2 * collectd - src/network.c
3 * Copyright (C) 2005-2009 Florian octo Forster
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; only version 2 of the License is applicable.
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
14 * You should have received a copy of the GNU General Public License along
15 * with this program; if not, write to the Free Software Foundation, Inc.,
16 * 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 * Florian octo Forster <octo at verplant.org>
25 #include "configfile.h"
26 #include "utils_avltree.h"
34 # include <sys/socket.h>
40 # include <netinet/in.h>
43 # include <arpa/inet.h>
53 /* 1500 - 40 - 8 = Ethernet packet - IPv6 header - UDP header */
54 /* #define BUFF_SIZE 1452 */
56 #ifndef IPV6_ADD_MEMBERSHIP
57 # ifdef IPV6_JOIN_GROUP
58 # define IPV6_ADD_MEMBERSHIP IPV6_JOIN_GROUP
60 # error "Neither IP_ADD_MEMBERSHIP nor IPV6_JOIN_GROUP is defined"
62 #endif /* !IP_ADD_MEMBERSHIP */
64 /* Buffer size to allocate. */
65 #define BUFF_SIZE 1024
68 * Maximum size required for encryption / signing:
70 * Hash/orig length: 22
72 * --------------------
75 #define BUFF_SIG_SIZE 41
80 typedef struct sockent
83 struct sockaddr_storage *addr;
86 #define SECURITY_LEVEL_NONE 0
88 # define SECURITY_LEVEL_SIGN 1
89 # define SECURITY_LEVEL_ENCRYPT 2
92 gcry_cipher_hd_t cypher;
93 #endif /* HAVE_GCRYPT_H */
98 /* 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
99 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
100 * +-------+-----------------------+-------------------------------+
101 * ! Ver. ! ! Length !
102 * +-------+-----------------------+-------------------------------+
109 typedef struct part_header_s part_header_t;
111 /* 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
112 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
113 * +-------------------------------+-------------------------------+
115 * +-------------------------------+-------------------------------+
116 * : (Length - 4) Bytes :
117 * +---------------------------------------------------------------+
124 typedef struct part_string_s part_string_t;
126 /* 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
127 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
128 * +-------------------------------+-------------------------------+
130 * +-------------------------------+-------------------------------+
131 * : (Length - 4 == 2 || 4 || 8) Bytes :
132 * +---------------------------------------------------------------+
139 typedef struct part_number_s part_number_t;
141 /* 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
142 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
143 * +-------------------------------+-------------------------------+
145 * +-------------------------------+---------------+---------------+
146 * ! Num of values ! Type0 ! Type1 !
147 * +-------------------------------+---------------+---------------+
150 * +---------------------------------------------------------------+
153 * +---------------------------------------------------------------+
158 uint16_t *num_values;
159 uint8_t *values_types;
162 typedef struct part_values_s part_values_t;
164 /* 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
165 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
166 * +-------------------------------+-------------------------------+
168 * +-------------------------------+-------------------------------+
169 * ! Hash (Bits 0 - 31) !
171 * ! Hash (Bits 224 - 255) !
172 * +---------------------------------------------------------------+
174 struct part_signature_sha256_s
179 typedef struct part_signature_sha256_s part_signature_sha256_t;
181 /* 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
182 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
183 * +-------------------------------+-------------------------------+
185 * +-------------------------------+-------------------------------+
186 * ! Original length ! Padding (0 - 15 bytes) !
187 * +-------------------------------+-------------------------------+
188 * ! Hash (Bits 0 - 31) !
190 * ! Hash (Bits 128 - 159) !
191 * +---------------------------------------------------------------+
193 struct part_encryption_aes256_s
196 uint16_t orig_length;
200 typedef struct part_encryption_aes256_s part_encryption_aes256_t;
202 struct receive_list_entry_s
204 char data[BUFF_SIZE];
207 struct receive_list_entry_s *next;
209 typedef struct receive_list_entry_s receive_list_entry_t;
214 static int network_config_ttl = 0;
215 static int network_config_forward = 0;
217 static sockent_t *sending_sockets = NULL;
219 static receive_list_entry_t *receive_list_head = NULL;
220 static receive_list_entry_t *receive_list_tail = NULL;
221 static pthread_mutex_t receive_list_lock = PTHREAD_MUTEX_INITIALIZER;
222 static pthread_cond_t receive_list_cond = PTHREAD_COND_INITIALIZER;
224 static sockent_t *listen_sockets = NULL;
225 static struct pollfd *listen_sockets_pollfd = NULL;
226 static int listen_sockets_num = 0;
228 /* The receive and dispatch threads will run as long as `listen_loop' is set to
230 static int listen_loop = 0;
231 static int receive_thread_running = 0;
232 static pthread_t receive_thread_id;
233 static int dispatch_thread_running = 0;
234 static pthread_t dispatch_thread_id;
236 /* Buffer in which to-be-sent network packets are constructed. */
237 static char send_buffer[BUFF_SIZE];
238 static char *send_buffer_ptr;
239 static int send_buffer_fill;
240 static value_list_t send_buffer_vl = VALUE_LIST_STATIC;
241 static pthread_mutex_t send_buffer_lock = PTHREAD_MUTEX_INITIALIZER;
243 /* In this cache we store all the values we received, so we can send out only
244 * those values which were *not* received via the network plugin, too. This is
245 * used for the `Forward false' option. */
246 static c_avl_tree_t *cache_tree = NULL;
247 static pthread_mutex_t cache_lock = PTHREAD_MUTEX_INITIALIZER;
248 static time_t cache_flush_last = 0;
249 static int cache_flush_interval = 1800;
254 static int cache_flush (void)
264 c_avl_iterator_t *iter;
266 time_t curtime = time (NULL);
268 iter = c_avl_get_iterator (cache_tree);
269 while (c_avl_iterator_next (iter, (void *) &key, (void *) &value) == 0)
271 if ((curtime - *value) <= cache_flush_interval)
273 tmp = (char **) realloc (keys,
274 (keys_num + 1) * sizeof (char *));
278 c_avl_iterator_destroy (iter);
279 ERROR ("network plugin: cache_flush: realloc"
284 keys[keys_num] = key;
286 } /* while (c_avl_iterator_next) */
287 c_avl_iterator_destroy (iter);
289 for (i = 0; i < keys_num; i++)
291 if (c_avl_remove (cache_tree, keys[i], (void *) &key,
292 (void *) &value) != 0)
294 WARNING ("network plugin: cache_flush: c_avl_remove"
295 " (%s) failed.", keys[i]);
305 DEBUG ("network plugin: cache_flush: Removed %i %s",
306 keys_num, (keys_num == 1) ? "entry" : "entries");
307 cache_flush_last = curtime;
309 } /* int cache_flush */
311 static int cache_check (const value_list_t *vl)
314 time_t *value = NULL;
317 if (cache_tree == NULL)
320 if (format_name (key, sizeof (key), vl->host, vl->plugin,
321 vl->plugin_instance, vl->type, vl->type_instance))
324 pthread_mutex_lock (&cache_lock);
326 if (c_avl_get (cache_tree, key, (void *) &value) == 0)
328 if (*value < vl->time)
335 DEBUG ("network plugin: cache_check: *value = %i >= vl->time = %i",
336 (int) *value, (int) vl->time);
342 char *key_copy = strdup (key);
343 value = malloc (sizeof (time_t));
344 if ((key_copy != NULL) && (value != NULL))
347 c_avl_insert (cache_tree, key_copy, value);
357 if ((time (NULL) - cache_flush_last) > cache_flush_interval)
360 pthread_mutex_unlock (&cache_lock);
363 } /* int cache_check */
