyValuePair) GetKey 

func (x *ProxyProtocol_KeyValuePair) GetKey() string

func (*ProxyProtocol_KeyValuePair) GetMetadataNamespace 

func (x *ProxyProtocol_KeyValuePair) GetMetadataNamespace() string

func (*ProxyProtocol_KeyValuePair) ProtoMessage 

func (*ProxyProtocol_KeyValuePair) ProtoMessage()

func (*ProxyProtocol_KeyValuePair) ProtoReflect 

func (x *ProxyProtocol_KeyValuePair) ProtoReflect() protoreflect.Message

func (*ProxyProtocol_KeyValuePair) Reset 

func (x *ProxyProtocol_KeyValuePair) Reset()

func (*ProxyProtocol_KeyValuePair) SetKey 

func (x *ProxyProtocol_KeyValuePair) SetKey(v string)

func (*ProxyProtocol_KeyValuePair) SetMetadataNamespace 

func (x *ProxyProtocol_KeyValuePair) SetMetadataNamespace(v string)

func (*ProxyProtocol_KeyValuePair) String 

func (x *ProxyProtocol_KeyValuePair) String() string

type ProxyProtocol_KeyValuePair_builder 

type ProxyProtocol_KeyValuePair_builder struct {

	// The namespace — if this is empty, the filter's namespace will be used.
	MetadataNamespace string
	// The key to use within the namespace.
	Key string
	// contains filtered or unexported fields
}

func (ProxyProtocol_KeyValuePair_builder) Build 

func (b0 ProxyProtocol_KeyValuePair_builder) Build() *ProxyProtocol_KeyValuePair

type ProxyProtocol_Rule 

type ProxyProtocol_Rule struct {

	// The type that triggers the rule - required
	// TLV type is defined as uint8_t in proxy protocol. See `the spec
	// <https://www.haproxy.org/download/2.1/doc/proxy-protocol.txt>`_ for details.
	TlvType uint32 `protobuf:"varint,1,opt,name=tlv_type,json=tlvType,proto3" json:"tlv_type,omitempty"`
	// If the TLV type is present, apply this metadata KeyValuePair.
	OnTlvPresent *ProxyProtocol_KeyValuePair `protobuf:"bytes,2,opt,name=on_tlv_present,json=onTlvPresent,proto3" json:"on_tlv_present,omitempty"`
	// contains filtered or unexported fields
}

A Rule defines what metadata to apply when a header is present or missing.

func (*ProxyProtocol_Rule) ClearOnTlvPresent 

func (x *ProxyProtocol_Rule) ClearOnTlvPresent()

func (*ProxyProtocol_Rule) GetOnTlvPresent 

func (x *ProxyProtocol_Rule) GetOnTlvPresent() *ProxyProtocol_KeyValuePair

func (*ProxyProtocol_Rule) GetTlvType 

func (x *ProxyProtocol_Rule) GetTlvType() uint32

func (*ProxyProtocol_Rule) HasOnTlvPresent 

func (x *ProxyProtocol_Rule) HasOnTlvPresent() bool

func (*ProxyProtocol_Rule) ProtoMessage 

func (*ProxyProtocol_Rule) ProtoMessage()

func (*ProxyProtocol_Rule) ProtoReflect 

func (x *ProxyProtocol_Rule) ProtoReflect() protoreflect.Message

func (*ProxyProtocol_Rule) Reset 

func (x *ProxyProtocol_Rule) Reset()

func (*ProxyProtocol_Rule) SetOnTlvPresent 

func (x *ProxyProtocol_Rule) SetOnTlvPresent(v *ProxyProtocol_KeyValuePair)

func (*ProxyProtocol_Rule) SetTlvType 

func (x *ProxyProtocol_Rule) SetTlvType(v uint32)

func (*ProxyProtocol_Rule) String 

func (x *ProxyProtocol_Rule) String() string

type ProxyProtocol_Rule_builder 

type ProxyProtocol_Rule_builder struct {

	// The type that triggers the rule - required
	// TLV type is defined as uint8_t in proxy protocol. See `the spec
	// <https://www.haproxy.org/download/2.1/doc/proxy-protocol.txt>`_ for details.
	TlvType uint32
	// If the TLV type is present, apply this metadata KeyValuePair.
	OnTlvPresent *ProxyProtocol_KeyValuePair
	// contains filtered or unexported fields
}

func (ProxyProtocol_Rule_builder) Build 

func (b0 ProxyProtocol_Rule_builder) Build() *ProxyProtocol_Rule

type ProxyProtocol_TlvLocation 

type ProxyProtocol_TlvLocation int32

Controls where TLV values are stored when rules match. 

