Only listen for monitor connections on localhost by default

This is to prevent accidental exposure of the monitor port to the public
internet if a server admin enables the monitor port without it being
properly firewalled. There is now a config option that lets you override
the address to bind to, so that it can still be made available to other
machines over private networks such as Wireguard.
This commit is contained in:
dongresource 2024-10-17 00:42:33 +02:00
parent 5e92a58134
commit 3365cb53b7
4 changed files with 13 additions and 2 deletions

View File

@ -102,5 +102,8 @@ eventmode=0
enabled=false enabled=false
# the port to listen for connections on # the port to listen for connections on
port=8003 port=8003
# The local IP to listen on.
# Do not change this unless you know what you're doing.
listenip=127.0.0.1
# how often the listeners should be updated (in milliseconds) # how often the listeners should be updated (in milliseconds)
interval=5000 interval=5000

View File

@ -180,9 +180,14 @@ SOCKET Monitor::init() {
} }
address.sin_family = AF_INET; address.sin_family = AF_INET;
address.sin_addr.s_addr = INADDR_ANY;
address.sin_port = htons(settings::MONITORPORT); address.sin_port = htons(settings::MONITORPORT);
if (!inet_pton(AF_INET, settings::MONITORLISTENIP.c_str(), &address.sin_addr)) {
std::cout << "Failed to set monitor listen address" << std::endl;
printSocketError("inet_pton");
exit(1);
}
if (SOCKETERROR(bind(listener, (struct sockaddr*)&address, sizeof(address)))) { if (SOCKETERROR(bind(listener, (struct sockaddr*)&address, sizeof(address)))) {
std::cout << "Failed to bind to monitor port" << std::endl; std::cout << "Failed to bind to monitor port" << std::endl;
printSocketError("bind"); printSocketError("bind");
@ -206,7 +211,7 @@ SOCKET Monitor::init() {
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
std::cout << "Monitor listening on *:" << settings::MONITORPORT << std::endl; std::cout << "Monitor listening on " << settings::MONITORLISTENIP << ":" << settings::MONITORPORT << std::endl;
REGISTER_SHARD_TIMER(tick, settings::MONITORINTERVAL); REGISTER_SHARD_TIMER(tick, settings::MONITORINTERVAL);

View File

@ -64,6 +64,7 @@ bool settings::DISABLEFIRSTUSEFLAG = true;
// monitor settings // monitor settings
bool settings::MONITORENABLED = false; bool settings::MONITORENABLED = false;
int settings::MONITORPORT = 8003; int settings::MONITORPORT = 8003;
std::string settings::MONITORLISTENIP = "127.0.0.1";
int settings::MONITORINTERVAL = 5000; int settings::MONITORINTERVAL = 5000;
// event mode settings // event mode settings
@ -121,5 +122,6 @@ void settings::init() {
IZRACESCORECAPPED = reader.GetBoolean("shard", "izracescorecapped", IZRACESCORECAPPED); IZRACESCORECAPPED = reader.GetBoolean("shard", "izracescorecapped", IZRACESCORECAPPED);
MONITORENABLED = reader.GetBoolean("monitor", "enabled", MONITORENABLED); MONITORENABLED = reader.GetBoolean("monitor", "enabled", MONITORENABLED);
MONITORPORT = reader.GetInteger("monitor", "port", MONITORPORT); MONITORPORT = reader.GetInteger("monitor", "port", MONITORPORT);
MONITORLISTENIP = reader.Get("monitor", "listenip", MONITORLISTENIP);
MONITORINTERVAL = reader.GetInteger("monitor", "interval", MONITORINTERVAL); MONITORINTERVAL = reader.GetInteger("monitor", "interval", MONITORINTERVAL);
} }

View File

@ -38,6 +38,7 @@ namespace settings {
extern int EVENTMODE; extern int EVENTMODE;
extern bool MONITORENABLED; extern bool MONITORENABLED;
extern int MONITORPORT; extern int MONITORPORT;
extern std::string MONITORLISTENIP;
extern int MONITORINTERVAL; extern int MONITORINTERVAL;
extern bool DISABLEFIRSTUSEFLAG; extern bool DISABLEFIRSTUSEFLAG;
extern bool IZRACESCORECAPPED; extern bool IZRACESCORECAPPED;