As part of preparing to glue a pair of syslog-ng servers together via a TCP connection, I've made some slight tweaks to the afinet.c code on my running system. This is all for a 1.6.0rc3 code version. Because I can't find any reference to the option elsewhere in the libol or syslog-ng code, I've forced the SO_KEEPALIVE socket on for both sender and receiver in a TCP connection. The issue here is mainly where the client mysteriously disappears, and the server seemingly never bothers to close down the half-open socket. Forcing the SO_KEEPALIVE flag on the socket should, I believe, tidy this up in the worst case scenario. I know that the socket can remain half-open, because I've seen TCP connections from a PIX in ESTABLISHED state, even when the PIX only has one live connection to the syslog-ng server. The other tweak is to enforce tcp_wrapper operation on TCP connections only. This may be redundant code, but I honestly can't follow the source sufficiently to know whether the tcp_wrapper code is called for a udp connection. Since logging the fault condition for a udp connection uses up almost as many resources as actually processing the packet, and performing the tcp_wrapper call is overkill for every successful udp connection, it seemed not worth the bother to call the wrapper code for udp connections and only enforce TCP lockdowns. It's also probably possible to avoid the getsockopt() call by determining socket type from client->super somehow, but I wasn't sure exactly how to do this. Patch diff below. Comments welcome. Ted $ sudo diff -u afinet.c-1.6.0rc3.orig afinet.c-1.6.0rc3.patched --- afinet.c-1.6.0rc3.orig Tue Feb 24 09:20:01 2004 +++ afinet.c-1.6.0rc3.patched Tue Feb 24 10:10:09 2004 @@ -28,6 +28,8 @@ #include "cfgfile.h" #include "pkt_buffer.h" +#include <sys/socket.h> +#include <sys/types.h> #include <errno.h> #include <string.h> #include <assert.h> @@ -217,8 +219,13 @@ CAST(afinet_source, self, c); struct afsocket_source_connection *conn; UINT32 res; + int socklen,sockval; + + socklen=sizeof(sockval); + if ( ( getsockopt(client->super.fd, SOL_SOCKET, SO_TYPE, &sockval, &socklen) == 0 ) && + ( sockval == SOCK_STREAM ) ) { #if ENABLE_TCP_WRAPPER - { + { struct request_info req; request_init(&req, RQ_DAEMON, "syslog-ng", RQ_FILE, client->super.fd, 0); @@ -230,9 +237,19 @@ close_fd(&client->super, 0); return ST_OK | ST_GOON; } + } +#endif + +#ifdef SO_KEEPALIVE + sockval=1; socklen=sizeof(sockval); + if ( setsockopt(client->super.fd, SOL_SOCKET, SO_KEEPALIVE, &sockval, socklen) < 0 ) { + notice("setsockopt SO_KEEPALIVE failure during do_open_afinet_connection()"); + } else { + notice("setsockopt SO_KEEPALIVE Ok in do_open_afinet_connection()"); } - #endif + } + if (c->num_connections >= c->max_connections) { CAST(inet_address_info, inet_addr, client_addr); @@ -250,8 +267,6 @@ } return res; } - - } static int @@ -488,6 +503,17 @@ if (self->conn_fd) { return ST_OK | ST_GOON; +#ifdef SO_KEEPALIVE + if ( (self->super.flags & 0x0003) == AFSOCKET_STREAM ) { + int sockval=1; + + if ( setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &sockval, sizeof(sockval)) < 0 ) { + notice("setsockopt SO_KEEPALIVE failure during do_init_afinet_dest()"); + } else { + notice("setsockopt SO_KEEPALIVE Ok in do_init_afinet_dest()"); + } + } +#endif } else { io_callout(self->cfg->backend, $ ************************************************************************************************ This E-mail message, including any attachments, is intended only for the person or entity to which it is addressed, and may contain confidential information. If you are not the intended recipient, any review, retransmission, disclosure, copying, modification or other use of this E-mail message or attachments is strictly forbidden. If you have received this E-mail message in error, please contact the author and delete the message and any attachments from your computer. You are also advised that the views and opinions expressed in this E-mail message and any attachments are the author's own, and may not reflect the views and opinions of FLEXTECH Television Limited. ************************************************************************************************