matching: add UDP support for network input types

docs/root/intro/arch_overview/advanced/matching/matching_api.rst

@@ -40,13 +40,16 @@ These input functions are available for matching HTTP requests:
 Network Input Functions
 ***********************
 
-These input functions are available for matching TCP connections:
+These input functions are available for matching both TCP connections and UDP datagrams:
 
 * :ref:`Destination IP <extension_envoy.matching.inputs.destination_ip>`.
 * :ref:`Destination port <extension_envoy.matching.inputs.destination_port>`.
 * :ref:`Source IP <extension_envoy.matching.inputs.source_ip>`.
-* :ref:`Direct source IP <extension_envoy.matching.inputs.direct_source_ip>`.
 * :ref:`Source port <extension_envoy.matching.inputs.source_port>`.
+
+These input functions are available for matching TCP connections:
+
+* :ref:`Direct source IP <extension_envoy.matching.inputs.direct_source_ip>`.
 * :ref:`Source type <extension_envoy.matching.inputs.source_type>`.
 * :ref:`Server name <extension_envoy.matching.inputs.server_name>`.
 * :ref:`Transport protocol <extension_envoy.matching.inputs.transport_protocol>`.

envoy/network/filter.h

@@ -531,5 +531,18 @@ class MatchingData {
   virtual const ConnectionSocket& socket() const PURE;
 };
 
+/**
+ * UDP listener filter matching context data for unified matchers.
+ */
+class UdpMatchingData {
+public:
+  static absl::string_view name() { return "network"; }
+
+  virtual ~UdpMatchingData() = default;
+
+  virtual const Address::InstanceConstSharedPtr& localAddress() const PURE;
+  virtual const Address::InstanceConstSharedPtr& remoteAddress() const PURE;
+};
+
 } // namespace Network
 } // namespace Envoy

source/common/network/matching/data_impl.h

@@ -19,6 +19,22 @@ class MatchingDataImpl : public MatchingData {
   const ConnectionSocket& socket_;
 };
 
+/**
+ * Implementation of Network::UdpMatchingData, providing UDP data to the match tree.
+ */
+class UdpMatchingDataImpl : public UdpMatchingData {
+public:
+  UdpMatchingDataImpl(const Address::InstanceConstSharedPtr& local_address,
+                      const Address::InstanceConstSharedPtr& remote_address)
+      : local_address_(local_address), remote_address_(remote_address) {}
+  const Address::InstanceConstSharedPtr& localAddress() const override { return local_address_; }
+  const Address::InstanceConstSharedPtr& remoteAddress() const override { return remote_address_; }
+
+private:
+  const Address::InstanceConstSharedPtr& local_address_;
+  const Address::InstanceConstSharedPtr& remote_address_;
+};
+
 } // namespace Matching
 } // namespace Network
 } // namespace Envoy

source/common/network/matching/inputs.cc

@@ -10,7 +10,8 @@ namespace Envoy {
 namespace Network {
 namespace Matching {
 
-Matcher::DataInputGetResult DestinationIPInput::get(const MatchingData& data) const {
+template <>
+Matcher::DataInputGetResult DestinationIPInput<MatchingData>::get(const MatchingData& data) const {
   const auto& address = data.socket().connectionInfoProvider().localAddress();
   if (address->type() != Network::Address::Type::Ip) {
     return {Matcher::DataInputGetResult::DataAvailability::AllDataAvailable, absl::nullopt};
@@ -19,7 +20,20 @@ Matcher::DataInputGetResult DestinationIPInput::get(const MatchingData& data) co
           address->ip()->addressAsString()};
 }
 
