/**
* collectd - src/network.c
* Copyright (C) 2005-2009 Florian octo Forster
+ * Copyright (C) 2009 Aman Gupta
*
* This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; only version 2 of the License is applicable.
+ * under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; only version 2.1 of the License is
+ * applicable.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
+ * Lesser General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
* Authors:
* Florian octo Forster <octo at verplant.org>
+ * Aman Gupta <aman at tmm1.net>
**/
+#define _BSD_SOURCE /* For struct ip_mreq */
+
#include "collectd.h"
#include "plugin.h"
#include "common.h"
#include "configfile.h"
+#include "utils_fbhash.h"
#include "utils_avltree.h"
+#include "utils_cache.h"
+#include "utils_complain.h"
#include "network.h"
#if HAVE_POLL_H
# include <poll.h>
#endif
+#if HAVE_NET_IF_H
+# include <net/if.h>
+#endif
-#if HAVE_GCRYPT_H
+#if HAVE_LIBGCRYPT
# include <gcrypt.h>
+GCRY_THREAD_OPTION_PTHREAD_IMPL;
#endif
-/* 1500 - 40 - 8 = Ethernet packet - IPv6 header - UDP header */
-/* #define BUFF_SIZE 1452 */
-
#ifndef IPV6_ADD_MEMBERSHIP
# ifdef IPV6_JOIN_GROUP
# define IPV6_ADD_MEMBERSHIP IPV6_JOIN_GROUP
# endif
#endif /* !IP_ADD_MEMBERSHIP */
-/* Buffer size to allocate. */
-#define BUFF_SIZE 1024
-
/*
* Maximum size required for encryption / signing:
- * Type/length: 4
- * IV 16
- * Hash/orig length: 22
- * Padding (up to): 15
- * --------------------
- * 57
+ *
+ * 42 bytes for the encryption header
+ * + 64 bytes for the username
+ * -----------
+ * = 106 bytes
*/
-#define BUFF_SIG_SIZE 57
+#define BUFF_SIG_SIZE 106
/*
* Private data types
*/
-typedef struct sockent
+#define SECURITY_LEVEL_NONE 0
+#if HAVE_LIBGCRYPT
+# define SECURITY_LEVEL_SIGN 1
+# define SECURITY_LEVEL_ENCRYPT 2
+#endif
+struct sockent_client
{
- int fd;
+ int fd;
struct sockaddr_storage *addr;
socklen_t addrlen;
+#if HAVE_LIBGCRYPT
+ int security_level;
+ char *username;
+ char *password;
+ gcry_cipher_hd_t cypher;
+ unsigned char password_hash[32];
+#endif
+};
-#define SECURITY_LEVEL_NONE 0
-#if HAVE_GCRYPT_H
-# define SECURITY_LEVEL_SIGN 1
-# define SECURITY_LEVEL_ENCRYPT 2
+struct sockent_server
+{
+ int *fd;
+ size_t fd_num;
+#if HAVE_LIBGCRYPT
int security_level;
- char *shared_secret;
- unsigned char shared_secret_hash[32];
+ char *auth_file;
+ fbhash_t *userdb;
gcry_cipher_hd_t cypher;
-#endif /* HAVE_GCRYPT_H */
+#endif
+};
+
+typedef struct sockent
+{
+#define SOCKENT_TYPE_CLIENT 1
+#define SOCKENT_TYPE_SERVER 2
+ int type;
+
+ char *node;
+ char *service;
+ int interface;
- struct sockent *next;
+ union
+ {
+ struct sockent_client client;
+ struct sockent_server server;
+ } data;
+
+ struct sockent *next;
} sockent_t;
/* 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
* ! Hash (Bits 224 - 255) !
* +---------------------------------------------------------------+
*/
+/* Minimum size */
+#define PART_SIGNATURE_SHA256_SIZE 36
struct part_signature_sha256_s
{
part_header_t head;
unsigned char hash[32];
+ char *username;
};
typedef struct part_signature_sha256_s part_signature_sha256_t;
* ! Hash (Bits 128 - 159) !
* +---------------------------------------------------------------+
*/
-/* Size without padding */
+/* Minimum size */
#define PART_ENCRYPTION_AES256_SIZE 42
-#define PART_ENCRYPTION_AES256_UNENCR_SIZE 20
struct part_encryption_aes256_s
{
part_header_t head;
+ uint16_t username_length;
+ char *username;
unsigned char iv[16];
- uint16_t orig_length;
+ /* <encrypted> */
unsigned char hash[20];
- unsigned char padding[15];
+ /* <payload /> */
+ /* </encrypted> */
};
typedef struct part_encryption_aes256_s part_encryption_aes256_t;
struct receive_list_entry_s
{
- char data[BUFF_SIZE];
+ char *data;
int data_len;
int fd;
struct receive_list_entry_s *next;
* Private variables
*/
static int network_config_ttl = 0;
+static size_t network_config_packet_size = 1024;
static int network_config_forward = 0;
+static int network_config_stats = 0;
static sockent_t *sending_sockets = NULL;
static receive_list_entry_t *receive_list_tail = NULL;
static pthread_mutex_t receive_list_lock = PTHREAD_MUTEX_INITIALIZER;
static pthread_cond_t receive_list_cond = PTHREAD_COND_INITIALIZER;
+static uint64_t receive_list_length = 0;
static sockent_t *listen_sockets = NULL;
static struct pollfd *listen_sockets_pollfd = NULL;
-static int listen_sockets_num = 0;
+static size_t listen_sockets_num = 0;
/* The receive and dispatch threads will run as long as `listen_loop' is set to
* zero. */
static pthread_t dispatch_thread_id;
/* Buffer in which to-be-sent network packets are constructed. */
-static char send_buffer[BUFF_SIZE];
+static char *send_buffer;
static char *send_buffer_ptr;
static int send_buffer_fill;
static value_list_t send_buffer_vl = VALUE_LIST_STATIC;
static pthread_mutex_t send_buffer_lock = PTHREAD_MUTEX_INITIALIZER;
-/* In this cache we store all the values we received, so we can send out only
- * those values which were *not* received via the network plugin, too. This is
- * used for the `Forward false' option. */
-static c_avl_tree_t *cache_tree = NULL;
-static pthread_mutex_t cache_lock = PTHREAD_MUTEX_INITIALIZER;
-static time_t cache_flush_last = 0;
-static int cache_flush_interval = 1800;
+/* XXX: These counters are incremented from one place only. The spot in which
+ * the values are incremented is either only reachable by one thread (the
+ * dispatch thread, for example) or locked by some lock (send_buffer_lock for
+ * example). Only if neither is true, the stats_lock is acquired. The counters
+ * are always read without holding a lock in the hope that writing 8 bytes to
+ * memory is an atomic operation. */
+static uint64_t stats_octets_rx = 0;
+static uint64_t stats_octets_tx = 0;
+static uint64_t stats_packets_rx = 0;
+static uint64_t stats_packets_tx = 0;
+static uint64_t stats_values_dispatched = 0;
+static uint64_t stats_values_not_dispatched = 0;
+static uint64_t stats_values_sent = 0;
+static uint64_t stats_values_not_sent = 0;
+static pthread_mutex_t stats_lock = PTHREAD_MUTEX_INITIALIZER;
/*
* Private functions
*/
-static int cache_flush (void)
+static _Bool check_receive_okay (const value_list_t *vl) /* {{{ */
{
- char **keys = NULL;
- int keys_num = 0;
+ uint64_t time_sent = 0;
+ int status;
- char **tmp;
- int i;
+ status = uc_meta_data_get_unsigned_int (vl,
+ "network:time_sent", &time_sent);
- char *key;
- time_t *value;
- c_avl_iterator_t *iter;
+ /* This is a value we already sent. Don't allow it to be received again in
+ * order to avoid looping. */
+ if ((status == 0) && (time_sent >= ((uint64_t) vl->time)))
+ return (false);
- time_t curtime = time (NULL);
+ return (true);
+} /* }}} _Bool check_receive_okay */
- iter = c_avl_get_iterator (cache_tree);
- while (c_avl_iterator_next (iter, (void *) &key, (void *) &value) == 0)
- {
- if ((curtime - *value) <= cache_flush_interval)
- continue;
- tmp = (char **) realloc (keys,
- (keys_num + 1) * sizeof (char *));
- if (tmp == NULL)
- {
- sfree (keys);
- c_avl_iterator_destroy (iter);
- ERROR ("network plugin: cache_flush: realloc"
- " failed.");
- return (-1);
- }
- keys = tmp;
- keys[keys_num] = key;
- keys_num++;
- } /* while (c_avl_iterator_next) */
- c_avl_iterator_destroy (iter);
+static _Bool check_send_okay (const value_list_t *vl) /* {{{ */
+{
+ _Bool received = false;
+ int status;
- for (i = 0; i < keys_num; i++)
- {
- if (c_avl_remove (cache_tree, keys[i], (void *) &key,
- (void *) &value) != 0)
- {
- WARNING ("network plugin: cache_flush: c_avl_remove"
- " (%s) failed.", keys[i]);
- continue;
- }
+ if (network_config_forward != 0)
+ return (true);
- sfree (key);
- sfree (value);
- }
+ if (vl->meta == NULL)
+ return (true);
- sfree (keys);
+ status = meta_data_get_boolean (vl->meta, "network:received", &received);
+ if (status == -ENOENT)
+ return (true);
+ else if (status != 0)
+ {
+ ERROR ("network plugin: check_send_okay: meta_data_get_boolean failed "
+ "with status %i.", status);
+ return (true);
+ }
- DEBUG ("network plugin: cache_flush: Removed %i %s",
- keys_num, (keys_num == 1) ? "entry" : "entries");
- cache_flush_last = curtime;
- return (0);
-} /* int cache_flush */
+ /* By default, only *send* value lists that were not *received* by the
+ * network plugin. */
+ return (!received);
+} /* }}} _Bool check_send_okay */
-static int cache_check (const value_list_t *vl)
+static int network_dispatch_values (value_list_t *vl, /* {{{ */
+ const char *username)
{
- char key[1024];
- time_t *value = NULL;
- int retval = -1;
+ int status;
- if (cache_tree == NULL)
- return (-1);
+ if ((vl->time <= 0)
+ || (strlen (vl->host) <= 0)
+ || (strlen (vl->plugin) <= 0)
+ || (strlen (vl->type) <= 0))
+ return (-EINVAL);
- if (format_name (key, sizeof (key), vl->host, vl->plugin,
- vl->plugin_instance, vl->type, vl->type_instance))
- return (-1);
+ if (!check_receive_okay (vl))
+ {
+#if COLLECT_DEBUG
+ char name[6*DATA_MAX_NAME_LEN];
+ FORMAT_VL (name, sizeof (name), vl);
+ name[sizeof (name) - 1] = 0;
+ DEBUG ("network plugin: network_dispatch_values: "
+ "NOT dispatching %s.", name);
+#endif
+ stats_values_not_dispatched++;
+ return (0);
+ }
- pthread_mutex_lock (&cache_lock);
+ assert (vl->meta == NULL);
- if (c_avl_get (cache_tree, key, (void *) &value) == 0)
- {
- if (*value < vl->time)
- {
- *value = vl->time;
- retval = 0;
- }
- else
- {
- DEBUG ("network plugin: cache_check: *value = %i >= vl->time = %i",
- (int) *value, (int) vl->time);
- retval = 1;
- }
- }
- else
- {
- char *key_copy = strdup (key);
- value = malloc (sizeof (time_t));
- if ((key_copy != NULL) && (value != NULL))
- {
- *value = vl->time;
- c_avl_insert (cache_tree, key_copy, value);
- retval = 0;
- }
- else
- {
- sfree (key_copy);
- sfree (value);
- }
- }
+ vl->meta = meta_data_create ();
+ if (vl->meta == NULL)
+ {
+ ERROR ("network plugin: meta_data_create failed.");
+ return (-ENOMEM);
+ }
+
+ status = meta_data_add_boolean (vl->meta, "network:received", true);
+ if (status != 0)
+ {
+ ERROR ("network plugin: meta_data_add_boolean failed.");
+ meta_data_destroy (vl->meta);
