Re: syslogd -U bind UDP address
On Fri, Jun 26, 2015 at 12:40:37AM +0200, Alexander Bluhm wrote:
I have added a -U feature for syslogd to specify an explict bind
address to receive UDP packets. One advantge over -u and the *
sockets is, that you can bind to localhost and divert the packets
with pf. It is also possible to use a different port.
My plan is to extend the interface with -T listen_address:port to
receive syslog via TCP.
ok?
Diff merged with -current. Anyone?
bluhm
Index: usr.sbin/syslogd/privsep.c
===
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/privsep.c,v
retrieving revision 1.51
diff -u -p -r1.51 privsep.c
--- usr.sbin/syslogd/privsep.c 19 Jan 2015 16:40:49 - 1.51
+++ usr.sbin/syslogd/privsep.c 29 Jun 2015 12:26:04 -
@@ -186,6 +186,8 @@ priv_init(char *conf, int numeric, int l
close(fd_udp);
if (fd_udp6 != -1)
close(fd_udp6);
+ if (fd_bind != -1)
+ close(fd_bind);
for (i = 0; i nunix; i++)
if (fd_unix[i] != -1)
close(fd_unix[i]);
Index: usr.sbin/syslogd/syslogd.8
===
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/syslogd.8,v
retrieving revision 1.35
diff -u -p -r1.35 syslogd.8
--- usr.sbin/syslogd/syslogd.8 15 Jun 2015 22:39:14 - 1.35
+++ usr.sbin/syslogd/syslogd.8 29 Jun 2015 12:26:04 -
@@ -46,6 +46,7 @@
.Op Fl m Ar mark_interval
.Op Fl p Ar log_socket
.Op Fl s Ar reporting_socket
+.Op Fl U Ar bind_address
.Ek
.Sh DESCRIPTION
.Nm
@@ -111,6 +112,19 @@ Specify path to an
.Dv AF_LOCAL
socket for use in reporting logs stored in memory buffers using
.Xr syslogc 8 .
+.It Fl U Ar bind_address
+Create a UDP socket for receiving messages and bind it to the
+specified address.
+A port number may be specified using the
+.Ar host:port
+syntax.
+IPv6 addresses can be used by surrounding the address portion with
+square brackets
+.Po
+.Ql [\
+and
+.Ql ]\
+.Pc .
.It Fl u
Select the historical
.Dq insecure
Index: usr.sbin/syslogd/syslogd.c
===
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/syslogd.c,v
retrieving revision 1.165
diff -u -p -r1.165 syslogd.c
--- usr.sbin/syslogd/syslogd.c 29 Jun 2015 11:04:28 - 1.165
+++ usr.sbin/syslogd/syslogd.c 29 Jun 2015 12:28:10 -
@@ -219,6 +219,8 @@ int NoDNS = 0; /* when true, will refra
intIPv4Only = 0; /* when true, disable IPv6 */
intIPv6Only = 0; /* when true, disable IPv4 */
intIncludeHostname = 0;/* include RFC 3164 style hostnames when
forwarding */
+char *bind_host = NULL;
+char *bind_port = NULL;
char *path_ctlsock = NULL; /* Path to control socket */
@@ -275,9 +277,9 @@ char*linebuf;
int linesize;
int fd_ctlsock, fd_ctlconn, fd_klog, fd_sendsys,
-fd_udp, fd_udp6, fd_unix[MAXUNIX];
+fd_udp, fd_udp6, fd_bind, fd_unix[MAXUNIX];
struct eventev_ctlaccept, ev_ctlread, ev_ctlwrite, ev_klog, ev_sendsys,
-ev_udp, ev_udp6, ev_unix[MAXUNIX],
+ev_udp, ev_udp6, ev_bind, ev_unix[MAXUNIX],
ev_hup, ev_int, ev_quit, ev_term, ev_mark;
voidklog_readcb(int, short, void *);
@@ -314,7 +316,7 @@ voidprintsys(char *);
char *ttymsg(struct iovec *, int, char *, int);
void usage(void);
void wallmsg(struct filed *, struct iovec *);
-intloghost(char *, char **, char **, char **);
+intloghost_parse(char *, char **, char **, char **);
intgetmsgbufsize(void);
intunix_socket(char *, int, mode_t);
void double_rbuf(int);
@@ -330,7 +332,7 @@ main(int argc, char *argv[])
int ch, i;
int lockpipe[2] = { -1, -1}, pair[2], nullfd, fd;
- while ((ch = getopt(argc, argv, 46C:dhnuf:Fm:p:a:s:V)) != -1)
+ while ((ch = getopt(argc, argv, 46C:dhnuf:Fm:p:a:s:U:V)) != -1)
switch (ch) {
case '4': /* disable IPv6 */
IPv4Only = 1;
@@ -367,6 +369,11 @@ main(int argc, char *argv[])
case 'p': /* path */
path_unix[0] = optarg;
break;
+ case 'U': /* allow udp only from address */
+ if (loghost_parse(optarg, NULL, bind_host, bind_port)
+ == -1)
+ errx(1, bad bind address: %s, optarg);
+ break;
case 'u': /* allow udp input port */
SecureMode = 0;
break;
@@ -425,8 +432,7 @@ main(int argc, char *argv[])
hints.ai_protocol = IPPROTO_UDP;
hints.ai_flags = AI_PASSIVE;
- i = getaddrinfo(NULL, syslog, hints, res0);
syslogd -U bind UDP address
Hi,
I have added a -U feature for syslogd to specify an explict bind
address to receive UDP packets. One advantge over -u and the *
sockets is, that you can bind to localhost and divert the packets
with pf. It is also possible to use a different port.
