[Bug 240] New: host() in filters fail to match if using use_dns(yes)
https://bugzilla.balabit.com/show_bug.cgi?id=240 Summary: host() in filters fail to match if using use_dns(yes) Product: syslog-ng Version: 3.4.x Platform: PC OS/Version: Linux Status: NEW Severity: major Priority: unspecified Component: syslog-ng AssignedTo: bazsi@balabit.hu ReportedBy: bmartin@lavabit.com Type of the Report: bug Estimated Hours: 0.0 After upgrading from version 3.2.5 to 3.4.2 a filter using host() did not work anymore. The filter looks something like this: filter f_filter { host("172.12.0.1") or host("172.12.0.2"); }; Messages which would match this filter never reached their destination as they were used to with 3.2.5. I figured out that $HOST contained only the string '172'. My assumption is that host() matches against $HOST. In turn I set use_dns(no) and things started working again and now $HOST contains the whole IP address. used global options: options { threaded(yes); chain_hostnames(no); use_dns(no); stats_freq(43200); mark_freq(3600); }; -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=240 --- Comment #1 from Balazs Scheidler <bazsi@balabit.hu> 2013-07-22 17:37:41 --- I've just pushed a fix to the f/fix-fqdn-processing-for-numeric-hosts branch on github.com/balabit/syslog-ng-3.4. commit f8507a653d2779d9f82c445e4a649d4ee025535b Author: Balazs Scheidler <bazsi@balabit.hu> Date: Mon Jul 22 17:35:48 2013 +0200 misc: fixed truncated IP addresses set in $HOST In case getnameinfo() fails to resolve an address, it automatically returns the numeric IP address without setting an error condition, which messes up the logic in resolve_sockaddr() and causes the IP address to be truncated if use_fqdn() is set to no. This patch instructs getnameinfo() to return failure instead by passing NI_NAMEREQD in flags. References: bugzilla #240 Signed-off-by: Balazs Scheidler <bazsi@balabit.hu> diff --git a/lib/misc.c b/lib/misc.c index 2c8e67d..9ff8d6b 100644 --- a/lib/misc.c +++ b/lib/misc.c @@ -218,7 +218,7 @@ resolve_sockaddr(gchar *result, gsize *result_len, GSockAddr *saddr, gboolean us if ((!use_dns_cache || !dns_cache_lookup(saddr->sa.sa_family, addr, (const gchar **) &hname, &positive)) && usedns != 2) { #ifdef HAVE_GETNAMEINFO - if (getnameinfo(&saddr->sa, saddr->salen, buf, sizeof(buf), NULL, 0, 0) == 0) + if (getnameinfo(&saddr->sa, saddr->salen, buf, sizeof(buf), NULL, 0, NI_NAMEREQD) == 0) hname = buf; #else struct hostent *hp; This seems to resolve the issue for me. Can you check if it really does? @Algernon: can you please merge this to master? Thanks -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=240 --- Comment #2 from Martin <bmartin@lavabit.com> 2013-07-23 11:09:58 --- Sorry, I'm currently not able to test this. But thank you for the fix. -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=240 Gergely Nagy <algernon@balabit.hu> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |algernon@balabit.hu Resolution| |FIXED Status|NEW |RESOLVED --- Comment #3 from Gergely Nagy <algernon@balabit.hu> 2013-07-25 10:50:13 --- Tested, works, integrated to master. Thank you! -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=240 Gergely Nagy <algernon@balabit.hu> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |list0570@paradise.net.nz --- Comment #4 from Gergely Nagy <algernon@balabit.hu> 2013-08-13 10:36:42 --- *** Bug 242 has been marked as a duplicate of this bug. *** -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
participants (1)
-
bugzilla@bugzilla.balabit.com