Merge branch 'klogd-bug'

22 files changed, 2801 insertions, 15 deletions

diff --git a/runtime/Makefile.am b/runtime/Makefile.am
index 73418fdf..dcb475d8 100644
--- a/runtime/Makefile.am
+++ b/runtime/Makefile.am
@@ -11,6 +11,7 @@ librsyslog_la_SOURCES = \
 	syslogd-types.h \
 	module-template.h \
 	obj-types.h \
+	nsd.h \
 	glbl.h \
 	glbl.c \
 	msg.c \
@@ -75,18 +76,70 @@ if ENABLE_REGEXP
 pkglib_LTLIBRARIES += lmregexp.la
 lmregexp_la_SOURCES = regexp.c regexp.h
 lmregexp_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags)
-lmregexp_la_LDFLAGS = -module -avoid-version $(rsrt_libs)
+lmregexp_la_LDFLAGS = -module -avoid-version
 lmregexp_la_LIBADD =
 endif
 
 if ENABLE_INET
-pkglib_LTLIBRARIES += lmnet.la
+pkglib_LTLIBRARIES += lmnet.la lmnetstrms.la lmnetstrm.la lmnssel.la
 #
 # network support
 # 
 lmnet_la_SOURCES = net.c net.h
 lmnet_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags)
-lmnet_la_LDFLAGS = -module -avoid-version $(rsrt_libs)
+lmnet_la_LDFLAGS = -module -avoid-version
 lmnet_la_LIBADD =
 
+# network stream master class and stream factory
+lmnetstrms_la_SOURCES = netstrms.c netstrms.h
+lmnetstrms_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags)
+lmnetstrms_la_LDFLAGS = -module -avoid-version
+lmnetstrms_la_LIBADD =
+
+# individual network streams
+lmnetstrm_la_SOURCES = netstrm.c netstrm.h
+lmnetstrm_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags)
+lmnetstrm_la_LDFLAGS = -module -avoid-version
+lmnetstrm_la_LIBADD =
+
+# network stream select support (a helper class)
+lmnssel_la_SOURCES = nssel.c nssel.h
+lmnssel_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags)
+lmnssel_la_LDFLAGS = -module -avoid-version
+lmnssel_la_LIBADD =
+
+# netstream drivers
+
+# plain tcp driver - main driver
+pkglib_LTLIBRARIES += lmnsd_ptcp.la
+lmnsd_ptcp_la_SOURCES = nsd_ptcp.c nsd_ptcp.h
+lmnsd_ptcp_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags)
+lmnsd_ptcp_la_LDFLAGS = -module -avoid-version
+lmnsd_ptcp_la_LIBADD =
+
+# select interface for ptcp driver
+pkglib_LTLIBRARIES += lmnsdsel_ptcp.la
+lmnsdsel_ptcp_la_SOURCES = nsdsel_ptcp.c nsdsel_ptcp.h
+lmnsdsel_ptcp_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags)
+lmnsdsel_ptcp_la_LDFLAGS = -module -avoid-version
+lmnsdsel_ptcp_la_LIBADD =
 endif # if ENABLE_INET
+
+#
+# GnuTLS netstream driver
+# 
+if ENABLE_GNUTLS
+pkglib_LTLIBRARIES += lmnsd_gtls.la
+lmnsd_gtls_la_SOURCES = nsd_gtls.c nsd_gtls.h
+lmnsd_gtls_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags) $(gnutls_cflags)
+lmnsd_gtls_la_LDFLAGS = -module -avoid-version
+lmnsd_gtls_la_LIBADD = $(gnutls_libs)
+#
+# select interface for gtls driver
+pkglib_LTLIBRARIES += lmnsdsel_gtls.la
+lmnsdsel_gtls_la_SOURCES = nsdsel_gtls.c nsdsel_gtls.h
+lmnsdsel_gtls_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags)
+lmnsdsel_gtls_la_LDFLAGS = -module -avoid-version
+lmnsdsel_gtls_la_LIBADD =
+endif
+
diff --git a/runtime/glbl.c b/runtime/glbl.c
index 047fd611..787b6ab7 100644
--- a/runtime/glbl.c
+++ b/runtime/glbl.c
@@ -38,6 +38,13 @@
 #include "cfsysline.h"
 #include "glbl.h"
 
+/* some defaults */
+#ifndef DFLT_NETSTRM_DRVR
+// TESTING ONLY#	define DFLT_NETSTRM_DRVR ((uchar*)"lmnsd_ptcp")
+#warning "define must be restored for non-testing!"
+#	define DFLT_NETSTRM_DRVR ((uchar*)"lmnsd_gtls")
+#endif
+
 /* static data */
 DEFobjStaticHelpers
 
@@ -54,6 +61,7 @@ static uchar *LocalHostName = NULL;/* our hostname  - read-only after startup */
 static uchar *LocalDomain;	/* our local domain name  - read-only after startup */
 static char **StripDomains = NULL;/* these domains may be stripped before writing logs  - r/o after s.u., never touched by init */
 static char **LocalHosts = NULL;/* these hosts are logged with their hostname  - read-only after startup, never touched by init */
+static uchar *pszDfltNetstrmDrvr = NULL; /* module name of default netstream driver */
 
 
 /* define a macro for the simple properties' set and get functions
@@ -84,6 +92,7 @@ SIMP_PROP(StripDomains, StripDomains, char**)
 SIMP_PROP(LocalHosts, LocalHosts, char**)
 
 SIMP_PROP_SET(LocalHostName, LocalHostName, uchar*)
+SIMP_PROP_SET(DfltNetstrmDrvr, pszDfltNetstrmDrvr, uchar*) // TODO: use custom function which frees existing value
 
 #undef SIMP_PROP
 #undef SIMP_PROP_SET
@@ -99,8 +108,7 @@ GetLocalHostName(void)
 }
 
 
-/* return the current working directory.
- */
+/* return the current working directory */
 static uchar*
 GetWorkDir(void)
 {
@@ -108,6 +116,14 @@ GetWorkDir(void)
 }
 
 
+/* return the current default netstream driver */
+static uchar*
+GetDfltNetstrmDrvr(void)
+{
+	return(pszDfltNetstrmDrvr == NULL ? DFLT_NETSTRM_DRVR : pszWorkDir);
+}
+
+
 /* queryInterface function
  * rgerhards, 2008-02-21
  */
@@ -134,6 +150,7 @@ CODESTARTobjQueryInterface(glbl)
 	SIMP_PROP(LocalDomain)
 	SIMP_PROP(StripDomains)
 	SIMP_PROP(LocalHosts)
+	SIMP_PROP(DfltNetstrmDrvr)
 #undef	SIMP_PROP
 finalize_it:
 ENDobjQueryInterface(glbl)
@@ -144,6 +161,10 @@ ENDobjQueryInterface(glbl)
  */
 static rsRetVal resetConfigVariables(uchar __attribute__((unused)) *pp, void __attribute__((unused)) *pVal)
 {
+	if(pszDfltNetstrmDrvr != NULL) {
+		free(pszDfltNetstrmDrvr);
+		pszDfltNetstrmDrvr = NULL;
+	}
 	if(pszWorkDir != NULL) {
 		free(pszWorkDir);
 		pszWorkDir = NULL;
@@ -172,6 +193,8 @@ ENDObjClassInit(glbl)
  * rgerhards, 2008-04-17
  */
 BEGINObjClassExit(glbl, OBJ_IS_CORE_MODULE) /* class, version */
+	if(pszDfltNetstrmDrvr != NULL)
+		free(pszDfltNetstrmDrvr);
 	if(pszWorkDir != NULL)
 		free(pszWorkDir);
 	if(LocalHostName != NULL)
diff --git a/runtime/glbl.h b/runtime/glbl.h
index d61f9b41..b6864f3d 100644
--- a/runtime/glbl.h
+++ b/runtime/glbl.h
@@ -48,6 +48,7 @@ BEGINinterface(glbl) /* name must also be changed in ENDinterface macro! */
 	SIMP_PROP(LocalDomain, uchar*)
 	SIMP_PROP(StripDomains, char**)
 	SIMP_PROP(LocalHosts, char**)
+	SIMP_PROP(DfltNetstrmDrvr, uchar*)
 #undef	SIMP_PROP
 ENDinterface(glbl)
 #define glblCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */
diff --git a/runtime/net.c b/runtime/net.c
index 0c02eed4..1d085290 100644
--- a/runtime/net.c
+++ b/runtime/net.c
@@ -666,7 +666,6 @@ gethname(struct sockaddr_storage *f, uchar *pszHostFQDN)
 		if (error == 0) {
 			memset (&hints, 0, sizeof (struct addrinfo));
 			hints.ai_flags = AI_NUMERICHOST;
-			hints.ai_socktype = SOCK_DGRAM;
 
