diff --git a/CODEOWNERS b/CODEOWNERS index 4916bead4c8d0..c9e496f9fceb6 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -4,6 +4,10 @@ # csrf extension /*/extensions/filters/http/csrf @dschaller @mattklein123 +# original_src http filter extension +/*/extensions/filters/http/original_src @snowp @klarose +# original_src listener filter extension +/*/extensions/filters/listener/original_src @snowp @klarose # dubbo_proxy extension /*/extensions/filters/network/dubbo_proxy @zyfjeff @lizan # thrift_proxy extension diff --git a/api/docs/BUILD b/api/docs/BUILD index e4daabad2c3e2..c8637e678dca2 100644 --- a/api/docs/BUILD +++ b/api/docs/BUILD @@ -47,6 +47,7 @@ proto_library( "//envoy/config/filter/http/ip_tagging/v2:ip_tagging", "//envoy/config/filter/http/jwt_authn/v2alpha:jwt_authn", "//envoy/config/filter/http/lua/v2:lua", + "//envoy/config/filter/http/original_src/v2alpha1:original_src", "//envoy/config/filter/http/rate_limit/v2:rate_limit", "//envoy/config/filter/http/rbac/v2:rbac", "//envoy/config/filter/http/router/v2:router", diff --git a/api/envoy/config/filter/http/original_src/v2alpha1/BUILD b/api/envoy/config/filter/http/original_src/v2alpha1/BUILD new file mode 100644 index 0000000000000..e064545b21cde --- /dev/null +++ b/api/envoy/config/filter/http/original_src/v2alpha1/BUILD @@ -0,0 +1,8 @@ +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_library_internal") + +licenses(["notice"]) # Apache 2 + +api_proto_library_internal( + name = "original_src", + srcs = ["original_src.proto"], +) diff --git a/api/envoy/config/filter/http/original_src/v2alpha1/original_src.proto b/api/envoy/config/filter/http/original_src/v2alpha1/original_src.proto new file mode 100644 index 0000000000000..32f37a8c48f0c --- /dev/null +++ b/api/envoy/config/filter/http/original_src/v2alpha1/original_src.proto @@ -0,0 +1,26 @@ +syntax = "proto3"; + +package envoy.config.filter.http.original_src.v2alpha1; + +option java_outer_classname = "OriginalSrcProto"; +option java_multiple_files = true; +option java_package = "io.envoyproxy.envoy.config.filter.http.original_src.v2alpha1"; + +option go_package = "v2alpha1"; + +import "validate/validate.proto"; + +// [#protodoc-title: Original Src Filter] +// Use the Original source address on upstream connections. + +// The Original Src filter binds upstream connections to the original source address determined +// for the request. This address could come from something like the Proxy Protocol filter, or it +// could come from trusted http headers. +message OriginalSrc { + + // Sets the SO_MARK option on the upstream connection's socket to the provided value. Used to + // ensure that non-local addresses may be routed back through envoy when binding to the original + // source address. The option will not be applied if the mark is 0. + // [#proto-status: experimental] + uint32 mark = 1; +} diff --git a/docs/build.sh b/docs/build.sh index 2cd2760a8605c..f20a79a6f8a8f 100755 --- a/docs/build.sh +++ b/docs/build.sh @@ -102,6 +102,7 @@ PROTO_RST=" /envoy/config/filter/http/ip_tagging/v2/ip_tagging/envoy/config/filter/http/ip_tagging/v2/ip_tagging.proto.rst /envoy/config/filter/http/jwt_authn/v2alpha/jwt_authn/envoy/config/filter/http/jwt_authn/v2alpha/config.proto.rst /envoy/config/filter/http/lua/v2/lua/envoy/config/filter/http/lua/v2/lua.proto.rst + /envoy/config/filter/http/original_src/v2alpha1/original_src/envoy/config/filter/http/original_src/v2alpha1/original_src.proto.rst /envoy/config/filter/http/rate_limit/v2/rate_limit/envoy/config/filter/http/rate_limit/v2/rate_limit.proto.rst /envoy/config/filter/http/rbac/v2/rbac/envoy/config/filter/http/rbac/v2/rbac.proto.rst /envoy/config/filter/http/router/v2/router/envoy/config/filter/http/router/v2/router.proto.rst diff --git a/docs/root/api-v2/config/filter/http/http.rst b/docs/root/api-v2/config/filter/http/http.rst index 86e82f875a2fa..0aff5791bf6aa 100644 --- a/docs/root/api-v2/config/filter/http/http.rst +++ b/docs/root/api-v2/config/filter/http/http.rst @@ -7,3 +7,4 @@ HTTP filters */v2/* */v2alpha/* + */v2alpha1/* diff --git a/docs/root/configuration/http_filters/http_filters.rst b/docs/root/configuration/http_filters/http_filters.rst index 5f0c00275d80b..5fcbedd731ed8 100644 --- a/docs/root/configuration/http_filters/http_filters.rst +++ b/docs/root/configuration/http_filters/http_filters.rst @@ -22,6 +22,7 @@ HTTP filters ip_tagging_filter jwt_authn_filter lua_filter + original_src_filter rate_limit_filter rbac_filter router_filter diff --git a/docs/root/configuration/http_filters/original_src_filter.rst b/docs/root/configuration/http_filters/original_src_filter.rst new file mode 100644 index 0000000000000..32120d4898f20 --- /dev/null +++ b/docs/root/configuration/http_filters/original_src_filter.rst @@ -0,0 +1,71 @@ +.. _config_http_filters_original_src: + +Original Source +=============== + +* :ref:`HTTP filter v2 API reference ` +* This filter should be configured with the name *envoy.filters.http.original_src*. + +The original source http filter replicates the downstream remote address of the connection on +the upstream side of Envoy. For example, if a downstream connection connects to Envoy with IP +address ``10.1.2.3``, then Envoy will connect to the upstream with source IP ``10.1.2.3``. The +downstream remote address is determined based on the logic for the "trusted client address" +outlined in :ref:`XFF `. + + +Note that the filter is intended to be used in conjunction with the +:ref:`Router ` filter. In particular, it must run prior to the router +filter so that it may add the desired source IP to the state of the filter chain. + +IP Version Support +------------------ +The filter supports both IPv4 and IPv6 as addresses. Note that the upstream connection must support +the version used. + +Extra Setup +----------- + +The downstream remote address used will likely be globally routable. By default, packets returning +from the upstream host to that address will not route through Envoy. The network must be configured +to forcefully route any traffic whose IP was replicated by Envoy back through the Envoy