You can subscribe to this list here.
2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(23) |
Oct
(2) |
Nov
(1) |
Dec
|
---|---|---|---|---|---|---|---|---|---|---|---|---|
2003 |
Jan
(4) |
Feb
(11) |
Mar
(1) |
Apr
(104) |
May
(18) |
Jun
(42) |
Jul
|
Aug
(4) |
Sep
|
Oct
(1) |
Nov
|
Dec
|
From: <al...@us...> - 2002-09-26 18:46:10
|
Update of /cvsroot/msyslog/syslog/src/modules In directory usw-pr-cvs1:/tmp/cvs-serv7915/src/modules Modified Files: om_queue.c om_regex.c Log Message: replace strndup comment out buggy code (regex requires fix) Index: om_queue.c =================================================================== RCS file: /cvsroot/msyslog/syslog/src/modules/om_queue.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -d -r1.5 -r1.6 --- om_queue.c 26 Sep 2002 18:32:26 -0000 1.5 +++ om_queue.c 26 Sep 2002 18:46:07 -0000 1.6 @@ -442,7 +442,7 @@ if (ctx->semaphore >= 0) break; if (ix > 5) { snprintf(statbuf, sizeof(statbuf), "om_queue: " - "semaphore set for key (0x%x) NOT created", semkey); + "semaphore set for key (0x%lx) NOT created", semkey); m_dprintf(MSYSLOG_SERIOUS, "%s\n", statbuf); *status = strdup(statbuf); return (-1); Index: om_regex.c =================================================================== RCS file: /cvsroot/msyslog/syslog/src/modules/om_regex.c,v retrieving revision 1.47 retrieving revision 1.48 diff -u -d -r1.47 -r1.48 --- om_regex.c 17 Sep 2002 05:20:28 -0000 1.47 +++ om_regex.c 26 Sep 2002 18:46:07 -0000 1.48 @@ -355,7 +355,11 @@ *non_subst = realloc( *non_subst, current_bound * sizeof(char *) ); *subexp_no = realloc( *subexp_no, current_bound * sizeof(int) ); } - (*non_subst)[current_element] = unbackslash( strndup(start, pmatch[3].rm_so) ); + (*non_subst)[current_element] = malloc(pmatch[3].rm_so); + strncpy((*non_subst)[current_element], start, pmatch[3].rm_so - 1); + (*non_subst)[current_element][pmatch[3].rm_so - 1] = '\0'; + unbackslash((*non_subst)[current_element]); + (*subexp_no)[current_element] = atoi(&start[ pmatch[3].rm_so + 1 ]); ++current_element; @@ -522,11 +526,14 @@ } if (c->msg_subexp_no) free(c->msg_subexp_no); +#warning FIX THIS if (c->host_non_subst) { +#if 0 int ix; char *string; for(ix = c->host_no_subst ; ix >= 0 ; --ix) free(string); +#endif free(c->host_non_subst); } if (c->host_subexp_no) free(c->host_subexp_no); |
From: <al...@us...> - 2002-09-26 18:32:30
|
Update of /cvsroot/msyslog/syslog/src/modules In directory usw-pr-cvs1:/tmp/cvs-serv32469/src/modules Modified Files: om_directory.c om_queue.c Log Message: replace strnlen fix format string cast Index: om_directory.c =================================================================== RCS file: /cvsroot/msyslog/syslog/src/modules/om_directory.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -d -r1.4 -r1.5 --- om_directory.c 7 Sep 2002 23:41:30 -0000 1.4 +++ om_directory.c 26 Sep 2002 18:32:26 -0000 1.5 @@ -147,7 +147,8 @@ "filename (%s)\n", filename); /* write to the file */ - write( filedes, msg->msg, strnlen(msg->msg, MAXMSG) ); + write(filedes, msg->msg, + strlen(msg->msg) > MAXMSG? MAXMSG : strlen(msg->msg)); close( filedes ); /* unlock the file by changing its permission to allow reading */ @@ -217,7 +218,8 @@ while ((ch = getopt(argc, argv, "s:")) != -1) { switch (ch) { case 's': /* semaphore (a directory path) */ - ctx->directory_len = strnlen(optarg, MAXDIRECTORY); + if ((ctx->directory_len = strlen(optarg)) > MAXDIRECTORY) + ctx->directory_len = MAXDIRECTORY; ctx->directory = (char*) malloc( ctx->directory_len+1 ); strncpy( ctx->directory, optarg, ctx->directory_len ); ctx->directory[ctx->directory_len] = '\0'; @@ -284,7 +286,7 @@ if (ctx->semaphore >= 0) break; if (ix > 5) { snprintf(statbuf, sizeof(statbuf), "om_directory: " - "semaphore set for key (0x%x) NOT created", semkey); + "semaphore set for key (0x%lx) NOT created", semkey); m_dprintf(MSYSLOG_SERIOUS, "%s\n", statbuf); *status = strdup(statbuf); return (-1); Index: om_queue.c =================================================================== RCS file: /cvsroot/msyslog/syslog/src/modules/om_queue.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -d -r1.4 -r1.5 --- om_queue.c 7 Sep 2002 23:41:32 -0000 1.4 +++ om_queue.c 26 Sep 2002 18:32:26 -0000 1.5 @@ -300,19 +300,22 @@ "output type (%s) specified\n", ((ctx->outtype == 'x') ? "xml":"raw")); break; case 't': /* target (where you want the ticket to go) */ - ctx->target_len = strnlen(optarg, MAXTARGET); + if ((ctx->target_len = strlen(optarg)) > MAXTARGET) + ctx->target_len = MAXTARGET; ctx->target = (char*) malloc( ctx->target_len+1 ); strncpy( ctx->target, optarg, ctx->target_len ); ctx->target[ctx->target_len] = '\0'; break; case 'd': /* semaphore (a directory path) */ - ctx->directory_len = strnlen(optarg, MAXDIRECTORY); + if ((ctx->directory_len = strlen(optarg)) > MAXDIRECTORY) + ctx->directory_len = MAXDIRECTORY; ctx->directory = (char*) malloc( ctx->directory_len+1 ); strncpy( ctx->directory, optarg, ctx->directory_len ); ctx->directory[ctx->directory_len] = '\0'; break; case 'k': /* key for the message */ - ctx->key_len = strnlen(optarg, MAXKEY); + if ((ctx->key_len = strlen(optarg)) > MAXKEY) + ctx->key_len = MAXKEY; ctx->key = (char*) malloc( ctx->key_len+1 ); strncpy( ctx->key, optarg, ctx->key_len ); ctx->key[ctx->key_len] = '\0'; @@ -320,7 +323,8 @@ "key (%s) specified\n", ctx->key); break; case 'n': /* namespace for the message */ - ctx->namespace_len = strnlen(optarg, MAXELEMENT); + if ((ctx->namespace_len = strlen(optarg)) > MAXELEMENT) + ctx->namespace_len = MAXELEMENT; ctx->namespace = (char*) malloc( ctx->namespace_len+1 ); strncpy( ctx->namespace, optarg, ctx->namespace_len ); ctx->namespace[ctx->namespace_len] = '\0'; @@ -335,7 +339,8 @@ node->type = ch; node->payload = NULL; - node->element_len = strnlen(optarg, MAXELEMENT); + if ((node->element_len = strlen(optarg)) > MAXELEMENT) + node->element_len = MAXELEMENT; node->element = (char*) malloc( node->element_len+1 ); strncpy( node->element, optarg, node->element_len ); node->element[node->element_len] = '\0'; |
