.. _envoy_v3_api_file_envoy/extensions/matching/common_inputs/network/v3/network_inputs.proto: Common network matching inputs (proto) ====================================== .. _envoy_v3_api_msg_extensions.matching.common_inputs.network.v3.DestinationIPInput: extensions.matching.common_inputs.network.v3.DestinationIPInput --------------------------------------------------------------- :repo:`[extensions.matching.common_inputs.network.v3.DestinationIPInput proto] ` Specifies that matching should be performed by the destination IP address. .. _extension_envoy.matching.inputs.destination_ip: This extension has the qualified name ``envoy.matching.inputs.destination_ip`` .. note:: This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted. .. tip:: This extension extends and can be used with the following extension categories: - :ref:`envoy.matching.http.input ` - :ref:`envoy.matching.network.input ` This extension must be configured with one of the following type URLs: - :ref:`type.googleapis.com/envoy.extensions.matching.common_inputs.network.v3.DestinationIPInput ` .. _envoy_v3_api_msg_extensions.matching.common_inputs.network.v3.DestinationPortInput: extensions.matching.common_inputs.network.v3.DestinationPortInput ----------------------------------------------------------------- :repo:`[extensions.matching.common_inputs.network.v3.DestinationPortInput proto] ` Specifies that matching should be performed by the destination port. .. _extension_envoy.matching.inputs.destination_port: This extension has the qualified name ``envoy.matching.inputs.destination_port`` .. note:: This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted. .. tip:: This extension extends and can be used with the following extension categories: - :ref:`envoy.matching.http.input ` - :ref:`envoy.matching.network.input ` This extension must be configured with one of the following type URLs: - :ref:`type.googleapis.com/envoy.extensions.matching.common_inputs.network.v3.DestinationPortInput ` .. _envoy_v3_api_msg_extensions.matching.common_inputs.network.v3.SourceIPInput: extensions.matching.common_inputs.network.v3.SourceIPInput ---------------------------------------------------------- :repo:`[extensions.matching.common_inputs.network.v3.SourceIPInput proto] ` Specifies that matching should be performed by the source IP address. .. _extension_envoy.matching.inputs.source_ip: This extension has the qualified name ``envoy.matching.inputs.source_ip`` .. note:: This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted. .. tip:: This extension extends and can be used with the following extension categories: - :ref:`envoy.matching.http.input ` - :ref:`envoy.matching.network.input ` This extension must be configured with one of the following type URLs: - :ref:`type.googleapis.com/envoy.extensions.matching.common_inputs.network.v3.SourceIPInput ` .. _envoy_v3_api_msg_extensions.matching.common_inputs.network.v3.SourcePortInput: extensions.matching.common_inputs.network.v3.SourcePortInput ------------------------------------------------------------ :repo:`[extensions.matching.common_inputs.network.v3.SourcePortInput proto] ` Specifies that matching should be performed by the source port. .. _extension_envoy.matching.inputs.source_port: This extension has the qualified name ``envoy.matching.inputs.source_port`` .. note:: This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted. .. tip:: This extension extends and can be used with the following extension categories: - :ref:`envoy.matching.http.input ` - :ref:`envoy.matching.network.input ` This extension must be configured with one of the following type URLs: - :ref:`type.googleapis.com/envoy.extensions.matching.common_inputs.network.v3.SourcePortInput ` .. _envoy_v3_api_msg_extensions.matching.common_inputs.network.v3.DirectSourceIPInput: extensions.matching.common_inputs.network.v3.DirectSourceIPInput ---------------------------------------------------------------- :repo:`[extensions.matching.common_inputs.network.v3.DirectSourceIPInput proto] ` Input that matches by the directly connected source IP address (this will only be different from the source IP address when using a listener filter that overrides the source address, such as the :ref:`Proxy Protocol listener filter `). .. _extension_envoy.matching.inputs.direct_source_ip: This extension has the qualified name ``envoy.matching.inputs.direct_source_ip`` .. note:: This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted. .. tip:: This extension extends and can be used with the following extension categories: - :ref:`envoy.matching.http.input ` - :ref:`envoy.matching.network.input ` This extension must be configured with one of the following type URLs: - :ref:`type.googleapis.com/envoy.extensions.matching.common_inputs.network.v3.DirectSourceIPInput ` .. _envoy_v3_api_msg_extensions.matching.common_inputs.network.v3.SourceTypeInput: extensions.matching.common_inputs.network.v3.SourceTypeInput ------------------------------------------------------------ :repo:`[extensions.matching.common_inputs.network.v3.SourceTypeInput proto] ` Input that matches by the source IP type. Specifies the source IP match type. The values include: * ``local`` - matches a connection originating from the same host, .. _extension_envoy.matching.inputs.source_type: This extension has