Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improved handling for HTTP X-Forwarded-For and Forwarded #4009

Closed
wants to merge 1 commit into from
Closed

Improved handling for HTTP X-Forwarded-For and Forwarded #4009

wants to merge 1 commit into from

Conversation

scottschurr
Copy link
Collaborator

Improve handling of HTTP X-Forwarded-For and Forwarded fields

It was discovered that rippled was not handling IPv6 and IPv6 (dual) formatted IP addresses in X-Forwarded-For and Forwarded fields. This commit improves the situation and adds tests to verify.

Context of Change

The problem was discovered when services were forwarding requests to reporting mode servers. IPV6 formatted addresses were not being handled correctly. The upshot of the change should simply be that addresses which failed before should now be handled correctly.

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • Tests (You added tests for code that already exists, or your new feature included in this PR)

Test Plan

The unit tests simply confirm that the X-Forwarded-For and Forwarded fields are isolated correctly and forms a valid IP address.

It may be smart to add integration tests that use X-Forwarded-For and Forwarded fields so the changes can be exercised in an actual running environment.

HowardHinnant
HowardHinnant approved these changes Dec 2, 2021
View reviewed changes
Copy link
Contributor

@HowardHinnant HowardHinnant left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

@RhinocerosFarm
Copy link

good

gregtatcam
gregtatcam reviewed Dec 10, 2021
View reviewed changes
src/ripple/rpc/impl/Role.cpp

return ret;
}

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would boost::regex be better? It's certainly a bit less code.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was a good question to ask. At this prompt I explored using boost::regex to do the work. I don't have a lot of experience with boost::regex, so maybe I'm missing something. But from what I can see boost::regex does not support boost::string_view very well if at all.

The problem is that ripple::forwardedFor() is designed to return a boost::string_view extracted from the passed in http_request_type const&. I believe this design is intended to avoid the memory allocations that are involved with std::string creation. After poking at boost::regex for a few hours I've been unable to locate the operations I would need to perform in order to get boost::regex to operate on and produce the needed boost::string_view. A few web searches helped to reinforce this suspicion.

Maybe you have more experience with boost::regex and can steer me in the right direction? Failing that, I'm afraid the current character manipulations are the best I can do.

I did not look into using std::regex since, disappointingly, std::regex is not portable across platforms.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see. I didn't consider boost::string_view.

gregtatcam
gregtatcam approved these changes Dec 12, 2021
View reviewed changes
Copy link
Collaborator

@gregtatcam gregtatcam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 LGTM

@scottschurr
Copy link
Collaborator Author

Thanks for the reviews, folks. The Travis CI failures are our usual build failures on macOS. I'm going to mark this pull request as passed.

@scottschurr scottschurr added the Passed Passed code review & PR owner thinks it's ready to merge. Perf sign-off may still be required. label Dec 13, 2021
@scottschurr scottschurr mentioned this pull request Dec 14, 2021
Closed
7 tasks
This was referenced Dec 15, 2021
Closed
Merged
@scottschurr scottschurr deleted the http-forwarded branch December 17, 2021 19:46
@kennyzlei kennyzlei mentioned this pull request Jul 30, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@HowardHinnant HowardHinnant HowardHinnant approved these changes

@gregtatcam gregtatcam gregtatcam approved these changes

Assignees

@gregtatcam gregtatcam

@HowardHinnant HowardHinnant

Labels
Passed Passed code review & PR owner thinks it's ready to merge. Perf sign-off may still be required.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@scottschurr @RhinocerosFarm @gregtatcam @HowardHinnant