From: <al...@us...> - 2002-09-26 18:09:38
|
Update of /cvsroot/msyslog/syslog/src/modules In directory usw-pr-cvs1:/tmp/cvs-serv22597/src/modules Modified Files: im_serial.c Log Message: properly comment out Index: im_serial.c =================================================================== RCS file: /cvsroot/msyslog/syslog/src/modules/im_serial.c,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- im_serial.c 30 Aug 2002 21:46:47 -0000 1.2 +++ im_serial.c 26 Sep 2002 18:09:35 -0000 1.3 @@ -173,14 +173,16 @@ int wchr; int nx; struct im_serial_ctx *c = (struct im_serial_ctx *) (im->im_ctx); +#ifdef IGNORE_PIPES RETSIGTYPE (*sigsave)(int); +#endif m_dprintf(MSYSLOG_INFORMATIVE, "im_serial_read: entering...\n"); - /* ignore sigserials */ - /* - sigsave = place_signal(SIGPIPE, SIG_IGN); - */ +#ifdef IGNORE_PIPES + /* ignore sigserials */ + sigsave = place_signal(SIGPIPE, SIG_IGN); +#endif /* read a complete message converting non printable characters into 'X' */ nx = read(im->im_fd, im->im_buf, sizeof(im->im_buf) - 1); @@ -188,7 +190,9 @@ if (nx < 0 && errno != EINTR) { m_dprintf(MSYSLOG_SERIOUS, "im_serial_read: error: [%d]\n", errno); logerror("im_serial_read"); +#ifdef IGNORE_PIPES place_signal(SIGPIPE, sigsave); +#endif return -1; } @@ -329,11 +333,12 @@ m_dprintf(MSYSLOG_INFORMATIVE, "im_serial_read: bytes remaining: [%d]\n", (endmark - nextline)); } } + +#ifdef IGNORE_PIPES /* restore previous SIGPIPE handler */ - /* place_signal(SIGPIPE, sigsave); - */ -return (0); +#endif + return (0); } /* |
From: <al...@us...> - 2002-09-26 17:16:05
|
Update of /cvsroot/msyslog/syslog/src/modules In directory usw-pr-cvs1:/tmp/cvs-serv26031/src/modules Modified Files: Makefile.in Log Message: proper dependencies Index: Makefile.in =================================================================== RCS file: /cvsroot/msyslog/syslog/src/modules/Makefile.in,v retrieving revision 1.75 retrieving revision 1.76 diff -u -d -r1.75 -r1.76 --- Makefile.in 24 Sep 2002 00:54:30 -0000 1.75 +++ Makefile.in 26 Sep 2002 17:15:57 -0000 1.76 @@ -49,10 +49,6 @@ .c.o: $(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@ -$(MOBJS): $(MSRCS) - -$(HASH_OBJS): $(HASH_SRCS) - $(MLIBNAME): $(MOBJS) $(HASH_OBJS) ../config.h $(LD) $(SHARED_PARAMS) -o $(MLIBNAME) $(MOBJS) $(HASH_OBJS) |
From: <al...@us...> - 2002-09-26 03:14:30
|
Update of /cvsroot/msyslog/syslog/doc In directory usw-pr-cvs1:/tmp/cvs-serv5990/doc Added Files: architecture.html flowchart.dia flowchart.png Log Message: florin's syslog architecture documents please try if dia does work w/ the id tag --- NEW FILE: architecture.html --- <html> <!-- $Id: architecture.html,v 1.1 2002/09/26 03:14:22 alejo Exp $ --> <head> <style type="text/css"> <!-- body { font-family: verdana; } --> </style> <title>syslog arch</title> </head> <body> <center> <table width="80%"> <tr> <td align="justify"> <center> <h1> A proposal for an enterprise-class system logger architecture </h1> v0.4 - 2002/09/25 </center> <p> <div align="right"> <a href="mailto:fl...@sg...">Florin Andrei <fl...@sg...></a> </div> <h2> 0. Rationale </h2> Even though the layout of this document is quite "academic", i'm not going to make an academic introduction. Syslog is old - i'm talking here about the classic, BSD syslog, that's used as the implementation of the Unix system logging specifications on most Unices today, and about most of its variations. <p> The limits of it are obvious for anyone trying to make it scale, or to make it work in complex and large deployments. It doesn't do well under high load. Its filtering rules are too simplistic. It's not extensible (not easily anyway). It only supports simple output formats, and only the text output is really used at all. It was designed having in mind the needs of a fairly primitive Unix kernel, and nothing else; for example, there's no support to make it work as a centralised logging facility for all the popular Unix services; this leads to the ridiculous situation where each daemon has to reinvent the wheel and create its own logging routines. The data flow is too linear. It cannot take advantage of multiple CPUs. The security decisions in the implementation are fine, but that's just because they don't exist at all. <p> Simply put, it's obsolete. A replacement is needed. <p> The architecture discussed below addresses a few of the mentioned problems. It does not intend to specifically address all of them, but a fairly large number of them, and provide a foundation to support future extensions to eventually solve all of these problems, and perhaps others not mentioned here. <p> These ideas were initially conceived by the author while deploying <a href="http://sourceforge.net/projects/msyslog/" target="new">msyslog</a> on <a