From 92303d400ba83eaf150054d2cf5ce4906578bed0 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 17 Apr 2008 14:33:43 +0200 Subject: [PATCH 1/6] added new "netstrm" class (not yet implemented) --- runtime/Makefile.am | 11 +- runtime/net.c | 1 - runtime/netstrm.c | 284 ++++++++++++++++++++++++++++++++++++++++++++ runtime/netstrm.h | 44 +++++++ runtime/rsyslog.h | 3 +- tcpsrv.c | 1 - 6 files changed, 338 insertions(+), 6 deletions(-) create mode 100644 runtime/netstrm.c create mode 100644 runtime/netstrm.h diff --git a/runtime/Makefile.am b/runtime/Makefile.am index 73418fdf4..400d78c0f 100644 --- a/runtime/Makefile.am +++ b/runtime/Makefile.am @@ -75,18 +75,23 @@ if ENABLE_REGEXP pkglib_LTLIBRARIES += lmregexp.la lmregexp_la_SOURCES = regexp.c regexp.h lmregexp_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags) -lmregexp_la_LDFLAGS = -module -avoid-version $(rsrt_libs) +lmregexp_la_LDFLAGS = -module -avoid-version lmregexp_la_LIBADD = endif if ENABLE_INET -pkglib_LTLIBRARIES += lmnet.la +pkglib_LTLIBRARIES += lmnet.la lmnetstrm.la # # network support # lmnet_la_SOURCES = net.c net.h lmnet_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags) -lmnet_la_LDFLAGS = -module -avoid-version $(rsrt_libs) +lmnet_la_LDFLAGS = -module -avoid-version lmnet_la_LIBADD = +# network streams +lmnetstrm_la_SOURCES = netstrm.c netstrm.h +lmnetstrm_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags) +lmnetstrm_la_LDFLAGS = -module -avoid-version +lmnetstrm_la_LIBADD = endif # if ENABLE_INET diff --git a/runtime/net.c b/runtime/net.c index 0c02eed41..1d085290c 100644 --- a/runtime/net.c +++ b/runtime/net.c @@ -666,7 +666,6 @@ gethname(struct sockaddr_storage *f, uchar *pszHostFQDN) if (error == 0) { memset (&hints, 0, sizeof (struct addrinfo)); hints.ai_flags = AI_NUMERICHOST; - hints.ai_socktype = SOCK_DGRAM; /* we now do a lookup once again. This one should fail, * because we should not have obtained a non-numeric address. If diff --git a/runtime/netstrm.c b/runtime/netstrm.c new file mode 100644 index 000000000..0afb4a5e0 --- /dev/null +++ b/runtime/netstrm.c @@ -0,0 +1,284 @@ +/* netstrmstrm.c + * + * This class implements a generic netstrmwork stream class. It supports + * sending and receiving data streams over a netstrmwork. The class abstracts + * the transport, though it is a safe assumption that TCP is being used. + * The class has a number of properties, among which are also ones to + * select privacy settings, eg by enabling TLS and/or GSSAPI. In the + * long run, this class shall provide all stream-oriented netstrmwork + * functionality inside rsyslog. + * + * It is a high-level class, which uses a number of helper objects + * to carry out its work (including, and most importantly, transport + * drivers). + * + * Copyright 2007, 2008 Rainer Gerhards and Adiscon GmbH. + * + * This file is part of the rsyslog runtime library. + * + * The rsyslog runtime library is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * The rsyslog runtime library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the rsyslog runtime library. If not, see . + * + * A copy of the GPL can be found in the file "COPYING" in this distribution. + * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution. + */ +#include "config.h" + +#include "rsyslog.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "syslogd-types.h" +#include "module-template.h" +#include "parse.h" +#include "srUtils.h" +#include "obj.h" +#include "errmsg.h" +#include "netstrm.h" + +MODULE_TYPE_LIB + +/* static data */ +DEFobjStaticHelpers +DEFobjCurrIf(errmsg) +DEFobjCurrIf(glbl) + + +/* The following #ifdef sequence is a small compatibility + * layer. It tries to work around the different availality + * levels of SO_BSDCOMPAT on linuxes... + * I borrowed this code from + * http://www.erlang.org/ml-archive/erlang-questions/200307/msg00037.html + * It still needs to be a bit better adapted to rsyslog. + * rgerhards 2005-09-19 + */ +#include +static int +should_use_so_bsdcompat(void) +{ +#ifndef OS_BSD + static int init_done; + static int so_bsdcompat_is_obsolete; + + if (!init_done) { + struct utsname myutsname; + unsigned int version, patchlevel; + + init_done = 1; + if (uname(&myutsname) < 0) { + char errStr[1024]; + dbgprintf("uname: %s\r\n", rs_strerror_r(errno, errStr, sizeof(errStr))); + return 1; + } + /* Format is .. + where the first three are unsigned integers and the last + is an arbitrary string. We only care about the first two. */ + if (sscanf(myutsname.release, "%u.%u", &version, &patchlevel) != 2) { + dbgprintf("uname: unexpected release '%s'\r\n", + myutsname.release); + return 1; + } + /* SO_BSCOMPAT is deprecated and triggers warnings in 2.5 + kernels. It is a no-op in 2.4 but not in 2.2 kernels. */ + if (version > 2 || (version == 2 && patchlevel >= 5)) + so_bsdcompat_is_obsolete = 1; + } + return !so_bsdcompat_is_obsolete; +#else /* #ifndef OS_BSD */ + return 1; +#endif /* #ifndef OS_BSD */ +} +#ifndef SO_BSDCOMPAT +/* this shall prevent compiler errors due to undfined name */ +#define SO_BSDCOMPAT 0 +#endif + + +/* get the hostname of the message source. This was originally in cvthname() + * but has been moved out of it because of clarity and fuctional separation. + * It must be provided by the socket we received the message on as well as + * a NI_MAXHOST size large character buffer for the FQDN. + * + * Please see http://www.hmug.org/man/3/getnameinfo.php (under Caveats) + * for some explanation of the code found below. We do by default not + * discard message where we detected malicouos DNS PTR records. However, + * there is a user-configurabel option that will tell us if + * we should abort. For this, the return value tells the caller if the + * message should be processed (1) or discarded (0). + */ +static rsRetVal +gethname(struct sockaddr_storage *f, uchar *pszHostFQDN) +{ + DEFiRet; + int error; + sigset_t omask, nmask; + char ip[NI_MAXHOST]; + struct addrinfo hints, *res; + + assert(f != NULL); + assert(pszHostFQDN != NULL); + + error = getnameinfo((struct sockaddr *)f, SALEN((struct sockaddr *)f), + ip, sizeof ip, NULL, 0, NI_NUMERICHOST); + + if (error) { + dbgprintf("Malformed from address %s\n", gai_strerror(error)); + strcpy((char*) pszHostFQDN, "???"); + ABORT_FINALIZE(RS_RET_INVALID_SOURCE); + } + + if(!glbl.GetDisableDNS()) { + sigemptyset(&nmask); + sigaddset(&nmask, SIGHUP); + pthread_sigmask(SIG_BLOCK, &nmask, &omask); + + error = getnameinfo((struct sockaddr *)f, SALEN((struct sockaddr *) f), + (char*)pszHostFQDN, NI_MAXHOST, NULL, 0, NI_NAMEREQD); + + if (error == 0) { + memset (&hints, 0, sizeof (struct addrinfo)); + hints.ai_flags = AI_NUMERICHOST; + hints.ai_socktype = SOCK_STREAM; + + /* we now do a lookup once again. This one should fail, + * because we should not have obtained a non-numeric address. If + * we got a numeric one, someone messed with DNS! + */ + if (getaddrinfo ((char*)pszHostFQDN, NULL, &hints, &res) == 0) { + uchar szErrMsg[1024]; + freeaddrinfo (res); + /* OK, we know we have evil. The question now is what to do about + * it. One the one hand, the message might probably be intended + * to harm us. On the other hand, losing the message may also harm us. + * Thus, the behaviour is controlled by the $DropMsgsWithMaliciousDnsPTRRecords + * option. If it tells us we should discard, we do so, else we proceed, + * but log an error message together with it. + * time being, we simply drop the name we obtained and use the IP - that one + * is OK in any way. We do also log the error message. rgerhards, 2007-07-16 + */ + if(glbl.GetDropMalPTRMsgs() == 1) { + snprintf((char*)szErrMsg, sizeof(szErrMsg) / sizeof(uchar), + "Malicious PTR record, message dropped " + "IP = \"%s\" HOST = \"%s\"", + ip, pszHostFQDN); + errmsg.LogError(NO_ERRCODE, "%s", szErrMsg); + pthread_sigmask(SIG_SETMASK, &omask, NULL); + ABORT_FINALIZE(RS_RET_MALICIOUS_ENTITY); + } + + /* Please note: we deal with a malicous entry. Thus, we have crafted + * the snprintf() below so that all text is in front of the entry - maybe + * it contains characters that make the message unreadable + * (OK, I admit this is more or less impossible, but I am paranoid...) + * rgerhards, 2007-07-16 + */ + snprintf((char*)szErrMsg, sizeof(szErrMsg) / sizeof(uchar), + "Malicious PTR record (message accepted, but used IP " + "instead of PTR name: IP = \"%s\" HOST = \"%s\"", + ip, pszHostFQDN); + errmsg.LogError(NO_ERRCODE, "%s", szErrMsg); + + error = 1; /* that will trigger using IP address below. */ + } + } + pthread_sigmask(SIG_SETMASK, &omask, NULL); + } + + if(error || glbl.GetDisableDNS()) { + dbgprintf("Host name for your address (%s) unknown\n", ip); + strcpy((char*) pszHostFQDN, ip); + ABORT_FINALIZE(RS_RET_ADDRESS_UNKNOWN); + } + +finalize_it: + RETiRet; +} + + +/* queryInterface function + * rgerhards, 2008-03-05 + */ +BEGINobjQueryInterface(netstrm) +CODESTARTobjQueryInterface(netstrm) + if(pIf->ifVersion != netstrmCURR_IF_VERSION) {/* check for current version, increment on each change */ + ABORT_FINALIZE(RS_RET_INTERFACE_NOT_SUPPORTED); + } + + /* ok, we have the right interface, so let's fill it + * Please note that we may also do some backwards-compatibility + * work here (if we can support an older interface version - that, + * of course, also affects the "if" above). + */ + //pIf->cvthname = cvthname; +finalize_it: +ENDobjQueryInterface(netstrm) + + +/* exit our class + * rgerhards, 2008-03-10 + */ +BEGINObjClassExit(netstrm, OBJ_IS_LOADABLE_MODULE) /* CHANGE class also in END MACRO! */ +CODESTARTObjClassExit(netstrm) + /* release objects we no longer need */ + objRelease(glbl, CORE_COMPONENT); + objRelease(errmsg, CORE_COMPONENT); +ENDObjClassExit(netstrm) + + +/* Initialize the netstrm class. Must be called as the very first method + * before anything else is called inside this class. + * rgerhards, 2008-02-19 + */ +BEGINAbstractObjClassInit(netstrm, 1, OBJ_IS_CORE_MODULE) /* class, version */ + /* request objects we use */ + CHKiRet(objUse(errmsg, CORE_COMPONENT)); + CHKiRet(objUse(glbl, CORE_COMPONENT)); + + /* set our own handlers */ +ENDObjClassInit(netstrm) + + +/* --------------- here now comes the plumbing that makes as a library module --------------- */ + + +BEGINmodExit +CODESTARTmodExit + netstrmClassExit(); +ENDmodExit + + +BEGINqueryEtryPt +CODESTARTqueryEtryPt +CODEqueryEtryPt_STD_LIB_QUERIES +ENDqueryEtryPt + + +BEGINmodInit() +CODESTARTmodInit + *ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */ + + /* Initialize all classes that are in our module - this includes ourselfs */ + CHKiRet(netstrmClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */ +ENDmodInit +/* vi:set ai: + */ diff --git a/runtime/netstrm.h b/runtime/netstrm.h new file mode 100644 index 000000000..7afce9691 --- /dev/null +++ b/runtime/netstrm.h @@ -0,0 +1,44 @@ +/* Definitions for the stream-based netstrmworking class. + * + * Copyright 2007, 2008 Rainer Gerhards and Adiscon GmbH. + * + * This file is part of the rsyslog runtime library. + * + * The rsyslog runtime library is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * The rsyslog runtime library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the rsyslog runtime library. If not, see . + * + * A copy of the GPL can be found in the file "COPYING" in this distribution. + * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution. + */ + +#ifndef INCLUDED_NETSTRM_H +#define INCLUDED_NETSTRM_H + +/* the netstrm object */ +struct netstrm_s { + BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */ + int sock; /* underlying socket */ +}; + +/* interfaces */ +BEGINinterface(netstrm) /* name must also be changed in ENDinterface macro! */ +ENDinterface(netstrm) +#define netstrmCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */ + +/* prototypes */ +PROTOTYPEObj(netstrm); + +/* the name of our library binary */ +#define LM_NETSTRM_FILENAME "lmnetstrm" + +#endif /* #ifndef INCLUDED_NETSTRM_H */ diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h index 868bb5649..3a81d67b5 100644 --- a/runtime/rsyslog.h +++ b/runtime/rsyslog.h @@ -61,8 +61,9 @@ /* define some base data types */ typedef unsigned char uchar;/* get rid of the unhandy "unsigned char" */ typedef struct thrdInfo thrdInfo_t; -typedef struct filed selector_t; /* TODO: this so far resides in syslogd.c, think about modularization */ +typedef struct filed selector_t;/* TODO: this so far resides in syslogd.c, think about modularization */ typedef struct NetAddr netAddr_t; +typedef struct netstrm_s netstrm_t; typedef struct msg msg_t; typedef struct interface_s interface_t; typedef struct objInfo_s objInfo_t; diff --git a/tcpsrv.c b/tcpsrv.c index 499b0ce88..96048e313 100644 --- a/tcpsrv.c +++ b/tcpsrv.c @@ -457,7 +457,6 @@ SessAccept(tcpsrv_t *pThis, tcps_sess_t **ppSess, int fd) */ close (newConn); ABORT_FINALIZE(RS_RET_ERR); // TODO: better error code - //was: return -1; } /* Here we check if a host is permitted to send us From ccf3b533c698d323cafb01d32f35edaeaf8e8daa Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 17 Apr 2008 15:40:28 +0200 Subject: [PATCH 2/6] imported tcp module from librelp as basis for new stream class we got permission to include the tcp module from librelp copyright holders --- runtime/netstrm.c | 562 ++++++++++++++++++++++++++++++++++++---------- runtime/netstrm.h | 22 +- runtime/rsyslog.h | 5 + 3 files changed, 469 insertions(+), 120 deletions(-) diff --git a/runtime/netstrm.c b/runtime/netstrm.c index 0afb4a5e0..67611aa01 100644 --- a/runtime/netstrm.c +++ b/runtime/netstrm.c @@ -12,6 +12,11 @@ * to carry out its work (including, and most importantly, transport * drivers). * + * Work on this module begun 2008-04-17 by Rainer Gerhards. This code + * borrows from librelp's tcp.c/.h code. librelp is dual licensed and + * Rainer Gerhards and Adiscon GmbH have agreed to permit using the code + * under the terms of the GNU Lesser General Public License. + * * Copyright 2007, 2008 Rainer Gerhards and Adiscon GmbH. * * This file is part of the rsyslog runtime library. @@ -54,6 +59,7 @@ #include "srUtils.h" #include "obj.h" #include "errmsg.h" +#include "net.h" #include "netstrm.h" MODULE_TYPE_LIB @@ -62,159 +68,468 @@ MODULE_TYPE_LIB DEFobjStaticHelpers DEFobjCurrIf(errmsg) DEFobjCurrIf(glbl) +DEFobjCurrIf(net) +#define DFLT_PORT "514" +#warning "urgent TODO: default port!" -/* The following #ifdef sequence is a small compatibility - * layer. It tries to work around the different availality - * levels of SO_BSDCOMPAT on linuxes... - * I borrowed this code from - * http://www.erlang.org/ml-archive/erlang-questions/200307/msg00037.html - * It still needs to be a bit better adapted to rsyslog. - * rgerhards 2005-09-19 +/* Standard-Constructor */ -#include -static int -should_use_so_bsdcompat(void) -{ -#ifndef OS_BSD - static int init_done; - static int so_bsdcompat_is_obsolete; - - if (!init_done) { - struct utsname myutsname; - unsigned int version, patchlevel; - - init_done = 1; - if (uname(&myutsname) < 0) { - char errStr[1024]; - dbgprintf("uname: %s\r\n", rs_strerror_r(errno, errStr, sizeof(errStr))); - return 1; - } - /* Format is .. - where the first three are unsigned integers and the last - is an arbitrary string. We only care about the first two. */ - if (sscanf(myutsname.release, "%u.%u", &version, &patchlevel) != 2) { - dbgprintf("uname: unexpected release '%s'\r\n", - myutsname.release); - return 1; - } - /* SO_BSCOMPAT is deprecated and triggers warnings in 2.5 - kernels. It is a no-op in 2.4 but not in 2.2 kernels. */ - if (version > 2 || (version == 2 && patchlevel >= 5)) - so_bsdcompat_is_obsolete = 1; - } - return !so_bsdcompat_is_obsolete; -#else /* #ifndef OS_BSD */ - return 1; -#endif /* #ifndef OS_BSD */ -} -#ifndef SO_BSDCOMPAT -/* this shall prevent compiler errors due to undfined name */ -#define SO_BSDCOMPAT 0 -#endif +BEGINobjConstruct(netstrm) /* be sure to specify the object type also in END macro! */ + pThis->sock = -1; + pThis->iSessMax = 500; /* default max nbr of sessions -TODO:make configurable--rgerhards, 2008-04-17*/ +ENDobjConstruct(netstrm) -/* get the hostname of the message source. This was originally in cvthname() - * but has been moved out of it because of clarity and fuctional separation. - * It must be provided by the socket we received the message on as well as - * a NI_MAXHOST size large character buffer for the FQDN. - * - * Please see http://www.hmug.org/man/3/getnameinfo.php (under Caveats) - * for some explanation of the code found below. We do by default not - * discard message where we detected malicouos DNS PTR records. However, - * there is a user-configurabel option that will tell us if - * we should abort. For this, the return value tells the caller if the - * message should be processed (1) or discarded (0). +/* ConstructionFinalizer */ static rsRetVal -gethname(struct sockaddr_storage *f, uchar *pszHostFQDN) +netstrmConstructFinalize(netstrm_t __attribute__((unused)) *pThis) { DEFiRet; + ISOBJ_TYPE_assert(pThis, netstrm); + RETiRet; +} + + +/* destructor for the netstrm object */ +BEGINobjDestruct(netstrm) /* be sure to specify the object type also in END and CODESTART macros! */ + int i; +CODESTARTobjDestruct(netstrm) + if(pThis->sock != -1) { + close(pThis->sock); + pThis->sock = -1; + } + + if(pThis->socks != NULL) { + /* if we have some sockets at this stage, we need to close them */ + for(i = 1 ; i <= pThis->socks[0] ; ++i) + close(pThis->socks[i]); + free(pThis->socks); + } + + if(pThis->pRemHostIP != NULL) + free(pThis->pRemHostIP); + if(pThis->pRemHostName != NULL) + free(pThis->pRemHostName); +ENDobjDestruct(netstrm) + + +/* abort a connection. This is much like Destruct(), but tries + * to discard any unsent data. -- rgerhards, 2008-03-24 + */ +rsRetVal +AbortDestruct(netstrm_t **ppThis) +{ + struct linger ling; + + DEFiRet; + assert(ppThis != NULL); + ISOBJ_TYPE_assert((*ppThis), netstrm); + + if((*ppThis)->sock != -1) { + ling.l_onoff = 1; + ling.l_linger = 0; + if(setsockopt((*ppThis)->sock, SOL_SOCKET, SO_LINGER, &ling, sizeof(ling)) < 0 ) { + dbgprintf("could not set SO_LINGER, errno %d\n", errno); + } + } + + iRet = netstrmDestruct(ppThis); + + RETiRet; +} + + +/* Set pRemHost based on the address provided. This is to be called upon accept()ing + * a connection request. It must be provided by the socket we received the + * message on as well as a NI_MAXHOST size large character buffer for the FQDN. + * Please see http://www.hmug.org/man/3/getnameinfo.php (under Caveats) + * for some explanation of the code found below. If we detect a malicious + * hostname, we return RS_RET_MALICIOUS_HNAME and let the caller decide + * on how to deal with that. + * rgerhards, 2008-03-31 + */ +static rsRetVal +SetRemHost(netstrm_t *pThis, struct sockaddr *pAddr) +{ int error; - sigset_t omask, nmask; - char ip[NI_MAXHOST]; + uchar szIP[NI_MAXHOST] = ""; + uchar szHname[NI_MAXHOST] = ""; struct addrinfo hints, *res; + size_t len; - assert(f != NULL); - assert(pszHostFQDN != NULL); + DEFiRet; + ISOBJ_TYPE_assert(pThis, netstrm); + assert(pAddr != NULL); - error = getnameinfo((struct sockaddr *)f, SALEN((struct sockaddr *)f), - ip, sizeof ip, NULL, 0, NI_NUMERICHOST); + error = getnameinfo(pAddr, SALEN(pAddr), (char*)szIP, sizeof(szIP), NULL, 0, NI_NUMERICHOST); - if (error) { + if(error) { dbgprintf("Malformed from address %s\n", gai_strerror(error)); - strcpy((char*) pszHostFQDN, "???"); - ABORT_FINALIZE(RS_RET_INVALID_SOURCE); + strcpy((char*)szHname, "???"); + strcpy((char*)szIP, "???"); + ABORT_FINALIZE(RS_RET_INVALID_HNAME); } if(!glbl.GetDisableDNS()) { - sigemptyset(&nmask); - sigaddset(&nmask, SIGHUP); - pthread_sigmask(SIG_BLOCK, &nmask, &omask); - - error = getnameinfo((struct sockaddr *)f, SALEN((struct sockaddr *) f), - (char*)pszHostFQDN, NI_MAXHOST, NULL, 0, NI_NAMEREQD); - - if (error == 0) { + error = getnameinfo(pAddr, SALEN(pAddr), (char*)szHname, NI_MAXHOST, NULL, 0, NI_NAMEREQD); + if(error == 0) { memset (&hints, 0, sizeof (struct addrinfo)); hints.ai_flags = AI_NUMERICHOST; hints.ai_socktype = SOCK_STREAM; - /* we now do a lookup once again. This one should fail, * because we should not have obtained a non-numeric address. If * we got a numeric one, someone messed with DNS! */ - if (getaddrinfo ((char*)pszHostFQDN, NULL, &hints, &res) == 0) { - uchar szErrMsg[1024]; + if(getaddrinfo((char*)szHname, NULL, &hints, &res) == 0) { freeaddrinfo (res); - /* OK, we know we have evil. The question now is what to do about - * it. One the one hand, the message might probably be intended - * to harm us. On the other hand, losing the message may also harm us. - * Thus, the behaviour is controlled by the $DropMsgsWithMaliciousDnsPTRRecords - * option. If it tells us we should discard, we do so, else we proceed, - * but log an error message together with it. - * time being, we simply drop the name we obtained and use the IP - that one - * is OK in any way. We do also log the error message. rgerhards, 2007-07-16 - */ - if(glbl.GetDropMalPTRMsgs() == 1) { - snprintf((char*)szErrMsg, sizeof(szErrMsg) / sizeof(uchar), - "Malicious PTR record, message dropped " - "IP = \"%s\" HOST = \"%s\"", - ip, pszHostFQDN); - errmsg.LogError(NO_ERRCODE, "%s", szErrMsg); - pthread_sigmask(SIG_SETMASK, &omask, NULL); - ABORT_FINALIZE(RS_RET_MALICIOUS_ENTITY); - } - - /* Please note: we deal with a malicous entry. Thus, we have crafted - * the snprintf() below so that all text is in front of the entry - maybe - * it contains characters that make the message unreadable - * (OK, I admit this is more or less impossible, but I am paranoid...) - * rgerhards, 2007-07-16 - */ - snprintf((char*)szErrMsg, sizeof(szErrMsg) / sizeof(uchar), - "Malicious PTR record (message accepted, but used IP " - "instead of PTR name: IP = \"%s\" HOST = \"%s\"", - ip, pszHostFQDN); - errmsg.LogError(NO_ERRCODE, "%s", szErrMsg); - - error = 1; /* that will trigger using IP address below. */ + /* OK, we know we have evil, so let's indicate this to our caller */ + snprintf((char*)szHname, NI_MAXHOST, "[MALICIOUS:IP=%s]", szIP); + dbgprintf("Malicious PTR record, IP = \"%s\" HOST = \"%s\"", szIP, szHname); + iRet = RS_RET_MALICIOUS_HNAME; } - } - pthread_sigmask(SIG_SETMASK, &omask, NULL); + } else { + strcpy((char*)szHname, (char*)szIP); + } + } else { + strcpy((char*)szHname, (char*)szIP); } - if(error || glbl.GetDisableDNS()) { - dbgprintf("Host name for your address (%s) unknown\n", ip); - strcpy((char*) pszHostFQDN, ip); - ABORT_FINALIZE(RS_RET_ADDRESS_UNKNOWN); - } + /* We now have the names, so now let's allocate memory and store them permanently. + * (side note: we may hold on to these values for quite a while, thus we trim their + * memory consumption) + */ + len = strlen((char*)szIP) + 1; /* +1 for \0 byte */ + if((pThis->pRemHostIP = malloc(len)) == NULL) + ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); + memcpy(pThis->pRemHostIP, szIP, len); + + len = strlen((char*)szHname) + 1; /* +1 for \0 byte */ + if((pThis->pRemHostName = malloc(len)) == NULL) { + free(pThis->pRemHostIP); /* prevent leak */ + pThis->pRemHostIP = NULL; + ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); + } + memcpy(pThis->pRemHostName, szHname, len); finalize_it: RETiRet; } + +/* accept an incoming connection request, sock provides the socket on which we can + * accept the new session. + * rgerhards, 2008-03-17 + */ +rsRetVal +AcceptConnReq(netstrm_t **ppThis, int sock) +{ + netstrm_t *pThis = NULL; + int sockflags; + struct sockaddr_storage addr; + socklen_t addrlen = sizeof(addr); + int iNewSock = -1; + + DEFiRet; + assert(ppThis != NULL); + + iNewSock = accept(sock, (struct sockaddr*) &addr, &addrlen); + if(iNewSock < 0) { + ABORT_FINALIZE(RS_RET_ACCEPT_ERR); + } + + /* construct our object so that we can use it... */ + CHKiRet(netstrmConstruct(&pThis)); + + /* TODO: obtain hostname, normalize (callback?), save it */ + CHKiRet(SetRemHost(pThis, (struct sockaddr*) &addr)); + + /* set the new socket to non-blocking IO */ + if((sockflags = fcntl(iNewSock, F_GETFL)) != -1) { + sockflags |= O_NONBLOCK; + /* SETFL could fail too, so get it caught by the subsequent + * error check. + */ + sockflags = fcntl(iNewSock, F_SETFL, sockflags); + } + if(sockflags == -1) { + dbgprintf("error %d setting fcntl(O_NONBLOCK) on relp socket %d", errno, iNewSock); + ABORT_FINALIZE(RS_RET_IO_ERROR); + } + + pThis->sock = iNewSock; + + *ppThis = pThis; + +finalize_it: + if(iRet != RS_RET_OK) { + if(pThis != NULL) + netstrmDestruct(&pThis); + /* the close may be redundant, but that doesn't hurt... */ + if(iNewSock >= 0) + close(iNewSock); + } + + RETiRet; +} + + +/* initialize the tcp socket for a listner + * pLstnPort is either a pointer to a port name or NULL, in which case the + * default is used. + * gerhards, 2008-03-17 + */ +rsRetVal +LstnInit(netstrm_t *pThis, uchar *pLstnPort) +{ + struct addrinfo hints, *res, *r; + int error, maxs, *s, on = 1; + int sockflags; + uchar *pLstnPt; + + DEFiRet; + ISOBJ_TYPE_assert(pThis, netstrm); + + pLstnPt = (pLstnPort == NULL) ? (uchar*) DFLT_PORT : pLstnPort; + dbgprintf("creating relp tcp listen socket on port %s\n", pLstnPt); + + memset(&hints, 0, sizeof(hints)); + hints.ai_flags = AI_PASSIVE; + hints.ai_family = PF_UNSPEC; /* TODO: permit to configure IPv4/v6 only! */ + hints.ai_socktype = SOCK_STREAM; + + error = getaddrinfo(NULL, (char*) pLstnPt, &hints, &res); + if(error) { + dbgprintf("error %d querying port '%s'\n", error, pLstnPt); + ABORT_FINALIZE(RS_RET_INVALID_PORT); + } + + /* Count max number of sockets we may open */ + for(maxs = 0, r = res; r != NULL ; r = r->ai_next, maxs++) + /* EMPTY */; + pThis->socks = malloc((maxs+1) * sizeof(int)); + if (pThis->socks == NULL) { + dbgprintf("couldn't allocate memory for TCP listen sockets, suspending RELP message reception."); + freeaddrinfo(res); + ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); + } + + *pThis->socks = 0; /* num of sockets counter at start of array */ + s = pThis->socks + 1; + for(r = res; r != NULL ; r = r->ai_next) { + *s = socket(r->ai_family, r->ai_socktype, r->ai_protocol); + if (*s < 0) { + if(!(r->ai_family == PF_INET6 && errno == EAFNOSUPPORT)) + dbgprintf("creating relp tcp listen socket"); + /* it is debatable if PF_INET with EAFNOSUPPORT should + * also be ignored... + */ + continue; + } + +#ifdef IPV6_V6ONLY + if (r->ai_family == AF_INET6) { + int iOn = 1; + if (setsockopt(*s, IPPROTO_IPV6, IPV6_V6ONLY, + (char *)&iOn, sizeof (iOn)) < 0) { + close(*s); + *s = -1; + continue; + } + } +#endif + if(setsockopt(*s, SOL_SOCKET, SO_REUSEADDR, (char *) &on, sizeof(on)) < 0 ) { + dbgprintf("error %d setting relp/tcp socket option\n", errno); + close(*s); + *s = -1; + continue; + } + + /* We use non-blocking IO! */ + if((sockflags = fcntl(*s, F_GETFL)) != -1) { + sockflags |= O_NONBLOCK; + /* SETFL could fail too, so get it caught by the subsequent + * error check. + */ + sockflags = fcntl(*s, F_SETFL, sockflags); + } + if(sockflags == -1) { + dbgprintf("error %d setting fcntl(O_NONBLOCK) on relp socket", errno); + close(*s); + *s = -1; + continue; + } + + + + /* We need to enable BSD compatibility. Otherwise an attacker + * could flood our log files by sending us tons of ICMP errors. + */ +#ifndef BSD + if(net.should_use_so_bsdcompat()) { + if (setsockopt(*s, SOL_SOCKET, SO_BSDCOMPAT, + (char *) &on, sizeof(on)) < 0) { + errmsg.LogError(NO_ERRCODE, "TCP setsockopt(BSDCOMPAT)"); + close(*s); + *s = -1; + continue; + } + } +#endif + + if( (bind(*s, r->ai_addr, r->ai_addrlen) < 0) +#ifndef IPV6_V6ONLY + && (errno != EADDRINUSE) +#endif + ) { + dbgprintf("error %d while binding relp tcp socket", errno); + close(*s); + *s = -1; + continue; + } + + if(listen(*s,pThis->iSessMax / 10 + 5) < 0) { + /* If the listen fails, it most probably fails because we ask + * for a too-large backlog. So in this case we first set back + * to a fixed, reasonable, limit that should work. Only if + * that fails, too, we give up. + */ + dbgprintf("listen with a backlog of %d failed - retrying with default of 32.", + pThis->iSessMax / 10 + 5); + if(listen(*s, 32) < 0) { + dbgprintf("relp listen error %d, suspending\n", errno); + close(*s); + *s = -1; + continue; + } + } + + (*pThis->socks)++; + s++; + } + + if(res != NULL) + freeaddrinfo(res); + + if(*pThis->socks != maxs) + dbgprintf("We could initialize %d RELP TCP listen sockets out of %d we received " + "- this may or may not be an error indication.