wip: add the rest

internal/dataplane/parser/translators/l4route_atc.go

@@ -17,6 +17,15 @@ func ApplyExpressionToL4KongRoute(r *kongstate.Route) {
 
 	// TODO(rodman10): replace with helper function.
 	portMatchers := make([]atc.Matcher, 0, len(r.Destinations))
+	// (and (or sources) (or destinations))
+
+	// Kong route sources and destinations support IP criteria, but Gateway API routes do not (Listeners apply to all IPs
+	// assigned to a Gateway) and neither do our TCPIngress and UDPIngress CRs (we simply never added an IP field).
+	// If we multiplex multiple Gateways (with different assigned IPs) onto a single Kong instance, we would need to add
+	// IP criteria for full compliance. We already break this rule for HTTP Listeners, since Kong HTTP routes do not
+	// support sources and destinations.
+	//
+	// Neither GWAPI Routes nor TCP/UDPIngress support sources either, so this only adds destinations.
 	for _, dst := range r.Destinations {
 		portMatchers = append(portMatchers, atc.NewPredicate(atc.FieldNetDstPort, atc.OpEqual, atc.IntLiteral(*dst.Port)))
 	}

internal/dataplane/parser/translators/l4route_atc_test.go

@@ -0,0 +1,105 @@
+package translators
+
+import (
+	"testing"
+
+	"github.com/kong/go-kong/kong"
+	"github.com/samber/lo"
+	"github.com/stretchr/testify/require"
+
+	"github.com/kong/kubernetes-ingress-controller/v2/internal/dataplane/kongstate"
+)
+
+func TestApplyExpressionToL4KongRoute(t *testing.T) {
+	testCases := []struct {
+		name    string
+		route   kong.Route
+		subExpr string
+	}{
+		{
+			name:    "destination port",
+			subExpr: "net.dst.port == 1234",
+			route: kong.Route{
+				Destinations: []*kong.CIDRPort{
+					{
+						Port: lo.ToPtr(1234),
+					},
+				},
+				Protocols: []*string{
+					lo.ToPtr("tcp"),
+				},
+			},
+		},
+		{
+			name:    "multiple destination ports",
+			subExpr: "(net.dst.port == 1234) || (net.dst.port == 5678)",
+			route: kong.Route{
+				Destinations: []*kong.CIDRPort{
+					{
+						Port: lo.ToPtr(1234),
+					},
+					{
+						Port: lo.ToPtr(5678),
+					},
+				},
+				Protocols: []*string{
+					lo.ToPtr("tcp"),
+				},
+			},
+		},
+		{
+			name:    "SNI host",
+			subExpr: "tls.sni == \"example.com\"",
+			route: kong.Route{
+				SNIs: []*string{
+					lo.ToPtr("example.com"),
+				},
+				Protocols: []*string{
+					lo.ToPtr("tcp"),
+				},
+			},
+		},
+		{
+			name:    "multiple SNI hosts",
+			subExpr: "(tls.sni == \"example.com\") || (tls.sni == \"example.net\")",
+			route: kong.Route{
+				SNIs: []*string{
+					lo.ToPtr("example.com"),
+					lo.ToPtr("example.net"),
+				},
+				Protocols: []*string{
+					lo.ToPtr("tcp"),
+				},
+			},
+		},
+		{
+			name:    "SNI host and multiple destination ports",
+			subExpr: "(tls.sni == \"example.com\") && ((net.dst.port == 1234) || (net.dst.port == 5678))",
+			route: kong.Route{
+				Destinations: []*kong.CIDRPort{
+					{
+						Port: lo.ToPtr(1234),
+					},
+					{
+						Port: lo.ToPtr(5678),
+					},
+				},
+				SNIs: []*string{
+					lo.ToPtr("example.com"),
+				},
+				Protocols: []*string{
+					lo.ToPtr("tcp"),
+				},
+			},
+		},
+	}
+
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			wrapped := kongstate.Route{Route: tc.route}
+			ApplyExpressionToL4KongRoute(&wrapped)
+			require.Contains(t, *wrapped.Route.Expression, tc.subExpr)
+		})
+	}
+}

test/integration/tcpingress_test.go

@@ -36,7 +36,6 @@ var (
 )
 
 func TestTCPIngressEssentials(t *testing.T) {
-	skipTestForExpressionRouter(t)
 	ctx := context.Background()
 
 	t.Parallel()

test/integration/udpingress_test.go

@@ -33,7 +33,6 @@ var udpMutex sync.Mutex
 const coreDNSImage = "registry.k8s.io/coredns/coredns:v1.8.6"
 
 func TestUDPIngressEssentials(t *testing.T) {
-	skipTestForExpressionRouter(t)
 	t.Parallel()
 
 	// Ensure no other UDP tests run concurrently to avoid fights over the port