Add lookup_private_addresses option to GeoIP processor for internal I…

[srikanthpadakanti]

Description

The GeoIP processor currently rejects all private IP addresses, which blocks users who enrich custom MMDB files with internal IPAM data (office, datacenter, department info) from using the processor for internal network traffic like NetFlow or audit logs.

This adds a lookup_private_addresses config option (default false) to the geoip processor. When set to true, private and loopback addresses are accepted for enrichment instead of being filtered out.

  processor:
    - geoip:
        lookup_private_addresses: true
        entries:
          - source: "/srcIP"
            target: "/geo"

Three production files changed, three test files updated. No new dependencies. Fully backward compatible since the default is false.

Issues Resolved

Resolves #6079
#6079

Check List

• [ X ] New functionality includes testing.
• New functionality has a documentation issue. Please link to it in this PR.
• [ X ] New functionality has javadoc added
• [ X ] Commits are signed with a real name per the DCO

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[srikanthpadakanti]

Hi @dlvenable Please review this. Thanks.

[dlvenable]

I think this is a better name than the one from #6769.

The verb here is right - lookup. But we should aim for some consistency with the Confluence change.

See:

https://github.com/opensearch-project/data-prepper/pull/6769/changes#r3196227674

[srikanthpadakanti]

Kept as lookup_private_addresses — semantically distinct from the Confluence allow_internal_address since this controls MMDB lookup passthrough, not network connectivity validation.

[dlvenable]

This approach does have slightly different semantics from #6769.

That code has:

if (address.isMulticastAddress() || address.isAnyLocalAddress()) {
  throw new BadRequestException(INVALID_URL);
}

So it is disallowing multicast and link-local. I'm not sure we need to disallow that here. But should we aim for closer semantic similarity between the two?

If we are going to allow these, include some unit test cases to make this explicit.

[srikanthpadakanti]

This approach does have slightly different semantics from #6769.

That code has:

if (address.isMulticastAddress() || address.isAnyLocalAddress()) {
  throw new BadRequestException(INVALID_URL);
}

So it is disallowing multicast and link-local. I'm not sure we need to disallow that here. But should we aim for closer semantic similarity between the two?

If we are going to allow these, include some unit test cases to make this explicit.

For GeoIP, multicast and link-local won't match MMDB entries so they're harmless to pass through unlike Confluence where connecting to those addresses is a security concern. Added explicit test cases for multicast and link-local to document this is intentional.