+ vl->meta = NULL;
+ return (status);
+ }
+
+ if (username != NULL)
+ {
+ status = meta_data_add_string (vl->meta, "network:username", username);
+ if (status != 0)
+ {
+ ERROR ("network plugin: meta_data_add_string failed.");
+ meta_data_destroy (vl->meta);
+ vl->meta = NULL;
+ return (status);
+ }
+ }
- if ((time (NULL) - cache_flush_last) > cache_flush_interval)
- cache_flush ();
+ plugin_dispatch_values (vl);
+ stats_values_dispatched++;
- pthread_mutex_unlock (&cache_lock);
+ meta_data_destroy (vl->meta);
+ vl->meta = NULL;
- return (retval);
-} /* int cache_check */
+ return (0);
+} /* }}} int network_dispatch_values */
-#if HAVE_GCRYPT_H
+#if HAVE_LIBGCRYPT
static gcry_cipher_hd_t network_get_aes256_cypher (sockent_t *se, /* {{{ */
- const void *iv, size_t iv_size)
+ const void *iv, size_t iv_size, const char *username)
{
gcry_error_t err;
+ gcry_cipher_hd_t *cyper_ptr;
+ unsigned char password_hash[32];
+
+ if (se->type == SOCKENT_TYPE_CLIENT)
+ {
+ cyper_ptr = &se->data.client.cypher;
+ memcpy (password_hash, se->data.client.password_hash,
+ sizeof (password_hash));
+ }
+ else
+ {
+ char *secret;
+
+ cyper_ptr = &se->data.server.cypher;
+
+ if (username == NULL)
+ return (NULL);
+
+ secret = fbh_get (se->data.server.userdb, username);
+ if (secret == NULL)
+ return (NULL);
- if (se->cypher == NULL)
+ gcry_md_hash_buffer (GCRY_MD_SHA256,
+ password_hash,
+ secret, strlen (secret));
+
+ sfree (secret);
+ }
+
+ if (*cyper_ptr == NULL)
{
- err = gcry_cipher_open (&se->cypher,
- GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, /* flags = */ 0);
+ err = gcry_cipher_open (cyper_ptr,
+ GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_OFB, /* flags = */ 0);
if (err != 0)
{
ERROR ("network plugin: gcry_cipher_open returned: %s",
gcry_strerror (err));
- se->cypher = NULL;
+ *cyper_ptr = NULL;
return (NULL);
}
}
else
{
- gcry_cipher_reset (se->cypher);
+ gcry_cipher_reset (*cyper_ptr);
}
- assert (se->cypher != NULL);
+ assert (*cyper_ptr != NULL);
- err = gcry_cipher_setkey (se->cypher,
- se->shared_secret_hash, sizeof (se->shared_secret_hash));
+ err = gcry_cipher_setkey (*cyper_ptr,
+ password_hash, sizeof (password_hash));
if (err != 0)
{
ERROR ("network plugin: gcry_cipher_setkey returned: %s",
gcry_strerror (err));
- gcry_cipher_close (se->cypher);
- se->cypher = NULL;
+ gcry_cipher_close (*cyper_ptr);
+ *cyper_ptr = NULL;
return (NULL);
}
- err = gcry_cipher_setiv (se->cypher, iv, iv_size);
+ err = gcry_cipher_setiv (*cyper_ptr, iv, iv_size);
if (err != 0)
{
ERROR ("network plugin: gcry_cipher_setkey returned: %s",
gcry_strerror (err));
- gcry_cipher_close (se->cypher);
- se->cypher = NULL;
+ gcry_cipher_close (*cyper_ptr);
+ *cyper_ptr = NULL;
return (NULL);
}
- return (se->cypher);
+ return (*cyper_ptr);
} /* }}} int network_get_aes256_cypher */
-#endif /* HAVE_GCRYPT_H */
+#endif /* HAVE_LIBGCRYPT */
static int write_part_values (char **ret_buffer, int *ret_buffer_len,
const data_set_t *ds, const value_list_t *vl)
for (i = 0; i < num_values; i++)
{
- if (ds->ds[i].type == DS_TYPE_COUNTER)
- {
- pkg_values_types[i] = DS_TYPE_COUNTER;
- pkg_values[i].counter = htonll (vl->values[i].counter);
- }
- else
+ pkg_values_types[i] = (uint8_t) ds->ds[i].type;
+ switch (ds->ds[i].type)
{
- pkg_values_types[i] = DS_TYPE_GAUGE;
- pkg_values[i].gauge = htond (vl->values[i].gauge);
- }
- }
+ case DS_TYPE_COUNTER:
+ pkg_values[i].counter = htonll (vl->values[i].counter);
+ break;
+
+ case DS_TYPE_GAUGE:
+ pkg_values[i].gauge = htond (vl->values[i].gauge);
+ break;
+
+ case DS_TYPE_DERIVE:
+ pkg_values[i].derive = htonll (vl->values[i].derive);
+ break;
+
+ case DS_TYPE_ABSOLUTE:
+ pkg_values[i].absolute = htonll (vl->values[i].absolute);
+ break;
+
+ default:
+ free (pkg_values_types);
+ free (pkg_values);
+ ERROR ("network plugin: write_part_values: "
+ "Unknown data source type: %i",
+ ds->ds[i].type);
+ return (-1);
+ } /* switch (ds->ds[i].type) */
+ } /* for (num_values) */
/*
* Use `memcpy' to write everything to the buffer, because the pointer
for (i = 0; i < pkg_numval; i++)
{
- if (pkg_types[i] == DS_TYPE_COUNTER)
- pkg_values[i].counter = ntohll (pkg_values[i].counter);
- else if (pkg_types[i] == DS_TYPE_GAUGE)
- pkg_values[i].gauge = ntohd (pkg_values[i].gauge);
+ switch (pkg_types[i])
+ {
+ case DS_TYPE_COUNTER:
+ pkg_values[i].counter = (counter_t) ntohll (pkg_values[i].counter);
+ break;
+
+ case DS_TYPE_GAUGE:
+ pkg_values[i].gauge = (gauge_t) ntohd (pkg_values[i].gauge);
+ break;
+
+ case DS_TYPE_DERIVE:
+ pkg_values[i].derive = (derive_t) ntohll (pkg_values[i].derive);
+ break;
+
+ case DS_TYPE_ABSOLUTE:
+ pkg_values[i].absolute = (absolute_t) ntohll (pkg_values[i].absolute);
+ break;
+
+ default:
+ NOTICE ("network plugin: parse_part_values: "
+ "Don't know how to handle data source type %"PRIu8,
+ pkg_types[i]);
+ sfree (pkg_types);
+ sfree (pkg_values);
+ return (-1);
+ } /* switch (pkg_types[i]) */
}
*ret_buffer = buffer;
size_t exp_size = 2 * sizeof (uint16_t) + sizeof (uint64_t);
uint16_t pkg_length;
- uint16_t pkg_type;
if ((buffer_len < 0) || ((size_t) buffer_len < exp_size))
{
memcpy ((void *) &tmp16, buffer, sizeof (tmp16));
buffer += sizeof (tmp16);
- pkg_type = ntohs (tmp16);
+ /* pkg_type = ntohs (tmp16); */
memcpy ((void *) &tmp16, buffer, sizeof (tmp16));
buffer += sizeof (tmp16);
size_t header_size = 2 * sizeof (uint16_t);
uint16_t pkg_length;
- uint16_t pkg_type;
if ((buffer_len < 0) || (buffer_len < header_size))
{
memcpy ((void *) &tmp16, buffer, sizeof (tmp16));
buffer += sizeof (tmp16);
- pkg_type = ntohs (tmp16);
+ /* pkg_type = ntohs (tmp16); */
memcpy ((void *) &tmp16, buffer, sizeof (tmp16));
buffer += sizeof (tmp16);
#define PP_SIGNED 0x01
#define PP_ENCRYPTED 0x02
static int parse_packet (sockent_t *se,
- void *buffer, size_t buffer_size, int flags);
+ void *buffer, size_t buffer_size, int flags,
+ const char *username);
+
+#define BUFFER_READ(p,s) do { \
+ memcpy ((p), buffer + buffer_offset, (s)); \
+ buffer_offset += (s); \
+} while (0)
-#if HAVE_GCRYPT_H
+#if HAVE_LIBGCRYPT
static int parse_part_sign_sha256 (sockent_t *se, /* {{{ */
- void **ret_buffer, size_t *ret_buffer_len)
+ void **ret_buffer, size_t *ret_buffer_len, int flags)
{
- char *buffer = *ret_buffer;
- size_t buffer_len = *ret_buffer_len;
+ static c_complain_t complain_no_users = C_COMPLAIN_INIT_STATIC;
+
+ char *buffer;
+ size_t buffer_len;
+ size_t buffer_offset;
+
+ size_t username_len;
+ char *secret;
- part_signature_sha256_t ps_received;
- char hash[sizeof (ps_received.hash)];
+ part_signature_sha256_t pss;
+ uint16_t pss_head_length;
+ char hash[sizeof (pss.hash)];
gcry_md_hd_t hd;
gcry_error_t err;
unsigned char *hash_ptr;
- if (se->shared_secret == NULL)
+ buffer = *ret_buffer;
+ buffer_len = *ret_buffer_len;
+ buffer_offset = 0;
+
+ if (se->data.server.userdb == NULL)
{
- NOTICE ("network plugin: Received signed network packet but can't verify "
- "it because no shared secret has been configured. Will accept it.");
+ c_complain (LOG_NOTICE, &complain_no_users,
+ "network plugin: Received signed network packet but can't verify it "
+ "because no user DB has been configured. Will accept it.");
return (0);
}
- if (buffer_len < sizeof (ps_received))
+ /* Check if the buffer has enough data for this structure. */
+ if (buffer_len <= PART_SIGNATURE_SHA256_SIZE)
+ return (-ENOMEM);
+
+ /* Read type and length header */
+ BUFFER_READ (&pss.head.type, sizeof (pss.head.type));
+ BUFFER_READ (&pss.head.length, sizeof (pss.head.length));
+ pss_head_length = ntohs (pss.head.length);
+
+ /* Check if the `pss_head_length' is within bounds. */
+ if ((pss_head_length <= PART_SIGNATURE_SHA256_SIZE)
+ || (pss_head_length > buffer_len))
+ {
+ ERROR ("network plugin: HMAC-SHA-256 with invalid length received.");
+ return (-1);
+ }
+
+ /* Copy the hash. */
+ BUFFER_READ (pss.hash, sizeof (pss.hash));
+
+ /* Calculate username length (without null byte) and allocate memory */
+ username_len = pss_head_length - PART_SIGNATURE_SHA256_SIZE;
+ pss.username = malloc (username_len + 1);
+ if (pss.username == NULL)
return (-ENOMEM);
+ /* Read the username */
+ BUFFER_READ (pss.username, username_len);
+ pss.username[username_len] = 0;
+
+ assert (buffer_offset == pss_head_length);
+
+ /* Query the password */
+ secret = fbh_get (se->data.server.userdb, pss.username);
+ if (secret == NULL)
+ {
+ ERROR ("network plugin: Unknown user: %s", pss.username);
+ sfree (pss.username);
+ return (-ENOENT);
+ }
+
+ /* Create a hash device and check the HMAC */
hd = NULL;
err = gcry_md_open (&hd, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
if (err != 0)
{
ERROR ("network plugin: Creating HMAC-SHA-256 object failed: %s",
gcry_strerror (err));
+ sfree (secret);
+ sfree (pss.username);
return (-1);
}
- err = gcry_md_setkey (hd, se->shared_secret,
- strlen (se->shared_secret));
+ err = gcry_md_setkey (hd, secret, strlen (secret));
if (err != 0)
{
- ERROR ("network plugin: gcry_md_setkey failed: %s",
- gcry_strerror (err));
+ ERROR ("network plugin: gcry_md_setkey failed: %s", gcry_strerror (err));
gcry_md_close (hd);
+ sfree (secret);
+ sfree (pss.username);
return (-1);
}
- memcpy (&ps_received, buffer, sizeof (ps_received));
- /* TODO: Check ps_received.head.length! */
-
- buffer += sizeof (ps_received);
- buffer_len -= sizeof (ps_received);
-
- gcry_md_write (hd, buffer, buffer_len);
+ gcry_md_write (hd,
+ buffer + PART_SIGNATURE_SHA256_SIZE,
+ buffer_len - PART_SIGNATURE_SHA256_SIZE);
hash_ptr = gcry_md_read (hd, GCRY_MD_SHA256);
if (hash_ptr == NULL)
{
ERROR ("network plugin: gcry_md_read failed.");
gcry_md_close (hd);
+ sfree (secret);
+ sfree (pss.username);
return (-1);
}
memcpy (hash, hash_ptr, sizeof (hash));
+ /* Clean up */
gcry_md_close (hd);
hd = NULL;
- *ret_buffer += sizeof (ps_received);
- *ret_buffer_len -= sizeof (ps_received);
+ if (memcmp (pss.hash, hash, sizeof (pss.hash)) != 0)
+ {
+ WARNING ("network plugin: Verifying HMAC-SHA-256 signature failed: "
+ "Hash mismatch.");
+ }
+ else
+ {
+ parse_packet (se, buffer + buffer_offset, buffer_len - buffer_offset,
