[syslog-ng] [Bug 178] New: Spoofed source address bug introduced in 3.3.5

bugzilla at bugzilla.balabit.com bugzilla at bugzilla.balabit.com
Mon May 7 22:17:05 CEST 2012


https://bugzilla.balabit.com/show_bug.cgi?id=178

           Summary: Spoofed source address bug introduced in 3.3.5
           Product: syslog-ng
           Version: 3.3.x
          Platform: PC
        OS/Version: Solaris
            Status: NEW
          Severity: major
          Priority: unspecified
         Component: syslog-ng
        AssignedTo: bazsi at balabit.hu
        ReportedBy: marvin.nipper at stream.com
Type of the Report: regression
   Estimated Hours: 0.0


Hi.  Sorry if this is not the right way to do this.  There was an email thread regarding this on 4/30, but I figured that the right way to do this way to
simply open an official bug report.  As this is my 1st one for syslog-ng, apologies if I screw it up!

This all pertains to 3.3.5, on Solaris 10 x86.  Per my original email, changes made between 3.3.4 and 3.3.5 have caused a situation wherein forwarded UDP
packets, with spoofed source addressing, all revert to null addresses, the instant that a HUP is issued against syslog-ng (e.g. during log rotation).

Also, as per that email, with Gergely's excellent (and educated) guess, I backed out the patch noted here:
http://git.madhouse-project.org/debian/syslog-ng/patch/?id=a898014482f733e9ccac00b7965e92db00d7589b, and the result was that the null addressing issue was
resolved.

Obviously, as there were (no doubt) other reasons for that patch, I'm just wanting to be sure that this problem doesn't get lost in the shuffle, and that the
patch gets reworked (to achieve its originally desired results, while managing to also resolve the null address problem that it caused with spoofing).

Let me know if you need any further information regarding this problem.  And, as always, I'm MORE than happy to be a test guinea pig, if need be.

THANKS.


-- 
Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.


More information about the syslog-ng mailing list