netstrm: optimized interface for passing connection err info

2025-12-16 09:50:40 +01:00 · 2025-05-12 12:13:44 +02:00 · 2025-05-12 12:13:44 +02:00 · dd6621672a
commit dd6621672a
parent 35d26fdd9c
9 changed files with 84 additions and 120 deletions
--- a/plugins/imgssapi/imgssapi.c
+++ b/plugins/imgssapi/imgssapi.c
@ -75,7 +75,7 @@ static rsRetVal actGSSListener(uchar *port);
 static int TCPSessGSSInit(void);
 static void TCPSessGSSClose(tcps_sess_t* pSess);
 static rsRetVal TCPSessGSSRecv(tcps_sess_t *pSess, void *buf, size_t buf_len, ssize_t *);
-static rsRetVal onSessAccept(tcpsrv_t *pThis, tcps_sess_t *ppSess);
+static rsRetVal onSessAccept(tcpsrv_t *pThis, tcps_sess_t *pSess, ATTR_UNUSED char *connInfo);
 static rsRetVal OnSessAcceptGSS(tcpsrv_t *pThis, tcps_sess_t *ppSess);

 /* static data */
@ -199,7 +199,7 @@ isPermittedHost(struct sockaddr *addr, char *fromHostFQDN, void *pUsrSrv, void*p


 static rsRetVal
-onSessAccept(tcpsrv_t *pThis, tcps_sess_t *pSess)
+onSessAccept(tcpsrv_t *pThis, tcps_sess_t *pSess, ATTR_UNUSED char *connInfo)
 {
 	DEFiRet;
 	gsssrv_t *pGSrv;
--- a/runtime/netstrm.c
+++ b/runtime/netstrm.c
@ -113,7 +113,7 @@ finalize_it:
 * rgerhards, 2008-04-21
 */
 static rsRetVal
-AcceptConnReq(netstrm_t *pThis, netstrm_t **ppNew)
+AcceptConnReq(netstrm_t *pThis, netstrm_t **ppNew, char *const connInfo)
 {
 	nsd_t *pNewNsd = NULL;
 	DEFiRet;
@ -122,7 +122,7 @@ AcceptConnReq(netstrm_t *pThis, netstrm_t **ppNew)
 	assert(ppNew != NULL);

 	/* accept the new connection */
-	CHKiRet(pThis->Drvr.AcceptConnReq(pThis->pDrvrData, &pNewNsd));
+	CHKiRet(pThis->Drvr.AcceptConnReq(pThis->pDrvrData, &pNewNsd, connInfo));
 	/* construct our object so that we can use it... */
 	CHKiRet(objUse(netstrms, DONT_LOAD_LIB)); /* use netstrms obj if not already done so */
 	CHKiRet(netstrms.CreateStrm(pThis->pNS, ppNew));
--- a/runtime/netstrm.h
+++ b/runtime/netstrm.h
@ -44,7 +44,7 @@ BEGINinterface(netstrm) /* name must also be changed in ENDinterface macro! */
 	rsRetVal (*ConstructFinalize)(netstrm_t *pThis);
 	rsRetVal (*Destruct)(netstrm_t **ppThis);
 	rsRetVal (*AbortDestruct)(netstrm_t **ppThis);
-	rsRetVal (*AcceptConnReq)(netstrm_t *pThis, netstrm_t **ppNew);
+	rsRetVal (*AcceptConnReq)(netstrm_t *pThis, netstrm_t **ppNew, char *connInfo);
 	rsRetVal (*Rcv)(netstrm_t *pThis, uchar *pRcvBuf, ssize_t *pLenBuf, int *oserr, unsigned *nextIODirection);
 	rsRetVal (*Send)(netstrm_t *pThis, uchar *pBuf, ssize_t *pLenBuf);
 	rsRetVal (*Connect)(netstrm_t *pThis, int family, unsigned char *port, unsigned char *host, char *device);
--- a/runtime/nsd.h
+++ b/runtime/nsd.h
@ -45,7 +45,7 @@ BEGINinterface(nsd) /* name must also be changed in ENDinterface macro! */
 	rsRetVal (*Rcv)(nsd_t *pThis, uchar *pRcvBuf, ssize_t *pLenBuf, int *oserr, unsigned *nextIODirection);
 	rsRetVal (*Send)(nsd_t *pThis, uchar *pBuf, ssize_t *pLenBuf);
 	rsRetVal (*Connect)(nsd_t *pThis, int family, unsigned char *port, unsigned char *host, char *device);
-	rsRetVal (*AcceptConnReq)(nsd_t *pThis, nsd_t **ppThis);
+	rsRetVal (*AcceptConnReq)(nsd_t *pThis, nsd_t **ppThis, char *connInfo);
 	rsRetVal (*GetRemoteHName)(nsd_t *pThis, uchar **pszName);
 	rsRetVal (*GetRemoteIP)(nsd_t *pThis, prop_t **ip);
 	rsRetVal (*SetMode)(nsd_t *pThis, int mode); /* sets a driver specific mode - see driver doc for details */
--- a/runtime/nsd_gtls.c
+++ b/runtime/nsd_gtls.c
@ -1962,49 +1962,13 @@ GetRemoteIP(nsd_t *pNsd, prop_t **ip)
 }