+ flags | PP_SIGNED, pss.username);
+ }
+
+ sfree (secret);
+ sfree (pss.username);
- if (memcmp (ps_received.hash, hash,
- sizeof (ps_received.hash)) == 0)
- return (0);
- else /* hashes do not match. */
- return (1);
+ *ret_buffer = buffer + buffer_len;
+ *ret_buffer_len = 0;
+
+ return (0);
} /* }}} int parse_part_sign_sha256 */
-/* #endif HAVE_GCRYPT_H */
+/* #endif HAVE_LIBGCRYPT */
-#else /* if !HAVE_GCRYPT_H */
+#else /* if !HAVE_LIBGCRYPT */
static int parse_part_sign_sha256 (sockent_t *se, /* {{{ */
- void **ret_buffer, size_t *ret_buffer_len)
+ void **ret_buffer, size_t *ret_buffer_size, int flags)
{
- INFO ("network plugin: Received signed packet, but the network "
- "plugin was not linked with libgcrypt, so I cannot "
- "verify the signature. The packet will be accepted.");
+ static int warning_has_been_printed = 0;
+
+ char *buffer;
+ size_t buffer_size;
+ size_t buffer_offset;
+ uint16_t part_len;
+
+ part_signature_sha256_t pss;
+
+ buffer = *ret_buffer;
+ buffer_size = *ret_buffer_size;
+ buffer_offset = 0;
+
+ if (buffer_size <= PART_SIGNATURE_SHA256_SIZE)
+ return (-ENOMEM);
+
+ BUFFER_READ (&pss.head.type, sizeof (pss.head.type));
+ BUFFER_READ (&pss.head.length, sizeof (pss.head.length));
+ part_len = ntohs (pss.head.length);
+
+ if ((part_len <= PART_SIGNATURE_SHA256_SIZE)
+ || (part_len > buffer_size))
+ return (-EINVAL);
+
+ if (warning_has_been_printed == 0)
+ {
+ WARNING ("network plugin: Received signed packet, but the network "
+ "plugin was not linked with libgcrypt, so I cannot "
+ "verify the signature. The packet will be accepted.");
+ warning_has_been_printed = 1;
+ }
+
+ parse_packet (se, buffer + part_len, buffer_size - part_len, flags,
+ /* username = */ NULL);
+
+ *ret_buffer = buffer + buffer_size;
+ *ret_buffer_size = 0;
+
return (0);
} /* }}} int parse_part_sign_sha256 */
-#endif /* !HAVE_GCRYPT_H */
+#endif /* !HAVE_LIBGCRYPT */
-#if HAVE_GCRYPT_H
+#if HAVE_LIBGCRYPT
static int parse_part_encr_aes256 (sockent_t *se, /* {{{ */
void **ret_buffer, size_t *ret_buffer_len,
int flags)
{
char *buffer = *ret_buffer;
size_t buffer_len = *ret_buffer_len;
- size_t orig_buffer_len;
+ size_t payload_len;
size_t part_size;
size_t buffer_offset;
- size_t padding_size;
+ uint16_t username_len;
part_encryption_aes256_t pea;
unsigned char hash[sizeof (pea.hash)];
gcry_error_t err;
/* Make sure at least the header if available. */
- if (buffer_len < sizeof (pea))
+ if (buffer_len <= PART_ENCRYPTION_AES256_SIZE)
{
NOTICE ("network plugin: parse_part_encr_aes256: "
"Discarding short packet.");
buffer_offset = 0;
-#define BUFFER_READ(p,s) do { \
- memcpy ((p), buffer + buffer_offset, (s)); \
- buffer_offset += (s); \
-} while (0)
-
/* Copy the unencrypted information into `pea'. */
BUFFER_READ (&pea.head.type, sizeof (pea.head.type));
BUFFER_READ (&pea.head.length, sizeof (pea.head.length));
- BUFFER_READ (pea.iv, sizeof (pea.iv));
/* Check the `part size'. */
part_size = ntohs (pea.head.length);
- if (part_size > buffer_len)
+ if ((part_size <= PART_ENCRYPTION_AES256_SIZE)
+ || (part_size > buffer_len))
{
NOTICE ("network plugin: parse_part_encr_aes256: "
- "Discarding large part.");
+ "Discarding part with invalid size.");
return (-1);
}
- cypher = network_get_aes256_cypher (se, pea.iv, sizeof (pea.iv));
- if (cypher == NULL)
- return (-1);
+ /* Read the username */
+ BUFFER_READ (&username_len, sizeof (username_len));
+ username_len = ntohs (username_len);
- /* Decrypt the packet in-place */
- err = gcry_cipher_decrypt (cypher,
- buffer + PART_ENCRYPTION_AES256_UNENCR_SIZE,
- part_size - PART_ENCRYPTION_AES256_UNENCR_SIZE,
- /* in = */ NULL, /* in len = */ 0);
- if (err != 0)
+ if ((username_len <= 0)
+ || (username_len > (part_size - (PART_ENCRYPTION_AES256_SIZE + 1))))
{
- ERROR ("network plugin: gcry_cipher_decrypt returned: %s",
- gcry_strerror (err));
+ NOTICE ("network plugin: parse_part_encr_aes256: "
+ "Discarding part with invalid username length.");
return (-1);
}
- /* Figure out the length of the payload and the length of the padding. */
- BUFFER_READ (&pea.orig_length, sizeof (pea.orig_length));
+ assert (username_len > 0);
+ pea.username = malloc (username_len + 1);
+ if (pea.username == NULL)
+ return (-ENOMEM);
+ BUFFER_READ (pea.username, username_len);
+ pea.username[username_len] = 0;
+
+ /* Last but not least, the initialization vector */
+ BUFFER_READ (pea.iv, sizeof (pea.iv));
+
+ /* Make sure we are at the right position */
+ assert (buffer_offset == (username_len +
+ PART_ENCRYPTION_AES256_SIZE - sizeof (pea.hash)));
- orig_buffer_len = ntohs (pea.orig_length);
- if (orig_buffer_len > (part_size - PART_ENCRYPTION_AES256_SIZE))
+ cypher = network_get_aes256_cypher (se, pea.iv, sizeof (pea.iv),
+ pea.username);
+ if (cypher == NULL)
{
- ERROR ("network plugin: Decryption failed: Invalid original length.");
+ sfree (pea.username);
return (-1);
}
- /* Calculate the size of the `padding' field. */
- padding_size = part_size - (orig_buffer_len + PART_ENCRYPTION_AES256_SIZE);
- if (padding_size > sizeof (pea.padding))
+ payload_len = part_size - (PART_ENCRYPTION_AES256_SIZE + username_len);
+ assert (payload_len > 0);
+
+ /* Decrypt the packet in-place */
+ err = gcry_cipher_decrypt (cypher,
+ buffer + buffer_offset,
+ part_size - buffer_offset,
+ /* in = */ NULL, /* in len = */ 0);
+ if (err != 0)
{
- ERROR ("network plugin: Part- and original length "
- "differ more than %zu bytes.", sizeof (pea.padding));
+ sfree (pea.username);
+ ERROR ("network plugin: gcry_cipher_decrypt returned: %s",
+ gcry_strerror (err));
return (-1);
}
+ /* Read the hash */
BUFFER_READ (pea.hash, sizeof (pea.hash));
- /* Read the padding. */
- BUFFER_READ (pea.padding, padding_size);
+ /* Make sure we're at the right position - again */
+ assert (buffer_offset == (username_len + PART_ENCRYPTION_AES256_SIZE));
+ assert (buffer_offset == (part_size - payload_len));
/* Check hash sum */
memset (hash, 0, sizeof (hash));
gcry_md_hash_buffer (GCRY_MD_SHA1, hash,
- buffer + buffer_offset, orig_buffer_len);
-
+ buffer + buffer_offset, payload_len);
if (memcmp (hash, pea.hash, sizeof (hash)) != 0)
{
+ sfree (pea.username);
ERROR ("network plugin: Decryption failed: Checksum mismatch.");
return (-1);
}
- assert ((PART_ENCRYPTION_AES256_SIZE + padding_size + orig_buffer_len)
- == part_size);
+ parse_packet (se, buffer + buffer_offset, payload_len,
+ flags | PP_ENCRYPTED, pea.username);
- parse_packet (se, buffer + PART_ENCRYPTION_AES256_SIZE + padding_size,
- orig_buffer_len, flags | PP_ENCRYPTED);
+ /* XXX: Free pea.username?!? */
/* Update return values */
*ret_buffer = buffer + part_size;
*ret_buffer_len = buffer_len - part_size;
+ sfree (pea.username);
+
return (0);
-#undef BUFFER_READ
} /* }}} int parse_part_encr_aes256 */
-/* #endif HAVE_GCRYPT_H */
+/* #endif HAVE_LIBGCRYPT */
-#else /* if !HAVE_GCRYPT_H */
+#else /* if !HAVE_LIBGCRYPT */
static int parse_part_encr_aes256 (sockent_t *se, /* {{{ */
- void **ret_buffer, size_t *ret_buffer_len, int flags)
+ void **ret_buffer, size_t *ret_buffer_size, int flags)
{
- INFO ("network plugin: Received encrypted packet, but the network "
- "plugin was not linked with libgcrypt, so I cannot "
- "decrypt it. The packet will be discarded.");
- return (-1);
+ static int warning_has_been_printed = 0;
+
+ char *buffer;
+ size_t buffer_size;
+ size_t buffer_offset;
+
+ part_header_t ph;
+ size_t ph_length;
+
+ buffer = *ret_buffer;
+ buffer_size = *ret_buffer_size;
+ buffer_offset = 0;
+
+ /* parse_packet assures this minimum size. */
+ assert (buffer_size >= (sizeof (ph.type) + sizeof (ph.length)));
+
+ BUFFER_READ (&ph.type, sizeof (ph.type));
+ BUFFER_READ (&ph.length, sizeof (ph.length));
+ ph_length = ntohs (ph.length);
+
+ if ((ph_length <= PART_ENCRYPTION_AES256_SIZE)
+ || (ph_length > buffer_size))
+ {
+ ERROR ("network plugin: AES-256 encrypted part "
+ "with invalid length received.");
+ return (-1);
+ }
+
+ if (warning_has_been_printed == 0)
+ {
+ WARNING ("network plugin: Received encrypted packet, but the network "
+ "plugin was not linked with libgcrypt, so I cannot "
+ "decrypt it. The part will be discarded.");
+ warning_has_been_printed = 1;
+ }
+
+ *ret_buffer += ph_length;
+ *ret_buffer_size -= ph_length;
+
+ return (0);
} /* }}} int parse_part_encr_aes256 */
-#endif /* !HAVE_GCRYPT_H */
+#endif /* !HAVE_LIBGCRYPT */
+
+#undef BUFFER_READ
static int parse_packet (sockent_t *se, /* {{{ */
- void *buffer, size_t buffer_size, int flags)
+ void *buffer, size_t buffer_size, int flags,
+ const char *username)
{
int status;
value_list_t vl = VALUE_LIST_INIT;
notification_t n;
+#if HAVE_LIBGCRYPT
int packet_was_signed = (flags & PP_SIGNED);
-#if HAVE_GCRYPT_H
int packet_was_encrypted = (flags & PP_ENCRYPTED);
int printed_ignore_warning = 0;
-#endif /* HAVE_GCRYPT_H */
+#endif /* HAVE_LIBGCRYPT */
memset (&vl, '\0', sizeof (vl));
if (pkg_type == TYPE_ENCR_AES256)
{
status = parse_part_encr_aes256 (se,
- &buffer, &buffer_size,
- flags);
+ &buffer, &buffer_size, flags);
if (status != 0)
{
ERROR ("network plugin: Decrypting AES256 "
break;
}
}
-#if HAVE_GCRYPT_H
- else if ((se->security_level == SECURITY_LEVEL_ENCRYPT)
+#if HAVE_LIBGCRYPT
+ else if ((se->data.server.security_level == SECURITY_LEVEL_ENCRYPT)
&& (packet_was_encrypted == 0))
{
if (printed_ignore_warning == 0)
buffer = ((char *) buffer) + pkg_length;
continue;
}
-#endif /* HAVE_GCRYPT_H */
+#endif /* HAVE_LIBGCRYPT */
else if (pkg_type == TYPE_SIGN_SHA256)
{
- status = parse_part_sign_sha256 (se, &buffer, &buffer_size);
- if (status < 0)
+ status = parse_part_sign_sha256 (se,
+ &buffer, &buffer_size, flags);
+ if (status != 0)
{
ERROR ("network plugin: Verifying HMAC-SHA-256 "
"signature failed "
"with status %i.", status);
break;
}
- else if (status > 0)
- {
- ERROR ("network plugin: Ignoring packet with "
- "invalid HMAC-SHA-256 signature.");
- break;
- }
- else
- {
- packet_was_signed = 1;
- }
}
-#if HAVE_GCRYPT_H
- else if ((se->security_level == SECURITY_LEVEL_SIGN)
+#if HAVE_LIBGCRYPT
+ else if ((se->data.server.security_level == SECURITY_LEVEL_SIGN)
&& (packet_was_encrypted == 0)