const (
	// Store TLV values in dynamic metadata.
	ProxyProtocol_DYNAMIC_METADATA ProxyProtocol_TlvLocation = 0
	// Store TLV values in filter state as a single map-like object.
	ProxyProtocol_FILTER_STATE ProxyProtocol_TlvLocation = 1
)

func (ProxyProtocol_TlvLocation) Descriptor 

func (ProxyProtocol_TlvLocation) Descriptor() protoreflect.EnumDescriptor

func (ProxyProtocol_TlvLocation) Enum 

func (x ProxyProtocol_TlvLocation) Enum() *ProxyProtocol_TlvLocation

func (ProxyProtocol_TlvLocation) Number 

func (x ProxyProtocol_TlvLocation) Number() protoreflect.EnumNumber

func (ProxyProtocol_TlvLocation) String 

func (x ProxyProtocol_TlvLocation) String() string

func (ProxyProtocol_TlvLocation) Type 

func (ProxyProtocol_TlvLocation) Type() protoreflect.EnumType

type ProxyProtocol_builder 

type ProxyProtocol_builder struct {

	// The list of rules to apply to requests.
	Rules []*ProxyProtocol_Rule
	// Allow requests through that don't use proxy protocol. Defaults to false.
	//
	// .. attention::
	//
	//	This breaks conformance with the specification.
	//	Only enable if ALL traffic to the listener comes from a trusted source.
	//	For more information on the security implications of this feature, see
	//	https://www.haproxy.org/download/2.1/doc/proxy-protocol.txt
	//
	// .. attention::
	//
	//	Requests of 12 or fewer bytes that match the proxy protocol v2 signature
	//	and requests of 6 or fewer bytes that match the proxy protocol v1
	//	signature will timeout (Envoy is unable to differentiate these requests
	//	from incomplete proxy protocol requests).
	AllowRequestsWithoutProxyProtocol bool
	// This config controls which TLVs can be passed to filter state if it is Proxy Protocol
	// V2 header. If there is no setting for this field, no TLVs will be passed through.
	//
	// .. note::
	//
	//	If this is configured, you likely also want to set
	//	:ref:`core.v3.ProxyProtocolConfig.pass_through_tlvs <envoy_v3_api_field_config.core.v3.ProxyProtocolConfig.pass_through_tlvs>`,
	//	which controls pass-through for the upstream.
	PassThroughTlvs *v3.ProxyProtocolPassThroughTLVs
	// The PROXY protocol versions that won't be matched. Useful to limit the scope and attack surface of the filter.
	//
	// When the filter receives PROXY protocol data that is disallowed, it will reject the connection.
	// By default, the filter will match all PROXY protocol versions.
	// See https://www.haproxy.org/download/2.1/doc/proxy-protocol.txt for details.
	//
	// .. attention::
	//
	//	When used in conjunction with the :ref:`allow_requests_without_proxy_protocol <envoy_v3_api_field_extensions.filters.listener.proxy_protocol.v3.ProxyProtocol.allow_requests_without_proxy_protocol>`,
	//	the filter will not attempt to match signatures for the disallowed versions.
	//	For example, when “disallowed_versions=V2“, “allow_requests_without_proxy_protocol=true“,
	//	and an incoming request matches the V2 signature, the filter will allow the request through without any modification.
	//	The filter treats this request as if it did not have any PROXY protocol information.
	DisallowedVersions []v3.ProxyProtocolConfig_Version
	// The human readable prefix to use when emitting statistics for the filter.
	// If not configured, statistics will be emitted without the prefix segment.
	// See the :ref:`filter's statistics documentation <config_listener_filters_proxy_protocol>` for
	// more information.
	StatPrefix string
	// Controls where TLV values are stored when rules match. Defaults to DYNAMIC_METADATA.
	TlvLocation ProxyProtocol_TlvLocation
	// contains filtered or unexported fields
}

func (ProxyProtocol_builder) Build 

func (b0 ProxyProtocol_builder) Build() *ProxyProtocol

Source Files

  • proxy_protocol.pb.go

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.