envoyproxy · adisuissa · Jun 1, 2022 · May 3, 2022 · May 3, 2022 · May 8, 2022
diff --git a/envoy/filter/config_provider_manager.h b/envoy/filter/config_provider_manager.h
@@ -19,6 +19,10 @@ using DynamicFilterConfigProvider = Envoy::Config::DynamicExtensionConfigProvide
 template <class FactoryCb>
 using DynamicFilterConfigProviderPtr = std::unique_ptr<DynamicFilterConfigProvider<FactoryCb>>;
 
+// Listener filter config provider aliases
+using ListenerFilterFactoriesList =
+    std::vector<FilterConfigProviderPtr<Network::ListenerFilterFactoryCb>>;
+
 /**
  * The FilterConfigProviderManager exposes the ability to get an FilterConfigProvider
  * for both static and dynamic filter config providers.
@@ -37,12 +41,15 @@ template <class FactoryCb, class FactoryCtx> class FilterConfigProviderManager {
    * @param last_filter_in_filter_chain indicates whether this filter is the last filter in the
    * configured chain
    * @param filter_chain_type is the filter chain type
+   * @param listener_filter_matcher is the filter matcher for TCP listener filter. nullptr for other
+   * filter types.
    */
   virtual DynamicFilterConfigProviderPtr<FactoryCb> createDynamicFilterConfigProvider(
       const envoy::config::core::v3::ExtensionConfigSource& config_source,
       const std::string& filter_config_name, FactoryCtx& factory_context,
       const std::string& stat_prefix, bool last_filter_in_filter_chain,
-      const std::string& filter_chain_type) PURE;
+      const std::string& filter_chain_type,
+      const Network::ListenerFilterMatcherSharedPtr& listener_filter_matcher) PURE;
 
   /**
    * Get an FilterConfigProviderPtr for a statically inlined filter config.

diff --git a/envoy/server/BUILD b/envoy/server/BUILD
@@ -248,6 +248,7 @@ envoy_cc_library(
         ":drain_manager_interface",
         ":filter_config_interface",
         ":guarddog_interface",
+        "//envoy/filter:config_provider_manager_interface",
         "//envoy/network:filter_interface",
         "//envoy/network:listen_socket_interface",
         "//envoy/network:socket_interface_interface",

diff --git a/envoy/server/listener_manager.h b/envoy/server/listener_manager.h
@@ -6,6 +6,7 @@
 #include "envoy/config/core/v3/config_source.pb.h"
 #include "envoy/config/listener/v3/listener.pb.h"
 #include "envoy/config/listener/v3/listener_components.pb.h"
+#include "envoy/filter/config_provider_manager.h"
 #include "envoy/network/filter.h"
 #include "envoy/network/listen_socket.h"
 #include "envoy/network/listener.h"
@@ -88,9 +89,9 @@ class ListenerComponentFactory {
    * Creates a list of listener filter factories.
    * @param filters supplies the JSON configuration.
    * @param context supplies the factory creation context.
-   * @return std::vector<Network::ListenerFilterFactoryCb> the list of filter factories.
+   * @return ListenerFilterFactoriesList the list of filter factories.
    */
-  virtual std::vector<Network::ListenerFilterFactoryCb> createListenerFilterFactoryList(
+  virtual Filter::ListenerFilterFactoriesList createListenerFilterFactoryList(
       const Protobuf::RepeatedPtrField<envoy::config::listener::v3::ListenerFilter>& filters,
       Configuration::ListenerFactoryContext& context) PURE;
 

