Date: Thu, 31 Jan 2019 08:24:38 +0100 From: "O. Hartmann" <ohartmann@walstatt.org> To: freebsd-current <freebsd-current@freebsd.org> Subject: syslogd: using IPv6 as hostnames results in "IP mismatch" Message-ID: <20190131082420.7724799c@freyja>
next in thread | raw e-mail | index | archive | help
Hello out there.
I'm using some dual stack installations and I'd like to configure FreeBSD's
(CURRENT at the moment) syslogd on a syslog-server to handle incoming loggi=
ng
messages from remote FBSD boxes (mixed, 11.2, 12.0 and CURRENT).
I' facing a very weird situation.
Scenario:
The server has IPv6 fdff:dead:beef::faaf and IP 192.168.168.200.
The test client has IPv6 fdff:dead:beef::aaaa and IP 192.168.168.2.
On the syslog server:
The syslog server's syslogd is configured as (etc/rc.conf):
syslogd -C -v -v -b [fdff:dead:beef::faaf]:514 -b 192.168.168.200:514 \
-a [fdff:dead:beef::]/48:* -a 92.168.168.0/24:*
It's /etc/syslog.conf file contains the following line to make syslogd
receiving syslog messages from the specified client and log those messages =
in a
separate file (/usr/local/etc/syslog.d/host_X.conf):
+[fdff:dead:beef::aaaa],192.168.168.2
*.* /var/log/hosts/host_a.log
On the client (IPv6 fdff:dead:beef::aaaa and IP 192.168.168.2), syslogd
(/etc/rc.conf) is configured via
syslogd -C -v -v -s
and it is configured to log additinaly all messages to the server
via /usr/local/etc/syslog.d/logging.conf:
*.* @[fdff:dead:beef::faaf]
!*
I trigger then a log incident on the client via "logger < /dev/random".
This scenario doens't work - putting syslogd on the server into debug mode,=
via
adding option -d, the log message from the client is received, but rejected:
[...]
# of validation rule: 2
validate: dgram from IP ffdff:dead:beef::aaaa, port 514, name \
fdff:dead:beef::aaaa;=20
rejected in rule 1 due to IP mismatch.=20
rejected in rule 2 due to address family mismatch.=20
Message from fdff:dead:beef::aaaa was ignored.received sa_len =3D 28=20
cvthname(28) len =3D 28=20
cvthname(fdff:dead:beef::aaaa)
# of validation rule: 2
While the manpage syslog.onf(5) is specific how to use IPv6 addresses in the
"action" field, preceeded by "@", I've no doubt of the ciorrectnes of the
client's syntax, *.* @[fdff:dead:beef::faaf].
But it seems ambiguous when it comes to the part of the hostname on the
server's side, when prepending the "hostname/program" portion with a "+" wh=
en
it comes to IPv6.
If switching the config on the client to:
*.* @192.168.168.200
!*
does let syslogd on the server log the message as expected:
[...]
# of validation rule: 2
validate: dgram from IP 192.168.168.2, port 514, name 192.168.168.2;
rejected in rule 1 due to address family mismatch.
accepted in rule 2.
logmsg: pri 15, flags 0, from 192.168.168.2, msg =EF=BF=BD=EF=BF=BDq^B=C7=
=A9=EF=BF=BD^CM-^L
=EF=BF=BD*^_B=EF=BF=BD^LM-^A?^L=EF=BF=BDi[^R=EF=BF=BD5QM-^MRLvM-^FA}bM-^Y=
=EF=BF=BDF=EF=BF=BD=EF=BF=BD^N=EF=BF=BDC=EF=BF=BDM-^\=EF=BF=BD=EF=BF=BDb=EF=
=BF=BD^?=EF=BF=BDNM-^G-=EF=BF=BD=DE=A0=EF=BF=BD=EF=BF=BDM-^[=C6=BE44=EF=BF=
=BD=EF=BF=BD^V=EF=BF=BDz=DD=A3}a=EF=BF=BDB=EF=BF=BD'M-^^^G=EF=BF=BDP=EF=BF=
=BD=EF=BF=BDg^H=EF=BF=BDcM-^@J7xg\A=EF=BF=BD=EF=BF=BD.=EF=BF=BD=EF=BF=BDM-^=
UC7o^V=EF=BF=BD=EF=BF=BD=EF=BF=BD^Ax=EF=BF=BD^G=EF=BF=BD\
<^A.#=EF=BF=BDns=EF=BF=BDKwV^N=EF=BF=BD^ZZ=EF=BF=BD=EF=BF=BD=CF=BA=EF=BF=BD=
M-^X=EF=BF=BDzM-^N^U=EF=BF=BDM-^Ys2smW^G^S^U=EF=BF=BDM-^G=EF=BF=BD<'~=EF=BF=
=BD7=EF=BF=BD^HFz=EF=BF=BD>DM-^T=EF=BF=BDV~8^^vW1=EF=BF=BD=EF=BF=BD^K[=EF=
=BF=BD^\i^P=EF=BF=BD"M-^G=EF=BF=BDQ=EF=BF=BD(=EF=BF=BDm%{M-^@M-
^H=EF=BF=BDM-^Q=EF=BF=BD^Q=EF=BF=BDnW=EF=BF=BDY(CT@_/=EF=BF=BD`=EF=BF=BDcM-=
^Nv=20
Logging to FILE /var/log/hosts/host_a.log=20
received sa_len =3D 16=20
cvthname(2) len =3D 16=20
cvthname(192.168.168.2)
# of validation rule: 2
I also tried on the server's config to avoid the brackets ("[]"),
+fdff:dead:beef::aaaa,192.168.168.2
*.* /var/log/hosts/host_a.log
but that seems illogical and it results in the same IP mismatch as reported
further above.=20
If it isn't a bug, please point me to the mistake.
Thanks in advance,
oh
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190131082420.7724799c>