Augment the last change after some deliberation with rgrimes & peter.

It is important that we keep the ability to send packets to a remote
server and that the packets come from our well-known port, also in
that case.

Reviewed by:	peter, rgrimes.

2 files changed, 35 insertions, 25 deletions

diff --git a/usr.sbin/syslogd/syslogd.8 b/usr.sbin/syslogd/syslogd.8
index f01ed97..2ce370d 100644
--- a/usr.sbin/syslogd/syslogd.8
+++ b/usr.sbin/syslogd/syslogd.8
@@ -30,7 +30,7 @@
 .\" SUCH DAMAGE.
 .\"
 .\"     @(#)syslogd.8	8.1 (Berkeley) 6/6/93
-.\"	$Id: syslogd.8,v 1.12 1997/09/19 22:22:03 brian Exp $
+.\"	$Id: syslogd.8,v 1.13 1997/10/20 12:55:48 charnier Exp $
 .\"
 .Dd October 12, 1995
 .Dt SYSLOGD 8
@@ -119,7 +119,9 @@ Specify the pathname of an alternate log socket;
 the default is
 .Pa /var/run/log .
 .It Fl s
-Operate in secure mode.  Do not listen for log message from remote machines.
+Operate in secure mode.  Do not log messages from remote machines.
+The messages will be received and counted and a log entry produced every time
+the count exceeds a power of two.
 .El
 .Pp
 The
diff --git a/usr.sbin/syslogd/syslogd.c b/usr.sbin/syslogd/syslogd.c
index f52ff04..7985aee 100644
--- a/usr.sbin/syslogd/syslogd.c
+++ b/usr.sbin/syslogd/syslogd.c
@@ -42,7 +42,7 @@ static const char copyright[] =
 static char sccsid[] = "@(#)syslogd.c	8.3 (Berkeley) 4/4/94";
 #endif
 static const char rcsid[] =
-	"$Id: syslogd.c,v 1.28 1998/02/28 15:14:00 jraynard Exp $";
+	"$Id: syslogd.c,v 1.29 1998/04/22 06:28:18 phk Exp $";
 #endif /* not lint */
 
 /*
@@ -247,7 +247,8 @@ int	LogPort;		/* port number for INET connections */
 int	Initialized = 0;	/* set when we have initialized ourselves */
 int	MarkInterval = 20 * 60;	/* interval between marks in seconds */
 int	MarkSeq = 0;		/* mark sequence number */
-int	SecureMode = 0;		/* when true, speak only unix domain socks */
+int	SecureMode = 0;		/* when true, receive only unix domain socks */
+int	Vogons = 0;		/* packets arriving in SecureMode */
 
 int     created_lsock = 0;      /* Flag if local socket created */
 char	bootfile[MAXLINE+1];	/* booted kernel file */
@@ -366,29 +367,28 @@ main(argc, argv)
 		created_lsock = 1;
 
 	inetm = 0;
-	if (!SecureMode) {
-		finet = socket(AF_INET, SOCK_DGRAM, 0);
-		if (finet >= 0) {
-			struct servent *sp;
-
-			sp = getservbyname("syslog", "udp");
-			if (sp == NULL) {
-				errno = 0;
-				logerror("syslog/udp: unknown service");
+	finet = socket(AF_INET, SOCK_DGRAM, 0);
+	if (finet >= 0) {
+		struct servent *sp;
+
+		sp = getservbyname("syslog", "udp");
+		if (sp == NULL) {
+			errno = 0;
+			logerror("syslog/udp: unknown service");
+			die(0);
+		}
+		memset(&sin, 0, sizeof(sin));
+		sin.sin_family = AF_INET;
+		sin.sin_port = LogPort = sp->s_port;
+
+		if (bind(finet, (struct sockaddr *)&sin, sizeof(sin)) < 0) {
+			logerror("bind");
+			if (!Debug)
 				die(0);
-			}
-			memset(&sin, 0, sizeof(sin));
-			sin.sin_family = AF_INET;
-			sin.sin_port = LogPort = sp->s_port;
-
-			if (bind(finet, (struct sockaddr *)&sin, sizeof(sin)) < 0) {
-				logerror("bind");
-				if (!Debug)
-					die(0);
-				inetm = FDMASK(finet);
-			}
+			inetm = FDMASK(finet);
 		}
 	}
+
 	if ((fklog = open(_PATH_KLOG, O_RDONLY, 0)) >= 0)
 		klogm = FDMASK(fklog);
 	else {
@@ -456,7 +456,15 @@ main(argc, argv)
 			len = sizeof(frominet);
 			i = recvfrom(finet, line, MAXLINE, 0,
 			    (struct sockaddr *)&frominet, &len);
-			if (i > 0) {
+			if (SecureMode) {
+				Vogons++;
+				if (Vogons & (Vogons + 1)) {
+					(void)snprintf(line, sizeof line,
+"syslogd: discarded %d unwanted packets in secure mode", Vogons);
+					logmsg(LOG_SYSLOG|LOG_AUTH, line,
+					    LocalHostName, ADDDATE);
+				}
+			} else if (i > 0) {
 				line[i] = '\0';
 				hname = cvthname(&frominet);
 				if (validate(&frominet, hname))