From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 55D29460E4; Mon, 27 Jan 2025 15:40:45 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id E8C0E4027D; Mon, 27 Jan 2025 15:40:44 +0100 (CET) Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.18]) by mails.dpdk.org (Postfix) with ESMTP id CC68840275; Mon, 27 Jan 2025 15:40:42 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737988843; x=1769524843; h=date:from:to:cc:subject:message-id:references: in-reply-to:mime-version; bh=bbQYpOgus+D1uvF9FU3dvgEApXEQSpwtfWDPK0hwcbo=; b=ejpG2t/ItR5UPg0bnu+tWWY4F7LXsLPePZxnAZ0Zl0pwmfVs5H3a3oCS JbNuXVk71V/FwDzlQP3TSqusz71Q68JK9teJPF6vuQPAXDUtSE06CshNI Ld5POaiap48VQKl4wOrHf7v8T4zYtF+iB2dnYUrIT3RCI78KFCaCvfS9+ bKjsNhAZx/k/9LxiVjBVK4XPpR19XVfiei3Xnm/AXJkWoaDye/HZQimjn KLGQkImMqgiAPvI0kx9wSarhOG4wuIKJSTOq/6hdp11DYIaZ5jKENbxW2 T8gTAPFmC+z8liM7W1WnOEOeyQeg1jYZ/kehRYdqH78UaKW/w5JmkMOs1 Q==; X-CSE-ConnectionGUID: AAEWDEeZQ/G4IzhXeOO6Hg== X-CSE-MsgGUID: U+88k77tTuu+V8HVKypjGw== X-IronPort-AV: E=McAfee;i="6700,10204,11328"; a="37702434" X-IronPort-AV: E=Sophos;i="6.13,238,1732608000"; d="scan'208";a="37702434" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by fmvoesa112.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Jan 2025 06:40:41 -0800 X-CSE-ConnectionGUID: tqpfLNb9RsShFqng57oZ0g== X-CSE-MsgGUID: L284P5mQRwOk/ONMN8bu9A== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.13,238,1732608000"; d="scan'208";a="113447229" Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by fmviesa004.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 27 Jan 2025 06:40:41 -0800 Received: from orsmsx601.amr.corp.intel.com (10.22.229.14) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.44; Mon, 27 Jan 2025 06:40:40 -0800 Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.44 via Frontend Transport; Mon, 27 Jan 2025 06:40:40 -0800 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.170) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.44; Mon, 27 Jan 2025 06:40:40 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=o9agbFyA1adPUQxqke8Lm5dEwTQFkJMOTZSo96OIJR3atBZ5+ccfBAZFxzdhL798UZlywtKj36jLXNtgyb5judPIKYD/ZjbuYXEk1KDnq5Fu1A0vaUdsjhOvCJecbEARmZSxxZd8NAPPCdaoy86Ie2IXfbc9b3jzjZCWHoEWGMBk3HQuRfbGj6kXjdftWyYvlta2WIkQeZN6K4ObL+wGG+P/FmDTIkWPbV4EIPhsnxSg1Dg9jU3HFuuktIfUqnCUQxa+JF6mWzOOCYBZapRr/mqPZ2dLnYlS6NuN5WJffpBp95JjeI4rGNiEMT7I8qo/PhkHkj4rxSbLkLG6+MlVRg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=65iDQ+egR+jKRjIsxf8nKSva8R29h1m4qlBnR8PWHb0=; b=ABSZe6jHQSZ2DL9SopglvCSHWgFwmU5lzios6uISSTIJDuF6U8ejFub1XYyAQFgyKroBGHjWkRgS92vzNpNEhITEAetWSv+e3UsAsSWZhPZIX/zyy/5B14KCKpGTynoyntiGAGBT1kvr9E7XYpEZvqVdgnNIH+pJCUX/nvWCzx+taeSu8pY+dV9vlG6CI1uON92eAEvWau32p8XS7/8ZK5rK/dEXAHhUc7HRQbq+Chjl+OraWBN8rGdgvPDC4DAZWLJRtlG37GncEpV2kdQqnZkhFu7w3Va65sUN8Ojfyxiuf6j0rDWYIhBMsyZxk+ys1c8lkWLww1BAKZAQ8O26Og== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; Received: from CY8PR11MB7290.namprd11.prod.outlook.com (2603:10b6:930:9a::6) by LV3PR11MB8532.namprd11.prod.outlook.com (2603:10b6:408:1ae::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8377.22; Mon, 27 Jan 2025 14:39:58 +0000 Received: from CY8PR11MB7290.namprd11.prod.outlook.com ([fe80::2fa:a105:f81e:5971]) by CY8PR11MB7290.namprd11.prod.outlook.com ([fe80::2fa:a105:f81e:5971%5]) with mapi id 15.20.8377.021; Mon, 27 Jan 2025 14:39:58 +0000 Date: Mon, 27 Jan 2025 14:39:52 +0000 From: Bruce Richardson To: Robin Jarry CC: , Subject: Re: [PATCH dpdk] telemetry-exporter: listen on loopback by default Message-ID: References: <20250127115143.585207-2-rjarry@redhat.com> Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: <20250127115143.585207-2-rjarry@redhat.com> X-ClientProxiedBy: DU2PR04CA0159.eurprd04.prod.outlook.com (2603:10a6:10:2b0::14) To CY8PR11MB7290.namprd11.prod.outlook.com (2603:10b6:930:9a::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY8PR11MB7290:EE_|LV3PR11MB8532:EE_ X-MS-Office365-Filtering-Correlation-Id: eab53a2b-46d8-42db-3c6e-08dd3ee078e3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|1800799024|376014|7053199007; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?eR8v0t4CBA4nI/4lRJ62bz1r+o04BFl3wwJ0uinAbzMKmJUQzg0NO/6cCapb?= =?us-ascii?Q?ASmogg04hWz6ajKbth3fG2541ERIVgtfe0py6nkNzf8Wc6nPIcOSqnH2ZXC4?= =?us-ascii?Q?iZ0NfRxKeetvY4UAFQgedHc+nZxTDPi1Rlve5k0H4+Yuo4ktZ7Cmo02mLcH8?= =?us-ascii?Q?c3mC7DwTDvIsArSRzRu6HIxff7jlH/IKOzP7NVylW2tHiLMHFdjIw34Clkd1?= =?us-ascii?Q?Y8Y4liCWezcWenOBtEYHIxbDmY4n8nUoMGMjHeOOprZPmkA5zHLb7HZyvmng?= =?us-ascii?Q?VpRtTJW2hALbGc6rFX30AehRR8ujDBkaKQ8huAm+7jCAi4OA6CKc8X7ZHBPD?= =?us-ascii?Q?D/DgaeZcYmRixeEbZs8DZCslrF4seplyRYq4vLBGJhQKbVFmMmAzsGQ3jeUH?= =?us-ascii?Q?fkNI0/h9DrijsWajEglXT7bUcNpRDY9X5NpLvJNl52DKPcGgKEv1pjEqUiox?= =?us-ascii?Q?nek9LzIOsfxNdkuDlGfKffZovIybxs5MXgeBLJXi7B9CnXcp7pY2ar0UKojp?= =?us-ascii?Q?+pJBiaNG9Q5TR5QX04tkq71Qb+jrW+4OxHhCJpacETN/8Dqbol8OtOPDXNJB?= =?us-ascii?Q?faPpDcIOyQhwHTR49qvAqH6BLTTBE7i4eR00xlDCJBDMhlCjfOmEHkBI7y7X?= =?us-ascii?Q?YUpSBkN22OmvePmG9Px2XYFnPHwLl/0KYyGmEJPAu2bCviGkNPELgiKShzUv?= =?us-ascii?Q?ck/o+UgYv3PdIyiiRxhvILs3O+u9aLAwtOxhuOdrb+VlldiuNjpQo2I0mS5M?= =?us-ascii?Q?i6r2wOxALSMdl9up8i7HKGfpm0UX00COrJ3YkrQ4HsPK44fEKhON9sHNMimA?= =?us-ascii?Q?zuHa/sHW8Na5mgnCS+cQ7Q7dIYIO/LStteQD9swPVcpulg4jXa0cjmTJep6E?= =?us-ascii?Q?h2YZp5x1MyVnYF+h3sfEQHWaXJmi3+EoJAHEtkNgr5Bt6T6vFj1qIl3TySK2?= =?us-ascii?Q?9Fgez60tZdMM+lJ1mSHrvLOqHkZ389tU+yKYKsngU6QAhMA85vj3Bz9yck8O?