On Wed, 2005-03-02 at 22:19 +0100, Roberto Nibali wrote:
io.c: Preparing fd 6 for writing ==27361== Invalid read of size 2
There seems to be a off-by-one error in a string. This is the result if you do something like follows:
This message is not triggered for me, but I'm going to try to use your exact configuration as well.
==27361== at 0x805A987: libnet_in_cksum (in /usr/local/sbin/syslog-ng) ==27361== Address 0x1BA764E2 is 178 bytes inside a block of size 179 alloc'd
There seems to be a wrong free, not really a missing one.
==27361== at 0x1B902E28: malloc (vg_replace_malloc.c:131) ==27361== by 0x805912D: libnet_pblock_coalesce (in /usr/local/sbin/syslog-ng) ==27361== by 0x804C063: do_handle_log (destinations.c:103) ==27361== by 0x804B5EC: do_distribute_log (center.c:149) ==27361== by 0x804B02A: do_add_source_name (sources.c:289) ==27361== by 0x804AA8C: do_handle_line (sources.c:75) ==27361== by 0x804ADA5: do_read_line (sources.c:134) ==27361== by 0x8054AF8: read_callback (in /usr/local/sbin/syslog-ng) ==27361== by 0x804A079: main_loop (main.c:253) ==27361== by 0x804A75C: main (main.c:549) io.c: Preparing fd 8 for writing io.c: connecting using fd 11 io.c: connecting using fd 11
Again, this one does not show up in my valgrind output. In fact it reports that no blocks are leaked. I'm using 1.1.2.1-2 Debian package. The libnet changelog shows some fixed leaks before 1.1.1, but as I see you also have a newer version. Isn't it possible that you linked syslog-ng to an older libnet statically and then upgraded your libnet package? The funny part is that this version of libnet seem to expect port numbers in host byte order whereas I pass it to libnet in network byte order. I'm almost confident that this used to work when I originally did the libnet support, judging the libnet changelog again, this was a change between 1.0 <-> 1.1 Is your syslog-ng sending messages to the correct port? Can you check that with tcpdump for example? Or maybe you are using a big-endian machine? This patch fixes the byte order issue, and I'm still hunting the memory leak with your configuration: diff -u -r1.25.4.6 afinet.c --- afinet.c 5 Aug 2004 11:35:12 -0000 1.25.4.6 +++ afinet.c 3 Mar 2005 12:26:47 -0000 @@ -617,11 +617,10 @@ ADDRESS2SOCKADDR(msg->saddr, sizeof(src_addr), (struct sockaddr *) &src_addr); ADDRESS2SOCKADDR(self->super.dest_addr, sizeof(dst_addr), (struct sockaddr *) &dst_addr); - libnet_clear_packet(self->lnet_ctx); - udp = libnet_build_udp(src_addr.sin_port, - dst_addr.sin_port, + udp = libnet_build_udp(ntohs(src_addr.sin_port), + ntohs(dst_addr.sin_port), LIBNET_UDP_H + msg_line->length, 0, msg_line->data,
Which doesent say too much. I'm using libnet 1.1.2.1. The valgrind message only appears once - and does not appear as the memory leak contiues.
Was libnet linked statically against syslog-ng?
Yes, libnet is linked in statically by default.
I'm no valgrind expert, but I'm guessing it leaks one byte for each UDP packet sent. Not sure why spoofing would cause this inside libnet.
If you need to create a packet, you'd want to use libnet, unless you've got enough spare time to code. Otherwise I don't see why libnet could be used within syslog-ng.
syslog-ng uses libnet for creating UDP packets sent via a raw socket. -- Bazsi