From: David Lamparter Date: Tue, 8 Aug 2017 18:11:10 +0000 (+0200) Subject: lib: thoroughly disable tcp-zebra X-Git-Tag: frr-4.0-dev~432^2~1 X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=5d13cd091a183601eb8ebedeeeed2121ce4c3781;p=mirror%2Ffrr.git lib: thoroughly disable tcp-zebra Disable this in the code to make it hard for people to shoot themselves in the foot. It's only left as a remnant for development use. Signed-off-by: David Lamparter --- diff --git a/doc/zebra.8.in b/doc/zebra.8.in index 333e66fcf6..7f4a81b1a0 100644 --- a/doc/zebra.8.in +++ b/doc/zebra.8.in @@ -104,14 +104,6 @@ It should thus be loaded with \fB-M fpm:netlink\fR or \fB-M fpm:protobuf\fR. Use the specified path to open the zebra API socket on. The default is \fB\fI@CFG_STATE@/zserv.api\fR. This option must be given with the same value to all FRR protocol daemons. - -For debugging purposes (using tcpdump or wireshark to trace cross-daemon -communication), a TCP socket can be used by specifying \fI@tcp[46][:port]\fR. -It is intentionally not possible to bind this to anything other than localhost -since zebra and the other daemons need to be running on the same host. Using -this feature \fBCREATES A SECURITY ISSUE\fR since nothing prevents other users -on the local system from connecting to zebra and injecting bogus routing -information. .TP \fB\-v\fR, \fB\-\-version\fR Print the version and exit. diff --git a/lib/libfrr.c b/lib/libfrr.c index e92456cf77..c901dcc229 100644 --- a/lib/libfrr.c +++ b/lib/libfrr.c @@ -138,6 +138,7 @@ bool frr_zclient_addr(struct sockaddr_storage *sa, socklen_t *sa_len, path = ZEBRA_SERV_PATH; if (!strncmp(path, ZAPI_TCP_PATHNAME, strlen(ZAPI_TCP_PATHNAME))) { + /* note: this functionality is disabled at bottom */ int af; int port = ZEBRA_PORT; char *err = NULL; @@ -193,6 +194,21 @@ bool frr_zclient_addr(struct sockaddr_storage *sa, socklen_t *sa_len, #endif break; } + +#if 1 + /* force-disable this path, because tcp-zebra is a + * SECURITY ISSUE. there are no checks at all against + * untrusted users on the local system connecting on TCP + * and injecting bogus routing data into the entire routing + * domain. + * + * The functionality is only left here because it may be + * useful during development, in order to be able to get + * tcpdump or wireshark watching ZAPI as TCP. If you want + * to do that, flip the #if 1 above to #if 0. */ + memset(sa, 0, sizeof(*sa)); + return false; +#endif } else { /* "sun" is a #define on solaris */ struct sockaddr_un *suna = (struct sockaddr_un *)sa;