diff --git a/envoy/COMMIT b/envoy/COMMIT index 84966844f9..80478fca31 100644 --- a/envoy/COMMIT +++ b/envoy/COMMIT @@ -1 +1 @@ -dbba2f08250953147308384923d9c7c381598c24 +fbc6ee2ed5b858c842999c688504fd133008868a diff --git a/envoy/extensions/http/original_ip_detection/xff/v3/xff.pb.go b/envoy/extensions/http/original_ip_detection/xff/v3/xff.pb.go index 0a374afa12..1ea2db9cd3 100755 --- a/envoy/extensions/http/original_ip_detection/xff/v3/xff.pb.go +++ b/envoy/extensions/http/original_ip_detection/xff/v3/xff.pb.go @@ -8,8 +8,10 @@ package xffv3 import ( _ "github.com/cncf/xds/go/udpa/annotations" + v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" + wrapperspb "google.golang.org/protobuf/types/known/wrapperspb" reflect "reflect" sync "sync" ) @@ -35,7 +37,39 @@ type XffConfig struct { // determining the origin client's IP address. The default is zero if this option // is not specified. See the documentation for // :ref:`config_http_conn_man_headers_x-forwarded-for` for more information. + // + // Only one of “xff_num_trusted_hops“ and “xff_trusted_cidrs“ can be set. XffNumTrustedHops uint32 `protobuf:"varint,1,opt,name=xff_num_trusted_hops,json=xffNumTrustedHops,proto3" json:"xff_num_trusted_hops,omitempty"` + // The `CIDR `_ ranges to trust when + // evaluating the remote IP address to determine the original client's IP address. + // This is used instead of + // :ref:`use_remote_address `. + // When the remote IP address matches a trusted CIDR and the + // :ref:`config_http_conn_man_headers_x-forwarded-for` header was sent, each entry + // in the “x-forwarded-for“ header is evaluated from right to left and the first + // public non-trusted address is used as the original client address. If all + // addresses in “x-forwarded-for“ are within the trusted list, the first (leftmost) + // entry is used. + // + // This is typically used when requests are proxied by a + // `CDN `_. + // + // Only one of “xff_num_trusted_hops“ and “xff_trusted_cidrs“ can be set. + XffTrustedCidrs *XffTrustedCidrs `protobuf:"bytes,2,opt,name=xff_trusted_cidrs,json=xffTrustedCidrs,proto3" json:"xff_trusted_cidrs,omitempty"` + // If set, Envoy will not append the remote address to the + // :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header. + // + // .. attention:: + // + // For proper proxy behaviour it is not recommended to set this option. + // For backwards compatibility, if this option is unset it defaults to true. + // + // This only applies when :ref:`use_remote_address + // ` + // is false, otherwise :ref:`skip_xff_append + // ` + // applies. + SkipXffAppend *wrapperspb.BoolValue `protobuf:"bytes,3,opt,name=skip_xff_append,json=skipXffAppend,proto3" json:"skip_xff_append,omitempty"` } func (x *XffConfig) Reset() { @@ -77,6 +111,69 @@ func (x *XffConfig) GetXffNumTrustedHops() uint32 { return 0 } +func (x *XffConfig) GetXffTrustedCidrs() *XffTrustedCidrs { + if x != nil { + return x.XffTrustedCidrs + } + return nil +} + +func (x *XffConfig) GetSkipXffAppend() *wrapperspb.BoolValue { + if x != nil { + return x.SkipXffAppend + } + return nil +} + +type XffTrustedCidrs struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The list of `CIDRs `_ from which remote + // connections are considered trusted. + Cidrs []*v3.CidrRange `protobuf:"bytes,1,rep,name=cidrs,proto3" json:"cidrs,omitempty"` +} + +func (x *XffTrustedCidrs) Reset() { + *x = XffTrustedCidrs{} + if protoimpl.UnsafeEnabled { + mi := &file_envoy_extensions_http_original_ip_detection_xff_v3_xff_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *XffTrustedCidrs) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*XffTrustedCidrs) ProtoMessage() {} + +func (x *XffTrustedCidrs) ProtoReflect() protoreflect.Message { + mi := &file_envoy_extensions_http_original_ip_detection_xff_v3_xff_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use XffTrustedCidrs.ProtoReflect.Descriptor instead. +func (*XffTrustedCidrs) Descriptor() ([]byte, []int) { + return file_envoy_extensions_http_original_ip_detection_xff_v3_xff_proto_rawDescGZIP(), []int{1} +} + +func (x *XffTrustedCidrs) GetCidrs() []*v3.CidrRange { + if x != nil { + return x.Cidrs + } + return nil +} + var File_envoy_extensions_http_original_ip_detection_xff_v3_xff_proto protoreflect.FileDescriptor var file_envoy_extensions_http_original_ip_detection_xff_v3_xff_proto_rawDesc = []byte{ @@ -87,25 +184,45 @@ var file_envoy_extensions_http_original_ip_detection_xff_v3_xff_proto_rawDesc = 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x68, 0x74, 0x74, 0x70, 0x2e, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x61, 0x6c, 0x5f, 0x69, 0x70, 0x5f, 0x64, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x78, 0x66, 0x66, 0x2e, - 0x76, 0x33, 0x1a, 0x1d, 0x75, 0x64, 0x70, 0x61, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x22, 0x3c, 0x0a, 0x09, 0x58, 0x66, 0x66, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2f, - 0x0a, 0x14, 0x78, 0x66, 0x66, 0x5f, 0x6e, 0x75, 0x6d, 0x5f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, - 0x64, 0x5f, 0x68, 0x6f, 0x70, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x11, 0x78, 0x66, - 0x66, 0x4e, 0x75, 0x6d, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x48, 0x6f, 0x70, 0x73, 0x42, - 0xb7, 0x01, 0xba, 0x80, 0xc8, 0xd1, 0x06, 0x02, 0x10, 0x02, 0x0a, 0x40, 0x69, 0x6f, 0x2e, 0x65, - 0x6e, 0x76, 0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, - 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x68, 0x74, 0x74, 0x70, 0x2e, - 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x61, 0x6c, 0x5f, 0x69, 0x70, 0x5f, 0x64, 0x65, 0x74, 0x65, - 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x78, 0x66, 0x66, 0x2e, 0x76, 0x33, 0x42, 0x08, 0x58, 0x66, - 0x66, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x5f, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, - 0x67, 0x6f, 0x2d, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x2d, 0x70, 0x6c, 0x61, 0x6e, 0x65, - 0x2f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, - 0x73, 0x2f, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x61, 0x6c, 0x5f, - 0x69, 0x70, 0x5f, 0x64, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x2f, 0x78, 0x66, 0x66, - 0x2f, 0x76, 0x33, 0x3b, 0x78, 0x66, 0x66, 0x76, 0x33, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, + 0x76, 0x33, 0x1a, 0x22, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x76, 0x33, 0x2f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1d, 0x75, 0x64, 0x70, 0x61, 0x2f, 0x61, 0x6e, 0x6e, + 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xf1, 0x01, 0x0a, 0x09, 0x58, 0x66, 0x66, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x12, 0x2f, 0x0a, 0x14, 0x78, 0x66, 0x66, 0x5f, 0x6e, 0x75, 0x6d, 0x5f, 0x74, + 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x68, 0x6f, 0x70, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0d, 0x52, 0x11, 0x78, 0x66, 0x66, 0x4e, 0x75, 0x6d, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, + 0x48, 0x6f, 0x70, 0x73, 0x12, 0x6f, 0x0a, 0x11, 0x78, 0x66, 0x66, 0x5f, 0x74, 0x72, 0x75, 0x73, + 0x74, 0x65, 0x64, 0x5f, 0x63, 0x69, 0x64, 0x72, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x43, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, + 0x6e, 0x73, 0x2e, 0x68, 0x74, 0x74, 0x70, 0x2e, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x61, 0x6c, + 0x5f, 0x69, 0x70, 0x5f, 0x64, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x78, 0x66, + 0x66, 0x2e, 0x76, 0x33, 0x2e, 0x58, 0x66, 0x66, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43, + 0x69, 0x64, 0x72, 0x73, 0x52, 0x0f, 0x78, 0x66, 0x66, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, + 0x43, 0x69, 0x64, 0x72, 0x73, 0x12, 0x42, 0x0a, 0x0f, 0x73, 0x6b, 0x69, 0x70, 0x5f, 0x78, 0x66, + 0x66, 0x5f, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0d, 0x73, 0x6b, 0x69, 0x70, + 0x58, 0x66, 0x66, 