Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow HTTP CONNECT proxying to route based on HTTP headers #13042

Closed
nicktrav opened this issue Sep 10, 2020 · 3 comments · Fixed by #13056
Closed

Allow HTTP CONNECT proxying to route based on HTTP headers #13042

nicktrav opened this issue Sep 10, 2020 · 3 comments · Fixed by #13056
Labels
area/http enhancement Feature requests. Not bugs or questions.

Comments

@nicktrav
Copy link
Contributor

Currently, connect_matcher only supports matching on the HTTP CONNECT method.

I'd like to propose / request enhancing this matcher by allowing it to match on the other fields under a route's match config. Specifically, we'd like to be able to use the HTTP headers to control where the CONNECT is directed.

In terms of the existing code, ConnectRouteEntryImpl only supports checking to see if the request method is CONNECT, here:

envoy/source/common/router/config_impl.cc

Lines 1029 to 1036 in 50ef094

RouteConstSharedPtr ConnectRouteEntryImpl::matches(const Http::RequestHeaderMap& headers,
const StreamInfo::StreamInfo&,
uint64_t random_value) const {
if (Http::HeaderUtility::isConnect(headers)) {
return clusterEntry(headers, random_value);
}
return nullptr;
}

The following patch is essentially what we're looking for:

diff --git a/source/common/router/config_impl.cc b/source/common/router/config_impl.cc
index ae92edeab..d5ef311c5 100644
--- a/source/common/router/config_impl.cc
+++ b/source/common/router/config_impl.cc
@@ -1027,9 +1027,10 @@ void ConnectRouteEntryImpl::rewritePathHeader(Http::RequestHeaderMap& headers,
 }

 RouteConstSharedPtr ConnectRouteEntryImpl::matches(const Http::RequestHeaderMap& headers,
-                                                   const StreamInfo::StreamInfo&,
+                                                   const StreamInfo::StreamInfo& stream_info,
                                                    uint64_t random_value) const {
-  if (Http::HeaderUtility::isConnect(headers)) {
+  if (Http::HeaderUtility::isConnect(headers) &&
+      RouteEntryImplBase::matchRoute(headers, stream_info, random_value)) {
     return clusterEntry(headers, random_value);
   }
   return nullptr;

Happy to put up this patch along with some tests, unless there's good reason for not allowing more advanced matching for CONNECT?
@nicktrav nicktrav added enhancement Feature requests. Not bugs or questions. triage Issue requires triage labels Sep 10, 2020
@htuch htuch removed the triage Issue requires triage label Sep 10, 2020
@htuch
Copy link
Member

htuch commented Sep 10, 2020

@alyssawilk WDYT?

@alyssawilk
Copy link
Contributor

No objection on my part. I think the problem was that all the other matchers assume the request has a path, and CONNECT HTTP/1.1 does not which is why @mattklein123 preferred separate matching entirely. Extending the CONNECT matcher to do other header based matching SGTM as long as we're careful to continue supporting nonexistent paths :-)

nicktrav added a commit to nicktrav/envoy that referenced this issue Sep 11, 2020
@nicktrav
router: extend HTTP CONNECT route matching criteria
52ab7e2 
Currently, using `ConnectMatcher` as a `RouteMatch` will match only on
an HTTP `:method` header of `CONNECT`.

Extend the matching functionality to allow for use of the additional
match criteria in `RouteMatch` - i.e. header matching, path matching,
etc. - mimicking the existing behavior of the other matchers (prefix,
path, etc.).

Closes envoyproxy#13042.

Signed-off-by: Nick Travers <[email protected]>
@nick-cloudnatix nick-cloudnatix mentioned this issue Sep 11, 2020
Merged
@mattklein123
Copy link
Member

SGTM!

mattklein123 pushed a commit that referenced this issue Sep 11, 2020
@nick-cloudnatix
router: extend HTTP CONNECT route matching criteria (#13056)
fdfaba5 
Currently, using `ConnectMatcher` as a `RouteMatch` will match only on
an HTTP `:method` header of `CONNECT`.

Extend the matching functionality to allow for use of the additional
match criteria in `RouteMatch` - i.e. header matching, path matching,
etc. - mimicking the existing behavior of the other matchers (prefix,
path, etc.).

Closes #13042.

Signed-off-by: Nick Travers <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/http enhancement Feature requests. Not bugs or questions.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

router: extend HTTP CONNECT route matching criteria nicktrav/envoy
4 participants
@nicktrav @mattklein123 @htuch @alyssawilk