syslogd: using IPv6 as hostnames results in "IP mismatch"

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

syslogd: using IPv6 as hostnames results in "IP mismatch"

Hartmann, O.-2
Hello out there.

I'm using some dual stack installations and I'd like to configure FreeBSD's
(CURRENT at the moment) syslogd on a syslog-server to handle incoming logging
messages from remote FBSD boxes (mixed, 11.2, 12.0 and CURRENT).

I' facing a very weird situation.

Scenario:

The server has IPv6 fdff:dead:beef::faaf and IP 192.168.168.200.
The test client has IPv6 fdff:dead:beef::aaaa and IP 192.168.168.2.

On the syslog server:

The syslog server's syslogd is configured as (etc/rc.conf):

syslogd -C -v -v -b [fdff:dead:beef::faaf]:514 -b 192.168.168.200:514 \
-a [fdff:dead:beef::]/48:* -a 92.168.168.0/24:*

It's /etc/syslog.conf file contains the following line to make syslogd
receiving syslog messages from the specified client and log those messages in a
separate file (/usr/local/etc/syslog.d/host_X.conf):

+[fdff:dead:beef::aaaa],192.168.168.2
*.* /var/log/hosts/host_a.log


On the client (IPv6 fdff:dead:beef::aaaa and IP 192.168.168.2), syslogd
(/etc/rc.conf) is configured via

syslogd -C -v -v -s

and it is configured to log additinaly all messages to the server
via /usr/local/etc/syslog.d/logging.conf:

*.* @[fdff:dead:beef::faaf]
!*

I trigger then a log incident on the client via "logger < /dev/random".

This scenario doens't work - putting syslogd on the server into debug mode, via
adding option -d, the log message from the client is received, but rejected:

[...]
# of validation rule: 2
validate: dgram from IP ffdff:dead:beef::aaaa, port 514, name \
  fdff:dead:beef::aaaa;
rejected in rule 1 due to IP mismatch.
rejected in rule 2 due to address family mismatch.
Message from fdff:dead:beef::aaaa was ignored.received sa_len = 28
cvthname(28) len = 28
cvthname(fdff:dead:beef::aaaa)
# of validation rule: 2

While the manpage syslog.onf(5) is specific how to use IPv6 addresses in the
"action" field, preceeded by "@", I've no doubt of the ciorrectnes of the
client's syntax, *.* @[fdff:dead:beef::faaf].

But it seems ambiguous when it comes to the part of the hostname on the
server's side, when prepending the "hostname/program" portion with a "+" when
it comes to IPv6.

If switching the config on the client to:

*.*                     @192.168.168.200
!*

does let syslogd on the server log the message as expected:

[...]
# of validation rule: 2
validate: dgram from IP 192.168.168.2, port 514, name 192.168.168.2;
rejected in rule 1 due to address family mismatch.
accepted in rule 2.
logmsg: pri 15, flags 0, from 192.168.168.2, msg ��q^Bǩ�^CM-^L
�*^_B�^LM-^A?^L�i[^R�5QM-^MRLvM-^FA}bM-^Y�F��^N�C�M-^\��b�^?�NM-^G-�ޠ��M-^[ƾ44��^V�zݣ}a�B�'M-^^^G�P��g^H�cM-^@J7xg\A��.��M-^UC7o^V���^Ax�^G�\
<^A.#�ns�KwV^N�^ZZ��Ϻ�M-^X�zM-^N^U�M-^Ys2smW^G^S^U�M-^G�<'~�7�^HFz�>DM-^T�V~8^^vW1��^K[�^\i^P�"M-^G�Q�(�m%{M-^@M-
^H�M-^Q�^Q�nW�Y(CT@_/�`�cM-^Nv
Logging to FILE /var/log/hosts/host_a.log
received sa_len = 16
cvthname(2) len = 16
cvthname(192.168.168.2)
# of validation rule: 2

I also tried on the server's config to avoid the brackets ("[]"),

+fdff:dead:beef::aaaa,192.168.168.2
*.* /var/log/hosts/host_a.log

but that seems illogical and it results in the same IP mismatch as reported
further above.

If it isn't a bug, please point me to the mistake.

Thanks in advance,

oh

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: syslogd: using IPv6 as hostnames results in "IP mismatch"

Hajimu UMEMOTO
Hi,

>>>>> On Thu, 31 Jan 2019 08:24:38 +0100
>>>>> "O. Hartmann" <[hidden email]> said:

ohartmann> validate: dgram from IP ffdff:dead:beef::aaaa, port 514, name \
ohartmann>   fdff:dead:beef::aaaa;
ohartmann> rejected in rule 1 due to IP mismatch.

The -a option was broken.  It should be fixed now.
Please try it.

Sincerely,

--
Hajimu UMEMOTO
[hidden email]  [hidden email]
http://www.mahoroba.org/~ume
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: syslogd: using IPv6 as hostnames results in "IP mismatch"

Hajimu UMEMOTO
In reply to this post by Hartmann, O.-2
Hi,

>>>>> On Thu, 31 Jan 2019 08:24:38 +0100
>>>>> "O. Hartmann" <[hidden email]> said:

ohartmann> validate: dgram from IP ffdff:dead:beef::aaaa, port 514, name \
ohartmann>   fdff:dead:beef::aaaa;
ohartmann> rejected in rule 1 due to IP mismatch.

The -a option was broken.  It should be fixed now.
Please try it.

Sincerely,

--
Hajimu UMEMOTO
[hidden email]  [hidden email]
http://www.mahoroba.org/~ume
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: syslogd: using IPv6 as hostnames results in "IP mismatch"

Hajimu UMEMOTO
In reply to this post by Hartmann, O.-2
Hi,

>>>>> On Thu, 31 Jan 2019 08:24:38 +0100
>>>>> "O. Hartmann" <[hidden email]> said:

ohartmann> validate: dgram from IP ffdff:dead:beef::aaaa, port 514, name \
ohartmann>   fdff:dead:beef::aaaa;
ohartmann> rejected in rule 1 due to IP mismatch.

The -a option was broken.  It should be fixed now.
Please, try it.

Sincerely,

--
Hajimu UMEMOTO
[hidden email]  [hidden email]
http://www.mahoroba.org/~ume/
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"