From 730c46fed808e269fa40ff542001c98228a3dd0b Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 10 Apr 2008 14:48:29 +0200 Subject: removed openssl configure check we will use our own abstraction layer --- configure.ac | 37 ------------------------------------- 1 file changed, 37 deletions(-) diff --git a/configure.ac b/configure.ac index a938eae2..280d6404 100644 --- a/configure.ac +++ b/configure.ac @@ -413,42 +413,6 @@ AC_SUBST(libdbi_cflags) AC_SUBST(libdbi_libs) -# openssl support -AC_ARG_ENABLE(openssl, - [AS_HELP_STRING([--enable-openssl],[Enable openssl support @<:@default=yes@:>@])], - [case "${enableval}" in - yes) enable_openssl="yes" ;; - no) enable_openssl="no" ;; - *) AC_MSG_ERROR(bad value ${enableval} for --enable-openssl) ;; - esac], - [enable_openssl=no] -) -if test "x$enable_openssl" = "xyes"; then - AC_CHECK_HEADERS( - [openssl/ssl.h],, - [AC_MSG_FAILURE([openssl is missing])] - ) - AC_CHECK_LIB( - [crypto], - [CRYPTO_new_ex_data], - [openssl_cflags="" - openssl_libs="-lcrypto" - ], - [AC_MSG_FAILURE([library 'crypto' is missing (needed for openssl)])] - ) - AC_CHECK_LIB( - [ssl], - [SSL_library_init], - [ openssl_libs+="-lssl" - ], - [AC_MSG_FAILURE([library 'ssl' is missing (needed for openssl)])] - ) -fi -AM_CONDITIONAL(ENABLE_OPENSSL, test x$enable_openssl = xyes) -AC_SUBST(openssl_cflags) -AC_SUBST(openssl_libs) - - # SNMP support AC_ARG_ENABLE(snmp, [AS_HELP_STRING([--enable-snmp],[Enable SNMP support @<:@default=no@:>@])], @@ -635,7 +599,6 @@ echo "Networking support enabled: $enable_inet" echo "Enable GSSAPI Kerberos 5 support: $want_gssapi_krb5" echo "Debug mode enabled: $enable_debug" echo "Runtime Instrumentation enabled: $enable_rtinst" -echo "openssl enabled: $enable_openssl" echo "valgrind support settings enabled: $enable_valgrind" echo "rsyslogd will be built: $enable_rsyslogd" -- cgit From 92303d400ba83eaf150054d2cf5ce4906578bed0 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 17 Apr 2008 14:33:43 +0200 Subject: added new "netstrm" class (not yet implemented) --- runtime/Makefile.am | 11 +- runtime/net.c | 1 - runtime/netstrm.c | 284 ++++++++++++++++++++++++++++++++++++++++++++++++++++ runtime/netstrm.h | 44 ++++++++ runtime/rsyslog.h | 3 +- tcpsrv.c | 1 - 6 files changed, 338 insertions(+), 6 deletions(-) create mode 100644 runtime/netstrm.c create mode 100644 runtime/netstrm.h diff --git a/runtime/Makefile.am b/runtime/Makefile.am index 73418fdf..400d78c0 100644 --- a/runtime/Makefile.am +++ b/runtime/Makefile.am @@ -75,18 +75,23 @@ if ENABLE_REGEXP pkglib_LTLIBRARIES += lmregexp.la lmregexp_la_SOURCES = regexp.c regexp.h lmregexp_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags) -lmregexp_la_LDFLAGS = -module -avoid-version $(rsrt_libs) +lmregexp_la_LDFLAGS = -module -avoid-version lmregexp_la_LIBADD = endif if ENABLE_INET -pkglib_LTLIBRARIES += lmnet.la +pkglib_LTLIBRARIES += lmnet.la lmnetstrm.la # # network support # lmnet_la_SOURCES = net.c net.h lmnet_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags) -lmnet_la_LDFLAGS = -module -avoid-version $(rsrt_libs) +lmnet_la_LDFLAGS = -module -avoid-version lmnet_la_LIBADD = +# network streams +lmnetstrm_la_SOURCES = netstrm.c netstrm.h +lmnetstrm_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags) +lmnetstrm_la_LDFLAGS = -module -avoid-version +lmnetstrm_la_LIBADD = endif # if ENABLE_INET diff --git a/runtime/net.c b/runtime/net.c index 0c02eed4..1d085290 100644 --- a/runtime/net.c +++ b/runtime/net.c @@ -666,7 +666,6 @@ gethname(struct sockaddr_storage *f, uchar *pszHostFQDN) if (error == 0) { memset (&hints, 0, sizeof (struct addrinfo)); hints.ai_flags = AI_NUMERICHOST; - hints.ai_socktype = SOCK_DGRAM; /* we now do a lookup once again. This one should fail, * because we should not have obtained a non-numeric address. If diff --git a/runtime/netstrm.c b/runtime/netstrm.c new file mode 100644 index 00000000..0afb4a5e --- /dev/null +++ b/runtime/netstrm.c @@ -0,0 +1,284 @@ +/* netstrmstrm.c + * + * This class implements a generic netstrmwork stream class. It supports + * sending and receiving data streams over a netstrmwork. The class abstracts + * the transport, though it is a safe assumption that TCP is being used. + * The class has a number of properties, among which are also ones to + * select privacy settings, eg by enabling TLS and/or GSSAPI. In the + * long run, this class shall provide all stream-oriented netstrmwork + * functionality inside rsyslog. + * + * It is a high-level class, which uses a number of helper objects + * to carry out its work (including, and most importantly, transport + * drivers). + * + * Copyright 2007, 2008 Rainer Gerhards and Adiscon GmbH. + * + * This file is part of the rsyslog runtime library. + * + * The rsyslog runtime library is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * The rsyslog runtime library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the rsyslog runtime library. If not, see . + * + * A copy of the GPL can be found in the file "COPYING" in this distribution. + * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution. + */ +#include "config.h" + +#include "rsyslog.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "syslogd-types.h" +#include "module-template.h" +#include "parse.h" +#include "srUtils.h" +#include "obj.h" +#include "errmsg.h" +#include "netstrm.h" + +MODULE_TYPE_LIB + +/* static data */ +DEFobjStaticHelpers +DEFobjCurrIf(errmsg) +DEFobjCurrIf(glbl) + + +/* The following #ifdef sequence is a small compatibility + * layer. It tries to work around the different availality + * levels of SO_BSDCOMPAT on linuxes... + * I borrowed this code from + * http://www.erlang.org/ml-archive/erlang-questions/200307/msg00037.html + * It still needs to be a bit better adapted to rsyslog. + * rgerhards 2005-09-19 + */ +#include +static int +should_use_so_bsdcompat(void) +{ +#ifndef OS_BSD + static int init_done; + static int so_bsdcompat_is_obsolete; + + if (!init_done) { + struct utsname myutsname; + unsigned int version, patchlevel; + + init_done = 1; + if (uname(&myutsname) < 0) { + char errStr[1024]; + dbgprintf("uname: %s\r\n", rs_strerror_r(errno, errStr, sizeof(errStr))); + return 1; + } + /* Format is .. + where the first three are unsigned integers and the last + is an arbitrary string. We only care about the first two. */ + if (sscanf(myutsname.release, "%u.%u", &version, &patchlevel) != 2) { + dbgprintf("uname: unexpected release '%s'\r\n", + myutsname.release); + return 1; + } + /* SO_BSCOMPAT is deprecated and triggers warnings in 2.5 + kernels. It is a no-op in 2.4 but not in 2.2 kernels. */ + if (version > 2 || (version == 2 && patchlevel >= 5)) + so_bsdcompat_is_obsolete = 1; + } + return !so_bsdcompat_is_obsolete; +#else /* #ifndef OS_BSD */ + return 1; +#endif /* #ifndef OS_BSD */ +} +#ifndef SO_BSDCOMPAT +/* this shall prevent compiler errors due to undfined name */ +#define SO_BSDCOMPAT 0 +#endif + + +/* get the hostname of the message source. This was originally in cvthname() + * but has been moved out of it because of clarity and fuctional separation. + * It must be provided by the socket we received the message on as well as + * a NI_MAXHOST size large character buffer for the FQDN. + * + * Please see http://www.hmug.org/man/3/getnameinfo.php (under Caveats) + * for some explanation of the code found below. We do by default not + * discard message where we detected malicouos DNS PTR records. However, + * there is a user-configurabel option that will tell us if + * we should abort. For this, the return value tells the caller if the + * message should be processed (1) or discarded (0). + */ +static rsRetVal +gethname(struct sockaddr_storage *f, uchar *pszHostFQDN) +{ + DEFiRet; + int error; + sigset_t omask, nmask; + char ip[NI_MAXHOST]; + struct addrinfo hints, *res; + + assert(f != NULL); + assert(pszHostFQDN != NULL); + + error = getnameinfo((struct sockaddr *)f, SALEN((struct sockaddr *)f), + ip, sizeof ip, NULL, 0, NI_NUMERICHOST); + + if (error) { + dbgprintf("Malformed from address %s\n", gai_strerror(error)); + strcpy((char*) pszHostFQDN, "???"); + ABORT_FINALIZE(RS_RET_INVALID_SOURCE); + } + + if(!glbl.GetDisableDNS()) { + sigemptyset(&nmask); + sigaddset(&nmask, SIGHUP); + pthread_sigmask(SIG_BLOCK, &nmask, &omask); + + error = getnameinfo((struct sockaddr *)f, SALEN((struct sockaddr *) f), + (char*)pszHostFQDN, NI_MAXHOST, NULL, 0, NI_NAMEREQD); + + if (error == 0) { + memset (&hints, 0, sizeof (struct addrinfo)); + hints.ai_flags = AI_NUMERICHOST; + hints.ai_socktype = SOCK_STREAM; + + /* we now do a lookup once again. This one should fail, + * because we should not have obtained a non-numeric address. If + * we got a numeric one, someone messed with DNS! + */ + if (getaddrinfo ((char*)pszHostFQDN, NULL, &hints, &res) == 0) { + uchar szErrMsg[1024]; + freeaddrinfo (res); + /* OK, we know we have evil. The question now is what to do about + * it. One the one hand, the message might probably be intended + * to harm us. On the other hand, losing the message may also harm us. + * Thus, the behaviour is controlled by the $DropMsgsWithMaliciousDnsPTRRecords + * option. If it tells us we should discard, we do so, else we proceed, + * but log an error message together with it. + * time being, we simply drop the name we obtained and use the IP - that one + * is OK in any way. We do also log the error message. rgerhards, 2007-07-16 + */ + if(glbl.GetDropMalPTRMsgs() == 1) { + snprintf((char*)szErrMsg, sizeof(szErrMsg) / sizeof(uchar), + "Malicious PTR record, message dropped " + "IP = \"%s\" HOST = \"%s\"", + ip, pszHostFQDN); + errmsg.LogError(NO_ERRCODE, "%s", szErrMsg); + pthread_sigmask(SIG_SETMASK, &omask, NULL); + ABORT_FINALIZE(RS_RET_MALICIOUS_ENTITY); + } + + /* Please note: we deal with a malicous entry. Thus, we have crafted + * the snprintf() below so that all text is in front of the entry - maybe + * it contains characters that make the message unreadable + * (OK, I admit this is more or less impossible, but I am paranoid...) + * rgerhards, 2007-07-16 + */ + snprintf((char*)szErrMsg, sizeof(szErrMsg) / sizeof(uchar), + "Malicious PTR record (message accepted, but used IP " + "instead of PTR name: IP = \"%s\" HOST = \"%s\"", + ip, pszHostFQDN); + errmsg.LogError(NO_ERRCODE, "%s", szErrMsg); + + error = 1; /* that will trigger using IP address below. */ + } + } + pthread_sigmask(SIG_SETMASK, &omask, NULL); + } + + if(error || glbl.GetDisableDNS()) { + dbgprintf("Host name for your address (%s) unknown\n", ip); + strcpy((char*) pszHostFQDN, ip); + ABORT_FINALIZE(RS_RET_ADDRESS_UNKNOWN); + } + +finalize_it: + RETiRet; +} + + +/* queryInterface function + * rgerhards, 2008-03-05 + */ +BEGINobjQueryInterface(netstrm) +CODESTARTobjQueryInterface(netstrm) + if(pIf->ifVersion != netstrmCURR_IF_VERSION) {/* check for current version, increment on each change */ + ABORT_FINALIZE(RS_RET_INTERFACE_NOT_SUPPORTED); + } + + /* ok, we have the right interface, so let's fill it + * Please note that we may also do some backwards-compatibility + * work here (if we can support an older interface version - that, + * of course, also affects the "if" above). + */ + //pIf->cvthname = cvthname; +finalize_it: +ENDobjQueryInterface(netstrm) + + +/* exit our class + * rgerhards, 2008-03-10 + */ +BEGINObjClassExit(netstrm, OBJ_IS_LOADABLE_MODULE) /* CHANGE class also in END MACRO! */ +CODESTARTObjClassExit(netstrm) + /* release objects we no longer need */ + objRelease(glbl, CORE_COMPONENT); + objRelease(errmsg, CORE_COMPONENT); +ENDObjClassExit(netstrm) + + +/* Initialize the netstrm class. Must be called as the very first method + * before anything else is called inside this class. + * rgerhards, 2008-02-19 + */ +BEGINAbstractObjClassInit(netstrm, 1, OBJ_IS_CORE_MODULE) /* class, version */ + /* request objects we use */ + CHKiRet(objUse(errmsg, CORE_COMPONENT)); + CHKiRet(objUse(glbl, CORE_COMPONENT)); + + /* set our own handlers */ +ENDObjClassInit(netstrm) + + +/* --------------- here now comes the plumbing that makes as a library module --------------- */ + + +BEGINmodExit +CODESTARTmodExit + netstrmClassExit(); +ENDmodExit + + +BEGINqueryEtryPt +CODESTARTqueryEtryPt +CODEqueryEtryPt_STD_LIB_QUERIES +ENDqueryEtryPt + + +BEGINmodInit() +CODESTARTmodInit + *ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */ + + /* Initialize all classes that are in our module - this includes ourselfs */ + CHKiRet(netstrmClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */ +ENDmodInit +/* vi:set ai: + */ diff --git a/runtime/netstrm.h b/runtime/netstrm.h new file mode 100644 index 00000000..7afce969 --- /dev/null +++ b/runtime/netstrm.h @@ -0,0 +1,44 @@ +/* Definitions for the stream-based netstrmworking class. + * + * Copyright 2007, 2008 Rainer Gerhards and Adiscon GmbH. + * + * This file is part of the rsyslog runtime library. + * + * The rsyslog runtime library is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * The rsyslog runtime library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the rsyslog runtime library. If not, see . + * + * A copy of the GPL can be found in the file "COPYING" in this distribution. + * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution. + */ + +#ifndef INCLUDED_NETSTRM_H +#define INCLUDED_NETSTRM_H + +/* the netstrm object */ +struct netstrm_s { + BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */ + int sock; /* underlying socket */ +}; + +/* interfaces */ +BEGINinterface(netstrm) /* name must also be changed in ENDinterface macro! */ +ENDinterface(netstrm) +#define netstrmCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */ + +/* prototypes */ +PROTOTYPEObj(netstrm); + +/* the name of our library binary */ +#define LM_NETSTRM_FILENAME "lmnetstrm" + +#endif /* #ifndef INCLUDED_NETSTRM_H */ diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h index 868bb564..3a81d67b 100644 --- a/runtime/rsyslog.h +++ b/runtime/rsyslog.h @@ -61,8 +61,9 @@ /* define some base data types */ typedef unsigned char uchar;/* get rid of the unhandy "unsigned char" */ typedef struct thrdInfo thrdInfo_t; -typedef struct filed selector_t; /* TODO: this so far resides in syslogd.c, think about modularization */ +typedef struct filed selector_t;/* TODO: this so far resides in syslogd.c, think about modularization */ typedef struct NetAddr netAddr_t; +typedef struct netstrm_s netstrm_t; typedef struct msg msg_t; typedef struct interface_s interface_t; typedef struct objInfo_s objInfo_t; diff --git a/tcpsrv.c b/tcpsrv.c index 499b0ce8..96048e31 100644 --- a/tcpsrv.c +++ b/tcpsrv.c @@ -457,7 +457,6 @@ SessAccept(tcpsrv_t *pThis, tcps_sess_t **ppSess, int fd) */ close (newConn); ABORT_FINALIZE(RS_RET_ERR); // TODO: better error code - //was: return -1; } /* Here we check if a host is permitted to send us -- cgit From ccf3b533c698d323cafb01d32f35edaeaf8e8daa Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 17 Apr 2008 15:40:28 +0200 Subject: imported tcp module from librelp as basis for new stream class we got permission to include the tcp module from librelp copyright holders --- runtime/netstrm.c | 550 +++++++++++++++++++++++++++++++++++++++++++----------- runtime/netstrm.h | 22 ++- runtime/rsyslog.h | 5 + 3 files changed, 463 insertions(+), 114 deletions(-) diff --git a/runtime/netstrm.c b/runtime/netstrm.c index 0afb4a5e..67611aa0 100644 --- a/runtime/netstrm.c +++ b/runtime/netstrm.c @@ -12,6 +12,11 @@ * to carry out its work (including, and most importantly, transport * drivers). * + * Work on this module begun 2008-04-17 by Rainer Gerhards. This code + * borrows from librelp's tcp.c/.h code. librelp is dual licensed and + * Rainer Gerhards and Adiscon GmbH have agreed to permit using the code + * under the terms of the GNU Lesser General Public License. + * * Copyright 2007, 2008 Rainer Gerhards and Adiscon GmbH. * * This file is part of the rsyslog runtime library. @@ -54,6 +59,7 @@ #include "srUtils.h" #include "obj.h" #include "errmsg.h" +#include "net.h" #include "netstrm.h" MODULE_TYPE_LIB @@ -62,155 +68,464 @@ MODULE_TYPE_LIB DEFobjStaticHelpers DEFobjCurrIf(errmsg) DEFobjCurrIf(glbl) +DEFobjCurrIf(net) + +#define DFLT_PORT "514" +#warning "urgent TODO: default port!" + +/* Standard-Constructor + */ +BEGINobjConstruct(netstrm) /* be sure to specify the object type also in END macro! */ + pThis->sock = -1; + pThis->iSessMax = 500; /* default max nbr of sessions -TODO:make configurable--rgerhards, 2008-04-17*/ +ENDobjConstruct(netstrm) -/* The following #ifdef sequence is a small compatibility - * layer. It tries to work around the different availality - * levels of SO_BSDCOMPAT on linuxes... - * I borrowed this code from - * http://www.erlang.org/ml-archive/erlang-questions/200307/msg00037.html - * It still needs to be a bit better adapted to rsyslog. - * rgerhards 2005-09-19 +/* ConstructionFinalizer */ -#include -static int -should_use_so_bsdcompat(void) +static rsRetVal +netstrmConstructFinalize(netstrm_t __attribute__((unused)) *pThis) { -#ifndef OS_BSD - static int init_done; - static int so_bsdcompat_is_obsolete; - - if (!init_done) { - struct utsname myutsname; - unsigned int version, patchlevel; - - init_done = 1; - if (uname(&myutsname) < 0) { - char errStr[1024]; - dbgprintf("uname: %s\r\n", rs_strerror_r(errno, errStr, sizeof(errStr))); - return 1; + DEFiRet; + ISOBJ_TYPE_assert(pThis, netstrm); + RETiRet; +} + + +/* destructor for the netstrm object */ +BEGINobjDestruct(netstrm) /* be sure to specify the object type also in END and CODESTART macros! */ + int i; +CODESTARTobjDestruct(netstrm) + if(pThis->sock != -1) { + close(pThis->sock); + pThis->sock = -1; } - /* Format is .. - where the first three are unsigned integers and the last - is an arbitrary string. We only care about the first two. */ - if (sscanf(myutsname.release, "%u.%u", &version, &patchlevel) != 2) { - dbgprintf("uname: unexpected release '%s'\r\n", - myutsname.release); - return 1; + + if(pThis->socks != NULL) { + /* if we have some sockets at this stage, we need to close them */ + for(i = 1 ; i <= pThis->socks[0] ; ++i) + close(pThis->socks[i]); + free(pThis->socks); } - /* SO_BSCOMPAT is deprecated and triggers warnings in 2.5 - kernels. It is a no-op in 2.4 but not in 2.2 kernels. */ - if (version > 2 || (version == 2 && patchlevel >= 5)) - so_bsdcompat_is_obsolete = 1; - } - return !so_bsdcompat_is_obsolete; -#else /* #ifndef OS_BSD */ - return 1; -#endif /* #ifndef OS_BSD */ + + if(pThis->pRemHostIP != NULL) + free(pThis->pRemHostIP); + if(pThis->pRemHostName != NULL) + free(pThis->pRemHostName); +ENDobjDestruct(netstrm) + + +/* abort a connection. This is much like Destruct(), but tries + * to discard any unsent data. -- rgerhards, 2008-03-24 + */ +rsRetVal +AbortDestruct(netstrm_t **ppThis) +{ + struct linger ling; + + DEFiRet; + assert(ppThis != NULL); + ISOBJ_TYPE_assert((*ppThis), netstrm); + + if((*ppThis)->sock != -1) { + ling.l_onoff = 1; + ling.l_linger = 0; + if(setsockopt((*ppThis)->sock, SOL_SOCKET, SO_LINGER, &ling, sizeof(ling)) < 0 ) { + dbgprintf("could not set SO_LINGER, errno %d\n", errno); + } + } + + iRet = netstrmDestruct(ppThis); + + RETiRet; } -#ifndef SO_BSDCOMPAT -/* this shall prevent compiler errors due to undfined name */ -#define SO_BSDCOMPAT 0 -#endif -/* get the hostname of the message source. This was originally in cvthname() - * but has been moved out of it because of clarity and fuctional separation. - * It must be provided by the socket we received the message on as well as - * a NI_MAXHOST size large character buffer for the FQDN. - * +/* Set pRemHost based on the address provided. This is to be called upon accept()ing + * a connection request. It must be provided by the socket we received the + * message on as well as a NI_MAXHOST size large character buffer for the FQDN. * Please see http://www.hmug.org/man/3/getnameinfo.php (under Caveats) - * for some explanation of the code found below. We do by default not - * discard message where we detected malicouos DNS PTR records. However, - * there is a user-configurabel option that will tell us if - * we should abort. For this, the return value tells the caller if the - * message should be processed (1) or discarded (0). + * for some explanation of the code found below. If we detect a malicious + * hostname, we return RS_RET_MALICIOUS_HNAME and let the caller decide + * on how to deal with that. + * rgerhards, 2008-03-31 */ static rsRetVal -gethname(struct sockaddr_storage *f, uchar *pszHostFQDN) +SetRemHost(netstrm_t *pThis, struct sockaddr *pAddr) { - DEFiRet; int error; - sigset_t omask, nmask; - char ip[NI_MAXHOST]; + uchar szIP[NI_MAXHOST] = ""; + uchar szHname[NI_MAXHOST] = ""; struct addrinfo hints, *res; + size_t len; - assert(f != NULL); - assert(pszHostFQDN != NULL); + DEFiRet; + ISOBJ_TYPE_assert(pThis, netstrm); + assert(pAddr != NULL); - error = getnameinfo((struct sockaddr *)f, SALEN((struct sockaddr *)f), - ip, sizeof ip, NULL, 0, NI_NUMERICHOST); + error = getnameinfo(pAddr, SALEN(pAddr), (char*)szIP, sizeof(szIP), NULL, 0, NI_NUMERICHOST); - if (error) { + if(error) { dbgprintf("Malformed from address %s\n", gai_strerror(error)); - strcpy((char*) pszHostFQDN, "???"); - ABORT_FINALIZE(RS_RET_INVALID_SOURCE); + strcpy((char*)szHname, "???"); + strcpy((char*)szIP, "???"); + ABORT_FINALIZE(RS_RET_INVALID_HNAME); } if(!glbl.GetDisableDNS()) { - sigemptyset(&nmask); - sigaddset(&nmask, SIGHUP); - pthread_sigmask(SIG_BLOCK, &nmask, &omask); - - error = getnameinfo((struct sockaddr *)f, SALEN((struct sockaddr *) f), - (char*)pszHostFQDN, NI_MAXHOST, NULL, 0, NI_NAMEREQD); - - if (error == 0) { + error = getnameinfo(pAddr, SALEN(pAddr), (char*)szHname, NI_MAXHOST, NULL, 0, NI_NAMEREQD); + if(error == 0) { memset (&hints, 0, sizeof (struct addrinfo)); hints.ai_flags = AI_NUMERICHOST; hints.ai_socktype = SOCK_STREAM; - /* we now do a lookup once again. This one should fail, * because we should not have obtained a non-numeric address. If * we got a numeric one, someone messed with DNS! */ - if (getaddrinfo ((char*)pszHostFQDN, NULL, &hints, &res) == 0) { - uchar szErrMsg[1024]; + if(getaddrinfo((char*)szHname, NULL, &hints, &res) == 0) { freeaddrinfo (res); - /* OK, we know we have evil. The question now is what to do about - * it. One the one hand, the message might probably be intended - * to harm us. On the other hand, losing the message may also harm us. - * Thus, the behaviour is controlled by the $DropMsgsWithMaliciousDnsPTRRecords - * option. If it tells us we should discard, we do so, else we proceed, - * but log an error message together with it. - * time being, we simply drop the name we obtained and use the IP - that one - * is OK in any way. We do also log the error message. rgerhards, 2007-07-16 - */ - if(glbl.GetDropMalPTRMsgs() == 1) { - snprintf((char*)szErrMsg, sizeof(szErrMsg) / sizeof(uchar), - "Malicious PTR record, message dropped " - "IP = \"%s\" HOST = \"%s\"", - ip, pszHostFQDN); - errmsg.LogError(NO_ERRCODE, "%s", szErrMsg); - pthread_sigmask(SIG_SETMASK, &omask, NULL); - ABORT_FINALIZE(RS_RET_MALICIOUS_ENTITY); - } - - /* Please note: we deal with a malicous entry. Thus, we have crafted - * the snprintf() below so that all text is in front of the entry - maybe - * it contains characters that make the message unreadable - * (OK, I admit this is more or less impossible, but I am paranoid...) - * rgerhards, 2007-07-16 + /* OK, we know we have evil, so let's indicate this to our caller */ + snprintf((char*)szHname, NI_MAXHOST, "[MALICIOUS:IP=%s]", szIP); + dbgprintf("Malicious PTR record, IP = \"%s\" HOST = \"%s\"", szIP, szHname); + iRet = RS_RET_MALICIOUS_HNAME; + } + } else { + strcpy((char*)szHname, (char*)szIP); + } + } else { + strcpy((char*)szHname, (char*)szIP); + } + + /* We now have the names, so now let's allocate memory and store them permanently. + * (side note: we may hold on to these values for quite a while, thus we trim their + * memory consumption) + */ + len = strlen((char*)szIP) + 1; /* +1 for \0 byte */ + if((pThis->pRemHostIP = malloc(len)) == NULL) + ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); + memcpy(pThis->pRemHostIP, szIP, len); + + len = strlen((char*)szHname) + 1; /* +1 for \0 byte */ + if((pThis->pRemHostName = malloc(len)) == NULL) { + free(pThis->pRemHostIP); /* prevent leak */ + pThis->pRemHostIP = NULL; + ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); + } + memcpy(pThis->pRemHostName, szHname, len); + +finalize_it: + RETiRet; +} + + + +/* accept an incoming connection request, sock provides the socket on which we can + * accept the new session. + * rgerhards, 2008-03-17 + */ +rsRetVal +AcceptConnReq(netstrm_t **ppThis, int sock) +{ + netstrm_t *pThis = NULL; + int sockflags; + struct sockaddr_storage addr; + socklen_t addrlen = sizeof(addr); + int iNewSock = -1; + + DEFiRet; + assert(ppThis != NULL); + + iNewSock = accept(sock, (struct sockaddr*) &addr, &addrlen); + if(iNewSock < 0) { + ABORT_FINALIZE(RS_RET_ACCEPT_ERR); + } + + /* construct our object so that we can use it... */ + CHKiRet(netstrmConstruct(&pThis)); + + /* TODO: obtain hostname, normalize (callback?), save it */ + CHKiRet(SetRemHost(pThis, (struct sockaddr*) &addr)); + + /* set the new socket to non-blocking IO */ + if((sockflags = fcntl(iNewSock, F_GETFL)) != -1) { + sockflags |= O_NONBLOCK; + /* SETFL could fail too, so get it caught by the subsequent + * error check. + */ + sockflags = fcntl(iNewSock, F_SETFL, sockflags); + } + if(sockflags == -1) { + dbgprintf("error %d setting fcntl(O_NONBLOCK) on relp socket %d", errno, iNewSock); + ABORT_FINALIZE(RS_RET_IO_ERROR); + } + + pThis->sock = iNewSock; + + *ppThis = pThis; + +finalize_it: + if(iRet != RS_RET_OK) { + if(pThis != NULL) + netstrmDestruct(&pThis); + /* the close may be redundant, but that doesn't hurt... */ + if(iNewSock >= 0) + close(iNewSock); + } + + RETiRet; +} + + +/* initialize the tcp socket for a listner + * pLstnPort is either a pointer to a port name or NULL, in which case the + * default is used. + * gerhards, 2008-03-17 + */ +rsRetVal +LstnInit(netstrm_t *pThis, uchar *pLstnPort) +{ + struct addrinfo hints, *res, *r; + int error, maxs, *s, on = 1; + int sockflags; + uchar *pLstnPt; + + DEFiRet; + ISOBJ_TYPE_assert(pThis, netstrm); + + pLstnPt = (pLstnPort == NULL) ? (uchar*) DFLT_PORT : pLstnPort; + dbgprintf("creating relp tcp listen socket on port %s\n", pLstnPt); + + memset(&hints, 0, sizeof(hints)); + hints.ai_flags = AI_PASSIVE; + hints.ai_family = PF_UNSPEC; /* TODO: permit to configure IPv4/v6 only! */ + hints.ai_socktype = SOCK_STREAM; + + error = getaddrinfo(NULL, (char*) pLstnPt, &hints, &res); + if(error) { + dbgprintf("error %d querying port '%s'\n", error, pLstnPt); + ABORT_FINALIZE(RS_RET_INVALID_PORT); + } + + /* Count max number of sockets we may open */ + for(maxs = 0, r = res; r != NULL ; r = r->ai_next, maxs++) + /* EMPTY */; + pThis->socks = malloc((maxs+1) * sizeof(int)); + if (pThis->socks == NULL) { + dbgprintf("couldn't allocate memory for TCP listen sockets, suspending RELP message reception."); + freeaddrinfo(res); + ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); + } + + *pThis->socks = 0; /* num of sockets counter at start of array */ + s = pThis->socks + 1; + for(r = res; r != NULL ; r = r->ai_next) { + *s = socket(r->ai_family, r->ai_socktype, r->ai_protocol); + if (*s < 0) { + if(!(r->ai_family == PF_INET6 && errno == EAFNOSUPPORT)) + dbgprintf("creating relp tcp listen socket"); + /* it is debatable if PF_INET with EAFNOSUPPORT should + * also be ignored... */ - snprintf((char*)szErrMsg, sizeof(szErrMsg) / sizeof(uchar), - "Malicious PTR record (message accepted, but used IP " - "instead of PTR name: IP = \"%s\" HOST = \"%s\"", - ip, pszHostFQDN); - errmsg.LogError(NO_ERRCODE, "%s", szErrMsg); + continue; + } + +#ifdef IPV6_V6ONLY + if (r->ai_family == AF_INET6) { + int iOn = 1; + if (setsockopt(*s, IPPROTO_IPV6, IPV6_V6ONLY, + (char *)&iOn, sizeof (iOn)) < 0) { + close(*s); + *s = -1; + continue; + } + } +#endif + if(setsockopt(*s, SOL_SOCKET, SO_REUSEADDR, (char *) &on, sizeof(on)) < 0 ) { + dbgprintf("error %d setting relp/tcp socket option\n", errno); + close(*s); + *s = -1; + continue; + } + + /* We use non-blocking IO! */ + if((sockflags = fcntl(*s, F_GETFL)) != -1) { + sockflags |= O_NONBLOCK; + /* SETFL could fail too, so get it caught by the subsequent + * error check. + */ + sockflags = fcntl(*s, F_SETFL, sockflags); + } + if(sockflags == -1) { + dbgprintf("error %d setting fcntl(O_NONBLOCK) on relp socket", errno); + close(*s); + *s = -1; + continue; + } + + + + /* We need to enable BSD compatibility. Otherwise an attacker + * could flood our log files by sending us tons of ICMP errors. + */ +#ifndef BSD + if(net.should_use_so_bsdcompat()) { + if (setsockopt(*s, SOL_SOCKET, SO_BSDCOMPAT, + (char *) &on, sizeof(on)) < 0) { + errmsg.LogError(NO_ERRCODE, "TCP setsockopt(BSDCOMPAT)"); + close(*s); + *s = -1; + continue; + } + } +#endif - error = 1; /* that will trigger using IP address below. */ + if( (bind(*s, r->ai_addr, r->ai_addrlen) < 0) +#ifndef IPV6_V6ONLY + && (errno != EADDRINUSE) +#endif + ) { + dbgprintf("error %d while binding relp tcp socket", errno); + close(*s); + *s = -1; + continue; + } + + if(listen(*s,pThis->iSessMax / 10 + 5) < 0) { + /* If the listen fails, it most probably fails because we ask + * for a too-large backlog. So in this case we first set back + * to a fixed, reasonable, limit that should work. Only if + * that fails, too, we give up. + */ + dbgprintf("listen with a backlog of %d failed - retrying with default of 32.", + pThis->iSessMax / 10 + 5); + if(listen(*s, 32) < 0) { + dbgprintf("relp listen error %d, suspending\n", errno); + close(*s); + *s = -1; + continue; } - } - pthread_sigmask(SIG_SETMASK, &omask, NULL); + } + + (*pThis->socks)++; + s++; } - if(error || glbl.GetDisableDNS()) { - dbgprintf("Host name for your address (%s) unknown\n", ip); - strcpy((char*) pszHostFQDN, ip); - ABORT_FINALIZE(RS_RET_ADDRESS_UNKNOWN); - } + if(res != NULL) + freeaddrinfo(res); + + if(*pThis->socks != maxs) + dbgprintf("We could initialize %d RELP TCP listen sockets out of %d we received " + "- this may or may not be an error indication.\n", *pThis->socks, maxs); + + if(*pThis->socks == 0) { + dbgprintf("No RELP TCP listen socket could successfully be initialized, " + "message reception via RELP disabled.\n"); + free(pThis->socks); + ABORT_FINALIZE(RS_RET_COULD_NOT_BIND); + } + +finalize_it: + RETiRet; +} + + +/* receive data from a tcp socket + * The lenBuf parameter must contain the max buffer size on entry and contains + * the number of octets read (or -1 in case of error) on exit. This function + * never blocks, not even when called on a blocking socket. That is important + * for client sockets, which are set to block during send, but should not + * block when trying to read data. If *pLenBuf is -1, an error occured and + * errno holds the exact error cause. + * rgerhards, 2008-03-17 + */ +rsRetVal +Rcv(netstrm_t *pThis, uchar *pRcvBuf, ssize_t *pLenBuf) +{ + DEFiRet; + ISOBJ_TYPE_assert(pThis, netstrm); + + *pLenBuf = recv(pThis->sock, pRcvBuf, *pLenBuf, MSG_DONTWAIT); + + RETiRet; +} + + +/* send a buffer. On entry, pLenBuf contains the number of octets to + * write. On exit, it contains the number of octets actually written. + * If this number is lower than on entry, only a partial buffer has + * been written. + * rgerhards, 2008-03-19 + */ +rsRetVal +Send(netstrm_t *pThis, uchar *pBuf, ssize_t *pLenBuf) +{ + ssize_t written; + DEFiRet; + ISOBJ_TYPE_assert(pThis, netstrm); + + written = send(pThis->sock, pBuf, *pLenBuf, 0); + + if(written == -1) { + switch(errno) { + case EAGAIN: + case EINTR: + /* this is fine, just retry... */ + written = 0; + break; + default: + ABORT_FINALIZE(RS_RET_IO_ERROR); + break; + } + } + + *pLenBuf = written; +finalize_it: + RETiRet; +} + + +/* open a connection to a remote host (server). + * rgerhards, 2008-03-19 + */ +rsRetVal +Connect(netstrm_t *pThis, int family, uchar *port, uchar *host) +{ + struct addrinfo *res = NULL; + struct addrinfo hints; + + DEFiRet; + ISOBJ_TYPE_assert(pThis, netstrm); + assert(port != NULL); + assert(host != NULL); + assert(pThis->sock == -1); + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = family; + hints.ai_socktype = SOCK_STREAM; + if(getaddrinfo((char*)host, (char*)port, &hints, &res) != 0) { + dbgprintf("error %d in getaddrinfo\n", errno); + ABORT_FINALIZE(RS_RET_IO_ERROR); + } + + if((pThis->sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol)) == -1) { + ABORT_FINALIZE(RS_RET_IO_ERROR); + } + + if(connect(pThis->sock, res->ai_addr, res->ai_addrlen) != 0) { + ABORT_FINALIZE(RS_RET_IO_ERROR); + } finalize_it: + if(res != NULL) + freeaddrinfo(res); + + if(iRet != RS_RET_OK) { + if(pThis->sock != -1) { + close(pThis->sock); + pThis->sock = -1; + } + } + RETiRet; } @@ -229,7 +544,14 @@ CODESTARTobjQueryInterface(netstrm) * work here (if we can support an older interface version - that, * of course, also affects the "if" above). */ - //pIf->cvthname = cvthname; + pIf->Construct = netstrmConstruct; + pIf->ConstructFinalize = netstrmConstructFinalize; + pIf->Destruct = netstrmDestruct; + pIf->LstnInit = LstnInit; + pIf->AcceptConnReq = AcceptConnReq; + pIf->Rcv = Rcv; + pIf->Send = Send; + pIf->Connect = Connect; finalize_it: ENDobjQueryInterface(netstrm) @@ -240,6 +562,7 @@ ENDobjQueryInterface(netstrm) BEGINObjClassExit(netstrm, OBJ_IS_LOADABLE_MODULE) /* CHANGE class also in END MACRO! */ CODESTARTObjClassExit(netstrm) /* release objects we no longer need */ + objRelease(net, CORE_COMPONENT); objRelease(glbl, CORE_COMPONENT); objRelease(errmsg, CORE_COMPONENT); ENDObjClassExit(netstrm) @@ -253,6 +576,7 @@ BEGINAbstractObjClassInit(netstrm, 1, OBJ_IS_CORE_MODULE) /* class, version */ /* request objects we use */ CHKiRet(objUse(errmsg, CORE_COMPONENT)); CHKiRet(objUse(glbl, CORE_COMPONENT)); + CHKiRet(objUse(net, CORE_COMPONENT)); /* set our own handlers */ ENDObjClassInit(netstrm) diff --git a/runtime/netstrm.h b/runtime/netstrm.h index 7afce969..73d9c274 100644 --- a/runtime/netstrm.h +++ b/runtime/netstrm.h @@ -27,11 +27,31 @@ /* the netstrm object */ struct netstrm_s { BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */ - int sock; /* underlying socket */ + uchar *pRemHostIP; /**< IP address of remote peer (currently used in server mode, only) */ + uchar *pRemHostName; /**< host name of remote peer (currently used in server mode, only) */ + int sock; /**< the socket we use for regular, single-socket, operations */ + int *socks; /**< the socket(s) we use for listeners, element 0 has nbr of socks */ + int iSessMax; /**< maximum number of sessions permitted */ }; +/* macros for quick member access */ +#warning "do we need the macros?" +#define relpTcpGetNumSocks(pThis) ((pThis)->socks[0]) +#define relpTcpGetLstnSock(pThis, i) ((pThis)->socks[i]) +#define relpTcpGetSock(pThis) ((pThis)->sock) + + /* interfaces */ BEGINinterface(netstrm) /* name must also be changed in ENDinterface macro! */ +//??relpRetVal relpTcpAbortDestruct(relpTcp_t **ppThis); + rsRetVal (*Construct)(netstrm_t **ppThis); + rsRetVal (*ConstructFinalize)(netstrm_t __attribute__((unused)) *pThis); + rsRetVal (*Destruct)(netstrm_t **ppThis); + rsRetVal (*LstnInit)(netstrm_t *pThis, unsigned char *pLstnPort); + rsRetVal (*AcceptConnReq)(netstrm_t **ppThis, int sock); + rsRetVal (*Rcv)(netstrm_t *pThis, uchar *pRcvBuf, ssize_t *pLenBuf); + rsRetVal (*Send)(netstrm_t *pThis, uchar *pBuf, ssize_t *pLenBuf); + rsRetVal (*Connect)(netstrm_t *pThis, int family, unsigned char *port, unsigned char *host); ENDinterface(netstrm) #define netstrmCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */ diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h index 3a81d67b..7ed989c5 100644 --- a/runtime/rsyslog.h +++ b/runtime/rsyslog.h @@ -198,6 +198,11 @@ enum rsRetVal_ /** return value. All methods return this if not specified oth RS_RET_MAIL_NO_TO = -2071, /**< recipient for mail destination is missing */ RS_RET_MAIL_NO_FROM = -2072, /**< sender for mail destination is missing */ RS_RET_INVALID_PRI = -2073, /**< PRI value is invalid */ + RS_RET_MALICIOUS_HNAME = -2074, /**< remote peer is trying malicious things with its hostname */ + RS_RET_ACCEPT_ERR = -2074, /**< error during accept() system call */ + RS_RET_INVALID_HNAME = -2075, /**< remote peer's hostname invalid or unobtainable */ + RS_RET_INVALID_PORT = -2076, /**< invalid port value */ + RS_RET_COULD_NOT_BIND = -2077, /**< could not bind socket, defunct */ /* RainerScript error messages (range 1000.. 1999) */ RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */ -- cgit From 665ac5df67b6613dfe338396d6cec91e678a0394 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 17 Apr 2008 16:00:07 +0200 Subject: brought netstrm to a (hopefully) somewhat usable state --- runtime/netstrm.c | 48 +++++++++++++++++++++++------------------------- runtime/netstrm.h | 8 +------- 2 files changed, 24 insertions(+), 32 deletions(-) diff --git a/runtime/netstrm.c b/runtime/netstrm.c index 67611aa0..c27d5f4d 100644 --- a/runtime/netstrm.c +++ b/runtime/netstrm.c @@ -70,8 +70,6 @@ DEFobjCurrIf(errmsg) DEFobjCurrIf(glbl) DEFobjCurrIf(net) -#define DFLT_PORT "514" -#warning "urgent TODO: default port!" /* Standard-Constructor */ @@ -118,7 +116,7 @@ ENDobjDestruct(netstrm) /* abort a connection. This is much like Destruct(), but tries * to discard any unsent data. -- rgerhards, 2008-03-24 */ -rsRetVal +static rsRetVal AbortDestruct(netstrm_t **ppThis) { struct linger ling; @@ -151,7 +149,7 @@ AbortDestruct(netstrm_t **ppThis) * rgerhards, 2008-03-31 */ static rsRetVal -SetRemHost(netstrm_t *pThis, struct sockaddr *pAddr) +FillRemHost(netstrm_t *pThis, struct sockaddr *pAddr) { int error; uchar szIP[NI_MAXHOST] = ""; @@ -223,7 +221,7 @@ finalize_it: * accept the new session. * rgerhards, 2008-03-17 */ -rsRetVal +static rsRetVal AcceptConnReq(netstrm_t **ppThis, int sock) { netstrm_t *pThis = NULL; @@ -244,7 +242,7 @@ AcceptConnReq(netstrm_t **ppThis, int sock) CHKiRet(netstrmConstruct(&pThis)); /* TODO: obtain hostname, normalize (callback?), save it */ - CHKiRet(SetRemHost(pThis, (struct sockaddr*) &addr)); + CHKiRet(FillRemHost(pThis, (struct sockaddr*) &addr)); /* set the new socket to non-blocking IO */ if((sockflags = fcntl(iNewSock, F_GETFL)) != -1) { @@ -255,7 +253,7 @@ AcceptConnReq(netstrm_t **ppThis, int sock) sockflags = fcntl(iNewSock, F_SETFL, sockflags); } if(sockflags == -1) { - dbgprintf("error %d setting fcntl(O_NONBLOCK) on relp socket %d", errno, iNewSock); + dbgprintf("error %d setting fcntl(O_NONBLOCK) on tcp socket %d", errno, iNewSock); ABORT_FINALIZE(RS_RET_IO_ERROR); } @@ -277,32 +275,33 @@ finalize_it: /* initialize the tcp socket for a listner - * pLstnPort is either a pointer to a port name or NULL, in which case the + * pLstnPort must point to a port name or number. NULL is NOT permitted + * (hint: we need to be careful when we use this module together with librelp, + * there NULL indicates the default port * default is used. * gerhards, 2008-03-17 */ -rsRetVal +static rsRetVal LstnInit(netstrm_t *pThis, uchar *pLstnPort) { struct addrinfo hints, *res, *r; int error, maxs, *s, on = 1; int sockflags; - uchar *pLstnPt; DEFiRet; ISOBJ_TYPE_assert(pThis, netstrm); + assert(pLstnPort != NULL); - pLstnPt = (pLstnPort == NULL) ? (uchar*) DFLT_PORT : pLstnPort; - dbgprintf("creating relp tcp listen socket on port %s\n", pLstnPt); + dbgprintf("creating tcp listen socket on port %s\n", pLstnPort); memset(&hints, 0, sizeof(hints)); hints.ai_flags = AI_PASSIVE; - hints.ai_family = PF_UNSPEC; /* TODO: permit to configure IPv4/v6 only! */ + hints.ai_family = glbl.GetDefPFFamily(); hints.ai_socktype = SOCK_STREAM; - error = getaddrinfo(NULL, (char*) pLstnPt, &hints, &res); + error = getaddrinfo(NULL, (char*) pLstnPort, &hints, &res); if(error) { - dbgprintf("error %d querying port '%s'\n", error, pLstnPt); + dbgprintf("error %d querying port '%s'\n", error, pLstnPort); ABORT_FINALIZE(RS_RET_INVALID_PORT); } @@ -322,7 +321,7 @@ LstnInit(netstrm_t *pThis, uchar *pLstnPort) *s = socket(r->ai_family, r->ai_socktype, r->ai_protocol); if (*s < 0) { if(!