diff --git a/source/common/filter/config_discovery_impl.h b/source/common/filter/config_discovery_impl.h
@@ -169,7 +169,8 @@ class HttpDynamicFilterConfigProviderImpl
                                       ProtobufTypes::MessagePtr&& default_config,
                                       bool last_filter_in_filter_chain,
                                       const std::string& filter_chain_type,
-                                      absl::string_view stat_prefix)
+                                      absl::string_view stat_prefix,
+                                      const Network::ListenerFilterMatcherSharedPtr&)
       : DynamicFilterConfigProviderImpl(subscription, require_type_urls, factory_context,
                                         std::move(default_config), last_filter_in_filter_chain,
                                         filter_chain_type, stat_prefix),
@@ -203,17 +204,19 @@ class ListenerDynamicFilterConfigProviderImpl : public DynamicFilterConfigProvid
       const absl::flat_hash_set<std::string>& require_type_urls,
       Server::Configuration::ListenerFactoryContext& factory_context,
       ProtobufTypes::MessagePtr&& default_config, bool last_filter_in_filter_chain,
-      const std::string& filter_chain_type, absl::string_view stat_prefix)
+      const std::string& filter_chain_type, absl::string_view stat_prefix,
+      const Network::ListenerFilterMatcherSharedPtr& listener_filter_matcher)
       : DynamicFilterConfigProviderImpl<FactoryCb>(
             subscription, require_type_urls, factory_context, std::move(default_config),
             last_filter_in_filter_chain, filter_chain_type, stat_prefix),
-        factory_context_(factory_context) {}
+        factory_context_(factory_context), listener_filter_matcher_(listener_filter_matcher) {}
 
   void validateMessage(const std::string&, const Protobuf::Message&,
                        const std::string&) const override {}
 
 protected:
   Server::Configuration::ListenerFactoryContext& factory_context_;
+  const Network::ListenerFilterMatcherSharedPtr listener_filter_matcher_;
 };
 
 class TcpListenerDynamicFilterConfigProviderImpl
@@ -227,8 +230,8 @@ class TcpListenerDynamicFilterConfigProviderImpl
     auto* factory =
         Registry::FactoryRegistry<Server::Configuration::NamedListenerFilterConfigFactory>::
             getFactoryByType(message.GetTypeName());
-    // TODO(yanjunxiang): Change nullptr to actual listener filter matcher.
-    return factory->createListenerFilterFactoryFromProto(message, nullptr, factory_context_);
+    return factory->createListenerFilterFactoryFromProto(message, listener_filter_matcher_,
+                                                         factory_context_);
   }
 };
 
@@ -385,7 +388,8 @@ class FilterConfigProviderManagerImpl : public FilterConfigProviderManagerImplBa
       const envoy::config::core::v3::ExtensionConfigSource& config_source,
       const std::string& filter_config_name, FactoryCtx& factory_context,
       const std::string& stat_prefix, bool last_filter_in_filter_chain,
-      const std::string& filter_chain_type) override {
+      const std::string& filter_chain_type,
+      const Network::ListenerFilterMatcherSharedPtr& listener_filter_matcher) override {
     std::string subscription_stat_prefix;
     absl::string_view provider_stat_prefix;
     if (Runtime::runtimeFeatureEnabled("envoy.reloadable_features.top_level_ecds_stats")) {
@@ -419,9 +423,10 @@ class FilterConfigProviderManagerImpl : public FilterConfigProviderManagerImplBa
                            last_filter_in_filter_chain, filter_chain_type, require_type_urls);
     }
 
-    auto provider = createFilterConfigProviderImpl(
-        subscription, require_type_urls, factory_context, std::move(default_config),
-        last_filter_in_filter_chain, filter_chain_type, provider_stat_prefix);
+    auto provider = createFilterConfigProviderImpl(subscription, require_type_urls, factory_context,
+                                                   std::move(default_config),
+                                                   last_filter_in_filter_chain, filter_chain_type,
+                                                   provider_stat_prefix, listener_filter_matcher);
 
     // Ensure the subscription starts if it has not already.
     if (config_source.apply_default_config_without_warming()) {
@@ -461,7 +466,7 @@ class FilterConfigProviderManagerImpl : public FilterConfigProviderManagerImplBa
                    const absl::flat_hash_set<std::string>& require_type_urls) const {
     auto* default_factory = Config::Utility::getFactoryByType<Factory>(proto_config);
     validateProtoConfigDefaultFactory(default_factory == nullptr, filter_config_name,
-                                      proto_config.type_url());
+                                      std::string(proto_config.type_url()));
     validateProtoConfigTypeUrl(Config::Utility::getFactoryType(proto_config), require_type_urls);
     ProtobufTypes::MessagePtr message = Config::Utility::translateAnyToFactoryConfig(
         proto_config, factory_context.messageValidationVisitor(), *default_factory);
@@ -476,10 +481,11 @@ class FilterConfigProviderManagerImpl : public FilterConfigProviderManagerImplBa
       FilterConfigSubscriptionSharedPtr& subscription,
       const absl::flat_hash_set<std::string>& require_type_urls, FactoryCtx& factory_context,
       ProtobufTypes::MessagePtr&& default_config, bool last_filter_in_filter_chain,
-      const std::string& filter_chain_type, absl::string_view stat_prefix) {
+      const std::string& filter_chain_type, absl::string_view stat_prefix,
+      const Network::ListenerFilterMatcherSharedPtr& listener_filter_matcher) {
     return std::make_unique<DynamicFilterConfigImpl>(
         subscription, require_type_urls, factory_context, std::move(default_config),
-        last_filter_in_filter_chain, filter_chain_type, stat_prefix);
+        last_filter_in_filter_chain, filter_chain_type, stat_prefix, listener_filter_matcher);
   }
 };
 

