Now that all of parsemsg() parses both RFC 3164 and 5424 messages and
hands them to logmsg(), alter the latter to properly forward all RFC
5424 message attributes to fprintlog(). While there, make some minor
cleanups to this code:
- Instead of extending the existing code that compares hostnames and
message bodies for deduplication, print all of the relevant message
fields into a single string that we can compare ('saved').
- No longer let the behaviour of fprintflog() depend on whether
'msg == NULL' to print repetition messages, Simply decompose this
function into fprintlog_first() and fprintlog_successive(). This
makes the interpretation of function arguments less magical and also
allows us to get consistent behaviour across RFC 3164 and 5424 when
adding support for the RFC 5424 output format.
- As RFC 5424 syslog messages have a dedicated application name field,
alter the repetition messages to be printed on behalf of syslogd on
the current system. Change these messages to use the local hostname,
so that it's obvious which syslogd instance detected the repetition.
Remove f_prevhost, as it has now become unnecessary.
- Remove a useless strdup(). Deconsting the message string is safe in
this specific case.
Syslogd currently uses the RFC 3164 format for its log messages.One
limitation of RFC 3164 is that it cannot be used to log entries with
sub-second precision timestamps. One of our users has expressed a desire
for doing this for doing some basic performance measurements.
This change attempts to make a first cut at switching to RFC 5424 based
logging. The first step is to alter syslogd's input path to properly
parse such messages. It alters the logmsg() prototype to match the
fields of RFC 5424. The parsemsg() function is extended to parse both
RFC 3164 and 5424 messages and call into logmsg() accordingly.
Additional changes include:
- Introducing proper parsing of timestamps, so that they can be printed
in any desired output format. This means we need to infer the year and
timezone for RFC 3164 timestamps.
- Removing ISKERNEL. This can now be realised by simply providing an
APP-NAME (== "kernel").
- Extending RFC 3164 parsing to trim off the TAG prefix and using that
to derive APP-NAME and PROCID.
- Increase MAXLINE. RFC 5424 mentions we should support 2k messages.
Differential Revision: https://reviews.freebsd.org/D14926
A memory leak in syslogd for processing of forward actions was
reported. This modification adapts the patch submitted with that bug
to fix the leak. While testing the modification, another leak was also
found and fixed.
PR: 198385
Submitted by: Sreeram <sreeramabs@yahoo.com>
Reported by: Sreeram <sreeramabs@yahoo.com>
Reviewed by: hrs
MFC after: 1 week
Sponsored by: Dell EMC
Differential Revision: https://reviews.freebsd.org/D14510
field, and support properly parse out the hostname as described by RFC3164,
which wasn't done before. However, don't discard message if it doesn't
have hostname, for compatibility.
Enable logging of the message supplied hostname instead of real hostname
with -H switch.
PR: 200933
Reported by: Konstantin Pavlov <thresh nginx.com>
MFC after: 2 months
Mainly focus on files that use BSD 3-Clause license.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
the r316874: don't call shutdown(2) on all sockets, but only net ones, which seems
to be the behaviour existed before that refactoring. Also don't call listen(2)
in datagram sockets and fix misplaced debug messages while I am here.
Reported by: peter
don't bother to select/recv on that socket. This prevents syslogd(8)
from spinning endlessly when started with the -s option (default).
Reported by: peter
getaddrinfo fails
If the asprintf call fails, fall back to the old code (as a last ditch effort
to provide the end-user with helpful output).
Sponsored by: Dell EMC Isilon
- Make the explanation more complete
- Correct a minor grammar nit with verb tense.
- Don't emit the message if `pe->pe_name` is NULL (it doesn't
have much value).
MFC after: 1 week
Sponsored by: Dell EMC Isilon
Free `f` if an unknown priority or facility is parsed with the function.
MFC after: 1 week
Reported by: Coverity
CID: 1368068
Sponsored by: Dell EMC Isilon
- main(..): free memory assigned to fdsr before calling die(..).
- allowaddr(..): free memory assigned to ap before returning from the
function early. Add a `err` goto label to reduce freeaddrinfo/free(ap)
logic duplication.
MFC after: 1 week
X-MFC notes: some of this is dependent on refactoring not MFCed
Reported by: clang static analyzer, Coverity
CID: 1367750 (ap leakage in allowaddr(..))
Submitted by: Tom Rix <trix@juniper.net>
Reviewed by: ngie
Sponsored by: Dell EMC Isilon, Juniper
Differential Revision: D10004
My attempt to correct the sender/receiver behavior was incorrect.
The source port of the sender for forwarded datagrams is filtered
with -a, and my change in r314585 didn't clarify that point at all.
Wording is based on suggestion by hrs.
MFC after: 28 days
X-MFC with: r314563, r314585
Reported by: hrs
In collaboration with: hrs, rgrimes
Sponsored by: Dell EMC Isilon
`*` means that packets will be received from a remote peer on any port.
Since the point of interest is the syslogd instance (not the remote peer),
the appropriate verb is "received", not "sent".
MFC after: 1 month
X-MFC with: r314563
Sponsored by: Dell EMC Isilon
- Clarify -p/-S options by using appropriate subject-verb modifiers
(verb and modifiers suggested that the subject should have been
singular).
- Simplify/correct -a description:
-- Be more terse when describing IPv4 (the "usual dotted notation"
isn't necessarily well understood by the reader). Being blunt and
saying "IPv4 address" with an optional netmask is.
-- prefixlen is the appropriate terminology for IPv6.
-- mask/prefixlen is optional, not required (as noted later on in the
section).
-- split up IPv4/IPv6 use so to clarify both forms.
-- Fix wordiness when describing the optional "service" specifier.
- -T: Use "cannot" instead of "can't" [*].
Bump .Dd for the changes.
MFC after: 1 month
Reported by: igor [*]
Reviewed by: hrs
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D9855
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.
Submitted by: Jan Schaumann <jschauma@stevens.edu>
Pull Request: https://github.com/freebsd/freebsd/pull/96
This removes the hardcoded value for the field (16) and the equivalent
hardcoded lengths in logmsg(..).
This change is being done to help stage future work to add RFC5424/RFC5434
support to syslogd(8).
Obtained from: Isilon OneFS (dcd33d13da) (as part of a larger change)
Submitted by: John Bauman <john.bauman@isilon.com>
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon
- Set O_CLOEXEC to the signal pipe and /dev/klog.
- Use a single signal handler to catch both SIGHUP and SIGCHLD.
- Fix a bug which did FD_SET() the writer-end of the pipe.
the main I/O multiplex loop. select() now watches
a pipe which is written by the new skinny signal
handlers and the received signals are handled inside
the loop sequencially.
This eliminates a complex signal mask to guarantee
async-signal safety.
Don't close all file descriptors greater than STDERR_FILENO (2) in
waitdaemon(..) -- only close fd (file descriptor for /dev/null used in
subsequent calls to dup2) if it's greater than STDERR_FILENO.
Reported by: subbsd@gmail.com, danny@cs.huji.ac.il
Pointyhat to: hrs
X-MFC with: r310494
sending SIGTERM to the process failed. It is an
unusual situation but it can happen.
- Split deadq_remove() into deadq_remove() and
deadq_removebypid().
- Normalize variable names of struct deadq_entry *.
now processed in struct socklist in a consistent manner.
- Add helper functions to add a new entry of struct socklist, filed, or peer.
- Use the same routine for -l, -p, and -S.
- Close /dev/klog when read(2) failed.