Grcov report - original_ip

1

#pragma once

2

3

#include <memory>

4

#include <string>

5

6

#include "envoy/common/pure.h"

7

#include "envoy/config/typed_config.h"

8

#include "envoy/http/codes.h"

9

#include "envoy/http/header_map.h"

10

#include "envoy/network/address.h"

11

#include "envoy/server/factory_context.h"

12

13

namespace Envoy {

14

namespace Http {

15

16

struct OriginalIPDetectionParams {

17

  // The request headers from downstream.

18

//

19

  // Note that while extensions can modify the headers, they will undergo standard Envoy

20

  // sanitation after the detect() call so additions made here may be removed before

21

  // filters have access to headers.

22

  Http::RequestHeaderMap& request_headers;

23

  // The downstream directly connected address.

24

  const Network::Address::InstanceConstSharedPtr& downstream_remote_address;

25

};

26

27

// Parameters to be used for sending a local reply when detection fails.

28

struct OriginalIPRejectRequestOptions {

29

  Code response_code;

30

  std::string body;

31

};

32

33

struct OriginalIPDetectionResult {

34

  // An address that represents the detected address or nullptr if detection failed.

35

  Network::Address::InstanceConstSharedPtr detected_remote_address;

36

  // Is the detected address trusted (e.g.: can it be used to determine if this is an internal

37

  // request).

38

  bool allow_trusted_address_checks;

39

  // If set, these parameters will be used to signal that detection failed and the request should

40

  // be rejected.

41

  absl::optional<OriginalIPRejectRequestOptions> reject_options;

42

  // Whether to skip appending the detected remote address to ``x-forwarded-for``.

43

  bool skip_xff_append;

44

};

45

46

/**

47

 * Interface class for original IP detection extensions.

48

*/

49

class OriginalIPDetection {

50

public:

51

10357

  virtual ~OriginalIPDetection() = default;

52

53

/**

54

   * Detect the final remote address.

55

56

   * If the call to this method succeeds in detecting the remote IP address or

57

   * fails and is configured to reject the request in that case, no other

58

   * configured extensions will be called (if any).

59

60

   * @param param supplies the OriginalIPDetectionParams params for detection.

61

   * @return OriginalIPDetectionResult the result of the extension's attempt to detect

62

   * the final remote address.

63

*/

64

  virtual OriginalIPDetectionResult detect(OriginalIPDetectionParams& params) PURE;

65

};

66

67

using OriginalIPDetectionSharedPtr = std::shared_ptr<OriginalIPDetection>;

68

69

/*

70

 * A factory for creating original IP detection extensions.

71

*/

72

class OriginalIPDetectionFactory : public Envoy::Config::TypedFactory {

73

public:

74

  ~OriginalIPDetectionFactory() override = default;

75

76

/**

77

   * Creates a particular extension implementation or return an error status.

78

79

   * @param config supplies the configuration for the original IP detection extension.

80

   * @return OriginalIPDetectionSharedPtr the extension instance.

81

*/

82

  virtual absl::StatusOr<OriginalIPDetectionSharedPtr>

83

  createExtension(const Protobuf::Message& config,

84

                  Server::Configuration::FactoryContext& context) PURE;

85

86

908

  std::string category() const override { return "envoy.http.original_ip_detection"; }

87

};

88

89

using OriginalIPDetectionFactoryPtr = std::unique_ptr<OriginalIPDetectionFactory>;

90

91

} // namespace Http

92

} // namespace Envoy