href="http://www.sgi.com/" target="new">SGI</a>'s network, and while working to solve all the issues that typically appear when dealing with system logging on large networks. <h2> 1. Large-scale view </h2> <h3> 1.1. The modularity requirement </h3> The first requirement for a good implementation is that it has to be modular - not only as in "different functions are in different parts of the source code", but as in "<u>different functions run in different execution units (processes, threads) in the OS, and are contained in different binaries that do not necessarily share the same source code heritage but just common interfaces</u>". <p> There are numerous advantages to this approach. The development is simpler because the goals for each piece of code are simpler. It's easier to get third-party contributions, pretty much the same way Adobe Photoshop got it's enormous pool of plugins written by programmers all around the world. The hardware resources (especially CPU) are better spent when particularly overloaded pieces of code are contained in separate execution units. The security is much improved when the input, the actual processing and the output are separated into different processes/threads that do not necessarily trust each other, like in the examples of Qmail, Postfix or the recent OpenSSH versions. <h3> 1.2. The three-phases approach </h3> While the information travels under the hood of the system logger, there are three distinct phases: input, processing and output. <p> Input means all activities required to collect information from various sources, pack it in adequate containers, perhaps pre-process it slightly, and place it in a queue (or many) waiting for the second phase. <p> Processing implies the bulk of work done on top of the data: sorting it, marking it, preparing it before the actual storage, modifying it, perhaps even create and inject new messages in the stream based on previous and present data, or triggering and sending signals to the outer world based on data content, or even deleting some messages altogether. This phase too ends up with placing data in queues. <p> Output means delivering data to the destinations, whether those are various storage facilities, or other applications or daemons. <p> A modular implementation should naturally facilitate this three-phases approach. <h3> 1.3. The flowchart </h3> The picture below is the core of this proposal, and indeed contains in a nutshell most of the ideas exposed before and after it. </td> </tr> </table> <p> <img src="flowchart.png"> <p> The flowchart <p> <table width="80%"> <tr> <td align="justify"> <ul> <li>The red blocks are the input modules. There's nothing particular about them, they implement typical data collectors. Just the "daemons" module is slightly unusual for a syslog implementation, and will be discussed further.</li> <li>The green blocks are the processing modules: <ul> <li> The P modules are the actual processing ones, they perform various modifications to the messages. </li> <li> The R module (the circle) is the "Regex" module, and distributes the messages across various output modules. It does not necessarily implement regular expressions, but any selection method can be used. </li> <li> The "inject" modules can generate and insert messages in the flow (example: the PEO module from msyslog, that ensures crypto integrity) based on various conditions in the messages stream. A "mark" module might be another example of an injector (altough this one does not need a data feed from the main pipe, therefore being more similar to the input modules). </li> <li> The "sink" module is really a dev-null-like output module, but since it performs a modification in the messages stream (it erases messages) it's been included with the processing modules. </li> <li> The "trigger" modules can perform various external actions (run a script, launch a daemon, restart a server, make coffee) based on conditions in the messages stream; they are do-nothing processing modules (don't actually modify anything). The differences between this module and some particular output modules are shallow (except the stage in the data pipe). </li> </ul> </li> <li>The yellow block is just a data pipe, a staged pipe actually, and the various processing modules can plug into it at various stages; the exception being the Regex module which is the final one. It is the main module, everything else depends on it. It does not allow for two processing modules to plug into it at the same stage. The term "pipe" here is not used as in "a pipe between two Unix processes", but it tries to suggest the flow of data; the actual implementation can be any dynamic structure, etc.</li> <li>The blue blocks are the output modules.</li> <li>Solid arrows mean the flow of the messages.</li> <li>Dotted arrows represent copies of the main messages flow that are not reintegrated in the main flow, not even after processing (but they might trigger the generation of other messages that are integrated, as in the "inject" module).</li> <li>The thin dashed lines are message queues (buffers). The implementation of the queues can be anything like dynamic lists living in shared memory spaces, etc.</li> <li>The thick dashed line is the actual main staged data pipe.