-Matcher::DataInputGetResult DestinationPortInput::get(const MatchingData& data) const {
+template <>
+Matcher::DataInputGetResult
+DestinationIPInput<UdpMatchingData>::get(const UdpMatchingData& data) const {
+  const auto& address = data.localAddress();
+  if (address->type() != Network::Address::Type::Ip) {
+    return {Matcher::DataInputGetResult::DataAvailability::AllDataAvailable, absl::nullopt};
+  }
+  return {Matcher::DataInputGetResult::DataAvailability::AllDataAvailable,
+          address->ip()->addressAsString()};
+}
+
+template <>
+Matcher::DataInputGetResult
+DestinationPortInput<MatchingData>::get(const MatchingData& data) const {
   const auto& address = data.socket().connectionInfoProvider().localAddress();
   if (address->type() != Network::Address::Type::Ip) {
     return {Matcher::DataInputGetResult::DataAvailability::AllDataAvailable, absl::nullopt};
@@ -28,7 +42,19 @@ Matcher::DataInputGetResult DestinationPortInput::get(const MatchingData& data)
           absl::StrCat(address->ip()->port())};
 }
 
-Matcher::DataInputGetResult SourceIPInput::get(const MatchingData& data) const {
+template <>
+Matcher::DataInputGetResult
+DestinationPortInput<UdpMatchingData>::get(const UdpMatchingData& data) const {
+  const auto& address = data.localAddress();
+  if (address->type() != Network::Address::Type::Ip) {
+    return {Matcher::DataInputGetResult::DataAvailability::AllDataAvailable, absl::nullopt};
+  }
+  return {Matcher::DataInputGetResult::DataAvailability::AllDataAvailable,
+          absl::StrCat(address->ip()->port())};
+}
+
+template <>
+Matcher::DataInputGetResult SourceIPInput<MatchingData>::get(const MatchingData& data) const {
   const auto& address = data.socket().connectionInfoProvider().remoteAddress();
   if (address->type() != Network::Address::Type::Ip) {
     return {Matcher::DataInputGetResult::DataAvailability::AllDataAvailable, absl::nullopt};
@@ -37,7 +63,18 @@ Matcher::DataInputGetResult SourceIPInput::get(const MatchingData& data) const {
           address->ip()->addressAsString()};
 }
 
-Matcher::DataInputGetResult SourcePortInput::get(const MatchingData& data) const {
+template <>
+Matcher::DataInputGetResult SourceIPInput<UdpMatchingData>::get(const UdpMatchingData& data) const {
+  const auto& address = data.remoteAddress();
+  if (address->type() != Network::Address::Type::Ip) {
+    return {Matcher::DataInputGetResult::DataAvailability::AllDataAvailable, absl::nullopt};
+  }
+  return {Matcher::DataInputGetResult::DataAvailability::AllDataAvailable,
+          address->ip()->addressAsString()};
+}
+
+template <>
+Matcher::DataInputGetResult SourcePortInput<MatchingData>::get(const MatchingData& data) const {
   const auto& address = data.socket().connectionInfoProvider().remoteAddress();
   if (address->type() != Network::Address::Type::Ip) {
     return {Matcher::DataInputGetResult::DataAvailability::AllDataAvailable, absl::nullopt};
@@ -46,6 +83,17 @@ Matcher::DataInputGetResult SourcePortInput::get(const MatchingData& data) const
           absl::StrCat(address->ip()->port())};
 }
 
+template <>
+Matcher::DataInputGetResult
+SourcePortInput<UdpMatchingData>::get(const UdpMatchingData& data) const {
+  const auto& address = data.remoteAddress();
+  if (address->type() != Network::Address::Type::Ip) {
+    return {Matcher::DataInputGetResult::DataAvailability::AllDataAvailable, absl::nullopt};
+  }
+  return {Matcher::DataInputGetResult::DataAvailability::AllDataAvailable,
+          absl::StrCat(address->ip()->port())};
+}
+
 Matcher::DataInputGetResult DirectSourceIPInput::get(const MatchingData& data) const {
   const auto& address = data.socket().connectionInfoProvider().directRemoteAddress();
   if (address->type() != Network::Address::Type::Ip) {
@@ -91,9 +139,13 @@ Matcher::DataInputGetResult ApplicationProtocolInput::get(const MatchingData& da
 }
 