365 static int write_part_values (char **ret_buffer, int *ret_buffer_len,
366 const data_set_t *ds, const value_list_t *vl)
372 part_header_t pkg_ph;
373 uint16_t pkg_num_values;
374 uint8_t *pkg_values_types;
380 num_values = vl->values_len;
381 packet_len = sizeof (part_header_t) + sizeof (uint16_t)
382 + (num_values * sizeof (uint8_t))
383 + (num_values * sizeof (value_t));
385 if (*ret_buffer_len < packet_len)
388 pkg_values_types = (uint8_t *) malloc (num_values * sizeof (uint8_t));
389 if (pkg_values_types == NULL)
391 ERROR ("network plugin: write_part_values: malloc failed.");
395 pkg_values = (value_t *) malloc (num_values * sizeof (value_t));
396 if (pkg_values == NULL)
398 free (pkg_values_types);
399 ERROR ("network plugin: write_part_values: malloc failed.");
403 pkg_ph.type = htons (TYPE_VALUES);
404 pkg_ph.length = htons (packet_len);
406 pkg_num_values = htons ((uint16_t) vl->values_len);
408 for (i = 0; i < num_values; i++)
410 if (ds->ds[i].type == DS_TYPE_COUNTER)
412 pkg_values_types[i] = DS_TYPE_COUNTER;
413 pkg_values[i].counter = htonll (vl->values[i].counter);
417 pkg_values_types[i] = DS_TYPE_GAUGE;
418 pkg_values[i].gauge = htond (vl->values[i].gauge);
423 * Use `memcpy' to write everything to the buffer, because the pointer
424 * may be unaligned and some architectures, such as SPARC, can't handle
427 packet_ptr = *ret_buffer;
429 memcpy (packet_ptr + offset, &pkg_ph, sizeof (pkg_ph));
430 offset += sizeof (pkg_ph);
431 memcpy (packet_ptr + offset, &pkg_num_values, sizeof (pkg_num_values));
432 offset += sizeof (pkg_num_values);
433 memcpy (packet_ptr + offset, pkg_values_types, num_values * sizeof (uint8_t));
434 offset += num_values * sizeof (uint8_t);
435 memcpy (packet_ptr + offset, pkg_values, num_values * sizeof (value_t));
436 offset += num_values * sizeof (value_t);
438 assert (offset == packet_len);
440 *ret_buffer = packet_ptr + packet_len;
441 *ret_buffer_len -= packet_len;
443 free (pkg_values_types);
447 } /* int write_part_values */
449 static int write_part_number (char **ret_buffer, int *ret_buffer_len,
450 int type, uint64_t value)
455 part_header_t pkg_head;
460 packet_len = sizeof (pkg_head) + sizeof (pkg_value);
462 if (*ret_buffer_len < packet_len)
465 pkg_head.type = htons (type);
466 pkg_head.length = htons (packet_len);
467 pkg_value = htonll (value);
469 packet_ptr = *ret_buffer;
471 memcpy (packet_ptr + offset, &pkg_head, sizeof (pkg_head));
472 offset += sizeof (pkg_head);
473 memcpy (packet_ptr + offset, &pkg_value, sizeof (pkg_value));
474 offset += sizeof (pkg_value);
476 assert (offset == packet_len);
478 *ret_buffer = packet_ptr + packet_len;
479 *ret_buffer_len -= packet_len;
482 } /* int write_part_number */
484 static int write_part_string (char **ret_buffer, int *ret_buffer_len,
485 int type, const char *str, int str_len)
495 buffer_len = 2 * sizeof (uint16_t) + str_len + 1;
496 if (*ret_buffer_len < buffer_len)
499 pkg_type = htons (type);
500 pkg_length = htons (buffer_len);
502 buffer = *ret_buffer;
504 memcpy (buffer + offset, (void *) &pkg_type, sizeof (pkg_type));
505 offset += sizeof (pkg_type);
506 memcpy (buffer + offset, (void *) &pkg_length, sizeof (pkg_length));
507 offset += sizeof (pkg_length);
508 memcpy (buffer + offset, str, str_len);
510 memset (buffer + offset, '\0', 1);
513 assert (offset == buffer_len);
515 *ret_buffer = buffer + buffer_len;
516 *ret_buffer_len -= buffer_len;
519 } /* int write_part_string */
521 static int parse_part_values (void **ret_buffer, int *ret_buffer_len,
522 value_t **ret_values, int *ret_num_values)
524 char *buffer = *ret_buffer;
525 int buffer_len = *ret_buffer_len;
538 if (buffer_len < (15))
540 DEBUG ("network plugin: packet is too short: buffer_len = %i",
545 memcpy ((void *) &tmp16, buffer, sizeof (tmp16));
546 buffer += sizeof (tmp16);
547 pkg_type = ntohs (tmp16);
549 memcpy ((void *) &tmp16, buffer, sizeof (tmp16));
550 buffer += sizeof (tmp16);
551 pkg_length = ntohs (tmp16);
553 memcpy ((void *) &tmp16, buffer, sizeof (tmp16));
554 buffer += sizeof (tmp16);
555 pkg_numval = ntohs (tmp16);
557 assert (pkg_type == TYPE_VALUES);
559 exp_size = 3 * sizeof (uint16_t)
560 + pkg_numval * (sizeof (uint8_t) + sizeof (value_t));
561 if ((buffer_len < 0) || ((size_t) buffer_len < exp_size))
563 WARNING ("network plugin: parse_part_values: "
565 "Chunk of size %u expected, "
566 "but buffer has only %i bytes left.",
567 (unsigned int) exp_size, buffer_len);
571 if (pkg_length != exp_size)
573 WARNING ("network plugin: parse_part_values: "
574 "Length and number of values "
575 "in the packet don't match.");
579 pkg_types = (uint8_t *) malloc (pkg_numval * sizeof (uint8_t));
580 pkg_values = (value_t *) malloc (pkg_numval * sizeof (value_t));
581 if ((pkg_types == NULL) || (pkg_values == NULL))
585 ERROR ("network plugin: parse_part_values: malloc failed.");
589 memcpy ((void *) pkg_types, (void *) buffer, pkg_numval * sizeof (uint8_t));
590 buffer += pkg_numval * sizeof (uint8_t);
591 memcpy ((void *) pkg_values, (void *) buffer, pkg_numval * sizeof (value_t));
592 buffer += pkg_numval * sizeof (value_t);
594 for (i = 0; i < pkg_numval; i++)
596 if (pkg_types[i] == DS_TYPE_COUNTER)
597 pkg_values[i].counter = ntohll (pkg_values[i].counter);
598 else if (pkg_types[i] == DS_TYPE_GAUGE)
599 pkg_values[i].gauge = ntohd (pkg_values[i].gauge);
602 *ret_buffer = buffer;
603 *ret_buffer_len = buffer_len - pkg_length;
604 *ret_num_values = pkg_numval;
605 *ret_values = pkg_values;
610 } /* int parse_part_values */
612 static int parse_part_number (void **ret_buffer, int *ret_buffer_len,
615 char *buffer = *ret_buffer;
616 int buffer_len = *ret_buffer_len;
620 size_t exp_size = 2 * sizeof (uint16_t) + sizeof (uint64_t);
625 if ((buffer_len < 0) || ((size_t) buffer_len < exp_size))
627 WARNING ("network plugin: parse_part_number: "
629 "Chunk of size %u expected, "
630 "but buffer has only %i bytes left.",
631 (unsigned int) exp_size, buffer_len);
635 memcpy ((void *) &tmp16, buffer, sizeof (tmp16));
636 buffer += sizeof (tmp16);
637 pkg_type = ntohs (tmp16);
639 memcpy ((void *) &tmp16, buffer, sizeof (tmp16));
640 buffer += sizeof (tmp16);
641 pkg_length = ntohs (tmp16);
643 memcpy ((void *) &tmp64, buffer, sizeof (tmp64));
644 buffer += sizeof (tmp64);
645 *value = ntohll (tmp64);
647 *ret_buffer = buffer;
648 *ret_buffer_len = buffer_len - pkg_length;
651 } /* int parse_part_number */
653 static int parse_part_string (void **ret_buffer, int *ret_buffer_len,
654 char *output, int output_len)
656 char *buffer = *ret_buffer;
657 int buffer_len = *ret_buffer_len;
660 size_t header_size = 2 * sizeof (uint16_t);
665 if ((buffer_len < 0) || ((size_t) buffer_len < header_size))
667 WARNING ("network plugin: parse_part_string: "
669 "Chunk of at least size %u expected, "
670 "but buffer has only %i bytes left.",
671 (unsigned int) header_size, buffer_len);
675 memcpy ((void *) &tmp16, buffer, sizeof (tmp16));
676 buffer += sizeof (tmp16);
677 pkg_type = ntohs (tmp16);
679 memcpy ((void *) &tmp16, buffer, sizeof (tmp16));
680 buffer += sizeof (tmp16);
681 pkg_length = ntohs (tmp16);
683 /* Check that packet fits in the input buffer */
684 if (pkg_length > buffer_len)
686 WARNING ("network plugin: parse_part_string: "
688 "Chunk of size %hu received, "
689 "but buffer has only %i bytes left.",
690 pkg_length, buffer_len);
694 /* Check that pkg_length is in the valid range */
695 if (pkg_length <= header_size)
697 WARNING ("network plugin: parse_part_string: "
699 "Header claims this packet is only %hu "
700 "bytes long.", pkg_length);
704 /* Check that the package data fits into the output buffer.
