Re: syslogd closing all udp is a tiny bit aggressiv

Sun, 09 Feb 2020 13:13:54 -0800 

On Thu, Feb 06, 2020 at 05:57:15PM -0500, sven falempin wrote:
> > Your DNS lookup fails at startup, sockets are closed.
> > Later at SIGHUP you DNS works again.  Now the sockets are needed.
> > So do not close them if DNS for udp fails.

I thought again about this problem.  The fix can be more specific.
- if user requested udp4 or udp6, close the other af socket.
- after SIGHUP, when DNS works, close the unneeded af socket.

ok?

Index: usr.sbin/syslogd/syslogd.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/syslogd.c,v
retrieving revision 1.262
diff -u -p -r1.262 syslogd.c
--- usr.sbin/syslogd/syslogd.c  5 Jul 2019 13:23:27 -0000       1.262
+++ usr.sbin/syslogd/syslogd.c  9 Feb 2020 20:25:20 -0000
@@ -853,20 +853,6 @@ main(int argc, char *argv[])
                        event_add(ev_udp, NULL);
                if (fd_udp6 != -1)
                        event_add(ev_udp6, NULL);
-       } else {
-               /*
-                * If generic UDP file descriptors are used neither
-                * for receiving nor for sending, close them.  Then
-                * there is no useless *.514 in netstat.
-                */
-               if (fd_udp != -1 && !send_udp) {
-                       close(fd_udp);
-                       fd_udp = -1;
-               }
-               if (fd_udp6 != -1 && !send_udp6) {
-                       close(fd_udp6);
-                       fd_udp6 = -1;
-               }
        }
        for (i = 0; i < nbind; i++)
                if (fd_bind[i] != -1)
@@ -2416,6 +2402,7 @@ init(void)
        s = 0;
        strlcpy(progblock, "*", sizeof(progblock));
        strlcpy(hostblock, "*", sizeof(hostblock));
+       send_udp = send_udp6 = 0;
        while (getline(&cline, &s, cf) != -1) {
                /*
                 * check for end-of-section, comments, strip off trailing
@@ -2508,6 +2495,22 @@ init(void)
        Initialized = 1;
        dropped_warn(&init_dropped, "during initialization");

+       if (SecureMode) {
+               /*
+                * If generic UDP file descriptors are used neither
+                * for receiving nor for sending, close them.  Then
+                * there is no useless *.514 in netstat.
+                */
+               if (fd_udp != -1 && !send_udp) {
+                       close(fd_udp);
+                       fd_udp = -1;
+               }
+               if (fd_udp6 != -1 && !send_udp6) {
+                       close(fd_udp6);
+                       fd_udp6 = -1;
+               }
+       }
+
        if (Debug) {
                SIMPLEQ_FOREACH(f, &Files, f_next) {
                        for (i = 0; i <= LOG_NFACILITIES; i++)
@@ -2755,6 +2758,13 @@ cfline(char *line, char *progblock, char
                    sizeof(f->f_un.f_forw.f_addr)) != 0) {
                        log_warnx("bad hostname \"%s\"",
                            f->f_un.f_forw.f_loghost);
+                       /* DNS lookup may work after SIGHUP, keep sockets */
+                       if (strcmp(proto, "udp") == 0)
+                               send_udp = send_udp6 = 1;
+                       else if (strcmp(proto, "udp4") == 0)
+                               send_udp = 1;
+                       else if (strcmp(proto, "udp6") == 0)
+                               send_udp6 = 1;
                        break;
                }
                f->f_file = -1;

Reply via email to