Date: Tue, 8 Jun 1999 20:43:26 -0700 (PDT) From: eddart@ca.sandia.gov To: freebsd-gnats-submit@freebsd.org Subject: bin/12091: syslog packets from a remote machine are not accepted unless the address is specified as xxx.xxx.xxx.xxx/32 -- shorter masks (including defaults) cause packets to be dropped by syslogd. Message-ID: <19990609034326.A3A6315207@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 12091
>Category: bin
>Synopsis: syslog packets from a remote machine are not accepted unless the address is specified as xxx.xxx.xxx.xxx/32 -- shorter masks (including defaults) cause packets to be dropped by syslogd.
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Jun 8 20:50:01 PDT 1999
>Closed-Date:
>Last-Modified:
>Originator: Eli Dart
>Release: 3.2-RELEASE
>Organization:
Sandia National Labs
>Environment:
FreeBSD <hostname> 3.2-RELEASE FreeBSD 3.2-RELEASE #0: Tue May 18 04:05:08 GMT 1999 jkh@cathair:/usr/src/sys/compile/GENERIC i386
>Description:
This problem shows up when attempting accept syslog packets from a
remote machine. If syslogd is run "syslogd -a 1.2.3.4/24" (the network
is a class C network, netmask 255.255.255.0) syslog packets are dropped.
I have also tried this on a /27 network -- same behavior.
>How-To-Repeat:
Running "syslogd -d -a 1.2.3.4/24" gives the following output:
allowaddr: rule 0: numeric, addr = 1.2.3.4, mask = 255.255.255.0; port = 514
off & running....
init
...
[snip]
...
cvthname(1.2.3.4)
validate: dgram from IP 1.2.3.4, port 514, name <hostname>;
rejected in rule 0 due to IP mismatch.
So, it prints out that it got a udp packet from 1.2.3.4 and dropped it.
In syslogd.c, line 1770, function validate() starts. In validate(),
line 1793, we walk the list of allowed peers in a for loop. In that
for loop, line 1800, is the comparison that is causing the problem.
The source address of the udp packet is bitwise anded with the stored
netmask (converted from the /24 on the command line) and compared with
the stored address (gotten from the command line). Of course these are
different -- the netmask (in net byte order) is 0x00ffffff. We simply
nuke the first 2 bytes of the incoming packet's address.
>Fix:
Option 1: always use a 32-bit mask
Option 2: replace this code (in syslogd.c):
1799 if (ap->isnumeric) {
1800 if ((sin->sin_addr.s_addr & ap->a_mask.s_addr)
1801 != ap->a_addr.s_addr) {
1802 dprintf("rejected in rule %d due to IP mismatch.\n", i);
1803 continue;
1804 }
1805 } else {
With this code:
if (ap->isnumeric) {
if ((sin->sin_addr.s_addr & ap->a_mask.s_addr)
!= (ap->a_addr.s_addr & ap->a_mask.s_addr) ) {
dprintf("rejected in rule %d due to IP mismatch.\n", i);
continue;
}
} else {
Hmmm....it says not to submit code. Oops... If this comes out garbled,
let me know, and I will mail it to you. There isn't *much* code...
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990609034326.A3A6315207>