envoyproxy · mattklein123 · Jan 23, 2018 · Aug 26, 2017 · Aug 25, 2017 · Jan 11, 2018
diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl
@@ -71,8 +71,8 @@ REPOSITORY_LOCATIONS = dict(
         urls = ["https://github.com/google/protobuf/archive/v3.5.0.tar.gz"],
     ),
     envoy_api = dict(
-        commit = "90698c63882c4ed02414afd6b5dd080a0437b397",
-        remote = "https://github.com/envoyproxy/data-plane-api",
+        commit = "071ddd950fb391f5778799396b449254d228f764",
+        remote = "https://github.com/jrajahalme/envoy-api",
     ),
     grpc_httpjson_transcoding = dict(
         commit = "e4f58aa07b9002befa493a0a82e10f2e98b51fc6",

diff --git a/configs/original-dst-cluster/proxy_config.json b/configs/original-dst-cluster/proxy_config.json
@@ -1,7 +1,10 @@
 {
     "listeners": [{
         "address": "tcp://0.0.0.0:10000",
-        "use_original_dst": true,
+        "listener_filters": [{
+            "name": "original_dst",
+            "config": {}
+	}],
         "filters": [{
             "name": "http_connection_manager",
             "config": {

diff --git a/include/envoy/event/dispatcher.h b/include/envoy/event/dispatcher.h
@@ -38,6 +38,16 @@ class Dispatcher {
    */
   virtual void clearDeferredDeleteList() PURE;
 
+  /**
+   * Create a server connection.
+   * @param accept_socket supplies a socket with an open file descriptor and connection metadata
+   *        to use for the connection. Takes ownership of the accept_socket.
+   * @param ssl_ctx supplies the SSL context to use, if not nullptr.
+   * @return Network::ConnectionPtr a client connection that is owned by the caller.
+   */
+  virtual Network::ConnectionPtr createConnection(Network::AcceptSocketPtr&& accept_socket,
+                                                  Ssl::Context* ssl_ctx) PURE;
+
   /**
    * Create a client connection.
    * @param address supplies the address to connect to.
@@ -85,25 +95,9 @@ class Dispatcher {
    * @param listener_options listener configuration options.
    * @return Network::ListenerPtr a new listener that is owned by the caller.
    */
-  virtual Network::ListenerPtr
-  createListener(Network::ConnectionHandler& conn_handler, Network::ListenSocket& socket,
-                 Network::ListenerCallbacks& cb, Stats::Scope& scope,
-                 const Network::ListenerOptions& listener_options) PURE;
-
-  /**
-   * Create a listener on a specific port.
-   * @param conn_handler supplies the handler for connections received by the listener
-   * @param ssl_ctx supplies the SSL context to use.
-   * @param socket supplies the socket to listen on.
-   * @param cb supplies the callbacks to invoke for listener events.
-   * @param scope supplies the Stats::Scope to use.
-   * @param listener_options listener configuration options.
-   * @return Network::ListenerPtr a new listener that is owned by the caller.
-   */
-  virtual Network::ListenerPtr
-  createSslListener(Network::ConnectionHandler& conn_handler, Ssl::ServerContext& ssl_ctx,
-                    Network::ListenSocket& socket, Network::ListenerCallbacks& cb,
-                    Stats::Scope& scope, const Network::ListenerOptions& listener_options) PURE;
+  virtual Network::ListenerPtr createListener(Network::ListenSocket& socket,
+                                              Network::ListenerCallbacks& cb,
+                                              bool bind_to_port) PURE;
 
   /**
    * Allocate a timer. @see Event::Timer for docs on how to use the timer.

