This patch allows the user to disable the 8-bit data check in the log
message validator. If you have experienced problems with logging any
unicode (utf-8) messages after v1.6, this option is for you.
The correct way to handle this is to add proper parser support for the
Unicode BOM, defined in RFC5424[1], as NetBSD syslogd does[2], search
for IS_BOM().
[1]: https://datatracker.ietf.org/doc/html/rfc5424#appendix-A.8
[2]: http://cvsweb.netbsd.org/bsdweb.cgi/src/usr.sbin/syslogd/syslogd.c?rev=1.138
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
This patch adds a very rudimentary container check. When one, of a
select few containers, are detected, sysklogd disables the kernel
logging -- since there's no point in logging kernel messages other
than from the host system.
Issue #48
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
This patch adds support for disabling kernel logging, opensys(). This
is in addition to the character device validation check, and primarily
for use in container use-cases -- where logging kernel is not needed.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Issue #48 describes a problem with 100% CPU load in a container
use-case. Turns out one of the issues was that /dev/kmsg was
not a proper character device. This patch adds a very basic
check to ensure /dev/kmsg is usable.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
We need the '-K' option to disable kernel logging, so this option needs
to be renamed, unfortunately. Fortunately it's not been released yet.
Issue #42
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
When entering the forwarding suspend timer, free any previous address
info and do a new DNS lookup when the timer elapses. The failure to
send may be because we're using a stale IP address.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
This patch replaces the INET_SUSPEND_TIME for DNS lookup with a 5 sec
back-off to prevent DNS lookup on each message.
Also, reorder WARN() and NOTE() so they are called *after* setting the
f_type, otherwise we unleash endless recursive loops.
To avoid filling up the log with "Failed resolving ..." messages every
time we retry, we set a flag to remember we've already logged warning.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
When time_t wraps around on 32-bit UNIX systems we shouldn't assert (and
cause syslogd to be continously restarted) but instead try to handle the
wraparound more gracefully.
This change, initially proposed by Raul Porancea, checks for wraparound
and allows syslogd to continue on error. Logging with invalid date is
better than no logs at all. Thanks Raul for tracking this one down!
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Turns out that gettimeofday() can return EOVERFLOW on systems with
32-bit time_t. This occurs when the UNIX Epoch wraps around, the
exact time is 03:14:07 UTC on 19 January 2038.
EOVERFLOW is not documented in gettimeofday(2), but instead of messing
up the entire syslog message -- causing syslogd to drop it -- we can
handle the overflow by falling back to time(NULL) (returning seconds
since start of Epoch) and rely on syslogd to, in turn, handle the
wraparound gracefully.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
The logit() function winds up calling vfprintf(), GLIBC is friendly
enough to check for NULL and replace segfault with "(null)", but other
C-libs may not handle it as gracefully.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
The spec[1] says the /dev/kmsg timestamp is a monotonic clock and in
microseconds. After a while you realize it's also relative to the boot
of the system, that fact was probably too obvious to be put in the spec.
However, what's *not* in the spec, and what takes a while to realize, is
that this monotonic time is *not* adjusted for suspend/resume cycles ...
On a frequently used laptop this can manifest itself as follows. The
kernel is stuck on Nov 15, and for the life of me I cannot find any to
adjust for this offset:
$ dmesg -T |tail -1; date
[Mon Nov 15 01:42:08 2021] wlan0: Limiting TX power to 23 (23 - 0) dBm as advertised by 18:e8:29:55:b0:62
Tue 23 Nov 2021 05:20:53 PM CET
Hence this patch. After initial "emptying" of /dev/kmsg when syslogd
starts up, we raise a flag (denoting done with backlog), and after this
point we ignore the kernel's idea of time and replace it with the actual
time we have now, the same that userspace messages are logged with.
Sure, there will be occasions where there's a LOT of kernel messages to
read and we won't be able to keep track. Yet, this patch is better than
the current state (where we log Nov 15).
[1]: https://www.kernel.org/doc/Documentation/ABI/testing/dev-kmsg
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
GLIBC is friendly enough to check for NULL and replace segfault with
"(null)", but other C-libs may not handle it as gracefully.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
It is well established practise on Linux to use /dev/kmsg (old or
new API) before syslogd is up (and /dev/log exists). This patch
enables support for extracting non-kernel log messages and logging
them with their proper facility and priority.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
This patch adds support for logging to /dev/kmsg, which can be highly
useful for early scripts that run long before syslogd has started and
/dev/log is available.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Coverity found two possible untrusted loop bounds, in unix_cb() and
inet_cb(), that were indeed possibly unterminated strings. These
were classified as medium. A third finding, marked high, was found
in kernel_cb(), which upon further investigation seems bogus.
This patch terminates the buffers received in unix_cb() and inet_cb()
but only changes to 0 from \0 termination in kernel_cb().
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Although hihgly unlikely, if the kernel log sequence number (seqno)
reaches the end of its MAX value (18446744073709551615) we allow for
dupes to handle the wrap-around back to zero (0) in the counter.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
This patch fixes the problem with kernel messages being repeated when
syslogd is restarted at runtime. This is achieved by caching the last
seqno read from /dev/kmsg to /run/syslogd.cache. The latter is usually
a ram disk these days so it should be a fairly quick op.
Excessive updates are prevented by only caching after handling all
callbacks in the socket_poll() loop, and only updating the cache
if there has been any new kernel messages since last update.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
The timer_now() API, introduced in 2019, returns time relative to boot.
Useful for relative time comparisons, but when used for absolute time,
e.g. for log messages, it must be offset with boot_time.
This patch fixes issue #28, but also wall messages, which exhibits the
same problem.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
This should fix any lingering issues with logging with the wrong
timezone at boot. As long as syslogd gets HUP'ed after setting
the new timezone.
Improvements to this welcome, of course.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
This patch fixes a bug in the kernel log priority parser introduced in
v2.2.0 with the new support for /dev/kmsg, replacing /proc/kmsg which
has another format for the log priority.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
When Linux CONFIG_LOG_BUF_SHIFT is set too low, or too many messages are
generated by the kernel, /dev/kmsg will overflow. This is signaled with
EPIPE to userspace. We can use the seqnos to figure out how many we've
lost, but seqnos are currently ignored.
> In case records get overwritten while /dev/kmsg is held open, or
> records get faster overwritten than they are read, the next read()
> will return -EPIPE and the current reading position gets updated to
> the next available record. The passed sequence numbers allow the log
> consumer to calculate the amount of lost messages.
-- https://lwn.net/Articles/490690/
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
