Skip to content

fix: support QUIC listeners with multiple filter chains for different hostnames #7843

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
zhaohuabing wants to merge 2 commits into
base: main
Choose a base branch
from
Open

fix: support QUIC listeners with multiple filter chains for different hostnames #7843

zhaohuabing wants to merge 2 commits into from

Conversation

@zhaohuabing
Copy link
Member

@zhaohuabing zhaohuabing commented Dec 30, 2025
edited
Loading

This PR adds HTTP/3 filter chain matcher support for QUIC listeners to honor multiple hostnames/certificates (SNI) like TCP/TLS listeners.

TCL/TLS listeners are unchanged. They still use filterChainMatch and TLS inspector listener filter to match on SNI, so this won't break existing EnvoyPatchPolicies and Extension servers.

Update: this PR still uses filter_chain_match.server_names for QUIC listener. Envoy’s QUIC stack parses SNI itself, so filter_chain_match.server_names works without TLS Inspector for QUIC listeners. TLS Inspector is only needed for TCP/TLS listeners.

Fixes: #5660

@zhaohuabing zhaohuabing requested a review from a team as a code owner December 30, 2025 10:15
@zhaohuabing zhaohuabing marked this pull request as draft December 30, 2025 10:15
@zhaohuabing zhaohuabing changed the title use filterChainMatcher for http3 listener fix: use filterChainMatcher for http3 listener Dec 30, 2025
@zhaohuabing zhaohuabing force-pushed the fix-http3-with-multiple-hosts branch from 0ea9386 to 5d25751 Compare December 30, 2025 10:26
@codecov
Copy link

codecov bot commented Dec 30, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 60.00000% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 72.71%. Comparing base (e7c0e34) to head (3488b45).

Files with missing lines Patch % Lines
internal/xds/translator/listener.go 60.00% 2 Missing and 2 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #7843      +/-   ##
==========================================
- Coverage   72.72%   72.71%   -0.01%     
==========================================
  Files         235      235              
  Lines       35100    35100              
==========================================
- Hits        25526    25524       -2     
- Misses       7757     7759       +2     
  Partials     1817     1817

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@zhaohuabing zhaohuabing force-pushed the fix-http3-with-multiple-hosts branch 6 times, most recently from 1d73f58 to c4c6383 Compare December 31, 2025 06:24
@zhaohuabing zhaohuabing marked this pull request as ready for review December 31, 2025 06:31
@zhaohuabing
use filterChainMatcher for http3 listener
79535db 
Signed-off-by: Huabing Zhao <[email protected]>

add e2e test for HTTP3 with  multiple hosts

Signed-off-by: Huabing(Robin) Zhao <[email protected]>
@zhaohuabing zhaohuabing force-pushed the fix-http3-with-multiple-hosts branch from c4c6383 to 79535db Compare December 31, 2025 06:39
@zhaohuabing zhaohuabing changed the title fix: use filterChainMatcher for http3 listener fix: support QUIC listeners with multiple filter chains for different hostnames Dec 31, 2025
@zhaohuabing zhaohuabing force-pushed the fix-http3-with-multiple-hosts branch from a4cfe86 to 300fb2a Compare December 31, 2025 09:01
@zhaohuabing
use FilterChainMatch
3488b45 
Signed-off-by: Huabing(Robin) Zhao <[email protected]>
@zhaohuabing zhaohuabing force-pushed the fix-http3-with-multiple-hosts branch from 300fb2a to 3488b45 Compare December 31, 2025 09:17
@zhaohuabing zhaohuabing mentioned this pull request Dec 31, 2025
Open
arkodg
arkodg approved these changes Jan 1, 2026
View reviewed changes
Copy link
Contributor

@arkodg arkodg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM thanks !

@arkodg arkodg requested review from a team January 1, 2026 20:30
@arkodg arkodg added this to the v1.7.0-rc.1 Release milestone Jan 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@arkodg arkodg arkodg approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

v1.7.0-rc.1 Release

Development

Successfully merging this pull request may close these issues.

Nil pointer exception when enabling http3

2 participants

@zhaohuabing @arkodg