</li> </ul> The structure might seem to be overkill, but for a first working implementation the only critical components are: the data pipe, the Regex module, the kernel input module (perhaps several "flavors" for different Unices), the UDP input module, and the file output module. This is going to reproduce the functionality of the classic syslog as it is used in 99% of the cases. Everything else can be added later. And, of course, the implementation being modular, each module should be fairly easy to write. <h2> 2. Implementation trivia </h2> <h3> 2.1. Daemons and configurations </h3> The data pipe and the Regex module might as well be merged together, since their relative positions are fixed. In fact, the flowchart reflects this possibility, by drawing them partially superposed. <p> The various modules should be different binaries, running as separate daemons that communicate via shared memory or other mechanisms. The unnecessary daemons are not activated when the main daemon (pipe/Regex) is launched. <p> If the implementation is ever going to be threaded, special attention has to be paid to preserve the order of the messages. <p> The main data pipe may or may not contain more than one message at one time. That depends on the implementation, and this document does not impose any restriction of that order. The concept of "pipe" might be used simply to describe the way the processing daemons plug themselves into the flow of data, or as a way to describe and enforce the order of the data processing. <p> There are strong similarities between the selection made by the Regex module at the end of the data pipe, and the individual selections made by each processing module. So, the main module (pipe + Regex) and the processing modules might actually share a piece of code: the Regex selector itself, but the actual selection for individual processing modules should not run in the main process (that one carrying enough load already because of the final Regex). <p> Related to the previous paragraph: <u>all</u> messages are "touched" by each processing module that inserts itself into the data pipe. However, only some of them are actually modified, hence the need for regex in the processing modules. <p> Each daemon should have its own configuration file. The data pipe should be started by the user or by the system; the other daemons should be started by the data pipe, based on the main config file. When starting the child daemons, the main one (the data pipe) should specify the config file for each one of them; notions like "base directory for daemons" and "base directory for configs" might be useful. <h3> 2.2. Queues </h3> The reason to draw one queue at the entrance of the main daemon (as opposed to have one queue at the exit of each input module) is: the order of the messages should be preserved when they go through syslog, which cannot be enforced when messages are pushed through multiple parallel queues. However, there's also a problem: when multiple input daemons compete for access to the queue, they might block each other. <p> The other solution is to assign queues to the exits of each input module, and make the main daemon poll the queues (and pull the messages out of them). This solution is block-free (the input daemons cannot block each other), but i don't see any simple method to enforce the preservation of the order of messages. <p> In fact, i'm not sure how important it is to preserve a strict order. Ideas are welcome. <h2> 3. Taking it even further </h2> <h3> 3.1. The "daemons" input module </h3> Most of the things said before assume that the messages processed by this (collection of) daemon(s) are system log messages (syslog). But, until now, nothing in this structure prevents the daemons collection to go even further. <p> Theoretically, specialized input modules could be written, to enable popular Unix services (Apache, Sendmail, Squid...) to send their messages to the modular syslog. Of course, there has to be some degree of support in the daemons themselves; but, being Open Source, the support might not be very difficult to obtain, especially when people will see the advantage of it. <p> Of course, that means the classic Unix-style syslog message structure is not enough anymore. Some extensions have to be defined; see next paragraph. <p> I believe there is a great potential to this idea. It could be "the" fix for the lamentable state of affairs that plagues logging in the Unix world. <h3> 3.2. Message formats, APIs, etc. </h3> What is actually needed in the modular daemon is to define message types, only one type (classic syslog) being used in the beginning of the implementation, and other types being assigned to other classes of messages (Apache log, Apache error, Squid log, Squid error...) in the future. In fact, a namespace can be defined, and assign pieces of it to each major service; like: a 2-byte integer for the service (Apache, Squid, etc.), and a 2-byte for each service (internal types, like Apache access, Apache error, etc.); or any other classification that works. <p> The output modules should be aware of these special message types; for some modules (output to file) this might not be a big issue (although the problem is not quite trivial), but for some other (output to SQL) it might be a fairly important one. At this moment, i don't see any method to define a message structure that's extensible without requiring continuous tweaks to the output modules (but that doesn't mean there is no such thing). <p> Regarding the actual format of the messages, these