705 * The previous if-statement ensures that:
706 * `pkg_length > header_size' */
708 || ((size_t) output_len < ((size_t) pkg_length - header_size)))
710 WARNING ("network plugin: parse_part_string: "
711 "Output buffer too small.");
715 /* All sanity checks successfull, let's copy the data over */
716 output_len = pkg_length - header_size;
717 memcpy ((void *) output, (void *) buffer, output_len);
718 buffer += output_len;
720 /* For some very weird reason '\0' doesn't do the trick on SPARC in
722 if (output[output_len - 1] != 0)
724 WARNING ("network plugin: parse_part_string: "
725 "Received string does not end "
726 "with a NULL-byte.");
730 *ret_buffer = buffer;
731 *ret_buffer_len = buffer_len - pkg_length;
734 } /* int parse_part_string */
737 static int parse_part_sign_sha256 (sockent_t *se, /* {{{ */
738 void **ret_buffer, int *ret_buffer_len)
740 char *buffer = *ret_buffer;
741 size_t buffer_len = (size_t) *ret_buffer_len;
743 part_signature_sha256_t ps_received;
744 part_signature_sha256_t ps_expected;
746 if (se->shared_secret == NULL)
748 NOTICE ("network plugin: Received signed network packet but can't verify "
749 "it because no shared secret has been configured. Will accept it.");
753 if (buffer_len < sizeof (ps_received))
756 memcpy (&ps_received, buffer, sizeof (ps_received));
758 memset (&ps_expected, 0, sizeof (ps_expected));
759 ps_expected.head.type = htons (TYPE_SIGN_SHA256);
760 ps_expected.head.length = htons (sizeof (ps_expected));
761 sstrncpy (ps_expected.hash, se->shared_secret, sizeof (ps_expected.hash));
762 memcpy (buffer, &ps_expected, sizeof (ps_expected));
764 gcry_md_hash_buffer (GCRY_MD_SHA256, ps_expected.hash, buffer, buffer_len);
766 *ret_buffer += sizeof (ps_received);
768 if (memcmp (ps_received.hash, ps_expected.hash,
769 sizeof (ps_received.hash)) == 0)
771 else /* hashes do not match. */
773 } /* }}} int parse_part_sign_sha256 */
774 /* #endif HAVE_GCRYPT_H */
776 #else /* if !HAVE_GCRYPT_H */
777 static int parse_part_sign_sha256 (sockent_t *se, /* {{{ */
778 void **ret_buffer, int *ret_buffer_len)
780 INFO ("network plugin: Received signed packet, but the network "
781 "plugin was not linked with libgcrypt, so I cannot "
782 "verify the signature. The packet will be accepted.");
784 } /* }}} int parse_part_sign_sha256 */
785 #endif /* !HAVE_GCRYPT_H */
788 static int parse_part_encr_aes256 (sockent_t *se, /* {{{ */
789 void **ret_buffer, int *ret_buffer_len)
791 char *buffer = *ret_buffer;
792 size_t buffer_len = (size_t) *ret_buffer_len;
793 size_t orig_buffer_len;
795 size_t buffer_offset = 0;
797 part_encryption_aes256_t pea;
799 char hash[sizeof (pea.hash)];
802 /* Make sure at least the header if available. */
803 if (buffer_len < sizeof (pea))
805 NOTICE ("network plugin: parse_part_encr_aes256: "
806 "Discarding short packet.");
810 if (se->cypher == NULL)
812 NOTICE ("network plugin: Unable to decrypt packet, because no cypher "
813 "instance is present.");
817 /* Size of `pea' without padding. */
818 pea_size = sizeof (pea.head.type) + sizeof (pea.head.length)
819 + sizeof (pea.orig_length) + sizeof (pea.hash);
821 /* Copy the header information to `pea' */
822 memcpy (&pea.head, buffer, sizeof (pea.head));
823 buffer_offset += sizeof (pea.head);
825 /* Check the `part size'. */
826 part_size = ntohs (pea.head.length);
827 if (part_size > buffer_len)
829 NOTICE ("network plugin: parse_part_encr_aes256: "
830 "Discarding large part.");
834 /* Decrypt the packet in-place */
835 err = gcry_cipher_decrypt (se->cypher,
836 buffer + sizeof (pea.head), part_size - sizeof (pea.head),
837 /* in = */ NULL, /* in len = */ 0);
838 gcry_cipher_reset (se->cypher);
841 ERROR ("network plugin: gcry_cipher_decrypt returned: %s",
842 gcry_strerror (err));
846 /* Figure out the length of the payload and the length of the padding. */
847 memcpy (&pea.orig_length, buffer + buffer_offset, sizeof (pea.orig_length));
848 buffer_offset += sizeof (pea.orig_length);
849 orig_buffer_len = ntohs (pea.orig_length);
850 if (orig_buffer_len > (part_size - pea_size))
852 ERROR ("network plugin: Decryption failed: Invalid original length.");
856 /* Calculate the size of the `padding' field. */
857 padding_size = part_size - (orig_buffer_len + pea_size);
858 if (padding_size > sizeof (pea.padding))
860 ERROR ("network plugin: Part- and original length "
861 "differ more than %zu bytes.", sizeof (pea.padding));
864 buffer_offset += padding_size;
866 memcpy (pea.hash, buffer + buffer_offset, sizeof (pea.hash));
867 buffer_offset += sizeof (pea.hash);
870 memset (hash, 0, sizeof (hash));
871 gcry_md_hash_buffer (GCRY_MD_SHA1, hash,
872 buffer + buffer_offset, orig_buffer_len);
874 if (memcmp (hash, pea.hash, sizeof (hash)) != 0)
876 ERROR ("network plugin: Decryption failed: Checksum mismatch.");
880 assert ((buffer_offset + orig_buffer_len) <= buffer_len);
881 if ((buffer_offset + orig_buffer_len) < buffer_len)
883 NOTICE ("network plugin: Trailing, potentially unencrypted data "
884 "(%zu bytes) will be ignored.",
885 buffer_len - (buffer_offset + orig_buffer_len));
888 /* Update return values */
889 *ret_buffer = buffer + buffer_offset;
890 *ret_buffer_len = (int) orig_buffer_len;
893 } /* }}} int parse_part_encr_aes256 */
894 /* #endif HAVE_GCRYPT_H */
896 #else /* if !HAVE_GCRYPT_H */
897 static int parse_part_encr_aes256 (sockent_t *se, /* {{{ */
898 void **ret_buffer, int *ret_buffer_len)
900 INFO ("network plugin: Received encrypted packet, but the network "
901 "plugin was not linked with libgcrypt, so I cannot "
902 "decrypt it. The packet will be discarded.");
904 } /* }}} int parse_part_encr_aes256 */
905 #endif /* !HAVE_GCRYPT_H */
907 static int parse_packet (receive_list_entry_t *rle) /* {{{ */
915 value_list_t vl = VALUE_LIST_INIT;
918 int packet_was_encrypted = 0;
919 int packet_was_signed = 0;
921 int printed_ignore_warning = 0;
922 #endif /* HAVE_GCRYPT_H */
925 buffer_len = rle->data_len;
927 /* Look for the correct `sockent_t' */
929 while ((se != NULL) && (se->fd != rle->fd))
934 ERROR ("network plugin: Got packet from FD %i, but can't "
935 "find an appropriate socket entry.",
940 memset (&vl, '\0', sizeof (vl));
941 memset (&n, '\0', sizeof (n));
944 while ((status == 0) && (0 < buffer_len)
945 && ((unsigned int) buffer_len > sizeof (part_header_t)))
950 memcpy ((void *) &pkg_type,
953 memcpy ((void *) &pkg_length,
954 (void *) (buffer + sizeof (pkg_type)),
955 sizeof (pkg_length));
957 pkg_length = ntohs (pkg_length);
958 pkg_type = ntohs (pkg_type);
960 if (pkg_length > buffer_len)
962 /* Ensure that this loop terminates eventually */
963 if (pkg_length < (2 * sizeof (uint16_t)))
966 if (pkg_type == TYPE_ENCR_AES256)
968 status = parse_part_encr_aes256 (se, &buffer, &buffer_len);
971 ERROR ("network plugin: Decrypting AES256 "
973 "with status %i.", status);
978 packet_was_encrypted = 1;
982 else if ((se->security_level == SECURITY_LEVEL_ENCRYPT)
983 && (packet_was_encrypted == 0))
985 if (printed_ignore_warning == 0)
987 INFO ("network plugin: Unencrypted packet or "
988 "part has been ignored.");
989 printed_ignore_warning = 1;
991 buffer = ((char *) buffer) + pkg_length;
994 #endif /* HAVE_GCRYPT_H */
995 else if (pkg_type == TYPE_SIGN_SHA256)
997 status = parse_part_sign_sha256 (se, &buffer, &buffer_len);
1000 ERROR ("network plugin: Verifying SHA-256 "
1002 "with status %i.", status);
1005 else if (status > 0)
1007 ERROR ("network plugin: Ignoring packet with "
1008 "invalid SHA-256 signature.");
1013 packet_was_signed = 1;
