1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
|
/* Definitions for network-related stuff.
*
* Copyright 2007, 2008 Rainer Gerhards and Adiscon GmbH.
*
* This file is part of the rsyslog runtime library.
*
* The rsyslog runtime library is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* The rsyslog runtime library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the rsyslog runtime library. If not, see <http://www.gnu.org/licenses/>.
*
* A copy of the GPL can be found in the file "COPYING" in this distribution.
* A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution.
*/
#ifndef INCLUDED_NET_H
#define INCLUDED_NET_H
#include <netinet/in.h>
#include <sys/socket.h> /* this is needed on HP UX -- rgerhards, 2008-03-04 */
typedef enum _TCPFRAMINGMODE {
TCP_FRAMING_OCTET_STUFFING = 0, /* traditional LF-delimited */
TCP_FRAMING_OCTET_COUNTING = 1 /* -transport-tls like octet count */
} TCPFRAMINGMODE;
#define F_SET(where, flag) (where)|=(flag)
#define F_ISSET(where, flag) ((where)&(flag))==(flag)
#define F_UNSET(where, flag) (where)&=~(flag)
#define ADDR_NAME 0x01 /* address is hostname wildcard) */
#define ADDR_PRI6 0x02 /* use IPv6 address prior to IPv4 when resolving */
#ifdef OS_BSD
# ifndef _KERNEL
# define s6_addr32 __u6_addr.__u6_addr32
# endif
#endif
struct NetAddr {
uint8_t flags;
union {
struct sockaddr *NetAddr;
char *HostWildcard;
} addr;
};
#ifndef SO_BSDCOMPAT
/* this shall prevent compiler errors due to undefined name */
# define SO_BSDCOMPAT 0
#endif
/* IPv6 compatibility layer for older platforms
* We need to handle a few things different if we are running
* on an older platform which does not support all the glory
* of IPv6. We try to limit toll on features and reliability,
* but obviously it is better to run rsyslog on a platform that
* supports everything...
* rgerhards, 2007-06-22
*/
#ifndef AI_NUMERICSERV
# define AI_NUMERICSERV 0
#endif
#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
#define SALEN(sa) ((sa)->sa_len)
#else
static inline size_t SALEN(struct sockaddr *sa) {
switch (sa->sa_family) {
case AF_INET: return (sizeof (struct sockaddr_in));
case AF_INET6: return (sizeof (struct sockaddr_in6));
default: return 0;
}
}
#endif
struct AllowedSenders {
struct NetAddr allowedSender; /* ip address allowed */
uint8_t SignificantBits; /* defines how many bits should be discarded (eqiv to mask) */
struct AllowedSenders *pNext;
};
/* this structure is a helper to implement wildcards in permittedPeers_t. It specifies
* the domain component and the matching mode.
* rgerhards, 2008-05-27
*/
struct permittedPeerWildcard_s {
uchar *pszDomainPart;
size_t lenDomainPart;
enum {
PEER_WILDCARD_NONE = 0, /**< no wildcard in this entry */
PEER_WILDCARD_AT_START = 1, /**< wildcard at start of entry (*name) */
PEER_WILDCARD_AT_END = 2, /**< wildcard at end of entry (name*) */
PEER_WILDCARD_MATCH_ALL = 3, /**< only * wildcard, matches all values */
PEER_WILDCARD_EMPTY_COMPONENT = 4/**< special case: domain component empty (e.g. "..") */
} wildcardType;
permittedPeerWildcard_t *pNext;
};
/* for fingerprints and hostnames, we need to have a temporary linked list of
* permitted values. Unforutnately, we must also duplicate this in the netstream
* drivers. However, this is the best interim solution (with the least effort).
* A clean implementation requires that we have more capable variables and the
* full-fledged scripting engine available. So we have opted to do the interim
* solution so that our users can begin to enjoy authenticated TLS. The next step
* (hopefully) is to enhance RainerScript. -- rgerhards, 2008-05-19
*/
struct permittedPeers_s {
uchar *pszID;
enum {
PERM_PEER_TYPE_UNDECIDED = 0, /**< we have not yet decided the type (fine in some auth modes) */
PERM_PEER_TYPE_PLAIN = 1, /**< just plain text contained */
PERM_PEER_TYPE_WILDCARD = 2, /**< wildcards are contained, wildcard struture is filled */
} etryType;
permittedPeers_t *pNext;
permittedPeerWildcard_t *pWildcardRoot; /**< root of the wildcard, NULL if not initialized */
permittedPeerWildcard_t *pWildcardLast; /**< end of the wildcard list, NULL if not initialized */
};
/* interfaces */
BEGINinterface(net) /* name must also be changed in ENDinterface macro! */
rsRetVal (*cvthname)(struct sockaddr_storage *f, uchar *pszHost, uchar *pszHostFQDN, uchar *pszIP);
/* things to go away after proper modularization */
rsRetVal (*addAllowedSenderLine)(char* pName, uchar** ppRestOfConfLine);
void (*PrintAllowedSenders)(int iListToPrint);
void (*clearAllowedSenders) ();
void (*debugListenInfo)(int fd, char *type);
int *(*create_udp_socket)(uchar *hostname, uchar *LogPort, int bIsServer);
void (*closeUDPListenSockets)(int *finet);
int (*isAllowedSender)(struct AllowedSenders *pAllowRoot, struct sockaddr *pFrom, const char *pszFromHost);
rsRetVal (*getLocalHostname)(uchar**);
int (*should_use_so_bsdcompat)(void);
/* permitted peer handling should be replaced by something better (see comments above) */
rsRetVal (*AddPermittedPeer)(permittedPeers_t **ppRootPeer, uchar *pszID);
rsRetVal (*DestructPermittedPeers)(permittedPeers_t **ppRootPeer);
rsRetVal (*PermittedPeerWildcardMatch)(permittedPeers_t *pPeer, uchar *pszNameToMatch, int *pbIsMatching);
/* data members - these should go away over time... TODO */
int *pACLAddHostnameOnFail; /* add hostname to acl when DNS resolving has failed */
int *pACLDontResolve; /* add hostname to acl instead of resolving it to IP(s) */
struct AllowedSenders *pAllowedSenders_UDP;
struct AllowedSenders *pAllowedSenders_TCP;
struct AllowedSenders *pAllowedSenders_GSS;
ENDinterface(net)
#define netCURR_IF_VERSION 4 /* increment whenever you change the interface structure! */
/* prototypes */
PROTOTYPEObj(net);
/* the name of our library binary */
#define LM_NET_FILENAME "lmnet"
#endif /* #ifndef INCLUDED_NET_H */
|