Management framework: don't hardwire controller IP in agent

This changes the default IP address for the agent to connect to the controller from a hardwired 127.0.0.1 to going through a cascade of considering a configured Management::Controller::listen_address, then Management::default_address, and falling back to 127.0.0.1.
2025-10-01 22:28:20 +00:00 · 2025-09-17 03:12:53 -07:00 · 2025-09-17 03:12:53 -07:00 · c67f15414e
commit c67f15414e
parent 067c257480
2 changed files with 14 additions and 9 deletions
--- a/scripts/policy/frameworks/management/agent/config.zeek
+++ b/scripts/policy/frameworks/management/agent/config.zeek
@ -76,7 +76,8 @@ export {
 	## like to use that mode, make sure to set
 	## :zeek:see:`Management::Agent::listen_address` and
 	## :zeek:see:`Management::Agent::listen_port` as needed.
-	const controller = Broker::NetworkInfo($address="127.0.0.1",
+	const controller = Broker::NetworkInfo(
 	    $address=Management::Controller::network_info("127.0.0.1")$address,
 	    $bound_port=Management::Controller::network_info()$bound_port) &redef;
 	## An optional working directory for the agent. Agent and controller
--- a/scripts/policy/frameworks/management/controller/config.zeek
+++ b/scripts/policy/frameworks/management/controller/config.zeek
@ -106,12 +106,16 @@ export {
 	global get_name: function(): string;
 	## Returns a :zeek:see:`Broker::NetworkInfo` record describing the
-	## controller's Broker connectivity.
+	## controller's Broker listening address and port. When the function
-	global network_info: function(): Broker::NetworkInfo;
+	## cannot determine a configured listening address, it uses the provided
 	## fallback.
 	global network_info: function(fallback_address: string &default="0.0.0.0"): Broker::NetworkInfo;
 	## Returns a :zeek:see:`Broker::NetworkInfo` record describing the
-	## controller's websocket connectivity.
+	## controller's websocket listening address and port. When the function
-	global network_info_websocket: function(): Broker::NetworkInfo;
+	## cannot determine a configured listening address, it uses the provided
 	## fallback.
 	global network_info_websocket: function(fallback_address: string &default="0.0.0.0"): Broker::NetworkInfo;
 	## Returns a :zeek:see:`Broker::EndpointInfo` record describing the
 	## controller's Broker connectivity.
@ -130,7 +134,7 @@ function get_name(): string
 	return fmt("controller-%s", gethostname());
 	}
-function network_info(): Broker::NetworkInfo
+function network_info(fallback_address: string &default="0.0.0.0"): Broker::NetworkInfo
 	{
 	local ni: Broker::NetworkInfo;
@ -139,7 +143,7 @@ function network_info(): Broker::NetworkInfo
 	else if ( Management::default_address != "" )
 		ni$address = Management::default_address;
 	else
-		ni$address = "0.0.0.0";
+		ni$address = fallback_address;
 	if ( Management::Controller::listen_port != "" )
 		ni$bound_port = to_port(Management::Controller::listen_port);
@ -149,7 +153,7 @@ function network_info(): Broker::NetworkInfo
 	return ni;
 	}
-function network_info_websocket(): Broker::NetworkInfo
+function network_info_websocket(fallback_address: string &default="0.0.0.0"): Broker::NetworkInfo
 	{
 	local ni: Broker::NetworkInfo;
@ -158,7 +162,7 @@ function network_info_websocket(): Broker::NetworkInfo
 	else if ( Management::default_address != "" )
 		ni$address = Management::default_address;
 	else
-		ni$address = "0.0.0.0";
+		ni$address = fallback_address;
 	if ( Management::Controller::listen_port_websocket != "" )
 		ni$bound_port = to_port(Management::Controller::listen_port_websocket);