Created attachment 37857 [details] key line when I use org.apache.catalina.valves.RemoteIpValve to get real protocol from "X-Forwarded-Proto", sometimes it take too many times to search local machine hostname. the thread dump as follows : "http-nio-8080-exec-1" #85 daemon prio=5 os_prio=0 tid=0x00007f0ef8fdd000 nid=0x79 runnable [0x00007f0e8d1d4000] java.lang.Thread.State: RUNNABLE at java.net.Inet4AddressImpl.getHostByAddr(Native Method) at java.net.InetAddress$2.getHostByAddr(InetAddress.java:932) at java.net.InetAddress.getHostFromNameService(InetAddress.java:617) at java.net.InetAddress.getHostName(InetAddress.java:559) at java.net.InetAddress.getHostName(InetAddress.java:531) at org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper.populateLocalName(NioEndpoint.java:1354) at org.apache.tomcat.util.net.SocketWrapperBase.getLocalName(SocketWrapperBase.java:275) at org.apache.coyote.AbstractProcessor.action(AbstractProcessor.java:472) at org.apache.coyote.Request.action(Request.java:432) at org.apache.catalina.connector.Request.getLocalName(Request.java:1331) at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:612) when I see org.apache.catalina.valves.RemoteIpValve in tomcat , getLocalName methord must search ip from machine dnsserver,why this does not check whether it's(enableLookups) on or not ,like line num 663 in this class. the methord getLoaclName alawys call dns to search local ip.
Created attachment 37858 [details] Patch This can be fixed easily, *but* there's a problem. Most often (= always) DNS lookup must be disabled, so then the actual local name is not available anymore. The actual local name could be used a lot more in user code than the remote host name (which if needed is probably coded with DNS resolution) and as a result it could break existing apps. I don't understand why your local name lookup would be so slow.
on my service dns is a must. so I disabled Lookups(default is false) in "server.xml".but in my code used RemoteIpValve class, the methord getLocalName does not on the controll of the "enableLookups=false",this methord alawys do dnslockup.This is not what I expected and It's also an imperfect judgment. so one way I must deprecated to use RemoteIpValve ,one way disable DNS at the system level and edit hosts to suport needed dns. I expect the configuration(enableLookups) to be consistent,It's more rigorous. thanks
As it is right now, the enableLookups flags documentation is accurate: "Set to true if you want calls to request.getRemoteHost() to perform DNS lookups in order to return the actual host name of the remote client. Set to false to skip the DNS lookup and return the IP address in String form instead (thereby improving performance). By default, DNS lookups are disabled." As a result, I think the current behavior of the flag should not be changed. If the local name lookup is really a problem, then a new flag can be introduced. Reading the RemoteIpValve code, saving and restoring the localName is not needed if isChangeLocalName() is false (the default value). Since this has a cost, it's an easy enhancement that I'll do.
thanks,You're right. when the system is configured with DNS, getLocalName will attempt to search for "hostname" using the native IP. This will also use the DNS service, which will occasionally result in a slow query if the system is not configured with DNS cache. You can get the "hostname" efficiently in the simpler way you mentioned, without the DNS query. now I have circumvented this problem by installing the NSCD service.
Fixed RemoteIpValve to avoid using the local host name if not really needed. The change will be in 10.0.7, 9.0.47 and 8.5.67.