0x41, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x22, 0x48, 0x0a, 0x0f, 0x58, 0x66, 0x66, + 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43, 0x69, 0x64, 0x72, 0x73, 0x12, 0x35, 0x0a, 0x05, + 0x63, 0x69, 0x64, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x65, 0x6e, + 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, + 0x76, 0x33, 0x2e, 0x43, 0x69, 0x64, 0x72, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x05, 0x63, 0x69, + 0x64, 0x72, 0x73, 0x42, 0xb7, 0x01, 0xba, 0x80, 0xc8, 0xd1, 0x06, 0x02, 0x10, 0x02, 0x0a, 0x40, + 0x69, 0x6f, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x65, 0x6e, + 0x76, 0x6f, 0x79, 0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x68, + 0x74, 0x74, 0x70, 0x2e, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x61, 0x6c, 0x5f, 0x69, 0x70, 0x5f, + 0x64, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x78, 0x66, 0x66, 0x2e, 0x76, 0x33, + 0x42, 0x08, 0x58, 0x66, 0x66, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x5f, 0x67, 0x69, + 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x70, 0x72, + 0x6f, 0x78, 0x79, 0x2f, 0x67, 0x6f, 0x2d, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x2d, 0x70, + 0x6c, 0x61, 0x6e, 0x65, 0x2f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x65, 0x78, 0x74, 0x65, 0x6e, + 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x6f, 0x72, 0x69, 0x67, 0x69, + 0x6e, 0x61, 0x6c, 0x5f, 0x69, 0x70, 0x5f, 0x64, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, + 0x2f, 0x78, 0x66, 0x66, 0x2f, 0x76, 0x33, 0x3b, 0x78, 0x66, 0x66, 0x76, 0x33, 0x62, 0x06, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -120,16 +237,22 @@ func file_envoy_extensions_http_original_ip_detection_xff_v3_xff_proto_rawDescGZ return file_envoy_extensions_http_original_ip_detection_xff_v3_xff_proto_rawDescData } -var file_envoy_extensions_http_original_ip_detection_xff_v3_xff_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_envoy_extensions_http_original_ip_detection_xff_v3_xff_proto_msgTypes = make([]protoimpl.MessageInfo, 2) var file_envoy_extensions_http_original_ip_detection_xff_v3_xff_proto_goTypes = []interface{}{ - (*XffConfig)(nil), // 0: envoy.extensions.http.original_ip_detection.xff.v3.XffConfig + (*XffConfig)(nil), // 0: envoy.extensions.http.original_ip_detection.xff.v3.XffConfig + (*XffTrustedCidrs)(nil), // 1: envoy.extensions.http.original_ip_detection.xff.v3.XffTrustedCidrs + (*wrapperspb.BoolValue)(nil), // 2: google.protobuf.BoolValue + (*v3.CidrRange)(nil), // 3: envoy.config.core.v3.CidrRange } var file_envoy_extensions_http_original_ip_detection_xff_v3_xff_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name + 1, // 0: envoy.extensions.http.original_ip_detection.xff.v3.XffConfig.xff_trusted_cidrs:type_name -> envoy.extensions.http.original_ip_detection.xff.v3.XffTrustedCidrs + 2, // 1: envoy.extensions.http.original_ip_detection.xff.v3.XffConfig.skip_xff_append:type_name -> google.protobuf.BoolValue + 3, // 2: envoy.extensions.http.original_ip_detection.xff.v3.XffTrustedCidrs.cidrs:type_name -> envoy.config.core.v3.CidrRange + 3, // [3:3] is the sub-list for method output_type + 3, // [3:3] is the sub-list for method input_type + 3, // [3:3] is the sub-list for extension type_name + 3, // [3:3] is the sub-list for extension extendee + 0, // [0:3] is the sub-list for field type_name } func init() { file_envoy_extensions_http_original_ip_detection_xff_v3_xff_proto_init() } @@ -150,6 +273,18 @@ func file_envoy_extensions_http_original_ip_detection_xff_v3_xff_proto_init() { return nil } } + file_envoy_extensions_http_original_ip_detection_xff_v3_xff_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*XffTrustedCidrs); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } } type x struct{} out := protoimpl.TypeBuilder{ @@ -157,7 +292,7 @@ func file_envoy_extensions_http_original_ip_detection_xff_v3_xff_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_envoy_extensions_http_original_ip_detection_xff_v3_xff_proto_rawDesc, NumEnums: 