host. + +If Envoy and the upstream are on the same host -- e.g. in an sidecar deployment --, then iptables +and routing rules can be used to ensure correct behaviour. The filter has an unsigned integer +configuration, +:ref:`mark `. Setting +this to *X* causes Envoy to *mark* all upstream packets originating from this http with value +*X*. Note that if +:ref:`mark ` is set +to 0, Envoy will not mark upstream packets. + +We can use the following set of commands to ensure that all ipv4 and ipv6 traffic marked with *X* +(assumed to be 123 in the example) routes correctly. Note that this example assumes that *eth0* is +the default outbound interface. + +.. code-block:: text + + iptables -t mangle -I PREROUTING -m mark --mark 123 -j CONNMARK --save-mark + iptables -t mangle -I OUTPUT -m connmark --mark 123 -j CONNMARK --restore-mark + ip6tables -t mangle -I PREROUTING -m mark --mark 123 -j CONNMARK --save-mark + ip6tables -t mangle -I OUTPUT -m connmark --mark 123 -j CONNMARK --restore-mark + ip rule add fwmark 123 lookup 100 + ip route add local 0.0.0.0/0 dev lo table 100 + ip -6 rule add fwmark 123 lookup 100 + ip -6 route add local ::/0 dev lo table 100 + echo 1 > /proc/sys/net/ipv4/conf/eth0/route_localnet + + +Example HTTP configuration +------------------------------ + +The following example configures Envoy to use the original source for all connections made on port +8888. All upstream packets are marked with 123. + +.. code-block:: yaml + + http_filters: + - name: envoy.filters.http.original_src + config: + mark: 123 + - name: envoy.router + config: {} diff --git a/docs/root/intro/arch_overview/ip_transparency.rst b/docs/root/intro/arch_overview/ip_transparency.rst index 48b442eca7dda..095ec54bc124c 100644 --- a/docs/root/intro/arch_overview/ip_transparency.rst +++ b/docs/root/intro/arch_overview/ip_transparency.rst @@ -25,7 +25,9 @@ HTTP Headers HTTP headers may carry the original IP address of the request in the :ref:`x-forwarded-for ` header. The upstream server -can use this header to determine the downstream remote address. +can use this header to determine the downstream remote address. Envoy may also use this header to +choose the IP address used by the +:ref:`Original Src HTTP Filter `. The HTTP header approach has a few downsides: @@ -69,3 +71,27 @@ Some drawbacks to the Original Source filter: * It requires that Envoy have access to the downstream remote address. * Its configuration is relatively complex. * It may introduce a slight performance hit due to restrictions on connection pooling. + +.. _arch_overview_ip_transparency_original_src_http: + +Original Source HTTP Filter +--------------------------- + +In controlled deployments, it may be possible to replicate the downstream remote address on the +upstream connection by using a +:ref:`Original Source HTTP filter `. This filter operates much like +the :ref:`Original Src Listener Filter `. The +main difference is that it can infer the original source address from HTTP headers, which is important +for cases where a single downstream connection carries multiple HTTP requests from different original +source addresses. Deployments with a front proxy forwarding to sidecar proxies are examples where case +applies. + +This filter will work with any upstream HTTP host. However, it requires fairly complex configuration, +and it may not be supported in all deployments due to routing constraints. + +Some drawbacks to the Original Source filter: + +* It requires that Envoy be properly configured to extract the downstream remote address from the + :ref:`x-forwarded-for ` header. +* Its configuration is relatively complex. +* It may introduce a slight performance hit due to restrictions on connection pooling. diff --git a/docs/root/intro/version_history.rst b/docs/root/intro/version_history.rst index 421568a0e5444..6c05c4dcb3979 100644 --- a/docs/root/intro/version_history.rst +++ b/docs/root/intro/version_history.rst @@ -24,6 +24,7 @@ Version history * http: fixed a crashing bug where gRPC local replies would cause segfaults when upstream access logging was on. * http: mitigated a race condition with the :ref:`delayed_close_timeout` where it could trigger while actively flushing a pending write buffer for a downstream connection. * jwt_authn: make filter's parsing of JWT more flexible, allowing syntax like ``jwt=eyJhbGciOiJS...ZFnFIw,extra=7,realm=123`` +* original_src filter: added the :ref:`filter`. * rbac: migrated from v2alpha to v2. * redis: add support for Redis cluster custom cluster type. * redis: added :ref:`prefix routing ` to enable routing commands based on their key's prefix to different upstream. diff --git a/source/extensions/extensions_build_config.bzl b/source/extensions/extensions_build_config.bzl index b67c85fc5903d..7f948dbe3e4d8 100644 --- a/source/extensions/extensions_build_config.bzl +++ b/source/extensions/extensions_build_config.bzl @@ -44,6 +44,7 @@ EXTENSIONS = { "envoy.filters.http.ip_tagging": "//source/extensions/filters/http/ip_tagging:config", "envoy.filters.http.jwt_authn": "//source/extensions/filters/http/jwt_authn:config", "envoy.filters.http.lua": "//source/extensions/filters/http/lua:config", + "envoy.filters.http.original_src": "//source/extensions/filters/http/original_src:config", "envoy.filters.http.ratelimit": "//source/extensions/filters/http/ratelimit:config", "envoy.filters.http.rbac": "//source/extensions/filters/http/rbac:config", "envoy.filters.http.router": "//source/extensions/filters/http/router:config", diff --git a/source/extensions/filters/common/original_src/BUILD b/source/extensions/filters/common/original_src/BUILD new file mode 100644 index 0000000000000..1f39f83548558 --- /dev/null +++ b/source/extensions/filters/common/original_src/BUILD @@ -0,0 +1,37 @@ +licenses(["notice"]) # Apache 2 + +# Helprs for filters for mirroring the downstream remote address on the upstream's source. + +load( + "//bazel:envoy_build_system.bzl", + "envoy_cc_library", + "envoy_package", +) + +envoy_package() + +envoy_cc_library( + name = "original_src_socket_option_lib", + srcs = ["original_src_socket_option.cc"], + hdrs = ["original_src_socket_option.h"], + deps = [ + "//include/envoy/network:listen_socket_interface", + "//source/common/common:assert_lib", + "//source/common/common:minimal_logger_lib", + "//source/common/network:address_lib", + "//source/common/network:utility_lib", + ], +) + +envoy_cc_library( + name = "socket_option_factory_lib", + srcs = ["socket_option_factory.cc"], + hdrs = ["socket_option_factory.h"], + deps = [ + ":original_src_socket_option_lib", + "//include/envoy/network:listen_socket_interface", + "//source/common/network:address_lib", + "//source/common/network:socket_option_factory_lib", + "//source/common/network:utility_lib", + ], +) diff --git a/source/extensions/filters/listener/original_src/original_src_socket_option.cc b/source/extensions/filters/common/original_src/original_src_socket_option.cc similarity index 92% rename from source/extensions/filters/listener/original_src/original_src_socket_option.cc rename to source/extensions/filters/common/original_src/original_src_socket_option.cc index 913f629d695c8..0a15c216bf92e 100644 --- a/source/extensions/filters/listener/original_src/original_src_socket_option.cc +++ b/source/extensions/filters/common/original_src/original_src_socket_option.cc @@ -1,10 +1,11 @@ -#include "extensions/filters/listener/original_src/original_src_socket_option.h" +#include "extensions/filters/common/original_src/original_src_socket_option.h" #include "common/common/assert.h" namespace Envoy { namespace Extensions { -namespace ListenerFilters { +namespace Filters { +namespace Common { namespace OriginalSrc { OriginalSrcSocketOption::OriginalSrcSocketOption( @@ -57,6 +58,7 @@ OriginalSrcSocketOption::getOptionDetails(const Network::Socket&, } } // namespace OriginalSrc -} // namespace ListenerFilters +} // namespace Common +} // namespace Filters } // namespace Extensions } // namespace Envoy diff --git a/source/extensions/filters/listener/original_src/original_src_socket_option.h b/source/extensions/filters/common/original_src/original_src_socket_option.h similarity index 94% rename from source/extensions/filters/listener/original_src/original_src_socket_option.h rename to source/extensions/filters/common/original_src/original_src_socket_option.h index 6f2c1c000a85a..2659354d85984 100644 --- a/source/extensions/filters/listener/original_src/original_src_socket_option.h +++ b/source/extensions/filters/common/original_src/original_src_socket_option.h @@ -5,7 +5,8 @@ namespace Envoy { namespace Extensions { -namespace ListenerFilters { +namespace Filters { +namespace Common { namespace OriginalSrc { /** * A socket option implementation which allows a connection to spoof its source IP/port using @@ -40,6 +41,7 @@ class OriginalSrcSocketOption : public Network::Socket::Option { }; } // namespace OriginalSrc -} // namespace ListenerFilters +} // namespace Common +} // namespace Filters } // namespace Extensions } // namespace Envoy diff --git a/source/extensions/filters/common/original_src/socket_option_factory.cc b/source/extensions/filters/common/original_src/socket_option_factory.cc new file mode 100644 index 0000000000000..cf84b9d26596c --- /dev/null +++ b/source/extensions/filters/common/original_src/socket_option_factory.cc @@ -0,0 +1,40 @@ +#include "extensions/filters/common/original_src/socket_option_factory.h" + +#include "common/network/socket_option_factory.h" +#include "common/network/utility.h" + +#include "extensions/filters/common/original_src/original_src_socket_option.h" + +namespace Envoy { +namespace Extensions { +namespace Filters { +namespace Common { +namespace OriginalSrc { + +Network::Socket::OptionsSharedPtr +buildOriginalSrcOptions(Network::Address::InstanceConstSharedPtr source, uint32_t mark) { + const auto address_without_port = Network::Utility::getAddressWithPort(*source, 0); + + // Note: we don't expect this to change the behaviour of the socket. We expect it to be copied + // into the upstream connection later. + auto options_to_add = std::make_shared(); + options_to_add->emplace_back( + std::make_shared( + std::move(address_without_port))); + + if (mark != 0) { + const auto mark_options = Network::SocketOptionFactory::buildSocketMarkOptions(mark); + options_to_add->insert(options_to_add->end(), mark_options->begin(), mark_options->end()); + } + + const auto transparent_options = Network::SocketOptionFactory::buildIpTransparentOptions(); + options_to_add->insert(options_to_add->end(), transparent_options->begin(), + transparent_options->end()); + return options_to_add; +} + +} // namespace OriginalSrc +} // namespace Common +} // namespace Filters +} // namespace Extensions +} // namespace Envoy diff --git a/source/extensions/filters/common/original_src/socket_option_factory.h b/source/extensions/filters/common/original_src/socket_option_factory.h new file mode 100644 index 0000000000000..6e10df6bc08b0 --- /dev/null +++ b/source/extensions/filters/common/original_src/socket_option_factory.h @@ -0,0 +1,19 @@ +#pragma once + +#include "envoy/network/address.h" +#include "envoy/network/listen_socket.h" + +namespace Envoy { +namespace Extensions { +namespace Filters { +namespace Common { +namespace OriginalSrc { + +Network::Socket::OptionsSharedPtr +buildOriginalSrcOptions(Network::Address::InstanceConstSharedPtr source, uint32_t mark); + +} // namespace OriginalSrc +} // namespace Common +} // namespace Filters +} // namespace Extensions +} // namespace Envoy diff --git a/source/extensions/filters/http/original_src/BUILD b/source/extensions/filters/http/original_src/BUILD new file mode 100644 index 0000000000000..04e89334f85f0 --- /dev/null +++ b/source/extensions/filters/http/original_src/BUILD @@ -0,0 +1,47 @@ +licenses(["notice"]) # Apache 2 + +# A filter for mirroring the downstream remote address on the upstream's source. + +load( + "//bazel:envoy_build_system.bzl", + "envoy_cc_library", + "envoy_package", +) + +envoy_package() + +envoy_cc_library( + name = "config_lib", + srcs = ["config.cc"], + hdrs = ["config.h"], + deps = [ + "@envoy_api//envoy/config/filter/http/original_src/v2alpha1:original_src_cc", + ], +) + +envoy_cc_library( + name = "original_src_lib", + srcs = ["original_src.cc"], + hdrs = ["original_src.h"], + deps = [ + ":config_lib", + "//include/envoy/http:filter_interface", + "//source/common/common:assert_lib", + "//source/common/common:minimal_logger_lib", + "//source/extensions/filters/common/original_src:socket_option_factory_lib", + ], +) + +envoy_cc_library( + name = "config", # The extension build system requires a library named config + srcs = ["original_src_config_factory.cc"], + hdrs = ["original_src_config_factory.h"], + deps = [ + ":config_lib", + ":original_src_lib", + "//include/envoy/registry", + "//source/extensions/filters/http:well_known_names", + "//source/extensions/filters/http/common:factory_base_lib", + "@envoy_api//envoy/config/filter/http/original_src/v2alpha1:original_src_cc", + ], +) diff --git a/source/extensions/filters/http/original_src/config.cc b/source/extensions/filters/http/original_src/config.cc new file mode 100644 index 0000000000000..ae4f0e193b534 --- /dev/null +++ b/source/extensions/filters/http/original_src/config.cc @@ -0,0 +1,14 @@ +#include "extensions/filters/http/original_src/config.h" + +namespace Envoy { +namespace Extensions { +namespace HttpFilters { +namespace OriginalSrc { + +Config::Config(const envoy::config::filter::http::original_src::v2alpha1::OriginalSrc& config) + : mark_(config.mark()) {} + +} // namespace OriginalSrc +} // namespace HttpFilters +} // namespace Extensions +} // namespace Envoy diff --git a/source/extensions/filters/http/original_src/config.h b/source/extensions/filters/http/original_src/config.h new file mode 100644 index 0000000000000..3cbe17d8a75a6 --- /dev/null +++ b/source/extensions/filters/http/original_src/config.h @@ -0,0 +1,22 @@ +#pragma once + +#include "envoy/config/filter/http/original_src/v2alpha1/original_src.pb.h" + +namespace Envoy { +namespace Extensions { +namespace HttpFilters { +namespace OriginalSrc { +class Config { +public: + Config() = default; + explicit Config(const envoy::config::filter::http::original_src::v2alpha1::OriginalSrc& config); + + uint32_t mark() const { return mark_; } + +private: + uint32_t mark_ = 0; +}; +} // namespace OriginalSrc +} // namespace HttpFilters +} // namespace Extensions +} // namespace Envoy diff --git a/source/extensions/filters/http/original_src/original_src.cc b/source/extensions/filters/http/original_src/original_src.cc new file mode 100644 index 0000000000000..18d71275fc655 --- /dev/null +++ b/source/extensions/filters/http/original_src/original_src.cc @@ -0,0 +1,50 @@ +#include "extensions/filters/http/original_src/original_src.h" + +#include "common/common/assert.h" + +#include "extensions/filters/common/original_src/socket_option_factory.h" + +namespace Envoy { +namespace Extensions { +namespace HttpFilters { +namespace OriginalSrc { + +OriginalSrcFilter::OriginalSrcFilter(const Config& config) : config_(config) {} + +void OriginalSrcFilter::onDestroy() {} + +Http::FilterHeadersStatus OriginalSrcFilter::decodeHeaders(Http::HeaderMap&, bool) { + const auto downstream_address = callbacks_->streamInfo().downstreamRemoteAddress(); + ASSERT(downstream_address); + + if (downstream_address->type() != Network::Address::Type::Ip) { + // Nothing we can do with this. + return Http::FilterHeadersStatus::Continue; + } + + ENVOY_LOG(debug, + "Got a new connection in the original_src filter for address {}. Marking with {}", + downstream_address->asString(), config_.mark()); + + const auto options_to_add = Filters::Common::OriginalSrc::buildOriginalSrcOptions( + std::move(downstream_address), config_.mark()); + callbacks_->addUpstreamSocketOptions(options_to_add); + return Http::FilterHeadersStatus::Continue; +} + +Http::FilterDataStatus OriginalSrcFilter::decodeData(Buffer::Instance&, bool) { + return Http::FilterDataStatus::Continue; +} + +Http::FilterTrailersStatus OriginalSrcFilter::decodeTrailers(Http::HeaderMap&) { + return Http::FilterTrailersStatus::Continue; +} + +void OriginalSrcFilter::setDecoderFilterCallbacks(Http::StreamDecoderFilterCallbacks& callbacks) { + callbacks_ = &callbacks; +} + +} // namespace OriginalSrc +} // namespace HttpFilters +} // namespace Extensions +} // namespace Envoy diff --git a/source/extensions/filters/http/original_src/original_src.h b/source/extensions/filters/http/original_src/original_src.h new file mode 100644 index 0000000000000..1754a3bb00903 --- /dev/null +++ b/source/extensions/filters/http/original_src/original_src.h @@ -0,0 +1,42 @@ +#pragma once + +#include "envoy/http/filter.h" +#include "envoy/network/address.h" + +#include "common/common/logger.h" + +#include "extensions/filters/http/original_src/config.h" + +namespace Envoy { +namespace Extensions { +namespace HttpFilters { +namespace OriginalSrc { + +/** + * Implements the Original Src http filter. This filter places the downstream source address of the + * request, as determined by the stream's `downstreamRemoteAddress()`, into an option which will be + * used to partition upstream connections. This does not support non-ip (e.g. AF_UNIX) connections; + * they will use the same address they would have had this filter not been installed. + */ +class OriginalSrcFilter : public Http::StreamDecoderFilter, Logger::Loggable { +public: + explicit OriginalSrcFilter(const Config& config); + + // Http::StreamFilterBase + void onDestroy() override; + + // Http::StreamDecoderFilter + Http::FilterHeadersStatus decodeHeaders(Http::HeaderMap& headers, bool end_stream) override; + Http::FilterDataStatus decodeData(Buffer::Instance& data, bool end_stream) override; + Http::FilterTrailersStatus decodeTrailers(Http::HeaderMap& trailers) override; + void setDecoderFilterCallbacks(Http::StreamDecoderFilterCallbacks& callbacks) override; + +private: + Config config_; + Http::StreamDecoderFilterCallbacks* callbacks_{}; +}; + +} // namespace OriginalSrc +} // namespace HttpFilters +} // namespace Extensions +} // namespace Envoy diff --git a/source/extensions/filters/http/original_src/original_src_config_factory.cc