[rsyslog] UDP source forging.
david at lang.hm
david at lang.hm
Mon Mar 2 08:56:33 CET 2009
On Fri, 27 Feb 2009, david at lang.hm wrote:
> On Thu, 26 Feb 2009, david at lang.hm wrote:
>
>>
>> this works for reopening the socket each time, but if I uncomment the bind
>> the sendto fails (error 22, invalid input)
>>
>> I haven't yet figured out what I'm missing on the bind that's causing this
>
> a little more testing and I find that the bind succeeds, but no traffic goes
> out unless the source IP exists somewhere on the box (it can be bound to
> lo:0, but it needs to exist)
>
> so the non-local-bind approach may not work :-(
>
> it's just hit midnight here, so I'm going to call it a night and try again
> tomorrow.
I abandoned this approach and spent the weekend learning how to do raw
sockets. I found a library that makes it not that bad to do (at least for
the IPv4 that I've done so far, IPv6 adds some wrinkles)
the one thing thats not clear to me at this point is how to find the
original source IP of the message. Is that available in a variable inside
UDPSend, or is it something that I will have to get earlier in the process
and then pass explicitly to UDPSend?
David Lang
More information about the rsyslog
mailing list