add channel filter extension point

[kralicky]

This adds a new channel filter extension type which can be used in a similar manner as generic proxy stream filters, but scoped to individual ssh channels instead of the entire connection. Channel filters implement a method onMessageForward which is called before a channel is about to forward a message to the peer. Channel filters are also able to query a channel's internal id, type, and stats, and are able to interrupt channels using the same preempt mechanism used for graceful shutdown.

[coveralls]

Coverage Report for CI Build 24791090420

Warning

No base build found for commit aa54b84 on kralicky/refactor-channel-open.
Coverage changes can't be calculated without a base build.
If a base build is processing, this comment will update automatically when it completes.

Coverage: 100.0%

Details

• Patch coverage: 105 of 105 lines across 11 files are fully covered (100%).

Uncovered Changes

No uncovered changes found.

Coverage Regressions

Requires a base build to compare against. How to fix this →

---

Coverage Stats

Relevant Lines:	7623
Covered Lines:	7623
Line Coverage:	100.0%
Coverage Strength:	20388.0 hits per line

---

💛 - Coveralls

[kenjenkins]

What is the intended relationship between enabled_channel_filters here and the UpstreamTarget channel_filters below?

I'm not sure I understand why this field takes just the filter name while that one takes a full TypedExtensionConfig.

[kralicky]

This should be fixed, I hadn't actually wired up the channel_filters configuration yet and realized I was missing some config setup code here. enabled_channel_filters controls which channel filter factory instances are created for new ssh connections. These can have their own typed config, which controls the factory itself. Then, the extension configs in channel_filters are checked against the list of enabled filters and validated, and when a channel is created a read filter or write filter is created from each configured factory. The channel filters themselves have a separate config type.

[kenjenkins]

I think the naming is confusing me: if both of these end in channel_filters I would expect them to take the same kind of config.

Would it make sense to rename this one to channel_filter_factories? (or enabled_channel_filter_factories, if you want to keep the enabled bit)

[kenjenkins]

If this is a special test-only constructor? Is there some way we could keep this out of the production code?

[kralicky]

Yes this is for tests which cannot obtain a ServerFactoryContext. I don't think there is a way to #ifdef this out for tests only.

[kenjenkins]

I'm not sure I understand how the distinction between "read filter" and "write filter" relates to the ChannelFilter type, as I see only the one onMessageForward() method there. Can you help me understand the intended design?

[kralicky]

Read filters are passed downstream->upstream forwarded messages, and Write filters are passed upstream->downstream forwarded messages. I could rename these createDownstreamFilter and createUpstreamFilter but I don't know if that would be more or less confusing.

[kenjenkins]

Could you add some comments here to help explain the terminology?

I'm still not sure I understand:

• Does this mean that each configured filter is effectively inserted twice, once on the downstream → upstream direction and once on the upstream → downstream direction?
• Do we anticipate that individual filters would need to distinguish between messages forwarded in one direction vs. the other?
• Do we anticipate wanting the ability to insert a filter only in one direction or the other?

[kenjenkins]

Can you help me understand the lifecycle of ChannelFilterManager? The mutable state here makes me nervous.

It looks like there is one ChannelFilterManager per SshCodecFactory — does that mean the manager is shared across multiple ssh connections?

[kenjenkins]

Is this file deletion intended?