From root@claimlynx.com  Tue Dec 20 19:06:30 2011
Return-Path: <root@claimlynx.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 06AF31065670
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 20 Dec 2011 19:06:30 +0000 (UTC)
	(envelope-from root@claimlynx.com)
Received: from alcatraz.claimlynx.com (alcatraz.claimlynx.com [216.17.83.245])
	by mx1.freebsd.org (Postfix) with ESMTP id D66EB8FC12
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 20 Dec 2011 19:06:29 +0000 (UTC)
Received: from leopard.claimlynx.com (leopard.claimlynx.com [216.17.68.149])
	by alcatraz.claimlynx.com (Postfix) with ESMTP id 0851D1CC1C
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 20 Dec 2011 13:06:29 -0600 (CST)
Received: by leopard.claimlynx.com (Postfix, from userid 0)
	id F2335358D0F; Tue, 20 Dec 2011 13:06:28 -0600 (CST)
Message-Id: <20111220190628.F2335358D0F@leopard.claimlynx.com>
Date: Tue, 20 Dec 2011 13:06:28 -0600 (CST)
From: Thomas Johnson <tom@claimlynx.com>
Reply-To: <root@claimlynx.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: syslog.conf filtering syntax broken in 9.0-RC3 (was working in 8.2)
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         163487
>Category:       bin
>Synopsis:       syslog.conf filtering syntax broken in 9.0-RC3 (was working in 8.2)
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    markj
>State:          analyzed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 20 19:10:08 UTC 2011
>Closed-Date:    
>Last-Modified:  Thu Dec 20 01:58:54 UTC 2012
>Originator:     Thomas Johnson
>Release:        FreeBSD 9.0-RC3 amd64
>Organization:
ClaimLynx, Inc.
>Environment:
System: FreeBSD blackbox-1.ply.claimlynx.com 9.0-RC3 FreeBSD 9.0-RC3 #1 r228280: Mon Dec 5 18:40:33 PST 2011 root@build9x64.pcbsd.org:/usr/obj/storage/fbsd-sources/9.0/sys/GENERIC amd64


>Description:
	When specifying multiple hostnames on a filter line in /etc/syslog.conf, syslogd seems to not correctly log syslog messages sent from the listed hosts (or at least the first-listed). As an example, here is a snippet of the syslog.conf file as configured (and working) on FreeBSD 8.2 i386.

=== syslog.conf snip ===

+shawshank-1.ply.claimlynx.com,shawshank-2.ply.claimlynx.com
!wan_checker
*.*                                             /var/log/wan_checker.log
+*
!*

=== end snip ===

I recently rebuilt this host, using 9.0-RC3 amd64 (fwiw, PC-BSD install media). I restored the syslog.conf file directly from backups, but with 9.0, messages that correspond to this combination of host/prog filters are never logged to the file. When running syslogd manually with debugging, I get the following output. It appears that the message is received from the remote host, but not written to the log file.

=== debug output ===

cvthname(10.0.0.252)
validate: dgram from IP 10.0.0.252, port 514, name shawshank-1.ply.claimlynx.com;
accepted in rule 0.
logmsg: pri 206, flags 0, from shawshank-1, msg Dec 20 12:57:38 wan_checker[35617]: WAN checking loop wakes up at Tue Dec 20 12:57:38 2011

=== end debug ====

>How-To-Repeat:

Add multiple hostnames to a filter, per the syntax in syslog.conf(5).

>Fix:

By rewriting syslog.conf to avoid multiple host filters, syslogd seems to content to do the right thing. The configuration snippet from the Description has been rewritten like so.

=== syslog.conf snip ===

!wan_checker
+shawshank-2.ply.claimlynx.com
*.*                                             /var/log/wan_checker.log
+*
+shawshank-1.ply.claimlynx.com
*.*                                             /var/log/wan_checker.log
+*
!*

=== end snip ===

This results in a successful write to the log file

=== debug output ===

cvthname(10.0.0.252)
validate: dgram from IP 10.0.0.252, port 514, name shawshank-1.ply.claimlynx.com;
accepted in rule 0.
logmsg: pri 206, flags 0, from shawshank-1, msg Dec 20 13:04:20 wan_checker[35617]: WAN checking loop wakes up at Tue Dec 20 13:04:20 2011
Logging to FILE /var/log/wan_checker.log

=== end debug ===

>Release-Note:
>Audit-Trail:

From: Mark Johnston <markjdb@gmail.com>
To: bug-followup@FreeBSD.org, root@claimlynx.com
Cc:  
Subject: Re: bin/163487: syslog.conf filtering syntax broken in 9.0-RC3 (was
 working in 8.2)
Date: Sat, 2 Jun 2012 00:55:38 -0400

 Hm, it's not really clear to me how this could have worked on FreeBSD
 8.2 - the problem's been around for a while, based on a quick look
 through the history of syslogd.c.
 
