X-Git-Url: https://git.octo.it/?a=blobdiff_plain;f=src%2Flibcollectdclient%2Fnetwork_parse.c;h=7483019a9d5beec868ae6674843ac5f59ab4c403;hb=0aa5b32fd9246ad82686616eada68ee50f26bff7;hp=83a05d4f37d0da8b1e907de91bdd00a14dede122;hpb=59353d13d73f3a351c5dada73896344b9e2a3818;p=collectd.git

diff --git a/src/libcollectdclient/network_parse.c b/src/libcollectdclient/network_parse.c
index 83a05d4f..7483019a 100644
--- a/src/libcollectdclient/network_parse.c
+++ b/src/libcollectdclient/network_parse.c
@@ -23,9 +23,7 @@
  *   Florian octo Forster <octo at collectd.org>
  **/
 
-#if HAVE_CONFIG_H
 #include "config.h"
-#endif
 
 #if !defined(__GNUC__) || !__GNUC__
 #define __attribute__(x) /**/
@@ -38,13 +36,22 @@
 #include <math.h>
 #include <pthread.h>
 
+/* for be{16,64}toh */
+#if HAVE_ENDIAN_H
+#include <endian.h>
+#elif HAVE_SYS_ENDIAN_H
+#include <sys/endian.h>
+#endif
+
 #define GCRYPT_NO_DEPRECATED
 #include <gcrypt.h>
 
 #include <stdio.h>
 #define DEBUG(...) printf(__VA_ARGS__)
 
+#if GCRYPT_VERSION_NUMBER < 0x010600
 GCRY_THREAD_OPTION_PTHREAD_IMPL;
+#endif
 
 /* forward declaration because parse_sign_sha256()/parse_encrypt_aes256() and
  * network_parse() need to call each other. */
@@ -339,14 +346,13 @@ static int verify_sha256(void *payload, size_t payload_size,
 
   gcry_error_t err = gcry_md_open(&hd, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
   if (err != 0) {
-    /* TODO(octo): use gcry_strerror(err) to create an error string. */
-    return -1;
+    return (int)err;
   }
 
   err = gcry_md_setkey(hd, password, strlen(password));
   if (err != 0) {
     gcry_md_close(hd);
-    return -1;
+    return (int)err;
   }
 
   gcry_md_write(hd, username, strlen(username));
@@ -370,7 +376,8 @@ static int parse_sign_sha256(void *signature, size_t signature_len,
                              void *payload, size_t payload_size,
                              lcc_network_parse_options_t const *opts) {
   if (opts->password_lookup == NULL) {
-    /* TODO(octo): print warning */
+    /* The sender signed the packet but we can't verify it. Handle it as if it
+     * were unsigned, i.e. security level NONE. */
     return network_parse(payload, payload_size, NONE, opts);
   }
 
@@ -426,7 +433,8 @@ static int decrypt_aes256(buffer_t *b, void *iv, size_t iv_size,
 static int parse_encrypt_aes256(void *data, size_t data_size,
                                 lcc_network_parse_options_t const *opts) {
   if (opts->password_lookup == NULL) {
-    /* TODO(octo): print warning */
+    /* Without a password source it's (hopefully) impossible to decrypt the
+     * network packet. */
     return ENOENT;
   }
 
@@ -529,9 +537,11 @@ static int network_parse(void *data, size_t data_size, lcc_security_level_t sl,
         return EINVAL;
       }
 
-      /* TODO(octo): skip if current_security_level < required_security_level */
+      int status = 0;
 
-      int status = opts->writer(&vl);
+      /* Write metrics if they have the required security level. */
+      if (sl >= opts->security_level)
+        status = opts->writer(&vl);
 
       free(vl.values);
       free(vl.values_types);