 REGISTER_FACTORY(DestinationIPInputFactory, Matcher::DataInputFactory<MatchingData>);
+REGISTER_FACTORY(UdpDestinationIPInputFactory, Matcher::DataInputFactory<UdpMatchingData>);
 REGISTER_FACTORY(DestinationPortInputFactory, Matcher::DataInputFactory<MatchingData>);
+REGISTER_FACTORY(UdpDestinationPortInputFactory, Matcher::DataInputFactory<UdpMatchingData>);
 REGISTER_FACTORY(SourceIPInputFactory, Matcher::DataInputFactory<MatchingData>);
+REGISTER_FACTORY(UdpSourceIPInputFactory, Matcher::DataInputFactory<UdpMatchingData>);
 REGISTER_FACTORY(SourcePortInputFactory, Matcher::DataInputFactory<MatchingData>);
+REGISTER_FACTORY(UdpSourcePortInputFactory, Matcher::DataInputFactory<UdpMatchingData>);
 REGISTER_FACTORY(DirectSourceIPInputFactory, Matcher::DataInputFactory<MatchingData>);
 REGISTER_FACTORY(SourceTypeInputFactory, Matcher::DataInputFactory<MatchingData>);
 REGISTER_FACTORY(ServerNameInputFactory, Matcher::DataInputFactory<MatchingData>);

source/common/network/matching/inputs.h

@@ -9,15 +9,15 @@ namespace Envoy {
 namespace Network {
 namespace Matching {
 
-template <class InputType, class ProtoType>
-class BaseFactory : public Matcher::DataInputFactory<MatchingData> {
+template <class InputType, class ProtoType, class MatchingDataType>
+class BaseFactory : public Matcher::DataInputFactory<MatchingDataType> {
 protected:
   explicit BaseFactory(const std::string& name) : name_(name) {}
 
 public:
   std::string name() const override { return "envoy.matching.inputs." + name_; }
 
-  Matcher::DataInputFactoryCb<MatchingData>
+  Matcher::DataInputFactoryCb<MatchingDataType>
   createDataInputFactoryCb(const Protobuf::Message&, ProtobufMessage::ValidationVisitor&) override {
     return []() { return std::make_unique<InputType>(); };
   };
@@ -29,56 +29,96 @@ class BaseFactory : public Matcher::DataInputFactory<MatchingData> {
   const std::string name_;
 };
 
-class DestinationIPInput : public Matcher::DataInput<MatchingData> {
+template <class MatchingDataType>
+class DestinationIPInput : public Matcher::DataInput<MatchingDataType> {
 public:
-  Matcher::DataInputGetResult get(const MatchingData& data) const override;
+  Matcher::DataInputGetResult get(const MatchingDataType& data) const override;
 };
 
-class DestinationIPInputFactory
+template <class MatchingDataType>
+class DestinationIPInputBaseFactory
     : public BaseFactory<
-          DestinationIPInput,
-          envoy::extensions::matching::common_inputs::network::v3::DestinationIPInput> {
+          DestinationIPInput<MatchingDataType>,
+          envoy::extensions::matching::common_inputs::network::v3::DestinationIPInput,
+          MatchingDataType> {
 public:
-  DestinationIPInputFactory() : BaseFactory("destination_ip") {}
+  DestinationIPInputBaseFactory()
+      : BaseFactory<DestinationIPInput<MatchingDataType>,
+                    envoy::extensions::matching::common_inputs::network::v3::DestinationIPInput,
+                    MatchingDataType>("destination_ip") {}
 };
 
-class DestinationPortInput : public Matcher::DataInput<MatchingData> {
+class DestinationIPInputFactory : public DestinationIPInputBaseFactory<MatchingData> {};
+
+class UdpDestinationIPInputFactory : public DestinationIPInputBaseFactory<UdpMatchingData> {};
+
+template <class MatchingDataType>
+class DestinationPortInput : public Matcher::DataInput<MatchingDataType> {
 public:
-  Matcher::DataInputGetResult get(const MatchingData& data) const override;
+  Matcher::DataInputGetResult get(const MatchingDataType& data) const override;
 };
 
