diff --git a/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/decorator/http/ClientIpAddressResolver.java b/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/decorator/http/ClientIpAddressResolver.java index c78ece62197..6a4535ba9ac 100644 --- a/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/decorator/http/ClientIpAddressResolver.java +++ b/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/decorator/http/ClientIpAddressResolver.java @@ -92,6 +92,14 @@ private static InetAddress doResolve(AgentSpanContext.Extracted context, Mutable result = coalesce(result, addr); } + addr = tryHeader(context.getForwarded(), FORWARDED_PARSER); + if (addr != null) { + if (!isIpAddrPrivate(addr)) { + return addr; + } + result = coalesce(result, addr); + } + addr = tryHeader(context.getForwardedFor(), PLAIN_IP_ADDRESS_PARSER); if (addr != null) { if (!isIpAddrPrivate(addr)) { diff --git a/dd-java-agent/agent-bootstrap/src/test/groovy/datadog/trace/bootstrap/instrumentation/decorator/http/ClientIpAddressResolverSpecification.groovy b/dd-java-agent/agent-bootstrap/src/test/groovy/datadog/trace/bootstrap/instrumentation/decorator/http/ClientIpAddressResolverSpecification.groovy index 29e12001bc4..fbc26ab4cd8 100644 --- a/dd-java-agent/agent-bootstrap/src/test/groovy/datadog/trace/bootstrap/instrumentation/decorator/http/ClientIpAddressResolverSpecification.groovy +++ b/dd-java-agent/agent-bootstrap/src/test/groovy/datadog/trace/bootstrap/instrumentation/decorator/http/ClientIpAddressResolverSpecification.groovy @@ -70,6 +70,22 @@ class ClientIpAddressResolverSpecification extends Specification { 'fastly-client-ip' | '3.3.3.3' | '3.3.3.3' 'cf-connecting-ip' | '4.4.4.4' | '4.4.4.4' 'cf-connecting-ipv6' | '2001::2' | '2001::2' + + 'forwarded' | 'for="[2001::1]:1111"' | '2001::1' + 'forwarded' | 'fOr="[2001::1]:1111"' | '2001::1' + 'forwarded' | 'for=some_host' | null + 'forwarded' | 'for=127.0.0.1, FOR=1.1.1.1' | '1.1.1.1' + 'forwarded' |'for="\"foobar";proto=http,FOR="1.1.1.1"' | '1.1.1.1' + 'forwarded' | 'for="8.8.8.8:2222",' | '8.8.8.8' + 'forwarded' | 'for="8.8.8.8' | null // quote not closed + 'forwarded' | 'far="8.8.8.8",for=4.4.4.4;' | '4.4.4.4' + 'forwarded' | ' for=127.0.0.1,for= for=,for=;"for = for="" ,; for=8.8.8.8;' | '8.8.8.8' + 'forwarded' | 'for=192.0.2.60;proto=http;by=203.0.113.43' | '192.0.2.60' + 'forwarded' | 'For="[2001:db8:cafe::17]:4711"' | '2001:db8:cafe::17' + 'forwarded' | 'for=192.0.2.43;proto=https;by=203.0.113.43' | '192.0.2.43' + 'forwarded' | 'for="_gazonk"' | null + 'forwarded' | 'for=unknown, for=8.8.8.8' | '8.8.8.8' + 'forwarded' | 'for="[::ffff:192.0.2.128]";proto=http' | '192.0.2.128' } void 'test recognition strategy with custom header'() { @@ -110,6 +126,9 @@ class ClientIpAddressResolverSpecification extends Specification { then: 1 * context.getXClientIp() >> null + then: + 1 * context.getForwarded() >> null + then: 1 * context.getForwardedFor() >> null @@ -162,6 +181,7 @@ class ClientIpAddressResolverSpecification extends Specification { 1 * context.getXForwardedFor() >> '127.0.0.1' 1 * context.getXRealIp() >> '127.0.0.2' 1 * context.getXClientIp() >> '127.0.0.3' + 1 * context.getForwarded() >> 'for=127.0.0.4' 1 * context.getXClusterClientIp() >> '127.0.0.5' 1 * context.getForwardedFor() >> '127.0.0.6' 1 * context.getTrueClientIp() >> '127.0.0.9' diff --git a/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/B3HttpExtractorTest.groovy