Hello, I'm not an expert either, but can you start valgrind as follows: valgrind --tool=memcheck --trace-children=yes --leak-check=yes ./syslog-ng If possible maybe you omit forking syslog-ng.
io.c: Preparing fd 6 for writing ==27361== Invalid read of size 2
There seems to be a off-by-one error in a string. This is the result if you do something like follows: char c; char *jj = malloc(10 * sizeof(char)); c = jj[10];
==27361== at 0x805A987: libnet_in_cksum (in /usr/local/sbin/syslog-ng) ==27361== Address 0x1BA764E2 is 178 bytes inside a block of size 179 alloc'd
There seems to be a wrong free, not really a missing one.
==27361== at 0x1B902E28: malloc (vg_replace_malloc.c:131) ==27361== by 0x805912D: libnet_pblock_coalesce (in /usr/local/sbin/syslog-ng) ==27361== by 0x804C063: do_handle_log (destinations.c:103) ==27361== by 0x804B5EC: do_distribute_log (center.c:149) ==27361== by 0x804B02A: do_add_source_name (sources.c:289) ==27361== by 0x804AA8C: do_handle_line (sources.c:75) ==27361== by 0x804ADA5: do_read_line (sources.c:134) ==27361== by 0x8054AF8: read_callback (in /usr/local/sbin/syslog-ng) ==27361== by 0x804A079: main_loop (main.c:253) ==27361== by 0x804A75C: main (main.c:549) io.c: Preparing fd 8 for writing io.c: connecting using fd 11 io.c: connecting using fd 11
Where's the end of it? :).
Which doesent say too much. I'm using libnet 1.1.2.1. The valgrind message only appears once - and does not appear as the memory leak contiues.
Was libnet linked statically against syslog-ng?
I'm no valgrind expert, but I'm guessing it leaks one byte for each UDP packet sent. Not sure why spoofing would cause this inside libnet.
If you need to create a packet, you'd want to use libnet, unless you've got enough spare time to code. Otherwise I don't see why libnet could be used within syslog-ng. Best regards, Roberto Nibali, ratz -- echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc