transport socket: Add proxy proto transport socket.

[wez470]

Signed-off-by: Weston Carlson wez470@gmail.com

Commit Message: Add proxy proto transport socket

Additional Description: This is the part 1 PR described in #10682. It adds the transports socket / unit tests, a transport socket options struct for the proxy proto header, and does a refactor to make the listener filter use the common proxy proto constants (potentially want to move these now since the proxy proto config api type is not in extensions?)

Risk Level: Small
Testing: Unit
Docs Changes: None
Release Notes: None
Part Of: #1031

[wez470]

Posting question I had in slack here. https://envoyproxy.slack.com/archives/C78HA81DH/p1592235285286200. Essentially wondering if there's a way for me to get docs passing with the current state or if I need to add the API / config factories, etc all in this PR.

[ggreenway]

Should this be named upstream_proxy_protocol or similar, so it is clear that it is only for use in an upstream context?

[wez470]

Yes, very good suggestion

[ggreenway]

Can this be done in the constructor or onConnected() or somewhere earlier?

[wez470]

I've moved to onConnected for now. Do you know if that method gets called after setTransportSocketCallbacks?

[wez470]

actually, could probably just move the generation to setTransportSocketCallbacks

[ggreenway]

Rename ProxyProtocolOptions? When I think of header, I think of something in wire-format.

[ggreenway]

Is this function needed? Couldn't the proxy protocol data be part of the FilterState?

[wez470]

I'll double check this 👍

[wez470]

Yeah, definitely can just add the proxy proto data to the FilterState.

[wez470]

@cpakulski looked into the docs stuff a bit for me (thanks!). Essentially it seems like having an API is assumed. i.e. needing a proto with // [#extension: envoy.transport_sockets.upstream_proxy_protocol]. The generated security posture docs link to it.

Seems like I'm going to have to add the API, docs, TCP Proxy changes, e2e tests, etc all to this branch and just have one big PR. Not sure what the best course of action is. Maybe close this for now while I add all that stuff? It's definitely going to take me more than a few days to add it all.

[alyssawilk]

Very cool to see this going out (and thank you for the manageable chunks! =P)
First pass thoughts below!

[alyssawilk]

optional rename, maybe ProxyProtocolData ?

[alyssawilk]

totally optional, but what do you think of a base class that's a pure wrapper, and subclassing that to make it clear what's being overridden and what's passthrough.

[wez470]

Yeah, seems like a good idea. Could potentially be used for the tap socket as well. I'll look into it.

[repokitteh-read-only]

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to api/envoy/.
CC @envoyproxy/api-watchers: FYI only for changes made to api/envoy/.

🐱

Caused by: #11584 was synchronize by wez470.

see: more, trace.

[wez470]

hmm, now ssl integration tests are failing 😕

[alyssawilk]

@lizan I'm pretty good with this PR modulo CI failures. Would you take second pass as Greg is out?

[wez470]

FYI, CI is happy and this should be good to look at again

[lizan]

Can we add integration tests?

[lizan]

This has a high chance to be dangling reference when it is passed around. I'm not sure why our tests didn't catch, do we have integration test for the whole setup?

[wez470]

No full setup integration tests at this point. The API (marked as unimplemented) / config factory / TCP Proxy / Doc / etc changes aren't in this PR to try and reduce scope. Those changes + more unit / integration tests would come in a follow up PR. Do you want to change this data type now or in the future PR? This won't be used at all right now.

[wez470]

I could also add a TODO to check / fix this for now?

[lizan]

At least make this non-reference?

[wez470]

Yes I can do that 👍

[lizan]

@ggreenway ?

I think issues are resolved

[wez470]

🎉. Thanks for the feedback, everyone!