Does original_dst filter work with UDP proxy? #37045

jianyongniu · 2024-11-07T23:07:26Z

Envoy Proxy v1.32.0

I am trying to work on a Dynamic Forward Proxy for UDP. Essentially a client will send udp traffic to target hosts/ports. I want to use Envoy Proxy to intercept the traffic and perform non-transparent forward proxy.

The traffic are redirected to Envoy Proxy by a iptables rule.
The traffic flow can be depicted as below,

client: ---> www.example.com:1234
                               |
                               -----> redirect to envoy  listener 127.0.0.1:8889
                                                                       |
                                                                       ----> get original dst (www.example.com:1234), 
                                                                                resolve the hostname, and 
                                                                                forward to upstream which has endpoint www.example.com:1234

Because the target hosts are changeable therefore there I need a dynamic forward proxy.

Question is, does the envoy.extensions.filters.listener.original_dst filter work for UDP listener?
I tried the following config. Envoy reported error:

[2024-11-07 22:46:09.822][551030][critical][main] [source/server/server.cc:412] error initializing config ' configs/test.yaml': Didn't find a registered implementation for 'envoy.filters.listener.original_dst' with type URL: 'envoy.extensions.filters.listener.original_dst.v3.OriginalDst'

Test config

node:
  cluster: test-cluster
  id: test-id
admin:
  access_log_path: /dev/null
  address:
    socket_address:
      address: 0.0.0.0
      port_value: 8001
static_resources:
  listeners:
  - address:
      socket_address:
        protocol: UDP
        address: 0.0.0.0
        port_value: 10000
    traffic_direction: OUTBOUND
    use_original_dst: TRUE
    listener_filters:
    - name: envoy.filters.listener.original_dst
      typed_config:
        "@type": type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst
    - name: envoy.filters.udp_listener.udp_proxy
      typed_config:
        '@type': type.googleapis.com/envoy.extensions.filters.udp.udp_proxy.v3.UdpProxyConfig
        stat_prefix: fm_gateway
        matcher:
          on_no_match:
            action:
              name: route
              typed_config:
                '@type': type.googleapis.com/envoy.extensions.filters.udp.udp_proxy.v3.Route
                cluster: dynamic_forward_proxy_cluster_fm
        session_filters:
        - name: dfp
          typed_config:
            '@type': type.googleapis.com/envoy.extensions.filters.udp.udp_proxy.session.dynamic_forward_proxy.v3.FilterConfig
            stat_prefix: fm_gateway
            dns_cache_config:
              name: dynamic-forward-proxy-cache-config
              dns_lookup_family: V4_ONLY             
  clusters:
  - name: dynamic_forward_proxy_cluster_fm
    connect_timeout: 1s
    lb_policy: CLUSTER_PROVIDED
    cluster_type:
      name: envoy.clusters.dynamic_forward_proxy
      typed_config:
        "@type": type.googleapis.com/envoy.extensions.clusters.dynamic_forward_proxy.v3.ClusterConfig
        dns_cache_config:
          name: dynamic-forward-proxy-cache-config
          dns_lookup_family: V4_ONLY
cluster_manager: {}
admin:
  address:
    socket_address:
      address: 127.0.0.1
      port_value: 9900

The text was updated successfully, but these errors were encountered:

jianyongniu added the triage Issue requires triage label Nov 7, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Does original_dst filter work with UDP proxy? #37045

Does original_dst filter work with UDP proxy? #37045

jianyongniu commented Nov 7, 2024 •

edited

Loading

Does original_dst filter work with UDP proxy? #37045

Does original_dst filter work with UDP proxy? #37045

Comments

jianyongniu commented Nov 7, 2024 • edited Loading

jianyongniu commented Nov 7, 2024 •

edited

Loading