-class DestinationPortInputFactory
+template <class MatchingDataType>
+class DestinationPortInputBaseFactory
     : public BaseFactory<
-          DestinationPortInput,
-          envoy::extensions::matching::common_inputs::network::v3::DestinationPortInput> {
+          DestinationPortInput<MatchingDataType>,
+          envoy::extensions::matching::common_inputs::network::v3::DestinationPortInput,
+          MatchingDataType> {
 public:
-  DestinationPortInputFactory() : BaseFactory("destination_port") {}
+  DestinationPortInputBaseFactory()
+      : BaseFactory<DestinationPortInput<MatchingDataType>,
+                    envoy::extensions::matching::common_inputs::network::v3::DestinationPortInput,
+                    MatchingDataType>("destination_port") {}
 };
 
-class SourceIPInput : public Matcher::DataInput<MatchingData> {
+class DestinationPortInputFactory : public DestinationPortInputBaseFactory<MatchingData> {};
+
+class UdpDestinationPortInputFactory : public DestinationPortInputBaseFactory<UdpMatchingData> {};
+
+template <class MatchingDataType>
+class SourceIPInput : public Matcher::DataInput<MatchingDataType> {
 public:
-  Matcher::DataInputGetResult get(const MatchingData& data) const override;
+  Matcher::DataInputGetResult get(const MatchingDataType& data) const override;
 };
 
-class SourceIPInputFactory
-    : public BaseFactory<SourceIPInput,
-                         envoy::extensions::matching::common_inputs::network::v3::SourceIPInput> {
+template <class MatchingDataType>
+class SourceIPInputBaseFactory
+    : public BaseFactory<SourceIPInput<MatchingDataType>,
+                         envoy::extensions::matching::common_inputs::network::v3::SourceIPInput,
+                         MatchingDataType> {
 public:
-  SourceIPInputFactory() : BaseFactory("source_ip") {}
+  SourceIPInputBaseFactory()
+      : BaseFactory<SourceIPInput<MatchingDataType>,
+                    envoy::extensions::matching::common_inputs::network::v3::SourceIPInput,
+                    MatchingDataType>("source_ip") {}
 };
 
-class SourcePortInput : public Matcher::DataInput<MatchingData> {
+class SourceIPInputFactory : public SourceIPInputBaseFactory<MatchingData> {};
+
+class UdpSourceIPInputFactory : public SourceIPInputBaseFactory<UdpMatchingData> {};
+
+template <class MatchingDataType>
+class SourcePortInput : public Matcher::DataInput<MatchingDataType> {
 public:
-  Matcher::DataInputGetResult get(const MatchingData& data) const override;
+  Matcher::DataInputGetResult get(const MatchingDataType& data) const override;
 };
 
-class SourcePortInputFactory
-    : public BaseFactory<SourcePortInput,
-                         envoy::extensions::matching::common_inputs::network::v3::SourcePortInput> {
+template <class MatchingDataType>
+class SourcePortInputBaseFactory
+    : public BaseFactory<SourcePortInput<MatchingDataType>,
+                         envoy::extensions::matching::common_inputs::network::v3::SourcePortInput,
+                         MatchingDataType> {
 public:
-  SourcePortInputFactory() : BaseFactory("source_port") {}
+  SourcePortInputBaseFactory()
+      : BaseFactory<SourcePortInput<MatchingDataType>,
+                    envoy::extensions::matching::common_inputs::network::v3::SourcePortInput,
+                    MatchingDataType>("source_port") {}
 };
 
+class SourcePortInputFactory : public SourcePortInputBaseFactory<MatchingData> {};
+
+class UdpSourcePortInputFactory : public SourcePortInputBaseFactory<UdpMatchingData> {};
+
 class DirectSourceIPInput : public Matcher::DataInput<MatchingData> {
 public:
   Matcher::DataInputGetResult get(const MatchingData& data) const override;
@@ -87,7 +127,8 @@ class DirectSourceIPInput : public Matcher::DataInput<MatchingData> {
 class DirectSourceIPInputFactory
     : public BaseFactory<
           DirectSourceIPInput,
-          envoy::extensions::matching::common_inputs::network::v3::DirectSourceIPInput> {
+          envoy::extensions::matching::common_inputs::network::v3::DirectSourceIPInput,
+          MatchingData> {
 public:
   DirectSourceIPInputFactory() : BaseFactory("direct_source_ip") {}
 };
@@ -99,7 +140,8 @@ class SourceTypeInput : public Matcher::DataInput<MatchingData> {
 
 class SourceTypeInputFactory
     : public BaseFactory<SourceTypeInput,
-                         envoy::extensions::matching::common_inputs::network::v3::SourceTypeInput> {
+                         envoy::extensions::matching::common_inputs::network::v3::SourceTypeInput,
+                         MatchingData> {
 public:
   SourceTypeInputFactory() : BaseFactory("source_type") {}
 };
@@ -111,7 +153,8 @@ class ServerNameInput : public Matcher::DataInput<MatchingData> {
 
 class ServerNameInputFactory
     : public BaseFactory<ServerNameInput,
-                         envoy::extensions::matching::common_inputs::network::v3::ServerNameInput> {
+                         envoy::extensions::matching::common_inputs::network::v3::ServerNameInput,
+                         MatchingData> {
 public:
   ServerNameInputFactory() : BaseFactory("server_name") {}
 };
@@ -124,7 +167,8 @@ class TransportProtocolInput : public Matcher::DataInput<MatchingData> {
 class TransportProtocolInputFactory
     : public BaseFactory<
           TransportProtocolInput,
-          envoy::extensions::matching::common_inputs::network::v3::TransportProtocolInput> {
+          envoy::extensions::matching::common_inputs::network::v3::TransportProtocolInput,
+          MatchingData> {
 public:
   TransportProtocolInputFactory() : BaseFactory("transport_protocol") {}
 };
@@ -137,7 +181,8 @@ class ApplicationProtocolInput : public Matcher::DataInput<MatchingData> {
 class ApplicationProtocolInputFactory
     : public BaseFactory<
           ApplicationProtocolInput,
-          envoy::extensions::matching::common_inputs::network::v3::ApplicationProtocolInput> {
+          envoy::extensions::matching::common_inputs::network::v3::ApplicationProtocolInput,
+          MatchingData> {
 public:
   ApplicationProtocolInputFactory() : BaseFactory("application_protocol") {}
 };

source/extensions/common/matcher/trie_matcher.cc

@@ -9,6 +9,8 @@ namespace Matcher {
 
 REGISTER_FACTORY(NetworkTrieMatcherFactory,
                  ::Envoy::Matcher::CustomMatcherFactory<Network::MatchingData>);
+REGISTER_FACTORY(UdpNetworkTrieMatcherFactory,
+                 ::Envoy::Matcher::CustomMatcherFactory<Network::UdpMatchingData>);
 
 } // namespace Matcher
 } // namespace Common

source/extensions/common/matcher/trie_matcher.h

@@ -154,6 +154,7 @@ class TrieMatcherFactoryBase : public ::Envoy::Matcher::CustomMatcherFactory<Dat
 };
 
 class NetworkTrieMatcherFactory : public TrieMatcherFactoryBase<Network::MatchingData> {};
+class UdpNetworkTrieMatcherFactory : public TrieMatcherFactoryBase<Network::UdpMatchingData> {};
 
 } // namespace Matcher
 } // namespace Common

test/common/network/matching/BUILD

@@ -18,3 +18,17 @@ envoy_cc_test(
         "//test/mocks/network:network_mocks",
     ],
 )
+
+envoy_cc_test(
+    name = "inputs_integration_test",
+    srcs = ["inputs_integration_test.cc"],
+    deps = [
+        "//source/common/network:address_lib",
+        "//source/common/network/matching:data_impl_lib",
+        "//source/common/network/matching:inputs_lib",
+        "//test/common/matcher:test_utility_lib",
+        "//test/mocks/matcher:matcher_mocks",
+        "//test/mocks/network:network_mocks",
+        "//test/mocks/server:factory_context_mocks",
+    ],
+)