Re: syslogd -U bind UDP address
On Fri, Jun 26, 2015 at 12:40:37AM +0200, Alexander Bluhm wrote: I have added a -U feature for syslogd to specify an explict bind address to receive UDP packets. One advantge over -u and the * sockets is, that you can bind to localhost and divert the packets with pf. It is also possible to use a different port. My plan is to extend the interface with -T listen_address:port to receive syslog via TCP. ok? Diff merged with -current. Anyone? bluhm Index: usr.sbin/syslogd/privsep.c === RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/privsep.c,v retrieving revision 1.51 diff -u -p -r1.51 privsep.c --- usr.sbin/syslogd/privsep.c 19 Jan 2015 16:40:49 - 1.51 +++ usr.sbin/syslogd/privsep.c 29 Jun 2015 12:26:04 - @@ -186,6 +186,8 @@ priv_init(char *conf, int numeric, int l close(fd_udp); if (fd_udp6 != -1) close(fd_udp6); + if (fd_bind != -1) + close(fd_bind); for (i = 0; i nunix; i++) if (fd_unix[i] != -1) close(fd_unix[i]); Index: usr.sbin/syslogd/syslogd.8 === RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/syslogd.8,v retrieving revision 1.35 diff -u -p -r1.35 syslogd.8 --- usr.sbin/syslogd/syslogd.8 15 Jun 2015 22:39:14 - 1.35 +++ usr.sbin/syslogd/syslogd.8 29 Jun 2015 12:26:04 - @@ -46,6 +46,7 @@ .Op Fl m Ar mark_interval .Op Fl p Ar log_socket .Op Fl s Ar reporting_socket +.Op Fl U Ar bind_address .Ek .Sh DESCRIPTION .Nm @@ -111,6 +112,19 @@ Specify path to an .Dv AF_LOCAL socket for use in reporting logs stored in memory buffers using .Xr syslogc 8 . +.It Fl U Ar bind_address +Create a UDP socket for receiving messages and bind it to the +specified address. +A port number may be specified using the +.Ar host:port +syntax. +IPv6 addresses can be used by surrounding the address portion with +square brackets +.Po +.Ql [\ +and +.Ql ]\ +.Pc . .It Fl u Select the historical .Dq insecure Index: usr.sbin/syslogd/syslogd.c === RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/syslogd.c,v retrieving revision 1.165 diff -u -p -r1.165 syslogd.c --- usr.sbin/syslogd/syslogd.c 29 Jun 2015 11:04:28 - 1.165 +++ usr.sbin/syslogd/syslogd.c 29 Jun 2015 12:28:10 - @@ -219,6 +219,8 @@ int NoDNS = 0; /* when true, will refra intIPv4Only = 0; /* when true, disable IPv6 */ intIPv6Only = 0; /* when true, disable IPv4 */ intIncludeHostname = 0;/* include RFC 3164 style hostnames when forwarding */ +char *bind_host = NULL; +char *bind_port = NULL; char *path_ctlsock = NULL; /* Path to control socket */ @@ -275,9 +277,9 @@ char*linebuf; int linesize; int fd_ctlsock, fd_ctlconn, fd_klog, fd_sendsys, -fd_udp, fd_udp6, fd_unix[MAXUNIX]; +fd_udp, fd_udp6, fd_bind, fd_unix[MAXUNIX]; struct eventev_ctlaccept, ev_ctlread, ev_ctlwrite, ev_klog, ev_sendsys, -ev_udp, ev_udp6, ev_unix[MAXUNIX], +ev_udp, ev_udp6, ev_bind, ev_unix[MAXUNIX], ev_hup, ev_int, ev_quit, ev_term, ev_mark; voidklog_readcb(int, short, void *); @@ -314,7 +316,7 @@ voidprintsys(char *); char *ttymsg(struct iovec *, int, char *, int); void usage(void); void wallmsg(struct filed *, struct iovec *); -intloghost(char *, char **, char **, char **); +intloghost_parse(char *, char **, char **, char **); intgetmsgbufsize(void); intunix_socket(char *, int, mode_t); void double_rbuf(int); @@ -330,7 +332,7 @@ main(int argc, char *argv[]) int ch, i; int lockpipe[2] = { -1, -1}, pair[2], nullfd, fd; - while ((ch = getopt(argc, argv, 46C:dhnuf:Fm:p:a:s:V)) != -1) + while ((ch = getopt(argc, argv, 46C:dhnuf:Fm:p:a:s:U:V)) != -1) switch (ch) { case '4': /* disable IPv6 */ IPv4Only = 1; @@ -367,6 +369,11 @@ main(int argc, char *argv[]) case 'p': /* path */ path_unix[0] = optarg; break; + case 'U': /* allow udp only from address */ + if (loghost_parse(optarg, NULL, bind_host, bind_port) + == -1) + errx(1, bad bind address: %s, optarg); + break; case 'u': /* allow udp input port */ SecureMode = 0; break; @@ -425,8 +432,7 @@ main(int argc, char *argv[]) hints.ai_protocol = IPPROTO_UDP; hints.ai_flags = AI_PASSIVE; - i = getaddrinfo(NULL, syslog, hints, res0);
