[syslog] Allow port number to be specified for encrypted syslog server

The original implementation in commit 943b300 ("[syslog] Add basic
support for encrypted syslog via TLS") was based on examples found in
the rsyslog documentation rather than on RFC 5425, and unfortunately
used the default syslog port number 514 rather than the syslog-tls
port number 6514 defined in the RFC.

Extend parsing of the syslog server name to allow for an optional port
number (in the relatively intuitive format "server[:port]").  Retain
the existing (and incorrect) default port number to avoid breaking
backwards compatibility with existing setups.

Reported-by: Christian Nilsson <nikize@gmail.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>

diff --git a/src/include/ipxe/errfile.h b/src/include/ipxe/errfile.h
index 8379adb139cb3c1ea9afa47434fbbdc6f1797d16..27c2bb97ce52fba36015a4cc14aabd576591e332 100644 (file)
--- a/src/include/ipxe/errfile.h
+++ b/src/include/ipxe/errfile.h
@@ -322,6 +322,7 @@ FILE_SECBOOT ( PERMITTED );
 #define ERRFILE_lldp                   ( ERRFILE_NET | 0x004c0000 )
 #define ERRFILE_eap_md5                        ( ERRFILE_NET | 0x004d0000 )
 #define ERRFILE_eap_mschapv2           ( ERRFILE_NET | 0x004e0000 )
+#define ERRFILE_syslogs                        ( ERRFILE_NET | 0x004f0000 )
 
 #define ERRFILE_image                ( ERRFILE_IMAGE | 0x00000000 )
 #define ERRFILE_elf                  ( ERRFILE_IMAGE | 0x00010000 )

diff --git a/src/net/tcp/syslogs.c b/src/net/tcp/syslogs.c
index eff53ea940d004f4ae72ee502b07eec4f12201c8..78bc97519508cf87f5c90c130f9a4b7a60551b37 100644 (file)
--- a/src/net/tcp/syslogs.c
+++ b/src/net/tcp/syslogs.c
@@ -33,6 +33,7 @@ FILE_SECBOOT ( PERMITTED );
 #include <stdint.h>
 #include <stdlib.h>
 #include <string.h>
+#include <errno.h>
 #include <byteswap.h>
 #include <ipxe/xfer.h>
 #include <ipxe/open.h>
@@ -54,9 +55,7 @@ FILE_SECBOOT ( PERMITTED );
 struct console_driver syslogs_console __console_driver;
 
 /** The encrypted syslog server */
-static struct sockaddr_tcpip logserver = {
-       .st_port = htons ( SYSLOG_PORT ),
-};
+static struct sockaddr_tcpip logserver;
 
 /**
  * Handle encrypted syslog TLS interface close
@@ -211,6 +210,9 @@ const struct setting syslogs_setting __setting ( SETTING_MISC, syslogs ) = {
 static int apply_syslogs_settings ( void ) {
        static char *old_server;
        char *server;
+       char *sep;
+       char *end;
+       unsigned int port;
        int rc;
 
        /* Fetch log server */
@@ -236,7 +238,22 @@ static int apply_syslogs_settings ( void ) {
                rc = 0;
                goto out_no_server;
        }
-       DBG ( "SYSLOGS using log server %s\n", server );
+
+       /* Identify port */
+       port = SYSLOG_PORT;
+       if ( ( sep = strrchr ( server, ':' ) ) &&
+            ( server[ strlen ( server ) - 1 ] != ']' ) ) {
+               *(sep++) = '\0';
+               port = strtoul ( sep, &end, 0 );
+               if ( *end || ( ! *sep ) ) {
+                       DBG ( "SYSLOGS log server %s:%s has invalid port\n",
+                             server, sep );
+                       rc = -EINVAL;
+                       goto err_port;
+               }
+       }
+       logserver.st_port = htons ( port );
+       DBG ( "SYSLOGS using log server %s:%d\n", server, port );
 
        /* Connect to log server */
        if ( ( rc = xfer_open_named_socket ( &syslogs, SOCK_STREAM,
@@ -256,12 +273,15 @@ static int apply_syslogs_settings ( void ) {
 
        /* Record log server */
        old_server = server;
+       if ( sep )
+               *(--sep) = ':';
 
        return 0;
 
  err_add_tls:
  err_open_named_socket:
        syslogs_close ( &syslogs, rc );
+ err_port:
  out_no_server:
  out_no_change:
        free ( server );