Skip to content

fix(envoy-plugin): Source IP address resolution now uses x-forwarded-for header#38

Merged
PrimalPimmy merged 2 commits into5GSEC:mainfrom
anurag-rajawat:fix-source-ip
Feb 14, 2025
Merged

fix(envoy-plugin): Source IP address resolution now uses x-forwarded-for header#38
PrimalPimmy merged 2 commits into5GSEC:mainfrom
anurag-rajawat:fix-source-ip

Conversation

@anurag-rajawat
Copy link
Contributor

@anurag-rajawat anurag-rajawat commented Feb 13, 2025
edited
Loading

Description

Fixes # (issue)
This PR fixes the plugin to use the x-forwarded-for header to determine the real client (source) IP address. If x-forwarded-for is not present, the source address is used as a fallback.

Does this PR introduce a breaking change?
No.

Checklist

  • PR title follows the <type>: <description> convention.
  • I use conventional commits in my commit messages.
  • I have updated the documentation accordingly.
  • I Keep It Small and Simple: The smaller the PR is, the easier it is to review and have it merged.
  • I have performed a self-review of my code.
  • I have added tests that prove my fix is effective or that my feature works.
  • New and existing unit tests pass locally with my changes.

Additional information for reviewer

Sample Event, some fields are removed for brevity:

{
 "metadata": {
  "context_id": 27,
  "timestamp": 1739469010,
  "receiver_name": "Istio",
  "receiver_version": "1.23.2"
 },
 "source": {
  "ip": "2401:4900:1c7a:133f:369c:76b3:ccb3:2e15",
  "port": 62213
 },
 "destination": {
  "ip": "10.244.0.43",
  "port": 8443
 },
 "request": {
  "headers": {
   "x-forwarded-for": "2401:4900:1c7a:133f:369c:76b3:ccb3:2e15,10.7.0.15",
   "x-forwarded-proto": "https",
   "x-request-id": "7ee7a9f8-87bf-406d-9b08-f2720ed3f585"
  }
 },
 "protocol": "HTTP/2"
}

Mention if this PR is part of any design or a continuation of previous PRs

@anurag-rajawat anurag-rajawat self-assigned this Feb 13, 2025
@anurag-rajawat anurag-rajawat added the bug Something isn't working label Feb 13, 2025
@anurag-rajawat anurag-rajawat force-pushed the fix-source-ip branch 5 times, most recently from 0c1bc49 to 10d263e Compare February 13, 2025 17:50
@anurag-rajawat
fix(envoy-plugin): Source and Destination IP address resolution
47e9853 
Signed-off-by: Anurag Singh Rajawat <anuragsinghrajawat22@gmail.com>
@anurag-rajawat
chore(envoy-plugin): Update receiver fields in metadata
fcf3033 
Signed-off-by: Anurag Singh Rajawat <anuragsinghrajawat22@gmail.com>
PrimalPimmy
PrimalPimmy approved these changes Feb 14, 2025
View reviewed changes
Copy link
Member

@PrimalPimmy PrimalPimmy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@PrimalPimmy PrimalPimmy merged commit 9cc91a8 into 5GSEC:main Feb 14, 2025
5 checks passed
@anurag-rajawat anurag-rajawat deleted the fix-source-ip branch February 14, 2025 06:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PrimalPimmy PrimalPimmy PrimalPimmy approved these changes

@daemon1024 daemon1024 Awaiting requested review from daemon1024

Assignees

@anurag-rajawat anurag-rajawat

Labels

bug Something isn't working

Projects

SentryFlow
Status: ✅ Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@anurag-rajawat @PrimalPimmy