\n", *pThis->socks, maxs); + + if(*pThis->socks == 0) { + dbgprintf("No RELP TCP listen socket could successfully be initialized, " + "message reception via RELP disabled.\n"); + free(pThis->socks); + ABORT_FINALIZE(RS_RET_COULD_NOT_BIND); + } + +finalize_it: + RETiRet; +} + + +/* receive data from a tcp socket + * The lenBuf parameter must contain the max buffer size on entry and contains + * the number of octets read (or -1 in case of error) on exit. This function + * never blocks, not even when called on a blocking socket. That is important + * for client sockets, which are set to block during send, but should not + * block when trying to read data. If *pLenBuf is -1, an error occured and + * errno holds the exact error cause. + * rgerhards, 2008-03-17 + */ +rsRetVal +Rcv(netstrm_t *pThis, uchar *pRcvBuf, ssize_t *pLenBuf) +{ + DEFiRet; + ISOBJ_TYPE_assert(pThis, netstrm); + + *pLenBuf = recv(pThis->sock, pRcvBuf, *pLenBuf, MSG_DONTWAIT); + + RETiRet; +} + + +/* send a buffer. On entry, pLenBuf contains the number of octets to + * write. On exit, it contains the number of octets actually written. + * If this number is lower than on entry, only a partial buffer has + * been written. + * rgerhards, 2008-03-19 + */ +rsRetVal +Send(netstrm_t *pThis, uchar *pBuf, ssize_t *pLenBuf) +{ + ssize_t written; + DEFiRet; + ISOBJ_TYPE_assert(pThis, netstrm); + + written = send(pThis->sock, pBuf, *pLenBuf, 0); + + if(written == -1) { + switch(errno) { + case EAGAIN: + case EINTR: + /* this is fine, just retry... */ + written = 0; + break; + default: + ABORT_FINALIZE(RS_RET_IO_ERROR); + break; + } + } + + *pLenBuf = written; +finalize_it: + RETiRet; +} + + +/* open a connection to a remote host (server). + * rgerhards, 2008-03-19 + */ +rsRetVal +Connect(netstrm_t *pThis, int family, uchar *port, uchar *host) +{ + struct addrinfo *res = NULL; + struct addrinfo hints; + + DEFiRet; + ISOBJ_TYPE_assert(pThis, netstrm); + assert(port != NULL); + assert(host != NULL); + assert(pThis->sock == -1); + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = family; + hints.ai_socktype = SOCK_STREAM; + if(getaddrinfo((char*)host, (char*)port, &hints, &res) != 0) { + dbgprintf("error %d in getaddrinfo\n", errno); + ABORT_FINALIZE(RS_RET_IO_ERROR); + } + + if((pThis->sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol)) == -1) { + ABORT_FINALIZE(RS_RET_IO_ERROR); + } + + if(connect(pThis->sock, res->ai_addr, res->ai_addrlen) != 0) { + ABORT_FINALIZE(RS_RET_IO_ERROR); + } + +finalize_it: + if(res != NULL) + freeaddrinfo(res); + + if(iRet != RS_RET_OK) { + if(pThis->sock != -1) { + close(pThis->sock); + pThis->sock = -1; + } + } + + RETiRet; +} + + /* queryInterface function * rgerhards, 2008-03-05 */ @@ -229,7 +544,14 @@ CODESTARTobjQueryInterface(netstrm) * work here (if we can support an older interface version - that, * of course, also affects the "if" above). */ - //pIf->cvthname = cvthname; + pIf->Construct = netstrmConstruct; + pIf->ConstructFinalize = netstrmConstructFinalize; + pIf->Destruct = netstrmDestruct; + pIf->LstnInit = LstnInit; + pIf->AcceptConnReq = AcceptConnReq; + pIf->Rcv = Rcv; + pIf->Send = Send; + pIf->Connect = Connect; finalize_it: ENDobjQueryInterface(netstrm) @@ -240,6 +562,7 @@ ENDobjQueryInterface(netstrm) BEGINObjClassExit(netstrm, OBJ_IS_LOADABLE_MODULE) /* CHANGE class also in END MACRO! */ CODESTARTObjClassExit(netstrm) /* release objects we no longer need */ + objRelease(net, CORE_COMPONENT); objRelease(glbl, CORE_COMPONENT); objRelease(errmsg, CORE_COMPONENT); ENDObjClassExit(netstrm) @@ -253,6 +576,7 @@ BEGINAbstractObjClassInit(netstrm, 1, OBJ_IS_CORE_MODULE) /* class, version */ /* request objects we use */ CHKiRet(objUse(errmsg, CORE_COMPONENT)); CHKiRet(objUse(glbl, CORE_COMPONENT)); + CHKiRet(objUse(net, CORE_COMPONENT)); /* set our own handlers */ ENDObjClassInit(netstrm) diff --git a/runtime/netstrm.h b/runtime/netstrm.h index 7afce9691..73d9c2742 100644 --- a/runtime/netstrm.h +++ b/runtime/netstrm.h @@ -27,11 +27,31 @@ /* the netstrm object */ struct netstrm_s { BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */ - int sock; /* underlying socket */ + uchar *pRemHostIP; /**< IP address of remote peer (currently used in server mode, only) */ + uchar *pRemHostName; /**< host name of remote peer (currently used in server mode, only) */ + int sock; /**< the socket we use for regular, single-socket, operations */ + int *socks; /**< the socket(s) we use for listeners, element 0 has nbr of socks */ + int iSessMax; /**< maximum number of sessions permitted */ }; +/* macros for quick member access */ +#warning "do we need the macros?" +#define relpTcpGetNumSocks(pThis) ((pThis)->socks[0]) +#define relpTcpGetLstnSock(pThis, i) ((pThis)->socks[i]) +#define relpTcpGetSock(pThis) ((pThis)->sock) + + /* interfaces */ BEGINinterface(netstrm) /* name must also be changed in ENDinterface macro! */ +//??relpRetVal relpTcpAbortDestruct(relpTcp_t **ppThis); + rsRetVal (*Construct)(netstrm_t **ppThis); + rsRetVal (*ConstructFinalize)(netstrm_t __attribute__((unused)) *pThis); + rsRetVal (*Destruct)(netstrm_t **ppThis); + rsRetVal (*LstnInit)(netstrm_t *pThis, unsigned char *pLstnPort); + rsRetVal (*AcceptConnReq)(netstrm_t **ppThis, int sock); + rsRetVal (*Rcv)(netstrm_t *pThis, uchar *pRcvBuf, ssize_t *pLenBuf); + rsRetVal (*Send)(netstrm_t *pThis, uchar *pBuf, ssize_t *pLenBuf); + rsRetVal (*Connect)(netstrm_t *pThis, int family, unsigned char *port, unsigned char *host); ENDinterface(netstrm) #define netstrmCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */ diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h index 3a81d67b5..7ed989c5d 100644 --- a/runtime/rsyslog.h +++ b/runtime/rsyslog.h @@ -198,6 +198,11 @@ enum rsRetVal_ /** return value. All methods return this if not specified oth RS_RET_MAIL_NO_TO = -2071, /**< recipient for mail destination is missing */ RS_RET_MAIL_NO_FROM = -2072, /**< sender for mail destination is missing */ RS_RET_INVALID_PRI = -2073, /**< PRI value is invalid */ + RS_RET_MALICIOUS_HNAME = -2074, /**< remote peer is trying malicious things with its hostname */ + RS_RET_ACCEPT_ERR = -2074, /**< error during accept() system call */ + RS_RET_INVALID_HNAME = -2075, /**< remote peer's hostname invalid or unobtainable */ + RS_RET_INVALID_PORT = -2076, /**< invalid port value */ + RS_RET_COULD_NOT_BIND = -2077, /**< could not bind socket, defunct */ /* RainerScript error messages (range 1000.. 1999) */ RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */ From 665ac5df67b6613dfe338396d6cec91e678a0394 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 17 Apr 2008 16:00:07 +0200 Subject: [PATCH 3/6] brought netstrm to a (hopefully) somewhat usable state --- runtime/netstrm.c | 48 +++++++++++++++++++++++------------------------ runtime/netstrm.h | 8 +------- 2 files changed, 24 insertions(+), 32 deletions(-) diff --git a/runtime/netstrm.c b/runtime/netstrm.c index 67611aa01..c27d5f4dc 100644 --- a/runtime/netstrm.c +++ b/runtime/netstrm.c @@ -70,8 +70,6 @@ DEFobjCurrIf(errmsg) DEFobjCurrIf(glbl) DEFobjCurrIf(net) -#define DFLT_PORT "514" -#warning "urgent TODO: default port!" /* Standard-Constructor */ @@ -118,7 +116,7 @@ ENDobjDestruct(netstrm) /* abort a connection. This is much like Destruct(), but tries * to discard any unsent data. -- rgerhards, 2008-03-24 */ -rsRetVal +static rsRetVal AbortDestruct(netstrm_t **ppThis) { struct linger ling; @@ -151,7 +149,7 @@ AbortDestruct(netstrm_t **ppThis) * rgerhards, 2008-03-31 */ static rsRetVal -SetRemHost(netstrm_t *pThis, struct sockaddr *pAddr) +FillRemHost(netstrm_t *pThis, struct sockaddr *pAddr) { int error; uchar szIP[NI_MAXHOST] = ""; @@ -223,7 +221,7 @@ finalize_it: * accept the new session. * rgerhards, 2008-03-17 */ -rsRetVal +static rsRetVal AcceptConnReq(netstrm_t **ppThis, int sock) { netstrm_t *pThis = NULL; @@ -244,7 +242,7 @@ AcceptConnReq(netstrm_t **ppThis, int sock) CHKiRet(netstrmConstruct(&pThis)); /* TODO: obtain hostname, normalize (callback?), save it */ - CHKiRet(SetRemHost(pThis, (struct sockaddr*) &addr)); + CHKiRet(FillRemHost(pThis, (struct sockaddr*) &addr)); /* set the new socket to non-blocking IO */ if((sockflags = fcntl(iNewSock, F_GETFL)) != -1) { @@ -255,7 +253,7 @@ AcceptConnReq(netstrm_t **ppThis, int sock) sockflags = fcntl(iNewSock, F_SETFL, sockflags); } if(sockflags == -1) { - dbgprintf("error %d setting fcntl(O_NONBLOCK) on relp socket %d", errno, iNewSock); + dbgprintf("error %d setting fcntl(O_NONBLOCK) on tcp socket %d", errno, iNewSock); ABORT_FINALIZE(RS_RET_IO_ERROR); } @@ -277,32 +275,33 @@ finalize_it: /* initialize the tcp socket for a listner - * pLstnPort is either a pointer to a port name or NULL, in which case the + * pLstnPort must point to a port name or number. NULL is NOT permitted + * (hint: we need to be careful when we use this module together with librelp, + * there NULL indicates the default port * default is used. * gerhards, 2008-03-17 */ -rsRetVal +static rsRetVal LstnInit(netstrm_t *pThis, uchar *pLstnPort) { struct addrinfo hints, *res, *r; int error, maxs, *s, on = 1; int sockflags; - uchar *pLstnPt; DEFiRet; ISOBJ_TYPE_assert(pThis, netstrm); + assert(pLstnPort != NULL); - pLstnPt = (pLstnPort == NULL) ? (uchar*) DFLT_PORT : pLstnPort; - dbgprintf("creating relp tcp listen socket on port %s\n", pLstnPt); + dbgprintf("creating tcp listen socket on port %s\n", pLstnPort); memset(&hints, 0, sizeof(hints)); hints.ai_flags = AI_PASSIVE; - hints.ai_family = PF_UNSPEC; /* TODO: permit to configure IPv4/v6 only! */ + hints.ai_family = glbl.GetDefPFFamily(); hints.ai_socktype = SOCK_STREAM; - error = getaddrinfo(NULL, (char*) pLstnPt, &hints, &res); + error = getaddrinfo(NULL, (char*) pLstnPort, &hints, &res); if(error) { - dbgprintf("error %d querying port '%s'\n", error, pLstnPt); + dbgprintf("error %d querying port '%s'\n", error, pLstnPort); ABORT_FINALIZE(RS_RET_INVALID_PORT); } @@ -322,7 +321,7 @@ LstnInit(netstrm_t *pThis, uchar *pLstnPort) *s = socket(r->ai_family, r->ai_socktype, r->ai_protocol); if (*s < 0) { if(!(r->ai_family == PF_INET6 && errno == EAFNOSUPPORT)) - dbgprintf("creating relp tcp listen socket"); + dbgprintf("creating tcp listen socket"); /* it is debatable if PF_INET with EAFNOSUPPORT should * also be ignored... */ @@ -341,7 +340,7 @@ LstnInit(netstrm_t *pThis, uchar *pLstnPort) } #endif if(setsockopt(*s, SOL_SOCKET, SO_REUSEADDR, (char *) &on, sizeof(on)) < 0 ) { - dbgprintf("error %d setting relp/tcp socket option\n", errno); + dbgprintf("error %d setting tcp socket option\n", errno); close(*s); *s = -1; continue; @@ -356,7 +355,7 @@ LstnInit(netstrm_t *pThis, uchar *pLstnPort) sockflags = fcntl(*s, F_SETFL, sockflags); } if(sockflags == -1) { - dbgprintf("error %d setting fcntl(O_NONBLOCK) on relp socket", errno); + dbgprintf("error %d setting fcntl(O_NONBLOCK) on tcp socket", errno); close(*s); *s = -1; continue; @@ -384,7 +383,7 @@ LstnInit(netstrm_t *pThis, uchar *pLstnPort) && (errno != EADDRINUSE) #endif ) { - dbgprintf("error %d while binding relp tcp socket", errno); + dbgprintf("error %d while binding tcp socket", errno); close(*s); *s = -1; continue; @@ -399,7 +398,7 @@ LstnInit(netstrm_t *pThis, uchar *pLstnPort) dbgprintf("listen with a backlog of %d failed - retrying with default of 32.", pThis->iSessMax / 10 + 5); if(listen(*s, 32) < 0) { - dbgprintf("relp listen error %d, suspending\n", errno); + dbgprintf("tcp listen error %d, suspending\n", errno); close(*s); *s = -1; continue; @@ -438,7 +437,7 @@ finalize_it: * errno holds the exact error cause. * rgerhards, 2008-03-17 */ -rsRetVal +static rsRetVal Rcv(netstrm_t *pThis, uchar *pRcvBuf, ssize_t *pLenBuf) { DEFiRet; @@ -456,7 +455,7 @@ Rcv(netstrm_t *pThis, uchar *pRcvBuf, ssize_t *pLenBuf) * been written. * rgerhards, 2008-03-19 */ -rsRetVal +static rsRetVal Send(netstrm_t *pThis, uchar *pBuf, ssize_t *pLenBuf) { ssize_t written; @@ -487,7 +486,7 @@ finalize_it: /* open a connection to a remote host (server). * rgerhards, 2008-03-19 */ -rsRetVal +static rsRetVal Connect(netstrm_t *pThis, int family, uchar *port, uchar *host) { struct addrinfo *res = NULL; @@ -531,7 +530,6 @@ finalize_it: /* queryInterface function - * rgerhards, 2008-03-05 */ BEGINobjQueryInterface(netstrm) CODESTARTobjQueryInterface(netstrm) @@ -547,6 +545,7 @@ CODESTARTobjQueryInterface(netstrm) pIf->Construct = netstrmConstruct; pIf->ConstructFinalize = netstrmConstructFinalize; pIf->Destruct = netstrmDestruct; + pIf->AbortDestruct = AbortDestruct; pIf->LstnInit = LstnInit; pIf->AcceptConnReq = AcceptConnReq; pIf->Rcv = Rcv; @@ -557,7 +556,6 @@ ENDobjQueryInterface(netstrm) /* exit our class - * rgerhards, 2008-03-10 */ BEGINObjClassExit(netstrm, OBJ_IS_LOADABLE_MODULE) /* CHANGE class also in END MACRO! */ CODESTARTObjClassExit(netstrm) diff --git a/runtime/netstrm.h b/runtime/netstrm.h index 73d9c2742..7f267a364 100644 --- a/runtime/netstrm.h +++ b/runtime/netstrm.h @@ -34,19 +34,13 @@ struct netstrm_s { int iSessMax; /**< maximum number of sessions permitted */ }; -/* macros for quick member access */ -#warning "do we need the macros?" -#define relpTcpGetNumSocks(pThis) ((pThis)->socks[0]) -#define relpTcpGetLstnSock(pThis, i) ((pThis)->socks[i]) -#define relpTcpGetSock(pThis) ((pThis)->sock) - /* interfaces */ BEGINinterface(netstrm) /* name must also be changed in ENDinterface macro! */ -//??relpRetVal relpTcpAbortDestruct(relpTcp_t **ppThis); rsRetVal (*Construct)(netstrm_t **ppThis); rsRetVal (*ConstructFinalize)(netstrm_t __attribute__((unused)) *pThis); rsRetVal (*Destruct)(netstrm_t **ppThis); + rsRetVal (*AbortDestruct)(netstrm_t **ppThis); rsRetVal (*LstnInit)(netstrm_t *pThis, unsigned char *pLstnPort); rsRetVal (*AcceptConnReq)(netstrm_t **ppThis, int sock); rsRetVal (*Rcv)(netstrm_t *pThis, uchar *pRcvBuf, ssize_t *pLenBuf); From f590c1d52afbae2d16182864084edae84f541835 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 17 Apr 2008 18:06:06 +0200 Subject: [PATCH 4/6] modified omfwd to work with netstrm (and also did some cleanup) --- plugins/omgssapi/omgssapi.c | 6 +- tcpclt.c | 1 - tcpclt.h | 1 - tools/omfwd.c | 549 ++++++++++++++++-------------------- 4 files changed, 243 insertions(+), 314 deletions(-) diff --git a/plugins/omgssapi/omgssapi.c b/plugins/omgssapi/omgssapi.c index 3f6600cab..6f940f990 100644 --- a/plugins/omgssapi/omgssapi.c +++ b/plugins/omgssapi/omgssapi.c @@ -174,8 +174,6 @@ CODESTARTdbgPrintInstInfo ENDdbgPrintInstInfo -/* CODE FOR SENDING TCP MESSAGES */ - /* This function is called immediately before a send retry is attempted. * It shall clean up whatever makes sense. * rgerhards, 2007-12-28 @@ -207,9 +205,7 @@ static rsRetVal TCPSendGSSInit(void *pvData) base = (gss_base_service_name == NULL) ? "host" : gss_base_service_name; out_tok.length = strlen(pData->f_hname) + strlen(base) + 2; - if ((out_tok.value = malloc(out_tok.length)) == NULL) { - ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); - } + CHKmalloc(out_tok.value = malloc(out_tok.length)); strcpy(out_tok.value, base); strcat(out_tok.value, "@"); strcat(out_tok.value, pData->f_hname); diff --git a/tcpclt.c b/tcpclt.c index 7216caae1..2bc2ea56b 100644 --- a/tcpclt.c +++ b/tcpclt.c @@ -51,7 +51,6 @@ MODULE_TYPE_LIB DEFobjStaticHelpers /* Initialize TCP sockets (for sender) - * This is done once per selector line, if not yet initialized. */ static int CreateSocket(struct addrinfo *addrDest) diff --git a/tcpclt.h b/tcpclt.h index 153442664..b7aada657 100644 --- a/tcpclt.h +++ b/tcpclt.h @@ -26,7 +26,6 @@ #ifndef TCPCLT_H_INCLUDED #define TCPCLT_H_INCLUDED 1 -//#include "tcpsyslog.h" #include "obj.h" /* the tcpclt object */ diff --git a/tools/omfwd.c b/tools/omfwd.c index 80f62c8a5..6c3a351a4 100644 --- a/tools/omfwd.c +++ b/tools/omfwd.c @@ -30,7 +30,6 @@ * A copy of the GPL can be found in the file "COPYING" in this distribution. */ #include "config.h" -#ifdef SYSLOG_INET #include "rsyslog.h" #include #include @@ -52,6 +51,7 @@ #include "syslogd-types.h" #include "srUtils.h" #include "net.h" +#include "netstrm.h" #include "omfwd.h" #include "template.h" #include "msg.h" @@ -69,17 +69,14 @@ DEF_OMOD_STATIC_DATA DEFobjCurrIf(errmsg) DEFobjCurrIf(glbl) DEFobjCurrIf(net) +DEFobjCurrIf(netstrm) DEFobjCurrIf(tcpclt) typedef struct _instanceData { char *f_hname; - short sock; /* file descriptor */ + netstrm_t *pNetstrm; /* our output netstream */ int *pSockArray; /* sockets to use for UDP */ - enum { /* TODO: we shoud revisit these definitions */ - eDestFORW, - eDestFORW_SUSP, - eDestFORW_UNKN - } eDestState; + int bIsConnected; /* are we connected to remote host? 0 - no, 1 - yes, UDP means addr resolved */ struct addrinfo *f_addr; int compressionLevel; /* 0 - no compression, else level for zlib */ char *port; @@ -87,8 +84,7 @@ typedef struct _instanceData { # define FORW_UDP 0 # define FORW_TCP 1 /* following fields for TCP-based delivery */ - time_t ttSuspend; /* time selector was suspended */ - tcpclt_t *pTCPClt; /* our tcpclt object */ + tcpclt_t *pTCPClt; /* our tcpclt object */ } instanceData; /* config data */ @@ -101,7 +97,7 @@ static uchar *pszTplName = NULL; /* name of the default template to use */ * We may change the implementation to try to lookup the port * if it is unspecified. So far, we use the IANA default auf 514. */ -static char *getFwdSyslogPt(instanceData *pData) +static char *getFwdPt(instanceData *pData) { assert(pData != NULL); if(pData->port == NULL) @@ -112,7 +108,6 @@ static char *getFwdSyslogPt(instanceData *pData) BEGINcreateInstance CODESTARTcreateInstance - pData->sock = -1; ENDcreateInstance @@ -125,20 +120,16 @@ ENDisCompatibleWithFeature BEGINfreeInstance CODESTARTfreeInstance - switch (pData->eDestState) { - case eDestFORW: - case eDestFORW_SUSP: - freeaddrinfo(pData->f_addr); - /* fall through */ - case eDestFORW_UNKN: - if(pData->port != NULL) - free(pData->port); - break; + if(pData->f_addr != NULL) { /* TODO: is the check ok? */ + freeaddrinfo(pData->f_addr); + pData->f_addr = NULL; } + if(pData->port != NULL) + free(pData->port); /* final cleanup */ - if(pData->sock >= 0) - close(pData->sock); + if(pData->pNetstrm != NULL) + netstrm.Destruct(&pData->pNetstrm); if(pData->pSockArray != NULL) net.closeUDPListenSockets(pData->pSockArray); @@ -175,8 +166,7 @@ static rsRetVal UDPSend(instanceData *pData, char *msg, size_t len) * succeeding. We track this be bSendSuccess. We can not simply * rely on lsent, as a call might initially work, but a later * call fails. Then, lsent has the error status, even though - * the sendto() succeeded. - * rgerhards, 2007-06-22 + * the sendto() succeeded. -- rgerhards, 2007-06-22 */ bSendSuccess = FALSE; for (r = pData->f_addr; r; r = r->ai_next) { @@ -217,22 +207,11 @@ static rsRetVal TCPSendFrame(void *pvData, char *msg, size_t len) ssize_t lenSend; instanceData *pData = (instanceData *) pvData; - lenSend = send(pData->sock, msg, len, 0); + lenSend = len; + CHKiRet(netstrm.Send(pData->pNetstrm, (uchar*)msg, &lenSend)); dbgprintf("TCP sent %ld bytes, requested %ld\n", (long) lenSend, (long) len); - if(lenSend == -1) { - /* we have an error case - check what we can live with */ - switch(errno) { - case EMSGSIZE: - dbgprintf("message not (tcp)send, too large\n"); - /* This is not a real error, so it is not flagged as one */ - break; - default: - dbgprintf("message not (tcp)send"); - iRet = RS_RET_TCP_SEND_ERROR; - break; - } - } else if(lenSend != (ssize_t) len) { + if(lenSend != (ssize_t) len) { /* no real error, could "just" not send everything... * For the time being, we ignore this... * rgerhards, 2005-10-25 @@ -242,6 +221,7 @@ static rsRetVal TCPSendFrame(void *pvData, char *msg, size_t len) /* TODO: we need to revisit this code -- rgerhards, 2007-12-28 */ } +finalize_it: RETiRet; } @@ -256,13 +236,12 @@ static rsRetVal TCPSendPrepRetry(void *pvData) instanceData *pData = (instanceData *) pvData; assert(pData != NULL); - close(pData->sock); - pData->sock = -1; + netstrm.Destruct(&pData->pNetstrm); RETiRet; } -/* initialies everything so that TCPSend can work. +/* initializes everything so that TCPSend can work. * rgerhards, 2007-12-28 */ static rsRetVal TCPSendInit(void *pvData) @@ -271,11 +250,16 @@ static rsRetVal TCPSendInit(void *pvData) instanceData *pData = (instanceData *) pvData; assert(pData != NULL); - if(pData->sock < 0) { - if((pData->sock = tcpclt.CreateSocket(pData->f_addr)) < 0) - iRet = RS_RET_TCP_SOCKCREATE_ERR; + if(pData->pNetstrm == NULL) { + CHKiRet(netstrm.Construct(&pData->pNetstrm)); + CHKiRet(netstrm.Connect(pData->pNetstrm, glbl.GetDefPFFamily(), + (uchar*)pData->port, (uchar*)pData->f_hname)); } +finalize_it: + if(iRet != RS_RET_OK) + netstrm.Destruct(&pData->pNetstrm); + RETiRet; } @@ -288,39 +272,38 @@ static rsRetVal doTryResume(instanceData *pData) DEFiRet; struct addrinfo *res; struct addrinfo hints; - unsigned e; - switch (pData->eDestState) { - case eDestFORW_SUSP: - iRet = RS_RET_OK; /* the actual check happens during doAction() only */ - pData->eDestState = eDestFORW; - break; - - case eDestFORW_UNKN: - /* The remote address is not yet known and needs to be obtained */ - dbgprintf(" %s\n", pData->f_hname); + if(pData->bIsConnected) + FINALIZE; + + /* The remote address is not yet known and needs to be obtained */ + dbgprintf(" %s\n", pData->f_hname); + if(pData->protocol == FORW_UDP) { memset(&hints, 0, sizeof(hints)); - /* port must be numeric, because config file syntax requests this */ - /* TODO: this code is a duplicate from cfline() - we should later create - * a common function. - */ + /* port must be numeric, because config file syntax requires this */ hints.ai_flags = AI_NUMERICSERV; hints.ai_family = glbl.GetDefPFFamily(); - hints.ai_socktype = pData->protocol == FORW_UDP ? SOCK_DGRAM : SOCK_STREAM; - if((e = getaddrinfo(pData->f_hname, - getFwdSyslogPt(pData), &hints, &res)) == 0) { - dbgprintf("%s found, resuming.\n", pData->f_hname); - pData->f_addr = res; - pData->eDestState = eDestFORW; - } else { - iRet = RS_RET_SUSPENDED; + hints.ai_socktype = pData->protocol == SOCK_DGRAM; + if((getaddrinfo(pData->f_hname, getFwdPt(pData), &hints, &res)) != 0) { + ABORT_FINALIZE(RS_RET_SUSPENDED); } - break; - case eDestFORW: - /* rgerhards, 2007-09-11: this can not happen, but I've included it to - * a) make the compiler happy, b) detect any logic errors */ - assert(0); - break; + dbgprintf("%s found, resuming.\n", pData->f_hname); + pData->f_addr = res; + pData->bIsConnected = 1; + if(pData->pSockArray == NULL) { + pData->pSockArray = net.create_udp_socket((uchar*)pData->f_hname, NULL, 0); + } + } else { + CHKiRet(TCPSendInit((void*)pData)); + } + +finalize_it: + if(iRet != RS_RET_OK) { + if(pData->f_addr != NULL) { + freeaddrinfo(pData->f_addr); + pData->f_addr = NULL; + } + iRet = RS_RET_SUSPENDED; } RETiRet; @@ -336,87 +319,65 @@ BEGINdoAction char *psz; /* temporary buffering */ register unsigned l; CODESTARTdoAction - switch (pData->eDestState) { - case eDestFORW_SUSP: - dbgprintf("internal error in omfwd.c, eDestFORW_SUSP in doAction()!\n"); - iRet = RS_RET_SUSPENDED; - break; - - case eDestFORW_UNKN: - dbgprintf("doAction eDestFORW_UNKN\n"); - iRet = doTryResume(pData); - break; + CHKiRet(doTryResume(pData)); - case eDestFORW: - dbgprintf(" %s:%s/%s\n", pData->f_hname, getFwdSyslogPt(pData), - pData->protocol == FORW_UDP ? "udp" : "tcp"); - /* with UDP, check if the socket is there and, if not, alloc - * it. TODO: there should be a better place for that code. - * rgerhards, 2007-12-26 - */ - if(pData->protocol == FORW_UDP) { - if(pData->pSockArray == NULL) { - pData->pSockArray = net.create_udp_socket((uchar*)pData->f_hname, NULL, 0); - } - } - pData->ttSuspend = time(NULL); - psz = (char*) ppString[0]; - l = strlen((char*) psz); - if (l > MAXLINE) - l = MAXLINE; + dbgprintf(" %s:%s/%s\n", pData->f_hname, getFwdPt(pData), + pData->protocol == FORW_UDP ? "udp" : "tcp"); -# ifdef USE_NETZIP - /* Check if we should compress and, if so, do it. We also - * check if the message is large enough to justify compression. - * The smaller the message, the less likely is a gain in compression. - * To save CPU cycles, we do not try to compress very small messages. - * What "very small" means needs to be configured. Currently, it is - * hard-coded but this may be changed to a config parameter. - * rgerhards, 2006-11-30 - */ - if(pData->compressionLevel && (l > MIN_SIZE_FOR_COMPRESS)) { - Bytef out[MAXLINE+MAXLINE/100+12] = "z"; - uLongf destLen = sizeof(out) / sizeof(Bytef); - uLong srcLen = l; - int ret; - ret = compress2((Bytef*) out+1, &destLen, (Bytef*) psz, - srcLen, pData->compressionLevel); - dbgprintf("Compressing message, length was %d now %d, return state %d.\n", - l, (int) destLen, ret); - if(ret != Z_OK) { - /* if we fail, we complain, but only in debug mode - * Otherwise, we are silent. In any case, we ignore the - * failed compression and just sent the uncompressed - * data, which is still valid. So this is probably the - * best course of action. - * rgerhards, 2006-11-30 - */ - dbgprintf("Compression failed, sending uncompressed message\n"); - } else if(destLen+1 < l) { - /* only use compression if there is a gain in using it! */ - dbgprintf("there is gain in compression, so we do it\n"); - psz = (char*) out; - l = destLen + 1; /* take care for the "z" at message start! */ - } - ++destLen; - } -# endif + psz = (char*) ppString[0]; + l = strlen((char*) psz); + if (l > MAXLINE) + l = MAXLINE; - if(pData->protocol == FORW_UDP) { - /* forward via UDP */ - CHKiRet(UDPSend(pData, psz, l)); - } else { - /* forward via TCP */ - rsRetVal ret; - ret = tcpclt.Send(pData->pTCPClt, pData, psz, l); - if(ret != RS_RET_OK) { - /* error! */ - dbgprintf("error forwarding via tcp, suspending\n"); - pData->eDestState = eDestFORW_SUSP; - iRet = RS_RET_SUSPENDED; - } +# ifdef USE_NETZIP + /* Check if we should compress and, if so, do it. We also + * check if the message is large enough to justify compression. + * The smaller the message, the less likely is a gain in compression. + * To save CPU cycles, we do not try to compress very small messages. + * What "very small" means needs to be configured. Currently, it is + * hard-coded but this may be changed to a config parameter. + * rgerhards, 2006-11-30 + */ + if(pData->compressionLevel && (l > MIN_SIZE_FOR_COMPRESS)) { + Bytef out[MAXLINE+MAXLINE/100+12] = "z"; + uLongf destLen = sizeof(out) / sizeof(Bytef); + uLong srcLen = l; + int ret; + ret = compress2((Bytef*) out+1, &destLen, (Bytef*) psz, + srcLen, pData->compressionLevel); + dbgprintf("Compressing message, length was %d now %d, return state %d.