From cb480aee7df15566a7ff1cf918ed79b4e9c01bfd Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Fri, 31 Mar 2023 14:10:56 +0200
Subject: [thrift] Show source IP address for "payload too big" fails

---
 .../openslx/thrifthelper/TBinaryProtocolSafe.java  | 47 ++++++++++++++++++----
 1 file changed, 39 insertions(+), 8 deletions(-)

diff --git a/src/main/java/org/openslx/thrifthelper/TBinaryProtocolSafe.java b/src/main/java/org/openslx/thrifthelper/TBinaryProtocolSafe.java
index 0f96788..c3f4763 100644
--- a/src/main/java/org/openslx/thrifthelper/TBinaryProtocolSafe.java
+++ b/src/main/java/org/openslx/thrifthelper/TBinaryProtocolSafe.java
@@ -1,19 +1,26 @@
 package org.openslx.thrifthelper;
 
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.SocketAddress;
 import java.net.SocketException;
 import java.nio.ByteBuffer;
 import java.nio.charset.StandardCharsets;
 
 import javax.net.ssl.SSLException;
 
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 import org.apache.thrift.TException;
 import org.apache.thrift.protocol.TBinaryProtocol;
 import org.apache.thrift.protocol.TMessage;
 import org.apache.thrift.protocol.TProtocol;
 import org.apache.thrift.protocol.TProtocolException;
 import org.apache.thrift.protocol.TProtocolFactory;
+import org.apache.thrift.transport.TSocket;
 import org.apache.thrift.transport.TTransport;
 import org.apache.thrift.transport.TTransportException;
+import org.apache.thrift.transport.layered.TLayeredTransport;
 
 /**
  * Binary protocol implementation for thrift.
@@ -22,6 +29,9 @@ import org.apache.thrift.transport.TTransportException;
  */
 public class TBinaryProtocolSafe extends TBinaryProtocol
 {
+
+	private final static Logger LOGGER = LogManager.getLogger( ThriftHandler.class );
+
 	/**
 	 * Factory
 	 */
@@ -71,7 +81,7 @@ public class TBinaryProtocolSafe extends TBinaryProtocol
 	/*
 	 * Reading methods.
 	 */
-	
+
 	@Override
 	public TMessage readMessageBegin() throws TException
 	{
@@ -84,12 +94,13 @@ public class TBinaryProtocolSafe extends TBinaryProtocol
 				String m = e.getCause().getMessage();
 				// We still want SSL errors that help diagnosing more specific SSL errors that relate to actual
 				// SSL handshake attempts, like incompatible TLS versions or ciphers.
-				if ( m.contains( "Remote host terminated the handshake" )
-						|| m.contains( "Unsupported or unrecognized SSL message" ) ) {
-					// Fake an END_OF_FILE exception, as the logException() method in the server class will
-					// ignore there. Let's hope it will stay ignored in the future.
-					throw new TTransportException( TTransportException.END_OF_FILE );
+				if ( !m.contains( "Remote host terminated the handshake" )
+						&& !m.contains( "Unsupported or unrecognized SSL message" ) ) {
+					LOGGER.warn( getIp() + m );
 				}
+				// Fake an END_OF_FILE exception, as the logException() method in the server class will
+				// ignore there. Let's hope it will stay ignored in the future.
+				throw new TTransportException( TTransportException.END_OF_FILE );
 			} else if ( e.getCause() instanceof SocketException
 					&& ( e.getCause().getMessage().contains( " timed out" ) || e.getCause().getMessage().contains( "Connection reset" ) ) ) {
 				// Faaaake
@@ -102,7 +113,7 @@ public class TBinaryProtocolSafe extends TBinaryProtocol
 			throw e;
 		}
 		if ( size > maxLen )
-			throw new TProtocolException( TProtocolException.SIZE_LIMIT, "Payload too big." );
+			throw new TProtocolException( TProtocolException.SIZE_LIMIT, getIp() + "Payload too big." );
 		if ( size < 0 ) {
 			int version = size & VERSION_MASK;
 			if ( version != VERSION_1 ) {
@@ -117,6 +128,27 @@ public class TBinaryProtocolSafe extends TBinaryProtocol
 		}
 	}
 
+	private String getIp()
+	{
+		TTransport t = trans_;
+		while ( t instanceof TLayeredTransport ) {
+			t = ( (TLayeredTransport)t ).getInnerTransport();
+		}
+		InetAddress ia = null;
+		if ( t instanceof TSocket ) {
+			SocketAddress sa = ( (TSocket)t ).getSocket().getRemoteSocketAddress();
+			if ( sa != null && ( sa instanceof InetSocketAddress ) )
+				ia = ( (InetSocketAddress)sa ).getAddress();
+			if ( ia == null )
+				ia = ( (TSocket)t ).getSocket().getInetAddress();
+		} else {
+			LOGGER.debug( "getIp(" + t.getClass().getSimpleName() + ")" );
+		}
+		if ( ia == null )
+			return "";
+		return ia.getHostAddress() + ": ";
+	}
+
 	@Override
 	public String readString() throws TException
 	{
@@ -150,4 +182,3 @@ public class TBinaryProtocolSafe extends TBinaryProtocol
 	}
 
 }
-
-- 
cgit v1.2.3-55-g7522