 			/* we now do a lookup once again. This one should fail,
 			 * because we should not have obtained a non-numeric address. If
diff --git a/runtime/netstrm.c b/runtime/netstrm.c
new file mode 100644
index 00000000..be754aae
--- /dev/null
+++ b/runtime/netstrm.c
@@ -0,0 +1,305 @@
+/* netstrm.c
+ * 
+ * This class implements a generic netstrmwork stream class. It supports
+ * sending and receiving data streams over a netstrmwork. The class abstracts
+ * the transport, though it is a safe assumption that TCP is being used.
+ * The class has a number of properties, among which are also ones to
+ * select privacy settings, eg by enabling TLS and/or GSSAPI. In the 
+ * long run, this class shall provide all stream-oriented netstrmwork
+ * functionality inside rsyslog.
+ *
+ * It is a high-level class, which uses a number of helper objects
+ * to carry out its work (including, and most importantly, transport
+ * drivers).
+ *
+ * Work on this module begun 2008-04-17 by Rainer Gerhards. This code
+ * borrows from librelp's tcp.c/.h code. librelp is dual licensed and
+ * Rainer Gerhards and Adiscon GmbH have agreed to permit using the code
+ * under the terms of the GNU Lesser General Public License.
+ *
+ * Copyright 2007, 2008 Rainer Gerhards and Adiscon GmbH.
+ *
+ * This file is part of the rsyslog runtime library.
+ *
+ * The rsyslog runtime library is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * The rsyslog runtime library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the rsyslog runtime library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * A copy of the GPL can be found in the file "COPYING" in this distribution.
+ * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution.
+ */
+#include "config.h"
+#include <stdlib.h>
+#include <assert.h>
+#include <string.h>
+
+#include "rsyslog.h"
+#include "module-template.h"
+#include "obj.h"
+#include "errmsg.h"
+//#include "nsd.h"
+#include "netstrms.h"
+#include "netstrm.h"
+
+MODULE_TYPE_LIB
+
+/* static data */
+DEFobjStaticHelpers
+DEFobjCurrIf(errmsg)
+DEFobjCurrIf(netstrms)
+
+
+/* Standard-Constructor */
+BEGINobjConstruct(netstrm) /* be sure to specify the object type also in END macro! */
+ENDobjConstruct(netstrm)
+
+
+/* destructor for the netstrm object */
+BEGINobjDestruct(netstrm) /* be sure to specify the object type also in END and CODESTART macros! */
+CODESTARTobjDestruct(netstrm)
+	if(pThis->pDrvrData != NULL)
+		iRet = pThis->Drvr.Destruct(&pThis->pDrvrData);
+ENDobjDestruct(netstrm)
+
+
+/* ConstructionFinalizer */
+static rsRetVal
+netstrmConstructFinalize(netstrm_t *pThis)
+{
+	DEFiRet;
+	ISOBJ_TYPE_assert(pThis, netstrm);
+	CHKiRet(pThis->Drvr.Construct(&pThis->pDrvrData));
+finalize_it:
+	RETiRet;
+}
+
+/* abort a connection. This is much like Destruct(), but tries
+ * to discard any unsent data. -- rgerhards, 2008-03-24
+ */
+static rsRetVal
+AbortDestruct(netstrm_t **ppThis)
+{
+	DEFiRet;
+	assert(ppThis != NULL);
+	ISOBJ_TYPE_assert((*ppThis), netstrm);
+
+	/* we do NOT exit on error, because that would make things worse */
+	(*ppThis)->Drvr.Abort((*ppThis)->pDrvrData);
+	iRet = netstrmDestruct(ppThis);
+
+	RETiRet;
+}
+
+
+/* accept an incoming connection request
+ * The netstrm instance that had the incoming request must be provided. If
+ * the connection request succeeds, a new netstrm object is created and 
+ * passed back to the caller. The caller is responsible for destructing it.
+ * pReq is the nsd_t obj that has the accept request.
+ * rgerhards, 2008-04-21
+ */
+static rsRetVal
+AcceptConnReq(netstrm_t *pThis, netstrm_t **ppNew)
+{
+	nsd_t *pNewNsd = NULL;
+	DEFiRet;
+
+	ISOBJ_TYPE_assert(pThis, netstrm);
+	assert(ppNew != NULL);
+
+	/* accept the new connection */
+	CHKiRet(pThis->Drvr.AcceptConnReq(pThis->pDrvrData, &pNewNsd));
+	/* construct our object so that we can use it... */
+	CHKiRet(netstrms.CreateStrm(pThis->pNS, ppNew));
+	(*ppNew)->pDrvrData = pNewNsd;
+
+finalize_it:
+	if(iRet != RS_RET_OK) {
+		/* the close may be redundant, but that doesn't hurt... */
+		if(pNewNsd != NULL)
+			pThis->Drvr.Destruct(&pNewNsd);
+	}
+
+	RETiRet;
+}
+
+
+/* make the netstrm listen to specified port and IP.
+ * pLstnIP points to the port to listen to (NULL means "all"),
+ * iMaxSess has the maximum number of sessions permitted (this ist just a hint).
+ * pLstnPort must point to a port name or number. NULL is NOT permitted.
+ * rgerhards, 2008-04-22
+ */
+static rsRetVal
+LstnInit(netstrms_t *pNS, void *pUsr, rsRetVal(*fAddLstn)(void*,netstrm_t*),
+	 uchar *pLstnPort, uchar *pLstnIP, int iSessMax)
+{
+	DEFiRet;
+
+	ISOBJ_TYPE_assert(pNS, netstrms);
+	assert(fAddLstn != NULL);
+	assert(pLstnPort != NULL);
+
+	CHKiRet(pNS->Drvr.LstnInit(pNS, pUsr, fAddLstn, pLstnPort, pLstnIP, iSessMax));
+
+finalize_it:
+	RETiRet;
+}
+
+
+/* receive data from a tcp socket
+ * The lenBuf parameter must contain the max buffer size on entry and contains
+ * the number of octets read (or -1 in case of error) on exit. This function
+ * never blocks, not even when called on a blocking socket. That is important
+ * for client sockets, which are set to block during send, but should not
+ * block when trying to read data. If *pLenBuf is -1, an error occured and
+ * errno holds the exact error cause.
+ * rgerhards, 2008-03-17
+ */
+static rsRetVal
+Rcv(netstrm_t *pThis, uchar *pBuf, ssize_t *pLenBuf)
+{
+	DEFiRet;
+	ISOBJ_TYPE_assert(pThis, netstrm);
+	iRet = pThis->Drvr.Rcv(pThis->pDrvrData, pBuf, pLenBuf);
+	RETiRet;
+}
+
+
+/* send a buffer. On entry, pLenBuf contains the number of octets to
+ * write. On exit, it contains the number of octets actually written.
+ * If this number is lower than on entry, only a partial buffer has
+ * been written.
+ * rgerhards, 2008-03-19
+ */
+static rsRetVal
+Send(netstrm_t *pThis, uchar *pBuf, ssize_t *pLenBuf)
+{
+	DEFiRet;
+	ISOBJ_TYPE_assert(pThis, netstrm);
+	iRet = pThis->Drvr.Send(pThis->pDrvrData, pBuf, pLenBuf);
+	RETiRet;
+}
+
+
+/* get remote hname - slim wrapper for NSD driver function */
+static rsRetVal
+GetRemoteHName(netstrm_t *pThis, uchar **ppsz)
+{
+	DEFiRet;
+	ISOBJ_TYPE_assert(pThis, netstrm);
+	iRet = pThis->Drvr.GetRemoteHName(pThis->pDrvrData, ppsz);
+	RETiRet;
+}
+
+
+/* get remote IP - slim wrapper for NSD driver function */
+static rsRetVal
+GetRemoteIP(netstrm_t *pThis, uchar **ppsz)
+{
+	DEFiRet;
+	ISOBJ_TYPE_assert(pThis, netstrm);
+	iRet = pThis->Drvr.GetRemoteIP(pThis->pDrvrData, ppsz);
+	RETiRet;
+}
+
+
+/* open a connection to a remote host (server).
+ * rgerhards, 2008-03-19
+ */
+static rsRetVal
+Connect(netstrm_t *pThis, int family, uchar *port, uchar *host)
+{
+	DEFiRet;
+	ISOBJ_TYPE_assert(pThis, netstrm);
+	assert(port != NULL);
+	assert(host != NULL);
+	iRet = pThis->Drvr.Connect(pThis->pDrvrData, family, port, host);
+	RETiRet;
+}
+
+
+/* queryInterface function
+ */
+BEGINobjQueryInterface(netstrm)
+CODESTARTobjQueryInterface(netstrm)
+	if(pIf->ifVersion != netstrmCURR_IF_VERSION) {/* check for current version, increment on each change */
+		ABORT_FINALIZE(RS_RET_INTERFACE_NOT_SUPPORTED);
+	}
+
+	/* ok, we have the right interface, so let's fill it
+	 * Please note that we may also do some backwards-compatibility
+	 * work here (if we can support an older interface version - that,
+	 * of course, also affects the "if" above).
+	 */
+	pIf->Construct = netstrmConstruct;
+	pIf->ConstructFinalize = netstrmConstructFinalize;
+	pIf->Destruct = netstrmDestruct;
+	pIf->AbortDestruct = AbortDestruct;
+	pIf->Rcv = Rcv;
+	pIf->Send = Send;
+	pIf->Connect = Connect;
+	pIf->LstnInit = LstnInit;
+	pIf->AcceptConnReq = AcceptConnReq;
+	pIf->GetRemoteHName = GetRemoteHName;
+	pIf->GetRemoteIP = GetRemoteIP;
+finalize_it:
+ENDobjQueryInterface(netstrm)
+
+
+/* exit our class
+ */
+BEGINObjClassExit(netstrm, OBJ_IS_LOADABLE_MODULE) /* CHANGE class also in END MACRO! */
+CODESTARTObjClassExit(netstrm)
+	/* release objects we no longer need */
+	objRelease(errmsg, CORE_COMPONENT);
+	objRelease(netstrms, LM_NETSTRMS_FILENAME);
+ENDObjClassExit(netstrm)
+
+
+/* Initialize the netstrm class. Must be called as the very first method
+ * before anything else is called inside this class.
+ * rgerhards, 2008-02-19
+ */
+BEGINAbstractObjClassInit(netstrm, 1, OBJ_IS_CORE_MODULE) /* class, version */
+	/* request objects we use */
+	CHKiRet(objUse(errmsg, CORE_COMPONENT));
+	CHKiRet(objUse(netstrms, LM_NETSTRMS_FILENAME));
+
+	/* set our own handlers */
+ENDObjClassInit(netstrm)
+
+
+/* --------------- here now comes the plumbing that makes as a library module --------------- */
+
+
+BEGINmodExit
+CODESTARTmodExit
+	netstrmClassExit();
+ENDmodExit
+
+
+BEGINqueryEtryPt
+CODESTARTqueryEtryPt
+CODEqueryEtryPt_STD_LIB_QUERIES
+ENDqueryEtryPt
+
+
+BEGINmodInit()
+CODESTARTmodInit
+	*ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */
+
+	/* Initialize all classes that are in our module - this includes ourselfs */
+	CHKiRet(netstrmClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */
+ENDmodInit
+/* vi:set ai:
+ */
diff --git a/runtime/netstrm.h b/runtime/netstrm.h
new file mode 100644
index 00000000..160bbb0b
--- /dev/null
+++ b/runtime/netstrm.h
@@ -0,0 +1,61 @@
+/* Definitions for the stream-based netstrmworking class.
+ *
+ * Copyright 2007, 2008 Rainer Gerhards and Adiscon GmbH.
+ *
+ * This file is part of the rsyslog runtime library.
+ *
+ * The rsyslog runtime library is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * The rsyslog runtime library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the rsyslog runtime library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * A copy of the GPL can be found in the file "COPYING" in this distribution.
+ * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution.
+ */
+
+#ifndef INCLUDED_NETSTRM_H
+#define INCLUDED_NETSTRM_H
+
+#include "nsd.h" /* we need our driver interface to be defined */
+
+/* the netstrm object */
+struct netstrm_s {
+	BEGINobjInstance;	/* Data to implement generic object - MUST be the first data element! */
+	nsd_t *pDrvrData;	/**< the driver's data elements (at most other places, this is called pNsd) */
+	nsd_if_t Drvr;		/**< our stream driver */
+	netstrms_t *pNS;	/**< pointer to our netstream subsystem object */
+};
+
+
+/* interface */
+BEGINinterface(netstrm) /* name must also be changed in ENDinterface macro! */
+	rsRetVal (*Construct)(netstrm_t **ppThis);
+	rsRetVal (*ConstructFinalize)(netstrm_t *pThis);
+	rsRetVal (*Destruct)(netstrm_t **ppThis);
+	rsRetVal (*AbortDestruct)(netstrm_t **ppThis);
+	rsRetVal (*LstnInit)(netstrms_t *pNS, void *pUsr, rsRetVal(*)(void*,netstrm_t*),
+		             uchar *pLstnPort, uchar *pLstnIP, int iSessMax);
+	rsRetVal (*AcceptConnReq)(netstrm_t *pThis, netstrm_t **ppNew);
+	rsRetVal (*Rcv)(netstrm_t *pThis, uchar *pRcvBuf, ssize_t *pLenBuf);
+	rsRetVal (*Send)(netstrm_t *pThis, uchar *pBuf, ssize_t *pLenBuf);
+	rsRetVal (*Connect)(netstrm_t *pThis, int family, unsigned char *port, unsigned char *host);
+	rsRetVal (*GetRemoteHName)(netstrm_t *pThis, uchar **pszName);
+	rsRetVal (*GetRemoteIP)(netstrm_t *pThis, uchar **pszIP);
+ENDinterface(netstrm)
+#define netstrmCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */
+
+/* prototypes */
+PROTOTYPEObj(netstrm);
+
+/* the name of our library binary */
+#define LM_NETSTRM_FILENAME "lmnetstrm"
+
+#endif /* #ifndef INCLUDED_NETSTRM_H */
diff --git a/runtime/netstrms.c b/runtime/netstrms.c
new file mode 100644
index 00000000..661234e4
--- /dev/null
+++ b/runtime/netstrms.c
@@ -0,0 +1,200 @@
+/* netstrms.c
+ * 
+ * Work on this module begung 2008-04-23 by Rainer Gerhards.
+ *
+ * Copyright 2008 Rainer Gerhards and Adiscon GmbH.
+ *
+ * This file is part of the rsyslog runtime library.
+ *
+ * The rsyslog runtime library is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * The rsyslog runtime library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the rsyslog runtime library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * A copy of the GPL can be found in the file "COPYING" in this distribution.
+ * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution.
+ */
+#include "config.h"
+#include <stdlib.h>
+#include <assert.h>
+#include <errno.h>
+
+#include "rsyslog.h"
+#include "module-template.h"
+#include "obj.h"
+//#include "errmsg.h"
+//#include "net.h"
+#include "nsd.h"
+#include "netstrm.h"
+#include "netstrms.h"
+
+MODULE_TYPE_LIB
+
+/* static data */
+DEFobjStaticHelpers
+//DEFobjCurrIf(errmsg)
+DEFobjCurrIf(glbl)
+DEFobjCurrIf(netstrm)
+//DEFobjCurrIf(net)
+
+
+/* load our low-level driver. This must be done before any
+ * driver-specific functions (allmost all...) can be carried
+ * out. Note that the driver's .ifIsLoaded is correctly
+ * initialized by calloc() and we depend on that.
+ * rgerhards, 2008-04-18
+ */
+static rsRetVal
+loadDrvr(netstrms_t *pThis)
+{
+	uchar *pDrvrName;
+	DEFiRet;
+
+	pDrvrName = pThis->pDrvrName;
+	if(pDrvrName == NULL) /* if no drvr name is set, use system default */
+		pDrvrName = glbl.GetDfltNetstrmDrvr();
+
+	pThis->Drvr.ifVersion = nsdCURR_IF_VERSION;
+	/* The pDrvrName+2 below is a hack to obtain the object name. It 
+	 * safes us to have yet another variable with the name without "lm" in
+	 * front of it. If we change the module load interface, we may re-think
+	 * about this hack, but for the time being it is efficient and clean
+	 * enough. -- rgerhards, 2008-04-18
+	 */
+	CHKiRet(obj.UseObj(__FILE__, pDrvrName+2, pDrvrName, (void*) &pThis->Drvr));
+finalize_it:
+	RETiRet;
+}
+
+
+/* Standard-Constructor */
+BEGINobjConstruct(netstrms) /* be sure to specify the object type also in END macro! */
+ENDobjConstruct(netstrms)
+
+
+/* destructor for the netstrms object */
+BEGINobjDestruct(netstrms) /* be sure to specify the object type also in END and CODESTART macros! */
+CODESTARTobjDestruct(netstrms)
+	if(pThis->pDrvrName != NULL)
+		free(pThis->pDrvrName);
+ENDobjDestruct(netstrms)
+
+
+/* ConstructionFinalizer */
+static rsRetVal
+netstrmsConstructFinalize(netstrms_t *pThis)
+{
+	DEFiRet;
+	ISOBJ_TYPE_assert(pThis, netstrms);
+	CHKiRet(loadDrvr(pThis));
+finalize_it:
+	RETiRet;
+}
+
+
+/* create an instance of a netstrm object. It is initialized with default
+ * values. The current driver is used. The caller may set netstrm properties
+ * and must call ConstructFinalize().
+ */
+static rsRetVal
+CreateStrm(netstrms_t *pThis, netstrm_t **ppStrm)
+{
+	netstrm_t *pStrm = NULL;
+	DEFiRet;
+
+	CHKiRet(objUse(netstrm, LM_NETSTRM_FILENAME));
+	CHKiRet(netstrm.Construct(&pStrm));
+	/* we copy over our driver structure. We could provide a pointer to 
+	 * ourselves, but that costs some performance on each driver invocation.
+	 * As we already have hefty indirection (and thus performance toll), I
+	 * prefer to copy over the function pointers here. -- rgerhards, 2008-04-23
+	 */
+	memcpy(&pStrm->Drvr, &pThis->Drvr, sizeof(pThis->Drvr));
+	pStrm->pNS = pThis;
+	
+	*ppStrm = pStrm;
+
+finalize_it:
+	if(iRet != RS_RET_OK) {
+		if(pStrm != NULL)
+			netstrm.Destruct(&pStrm);
+	}
+	RETiRet;
+}
+
+
+/* queryInterface function */
+BEGINobjQueryInterface(netstrms)
+CODESTARTobjQueryInterface(netstrms)
+	if(pIf->ifVersion != netstrmsCURR_IF_VERSION) {/* check for current version, increment on each change */
+		ABORT_FINALIZE(RS_RET_INTERFACE_NOT_SUPPORTED);
+	}
+
+	/* ok, we have the right interface, so let's fill it
+	 * Please note that we may also do some backwards-compatibility
+	 * work here (if we can support an older interface version - that,
+	 * of course, also affects the "if" above).
+	 */
+	pIf->Construct = netstrmsConstruct;
+	pIf->ConstructFinalize = netstrmsConstructFinalize;
+	pIf->Destruct = netstrmsDestruct;
+	pIf->CreateStrm = CreateStrm;
+finalize_it:
+ENDobjQueryInterface(netstrms)
+
+
+/* exit our class */
+BEGINObjClassExit(netstrms, OBJ_IS_LOADABLE_MODULE) /* CHANGE class also in END MACRO! */
+CODESTARTObjClassExit(netstrms)
+	/* release objects we no longer need */
+	//objRelease(net, CORE_COMPONENT);
+	objRelease(glbl, CORE_COMPONENT);
+	objRelease(netstrm, LM_NETSTRM_FILENAME);
+ENDObjClassExit(netstrms)
+
+
+/* Initialize the netstrms class. Must be called as the very first method
+ * before anything else is called inside this class.
+ * rgerhards, 2008-02-19
+ */
+BEGINAbstractObjClassInit(netstrms, 1, OBJ_IS_CORE_MODULE) /* class, version */
+	/* request objects we use */
+	CHKiRet(objUse(glbl, CORE_COMPONENT));
+	//CHKiRet(objUse(net, CORE_COMPONENT));
+
+	/* set our own handlers */
+ENDObjClassInit(netstrms)
+
+
+/* --------------- here now comes the plumbing that makes as a library module --------------- */
+
+
+BEGINmodExit
+CODESTARTmodExit
+	netstrmsClassExit();
+ENDmodExit
+
+
+BEGINqueryEtryPt
+CODESTARTqueryEtryPt
+CODEqueryEtryPt_STD_LIB_QUERIES
+ENDqueryEtryPt
+
+
+BEGINmodInit()
+CODESTARTmodInit
+	*ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */
+
+	/* Initialize all classes that are in our module - this includes ourselfs */
+	CHKiRet(netstrmsClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */
+ENDmodInit
+/* vi:set ai:
+ */
diff --git a/runtime/netstrms.h b/runtime/netstrms.h
new file mode 100644
index 00000000..1e920304
--- /dev/null
+++ b/runtime/netstrms.h
@@ -0,0 +1,52 @@
+/* Definitions for the stream-based netstrmsworking class.
+ *
+ * Copyright 2007, 2008 Rainer Gerhards and Adiscon GmbH.
+ *
+ * This file is part of the rsyslog runtime library.
+ *
+ * The rsyslog runtime library is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * The rsyslog runtime library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the rsyslog runtime library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * A copy of the GPL can be found in the file "COPYING" in this distribution.
+ * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution.
+ */
+
+#ifndef INCLUDED_NETSTRMS_H
+#define INCLUDED_NETSTRMS_H
+
+#include "nsd.h" /* we need our driver interface to be defined */
+
+/* the netstrms object */
+struct netstrms_s {
+	BEGINobjInstance;	/* Data to implement generic object - MUST be the first data element! */
+	uchar *pDrvrName;	/**< nsd driver name to use, or NULL if system default */
+	nsd_if_t Drvr;		/**< our stream driver */
+};
+
+
+/* interface */
+BEGINinterface(netstrms) /* name must also be changed in ENDinterface macro! */
+	rsRetVal (*Construct)(netstrms_t **ppThis);
+	rsRetVal (*ConstructFinalize)(netstrms_t *pThis);
+	rsRetVal (*Destruct)(netstrms_t **ppThis);
+	rsRetVal (*CreateStrm)(netstrms_t *pThis, netstrm_t **ppStrm);
+ENDinterface(netstrms)
+#define netstrmsCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */
+
+/* prototypes */
+PROTOTYPEObj(netstrms);
+
+/* the name of our library binary */
+#define LM_NETSTRMS_FILENAME "lmnetstrms"
+
+#endif /* #ifndef INCLUDED_NETSTRMS_H */
diff --git a/runtime/nsd.h b/runtime/nsd.h
new file mode 100644
index 00000000..1b3702a0
--- /dev/null
+++ b/runtime/nsd.h
@@ -0,0 +1,72 @@
+/* The interface definition for "NetStream Drivers" (nsd).
+ *
+ * This is just an abstract driver interface, which needs to be
+ * implemented by concrete classes. As such, no nsd data type itself
+ * is defined.
+ *
+ * Copyright 2008 Rainer Gerhards and Adiscon GmbH.
+ *
+ * This file is part of the rsyslog runtime library.
+ *
+ * The rsyslog runtime library is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * The rsyslog runtime library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the rsyslog runtime library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * A copy of the GPL can be found in the file "COPYING" in this distribution.
+ * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution.
+ */
+#ifndef INCLUDED_NSD_H
+#define INCLUDED_NSD_H
+
+enum nsdsel_waitOp_e {
+	NSDSEL_RD = 1,
+	NSDSEL_WR = 2,
+	NSDSEL_RDWR = 3
+}; /**< the operation we wait for */
+
+/* nsd_t is actually obj_t (which is somewhat better than void* but in essence
+ * much the same).
+ */
+
+/* interface */
+BEGINinterface(nsd) /* name must also be changed in ENDinterface macro! */
+	rsRetVal (*Construct)(nsd_t **ppThis);
+	rsRetVal (*Destruct)(nsd_t **ppThis);
+	rsRetVal (*Abort)(nsd_t *pThis);
+	rsRetVal (*Rcv)(nsd_t *pThis, uchar *pRcvBuf, ssize_t *pLenBuf);
+	rsRetVal (*Send)(nsd_t *pThis, uchar *pBuf, ssize_t *pLenBuf);
+	rsRetVal (*Connect)(nsd_t *pThis, int family, unsigned char *port, unsigned char *host);
+	rsRetVal (*LstnInit)(netstrms_t *pNS, void *pUsr, rsRetVal(*fAddLstn)(void*,netstrm_t*),
+			     uchar *pLstnPort, uchar *pLstnIP, int iSessMax);
+	rsRetVal (*AcceptConnReq)(nsd_t *pThis, nsd_t **ppThis);
+	rsRetVal (*GetRemoteHName)(nsd_t *pThis, uchar **pszName);
+	rsRetVal (*GetRemoteIP)(nsd_t *pThis, uchar **pszIP);
+	rsRetVal (*GetSock)(nsd_t *pThis, int *pSock);
+	rsRetVal (*SetSock)(nsd_t *pThis, int sock);
+	/* GetSock() and SetSock() return an error if the driver does not use plain
+	 * OS sockets. This interface is primarily meant as an internal aid for
+	 * those drivers that utilize the nsd_ptcp to do some of their work.
+	 */
+ENDinterface(nsd)
+#define nsdCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */
+
+/* interface  for the select call */
+BEGINinterface(nsdsel) /* name must also be changed in ENDinterface macro! */
+	rsRetVal (*Construct)(nsdsel_t **ppThis);
+	rsRetVal (*Destruct)(nsdsel_t **ppThis);
+	rsRetVal (*Add)(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp);
+	rsRetVal (*Select)(nsdsel_t *pNsdsel, int *piNumReady);
+	rsRetVal (*IsReady)(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp, int *pbIsReady);
+ENDinterface(nsdsel)
+#define nsdselCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */
+
+#endif /* #ifndef INCLUDED_NSD_H */
diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c
new file mode 100644
index 00000000..d59043f2
--- /dev/null
+++ b/runtime/nsd_gtls.c
@@ -0,0 +1,444 @@
+/* nsd_gtls.c
+ *
+ * An implementation of the nsd interface for GnuTLS.
+ * 
+ * Copyright (C) 2007, 2008 Rainer Gerhards and Adiscon GmbH.
+ *
+ * This file is part of the rsyslog runtime library.
+ *
+ * The rsyslog runtime library is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * The rsyslog runtime library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the rsyslog runtime library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * A copy of the GPL can be found in the file "COPYING" in this distribution.
+ * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution.
+ */
+#include "config.h"
+#include <stdlib.h>
+#include <assert.h>
+#include <gnutls/gnutls.h>
+
+#include "rsyslog.h"
+#include "syslogd-types.h"
+#include "module-template.h"
+#include "obj.h"
+#include "errmsg.h"
+#include "nsd_ptcp.h"
+#include "nsd_gtls.h"
+
+MODULE_TYPE_LIB
+
+/* static data */
+DEFobjStaticHelpers
+DEFobjCurrIf(errmsg)
+DEFobjCurrIf(glbl)
+DEFobjCurrIf(nsd_ptcp)
+
+
+/* a macro to check GnuTLS calls against unexpected errors */
+#define CHKgnutls(x) \
+	if((gnuRet = (x)) != 0) { \
+		dbgprintf("unexpected GnuTLS error %d in %s:%d\n", gnuRet, __FILE__, __LINE__); \
+		gnutls_perror(gnuRet); /* TODO: can we do better? */ \
+		ABORT_FINALIZE(RS_RET_GNUTLS_ERR); \
+	}
+
+#define CAFILE "ca.pem" // TODO: allow to specify
+
+/* ------------------------------ GnuTLS specifics ------------------------------ */
+static gnutls_certificate_credentials xcred;
+
+/* globally initialize GnuTLS */
+static rsRetVal
+gtlsGlblInit(void)
+{
+	int gnuRet;
+	DEFiRet;
+
+	CHKgnutls(gnutls_global_init());
+	
+	/* X509 stuff */
+	CHKgnutls(gnutls_certificate_allocate_credentials(&xcred));
+
+	/* sets the trusted cas file */
+	gnutls_certificate_set_x509_trust_file(xcred, CAFILE, GNUTLS_X509_FMT_PEM);
+
+finalize_it:
+	RETiRet;
+}
+
+
+/* globally de-initialize GnuTLS */
+static rsRetVal
+gtlsGlblExit(void)
+{
+	DEFiRet;
+	/* X509 stuff */
+	gnutls_certificate_free_credentials(xcred);
+	gnutls_global_deinit(); /* we are done... */
+	RETiRet;
+}
+
+
+/* end a GnuTLS session
+ * The function checks if we have a session and ends it only if so. So it can
+ * always be called, even if there currently is no session.
+ */
+static rsRetVal
+gtlsEndSess(nsd_gtls_t *pThis)
+{
+	int gnuRet;
+	DEFiRet;
+
+	if(pThis->bHaveSess) {
+		gnuRet = gnutls_bye(pThis->sess, GNUTLS_SHUT_RDWR);
+		while(gnuRet == GNUTLS_E_INTERRUPTED || gnuRet == GNUTLS_E_AGAIN) {
+			gnuRet = gnutls_bye(pThis->sess, GNUTLS_SHUT_RDWR);
+		}
+		gnutls_deinit(pThis->sess);
+	}
+	RETiRet;
+}
+
+
+/* ---------------------------- end GnuTLS specifics ---------------------------- */
+
+
+/* Standard-Constructor */
+BEGINobjConstruct(nsd_gtls) /* be sure to specify the object type also in END macro! */
+	iRet = nsd_ptcp.Construct(&pThis->pTcp);
+	pThis->iMode = 1; /* TODO: must be made configurable */
+	pThis->iMode = 0; /* TODO: must be made configurable */
+ENDobjConstruct(nsd_gtls)
+
+
+/* destructor for the nsd_gtls object */
+BEGINobjDestruct(nsd_gtls) /* be sure to specify the object type also in END and CODESTART macros! */
+CODESTARTobjDestruct(nsd_gtls)
+	if(pThis->iMode == 1) {
+		gtlsEndSess(pThis);
+	}
+
+	if(pThis->pTcp != NULL) {
+		nsd_ptcp.Destruct(&pThis->pTcp);
+	}
+ENDobjDestruct(nsd_gtls)
+
+
+/* Provide access to the underlying OS socket. This is primarily
+ * useful for other drivers (like nsd_gtls) who utilize ourselfs
+ * for some of their functionality. -- rgerhards, 2008-04-18
+ */
+static rsRetVal
+SetSock(nsd_t *pNsd, int sock)
+{
+	DEFiRet;
+	nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd;
+
+	ISOBJ_TYPE_assert((pThis), nsd_gtls);
+	assert(sock >= 0);
+
+	nsd_ptcp.SetSock(pThis->pTcp, sock);
+
+	RETiRet;
+}
+
+
+/* abort a connection. This is meant to be called immediately
+ * before the Destruct call. -- rgerhards, 2008-03-24
+ */
+static rsRetVal
+Abort(nsd_t *pNsd)
+{
+	nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd;
+	DEFiRet;
+
+	ISOBJ_TYPE_assert((pThis), nsd_gtls);
+
+	if(pThis->iMode == 0) {
+		nsd_ptcp.Abort(pThis->pTcp);
+	}
+
+	RETiRet;
+}
+
+
+
+/* initialize the tcp socket for a listner
+ * Here, we use the ptcp driver - because there is nothing special
+ * at this point with GnuTLS. Things become special once we accept
+ * a session, but not during listener setup.
+ * gerhards, 2008-04-25
+ */
+static rsRetVal
+LstnInit(netstrms_t *pNS, void *pUsr, rsRetVal(*fAddLstn)(void*,netstrm_t*),
+	 uchar *pLstnPort, uchar *pLstnIP, int iSessMax)
+{
+	DEFiRet;
+	iRet = nsd_ptcp.LstnInit(pNS, pUsr, fAddLstn, pLstnPort, pLstnIP, iSessMax);
+	RETiRet;
+}
+
+
+/* get the remote hostname. The returned hostname must be freed by the caller.
+ * rgerhards, 2008-04-25
+ */
+static rsRetVal
+GetRemoteHName(nsd_t *pNsd, uchar **ppszHName)
+{
+	DEFiRet;
+	nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd;
+	ISOBJ_TYPE_assert(pThis, nsd_gtls);
+	iRet = nsd_ptcp.GetRemoteHName(pThis->pTcp, ppszHName);
+	RETiRet;
+}
+
+
+/* get the remote host's IP address. The returned string must be freed by the
+ * caller.
+ * rgerhards, 2008-04-25
+ */
+static rsRetVal
+GetRemoteIP(nsd_t *pNsd, uchar **ppszIP)
+{
+	DEFiRet;
+	nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd;
+	ISOBJ_TYPE_assert(pThis, nsd_gtls);
+	iRet = nsd_ptcp.GetRemoteIP(pThis->pTcp, ppszIP);
+	RETiRet;
+}
+
+
+/* accept an incoming connection request - here, we do the usual accept
+ * handling. TLS specific handling is done thereafter (and if we run in TLS
+ * mode at this time).
+ * rgerhards, 2008-04-25
+ */
+static rsRetVal
+AcceptConnReq(nsd_t *pNsd, nsd_t **ppNew)
+{
+	DEFiRet;
+	nsd_gtls_t *pNew = NULL;
+	nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd;
+
+	ISOBJ_TYPE_assert((pThis), nsd_gtls);
+	// TODO: method to construct without pTcp
+	CHKiRet(nsd_gtlsConstruct(&pNew));
+	CHKiRet(nsd_ptcp.Destruct(&pNew->pTcp));
+	CHKiRet(nsd_ptcp.AcceptConnReq(pThis->pTcp, &pNew->pTcp));
+	
+	*ppNew = (nsd_t*) pNew;
+
+finalize_it:
+	if(iRet != RS_RET_OK) {
+		if(pNew != NULL)
+			nsd_gtlsDestruct(&pNew);
+	}
+	RETiRet;
+}
+
+
+/* receive data from a tcp socket
+ * The lenBuf parameter must contain the max buffer size on entry and contains
+ * the number of octets read (or -1 in case of error) on exit. This function
+ * never blocks, not even when called on a blocking socket. That is important
+ * for client sockets, which are set to block during send, but should not
+ * block when trying to read data. If *pLenBuf is -1, an error occured and
+ * errno holds the exact error cause.
+ * rgerhards, 2008-03-17
+ */
+static rsRetVal
+Rcv(nsd_t *pNsd, uchar *pBuf, ssize_t *pLenBuf)
+{
+	DEFiRet;
+	nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd;
+	ISOBJ_TYPE_assert(pThis, nsd_gtls);
+
+	if(pThis->iMode == 0) {
+		CHKiRet(nsd_ptcp.Rcv(pThis->pTcp, pBuf, pLenBuf));
+		FINALIZE;
+	}
+
+	/* in TLS mode now */
+
+finalize_it:
+	RETiRet;
+}
+
+
+/* send a buffer. On entry, pLenBuf contains the number of octets to
+ * write. On exit, it contains the number of octets actually written.
+ * If this number is lower than on entry, only a partial buffer has
+ * been written.
+ * rgerhards, 2008-03-19
+ */
+static rsRetVal
+Send(nsd_t *pNsd, uchar *pBuf, ssize_t *pLenBuf)
+{
+	int iSent;
+	nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd;
+	DEFiRet;
+	ISOBJ_TYPE_assert(pThis, nsd_gtls);
+
+	if(pThis->iMode == 0) {
+		CHKiRet(nsd_ptcp.Send(pThis->pTcp, pBuf, pLenBuf));
+		FINALIZE;
+	}
+
+	/* in TLS mode now */
+	while(1) { /* loop broken inside */
+		iSent = gnutls_record_send(pThis->sess, pBuf, *pLenBuf);
+		if(iSent >= 0) {
+			*pLenBuf = iSent;
+			break;
+		}
+		if(iSent != GNUTLS_E_INTERRUPTED && iSent != GNUTLS_E_AGAIN)
+			ABORT_FINALIZE(RS_RET_GNUTLS_ERR);
+	}
+
+finalize_it:
+	RETiRet;
+}
+
+
+/* open a connection to a remote host (server). With GnuTLS, we always
+ * open a plain tcp socket and then, if in TLS mode, do a handshake on it.
+ * rgerhards, 2008-03-19
+ */
+static rsRetVal
+Connect(nsd_t *pNsd, int family, uchar *port, uchar *host)
+{
+	nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd;
+	int sock;
+	int gnuRet;
+	static const int cert_type_priority[3] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
+	DEFiRet;
+
+	ISOBJ_TYPE_assert(pThis, nsd_gtls);
+	assert(port != NULL);
+	assert(host != NULL);
+
+	CHKiRet(nsd_ptcp.Connect(pThis->pTcp, family, port, host));
+
+	if(pThis->iMode == 0)
+		FINALIZE;
+	
+	/* we reach this point if in TLS mode */
+	CHKgnutls(gnutls_init(&pThis->sess, GNUTLS_CLIENT));
+	pThis->bHaveSess = 1;
+
+	/* Use default priorities */
+	CHKgnutls(gnutls_set_default_priority(pThis->sess));
+	CHKgnutls(gnutls_certificate_type_set_priority(pThis->sess, cert_type_priority));
+
+	/* put the x509 credentials to the current session */
+	CHKgnutls(gnutls_credentials_set(pThis->sess, GNUTLS_CRD_CERTIFICATE, xcred));
+
+	/* assign the socket to GnuTls */
+	CHKiRet(nsd_ptcp.GetSock(pThis->pTcp, &sock));
+	gnutls_transport_set_ptr(pThis->sess, (gnutls_transport_ptr)sock);
+
+	/* and perform the handshake */
+	CHKgnutls(gnutls_handshake(pThis->sess));
+	dbgprintf("GnuTLS handshake succeeded\n");
+
+finalize_it:
+	if(iRet != RS_RET_OK) {
+		if(pThis->bHaveSess) {
+			gnutls_deinit(pThis->sess);
+			pThis->bHaveSess = 0;
+		}
+	}
+
+	RETiRet;
+}
+
+
+/* queryInterface function */
+BEGINobjQueryInterface(nsd_gtls)
+CODESTARTobjQueryInterface(nsd_gtls)
+	if(pIf->ifVersion != nsdCURR_IF_VERSION) {/* check for current version, increment on each change */
+		ABORT_FINALIZE(RS_RET_INTERFACE_NOT_SUPPORTED);
+	}
+
+	/* ok, we have the right interface, so let's fill it
+	 * Please note that we may also do some backwards-compatibility
+	 * work here (if we can support an older interface version - that,
+	 * of course, also affects the "if" above).
+	 */
+	pIf->Construct = (rsRetVal(*)(nsd_t**)) nsd_gtlsConstruct;
+	pIf->Destruct = (rsRetVal(*)(nsd_t**)) nsd_gtlsDestruct;
+	pIf->Abort = Abort;
+	pIf->LstnInit = LstnInit;
+	pIf->AcceptConnReq = AcceptConnReq;
+	pIf->Rcv = Rcv;
+	pIf->Send = Send;
+	pIf->Connect = Connect;
+	pIf->SetSock = SetSock;
+	pIf->GetRemoteHName = GetRemoteHName;
+	pIf->GetRemoteIP = GetRemoteIP;
+finalize_it:
+ENDobjQueryInterface(nsd_gtls)
+
+
+/* exit our class
+ */
+BEGINObjClassExit(nsd_gtls, OBJ_IS_LOADABLE_MODULE) /* CHANGE class also in END MACRO! */
+CODESTARTObjClassExit(nsd_gtls)
+	gtlsGlblExit();	/* shut down GnuTLS */
+
+	/* release objects we no longer need */
+	objRelease(nsd_ptcp, LM_NSD_PTCP_FILENAME);
+	objRelease(glbl, CORE_COMPONENT);
+	objRelease(errmsg, CORE_COMPONENT);
+ENDObjClassExit(nsd_gtls)
+
+
+/* Initialize the nsd_gtls class. Must be called as the very first method
+ * before anything else is called inside this class.
+ * rgerhards, 2008-02-19
+ */
+BEGINObjClassInit(nsd_gtls, 1, OBJ_IS_LOADABLE_MODULE) /* class, version */
+	/* request objects we use */
+	CHKiRet(objUse(errmsg, CORE_COMPONENT));
+	CHKiRet(objUse(glbl, CORE_COMPONENT));
+	CHKiRet(objUse(nsd_ptcp, LM_NSD_PTCP_FILENAME));
+
+	/* now do global TLS init stuff */
+	CHKiRet(gtlsGlblInit());
+ENDObjClassInit(nsd_gtls)
+
+
+/* --------------- here now comes the plumbing that makes as a library module --------------- */
+
+
+BEGINmodExit
+CODESTARTmodExit
+	nsd_gtlsClassExit();
+ENDmodExit
+
+
+BEGINqueryEtryPt
+CODESTARTqueryEtryPt
+CODEqueryEtryPt_STD_LIB_QUERIES
+ENDqueryEtryPt
+
+
+BEGINmodInit()
+CODESTARTmodInit
+	*ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */
+
+	/* Initialize all classes that are in our module - this includes ourselfs */
+	CHKiRet(nsd_gtlsClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */
+ENDmodInit
+/* vi:set ai:
+ */
diff --git a/runtime/nsd_gtls.h b/runtime/nsd_gtls.h
new file mode 100644
index 00000000..c193f57c
--- /dev/null
+++ b/runtime/nsd_gtls.h
@@ -0,0 +1,49 @@
+/* An implementation of the nsd interface for GnuTLS.
+ *
+ * Copyright 2008 Rainer Gerhards and Adiscon GmbH.
+ *
+ * This file is part of the rsyslog runtime library.
+ *
+ * The rsyslog runtime library is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * The rsyslog runtime library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the rsyslog runtime library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * A copy of the GPL can be found in the file "COPYING" in this distribution.
+ * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution.
+ */
+
+#ifndef INCLUDED_NSD_GTLS_H
+#define INCLUDED_NSD_GTLS_H
+
+#include "nsd.h"
+
+typedef nsd_if_t nsd_gtls_if_t; /* we just *implement* this interface */
+
+/* the nsd_gtls object */
+struct nsd_gtls_s {
+	BEGINobjInstance;	/* Data to implement generic object - MUST be the first data element! */
+	nsd_t *pTcp;		/**< our aggregated nsd_ptcp data */
+	int iMode;		/* 0 - plain tcp, 1 - TLS */
+	gnutls_session sess;
+	int bHaveSess;
+};
+
+/* interface is defined in nsd.h, we just implement it! */
+#define nsd_gtlsCURR_IF_VERSION nsdCURR_IF_VERSION
+
+/* prototypes */
+PROTOTYPEObj(nsd_gtls);
+
+/* the name of our library binary */
+#define LM_NSD_GTLS_FILENAME "lmnsd_gtls"
+
+#endif /* #ifndef INCLUDED_NSD_GTLS_H */
diff --git a/runtime/nsd_ptcp.c b/runtime/nsd_ptcp.c
new file mode 100644
index 00000000..2a74e061
--- /dev/null
+++ b/runtime/nsd_ptcp.c
@@ -0,0 +1,675 @@
+/* nsd_ptcp.c
+ *
+ * An implementation of the nsd interface for plain tcp sockets.
+ * 
+ * Copyright 2007, 2008 Rainer Gerhards and Adiscon GmbH.
+ *
+ * This file is part of the rsyslog runtime library.
+ *
+ * The rsyslog runtime library is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * The rsyslog runtime library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the rsyslog runtime library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * A copy of the GPL can be found in the file "COPYING" in this distribution.
+ * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution.
+ */
+#include "config.h"
+
+#include "rsyslog.h"
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <errno.h>
+#include <string.h>
+#include <signal.h>
+#include <ctype.h>
+#include <netdb.h>
+#include <fnmatch.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+#include "syslogd-types.h"
+#include "module-template.h"
+#include "parse.h"
+#include "srUtils.h"
+#include "obj.h"
+#include "errmsg.h"
+#include "net.h"
+#include "netstrms.h"
+#include "netstrm.h"
+#include "nsd_ptcp.h"
+
+MODULE_TYPE_LIB
+
+/* static data */
+DEFobjStaticHelpers
+DEFobjCurrIf(errmsg)
+DEFobjCurrIf(glbl)
+DEFobjCurrIf(net)
+DEFobjCurrIf(netstrms)
+DEFobjCurrIf(netstrm)
+
+
+/* a few deinit helpers */
+
+/* close socket if open (may always be called) */
+static void
+sockClose(int *pSock)
+{
+	if(*pSock >= 0) {
+		close(*pSock);
+		*pSock = -1;
+	}
+}
+
+/* Standard-Constructor
+ */
+BEGINobjConstruct(nsd_ptcp) /* be sure to specify the object type also in END macro! */
+	pThis->sock = -1;
+ENDobjConstruct(nsd_ptcp)
+
+
+/* destructor for the nsd_ptcp object */
+BEGINobjDestruct(nsd_ptcp) /* be sure to specify the object type also in END and CODESTART macros! */
+CODESTARTobjDestruct(nsd_ptcp)
+	sockClose(&pThis->sock);
+	if(pThis->pRemHostIP != NULL)
+		free(pThis->pRemHostIP);
+	if(pThis->pRemHostName != NULL)
+		free(pThis->pRemHostName);
+ENDobjDestruct(nsd_ptcp)
+
+
+/* Provide access to the underlying OS socket. This is primarily
+ * useful for other drivers (like nsd_gtls) who utilize ourselfs
+ * for some of their functionality. -- rgerhards, 2008-04-18
+ */
+static rsRetVal
+GetSock(nsd_t *pNsd, int *pSock)
+{
+	nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd;
+	DEFiRet;
+
+	ISOBJ_TYPE_assert((pThis), nsd_ptcp);
+	assert(pSock != NULL);
+
+	*pSock = pThis->sock;
+
+	RETiRet;
+}
+
+
+/* Provide access to the underlying OS socket. This is primarily
+ * useful for other drivers (like nsd_gtls) who utilize ourselfs
+ * for some of their functionality.
+ * This function sets the socket -- rgerhards, 2008-04-25
+ */
+static rsRetVal
+SetSock(nsd_t *pNsd, int sock)
+{
+	nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd;
+	DEFiRet;
+
+	ISOBJ_TYPE_assert((pThis), nsd_ptcp);
+	assert(sock >= 0);
+
+	pThis->sock = sock;
+
+	RETiRet;
+}
+
+
+/* abort a connection. This is meant to be called immediately
+ * before the Destruct call. -- rgerhards, 2008-03-24
+ */
+static rsRetVal
+Abort(nsd_t *pNsd)
+{
+	struct linger ling;
+	nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd;
+
+	DEFiRet;
+	ISOBJ_TYPE_assert((pThis), nsd_ptcp);
+
+	if((pThis)->sock != -1) {
+		ling.l_onoff = 1;
+		ling.l_linger = 0;
+       		if(setsockopt((pThis)->sock, SOL_SOCKET, SO_LINGER, &ling, sizeof(ling)) < 0 ) {
+			dbgprintf("could not set SO_LINGER, errno %d\n", errno);
+		}
+	}
+
+	RETiRet;
+}
+
+
+/* Set pRemHost based on the address provided. This is to be called upon accept()ing
+ * a connection request. It must be provided by the socket we received the
+ * message on as well as a NI_MAXHOST size large character buffer for the FQDN.
+ * Please see http://www.hmug.org/man/3/getnameinfo.php (under Caveats)
+ * for some explanation of the code found below. If we detect a malicious
+ * hostname, we return RS_RET_MALICIOUS_HNAME and let the caller decide
+ * on how to deal with that.
+ * rgerhards, 2008-03-31
+ */
+static rsRetVal
+FillRemHost(nsd_ptcp_t *pThis, struct sockaddr *pAddr)
+{
+	int error;
