Support added in omfwd as instance parameter:
streamdriver.TlsVerifyDepth
Support added in imtcp as module parameter:
streamdriver.TlsVerifyDepth
Can be 2 or higher.
Support added into ossl driver
Support added into gtls driver
Added testcases for both drivers.
Parameter
streamdriver.TlsVerifyDepth
closes: https://github.com/rsyslog/rsyslog/issues/4035
The burst parameter in the ratelimit was increased to an unsigned int
but the interval remained an unsigned short. While it may be unusual,
there is possibly a chance to need to represent an interval longer than
about 3/4 of a day.
While here, go through and normalize all the various incarnations of
rate limiting to be explicitly unsigned int for the burst and interval.
The TCP server may still have workers running when its main thread
terminates, and the workers may be using state that is liable to disappear
during the shutdown process.
This fixes a segfault in hashtable_insert() which will occur if a worker
thread processes a connection while rsyslog is shutting down, and attempts
to use the DNS cache after it has been deinitialized (and the hashtable
destroyed) by dnscacheDeinit().
Signed-off-by: John Brooks <jbrooks@ciena.com>
wrkrRunning only gets incremented when a work item is issued, so the worker
shouldn't decrement it when terminating without a work item.
Fixes: 47982120408e ("work around clang static analyzer false positives")
Signed-off-by: John Brooks <jbrooks@ciena.com>
Ideally, the TCP server is terminated cleanly via the non-cancel path, but
it's possible for this to time out and have the thread be forcibly
cancelled. Install a cancellation handler to clean up Run() in case this
happens.
Signed-off-by: John Brooks <jbrooks@ciena.com>
This commit adds to new flags which can be set to allow
1) checking of extendedKeyUsage certificate field
2) stricter checking of certificate name/adresses
if the tcpsrv component is started and quickly terminated, it may hang
for a short period of time. Also a very small amout of memory is leaked
immediately before shutdown. While this leak is irrelevant in practice
(the OS clean up the process anyways), it leads to CI failures. The hang,
however, can lead to longer than expected shutdown times for rsyslog.
The problem can be experienced via imtcp, imgssapi and imdiag (users
of affected core component).
... because they were treated as module-global. If we had multiple imtcp
listeners with multiple port files, only the last filename was always used.
closes https://github.com/rsyslog/rsyslog/issues/3817
this parameter was added, but it had no effect as it was not
passed down to the driver layer. This has been fixed. That also
now enables us to use dynamically-assigned port, which are
very useful for further testbench stabilization. Quite some
false positives occurred because the pre-selected port was
already in use again when rsyslog started.
The new Option can have one of the following values:
on = Expired certificates are allowed
off = Expired certificates are not allowed
warn = Expired certificates are allowed but warning will be logged (Default)
Includes necessary tests to validate new code.
closes https://github.com/rsyslog/rsyslog/issues/3364
When rsyslog is not run as a service (under SRC control), HUP does not
awake the main loop timeout. In theory, it should do so, but in practice
this does not happen. As a work-around we now implement a kind of
ressource-saving busy waiting where we awake every half second to check
if HUP (or something else noteworthy) happened. This should not cause
any real issue in any case, because running rsyslog as a non-service
is very uncommon and probably only happens during testbench runs.
closes https://github.com/rsyslog/rsyslog/issues/2997
Until now when port 0 was specified in imtcp, imgssapi or imdiag,
it was automatically changed to 514 in tcpsrv.
Imtcp and imgssapi accept port 0, but only if parameter listenPortFileName
(imgssapi: inputgsslistenportfilename) is specified. Otherwise it will
still change the port.
Imdiag always accepts 0 as a port and will create a socket with a random
port.
managing the case of FROMHOST value.
Usage:
module(load="imudp" [preservecase="on"|"off"])
module(load="imtdp" [preservecase="on"|"off"])
If preservecase="on", FROMHOST value is handled in the case sensitive manner.
If preservecase="off", FROMHOST value is handled in the case insensitive manner.
To maintain the current behaviour, the default value of preservecase is
"on" for imtcp and "off" for imudp.
Incremented tcpsrvCURR_IF_VERSION by 1.
References:
https://github.com/rsyslog/rsyslog/pull/2774https://bugzilla.redhat.com/show_bug.cgi?id=1309698
During shutdown of a tcpsrv, a race could occur, resulting in
a hang on shutdown of rsyslog as whole.
Detected via valgrind's helgrind thread debugger.
small leak, can theoretically occur during rsyslog startup; will not
grow afterwards. Prime trigger would be out of process memory, which is
fatal in any case if it already occurs on startup.
Deteced by Coverity scan, CID 185322
The variable priorityString was not used when rsyslog acted as the
server and the defaults were always set. Now the priorityString
is used when specified.
fixes https://github.com/rsyslog/rsyslog/issues/1722
