[syslog-ng]Re: 1.5.19, pad_size and check_hostname extension

24 Jul 2002

On Mon, Jul 22, 2002 at 07:20:18PM +0200, Trapp, Michael wrote:
...
hi bazsi,
i've experienced a problem with the hostname options.
we have several network components sending sl-msg without a hostname.
due to the lack of the hostname syslog.ng interprets the first tag of the message
as a hostname even if it contains [^a-zA-Z-.]
to avoid the substitution of the first tag (we don't want to keep the original name anyway,
chain_hostname = 0, keep_hostname = 0) i extended the config and source with check_hostname.
maybe you could apply the attached patch. it would be great to find this option in future
releases.
I've implemented check_hostname differently. It is verified during log
parsing so it behaves consistently in all log paths.

My patch is attached to this message.
...
i also tested the pad_size option on my hpux-11.00 and it works !
well, it took me a few minutes to understand how it should work and how to configure ;-)
Index: ChangeLog
===================================================================
RCS file: /var/cvs/syslog-ng/syslog-ng/ChangeLog,v
retrieving revision 1.57
diff -u -r1.57 ChangeLog

--- ChangeLog	23 Jul 2002 12:08:49 -0000	1.57
+++ ChangeLog	24 Jul 2002 09:27:16 -0000
@@ -1,3 +1,9 @@
+2002-07-24  Balazs Scheidler  <bazsi@balabit.balabit>
+
+	* src/log.c: implemented check_hostname by verifying whether a
+	hostname only contains [A-Za-z0-9./@:], the check is triggered if
+	check_hostname is enabled in global config
+
 2002-07-23  Balazs Scheidler  <bazsi@balabit.balabit>
 
 	* updated INSTALL file to reflect latest OS hints
Index: INSTALL
===================================================================
RCS file: /var/cvs/syslog-ng/syslog-ng/INSTALL,v
retrieving revision 1.11
diff -u -r1.11 INSTALL
--- INSTALL	23 Jul 2002 12:08:49 -0000	1.11
+++ INSTALL	24 Jul 2002 09:27:16 -0000
@@ -123,11 +123,12 @@
   ----------------------
   
   AIX does support STREAMS, but its log transport doesn't use it. As it
-  seems /dev/log is a simple unix socket, though I can't find out whether
-  it uses SOCK_DGRAM or SOCK_STREAM semantics.
+  seems /dev/log is a simple SOCK_DGRAM type unix socket, so it works using:
+
+      source stdlog { unix-dgram("/dev/log"); };
 
   HP-UX (HP-UX 11.0)
-  ------------------------
+  ------------------
   
   HP-UX uses a named pipe called /dev/log for log transport, and you 
   can use this with the pipe() driver with an additional option. HP-UX pads
Index: src/affile.c
===================================================================
RCS file: /var/cvs/syslog-ng/syslog-ng/src/affile.c,v
retrieving revision 1.51
diff -u -r1.51 affile.c
--- src/affile.c	18 Jul 2002 13:18:01 -0000	1.51
+++ src/affile.c	24 Jul 2002 09:27:16 -0000
@@ -162,7 +162,7 @@
 	if (do_open_file(self->name, flags, -1, -1, -1, -1, -1, -1, 0, &fd)) {
 		lseek(fd, 0, SEEK_END);
 		self->src = io_read(make_io_fd(cfg->backend, fd, ol_string_use(self->name)), 
-			make_log_reader(0, self->prefix, cfg->log_msg_size, self->pad_size, c), 
+			make_log_reader(0, self->prefix, cfg->log_msg_size, self->pad_size, cfg->check_hostname ? LF_CHECK_HOSTNAME : 0, c), 
 			NULL);
 		self->res = REMEMBER_RESOURCE(cfg->resources, &self->src->super.super);
 		return ST_OK | ST_GOON;
Index: src/afinet.c
===================================================================
RCS file: /var/cvs/syslog-ng/syslog-ng/src/afinet.c,v
retrieving revision 1.19
diff -u -r1.19 afinet.c
--- src/afinet.c	18 Jul 2002 13:18:01 -0000	1.19
+++ src/afinet.c	24 Jul 2002 09:27:16 -0000
@@ -89,13 +89,13 @@
 		notice("AF_INET client connected from %S, port %i\n", 
 		       inet->ip, inet->port);
 		io_read(self->client, 
-			make_log_reader(0, NULL, cfg->log_msg_size, 0, c), 
+			make_log_reader(0, NULL, cfg->log_msg_size, 0, cfg->check_hostname ? LF_CHECK_HOSTNAME : 0, c), 
 			make_afsocket_source_close_callback(self));
 	}
 	else {
 		/* SOCK_DGRAM */
 		io_read(self->client, 
-			make_log_reader(1, NULL, cfg->log_msg_size, 0, c), 
+			make_log_reader(1, NULL, cfg->log_msg_size, 0, cfg->check_hostname ? LF_CHECK_HOSTNAME : 0, c), 
 			make_afsocket_source_close_callback(self));
 	}
 	