1017 else if ((se->security_level == SECURITY_LEVEL_SIGN)
1018 && (packet_was_encrypted == 0)
1019 && (packet_was_signed == 0))
1021 if (printed_ignore_warning == 0)
1023 INFO ("network plugin: Unsigned packet or "
1024 "part has been ignored.");
1025 printed_ignore_warning = 1;
1027 buffer = ((char *) buffer) + pkg_length;
1030 #endif /* HAVE_GCRYPT_H */
1031 else if (pkg_type == TYPE_VALUES)
1033 status = parse_part_values (&buffer, &buffer_len,
1034 &vl.values, &vl.values_len);
1040 && (strlen (vl.host) > 0)
1041 && (strlen (vl.plugin) > 0)
1042 && (strlen (vl.type) > 0)
1043 && (cache_check (&vl) == 0))
1045 plugin_dispatch_values (&vl);
1049 DEBUG ("network plugin: parse_packet:"
1050 " NOT dispatching values");
1055 else if (pkg_type == TYPE_TIME)
1058 status = parse_part_number (&buffer, &buffer_len,
1062 vl.time = (time_t) tmp;
1063 n.time = (time_t) tmp;
1066 else if (pkg_type == TYPE_INTERVAL)
1069 status = parse_part_number (&buffer, &buffer_len,
1072 vl.interval = (int) tmp;
1074 else if (pkg_type == TYPE_HOST)
1076 status = parse_part_string (&buffer, &buffer_len,
1077 vl.host, sizeof (vl.host));
1079 sstrncpy (n.host, vl.host, sizeof (n.host));
1081 else if (pkg_type == TYPE_PLUGIN)
1083 status = parse_part_string (&buffer, &buffer_len,
1084 vl.plugin, sizeof (vl.plugin));
1086 sstrncpy (n.plugin, vl.plugin,
1089 else if (pkg_type == TYPE_PLUGIN_INSTANCE)
1091 status = parse_part_string (&buffer, &buffer_len,
1093 sizeof (vl.plugin_instance));
1095 sstrncpy (n.plugin_instance,
1097 sizeof (n.plugin_instance));
1099 else if (pkg_type == TYPE_TYPE)
1101 status = parse_part_string (&buffer, &buffer_len,
1102 vl.type, sizeof (vl.type));
1104 sstrncpy (n.type, vl.type, sizeof (n.type));
1106 else if (pkg_type == TYPE_TYPE_INSTANCE)
1108 status = parse_part_string (&buffer, &buffer_len,
1110 sizeof (vl.type_instance));
1112 sstrncpy (n.type_instance, vl.type_instance,
1113 sizeof (n.type_instance));
1115 else if (pkg_type == TYPE_MESSAGE)
1117 status = parse_part_string (&buffer, &buffer_len,
1118 n.message, sizeof (n.message));
1124 else if ((n.severity != NOTIF_FAILURE)
1125 && (n.severity != NOTIF_WARNING)
1126 && (n.severity != NOTIF_OKAY))
1128 INFO ("network plugin: "
1129 "Ignoring notification with "
1130 "unknown severity %i.",
1133 else if (n.time <= 0)
1135 INFO ("network plugin: "
1136 "Ignoring notification with "
1139 else if (strlen (n.message) <= 0)
1141 INFO ("network plugin: "
1142 "Ignoring notification with "
1143 "an empty message.");
1147 plugin_dispatch_notification (&n);
1150 else if (pkg_type == TYPE_SEVERITY)
1153 status = parse_part_number (&buffer, &buffer_len,
1156 n.severity = (int) tmp;
1160 DEBUG ("network plugin: parse_packet: Unknown part"
1161 " type: 0x%04hx", pkg_type);
1162 buffer = ((char *) buffer) + pkg_length;
1164 } /* while (buffer_len > sizeof (part_header_t)) */
1167 } /* }}} int parse_packet */
1169 static void free_sockent (sockent_t *se) /* {{{ */
1177 if (se->cypher != NULL)
1179 gcry_cipher_close (se->cypher);
1182 free (se->shared_secret);
1183 #endif /* HAVE_GCRYPT_H */
1190 } /* }}} void free_sockent */
1193 * int network_set_ttl
1195 * Set the `IP_MULTICAST_TTL', `IP_TTL', `IPV6_MULTICAST_HOPS' or
1196 * `IPV6_UNICAST_HOPS', depending on which option is applicable.
1198 * The `struct addrinfo' is used to destinguish between unicast and multicast
1201 static int network_set_ttl (const sockent_t *se, const struct addrinfo *ai)
1203 DEBUG ("network plugin: network_set_ttl: network_config_ttl = %i;",
1204 network_config_ttl);
1206 if ((network_config_ttl < 1) || (network_config_ttl > 255))
1209 if (ai->ai_family == AF_INET)
1211 struct sockaddr_in *addr = (struct sockaddr_in *) ai->ai_addr;
1214 if (IN_MULTICAST (ntohl (addr->sin_addr.s_addr)))
1215 optname = IP_MULTICAST_TTL;
1219 if (setsockopt (se->fd, IPPROTO_IP, optname,
1220 &network_config_ttl,
1221 sizeof (network_config_ttl)) == -1)
1224 ERROR ("setsockopt: %s",
1225 sstrerror (errno, errbuf, sizeof (errbuf)));
1229 else if (ai->ai_family == AF_INET6)
1231 /* Useful example: http://gsyc.escet.urjc.es/~eva/IPv6-web/examples/mcast.html */
1232 struct sockaddr_in6 *addr = (struct sockaddr_in6 *) ai->ai_addr;
1235 if (IN6_IS_ADDR_MULTICAST (&addr->sin6_addr))
1236 optname = IPV6_MULTICAST_HOPS;
1238 optname = IPV6_UNICAST_HOPS;
1240 if (setsockopt (se->fd, IPPROTO_IPV6, optname,
1241 &network_config_ttl,
1242 sizeof (network_config_ttl)) == -1)
1245 ERROR ("setsockopt: %s",
1246 sstrerror (errno, errbuf,
1253 } /* int network_set_ttl */
1256 static int network_set_encryption (sockent_t *se, /* {{{ */
1257 const char *shared_secret)
1262 se->shared_secret = sstrdup (shared_secret);
1265 * We use CBC *without* an initialization vector: The cipher is reset after
1266 * each packet and we would have to re-set the IV each time. The first
1267 * encrypted block will contain the SHA-224 checksum anyway, so this should
1268 * be quite unpredictable. Also, there's a 2 byte field in the header that's
1269 * being filled with random numbers. So we only use CBC so the blocks
1270 * *within* one packet are chained.
1272 err = gcry_cipher_open (&se->cypher,
1273 GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, /* flags = */ 0);
1276 ERROR ("network plugin: gcry_cipher_open returned: %s",
1277 gcry_strerror (err));
1281 assert (se->shared_secret != NULL);
1282 gcry_md_hash_buffer (GCRY_MD_SHA256, hash,
1283 se->shared_secret, strlen (se->shared_secret));
1285 err = gcry_cipher_setkey (se->cypher, hash, sizeof (hash));
1288 DEBUG ("network plugin: gcry_cipher_setkey returned: %s",
1289 gcry_strerror (err));
1290 gcry_cipher_close (se->cypher);
1296 } /* }}} int network_set_encryption */
1297 #endif /* HAVE_GCRYPT_H */
1299 static int network_bind_socket (const sockent_t *se, const struct addrinfo *ai)
1304 /* allow multiple sockets to use the same PORT number */
1305 if (setsockopt(se->fd, SOL_SOCKET, SO_REUSEADDR,
1306 &yes, sizeof(yes)) == -1) {
1308 ERROR ("setsockopt: %s",
1309 sstrerror (errno, errbuf, sizeof (errbuf)));
1313 DEBUG ("fd = %i; calling `bind'", se->fd);
1315 if (bind (se->fd, ai->ai_addr, ai->ai_addrlen) == -1)
1319 sstrerror (errno, errbuf, sizeof (errbuf)));
1323 if (ai->ai_family == AF_INET)
1325 struct sockaddr_in *addr = (struct sockaddr_in *) ai->ai_addr;
1326 if (IN_MULTICAST (ntohl (addr->sin_addr.s_addr)))
1328 struct ip_mreq mreq;
1330 DEBUG ("fd = %i; IPv4 multicast address found", se->fd);
1332 mreq.imr_multiaddr.s_addr = addr->sin_addr.s_addr;
1333 mreq.imr_interface.s_addr = htonl (INADDR_ANY);
1335 if (setsockopt (se->fd, IPPROTO_IP, IP_MULTICAST_LOOP,
1336 &loop, sizeof (loop)) == -1)
1339 ERROR ("setsockopt: %s",
1340 sstrerror (errno, errbuf,
1345 if (setsockopt (se->fd, IPPROTO_IP, IP_ADD_MEMBERSHIP,
1346 &mreq, sizeof (mreq)) == -1)
1349 ERROR ("setsockopt: %s",
1350 sstrerror (errno, errbuf,
1356 else if (ai->ai_family == AF_INET6)
1358 /* Useful example: http://gsyc.escet.urjc.es/~eva/IPv6-web/examples/mcast.html */
1359 struct sockaddr_in6 *addr = (struct sockaddr_in6 *) ai->ai_addr;
1360 if (IN6_IS_ADDR_MULTICAST (&addr->sin6_addr))
1362 struct ipv6_mreq mreq;
1364 DEBUG ("fd = %i; IPv6 multicast address found", se->fd);
1366 memcpy (&mreq.ipv6mr_multiaddr,
1368 sizeof (addr->sin6_addr));
1370 /* http://developer.apple.com/documentation/Darwin/Reference/ManPages/man4/ip6.4.html
1371 * ipv6mr_interface may be set to zeroes to
1372 * choose the default multicast interface or to
1373 * the index of a particular multicast-capable
1374 * interface if the host is multihomed.