0, - NumMessages: 1, + NumMessages: 2, NumExtensions: 0, NumServices: 0, }, diff --git a/envoy/extensions/http/original_ip_detection/xff/v3/xff.pb.validate.go b/envoy/extensions/http/original_ip_detection/xff/v3/xff.pb.validate.go index 4940e458ff..4cc8a95e25 100755 --- a/envoy/extensions/http/original_ip_detection/xff/v3/xff.pb.validate.go +++ b/envoy/extensions/http/original_ip_detection/xff/v3/xff.pb.validate.go @@ -60,6 +60,64 @@ func (m *XffConfig) validate(all bool) error { // no validation rules for XffNumTrustedHops + if all { + switch v := interface{}(m.GetXffTrustedCidrs()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, XffConfigValidationError{ + field: "XffTrustedCidrs", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, XffConfigValidationError{ + field: "XffTrustedCidrs", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetXffTrustedCidrs()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return XffConfigValidationError{ + field: "XffTrustedCidrs", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if all { + switch v := interface{}(m.GetSkipXffAppend()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, XffConfigValidationError{ + field: "SkipXffAppend", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, XffConfigValidationError{ + field: "SkipXffAppend", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetSkipXffAppend()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return XffConfigValidationError{ + field: "SkipXffAppend", + reason: "embedded message failed validation", + cause: err, + } + } + } + if len(errors) > 0 { return XffConfigMultiError(errors) } @@ -136,3 +194,137 @@ var _ interface { Cause() error ErrorName() string } = XffConfigValidationError{} + +// Validate checks the field values on XffTrustedCidrs with the rules defined +// in the proto definition for this message. If any rules are violated, the +// first error encountered is returned, or nil if there are no violations. +func (m *XffTrustedCidrs) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on XffTrustedCidrs with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// XffTrustedCidrsMultiError, or nil if none found. +func (m *XffTrustedCidrs) ValidateAll() error { + return m.validate(true) +} + +func (m *XffTrustedCidrs) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + for idx, item := range m.GetCidrs() { + _, _ = idx, item + + if all { + switch v := interface{}(item).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, XffTrustedCidrsValidationError{ + field: fmt.Sprintf("Cidrs[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, XffTrustedCidrsValidationError{ + field: fmt.Sprintf("Cidrs[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(item).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return XffTrustedCidrsValidationError{ + field: fmt.Sprintf("Cidrs[%v]", idx), + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + if len(errors) > 0 { + return XffTrustedCidrsMultiError(errors) + } + + return nil +} + +// XffTrustedCidrsMultiError is an error wrapping multiple validation errors +// returned by XffTrustedCidrs.ValidateAll() if the designated constraints +// aren't met. +type XffTrustedCidrsMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m XffTrustedCidrsMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m XffTrustedCidrsMultiError) AllErrors() []error { return m } + +// XffTrustedCidrsValidationError is the validation error returned by +// XffTrustedCidrs.Validate if the designated constraints aren't met. +type XffTrustedCidrsValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e XffTrustedCidrsValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e XffTrustedCidrsValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e XffTrustedCidrsValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e XffTrustedCidrsValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e XffTrustedCidrsValidationError) ErrorName() string { return "XffTrustedCidrsValidationError" } + +// Error satisfies the builtin error interface +func (e XffTrustedCidrsValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sXffTrustedCidrs.