From e7d4ec890b42ceb0ab9bb4ee5ecc9a9e489c7388 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Wed, 11 Aug 2010 14:38:21 +0200 Subject: imptcp: added $InputPTCPServerNotifyOnConnectionClose directive plus some minor cleanup --- doc/imptcp.html | 3 --- plugins/imptcp/imptcp.c | 13 ++++++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/doc/imptcp.html b/doc/imptcp.html index 913563a5..c63ddc34 100644 --- a/doc/imptcp.html +++ b/doc/imptcp.html @@ -45,10 +45,7 @@ That would require much more code changes, which I was unable to do so far. Full can be found at the Cisco tcp syslog anomaly page.
  • $InputPTCPServerNotifyOnConnectionClose [on/off]
    -CURRENTLY DISABLED
    instructs imptcp to emit a message if the remote peer closes a connection.
    -Important: This directive is global to all listeners and must be given right -after loading imptcp, otherwise it may have no effect.
  • $InputPTCPServerRun <port>
    Starts a TCP server on selected port
  • $InputPTCPServerInputName <name>
    diff --git a/plugins/imptcp/imptcp.c b/plugins/imptcp/imptcp.c index 732590a9..2bceffad 100644 --- a/plugins/imptcp/imptcp.c +++ b/plugins/imptcp/imptcp.c @@ -60,7 +60,6 @@ #include "ruleset.h" #include "msg.h" #include "net.h" /* for permittedPeers, may be removed when this is removed */ -//#include "tcpsrv.h" /* NOTE: we use some defines from this module -- TODO: re-think! */ MODULE_TYPE_INPUT @@ -873,6 +872,7 @@ static rsRetVal addTCPListener(void __attribute__((unused)) *pVal, uchar *pNewVa pSrv->pSess = NULL; pSrv->pLstn = NULL; pSrv->bEmitMsgOnClose = cs.bEmitMsgOnClose; +dbgprintf("imptcp: add srv emitMsgOnClose: %d\n", pSrv->bEmitMsgOnClose); pSrv->port = pNewVal; //pSrv->iAddtlFrameDelim = cs.iAddtlFrameDelim; cs.pszInputName = NULL; /* moved over to pSrv, we do not own */ @@ -931,13 +931,11 @@ lstnActivity(ptcplstn_t *pLstn) prop_t *peerName; prop_t *peerIP; rsRetVal localRet; -int iac = 0; DEFiRet; DBGPRINTF("imptcp: new connection on listen socket %d\n", pLstn->sock); while(1) { localRet = AcceptConnReq(pLstn->sock, &newSock, &peerName, &peerIP); -//if(iac++ > 0) fprintf(stderr, "%d accepts in a row!\n", iac); if(localRet == RS_RET_NO_MORE_DATA) break; CHKiRet(localRet); @@ -958,14 +956,12 @@ sessActivity(ptcpsess_t *pSess) int lenRcv; int lenBuf; DEFiRet; -int iac = 0; DBGPRINTF("imptcp: new activity on session socket %d\n", pSess->sock); while(1) { lenBuf = sizeof(rcvBuf); lenRcv = recv(pSess->sock, rcvBuf, lenBuf, 0); -//if(iac++ > 1) fprintf(stderr, "\n%d recv in a row!\n", iac-1); if(lenRcv > 0) { /* have data, process it */ @@ -973,6 +969,13 @@ int iac = 0; CHKiRet(DataRcvd(pSess, rcvBuf, lenRcv)); } else if (lenRcv == 0) { /* session was closed, do clean-up */ + if(pSess->pSrv->bEmitMsgOnClose) { + uchar *peerName; + int lenPeer; + prop.GetString(pSess->peerName, &peerName, &lenPeer); + errmsg.LogError(0, RS_RET_PEER_CLOSED_CONN, "imptcp session %d closed by remote peer %s.\n", + pSess->sock, peerName); + } CHKiRet(closeSess(pSess)); break; } else { -- cgit From 4bf834bad6640b5670959ce0c21557bf5923bb2b Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Wed, 11 Aug 2010 14:40:57 +0200 Subject: fixed minor issue: imptcp did a close(-1) on each accept --- plugins/imptcp/imptcp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plugins/imptcp/imptcp.c b/plugins/imptcp/imptcp.c index 2bceffad..975d3e89 100644 --- a/plugins/imptcp/imptcp.c +++ b/plugins/imptcp/imptcp.c @@ -458,7 +458,8 @@ AcceptConnReq(int sock, int *newSock, prop_t **peerName, prop_t **peerIP) finalize_it: if(iRet != RS_RET_OK) { /* the close may be redundant, but that doesn't hurt... */ - close(iNewSock); + if(iNewSock != -1) + close(iNewSock); } RETiRet; -- cgit From 809ed1768b83bc0c5392f943f4820523494e8285 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Wed, 11 Aug 2010 15:06:50 +0200 Subject: imptcp: added $InputPTCPServerAddtlFrameDelimiter directive also improved testbench --- doc/imptcp.html | 3 +-- plugins/imptcp/imptcp.c | 13 ++++++++----- tests/Makefile.am | 6 ++++++ tests/imptcp_addtlframedelim.sh | 14 ++++++++++++++ tests/imtcp_addtlframedelim.sh | 14 ++++++++++++++ tests/tcpflood.c | 14 +++++++++----- tests/testsuites/imptcp_addtlframedelim.conf | 13 +++++++++++++ tests/testsuites/imtcp_addtlframedelim.conf | 13 +++++++++++++ 8 files changed, 78 insertions(+), 12 deletions(-) create mode 100755 tests/imptcp_addtlframedelim.sh create mode 100755 tests/imtcp_addtlframedelim.sh create mode 100644 tests/testsuites/imptcp_addtlframedelim.conf create mode 100644 tests/testsuites/imtcp_addtlframedelim.conf diff --git a/doc/imptcp.html b/doc/imptcp.html index c63ddc34..d4228185 100644 --- a/doc/imptcp.html +++ b/doc/imptcp.html @@ -7,7 +7,7 @@