1375 * Membership is associ-associated with a
1376 * single interface; programs running on
1377 * multihomed hosts may need to join the same
1378 * group on more than one interface.*/
1379 mreq.ipv6mr_interface = 0;
1381 if (setsockopt (se->fd, IPPROTO_IPV6, IPV6_MULTICAST_LOOP,
1382 &loop, sizeof (loop)) == -1)
1385 ERROR ("setsockopt: %s",
1386 sstrerror (errno, errbuf,
1391 if (setsockopt (se->fd, IPPROTO_IPV6, IPV6_ADD_MEMBERSHIP,
1392 &mreq, sizeof (mreq)) == -1)
1395 ERROR ("setsockopt: %s",
1396 sstrerror (errno, errbuf,
1404 } /* int network_bind_socket */
1406 #define CREATE_SOCKET_FLAGS_LISTEN 0x0001
1407 static sockent_t *network_create_socket (const char *node, /* {{{ */
1408 const char *service,
1409 const char *shared_secret,
1413 struct addrinfo ai_hints;
1414 struct addrinfo *ai_list, *ai_ptr;
1417 sockent_t *se_head = NULL;
1418 sockent_t *se_tail = NULL;
1420 DEBUG ("node = %s, service = %s", node, service);
1422 memset (&ai_hints, '\0', sizeof (ai_hints));
1423 ai_hints.ai_flags = 0;
1425 ai_hints.ai_flags |= AI_PASSIVE;
1427 #ifdef AI_ADDRCONFIG
1428 ai_hints.ai_flags |= AI_ADDRCONFIG;
1430 ai_hints.ai_family = AF_UNSPEC;
1431 ai_hints.ai_socktype = SOCK_DGRAM;
1432 ai_hints.ai_protocol = IPPROTO_UDP;
1434 ai_return = getaddrinfo (node, service, &ai_hints, &ai_list);
1438 ERROR ("getaddrinfo (%s, %s): %s",
1439 (node == NULL) ? "(null)" : node,
1440 (service == NULL) ? "(null)" : service,
1441 (ai_return == EAI_SYSTEM)
1442 ? sstrerror (errno, errbuf, sizeof (errbuf))
1443 : gai_strerror (ai_return));
1447 for (ai_ptr = ai_list; ai_ptr != NULL; ai_ptr = ai_ptr->ai_next)
1452 if ((se = (sockent_t *) malloc (sizeof (sockent_t))) == NULL)
1455 ERROR ("malloc: %s",
1456 sstrerror (errno, errbuf,
1461 if ((se->addr = (struct sockaddr_storage *) malloc (sizeof (struct sockaddr_storage))) == NULL)
1464 ERROR ("malloc: %s",
1465 sstrerror (errno, errbuf,
1471 assert (sizeof (struct sockaddr_storage) >= ai_ptr->ai_addrlen);
1472 memset (se->addr, '\0', sizeof (struct sockaddr_storage));
1473 memcpy (se->addr, ai_ptr->ai_addr, ai_ptr->ai_addrlen);
1474 se->addrlen = ai_ptr->ai_addrlen;
1476 se->fd = socket (ai_ptr->ai_family,
1477 ai_ptr->ai_socktype,
1478 ai_ptr->ai_protocol);
1484 ERROR ("socket: %s",
1485 sstrerror (errno, errbuf,
1492 if ((flags & CREATE_SOCKET_FLAGS_LISTEN) != 0)
1494 status = network_bind_socket (se, ai_ptr);
1503 else /* sending socket */
1505 network_set_ttl (se, ai_ptr);
1509 se->security_level = security_level;
1510 se->shared_secret = NULL;
1512 if (shared_secret != NULL)
1514 status = network_set_encryption (se, shared_secret);
1515 if ((status != 0) && (security_level <= SECURITY_LEVEL_SIGN))
1517 WARNING ("network plugin: Starting cryptograp"
1518 "hic subsystem failed. Since "
1519 "security level `Sign' or "
1520 "`None' is configured I will "
1523 else if (status != 0)
1525 ERROR ("network plugin: Starting cryptograp"
1526 "hic subsystem failed. "
1527 "Because the security level "
1528 "is set to `Encrypt' I will "
1535 } /* if (shared_secret != NULL) */
1537 /* Make compiler happy */
1539 shared_secret = NULL;
1540 #endif /* HAVE_GCRYPT_H */
1542 if (se_tail == NULL)
1553 /* We don't open more than one write-socket per node/service pair.. */
1554 if ((flags & CREATE_SOCKET_FLAGS_LISTEN) == 0)
1558 freeaddrinfo (ai_list);
1561 } /* }}} sockent_t *network_create_socket */
1563 static sockent_t *network_create_default_socket (int flags) /* {{{ */
1565 sockent_t *se_ptr = NULL;
1566 sockent_t *se_head = NULL;
1567 sockent_t *se_tail = NULL;
1569 se_ptr = network_create_socket (NET_DEFAULT_V6_ADDR, NET_DEFAULT_PORT,
1570 /* shared secret = */ NULL, SECURITY_LEVEL_NONE,
1573 /* Don't send to the same machine in IPv6 and IPv4 if both are available. */
1574 if (((flags & CREATE_SOCKET_FLAGS_LISTEN) == 0) && (se_ptr != NULL))
1581 while (se_tail->next != NULL)
1582 se_tail = se_tail->next;
1585 se_ptr = network_create_socket (NET_DEFAULT_V4_ADDR, NET_DEFAULT_PORT,
1586 /* shared secret = */ NULL, SECURITY_LEVEL_NONE,
1589 if (se_tail == NULL)
1592 se_tail->next = se_ptr;
1594 } /* }}} sockent_t *network_create_default_socket */
1596 static int network_add_listen_socket (const char *node, /* {{{ */
1597 const char *service, const char *shared_secret, int security_level)
1605 flags = CREATE_SOCKET_FLAGS_LISTEN;
1607 if (service == NULL)
1608 service = NET_DEFAULT_PORT;
1611 se = network_create_default_socket (flags);
1613 se = network_create_socket (node, service,
1614 shared_secret, security_level, flags);
1619 for (se_ptr = se; se_ptr != NULL; se_ptr = se_ptr->next)
1622 listen_sockets_pollfd = realloc (listen_sockets_pollfd,
1623 (listen_sockets_num + se_num)
1624 * sizeof (struct pollfd));
1626 for (se_ptr = se; se_ptr != NULL; se_ptr = se_ptr->next)
1628 listen_sockets_pollfd[listen_sockets_num].fd = se_ptr->fd;
1629 listen_sockets_pollfd[listen_sockets_num].events = POLLIN | POLLPRI;
1630 listen_sockets_pollfd[listen_sockets_num].revents = 0;
1631 listen_sockets_num++;
1634 se_ptr = listen_sockets;
1635 while ((se_ptr != NULL) && (se_ptr->next != NULL))
1636 se_ptr = se_ptr->next;
1639 listen_sockets = se;
1644 } /* }}} int network_add_listen_socket */
1646 static int network_add_sending_socket (const char *node, /* {{{ */
1647 const char *service, const char *shared_secret, int security_level)
1652 if (service == NULL)
1653 service = NET_DEFAULT_PORT;
1656 se = network_create_default_socket (/* flags = */ 0);
1658 se = network_create_socket (node, service,
1659 shared_secret, security_level,
1665 if (sending_sockets == NULL)
1667 sending_sockets = se;
1671 for (se_ptr = sending_sockets; se_ptr->next != NULL; se_ptr = se_ptr->next)
