This is an automated email from the ASF dual-hosted git repository.

alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git


The following commit(s) were added to refs/heads/master by this push:
     new 605e17151 [rpc] detect HTTP client on RPC port
605e17151 is described below

commit 605e171515ec251d9741e09de0a5a08814705e5b
Author: Alexey Serbin <[email protected]>
AuthorDate: Tue Sep 19 11:58:55 2023 -0700

    [rpc] detect HTTP client on RPC port
    
    Widen the list of HTTP requests [1] to report in the log when an HTTP
    client tries to connect to the RPC port.  Also, output the first four
    bytes from the connection negotiation data if they don't match the
    expected "hrpc" magic.
    
    I also did a few other minor updates.
    
    This is a follow-up to 45a970a490b72b12af7fa0596bac9b0d80604b5b.
    
    [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods
    
    Change-Id: I8dd040eb78dbe38ab258449302fb48ce5432379f
    Reviewed-on: http://gerrit.cloudera.org:8080/20493
    Tested-by: Kudu Jenkins
    Reviewed-by: Yingchun Lai <[email protected]>
---
 src/kudu/rpc/serialization.cc | 36 ++++++++++++++++++++++++++----------
 1 file changed, 26 insertions(+), 10 deletions(-)

diff --git a/src/kudu/rpc/serialization.cc b/src/kudu/rpc/serialization.cc
index b8454070d..40d823ba0 100644
--- a/src/kudu/rpc/serialization.cc
+++ b/src/kudu/rpc/serialization.cc
@@ -190,27 +190,43 @@ Status ValidateConnHeader(const Slice& slice) {
     << "Invalid RPC header length";
 
   // validate actual magic
-  if (!slice.starts_with(kMagicNumber)) {
-    if (slice.starts_with("GET ") ||
+  if (PREDICT_FALSE(!slice.starts_with(kMagicNumber))) {
+    // Check if that's an HTTP request sent by mistake (misconfiguration, etc.)
+    // to the RPC port. There might be network monitoring tools that might send
+    // HTTP requests as well to TCP ports they detect or otherwise know about.
+    //
+    // The list of possible HTTP requests [1] is ordered
+    // by the empirical and perceived likelihood of receiving one vs another.
+    //
+    // [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods
+    if (slice.starts_with("GET") ||
+        slice.starts_with("HEAD") ||
+        slice.starts_with("OPTIONS") ||
         slice.starts_with("POST") ||
-        slice.starts_with("HEAD")) {
-      return Status::InvalidArgument("invalid negotation, appears to be an 
HTTP client on "
-                                     "the RPC port");
+        slice.starts_with("CONNECT") ||
+        slice.starts_with("DELETE") ||
+        slice.starts_with("PUT") ||
+        slice.starts_with("PATCH") ||
+        slice.starts_with("TRACE")) {
+      return Status::InvalidArgument(
+          "invalid negotiation, appears to be an HTTP client on the RPC port");
     }
-    return Status::InvalidArgument("connection must begin with magic number", 
kMagicNumber);
+    return Status::InvalidArgument(Substitute(
+        "connection must begin with magic number '$0' not with '$1'",
+        kMagicNumber, slice.ToDebugString(kMagicNumberLength)));
   }
 
-  const uint8_t *data = slice.data();
+  const uint8_t* data = slice.data();
   data += kMagicNumberLength;
 
   // validate version
-  if (data[kHeaderPosVersion] != kCurrentRpcVersion) {
-    return Status::InvalidArgument("Unsupported RPC version",
+  if (PREDICT_FALSE(data[kHeaderPosVersion] != kCurrentRpcVersion)) {
+    return Status::InvalidArgument("unsupported RPC version",
         StringPrintf("Received: %d, Supported: %d",
             data[kHeaderPosVersion], kCurrentRpcVersion));
   }
 
-  // TODO: validate additional header flags:
+  // TODO(mpercy): validate additional header flags:
   // RPC_SERVICE_CLASS
   // RPC_AUTH_PROTOCOL
 

Reply via email to