[syslog] Allow port number to be specified for encrypted syslog server

The original implementation in commit 943b300 ("[syslog] Add basic support for encrypted syslog via TLS") was based on examples found in the rsyslog documentation rather than on RFC 5425, and unfortunately used the default syslog port number 514 rather than the syslog-tls port number 6514 defined in the RFC. Extend parsing of the syslog server name to allow for an optional port number (in the relatively intuitive format "server[:port]"). Retain the existing (and incorrect) default port number to avoid breaking backwards compatibility with existing setups. Reported-by: Christian Nilsson <nikize@gmail.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
2026-05-05 04:16:33 +02:00 · 2026-02-09 12:06:36 +00:00 · 2026-02-09 12:06:36 +00:00 · cd9b44e574
commit cd9b44e574
parent 362b704f83
2 changed files with 25 additions and 4 deletions
--- a/src/include/ipxe/errfile.h
+++ b/src/include/ipxe/errfile.h
@ -322,6 +322,7 @@ FILE_SECBOOT ( PERMITTED );
 #define ERRFILE_lldp			( ERRFILE_NET | 0x004c0000 )
 #define ERRFILE_eap_md5			( ERRFILE_NET | 0x004d0000 )
 #define ERRFILE_eap_mschapv2		( ERRFILE_NET | 0x004e0000 )
+#define ERRFILE_syslogs			( ERRFILE_NET | 0x004f0000 )

 #define ERRFILE_image		      ( ERRFILE_IMAGE | 0x00000000 )
 #define ERRFILE_elf		      ( ERRFILE_IMAGE | 0x00010000 )
--- a/src/net/tcp/syslogs.c
+++ b/src/net/tcp/syslogs.c
@ -33,6 +33,7 @@ FILE_SECBOOT ( PERMITTED );
 #include <stdint.h>
 #include <stdlib.h>
 #include <string.h>
+#include <errno.h>
 #include <byteswap.h>
 #include <ipxe/xfer.h>
 #include <ipxe/open.h>
@ -54,9 +55,7 @@ FILE_SECBOOT ( PERMITTED );
 struct console_driver syslogs_console __console_driver;

 /** The encrypted syslog server */
-static struct sockaddr_tcpip logserver = {
-	.st_port = htons ( SYSLOG_PORT ),
-};
+static struct sockaddr_tcpip logserver;

 /**
 * Handle encrypted syslog TLS interface close
@ -211,6 +210,9 @@ const struct setting syslogs_setting __setting ( SETTING_MISC, syslogs ) = {
 static int apply_syslogs_settings ( void ) {
 	static char *old_server;
 	char *server;
+	char *sep;
+	char *end;
+	unsigned int port;
 	int rc;

 	/* Fetch log server */
@ -236,7 +238,22 @@ static int apply_syslogs_settings ( void ) {
 		rc = 0;
 		goto out_no_server;
 	}
-	DBG ( "SYSLOGS using log server %s\n", server );
+
+	/* Identify port */
+	port = SYSLOG_PORT;
+	if ( ( sep = strrchr ( server, ':' ) ) &&
+	     ( server[ strlen ( server ) - 1 ] != ']' ) ) {
+		*(sep++) = '\0';
+		port = strtoul ( sep, &end, 0 );
+		if ( *end || ( ! *sep ) ) {
+			DBG ( "SYSLOGS log server %s:%s has invalid port\n",
+			      server, sep );
+			rc = -EINVAL;
+			goto err_port;
+		}
+	}
+	logserver.st_port = htons ( port );
+	DBG ( "SYSLOGS using log server %s:%d\n", server, port );

 	/* Connect to log server */
 	if ( ( rc = xfer_open_named_socket ( &syslogs, SOCK_STREAM,
@ -256,12 +273,15 @@ static int apply_syslogs_settings ( void ) {

 	/* Record log server */
 	old_server = server;
+	if ( sep )
+		*(--sep) = ':';

 	return 0;

 err_add_tls:
 err_open_named_socket:
 	syslogs_close ( &syslogs, rc );
+ err_port:
 out_no_server:
 out_no_change:
 	free ( server );