Details
-
Improvement
-
Status: Needs Committer
-
Low
-
Resolution: Unresolved
-
None
-
Operability
-
Low Hanging Fruit
-
All
-
None
-
Description
Similar to CASSANDRA-18839, we frequently see the exception InvalidLegacyProtocolMagic with full stack traces flooding our logs. These are due to Qualys vulnerability scans.
It seem to be a simple check in Message.java and would be better handled by:
a) returning a boolean from validateLegacyProtocolMagic() -> hasValidLegacyProtocolMagic() instead of creating a custom exception class or
b) adding a catch block in HandshakeProtocol.java and return null as is done for messagingVersion
static Initiate maybeDecode(ByteBuf buf) throws IOException { ... try (DataInputBuffer in = new DataInputBuffer(nio, false)) { validateLegacyProtocolMagic(in.readInt()); // throws exception int flags = in.readInt(); // legacy pre40 messagingVersion flag if (getBits(flags, 8, 8) < VERSION_40) return null; int minMessagingVersion = getBits(flags, 16, 8); int maxMessagingVersion = getBits(flags, 24, 8); // 5.0+ does not support pre40 if (maxMessagingVersion < MessagingService.VERSION_40) return null; .... } catch (EOFException e) { return null; } }
static void validateLegacyProtocolMagic(int magic) throws InvalidLegacyProtocolMagic { if (magic != PROTOCOL_MAGIC) throw new InvalidLegacyProtocolMagic(magic); }
{{2024-03-20 03:47:27,380 [ERROR] [Messaging-EventLoop-3-2] cluster_id=9 ip_address=10.0.0.1 InboundConnectionInitiator.java:360 - Failed to properly handshake with peer /10.0.2:33356. Closing the channel.}} {{io.netty.handler.codec.DecoderException: org.apache.cassandra.net.Message$InvalidLegacyProtocolMagic: Read 1431520594, Expected -900387334}} {{ at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478)}} {{ at io.netty.handler.codec.ByteToMessageDecoder.channelInputClosed(ByteToMessageDecoder.java:404)}} {{ at io.netty.handler.codec.ByteToMessageDecoder.channelInputClosed(ByteToMessageDecoder.java:371)}} {{ at io.netty.handler.codec.ByteToMessageDecoder.channelInactive(ByteToMessageDecoder.java:354)}} {{ at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:262)}} {{ at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:248)}} {{ at io.netty.channel.AbstractChannelHandlerContext.fireChannelInactive(AbstractChannelHandlerContext.java:241)}} {{ at io.netty.channel.DefaultChannelPipeline$HeadContext.channelInactive(DefaultChannelPipeline.java:1405)}} {{ at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:262)}} {{ at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:248)}} {{ at io.netty.channel.DefaultChannelPipeline.fireChannelInactive(DefaultChannelPipeline.java:901)}} {{ at io.netty.channel.AbstractChannel$AbstractUnsafe$8.run(AbstractChannel.java:819)}} {{ at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:164)}} {{ at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:472)}} {{ at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:384)}} {{ at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)}} {{ at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)}} {{ at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)}} {{ at java.base/java.lang.Thread.run(Thread.java:834)}} {{Caused by: org.apache.cassandra.net.Message$InvalidLegacyProtocolMagic: Read 1431520594, Expected -900387334}} {{ at org.apache.cassandra.net.Message.validateLegacyProtocolMagic(Message.java:343)}} {{ at org.apache.cassandra.net.HandshakeProtocol$Initiate.maybeDecode(HandshakeProtocol.java:167)}} {{ at org.apache.cassandra.net.InboundConnectionInitiator$Handler.initiate(InboundConnectionInitiator.java:242)}} {{ at org.apache.cassandra.net.InboundConnectionInitiator$Handler.decode(InboundConnectionInitiator.java:235)}} {{ at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508)}} {{ at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447)}} {{ ... 18 common frames omitted}}
Attachments
Issue Links
- relates to
-
CASSANDRA-16859 allow blocking IPs from updating metrics about traffic
- Resolved
- links to