Interface FilterChainMatchOrBuilder

All Superinterfaces:
com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
All Known Implementing Classes:
FilterChainMatch, FilterChainMatch.Builder

public interface FilterChainMatchOrBuilder extends com.google.protobuf.MessageOrBuilder
  • Method Summary

    Modifier and Type
    Method
    Description
    If non-empty, an IP address and suffix length to match addresses when the listener is bound to 0.0.0.0/:: or when use_original_dst is specified.
    com.google.protobuf.ByteString
    If non-empty, an IP address and suffix length to match addresses when the listener is bound to 0.0.0.0/:: or when use_original_dst is specified.
    If non-empty, a list of application protocols (e.g.
    com.google.protobuf.ByteString
    If non-empty, a list of application protocols (e.g.
    int
    If non-empty, a list of application protocols (e.g.
    If non-empty, a list of application protocols (e.g.
    com.google.protobuf.UInt32Value
    Optional destination port to consider when use_original_dst is set on the listener in determining a filter chain match.
    com.google.protobuf.UInt32ValueOrBuilder
    Optional destination port to consider when use_original_dst is set on the listener in determining a filter chain match.
    The criteria is satisfied if the directly connected source IP address of the downstream connection is contained in at least one of the specified subnets.
    int
    The criteria is satisfied if the directly connected source IP address of the downstream connection is contained in at least one of the specified subnets.
    The criteria is satisfied if the directly connected source IP address of the downstream connection is contained in at least one of the specified subnets.
    The criteria is satisfied if the directly connected source IP address of the downstream connection is contained in at least one of the specified subnets.
    The criteria is satisfied if the directly connected source IP address of the downstream connection is contained in at least one of the specified subnets.
    getPrefixRanges(int index)
    If non-empty, an IP address and prefix length to match addresses when the listener is bound to 0.0.0.0/:: or when use_original_dst is specified.
    int
    If non-empty, an IP address and prefix length to match addresses when the listener is bound to 0.0.0.0/:: or when use_original_dst is specified.
    If non-empty, an IP address and prefix length to match addresses when the listener is bound to 0.0.0.0/:: or when use_original_dst is specified.
    If non-empty, an IP address and prefix length to match addresses when the listener is bound to 0.0.0.0/:: or when use_original_dst is specified.
    If non-empty, an IP address and prefix length to match addresses when the listener is bound to 0.0.0.0/:: or when use_original_dst is specified.
    getServerNames(int index)
    If non-empty, a list of server names (e.g.
    com.google.protobuf.ByteString
    If non-empty, a list of server names (e.g.
    int
    If non-empty, a list of server names (e.g.
    If non-empty, a list of server names (e.g.
    int
    getSourcePorts(int index)
    The criteria is satisfied if the source port of the downstream connection is contained in at least one of the specified ports.
    int
    The criteria is satisfied if the source port of the downstream connection is contained in at least one of the specified ports.
    The criteria is satisfied if the source port of the downstream connection is contained in at least one of the specified ports.
    The criteria is satisfied if the source IP address of the downstream connection is contained in at least one of the specified subnets.
    int
    The criteria is satisfied if the source IP address of the downstream connection is contained in at least one of the specified subnets.
    The criteria is satisfied if the source IP address of the downstream connection is contained in at least one of the specified subnets.
    The criteria is satisfied if the source IP address of the downstream connection is contained in at least one of the specified subnets.
    The criteria is satisfied if the source IP address of the downstream connection is contained in at least one of the specified subnets.
    Specifies the connection source IP match type.
    int
    Specifies the connection source IP match type.
    com.google.protobuf.UInt32Value
    [#not-implemented-hide:]
    com.google.protobuf.UInt32ValueOrBuilder
    [#not-implemented-hide:]
    If non-empty, a transport protocol to consider when determining a filter chain match.
    com.google.protobuf.ByteString
    If non-empty, a transport protocol to consider when determining a filter chain match.
    boolean
    Optional destination port to consider when use_original_dst is set on the listener in determining a filter chain match.
    boolean
    [#not-implemented-hide:]

    Methods inherited from interface com.google.protobuf.MessageLiteOrBuilder

    isInitialized

    Methods inherited from interface com.google.protobuf.MessageOrBuilder

    findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof
  • Method Details

    • hasDestinationPort

      boolean hasDestinationPort()
       Optional destination port to consider when use_original_dst is set on the
       listener in determining a filter chain match.
       
