Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixes #1713: Populated the SOURCE_HOST vanflow attribute in the http1… #1714

Merged
merged 4 commits into from
Jan 13, 2025
Merged

Fixes #1713: Populated the SOURCE_HOST vanflow attribute in the http1… #1714

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
661f5dd
Fixes #1713: Populated the SOURCE_HOST vanflow attribute in the http1…
ganeshmurthy Jan 10, 2025
8142e81
Code review fixes. Replaced strncpy by snprintf
ganeshmurthy Jan 13, 2025
e9eb80e
Added strcasecmp instead of strcmp
ganeshmurthy Jan 13, 2025
4a4fa75
More code reivew changes. Check for return value from call to strtok_r
ganeshmurthy Jan 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 42 additions & 2 deletions src/observers/http1/http1_observer.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,12 @@ struct http1_request_state_t {
uint64_t client_body_octets; // total bytes received in client request msg body
uint64_t server_body_octets; // total bytes received in server response msg body
bool latency_done:1; // true: vflow latency timing complete
bool x_forwarded_for; // true, if the x-forwarded-for header has already been received, false otherwise
};
ALLOC_DECLARE(http1_request_state_t);
ALLOC_DEFINE(http1_request_state_t);


const char *X_FORWARDED = "x-forwarded-for";
/*
* HTTP/1.x decoder callbacks
*/
Expand Down Expand Up @@ -149,10 +150,49 @@ static void protocol_error(qd_http1_decoder_connection_t *hconn, const char *rea
}


static int rx_header(qd_http1_decoder_connection_t *hconn, uintptr_t request_context,bool is_client, const char *key, const char *value)
{
if (is_client) {
//
// We only care about the X-Forwarded-For header coming from the client.
//
if (strcasecmp(X_FORWARDED, (const char *)key) == 0 && value != 0) {
http1_request_state_t *hreq = (http1_request_state_t *) request_context;
if (!hreq->x_forwarded_for) {
//
// We will capture the very first x-forwarded-for header and ignore the other x-forwarded for headers in the same request.
// Say a request has the following three x-forwarded-for headers
//
// X-Forwarded-For: 2001:db8:85a3:8d3:1319:8a2e:370:7348, 197.1.773.201
// X-Forwarded-For: 195.0.223.001
// X-Forwarded-For: 203.0.113.195, 2007:db5:85a3:8d3:1319:8a2e:370:3221
//
// We will obtain the value of the first X-Forwarded-For (2001:db8:85a3:8d3:1319:8a2e:370:7348, 197.1.773.201) and ignore the
// other two X-Forwarded-For headers.
// The first X-Forwarded-For header is comma separated list, we will obtain the leftmost (the first) value (2001:db8:85a3:8d3:1319:8a2e:370:7348) in the list
char value_copy[128];
snprintf(value_copy, sizeof(value_copy), "%s", value);
// Get the first token (left-most)
char *saveptr = 0;
char *first_token = strtok_r(value_copy, ",", &saveptr);
if (first_token) {
vflow_set_string(hreq->vflow, VFLOW_ATTRIBUTE_SOURCE_HOST, first_token);
}

// If the first token was 0 or a valid value, we have seen the first x-forwarded-for header
// and will not look again.
hreq->x_forwarded_for = true;
}
}
}
return 0;
}


static qd_http1_decoder_config_t decoder_config = {
.rx_request = rx_request,
.rx_response = rx_response,
// .rx_header = rx_header,
.rx_header = rx_header,
// .rx_headers_done = rx_headers_done,
.rx_body = rx_body,
// .message_done = message_done,
Expand Down
14 changes: 10 additions & 4 deletions src/observers/http2/http2_observer.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -239,7 +239,7 @@ static int on_header_recv_callback(qd_http2_decoder_connection_t *conn_state,
vflow_set_string(stream_info->vflow, VFLOW_ATTRIBUTE_RESULT, status_code_str);
}
}
} else if (strcmp(X_FORWARDED_FOR, (const char *)name) == 0) {
} else if (strcasecmp(X_FORWARDED_FOR, (const char *)name) == 0 && value != 0) {
qd_error_t error = get_stream_info_from_hashtable(transport_handle, &stream_info, stream_id);
if (error == QD_ERROR_NOT_FOUND) {
qd_log(LOG_HTTP2_DECODER, QD_LOG_ERROR, "[C%"PRIu64"] set_stream_vflow_attribute could not find in the hashtable, stream_id=%" PRIu32, transport_handle->conn_id, stream_id);
Expand All @@ -260,10 +260,16 @@ static int on_header_recv_callback(qd_http2_decoder_connection_t *conn_state,

// const uint8_t *value passed into this function is guaranteed to be NULL-terminated
char value_copy[128];
strncpy(value_copy, (const char *)value, 128);
snprintf(value_copy, sizeof(value_copy), "%s", value);
// Get the first token (left-most)
char *first_token = strtok(value_copy, ",");
vflow_set_string(stream_info->vflow, VFLOW_ATTRIBUTE_SOURCE_HOST, first_token);
char *saveptr = 0;
char *first_token = strtok_r(value_copy, ",", &saveptr);
if (first_token) {
vflow_set_string(stream_info->vflow, VFLOW_ATTRIBUTE_SOURCE_HOST, first_token);
}