@@ -683,7 +683,7 @@ void HttpConnectionManagerConfig::processDynamicFilterConfig(
 
   auto filter_config_provider = filter_config_provider_manager_.createDynamicFilterConfigProvider(
       config_discovery, name, context_, stats_prefix_, last_filter_in_current_config,
-      filter_chain_type);
+      filter_chain_type, nullptr);
   filter_factories.push_back(std::move(filter_config_provider));
 }
 

diff --git a/source/server/BUILD b/source/server/BUILD
@@ -32,6 +32,7 @@ envoy_cc_library(
     hdrs = ["configuration_impl.h"],
     deps = [
         "//envoy/config:typed_config_interface",
+        "//envoy/filter:config_provider_manager_interface",
         "//envoy/http:filter_interface",
         "//envoy/network:connection_interface",
         "//envoy/network:filter_interface",

diff --git a/source/server/config_validation/server.cc b/source/server/config_validation/server.cc
@@ -42,9 +42,10 @@ ValidationInstance::ValidationInstance(
     const Network::Address::InstanceConstSharedPtr& local_address, Stats::IsolatedStoreImpl& store,
     Thread::BasicLockable& access_log_lock, ComponentFactory& component_factory,
     Thread::ThreadFactory& thread_factory, Filesystem::Instance& file_system)
-    : options_(options), validation_context_(options_.allowUnknownStaticFields(),
-                                             !options.rejectUnknownDynamicFields(),
-                                             !options.ignoreUnknownDynamicFields()),
+    : ProdListenerComponentFactory(*dynamic_cast<Server::Instance*>(this)), options_(options),
+      validation_context_(options_.allowUnknownStaticFields(),
+                          !options.rejectUnknownDynamicFields(),
+                          !options.ignoreUnknownDynamicFields()),
       stats_store_(store),
       api_(new Api::ValidationImpl(thread_factory, store, time_system, file_system,
                                    random_generator_, bootstrap_)),
@@ -59,8 +60,8 @@ ValidationInstance::ValidationInstance(
   TRY_ASSERT_MAIN_THREAD { initialize(options, local_address, component_factory); }
   END_TRY
   catch (const EnvoyException& e) {
-    ENVOY_LOG(critical, "error initializing configuration '{}': {}", options.configPath(),
-              e.what());
+    ENVOY_LOG_MISC(critical, "error initializing configuration '{}': {}", options.configPath(),
+                   e.what());
     shutdown();
     throw;
   }

