/**
* collectd - src/network.c
- * Copyright (C) 2005-2008 Florian octo Forster
+ * Copyright (C) 2005-2009 Florian octo Forster
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
# include <poll.h>
#endif
+#if HAVE_GCRYPT_H
+# include <gcrypt.h>
+#endif
+
/* 1500 - 40 - 8 = Ethernet packet - IPv6 header - UDP header */
/* #define BUFF_SIZE 1452 */
# endif
#endif /* !IP_ADD_MEMBERSHIP */
+/* Buffer size to allocate. */
#define BUFF_SIZE 1024
/*
+ * Maximum size required for encryption / signing:
+ * Type/length: 4
+ * IV 16
+ * Hash/orig length: 22
+ * Padding (up to): 15
+ * --------------------
+ * 57
+ */
+#define BUFF_SIG_SIZE 57
+
+/*
* Private data types
*/
typedef struct sockent
int fd;
struct sockaddr_storage *addr;
socklen_t addrlen;
+
+#define SECURITY_LEVEL_NONE 0
+#if HAVE_GCRYPT_H
+# define SECURITY_LEVEL_SIGN 1
+# define SECURITY_LEVEL_ENCRYPT 2
+ int security_level;
+ char *shared_secret;
+ unsigned char shared_secret_hash[32];
+ gcry_cipher_hd_t cypher;
+#endif /* HAVE_GCRYPT_H */
+
struct sockent *next;
} sockent_t;
};
typedef struct part_values_s part_values_t;
+/* 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-------------------------------+-------------------------------+
+ * ! Type ! Length !
+ * +-------------------------------+-------------------------------+
+ * ! Hash (Bits 0 - 31) !
+ * : : :
+ * ! Hash (Bits 224 - 255) !
+ * +---------------------------------------------------------------+
+ */
+struct part_signature_sha256_s
+{
+ part_header_t head;
+ unsigned char hash[32];
+};
+typedef struct part_signature_sha256_s part_signature_sha256_t;
+
+/* 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-------------------------------+-------------------------------+
+ * ! Type ! Length !
+ * +-------------------------------+-------------------------------+
+ * ! Original length ! Padding (0 - 15 bytes) !
+ * +-------------------------------+-------------------------------+
+ * ! Hash (Bits 0 - 31) !
+ * : : :
+ * ! Hash (Bits 128 - 159) !
+ * +---------------------------------------------------------------+
+ */
+/* Size without padding */
+#define PART_ENCRYPTION_AES256_SIZE 42
+#define PART_ENCRYPTION_AES256_UNENCR_SIZE 20
+struct part_encryption_aes256_s
+{
+ part_header_t head;
+ unsigned char iv[16];
+ uint16_t orig_length;
+ unsigned char hash[20];
+ unsigned char padding[15];
+};
+typedef struct part_encryption_aes256_s part_encryption_aes256_t;
+
struct receive_list_entry_s
{
char data[BUFF_SIZE];
int data_len;
+ int fd;
struct receive_list_entry_s *next;
};
typedef struct receive_list_entry_s receive_list_entry_t;
/*
* Private variables
*/
-static const char *config_keys[] =
-{
- "CacheFlush",
- "Listen",
- "Server",
- "TimeToLive",
- "Forward"
-};
-static int config_keys_num = STATIC_ARRAY_SIZE (config_keys);
-
static int network_config_ttl = 0;
static int network_config_forward = 0;
static pthread_mutex_t receive_list_lock = PTHREAD_MUTEX_INITIALIZER;
static pthread_cond_t receive_list_cond = PTHREAD_COND_INITIALIZER;
-static struct pollfd *listen_sockets = NULL;
-static int listen_sockets_num = 0;
-
-static int listen_loop = 0;
-static pthread_t receive_thread_id = 0;
-static pthread_t dispatch_thread_id = 0;
-
-static char send_buffer[BUFF_SIZE];
-static char *send_buffer_ptr;
-static int send_buffer_fill;
-static value_list_t send_buffer_vl = VALUE_LIST_STATIC;
-static char send_buffer_type[DATA_MAX_NAME_LEN];
-static pthread_mutex_t send_buffer_lock = PTHREAD_MUTEX_INITIALIZER;
-
-static c_avl_tree_t *cache_tree = NULL;
+static sockent_t *listen_sockets = NULL;
+static struct pollfd *listen_sockets_pollfd = NULL;
+static int listen_sockets_num = 0;
+
+/* The receive and dispatch threads will run as long as `listen_loop' is set to
+ * zero. */
+static int listen_loop = 0;
+static int receive_thread_running = 0;
+static pthread_t receive_thread_id;
+static int dispatch_thread_running = 0;
+static pthread_t dispatch_thread_id;
+
+/* Buffer in which to-be-sent network packets are constructed. */
+static char send_buffer[BUFF_SIZE];
+static char *send_buffer_ptr;
+static int send_buffer_fill;
+static value_list_t send_buffer_vl = VALUE_LIST_STATIC;
+static pthread_mutex_t send_buffer_lock = PTHREAD_MUTEX_INITIALIZER;
+
+/* In this cache we store all the values we received, so we can send out only
+ * those values which were *not* received via the network plugin, too. This is
+ * used for the `Forward false' option. */
+static c_avl_tree_t *cache_tree = NULL;
static pthread_mutex_t cache_lock = PTHREAD_MUTEX_INITIALIZER;
static time_t cache_flush_last = 0;
static int cache_flush_interval = 1800;
pthread_mutex_unlock (&cache_lock);
- DEBUG ("network plugin: cache_check: key = %s; time = %i; retval = %i",
- key, (int) vl->time, retval);
-
return (retval);
} /* int cache_check */
+#if HAVE_GCRYPT_H
+static gcry_cipher_hd_t network_get_aes256_cypher (sockent_t *se, /* {{{ */
+ const void *iv, size_t iv_size)
+{
+ gcry_error_t err;
+
+ if (se->cypher == NULL)
+ {
+ err = gcry_cipher_open (&se->cypher,
+ GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, /* flags = */ 0);
+ if (err != 0)
+ {
+ ERROR ("network plugin: gcry_cipher_open returned: %s",
+ gcry_strerror (err));
+ se->cypher = NULL;
+ return (NULL);
+ }
+ }
+ else
+ {
+ gcry_cipher_reset (se->cypher);
+ }
+ assert (se->cypher != NULL);
+
+ err = gcry_cipher_setkey (se->cypher,
+ se->shared_secret_hash, sizeof (se->shared_secret_hash));
+ if (err != 0)
+ {
+ ERROR ("network plugin: gcry_cipher_setkey returned: %s",
+ gcry_strerror (err));
+ gcry_cipher_close (se->cypher);
+ se->cypher = NULL;
+ return (NULL);
+ }
+
+ err = gcry_cipher_setiv (se->cypher, iv, iv_size);
+ if (err != 0)
+ {
+ ERROR ("network plugin: gcry_cipher_setkey returned: %s",
+ gcry_strerror (err));
+ gcry_cipher_close (se->cypher);
+ se->cypher = NULL;
+ return (NULL);
+ }
+
+ return (se->cypher);
+} /* }}} int network_get_aes256_cypher */
+#endif /* HAVE_GCRYPT_H */
+
static int write_part_values (char **ret_buffer, int *ret_buffer_len,
const data_set_t *ds, const value_list_t *vl)
{
return (0);
} /* int write_part_string */