&& (packet_was_signed == 0))
{
buffer = ((char *) buffer) + pkg_length;
continue;
}
-#endif /* HAVE_GCRYPT_H */
+#endif /* HAVE_LIBGCRYPT */
else if (pkg_type == TYPE_VALUES)
{
status = parse_part_values (&buffer, &buffer_size,
&vl.values, &vl.values_len);
-
if (status != 0)
break;
- if ((vl.time > 0)
- && (strlen (vl.host) > 0)
- && (strlen (vl.plugin) > 0)
- && (strlen (vl.type) > 0)
- && (cache_check (&vl) == 0))
- {
- plugin_dispatch_values (&vl);
- }
- else
- {
- DEBUG ("network plugin: parse_packet:"
- " NOT dispatching values");
- }
+ network_dispatch_values (&vl, username);
sfree (vl.values);
}
}
} /* while (buffer_size > sizeof (part_header_t)) */
+ if (status == 0 && buffer_size > 0)
+ WARNING ("network plugin: parse_packet: Received truncated "
+ "packet, try increasing `MaxPacketSize'");
+
return (status);
} /* }}} int parse_packet */
-static void free_sockent (sockent_t *se) /* {{{ */
+static void free_sockent_client (struct sockent_client *sec) /* {{{ */
{
- sockent_t *next;
- while (se != NULL)
- {
- next = se->next;
+ if (sec->fd >= 0)
+ {
+ close (sec->fd);
+ sec->fd = -1;
+ }
+ sfree (sec->addr);
+#if HAVE_LIBGCRYPT
+ sfree (sec->username);
+ sfree (sec->password);
+ if (sec->cypher != NULL)
+ gcry_cipher_close (sec->cypher);
+#endif
+} /* }}} void free_sockent_client */
-#if HAVE_GCRYPT_H
- if (se->cypher != NULL)
- {
- gcry_cipher_close (se->cypher);
- se->cypher = NULL;
- }
- free (se->shared_secret);
-#endif /* HAVE_GCRYPT_H */
+static void free_sockent_server (struct sockent_server *ses) /* {{{ */
+{
+ size_t i;
+
+ for (i = 0; i < ses->fd_num; i++)
+ {
+ if (ses->fd[i] >= 0)
+ {
+ close (ses->fd[i]);
+ ses->fd[i] = -1;
+ }
+ }
- free (se->addr);
- free (se);
+ sfree (ses->fd);
+#if HAVE_LIBGCRYPT
+ sfree (ses->auth_file);
+ fbh_destroy (ses->userdb);
+ if (ses->cypher != NULL)
+ gcry_cipher_close (ses->cypher);
+#endif
+} /* }}} void free_sockent_server */
- se = next;
- }
-} /* }}} void free_sockent */
+static void sockent_destroy (sockent_t *se) /* {{{ */
+{
+ sockent_t *next;
+
+ DEBUG ("network plugin: sockent_destroy (se = %p);", (void *) se);
+
+ while (se != NULL)
+ {
+ next = se->next;
+
+ sfree (se->node);
+ sfree (se->service);
+
+ if (se->type == SOCKENT_TYPE_CLIENT)
+ free_sockent_client (&se->data.client);
+ else
+ free_sockent_server (&se->data.server);
+
+ sfree (se);
+ se = next;
+ }
+} /* }}} void sockent_destroy */
/*
* int network_set_ttl
DEBUG ("network plugin: network_set_ttl: network_config_ttl = %i;",
network_config_ttl);
+ assert (se->type == SOCKENT_TYPE_CLIENT);
+
if ((network_config_ttl < 1) || (network_config_ttl > 255))
return (-1);
else
optname = IP_TTL;
- if (setsockopt (se->fd, IPPROTO_IP, optname,
+ if (setsockopt (se->data.client.fd, IPPROTO_IP, optname,
&network_config_ttl,
- sizeof (network_config_ttl)) == -1)
+ sizeof (network_config_ttl)) != 0)
{
char errbuf[1024];
ERROR ("setsockopt: %s",
else
optname = IPV6_UNICAST_HOPS;
- if (setsockopt (se->fd, IPPROTO_IPV6, optname,
+ if (setsockopt (se->data.client.fd, IPPROTO_IPV6, optname,
&network_config_ttl,
- sizeof (network_config_ttl)) == -1)
+ sizeof (network_config_ttl)) != 0)
{
char errbuf[1024];
ERROR ("setsockopt: %s",
return (0);
} /* int network_set_ttl */
-static int network_bind_socket (const sockent_t *se, const struct addrinfo *ai)
+static int network_set_interface (const sockent_t *se, const struct addrinfo *ai) /* {{{ */
{
- int loop = 0;
- int yes = 1;
+ DEBUG ("network plugin: network_set_interface: interface index = %i;",
+ se->interface);
- /* allow multiple sockets to use the same PORT number */
- if (setsockopt(se->fd, SOL_SOCKET, SO_REUSEADDR,
- &yes, sizeof(yes)) == -1) {
- char errbuf[1024];
- ERROR ("setsockopt: %s",
- sstrerror (errno, errbuf, sizeof (errbuf)));
- return (-1);
+ assert (se->type == SOCKENT_TYPE_CLIENT);
+
+ if (ai->ai_family == AF_INET)
+ {
+ struct sockaddr_in *addr = (struct sockaddr_in *) ai->ai_addr;
+
+ if (IN_MULTICAST (ntohl (addr->sin_addr.s_addr)))
+ {
+#if HAVE_STRUCT_IP_MREQN_IMR_IFINDEX
+ /* If possible, use the "ip_mreqn" structure which has
+ * an "interface index" member. Using the interface
+ * index is preferred here, because of its similarity
+ * to the way IPv6 handles this. Unfortunately, it
+ * appears not to be portable. */
+ struct ip_mreqn mreq;
+
+ memset (&mreq, 0, sizeof (mreq));
+ mreq.imr_multiaddr.s_addr = addr->sin_addr.s_addr;
+ mreq.imr_address.s_addr = ntohl (INADDR_ANY);
+ mreq.imr_ifindex = se->interface;
+#else
+ struct ip_mreq mreq;
+
+ memset (&mreq, 0, sizeof (mreq));
+ mreq.imr_multiaddr.s_addr = addr->sin_addr.s_addr;
+ mreq.imr_interface.s_addr = ntohl (INADDR_ANY);
+#endif
+
+ if (setsockopt (se->data.client.fd, IPPROTO_IP, IP_MULTICAST_IF,
+ &mreq, sizeof (mreq)) != 0)
+ {
+ char errbuf[1024];
+ ERROR ("setsockopt: %s",
+ sstrerror (errno, errbuf, sizeof (errbuf)));
+ return (-1);
+ }
+
+ return (0);
+ }
}
+ else if (ai->ai_family == AF_INET6)
+ {
+ struct sockaddr_in6 *addr = (struct sockaddr_in6 *) ai->ai_addr;
+
+ if (IN6_IS_ADDR_MULTICAST (&addr->sin6_addr))
+ {
+ if (setsockopt (se->data.client.fd, IPPROTO_IPV6, IPV6_MULTICAST_IF,
+ &se->interface,
+ sizeof (se->interface)) != 0)
+ {
+ char errbuf[1024];
+ ERROR ("setsockopt: %s",
+ sstrerror (errno, errbuf,
+ sizeof (errbuf)));
+ return (-1);
+ }
- DEBUG ("fd = %i; calling `bind'", se->fd);
+ return (0);
+ }
+ }
- if (bind (se->fd, ai->ai_addr, ai->ai_addrlen) == -1)
+ /* else: Not a multicast interface. */
+#if defined(HAVE_IF_INDEXTONAME) && HAVE_IF_INDEXTONAME && defined(SO_BINDTODEVICE)
+ if (se->interface != 0)
+ {
+ char interface_name[IFNAMSIZ];
+
+ if (if_indextoname (se->interface, interface_name) == NULL)
+ return (-1);
+
+ DEBUG ("network plugin: Binding socket to interface %s", interface_name);
+
+ if (setsockopt (se->data.client.fd, SOL_SOCKET, SO_BINDTODEVICE,
+ interface_name,
+ sizeof(interface_name)) == -1 )
+ {
+ char errbuf[1024];
+ ERROR ("setsockopt: %s",
+ sstrerror (errno, errbuf, sizeof (errbuf)));
+ return (-1);
+ }
+ }
+/* #endif HAVE_IF_INDEXTONAME && SO_BINDTODEVICE */
+
+#else
+ WARNING ("network plugin: Cannot set the interface on a unicast "
+ "socket because "
+# if !defined(SO_BINDTODEVICE)
+ "the the \"SO_BINDTODEVICE\" socket option "
+# else
+ "the \"if_indextoname\" function "
+# endif
+ "is not available on your system.");
+#endif
+
+ return (0);
+} /* }}} network_set_interface */
+
+static int network_bind_socket (int fd, const struct addrinfo *ai, const int interface_idx)
+{
+ int loop = 0;
+ int yes = 1;
+
+ /* allow multiple sockets to use the same PORT number */
+ if (setsockopt (fd, SOL_SOCKET, SO_REUSEADDR,
+ &yes, sizeof(yes)) == -1) {
+ char errbuf[1024];
+ ERROR ("setsockopt: %s",
+ sstrerror (errno, errbuf, sizeof (errbuf)));
+ return (-1);
+ }
+
+ DEBUG ("fd = %i; calling `bind'", fd);
+
+ if (bind (fd, ai->ai_addr, ai->ai_addrlen) == -1)
{
char errbuf[1024];
ERROR ("bind: %s",
struct sockaddr_in *addr = (struct sockaddr_in *) ai->ai_addr;
if (IN_MULTICAST (ntohl (addr->sin_addr.s_addr)))
{
+#if HAVE_STRUCT_IP_MREQN_IMR_IFINDEX
+ struct ip_mreqn mreq;
+#else
struct ip_mreq mreq;
+#endif
- DEBUG ("fd = %i; IPv4 multicast address found", se->fd);
+ DEBUG ("fd = %i; IPv4 multicast address found", fd);
mreq.imr_multiaddr.s_addr = addr->sin_addr.s_addr;
- mreq.imr_interface.s_addr = htonl (INADDR_ANY);
+#if HAVE_STRUCT_IP_MREQN_IMR_IFINDEX
+ /* Set the interface using the interface index if
+ * possible (available). Unfortunately, the struct
+ * ip_mreqn is not portable. */
+ mreq.imr_address.s_addr = ntohl (INADDR_ANY);
+ mreq.imr_ifindex = interface_idx;
+#else
+ mreq.imr_interface.s_addr = ntohl (INADDR_ANY);
+#endif
- if (setsockopt (se->fd, IPPROTO_IP, IP_MULTICAST_LOOP,
+ if (setsockopt (fd, IPPROTO_IP, IP_MULTICAST_LOOP,
&loop, sizeof (loop)) == -1)
{
char errbuf[1024];
return (-1);
}
- if (setsockopt (se->fd, IPPROTO_IP, IP_ADD_MEMBERSHIP,
+ if (setsockopt (fd, IPPROTO_IP, IP_ADD_MEMBERSHIP,
&mreq, sizeof (mreq)) == -1)
{
char errbuf[1024];
sizeof (errbuf)));
return (-1);
}
+
+ return (0);
}
}
else if (ai->ai_family == AF_INET6)
{
struct ipv6_mreq mreq;
- DEBUG ("fd = %i; IPv6 multicast address found", se->fd);
+ DEBUG ("fd = %i; IPv6 multicast address found", fd);
memcpy (&mreq.ipv6mr_multiaddr,
&addr->sin6_addr,
* single interface; programs running on
* multihomed hosts may need to join the same
* group on more than one interface.*/
- mreq.ipv6mr_interface = 0;
+ mreq.ipv6mr_interface = interface_idx;
- if (setsockopt (se->fd, IPPROTO_IPV6, IPV6_MULTICAST_LOOP,
+ if (setsockopt (fd, IPPROTO_IPV6, IPV6_MULTICAST_LOOP,
&loop, sizeof (loop)) == -1)
{
char errbuf[1024];
return (-1);
}
- if (setsockopt (se->fd, IPPROTO_IPV6, IPV6_ADD_MEMBERSHIP,
+ if (setsockopt (fd, IPPROTO_IPV6, IPV6_ADD_MEMBERSHIP,
&mreq, sizeof (mreq)) == -1)
{
char errbuf[1024];
sizeof (errbuf)));
return (-1);
}
+
+ return (0);
}
}
+#if defined(HAVE_IF_INDEXTONAME) && HAVE_IF_INDEXTONAME && defined(SO_BINDTODEVICE)
+ /* if a specific interface was set, bind the socket to it. But to avoid
+ * possible problems with multicast routing, only do that for non-multicast
+ * addresses */
+ if (interface_idx != 0)
+ {
+ char interface_name[IFNAMSIZ];
+
+ if (if_indextoname (interface_idx, interface_name) == NULL)
+ return (-1);
+
+ DEBUG ("fd = %i; Binding socket to interface %s", fd, interface_name);
+
+ if (setsockopt (fd, SOL_SOCKET, SO_BINDTODEVICE,
+ interface_name,
+ sizeof(interface_name)) == -1 )
+ {
+ char errbuf[1024];
+ ERROR ("setsockopt: %s",
+ sstrerror (errno, errbuf, sizeof (errbuf)));
+ return (-1);
+ }
+ }
+#endif /* HAVE_IF_INDEXTONAME && SO_BINDTODEVICE */
+
return (0);
} /* int network_bind_socket */
-#define CREATE_SOCKET_FLAGS_LISTEN 0x0001
-static sockent_t *network_create_socket (const char *node, /* {{{ */
- const char *service,
- const char *shared_secret,
- int security_level,
- int flags)
+/* Initialize a sockent structure. `type' must be either `SOCKENT_TYPE_CLIENT'
+ * or `SOCKENT_TYPE_SERVER' */
+static int sockent_init (sockent_t *se, int type) /* {{{ */
+{
+ if (se == NULL)
+ return (-1);
+
