Hi,
In the default configuration syslogd keeps two *:514 UDP sockets
open.
udp 0 0 *.514 *.*
udp6 0 0 *.514 *.*
Several people have asked me why they are in netstat output and
whether it is a security risk. These sockets are used for sending
UDP packets if there is a UDP loghost in syslog.conf. If syslogd
is started with -u, they can receive packets, otherwise they are
disabled with shutdown(SHUT_RD).
In case we do neither send nor receive, we can close them after
reading the config file. This gives us a cleaner netstat output.
ok?
bluhm
Index: usr.sbin/syslogd/syslogd.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/syslogd.c,v
retrieving revision 1.245
diff -u -p -r1.245 syslogd.c
--- usr.sbin/syslogd/syslogd.c 8 Aug 2017 14:23:23 -0000 1.245
+++ usr.sbin/syslogd/syslogd.c 11 Sep 2017 21:25:39 -0000
@@ -274,7 +274,7 @@ size_t ctl_reply_offset = 0; /* Number o
char *linebuf;
int linesize;
-int fd_ctlconn, fd_udp, fd_udp6;
+int fd_ctlconn, fd_udp, fd_udp6, send_udp, send_udp6;
struct event *ev_ctlaccept, *ev_ctlread, *ev_ctlwrite;
struct peer {
@@ -825,6 +825,20 @@ main(int argc, char *argv[])
event_add(ev_udp, NULL);
if (fd_udp6 != -1)
event_add(ev_udp6, NULL);
+ } else {
+ /*
+ * If generic UDP file descriptors are used neither
+ * for receiving nor for sending, close them. Then
+ * there is no useless *.514 in netstat.
+ */
+ if (fd_udp != -1 && !send_udp) {
+ close(fd_udp);
+ fd_udp = -1;
+ }
+ if (fd_udp6 != -1 && !send_udp6) {
+ close(fd_udp6);
+ fd_udp6 = -1;
+ }
}
for (i = 0; i < nbind; i++)
if (fd_bind[i] != -1)
@@ -2659,9 +2673,11 @@ cfline(char *line, char *progblock, char
if (strncmp(proto, "udp", 3) == 0) {
switch (f->f_un.f_forw.f_addr.ss_family) {
case AF_INET:
+ send_udp = 1;
f->f_file = fd_udp;
break;
case AF_INET6:
+ send_udp6 = 1;
f->f_file = fd_udp6;
break;
}