      .google.protobuf.UInt32Value destination_port = 8 [(.validate.rules) = { ... }
      Returns:
      Whether the destinationPort field is set.
    • getDestinationPort

      com.google.protobuf.UInt32Value getDestinationPort()
       Optional destination port to consider when use_original_dst is set on the
       listener in determining a filter chain match.
       
      .google.protobuf.UInt32Value destination_port = 8 [(.validate.rules) = { ... }
      Returns:
      The destinationPort.
    • getDestinationPortOrBuilder

      com.google.protobuf.UInt32ValueOrBuilder getDestinationPortOrBuilder()
       Optional destination port to consider when use_original_dst is set on the
       listener in determining a filter chain match.
       
      .google.protobuf.UInt32Value destination_port = 8 [(.validate.rules) = { ... }
    • getPrefixRangesList

      List<CidrRange> getPrefixRangesList()
       If non-empty, an IP address and prefix length to match addresses when the
       listener is bound to 0.0.0.0/:: or when use_original_dst is specified.
       
      repeated .envoy.config.core.v3.CidrRange prefix_ranges = 3;
    • getPrefixRanges

      CidrRange getPrefixRanges(int index)
       If non-empty, an IP address and prefix length to match addresses when the
       listener is bound to 0.0.0.0/:: or when use_original_dst is specified.
       
      repeated .envoy.config.core.v3.CidrRange prefix_ranges = 3;
    • getPrefixRangesCount

      int getPrefixRangesCount()
       If non-empty, an IP address and prefix length to match addresses when the
       listener is bound to 0.0.0.0/:: or when use_original_dst is specified.
       
      repeated .envoy.config.core.v3.CidrRange prefix_ranges = 3;
    • getPrefixRangesOrBuilderList

      List<? extends CidrRangeOrBuilder> getPrefixRangesOrBuilderList()
       If non-empty, an IP address and prefix length to match addresses when the
       listener is bound to 0.0.0.0/:: or when use_original_dst is specified.
       
      repeated .envoy.config.core.v3.CidrRange prefix_ranges = 3;
    • getPrefixRangesOrBuilder

      CidrRangeOrBuilder getPrefixRangesOrBuilder(int index)
       If non-empty, an IP address and prefix length to match addresses when the
       listener is bound to 0.0.0.0/:: or when use_original_dst is specified.
       
      repeated .envoy.config.core.v3.CidrRange prefix_ranges = 3;
    • getAddressSuffix

      String getAddressSuffix()
       If non-empty, an IP address and suffix length to match addresses when the
       listener is bound to 0.0.0.0/:: or when use_original_dst is specified.
       [#not-implemented-hide:]
       
      string address_suffix = 4;
      Returns:
      The addressSuffix.
    • getAddressSuffixBytes

      com.google.protobuf.ByteString getAddressSuffixBytes()
       If non-empty, an IP address and suffix length to match addresses when the
       listener is bound to 0.0.0.0/:: or when use_original_dst is specified.
       [#not-implemented-hide:]
       
      string address_suffix = 4;
      Returns:
      The bytes for addressSuffix.
    • hasSuffixLen

      boolean hasSuffixLen()
       [#not-implemented-hide:]
       
      .google.protobuf.UInt32Value suffix_len = 5;
      Returns:
      Whether the suffixLen field is set.
    • getSuffixLen

      com.google.protobuf.UInt32Value getSuffixLen()
       [#not-implemented-hide:]
       
