From 64e24121d94ef270657159e1c4c94495ff748e0e Mon Sep 17 00:00:00 2001 From: Romain Lenglet Date: Fri, 30 Mar 2018 17:35:11 +0000 Subject: [PATCH 1/2] docs: release note and unhide transparent LDS field Signed-off-by: Romain Lenglet --- docs/root/intro/version_history.rst | 2 ++ envoy/api/v2/lds.proto | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/root/intro/version_history.rst b/docs/root/intro/version_history.rst index 8f29f5b9e..67527d366 100644 --- a/docs/root/intro/version_history.rst +++ b/docs/root/intro/version_history.rst @@ -17,6 +17,8 @@ Version history * logger: all :ref:`logging levels ` can be configured at run-time: trace debug info warning error critical. * logger: added the ability to optionally set the log format via the :option:`--log-format` option. +* sockets: added `IP_TRANSPARENT` socket option support for :ref:`listeners + `. * sockets: added `IP_FREEBIND` socket option support for :ref:`listeners ` and upstream connections via :ref:`cluster manager wide diff --git a/envoy/api/v2/lds.proto b/envoy/api/v2/lds.proto index da6e0731b..f1fc26d9f 100644 --- a/envoy/api/v2/lds.proto +++ b/envoy/api/v2/lds.proto @@ -127,7 +127,6 @@ message Listener { // before a connection is created. repeated listener.ListenerFilter listener_filters = 9 [(gogoproto.nullable) = false]; - // [#not-implemented-hide:] // Whether the listener should be set as a transparent socket. // When this flag is set to true, connections can be redirected to the listener using an // *iptables* *TPROXY* target, in which case the original source and destination addresses and From 2f20980cd9a7277a8f7053dcbbdc8c2fd7eee831 Mon Sep 17 00:00:00 2001 From: Romain Lenglet Date: Fri, 30 Mar 2018 17:46:04 +0000 Subject: [PATCH 2/2] docs: update original_dst_filter doc re: transparent listeners Signed-off-by: Romain Lenglet --- .../listener_filters/original_dst_filter.rst | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/docs/root/configuration/listener_filters/original_dst_filter.rst b/docs/root/configuration/listener_filters/original_dst_filter.rst index 50aa7c1cc..0ff7e2f66 100644 --- a/docs/root/configuration/listener_filters/original_dst_filter.rst +++ b/docs/root/configuration/listener_filters/original_dst_filter.rst @@ -4,10 +4,11 @@ Original Destination ==================== Original destination listener filter reads the SO_ORIGINAL_DST socket option set when a connection -has been redirected by iptables REDIRECT. Later processing in Envoy sees the restored destination -address as the connection's local address, rather than the address at which the listener is -listening at. Furthermore, :ref:`an original destination cluster -` may be used to forward HTTP requests -or TCP connections to the restored destination address. +has been redirected by an iptables REDIRECT target, or by an iptables TPROXY target in combination +with setting the listener's :ref:`transparent ` option. +Later processing in Envoy sees the restored destination address as the connection's local address, +rather than the address at which the listener is listening at. Furthermore, :ref:`an original +destination cluster ` may be used to +forward HTTP requests or TCP connections to the restored destination address. * :ref:`v2 API reference `