b/source/extensions/filters/http/original_src/original_src_config_factory.cc new file mode 100644 index 0000000000000..58c7752be2aa5 --- /dev/null +++ b/source/extensions/filters/http/original_src/original_src_config_factory.cc @@ -0,0 +1,31 @@ +#include "extensions/filters/http/original_src/original_src_config_factory.h" + +#include "envoy/registry/registry.h" + +#include "extensions/filters/http/original_src/config.h" +#include "extensions/filters/http/original_src/original_src.h" +#include "extensions/filters/http/well_known_names.h" + +namespace Envoy { +namespace Extensions { +namespace HttpFilters { +namespace OriginalSrc { + +Http::FilterFactoryCb OriginalSrcConfigFactory::createFilterFactoryFromProtoTyped( + const envoy::config::filter::http::original_src::v2alpha1::OriginalSrc& proto_config, + const std::string&, Server::Configuration::FactoryContext&) { + Config config(proto_config); + return [config](Http::FilterChainFactoryCallbacks& callbacks) -> void { + callbacks.addStreamDecoderFilter(std::make_unique(config)); + }; +} + +/** + * Static registration for the original_src filter. @see RegisterFactory. + */ +REGISTER_FACTORY(OriginalSrcConfigFactory, Server::Configuration::NamedHttpFilterConfigFactory); + +} // namespace OriginalSrc +} // namespace HttpFilters +} // namespace Extensions +} // namespace Envoy diff --git a/source/extensions/filters/http/original_src/original_src_config_factory.h b/source/extensions/filters/http/original_src/original_src_config_factory.h new file mode 100644 index 0000000000000..76f8375a41bc4 --- /dev/null +++ b/source/extensions/filters/http/original_src/original_src_config_factory.h @@ -0,0 +1,29 @@ +#pragma once + +#include "envoy/config/filter/http/original_src/v2alpha1/original_src.pb.h" +#include "envoy/config/filter/http/original_src/v2alpha1/original_src.pb.validate.h" + +#include "extensions/filters/http/common/factory_base.h" +#include "extensions/filters/http/well_known_names.h" + +namespace Envoy { +namespace Extensions { +namespace HttpFilters { +namespace OriginalSrc { +/** + * Config registration for the original_src filter. + */ +class OriginalSrcConfigFactory + : public Common::FactoryBase { +public: + OriginalSrcConfigFactory() : FactoryBase(HttpFilterNames::get().OriginalSrc) {} + + Http::FilterFactoryCb createFilterFactoryFromProtoTyped( + const envoy::config::filter::http::original_src::v2alpha1::OriginalSrc& proto_config, + const std::string& stat_prefix, Server::Configuration::FactoryContext& context) override; +}; + +} // namespace OriginalSrc +} // namespace HttpFilters +} // namespace Extensions +} // namespace Envoy diff --git a/source/extensions/filters/http/well_known_names.h b/source/extensions/filters/http/well_known_names.h index 0352c5bc2c061..ef9e140acc767 100644 --- a/source/extensions/filters/http/well_known_names.h +++ b/source/extensions/filters/http/well_known_names.h @@ -54,6 +54,8 @@ class HttpFilterNameValues { const std::string HeaderToMetadata = "envoy.filters.http.header_to_metadata"; // Tap filter const std::string Tap = "envoy.filters.http.tap"; + // Original Src Filter + const std::string OriginalSrc = "envoy.filters.http.original_src"; // Converts names from v1 to v2 const Config::V1Converter v1_converter_; diff --git a/source/extensions/filters/listener/original_src/BUILD b/source/extensions/filters/listener/original_src/BUILD index e0af9e6742164..e6a9eb6a3f034 100644 --- a/source/extensions/filters/listener/original_src/BUILD +++ b/source/extensions/filters/listener/original_src/BUILD @@ -19,33 +19,19 @@ envoy_cc_library( ], ) -envoy_cc_library( - name = "original_src_socket_option_lib", - srcs = ["original_src_socket_option.cc"], - hdrs = ["original_src_socket_option.h"], - deps = [ - "//include/envoy/network:listen_socket_interface", - "//source/common/common:assert_lib", - "//source/common/common:minimal_logger_lib", - "//source/common/network:address_lib", - "//source/common/network:utility_lib", - ], -) - envoy_cc_library( name = "original_src_lib", srcs = ["original_src.cc"], hdrs = ["original_src.h"], deps = [ ":config_lib", - ":original_src_socket_option_lib", "//include/envoy/buffer:buffer_interface", "//include/envoy/network:address_interface", "//include/envoy/network:connection_interface", "//include/envoy/network:filter_interface", "//source/common/common:assert_lib", "//source/common/common:minimal_logger_lib", - "//source/common/network:socket_option_factory_lib", + "//source/extensions/filters/common/original_src:socket_option_factory_lib", ], ) diff --git a/source/extensions/filters/listener/original_src/original_src.cc b/source/extensions/filters/listener/original_src/original_src.cc index 2f6f745fda240..684867d3c39c7 100644 --- a/source/extensions/filters/listener/original_src/original_src.cc +++ b/source/extensions/filters/listener/original_src/original_src.cc @@ -4,10 +4,8 @@ #include "envoy/network/connection.h" #include "common/common/assert.h" -#include "common/network/socket_option_factory.h" -#include "common/network/utility.h" -#include "extensions/filters/listener/original_src/original_src_socket_option.h" +#include "extensions/filters/common/original_src/socket_option_factory.h" namespace Envoy { namespace Extensions { @@ -29,25 +27,9 @@ Network::FilterStatus OriginalSrcFilter::onAccept(Network::ListenerFilterCallbac // nothing we can do with this. return Network::FilterStatus::Continue; } - - auto address_without_port = Network::Utility::getAddressWithPort(*address, 0); - - // note: we don't expect this to change the behaviour of the socket. We expect it to be copied - // into the upstream connection later. - auto options_to_add = std::make_shared(); - options_to_add->emplace_back( - std::make_shared(std::move(address_without_port))); - - if (config_.mark() != 0) { - auto mark_options = Network::SocketOptionFactory::buildSocketMarkOptions(config_.mark()); - options_to_add->insert(options_to_add->end(), mark_options->begin(), mark_options->end()); - } - - auto transparent_options = Network::SocketOptionFactory::buildIpTransparentOptions(); - options_to_add->insert(options_to_add->end(), transparent_options->begin(), - transparent_options->end()); - - socket.addOptions(options_to_add); + auto