+	uchar szIP[NI_MAXHOST] = "";
+	uchar szHname[NI_MAXHOST] = "";
+	struct addrinfo hints, *res;
+	size_t len;
+	
+	DEFiRet;
+	ISOBJ_TYPE_assert(pThis, nsd_ptcp);
+	assert(pAddr != NULL);
+
+        error = getnameinfo(pAddr, SALEN(pAddr), (char*)szIP, sizeof(szIP), NULL, 0, NI_NUMERICHOST);
+
+        if(error) {
+                dbgprintf("Malformed from address %s\n", gai_strerror(error));
+		strcpy((char*)szHname, "???");
+		strcpy((char*)szIP, "???");
+		ABORT_FINALIZE(RS_RET_INVALID_HNAME);
+	}
+
+	if(!glbl.GetDisableDNS()) {
+		error = getnameinfo(pAddr, SALEN(pAddr), (char*)szHname, NI_MAXHOST, NULL, 0, NI_NAMEREQD);
+		if(error == 0) {
+			memset (&hints, 0, sizeof (struct addrinfo));
+			hints.ai_flags = AI_NUMERICHOST;
+			hints.ai_socktype = SOCK_STREAM;
+			/* we now do a lookup once again. This one should fail,
+			 * because we should not have obtained a non-numeric address. If
+			 * we got a numeric one, someone messed with DNS!
+			 */
+			if(getaddrinfo((char*)szHname, NULL, &hints, &res) == 0) {
+				freeaddrinfo (res);
+				/* OK, we know we have evil, so let's indicate this to our caller */
+				snprintf((char*)szHname, NI_MAXHOST, "[MALICIOUS:IP=%s]", szIP);
+				dbgprintf("Malicious PTR record, IP = \"%s\" HOST = \"%s\"", szIP, szHname);
+				iRet = RS_RET_MALICIOUS_HNAME;
+			}
+		} else {
+			strcpy((char*)szHname, (char*)szIP);
+		}
+	} else {
+		strcpy((char*)szHname, (char*)szIP);
+	}
+
+	/* We now have the names, so now let's allocate memory and store them permanently.
+	 * (side note: we may hold on to these values for quite a while, thus we trim their
+	 * memory consumption)
+	 */
+	len = strlen((char*)szIP) + 1; /* +1 for \0 byte */
+	if((pThis->pRemHostIP = malloc(len)) == NULL)
+		ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY);
+	memcpy(pThis->pRemHostIP, szIP, len);
+
+	len = strlen((char*)szHname) + 1; /* +1 for \0 byte */
+	if((pThis->pRemHostName = malloc(len)) == NULL) {
+		free(pThis->pRemHostIP); /* prevent leak */
+		pThis->pRemHostIP = NULL;
+		ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY);
+	}
+	memcpy(pThis->pRemHostName, szHname, len);
+
+finalize_it:
+	RETiRet;
+}
+
+
+/* accept an incoming connection request
+ * rgerhards, 2008-04-22
+ */
+static rsRetVal
+AcceptConnReq(nsd_t *pNsd, nsd_t **ppNew)
+{
+	int sockflags;
+	nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd;
+	struct sockaddr_storage addr;
+	socklen_t addrlen = sizeof(addr);
+	nsd_ptcp_t *pNew = NULL;
+	int iNewSock = -1;
+
+	DEFiRet;
+	assert(ppNew != NULL);
+	ISOBJ_TYPE_assert(pThis, nsd_ptcp);
+
+	iNewSock = accept(pThis->sock, (struct sockaddr*) &addr, &addrlen);
+	if(iNewSock < 0) {
+		ABORT_FINALIZE(RS_RET_ACCEPT_ERR);
+	}
+
+	/* construct our object so that we can use it... */
+	CHKiRet(nsd_ptcpConstruct(&pNew));
+
+	CHKiRet(FillRemHost(pNew, (struct sockaddr*) &addr));
+
+	/* set the new socket to non-blocking IO -TODO:do we really need to do this here? Do we always want it? */
+	if((sockflags = fcntl(iNewSock, F_GETFL)) != -1) {
+		sockflags |= O_NONBLOCK;
+		/* SETFL could fail too, so get it caught by the subsequent
+		 * error check.
+		 */
+		sockflags = fcntl(iNewSock, F_SETFL, sockflags);
+	}
+	if(sockflags == -1) {
+		dbgprintf("error %d setting fcntl(O_NONBLOCK) on tcp socket %d", errno, iNewSock);
+		ABORT_FINALIZE(RS_RET_IO_ERROR);
+	}
+
+	pNew->sock = iNewSock;
+	*ppNew = (nsd_t*) pNew;
+
+finalize_it:
+	if(iRet != RS_RET_OK) {
+		if(pNew != NULL)
+			nsd_ptcpDestruct(&pNew);
+		/* the close may be redundant, but that doesn't hurt... */
+		sockClose(&iNewSock);
+	}
+
+	RETiRet;
+}
+
+
+/* initialize tcp sockets for a listner. The initialized sockets are passed to the
+ * app-level caller via a callback.
+ * pLstnPort must point to a port name or number. NULL is NOT permitted. pLstnIP
+ * points to the port to listen to (NULL means "all"), iMaxSess has the maximum
+ * number of sessions permitted.
+ * rgerhards, 2008-04-22
+ */
+static rsRetVal
+LstnInit(netstrms_t *pNS, void *pUsr, rsRetVal(*fAddLstn)(void*,netstrm_t*),
+	 uchar *pLstnPort, uchar *pLstnIP, int iSessMax)
+{
+	DEFiRet;
+	netstrm_t *pNewStrm = NULL;
+	nsd_t *pNewNsd = NULL;
+        int error, maxs, on = 1;
+	int sock;
+	int numSocks;
+	int sockflags;
+        struct addrinfo hints, *res = NULL, *r;
+
+	ISOBJ_TYPE_assert(pNS, netstrms);
+	assert(fAddLstn != NULL);
+	assert(pLstnPort != NULL);
+	assert(iSessMax >= 0);
+
+	dbgprintf("creating tcp listen socket on port %s\n", pLstnPort);
+
+        memset(&hints, 0, sizeof(hints));
+        hints.ai_flags = AI_PASSIVE;
+        hints.ai_family = glbl.GetDefPFFamily();
+        hints.ai_socktype = SOCK_STREAM;
+
+        error = getaddrinfo((char*)pLstnIP, (char*) pLstnPort, &hints, &res);
+        if(error) {
+		dbgprintf("error %d querying port '%s'\n", error, pLstnPort);
+		ABORT_FINALIZE(RS_RET_INVALID_PORT);
+	}
+
+        /* Count max number of sockets we may open */
+        for(maxs = 0, r = res; r != NULL ; r = r->ai_next, maxs++)
+		/* EMPTY */;
+
+        numSocks = 0;   /* num of sockets counter at start of array */
+	for(r = res; r != NULL ; r = r->ai_next) {
+               sock = socket(r->ai_family, r->ai_socktype, r->ai_protocol);
+        	if(sock < 0) {
+			if(!(r->ai_family == PF_INET6 && errno == EAFNOSUPPORT))
+				dbgprintf("error %d creating tcp listen socket", errno);
+				/* it is debatable if PF_INET with EAFNOSUPPORT should
+				 * also be ignored...
+				 */
+                        continue;
+                }
+
+#ifdef IPV6_V6ONLY
+                if(r->ai_family == AF_INET6) {
+                	int iOn = 1;
+			if(setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY,
+			      (char *)&iOn, sizeof (iOn)) < 0) {
+				close(sock);
+				continue;
+                	}
+                }
+#endif
+       		if(setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *) &on, sizeof(on)) < 0 ) {
+			dbgprintf("error %d setting tcp socket option\n", errno);
+                        close(sock);
+			continue;
+		}
+
+		/* We use non-blocking IO! */
+		if((sockflags = fcntl(sock, F_GETFL)) != -1) {
+			sockflags |= O_NONBLOCK;
+			/* SETFL could fail too, so get it caught by the subsequent
+			 * error check.
+			 */
+			sockflags = fcntl(sock, F_SETFL, sockflags);
+		}
+		if(sockflags == -1) {
+			dbgprintf("error %d setting fcntl(O_NONBLOCK) on tcp socket", errno);
+                        close(sock);
+			continue;
+		}
+
+
+
+		/* We need to enable BSD compatibility. Otherwise an attacker
+		 * could flood our log files by sending us tons of ICMP errors.
+		 */
+#ifndef BSD	
+		if(net.should_use_so_bsdcompat()) {
+			if (setsockopt(sock, SOL_SOCKET, SO_BSDCOMPAT,
+					(char *) &on, sizeof(on)) < 0) {
+				errmsg.LogError(NO_ERRCODE, "TCP setsockopt(BSDCOMPAT)");
+                                close(sock);
+				continue;
+			}
+		}
+#endif
+
+	        if( (bind(sock, r->ai_addr, r->ai_addrlen) < 0)
+#ifndef IPV6_V6ONLY
+		     && (errno != EADDRINUSE)
+#endif
+	           ) {
+			/* TODO: check if *we* bound the socket - else we *have* an error! */
+                        dbgprintf("error %d while binding tcp socket", errno);
+                	close(sock);
+                        continue;
+                }
+
+		if(listen(sock, iSessMax / 10 + 5) < 0) {
+			/* If the listen fails, it most probably fails because we ask
+			 * for a too-large backlog. So in this case we first set back
+			 * to a fixed, reasonable, limit that should work. Only if
+			 * that fails, too, we give up.
+			 */
+			dbgprintf("listen with a backlog of %d failed - retrying with default of 32.",
+				   iSessMax / 10 + 5);
+			if(listen(sock, 32) < 0) {
+				dbgprintf("tcp listen error %d, suspending\n", errno);
+	                	close(sock);
+               		        continue;
+			}
+		}
+
+		/* if we reach this point, we were able to obtain a valid socket, so we can
+		 * construct a new netstrm obj and hand it over to the upper layers for inclusion
+		 * into their socket array. -- rgerhards, 2008-04-23
+		 */
+RUNLOG_VAR("%d", sock);
+		CHKiRet(pNS->Drvr.Construct(&pNewNsd));
+		CHKiRet(pNS->Drvr.SetSock(pNewNsd, sock));
+RUNLOG;
+		CHKiRet(netstrms.CreateStrm(pNS, &pNewStrm));
+		pNewStrm->pDrvrData = (nsd_t*) pNewNsd;
+RUNLOG;
+		CHKiRet(fAddLstn(pUsr, pNewStrm));
+		pNewNsd = NULL;
+		pNewStrm = NULL;
+		++numSocks;
+	}
+
+	if(numSocks != maxs)
+		dbgprintf("We could initialize %d TCP listen sockets out of %d we received "
+		 	  "- this may or may not be an error indication.\n", numSocks, maxs);
+
+        if(numSocks == 0) {
+		dbgprintf("No TCP listen sockets could successfully be initialized");
+		ABORT_FINALIZE(RS_RET_COULD_NOT_BIND);
+	}
+
+finalize_it:
+	if(res != NULL)
+		freeaddrinfo(res);
+
+	if(iRet != RS_RET_OK) {
+		if(pNewStrm != NULL)
+			netstrm.Destruct(&pNewStrm);
+		if(pNewNsd != NULL)
+			pNS->Drvr.Destruct(&pNewNsd);
+	}
+
+	RETiRet;
+}
+
+
+/* receive data from a tcp socket
+ * The lenBuf parameter must contain the max buffer size on entry and contains
+ * the number of octets read (or -1 in case of error) on exit. This function
+ * never blocks, not even when called on a blocking socket. That is important
+ * for client sockets, which are set to block during send, but should not
+ * block when trying to read data. If *pLenBuf is -1, an error occured and
+ * errno holds the exact error cause.
+ * rgerhards, 2008-03-17
+ */
+static rsRetVal
+Rcv(nsd_t *pNsd, uchar *pRcvBuf, ssize_t *pLenBuf)
+{
+	DEFiRet;
+	nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd;
+	ISOBJ_TYPE_assert(pThis, nsd_ptcp);
+
+	*pLenBuf = recv(pThis->sock, pRcvBuf, *pLenBuf, MSG_DONTWAIT);
+
+	RETiRet;
+}
+
+
+/* send a buffer. On entry, pLenBuf contains the number of octets to
+ * write. On exit, it contains the number of octets actually written.
+ * If this number is lower than on entry, only a partial buffer has
+ * been written.
+ * rgerhards, 2008-03-19
+ */
+static rsRetVal
+Send(nsd_t *pNsd, uchar *pBuf, ssize_t *pLenBuf)
+{
+	nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd;
+	ssize_t written;
+	DEFiRet;
+	ISOBJ_TYPE_assert(pThis, nsd_ptcp);
+
+	written = send(pThis->sock, pBuf, *pLenBuf, 0);
+
+	if(written == -1) {
+		switch(errno) {
+			case EAGAIN:
+			case EINTR:
+				/* this is fine, just retry... */
+				written = 0;
+				break;
+			default:
+				ABORT_FINALIZE(RS_RET_IO_ERROR);
+				break;
+		}
+	}
+
+	*pLenBuf = written;
+finalize_it:
+	RETiRet;
+}
+
+
+/* open a connection to a remote host (server).
+ * rgerhards, 2008-03-19
+ */
+static rsRetVal
+Connect(nsd_t *pNsd, int family, uchar *port, uchar *host)
+{
+	nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd;
+	struct addrinfo *res = NULL;
+	struct addrinfo hints;
+
+	DEFiRet;
+	ISOBJ_TYPE_assert(pThis, nsd_ptcp);
+	assert(port != NULL);
+	assert(host != NULL);
+	assert(pThis->sock == -1);
+
+	memset(&hints, 0, sizeof(hints));
+	hints.ai_family = family;
+	hints.ai_socktype = SOCK_STREAM;
+	if(getaddrinfo((char*)host, (char*)port, &hints, &res) != 0) {
+		dbgprintf("error %d in getaddrinfo\n", errno);
+		ABORT_FINALIZE(RS_RET_IO_ERROR);
+	}
+	
+	if((pThis->sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol)) == -1) {
+		ABORT_FINALIZE(RS_RET_IO_ERROR);
+	}
+
+	if(connect(pThis->sock, res->ai_addr, res->ai_addrlen) != 0) {
+		ABORT_FINALIZE(RS_RET_IO_ERROR);
+	}
+
+finalize_it:
+	if(res != NULL)
+               freeaddrinfo(res);
+		
+	if(iRet != RS_RET_OK) {
+		sockClose(&pThis->sock);
+	}
+
+	RETiRet;
+}
+
+
+/* get the remote hostname. The returned hostname must be freed by the
+ * caller.
+ * rgerhards, 2008-04-24
+ */
+static rsRetVal
+GetRemoteHName(nsd_t *pNsd, uchar **ppszHName)
+{
+	DEFiRet;
+	nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd;
+	ISOBJ_TYPE_assert(pThis, nsd_ptcp);
+	assert(ppszHName != NULL);
+
+	// TODO: how can the RemHost be empty?
+	CHKmalloc(*ppszHName = (uchar*)strdup(pThis->pRemHostName == NULL ? "" : (char*) pThis->pRemHostName));
+
+finalize_it:
+	RETiRet;
+}
+
+
+/* get the remote host's IP address. The returned string must be freed by the
+ * caller.
+ * rgerhards, 2008-04-24
+ */
+static rsRetVal
+GetRemoteIP(nsd_t *pNsd, uchar **ppszIP)
+{
+	DEFiRet;
+	nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd;
+	ISOBJ_TYPE_assert(pThis, nsd_ptcp);
+	assert(ppszIP != NULL);
+
+	CHKmalloc(*ppszIP = (uchar*)strdup(pThis->pRemHostIP == NULL ? "" : (char*) pThis->pRemHostIP));
+
+finalize_it:
+	RETiRet;
+}
+
+
+/* queryInterface function */
+BEGINobjQueryInterface(nsd_ptcp)
+CODESTARTobjQueryInterface(nsd_ptcp)
+	if(pIf->ifVersion != nsdCURR_IF_VERSION) {/* check for current version, increment on each change */
+		ABORT_FINALIZE(RS_RET_INTERFACE_NOT_SUPPORTED);
+	}
+
+	/* ok, we have the right interface, so let's fill it
+	 * Please note that we may also do some backwards-compatibility
+	 * work here (if we can support an older interface version - that,
+	 * of course, also affects the "if" above).
+	 */
+	pIf->Construct = (rsRetVal(*)(nsd_t**)) nsd_ptcpConstruct;
+	pIf->Destruct = (rsRetVal(*)(nsd_t**)) nsd_ptcpDestruct;
+	pIf->Abort = Abort;
+	pIf->GetSock = GetSock;
+	pIf->SetSock = SetSock;
+	pIf->Rcv = Rcv;
+	pIf->Send = Send;
+	pIf->LstnInit = LstnInit;
+	pIf->AcceptConnReq = AcceptConnReq;
+	pIf->Connect = Connect;
+	pIf->GetRemoteHName = GetRemoteHName;
+	pIf->GetRemoteIP = GetRemoteIP;
+finalize_it:
+ENDobjQueryInterface(nsd_ptcp)
+
+
+/* exit our class
+ */
+BEGINObjClassExit(nsd_ptcp, OBJ_IS_LOADABLE_MODULE) /* CHANGE class also in END MACRO! */
+CODESTARTObjClassExit(nsd_ptcp)
+	/* release objects we no longer need */
+	objRelease(net, CORE_COMPONENT);
+	objRelease(glbl, CORE_COMPONENT);
+	objRelease(errmsg, CORE_COMPONENT);
+	objRelease(netstrm, LM_NETSTRM_FILENAME);
+	objRelease(netstrms, LM_NETSTRMS_FILENAME);
+ENDObjClassExit(nsd_ptcp)
+
+
+/* Initialize the nsd_ptcp class. Must be called as the very first method
+ * before anything else is called inside this class.
+ * rgerhards, 2008-02-19
+ */
+BEGINObjClassInit(nsd_ptcp, 1, OBJ_IS_LOADABLE_MODULE) /* class, version */
+	/* request objects we use */
+	CHKiRet(objUse(errmsg, CORE_COMPONENT));
+	CHKiRet(objUse(glbl, CORE_COMPONENT));
+	CHKiRet(objUse(net, CORE_COMPONENT));
+	CHKiRet(objUse(netstrm, LM_NETSTRM_FILENAME));
+	CHKiRet(objUse(netstrms, LM_NETSTRMS_FILENAME));
+
+	/* set our own handlers */
+ENDObjClassInit(nsd_ptcp)
+
+
+/* --------------- here now comes the plumbing that makes as a library module --------------- */
+
+
+BEGINmodExit
+CODESTARTmodExit
+	nsd_ptcpClassExit();
+ENDmodExit
+
+
+BEGINqueryEtryPt
+CODESTARTqueryEtryPt
+CODEqueryEtryPt_STD_LIB_QUERIES
+ENDqueryEtryPt
+
+
+BEGINmodInit()
+CODESTARTmodInit
+	*ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */
+
+	/* Initialize all classes that are in our module - this includes ourselfs */
+	CHKiRet(nsd_ptcpClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */
+ENDmodInit
+/* vi:set ai:
+ */
diff --git a/runtime/nsd_ptcp.h b/runtime/nsd_ptcp.h
new file mode 100644
index 00000000..efd3ed05
--- /dev/null
+++ b/runtime/nsd_ptcp.h
@@ -0,0 +1,47 @@
+/* An implementation of the nsd interface for plain tcp sockets.
+ *
+ * Copyright 2007, 2008 Rainer Gerhards and Adiscon GmbH.
+ *
+ * This file is part of the rsyslog runtime library.
+ *
+ * The rsyslog runtime library is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * The rsyslog runtime library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the rsyslog runtime library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * A copy of the GPL can be found in the file "COPYING" in this distribution.
+ * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution.
+ */
+
+#ifndef INCLUDED_NSD_PTCP_H
+#define INCLUDED_NSD_PTCP_H
+
+#include "nsd.h"
+typedef nsd_if_t nsd_ptcp_if_t; /* we just *implement* this interface */
+
+/* the nsd_ptcp object */
+struct nsd_ptcp_s {
+	BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */
+	uchar *pRemHostIP; /**< IP address of remote peer (currently used in server mode, only) */
+	uchar *pRemHostName; /**< host name of remote peer (currently used in server mode, only) */
+	int sock;	/**< the socket we use for regular, single-socket, operations */
+};
+
+/* interface is defined in nsd.h, we just implement it! */
+#define nsd_ptcpCURR_IF_VERSION nsdCURR_IF_VERSION
+
+/* prototypes */
+PROTOTYPEObj(nsd_ptcp);
+
+/* the name of our library binary */
+#define LM_NSD_PTCP_FILENAME "lmnsd_ptcp"
+
+#endif /* #ifndef INCLUDED_NSD_PTCP_H */
diff --git a/runtime/nsdsel_gtls.c b/runtime/nsdsel_gtls.c
new file mode 100644
index 00000000..7cafec49
--- /dev/null
+++ b/runtime/nsdsel_gtls.c
@@ -0,0 +1,184 @@
+/* nsdsel_gtls.c
+ *
+ * An implementation of the nsd select() interface for GnuTLS.
+ * 
+ * Copyright (C) 2008 Rainer Gerhards and Adiscon GmbH.
+ *
+ * This file is part of the rsyslog runtime library.
+ *
+ * The rsyslog runtime library is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * The rsyslog runtime library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the rsyslog runtime library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * A copy of the GPL can be found in the file "COPYING" in this distribution.
+ * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution.
+ */
+#include "config.h"
+
+#include <stdlib.h>
+#include <assert.h>
+#include <errno.h>
+#include <string.h>
+#include <sys/select.h>
+#include <gnutls/gnutls.h>
+
+#include "rsyslog.h"
+#include "module-template.h"
+#include "obj.h"
+#include "errmsg.h"
+#include "nsd.h"
+#include "nsd_gtls.h"
+#include "nsdsel_ptcp.h"
+#include "nsdsel_gtls.h"
+
+MODULE_TYPE_LIB
+
+/* static data */
+DEFobjStaticHelpers
+DEFobjCurrIf(errmsg)
+DEFobjCurrIf(glbl)
+DEFobjCurrIf(nsdsel_ptcp)
+
+
+/* Standard-Constructor
+ */
+BEGINobjConstruct(nsdsel_gtls) /* be sure to specify the object type also in END macro! */
+	iRet = nsdsel_ptcp.Construct(&pThis->pTcp);
+ENDobjConstruct(nsdsel_gtls)
+
+
+/* destructor for the nsdsel_gtls object */
+BEGINobjDestruct(nsdsel_gtls) /* be sure to specify the object type also in END and CODESTART macros! */
+CODESTARTobjDestruct(nsdsel_gtls)
+	if(pThis->pTcp != NULL)
+		nsdsel_ptcp.Destruct(&pThis->pTcp);
+ENDobjDestruct(nsdsel_gtls)
+
+
+/* Add a socket to the select set */
+static rsRetVal
+Add(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp)
+{
+	DEFiRet;
+	nsdsel_gtls_t *pThis = (nsdsel_gtls_t*) pNsdsel;
+	nsd_gtls_t *pNsdGTLS = (nsd_gtls_t*) pNsd;
+
+	ISOBJ_TYPE_assert(pThis, nsdsel_gtls);
+	ISOBJ_TYPE_assert(pNsdGTLS, nsd_gtls);
+	iRet = nsdsel_ptcp.Add(pThis->pTcp, pNsdGTLS->pTcp, waitOp);
+	RETiRet;
+}
+
+
+/* perform the select()  piNumReady returns how many descriptors are ready for IO 
+ * TODO: add timeout!
+ */
+static rsRetVal
+Select(nsdsel_t *pNsdsel, int *piNumReady)
+{
+	DEFiRet;
+	nsdsel_gtls_t *pThis = (nsdsel_gtls_t*) pNsdsel;
+
+	ISOBJ_TYPE_assert(pThis, nsdsel_gtls);
+	iRet = nsdsel_ptcp.Select(pThis->pTcp, piNumReady);
+	RETiRet;
+}
+
+
+/* check if a socket is ready for IO */
+static rsRetVal
+IsReady(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp, int *pbIsReady)
+{
+	DEFiRet;
+	nsdsel_gtls_t *pThis = (nsdsel_gtls_t*) pNsdsel;
+	nsd_gtls_t *pNsdGTLS = (nsd_gtls_t*) pNsd;
+
+	ISOBJ_TYPE_assert(pThis, nsdsel_gtls);
+	ISOBJ_TYPE_assert(pNsdGTLS, nsd_gtls);
+	iRet = nsdsel_ptcp.IsReady(pThis->pTcp, pNsdGTLS->pTcp, waitOp, pbIsReady);
+	RETiRet;
+}
+
+
+/* ------------------------------ end support for the select() interface ------------------------------ */
+
+
+/* queryInterface function */
+BEGINobjQueryInterface(nsdsel_gtls)
