[syslog-ng] syslog-ng and IPv6 Interface Binding

Balazs Scheidler bazsi at balabit.hu
Fri Apr 8 00:43:03 CEST 2011


On Tue, 2011-04-05 at 09:11 -0700, Matthew Hall wrote:
> On Tue, Apr 05, 2011 at 11:25:49PM +1000, Reuben Farrelly wrote:
> > Looks like the problem I was seeing was that quotes are required for 
> > specifying IPv6 addresses, but are not required for IPv4 addresses.  For 
> > example this config loads fine:
> > 
> > source net {
> >          tcp6( ip("2001::20") port(514) max_connections(25) );
> >          udp6( ip("2001::20") port(514) );
> >          tcp( ip(192.168.10.12) port(514) max_connections(25) );
> > };
> > 
> > Perhaps this can be added to the admin guide, as the behavior of this 
> > parameter is inconsistent, at least, between v4 and v6.
> 
> There is probably a small glitch in the grammar definition.
> 
> Technically it usually allows strings to be quoted or unquoted.
> 
> I always quote mine because otherwise some characters confuse the parser.
> 
> Personally if it were me who maintained the parser I would be very strict and never allow any unquoted values.
> 
> But I'm a bit radical about input validation because I work in InfoSec.

Matthew is right, syslog-ng accepts non-quoted words as strings, as long
as they don't look something else.

Your IP address looked like a number (the "2001" part). 

I wouldn't call this inconsistency though, it is useful to not have to
quote things like:

owner(root)

In this case "root" is a string, but the same applies to the names of
sources and destinations, the proper syntax would be:

source "net" {
};

and so on. Requiring quotes would make the config less readable in my
opinion, but it is also right that it makes such inconsistencies
possible.

-- 
Bazsi



More information about the syslog-ng mailing list