Use original_dst filter instead of use_original_dst field (#17433)

pull/17448/head
Paul Glass 2 years ago committed by GitHub
parent 0420b9769e
commit 07ff9d3d64
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -1446,7 +1446,8 @@ func (s *ResourceGenerator) makeInboundListener(cfgSnap *proxycfg.ConfigSnapshot
// that matches on the `destination_port == <service port>`. Traffic sent // that matches on the `destination_port == <service port>`. Traffic sent
// directly to the service port is passed through to the application // directly to the service port is passed through to the application
// unmodified. // unmodified.
if cfgSnap.Proxy.MutualTLSMode == structs.MutualTLSModePermissive { if cfgSnap.Proxy.Mode == structs.ProxyModeTransparent &&
cfgSnap.Proxy.MutualTLSMode == structs.MutualTLSModePermissive {
chain, err := makePermissiveFilterChain(cfgSnap, filterOpts) chain, err := makePermissiveFilterChain(cfgSnap, filterOpts)
if err != nil { if err != nil {
return nil, fmt.Errorf("unable to add permissive mtls filter chain: %w", err) return nil, fmt.Errorf("unable to add permissive mtls filter chain: %w", err)
@ -1459,7 +1460,11 @@ func (s *ResourceGenerator) makeInboundListener(cfgSnap *proxycfg.ConfigSnapshot
// With tproxy, the REDIRECT iptables target rewrites the destination ip/port // With tproxy, the REDIRECT iptables target rewrites the destination ip/port
// to the proxy ip/port (e.g. 127.0.0.1:20000) for incoming packets. // to the proxy ip/port (e.g. 127.0.0.1:20000) for incoming packets.
// We need the original_dst filter to recover the original destination address. // We need the original_dst filter to recover the original destination address.
l.UseOriginalDst = &wrapperspb.BoolValue{Value: true} originalDstFilter, err := makeEnvoyListenerFilter("envoy.filters.listener.original_dst", &envoy_original_dst_v3.OriginalDst{})
if err != nil {
return nil, err
}
l.ListenerFilters = append(l.ListenerFilters, originalDstFilter)
} }
} }
return l, err return l, err

@ -153,7 +153,14 @@
] ]
} }
], ],
"useOriginalDst": true, "listenerFilters": [
{
"name": "envoy.filters.listener.original_dst",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst"
}
}
],
"trafficDirection": "INBOUND" "trafficDirection": "INBOUND"
} }
], ],

Loading…
Cancel
Save