IP matcher

This extension may be referenced by the qualified name envoy.matching.input_matchers.ip

Note

This extension is intended to be robust against both untrusted downstream and upstream traffic.

Tip

This extension extends and can be used with the following extension category:

extensions.matching.input_matchers.ip.v3.Ip

[extensions.matching.input_matchers.ip.v3.Ip proto]

This input matcher matches IPv4 or IPv6 addresses against a list of CIDR ranges. It returns true if and only if the input IP belongs to at least one of these CIDR ranges. Internally, it uses a Level-Compressed trie, as described in the paper IP-address lookup using LC-tries by S. Nilsson and G. Karlsson. For “big” lists of IPs, this matcher is more efficient than multiple single IP matcher, that would have a linear cost.

  1. {
  2. "cidr_ranges": [],
  3. "stat_prefix": "..."
  4. }

cidr_ranges

(repeated config.core.v3.CidrRange, REQUIRED) Match if the IP belongs to any of these CIDR ranges.

stat_prefix

(string, REQUIRED) The human readable prefix to use when emitting statistics for the IP input matcher. Names in the table below are concatenated to this prefix.

Name

Type

Description

ip_parsing_failed

Counter

Total number of IP addresses the matcher was unable to parse