<div dir="ltr"><div>Here's the pull request:<br><br><a href="https://github.com/balabit/syslog-ng/pull/376">https://github.com/balabit/syslog-ng/pull/376</a><br><br></div>Could you pls report success with this patch there? Thanks.<br><br></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr">-- <br>Bazsi<br></div></div></div>
<br><div class="gmail_quote">On Fri, Jan 30, 2015 at 10:50 AM, Scheidler, Balázs <span dir="ltr"><<a href="mailto:balazs.scheidler@balabit.com" target="_blank">balazs.scheidler@balabit.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Hi,<br><br>I have pushed an untested but compiled commit on f/stomp-port-fix. Could you pls test whether it solves your problem?<br><br></div>It was broken here:<br><br>Author: Balazs Scheidler <<a href="mailto:bazsi@balabit.hu" target="_blank">bazsi@balabit.hu</a>> 2013-10-31 08:17:02<br>Committer: Balazs Scheidler <<a href="mailto:bazsi@balabit.hu" target="_blank">bazsi@balabit.hu</a>> 2013-11-10 19:04:35<br>Parent: ebb82d15f586829e478e51e7c33d6bb69dc7c3d8 (stomp: rearrange headers to match syslog-ng conventions)<br>Branches: master, nisz, remotes/origin/master and many more (82)<br>Follows: v3.5.1<br>Precedes: syslog-ng-3.6.0alpha1<br><br> host-resolve: always return a new GSockAddr instance from resolve_hostname_to_sockaddr()<br> <br> Instead of trying to _change_ an existing GSockAddr instance, always return<br> a new one. This makes the API easier to use, as well as makes<br> the implementation simpler. The original prototype probably dates back<br> to times when the afsocket driver stored ip/port parameters in an<br> existing GSockAddr instance and creating a new one was not good.<br> <br> These times, we basically create the GSockAddr instance in the drivers<br> just to satisfy this requirement. So this patch simplifies call-sites<br> as well.<br> <br> The only reason the input GSockAddr was used to determine the target address<br> family, but I introduced a new parameter for that.<br> <br> Also the patch adds coverage for IPv6 in the testsuite.<br> <br> Signed-off-by: Balazs Scheidler <<a href="mailto:bazsi@balabit.hu" target="_blank">bazsi@balabit.hu</a>><span class="HOEnZb"><font color="#888888"><br></font></span></div><div class="gmail_extra"><span class="HOEnZb"><font color="#888888"><br clear="all"><div><div><div dir="ltr">-- <br>Bazsi<br></div></div></div></font></span><div><div class="h5">
<br><div class="gmail_quote">On Fri, Jan 30, 2015 at 12:25 AM, Tusa Viktor <span dir="ltr"><<a href="mailto:tusavik@gmail.com" target="_blank">tusavik@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>Hi Ole!<br><br>You are totally right, this is a bug in afstomp module. There is a missing g_sockaddr_set_port() call in stomp.c. I can create a patch for you at the weekend, or you can patch it manually by inserting the line:<br></div>g_sockaddr_set_port(conn->remote_sa, (uint16) port); into modules/afstomp/stomp.c in line 118.<br><br></div><div>Thanks for the detailed bug report!<br></div><div><br></div>HtH,<br></div>Viktor<br></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div>On Thu, Jan 29, 2015 at 6:39 PM, Ole Jørgensen <span dir="ltr"><<a href="mailto:oleide@gmail.com" target="_blank">oleide@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div dir="ltr">Hi,<div><br></div><div>I'm testing the stomp destination using syslog-ng ose 3.6.2, and as the process starts it logs:</div><div><div># /opt/syslog-ng-3.6.2/sbin/syslog-ng -f /opt/syslog-ng-3.6.2/etc/syslog-ng.conf -F -d -v -t 2>&1 | grep -i stomp</div><div>[2015-01-29T18:29:<a href="tel:45.323518" value="+3645323518" target="_blank">45.323518</a>] Reading shared object for a candidate module; path='/opt/syslog-ng-3.6.2/lib/syslog-ng', fname='afstomp.so', module='afstomp'</div><div>[2015-01-29T18:29:<a