[MEDIUM] add support for logging via a UNIX socket

The code in haproxy-1.3.13.1 only supports syslogging to an internet address. The attached patch: - Adds support for syslogging to a UNIX domain socket (e.g., /dev/log). If the address field begins with '/' (absolute file path), then AF_UNIX is used to construct the socket. Otherwise, AF_INET is used. - Achieves clean single-source build on both Mac OS X and Linux (sockaddr_in.sin_len and sockaddr_un.sun_len field aren't always present). For handling sendto() failures in send_log(), it appears that the existing code is fine (no need to close/recreate socket) for both UDP and UNIX-domain syslog server. So I left things alone (did not close/recreate socket). Closing/recreating socket after each failure would also work, but would lead to increased amount of unnecessary socket creation/destruction if syslog is temporarily unavailable for some reason (especially for verbose loggers). Please consider this patch for inclusion into the upstream haproxy codebase.
2025-08-07 15:47:01 +02:00 · 2007-12-05 10:47:29 +01:00 · 2007-12-05 10:47:29 +01:00 · 81ae1953bf
commit 81ae1953bf
parent ddbb82ff47
8 changed files with 177 additions and 46 deletions
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@ -84,10 +84,20 @@ group <group name>
 log <address> <facility> [max level]
  Adds a global syslog server. Up to two global servers can be defined. They
  will receive logs for startups and exits, as well as all logs from proxies
-  configured with "log global". <address> is an IPv4 address optionally
+  configured with "log global".
-  followed by a colon and an UDP port. If no port is specified, 514 is used
+
-  by default (the standard syslog port). <facility> must be one of the 24
+  <address> can be one of:
-  standard syslog facilities :
+
        - An IPv4 address optionally followed by a colon and an UDP port. If
          no port is specified, 514 is used by default (the standard syslog
          port).
        - A filesystem path to a UNIX domain socket, keeping in mind
          considerations for chroot (be sure the path is accessible inside
          the chroot) and uid/gid (be sure the path is appropriately
          writeable).
  <facility> must be one of the 24 standard syslog facilities :
          kern   user   mail   daemon auth   syslog lpr    news
          uucp   cron   auth2  ftp    ntp    audit  alert  cron2
--- a/include/common/standard.h
+++ b/include/common/standard.h
@ -124,6 +124,12 @@ extern int ishex(char s);
 */
 extern const char *invalid_char(const char *name);
 /*
 * converts <str> to a struct sockaddr_un* which is locally allocated.
 * The format is "/path", where "/path" is a path to a UNIX domain socket.
 */
 struct sockaddr_un *str2sun(char *str);
 /*
 * converts <str> to a struct sockaddr_in* which is locally allocated.
 * The format is "addr:port", where "addr" can be a dotted IPv4 address,
--- a/include/types/global.h
+++ b/include/types/global.h
@ -25,6 +25,7 @@
 #include <netinet/in.h>
 #include <common/config.h>
 #include <types/log.h>
 #include <types/protocols.h>
 #include <types/task.h>
@ -59,7 +60,7 @@ struct global {
 	char *pidfile;
 	int logfac1, logfac2;
 	int loglev1, loglev2;
-	struct sockaddr_in logsrv1, logsrv2;
+	struct logsrv logsrv1, logsrv2;
 	struct {
 		int maxpollevents; /* max number of poll events at once */
 	} tune;
--- a/include/types/log.h
+++ b/include/types/log.h
@ -22,6 +22,8 @@
 #ifndef _TYPES_LOG_H
 #define _TYPES_LOG_H
 #include <sys/un.h>
 #include <netinet/in.h>
 #include <common/config.h>
 #define MAX_SYSLOG_LEN          1024
@ -44,6 +46,15 @@
 #define LW_REQHDR	1024	/* request header(s) */
 #define LW_RSPHDR	2048	/* response header(s) */
 struct logsrv {
 	union {
 		struct sockaddr addr;
