Filters

Listener Filters

Manipulate connection metadata

Network Filter Chain

L3/L4 filter->default filter chain(connection close if not supplied)

When filter only update

• Listener manager add/update and remove filter chains, connection owned by destroying filter chains will be drained
• New filter chain and old filter chain is same, connections remain open
• Metadata change, entire listener is drained

Network(L3/L4) Filters

Operate on raw bytes and small number of connection event, tls handshake, connection disconnect; can do rate limit

• Read: receive data from downstream
• Write: send data to downstream
• Read/Write: both

TCP Proxy

1:1 downstream to upstream cluster, respect connection limits for circuit break

UDP Proxy

DNS Filter

• Forward queries for A and AAAA, discovered from static config, clusters or external DNS server