From owner-svn-src-all@freebsd.org Tue Apr 28 16:07:16 2020 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7ED7D2BE048; Tue, 28 Apr 2020 16:07:16 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49BRP02q3Vz3R1B; Tue, 28 Apr 2020 16:07:16 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4244A26C66; Tue, 28 Apr 2020 16:07:16 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 03SG7Gp9012940; Tue, 28 Apr 2020 16:07:16 GMT (envelope-from bdrewery@FreeBSD.org) Received: (from bdrewery@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 03SG7GZY012939; Tue, 28 Apr 2020 16:07:16 GMT (envelope-from bdrewery@FreeBSD.org) Message-Id: <202004281607.03SG7GZY012939@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bdrewery set sender to bdrewery@FreeBSD.org using -f From: Bryan Drewery Date: Tue, 28 Apr 2020 16:07:16 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r360441 - head/usr.sbin/syslogd X-SVN-Group: head X-SVN-Commit-Author: bdrewery X-SVN-Commit-Paths: head/usr.sbin/syslogd X-SVN-Commit-Revision: 360441 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Apr 2020 16:07:16 -0000 Author: bdrewery Date: Tue Apr 28 16:07:15 2020 New Revision: 360441 URL: https://svnweb.freebsd.org/changeset/base/360441 Log: Restore local kernel "prog" filtering lost in r332099. This behavior is most relevant for ipfw(4) as documented in syslog.conf(5). The recent addition of property-based regex filters in r359327 is a fine workaround for this but the behavior was present since 1997 and documented. This only fixes local matching of the "kernel program". It does not change the forwarded format at all. On the remote side it will still be "kernel: ipfw:" and not be parsed as a kernel message. This matches old behavior. MFC after: 2 weeks Reviewed by: markj Relnotes: yes Differential Revision: https://reviews.freebsd.org/D24286 Modified: head/usr.sbin/syslogd/syslogd.c Modified: head/usr.sbin/syslogd/syslogd.c ============================================================================== --- head/usr.sbin/syslogd/syslogd.c Tue Apr 28 16:00:34 2020 (r360440) +++ head/usr.sbin/syslogd/syslogd.c Tue Apr 28 16:07:15 2020 (r360441) @@ -137,6 +137,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include #include @@ -206,6 +207,7 @@ static STAILQ_HEAD(, socklist) shead = STAILQ_HEAD_INI #define IGN_CONS 0x001 /* don't print on console */ #define SYNC_FILE 0x002 /* do fsync on file after printing */ #define MARK 0x008 /* this message is a mark */ +#define ISKERNEL 0x010 /* kernel generated message */ /* Timestamps of log entries. */ struct logtime { @@ -1151,19 +1153,19 @@ parsemsg_rfc5424(const char *from, int pri, char *msg) } /* - * Trims the application name ("TAG" in RFC 3164 terminology) and - * process ID from a message if present. + * Returns the length of the application name ("TAG" in RFC 3164 + * terminology) and process ID from a message if present. */ static void -parsemsg_rfc3164_app_name_procid(char **msg, const char **app_name, - const char **procid) { - char *m, *app_name_begin, *procid_begin; +parsemsg_rfc3164_get_app_name_procid(const char *msg, size_t *app_name_length_p, + ptrdiff_t *procid_begin_offset_p, size_t *procid_length_p) +{ + const char *m, *procid_begin; size_t app_name_length, procid_length; - m = *msg; + m = msg; /* Application name. */ - app_name_begin = m; app_name_length = strspn(m, "abcdefghijklmnopqrstuvwxyz" "ABCDEFGHIJKLMNOPQRSTUVWXYZ" @@ -1191,12 +1193,52 @@ parsemsg_rfc3164_app_name_procid(char **msg, const cha if (m[0] != ':' || m[1] != ' ') goto bad; + *app_name_length_p = app_name_length; + if (procid_begin_offset_p != NULL) + *procid_begin_offset_p = + procid_begin == NULL ? 0 : procid_begin - msg; + if (procid_length_p != NULL) + *procid_length_p = procid_length; + return; +bad: + *app_name_length_p = 0; + if (procid_begin_offset_p != NULL) + *procid_begin_offset_p = 0; + if (procid_length_p != NULL) + *procid_length_p = 0; +} + +/* + * Trims the application name ("TAG" in RFC 3164 terminology) and + * process ID from a message if present. + */ +static void +parsemsg_rfc3164_app_name_procid(char **msg, const char **app_name, + const char **procid) +{ + char *m, *app_name_begin, *procid_begin; + size_t app_name_length, procid_length; + ptrdiff_t procid_begin_offset; + + m = *msg; + app_name_begin = m; + + parsemsg_rfc3164_get_app_name_procid(app_name_begin, &app_name_length, + &procid_begin_offset, &procid_length); + if (app_name_length == 0) + goto bad; + procid_begin = procid_begin_offset == 0 ? NULL : + app_name_begin + procid_begin_offset; + /* Split strings from input. */ app_name_begin[app_name_length] = '\0'; - if (procid_begin != 0) + m += app_name_length + 1; + if (procid_begin != NULL) { procid_begin[procid_length] = '\0'; + m += procid_length + 2; + } - *msg = m + 2; + *msg = m + 1; *app_name = app_name_begin; *procid = procid_begin; return; @@ -1401,7 +1443,7 @@ printsys(char *msg) long n; int flags, isprintf, pri; - flags = SYNC_FILE; /* fsync after write */ + flags = ISKERNEL | SYNC_FILE; /* fsync after write */ p = msg; pri = DEFSPRI; isprintf = 1; @@ -1551,7 +1593,7 @@ logmsg(int pri, const struct logtime *timestamp, const struct filed *f; size_t savedlen; int fac, prilev; - char saved[MAXSVLINE]; + char saved[MAXSVLINE], kernel_app_name[100]; dprintf("logmsg: pri %o, flags %x, from %s, msg %s\n", pri, flags, hostname, msg); @@ -1576,6 +1618,23 @@ logmsg(int pri, const struct logtime *timestamp, const prilev = LOG_PRI(pri); + /* + * Lookup kernel app name from log prefix if present. + * This is only used for local program specification matching. + */ + if (flags & ISKERNEL) { + size_t kernel_app_name_length; + + parsemsg_rfc3164_get_app_name_procid(msg, + &kernel_app_name_length, NULL, NULL); + if (kernel_app_name_length != 0) { + strlcpy(kernel_app_name, msg, + MIN(sizeof(kernel_app_name), + kernel_app_name_length + 1)); + } else + kernel_app_name[0] = '\0'; + } + /* log the message to the particular outputs */ if (!Initialized) { f = &consfile; @@ -1622,7 +1681,10 @@ logmsg(int pri, const struct logtime *timestamp, const continue; /* skip messages with the incorrect program name */ - if (skip_message(app_name == NULL ? "" : app_name, + if (flags & ISKERNEL && kernel_app_name[0] != '\0') { + if (skip_message(kernel_app_name, f->f_program, 1)) + continue; + } else if (skip_message(app_name == NULL ? "" : app_name, f->f_program, 1)) continue;