syslogd: using IPv6 as hostnames results in "IP mismatch"

From: O. Hartmann <ohartmann_at_walstatt.org>
Date: Thu, 31 Jan 2019 08:24:38 +0100
Hello out there.

I'm using some dual stack installations and I'd like to configure FreeBSD's
(CURRENT at the moment) syslogd on a syslog-server to handle incoming logging
messages from remote FBSD boxes (mixed, 11.2, 12.0 and CURRENT).

I' facing a very weird situation.

Scenario:

The server has IPv6 fdff:dead:beef::faaf and IP 192.168.168.200.
The test client has IPv6 fdff:dead:beef::aaaa and IP 192.168.168.2.

On the syslog server:

The syslog server's syslogd is configured as (etc/rc.conf):

syslogd -C -v -v -b [fdff:dead:beef::faaf]:514 -b 192.168.168.200:514 \
-a [fdff:dead:beef::]/48:* -a 92.168.168.0/24:*

It's /etc/syslog.conf file contains the following line to make syslogd
receiving syslog messages from the specified client and log those messages in a
separate file (/usr/local/etc/syslog.d/host_X.conf):

+[fdff:dead:beef::aaaa],192.168.168.2
*.*	/var/log/hosts/host_a.log


On the client (IPv6 fdff:dead:beef::aaaa and IP 192.168.168.2), syslogd
(/etc/rc.conf) is configured via

syslogd -C -v -v -s

and it is configured to log additinaly all messages to the server
via /usr/local/etc/syslog.d/logging.conf:

*.*	_at_[fdff:dead:beef::faaf]
!*

I trigger then a log incident on the client via "logger < /dev/random".

This scenario doens't work - putting syslogd on the server into debug mode, via
adding option -d, the log message from the client is received, but rejected:

[...]
# of validation rule: 2
validate: dgram from IP ffdff:dead:beef::aaaa, port 514, name \
  fdff:dead:beef::aaaa; 
rejected in rule 1 due to IP mismatch. 
rejected in rule 2 due to address family mismatch. 
Message from fdff:dead:beef::aaaa was ignored.received sa_len = 28 
cvthname(28) len = 28 
cvthname(fdff:dead:beef::aaaa)
# of validation rule: 2

While the manpage syslog.onf(5) is specific how to use IPv6 addresses in the
"action" field, preceeded by "_at_", I've no doubt of the ciorrectnes of the
client's syntax, *.* _at_[fdff:dead:beef::faaf].

But it seems ambiguous when it comes to the part of the hostname on the
server's side, when prepending the "hostname/program" portion with a "+" when
it comes to IPv6.

If switching the config on the client to:

*.*                     _at_192.168.168.200
!*

does let syslogd on the server log the message as expected:

[...]
# of validation rule: 2
validate: dgram from IP 192.168.168.2, port 514, name 192.168.168.2;
rejected in rule 1 due to address family mismatch.
accepted in rule 2.
logmsg: pri 15, flags 0, from 192.168.168.2, msg ��q^Bǩ�^CM-^L
�*^_B�^LM-^A?^L�i[^R�5QM-^MRLvM-^FA}bM-^Y�F��^N�C�M-^\��b�^?�NM-^G-�ޠ��M-^[ƾ44��^V�zݣ}a�B�'M-^^^G�P��g^H�cM-^_at_J7xg\A��.��M-^UC7o^V���^Ax�^G�\
<^A.#�ns�KwV^N�^ZZ��Ϻ�M-^X�zM-^N^U�M-^Ys2smW^G^S^U�M-^G�<'~�7�^HFz�>DM-^T�V~8^^vW1��^K[�^\i^P�"M-^G�Q�(�m%{M-^_at_M-
^H�M-^Q�^Q�nW�Y(CT_at__/�`�cM-^Nv 
Logging to FILE /var/log/hosts/host_a.log 
received sa_len = 16 
cvthname(2) len = 16 
cvthname(192.168.168.2)
# of validation rule: 2

I also tried on the server's config to avoid the brackets ("[]"),

+fdff:dead:beef::aaaa,192.168.168.2
*.*	/var/log/hosts/host_a.log

but that seems illogical and it results in the same IP mismatch as reported
further above. 

If it isn't a bug, please point me to the mistake.

Thanks in advance,

oh
Received on Thu Jan 31 2019 - 06:24:55 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:20 UTC