 There's a bug in the way that domain info gets trimmed off the host
 filters. When syslogd sees a line like
 
 +shawshank-1.ply.claimlynx.com
 
 it trims it to "shawshank-1" and uses that string to match incoming
 messages - you can see in the debug output that the incoming message
 comes with a hostname of "shawshank-1" rather than the FQDN.
 
 syslogd uses trimdomain(3) to get a hostname out of the host filter, and
 in your case it passes
 
 "shawshank-1.ply.claimlynx.com,shawshank-2.ply.claimlynx.com"
 
 to trimdomain(3), which has no effect. Then when the message from
 "shawshank-1" comes it, it doesn't get matched against either of the
 FQDNs and thus isn't logged.
 
 You can try to verify this by changing your filter to
 
 +shawshank-1,shawshank-2
 
 I haven't actually tried to reproduce this - it's based on a reading of
 the syslogd code. I'll post a patch soon.
 
 Thanks,
 -Mark

From: Mark Johnston <markjdb@gmail.com>
To: bug-followup@FreeBSD.org, root@claimlynx.com
Cc:  
Subject: Re: bin/163487: syslog.conf filtering syntax broken in 9.0-RC3 (was
 working in 8.2)
Date: Thu, 7 Jun 2012 00:33:16 -0400

 --tThc/1wpZn/ma/RB
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 I've attached a small patch which fixes the issue described above.
 Basically, rather than calling trimdomain(3) on the entire host filter
 string (which won't do anything if the filter contains multiple hosts),
 this change has syslogd call trimdomain(3) on each host and then copy it
 to f->f_host.
 
 Would you be able to test this?
 
 Thanks,
 -Mark
 
 --tThc/1wpZn/ma/RB
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: attachment; filename="syslogd_domain_trimming.patch.txt"
 
 diff --git a/usr.sbin/syslogd/syslogd.c b/usr.sbin/syslogd/syslogd.c
 index d1c9fd1..75912ec 100644
 --- a/usr.sbin/syslogd/syslogd.c
 +++ b/usr.sbin/syslogd/syslogd.c
 @@ -1775,7 +1775,7 @@ cfline(const char *line, struct filed *f, const char *prog, const char *host)
  	struct addrinfo hints, *res;
  	int error, i, pri, syncfile;
  	const char *p, *q;
 -	char *bp;
 +	char *bp, *currhost, *nexthost, *hostoff;
  	char buf[MAXLINE], ebuf[100];
  
  	dprintf("cfline(\"%s\", f, \"%s\", \"%s\")\n", line, prog, host);
 @@ -1793,15 +1793,25 @@ cfline(const char *line, struct filed *f, const char *prog, const char *host)
  	if (host) {
  		int hl;
  
 -		f->f_host = strdup(host);
 +		hl = strlen(host);
 +		f->f_host = malloc(hl);
  		if (f->f_host == NULL) {
 -			logerror("strdup");
 +			logerror("malloc");
  			exit(1);
  		}
 -		hl = strlen(f->f_host);
 -		if (hl > 0 && f->f_host[hl-1] == '.')
 -			f->f_host[--hl] = '\0';
 -		trimdomain(f->f_host, hl);
 +
 +		nexthost = (char *)host;
 +		hostoff = f->f_host;
 +		while ((currhost = strsep(&nexthost, ",")) != NULL) {
 +			hl = strlen(currhost);
 +			if (currhost[hl - 1] == '.')
 +				currhost[hl - 1] = '\0';
 +
 +			trimdomain(currhost, MAXHOSTNAMELEN);
 +			hostoff += strlcpy(hostoff, currhost, hl + 1);
 +			if (nexthost != NULL)
 +				*hostoff++ = ',';
 +		}
  	}
  
  	/* save program name if any */
 
 --tThc/1wpZn/ma/RB--

From: Thomas Johnson <tom@claimlynx.com>
To: Mark Johnston <markjdb@gmail.com>
Cc: bug-followup@freebsd.org, root@claimlynx.com
Subject: Re: bin/163487: syslog.conf filtering syntax broken in 9.0-RC3 (was
 working in 8.2)
Date: Thu, 7 Jun 2012 08:04:07 -0500

 --14dae934064bd6119f04c1e18425
 Content-Type: text/plain; charset=ISO-8859-1
 
 Mark,
 
 I will get this tested, may not be until next week though.
 