-static int parse_part_values (void **ret_buffer, int *ret_buffer_len,
+static int parse_part_values (void **ret_buffer, size_t *ret_buffer_len,
value_t **ret_values, int *ret_num_values)
{
char *buffer = *ret_buffer;
- int buffer_len = *ret_buffer_len;
+ size_t buffer_len = *ret_buffer_len;
uint16_t tmp16;
size_t exp_size;
uint8_t *pkg_types;
value_t *pkg_values;
- if (buffer_len < (15))
+ if (buffer_len < 15)
{
- DEBUG ("network plugin: packet is too short: buffer_len = %i",
- buffer_len);
+ NOTICE ("network plugin: packet is too short: "
+ "buffer_len = %zu", buffer_len);
return (-1);
}
exp_size = 3 * sizeof (uint16_t)
+ pkg_numval * (sizeof (uint8_t) + sizeof (value_t));
- if (buffer_len < exp_size)
+ if ((buffer_len < 0) || (buffer_len < exp_size))
{
WARNING ("network plugin: parse_part_values: "
"Packet too short: "
- "Chunk of size %u expected, "
- "but buffer has only %i bytes left.",
- (unsigned int) exp_size, buffer_len);
+ "Chunk of size %zu expected, "
+ "but buffer has only %zu bytes left.",
+ exp_size, buffer_len);
return (-1);
}
return (0);
} /* int parse_part_values */
-static int parse_part_number (void **ret_buffer, int *ret_buffer_len,
+static int parse_part_number (void **ret_buffer, size_t *ret_buffer_len,
uint64_t *value)
{
char *buffer = *ret_buffer;
- int buffer_len = *ret_buffer_len;
+ size_t buffer_len = *ret_buffer_len;
uint16_t tmp16;
uint64_t tmp64;
uint16_t pkg_length;
uint16_t pkg_type;
- if (buffer_len < exp_size)
+ if ((buffer_len < 0) || ((size_t) buffer_len < exp_size))
{
WARNING ("network plugin: parse_part_number: "
"Packet too short: "
- "Chunk of size %u expected, "
- "but buffer has only %i bytes left.",
- (unsigned int) exp_size, buffer_len);
+ "Chunk of size %zu expected, "
+ "but buffer has only %zu bytes left.",
+ exp_size, buffer_len);
return (-1);
}
return (0);
} /* int parse_part_number */
-static int parse_part_string (void **ret_buffer, int *ret_buffer_len,
+static int parse_part_string (void **ret_buffer, size_t *ret_buffer_len,
char *output, int output_len)
{
char *buffer = *ret_buffer;
- int buffer_len = *ret_buffer_len;
+ size_t buffer_len = *ret_buffer_len;
uint16_t tmp16;
size_t header_size = 2 * sizeof (uint16_t);
uint16_t pkg_length;
uint16_t pkg_type;
- if (buffer_len < header_size)
+ if ((buffer_len < 0) || (buffer_len < header_size))
{
WARNING ("network plugin: parse_part_string: "
"Packet too short: "
- "Chunk of at least size %u expected, "
- "but buffer has only %i bytes left.",
- (unsigned int) header_size, buffer_len);
+ "Chunk of at least size %zu expected, "
+ "but buffer has only %zu bytes left.",
+ header_size, buffer_len);
return (-1);
}
{
WARNING ("network plugin: parse_part_string: "
"Packet too big: "
- "Chunk of size %hu received, "
- "but buffer has only %i bytes left.",
+ "Chunk of size %"PRIu16" received, "
+ "but buffer has only %zu bytes left.",
pkg_length, buffer_len);
return (-1);
}
/* Check that the package data fits into the output buffer.
* The previous if-statement ensures that:
* `pkg_length > header_size' */
- if ((pkg_length - header_size) > output_len)
+ if ((output_len < 0)
+ || ((size_t) output_len < ((size_t) pkg_length - header_size)))
{
WARNING ("network plugin: parse_part_string: "
"Output buffer too small.");
return (0);
} /* int parse_part_string */
-static int parse_packet (void *buffer, int buffer_len)
+/* Forward declaration: parse_part_sign_sha256 and parse_part_encr_aes256 call
+ * parse_packet and vice versa. */
+#define PP_SIGNED 0x01
+#define PP_ENCRYPTED 0x02
+static int parse_packet (sockent_t *se,
+ void *buffer, size_t buffer_size, int flags);
+
+#if HAVE_GCRYPT_H
+static int parse_part_sign_sha256 (sockent_t *se, /* {{{ */
+ void **ret_buffer, size_t *ret_buffer_len)
+{
+ char *buffer = *ret_buffer;
+ size_t buffer_len = *ret_buffer_len;
+
+ part_signature_sha256_t ps_received;
+ char hash[sizeof (ps_received.hash)];
+
+ gcry_md_hd_t hd;
+ gcry_error_t err;
+ unsigned char *hash_ptr;
+
+ if (se->shared_secret == NULL)
+ {
+ NOTICE ("network plugin: Received signed network packet but can't verify "
+ "it because no shared secret has been configured. Will accept it.");
+ return (0);
+ }
+
+ if (buffer_len < sizeof (ps_received))
+ return (-ENOMEM);
+
+ hd = NULL;
+ err = gcry_md_open (&hd, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
+ if (err != 0)
+ {
+ ERROR ("network plugin: Creating HMAC-SHA-256 object failed: %s",
+ gcry_strerror (err));
+ return (-1);
+ }
+
+ err = gcry_md_setkey (hd, se->shared_secret,
+ strlen (se->shared_secret));
+ if (err != 0)
+ {
+ ERROR ("network plugin: gcry_md_setkey failed: %s",
+ gcry_strerror (err));
+ gcry_md_close (hd);
+ return (-1);
+ }
+
+ memcpy (&ps_received, buffer, sizeof (ps_received));
+ /* TODO: Check ps_received.head.length! */
+
+ buffer += sizeof (ps_received);
+ buffer_len -= sizeof (ps_received);
+
+ gcry_md_write (hd, buffer, buffer_len);
+ hash_ptr = gcry_md_read (hd, GCRY_MD_SHA256);
+ if (hash_ptr == NULL)
+ {
+ ERROR ("network plugin: gcry_md_read failed.");
+ gcry_md_close (hd);
+ return (-1);
+ }
+ memcpy (hash, hash_ptr, sizeof (hash));
+
+ gcry_md_close (hd);
+ hd = NULL;
+
+ *ret_buffer += sizeof (ps_received);
+ *ret_buffer_len -= sizeof (ps_received);
+
+ if (memcmp (ps_received.hash, hash,
+ sizeof (ps_received.hash)) == 0)
+ return (0);
+ else /* hashes do not match. */
+ return (1);
+} /* }}} int parse_part_sign_sha256 */
+/* #endif HAVE_GCRYPT_H */
+
+#else /* if !HAVE_GCRYPT_H */
+static int parse_part_sign_sha256 (sockent_t *se, /* {{{ */
+ void **ret_buffer, size_t *ret_buffer_len)
+{
+ INFO ("network plugin: Received signed packet, but the network "
+ "plugin was not linked with libgcrypt, so I cannot "
+ "verify the signature. The packet will be accepted.");
+ return (0);
+} /* }}} int parse_part_sign_sha256 */
+#endif /* !HAVE_GCRYPT_H */
+
+#if HAVE_GCRYPT_H
+static int parse_part_encr_aes256 (sockent_t *se, /* {{{ */
+ void **ret_buffer, size_t *ret_buffer_len,
+ int flags)
+{
+ char *buffer = *ret_buffer;
+ size_t buffer_len = *ret_buffer_len;
+ size_t orig_buffer_len;
+ size_t part_size;
+ size_t buffer_offset;
