.. _envoy_v3_api_file_envoy/extensions/matching/common_inputs/network/v3/network_inputs.proto: Common Network Matching Inputs ============================== .. _envoy_v3_api_msg_extensions.matching.common_inputs.network.v3.DestinationIPInput: extensions.matching.common_inputs.network.v3.DestinationIPInput --------------------------------------------------------------- :repo:`[extensions.matching.common_inputs.network.v3.DestinationIPInput proto] ` Specifies that matching should be performed by the destination IP address. .. _extension_envoy.matching.inputs.destination_ip: This extension may be referenced by the qualified name ``envoy.matching.inputs.destination_ip`` .. note:: This extension is functional but has not had substantial production burn time, use only with this caveat. This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted. .. tip:: This extension extends and can be used with the following extension category: - :ref:`envoy.matching.network.input ` .. _envoy_v3_api_msg_extensions.matching.common_inputs.network.v3.DestinationPortInput: extensions.matching.common_inputs.network.v3.DestinationPortInput ----------------------------------------------------------------- :repo:`[extensions.matching.common_inputs.network.v3.DestinationPortInput proto] ` Specifies that matching should be performed by the destination port. .. _extension_envoy.matching.inputs.destination_port: This extension may be referenced by the qualified name ``envoy.matching.inputs.destination_port`` .. note:: This extension is functional but has not had substantial production burn time, use only with this caveat. This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted. .. tip:: This extension extends and can be used with the following extension category: - :ref:`envoy.matching.network.input ` .. _envoy_v3_api_msg_extensions.matching.common_inputs.network.v3.SourceIPInput: extensions.matching.common_inputs.network.v3.SourceIPInput ---------------------------------------------------------- :repo:`[extensions.matching.common_inputs.network.v3.SourceIPInput proto] ` Specifies that matching should be performed by the source IP address. .. _extension_envoy.matching.inputs.source_ip: This extension may be referenced by the qualified name ``envoy.matching.inputs.source_ip`` .. note:: This extension is functional but has not had substantial production burn time, use only with this caveat. This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted. .. tip:: This extension extends and can be used with the following extension category: - :ref:`envoy.matching.network.input ` .. _envoy_v3_api_msg_extensions.matching.common_inputs.network.v3.SourcePortInput: extensions.matching.common_inputs.network.v3.SourcePortInput ------------------------------------------------------------ :repo:`[extensions.matching.common_inputs.network.v3.SourcePortInput proto] ` Specifies that matching should be performed by the source port. .. _extension_envoy.matching.inputs.source_port: This extension may be referenced by the qualified name ``envoy.matching.inputs.source_port`` .. note:: This extension is functional but has not had substantial production burn time, use only with this caveat. This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted. .. tip:: This extension extends and can be used with the following extension category: - :ref:`envoy.matching.network.input ` .. _envoy_v3_api_msg_extensions.matching.common_inputs.network.v3.DirectSourceIPInput: extensions.matching.common_inputs.network.v3.DirectSourceIPInput ---------------------------------------------------------------- :repo:`[extensions.matching.common_inputs.network.v3.DirectSourceIPInput proto] ` Input that matches by the directly connected source IP address (this will only be different from the source IP address when using a listener filter that overrides the source address, such as the :ref:`Proxy Protocol listener filter `). .. _extension_envoy.matching.inputs.direct_source_ip: This extension may be referenced by the qualified name ``envoy.matching.inputs.direct_source_ip`` .. note:: This extension is functional but has not had substantial production burn time, use only with this caveat. This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted. .. tip:: This extension extends and can be used with the following extension category: - :ref:`envoy.matching.network.input ` .. _envoy_v3_api_msg_extensions.matching.common_inputs.network.v3.SourceTypeInput: extensions.matching.common_inputs.network.v3.SourceTypeInput ------------------------------------------------------------ :repo:`[extensions.matching.common_inputs.network.v3.SourceTypeInput proto] ` Input that matches by the source IP type. Specifies the source IP match type. The values include: * ``local`` - matches a connection originating from the same host, .. _extension_envoy.matching.inputs.source_type: This extension may be referenced by the qualified name ``envoy.matching.inputs.source_type`` .. note:: This extension is functional but has not had substantial production burn time, use only with this caveat. This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted. .. tip:: This extension extends and can be used with the following extension category: - :ref:`envoy.matching.network.input ` .. _envoy_v3_api_msg_extensions.matching.common_inputs.network.v3.ServerNameInput: extensions.matching.common_inputs.network.v3.ServerNameInput ------------------------------------------------------------ :repo:`[extensions.matching.common_inputs.network.v3.ServerNameInput proto] ` Input that matches by the requested server name (e.g. SNI in TLS). :ref:`TLS Inspector ` provides the requested server name based on SNI, when TLS protocol is detected. .. _extension_envoy.matching.inputs.server_name: This extension may be referenced by the qualified name ``envoy.matching.inputs.server_name`` .. note:: This extension is functional but has not had substantial production burn time, use only with this caveat. This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted. .. tip:: This extension extends and can be used with the following extension category: - :ref:`envoy.matching.network.input ` .. _envoy_v3_api_msg_extensions.matching.common_inputs.network.v3.TransportProtocolInput: extensions.matching.common_inputs.network.v3.TransportProtocolInput ------------------------------------------------------------------- :repo:`[extensions.matching.common_inputs.network.v3.TransportProtocolInput proto] ` Input that matches by the transport protocol. Suggested values include: * ``raw_buffer`` - default, used when no transport protocol is detected, * ``tls`` - set by :ref:`envoy.filters.listener.tls_inspector ` when TLS protocol is detected. .. _extension_envoy.matching.inputs.transport_protocol: This extension may be referenced by the qualified name ``envoy.matching.inputs.transport_protocol`` .. note:: This extension is functional but has not had substantial production burn time, use only with this caveat. This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted. .. tip:: This extension extends and can be used with the following extension category: - :ref:`envoy.matching.network.input ` .. _envoy_v3_api_msg_extensions.matching.common_inputs.network.v3.ApplicationProtocolInput: extensions.matching.common_inputs.network.v3.ApplicationProtocolInput --------------------------------------------------------------------- :repo:`[extensions.matching.common_inputs.network.v3.ApplicationProtocolInput proto] ` List of quoted and comma-separated requested application protocols. The list consists of a single negotiated application protocol once the network stream is established. Examples: * ``'h2','http/1.1'`` * ``'h2c'``` Suggested values in the list include: * ``http/1.1`` - set by :ref:`envoy.filters.listener.tls_inspector ` and :ref:`envoy.filters.listener.http_inspector `, * ``h2`` - set by :ref:`envoy.filters.listener.tls_inspector ` * ``h2c`` - set by :ref:`envoy.filters.listener.http_inspector ` .. attention:: Currently, :ref:`TLS Inspector ` provides application protocol detection based on the requested `ALPN `_ values. However, the use of ALPN is pretty much limited to the HTTP/2 traffic on the Internet, and matching on values other than ``h2`` is going to lead to a lot of false negatives, unless all connecting clients are known to use ALPN. .. _extension_envoy.matching.inputs.application_protocol: This extension may be referenced by the qualified name ``envoy.matching.inputs.application_protocol`` .. note:: This extension is functional but has not had substantial production burn time, use only with this caveat. This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted. .. tip:: This extension extends and can be used with the following extension category: - :ref:`envoy.matching.network.input `