diff --git a/include/envoy/network/BUILD b/include/envoy/network/BUILD
@@ -73,6 +73,7 @@ envoy_cc_library(
 envoy_cc_library(
     name = "listener_interface",
     hdrs = ["listener.h"],
+    deps = ["//include/envoy/network:listen_socket_interface"],
 )
 
 envoy_cc_library(

diff --git a/include/envoy/network/connection_handler.h b/include/envoy/network/connection_handler.h
@@ -10,6 +10,11 @@
 #include "envoy/ssl/context.h"
 
 namespace Envoy {
+
+namespace Server {
+class Listener;
+}
+// XXX: Move to Server namespace?
 namespace Network {
 
 /**
@@ -26,28 +31,9 @@ class ConnectionHandler {
 
   /**
    * Adds listener to the handler.
-   * @param factory supplies the configuration factory for new connections.
-   * @param socket supplies the already bound socket to listen on.
-   * @param scope supplies the stats scope to use for listener specific stats.
-   * @param listener_tag supplies an opaque tag that can be used to stop or remove the listener.
-   * @param listener_options listener configuration options.
-   */
-  virtual void addListener(Network::FilterChainFactory& factory, Network::ListenSocket& socket,
-                           Stats::Scope& scope, uint64_t listener_tag,
-                           const Network::ListenerOptions& listener_options) PURE;
-
-  /**
-   * Adds listener to the handler.
-   * @param factory supplies the configuration factory for new connections.
-   * @param socket supplies the already bound socket to listen on.
-   * @param scope supplies the stats scope to use for listener specific stats.
-   * @param listener_tag supplies an opaque tag that can be used to stop or remove the listener.
-   * @param listener_options listener configuration options.
+   * @param config listener configuration options.
    */
-  virtual void addSslListener(Network::FilterChainFactory& factory, Ssl::ServerContext& ssl_ctx,
-                              Network::ListenSocket& socket, Stats::Scope& scope,
-                              uint64_t listener_tag,
-                              const Network::ListenerOptions& listener_options) PURE;
+  virtual void addListener(Server::Listener& config) PURE;
 
   /**
    * Find a listener based on the provided listener address value.

diff --git a/include/envoy/network/filter.h b/include/envoy/network/filter.h
@@ -9,6 +9,7 @@ namespace Envoy {
 namespace Network {
 
 class Connection;
+class AcceptSocket;
 
 /**
  * Status codes returned by filters that can cause future filters to not get iterated to.
@@ -147,6 +148,67 @@ class FilterManager {
   virtual bool initializeReadFilters() PURE;
 };
 
+/**
+ * Callbacks used by individual listener filter instances to communicate with the listener filter
+ * manager.
+ */
+class ListenerFilterCallbacks {
+public:
+  virtual ~ListenerFilterCallbacks() {}
+
+  /**
+   * @return the AcceptSocket that owns this manager and the managed filters.
+   */
+  virtual AcceptSocket& socket() PURE;
+
+  /**
+   * @return the Dispatcher for this manager.
+   */
+  virtual Event::Dispatcher& dispatcher() PURE;
+
+  /**
+   * If an filter stopped filter iteration by returning FilterStatus::StopIteration,
+   * the filter should call continueFilterChain(true) when complete to continue the filter chain,
+   * or continueFilterChain(false) if the filter execution failed and the connection musrt be
+   * closed.
+   * @param success boolean telling whether the filter execution was successful or not.
+   */
+  virtual void continueFilterChain(bool success) PURE;
+};
+
+/**
+ * Listener Filter
+ */
+class ListenerFilter {
+public:
+  virtual ~ListenerFilter() {}
+
+  /**
+   * Called when a new connection is accepted, but before a Connection is created.
+   * Filter chain iteration can be stopped if needed.
+   * @param cb the callbacks the filter instance can use to communicate with the filter chain.
+   * @return status used by the filter manager to manage further filter iteration.
+   */
+  virtual FilterStatus onAccept(ListenerFilterCallbacks& cb) PURE;
+};
+
+typedef std::shared_ptr<ListenerFilter> ListenerFilterSharedPtr;
+
+/**
+ * Interface for filter callbacks and adding listener filters to a manager.
+ */
+class ListenerFilterManager {
+public:
+  virtual ~ListenerFilterManager() {}
+
+  /**
+   * Add a filter to the listener. Filters are invoked in FIFO order (the filter added
+   * first is called first).
+   * @param filter supplies the filter being added.
+   */
+  virtual void addAcceptFilter(ListenerFilterSharedPtr filter) PURE;
+};
+
 /**
  * Creates a chain of network filters for a new connection.
  */
@@ -161,6 +223,14 @@ class FilterChainFactory {
    *   false, e.g. filter chain is empty.
    */
   virtual bool createFilterChain(Connection& connection) PURE;
+
+  /**
+   * Called to create the listener filter chain.
+   * @param listener supplies the listener to create the chain on.
+   * @return true if filter chain was created successfully. Otherwise
+   *   false.
+   */
+  virtual bool createFilterChain(ListenerFilterManager& listener) PURE;
 };
 
