Commit Graph

331 Commits

Author SHA1 Message Date
Ed Schouten
b484e3fee4 Push RFC 5424 message format from logmsg() into fprintlog().
Now that all of parsemsg() parses both RFC 3164 and 5424 messages and
hands them to logmsg(), alter the latter to properly forward all RFC
5424 message attributes to fprintlog(). While there, make some minor
cleanups to this code:

- Instead of extending the existing code that compares hostnames and
  message bodies for deduplication, print all of the relevant message
  fields into a single string that we can compare ('saved').

- No longer let the behaviour of fprintflog() depend on whether
  'msg == NULL' to print repetition messages, Simply decompose this
  function into fprintlog_first() and fprintlog_successive(). This
  makes the interpretation of function arguments less magical and also
  allows us to get consistent behaviour across RFC 3164 and 5424 when
  adding support for the RFC 5424 output format.

- As RFC 5424 syslog messages have a dedicated application name field,
  alter the repetition messages to be printed on behalf of syslogd on
  the current system. Change these messages to use the local hostname,
  so that it's obvious which syslogd instance detected the repetition.
  Remove f_prevhost, as it has now become unnecessary.

- Remove a useless strdup(). Deconsting the message string is safe in
  this specific case.
2018-04-06 17:16:50 +00:00
Ed Schouten
228e9d5bd8 Remove some places where error messages are prefixed with "syslogd".
Due to using RFC 5424, the application name is stored in a dedicated
field. It can simply be passed as an argument to logmsg() now.
2018-04-06 16:26:46 +00:00
Ed Schouten
10b154332d Properly respect the passed in hostname for RFC 5424 messages.
Only override the hostname in case none is provided or when remote
hostnames should be ignored.
2018-04-06 16:24:03 +00:00
Ed Schouten
77f0ef9a96 Add RFC 5424 syslog message parsing to syslogd.
Syslogd currently uses the RFC 3164 format for its log messages.One
limitation of RFC 3164 is that it cannot be used to log entries with
sub-second precision timestamps. One of our users has expressed a desire
for doing this for doing some basic performance measurements.

This change attempts to make a first cut at switching to RFC 5424 based
logging. The first step is to alter syslogd's input path to properly
parse such messages. It alters the logmsg() prototype to match the
fields of RFC 5424. The parsemsg() function is extended to parse both
RFC 3164 and 5424 messages and call into logmsg() accordingly.

Additional changes include:

- Introducing proper parsing of timestamps, so that they can be printed
  in any desired output format. This means we need to infer the year and
  timezone for RFC 3164 timestamps.
- Removing ISKERNEL. This can now be realised by simply providing an
  APP-NAME (== "kernel").
- Extending RFC 3164 parsing to trim off the TAG prefix and using that
  to derive APP-NAME and PROCID.
- Increase MAXLINE. RFC 5424 mentions we should support 2k messages.

Differential Revision:	https://reviews.freebsd.org/D14926
2018-04-06 12:57:01 +00:00
Gleb Smirnoff
c176562d38 Fix whitespace issues in r330034. No functional changes. 2018-03-20 22:00:58 +00:00
David Bright
9176635592 Fix two memory leaks in syslogd
A memory leak in syslogd for processing of forward actions was
reported. This modification adapts the patch submitted with that bug
to fix the leak. While testing the modification, another leak was also
found and fixed.

PR:		198385
Submitted by:	Sreeram <sreeramabs@yahoo.com>
Reported by:	Sreeram <sreeramabs@yahoo.com>
Reviewed by:	hrs
MFC after:	1 week
Sponsored by:	Dell EMC
Differential Revision:	https://reviews.freebsd.org/D14510
2018-02-26 19:27:59 +00:00
Gleb Smirnoff
50387adce2 When parsing remote messages, require them to have standard timestamp
field, and support properly parse out the hostname as described by RFC3164,
which wasn't done before.  However, don't discard message if it doesn't
have hostname, for compatibility.

Enable logging of the message supplied hostname instead of real hostname
with -H switch.

PR:		200933
Reported by:	Konstantin Pavlov <thresh nginx.com>
MFC after:	2 months
2017-12-05 19:54:55 +00:00
Gleb Smirnoff
eb7ec39704 Revert r325558 as it is incorrect. 2017-11-28 19:25:01 +00:00
Gleb Smirnoff
09f876612c Fix obvious NULL pointer dereference from r310350. 2017-11-28 19:18:00 +00:00
Pedro F. Giffuni
8a16b7a18f General further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
2017-11-20 19:49:47 +00:00
Gleb Smirnoff
b9a63e5c3a When parsing UDP messages skip optional hostname as described by
RFC 3164.

PR:		200933
Submitted by:	maxim
Reported by:	Konstantin Pavlov <thresh nginx.com>
MFC after:	2 weeks
2017-11-08 16:45:53 +00:00
Bryan Drewery
ea825d0274 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	Dell EMC Isilon
2017-10-31 00:07:04 +00:00
Maxim Sobolev
023653459a Fix another logic bug that came out of recent syslogd refactoring and exposed by
the r316874: don't call shutdown(2) on all sockets, but only net ones, which seems
to be the behaviour existed before that refactoring. Also don't call listen(2)
in datagram sockets and fix misplaced debug messages while I am here.

Reported by: peter
2017-04-15 18:20:11 +00:00
Maxim Sobolev
b98582b146 Since shutdown(2) on datagram socket is no longer a NOP after rev 316874
don't bother to select/recv on that socket. This prevents syslogd(8)
from spinning endlessly when started with the -s option (default).

Reported by:	peter
2017-04-15 02:24:22 +00:00
Hiroki Sato
f7f99edf3f Fix a regression which prevented an IPv6 address in a -b option from
working.

PR:	217939
Differential Revision:	https://reviews.freebsd.org/D10064
2017-03-20 17:46:33 +00:00
Enji Cooper
b79299b5e7 syslogd: try to print out a more helpful message in socksetup(..) if/when
getaddrinfo fails

If the asprintf call fails, fall back to the old code (as a last ditch effort
to provide the end-user with helpful output).

Sponsored by:	Dell EMC Isilon
2017-03-20 06:12:55 +00:00
Enji Cooper
9c2aa0a0a3 syslogd: fix dprintf in socksetup(..)
- Make the explanation more complete
- Correct a minor grammar nit with verb tense.
- Don't emit the message if `pe->pe_name` is NULL (it doesn't
  have much value).

MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-03-20 05:12:27 +00:00
Enji Cooper
4863f2fc55 syslogd: don't leak f on failure in cfline(..)
Free `f` if an unknown priority or facility is parsed with the function.

MFC after:	1 week
Reported by:	Coverity
CID:		1368068
Sponsored by:	Dell EMC Isilon
2017-03-20 04:25:40 +00:00
Enji Cooper
a393b6c82f syslogd: fix memory leaks in main(..) and allowaddr(..)
- main(..): free memory assigned to fdsr before calling die(..).
- allowaddr(..): free memory assigned to ap before returning from the
  function early. Add a `err` goto label to reduce freeaddrinfo/free(ap)
  logic duplication.

MFC after:	1 week
X-MFC notes:	some of this is dependent on refactoring not MFCed
Reported by:	clang static analyzer, Coverity
CID:		1367750 (ap leakage in allowaddr(..))
Submitted by:	Tom Rix <trix@juniper.net>
Reviewed by:	ngie
Sponsored by:	Dell EMC Isilon, Juniper
Differential Revision:	D10004
2017-03-15 18:15:30 +00:00
Enji Cooper
6dbd2714db Correct nuance of -a :service -> "*" in r314563, r314585
My attempt to correct the sender/receiver behavior was incorrect.
The source port of the sender for forwarded datagrams is filtered
with -a, and my change in r314585 didn't clarify that point at all.

Wording is based on suggestion by hrs.

MFC after:	28 days
X-MFC with:	r314563, r314585
Reported by:	hrs
In collaboration with:	hrs, rgrimes
Sponsored by:	Dell EMC Isilon
2017-03-04 06:19:41 +00:00
Enji Cooper
3dd94b6769 Correct verb change for service => * after r314563
`*` means that packets will be received from a remote peer on any port.
Since the point of interest is the syslogd instance (not the remote peer),
the appropriate verb is "received", not "sent".

MFC after:	1 month
X-MFC with:	r314563
Sponsored by:	Dell EMC Isilon
2017-03-03 06:13:59 +00:00
Enji Cooper
bc4536df9d Wordsmith syslogd(8)
- Clarify -p/-S options by using appropriate subject-verb modifiers
  (verb and modifiers suggested that the subject should have been
  singular).
- Simplify/correct -a description:
-- Be more terse when describing IPv4 (the "usual dotted notation"
   isn't necessarily well understood by the reader). Being blunt and
   saying "IPv4 address" with an optional netmask is.
-- prefixlen is the appropriate terminology for IPv6.
-- mask/prefixlen is optional, not required (as noted later on in the
   section).
-- split up IPv4/IPv6 use so to clarify both forms.
-- Fix wordiness when describing the optional "service" specifier.
- -T: Use "cannot" instead of "can't" [*].

Bump .Dd for the changes.

MFC after:	1 month
Reported by:	igor [*]
Reviewed by:	hrs
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D9855
2017-03-02 18:07:19 +00:00
Warner Losh
fbbd9655e5 Renumber copyright clause 4
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.

Submitted by:	Jan Schaumann <jschauma@stevens.edu>
Pull Request:	https://github.com/freebsd/freebsd/pull/96
2017-02-28 23:42:47 +00:00
Enji Cooper
15f0eea574 Parameterize out the length of struct filed->f_lasttime as MAXDATELEN
This removes the hardcoded value for the field (16) and the equivalent
hardcoded lengths in logmsg(..).

This change is being done to help stage future work to add RFC5424/RFC5434
support to syslogd(8).

Obtained from:	Isilon OneFS (dcd33d13da) (as part of a larger change)
Submitted by:	John Bauman <john.bauman@isilon.com>
MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
2017-02-25 00:12:29 +00:00
Enji Cooper
8fe70bb8f2 Use SRCTOP instead of .CURDIR relative paths with ".."
This simplifies pathing in make/displayed output

MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-02-24 21:35:59 +00:00
Enji Cooper
916aa57754 Sort sys/ #includes some more
MFC after:	1 week
X-MFC with:	r313358
Sponsored by:	Dell EMC Isilon
2017-02-07 01:28:55 +00:00
Enji Cooper
688e4de4e7 Sort sys/ #includes and zap an unnecessary trailing space nearby
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-02-07 00:47:33 +00:00
Enji Cooper
72e282471c Use a flexible array for TypeNames instead of hardcoding the array length
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-02-07 00:42:55 +00:00
Enji Cooper
bc64f428ad Fix typos in comments (returing -> returning)
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-02-07 00:09:48 +00:00
Hiroki Sato
2f1c643658 Fix a bug which caused not to create AF_LOCAL sockets when family
is specified.

Spotted by:	Alex Deiter
2017-01-28 13:09:18 +00:00
Hiroki Sato
b4d60f9802 Add more #ifdef INET and INET6. 2017-01-11 07:21:59 +00:00
Hiroki Sato
8ffb87bf8c - Use more descriptive names for variables.
- Set O_CLOEXEC to the signal pipe and /dev/klog.
- Use a single signal handler to catch both SIGHUP and SIGCHLD.
- Fix a bug which did FD_SET() the writer-end of the pipe.
2016-12-31 13:15:52 +00:00
Hiroki Sato
00f6082b98 Remove extra NULL-check before free(3). 2016-12-31 09:52:00 +00:00
Hiroki Sato
34694ebe05 Replace two fat signal handlers with function calls in
the main I/O multiplex loop.  select() now watches
a pipe which is written by the new skinny signal
handlers and the received signals are handled inside
the loop sequencially.

This eliminates a complex signal mask to guarantee
async-signal safety.
2016-12-31 06:23:05 +00:00
Hiroki Sato
407cd97826 Retry to open an F_PIPE process when it dies unexpectedly.
Reported by:	Eugene Grosbein
PR:		215335
2016-12-31 03:07:48 +00:00
Hiroki Sato
77e315c975 - Fix -N flag (NoBind) for AF_LOCAL sockets.
- Do setsockopt(SO_RCVBUF) for AF_LOCAL sockets regardless of -s flag.
2016-12-24 23:29:50 +00:00
Enji Cooper
d97b8afd73 Unbreak syslogd after r310494
Don't close all file descriptors greater than STDERR_FILENO (2) in
waitdaemon(..) -- only close fd (file descriptor for /dev/null used in
subsequent calls to dup2) if it's greater than STDERR_FILENO.

Reported by:	subbsd@gmail.com, danny@cs.huji.ac.il
Pointyhat to:	hrs
X-MFC with:	r310494
2016-12-24 12:50:17 +00:00
Hiroki Sato
4c06e939f8 - Remove unused code.
- Use closefrom().
2016-12-24 07:13:33 +00:00
Hiroki Sato
acdd9d6a0d - More ifdef INET and INET6.
- Use STDERR_FILENO + 1 instead of "3".
- Fix dprintf() in cvthname().
2016-12-23 06:29:24 +00:00
Hiroki Sato
a3dc138e75 mdoc and style fixes. 2016-12-23 04:59:22 +00:00
Hiroki Sato
732c7a256c - Fix a use-after-free bug when dq_timeout == 1 and
sending SIGTERM to the process failed.  It is an
  unusual situation but it can happen.
- Split deadq_remove() into deadq_remove() and
  deadq_removebypid().
- Normalize variable names of struct deadq_entry *.
2016-12-22 13:46:17 +00:00
Hiroki Sato
066f8db8f3 Add a missing "default:" case. 2016-12-22 05:57:45 +00:00
Hiroki Sato
dd87e05952 Initialize a structure by using a compound literal to avoid forgetting
to zero unspecified members.
2016-12-22 05:55:44 +00:00
Hiroki Sato
1ef75d66c8 Fix debug log in the case of AF_INET6. 2016-12-22 05:28:30 +00:00
Hiroki Sato
cb7c842281 - Simplify masklen->netmask conversion for AF_INET6.
- Use iov[N] by array index instead of using pointer v = &iov[0] to
  make the compiler catch an out-of-range access of the array.
2016-12-22 05:23:38 +00:00
Hiroki Sato
bbe85c3834 Simplify type casting of struct sockaddr_in. 2016-12-21 07:05:34 +00:00
Hiroki Sato
e46b059e46 - Initialize deadq_head statically.
- Fix indent.
- Add missing -S flag into usage().
- Use nitems() for an iov array instead of a macro.
2016-12-21 06:49:21 +00:00
Hiroki Sato
e5610451b2 - Add fklog into struct socklist. Files and local/remote sockets are
now processed in struct socklist in a consistent manner.
- Add helper functions to add a new entry of struct socklist, filed, or peer.
- Use the same routine for -l, -p, and -S.
- Close /dev/klog when read(2) failed.
2016-12-21 06:42:30 +00:00
Hiroki Sato
c532386291 - Use fnmatch(3) for domanname matching of -a options.
- Document the patten matching.
- Document -S flag in SYNOPSIS.
2016-12-21 05:45:59 +00:00
Hiroki Sato
97456b7413 Escape punctuation characters. 2016-12-20 08:49:13 +00:00