(r->ai_family == PF_INET6 && errno == EAFNOSUPPORT)) - dbgprintf("creating relp tcp listen socket"); + dbgprintf("creating tcp listen socket"); /* it is debatable if PF_INET with EAFNOSUPPORT should * also be ignored... */ @@ -341,7 +340,7 @@ LstnInit(netstrm_t *pThis, uchar *pLstnPort) } #endif if(setsockopt(*s, SOL_SOCKET, SO_REUSEADDR, (char *) &on, sizeof(on)) < 0 ) { - dbgprintf("error %d setting relp/tcp socket option\n", errno); + dbgprintf("error %d setting tcp socket option\n", errno); close(*s); *s = -1; continue; @@ -356,7 +355,7 @@ LstnInit(netstrm_t *pThis, uchar *pLstnPort) sockflags = fcntl(*s, F_SETFL, sockflags); } if(sockflags == -1) { - dbgprintf("error %d setting fcntl(O_NONBLOCK) on relp socket", errno); + dbgprintf("error %d setting fcntl(O_NONBLOCK) on tcp socket", errno); close(*s); *s = -1; continue; @@ -384,7 +383,7 @@ LstnInit(netstrm_t *pThis, uchar *pLstnPort) && (errno != EADDRINUSE) #endif ) { - dbgprintf("error %d while binding relp tcp socket", errno); + dbgprintf("error %d while binding tcp socket", errno); close(*s); *s = -1; continue; @@ -399,7 +398,7 @@ LstnInit(netstrm_t *pThis, uchar *pLstnPort) dbgprintf("listen with a backlog of %d failed - retrying with default of 32.", pThis->iSessMax / 10 + 5); if(listen(*s, 32) < 0) { - dbgprintf("relp listen error %d, suspending\n", errno); + dbgprintf("tcp listen error %d, suspending\n", errno); close(*s); *s = -1; continue; @@ -438,7 +437,7 @@ finalize_it: * errno holds the exact error cause. * rgerhards, 2008-03-17 */ -rsRetVal +static rsRetVal Rcv(netstrm_t *pThis, uchar *pRcvBuf, ssize_t *pLenBuf) { DEFiRet; @@ -456,7 +455,7 @@ Rcv(netstrm_t *pThis, uchar *pRcvBuf, ssize_t *pLenBuf) * been written. * rgerhards, 2008-03-19 */ -rsRetVal +static rsRetVal Send(netstrm_t *pThis, uchar *pBuf, ssize_t *pLenBuf) { ssize_t written; @@ -487,7 +486,7 @@ finalize_it: /* open a connection to a remote host (server). * rgerhards, 2008-03-19 */ -rsRetVal +static rsRetVal Connect(netstrm_t *pThis, int family, uchar *port, uchar *host) { struct addrinfo *res = NULL; @@ -531,7 +530,6 @@ finalize_it: /* queryInterface function - * rgerhards, 2008-03-05 */ BEGINobjQueryInterface(netstrm) CODESTARTobjQueryInterface(netstrm) @@ -547,6 +545,7 @@ CODESTARTobjQueryInterface(netstrm) pIf->Construct = netstrmConstruct; pIf->ConstructFinalize = netstrmConstructFinalize; pIf->Destruct = netstrmDestruct; + pIf->AbortDestruct = AbortDestruct; pIf->LstnInit = LstnInit; pIf->AcceptConnReq = AcceptConnReq; pIf->Rcv = Rcv; @@ -557,7 +556,6 @@ ENDobjQueryInterface(netstrm) /* exit our class - * rgerhards, 2008-03-10 */ BEGINObjClassExit(netstrm, OBJ_IS_LOADABLE_MODULE) /* CHANGE class also in END MACRO! */ CODESTARTObjClassExit(netstrm) diff --git a/runtime/netstrm.h b/runtime/netstrm.h index 73d9c274..7f267a36 100644 --- a/runtime/netstrm.h +++ b/runtime/netstrm.h @@ -34,19 +34,13 @@ struct netstrm_s { int iSessMax; /**< maximum number of sessions permitted */ }; -/* macros for quick member access */ -#warning "do we need the macros?" -#define relpTcpGetNumSocks(pThis) ((pThis)->socks[0]) -#define relpTcpGetLstnSock(pThis, i) ((pThis)->socks[i]) -#define relpTcpGetSock(pThis) ((pThis)->sock) - /* interfaces */ BEGINinterface(netstrm) /* name must also be changed in ENDinterface macro! */ -//??relpRetVal relpTcpAbortDestruct(relpTcp_t **ppThis); rsRetVal (*Construct)(netstrm_t **ppThis); rsRetVal (*ConstructFinalize)(netstrm_t __attribute__((unused)) *pThis); rsRetVal (*Destruct)(netstrm_t **ppThis); + rsRetVal (*AbortDestruct)(netstrm_t **ppThis); rsRetVal (*LstnInit)(netstrm_t *pThis, unsigned char *pLstnPort); rsRetVal (*AcceptConnReq)(netstrm_t **ppThis, int sock); rsRetVal (*Rcv)(netstrm_t *pThis, uchar *pRcvBuf, ssize_t *pLenBuf); -- cgit From f590c1d52afbae2d16182864084edae84f541835 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 17 Apr 2008 18:06:06 +0200 Subject: modified omfwd to work with netstrm (and also did some cleanup) --- plugins/omgssapi/omgssapi.c | 6 +- tcpclt.c | 1 - tcpclt.h | 1 - tools/omfwd.c | 541 +++++++++++++++++++------------------------- 4 files changed, 239 insertions(+), 310 deletions(-) diff --git a/plugins/omgssapi/omgssapi.c b/plugins/omgssapi/omgssapi.c index 3f6600ca..6f940f99 100644 --- a/plugins/omgssapi/omgssapi.c +++ b/plugins/omgssapi/omgssapi.c @@ -174,8 +174,6 @@ CODESTARTdbgPrintInstInfo ENDdbgPrintInstInfo -/* CODE FOR SENDING TCP MESSAGES */ - /* This function is called immediately before a send retry is attempted. * It shall clean up whatever makes sense. * rgerhards, 2007-12-28 @@ -207,9 +205,7 @@ static rsRetVal TCPSendGSSInit(void *pvData) base = (gss_base_service_name == NULL) ? "host" : gss_base_service_name; out_tok.length = strlen(pData->f_hname) + strlen(base) + 2; - if ((out_tok.value = malloc(out_tok.length)) == NULL) { - ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); - } + CHKmalloc(out_tok.value = malloc(out_tok.length)); strcpy(out_tok.value, base); strcat(out_tok.value, "@"); strcat(out_tok.value, pData->f_hname); diff --git a/tcpclt.c b/tcpclt.c index 7216caae..2bc2ea56 100644 --- a/tcpclt.c +++ b/tcpclt.c @@ -51,7 +51,6 @@ MODULE_TYPE_LIB DEFobjStaticHelpers /* Initialize TCP sockets (for sender) - * This is done once per selector line, if not yet initialized. */ static int CreateSocket(struct addrinfo *addrDest) diff --git a/tcpclt.h b/tcpclt.h index 15344266..b7aada65 100644 --- a/tcpclt.h +++ b/tcpclt.h @@ -26,7 +26,6 @@ #ifndef TCPCLT_H_INCLUDED #define TCPCLT_H_INCLUDED 1 -//#include "tcpsyslog.h" #include "obj.h" /* the tcpclt object */ diff --git a/tools/omfwd.c b/tools/omfwd.c index 80f62c8a..6c3a351a 100644 --- a/tools/omfwd.c +++ b/tools/omfwd.c @@ -30,7 +30,6 @@ * A copy of the GPL can be found in the file "COPYING" in this distribution. */ #include "config.h" -#ifdef SYSLOG_INET #include "rsyslog.h" #include #include @@ -52,6 +51,7 @@ #include "syslogd-types.h" #include "srUtils.h" #include "net.h" +#include "netstrm.h" #include "omfwd.h" #include "template.h" #include "msg.h" @@ -69,17 +69,14 @@ DEF_OMOD_STATIC_DATA DEFobjCurrIf(errmsg) DEFobjCurrIf(glbl) DEFobjCurrIf(net) +DEFobjCurrIf(netstrm) DEFobjCurrIf(tcpclt) typedef struct _instanceData { char *f_hname; - short sock; /* file descriptor */ + netstrm_t *pNetstrm; /* our output netstream */ int *pSockArray; /* sockets to use for UDP */ - enum { /* TODO: we shoud revisit these definitions */ - eDestFORW, - eDestFORW_SUSP, - eDestFORW_UNKN - } eDestState; + int bIsConnected; /* are we connected to remote host? 0 - no, 1 - yes, UDP means addr resolved */ struct addrinfo *f_addr; int compressionLevel; /* 0 - no compression, else level for zlib */ char *port; @@ -87,8 +84,7 @@ typedef struct _instanceData { # define FORW_UDP 0 # define FORW_TCP 1 /* following fields for TCP-based delivery */ - time_t ttSuspend; /* time selector was suspended */ - tcpclt_t *pTCPClt; /* our tcpclt object */ + tcpclt_t *pTCPClt; /* our tcpclt object */ } instanceData; /* config data */ @@ -101,7 +97,7 @@ static uchar *pszTplName = NULL; /* name of the default template to use */ * We may change the implementation to try to lookup the port * if it is unspecified. So far, we use the IANA default auf 514. */ -static char *getFwdSyslogPt(instanceData *pData) +static char *getFwdPt(instanceData *pData) { assert(pData != NULL); if(pData->port == NULL) @@ -112,7 +108,6 @@ static char *getFwdSyslogPt(instanceData *pData) BEGINcreateInstance CODESTARTcreateInstance - pData->sock = -1; ENDcreateInstance @@ -125,20 +120,16 @@ ENDisCompatibleWithFeature BEGINfreeInstance CODESTARTfreeInstance - switch (pData->eDestState) { - case eDestFORW: - case eDestFORW_SUSP: - freeaddrinfo(pData->f_addr); - /* fall through */ - case eDestFORW_UNKN: - if(pData->port != NULL) - free(pData->port); - break; + if(pData->f_addr != NULL) { /* TODO: is the check ok? */ + freeaddrinfo(pData->f_addr); + pData->f_addr = NULL; } + if(pData->port != NULL) + free(pData->port); /* final cleanup */ - if(pData->sock >= 0) - close(pData->sock); + if(pData->pNetstrm != NULL) + netstrm.Destruct(&pData->pNetstrm); if(pData->pSockArray != NULL) net.closeUDPListenSockets(pData->pSockArray); @@ -175,8 +166,7 @@ static rsRetVal UDPSend(instanceData *pData, char *msg, size_t len) * succeeding. We track this be bSendSuccess. We can not simply * rely on lsent, as a call might initially work, but a later * call fails. Then, lsent has the error status, even though - * the sendto() succeeded. - * rgerhards, 2007-06-22 + * the sendto() succeeded. -- rgerhards, 2007-06-22 */ bSendSuccess = FALSE; for (r = pData->f_addr; r; r = r->ai_next) { @@ -217,22 +207,11 @@ static rsRetVal TCPSendFrame(void *pvData, char *msg, size_t len) ssize_t lenSend; instanceData *pData = (instanceData *) pvData; - lenSend = send(pData->sock, msg, len, 0); + lenSend = len; + CHKiRet(netstrm.Send(pData->pNetstrm, (uchar*)msg, &lenSend)); dbgprintf("TCP sent %ld bytes, requested %ld\n", (long) lenSend, (long) len); - if(lenSend == -1) { - /* we have an error case - check what we can live with */ - switch(errno) { - case EMSGSIZE: - dbgprintf("message not (tcp)send, too large\n"); - /* This is not a real error, so it is not flagged as one */ - break; - default: - dbgprintf("message not (tcp)send"); - iRet = RS_RET_TCP_SEND_ERROR; - break; - } - } else if(lenSend != (ssize_t) len) { + if(lenSend != (ssize_t) len) { /* no real error, could "just" not send everything... * For the time being, we ignore this... * rgerhards, 2005-10-25 @@ -242,6 +221,7 @@ static rsRetVal TCPSendFrame(void *pvData, char *msg, size_t len) /* TODO: we need to revisit this code -- rgerhards, 2007-12-28 */ } +finalize_it: RETiRet; } @@ -256,13 +236,12 @@ static rsRetVal TCPSendPrepRetry(void *pvData) instanceData *pData = (instanceData *) pvData; assert(pData != NULL); - close(pData->sock); - pData->sock = -1; + netstrm.Destruct(&pData->pNetstrm); RETiRet; } -/* initialies everything so that TCPSend can work. +/* initializes everything so that TCPSend can work. * rgerhards, 2007-12-28 */ static rsRetVal TCPSendInit(void *pvData) @@ -271,11 +250,16 @@ static rsRetVal TCPSendInit(void *pvData) instanceData *pData = (instanceData *) pvData; assert(pData != NULL); - if(pData->sock < 0) { - if((pData->sock = tcpclt.CreateSocket(pData->f_addr)) < 0) - iRet = RS_RET_TCP_SOCKCREATE_ERR; + if(pData->pNetstrm == NULL) { + CHKiRet(netstrm.Construct(&pData->pNetstrm)); + CHKiRet(netstrm.Connect(pData->pNetstrm, glbl.GetDefPFFamily(), + (uchar*)pData->port, (uchar*)pData->f_hname)); } +finalize_it: + if(iRet != RS_RET_OK) + netstrm.Destruct(&pData->pNetstrm); + RETiRet; } @@ -288,39 +272,38 @@ static rsRetVal doTryResume(instanceData *pData) DEFiRet; struct addrinfo *res; struct addrinfo hints; - unsigned e; - - switch (pData->eDestState) { - case eDestFORW_SUSP: - iRet = RS_RET_OK; /* the actual check happens during doAction() only */ - pData->eDestState = eDestFORW; - break; - - case eDestFORW_UNKN: - /* The remote address is not yet known and needs to be obtained */ - dbgprintf(" %s\n", pData->f_hname); + + if(pData->bIsConnected) + FINALIZE; + + /* The remote address is not yet known and needs to be obtained */ + dbgprintf(" %s\n", pData->f_hname); + if(pData->protocol == FORW_UDP) { memset(&hints, 0, sizeof(hints)); - /* port must be numeric, because config file syntax requests this */ - /* TODO: this code is a duplicate from cfline() - we should later create - * a common function. - */ + /* port must be numeric, because config file syntax requires this */ hints.ai_flags = AI_NUMERICSERV; hints.ai_family = glbl.GetDefPFFamily(); - hints.ai_socktype = pData->protocol == FORW_UDP ? SOCK_DGRAM : SOCK_STREAM; - if((e = getaddrinfo(pData->f_hname, - getFwdSyslogPt(pData), &hints, &res)) == 0) { - dbgprintf("%s found, resuming.\n", pData->f_hname); - pData->f_addr = res; - pData->eDestState = eDestFORW; - } else { - iRet = RS_RET_SUSPENDED; + hints.ai_socktype = pData->protocol == SOCK_DGRAM; + if((getaddrinfo(pData->f_hname, getFwdPt(pData), &hints, &res)) != 0) { + ABORT_FINALIZE(RS_RET_SUSPENDED); + } + dbgprintf("%s found, resuming.\n", pData->f_hname); + pData->f_addr = res; + pData->bIsConnected = 1; + if(pData->pSockArray == NULL) { + pData->pSockArray = net.create_udp_socket((uchar*)pData->f_hname, NULL, 0); + } + } else { + CHKiRet(TCPSendInit((void*)pData)); + } + +finalize_it: + if(iRet != RS_RET_OK) { + if(pData->f_addr != NULL) { + freeaddrinfo(pData->f_addr); + pData->f_addr = NULL; } - break; - case eDestFORW: - /* rgerhards, 2007-09-11: this can not happen, but I've included it to - * a) make the compiler happy, b) detect any logic errors */ - assert(0); - break; + iRet = RS_RET_SUSPENDED; } RETiRet; @@ -336,87 +319,65 @@ BEGINdoAction char *psz; /* temporary buffering */ register unsigned l; CODESTARTdoAction - switch (pData->eDestState) { - case eDestFORW_SUSP: - dbgprintf("internal error in omfwd.c, eDestFORW_SUSP in doAction()!\n"); - iRet = RS_RET_SUSPENDED; - break; - - case eDestFORW_UNKN: - dbgprintf("doAction eDestFORW_UNKN\n"); - iRet = doTryResume(pData); - break; - - case eDestFORW: - dbgprintf(" %s:%s/%s\n", pData->f_hname, getFwdSyslogPt(pData), - pData->protocol == FORW_UDP ? "udp" : "tcp"); - /* with UDP, check if the socket is there and, if not, alloc - * it. TODO: there should be a better place for that code. - * rgerhards, 2007-12-26 - */ - if(pData->protocol == FORW_UDP) { - if(pData->pSockArray == NULL) { - pData->pSockArray = net.create_udp_socket((uchar*)pData->f_hname, NULL, 0); - } - } - pData->ttSuspend = time(NULL); - psz = (char*) ppString[0]; - l = strlen((char*) psz); - if (l > MAXLINE) - l = MAXLINE; - -# ifdef USE_NETZIP - /* Check if we should compress and, if so, do it. We also - * check if the message is large enough to justify compression. - * The smaller the message, the less likely is a gain in compression. - * To save CPU cycles, we do not try to compress very small messages. - * What "very small" means needs to be configured. Currently, it is - * hard-coded but this may be changed to a config parameter. - * rgerhards, 2006-11-30 - */ - if(pData->compressionLevel && (l > MIN_SIZE_FOR_COMPRESS)) { - Bytef out[MAXLINE+MAXLINE/100+12] = "z"; - uLongf destLen = sizeof(out) / sizeof(Bytef); - uLong srcLen = l; - int ret; - ret = compress2((Bytef*) out+1, &destLen, (Bytef*) psz, - srcLen, pData->compressionLevel); - dbgprintf("Compressing message, length was %d now %d, return state %d.\n", - l, (int) destLen, ret); - if(ret != Z_OK) { - /* if we fail, we complain, but only in debug mode - * Otherwise, we are silent. In any case, we ignore the - * failed compression and just sent the uncompressed - * data, which is still valid. So this is probably the - * best course of action. - * rgerhards, 2006-11-30 - */ - dbgprintf("Compression failed, sending uncompressed message\n"); - } else if(destLen+1 < l) { - /* only use compression if there is a gain in using it! */ - dbgprintf("there is gain in compression, so we do it\n"); - psz = (char*) out; - l = destLen + 1; /* take care for the "z" at message start! */ - } - ++destLen; + CHKiRet(doTryResume(pData)); + + dbgprintf(" %s:%s/%s\n", pData->f_hname, getFwdPt(pData), + pData->protocol == FORW_UDP ? "udp" : "tcp"); + + psz = (char*) ppString[0]; + l = strlen((char*) psz); + if (l > MAXLINE) + l = MAXLINE; + +# ifdef USE_NETZIP + /* Check if we should compress and, if so, do it. We also + * check if the message is large enough to justify compression. + * The smaller the message, the less likely is a gain in compression. + * To save CPU cycles, we do not try to compress very small messages. + * What "very small" means needs to be configured. Currently, it is + * hard-coded but this may be changed to a config parameter. + * rgerhards, 2006-11-30 + */ + if(pData->compressionLevel && (l > MIN_SIZE_FOR_COMPRESS)) { + Bytef out[MAXLINE+MAXLINE/100+12] = "z"; + uLongf destLen = sizeof(out) / sizeof(Bytef); + uLong srcLen = l; + int ret; + ret = compress2((Bytef*) out+1, &destLen, (Bytef*) psz, + srcLen, pData->compressionLevel); + dbgprintf("Compressing message, length was %d now %d, return state %d.\n", + l, (int) destLen, ret); + if(ret != Z_OK) { + /* if we fail, we complain, but only in debug mode + * Otherwise, we are silent. In any case, we ignore the + * failed compression and just sent the uncompressed + * data, which is still valid. So this is probably the + * best course of action. + * rgerhards, 2006-11-30 + */ + dbgprintf("Compression failed, sending uncompressed message\n"); + } else if(destLen+1 < l) { + /* only use compression if there is a gain in using it! */ + dbgprintf("there is gain in compression, so we do it\n"); + psz = (char*) out; + l = destLen + 1; /* take care for the "z" at message start! */ } -# endif + ++destLen; + } +# endif - if(pData->protocol == FORW_UDP) { - /* forward via UDP */ - CHKiRet(UDPSend(pData, psz, l)); - } else { - /* forward via TCP */ - rsRetVal ret; - ret = tcpclt.Send(pData->pTCPClt, pData, psz, l); - if(ret != RS_RET_OK) { - /* error! */ - dbgprintf("error forwarding via tcp, suspending\n"); - pData->eDestState = eDestFORW_SUSP; - iRet = RS_RET_SUSPENDED; - } + if(pData->protocol == FORW_UDP) { + /* forward via UDP */ + CHKiRet(UDPSend(pData, psz, l)); + } else { + /* forward via TCP */ + rsRetVal ret; + ret = tcpclt.Send(pData->pTCPClt, pData, psz, l); + if(ret != RS_RET_OK) { + /* error! */ + dbgprintf("error forwarding via tcp, suspending\n"); + iRet = RS_RET_SUSPENDED; } - break; } finalize_it: ENDdoAction @@ -425,171 +386,144 @@ ENDdoAction BEGINparseSelectorAct uchar *q; int i; - int error; int bErr; - struct addrinfo hints, *res; + struct addrinfo; TCPFRAMINGMODE tcp_framing = TCP_FRAMING_OCTET_STUFFING; CODESTARTparseSelectorAct CODE_STD_STRING_REQUESTparseSelectorAct(1) - if(*p == '@') { - if((iRet = createInstance(&pData)) != RS_RET_OK) - goto finalize_it; - ++p; /* eat '@' */ - if(*p == '@') { /* indicator for TCP! */ - pData->protocol = FORW_TCP; - ++p; /* eat this '@', too */ - } else { - pData->protocol = FORW_UDP; - } - /* we are now after the protocol indicator. Now check if we should - * use compression. We begin to use a new option format for this: - * @(option,option)host:port - * The first option defined is "z[0..9]" where the digit indicates - * the compression level. If it is not given, 9 (best compression) is - * assumed. An example action statement might be: - * @@(z5,o)127.0.0.1:1400 - * Which means send via TCP with medium (5) compresion (z) to the local - * host on port 1400. The '0' option means that octet-couting (as in - * IETF I-D syslog-transport-tls) is to be used for framing (this option - * applies to TCP-based syslog only and is ignored when specified with UDP). - * That is not yet implemented. - * rgerhards, 2006-12-07 - */ - if(*p == '(') { - /* at this position, it *must* be an option indicator */ - do { - ++p; /* eat '(' or ',' (depending on when called) */ - /* check options */ - if(*p == 'z') { /* compression */ -# ifdef USE_NETZIP - ++p; /* eat */ - if(isdigit((int) *p)) { - int iLevel; - iLevel = *p - '0'; - ++p; /* eat */ - pData->compressionLevel = iLevel; - } else { - errmsg.LogError(NO_ERRCODE, "Invalid compression level '%c' specified in " - "forwardig action - NOT turning on compression.", - *p); - } -# else - errmsg.LogError(NO_ERRCODE, "Compression requested, but rsyslogd is not compiled " - "with compression support - request ignored."); -# endif /* #ifdef USE_NETZIP */ - } else if(*p == 'o') { /* octet-couting based TCP framing? */ + if(*p != '@') + ABORT_FINALIZE(RS_RET_CONFLINE_UNPROCESSED); + + CHKiRet(createInstance(&pData)); + + ++p; /* eat '@' */ + if(*p == '@') { /* indicator for TCP! */ + pData->protocol = FORW_TCP; + ++p; /* eat this '@', too */ + } else { + pData->protocol = FORW_UDP; + } + /* we are now after the protocol indicator. Now check if we should + * use compression. We begin to use a new option format for this: + * @(option,option)host:port + * The first option defined is "z[0..9]" where the digit indicates + * the compression level. If it is not given, 9 (best compression) is + * assumed. An example action statement might be: + * @@(z5,o)127.0.0.1:1400 + * Which means send via TCP with medium (5) compresion (z) to the local + * host on port 1400. The '0' option means that octet-couting (as in + * IETF I-D syslog-transport-tls) is to be used for framing (this option + * applies to TCP-based syslog only and is ignored when specified with UDP). + * That is not yet implemented. + * rgerhards, 2006-12-07 + */ + if(*p == '(') { + /* at this position, it *must* be an option indicator */ + do { + ++p; /* eat '(' or ',' (depending on when called) */ + /* check options */ + if(*p == 'z') { /* compression */ +# ifdef USE_NETZIP + ++p; /* eat */ + if(isdigit((int) *p)) { + int iLevel; + iLevel = *p - '0'; ++p; /* eat */ - /* no further options settable */ - tcp_framing = TCP_FRAMING_OCTET_COUNTING; - } else { /* invalid option! Just skip it... */ - errmsg.LogError(NO_ERRCODE, "Invalid option %c in forwarding action - ignoring.", *p); - ++p; /* eat invalid option */ - } - /* the option processing is done. We now do a generic skip - * to either the next option or the end of the option - * block. - */ - while(*p && *p != ')' && *p != ',') - ++p; /* just skip it */ - } while(*p && *p == ','); /* Attention: do.. while() */ - if(*p == ')') - ++p; /* eat terminator, on to next */ - else - /* we probably have end of string - leave it for the rest - * of the code to handle it (but warn the user) - */ - errmsg.LogError(NO_ERRCODE, "Option block not terminated in forwarding action."); - } - /* extract the host first (we do a trick - we replace the ';' or ':' with a '\0') - * now skip to port and then template name. rgerhards 2005-07-06 - */ - for(q = p ; *p && *p != ';' && *p != ':' ; ++p) - /* JUST SKIP */; - - pData->port = NULL; - if(*p == ':') { /* process port */ - uchar * tmp; - - *p = '\0'; /* trick to obtain hostname (later)! */ - tmp = ++p; - for(i=0 ; *p && isdigit((int) *p) ; ++p, ++i) - /* SKIP AND COUNT */; - pData->port = malloc(i + 1); - if(pData->port == NULL) { - errmsg.LogError(NO_ERRCODE, "Could not get memory to store syslog forwarding port, " - "using default port, results may not be what you intend\n"); - /* we leave f_forw.port set to NULL, this is then handled by - * getFwdSyslogPt(). - */ - } else { - memcpy(pData->port, tmp, i); - *(pData->port + i) = '\0'; - } - } - - /* now skip to template */ - bErr = 0; - while(*p && *p != ';') { - if(*p && *p != ';' && !isspace((int) *p)) { - if(bErr == 0) { /* only 1 error msg! */ - bErr = 1; - errno = 0; - errmsg.LogError(NO_ERRCODE, "invalid selector line (port), probably not doing " - "what was intended"); + pData->compressionLevel = iLevel; + } else { + errmsg.LogError(NO_ERRCODE, "Invalid compression level '%c' specified in " + "forwardig action - NOT turning on compression.", + *p); } +# else + errmsg.LogError(NO_ERRCODE, "Compression requested, but rsyslogd is not compiled " + "with compression support - request ignored."); +# endif /* #ifdef USE_NETZIP */ + } else if(*p == 'o') { /* octet-couting based TCP framing? */ + ++p; /* eat */ + /* no further options settable */ + tcp_framing = TCP_FRAMING_OCTET_COUNTING; + } else { /* invalid option! Just skip it... */ + errmsg.LogError(NO_ERRCODE, "Invalid option %c in forwarding action - ignoring.", *p); + ++p; /* eat invalid option */ } - ++p; + /* the option processing is done. We now do a generic skip + * to either the next option or the end of the option + * block. + */ + while(*p && *p != ')' && *p != ',') + ++p; /* just skip it */ + } while(*p && *p == ','); /* Attention: do.. while() */ + if(*p == ')') + ++p; /* eat terminator, on to next */ + else + /* we probably have end of string - leave it for the rest + * of the code to handle it (but warn the user) + */ + errmsg.LogError(NO_ERRCODE, "Option block not terminated in forwarding action."); + } + /* extract the host first (we do a trick - we replace the ';' or ':' with a '\0') + * now skip to port and then template name. rgerhards 2005-07-06 + */ + for(q = p ; *p && *p != ';' && *p != ':' ; ++p) + /* JUST SKIP */; + + pData->port = NULL; + if(*p == ':') { /* process port */ + uchar * tmp; + + *p = '\0'; /* trick to obtain hostname (later)! */ + tmp = ++p; + for(i=0 ; *p && isdigit((int) *p) ; ++p, ++i) + /* SKIP AND COUNT */; + pData->port = malloc(i + 1); + if(pData->port == NULL) { + errmsg.LogError(NO_ERRCODE, "Could not get memory to store syslog forwarding port, " + "using default port, results may not be what you intend\n"); + /* we leave f_forw.port set to NULL, this is then handled by getFwdPt(). */ + } else { + memcpy(pData->port, tmp, i); + *(pData->port + i) = '\0'; } + } - /* TODO: make this if go away! */ - if(*p == ';') { - *p = '\0'; /* trick to obtain hostname (later)! */ - CHKmalloc(pData->f_hname = strdup((char*) q)); - *p = ';'; - } else { - CHKmalloc(pData->f_hname = strdup((char*) q)); + /* now skip to template */ + bErr = 0; + while(*p && *p != ';') { + if(*p && *p != ';' && !isspace((int) *p)) { + if(bErr == 0) { /* only 1 error msg! */ + bErr = 1; + errno = 0; + errmsg.LogError(NO_ERRCODE, "invalid selector line (port), probably not doing " + "what was intended"); + } } + ++p; + } - /* process template */ - CHKiRet(cflineParseTemplateName(&p, *ppOMSR, 0, OMSR_NO_RQD_TPL_OPTS, - (pszTplName == NULL) ? (uchar*)"RSYSLOG_TraditionalForwardFormat" : pszTplName)); + /* TODO: make this if go away! */ + if(*p == ';') { + *p = '\0'; /* trick to obtain hostname (later)! */ + CHKmalloc(pData->f_hname = strdup((char*) q)); + *p = ';'; + } else { + CHKmalloc(pData->f_hname = strdup((char*) q)); + } - /* first set the pData->eDestState */ - memset(&hints, 0, sizeof(hints)); - /* port must be numeric, because config file syntax requests this */ - hints.ai_flags = AI_NUMERICSERV; - hints.ai_family = glbl.GetDefPFFamily(); - hints.ai_socktype = pData->protocol == FORW_UDP ? SOCK_DGRAM : SOCK_STREAM; - if( (error = getaddrinfo(pData->f_hname, getFwdSyslogPt(pData), &hints, &res)) != 0) { - pData->eDestState = eDestFORW_UNKN; - pData->ttSuspend = time(NULL); - } else { - pData->eDestState = eDestFORW; - pData->f_addr = res; - } - /* - * Otherwise the host might be unknown due to an - * inaccessible nameserver (perhaps on the same - * host). We try to get the ip number later, like - * FORW_SUSP. - */ - if(pData->protocol == FORW_TCP) { - /* create our tcpclt */ - CHKiRet(tcpclt.Construct(&pData->pTCPClt)); - /* and set callbacks */ - CHKiRet(tcpclt.SetSendInit(pData->pTCPClt, TCPSendInit)); - CHKiRet(tcpclt.SetSendFrame(pData->pTCPClt, TCPSendFrame)); - CHKiRet(tcpclt.SetSendPrepRetry(pData->pTCPClt, TCPSendPrepRetry)); - CHKiRet(tcpclt.SetFraming(pData->pTCPClt, tcp_framing)); - } + /* process template */ + CHKiRet(cflineParseTemplateName(&p, *ppOMSR, 0, OMSR_NO_RQD_TPL_OPTS, + (pszTplName == NULL) ? (uchar*)"RSYSLOG_TraditionalForwardFormat" : pszTplName)); - } else { - iRet = RS_RET_CONFLINE_UNPROCESSED; + if(pData->protocol == FORW_TCP) { + /* create our tcpclt */ + CHKiRet(tcpclt.Construct(&pData->pTCPClt)); + /* and set callbacks */ + CHKiRet(tcpclt.SetSendInit(pData->pTCPClt, TCPSendInit)); + CHKiRet(tcpclt.SetSendFrame(pData->pTCPClt, TCPSendFrame)); + CHKiRet(tcpclt.SetSendPrepRetry(pData->pTCPClt, TCPSendPrepRetry)); + CHKiRet(tcpclt.SetFraming(pData->pTCPClt, tcp_framing)); } - /* TODO: do we need to call freeInstance if we failed - this is a general question for - * all output modules. I'll address it lates as the interface evolves. rgerhards, 2007-07-25 - */ CODE_STD_FINALIZERparseSelectorAct ENDparseSelectorAct @@ -600,6 +534,7 @@ CODESTARTmodExit objRelease(errmsg, CORE_COMPONENT); objRelease(glbl, CORE_COMPONENT); objRelease(net, LM_NET_FILENAME); + objRelease(netstrm, LM_NETSTRM_FILENAME); objRelease(tcpclt, LM_TCPCLT_FILENAME); if(pszTplName != NULL) { @@ -635,13 +570,13 @@ CODESTARTmodInit CODEmodInit_QueryRegCFSLineHdlr CHKiRet(objUse(glbl, CORE_COMPONENT)); CHKiRet(objUse(errmsg, CORE_COMPONENT)); - CHKiRet(objUse(net, LM_NET_FILENAME)); + CHKiRet(objUse(net,LM_NET_FILENAME)); + CHKiRet(objUse(netstrm, LM_NETSTRM_FILENAME)); CHKiRet(objUse(tcpclt, LM_TCPCLT_FILENAME)); CHKiRet(regCfSysLineHdlr((uchar *)"actionforwarddefaulttemplate", 0, eCmdHdlrGetWord, NULL, &pszTplName, NULL)); CHKiRet(omsdRegCFSLineHdlr((uchar *)"resetconfigvariables", 1, eCmdHdlrCustomHandler, resetConfigVariables, NULL, STD_LOADABLE_MODULE_ID)); ENDmodInit -#endif /* #ifdef SYSLOG_INET */ /* vim:set ai: */ -- cgit From ea4a3a3cd95faf9328def84e3e253d6c1a4375f7 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 17 Apr 2008 19:03:51 +0200 Subject: improvements in omfwd and cleanup of omgssapi - some (small) cleanup of omgssapi - optimized omfwed, now loads TCP code only if this is actually necessary --- ChangeLog | 2 ++ plugins/omgssapi/omgssapi.c | 17 ----------------- tools/omfwd.c | 34 ++++++++++++++++++++++++++++++---- 3 files changed, 32 insertions(+), 21 deletions(-) diff --git a/ChangeLog b/ChangeLog index f0fd4748..71766d1d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ --------------------------------------------------------------------------- Version 3.19.0 (rgerhards), 2008-04-?? - begins new devel branch version +- partly rewritten and improved omfwd among others, now loads TCP + code only if this is actually necessary - implemented im3195, the RFC3195 input as a plugin - split of a "runtime library" for rsyslog - this is not yet a clean model, because some modularization is still outstanding. In theory, diff --git a/plugins/omgssapi/omgssapi.c b/plugins/omgssapi/omgssapi.c index 6f940f99..6d419de0 100644 --- a/plugins/omgssapi/omgssapi.c +++ b/plugins/omgssapi/omgssapi.c @@ -58,17 +58,6 @@ MODULE_TYPE_OUTPUT -#define INET_SUSPEND_TIME 60 -/* equal to 1 minute - TODO: see if we can get rid of this now that we have - * the retry intervals in the engine -- rgerhards, 2008-03-12 - */ - -#define INET_RETRY_MAX 30 /* maximum of retries for gethostbyname() */ - /* was 10, changed to 30 because we reduced INET_SUSPEND_TIME by one third. So - * this "fixes" some of implications of it (see comment on INET_SUSPEND_TIME). - * rgerhards, 2005-07-26 - * TODO: this needs to be reviewed in spite of the new engine, too -- rgerhards, 2008-03-12 - */ /* internal structures */ @@ -86,11 +75,9 @@ typedef struct _instanceData { eDestFORW_SUSP, eDestFORW_UNKN } eDestState; - int iRtryCnt; struct addrinfo *f_addr; int compressionLevel; /* 0 - no compression, else level for zlib */ char *port; - time_t ttSuspend; /* time selector was suspended */ tcpclt_t *pTCPClt; /* our tcpclt object */ gss_ctx_id_t gss_context; OM_uint32 gss_flags; @@ -367,7 +354,6 @@ static rsRetVal doTryResume(instanceData *pData) getFwdSyslogPt(pData), &hints, &res)) == 0) { dbgprintf("%s found, resuming.\n", pData->f_hname); pData->f_addr = res; - pData->iRtryCnt = 0; pData->eDestState = eDestFORW; } else { iRet = RS_RET_SUSPENDED; @@ -406,7 +392,6 @@ CODESTARTdoAction case eDestFORW: dbgprintf(" %s:%s/%s\n", pData->f_hname, getFwdSyslogPt(pData), "tcp-gssapi"); - pData->ttSuspend = time(NULL); psz = (char*) ppString[0]; l = strlen((char*) psz); if (l > MAXLINE) @@ -609,8 +594,6 @@ CODE_STD_STRING_REQUESTparseSelectorAct(1) hints.ai_socktype = SOCK_STREAM; if( (error = getaddrinfo(pData->f_hname, getFwdSyslogPt(pData), &hints, &res)) != 0) { pData->eDestState = eDestFORW_UNKN; - pData->iRtryCnt = INET_RETRY_MAX; - pData->ttSuspend = time(NULL); } else { pData->eDestState = eDestFORW; pData->f_addr = res; diff --git a/tools/omfwd.c b/tools/omfwd.c index 6c3a351a..e7b5dcd7 100644 --- a/tools/omfwd.c +++ b/tools/omfwd.c @@ -195,6 +195,7 @@ static rsRetVal UDPSend(instanceData *pData, char *msg, size_t len) RETiRet; } + /* CODE FOR SENDING TCP MESSAGES */ @@ -383,10 +384,29 @@ finalize_it: ENDdoAction +/* This function loads TCP support, if not already loaded. It will be called + * during config processing. To server ressources, TCP support will only + * be loaded if it actually is used. -- rgerhard, 2008-04-17 + */ +static rsRetVal +loadTCPSupport(void) +{ + DEFiRet; + if(!netstrm.ifIsLoaded) + CHKiRet(objUse(netstrm, LM_NETSTRM_FILENAME)); + if(!tcpclt.ifIsLoaded) + CHKiRet(objUse(tcpclt, LM_TCPCLT_FILENAME)); + +finalize_it: + RETiRet; +} + + BEGINparseSelectorAct uchar *q; int i; int bErr; + rsRetVal localRet; struct addrinfo; TCPFRAMINGMODE tcp_framing = TCP_FRAMING_OCTET_STUFFING; CODESTARTparseSelectorAct @@ -398,6 +418,12 @@ CODE_STD_STRING_REQUESTparseSelectorAct(1) ++p; /* eat '@' */ if(*p == '@') { /* indicator for TCP! */ + localRet = loadTCPSupport(); + if(localRet != RS_RET_OK) { + errmsg.LogError(NO_ERRCODE, "could not activate network stream modules for TCP " + "(internal error %d) - are modules missing?", localRet); + ABORT_FINALIZE(localRet); + } pData->protocol = FORW_TCP; ++p; /* eat this '@', too */ } else { @@ -534,8 +560,10 @@ CODESTARTmodExit objRelease(errmsg, CORE_COMPONENT); objRelease(glbl, CORE_COMPONENT); objRelease(net, LM_NET_FILENAME); - objRelease(netstrm, LM_NETSTRM_FILENAME); - objRelease(tcpclt, LM_TCPCLT_FILENAME); + if(netstrm.ifIsLoaded) + objRelease(netstrm, LM_NETSTRM_FILENAME); + if(!tcpclt.ifIsLoaded) + objRelease(tcpclt, LM_TCPCLT_FILENAME); if(pszTplName != NULL) { free(pszTplName); @@ -571,8 +599,6 @@ CODEmodInit_QueryRegCFSLineHdlr CHKiRet(objUse(glbl, CORE_COMPONENT)); CHKiRet(objUse(errmsg, CORE_COMPONENT)); CHKiRet(objUse(net,LM_NET_FILENAME)); - CHKiRet(objUse(netstrm, LM_NETSTRM_FILENAME)); - CHKiRet(objUse(tcpclt, LM_TCPCLT_FILENAME)); CHKiRet(regCfSysLineHdlr((uchar *)"actionforwarddefaulttemplate", 0, eCmdHdlrGetWord, NULL, &pszTplName, NULL)); CHKiRet(omsdRegCFSLineHdlr((uchar *)"resetconfigvariables", 1, eCmdHdlrCustomHandler, resetConfigVariables, NULL, STD_LOADABLE_MODULE_ID)); -- cgit From a6a9148586df7bba12cbc0bc236605f83640932f Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Fri, 18 Apr 2008 11:38:41 +0200 Subject: abstracted driver level for netstream and TLS --- doc/queueWorkerLogic.dia | Bin 3334 -> 0 bytes doc/src/queueWorkerLogic.dia | Bin 0 -> 3334 bytes doc/src/tls.dia | Bin 0 -> 3450 bytes 3 files changed, 0 insertions(+), 0 deletions(-) delete mode 100644 doc/queueWorkerLogic.dia create mode 100644 doc/src/queueWorkerLogic.dia create mode 100644 doc/src/tls.dia diff --git a/doc/queueWorkerLogic.dia b/doc/queueWorkerLogic.dia deleted file mode 100644 index 068ea50c..00000000 Binary files a/doc/queueWorkerLogic.dia and /dev/null differ diff --git a/doc/src/queueWorkerLogic.dia b/doc/src/queueWorkerLogic.dia new file mode 100644 index 00000000..068ea50c Binary files /dev/null and b/doc/src/queueWorkerLogic.dia differ diff --git a/doc/src/tls.dia b/doc/src/tls.dia new file mode 100644 index 00000000..6d82b0a9 Binary files /dev/null and b/doc/src/tls.dia differ -- cgit From 1daf8d492f932739b6fcde732812116c7666b2bc Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Fri, 18 Apr 2008 11:40:15 +0200 Subject: converted netstrm into generic netstrm and the nsd_pctp driver --- runtime/Makefile.am | 10 + runtime/glbl.c | 25 ++- runtime/glbl.h | 1 + runtime/netstrm.c | 374 +++++---------------------------- runtime/netstrm.h | 14 +- runtime/nsd.h | 48 +++++ runtime/nsd_ptcp.c | 579 ++++++++++++++++++++++++++++++++++++++++++++++++++++ runtime/nsd_ptcp.h | 48 +++++ runtime/obj-types.h | 4 +- runtime/rsyslog.h | 3 + tools/omfwd.c | 2 + 11 files changed, 779 insertions(+), 329 deletions(-) create mode 100644 runtime/nsd.h create mode 100644 runtime/nsd_ptcp.c create mode 100644 runtime/nsd_ptcp.h diff --git a/runtime/Makefile.am b/runtime/Makefile.am index 400d78c0..077310c6 100644 --- a/runtime/Makefile.am +++ b/runtime/Makefile.am @@ -11,6 +11,7 @@ librsyslog_la_SOURCES = \ syslogd-types.h \ module-template.h \ obj-types.h \ + nsd.h \ glbl.h \ glbl.c \ msg.c \ @@ -94,4 +95,13 @@ lmnetstrm_la_SOURCES = netstrm.c netstrm.h lmnetstrm_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags) lmnetstrm_la_LDFLAGS = -module -avoid-version lmnetstrm_la_LIBADD = + +# netstream drivers + +# plain tcp driver +pkglib_LTLIBRARIES += lmnsd_ptcp.la +lmnsd_ptcp_la_SOURCES = nsd_ptcp.c nsd_ptcp.h +lmnsd_ptcp_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags) +lmnsd_ptcp_la_LDFLAGS = -module -avoid-version +lmnsd_ptcp_la_LIBADD = endif # if ENABLE_INET diff --git a/runtime/glbl.c b/runtime/glbl.c index 047fd611..1e51b0e0 100644 --- a/runtime/glbl.c +++ b/runtime/glbl.c @@ -38,6 +38,11 @@ #include "cfsysline.h" #include "glbl.h" +/* some defaults */ +#ifndef DFLT_NETSTRM_DRVR +# define DFLT_NETSTRM_DRVR ((uchar*)"lmnsd_ptcp") +#endif + /* static data */ DEFobjStaticHelpers @@ -54,6 +59,7 @@ static uchar *LocalHostName = NULL;/* our hostname - read-only after startup */ static uchar *LocalDomain; /* our local domain name - read-only after startup */ static char **StripDomains = NULL;/* these domains may be stripped before writing logs - r/o after s.u., never touched by init */ static char **LocalHosts = NULL;/* these hosts are logged with their hostname - read-only after startup, never touched by