Original Src Filter¶
This extension may be referenced by the qualified name envoy.filters.listener.original_src
Note
This extension is functional but has not had substantial production burn time, use only with this caveat.
This extension is intended to be robust against untrusted downstream traffic. It assumes that the upstream is trusted.
Use the Original source address on upstream connections.
config.filter.listener.original_src.v2alpha1.OriginalSrc¶
[config.filter.listener.original_src.v2alpha1.OriginalSrc proto]
The Original Src filter binds upstream connections to the original source address determined for the connection. This address could come from something like the Proxy Protocol filter, or it could come from trusted http headers.
{
"mark": "..."
}
- mark
(uint32) Sets the SO_MARK option on the upstream connection’s socket to the provided value. Used to ensure that non-local addresses may be routed back through envoy when binding to the original source address. The option will not be applied if the mark is 0.