-/**** TEMP for ehanced error message until better solution is found *****/
-static int get_socket_info(int sockfd, char *src_ip_str, int *src_port, char *dest_ip_str, int *dest_port) {
-    struct sockaddr_in local_addr;
-    socklen_t local_addr_len = sizeof(local_addr);
-
-    struct sockaddr_in remote_addr;
-    socklen_t remote_addr_len = sizeof(remote_addr);
-
-    // Get local socket information
-    if (getsockname(sockfd, (struct sockaddr *)&local_addr, &local_addr_len) == -1) {
-        perror("getsockname in get_socket_info");
-        return -1;
-    }
-
-    if (inet_ntop(AF_INET, &local_addr.sin_addr, src_ip_str, INET_ADDRSTRLEN) == NULL) {
-        perror("inet_ntop (local IP) in get_socket_info");
-        return -1;
-    }
-    *src_port = ntohs(local_addr.sin_port);
-
-    // Get remote peer information
-    if (getpeername(sockfd, (struct sockaddr *)&remote_addr, &remote_addr_len) == -1) {
-        perror("getpeername in get_socket_info");
-        return -1;
-    }
-
-    if (inet_ntop(AF_INET, &remote_addr.sin_addr, dest_ip_str, INET_ADDRSTRLEN) == NULL) {
-        perror("inet_ntop (remote IP) in get_socket_info");
-        return -1;
-    }
-    *dest_port = ntohs(remote_addr.sin_port);
-
-    return 0; // Success
-}
-/**** END TEMP for ehanced error message until better solution is found *****/
-
 /* accept an incoming connection request - here, we do the usual accept
 * handling. TLS specific handling is done thereafter (and if we run in TLS
 * mode at this time).
 * rgerhards, 2008-04-25
 */
 static rsRetVal
-AcceptConnReq(nsd_t *pNsd, nsd_t **ppNew)
+AcceptConnReq(nsd_t *pNsd, nsd_t **ppNew, char *const connInfo)
 {
 	DEFiRet;
 	int gnuRet;
@ -2012,18 +1976,11 @@ AcceptConnReq(nsd_t *pNsd, nsd_t **ppNew)
 	nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd;
 	const char *error_position = NULL;

-int have_ip = 0;
-char src_ip_str[INET_ADDRSTRLEN]; // Buffer to hold the IP address string
-int  src_port;
-char dest_ip_str[INET_ADDRSTRLEN]; // Buffer to hold the IP address string
-int  dest_port;
-
 	ISOBJ_TYPE_assert((pThis), nsd_gtls);
 	CHKiRet(nsd_gtlsConstruct(&pNew)); // TODO: prevent construct/destruct!
 	CHKiRet(nsd_ptcp.Destruct(&pNew->pTcp));
-	CHKiRet(nsd_ptcp.AcceptConnReq(pThis->pTcp, &pNew->pTcp));
+	CHKiRet(nsd_ptcp.AcceptConnReq(pThis->pTcp, &pNew->pTcp, connInfo));

-have_ip = !get_socket_info(((nsd_ptcp_t*) pNew->pTcp)->sock, src_ip_str, &src_port, dest_ip_str, &dest_port);

 	if(pThis->iMode == 0) {
 		/* we are in non-TLS mode, so we are done */
@ -2113,14 +2070,9 @@ have_ip = !get_socket_info(((nsd_ptcp_t*) pNew->pTcp)->sock, src_ip_str, &src_po

 finalize_it:
 	if(iRet != RS_RET_OK) {
-if (error_position != NULL) {
-	dbgprintf("AcceptConnReq error_position=%s\n", error_position);
-}
-if(have_ip) {
-	LogError(0, iRet, "nsd_gtls failed "
-		"to process incoming connection from remote peer %s:%d to %s:%d with error %d",
-		dest_ip_str, dest_port, src_ip_str, src_port, iRet);
-}
+		if (error_position != NULL) {
+			dbgprintf("AcceptConnReq error_position=%s\n", error_position);
+		}

 		if(pNew != NULL)
 			nsd_gtlsDestruct(&pNew);
--- a/runtime/nsd_ossl.c
+++ b/runtime/nsd_ossl.c
@ -977,41 +977,6 @@ finalize_it:
 	RETiRet;
 }

