tcp_proxy: extend tunneling_config with auto_sni #20230
Conversation
|
CC @envoyproxy/api-shepherds: Your approval is needed for changes made to |
api/envoy/extensions/filters/network/tcp_proxy/v3/tcp_proxy.proto
Outdated
Show resolved
Hide resolved
| option (validate.required) = true; | ||
|
|
||
| // Static hostname used in request-target of CONNECT request | ||
| string hostname = 1; |
There was a problem hiding this comment.
Unfortunately we can't upgrade an existing field to oneof per https://github.com/envoyproxy/envoy/blob/main/api/API_VERSIONING.md
There was a problem hiding this comment.
Ok, I understand. So the only way is to deprecate existing field hostname and add another one, let's say static_hostname, and wrap it together with auto_sni in oneof? Take a look at this comment.
Then the schema would be:
message TunnelingConfig {
string hostname = 1 [deprecated = true];
oneof hostname_config {
string static_hostname = 4;
AutoSni auto_sni = 5;
}
}
There was a problem hiding this comment.
We could also go with the relaxed validation and mutual exclusion in the second part of #19612 (comment). Either of these is valid.
There was a problem hiding this comment.
sni is indeed a reasonable source of host name header.
Can we relax the hostname value to %EXPR%?
I have the use case that populating the value from %FILTER_STATE(KEY:F):Z% and %DYNAMIC_METADATA(NAMESPACE:KEY*):Z%
It could be done in another PR but I'd like to point out SNI is not only source of required value.
There was a problem hiding this comment.
At the beginning I suggested a similar idea, but we decided to add another config option to the API. For more context please read the discussion in the issue.
There was a problem hiding this comment.
This api schema enables the original proposal and I like to invest after auto_sni.
Could you update the PR to move "hostname =1" out of one_of per Harvey's comment?
I can reference the new schema in the issue
There was a problem hiding this comment.
Could you update the PR to move "hostname =1" out of one_of
Done
| message AutoSni { | ||
| // Optional port used to create the request-target for all CONNECT request, i.e. CONNECT <hostname_from_sni>:<default_port> | ||
| // If default_port is not specified, 443 is used. | ||
| uint32 port = 1; |
There was a problem hiding this comment.
uint32 is not an optional type. Do you want to use Uint32 or clarify the default_port means value 0?
There was a problem hiding this comment.
Yes, you're right. I used uint32 intentionally and by "optional" I meant that 0 value will be handled as 443. I will fix this description.
| option (validate.required) = true; | ||
|
|
||
| // Static hostname used in request-target of CONNECT request | ||
| string hostname = 1; |
There was a problem hiding this comment.
This api schema enables the original proposal and I like to invest after auto_sni.
Could you update the PR to move "hostname =1" out of one_of per Harvey's comment?
I can reference the new schema in the issue
|
This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in 7 days if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions! |
github-actions
bot
added
the
stale
jewertow
force-pushed
the
tcp-proxy-tunneling-config-auto-sni
branch
from
ea377fb to
a4d4f7c
Compare
Signed-off-by: Jacek Ewertowski <jacek.ewertowski1@gmail.com>
Signed-off-by: Jacek Ewertowski <jacek.ewertowski1@gmail.com>
Signed-off-by: Jacek Ewertowski <jacek.ewertowski1@gmail.com>
Signed-off-by: Jacek Ewertowski <jacek.ewertowski1@gmail.com>
|
Don't close this PR, I work on it. |
github-actions
bot
removed
the
stale
|
I am not convinced about this API though, since we can't wrap |
|
The alternative looks quite reasonable to me. |
|
This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in 7 days if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions! |
github-actions
bot
added
the
stale
|
This pull request has been automatically closed because it has not had activity in the last 37 days. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions! |
Signed-off-by: Jacek Ewertowski jacek.ewertowski1@gmail.com
This pull request is not yet ready for code review.
Commit Message: Extend
tcp_proxy.tunneling_configwithauto_sniAdditional Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
Platform Specific Features:
[Optional Fixes #19612]