b/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/B3HttpExtractorTest.groovy index 513628c9498..ce4eb188e5b 100644 --- a/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/B3HttpExtractorTest.groovy +++ b/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/B3HttpExtractorTest.groovy @@ -367,6 +367,7 @@ class B3HttpExtractorTest extends DDSpecification { (HttpCodec.X_CLIENT_IP_KEY): '3.3.3.3', (HttpCodec.TRUE_CLIENT_IP_KEY): '4.4.4.4', (HttpCodec.FORWARDED_FOR_KEY): '5.5.5.5', + (HttpCodec.FORWARDED_KEY): '6.6.6.6', (HttpCodec.FASTLY_CLIENT_IP_KEY): '7.7.7.7', (HttpCodec.CF_CONNECTING_IP_KEY): '8.8.8.8', (HttpCodec.CF_CONNECTING_IP_V6_KEY): '9.9.9.9', @@ -382,6 +383,7 @@ class B3HttpExtractorTest extends DDSpecification { assert context.XClientIp == '3.3.3.3' assert context.trueClientIp == '4.4.4.4' assert context.forwardedFor == '5.5.5.5' + assert context.forwarded == '6.6.6.6' assert context.fastlyClientIp == '7.7.7.7' assert context.cfConnectingIp == '8.8.8.8' assert context.cfConnectingIpv6 == '9.9.9.9' diff --git a/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/DatadogHttpExtractorTest.groovy b/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/DatadogHttpExtractorTest.groovy index c8d7c905694..4541d264cfa 100644 --- a/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/DatadogHttpExtractorTest.groovy +++ b/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/DatadogHttpExtractorTest.groovy @@ -438,6 +438,7 @@ class DatadogHttpExtractorTest extends DDSpecification { (HttpCodec.X_CLIENT_IP_KEY): '3.3.3.3', (HttpCodec.TRUE_CLIENT_IP_KEY): '4.4.4.4', (HttpCodec.FORWARDED_FOR_KEY): '5.5.5.5', + (HttpCodec.FORWARDED_KEY): '6.6.6.6', (HttpCodec.FASTLY_CLIENT_IP_KEY): '7.7.7.7', (HttpCodec.CF_CONNECTING_IP_KEY): '8.8.8.8', (HttpCodec.CF_CONNECTING_IP_V6_KEY): '9.9.9.9', @@ -453,6 +454,7 @@ class DatadogHttpExtractorTest extends DDSpecification { assert context.XClientIp == '3.3.3.3' assert context.trueClientIp == '4.4.4.4' assert context.forwardedFor == '5.5.5.5' + assert context.forwarded == '6.6.6.6' assert context.fastlyClientIp == '7.7.7.7' assert context.cfConnectingIp == '8.8.8.8' assert context.cfConnectingIpv6 == '9.9.9.9' diff --git a/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/HaystackHttpExtractorTest.groovy b/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/HaystackHttpExtractorTest.groovy index 06d3fe492db..b3b7080cf14 100644 --- a/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/HaystackHttpExtractorTest.groovy +++ b/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/HaystackHttpExtractorTest.groovy @@ -300,6 +300,7 @@ class HaystackHttpExtractorTest extends DDSpecification { (HttpCodec.X_CLIENT_IP_KEY): '3.3.3.3', (HttpCodec.TRUE_CLIENT_IP_KEY): '4.4.4.4', (HttpCodec.FORWARDED_FOR_KEY): '5.5.5.5', + (HttpCodec.FORWARDED_KEY): '6.6.6.6', (HttpCodec.FASTLY_CLIENT_IP_KEY): '7.7.7.7', (HttpCodec.CF_CONNECTING_IP_KEY): '8.8.8.8', (HttpCodec.CF_CONNECTING_IP_V6_KEY): '9.9.9.9', @@ -315,6 +316,7 @@ class HaystackHttpExtractorTest extends DDSpecification { assert context.XClientIp == '3.3.3.3' assert context.trueClientIp == '4.4.4.4' assert context.forwardedFor == '5.5.5.5' + assert context.forwarded == '6.6.6.6' assert context.fastlyClientIp == '7.7.7.7' assert context.cfConnectingIp == '8.8.8.8' assert context.cfConnectingIpv6 == '9.9.9.9' diff --git