+ size_t padding_size;
+ part_encryption_aes256_t pea;
+ unsigned char hash[sizeof (pea.hash)];
+
+ gcry_cipher_hd_t cypher;
+ gcry_error_t err;
+
+ /* Make sure at least the header if available. */
+ if (buffer_len < sizeof (pea))
+ {
+ NOTICE ("network plugin: parse_part_encr_aes256: "
+ "Discarding short packet.");
+ return (-1);
+ }
+
+ buffer_offset = 0;
+
+#define BUFFER_READ(p,s) do { \
+ memcpy ((p), buffer + buffer_offset, (s)); \
+ buffer_offset += (s); \
+} while (0)
+
+ /* Copy the unencrypted information into `pea'. */
+ BUFFER_READ (&pea.head.type, sizeof (pea.head.type));
+ BUFFER_READ (&pea.head.length, sizeof (pea.head.length));
+ BUFFER_READ (pea.iv, sizeof (pea.iv));
+
+ /* Check the `part size'. */
+ part_size = ntohs (pea.head.length);
+ if (part_size > buffer_len)
+ {
+ NOTICE ("network plugin: parse_part_encr_aes256: "
+ "Discarding large part.");
+ return (-1);
+ }
+
+ cypher = network_get_aes256_cypher (se, pea.iv, sizeof (pea.iv));
+ if (cypher == NULL)
+ return (-1);
+
+ /* Decrypt the packet in-place */
+ err = gcry_cipher_decrypt (cypher,
+ buffer + PART_ENCRYPTION_AES256_UNENCR_SIZE,
+ part_size - PART_ENCRYPTION_AES256_UNENCR_SIZE,
+ /* in = */ NULL, /* in len = */ 0);
+ if (err != 0)
+ {
+ ERROR ("network plugin: gcry_cipher_decrypt returned: %s",
+ gcry_strerror (err));
+ return (-1);
+ }
+
+ /* Figure out the length of the payload and the length of the padding. */
+ BUFFER_READ (&pea.orig_length, sizeof (pea.orig_length));
+
+ orig_buffer_len = ntohs (pea.orig_length);
+ if (orig_buffer_len > (part_size - PART_ENCRYPTION_AES256_SIZE))
+ {
+ ERROR ("network plugin: Decryption failed: Invalid original length.");
+ return (-1);
+ }
+
+ /* Calculate the size of the `padding' field. */
+ padding_size = part_size - (orig_buffer_len + PART_ENCRYPTION_AES256_SIZE);
+ if (padding_size > sizeof (pea.padding))
+ {
+ ERROR ("network plugin: Part- and original length "
+ "differ more than %zu bytes.", sizeof (pea.padding));
+ return (-1);
+ }
+
+ BUFFER_READ (pea.hash, sizeof (pea.hash));
+
+ /* Read the padding. */
+ BUFFER_READ (pea.padding, padding_size);
+
+ /* Check hash sum */
+ memset (hash, 0, sizeof (hash));
+ gcry_md_hash_buffer (GCRY_MD_SHA1, hash,
+ buffer + buffer_offset, orig_buffer_len);
+
+ if (memcmp (hash, pea.hash, sizeof (hash)) != 0)
+ {
+ ERROR ("network plugin: Decryption failed: Checksum mismatch.");
+ return (-1);
+ }
+
+ assert ((PART_ENCRYPTION_AES256_SIZE + padding_size + orig_buffer_len)
+ == part_size);
+
+ parse_packet (se, buffer + PART_ENCRYPTION_AES256_SIZE + padding_size,
+ orig_buffer_len, flags | PP_ENCRYPTED);
+
+ /* Update return values */
+ *ret_buffer = buffer + part_size;
+ *ret_buffer_len = buffer_len - part_size;
+
+ return (0);
+#undef BUFFER_READ
+} /* }}} int parse_part_encr_aes256 */
+/* #endif HAVE_GCRYPT_H */
+
+#else /* if !HAVE_GCRYPT_H */
+static int parse_part_encr_aes256 (sockent_t *se, /* {{{ */
+ void **ret_buffer, size_t *ret_buffer_len, int flags)
+{
+ INFO ("network plugin: Received encrypted packet, but the network "
+ "plugin was not linked with libgcrypt, so I cannot "
+ "decrypt it. The packet will be discarded.");
+ return (-1);
+} /* }}} int parse_part_encr_aes256 */
+#endif /* !HAVE_GCRYPT_H */
+
+static int parse_packet (sockent_t *se, /* {{{ */
+ void *buffer, size_t buffer_size, int flags)
{
int status;
value_list_t vl = VALUE_LIST_INIT;
notification_t n;
- DEBUG ("network plugin: parse_packet: buffer = %p; buffer_len = %i;",
- buffer, buffer_len);
+ int packet_was_signed = (flags & PP_SIGNED);
+#if HAVE_GCRYPT_H
+ int packet_was_encrypted = (flags & PP_ENCRYPTED);
+ int printed_ignore_warning = 0;
+#endif /* HAVE_GCRYPT_H */
+
memset (&vl, '\0', sizeof (vl));
memset (&n, '\0', sizeof (n));
status = 0;
- while ((status == 0) && (0 < buffer_len)
- && ((unsigned int) buffer_len > sizeof (part_header_t)))
+ while ((status == 0) && (0 < buffer_size)
+ && ((unsigned int) buffer_size > sizeof (part_header_t)))
{
uint16_t pkg_length;
uint16_t pkg_type;
pkg_length = ntohs (pkg_length);
pkg_type = ntohs (pkg_type);
- if (pkg_length > buffer_len)
+ if (pkg_length > buffer_size)
break;
/* Ensure that this loop terminates eventually */
if (pkg_length < (2 * sizeof (uint16_t)))
break;
- if (pkg_type == TYPE_VALUES)
+ if (pkg_type == TYPE_ENCR_AES256)
{
- status = parse_part_values (&buffer, &buffer_len,
+ status = parse_part_encr_aes256 (se,
+ &buffer, &buffer_size,
+ flags);
+ if (status != 0)
+ {
+ ERROR ("network plugin: Decrypting AES256 "
+ "part failed "
+ "with status %i.", status);
+ break;
+ }
+ }
+#if HAVE_GCRYPT_H
+ else if ((se->security_level == SECURITY_LEVEL_ENCRYPT)
+ && (packet_was_encrypted == 0))
+ {
+ if (printed_ignore_warning == 0)
+ {
+ INFO ("network plugin: Unencrypted packet or "
+ "part has been ignored.");
+ printed_ignore_warning = 1;
+ }
+ buffer = ((char *) buffer) + pkg_length;
+ continue;
+ }
+#endif /* HAVE_GCRYPT_H */
+ else if (pkg_type == TYPE_SIGN_SHA256)
+ {
+ status = parse_part_sign_sha256 (se, &buffer, &buffer_size);
+ if (status < 0)
+ {
+ ERROR ("network plugin: Verifying HMAC-SHA-256 "
+ "signature failed "
+ "with status %i.", status);
+ break;
+ }
+ else if (status > 0)
+ {
+ ERROR ("network plugin: Ignoring packet with "
+ "invalid HMAC-SHA-256 signature.");
+ break;
+ }
+ else
+ {
+ packet_was_signed = 1;
+ }
+ }
+#if HAVE_GCRYPT_H
+ else if ((se->security_level == SECURITY_LEVEL_SIGN)
+ && (packet_was_encrypted == 0)
+ && (packet_was_signed == 0))
+ {
+ if (printed_ignore_warning == 0)
+ {
+ INFO ("network plugin: Unsigned packet or "
+ "part has been ignored.");
+ printed_ignore_warning = 1;
+ }
+ buffer = ((char *) buffer) + pkg_length;
+ continue;
+ }
+#endif /* HAVE_GCRYPT_H */
+ else if (pkg_type == TYPE_VALUES)
+ {
+ status = parse_part_values (&buffer, &buffer_size,
&vl.values, &vl.values_len);
if (status != 0)
else if (pkg_type == TYPE_TIME)
{
uint64_t tmp = 0;
- status = parse_part_number (&buffer, &buffer_len,
+ status = parse_part_number (&buffer, &buffer_size,
&tmp);
if (status == 0)
{
else if (pkg_type == TYPE_INTERVAL)
{
uint64_t tmp = 0;
- status = parse_part_number (&buffer, &buffer_len,
