[Bug 266] New: localport option does not bind to a specific port
https://bugzilla.balabit.com/show_bug.cgi?id=266 Summary: localport option does not bind to a specific port Product: syslog-ng Version: unspecified Platform: PC OS/Version: Linux Status: NEW Severity: normal Priority: unspecified Component: syslog-ng AssignedTo: bazsi@balabit.hu ReportedBy: zebaz@xs4all.nl Type of the Report: bug Estimated Hours: 0.0 The localport option to specify a source port when opening a TCP connection no longer seems to be working. For testing I used the following simplified configurations: @version: 3.5 source src { unix-stream("/dev/log" max-connections(256)); internal(); file("/proc/kmsg"); }; destination logcentral { tcp("logcentral" port(514) localport(1014)); }; log { source(src); destination(logcentral); }; When running syslog-ng -d the relevant output is: Syslog connection established; fd='8', server='AF_INET(<ip removed>:514)', local='AF_INET(0.0.0.0:0)' I tried some variations in the configuration: - source port > 1024 gives the same result - specifying the localip option binds the local socket explicitly to that IP address but still not to a specific port Behaviour has been checked to occur with versions 3.4.2 and 3.4.6 from Gentoo as well as 3.5.2 from the upstream site (compiled from source). Other installations with identical kernel versions run older syslog-ng installations (3.2.x and 3.3.x) with the same settings without a problem. -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=266 Sandor Geller <sandor.geller@morganstanley.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |sandor.geller@morganstanley. | |com --- Comment #1 from Sandor Geller <sandor.geller@morganstanley.com> 2013-12-18 18:05:29 --- port and localport both set the port of the local endpoint so IMO it is better to use localport and destport. Did you check with netstat / lsof that not only the debug message is a bit misleading? BTW your src() source should get updated, /dev/log should be unix-dgram while /proc/kmsg should set up in a better way - take a look how the system() source sets up these or simply use it. -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=266 --- Comment #2 from Sebastiaan Hoogeveen <zebaz@xs4all.nl> 2013-12-18 20:22:14 --- According to the documentation port() and destport() do the same although I agree the latter is more clear. Just for the sake of the argument I simplified the configuration to just report internal messages with the same result: @version: 3.5 source src { internal(); }; destination messages { file("/var/log/messages"); }; destination logcentral { tcp("logcentral" destport(514) localport(1014)); }; log { source(src); destination(logcentral); }; I did confirm the port numbers used with netstat on the *destination* host (so any weird problem with the machine on which the fault syslog runs is ruled out) and the source ports used are high port numbers (at this moment 60337, 52579 and 58624). -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=266 --- Comment #3 from Balazs Scheidler <bazsi@balabit.hu> 2013-12-19 10:15:13 --- Seems to be a bug indeed. be aware though that specifying the full connection tuple (srcip, dstip and both ports) can cause trouble, especially when there are stateful firewalls between the hosts. I'll look into this. Thanks for the report. --- Comment #4 from Balazs Scheidler <bazsi@balabit.hu> 2013-12-19 10:15:18 --- Seems to be a bug indeed. be aware though that specifying the full connection tuple (srcip, dstip and both ports) can cause trouble, especially when there are stateful firewalls between the hosts. I'll look into this. Thanks for the report. --- Comment #5 from Balazs Scheidler <bazsi@balabit.hu> 2013-12-19 10:15:20 --- Seems to be a bug indeed. be aware though that specifying the full connection tuple (srcip, dstip and both ports) can cause trouble, especially when there are stateful firewalls between the hosts. I'll look into this. Thanks for the report. -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=266 --- Comment #3 from Balazs Scheidler <bazsi@balabit.hu> 2013-12-19 10:15:13 --- Seems to be a bug indeed. be aware though that specifying the full connection tuple (srcip, dstip and both ports) can cause trouble, especially when there are stateful firewalls between the hosts. I'll look into this. Thanks for the report. --- Comment #4 from Balazs Scheidler <bazsi@balabit.hu> 2013-12-19 10:15:18 --- Seems to be a bug indeed. be aware though that specifying the full connection tuple (srcip, dstip and both ports) can cause trouble, especially when there are stateful firewalls between the hosts. I'll look into this. Thanks for the report. --- Comment #5 from Balazs Scheidler <bazsi@balabit.hu> 2013-12-19 10:15:20 --- Seems to be a bug indeed. be aware though that specifying the full connection tuple (srcip, dstip and both ports) can cause trouble, especially when there are stateful firewalls between the hosts. I'll look into this. Thanks for the report. -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=266 --- Comment #3 from Balazs Scheidler <bazsi@balabit.hu> 2013-12-19 10:15:13 --- Seems to be a bug indeed. be aware though that specifying the full connection tuple (srcip, dstip and both ports) can cause trouble, especially when there are stateful firewalls between the hosts. I'll look into this. Thanks for the report. --- Comment #4 from Balazs Scheidler <bazsi@balabit.hu> 2013-12-19 10:15:18 --- Seems to be a bug indeed. be aware though that specifying the full connection tuple (srcip, dstip and both ports) can cause trouble, especially when there are stateful firewalls between the hosts. I'll look into this. Thanks for the report. --- Comment #5 from Balazs Scheidler <bazsi@balabit.hu> 2013-12-19 10:15:20 --- Seems to be a bug indeed. be aware though that specifying the full connection tuple (srcip, dstip and both ports) can cause trouble, especially when there are stateful firewalls between the hosts. I'll look into this. Thanks for the report. -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=266 --- Comment #6 from Sandor Geller <sandor.geller@morganstanley.com> 2013-12-19 11:17:07 --- I was blind yesterday when checked the code: | KW_LOCALPORT '(' string_or_number ')' { afinet_dd_set_localport(last_driver, $3); free($3); } | KW_PORT '(' string_or_number ')' { afinet_dd_set_destport(last_driver, $3); free($3); } | KW_DESTPORT '(' string_or_number ')' { afinet_dd_set_destport(last_driver, $3); free($3); } As Bazsi mentioned in afsocket.c binding to the specified source port isn't implemented for destinations. Sorry for the noise. -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=266 Gergely Nagy <algernon@balabit.hu> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |algernon@balabit.hu AssignedTo|bazsi@balabit.hu |algernon@balabit.hu --- Comment #7 from Gergely Nagy <algernon@balabit.hu> 2013-12-20 22:13:25 --- This broke when lib/host-resolve.* came in, I believe. resolve_hostname_to_sockaddr() will always set the local port to 0, ignoring what was specified. There's no way to pass the port to those functions. I believe the best course of action is to add a port parameter to the mentioned function, and pass it down to getaddrinfo() or whatever else gets called underneath. I'll have a patch ready in a couple of hours. -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=266 Gergely Nagy <algernon@balabit.hu> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=266 --- Comment #8 from Gergely Nagy <algernon@balabit.hu> 2013-12-20 22:28:18 --- (In reply to comment #7)
I believe the best course of action is to add a port parameter to the mentioned function, and pass it down to getaddrinfo() or whatever else gets called underneath. I'll have a patch ready in a couple of hours.
Actually, it's even easier than that. Patch coming up shortly. -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=266 --- Comment #9 from Gergely Nagy <algernon@balabit.hu> 2013-12-20 22:43:32 --- A patch against git master is available here: https://github.com/balabit/syslog-ng/commit/ab07cd29c17d0eef8c161c682a3fb7c6... It should apply reasonably cleanly to 3.5/master too, but I'll pick it over soon, and will backport it to 3.4 as well. The backport will likely take some time, as the code is much different there. Leaving this open until it hits 3.4/master and 3.5/master too. -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=266 Gergely Nagy <algernon@balabit.hu> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution| |FIXED Status|ASSIGNED |RESOLVED --- Comment #10 from Gergely Nagy <algernon@balabit.hu> 2013-12-20 23:31:57 --- This is now on 3.4 and 3.5 master too, so setting it to resolved. It will be in the next 3.4 and 3.5 releases, due in a few days. -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
participants (1)
-
bugzilla@bugzilla.balabit.com