Split the module parameter docs into standalone reference pages and
replace the inline tables with list tables that include the summaries.
Add the hidden toctree for the new parameter files.
Provide different file name for zookeeper tar - it looks like apache
changed the name (not sure, but it worked previously).
Also now cached the file on rsyslog.com, so that we have reliable
access even on name change or apache download rate-limiting.
Admins often report "gibberish" when a TLS-enabled sender connects to a
plain imtcp port. Making the mismatch explicit reduces operator confusion
and support churn, and points directly to remediation.
Impact: logs one explicit error per mismatched connection; no change to
parsing or transport on plain listeners.
Before/After: before, ClientHello bytes were ingested as binary with no
hint; after, imtcp detects a TLS ClientHello on ptcp and logs a clear
message with a troubleshooting URL.
Technically, we add a small per-session probe in tcps_sess_t and sample
the first 5 bytes of new sessions. If the record header matches a TLS
handshake (type 0x16, version 0x03.00–0x04, length 40–16384) and the
listener is plain TCP (streamDriver.mode=0), we emit a single error and
disable further probing for that session. The probe is called from
DataRcvd() and returns RS_RET_SERVER_NO_TLS when triggered; the session
is otherwise left untouched.
Runtime: introduce RS_RET_SERVER_NO_TLS (-2465) to tag the condition.
Docs: add imtcp troubleshooting section and a dedicated FAQ page.
Tests/tools: add test imtcp-tls-gibberish.sh and extend tcpflood with
-H to send only a ClientHello (OpenSSL and GnuTLS paths tolerate early
termination and non-blocking I/O for this mode).
This commit introduces cross-platform helper scripts to streamline the
rsyslog documentation build process and updates the build instructions
for better user experience.
Changes:
- Add build-doc-linux.sh: Linux helper script with virtual environment
management, pip bootstrapping, and flexible build options
- Add build-doc-windows.ps1: Windows PowerShell script with equivalent
functionality for Windows environments
- Update doc/BUILDS_README.md: Add quick links and simplified build
instructions for maintainers
- Update doc/README.md: Add Linux distribution package installation
instructions and quickstart guide with helper script usage
Key features:
- Automatic virtual environment creation and management
- Fallback support for systems without python3-venv (uses virtualenv)
- Cross-platform compatibility (Linux/Windows)
- Support for multiple output formats (HTML, EPUB)
- Strict mode option for treating warnings as errors
- Automatic pip bootstrapping for environments without ensurepip
- Clean build option to remove previous build artifacts
The scripts handle common pain points in documentation builds:
- Missing python3-venv package on some distributions
- Missing pip in virtual environments
- Complex manual setup procedures
- Platform-specific differences
This improves the contributor experience by providing one-command
documentation builds while maintaining backward compatibility with
manual setup procedures.
Co-authored-by: alorbach <alorbach@adiscon.com>
AI-Agent: Cursor
Add comprehensive macOS CI support with two new GitHub Actions workflows:
- run_macos.yml: PR-triggered CI with matrix strategy covering macOS 13-15,
x64/arm64 architectures, and sanitizer combinations (none, ASAN, TSAN)
- run_macos_weekly.yml: Scheduled weekly testing with full matrix coverage
and automated failure reporting via GitHub issues
Enhance test diagnostics in tests/diag.sh:
- Add separate startup timeout handling for valgrind vs normal runs
- Implement immediate crash detection during rsyslog startup
- Add comprehensive core dump analysis with platform-specific debuggers
- Improve macOS-specific error reporting and system information gathering
- Add disk space monitoring to prevent core dump creation failures
- tests/kafka: give unique names in sndrcv_kafka_multi_topics
Rename the second omkafka action to a distinct name (kafka-fwd-2).
Using the same action name twice can lead to only one effective
publisher with newer builds, which caused
tests/sndrcv_kafka_multi_topics.sh to publish to a single topic and
fail the final count check.
Fix macOS-specific test issues:
- Skip failing TCP tests on Darwin due to TCP chunking behavior
- Add maxframesize parameter to imptcp tests for better reliability
The CI workflows include proper sanitizer configuration, core dump handling,
disk space management, and comprehensive error reporting to improve
debugging capabilities on macOS platforms.
Impact: Enables continuous testing on macOS, improves test reliability,
and provides better diagnostics for platform-specific issues.
