Coverity found two possible untrusted loop bounds, in unix_cb() and
inet_cb(), that were indeed possibly unterminated strings. These
were classified as medium. A third finding, marked high, was found
in kernel_cb(), which upon further investigation seems bogus.
This patch terminates the buffers received in unix_cb() and inet_cb()
but only changes to 0 from \0 termination in kernel_cb().
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Although hihgly unlikely, if the kernel log sequence number (seqno)
reaches the end of its MAX value (18446744073709551615) we allow for
dupes to handle the wrap-around back to zero (0) in the counter.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
This patch fixes the problem with kernel messages being repeated when
syslogd is restarted at runtime. This is achieved by caching the last
seqno read from /dev/kmsg to /run/syslogd.cache. The latter is usually
a ram disk these days so it should be a fairly quick op.
Excessive updates are prevented by only caching after handling all
callbacks in the socket_poll() loop, and only updating the cache
if there has been any new kernel messages since last update.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
The timer_now() API, introduced in 2019, returns time relative to boot.
Useful for relative time comparisons, but when used for absolute time,
e.g. for log messages, it must be offset with boot_time.
This patch fixes issue #28, but also wall messages, which exhibits the
same problem.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
This should fix any lingering issues with logging with the wrong
timezone at boot. As long as syslogd gets HUP'ed after setting
the new timezone.
Improvements to this welcome, of course.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
This patch fixes a bug in the kernel log priority parser introduced in
v2.2.0 with the new support for /dev/kmsg, replacing /proc/kmsg which
has another format for the log priority.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
When Linux CONFIG_LOG_BUF_SHIFT is set too low, or too many messages are
generated by the kernel, /dev/kmsg will overflow. This is signaled with
EPIPE to userspace. We can use the seqnos to figure out how many we've
lost, but seqnos are currently ignored.
> In case records get overwritten while /dev/kmsg is held open, or
> records get faster overwritten than they are read, the next read()
> will return -EPIPE and the current reading position gets updated to
> the next available record. The passed sequence numbers allow the log
> consumer to calculate the amount of lost messages.
-- https://lwn.net/Articles/490690/
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
This patch migrates the sysklogd project to use the modern /dev/kmsg
interface on Linux. There are many advantages over the older /proc
interface; 1) no need to wait for /proc to be mounted, 2) it provides
multiple simultaneous access. For more information, see:
https://www.kernel.org/doc/Documentation/ABI/testing/dev-kmsg
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Only reset f_fime when the filed is in normal operation, not suspended,
otherwise the INET_SUSPEND_TIME handling is broken.
Signed-off-by: Johan Askerin <johan.askerin@gmail.com>
Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
When sending to a remote syslog server, configured as an IP address or
when the DNS name has already been resolved, we may get temporary error
messages like ENETUNREACH and similar from sendmsg().
Before this patch the whole filed was placed in F_FORW_SUSP, like failed
DNS resolve, which introduces a 180 sec delay before even trying again.
A better approach is to just try again with the next syslog message.
Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
Internal log messages of INTERNAL_MARK time were created every 30
seconds (TIMERINTVL) instead of every MarkInterval (default 20 min).
Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
This patch removes one of the traditionally key pieces of the sysklogd
project, klogd. Now that syslogd performs logging of kernel messages
we no longer require a separate daemon for that.
Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
When building the sysklogd project --without-klogd we must disable the
kernel logging to console on Linux. This fix depends on how the sysctl
setting `kernel.printk` is configured. The patch only calls the kernel
to set console_loglevel to minimum_console_loglevel.
See the kernel docs for details:
https://www.kernel.org/doc/Documentation/sysctl/kernel.txt
Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
This bug caused syslogd to fall back to logging to /dev/console for
internal log messages/errors during reconfiguration at runtime.
syslogd has the FreeBSD style of keeping already open log files ready
for logging until re:init() has completed, when new log files are rolled
in and any old ones not to be used anymore are closed.
Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
Refactor of nslookup of unknown remote syslog servers, both when
(re)reading the .conf file and at runtime. This means we retry
DNS lookup every 30 sec, or INET_SUSPEND_TIME +/- 30 sec.
Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
The domark() timer handles a lot of the critical maintenance action in
syslogd, it must always be guaranteed to run.
Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
Only block signals *after* all sanity checking of log message has been
completed, otherwise we will end up with blocked SIGHUP and SIGALRM.
Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
We definitely want to be able to run syslogd in debug mode for extended
periods of time and still run under finit/systemd or similar, letting
users know we run as 'PID'.
Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