+ status = parse_part_number (&buffer, &buffer_size,
&tmp);
if (status == 0)
vl.interval = (int) tmp;
}
else if (pkg_type == TYPE_HOST)
{
- status = parse_part_string (&buffer, &buffer_len,
+ status = parse_part_string (&buffer, &buffer_size,
vl.host, sizeof (vl.host));
if (status == 0)
sstrncpy (n.host, vl.host, sizeof (n.host));
}
else if (pkg_type == TYPE_PLUGIN)
{
- status = parse_part_string (&buffer, &buffer_len,
+ status = parse_part_string (&buffer, &buffer_size,
vl.plugin, sizeof (vl.plugin));
if (status == 0)
sstrncpy (n.plugin, vl.plugin,
}
else if (pkg_type == TYPE_PLUGIN_INSTANCE)
{
- status = parse_part_string (&buffer, &buffer_len,
+ status = parse_part_string (&buffer, &buffer_size,
vl.plugin_instance,
sizeof (vl.plugin_instance));
if (status == 0)
}
else if (pkg_type == TYPE_TYPE)
{
- status = parse_part_string (&buffer, &buffer_len,
+ status = parse_part_string (&buffer, &buffer_size,
vl.type, sizeof (vl.type));
if (status == 0)
sstrncpy (n.type, vl.type, sizeof (n.type));
}
else if (pkg_type == TYPE_TYPE_INSTANCE)
{
- status = parse_part_string (&buffer, &buffer_len,
+ status = parse_part_string (&buffer, &buffer_size,
vl.type_instance,
sizeof (vl.type_instance));
if (status == 0)
}
else if (pkg_type == TYPE_MESSAGE)
{
- status = parse_part_string (&buffer, &buffer_len,
+ status = parse_part_string (&buffer, &buffer_size,
n.message, sizeof (n.message));
if (status != 0)
else if (pkg_type == TYPE_SEVERITY)
{
uint64_t tmp = 0;
- status = parse_part_number (&buffer, &buffer_len,
+ status = parse_part_number (&buffer, &buffer_size,
&tmp);
if (status == 0)
n.severity = (int) tmp;
" type: 0x%04hx", pkg_type);
buffer = ((char *) buffer) + pkg_length;
}
- } /* while (buffer_len > sizeof (part_header_t)) */
+ } /* while (buffer_size > sizeof (part_header_t)) */
return (status);
-} /* int parse_packet */
+} /* }}} int parse_packet */
-static void free_sockent (sockent_t *se)
+static void free_sockent (sockent_t *se) /* {{{ */
{
sockent_t *next;
while (se != NULL)
{
next = se->next;
+
+#if HAVE_GCRYPT_H
+ if (se->cypher != NULL)
+ {
+ gcry_cipher_close (se->cypher);
+ se->cypher = NULL;
+ }
+ free (se->shared_secret);
+#endif /* HAVE_GCRYPT_H */
+
free (se->addr);
free (se);
+
se = next;
}
-} /* void free_sockent */
+} /* }}} void free_sockent */
/*
* int network_set_ttl
*/
static int network_set_ttl (const sockent_t *se, const struct addrinfo *ai)
{
+ DEBUG ("network plugin: network_set_ttl: network_config_ttl = %i;",
+ network_config_ttl);
+
if ((network_config_ttl < 1) || (network_config_ttl > 255))
return (-1);
- DEBUG ("ttl = %i", network_config_ttl);
-
if (ai->ai_family == AF_INET)
{
struct sockaddr_in *addr = (struct sockaddr_in *) ai->ai_addr;
return (0);
} /* int network_bind_socket */
-static sockent_t *network_create_socket (const char *node,
+#define CREATE_SOCKET_FLAGS_LISTEN 0x0001
+static sockent_t *network_create_socket (const char *node, /* {{{ */
const char *service,
- int listen)
+ const char *shared_secret,
+ int security_level,
+ int flags)
{
struct addrinfo ai_hints;
struct addrinfo *ai_list, *ai_ptr;
for (ai_ptr = ai_list; ai_ptr != NULL; ai_ptr = ai_ptr->ai_next)
{
sockent_t *se;
+ int status;
if ((se = (sockent_t *) malloc (sizeof (sockent_t))) == NULL)
{
continue;
}
- if (listen != 0)
+ if ((flags & CREATE_SOCKET_FLAGS_LISTEN) != 0)
{
- if (network_bind_socket (se, ai_ptr) != 0)
+ status = network_bind_socket (se, ai_ptr);
+ if (status != 0)
{
close (se->fd);
free (se->addr);
continue;
}
}
- else /* listen == 0 */
+ else /* sending socket */
{
network_set_ttl (se, ai_ptr);
}
+#if HAVE_GCRYPT_H
+ se->security_level = security_level;
+ se->shared_secret = NULL;
+ se->cypher = NULL;
+ if (shared_secret != NULL)
+ {
+ se->shared_secret = sstrdup (shared_secret);
+ assert (se->shared_secret != NULL);
+
+ memset (se->shared_secret_hash, 0,
+ sizeof (se->shared_secret_hash));
+ gcry_md_hash_buffer (GCRY_MD_SHA256,
+ se->shared_secret_hash,
+ se->shared_secret,
+ strlen (se->shared_secret));
+ }
+#else
+ /* Make compiler happy */
+ security_level = 0;
+ shared_secret = NULL;
+#endif /* HAVE_GCRYPT_H */
+
if (se_tail == NULL)
{
se_head = se;
}
/* We don't open more than one write-socket per node/service pair.. */
- if (listen == 0)
+ if ((flags & CREATE_SOCKET_FLAGS_LISTEN) == 0)
break;
}
freeaddrinfo (ai_list);
return (se_head);
-} /* sockent_t *network_create_socket */
+} /* }}} sockent_t *network_create_socket */
-static sockent_t *network_create_default_socket (int listen)
+static sockent_t *network_create_default_socket (int flags) /* {{{ */
{
sockent_t *se_ptr = NULL;
sockent_t *se_head = NULL;
sockent_t *se_tail = NULL;
- se_ptr = network_create_socket (NET_DEFAULT_V6_ADDR,
- NET_DEFAULT_PORT, listen);
+ se_ptr = network_create_socket (NET_DEFAULT_V6_ADDR, NET_DEFAULT_PORT,
+ /* shared secret = */ NULL, SECURITY_LEVEL_NONE,
+ flags);
/* Don't send to the same machine in IPv6 and IPv4 if both are available. */
- if ((listen == 0) && (se_ptr != NULL))
+ if (((flags & CREATE_SOCKET_FLAGS_LISTEN) == 0) && (se_ptr != NULL))
return (se_ptr);
if (se_ptr != NULL)
se_tail = se_tail->next;
}
- se_ptr = network_create_socket (NET_DEFAULT_V4_ADDR, NET_DEFAULT_PORT, listen);
+ se_ptr = network_create_socket (NET_DEFAULT_V4_ADDR, NET_DEFAULT_PORT,
+ /* shared secret = */ NULL, SECURITY_LEVEL_NONE,
+ flags);
if (se_tail == NULL)
return (se_ptr);
se_tail->next = se_ptr;
return (se_head);
-} /* sockent_t *network_create_default_socket */
+} /* }}} sockent_t *network_create_default_socket */
-static int network_add_listen_socket (const char *node, const char *service)
+static int network_add_listen_socket (const char *node, /* {{{ */
+ const char *service, const char *shared_secret, int security_level)
{
sockent_t *se;
sockent_t *se_ptr;
int se_num = 0;
+ int flags;
+
+ flags = CREATE_SOCKET_FLAGS_LISTEN;
+
if (service == NULL)
service = NET_DEFAULT_PORT;
if (node == NULL)
- se = network_create_default_socket (1 /* listen == true */);
+ se = network_create_default_socket (flags);
else
- se = network_create_socket (node, service, 1 /* listen == true */);
