@@ -87,32 +87,32 @@ class SslSocketWrapper : public Network::TransportSocket, Logger::Loggable<Logge
8787 // configuration.
8888 // Cilium socket option is only created if the (initial) policy for the local pod exists.
8989 // If the policy requires TLS then a TLS socket is used, but if the policy does not require
90- // TLS a raw socket is used instead,
90+ // TLS a raw socket is used instead.
9191 auto & conn = callbacks_->connection ();
9292
9393 ENVOY_CONN_LOG (trace, " retrieving policy filter state"
94- auto policy_socket_option =
94+ auto policy_ref =
9595 conn.streamInfo ().filterState ()->getDataReadOnly <Cilium::CiliumPolicyFilterState>(
9696 Cilium::CiliumPolicyFilterState::key ());
9797
98- if (policy_socket_option ) {
99- const auto & policy = policy_socket_option ->getPolicy ();
98+ if (policy_ref ) {
99+ const auto & policy = policy_ref ->getPolicy ();
100100
101101 // Resolve the destination security ID and port
102102 uint32_t destination_identity = 0 ;
103- uint32_t destination_port = policy_socket_option ->port_ ;
103+ uint32_t destination_port = policy_ref ->port_ ;
104104 const Network::Address::Ip* dip = nullptr ;
105105 bool is_client = state_ == Extensions::TransportSockets::Tls::InitialState::Client;
106106
107- if (!policy_socket_option ->ingress_ ) {
107+ if (!policy_ref ->ingress_ ) {
108108 Network::Address::InstanceConstSharedPtr dst_address =
109109 is_client ? callbacks_->connection ().connectionInfoProvider ().remoteAddress ()
110110 : callbacks_->connection ().connectionInfoProvider ().localAddress ();
111111 if (dst_address) {
112112 dip = dst_address->ip ();
113113 if (dip) {
114114 destination_port = dip->port ();
115- destination_identity = policy_socket_option ->resolvePolicyId (dip);
115+ destination_identity = policy_ref ->resolvePolicyId (dip);
116116 } else {
117117 ENVOY_CONN_LOG (warn, " cilium.tls_wrapper: Non-IP destination address: {}"
118118 dst_address->asString ());
@@ -123,11 +123,10 @@ class SslSocketWrapper : public Network::TransportSocket, Logger::Loggable<Logge
123123 }
124124
125125 // get the requested server name from the connection, if any
126- const auto & sni = policy_socket_option ->sni_ ;
126+ const auto & sni = policy_ref ->sni_ ;
127127
128- auto remote_id = policy_socket_option->ingress_ ? policy_socket_option->source_identity_
129- : destination_identity;
130- auto port_policy = policy.findPortPolicy (policy_socket_option->ingress_ , destination_port);
128+ auto remote_id = policy_ref->ingress_ ? policy_ref->source_identity_ : destination_identity;
129+ auto port_policy = policy.findPortPolicy (policy_ref->ingress_ , destination_port);
131130 const Envoy::Ssl::ContextConfig* config = nullptr ;
132131 bool raw_socket_allowed = false ;
133132 Envoy::Ssl::ContextSharedPtr ctx =
@@ -157,7 +156,7 @@ class SslSocketWrapper : public Network::TransportSocket, Logger::Loggable<Logge
157156 policy.tlsWrapperMissingPolicyInc ();
158157
159158 std::string ipStr (" <none>"
160- if (policy_socket_option ->ingress_ ) {
159+ if (policy_ref ->ingress_ ) {
161160 Network::Address::InstanceConstSharedPtr src_address =
162161 is_client ? callbacks_->connection ().connectionInfoProvider ().localAddress ()
163162 : callbacks_->connection ().connectionInfoProvider ().remoteAddress ();
@@ -176,9 +175,9 @@ class SslSocketWrapper : public Network::TransportSocket, Logger::Loggable<Logge
176175 warn,
177176 " cilium.tls_wrapper: Could not get {} TLS context for pod {} on {} IP {} (id {}) port "
178177 " {} sni \" {}\" and raw socket is not allowed"
179- conn, is_client ? " client" " server" policy_socket_option ->pod_ip_ ,
180- policy_socket_option ->ingress_ ? " source" " destination"
181- destination_port, sni);
178+ conn, is_client ? " client" " server" policy_ref ->pod_ip_ ,
179+ policy_ref ->ingress_ ? " source" " destination" , destination_port ,
180+ sni);
182181 }
183182 } else {
184183 ENVOY_CONN_LOG (warn,
0 commit comments