      .google.protobuf.UInt32Value suffix_len = 5;
      Returns:
      The suffixLen.
    • getSuffixLenOrBuilder

      com.google.protobuf.UInt32ValueOrBuilder getSuffixLenOrBuilder()
       [#not-implemented-hide:]
       
      .google.protobuf.UInt32Value suffix_len = 5;
    • getDirectSourcePrefixRangesList

      List<CidrRange> getDirectSourcePrefixRangesList()
       The criteria is satisfied if the directly connected source IP address of the downstream
       connection is contained in at least one of the specified subnets. If the parameter is not
       specified or the list is empty, the directly connected source IP address is ignored.
       
      repeated .envoy.config.core.v3.CidrRange direct_source_prefix_ranges = 13;
    • getDirectSourcePrefixRanges

      CidrRange getDirectSourcePrefixRanges(int index)
       The criteria is satisfied if the directly connected source IP address of the downstream
       connection is contained in at least one of the specified subnets. If the parameter is not
       specified or the list is empty, the directly connected source IP address is ignored.
       
      repeated .envoy.config.core.v3.CidrRange direct_source_prefix_ranges = 13;
    • getDirectSourcePrefixRangesCount

      int getDirectSourcePrefixRangesCount()
       The criteria is satisfied if the directly connected source IP address of the downstream
       connection is contained in at least one of the specified subnets. If the parameter is not
       specified or the list is empty, the directly connected source IP address is ignored.
       
      repeated .envoy.config.core.v3.CidrRange direct_source_prefix_ranges = 13;
    • getDirectSourcePrefixRangesOrBuilderList

      List<? extends CidrRangeOrBuilder> getDirectSourcePrefixRangesOrBuilderList()
       The criteria is satisfied if the directly connected source IP address of the downstream
       connection is contained in at least one of the specified subnets. If the parameter is not
       specified or the list is empty, the directly connected source IP address is ignored.
       
      repeated .envoy.config.core.v3.CidrRange direct_source_prefix_ranges = 13;
    • getDirectSourcePrefixRangesOrBuilder

      CidrRangeOrBuilder getDirectSourcePrefixRangesOrBuilder(int index)
       The criteria is satisfied if the directly connected source IP address of the downstream
       connection is contained in at least one of the specified subnets. If the parameter is not
       specified or the list is empty, the directly connected source IP address is ignored.
       
      repeated .envoy.config.core.v3.CidrRange direct_source_prefix_ranges = 13;
    • getSourceTypeValue

      int getSourceTypeValue()
       Specifies the connection source IP match type. Can be any, local or external network.
       
      .envoy.config.listener.v3.FilterChainMatch.ConnectionSourceType source_type = 12 [(.validate.rules) = { ... }
      Returns:
      The enum numeric value on the wire for sourceType.
    • getSourceType

       Specifies the connection source IP match type. Can be any, local or external network.
       
      .envoy.config.listener.v3.FilterChainMatch.ConnectionSourceType source_type = 12 [(.validate.rules) = { ... }
      Returns:
      The sourceType.
    • getSourcePrefixRangesList

      List<CidrRange> getSourcePrefixRangesList()
       The criteria is satisfied if the source IP address of the downstream
       connection is contained in at least one of the specified subnets. If the
       parameter is not specified or the list is empty, the source IP address is
       ignored.
       
      repeated .envoy.config.core.v3.CidrRange source_prefix_ranges = 6;
    • getSourcePrefixRanges

      CidrRange getSourcePrefixRanges(int index)
       The criteria is satisfied if the source IP address of the downstream
       connection is contained in at least one of the specified subnets. If the
       parameter is not specified or the list is empty, the source IP address is
       ignored.
       