    Plain TCP Syslog Input Module

    Module Name:    imptcp

    -

    Available since: 4.7.3+, 5.5.8+? +

    Available since: 4.7.3+, 5.5.8+

    Author: Rainer Gerhards <rgerhards@adiscon.com>

    Description:

    @@ -24,7 +24,6 @@ specifying $InputPTCPServerRun multiple times. their name instead of just TCP. Note that only a subset of the parameters are supported.
    • $InputPTCPServerAddtlFrameDelimiter <Delimiter>
      -CURRENTLY DISABLED
      This directive permits to specify an additional frame delimiter for plain tcp syslog. The industry-standard specifies using the LF character as frame delimiter. Some vendors, notable Juniper in their NetScreen products, use an invalid frame delimiter, in Juniper's diff --git a/plugins/imptcp/imptcp.c b/plugins/imptcp/imptcp.c index 975d3e89..93906ba0 100644 --- a/plugins/imptcp/imptcp.c +++ b/plugins/imptcp/imptcp.c @@ -61,6 +61,10 @@ #include "msg.h" #include "net.h" /* for permittedPeers, may be removed when this is removed */ +/* the define is from tcpsrv.h, we need to find a new (but easier!!!) abstraction layer some time ... */ +#define TCPSRV_NO_ADDTL_DELIMITER -1 /* specifies that no additional delimiter is to be used in TCP framing */ + + MODULE_TYPE_INPUT /* static data */ @@ -579,7 +583,7 @@ processDataRcvd(ptcpsess_t *pThis, char c, struct syslogTime *stTime, time_t ttG } if(( (c == '\n') - //|| ((pThis->pSrv->addtlFrameDelim != TCPSRV_NO_ADDTL_DELIMITER) && (c == pThis->pSrv->addtlFrameDelim)) + || ((pThis->pSrv->iAddtlFrameDelim != TCPSRV_NO_ADDTL_DELIMITER) && (c == pThis->pSrv->iAddtlFrameDelim)) ) && pThis->eFraming == TCP_FRAMING_OCTET_STUFFING) { /* record delimiter? */ doSubmitMsg(pThis, stTime, ttGenTime, pMultiSub); pThis->inputState = eAtStrtFram; @@ -668,7 +672,7 @@ static inline void initConfigSettings(void) { cs.bEmitMsgOnClose = 0; - //cs.iAddtlFrameDelim = TCPSRV_NO_ADDTL_DELIMITER; + cs.iAddtlFrameDelim = TCPSRV_NO_ADDTL_DELIMITER; cs.pszInputName = NULL; cs.pRuleset = NULL; cs.lstnIP = NULL; @@ -873,9 +877,8 @@ static rsRetVal addTCPListener(void __attribute__((unused)) *pVal, uchar *pNewVa pSrv->pSess = NULL; pSrv->pLstn = NULL; pSrv->bEmitMsgOnClose = cs.bEmitMsgOnClose; -dbgprintf("imptcp: add srv emitMsgOnClose: %d\n", pSrv->bEmitMsgOnClose); pSrv->port = pNewVal; - //pSrv->iAddtlFrameDelim = cs.iAddtlFrameDelim; + pSrv->iAddtlFrameDelim = cs.iAddtlFrameDelim; cs.pszInputName = NULL; /* moved over to pSrv, we do not own */ pSrv->lstnIP = cs.lstnIP; cs.lstnIP = NULL; /* moved over to pSrv, we do not own */ @@ -1121,7 +1124,7 @@ static rsRetVal resetConfigVariables(uchar __attribute__((unused)) *pp, void __attribute__((unused)) *pVal) { cs.bEmitMsgOnClose = 0; - //cs.iAddtlFrameDelim = TCPSRV_NO_ADDTL_DELIMITER; + cs.iAddtlFrameDelim = TCPSRV_NO_ADDTL_DELIMITER; free(cs.pszInputName); cs.pszInputName = NULL; free(cs.lstnIP); diff --git a/tests/Makefile.am b/tests/Makefile.am index b500bc85..8b75a9f2 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -9,8 +9,10 @@ TESTS = $(TESTRUNS) cfg.sh \ manytcp.sh \ manyptcp.sh \ imptcp_large.sh \ + imptcp_addtlframedelim.sh \ imptcp_conndrop.sh \ imtcp_conndrop.sh \ + imtcp_addtlframedelim.sh \ sndrcv.sh \ sndrcv_gzip.sh \ asynwr_simple.sh \ @@ -144,10 +146,14 @@ EXTRA_DIST= 1.rstest 2.rstest 3.rstest err1.rstest \ testsuites/manyptcp.conf \ imptcp_large.sh \ testsuites/imptcp_large.conf \ + imptcp_addtlframedelim.sh \ + testsuites/imptcp_addtlframedelim.conf \ imptcp_conndrop.sh \ testsuites/imptcp_conndrop.conf \ imtcp_conndrop.sh \ testsuites/imtcp_conndrop.conf \ + imtcp_addtlframedelim.sh \ + testsuites/imtcp_addtlframedelim.conf \ inputname.sh \ testsuites/inputname_imtcp.conf \ testsuites/1.inputname_imtcp_12514 \ diff --git a/tests/imptcp_addtlframedelim.sh b/tests/imptcp_addtlframedelim.sh new file mode 100755 index 00000000..b26fc85b --- /dev/null +++ b/tests/imptcp_addtlframedelim.sh @@ -0,0 +1,14 @@ +# added 2010-08-11 by Rgerhards +# +# This file is part of the rsyslog project, released under GPLv3 +echo ==================================================================================== +echo TEST: \[imptcp_addtlframedelim.sh\]: test imptcp additional frame delimiter +cat rsyslog.action.1.include +source $srcdir/diag.sh init +source $srcdir/diag.sh startup imptcp_addtlframedelim.conf +source $srcdir/diag.sh tcpflood -m20000 -F0 -P129 +#sleep 2 # due to large messages, we need this time for the tcp receiver to settle... +source $srcdir/diag.sh shutdown-when-empty # shut down rsyslogd when done processing messages +source $srcdir/diag.sh wait-shutdown # and wait for it to terminate +source $srcdir/diag.sh seq-check 0 19999 +source $srcdir/diag.sh exit diff --git a/tests/imtcp_addtlframedelim.sh b/tests/imtcp_addtlframedelim.sh new file mode 100755 index 00000000..8de7ca58 --- /dev/null +++ b/tests/imtcp_addtlframedelim.sh @@ -0,0 +1,14 @@ +# added 2010-08-11 by Rgerhards +# +# This file is part of the rsyslog project, released under GPLv3 +echo ==================================================================================== +echo TEST: \[imtcp_addtlframedelim.sh\]: test imtcp additional frame delimiter +cat rsyslog.action.1.include +source $srcdir/diag.sh init +source $srcdir/diag.sh startup imtcp_addtlframedelim.conf +source $srcdir/diag.sh tcpflood -m20000 -F0 -P129 +#sleep 2 # due to large messages, we need this time for the tcp receiver to settle... +source $srcdir/diag.sh shutdown-when-empty # shut down rsyslogd when done processing messages +source $srcdir/diag.sh wait-shutdown # and wait for it to terminate +source $srcdir/diag.sh seq-check 0 19999 +source $srcdir/diag.sh exit diff --git a/tests/tcpflood.c b/tests/tcpflood.c index ee43449e..f3aa4e7f 100644 --- a/tests/tcpflood.c +++ b/tests/tcpflood.c @@ -30,6 +30,7 @@ * (C like cycle, running out of meaningful option switches ;)) * -D randomly drop and re-establish connections. Useful for stress-testing * the TCP receiver. + * -F USASCII value for frame delimiter (in octet-stuffing mode), default LF * * Part of the testbench for rsyslog. * @@ -89,6 +90,7 @@ static char *MsgToSend = NULL; /* if non-null, this is the actual message to sen static int bBinaryFile = 0; /* is -I file binary */ static char *dataFile = NULL; /* name of data file, if NULL, generate own data */ static int numFileIterations = 1;/* how often is file data to be sent? */ +static char frameDelim = '\n'; /* default frame delimiter */ FILE *dataFP = NULL; /* file pointer for data file, if used */ static long nConnDrops = 0; /* counter: number of time connection was dropped (-D option) */ @@ -242,8 +244,8 @@ genMsg(char *buf, size_t maxBuf, int *pLenBuf) snprintf(dynFileIDBuf, maxBuf, "%d:", rand() % dynFileIDs); } if(extraDataLen == 0) { - *pLenBuf = snprintf(buf, maxBuf, "<%s>Mar 1 01:00:00 172.20.245.8 tag msgnum:%s%8.8d:\n", - msgPRI, dynFileIDBuf, msgNum); + *pLenBuf = snprintf(buf, maxBuf, "<%s>Mar 1 01:00:00 172.20.245.8 tag msgnum:%s%8.8d:%c", + msgPRI, dynFileIDBuf, msgNum, frameDelim); } else { if(bRandomizeExtraData) edLen = ((long) rand() + extraDataLen) % extraDataLen + 1; @@ -251,8 +253,8 @@ genMsg(char *buf, size_t maxBuf, int *pLenBuf) edLen = extraDataLen; memset(extraData, 'X', edLen); extraData[edLen] = '\0'; - *pLenBuf = snprintf(buf, maxBuf, "<%s>Mar 1 01:00:00 172.20.245.8 tag msgnum:%s%8.8d:%d:%s\n", - msgPRI, dynFileIDBuf, msgNum, edLen, extraData); + *pLenBuf = snprintf(buf, maxBuf, "<%s>Mar 1 01:00:00 172.20.245.8 tag msgnum:%s%8.8d:%d:%s%c", + msgPRI, dynFileIDBuf, msgNum, edLen, extraData, frameDelim); } } else { /* use fixed message format from command line */ @@ -368,7 +370,7 @@ int main(int argc, char *argv[]) if(!isatty(1)) bShowProgress = 0; - while((opt = getopt(argc, argv, "f:t:p:c:C:m:i:I:P:d:Dn:M:rB")) != -1) { + while((opt = getopt(argc, argv, "f:F:t:p:c:C:m:i:I:P:d:Dn:M:rB")) != -1) { switch (opt) { case 't': targetIP = optarg; break; @@ -399,6 +401,8 @@ int main(int argc, char *argv[]) break; case 'f': dynFileIDs = atoi(optarg); break; + case 'F': frameDelim = atoi(optarg); + break; case 'M': MsgToSend = optarg; break; case 'I': dataFile = optarg; diff --git a/tests/testsuites/imptcp_addtlframedelim.conf b/tests/testsuites/imptcp_addtlframedelim.conf new file mode 100644 index 00000000..eb7ed0c4 --- /dev/null +++ b/tests/testsuites/imptcp_addtlframedelim.conf @@ -0,0 +1,13 @@ +$IncludeConfig diag-common.conf + +$ModLoad ../plugins/imptcp/.libs/imptcp +$MainMsgQueueTimeoutShutdown 10000 +$InputPTCPServerAddtlFrameDelimiter 0 +$InputPTCPServerRun 13514 + +$template outfmt,"%msg:F,58:2%\n" +$OMFileFlushOnTXEnd off +$OMFileFlushInterval 2 +$OMFileIOBufferSize 256k +$IncludeConfig rsyslog.action.1.include +local0.* ./rsyslog.out.log;outfmt diff --git a/tests/testsuites/imtcp_addtlframedelim.conf b/tests/testsuites/imtcp_addtlframedelim.conf new file mode 100644 index 00000000..3b4759c5 --- /dev/null +++ b/tests/testsuites/imtcp_addtlframedelim.conf @@ -0,0 +1,13 @@ +$IncludeConfig diag-common.conf + +$ModLoad ../plugins/imtcp/.libs/imtcp +$MainMsgQueueTimeoutShutdown 10000 +$InputTCPServerAddtlFrameDelimiter 0 +$InputTCPServerRun 13514 + +$template outfmt,"%msg:F,58:2%\n" +$OMFileFlushOnTXEnd off +$OMFileFlushInterval 2 +$OMFileIOBufferSize 256k +$IncludeConfig rsyslog.action.1.include +local0.* ./rsyslog.out.log;outfmt -- cgit