 Thanks!
 
 On Wed, Jun 6, 2012 at 11:33 PM, Mark Johnston <markjdb@gmail.com> wrote:
 
 > I've attached a small patch which fixes the issue described above.
 > Basically, rather than calling trimdomain(3) on the entire host filter
 > string (which won't do anything if the filter contains multiple hosts),
 > this change has syslogd call trimdomain(3) on each host and then copy it
 > to f->f_host.
 >
 > Would you be able to test this?
 >
 > Thanks,
 > -Mark
 >
 
 
 
 -- 
 Thomas Johnson
 ClaimLynx, Inc.
 952-593-5969 x2302
 
 --14dae934064bd6119f04c1e18425
 Content-Type: text/html; charset=ISO-8859-1
 Content-Transfer-Encoding: quoted-printable
 
 Mark,<br><br>I will get this tested, may not be until next week though.<br>=
 <br>Thanks!<br><br><div class=3D"gmail_quote">On Wed, Jun 6, 2012 at 11:33 =
 PM, Mark Johnston <span dir=3D"ltr">&lt;<a href=3D"mailto:markjdb@gmail.com=
 " target=3D"_blank">markjdb@gmail.com</a>&gt;</span> wrote:<br>
 <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
 x #ccc solid;padding-left:1ex">I&#39;ve attached a small patch which fixes =
 the issue described above.<br>
 Basically, rather than calling trimdomain(3) on the entire host filter<br>
 string (which won&#39;t do anything if the filter contains multiple hosts),=
 <br>
 this change has syslogd call trimdomain(3) on each host and then copy it<br=
 >
 to f-&gt;f_host.<br>
 <br>
 Would you be able to test this?<br>
 <br>
 Thanks,<br>
 -Mark<br>
 </blockquote></div><br><br clear=3D"all"><br>-- <br>Thomas Johnson<br>Claim=
 Lynx, Inc.<br>952-593-5969 x2302<br>
 
 --14dae934064bd6119f04c1e18425--

From: Mark Johnston <markjdb@gmail.com>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/163487: syslog.conf filtering syntax broken in 9.0-RC3 (was
 working in 8.2)
Date: Sat, 8 Sep 2012 19:28:11 -0400

 Didn't notice that this reply didn't get added to the PR.
 
 ----- Forwarded message from Thomas Johnson <tom@claimlynx.com> -----
 
 Date: Thu, 21 Jun 2012 09:52:43 -0500
 From: Thomas Johnson <tom@claimlynx.com>
 To: Mark Johnston <markjdb@gmail.com>
 Subject: Re: bin/163487: syslog.conf filtering syntax broken in 9.0-RC3 (was working in 8.2)
 
 Mark, tested your patch and it appears to resolve the problem. Sorry for
 the delay, it's been a busy couple of weeks, culminating in a Monday
 morning crash of the host I wanted to test the fix on. Thanks for looking
 into this!
 
 -Tom
 
 On Wed, Jun 6, 2012 at 11:33 PM, Mark Johnston <markjdb@gmail.com> wrote:
 
 > I've attached a small patch which fixes the issue described above.
 > Basically, rather than calling trimdomain(3) on the entire host filter
 > string (which won't do anything if the filter contains multiple hosts),
 > this change has syslogd call trimdomain(3) on each host and then copy it
 > to f->f_host.
 >
 > Would you be able to test this?
 >
 > Thanks,
 > -Mark
 >
 
 
 
 -- 
 Thomas Johnson
 ClaimLynx, Inc.
 952-593-5969 x2302
 
 ----- End forwarded message -----
Responsible-Changed-From-To: freebsd-bugs->markj 
Responsible-Changed-By: markj 
Responsible-Changed-When: Thu Dec 20 01:56:35 UTC 2012 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=163487 
State-Changed-From-To: open->analyzed 
State-Changed-By: markj 
State-Changed-When: Thu Dec 20 01:58:53 UTC 2012 
State-Changed-Why:  
The patch I posted here some time ago isn't very good, but I understand 
the problem. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=163487 
>Unformatted:
