dajac commented on a change in pull request #9628:
URL: https://github.com/apache/kafka/pull/9628#discussion_r537615504
##########
File path: core/src/main/scala/kafka/admin/ConfigCommand.scala
##########
@@ -864,11 +885,21 @@ object ConfigCommand extends Config {
}
}
+ if (hasEntityName && entityTypeVals.contains(ConfigType.Ip)) {
+ Seq(entityName,
ip).filter(options.has(_)).map(options.valueOf(_)).foreach { ipAddress =>
+ if (!Utils.validHostPattern(ipAddress))
Review comment:
I think that we also permit hosts in our case as `InetAddress.getByName`
resolves names that are not IP addresses. The issue is that
`Utils.validHostPattern` is just a regex so it does not validate much.
`max.connections.per.ip` is validated in two phases. The code that you
outlines is from the `KafkaConfig`. I suppose that we do a lightweight
verification there in order to avoid doing any DNS resolution while parsing the
config. This is later complemented in the socket server.
```
private[network] def updateMaxConnectionsPerIpOverride(overrideQuotas:
Map[String, Int]): Unit = {
maxConnectionsPerIpOverrides = overrideQuotas.map { case (host, count)
=> (InetAddress.getByName(host), count) }
}
```
In our case, it is important to remain consistent everywhere.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
