Original destination listener filter reads the SO_ORIGINAL_DST socket option set when a connection has been redirected by an iptables REDIRECT target, or by an iptables TPROXY target in combination with setting the listener’s transparent option. Later processing in Envoy sees the restored destination address as the connection’s local address, rather than the address at which the listener is listening at. Furthermore, an original destination cluster may be used to forward HTTP requests or TCP connections to the restored destination address.
- v2 API reference
- This filter should be configured with the name envoy.listener.original_dst.