the channel handlers deal with FullHttpMessage, switch the type to make it clear

kroepke · kroepke · commit c8e9d86e77ad · 2025-06-23T12:54:30.000+02:00
FullHttpMessage objects need to be retained, because they contain the body as well (the reason we switched the type)
guard against invalid ip literals and log a warning in case we cannot parse the ip address
debug log if we don't know any relaying proxy
diff --git a/graylog2-server/src/main/java/org/graylog2/inputs/transports/netty/HttpForwardedForHandler.java b/graylog2-server/src/main/java/org/graylog2/inputs/transports/netty/HttpForwardedForHandler.java
@@ -22,8 +22,10 @@
 import com.google.common.net.InetAddresses;
 import io.netty.channel.ChannelHandlerContext;
 import io.netty.channel.SimpleChannelInboundHandler;
+import io.netty.handler.codec.http.FullHttpRequest;
 import io.netty.handler.codec.http.HttpHeaders;
 import io.netty.handler.codec.http.HttpRequest;
+import io.netty.util.ReferenceCountUtil;
 import org.graylog2.utilities.IpSubnet;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -39,7 +41,7 @@
 import java.util.Set;
 import java.util.stream.Collectors;
 
-public class HttpForwardedForHandler extends SimpleChannelInboundHandler<HttpRequest> {
+public class HttpForwardedForHandler extends SimpleChannelInboundHandler<FullHttpRequest> {
     private static final Logger LOG = LoggerFactory.getLogger(HttpForwardedForHandler.class);
 
     // Splits comma-separated forwarded-elements
@@ -81,7 +83,7 @@ public HttpForwardedForHandler(boolean enableForwardedFor, boolean enableRealIpH
     }
 
     @Override
-    protected void channelRead0(ChannelHandlerContext ctx, HttpRequest msg) throws Exception {
+    protected void channelRead0(ChannelHandlerContext ctx, FullHttpRequest msg) throws Exception {
         String originalIp = null;
 
         // if we choose to trust X-Forwarded-For or Forwarded headers
@@ -149,10 +151,16 @@ protected void channelRead0(ChannelHandlerContext ctx, HttpRequest msg) throws E
             if (!InetAddresses.isInetAddress(originalIp)) {
                 LOG.warn("Ignoring non-literal IP value for original IP address: {}", originalIp);
             }
-            final InetAddress inetAddress = InetAddresses.forString(originalIp);
-            ctx.channel().attr(RawMessageHandler.ORIGINAL_IP_KEY).setIfAbsent(new InetSocketAddress(inetAddress, 0));
+            try {
+                final InetAddress inetAddress = InetAddresses.forString(originalIp);
+                ctx.channel().attr(RawMessageHandler.ORIGINAL_IP_KEY).setIfAbsent(new InetSocketAddress(inetAddress, 0));
+            } catch (IllegalArgumentException e) {
+                LOG.warn("The address extracted for forwarded IP address is not a valid IP literal: {}", originalIp);
+            }
         }
-        ctx.fireChannelRead(msg);
+        // our http channel handlers are using FullHttpMessage instances, so we need to retain them, even though we are
+        // only using header values here (otherwise we'll get ref count exceptions upstream)
+        ctx.fireChannelRead(msg.retain());
     }
 
     private Optional<String> findOriginalIpAndCheckProxies(List<String> ipChain) throws UnknownHostException {
@@ -164,6 +172,9 @@ private Optional<String> findOriginalIpAndCheckProxies(List<String> ipChain) thr
                 LOG.debug("Ignoring invalid X-Forwarded-For header, list of proxies is empty");
                 return Optional.empty();
             } else {
+                if (!iterator.hasNext()) {
+                    LOG.debug("Forwarded-For list only contains a single entry, cannot check relaying proxy addresses.");
+                }
                 // go through the remainder of the list, which should all be proxy addresses we trust
                 // if we hit one that we don't trust, bail out and don't use the candidate IP
                 while (iterator.hasNext()) {