= =?us-ascii?Q?jkM2PryhLQoWgjMS8FwyR3wNYDQ36i5csNb2ZPaSU2sWbEzeqD/niHPoSLIu?= =?us-ascii?Q?9xFm0uSGk5Ou/uoAUEcH2hXRI9s+T0QcBmW8RbooPVig8lW4ahoMcH8kRC3N?= =?us-ascii?Q?8bpPXY7liLV0jOp7sIuXrkDj1iN1KMNbaRQOe6mjJhSWbhvFktnw6S/ZkUYo?= =?us-ascii?Q?qvsOTCbjd8NKDbuEs9PEcx4lqHuSOexre4gHiuJufB2rC45eillHkgryVhwT?= =?us-ascii?Q?ynLfhOC7s+7mXazDTjGLSoEKIRn94aigf5LJQ8Z7m4eUNznqdPeqbyPb93RH?= =?us-ascii?Q?F/UmIHzXnLxgrQTkCilBQnkbUWp27d1jewW3xCfnuoWbbhGlxXUZYgmGNAtc?= =?us-ascii?Q?DBb475ZOKkxl2Zbep8FxNW98g3/C?= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CY8PR11MB7290.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230040)(366016)(1800799024)(376014)(7053199007); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?1reoocfgAvDs2YRTbPQCXS3i2lHrJ9AG8LNDfyYYA2JOn89iRZdPs/lMoK/v?= =?us-ascii?Q?dtWbCTkfUWa0TbjZxWuGPajbQX/i2j3+xFuE0unFtN5CDL2FSFCzHGqXRA2P?= =?us-ascii?Q?qmvzNJAWiSDNfvILBFjIw7/wSp4k3IAc7VuVXT586k5Rlb4e1bjO/VF7h1rj?= =?us-ascii?Q?jLPE7c+LI11ggOFXpq0Xz1ha1tNDH0+/0yRtOF1+aksebR/dGpDRqJ/9tyMg?= =?us-ascii?Q?a+nfafg4a3F1rz9ajCAtQ84BIs0eVpSFUuVx4hziAAtPsLSlhbu6Q3v14Auf?= =?us-ascii?Q?8WPOQlAK4obi7/ilSCjiAuOI6meemMTAS+xdcDk5aJ7EXrqYCPo0OWGpYtAI?= =?us-ascii?Q?rBZHQqf1WJwRLOQ0Fu20ZVRcPqv4sc5papqaEs2WtFxdvAnqngG2gPp7Q3w2?= =?us-ascii?Q?kXUywBRLc7GAVBJKY57jeRAnKngsaCUOvAsoQjz/sCrqo3lfL6hPZX7M8NXK?= =?us-ascii?Q?cxrgdHUsJ4OkHJGs6gS1OoNgI94zjAttScbKnT/R4t31+krq831HzxTncdek?= =?us-ascii?Q?HuPB2jqL5Ft39OFS5iTQBonT65h+1NZeeCGXizKkpP8wuGqpLEsVf+frnCU1?= =?us-ascii?Q?2UmnhIY/IukxK9MFKDFe66FkEiuerTWOcZc4ya+shLl2b339+WSJxvJ0Am5f?= =?us-ascii?Q?gcU7ubFGioaXViwpZCsfhUdyHVjcODITE+iCJGm4WnD9dRX1M5hVWoITdgIU?= =?us-ascii?Q?ktF3SptPAFNJVSN2LOrUlCLbesnoqwKym6rbz66ETy1RqHAlV2GnK+p1s6An?= =?us-ascii?Q?ZF9jLzVhkQxGiNYsMwAFvjKlrLGsgeqw5My6+PxcPtQyVdfp+iaG04ACOn+e?= =?us-ascii?Q?Gfx22dpL3fGROUYP60gEHruODyeuyKXvEL3J0uReIoBg3EdlejLKDAvmHA16?= =?us-ascii?Q?kF5GkJYeY7Z+mEFcJtMscw8gXg+akmOd0UPo2VLiDnmGDUj5fFOFjdBsHn1B?= =?us-ascii?Q?2cMqESuRxqqucig7PmehVRK87KCloZ8zt7aYii0Oyq0uPOm/0cXSp+arVAOp?= =?us-ascii?Q?A56YV6Rcatm+YXDpuZpzi8WuCiLll+mqzhsWnJR+0dB2AuzS/rmw28pdTbDc?= =?us-ascii?Q?1XVGchor595yzq5Mwb9R+loI0Po2kDiPQDUJ4vGFiQMW0UWWO3Vn7BQmWDBP?= =?us-ascii?Q?UecLjzF33J/+AOCafrlupm+n3uJV1Jb5peBW09mIo4v4cEeRHSchqjBBg4fh?= =?us-ascii?Q?mNkRDjtjTjBeSU+6F51lGzvnsdVv8nqTvU+m2UsnQl5EahHsaEk2cJ6xy+ar?= =?us-ascii?Q?p1K2LVpxgVgnYkQQ3d75drWiCPJe32YLojmWNZDSSTw7Sm5im0AQGfQHwU5R?= =?us-ascii?Q?oOXacwWsQ3b2m0rStLRyrec3W8mir0gVbsyh+9IULpYUlDhzZgLLyRJMNkPV?= =?us-ascii?Q?Scyk07UFi7tHTVGP9yPzzAgLutMyvNpt4Bo/uDJiLl5UWGwABGWnyxqBRyJ6?= =?us-ascii?Q?wsZf7WnRaH6PYx0/vDuSmPXyqA72kRivh1S5CLyRdsy9IHB0ouvs7ZTC88D0?= =?us-ascii?Q?KD11EEl55hzZEbK8eHORPEW5lMCz7SH9s/20AF2k9q+H9ajcgJtGaqXbhh5A?