1676 } /* }}} int network_add_sending_socket */
1678 static void *dispatch_thread (void __attribute__((unused)) *arg)
1682 receive_list_entry_t *ent;
1684 /* Lock and wait for more data to come in */
1685 pthread_mutex_lock (&receive_list_lock);
1686 while ((listen_loop == 0)
1687 && (receive_list_head == NULL))
1688 pthread_cond_wait (&receive_list_cond, &receive_list_lock);
1690 /* Remove the head entry and unlock */
1691 ent = receive_list_head;
1693 receive_list_head = ent->next;
1694 pthread_mutex_unlock (&receive_list_lock);
1696 /* Check whether we are supposed to exit. We do NOT check `listen_loop'
1697 * because we dispatch all missing packets before shutting down. */
1707 } /* void *dispatch_thread */
1709 static int network_receive (void)
1711 char buffer[BUFF_SIZE];
1717 receive_list_entry_t *private_list_head;
1718 receive_list_entry_t *private_list_tail;
1720 if (listen_sockets_num == 0)
1721 network_add_listen_socket (/* node = */ NULL,
1722 /* service = */ NULL,
1723 /* shared secret = */ NULL,
1724 /* encryption = */ 0);
1726 if (listen_sockets_num == 0)
1728 ERROR ("network: Failed to open a listening socket.");
1732 private_list_head = NULL;
1733 private_list_tail = NULL;
1735 while (listen_loop == 0)
1737 status = poll (listen_sockets_pollfd, listen_sockets_num, -1);
1744 ERROR ("poll failed: %s",
1745 sstrerror (errno, errbuf, sizeof (errbuf)));
1749 for (i = 0; (i < listen_sockets_num) && (status > 0); i++)
1751 receive_list_entry_t *ent;
1753 if ((listen_sockets_pollfd[i].revents
1754 & (POLLIN | POLLPRI)) == 0)
1758 buffer_len = recv (listen_sockets_pollfd[i].fd,
1759 buffer, sizeof (buffer),
1764 ERROR ("recv failed: %s",
1765 sstrerror (errno, errbuf,
1770 /* TODO: Possible performance enhancement: Do not free
1771 * these entries in the dispatch thread but put them in
1772 * another list, so we don't have to allocate more and
1773 * more of these structures. */
1774 ent = malloc (sizeof (receive_list_entry_t));
1777 ERROR ("network plugin: malloc failed.");
1780 memset (ent, 0, sizeof (receive_list_entry_t));
1781 ent->fd = listen_sockets_pollfd[i].fd;
1784 /* Hopefully this be optimized out by the compiler. It
1785 * might help prevent stupid bugs in the future though.
1787 assert (sizeof (ent->data) == sizeof (buffer));
1789 memcpy (ent->data, buffer, buffer_len);
1790 ent->data_len = buffer_len;
1792 if (private_list_head == NULL)
1793 private_list_head = ent;
1795 private_list_tail->next = ent;
1796 private_list_tail = ent;
1798 /* Do not block here. Blocking here has led to
1799 * insufficient performance in the past. */
1800 if (pthread_mutex_trylock (&receive_list_lock) == 0)
1802 if (receive_list_head == NULL)
1803 receive_list_head = private_list_head;
1805 receive_list_tail->next = private_list_head;
1806 receive_list_tail = private_list_tail;
1808 private_list_head = NULL;
1809 private_list_tail = NULL;
1811 pthread_cond_signal (&receive_list_cond);
1812 pthread_mutex_unlock (&receive_list_lock);
1814 } /* for (listen_sockets_pollfd) */
1815 } /* while (listen_loop == 0) */
1817 /* Make sure everything is dispatched before exiting. */
1818 if (private_list_head != NULL)
1820 pthread_mutex_lock (&receive_list_lock);
1822 if (receive_list_head == NULL)
1823 receive_list_head = private_list_head;
1825 receive_list_tail->next = private_list_head;
1826 receive_list_tail = private_list_tail;
1828 private_list_head = NULL;
1829 private_list_tail = NULL;
1831 pthread_cond_signal (&receive_list_cond);
1832 pthread_mutex_unlock (&receive_list_lock);
1836 } /* int network_receive */
1838 static void *receive_thread (void __attribute__((unused)) *arg)
1840 return (network_receive () ? (void *) 1 : (void *) 0);
1841 } /* void *receive_thread */
1843 static void network_init_buffer (void)
1845 memset (send_buffer, 0, sizeof (send_buffer));
1846 send_buffer_ptr = send_buffer;
1847 send_buffer_fill = 0;
1849 memset (&send_buffer_vl, 0, sizeof (send_buffer_vl));
1850 } /* int network_init_buffer */
1852 static void networt_send_buffer_plain (const sockent_t *se, /* {{{ */
1853 const char *buffer, size_t buffer_size)
1859 status = sendto (se->fd, buffer, buffer_size, 0 /* no flags */,
1860 (struct sockaddr *) se->addr, se->addrlen);
1866 ERROR ("network plugin: sendto failed: %s",
1867 sstrerror (errno, errbuf,
1874 } /* }}} void networt_send_buffer_plain */
1877 static void networt_send_buffer_signed (const sockent_t *se, /* {{{ */
1878 const char *in_buffer, size_t in_buffer_size)
1880 part_signature_sha256_t ps;
1881 char buffer[sizeof (ps) + in_buffer_size];
1882 char hash[sizeof (ps.hash)];
1884 /* Initialize the `ps' structure. */
1885 memset (&ps, 0, sizeof (ps));
1886 ps.head.type = htons (TYPE_SIGN_SHA256);
1887 ps.head.length = htons ((uint16_t) sizeof (ps));
1888 sstrncpy (ps.hash, se->shared_secret, sizeof (ps.hash));
1890 /* Prepend the signature. */
1891 memcpy (buffer, &ps, sizeof (ps));
1892 memcpy (buffer + sizeof (ps), in_buffer, in_buffer_size);
1894 /* Calculate the hash value. */
1895 gcry_md_hash_buffer (GCRY_MD_SHA256, hash, buffer, sizeof (buffer));
1897 /* Copy the hash value into the buffer. */
1898 memcpy (ps.hash, hash, sizeof (ps.hash));
1899 memcpy (buffer, &ps, sizeof (ps));
1901 networt_send_buffer_plain (se, buffer, sizeof (buffer));
1902 } /* }}} void networt_send_buffer_signed */
1904 static void networt_send_buffer_encrypted (const sockent_t *se, /* {{{ */
1905 const char *in_buffer, size_t in_buffer_size)
1907 part_encryption_aes256_t pea;
1908 char buffer[sizeof (pea) + in_buffer_size];
1910 size_t buffer_offset;
1911 size_t padding_size;
1914 /* Round to the next multiple of 16, because AES has a block size of 128 bit.