diff --git a/source/server/config_validation/server.h b/source/server/config_validation/server.h
@@ -60,7 +60,7 @@ bool validateConfig(const Options& options,
  */
 class ValidationInstance final : Logger::Loggable<Logger::Id::main>,
                                  public Instance,
-                                 public ListenerComponentFactory,
+                                 public ProdListenerComponentFactory,
                                  public ServerLifecycleNotifier,
                                  public WorkerFactory {
 public:
@@ -145,18 +145,22 @@ class ValidationInstance final : Logger::Loggable<Logger::Id::main>,
   std::vector<Network::FilterFactoryCb> createNetworkFilterFactoryList(
       const Protobuf::RepeatedPtrField<envoy::config::listener::v3::Filter>& filters,
       Server::Configuration::FilterChainFactoryContext& filter_chain_factory_context) override {
-    return ProdListenerComponentFactory::createNetworkFilterFactoryList_(
+    return ProdListenerComponentFactory::createNetworkFilterFactoryListImpl(
         filters, filter_chain_factory_context);
   }
-  std::vector<Network::ListenerFilterFactoryCb> createListenerFilterFactoryList(
+  Filter::ListenerFilterFactoriesList createListenerFilterFactoryList(
       const Protobuf::RepeatedPtrField<envoy::config::listener::v3::ListenerFilter>& filters,
       Configuration::ListenerFactoryContext& context) override {
-    return ProdListenerComponentFactory::createListenerFilterFactoryList_(filters, context);
+    ProdListenerComponentFactory* listener_component =
+        dynamic_cast<ProdListenerComponentFactory*>(&listener_manager_->factory_);
+    auto& cfg_provider_manager = listener_component->getTcpListenerConfigProviderManager();
+    return ProdListenerComponentFactory::createListenerFilterFactoryListImpl(filters, context,
+                                                                             cfg_provider_manager);
   }
   std::vector<Network::UdpListenerFilterFactoryCb> createUdpListenerFilterFactoryList(
       const Protobuf::RepeatedPtrField<envoy::config::listener::v3::ListenerFilter>& filters,
       Configuration::ListenerFactoryContext& context) override {
-    return ProdListenerComponentFactory::createUdpListenerFilterFactoryList_(filters, context);
+    return ProdListenerComponentFactory::createUdpListenerFilterFactoryListImpl(filters, context);
   }
   Network::SocketSharedPtr
   createListenSocket(Network::Address::InstanceConstSharedPtr, Network::Socket::Type,

diff --git a/source/server/configuration_impl.cc b/source/server/configuration_impl.cc
@@ -38,11 +38,44 @@ bool FilterChainUtility::buildFilterChain(Network::FilterManager& filter_manager
   return filter_manager.initializeReadFilters();
 }
 
-bool FilterChainUtility::buildFilterChain(
-    Network::ListenerFilterManager& filter_manager,
-    const std::vector<Network::ListenerFilterFactoryCb>& factories) {
-  for (const Network::ListenerFilterFactoryCb& factory : factories) {
-    factory(filter_manager);
+class MissingConfigTcpListenerFilter : public Network::ListenerFilter,
+                                       public Logger::Loggable<Logger::Id::filter> {
+public:
+  MissingConfigTcpListenerFilter() = default;
+
+  // Network::ListenerFilter
+  Network::FilterStatus onAccept(Network::ListenerFilterCallbacks& cb) override {
+    ENVOY_LOG(warn, "Listener filter: new connection accepted while missing configuration. "
+                    "Close socket and stop the iteration onAccept.");
+    cb.socket().ioHandle().close();
+    return Network::FilterStatus::StopIteration;
+  }
+  Network::FilterStatus onData(Network::ListenerFilterBuffer&) override {
+    // The socket is already closed onAccept. Just return StopIteration here.
+    return Network::FilterStatus::StopIteration;
+  }
+  size_t maxReadBytes() const override { return 0; }
+};
+
+bool FilterChainUtility::buildFilterChain(Network::ListenerFilterManager& filter_manager,
+                                          const Filter::ListenerFilterFactoriesList& factories) {
+  bool added_missing_config_filter = false;
+  for (const auto& filter_config_provider : factories) {
+    auto config = filter_config_provider->config();
+    if (config.has_value()) {
+      auto config_value = config.value();
+      config_value(filter_manager);
+      continue;
+    }
+    // If a filter config is missing after warming, stop iteration.
+    if (!added_missing_config_filter) {
+      ENVOY_LOG_MISC(trace, "Missing filter config for a provider {}",
+                     filter_config_provider->name());
+      filter_manager.addAcceptFilter(nullptr, std::make_unique<MissingConfigTcpListenerFilter>());
+      added_missing_config_filter = true;
+    } else {
+      ENVOY_LOG_MISC(trace, "Provider {} missing a filter config", filter_config_provider->name());
+    }
   }
 
   return true;

diff --git a/source/server/configuration_impl.h b/source/server/configuration_impl.h
@@ -11,6 +11,7 @@
 #include "envoy/config/bootstrap/v3/bootstrap.pb.h"
 #include "envoy/config/trace/v3/http_tracer.pb.h"
 #include "envoy/config/typed_config.h"
+#include "envoy/filter/config_provider_manager.h"
 #include "envoy/http/filter.h"
 #include "envoy/network/filter.h"
 #include "envoy/server/configuration.h"
@@ -81,7 +82,7 @@ class FilterChainUtility {
    * TODO(sumukhs): Coalesce with the above as they are very similar
    */
   static bool buildFilterChain(Network::ListenerFilterManager& filter_manager,
-                               const std::vector<Network::ListenerFilterFactoryCb>& factories);
+                               const Filter::ListenerFilterFactoriesList& factories);
 
