Subject: Re: bin/14563 syslogd binds udp sockets on all interfaces
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org, rslr@free.fr>
From: Brian A. Seklecki <bseklecki@collaborativefusion.com>
List: netbsd-bugs
Date: 09/15/2006 20:10:16
The following reply was made to PR bin/14563; it has been noted by GNATS.
From: "Brian A. Seklecki" <bseklecki@collaborativefusion.com>
To: gnats-bugs@NetBSD.org, rslr@free.fr
Cc: mjl@emsi.priv.at, j+nbsd@2005.salmi.ch, pavel@netbsd.org
Subject: Re: bin/14563 syslogd binds udp sockets on all interfaces
Date: Fri, 15 Sep 2006 09:11:55 -0400
Here is a diff to add "-b" ; -- blatantly and unambiguously stolen from
FreeBSD.
I wanted it for the exact opposite reason - I wanted to control which IP
Alias / VIP forwarded messages originate from.
The only downside is that syslogd(8) appears to send forwarded messages
out on the same UDP socket that it also receives messages on in
"non-secure" mode.
Thus a system-level packet filter (pf(4), ipf(4)) is almost always
required in any real environment.
Also, multiple "-s"s aren't supported. Not sure how that would work
with getaddrinfo(3) anyway (pass an array, use multiple sockets?)
For those really convoluted configurations, 3rd party replacements for
in-tree syslogd are out there.
If someone does patch this, it may be a good time to patch in diffs from
#28753 #30879. They are also in need of attention.
CC'ing the last developer to add/change functionality to syslogd(8).
~BAS
$ diff -u /home/nbsd/src/usr.sbin/syslogd/syslogd.c.orig
/home/nbsd/src/usr.sbin/syslogd/syslogd.c
--- /home/nbsd/src/usr.sbin/syslogd/syslogd.c.orig 2006-09-14
20:19:50.000000000 -0400
+++ /home/nbsd/src/usr.sbin/syslogd/syslogd.c 2006-09-14
22:02:41.000000000 -0400
@@ -256,7 +256,7 @@
void domark(struct kevent *);/* timer kevent dispatch routine */
void fprintlog(struct filed *, int, char *);
int getmsgbufsize(void);
-int* socksetup(int);
+int *socksetup(int, char *);
void init(struct kevent *); /* SIGHUP kevent dispatch routine */
void logerror(const char *, ...);
void logmsg(int, char *, char *, int);
@@ -289,6 +289,7 @@
*/
static char *linebuf;
static size_t linebufsize;
+char *bindhostname = NULL;
#define A_CNT(x) (sizeof((x)) / sizeof((x)[0]))
@@ -313,7 +314,7 @@
(void)setlocale(LC_ALL, "");
- while ((ch = getopt(argc, argv, "dnsSf:m:p:P:ru:g:t:Uv")) != -1)
+ while ((ch = getopt(argc, argv, "dnsSfb:m:p:P:ru:g:t:Uv")) !=
-1)
switch(ch) {
case 'd': /* debug */
Debug++;
@@ -366,6 +367,9 @@
if (LogFacPri < 2)
LogFacPri++;
break;
+ case 'b':
+ bindhostname = optarg;
+ break;
default:
usage();
}
@@ -1778,7 +1782,7 @@
}
}
- finet = socksetup(PF_UNSPEC);
+ finet = socksetup(PF_UNSPEC, bindhostname);
if (finet) {
if (SecureMode) {
for (i = 0; i < *finet; i++) {
@@ -2087,7 +2091,7 @@
}
int *
-socksetup(int af)
+socksetup(int af, char *bindhostname)
{
struct addrinfo hints, *res, *r;
struct kevent *ev;
@@ -2101,7 +2105,7 @@
hints.ai_flags = AI_PASSIVE;
hints.ai_family = af;
hints.ai_socktype = SOCK_DGRAM;
- error = getaddrinfo(NULL, "syslog", &hints, &res);
+ error = getaddrinfo(bindhostname, "syslog", &hints, &res);
if (error) {
logerror(gai_strerror(error));
errno = 0;