init */ +static uchar *pszDfltNetstrmDrvr = NULL; /* module name of default netstream driver */ /* define a macro for the simple properties' set and get functions @@ -84,6 +90,7 @@ SIMP_PROP(StripDomains, StripDomains, char**) SIMP_PROP(LocalHosts, LocalHosts, char**) SIMP_PROP_SET(LocalHostName, LocalHostName, uchar*) +SIMP_PROP_SET(DfltNetstrmDrvr, pszDfltNetstrmDrvr, uchar*) // TODO: use custom function which frees existing value #undef SIMP_PROP #undef SIMP_PROP_SET @@ -99,8 +106,7 @@ GetLocalHostName(void) } -/* return the current working directory. - */ +/* return the current working directory */ static uchar* GetWorkDir(void) { @@ -108,6 +114,14 @@ GetWorkDir(void) } +/* return the current default netstream driver */ +static uchar* +GetDfltNetstrmDrvr(void) +{ + return(pszDfltNetstrmDrvr == NULL ? DFLT_NETSTRM_DRVR : pszWorkDir); +} + + /* queryInterface function * rgerhards, 2008-02-21 */ @@ -134,6 +148,7 @@ CODESTARTobjQueryInterface(glbl) SIMP_PROP(LocalDomain) SIMP_PROP(StripDomains) SIMP_PROP(LocalHosts) + SIMP_PROP(DfltNetstrmDrvr) #undef SIMP_PROP finalize_it: ENDobjQueryInterface(glbl) @@ -144,6 +159,10 @@ ENDobjQueryInterface(glbl) */ static rsRetVal resetConfigVariables(uchar __attribute__((unused)) *pp, void __attribute__((unused)) *pVal) { + if(pszDfltNetstrmDrvr != NULL) { + free(pszDfltNetstrmDrvr); + pszDfltNetstrmDrvr = NULL; + } if(pszWorkDir != NULL) { free(pszWorkDir); pszWorkDir = NULL; @@ -172,6 +191,8 @@ ENDObjClassInit(glbl) * rgerhards, 2008-04-17 */ BEGINObjClassExit(glbl, OBJ_IS_CORE_MODULE) /* class, version */ + if(pszDfltNetstrmDrvr != NULL) + free(pszDfltNetstrmDrvr); if(pszWorkDir != NULL) free(pszWorkDir); if(LocalHostName != NULL) diff --git a/runtime/glbl.h b/runtime/glbl.h index d61f9b41..b6864f3d 100644 --- a/runtime/glbl.h +++ b/runtime/glbl.h @@ -48,6 +48,7 @@ BEGINinterface(glbl) /* name must also be changed in ENDinterface macro! */ SIMP_PROP(LocalDomain, uchar*) SIMP_PROP(StripDomains, char**) SIMP_PROP(LocalHosts, char**) + SIMP_PROP(DfltNetstrmDrvr, uchar*) #undef SIMP_PROP ENDinterface(glbl) #define glblCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */ diff --git a/runtime/netstrm.c b/runtime/netstrm.c index c27d5f4d..274a92d7 100644 --- a/runtime/netstrm.c +++ b/runtime/netstrm.c @@ -60,6 +60,7 @@ #include "obj.h" #include "errmsg.h" #include "net.h" +#include "nsd.h" #include "netstrm.h" MODULE_TYPE_LIB @@ -71,172 +72,93 @@ DEFobjCurrIf(glbl) DEFobjCurrIf(net) -/* Standard-Constructor - */ -BEGINobjConstruct(netstrm) /* be sure to specify the object type also in END macro! */ - pThis->sock = -1; - pThis->iSessMax = 500; /* default max nbr of sessions -TODO:make configurable--rgerhards, 2008-04-17*/ -ENDobjConstruct(netstrm) - - -/* ConstructionFinalizer +/* load our low-level driver. This must be done before any + * driver-specific functions (allmost all...) can be carried + * out. Note that the driver's .ifIsLoaded is correctly + * initialized by calloc() and we depend on that. + * rgerhards, 2008-04-18 */ static rsRetVal -netstrmConstructFinalize(netstrm_t __attribute__((unused)) *pThis) +loadDrvr(netstrm_t *pThis) { + uchar *pDrvrName; DEFiRet; - ISOBJ_TYPE_assert(pThis, netstrm); + + pDrvrName = pThis->pDrvrName; + if(pDrvrName == NULL) /* if no drvr name is set, use system default */ + pDrvrName = glbl.GetDfltNetstrmDrvr(); + + pThis->Drvr.ifVersion = nsdCURR_IF_VERSION; + /* The pDrvrName+2 below is a hack to obtain the object name. It + * safes us to have yet another variable with the name without "lm" in + * front of it. If we change the module load interface, we may re-think + * about this hack, but for the time being it is efficient and clean + * enough. -- rgerhards, 2008-04-18 + */ + CHKiRet(obj.UseObj(__FILE__, pDrvrName+2, pDrvrName, (void*) &pThis->Drvr)); +finalize_it: RETiRet; } +/* Standard-Constructor */ +BEGINobjConstruct(netstrm) /* be sure to specify the object type also in END macro! */ +ENDobjConstruct(netstrm) + + /* destructor for the netstrm object */ BEGINobjDestruct(netstrm) /* be sure to specify the object type also in END and CODESTART macros! */ - int i; CODESTARTobjDestruct(netstrm) - if(pThis->sock != -1) { - close(pThis->sock); - pThis->sock = -1; - } - - if(pThis->socks != NULL) { - /* if we have some sockets at this stage, we need to close them */ - for(i = 1 ; i <= pThis->socks[0] ; ++i) - close(pThis->socks[i]); - free(pThis->socks); - } - - if(pThis->pRemHostIP != NULL) - free(pThis->pRemHostIP); - if(pThis->pRemHostName != NULL) - free(pThis->pRemHostName); + if(pThis->pDrvrData != NULL) + iRet = pThis->Drvr.Destruct(&pThis->pDrvrData); ENDobjDestruct(netstrm) -/* abort a connection. This is much like Destruct(), but tries - * to discard any unsent data. -- rgerhards, 2008-03-24 - */ +/* ConstructionFinalizer */ static rsRetVal -AbortDestruct(netstrm_t **ppThis) +netstrmConstructFinalize(netstrm_t *pThis) { - struct linger ling; - DEFiRet; - assert(ppThis != NULL); - ISOBJ_TYPE_assert((*ppThis), netstrm); - - if((*ppThis)->sock != -1) { - ling.l_onoff = 1; - ling.l_linger = 0; - if(setsockopt((*ppThis)->sock, SOL_SOCKET, SO_LINGER, &ling, sizeof(ling)) < 0 ) { - dbgprintf("could not set SO_LINGER, errno %d\n", errno); - } - } - - iRet = netstrmDestruct(ppThis); - + ISOBJ_TYPE_assert(pThis, netstrm); + CHKiRet(loadDrvr(pThis)); + CHKiRet(pThis->Drvr.Construct(&pThis->pDrvrData)); +finalize_it: RETiRet; } - -/* Set pRemHost based on the address provided. This is to be called upon accept()ing - * a connection request. It must be provided by the socket we received the - * message on as well as a NI_MAXHOST size large character buffer for the FQDN. - * Please see http://www.hmug.org/man/3/getnameinfo.php (under Caveats) - * for some explanation of the code found below. If we detect a malicious - * hostname, we return RS_RET_MALICIOUS_HNAME and let the caller decide - * on how to deal with that. - * rgerhards, 2008-03-31 +/* abort a connection. This is much like Destruct(), but tries + * to discard any unsent data. -- rgerhards, 2008-03-24 */ static rsRetVal -FillRemHost(netstrm_t *pThis, struct sockaddr *pAddr) +AbortDestruct(netstrm_t **ppThis) { - int error; - uchar szIP[NI_MAXHOST] = ""; - uchar szHname[NI_MAXHOST] = ""; - struct addrinfo hints, *res; - size_t len; - DEFiRet; - ISOBJ_TYPE_assert(pThis, netstrm); - assert(pAddr != NULL); - - error = getnameinfo(pAddr, SALEN(pAddr), (char*)szIP, sizeof(szIP), NULL, 0, NI_NUMERICHOST); - - if(error) { - dbgprintf("Malformed from address %s\n", gai_strerror(error)); - strcpy((char*)szHname, "???"); - strcpy((char*)szIP, "???"); - ABORT_FINALIZE(RS_RET_INVALID_HNAME); - } - - if(!glbl.GetDisableDNS()) { - error = getnameinfo(pAddr, SALEN(pAddr), (char*)szHname, NI_MAXHOST, NULL, 0, NI_NAMEREQD); - if(error == 0) { - memset (&hints, 0, sizeof (struct addrinfo)); - hints.ai_flags = AI_NUMERICHOST; - hints.ai_socktype = SOCK_STREAM; - /* we now do a lookup once again. This one should fail, - * because we should not have obtained a non-numeric address. If - * we got a numeric one, someone messed with DNS! - */ - if(getaddrinfo((char*)szHname, NULL, &hints, &res) == 0) { - freeaddrinfo (res); - /* OK, we know we have evil, so let's indicate this to our caller */ - snprintf((char*)szHname, NI_MAXHOST, "[MALICIOUS:IP=%s]", szIP); - dbgprintf("Malicious PTR record, IP = \"%s\" HOST = \"%s\"", szIP, szHname); - iRet = RS_RET_MALICIOUS_HNAME; - } - } else { - strcpy((char*)szHname, (char*)szIP); - } - } else { - strcpy((char*)szHname, (char*)szIP); - } + assert(ppThis != NULL); + ISOBJ_TYPE_assert((*ppThis), netstrm); - /* We now have the names, so now let's allocate memory and store them permanently. - * (side note: we may hold on to these values for quite a while, thus we trim their - * memory consumption) - */ - len = strlen((char*)szIP) + 1; /* +1 for \0 byte */ - if((pThis->pRemHostIP = malloc(len)) == NULL) - ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); - memcpy(pThis->pRemHostIP, szIP, len); - - len = strlen((char*)szHname) + 1; /* +1 for \0 byte */ - if((pThis->pRemHostName = malloc(len)) == NULL) { - free(pThis->pRemHostIP); /* prevent leak */ - pThis->pRemHostIP = NULL; - ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); - } - memcpy(pThis->pRemHostName, szHname, len); + /* we do NOT exit on error, because that would make things worse */ + (*ppThis)->Drvr.Abort((*ppThis)->pDrvrData); + iRet = netstrmDestruct(ppThis); -finalize_it: RETiRet; } +#if 0 +This is not yet working - wait until we arrive at the receiver side (distracts too much at the moment) -/* accept an incoming connection request, sock provides the socket on which we can +/* accept an incoming connection request, pNsdLstn provides the "listen socket" on which we can * accept the new session. * rgerhards, 2008-03-17 */ static rsRetVal -AcceptConnReq(netstrm_t **ppThis, int sock) +AcceptConnReq(netstrm_t **ppThis, nsd_t *pNsdLstn) { netstrm_t *pThis = NULL; - int sockflags; - struct sockaddr_storage addr; - socklen_t addrlen = sizeof(addr); - int iNewSock = -1; - + nsd_t *pNsd; DEFiRet; - assert(ppThis != NULL); - iNewSock = accept(sock, (struct sockaddr*) &addr, &addrlen); - if(iNewSock < 0) { - ABORT_FINALIZE(RS_RET_ACCEPT_ERR); - } + assert(ppThis != NULL); /* construct our object so that we can use it... */ CHKiRet(netstrmConstruct(&pThis)); @@ -272,6 +194,7 @@ finalize_it: RETiRet; } +#endif /* initialize the tcp socket for a listner @@ -284,144 +207,10 @@ finalize_it: static rsRetVal LstnInit(netstrm_t *pThis, uchar *pLstnPort) { - struct addrinfo hints, *res, *r; - int error, maxs, *s, on = 1; - int sockflags; - DEFiRet; ISOBJ_TYPE_assert(pThis, netstrm); assert(pLstnPort != NULL); - - dbgprintf("creating tcp listen socket on port %s\n", pLstnPort); - - memset(&hints, 0, sizeof(hints)); - hints.ai_flags = AI_PASSIVE; - hints.ai_family = glbl.GetDefPFFamily(); - hints.ai_socktype = SOCK_STREAM; - - error = getaddrinfo(NULL, (char*) pLstnPort, &hints, &res); - if(error) { - dbgprintf("error %d querying port '%s'\n", error, pLstnPort); - ABORT_FINALIZE(RS_RET_INVALID_PORT); - } - - /* Count max number of sockets we may open */ - for(maxs = 0, r = res; r != NULL ; r = r->ai_next, maxs++) - /* EMPTY */; - pThis->socks = malloc((maxs+1) * sizeof(int)); - if (pThis->socks == NULL) { - dbgprintf("couldn't allocate memory for TCP listen sockets, suspending RELP message reception."); - freeaddrinfo(res); - ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); - } - - *pThis->socks = 0; /* num of sockets counter at start of array */ - s = pThis->socks + 1; - for(r = res; r != NULL ; r = r->ai_next) { - *s = socket(r->ai_family, r->ai_socktype, r->ai_protocol); - if (*s < 0) { - if(!(r->ai_family == PF_INET6 && errno == EAFNOSUPPORT)) - dbgprintf("creating tcp listen socket"); - /* it is debatable if PF_INET with EAFNOSUPPORT should - * also be ignored... - */ - continue; - } - -#ifdef IPV6_V6ONLY - if (r->ai_family == AF_INET6) { - int iOn = 1; - if (setsockopt(*s, IPPROTO_IPV6, IPV6_V6ONLY, - (char *)&iOn, sizeof (iOn)) < 0) { - close(*s); - *s = -1; - continue; - } - } -#endif - if(setsockopt(*s, SOL_SOCKET, SO_REUSEADDR, (char *) &on, sizeof(on)) < 0 ) { - dbgprintf("error %d setting tcp socket option\n", errno); - close(*s); - *s = -1; - continue; - } - - /* We use non-blocking IO! */ - if((sockflags = fcntl(*s, F_GETFL)) != -1) { - sockflags |= O_NONBLOCK; - /* SETFL could fail too, so get it caught by the subsequent - * error check. - */ - sockflags = fcntl(*s, F_SETFL, sockflags); - } - if(sockflags == -1) { - dbgprintf("error %d setting fcntl(O_NONBLOCK) on tcp socket", errno); - close(*s); - *s = -1; - continue; - } - - - - /* We need to enable BSD compatibility. Otherwise an attacker - * could flood our log files by sending us tons of ICMP errors. - */ -#ifndef BSD - if(net.should_use_so_bsdcompat()) { - if (setsockopt(*s, SOL_SOCKET, SO_BSDCOMPAT, - (char *) &on, sizeof(on)) < 0) { - errmsg.LogError(NO_ERRCODE, "TCP setsockopt(BSDCOMPAT)"); - close(*s); - *s = -1; - continue; - } - } -#endif - - if( (bind(*s, r->ai_addr, r->ai_addrlen) < 0) -#ifndef IPV6_V6ONLY - && (errno != EADDRINUSE) -#endif - ) { - dbgprintf("error %d while binding tcp socket", errno); - close(*s); - *s = -1; - continue; - } - - if(listen(*s,pThis->iSessMax / 10 + 5) < 0) { - /* If the listen fails, it most probably fails because we ask - * for a too-large backlog. So in this case we first set back - * to a fixed, reasonable, limit that should work. Only if - * that fails, too, we give up. - */ - dbgprintf("listen with a backlog of %d failed - retrying with default of 32.", - pThis->iSessMax / 10 + 5); - if(listen(*s, 32) < 0) { - dbgprintf("tcp listen error %d, suspending\n", errno); - close(*s); - *s = -1; - continue; - } - } - - (*pThis->socks)++; - s++; - } - - if(res != NULL) - freeaddrinfo(res); - - if(*pThis->socks != maxs) - dbgprintf("We could initialize %d RELP TCP listen sockets out of %d we received " - "- this may or may not be an error indication.\n", *pThis->socks, maxs); - - if(*pThis->socks == 0) { - dbgprintf("No RELP TCP listen socket could successfully be initialized, " - "message reception via RELP disabled.\n"); - free(pThis->socks); - ABORT_FINALIZE(RS_RET_COULD_NOT_BIND); - } + CHKiRet(pThis->Drvr.LstnInit(pThis->pDrvrData, pLstnPort)); finalize_it: RETiRet; @@ -438,13 +227,11 @@ finalize_it: * rgerhards, 2008-03-17 */ static rsRetVal -Rcv(netstrm_t *pThis, uchar *pRcvBuf, ssize_t *pLenBuf) +Rcv(netstrm_t *pThis, uchar *pBuf, ssize_t *pLenBuf) { DEFiRet; ISOBJ_TYPE_assert(pThis, netstrm); - - *pLenBuf = recv(pThis->sock, pRcvBuf, *pLenBuf, MSG_DONTWAIT); - + iRet = pThis->Drvr.Rcv(pThis->pDrvrData, pBuf, pLenBuf); RETiRet; } @@ -458,27 +245,9 @@ Rcv(netstrm_t *pThis, uchar *pRcvBuf, ssize_t *pLenBuf) static rsRetVal Send(netstrm_t *pThis, uchar *pBuf, ssize_t *pLenBuf) { - ssize_t written; DEFiRet; ISOBJ_TYPE_assert(pThis, netstrm); - - written = send(pThis->sock, pBuf, *pLenBuf, 0); - - if(written == -1) { - switch(errno) { - case EAGAIN: - case EINTR: - /* this is fine, just retry... */ - written = 0; - break; - default: - ABORT_FINALIZE(RS_RET_IO_ERROR); - break; - } - } - - *pLenBuf = written; -finalize_it: + iRet = pThis->Drvr.Send(pThis->pDrvrData, pBuf, pLenBuf); RETiRet; } @@ -489,42 +258,11 @@ finalize_it: static rsRetVal Connect(netstrm_t *pThis, int family, uchar *port, uchar *host) { - struct addrinfo *res = NULL; - struct addrinfo hints; - DEFiRet; ISOBJ_TYPE_assert(pThis, netstrm); assert(port != NULL); assert(host != NULL); - assert(pThis->sock == -1); - - memset(&hints, 0, sizeof(hints)); - hints.ai_family = family; - hints.ai_socktype = SOCK_STREAM; - if(getaddrinfo((char*)host, (char*)port, &hints, &res) != 0) { - dbgprintf("error %d in getaddrinfo\n", errno); - ABORT_FINALIZE(RS_RET_IO_ERROR); - } - - if((pThis->sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol)) == -1) { - ABORT_FINALIZE(RS_RET_IO_ERROR); - } - - if(connect(pThis->sock, res->ai_addr, res->ai_addrlen) != 0) { - ABORT_FINALIZE(RS_RET_IO_ERROR); - } - -finalize_it: - if(res != NULL) - freeaddrinfo(res); - - if(iRet != RS_RET_OK) { - if(pThis->sock != -1) { - close(pThis->sock); - pThis->sock = -1; - } - } - + iRet = pThis->Drvr.Connect(pThis->pDrvrData, family, port, host); RETiRet; } @@ -547,7 +285,7 @@ CODESTARTobjQueryInterface(netstrm) pIf->Destruct = netstrmDestruct; pIf->AbortDestruct = AbortDestruct; pIf->LstnInit = LstnInit; - pIf->AcceptConnReq = AcceptConnReq; + // TODO: add later: pIf->AcceptConnReq = AcceptConnReq; pIf->Rcv = Rcv; pIf->Send = Send; pIf->Connect = Connect; diff --git a/runtime/netstrm.h b/runtime/netstrm.h index 7f267a36..75b7c457 100644 --- a/runtime/netstrm.h +++ b/runtime/netstrm.h @@ -24,21 +24,21 @@ #ifndef INCLUDED_NETSTRM_H #define INCLUDED_NETSTRM_H +#include "nsd.h" /* we need our driver interface to be defined */ + /* the netstrm object */ struct netstrm_s { BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */ - uchar *pRemHostIP; /**< IP address of remote peer (currently used in server mode, only) */ - uchar *pRemHostName; /**< host name of remote peer (currently used in server mode, only) */ - int sock; /**< the socket we use for regular, single-socket, operations */ - int *socks; /**< the socket(s) we use for listeners, element 0 has nbr of socks */ - int iSessMax; /**< maximum number of sessions permitted */ + nsd_if_t Drvr; /**< our stream driver */ + nsd_t *pDrvrData; /**< the driver's data elements */ + uchar *pDrvrName; /**< nsd driver name to use, or NULL if system default */ }; -/* interfaces */ +/* interface */ BEGINinterface(netstrm) /* name must also be changed in ENDinterface macro! */ rsRetVal (*Construct)(netstrm_t **ppThis); - rsRetVal (*ConstructFinalize)(netstrm_t __attribute__((unused)) *pThis); + rsRetVal (*ConstructFinalize)(netstrm_t *pThis); rsRetVal (*Destruct)(netstrm_t **ppThis); rsRetVal (*AbortDestruct)(netstrm_t **ppThis); rsRetVal (*LstnInit)(netstrm_t *pThis, unsigned char *pLstnPort); diff --git a/runtime/nsd.h b/runtime/nsd.h new file mode 100644 index 00000000..52c36dcf --- /dev/null +++ b/runtime/nsd.h @@ -0,0 +1,48 @@ +/* The interface definition for "NetStream Drivers" (nsd). + * + * This is just an abstract driver interface, which needs to be + * implemented by concrete classes. As such, no nsd data type itself + * is defined. + * + * Copyright 2008 Rainer Gerhards and Adiscon GmbH. + * + * This file is part of the rsyslog runtime library. + * + * The rsyslog runtime library is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * The rsyslog runtime library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the rsyslog runtime library. If not, see . + * + * A copy of the GPL can be found in the file "COPYING" in this distribution. + * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution. + */ + +#ifndef INCLUDED_NSD_H +#define INCLUDED_NSD_H + +/* nsd_t is actually obj_t (which is somewhat better than void* but in essence + * much the same). + */ + +/* interface */ +BEGINinterface(nsd) /* name must also be changed in ENDinterface macro! */ + rsRetVal (*Construct)(nsd_t **ppThis); + rsRetVal (*Destruct)(nsd_t **ppThis); + rsRetVal (*Abort)(nsd_t *pThis); + rsRetVal (*LstnInit)(nsd_t *pThis, unsigned char *pLstnPort); + rsRetVal (*AcceptConnReq)(nsd_t **ppThis, int sock); + rsRetVal (*Rcv)(nsd_t *pThis, uchar *pRcvBuf, ssize_t *pLenBuf); + rsRetVal (*Send)(nsd_t *pThis, uchar *pBuf, ssize_t *pLenBuf); + rsRetVal (*Connect)(nsd_t *pThis, int family, unsigned char *port, unsigned char *host); +ENDinterface(nsd) +#define nsdCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */ + +#endif /* #ifndef INCLUDED_NSD_H */ diff --git a/runtime/nsd_ptcp.c b/runtime/nsd_ptcp.c new file mode 100644 index 00000000..98de5802 --- /dev/null +++ b/runtime/nsd_ptcp.c @@ -0,0 +1,579 @@ +/* nsd_ptcp.c + * + * An implementation of the nsd interface for plain tcp sockets. + * + * Copyright 2007, 2008 Rainer Gerhards and Adiscon GmbH. + * + * This file is part of the rsyslog runtime library. + * + * The rsyslog runtime library is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * The rsyslog runtime library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the rsyslog runtime library. If not, see . + * + * A copy of the GPL can be found in the file "COPYING" in this distribution. + * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution. + */ +#include "config.h" + +#include "rsyslog.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "syslogd-types.h" +#include "module-template.h" +#include "parse.h" +#include "srUtils.h" +#include "obj.h" +#include "errmsg.h" +#include "net.h" +#include "nsd_ptcp.h" + +MODULE_TYPE_LIB + +/* static data */ +DEFobjStaticHelpers +DEFobjCurrIf(errmsg) +DEFobjCurrIf(glbl) +DEFobjCurrIf(net) + + +/* Standard-Constructor + */ +BEGINobjConstruct(nsd_ptcp) /* be sure to specify the object type also in END macro! */ + pThis->sock = -1; + pThis->iSessMax = 500; /* default max nbr of sessions -TODO:make configurable--rgerhards, 2008-04-17*/ +ENDobjConstruct(nsd_ptcp) + + +/* destructor for the nsd_ptcp object */ +BEGINobjDestruct(nsd_ptcp) /* be sure to specify the object type also in END and CODESTART macros! */ + int i; +CODESTARTobjDestruct(nsd_pctp) + if(pThis->sock != -1) { + close(pThis->sock); + pThis->sock = -1; + } + + if(pThis->socks != NULL) { + /* if we have some sockets at this stage, we need to close them */ + for(i = 1 ; i <= pThis->socks[0] ; ++i) + close(pThis->socks[i]); + free(pThis->socks); + } + + if(pThis->pRemHostIP != NULL) + free(pThis->pRemHostIP); + if(pThis->pRemHostName != NULL) + free(pThis->pRemHostName); +ENDobjDestruct(nsd_ptcp) + + +/* abort a connection. This is meant to be called immediately + * before the Destruct call. -- rgerhards, 2008-03-24 + */ +static rsRetVal +Abort(nsd_t *pNsd) +{ + struct linger ling; + nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd; + + DEFiRet; + ISOBJ_TYPE_assert((pThis), nsd_ptcp); + + if((pThis)->sock != -1) { + ling.l_onoff = 1; + ling.l_linger = 0; + if(setsockopt((pThis)->sock, SOL_SOCKET, SO_LINGER, &ling, sizeof(ling)) < 0 ) { + dbgprintf("could not set SO_LINGER, errno %d\n", errno); + } + } + + RETiRet; +} + + +/* Set pRemHost based on the address provided. This is to be called upon accept()ing + * a connection request. It must be provided by the socket we received the + * message on as well as a NI_MAXHOST size large character buffer for the FQDN. + * Please see http://www.hmug.org/man/3/getnameinfo.php (under Caveats) + * for some explanation of the code found below. If we detect a malicious + * hostname, we return RS_RET_MALICIOUS_HNAME and let the caller decide + * on how to deal with that. + * rgerhards, 2008-03-31 + */ +static rsRetVal +FillRemHost(nsd_ptcp_t *pThis, struct sockaddr *pAddr) +{ + int error; + uchar szIP[NI_MAXHOST] = ""; + uchar szHname[NI_MAXHOST] = ""; + struct addrinfo hints, *res; + size_t len; + + DEFiRet; + ISOBJ_TYPE_assert(pThis, nsd_ptcp); + assert(pAddr != NULL); + + error = getnameinfo(pAddr, SALEN(pAddr), (char*)szIP, sizeof(szIP), NULL, 0, NI_NUMERICHOST); + + if(error) { + dbgprintf("Malformed from address %s\n", gai_strerror(error)); + strcpy((char*)szHname, "???"); + strcpy((char*)szIP, "???"); + ABORT_FINALIZE(RS_RET_INVALID_HNAME); + } + + if(!glbl.GetDisableDNS()) { + error = getnameinfo(pAddr, SALEN(pAddr), (char*)szHname, NI_MAXHOST, NULL, 0, NI_NAMEREQD); + if(error == 0) { + memset (&hints, 0, sizeof (struct addrinfo)); + hints.ai_flags = AI_NUMERICHOST; + hints.ai_socktype = SOCK_STREAM; + /* we now do a lookup once again. This one should fail, + * because we should not have obtained a non-numeric address. If + * we got a numeric one, someone messed with DNS! + */ + if(getaddrinfo((char*)szHname, NULL, &hints, &res) == 0) { + freeaddrinfo (res); + /* OK, we know we have evil, so let's indicate this to our caller */ + snprintf((char*)szHname, NI_MAXHOST, "[MALICIOUS:IP=%s]", szIP); + dbgprintf("Malicious PTR record, IP = \"%s\" HOST = \"%s\"", szIP, szHname); + iRet = RS_RET_MALICIOUS_HNAME; + } + } else { + strcpy((char*)szHname, (char*)szIP); + } + } else { + strcpy((char*)szHname, (char*)szIP); + } + + /* We now have the names, so now let's allocate memory and store them permanently. + * (side note: we may hold on to these values for quite a while, thus we trim their + * memory consumption) + */ + len = strlen((char*)szIP) + 1; /* +1 for \0 byte */ + if((pThis->pRemHostIP = malloc(len)) == NULL) + ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); + memcpy(pThis->pRemHostIP, szIP, len); + + len = strlen((char*)szHname) + 1; /* +1 for \0 byte */ + if((pThis->pRemHostName = malloc(len)) == NULL) { + free(pThis->pRemHostIP); /* prevent leak */ + pThis->pRemHostIP = NULL; + ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); + } + memcpy(pThis->pRemHostName, szHname, len); + +finalize_it: + RETiRet; +} + + + +/* accept an incoming connection request, sock provides the socket on which we can + * accept the new session. + * rgerhards, 2008-03-17 + */ +static rsRetVal +AcceptConnReq(nsd_t **ppThis, int sock) +{ + int sockflags; + struct sockaddr_storage addr; + socklen_t addrlen = sizeof(addr); + nsd_ptcp_t *pThis = NULL; + int iNewSock = -1; + + DEFiRet; + assert(ppThis != NULL); + + iNewSock = accept(sock, (struct sockaddr*) &addr, &addrlen); + if(iNewSock < 0) { + ABORT_FINALIZE(RS_RET_ACCEPT_ERR); + } + + /* construct our object so that we can use it... */ + CHKiRet(nsd_ptcpConstruct(&pThis)); + + CHKiRet(FillRemHost(pThis, (struct sockaddr*) &addr)); + + /* set the new socket to non-blocking IO */ + if((sockflags = fcntl(iNewSock, F_GETFL)) != -1) { + sockflags |= O_NONBLOCK; + /* SETFL could fail too, so get it caught by the subsequent + * error check. + */ + sockflags = fcntl(iNewSock, F_SETFL, sockflags); + } + if(sockflags == -1) { + dbgprintf("error %d setting fcntl(O_NONBLOCK) on tcp socket %d", errno, iNewSock); + ABORT_FINALIZE(RS_RET_IO_ERROR); + } + + pThis->sock = iNewSock; + + *ppThis = (nsd_t*) pThis; + +finalize_it: + if(iRet != RS_RET_OK) { + if(pThis != NULL) + nsd_ptcpDestruct(&pThis); + /* the close may be redundant, but that doesn't hurt... */ + if(iNewSock >= 0) + close(iNewSock); + } + + RETiRet; +} + + +/* initialize the tcp socket for a listner + * pLstnPort must point to a port name or number. NULL is NOT permitted + * (hint: we need to be careful when we use this module together with librelp, + * there NULL indicates the default port + * default is used. + * gerhards, 2008-03-17 + */ +static rsRetVal +LstnInit(nsd_t *pNsd, uchar *pLstnPort) +{ + nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd; + struct addrinfo hints, *res, *r; + int error, maxs, *s, on = 1; + int sockflags; + + DEFiRet; + ISOBJ_TYPE_assert(pThis, nsd_ptcp); + assert(pLstnPort != NULL); + + dbgprintf("creating tcp listen socket on port %s\n", pLstnPort); + + memset(&hints, 0, sizeof(hints)); + hints.ai_flags = AI_PASSIVE; + hints.ai_family = glbl.GetDefPFFamily(); + hints.ai_socktype = SOCK_STREAM; + + error = getaddrinfo(NULL, (char*) pLstnPort, &hints, &res); + if(error) { + dbgprintf("error %d querying port '%s'\n", error, pLstnPort); + ABORT_FINALIZE(RS_RET_INVALID_PORT); + } + + /* Count max number of sockets we may open */ + for(maxs = 0, r = res; r != NULL ; r = r->ai_next, maxs++) + /* EMPTY */; + pThis->socks = malloc((maxs+1) * sizeof(int)); + if (pThis->socks == NULL) { + dbgprintf("couldn't allocate memory for TCP listen sockets, suspending RELP message reception."); + freeaddrinfo(res); + ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); + } + + *pThis->socks = 0; /* num of sockets counter at start of array */ + s = pThis->socks + 1; + for(r = res; r != NULL ; r = r->ai_next) { + *s = socket(r->ai_family, r->ai_socktype, r->ai_protocol); + if (*s < 0) { + if(!(r->ai_family == PF_INET6 && errno == EAFNOSUPPORT)) + dbgprintf("creating tcp listen socket"); + /* it is debatable if PF_INET with EAFNOSUPPORT should + * also be ignored... + */ + continue; + } + +#ifdef IPV6_V6ONLY + if (r->ai_family == AF_INET6) { + int iOn = 1; + if (setsockopt(*s, IPPROTO_IPV6, IPV6_V6ONLY, + (char *)&iOn, sizeof (iOn)) < 0) { + close(*s); + *s = -1; + continue; + } + } +#endif + if(setsockopt(*s, SOL_SOCKET, SO_REUSEADDR, (char *) &on, sizeof(on)) < 0 ) { + dbgprintf("error %d setting tcp socket option\n", errno); + close(*s); + *s = -1; + continue; + } + + /* We use non-blocking IO! */ + if((sockflags = fcntl(*s, F_GETFL)) != -1) { + sockflags |= O_NONBLOCK; + /* SETFL could fail too, so get it caught by the subsequent + * error check. + */ + sockflags = fcntl(*s, F_SETFL, sockflags); + } + if(sockflags == -1) { + dbgprintf("error %d setting fcntl(O_NONBLOCK) on tcp socket", errno); + close(*s); + *s = -1; + continue; + } + + + + /* We need to enable BSD compatibility. Otherwise an attacker + * could flood our log files by sending us tons of ICMP errors. + */ +#ifndef BSD + if(net.should_use_so_bsdcompat()) { + if (setsockopt(*s, SOL_SOCKET, SO_BSDCOMPAT, + (char *) &on, sizeof(on)) < 0) { + errmsg.LogError(NO_ERRCODE, "TCP setsockopt(BSDCOMPAT)"); + close(*s); + *s = -1; + continue; + } + } +#endif + + if( (bind(*s, r->ai_addr, r->ai_addrlen) < 0) +#ifndef IPV6_V6ONLY + && (errno != EADDRINUSE) +#endif + ) { + dbgprintf("error %d while binding tcp socket", errno); + close(*s); + *s = -1; + continue; + } + + if(listen(*s,pThis->iSessMax / 10 + 5) < 0) { + /* If the listen fails, it most probably fails because we ask + * for a too-large backlog. So in this case we first set back + * to a fixed, reasonable, limit that should work. Only if + * that fails, too, we give up. + */ + dbgprintf("listen with a backlog of %d failed - retrying with default of 32.", + pThis->iSessMax / 10 + 5); + if(listen(*s, 32) < 0) { + dbgprintf("tcp listen error %d, suspending\n", errno); + close(*s); + *s = -1; + continue; + } + } + + (*pThis->socks)++; + s++; + } + + if(res != NULL) + freeaddrinfo(res); + + if(*pThis->socks != maxs) + dbgprintf("We could initialize %d RELP TCP listen sockets out of %d we received " + "- this may or may not be an error indication.\n", *pThis->socks, maxs); + + if(*pThis->socks == 0) { + dbgprintf("No RELP TCP listen socket could successfully be initialized, " + "message reception via RELP disabled.\n"); + free(pThis->socks); + ABORT_FINALIZE(RS_RET_COULD_NOT_BIND); + } + +finalize_it: + RETiRet; +} + + +/* receive data from a tcp socket + * The lenBuf parameter must contain the max buffer size on entry and contains + * the number of octets read (or -1 in case of error) on exit. This function + * never blocks, not even when called on a blocking socket. That is important + * for client sockets, which are set to block during send, but should not + * block when trying to read data. If *pLenBuf is -1, an error occured and + * errno holds the exact error cause. + * rgerhards, 2008-03-17 + */ +static rsRetVal +Rcv(nsd_t *pNsd, uchar *pRcvBuf, ssize_t *pLenBuf) +{ + DEFiRet; + nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd; + ISOBJ_TYPE_assert(pThis, nsd_ptcp); + + *pLenBuf = recv(pThis->sock, pRcvBuf, *pLenBuf, MSG_DONTWAIT); + + RETiRet; +} + + +/* send a buffer. On entry, pLenBuf contains the number of octets to + * write. On exit, it contains the number of octets actually written. + * If this number is lower than on entry, only a partial buffer has + * been written. + * rgerhards, 2008-03-19 + */ +static rsRetVal +Send(nsd_t *pNsd, uchar *pBuf, ssize_t *pLenBuf) +{ + nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd; + ssize_t written; + DEFiRet; + ISOBJ_TYPE_assert(pThis, nsd_ptcp); + + written = send(pThis->sock, pBuf, *pLenBuf, 0); + + if(written == -1) { + switch(errno) { + case EAGAIN: + case EINTR: + /* this is fine, just retry... */ + written = 0; + break; + default: + ABORT_FINALIZE(RS_RET_IO_ERROR); + break; + } + } + + *pLenBuf = written; +finalize_it: + RETiRet; +} + + +/* open a connection to a remote host (server). + * rgerhards, 2008-03-19 + */ +static rsRetVal +Connect(nsd_t *pNsd, int family, uchar *port, uchar *host) +{ + nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd; + struct addrinfo *res = NULL; + struct addrinfo hints; + + DEFiRet; + ISOBJ_TYPE_assert(pThis, nsd_ptcp); + assert(port != NULL); + assert(host != NULL); + assert(pThis->sock == -1); + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = family; + hints.ai_socktype = SOCK_STREAM; + if(getaddrinfo((char*)host, (char*)port, &hints, &res) != 0) { + dbgprintf("error %d in getaddrinfo\n", errno); + ABORT_FINALIZE(RS_RET_IO_ERROR); + } + + if((pThis->sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol)) == -1) { + ABORT_FINALIZE(RS_RET_IO_ERROR); + } + + if(connect(pThis->sock, res->ai_addr, res->ai_addrlen) != 0) { + ABORT_FINALIZE(RS_RET_IO_ERROR); + } + +finalize_it: + if(res != NULL) + freeaddrinfo(res); + + if(iRet != RS_RET_OK) { + if(pThis->sock != -1) { + close(pThis->sock); + pThis->sock = -1; + } + } + + RETiRet; +} + + +/* queryInterface function */ +BEGINobjQueryInterface(nsd_ptcp) +CODESTARTobjQueryInterface(nsd_ptcp) + if(pIf->ifVersion != nsdCURR_IF_VERSION) {/* check for current version, increment on each change */ + ABORT_FINALIZE(RS_RET_INTERFACE_NOT_SUPPORTED); + } + + /* ok, we have the right interface, so let's fill it + * Please note that we may also do some backwards-compatibility + * work here (if we can support an older interface version - that, + * of course, also affects the "if" above). + */ + pIf->Construct = (rsRetVal(*)(nsd_t**)) nsd_ptcpConstruct; + pIf->Destruct = (rsRetVal(*)(nsd_t**)) nsd_ptcpDestruct; + pIf->Abort = Abort; + pIf->LstnInit = LstnInit; + pIf->AcceptConnReq = AcceptConnReq; + pIf->Rcv = Rcv; + pIf->Send = Send; + pIf->Connect = Connect; +finalize_it: +ENDobjQueryInterface(nsd_ptcp) + + +/* exit our class + */ +BEGINObjClassExit(nsd_ptcp, OBJ_IS_LOADABLE_MODULE) /* CHANGE class also in END MACRO! */ +CODESTARTObjClassExit(nsd_ptcp) + /* release objects we no longer need */ + objRelease(net, CORE_COMPONENT); + objRelease(glbl, CORE_COMPONENT); + objRelease(errmsg, CORE_COMPONENT); +ENDObjClassExit(nsd_ptcp) + + +/* Initialize the nsd_ptcp class. Must be called as the very first method + * before anything else is called inside this class. + * rgerhards, 2008-02-19 + */ +BEGINObjClassInit(nsd_ptcp, 1, OBJ_IS_LOADABLE_MODULE) /* class, version */ + /* request objects we use */ + CHKiRet(objUse(errmsg, CORE_COMPONENT)); + CHKiRet(objUse(glbl, CORE_COMPONENT)); + CHKiRet(objUse(net, CORE_COMPONENT)); + + /* set our own handlers */ +ENDObjClassInit(nsd_ptcp) + + +/* --------------- here now comes the plumbing that makes as a library module --------------- */ + + +BEGINmodExit +CODESTARTmodExit + nsd_ptcpClassExit(); +ENDmodExit + + +BEGINqueryEtryPt +CODESTARTqueryEtryPt +CODEqueryEtryPt_STD_LIB_QUERIES +ENDqueryEtryPt + + +BEGINmodInit() +CODESTARTmodInit + *ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */ + + /* Initialize all classes that are in our module - this includes ourselfs */ + CHKiRet(nsd_ptcpClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */ +ENDmodInit +/* vi:set ai: + */ diff --git a/runtime/nsd_ptcp.h b/runtime/nsd_ptcp.h new file mode 100644 index 00000000..d4848314 --- /dev/null +++ b/runtime/nsd_ptcp.h @@ -0,0 +1,48 @@ +/* An implementation of the nsd interface for plain tcp sockets. + * + * Copyright 2007, 2008 Rainer Gerhards and Adiscon GmbH. + * + * This file is part of the rsyslog runtime library. + * + * The rsyslog runtime library is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * The rsyslog runtime library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the rsyslog runtime library. If not, see . + * + * A copy of the GPL can be found in the file "COPYING" in this distribution. + * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution. + */ + +#ifndef INCLUDED_NSD_PTCP_H +#define INCLUDED_NSD_PTCP_H + +#include "nsd.h" +typedef nsd_if_t nsd_ptcp_if_t; /* we just *implement* this interface */ + +/* the nsd_ptcp object */ +struct nsd_ptcp_s { + BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */ + uchar *pRemHostIP; /**< IP address of remote peer (currently used in server mode, only) */ + uchar *pRemHostName; /**< host name of remote peer (currently used in server mode, only) */ + int sock; /**< the socket we use for regular, single-socket, operations */ + int *socks; /**< the socket(s) we use for listeners, element 0 has nbr of socks */ + int iSessMax; /**< maximum number of sessions permitted */ +}; + +/* interface is defined in nsd.h, we just implement it! */ + +/* prototypes */ +PROTOTYPEObj(nsd_ptcp); + +/* the name of our library binary */ +#define LM_NSD_PTCP_FILENAME "lmnsd_ptcp" + +#endif /* #ifndef INCLUDED_NSD_PTCP_H */ diff --git a/runtime/obj-types.h b/runtime/obj-types.h index e245b633..e3df7239 100644 --- a/runtime/obj-types.h +++ b/runtime/obj-types.h @@ -81,13 +81,13 @@ struct objInfo_s { }; -typedef struct obj { /* the dummy struct that each derived class can be casted to */ +struct obj_s { /* the dummy struct that each derived class can be casted to */ objInfo_t *pObjInfo; #ifndef NDEBUG /* this means if debug... */ unsigned int iObjCooCKiE; /* must always be 0xBADEFEE for a valid object */ #endif uchar *pszName; /* the name of *this* specific object instance */ -} obj_t; +}; /* macros which must be gloablly-visible (because they are used during definition of diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h index 7ed989c5..f7824006 100644 --- a/runtime/rsyslog.h +++ b/runtime/rsyslog.h @@ -61,9 +61,12 @@ /* define some base data types */ typedef unsigned char uchar;/* get rid of the unhandy "unsigned char" */ typedef struct thrdInfo thrdInfo_t; +typedef struct obj_s obj_t; typedef struct filed selector_t;/* TODO: this so far resides in syslogd.c, think about modularization */ typedef struct NetAddr netAddr_t; typedef struct netstrm_s netstrm_t; +typedef struct nsd_ptcp_s nsd_ptcp_t; +typedef obj_t nsd_t; typedef struct msg msg_t; typedef struct interface_s interface_t; typedef struct objInfo_s objInfo_t; diff --git a/tools/omfwd.c b/tools/omfwd.c index e7b5dcd7..3a2fe37f 100644 --- a/tools/omfwd.c +++ b/tools/omfwd.c @@ -253,6 +253,8 @@ static rsRetVal TCPSendInit(void *pvData) assert(pData != NULL); if(pData->pNetstrm == NULL) { CHKiRet(netstrm.Construct(&pData->pNetstrm)); + /* here we may set another netstream driver (e.g. to do TLS) */ + CHKiRet(netstrm.ConstructFinalize(pData->pNetstrm)); CHKiRet(netstrm.Connect(pData->pNetstrm, glbl.GetDefPFFamily(), (uchar*)pData->port, (uchar*)pData->f_hname)); } -- cgit From 22ad77a627fe813acd286b48aaf44945c0480f49 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Fri, 18 Apr 2008 12:20:02 +0200 Subject: fixed abort on rsyslogd termination --- runtime/nsd_ptcp.c | 2 +- runtime/obj-types.h | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/runtime/nsd_ptcp.c b/runtime/nsd_ptcp.c index 98de5802..6f7dd04d 100644 --- a/runtime/nsd_ptcp.c +++ b/runtime/nsd_ptcp.c @@ -67,7 +67,7 @@ ENDobjConstruct(nsd_ptcp) /* destructor for the nsd_ptcp object */ BEGINobjDestruct(nsd_ptcp) /* be sure to specify the object type also in END and CODESTART macros! */ int i; -CODESTARTobjDestruct(nsd_pctp) +CODESTARTobjDestruct(nsd_ptcp) if(pThis->sock != -1) { close(pThis->sock); pThis->sock = -1; diff --git a/runtime/obj-types.h b/runtime/obj-types.h index e3df7239..acdc757d 100644 --- a/runtime/obj-types.h +++ b/runtime/obj-types.h @@ -377,9 +377,6 @@ rsRetVal objName##ClassExit(void) \ */ #define CORE_COMPONENT NULL /* use this to indicate this is a core component */ #define DONT_LOAD_LIB NULL /* do not load a library to obtain object interface (currently same as CORE_COMPONENT) */ -/*#define objUse(objName, MYLIB, FILENAME) \ - obj.UseObj(__FILE__, (uchar*)#objName, MYLIB, (uchar*)FILENAME, (void*) &objName) -*/ #define objUse(objName, FILENAME) \ obj.UseObj(__FILE__, (uchar*)#objName, (uchar*)FILENAME, (void*) &objName) #define objRelease(objName, FILENAME) \ -- cgit From fd6c3bc36a5a32f873299f7ae2dfc184e6e3c658 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Fri, 18 Apr 2008 14:25:29 +0200 Subject: set stage for TLS client implementation --- configure.ac | 40 +++++++- runtime/Makefile.am | 16 +++- runtime/glbl.c | 4 +- runtime/nsd.h | 1 - runtime/nsd_gtls.c | 259 ++++++++++++++++++++++++++++++++++++++++++++++++++++ runtime/nsd_gtls.h | 47 ++++++++++ runtime/nsd_ptcp.h | 3 +- runtime/rsyslog.h | 3 + 8 files changed, 366 insertions(+), 7 deletions(-) create mode 100644 runtime/nsd_gtls.c create mode 100644 runtime/nsd_gtls.h diff --git a/configure.ac b/configure.ac index 2ae3401c..060a3854 100644 --- a/configure.ac +++ b/configure.ac @@ -462,6 +462,44 @@ AC_SUBST(snmp_cflags) AC_SUBST(snmp_libs) +# GNUtls support +AC_ARG_ENABLE(gnutls, + [AS_HELP_STRING([--enable-gnutls],[Enable GNU TLS support @<:@default=yes@:>@])], + [case "${enableval}" in + yes) enable_gnutls="yes" ;; + no) enable_gnutls="no" ;; + *) AC_MSG_ERROR(bad value ${enableval} for --enable-gnutls) ;; + esac], + [enable_gnutls=no] +) +if test "x$enable_gnutls" = "xyes"; then + AC_CHECK_HEADERS( + [gnutls/gnutls.h],, + [AC_MSG_FAILURE([GNUTls is missing])] + ) + AC_CHECK_PROG( + [HAVE_GNUTLS_CONFIG], + [libgnutls-config], + [yes],,, + ) + if test "x${HAVE_GNUTLS_CONFIG}" != "xyes"; then + AC_MSG_FAILURE([libgnutls-config not found in PATH]) + fi + AC_CHECK_LIB( + [gnutls], + [gnutls_check_version], + [tls_cflags=`libgnutls-config --cflags` + tls_libs=`libgnutls-config --libs` + ], + [AC_MSG_FAILURE([GNU TLS library is missing])], + [`libgnutls-config --libs`] + ) +fi +AM_CONDITIONAL(ENABLE_GNUTLS, test x$enable_gnutls = xyes) +AC_SUBST(tls_cflags) +AC_SUBST(tls_libs) + + # support for building the rsyslogd runtime AC_ARG_ENABLE(rsyslogrt, [AS_HELP_STRING([--enable-rsyslogrt],[Build rsyslogrt @<:@default=yes@:>@])], @@ -525,7 +563,6 @@ AC_SUBST(RELP_CFLAGS) AC_SUBST(RELP_LIBS) # RFC 3195 support -# WARNING: THIS IS NOT REALLY PRESENT YET - needs to be build manually! AC_ARG_ENABLE(rfc3195, [AS_HELP_STRING([--enable-rfc3195],[Enable RFC3195 support @<:@default=no@:>@])], [case "${enableval}" in @@ -624,6 +661,7 @@ echo "file input module enabled: $enable_imfile" echo "input template module will be compiled: $enable_imtemplate" echo "Large file support enabled: $enable_largefile" echo "Networking support enabled: $enable_inet" +echo "GnuTLS network stream driver enabled: $enable_gnutls" echo "Enable GSSAPI Kerberos 5 support: $want_gssapi_krb5" echo "Debug mode enabled: $enable_debug" echo "Runtime Instrumentation enabled: $enable_rtinst" diff --git a/runtime/Makefile.am b/runtime/Makefile.am index 077310c6..23e62deb 100644 --- a/runtime/Makefile.am +++ b/runtime/Makefile.am @@ -96,12 +96,22 @@ lmnetstrm_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags) lmnetstrm_la_LDFLAGS = -module -avoid-version lmnetstrm_la_LIBADD = -# netstream drivers - -# plain tcp driver +# plain tcp netstream driver pkglib_LTLIBRARIES += lmnsd_ptcp.la lmnsd_ptcp_la_SOURCES = nsd_ptcp.c nsd_ptcp.h lmnsd_ptcp_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags) lmnsd_ptcp_la_LDFLAGS = -module -avoid-version lmnsd_ptcp_la_LIBADD = endif # if ENABLE_INET + +# +# GnuTLS netstream driver +# +if ENABLE_GNUTLS +pkglib_LTLIBRARIES += lmnsd_gtls.la +lmnsd_gtls_la_SOURCES = nsd_gtls.c nsd_gtls.h +lmnsd_gtls_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags) +lmnsd_gtls_la_LDFLAGS = -module -avoid-version +lmnsd_gtls_la_LIBADD = +endif + diff --git a/runtime/glbl.c b/runtime/glbl.c index 1e51b0e0..787b6ab7 100644 --- a/runtime/glbl.c +++ b/runtime/glbl.c @@ -40,7 +40,9 @@ /* some defaults */ #ifndef DFLT_NETSTRM_DRVR -# define DFLT_NETSTRM_DRVR ((uchar*)"lmnsd_ptcp") +// TESTING ONLY# define DFLT_NETSTRM_DRVR ((uchar*)"lmnsd_ptcp") +#warning "define must be restored for non-testing!" +# define DFLT_NETSTRM_DRVR ((uchar*)"lmnsd_gtls") #endif /* static data */ diff --git a/runtime/nsd.h b/runtime/nsd.h index 52c36dcf..c8bc95d0 100644 --- a/runtime/nsd.h +++ b/runtime/nsd.h @@ -24,7 +24,6 @@ * A copy of the GPL can be found in the file "COPYING" in this distribution. * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution. */ - #ifndef INCLUDED_NSD_H #define INCLUDED_NSD_H diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c new file mode 100644 index 00000000..6fe0cd8a --- /dev/null +++ b/runtime/nsd_gtls.c @@ -0,0 +1,259 @@ +/* nsd_gtls.c + * + * An implementation of the nsd interface for GnuTLS. + * + * Copyright 2007, 2008 Rainer Gerhards and Adiscon GmbH. + * + * This file is part of the rsyslog runtime library. + * + * The rsyslog runtime library is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * The rsyslog runtime library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the rsyslog runtime library. If not, see . + * + * A copy of the GPL can be found in the file "COPYING" in this distribution. + * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution. + */ +#include "config.h" + +#include "rsyslog.