Author: delphij
Date: Thu Jul 14 07:33:53 2011
New Revision: 224002
URL: http://svn.freebsd.org/changeset/base/224002
Log:
Add a new option, -N to disable the default and recommended syslogd(8)
behavior, which binds to the well known UDP port.
This option implies -s.
MFC after: 2 months
Modified:
head/usr.sbin/syslogd/syslogd.8
head/usr.sbin/syslogd/syslogd.c
Modified: head/usr.sbin/syslogd/syslogd.8
==============================================================================
--- head/usr.sbin/syslogd/syslogd.8 Thu Jul 14 07:28:49 2011
(r224001)
+++ head/usr.sbin/syslogd/syslogd.8 Thu Jul 14 07:33:53 2011
(r224002)
@@ -36,7 +36,7 @@
.Nd log systems messages
.Sh SYNOPSIS
.Nm
-.Op Fl 468ACcdknosuv
+.Op Fl 468ACcdkNnosuv
.Op Fl a Ar allowed_peer
.Op Fl b Ar bind_address
.Op Fl f Ar config_file
@@ -227,6 +227,13 @@ facility is reserved for messages read d
Select the number of minutes between
.Dq mark
messages; the default is 20 minutes.
+.It Fl N
+Disable binding on UDP sockets. RFC 3164 recommends that outgoing
+syslogd messages should originate from the privileged port, this
+option
+.Em disables
+the recommended behavior. This option inherits
+.Fl s .
.It Fl n
Disable dns query for every request.
.It Fl o
Modified: head/usr.sbin/syslogd/syslogd.c
==============================================================================
--- head/usr.sbin/syslogd/syslogd.c Thu Jul 14 07:28:49 2011
(r224001)
+++ head/usr.sbin/syslogd/syslogd.c Thu Jul 14 07:33:53 2011
(r224002)
@@ -278,6 +278,7 @@ static int fklog = -1; /* /dev/klog */
static int Initialized; /* set when we have initialized ourselves */
static int MarkInterval = 20 * 60; /* interval between marks in seconds */
static int MarkSeq; /* mark sequence number */
+static int NoBind; /* don't bind() as suggested by RFC 3164 */
static int SecureMode; /* when true, receive only unix domain socks */
#ifdef INET6
static int family = PF_UNSPEC; /* protocol family (IPv4, IPv6 or both) */
@@ -358,7 +359,7 @@ main(int argc, char *argv[])
dprintf("madvise() failed: %s\n", strerror(errno));
bindhostname = NULL;
- while ((ch = getopt(argc, argv, "468Aa:b:cCdf:kl:m:nop:P:sS:Tuv"))
+ while ((ch = getopt(argc, argv, "468Aa:b:cCdf:kl:m:nNop:P:sS:Tuv"))
!= -1)
switch (ch) {
case '4':
@@ -437,6 +438,10 @@ main(int argc, char *argv[])
case 'm': /* mark interval */
MarkInterval = atoi(optarg) * 60;
break;
+ case 'N':
+ NoBind = 1;
+ SecureMode = 1;
+ break;
case 'n':
resolve = 0;
break;
@@ -2685,13 +2690,24 @@ socksetup(int af, char *bindhostname)
close(*s);
continue;
}
- if (bind(*s, r->ai_addr, r->ai_addrlen) < 0) {
- close(*s);
- logerror("bind");
- continue;
- }
+ /*
+ * RFC 3164 recommends that client side message
+ * should come from the privileged syslogd port.
+ *
+ * If the system administrator choose not to obey
+ * this, we can skip the bind() step so that the
+ * system will choose a port for us.
+ */
+ if (!NoBind) {
+ if (bind(*s, r->ai_addr, r->ai_addrlen) < 0) {
+ close(*s);
+ logerror("bind");
+ continue;
+ }
- double_rbuf(*s);
+ if (!SecureMode)
+ double_rbuf(*s);
+ }
(*socks)++;
s++;
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
