[syslog-ng] 'network' Destination With Hostname Resolution (IPv4 vs IPv6)

David Hauck davidh at netacquire.com
Tue Sep 25 13:59:03 UTC 2018 

Hi Balázs,
 
Thanks for your thoughts. Please see below.

On Fri, 21 Sep 2018 at 04:52:00, syslog-ng <syslog-ng-bounces at lists.balabit.hu> On Behalf Of Scheidler, Balázs wrote:
> The reason you need to explicitly ask for ip-protocol(6) is that 
> sometimes, syslog-ng by itself can create such a socket, can even 
> resolve DNS names to ipv6 addresses and then communication wouldn't 
> work without an actual ipv6 tunnel/connectivity. Setting ip-protocol(6) 
> everywhere would achieve auto-detection and it probably would make sense 
> to make this configurable globally, not on a per-destination basis.

Independent of a potential globally configurable hint would it work to use ip-protocol(6) in all of my destination configurations directly, regardless of whether the specified <destination-address> is a hostname (which may be resolve to an IPv4 or IPv6 address), an IPv4 address string, or an IPv6 address string?

I would really like to just specify this once for each/all destinations (I don't mind doing it for each destination, I just don't want to have to evaluate whether to use ip-protocol([46])*).

Regards,
-David

* The destination configurations are performed programmatically and the extra determination for whether the configured <destination-address> falls into any of the above three categories is cumbersome/tricky at the locale where this done.
 
> That would probably be something like this:
> 
> *	introduce ipv6 related attributes in GlobalConfig, defaulting to ipv4
> 
> *	have those attributes configurable through cfg-grammar.y (e.g.
> the main configuration parser)
> *	in each destination that supports ipv6, inherit the global value
> unless overridden locally
> 
> There are similar patterns in the configuration/destination relation, 
> for instance with log-fifo-size() where there's a global and a local setting as well.
> 
> 
> With that said, I'd say that patches are welcome, I couldn't work on 
> it myself right now, but I am happy to review any solutions.
> 
> 
> On Thu, Sep 20, 2018 at 6:03 PM David Hauck <davidh at netacquire.com <mailto:davidh at netacquire.com> > wrote:
> 
> 
> 	Hi Balazs,
> 
> 	On Wednesday, September 19, 2018 9:21 PM, syslog-ng 
> <syslog-ng-bounces at lists.balabit.hu
> <mailto:syslog-ng-bounces at lists.balabit.hu> > On Behalf Of Balazs Scheidler wrote:
> 	> Ip protocol v6 should support both ipv4 and v6. So if you use that and
> 	> the name resolves to a v4 address or should work.
> 
> 	OK, interesting.
> 
> 	For a different reason it would also be good if I could always 
> specify ip-protocol(6) (non-default) for any value of "myhost" below - 
> i.e., even when this is an explicit IPv4 or IPv6 address string. Would 
> this also work? And if this were to work (I see no reason why it 
> wouldn't if what you say about hostname resolution above) then I guess there is no value in specifying ip-protocol() at all, right (i.e., syslog-ng could also just know to do the right thing in these cases)?
> 
> 	Thanks,
> 	-David
> 
> 	> On Wed, Sep 19, 2018, 19:23 David Hauck <davidh at netacquire.com 
> <mailto:davidh at netacquire.com> <mailto:davidh at netacquire.com
> <mailto:davidh at netacquire.com> > 	>> wrote: 	> 	>       Hi, 	> 	>      
> Thought I would reach out again to see if anyone had any thoughts on the
> item below. 	> 	>       Thanks for the consideration, 	>       -David 	>
> 	>       On Wednesday, September 12, 2018 3:39 PM, syslog-ng
> <syslog-ng-bounces at lists.balabit.hu
> <mailto:syslog-ng-bounces at lists.balabit.hu> 	>
> <mailto:syslog-ng-bounces at lists.balabit.hu
> <mailto:syslog-ng-bounces at lists.balabit.hu> > > On Behalf Of David Hauck
> 	> wrote:        > Hi,   >       > I have a question regarding how to
> specify a network 	> destination when using a hostname when the    >
> hostname can be resolved 	> to either IPv4 or IPv6. In particular what
> should be specified by the 	> ip-   > protocol() parameter? There are
> some configuration scenarios 	> and/or target installations that don't  
>      > know a priori whether the DNS 	> configuration will resolve to an
> IPv4 or IPv6 address.
>>> E.g.,         >       >
> 	> destination d_tcp6 {  >     network(  >         "myhost"
>> 
> 	> port(514)     >         transport(udp)        >
> ip-protocol(6 or 4 or ??)
> 	>       >         );    > };    >       > It seems like it would
> simple enough to have
> 	> syslog-ng simply validate the resulting IP address string to
>> 
> 	> determine which of ip-protocol(4) or ip-protocol(6) is actually needed.
> 	> In fact, I would argue that   > specifying an IP address
> string (as the
> 	> "<destination-address>" value) could result in the same
>> determination
> 	> (the address string necessarily unambiguously determines whether the
> 	> reference is an       > IPv4 or an IPv6 address and I would think
> there is a 	> 1-1 relationship between this determination and       >
> whether 	> ip-protocol(4) or ip-protocol(6) is used - (in other words it
> would 	> never make sense to have      > these mixed: "::1" and
> ip-protocol(4) would 	> be invalid).  >       > Thanks, -David        >
> 
> ________________________________________________________________________
> ______ 	Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> 	Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng 	FAQ:
> http://www.balabit.com/wiki/syslog-ng-faq
> 
>

More information about the syslog-ng mailing list