+ se = network_create_socket (node, service,
+ shared_secret, security_level, flags);
if (se == NULL)
return (-1);
for (se_ptr = se; se_ptr != NULL; se_ptr = se_ptr->next)
se_num++;
- listen_sockets = (struct pollfd *) realloc (listen_sockets,
+ listen_sockets_pollfd = realloc (listen_sockets_pollfd,
(listen_sockets_num + se_num)
* sizeof (struct pollfd));
for (se_ptr = se; se_ptr != NULL; se_ptr = se_ptr->next)
{
- listen_sockets[listen_sockets_num].fd = se_ptr->fd;
- listen_sockets[listen_sockets_num].events = POLLIN | POLLPRI;
- listen_sockets[listen_sockets_num].revents = 0;
+ listen_sockets_pollfd[listen_sockets_num].fd = se_ptr->fd;
+ listen_sockets_pollfd[listen_sockets_num].events = POLLIN | POLLPRI;
+ listen_sockets_pollfd[listen_sockets_num].revents = 0;
listen_sockets_num++;
} /* for (se) */
- free_sockent (se);
+ se_ptr = listen_sockets;
+ while ((se_ptr != NULL) && (se_ptr->next != NULL))
+ se_ptr = se_ptr->next;
+
+ if (se_ptr == NULL)
+ listen_sockets = se;
+ else
+ se_ptr->next = se;
+
return (0);
-} /* int network_add_listen_socket */
+} /* }}} int network_add_listen_socket */
-static int network_add_sending_socket (const char *node, const char *service)
+static int network_add_sending_socket (const char *node, /* {{{ */
+ const char *service, const char *shared_secret, int security_level)
{
sockent_t *se;
sockent_t *se_ptr;
service = NET_DEFAULT_PORT;
if (node == NULL)
- se = network_create_default_socket (0 /* listen == false */);
+ se = network_create_default_socket (/* flags = */ 0);
else
- se = network_create_socket (node, service, 0 /* listen == false */);
+ se = network_create_socket (node, service,
+ shared_secret, security_level,
+ /* flags = */ 0);
if (se == NULL)
return (-1);
se_ptr->next = se;
return (0);
-} /* int network_get_listen_socket */
+} /* }}} int network_add_sending_socket */
-static void *dispatch_thread (void *arg)
+static void *dispatch_thread (void __attribute__((unused)) *arg) /* {{{ */
{
while (42)
{
receive_list_entry_t *ent;
+ sockent_t *se;
/* Lock and wait for more data to come in */
pthread_mutex_lock (&receive_list_lock);
if (ent == NULL)
break;
- parse_packet (ent->data, ent->data_len);
-
+ /* Look for the correct `sockent_t' */
+ se = listen_sockets;
+ while ((se != NULL) && (se->fd != ent->fd))
+ se = se->next;
+
+ if (se == NULL)
+ {
+ ERROR ("network plugin: Got packet from FD %i, but can't "
+ "find an appropriate socket entry.",
+ ent->fd);
+ sfree (ent);
+ continue;
+ }
+
+ parse_packet (se, ent->data, ent->data_len, /* flags = */ 0);
sfree (ent);
} /* while (42) */
return (NULL);
-} /* void *receive_thread */
+} /* }}} void *dispatch_thread */
static int network_receive (void)
{
int i;
int status;
+ receive_list_entry_t *private_list_head;
+ receive_list_entry_t *private_list_tail;
+
if (listen_sockets_num == 0)
- network_add_listen_socket (NULL, NULL);
+ network_add_listen_socket (/* node = */ NULL,
+ /* service = */ NULL,
+ /* shared secret = */ NULL,
+ /* encryption = */ 0);
if (listen_sockets_num == 0)
{
return (-1);
}
+ private_list_head = NULL;
+ private_list_tail = NULL;
+
while (listen_loop == 0)
{
- status = poll (listen_sockets, listen_sockets_num, -1);
+ status = poll (listen_sockets_pollfd, listen_sockets_num, -1);
if (status <= 0)
{
{
receive_list_entry_t *ent;
- if ((listen_sockets[i].revents & (POLLIN | POLLPRI)) == 0)
+ if ((listen_sockets_pollfd[i].revents
+ & (POLLIN | POLLPRI)) == 0)
continue;
status--;
- buffer_len = recv (listen_sockets[i].fd,
+ buffer_len = recv (listen_sockets_pollfd[i].fd,
buffer, sizeof (buffer),
0 /* no flags */);
if (buffer_len < 0)
return (-1);
}
+ /* TODO: Possible performance enhancement: Do not free
+ * these entries in the dispatch thread but put them in
+ * another list, so we don't have to allocate more and
+ * more of these structures. */
ent = malloc (sizeof (receive_list_entry_t));
if (ent == NULL)
{
ERROR ("network plugin: malloc failed.");
return (-1);
}
- memset (ent, '\0', sizeof (receive_list_entry_t));
+ memset (ent, 0, sizeof (receive_list_entry_t));
+ ent->fd = listen_sockets_pollfd[i].fd;
+ ent->next = NULL;
/* Hopefully this be optimized out by the compiler. It
* might help prevent stupid bugs in the future though.
memcpy (ent->data, buffer, buffer_len);
ent->data_len = buffer_len;
- pthread_mutex_lock (&receive_list_lock);
- if (receive_list_head == NULL)
- {
- receive_list_head = ent;
- receive_list_tail = ent;
- }
+ if (private_list_head == NULL)
+ private_list_head = ent;
else
+ private_list_tail->next = ent;
+ private_list_tail = ent;
+
+ /* Do not block here. Blocking here has led to
+ * insufficient performance in the past. */
+ if (pthread_mutex_trylock (&receive_list_lock) == 0)
{
- receive_list_tail->next = ent;
- receive_list_tail = ent;
+ if (receive_list_head == NULL)
+ receive_list_head = private_list_head;
+ else
+ receive_list_tail->next = private_list_head;
+ receive_list_tail = private_list_tail;
+
+ private_list_head = NULL;
+ private_list_tail = NULL;
+
+ pthread_cond_signal (&receive_list_cond);
+ pthread_mutex_unlock (&receive_list_lock);
}
- pthread_cond_signal (&receive_list_cond);
- pthread_mutex_unlock (&receive_list_lock);
- } /* for (listen_sockets) */
+ } /* for (listen_sockets_pollfd) */
} /* while (listen_loop == 0) */
+ /* Make sure everything is dispatched before exiting. */
+ if (private_list_head != NULL)
+ {
+ pthread_mutex_lock (&receive_list_lock);
+
+ if (receive_list_head == NULL)
+ receive_list_head = private_list_head;
+ else
+ receive_list_tail->next = private_list_head;
+ receive_list_tail = private_list_tail;
+
+ private_list_head = NULL;
+ private_list_tail = NULL;
+
+ pthread_cond_signal (&receive_list_cond);
+ pthread_mutex_unlock (&receive_list_lock);
+ }
+
return (0);
-}
+} /* int network_receive */
-static void *receive_thread (void *arg)
+static void *receive_thread (void __attribute__((unused)) *arg)
{
return (network_receive () ? (void *) 1 : (void *) 0);
} /* void *receive_thread */
-static void network_send_buffer (const char *buffer, int buffer_len)
+static void network_init_buffer (void)
{
- sockent_t *se;
- int status;
+ memset (send_buffer, 0, sizeof (send_buffer));
