udp6 source declaration causes syslog+tls to fail
Hello, I'm seeing what appears to be an odd interaction between the declaration of an udp6 source and trying to forward messages via tls to another host. I have the following configuration: # UDP will use the regular port 514 as per /etc/services. source s_udp { udp(log_fetch_limit(400000000)); # UDP6 definition requires an explicit port statement. # See upstream bug # https://bugzilla.balabit.com/show_bug.cgi?id=58 # udp6( # port(514) # log_fetch_limit(400000000) # ); }; destination d_amslog { syslog("<hostname>" port(6514) suppress(30) transport("tls") tls( ca_dir("<dir>") cert_file("<cert>") key_file("<key>") trusted_keys("<fp>") ) ); }; log { source(s_udp); destination(d_amslog); flags(final); }; Now this works just fine with the "udp6" part commented out as above. However, if I uncomment the udp6 part, I get the following error: ERROR:gsockaddr.h:86:g_sockaddr_inet_get_sa: assertion failed: (g_sockaddr_inet_check(s)) failed! Note that if I remove the destination from the log directive (ie comment out the line "destination(d_amslog);", I still get the same error. If I comment out the entire syslog directive and replace it with a file destination, there is no problem (even though the udp6 source definition is there). It seems as if -- and I'm guessing here -- the udp6 declaration causes syslog-ng to try to treat the subsequent "syslog" directive to be an IPv6 type connection, which fails since the host does not (currently) have IPv6 configured. Ie, I believe syslog-ng assumes that just by the existence of an IPv6 source all connections will be IPv6 (which, if correct, seems like a bug to me). The version of syslog-ng here is: syslog-ng 3.0.3 Revision: ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.0#master#08c9bf9d98e4e021756adc12c42605840140ba8b Compile-Date: Sep 12 2009 02:43:20 Enable-Threads: off Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-Sun-STREAMS: off Enable-Sun-Door: off Enable-IPv6: on Enable-Spoof-Source: on Enable-TCP-Wrapper: on Enable-SSL: on Enable-SQL: off Enable-Linux-Caps: off Enable-Pcre: on Any suggestion on how to fix this would be appreciated. Thanks in advance, -Jan
Jan Schaumann <jschauma@netmeister.org> wrote:
I'm seeing what appears to be an odd interaction between the declaration of an udp6 source and trying to forward messages via tls to another host.
I opened Bug 61 for this: https://bugzilla.balabit.com/show_bug.cgi?id=61 I found out that changing the order of the udp source declarations will work around the problem for me. That is, source s_udp { udp(); udp6(); }; will fail, but source s_udp { udp6(); udp(); }; will work. -Jan
participants (1)
-
Jan Schaumann