[syslog-ng] Lost packets; UDP Checksum (chksum) errors; forwarding - source spoofing; libnet bug
Marvin.Nipper at Stream.com
Marvin.Nipper at Stream.com
Wed Aug 29 14:58:25 CEST 2007
OK. I've only posted here a couple of times, but I've googled this list
(for help) extensively in the past. Before I waste everyone's time, I
just wanted to find out if I'm the only one who "didn't already know" that
there's a nasty bug in libnet-1.1.2.1, such that anybody doing
source-spoofed forwarding of UDP-based syslog packets will likely end up
losing large volumes of packets in the process (in my case a 2/3 loss of
packets).
Again. I thought that I had searched the mailing list archives properly,
and that I didn't see a mention of this issue (as I've been fighting my
way through figuring this out, over a multi-week period), BUT, as this
would seem to impact a lot of syslog-ng users, I keep thinking that I've
just missed something, and everyone else already knows about this. Before
I waste time writing a detailed message on the topic, I figured that I'd
ask first.
Marvin Nipper
Director of Security
Stream
mailto:marvin.nipper at stream.com
PGP Key ID: 0x8EE28551 (DSS/DH)
8C5D 403A D107 0A95 672B B637 BCF1 919A 8EE2 8551
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070829/6566831c/attachment.htm
More information about the syslog-ng
mailing list