+ send_buffer_ptr = send_buffer;
+ send_buffer_fill = 0;
+
+ memset (&send_buffer_vl, 0, sizeof (send_buffer_vl));
+} /* int network_init_buffer */
- DEBUG ("network plugin: network_send_buffer: buffer_len = %i", buffer_len);
+static void networt_send_buffer_plain (const sockent_t *se, /* {{{ */
+ const char *buffer, size_t buffer_size)
+{
+ int status;
- for (se = sending_sockets; se != NULL; se = se->next)
+ while (42)
{
- while (42)
+ status = sendto (se->fd, buffer, buffer_size, 0 /* no flags */,
+ (struct sockaddr *) se->addr, se->addrlen);
+ if (status < 0)
{
- status = sendto (se->fd, buffer, buffer_len, 0 /* no flags */,
- (struct sockaddr *) se->addr, se->addrlen);
- if (status < 0)
- {
- char errbuf[1024];
- if (errno == EINTR)
- continue;
- ERROR ("network plugin: sendto failed: %s",
- sstrerror (errno, errbuf,
- sizeof (errbuf)));
- break;
- }
-
+ char errbuf[1024];
+ if (errno == EINTR)
+ continue;
+ ERROR ("network plugin: sendto failed: %s",
+ sstrerror (errno, errbuf,
+ sizeof (errbuf)));
break;
- } /* while (42) */
- } /* for (sending_sockets) */
-} /* void network_send_buffer */
+ }
+
+ break;
+ } /* while (42) */
+} /* }}} void networt_send_buffer_plain */
-static int add_to_buffer (char *buffer, int buffer_size,
- value_list_t *vl_def, char *type_def,
+#if HAVE_GCRYPT_H
+static void networt_send_buffer_signed (const sockent_t *se, /* {{{ */
+ const char *in_buffer, size_t in_buffer_size)
+{
+ part_signature_sha256_t ps;
+ char buffer[sizeof (ps) + in_buffer_size];
+
+ gcry_md_hd_t hd;
+ gcry_error_t err;
+ unsigned char *hash;
+
+ hd = NULL;
+ err = gcry_md_open (&hd, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
+ if (err != 0)
+ {
+ ERROR ("network plugin: Creating HMAC object failed: %s",
+ gcry_strerror (err));
+ return;
+ }
+
+ err = gcry_md_setkey (hd, se->shared_secret,
+ strlen (se->shared_secret));
+ if (err != 0)
+ {
+ ERROR ("network plugin: gcry_md_setkey failed: %s",
+ gcry_strerror (err));
+ gcry_md_close (hd);
+ return;
+ }
+
+ /* Initialize the `ps' structure. */
+ memset (&ps, 0, sizeof (ps));
+ ps.head.type = htons (TYPE_SIGN_SHA256);
+ ps.head.length = htons ((uint16_t) sizeof (ps));
+
+ /* Calculate the hash value. */
+ gcry_md_write (hd, in_buffer, in_buffer_size);
+ hash = gcry_md_read (hd, GCRY_MD_SHA256);
+ if (hash == NULL)
+ {
+ ERROR ("network plugin: gcry_md_read failed.");
+ gcry_md_close (hd);
+ return;
+ }
+
+ /* Add the signature and fill the rest of the buffer. */
+ memcpy (ps.hash, hash, sizeof (ps.hash));
+ memcpy (buffer, &ps, sizeof (ps));
+ memcpy (buffer + sizeof (ps), in_buffer, in_buffer_size);
+
+ gcry_md_close (hd);
+ hd = NULL;
+
+ networt_send_buffer_plain (se, buffer, sizeof (buffer));
+} /* }}} void networt_send_buffer_signed */
+
+static void networt_send_buffer_encrypted (sockent_t *se, /* {{{ */
+ const char *in_buffer, size_t in_buffer_size)
+{
+ part_encryption_aes256_t pea;
+ char buffer[sizeof (pea) + in_buffer_size];
+ size_t buffer_size;
+ size_t buffer_offset;
+ size_t padding_size;
+ gcry_error_t err;
+ gcry_cipher_hd_t cypher;
+
+ /* Round to the next multiple of 16, because AES has a block size of 128 bit.
+ * the first 20 bytes of `pea' are not encrypted and must be subtracted. */
+ buffer_size = in_buffer_size +
+ (PART_ENCRYPTION_AES256_SIZE - PART_ENCRYPTION_AES256_UNENCR_SIZE);
+ padding_size = buffer_size;
+ /* Round to the next multiple of 16. */
+ buffer_size = (buffer_size + 15) / 16;
+ buffer_size = buffer_size * 16;
+ /* Calculate padding_size */
+ padding_size = buffer_size - padding_size;
+ assert (padding_size <= sizeof (pea.padding));
+ /* Now add the unencrypted bytes. */
+ buffer_size += PART_ENCRYPTION_AES256_UNENCR_SIZE;
+
+ DEBUG ("network plugin: networt_send_buffer_encrypted: "
+ "buffer_size = %zu;", buffer_size);
+
+ /* Initialize the header fields */
+ memset (&pea, 0, sizeof (pea));
+ pea.head.type = htons (TYPE_ENCR_AES256);
+ pea.head.length = htons ((uint16_t) buffer_size);
+ pea.orig_length = htons ((uint16_t) in_buffer_size);
+
+ /* Chose a random initialization vector. */
+ gcry_randomize (&pea.iv, sizeof (pea.iv), GCRY_STRONG_RANDOM);
+
+ /* Create hash of the payload */
+ gcry_md_hash_buffer (GCRY_MD_SHA1, pea.hash, in_buffer, in_buffer_size);
+
+ /* Fill the extra field with random values. Some entropy in the encrypted
+ * data is usually not a bad thing, I hope. */
+ if (padding_size > 0)
+ gcry_randomize (&pea.padding, padding_size, GCRY_STRONG_RANDOM);
+
+ /* Initialize the buffer */
+ buffer_offset = 0;
+ memset (buffer, 0, sizeof (buffer));
+
+#define BUFFER_ADD(p,s) do { \
+ memcpy (buffer + buffer_offset, (p), (s)); \
+ buffer_offset += (s); \
+} while (0)
+
+ BUFFER_ADD (&pea.head.type, sizeof (pea.head.type));
+ BUFFER_ADD (&pea.head.length, sizeof (pea.head.length));
+ BUFFER_ADD (pea.iv, sizeof (pea.iv));
+ BUFFER_ADD (&pea.orig_length, sizeof (pea.orig_length));
+ BUFFER_ADD (pea.hash, sizeof (pea.hash));
+
+ if (padding_size > 0)
+ BUFFER_ADD (pea.padding, padding_size);
+
+ BUFFER_ADD (in_buffer, in_buffer_size);
+
+ assert (buffer_offset == buffer_size);
+
+ cypher = network_get_aes256_cypher (se, pea.iv, sizeof (pea.iv));
+ if (cypher == NULL)
+ return;
+
+ /* Encrypt the buffer in-place */
+ err = gcry_cipher_encrypt (cypher,
+ buffer + PART_ENCRYPTION_AES256_UNENCR_SIZE,
+ buffer_size - PART_ENCRYPTION_AES256_UNENCR_SIZE,
+ /* in = */ NULL, /* in len = */ 0);
+ if (err != 0)
+ {
+ ERROR ("network plugin: gcry_cipher_encrypt returned: %s",
+ gcry_strerror (err));
+ return;
+ }
+
+ /* Send it out without further modifications */
+ networt_send_buffer_plain (se, buffer, buffer_size);
+#undef BUFFER_ADD
+} /* }}} void networt_send_buffer_encrypted */
+#endif /* HAVE_GCRYPT_H */
+
+static void network_send_buffer (char *buffer, size_t buffer_len) /* {{{ */
+{
+ sockent_t *se;
+
+ DEBUG ("network plugin: network_send_buffer: buffer_len = %zu", buffer_len);
+
+ for (se = sending_sockets; se != NULL; se = se->next)
+ {
+#if HAVE_GCRYPT_H
+ if (se->security_level == SECURITY_LEVEL_ENCRYPT)
+ networt_send_buffer_encrypted (se, buffer, buffer_len);
