我的书签
添加书签
移除书签TLS Inspector
TLS Inspector listener filter allows detecting whether the transport appears to be TLS or plaintext, and if it is TLS, it detects the Server Name Indication and/or Application-Layer Protocol Negotiation from the client. This can be used to select a FilterChain via the server_names and/or application_protocols of a FilterChainMatch.
This filter may be configured with the name envoy.filters.listener.tls_inspector or type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector as the type_url.
Example
A sample filter configuration could be:
listener_filters:- name: "envoy.filters.listener.tls_inspector"
Or by specifying the type_url of the typed_config:
listener_filters:- name: "tls_inspector"typed_config:"@type": type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector
Statistics
This filter has a statistics tree rooted at tls_inspector with the following statistics:
Name | Type | Description |
|---|---|---|
connection_closed | Counter | Total connections closed |
client_hello_too_large | Counter | Total unreasonably large Client Hello received |
read_error | Counter | Total read errors |
tls_found | Counter | Total number of times TLS was found |
tls_not_found | Counter | Total number of times TLS was not found |
alpn_found | Counter | Total number of times Application-Layer Protocol Negotiation was successful |
alpn_not_found | Counter | Total number of times Application-Layer Protocol Negotiation has failed |
sni_found | Counter | Total number of times Server Name Indication was found |
sni_not_found | Counter | Total number of times Server Name Indication was not found |
