syslogd truncating messages after upgrade from 11.2-RELEASE-p9 to 11.3-RELEASE-p3

Hi all,

when sending a message via logger and syslogd from a machine running 11.2 to another server I can send a 455 bytes (and longer) succesfully.

Both the receiving syslog server and tcpdump on the sending machine verify this:

11.2 sender (10.1.1.32):
Code:
# uname -v
FreeBSD 11.2-RELEASE-p9 #0: Tue Feb  5 15:30:36 UTC 2019     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC
# logger 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345

Receiver:
Code:
2019-11-09T00:32:09+11:00 10.1.1.32 root: 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345

However on a machine running 11.3 any message longer than 454 bytes is truncated, both as seen on the receiver and tcpdump on the sender.

11.2 sender (10.1.1.68):
Code:
# uname -v
FreeBSD 11.3-RELEASE-p3 #0: Mon Aug 19 21:08:43 UTC 2019     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC
# logger 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345

Receiver:
Code:
2019-11-09T00:33:44+11:00 10.1.1.68 root: 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234

I've also tried changing the format using both /usr/sbin/syslogd -4 -s -O bsd and /usr/sbin/syslogd -4 -s -O rfc3164

Thoughts?

Thanks
 
Code:
Nov  8 14:48:07 wintermute dice: 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345
dice@wintermute:~ % uname -a
FreeBSD wintermute.dicelan.home 11.3-RELEASE-p3 FreeBSD 11.3-RELEASE-p3 #0: Mon Aug 19 21:08:43 UTC 2019     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64
Code:
Nov  8 15:13:04 tessierashpool dice[28699]: 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345
dice@tessierashpool:~ % uname -a
FreeBSD tessierashpool.dicelan.home 12.0-RELEASE-p10 FreeBSD 12.0-RELEASE-p10 GENERIC  amd64
Code:
Nov  8 14:52:49 williscorto dice[54343]: 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345
dice@williscorto:~ % uname -a
FreeBSD williscorto.dicelan.home 12.1-STABLE FreeBSD 12.1-STABLE r354129 GENERIC  amd64
 
Ok after seeing the maximum packet size in tcpdump of 480 bytes and searching for that number in syslogd.c I've found the code responsible:

C:
        switch (f->f_type) {
        case F_FORW:
                /* Truncate messages to RFC 5426 recommended size. */
                dprintf(" %s", f->fu_forw_hname);
                switch (f->fu_forw_addr->ai_addr->sa_family) {
#ifdef INET
                case AF_INET:
                        dprintf(":%d\n",
                            ntohs(satosin(f->fu_forw_addr->ai_addr)->sin_port));
                        iovlist_truncate(il, 480);
                        break;
#endif

This code is absent in 11.2.

Interestingly RFC 5426 does not mandate the truncation of all messages to 480 bytes (or 1180 in the case of IPv6), but rather:

3.1. One Message Per Datagram

Each syslog UDP datagram MUST contain only one syslog message, which MAY be complete or truncated.

Further:

3.2. Message Size

When network MTU is not known in advance, the safest assumption is to restrict messages to 480 octets for IPv4 and 1180 octets for IPv6.

---

Ideally the syslogd code would have a non-default option to truncate so that the previous behaviour is maintained. POLA and all that.

There's no mention of this change in the 11.3 release notes.

Anyhoo I commented out the truncate code, compiled, and all is well.
 
Code:
Nov  8 14:48:07 wintermute dice: 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345
dice@wintermute:~ % uname -a
FreeBSD wintermute.dicelan.home 11.3-RELEASE-p3 FreeBSD 11.3-RELEASE-p3 #0: Mon Aug 19 21:08:43 UTC 2019     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64
Code:
Nov  8 15:13:04 tessierashpool dice[28699]: 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345
dice@tessierashpool:~ % uname -a
FreeBSD tessierashpool.dicelan.home 12.0-RELEASE-p10 FreeBSD 12.0-RELEASE-p10 GENERIC  amd64
Code:
Nov  8 14:52:49 williscorto dice[54343]: 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345
dice@williscorto:~ % uname -a
FreeBSD williscorto.dicelan.home 12.1-STABLE FreeBSD 12.1-STABLE r354129 GENERIC  amd64

Thanks but I'm not sure what I'm looking at. Are they receiver or senders? The truncate code in 11.3 is on the sender.
 
Those were all produced by a locally run logger(1) though, I only noticed the remote bit later on. I had a suspicion it would probably have something to do with the size of the UDP packets. But you already found it before I could respond ;)
 
So if I wanted to have the maintainer create a switch for this would it be done via bug report? Thanks.
 
Back
Top