 		struct sockaddr_un un;	/* AF_UNIX */
 		struct sockaddr_in in;	/* AF_INET */
 	} u;
 };
 int logsrv_addrlen(const struct logsrv *logsrv);
 #endif /* _TYPES_LOG_H */
--- a/include/types/proxy.h
+++ b/include/types/proxy.h
@ -38,6 +38,7 @@
 #include <types/acl.h>
 #include <types/buffers.h>
 #include <types/httperr.h>
 #include <types/log.h>
 #include <types/protocols.h>
 #include <types/session.h>
 #include <types/server.h>
@ -206,7 +207,7 @@ struct proxy {
 	struct sockaddr_in tproxy_addr;		/* non-local address we want to bind to for connect() */
 #endif
 	struct proxy *next;
-	struct sockaddr_in logsrv1, logsrv2;	/* 2 syslog servers */
+	struct logsrv logsrv1, logsrv2;		/* 2 syslog servers */
 	signed char logfac1, logfac2;		/* log facility for both servers. -1 = disabled */
 	int loglev1, loglev2;			/* log level for each server, 7 by default */
 	int to_log;				/* things to be logged (LW_*) */
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@ -425,7 +425,7 @@ int cfg_parse_global(const char *file, int linenum, char **args)
 		global.pidfile = strdup(args[1]);
 	}
 	else if (!strcmp(args[0], "log")) {  /* syslog server address */
-		struct sockaddr_in *sa;
+		struct logsrv logsrv;
 		int facility, level;
 		if (*(args[1]) == 0 || *(args[2]) == 0) {
@ -448,17 +448,23 @@ int cfg_parse_global(const char *file, int linenum, char **args)
 			}
 		}
-		sa = str2sa(args[1]);
+		if (args[1][0] == '/') {
-		if (!sa->sin_port)
+			logsrv.u.addr.sa_family = AF_UNIX;
-			sa->sin_port = htons(SYSLOG_PORT);
+			logsrv.u.un = *str2sun(args[1]);
 		} else {
 			logsrv.u.addr.sa_family = AF_INET;
 			logsrv.u.in = *str2sa(args[1]);
 			if (!logsrv.u.in.sin_port)
 				logsrv.u.in.sin_port = htons(SYSLOG_PORT);
 		}
 		if (global.logfac1 == -1) {
-			global.logsrv1 = *sa;
+			global.logsrv1 = logsrv;
 			global.logfac1 = facility;
 			global.loglev1 = level;
 		}
 		else if (global.logfac2 == -1) {
-			global.logsrv2 = *sa;
+			global.logsrv2 = logsrv;
 			global.logfac2 = facility;
 			global.loglev2 = level;
 		}
@ -1639,7 +1645,7 @@ int cfg_parse_listen(const char *file, int linenum, char **args)
 		newsrv->prev_state = newsrv->state;
 	}
 	else if (!strcmp(args[0], "log")) {  /* syslog server address */
-		struct sockaddr_in *sa;
+		struct logsrv logsrv;
 		int facility;
 		if (*(args[1]) && *(args[2]) == 0 && !strcmp(args[1], "global")) {
@ -1668,17 +1674,25 @@ int cfg_parse_listen(const char *file, int linenum, char **args)
 				}
 			}
-			sa = str2sa(args[1]);
+			if (args[1][0] == '/') {
-			if (!sa->sin_port)
+				logsrv.u.addr.sa_family = AF_UNIX;
-				sa->sin_port = htons(SYSLOG_PORT);
+				logsrv.u.un = *str2sun(args[1]);
 			} else {
 				logsrv.u.addr.sa_family = AF_INET;
 				logsrv.u.in = *str2sa(args[1]);
 				if (!logsrv.u.in.sin_port) {
 					logsrv.u.in.sin_port =
 						htons(SYSLOG_PORT);
 				}
 			}
 			if (curproxy->logfac1 == -1) {
-				curproxy->logsrv1 = *sa;
+				curproxy->logsrv1 = logsrv;
 				curproxy->logfac1 = facility;
 				curproxy->loglev1 = level;
 			}
 			else if (curproxy->logfac2 == -1) {
-				curproxy->logsrv2 = *sa;
+				curproxy->logsrv2 = logsrv;
 				curproxy->logfac2 = facility;
 				curproxy->loglev2 = level;
 			}
--- a/src/log.c
+++ b/src/log.c
@ -18,6 +18,7 @@
 #include <syslog.h>
 #include <time.h>
 #include <unistd.h>
 #include <errno.h>
 #include <sys/time.h>
@ -30,6 +31,9 @@
 #include <types/log.h>
 #include <types/session.h>
 #ifndef MSG_NOSIGNAL
 #define MSG_NOSIGNAL	(0)
 #endif /* !MSG_NOSIGNAL */
 const char *log_facilities[NB_LOG_FACILITIES] = {
 	"kern", "user", "mail", "daemon",
@ -140,6 +144,32 @@ int get_log_facility(const char *fac)
 	return facility;
 }
 /*
 * Return the length of the address endpoint, suitable for use with sendto().