      repeated .envoy.config.core.v3.CidrRange source_prefix_ranges = 6;
    • getSourcePrefixRangesCount

      int getSourcePrefixRangesCount()
       The criteria is satisfied if the source IP address of the downstream
       connection is contained in at least one of the specified subnets. If the
       parameter is not specified or the list is empty, the source IP address is
       ignored.
       
      repeated .envoy.config.core.v3.CidrRange source_prefix_ranges = 6;
    • getSourcePrefixRangesOrBuilderList

      List<? extends CidrRangeOrBuilder> getSourcePrefixRangesOrBuilderList()
       The criteria is satisfied if the source IP address of the downstream
       connection is contained in at least one of the specified subnets. If the
       parameter is not specified or the list is empty, the source IP address is
       ignored.
       
      repeated .envoy.config.core.v3.CidrRange source_prefix_ranges = 6;
    • getSourcePrefixRangesOrBuilder

      CidrRangeOrBuilder getSourcePrefixRangesOrBuilder(int index)
       The criteria is satisfied if the source IP address of the downstream
       connection is contained in at least one of the specified subnets. If the
       parameter is not specified or the list is empty, the source IP address is
       ignored.
       
      repeated .envoy.config.core.v3.CidrRange source_prefix_ranges = 6;
    • getSourcePortsList

      List<Integer> getSourcePortsList()
       The criteria is satisfied if the source port of the downstream connection
       is contained in at least one of the specified ports. If the parameter is
       not specified, the source port is ignored.
       
      repeated uint32 source_ports = 7 [(.validate.rules) = { ... }
      Returns:
      A list containing the sourcePorts.
    • getSourcePortsCount

      int getSourcePortsCount()
       The criteria is satisfied if the source port of the downstream connection
       is contained in at least one of the specified ports. If the parameter is
       not specified, the source port is ignored.
       
      repeated uint32 source_ports = 7 [(.validate.rules) = { ... }
      Returns:
      The count of sourcePorts.
    • getSourcePorts

      int getSourcePorts(int index)
       The criteria is satisfied if the source port of the downstream connection
       is contained in at least one of the specified ports. If the parameter is
       not specified, the source port is ignored.
       
      repeated uint32 source_ports = 7 [(.validate.rules) = { ... }
      Parameters:
      index - The index of the element to return.
      Returns:
      The sourcePorts at the given index.
    • getServerNamesList

      List<String> getServerNamesList()
       If non-empty, a list of server names (e.g. SNI for TLS protocol) to consider when determining
       a filter chain match. Those values will be compared against the server names of a new
       connection, when detected by one of the listener filters.
      
       The server name will be matched against all wildcard domains, i.e. ``www.example.com``
       will be first matched against ``www.example.com``, then ``*.example.com``, then ``*.com``.
      
       Note that partial wildcards are not supported, and values like ``*w.example.com`` are invalid.
       The value ``*`` is also not supported, and ``server_names`` should be omitted instead.
      
       .. attention::
      
       See the :ref:`FAQ entry <faq_how_to_setup_sni>` on how to configure SNI for more
       information.
       
      repeated string server_names = 11;
      Returns:
      A list containing the serverNames.
    • getServerNamesCount

      int getServerNamesCount()
       If non-empty, a list of server names (e.g. SNI for TLS protocol) to consider when determining
       a filter chain match. Those values will be compared against the server names of a new
       connection, when detected by one of the listener filters.
      
       The server name will be matched against all wildcard domains, i.e. ``www.example.com``
       will be first matched against ``www.example.com``, then ``*.example.com``, then ``*.com``.
      
       Note that partial wildcards are not supported, and values like ``*w.example.com`` are invalid.
       The value ``*`` is also not supported, and ``server_names`` should be omitted instead.
      