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "rsyslog.h" +#include "syslogd-types.h" +#include "module-template.h" +#include "parse.h" +#include "srUtils.h" +#include "obj.h" +#include "errmsg.h" +#include "nsd_ptcp.h" +#include "nsd_gtls.h" + +MODULE_TYPE_LIB + +/* static data */ +DEFobjStaticHelpers +DEFobjCurrIf(errmsg) +DEFobjCurrIf(glbl) +DEFobjCurrIf(nsd_ptcp) + + +/* Standard-Constructor */ +BEGINobjConstruct(nsd_gtls) /* be sure to specify the object type also in END macro! */ + iRet = nsd_ptcp.Construct(&pThis->pTcp); +ENDobjConstruct(nsd_gtls) + + +/* destructor for the nsd_gtls object */ +BEGINobjDestruct(nsd_gtls) /* be sure to specify the object type also in END and CODESTART macros! */ +CODESTARTobjDestruct(nsd_gtls) + if(pThis->pTcp != NULL) + nsd_ptcp.Destruct(&pThis->pTcp); +ENDobjDestruct(nsd_gtls) + + +/* abort a connection. This is meant to be called immediately + * before the Destruct call. -- rgerhards, 2008-03-24 + */ +static rsRetVal +Abort(nsd_t *pNsd) +{ + nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd; + DEFiRet; + + ISOBJ_TYPE_assert((pThis), nsd_gtls); + + if(pThis->iMode == 0) { + nsd_ptcp.Abort(pThis->pTcp); + } + + RETiRet; +} + + + +/* initialize the tcp socket for a listner + * pLstnPort must point to a port name or number. NULL is NOT permitted + * (hint: we need to be careful when we use this module together with librelp, + * there NULL indicates the default port + * default is used. + * gerhards, 2008-03-17 + */ +static rsRetVal +LstnInit(nsd_t *pNsd, uchar *pLstnPort) +{ + nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd; + DEFiRet; + + ISOBJ_TYPE_assert(pThis, nsd_gtls); + assert(pLstnPort != NULL); + + if(pThis->iMode == 0) { + CHKiRet(nsd_ptcp.LstnInit(pThis->pTcp, pLstnPort)); + } + +finalize_it: + RETiRet; +} + + +/* receive data from a tcp socket + * The lenBuf parameter must contain the max buffer size on entry and contains + * the number of octets read (or -1 in case of error) on exit. This function + * never blocks, not even when called on a blocking socket. That is important + * for client sockets, which are set to block during send, but should not + * block when trying to read data. If *pLenBuf is -1, an error occured and + * errno holds the exact error cause. + * rgerhards, 2008-03-17 + */ +static rsRetVal +Rcv(nsd_t *pNsd, uchar *pBuf, ssize_t *pLenBuf) +{ + DEFiRet; + nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd; + ISOBJ_TYPE_assert(pThis, nsd_gtls); + + if(pThis->iMode == 0) { + CHKiRet(nsd_ptcp.Rcv(pThis->pTcp, pBuf, pLenBuf)); + } + +finalize_it: + RETiRet; +} + + +/* send a buffer. On entry, pLenBuf contains the number of octets to + * write. On exit, it contains the number of octets actually written. + * If this number is lower than on entry, only a partial buffer has + * been written. + * rgerhards, 2008-03-19 + */ +static rsRetVal +Send(nsd_t *pNsd, uchar *pBuf, ssize_t *pLenBuf) +{ + nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd; + DEFiRet; + ISOBJ_TYPE_assert(pThis, nsd_gtls); + + if(pThis->iMode == 0) { + CHKiRet(nsd_ptcp.Send(pThis->pTcp, pBuf, pLenBuf)); + } +finalize_it: + RETiRet; +} + + +/* open a connection to a remote host (server). + * rgerhards, 2008-03-19 + */ +static rsRetVal +Connect(nsd_t *pNsd, int family, uchar *port, uchar *host) +{ + nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd; + DEFiRet; + + ISOBJ_TYPE_assert(pThis, nsd_gtls); + assert(port != NULL); + assert(host != NULL); + if(pThis->iMode == 0) { + CHKiRet(nsd_ptcp.Connect(pThis->pTcp, family, port, host)); + } + + +finalize_it: + RETiRet; +} + + +/* queryInterface function */ +BEGINobjQueryInterface(nsd_gtls) +CODESTARTobjQueryInterface(nsd_gtls) + if(pIf->ifVersion != nsdCURR_IF_VERSION) {/* check for current version, increment on each change */ + ABORT_FINALIZE(RS_RET_INTERFACE_NOT_SUPPORTED); + } + + /* ok, we have the right interface, so let's fill it + * Please note that we may also do some backwards-compatibility + * work here (if we can support an older interface version - that, + * of course, also affects the "if" above). + */ + pIf->Construct = (rsRetVal(*)(nsd_t**)) nsd_gtlsConstruct; + pIf->Destruct = (rsRetVal(*)(nsd_t**)) nsd_gtlsDestruct; + pIf->Abort = Abort; + pIf->LstnInit = LstnInit; + //pIf->AcceptConnReq = AcceptConnReq; + pIf->Rcv = Rcv; + pIf->Send = Send; + pIf->Connect = Connect; +finalize_it: +ENDobjQueryInterface(nsd_gtls) + + +/* exit our class + */ +BEGINObjClassExit(nsd_gtls, OBJ_IS_LOADABLE_MODULE) /* CHANGE class also in END MACRO! */ +CODESTARTObjClassExit(nsd_gtls) + /* release objects we no longer need */ + objRelease(nsd_ptcp, LM_NSD_PTCP_FILENAME); + objRelease(glbl, CORE_COMPONENT); + objRelease(errmsg, CORE_COMPONENT); +ENDObjClassExit(nsd_gtls) + + +/* Initialize the nsd_gtls class. Must be called as the very first method + * before anything else is called inside this class. + * rgerhards, 2008-02-19 + */ +BEGINObjClassInit(nsd_gtls, 1, OBJ_IS_LOADABLE_MODULE) /* class, version */ + /* request objects we use */ + CHKiRet(objUse(errmsg, CORE_COMPONENT)); + CHKiRet(objUse(glbl, CORE_COMPONENT)); + CHKiRet(objUse(nsd_ptcp, LM_NSD_PTCP_FILENAME)); + + /* set our own handlers */ +ENDObjClassInit(nsd_gtls) + + +/* --------------- here now comes the plumbing that makes as a library module --------------- */ + + +BEGINmodExit +CODESTARTmodExit + nsd_gtlsClassExit(); +ENDmodExit + + +BEGINqueryEtryPt +CODESTARTqueryEtryPt +CODEqueryEtryPt_STD_LIB_QUERIES +ENDqueryEtryPt + + +BEGINmodInit() +CODESTARTmodInit + *ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */ + + /* Initialize all classes that are in our module - this includes ourselfs */ + CHKiRet(nsd_gtlsClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */ +ENDmodInit +/* vi:set ai: + */ diff --git a/runtime/nsd_gtls.h b/runtime/nsd_gtls.h new file mode 100644 index 00000000..ddd561de --- /dev/null +++ b/runtime/nsd_gtls.h @@ -0,0 +1,47 @@ +/* An implementation of the nsd interface for GnuTLS. + * + * Copyright 2008 Rainer Gerhards and Adiscon GmbH. + * + * This file is part of the rsyslog runtime library. + * + * The rsyslog runtime library is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * The rsyslog runtime library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the rsyslog runtime library. If not, see . + * + * A copy of the GPL can be found in the file "COPYING" in this distribution. + * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution. + */ + +#ifndef INCLUDED_NSD_GTLS_H +#define INCLUDED_NSD_GTLS_H + +#include "nsd.h" + +typedef nsd_if_t nsd_gtls_if_t; /* we just *implement* this interface */ + +/* the nsd_gtls object */ +struct nsd_gtls_s { + BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */ + nsd_t *pTcp; /**< our aggregated nsd_ptcp data */ + int iMode; /* 0 - plain tcp, 1 - TLS */ +}; + +/* interface is defined in nsd.h, we just implement it! */ +#define nsd_gtlsCURR_IF_VERSION nsdCURR_IF_VERSION + +/* prototypes */ +PROTOTYPEObj(nsd_gtls); + +/* the name of our library binary */ +#define LM_NSD_GTLS_FILENAME "lmnsd_gtls" + +#endif /* #ifndef INCLUDED_NSD_GTLS_H */ diff --git a/runtime/nsd_ptcp.h b/runtime/nsd_ptcp.h index d4848314..36725799 100644 --- a/runtime/nsd_ptcp.h +++ b/runtime/nsd_ptcp.h @@ -29,7 +29,7 @@ typedef nsd_if_t nsd_ptcp_if_t; /* we just *implement* this interface */ /* the nsd_ptcp object */ struct nsd_ptcp_s { - BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */ + BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */ uchar *pRemHostIP; /**< IP address of remote peer (currently used in server mode, only) */ uchar *pRemHostName; /**< host name of remote peer (currently used in server mode, only) */ int sock; /**< the socket we use for regular, single-socket, operations */ @@ -38,6 +38,7 @@ struct nsd_ptcp_s { }; /* interface is defined in nsd.h, we just implement it! */ +#define nsd_ptcpCURR_IF_VERSION nsdCURR_IF_VERSION /* prototypes */ PROTOTYPEObj(nsd_ptcp); diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h index f7824006..ad2a543a 100644 --- a/runtime/rsyslog.h +++ b/runtime/rsyslog.h @@ -66,6 +66,9 @@ typedef struct filed selector_t;/* TODO: this so far resides in syslogd.c, think typedef struct NetAddr netAddr_t; typedef struct netstrm_s netstrm_t; typedef struct nsd_ptcp_s nsd_ptcp_t; +typedef struct nsd_gtls_s nsd_gtls_t; +typedef struct nsd_gsspi_s nsd_gsspi_t; +typedef struct nsd_nss_s nsd_nss_t; typedef obj_t nsd_t; typedef struct msg msg_t; typedef struct interface_s interface_t; -- cgit From 2069ab114e2aac9c243aff72042912cac7ef6126 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Fri, 18 Apr 2008 18:29:02 +0200 Subject: first working TLS-enabled plain TCP sender implemented a first working version of a TLS-enabled plain TCP sender (but, of course, the implementation is insecure as it is) --- ca.pem | 14 +++++++ configure.ac | 8 ++-- runtime/Makefile.am | 4 +- runtime/netstrm.c | 35 ++++++++++------ runtime/nsd.h | 5 +++ runtime/nsd_gtls.c | 117 +++++++++++++++++++++++++++++++++++++++++++++++++--- runtime/nsd_gtls.h | 2 + runtime/nsd_ptcp.c | 21 ++++++++++ runtime/rsyslog.h | 1 + 9 files changed, 184 insertions(+), 23 deletions(-) create mode 100644 ca.pem diff --git a/ca.pem b/ca.pem new file mode 100644 index 00000000..747250ca --- /dev/null +++ b/ca.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICPDCCAaegAwIBAgIBADALBgkqhkiG9w0BAQUwRTELMAkGA1UEBhMCR1IxDDAK +BgNVBAoTA0ZTRjEPMA0GA1UECxMGR05VVExTMRcwFQYDVQQDEw5HTlVUTFMgVEVT +VCBDQTAeFw0wNDA2MjgyMjQ0MDBaFw0wNzAzMjQyMjQ0MDBaMEUxCzAJBgNVBAYT +AkdSMQwwCgYDVQQKEwNGU0YxDzANBgNVBAsTBkdOVVRMUzEXMBUGA1UEAxMOR05V +VExTIFRFU1QgQ0EwgZwwCwYJKoZIhvcNAQEBA4GMADCBiAKBgMK0cY9Tap5F7DXX +tu7HpHlZtu+zqfofyLJSIBpUdbiwFIGzB486stbog0mpiy32mGIG5hNlpcRMJMVm +MmZ1RueqQWR+vdDroBoV199zAZQVww1NmmHi/Wtxa6x9SsXdya+SnoC8KI/V3EKx +gYG0hYAuYWNA9JnntTU0xCwWOBaPAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8w +DwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUeesbb6Nm5nnh0eK129onBkUpCkgw +CwYJKoZIhvcNAQEFA4GBAGCCzUSCVZOXffm/KFxbyT2Lrltyzqlr0Oknp55eNAIk +fy+m/viSOmoTCaK9Gmtk3eMAxIeZ8U7TDKrbrxx/NSsggbypqa3EMMwr2JH9kzAZ +eluQ0vEVqfvRq5jzjuORYYhl7VgqpU0/ctvI3b+9tCZAOCcUX0HPvNweAzYjnkDi +-----END CERTIFICATE----- diff --git a/configure.ac b/configure.ac index 060a3854..d436cec8 100644 --- a/configure.ac +++ b/configure.ac @@ -488,16 +488,16 @@ if test "x$enable_gnutls" = "xyes"; then AC_CHECK_LIB( [gnutls], [gnutls_check_version], - [tls_cflags=`libgnutls-config --cflags` - tls_libs=`libgnutls-config --libs` + [gnutls_cflags=`libgnutls-config --cflags` + gnutls_libs=`libgnutls-config --libs` ], [AC_MSG_FAILURE([GNU TLS library is missing])], [`libgnutls-config --libs`] ) fi AM_CONDITIONAL(ENABLE_GNUTLS, test x$enable_gnutls = xyes) -AC_SUBST(tls_cflags) -AC_SUBST(tls_libs) +AC_SUBST(gnutls_cflags) +AC_SUBST(gnutls_libs) # support for building the rsyslogd runtime diff --git a/runtime/Makefile.am b/runtime/Makefile.am index 23e62deb..1d07e79c 100644 --- a/runtime/Makefile.am +++ b/runtime/Makefile.am @@ -110,8 +110,8 @@ endif # if ENABLE_INET if ENABLE_GNUTLS pkglib_LTLIBRARIES += lmnsd_gtls.la lmnsd_gtls_la_SOURCES = nsd_gtls.c nsd_gtls.h -lmnsd_gtls_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags) +lmnsd_gtls_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags) $(gnutls_cflags) lmnsd_gtls_la_LDFLAGS = -module -avoid-version -lmnsd_gtls_la_LIBADD = +lmnsd_gtls_la_LIBADD = $(gnutls_libs) endif diff --git a/runtime/netstrm.c b/runtime/netstrm.c index 274a92d7..a304ada4 100644 --- a/runtime/netstrm.c +++ b/runtime/netstrm.c @@ -84,18 +84,22 @@ loadDrvr(netstrm_t *pThis) uchar *pDrvrName; DEFiRet; - pDrvrName = pThis->pDrvrName; - if(pDrvrName == NULL) /* if no drvr name is set, use system default */ - pDrvrName = glbl.GetDfltNetstrmDrvr(); - - pThis->Drvr.ifVersion = nsdCURR_IF_VERSION; - /* The pDrvrName+2 below is a hack to obtain the object name. It - * safes us to have yet another variable with the name without "lm" in - * front of it. If we change the module load interface, we may re-think - * about this hack, but for the time being it is efficient and clean - * enough. -- rgerhards, 2008-04-18 - */ - CHKiRet(obj.UseObj(__FILE__, pDrvrName+2, pDrvrName, (void*) &pThis->Drvr)); + if(pThis->Drvr.ifIsLoaded == 0) { + pDrvrName = pThis->pDrvrName; + if(pDrvrName == NULL) { /* if no drvr name is set, use system default */ + pDrvrName = glbl.GetDfltNetstrmDrvr(); + pThis->pDrvrName = (uchar*)strdup((char*)pDrvrName); // TODO: use set method once it exists + } + + pThis->Drvr.ifVersion = nsdCURR_IF_VERSION; + /* The pDrvrName+2 below is a hack to obtain the object name. It + * safes us to have yet another variable with the name without "lm" in + * front of it. If we change the module load interface, we may re-think + * about this hack, but for the time being it is efficient and clean + * enough. -- rgerhards, 2008-04-18 + */ + CHKiRet(obj.UseObj(__FILE__, pDrvrName+2, pDrvrName, (void*) &pThis->Drvr)); + } finalize_it: RETiRet; } @@ -111,6 +115,13 @@ BEGINobjDestruct(netstrm) /* be sure to specify the object type also in END and CODESTARTobjDestruct(netstrm) if(pThis->pDrvrData != NULL) iRet = pThis->Drvr.Destruct(&pThis->pDrvrData); + + /* driver can only be released after all data has been destructed */ + if(pThis->Drvr.ifIsLoaded == 1) { + obj.ReleaseObj(__FILE__, pThis->pDrvrName+2, pThis->pDrvrName, (void*) &pThis->Drvr); + } + if(pThis->pDrvrName != NULL) + free(pThis->pDrvrName); ENDobjDestruct(netstrm) diff --git a/runtime/nsd.h b/runtime/nsd.h index c8bc95d0..203a65d6 100644 --- a/runtime/nsd.h +++ b/runtime/nsd.h @@ -41,6 +41,11 @@ BEGINinterface(nsd) /* name must also be changed in ENDinterface macro! */ rsRetVal (*Rcv)(nsd_t *pThis, uchar *pRcvBuf, ssize_t *pLenBuf); rsRetVal (*Send)(nsd_t *pThis, uchar *pBuf, ssize_t *pLenBuf); rsRetVal (*Connect)(nsd_t *pThis, int family, unsigned char *port, unsigned char *host); + rsRetVal (*GetSock)(nsd_t *pThis, int *pSock); + /* GetSock() returns an error if the driver does not use plain + * OS sockets. This interface is primarily meant as an internal aid for + * those drivers that utilize the nsd_ptcp to do some of their work. + */ ENDinterface(nsd) #define nsdCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */ diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c index 6fe0cd8a..d1b44fc5 100644 --- a/runtime/nsd_gtls.c +++ b/runtime/nsd_gtls.c @@ -37,6 +37,7 @@ #include #include #include +#include #include "rsyslog.h" #include "syslogd-types.h" @@ -57,15 +58,72 @@ DEFobjCurrIf(glbl) DEFobjCurrIf(nsd_ptcp) +/* a macro to check GnuTLS calls against unexpected errors */ +#define CHKgnutls(x) \ + if((gnuRet = (x)) != 0) { \ + dbgprintf("unexpected GnuTLS error %d in %s:%d\n", gnuRet, __FILE__, __LINE__); \ + gnutls_perror(gnuRet); /* TODO: can we do better? */ \ + ABORT_FINALIZE(RS_RET_GNUTLS_ERR); \ + } + +#define CAFILE "ca.pem" // TODO: allow to specify + +/* ------------------------------ GnuTLS specifics ------------------------------ */ +static gnutls_certificate_credentials xcred; + +/* globally initialize GnuTLS */ +static rsRetVal +gtlsGlblInit(void) +{ + int gnuRet; + DEFiRet; + + CHKgnutls(gnutls_global_init()); + + /* X509 stuff */ + CHKgnutls(gnutls_certificate_allocate_credentials(&xcred)); + + /* sets the trusted cas file */ + gnutls_certificate_set_x509_trust_file(xcred, CAFILE, GNUTLS_X509_FMT_PEM); + +finalize_it: + RETiRet; +} + + +/* globally de-initialize GnuTLS */ +static rsRetVal +gtlsGlblExit(void) +{ + DEFiRet; + /* X509 stuff */ + gnutls_certificate_free_credentials(xcred); + gnutls_global_deinit(); /* we are done... */ + RETiRet; +} + + +/* ---------------------------- end GnuTLS specifics ---------------------------- */ + + /* Standard-Constructor */ BEGINobjConstruct(nsd_gtls) /* be sure to specify the object type also in END macro! */ iRet = nsd_ptcp.Construct(&pThis->pTcp); + pThis->iMode = 1; /* TODO: must be made configurable */ ENDobjConstruct(nsd_gtls) /* destructor for the nsd_gtls object */ BEGINobjDestruct(nsd_gtls) /* be sure to specify the object type also in END and CODESTART macros! */ CODESTARTobjDestruct(nsd_gtls) + if(pThis->iMode == 1) { + if(pThis->bHaveSess) { + // TODO: Check for EAGAIN et al + gnutls_bye(pThis->sess, GNUTLS_SHUT_RDWR); + gnutls_deinit(pThis->sess); + } + } + if(pThis->pTcp != NULL) nsd_ptcp.Destruct(&pThis->pTcp); ENDobjDestruct(nsd_gtls) @@ -150,36 +208,82 @@ finalize_it: static rsRetVal Send(nsd_t *pNsd, uchar *pBuf, ssize_t *pLenBuf) { + int iSent; nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd; DEFiRet; ISOBJ_TYPE_assert(pThis, nsd_gtls); if(pThis->iMode == 0) { CHKiRet(nsd_ptcp.Send(pThis->pTcp, pBuf, pLenBuf)); + FINALIZE; + } + + /* in TLS mode now */ + while(1) { /* loop broken inside */ + iSent = gnutls_record_send(pThis->sess, pBuf, *pLenBuf); +RUNLOG_VAR("%d", iSent); + if(iSent >= 0) { + *pLenBuf = iSent; + break; + } + if(iSent != GNUTLS_E_INTERRUPTED && iSent != GNUTLS_E_AGAIN) + ABORT_FINALIZE(RS_RET_GNUTLS_ERR); } + finalize_it: RETiRet; } -/* open a connection to a remote host (server). +/* open a connection to a remote host (server). With GnuTLS, we always + * open a plain tcp socket and then, if in TLS mode, do a handshake on it. * rgerhards, 2008-03-19 */ static rsRetVal Connect(nsd_t *pNsd, int family, uchar *port, uchar *host) { nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd; + int sock; + int gnuRet; +static const int cert_type_priority[3] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 }; DEFiRet; ISOBJ_TYPE_assert(pThis, nsd_gtls); assert(port != NULL); assert(host != NULL); - if(pThis->iMode == 0) { - CHKiRet(nsd_ptcp.Connect(pThis->pTcp, family, port, host)); - } + CHKiRet(nsd_ptcp.Connect(pThis->pTcp, family, port, host)); + + if(pThis->iMode == 0) + FINALIZE; + + /* we reach this point if in TLS mode */ + CHKgnutls(gnutls_init(&pThis->sess, GNUTLS_CLIENT)); + pThis->bHaveSess = 1; + + /* Use default priorities */ + CHKgnutls(gnutls_set_default_priority(pThis->sess)); + CHKgnutls(gnutls_certificate_type_set_priority(pThis->sess, cert_type_priority)); + + /* put the x509 credentials to the current session */ + CHKgnutls(gnutls_credentials_set(pThis->sess, GNUTLS_CRD_CERTIFICATE, xcred)); + + /* assign the socket to GnuTls */ + CHKiRet(nsd_ptcp.GetSock(pThis->pTcp, &sock)); + gnutls_transport_set_ptr(pThis->sess, (gnutls_transport_ptr)sock); + + /* and perform the handshake */ + CHKgnutls(gnutls_handshake(pThis->sess)); + dbgprintf("GnuTLS handshake succeeded\n"); finalize_it: + if(iRet != RS_RET_OK) { + if(pThis->bHaveSess) { + gnutls_deinit(pThis->sess); + pThis->bHaveSess = 0; + } + } + RETiRet; } @@ -212,6 +316,8 @@ ENDobjQueryInterface(nsd_gtls) */ BEGINObjClassExit(nsd_gtls, OBJ_IS_LOADABLE_MODULE) /* CHANGE class also in END MACRO! */ CODESTARTObjClassExit(nsd_gtls) + gtlsGlblExit(); /* shut down GnuTLS */ + /* release objects we no longer need */ objRelease(nsd_ptcp, LM_NSD_PTCP_FILENAME); objRelease(glbl, CORE_COMPONENT); @@ -229,7 +335,8 @@ BEGINObjClassInit(nsd_gtls, 1, OBJ_IS_LOADABLE_MODULE) /* class, version */ CHKiRet(objUse(glbl, CORE_COMPONENT)); CHKiRet(objUse(nsd_ptcp, LM_NSD_PTCP_FILENAME)); - /* set our own handlers */ + /* now do global TLS init stuff */ + CHKiRet(gtlsGlblInit()); ENDObjClassInit(nsd_gtls) diff --git a/runtime/nsd_gtls.h b/runtime/nsd_gtls.h index ddd561de..c193f57c 100644 --- a/runtime/nsd_gtls.h +++ b/runtime/nsd_gtls.h @@ -33,6 +33,8 @@ struct nsd_gtls_s { BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */ nsd_t *pTcp; /**< our aggregated nsd_ptcp data */ int iMode; /* 0 - plain tcp, 1 - TLS */ + gnutls_session sess; + int bHaveSess; }; /* interface is defined in nsd.h, we just implement it! */ diff --git a/runtime/nsd_ptcp.c b/runtime/nsd_ptcp.c index 6f7dd04d..c9df8f8c 100644 --- a/runtime/nsd_ptcp.c +++ b/runtime/nsd_ptcp.c @@ -87,6 +87,26 @@ CODESTARTobjDestruct(nsd_ptcp) ENDobjDestruct(nsd_ptcp) +/* Provide access to the underlying OS socket. This is primarily + * useful for other drivers (like nsd_gtls) who utilize ourselfs + * for some of their functionality. -- rgerhards, 2008-04-18 + * TODO: what about the server socket structure? + */ +static rsRetVal +GetSock(nsd_t *pNsd, int *pSock) +{ + nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd; + DEFiRet; + + ISOBJ_TYPE_assert((pThis), nsd_ptcp); + assert(pSock != NULL); + + *pSock = pThis->sock; + + RETiRet; +} + + /* abort a connection. This is meant to be called immediately * before the Destruct call. -- rgerhards, 2008-03-24 */ @@ -519,6 +539,7 @@ CODESTARTobjQueryInterface(nsd_ptcp) pIf->Construct = (rsRetVal(*)(nsd_t**)) nsd_ptcpConstruct; pIf->Destruct = (rsRetVal(*)(nsd_t**)) nsd_ptcpDestruct; pIf->Abort = Abort; + pIf->GetSock = GetSock; pIf->LstnInit = LstnInit; pIf->AcceptConnReq = AcceptConnReq; pIf->Rcv = Rcv; diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h index 61ddd3d9..8da59089 100644 --- a/runtime/rsyslog.h +++ b/runtime/rsyslog.h @@ -209,6 +209,7 @@ enum rsRetVal_ /** return value. All methods return this if not specified oth RS_RET_INVALID_HNAME = -2075, /**< remote peer's hostname invalid or unobtainable */ RS_RET_INVALID_PORT = -2076, /**< invalid port value */ RS_RET_COULD_NOT_BIND = -2077, /**< could not bind socket, defunct */ + RS_RET_GNUTLS_ERR = -2078, /**< (unexpected) error in GnuTLS call */ /* RainerScript error messages (range 1000.. 1999) */ RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */ -- cgit From d3b135ba9fd390caa7a0a942dae4faf979c4ece1 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Fri, 18 Apr 2008 18:52:51 +0200 Subject: improved TLS session closure --- runtime/nsd_gtls.c | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c index d1b44fc5..648b843e 100644 --- a/runtime/nsd_gtls.c +++ b/runtime/nsd_gtls.c @@ -103,6 +103,27 @@ gtlsGlblExit(void) } +/* end a GnuTLS session + * The function checks if we have a session and ends it only if so. So it can + * always be called, even if there currently is no session. + */ +static rsRetVal +gtlsEndSess(nsd_gtls_t *pThis) +{ + int gnuRet; + DEFiRet; + + if(pThis->bHaveSess) { + gnuRet = gnutls_bye(pThis->sess, GNUTLS_SHUT_RDWR); + while(gnuRet == GNUTLS_E_INTERRUPTED || gnuRet == GNUTLS_E_AGAIN) { + gnuRet = gnutls_bye(pThis->sess, GNUTLS_SHUT_RDWR); + } + gnutls_deinit(pThis->sess); + } + RETiRet; +} + + /* ---------------------------- end GnuTLS specifics ---------------------------- */ @@ -117,11 +138,7 @@ ENDobjConstruct(nsd_gtls) BEGINobjDestruct(nsd_gtls) /* be sure to specify the object type also in END and CODESTART macros! */ CODESTARTobjDestruct(nsd_gtls) if(pThis->iMode == 1) { - if(pThis->bHaveSess) { - // TODO: Check for EAGAIN et al - gnutls_bye(pThis->sess, GNUTLS_SHUT_RDWR); - gnutls_deinit(pThis->sess); - } + gtlsEndSess(pThis); } if(pThis->pTcp != NULL) -- cgit From 2be459c4d7645ad12f83723be7bb26199fe98b82 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Wed, 23 Apr 2008 09:59:01 +0200 Subject: objects for receive-side socket abstraction specified The objects for receiver-side socket abstraction have now be specified. The project as whole does not yet compile and definitely not run, but I'd like to commit some milestones along this way. --- runtime/Makefile.am | 17 +++- runtime/netstrm.c | 82 ++++++++---------- runtime/netstrm.h | 34 +++++++- runtime/nsd.h | 20 ++++- runtime/nsd_ptcp.c | 187 +++++++++++++++++++-------------------- runtime/nsd_ptcp.h | 2 - runtime/nsdsel_ptcp.c | 216 ++++++++++++++++++++++++++++++++++++++++++++++ runtime/nsdsel_ptcp.h | 46 ++++++++++ runtime/nssel.c | 222 +++++++++++++++++++++++++++++++++++++++++++++++ runtime/nssel.h | 55 ++++++++++++ runtime/rsyslog.h | 5 ++ tcps_sess.c | 2 +- tcps_sess.h | 2 +- tcpsrv.c | 235 ++++++++------------------------------------------ tcpsrv.h | 13 +-- 15 files changed, 785 insertions(+), 353 deletions(-) create mode 100644 runtime/nsdsel_ptcp.c create mode 100644 runtime/nsdsel_ptcp.h create mode 100644 runtime/nssel.c create mode 100644 runtime/nssel.h diff --git a/runtime/Makefile.am b/runtime/Makefile.am index 077310c6..61ede1d7 100644 --- a/runtime/Makefile.am +++ b/runtime/Makefile.am @@ -81,7 +81,7 @@ lmregexp_la_LIBADD = endif if ENABLE_INET -pkglib_LTLIBRARIES += lmnet.la lmnetstrm.la +pkglib_LTLIBRARIES += lmnet.la lmnetstrm.la lmnssel.la # # network support # @@ -96,12 +96,25 @@ lmnetstrm_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags) lmnetstrm_la_LDFLAGS = -module -avoid-version lmnetstrm_la_LIBADD = +# network stream select support (a helper class) +lmnssel_la_SOURCES = nssel.c nssel.h +lmnssel_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags) +lmnssel_la_LDFLAGS = -module -avoid-version +lmnssel_la_LIBADD = + # netstream drivers -# plain tcp driver +# plain tcp driver - main driver pkglib_LTLIBRARIES += lmnsd_ptcp.la lmnsd_ptcp_la_SOURCES = nsd_ptcp.c nsd_ptcp.h lmnsd_ptcp_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags) lmnsd_ptcp_la_LDFLAGS = -module -avoid-version lmnsd_ptcp_la_LIBADD = + +# select interface for ptcp driver +pkglib_LTLIBRARIES += lmnsdsel_ptcp.la +lmnsdsel_ptcp_la_SOURCES = nsdsel_ptcp.c nsdsel_ptcp.h +lmnsdsel_ptcp_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags) +lmnsdsel_ptcp_la_LDFLAGS = -module -avoid-version +lmnsdsel_ptcp_la_LIBADD = endif # if ENABLE_INET diff --git a/runtime/netstrm.c b/runtime/netstrm.c index 274a92d7..bdd2636c 100644 --- a/runtime/netstrm.c +++ b/runtime/netstrm.c @@ -144,73 +144,65 @@ AbortDestruct(netstrm_t **ppThis) } -#if 0 -This is not yet working - wait until we arrive at the receiver side (distracts too much at the moment) - -/* accept an incoming connection request, pNsdLstn provides the "listen socket" on which we can - * accept the new session. - * rgerhards, 2008-03-17 +/* accept an incoming connection request + * The netstrm instance that had the incoming request must be provided. If + * the connection request succeeds, a new netstrm object is created and + * passed back to the caller. The caller is responsible for destructing it. + * pReq is the nsd_t obj that has the accept request. + * rgerhards, 2008-04-21 */ static rsRetVal -AcceptConnReq(netstrm_t **ppThis, nsd_t *pNsdLstn) +AcceptConnReq(netstrm_t *pThis, nsd_t *pReqNsd, netstrm_t **ppNew) { - netstrm_t *pThis = NULL; - nsd_t *pNsd; + netstrm_t *pNew = NULL; + nsd_t *pNewNsd = NULL; DEFiRet; - assert(ppThis != NULL); + ISOBJ_TYPE_assert(pThis, netstrm); + assert(pReqNsd != NULL); + assert(ppNew != NULL); + + /* accept the new connection */ + CHKiRet(pThis->Drvr.AcceptConnReq(pReqNsd, &pNewNsd)); /* construct our object so that we can use it... */ - CHKiRet(netstrmConstruct(&pThis)); - - /* TODO: obtain hostname, normalize (callback?), save it */ - CHKiRet(FillRemHost(pThis, (struct sockaddr*) &addr)); - - /* set the new socket to non-blocking IO */ - if((sockflags = fcntl(iNewSock, F_GETFL)) != -1) { - sockflags |= O_NONBLOCK; - /* SETFL could fail too, so get it caught by the subsequent - * error check. - */ - sockflags = fcntl(iNewSock, F_SETFL, sockflags); - } - if(sockflags == -1) { - dbgprintf("error %d setting fcntl(O_NONBLOCK) on tcp socket %d", errno, iNewSock); - ABORT_FINALIZE(RS_RET_IO_ERROR); - } + CHKiRet(netstrmConstruct(&pNew)); - pThis->sock = iNewSock; + pNew->pDrvrData = pNewNsd; + if(pThis->pDrvrName == NULL) { + pNew->pDrvrName = NULL; + } else { + CHKmalloc(pNew->pDrvrName = (uchar*) strdup((char*)pThis->pDrvrName)); + } + CHKiRet(loadDrvr(pNew)); - *ppThis = pThis; + *ppNew = pNew; finalize_it: if(iRet != RS_RET_OK) { - if(pThis != NULL) - netstrmDestruct(&pThis); + if(pNew != NULL) + netstrmDestruct(&pNew); /* the close may be redundant, but that doesn't hurt... */ - if(iNewSock >= 0) - close(iNewSock); + if(pNewNsd != NULL) + pThis->Drvr.Destruct(&pNewNsd); } - RETiRet; } -#endif -/* initialize the tcp socket for a listner - * pLstnPort must point to a port name or number. NULL is NOT permitted - * (hint: we need to be careful when we use this module together with librelp, - * there NULL indicates the default port - * default is used. - * gerhards, 2008-03-17 +/* make the netstrm listen to specified port and IP. + * pLstnIP points to the port to listen to (NULL means "all"), + * iMaxSess has the maximum number of sessions permitted (this ist just a hint). + * pLstnPort must point to a port name or number. NULL is NOT permitted. + * rgerhards, 2008-04-22 */ static rsRetVal -LstnInit(netstrm_t *pThis, uchar *pLstnPort) +LstnInit(netstrm_t *pThis, uchar *pLstnPort, uchar *pLstnIP, int iSessMax) { DEFiRet; ISOBJ_TYPE_assert(pThis, netstrm); assert(pLstnPort != NULL); - CHKiRet(pThis->Drvr.LstnInit(pThis->pDrvrData, pLstnPort)); + CHKiRet(pThis->Drvr.LstnInit(&pThis->parrLstn, &pThis->isizeLstnArr, pLstnPort, pLstnIP, iSessMax)); finalize_it: RETiRet; @@ -284,11 +276,11 @@ CODESTARTobjQueryInterface(netstrm) pIf->ConstructFinalize = netstrmConstructFinalize; pIf->Destruct = netstrmDestruct; pIf->AbortDestruct = AbortDestruct; - pIf->LstnInit = LstnInit; - // TODO: add later: pIf->AcceptConnReq = AcceptConnReq; pIf->Rcv = Rcv; pIf->Send = Send; pIf->Connect = Connect; + pIf->LstnInit = LstnInit; + pIf->AcceptConnReq = AcceptConnReq; finalize_it: ENDobjQueryInterface(netstrm) diff --git a/runtime/netstrm.h b/runtime/netstrm.h index 75b7c457..a3719f93 100644 --- a/runtime/netstrm.h +++ b/runtime/netstrm.h @@ -29,11 +29,34 @@ /* the netstrm object */ struct netstrm_s { BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */ - nsd_if_t Drvr; /**< our stream driver */ nsd_t *pDrvrData; /**< the driver's data elements */ uchar *pDrvrName; /**< nsd driver name to use, or NULL if system default */ + nsd_if_t Drvr; /**< our stream driver */ + /* for listeners, we need to have the capablity to listen on multiple "sockets". This + * is needed to support IPv6. We do this by specifying an array of nsd_t objects to + * handle this case. + */ + int isizeLstnArr; + nsd_t **parrLstn; }; +/* a helper object enabling us to wait on a set of streams to become + * ready for IO - this is modelled after select(). We need this, because + * stream drivers may have different concepts. Consequently, + * the structure must contain nsd_t's from the same stream driver type + * only. This is implemented as a singly-linked list where every + * new element is added at the top of the list. -- rgerhards, 2008-04-22 + */ +typedef struct netstrm_iowaiter_s netstrm_iowaiter_t; +struct netstrm_iowaiter_s { + netstrm_iowaiter_t *pNext; + nsd_t *pNsd; + enum { + NETSTRM_IOWAIT_RD = 1, + NETSTRM_IOWAIT_WR = 2, + NETSTRM_IOWAIT_RDWR = 3 + } waitOp; /**< the operation we wait for */ +}; /* interface */ BEGINinterface(netstrm) /* name must also be changed in ENDinterface macro! */ @@ -41,11 +64,16 @@ BEGINinterface(netstrm) /* name must also be changed in ENDinterface macro! */ rsRetVal (*ConstructFinalize)(netstrm_t *pThis); rsRetVal (*Destruct)(netstrm_t **ppThis); rsRetVal (*AbortDestruct)(netstrm_t **ppThis); - rsRetVal (*LstnInit)(netstrm_t *pThis, unsigned char *pLstnPort); - rsRetVal (*AcceptConnReq)(netstrm_t **ppThis, int sock); + rsRetVal (*LstnInit)(netstrm_t *pThis, uchar *pLstnPort, uchar *pLstnIP, int iSessMax); + rsRetVal (*AcceptConnReq)(netstrm_t *pThis, nsd_t *pReqNsd, netstrm_t **ppNew); rsRetVal (*Rcv)(netstrm_t *pThis, uchar *pRcvBuf, ssize_t *pLenBuf); rsRetVal (*Send)(netstrm_t *pThis, uchar *pBuf, ssize_t *pLenBuf); rsRetVal (*Connect)(netstrm_t *pThis, int family, unsigned char *port, unsigned char *host); + rsRetVal (*SelectInit)(nsdsel_t **ppSel, netstrm_t *pThis); + rsRetVal (*SelectAdd)(nsdsel_t *pSel, netstrm_t *pThis); + rsRetVal (*SelectWait)(nsdsel_t *pSel, int *piNumReady); + rsRetVal (*SelectIsReady)(nsdsel_t *pSel, int *piNumReady); + rsRetVal (*SelectExit)(nsdsel_t **ppSel); ENDinterface(netstrm) #define netstrmCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */ diff --git a/runtime/nsd.h b/runtime/nsd.h index 52c36dcf..2fb883ac 100644 --- a/runtime/nsd.h +++ b/runtime/nsd.h @@ -28,6 +28,12 @@ #ifndef INCLUDED_NSD_H #define INCLUDED_NSD_H +enum nsdsel_waitOp_e { + NSDSEL_RD = 1, + NSDSEL_WR = 2, + NSDSEL_RDWR = 3 +}; /**< the operation we wait for */ + /* nsd_t is actually obj_t (which is somewhat better than void* but in essence * much the same). */ @@ -37,12 +43,22 @@ BEGINinterface(nsd) /* name must also be changed in ENDinterface macro! */ rsRetVal (*Construct)(nsd_t **ppThis); rsRetVal (*Destruct)(nsd_t **ppThis); rsRetVal (*Abort)(nsd_t *pThis); - rsRetVal (*LstnInit)(nsd_t *pThis, unsigned char *pLstnPort); - rsRetVal (*AcceptConnReq)(nsd_t **ppThis, int sock); rsRetVal (*Rcv)(nsd_t *pThis, uchar *pRcvBuf, ssize_t *pLenBuf); rsRetVal (*Send)(nsd_t *pThis, uchar *pBuf, ssize_t *pLenBuf); rsRetVal (*Connect)(nsd_t *pThis, int family, unsigned char *port, unsigned char *host); + rsRetVal (*LstnInit)(nsd_t ***parrLstn, int *pLstnArrSize, uchar *pLstnPort, uchar *pLstnIP, int iSessMax); + rsRetVal (*AcceptConnReq)(nsd_t *pThis, nsd_t **ppThis); ENDinterface(nsd) #define nsdCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */ +/* interface for the select call */ +BEGINinterface(nsdsel) /* name must also be changed in ENDinterface macro! */ + rsRetVal (*Construct)(nsdsel_t **ppThis); + rsRetVal (*Destruct)(nsdsel_t **ppThis); + rsRetVal (*Add)(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp); + rsRetVal (*Select)(nsdsel_t *pNsdsel, int *piNumReady); + rsRetVal (*IsReady)(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp); +ENDinterface(nsdsel) +#define nsdselCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */ + #endif /* #ifndef INCLUDED_NSD_H */ diff --git a/runtime/nsd_ptcp.c b/runtime/nsd_ptcp.c index 6f7dd04d..c737c168 100644 --- a/runtime/nsd_ptcp.c +++ b/runtime/nsd_ptcp.c @@ -56,30 +56,29 @@ DEFobjCurrIf(glbl) DEFobjCurrIf(net) +/* a few deinit helpers */ + +/* close socket if open (may always be called) */ +static void +sockClose(int *pSock) +{ + if(*pSock >= 0) { + close(*pSock); + *pSock = -1; + } +} + /* Standard-Constructor */ BEGINobjConstruct(nsd_ptcp) /* be sure to specify the object type also in END macro! */ pThis->sock = -1; - pThis->iSessMax = 500; /* default max nbr of sessions -TODO:make configurable--rgerhards, 2008-04-17*/ ENDobjConstruct(nsd_ptcp) /* destructor for the nsd_ptcp object */ BEGINobjDestruct(nsd_ptcp) /* be sure to specify the object type also in END and CODESTART macros! */ - int i; CODESTARTobjDestruct(nsd_ptcp) - if(pThis->sock != -1) { - close(pThis->sock); - pThis->sock = -1; - } - - if(pThis->socks != NULL) { - /* if we have some sockets at this stage, we need to close them */ - for(i = 1 ; i <= pThis->socks[0] ; ++i) - close(pThis->socks[i]); - free(pThis->socks); - } - + sockClose(&pThis->sock); if(pThis->pRemHostIP != NULL) free(pThis->pRemHostIP); if(pThis->pRemHostName != NULL) @@ -189,33 +188,34 @@ finalize_it: -/* accept an incoming connection request, sock provides the socket on which we can - * accept the new session. - * rgerhards, 2008-03-17 +/* accept an incoming connection request + * rgerhards, 2008-04-22 */ static rsRetVal -AcceptConnReq(nsd_t **ppThis, int sock) +AcceptConnReq(nsd_t *pNsd, nsd_t **ppNew) { int sockflags; + nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd; struct sockaddr_storage addr; socklen_t addrlen = sizeof(addr); - nsd_ptcp_t *pThis = NULL; + nsd_ptcp_t *pNew = NULL; int iNewSock = -1; DEFiRet; - assert(ppThis != NULL); + assert(ppNew != NULL); + ISOBJ_TYPE_assert(pThis, nsd_ptcp_t); - iNewSock = accept(sock, (struct sockaddr*) &addr, &addrlen); + iNewSock = accept(pThis->sock, (struct sockaddr*) &addr, &addrlen); if(iNewSock < 0) { ABORT_FINALIZE(RS_RET_ACCEPT_ERR); } /* construct our object so that we can use it... */ - CHKiRet(nsd_ptcpConstruct(&pThis)); + CHKiRet(nsd_ptcpConstruct(&pNew)); - CHKiRet(FillRemHost(pThis, (struct sockaddr*) &addr)); + CHKiRet(FillRemHost(pNew, (struct sockaddr*) &addr)); - /* set the new socket to non-blocking IO */ + /* set the new socket to non-blocking IO -TODO:do we really need to do this here? Do we always want it? */ if((sockflags = fcntl(iNewSock, F_GETFL)) != -1) { sockflags |= O_NONBLOCK; /* SETFL could fail too, so get it caught by the subsequent @@ -228,41 +228,41 @@ AcceptConnReq(nsd_t **ppThis, int sock) ABORT_FINALIZE(RS_RET_IO_ERROR); } - pThis->sock = iNewSock; - - *ppThis = (nsd_t*) pThis; + pNew->sock = iNewSock; + *ppNew = (nsd_t*) pNew; finalize_it: if(iRet != RS_RET_OK) { - if(pThis != NULL) - nsd_ptcpDestruct(&pThis); + if(pNew != NULL) + nsd_ptcpDestruct(&pNew); /* the close may be redundant, but that doesn't hurt... */ - if(iNewSock >= 0) - close(iNewSock); + sockClose(&iNewSock); } RETiRet; } -/* initialize the tcp socket for a listner - * pLstnPort must point to a port name or number. NULL is NOT permitted - * (hint: we need to be careful when we use this module together with librelp, - * there NULL indicates the default port - * default is used. - * gerhards, 2008-03-17 +/* initialize tcp sockets for a listner. This function returns an array of nds_t + * objects. The size of this array is returend in pLstnArrSize. + * pLstnPort must point to a port name or number. NULL is NOT permitted. pLstnIP + * points to the port to listen to (NULL means "all"), iMaxSess has the maximum + * number of sessions permitted. + * rgerhards, 2008-04-22 */ static rsRetVal -LstnInit(nsd_t *pNsd, uchar *pLstnPort) +LstnInit(nsd_t ***parrLstnNsd, int *pLstnArrSize, uchar *pLstnPort, uchar *pLstnIP, int iSessMax) { - nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd; - struct addrinfo hints, *res, *r; - int error, maxs, *s, on = 1; + DEFiRet; + struct addrinfo hints, *res = NULL, *r; + nsd_ptcp_t **arrLstn = NULL; + int error, maxs, on = 1; + int sock; int sockflags; - DEFiRet; - ISOBJ_TYPE_assert(pThis, nsd_ptcp); + assert(parrLstnNsd != NULL); assert(pLstnPort != NULL); + assert(iSessMax >= 0); dbgprintf("creating tcp listen socket on port %s\n", pLstnPort); @@ -271,7 +271,7 @@ LstnInit(nsd_t *pNsd, uchar *pLstnPort) hints.ai_family = glbl.GetDefPFFamily(); hints.ai_socktype = SOCK_STREAM; - error = getaddrinfo(NULL, (char*) pLstnPort, &hints, &res); + error = getaddrinfo((char*)pLstnIP, (char*) pLstnPort, &hints, &res); if(error) { dbgprintf("error %d querying port '%s'\n", error, pLstnPort); ABORT_FINALIZE(RS_RET_INVALID_PORT); @@ -280,20 +280,14 @@ LstnInit(nsd_t *pNsd, uchar *pLstnPort) /* Count max number of sockets we may open */ for(maxs = 0, r = res; r != NULL ; r = r->ai_next, maxs++) /* EMPTY */; - pThis->socks = malloc((maxs+1) * sizeof(int)); - if (pThis->socks == NULL) { - dbgprintf("couldn't allocate memory for TCP listen sockets, suspending RELP message reception."); - freeaddrinfo(res); - ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); - } + CHKmalloc(arrLstn = (nsd_ptcp_t**) malloc((maxs+1) * sizeof(nsd_ptcp_t*))); - *pThis->socks = 0; /* num of sockets counter at start of array */ - s = pThis->socks + 1; + *pLstnArrSize = 0; /* num of sockets counter at start of array */ for(r = res; r != NULL ; r = r->ai_next) { - *s = socket(r->ai_family, r->ai_socktype, r->ai_protocol); - if (*s < 0) { + sock = socket(r->ai_family, r->ai_socktype, r->ai_protocol); + if(sock < 0) { if(!(r->ai_family == PF_INET6 && errno == EAFNOSUPPORT)) - dbgprintf("creating tcp listen socket"); + dbgprintf("error %d creating tcp listen socket", errno); /* it is debatable if PF_INET with EAFNOSUPPORT should * also be ignored... */ @@ -301,35 +295,32 @@ LstnInit(nsd_t *pNsd, uchar *pLstnPort) } #ifdef IPV6_V6ONLY - if (r->ai_family == AF_INET6) { + if(r->ai_family == AF_INET6) { int iOn = 1; - if (setsockopt(*s, IPPROTO_IPV6, IPV6_V6ONLY, + if(setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, (char *)&iOn, sizeof (iOn)) < 0) { - close(*s); - *s = -1; - continue; + close(sock); + continue; } } #endif - if(setsockopt(*s, SOL_SOCKET, SO_REUSEADDR, (char *) &on, sizeof(on)) < 0 ) { + if(setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *) &on, sizeof(on)) < 0 ) { dbgprintf("error %d setting tcp socket option\n", errno); - close(*s); - *s = -1; + close(sock); continue; } /* We use non-blocking IO! */ - if((sockflags = fcntl(*s, F_GETFL)) != -1) { + if((sockflags = fcntl(sock, F_GETFL)) != -1) { sockflags |= O_NONBLOCK; /* SETFL could fail too, so get it caught by the subsequent * error check. */ - sockflags = fcntl(*s, F_SETFL, sockflags); + sockflags = fcntl(sock, F_SETFL, sockflags); } if(sockflags == -1) { dbgprintf("error %d setting fcntl(O_NONBLOCK) on tcp socket", errno); - close(*s); - *s = -1; + close(sock); continue; } @@ -340,62 +331,75 @@ LstnInit(nsd_t *pNsd, uchar *pLstnPort) */ #ifndef BSD if(net.should_use_so_bsdcompat()) { - if (setsockopt(*s, SOL_SOCKET, SO_BSDCOMPAT, + if (setsockopt(sock, SOL_SOCKET, SO_BSDCOMPAT, (char *) &on, sizeof(on)) < 0) { errmsg.LogError(NO_ERRCODE, "TCP setsockopt(BSDCOMPAT)"); - close(*s); - *s = -1; + close(sock); continue; } } #endif - if( (bind(*s, r->ai_addr, r->ai_addrlen) < 0) + if( (bind(sock, r->ai_addr, r->ai_addrlen) < 0) #ifndef IPV6_V6ONLY && (errno != EADDRINUSE) #endif ) { + /* TODO: check if *we* bound the socket - else we *have* an error! */ dbgprintf("error %d while binding tcp socket", errno); - close(*s); - *s = -1; + close(sock); continue; } - if(listen(*s,pThis->iSessMax / 10 + 5) < 0) { + if(listen(sock, iSessMax / 10 + 5) < 0) { /* If the listen fails, it most probably fails because we ask * for a too-large backlog. So in this case we first set back * to a fixed, reasonable, limit that should work. Only if * that fails, too, we give up. */ dbgprintf("listen with a backlog of %d failed - retrying with default of 32.", - pThis->iSessMax / 10 + 5); - if(listen(*s, 32) < 0) { + iSessMax / 10 + 5); + if(listen(sock, 32) < 0) { dbgprintf("tcp listen error %d, suspending\n", errno); - close(*s); - *s = -1; + close(sock); continue; } } - (*pThis->socks)++; - s++; + /* if we reach this point, we were able to obtain a valid socket, which we + * now can save to the array of listen sockets. -- rgerhards, 2008-04-22 + */ + CHKiRet(nsd_ptcpConstruct(arrLstn+*pLstnArrSize)); + arrLstn[*pLstnArrSize]->sock = sock; + ++(*pLstnArrSize); } if(res != NULL) freeaddrinfo(res); - if(*pThis->socks != maxs) - dbgprintf("We could initialize %d RELP TCP listen sockets out of %d we received " - "- this may or may not be an error indication.\n", *pThis->socks, maxs); + if(*pLstnArrSize != maxs) + dbgprintf("We could initialize %d TCP listen sockets out of %d we received " + "- this may or may not be an error indication.\n", *pLstnArrSize, maxs); - if(*pThis->socks == 0) { - dbgprintf("No RELP TCP listen socket could successfully be initialized, " - "message reception via RELP disabled.\n"); - free(pThis->socks); + if(*pLstnArrSize == 0) { + dbgprintf("No TCP listen sockets could successfully be initialized, " + "message reception disabled.\n"); ABORT_FINALIZE(RS_RET_COULD_NOT_BIND); } + *parrLstnNsd = (nsd_t**) arrLstn; + arrLstn = NULL; /* prevent from being freed in error handler */ + finalize_it: + if(iRet != RS_RET_OK) { + if(res != NULL) + freeaddrinfo(res); + if(arrLstn != NULL) { + for(maxs = 0 ; maxs < *pLstnArrSize ; ++maxs) + nsd_ptcpDestruct(arrLstn+*pLstnArrSize); + } + } + RETiRet; } @@ -494,10 +498,7 @@ finalize_it: freeaddrinfo(res); if(iRet != RS_RET_OK) { - if(pThis->sock != -1) { - close(pThis->sock); - pThis->sock = -1; - } + sockClose(&pThis->sock); } RETiRet; @@ -519,10 +520,10 @@ CODESTARTobjQueryInterface(nsd_ptcp) pIf->Construct = (rsRetVal(*)(nsd_t**)) nsd_ptcpConstruct; pIf->Destruct = (rsRetVal(*)(nsd_t**)) nsd_ptcpDestruct; pIf->Abort = Abort; - pIf->LstnInit = LstnInit; - pIf->AcceptConnReq = AcceptConnReq; pIf->Rcv = Rcv; pIf->Send = Send; + pIf->LstnInit = LstnInit; + pIf->AcceptConnReq = AcceptConnReq; pIf->Connect = Connect; finalize_it: ENDobjQueryInterface(nsd_ptcp) diff --git a/runtime/nsd_ptcp.h b/runtime/nsd_ptcp.h index d4848314..ac11d528 100644 --- a/runtime/nsd_ptcp.h +++ b/runtime/nsd_ptcp.h @@ -33,8 +33,6 @@ struct nsd_ptcp_s { uchar *pRemHostIP; /**< IP address of remote peer (currently used in server mode, only) */ uchar *pRemHostName; /**< host name of remote peer (currently used in server mode, only) */ int sock; /**< the socket we use for regular, single-socket, operations */ - int *socks; /**< the socket(s) we use for listeners, element 0 has nbr of socks */ - int iSessMax; /**< maximum number of sessions permitted */ }; /* interface is defined in nsd.h, we just implement it! */ diff --git a/runtime/nsdsel_ptcp.c b/runtime/nsdsel_ptcp.c new file mode 100644 index 00000000..67f3c62a --- /dev/null +++ b/runtime/nsdsel_ptcp.c @@ -0,0 +1,216 @@ +/* nsdsel_ptcp.c + * + * An implementation of the nsd select() interface for plain tcp sockets. + * + * Copyright 2008 Rainer Gerhards and Adiscon GmbH. + * + * This file is part of the rsyslog runtime library. + * + * The rsyslog runtime library is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * The rsyslog runtime library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the rsyslog runtime library. If not, see . + * + * A copy of the GPL can be found in the file "COPYING" in this distribution. + * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution. + */ +#include "config.h" + +#include "rsyslog.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "rsyslog.h" +#include "module-template.h" +#include "obj.h" +#include "errmsg.h" +#include "nsd_ptcp.h" +#include "nsdsel_ptcp.h" + +MODULE_TYPE_LIB + +/* static data */ +DEFobjStaticHelpers +DEFobjCurrIf(errmsg) +DEFobjCurrIf(glbl) + + +/* Standard-Constructor + */ +BEGINobjConstruct(nsdsel_ptcp) /* be sure to specify the object type also in END macro! */ + pThis->maxfds = 0; + FD_ZERO(&pThis->readfds); + FD_ZERO(&pThis->writefds); +ENDobjConstruct(nsdsel_ptcp) + + +/* destructor for the nsdsel_ptcp object */ +BEGINobjDestruct(nsdsel_ptcp) /* be sure to specify the object type also in END and CODESTART macros! */ +CODESTARTobjDestruct(nsdsel_ptcp) +ENDobjDestruct(nsdsel_ptcp) + + +/* Add a socket to the select set */ +static rsRetVal +Add(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp) +{ + DEFiRet; + nsdsel_ptcp_t *pThis = (nsdsel_ptcp_t*) pNsdsel; + nsd_ptcp_t *pSock = (nsd_ptcp_t*) pNsd; + + ISOBJ_TYPE_assert(pSock, nsd_ptcp); + ISOBJ_TYPE_assert(pThis, nsdsel_ptcp); + + switch(waitOp) { + case NSDSEL_RD: + FD_SET(pSock->sock, &pThis->readfds); + break; + case NSDSEL_WR: + FD_SET(pSock->sock, &pThis->writefds); + break; + case NSDSEL_RDWR: + FD_SET(pSock->sock, &pThis->readfds); + FD_SET(pSock->sock, &pThis->writefds); + break; + } + + if(pSock->sock > pThis->maxfds) + pThis->maxfds = pSock->sock; + + RETiRet; +} + + +/* perform the select() piNumReady returns how many descriptors are ready for IO + * TODO: add timeout! + */ +static rsRetVal +Select(nsdsel_t *pNsdsel, int *piNumReady) +{ + DEFiRet; + int i; + nsdsel_ptcp_t *pThis = (nsdsel_ptcp_t*) pNsdsel; + + ISOBJ_TYPE_assert(pThis, nsdsel_ptcp); + assert(piNumReady != NULL); + + if(Debug) { // TODO: debug setting! + // TODO: name in dbgprintf! + dbgprintf("-------- calling select, active fds (max %d): ", pThis->maxfds); + for(i = 0; i <= pThis->maxfds; ++i) + if(FD_ISSET(i, &pThis->readfds) || FD_ISSET(i, &pThis->writefds)) + dbgprintf("%d ", i); + dbgprintf("\n"); + } + + /* now do the select */ + *piNumReady = select(pThis->maxfds+1, &pThis->readfds, &pThis->writefds, NULL, NULL); + + RETiRet; +} + + +/* check if a socket is ready for IO */ +static rsRetVal +IsReady(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp) +{ + DEFiRet; + nsdsel_ptcp_t *pThis = (nsdsel_ptcp_t*) pNsdsel; + nsd_ptcp_t *pSock = (nsd_ptcp_t*) pNsd; + + ISOBJ_TYPE_assert(pThis, nsdsel_ptcp); + ISOBJ_TYPE_assert(pSock, nsd_ptcp); + RETiRet; +} + + +/* ------------------------------ end support for the select() interface ------------------------------ */ + + +/* queryInterface function */ +BEGINobjQueryInterface(nsdsel_ptcp) +CODESTARTobjQueryInterface(nsdsel_ptcp) + if(pIf->ifVersion != nsdCURR_IF_VERSION) {/* check for current version, increment on each change */ + ABORT_FINALIZE(RS_RET_INTERFACE_NOT_SUPPORTED); + } + + /* ok, we have the right interface, so let's fill it + * Please note that we may also do some backwards-compatibility + * work here (if we can support an older interface version - that, + * of course, also affects the "if" above). + */ + pIf->Construct = (rsRetVal(*)(nsdsel_t**)) nsdsel_ptcpConstruct; + pIf->Destruct = (rsRetVal(*)(nsdsel_t**)) nsdsel_ptcpDestruct; + pIf->Add = Add; + pIf->Select = Select; + pIf->IsReady = IsReady; +finalize_it: +ENDobjQueryInterface(nsdsel_ptcp) + + +/* exit our class + */ +BEGINObjClassExit(nsdsel_ptcp, OBJ_IS_LOADABLE_MODULE) /* CHANGE class also in END MACRO! */ +CODESTARTObjClassExit(nsdsel_ptcp) + /* release objects we no longer need */ + objRelease(glbl, CORE_COMPONENT); + objRelease(errmsg, CORE_COMPONENT); +ENDObjClassExit(nsdsel_ptcp) + + +/* Initialize the nsdsel_ptcp class. Must be called as the very first method + * before anything else is called inside this class. + * rgerhards, 2008-02-19 + */ +BEGINObjClassInit(nsdsel_ptcp, 1, OBJ_IS_LOADABLE_MODULE) /* class, version */ + /* request objects we use */ + CHKiRet(objUse(errmsg, CORE_COMPONENT)); + CHKiRet(objUse(glbl, CORE_COMPONENT)); + + /* set our own handlers */ +ENDObjClassInit(nsdsel_ptcp) + + +/* --------------- here now comes the plumbing that makes as a library module --------------- */ + + +BEGINmodExit +CODESTARTmodExit + nsdsel_ptcpClassExit(); +ENDmodExit + + +BEGINqueryEtryPt +CODESTARTqueryEtryPt +CODEqueryEtryPt_STD_LIB_QUERIES +ENDqueryEtryPt + + +BEGINmodInit() +CODESTARTmodInit + *ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */ + + /* Initialize all classes that are in our module - this includes ourselfs */ + CHKiRet(nsdsel_ptcpClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */ +ENDmodInit +/* vi:set ai: + */ diff --git a/runtime/nsdsel_ptcp.h b/runtime/nsdsel_ptcp.h new file mode 100644 index 00000000..39294d7d --- /dev/null +++ b/runtime/nsdsel_ptcp.h @@ -0,0 +1,46 @@ +/* An implementation of the nsd select interface for plain tcp sockets. + * + * Copyright 2008 Rainer Gerhards and Adiscon GmbH. + * + * This file is part of the rsyslog runtime library. + * + * The rsyslog runtime library is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * The rsyslog runtime library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the rsyslog runtime library. If not, see . + * + * A copy of the GPL can be found in the file "COPYING" in this distribution. + * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution. + */ + +#ifndef INCLUDED_NSDSEL_PTCP_H +#define INCLUDED_NSDSEL_PTCP_H + +#include "nsd.h" +typedef nsdsel_if_t nsdsel_ptcp_if_t; /* we just *implement* this interface */ + +/* the nsdsel_ptcp object */ +struct nsdsel_ptcp_s { + BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */ + int maxfds; + fd_set readfds; + fd_set writefds; +}; + +/* interface is defined in nsd.h, we just implement it! */ + +/* prototypes */ +PROTOTYPEObj(nsdsel_ptcp); + +/* the name of our library binary */ +#define LM_NSDSEL_PTCP_FILENAME "lmnsdsel_ptcp" + +#endif /* #ifndef INCLUDED_NSDSEL_PTCP_H */ diff --git a/runtime/nssel.c b/runtime/nssel.c new file mode 100644 index 00000000..f2844872 --- /dev/null +++ b/runtime/nssel.c @@ -0,0 +1,222 @@ +/* nssel.c + * + * The io waiter is a helper object enabling us to wait on a set of streams to become + * ready for IO - this is modelled after select(). We need this, because + * stream drivers may have different concepts. Consequently, + * the structure must contain nsd_t's from the same stream driver type + * only. This is implemented as a singly-linked list where every + * new element is added at the top of the list. + * + * Work on this module begun 2008-04-22 by Rainer Gerhards. + * + * Copyright 2008 Rainer Gerhards and Adiscon GmbH. + * + * This file is part of the rsyslog runtime library. + * + * The rsyslog runtime library is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * The rsyslog runtime library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the rsyslog runtime library. If not, see . + * + * A copy of the GPL can be found in the file "COPYING" in this distribution. + * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution. + */ +#include "config.h" + +#include "rsyslog.h" +#include +#include +#include +#include +#include + +#include "rsyslog.h" +#include "obj.h" +#include "module-template.h" +#include "nssel.h" + +MODULE_TYPE_LIB + +/* static data */ +DEFobjStaticHelpers +DEFobjCurrIf(glbl) + + +/* load our low-level driver. This must be done before any + * driver-specific functions (allmost all...) can be carried + * out. Note that the driver's .ifIsLoaded is correctly + * initialized by calloc() and we depend on that. + * rgerhards, 2008-04-18 + */ +static rsRetVal +loadDrvr(nssel_t *pThis) +{ + uchar *pDrvrName; + DEFiRet; + + pDrvrName = pThis->pDrvrName; + if(pDrvrName == NULL) /* if no drvr name is set, use system default */ + pDrvrName = glbl.GetDfltNetstrmDrvr(); + + pThis->Drvr.ifVersion = nsdCURR_IF_VERSION; + /* The pDrvrName+2 below is a hack to obtain the object name. It + * safes us to have yet another variable with the name without "lm" in + * front of it. If we change the module load interface, we may re-think + * about this hack, but for the time being it is efficient and clean + * enough. -- rgerhards, 2008-04-18 + */ + CHKiRet(obj.UseObj(__FILE__, pDrvrName+2, pDrvrName, (void*) &pThis->Drvr)); +finalize_it: + RETiRet; +} + + +/* Standard-Constructor */ +BEGINobjConstruct(nssel) /* be sure to specify the object type also in END macro! */ +ENDobjConstruct(nssel) + + +/* destructor for the nssel object */ +BEGINobjDestruct(nssel) /* be sure to specify the object type also in END and CODESTART macros! */ +CODESTARTobjDestruct(nssel) +ENDobjDestruct(nssel) + + +/* ConstructionFinalizer */ +static rsRetVal +ConstructFinalize(nssel_t *pThis) +{ + DEFiRet; + ISOBJ_TYPE_assert(pThis, nssel); + CHKiRet(loadDrvr(pThis)); + CHKiRet(pThis->Drvr.Construct(&pThis->pDrvrData)); +finalize_it: + RETiRet; +} + + +/* Add a stream object to the current IOW. Note that a single stream may + * have multiple "sockets" if it is a listener. If so, all of them are + * begin added. + */ +static rsRetVal +Add(nssel_t *pThis, netstrm_t *pStrm) +{ + DEFiRet; + + ISOBJ_TYPE_assert(pThis, nssel); + ISOBJ_TYPE_assert(pStrm, netstrm); + + +finalize_it: + RETiRet; +} + + +/* wait for IO to happen on one of our netstreams. iNumReady has + * the number of ready "sockets" after the call. This function blocks + * until some are ready. EAGAIN is retried. + */ +static rsRetVal +Wait(nssel_t *pThis, int *piNumReady) +{ + DEFiRet; + ISOBJ_TYPE_assert(pThis, nssel); + assert(piNumReady != NULL); + RETiRet; +} + + +/* Check if a stream is ready for IO. *piNumReady contains the remaining number + * of ready streams. Note that this function may say the stream is not ready + * but still decrement *piNumReady. This can happen when (e.g. with TLS) the low + * level driver requires some IO which is hidden from the upper layer point of view. + * rgerhards, 2008-04-23 + */ +static rsRetVal +IsReady(nssel_t *pThis, netstrm_t *pStrm, int *pbIsReady, int *piNumReady) +{ + DEFiRet; + ISOBJ_TYPE_assert(pThis, nssel); + ISOBJ_TYPE_assert(pStrm, netstrm); + assert(pbIsReady != NULL); + assert(piNumReady != NULL); + RETiRet; +} + + +/* queryInterface function */ +BEGINobjQueryInterface(nssel) +CODESTARTobjQueryInterface(nssel) + if(pIf->ifVersion != nsselCURR_IF_VERSION) {/* check for current version, increment on each change */ + ABORT_FINALIZE(RS_RET_INTERFACE_NOT_SUPPORTED); + } + + /* ok, we have the right interface, so let's fill it + * Please note that we may also do some backwards-compatibility + * work here (if we can support an older interface version - that, + * of course, also affects the "if" above). + */ + pIf->Construct = nsselConstruct; + pIf->ConstructFinalize = ConstructFinalize; + pIf->Destruct = nsselDestruct; + pIf->Add = Add; + pIf->Wait = Wait; + pIf->IsReady = IsReady; +finalize_it: +ENDobjQueryInterface(nssel) + + +/* exit our class + */ +BEGINObjClassExit(nssel, OBJ_IS_LOADABLE_MODULE) /* CHANGE class also in END MACRO! */ +CODESTARTObjClassExit(nssel) + /* release objects we no longer need */ + objRelease(glbl, CORE_COMPONENT); +ENDObjClassExit(nssel) + + +/* Initialize the nssel class. Must be called as the very first method + * before anything else is called inside this class. + * rgerhards, 2008-02-19 + */ +BEGINObjClassInit(nssel, 1, OBJ_IS_CORE_MODULE) /* class, version */ + /* request objects we use */ + CHKiRet(objUse(glbl, CORE_COMPONENT)); + + /* set our own handlers */ +ENDObjClassInit(nssel) + + +/* --------------- here now comes the plumbing that makes us a library module --------------- */ + + +BEGINmodExit +CODESTARTmodExit + nsselClassExit(); +ENDmodExit + + +BEGINqueryEtryPt +CODESTARTqueryEtryPt +CODEqueryEtryPt_STD_LIB_QUERIES +ENDqueryEtryPt + + +BEGINmodInit() +CODESTARTmodInit + *ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */ + + /* Initialize all classes that are in our module - this includes ourselfs */ + CHKiRet(nsselClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */ +ENDmodInit +/* vi:set ai: + */ diff --git a/runtime/nssel.h b/runtime/nssel.h new file mode 100644 index 00000000..16919b1f --- /dev/null +++ b/runtime/nssel.h @@ -0,0 +1,55 @@ +/* Definitions for the nssel IO waiter. + * + * Copyright 2008 Rainer Gerhards and Adiscon GmbH. + * + * This file is part of the rsyslog runtime library. + * + * The rsyslog runtime library is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * The rsyslog runtime library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the rsyslog runtime library. If not, see . + * + * A copy of the GPL can be found in the file "COPYING" in this distribution. + * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution. + */ + +#ifndef INCLUDED_NSSEL_H +#define INCLUDED_NSSEL_H + +#include "nsd.h" + +/* the nssel object */ +struct nssel_s { + BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */ + nsd_t *pDrvrData; /**< the driver's data elements */ + uchar *pDrvrName; /**< nsd driver name to use, or NULL if system default */ + nsdsel_if_t Drvr; /**< our stream driver */ +}; + + +/* interface */ +BEGINinterface(nssel) /* name must also be changed in ENDinterface macro! */ + rsRetVal (*Construct)(nssel_t **ppThis); + rsRetVal (*ConstructFinalize)(nssel_t *pThis); + rsRetVal (*Destruct)(nssel_t **ppThis); + rsRetVal (*Add)(nssel_t *pThis, netstrm_t *pStrm); + rsRetVal (*Wait)(nssel_t *pThis, int *pNumReady); + rsRetVal (*IsReady)(nssel_t *pThis, netstrm_t *pStrm, int *pbIsReady, int *pNumRead); +ENDinterface(nssel) +#define nsselCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */ + +/* prototypes */ +PROTOTYPEObj(nssel); + +/* the name of our library binary */ +#define LM_NSSEL_FILENAME "lmnssel" + +#endif /* #ifndef INCLUDED_NSSEL_H */ diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h index f7824006..4f62ca3c 100644 --- a/runtime/rsyslog.h +++ b/runtime/rsyslog.h @@ -65,8 +65,12 @@ typedef struct obj_s obj_t; typedef struct filed selector_t;/* TODO: this so far resides in syslogd.c, think about modularization */ typedef struct NetAddr netAddr_t; typedef struct netstrm_s netstrm_t; +typedef struct nssel_s nssel_t; +typedef enum nsdsel_waitOp_e nsdsel_waitOp_t; typedef struct nsd_ptcp_s nsd_ptcp_t; +typedef struct nsdsel_ptcp_s nsdsel_ptcp_t; typedef obj_t nsd_t; +typedef obj_t nsdsel_t; typedef struct msg msg_t; typedef struct interface_s interface_t; typedef struct objInfo_s objInfo_t; @@ -206,6 +210,7 @@ enum rsRetVal_ /** return value. All methods return this if not specified oth RS_RET_INVALID_HNAME = -2075, /**< remote peer's hostname invalid or unobtainable */ RS_RET_INVALID_PORT = -2076, /**< invalid port value */ RS_RET_COULD_NOT_BIND = -2077, /**< could not bind socket, defunct */ + RS_RET_MAX_SESS_REACHED = -2078, /**< max nbr of sessions reached, can not create more */ /* RainerScript error messages (range 1000.. 1999) */ RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */ diff --git a/tcps_sess.c b/tcps_sess.c index b5c9c31f..f66396e0 100644 --- a/tcps_sess.c +++ b/tcps_sess.c @@ -403,7 +403,7 @@ CODESTARTobjQueryInterface(tcps_sess) pIf->SetUsrP = SetUsrP; pIf->SetTcpsrv = SetTcpsrv; pIf->SetHost = SetHost; - pIf->SetSock = SetSock; + //pIf->SetSock = SetSock; pIf->SetMsgIdx = SetMsgIdx; finalize_it: ENDobjQueryInterface(tcps_sess) diff --git a/tcps_sess.h b/tcps_sess.h index 1d45c482..102d91b5 100644 --- a/tcps_sess.h +++ b/tcps_sess.h @@ -61,7 +61,7 @@ BEGINinterface(tcps_sess) /* name must also be changed in ENDinterface macro! */ rsRetVal (*SetTcpsrv)(tcps_sess_t *pThis, struct tcpsrv_s *pSrv); rsRetVal (*SetUsrP)(tcps_sess_t*, void*); rsRetVal (*SetHost)(tcps_sess_t *pThis, uchar*); - rsRetVal (*SetSock)(tcps_sess_t *pThis, int); + rsRetVal (*SetStrm)(tcps_sess_t *pThis, netstrm_t*); rsRetVal (*SetMsgIdx)(tcps_sess_t *pThis, int); ENDinterface(tcps_sess) #define tcps_sessCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */ diff --git a/tcpsrv.c b/tcpsrv.c index 96048e31..a276bf19 100644 --- a/tcpsrv.c +++ b/tcpsrv.c @@ -63,6 +63,7 @@ #include "tcpsrv.h" #include "obj.h" #include "glbl.h" +#include "netstrm.h" #include "errmsg.h" MODULE_TYPE_LIB @@ -77,30 +78,7 @@ DEFobjCurrIf(glbl) DEFobjCurrIf(tcps_sess) DEFobjCurrIf(errmsg) DEFobjCurrIf(net) - - - -/* code to free all sockets within a socket table. - * A socket table is a descriptor table where the zero - * element has the count of elements. This is used for - * listening sockets. The socket table itself is also - * freed. - * A POINTER to this structure must be provided, thus - * double indirection! - * rgerhards, 2007-06-28 - */ -static void freeAllSockets(int **socks) -{ - assert(socks != NULL); - assert(*socks != NULL); - while(**socks) { - dbgprintf("Closing socket %d.\n", (*socks)[**socks]); - close((*socks)[**socks]); - (**socks)--; - } - free(*socks); - *socks = NULL; -} +DEFobjCurrIf(netstrm) /* configure TCP listener settings. This is called during command @@ -236,33 +214,24 @@ static void deinit_tcp_listener(tcpsrv_t *pThis) if(pThis->TCPLstnPort != NULL) free(pThis->TCPLstnPort); - /* finally close the listen sockets themselfs */ - freeAllSockets(&pThis->pSocksLstn); + /* finally close our listen stream */ + netstrm.Destruct(&pThis->pLstn); } -/* Initialize TCP sockets (for listener) - * This function returns either NULL (which means it failed) or - * a pointer to an array of file descriptiors. If the pointer is - * returned, the zeroest element [0] contains the count of valid - * descriptors. The descriptors themself follow in range - * [1] ... [num-descriptors]. It is guaranteed that each of these - * descriptors is valid, at least when this function returns. - * Please note that technically the array may be larger than the number - * of valid pointers stored in it. The memory overhead is minimal, so - * we do not bother to re-allocate an array of the exact size. Logically, - * the array still contains the exactly correct number of descriptors. - */ -static int *create_tcp_socket(tcpsrv_t *pThis) +/* Initialize TCP sockets (for listener) and listens on them */ +static rsRetVal +create_tcp_socket(tcpsrv_t *pThis) { - struct addrinfo hints, *res, *r; - int error, maxs, *s, *socks, on = 1; - char *TCPLstnPort; + DEFiRet; + uchar *TCPLstnPort; ISOBJ_TYPE_assert(pThis, tcpsrv); - if(!strcmp(pThis->TCPLstnPort, "0")) - TCPLstnPort = "514"; + if(!strcmp((char*)pThis->TCPLstnPort, "0")) + TCPLstnPort = (uchar*)"514"; + // TODO: we need to enable the caller to set a port (based on who is + // using this, 514 may be totally unsuitable... --- rgerhards, 2008-04-22 /* use default - we can not do service db update, because there is * no IANA-assignment for syslog/tcp. In the long term, we might * re-use RFC 3195 port of 601, but that would probably break to @@ -270,136 +239,13 @@ static int *create_tcp_socket(tcpsrv_t *pThis) * rgerhards, 2007-06-28 */ else - TCPLstnPort = pThis->TCPLstnPort; - dbgprintf("creating tcp socket on port %s\n", TCPLstnPort); - memset(&hints, 0, sizeof(hints)); - hints.ai_flags = AI_PASSIVE | AI_NUMERICSERV; - hints.ai_family = glbl.GetDefPFFamily(); - hints.ai_socktype = SOCK_STREAM; - - error = getaddrinfo(NULL, TCPLstnPort, &hints, &res); - if(error) { - errmsg.LogError(NO_ERRCODE, "%s", gai_strerror(error)); - return NULL; - } - - /* Count max number of sockets we may open */ - for (maxs = 0, r = res; r != NULL ; r = r->ai_next, maxs++) - /* EMPTY */; - socks = malloc((maxs+1) * sizeof(int)); - if (socks == NULL) { - errmsg.LogError(NO_ERRCODE, "couldn't allocate memory for TCP listen sockets, suspending TCP message reception."); - freeaddrinfo(res); - return NULL; - } - - *socks = 0; /* num of sockets counter at start of array */ - s = socks + 1; - for (r = res; r != NULL ; r = r->ai_next) { - *s = socket(r->ai_family, r->ai_socktype, r->ai_protocol); - if (*s < 0) { - if(!(r->ai_family == PF_INET6 && errno == EAFNOSUPPORT)) - errmsg.LogError(NO_ERRCODE, "create_tcp_socket(), socket"); - /* it is debatable if PF_INET with EAFNOSUPPORT should - * also be ignored... - */ - continue; - } - -#ifdef IPV6_V6ONLY - if (r->ai_family == AF_INET6) { - int iOn = 1; - if (setsockopt(*s, IPPROTO_IPV6, IPV6_V6ONLY, - (char *)&iOn, sizeof (iOn)) < 0) { - errmsg.LogError(NO_ERRCODE, "TCP setsockopt"); - close(*s); - *s = -1; - continue; - } - } -#endif - if (setsockopt(*s, SOL_SOCKET, SO_REUSEADDR, - (char *) &on, sizeof(on)) < 0 ) { - errmsg.LogError(NO_ERRCODE, "TCP setsockopt(REUSEADDR)"); - close(*s); - *s = -1; - continue; - } - - /* We need to enable BSD compatibility. Otherwise an attacker - * could flood our log files by sending us tons of ICMP errors. - */ -#ifndef OS_BSD - if(net.should_use_so_bsdcompat()) { - if (setsockopt(*s, SOL_SOCKET, SO_BSDCOMPAT, - (char *) &on, sizeof(on)) < 0) { - errmsg.LogError(NO_ERRCODE, "TCP setsockopt(BSDCOMPAT)"); - close(*s); - *s = -1; - continue; - } - } -#endif - - if( (bind(*s, r->ai_addr, r->ai_addrlen) < 0) -#ifndef IPV6_V6ONLY - && (errno != EADDRINUSE) -#endif - ) { - errmsg.LogError(NO_ERRCODE, "TCP bind"); - close(*s); - *s = -1; - continue; - } - - if( listen(*s,pThis->iSessMax / 10 + 5) < 0) { - /* If the listen fails, it most probably fails because we ask - * for a too-large backlog. So in this case we first set back - * to a fixed, reasonable, limit that should work. Only if - * that fails, too, we give up. - */ - errmsg.LogError(NO_ERRCODE, "listen with a backlog of %d failed - retrying with default of 32.", - pThis->iSessMax / 10 + 5); - if(listen(*s, 32) < 0) { - errmsg.LogError(NO_ERRCODE, "TCP listen, suspending tcp inet"); - close(*s); - *s = -1; - continue; - } - } + TCPLstnPort = (uchar*)pThis->TCPLstnPort; - (*socks)++; - s++; - } - - if(res != NULL) - freeaddrinfo(res); - - if(Debug && *socks != maxs) - dbgprintf("We could initialize %d TCP listen sockets out of %d we received " - "- this may or may not be an error indication.\n", *socks, maxs); - - if(*socks == 0) { - errmsg.LogError(NO_ERRCODE, "No TCP listen socket could successfully be initialized, " - "message reception via TCP disabled.