+CODESTARTobjQueryInterface(nsdsel_gtls)
+	if(pIf->ifVersion != nsdCURR_IF_VERSION) {/* check for current version, increment on each change */
+		ABORT_FINALIZE(RS_RET_INTERFACE_NOT_SUPPORTED);
+	}
+
+	/* ok, we have the right interface, so let's fill it
+	 * Please note that we may also do some backwards-compatibility
+	 * work here (if we can support an older interface version - that,
+	 * of course, also affects the "if" above).
+	 */
+	pIf->Construct = (rsRetVal(*)(nsdsel_t**)) nsdsel_gtlsConstruct;
+	pIf->Destruct = (rsRetVal(*)(nsdsel_t**)) nsdsel_gtlsDestruct;
+	pIf->Add = Add;
+	pIf->Select = Select;
+	pIf->IsReady = IsReady;
+finalize_it:
+ENDobjQueryInterface(nsdsel_gtls)
+
+
+/* exit our class
+ */
+BEGINObjClassExit(nsdsel_gtls, OBJ_IS_LOADABLE_MODULE) /* CHANGE class also in END MACRO! */
+CODESTARTObjClassExit(nsdsel_gtls)
+	/* release objects we no longer need */
+	objRelease(glbl, CORE_COMPONENT);
+	objRelease(errmsg, CORE_COMPONENT);
+	objRelease(nsdsel_ptcp, LM_NSDSEL_PTCP_FILENAME);
+ENDObjClassExit(nsdsel_gtls)
+
+
+/* Initialize the nsdsel_gtls class. Must be called as the very first method
+ * before anything else is called inside this class.
+ * rgerhards, 2008-02-19
+ */
+BEGINObjClassInit(nsdsel_gtls, 1, OBJ_IS_LOADABLE_MODULE) /* class, version */
+	/* request objects we use */
+	CHKiRet(objUse(errmsg, CORE_COMPONENT));
+	CHKiRet(objUse(glbl, CORE_COMPONENT));
+	CHKiRet(objUse(nsdsel_ptcp, LM_NSDSEL_PTCP_FILENAME));
+
+	/* set our own handlers */
+ENDObjClassInit(nsdsel_gtls)
+
+
+/* --------------- here now comes the plumbing that makes as a library module --------------- */
+
+
+BEGINmodExit
+CODESTARTmodExit
+	nsdsel_gtlsClassExit();
+ENDmodExit
+
+
+BEGINqueryEtryPt
+CODESTARTqueryEtryPt
+CODEqueryEtryPt_STD_LIB_QUERIES
+ENDqueryEtryPt
+
+
+BEGINmodInit()
+CODESTARTmodInit
+	*ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */
+
+	/* Initialize all classes that are in our module - this includes ourselfs */
+	CHKiRet(nsdsel_gtlsClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */
+ENDmodInit
+/* vi:set ai:
+ */
diff --git a/runtime/nsdsel_gtls.h b/runtime/nsdsel_gtls.h
new file mode 100644
index 00000000..a309d302
--- /dev/null
+++ b/runtime/nsdsel_gtls.h
@@ -0,0 +1,45 @@
+/* An implementation of the nsd select interface for GnuTLS.
+ *
+ * Copyright (C) 2008 Rainer Gerhards and Adiscon GmbH.
+ *
+ * This file is part of the rsyslog runtime library.
+ *
+ * The rsyslog runtime library is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * The rsyslog runtime library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the rsyslog runtime library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * A copy of the GPL can be found in the file "COPYING" in this distribution.
+ * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution.
+ */
+
+#ifndef INCLUDED_NSDSEL_GTLS_H
+#define INCLUDED_NSDSEL_GTLS_H
+
+#include "nsd.h"
+typedef nsdsel_if_t nsdsel_gtls_if_t; /* we just *implement* this interface */
+
+/* the nsdsel_gtls object */
+struct nsdsel_gtls_s {
+	BEGINobjInstance;	/* Data to implement generic object - MUST be the first data element! */
+	nsdsel_t *pTcp;		/* our aggregated ptcp sel handler (which does almost everything) */
+};
+
+/* interface is defined in nsd.h, we just implement it! */
+#define nsdsel_gtlsCURR_IF_VERSION nsdCURR_IF_VERSION
+
+/* prototypes */
+PROTOTYPEObj(nsdsel_gtls);
+
+/* the name of our library binary */
+#define LM_NSDSEL_GTLS_FILENAME "lmnsdsel_gtls"
+
+#endif /* #ifndef INCLUDED_NSDSEL_GTLS_H */
diff --git a/runtime/nsdsel_ptcp.c b/runtime/nsdsel_ptcp.c
new file mode 100644
index 00000000..b439063a
--- /dev/null
+++ b/runtime/nsdsel_ptcp.c
@@ -0,0 +1,222 @@
+/* nsdsel_ptcp.c
+ *
+ * An implementation of the nsd select() interface for plain tcp sockets.
+ * 
+ * Copyright 2008 Rainer Gerhards and Adiscon GmbH.
+ *
+ * This file is part of the rsyslog runtime library.
+ *
+ * The rsyslog runtime library is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * The rsyslog runtime library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the rsyslog runtime library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * A copy of the GPL can be found in the file "COPYING" in this distribution.
+ * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution.
+ */
+#include "config.h"
+
+#include <stdlib.h>
+#include <assert.h>
+#include <errno.h>
+#include <string.h>
+#include <sys/select.h>
+
+#include "rsyslog.h"
+#include "module-template.h"
+#include "obj.h"
+#include "errmsg.h"
+#include "nsd_ptcp.h"
+#include "nsdsel_ptcp.h"
+
+MODULE_TYPE_LIB
+
+/* static data */
+DEFobjStaticHelpers
+DEFobjCurrIf(errmsg)
+DEFobjCurrIf(glbl)
+
+
+/* Standard-Constructor
+ */
+BEGINobjConstruct(nsdsel_ptcp) /* be sure to specify the object type also in END macro! */
+	pThis->maxfds = 0;
+	FD_ZERO(&pThis->readfds);
+	FD_ZERO(&pThis->writefds);
+ENDobjConstruct(nsdsel_ptcp)
+
+
+/* destructor for the nsdsel_ptcp object */
+BEGINobjDestruct(nsdsel_ptcp) /* be sure to specify the object type also in END and CODESTART macros! */
+CODESTARTobjDestruct(nsdsel_ptcp)
+ENDobjDestruct(nsdsel_ptcp)
+
+
+/* Add a socket to the select set */
+static rsRetVal
+Add(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp)
+{
+	DEFiRet;
+	nsdsel_ptcp_t *pThis = (nsdsel_ptcp_t*) pNsdsel;
+	nsd_ptcp_t *pSock = (nsd_ptcp_t*) pNsd;
+
+	ISOBJ_TYPE_assert(pSock, nsd_ptcp);
+	ISOBJ_TYPE_assert(pThis, nsdsel_ptcp);
+
+	switch(waitOp) {
+		case NSDSEL_RD:
+			FD_SET(pSock->sock, &pThis->readfds);
+			break;
+		case NSDSEL_WR:
+			FD_SET(pSock->sock, &pThis->writefds);
+			break;
+		case NSDSEL_RDWR:
+			FD_SET(pSock->sock, &pThis->readfds);
+			FD_SET(pSock->sock, &pThis->writefds);
+			break;
+	}
+
+	if(pSock->sock > pThis->maxfds)
+		pThis->maxfds = pSock->sock;
+
+	RETiRet;
+}
+
+
+/* perform the select()  piNumReady returns how many descriptors are ready for IO 
+ * TODO: add timeout!
+ */
+static rsRetVal
+Select(nsdsel_t *pNsdsel, int *piNumReady)
+{
+	DEFiRet;
+	int i;
+	nsdsel_ptcp_t *pThis = (nsdsel_ptcp_t*) pNsdsel;
+
+	ISOBJ_TYPE_assert(pThis, nsdsel_ptcp);
+	assert(piNumReady != NULL);
+
+	if(Debug) { // TODO: debug setting!
+		// TODO: name in dbgprintf!
+		dbgprintf("--------<NSDSEL_PTCP> calling select, active fds (max %d): ", pThis->maxfds);
+		for(i = 0; i <= pThis->maxfds; ++i)
+			if(FD_ISSET(i, &pThis->readfds) || FD_ISSET(i, &pThis->writefds))
+				dbgprintf("%d ", i);
+		dbgprintf("\n");
+	}
+
+	/* now do the select */
+	*piNumReady = select(pThis->maxfds+1, &pThis->readfds, &pThis->writefds, NULL, NULL);
+
+	RETiRet;
+}
+
+
+/* check if a socket is ready for IO */
+static rsRetVal
+IsReady(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp, int *pbIsReady)
+{
+	DEFiRet;
+	nsdsel_ptcp_t *pThis = (nsdsel_ptcp_t*) pNsdsel;
+	nsd_ptcp_t *pSock = (nsd_ptcp_t*) pNsd;
+
+	ISOBJ_TYPE_assert(pThis, nsdsel_ptcp);
+	ISOBJ_TYPE_assert(pSock, nsd_ptcp);
+	assert(pbIsReady != NULL);
+
+	switch(waitOp) {
+		case NSDSEL_RD:
+			*pbIsReady = FD_ISSET(pSock->sock, &pThis->readfds);
+			break;
+		case NSDSEL_WR:
+			*pbIsReady = FD_ISSET(pSock->sock, &pThis->writefds);
+			break;
+		case NSDSEL_RDWR:
+			*pbIsReady =   FD_ISSET(pSock->sock, &pThis->readfds)
+				     | FD_ISSET(pSock->sock, &pThis->writefds);
+			break;
+	}
+
+	RETiRet;
+}
+
+
+/* ------------------------------ end support for the select() interface ------------------------------ */
+
+
+/* queryInterface function */
+BEGINobjQueryInterface(nsdsel_ptcp)
+CODESTARTobjQueryInterface(nsdsel_ptcp)
+	if(pIf->ifVersion != nsdCURR_IF_VERSION) {/* check for current version, increment on each change */
+		ABORT_FINALIZE(RS_RET_INTERFACE_NOT_SUPPORTED);
+	}
+
+	/* ok, we have the right interface, so let's fill it
+	 * Please note that we may also do some backwards-compatibility
+	 * work here (if we can support an older interface version - that,
+	 * of course, also affects the "if" above).
+	 */
+	pIf->Construct = (rsRetVal(*)(nsdsel_t**)) nsdsel_ptcpConstruct;
+	pIf->Destruct = (rsRetVal(*)(nsdsel_t**)) nsdsel_ptcpDestruct;
+	pIf->Add = Add;
+	pIf->Select = Select;
+	pIf->IsReady = IsReady;
+finalize_it:
+ENDobjQueryInterface(nsdsel_ptcp)
+
+
+/* exit our class
+ */
+BEGINObjClassExit(nsdsel_ptcp, OBJ_IS_LOADABLE_MODULE) /* CHANGE class also in END MACRO! */
+CODESTARTObjClassExit(nsdsel_ptcp)
+	/* release objects we no longer need */
+	objRelease(glbl, CORE_COMPONENT);
+	objRelease(errmsg, CORE_COMPONENT);
+ENDObjClassExit(nsdsel_ptcp)
+
+
+/* Initialize the nsdsel_ptcp class. Must be called as the very first method
+ * before anything else is called inside this class.
+ * rgerhards, 2008-02-19
+ */
+BEGINObjClassInit(nsdsel_ptcp, 1, OBJ_IS_LOADABLE_MODULE) /* class, version */
+	/* request objects we use */
+	CHKiRet(objUse(errmsg, CORE_COMPONENT));
+	CHKiRet(objUse(glbl, CORE_COMPONENT));
+
+	/* set our own handlers */
+ENDObjClassInit(nsdsel_ptcp)
+
+
+/* --------------- here now comes the plumbing that makes as a library module --------------- */
+
+
+BEGINmodExit
+CODESTARTmodExit
+	nsdsel_ptcpClassExit();
+ENDmodExit
+
+
+BEGINqueryEtryPt
+CODESTARTqueryEtryPt
+CODEqueryEtryPt_STD_LIB_QUERIES
+ENDqueryEtryPt
+
+
+BEGINmodInit()
+CODESTARTmodInit
+	*ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */
+
+	/* Initialize all classes that are in our module - this includes ourselfs */
+	CHKiRet(nsdsel_ptcpClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */
+ENDmodInit
+/* vi:set ai:
+ */
diff --git a/runtime/nsdsel_ptcp.h b/runtime/nsdsel_ptcp.h
new file mode 100644
index 00000000..93874e55
--- /dev/null
+++ b/runtime/nsdsel_ptcp.h
@@ -0,0 +1,47 @@
+/* An implementation of the nsd select interface for plain tcp sockets.
+ *
+ * Copyright 2008 Rainer Gerhards and Adiscon GmbH.
+ *
+ * This file is part of the rsyslog runtime library.
+ *
+ * The rsyslog runtime library is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * The rsyslog runtime library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the rsyslog runtime library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * A copy of the GPL can be found in the file "COPYING" in this distribution.
+ * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution.
+ */
+
+#ifndef INCLUDED_NSDSEL_PTCP_H
+#define INCLUDED_NSDSEL_PTCP_H
+
+#include "nsd.h"
+typedef nsdsel_if_t nsdsel_ptcp_if_t; /* we just *implement* this interface */
+
+/* the nsdsel_ptcp object */
+struct nsdsel_ptcp_s {
+	BEGINobjInstance;	/* Data to implement generic object - MUST be the first data element! */
+	int maxfds;
+	fd_set readfds;
+	fd_set writefds;
+};
+
+/* interface is defined in nsd.h, we just implement it! */
+#define nsdsel_ptcpCURR_IF_VERSION nsdCURR_IF_VERSION
+
+/* prototypes */
+PROTOTYPEObj(nsdsel_ptcp);
+
+/* the name of our library binary */
+#define LM_NSDSEL_PTCP_FILENAME "lmnsdsel_ptcp"
+
+#endif /* #ifndef INCLUDED_NSDSEL_PTCP_H */
diff --git a/runtime/nssel.c b/runtime/nssel.c
new file mode 100644
index 00000000..5333fc75
--- /dev/null
+++ b/runtime/nssel.c
@@ -0,0 +1,229 @@
+/* nssel.c
+ *
+ * The io waiter is a helper object enabling us to wait on a set of streams to become
+ * ready for IO - this is modelled after select(). We need this, because
+ * stream drivers may have different concepts. Consequently,
+ * the structure must contain nsd_t's from the same stream driver type
+ * only. This is implemented as a singly-linked list where every
+ * new element is added at the top of the list.
+ * 
+ * Work on this module begun 2008-04-22 by Rainer Gerhards.
+ *
+ * Copyright 2008 Rainer Gerhards and Adiscon GmbH.
+ *
+ * This file is part of the rsyslog runtime library.
+ *
+ * The rsyslog runtime library is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * The rsyslog runtime library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the rsyslog runtime library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * A copy of the GPL can be found in the file "COPYING" in this distribution.
+ * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution.
+ */
+#include "config.h"
+
+#include "rsyslog.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <errno.h>
+#include <string.h>
+
+#include "rsyslog.h"
+#include "obj.h"
+#include "module-template.h"
+#include "netstrm.h"
+#include "nssel.h"
+
+MODULE_TYPE_LIB
+
+/* static data */
+DEFobjStaticHelpers
+DEFobjCurrIf(glbl)
+
+
+/* load our low-level driver. This must be done before any
+ * driver-specific functions (allmost all...) can be carried
+ * out. Note that the driver's .ifIsLoaded is correctly
+ * initialized by calloc() and we depend on that.
+ * rgerhards, 2008-04-18
+ */
+static rsRetVal
+loadDrvr(nssel_t *pThis)
+{
+	uchar *pDrvrName;
+	DEFiRet;
+
+	pDrvrName = pThis->pDrvrName;
+	if(pDrvrName == NULL) /* if no drvr name is set, use system default */
+		pDrvrName = glbl.GetDfltNetstrmDrvr();
+
+	pThis->Drvr.ifVersion = nsdCURR_IF_VERSION;
+	/* The pDrvrName+2 below is a hack to obtain the object name. It 
+	 * safes us to have yet another variable with the name without "lm" in
+	 * front of it. If we change the module load interface, we may re-think
+	 * about this hack, but for the time being it is efficient and clean
+	 * enough. -- rgerhards, 2008-04-18
+	 */
+	//CHKiRet(obj.UseObj(__FILE__, pDrvrName+2, pDrvrName, (void*) &pThis->Drvr));
+	CHKiRet(obj.UseObj(__FILE__, "nsdsel_gtls", "lmnsdsel_gtls", (void*) &pThis->Drvr));
+finalize_it:
+	RETiRet;
+}
+
+
+/* Standard-Constructor */
+BEGINobjConstruct(nssel) /* be sure to specify the object type also in END macro! */
+ENDobjConstruct(nssel)
+
+
+/* destructor for the nssel object */
+BEGINobjDestruct(nssel) /* be sure to specify the object type also in END and CODESTART macros! */
+CODESTARTobjDestruct(nssel)
+	if(pThis->pDrvrData != NULL)
+		pThis->Drvr.Destruct(&pThis->pDrvrData);
+ENDobjDestruct(nssel)
+
+
+/* ConstructionFinalizer */
+static rsRetVal
+ConstructFinalize(nssel_t *pThis)
+{
+	DEFiRet;
+	ISOBJ_TYPE_assert(pThis, nssel);
+	CHKiRet(loadDrvr(pThis));
+	CHKiRet(pThis->Drvr.Construct(&pThis->pDrvrData));
+finalize_it:
+	RETiRet;
+}
+
+
+/* Add a stream object to the current select() set.
+ * Note that a single stream may have multiple "sockets" if
+ * it is a listener. If so, all of them are begin added.
+ */
+static rsRetVal
+Add(nssel_t *pThis, netstrm_t *pStrm, nsdsel_waitOp_t waitOp)
+{
+	DEFiRet;
+
+	ISOBJ_TYPE_assert(pThis, nssel);
+	ISOBJ_TYPE_assert(pStrm, netstrm);
+	
+	CHKiRet(pThis->Drvr.Add(pThis->pDrvrData, pStrm->pDrvrData, waitOp));
+
+finalize_it:
+	RETiRet;
+}
+
+
+/* wait for IO to happen on one of our netstreams. iNumReady has
+ * the number of ready "sockets" after the call. This function blocks
+ * until some are ready. EAGAIN is retried.
+ */
+static rsRetVal
+Wait(nssel_t *pThis, int *piNumReady)
+{
+	DEFiRet;
+	ISOBJ_TYPE_assert(pThis, nssel);
+	assert(piNumReady != NULL);
+	iRet = pThis->Drvr.Select(pThis->pDrvrData, piNumReady);
+	RETiRet;
+}
+
+
+/* Check if a stream is ready for IO. *piNumReady contains the remaining number
+ * of ready streams. Note that this function may say the stream is not ready
+ * but still decrement *piNumReady. This can happen when (e.g. with TLS) the low
+ * level driver requires some IO which is hidden from the upper layer point of view.
+ * rgerhards, 2008-04-23
+ */
+static rsRetVal
+IsReady(nssel_t *pThis, netstrm_t *pStrm, nsdsel_waitOp_t waitOp, int *pbIsReady, int *piNumReady)
+{
+	DEFiRet;
+	ISOBJ_TYPE_assert(pThis, nssel);
+	ISOBJ_TYPE_assert(pStrm, netstrm);
+	assert(pbIsReady != NULL);
+	assert(piNumReady != NULL);
+	iRet = pThis->Drvr.IsReady(pThis->pDrvrData, pStrm->pDrvrData, waitOp, pbIsReady);
+	RETiRet;
+}
+
+
+/* queryInterface function */
+BEGINobjQueryInterface(nssel)
+CODESTARTobjQueryInterface(nssel)
+	if(pIf->ifVersion != nsselCURR_IF_VERSION) {/* check for current version, increment on each change */
+		ABORT_FINALIZE(RS_RET_INTERFACE_NOT_SUPPORTED);
+	}
+
+	/* ok, we have the right interface, so let's fill it
+	 * Please note that we may also do some backwards-compatibility
+	 * work here (if we can support an older interface version - that,
+	 * of course, also affects the "if" above).
+	 */
+	pIf->Construct = nsselConstruct;
+	pIf->ConstructFinalize = ConstructFinalize;
+	pIf->Destruct = nsselDestruct;
+	pIf->Add = Add;
+	pIf->Wait = Wait;
+	pIf->IsReady = IsReady;
+finalize_it:
+ENDobjQueryInterface(nssel)
+
+
+/* exit our class
+ */
+BEGINObjClassExit(nssel, OBJ_IS_LOADABLE_MODULE) /* CHANGE class also in END MACRO! */
+CODESTARTObjClassExit(nssel)
+	/* release objects we no longer need */
+	objRelease(glbl, CORE_COMPONENT);
+ENDObjClassExit(nssel)
+
+
+/* Initialize the nssel class. Must be called as the very first method
+ * before anything else is called inside this class.
+ * rgerhards, 2008-02-19
+ */
+BEGINObjClassInit(nssel, 1, OBJ_IS_CORE_MODULE) /* class, version */
+	/* request objects we use */
+	CHKiRet(objUse(glbl, CORE_COMPONENT));
+
+	/* set our own handlers */
+ENDObjClassInit(nssel)
+
+
+/* --------------- here now comes the plumbing that makes us a library module --------------- */
+
+
+BEGINmodExit
+CODESTARTmodExit
+	nsselClassExit();
+ENDmodExit
+
+
+BEGINqueryEtryPt
+CODESTARTqueryEtryPt
+CODEqueryEtryPt_STD_LIB_QUERIES
+ENDqueryEtryPt
+
+
+BEGINmodInit()
+CODESTARTmodInit
+	*ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */
+
+	/* Initialize all classes that are in our module - this includes ourselfs */
+	CHKiRet(nsselClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */
+ENDmodInit
+/* vi:set ai:
+ */
diff --git a/runtime/nssel.h b/runtime/nssel.h
new file mode 100644
index 00000000..2f907caa
--- /dev/null
+++ b/runtime/nssel.h
@@ -0,0 +1,55 @@
+/* Definitions for the nssel IO waiter.
+ *
+ * Copyright 2008 Rainer Gerhards and Adiscon GmbH.
+ *
+ * This file is part of the rsyslog runtime library.
+ *
+ * The rsyslog runtime library is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * The rsyslog runtime library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the rsyslog runtime library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * A copy of the GPL can be found in the file "COPYING" in this distribution.
+ * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution.
+ */
+
+#ifndef INCLUDED_NSSEL_H
+#define INCLUDED_NSSEL_H
+
+#include "nsd.h"
+
+/* the nssel object */
+struct nssel_s {
+	BEGINobjInstance;	/* Data to implement generic object - MUST be the first data element! */
+	nsd_t *pDrvrData;	/**< the driver's data elements */
+	uchar *pDrvrName;	/**< nsd driver name to use, or NULL if system default */
+	nsdsel_if_t Drvr;	/**< our stream driver */
+};
+
+
+/* interface */
+BEGINinterface(nssel) /* name must also be changed in ENDinterface macro! */
+	rsRetVal (*Construct)(nssel_t **ppThis);
+	rsRetVal (*ConstructFinalize)(nssel_t *pThis);
+	rsRetVal (*Destruct)(nssel_t **ppThis);
+	rsRetVal (*Add)(nssel_t *pThis, netstrm_t *pStrm, nsdsel_waitOp_t waitOp);
+	rsRetVal (*Wait)(nssel_t *pThis, int *pNumReady);
+	rsRetVal (*IsReady)(nssel_t *pThis, netstrm_t *pStrm, nsdsel_waitOp_t waitOp, int *pbIsReady, int *piNumReady);
+ENDinterface(nssel)
+#define nsselCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */
+
+/* prototypes */
+PROTOTYPEObj(nssel);
+
+/* the name of our library binary */
+#define LM_NSSEL_FILENAME "lmnssel"
+
+#endif /* #ifndef INCLUDED_NSSEL_H */
diff --git a/runtime/obj-types.h b/runtime/obj-types.h
index e245b633..5f531eb1 100644
--- a/runtime/obj-types.h
+++ b/runtime/obj-types.h
@@ -81,13 +81,13 @@ struct objInfo_s {
 };
 
