On Sun, Feb 9, 2020 at 4:12 PM Alexander Bluhm <[email protected]>
wrote:
> On Thu, Feb 06, 2020 at 05:57:15PM -0500, sven falempin wrote:
> > > Your DNS lookup fails at startup, sockets are closed.
> > > Later at SIGHUP you DNS works again. Now the sockets are needed.
> > > So do not close them if DNS for udp fails.
>
> I thought again about this problem. The fix can be more specific.
> - if user requested udp4 or udp6, close the other af socket.
> - after SIGHUP, when DNS works, close the unneeded af socket.
>
> ok?
>
> Index: usr.sbin/syslogd/syslogd.c
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/syslogd.c,v
> retrieving revision 1.262
> diff -u -p -r1.262 syslogd.c
> --- usr.sbin/syslogd/syslogd.c 5 Jul 2019 13:23:27 -0000 1.262
> +++ usr.sbin/syslogd/syslogd.c 9 Feb 2020 20:25:20 -0000
> @@ -853,20 +853,6 @@ main(int argc, char *argv[])
> event_add(ev_udp, NULL);
> if (fd_udp6 != -1)
> event_add(ev_udp6, NULL);
> - } else {
> - /*
> - * If generic UDP file descriptors are used neither
> - * for receiving nor for sending, close them. Then
> - * there is no useless *.514 in netstat.
> - */
> - if (fd_udp != -1 && !send_udp) {
> - close(fd_udp);
> - fd_udp = -1;
> - }
> - if (fd_udp6 != -1 && !send_udp6) {
> - close(fd_udp6);
> - fd_udp6 = -1;
> - }
> }
> for (i = 0; i < nbind; i++)
> if (fd_bind[i] != -1)
> @@ -2416,6 +2402,7 @@ init(void)
> s = 0;
> strlcpy(progblock, "*", sizeof(progblock));
> strlcpy(hostblock, "*", sizeof(hostblock));
> + send_udp = send_udp6 = 0;
> while (getline(&cline, &s, cf) != -1) {
> /*
> * check for end-of-section, comments, strip off trailing
> @@ -2508,6 +2495,22 @@ init(void)
> Initialized = 1;
> dropped_warn(&init_dropped, "during initialization");
>
> + if (SecureMode) {
> + /*
> + * If generic UDP file descriptors are used neither
> + * for receiving nor for sending, close them. Then
> + * there is no useless *.514 in netstat.
> + */
> + if (fd_udp != -1 && !send_udp) {
> + close(fd_udp);
> + fd_udp = -1;
> + }
> + if (fd_udp6 != -1 && !send_udp6) {
> + close(fd_udp6);
> + fd_udp6 = -1;
> + }
> + }
> +
> if (Debug) {
> SIMPLEQ_FOREACH(f, &Files, f_next) {
> for (i = 0; i <= LOG_NFACILITIES; i++)
> @@ -2755,6 +2758,13 @@ cfline(char *line, char *progblock, char
> sizeof(f->f_un.f_forw.f_addr)) != 0) {
> log_warnx("bad hostname \"%s\"",
> f->f_un.f_forw.f_loghost);
> + /* DNS lookup may work after SIGHUP, keep sockets
> */
> + if (strcmp(proto, "udp") == 0)
> + send_udp = send_udp6 = 1;
> + else if (strcmp(proto, "udp4") == 0)
> + send_udp = 1;
> + else if (strcmp(proto, "udp6") == 0)
> + send_udp6 = 1;
> break;
> }
> f->f_file = -1;
>
@ok here
--
--
---------------------------------------------------------------------------------------------------------------------
Knowing is not enough; we must apply. Willing is not enough; we must do