\n"); - free(socks); - return(NULL); - } + /* TODO: add capability to specify local listen address! */ + CHKiRet(netstrm.LstnInit(pThis->pLstn, TCPLstnPort, NULL, pThis->iSessMax)); - /* OK, we had success. Now it is also time to - * initialize our connections - */ - if(TCPSessTblInit(pThis) != 0) { - /* OK, we are in some trouble - we could not initialize the - * session table, so we can not continue. We need to free all - * we have assigned so far, because we can not really use it... - */ - errmsg.LogError(NO_ERRCODE, "Could not initialize TCP session table, suspending TCP message reception."); - freeAllSockets(&socks); /* prevent a socket leak */ - return(NULL); - } - - return(socks); +finalize_it: + RETiRet; } @@ -414,34 +260,26 @@ static int *create_tcp_socket(tcpsrv_t *pThis) * rgerhards, 2008-03-02 */ static rsRetVal -SessAccept(tcpsrv_t *pThis, tcps_sess_t **ppSess, int fd) +SessAccept(tcpsrv_t *pThis, tcps_sess_t **ppSess, nsd_t *pNsd) { DEFiRet; tcps_sess_t *pSess; - int newConn; + netstrm_t *pNewStrm = NULL; int iSess = -1; struct sockaddr_storage addr; - socklen_t addrlen = sizeof(struct sockaddr_storage); uchar fromHost[NI_MAXHOST]; uchar fromHostFQDN[NI_MAXHOST]; ISOBJ_TYPE_assert(pThis, tcpsrv); - newConn = accept(fd, (struct sockaddr*) &addr, &addrlen); - if (newConn < 0) { - errmsg.LogError(NO_ERRCODE, "tcp accept, ignoring error and connection request"); - ABORT_FINALIZE(RS_RET_ERR); // TODO: better error code - //was: return -1; - } + CHKiRet(netstrm.AcceptConnReq(pThis->pLstn, pNsd, &pNewStrm)); /* Add to session list */ iSess = TCPSessTblFindFreeSpot(pThis); if(iSess == -1) { errno = 0; errmsg.LogError(NO_ERRCODE, "too many tcp sessions - dropping incoming request"); - close(newConn); - ABORT_FINALIZE(RS_RET_ERR); // TODO: better error code - //was: return -1; + ABORT_FINALIZE(RS_RET_MAX_SESS_REACHED); } else { /* we found a free spot and can construct our session object */ CHKiRet(tcps_sess.Construct(&pSess)); @@ -455,7 +293,6 @@ SessAccept(tcpsrv_t *pThis, tcps_sess_t **ppSess, int fd) * are now told to discard the connection request. * Error message has been generated by cvthname. */ - close (newConn); ABORT_FINALIZE(RS_RET_ERR); // TODO: better error code } @@ -469,10 +306,8 @@ SessAccept(tcpsrv_t *pThis, tcps_sess_t **ppSess, int fd) dbgprintf("%s is not an allowed sender\n", (char *) fromHostFQDN); if(glbl.GetOption_DisallowWarning()) { errno = 0; - errmsg.LogError(NO_ERRCODE, "TCP message from disallowed sender %s discarded", - (char*)fromHost); + errmsg.LogError(NO_ERRCODE, "TCP message from disallowed sender %s discarded", fromHost); } - close(newConn); ABORT_FINALIZE(RS_RET_HOST_NOT_PERMITTED); } @@ -480,7 +315,8 @@ SessAccept(tcpsrv_t *pThis, tcps_sess_t **ppSess, int fd) * means we can finally fill in the session object. */ CHKiRet(tcps_sess.SetHost(pSess, fromHost)); - CHKiRet(tcps_sess.SetSock(pSess, newConn)); + CHKiRet(tcps_sess.SetStrm(pSess, pNewStrm)); + pNewStrm = NULL; /* prevent it from being freed in error handler, now done in tcps_sess! */ CHKiRet(tcps_sess.SetMsgIdx(pSess, 0)); CHKiRet(tcps_sess.ConstructFinalize(pSess)); @@ -499,6 +335,8 @@ finalize_it: tcps_sess.Destruct(&pThis->pSessions[iSess]); } iSess = -1; // TODO: change this to be fully iRet compliant ;) + if(pNewStrm != NULL) + netstrm.Destruct(&pNewStrm); } RETiRet; @@ -517,6 +355,7 @@ Run(tcpsrv_t *pThis) int iTCPSess; fd_set readfds; tcps_sess_t *pNewSess; + nsdsel_t *pSel; ISOBJ_TYPE_assert(pThis, tcpsrv); @@ -525,11 +364,9 @@ Run(tcpsrv_t *pThis) * right into the sleep below. */ while(1) { - maxfds = 0; - FD_ZERO (&readfds); + CHKiRet(nsdsel_ptcp.Construct(&pSel)); - /* Add the TCP listen sockets to the list of read descriptors. - */ + /* Add the TCP listen sockets to the list of read descriptors. */ if(pThis->pSocksLstn != NULL && *pThis->pSocksLstn) { for (i = 0; i < *pThis->pSocksLstn; i++) { /* The if() below is theoretically not needed, but I leave it in @@ -537,8 +374,8 @@ Run(tcpsrv_t *pThis) * feature is not yet supported by the current code base. */ if (pThis->pSocksLstn[i+1] != -1) { - if(Debug) - net.debugListenInfo(pThis->pSocksLstn[i+1], "TCP"); + if(Debug) net.debugListenInfo(pThis->pSocksLstn[i+1], "TCP"); + CHKiRet(nsdsel_ptcp.Add(pSel, )); FD_SET(pThis->pSocksLstn[i+1], &readfds); if(pThis->pSocksLstn[i+1]>maxfds) maxfds=pThis->pSocksLstn[i+1]; } @@ -566,6 +403,7 @@ Run(tcpsrv_t *pThis) } /* wait for io to become ready */ + /* this is the somewhat weak spot in our socket layer abstraction... */ nfds = select(maxfds+1, (fd_set *) &readfds, NULL, NULL, NULL); for (i = 0; i < *pThis->pSocksLstn; i++) { @@ -620,7 +458,6 @@ Run(tcpsrv_t *pThis) /* Standard-Constructor */ BEGINobjConstruct(tcpsrv) /* be sure to specify the object type also in END macro! */ - pThis->pSocksLstn = NULL; pThis->iSessMax = 200; /* TODO: useful default ;) */ ENDobjConstruct(tcpsrv) @@ -632,7 +469,7 @@ tcpsrvConstructFinalize(tcpsrv_t __attribute__((unused)) *pThis) { DEFiRet; ISOBJ_TYPE_assert(pThis, tcpsrv); - pThis->pSocksLstn = pThis->OpenLstnSocks(pThis); + iRet = pThis->OpenLstnSocks(pThis); RETiRet; } @@ -727,7 +564,7 @@ SetCBOnErrClose(tcpsrv_t *pThis, rsRetVal (*pCB)(tcps_sess_t*)) } static rsRetVal -SetCBOpenLstnSocks(tcpsrv_t *pThis, int* (*pCB)(tcpsrv_t*)) +SetCBOpenLstnSocks(tcpsrv_t *pThis, rsRetVal (*pCB)(tcpsrv_t*)) { DEFiRet; pThis->OpenLstnSocks = pCB; @@ -793,6 +630,7 @@ CODESTARTObjClassExit(tcpsrv) objRelease(conf, CORE_COMPONENT); objRelease(glbl, CORE_COMPONENT); objRelease(errmsg, CORE_COMPONENT); + objRelease(netstrm, LM_NET_FILENAME); objRelease(net, LM_NET_FILENAME); ENDObjClassExit(tcpsrv) @@ -805,6 +643,7 @@ BEGINObjClassInit(tcpsrv, 1, OBJ_IS_LOADABLE_MODULE) /* class, version - CHANGE /* request objects we use */ CHKiRet(objUse(errmsg, CORE_COMPONENT)); CHKiRet(objUse(net, LM_NET_FILENAME)); + CHKiRet(objUse(netstrm, LM_NET_FILENAME)); CHKiRet(objUse(tcps_sess, DONT_LOAD_LIB)); CHKiRet(objUse(conf, CORE_COMPONENT)); CHKiRet(objUse(glbl, CORE_COMPONENT)); diff --git a/tcpsrv.h b/tcpsrv.h index 20a7ea25..4cec906f 100644 --- a/tcpsrv.h +++ b/tcpsrv.h @@ -28,7 +28,8 @@ /* the tcpsrv object */ typedef struct tcpsrv_s { BEGINobjInstance; /**< Data to implement generic object - MUST be the first data element! */ - int *pSocksLstn; /**< listen socket array for server [0] holds count */ + //int *pSocksLstn; /**< listen socket array for server [0] holds count */ + netstrm_t *pLstn; /**< our netstream listner (which may contain multiple "sockets" */ int iSessMax; /**< max number of sessions supported */ char *TCPLstnPort; /**< the port the listener shall listen on */ tcps_sess_t **pSessions;/**< array of all of our sessions */ @@ -36,7 +37,7 @@ typedef struct tcpsrv_s { /* callbacks */ int (*pIsPermittedHost)(struct sockaddr *addr, char *fromHostFQDN, void*pUsrSrv, void*pUsrSess); int (*pRcvData)(tcps_sess_t*, char*, size_t); - int* (*OpenLstnSocks)(struct tcpsrv_s*); + rsRetVal (*OpenLstnSocks)(struct tcpsrv_s*); rsRetVal (*pOnListenDeinit)(void*); rsRetVal (*OnDestruct)(void*); rsRetVal (*pOnRegularClose)(tcps_sess_t *pSess); @@ -55,13 +56,13 @@ BEGINinterface(tcpsrv) /* name must also be changed in ENDinterface macro! */ rsRetVal (*ConstructFinalize)(tcpsrv_t __attribute__((unused)) *pThis); rsRetVal (*Destruct)(tcpsrv_t **ppThis); void (*configureTCPListen)(tcpsrv_t*, char *cOptarg); - int (*SessAccept)(tcpsrv_t *pThis, tcps_sess_t**ppSess, int fd); - int* (*create_tcp_socket)(tcpsrv_t *pThis); + rsRetVal (*SessAccept)(tcpsrv_t *pThis, tcps_sess_t **ppSess, nsd_t *pNsd); + rsRetVal (*create_tcp_socket)(tcpsrv_t *pThis); rsRetVal (*Run)(tcpsrv_t *pThis); /* set methods */ rsRetVal (*SetUsrP)(tcpsrv_t*, void*); rsRetVal (*SetCBIsPermittedHost)(tcpsrv_t*, int (*) (struct sockaddr *addr, char*, void*, void*)); - rsRetVal (*SetCBOpenLstnSocks)(tcpsrv_t *, int* (*)(tcpsrv_t*)); + rsRetVal (*SetCBOpenLstnSocks)(tcpsrv_t *, rsRetVal (*)(tcpsrv_t*)); rsRetVal (*SetCBRcvData)(tcpsrv_t *, int (*)(tcps_sess_t*, char*, size_t)); rsRetVal (*SetCBOnListenDeinit)(tcpsrv_t*, rsRetVal (*)(void*)); rsRetVal (*SetCBOnDestruct)(tcpsrv_t*, rsRetVal (*) (void*)); @@ -72,7 +73,7 @@ BEGINinterface(tcpsrv) /* name must also be changed in ENDinterface macro! */ rsRetVal (*SetCBOnSessDestruct)(tcpsrv_t*, rsRetVal (*) (void*)); rsRetVal (*SetCBOnSessConstructFinalize)(tcpsrv_t*, rsRetVal (*) (void*)); ENDinterface(tcpsrv) -#define tcpsrvCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */ +#define tcpsrvCURR_IF_VERSION 2 /* increment whenever you change the interface structure! */ /* prototypes */ -- cgit From 1892fc75f9fad0b0741b4a3eb1fc382f900b2301 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Wed, 23 Apr 2008 15:07:19 +0200 Subject: added new netstrms class netstrms is at the top layer of the socket abstraction --- plugins/imtcp/imtcp.c | 2 +- runtime/Makefile.am | 10 ++- runtime/netstrm.c | 88 ++++----------------- runtime/netstrm.h | 28 ++----- runtime/netstrms.c | 206 ++++++++++++++++++++++++++++++++++++++++++++++++++ runtime/netstrms.h | 52 +++++++++++++ runtime/nsd.h | 2 +- runtime/nsdsel_ptcp.c | 17 ++++- runtime/nssel.c | 15 ++-- runtime/nssel.h | 4 +- runtime/rsyslog.h | 2 + tcps_sess.h | 5 +- tcpsrv.c | 154 +++++++++++++++++++++---------------- tcpsrv.h | 13 ++-- tools/omfwd.c | 23 +++++- 15 files changed, 433 insertions(+), 188 deletions(-) create mode 100644 runtime/netstrms.c create mode 100644 runtime/netstrms.h diff --git a/plugins/imtcp/imtcp.c b/plugins/imtcp/imtcp.c index b7f8f0b5..17a48d17 100644 --- a/plugins/imtcp/imtcp.c +++ b/plugins/imtcp/imtcp.c @@ -70,7 +70,7 @@ isPermittedHost(struct sockaddr *addr, char *fromHostFQDN, void __attribute__((u } -static int* +static rsRetVal doOpenLstnSocks(tcpsrv_t *pSrv) { ISOBJ_TYPE_assert(pSrv, tcpsrv); diff --git a/runtime/Makefile.am b/runtime/Makefile.am index 61ede1d7..7cb1b9bb 100644 --- a/runtime/Makefile.am +++ b/runtime/Makefile.am @@ -81,7 +81,7 @@ lmregexp_la_LIBADD = endif if ENABLE_INET -pkglib_LTLIBRARIES += lmnet.la lmnetstrm.la lmnssel.la +pkglib_LTLIBRARIES += lmnet.la lmnetstrms.la lmnetstrm.la lmnssel.la # # network support # @@ -90,7 +90,13 @@ lmnet_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags) lmnet_la_LDFLAGS = -module -avoid-version lmnet_la_LIBADD = -# network streams +# network stream master class and stream factory +lmnetstrms_la_SOURCES = netstrms.c netstrms.h +lmnetstrms_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags) +lmnetstrms_la_LDFLAGS = -module -avoid-version +lmnetstrms_la_LIBADD = + +# individual network streams lmnetstrm_la_SOURCES = netstrm.c netstrm.h lmnetstrm_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags) lmnetstrm_la_LDFLAGS = -module -avoid-version diff --git a/runtime/netstrm.c b/runtime/netstrm.c index bdd2636c..f0bdab78 100644 --- a/runtime/netstrm.c +++ b/runtime/netstrm.c @@ -38,29 +38,16 @@ * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution. */ #include "config.h" - -#include "rsyslog.h" -#include -#include #include #include -#include #include -#include -#include -#include -#include -#include -#include - -#include "syslogd-types.h" + +#include "rsyslog.h" #include "module-template.h" -#include "parse.h" -#include "srUtils.h" #include "obj.h" #include "errmsg.h" -#include "net.h" -#include "nsd.h" +//#include "nsd.h" +#include "netstrms.h" #include "netstrm.h" MODULE_TYPE_LIB @@ -68,37 +55,7 @@ MODULE_TYPE_LIB /* static data */ DEFobjStaticHelpers DEFobjCurrIf(errmsg) -DEFobjCurrIf(glbl) -DEFobjCurrIf(net) - - -/* load our low-level driver. This must be done before any - * driver-specific functions (allmost all...) can be carried - * out. Note that the driver's .ifIsLoaded is correctly - * initialized by calloc() and we depend on that. - * rgerhards, 2008-04-18 - */ -static rsRetVal -loadDrvr(netstrm_t *pThis) -{ - uchar *pDrvrName; - DEFiRet; - - pDrvrName = pThis->pDrvrName; - if(pDrvrName == NULL) /* if no drvr name is set, use system default */ - pDrvrName = glbl.GetDfltNetstrmDrvr(); - - pThis->Drvr.ifVersion = nsdCURR_IF_VERSION; - /* The pDrvrName+2 below is a hack to obtain the object name. It - * safes us to have yet another variable with the name without "lm" in - * front of it. If we change the module load interface, we may re-think - * about this hack, but for the time being it is efficient and clean - * enough. -- rgerhards, 2008-04-18 - */ - CHKiRet(obj.UseObj(__FILE__, pDrvrName+2, pDrvrName, (void*) &pThis->Drvr)); -finalize_it: - RETiRet; -} +DEFobjCurrIf(netstrms) /* Standard-Constructor */ @@ -120,7 +77,6 @@ netstrmConstructFinalize(netstrm_t *pThis) { DEFiRet; ISOBJ_TYPE_assert(pThis, netstrm); - CHKiRet(loadDrvr(pThis)); CHKiRet(pThis->Drvr.Construct(&pThis->pDrvrData)); finalize_it: RETiRet; @@ -152,40 +108,27 @@ AbortDestruct(netstrm_t **ppThis) * rgerhards, 2008-04-21 */ static rsRetVal -AcceptConnReq(netstrm_t *pThis, nsd_t *pReqNsd, netstrm_t **ppNew) +AcceptConnReq(netstrm_t *pThis, netstrm_t **ppNew) { - netstrm_t *pNew = NULL; nsd_t *pNewNsd = NULL; DEFiRet; ISOBJ_TYPE_assert(pThis, netstrm); - assert(pReqNsd != NULL); assert(ppNew != NULL); /* accept the new connection */ - CHKiRet(pThis->Drvr.AcceptConnReq(pReqNsd, &pNewNsd)); - + CHKiRet(pThis->Drvr.AcceptConnReq(pThis->pDrvrData, &pNewNsd)); /* construct our object so that we can use it... */ - CHKiRet(netstrmConstruct(&pNew)); - - pNew->pDrvrData = pNewNsd; - if(pThis->pDrvrName == NULL) { - pNew->pDrvrName = NULL; - } else { - CHKmalloc(pNew->pDrvrName = (uchar*) strdup((char*)pThis->pDrvrName)); - } - CHKiRet(loadDrvr(pNew)); - - *ppNew = pNew; + CHKiRet(netstrms.CreateStrm(pThis->pNS, ppNew)); + (*ppNew)->pDrvrData = pNewNsd; finalize_it: if(iRet != RS_RET_OK) { - if(pNew != NULL) - netstrmDestruct(&pNew); /* the close may be redundant, but that doesn't hurt... */ if(pNewNsd != NULL) pThis->Drvr.Destruct(&pNewNsd); } + RETiRet; } @@ -197,12 +140,11 @@ finalize_it: * rgerhards, 2008-04-22 */ static rsRetVal -LstnInit(netstrm_t *pThis, uchar *pLstnPort, uchar *pLstnIP, int iSessMax) +LstnInit(void *pUsr, rsRetVal(*fAddLstn)(void*,netstrm_t*), uchar *pLstnPort, uchar *pLstnIP, int iSessMax) { DEFiRet; - ISOBJ_TYPE_assert(pThis, netstrm); assert(pLstnPort != NULL); - CHKiRet(pThis->Drvr.LstnInit(&pThis->parrLstn, &pThis->isizeLstnArr, pLstnPort, pLstnIP, iSessMax)); + //CHKiRet(pThis->Drvr.LstnInit(pUsr, fAddLstn, pLstnPort, pLstnIP, iSessMax)); finalize_it: RETiRet; @@ -290,9 +232,8 @@ ENDobjQueryInterface(netstrm) BEGINObjClassExit(netstrm, OBJ_IS_LOADABLE_MODULE) /* CHANGE class also in END MACRO! */ CODESTARTObjClassExit(netstrm) /* release objects we no longer need */ - objRelease(net, CORE_COMPONENT); - objRelease(glbl, CORE_COMPONENT); objRelease(errmsg, CORE_COMPONENT); + objRelease(netstrms, LM_NETSTRMS_FILENAME); ENDObjClassExit(netstrm) @@ -303,8 +244,7 @@ ENDObjClassExit(netstrm) BEGINAbstractObjClassInit(netstrm, 1, OBJ_IS_CORE_MODULE) /* class, version */ /* request objects we use */ CHKiRet(objUse(errmsg, CORE_COMPONENT)); - CHKiRet(objUse(glbl, CORE_COMPONENT)); - CHKiRet(objUse(net, CORE_COMPONENT)); + CHKiRet(objUse(netstrms, LM_NETSTRMS_FILENAME)); /* set our own handlers */ ENDObjClassInit(netstrm) diff --git a/runtime/netstrm.h b/runtime/netstrm.h index a3719f93..b87228d2 100644 --- a/runtime/netstrm.h +++ b/runtime/netstrm.h @@ -29,34 +29,18 @@ /* the netstrm object */ struct netstrm_s { BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */ - nsd_t *pDrvrData; /**< the driver's data elements */ + nsd_t *pDrvrData; /**< the driver's data elements (at most other places, this is called pNsd) */ uchar *pDrvrName; /**< nsd driver name to use, or NULL if system default */ nsd_if_t Drvr; /**< our stream driver */ + netstrms_t *pNS; /**< pointer to our netstream subsystem object */ /* for listeners, we need to have the capablity to listen on multiple "sockets". This * is needed to support IPv6. We do this by specifying an array of nsd_t objects to * handle this case. */ - int isizeLstnArr; - nsd_t **parrLstn; + //int isizeLstnArr; + //nsd_t **parrLstn; }; -/* a helper object enabling us to wait on a set of streams to become - * ready for IO - this is modelled after select(). We need this, because - * stream drivers may have different concepts. Consequently, - * the structure must contain nsd_t's from the same stream driver type - * only. This is implemented as a singly-linked list where every - * new element is added at the top of the list. -- rgerhards, 2008-04-22 - */ -typedef struct netstrm_iowaiter_s netstrm_iowaiter_t; -struct netstrm_iowaiter_s { - netstrm_iowaiter_t *pNext; - nsd_t *pNsd; - enum { - NETSTRM_IOWAIT_RD = 1, - NETSTRM_IOWAIT_WR = 2, - NETSTRM_IOWAIT_RDWR = 3 - } waitOp; /**< the operation we wait for */ -}; /* interface */ BEGINinterface(netstrm) /* name must also be changed in ENDinterface macro! */ @@ -64,8 +48,8 @@ BEGINinterface(netstrm) /* name must also be changed in ENDinterface macro! */ rsRetVal (*ConstructFinalize)(netstrm_t *pThis); rsRetVal (*Destruct)(netstrm_t **ppThis); rsRetVal (*AbortDestruct)(netstrm_t **ppThis); - rsRetVal (*LstnInit)(netstrm_t *pThis, uchar *pLstnPort, uchar *pLstnIP, int iSessMax); - rsRetVal (*AcceptConnReq)(netstrm_t *pThis, nsd_t *pReqNsd, netstrm_t **ppNew); + rsRetVal (*LstnInit)(void *pUsr, rsRetVal(*)(void*,netstrm_t*), uchar *pLstnPort, uchar *pLstnIP, int iSessMax); + rsRetVal (*AcceptConnReq)(netstrm_t *pThis, netstrm_t **ppNew); rsRetVal (*Rcv)(netstrm_t *pThis, uchar *pRcvBuf, ssize_t *pLenBuf); rsRetVal (*Send)(netstrm_t *pThis, uchar *pBuf, ssize_t *pLenBuf); rsRetVal (*Connect)(netstrm_t *pThis, int family, unsigned char *port, unsigned char *host); diff --git a/runtime/netstrms.c b/runtime/netstrms.c new file mode 100644 index 00000000..d0e11441 --- /dev/null +++ b/runtime/netstrms.c @@ -0,0 +1,206 @@ +/* netstrms.c + * + * Work on this module begung 2008-04-23 by Rainer Gerhards. + * + * Copyright 2008 Rainer Gerhards and Adiscon GmbH. + * + * This file is part of the rsyslog runtime library. + * + * The rsyslog runtime library is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * The rsyslog runtime library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the rsyslog runtime library. If not, see . + * + * A copy of the GPL can be found in the file "COPYING" in this distribution. + * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution. + */ +#include "config.h" + +//#include +#include +#include +#include +//#include + +#include "rsyslog.h" +//#include "syslogd-types.h" +#include "module-template.h" +#include "obj.h" +//#include "errmsg.h" +//#include "net.h" +#include "nsd.h" +#include "netstrm.h" +#include "netstrms.h" + +MODULE_TYPE_LIB + +/* static data */ +DEFobjStaticHelpers +//DEFobjCurrIf(errmsg) +DEFobjCurrIf(glbl) +DEFobjCurrIf(netstrm) +//DEFobjCurrIf(net) + + +/* load our low-level driver. This must be done before any + * driver-specific functions (allmost all...) can be carried + * out. Note that the driver's .ifIsLoaded is correctly + * initialized by calloc() and we depend on that. + * rgerhards, 2008-04-18 + */ +static rsRetVal +loadDrvr(netstrms_t *pThis) +{ + uchar *pDrvrName; + DEFiRet; + + pDrvrName = pThis->pDrvrName; + if(pDrvrName == NULL) /* if no drvr name is set, use system default */ + pDrvrName = glbl.GetDfltNetstrmDrvr(); + + pThis->Drvr.ifVersion = nsdCURR_IF_VERSION; + /* The pDrvrName+2 below is a hack to obtain the object name. It + * safes us to have yet another variable with the name without "lm" in + * front of it. If we change the module load interface, we may re-think + * about this hack, but for the time being it is efficient and clean + * enough. -- rgerhards, 2008-04-18 + */ + CHKiRet(obj.UseObj(__FILE__, pDrvrName+2, pDrvrName, (void*) &pThis->Drvr)); +finalize_it: + RETiRet; +} + + +/* Standard-Constructor */ +BEGINobjConstruct(netstrms) /* be sure to specify the object type also in END macro! */ +ENDobjConstruct(netstrms) + + +/* destructor for the netstrms object */ +BEGINobjDestruct(netstrms) /* be sure to specify the object type also in END and CODESTART macros! */ +CODESTARTobjDestruct(netstrms) + if(pThis->pDrvrName != NULL) + free(pThis->pDrvrName); +ENDobjDestruct(netstrms) + + +/* ConstructionFinalizer */ +static rsRetVal +netstrmsConstructFinalize(netstrms_t *pThis) +{ + DEFiRet; + ISOBJ_TYPE_assert(pThis, netstrms); + CHKiRet(loadDrvr(pThis)); +finalize_it: + RETiRet; +} + + +/* create an instance of a netstrm object. It is initialized with default + * values. The current driver is used. The caller may set netstrm properties + * and must call ConstructFinalize(). + */ +static rsRetVal +CreateStrm(netstrms_t *pThis, netstrm_t **ppStrm) +{ + netstrm_t *pStrm = NULL; + DEFiRet; + + CHKiRet(netstrm.Construct(&pStrm)); + /* we copy over our driver structure. We could provide a pointer to + * ourselves, but that costs some performance on each driver invocation. + * As we already have hefty indirection (and thus performance toll), I + * prefer to copy over the function pointers here. -- rgerhards, 2008-04-23 + */ + memcpy(&pStrm->Drvr, &pThis->Drvr, sizeof(pThis->Drvr)); + pStrm->pNS = pThis; + + *ppStrm = pStrm; + +finalize_it: + if(iRet != RS_RET_OK) { + if(pStrm != NULL) + netstrm.Destruct(&pStrm); + } + RETiRet; +} + + +/* queryInterface function */ +BEGINobjQueryInterface(netstrms) +CODESTARTobjQueryInterface(netstrms) + if(pIf->ifVersion != netstrmsCURR_IF_VERSION) {/* check for current version, increment on each change */ + ABORT_FINALIZE(RS_RET_INTERFACE_NOT_SUPPORTED); + } + + /* ok, we have the right interface, so let's fill it + * Please note that we may also do some backwards-compatibility + * work here (if we can support an older interface version - that, + * of course, also affects the "if" above). + */ + pIf->Construct = netstrmsConstruct; + pIf->ConstructFinalize = netstrmsConstructFinalize; + pIf->Destruct = netstrmsDestruct; + pIf->CreateStrm = CreateStrm; +finalize_it: +ENDobjQueryInterface(netstrms) + + +/* exit our class */ +BEGINObjClassExit(netstrms, OBJ_IS_LOADABLE_MODULE) /* CHANGE class also in END MACRO! */ +CODESTARTObjClassExit(netstrms) + /* release objects we no longer need */ + //objRelease(net, CORE_COMPONENT); + objRelease(glbl, CORE_COMPONENT); + objRelease(netstrm, LM_NETSTRM_FILENAME); + //objRelease(errmsg, CORE_COMPONENT); +ENDObjClassExit(netstrms) + + +/* Initialize the netstrms class. Must be called as the very first method + * before anything else is called inside this class. + * rgerhards, 2008-02-19 + */ +BEGINAbstractObjClassInit(netstrms, 1, OBJ_IS_CORE_MODULE) /* class, version */ + /* request objects we use */ + //CHKiRet(objUse(errmsg, CORE_COMPONENT)); + CHKiRet(objUse(glbl, CORE_COMPONENT)); + CHKiRet(objUse(netstrm, LM_NETSTRM_FILENAME)); + //CHKiRet(objUse(net, CORE_COMPONENT)); + + /* set our own handlers */ +ENDObjClassInit(netstrms) + + +/* --------------- here now comes the plumbing that makes as a library module --------------- */ + + +BEGINmodExit +CODESTARTmodExit + netstrmsClassExit(); +ENDmodExit + + +BEGINqueryEtryPt +CODESTARTqueryEtryPt +CODEqueryEtryPt_STD_LIB_QUERIES +ENDqueryEtryPt + + +BEGINmodInit() +CODESTARTmodInit + *ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */ + + /* Initialize all classes that are in our module - this includes ourselfs */ + CHKiRet(netstrmsClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */ +ENDmodInit +/* vi:set ai: + */ diff --git a/runtime/netstrms.h b/runtime/netstrms.h new file mode 100644 index 00000000..1e920304 --- /dev/null +++ b/runtime/netstrms.h @@ -0,0 +1,52 @@ +/* Definitions for the stream-based netstrmsworking class. + * + * Copyright 2007, 2008 Rainer Gerhards and Adiscon GmbH. + * + * This file is part of the rsyslog runtime library. + * + * The rsyslog runtime library is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * The rsyslog runtime library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the rsyslog runtime library. If not, see . + * + * A copy of the GPL can be found in the file "COPYING" in this distribution. + * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution. + */ + +#ifndef INCLUDED_NETSTRMS_H +#define INCLUDED_NETSTRMS_H + +#include "nsd.h" /* we need our driver interface to be defined */ + +/* the netstrms object */ +struct netstrms_s { + BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */ + uchar *pDrvrName; /**< nsd driver name to use, or NULL if system default */ + nsd_if_t Drvr; /**< our stream driver */ +}; + + +/* interface */ +BEGINinterface(netstrms) /* name must also be changed in ENDinterface macro! */ + rsRetVal (*Construct)(netstrms_t **ppThis); + rsRetVal (*ConstructFinalize)(netstrms_t *pThis); + rsRetVal (*Destruct)(netstrms_t **ppThis); + rsRetVal (*CreateStrm)(netstrms_t *pThis, netstrm_t **ppStrm); +ENDinterface(netstrms) +#define netstrmsCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */ + +/* prototypes */ +PROTOTYPEObj(netstrms); + +/* the name of our library binary */ +#define LM_NETSTRMS_FILENAME "lmnetstrms" + +#endif /* #ifndef INCLUDED_NETSTRMS_H */ diff --git a/runtime/nsd.h b/runtime/nsd.h index 2fb883ac..db61780f 100644 --- a/runtime/nsd.h +++ b/runtime/nsd.h @@ -57,7 +57,7 @@ BEGINinterface(nsdsel) /* name must also be changed in ENDinterface macro! */ rsRetVal (*Destruct)(nsdsel_t **ppThis); rsRetVal (*Add)(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp); rsRetVal (*Select)(nsdsel_t *pNsdsel, int *piNumReady); - rsRetVal (*IsReady)(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp); + rsRetVal (*IsReady)(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp, int *pbIsReady); ENDinterface(nsdsel) #define nsdselCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */ diff --git a/runtime/nsdsel_ptcp.c b/runtime/nsdsel_ptcp.c index 67f3c62a..c5864809 100644 --- a/runtime/nsdsel_ptcp.c +++ b/runtime/nsdsel_ptcp.c @@ -131,7 +131,7 @@ Select(nsdsel_t *pNsdsel, int *piNumReady) /* check if a socket is ready for IO */ static rsRetVal -IsReady(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp) +IsReady(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp, int *pbIsReady) { DEFiRet; nsdsel_ptcp_t *pThis = (nsdsel_ptcp_t*) pNsdsel; @@ -139,6 +139,21 @@ IsReady(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp) ISOBJ_TYPE_assert(pThis, nsdsel_ptcp); ISOBJ_TYPE_assert(pSock, nsd_ptcp); + assert(pbIsReady != NULL); + + switch(waitOp) { + case NSDSEL_RD: + *pbIsReady = FD_ISSET(pSock->sock, &pThis->readfds); + break; + case NSDSEL_WR: + *pbIsReady = FD_ISSET(pSock->sock, &pThis->writefds); + break; + case NSDSEL_RDWR: + *pbIsReady = FD_ISSET(pSock->sock, &pThis->readfds) + | FD_ISSET(pSock->sock, &pThis->writefds); + break; + } + RETiRet; } diff --git a/runtime/nssel.c b/runtime/nssel.c index f2844872..0cbda9b9 100644 --- a/runtime/nssel.c +++ b/runtime/nssel.c @@ -41,6 +41,7 @@ #include "rsyslog.h" #include "obj.h" #include "module-template.h" +#include "netstrm.h" #include "nssel.h" MODULE_TYPE_LIB @@ -103,18 +104,19 @@ finalize_it: } -/* Add a stream object to the current IOW. Note that a single stream may - * have multiple "sockets" if it is a listener. If so, all of them are - * begin added. +/* Add a stream object to the current select() set. + * Note that a single stream may have multiple "sockets" if + * it is a listener. If so, all of them are begin added. */ static rsRetVal -Add(nssel_t *pThis, netstrm_t *pStrm) +Add(nssel_t *pThis, netstrm_t *pStrm, nsdsel_waitOp_t waitOp) { DEFiRet; ISOBJ_TYPE_assert(pThis, nssel); ISOBJ_TYPE_assert(pStrm, netstrm); - + + CHKiRet(pThis->Drvr.Add(pThis->pDrvrData, pStrm->pDrvrData, waitOp)); finalize_it: RETiRet; @@ -131,6 +133,7 @@ Wait(nssel_t *pThis, int *piNumReady) DEFiRet; ISOBJ_TYPE_assert(pThis, nssel); assert(piNumReady != NULL); + iRet = pThis->Drvr.Select(pThis->pDrvrData, piNumReady); RETiRet; } @@ -142,7 +145,7 @@ Wait(nssel_t *pThis, int *piNumReady) * rgerhards, 2008-04-23 */ static rsRetVal -IsReady(nssel_t *pThis, netstrm_t *pStrm, int *pbIsReady, int *piNumReady) +IsReady(nssel_t *pThis, netstrm_t *pStrm, nsdsel_waitOp_t waitOp, int *pbIsReady, int *piNumReady) { DEFiRet; ISOBJ_TYPE_assert(pThis, nssel); diff --git a/runtime/nssel.h b/runtime/nssel.h index 16919b1f..2f907caa 100644 --- a/runtime/nssel.h +++ b/runtime/nssel.h @@ -40,9 +40,9 @@ BEGINinterface(nssel) /* name must also be changed in ENDinterface macro! */ rsRetVal (*Construct)(nssel_t **ppThis); rsRetVal (*ConstructFinalize)(nssel_t *pThis); rsRetVal (*Destruct)(nssel_t **ppThis); - rsRetVal (*Add)(nssel_t *pThis, netstrm_t *pStrm); + rsRetVal (*Add)(nssel_t *pThis, netstrm_t *pStrm, nsdsel_waitOp_t waitOp); rsRetVal (*Wait)(nssel_t *pThis, int *pNumReady); - rsRetVal (*IsReady)(nssel_t *pThis, netstrm_t *pStrm, int *pbIsReady, int *pNumRead); + rsRetVal (*IsReady)(nssel_t *pThis, netstrm_t *pStrm, nsdsel_waitOp_t waitOp, int *pbIsReady, int *piNumReady); ENDinterface(nssel) #define nsselCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */ diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h index 4f62ca3c..6bffae4b 100644 --- a/runtime/rsyslog.h +++ b/runtime/rsyslog.h @@ -64,6 +64,7 @@ typedef struct thrdInfo thrdInfo_t; typedef struct obj_s obj_t; typedef struct filed selector_t;/* TODO: this so far resides in syslogd.c, think about modularization */ typedef struct NetAddr netAddr_t; +typedef struct netstrms_s netstrms_t; typedef struct netstrm_s netstrm_t; typedef struct nssel_s nssel_t; typedef enum nsdsel_waitOp_e nsdsel_waitOp_t; @@ -76,6 +77,7 @@ typedef struct interface_s interface_t; typedef struct objInfo_s objInfo_t; typedef enum rsRetVal_ rsRetVal; /**< friendly type for global return value */ typedef rsRetVal (*errLogFunc_t)(uchar*); /* this is a trick to store a function ptr to a function returning a function ptr... */ +typedef struct tcpsrv_s tcpsrv_t; /* some universal 64 bit define... */ typedef long long int64; diff --git a/tcps_sess.h b/tcps_sess.h index 102d91b5..25884ea2 100644 --- a/tcps_sess.h +++ b/tcps_sess.h @@ -32,8 +32,9 @@ struct tcpsrv_s; typedef struct tcps_sess_s { BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */ struct tcpsrv_s *pSrv; /* pointer back to my server (e.g. for callbacks) */ - int sock; - int iMsg; /* index of next char to store in msg */ + int sock; // TODO: remove + netstrm_t *pStrm; + int iMsg; /* index of next char to store in msg */ int bAtStrtOfFram; /* are we at the very beginning of a new frame? */ enum { eAtStrtFram, diff --git a/tcpsrv.c b/tcpsrv.c index a276bf19..973b59fa 100644 --- a/tcpsrv.c +++ b/tcpsrv.c @@ -63,13 +63,16 @@ #include "tcpsrv.h" #include "obj.h" #include "glbl.h" +#include "netstrms.h" #include "netstrm.h" +#include "nssel.h" #include "errmsg.h" MODULE_TYPE_LIB /* defines */ #define TCPSESS_MAX_DEFAULT 200 /* default for nbr of tcp sessions if no number is given */ +#define TCPLSTN_MAX_DEFAULT 20 /* default for nbr of listeners */ /* static data */ DEFobjStaticHelpers @@ -78,7 +81,9 @@ DEFobjCurrIf(glbl) DEFobjCurrIf(tcps_sess) DEFobjCurrIf(errmsg) DEFobjCurrIf(net) +DEFobjCurrIf(netstrms) DEFobjCurrIf(netstrm) +DEFobjCurrIf(nssel) /* configure TCP listener settings. This is called during command @@ -193,17 +198,17 @@ TCPSessGetNxtSess(tcpsrv_t *pThis, int iCurr) */ static void deinit_tcp_listener(tcpsrv_t *pThis) { - int iTCPSess; + int i; ISOBJ_TYPE_assert(pThis, tcpsrv); assert(pThis->pSessions != NULL); /* close all TCP connections! */ - iTCPSess = TCPSessGetNxtSess(pThis, -1); - while(iTCPSess != -1) { - tcps_sess.Destruct(&pThis->pSessions[iTCPSess]); + i = TCPSessGetNxtSess(pThis, -1); + while(i != -1) { + tcps_sess.Destruct(&pThis->pSessions[i]); /* now get next... */ - iTCPSess = TCPSessGetNxtSess(pThis, iTCPSess); + i = TCPSessGetNxtSess(pThis, i); } /* we are done with the session table - so get rid of it... @@ -214,8 +219,25 @@ static void deinit_tcp_listener(tcpsrv_t *pThis) if(pThis->TCPLstnPort != NULL) free(pThis->TCPLstnPort); - /* finally close our listen stream */ - netstrm.Destruct(&pThis->pLstn); + /* finally close our listen streams */ + for(i = 0 ; i < pThis->iLstnMax ; ++i) { + netstrm.Destruct(pThis->ppLstn + i); + } +} + + +/* add a listen socket to our listen socket array. This is a callback + * invoked from the netstrm class. -- rgerhards, 2008-04-23 + */ +static rsRetVal +addTcpLstn(void *pUsr, netstrm_t *pLstn) +{ + tcpsrv_t *pThis = (tcpsrv_t*) pUsr; + DEFiRet; + + ISOBJ_TYPE_assert(pThis, tcpsrv); + + RETiRet; } @@ -242,7 +264,7 @@ create_tcp_socket(tcpsrv_t *pThis) TCPLstnPort = (uchar*)pThis->TCPLstnPort; /* TODO: add capability to specify local listen address! */ - CHKiRet(netstrm.LstnInit(pThis->pLstn, TCPLstnPort, NULL, pThis->iSessMax)); + CHKiRet(netstrm.LstnInit((void*)pThis, addTcpLstn, TCPLstnPort, NULL, pThis->iSessMax)); finalize_it: RETiRet; @@ -260,7 +282,7 @@ finalize_it: * rgerhards, 2008-03-02 */ static rsRetVal -SessAccept(tcpsrv_t *pThis, tcps_sess_t **ppSess, nsd_t *pNsd) +SessAccept(tcpsrv_t *pThis, tcps_sess_t **ppSess, netstrm_t *pStrm) { DEFiRet; tcps_sess_t *pSess; @@ -272,7 +294,7 @@ SessAccept(tcpsrv_t *pThis, tcps_sess_t **ppSess, nsd_t *pNsd) ISOBJ_TYPE_assert(pThis, tcpsrv); - CHKiRet(netstrm.AcceptConnReq(pThis->pLstn, pNsd, &pNewStrm)); + CHKiRet(netstrm.AcceptConnReq(pStrm, &pNewStrm)); /* Add to session list */ iSess = TCPSessTblFindFreeSpot(pThis); @@ -343,19 +365,18 @@ finalize_it: } -/* This function is called to gather input. - */ +/* This function is called to gather input. */ static rsRetVal Run(tcpsrv_t *pThis) { DEFiRet; - int maxfds; int nfds; int i; int iTCPSess; - fd_set readfds; + int bIsReady; tcps_sess_t *pNewSess; - nsdsel_t *pSel; + nssel_t *pSel; + int state; ISOBJ_TYPE_assert(pThis, tcpsrv); @@ -364,52 +385,32 @@ Run(tcpsrv_t *pThis) * right into the sleep below. */ while(1) { - CHKiRet(nsdsel_ptcp.Construct(&pSel)); + CHKiRet(nssel.Construct(&pSel)); + // TODO: set driver + CHKiRet(nssel.ConstructFinalize(pSel)); /* Add the TCP listen sockets to the list of read descriptors. */ - if(pThis->pSocksLstn != NULL && *pThis->pSocksLstn) { - for (i = 0; i < *pThis->pSocksLstn; i++) { - /* The if() below is theoretically not needed, but I leave it in - * so that a socket may become unsuable during execution. That - * feature is not yet supported by the current code base. - */ - if (pThis->pSocksLstn[i+1] != -1) { - if(Debug) net.debugListenInfo(pThis->pSocksLstn[i+1], "TCP"); - CHKiRet(nsdsel_ptcp.Add(pSel, )); - FD_SET(pThis->pSocksLstn[i+1], &readfds); - if(pThis->pSocksLstn[i+1]>maxfds) maxfds=pThis->pSocksLstn[i+1]; - } - } - /* do the sessions */ - iTCPSess = TCPSessGetNxtSess(pThis, -1); - while(iTCPSess != -1) { - int fdSess; - fdSess = pThis->pSessions[iTCPSess]->sock; // TODO: NOT CLEAN!, use method - dbgprintf("Adding TCP Session %d\n", fdSess); - FD_SET(fdSess, &readfds); - if (fdSess>maxfds) maxfds=fdSess; - /* now get next... */ - iTCPSess = TCPSessGetNxtSess(pThis, iTCPSess); - } + for(i = 0 ; i < pThis->iLstnMax ; ++i) { + CHKiRet(nssel.Add(pSel, pThis->ppLstn[i], NSDSEL_RD)); } - if(Debug) { - // TODO: name in dbgprintf! - dbgprintf("-------- calling select, active file descriptors (max %d): ", maxfds); - for (nfds = 0; nfds <= maxfds; ++nfds) - if ( FD_ISSET(nfds, &readfds) ) - dbgprintf("%d ", nfds); - dbgprintf("\n"); + /* do the sessions */ + iTCPSess = TCPSessGetNxtSess(pThis, -1); + while(iTCPSess != -1) { + /* TODO: access to pNsd is NOT really CLEAN, use method... */ + CHKiRet(nssel.Add(pSel, pThis->pSessions[iTCPSess]->pStrm, NSDSEL_RD)); + /* now get next... */ + iTCPSess = TCPSessGetNxtSess(pThis, iTCPSess); } /* wait for io to become ready */ - /* this is the somewhat weak spot in our socket layer abstraction... */ - nfds = select(maxfds+1, (fd_set *) &readfds, NULL, NULL, NULL); + CHKiRet(nssel.Wait(pSel, &nfds)); - for (i = 0; i < *pThis->pSocksLstn; i++) { - if (FD_ISSET(pThis->pSocksLstn[i+1], &readfds)) { - dbgprintf("New connect on TCP inetd socket: #%d\n", pThis->pSocksLstn[i+1]); - SessAccept(pThis, &pNewSess, pThis->pSocksLstn[i+1]); + for(i = 0 ; i < pThis->iLstnMax ; ++i) { + CHKiRet(nssel.IsReady(pSel, pThis->ppLstn[i], NSDSEL_RD, &bIsReady, &nfds)); + if(bIsReady) { + dbgprintf("New connect on NSD %p.\n", pThis->ppLstn[i]); + SessAccept(pThis, &pNewSess, pThis->ppLstn[i]); --nfds; /* indicate we have processed one */ } } @@ -417,12 +418,10 @@ Run(tcpsrv_t *pThis) /* now check the sessions */ iTCPSess = TCPSessGetNxtSess(pThis, -1); while(nfds && iTCPSess != -1) { - int fdSess; - int state; - fdSess = pThis->pSessions[iTCPSess]->sock; // TODO: not clean, use method - if(FD_ISSET(fdSess, &readfds)) { + CHKiRet(nssel.IsReady(pSel, pThis->pSessions[iTCPSess]->pStrm, NSDSEL_RD, &bIsReady, &nfds)); + if(bIsReady) { char buf[MAXLINE]; - dbgprintf("tcp session socket with new data: #%d\n", fdSess); + dbgprintf("netstream %p with new data\n", pThis->pSessions[iTCPSess]->pStrm); /* Receive message */ state = pThis->pRcvData(pThis->pSessions[iTCPSess], buf, sizeof(buf)); @@ -430,7 +429,8 @@ Run(tcpsrv_t *pThis) pThis->pOnRegularClose(pThis->pSessions[iTCPSess]); tcps_sess.Destruct(&pThis->pSessions[iTCPSess]); } else if(state == -1) { - errmsg.LogError(NO_ERRCODE, "TCP session %d will be closed, error ignored\n", fdSess); + errmsg.LogError(NO_ERRCODE, "netstream session %p will be closed, error ignored\n", + pThis->pSessions[iTCPSess]->pStrm); pThis->pOnErrClose(pThis->pSessions[iTCPSess]); tcps_sess.Destruct(&pThis->pSessions[iTCPSess]); } else { @@ -451,26 +451,39 @@ Run(tcpsrv_t *pThis) } } +finalize_it: // TODO: think: is it really good to exit the loop? RETiRet; } -/* Standard-Constructor - */ +/* Standard-Constructor */ BEGINobjConstruct(tcpsrv) /* be sure to specify the object type also in END macro! */ - pThis->iSessMax = 200; /* TODO: useful default ;) */ + pThis->iSessMax = TCPSESS_MAX_DEFAULT; /* TODO: useful default ;) */ + pThis->iLstnMax = TCPLSTN_MAX_DEFAULT; /* TODO: useful default ;) */ ENDobjConstruct(tcpsrv) -/* ConstructionFinalizer - */ +/* ConstructionFinalizer */ static rsRetVal -tcpsrvConstructFinalize(tcpsrv_t __attribute__((unused)) *pThis) +tcpsrvConstructFinalize(tcpsrv_t *pThis) { DEFiRet; ISOBJ_TYPE_assert(pThis, tcpsrv); + + /* prepare network stream subsystem */ + CHKiRet(netstrms.Construct(&pThis->pNS)); + // TODO: set driver! + CHKiRet(netstrms.ConstructFinalize(pThis->pNS)); + + /* set up listeners */ + CHKmalloc(pThis->ppLstn = calloc(pThis->iLstnMax, sizeof(netstrm_t*))); iRet = pThis->OpenLstnSocks(pThis); +finalize_it: + if(iRet != RS_RET_OK) { + if(pThis->pNS != NULL) + netstrms.Destruct(&pThis->pNS); + } RETiRet; } @@ -482,6 +495,9 @@ CODESTARTobjDestruct(tcpsrv) pThis->OnDestruct(pThis->pUsr); deinit_tcp_listener(pThis); + + if(pThis->pNS != NULL) + netstrms.Destruct(&pThis->pNS); ENDobjDestruct(tcpsrv) @@ -630,7 +646,9 @@ CODESTARTObjClassExit(tcpsrv) objRelease(conf, CORE_COMPONENT); objRelease(glbl, CORE_COMPONENT); objRelease(errmsg, CORE_COMPONENT); - objRelease(netstrm, LM_NET_FILENAME); + objRelease(nssel, LM_NSSEL_FILENAME); + objRelease(netstrm, LM_NETSTRM_FILENAME); + objRelease(netstrms, LM_NETSTRMS_FILENAME); objRelease(net, LM_NET_FILENAME); ENDObjClassExit(tcpsrv) @@ -643,7 +661,9 @@ BEGINObjClassInit(tcpsrv, 1, OBJ_IS_LOADABLE_MODULE) /* class, version - CHANGE /* request objects we use */ CHKiRet(objUse(errmsg, CORE_COMPONENT)); CHKiRet(objUse(net, LM_NET_FILENAME)); - CHKiRet(objUse(netstrm, LM_NET_FILENAME)); + CHKiRet(objUse(netstrms, LM_NETSTRMS_FILENAME)); + CHKiRet(objUse(netstrm, LM_NETSTRM_FILENAME)); + CHKiRet(objUse(nssel, LM_NSSEL_FILENAME)); CHKiRet(objUse(tcps_sess, DONT_LOAD_LIB)); CHKiRet(objUse(conf, CORE_COMPONENT)); CHKiRet(objUse(glbl, CORE_COMPONENT)); diff --git a/tcpsrv.h b/tcpsrv.h index 4cec906f..ada77aec 100644 --- a/tcpsrv.h +++ b/tcpsrv.h @@ -26,10 +26,11 @@ #include "tcps_sess.h" /* the tcpsrv object */ -typedef struct tcpsrv_s { +struct tcpsrv_s { BEGINobjInstance; /**< Data to implement generic object - MUST be the first data element! */ - //int *pSocksLstn; /**< listen socket array for server [0] holds count */ - netstrm_t *pLstn; /**< our netstream listner (which may contain multiple "sockets" */ + netstrms_t *pNS; /**< pointer to network stream subsystem */ + int iLstnMax; /**< max nbr of listeners currently supported */ + netstrm_t **ppLstn; /**< our netstream listners */ int iSessMax; /**< max number of sessions supported */ char *TCPLstnPort; /**< the port the listener shall listen on */ tcps_sess_t **pSessions;/**< array of all of our sessions */ @@ -43,10 +44,10 @@ typedef struct tcpsrv_s { rsRetVal (*pOnRegularClose)(tcps_sess_t *pSess); rsRetVal (*pOnErrClose)(tcps_sess_t *pSess); /* session specific callbacks */ - rsRetVal (*pOnSessAccept)(struct tcpsrv_s *, tcps_sess_t*); + rsRetVal (*pOnSessAccept)(tcpsrv_t *, tcps_sess_t*); rsRetVal (*OnSessConstructFinalize)(void*); rsRetVal (*pOnSessDestruct)(void*); -} tcpsrv_t; +}; /* interfaces */ @@ -56,7 +57,7 @@ BEGINinterface(tcpsrv) /* name must also be changed in ENDinterface macro! */ rsRetVal (*ConstructFinalize)(tcpsrv_t __attribute__((unused)) *pThis); rsRetVal (*Destruct)(tcpsrv_t **ppThis); void (*configureTCPListen)(tcpsrv_t*, char *cOptarg); - rsRetVal (*SessAccept)(tcpsrv_t *pThis, tcps_sess_t **ppSess, nsd_t *pNsd); + rsRetVal (*SessAccept)(tcpsrv_t *pThis, tcps_sess_t **ppSess, netstrm_t *pStrm); rsRetVal (*create_tcp_socket)(tcpsrv_t *pThis); rsRetVal (*Run)(tcpsrv_t *pThis); /* set methods */ diff --git a/tools/omfwd.c b/tools/omfwd.c index 3a2fe37f..719075c7 100644 --- a/tools/omfwd.c +++ b/tools/omfwd.c @@ -51,6 +51,7 @@ #include "syslogd-types.h" #include "srUtils.h" #include "net.h" +#include "netstrms.h" #include "netstrm.h" #include "omfwd.h" #include "template.h" @@ -69,12 +70,14 @@ DEF_OMOD_STATIC_DATA DEFobjCurrIf(errmsg) DEFobjCurrIf(glbl) DEFobjCurrIf(net) +DEFobjCurrIf(netstrms) DEFobjCurrIf(netstrm) DEFobjCurrIf(tcpclt) typedef struct _instanceData { - char *f_hname; + netstrms_t *pNS; /* netstream subsystem */ netstrm_t *pNetstrm; /* our output netstream */ + char *f_hname; int *pSockArray; /* sockets to use for UDP */ int bIsConnected; /* are we connected to remote host? 0 - no, 1 - yes, UDP means addr resolved */ struct addrinfo *f_addr; @@ -252,16 +255,24 @@ static rsRetVal TCPSendInit(void *pvData) assert(pData != NULL); if(pData->pNetstrm == NULL) { - CHKiRet(netstrm.Construct(&pData->pNetstrm)); + CHKiRet(netstrms.Construct(&pData->pNS)); /* here we may set another netstream driver (e.g. to do TLS) */ + CHKiRet(netstrms.ConstructFinalize(pData->pNS)); + + /* now create the actual stream and connect to the server */ + CHKiRet(netstrms.CreateStrm(pData->pNS, &pData->pNetstrm)); CHKiRet(netstrm.ConstructFinalize(pData->pNetstrm)); CHKiRet(netstrm.Connect(pData->pNetstrm, glbl.GetDefPFFamily(), (uchar*)pData->port, (uchar*)pData->f_hname)); } finalize_it: - if(iRet != RS_RET_OK) - netstrm.Destruct(&pData->pNetstrm); + if(iRet != RS_RET_OK) { + if(pData->pNetstrm != NULL) + netstrm.Destruct(&pData->pNetstrm); + if(pData->pNS != NULL) + netstrms.Destruct(&pData->pNS); + } RETiRet; } @@ -394,6 +405,8 @@ static rsRetVal loadTCPSupport(void) { DEFiRet; + if(!netstrms.ifIsLoaded) + CHKiRet(objUse(netstrms, LM_NETSTRMS_FILENAME)); if(!netstrm.ifIsLoaded) CHKiRet(objUse(netstrm, LM_NETSTRM_FILENAME)); if(!tcpclt.ifIsLoaded) @@ -564,6 +577,8 @@ CODESTARTmodExit