Subject: Re: bin/14563 syslogd binds udp sockets on all interfaces
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org, rslr@free.fr>
From: Brian A. Seklecki <bseklecki@collaborativefusion.com>
List: netbsd-bugs
Date: 09/15/2006 20:10:16
The following reply was made to PR bin/14563; it has been noted by GNATS.

From: "Brian A. Seklecki" <bseklecki@collaborativefusion.com>
To: gnats-bugs@NetBSD.org, rslr@free.fr
Cc: mjl@emsi.priv.at, j+nbsd@2005.salmi.ch, pavel@netbsd.org
Subject: Re: bin/14563 syslogd binds udp sockets on all interfaces
Date: Fri, 15 Sep 2006 09:11:55 -0400

 Here is a diff to add "-b" ; -- blatantly and unambiguously stolen from
 FreeBSD.
 
 I wanted it for the exact opposite reason - I wanted to control which IP
 Alias / VIP forwarded messages originate from.
 
 The only downside is that syslogd(8) appears to send forwarded messages
 out on the same UDP socket that it also receives messages on in
 "non-secure" mode.
 
 Thus a system-level packet filter (pf(4), ipf(4)) is almost always
 required in any real environment.  
 
 Also, multiple "-s"s aren't supported.  Not sure how that would work
 with getaddrinfo(3) anyway (pass an array, use multiple sockets?)
 
 For those really convoluted configurations, 3rd party replacements for
 in-tree syslogd are out there.
 
 If someone does patch this, it may be a good time to patch in diffs from
 #28753 #30879.  They are also in need of attention.  
 
 CC'ing the last developer to add/change functionality to syslogd(8).
 
 ~BAS
 
 
 $ diff -u /home/nbsd/src/usr.sbin/syslogd/syslogd.c.orig
 /home/nbsd/src/usr.sbin/syslogd/syslogd.c
 --- /home/nbsd/src/usr.sbin/syslogd/syslogd.c.orig      2006-09-14
 20:19:50.000000000 -0400
 +++ /home/nbsd/src/usr.sbin/syslogd/syslogd.c   2006-09-14
 22:02:41.000000000 -0400
 @@ -256,7 +256,7 @@
  void   domark(struct kevent *);/* timer kevent dispatch routine */
  void   fprintlog(struct filed *, int, char *);
  int    getmsgbufsize(void);
 -int*   socksetup(int);
 +int    *socksetup(int, char *);
  void   init(struct kevent *);  /* SIGHUP kevent dispatch routine */
  void   logerror(const char *, ...);
  void   logmsg(int, char *, char *, int);
 @@ -289,6 +289,7 @@
   */
  static char *linebuf;
  static size_t linebufsize;
 +char *bindhostname = NULL;
 
  #define        A_CNT(x)        (sizeof((x)) / sizeof((x)[0]))
 
 @@ -313,7 +314,7 @@
 
         (void)setlocale(LC_ALL, "");
 
 -       while ((ch = getopt(argc, argv, "dnsSf:m:p:P:ru:g:t:Uv")) != -1)
 +       while ((ch = getopt(argc, argv, "dnsSfb:m:p:P:ru:g:t:Uv")) !=
 -1)
                 switch(ch) {
                 case 'd':               /* debug */
                         Debug++;
 @@ -366,6 +367,9 @@
                         if (LogFacPri < 2)
                                 LogFacPri++;
                         break;
 +               case 'b':
 +                       bindhostname = optarg;
 +                       break;
                 default:
                         usage();
                 }
 @@ -1778,7 +1782,7 @@
                 }
         }
 
 -       finet = socksetup(PF_UNSPEC);
 +       finet = socksetup(PF_UNSPEC, bindhostname);
         if (finet) {
                 if (SecureMode) {
                         for (i = 0; i < *finet; i++) {
 @@ -2087,7 +2091,7 @@
  }
 
  int *
 -socksetup(int af)
 +socksetup(int af, char *bindhostname)
  {
         struct addrinfo hints, *res, *r;
         struct kevent *ev;
 @@ -2101,7 +2105,7 @@
         hints.ai_flags = AI_PASSIVE;
         hints.ai_family = af;
         hints.ai_socktype = SOCK_DGRAM;
 -       error = getaddrinfo(NULL, "syslog", &hints, &res);
 +       error = getaddrinfo(bindhostname, "syslog", &hints, &res);
         if (error) {
                 logerror(gai_strerror(error));
                 errno = 0;