-/**** TEMP for ehanced error message until better solution is found *****/
-static int get_socket_info(int sockfd, char *src_ip_str, int *src_port, char *dest_ip_str, int *dest_port) {
-    struct sockaddr_in local_addr;
-    socklen_t local_addr_len = sizeof(local_addr);
-
-    struct sockaddr_in remote_addr;
-    socklen_t remote_addr_len = sizeof(remote_addr);
-
-    // Get local socket information
-    if (getsockname(sockfd, (struct sockaddr *)&local_addr, &local_addr_len) == -1) {
-        perror("getsockname in get_socket_info");
-        return -1;
-    }
-
-    if (inet_ntop(AF_INET, &local_addr.sin_addr, src_ip_str, INET_ADDRSTRLEN) == NULL) {
-        perror("inet_ntop (local IP) in get_socket_info");
-        return -1;
-    }
-    *src_port = ntohs(local_addr.sin_port);
-
-    // Get remote peer information
-    if (getpeername(sockfd, (struct sockaddr *)&remote_addr, &remote_addr_len) == -1) {
-        perror("getpeername in get_socket_info");
-        return -1;
-    }
-
-    if (inet_ntop(AF_INET, &remote_addr.sin_addr, dest_ip_str, INET_ADDRSTRLEN) == NULL) {
-        perror("inet_ntop (remote IP) in get_socket_info");
-        return -1;
-    }
-    *dest_port = ntohs(remote_addr.sin_port);
-
-    return 0; // Success
-}
-/**** END TEMP for ehanced error message until better solution is found *****/

 /* accept an incoming connection request - here, we do the usual accept
 * handling. TLS specific handling is done thereafter (and if we run in TLS
@ -1019,26 +984,17 @@ static int get_socket_info(int sockfd, char *src_ip_str, int *src_port, char *de
 * rgerhards, 2008-04-25
 */
 static rsRetVal
-AcceptConnReq(nsd_t *pNsd, nsd_t **ppNew)
+AcceptConnReq(nsd_t *pNsd, nsd_t **ppNew, char *const connInfo)
 {
 	DEFiRet;
 	nsd_ossl_t *pNew = NULL;
 	nsd_ossl_t *pThis = (nsd_ossl_t*) pNsd;

-int have_ip = 0;
-char src_ip_str[INET_ADDRSTRLEN]; // Buffer to hold the IP address string
-int  src_port;
-char dest_ip_str[INET_ADDRSTRLEN]; // Buffer to hold the IP address string
-int  dest_port;
-
 	ISOBJ_TYPE_assert((pThis), nsd_ossl);
 	CHKiRet(nsd_osslConstruct(&pNew));
 	CHKiRet(nsd_ptcp.Destruct(&pNew->pTcp));
 	dbgprintf("AcceptConnReq for [%p]: Accepting connection ... \n", (void *)pThis);
-	CHKiRet(nsd_ptcp.AcceptConnReq(pThis->pTcp, &pNew->pTcp));
-
-
-have_ip = !get_socket_info(((nsd_ptcp_t*) pNew->pTcp)->sock, src_ip_str, &src_port, dest_ip_str, &dest_port);
+	CHKiRet(nsd_ptcp.AcceptConnReq(pThis->pTcp, &pNew->pTcp, connInfo));

 	if(pThis->iMode == 0) {
 		/*we are in non-TLS mode, so we are done */
@ -1072,11 +1028,6 @@ finalize_it:
 			iRet, pNew, pNew->rtryCall);
 	}
 	if(iRet != RS_RET_OK) {
-if(have_ip) {
-	LogError(0, iRet, "nsd_ossl failed "
-		"to process incoming connection from remote peer %s:%d to %s:%d with error %d",
-		dest_ip_str, dest_port, src_ip_str, src_port, iRet);
-}
 		if(pNew != NULL) {
 			nsd_osslDestruct(&pNew);
 		}
--- a/runtime/nsd_ptcp.c
+++ b/runtime/nsd_ptcp.c
@ -452,11 +452,66 @@ finalize_it:
 }


+/* obtain connection info as soon as we are connected */
+static void
+get_socket_info(const int sockfd, char *const connInfo)
+{
+	char local_ip_str[INET_ADDRSTRLEN]; // Buffer to hold the IP address string
+	int  local_port = -1;
+	char local_port_str[8];
+	char remote_ip_str[INET_ADDRSTRLEN]; // Buffer to hold the IP address string
+	int  remote_port = -1;
+	char remote_port_str[8];
+	struct sockaddr_in local_addr;
+	socklen_t local_addr_len = sizeof(local_addr);
+
+	struct sockaddr_in remote_addr;
+	socklen_t remote_addr_len = sizeof(remote_addr);
+
+	/* local system info */
+	local_addr.sin_port = 0; /* just to keep clang static analyzer happy */
+	if(getsockname(sockfd, (struct sockaddr *)&local_addr, &local_addr_len) == -1) {
+		strcpy(local_ip_str, "?");
+	} else {
+		if (inet_ntop(AF_INET, &local_addr.sin_addr, local_ip_str, INET_ADDRSTRLEN) == NULL) {
+			strcpy(local_ip_str, "?");
+		}
+		local_port = ntohs(local_addr.sin_port);
+	}
+
+	/* remote system info */
+	remote_addr.sin_port = 0; /* just to keep clang static analyzer happy */
+	if(getpeername(sockfd, (struct sockaddr *)&remote_addr, &remote_addr_len) == -1) {
+		strcpy(remote_ip_str, "?");
+	} else {
+		if (inet_ntop(AF_INET, &remote_addr.sin_addr, remote_ip_str, INET_ADDRSTRLEN) == NULL) {
+			strcpy(remote_ip_str, "?");
+		}
+		remote_port = ntohs(remote_addr.sin_port);
+	}
+	
+	if(local_port == -1) {
+		strcpy(local_port_str, "?");
+	} else {
+		snprintf(local_port_str, 7, "%d", local_port);
+		local_port_str[7] = '\0'; /* be on safe side */
+	}
+	if(remote_port == -1) {
+		strcpy(remote_port_str, "?");
+	} else {
+		snprintf(remote_port_str, 7, "%d", remote_port);
+		remote_port_str[7] = '\0'; /* be on safe side */
+	}
+	snprintf(connInfo, TCPSRV_CONNINFO_SIZE, "from %s:%s to %s:%s",
+		remote_ip_str, remote_port_str, local_ip_str, local_port_str);
+}
+
+
 /* accept an incoming connection request
 * rgerhards, 2008-04-22
 */
 static rsRetVal
-AcceptConnReq(nsd_t *pNsd, nsd_t **ppNew)
+AcceptConnReq(nsd_t *pNsd, nsd_t **ppNew, char *const connInfo)
 {
 	int sockflags;
 	nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd;
@ -481,6 +536,8 @@ AcceptConnReq(nsd_t *pNsd, nsd_t **ppNew)
 		ABORT_FINALIZE(RS_RET_ACCEPT_ERR);
 	}

+	get_socket_info(iNewSock, connInfo);
+
 	/* construct our object so that we can use it... */
 	CHKiRet(nsd_ptcpConstruct(&pNew));

--- a/runtime/tcpsrv.c
+++ b/runtime/tcpsrv.c
@ -682,7 +682,8 @@ finalize_it:
 * rgerhards, 2008-03-02
 */
 static rsRetVal
-SessAccept(tcpsrv_t *const pThis, tcpLstnPortList_t *const pLstnInfo, tcps_sess_t **ppSess, netstrm_t *pStrm)
+SessAccept(tcpsrv_t *const pThis, tcpLstnPortList_t *const pLstnInfo, tcps_sess_t **ppSess,
+	netstrm_t *pStrm, char *const connInfo)
 {
 	DEFiRet;
 	tcps_sess_t *pSess = NULL;
@ -696,7 +697,7 @@ SessAccept(tcpsrv_t *const pThis, tcpLstnPortList_t *const pLstnInfo, tcps_sess_
 	ISOBJ_TYPE_assert(pThis, tcpsrv);
 	assert(pLstnInfo != NULL);

-	CHKiRet(netstrm.AcceptConnReq(pStrm, &pNewStrm));
+	CHKiRet(netstrm.AcceptConnReq(pStrm, &pNewStrm, connInfo));

 	/* Add to session list */
 	iSess = TCPSessTblFindFreeSpot(pThis);
@ -763,7 +764,7 @@ SessAccept(tcpsrv_t *const pThis, tcpLstnPortList_t *const pLstnInfo, tcps_sess_

 	/* check if we need to call our callback */
 	if(pThis->pOnSessAccept != NULL) {
-		CHKiRet(pThis->pOnSessAccept(pThis, pSess));
+		CHKiRet(pThis->pOnSessAccept(pThis, pSess, connInfo));
 	}

 	*ppSess = pSess;
@ -994,10 +995,11 @@ doSingleAccept(tcpsrv_io_descr_t *const pioDescr)
 	tcpsrv_io_descr_t *pDescrNew = NULL;
 	const int idx = pioDescr->id;
 	tcpsrv_t *const pThis = pioDescr->pSrv;
+	char connInfo[TCPSRV_CONNINFO_SIZE] = "\0";
 	DEFiRet;

 	DBGPRINTF("New connect on NSD %p.\n", pThis->ppLstn[idx]);
-	iRet = SessAccept(pThis, pThis->ppLstnPort[idx], &pNewSess, pThis->ppLstn[idx]);
+	iRet = SessAccept(pThis, pThis->ppLstnPort[idx], &pNewSess, pThis->ppLstn[idx], connInfo);
 	if(iRet == RS_RET_NO_MORE_DATA) {
 		goto no_more_data;
 	}
@ -1028,8 +1030,9 @@ finalize_it:
 	if(iRet != RS_RET_OK) {
 		const tcpLstnParams_t *cnf_params = pThis->ppLstnPort[idx]->cnf_params;
 		LogError(0, iRet, "tcpsrv listener (inputname: '%s') failed "
-			"to process incoming connection with error %d",
-			(cnf_params->pszInputName == NULL) ? (uchar*)"*UNSET*" : cnf_params->pszInputName, iRet);
+			"to process incoming connection %s with error %d",
+			(cnf_params->pszInputName == NULL) ? (uchar*)"*UNSET*" : cnf_params->pszInputName,
+			connInfo, iRet);
 		if(pDescrNew != NULL) {
 			DESTROY_ATOMIC_HELPER_MUT(pDescrNew->mut_isInError);
 			free(pDescrNew);
@ -1660,7 +1663,7 @@ SetCBOnListenDeinit(tcpsrv_t *pThis, rsRetVal (*pCB)(void*))
 }

 static rsRetVal
-SetCBOnSessAccept(tcpsrv_t *pThis, rsRetVal (*pCB)(tcpsrv_t*, tcps_sess_t*))
+SetCBOnSessAccept(tcpsrv_t *pThis, rsRetVal (*pCB)(tcpsrv_t*, tcps_sess_t*, char*))
 {
 	DEFiRet;
 	pThis->pOnSessAccept = pCB;
--- a/runtime/tcpsrv.h
+++ b/runtime/tcpsrv.h
@ -179,7 +179,8 @@ struct tcpsrv_s {
 	rsRetVal (*pOnRegularClose)(tcps_sess_t *pSess);
 	rsRetVal (*pOnErrClose)(tcps_sess_t *pSess);
 	/* session specific callbacks */
-	rsRetVal (*pOnSessAccept)(tcpsrv_t *, tcps_sess_t*);
+	rsRetVal (*pOnSessAccept)(tcpsrv_t *, tcps_sess_t*, char *connInfo);
+	#define TCPSRV_CONNINFO_SIZE (2 * (INET_ADDRSTRLEN + 20))
 	rsRetVal (*OnSessConstructFinalize)(void*);
 	rsRetVal (*pOnSessDestruct)(void*);
 	rsRetVal (*OnMsgReceive)(tcps_sess_t *, uchar *pszMsg, int iLenMsg); /* submit message callback */
@ -224,7 +225,7 @@ BEGINinterface(tcpsrv) /* name must also be changed in ENDinterface macro! */
 	rsRetVal (*SetDrvrPermitExpiredCerts)(tcpsrv_t *pThis, uchar *pszMode);
 	rsRetVal (*SetDrvrPermPeers)(tcpsrv_t *pThis, permittedPeers_t*);
 	/* session specifics */
-	rsRetVal (*SetCBOnSessAccept)(tcpsrv_t*, rsRetVal (*) (tcpsrv_t*, tcps_sess_t*));
+	rsRetVal (*SetCBOnSessAccept)(tcpsrv_t*, rsRetVal (*) (tcpsrv_t*, tcps_sess_t*, char*));
 	rsRetVal (*SetCBOnSessDestruct)(tcpsrv_t*, rsRetVal (*) (void*));
 	rsRetVal (*SetCBOnSessConstructFinalize)(tcpsrv_t*, rsRetVal (*) (void*));
 	/* added v5 */