fix: add proxy protocol always as first listenerFilter (envoyproxy#3332)

* add proxy protocol always as first listenerFilter Signed-off-by: Jesse Haka <[email protected]> * add test Signed-off-by: Jesse Haka <[email protected]> --------- Signed-off-by: Jesse Haka <[email protected]> (cherry picked from commit 6d8f2dc) Signed-off-by: Arko Dasgupta <[email protected]>
arkodg · Jun 8, 2024 · f36f9d8 · f36f9d8
1 parent b4a3fe8
commit f36f9d8
Show file tree

Hide file tree

Showing 2 changed files with 60 additions and 1 deletion.
diff --git a/internal/xds/translator/proxy_protocol.go b/internal/xds/translator/proxy_protocol.go
@@ -32,7 +32,8 @@ func patchProxyProtocolFilter(xdsListener *listenerv3.Listener, irListener *ir.H
 	proxyProtocolFilter := buildProxyProtocolFilter()
 
 	if proxyProtocolFilter != nil {
-		xdsListener.ListenerFilters = append(xdsListener.ListenerFilters, proxyProtocolFilter)
+		// Add the Proxy Protocol filter as first to listeners.
+		xdsListener.ListenerFilters = append([]*listenerv3.ListenerFilter{proxyProtocolFilter}, xdsListener.ListenerFilters...)
 	}
 }
 

diff --git a/internal/xds/translator/proxy_protocol_test.go b/internal/xds/translator/proxy_protocol_test.go
@@ -0,0 +1,58 @@
+// Copyright Envoy Gateway Authors
+// SPDX-License-Identifier: Apache-2.0
+// The full text of the Apache license is available in the LICENSE file at
+// the root of the repo.
+
+package translator
+
+import (
+	"testing"
+
+	listenerv3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
+	"github.com/envoyproxy/go-control-plane/pkg/wellknown"
+	"github.com/stretchr/testify/require"
+
+	"github.com/envoyproxy/gateway/internal/ir"
+)
+
+func TestPatchProxyProtocolFilter(t *testing.T) {
+	type testCase struct {
+		name     string
+		listener *listenerv3.Listener
+	}
+
+	irListener := &ir.HTTPListener{
+		EnableProxyProtocol: true,
+	}
+
+	testCases := []testCase{
+		{
+			name: "listener with proxy proto available already",
+			listener: &listenerv3.Listener{
+				ListenerFilters: []*listenerv3.ListenerFilter{
+					{
+						Name: wellknown.ProxyProtocol,
+					},
+				},
+			},
+		},
+		{
+			name: "listener with tls, append proxy proto",
+			listener: &listenerv3.Listener{
+				ListenerFilters: []*listenerv3.ListenerFilter{
+					{
+						Name: wellknown.TLSInspector,
+					},
+				},
+			},
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			patchProxyProtocolFilter(tc.listener, irListener)
+			// proxy proto filter should be added always as first
+			require.Equal(t, wellknown.ProxyProtocol, tc.listener.ListenerFilters[0].Name)
+		})
+	}
+}