 
-typedef struct obj {	/* the dummy struct that each derived class can be casted to */
+struct obj_s {	/* the dummy struct that each derived class can be casted to */
 	objInfo_t *pObjInfo;
 #ifndef NDEBUG /* this means if debug... */
 	unsigned int iObjCooCKiE; /* must always be 0xBADEFEE for a valid object */
 #endif
 	uchar *pszName;		/* the name of *this* specific object instance */
-} obj_t;
+};
 
 
 /* macros which must be gloablly-visible (because they are used during definition of
@@ -106,8 +106,12 @@ typedef struct obj {	/* the dummy struct that each derived class can be casted t
 		do { \
 		ASSERT(pObj != NULL); \
 		ASSERT((unsigned) ((obj_t*) (pObj))->iObjCooCKiE == (unsigned) 0xBADEFEE); \
-		ASSERT(!strcmp((char*)(((obj_t*)pObj)->pObjInfo->pszID), #objType)); \
-		} while(0);
+		if(strcmp((char*)(((obj_t*)pObj)->pObjInfo->pszID), #objType)) { \
+			dbgprintf("%s:%d ISOBJ assert failure: invalid object type, expected '%s' " \
+				  "actual '%s'\n", __FILE__, __LINE__, #objType, (((obj_t*)pObj)->pObjInfo->pszID)); \
+			assert(0); /* trigger assertion, messge we already have */ \
+		} \
+		} while(0)
 #else /* non-debug mode, no checks but much faster */
 #	define BEGINobjInstance obj_t objData
 #	define ISOBJ_TYPE_assert(pObj, objType)
@@ -377,9 +381,6 @@ rsRetVal objName##ClassExit(void) \
  */
 #define CORE_COMPONENT NULL /* use this to indicate this is a core component */
 #define DONT_LOAD_LIB NULL /* do not load a library to obtain object interface (currently same as CORE_COMPONENT) */
-/*#define objUse(objName, MYLIB, FILENAME) \
-	obj.UseObj(__FILE__, (uchar*)#objName, MYLIB, (uchar*)FILENAME, (void*) &objName)
-*/
 #define objUse(objName, FILENAME) \
 	obj.UseObj(__FILE__, (uchar*)#objName, (uchar*)FILENAME, (void*) &objName)
 #define objRelease(objName, FILENAME) \
diff --git a/runtime/obj.c b/runtime/obj.c
index 8ab606f9..18a4a726 100644
--- a/runtime/obj.c
+++ b/runtime/obj.c
@@ -1198,7 +1198,7 @@ ReleaseObj(char *srcFile, uchar *pObjName, uchar *pObjFile, interface_t *pIf)
 		FINALIZE; /* if it is not a lodable module, we do not need to do anything... */
 
