Websocket listens on 127.0.0.1 by default.
rsmmr opened this issue · comments
endpoint::listen()
and endpoint::web_socket_listen()
are inconsistent in where they listen if no interface is given:
event zeek_init()
{
Broker::listen("");
Broker::listen_websocket("");
}
I verified that with this config, the two Broker-side endpoint listen functions indeed both get the same empty string as their argument, but the result is different:
# lsof
...
zeek 92642 robin 15u IPv6 0x7403993b3488d5fb 0t0 TCP *:9999 (LISTEN)
zeek 92642 robin 16u IPv4 0x7403994498267743 0t0 TCP 127.0.0.1:9997 (LISTEN)
@Neverlord would that be an easy fix?
Passing 0.0.0.0
from Broker would be a trivial fix. However, as pointed out in zeek-packages/zeek-agent-v2#9, that's forcing IPv4. The issue is the function that Broker calls for creating that socket. That should not just pick the first local interface but no interface at all when passing an empty string. Still an easy fix, but it's going to be at the CAF side.
ok, let's put this on the maintenance list for when you get to it.