syslogd -U bind UDP address
Hi, I have added a -U feature for syslogd to specify an explict bind address to receive UDP packets. One advantge over -u and the * sockets is, that you can bind to localhost and divert the packets with pf. It is also possible to use a different port. My plan is to extend the interface with -T listen_address:port to receive syslog via TCP. ok? bluhm Index: usr.sbin/syslogd/privsep.c === RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/privsep.c,v retrieving revision 1.51 diff -u -p -r1.51 privsep.c --- usr.sbin/syslogd/privsep.c 19 Jan 2015 16:40:49 - 1.51 +++ usr.sbin/syslogd/privsep.c 25 Jun 2015 20:03:17 - @@ -186,6 +186,8 @@ priv_init(char *conf, int numeric, int l close(fd_udp); if (fd_udp6 != -1) close(fd_udp6); + if (fd_bind != -1) + close(fd_bind); for (i = 0; i nunix; i++) if (fd_unix[i] != -1) close(fd_unix[i]); Index: usr.sbin/syslogd/syslogd.8 === RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/syslogd.8,v retrieving revision 1.35 diff -u -p -r1.35 syslogd.8 --- usr.sbin/syslogd/syslogd.8 15 Jun 2015 22:39:14 - 1.35 +++ usr.sbin/syslogd/syslogd.8 25 Jun 2015 19:48:21 - @@ -111,6 +111,19 @@ Specify path to an .Dv AF_LOCAL socket for use in reporting logs stored in memory buffers using .Xr syslogc 8 . +.It Fl U Ar bind_address +Create an UDP socket for receiving messages and bind it to the +specified address. +A port number may be specified using the +.Ar host:port +syntax. +IPv6 addresses can be used by surrounding the address portion with +square brackets +.Po +.Ql [\ +and +.Ql ]\ +.Pc . .It Fl u Select the historical .Dq insecure Index: usr.sbin/syslogd/syslogd.c === RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/syslogd.c,v retrieving revision 1.164 diff -u -p -r1.164 syslogd.c --- usr.sbin/syslogd/syslogd.c 15 Jun 2015 21:42:15 - 1.164 +++ usr.sbin/syslogd/syslogd.c 25 Jun 2015 19:49:00 - @@ -218,6 +218,8 @@ int NoDNS = 0; /* when true, will refra intIPv4Only = 0; /* when true, disable IPv6 */ intIPv6Only = 0; /* when true, disable IPv4 */ intIncludeHostname = 0;/* include RFC 3164 style hostnames when forwarding */ +char *bind_host = NULL; +char *bind_port = NULL; char *path_ctlsock = NULL; /* Path to control socket */ @@ -274,9 +276,9 @@ char*linebuf; int linesize; int fd_ctlsock, fd_ctlconn, fd_klog, fd_sendsys, -fd_udp, fd_udp6, fd_unix[MAXUNIX]; +fd_udp, fd_udp6, fd_bind, fd_unix[MAXUNIX]; struct eventev_ctlaccept, ev_ctlread, ev_ctlwrite, ev_klog, ev_sendsys, -ev_udp, ev_udp6, ev_unix[MAXUNIX], +ev_udp, ev_udp6, ev_bind, ev_unix[MAXUNIX], ev_hup, ev_int, ev_quit, ev_term, ev_mark; voidklog_readcb(int, short, void *); @@ -313,7 +315,7 @@ voidprintsys(char *); char *ttymsg(struct iovec *, int, char *, int); void usage(void); void wallmsg(struct filed *, struct iovec *); -intloghost(char *, char **, char **, char **); +intloghost_parse(char *, char **, char **, char **); intgetmsgbufsize(void); intunix_socket(char *, int, mode_t); void double_rbuf(int); @@ -329,7 +331,7 @@ main(int argc, char *argv[]) int ch, i; int lockpipe[2] = { -1, -1}, pair[2], nullfd, fd; - while ((ch = getopt(argc, argv, 46C:dhnuf:Fm:p:a:s:V)) != -1) + while ((ch = getopt(argc, argv, 46C:dhnuf:Fm:p:a:s:U:V)) != -1) switch (ch) { case '4': /* disable IPv6 */ IPv4Only = 1; @@ -366,6 +368,11 @@ main(int argc, char *argv[]) case 'p': /* path */ path_unix[0] = optarg; break; + case 'U': /* allow udp only from address */ + if (loghost_parse(optarg, NULL, bind_host, bind_port) + == -1) + errx(1, bad bind address: %s, optarg); + break; case 'u': /* allow udp input port */ SecureMode = 0; break; @@ -424,8 +431,7 @@ main(int argc, char *argv[]) hints.ai_protocol = IPPROTO_UDP; hints.ai_flags = AI_PASSIVE; - i = getaddrinfo(NULL, syslog, hints, res0); - if (i) { + if (getaddrinfo(NULL, syslog, hints, res0)) { errno = 0; logerror(syslog/udp: unknown service); die(0); @@ -475,6 +481,64 @@ main(int argc, char *argv[]) freeaddrinfo(res0);