Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Transparent udp proxy #12513

Closed
chadr123 opened this issue Aug 6, 2020 · 3 comments · Fixed by #12586
Closed

Transparent udp proxy #12513

chadr123 opened this issue Aug 6, 2020 · 3 comments · Fixed by #12586
Labels
area/udp design proposal Needs design doc/proposal before implementation enhancement Feature requests. Not bugs or questions.

Comments

@chadr123
Copy link
Contributor

chadr123 commented Aug 6, 2020
edited
Loading

I'm working on the transparent udp proxy for envoy.
By my understanding, the udp filter system supports only one filter.

void ListenerImpl::createListenerFilterFactories(Network::Socket::Type socket_type) {
if (!config_.listener_filters().empty()) {
switch (socket_type) {
case Network::Socket::Type::Datagram:
if (config_.listener_filters().size() > 1) {
// Currently supports only 1 UDP listener filter.
throw EnvoyException(fmt::format(
"error adding listener '{}': Only 1 UDP listener filter per listener supported",
address_->asString()));
}

And udp filter system cannot utilize the existing original_src filter because it is not compatible with udp filter system.
So, I thought that there is no way to extend the existing original_src filter or add a new filter for that.
So, if I add a new option to udp_proxy filter for transparent udp proxy, it is feasible.

Actually I add a new option to udp_proxy and it works fine now but it is better to discuss with you to contribute this feature.
What do you think about this?
You can see the my WIP patch at chadr123@aed05ad
@dio dio added design proposal Needs design doc/proposal before implementation enhancement Feature requests. Not bugs or questions. labels Aug 6, 2020
@chadr123
Copy link
Contributor Author

Could you review my idea?

@mattklein123
Copy link
Member

@chadr123 at a high level this LGTM, though you will need to use the socket open abstractions in the final PR (see https://github.com/envoyproxy/envoy/blob/master/source/common/network/socket_option_impl.h). Thank you!

@chadr123
Copy link
Contributor Author

@chadr123 at a high level this LGTM, though you will need to use the socket open abstractions in the final PR (see https://github.com/envoyproxy/envoy/blob/master/source/common/network/socket_option_impl.h). Thank you!

Thank you for your review.
I will revise my patch and will send a PR. :)

@chadr123 chadr123 mentioned this issue Aug 11, 2020
Merged
chadr123 pushed a commit to chadr123/envoy that referenced this issue Aug 14, 2020
[WIP] Add use_original_src_ip feature on udp proxy
2e6e73c 
There is a similar feature for no snat but it only works for tcp case.
The envoy supports filter structure so that we can add or remove the filter dynamically.
But the udp load banalcer has a limitation that can have only one filter.

So, we cannot add more filters on udp load banalcer.
So, the new option is introduced that name is use_original_src_ip on udp_proxy filter.
If it is set as true, all packets that start from envoy can have original source ip address that
same as sender's ip address.

Fixes envoyproxy#12513, envoyproxy#12277

Signed-off-by: DongRyeol Cha <dr83.cha@samsung.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/udp design proposal Needs design doc/proposal before implementation enhancement Feature requests. Not bugs or questions.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

udp: Add use_original_src_ip feature on udp proxy chadr123/envoy
3 participants
@dio @mattklein123 @chadr123