SERVER-28229: Bind to localhost by default

buildscripts/resmokeconfig/suites/aggregation_read_concern_majority_passthrough.yml

@@ -29,6 +29,7 @@ executor:
     fixture:
       class: ReplicaSetFixture
       mongod_options:
+        bind_ip_all: ''
         enableMajorityReadConcern: ''
         set_parameters:
           enableTestCommands: 1

buildscripts/resmokeconfig/suites/aggregation_sharded_collections_passthrough.yml

@@ -46,9 +46,11 @@ executor:
     fixture:
       class: ShardedClusterFixture
       mongos_options:
+        bind_ip_all: ''
         set_parameters:
           enableTestCommands: 1
       mongod_options:
+        bind_ip_all: ''
         nopreallocj: ''
         set_parameters:
           enableTestCommands: 1

buildscripts/resmokeconfig/suites/core.yml

@@ -15,5 +15,6 @@ executor:
     fixture:
       class: MongoDFixture
       mongod_options:
+        bind_ip_all: ''
         set_parameters:
           enableTestCommands: 1

buildscripts/resmokeconfig/suites/integration_tests_replset.yml

@@ -12,6 +12,7 @@ executor:
     fixture:
       class: ReplicaSetFixture
       mongod_options:
+        bind_ip_all: ''
         set_parameters:
           enableTestCommands: 1
           numInitialSyncAttempts: 1

buildscripts/resmokeconfig/suites/integration_tests_sharded.yml

@@ -12,10 +12,12 @@ executor:
     fixture:
       class: ShardedClusterFixture
       mongod_options:
+        bind_ip_all: ''
         set_parameters:
           enableTestCommands: 1
           numInitialSyncAttempts: 1
       mongos_options:
+        bind_ip_all: ''
         set_parameters:
           enableTestCommands: 1
       enable_sharding:

buildscripts/resmokeconfig/suites/integration_tests_standalone.yml

@@ -12,5 +12,6 @@ executor:
     fixture:
       class: MongoDFixture
       mongod_options:
+        bind_ip_all: ''
         set_parameters:
           enableTestCommands: 1

buildscripts/resmokeconfig/suites/jstestfuzz_replication.yml

@@ -24,6 +24,7 @@ executor:
     fixture:
       class: ReplicaSetFixture
       mongod_options:
+        bind_ip_all: ''
         set_parameters:
           enableTestCommands: 1
           numInitialSyncAttempts: 1

buildscripts/resmokeconfig/suites/jstestfuzz_replication_initsync.yml

@@ -23,6 +23,7 @@ executor:
       class: ReplicaSetFixture
       mongod_options:
         oplogSize: 511
+        bind_ip_all: ''
         verbose: ''
         set_parameters:
           logComponentVerbosity:

buildscripts/resmokeconfig/suites/jstestfuzz_replication_resync.yml

@@ -24,6 +24,7 @@ executor:
       class: ReplicaSetFixture
       mongod_options:
         oplogSize: 511
+        bind_ip_all: ''
         verbose: ''
         set_parameters:
           logComponentVerbosity:

buildscripts/resmokeconfig/suites/jstestfuzz_sharded.yml

@@ -20,10 +20,12 @@ executor:
       mongos_options:
         set_parameters:
           enableTestCommands: 1
+        bind_ip_all: ''
         verbose: ''
       mongod_options:
         set_parameters:
           enableTestCommands: 1
           numInitialSyncAttempts: 1
         verbose: ''
+        bind_ip_all: ''
       num_shards: 2

buildscripts/resmokeconfig/suites/master_slave_jscore_passthrough.yml

@@ -22,6 +22,7 @@ executor:
     fixture:
       class: MasterSlaveFixture
       mongod_options:
+        bind_ip_all: ''
         oplogSize: 511
         set_parameters:
           enableTestCommands: 1

buildscripts/resmokeconfig/suites/read_concern_linearizable_passthrough.yml

@@ -92,6 +92,7 @@ executor:
     fixture:
       class: ReplicaSetFixture
       mongod_options:
+        bind_ip_all: ''
         oplogSize: 511
         set_parameters:
           enableTestCommands: 1

