Bug 250014 - usr.sbin/syslogd/syslogd.c: Forgotten changes for support RFC 5424
Summary: usr.sbin/syslogd/syslogd.c: Forgotten changes for support RFC 5424
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 12.1-STABLE
Hardware: Any Any
: --- Affects Only Me
Assignee: Mark Johnston
URL: https://reviews.freebsd.org/D26644
Keywords:
Depends on:
Blocks:
 
Reported: 2020-09-30 20:11 UTC by Dmitry Wagin
Modified: 2020-11-09 14:01 UTC (History)
4 users (show)

See Also:

Attachments
syslogd.c.diff (728 bytes, patch)
2020-09-30 20:11 UTC, Dmitry Wagin 		no flags Details | Diff
syslogd.c.diff (4.19 KB, patch)
2020-10-02 15:54 UTC, Dmitry Wagin 		no flags Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dmitry Wagin 2020-09-30 20:11:01 UTC 
Created attachment 218439 [details]
syslogd.c.diff

Filters by hostname are not working as expected.
Comment 1 Boris Korzun 2020-10-02 07:51:47 UTC 
Without the patch syslogd(8) doesn't work correctly with an "-O syslog" option. It cannot translate messages from su/sudo, logger(1) to file or remote loghost, for example.
Comment 2 Boris Korzun 2020-10-02 12:18:51 UTC 
In RFC 3164 (bsd-format): The Domain Name MUST NOT be included in the HOSTNAME field.
In RFC 5424 (ietf-format): The HOSTNAME field SHOULD contain the hostname and the domain name of the originator in FQDN format.

Without the patch syslogd(8) uses trimdomain() for addresses received from socket by socklist_recv_sock() (via cvthname()) and addresses used by config filtering by readconfigfile() (via cfline()).

So, hostname filtering works incorrectly with "-O syslog" in next cases:
* using "+@" filtering - "localhost" (without domain name) is used for comparing with FQDN-names (ex. "localhost.localdomain");
* using "+server.localdomain" filtering, "-H" flag and localdomain clients - "server" (without domain name) is used for comparing with FQDN-names (ex. "bsd.localdomain").
Comment 3 Dmitry Wagin 2020-10-02 15:54:36 UTC 
Created attachment 218467 [details]
syslogd.c.diff

Also, RFC 5424 timestamp parsing has been optimized.
Comment 4 Dmitry Wagin 2020-10-02 16:11:42 UTC 
Review https://reviews.freebsd.org/D26644
Comment 5 commit-hook freebsd_committer freebsd_triage 2020-10-09 15:20:03 UTC 
A commit references this bug:

Author: markj
Date: Fri Oct  9 15:19:29 UTC 2020
New revision: 366576
URL: https://svnweb.freebsd.org/changeset/base/366576

Log:
  syslogd: Avoid trimming host names in RFC 5424 mode

  RFC 5424 says that implementations should log hostnames in FQDN
  format.  Only trim host names in RFC 3164 mode.

  PR:		250014
  Submitted by:	Dmitry Wagin <dmitry.wagin@ya.ru>
  MFC after:	1 month
  Differential Revision:	https://reviews.freebsd.org/D26644

Changes:
  head/usr.sbin/syslogd/syslogd.c
Comment 6 Mark Johnston freebsd_committer freebsd_triage 2020-10-09 15:32:19 UTC 
I was thinking some more about the timestamp change.  We could also avoid parsing RFC 3164 timestamps when -T is specified, but the patch didn't do that.  I'm also not sure about skipping the timestamp - if the timestamp field is corrupted, we are presumably supposed to drop the message, but that's not going to be detected if we skip it.  Is that ok?
Comment 7 commit-hook freebsd_committer freebsd_triage 2020-11-09 13:55:10 UTC 
A commit references this bug:

Author: markj
Date: Mon Nov  9 13:54:30 UTC 2020
New revision: 367523
URL: https://svnweb.freebsd.org/changeset/base/367523

Log:
  MFC r366576:
  syslogd: Avoid trimming host names in RFC 5424 mode

  PR:	250014

Changes:
_U  stable/12/
  stable/12/usr.sbin/syslogd/syslogd.c
Comment 8 Mark Johnston freebsd_committer freebsd_triage 2020-11-09 14:01:11 UTC 
Going to close this since the main problem has been fixed.  If there is some interest in discussing comment 6 I can look further at the timestamp parsing code.