Websocket listens on 127.0.0.1 by default.

Question

Websocket listens on 127.0.0.1 by default.

rsmmr opened this issue 2 years ago · comments

endpoint::listen() and endpoint::web_socket_listen() are inconsistent in where they listen if no interface is given:

event zeek_init()
{
	Broker::listen("");
	Broker::listen_websocket("");
}

I verified that with this config, the two Broker-side endpoint listen functions indeed both get the same empty string as their argument, but the result is different:

# lsof
...
zeek      92642 robin   15u     IPv6 0x7403993b3488d5fb         0t0                 TCP *:9999 (LISTEN)
zeek      92642 robin   16u     IPv4 0x7403994498267743         0t0                 TCP 127.0.0.1:9997 (LISTEN)

Robin Sommer · Answer 1 · Wed Jul 13 2022 18:58:22 GMT+0800 (China Standard Time)

@Neverlord would that be an easy fix?

Dominik Charousset · Answer 2 · Wed Jul 13 2022 23:44:07 GMT+0800 (China Standard Time)

Passing 0.0.0.0 from Broker would be a trivial fix. However, as pointed out in zeek-packages/zeek-agent-v2#9, that's forcing IPv4. The issue is the function that Broker calls for creating that socket. That should not just pick the first local interface but no interface at all when passing an empty string. Still an easy fix, but it's going to be at the CAF side.

Robin Sommer · Answer 3 · Thu Jul 14 2022 15:33:50 GMT+0800 (China Standard Time)

ok, let's put this on the maintenance list for when you get to it.