might or might not be plain text. Anything from XML to pure binary formats could be used. An interesting idea is to identify pieces of messages that are seen very often in syslog messages (or other types of logs), assign them an index in a table, and log only the index; this might be a great benefit, especially for SQL-based logging, in terms of speed (for inserts, but especially for lookups) and storage space. <p> Extensible interfaces and APIs should be defined in the beginning. Being 100% modular, this architecture could be extended by third party contributors, and the extensions (input, output and processing modules) might as well not share any code at all with the original implementation. <h3> 3.3. Data pipes in the input and output </h3> In theory, there is no reason why the input and output modules themselves should not get smart :-) and implement their own staged data pipes, allowing for local processing of the data, running their own processing daemons, etc. <p>However, while the main data pipe is a necessity, pipes in the in/out modules are a luxury. It is not needed to implement them from the beginning. <p>But again, everything being modular, a "smart" in/out module can be written at any time, by a third party or whatever, without impacting the rest of the modular syslog. <h2> 4. Applications </h2> This modular structure has enough flexibility to enable all kind of uses: <ul> <li>Centralised logging, logs collection, logging over the network to a central facility.</li> <li>Sort of an "IDS for syslog" via the trigger modules: watch the messages and trigger alarms based on content, succession, "state" (similar to "TCP state" in the Network IDS world).</li> <li>Solving the lack of a unique logging facility for Unix.</li> <li>Cryptographic integrity of the logs (a la msyslog-PEO).</li> <li>etc.</li> </ul> It is sufficiently complex to give anyone enough rope to hang themselves multiple times (think of looping back a UDP output module into a UDP input module!) but i believe it offers support not only for all of the actual uses for a system logger, but also for things that sysadmins would like to do but cannot (because of limitations in current implementations) and perhaps it might enable entirely new uses. <p> Great care has been taken to ensure the architecture scales up well, but also to not forget small-scale implementations; in systems where the memory is not to be wasted, unnecessary daemons can be simply turned off. </td> </tr> </table> </center> </body> </html> --- NEW FILE: flowchart.dia --- <?xml version="1.0"?> <cvsid $Id: flowchart.dia,v 1.1 2002/09/26 03:14:22 alejo Exp $> <dia:diagram xmlns:dia="http://www.lysator.liu.se/~alla/dia/"> <dia:diagramdata> <dia:attribute name="background"> <dia:color val="#ffffff"/> </dia:attribute> <dia:attribute name="paper"> <dia:composite type="paper"> <dia:attribute name="name"> <dia:string>#A4#</dia:string> </dia:attribute> <dia:attribute name="tmargin"> <dia:real val="2.8222"/> </dia:attribute> <dia:attribute name="bmargin"> <dia:real val="2.8222"/> </dia:attribute> <dia:attribute name="lmargin"> [...1899 lines suppressed...] <dia:point val="24,14"/> </dia:attribute> <dia:attribute name="numcp"> <dia:int val="1"/> </dia:attribute> <dia:attribute name="line_width"> <dia:real val="1"/> </dia:attribute> <dia:attribute name="line_style"> <dia:enum val="1"/> </dia:attribute> <dia:attribute name="dashlength"> <dia:real val="0.5"/> </dia:attribute> <dia:connections> <dia:connection handle="1" to="O66" connection="3"/> </dia:connections> </dia:object> </dia:layer> </dia:diagram> --- NEW FILE: flowchart.png --- (This appears to be a binary file; contents omitted.) |
From: <al...@us...> - 2002-09-25 22:50:19
|
Update of /cvsroot/msyslog/syslog/src/modules In directory usw-pr-cvs1:/tmp/cvs-serv9410/src/modules Modified Files: im_udp.c ip_misc.c Log Message: move im_udp networking stuff to ip_misc update ip_misc to handle it properly (i.e. using a socket for reading) have an option on im_udp to avoid doing dns resolution (-n) have the port on the ret structure some style *UNTESTED* Index: im_udp.c =================================================================== RCS file: /cvsroot/msyslog/syslog/src/modules/im_udp.c,v retrieving revision 1.78 retrieving revision 1.79 diff -u -d -r1.78 -r1.79 --- im_udp.c 25 Sep 2002 07:25:52 -0000 1.78 +++ im_udp.c 25 Sep 2002 22:50:16 -0000 1.79 @@ -38,17 +38,11 @@ #include "config.h" -#include <sys/types.h> -#include <sys/socket.h> -#include <sys/uio.h> -#include <sys/un.h> #include <sys/param.h> -#include <netinet/in.h> #include <ctype.h> #include <errno.h> #include <syslog.h> -#include <netdb.h> #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -76,9 +70,13 @@ #define M_NOTFQDN 0x02 #define M_CACHENAMES 0x04 #define M_REPLACENONPRINT 0x08 +#define M_DONTRESOLV 0x10 /* prototypes */ struct sockaddr *resolv_name(char *, char *, char *, socklen_t *); +int sock_udp(char *, char *, void **, int *); +int udp_recv(int, char *, int, char *, int, char *, int, int); +#define M_NODNS 0x01 /* same as ip_misc.c */ /* * initialize udp input @@ -91,8 +89,8 @@ im_udp_init(struct i_module *I, char **argv, int argc) { struct im_udp_ctx *c; - char *host, *port; - int ch, argcnt; + char *host, *port; + int ch, argcnt; m_dprintf(MSYSLOG_INFORMATIVE, "im_udp_init: entering\n"); @@ -108,8 +106,8 @@ /* parse args (skip module name) */ for (argcnt = 1; (ch = getxopt(argc, argv, "h!host: p!port: " - "a!addhost q!nofqdn c!cachenames r!replacechar: n!noresolv", - &argcnt)) != -1; argcnt++) { + "a!addhost q!nofqdn c!cachenames r!replacechar: " + "n!noresolv", &argcnt)) != -1; argcnt++) { switch (ch) { case 'h': @@ -136,37 +134,30 @@ c->flags |= M_REPLACENONPRINT; c->subst = *argv[argcnt]; break; + case 'n': + /* don't resolv hostnames */ + c->flags |= M_DONTRESOLV; + break; default: - m_dprintf(MSYSLOG_SERIOUS, "im_udp_init: parsing error [%c]\n", ch); + m_dprintf(MSYSLOG_SERIOUS, "im_udp_init: parsing error" + " [%c]\n", ch); free(c); -return (-1); + return (-1); } } - { /* get the udp socket */ - struct sockaddr *sa; - socklen_t salen; - - I->im_fd = socket(AF_INET, SOCK_DGRAM, 0); - - if ((sa = resolv_name(host, port, "udp", &salen)) == NULL) { - m_dprintf(MSYSLOG_SERIOUS, "im_udp_init: error resolving host" - "[%s] and port [%s]", host, port); - free(c); -return (-1); - } + if ((I->im_fd = sock_udp(host, port, NULL, NULL)) == -1) { - if (bind(I->im_fd, sa, salen) < 0) { - m_dprintf(MSYSLOG_SERIOUS, "im_udp_init: error binding to host" - "[%s] and port [%s]", host, port); + m_dprintf(MSYSLOG_SERIOUS, "im_udp_init: error creating " + "input socket for host [%s] and port [%s]", host, port); free(c); -return (-1); + return (-1); } - } watch_fd_input('p', I->im_fd , I); m_dprintf(MSYSLOG_INFORMATIVE, "im_udp: running\n"); -return (1); + + return (1); } @@ -181,9 +172,7 @@ im_udp_read(struct i_module *im, int infd, struct im_msg *ret) { struct im_udp_ctx *c; - struct sockaddr_in frominet; - char *p; - int slen; + char *p; m_dprintf(MSYSLOG_INFORMATIVE, "im_udp_read: entering...\n"); @@ -196,18 +185,16 @@ ret->im_pri = -1; ret->im_flags = 0; - slen = sizeof(frominet); - if ((ret->im_len = recvfrom(im->im_fd, ret->im_msg, - sizeof(ret->im_msg) - 1, 0, (struct sockaddr *)&frominet, - (socklen_t *)&slen)) < 1) { - if (ret->im_len < 0 && errno != EINTR) - logerror("recvfrom inet"); - return (1); - } + c = (struct im_udp_ctx *) im->im_ctx; - ret->im_msg[ret->im_len] = '\0'; + if ((ret->im_len = udp_recv(im->im_fd, ret->im_msg, + sizeof (ret->im_msg), ret->im_host, sizeof (ret->im_host), + ret->im_port, sizeof (ret->im_port), + c->flags & M_DONTRESOLV? M_NODNS : 0)) == -1) { - c = (struct im_udp_ctx *) im->im_ctx; + logerror("im_udp_read: reading from net"); + return (1); + } /* change non printable chars to c->subst, just in case */ if (c->flags & M_REPLACENONPRINT) @@ -215,27 +202,28 @@ if (!isprint((unsigned int) *p) && *p != '\n') *p = c->subst; + /* extract hostname from message */ + /* XXX: THIS SHOULD BE DONE OUTSIDE THE MODULES */ if (c->flags & M_USEMSGHOST) { - /* extract hostname from message */ char host[90]; int n1 = 0; int n2 = 0; - if ((sscanf(ret->im_msg, "<%*d>%*3s %*i %*i:%*i:%*i %n%89s %n%*s", - &n1, host, &n2) != 1 && - sscanf(ret->im_msg, "%*3s %*i %*i:%*i:%*i %n%89s %n%*s", - &n1, host, &n2) != 1 && - sscanf(ret->im_msg, "%n%89s %n%*s", &n1, host, &n2) != 1) - || - ret->im_msg[n2] == '\0') - { + if ((sscanf(ret->im_msg, "<%*d>%*3s %*i %*i:%*i:%*i %n%89s " + "%n%*s", &n1, host, &n2) != 1 + && sscanf(ret->im_msg, "%*3s %*i %*i:%*i:%*i %n%89s %n%*s", + &n1, host, &n2) != 1 + && sscanf(ret->im_msg, "%n%89s %n%*s", &n1, host, &n2) != 1) + || ret->im_msg[n2] == '\0') { + m_dprintf(MSYSLOG_INFORMATIVE, "im_udp_read: skipped" " invalid message [%s]\n", ret->im_msg); -return (0); + + return (0); } if (ret->im_msg[n2] == '\0') -return (0); + return (0); /* remove host from message */ while (ret->im_msg[n2] != '\0') @@ -243,42 +231,9 @@ ret->im_msg[n1] = '\0'; strncat(ret->im_host, host, sizeof(ret->im_host)); - - /* strip domain from hostname */ - /* XXX: what is this? - * There is no assurance that the hostname is not an ip address - * in which case stripping off the domain would be inappropriate. - * - */ - } else { - struct hostent *hent; - - /* - * extract host ip address from ip header - * and attempt to look up the name - */ - - hent = gethostbyaddr((char *) &frominet.sin_addr, - sizeof(frominet.sin_addr), frominet.sin_family); - - if (hent) { - - strncpy(ret->im_host, hent->h_name, sizeof(ret->im_host)); - - /* strip domain from hostname */ - if (c->flags & M_NOTFQDN) { - char *dot; - - if ((dot = strchr(ret->im_host, '.')) != NULL) - *dot = '\0'; - } - } else - strncpy(ret->im_host, inet_ntoa(frominet.sin_addr), - sizeof(ret->im_host) - 1); + ret->im_host[sizeof (ret->im_host) - 1] = '\0'; } - ret->im_host[sizeof(ret->im_host) - 1] = '\0'; - return (1); } @@ -288,5 +243,5 @@ close(im->im_fd); -return (0); + return (0); } Index: ip_misc.c =================================================================== RCS file: /cvsroot/msyslog/syslog/src/modules/ip_misc.c,v retrieving revision 1.25 retrieving revision 1.26 diff -u -d -r1.25 -r1.26 --- ip_misc.c 17 Sep 2002 05:20:28 -0000 1.25 +++ ip_misc.c 25 Sep 2002 22:50:16 -0000 1.26 @@ -80,6 +80,7 @@ #define TCP_KEEPALIVE 30 /* seconds to probe TCP connection */ #define MSYSLOG_MAX_TCP_CLIENTS 100 #define LISTENQ 35 +#define M_NODNS 0x01 /* * resolv_addr: get a host name from a generic sockaddr structure @@ -158,6 +159,45 @@ return (-1); } +/* + * resolv_addr_nodns: get a host name from a generic sockaddr struct + * without resolving + */ + +int +resolv_addr_nodns(struct sockaddr *addr, socklen_t addrlen, + char *host, int hlen, char *port, int plen) +{ + struct sockaddr_in *sin4; +#ifdef