IPv6 pull request

[aquerubin]

This will bring in the various patches required for IPv6 support plus:

• Updated decoder for dovecot log format change.
• Increased timeframe maximum to 1 week.

See the individual commit descriptions and https://bitbucket.org/aquerubin/ossec-hids/wiki/Home for additional change notes.

[Namsep]

It was working fine, but now when installing a new server it fails. Can it be fixed and merged?

[aquerubin]

On Sun, 22 Nov 2015, Namsep wrote: It was working fine, but now when installing a new server it fails. Can it be fixed and merged?

It fails on installation or it fails when running? And is it the agent or the manager. What's the error message? I just installed the agent recently on several new SL 7.1 servers. Antonio Querubin e-mail: [email protected] xmpp: [email protected]

[Namsep]

It was failing on a new agent, not accepting the key from the server. Removed all of it and started freshly resolved the issue. Probably not even related to this pull request.

Would like to see this IPv6 support going mainstream, it's been working on my IPv6 only and dualstack environments from April this year without issues.

[ddpbsd]

Of course I should have tested this better before merging. I'm seeing a lot of these now (OpenBSD post-5.8 amd64):

2015/11/23 13:24:34 ossec-remoted(1218): ERROR: Unable to send message to '008'.

They seem to be: errno 22: Invalid argument

The issue is coming from logr.peersize being a sizeof sockaddr_storage in the sendto in src/remoted/sendmsg.c. Changing the last argument to the sizeof sockaddr_in seems to make my setup usable again, but I'm still testing.

[aquerubin]

On Mon, 23 Nov 2015, Dan Parriott wrote:

Of course I should have tested this better before merging. I'm seeing a
lot of these now (OpenBSD post-5.8 amd64):

2015/11/23 13:24:34 ossec-remoted(1218): ERROR: Unable to send message to '008'.

They seem to be: errno 22: Invalid argument

The issue is coming from logr.peersize being a sizeof sockaddr_storage
in the sendto in src/remoted/sendmsg.c. Changing the last argument to
the sizeof sockaddr_in seems to make my setup usable again, but I'm
still testing.

Can you check if the below patch fixes the issue? If it does there may be
other parts that need fixing for OpenBSD.

diff --git a/src/remoted/sendmsg.c b/src/remoted/sendmsg.c
index b81b39a..df8279c 100644
--- a/src/remoted/sendmsg.c
+++ b/src/remoted/sendmsg.c
@@ -86,8 +86,9 @@ void send_msg_init()
*/
int send_msg(unsigned int agentid, const char *msg)
{

• size_t msg_size;
• size_t msg_size, sa_size;
  char crypt_msg[OS_MAXSTR + 1];
• struct sockaddr * dest_sa;

/\* If we don't have the agent id, ignore it */
if (keys.keyentries[agentid]->rcvd < (time(0) - (2 \* NOTIFY_TIME))) 

{
@@ -107,9 +108,10 @@ int send_msg(unsigned int agentid, const char *msg)
}

/\* Send initial message */

• if (sendto(logr.sock, crypt_msg, msg_size, 0,

•           (struct sockaddr *)&keys.keyentries[agentid]->peer_info,
  

•           logr.peer_size) < 0) {
  

• dest_sa = (struct sockaddr *)&keys.keyentries[agentid]->peer_info;
• sa_size = (dest_sa->sa_family == AF_INET) ?

•          sizeof(struct sockaddr_in) : sizeof(struct sockaddr_in6);
  

• if (sendto(logr.sock, crypt_msg, msg_size, 0, dest_sa, sa_size) < 0)
  {
  merror(SEND_ERROR, ARGV0, keys.keyentries[agentid]->id);
  }

Antonio Querubin
e-mail: [email protected]
xmpp: [email protected]

[ddpbsd]

With the patch I am not longer seeing the errors.

[aquerubin]

On Mon, 23 Nov 2015, Dan Parriott wrote: With the patch I am not longer seeing the errors.

Patch submitted as a pull request. Antonio Querubin e-mail: [email protected] xmpp: [email protected]