# syslogd truncating messages after upgrade from 11.2-RELEASE-p9 to 11.3-RELEASE-p3



## scotia (Nov 8, 2019)

Hi all,

when sending a message via logger and syslogd from a machine running 11.2 to another server I can send a 455 bytes (and longer) succesfully.

Both the receiving syslog server and tcpdump on the sending machine verify this:

11.2 sender (10.1.1.32):

```
# uname -v
FreeBSD 11.2-RELEASE-p9 #0: Tue Feb  5 15:30:36 UTC 2019     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC
# logger 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345
```

Receiver:

```
2019-11-09T00:32:09+11:00 10.1.1.32 root: 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345
```

However on a machine running 11.3 any message longer than 454 bytes is truncated, both as seen on the receiver and tcpdump on the sender.

11.2 sender (10.1.1.68):

```
# uname -v
FreeBSD 11.3-RELEASE-p3 #0: Mon Aug 19 21:08:43 UTC 2019     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC
# logger 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345
```

Receiver:

```
2019-11-09T00:33:44+11:00 10.1.1.68 root: 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234
```

I've also tried changing the format using both `/usr/sbin/syslogd -4 -s -O bsd` and `/usr/sbin/syslogd -4 -s -O rfc3164`

Thoughts?

Thanks


----------



## SirDice (Nov 8, 2019)

```
Nov  8 14:48:07 wintermute dice: 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345
dice@wintermute:~ % uname -a
FreeBSD wintermute.dicelan.home 11.3-RELEASE-p3 FreeBSD 11.3-RELEASE-p3 #0: Mon Aug 19 21:08:43 UTC 2019     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64
```


```
Nov  8 15:13:04 tessierashpool dice[28699]: 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345
dice@tessierashpool:~ % uname -a
FreeBSD tessierashpool.dicelan.home 12.0-RELEASE-p10 FreeBSD 12.0-RELEASE-p10 GENERIC  amd64
```


```
Nov  8 14:52:49 williscorto dice[54343]: 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345
dice@williscorto:~ % uname -a
FreeBSD williscorto.dicelan.home 12.1-STABLE FreeBSD 12.1-STABLE r354129 GENERIC  amd64
```


----------



## scotia (Nov 8, 2019)

Ok after seeing the maximum packet size in tcpdump of 480 bytes and searching for that number in syslogd.c I've found the code responsible:


```
switch (f->f_type) {
        case F_FORW:
                /* Truncate messages to RFC 5426 recommended size. */
                dprintf(" %s", f->fu_forw_hname);
                switch (f->fu_forw_addr->ai_addr->sa_family) {
#ifdef INET
                case AF_INET:
                        dprintf(":%d\n",
                            ntohs(satosin(f->fu_forw_addr->ai_addr)->sin_port));
                        iovlist_truncate(il, 480);
                        break;
#endif
```

This code is absent in 11.2.

Interestingly RFC 5426 does not mandate the truncation of all messages to 480 bytes (or 1180 in the case of IPv6), but rather:

*3.1.  One Message Per Datagram*

   Each syslog UDP datagram MUST contain only one syslog message, which MAY be complete or truncated.

Further:

*3.2.  Message Size*

   When network MTU is not known in advance, the safest assumption is to restrict messages to 480 octets for IPv4 and 1180 octets for IPv6.

---

Ideally the syslogd code would have a non-default option to truncate so that the previous behaviour is maintained.  POLA and all that.  

There's no mention of this change in the 11.3 release notes.

Anyhoo I commented out the truncate code, compiled, and all is well.


----------



## scotia (Nov 8, 2019)

SirDice said:


> ```
> Nov  8 14:48:07 wintermute dice: 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345
> dice@wintermute:~ % uname -a
> FreeBSD wintermute.dicelan.home 11.3-RELEASE-p3 FreeBSD 11.3-RELEASE-p3 #0: Mon Aug 19 21:08:43 UTC 2019     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64
> ...



Thanks but I'm not sure what I'm looking at. Are they receiver or senders?  The truncate code in 11.3 is on the sender.


----------



## SirDice (Nov 8, 2019)

Those were all produced by a locally run logger(1) though, I only noticed the remote bit later on. I had a suspicion it would probably have something to do with the size of the UDP packets. But you already found it before I could respond


----------



## scotia (Nov 8, 2019)

So if I wanted to have the maintainer create a switch for this would it be done via bug report?  Thanks.


----------



## SirDice (Nov 8, 2019)

scotia said:


> So if I wanted to have the maintainer create a switch for this would it be done via bug report?


Yes, or try asking for it on the mailing lists first.


----------

