The ServletServerHttpRequest#getRemoteAddress method may perform a DNS lookup in certain scenarios (and same goes for its reactive counterpart).

If the underlying jakarta.servlet.ServletRequest#getRemoteHost implementation does a DNS lookup (as it is allowed, but not required to do), then calling ServletServerHttpRequest#getRemoteAddress will also do a DNS lookup. ServletServerHttpRequest#getRemoteAddress is for example called by Spring's ForwardedHeaderFilter.

As the ServletServerHttpRequest#getRemoteAddress return type is InetSocketAddress it feels like doing DNS resolution is quite pointless in general.

I have been trying to extract a minimal reproducer but I'm having some trouble getting it reproduced in a minimal setting. It might involve WebSocket via JSR 356 using Atmosphere and Jetty as the servlet container.

Similar to #28280.

Comment From: slovdahl

Quoting https://github.com/spring-projects/spring-framework/issues/28280#issuecomment-1250860392

The AbstractStandardUpgradeStrategy still tries to get InetSocketAddresses during upgrade:

``` @Override public void upgrade(ServerHttpRequest request, ServerHttpResponse response, @Nullable String selectedProtocol, List selectedExtensions, @Nullable Principal user, WebSocketHandler wsHandler, Map attrs) throws HandshakeFailureException {

  HttpHeaders headers = request.getHeaders();
  InetSocketAddress localAddr = null;
  try {
      localAddr = request.getLocalAddress();
  }
  catch (Exception ex) {
      // Ignore
  }
  InetSocketAddress remoteAddr = null;
  try {
      remoteAddr = request.getRemoteAddress();
  }
  catch (Exception ex) {
      // Ignore
  }

and ServerHttpRequest uses constructor of InetSocketAddress, which performs DNS lookup: @Override public InetSocketAddress getLocalAddress() { return new InetSocketAddress(this.servletRequest.getLocalAddr(), this.servletRequest.getLocalPort()); }

@Override public InetSocketAddress getRemoteAddress() { return new InetSocketAddress(this.servletRequest.getRemoteHost(), this.servletRequest.getRemotePort()); } ``` (checked on spring 5.3.20 and java 17)

Comment From: github-actions[bot]

Fixed via 2c831449464d677b2a865ad02718994b3c69a338

Comment From: slovdahl

Thanks a lot @rstoyanchev for fixing this so quickly, much appreciated!

Comment From: rstoyanchev

I've made an an adjustment to fall back remoteHost if the remoteAddress is null for any reason. We've run into internal test failures, and although I'm not sure if that can happen at runtime, it doesn't hurt to have a fallback since otherwise the null address results an IllegalArgumentException.