href="tel:45.323629" value="+3645323629" target="_blank">45.323629</a>] Registering candidate plugin; module='afstomp', context='destination', name='stomp', preference='0'</div><div>[2015-01-29T18:29:<a href="tel:45.343833" value="+3645343833" target="_blank">45.343833</a>] Module loaded and initialized successfully; module='afstomp'</div><div>[2015-01-29T18:29:<a href="tel:45.344725" value="+3645344725" target="_blank">45.344725</a>] Compiling d_stomp reference [destination] at [/opt/syslog-ng-3.6.2/etc/syslog-ng.conf:70:2]</div><div>[2015-01-29T18:29:<a href="tel:45.344728" value="+3645344728" target="_blank">45.344728</a>] Compiling d_stomp sequence [destination] at [/opt/syslog-ng-3.6.2/etc/syslog-ng.conf:32:1]</div><div>[2015-01-29T18:29:<a href="tel:45.345092" value="+3645345092" target="_blank">45.345092</a>] Initializing STOMP destination; host='localhost', port='61613', destination='/topic/syslog'</div><div>[2015-01-29T18:29:<a href="tel:45.345368" value="+3645345368" target="_blank">45.345368</a>] Worker thread started; driver='d_stomp#0'</div><div>[2015-01-29T18:29:<a href="tel:45.346854" value="+3645346854" target="_blank">45.346854</a>] Stomp connection failed; host='localhost'</div><div><br></div><div>Relevant parts of my configuration:</div><div>destination d_stomp {<br></div><div><div> stomp(</div><div> host("localhost")</div><div> port(61613)</div><div> body("testing")</div><div> ack(yes)</div><div> retries(9)</div><div> value-pairs(scope(everything))</div></div><div> );<br></div><div>};</div><div><br></div><div>The strange thing is that when I'm starting syslog-ng I am running tcpdump -i lo -s0 -nn -v port 61613, and cannot see any packets. I would expect at least a syn connection since it claims to fail. SELinux does not log any denies during the startup, so I suspect the problem to be elsewhere.</div><div><br></div><div>If i do a tcpdump -i lo -s0 -nn -v -X and start syslog-ng this is captured:</div><div><div>18:33:<a href="tel:26.833330" value="+3626833330" target="_blank">26.833330</a> IP (tos 0x0, ttl 64, id 5652, offset 0, flags [DF], proto TCP (6), length 60)</div><div> 127.0.0.1.35340 > 127.0.0.1.0: Flags [S], cksum 0xd601 (correct), seq 801587243, win 65495, options [mss 65495,sackOK,TS val 700601919 ecr 0,nop,wscale 7], length 0</div><div> 0x0000: 4500 003c 1614 4000 4006 26a6 7f00 0001 E..<..@.@.&.....</div><div> 0x0010: 7f00 0001 8a0c 0000 2fc7 402b 0000 0000 ......../.@+....</div><div> 0x0020: a002 ffd7 d601 0000 0204 ffd7 0402 080a ................</div><div> 0x0030: 29c2 563f 0000 0000 0103 0307 ).V?........</div><div>18:33:<a href="tel:26.833412" value="+3626833412" target="_blank">26.833412</a> IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)</div><div> 127.0.0.1.0 > 127.0.0.1.35340: Flags [R.], cksum 0xb7ce (correct), seq 0, ack 801587244, win 0, length 0</div><div> 0x0000: 4500 0028 0000 4000 4006 3cce 7f00 0001 E..(..@.@.<.....</div><div> 0x0010: 7f00 0001 0000 8a0c 0000 0000 2fc7 402c ............/.@,</div><div> 0x0020: 5014 0000 b7ce 0000 P.......</div></div><div><br></div><div>So we get a syn to port 0 and answer with reset. Could there be a port parsing error for stomp in syslog-ng OSE 3.6.2? Any suggestions?</div><div><br></div><div>Also: syslog-ng spawns another thread to do the stomp connection, any suggestions on how I can strace this thread during startup to see what is actually going on? Would love to know if in fact this connection is made to port 0.</div><div><br></div><div>Thanks,</div><div>Ole</div></div></div>
<br></div></div>______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br></blockquote></div><br></div>
<br>______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br></blockquote></div><br></div></div></div>
</blockquote></div><br></div>