 } // namespace Network

diff --git a/include/envoy/network/listen_socket.h b/include/envoy/network/listen_socket.h
@@ -34,5 +34,65 @@ class ListenSocket {
 typedef std::unique_ptr<ListenSocket> ListenSocketPtr;
 typedef std::shared_ptr<ListenSocket> ListenSocketSharedPtr;
 
+/**
+ * An abstract accept socket.
+ */
+class AcceptSocket {
+public:
+  virtual ~AcceptSocket() {}
+
+  /**
+   * @return the address that the socket was received at, or an original destination address if
+   * applicable.
+   */
+  virtual Address::InstanceConstSharedPtr localAddress() const PURE;
+
+  /**
+   * Reset the original destination address of the socket to a different address than the one
+   * the socket was accepted at.
+   */
+  virtual void resetLocalAddress(Address::InstanceConstSharedPtr& local_address) PURE;
+
+  /**
+   * @return true if the local address has been reset.
+   */
+  virtual bool localAddressReset() const PURE;
+
+  /**
+   * @return the address that the socket was received from, or an original source address if
+   * applicable.
+   */
+  virtual Address::InstanceConstSharedPtr remoteAddress() const PURE;
+
+  /**
+   * Set the original source address of the socket
+   */
+  virtual void resetRemoteAddress(Address::InstanceConstSharedPtr& remote_address) PURE;
+
+  /**
+   * @return fd the accept socket's file descriptor.
+   */
+  virtual int fd() const PURE;
+
+  /**
+   * Transfer ownership of the file descriptor to the caller, so that the underlying socket will
+   * not be closed on delete.
+   */
+  virtual int takeFd() PURE;
+
+  /**
+   * Clear 'reset' state so that the socket can be used again with a new listener.
+   */
+  virtual void clearReset() PURE;
+
+  /**
+   * Close the underlying socket.
+   */
+  virtual void close() PURE;
+};
+
+typedef std::unique_ptr<AcceptSocket> AcceptSocketPtr;
+typedef std::shared_ptr<AcceptSocket> AcceptSocketSharedPtr;
+
 } // namespace Network
 } // namespace Envoy
diff --git a/include/envoy/network/listener.h b/include/envoy/network/listener.h
@@ -6,45 +6,24 @@
 
 #include "envoy/common/exception.h"
 #include "envoy/network/connection.h"
+#include "envoy/network/listen_socket.h"
 