Index: src/afstreams.c
===================================================================
RCS file: /var/cvs/syslog-ng/syslog-ng/src/afstreams.c,v
retrieving revision 1.13
diff -u -r1.13 afstreams.c
--- src/afstreams.c	26 Apr 2002 09:43:54 -0000	1.13
+++ src/afstreams.c	24 Jul 2002 09:27:16 -0000
@@ -145,7 +145,7 @@
 			
 			length = eol - bol;
 			if (length) {
-				li = make_log_info(length, bol, NULL);
+				li = make_log_info(length, bol, NULL, 0);
 				li->pri = pri;
 				HANDLE_LOG(self->pipe, li);
 			}
Index: src/afunix.c
===================================================================
RCS file: /var/cvs/syslog-ng/syslog-ng/src/afunix.c,v
retrieving revision 1.22
diff -u -r1.22 afunix.c
--- src/afunix.c	18 Jul 2002 13:18:01 -0000	1.22
+++ src/afunix.c	24 Jul 2002 09:27:16 -0000
@@ -51,7 +51,7 @@
 	CAST(afsocket_source_connection, self, c);
 
 	io_read(self->client, 
-		make_log_reader(0, NULL, cfg->log_msg_size, 0, c), 
+		make_log_reader(0, NULL, cfg->log_msg_size, 0, cfg->check_hostname ? LF_CHECK_HOSTNAME : 0, c), 
 		make_afsocket_source_close_callback(self));
 	
 	return ST_OK | ST_GOON;
Index: src/cfg-grammar.y
===================================================================
RCS file: /var/cvs/syslog-ng/syslog-ng/src/cfg-grammar.y,v
retrieving revision 1.55
diff -u -r1.55 cfg-grammar.y
--- src/cfg-grammar.y	18 Jul 2002 13:18:01 -0000	1.55
+++ src/cfg-grammar.y	24 Jul 2002 09:27:16 -0000
@@ -75,7 +75,7 @@
 
 /* option items */
 %token KW_FLAGS KW_CATCHALL KW_FALLBACK KW_FINAL
-%token KW_FSYNC KW_MARK_FREQ KW_SYNC_FREQ KW_STATS_FREQ KW_CHAIN_HOSTNAMES KW_KEEP_HOSTNAME
+%token KW_FSYNC KW_MARK_FREQ KW_SYNC_FREQ KW_STATS_FREQ KW_CHAIN_HOSTNAMES KW_KEEP_HOSTNAME KW_CHECK_HOSTNAME
 %token KW_LOG_FIFO_SIZE KW_LOG_MSG_SIZE
 %token KW_TIME_REOPEN KW_TIME_REAP KW_USE_TIME_RECVD
 %token KW_USE_DNS KW_USE_FQDN KW_GC_BUSY_THRESHOLD 
@@ -574,6 +574,7 @@
 	| KW_STATS_FREQ '(' NUMBER ')'		{ configuration->stats_freq = $3; }
 	| KW_CHAIN_HOSTNAMES '(' yesno ')'	{ configuration->chain_hostnames = $3; }
 	| KW_KEEP_HOSTNAME '(' yesno ')'	{ configuration->keep_hostname = $3; }
+	| KW_CHECK_HOSTNAME '(' yesno ')'	{ configuration->check_hostname = $3; }
 	| KW_USE_TIME_RECVD '(' yesno ')'	{ configuration->use_time_recvd = $3; }
 	| KW_USE_FQDN '(' yesno ')'		{ configuration->use_fqdn = $3; };
 	| KW_USE_DNS '(' yesno ')'		{ configuration->use_dns = $3; };
Index: src/cfg-lex.l
===================================================================
RCS file: /var/cvs/syslog-ng/syslog-ng/src/cfg-lex.l,v
retrieving revision 1.24
diff -u -r1.24 cfg-lex.l
--- src/cfg-lex.l	18 Jul 2002 13:18:02 -0000	1.24
+++ src/cfg-lex.l	24 Jul 2002 09:27:16 -0000
@@ -60,6 +60,7 @@
         { "use_time_recvd",	KW_USE_TIME_RECVD },
         { "use_fqdn",           KW_USE_FQDN },
 	{ "use_dns",		KW_USE_DNS },
+	{ "check_hostname",	KW_CHECK_HOSTNAME },
   	{ "gc_threshold",	KW_GC_BUSY_THRESHOLD },
   	{ "gc_busy_threshold",	KW_GC_BUSY_THRESHOLD },
   	{ "gc_idle_threshold",	KW_GC_IDLE_THRESHOLD },
Index: src/cfgfile.h
===================================================================
RCS file: /var/cvs/syslog-ng/syslog-ng/src/cfgfile.h,v
retrieving revision 1.23
diff -u -r1.23 cfgfile.h
--- src/cfgfile.h	26 Apr 2002 09:43:54 -0000	1.23
+++ src/cfgfile.h	24 Jul 2002 09:27:16 -0000
@@ -56,6 +56,7 @@
 	(use_time_recvd simple UINT32)
 	(use_fqdn simple UINT32)
 	(use_dns simple UINT32)
+	(check_hostname simple UINT32)
 	(create_dirs simple UINT32)
 	(uid simple int)
 	(gid simple int)
Index: src/log.c
===================================================================
RCS file: /var/cvs/syslog-ng/syslog-ng/src/log.c,v
retrieving revision 1.26
diff -u -r1.26 log.c
--- src/log.c	26 Apr 2002 09:43:54 -0000	1.26
+++ src/log.c	24 Jul 2002 09:27:16 -0000
@@ -161,6 +161,15 @@
 