a/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/NoneHttpExtractorTest.groovy b/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/NoneHttpExtractorTest.groovy index 516fa007964..29295b3b584 100644 --- a/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/NoneHttpExtractorTest.groovy +++ b/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/NoneHttpExtractorTest.groovy @@ -303,6 +303,7 @@ class NoneHttpExtractorTest extends DDSpecification { (HttpCodec.X_CLIENT_IP_KEY): '3.3.3.3', (HttpCodec.TRUE_CLIENT_IP_KEY): '4.4.4.4', (HttpCodec.FORWARDED_FOR_KEY): '5.5.5.5', + (HttpCodec.FORWARDED_KEY): '6.6.6.6', (HttpCodec.FASTLY_CLIENT_IP_KEY): '7.7.7.7', (HttpCodec.CF_CONNECTING_IP_KEY): '8.8.8.8', (HttpCodec.CF_CONNECTING_IP_V6_KEY): '9.9.9.9', @@ -318,6 +319,7 @@ class NoneHttpExtractorTest extends DDSpecification { assert context.XClientIp == '3.3.3.3' assert context.trueClientIp == '4.4.4.4' assert context.forwardedFor == '5.5.5.5' + assert context.forwarded == '6.6.6.6' assert context.fastlyClientIp == '7.7.7.7' assert context.cfConnectingIp == '8.8.8.8' assert context.cfConnectingIpv6 == '9.9.9.9' diff --git a/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/W3CHttpExtractorTest.groovy b/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/W3CHttpExtractorTest.groovy index d82b9b56fca..a0c7e7ee01b 100644 --- a/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/W3CHttpExtractorTest.groovy +++ b/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/W3CHttpExtractorTest.groovy @@ -365,6 +365,7 @@ class W3CHttpExtractorTest extends DDSpecification { (HttpCodec.X_CLIENT_IP_KEY): '3.3.3.3', (HttpCodec.TRUE_CLIENT_IP_KEY): '4.4.4.4', (HttpCodec.FORWARDED_FOR_KEY): '5.5.5.5', + (HttpCodec.FORWARDED_KEY): '6.6.6.6', (HttpCodec.FASTLY_CLIENT_IP_KEY): '7.7.7.7', (HttpCodec.CF_CONNECTING_IP_KEY): '8.8.8.8', (HttpCodec.CF_CONNECTING_IP_V6_KEY): '9.9.9.9', @@ -380,6 +381,7 @@ class W3CHttpExtractorTest extends DDSpecification { assert context.XClientIp == '3.3.3.3' assert context.trueClientIp == '4.4.4.4' assert context.forwardedFor == '5.5.5.5' + assert context.forwarded == '6.6.6.6' assert context.fastlyClientIp == '7.7.7.7' assert context.cfConnectingIp == '8.8.8.8' assert context.cfConnectingIpv6 == '9.9.9.9' diff --git a/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/XRayHttpExtractorTest.groovy b/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/XRayHttpExtractorTest.groovy index b45c655cae6..78b6d5c60d5 100644 --- a/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/XRayHttpExtractorTest.groovy +++ b/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/XRayHttpExtractorTest.groovy @@ -256,6 +256,7 @@ class XRayHttpExtractorTest extends DDSpecification { (HttpCodec.X_CLIENT_IP_KEY): '3.3.3.3', (HttpCodec.TRUE_CLIENT_IP_KEY): '4.4.4.4', (HttpCodec.FORWARDED_FOR_KEY): '5.5.5.5', + (HttpCodec.FORWARDED_KEY): '6.6.6.6', (HttpCodec.FASTLY_CLIENT_IP_KEY): '7.7.7.7', (HttpCodec.CF_CONNECTING_IP_KEY): '8.8.8.8', (HttpCodec.CF_CONNECTING_IP_V6_KEY): '9.9.9.9', @@ -271,6 +272,7 @@ class XRayHttpExtractorTest extends DDSpecification { assert context.XClientIp == '3.3.3.3' assert context.trueClientIp == '4.4.4.4' assert context.forwardedFor == '5.5.5.5' + assert context.forwarded == '6.6.6.6' assert context.fastlyClientIp == '7.7.7.7' assert context.cfConnectingIp == '8.8.8.8' assert context.cfConnectingIpv6 == '9.9.9.9'