Envoy's L4 Golang extension

[antJack]

Recently, my team implemented the L7 golang extension. Similarly, we have implemented an L4 golang extension using the same cgo technique as L7. And the L4 extension has already been widely utilized within our company for almost a year, enabling our internal customized protocol to benefit from the high-performance network infrastructure of Envoy and the superior development efficiency of Golang. Additionally, the L4 golang extension can also provide a better implementation path for envoy's future support of Dapr, etc. Given the above, we are consider to open source our L4 golang extension very soon.

[taoyuanyuan]

Cool stuff !~

[rakesh-eltropy]

I tired to use this extension.

func (f *filter) DecodeHeaders(header api.RequestHeaderMap, endStream bool) api.StatusType {

	f.path, _ = header.Get(":path")
	fmt.Println(f.path)

	method, _ := header.Get(":method")
	fmt.Println(method)

	useragent, _ := header.Get(":useragent")
	fmt.Println(useragent)

	host, _ := header.Get(":host")
	fmt.Println(host)
	

	if f.path == "/localreply_by_config" {
		return f.sendLocalReplyInternal()
	}
	return api.Continue
}

I am able to get path and method but other headers are blank. Also, I see header.Range is still not implemented so not sure what all keys are available. Can you please guide me how to get host, useragent, cookies etc headers.

[doujiang24]

@rakesh-eltropy This issue is for L4 filter, while your question is L7 filter related, better create a new issue for it.

For your questions:

1. for the keys of the header, you could follow this, i.e. header.Get("user-agent").
   https://github.com/envoyproxy/envoy/blob/main/source/common/http/headers.h#L212
2. we plan to introduce some new methods in the HeaderMap interface, i.e. Host, Path, Method and etc. so that people could use it easier.

Yep, Range and doc are on the way, thanks for your try and reminder.

[github-actions]

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.

[antJack]

#26173

[github-actions]

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.

[huanghuangzym]

#26173

when will support l4 extenstion?

[github-actions]

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.

[gitanuj]

I see this has landed in main recently. Is there any plan to support reading/writing filter state and dynamic metadata from it? This looks perfect for a custom routing filter at L4 that I'm planning to work on.

[antJack]

I see this has landed in main recently. Is there any plan to support reading/writing filter state and dynamic metadata from it? This looks perfect for a custom routing filter at L4 that I'm planning to work on.

@gitanuj can you please provide more details about your requirements? so that we could evaluate its feasibility. Of course, you are also welcome to submit a PR yourself.

[gitanuj]

@antJack I actually created an issue about it #28128

To elaborate - I'm using Istio Ingress Gateway and I want to route TCP connections to different kubernetes services based on PPv2 TLV Headers (specifically the VPC Endpoint ID which is used for Private Links). I haven't found any existing solution for it so here's what I'm planning:

1. Use ProxyProtocol listener filter (which parses and emits TLV headers as dynamic metadata, there's also an option to passthrough TLV headers as filter state)
2. Write a custom network filter (using this L4 Golang extension) and use the TLV header value from either dynamic metadata or filter state and set envoy.tcp_proxy.cluster on filter state object
3. Use TCP Proxy network filter to route to an upstream cluster (Istio creates outbound clusters for every kubernetes service automatically). This filter uses envoy.tcp_proxy.cluster filter state to route to a specific cluster

Does this make sense? I would be happy to work on the change too.

[antJack]

@gitanuj sound good.

The golang l7 extension currently has the capability to get or set dynamic metadata and filter state, and the l4 extension will soon have these features as well.

Another important thing is that we have to support the continueReading() method so that the golang l4 filter could work with other network filters like tcp proxy.

As I left in the //TODO, currently the golang l4 filter will consume and drain all data from the connection buffer. While this is helpful for golang filters that require processing of all data in go, it may have an impact on other cases like yours.

But don't worry, this is also an issue that we need to solve with high priority

[honeybadger10]

I'm looking into building a custom filter to authorize at L4 and use the TCP Proxy network filter to route to an upstream cluster
@antJack are there still plans to add continueReading() to allow chaining the L4 Go Extension with the tcp_proxy filter and also preventing the filter from draining the connection buffer, so the information is still available for the next filter?

[doujiang24]

@honeybadger10 yep, it's on the TODO list, but not scheduled for the short term.