Fixes: https://github.com/rsyslog/rsyslog/issues/5629
Refs: https://github.com/rsyslog/rsyslog/pull/5635
Refs: https://github.com/Homebrew/homebrew-core/issues/221869
Refs: https://github.com/Homebrew/homebrew-core/issues/226378
Add kafkaHeader parameter to define key/value pairs
that are attached as headers to every produced message.
Require librdkafka v0.11 for header support. Update
configure checks, docs and add a regression test.
closes: https://github.com/rsyslog/rsyslog/issues/5185
With help of AI-Agent: OpenAI ChatGPT
The AC_CHECK_PROG macro requires a value-if-found parameter
and an optional value-if-not-found parameter
Fix by adding the value-if-found parameter
Also handle the situation where there's no libgcrypt.pc
file for libgcrypt versions before 1.8.4
Improve discoverability of rsyslog-specific AI helpers for users and
contributors. This supports onboarding and troubleshooting and aligns
with the project's AI-first strategy.
Impact: docs-only; adds a new page under Getting Started navigation.
there was "workaround" introduced in the container which prevented
to detect some issues in libgrypt-related code. This was probably done
to get newer version in dev env without the need to adapt code to
broken libgrypt API level in new version.
That prevented issues in https://github.com/rsyslog/rsyslog/pull/5406
to be deteced.
We are redesigning the new user onboarding doc. This commit
provides very first experience documentation. Some is duplicate
content to the previous version, which we keep for now.
A cleanup will follow later. We want to gain some feedback first.
Thus the early merge.
Handle post-handshake KeyUpdate by driving a minimal non-blocking read when the
TLS library requests READ during Send(). This prevents stalls when servers send
TLS 1.3 KeyUpdate and aligns behavior with RFC 8446 §4.6.3.
- nsd_ossl.c: SSL_ERROR_WANT_READ => small SSL_read(), then retry write
- nsd_gtls.c: E_AGAIN/E_INTERRUPTED with READ direction => small gnutls_record_recv(), then retry write
Backward-compatible and only active when the TLS stack signals a need to read.
closes: https://github.com/rsyslog/rsyslog/issues/5627
This builds on "PR#6121 net: Add NetworkNamespace APIS"
to add Network Namespace support to imtcp module. This
extends imtcp to support a wider range of Unix/Linux
environments (or any environment supporting network
namespaces).
The imtcp module is enhanced to accept a NetworkNamespace
parameter, both as a default at the module level, and
on a per-instance basis.
The tcpsrv module is enhanced to allow the NetworkNamespace
to be applied to a listener's configuration parameters.
Finally, the netstrm module is enhanced to switch namespaces
before invoking the downstream (driver specific) LstnInit
function.
A new test imtcp-netns (and associated imtcp-netns-vg) is
added to test this functionality. This must be run as root
(technically it must be run by a user with CAP_SYS_ADMIN
capabilities, as network namespace creating/change is
required).
A slight change to diag.sh is made to allow passing $RS_REDIR
to valgrind (as $RS_REDIR is used in the imtcp-netns.sh
test for some negative cases).
Signed-off-by: Billie Alsup <balsup@cisco.com>
most importantly, header file now includes comments that enable
tooltip-like behaviour in IDEs. Also includes antipaterns, which
is useful for developers and hopefully also for AI to detect
them e.g. in code reviews (and get it right in AI-generated code).
This moves NetworkNamespace functionality into
the net module. This allows the same code to
be reused across multiple tools and plugins.
The first usage is with omfwd, which is changed
to use the common net implementation. Note
the net implementation is based on the original
omfwd implementation. Subsequent PRs will be
opened for integrating this into omuxsock and
imtcp.
The original test case tcp_forwarding_ns_tpl.sh
was broken due to use of single quotes rather
than double quotes, thus preventing the proper
port number argument to be passed to the
listener. Note this test must be run as
root.
Development has occurred across Fedora41 and
Fedora42, which uses glibc 2.40 and glibc2.41
respectively. The valgrind suppressions are
updated to handle new glibc issues
accordingly.
Four new functions are callable through the
net module. These allow one to save a handle
to the current namespace, switch to a new
namespace by name, and restore the namespace
from the saved handle. A fourth higher
level wrapper is used to open a socket in
a named network namespace, and handles the
invocation of the lower level functions.
Ideally this would be the only public
function, however it simplifies integration
into imtcp in the future (which doesn't
directly open sockets). This may change
in the future as network namespaces are
integrated into more modules and plugins.
Signed-off-by: Billie Alsup <balsup@cisco.com>