 			while (left && *src != ' ' && *src != ':' 
 			       && *src != '[') {
+				if (lm->flags & LF_CHECK_HOSTNAME &&
+				    !((*src >= 'A' && *src <= 'Z') ||
+				      (*src >= 'a' && *src <= 'z') ||
+				      (*src >= '0' && *src <= '9') ||
+				      *src == '-' || *src == '_' ||
+				      *src == '.' || *src == ':' ||
+				      *src == '@' || *src == '/')) {
+					break;
+				}
 		 		src++;
 				left--;
 			}
@@ -256,11 +265,12 @@
 	}
 }
 
-struct log_info *make_log_info(UINT32 length, UINT8 *msg, UINT8 *prefix)
+struct log_info *make_log_info(UINT32 length, UINT8 *msg, UINT8 *prefix, UINT32 flags)
 {
 	struct log_info *self;
 
 	NEW_SPACE(self);
+	self->flags = flags & LF_USER_FLAGS;
   	parse_log_msg(self, length, msg, prefix);
 	self->use_cnt = 1;
   	self->recvd = time(NULL);
Index: src/log.h
===================================================================
RCS file: /var/cvs/syslog-ng/syslog-ng/src/log.h,v
retrieving revision 1.17
diff -u -r1.17 log.h
--- src/log.h	26 Apr 2002 09:43:54 -0000	1.17
+++ src/log.h	24 Jul 2002 09:27:16 -0000
@@ -56,6 +56,9 @@
 #define LF_INTERNAL           0x0001
 #define LF_MARK               0x0002
 #define LF_LOCAL              0x0004
+#define LF_CHECK_HOSTNAME     0x0100
+
+#define LF_USER_FLAGS 0xff00
 
 /* CLASS:
      (class
@@ -86,7 +89,7 @@
 struct log_info *log_info_use(struct log_info *msg);
 void log_info_free(struct log_info *msg);
 
-struct log_info *make_log_info(UINT32 length, UINT8 *data, UINT8 *prefix);
+struct log_info *make_log_info(UINT32 length, UINT8 *data, UINT8 *prefix, UINT32 flags);
 struct log_info *make_internal_message(UINT32 pri, UINT32 length, UINT8 *data);
 struct log_info *make_mark_message(void);
 
Index: src/sources.c
===================================================================
RCS file: /var/cvs/syslog-ng/syslog-ng/src/sources.c,v
retrieving revision 1.34
diff -u -r1.34 sources.c
--- src/sources.c	18 Jul 2002 13:18:02 -0000	1.34
+++ src/sources.c	24 Jul 2002 09:27:16 -0000
@@ -53,6 +53,7 @@
 	 (buffer space UINT8)
 	 (max_log_line simple UINT32)
 	 (pad_size simple UINT32)
+	 (msg_flags simple UINT32)
          (next object log_handler)))
 */
 
@@ -64,7 +65,7 @@
 {
 	struct log_info *logmsg;
 
-	logmsg = make_log_info(length, data, self->prefix);
+	logmsg = make_log_info(length, data, self->prefix, self->msg_flags);
 	if (addrlen) {
 		logmsg->saddr = sockaddr2address_info(addrlen, addr);
 	}
@@ -150,6 +151,7 @@
 		UINT8 *prefix,
 		UINT32 max_log_line,
 		UINT32 pad_size,
+		UINT32 msg_flags,
 		struct log_handler *next)
 {
 	NEW(log_reader, self);
@@ -160,6 +162,7 @@
 	self->prefix = prefix;
 	self->max_log_line = MAX(max_log_line, pad_size) + 1;
 	self->pad_size = pad_size;
+	self->msg_flags = msg_flags;
 	self->buffer = ol_space_alloc(max_log_line);
 	
 	return &self->super;
Index: src/sources.h
===================================================================
RCS file: /var/cvs/syslog-ng/syslog-ng/src/sources.h,v
retrieving revision 1.15
diff -u -r1.15 sources.h
--- src/sources.h	18 Jul 2002 13:18:02 -0000	1.15
+++ src/sources.h	24 Jul 2002 09:27:16 -0000
@@ -65,6 +65,7 @@
 		UINT8 *prefix,
 		UINT32 max_log_line,
 		UINT32 pad_size,
+		UINT32 msg_flags,
 		struct log_handler *next);
 
 struct log_source_group *make_source_group(const char *name, struct log_source_driver *drvs);

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1

    