Skip to content

golang callaback: add DownstreamSslConnection#43480

Merged
wbpcode merged 8 commits into
envoyproxy:mainfrom
DataDog:fl/golang-ssl-interface
Feb 28, 2026
Merged

golang callaback: add DownstreamSslConnection#43480
wbpcode merged 8 commits into
envoyproxy:mainfrom
DataDog:fl/golang-ssl-interface

Conversation

@fl0Lec
Copy link
Copy Markdown
Contributor

@fl0Lec fl0Lec commented Feb 13, 2026
edited
Loading

adding downstreamSslConnection to have 1:1 matching with Lua features

Commit Message: adding downstreamSslConnection to have 1:1 matching with Lua features
Additional Description:
Risk Level: Low
Testing: Integration test
Docs Changes: No
Release Notes: Yes
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional API Considerations:]

@repokitteh-read-only
Copy link
Copy Markdown

repokitteh-read-only Bot commented Feb 13, 2026

As a reminder, PRs marked as draft will not be automatically assigned reviewers,
or be handled by maintainer-oncall triage.

Please mark your PR as ready when you want it to be reviewed!

🐱

Caused by: #43480 was opened by fl0Lec.

see: more, trace.

@fl0Lec fl0Lec force-pushed the fl/golang-ssl-interface branch 2 times, most recently from d9c8ed6 to 14987e0 Compare February 16, 2026 11:11
@fl0Lec fl0Lec marked this pull request as ready for review February 16, 2026 15:35
@fl0Lec fl0Lec force-pushed the fl/golang-ssl-interface branch from 14987e0 to 1346b00 Compare February 16, 2026 15:43
@fl0Lec fl0Lec marked this pull request as draft February 16, 2026 15:43
@fl0Lec fl0Lec force-pushed the fl/golang-ssl-interface branch from 1346b00 to be7e9ce Compare February 16, 2026 15:44
@fl0Lec fl0Lec marked this pull request as ready for review February 16, 2026 16:33
doujiang24
doujiang24 reviewed Feb 17, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@doujiang24 doujiang24 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@fl0Lec , Nice work!

Comment thread contrib/golang/common/go/api/api.h Outdated
wdauchy
wdauchy reviewed Feb 17, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@wdauchy wdauchy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice work on the feature parity with Lua, the Go interface and tests look solid. I have a few concerns mostly around the C API surface area and some consistency nits.

Comment thread contrib/golang/filters/http/source/cgo.cc Outdated
Comment thread contrib/golang/filters/http/source/cgo.cc Outdated
Comment thread contrib/golang/filters/http/source/golang_filter.h Outdated
Comment thread contrib/golang/filters/http/source/go/pkg/http/capi_impl.go Outdated
Comment thread contrib/golang/common/go/api/filter.go Outdated
Comment thread contrib/golang/filters/network/source/go/pkg/network/filter.go
}

func (n *connectionCallback) DownstreamSslConnection() api.SslConnection {
panic("implement me")
Copy link
Copy Markdown
Contributor

@wdauchy wdauchy Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the interface contract says "returns nil if the connection is not secured with SSL/TLS". panic("implement me") will crash at runtime instead. consider returning nil here to match the documented behavior, same as the other unimplemented stubs that return zero values.

Copy link
Copy Markdown
Contributor Author

@fl0Lec fl0Lec Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Returning nil here would actually be misleading, since per the interface contract nil specifically means "the connection is not secured with SSL/TLS". That would be incorrect - the connection might be secured, we just haven't implemented this functionality for network filters yet.

The panic("implement me") pattern is consistent with other unimplemented methods in this file (e.g., GetRouteName, FilterChainName, Protocol, ResponseCode, DynamicMetadata, UpstreamClusterName, etc.). The network filter is less commonly used than the HTTP filter, so these stubs exist to fulfill the Go interface while signaling that the functionality isn't available yet.

If/when we implement SSL connection support for network filters, we'll replace the panic with the actual implementation.
Which could be done in a followup PR if needed

@fl0Lec fl0Lec force-pushed the fl/golang-ssl-interface branch from c75025e to 5baf742 Compare February 17, 2026 10:30
@fl0Lec fl0Lec requested review from doujiang24 and wdauchy February 17, 2026 11:38
@fl0Lec fl0Lec force-pushed the fl/golang-ssl-interface branch from 4628e67 to dd97604 Compare February 17, 2026 19:11
wdauchy
wdauchy approved these changes Feb 17, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@wdauchy wdauchy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good to me. the refactoring to use EnvoyValue enum dispatch with getStringValue/getIntegerValue/getStringsValue is much cleaner than the original 21 separate C API functions. the null byte separator for SANs and the streamInfo() revert are also addressed. nice work.

@fl0Lec
Copy link
Copy Markdown
Contributor Author

fl0Lec commented Feb 19, 2026

cc: @doujiang24 if you could re-review the PR

doujiang24
doujiang24 reviewed Feb 24, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@doujiang24 doujiang24 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for the late, just back from a long vocation.

Comment thread contrib/golang/common/go/api/filter.go Outdated
Comment thread contrib/golang/filters/http/source/go/pkg/http/capi_impl.go Outdated
Comment thread contrib/golang/filters/http/source/go/pkg/http/capi_impl.go Outdated
doujiang24
doujiang24 reviewed Feb 25, 2026
View reviewed changes
Comment thread contrib/golang/filters/http/source/go/pkg/http/capi_impl.go Outdated
@fl0Lec fl0Lec requested a review from doujiang24 February 25, 2026 14:43
@fl0Lec
golang callaback: add DownstreamSslConnection
f3b2968 
adding downstreamSslConnection to have 1:1 matching with Lua features

Signed-off-by: Florent Lecoultre <florent.lecoultre@datadoghq.com>
@fl0Lec
adding entry to current.yaml
85655b3 
Signed-off-by: Florent Lecoultre <florent.lecoultre@datadoghq.com>
@fl0Lec
using GetIntegerValue and GetStringValue
3e10aea 
adding additional GetStringsValue

Signed-off-by: Florent Lecoultre <florent.lecoultre@datadoghq.com>
@fl0Lec
comment + revert streamInfo to private
9b715f8 
Signed-off-by: Florent Lecoultre <florent.lecoultre@datadoghq.com>
@fl0Lec
remove bool present when clear
13519c9 
clone string to avoid dept

Signed-off-by: Florent Lecoultre <florent.lecoultre@datadoghq.com>
@fl0Lec
using getStringValue instead of getStringsValue
27a9833 
keeping the String `\0` separated

Signed-off-by: Florent Lecoultre <florent.lecoultre@datadoghq.com>
@fl0Lec
factorize go code and add useful comment
fbb0cd7 
unify test header

Signed-off-by: Florent Lecoultre <florent.lecoultre@datadoghq.com>
@fl0Lec fl0Lec force-pushed the fl/golang-ssl-interface branch from 6e50073 to fbb0cd7 Compare February 26, 2026 08:55
@fl0Lec
Copy link
Copy Markdown
Contributor Author

fl0Lec commented Feb 26, 2026

the CI failure is unrelated to this PR and is failing on other PR

@doujiang24
Copy link
Copy Markdown
Member

doujiang24 commented Feb 26, 2026

/retest

doujiang24
doujiang24 approved these changes Feb 27, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@doujiang24 doujiang24 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work, LGTM

@fl0Lec
Copy link
Copy Markdown
Contributor Author

fl0Lec commented Feb 27, 2026

@botengyao could we also get a review with write access ?

@fl0Lec
Copy link
Copy Markdown
Contributor Author

fl0Lec commented Feb 27, 2026

/retest

@doujiang24
Copy link
Copy Markdown
Member

doujiang24 commented Feb 28, 2026

Cool, all tests passed, it's good to merge. cc @wbpcode @phlax Thanks!

@wbpcode wbpcode merged commit 573db97 into envoyproxy:main Feb 28, 2026
28 checks passed
bmjask pushed a commit to bmjask/envoy that referenced this pull request Mar 14, 2026
@fl0Lec @bmjask
golang callaback: add DownstreamSslConnection (envoyproxy#43480)
5215df1 
adding downstreamSslConnection to have 1:1 matching with Lua features

Commit Message: adding downstreamSslConnection to have 1:1 matching with
Lua features
Additional Description:
Risk Level: Low
Testing: Integration test
Docs Changes: No
Release Notes: Yes
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional [API
Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):]

---------

Signed-off-by: Florent Lecoultre <florent.lecoultre@datadoghq.com>
Signed-off-by: bjmask <11672696+bjmask@users.noreply.github.com>
bvandewalle pushed a commit to bvandewalle/envoy that referenced this pull request Mar 17, 2026
@fl0Lec @bvandewalle
golang callaback: add DownstreamSslConnection (envoyproxy#43480)
e180d3a 
adding downstreamSslConnection to have 1:1 matching with Lua features

Commit Message: adding downstreamSslConnection to have 1:1 matching with
Lua features
Additional Description:
Risk Level: Low
Testing: Integration test
Docs Changes: No
Release Notes: Yes
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional [API
Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):]

---------

Signed-off-by: Florent Lecoultre <florent.lecoultre@datadoghq.com>
fishcakez pushed a commit to fishcakez/envoy that referenced this pull request Mar 25, 2026
@fl0Lec @fishcakez
golang callaback: add DownstreamSslConnection (envoyproxy#43480)
46878ca 
adding downstreamSslConnection to have 1:1 matching with Lua features

Commit Message: adding downstreamSslConnection to have 1:1 matching with
Lua features
Additional Description:
Risk Level: Low
Testing: Integration test
Docs Changes: No
Release Notes: Yes
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional [API
Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):]

---------

Signed-off-by: Florent Lecoultre <florent.lecoultre@datadoghq.com>
henrymwang pushed a commit to DataDog/envoy that referenced this pull request Apr 13, 2026
@fl0Lec @wdauchy
golang callaback: add DownstreamSslConnection (envoyproxy#43480)
29e19b1 
adding downstreamSslConnection to have 1:1 matching with Lua features

Commit Message: adding downstreamSslConnection to have 1:1 matching with
Lua features
Additional Description:
Risk Level: Low
Testing: Integration test
Docs Changes: No
Release Notes: Yes
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional [API
Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):]

---------

Signed-off-by: Florent Lecoultre <florent.lecoultre@datadoghq.com>
krinkinmu pushed a commit to grnmeira/envoy that referenced this pull request Apr 20, 2026
@fl0Lec @krinkinmu
golang callaback: add DownstreamSslConnection (envoyproxy#43480)
fc37d4c 
adding downstreamSslConnection to have 1:1 matching with Lua features

Commit Message: adding downstreamSslConnection to have 1:1 matching with
Lua features
Additional Description:
Risk Level: Low
Testing: Integration test
Docs Changes: No
Release Notes: Yes
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional [API
Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):]

---------

Signed-off-by: Florent Lecoultre <florent.lecoultre@datadoghq.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wbpcode wbpcode wbpcode approved these changes

+2 more reviewers

@wdauchy wdauchy wdauchy approved these changes

@doujiang24 doujiang24 doujiang24 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@doujiang24 doujiang24

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@fl0Lec @doujiang24 @wdauchy @wbpcode