// If the first token was 0 or a valid value, we have seen the first x-forwarded-for header
// and will not look again.
stream_info->x_forwarded_for = true;
}
}
Expand Down
67 changes: 66 additions & 1 deletion tests/system_tests_http_observer.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,9 @@ def test_01_get(self):
pages = ['index.html', 't100K.html', 't10K.html', 't1K.html']
for page in pages:
curl_args.append(f"http://localhost:{l_port}/{page}")
curl_args.append('--header')
# Single IP address in a single X-Forwarded-For header
curl_args.append('X-Forwarded-For: 192.168.0.2')
(rc, out, err) = run_curl(args=curl_args)
self.assertEqual(0, rc, f"curl failed: {rc}, {err}, {out}")

Expand All @@ -203,33 +206,91 @@ def test_01_get(self):
"REASON": "OK",
"PROTOCOL": "HTTP/1.1",
"OCTETS": 0,
'SOURCE_HOST': '192.168.0.2',
"OCTETS_REVERSE": 45, # index.html length
'END_TIME': ANY_VALUE}),
('BIFLOW_APP', {"METHOD": "GET",
"RESULT": "200",
"REASON": "OK",
"PROTOCOL": "HTTP/1.1",
'SOURCE_HOST': '192.168.0.2',
"OCTETS": 0,
"OCTETS_REVERSE": 108803, # t100K.html length
'END_TIME': ANY_VALUE}),
('BIFLOW_APP', {"METHOD": "GET",
"RESULT": "200",
"REASON": "OK",
"OCTETS": 0,
'SOURCE_HOST': '192.168.0.2',
"OCTETS_REVERSE": 10972, # t10K.html length
"PROTOCOL": "HTTP/1.1",
'END_TIME': ANY_VALUE}),
('BIFLOW_APP', {'METHOD': "GET",
'RESULT': "200",
'REASON': "OK",
'PROTOCOL': 'HTTP/1.1',
'SOURCE_HOST': '192.168.0.2',
"OCTETS": 0,
"OCTETS_REVERSE": 1188, # t1K.html length
'END_TIME': ANY_VALUE})
]
}
success = retry(lambda: snooper_thread.match_records(expected), delay=1)
self.assertTrue(success, f"Failed to match records {snooper_thread.get_results()}")

page = 'index.html'
curl_args = ['--http1.1', '-G']
curl_args.append(f"http://localhost:{l_port}/{page}")
curl_args.append('--header')
# Comma separated IP addresses in a single X-Forwarded-For header
curl_args.append('X-Forwarded-For: 192.168.0.1, 203.168.2.2')
(rc, out, err) = run_curl(args=curl_args)
self.assertEqual(0, rc, f"curl failed: {rc}, {err}, {out}")

expected = {
"test_01": [
('BIFLOW_APP', {"METHOD": "GET",
"RESULT": "200",
"REASON": "OK",
"PROTOCOL": "HTTP/1.1",
"OCTETS": 0,
'SOURCE_HOST': '192.168.0.1',
"OCTETS_REVERSE": 45, # index.html length
'END_TIME': ANY_VALUE})]
}
success = retry(lambda: snooper_thread.match_records(expected), delay=1)
self.assertTrue(success, f"Failed to match records {snooper_thread.get_results()}")

curl_args = ['--http1.1', '-G']
curl_args.append(f"http://localhost:{l_port}/{page}")
curl_args.append('--header')
# Comma separated IP addresses in multiple X-Forwarded-For headers
curl_args.append('X-Forwarded-For: 192.168.1.7, 123.3234.4565.2323, 123.3234.4565.2323, 123.3234.4565.2323, '
'123.3234.4565.2323, 123.3234.4565.2323, 123.3234.4565.2323, 123.3234.4565.2323, '
'123.3234.4565.2323, 123.3234.4565.2323, 123.3234.4565.2323, 123.3234.4565.2323, '
'123.3234.4565.2323, 123.3234.4565.2323')
curl_args.append('--header')
curl_args.append('X-Forwarded-For: 2001:db8:85a3:8d3:1319:8a2e:370:7348, 207.168.2.2')
curl_args.append('--header')
curl_args.append('X-Forwarded-For: 2003:db9:85a3:8d5:1318:8a2e:370:6322, 207.168.2.1')

(rc, out, err) = run_curl(args=curl_args)
self.assertEqual(0, rc, f"curl failed: {rc}, {err}, {out}")

expected = {
"test_01": [
('BIFLOW_APP', {"METHOD": "GET",
"RESULT": "200",
"REASON": "OK",
"PROTOCOL": "HTTP/1.1",
"OCTETS": 0,
'SOURCE_HOST': '192.168.1.7',
"OCTETS_REVERSE": 45, # index.html length
'END_TIME': ANY_VALUE})]
}
success = retry(lambda: snooper_thread.match_records(expected), delay=1)
self.assertTrue(success, f"Failed to match records {snooper_thread.get_results()}")

router.teardown()
snooper_thread.join(timeout=TIMEOUT)

Expand Down Expand Up @@ -555,7 +616,11 @@ def test_head_request(self):
# Pass traffic with many comma separated X-Forwarded-For headers:
_, out, _ = run_local_curl(get_address(self.router_qdra),
args=['--head', '--header',
'X-Forwarded-For: 192.168.1.7, 203.168.2.2',
'X-Forwarded-For: 192.168.1.7, 123.3234.4565.2323, 123.3234.4565.2323, '
'123.3234.4565.2323, 123.3234.4565.2323, 123.3234.4565.2323, '
'123.3234.4565.2323, 123.3234.4565.2323, 123.3234.4565.2323, '
'123.3234.4565.2323, 123.3234.4565.2323, 123.3234.4565.2323, '
'123.3234.4565.2323, 123.3234.4565.2323',
'--header',
'X-Forwarded-For: 2001:db8:85a3:8d3:1319:8a2e:370:7348, 207.168.2.2',
'--header',
Expand Down
Loading