+ memset (se, 0, sizeof (*se));
+
+ se->type = SOCKENT_TYPE_CLIENT;
+ se->node = NULL;
+ se->service = NULL;
+ se->interface = 0;
+ se->next = NULL;
+
+ if (type == SOCKENT_TYPE_SERVER)
+ {
+ se->type = SOCKENT_TYPE_SERVER;
+ se->data.server.fd = NULL;
+#if HAVE_LIBGCRYPT
+ se->data.server.security_level = SECURITY_LEVEL_NONE;
+ se->data.server.auth_file = NULL;
+ se->data.server.userdb = NULL;
+ se->data.server.cypher = NULL;
+#endif
+ }
+ else
+ {
+ se->data.client.fd = -1;
+ se->data.client.addr = NULL;
+#if HAVE_LIBGCRYPT
+ se->data.client.security_level = SECURITY_LEVEL_NONE;
+ se->data.client.username = NULL;
+ se->data.client.password = NULL;
+ se->data.client.cypher = NULL;
+#endif
+ }
+
+ return (0);
+} /* }}} int sockent_init */
+
+/* Open the file descriptors for a initialized sockent structure. */
+static int sockent_open (sockent_t *se) /* {{{ */
{
struct addrinfo ai_hints;
struct addrinfo *ai_list, *ai_ptr;
int ai_return;
- sockent_t *se_head = NULL;
- sockent_t *se_tail = NULL;
+ const char *node;
+ const char *service;
+
+ if (se == NULL)
+ return (-1);
+
+ /* Set up the security structures. */
+#if HAVE_LIBGCRYPT /* {{{ */
+ if (se->type == SOCKENT_TYPE_CLIENT)
+ {
+ if (se->data.client.security_level > SECURITY_LEVEL_NONE)
+ {
+ if ((se->data.client.username == NULL)
+ || (se->data.client.password == NULL))
+ {
+ ERROR ("network plugin: Client socket with "
+ "security requested, but no "
+ "credentials are configured.");
+ return (-1);
+ }
+ gcry_md_hash_buffer (GCRY_MD_SHA256,
+ se->data.client.password_hash,
+ se->data.client.password,
+ strlen (se->data.client.password));
+ }
+ }
+ else /* (se->type == SOCKENT_TYPE_SERVER) */
+ {
+ if (se->data.server.security_level > SECURITY_LEVEL_NONE)
+ {
+ if (se->data.server.auth_file == NULL)
+ {
+ ERROR ("network plugin: Server socket with "
+ "security requested, but no "
+ "password file is configured.");
+ return (-1);
+ }
+ }
+ if (se->data.server.auth_file != NULL)
+ {
+ se->data.server.userdb = fbh_create (se->data.server.auth_file);
+ if (se->data.server.userdb == NULL)
+ {
+ ERROR ("network plugin: Reading password file "
+ "`%s' failed.",
+ se->data.server.auth_file);
+ if (se->data.server.security_level > SECURITY_LEVEL_NONE)
+ return (-1);
+ }
+ }
+ }
+#endif /* }}} HAVE_LIBGCRYPT */
+
+ node = se->node;
+ service = se->service;
- DEBUG ("node = %s, service = %s", node, service);
+ if (service == NULL)
+ service = NET_DEFAULT_PORT;
- memset (&ai_hints, '\0', sizeof (ai_hints));
- ai_hints.ai_flags = 0;
+ DEBUG ("network plugin: sockent_open: node = %s; service = %s;",
+ node, service);
+
+ memset (&ai_hints, 0, sizeof (ai_hints));
+ ai_hints.ai_flags = 0;
#ifdef AI_PASSIVE
ai_hints.ai_flags |= AI_PASSIVE;
#endif
ai_return = getaddrinfo (node, service, &ai_hints, &ai_list);
if (ai_return != 0)
{
- char errbuf[1024];
- ERROR ("getaddrinfo (%s, %s): %s",
- (node == NULL) ? "(null)" : node,
- (service == NULL) ? "(null)" : service,
- (ai_return == EAI_SYSTEM)
- ? sstrerror (errno, errbuf, sizeof (errbuf))
- : gai_strerror (ai_return));
- return (NULL);
+ ERROR ("network plugin: getaddrinfo (%s, %s) failed: %s",
+ (se->node == NULL) ? "(null)" : se->node,
+ (se->service == NULL) ? "(null)" : se->service,
+ gai_strerror (ai_return));
+ return (-1);
}
for (ai_ptr = ai_list; ai_ptr != NULL; ai_ptr = ai_ptr->ai_next)
{
- sockent_t *se;
int status;
- if ((se = (sockent_t *) malloc (sizeof (sockent_t))) == NULL)
+ if (se->type == SOCKENT_TYPE_SERVER) /* {{{ */
{
- char errbuf[1024];
- ERROR ("malloc: %s",
- sstrerror (errno, errbuf,
- sizeof (errbuf)));
- continue;
- }
+ int *tmp;
- if ((se->addr = (struct sockaddr_storage *) malloc (sizeof (struct sockaddr_storage))) == NULL)
- {
- char errbuf[1024];
- ERROR ("malloc: %s",
- sstrerror (errno, errbuf,
- sizeof (errbuf)));
- free (se);
- continue;
- }
+ tmp = realloc (se->data.server.fd,
+ sizeof (*tmp) * (se->data.server.fd_num + 1));
+ if (tmp == NULL)
+ {
+ ERROR ("network plugin: realloc failed.");
+ continue;
+ }
+ se->data.server.fd = tmp;
+ tmp = se->data.server.fd + se->data.server.fd_num;
- assert (sizeof (struct sockaddr_storage) >= ai_ptr->ai_addrlen);
- memset (se->addr, '\0', sizeof (struct sockaddr_storage));
- memcpy (se->addr, ai_ptr->ai_addr, ai_ptr->ai_addrlen);
- se->addrlen = ai_ptr->ai_addrlen;
+ *tmp = socket (ai_ptr->ai_family, ai_ptr->ai_socktype,
+ ai_ptr->ai_protocol);
+ if (*tmp < 0)
+ {
+ char errbuf[1024];
+ ERROR ("network plugin: socket(2) failed: %s",
+ sstrerror (errno, errbuf,
+ sizeof (errbuf)));
+ continue;
+ }
- se->fd = socket (ai_ptr->ai_family,
- ai_ptr->ai_socktype,
- ai_ptr->ai_protocol);
- se->next = NULL;
+ status = network_bind_socket (*tmp, ai_ptr, se->interface);
+ if (status != 0)
+ {
+ close (*tmp);
+ *tmp = -1;
+ continue;
+ }
- if (se->fd == -1)
- {
- char errbuf[1024];
- ERROR ("socket: %s",
- sstrerror (errno, errbuf,
- sizeof (errbuf)));
- free (se->addr);
- free (se);
+ se->data.server.fd_num++;
continue;
- }
-
- if ((flags & CREATE_SOCKET_FLAGS_LISTEN) != 0)
+ } /* }}} if (se->type == SOCKENT_TYPE_SERVER) */
+ else /* if (se->type == SOCKENT_TYPE_CLIENT) {{{ */
{
- status = network_bind_socket (se, ai_ptr);
- if (status != 0)
+ se->data.client.fd = socket (ai_ptr->ai_family,
+ ai_ptr->ai_socktype,
+ ai_ptr->ai_protocol);
+ if (se->data.client.fd < 0)
{
- close (se->fd);
- free (se->addr);
- free (se);
+ char errbuf[1024];
+ ERROR ("network plugin: socket(2) failed: %s",
+ sstrerror (errno, errbuf,
+ sizeof (errbuf)));
continue;
}
- }
- else /* sending socket */
- {
- network_set_ttl (se, ai_ptr);
- }
-#if HAVE_GCRYPT_H
- se->security_level = security_level;
- se->shared_secret = NULL;
- se->cypher = NULL;
- if (shared_secret != NULL)
- {
- se->shared_secret = sstrdup (shared_secret);
- assert (se->shared_secret != NULL);
+ se->data.client.addr = malloc (sizeof (*se->data.client.addr));
+ if (se->data.client.addr == NULL)
+ {
+ ERROR ("network plugin: malloc failed.");
+ close (se->data.client.fd);
+ se->data.client.fd = -1;
+ continue;
+ }
- memset (se->shared_secret_hash, 0,
- sizeof (se->shared_secret_hash));
- gcry_md_hash_buffer (GCRY_MD_SHA256,
- se->shared_secret_hash,
- se->shared_secret,
- strlen (se->shared_secret));
- }
-#else
- /* Make compiler happy */
- security_level = 0;
- shared_secret = NULL;
-#endif /* HAVE_GCRYPT_H */
+ memset (se->data.client.addr, 0, sizeof (*se->data.client.addr));
+ assert (sizeof (*se->data.client.addr) >= ai_ptr->ai_addrlen);
+ memcpy (se->data.client.addr, ai_ptr->ai_addr, ai_ptr->ai_addrlen);
+ se->data.client.addrlen = ai_ptr->ai_addrlen;
- if (se_tail == NULL)
- {
- se_head = se;
- se_tail = se;
- }
- else
- {
- se_tail->next = se;
- se_tail = se;
- }
+ network_set_ttl (se, ai_ptr);
+ network_set_interface (se, ai_ptr);
- /* We don't open more than one write-socket per node/service pair.. */
- if ((flags & CREATE_SOCKET_FLAGS_LISTEN) == 0)
+ /* We don't open more than one write-socket per
+ * node/service pair.. */
break;
- }
+ } /* }}} if (se->type == SOCKENT_TYPE_CLIENT) */
+ } /* for (ai_list) */
freeaddrinfo (ai_list);
- return (se_head);
-} /* }}} sockent_t *network_create_socket */
-
-static sockent_t *network_create_default_socket (int flags) /* {{{ */
-{
- sockent_t *se_ptr = NULL;
- sockent_t *se_head = NULL;
- sockent_t *se_tail = NULL;
-
- se_ptr = network_create_socket (NET_DEFAULT_V6_ADDR, NET_DEFAULT_PORT,
- /* shared secret = */ NULL, SECURITY_LEVEL_NONE,
- flags);
-
- /* Don't send to the same machine in IPv6 and IPv4 if both are available. */
- if (((flags & CREATE_SOCKET_FLAGS_LISTEN) == 0) && (se_ptr != NULL))
- return (se_ptr);
-
- if (se_ptr != NULL)
+ /* Check if all went well. */
+ if (se->type == SOCKENT_TYPE_SERVER)
{
- se_head = se_ptr;
- se_tail = se_ptr;
- while (se_tail->next != NULL)
- se_tail = se_tail->next;
+ if (se->data.server.fd_num <= 0)
+ return (-1);
+ }
+ else /* if (se->type == SOCKENT_TYPE_CLIENT) */
+ {
+ if (se->data.client.fd < 0)
+ return (-1);
}
- se_ptr = network_create_socket (NET_DEFAULT_V4_ADDR, NET_DEFAULT_PORT,
- /* shared secret = */ NULL, SECURITY_LEVEL_NONE,
- flags);
-
- if (se_tail == NULL)
- return (se_ptr);
-
- se_tail->next = se_ptr;
- return (se_head);
-} /* }}} sockent_t *network_create_default_socket */
+ return (0);
+} /* }}} int sockent_open */
-static int network_add_listen_socket (const char *node, /* {{{ */
- const char *service, const char *shared_secret, int security_level)
+/* Add a sockent to the global list of sockets */
+static int sockent_add (sockent_t *se) /* {{{ */
{
- sockent_t *se;
- sockent_t *se_ptr;
- int se_num = 0;
-
- int flags;
-
- flags = CREATE_SOCKET_FLAGS_LISTEN;
-
- if (service == NULL)
- service = NET_DEFAULT_PORT;
-
- if (node == NULL)
- se = network_create_default_socket (flags);
- else
- se = network_create_socket (node, service,
- shared_secret, security_level, flags);
+ sockent_t *last_ptr;
if (se == NULL)
return (-1);
- for (se_ptr = se; se_ptr != NULL; se_ptr = se_ptr->next)
- se_num++;
-
- listen_sockets_pollfd = realloc (listen_sockets_pollfd,
- (listen_sockets_num + se_num)
- * sizeof (struct pollfd));
-
- for (se_ptr = se; se_ptr != NULL; se_ptr = se_ptr->next)
+ if (se->type == SOCKENT_TYPE_SERVER)
{
- listen_sockets_pollfd[listen_sockets_num].fd = se_ptr->fd;
- listen_sockets_pollfd[listen_sockets_num].events = POLLIN | POLLPRI;
- listen_sockets_pollfd[listen_sockets_num].revents = 0;
- listen_sockets_num++;
- } /* for (se) */
-
- se_ptr = listen_sockets;
- while ((se_ptr != NULL) && (se_ptr->next != NULL))
- se_ptr = se_ptr->next;
-
- if (se_ptr == NULL)
- listen_sockets = se;
- else
- se_ptr->next = se;
-
- return (0);
-} /* }}} int network_add_listen_socket */
-
-static int network_add_sending_socket (const char *node, /* {{{ */
- const char *service, const char *shared_secret, int security_level)
-{
- sockent_t *se;
- sockent_t *se_ptr;
+ struct pollfd *tmp;
+ size_t i;
- if (service == NULL)
- service = NET_DEFAULT_PORT;
+ tmp = realloc (listen_sockets_pollfd,
+ sizeof (*tmp) * (listen_sockets_num
+ + se->data.server.fd_num));
+ if (tmp == NULL)
+ {