       .. attention::
      
       See the :ref:`FAQ entry <faq_how_to_setup_sni>` on how to configure SNI for more
       information.
       
      repeated string server_names = 11;
      Returns:
      The count of serverNames.
    • getServerNames

      String getServerNames(int index)
       If non-empty, a list of server names (e.g. SNI for TLS protocol) to consider when determining
       a filter chain match. Those values will be compared against the server names of a new
       connection, when detected by one of the listener filters.
      
       The server name will be matched against all wildcard domains, i.e. ``www.example.com``
       will be first matched against ``www.example.com``, then ``*.example.com``, then ``*.com``.
      
       Note that partial wildcards are not supported, and values like ``*w.example.com`` are invalid.
       The value ``*`` is also not supported, and ``server_names`` should be omitted instead.
      
       .. attention::
      
       See the :ref:`FAQ entry <faq_how_to_setup_sni>` on how to configure SNI for more
       information.
       
      repeated string server_names = 11;
      Parameters:
      index - The index of the element to return.
      Returns:
      The serverNames at the given index.
    • getServerNamesBytes

      com.google.protobuf.ByteString getServerNamesBytes(int index)
       If non-empty, a list of server names (e.g. SNI for TLS protocol) to consider when determining
       a filter chain match. Those values will be compared against the server names of a new
       connection, when detected by one of the listener filters.
      
       The server name will be matched against all wildcard domains, i.e. ``www.example.com``
       will be first matched against ``www.example.com``, then ``*.example.com``, then ``*.com``.
      
       Note that partial wildcards are not supported, and values like ``*w.example.com`` are invalid.
       The value ``*`` is also not supported, and ``server_names`` should be omitted instead.
      
       .. attention::
      
       See the :ref:`FAQ entry <faq_how_to_setup_sni>` on how to configure SNI for more
       information.
       
      repeated string server_names = 11;
      Parameters:
      index - The index of the value to return.
      Returns:
      The bytes of the serverNames at the given index.
    • getTransportProtocol

      String getTransportProtocol()
       If non-empty, a transport protocol to consider when determining a filter chain match.
       This value will be compared against the transport protocol of a new connection, when
       it's detected by one of the listener filters.
      
       Suggested values include:
      
       * ``raw_buffer`` - default, used when no transport protocol is detected,
       * ``tls`` - set by :ref:`envoy.filters.listener.tls_inspector <config_listener_filters_tls_inspector>`
       when TLS protocol is detected.
       
      string transport_protocol = 9;
      Returns:
      The transportProtocol.
    • getTransportProtocolBytes

      com.google.protobuf.ByteString getTransportProtocolBytes()
       If non-empty, a transport protocol to consider when determining a filter chain match.
       This value will be compared against the transport protocol of a new connection, when
       it's detected by one of the listener filters.
      
       Suggested values include:
      
       * ``raw_buffer`` - default, used when no transport protocol is detected,
       * ``tls`` - set by :ref:`envoy.filters.listener.tls_inspector <config_listener_filters_tls_inspector>`
       when TLS protocol is detected.
       
      string transport_protocol = 9;
      Returns:
      The bytes for transportProtocol.
    • getApplicationProtocolsList

      List<String> getApplicationProtocolsList()
       If non-empty, a list of application protocols (e.g. ALPN for TLS protocol) to consider when
       determining a filter chain match. Those values will be compared against the application
       protocols of a new connection, when detected by one of the listener filters.
      
       Suggested values include:
      
       * ``http/1.1`` - set by :ref:`envoy.filters.listener.tls_inspector
       <config_listener_filters_tls_inspector>`,
       * ``h2`` - set by :ref:`envoy.filters.listener.tls_inspector <config_listener_filters_tls_inspector>`
      
       .. attention::
      
       Currently, only :ref:`TLS Inspector <config_listener_filters_tls_inspector>` provides
       application protocol detection based on the requested
       `ALPN <https://en.wikipedia.org/wiki/Application-Layer_Protocol_Negotiation>`_ values.
      