+ else if (se->security_level == SECURITY_LEVEL_SIGN)
+ networt_send_buffer_signed (se, buffer, buffer_len);
+ else /* if (se->security_level == SECURITY_LEVEL_NONE) */
+#endif /* HAVE_GCRYPT_H */
+ networt_send_buffer_plain (se, buffer, buffer_len);
+ } /* for (sending_sockets) */
+} /* }}} void network_send_buffer */
+
+static int add_to_buffer (char *buffer, int buffer_size, /* {{{ */
+ value_list_t *vl_def,
const data_set_t *ds, const value_list_t *vl)
{
char *buffer_orig = buffer;
sstrncpy (vl_def->plugin_instance, vl->plugin_instance, sizeof (vl_def->plugin_instance));
}
- if (strcmp (type_def, vl->type) != 0)
+ if (strcmp (vl_def->type, vl->type) != 0)
{
if (write_part_string (&buffer, &buffer_size, TYPE_TYPE,
vl->type, strlen (vl->type)) != 0)
return (-1);
- sstrncpy (type_def, vl->type, sizeof (type_def));
+ sstrncpy (vl_def->type, ds->type, sizeof (vl_def->type));
}
if (strcmp (vl_def->type_instance, vl->type_instance) != 0)
return (-1);
return (buffer - buffer_orig);
-} /* int add_to_buffer */
+} /* }}} int add_to_buffer */
static void flush_buffer (void)
{
DEBUG ("network plugin: flush_buffer: send_buffer_fill = %i",
send_buffer_fill);
- network_send_buffer (send_buffer, send_buffer_fill);
- send_buffer_ptr = send_buffer;
- send_buffer_fill = 0;
- memset (&send_buffer_vl, '\0', sizeof (send_buffer_vl));
- memset (send_buffer_type, '\0', sizeof (send_buffer_type));
+ network_send_buffer (send_buffer, (size_t) send_buffer_fill);
+ network_init_buffer ();
}
-static int network_write (const data_set_t *ds, const value_list_t *vl)
+static int network_write (const data_set_t *ds, const value_list_t *vl,
+ user_data_t __attribute__((unused)) *user_data)
{
int status;
pthread_mutex_lock (&send_buffer_lock);
status = add_to_buffer (send_buffer_ptr,
- sizeof (send_buffer) - send_buffer_fill,
- &send_buffer_vl, send_buffer_type,
+ sizeof (send_buffer) - (send_buffer_fill + BUFF_SIG_SIZE),
+ &send_buffer_vl,
ds, vl);
if (status >= 0)
{
flush_buffer ();
status = add_to_buffer (send_buffer_ptr,
- sizeof (send_buffer) - send_buffer_fill,
- &send_buffer_vl, send_buffer_type,
+ sizeof (send_buffer) - (send_buffer_fill + BUFF_SIG_SIZE),
+ &send_buffer_vl,
ds, vl);
if (status >= 0)
return ((status < 0) ? -1 : 0);
} /* int network_write */
-static int network_config (const char *key, const char *val)
+static int network_config_set_boolean (const oconfig_item_t *ci, /* {{{ */
+ int *retval)
{
- char *node;
- char *service;
+ if ((ci->values_num != 1)
+ || ((ci->values[0].type != OCONFIG_TYPE_BOOLEAN)
+ && (ci->values[0].type != OCONFIG_TYPE_STRING)))
+ {
+ ERROR ("network plugin: The `%s' config option needs "
+ "exactly one boolean argument.", ci->key);
+ return (-1);
+ }
- char *fields[3];
- int fields_num;
+ if (ci->values[0].type == OCONFIG_TYPE_BOOLEAN)
+ {
+ if (ci->values[0].value.boolean)
+ *retval = 1;
+ else
+ *retval = 0;
+ }
+ else
+ {
+ char *str = ci->values[0].value.string;
+
+ if ((strcasecmp ("true", str) == 0)
+ || (strcasecmp ("yes", str) == 0)
+ || (strcasecmp ("on", str) == 0))
+ *retval = 1;
+ else if ((strcasecmp ("false", str) == 0)
+ || (strcasecmp ("no", str) == 0)
+ || (strcasecmp ("off", str) == 0))
+ *retval = 0;
+ else
+ {
+ ERROR ("network plugin: Cannot parse string value `%s' of the `%s' "
+ "option as boolean value.",
+ str, ci->key);
+ return (-1);
+ }
+ }
- if ((strcasecmp ("Listen", key) == 0)
- || (strcasecmp ("Server", key) == 0))
- {
- char *val_cpy = strdup (val);
- if (val_cpy == NULL)
- return (1);
+ return (0);
+} /* }}} int network_config_set_boolean */
- service = NET_DEFAULT_PORT;
- fields_num = strsplit (val_cpy, fields, 3);
- if ((fields_num != 1)
- && (fields_num != 2))
- {
- sfree (val_cpy);
- return (1);
- }
- else if (fields_num == 2)
- {
- if ((service = strchr (fields[1], '.')) != NULL)
- *service = '\0';
- service = fields[1];
- }
- node = fields[0];
+static int network_config_set_ttl (const oconfig_item_t *ci) /* {{{ */
+{
+ int tmp;
+ if ((ci->values_num != 1)
+ || (ci->values[0].type != OCONFIG_TYPE_NUMBER))
+ {
+ WARNING ("network plugin: The `TimeToLive' config option needs exactly "
+ "one numeric argument.");
+ return (-1);
+ }
- if (strcasecmp ("Listen", key) == 0)
- network_add_listen_socket (node, service);
- else
- network_add_sending_socket (node, service);
+ tmp = (int) ci->values[0].value.number;
+ if ((tmp > 0) && (tmp <= 255))
+ network_config_ttl = tmp;
- sfree (val_cpy);
- }
- else if (strcasecmp ("TimeToLive", key) == 0)
- {
- int tmp = atoi (val);
- if ((tmp > 0) && (tmp < 256))
- network_config_ttl = tmp;
- else
- return (1);
- }
- else if (strcasecmp ("Forward", key) == 0)
- {
- if ((strcasecmp ("true", val) == 0)
- || (strcasecmp ("yes", val) == 0)
- || (strcasecmp ("on", val) == 0))
- network_config_forward = 1;
- else
- network_config_forward = 0;
- }
- else if (strcasecmp ("CacheFlush", key) == 0)
- {
- int tmp = atoi (val);
- if (tmp > 0)
- cache_flush_interval = tmp;
- else return (1);
- }
- else
- {
- return (-1);
- }
- return (0);
-} /* int network_config */
+ return (0);
+} /* }}} int network_config_set_ttl */
-static int network_notification (const notification_t *n)
+#if HAVE_GCRYPT_H
+static int network_config_set_security_level (oconfig_item_t *ci, /* {{{ */
+ int *retval)
+{
+ char *str;
+ if ((ci->values_num != 1)
+ || (ci->values[0].type != OCONFIG_TYPE_STRING))
+ {
+ WARNING ("network plugin: The `SecurityLevel' config option needs exactly "
+ "one string argument.");
+ return (-1);
+ }
+
+ str = ci->values[0].value.string;
+ if (strcasecmp ("Encrypt", str) == 0)
+ *retval = SECURITY_LEVEL_ENCRYPT;
+ else if (strcasecmp ("Sign", str) == 0)
+ *retval = SECURITY_LEVEL_SIGN;
+ else if (strcasecmp ("None", str) == 0)
+ *retval = SECURITY_LEVEL_NONE;
+ else
+ {
+ WARNING ("network plugin: Unknown security level: %s.", str);
+ return (-1);
+ }
+
+ return (0);
+} /* }}} int network_config_set_security_level */
+#endif /* HAVE_GCRYPT_H */
+
+static int network_config_listen_server (const oconfig_item_t *ci) /* {{{ */
+{
+ char *node;
+ char *service;
+ char *shared_secret = NULL;
+ int security_level = SECURITY_LEVEL_NONE;
+ int i;
+