+ ERROR ("network plugin: realloc failed.");
+ return (-1);
+ }
+ listen_sockets_pollfd = tmp;
+ tmp = listen_sockets_pollfd + listen_sockets_num;
- if (node == NULL)
- se = network_create_default_socket (/* flags = */ 0);
- else
- se = network_create_socket (node, service,
- shared_secret, security_level,
- /* flags = */ 0);
+ for (i = 0; i < se->data.server.fd_num; i++)
+ {
+ memset (tmp + i, 0, sizeof (*tmp));
+ tmp[i].fd = se->data.server.fd[i];
+ tmp[i].events = POLLIN | POLLPRI;
+ tmp[i].revents = 0;
+ }
- if (se == NULL)
- return (-1);
+ listen_sockets_num += se->data.server.fd_num;
- if (sending_sockets == NULL)
+ if (listen_sockets == NULL)
+ {
+ listen_sockets = se;
+ return (0);
+ }
+ last_ptr = listen_sockets;
+ }
+ else /* if (se->type == SOCKENT_TYPE_CLIENT) */
{
- sending_sockets = se;
- return (0);
+ if (sending_sockets == NULL)
+ {
+ sending_sockets = se;
+ return (0);
+ }
+ last_ptr = sending_sockets;
}
- for (se_ptr = sending_sockets; se_ptr->next != NULL; se_ptr = se_ptr->next)
- /* seek end */;
+ while (last_ptr->next != NULL)
+ last_ptr = last_ptr->next;
+ last_ptr->next = se;
- se_ptr->next = se;
return (0);
-} /* }}} int network_add_sending_socket */
+} /* }}} int sockent_add */
static void *dispatch_thread (void __attribute__((unused)) *arg) /* {{{ */
{
/* Lock and wait for more data to come in */
pthread_mutex_lock (&receive_list_lock);
while ((listen_loop == 0)
- && (receive_list_head == NULL))
+ && (receive_list_head == NULL))
pthread_cond_wait (&receive_list_cond, &receive_list_lock);
/* Remove the head entry and unlock */
ent = receive_list_head;
if (ent != NULL)
receive_list_head = ent->next;
+ receive_list_length--;
pthread_mutex_unlock (&receive_list_lock);
/* Check whether we are supposed to exit. We do NOT check `listen_loop'
/* Look for the correct `sockent_t' */
se = listen_sockets;
- while ((se != NULL) && (se->fd != ent->fd))
- se = se->next;
+ while (se != NULL)
+ {
+ size_t i;
+
+ for (i = 0; i < se->data.server.fd_num; i++)
+ if (se->data.server.fd[i] == ent->fd)
+ break;
+
+ if (i < se->data.server.fd_num)
+ break;
+
+ se = se->next;
+ }
if (se == NULL)
{
- ERROR ("network plugin: Got packet from FD %i, but can't "
- "find an appropriate socket entry.",
- ent->fd);
- sfree (ent);
- continue;
+ ERROR ("network plugin: Got packet from FD %i, but can't "
+ "find an appropriate socket entry.",
+ ent->fd);
+ sfree (ent->data);
+ sfree (ent);
+ continue;
}
- parse_packet (se, ent->data, ent->data_len, /* flags = */ 0);
+ parse_packet (se, ent->data, ent->data_len, /* flags = */ 0,
+ /* username = */ NULL);
+ sfree (ent->data);
sfree (ent);
} /* while (42) */
return (NULL);
} /* }}} void *dispatch_thread */
-static int network_receive (void)
+static int network_receive (void) /* {{{ */
{
- char buffer[BUFF_SIZE];
+ char buffer[network_config_packet_size];
int buffer_len;
int i;
receive_list_entry_t *private_list_head;
receive_list_entry_t *private_list_tail;
+ uint64_t private_list_length;
- if (listen_sockets_num == 0)
- network_add_listen_socket (/* node = */ NULL,
- /* service = */ NULL,
- /* shared secret = */ NULL,
- /* encryption = */ 0);
-
- if (listen_sockets_num == 0)
- {
- ERROR ("network: Failed to open a listening socket.");
- return (-1);
- }
+ assert (listen_sockets_num > 0);
private_list_head = NULL;
private_list_tail = NULL;
+ private_list_length = 0;
while (listen_loop == 0)
{
return (-1);
}
+ stats_octets_rx += ((uint64_t) buffer_len);
+ stats_packets_rx++;
+
/* TODO: Possible performance enhancement: Do not free
* these entries in the dispatch thread but put them in
* another list, so we don't have to allocate more and
return (-1);
}
memset (ent, 0, sizeof (receive_list_entry_t));
+ ent->data = malloc (network_config_packet_size);
+ if (ent->data == NULL)
+ {
+ sfree (ent);
+ ERROR ("network plugin: malloc failed.");
+ return (-1);
+ }
ent->fd = listen_sockets_pollfd[i].fd;
ent->next = NULL;
- /* Hopefully this be optimized out by the compiler. It
- * might help prevent stupid bugs in the future though.
- */
- assert (sizeof (ent->data) == sizeof (buffer));
-
memcpy (ent->data, buffer, buffer_len);
ent->data_len = buffer_len;
else
private_list_tail->next = ent;
private_list_tail = ent;
+ private_list_length++;
/* Do not block here. Blocking here has led to
* insufficient performance in the past. */
if (pthread_mutex_trylock (&receive_list_lock) == 0)
{
+ assert (((receive_list_head == NULL) && (receive_list_length == 0))
+ || ((receive_list_head != NULL) && (receive_list_length != 0)));
+
if (receive_list_head == NULL)
receive_list_head = private_list_head;
else
receive_list_tail->next = private_list_head;
receive_list_tail = private_list_tail;
-
- private_list_head = NULL;
- private_list_tail = NULL;
+ receive_list_length += private_list_length;
pthread_cond_signal (&receive_list_cond);
pthread_mutex_unlock (&receive_list_lock);
+
+ private_list_head = NULL;
+ private_list_tail = NULL;
+ private_list_length = 0;
}
} /* for (listen_sockets_pollfd) */
} /* while (listen_loop == 0) */
else
receive_list_tail->next = private_list_head;
receive_list_tail = private_list_tail;
+ receive_list_length += private_list_length;
private_list_head = NULL;
private_list_tail = NULL;
+ private_list_length = 0;
pthread_cond_signal (&receive_list_cond);
pthread_mutex_unlock (&receive_list_lock);
}
return (0);
-} /* int network_receive */
+} /* }}} int network_receive */
static void *receive_thread (void __attribute__((unused)) *arg)
{
static void network_init_buffer (void)
{
- memset (send_buffer, 0, sizeof (send_buffer));
+ memset (send_buffer, 0, network_config_packet_size);
send_buffer_ptr = send_buffer;
send_buffer_fill = 0;
while (42)
{
- status = sendto (se->fd, buffer, buffer_size, 0 /* no flags */,
- (struct sockaddr *) se->addr, se->addrlen);
- if (status < 0)
+ status = sendto (se->data.client.fd, buffer, buffer_size,
+ /* flags = */ 0,
+ (struct sockaddr *) se->data.client.addr,
+ se->data.client.addrlen);
+ if (status < 0)
{
char errbuf[1024];
if (errno == EINTR)
} /* while (42) */
} /* }}} void networt_send_buffer_plain */
-#if HAVE_GCRYPT_H
+#if HAVE_LIBGCRYPT
+#define BUFFER_ADD(p,s) do { \
+ memcpy (buffer + buffer_offset, (p), (s)); \
+ buffer_offset += (s); \
+} while (0)
+
static void networt_send_buffer_signed (const sockent_t *se, /* {{{ */
const char *in_buffer, size_t in_buffer_size)
{
- part_signature_sha256_t ps;
- char buffer[sizeof (ps) + in_buffer_size];
+ part_signature_sha256_t ps;
+ char buffer[BUFF_SIG_SIZE + in_buffer_size];
+ size_t buffer_offset;
+ size_t username_len;
- gcry_md_hd_t hd;
- gcry_error_t err;
- unsigned char *hash;
+ gcry_md_hd_t hd;
+ gcry_error_t err;
+ unsigned char *hash;
- hd = NULL;
- err = gcry_md_open (&hd, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
- if (err != 0)
- {
- ERROR ("network plugin: Creating HMAC object failed: %s",
- gcry_strerror (err));
- return;
- }
+ hd = NULL;
+ err = gcry_md_open (&hd, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
+ if (err != 0)
+ {
+ ERROR ("network plugin: Creating HMAC object failed: %s",
+ gcry_strerror (err));
+ return;
+ }
- err = gcry_md_setkey (hd, se->shared_secret,
- strlen (se->shared_secret));
- if (err != 0)
- {
- ERROR ("network plugin: gcry_md_setkey failed: %s",
- gcry_strerror (err));
- gcry_md_close (hd);
- return;
- }
+ err = gcry_md_setkey (hd, se->data.client.password,
+ strlen (se->data.client.password));
+ if (err != 0)
+ {
+ ERROR ("network plugin: gcry_md_setkey failed: %s",
+ gcry_strerror (err));
+ gcry_md_close (hd);
+ return;
+ }
- /* Initialize the `ps' structure. */
- memset (&ps, 0, sizeof (ps));
- ps.head.type = htons (TYPE_SIGN_SHA256);
- ps.head.length = htons ((uint16_t) sizeof (ps));
+ username_len = strlen (se->data.client.username);
+ if (username_len > (BUFF_SIG_SIZE - PART_SIGNATURE_SHA256_SIZE))
+ {
+ ERROR ("network plugin: Username too long: %s",
+ se->data.client.username);
+ return;
+ }
- /* Calculate the hash value. */
- gcry_md_write (hd, in_buffer, in_buffer_size);
- hash = gcry_md_read (hd, GCRY_MD_SHA256);
- if (hash == NULL)
- {
- ERROR ("network plugin: gcry_md_read failed.");
- gcry_md_close (hd);
- return;
- }
+ memcpy (buffer + PART_SIGNATURE_SHA256_SIZE,
+ se->data.client.username, username_len);
+ memcpy (buffer + PART_SIGNATURE_SHA256_SIZE + username_len,
+ in_buffer, in_buffer_size);
+
+ /* Initialize the `ps' structure. */
+ memset (&ps, 0, sizeof (ps));
+ ps.head.type = htons (TYPE_SIGN_SHA256);
+ ps.head.length = htons (PART_SIGNATURE_SHA256_SIZE + username_len);
+
+ /* Calculate the hash value. */
+ gcry_md_write (hd, buffer + PART_SIGNATURE_SHA256_SIZE,
+ username_len + in_buffer_size);
+ hash = gcry_md_read (hd, GCRY_MD_SHA256);
+ if (hash == NULL)
+ {
+ ERROR ("network plugin: gcry_md_read failed.");
+ gcry_md_close (hd);
+ return;
+ }
+ memcpy (ps.hash, hash, sizeof (ps.hash));
+
+ /* Add the header */
+ buffer_offset = 0;
+
+ BUFFER_ADD (&ps.head.type, sizeof (ps.head.type));
+ BUFFER_ADD (&ps.head.length, sizeof (ps.head.length));
+ BUFFER_ADD (ps.hash, sizeof (ps.hash));
- /* Add the signature and fill the rest of the buffer. */
- memcpy (ps.hash, hash, sizeof (ps.hash));
- memcpy (buffer, &ps, sizeof (ps));
- memcpy (buffer + sizeof (ps), in_buffer, in_buffer_size);
+ assert (buffer_offset == PART_SIGNATURE_SHA256_SIZE);
- gcry_md_close (hd);
- hd = NULL;
+ gcry_md_close (hd);
+ hd = NULL;
- networt_send_buffer_plain (se, buffer, sizeof (buffer));
+ buffer_offset = PART_SIGNATURE_SHA256_SIZE + username_len + in_buffer_size;
+ networt_send_buffer_plain (se, buffer, buffer_offset);
} /* }}} void networt_send_buffer_signed */
static void networt_send_buffer_encrypted (sockent_t *se, /* {{{ */
const char *in_buffer, size_t in_buffer_size)
{
part_encryption_aes256_t pea;
- char buffer[sizeof (pea) + in_buffer_size];
+ char buffer[BUFF_SIG_SIZE + in_buffer_size];
size_t buffer_size;
size_t buffer_offset;
- size_t padding_size;
+ size_t header_size;
+ size_t username_len;
gcry_error_t err;
gcry_cipher_hd_t cypher;
- /* Round to the next multiple of 16, because AES has a block size of 128 bit.