buildscripts/resmokeconfig/suites/read_concern_majority_passthrough.yml

@@ -89,6 +89,7 @@ executor:
     fixture:
       class: ReplicaSetFixture
       mongod_options:
+        bind_ip_all: ''
         set_parameters:
           enableTestCommands: 1
           numInitialSyncAttempts: 1

buildscripts/resmokeconfig/suites/replica_sets_initsync_jscore_passthrough.yml

@@ -92,6 +92,7 @@ executor:
     fixture:
       class: ReplicaSetFixture
       mongod_options:
+        bind_ip_all: ''
         oplogSize: 511
         set_parameters:
           enableTestCommands: 1

buildscripts/resmokeconfig/suites/replica_sets_initsync_static_jscore_passthrough.yml

@@ -26,6 +26,7 @@ executor:
     fixture:
       class: ReplicaSetFixture
       mongod_options:
+        bind_ip_all: ''
         oplogSize: 511
         set_parameters:
           enableTestCommands: 1

buildscripts/resmokeconfig/suites/replica_sets_jscore_passthrough.yml

@@ -24,6 +24,7 @@ executor:
     fixture:
       class: ReplicaSetFixture
       mongod_options:
+        bind_ip_all: ''
         oplogSize: 511
         set_parameters:
           enableTestCommands: 1

buildscripts/resmokeconfig/suites/replica_sets_kill_secondaries_jscore_passthrough.yml

@@ -24,6 +24,7 @@ executor:
     fixture:
       class: ReplicaSetFixture
       mongod_options:
+        bind_ip_all: ''
         oplogSize: 511
         set_parameters:
           enableTestCommands: 1

buildscripts/resmokeconfig/suites/replica_sets_resync_static_jscore_passthrough.yml

@@ -27,6 +27,7 @@ executor:
     fixture:
       class: ReplicaSetFixture
       mongod_options:
+        bind_ip_all: ''
         oplogSize: 511
         set_parameters:
           enableTestCommands: 1

buildscripts/resmokeconfig/suites/sharded_collections_jscore_passthrough.yml

@@ -96,6 +96,7 @@ executor:
         set_parameters:
           enableTestCommands: 1
       mongod_options:
+        bind_ip_all: ''
         nopreallocj: ''
         set_parameters:
           enableTestCommands: 1

buildscripts/resmokeconfig/suites/sharding_gle_auth_basics_passthrough.yml

@@ -32,11 +32,13 @@ executor:
     fixture:
       class: ShardedClusterFixture
       mongos_options:
+        bind_ip_all: ''
         keyFile: *keyFile
         set_parameters:
           enableTestCommands: 1
           enableLocalhostAuthBypass: false
       mongod_options:
+        bind_ip_all: ''
         auth: ''
         keyFile: *keyFile
         set_parameters:

buildscripts/resmokeconfig/suites/sharding_jscore_passthrough.yml

@@ -62,9 +62,11 @@ executor:
     fixture:
       class: ShardedClusterFixture
       mongos_options:
+        bind_ip_all: ''
         set_parameters:
           enableTestCommands: 1
       mongod_options:
+        bind_ip_all: ''
         set_parameters:
           enableTestCommands: 1
           numInitialSyncAttempts: 1

jstests/noPassthrough/command_line_parsing.js

@@ -16,7 +16,7 @@ var m2expected = {
     "parsed": {
         "config": "jstests/libs/testconfig",
         "storage": {"dbPath": m2.dbpath},
-        "net": {"port": m2.port},
+        "net": {"bindIp": "0.0.0.0", "port": m2.port},
         "help": false,
         "version": false,
         "sysinfo": false
@@ -40,7 +40,7 @@ var m3expected = {
     "parsed": {
         "config": "jstests/libs/testconfig",
         "storage": {"dbPath": m3.dbpath},
-        "net": {"port": m3.port},
+        "net": {"bindIp": "0.0.0.0", "port": m3.port},
         "help": false,
         "version": false,
         "sysinfo": false