1915 * the first four bytes of `pea' are not encrypted and must be subtracted. */
1916 buffer_size = sizeof (pea.orig_length) + sizeof (pea.hash) + in_buffer_size;
1917 padding_size = buffer_size;
1918 buffer_size = (buffer_size + 15) / 16;
1919 buffer_size = buffer_size * 16;
1920 padding_size = buffer_size - padding_size;
1921 assert (padding_size <= sizeof (pea.padding));
1922 buffer_size += sizeof (pea.head);
1924 DEBUG ("network plugin: networt_send_buffer_encrypted: "
1925 "buffer_size = %zu;", buffer_size);
1927 /* Initialize the header fields */
1928 memset (&pea, 0, sizeof (pea));
1929 pea.head.type = htons (TYPE_ENCR_AES256);
1930 pea.head.length = htons ((uint16_t) buffer_size);
1931 pea.orig_length = htons ((uint16_t) in_buffer_size);
1933 /* Fill the extra field with random values. Some entropy in the encrypted
1934 * data is usually not a bad thing, I hope. */
1935 if (padding_size > 0)
1936 gcry_randomize (&pea.padding, padding_size, GCRY_STRONG_RANDOM);
1938 /* Create hash of the payload */
1939 gcry_md_hash_buffer (GCRY_MD_SHA1, pea.hash, in_buffer, in_buffer_size);
1941 /* Initialize the buffer */
1943 memset (buffer, 0, sizeof (buffer));
1945 memcpy (buffer + buffer_offset, &pea.head, sizeof (pea.head));
1946 buffer_offset += sizeof (pea.head);
1948 memcpy (buffer + buffer_offset, &pea.orig_length, sizeof (pea.orig_length));
1949 buffer_offset += sizeof (pea.orig_length);
1951 if (padding_size > 0)
1953 memcpy (buffer + buffer_offset, &pea.padding, padding_size);
1954 buffer_offset += padding_size;
1957 memcpy (buffer + buffer_offset, &pea.hash, sizeof (pea.hash));
1958 buffer_offset += sizeof (pea.hash);
1960 memcpy (buffer + buffer_offset, in_buffer, in_buffer_size);
1961 buffer_offset += in_buffer_size;
1963 assert (buffer_offset == buffer_size);
1965 /* Encrypt the buffer in-place */
1966 err = gcry_cipher_encrypt (se->cypher,
1967 buffer + sizeof (pea.head), buffer_size - sizeof (pea.head),
1968 /* in = */ NULL, /* in len = */ 0);
1969 gcry_cipher_reset (se->cypher);
1972 ERROR ("network plugin: gcry_cipher_encrypt returned: %s",
1973 gcry_strerror (err));
1977 /* Send it out without further modifications */
1978 networt_send_buffer_plain (se, buffer, buffer_size);
1979 } /* }}} void networt_send_buffer_encrypted */
1980 #endif /* HAVE_GCRYPT_H */
1982 static void network_send_buffer (char *buffer, size_t buffer_len) /* {{{ */
1986 DEBUG ("network plugin: network_send_buffer: buffer_len = %zu", buffer_len);
1988 for (se = sending_sockets; se != NULL; se = se->next)
1991 if (se->security_level == SECURITY_LEVEL_ENCRYPT)
1992 networt_send_buffer_encrypted (se, buffer, buffer_len);
1993 else if (se->security_level == SECURITY_LEVEL_SIGN)
1994 networt_send_buffer_signed (se, buffer, buffer_len);
1995 else /* if (se->security_level == SECURITY_LEVEL_NONE) */
1996 #endif /* HAVE_GCRYPT_H */
1997 networt_send_buffer_plain (se, buffer, buffer_len);
1998 } /* for (sending_sockets) */
1999 } /* }}} void network_send_buffer */
2001 static int add_to_buffer (char *buffer, int buffer_size, /* {{{ */
2002 value_list_t *vl_def,
2003 const data_set_t *ds, const value_list_t *vl)
2005 char *buffer_orig = buffer;
2007 if (strcmp (vl_def->host, vl->host) != 0)
2009 if (write_part_string (&buffer, &buffer_size, TYPE_HOST,
2010 vl->host, strlen (vl->host)) != 0)
2012 sstrncpy (vl_def->host, vl->host, sizeof (vl_def->host));
2015 if (vl_def->time != vl->time)
2017 if (write_part_number (&buffer, &buffer_size, TYPE_TIME,
2018 (uint64_t) vl->time))
2020 vl_def->time = vl->time;
2023 if (vl_def->interval != vl->interval)
2025 if (write_part_number (&buffer, &buffer_size, TYPE_INTERVAL,
2026 (uint64_t) vl->interval))
2028 vl_def->interval = vl->interval;
2031 if (strcmp (vl_def->plugin, vl->plugin) != 0)
2033 if (write_part_string (&buffer, &buffer_size, TYPE_PLUGIN,
2034 vl->plugin, strlen (vl->plugin)) != 0)
2036 sstrncpy (vl_def->plugin, vl->plugin, sizeof (vl_def->plugin));
2039 if (strcmp (vl_def->plugin_instance, vl->plugin_instance) != 0)
2041 if (write_part_string (&buffer, &buffer_size, TYPE_PLUGIN_INSTANCE,
2042 vl->plugin_instance,
2043 strlen (vl->plugin_instance)) != 0)
2045 sstrncpy (vl_def->plugin_instance, vl->plugin_instance, sizeof (vl_def->plugin_instance));
2048 if (strcmp (vl_def->type, vl->type) != 0)
2050 if (write_part_string (&buffer, &buffer_size, TYPE_TYPE,
2051 vl->type, strlen (vl->type)) != 0)
2053 sstrncpy (vl_def->type, ds->type, sizeof (vl_def->type));
2056 if (strcmp (vl_def->type_instance, vl->type_instance) != 0)
2058 if (write_part_string (&buffer, &buffer_size, TYPE_TYPE_INSTANCE,
2060 strlen (vl->type_instance)) != 0)
2062 sstrncpy (vl_def->type_instance, vl->type_instance, sizeof (vl_def->type_instance));
2065 if (write_part_values (&buffer, &buffer_size, ds, vl) != 0)
2068 return (buffer - buffer_orig);
2069 } /* }}} int add_to_buffer */
2071 static void flush_buffer (void)
2073 DEBUG ("network plugin: flush_buffer: send_buffer_fill = %i",
2076 network_send_buffer (send_buffer, (size_t) send_buffer_fill);
2077 network_init_buffer ();
2080 static int network_write (const data_set_t *ds, const value_list_t *vl,
2081 user_data_t __attribute__((unused)) *user_data)
2085 /* If the value is already in the cache, we have received it via the
2086 * network. We write it again if forwarding is activated. It's then in
2087 * the cache and should we receive it again we will ignore it. */
2088 status = cache_check (vl);
2089 if ((network_config_forward == 0)
2093 pthread_mutex_lock (&send_buffer_lock);
2095 status = add_to_buffer (send_buffer_ptr,
2096 sizeof (send_buffer) - (send_buffer_fill + BUFF_SIG_SIZE),
2101 /* status == bytes added to the buffer */
2102 send_buffer_fill += status;
2103 send_buffer_ptr += status;
2109 status = add_to_buffer (send_buffer_ptr,
2110 sizeof (send_buffer) - (send_buffer_fill + BUFF_SIG_SIZE),
2116 send_buffer_fill += status;
2117 send_buffer_ptr += status;
2123 ERROR ("network plugin: Unable to append to the "
2124 "buffer for some weird reason");
2126 else if ((sizeof (send_buffer) - send_buffer_fill) < 15)
2131 pthread_mutex_unlock (&send_buffer_lock);
2133 return ((status < 0) ? -1 : 0);
2134 } /* int network_write */
2136 static int network_config_set_boolean (const oconfig_item_t *ci, /* {{{ */
2139 if ((ci->values_num != 1)
2140 || ((ci->values[0].type != OCONFIG_TYPE_BOOLEAN)
2141 && (ci->values[0].type != OCONFIG_TYPE_STRING)))
2143 ERROR ("network plugin: The `%s' config option needs "
2144 "exactly one boolean argument.", ci->key);
2148 if (ci->values[0].type == OCONFIG_TYPE_BOOLEAN)
2150 if (ci->values[0].value.boolean)
2157 char *str = ci->values[0].value.string;
2159 if ((strcasecmp ("true", str) == 0)
2160 || (strcasecmp ("yes", str) == 0)
2161 || (strcasecmp ("on", str) == 0))
2163 else if ((strcasecmp ("false", str) == 0)
2164 || (strcasecmp ("no", str) == 0)
2165 || (strcasecmp ("off", str) == 0))
2169 ERROR ("network plugin: Cannot parse string value `%s' of the `%s' "
2170 "option as boolean value.",
2177 } /* }}} int network_config_set_boolean */
2179 static int network_config_set_ttl (const oconfig_item_t *ci) /* {{{ */
2182 if ((ci->values_num != 1)
2183 || (ci->values[0].type != OCONFIG_TYPE_NUMBER))
2185 WARNING ("network plugin: The `TimeToLive' config option needs exactly "
2186 "one numeric argument.");
2190 tmp = (int) ci->values[0].value.number;
2191 if ((tmp > 0) && (tmp <= 255))
2192 network_config_ttl = tmp;
2195 } /* }}} int network_config_set_ttl */
2198 static int network_config_set_security_level (oconfig_item_t *ci, /* {{{ */
2202 if ((ci->values_num != 1)
2203 || (ci->values[0].type != OCONFIG_TYPE_STRING))
2205 WARNING ("network plugin: The `SecurityLevel' config option needs exactly "
2206 "one string argument.");
2210 str = ci->values[0].value.string;
2211 if (strcasecmp ("Encrypt", str) == 0)
2212 *retval = SECURITY_LEVEL_ENCRYPT;
2213 else if (strcasecmp ("Sign", str) == 0)
2214 *retval = SECURITY_LEVEL_SIGN;
2215 else if (strcasecmp ("None", str) == 0)
2216 *retval = SECURITY_LEVEL_NONE;