- * the first 20 bytes of `pea' are not encrypted and must be subtracted. */
- buffer_size = in_buffer_size +
- (PART_ENCRYPTION_AES256_SIZE - PART_ENCRYPTION_AES256_UNENCR_SIZE);
- padding_size = buffer_size;
- /* Round to the next multiple of 16. */
- buffer_size = (buffer_size + 15) / 16;
- buffer_size = buffer_size * 16;
- /* Calculate padding_size */
- padding_size = buffer_size - padding_size;
- assert (padding_size <= sizeof (pea.padding));
- /* Now add the unencrypted bytes. */
- buffer_size += PART_ENCRYPTION_AES256_UNENCR_SIZE;
+ /* Initialize the header fields */
+ memset (&pea, 0, sizeof (pea));
+ pea.head.type = htons (TYPE_ENCR_AES256);
+
+ pea.username = se->data.client.username;
+
+ username_len = strlen (pea.username);
+ if ((PART_ENCRYPTION_AES256_SIZE + username_len) > BUFF_SIG_SIZE)
+ {
+ ERROR ("network plugin: Username too long: %s", pea.username);
+ return;
+ }
+
+ buffer_size = PART_ENCRYPTION_AES256_SIZE + username_len + in_buffer_size;
+ header_size = PART_ENCRYPTION_AES256_SIZE + username_len
+ - sizeof (pea.hash);
+ assert (buffer_size <= sizeof (buffer));
DEBUG ("network plugin: networt_send_buffer_encrypted: "
"buffer_size = %zu;", buffer_size);
- /* Initialize the header fields */
- memset (&pea, 0, sizeof (pea));
- pea.head.type = htons (TYPE_ENCR_AES256);
- pea.head.length = htons ((uint16_t) buffer_size);
- pea.orig_length = htons ((uint16_t) in_buffer_size);
+ pea.head.length = htons ((uint16_t) (PART_ENCRYPTION_AES256_SIZE
+ + username_len + in_buffer_size));
+ pea.username_length = htons ((uint16_t) username_len);
/* Chose a random initialization vector. */
- gcry_randomize (&pea.iv, sizeof (pea.iv), GCRY_STRONG_RANDOM);
+ gcry_randomize ((void *) &pea.iv, sizeof (pea.iv), GCRY_STRONG_RANDOM);
/* Create hash of the payload */
gcry_md_hash_buffer (GCRY_MD_SHA1, pea.hash, in_buffer, in_buffer_size);
- /* Fill the extra field with random values. Some entropy in the encrypted
- * data is usually not a bad thing, I hope. */
- if (padding_size > 0)
- gcry_randomize (&pea.padding, padding_size, GCRY_STRONG_RANDOM);
-
/* Initialize the buffer */
buffer_offset = 0;
memset (buffer, 0, sizeof (buffer));
-#define BUFFER_ADD(p,s) do { \
- memcpy (buffer + buffer_offset, (p), (s)); \
- buffer_offset += (s); \
-} while (0)
BUFFER_ADD (&pea.head.type, sizeof (pea.head.type));
BUFFER_ADD (&pea.head.length, sizeof (pea.head.length));
+ BUFFER_ADD (&pea.username_length, sizeof (pea.username_length));
+ BUFFER_ADD (pea.username, username_len);
BUFFER_ADD (pea.iv, sizeof (pea.iv));
- BUFFER_ADD (&pea.orig_length, sizeof (pea.orig_length));
+ assert (buffer_offset == header_size);
BUFFER_ADD (pea.hash, sizeof (pea.hash));
-
- if (padding_size > 0)
- BUFFER_ADD (pea.padding, padding_size);
-
BUFFER_ADD (in_buffer, in_buffer_size);
assert (buffer_offset == buffer_size);
- cypher = network_get_aes256_cypher (se, pea.iv, sizeof (pea.iv));
+ cypher = network_get_aes256_cypher (se, pea.iv, sizeof (pea.iv),
+ se->data.client.password);
if (cypher == NULL)
return;
/* Encrypt the buffer in-place */
err = gcry_cipher_encrypt (cypher,
- buffer + PART_ENCRYPTION_AES256_UNENCR_SIZE,
- buffer_size - PART_ENCRYPTION_AES256_UNENCR_SIZE,
+ buffer + header_size,
+ buffer_size - header_size,
/* in = */ NULL, /* in len = */ 0);
if (err != 0)
{
/* Send it out without further modifications */
networt_send_buffer_plain (se, buffer, buffer_size);
-#undef BUFFER_ADD
} /* }}} void networt_send_buffer_encrypted */
-#endif /* HAVE_GCRYPT_H */
+#undef BUFFER_ADD
+#endif /* HAVE_LIBGCRYPT */
static void network_send_buffer (char *buffer, size_t buffer_len) /* {{{ */
{
for (se = sending_sockets; se != NULL; se = se->next)
{
-#if HAVE_GCRYPT_H
- if (se->security_level == SECURITY_LEVEL_ENCRYPT)
+#if HAVE_LIBGCRYPT
+ if (se->data.client.security_level == SECURITY_LEVEL_ENCRYPT)
networt_send_buffer_encrypted (se, buffer, buffer_len);
- else if (se->security_level == SECURITY_LEVEL_SIGN)
+ else if (se->data.client.security_level == SECURITY_LEVEL_SIGN)
networt_send_buffer_signed (se, buffer, buffer_len);
- else /* if (se->security_level == SECURITY_LEVEL_NONE) */
-#endif /* HAVE_GCRYPT_H */
+ else /* if (se->data.client.security_level == SECURITY_LEVEL_NONE) */
+#endif /* HAVE_LIBGCRYPT */
networt_send_buffer_plain (se, buffer, buffer_len);
} /* for (sending_sockets) */
} /* }}} void network_send_buffer */
send_buffer_fill);
network_send_buffer (send_buffer, (size_t) send_buffer_fill);
+
+ stats_octets_tx += ((uint64_t) send_buffer_fill);
+ stats_packets_tx++;
+
network_init_buffer ();
}
{
int status;
- /* If the value is already in the cache, we have received it via the
- * network. We write it again if forwarding is activated. It's then in
- * the cache and should we receive it again we will ignore it. */
- status = cache_check (vl);
- if ((network_config_forward == 0)
- && (status != 0))
- return (0);
+ if (!check_send_okay (vl))
+ {
+#if COLLECT_DEBUG
+ char name[6*DATA_MAX_NAME_LEN];
+ FORMAT_VL (name, sizeof (name), vl);
+ name[sizeof (name) - 1] = 0;
+ DEBUG ("network plugin: network_write: "
+ "NOT sending %s.", name);
+#endif
+ /* Counter is not protected by another lock and may be reached by
+ * multiple threads */
+ pthread_mutex_lock (&stats_lock);
+ stats_values_not_sent++;
+ pthread_mutex_unlock (&stats_lock);
+ return (0);
+ }
+
+ uc_meta_data_add_unsigned_int (vl,
+ "network:time_sent", (uint64_t) vl->time);
pthread_mutex_lock (&send_buffer_lock);
status = add_to_buffer (send_buffer_ptr,
- sizeof (send_buffer) - (send_buffer_fill + BUFF_SIG_SIZE),
+ network_config_packet_size - (send_buffer_fill + BUFF_SIG_SIZE),
&send_buffer_vl,
ds, vl);
if (status >= 0)
/* status == bytes added to the buffer */
send_buffer_fill += status;
send_buffer_ptr += status;
+
+ stats_values_sent++;
}
else
{
flush_buffer ();
status = add_to_buffer (send_buffer_ptr,
- sizeof (send_buffer) - (send_buffer_fill + BUFF_SIG_SIZE),
+ network_config_packet_size - (send_buffer_fill + BUFF_SIG_SIZE),
&send_buffer_vl,
ds, vl);
{
send_buffer_fill += status;
send_buffer_ptr += status;
+
+ stats_values_sent++;
}
}
ERROR ("network plugin: Unable to append to the "
"buffer for some weird reason");
}
- else if ((sizeof (send_buffer) - send_buffer_fill) < 15)
+ else if ((network_config_packet_size - send_buffer_fill) < 15)
{
flush_buffer ();
}
{
char *str = ci->values[0].value.string;
- if ((strcasecmp ("true", str) == 0)
- || (strcasecmp ("yes", str) == 0)
- || (strcasecmp ("on", str) == 0))
+ if (IS_TRUE (str))
*retval = 1;
- else if ((strcasecmp ("false", str) == 0)
- || (strcasecmp ("no", str) == 0)
- || (strcasecmp ("off", str) == 0))
+ else if (IS_FALSE (str))
*retval = 0;
else
{
return (0);
} /* }}} int network_config_set_ttl */
-#if HAVE_GCRYPT_H
+static int network_config_set_interface (const oconfig_item_t *ci, /* {{{ */
+ int *interface)
+{
+ if ((ci->values_num != 1)
+ || (ci->values[0].type != OCONFIG_TYPE_STRING))
+ {
+ WARNING ("network plugin: The `Interface' config option needs exactly "
+ "one string argument.");
+ return (-1);
+ }
+
+ if (interface == NULL)
+ return (-1);
+
+ *interface = if_nametoindex (ci->values[0].value.string);
+
+ return (0);
+} /* }}} int network_config_set_interface */
+
+static int network_config_set_buffer_size (const oconfig_item_t *ci) /* {{{ */
+{
+ int tmp;
+ if ((ci->values_num != 1)
+ || (ci->values[0].type != OCONFIG_TYPE_NUMBER))
+ {
+ WARNING ("network plugin: The `MaxPacketSize' config option needs exactly "
+ "one numeric argument.");
+ return (-1);
+ }
+
+ tmp = (int) ci->values[0].value.number;
+ if ((tmp >= 1024) && (tmp <= 65535))
+ network_config_packet_size = tmp;
+
+ return (0);
+} /* }}} int network_config_set_buffer_size */
+
+#if HAVE_LIBGCRYPT
+static int network_config_set_string (const oconfig_item_t *ci, /* {{{ */
+ char **ret_string)
+{
+ char *tmp;
+ if ((ci->values_num != 1)
+ || (ci->values[0].type != OCONFIG_TYPE_STRING))
+ {
+ WARNING ("network plugin: The `%s' config option needs exactly "
+ "one string argument.", ci->key);
+ return (-1);
+ }
+
+ tmp = strdup (ci->values[0].value.string);
+ if (tmp == NULL)
+ return (-1);
+
+ sfree (*ret_string);
+ *ret_string = tmp;
+
+ return (0);
+} /* }}} int network_config_set_string */
+#endif /* HAVE_LIBGCRYPT */
+
+#if HAVE_LIBGCRYPT
static int network_config_set_security_level (oconfig_item_t *ci, /* {{{ */
int *retval)
{
return (0);
} /* }}} int network_config_set_security_level */
-#endif /* HAVE_GCRYPT_H */
+#endif /* HAVE_LIBGCRYPT */
-static int network_config_listen_server (const oconfig_item_t *ci) /* {{{ */
+static int network_config_add_listen (const oconfig_item_t *ci) /* {{{ */
{
- char *node;
- char *service;
- char *shared_secret = NULL;
- int security_level = SECURITY_LEVEL_NONE;
+ sockent_t *se;
+ int status;
int i;
if ((ci->values_num < 1) || (ci->values_num > 2)
return (-1);
}
- node = ci->values[0].value.string;
+ se = malloc (sizeof (*se));
+ if (se == NULL)
+ {
+ ERROR ("network plugin: malloc failed.");
+ return (-1);
+ }
+ sockent_init (se, SOCKENT_TYPE_SERVER);
+
+ se->node = strdup (ci->values[0].value.string);
if (ci->values_num >= 2)
- service = ci->values[1].value.string;
- else
- service = NULL;
+ se->service = strdup (ci->values[1].value.string);
for (i = 0; i < ci->children_num; i++)
{
oconfig_item_t *child = ci->children + i;
-#if HAVE_GCRYPT_H
- if (strcasecmp ("Secret", child->key) == 0)
- {
- if ((child->values_num == 1)
- && (child->values[0].type == OCONFIG_TYPE_STRING))
- shared_secret = child->values[0].value.string;
- else
- ERROR ("network plugin: The `Secret' option needs exactly one string "
- "argument.");
- }
+#if HAVE_LIBGCRYPT
+ if (strcasecmp ("AuthFile", child->key) == 0)
+ network_config_set_string (child, &se->data.server.auth_file);
else if (strcasecmp ("SecurityLevel", child->key) == 0)
- network_config_set_security_level (child, &security_level);
