[syslog-ng] 'network' Destination With Hostname Resolution (IPv4 vs IPv6)

Scheidler, Balázs balazs.scheidler at oneidentity.com
Fri Sep 21 11:52:23 UTC 2018


The reason you need to explicitly ask for ip-protocol(6) is that sometimes,
syslog-ng by itself can create such a socket, can even resolve DNS names to
ipv6 addresses and then communication wouldn't work without an actual ipv6
tunnel/connectivity. Setting ip-protocol(6) everywhere would achieve
auto-detection and it probably would make sense to make this configurable
globally, not on a per-destination basis.

That would probably be something like this:

   - introduce ipv6 related attributes in GlobalConfig, defaulting to ipv4
   - have those attributes configurable through cfg-grammar.y (e.g. the
   main configuration parser)
   - in each destination that supports ipv6, inherit the global value
   unless overridden locally

There are similar patterns in the configuration/destination relation, for
instance with log-fifo-size() where there's a global and a local setting as
well.

With that said, I'd say that patches are welcome, I couldn't work on it
myself right now, but I am happy to review any solutions.


On Thu, Sep 20, 2018 at 6:03 PM David Hauck <davidh at netacquire.com> wrote:

> Hi Balazs,
>
> On Wednesday, September 19, 2018 9:21 PM, syslog-ng <
> syslog-ng-bounces at lists.balabit.hu> On Behalf Of Balazs Scheidler wrote:
> > Ip protocol v6 should support both ipv4 and v6. So if you use that and
> > the name resolves to a v4 address or should work.
>
> OK, interesting.
>
> For a different reason it would also be good if I could always specify
> ip-protocol(6) (non-default) for any value of "myhost" below - i.e., even
> when this is an explicit IPv4 or IPv6 address string. Would this also work?
> And if this were to work (I see no reason why it wouldn't if what you say
> about hostname resolution above) then I guess there is no value in
> specifying ip-protocol() at all, right (i.e., syslog-ng could also just
> know to do the right thing in these cases)?
>
> Thanks,
> -David
>
> > On Wed, Sep 19, 2018, 19:23 David Hauck <davidh at netacquire.com <mailto:
> davidh at netacquire.com>
> >> wrote:
> >
> >       Hi,
> >
> >       Thought I would reach out again to see if anyone had any thoughts
> on the item below.
> >
> >       Thanks for the consideration,
> >       -David
> >
> >       On Wednesday, September 12, 2018 3:39 PM, syslog-ng <
> syslog-ng-bounces at lists.balabit.hu
> > <mailto:syslog-ng-bounces at lists.balabit.hu> > On Behalf Of David Hauck
> > wrote:        > Hi,   >       > I have a question regarding how to
> specify a network
> > destination when using a hostname when the    > hostname can be resolved
> > to either IPv4 or IPv6. In particular what should be specified by the
> > ip-   > protocol() parameter? There are some configuration scenarios
> > and/or target installations that don't        > know a priori whether
> the DNS
> > configuration will resolve to an IPv4 or IPv6 address.        >       >
> E.g.,         >       >
> > destination d_tcp6 {  >     network(  >         "myhost"      >
> > port(514)     >         transport(udp)        >         ip-protocol(6 or
> 4 or ??)
> >       >         );    > };    >       > It seems like it would simple
> enough to have
> > syslog-ng simply validate the resulting IP address string to  >
> > determine which of ip-protocol(4) or ip-protocol(6) is actually needed.
> > In fact, I would argue that   > specifying an IP address string (as the
> > "<destination-address>" value) could result in the same       >
> determination
> > (the address string necessarily unambiguously determines whether the
> > reference is an       > IPv4 or an IPv6 address and I would think there
> is a
> > 1-1 relationship between this determination and       > whether
> > ip-protocol(4) or ip-protocol(6) is used - (in other words it would
> > never make sense to have      > these mixed: "::1" and ip-protocol(4)
> would
> > be invalid).  >       > Thanks, -David        >
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180921/a6586e20/attachment.html>


More information about the syslog-ng mailing list