 */
 int logsrv_addrlen(const struct logsrv *logsrv)
 {
 #ifdef __SOCKADDR_COMMON
 	switch (logsrv->u.addr.sa_family) {
 	case AF_UNIX:
 		return sizeof(logsrv->u.un);
 	case AF_INET:
 		return sizeof(logsrv->u.in);
 	default:
 		break;
 	}
 #else  /* !__SOCKADDR_COMMON */
 	switch (logsrv->u.addr.sa_family) {
 	case AF_UNIX:
 		return logsrv->u.un.sun_len;
 	case AF_INET:
 		return logsrv->u.in.sin_len;
 	default:
 		break;
 	}
 #endif /* !__SOCKADDR_COMMON */
 	return -1;
 }
 /*
 * This function sends a syslog message to both log servers of a proxy,
@ -149,29 +179,20 @@ int get_log_facility(const char *fac)
 */
 void send_log(struct proxy *p, int level, const char *message, ...)
 {
-	static int logfd = -1;	/* syslog UDP socket */
+	static int logfdunix = -1;	/* syslog to AF_UNIX socket */
 	static int logfdinet = -1;	/* syslog to AF_INET socket */
 	static long tvsec = -1;	/* to force the string to be initialized */
 	va_list argp;
 	static char logmsg[MAX_SYSLOG_LEN];
 	static char *dataptr = NULL;
 	int fac_level;
 	int hdr_len, data_len;
-	struct sockaddr_in *sa[2];
+	struct logsrv *logsrvs[2];
 	int facilities[2], loglevel[2];
 	int nblogger;
 	int nbloggers = 0;
 	char *log_ptr;
 	if (logfd < 0) {
 		if ((logfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
 			return;
 		/* we don't want to receive anything on this socket */
 		setsockopt(logfd, SOL_SOCKET, SO_RCVBUF, &zero, sizeof(zero));
 		/* need for AIX which does not know about MSG_DONTWAIT */
 		if (!MSG_DONTWAIT)
 			fcntl(logfd, F_SETFL, O_NONBLOCK);
 		shutdown(logfd, SHUT_RD); /* does nothing under Linux, maybe needed for others */
 	}
 	if (level < 0 || progname == NULL || message == NULL)
 		return;
@ -210,35 +231,70 @@ void send_log(struct proxy *p, int level, const char *message, ...)
 	if (p == NULL) {
 		if (global.logfac1 >= 0) {
-			sa[nbloggers] = &global.logsrv1;
+			logsrvs[nbloggers] = &global.logsrv1;
 			facilities[nbloggers] = global.logfac1;
 			loglevel[nbloggers] = global.loglev1;
 			nbloggers++;
 		}
 		if (global.logfac2 >= 0) {
-			sa[nbloggers] = &global.logsrv2;
+			logsrvs[nbloggers] = &global.logsrv2;
 			facilities[nbloggers] = global.logfac2;
 			loglevel[nbloggers] = global.loglev2;
 			nbloggers++;
 		}
 	} else {
 		if (p->logfac1 >= 0) {
-			sa[nbloggers] = &p->logsrv1;
+			logsrvs[nbloggers] = &p->logsrv1;
 			facilities[nbloggers] = p->logfac1;
 			loglevel[nbloggers] = p->loglev1;
 			nbloggers++;
 		}
 		if (p->logfac2 >= 0) {
-			sa[nbloggers] = &p->logsrv2;
+			logsrvs[nbloggers] = &p->logsrv2;
 			facilities[nbloggers] = p->logfac2;
 			loglevel[nbloggers] = p->loglev2;
 			nbloggers++;
 		}
 	}
-	while (nbloggers-- > 0) {
+	/* Lazily set up syslog sockets for protocol families of configured
 	 * syslog servers. */
 	for (nblogger = 0; nblogger < nbloggers; nblogger++) {
 		const struct logsrv *logsrv = logsrvs[nblogger];
 		int proto, *plogfd;
 		if (logsrv->u.addr.sa_family == AF_UNIX) {
 			proto = 0;
 			plogfd = &logfdunix;
 		} else {
 			/* sa_family == AF_INET */
 			proto = IPPROTO_UDP;
 			plogfd = &logfdinet;
 		}
 		if (*plogfd >= 0) {
 			/* socket already created. */
 			continue;
 		}
 		if ((*plogfd = socket(logsrv->u.addr.sa_family, SOCK_DGRAM,
 				proto)) < 0) {
 			Alert("socket for logger #%d failed: %s (errno=%d)\n",
 				nblogger + 1, strerror(errno), errno);
 			return;
 		}
 		/* we don't want to receive anything on this socket */
 		setsockopt(*plogfd, SOL_SOCKET, SO_RCVBUF, &zero, sizeof(zero));
 		/* does nothing under Linux, maybe needed for others */
 		shutdown(*plogfd, SHUT_RD);
 	}
 	/* Send log messages to syslog server. */
 	for (nblogger = 0; nblogger < nbloggers; nblogger++) {
 		const struct logsrv *logsrv = logsrvs[nblogger];
 		int *plogfd = logsrv->u.addr.sa_family == AF_UNIX ?
 			&logfdunix : &logfdinet;
 		int sent;
 		/* we can filter the level of the messages that are sent to each logger */
-		if (level > loglevel[nbloggers])
+		if (level > loglevel[nblogger])
 			continue;
 		/* For each target, we may have a different facility.
@ -248,7 +304,7 @@ void send_log(struct proxy *p, int level, const char *message, ...)
 		 * time, we only change the facility in the pre-computed header,
 		 * and we change the pointer to the header accordingly.
 		 */
-		fac_level = (facilities[nbloggers] << 3) + level;
+		fac_level = (facilities[nblogger] << 3) + level;
 		log_ptr = logmsg + 3; /* last digit of the log level */
 		do {
 			*log_ptr = '0' + fac_level % 10;
@ -258,14 +314,12 @@ void send_log(struct proxy *p, int level, const char *message, ...)
 		*log_ptr = '<';
 		/* the total syslog message now starts at logptr, for dataptr+data_len-logptr */
-
+		sent = sendto(*plogfd, log_ptr, dataptr + data_len - log_ptr,
-#ifndef MSG_NOSIGNAL
+			MSG_DONTWAIT | MSG_NOSIGNAL, &logsrv->u.addr, logsrv_addrlen(logsrv));
-		sendto(logfd, log_ptr, dataptr + data_len - log_ptr, MSG_DONTWAIT,
+		if (sent < 0) {
-		       (struct sockaddr *)sa[nbloggers], sizeof(**sa));
+			Alert("sendto logger #%d failed: %s (errno=%d)\n",
-#else
+				nblogger, strerror(errno), errno);
-		sendto(logfd, log_ptr, dataptr + data_len - log_ptr, MSG_DONTWAIT | MSG_NOSIGNAL,
+		}
 		       (struct sockaddr *)sa[nbloggers], sizeof(**sa));
 #endif
 	}
 }
--- a/src/standard.c
+++ b/src/standard.c
@ -77,6 +77,37 @@ const char *limit_r(unsigned long n, char *buffer, int size, const char *alt)
 	return (n) ? ultoa_r(n, buffer, size) : (alt ? alt : "");
 }
 /*
 * converts <str> to a struct sockaddr_un* which is locally allocated.
 * The format is "/path", where "/path" is a path to a UNIX domain socket.
 */
 struct sockaddr_un *str2sun(char *str)
 {
 	static struct sockaddr_un sun;
 	int strsz;	/* length included null */
 	memset(&sun, 0, sizeof(sun));
 	str = strdup(str);
 	if (str == NULL)
 		goto out_nofree;
 	strsz = strlen(str) + 1;
 	if (strsz > sizeof(sun.sun_path)) {
 		Alert("Socket path '%s' too long (max %d)\n",
 			str, sizeof(sun.sun_path) - 1);
 		goto out_nofree;
 	}
 #ifndef __SOCKADDR_COMMON
 	sun.sun_len = sizeof(sun);
 #endif  /* !__SOCKADDR_COMMON */
 	sun.sun_family = AF_UNIX;
 	memcpy(sun.sun_path, str, strsz);
 	free(str);
 out_nofree:
 	return &sun;
 }
 /*
 * Returns non-zero if character <s> is a hex digit (0-9, a-f, A-F), else zero.
@ -153,6 +184,9 @@ struct sockaddr_in *str2sa(char *str)
 		else
 			sa.sin_addr = *(struct in_addr *) *(he->h_addr_list);
 	}
 #ifndef __SOCKADDR_COMMON
 	sa.sin_len = sizeof(sa);
 #endif  /* !__SOCKADDR_COMMON */
 	sa.sin_port   = htons(port);
 	sa.sin_family = AF_INET;