syslogd: Open forwarding socket descriptors
AcceptedPublic
Actions

Authored by jfree on Mon, Oct 14, 1:56 AM.

Details

Reviewers

Summary

Previously, when forwarding a message to a remote address, the target's
addrinfo was saved at config-parse-time. When message-deliver-time came,
the message's addrinfo was passed into sendmsg(2) and delivered by the
first available inet socket.

The use of sendmsg(2) is prohibited in Capsicum capability mode, so
sockets are now opened and connected to their remote peers at
config-parse-time when executing outside of the capability sandbox.

These sockets are then used with send(2), allowing forwarding to be
performed inside of the capability sandbox.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 59966
Build 56851: arc lint + arc unit

Event Timeline

jfree created this revision.Mon, Oct 14, 1:56 AM

Herald added a subscriber: imp. · View Herald TranscriptMon, Oct 14, 1:56 AM

jfree requested review of this revision.Mon, Oct 14, 1:56 AM

Harbormaster completed remote builds in B59966: Diff 144797.Mon, Oct 14, 1:56 AM

jfree added a parent revision: D41477: syslogd: Watch for dead pipe processes.Mon, Oct 14, 1:57 AM

This looks good to me, thanks. A couple of minor nits.

usr.sbin/syslogd/syslogd.c
367	Hopefully `f->f_addr_fds == NULL` implies `f->f_num_addr_fds == 0`, in which case there's no need to check this condition explicitly.
3051	It'd be nicer to use calloc() here IMO.

This revision is now accepted and ready to land.Mon, Oct 14, 12:45 PM

Address Mark's comments: use calloc() instead of malloc() for
memory allocations. This is done to avoid potential integer overflow
in total allocation size.

This revision now requires review to proceed.Sat, Oct 19, 6:29 PM

Harbormaster completed remote builds in B60099: Diff 145168.Sat, Oct 19, 6:29 PM

jfree added inline comments.Sat, Oct 19, 6:30 PM