+ network_config_set_security_level (child,
+ &se->data.server.security_level);
+ else
+#endif /* HAVE_LIBGCRYPT */
+ if (strcasecmp ("Interface", child->key) == 0)
+ network_config_set_interface (child,
+ &se->interface);
else
-#endif /* HAVE_GCRYPT_H */
{
WARNING ("network plugin: Option `%s' is not allowed here.",
child->key);
}
}
- if ((security_level > SECURITY_LEVEL_NONE) && (shared_secret == NULL))
+#if HAVE_LIBGCRYPT
+ if ((se->data.server.security_level > SECURITY_LEVEL_NONE)
+ && (se->data.server.auth_file == NULL))
{
ERROR ("network plugin: A security level higher than `none' was "
- "requested, but no shared key was given. Cowardly refusing to open "
- "this socket!");
+ "requested, but no AuthFile option was given. Cowardly refusing to "
+ "open this socket!");
+ sockent_destroy (se);
return (-1);
}
+#endif /* HAVE_LIBGCRYPT */
- if (strcasecmp ("Listen", ci->key) == 0)
- network_add_listen_socket (node, service, shared_secret, security_level);
- else
- network_add_sending_socket (node, service, shared_secret, security_level);
+ status = sockent_open (se);
+ if (status != 0)
+ {
+ ERROR ("network plugin: network_config_add_listen: sockent_open failed.");
+ sockent_destroy (se);
+ return (-1);
+ }
+
+ status = sockent_add (se);
+ if (status != 0)
+ {
+ ERROR ("network plugin: network_config_add_listen: sockent_add failed.");
+ sockent_destroy (se);
+ return (-1);
+ }
return (0);
-} /* }}} int network_config_listen_server */
+} /* }}} int network_config_add_listen */
-static int network_config_set_cache_flush (const oconfig_item_t *ci) /* {{{ */
+static int network_config_add_server (const oconfig_item_t *ci) /* {{{ */
{
- int tmp;
- if ((ci->values_num != 1)
- || (ci->values[0].type != OCONFIG_TYPE_NUMBER))
+ sockent_t *se;
+ int status;
+ int i;
+
+ if ((ci->values_num < 1) || (ci->values_num > 2)
+ || (ci->values[0].type != OCONFIG_TYPE_STRING)
+ || ((ci->values_num > 1) && (ci->values[1].type != OCONFIG_TYPE_STRING)))
{
- WARNING ("network plugin: The `CacheFlush' config option needs exactly "
- "one numeric argument.");
+ ERROR ("network plugin: The `%s' config option needs "
+ "one or two string arguments.", ci->key);
return (-1);
}
- tmp = (int) ci->values[0].value.number;
- if (tmp > 0)
- network_config_ttl = tmp;
+ se = malloc (sizeof (*se));
+ if (se == NULL)
+ {
+ ERROR ("network plugin: malloc failed.");
+ return (-1);
+ }
+ sockent_init (se, SOCKENT_TYPE_CLIENT);
+
+ se->node = strdup (ci->values[0].value.string);
+ if (ci->values_num >= 2)
+ se->service = strdup (ci->values[1].value.string);
+
+ for (i = 0; i < ci->children_num; i++)
+ {
+ oconfig_item_t *child = ci->children + i;
+
+#if HAVE_LIBGCRYPT
+ if (strcasecmp ("Username", child->key) == 0)
+ network_config_set_string (child, &se->data.client.username);
+ else if (strcasecmp ("Password", child->key) == 0)
+ network_config_set_string (child, &se->data.client.password);
+ else if (strcasecmp ("SecurityLevel", child->key) == 0)
+ network_config_set_security_level (child,
+ &se->data.client.security_level);
+ else
+#endif /* HAVE_LIBGCRYPT */
+ if (strcasecmp ("Interface", child->key) == 0)
+ network_config_set_interface (child,
+ &se->interface);
+ else
+ {
+ WARNING ("network plugin: Option `%s' is not allowed here.",
+ child->key);
+ }
+ }
+
+#if HAVE_LIBGCRYPT
+ if ((se->data.client.security_level > SECURITY_LEVEL_NONE)
+ && ((se->data.client.username == NULL)
+ || (se->data.client.password == NULL)))
+ {
+ ERROR ("network plugin: A security level higher than `none' was "
+ "requested, but no Username or Password option was given. "
+ "Cowardly refusing to open this socket!");
+ sockent_destroy (se);
+ return (-1);
+ }
+#endif /* HAVE_LIBGCRYPT */
+
+ status = sockent_open (se);
+ if (status != 0)
+ {
+ ERROR ("network plugin: network_config_add_server: sockent_open failed.");
+ sockent_destroy (se);
+ return (-1);
+ }
+
+ status = sockent_add (se);
+ if (status != 0)
+ {
+ ERROR ("network plugin: network_config_add_server: sockent_add failed.");
+ sockent_destroy (se);
+ return (-1);
+ }
return (0);
-} /* }}} int network_config_set_cache_flush */
+} /* }}} int network_config_add_server */
static int network_config (oconfig_item_t *ci) /* {{{ */
{
{
oconfig_item_t *child = ci->children + i;
- if ((strcasecmp ("Listen", child->key) == 0)
- || (strcasecmp ("Server", child->key) == 0))
- network_config_listen_server (child);
+ if (strcasecmp ("Listen", child->key) == 0)
+ network_config_add_listen (child);
+ else if (strcasecmp ("Server", child->key) == 0)
+ network_config_add_server (child);
else if (strcasecmp ("TimeToLive", child->key) == 0)
network_config_set_ttl (child);
+ else if (strcasecmp ("MaxPacketSize", child->key) == 0)
+ network_config_set_buffer_size (child);
else if (strcasecmp ("Forward", child->key) == 0)
network_config_set_boolean (child, &network_config_forward);
+ else if (strcasecmp ("ReportStats", child->key) == 0)
+ network_config_set_boolean (child, &network_config_stats);
else if (strcasecmp ("CacheFlush", child->key) == 0)
- network_config_set_cache_flush (child);
+ /* no op for backwards compatibility only */;
else
{
WARNING ("network plugin: Option `%s' is not allowed here.",
static int network_notification (const notification_t *n,
user_data_t __attribute__((unused)) *user_data)
{
- char buffer[BUFF_SIZE];
+ char buffer[network_config_packet_size];
char *buffer_ptr = buffer;
int buffer_free = sizeof (buffer);
int status;
dispatch_thread_running = 0;
}
- free_sockent (listen_sockets);
+ sockent_destroy (listen_sockets);
if (send_buffer_fill > 0)
flush_buffer ();
- if (cache_tree != NULL)
- {
- void *key;
- void *value;
-
- while (c_avl_pick (cache_tree, &key, &value) == 0)
- {
- sfree (key);
- sfree (value);
- }
- c_avl_destroy (cache_tree);
- cache_tree = NULL;
- }
+ sfree (send_buffer);
/* TODO: Close `sending_sockets' */
plugin_unregister_write ("network");
plugin_unregister_shutdown ("network");
- /* Let the init function do it's move again ;) */
- cache_flush_last = 0;
-
return (0);
} /* int network_shutdown */
+static int network_stats_read (void) /* {{{ */
+{
+ uint64_t copy_octets_rx;
+ uint64_t copy_octets_tx;
+ uint64_t copy_packets_rx;
+ uint64_t copy_packets_tx;
+ uint64_t copy_values_dispatched;
+ uint64_t copy_values_not_dispatched;
+ uint64_t copy_values_sent;
+ uint64_t copy_values_not_sent;
+ uint64_t copy_receive_list_length;
+ value_list_t vl = VALUE_LIST_INIT;
+ value_t values[2];
+
+ copy_octets_rx = stats_octets_rx;
+ copy_octets_tx = stats_octets_tx;
+ copy_packets_rx = stats_packets_rx;
+ copy_packets_tx = stats_packets_tx;
+ copy_values_dispatched = stats_values_dispatched;
+ copy_values_not_dispatched = stats_values_not_dispatched;
+ copy_values_sent = stats_values_sent;
+ copy_values_not_sent = stats_values_not_sent;
+ copy_receive_list_length = receive_list_length;
+
+ /* Initialize `vl' */
+ vl.values = values;
+ vl.values_len = 2;
+ vl.time = 0;
+ vl.interval = interval_g;
+ sstrncpy (vl.host, hostname_g, sizeof (vl.host));
+ sstrncpy (vl.plugin, "network", sizeof (vl.plugin));
+
+ /* Octets received / sent */
+ vl.values[0].counter = (counter_t) copy_octets_rx;
+ vl.values[1].counter = (counter_t) copy_octets_tx;
+ sstrncpy (vl.type, "if_octets", sizeof (vl.type));
+ plugin_dispatch_values (&vl);
+
+ /* Packets received / send */
+ vl.values[0].counter = (counter_t) copy_packets_rx;
+ vl.values[1].counter = (counter_t) copy_packets_tx;
+ sstrncpy (vl.type, "if_packets", sizeof (vl.type));
+ plugin_dispatch_values (&vl);
+
+ /* Values (not) dispatched and (not) send */
+ sstrncpy (vl.type, "total_values", sizeof (vl.type));
+ vl.values_len = 1;
+
+ vl.values[0].derive = (derive_t) copy_values_dispatched;
+ sstrncpy (vl.type_instance, "dispatch-accepted",
+ sizeof (vl.type_instance));
+ plugin_dispatch_values (&vl);
+
+ vl.values[0].derive = (derive_t) copy_values_not_dispatched;
+ sstrncpy (vl.type_instance, "dispatch-rejected",
+ sizeof (vl.type_instance));
+ plugin_dispatch_values (&vl);
+
+ vl.values[0].derive = (derive_t) copy_values_sent;
+ sstrncpy (vl.type_instance, "send-accepted",
+ sizeof (vl.type_instance));
+ plugin_dispatch_values (&vl);
+
+ vl.values[0].derive = (derive_t) copy_values_not_sent;
+ sstrncpy (vl.type_instance, "send-rejected",
+ sizeof (vl.type_instance));
+ plugin_dispatch_values (&vl);
+
+ /* Receive queue length */
+ vl.values[0].gauge = (gauge_t) copy_receive_list_length;
+ sstrncpy (vl.type, "queue_length", sizeof (vl.type));
+ vl.type_instance[0] = 0;
+ plugin_dispatch_values (&vl);
+
+ return (0);
+} /* }}} int network_stats_read */
+
static int network_init (void)
{
+ static _Bool have_init = false;
+
/* Check if we were already initialized. If so, just return - there's
* nothing more to do (for now, that is). */
- if (cache_flush_last != 0)
+ if (have_init)
return (0);
+ have_init = true;
+
+#if HAVE_LIBGCRYPT
+ gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+ gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0);
+ gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+#endif
+
+ if (network_config_stats != 0)
+ plugin_register_read ("network", network_stats_read);
plugin_register_shutdown ("network", network_shutdown);
+ send_buffer = malloc (network_config_packet_size);
+ if (send_buffer == NULL)
+ {
+ ERROR ("network plugin: malloc failed.");
+ return (-1);
+ }
network_init_buffer ();
- cache_tree = c_avl_create ((int (*) (const void *, const void *)) strcmp);
- cache_flush_last = time (NULL);
-
/* setup socket(s) and so on */
if (sending_sockets != NULL)
{
{
pthread_mutex_lock (&send_buffer_lock);
- if (((time (NULL) - cache_flush_last) >= timeout)
- && (send_buffer_fill > 0))
- {
- flush_buffer ();
- }
+ if (send_buffer_fill > 0)
+ flush_buffer ();
pthread_mutex_unlock (&send_buffer_lock);
projects / collectd.git / blobdiff