 	if(pIf->ifIsLoaded == 0) {
-		ABORT_FINALIZE(RS_RET_OK); /* we are already set */ /* TODO: flag an error? */
+		ABORT_FINALIZE(RS_RET_OK); /* we are not loaded - this is perfectly OK... */
 	}
 	if(pIf->ifIsLoaded == 2) {
 		pIf->ifIsLoaded = 0; /* clean up */
diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h
index 89ae1e66..19fda468 100644
--- a/runtime/rsyslog.h
+++ b/runtime/rsyslog.h
@@ -61,13 +61,27 @@
 /* define some base data types */
 typedef unsigned char uchar;/* get rid of the unhandy "unsigned char" */
 typedef struct thrdInfo thrdInfo_t;
-typedef struct filed selector_t;	/* TODO: this so far resides in syslogd.c, think about modularization */
+typedef struct obj_s obj_t;
+typedef struct filed selector_t;/* TODO: this so far resides in syslogd.c, think about modularization */
 typedef struct NetAddr netAddr_t;
+typedef struct netstrms_s netstrms_t;
+typedef struct netstrm_s netstrm_t;
+typedef struct nssel_s nssel_t;
+typedef enum nsdsel_waitOp_e nsdsel_waitOp_t;
+typedef struct nsd_ptcp_s nsd_ptcp_t;
+typedef struct nsd_gtls_s nsd_gtls_t;
+typedef struct nsd_gsspi_s nsd_gsspi_t;
+typedef struct nsd_nss_s nsd_nss_t;
+typedef struct nsdsel_ptcp_s nsdsel_ptcp_t;
+typedef struct nsdsel_gtls_s nsdsel_gtls_t;
+typedef obj_t nsd_t;
+typedef obj_t nsdsel_t;
 typedef struct msg msg_t;
 typedef struct interface_s interface_t;
 typedef struct objInfo_s objInfo_t;
 typedef enum rsRetVal_ rsRetVal; /**< friendly type for global return value */
 typedef rsRetVal (*errLogFunc_t)(uchar*); /* this is a trick to store a function ptr to a function returning a function ptr... */
+typedef struct tcpsrv_s tcpsrv_t;
 