AF_INET6 + struct sockaddr_in6 *sin6; +#endif + + switch (addr->sa_family) { + case AF_INET: + inet_ntop(AF_INET, addr, host, hlen); + sin4 = (struct sockaddr_in *) addr; + snprintf(port, (unsigned) plen, "%u", + ntohs(sin4->sin_port)); + break; +#ifdef AF_INET6 + case AF_INET6: + inet_ntop(AF_INET6, addr, host, hlen); + sin6 = (struct sockaddr_in6 *) addr; + snprintf(port, (unsigned) plen, "%u", + ntohs(sin6->sin6_port)); + break; +#endif + default: + return (-1); + } + + host[hlen - 1] = '\0'; + port[plen - 1] = '\0'; + + return (1); +} + /* * resolv_name: get a sockaddr address from host and port string @@ -400,15 +440,18 @@ sock_udp(char *host, char *port, void **addr, int *addrlen) { struct sockaddr *sa; + socklen_t salen; - if (addr == NULL || addrlen == NULL) - return (-1); - - if ( (sa = resolv_name(host, port, "udp", (socklen_t *) addrlen)) - == NULL) + if ((sa = resolv_name(host, port, "udp", &salen)) == NULL) return (-1); - *addr = sa; + /* pass struct sockaddr if requested */ + if (addrlen != NULL) + *addrlen = salen; + if (addr != NULL) + *addr = sa; + else + free(sa); return (socket(sa->sa_family, SOCK_DGRAM, 0)); } @@ -423,6 +466,47 @@ return (sendto(fd, msg, mlen, 0, (struct sockaddr *) addr, addrlen)); } + +/* + * udp_recv: receive an UDP packet + */ + +int +udp_recv(int fd, char *msg, int mlen, char *host, int hlen, + char *port, int plen, int flags) +{ + struct sockaddr *sa; + socklen_t salen; + int rlen; + + salen = sizeof (struct +#ifdef AF_INET6 + sockaddr_in6 +#else + sockaddr_in +#endif + ); + + if ((sa = (struct sockaddr *) malloc(salen)) == NULL) + return (-1); + + if ((rlen = recvfrom(fd, msg, mlen - 1, 0, sa, &salen)) < 1) { + + free(sa); + return (-1); + } + + msg[rlen] = '\0'; + + if (flags & M_NODNS) + resolv_addr_nodns(sa, salen, host, hlen, port, plen); + else + resolv_addr(sa, salen, host, hlen, port, plen); + + free(sa); + return (rlen); +} + /* * resolv_domain: get a domain for a name, used to get local domain * @@ -442,3 +526,18 @@ return (1); } + +#if 0 +int +resolv_addr_cached(struct name_cache *cache, char *host, char *port, + char *proto, socklen_t *salen) +{ + /* walk through the cache */ + /* if found, return pointer to cache */ + /* else, resolv */ + /* if cache full, remove first entry(ies) (as many as needed) + * move forwards others (since this name could be longer than one) + * and add this name at the end */ + return (-1); +} +#endif |
From: <al...@us...> - 2002-09-25 22:50:19
|
Update of /cvsroot/msyslog/syslog/src In directory usw-pr-cvs1:/tmp/cvs-serv9410/src Modified Files: modules.h Log Message: move im_udp networking stuff to ip_misc update ip_misc to handle it properly (i.e. using a socket for reading) have an option on im_udp to avoid doing dns resolution (-n) have the port on the ret structure some style *UNTESTED* Index: modules.h =================================================================== RCS file: /cvsroot/msyslog/syslog/src/modules.h,v retrieving revision 1.50 retrieving revision 1.51 diff -u -d -r1.50 -r1.51 --- modules.h 17 Sep 2002 05:20:26 -0000 1.50 +++ modules.h 25 Sep 2002 22:50:16 -0000 1.51 @@ -87,6 +87,7 @@ char im_msg[MAXLINE + 1]; int im_len; /* size of contents of im_msg buffer */ char im_host[MAXHOSTNAMELEN + 1]; + char im_port[50]; /* this should be something sane */ }; #endif |
From: <al...@us...> - 2002-09-25 07:26:02
|
Update of /cvsroot/msyslog/syslog/src/modules In directory usw-pr-cvs1:/tmp/cvs-serv9118/src/modules Modified Files: im_udp.c Log Message: fix copy of name (-1) some style back remember we use openbsd's style(9) Index: im_udp.c =================================================================== RCS file: /cvsroot/msyslog/syslog/src/modules/im_udp.c,v retrieving revision 1.77 retrieving revision 1.78 diff -u -d -r1.77 -r1.78 --- im_udp.c 24 Sep 2002 22:00:07 -0000 1.77 +++ im_udp.c 25 Sep 2002 07:25:52 -0000 1.78 @@ -109,8 +109,7 @@ /* parse args (skip module name) */ for (argcnt = 1; (ch = getxopt(argc, argv, "h!host: p!port: " "a!addhost q!nofqdn c!cachenames r!replacechar: n!noresolv", - &argcnt)) != -1; - argcnt++) { + &argcnt)) != -1; argcnt++) { switch (ch) { case 'h': @@ -246,37 +245,41 @@ strncat(ret->im_host, host, sizeof(ret->im_host)); /* strip domain from hostname */ - /* There is no assurance that the hostname is not an ip address + /* XXX: what is this? + * There is no assurance that the hostname is not an ip address * in which case stripping off the domain would be inappropriate. * - if (c->flags & M_NOTFQDN) { - char *dot; - if ((dot = strchr(ret->im_host, '.')) != NULL) *dot = '\0'; - } - */ - } - else { - /* extract host ip address from ip header, and attempt to look up the name */ + */ + } else { struct hostent *hent; + /* + * extract host ip address from ip header + * and attempt to look up the name + */ + hent = gethostbyaddr((char *) &frominet.sin_addr, sizeof(frominet.sin_addr), frominet.sin_family); + if (hent) { + strncpy(ret->im_host, hent->h_name, sizeof(ret->im_host)); - /* strip domain from hostname */ - if (c->flags & M_NOTFQDN) { - char *dot; - if ((dot = strchr(ret->im_host, '.')) != NULL) *dot = '\0'; - } - } - else { - strncpy(ret->im_host, inet_ntoa(frominet.sin_addr), sizeof(ret->im_host)); - } + + /* strip domain from hostname */ + if (c->flags & M_NOTFQDN) { + char *dot; + + if ((dot = strchr(ret->im_host, '.')) != NULL) + *dot = '\0'; + } + } else + strncpy(ret->im_host, inet_ntoa(frominet.sin_addr), + sizeof(ret->im_host) - 1); } ret->im_host[sizeof(ret->im_host) - 1] = '\0'; -return (1); + return (1); } int |