= =?us-ascii?Q?ShGnBhdv0pAouKcE/FAEHJQUINVznR/+kLSX0nkwwgHkiXPgU4nyvJNyyc4u?= =?us-ascii?Q?yA=3D=3D?= X-MS-Exchange-CrossTenant-Network-Message-Id: eab53a2b-46d8-42db-3c6e-08dd3ee078e3 X-MS-Exchange-CrossTenant-AuthSource: CY8PR11MB7290.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Jan 2025 14:39:58.1608 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: fyeIZerPasbZWRy//90vQ0VFKSvvnqSHIcRpzCJ0cqclQbP0xBQfehKeoU6QvnNjYZZfnHxFPoglLKRZY39IHPreBRXFrEkq6xx3wUwLA/w= X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV3PR11MB8532 X-OriginatorOrg: intel.com X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org On Mon, Jan 27, 2025 at 12:51:44PM +0100, Robin Jarry wrote: > Fix the following warning reported by Coverity: > > Defect type: SIGMA.insecure_network_bind: > > dpdk-stable-24.11.1/usertools/dpdk-telemetry-exporter.py:278: > > Sigma main event: The HTTP server binds to all network interfaces by > > setting the IP address to "", `0.0.0.0`, `::`, or `::0`. > > This may expose the server to unintended traffic. > > Avoid listening to all interfaces by default to avoid exposing private > information unwillingly. > > Unrelated: The Python stdlib TCP server listens on IPv4 only by default. > Changing this requires creating a subclass that overrides address_family > to socket.AF_INET6. > > Fixes: d94ebd627a86 ("usertools: add telemetry exporter") > Cc: stable@dpdk.org > Signed-off-by: Robin Jarry > --- > usertools/dpdk-telemetry-exporter.py | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/usertools/dpdk-telemetry-exporter.py b/usertools/dpdk-telemetry-exporter.py > index 6eca0db2e80a..6f66d4ecaab1 100755 > --- a/usertools/dpdk-telemetry-exporter.py > +++ b/usertools/dpdk-telemetry-exporter.py > @@ -75,7 +75,7 @@ def cmd(self, uri, arg=None) -> dict | list: > "/usr/local/share/dpdk/telemetry-endpoints", > "/usr/share/dpdk/telemetry-endpoints", > ] > -DEFAULT_OUTPUT = "openmetrics://:9876" > +DEFAULT_OUTPUT = "openmetrics://127.0.0.1:9876" > Minor nit, but would it be better to use "localhost" rather than the hardcoded IP here and below? > > def main(): > @@ -275,11 +275,11 @@ def serve_openmetrics( > Start an HTTP server and serve requests in the openmetrics/prometheus > format. > """ > - listen = (args.output.hostname or "", int(args.output.port or 80)) > + listen = (args.output.hostname or "127.0.0.1", int(args.output.port or 80)) > with server.HTTPServer(listen, OpenmetricsHandler) as httpd: > httpd.dpdk_socket_path = args.socket_path > httpd.telemetry_endpoints = endpoints > - LOG.info("listening on port %s", httpd.server_port) > + LOG.info("listening on %s", httpd.socket.getsockname()) > try: > httpd.serve_forever() > except KeyboardInterrupt: > -- > 2.48.1 >