objRelease(net, LM_NET_FILENAME); if(netstrm.ifIsLoaded) objRelease(netstrm, LM_NETSTRM_FILENAME); + if(netstrms.ifIsLoaded) + objRelease(netstrms, LM_NETSTRMS_FILENAME); if(!tcpclt.ifIsLoaded) objRelease(tcpclt, LM_TCPCLT_FILENAME); -- cgit From 50fe2ec2ea275b7ed38c7942736fbb2aae727056 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Wed, 23 Apr 2008 16:31:35 +0200 Subject: removed listener array from inidividual netstrm (mostly finished) --- runtime/netstrm.c | 9 ++++++-- runtime/netstrm.h | 3 ++- runtime/nsd.h | 3 ++- runtime/nsd_ptcp.c | 60 +++++++++++++++++++++++++++++++++--------------------- runtime/rsyslog.h | 1 + tcps_sess.h | 2 +- tcpsrv.c | 23 ++++++++++++++++++++- 7 files changed, 72 insertions(+), 29 deletions(-) diff --git a/runtime/netstrm.c b/runtime/netstrm.c index f0bdab78..c8335fa4 100644 --- a/runtime/netstrm.c +++ b/runtime/netstrm.c @@ -140,11 +140,16 @@ finalize_it: * rgerhards, 2008-04-22 */ static rsRetVal -LstnInit(void *pUsr, rsRetVal(*fAddLstn)(void*,netstrm_t*), uchar *pLstnPort, uchar *pLstnIP, int iSessMax) +LstnInit(netstrms_t *pNS, void *pUsr, rsRetVal(*fAddLstn)(void*,netstrm_t*), + uchar *pLstnPort, uchar *pLstnIP, int iSessMax) { DEFiRet; + + ISOBJ_TYPE_assert(pNS, netstrms); + assert(fAddLstn != NULL); assert(pLstnPort != NULL); - //CHKiRet(pThis->Drvr.LstnInit(pUsr, fAddLstn, pLstnPort, pLstnIP, iSessMax)); + + CHKiRet(pNS->Drvr.LstnInit(pNS, pUsr, fAddLstn, pLstnPort, pLstnIP, iSessMax)); finalize_it: RETiRet; diff --git a/runtime/netstrm.h b/runtime/netstrm.h index b87228d2..33d166ea 100644 --- a/runtime/netstrm.h +++ b/runtime/netstrm.h @@ -48,7 +48,8 @@ BEGINinterface(netstrm) /* name must also be changed in ENDinterface macro! */ rsRetVal (*ConstructFinalize)(netstrm_t *pThis); rsRetVal (*Destruct)(netstrm_t **ppThis); rsRetVal (*AbortDestruct)(netstrm_t **ppThis); - rsRetVal (*LstnInit)(void *pUsr, rsRetVal(*)(void*,netstrm_t*), uchar *pLstnPort, uchar *pLstnIP, int iSessMax); + rsRetVal (*LstnInit)(netstrms_t *pNS, void *pUsr, rsRetVal(*)(void*,netstrm_t*), + uchar *pLstnPort, uchar *pLstnIP, int iSessMax); rsRetVal (*AcceptConnReq)(netstrm_t *pThis, netstrm_t **ppNew); rsRetVal (*Rcv)(netstrm_t *pThis, uchar *pRcvBuf, ssize_t *pLenBuf); rsRetVal (*Send)(netstrm_t *pThis, uchar *pBuf, ssize_t *pLenBuf); diff --git a/runtime/nsd.h b/runtime/nsd.h index db61780f..c32e284e 100644 --- a/runtime/nsd.h +++ b/runtime/nsd.h @@ -46,7 +46,8 @@ BEGINinterface(nsd) /* name must also be changed in ENDinterface macro! */ rsRetVal (*Rcv)(nsd_t *pThis, uchar *pRcvBuf, ssize_t *pLenBuf); rsRetVal (*Send)(nsd_t *pThis, uchar *pBuf, ssize_t *pLenBuf); rsRetVal (*Connect)(nsd_t *pThis, int family, unsigned char *port, unsigned char *host); - rsRetVal (*LstnInit)(nsd_t ***parrLstn, int *pLstnArrSize, uchar *pLstnPort, uchar *pLstnIP, int iSessMax); + rsRetVal (*LstnInit)(netstrms_t *pNS, void *pUsr, rsRetVal(*fAddLstn)(void*,netstrm_t*), + uchar *pLstnPort, uchar *pLstnIP, int iSessMax); rsRetVal (*AcceptConnReq)(nsd_t *pThis, nsd_t **ppThis); ENDinterface(nsd) #define nsdCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */ diff --git a/runtime/nsd_ptcp.c b/runtime/nsd_ptcp.c index c737c168..40b11ad4 100644 --- a/runtime/nsd_ptcp.c +++ b/runtime/nsd_ptcp.c @@ -45,6 +45,8 @@ #include "obj.h" #include "errmsg.h" #include "net.h" +#include "netstrms.h" +#include "netstrm.h" #include "nsd_ptcp.h" MODULE_TYPE_LIB @@ -54,6 +56,8 @@ DEFobjStaticHelpers DEFobjCurrIf(errmsg) DEFobjCurrIf(glbl) DEFobjCurrIf(net) +DEFobjCurrIf(netstrms) +DEFobjCurrIf(netstrm) /* a few deinit helpers */ @@ -243,24 +247,29 @@ finalize_it: } -/* initialize tcp sockets for a listner. This function returns an array of nds_t - * objects. The size of this array is returend in pLstnArrSize. +/* initialize tcp sockets for a listner. The initialized sockets are passed to the + * app-level caller via a callback. * pLstnPort must point to a port name or number. NULL is NOT permitted. pLstnIP * points to the port to listen to (NULL means "all"), iMaxSess has the maximum * number of sessions permitted. * rgerhards, 2008-04-22 */ static rsRetVal -LstnInit(nsd_t ***parrLstnNsd, int *pLstnArrSize, uchar *pLstnPort, uchar *pLstnIP, int iSessMax) +LstnInit(netstrms_t *pNS, void *pUsr, rsRetVal(*fAddLstn)(void*,netstrm_t*), + uchar *pLstnPort, uchar *pLstnIP, int iSessMax) { DEFiRet; - struct addrinfo hints, *res = NULL, *r; nsd_ptcp_t **arrLstn = NULL; + netstrm_t *pNewStrm = NULL; + nsd_t *pNewNsd = NULL; int error, maxs, on = 1; int sock; + int numSocks; int sockflags; + struct addrinfo hints, *res = NULL, *r; - assert(parrLstnNsd != NULL); + ISOBJ_TYPE_assert(pNS, netstrms); + assert(fAddLstn != NULL); assert(pLstnPort != NULL); assert(iSessMax >= 0); @@ -282,7 +291,7 @@ LstnInit(nsd_t ***parrLstnNsd, int *pLstnArrSize, uchar *pLstnPort, uchar *pLstn /* EMPTY */; CHKmalloc(arrLstn = (nsd_ptcp_t**) malloc((maxs+1) * sizeof(nsd_ptcp_t*))); - *pLstnArrSize = 0; /* num of sockets counter at start of array */ + numSocks = 0; /* num of sockets counter at start of array */ for(r = res; r != NULL ; r = r->ai_next) { sock = socket(r->ai_family, r->ai_socktype, r->ai_protocol); if(sock < 0) { @@ -366,38 +375,39 @@ LstnInit(nsd_t ***parrLstnNsd, int *pLstnArrSize, uchar *pLstnPort, uchar *pLstn } } - /* if we reach this point, we were able to obtain a valid socket, which we - * now can save to the array of listen sockets. -- rgerhards, 2008-04-22 + /* if we reach this point, we were able to obtain a valid socket, so we can + * construct a new netstrm obj and hand it over to the upper layers for inclusion + * into their socket array. -- rgerhards, 2008-04-23 */ - CHKiRet(nsd_ptcpConstruct(arrLstn+*pLstnArrSize)); - arrLstn[*pLstnArrSize]->sock = sock; - ++(*pLstnArrSize); + CHKiRet(pNS->Drvr.Construct(&pNewNsd)); + ((nsd_ptcp_t*)pNewNsd)->sock = sock; + CHKiRet(netstrms.CreateStrm(pNS, &pNewStrm)); + pNewStrm->pDrvrData = (nsd_t*) pNewNsd; + CHKiRet(fAddLstn(pUsr, pNewStrm)); + pNewNsd = NULL; + pNewStrm = NULL; } if(res != NULL) freeaddrinfo(res); - if(*pLstnArrSize != maxs) + if(numSocks != maxs) dbgprintf("We could initialize %d TCP listen sockets out of %d we received " - "- this may or may not be an error indication.\n", *pLstnArrSize, maxs); + "- this may or may not be an error indication.\n", numSocks, maxs); - if(*pLstnArrSize == 0) { - dbgprintf("No TCP listen sockets could successfully be initialized, " - "message reception disabled.\n"); + if(numSocks == 0) { + dbgprintf("No TCP listen sockets could successfully be initialized"); ABORT_FINALIZE(RS_RET_COULD_NOT_BIND); } - *parrLstnNsd = (nsd_t**) arrLstn; - arrLstn = NULL; /* prevent from being freed in error handler */ - finalize_it: if(iRet != RS_RET_OK) { if(res != NULL) freeaddrinfo(res); - if(arrLstn != NULL) { - for(maxs = 0 ; maxs < *pLstnArrSize ; ++maxs) - nsd_ptcpDestruct(arrLstn+*pLstnArrSize); - } + if(pNewStrm != NULL) + netstrm.Destruct(&pNewStrm); + if(pNewNsd != NULL) + pNS->Drvr.Destruct(&pNewNsd); } RETiRet; @@ -537,6 +547,8 @@ CODESTARTObjClassExit(nsd_ptcp) objRelease(net, CORE_COMPONENT); objRelease(glbl, CORE_COMPONENT); objRelease(errmsg, CORE_COMPONENT); + objRelease(netstrm, LM_NETSTRM_FILENAME); + objRelease(netstrms, LM_NETSTRMS_FILENAME); ENDObjClassExit(nsd_ptcp) @@ -549,6 +561,8 @@ BEGINObjClassInit(nsd_ptcp, 1, OBJ_IS_LOADABLE_MODULE) /* class, version */ CHKiRet(objUse(errmsg, CORE_COMPONENT)); CHKiRet(objUse(glbl, CORE_COMPONENT)); CHKiRet(objUse(net, CORE_COMPONENT)); + CHKiRet(objUse(netstrm, LM_NETSTRM_FILENAME)); + CHKiRet(objUse(netstrms, LM_NETSTRMS_FILENAME)); /* set our own handlers */ ENDObjClassInit(nsd_ptcp) diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h index 6bffae4b..6cd9d94d 100644 --- a/runtime/rsyslog.h +++ b/runtime/rsyslog.h @@ -213,6 +213,7 @@ enum rsRetVal_ /** return value. All methods return this if not specified oth RS_RET_INVALID_PORT = -2076, /**< invalid port value */ RS_RET_COULD_NOT_BIND = -2077, /**< could not bind socket, defunct */ RS_RET_MAX_SESS_REACHED = -2078, /**< max nbr of sessions reached, can not create more */ + RS_RET_MAX_LSTN_REACHED = -2079, /**< max nbr of listeners reached, can not create more */ /* RainerScript error messages (range 1000.. 1999) */ RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */ diff --git a/tcps_sess.h b/tcps_sess.h index 25884ea2..7baa035a 100644 --- a/tcps_sess.h +++ b/tcps_sess.h @@ -32,7 +32,7 @@ struct tcpsrv_s; typedef struct tcps_sess_s { BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */ struct tcpsrv_s *pSrv; /* pointer back to my server (e.g. for callbacks) */ - int sock; // TODO: remove + //int sock; // TODO: remove netstrm_t *pStrm; int iMsg; /* index of next char to store in msg */ int bAtStrtOfFram; /* are we at the very beginning of a new frame? */ diff --git a/tcpsrv.c b/tcpsrv.c index 973b59fa..b6fb35fc 100644 --- a/tcpsrv.c +++ b/tcpsrv.c @@ -236,7 +236,15 @@ addTcpLstn(void *pUsr, netstrm_t *pLstn) DEFiRet; ISOBJ_TYPE_assert(pThis, tcpsrv); + ISOBJ_TYPE_assert(pLstn, netstrm); + if(pThis->iLstnMax >= TCPLSTN_MAX_DEFAULT) + ABORT_FINALIZE(RS_RET_MAX_LSTN_REACHED); + + pThis->ppLstn[pThis->iLstnMax] = pLstn; + ++pThis->iLstnMax; + +finalize_it: RETiRet; } @@ -264,7 +272,20 @@ create_tcp_socket(tcpsrv_t *pThis) TCPLstnPort = (uchar*)pThis->TCPLstnPort; /* TODO: add capability to specify local listen address! */ - CHKiRet(netstrm.LstnInit((void*)pThis, addTcpLstn, TCPLstnPort, NULL, pThis->iSessMax)); + CHKiRet(netstrm.LstnInit(pThis->pNS, (void*)pThis, addTcpLstn, TCPLstnPort, NULL, pThis->iSessMax)); + + + /* OK, we had success. Now it is also time to + * initialize our connections + */ + if(TCPSessTblInit(pThis) != 0) { + /* OK, we are in some trouble - we could not initialize the + * session table, so we can not continue. We need to free all + * we have assigned so far, because we can not really use it... + */ + errmsg.LogError(NO_ERRCODE, "Could not initialize TCP session table, suspending TCP message reception."); + ABORT_FINALIZE(RS_RET_ERR); + } finalize_it: RETiRet; -- cgit From 721b9ee252143d182c3c145380e5dbec8c3b0102 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Wed, 23 Apr 2008 17:48:13 +0200 Subject: client functionality works again (with the new socket abstraction) --- plugins/imtcp/imtcp.c | 10 ++++++++-- runtime/netstrm.c | 2 +- runtime/netstrms.c | 27 +++++++++++++++++++-------- tcps_sess.c | 32 ++++++++++++-------------------- 4 files changed, 40 insertions(+), 31 deletions(-) diff --git a/plugins/imtcp/imtcp.c b/plugins/imtcp/imtcp.c index 17a48d17..1e599d14 100644 --- a/plugins/imtcp/imtcp.c +++ b/plugins/imtcp/imtcp.c @@ -43,6 +43,7 @@ #include "cfsysline.h" #include "module-template.h" #include "net.h" +#include "netstrm.h" #include "tcpsrv.h" MODULE_TYPE_INPUT @@ -52,6 +53,7 @@ DEF_IMOD_STATIC_DATA DEFobjCurrIf(tcpsrv) DEFobjCurrIf(tcps_sess) DEFobjCurrIf(net) +DEFobjCurrIf(netstrm) /* Module static data */ static tcpsrv_t *pOurTcpsrv = NULL; /* our TCP server(listener) TODO: change for multiple instances */ @@ -81,10 +83,12 @@ doOpenLstnSocks(tcpsrv_t *pSrv) static int doRcvData(tcps_sess_t *pSess, char *buf, size_t lenBuf) { - int state; + ssize_t state; assert(pSess != NULL); - state = recv(pSess->sock, buf, lenBuf, 0); + state = lenBuf; + if(netstrm.Rcv(pSess->pStrm, (uchar*) buf, &state) != RS_RET_OK) + state = -1; // TODO: move this function to an iRet interface! 2008-04-23 return state; } @@ -172,6 +176,7 @@ CODESTARTmodExit /* release objects we used */ objRelease(net, LM_NET_FILENAME); + objRelease(netstrm, LM_NETSTRM_FILENAME); objRelease(tcps_sess, LM_TCPSRV_FILENAME); objRelease(tcpsrv, LM_TCPSRV_FILENAME); ENDmodExit @@ -199,6 +204,7 @@ CODEmodInit_QueryRegCFSLineHdlr pOurTcpsrv = NULL; /* request objects we use */ CHKiRet(objUse(net, LM_NET_FILENAME)); + CHKiRet(objUse(netstrm, LM_NETSTRM_FILENAME)); CHKiRet(objUse(tcps_sess, LM_TCPSRV_FILENAME)); CHKiRet(objUse(tcpsrv, LM_TCPSRV_FILENAME)); diff --git a/runtime/netstrm.c b/runtime/netstrm.c index c8335fa4..83e91c2d 100644 --- a/runtime/netstrm.c +++ b/runtime/netstrm.c @@ -1,4 +1,4 @@ -/* netstrmstrm.c +/* netstrm.c * * This class implements a generic netstrmwork stream class. It supports * sending and receiving data streams over a netstrmwork. The class abstracts diff --git a/runtime/netstrms.c b/runtime/netstrms.c index d0e11441..46e740ab 100644 --- a/runtime/netstrms.c +++ b/runtime/netstrms.c @@ -23,15 +23,11 @@ * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution. */ #include "config.h" - -//#include #include #include #include -//#include #include "rsyslog.h" -//#include "syslogd-types.h" #include "module-template.h" #include "obj.h" //#include "errmsg.h" @@ -104,6 +100,22 @@ finalize_it: } +/* load the netstrm interface, but only if needed (if we load it always, we get + * into a circular dependency, because netstrm also needs ourselfs in some cases + * rgerhards, 2008-04-23 + */ +static inline rsRetVal +loadNetstrm(void) +{ + DEFiRet; + if(!netstrm.ifIsLoaded) { + CHKiRet(objUse(netstrm, LM_NETSTRM_FILENAME)); + } +finalize_it: + RETiRet; +} + + /* create an instance of a netstrm object. It is initialized with default * values. The current driver is used. The caller may set netstrm properties * and must call ConstructFinalize(). @@ -114,6 +126,7 @@ CreateStrm(netstrms_t *pThis, netstrm_t **ppStrm) netstrm_t *pStrm = NULL; DEFiRet; + CHKiRet(loadNetstrm()); CHKiRet(netstrm.Construct(&pStrm)); /* we copy over our driver structure. We could provide a pointer to * ourselves, but that costs some performance on each driver invocation. @@ -160,8 +173,8 @@ CODESTARTObjClassExit(netstrms) /* release objects we no longer need */ //objRelease(net, CORE_COMPONENT); objRelease(glbl, CORE_COMPONENT); - objRelease(netstrm, LM_NETSTRM_FILENAME); - //objRelease(errmsg, CORE_COMPONENT); + if(netstrm.ifIsLoaded) + objRelease(netstrm, LM_NETSTRM_FILENAME); ENDObjClassExit(netstrms) @@ -171,9 +184,7 @@ ENDObjClassExit(netstrms) */ BEGINAbstractObjClassInit(netstrms, 1, OBJ_IS_CORE_MODULE) /* class, version */ /* request objects we use */ - //CHKiRet(objUse(errmsg, CORE_COMPONENT)); CHKiRet(objUse(glbl, CORE_COMPONENT)); - CHKiRet(objUse(netstrm, LM_NETSTRM_FILENAME)); //CHKiRet(objUse(net, CORE_COMPONENT)); /* set our own handlers */ diff --git a/tcps_sess.c b/tcps_sess.c index f66396e0..5f5e993a 100644 --- a/tcps_sess.c +++ b/tcps_sess.c @@ -27,22 +27,12 @@ * * A copy of the GPL can be found in the file "COPYING" in this distribution. */ - #include "config.h" #include #include -#include #include -#include -#include #include -#include -#include -#include -#include -#if HAVE_FCNTL_H -#include -#endif + #include "rsyslog.h" #include "dirty.h" #include "module-template.h" @@ -51,11 +41,13 @@ #include "tcps_sess.h" #include "obj.h" #include "errmsg.h" +#include "netstrm.h" /* static data */ DEFobjStaticHelpers DEFobjCurrIf(errmsg) +DEFobjCurrIf(netstrm) /* forward definitions */ static rsRetVal Close(tcps_sess_t *pThis); @@ -64,7 +56,6 @@ static rsRetVal Close(tcps_sess_t *pThis); /* Standard-Constructor */ BEGINobjConstruct(tcps_sess) /* be sure to specify the object type also in END macro! */ - pThis->sock = -1; /* no sock */ pThis->iMsg = 0; /* just make sure... */ pThis->bAtStrtOfFram = 1; /* indicate frame header expected */ pThis->eFraming = TCP_FRAMING_OCTET_STUFFING; /* just make sure... */ @@ -90,8 +81,8 @@ finalize_it: /* destructor for the tcps_sess object */ BEGINobjDestruct(tcps_sess) /* be sure to specify the object type also in END and CODESTART macros! */ CODESTARTobjDestruct(tcps_sess) - if(pThis->sock != -1) - Close(pThis); + if(pThis->pStrm != NULL) + netstrm.Destruct(&pThis->pStrm); if(pThis->pSrv->pOnSessDestruct != NULL) { pThis->pSrv->pOnSessDestruct(&pThis->pUsr); @@ -99,7 +90,6 @@ CODESTARTobjDestruct(tcps_sess) /* now destruct our own properties */ if(pThis->fromHost != NULL) free(pThis->fromHost); - close(pThis->sock); ENDobjDestruct(tcps_sess) @@ -129,6 +119,7 @@ finalize_it: RETiRet; } +#if 0 // TODO: don't we need this any longer? static rsRetVal SetSock(tcps_sess_t *pThis, int sock) { @@ -137,6 +128,7 @@ SetSock(tcps_sess_t *pThis, int sock) pThis->sock = sock; RETiRet; } +#endif static rsRetVal SetMsgIdx(tcps_sess_t *pThis, int idx) @@ -200,9 +192,8 @@ PrepareClose(tcps_sess_t *pThis) /* In this case, we have an invalid frame count and thus * generate an error message and discard the frame. */ - errmsg.LogError(NO_ERRCODE, "Incomplete frame at end of stream in session %d - " - "ignoring extra data (a message may be lost).\n", - pThis->sock); + errmsg.LogError(NO_ERRCODE, "Incomplete frame at end of stream in session %p - " + "ignoring extra data (a message may be lost).\n", pThis->pStrm); /* nothing more to do */ } else { /* here, we have traditional framing. Missing LF at the end * of message may occur. As such, we process the message in @@ -228,8 +219,7 @@ Close(tcps_sess_t *pThis) DEFiRet; ISOBJ_TYPE_assert(pThis, tcps_sess); - close(pThis->sock); - pThis->sock = -1; + netstrm.Destruct(&pThis->pStrm); free(pThis->fromHost); pThis->fromHost = NULL; /* not really needed, but... */ @@ -416,6 +406,7 @@ BEGINObjClassExit(tcps_sess, OBJ_IS_LOADABLE_MODULE) /* CHANGE class also in END CODESTARTObjClassExit(tcps_sess) /* release objects we no longer need */ objRelease(errmsg, CORE_COMPONENT); + objRelease(netstrm, LM_NETSTRM_FILENAME); ENDObjClassExit(tcps_sess) @@ -426,6 +417,7 @@ ENDObjClassExit(tcps_sess) BEGINObjClassInit(tcps_sess, 1, OBJ_IS_CORE_MODULE) /* class, version - CHANGE class also in END MACRO! */ /* request objects we use */ CHKiRet(objUse(errmsg, CORE_COMPONENT)); + CHKiRet(objUse(netstrm, LM_NETSTRM_FILENAME)); /* set our own handlers */ OBJSetMethodHandler(objMethod_DEBUGPRINT, tcps_sessDebugPrint); -- cgit From 82095efa24ea0692a6747d4296f398ebd37e5339 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Wed, 23 Apr 2008 19:00:12 +0200 Subject: enhanced object model for server "sockets" --- doc/src/tls.dia | Bin 3450 -> 4656 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/doc/src/tls.dia b/doc/src/tls.dia index 6d82b0a9..77e5d185 100644 Binary files a/doc/src/tls.dia and b/doc/src/tls.dia differ -- cgit From bf3d2c1b392af1383a3cdc247f2280fd31a12699 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 24 Apr 2008 09:57:43 +0200 Subject: message reception via TCP work again ... at least in some cases ;) I assume there are still a couple of bugs inside the code. But at least we have something from where we can continue to work on. --- runtime/netstrm.c | 25 ++++++++++++++++++++++++ runtime/netstrm.h | 20 ++++++++----------- runtime/netstrms.c | 21 ++------------------ runtime/nsd.h | 2 ++ runtime/nsd_ptcp.c | 53 +++++++++++++++++++++++++++++++++++++++++++++------ runtime/nsdsel_ptcp.c | 9 --------- runtime/nssel.c | 4 +++- runtime/obj-types.h | 8 ++++++-- runtime/obj.c | 2 +- tcps_sess.c | 9 ++++----- tcpsrv.c | 25 ++++++++++-------------- 11 files changed, 108 insertions(+), 70 deletions(-) diff --git a/runtime/netstrm.c b/runtime/netstrm.c index 83e91c2d..670899ef 100644 --- a/runtime/netstrm.c +++ b/runtime/netstrm.c @@ -117,6 +117,7 @@ AcceptConnReq(netstrm_t *pThis, netstrm_t **ppNew) assert(ppNew != NULL); /* accept the new connection */ +RUNLOG_VAR("%p", pThis->pDrvrData); CHKiRet(pThis->Drvr.AcceptConnReq(pThis->pDrvrData, &pNewNsd)); /* construct our object so that we can use it... */ CHKiRet(netstrms.CreateStrm(pThis->pNS, ppNew)); @@ -191,6 +192,28 @@ Send(netstrm_t *pThis, uchar *pBuf, ssize_t *pLenBuf) } +/* get remote hname - slim wrapper for NSD driver function */ +static rsRetVal +GetRemoteHName(netstrm_t *pThis, uchar **ppsz) +{ + DEFiRet; + ISOBJ_TYPE_assert(pThis, netstrm); + iRet = pThis->Drvr.GetRemoteHName(pThis->pDrvrData, ppsz); + RETiRet; +} + + +/* get remote IP - slim wrapper for NSD driver function */ +static rsRetVal +GetRemoteIP(netstrm_t *pThis, uchar **ppsz) +{ + DEFiRet; + ISOBJ_TYPE_assert(pThis, netstrm); + iRet = pThis->Drvr.GetRemoteIP(pThis->pDrvrData, ppsz); + RETiRet; +} + + /* open a connection to a remote host (server). * rgerhards, 2008-03-19 */ @@ -228,6 +251,8 @@ CODESTARTobjQueryInterface(netstrm) pIf->Connect = Connect; pIf->LstnInit = LstnInit; pIf->AcceptConnReq = AcceptConnReq; + pIf->GetRemoteHName = GetRemoteHName; + pIf->GetRemoteIP = GetRemoteIP; finalize_it: ENDobjQueryInterface(netstrm) diff --git a/runtime/netstrm.h b/runtime/netstrm.h index 33d166ea..f4205f80 100644 --- a/runtime/netstrm.h +++ b/runtime/netstrm.h @@ -32,13 +32,7 @@ struct netstrm_s { nsd_t *pDrvrData; /**< the driver's data elements (at most other places, this is called pNsd) */ uchar *pDrvrName; /**< nsd driver name to use, or NULL if system default */ nsd_if_t Drvr; /**< our stream driver */ - netstrms_t *pNS; /**< pointer to our netstream subsystem object */ - /* for listeners, we need to have the capablity to listen on multiple "sockets". This - * is needed to support IPv6. We do this by specifying an array of nsd_t objects to - * handle this case. - */ - //int isizeLstnArr; - //nsd_t **parrLstn; + netstrms_t *pNS; /**< pointer to our netstream subsystem object */ }; @@ -54,11 +48,13 @@ BEGINinterface(netstrm) /* name must also be changed in ENDinterface macro! */ rsRetVal (*Rcv)(netstrm_t *pThis, uchar *pRcvBuf, ssize_t *pLenBuf); rsRetVal (*Send)(netstrm_t *pThis, uchar *pBuf, ssize_t *pLenBuf); rsRetVal (*Connect)(netstrm_t *pThis, int family, unsigned char *port, unsigned char *host); - rsRetVal (*SelectInit)(nsdsel_t **ppSel, netstrm_t *pThis); - rsRetVal (*SelectAdd)(nsdsel_t *pSel, netstrm_t *pThis); - rsRetVal (*SelectWait)(nsdsel_t *pSel, int *piNumReady); - rsRetVal (*SelectIsReady)(nsdsel_t *pSel, int *piNumReady); - rsRetVal (*SelectExit)(nsdsel_t **ppSel); + //rsRetVal (*SelectInit)(nsdsel_t **ppSel, netstrm_t *pThis); + //rsRetVal (*SelectAdd)(nsdsel_t *pSel, netstrm_t *pThis); + //rsRetVal (*SelectWait)(nsdsel_t *pSel, int *piNumReady); + //rsRetVal (*SelectIsReady)(nsdsel_t *pSel, int *piNumReady); + //rsRetVal (*SelectExit)(nsdsel_t **ppSel); + rsRetVal (*GetRemoteHName)(netstrm_t *pThis, uchar **pszName); + rsRetVal (*GetRemoteIP)(netstrm_t *pThis, uchar **pszIP); ENDinterface(netstrm) #define netstrmCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */ diff --git a/runtime/netstrms.c b/runtime/netstrms.c index 46e740ab..661234e4 100644 --- a/runtime/netstrms.c +++ b/runtime/netstrms.c @@ -100,22 +100,6 @@ finalize_it: } -/* load the netstrm interface, but only if needed (if we load it always, we get - * into a circular dependency, because netstrm also needs ourselfs in some cases - * rgerhards, 2008-04-23 - */ -static inline rsRetVal -loadNetstrm(void) -{ - DEFiRet; - if(!netstrm.ifIsLoaded) { - CHKiRet(objUse(netstrm, LM_NETSTRM_FILENAME)); - } -finalize_it: - RETiRet; -} - - /* create an instance of a netstrm object. It is initialized with default * values. The current driver is used. The caller may set netstrm properties * and must call ConstructFinalize(). @@ -126,7 +110,7 @@ CreateStrm(netstrms_t *pThis, netstrm_t **ppStrm) netstrm_t *pStrm = NULL; DEFiRet; - CHKiRet(loadNetstrm()); + CHKiRet(objUse(netstrm, LM_NETSTRM_FILENAME)); CHKiRet(netstrm.Construct(&pStrm)); /* we copy over our driver structure. We could provide a pointer to * ourselves, but that costs some performance on each driver invocation. @@ -173,8 +157,7 @@ CODESTARTObjClassExit(netstrms) /* release objects we no longer need */ //objRelease(net, CORE_COMPONENT); objRelease(glbl, CORE_COMPONENT); - if(netstrm.ifIsLoaded) - objRelease(netstrm, LM_NETSTRM_FILENAME); + objRelease(netstrm, LM_NETSTRM_FILENAME); ENDObjClassExit(netstrms) diff --git a/runtime/nsd.h b/runtime/nsd.h index c32e284e..ff12ecb0 100644 --- a/runtime/nsd.h +++ b/runtime/nsd.h @@ -49,6 +49,8 @@ BEGINinterface(nsd) /* name must also be changed in ENDinterface macro! */ rsRetVal (*LstnInit)(netstrms_t *pNS, void *pUsr, rsRetVal(*fAddLstn)(void*,netstrm_t*), uchar *pLstnPort, uchar *pLstnIP, int iSessMax); rsRetVal (*AcceptConnReq)(nsd_t *pThis, nsd_t **ppThis); + rsRetVal (*GetRemoteHName)(nsd_t *pThis, uchar **pszName); + rsRetVal (*GetRemoteIP)(nsd_t *pThis, uchar **pszIP); ENDinterface(nsd) #define nsdCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */ diff --git a/runtime/nsd_ptcp.c b/runtime/nsd_ptcp.c index 40b11ad4..8dbc80d9 100644 --- a/runtime/nsd_ptcp.c +++ b/runtime/nsd_ptcp.c @@ -207,7 +207,7 @@ AcceptConnReq(nsd_t *pNsd, nsd_t **ppNew) DEFiRet; assert(ppNew != NULL); - ISOBJ_TYPE_assert(pThis, nsd_ptcp_t); + ISOBJ_TYPE_assert(pThis, nsd_ptcp); iNewSock = accept(pThis->sock, (struct sockaddr*) &addr, &addrlen); if(iNewSock < 0) { @@ -294,6 +294,7 @@ LstnInit(netstrms_t *pNS, void *pUsr, rsRetVal(*fAddLstn)(void*,netstrm_t*), numSocks = 0; /* num of sockets counter at start of array */ for(r = res; r != NULL ; r = r->ai_next) { sock = socket(r->ai_family, r->ai_socktype, r->ai_protocol); +RUNLOG_VAR("%d", sock); if(sock < 0) { if(!(r->ai_family == PF_INET6 && errno == EAFNOSUPPORT)) dbgprintf("error %d creating tcp listen socket", errno); @@ -386,11 +387,9 @@ LstnInit(netstrms_t *pNS, void *pUsr, rsRetVal(*fAddLstn)(void*,netstrm_t*), CHKiRet(fAddLstn(pUsr, pNewStrm)); pNewNsd = NULL; pNewStrm = NULL; + ++numSocks; } - if(res != NULL) - freeaddrinfo(res); - if(numSocks != maxs) dbgprintf("We could initialize %d TCP listen sockets out of %d we received " "- this may or may not be an error indication.\n", numSocks, maxs); @@ -401,9 +400,10 @@ LstnInit(netstrms_t *pNS, void *pUsr, rsRetVal(*fAddLstn)(void*,netstrm_t*), } finalize_it: + if(res != NULL) + freeaddrinfo(res); + if(iRet != RS_RET_OK) { - if(res != NULL) - freeaddrinfo(res); if(pNewStrm != NULL) netstrm.Destruct(&pNewStrm); if(pNewNsd != NULL) @@ -515,6 +515,45 @@ finalize_it: } +/* get the remote hostname. The returned hostname must be freed by the + * caller. + * rgerhards, 2008-04-24 + */ +static rsRetVal +GetRemoteHName(nsd_t *pNsd, uchar **ppszHName) +{ + DEFiRet; + nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd; + ISOBJ_TYPE_assert(pThis, nsd_ptcp); + assert(ppszHName != NULL); + + // TODO: how can the RemHost be empty? + CHKmalloc(*ppszHName = (uchar*)strdup(pThis->pRemHostName == NULL ? "" : (char*) pThis->pRemHostName)); + +finalize_it: + RETiRet; +} + + +/* get the remote host's IP address. The returned string must be freed by the + * caller. + * rgerhards, 2008-04-24 + */ +static rsRetVal +GetRemoteIP(nsd_t *pNsd, uchar **ppszIP) +{ + DEFiRet; + nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd; + ISOBJ_TYPE_assert(pThis, nsd_ptcp); + assert(ppszIP != NULL); + + CHKmalloc(*ppszIP = (uchar*)strdup(pThis->pRemHostIP == NULL ? "" : (char*) pThis->pRemHostIP)); + +finalize_it: + RETiRet; +} + + /* queryInterface function */ BEGINobjQueryInterface(nsd_ptcp) CODESTARTobjQueryInterface(nsd_ptcp) @@ -535,6 +574,8 @@ CODESTARTobjQueryInterface(nsd_ptcp) pIf->LstnInit = LstnInit; pIf->AcceptConnReq = AcceptConnReq; pIf->Connect = Connect; + pIf->GetRemoteHName = GetRemoteHName; + pIf->GetRemoteIP = GetRemoteIP; finalize_it: ENDobjQueryInterface(nsd_ptcp) diff --git a/runtime/nsdsel_ptcp.c b/runtime/nsdsel_ptcp.c index c5864809..b439063a 100644 --- a/runtime/nsdsel_ptcp.c +++ b/runtime/nsdsel_ptcp.c @@ -24,19 +24,10 @@ */ #include "config.h" -#include "rsyslog.h" -#include -#include #include #include #include #include -#include -#include -#include -#include -#include -#include #include #include "rsyslog.h" diff --git a/runtime/nssel.c b/runtime/nssel.c index 0cbda9b9..c4f6691e 100644 --- a/runtime/nssel.c +++ b/runtime/nssel.c @@ -74,7 +74,8 @@ loadDrvr(nssel_t *pThis) * about this hack, but for the time being it is efficient and clean * enough. -- rgerhards, 2008-04-18 */ - CHKiRet(obj.UseObj(__FILE__, pDrvrName+2, pDrvrName, (void*) &pThis->Drvr)); + //CHKiRet(obj.UseObj(__FILE__, pDrvrName+2, pDrvrName, (void*) &pThis->Drvr)); + CHKiRet(obj.UseObj(__FILE__, "nsdsel_ptcp", "lmnsdsel_ptcp", (void*) &pThis->Drvr)); finalize_it: RETiRet; } @@ -152,6 +153,7 @@ IsReady(nssel_t *pThis, netstrm_t *pStrm, nsdsel_waitOp_t waitOp, int *pbIsReady ISOBJ_TYPE_assert(pStrm, netstrm); assert(pbIsReady != NULL); assert(piNumReady != NULL); + iRet = pThis->Drvr.IsReady(pThis->pDrvrData, pStrm->pDrvrData, waitOp, pbIsReady); RETiRet; } diff --git a/runtime/obj-types.h b/runtime/obj-types.h index acdc757d..2d0e0f14 100644 --- a/runtime/obj-types.h +++ b/runtime/obj-types.h @@ -106,8 +106,12 @@ struct obj_s { /* the dummy struct that each derived class can be casted to */ do { \ ASSERT(pObj != NULL); \ ASSERT((unsigned) ((obj_t*) (pObj))->iObjCooCKiE == (unsigned) 0xBADEFEE); \ - ASSERT(!strcmp((char*)(((obj_t*)pObj)->pObjInfo->pszID), #objType)); \ - } while(0); + if(strcmp((char*)(((obj_t*)pObj)->pObjInfo->pszID), #objType)) { \ + dbgprintf("ISOBJ assert failure: invalid object type, expected '%s' " \ + "actual '%s'\n", #objType, (((obj_t*)pObj)->pObjInfo->pszID)); \ + assert(0); /* trigger assertion, messge we already have */ \ + } \ + } while(0) #else /* non-debug mode, no checks but much faster */ # define BEGINobjInstance obj_t objData # define ISOBJ_TYPE_assert(pObj, objType) diff --git a/runtime/obj.c b/runtime/obj.c index 8ab606f9..18a4a726 100644 --- a/runtime/obj.c +++ b/runtime/obj.c @@ -1198,7 +1198,7 @@ ReleaseObj(char *srcFile, uchar *pObjName, uchar *pObjFile, interface_t *pIf) FINALIZE; /* if it is not a lodable module, we do not need to do anything... */ if(pIf->ifIsLoaded == 0) { - ABORT_FINALIZE(RS_RET_OK); /* we are already set */ /* TODO: flag an error? */ + ABORT_FINALIZE(RS_RET_OK); /* we are not loaded - this is perfectly OK... */ } if(pIf->ifIsLoaded == 2) { pIf->ifIsLoaded = 0; /* clean up */ diff --git a/tcps_sess.c b/tcps_sess.c index 5f5e993a..27bdbf89 100644 --- a/tcps_sess.c +++ b/tcps_sess.c @@ -119,16 +119,15 @@ finalize_it: RETiRet; } -#if 0 // TODO: don't we need this any longer? static rsRetVal -SetSock(tcps_sess_t *pThis, int sock) +SetStrm(tcps_sess_t *pThis, netstrm_t *pStrm) { DEFiRet; ISOBJ_TYPE_assert(pThis, tcps_sess); - pThis->sock = sock; + pThis->pStrm = pStrm; RETiRet; } -#endif + static rsRetVal SetMsgIdx(tcps_sess_t *pThis, int idx) @@ -393,7 +392,7 @@ CODESTARTobjQueryInterface(tcps_sess) pIf->SetUsrP = SetUsrP; pIf->SetTcpsrv = SetTcpsrv; pIf->SetHost = SetHost; - //pIf->SetSock = SetSock; + pIf->SetStrm = SetStrm; pIf->SetMsgIdx = SetMsgIdx; finalize_it: ENDobjQueryInterface(tcps_sess) diff --git a/tcpsrv.c b/tcpsrv.c index b6fb35fc..2536cdd6 100644 --- a/tcpsrv.c +++ b/tcpsrv.c @@ -182,9 +182,10 @@ TCPSessGetNxtSess(tcpsrv_t *pThis, int iCurr) register int i; ISOBJ_TYPE_assert(pThis, tcpsrv); - for(i = iCurr + 1 ; i < pThis->iSessMax ; ++i) + for(i = iCurr + 1 ; i < pThis->iSessMax ; ++i) { if(pThis->pSessions[i] != NULL) break; + } return((i < pThis->iSessMax) ? i : -1); } @@ -241,6 +242,7 @@ addTcpLstn(void *pUsr, netstrm_t *pLstn) if(pThis->iLstnMax >= TCPLSTN_MAX_DEFAULT) ABORT_FINALIZE(RS_RET_MAX_LSTN_REACHED); +RUNLOG_VAR("%d", pThis->iLstnMax); pThis->ppLstn[pThis->iLstnMax] = pLstn; ++pThis->iLstnMax; @@ -310,8 +312,7 @@ SessAccept(tcpsrv_t *pThis, tcps_sess_t **ppSess, netstrm_t *pStrm) netstrm_t *pNewStrm = NULL; int iSess = -1; struct sockaddr_storage addr; - uchar fromHost[NI_MAXHOST]; - uchar fromHostFQDN[NI_MAXHOST]; + uchar *fromHostFQDN; ISOBJ_TYPE_assert(pThis, tcpsrv); @@ -331,13 +332,8 @@ SessAccept(tcpsrv_t *pThis, tcps_sess_t **ppSess, netstrm_t *pStrm) /* OK, we have a "good" index... */ /* get the host name */ - if(net.cvthname(&addr, fromHost, fromHostFQDN) != RS_RET_OK) { - /* we seem to have something malicous - at least we - * are now told to discard the connection request. - * Error message has been generated by cvthname. - */ - ABORT_FINALIZE(RS_RET_ERR); // TODO: better error code - } + CHKiRet(netstrm.GetRemoteHName(pStrm, &fromHostFQDN)); + /* TODO: check if we need to strip the domain name here -- rgerhards, 2008-04-24 */ /* Here we check if a host is permitted to send us * syslog messages. If it isn't, we do not further @@ -346,10 +342,10 @@ SessAccept(tcpsrv_t *pThis, tcps_sess_t **ppSess, netstrm_t *pStrm) * rgerhards, 2005-09-26 */ if(!pThis->pIsPermittedHost((struct sockaddr*) &addr, (char*) fromHostFQDN, pThis->pUsr, pSess->pUsr)) { - dbgprintf("%s is not an allowed sender\n", (char *) fromHostFQDN); + dbgprintf("%s is not an allowed sender\n", fromHostFQDN); if(glbl.GetOption_DisallowWarning()) { errno = 0; - errmsg.LogError(NO_ERRCODE, "TCP message from disallowed sender %s discarded", fromHost); + errmsg.LogError(NO_ERRCODE, "TCP message from disallowed sender %s discarded", fromHostFQDN); } ABORT_FINALIZE(RS_RET_HOST_NOT_PERMITTED); } @@ -357,7 +353,7 @@ SessAccept(tcpsrv_t *pThis, tcps_sess_t **ppSess, netstrm_t *pStrm) /* OK, we have an allowed sender, so let's continue, what * means we can finally fill in the session object. */ - CHKiRet(tcps_sess.SetHost(pSess, fromHost)); + CHKiRet(tcps_sess.SetHost(pSess, fromHostFQDN)); CHKiRet(tcps_sess.SetStrm(pSess, pNewStrm)); pNewStrm = NULL; /* prevent it from being freed in error handler, now done in tcps_sess! */ CHKiRet(tcps_sess.SetMsgIdx(pSess, 0)); @@ -480,7 +476,6 @@ finalize_it: // TODO: think: is it really good to exit the loop? /* Standard-Constructor */ BEGINobjConstruct(tcpsrv) /* be sure to specify the object type also in END macro! */ pThis->iSessMax = TCPSESS_MAX_DEFAULT; /* TODO: useful default ;) */ - pThis->iLstnMax = TCPLSTN_MAX_DEFAULT; /* TODO: useful default ;) */ ENDobjConstruct(tcpsrv) @@ -497,7 +492,7 @@ tcpsrvConstructFinalize(tcpsrv_t *pThis) CHKiRet(netstrms.ConstructFinalize(pThis->pNS)); /* set up listeners */ - CHKmalloc(pThis->ppLstn = calloc(pThis->iLstnMax, sizeof(netstrm_t*))); + CHKmalloc(pThis->ppLstn = calloc(TCPLSTN_MAX_DEFAULT, sizeof(netstrm_t*))); iRet = pThis->OpenLstnSocks(pThis); finalize_it: -- cgit From 0e19d501bbf4d96bc622436a161b57ff7445a657 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 24 Apr 2008 10:54:51 +0200 Subject: fixed newly introduced memory leaks --- runtime/nsd_ptcp.c | 2 -- runtime/nssel.c | 2 ++ tcps_sess.c | 8 +++++--- tcps_sess.h | 3 +-- tcpsrv.c | 24 +++++++++++++++++++----- 5 files changed, 27 insertions(+), 12 deletions(-) diff --git a/runtime/nsd_ptcp.c b/runtime/nsd_ptcp.c index 8dbc80d9..8ab2ccf7 100644 --- a/runtime/nsd_ptcp.c +++ b/runtime/nsd_ptcp.c @@ -259,7 +259,6 @@ LstnInit(netstrms_t *pNS, void *pUsr, rsRetVal(*fAddLstn)(void*,netstrm_t*), uchar *pLstnPort, uchar *pLstnIP, int iSessMax) { DEFiRet; - nsd_ptcp_t **arrLstn = NULL; netstrm_t *pNewStrm = NULL; nsd_t *pNewNsd = NULL; int error, maxs, on = 1; @@ -289,7 +288,6 @@ LstnInit(netstrms_t *pNS, void *pUsr, rsRetVal(*fAddLstn)(void*,netstrm_t*), /* Count max number of sockets we may open */ for(maxs = 0, r = res; r != NULL ; r = r->ai_next, maxs++) /* EMPTY */; - CHKmalloc(arrLstn = (nsd_ptcp_t**) malloc((maxs+1) * sizeof(nsd_ptcp_t*))); numSocks = 0; /* num of sockets counter at start of array */ for(r = res; r != NULL ; r = r->ai_next) { diff --git a/runtime/nssel.c b/runtime/nssel.c index c4f6691e..7cb63e98 100644 --- a/runtime/nssel.c +++ b/runtime/nssel.c @@ -89,6 +89,8 @@ ENDobjConstruct(nssel) /* destructor for the nssel object */ BEGINobjDestruct(nssel) /* be sure to specify the object type also in END and CODESTART macros! */ CODESTARTobjDestruct(nssel) + if(pThis->pDrvrData != NULL) + pThis->Drvr.Destruct(&pThis->pDrvrData); ENDobjDestruct(nssel) diff --git a/tcps_sess.c b/tcps_sess.c index 27bdbf89..33c13aa0 100644 --- a/tcps_sess.c +++ b/tcps_sess.c @@ -100,6 +100,10 @@ ENDobjDebugPrint(tcps_sess) /* set property functions */ +/* set the hostname. Note that the caller *hands over* the string. That is, + * the caller no longer controls it once SetHost() has received it. Most importantly, + * the caller must not free it. -- gerhards, 2008-04-24 + */ static rsRetVal SetHost(tcps_sess_t *pThis, uchar *pszHost) { @@ -109,11 +113,9 @@ SetHost(tcps_sess_t *pThis, uchar *pszHost) if(pThis->fromHost != NULL) { free(pThis->fromHost); - pThis->fromHost = NULL; } - if((pThis->fromHost = strdup((char*)pszHost)) == NULL) - ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); + pThis->fromHost = pszHost; finalize_it: RETiRet; diff --git a/tcps_sess.h b/tcps_sess.h index 7baa035a..9f3d10d6 100644 --- a/tcps_sess.h +++ b/tcps_sess.h @@ -32,7 +32,6 @@ struct tcpsrv_s; typedef struct tcps_sess_s { BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */ struct tcpsrv_s *pSrv; /* pointer back to my server (e.g. for callbacks) */ - //int sock; // TODO: remove netstrm_t *pStrm; int iMsg; /* index of next char to store in msg */ int bAtStrtOfFram; /* are we at the very beginning of a new frame? */ @@ -44,7 +43,7 @@ typedef struct tcps_sess_s { int iOctetsRemain; /* Number of Octets remaining in message */ TCPFRAMINGMODE eFraming; char msg[MAXLINE+1]; - char *fromHost; + uchar *fromHost; void *pUsr; /* a user-pointer */ } tcps_sess_t; diff --git a/tcpsrv.c b/tcpsrv.c index 2536cdd6..086d17b8 100644 --- a/tcpsrv.c +++ b/tcpsrv.c @@ -276,7 +276,6 @@ create_tcp_socket(tcpsrv_t *pThis) /* TODO: add capability to specify local listen address! */ CHKiRet(netstrm.LstnInit(pThis->pNS, (void*)pThis, addTcpLstn, TCPLstnPort, NULL, pThis->iSessMax)); - /* OK, we had success. Now it is also time to * initialize our connections */ @@ -312,7 +311,7 @@ SessAccept(tcpsrv_t *pThis, tcps_sess_t **ppSess, netstrm_t *pStrm) netstrm_t *pNewStrm = NULL; int iSess = -1; struct sockaddr_storage addr; - uchar *fromHostFQDN; + uchar *fromHostFQDN = NULL; ISOBJ_TYPE_assert(pThis, tcpsrv); @@ -382,6 +381,14 @@ finalize_it: } +static void +RunCancelCleanup(void *arg) +{ + nssel_t **ppSel = (nssel_t**) arg; + + if(*ppSel != NULL) + nssel.Destruct(ppSel); +} /* This function is called to gather input. */ static rsRetVal Run(tcpsrv_t *pThis) @@ -397,10 +404,11 @@ Run(tcpsrv_t *pThis) ISOBJ_TYPE_assert(pThis, tcpsrv); - /* this is an endless loop - it is terminated when the thread is - * signalled to do so. This, however, is handled by the framework, - * right into the sleep below. + /* this is an endless loop - it is terminated by the framework canelling + * this thread. Thus, we also need to instantiate a cancel cleanup handler + * to prevent us from leaking anything. -- rgerharsd, 20080-04-24 */ + pthread_cleanup_push(RunCancelCleanup, (void*) &pSel); while(1) { CHKiRet(nssel.Construct(&pSel)); // TODO: set driver @@ -466,8 +474,12 @@ Run(tcpsrv_t *pThis) } iTCPSess = TCPSessGetNxtSess(pThis, iTCPSess); } + CHKiRet(nssel.Destruct(&pSel)); } + /* note that this point is usually not reached */ + pthread_cleanup_pop(0); /* remove cleanup handler */ + finalize_it: // TODO: think: is it really good to exit the loop? RETiRet; } @@ -514,6 +526,8 @@ CODESTARTobjDestruct(tcpsrv) if(pThis->pNS != NULL) netstrms.Destruct(&pThis->pNS); + if(pThis->ppLstn != NULL) + free(pThis->ppLstn); ENDobjDestruct(tcpsrv) -- cgit From a7040a9623e228043209da897dbf30b9ab02d771 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 24 Apr 2008 11:03:34 +0200 Subject: some cleanup --- runtime/netstrm.c | 1 - runtime/nsd_ptcp.c | 1 - 2 files changed, 2 deletions(-) diff --git a/runtime/netstrm.c b/runtime/netstrm.c index 670899ef..be754aae 100644 --- a/runtime/netstrm.c +++ b/runtime/netstrm.c @@ -117,7 +117,6 @@ AcceptConnReq(netstrm_t *pThis, netstrm_t **ppNew) assert(ppNew != NULL); /* accept the new connection */ -RUNLOG_VAR("%p", pThis->pDrvrData); CHKiRet(pThis->Drvr.AcceptConnReq(pThis->pDrvrData, &pNewNsd)); /* construct our object so that we can use it... */ CHKiRet(netstrms.CreateStrm(pThis->pNS, ppNew)); diff --git a/runtime/nsd_ptcp.c b/runtime/nsd_ptcp.c index 8ab2ccf7..c5cba12b 100644 --- a/runtime/nsd_ptcp.c +++ b/runtime/nsd_ptcp.c @@ -292,7 +292,6 @@ LstnInit(netstrms_t *pNS, void *pUsr, rsRetVal(*fAddLstn)(void*,netstrm_t*), numSocks = 0; /* num of sockets counter at start of array */ for(r = res; r != NULL ; r = r->ai_next) { sock = socket(r->ai_family, r->ai_socktype, r->ai_protocol); -RUNLOG_VAR("%d", sock); if(sock < 0) { if(!(r->ai_family == PF_INET6 && errno == EAFNOSUPPORT)) dbgprintf("error %d creating tcp listen socket", errno); -- cgit From af50a76c3f251c82ef9d21ecf9a2ca8877852906 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 24 Apr 2008 17:59:43 +0200 Subject: made this compile with the new abstracted socket server calls undid some invalid changes during merge plus did a few wrappers. Compiles, but does not yet work. --- runtime/nsd.h | 5 +++++ runtime/nsd_gtls.c | 11 ++--------- runtime/nsd_ptcp.c | 1 + runtime/rsyslog.h | 3 --- 4 files changed, 8 insertions(+), 12 deletions(-) diff --git a/runtime/nsd.h b/runtime/nsd.h index d6fa9e0d..044cc266 100644 --- a/runtime/nsd.h +++ b/runtime/nsd.h @@ -50,6 +50,11 @@ BEGINinterface(nsd) /* name must also be changed in ENDinterface macro! */ rsRetVal (*AcceptConnReq)(nsd_t *pThis, nsd_t **ppThis); rsRetVal (*GetRemoteHName)(nsd_t *pThis, uchar **pszName); rsRetVal (*GetRemoteIP)(nsd_t *pThis, uchar **pszIP); + rsRetVal (*GetSock)(nsd_t *pThis, int *pSock); + /* GetSock() returns an error if the driver does not use plain + * OS sockets. This interface is primarily meant as an internal aid for + * those drivers that utilize the nsd_ptcp to do some of their work. + */ ENDinterface(nsd) #define nsdCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */ diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c index 648b843e..604e4bcb 100644 --- a/runtime/nsd_gtls.c +++ b/runtime/nsd_gtls.c @@ -174,18 +174,11 @@ Abort(nsd_t *pNsd) * gerhards, 2008-03-17 */ static rsRetVal -LstnInit(nsd_t *pNsd, uchar *pLstnPort) +LstnInit(netstrms_t *pNS, void *pUsr, rsRetVal(*fAddLstn)(void*,netstrm_t*), + uchar *pLstnPort, uchar *pLstnIP, int iSessMax) { - nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd; DEFiRet; - ISOBJ_TYPE_assert(pThis, nsd_gtls); - assert(pLstnPort != NULL); - - if(pThis->iMode == 0) { - CHKiRet(nsd_ptcp.LstnInit(pThis->pTcp, pLstnPort)); - } - finalize_it: RETiRet; } diff --git a/runtime/nsd_ptcp.c b/runtime/nsd_ptcp.c index 2b77787e..584cc93f 100644 --- a/runtime/nsd_ptcp.c +++ b/runtime/nsd_ptcp.c @@ -586,6 +586,7 @@ CODESTARTobjQueryInterface(nsd_ptcp) pIf->Construct = (rsRetVal(*)(nsd_t**)) nsd_ptcpConstruct; pIf->Destruct = (rsRetVal(*)(nsd_t**)) nsd_ptcpDestruct; pIf->Abort = Abort; + pIf->GetSock = GetSock; pIf->Rcv = Rcv; pIf->Send = Send; pIf->LstnInit = LstnInit; diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h index f59c38bf..c20a61ea 100644 --- a/runtime/rsyslog.h +++ b/runtime/rsyslog.h @@ -69,13 +69,10 @@ typedef struct netstrm_s netstrm_t; typedef struct nssel_s nssel_t; typedef enum nsdsel_waitOp_e nsdsel_waitOp_t; typedef struct nsd_ptcp_s nsd_ptcp_t; -<<<<<<< HEAD:runtime/rsyslog.h typedef struct nsd_gtls_s nsd_gtls_t; typedef struct nsd_gsspi_s nsd_gsspi_t; typedef struct nsd_nss_s nsd_nss_t; -======= typedef struct nsdsel_ptcp_s nsdsel_ptcp_t; ->>>>>>> a7040a9623e228043209da897dbf30b9ab02d771:runtime/rsyslog.h typedef obj_t nsd_t; typedef obj_t nsdsel_t; typedef struct msg msg_t; -- cgit From af30c9f8f2dba9b817c9c3b6c6f1b3e8264a8e0f Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 24 Apr 2008 20:10:24 +0200 Subject: added select() driver for GnuTls --- runtime/Makefile.am | 7 +++ runtime/nsd_gtls.c | 22 ++----- runtime/nsdsel_gtls.c | 170 ++++++++++++++++++++++++++++++++++++++++++++++++++ runtime/nsdsel_gtls.h | 45 +++++++++++++ runtime/nsdsel_ptcp.h | 1 + runtime/rsyslog.h | 1 + 6 files changed, 229 insertions(+), 17 deletions(-) create mode 100644 runtime/nsdsel_gtls.c create mode 100644 runtime/nsdsel_gtls.h diff --git a/runtime/Makefile.am b/runtime/Makefile.am index 15efcbb8..dcb475d8 100644 --- a/runtime/Makefile.am +++ b/runtime/Makefile.am @@ -134,5 +134,12 @@ lmnsd_gtls_la_SOURCES = nsd_gtls.c nsd_gtls.h lmnsd_gtls_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags) $(gnutls_cflags) lmnsd_gtls_la_LDFLAGS = -module -avoid-version lmnsd_gtls_la_LIBADD = $(gnutls_libs) +# +# select interface for gtls driver +pkglib_LTLIBRARIES += lmnsdsel_gtls.la +lmnsdsel_gtls_la_SOURCES = nsdsel_gtls.c nsdsel_gtls.h +lmnsdsel_gtls_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags) +lmnsdsel_gtls_la_LDFLAGS = -module -avoid-version +lmnsdsel_gtls_la_LIBADD = endif diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c index 604e4bcb..d2606799 100644 --- a/runtime/nsd_gtls.c +++ b/runtime/nsd_gtls.c @@ -2,7 +2,7 @@ * * An implementation of the nsd interface for GnuTLS. * - * Copyright 2007, 2008 Rainer Gerhards and Adiscon GmbH. + * Copyright (C) 2007, 2008 Rainer Gerhards and Adiscon GmbH. * * This file is part of the rsyslog runtime library. * @@ -23,27 +23,13 @@ * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution. */ #include "config.h" - -#include "rsyslog.h" -#include -#include #include #include -#include -#include -#include -#include -#include -#include -#include -#include #include #include "rsyslog.h" #include "syslogd-types.h" #include "module-template.h" -#include "parse.h" -#include "srUtils.h" #include "obj.h" #include "errmsg.h" #include "nsd_ptcp.h" @@ -202,8 +188,11 @@ Rcv(nsd_t *pNsd, uchar *pBuf, ssize_t *pLenBuf) if(pThis->iMode == 0) { CHKiRet(nsd_ptcp.Rcv(pThis->pTcp, pBuf, pLenBuf)); + FINALIZE; } + /* in TLS mode now */ + finalize_it: RETiRet; } @@ -231,7 +220,6 @@ Send(nsd_t *pNsd, uchar *pBuf, ssize_t *pLenBuf) /* in TLS mode now */ while(1) { /* loop broken inside */ iSent = gnutls_record_send(pThis->sess, pBuf, *pLenBuf); -RUNLOG_VAR("%d", iSent); if(iSent >= 0) { *pLenBuf = iSent; break; @@ -255,7 +243,7 @@ Connect(nsd_t *pNsd, int family, uchar *port, uchar *host) nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd; int sock; int gnuRet; -static const int cert_type_priority[3] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 }; + static const int cert_type_priority[3] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 }; DEFiRet; ISOBJ_TYPE_assert(pThis, nsd_gtls); diff --git a/runtime/nsdsel_gtls.c b/runtime/nsdsel_gtls.c new file mode 100644 index 00000000..e32dfd10 --- /dev/null +++ b/runtime/nsdsel_gtls.c @@ -0,0 +1,170 @@ +/* nsdsel_gtls.c + * + * An implementation of the nsd select() interface for GnuTLS. + * + * Copyright (C) 2008 Rainer Gerhards and Adiscon GmbH. + * + * This file is part of the rsyslog runtime library. + * + * The rsyslog runtime library is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * The rsyslog runtime library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the rsyslog runtime library. If not, see . + * + * A copy of the GPL can be found in the file "COPYING" in this distribution. + * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution. + */ +#include "config.h" + +#include +#include +#include +#include +#include +#include + +#include "rsyslog.h" +#include "module-template.h" +#include "obj.h" +#include "errmsg.h" +#include "nsd.h" +#include "nsdsel_ptcp.h" +#include "nsdsel_gtls.h" + +MODULE_TYPE_LIB + +/* static data */ +DEFobjStaticHelpers +DEFobjCurrIf(errmsg) +DEFobjCurrIf(glbl) +DEFobjCurrIf(nsdsel_ptcp) + + +/* Standard-Constructor + */ +BEGINobjConstruct(nsdsel_gtls) /* be sure to specify the object type also in END macro! */ + iRet = nsdsel_ptcp.Construct(&pThis->pTcp); +ENDobjConstruct(nsdsel_gtls) + + +/* destructor for the nsdsel_gtls object */ +BEGINobjDestruct(nsdsel_gtls) /* be sure to specify the object type also in END and CODESTART macros! */ +CODESTARTobjDestruct(nsdsel_gtls) + if(pThis->pTcp != NULL) + nsdsel_ptcp.Destruct(&pThis->pTcp); +ENDobjDestruct(nsdsel_gtls) + + +/* Add a socket to the select set */ +static rsRetVal +Add(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp) +{ + DEFiRet; + iRet = nsdsel_ptcp.Add(pNsdsel, pNsd, waitOp); + RETiRet; +} + + +/* perform the select() piNumReady returns how many descriptors are ready for IO + * TODO: add timeout! + */ +static rsRetVal +Select(nsdsel_t *pNsdsel, int *piNumReady) +{ + DEFiRet; + iRet = nsdsel_ptcp.Select(pNsdsel, piNumReady); + RETiRet; +} + + +/* check if a socket is ready for IO */ +static rsRetVal +IsReady(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp, int *pbIsReady) +{ + DEFiRet; + iRet = nsdsel_ptcp.IsReady(pNsdsel, pNsd, waitOp, pbIsReady); + RETiRet; +} + + +/* ------------------------------ end support for the select() interface ------------------------------ */ + + +/* queryInterface function */ +BEGINobjQueryInterface(nsdsel_gtls) +CODESTARTobjQueryInterface(nsdsel_gtls) + if(pIf->ifVersion != nsdCURR_IF_VERSION) {/* check for current version, increment on each change */ + ABORT_FINALIZE(RS_RET_INTERFACE_NOT_SUPPORTED); + } + + /* ok, we have the right interface, so let's fill it + * Please note that we may also do some backwards-compatibility + * work here (if we can support an older interface version - that, + * of course, also affects the "if" above). + */ + pIf->Construct = (rsRetVal(*)(nsdsel_t**)) nsdsel_gtlsConstruct; + pIf->Destruct = (rsRetVal(*)(nsdsel_t**)) nsdsel_gtlsDestruct; + pIf->Add = Add; + pIf->Select = Select; + pIf->IsReady = IsReady; +finalize_it: +ENDobjQueryInterface(nsdsel_gtls) + + +/* exit our class + */ +BEGINObjClassExit(nsdsel_gtls, OBJ_IS_LOADABLE_MODULE) /* CHANGE class also in END MACRO! */ +CODESTARTObjClassExit(nsdsel_gtls) + /* release objects we no longer need */ + objRelease(glbl, CORE_COMPONENT); + objRelease(errmsg, CORE_COMPONENT); + objRelease(nsdsel_ptcp, LM_NSDSEL_PTCP_FILENAME); +ENDObjClassExit(nsdsel_gtls) + + +/* Initialize the nsdsel_gtls class. Must be called as the very first method + * before anything else is called inside this class. + * rgerhards, 2008-02-19 + */ +BEGINObjClassInit(nsdsel_gtls, 1, OBJ_IS_LOADABLE_MODULE) /* class, version */ + /* request objects we use */ + CHKiRet(objUse(errmsg, CORE_COMPONENT)); + CHKiRet(objUse(glbl, CORE_COMPONENT)); + CHKiRet(objUse(nsdsel_ptcp, LM_NSDSEL_PTCP_FILENAME)); + + /* set our own handlers */ +ENDObjClassInit(nsdsel_gtls) + + +/* --------------- here now comes the plumbing that makes as a library module --------------- */ + + +BEGINmodExit +CODESTARTmodExit + nsdsel_gtlsClassExit(); +ENDmodExit + + +BEGINqueryEtryPt +CODESTARTqueryEtryPt +CODEqueryEtryPt_STD_LIB_QUERIES +ENDqueryEtryPt + + +BEGINmodInit() +CODESTARTmodInit + *ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */ + + /* Initialize all classes that are in our module - this includes ourselfs */ + CHKiRet(nsdsel_gtlsClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */ +ENDmodInit +/* vi:set ai: + */ diff --git a/runtime/nsdsel_gtls.h b/runtime/nsdsel_gtls.h new file mode 100644 index 00000000..a309d302 --- /dev/null +++ b/runtime/nsdsel_gtls.h @@ -0,0 +1,45 @@ +/* An implementation of the nsd select interface for GnuTLS. + * + * Copyright (C) 2008 Rainer Gerhards and Adiscon GmbH. + * + * This file is part of the rsyslog runtime library. + * + * The rsyslog runtime library is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * The rsyslog runtime library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the rsyslog runtime library. If not, see . + * + * A copy of the GPL can be found in the file "COPYING" in this distribution. + * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution. + */ + +#ifndef INCLUDED_NSDSEL_GTLS_H +#define INCLUDED_NSDSEL_GTLS_H + +#include "nsd.h" +typedef nsdsel_if_t nsdsel_gtls_if_t; /* we just *implement* this interface */ + +/* the nsdsel_gtls object */ +struct nsdsel_gtls_s { + BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */ + nsdsel_t *pTcp; /* our aggregated ptcp sel handler (which does almost everything) */ +}; + +/* interface is defined in nsd.h, we just implement it! */ +#define nsdsel_gtlsCURR_IF_VERSION nsdCURR_IF_VERSION + +/* prototypes */ +PROTOTYPEObj(nsdsel_gtls); + +/* the name of our library binary */ +#define LM_NSDSEL_GTLS_FILENAME "lmnsdsel_gtls" + +#endif /* #ifndef INCLUDED_NSDSEL_GTLS_H */ diff --git a/runtime/nsdsel_ptcp.h b/runtime/nsdsel_ptcp.h index 39294d7d..93874e55 100644 --- a/runtime/nsdsel_ptcp.h +++ b/runtime/nsdsel_ptcp.h @@ -36,6 +36,7 @@ struct nsdsel_ptcp_s { }; /* interface is defined in nsd.h, we just implement it! */ +#define nsdsel_ptcpCURR_IF_VERSION nsdCURR_IF_VERSION /* prototypes */ PROTOTYPEObj(nsdsel_ptcp); diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h index c20a61ea..19fda468 100644 --- a/runtime/rsyslog.h +++ b/runtime/rsyslog.h @@ -73,6 +73,7 @@ typedef struct nsd_gtls_s nsd_gtls_t; typedef struct nsd_gsspi_s nsd_gsspi_t; typedef struct nsd_nss_s nsd_nss_t; typedef struct nsdsel_ptcp_s nsdsel_ptcp_t; +typedef struct nsdsel_gtls_s nsdsel_gtls_t; typedef obj_t nsd_t; typedef obj_t nsdsel_t; typedef struct msg msg_t; -- cgit From 21bea2e1df044771f713fa426bf6b005385c40da Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 24 Apr 2008 20:52:02 +0200 Subject: added forgotten file --- tools/Makefile.am | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 tools/Makefile.am diff --git a/tools/Makefile.am b/tools/Makefile.am new file mode 100644 index 00000000..f00abf0b --- /dev/null +++ b/tools/Makefile.am @@ -0,0 +1,42 @@ +sbin_PROGRAMS = +man_MANS = + +sbin_PROGRAMS += rsyslogd +rsyslogd_SOURCES = \ + syslogd.c \ + syslogd.h \ + omshell.c \ + omshell.h \ + omusrmsg.c \ + omusrmsg.h \ + omfwd.c \ + omfwd.h \ + omfile.c \ + omfile.h \ + omdiscard.c \ + omdiscard.h \ + iminternal.c \ + iminternal.h \ + pidfile.c \ + pidfile.h \ + \ + ../action.h \ + ../action.c \ + ../threads.c \ + ../threads.h \ + \ + ../parse.c \ + ../parse.h \ + \ + ../outchannel.c \ + ../outchannel.h \ + ../template.c \ + ../template.h \ + ../conf.c \ + ../conf.h + +rsyslogd_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags) +rsyslogd_LDADD = $(zlib_libs) $(pthreads_libs) $(dl_libs) $(rt_libs) $(rsrt_libs) +rsyslogd_LDFLAGS = -export-dynamic + +man_MANS += rsyslogd.8 rsyslog.conf.5 -- cgit From 75cf92117c118f9aca37b39f44ad1e1e759f78bf Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Fri, 25 Apr 2008 12:54:59 +0200 Subject: made gtls server driver work in plain tcp mode --- runtime/netstrm.c | 7 ---- runtime/netstrm.h | 6 ---- runtime/nsd.h | 3 +- runtime/nsd_gtls.c | 91 +++++++++++++++++++++++++++++++++++++++++++++++---- runtime/nsd_ptcp.c | 28 ++++++++++++++-- runtime/nsdsel_gtls.c | 20 +++++++++-- runtime/nsdsel_ptcp.c | 2 ++ runtime/nssel.c | 2 +- runtime/obj-types.h | 4 +-- tcpsrv.c | 2 +- 10 files changed, 135 insertions(+), 30 deletions(-) diff --git a/runtime/netstrm.c b/runtime/netstrm.c index 5e073899..be754aae 100644 --- a/runtime/netstrm.c +++ b/runtime/netstrm.c @@ -68,13 +68,6 @@ BEGINobjDestruct(netstrm) /* be sure to specify the object type also in END and CODESTARTobjDestruct(netstrm) if(pThis->pDrvrData != NULL) iRet = pThis->Drvr.Destruct(&pThis->pDrvrData); - - /* driver can only be released after all data has been destructed */ - if(pThis->Drvr.ifIsLoaded == 1) { - obj.ReleaseObj(__FILE__, pThis->pDrvrName+2, pThis->pDrvrName, (void*) &pThis->Drvr); - } - if(pThis->pDrvrName != NULL) - free(pThis->pDrvrName); ENDobjDestruct(netstrm) diff --git a/runtime/netstrm.h b/runtime/netstrm.h index f4205f80..160bbb0b 100644 --- a/runtime/netstrm.h +++ b/runtime/netstrm.h @@ -30,7 +30,6 @@ struct netstrm_s { BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */ nsd_t *pDrvrData; /**< the driver's data elements (at most other places, this is called pNsd) */ - uchar *pDrvrName; /**< nsd driver name to use, or NULL if system default */ nsd_if_t Drvr; /**< our stream driver */ netstrms_t *pNS; /**< pointer to our netstream subsystem object */ }; @@ -48,11 +47,6 @@ BEGINinterface(netstrm) /* name must also be changed in ENDinterface macro! */ rsRetVal (*Rcv)(netstrm_t *pThis, uchar *pRcvBuf, ssize_t *pLenBuf); rsRetVal (*Send)(netstrm_t *pThis, uchar *pBuf, ssize_t *pLenBuf); rsRetVal (*Connect)(netstrm_t *pThis, int family, unsigned char *port, unsigned char *host); - //rsRetVal (*SelectInit)(nsdsel_t **ppSel, netstrm_t *pThis); - //rsRetVal (*SelectAdd)(nsdsel_t *pSel, netstrm_t *pThis); - //rsRetVal (*SelectWait)(nsdsel_t *pSel, int *piNumReady); - //rsRetVal (*SelectIsReady)(nsdsel_t *pSel, int *piNumReady); - //rsRetVal (*SelectExit)(nsdsel_t **ppSel); rsRetVal (*GetRemoteHName)(netstrm_t *pThis, uchar **pszName); rsRetVal (*GetRemoteIP)(netstrm_t *pThis, uchar **pszIP); ENDinterface(netstrm) diff --git a/runtime/nsd.h b/runtime/nsd.h index 044cc266..1b3702a0 100644 --- a/runtime/nsd.h +++ b/runtime/nsd.h @@ -51,7 +51,8 @@ BEGINinterface(nsd) /* name must also be changed in ENDinterface macro! */ rsRetVal (*GetRemoteHName)(nsd_t *pThis, uchar **pszName); rsRetVal (*GetRemoteIP)(nsd_t *pThis, uchar **pszIP); rsRetVal (*GetSock)(nsd_t *pThis, int *pSock); - /* GetSock() returns an error if the driver does not use plain + rsRetVal (*SetSock)(nsd_t *pThis, int sock); + /* GetSock() and SetSock() return an error if the driver does not use plain * OS sockets. This interface is primarily meant as an internal aid for * those drivers that utilize the nsd_ptcp to do some of their work. */ diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c index d2606799..f3622f36 100644 --- a/runtime/nsd_gtls.c +++ b/runtime/nsd_gtls.c @@ -117,6 +117,7 @@ gtlsEndSess(nsd_gtls_t *pThis) BEGINobjConstruct(nsd_gtls) /* be sure to specify the object type also in END macro! */ iRet = nsd_ptcp.Construct(&pThis->pTcp); pThis->iMode = 1; /* TODO: must be made configurable */ + pThis->iMode = 0; /* TODO: must be made configurable */ ENDobjConstruct(nsd_gtls) @@ -127,11 +128,31 @@ CODESTARTobjDestruct(nsd_gtls) gtlsEndSess(pThis); } +RUNLOG_VAR("%p", pThis->pTcp); if(pThis->pTcp != NULL) nsd_ptcp.Destruct(&pThis->pTcp); ENDobjDestruct(nsd_gtls) +/* Provide access to the underlying OS socket. This is primarily + * useful for other drivers (like nsd_gtls) who utilize ourselfs + * for some of their functionality. -- rgerhards, 2008-04-18 + */ +static rsRetVal +SetSock(nsd_t *pNsd, int sock) +{ + DEFiRet; + nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd; + + ISOBJ_TYPE_assert((pThis), nsd_gtls); + assert(sock >= 0); + + nsd_ptcp.SetSock(pThis->pTcp, sock); + + RETiRet; +} + + /* abort a connection. This is meant to be called immediately * before the Destruct call. -- rgerhards, 2008-03-24 */ @@ -153,19 +174,73 @@ Abort(nsd_t *pNsd) /* initialize the tcp socket for a listner - * pLstnPort must point to a port name or number. NULL is NOT permitted - * (hint: we need to be careful when we use this module together with librelp, - * there NULL indicates the default port - * default is used. - * gerhards, 2008-03-17 + * Here, we use the ptcp driver - because there is nothing special + * at this point with GnuTLS. Things become special once we accept + * a session, but not during listener setup. + * gerhards, 2008-04-25 */ static rsRetVal LstnInit(netstrms_t *pNS, void *pUsr, rsRetVal(*fAddLstn)(void*,netstrm_t*), uchar *pLstnPort, uchar *pLstnIP, int iSessMax) { DEFiRet; + iRet = nsd_ptcp.LstnInit(pNS, pUsr, fAddLstn, pLstnPort, pLstnIP, iSessMax); + RETiRet; +} + + +/* get the remote hostname. The returned hostname must be freed by the caller. + * rgerhards, 2008-04-25 + */ +static rsRetVal +GetRemoteHName(nsd_t *pNsd, uchar **ppszHName) +{ + DEFiRet; + nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd; + ISOBJ_TYPE_assert(pThis, nsd_gtls); + iRet = nsd_ptcp.GetRemoteHName(pThis->pTcp, ppszHName); + RETiRet; +} + + +/* get the remote host's IP address. The returned string must be freed by the + * caller. + * rgerhards, 2008-04-25 + */ +static rsRetVal +GetRemoteIP(nsd_t *pNsd, uchar **ppszIP) +{ + DEFiRet; + nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd; + ISOBJ_TYPE_assert(pThis, nsd_gtls); + iRet = nsd_ptcp.GetRemoteIP(pThis->pTcp, ppszIP); + RETiRet; +} + + +/* accept an incoming connection request - here, we do the usual accept + * handling. TLS specific handling is done thereafter (and if we run in TLS + * mode at this time). + * rgerhards, 2008-04-25 + */ +static rsRetVal +AcceptConnReq(nsd_t *pNsd, nsd_t **ppNew) +{ + DEFiRet; + nsd_gtls_t *pNew = NULL; + nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd; + + ISOBJ_TYPE_assert((pThis), nsd_gtls); + CHKiRet(nsd_gtlsConstruct(&pNew)); + CHKiRet(nsd_ptcp.AcceptConnReq(pThis->pTcp, &pNew->pTcp)); + + *ppNew = (nsd_t*) pNew; finalize_it: + if(iRet != RS_RET_OK) { + if(pNew != NULL) + nsd_gtlsDestruct(&pNew); + } RETiRet; } @@ -187,6 +262,7 @@ Rcv(nsd_t *pNsd, uchar *pBuf, ssize_t *pLenBuf) ISOBJ_TYPE_assert(pThis, nsd_gtls); if(pThis->iMode == 0) { +RUNLOG; CHKiRet(nsd_ptcp.Rcv(pThis->pTcp, pBuf, pLenBuf)); FINALIZE; } @@ -302,10 +378,13 @@ CODESTARTobjQueryInterface(nsd_gtls) pIf->Destruct = (rsRetVal(*)(nsd_t**)) nsd_gtlsDestruct; pIf->Abort = Abort; pIf->LstnInit = LstnInit; - //pIf->AcceptConnReq = AcceptConnReq; + pIf->AcceptConnReq = AcceptConnReq; pIf->Rcv = Rcv; pIf->Send = Send; pIf->Connect = Connect; + pIf->SetSock = SetSock; + pIf->GetRemoteHName = GetRemoteHName; + pIf->GetRemoteIP = GetRemoteIP; finalize_it: ENDobjQueryInterface(nsd_gtls) diff --git a/runtime/nsd_ptcp.c b/runtime/nsd_ptcp.c index 584cc93f..2a74e061 100644 --- a/runtime/nsd_ptcp.c +++ b/runtime/nsd_ptcp.c @@ -93,7 +93,6 @@ ENDobjDestruct(nsd_ptcp) /* Provide access to the underlying OS socket. This is primarily * useful for other drivers (like nsd_gtls) who utilize ourselfs * for some of their functionality. -- rgerhards, 2008-04-18 - * TODO: what about the server socket structure? */ static rsRetVal GetSock(nsd_t *pNsd, int *pSock) @@ -110,6 +109,26 @@ GetSock(nsd_t *pNsd, int *pSock) } +/* Provide access to the underlying OS socket. This is primarily + * useful for other drivers (like nsd_gtls) who utilize ourselfs + * for some of their functionality. + * This function sets the socket -- rgerhards, 2008-04-25 + */ +static rsRetVal +SetSock(nsd_t *pNsd, int sock) +{ + nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd; + DEFiRet; + + ISOBJ_TYPE_assert((pThis), nsd_ptcp); + assert(sock >= 0); + + pThis->sock = sock; + + RETiRet; +} + + /* abort a connection. This is meant to be called immediately * before the Destruct call. -- rgerhards, 2008-03-24 */ @@ -211,7 +230,6 @@ finalize_it: } - /* accept an incoming connection request * rgerhards, 2008-04-22 */ @@ -397,10 +415,13 @@ LstnInit(netstrms_t *pNS, void *pUsr, rsRetVal(*fAddLstn)(void*,netstrm_t*), * construct a new netstrm obj and hand it over to the upper layers for inclusion * into their socket array. -- rgerhards, 2008-04-23 */ +RUNLOG_VAR("%d", sock); CHKiRet(pNS->Drvr.Construct(&pNewNsd)); - ((nsd_ptcp_t*)pNewNsd)->sock = sock; + CHKiRet(pNS->Drvr.SetSock(pNewNsd, sock)); +RUNLOG; CHKiRet(netstrms.CreateStrm(pNS, &pNewStrm)); pNewStrm->pDrvrData = (nsd_t*) pNewNsd; +RUNLOG; CHKiRet(fAddLstn(pUsr, pNewStrm)); pNewNsd = NULL; pNewStrm = NULL; @@ -587,6 +608,7 @@ CODESTARTobjQueryInterface(nsd_ptcp) pIf->Destruct = (rsRetVal(*)(nsd_t**)) nsd_ptcpDestruct; pIf->Abort = Abort; pIf->GetSock = GetSock; + pIf->SetSock = SetSock; pIf->Rcv = Rcv; pIf->Send = Send; pIf->LstnInit = LstnInit; diff --git a/runtime/nsdsel_gtls.c b/runtime/nsdsel_gtls.c index e32dfd10..7cafec49 100644 --- a/runtime/nsdsel_gtls.c +++ b/runtime/nsdsel_gtls.c @@ -36,6 +36,7 @@ #include "obj.h" #include "errmsg.h" #include "nsd.h" +#include "nsd_gtls.h" #include "nsdsel_ptcp.h" #include "nsdsel_gtls.h" @@ -68,7 +69,12 @@ static rsRetVal Add(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp) { DEFiRet; - iRet = nsdsel_ptcp.Add(pNsdsel, pNsd, waitOp); + nsdsel_gtls_t *pThis = (nsdsel_gtls_t*) pNsdsel; + nsd_gtls_t *pNsdGTLS = (nsd_gtls_t*) pNsd; + + ISOBJ_TYPE_assert(pThis, nsdsel_gtls); + ISOBJ_TYPE_assert(pNsdGTLS, nsd_gtls); + iRet = nsdsel_ptcp.Add(pThis->pTcp, pNsdGTLS->pTcp, waitOp); RETiRet; } @@ -80,7 +86,10 @@ static rsRetVal Select(nsdsel_t *pNsdsel, int *piNumReady) { DEFiRet; - iRet = nsdsel_ptcp.Select(pNsdsel, piNumReady); + nsdsel_gtls_t *pThis = (nsdsel_gtls_t*) pNsdsel; + + ISOBJ_TYPE_assert(pThis, nsdsel_gtls); + iRet = nsdsel_ptcp.Select(pThis->pTcp, piNumReady); RETiRet; } @@ -90,7 +99,12 @@ static rsRetVal IsReady(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp, int *pbIsReady) { DEFiRet; - iRet = nsdsel_ptcp.IsReady(pNsdsel, pNsd, waitOp, pbIsReady); + nsdsel_gtls_t *pThis = (nsdsel_gtls_t*) pNsdsel; + nsd_gtls_t *pNsdGTLS = (nsd_gtls_t*) pNsd; + + ISOBJ_TYPE_assert(pThis, nsdsel_gtls); + ISOBJ_TYPE_assert(pNsdGTLS, nsd_gtls); + iRet = nsdsel_ptcp.IsReady(pThis->pTcp, pNsdGTLS->pTcp, waitOp, pbIsReady); RETiRet; } diff --git a/runtime/nsdsel_ptcp.c b/runtime/nsdsel_ptcp.c index b439063a..22c000b9 100644 --- a/runtime/nsdsel_ptcp.c +++ b/runtime/nsdsel_ptcp.c @@ -71,6 +71,8 @@ Add(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp) ISOBJ_TYPE_assert(pSock, nsd_ptcp); ISOBJ_TYPE_assert(pThis, nsdsel_ptcp); +RUNLOG_VAR("%d", pSock->sock); +RUNLOG_VAR("%p", &pThis->readfds); switch(waitOp) { case NSDSEL_RD: FD_SET(pSock->sock, &pThis->readfds); diff --git a/runtime/nssel.c b/runtime/nssel.c index 7cb63e98..5333fc75 100644 --- a/runtime/nssel.c +++ b/runtime/nssel.c @@ -75,7 +75,7 @@ loadDrvr(nssel_t *pThis) * enough. -- rgerhards, 2008-04-18 */ //CHKiRet(obj.UseObj(__FILE__, pDrvrName+2, pDrvrName, (void*) &pThis->Drvr)); - CHKiRet(obj.UseObj(__FILE__, "nsdsel_ptcp", "lmnsdsel_ptcp", (void*) &pThis->Drvr)); + CHKiRet(obj.UseObj(__FILE__, "nsdsel_gtls", "lmnsdsel_gtls", (void*) &pThis->Drvr)); finalize_it: RETiRet; } diff --git a/runtime/obj-types.h b/runtime/obj-types.h index 2d0e0f14..5f531eb1 100644 --- a/runtime/obj-types.h +++ b/runtime/obj-types.h @@ -107,8 +107,8 @@ struct obj_s { /* the dummy struct that each derived class can be casted to */ ASSERT(pObj != NULL); \ ASSERT((unsigned) ((obj_t*) (pObj))->iObjCooCKiE == (unsigned) 0xBADEFEE); \ if(strcmp((char*)(((obj_t*)pObj)->pObjInfo->pszID), #objType)) { \ - dbgprintf("ISOBJ assert failure: invalid object type, expected '%s' " \ - "actual '%s'\n", #objType, (((obj_t*)pObj)->pObjInfo->pszID)); \ + dbgprintf("%s:%d ISOBJ assert failure: invalid object type, expected '%s' " \ + "actual '%s'\n", __FILE__, __LINE__, #objType, (((obj_t*)pObj)->pObjInfo->pszID)); \ assert(0); /* trigger assertion, messge we already have */ \ } \ } while(0) diff --git a/tcpsrv.c b/tcpsrv.c index 086d17b8..638d7019 100644 --- a/tcpsrv.c +++ b/tcpsrv.c @@ -242,7 +242,6 @@ addTcpLstn(void *pUsr, netstrm_t *pLstn) if(pThis->iLstnMax >= TCPLSTN_MAX_DEFAULT) ABORT_FINALIZE(RS_RET_MAX_LSTN_REACHED); -RUNLOG_VAR("%d", pThis->iLstnMax); pThis->ppLstn[pThis->iLstnMax] = pLstn; ++pThis->iLstnMax; @@ -416,6 +415,7 @@ Run(tcpsrv_t *pThis) /* Add the TCP listen sockets to the list of read descriptors. */ for(i = 0 ; i < pThis->iLstnMax ; ++i) { +RUNLOG_VAR("%d", i); CHKiRet(nssel.Add(pSel, pThis->ppLstn[i], NSDSEL_RD)); } -- cgit From 76e4eb29d4343d11cb2e4b354f7d7d14df707b7a Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Mon, 28 Apr 2008 08:09:21 +0200 Subject: fixed memory leaks --- runtime/nsd_gtls.c | 7 ++++--- runtime/nsdsel_ptcp.c | 2 -- tcpsrv.c | 6 ++---- 3 files changed, 6 insertions(+), 9 deletions(-) diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c index f3622f36..d59043f2 100644 --- a/runtime/nsd_gtls.c +++ b/runtime/nsd_gtls.c @@ -128,9 +128,9 @@ CODESTARTobjDestruct(nsd_gtls) gtlsEndSess(pThis); } -RUNLOG_VAR("%p", pThis->pTcp); - if(pThis->pTcp != NULL) + if(pThis->pTcp != NULL) { nsd_ptcp.Destruct(&pThis->pTcp); + } ENDobjDestruct(nsd_gtls) @@ -231,7 +231,9 @@ AcceptConnReq(nsd_t *pNsd, nsd_t **ppNew) nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd; ISOBJ_TYPE_assert((pThis), nsd_gtls); + // TODO: method to construct without pTcp CHKiRet(nsd_gtlsConstruct(&pNew)); + CHKiRet(nsd_ptcp.Destruct(&pNew->pTcp)); CHKiRet(nsd_ptcp.AcceptConnReq(pThis->pTcp, &pNew->pTcp)); *ppNew = (nsd_t*) pNew; @@ -262,7 +264,6 @@ Rcv(nsd_t *pNsd, uchar *pBuf, ssize_t *pLenBuf) ISOBJ_TYPE_assert(pThis, nsd_gtls); if(pThis->iMode == 0) { -RUNLOG; CHKiRet(nsd_ptcp.Rcv(pThis->pTcp, pBuf, pLenBuf)); FINALIZE; } diff --git a/runtime/nsdsel_ptcp.c b/runtime/nsdsel_ptcp.c index 22c000b9..b439063a 100644 --- a/runtime/nsdsel_ptcp.c +++ b/runtime/nsdsel_ptcp.c @@ -71,8 +71,6 @@ Add(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp) ISOBJ_TYPE_assert(pSock, nsd_ptcp); ISOBJ_TYPE_assert(pThis, nsdsel_ptcp); -RUNLOG_VAR("%d", pSock->sock); -RUNLOG_VAR("%p", &pThis->readfds); switch(waitOp) { case NSDSEL_RD: FD_SET(pSock->sock, &pThis->readfds); diff --git a/tcpsrv.c b/tcpsrv.c index 638d7019..069c83c0 100644 --- a/tcpsrv.c +++ b/tcpsrv.c @@ -333,10 +333,8 @@ SessAccept(tcpsrv_t *pThis, tcps_sess_t **ppSess, netstrm_t *pStrm) CHKiRet(netstrm.GetRemoteHName(pStrm, &fromHostFQDN)); /* TODO: check if we need to strip the domain name here -- rgerhards, 2008-04-24 */ - /* Here we check if a host is permitted to send us - * syslog messages. If it isn't, we do not further - * process the message but log a warning (if we are - * configured to do this). + /* Here we check if a host is permitted to send us messages. If it isn't, we do not further + * process the message but log a warning (if we are configured to do this). * rgerhards, 2005-09-26 */ if(!pThis->pIsPermittedHost((struct sockaddr*) &addr, (char*) fromHostFQDN, pThis->pUsr, pSess->pUsr)) { -- cgit From 858f1efd05a2f3c8bc6a0edf8a01f40e27f02407 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Mon, 28 Apr 2008 09:21:07 +0200 Subject: preparation for bughunt including some cleanups --- plugins/imklog/ksym.c | 62 ++++++++++++++++++++++++-------------------------- plugins/imklog/linux.c | 3 ++- tools/syslogd.c | 11 ++++----- 3 files changed, 37 insertions(+), 39 deletions(-) diff --git a/plugins/imklog/ksym.c b/plugins/imklog/ksym.c index 1c2af124..34ce909e 100644 --- a/plugins/imklog/ksym.c +++ b/plugins/imklog/ksym.c @@ -138,7 +138,7 @@ static char *system_maps[] = /* Function prototypes. */ -static char * FindSymbolFile(void); +static char *FindSymbolFile(void); static int AddSymbol(unsigned long, char*); static void FreeSymbols(void); static int CheckVersion(char *); @@ -173,29 +173,28 @@ extern int InitKsyms(char *mapfile) auto FILE *sym_file; + BEGINfunc /* Check and make sure that we are starting with a clean slate. */ if ( num_syms > 0 ) FreeSymbols(); - /* - * Search for and open the file containing the kernel symbols. - */ - if ( mapfile != (char *) 0 ) { - if ( (sym_file = fopen(mapfile, "r")) == (FILE *) 0 ) + /* Search for and open the file containing the kernel symbols. */ + if ( mapfile != NULL ) { + if ( (sym_file = fopen(mapfile, "r")) == NULL ) { imklogLogIntMsg(LOG_WARNING, "Cannot open map file: %s.", mapfile); return(0); } } else { - if ( (mapfile = FindSymbolFile()) == (char *) 0 ) { + if ( (mapfile = FindSymbolFile()) == NULL ) { imklogLogIntMsg(LOG_WARNING, "Cannot find map file."); dbgprintf("Cannot find map file.\n"); return(0); } - if ( (sym_file = fopen(mapfile, "r")) == (FILE *) 0 ) { + if ( (sym_file = fopen(mapfile, "r")) == NULL ) { imklogLogIntMsg(LOG_WARNING, "Cannot open map file."); dbgprintf("Cannot open map file.\n"); return(0); @@ -248,6 +247,7 @@ extern int InitKsyms(char *mapfile) } fclose(sym_file); + ENDfunc return(1); } @@ -292,44 +292,42 @@ extern void DeinitKsyms(void) **************************************************************************/ static char *FindSymbolFile(void) { - auto char *file = (char *) 0, + auto char *file = NULL, **mf = system_maps; - auto struct utsname utsname; static char mysymfile[100]; + auto FILE *sym_file = NULL; + BEGINfunc - auto FILE *sym_file = (FILE *) 0; - - if ( uname(&utsname) < 0 ) { + if(uname(&utsname) < 0) { imklogLogIntMsg(LOG_ERR, "Cannot get kernel version information."); return(0); } dbgprintf("Searching for symbol map.\n"); - for(mf = system_maps; *mf != (char *) 0 && file == (char *) 0; ++mf) { - + for(mf = system_maps; *mf != NULL && file == NULL; ++mf) { snprintf(mysymfile, sizeof(mysymfile), "%s-%s", *mf, utsname.release); dbgprintf("Trying %s.\n", mysymfile); - if ( (sym_file = fopen(mysymfile, "r")) != (FILE *) 0 ) { - if (CheckMapVersion(mysymfile) == 1) + if((sym_file = fopen(mysymfile, "r")) != NULL) { + if(CheckMapVersion(mysymfile) == 1) file = mysymfile; fclose(sym_file); } - if (sym_file == (FILE *) 0 || file == (char *) 0) { + if(sym_file == NULL || file == NULL) { sprintf (mysymfile, "%s", *mf); dbgprintf("Trying %s.\n", mysymfile); - if ( (sym_file = fopen(mysymfile, "r")) != (FILE *) 0 ) { + if((sym_file = fopen(mysymfile, "r")) != NULL ) { if (CheckMapVersion(mysymfile) == 1) file = mysymfile; fclose(sym_file); } } - } /* At this stage of the game we are at the end of the symbol tables. */ dbgprintf("End of search list encountered.\n"); + ENDfunc return(file); } @@ -464,7 +462,7 @@ static int CheckMapVersion(char *fname) auto char type, sym[512]; - if ( (sym_file = fopen(fname, "r")) != (FILE *) 0 ) { + if ( (sym_file = fopen(fname, "r")) != NULL ) { /* * At this point a map file was successfully opened. We * now need to search this file and look for version @@ -527,7 +525,7 @@ static int AddSymbol(unsigned long address, char *symbol) /* Then the space for the symbol. */ sym_array[num_syms].name = (char *) malloc(strlen(symbol)*sizeof(char) + 1); - if ( sym_array[num_syms].name == (char *) 0 ) + if ( sym_array[num_syms].name == NULL ) return(0); sym_array[num_syms].value = address; @@ -566,13 +564,13 @@ char * LookupSymbol(unsigned long value, struct symbol *sym) struct symbol ksym, msym; if (!sym_array) - return((char *) 0); + return(NULL); last = sym_array[0].name; ksym.offset = 0; ksym.size = 0; if ( value < sym_array[0].value ) - return((char *) 0); + return(NULL); for(lp = 0; lp <= num_syms; ++lp) { if ( sym_array[lp].value > value ) { @@ -587,7 +585,7 @@ char * LookupSymbol(unsigned long value, struct symbol *sym) name = LookupModuleSymbol(value, &msym); if ( ksym.offset == 0 && msym.offset == 0 ) { - return((char *) 0); + return(NULL); } if ( ksym.offset == 0 || msym.offset < 0 || @@ -602,7 +600,7 @@ char * LookupSymbol(unsigned long value, struct symbol *sym) } - return((char *) 0); + return(NULL); } /************************************************************************** @@ -683,7 +681,7 @@ extern char *ExpandKadds(char *line, char *el) * open for patches. */ if ( i_am_paranoid && - (strstr(line, "Oops:") != (char *) 0) && !InitMsyms() ) + (strstr(line, "Oops:") != NULL) && !InitMsyms() ) imklogLogIntMsg(LOG_WARNING, "Cannot load kernel module symbols.\n"); @@ -692,7 +690,7 @@ extern char *ExpandKadds(char *line, char *el) * messages in this line. */ if ( (num_syms == 0) || - (kp = strstr(line, "[<")) == (char *) 0 ) { + (kp = strstr(line, "[<")) == NULL ) { #ifdef __sparc__ if (num_syms) { /* On SPARC, register dumps do not have the [< >] characters in it. @@ -780,7 +778,7 @@ extern char *ExpandKadds(char *line, char *el) *elp++ = *sl++; /* Now poised at a kernel delimiter. */ - if ( (kp = strstr(sl, ">]")) == (char *) 0 ) { + if ( (kp = strstr(sl, ">]")) == NULL ) { strcpy(el, sl); return(el); } @@ -788,7 +786,7 @@ extern char *ExpandKadds(char *line, char *el) strncpy(num,sl+1,kp-sl-1); num[kp-sl-1] = '\0'; value = strtoul(num, (char **) 0, 16); - if ( (symbol = LookupSymbol(value, &sym)) == (char *) 0 ) + if ( (symbol = LookupSymbol(value, &sym)) == NULL ) symbol = sl; strcat(elp, symbol); @@ -805,10 +803,10 @@ extern char *ExpandKadds(char *line, char *el) strncat(elp, kp, value); elp += value; sl = kp + value; - if ( (kp = strstr(sl, "[<")) == (char *) 0 ) + if ( (kp = strstr(sl, "[<")) == NULL ) strcat(elp, sl); } - while ( kp != (char *) 0); + while ( kp != NULL); dbgprintf("Expanded line: %s\n", el); return(el); diff --git a/plugins/imklog/linux.c b/plugins/imklog/linux.c index 32cf70c4..8e4d3388 100644 --- a/plugins/imklog/linux.c +++ b/plugins/imklog/linux.c @@ -499,7 +499,8 @@ rsRetVal klogWillRun(void) symbol_lookup = (InitKsyms(symfile) == 1); symbol_lookup |= InitMsyms(); if (symbol_lookup == 0) { - imklogLogIntMsg(LOG_WARNING, "cannot find any symbols, turning off symbol lookups\n"); + dbgprintf("cannot find any symbols, turning off symbol lookups\n"); + imklogLogIntMsg(LOG_WARNING, "cannot find any symbols, turning off symbol lookups"); } } } diff --git a/tools/syslogd.c b/tools/syslogd.c index 4327ab7f..634794ef 100644 --- a/tools/syslogd.c +++ b/tools/syslogd.c @@ -1553,8 +1553,7 @@ submitMsg(msg_t *pMsg) } -/* - * Log a message to the appropriate log files, users, etc. based on +/* Log a message to the appropriate log files, users, etc. based on * the priority. * rgerhards 2004-11-08: actually, this also decodes all but the PRI part. * rgerhards 2004-11-09: ... but only, if syslogd could properly be initialized @@ -2208,12 +2207,12 @@ init(void) tplDeleteNew(); /* re-setting values to defaults (where applicable) */ - /* TODO: once we have loadable modules, we must re-visit this code. The reason is + /* once we have loadable modules, we must re-visit this code. The reason is * that config variables are not re-set, because the module is not yet loaded. On * the other hand, that doesn't matter, because the module got unloaded and is then - * re-loaded, so the variables should be re-set via that way. In any case, we should - * think about the whole situation when we implement loadable plugins. - * rgerhards, 2007-07-31 + * re-loaded, so the variables should be re-set via that way. And this is exactly how + * it works. Loadable module's variables are initialized on load, the rest here. + * rgerhards, 2008-04-28 */ conf.cfsysline((uchar*)"ResetConfigVariables"); -- cgit