options_to_add = + Filters::Common::OriginalSrc::buildOriginalSrcOptions(std::move(address), config_.mark()); + socket.addOptions(std::move(options_to_add)); return Network::FilterStatus::Continue; } diff --git a/source/extensions/filters/listener/original_src/original_src.h b/source/extensions/filters/listener/original_src/original_src.h index 180e04ecf5c67..f201644f88106 100644 --- a/source/extensions/filters/listener/original_src/original_src.h +++ b/source/extensions/filters/listener/original_src/original_src.h @@ -6,7 +6,6 @@ #include "common/common/logger.h" #include "extensions/filters/listener/original_src/config.h" -#include "extensions/filters/listener/original_src/original_src_socket_option.h" namespace Envoy { namespace Extensions { diff --git a/test/extensions/filters/common/original_src/BUILD b/test/extensions/filters/common/original_src/BUILD new file mode 100644 index 0000000000000..2556dde34cc6c --- /dev/null +++ b/test/extensions/filters/common/original_src/BUILD @@ -0,0 +1,22 @@ +licenses(["notice"]) # Apache 2 + +load( + "//bazel:envoy_build_system.bzl", + "envoy_cc_test", + "envoy_cc_test_library", + "envoy_package", +) + +envoy_package() + +envoy_cc_test( + name = "original_src_socket_option_test", + srcs = ["original_src_socket_option_test.cc"], + deps = [ + "//source/common/network:address_lib", + "//source/extensions/filters/common/original_src:original_src_socket_option_lib", + "//test/mocks:common_lib", + "//test/mocks/network:network_mocks", + "//test/test_common:printers_lib", + ], +) diff --git a/test/extensions/filters/listener/original_src/original_src_socket_option_test.cc b/test/extensions/filters/common/original_src/original_src_socket_option_test.cc similarity index 95% rename from test/extensions/filters/listener/original_src/original_src_socket_option_test.cc rename to test/extensions/filters/common/original_src/original_src_socket_option_test.cc index 1ebdc096af754..9fc29b0aa5263 100644 --- a/test/extensions/filters/listener/original_src/original_src_socket_option_test.cc +++ b/test/extensions/filters/common/original_src/original_src_socket_option_test.cc @@ -2,7 +2,7 @@ #include "common/network/utility.h" -#include "extensions/filters/listener/original_src/original_src_socket_option.h" +#include "extensions/filters/common/original_src/original_src_socket_option.h" #include "test/mocks/common.h" #include "test/mocks/network/mocks.h" @@ -16,7 +16,8 @@ using testing::Eq; namespace Envoy { namespace Extensions { -namespace ListenerFilters { +namespace Filters { +namespace Common { namespace OriginalSrc { namespace { @@ -105,6 +106,7 @@ TEST_F(OriginalSrcSocketOptionTest, TestOptionDetailsNotSupported) { } // namespace } // namespace OriginalSrc -} // namespace ListenerFilters +} // namespace Common +} // namespace Filters } // namespace Extensions } // namespace Envoy diff --git a/test/extensions/filters/http/original_src/BUILD b/test/extensions/filters/http/original_src/BUILD new file mode 100644 index 0000000000000..851df2edd9fe5 --- /dev/null +++ b/test/extensions/filters/http/original_src/BUILD @@ -0,0 +1,53 @@ +licenses(["notice"]) # Apache 2 + +load( + "//bazel:envoy_build_system.bzl", + "envoy_cc_test", + "envoy_package", +) +load( + "//test/extensions:extensions_build_system.bzl", + "envoy_extension_cc_test", +) + +envoy_package() + +envoy_extension_cc_test( + name = "config_test", + srcs = ["config_test.cc"], + extension_name = "envoy.filters.http.original_src", + deps = [ + "//source/extensions/filters/http/original_src:config_lib", + "@envoy_api//envoy/config/filter/http/original_src/v2alpha1:original_src_cc", + ], +) + +envoy_extension_cc_test( + name = "original_src_config_factory_test", + srcs = ["original_src_config_factory_test.cc"], + extension_name = "envoy.filters.http.original_src", + deps = [ + "//source/extensions/filters/http/original_src:config", + "//source/extensions/filters/http/original_src:config_lib", + "//source/extensions/filters/http/original_src:original_src_lib", + "//test/mocks/server:server_mocks", + "@envoy_api//envoy/config/filter/http/original_src/v2alpha1:original_src_cc", + ], +) + +envoy_extension_cc_test( + name = "original_src_test", + srcs = ["original_src_test.cc"], + extension_name = "envoy.filters.http.original_src", + deps = [ + "//source/common/network:socket_option_lib", + "//source/extensions/filters/http/original_src:original_src_lib", + "//test/mocks:common_lib", + "//test/mocks/buffer:buffer_mocks", + "//test/mocks/http:http_mocks", + "//test/mocks/network:network_mocks", + "//test/test_common:printers_lib", + "//test/test_common:utility_lib", + "@envoy_api//envoy/config/filter/http/original_src/v2alpha1:original_src_cc", + ], +) diff --git a/test/extensions/filters/http/original_src/config_test.cc b/test/extensions/filters/http/original_src/config_test.cc new file mode 100644 index 0000000000000..dcfc34f3eeabe --- /dev/null +++ b/test/extensions/filters/http/original_src/config_test.cc @@ -0,0 +1,54 @@ +#include + +#include "envoy/config/filter/http/original_src/v2alpha1/original_src.pb.h" +#include "envoy/config/filter/http/original_src/v2alpha1/original_src.pb.validate.h" + +#include "extensions/filters/http/original_src/config.h" + +#include "gtest/gtest.h" + +namespace Envoy { +namespace Extensions { +namespace HttpFilters { +namespace OriginalSrc { +namespace { + +// In keeping with the class under test, it would have made sense to call this ConfigTest. However, +// when running coverage tests, that conflicts with tests elsewhere in the codebase. +class OriginalSrcHttpConfigTest : public testing::Test { +public: + Config makeConfigFromProto( + const envoy::config::filter::http::original_src::v2alpha1::OriginalSrc& proto_config) { + return Config(proto_config); + } +}; + +TEST_F(OriginalSrcHttpConfigTest, TestUseMark0) { + envoy::config::filter::http::original_src::v2alpha1::OriginalSrc config_proto; + config_proto.set_mark(0); + auto config = makeConfigFromProto(config_proto); + + EXPECT_EQ(config.mark(), 0); +} + +TEST_F(OriginalSrcHttpConfigTest, TestUseMark1234) { + envoy::config::filter::http::original_src::v2alpha1::OriginalSrc config_proto; + config_proto.set_mark(1234); + auto config = makeConfigFromProto(config_proto); + + EXPECT_EQ(config.mark(), 1234); +} + +TEST_F(OriginalSrcHttpConfigTest, TestUseMarkMax) { + envoy::config::filter::http::original_src::v2alpha1::OriginalSrc config_proto; + config_proto.set_mark(std::numeric_limits::max()); + auto config = makeConfigFromProto(config_proto); + + EXPECT_EQ(config.mark(), std::numeric_limits::max()); +} + +} // namespace +} // namespace OriginalSrc +} // namespace HttpFilters +} // namespace Extensions +} // namespace Envoy diff --git a/test/extensions/filters/http/original_src/original_src_config_factory_test.cc b/test/extensions/filters/http/original_src/original_src_config_factory_test.cc new file mode 100644 index 0000000000000..108fcfaa8357f --- /dev/null +++ b/test/extensions/filters/http/original_src/original_src_config_factory_test.cc @@ -0,0 +1,51 @@ +#include "envoy/config/filter/http/original_src/v2alpha1/original_src.pb.h" +#include "envoy/config/filter/http/original_src/v2alpha1/original_src.pb.validate.h" + +#include "extensions/filters/http/original_src/config.h" +#include "extensions/filters/http/original_src/original_src.h" +#include "extensions/filters/http/original_src/original_src_config_factory.h" + +#include "test/mocks/server/mocks.h" + +#include "gmock/gmock.h" +#include "gtest/gtest.h" + +using testing::Invoke; + +namespace Envoy { +namespace Extensions { +namespace HttpFilters { +namespace OriginalSrc { +namespace { + +TEST(OriginalSrcHttpConfigFactoryTest, TestCreateFactory) { + const std::string yaml = R"EOF( + mark: 5 +)EOF"; + + OriginalSrcConfigFactory factory; + ProtobufTypes::MessagePtr proto_config = factory.createEmptyConfigProto(); + MessageUtil::loadFromYaml(yaml, *proto_config); + + Server::Configuration::MockFactoryContext context; + + Http::FilterFactoryCb cb = factory.createFilterFactoryFromProto(*proto_config, "", context); + + Http::MockFilterChainFactoryCallbacks filter_callback; + Http::StreamDecoderFilterSharedPtr added_filter; + EXPECT_CALL(filter_callback, addStreamDecoderFilter(_)) + .WillOnce(Invoke([&added_filter](Http::StreamDecoderFilterSharedPtr filter) { + added_filter = std::move(filter); + })); + + cb(filter_callback); + + // Make sure we actually create the correct type! + EXPECT_NE(dynamic_cast(added_filter.get()), nullptr); +} + +} // namespace +} // namespace OriginalSrc +} // namespace HttpFilters +} // namespace Extensions +} // namespace Envoy diff --git a/test/extensions/filters/http/original_src/original_src_test.cc b/test/extensions/filters/http/original_src/original_src_test.cc new file mode 100644 index 0000000000000..c166824bfab3c --- /dev/null +++ b/test/extensions/filters/http/original_src/original_src_test.cc @@ -0,0 +1,232 @@ +#include "envoy/config/filter/http/original_src/v2alpha1/original_src.pb.h" + +#include "common/network/socket_option_impl.h" +#include "common/network/utility.h" + +#include "extensions/filters/http/original_src/original_src.h" + +#include "test/mocks/buffer/mocks.h" +#include "test/mocks/common.h" +#include "test/mocks/http/mocks.h" +#include "test/mocks/network/mocks.h" +#include "test/test_common/printers.h" +#include "test/test_common/utility.h" + +#include "gmock/gmock.h" +#include "gtest/gtest.h" + +using testing::_; +using testing::Exactly; +using testing::SaveArg; +using testing::StrictMock; + +namespace Envoy { +namespace Extensions { +namespace HttpFilters { +namespace OriginalSrc { +namespace { + +class OriginalSrcHttpTest : public testing::Test { +public: + std::unique_ptr makeDefaultFilter() { + return makeFilterWithCallbacks(callbacks_); + } + + std::unique_ptr + makeFilterWithCallbacks(Http::StreamDecoderFilterCallbacks& callbacks) { + const Config default_config; + auto filter = std::make_unique(default_config); + filter->setDecoderFilterCallbacks(callbacks); + return filter; + } + + std::unique_ptr makeMarkingFilter(uint32_t mark) { + envoy::config::filter::http::original_src::v2alpha1::OriginalSrc proto_config; + proto_config.set_mark(mark); + + const Config config(proto_config); + auto filter = std::make_unique(config); + filter->setDecoderFilterCallbacks(callbacks_); + return filter; + } + + void setAddressToReturn(const std::string& address) { + callbacks_.stream_info_.downstream_remote_address_ = Network::Utility::resolveUrl(address); + } + +protected: + StrictMock buffer_; + NiceMock callbacks_; + NiceMock socket_; + Http::TestHeaderMapImpl headers_; + + absl::optional + findOptionDetails(const Network::Socket::Options& options, Network::SocketOptionName name, + envoy::api::v2::core::SocketOption::SocketState state) { + for (const auto& option : options) { + const auto details = option->getOptionDetails(socket_, state); + if (details.has_value() && details->name_ == name) { + return details; + } + } + + return absl::nullopt; + } +}; + +TEST_F(OriginalSrcHttpTest, OnNonIpAddressDecodeSkips) { + auto filter = makeDefaultFilter(); + setAddressToReturn("unix://domain.socket"); + EXPECT_CALL(callbacks_, addUpstreamSocketOptions(_)).Times(0); + EXPECT_EQ(filter->decodeHeaders(headers_, false), Http::FilterHeadersStatus::Continue); +} + +TEST_F(OriginalSrcHttpTest, DecodeHeadersIpv4AddressAddsOption) { + auto filter = makeDefaultFilter(); + + Network::Socket::OptionsSharedPtr options; + setAddressToReturn("tcp://1.2.3.4:0"); + EXPECT_CALL(callbacks_, addUpstreamSocketOptions(_)).WillOnce(SaveArg<0>(&options)); + + EXPECT_EQ(filter->decodeHeaders(headers_, false), Http::FilterHeadersStatus::Continue); + + NiceMock socket; + EXPECT_CALL(socket, + setLocalAddress(PointeesEq(callbacks_.stream_info_.downstream_remote_address_))); + for (const auto& option : *options) { + option->setOption(socket, envoy::api::v2::core::SocketOption::STATE_PREBIND); + } +} + +TEST_F(OriginalSrcHttpTest, DecodeHeadersIpv4AddressUsesCorrectAddress) { + auto filter = makeDefaultFilter(); + Network::Socket::OptionsSharedPtr options; + setAddressToReturn("tcp://1.2.3.4:0"); + EXPECT_CALL(callbacks_, addUpstreamSocketOptions(_)).WillOnce(SaveArg<0>(&options)); + + filter->decodeHeaders(headers_, false); + std::vector key; + for (const auto& option : *options) { + option->hashKey(key); + } + + std::vector expected_key = {1, 2, 3, 4}; + + EXPECT_EQ(key, expected_key); +} + +TEST_F(OriginalSrcHttpTest, DecodeHeadersIpv4AddressBleachesPort) { + auto filter = makeDefaultFilter(); + Network::Socket::OptionsSharedPtr options; + setAddressToReturn("tcp://1.2.3.4:80"); + EXPECT_CALL(callbacks_, addUpstreamSocketOptions(_)).WillOnce(SaveArg<0>(&options)); + + filter->decodeHeaders(headers_, false); + + NiceMock socket; + const auto expected_address = Network::Utility::parseInternetAddress("1.2.3.4"); + + EXPECT_CALL(socket, setLocalAddress(PointeesEq(expected_address))); + for (const auto& option : *options) { + option->setOption(socket, envoy::api::v2::core::SocketOption::STATE_PREBIND); + } +} + +TEST_F(OriginalSrcHttpTest, FilterAddsTransparentOption) { + if (!ENVOY_SOCKET_IP_TRANSPARENT.has_value()) { + // The option isn't supported on this platform. Just skip the test. + return; + } + + auto filter = makeDefaultFilter(); + Network::Socket::OptionsSharedPtr options; + setAddressToReturn("tcp://1.2.3.4:80"); + EXPECT_CALL(callbacks_, addUpstreamSocketOptions(_)).WillOnce(SaveArg<0>(&options)); + + filter->decodeHeaders(headers_, false); + + const auto transparent_option = findOptionDetails( + *options, ENVOY_SOCKET_IP_TRANSPARENT, envoy::api::v2::core::SocketOption::STATE_PREBIND); + + EXPECT_TRUE(transparent_option.has_value()); +} + +TEST_F(OriginalSrcHttpTest, FilterAddsMarkOption) { + if (!ENVOY_SOCKET_SO_MARK.has_value()) { + // The option isn't supported on this platform. Just skip the test. + return; + } + + auto filter = makeMarkingFilter(1234); + Network::Socket::OptionsSharedPtr options; + setAddressToReturn("tcp://1.2.3.4:80"); + EXPECT_CALL(callbacks_, addUpstreamSocketOptions(_)).WillOnce(SaveArg<0>(&options)); + + filter->decodeHeaders(headers_, false); + + const auto mark_option = findOptionDetails(*options, ENVOY_SOCKET_SO_MARK, + envoy::api::v2::core::SocketOption::STATE_PREBIND); + + ASSERT_TRUE(mark_option.has_value()); + uint32_t value = 1234; + absl::string_view value_as_bstr(reinterpret_cast(&value), sizeof(value)); + EXPECT_EQ(value_as_bstr, mark_option->value_); +} + +TEST_F(OriginalSrcHttpTest, Mark0NotAdded) { + if (!ENVOY_SOCKET_SO_MARK.has_value()) { + // The option isn't supported on this platform. Just skip the test. + return; + } + + auto filter = makeMarkingFilter(0); + Network::Socket::OptionsSharedPtr options; + setAddressToReturn("tcp://1.2.3.4:80"); + EXPECT_CALL(callbacks_, addUpstreamSocketOptions(_)).WillOnce(SaveArg<0>(&options)); + + filter->decodeHeaders(headers_, false); + + const auto mark_option = findOptionDetails(*options, ENVOY_SOCKET_SO_MARK, + envoy::api::v2::core::SocketOption::STATE_PREBIND); + + ASSERT_FALSE(mark_option.has_value()); +} + +TEST_F(OriginalSrcHttpTest, TrailersAndDataEndStreamDoNothing) { + // Use a strict mock to show that decodeData and decodeTrailers do nothing to the callback. + StrictMock callbacks; + auto filter = makeFilterWithCallbacks(callbacks); + + // This will be invoked in decodeHeaders. + EXPECT_CALL(callbacks, addUpstreamSocketOptions(_)); + EXPECT_CALL(callbacks, streamInfo()); + callbacks.stream_info_.downstream_remote_address_ = + Network::Utility::parseInternetAddress("1.2.3.4"); + filter->decodeHeaders(headers_, true); + + // No new expectations => no side effects from calling these. + EXPECT_EQ(Http::FilterDataStatus::Continue, filter->decodeData(buffer_, true)); + EXPECT_EQ(Http::FilterTrailersStatus::Continue, filter->decodeTrailers(headers_)); +} + +TEST_F(OriginalSrcHttpTest, TrailersAndDataNotEndStreamDoNothing) { + // Use a strict mock to show that decodeData and decodeTrailers do nothing to the callback. + StrictMock callbacks; + auto filter = makeFilterWithCallbacks(callbacks); + + // This will be invoked in decodeHeaders. + EXPECT_CALL(callbacks, addUpstreamSocketOptions(_)); + EXPECT_CALL(callbacks, streamInfo()); + callbacks.stream_info_.downstream_remote_address_ = + Network::Utility::parseInternetAddress("1.2.3.4"); + filter->decodeHeaders(headers_, false); + + // No new expectations => no side effects from calling these. + EXPECT_EQ(Http::FilterDataStatus::Continue, filter->decodeData(buffer_, false)); + EXPECT_EQ(Http::FilterTrailersStatus::Continue, filter->decodeTrailers(headers_)); +} +} // namespace +} // namespace OriginalSrc +} // namespace HttpFilters +} // namespace Extensions +} // namespace Envoy diff --git a/test/extensions/filters/listener/original_src/BUILD b/test/extensions/filters/listener/original_src/BUILD index 2b522a9f33d76..9a43087b8efa3 100644 --- a/test/extensions/filters/listener/original_src/BUILD +++ b/test/extensions/filters/listener/original_src/BUILD @@ -49,16 +49,3 @@ envoy_extension_cc_test( "@envoy_api//envoy/config/filter/listener/original_src/v2alpha1:original_src_cc", ], ) - -envoy_extension_cc_test( - name = "original_src_socket_option_test", - srcs = ["original_src_socket_option_test.cc"], - extension_name = "envoy.filters.listener.original_src", - deps = [ - "//source/common/network:address_lib", - "//source/extensions/filters/listener/original_src:original_src_socket_option_lib", - "//test/mocks:common_lib", - "//test/mocks/network:network_mocks", - "//test/test_common:printers_lib", - ], -) diff --git a/test/extensions/filters/listener/original_src/original_src_test.cc b/test/extensions/filters/listener/original_src/original_src_test.cc index 2da95ec8685db..ffed37e4855ca 100644 --- a/test/extensions/filters/listener/original_src/original_src_test.cc +++ b/test/extensions/filters/listener/original_src/original_src_test.cc @@ -4,7 +4,6 @@ #include "common/network/utility.h" #include "extensions/filters/listener/original_src/original_src.h" -#include "extensions/filters/listener/original_src/original_src_socket_option.h" #include "test/mocks/buffer/mocks.h" #include "test/mocks/common.h"