       However, the use of ALPN is pretty much limited to the HTTP/2 traffic on the Internet,
       and matching on values other than ``h2`` is going to lead to a lot of false negatives,
       unless all connecting clients are known to use ALPN.
       
      repeated string application_protocols = 10;
      Returns:
      A list containing the applicationProtocols.
    • getApplicationProtocolsCount

      int getApplicationProtocolsCount()
       If non-empty, a list of application protocols (e.g. ALPN for TLS protocol) to consider when
       determining a filter chain match. Those values will be compared against the application
       protocols of a new connection, when detected by one of the listener filters.
      
       Suggested values include:
      
       * ``http/1.1`` - set by :ref:`envoy.filters.listener.tls_inspector
       <config_listener_filters_tls_inspector>`,
       * ``h2`` - set by :ref:`envoy.filters.listener.tls_inspector <config_listener_filters_tls_inspector>`
      
       .. attention::
      
       Currently, only :ref:`TLS Inspector <config_listener_filters_tls_inspector>` provides
       application protocol detection based on the requested
       `ALPN <https://en.wikipedia.org/wiki/Application-Layer_Protocol_Negotiation>`_ values.
      
       However, the use of ALPN is pretty much limited to the HTTP/2 traffic on the Internet,
       and matching on values other than ``h2`` is going to lead to a lot of false negatives,
       unless all connecting clients are known to use ALPN.
       
      repeated string application_protocols = 10;
      Returns:
      The count of applicationProtocols.
    • getApplicationProtocols

      String getApplicationProtocols(int index)
       If non-empty, a list of application protocols (e.g. ALPN for TLS protocol) to consider when
       determining a filter chain match. Those values will be compared against the application
       protocols of a new connection, when detected by one of the listener filters.
      
       Suggested values include:
      
       * ``http/1.1`` - set by :ref:`envoy.filters.listener.tls_inspector
       <config_listener_filters_tls_inspector>`,
       * ``h2`` - set by :ref:`envoy.filters.listener.tls_inspector <config_listener_filters_tls_inspector>`
      
       .. attention::
      
       Currently, only :ref:`TLS Inspector <config_listener_filters_tls_inspector>` provides
       application protocol detection based on the requested
       `ALPN <https://en.wikipedia.org/wiki/Application-Layer_Protocol_Negotiation>`_ values.
      
       However, the use of ALPN is pretty much limited to the HTTP/2 traffic on the Internet,
       and matching on values other than ``h2`` is going to lead to a lot of false negatives,
       unless all connecting clients are known to use ALPN.
       
      repeated string application_protocols = 10;
      Parameters:
      index - The index of the element to return.
      Returns:
      The applicationProtocols at the given index.
    • getApplicationProtocolsBytes

      com.google.protobuf.ByteString getApplicationProtocolsBytes(int index)
       If non-empty, a list of application protocols (e.g. ALPN for TLS protocol) to consider when
       determining a filter chain match. Those values will be compared against the application
       protocols of a new connection, when detected by one of the listener filters.
      
       Suggested values include:
      
       * ``http/1.1`` - set by :ref:`envoy.filters.listener.tls_inspector
       <config_listener_filters_tls_inspector>`,
       * ``h2`` - set by :ref:`envoy.filters.listener.tls_inspector <config_listener_filters_tls_inspector>`
      
       .. attention::
      
       Currently, only :ref:`TLS Inspector <config_listener_filters_tls_inspector>` provides
       application protocol detection based on the requested
       `ALPN <https://en.wikipedia.org/wiki/Application-Layer_Protocol_Negotiation>`_ values.
      
       However, the use of ALPN is pretty much limited to the HTTP/2 traffic on the Internet,
       and matching on values other than ``h2`` is going to lead to a lot of false negatives,
       unless all connecting clients are known to use ALPN.
       
      repeated string application_protocols = 10;
      Parameters:
      index - The index of the value to return.
      Returns:
      The bytes of the applicationProtocols at the given index.