My plan is to extend the interface with -T listen_address:port to
receive syslog via TCP.
ok?
bluhm
Index: usr.sbin/syslogd/privsep.c
===
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/privsep.c,v
retrieving revision 1.51
diff -u -p -r1.51 privsep.c
--- usr.sbin/syslogd/privsep.c 19 Jan 2015 16:40:49 - 1.51
+++ usr.sbin/syslogd/privsep.c 25 Jun 2015 20:03:17 -
@@ -186,6 +186,8 @@ priv_init(char *conf, int numeric, int l
close(fd_udp);
if (fd_udp6 != -1)
close(fd_udp6);
+ if (fd_bind != -1)
+ close(fd_bind);
for (i = 0; i nunix; i++)
if (fd_unix[i] != -1)
close(fd_unix[i]);
Index: usr.sbin/syslogd/syslogd.8
===
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/syslogd.8,v
retrieving revision 1.35
diff -u -p -r1.35 syslogd.8
--- usr.sbin/syslogd/syslogd.8 15 Jun 2015 22:39:14 - 1.35
+++ usr.sbin/syslogd/syslogd.8 25 Jun 2015 19:48:21 -
@@ -111,6 +111,19 @@ Specify path to an
.Dv AF_LOCAL
socket for use in reporting logs stored in memory buffers using
.Xr syslogc 8 .
+.It Fl U Ar bind_address
+Create an UDP socket for receiving messages and bind it to the
+specified address.
+A port number may be specified using the
+.Ar host:port
+syntax.
+IPv6 addresses can be used by surrounding the address portion with
+square brackets
+.Po
+.Ql [\
+and
+.Ql ]\
+.Pc .
.It Fl u
Select the historical
.Dq insecure
Index: usr.sbin/syslogd/syslogd.c
===
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/syslogd.c,v
retrieving revision 1.164
diff -u -p -r1.164 syslogd.c
--- usr.sbin/syslogd/syslogd.c 15 Jun 2015 21:42:15 - 1.164
+++ usr.sbin/syslogd/syslogd.c 25 Jun 2015 19:49:00 -
@@ -218,6 +218,8 @@ int NoDNS = 0; /* when true, will refra
intIPv4Only = 0; /* when true, disable IPv6 */
intIPv6Only = 0; /* when true, disable IPv4 */
intIncludeHostname = 0;/* include RFC 3164 style hostnames when
forwarding */
+char *bind_host = NULL;
+char *bind_port = NULL;
char *path_ctlsock = NULL; /* Path to control socket */
@@ -274,9 +276,9 @@ char*linebuf;
int linesize;
int fd_ctlsock, fd_ctlconn, fd_klog, fd_sendsys,
-fd_udp, fd_udp6, fd_unix[MAXUNIX];
+fd_udp, fd_udp6, fd_bind, fd_unix[MAXUNIX];
struct eventev_ctlaccept, ev_ctlread, ev_ctlwrite, ev_klog, ev_sendsys,
-ev_udp, ev_udp6, ev_unix[MAXUNIX],
+ev_udp, ev_udp6, ev_bind, ev_unix[MAXUNIX],
ev_hup, ev_int, ev_quit, ev_term, ev_mark;
voidklog_readcb(int, short, void *);
@@ -313,7 +315,7 @@ voidprintsys(char *);
char *ttymsg(struct iovec *, int, char *, int);
void usage(void);
void wallmsg(struct filed *, struct iovec *);
-intloghost(char *, char **, char **, char **);
+intloghost_parse(char *, char **, char **, char **);
intgetmsgbufsize(void);
intunix_socket(char *, int, mode_t);
void double_rbuf(int);
@@ -329,7 +331,7 @@ main(int argc, char *argv[])
int ch, i;
int lockpipe[2] = { -1, -1}, pair[2], nullfd, fd;
- while ((ch = getopt(argc, argv, 46C:dhnuf:Fm:p:a:s:V)) != -1)
+ while ((ch = getopt(argc, argv, 46C:dhnuf:Fm:p:a:s:U:V)) != -1)
switch (ch) {
case '4': /* disable IPv6 */
IPv4Only = 1;
@@ -366,6 +368,11 @@ main(int argc, char *argv[])
case 'p': /* path */
path_unix[0] = optarg;
break;
+ case 'U': /* allow udp only from address */
+ if (loghost_parse(optarg, NULL, bind_host, bind_port)
+ == -1)
+ errx(1, bad bind address: %s, optarg);
+ break;
case 'u': /* allow udp input port */
SecureMode = 0;
break;
@@ -424,8 +431,7 @@ main(int argc, char *argv[])
hints.ai_protocol = IPPROTO_UDP;
hints.ai_flags = AI_PASSIVE;
- i = getaddrinfo(NULL, syslog, hints, res0);
- if (i) {
+ if (getaddrinfo(NULL, syslog, hints, res0)) {
errno = 0;
logerror(syslog/udp: unknown service);
die(0);
@@ -475,6 +481,64 @@ main(int argc, char *argv[])
freeaddrinfo(res0);
