xDS中Listener Filter的概念

• 1: [译]Envoy中的Listener Filter
• 2: [译]Envoy中的Listener Filter Chain
• 3: [译]Envoy中的Network (L3/L4) filters

1 - [译]Envoy中的Listener Filter

https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/listeners/listener_filters

As discussed in the listener section, listener filters may be used to manipulate connection metadata. The main purpose of listener filters is to make adding further system integration functions easier by not requiring changes to Envoy core functionality, and also make interaction between multiple such features more explicit.

如 监听器 一节所述, 监听器过滤器可以用于操纵连接元数据。 监听器过滤器的主要目的是更方便地添加系统集成功能，而无需更改 Envoy 核心功能，并使多个此类功能之间的交互更加明确。

The API for listener filters is relatively simple since ultimately these filters operate on newly accepted sockets. Filters in the chain can stop and subsequently continue iteration to further filters. This allows for more complex scenarios such as calling a rate limiting service, etc. Envoy already includes several listener filters that are documented in this architecture overview as well as the configuration reference.

监听器过滤器的 API 相对简单，因为最终这些过滤器是在新接收的套接字上操作的。可停止链中的过滤器并继续执行后续的过滤器。这允许去运作更复杂的业务场景，例如调用 限速服务 等。 Envoy 包含多个监听器过滤器，这些过滤器在架构概述以及 配置参考 中都有记录。

参考文档

• https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/listeners/listener_filters envoy官方文档中对Listener的说明
• https://cloudnative.to/envoy/intro/arch_overview/listeners/listener_filters.html 上文的中文翻译

2 - [译]Envoy中的Listener Filter Chain

https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/listeners/network_filter_chain

As discussed in the listener section, network level (L3/L4) filters form the core of Envoy connection handling.

正如在 Listener 部分所讨论的，网络级（L3/L4）过滤器构成了Envoy连接处理的核心。

The network filters are chained in a ordered list known as filter chain. Each listener has multiple filter chains and an optional default filter chain. associated with each filter chain. If the best match filter chain cannot be found, the default filter chain will be chosen to serve the request. If the default filter chain is not supplied, the connection will be closed.

网络过滤器在一个有序的列表中被链起来，称为过滤器链。每个监听器都有多个过滤器链和一个与每个过滤器链相关的可选默认过滤器链。如果找不到最佳匹配的过滤链，将选择默认的过滤链来处理请求。如果没有提供默认的过滤链，连接将被关闭。

Filter chain only update

Filter chains can be updated independently. Upon listener config update, if the listener manager determines that the listener update is a filter chain only update, the listener update will be executed by adding, updating and removing filter chains. The connections owned by these destroying filter chains will be drained as described in listener drain.

过滤链可以独立更新。在 Listener 配置更新时，如果 listener 管理器确定 listener 更新只是更新过滤链，listener 更新将通过添加、更新和删除过滤链来执行。这些破坏的过滤链所拥有的连接将被逐出，如 listener drain 中所描述的那样。

If the new filter chain and the old filter chain is protobuf message equivalent, the corresponding filter chain runtime info survives. The connections owned by the survived filter chains remain open.

如果新的过滤链和旧的过滤链是 protobuf 消息等价的，那么相应的过滤链运行时信息就会存活。存活的过滤链所拥有的连接保持打开。

Not all the listener config updates can be executed by filter chain update. For example, if the listener metadata is updated within the new listener config, the new metadata must be picked up by the new filter chains. In this case, the entire listener is drained and updated.

并非所有的 listener 配置更新都可以通过过滤链更新来执行。例如，如果 listener 元数据在新的 listener 配置中被更新，新的元数据必须被新的过滤链所接收。在这种情况下，整个 listener 会被逐出并更新。

3 - [译]Envoy中的Network (L3/L4) filters

https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/listeners/network_filters

As discussed in the listener section, network level (L3/L4) filters form the core of Envoy connection handling. The filter API allows for different sets of filters to be mixed and matched and attached to a given listener. There are three different types of network filters:

正如在 listener 部分所讨论的，网络级（L3/L4）过滤器构成了Envoy连接处理的核心。过滤器API允许混合和匹配不同的过滤器集合，并附加到给定的监听器。有三种不同类型的网络过滤器：

• Read: Read filters are invoked when Envoy receives data from a downstream connection.
• Write: Write filters are invoked when Envoy is about to send data to a downstream connection.
• Read/Write: Read/Write filters are invoked both when Envoy receives data from a downstream connection and when it is about to send data to a downstream connection.

• 读：当Envoy收到来自下游连接的数据时，会调用读过滤器。

• 写：写过滤器在Envoy收到下游连接的数据时被调用。当Envoy要向下游连接发送数据时，会调用写过滤器。

• 读/写：读/写过滤器在Envoy从下游连接接收数据和即将向下游连接发送数据时都会被调用。

The API for network level filters is relatively simple since ultimately the filters operate on raw bytes and a small number of connection events (e.g., TLS handshake complete, connection disconnected locally or remotely, etc.). Filters in the chain can stop and subsequently continue iteration to further filters. This allows for more complex scenarios such as calling a rate limiting service, etc. Network level filters can also share state (static and dynamic) among themselves within the context of a single downstream connection. Refer to data sharing between filters for more details. Envoy already includes several network level filters that are documented in this architecture overview as well as the configuration reference.

网络级过滤器的API相对简单，因为最终过滤器操作的是原始字节和少量的连接事件（例如，TLS握手完成，连接在本地或远程断开，等等）。链上的过滤器可以停止，随后继续迭代到更多的过滤器。这允许更复杂的场景，如调用速率限制服务等。网络级过滤器也可以在单个下游连接的范围内相互共享状态（静态和动态）。更多细节请参考过滤器之间的数据共享。Envoy已经包含了几个网络级过滤器，在这个架构概述以及配置参考中都有记录。