[ZBXNEXT-3581] Drop plain text protocol, make ZBXD\1 header mandatory Created: 2016 Dec 01  Updated: 2024 Apr 10  Resolved: 2018 Apr 03

Status: Closed
Project: ZABBIX FEATURE REQUESTS
Component/s: Agent (G), Frontend (F), Proxy (P), Server (S)
Affects Version/s: 3.4.0alpha1
Fix Version/s: 4.0.0alpha3, 4.0 (plan)

Type: Change Request Priority: Major
Reporter: Glebs Ivanovskis (Inactive) Assignee: Vladislavs Sokurenko
Resolution: Fixed Votes: 0
Labels: passive, protocols, tcp
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Causes
causes ZBX-13523 confusing messages during network dis... Closed
Duplicate
is duplicated by ZBX-10191 Passive agent fails to respond if key... Closed
is duplicated by ZBX-13202 ?Invalid item key format.?message fro... Closed
is duplicated by ZBX-11531 SSL_ERROR_ZERO_RETURN in zbx_tls_read... Closed
Team: Team A
Sprint: Sprint 25, Sprint 26, Sprint 30, Sprint 31
Story Points: 0.5

 Description   

New protocol was introduced in Zabbix 1.4, but server and proxy continued to poll passive items using old protocol and all Zabbix components continue to receive plain text messages for compatibility of newer versions with pre-1.4 agents.

It turns out (ZBX-11528) that zabbix_get has been using new protocol to poll passive items and since no one has ever complained about that, it is reasonable to make headers mandatory. Particularly, to fix ZBX-10191 which affects passive items, remote commands and can be used to attack server/proxy trappers.

 Comments   
Comment by Vladislavs Sokurenko [ 2018 Jan 12 ]

Fixed in development branch:
svn://svn.zabbix.com/branches/dev/ZBXNEXT-3581

Comment by Andris Zeila [ 2018 Jan 29 ]

Successfully tested.

Comment by Vladislavs Sokurenko [ 2018 Jan 31 ]

Fixed in:

  • pre-4.0.0alpha3 (trunk) r77321

dropped plain text protocol support and made header mandatory; fixed IP fragmentation handling by including header in Zabbix get request, Zabbix server/proxy passive check request and frontend request to Zabbix server

Comment by richlv [ 2018 Feb 20 ]

(7) [D] a few suggested documentation improvements :

  • in the upgrade notes, it would be useful to mention which zabbix agent versions are not supported now
  • compatibility page still says 1.x agents are supported

btw, in the compatibility page, this sentence sounds strange : "Older agents from Zabbix 1.x, 2.x and previous versions of Zabbix 3.x can still be used with Zabbix 4.0"

glebs.ivanovskis You can infer this information from the issue description. But would be nice to have it in Upgrade notes. Also Upgrade notes do not mention complications for self-written senders.

martins-v Thanks, the two mentioned sections updated. Please review. RESOLVED

glebs.ivanovskis, Can we be more specific about the 'complications' you mention? Is there anything that cannot be inferred from the information mentioned in the upgrade notes?

glebs.ivanovskis I like it!
3.0 and 3.4 still have strange "and previous versions" wording. I guess it started with 3.2, where it was supposed to mean that 3.0 and 3.2 (but not 3.4!) agents will work with 3.2 server/proxy.

Speaking of "complications", previously trappers were happily accepting messages without headers as well as messages with headers. Now they will only accept messages with protocol header. We were also thinking about giving examples of generating such header in the most popular languages...

<richlv> looks good indeed, thank you.
noticed a sentence just now :

It generally does not require any configuration changes on the agent side, apart from parameters related to logging for versions before 3.0

this is a bit wrong, as there have been other incompatible config file changes before.

regarding header examples in various languages, examples already abound like :

martins-v Documentation updates:

  • Wording of the version compatibility page changed, also in 3.0-3.4. Ideally we would list all incompatible parameter changes (if there are others), but the tracking of those has been somewhat weak.
  • The upgrade note entry extended to mention the self-written sender situation.

RESOLVED

glebs.ivanovskis Looks good to me! I've added few snippets loosely based on sources suggested by richlv, Zabbix code and my personal hacks. I hope you are OK with wording and placement.

CLOSED

Comment by richlv [ 2018 Feb 21 ]

this has resulted in rather confusing messages during the network discovery : ZBX-13523

Comment by richlv [ 2018 Dec 03 ]

Turns out, this change is hitting a lot of users. To possibly help with search results:

Message from ... is missing header. Message ignored.
Generated at Tue Apr 23 10:25:39 EEST 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.