the qualified name ``envoy.matching.inputs.source_type`` .. note:: This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted. .. tip:: This extension extends and can be used with the following extension categories: - :ref:`envoy.matching.http.input ` - :ref:`envoy.matching.network.input ` This extension must be configured with one of the following type URLs: - :ref:`type.googleapis.com/envoy.extensions.matching.common_inputs.network.v3.SourceTypeInput ` .. _envoy_v3_api_msg_extensions.matching.common_inputs.network.v3.ServerNameInput: extensions.matching.common_inputs.network.v3.ServerNameInput ------------------------------------------------------------ :repo:`[extensions.matching.common_inputs.network.v3.ServerNameInput proto] ` Input that matches by the requested server name (e.g. SNI in TLS). :ref:`TLS Inspector ` provides the requested server name based on SNI, when TLS protocol is detected. .. _extension_envoy.matching.inputs.server_name: This extension has the qualified name ``envoy.matching.inputs.server_name`` .. note:: This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted. .. tip:: This extension extends and can be used with the following extension categories: - :ref:`envoy.matching.http.input ` - :ref:`envoy.matching.network.input ` This extension must be configured with one of the following type URLs: - :ref:`type.googleapis.com/envoy.extensions.matching.common_inputs.network.v3.ServerNameInput ` .. _envoy_v3_api_msg_extensions.matching.common_inputs.network.v3.TransportProtocolInput: extensions.matching.common_inputs.network.v3.TransportProtocolInput ------------------------------------------------------------------- :repo:`[extensions.matching.common_inputs.network.v3.TransportProtocolInput proto] ` Input that matches by the transport protocol. Suggested values include: * ``raw_buffer`` - default, used when no transport protocol is detected, * ``tls`` - set by :ref:`envoy.filters.listener.tls_inspector ` when TLS protocol is detected. .. _extension_envoy.matching.inputs.transport_protocol: This extension has the qualified name ``envoy.matching.inputs.transport_protocol`` .. note:: This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted. .. tip:: This extension extends and can be used with the following extension category: - :ref:`envoy.matching.network.input ` This extension must be configured with one of the following type URLs: - :ref:`type.googleapis.com/envoy.extensions.matching.common_inputs.network.v3.TransportProtocolInput ` .. _envoy_v3_api_msg_extensions.matching.common_inputs.network.v3.ApplicationProtocolInput: extensions.matching.common_inputs.network.v3.ApplicationProtocolInput --------------------------------------------------------------------- :repo:`[extensions.matching.common_inputs.network.v3.ApplicationProtocolInput proto] ` List of quoted and comma-separated requested application protocols. The list consists of a single negotiated application protocol once the network stream is established. Examples: * ``'h2','http/1.1'`` * ``'h2c'`` Suggested values in the list include: * ``http/1.1`` - set by :ref:`envoy.filters.listener.tls_inspector ` and :ref:`envoy.filters.listener.http_inspector `, * ``h2`` - set by :ref:`envoy.filters.listener.tls_inspector ` * ``h2c`` - set by :ref:`envoy.filters.listener.http_inspector ` .. attention:: Currently, :ref:`TLS Inspector ` provides application protocol detection based on the requested `ALPN `_ values. However, the use of ALPN is pretty much limited to the HTTP/2 traffic on the Internet, and matching on values other than ``h2`` is going to lead to a lot of false negatives, unless all connecting clients are known to use ALPN. .. _extension_envoy.matching.inputs.application_protocol: This extension has the qualified name ``envoy.matching.inputs.application_protocol`` .. note:: This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted. .. tip:: This extension extends and can be used with the following extension category: - :ref:`envoy.matching.network.input ` This extension must be configured with one of the following type URLs: - :ref:`type.googleapis.com/envoy.extensions.matching.common_inputs.network.v3.ApplicationProtocolInput ` .. _envoy_v3_api_msg_extensions.matching.common_inputs.network.v3.FilterStateInput: extensions.matching.common_inputs.network.v3.FilterStateInput ------------------------------------------------------------- :repo:`[extensions.matching.common_inputs.network.v3.FilterStateInput proto] ` Input that matches by a specific filter state key. The value of the provided filter state key will be the raw string representation of the filter state object .. _extension_envoy.matching.inputs.filter_state: This extension has the qualified name ``envoy.matching.inputs.filter_state`` .. note:: This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted. .. tip:: This extension extends and can be used with the following extension categories: - :ref:`envoy.matching.http.input ` - :ref:`envoy.matching.network.input ` This extension must be configured with one of the following type URLs: - :ref:`type.googleapis.com/envoy.extensions.matching.common_inputs.network.v3.FilterStateInput ` .. code-block:: json :force: { "key": ... } .. _envoy_v3_api_field_extensions.matching.common_inputs.network.v3.FilterStateInput.key: key (`string `_, *REQUIRED*)