 /* some universal 64 bit define... */
 typedef long long int64;
@@ -197,6 +211,14 @@ enum rsRetVal_				/** return value. All methods return this if not specified oth
 	RS_RET_MAIL_NO_TO = -2071, /**< recipient for mail destination is missing */
 	RS_RET_MAIL_NO_FROM = -2072, /**< sender for mail destination is missing */
 	RS_RET_INVALID_PRI = -2073, /**< PRI value is invalid */
+	RS_RET_MALICIOUS_HNAME = -2074, /**< remote peer is trying malicious things with its hostname */
+	RS_RET_ACCEPT_ERR = -2074, /**< error during accept() system call */
+	RS_RET_INVALID_HNAME = -2075, /**< remote peer's hostname invalid or unobtainable */
+	RS_RET_INVALID_PORT = -2076, /**< invalid port value */
+	RS_RET_COULD_NOT_BIND = -2077, /**< could not bind socket, defunct */
+	RS_RET_GNUTLS_ERR = -2078, /**< (unexpected) error in GnuTLS call */
+	RS_RET_MAX_SESS_REACHED = -2079, /**< max nbr of sessions reached, can not create more */
+	RS_RET_MAX_LSTN_REACHED = -2080, /**< max nbr of listeners reached, can not create more */
 
 	/* RainerScript error messages (range 1000.. 1999) */
 	RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */