[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug-inetutils] [RFC] Syslogd binding to single UDP address.
From: |
Mats Erik Andersson |
Subject: |
[bug-inetutils] [RFC] Syslogd binding to single UDP address. |
Date: |
Mon, 29 Nov 2010 01:02:44 +0100 |
User-agent: |
Mutt/1.5.18 (2008-05-17) |
Hello all,
I would like comments on a planned change to `src/syslogd.c'
that makes it possible to have the daemon binding to a single
INET socket, instead of the wildcard address that presently
is the only possibility. Personally I judge this as a major
improvement to secure usage of the daemon, and I am supported
by an old entry [1] in the BTS of Debian.
A preliminary patch is included here for the sake of discussion.
(Not intended for pushing!) The changes implement the address
resolver using getaddrinfo(3), thus preparing a later change
to IPv6 support.
Best regards,
Mats
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=207054
___________________________________________________________
--- inetutils/src/syslogd.c
+++ inetutils/src/syslogd.c
@@ -268,6 +268,7 @@
int finet = -1; /* Internet datagram socket fd. */
int fklog = -1; /* Kernel log device fd. */
int LogPort; /* Port number for INET connections. */
+char *LogHost = NULL; /* Address for single homed IP socket. */
int Initialized; /* True when we are initialized. */
int MarkInterval = 20 * 60; /* Interval between marks in seconds. */
int MarkSeq; /* Mark sequence number. */
@@ -309,6 +310,8 @@
{"hop", 'h', NULL, 0, "forward messages from remote hosts", GRP+1},
{"inet", 'r', NULL, 0, "receive remote messages via internet domain socket",
GRP+1},
+ {"bind", 'b', "ADDRESS", 0, "bind to a single internet domain address "
+ "(only with --inet; default is binding to all)", GRP+1},
{"mark", 'm', "INTVL", 0, "specify timestamp interval in logs (0 for no "
"timestamps)", GRP+1},
{"no-detach", 'n', NULL, 0, "do not enter daemon mode", GRP+1},
@@ -365,6 +368,11 @@
AcceptRemote = 1;
break;
+ case 'b':
+ if (arg && *arg)
+ LogHost = arg;
+ break;
+
case 'm':
v = strtol (arg, &endptr, 10);
if (*endptr)
@@ -784,24 +792,41 @@
static int
create_inet_socket (void)
{
- int fd;
- struct sockaddr_in sin;
+ int err, fd = -1;
+ struct addrinfo hints, *rp, *ai;
+
+ memset (&hints, 0, sizeof (hints));
+ hints.ai_family = AF_INET;
+ hints.ai_socktype = SOCK_DGRAM;
+ hints.ai_flags = AI_PASSIVE;
- fd = socket (AF_INET, SOCK_DGRAM, 0);
- if (fd < 0)
+ err = getaddrinfo (LogHost, "syslog", &hints, &rp);
+ if (err)
{
- logerror ("unknown protocol, suspending inet service");
+ logerror ("inet service: lookup error");
return fd;
}
- memset (&sin, 0, sizeof (sin));
- sin.sin_family = AF_INET;
- sin.sin_port = LogPort;
- if (bind (fd, (struct sockaddr *) &sin, sizeof (sin)) < 0)
+ for (ai = rp; ai; ai = ai->ai_next)
{
- logerror ("bind, suspending inet");
- close (fd);
- return -1;
+ fd = socket (ai->ai_family, ai->ai_socktype, ai->ai_protocol);
+ if (fd < 0)
+ continue;
+ if (bind (fd, ai->ai_addr, ai->ai_addrlen) < 0)
+ {
+ close (fd);
+ fd = -1;
+ continue;
+ }
+ /* Success */
+ break;
+ }
+ freeaddrinfo (rp);
+
+ if (ai == NULL)
+ {
+ logerror ("inet service: Failed host lookup.");
+ return fd;
}
return fd;
}
signature.asc
Description: Digital signature
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [bug-inetutils] [RFC] Syslogd binding to single UDP address.,
Mats Erik Andersson <=