From: <al...@us...> - 2002-09-24 22:00:15
|
Update of /cvsroot/msyslog/syslog/src/modules In directory usw-pr-cvs1:/tmp/cvs-serv9239/src/modules Modified Files: im_udp.c Log Message: have the character replace nonprintable chars in message specified by command line base stuff for cached dns resolution typo tcp->udp some style Index: im_udp.c =================================================================== RCS file: /cvsroot/msyslog/syslog/src/modules/im_udp.c,v retrieving revision 1.76 retrieving revision 1.77 diff -u -d -r1.76 -r1.77 --- im_udp.c 17 Sep 2002 06:30:41 -0000 1.76 +++ im_udp.c 24 Sep 2002 22:00:07 -0000 1.77 @@ -64,12 +64,18 @@ #endif struct im_udp_ctx { + union { + int values[250]; + char strings[1000]; + } names; /* the name cache */ int flags; + char subst; }; -#define M_USEMSGHOST 0x01 -#define M_NOTFQDN 0x02 -#define M_CACHENAMES 0x04 +#define M_USEMSGHOST 0x01 +#define M_NOTFQDN 0x02 +#define M_CACHENAMES 0x04 +#define M_REPLACENONPRINT 0x08 /* prototypes */ struct sockaddr *resolv_name(char *, char *, char *, socklen_t *); @@ -88,12 +94,12 @@ char *host, *port; int ch, argcnt; - m_dprintf(MSYSLOG_INFORMATIVE, "im_tcp_init: entering\n"); + m_dprintf(MSYSLOG_INFORMATIVE, "im_udp_init: entering\n"); if ( (I->im_ctx = calloc(1, sizeof(struct im_udp_ctx))) == NULL) { - m_dprintf(MSYSLOG_SERIOUS, "im_udp_init: cannot alloc memory"); -return (-1); - } + m_dprintf(MSYSLOG_SERIOUS, "im_udp_init: cannot alloc memory"); + return (-1); + } c = (struct im_udp_ctx *) I->im_ctx; @@ -102,7 +108,9 @@ /* parse args (skip module name) */ for (argcnt = 1; (ch = getxopt(argc, argv, "h!host: p!port: " - "a!addhost q!nofqdn c!cachenames", &argcnt)) != -1; argcnt++) { + "a!addhost q!nofqdn c!cachenames r!replacechar: n!noresolv", + &argcnt)) != -1; + argcnt++) { switch (ch) { case 'h': @@ -124,6 +132,11 @@ /* use cached hostnames */ c->flags |= M_CACHENAMES; break; + case 'r': + /* use cached hostnames */ + c->flags |= M_REPLACENONPRINT; + c->subst = *argv[argcnt]; + break; default: m_dprintf(MSYSLOG_SERIOUS, "im_udp_init: parsing error [%c]\n", ch); free(c); @@ -159,7 +172,7 @@ /* - * im_tcp_read: accept a connection and add it to the queue + * im_udp_read: accept a connection and add it to the queue * connections and modules are read in a round-robin so partial lines * must persist across calls to the im_read functions for the * various modules. @@ -173,11 +186,11 @@ char *p; int slen; - m_dprintf(MSYSLOG_INFORMATIVE, "im_udp_read: entering...\n"); + m_dprintf(MSYSLOG_INFORMATIVE, "im_udp_read: entering...\n"); if (ret == NULL) { m_dprintf(MSYSLOG_SERIOUS, "im_udp: arg is null\n"); -return (-1); + return (-1); } ret->im_pid = -1; @@ -190,17 +203,18 @@ (socklen_t *)&slen)) < 1) { if (ret->im_len < 0 && errno != EINTR) logerror("recvfrom inet"); -return (1); + return (1); } ret->im_msg[ret->im_len] = '\0'; c = (struct im_udp_ctx *) im->im_ctx; - /* change non printable chars to X, just in case */ - for(p = ret->im_msg; *p != '\0'; p++) - if (!isprint((unsigned int) *p) && *p != '\n') - *p = 'X'; + /* change non printable chars to c->subst, just in case */ + if (c->flags & M_REPLACENONPRINT) + for(p = ret->im_msg; *p != '\0'; p++) + if (!isprint((unsigned int) *p) && *p != '\n') + *p = c->subst; if (c->flags & M_USEMSGHOST) { /* extract hostname from message */ |
From: <al...@us...> - 2002-09-24 20:12:23
|
Update of /cvsroot/msyslog/syslog In directory usw-pr-cvs1:/tmp/cvs-serv1505 Modified Files: INSTALL Log Message: bleh, silly commit Index: INSTALL =================================================================== RCS file: /cvsroot/msyslog/syslog/INSTALL,v retrieving revision 1.18 retrieving revision 1.19 diff -C2 -d -r1.18 -r1.19 *** INSTALL 15 Aug 2002 22:53:29 -0000 1.18 --- INSTALL 24 Sep 2002 20:12:20 -0000 1.19 *************** *** 11,15 **** Msyslog has been tested on the following platforms: ! - OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0 - RedHat 6.2, 7.0, 7.1, 7.2 - Debian Potato --- 11,15 ---- Msyslog has been tested on the following platforms: ! - OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0, 3.1 - RedHat 6.2, 7.0, 7.1, 7.2 - Debian Potato |
From: <al...@us...> - 2002-09-24 19:34:33
|
Update of /cvsroot/msyslog/syslog In directory usw-pr-cvs1:/tmp/cvs-serv4122 Modified Files: AUTHORS Log Message: properly acknoledge work by phreed and florin Index: AUTHORS =================================================================== RCS file: /cvsroot/msyslog/syslog/AUTHORS,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** AUTHORS 14 Aug 2002 14:32:19 -0000 1.4 --- AUTHORS 24 Sep 2002 19:34:29 -0000 1.5 *************** *** 15,19 **** The Core-SDI consulting project did security audit for msyslog 1.0 ! Current Wisdom project (msyslog, auditd, etc.) coordinator is Ariel Aizenberg, ! Msyslog mantainer/developer is Alejo Sanchez, and Audit[d] mantainer/developer is ! Claudio Castiglia. --- 15,20 ---- The Core-SDI consulting project did security audit for msyslog 1.0 ! Current Msyslog mantainer/developer is Alejo Sanchez (but no longer for CoreSDI) ! ! Fredrick Paul Eisele (ph...@ne...) joined the team and did more modules and general fixing ! Florin Andrei (fl...@sg...) joined the team long ago, and helped debug and improve the project |