Up to [local] / src / usr.sbin / syslogd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.13 / (download) - annotate - [select for diffs], Tue Mar 22 22:58:00 2022 UTC (2 years, 2 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
HEAD
Changes since 1.12: +2 -1 lines
Diff to previous 1.12 (colored)
Call tls_close() in libevent TLS wrapper of syslogd when the other side terminates the TLS connection. It results in a proper shutdown and the TLS peer has a chance to detect errors. This is expecially important for the client side. Due to the reduced TLS 1.3 handshake, errors might be undetected and log messages dropped silently. By doing a matching TLS shutdown on his side, the client can receive the error. Instead of checking socket writability and calling tls_close() repeatedly, syslogd calls it only once. As the other side has closed the connection anyway it is our turn to write the shutdown message. Do not care about errors here and avoid complexity. OK tb@
Revision 1.12 / (download) - annotate - [select for diffs], Fri Jun 28 13:32:51 2019 UTC (4 years, 11 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.11: +2 -2 lines
Diff to previous 1.11 (colored)
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
Revision 1.11 / (download) - annotate - [select for diffs], Tue Jul 4 15:52:26 2017 UTC (6 years, 10 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.10: +1 -16 lines
Diff to previous 1.10 (colored)
It does not make sense to use ioctl(FIONREAD) with TLS as libtls has already read the buffer from kernel to user land. I have blindly copied this code from libevent for syslogd(8) TLS, remove it together with the bug. It caused hangs in ldapd(8). report, analysis, testing, OK Seiya Kawashima, Robert Klein, gsoares@
Revision 1.10 / (download) - annotate - [select for diffs], Fri Mar 3 20:26:23 2017 UTC (7 years, 3 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored)
Internally libssl uses 16k buffer, the libevent TLS wrapper uses 4k read buffer. This can hang ldapd(8). Setting both to 16k improves the situation. report Seiya Kawashima; feedback Robert Klein; test and OK gsoares@
Revision 1.9 / (download) - annotate - [select for diffs], Fri Oct 9 16:58:25 2015 UTC (8 years, 7 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.8: +14 -1 lines
Diff to previous 1.8 (colored)
If syslogd is started with -S, it accepts TLS connections to receive encrypted messages. The server certificates are taken from /etc/ssl like relayd does. OK benno@ beck@ deraadt@
Revision 1.8 / (download) - annotate - [select for diffs], Sun Sep 20 21:49:54 2015 UTC (8 years, 8 months ago) by bluhm
Branch: MAIN
Changes since 1.7: +39 -56 lines
Diff to previous 1.7 (colored)
Misuse of libevent in TLS read and write might have caused strange event loss in syslogd. The ev_read and ev_write event structures were used for both EV_READ and EV_WRITE events intermixedly. The correct way is to use each event for its read and write purpose and instead switch the handler. Then libevent is no longer confused. When doing TLS read and a TLS_WANT_POLLOUT occures, call event_set() for the write event to change the callback to read. As there might be an event scheduled on the event, call event_del() before event_set(). After a successful TLS read, change back the write event. Add analog code for TLS write and handshake. OK beck@
Revision 1.7 / (download) - annotate - [select for diffs], Thu Sep 10 18:32:06 2015 UTC (8 years, 8 months ago) by bluhm
Branch: MAIN
Changes since 1.6: +9 -10 lines
Diff to previous 1.6 (colored)
Convert syslogd TLS connect to use handshake callback. The bt_hostname can go away as the callback does not need the hostname anymore. Call tls_handshake() until successful. Remove the function tls_socket() as it has a bad prefix. Just call tls_client(), tls_configure() and tls_connect_socket() after the TCP socket has been created. There is no need to wait until TCP connect has finished. OK beck@ jsing@
Revision 1.6 / (download) - annotate - [select for diffs], Thu Sep 10 10:58:48 2015 UTC (8 years, 8 months ago) by bluhm
Branch: MAIN
Changes since 1.5: +16 -18 lines
Diff to previous 1.5 (colored)
Make syslogd compile again after recent libtls changes. Adapt to new tls_read() and tls_write() calling semantics, adapt to TLS_WANT_POLLIN and TLS_WANT_POLLOUT renaming. OK beck@
Revision 1.5 / (download) - annotate - [select for diffs], Sat Jul 18 22:33:46 2015 UTC (8 years, 10 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.4: +1 -4 lines
Diff to previous 1.4 (colored)
As libtls previously did not set SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER, syslogd had to drop messages after tls_write() returned TLS_{READ,WRITE}_AGAIN. Now after libtls has been fixed, remove the workaround. Messages are stored in the libevent write buffer as we can safely do a realloc(3) now. OK reyk@
Revision 1.4 / (download) - annotate - [select for diffs], Mon Jul 6 16:12:16 2015 UTC (8 years, 10 months ago) by millert
Branch: MAIN
Changes since 1.3: +1 -2 lines
Diff to previous 1.3 (colored)
Remove some unneeded includes. OK deraadt@
Revision 1.3 / (download) - annotate - [select for diffs], Fri Feb 20 00:56:32 2015 UTC (9 years, 3 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.2: +4 -1 lines
Diff to previous 1.2 (colored)
When syslogd is writing over TLS, the error "SSL3_WRITE_PENDING:bad write retry" may occur. Unfortunately libtls tls_write() has inherited the strange semantics regarding partial writes and buffer movement from SSL_write(). This will be investigated after unlock, the goal is to have the behavior of write(2) in libtls. For now add a workaround in syslogd. If tls_write() indicates that it needs a read or write again, stop modifying the output buffer. Instead drop and count the syslog messages. After writing over TLS was successful, continue to queue the messages. This solution has minimum inpact and will be improved after 5.7 release. discussed with tedu@ reyk@ jsing@; OK tedu@
Revision 1.2 / (download) - annotate - [select for diffs], Fri Jan 30 14:00:55 2015 UTC (9 years, 4 months ago) by bluhm
Branch: MAIN
Changes since 1.1: +3 -2 lines
Diff to previous 1.1 (colored)
Start TLS after the TCP connect has finished. Call the TLS connect callback when the connected socket is writable. This avoids calling a NULL error callback. OK deraadt@
Revision 1.1 / (download) - annotate - [select for diffs], Sun Jan 18 19:37:59 2015 UTC (9 years, 4 months ago) by bluhm
Branch: MAIN
Implement sending syslog messages over TLS. OK reyk@