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = XffTrustedCidrsValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = XffTrustedCidrsValidationError{} diff --git a/envoy/extensions/http/original_ip_detection/xff/v3/xff_vtproto.pb.go b/envoy/extensions/http/original_ip_detection/xff/v3/xff_vtproto.pb.go index 802975151b..755870fb06 100755 --- a/envoy/extensions/http/original_ip_detection/xff/v3/xff_vtproto.pb.go +++ b/envoy/extensions/http/original_ip_detection/xff/v3/xff_vtproto.pb.go @@ -8,6 +8,8 @@ package xffv3 import ( protohelpers "github.com/planetscale/vtprotobuf/protohelpers" + wrapperspb "github.com/planetscale/vtprotobuf/types/known/wrapperspb" + proto "google.golang.org/protobuf/proto" protoimpl "google.golang.org/protobuf/runtime/protoimpl" ) @@ -48,6 +50,26 @@ func (m *XffConfig) MarshalToSizedBufferVTStrict(dAtA []byte) (int, error) { i -= len(m.unknownFields) copy(dAtA[i:], m.unknownFields) } + if m.SkipXffAppend != nil { + size, err := (*wrapperspb.BoolValue)(m.SkipXffAppend).MarshalToSizedBufferVTStrict(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + i-- + dAtA[i] = 0x1a + } + if m.XffTrustedCidrs != nil { + size, err := m.XffTrustedCidrs.MarshalToSizedBufferVTStrict(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + i-- + dAtA[i] = 0x12 + } if m.XffNumTrustedHops != 0 { i = protohelpers.EncodeVarint(dAtA, i, uint64(m.XffNumTrustedHops)) i-- @@ -56,6 +78,63 @@ func (m *XffConfig) MarshalToSizedBufferVTStrict(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *XffTrustedCidrs) MarshalVTStrict() (dAtA []byte, err error) { + if m == nil { + return nil, nil + } + size := m.SizeVT() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBufferVTStrict(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *XffTrustedCidrs) MarshalToVTStrict(dAtA []byte) (int, error) { + size := m.SizeVT() + return m.MarshalToSizedBufferVTStrict(dAtA[:size]) +} + +func (m *XffTrustedCidrs) MarshalToSizedBufferVTStrict(dAtA []byte) (int, error) { + if m == nil { + return 0, nil + } + i := len(dAtA) + _ = i + var l int + _ = l + if m.unknownFields != nil { + i -= len(m.unknownFields) + copy(dAtA[i:], m.unknownFields) + } + if len(m.Cidrs) > 0 { + for iNdEx := len(m.Cidrs) - 1; iNdEx >= 0; iNdEx-- { + if vtmsg, ok := interface{}(m.Cidrs[iNdEx]).(interface { + MarshalToSizedBufferVTStrict([]byte) (int, error) + }); ok { + size, err := vtmsg.MarshalToSizedBufferVTStrict(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + } else { + encoded, err := proto.Marshal(m.Cidrs[iNdEx]) + if err != nil { + return 0, err + } + i -= len(encoded) + copy(dAtA[i:], encoded) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(encoded))) + } + i-- + dAtA[i] = 0xa + } + } + return len(dAtA) - i, nil +} + func (m *XffConfig) SizeVT() (n int) { if m == nil { return 0 @@ -65,6 +144,36 @@ func (m *XffConfig) SizeVT() (n int) { if m.XffNumTrustedHops != 0 { n += 1 + protohelpers.SizeOfVarint(uint64(m.XffNumTrustedHops)) } + if m.XffTrustedCidrs != nil { + l = m.XffTrustedCidrs.SizeVT() + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + if m.SkipXffAppend != nil { + l = (*wrapperspb.BoolValue)(m.SkipXffAppend).SizeVT() + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + n += len(m.unknownFields) + return n +} + +func (m *XffTrustedCidrs) SizeVT() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if len(m.Cidrs) > 0 { + for _, e := range m.Cidrs { + if size, ok := interface{}(e).(interface { + SizeVT() int + }); ok { + l = size.SizeVT() + } else { + l = proto.Size(e) + } + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + } n += len(m.unknownFields) return n }