 namespace Envoy {
 namespace Network {
 
-/**
- * Listener configurations options.
- */
-struct ListenerOptions {
-  // Specifies if the listener should actually bind to the port. A listener that doesn't bind can
-  // only receive connections redirected from other listeners that set use_origin_dst_ to true.
-  bool bind_to_port_;
-  // Whether to use the PROXY Protocol V1
-  // (http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt)
-  bool use_proxy_proto_;
-  // If a connection was redirected to this port using iptables, allow the listener to hand it off
-  // to the listener associated to the original port.
-  bool use_original_dst_;
-  // Soft limit on size of the listener's new connection read and write buffers.
-  uint32_t per_connection_buffer_limit_bytes_;
-
-  /**
-   * Factory for ListenerOptions with bind_to_port_ set.
-   * @return ListenerOptions object initialized with bind_to_port_ set.
-   */
-  static ListenerOptions listenerOptionsWithBindToPort() {
-    return {.bind_to_port_ = true,
-            .use_proxy_proto_ = false,
-            .use_original_dst_ = false,
-            .per_connection_buffer_limit_bytes_ = 0};
-  }
-};
-
 /**
  * Callbacks invoked by a listener.
  */
 class ListenerCallbacks {
 public:
   virtual ~ListenerCallbacks() {}
 
+  /**
+   * Called when a new connection is accepted.
+   * @param socket supplies the socket that is moved into the callee.
+   */
+  virtual void onAccept(AcceptSocketPtr&& socket) PURE;
+
   /**
    * Called when a new connection is accepted.
    * @param new_connection supplies the new connection that is moved into the callee.

diff --git a/include/envoy/server/filter_config.h b/include/envoy/server/filter_config.h
@@ -123,6 +123,62 @@ class FactoryContext {
   virtual Stats::Scope& listenerScope() PURE;
 };
 
+/**
+ * This function is used to wrap the creation of a listener filter chain for new sockets as they are
+ * created. Filter factories create the lambda at configuration initialization time, and then they
+ * are used at runtime.
+ * @param filter_manager supplies the filter manager for the listener to install filters to.
+ * Typically the function will install a single filter, but it's technically possibly to install
+ * more than one if desired.
+ */
+typedef std::function<void(Network::ListenerFilterManager& filter_manager)> ListenerFilterFactoryCb;
+
+/**
+ * Implemented by each listener filter and registered via Registry::registerFactory()
+ * or the convenience class RegisterFactory.
+ */
+class NamedListenerFilterConfigFactory {
+public:
+  virtual ~NamedListenerFilterConfigFactory() {}
+
+  /**
+   * Create a particular listener filter factory implementation. If the implementation is unable to
+   * produce a factory with the provided parameters, it should throw an EnvoyException in the case
+   * of general error or a Json::Exception if the json configuration is erroneous. The returned
+   * callback should always be initialized.
+   * @param config supplies the general json configuration for the filter
+   * @param context supplies the filter's context.
+   * @return ListenerFilterFactoryCb the factory creation function.
+   */
+  virtual ListenerFilterFactoryCb createFilterFactory(const Json::Object& config,
+                                                      FactoryContext& context) PURE;
+
+  /**
+   * v2 variant of createFilterFactory(..), where filter configs are specified as proto. This may be
+   * optionally implemented today, but will in the future become compulsory once v1 is deprecated.
+   */
+  virtual ListenerFilterFactoryCb createFilterFactoryFromProto(const Protobuf::Message& config,
+                                                               FactoryContext& context) {
+    UNREFERENCED_PARAMETER(config);
+    UNREFERENCED_PARAMETER(context);
+    NOT_IMPLEMENTED;
+  }
+
+  /**
+   * @return ProtobufTypes::MessagePtr create empty config proto message for v2. The filter
+   *         config, which arrives in an opaque google.protobuf.Struct message, will be converted to
+   *         JSON and then parsed into this empty proto. Optional today, will be compulsory when v1
+   *         is deprecated.
+   */
+  virtual ProtobufTypes::MessagePtr createEmptyConfigProto() { return nullptr; }
+
+  /**
+   * @return std::string the identifying name for a particular implementation of a listener filter
+   * produced by the factory.
+   */
+  virtual std::string name() PURE;
+};
+
 /**
  * This function is used to wrap the creation of a network filter chain for new connections as
  * they come in. Filter factories create the lambda at configuration initialization time, and then