Skip to content

out_forward: align secure forward handshake and chunk ack with protocol spec [Backport to 4.2]#12052

Merged
cosmo0920 merged 5 commits into
4.2from
forward-enhancements-4.2
Jul 6, 2026
Merged

out_forward: align secure forward handshake and chunk ack with protocol spec [Backport to 4.2]#12052
cosmo0920 merged 5 commits into
4.2from
forward-enhancements-4.2

Conversation

@cosmo0920

Copy link
Copy Markdown
Contributor

Partially backporting of #12037 due to lack of integration testing mechanism on 4.2 branch.


Enter [N/A] in the box, if an item is not applicable to your change.

Testing
Before we can approve your change; please submit the following in a comment:

  • Example configuration file for the change
  • Debug log output from testing the change
  • Attached Valgrind output that shows no leaks or memory corruption was found

If this is a change to packaging of containers or native binaries then please confirm it works for all targets.

  • Run local packaging test showing all targets (including any new ones) build.
  • Set ok-package-test label to test for all targets (requires maintainer to do).

Documentation

  • Documentation required for this feature

Backporting

  • Backport to latest stable release.

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

edsiper added 5 commits July 6, 2026 13:18
The Forward protocol (v1 and v1.5) defines the shared_key handshake as
mutual authentication: the server proves it holds the same shared_key by
returning sha512_hex(shared_key_salt + server_hostname + nonce +
shared_key) in the PONG message.

The client validated only the PONG type and auth_result, so any server
could pass the handshake without knowing the shared_key. Validate the
full PONG shape (exactly 5 fields with the expected types), keep the
HELO nonce across the PONG read, compute the expected server digest and
reject the connection on mismatch.

Signed-off-by: Eduardo Silva <eduardo@chronosphere.io>
username/password authorization is part of the secure forward handshake
which is only attempted when a shared_key is configured. Credentials set
without shared_key or empty_shared_key were silently unused, letting
users believe authentication was enabled when none would happen.

Fail at configuration time instead, matching the fail-close behavior of
in_forward for security.users. Also propagate config_set_properties()
failures in both the simple and HA setup paths, which previously ignored
its return value.

Signed-off-by: Eduardo Silva <eduardo@chronosphere.io>
The Forward protocol (v1 and v1.5) defines the 'chunk' option value as a
Base64 representation of a 128 bits unique id. out_forward sent a
32-character lowercase hex string instead.

Encode the first 16 bytes of the payload SHA512 checksum as Base64 (24
characters). Receivers echo the token byte-for-byte in 'ack', so this
stays interoperable while matching the specified encoding. Rename the
flush context field from checksum_hex to chunk_token and initialize the
formatter-local token buffers.

Signed-off-by: Eduardo Silva <eduardo@chronosphere.io>
When retain_metadata_in_forward_mode is disabled and the transcode to
the older Forward representation fails, the formatter returned success
with an empty options buffer. Return -1 instead and make the flush
callback retry when formatting fails.

Also log the 'chunk' debug message from the produced token only: when
require_ack_response is disabled the output buffer is never written, so
formatter-only paths could print uninitialized stack data.

Signed-off-by: Eduardo Silva <eduardo@chronosphere.io>
Extend the mock secure forward server to complete the handshake and
compute the PONG digest from the captured PING salt. Cover a valid PONG
(data flows), a wrong server digest, a missing digest field and a wrong
digest type (all rejected with no data sent), username/password without
shared_key failing at startup, and update the ack chunk assertion to the
Base64 token format.

Signed-off-by: Eduardo Silva <eduardo@chronosphere.io>
@cosmo0920 cosmo0920 requested a review from edsiper as a code owner July 6, 2026 04:28
@cosmo0920 cosmo0920 added this to the v4.2.7 milestone Jul 6, 2026
@coderabbitai

coderabbitai Bot commented Jul 6, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d2d93bee-204a-487f-9d18-2c3ce55cce8b

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch forward-enhancements-4.2

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 06a270054d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread plugins/out_forward/forward.c
@cosmo0920 cosmo0920 merged commit b6ad96a into 4.2 Jul 6, 2026
54 checks passed
@cosmo0920 cosmo0920 deleted the forward-enhancements-4.2 branch July 6, 2026 05:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants