Skip to content

golang callaback: add DownstreamSslConnection#43480

Open
fl0Lec wants to merge 4 commits intoenvoyproxy:mainfrom
DataDog:fl/golang-ssl-interface
Open

golang callaback: add DownstreamSslConnection#43480
fl0Lec wants to merge 4 commits intoenvoyproxy:mainfrom
DataDog:fl/golang-ssl-interface

Conversation

@fl0Lec
Copy link
Contributor

@fl0Lec fl0Lec commented Feb 13, 2026
edited
Loading

adding downstreamSslConnection to have 1:1 matching with Lua features

Commit Message: adding downstreamSslConnection to have 1:1 matching with Lua features
Additional Description:
Risk Level: Low
Testing: Integration test
Docs Changes: No
Release Notes: Yes
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional API Considerations:]

@repokitteh-read-only
Copy link

repokitteh-read-only bot commented Feb 13, 2026

As a reminder, PRs marked as draft will not be automatically assigned reviewers,
or be handled by maintainer-oncall triage.

Please mark your PR as ready when you want it to be reviewed!

🐱

Caused by: #43480 was opened by fl0Lec.

see: more, trace.

@fl0Lec fl0Lec force-pushed the fl/golang-ssl-interface branch 2 times, most recently from d9c8ed6 to 14987e0 Compare February 16, 2026 11:11
@fl0Lec fl0Lec marked this pull request as ready for review February 16, 2026 15:35
@fl0Lec fl0Lec force-pushed the fl/golang-ssl-interface branch from 14987e0 to 1346b00 Compare February 16, 2026 15:43
@fl0Lec fl0Lec marked this pull request as draft February 16, 2026 15:43
@fl0Lec
golang callaback: add DownstreamSslConnection
9601ff9 
adding downstreamSslConnection to have 1:1 matching with Lua features

Signed-off-by: Florent Lecoultre <florent.lecoultre@datadoghq.com>
@fl0Lec
adding entry to current.yaml
be7e9ce 
Signed-off-by: Florent Lecoultre <florent.lecoultre@datadoghq.com>
@fl0Lec fl0Lec force-pushed the fl/golang-ssl-interface branch from 1346b00 to be7e9ce Compare February 16, 2026 15:44
@fl0Lec fl0Lec marked this pull request as ready for review February 16, 2026 16:33
doujiang24
doujiang24 reviewed Feb 17, 2026
View reviewed changes
Copy link
Member

@doujiang24 doujiang24 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@fl0Lec , Nice work!

wdauchy
wdauchy reviewed Feb 17, 2026
View reviewed changes
Copy link
Contributor

@wdauchy wdauchy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice work on the feature parity with Lua, the Go interface and tests look solid. I have a few concerns mostly around the C API surface area and some consistency nits.

contrib/golang/filters/network/source/go/pkg/network/filter.go
}

func (n *connectionCallback) DownstreamSslConnection() api.SslConnection {
panic("implement me")
Copy link
Contributor

@wdauchy wdauchy Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the interface contract says "returns nil if the connection is not secured with SSL/TLS". panic("implement me") will crash at runtime instead. consider returning nil here to match the documented behavior, same as the other unimplemented stubs that return zero values.

Copy link
Contributor Author

@fl0Lec fl0Lec Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Returning nil here would actually be misleading, since per the interface contract nil specifically means "the connection is not secured with SSL/TLS". That would be incorrect - the connection might be secured, we just haven't implemented this functionality for network filters yet.

The panic("implement me") pattern is consistent with other unimplemented methods in this file (e.g., GetRouteName, FilterChainName, Protocol, ResponseCode, DynamicMetadata, UpstreamClusterName, etc.). The network filter is less commonly used than the HTTP filter, so these stubs exist to fulfill the Go interface while signaling that the functionality isn't available yet.

If/when we implement SSL connection support for network filters, we'll replace the panic with the actual implementation.
Which could be done in a followup PR if needed

@fl0Lec
using GetIntegerValue and GetStringValue
5baf742 
adding additional GetStringsValue

Signed-off-by: Florent Lecoultre <florent.lecoultre@datadoghq.com>
@fl0Lec fl0Lec force-pushed the fl/golang-ssl-interface branch from c75025e to 5baf742 Compare February 17, 2026 10:30
@fl0Lec fl0Lec requested review from doujiang24 and wdauchy February 17, 2026 11:38
@fl0Lec
comment + revert streamInfo to private
dd97604 
Signed-off-by: Florent Lecoultre <florent.lecoultre@datadoghq.com>
@fl0Lec fl0Lec force-pushed the fl/golang-ssl-interface branch from 4628e67 to dd97604 Compare February 17, 2026 19:11
wdauchy
wdauchy approved these changes Feb 17, 2026
View reviewed changes
Copy link
Contributor

@wdauchy wdauchy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good to me. the refactoring to use EnvoyValue enum dispatch with getStringValue/getIntegerValue/getStringsValue is much cleaner than the original 21 separate C API functions. the null byte separator for SANs and the streamInfo() revert are also addressed. nice work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@doujiang24 doujiang24 Awaiting requested review from doujiang24

1 more reviewer

@wdauchy wdauchy wdauchy approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@doujiang24 doujiang24

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@fl0Lec @wdauchy @doujiang24

Comments