   /**
    * Given a UdpListenerFilterManager and a list of factories, create a new filter chain. Chain

diff --git a/source/server/listener_impl.cc b/source/server/listener_impl.cc
@@ -701,9 +701,14 @@ void ListenerImpl::buildOriginalDstListenerFilter() {
         Config::Utility::getAndCheckFactoryByName<Configuration::NamedListenerFilterConfigFactory>(
             "envoy.filters.listener.original_dst");
 
-    listener_filter_factories_.push_back(factory.createListenerFilterFactoryFromProto(
-        Envoy::ProtobufWkt::Empty(),
-        /*listener_filter_matcher=*/nullptr, *listener_factory_context_));
+    Network::ListenerFilterFactoryCb callback = factory.createListenerFilterFactoryFromProto(
+        Envoy::ProtobufWkt::Empty(), nullptr, *listener_factory_context_);
+    ProdListenerComponentFactory* listener_component =
+        dynamic_cast<ProdListenerComponentFactory*>(&parent_.factory_);
+    auto& cfg_provider_manager = listener_component->getTcpListenerConfigProviderManager();
+    auto filter_config_provider = cfg_provider_manager.createStaticFilterConfigProvider(
+        callback, "envoy.filters.listener.original_dst");
+    listener_filter_factories_.push_back(std::move(filter_config_provider));
   }
 }
 
@@ -716,9 +721,16 @@ void ListenerImpl::buildProxyProtocolListenerFilter() {
     auto& factory =
         Config::Utility::getAndCheckFactoryByName<Configuration::NamedListenerFilterConfigFactory>(
             "envoy.filters.listener.proxy_protocol");
-    listener_filter_factories_.push_back(factory.createListenerFilterFactoryFromProto(
-        envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol(),
-        /*listener_filter_matcher=*/nullptr, *listener_factory_context_));
+
+    Network::ListenerFilterFactoryCb callback = factory.createListenerFilterFactoryFromProto(
+        envoy::extensions::filters::listener::proxy_protocol::v3::ProxyProtocol(), nullptr,
+        *listener_factory_context_);
+    ProdListenerComponentFactory* listener_component =
+        dynamic_cast<ProdListenerComponentFactory*>(&parent_.factory_);
+    auto& cfg_provider_manager = listener_component->getTcpListenerConfigProviderManager();
+    auto filter_config_provider = cfg_provider_manager.createStaticFilterConfigProvider(
+        callback, "envoy.filters.listener.proxy_protocol");
+    listener_filter_factories_.push_back(std::move(filter_config_provider));
   }
 }
 

diff --git a/source/server/listener_impl.h b/source/server/listener_impl.h
@@ -6,6 +6,7 @@
 #include "envoy/config/core/v3/base.pb.h"
 #include "envoy/config/listener/v3/listener.pb.h"
 #include "envoy/config/typed_metadata.h"
+#include "envoy/filter/config_provider_manager.h"
 #include "envoy/network/drain_decision.h"
 #include "envoy/network/filter.h"
 #include "envoy/network/listener.h"
@@ -438,7 +439,7 @@ class ListenerImpl final : public Network::ListenerConfig,
   // RdsRouteConfigSubscription::init_target_, so the listener can wait for route configs.
   std::unique_ptr<Init::Manager> dynamic_init_manager_;
 
-  std::vector<Network::ListenerFilterFactoryCb> listener_filter_factories_;
+  Filter::ListenerFilterFactoriesList listener_filter_factories_;
   std::vector<Network::UdpListenerFilterFactoryCb> udp_listener_filter_factories_;
   std::vector<AccessLog::InstanceSharedPtr> access_logs_;
   const envoy::config::listener::v3::Listener config_;