patch 'usertools/telemetry: fix exporter default IP binding' has been queued to stable release 24.11.4

[Kevin Traynor]

Hi,

FYI, your patch has been queued to stable release 24.11.4

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 11/26/25. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable

This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable/commit/a5b7b00d9af02c90475bc14f79720e62d359ab33

Thanks.

Kevin

---
>From a5b7b00d9af02c90475bc14f79720e62d359ab33 Mon Sep 17 00:00:00 2001
From: Robin Jarry <rjarry at redhat.com>
Date: Mon, 27 Jan 2025 12:51:44 +0100
Subject: [PATCH] usertools/telemetry: fix exporter default IP binding

[ upstream commit 9a8382b0685674d80e4787f8db2885343edaea29 ]

Fix the following warning reported by Coverity:

Defect type: SIGMA.insecure_network_bind:
> dpdk-stable-24.11.1/usertools/dpdk-telemetry-exporter.py:278:
> Sigma main event: The HTTP server binds to all network interfaces by
> setting the IP address to "", `0.0.0.0`, `::`, or `::0`.
> This may expose the server to unintended traffic.

Avoid listening to all interfaces by default to avoid exposing private
information unwillingly.

Unrelated: The Python stdlib TCP server listens on IPv4 only by default.
Changing this requires creating a subclass that overrides address_family
to socket.AF_INET6.

Fixes: d94ebd627a86 ("usertools: add telemetry exporter")

Signed-off-by: Robin Jarry <rjarry at redhat.com>
---
 usertools/dpdk-telemetry-exporter.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/usertools/dpdk-telemetry-exporter.py b/usertools/dpdk-telemetry-exporter.py
index 6eca0db2e8..6f66d4ecaa 100755
--- a/usertools/dpdk-telemetry-exporter.py
+++ b/usertools/dpdk-telemetry-exporter.py
@@ -76,5 +76,5 @@ DEFAULT_LOAD_PATHS += [
     "/usr/share/dpdk/telemetry-endpoints",
 ]
-DEFAULT_OUTPUT = "openmetrics://:9876"
+DEFAULT_OUTPUT = "openmetrics://127.0.0.1:9876"
 
 
@@ -276,9 +276,9 @@ def serve_openmetrics(
     format.
     """
-    listen = (args.output.hostname or "", int(args.output.port or 80))
+    listen = (args.output.hostname or "127.0.0.1", int(args.output.port or 80))
     with server.HTTPServer(listen, OpenmetricsHandler) as httpd:
         httpd.dpdk_socket_path = args.socket_path
         httpd.telemetry_endpoints = endpoints
-        LOG.info("listening on port %s", httpd.server_port)
+        LOG.info("listening on %s", httpd.socket.getsockname())
         try:
             httpd.serve_forever()
-- 
2.51.0

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2025-11-21 11:05:11.504712316 +0000
+++ 0061-usertools-telemetry-fix-exporter-default-IP-binding.patch	2025-11-21 11:05:09.537857508 +0000
@@ -1 +1 @@
-From 9a8382b0685674d80e4787f8db2885343edaea29 Mon Sep 17 00:00:00 2001
+From a5b7b00d9af02c90475bc14f79720e62d359ab33 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 9a8382b0685674d80e4787f8db2885343edaea29 ]
+
@@ -22 +23,0 @@
-Cc: stable at dpdk.org