\n", + l, (int) destLen, ret); + if(ret != Z_OK) { + /* if we fail, we complain, but only in debug mode + * Otherwise, we are silent. In any case, we ignore the + * failed compression and just sent the uncompressed + * data, which is still valid. So this is probably the + * best course of action. + * rgerhards, 2006-11-30 + */ + dbgprintf("Compression failed, sending uncompressed message\n"); + } else if(destLen+1 < l) { + /* only use compression if there is a gain in using it! */ + dbgprintf("there is gain in compression, so we do it\n"); + psz = (char*) out; + l = destLen + 1; /* take care for the "z" at message start! */ + } + ++destLen; + } +# endif + + if(pData->protocol == FORW_UDP) { + /* forward via UDP */ + CHKiRet(UDPSend(pData, psz, l)); + } else { + /* forward via TCP */ + rsRetVal ret; + ret = tcpclt.Send(pData->pTCPClt, pData, psz, l); + if(ret != RS_RET_OK) { + /* error! */ + dbgprintf("error forwarding via tcp, suspending\n"); + iRet = RS_RET_SUSPENDED; } - break; } finalize_it: ENDdoAction @@ -425,171 +386,144 @@ ENDdoAction BEGINparseSelectorAct uchar *q; int i; - int error; int bErr; - struct addrinfo hints, *res; + struct addrinfo; TCPFRAMINGMODE tcp_framing = TCP_FRAMING_OCTET_STUFFING; CODESTARTparseSelectorAct CODE_STD_STRING_REQUESTparseSelectorAct(1) - if(*p == '@') { - if((iRet = createInstance(&pData)) != RS_RET_OK) - goto finalize_it; - ++p; /* eat '@' */ - if(*p == '@') { /* indicator for TCP! */ - pData->protocol = FORW_TCP; - ++p; /* eat this '@', too */ - } else { - pData->protocol = FORW_UDP; - } - /* we are now after the protocol indicator. Now check if we should - * use compression. We begin to use a new option format for this: - * @(option,option)host:port - * The first option defined is "z[0..9]" where the digit indicates - * the compression level. If it is not given, 9 (best compression) is - * assumed. An example action statement might be: - * @@(z5,o)127.0.0.1:1400 - * Which means send via TCP with medium (5) compresion (z) to the local - * host on port 1400. The '0' option means that octet-couting (as in - * IETF I-D syslog-transport-tls) is to be used for framing (this option - * applies to TCP-based syslog only and is ignored when specified with UDP). - * That is not yet implemented. - * rgerhards, 2006-12-07 - */ - if(*p == '(') { - /* at this position, it *must* be an option indicator */ - do { - ++p; /* eat '(' or ',' (depending on when called) */ - /* check options */ - if(*p == 'z') { /* compression */ -# ifdef USE_NETZIP - ++p; /* eat */ - if(isdigit((int) *p)) { - int iLevel; - iLevel = *p - '0'; - ++p; /* eat */ - pData->compressionLevel = iLevel; - } else { - errmsg.LogError(NO_ERRCODE, "Invalid compression level '%c' specified in " - "forwardig action - NOT turning on compression.", - *p); - } -# else - errmsg.LogError(NO_ERRCODE, "Compression requested, but rsyslogd is not compiled " - "with compression support - request ignored."); -# endif /* #ifdef USE_NETZIP */ - } else if(*p == 'o') { /* octet-couting based TCP framing? */ - ++p; /* eat */ - /* no further options settable */ - tcp_framing = TCP_FRAMING_OCTET_COUNTING; - } else { /* invalid option! Just skip it... */ - errmsg.LogError(NO_ERRCODE, "Invalid option %c in forwarding action - ignoring.", *p); - ++p; /* eat invalid option */ - } - /* the option processing is done. We now do a generic skip - * to either the next option or the end of the option - * block. - */ - while(*p && *p != ')' && *p != ',') - ++p; /* just skip it */ - } while(*p && *p == ','); /* Attention: do.. while() */ - if(*p == ')') - ++p; /* eat terminator, on to next */ - else - /* we probably have end of string - leave it for the rest - * of the code to handle it (but warn the user) - */ - errmsg.LogError(NO_ERRCODE, "Option block not terminated in forwarding action."); - } - /* extract the host first (we do a trick - we replace the ';' or ':' with a '\0') - * now skip to port and then template name. rgerhards 2005-07-06 - */ - for(q = p ; *p && *p != ';' && *p != ':' ; ++p) - /* JUST SKIP */; + if(*p != '@') + ABORT_FINALIZE(RS_RET_CONFLINE_UNPROCESSED); - pData->port = NULL; - if(*p == ':') { /* process port */ - uchar * tmp; - - *p = '\0'; /* trick to obtain hostname (later)! */ - tmp = ++p; - for(i=0 ; *p && isdigit((int) *p) ; ++p, ++i) - /* SKIP AND COUNT */; - pData->port = malloc(i + 1); - if(pData->port == NULL) { - errmsg.LogError(NO_ERRCODE, "Could not get memory to store syslog forwarding port, " - "using default port, results may not be what you intend\n"); - /* we leave f_forw.port set to NULL, this is then handled by - * getFwdSyslogPt(). - */ - } else { - memcpy(pData->port, tmp, i); - *(pData->port + i) = '\0'; - } - } - - /* now skip to template */ - bErr = 0; - while(*p && *p != ';') { - if(*p && *p != ';' && !isspace((int) *p)) { - if(bErr == 0) { /* only 1 error msg! */ - bErr = 1; - errno = 0; - errmsg.LogError(NO_ERRCODE, "invalid selector line (port), probably not doing " - "what was intended"); - } - } - ++p; - } - - /* TODO: make this if go away! */ - if(*p == ';') { - *p = '\0'; /* trick to obtain hostname (later)! */ - CHKmalloc(pData->f_hname = strdup((char*) q)); - *p = ';'; - } else { - CHKmalloc(pData->f_hname = strdup((char*) q)); - } - - /* process template */ - CHKiRet(cflineParseTemplateName(&p, *ppOMSR, 0, OMSR_NO_RQD_TPL_OPTS, - (pszTplName == NULL) ? (uchar*)"RSYSLOG_TraditionalForwardFormat" : pszTplName)); - - /* first set the pData->eDestState */ - memset(&hints, 0, sizeof(hints)); - /* port must be numeric, because config file syntax requests this */ - hints.ai_flags = AI_NUMERICSERV; - hints.ai_family = glbl.GetDefPFFamily(); - hints.ai_socktype = pData->protocol == FORW_UDP ? SOCK_DGRAM : SOCK_STREAM; - if( (error = getaddrinfo(pData->f_hname, getFwdSyslogPt(pData), &hints, &res)) != 0) { - pData->eDestState = eDestFORW_UNKN; - pData->ttSuspend = time(NULL); - } else { - pData->eDestState = eDestFORW; - pData->f_addr = res; - } - /* - * Otherwise the host might be unknown due to an - * inaccessible nameserver (perhaps on the same - * host). We try to get the ip number later, like - * FORW_SUSP. - */ - if(pData->protocol == FORW_TCP) { - /* create our tcpclt */ - CHKiRet(tcpclt.Construct(&pData->pTCPClt)); - /* and set callbacks */ - CHKiRet(tcpclt.SetSendInit(pData->pTCPClt, TCPSendInit)); - CHKiRet(tcpclt.SetSendFrame(pData->pTCPClt, TCPSendFrame)); - CHKiRet(tcpclt.SetSendPrepRetry(pData->pTCPClt, TCPSendPrepRetry)); - CHKiRet(tcpclt.SetFraming(pData->pTCPClt, tcp_framing)); - } + CHKiRet(createInstance(&pData)); + ++p; /* eat '@' */ + if(*p == '@') { /* indicator for TCP! */ + pData->protocol = FORW_TCP; + ++p; /* eat this '@', too */ } else { - iRet = RS_RET_CONFLINE_UNPROCESSED; + pData->protocol = FORW_UDP; + } + /* we are now after the protocol indicator. Now check if we should + * use compression. We begin to use a new option format for this: + * @(option,option)host:port + * The first option defined is "z[0..9]" where the digit indicates + * the compression level. If it is not given, 9 (best compression) is + * assumed. An example action statement might be: + * @@(z5,o)127.0.0.1:1400 + * Which means send via TCP with medium (5) compresion (z) to the local + * host on port 1400. The '0' option means that octet-couting (as in + * IETF I-D syslog-transport-tls) is to be used for framing (this option + * applies to TCP-based syslog only and is ignored when specified with UDP). + * That is not yet implemented. + * rgerhards, 2006-12-07 + */ + if(*p == '(') { + /* at this position, it *must* be an option indicator */ + do { + ++p; /* eat '(' or ',' (depending on when called) */ + /* check options */ + if(*p == 'z') { /* compression */ +# ifdef USE_NETZIP + ++p; /* eat */ + if(isdigit((int) *p)) { + int iLevel; + iLevel = *p - '0'; + ++p; /* eat */ + pData->compressionLevel = iLevel; + } else { + errmsg.LogError(NO_ERRCODE, "Invalid compression level '%c' specified in " + "forwardig action - NOT turning on compression.", + *p); + } +# else + errmsg.LogError(NO_ERRCODE, "Compression requested, but rsyslogd is not compiled " + "with compression support - request ignored."); +# endif /* #ifdef USE_NETZIP */ + } else if(*p == 'o') { /* octet-couting based TCP framing? */ + ++p; /* eat */ + /* no further options settable */ + tcp_framing = TCP_FRAMING_OCTET_COUNTING; + } else { /* invalid option! Just skip it... */ + errmsg.LogError(NO_ERRCODE, "Invalid option %c in forwarding action - ignoring.", *p); + ++p; /* eat invalid option */ + } + /* the option processing is done. We now do a generic skip + * to either the next option or the end of the option + * block. + */ + while(*p && *p != ')' && *p != ',') + ++p; /* just skip it */ + } while(*p && *p == ','); /* Attention: do.. while() */ + if(*p == ')') + ++p; /* eat terminator, on to next */ + else + /* we probably have end of string - leave it for the rest + * of the code to handle it (but warn the user) + */ + errmsg.LogError(NO_ERRCODE, "Option block not terminated in forwarding action."); + } + /* extract the host first (we do a trick - we replace the ';' or ':' with a '\0') + * now skip to port and then template name. rgerhards 2005-07-06 + */ + for(q = p ; *p && *p != ';' && *p != ':' ; ++p) + /* JUST SKIP */; + + pData->port = NULL; + if(*p == ':') { /* process port */ + uchar * tmp; + + *p = '\0'; /* trick to obtain hostname (later)! */ + tmp = ++p; + for(i=0 ; *p && isdigit((int) *p) ; ++p, ++i) + /* SKIP AND COUNT */; + pData->port = malloc(i + 1); + if(pData->port == NULL) { + errmsg.LogError(NO_ERRCODE, "Could not get memory to store syslog forwarding port, " + "using default port, results may not be what you intend\n"); + /* we leave f_forw.port set to NULL, this is then handled by getFwdPt(). */ + } else { + memcpy(pData->port, tmp, i); + *(pData->port + i) = '\0'; + } + } + + /* now skip to template */ + bErr = 0; + while(*p && *p != ';') { + if(*p && *p != ';' && !isspace((int) *p)) { + if(bErr == 0) { /* only 1 error msg! */ + bErr = 1; + errno = 0; + errmsg.LogError(NO_ERRCODE, "invalid selector line (port), probably not doing " + "what was intended"); + } + } + ++p; + } + + /* TODO: make this if go away! */ + if(*p == ';') { + *p = '\0'; /* trick to obtain hostname (later)! */ + CHKmalloc(pData->f_hname = strdup((char*) q)); + *p = ';'; + } else { + CHKmalloc(pData->f_hname = strdup((char*) q)); + } + + /* process template */ + CHKiRet(cflineParseTemplateName(&p, *ppOMSR, 0, OMSR_NO_RQD_TPL_OPTS, + (pszTplName == NULL) ? (uchar*)"RSYSLOG_TraditionalForwardFormat" : pszTplName)); + + if(pData->protocol == FORW_TCP) { + /* create our tcpclt */ + CHKiRet(tcpclt.Construct(&pData->pTCPClt)); + /* and set callbacks */ + CHKiRet(tcpclt.SetSendInit(pData->pTCPClt, TCPSendInit)); + CHKiRet(tcpclt.SetSendFrame(pData->pTCPClt, TCPSendFrame)); + CHKiRet(tcpclt.SetSendPrepRetry(pData->pTCPClt, TCPSendPrepRetry)); + CHKiRet(tcpclt.SetFraming(pData->pTCPClt, tcp_framing)); } - /* TODO: do we need to call freeInstance if we failed - this is a general question for - * all output modules. I'll address it lates as the interface evolves. rgerhards, 2007-07-25 - */ CODE_STD_FINALIZERparseSelectorAct ENDparseSelectorAct @@ -600,6 +534,7 @@ CODESTARTmodExit objRelease(errmsg, CORE_COMPONENT); objRelease(glbl, CORE_COMPONENT); objRelease(net, LM_NET_FILENAME); + objRelease(netstrm, LM_NETSTRM_FILENAME); objRelease(tcpclt, LM_TCPCLT_FILENAME); if(pszTplName != NULL) { @@ -635,13 +570,13 @@ CODESTARTmodInit CODEmodInit_QueryRegCFSLineHdlr CHKiRet(objUse(glbl, CORE_COMPONENT)); CHKiRet(objUse(errmsg, CORE_COMPONENT)); - CHKiRet(objUse(net, LM_NET_FILENAME)); + CHKiRet(objUse(net,LM_NET_FILENAME)); + CHKiRet(objUse(netstrm, LM_NETSTRM_FILENAME)); CHKiRet(objUse(tcpclt, LM_TCPCLT_FILENAME)); CHKiRet(regCfSysLineHdlr((uchar *)"actionforwarddefaulttemplate", 0, eCmdHdlrGetWord, NULL, &pszTplName, NULL)); CHKiRet(omsdRegCFSLineHdlr((uchar *)"resetconfigvariables", 1, eCmdHdlrCustomHandler, resetConfigVariables, NULL, STD_LOADABLE_MODULE_ID)); ENDmodInit -#endif /* #ifdef SYSLOG_INET */ /* vim:set ai: */ From ea4a3a3cd95faf9328def84e3e253d6c1a4375f7 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 17 Apr 2008 19:03:51 +0200 Subject: [PATCH 5/6] improvements in omfwd and cleanup of omgssapi - some (small) cleanup of omgssapi - optimized omfwed, now loads TCP code only if this is actually necessary --- ChangeLog | 2 ++ plugins/omgssapi/omgssapi.c | 17 ----------------- tools/omfwd.c | 34 ++++++++++++++++++++++++++++++---- 3 files changed, 32 insertions(+), 21 deletions(-) diff --git a/ChangeLog b/ChangeLog index f0fd47488..71766d1dc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ --------------------------------------------------------------------------- Version 3.19.0 (rgerhards), 2008-04-?? - begins new devel branch version +- partly rewritten and improved omfwd among others, now loads TCP + code only if this is actually necessary - implemented im3195, the RFC3195 input as a plugin - split of a "runtime library" for rsyslog - this is not yet a clean model, because some modularization is still outstanding. In theory, diff --git a/plugins/omgssapi/omgssapi.c b/plugins/omgssapi/omgssapi.c index 6f940f990..6d419de06 100644 --- a/plugins/omgssapi/omgssapi.c +++ b/plugins/omgssapi/omgssapi.c @@ -58,17 +58,6 @@ MODULE_TYPE_OUTPUT -#define INET_SUSPEND_TIME 60 -/* equal to 1 minute - TODO: see if we can get rid of this now that we have - * the retry intervals in the engine -- rgerhards, 2008-03-12 - */ - -#define INET_RETRY_MAX 30 /* maximum of retries for gethostbyname() */ - /* was 10, changed to 30 because we reduced INET_SUSPEND_TIME by one third. So - * this "fixes" some of implications of it (see comment on INET_SUSPEND_TIME). - * rgerhards, 2005-07-26 - * TODO: this needs to be reviewed in spite of the new engine, too -- rgerhards, 2008-03-12 - */ /* internal structures */ @@ -86,11 +75,9 @@ typedef struct _instanceData { eDestFORW_SUSP, eDestFORW_UNKN } eDestState; - int iRtryCnt; struct addrinfo *f_addr; int compressionLevel; /* 0 - no compression, else level for zlib */ char *port; - time_t ttSuspend; /* time selector was suspended */ tcpclt_t *pTCPClt; /* our tcpclt object */ gss_ctx_id_t gss_context; OM_uint32 gss_flags; @@ -367,7 +354,6 @@ static rsRetVal doTryResume(instanceData *pData) getFwdSyslogPt(pData), &hints, &res)) == 0) { dbgprintf("%s found, resuming.\n", pData->f_hname); pData->f_addr = res; - pData->iRtryCnt = 0; pData->eDestState = eDestFORW; } else { iRet = RS_RET_SUSPENDED; @@ -406,7 +392,6 @@ CODESTARTdoAction case eDestFORW: dbgprintf(" %s:%s/%s\n", pData->f_hname, getFwdSyslogPt(pData), "tcp-gssapi"); - pData->ttSuspend = time(NULL); psz = (char*) ppString[0]; l = strlen((char*) psz); if (l > MAXLINE) @@ -609,8 +594,6 @@ CODE_STD_STRING_REQUESTparseSelectorAct(1) hints.ai_socktype = SOCK_STREAM; if( (error = getaddrinfo(pData->f_hname, getFwdSyslogPt(pData), &hints, &res)) != 0) { pData->eDestState = eDestFORW_UNKN; - pData->iRtryCnt = INET_RETRY_MAX; - pData->ttSuspend = time(NULL); } else { pData->eDestState = eDestFORW; pData->f_addr = res; diff --git a/tools/omfwd.c b/tools/omfwd.c index 6c3a351a4..e7b5dcd75 100644 --- a/tools/omfwd.c +++ b/tools/omfwd.c @@ -195,6 +195,7 @@ static rsRetVal UDPSend(instanceData *pData, char *msg, size_t len) RETiRet; } + /* CODE FOR SENDING TCP MESSAGES */ @@ -383,10 +384,29 @@ finalize_it: ENDdoAction +/* This function loads TCP support, if not already loaded. It will be called + * during config processing. To server ressources, TCP support will only + * be loaded if it actually is used. -- rgerhard, 2008-04-17 + */ +static rsRetVal +loadTCPSupport(void) +{ + DEFiRet; + if(!netstrm.ifIsLoaded) + CHKiRet(objUse(netstrm, LM_NETSTRM_FILENAME)); + if(!tcpclt.ifIsLoaded) + CHKiRet(objUse(tcpclt, LM_TCPCLT_FILENAME)); + +finalize_it: + RETiRet; +} + + BEGINparseSelectorAct uchar *q; int i; int bErr; + rsRetVal localRet; struct addrinfo; TCPFRAMINGMODE tcp_framing = TCP_FRAMING_OCTET_STUFFING; CODESTARTparseSelectorAct @@ -398,6 +418,12 @@ CODE_STD_STRING_REQUESTparseSelectorAct(1) ++p; /* eat '@' */ if(*p == '@') { /* indicator for TCP! */ + localRet = loadTCPSupport(); + if(localRet != RS_RET_OK) { + errmsg.LogError(NO_ERRCODE, "could not activate network stream modules for TCP " + "(internal error %d) - are modules missing?", localRet); + ABORT_FINALIZE(localRet); + } pData->protocol = FORW_TCP; ++p; /* eat this '@', too */ } else { @@ -534,8 +560,10 @@ CODESTARTmodExit objRelease(errmsg, CORE_COMPONENT); objRelease(glbl, CORE_COMPONENT); objRelease(net, LM_NET_FILENAME); - objRelease(netstrm, LM_NETSTRM_FILENAME); - objRelease(tcpclt, LM_TCPCLT_FILENAME); + if(netstrm.ifIsLoaded) + objRelease(netstrm, LM_NETSTRM_FILENAME); + if(!tcpclt.ifIsLoaded) + objRelease(tcpclt, LM_TCPCLT_FILENAME); if(pszTplName != NULL) { free(pszTplName); @@ -571,8 +599,6 @@ CODEmodInit_QueryRegCFSLineHdlr CHKiRet(objUse(glbl, CORE_COMPONENT)); CHKiRet(objUse(errmsg, CORE_COMPONENT)); CHKiRet(objUse(net,LM_NET_FILENAME)); - CHKiRet(objUse(netstrm, LM_NETSTRM_FILENAME)); - CHKiRet(objUse(tcpclt, LM_TCPCLT_FILENAME)); CHKiRet(regCfSysLineHdlr((uchar *)"actionforwarddefaulttemplate", 0, eCmdHdlrGetWord, NULL, &pszTplName, NULL)); CHKiRet(omsdRegCFSLineHdlr((uchar *)"resetconfigvariables", 1, eCmdHdlrCustomHandler, resetConfigVariables, NULL, STD_LOADABLE_MODULE_ID)); From 1daf8d492f932739b6fcde732812116c7666b2bc Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Fri, 18 Apr 2008 11:40:15 +0200 Subject: [PATCH 6/6] converted netstrm into generic netstrm and the nsd_pctp driver --- runtime/Makefile.am | 10 + runtime/glbl.c | 25 +- runtime/glbl.h | 1 + runtime/netstrm.c | 374 +++++----------------------- runtime/netstrm.h | 14 +- runtime/nsd.h | 48 ++++ runtime/nsd_ptcp.c | 579 ++++++++++++++++++++++++++++++++++++++++++++ runtime/nsd_ptcp.h | 48 ++++ runtime/obj-types.h | 4 +- runtime/rsyslog.h | 3 + tools/omfwd.c | 2 + 11 files changed, 779 insertions(+), 329 deletions(-) create mode 100644 runtime/nsd.h create mode 100644 runtime/nsd_ptcp.c create mode 100644 runtime/nsd_ptcp.h diff --git a/runtime/Makefile.am b/runtime/Makefile.am index 400d78c0f..077310c64 100644 --- a/runtime/Makefile.am +++ b/runtime/Makefile.am @@ -11,6 +11,7 @@ librsyslog_la_SOURCES = \ syslogd-types.h \ module-template.h \ obj-types.h \ + nsd.h \ glbl.h \ glbl.c \ msg.c \ @@ -94,4 +95,13 @@ lmnetstrm_la_SOURCES = netstrm.c netstrm.h lmnetstrm_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags) lmnetstrm_la_LDFLAGS = -module -avoid-version lmnetstrm_la_LIBADD = + +# netstream drivers + +# plain tcp driver +pkglib_LTLIBRARIES += lmnsd_ptcp.la +lmnsd_ptcp_la_SOURCES = nsd_ptcp.c nsd_ptcp.h +lmnsd_ptcp_la_CPPFLAGS = $(pthreads_cflags) $(rsrt_cflags) +lmnsd_ptcp_la_LDFLAGS = -module -avoid-version +lmnsd_ptcp_la_LIBADD = endif # if ENABLE_INET diff --git a/runtime/glbl.c b/runtime/glbl.c index 047fd611e..1e51b0e01 100644 --- a/runtime/glbl.c +++ b/runtime/glbl.c @@ -38,6 +38,11 @@ #include "cfsysline.h" #include "glbl.h" +/* some defaults */ +#ifndef DFLT_NETSTRM_DRVR +# define DFLT_NETSTRM_DRVR ((uchar*)"lmnsd_ptcp") +#endif + /* static data */ DEFobjStaticHelpers @@ -54,6 +59,7 @@ static uchar *LocalHostName = NULL;/* our hostname - read-only after startup */ static uchar *LocalDomain; /* our local domain name - read-only after startup */ static char **StripDomains = NULL;/* these domains may be stripped before writing logs - r/o after s.u., never touched by init */ static char **LocalHosts = NULL;/* these hosts are logged with their hostname - read-only after startup, never touched by init */ +static uchar *pszDfltNetstrmDrvr = NULL; /* module name of default netstream driver */ /* define a macro for the simple properties' set and get functions @@ -84,6 +90,7 @@ SIMP_PROP(StripDomains, StripDomains, char**) SIMP_PROP(LocalHosts, LocalHosts, char**) SIMP_PROP_SET(LocalHostName, LocalHostName, uchar*) +SIMP_PROP_SET(DfltNetstrmDrvr, pszDfltNetstrmDrvr, uchar*) // TODO: use custom function which frees existing value #undef SIMP_PROP #undef SIMP_PROP_SET @@ -99,8 +106,7 @@ GetLocalHostName(void) } -/* return the current working directory. - */ +/* return the current working directory */ static uchar* GetWorkDir(void) { @@ -108,6 +114,14 @@ GetWorkDir(void) } +/* return the current default netstream driver */ +static uchar* +GetDfltNetstrmDrvr(void) +{ + return(pszDfltNetstrmDrvr == NULL ? DFLT_NETSTRM_DRVR : pszWorkDir); +} + + /* queryInterface function * rgerhards, 2008-02-21 */ @@ -134,6 +148,7 @@ CODESTARTobjQueryInterface(glbl) SIMP_PROP(LocalDomain) SIMP_PROP(StripDomains) SIMP_PROP(LocalHosts) + SIMP_PROP(DfltNetstrmDrvr) #undef SIMP_PROP finalize_it: ENDobjQueryInterface(glbl) @@ -144,6 +159,10 @@ ENDobjQueryInterface(glbl) */ static rsRetVal resetConfigVariables(uchar __attribute__((unused)) *pp, void __attribute__((unused)) *pVal) { + if(pszDfltNetstrmDrvr != NULL) { + free(pszDfltNetstrmDrvr); + pszDfltNetstrmDrvr = NULL; + } if(pszWorkDir != NULL) { free(pszWorkDir); pszWorkDir = NULL; @@ -172,6 +191,8 @@ ENDObjClassInit(glbl) * rgerhards, 2008-04-17 */ BEGINObjClassExit(glbl, OBJ_IS_CORE_MODULE) /* class, version */ + if(pszDfltNetstrmDrvr != NULL) + free(pszDfltNetstrmDrvr); if(pszWorkDir != NULL) free(pszWorkDir); if(LocalHostName != NULL) diff --git a/runtime/glbl.h b/runtime/glbl.h index d61f9b410..b6864f3de 100644 --- a/runtime/glbl.h +++ b/runtime/glbl.h @@ -48,6 +48,7 @@ BEGINinterface(glbl) /* name must also be changed in ENDinterface macro! */ SIMP_PROP(LocalDomain, uchar*) SIMP_PROP(StripDomains, char**) SIMP_PROP(LocalHosts, char**) + SIMP_PROP(DfltNetstrmDrvr, uchar*) #undef SIMP_PROP ENDinterface(glbl) #define glblCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */ diff --git a/runtime/netstrm.c b/runtime/netstrm.c index c27d5f4dc..274a92d7e 100644 --- a/runtime/netstrm.c +++ b/runtime/netstrm.c @@ -60,6 +60,7 @@ #include "obj.h" #include "errmsg.h" #include "net.h" +#include "nsd.h" #include "netstrm.h" MODULE_TYPE_LIB @@ -71,172 +72,93 @@ DEFobjCurrIf(glbl) DEFobjCurrIf(net) -/* Standard-Constructor - */ -BEGINobjConstruct(netstrm) /* be sure to specify the object type also in END macro! */ - pThis->sock = -1; - pThis->iSessMax = 500; /* default max nbr of sessions -TODO:make configurable--rgerhards, 2008-04-17*/ -ENDobjConstruct(netstrm) - - -/* ConstructionFinalizer +/* load our low-level driver. This must be done before any + * driver-specific functions (allmost all...) can be carried + * out. Note that the driver's .ifIsLoaded is correctly + * initialized by calloc() and we depend on that. + * rgerhards, 2008-04-18 */ static rsRetVal -netstrmConstructFinalize(netstrm_t __attribute__((unused)) *pThis) +loadDrvr(netstrm_t *pThis) { + uchar *pDrvrName; DEFiRet; - ISOBJ_TYPE_assert(pThis, netstrm); + + pDrvrName = pThis->pDrvrName; + if(pDrvrName == NULL) /* if no drvr name is set, use system default */ + pDrvrName = glbl.GetDfltNetstrmDrvr(); + + pThis->Drvr.ifVersion = nsdCURR_IF_VERSION; + /* The pDrvrName+2 below is a hack to obtain the object name. It + * safes us to have yet another variable with the name without "lm" in + * front of it. If we change the module load interface, we may re-think + * about this hack, but for the time being it is efficient and clean + * enough. -- rgerhards, 2008-04-18 + */ + CHKiRet(obj.UseObj(__FILE__, pDrvrName+2, pDrvrName, (void*) &pThis->Drvr)); +finalize_it: RETiRet; } +/* Standard-Constructor */ +BEGINobjConstruct(netstrm) /* be sure to specify the object type also in END macro! */ +ENDobjConstruct(netstrm) + + /* destructor for the netstrm object */ BEGINobjDestruct(netstrm) /* be sure to specify the object type also in END and CODESTART macros! */ - int i; CODESTARTobjDestruct(netstrm) - if(pThis->sock != -1) { - close(pThis->sock); - pThis->sock = -1; - } - - if(pThis->socks != NULL) { - /* if we have some sockets at this stage, we need to close them */ - for(i = 1 ; i <= pThis->socks[0] ; ++i) - close(pThis->socks[i]); - free(pThis->socks); - } - - if(pThis->pRemHostIP != NULL) - free(pThis->pRemHostIP); - if(pThis->pRemHostName != NULL) - free(pThis->pRemHostName); + if(pThis->pDrvrData != NULL) + iRet = pThis->Drvr.Destruct(&pThis->pDrvrData); ENDobjDestruct(netstrm) +/* ConstructionFinalizer */ +static rsRetVal +netstrmConstructFinalize(netstrm_t *pThis) +{ + DEFiRet; + ISOBJ_TYPE_assert(pThis, netstrm); + CHKiRet(loadDrvr(pThis)); + CHKiRet(pThis->Drvr.Construct(&pThis->pDrvrData)); +finalize_it: + RETiRet; +} + /* abort a connection. This is much like Destruct(), but tries * to discard any unsent data. -- rgerhards, 2008-03-24 */ static rsRetVal AbortDestruct(netstrm_t **ppThis) { - struct linger ling; - DEFiRet; assert(ppThis != NULL); ISOBJ_TYPE_assert((*ppThis), netstrm); - if((*ppThis)->sock != -1) { - ling.l_onoff = 1; - ling.l_linger = 0; - if(setsockopt((*ppThis)->sock, SOL_SOCKET, SO_LINGER, &ling, sizeof(ling)) < 0 ) { - dbgprintf("could not set SO_LINGER, errno %d\n", errno); - } - } - + /* we do NOT exit on error, because that would make things worse */ + (*ppThis)->Drvr.Abort((*ppThis)->pDrvrData); iRet = netstrmDestruct(ppThis); RETiRet; } -/* Set pRemHost based on the address provided. This is to be called upon accept()ing - * a connection request. It must be provided by the socket we received the - * message on as well as a NI_MAXHOST size large character buffer for the FQDN. - * Please see http://www.hmug.org/man/3/getnameinfo.php (under Caveats) - * for some explanation of the code found below. If we detect a malicious - * hostname, we return RS_RET_MALICIOUS_HNAME and let the caller decide - * on how to deal with that. - * rgerhards, 2008-03-31 - */ -static rsRetVal -FillRemHost(netstrm_t *pThis, struct sockaddr *pAddr) -{ - int error; - uchar szIP[NI_MAXHOST] = ""; - uchar szHname[NI_MAXHOST] = ""; - struct addrinfo hints, *res; - size_t len; - - DEFiRet; - ISOBJ_TYPE_assert(pThis, netstrm); - assert(pAddr != NULL); +#if 0 +This is not yet working - wait until we arrive at the receiver side (distracts too much at the moment) - error = getnameinfo(pAddr, SALEN(pAddr), (char*)szIP, sizeof(szIP), NULL, 0, NI_NUMERICHOST); - - if(error) { - dbgprintf("Malformed from address %s\n", gai_strerror(error)); - strcpy((char*)szHname, "???"); - strcpy((char*)szIP, "???"); - ABORT_FINALIZE(RS_RET_INVALID_HNAME); - } - - if(!glbl.GetDisableDNS()) { - error = getnameinfo(pAddr, SALEN(pAddr), (char*)szHname, NI_MAXHOST, NULL, 0, NI_NAMEREQD); - if(error == 0) { - memset (&hints, 0, sizeof (struct addrinfo)); - hints.ai_flags = AI_NUMERICHOST; - hints.ai_socktype = SOCK_STREAM; - /* we now do a lookup once again. This one should fail, - * because we should not have obtained a non-numeric address. If - * we got a numeric one, someone messed with DNS! - */ - if(getaddrinfo((char*)szHname, NULL, &hints, &res) == 0) { - freeaddrinfo (res); - /* OK, we know we have evil, so let's indicate this to our caller */ - snprintf((char*)szHname, NI_MAXHOST, "[MALICIOUS:IP=%s]", szIP); - dbgprintf("Malicious PTR record, IP = \"%s\" HOST = \"%s\"", szIP, szHname); - iRet = RS_RET_MALICIOUS_HNAME; - } - } else { - strcpy((char*)szHname, (char*)szIP); - } - } else { - strcpy((char*)szHname, (char*)szIP); - } - - /* We now have the names, so now let's allocate memory and store them permanently. - * (side note: we may hold on to these values for quite a while, thus we trim their - * memory consumption) - */ - len = strlen((char*)szIP) + 1; /* +1 for \0 byte */ - if((pThis->pRemHostIP = malloc(len)) == NULL) - ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); - memcpy(pThis->pRemHostIP, szIP, len); - - len = strlen((char*)szHname) + 1; /* +1 for \0 byte */ - if((pThis->pRemHostName = malloc(len)) == NULL) { - free(pThis->pRemHostIP); /* prevent leak */ - pThis->pRemHostIP = NULL; - ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); - } - memcpy(pThis->pRemHostName, szHname, len); - -finalize_it: - RETiRet; -} - - - -/* accept an incoming connection request, sock provides the socket on which we can +/* accept an incoming connection request, pNsdLstn provides the "listen socket" on which we can * accept the new session. * rgerhards, 2008-03-17 */ static rsRetVal -AcceptConnReq(netstrm_t **ppThis, int sock) +AcceptConnReq(netstrm_t **ppThis, nsd_t *pNsdLstn) { netstrm_t *pThis = NULL; - int sockflags; - struct sockaddr_storage addr; - socklen_t addrlen = sizeof(addr); - int iNewSock = -1; - + nsd_t *pNsd; DEFiRet; - assert(ppThis != NULL); - iNewSock = accept(sock, (struct sockaddr*) &addr, &addrlen); - if(iNewSock < 0) { - ABORT_FINALIZE(RS_RET_ACCEPT_ERR); - } + assert(ppThis != NULL); /* construct our object so that we can use it... */ CHKiRet(netstrmConstruct(&pThis)); @@ -272,6 +194,7 @@ finalize_it: RETiRet; } +#endif /* initialize the tcp socket for a listner @@ -284,144 +207,10 @@ finalize_it: static rsRetVal LstnInit(netstrm_t *pThis, uchar *pLstnPort) { - struct addrinfo hints, *res, *r; - int error, maxs, *s, on = 1; - int sockflags; - DEFiRet; ISOBJ_TYPE_assert(pThis, netstrm); assert(pLstnPort != NULL); - - dbgprintf("creating tcp listen socket on port %s\n", pLstnPort); - - memset(&hints, 0, sizeof(hints)); - hints.ai_flags = AI_PASSIVE; - hints.ai_family = glbl.GetDefPFFamily(); - hints.ai_socktype = SOCK_STREAM; - - error = getaddrinfo(NULL, (char*) pLstnPort, &hints, &res); - if(error) { - dbgprintf("error %d querying port '%s'\n", error, pLstnPort); - ABORT_FINALIZE(RS_RET_INVALID_PORT); - } - - /* Count max number of sockets we may open */ - for(maxs = 0, r = res; r != NULL ; r = r->ai_next, maxs++) - /* EMPTY */; - pThis->socks = malloc((maxs+1) * sizeof(int)); - if (pThis->socks == NULL) { - dbgprintf("couldn't allocate memory for TCP listen sockets, suspending RELP message reception."); - freeaddrinfo(res); - ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); - } - - *pThis->socks = 0; /* num of sockets counter at start of array */ - s = pThis->socks + 1; - for(r = res; r != NULL ; r = r->ai_next) { - *s = socket(r->ai_family, r->ai_socktype, r->ai_protocol); - if (*s < 0) { - if(!(r->ai_family == PF_INET6 && errno == EAFNOSUPPORT)) - dbgprintf("creating tcp listen socket"); - /* it is debatable if PF_INET with EAFNOSUPPORT should - * also be ignored... - */ - continue; - } - -#ifdef IPV6_V6ONLY - if (r->ai_family == AF_INET6) { - int iOn = 1; - if (setsockopt(*s, IPPROTO_IPV6, IPV6_V6ONLY, - (char *)&iOn, sizeof (iOn)) < 0) { - close(*s); - *s = -1; - continue; - } - } -#endif - if(setsockopt(*s, SOL_SOCKET, SO_REUSEADDR, (char *) &on, sizeof(on)) < 0 ) { - dbgprintf("error %d setting tcp socket option\n", errno); - close(*s); - *s = -1; - continue; - } - - /* We use non-blocking IO! */ - if((sockflags = fcntl(*s, F_GETFL)) != -1) { - sockflags |= O_NONBLOCK; - /* SETFL could fail too, so get it caught by the subsequent - * error check. - */ - sockflags = fcntl(*s, F_SETFL, sockflags); - } - if(sockflags == -1) { - dbgprintf("error %d setting fcntl(O_NONBLOCK) on tcp socket", errno); - close(*s); - *s = -1; - continue; - } - - - - /* We need to enable BSD compatibility. Otherwise an attacker - * could flood our log files by sending us tons of ICMP errors. - */ -#ifndef BSD - if(net.should_use_so_bsdcompat()) { - if (setsockopt(*s, SOL_SOCKET, SO_BSDCOMPAT, - (char *) &on, sizeof(on)) < 0) { - errmsg.LogError(NO_ERRCODE, "TCP setsockopt(BSDCOMPAT)"); - close(*s); - *s = -1; - continue; - } - } -#endif - - if( (bind(*s, r->ai_addr, r->ai_addrlen) < 0) -#ifndef IPV6_V6ONLY - && (errno != EADDRINUSE) -#endif - ) { - dbgprintf("error %d while binding tcp socket", errno); - close(*s); - *s = -1; - continue; - } - - if(listen(*s,pThis->iSessMax / 10 + 5) < 0) { - /* If the listen fails, it most probably fails because we ask - * for a too-large backlog. So in this case we first set back - * to a fixed, reasonable, limit that should work. Only if - * that fails, too, we give up. - */ - dbgprintf("listen with a backlog of %d failed - retrying with default of 32.", - pThis->iSessMax / 10 + 5); - if(listen(*s, 32) < 0) { - dbgprintf("tcp listen error %d, suspending\n", errno); - close(*s); - *s = -1; - continue; - } - } - - (*pThis->socks)++; - s++; - } - - if(res != NULL) - freeaddrinfo(res); - - if(*pThis->socks != maxs) - dbgprintf("We could initialize %d RELP TCP listen sockets out of %d we received " - "- this may or may not be an error indication.\n", *pThis->socks, maxs); - - if(*pThis->socks == 0) { - dbgprintf("No RELP TCP listen socket could successfully be initialized, " - "message reception via RELP disabled.\n"); - free(pThis->socks); - ABORT_FINALIZE(RS_RET_COULD_NOT_BIND); - } + CHKiRet(pThis->Drvr.LstnInit(pThis->pDrvrData, pLstnPort)); finalize_it: RETiRet; @@ -438,13 +227,11 @@ finalize_it: * rgerhards, 2008-03-17 */ static rsRetVal -Rcv(netstrm_t *pThis, uchar *pRcvBuf, ssize_t *pLenBuf) +Rcv(netstrm_t *pThis, uchar *pBuf, ssize_t *pLenBuf) { DEFiRet; ISOBJ_TYPE_assert(pThis, netstrm); - - *pLenBuf = recv(pThis->sock, pRcvBuf, *pLenBuf, MSG_DONTWAIT); - + iRet = pThis->Drvr.Rcv(pThis->pDrvrData, pBuf, pLenBuf); RETiRet; } @@ -458,27 +245,9 @@ Rcv(netstrm_t *pThis, uchar *pRcvBuf, ssize_t *pLenBuf) static rsRetVal Send(netstrm_t *pThis, uchar *pBuf, ssize_t *pLenBuf) { - ssize_t written; DEFiRet; ISOBJ_TYPE_assert(pThis, netstrm); - - written = send(pThis->sock, pBuf, *pLenBuf, 0); - - if(written == -1) { - switch(errno) { - case EAGAIN: - case EINTR: - /* this is fine, just retry... */ - written = 0; - break; - default: - ABORT_FINALIZE(RS_RET_IO_ERROR); - break; - } - } - - *pLenBuf = written; -finalize_it: + iRet = pThis->Drvr.Send(pThis->pDrvrData, pBuf, pLenBuf); RETiRet; } @@ -489,42 +258,11 @@ finalize_it: static rsRetVal Connect(netstrm_t *pThis, int family, uchar *port, uchar *host) { - struct addrinfo *res = NULL; - struct addrinfo hints; - DEFiRet; ISOBJ_TYPE_assert(pThis, netstrm); assert(port != NULL); assert(host != NULL); - assert(pThis->sock == -1); - - memset(&hints, 0, sizeof(hints)); - hints.ai_family = family; - hints.ai_socktype = SOCK_STREAM; - if(getaddrinfo((char*)host, (char*)port, &hints, &res) != 0) { - dbgprintf("error %d in getaddrinfo\n", errno); - ABORT_FINALIZE(RS_RET_IO_ERROR); - } - - if((pThis->sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol)) == -1) { - ABORT_FINALIZE(RS_RET_IO_ERROR); - } - - if(connect(pThis->sock, res->ai_addr, res->ai_addrlen) != 0) { - ABORT_FINALIZE(RS_RET_IO_ERROR); - } - -finalize_it: - if(res != NULL) - freeaddrinfo(res); - - if(iRet != RS_RET_OK) { - if(pThis->sock != -1) { - close(pThis->sock); - pThis->sock = -1; - } - } - + iRet = pThis->Drvr.Connect(pThis->pDrvrData, family, port, host); RETiRet; } @@ -547,7 +285,7 @@ CODESTARTobjQueryInterface(netstrm) pIf->Destruct = netstrmDestruct; pIf->AbortDestruct = AbortDestruct; pIf->LstnInit = LstnInit; - pIf->AcceptConnReq = AcceptConnReq; + // TODO: add later: pIf->AcceptConnReq = AcceptConnReq; pIf->Rcv = Rcv; pIf->Send = Send; pIf->Connect = Connect; diff --git a/runtime/netstrm.h b/runtime/netstrm.h index 7f267a364..75b7c4576 100644 --- a/runtime/netstrm.h +++ b/runtime/netstrm.h @@ -24,21 +24,21 @@ #ifndef INCLUDED_NETSTRM_H #define INCLUDED_NETSTRM_H +#include "nsd.h" /* we need our driver interface to be defined */ + /* the netstrm object */ struct netstrm_s { BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */ - uchar *pRemHostIP; /**< IP address of remote peer (currently used in server mode, only) */ - uchar *pRemHostName; /**< host name of remote peer (currently used in server mode, only) */ - int sock; /**< the socket we use for regular, single-socket, operations */ - int *socks; /**< the socket(s) we use for listeners, element 0 has nbr of socks */ - int iSessMax; /**< maximum number of sessions permitted */ + nsd_if_t Drvr; /**< our stream driver */ + nsd_t *pDrvrData; /**< the driver's data elements */ + uchar *pDrvrName; /**< nsd driver name to use, or NULL if system default */ }; -/* interfaces */ +/* interface */ BEGINinterface(netstrm) /* name must also be changed in ENDinterface macro! */ rsRetVal (*Construct)(netstrm_t **ppThis); - rsRetVal (*ConstructFinalize)(netstrm_t __attribute__((unused)) *pThis); + rsRetVal (*ConstructFinalize)(netstrm_t *pThis); rsRetVal (*Destruct)(netstrm_t **ppThis); rsRetVal (*AbortDestruct)(netstrm_t **ppThis); rsRetVal (*LstnInit)(netstrm_t *pThis, unsigned char *pLstnPort); diff --git a/runtime/nsd.h b/runtime/nsd.h new file mode 100644 index 000000000..52c36dcfe --- /dev/null +++ b/runtime/nsd.h @@ -0,0 +1,48 @@ +/* The interface definition for "NetStream Drivers" (nsd). + * + * This is just an abstract driver interface, which needs to be + * implemented by concrete classes. As such, no nsd data type itself + * is defined. + * + * Copyright 2008 Rainer Gerhards and Adiscon GmbH. + * + * This file is part of the rsyslog runtime library. + * + * The rsyslog runtime library is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * The rsyslog runtime library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the rsyslog runtime library. If not, see . + * + * A copy of the GPL can be found in the file "COPYING" in this distribution. + * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution. + */ + +#ifndef INCLUDED_NSD_H +#define INCLUDED_NSD_H + +/* nsd_t is actually obj_t (which is somewhat better than void* but in essence + * much the same). + */ + +/* interface */ +BEGINinterface(nsd) /* name must also be changed in ENDinterface macro! */ + rsRetVal (*Construct)(nsd_t **ppThis); + rsRetVal (*Destruct)(nsd_t **ppThis); + rsRetVal (*Abort)(nsd_t *pThis); + rsRetVal (*LstnInit)(nsd_t *pThis, unsigned char *pLstnPort); + rsRetVal (*AcceptConnReq)(nsd_t **ppThis, int sock); + rsRetVal (*Rcv)(nsd_t *pThis, uchar *pRcvBuf, ssize_t *pLenBuf); + rsRetVal (*Send)(nsd_t *pThis, uchar *pBuf, ssize_t *pLenBuf); + rsRetVal (*Connect)(nsd_t *pThis, int family, unsigned char *port, unsigned char *host); +ENDinterface(nsd) +#define nsdCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */ + +#endif /* #ifndef INCLUDED_NSD_H */ diff --git a/runtime/nsd_ptcp.c b/runtime/nsd_ptcp.c new file mode 100644 index 000000000..98de58029 --- /dev/null +++ b/runtime/nsd_ptcp.c @@ -0,0 +1,579 @@ +/* nsd_ptcp.c + * + * An implementation of the nsd interface for plain tcp sockets. + * + * Copyright 2007, 2008 Rainer Gerhards and Adiscon GmbH. + * + * This file is part of the rsyslog runtime library. + * + * The rsyslog runtime library is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * The rsyslog runtime library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the rsyslog runtime library. If not, see . + * + * A copy of the GPL can be found in the file "COPYING" in this distribution. + * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution. + */ +#include "config.h" + +#include "rsyslog.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "syslogd-types.h" +#include "module-template.h" +#include "parse.h" +#include "srUtils.h" +#include "obj.h" +#include "errmsg.h" +#include "net.h" +#include "nsd_ptcp.h" + +MODULE_TYPE_LIB + +/* static data */ +DEFobjStaticHelpers +DEFobjCurrIf(errmsg) +DEFobjCurrIf(glbl) +DEFobjCurrIf(net) + + +/* Standard-Constructor + */ +BEGINobjConstruct(nsd_ptcp) /* be sure to specify the object type also in END macro! */ + pThis->sock = -1; + pThis->iSessMax = 500; /* default max nbr of sessions -TODO:make configurable--rgerhards, 2008-04-17*/ +ENDobjConstruct(nsd_ptcp) + + +/* destructor for the nsd_ptcp object */ +BEGINobjDestruct(nsd_ptcp) /* be sure to specify the object type also in END and CODESTART macros! */ + int i; +CODESTARTobjDestruct(nsd_pctp) + if(pThis->sock != -1) { + close(pThis->sock); + pThis->sock = -1; + } + + if(pThis->socks != NULL) { + /* if we have some sockets at this stage, we need to close them */ + for(i = 1 ; i <= pThis->socks[0] ; ++i) + close(pThis->socks[i]); + free(pThis->socks); + } + + if(pThis->pRemHostIP != NULL) + free(pThis->pRemHostIP); + if(pThis->pRemHostName != NULL) + free(pThis->pRemHostName); +ENDobjDestruct(nsd_ptcp) + + +/* abort a connection. This is meant to be called immediately + * before the Destruct call. -- rgerhards, 2008-03-24 + */ +static rsRetVal +Abort(nsd_t *pNsd) +{ + struct linger ling; + nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd; + + DEFiRet; + ISOBJ_TYPE_assert((pThis), nsd_ptcp); + + if((pThis)->sock != -1) { + ling.l_onoff = 1; + ling.l_linger = 0; + if(setsockopt((pThis)->sock, SOL_SOCKET, SO_LINGER, &ling, sizeof(ling)) < 0 ) { + dbgprintf("could not set SO_LINGER, errno %d\n", errno); + } + } + + RETiRet; +} + + +/* Set pRemHost based on the address provided. This is to be called upon accept()ing + * a connection request. It must be provided by the socket we received the + * message on as well as a NI_MAXHOST size large character buffer for the FQDN. + * Please see http://www.hmug.org/man/3/getnameinfo.php (under Caveats) + * for some explanation of the code found below. If we detect a malicious + * hostname, we return RS_RET_MALICIOUS_HNAME and let the caller decide + * on how to deal with that. + * rgerhards, 2008-03-31 + */ +static rsRetVal +FillRemHost(nsd_ptcp_t *pThis, struct sockaddr *pAddr) +{ + int error; + uchar szIP[NI_MAXHOST] = ""; + uchar szHname[NI_MAXHOST] = ""; + struct addrinfo hints, *res; + size_t len; + + DEFiRet; + ISOBJ_TYPE_assert(pThis, nsd_ptcp); + assert(pAddr != NULL); + + error = getnameinfo(pAddr, SALEN(pAddr), (char*)szIP, sizeof(szIP), NULL, 0, NI_NUMERICHOST); + + if(error) { + dbgprintf("Malformed from address %s\n", gai_strerror(error)); + strcpy((char*)szHname, "???"); + strcpy((char*)szIP, "???"); + ABORT_FINALIZE(RS_RET_INVALID_HNAME); + } + + if(!glbl.GetDisableDNS()) { + error = getnameinfo(pAddr, SALEN(pAddr), (char*)szHname, NI_MAXHOST, NULL, 0, NI_NAMEREQD); + if(error == 0) { + memset (&hints, 0, sizeof (struct addrinfo)); + hints.ai_flags = AI_NUMERICHOST; + hints.ai_socktype = SOCK_STREAM; + /* we now do a lookup once again. This one should fail, + * because we should not have obtained a non-numeric address. If + * we got a numeric one, someone messed with DNS! + */ + if(getaddrinfo((char*)szHname, NULL, &hints, &res) == 0) { + freeaddrinfo (res); + /* OK, we know we have evil, so let's indicate this to our caller */ + snprintf((char*)szHname, NI_MAXHOST, "[MALICIOUS:IP=%s]", szIP); + dbgprintf("Malicious PTR record, IP = \"%s\" HOST = \"%s\"", szIP, szHname); + iRet = RS_RET_MALICIOUS_HNAME; + } + } else { + strcpy((char*)szHname, (char*)szIP); + } + } else { + strcpy((char*)szHname, (char*)szIP); + } + + /* We now have the names, so now let's allocate memory and store them permanently. + * (side note: we may hold on to these values for quite a while, thus we trim their + * memory consumption) + */ + len = strlen((char*)szIP) + 1; /* +1 for \0 byte */ + if((pThis->pRemHostIP = malloc(len)) == NULL) + ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); + memcpy(pThis->pRemHostIP, szIP, len); + + len = strlen((char*)szHname) + 1; /* +1 for \0 byte */ + if((pThis->pRemHostName = malloc(len)) == NULL) { + free(pThis->pRemHostIP); /* prevent leak */ + pThis->pRemHostIP = NULL; + ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); + } + memcpy(pThis->pRemHostName, szHname, len); + +finalize_it: + RETiRet; +} + + + +/* accept an incoming connection request, sock provides the socket on which we can + * accept the new session. + * rgerhards, 2008-03-17 + */ +static rsRetVal +AcceptConnReq(nsd_t **ppThis, int sock) +{ + int sockflags; + struct sockaddr_storage addr; + socklen_t addrlen = sizeof(addr); + nsd_ptcp_t *pThis = NULL; + int iNewSock = -1; + + DEFiRet; + assert(ppThis != NULL); + + iNewSock = accept(sock, (struct sockaddr*) &addr, &addrlen); + if(iNewSock < 0) { + ABORT_FINALIZE(RS_RET_ACCEPT_ERR); + } + + /* construct our object so that we can use it... */ + CHKiRet(nsd_ptcpConstruct(&pThis)); + + CHKiRet(FillRemHost(pThis, (struct sockaddr*) &addr)); + + /* set the new socket to non-blocking IO */ + if((sockflags = fcntl(iNewSock, F_GETFL)) != -1) { + sockflags |= O_NONBLOCK; + /* SETFL could fail too, so get it caught by the subsequent + * error check. + */ + sockflags = fcntl(iNewSock, F_SETFL, sockflags); + } + if(sockflags == -1) { + dbgprintf("error %d setting fcntl(O_NONBLOCK) on tcp socket %d", errno, iNewSock); + ABORT_FINALIZE(RS_RET_IO_ERROR); + } + + pThis->sock = iNewSock; + + *ppThis = (nsd_t*) pThis; + +finalize_it: + if(iRet != RS_RET_OK) { + if(pThis != NULL) + nsd_ptcpDestruct(&pThis); + /* the close may be redundant, but that doesn't hurt... */ + if(iNewSock >= 0) + close(iNewSock); + } + + RETiRet; +} + + +/* initialize the tcp socket for a listner + * pLstnPort must point to a port name or number. NULL is NOT permitted + * (hint: we need to be careful when we use this module together with librelp, + * there NULL indicates the default port + * default is used. + * gerhards, 2008-03-17 + */ +static rsRetVal +LstnInit(nsd_t *pNsd, uchar *pLstnPort) +{ + nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd; + struct addrinfo hints, *res, *r; + int error, maxs, *s, on = 1; + int sockflags; + + DEFiRet; + ISOBJ_TYPE_assert(pThis, nsd_ptcp); + assert(pLstnPort != NULL); + + dbgprintf("creating tcp listen socket on port %s\n", pLstnPort); + + memset(&hints, 0, sizeof(hints)); + hints.ai_flags = AI_PASSIVE; + hints.ai_family = glbl.GetDefPFFamily(); + hints.ai_socktype = SOCK_STREAM; + + error = getaddrinfo(NULL, (char*) pLstnPort, &hints, &res); + if(error) { + dbgprintf("error %d querying port '%s'\n", error, pLstnPort); + ABORT_FINALIZE(RS_RET_INVALID_PORT); + } + + /* Count max number of sockets we may open */ + for(maxs = 0, r = res; r != NULL ; r = r->ai_next, maxs++) + /* EMPTY */; + pThis->socks = malloc((maxs+1) * sizeof(int)); + if (pThis->socks == NULL) { + dbgprintf("couldn't allocate memory for TCP listen sockets, suspending RELP message reception."); + freeaddrinfo(res); + ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); + } + + *pThis->socks = 0; /* num of sockets counter at start of array */ + s = pThis->socks + 1; + for(r = res; r != NULL ; r = r->ai_next) { + *s = socket(r->ai_family, r->ai_socktype, r->ai_protocol); + if (*s < 0) { + if(!(r->ai_family == PF_INET6 && errno == EAFNOSUPPORT)) + dbgprintf("creating tcp listen socket"); + /* it is debatable if PF_INET with EAFNOSUPPORT should + * also be ignored... + */ + continue; + } + +#ifdef IPV6_V6ONLY + if (r->ai_family == AF_INET6) { + int iOn = 1; + if (setsockopt(*s, IPPROTO_IPV6, IPV6_V6ONLY, + (char *)&iOn, sizeof (iOn)) < 0) { + close(*s); + *s = -1; + continue; + } + } +#endif + if(setsockopt(*s, SOL_SOCKET, SO_REUSEADDR, (char *) &on, sizeof(on)) < 0 ) { + dbgprintf("error %d setting tcp socket option\n", errno); + close(*s); + *s = -1; + continue; + } + + /* We use non-blocking IO! */ + if((sockflags = fcntl(*s, F_GETFL)) != -1) { + sockflags |= O_NONBLOCK; + /* SETFL could fail too, so get it caught by the subsequent + * error check. + */ + sockflags = fcntl(*s, F_SETFL, sockflags); + } + if(sockflags == -1) { + dbgprintf("error %d setting fcntl(O_NONBLOCK) on tcp socket", errno); + close(*s); + *s = -1; + continue; + } + + + + /* We need to enable BSD compatibility. Otherwise an attacker + * could flood our log files by sending us tons of ICMP errors. + */ +#ifndef BSD + if(net.should_use_so_bsdcompat()) { + if (setsockopt(*s, SOL_SOCKET, SO_BSDCOMPAT, + (char *) &on, sizeof(on)) < 0) { + errmsg.LogError(NO_ERRCODE, "TCP setsockopt(BSDCOMPAT)"); + close(*s); + *s = -1; + continue; + } + } +#endif + + if( (bind(*s, r->ai_addr, r->ai_addrlen) < 0) +#ifndef IPV6_V6ONLY + && (errno != EADDRINUSE) +#endif + ) { + dbgprintf("error %d while binding tcp socket", errno); + close(*s); + *s = -1; + continue; + } + + if(listen(*s,pThis->iSessMax / 10 + 5) < 0) { + /* If the listen fails, it most probably fails because we ask + * for a too-large backlog. So in this case we first set back + * to a fixed, reasonable, limit that should work. Only if + * that fails, too, we give up. + */ + dbgprintf("listen with a backlog of %d failed - retrying with default of 32.", + pThis->iSessMax / 10 + 5); + if(listen(*s, 32) < 0) { + dbgprintf("tcp listen error %d, suspending\n", errno); + close(*s); + *s = -1; + continue; + } + } + + (*pThis->socks)++; + s++; + } + + if(res != NULL) + freeaddrinfo(res); + + if(*pThis->socks != maxs) + dbgprintf("We could initialize %d RELP TCP listen sockets out of %d we received " + "- this may or may not be an error indication.\n", *pThis->socks, maxs); + + if(*pThis->socks == 0) { + dbgprintf("No RELP TCP listen socket could successfully be initialized, " + "message reception via RELP disabled.\n"); + free(pThis->socks); + ABORT_FINALIZE(RS_RET_COULD_NOT_BIND); + } + +finalize_it: + RETiRet; +} + + +/* receive data from a tcp socket + * The lenBuf parameter must contain the max buffer size on entry and contains + * the number of octets read (or -1 in case of error) on exit. This function + * never blocks, not even when called on a blocking socket. That is important + * for client sockets, which are set to block during send, but should not + * block when trying to read data. If *pLenBuf is -1, an error occured and + * errno holds the exact error cause. + * rgerhards, 2008-03-17 + */ +static rsRetVal +Rcv(nsd_t *pNsd, uchar *pRcvBuf, ssize_t *pLenBuf) +{ + DEFiRet; + nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd; + ISOBJ_TYPE_assert(pThis, nsd_ptcp); + + *pLenBuf = recv(pThis->sock, pRcvBuf, *pLenBuf, MSG_DONTWAIT); + + RETiRet; +} + + +/* send a buffer. On entry, pLenBuf contains the number of octets to + * write. On exit, it contains the number of octets actually written. + * If this number is lower than on entry, only a partial buffer has + * been written. + * rgerhards, 2008-03-19 + */ +static rsRetVal +Send(nsd_t *pNsd, uchar *pBuf, ssize_t *pLenBuf) +{ + nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd; + ssize_t written; + DEFiRet; + ISOBJ_TYPE_assert(pThis, nsd_ptcp); + + written = send(pThis->sock, pBuf, *pLenBuf, 0); + + if(written == -1) { + switch(errno) { + case EAGAIN: + case EINTR: + /* this is fine, just retry... */ + written = 0; + break; + default: + ABORT_FINALIZE(RS_RET_IO_ERROR); + break; + } + } + + *pLenBuf = written; +finalize_it: + RETiRet; +} + + +/* open a connection to a remote host (server). + * rgerhards, 2008-03-19 + */ +static rsRetVal +Connect(nsd_t *pNsd, int family, uchar *port, uchar *host) +{ + nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd; + struct addrinfo *res = NULL; + struct addrinfo hints; + + DEFiRet; + ISOBJ_TYPE_assert(pThis, nsd_ptcp); + assert(port != NULL); + assert(host != NULL); + assert(pThis->sock == -1); + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = family; + hints.ai_socktype = SOCK_STREAM; + if(getaddrinfo((char*)host, (char*)port, &hints, &res) != 0) { + dbgprintf("error %d in getaddrinfo\n", errno); + ABORT_FINALIZE(RS_RET_IO_ERROR); + } + + if((pThis->sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol)) == -1) { + ABORT_FINALIZE(RS_RET_IO_ERROR); + } + + if(connect(pThis->sock, res->ai_addr, res->ai_addrlen) != 0) { + ABORT_FINALIZE(RS_RET_IO_ERROR); + } + +finalize_it: + if(res != NULL) + freeaddrinfo(res); + + if(iRet != RS_RET_OK) { + if(pThis->sock != -1) { + close(pThis->sock); + pThis->sock = -1; + } + } + + RETiRet; +} + + +/* queryInterface function */ +BEGINobjQueryInterface(nsd_ptcp) +CODESTARTobjQueryInterface(nsd_ptcp) + if(pIf->ifVersion != nsdCURR_IF_VERSION) {/* check for current version, increment on each change */ + ABORT_FINALIZE(RS_RET_INTERFACE_NOT_SUPPORTED); + } + + /* ok, we have the right interface, so let's fill it + * Please note that we may also do some backwards-compatibility + * work here (if we can support an older interface version - that, + * of course, also affects the "if" above). + */ + pIf->Construct = (rsRetVal(*)(nsd_t**)) nsd_ptcpConstruct; + pIf->Destruct = (rsRetVal(*)(nsd_t**)) nsd_ptcpDestruct; + pIf->Abort = Abort; + pIf->LstnInit = LstnInit; + pIf->AcceptConnReq = AcceptConnReq; + pIf->Rcv = Rcv; + pIf->Send = Send; + pIf->Connect = Connect; +finalize_it: +ENDobjQueryInterface(nsd_ptcp) + + +/* exit our class + */ +BEGINObjClassExit(nsd_ptcp, OBJ_IS_LOADABLE_MODULE) /* CHANGE class also in END MACRO! */ +CODESTARTObjClassExit(nsd_ptcp) + /* release objects we no longer need */ + objRelease(net, CORE_COMPONENT); + objRelease(glbl, CORE_COMPONENT); + objRelease(errmsg, CORE_COMPONENT); +ENDObjClassExit(nsd_ptcp) + + +/* Initialize the nsd_ptcp class. Must be called as the very first method + * before anything else is called inside this class. + * rgerhards, 2008-02-19 + */ +BEGINObjClassInit(nsd_ptcp, 1, OBJ_IS_LOADABLE_MODULE) /* class, version */ + /* request objects we use */ + CHKiRet(objUse(errmsg, CORE_COMPONENT)); + CHKiRet(objUse(glbl, CORE_COMPONENT)); + CHKiRet(objUse(net, CORE_COMPONENT)); + + /* set our own handlers */ +ENDObjClassInit(nsd_ptcp) + + +/* --------------- here now comes the plumbing that makes as a library module --------------- */ + + +BEGINmodExit +CODESTARTmodExit + nsd_ptcpClassExit(); +ENDmodExit + + +BEGINqueryEtryPt +CODESTARTqueryEtryPt +CODEqueryEtryPt_STD_LIB_QUERIES +ENDqueryEtryPt + + +BEGINmodInit() +CODESTARTmodInit + *ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */ + + /* Initialize all classes that are in our module - this includes ourselfs */ + CHKiRet(nsd_ptcpClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */ +ENDmodInit +/* vi:set ai: + */ diff --git a/runtime/nsd_ptcp.h b/runtime/nsd_ptcp.h new file mode 100644 index 000000000..d48483148 --- /dev/null +++ b/runtime/nsd_ptcp.h @@ -0,0 +1,48 @@ +/* An implementation of the nsd interface for plain tcp sockets. + * + * Copyright 2007, 2008 Rainer Gerhards and Adiscon GmbH. + * + * This file is part of the rsyslog runtime library. + * + * The rsyslog runtime library is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * The rsyslog runtime library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the rsyslog runtime library. If not, see . + * + * A copy of the GPL can be found in the file "COPYING" in this distribution. + * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution. + */ + +#ifndef INCLUDED_NSD_PTCP_H +#define INCLUDED_NSD_PTCP_H + +#include "nsd.h" +typedef nsd_if_t nsd_ptcp_if_t; /* we just *implement* this interface */ + +/* the nsd_ptcp object */ +struct nsd_ptcp_s { + BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */ + uchar *pRemHostIP; /**< IP address of remote peer (currently used in server mode, only) */ + uchar *pRemHostName; /**< host name of remote peer (currently used in server mode, only) */ + int sock; /**< the socket we use for regular, single-socket, operations */ + int *socks; /**< the socket(s) we use for listeners, element 0 has nbr of socks */ + int iSessMax; /**< maximum number of sessions permitted */ +}; + +/* interface is defined in nsd.h, we just implement it! */ + +/* prototypes */ +PROTOTYPEObj(nsd_ptcp); + +/* the name of our library binary */ +#define LM_NSD_PTCP_FILENAME "lmnsd_ptcp" + +#endif /* #ifndef INCLUDED_NSD_PTCP_H */ diff --git a/runtime/obj-types.h b/runtime/obj-types.h index e245b633a..e3df72393 100644 --- a/runtime/obj-types.h +++ b/runtime/obj-types.h @@ -81,13 +81,13 @@ struct objInfo_s { }; -typedef struct obj { /* the dummy struct that each derived class can be casted to */ +struct obj_s { /* the dummy struct that each derived class can be casted to */ objInfo_t *pObjInfo; #ifndef NDEBUG /* this means if debug... */ unsigned int iObjCooCKiE; /* must always be 0xBADEFEE for a valid object */ #endif uchar *pszName; /* the name of *this* specific object instance */ -} obj_t; +}; /* macros which must be gloablly-visible (because they are used during definition of diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h index 7ed989c5d..f78240066 100644 --- a/runtime/rsyslog.h +++ b/runtime/rsyslog.h @@ -61,9 +61,12 @@ /* define some base data types */ typedef unsigned char uchar;/* get rid of the unhandy "unsigned char" */ typedef struct thrdInfo thrdInfo_t; +typedef struct obj_s obj_t; typedef struct filed selector_t;/* TODO: this so far resides in syslogd.c, think about modularization */ typedef struct NetAddr netAddr_t; typedef struct netstrm_s netstrm_t; +typedef struct nsd_ptcp_s nsd_ptcp_t; +typedef obj_t nsd_t; typedef struct msg msg_t; typedef struct interface_s interface_t; typedef struct objInfo_s objInfo_t; diff --git a/tools/omfwd.c b/tools/omfwd.c index e7b5dcd75..3a2fe37fb 100644 --- a/tools/omfwd.c +++ b/tools/omfwd.c @@ -253,6 +253,8 @@ static rsRetVal TCPSendInit(void *pvData) assert(pData != NULL); if(pData->pNetstrm == NULL) { CHKiRet(netstrm.Construct(&pData->pNetstrm)); + /* here we may set another netstream driver (e.g. to do TLS) */ + CHKiRet(netstrm.ConstructFinalize(pData->pNetstrm)); CHKiRet(netstrm.Connect(pData->pNetstrm, glbl.GetDefPFFamily(), (uchar*)pData->port, (uchar*)pData->f_hname)); }