+ if ((ci->values_num < 1) || (ci->values_num > 2)
+ || (ci->values[0].type != OCONFIG_TYPE_STRING)
+ || ((ci->values_num > 1) && (ci->values[1].type != OCONFIG_TYPE_STRING)))
+ {
+ ERROR ("network plugin: The `%s' config option needs "
+ "one or two string arguments.", ci->key);
+ return (-1);
+ }
+
+ node = ci->values[0].value.string;
+ if (ci->values_num >= 2)
+ service = ci->values[1].value.string;
+ else
+ service = NULL;
+
+ for (i = 0; i < ci->children_num; i++)
+ {
+ oconfig_item_t *child = ci->children + i;
+
+#if HAVE_GCRYPT_H
+ if (strcasecmp ("Secret", child->key) == 0)
+ {
+ if ((child->values_num == 1)
+ && (child->values[0].type == OCONFIG_TYPE_STRING))
+ shared_secret = child->values[0].value.string;
+ else
+ ERROR ("network plugin: The `Secret' option needs exactly one string "
+ "argument.");
+ }
+ else if (strcasecmp ("SecurityLevel", child->key) == 0)
+ network_config_set_security_level (child, &security_level);
+ else
+#endif /* HAVE_GCRYPT_H */
+ {
+ WARNING ("network plugin: Option `%s' is not allowed here.",
+ child->key);
+ }
+ }
+
+ if ((security_level > SECURITY_LEVEL_NONE) && (shared_secret == NULL))
+ {
+ ERROR ("network plugin: A security level higher than `none' was "
+ "requested, but no shared key was given. Cowardly refusing to open "
+ "this socket!");
+ return (-1);
+ }
+
+ if (strcasecmp ("Listen", ci->key) == 0)
+ network_add_listen_socket (node, service, shared_secret, security_level);
+ else
+ network_add_sending_socket (node, service, shared_secret, security_level);
+
+ return (0);
+} /* }}} int network_config_listen_server */
+
+static int network_config_set_cache_flush (const oconfig_item_t *ci) /* {{{ */
+{
+ int tmp;
+ if ((ci->values_num != 1)
+ || (ci->values[0].type != OCONFIG_TYPE_NUMBER))
+ {
+ WARNING ("network plugin: The `CacheFlush' config option needs exactly "
+ "one numeric argument.");
+ return (-1);
+ }
+
+ tmp = (int) ci->values[0].value.number;
+ if (tmp > 0)
+ network_config_ttl = tmp;
+
+ return (0);
+} /* }}} int network_config_set_cache_flush */
+
+static int network_config (oconfig_item_t *ci) /* {{{ */
+{
+ int i;
+
+ for (i = 0; i < ci->children_num; i++)
+ {
+ oconfig_item_t *child = ci->children + i;
+
+ if ((strcasecmp ("Listen", child->key) == 0)
+ || (strcasecmp ("Server", child->key) == 0))
+ network_config_listen_server (child);
+ else if (strcasecmp ("TimeToLive", child->key) == 0)
+ network_config_set_ttl (child);
+ else if (strcasecmp ("Forward", child->key) == 0)
+ network_config_set_boolean (child, &network_config_forward);
+ else if (strcasecmp ("CacheFlush", child->key) == 0)
+ network_config_set_cache_flush (child);
+ else
+ {
+ WARNING ("network plugin: Option `%s' is not allowed here.",
+ child->key);
+ }
+ }
+
+ return (0);
+} /* }}} int network_config */
+
+static int network_notification (const notification_t *n,
+ user_data_t __attribute__((unused)) *user_data)
{
char buffer[BUFF_SIZE];
char *buffer_ptr = buffer;
listen_loop++;
/* Kill the listening thread */
- if (receive_thread_id != (pthread_t) 0)
+ if (receive_thread_running != 0)
{
+ INFO ("network plugin: Stopping receive thread.");
pthread_kill (receive_thread_id, SIGTERM);
pthread_join (receive_thread_id, NULL /* no return value */);
- receive_thread_id = (pthread_t) 0;
+ memset (&receive_thread_id, 0, sizeof (receive_thread_id));
+ receive_thread_running = 0;
}
/* Shutdown the dispatching thread */
- if (dispatch_thread_id != (pthread_t) 0)
+ if (dispatch_thread_running != 0)
+ {
+ INFO ("network plugin: Stopping dispatch thread.");
+ pthread_mutex_lock (&receive_list_lock);
pthread_cond_broadcast (&receive_list_cond);
+ pthread_mutex_unlock (&receive_list_lock);
+ pthread_join (dispatch_thread_id, /* ret = */ NULL);
+ dispatch_thread_running = 0;
+ }
+
+ free_sockent (listen_sockets);
if (send_buffer_fill > 0)
flush_buffer ();
plugin_register_shutdown ("network", network_shutdown);
- send_buffer_ptr = send_buffer;
- send_buffer_fill = 0;
- memset (&send_buffer_vl, '\0', sizeof (send_buffer_vl));
- memset (send_buffer_type, '\0', sizeof (send_buffer_type));
+ network_init_buffer ();
cache_tree = c_avl_create ((int (*) (const void *, const void *)) strcmp);
cache_flush_last = time (NULL);
/* setup socket(s) and so on */
if (sending_sockets != NULL)
{
- plugin_register_write ("network", network_write);
- plugin_register_notification ("network", network_notification);
+ plugin_register_write ("network", network_write,
+ /* user_data = */ NULL);
+ plugin_register_notification ("network", network_notification,
+ /* user_data = */ NULL);
}
- if ((listen_sockets_num != 0) && (receive_thread_id == 0))
+ /* If no threads need to be started, return here. */
+ if ((listen_sockets_num == 0)
+ || ((dispatch_thread_running != 0)
+ && (receive_thread_running != 0)))
+ return (0);
+
+ if (dispatch_thread_running == 0)
{
int status;
-
status = pthread_create (&dispatch_thread_id,
NULL /* no attributes */,
dispatch_thread,
sstrerror (errno, errbuf,
sizeof (errbuf)));
}
+ else
+ {
+ dispatch_thread_running = 1;
+ }
+ }
+ if (receive_thread_running == 0)
+ {
+ int status;
status = pthread_create (&receive_thread_id,
NULL /* no attributes */,
receive_thread,
sstrerror (errno, errbuf,
sizeof (errbuf)));
}
+ else
+ {
+ receive_thread_running = 1;
+ }
}
+
return (0);
} /* int network_init */
* just send the buffer if `flush' is called - if the requested value was in
* there, good. If not, well, then there is nothing to flush.. -octo
*/
-static int network_flush (int timeout, const char *identifier)
+static int network_flush (int timeout,
+ const char __attribute__((unused)) *identifier,
+ user_data_t __attribute__((unused)) *user_data)
{
pthread_mutex_lock (&send_buffer_lock);
void module_register (void)
{
- plugin_register_config ("network", network_config,
- config_keys, config_keys_num);
+ plugin_register_complex_config ("network", network_config);
plugin_register_init ("network", network_init);
- plugin_register_flush ("network", network_flush);
+ plugin_register_flush ("network", network_flush,
+ /* user_data = */ NULL);
} /* void module_register */
+
+/* vim: set fdm=marker : */