src/mongo/db/repl/repl_set_commands.cpp

@@ -256,7 +256,7 @@ HostAndPort someHostAndPortForMe() {
             ips = "";
         }
         HostAndPort h = HostAndPort(ip, serverGlobalParams.port);
-        if (!h.isLocalHost()) {
+        if (!h.isLocalHost() && !h.isDefaultRoute()) {
             return h;
         }
     }

src/mongo/db/server_options_helpers.cpp

@@ -184,11 +184,17 @@ Status addGeneralServerOptions(moe::OptionSection* options) {
 
     options->addOptionChaining("net.port", "port", moe::Int, portInfoBuilder.str().c_str());
 
-    options->addOptionChaining(
-        "net.bindIp",
-        "bind_ip",
-        moe::String,
-        "comma separated list of ip addresses to listen on - all local ips by default");
+    options
+        ->addOptionChaining(
+            "net.bindIp",
+            "bind_ip",
+            moe::String,
+            "comma separated list of ip addresses to listen on - localhost by default")
+        .incompatibleWith("bind_ip_all");
+
+    options
+        ->addOptionChaining("net.bindIpAll", "bind_ip_all", moe::Switch, "bind to all ip addresses")
+        .incompatibleWith("bind_ip");
 
     options->addOptionChaining(
         "net.ipv6", "ipv6", moe::Switch, "enable IPv6 support (disabled by default)");
@@ -775,10 +781,6 @@ Status storeServerOptions(const moe::Environment& params) {
         serverGlobalParams.port = params["net.port"].as<int>();
     }
 
-    if (params.count("net.bindIp")) {
-        serverGlobalParams.bind_ip = params["net.bindIp"].as<std::string>();
-    }
-
     if (params.count("net.ipv6") && params["net.ipv6"].as<bool>() == true) {
         enableIPv6();
     }
@@ -828,11 +830,18 @@ Status storeServerOptions(const moe::Environment& params) {
         serverGlobalParams.objcheck = params["net.wireObjectCheck"].as<bool>();
     }
 
-    if (params.count("net.bindIp")) {
-        // passing in wildcard is the same as default behavior; remove for SERVER-3350
-        if (serverGlobalParams.bind_ip == "0.0.0.0") {
-            serverGlobalParams.bind_ip = "";
+    if (params.count("net.bindIpAll") && params["net.bindIpAll"].as<bool>()) {
+        // Bind to all IP addresses
+        serverGlobalParams.bind_ip = "0.0.0.0";
+        if (params.count("net.ipv6") && params["net.ipv6"].as<bool>()) {
+            serverGlobalParams.bind_ip += ",::";
         }
+    } else if (params.count("net.bindIp")) {
+        // Bind to enumerated IP addresses
+        serverGlobalParams.bind_ip = params["net.bindIp"].as<std::string>();
+    } else {
+        // Bind to localhost
+        serverGlobalParams.bind_ip = "";
     }
 
 #ifndef _WIN32

src/mongo/db/startup_warnings_common.cpp

@@ -112,6 +112,21 @@ void logCommonStartupWarnings(const ServerGlobalParams& serverParams) {
     }
 #endif
 
+    if (serverParams.bind_ip.empty()) {
+        log() << startupWarningsLog;
+        log() << "** ATTENTION: The server is bound to localhost." << startupWarningsLog;
+        log() << "**          Remote systems will be unable to connect to this server. "
+              << startupWarningsLog;
+        log() << "**          Start the server with --bind_ip <address> to specify which IP "
+                 "addresses it"
+              << startupWarningsLog;
+        log() << "**          should serve responses from, or with --bind_ip_all to bind to all "
+                 "interfaces."
+              << startupWarningsLog;
+        warned = true;
+    }
+
+
     if (warned) {
         log() << startupWarningsLog;
     }

src/mongo/shell/servers.js

@@ -468,6 +468,10 @@ var MongoRunner, _startMongod, startMongoProgram, runMongoProgram, startMongoPro
             opts.networkMessageCompressors = jsTestOptions().networkMessageCompressors;
         }
 
