listener: validate source IP addresses#4466
listener: validate source IP addresses#4466cmluciano wants to merge 2 commits intoenvoyproxy:masterfrom
Conversation
Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>
|
cc @junr03 still working on adding more tests to verify that this is working correctly |
htuch
left a comment
There was a problem hiding this comment.
Is this just the very first step towards adding source IP matching? Seems almost too small for a PR, but then again, I never say no to small PRs :)
| std::vector<std::string> source_ips; | ||
| for (const auto& source_ip : filter_chain_match.source_prefix_ranges()) { | ||
| const auto& cidr_range = Network::Address::CidrRange::create(source_ip); | ||
| source_ips.push_back(cidr_range.asString()); |
There was a problem hiding this comment.
Why are we saving these to a vector?
There was a problem hiding this comment.
This is carryover from how it is implemented in prefix_ranges . Is there a more suitable type that I should go with?
There was a problem hiding this comment.
I guess it's hard to see how things will be used without a fuller PR, doesn't seem unreasonable..
|
@htuch Yes I just started by searching for where we are currently using Update: I found the other pieces that need changed and am working on them now. |
|
@cmluciano 👌 lmk when the fuller PR is up and I will review. Thanks! |
Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>
|
closing for now so that I don't generate unnecessary builds/spam |
Signed-off-by: Christopher M. Luciano cmluciano@us.ibm.com
Description: listener: validate source IP addresses
Risk Level: Low
Testing: new tests added & bazel test //test/server:listener_manager_impl_test
Docs Changes: WIP
Release Notes: WIP
Fixes #4457