Re: syslogd: using IPv6 as hostnames results in "IP mismatch"

2019-02-24 Thread Hajimu UMEMOTO 
Hi,

> On Thu, 31 Jan 2019 08:24:38 +0100
> "O. Hartmann"  said:

ohartmann> validate: dgram from IP ffdff:dead:beef::, port 514, name \
ohartmann>   fdff:dead:beef::; 
ohartmann> rejected in rule 1 due to IP mismatch. 

The -a option was broken.  It should be fixed now.
Please, try it.

Sincerely,

--
Hajimu UMEMOTO
u...@mahoroba.org  u...@freebsd.org
http://www.mahoroba.org/~ume/
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: syslogd: using IPv6 as hostnames results in "IP mismatch"

2019-02-24 Thread Hajimu UMEMOTO 
Hi,

> On Thu, 31 Jan 2019 08:24:38 +0100
> "O. Hartmann"  said:

ohartmann> validate: dgram from IP ffdff:dead:beef::, port 514, name \
ohartmann>   fdff:dead:beef::; 
ohartmann> rejected in rule 1 due to IP mismatch.

The -a option was broken.  It should be fixed now.
Please try it.

Sincerely,

--
Hajimu UMEMOTO
u...@mahoroba.org  u...@freebsd.org
http://www.mahoroba.org/~ume
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: syslogd: using IPv6 as hostnames results in "IP mismatch"

2019-02-24 Thread Hajimu UMEMOTO 
Hi,

> On Thu, 31 Jan 2019 08:24:38 +0100
> "O. Hartmann"  said:

ohartmann> validate: dgram from IP ffdff:dead:beef::, port 514, name \
ohartmann>   fdff:dead:beef::; 
ohartmann> rejected in rule 1 due to IP mismatch.

The -a option was broken.  It should be fixed now.
Please try it.

Sincerely,

--
Hajimu UMEMOTO
u...@mahoroba.org  u...@freebsd.org
http://www.mahoroba.org/~ume
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: syslogd 100% cpu usage on recent FreeBSD version

2016-12-24 Thread Guido Falsi 

On 12/24/16 13:50, Ngie Cooper (yaneurabeya) wrote:



On Dec 24, 2016, at 04:14, Subbsd  wrote:

Probably after https://svnweb.freebsd.org/base?view=revision=310494,
syslogd eat 100% cpu with follow messages:

Dec 24 14:19:15 samson syslogd: select: Bad file descriptor
Dec 24 14:19:45 samson last message repeated 464140 times
Dec 24 14:20:38 samson last message repeated 835899 times


Fixed in r310504.


Thanks to you!

--
Guido Falsi 
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: syslogd: select: Bad File descriptor

2016-12-24 Thread Daniel Braniss 

> On 24 Dec 2016, at 2:51 PM, Ngie Cooper (yaneurabeya)  
> wrote:
> 
> 
>> On Dec 24, 2016, at 04:16, Daniel Braniss  wrote:
>> 
>> latest changes is causing cpu load and ‘last message repeated  
>> times, I guess the eggnog is affecting too early
> 
> Fixed in r310504.
> Thanks,
> -Ngie

thanks!

Season Greetings,
danny

___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: syslogd: select: Bad File descriptor

2016-12-24 Thread Ngie Cooper (yaneurabeya) 

> On Dec 24, 2016, at 04:16, Daniel Braniss  wrote:
> 
> latest changes is causing cpu load and ‘last message repeated  times, 
> I guess the eggnog is affecting too early

Fixed in r310504.
Thanks,
-Ngie


signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: syslogd 100% cpu usage on recent FreeBSD version

2016-12-24 Thread Guido Falsi 

On 12/24/16 13:14, Subbsd wrote:

Probably after https://svnweb.freebsd.org/base?view=revision=310494,
 syslogd eat 100% cpu with follow messages:

Dec 24 14:19:15 samson syslogd: select: Bad file descriptor
Dec 24 14:19:45 samson last message repeated 464140 times
Dec 24 14:20:38 samson last message repeated 835899 times



I'm sseeing this too. just upgraded one machine to r310496.

--
Guido Falsi 
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: syslogd 100% cpu usage on recent FreeBSD version

2016-12-24 Thread Ngie Cooper (yaneurabeya) 

> On Dec 24, 2016, at 04:14, Subbsd  wrote:
> 
> Probably after https://svnweb.freebsd.org/base?view=revision=310494,
> syslogd eat 100% cpu with follow messages:
> 
> Dec 24 14:19:15 samson syslogd: select: Bad file descriptor
> Dec 24 14:19:45 samson last message repeated 464140 times
> Dec 24 14:20:38 samson last message repeated 835899 times

Fixed in r310504.
Thanks,
-Ngie


signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: syslogd no longer listens (or sends) on a network socket

2016-12-20 Thread Michael Butler 

On 12/19/16 22:42, Hiroki Sato wrote:

Michael Butler  wrote
  in :

im> On 12/19/16 12:12, Hiroki Sato wrote:
im> > Michael Butler  wrote
im> >   in :
im> >
im> > im> It appears that SVN r309925 and onward no longer opens a network
im> > im> socket unless the command-line explicitly contains "-b :syslog"
im> > :-(
im> > im>
im> > im> This also stops one syslog daemon forwarding to another (which is
im> > why
im> > im> I noticed).
im> > im>
im> > im> Was this an intentional behaviour change?
im> >
im> >  Sorry, it was broken due to another mismerge at r309933.  I fixed it
im> >  at r310278.  Can you try the latest one and let me know if the
im> >  problem still persists or not?
im>
im> No, it does not. "netstat -an -finet | grep 514" shows that it doesn't
im> listen on a UDP socket without adding "-b :syslog" to syslogd_flags in
im> /etc/rc.conf,

 Thank you for the report.  I misunderstood what was wrong and fixed
 it just now.  Please try r310310.


That works - thanks! :-)

Michael


___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: syslogd no longer listens (or sends) on a network socket

2016-12-19 Thread Hiroki Sato 
Michael Butler  wrote
  in :

im> On 12/19/16 12:12, Hiroki Sato wrote:
im> > Michael Butler  wrote
im> >   in :
im> >
im> > im> It appears that SVN r309925 and onward no longer opens a network
im> > im> socket unless the command-line explicitly contains "-b :syslog"
im> > :-(
im> > im>
im> > im> This also stops one syslog daemon forwarding to another (which is
im> > why
im> > im> I noticed).
im> > im>
im> > im> Was this an intentional behaviour change?
im> >
im> >  Sorry, it was broken due to another mismerge at r309933.  I fixed it
im> >  at r310278.  Can you try the latest one and let me know if the
im> >  problem still persists or not?
im>
im> No, it does not. "netstat -an -finet | grep 514" shows that it doesn't
im> listen on a UDP socket without adding "-b :syslog" to syslogd_flags in
im> /etc/rc.conf,

 Thank you for the report.  I misunderstood what was wrong and fixed
 it just now.  Please try r310310.

-- Hiroki


pgpHWw9jkbZNI.pgp
Description: PGP signature

Re: syslogd no longer listens (or sends) on a network socket

2016-12-19 Thread Michael Butler 

On 12/19/16 12:12, Hiroki Sato wrote:

Michael Butler  wrote
  in :

im> It appears that SVN r309925 and onward no longer opens a network
im> socket unless the command-line explicitly contains "-b :syslog" :-(
im>
im> This also stops one syslog daemon forwarding to another (which is why
im> I noticed).
im>
im> Was this an intentional behaviour change?

 Sorry, it was broken due to another mismerge at r309933.  I fixed it
 at r310278.  Can you try the latest one and let me know if the
 problem still persists or not?


No, it does not. "netstat -an -finet | grep 514" shows that it doesn't 
listen on a UDP socket without adding "-b :syslog" to syslogd_flags in 
/etc/rc.conf,


Michael


___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: syslogd no longer listens (or sends) on a network socket

2016-12-19 Thread Hiroki Sato 
Michael Butler  wrote
  in :

im> It appears that SVN r309925 and onward no longer opens a network
im> socket unless the command-line explicitly contains "-b :syslog" :-(
im>
im> This also stops one syslog daemon forwarding to another (which is why
im> I noticed).
im>
im> Was this an intentional behaviour change?

 Sorry, it was broken due to another mismerge at r309933.  I fixed it
 at r310278.  Can you try the latest one and let me know if the
 problem still persists or not?

-- Hiroki


pgpf4Oj4yUvUq.pgp
Description: PGP signature

Re: syslogd: Remote Logging busted?

2011-10-28 Thread Kevin Oberman 
On Fri, Oct 28, 2011 at 7:22 PM, Larry Rosenman l...@lerctr.org wrote:

 I enabled remote logging for my home subnet, and syslogd doesn't seem(!) to
 be logging the messages.

 They ARE making it to the system.

 Can someone look at bin/162135 which has all the details, including
 tcpdump to show that the messages are making it to the system.

Just to be clear, you are running tcpdump on borg, right? The
statement This is from my Cable Modem: confuses me a bit.

Assuming tcpdump is on borg, it is making past any firewall (pf or
ipfw, at least). What about /etc/hosts.allow? I don't recall if it
filters before or after pcap see packets. I used to have a diagram
showing the sequence of processing this, but I can't seem to find it
now.

What does netstat -af inet | grep syslog show? Is syslogd actually listening?
-- 
R. Kevin Oberman, Network Engineer
E-mail: kob6...@gmail.com
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org

Re: syslogd: Remote Logging busted?

2011-10-28 Thread Larry Rosenman 

On Fri, 28 Oct 2011, Kevin Oberman wrote:


On Fri, Oct 28, 2011 at 7:22 PM, Larry Rosenman l...@lerctr.org wrote:


I enabled remote logging for my home subnet, and syslogd doesn't seem(!) to
be logging the messages.

They ARE making it to the system.

Can someone look at bin/162135 which has all the details, including
tcpdump to show that the messages are making it to the system.


Just to be clear, you are running tcpdump on borg, right? The
statement This is from my Cable Modem: confuses me a bit.

Yes, the tcpdump is running on borg, and the source of the syslog packets
is from my Cable Modem at 192.168.200.10.

/etc/hosts.allow:

#
# hosts.allow access control file for tcp wrapped applications.
# $FreeBSD: src/etc/hosts.allow,v 1.23 2006/08/29 09:20:48 ru Exp $
#
# NOTE: The hosts.deny file is deprecated.
#   Place both 'allow' and 'deny' rules in the hosts.allow file.
#   See hosts_options(5) for the format of this file.
#   hosts_access(5) no longer fully applies.

#_  _  _
#   | | __  __   __ _   _ __ ____ __   | |   ___  | |
#   |  _|   \ \/ /  / _` | | '_ ` _ \  | '_ \  | |  / _ \ | |
#   | |___   | (_| | | | | | | | | |_) | | | |  __/ |_|
#   |_| /_/\_\  \__,_| |_| |_| |_| | .__/  |_|  \___| (_)
#  |_|
# !!! This is an example! You will need to modify it for your specific
# !!! requirements!


# Start by allowing everything (this prevents the rest of the file
# from working, so remove it when you need protection).
# The rules here work on a First match wins basis.
#ALL : ALL : allow

# Wrapping sshd(8) is not normally a good idea, but if you
# need to do it, here's how
#sshd : .evil.cracker.example.com : deny

# Protect against simple DNS spoofing attacks by checking that the
# forward and reverse records for the remote host match. If a mismatch
# occurs, access is denied, and any positive ident response within
# 20 seconds is logged. No protection is afforded against DNS poisoning,
# IP spoofing or more complicated attacks. Hosts with no reverse DNS
# pass this rule.
ALL : PARANOID : RFC931 20 : deny

# Allow anything from localhost.  Note that an IP address (not a host
# name) *MUST* be specified for rpcbind(8).
ALL : localhost 127.0.0.1 : allow
# Comment out next line if you build libwrap without IPv6 support.
ALL : [::1] : allow
#ALL : my.machine.example.com 192.0.2.35 : allow

# To use IPv6 addresses you must enclose them in []'s
#ALL : [fe80::%fxp0]/10 : allow
#ALL : [fe80::]/10 : deny
#ALL : [2001:db8:2:1:2:3:4:3fe1] : deny
#ALL : [2001:db8:2:1::]/64 : allow

# Sendmail can help protect you against spammers and relay-rapers
#sendmail : localhost : allow
#sendmail : .nice.guy.example.com : allow
#sendmail : .evil.cracker.example.com : deny
#sendmail : ALL : allow

# Exim is an alternative to sendmail, available in the ports tree
exim : localhost : allow
#exim : .nice.guy.example.com : allow
#exim : .evil.cracker.example.com : deny
exim : ALL : allow

# Rpcbind is used for all RPC services; protect your NFS!
# (IP addresses rather than hostnames *MUST* be used here)
#rpcbind : 192.0.2.32/255.255.255.224 : allow
#rpcbind : 192.0.2.96/255.255.255.224 : allow
rpcbind : ALL : deny

# NIS master server. Only local nets should have access
# (Since this is an RPC service, rpcbind needs to be considered)
ypserv : localhost : allow
#ypserv : .unsafe.my.net.example.com : deny
#ypserv : .my.net.example.com : allow
ypserv : ALL : deny

# Provide a small amount of protection for ftpd
ftpd : localhost : allow
#ftpd : .nice.guy.example.com : allow
#ftpd : .evil.cracker.example.com : deny
ftpd : ALL : allow

# You need to be clever with finger; do _not_ backfinger!! You can easily
# start a finger war.
fingerd : ALL \
: spawn (echo Finger. | \
 /usr/bin/mail -s tcpd\: %u@%h[%a] fingered me! root)  \
: deny

# The rest of the daemons are protected.
#ALL : ALL \
#   : severity auth.info \
#   : twist /bin/echo You are not welcome to use %d from %h.
# Added by SSHBlock [Sat Oct 22 00:10:49 2011]
# 5 break-in attempts in 15 seconds:
sshd : 58.20.110.21 : deny
# Added by SSHBlock [Sat Oct 22 00:10:52 2011]
# 5 break-in attempts in 15 seconds:
sshd : 58.20.110.21 : deny
# Added by SSHBlock [Sat Oct 22 00:10:55 2011]
# 5 break-in attempts in 15 seconds:
sshd : 58.20.110.21 : deny
# Added by SSHBlock [Sat Oct 22 00:10:58 2011]
# 5 break-in attempts in 15 seconds:
sshd : 58.20.110.21 : deny
# Added by SSHBlock [Sat Oct 22 00:11:00 2011]
# 5 break-in attempts in 15 seconds:
sshd : 58.20.110.21 : deny
# Added by SSHBlock [Sat Oct 22 00:11:02 2011]
# 5 break-in attempts in 15 seconds:
sshd : 58.20.110.21 : deny
# Added by SSHBlock [Sat Oct 22 00:11:04 2011]
# 5 break-in attempts in 15 seconds:
sshd : 58.20.110.21 : deny
# Added by SSHBlock [Sat Oct 22 00:11:06 2011]
# 5 break-in attempts in 15 seconds:
sshd : 58.20.110.21 : deny
# Added by

Re: syslogd: Remote Logging busted?

2011-10-28 Thread Kevin Oberman 
On Fri, Oct 28, 2011 at 8:37 PM, Larry Rosenman l...@lerctr.org wrote:
 On Fri, 28 Oct 2011, Kevin Oberman wrote:

 On Fri, Oct 28, 2011 at 7:22 PM, Larry Rosenman l...@lerctr.org wrote:

 I enabled remote logging for my home subnet, and syslogd doesn't seem(!)
 to
 be logging the messages.

 They ARE making it to the system.

 Can someone look at bin/162135 which has all the details, including
 tcpdump to show that the messages are making it to the system.

 Just to be clear, you are running tcpdump on borg, right? The
 statement This is from my Cable Modem: confuses me a bit.

 Yes, the tcpdump is running on borg, and the source of the syslog packets
 is from my Cable Modem at 192.168.200.10.

 /etc/hosts.allow:
[Comments elided]
 ALL : PARANOID : RFC931 20 : deny
 ALL : localhost 127.0.0.1 : allow
 ALL : [::1] : allow
 exim : localhost : allow
 exim : ALL : allow
 rpcbind : ALL : deny
 ypserv : localhost : allow
 ypserv : ALL : deny
 ftpd : localhost : allow
 ftpd : ALL : allow
 fingerd : ALL \
        : spawn (echo Finger. | \
         /usr/bin/mail -s tcpd\: %u@%h[%a] fingered me! root)  \
        : deny

Several superfluous rules, but I can't see anything that would block 514.


 Assuming tcpdump is on borg, it is making past any firewall (pf or
 ipfw, at least). What about /etc/hosts.allow? I don't recall if it
 filters before or after pcap see packets. I used to have a diagram
 showing the sequence of processing this, but I can't seem to find it
 now.

 What does netstat -af inet | grep syslog show? Is syslogd actually
 listening?


 the netstat output: udp4       0      0 *.syslog               *.*

 and sockstat | grep syslog: root     syslogd    65128 4  dgram  /var/run/log
 root     syslogd    65128 5  dgram  /var/run/logpriv
 root     syslogd    65128 6  udp6   *:514                 *:*
 root     syslogd    65128 7  udp4   *:514                 *:*

OK. I'm baffled! I can't see anything that looks wrong, but I'll think
about it a bit more.
-- 
R. Kevin Oberman, Network Engineer
E-mail: kob6...@gmail.com
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org

Re: syslogd: Remote Logging busted?

2011-10-28 Thread Larry Rosenman 

On Fri, 28 Oct 2011, Kevin Oberman wrote:


OK. I'm baffled! I can't see anything that looks wrong, but I'll think
about it a bit more.



See my reply to Stas (cc'd to you).  The issue is the damn 
cable modem is sending the packets from random source PORTS, so

the -a entry needed a :* after the /24 to allow that.

Now we're getting the log entries.


--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 512-248-2683 E-Mail: l...@lerctr.org
US Mail: 430 Valona Loop, Round Rock, TX 78681-3893
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org

Re: syslogd: Too many '/' in /dev//console

2001-09-05 Thread Kris Kennaway 

On Wed, Sep 05, 2001 at 09:52:34AM +0300, Giorgos Keramidas wrote:

 I have it fixed now in my local CVS tree.  Hopefully Kris will commit
 something to fix it soon :-)

I fixed this a couple of hours ago.

Kris

 PGP signature

Re: syslogd: Too many '/' in /dev//console

2001-09-05 Thread Giorgos Keramidas 

From: Mike Heffner [EMAIL PROTECTED]
Subject: Re: syslogd: Too many '/' in /dev//console
Date: Tue, Sep 04, 2001 at 07:55:33PM -0400

 
 On 04-Sep-2001 Giorgos Keramidas wrote:
 | 
 | The following patch seems to have fixed the bug for me.
 | 
 
 Yea, Kris said he was going to fix it. This must be some undefined behavior
 because I tested the change in a test program and the two sizeofs were giving
 me the same result..strange ;)

I want to test this without leaving sizeof _PATH_DEV surrounded by spaces,
with sizeof() explicitly using parentheses.  I'm not sure where the
undefined behavior is triggered, but this is a very likely point, and
the source of syslogd.c is just full of this.

I have it fixed now in my local CVS tree.  Hopefully Kris will commit
something to fix it soon :-)

-giorgos


To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-current in the body of the message

Re: syslogd: Too many '/' in /dev//console

2001-09-04 Thread Giorgos Keramidas 

From: Giorgos Keramidas [EMAIL PROTECTED]
Subject: Re: syslogd: Too many '/' in /dev//console
Date: Tue, Sep 04, 2001 at 06:39:36AM +0300

 I'm looking at the diffs from Aug 25, so if I come up with sth by
 running syslogd with -d, by tomorrow I'll have spotted this in more
 detail - probably replying with the patch to fix it too.  Off to
 buildworld and bed, 'nite all.

Running syslogd -d -s -s and checking out my usr.sbin/syslogd
sources from various dates, I tracked this bug down to changes made
between Aug 31 2001 and Sep 1 2001.

In my /etc/syslog.conf I changed /dev/console to /dev/ttyvb so that
all messages are redirected to /dev/ttyvb (where I would easily spot
them, and do not clutter my active console).

Here's the output of two builds of syslogd with sources from the dates
mentioned:

hades!root:[/usr/src/usr.sbin/syslogd]# cvs up -A -P -d -q -D 'Aug 31 2001'
hades!root:[/usr/src/usr.sbin/syslogd]# make
hades!root:[/usr/src/usr.sbin/syslogd]# make install
hades!root:[/usr/src/usr.sbin/syslogd]# syslogd -d -s -s
off  running
init
cfline(*.* /var/log/messages, f, 
*, *)
cfline(*.* /dev/ttyvb, f, *, *)
8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/messages
8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X TTY: /dev/ttyvb
logmsg: pri 56, flags 4, from hades, msg syslogd: restart
Logging to FILE /var/log/messages
Logging to TTY /dev/ttyvb
syslogd: restarted
^Csyslogd: exiting on signal 2
syslogd: exiting on signal 2
logmsg: pri 53, flags 4, from hades, msg syslogd: exiting on signal 2
Logging to FILE /var/log/messages
Logging to TTY /dev/ttyvb

So, the sources of Aug 31 seem to run perfectly fine.  Trying the same
with the sources of Sep 1, I get the interesting output shown below:

hades!root:[/usr/src/usr.sbin/syslogd]# cvs up -A -P -d -q -D 'Sep 1 2001'
hades!root:[/usr/src/usr.sbin/syslogd]# make
hades!root:[/usr/src/usr.sbin/syslogd]# make install
hades!root:[/usr/src/usr.sbin/syslogd]# syslogd -d -s -s
off  running
init
cfline(*.* /var/log/messages, f, 
*, *)
cfline(*.* /dev/ttyvb, f, *, *)
8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/messages
8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X TTY: /dev//ttyvb
logmsg: pri 56, flags 4, from hades, msg syslogd: restart
Logging to FILE /var/log/messages
Logging to TTY /dev//ttyvb
syslogd: Too many '/' in /dev//ttyvb
logmsg: pri 53, flags 4, from hades, msg syslogd: Too many '/' in /dev//ttyvb
Logging to FILE /var/log/messages
Logging to UNUSED
syslogd: restarted

The following patch seems to have fixed the bug for me.

-giorgos

[-- start of patch --]
Index: syslogd.c
===
RCS file: /home/ncvs/src/usr.sbin/syslogd/syslogd.c,v
retrieving revision 1.84
diff -u -r1.84 syslogd.c
--- syslogd.c   1 Sep 2001 08:42:49 -   1.84
+++ syslogd.c   4 Sep 2001 19:04:25 -
@@ -1664,7 +1664,7 @@
f-f_type = F_CONSOLE;
else
f-f_type = F_TTY;
-   (void)strlcpy(f-f_un.f_fname, p + sizeof(_PATH_DEV - 1),
+   (void)strlcpy(f-f_un.f_fname, p + sizeof _PATH_DEV - 1,
sizeof(f-f_un.f_fname));
} else {
(void)strlcpy(f-f_un.f_fname, p, sizeof(f-f_un.f_fname));
[-- end of patch --]

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-current in the body of the message

Re: syslogd: Too many '/' in /dev//console

2001-09-04 Thread Mike Heffner 


On 04-Sep-2001 Giorgos Keramidas wrote:
| 
| The following patch seems to have fixed the bug for me.
| 

Yea, Kris said he was going to fix it. This must be some undefined behavior
because I tested the change in a test program and the two sizeofs were giving
me the same result..strange ;)

Mike

-- 
  Mike Heffner mheffner@[acm.]vt.edu
  Blacksburg, VA   [EMAIL PROTECTED]


 PGP signature

Re: syslogd: Too many '/' in /dev//console

2001-09-03 Thread Chris Wicklein 


On Monday, September 3, 2001, at 03:42 PM, [EMAIL PROTECTED] wrote:

 Between last weekend and this weekend, something changed in syslogd 
 seems to have resulted in this boot-time error.  The syslogd.c deltas 
 from 1.82 - 1.83 look suspect since the handling of relevant variables 
 has changed.

 To Unsubscribe: send mail to [EMAIL PROTECTED]
 with unsubscribe freebsd-current in the body of the message


Sorry for the double post -- to reproduce this problem it's necessary to 
run syslogd with the -s switch -- either no -s or -s -s fails to 
generate this error.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-current in the body of the message

RE: syslogd: Too many '/' in /dev//console

2001-09-03 Thread Mike Heffner 


On 03-Sep-2001 [EMAIL PROTECTED] wrote:
| Between last weekend and this weekend, something changed in syslogd 
| seems to have resulted in this boot-time error.  The syslogd.c deltas 
| from 1.82 - 1.83 look suspect since the handling of relevant variables 
| has changed.

This change looks wrong:


@@ -1679,16 +1659,17 @@ cfline(line, f, prog, host)
f-f_type = F_CONSOLE;
else
f-f_type = F_TTY;
-(void)strcpy(f-f_un.f_fname, p + sizeof _PATH_DEV - 1);
+(void)strlcpy(f-f_un.f_fname, p + sizeof(_PATH_DEV - 1),
  ^^^
+   sizeof(f-f_un.f_fname));
} else {


Mike

-- 
  Mike Heffner mheffner@[acm.]vt.edu
  Blacksburg, VA   [EMAIL PROTECTED]


 PGP signature

RE: syslogd: Too many '/' in /dev//console

2001-09-03 Thread Mike Heffner 


On 04-Sep-2001 Mike Heffner wrote:
| 
| On 03-Sep-2001 [EMAIL PROTECTED] wrote:
|| Between last weekend and this weekend, something changed in syslogd 
|| seems to have resulted in this boot-time error.  The syslogd.c deltas 
|| from 1.82 - 1.83 look suspect since the handling of relevant variables 
|| has changed.
| 
| This change looks wrong:
| 

Argh, nevermind. It doesn't appear to make any difference.

Mike

-- 
  Mike Heffner mheffner@[acm.]vt.edu
  Blacksburg, VA   [EMAIL PROTECTED]


 PGP signature

Re: syslogd: Too many '/' in /dev//console

2001-09-03 Thread Kris Kennaway 

On Tue, Sep 04, 2001 at 12:28:28AM -0400, Mike Heffner wrote:
 
 On 03-Sep-2001 [EMAIL PROTECTED] wrote:
 | Between last weekend and this weekend, something changed in syslogd 
 | seems to have resulted in this boot-time error.  The syslogd.c deltas 
 | from 1.82 - 1.83 look suspect since the handling of relevant variables 
 | has changed.
 
 This change looks wrong:
 
 
 @@ -1679,16 +1659,17 @@ cfline(line, f, prog, host)
 f-f_type = F_CONSOLE;
 else
 f-f_type = F_TTY;
 -(void)strcpy(f-f_un.f_fname, p + sizeof _PATH_DEV - 1);
 +(void)strlcpy(f-f_un.f_fname, p + sizeof(_PATH_DEV - 1),
   ^^^
 +   sizeof(f-f_un.f_fname));
 } else {

Oops, that was a last minute change to try and impose some style
consistency on my changes (if not the entire file).  I'll fix it.

Kris

 PGP signature

Re: syslogd and -a

2001-07-02 Thread David Malone 

On Sun, Jul 01, 2001 at 09:20:44PM -0700, Crist J. Clark wrote:
 Hmmm... Looks like,
 
   # syslogd -a 192.168.1.0/29
 
 Will work and,
 
   # syslogd -a 192.168.1.1/29
 
 Won't.

That's the standard behaviour of a netmask, isn't it? The usual
way to check if host h is in network/netmask n/m is to check if:

(h  m == n)

this means that the bits of the network which are not in the mask
must be zero.

David.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-current in the body of the message

Re: syslogd and -a

2001-07-02 Thread Crist J. Clark 

On Mon, Jul 02, 2001 at 09:38:42AM +0100, David Malone wrote:
 On Sun, Jul 01, 2001 at 09:20:44PM -0700, Crist J. Clark wrote:
  Hmmm... Looks like,
  
# syslogd -a 192.168.1.0/29
  
  Will work and,
  
# syslogd -a 192.168.1.1/29
  
  Won't.
 
 That's the standard behaviour of a netmask, isn't it? The usual
 way to check if host h is in network/netmask n/m is to check if:
 
   (h  m == n)
 
 this means that the bits of the network which are not in the mask
 must be zero.

That's exactly what happens in the syslogd(8) code. However, I think
that should be,

  n = m
  .
  .
  .
  ((h  m) == n)

That is, why allow the user to enter a network number that is not
/really/ the network number? Either flag an error or do the
calculation for the user. I think doing the calculation is the more
sensible choice. Commiting it to CURRENT now.
-- 
Crist J. Clark   [EMAIL PROTECTED]

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-current in the body of the message

Re: syslogd and -a

2001-07-02 Thread David Hill 

On Mon, 2 Jul 2001 09:38:42 +0100
David Malone [EMAIL PROTECTED] wrote:

 On Sun, Jul 01, 2001 at 09:20:44PM -0700, Crist J. Clark wrote:
  Hmmm... Looks like,
  
# syslogd -a 192.168.1.0/29
  
  Will work and,
  
# syslogd -a 192.168.1.1/29
  
  Won't.
 
 That's the standard behaviour of a netmask, isn't it? The usual
 way to check if host h is in network/netmask n/m is to check if:
 
   (h  m == n)
 
 this means that the bits of the network which are not in the mask
 must be zero.
 
   David.
 

Ok, changing the .1 to .0 worked for me.  The last octect must be the network number.

Thanks
- David

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-current in the body of the message

Re: syslogd and -a

2001-07-02 Thread Hajimu UMEMOTO 

 On Mon, 2 Jul 2001 08:25:38 -0700
 Crist J. Clark [EMAIL PROTECTED] said:

cristjc That's exactly what happens in the syslogd(8) code. However, I think
cristjc that should be,

cristjc   n = m
cristjc   .
cristjc   .
cristjc   .
cristjc   ((h  m) == n)

I think it should be:

  ((h  m) == (n  m))

cristjc That is, why allow the user to enter a network number that is not
cristjc /really/ the network number? Either flag an error or do the
cristjc calculation for the user. I think doing the calculation is the more
cristjc sensible choice. Commiting it to CURRENT now.

When I committed IPv6 support to syslogd, I didn't mask address to
keep compatibility with IPv4.  So, I'll commit to IPv6 side, later.

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
[EMAIL PROTECTED]  [EMAIL PROTECTED]  ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-current in the body of the message

Re: syslogd and -a

2001-07-02 Thread Kris Kennaway 

On Mon, Jul 02, 2001 at 09:38:42AM +0100, David Malone wrote:
 On Sun, Jul 01, 2001 at 09:20:44PM -0700, Crist J. Clark wrote:
  Hmmm... Looks like,
  
# syslogd -a 192.168.1.0/29
  
  Will work and,
  
# syslogd -a 192.168.1.1/29
  
  Won't.
 
 That's the standard behaviour of a netmask, isn't it? The usual
 way to check if host h is in network/netmask n/m is to check if:
 
   (h  m == n)
 
 this means that the bits of the network which are not in the mask
 must be zero.

This doesn't seem to work with IPv6.  Isn't there a libc function
which can be used to do this?

Kris

 PGP signature

Re: syslogd and -a

2001-07-02 Thread Hajimu UMEMOTO 

 On Mon, 2 Jul 2001 12:25:42 -0700
 Kris Kennaway [EMAIL PROTECTED] said:

kris This doesn't seem to work with IPv6.  Isn't there a libc function
kris which can be used to do this?

Yup, there is no api for masking address ether libc nor standard.
I'll commit the following patch for IPv6:

Index: usr.sbin/syslogd/syslogd.c
===
RCS file: /home/ncvs/src/usr.sbin/syslogd/syslogd.c,v
retrieving revision 1.79
diff -u -r1.79 syslogd.c
--- usr.sbin/syslogd/syslogd.c  2001/07/02 15:26:47 1.79
+++ usr.sbin/syslogd/syslogd.c  2001/07/02 19:39:32
@@ -2033,7 +2033,7 @@
reject = 0;
for (j = 0; j  16; j += 4) {
if ((*(u_int32_t *)sin6-sin6_addr.s6_addr[i] 
 *(u_int32_t *)m6p-sin6_addr.s6_addr[i])
-   != *(u_int32_t 
*)a6p-sin6_addr.s6_addr[i]) {
+   != (*(u_int32_t 
+*)a6p-sin6_addr.s6_addr[i]  *(u_int32_t *)m6p-sin6_addr.s6_addr[i])) {
++reject;
break;
}

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
[EMAIL PROTECTED]  [EMAIL PROTECTED]  ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-current in the body of the message

Re: syslogd and -a

2001-07-01 Thread Crist J. Clark 

On Sun, Jul 01, 2001 at 11:41:25PM -0400, David Hill wrote:
 Hello -
 
 It seems the -a option for syslogd does not work 100%.
 I need to log from hosts from 192.168.1.1-.6
 
 doing /usr/sbin/syslogd -a 192.168.1.1/29 does not work (nothing gets logged)
 
 but, if i do
 
 /usr/sbin/syslogd -a 192.168.1.1/32 -a 192.168.1.2/32, etc... that works
 
 can anyone try this out?

Hmmm... Looks like,

  # syslogd -a 192.168.1.0/29

Will work and,

  # syslogd -a 192.168.1.1/29

Won't.

I'll have a look.
-- 
Crist J. Clark   [EMAIL PROTECTED]

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-current in the body of the message

Re: syslogd and -a

2001-07-01 Thread Riccardo Torrini 

On 02-Jul-01 (04:20:44/GMT) Crist J. Clark wrote:

 It seems the -a option for syslogd does not work 100%.

 Hmmm... Looks like,
   # syslogd -a 192.168.1.0/29
 Will work and,
   # syslogd -a 192.168.1.1/29
 Won't.

Under 4.3-STABLE is the same.  To capure log from router I
added (in rc.conf) -a 192.168.22.254/32:* because with all
log enabled I notice that with ..22.0/24 syslod refused to
accept requests from network  :-(


Ciao,
Riccardo.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-current in the body of the message

Re: syslogd(8) does not update hostname

2001-01-20 Thread Mark Murray 

I don't agree with this change.

hostname != name-that-IP-address-resolves-to.

I can see how loggin the IP address (or some manifestation thereof) to
a central logger, but this is too strong.

Example: My laptop has a hostname set for my home network, and I connect
it to my work network and DHCP an IP address there. I would be HOPPING
mad if that caused my hostname and VPN to break.

M

 Submitter-Id:   current-users
 Originator: Crist J. Clark
 Organization:   
 Confidential:   no
 Synopsis:   syslogd(8) does not update hostname
 Severity:   non-critical
 Priority:   medium
 Category:   bin
 Release:FreeBSD 5.0-CURRENT i386
 Class:  sw-bug
 Environment: 
 
   All standard FreeBSD distributions. The code discussed is from
 5.0-CURRENT, but should trivially merge back to -STABLE.
 
 Description: 
 
   Many tools and progams within FreeBSD date back to a time when
 it was expected that a machines IP and hostname seldom, if ever,
 changed. Even when a IP and hostname were received at boot, it rarely
 changed until shutdown. With many users using protocols like DHCP
 where IP and hostname change with time, many tools do not deal well
 with this behavior.
 
   One of these tools is syslogd(8). syslogd(8) is typically
 started at boot time and runs until shutdown. However, syslogd(8)
 loads the hostname at startup and syslogd(8)'s idea of the hostname
 can never change while it is running.
 
   One might expect that a SIGHUP would cause syslogd(8) to load
 the new hostname since a SIGHUP can cause syslogd(8) to re-read its
 configuration file and re-open the log files, but it does not.
 
   The fact that the hostname does not change can cause confusion
 in the log files. It could be especially troublesome when a machine is
 logging to a central loghost. At any given time, the names in the log
 files may not have any correspondence to the names the hosts currently
 have. There are even issues on a host that gets its IP and hostname
 via DHCP at boot and the name never changes. syslogd(8) is started
 before any network services are initialized in /etc/rc.
 
   I propose that syslogd(8) should reload the hostname with a
 SIGHUP. I cannot think of any reason that one should not update the
 hostname, but as I pointed out, there are reasons why one would want
 that behavior.
 
 How-To-Repeat: 
 
   # hostname -s
   bubbles
   # hostname bubbles-test.domain.org
   # kill -HUP `cat /var/run/syslog.pid`
   # logger -p user.notice "hostname test"
   # tail -4 /var/log/messages
   Jan 17 21:45:00 bubbles /boot/kernel/kernel: acd0: CDROM CD-532E-A at 
ata0-slave using BIOSPIO
   Jan 17 21:45:00 bubbles /boot/kernel/kernel: Mounting root from ufs:/dev/ad0s1a
   Jan 18 00:41:14 bubbles su: cjc to root on /dev/ttyp0
   Jan 18 00:58:34 bubbles cjc: hostname test
 
 Fix: 
 
   I do not see any reason we cannot move the code that gets the
 hostname from the main() function into init(). init() is called when
 to "reload" settings. The hostname is never used in main() before
 init() is called. The patch is against -CURRENT and my box has not
 exploded yet.
 
   Here is what the above test looks like with the change in
 place.
 
   # hostname -s
   bubbles
   # hostname bubbles-test.cjclark.org
   # kill -HUP `cat /var/run/syslog.pid `
   # logger -p user.notice "syslogd hostname test"
   # hostname bubbles.cjclark.org
   # kill -HUP `cat /var/run/syslog.pid `
   # logger -p user.notice "syslogd hostname test"
   # tail -4 /var/log/messages
   Jan 18 13:36:58 bubbles su: BAD SU cjc to root on /dev/ttyp0
   Jan 18 13:37:03 bubbles su: cjc to root on /dev/ttyp0
   Jan 18 13:38:40 bubbles-test cjc: syslogd hostname test
   Jan 18 13:39:11 bubbles cjc: syslogd hostname test
 
 
 --- syslogd.c   2001/01/18 08:06:34
 +++ syslogd.c   2001/01/18 08:09:23
 @@ -395,12 +395,6 @@
  
 consfile.f_type = F_CONSOLE;
 (void)strcpy(consfile.f_un.f_fname, ctty + sizeof _PATH_DEV - 1);
 -   (void)gethostname(LocalHostName, sizeof(LocalHostName));
 -   if ((p = strchr(LocalHostName, '.')) != NULL) {
 -   *p++ = '\0';
 -   LocalDomain = p;
 -   } else
 -   LocalDomain = "";
 (void)strcpy(bootfile, getbootfile());
 (void)signal(SIGTERM, die);
 (void)signal(SIGINT, Debug ? die : SIG_IGN);
 @@ -1342,6 +1336,16 @@
 char host[MAXHOSTNAMELEN+1];
  
 dprintf("init\n");
 +
 +   /*
 +* Load hostname (may have changed)
 +*/
 +   (void)gethostname(LocalHostName, sizeof(LocalHostName));
 +   if ((p = strchr(LocalHostName, '.')) != NULL) {
 +   *p++ = '\0';
 +   LocalDomain = p;
 +   } else
 +   LocalDomain = "";
  
 /*
  *  Close all open log files.
 
 
 To Unsubscribe: send mail to [EMAIL PROTECTED]
 with "unsubscribe

Re: syslogd(8) does not update hostname

2001-01-20 Thread Crist J. Clark 

On Sat, Jan 20, 2001 at 11:24:16AM +0200, Mark Murray wrote:
 I don't agree with this change.
 
 hostname != name-that-IP-address-resolves-to.

Dunno what you are talking about. That has nothing directly to do with
this. No one is talking about forcing you to change your hostname. The
patch just allows syslogd(8) to take note if the hostname were to
change.
-- 
Crist J. Clark   [EMAIL PROTECTED]


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Re: syslogd(8) does not update hostname

2001-01-20 Thread Mark Murray 

 On Sat, Jan 20, 2001 at 11:24:16AM +0200, Mark Murray wrote:
  I don't agree with this change.
  
  hostname != name-that-IP-address-resolves-to.
 
 Dunno what you are talking about. That has nothing directly to do with
 this. No one is talking about forcing you to change your hostname. The
 patch just allows syslogd(8) to take note if the hostname were to
 change.

D'uh. Bad crack I'm on. :-)

M
-- 
Mark Murray
Warning: this .sig is umop ap!sdn


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Re: syslogd

2000-01-16 Thread Doug White 

On Sun, 16 Jan 2000, Vladimir B. Grebeschikov wrote:

 On Sat, 15 Jan 2000, Doug White wrote:
 
   # log firewall messages ONLY in this file (noy in messages below)
   !!ipfw
   *.*   /var/log/ipfw
  
  This is a bad example.  ipfw messages come from the kernel so you can't
  filter those. 
 
 it really works, try it

Oh. Heh.  I stand corrected. My sincere apologies.

Now that's cleared up, I'd agree that your suggestion would be a useful
feature.

Doug White|  FreeBSD: The Power to Serve
[EMAIL PROTECTED] |  www.FreeBSD.org



To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message