+        if (!opts.bind_ip) {
+            opts.bind_ip = "0.0.0.0";
+        }
+
         return opts;
     };
 

src/mongo/tools/bridge.cpp

@@ -341,7 +341,8 @@ class Forwarder {
 class BridgeListener final : public Listener {
 public:
     BridgeListener()
-        : Listener("bridge", "", mongoBridgeGlobalParams.port, getGlobalServiceContext(), false),
+        : Listener(
+              "bridge", "0.0.0.0", mongoBridgeGlobalParams.port, getGlobalServiceContext(), false),
           _seedSource(mongoBridgeGlobalParams.seed) {
         log() << "Setting random seed: " << mongoBridgeGlobalParams.seed;
     }

src/mongo/util/net/hostandport.cpp

@@ -82,6 +82,23 @@ bool HostAndPort::isLocalHost() const {
             );
 }
 
+bool HostAndPort::isDefaultRoute() const {
+    if (_host == "0.0.0.0") {
+        return true;
+    }
+
+    // There are multiple ways to write IPv6 addresses.
+    // We're looking for any representation of the address "0:0:0:0:0:0:0:0".
+    // A single sequence of "0" bytes in an IPv6 address may be represented as "::",
+    // so we must also match addresses like "::" or "0::0:0".
+    // Return false if a character other than ':' or '0' is contained in the address.
+    auto firstNonDefaultIPv6Char =
+        std::find_if(std::begin(_host), std::end(_host), [](const char& c) {
+            return c != ':' && c != '0' && c != '[' && c != ']';
+        });
+    return firstNonDefaultIPv6Char == std::end(_host);
+}
+
 std::string HostAndPort::toString() const {
     StringBuilder ss;
     append(ss);

src/mongo/util/net/hostandport.h

@@ -96,6 +96,11 @@ struct HostAndPort {
      */
     bool isLocalHost() const;
 
+    /**
+     * Returns true if the hostname is an IP matching the default route.
+     */
+    bool isDefaultRoute() const;
+
     /**
      * Returns a string representation of "host:port".
      */

src/mongo/util/net/hostandport_test.cpp

@@ -111,5 +111,15 @@ TEST(HostAndPort, RoundTripAbility) {
     ASSERT_EQUALS(HostAndPort("[124d:]"), HostAndPort(HostAndPort("[124d:]").toString()));
 }
 
+TEST(HostAndPort, CanIdentifyDefaultRoutes) {
+    ASSERT_TRUE(HostAndPort("0.0.0.0").isDefaultRoute());
+    ASSERT_FALSE(HostAndPort("127.0.0.1").isDefaultRoute());
+    ASSERT_TRUE(HostAndPort("[::]").isDefaultRoute());
+    ASSERT_FALSE(HostAndPort("[::1]").isDefaultRoute());
+    ASSERT_TRUE(HostAndPort("[0:0:0:0:0:0:0:0]").isDefaultRoute());
+    ASSERT_TRUE(HostAndPort("[0:0:0::0:0:0]").isDefaultRoute());
+    ASSERT_TRUE(HostAndPort("[0:0:0::00:0:0]").isDefaultRoute());
+}
+
 }  // namespace
 }  // namespace mongo

src/mongo/util/net/listen.cpp

@@ -96,10 +96,10 @@ using std::vector;
 vector<SockAddr> ipToAddrs(const char* ips, int port, bool useUnixSockets) {
     vector<SockAddr> out;
     if (*ips == '\0') {
-        out.push_back(SockAddr("0.0.0.0", port));  // IPv4 all
+        out.push_back(SockAddr("127.0.0.1", port));  // IPv4 localhost
 
         if (IPv6Enabled())
-            out.push_back(SockAddr("::", port));  // IPv6 all
+            out.push_back(SockAddr("::1", port));  // IPv6 localhost
 #ifndef _WIN32
         if (useUnixSockets)
             out.push_back(SockAddr(makeUnixSockPath(port), port));  // Unix socket