- Add support to split tls commands by semicolon.
- Changed one test with multiple tls commands to use semicolon as
seperator instead of newline.
closes: https://github.com/rsyslog/rsyslog/issues/4852
The zstd library provides better and faster compression than zlib.
This patch integrates zstd as a dynamically-loadable functionality.
As such, no further dependencies need to be added to the rsyslog
base package.
Due to the increased performance, usage of zstd is highly recommended
for high-volume use cases.
This patch also refactor zlib compression in order to unify handling
in both compression cases.
This is a cosmetic issue, only seen during debug logging. We actually
cannot fix it, as it would alter runtime behaviour too much and would
pontentially render debug runs useless. It also causes no harm.
This change allows to include extra CA files
so that no "unable to get issuer certificates" issue
is obtained when using chained cert files.
Proposed new parameter name is "NetstreamDriverCAExtraFiles"
fixes#4851
Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
We do not use a mutex an epd, but we do always access it in
pure sequence. Adding a mutex just to cover this "cosmetic"
would result in uncesseary performance penalty.
Matrix feature was initially barely usable because github did not permit
to restart just failed jobs. This has changed. So we now migrate back to
the use of matrix feature where it is useful.
We also reduce the number of plain compile tests to newest and oldest
compiler version only. This saves CI ressources. The important other
ones (distro default!) are used during other CI tests anyways.
We also fix some minor coding errors detected by new compiler builds.
None of them seems to be related to any real issues.
We disable ElasticSearch strict security in testbench, as
we do not need it for test runs, and it complicates thing.s
Note: this does NOT introduce a security weakness, because we use
only temporary testing ES instances which are always immediately
discarded after the test AND are run in our own test env with
user permissions.
Allow omitting the _type field by setting it to an empty string.
Setting this field has been deprecated since 6.0, and support will
be removed in 8.0
Also add testbench test for empty searchType with ES 7.0
This checks for messages in the deprecation log and also provides
avoids deprecation messages from usage of transport.tcp.port in the
test configuration
This patch slightly improves performance for tcpsrv-based servers.
This affects imtcp and imgssapi as well as some helpers.
No other functional change is included in this patch.
Testcase sndrcv_tls_certless_ossl_client.sh was not finished
and was not used by testbench. Newer tests replaced its test usage.
See testcases sndrcv_tls_gtls_serveranon*.sh and
sndrcv_tls_ossl_serveranon*.sh
closes: https://github.com/rsyslog/rsyslog/issues/4853
If the IPv6 is in non-recommended form followed by a 5 digit port number, it
is not anonymized.
A reproducer for this is: 1a00:c820:1180:c84c::ad3f:d991:ec2e:49255
closes https://github.com/rsyslog/rsyslog/issues/4856
There was a rare possibility that the E_AGAIN/E_INTERRUPT handling
could cause an infinite loop (100% CPU Usage), for example when a TLS
handshake is interrupted at a certain stage.
- After gnutls_record_recv is called, and E_AGAIN/E_INTERRUPT error
occurs, we need to do additional read/write direction handling
with gnutls_record_get_direction.
- After the second call of gnutls_record_recv (Expand buffer)
we needed to also check the eror codes for E_AGAIN/E_INTERRUPT
to do propper errorhandling.
- Add extra debug output based on ossl driver.
- Potential fix for 100% CPU Loop Receiveloop after gtlsRecordRecv
in doRetry call.
see also: https://github.com/rsyslog/rsyslog/issues/4818
When action.errorfile.maxsize configuration
option is enabled and error file already has a
certain size smaller than max size configured,
it is increasing higher than configured max
size as the error file is considered
to be zero in code.
This fix reads current error file size and
limits the size to the maximum size configured
fixes#4821
Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
action.errorfile.maxsize has been added to enable
option to limit the amount of bytes dumped to
configured errorfile
fixes#4733
Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
The order of execution was changed to a less optimal (more startups,
thus slower) order to work-around a testbench issue. This has been
fixed and so we can restore the original order.
When bulkmode is enabled, and a batch was processed without any
failures (errors is false), the code that increments the indexSuccess
impstats counter was never reached. As fix, we obtain the numitems
first and add them to the indexSuccess impstats counter if
errors is false.
This fix may solve some of the random elasticsearch testbench failures.
closes: https://github.com/rsyslog/rsyslog/issues/4794
Under io / cpu stress, the OpenSSL tls error can be SSL_ERROR_SYSCALL
instead of SSL_ERROR_SSL. The outcome it the same from the
test perspective.
closes: https://github.com/rsyslog/rsyslog/issues/4784
Happy new years! Add another action parameter `conninfo` that allows specifying
a postgres connection string. This enables us to use any of the postgres connection
parameters, particularly `sslmode` and `sslrootcert`.
Per the postgres docs, this connection string can be a URI or several key-value
pairs. https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
Here's an example:
```
module(load="ompgsql")
action(
type="ompgsql"
conninfo="postgresql://postgres:password@localhost/Syslog?sslmode=require"
)
```
This addresses https://github.com/rsyslog/rsyslog/issues/4741 by allowing the
user to specify ssl options as part of the connection string. `libpq` will take
care of the rest.
This also addresses https://github.com/rsyslog/rsyslog/issues/4698 because
`libpq` is not constrained by MAXHOSTNAMELEN. Long hostnames will work.
`conninfo` can be specified in lieu of the other parameters. `ompgsql` will
prioritize using `conninfo` to connect over the other parameters.
Signed-off-by: Ameer Ghani <inahga@gmail.com>
A JSON object was created (valueObj) but not used and also not
released causing a memory leak. This was properly caused by the
initial copy&paste from serializeBatchKafkaRest.
- Also added a valgrind test for lokirest batchmode
Uncomment "--keep-debuginfo" in testcaseif stack traces
are incomplete
closes: https://github.com/rsyslog/rsyslog/issues/4766
This option is not known by older valgrind versions. As such, it causes
false positives on older platforms. As the option is not necessary
(only helpful for some border cases), we remove it and add a comment
so that it may be enabled when necessary.