2219 WARNING ("network plugin: Unknown security level: %s.", str);
2224 } /* }}} int network_config_set_security_level */
2225 #endif /* HAVE_GCRYPT_H */
2227 static int network_config_listen_server (const oconfig_item_t *ci) /* {{{ */
2231 char *shared_secret = NULL;
2232 int security_level = SECURITY_LEVEL_NONE;
2235 if ((ci->values_num < 1) || (ci->values_num > 2)
2236 || (ci->values[0].type != OCONFIG_TYPE_STRING)
2237 || ((ci->values_num > 1) && (ci->values[1].type != OCONFIG_TYPE_STRING)))
2239 ERROR ("network plugin: The `%s' config option needs "
2240 "one or two string arguments.", ci->key);
2244 node = ci->values[0].value.string;
2245 if (ci->values_num >= 2)
2246 service = ci->values[1].value.string;
2250 for (i = 0; i < ci->children_num; i++)
2252 oconfig_item_t *child = ci->children + i;
2255 if (strcasecmp ("Secret", child->key) == 0)
2257 if ((child->values_num == 1)
2258 && (child->values[0].type == OCONFIG_TYPE_STRING))
2259 shared_secret = child->values[0].value.string;
2261 ERROR ("network plugin: The `Secret' option needs exactly one string "
2264 else if (strcasecmp ("SecurityLevel", child->key) == 0)
2265 network_config_set_security_level (child, &security_level);
2267 #endif /* HAVE_GCRYPT_H */
2269 WARNING ("network plugin: Option `%s' is not allowed here.",
2274 if ((security_level > SECURITY_LEVEL_NONE) && (shared_secret == NULL))
2276 ERROR ("network plugin: A security level higher than `none' was "
2277 "requested, but no shared key was given. Cowardly refusing to open "
2282 if (strcasecmp ("Listen", ci->key) == 0)
2283 network_add_listen_socket (node, service, shared_secret, security_level);
2285 network_add_sending_socket (node, service, shared_secret, security_level);
2288 } /* }}} int network_config_listen_server */
2290 static int network_config_set_cache_flush (const oconfig_item_t *ci) /* {{{ */
2293 if ((ci->values_num != 1)
2294 || (ci->values[0].type != OCONFIG_TYPE_NUMBER))
2296 WARNING ("network plugin: The `CacheFlush' config option needs exactly "
2297 "one numeric argument.");
2301 tmp = (int) ci->values[0].value.number;
2303 network_config_ttl = tmp;
2306 } /* }}} int network_config_set_cache_flush */
2308 static int network_config (oconfig_item_t *ci) /* {{{ */
2312 for (i = 0; i < ci->children_num; i++)
2314 oconfig_item_t *child = ci->children + i;
2316 if ((strcasecmp ("Listen", child->key) == 0)
2317 || (strcasecmp ("Server", child->key) == 0))
2318 network_config_listen_server (child);
2319 else if (strcasecmp ("TimeToLive", child->key) == 0)
2320 network_config_set_ttl (child);
2321 else if (strcasecmp ("Forward", child->key) == 0)
2322 network_config_set_boolean (child, &network_config_forward);
2323 else if (strcasecmp ("CacheFlush", child->key) == 0)
2324 network_config_set_cache_flush (child);
2327 WARNING ("network plugin: Option `%s' is not allowed here.",
2333 } /* }}} int network_config */
2335 static int network_notification (const notification_t *n,
2336 user_data_t __attribute__((unused)) *user_data)
2338 char buffer[BUFF_SIZE];
2339 char *buffer_ptr = buffer;
2340 int buffer_free = sizeof (buffer);
2343 memset (buffer, '\0', sizeof (buffer));
2346 status = write_part_number (&buffer_ptr, &buffer_free, TYPE_TIME,
2347 (uint64_t) n->time);
2351 status = write_part_number (&buffer_ptr, &buffer_free, TYPE_SEVERITY,
2352 (uint64_t) n->severity);
2356 if (strlen (n->host) > 0)
2358 status = write_part_string (&buffer_ptr, &buffer_free, TYPE_HOST,
2359 n->host, strlen (n->host));
2364 if (strlen (n->plugin) > 0)
2366 status = write_part_string (&buffer_ptr, &buffer_free, TYPE_PLUGIN,
2367 n->plugin, strlen (n->plugin));
2372 if (strlen (n->plugin_instance) > 0)
2374 status = write_part_string (&buffer_ptr, &buffer_free,
2375 TYPE_PLUGIN_INSTANCE,
2376 n->plugin_instance, strlen (n->plugin_instance));
2381 if (strlen (n->type) > 0)
2383 status = write_part_string (&buffer_ptr, &buffer_free, TYPE_TYPE,
2384 n->type, strlen (n->type));
2389 if (strlen (n->type_instance) > 0)
2391 status = write_part_string (&buffer_ptr, &buffer_free, TYPE_TYPE_INSTANCE,
2392 n->type_instance, strlen (n->type_instance));
2397 status = write_part_string (&buffer_ptr, &buffer_free, TYPE_MESSAGE,
2398 n->message, strlen (n->message));
2402 network_send_buffer (buffer, sizeof (buffer) - buffer_free);
2405 } /* int network_notification */
2407 static int network_shutdown (void)
2411 /* Kill the listening thread */
2412 if (receive_thread_running != 0)
2414 INFO ("network plugin: Stopping receive thread.");
2415 pthread_kill (receive_thread_id, SIGTERM);
2416 pthread_join (receive_thread_id, NULL /* no return value */);
2417 memset (&receive_thread_id, 0, sizeof (receive_thread_id));
2418 receive_thread_running = 0;
2421 /* Shutdown the dispatching thread */
2422 if (dispatch_thread_running != 0)
2424 INFO ("network plugin: Stopping dispatch thread.");
2425 pthread_mutex_lock (&receive_list_lock);
2426 pthread_cond_broadcast (&receive_list_cond);
2427 pthread_mutex_unlock (&receive_list_lock);
2428 pthread_join (dispatch_thread_id, /* ret = */ NULL);
2429 dispatch_thread_running = 0;
2432 free_sockent (listen_sockets);
2434 if (send_buffer_fill > 0)
2437 if (cache_tree != NULL)
2442 while (c_avl_pick (cache_tree, &key, &value) == 0)
2447 c_avl_destroy (cache_tree);
2451 /* TODO: Close `sending_sockets' */
2453 plugin_unregister_config ("network");
2454 plugin_unregister_init ("network");
2455 plugin_unregister_write ("network");
2456 plugin_unregister_shutdown ("network");
2458 /* Let the init function do it's move again ;) */
2459 cache_flush_last = 0;
2462 } /* int network_shutdown */
2464 static int network_init (void)
2466 /* Check if we were already initialized. If so, just return - there's
2467 * nothing more to do (for now, that is). */
2468 if (cache_flush_last != 0)
2471 plugin_register_shutdown ("network", network_shutdown);
2473 network_init_buffer ();
2475 cache_tree = c_avl_create ((int (*) (const void *, const void *)) strcmp);
2476 cache_flush_last = time (NULL);
2478 /* setup socket(s) and so on */
2479 if (sending_sockets != NULL)
2481 plugin_register_write ("network", network_write,
2482 /* user_data = */ NULL);
2483 plugin_register_notification ("network", network_notification,
2484 /* user_data = */ NULL);
2487 /* If no threads need to be started, return here. */
2488 if ((listen_sockets_num == 0)
2489 || ((dispatch_thread_running != 0)
2490 && (receive_thread_running != 0)))
2493 if (dispatch_thread_running == 0)
2496 status = pthread_create (&dispatch_thread_id,
2497 NULL /* no attributes */,
2499 NULL /* no argument */);
2503 ERROR ("network: pthread_create failed: %s",
2504 sstrerror (errno, errbuf,
2509 dispatch_thread_running = 1;
2513 if (receive_thread_running == 0)
2516 status = pthread_create (&receive_thread_id,
2517 NULL /* no attributes */,
2519 NULL /* no argument */);
2523 ERROR ("network: pthread_create failed: %s",
2524 sstrerror (errno, errbuf,
2529 receive_thread_running = 1;
2534 } /* int network_init */
2537 * The flush option of the network plugin cannot flush individual identifiers.
2538 * All the values are added to a buffer and sent when the buffer is full, the
2539 * requested value may or may not be in there, it's not worth finding out. We
2540 * just send the buffer if `flush' is called - if the requested value was in
2541 * there, good. If not, well, then there is nothing to flush.. -octo
2543 static int network_flush (int timeout,
2544 const char __attribute__((unused)) *identifier,
2545 user_data_t __attribute__((unused)) *user_data)
2547 pthread_mutex_lock (&send_buffer_lock);
2549 if (((time (NULL) - cache_flush_last) >= timeout)
2550 && (send_buffer_fill > 0))
2555 pthread_mutex_unlock (&send_buffer_lock);
2558 } /* int network_flush */
2560 void module_register (void)
2562 plugin_register_complex_config ("network", network_config);
2563 plugin_register_init ("network", network_init);
2564 plugin_register_flush ("network", network_flush,
2565 /* user_data = */ NULL);
2566 } /* void module_register */
2568 /* vim: set fdm=marker : */