From 55dcf13791059739dbbba11c7aaaabcf807ae2a3 Mon Sep 17 00:00:00 2001 From: elieyal Date: Wed, 20 Jun 2018 09:24:15 +0300 Subject: [PATCH] upddated correct file Sorry, committed the patch by mistake. now fixed. --- src/network.c | 3407 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 3278 insertions(+), 129 deletions(-) diff --git a/src/network.c b/src/network.c index d4c1eacf..0fdb1c0e 100644 --- a/src/network.c +++ b/src/network.c @@ -1,129 +1,3278 @@ -diff -Naur src/network.c src/network.c ---- src/network.c 2018-06-14 06:29:51.000000000 +0300 -+++ src/network.c 2018-06-19 21:27:22.432241000 +0300 -@@ -113,6 +113,7 @@ - #endif - cdtime_t next_resolve_reconnect; - cdtime_t resolve_interval; -+ struct sockaddr_storage *bind_addr; - }; - - struct sockent_server { -@@ -1501,6 +1502,7 @@ - sec->fd = -1; - } - sfree(sec->addr); -+ sfree(sec->bind_addr); - #if HAVE_GCRYPT_H - sfree(sec->username); - sfree(sec->password); -@@ -1683,6 +1685,35 @@ - return 0; - } /* }}} network_set_interface */ - -+static int network_bind_socket_to_addr(sockent_t *se, const struct addrinfo *ai) { -+ -+ if (se->data.client.bind_addr == NULL) -+ return 0; -+ -+ DEBUG("network_plugin: fd %i: bind socket to address", se->data.client.fd); -+ char pbuffer[64]; -+ -+ if (ai->ai_family == AF_INET) { -+ struct sockaddr_in *addr = (struct sockaddr_in *)(se->data.client.bind_addr); -+ inet_ntop(AF_INET, &(addr->sin_addr), pbuffer, 64); -+ DEBUG("network_plugin: binding client socket to ipv4 address: %s", pbuffer); -+ if (bind(se->data.client.fd, (struct sockaddr*)addr, sizeof(*addr)) == -1) { -+ ERROR("network_plugin: failed to bind client socket (ipv4): %s", STRERRNO); -+ return -1; -+ } -+ } else if (ai->ai_family == AF_INET6) { -+ struct sockaddr_in6 *addr = (struct sockaddr_in6 *)(se->data.client.bind_addr); -+ inet_ntop(AF_INET, &(addr->sin6_addr), pbuffer, 64); -+ DEBUG("network_plugin: binding client socket to ipv6 address: %s", pbuffer); -+ if (bind(se->data.client.fd, (struct sockaddr*)addr, sizeof(*addr)) == -1) { -+ ERROR("network_plugin: failed to bind client socket (ipv6): %s", STRERRNO); -+ return -1; -+ } -+ } -+ -+ return 0; -+} /* int network_bind_socket_to_addr */ -+ - static int network_bind_socket(int fd, const struct addrinfo *ai, - const int interface_idx) { - #if KERNEL_SOLARIS -@@ -1834,6 +1865,7 @@ - } else { - se->data.client.fd = -1; - se->data.client.addr = NULL; -+ se->data.client.bind_addr = NULL; - se->data.client.resolve_interval = 0; - se->data.client.next_resolve_reconnect = 0; - #if HAVE_GCRYPT_H -@@ -1989,6 +2021,7 @@ - - network_set_ttl(se, ai_ptr); - network_set_interface(se, ai_ptr); -+ network_bind_socket_to_addr(se, ai_ptr); - - /* We don't open more than one write-socket per - * node/service pair.. */ -@@ -2684,6 +2717,48 @@ - return 0; - } /* }}} int network_config_set_interface */ - -+static int network_config_set_bind_address(const oconfig_item_t *ci, -+ struct sockaddr_storage **bind_address) { -+ if ((*bind_address) != NULL) { -+ ERROR("network_plugin: only a single bind address is allowed"); -+ return -1; -+ } -+ -+ char addr_text[256]; -+ -+ if (cf_util_get_string_buffer(ci, addr_text, sizeof(addr_text)) != 0) -+ return -1; -+ -+ int ret; -+ struct addrinfo hint, *res = NULL; -+ -+ memset(&hint, '\0', sizeof hint); -+ hint.ai_family = PF_UNSPEC; -+ hint.ai_flags = AI_NUMERICHOST; -+ -+ ret = getaddrinfo(addr_text, NULL, &hint, &res); -+ if (ret) { -+ ERROR("network plugin: Bind address option has invalid address set: %s", gai_strerror(ret)); -+ return -1; -+ } -+ -+ *bind_address = malloc(sizeof(**bind_address)); -+ (*bind_address)->ss_family = res->ai_family; -+ if(res->ai_family == AF_INET) { -+ struct sockaddr_in* addr = (struct sockaddr_in*)(*bind_address); -+ inet_pton(AF_INET, addr_text, &(addr->sin_addr)); -+ } else if (res->ai_family == AF_INET6) { -+ struct sockaddr_in6* addr = (struct sockaddr_in6*)(*bind_address); -+ inet_pton(AF_INET6, addr_text, &(addr->sin6_addr)); -+ } else { -+ ERROR("network plugin: %s is an unknown address format %d\n",addr_text,res->ai_family); -+ sfree(*bind_address); -+ return -1; -+ } -+ -+ return 0; -+} /* int network_config_set_bind_address */ -+ - static int network_config_set_buffer_size(const oconfig_item_t *ci) /* {{{ */ - { - int tmp = 0; -@@ -2843,6 +2918,8 @@ - #endif /* HAVE_GCRYPT_H */ - if (strcasecmp("Interface", child->key) == 0) - network_config_set_interface(child, &se->interface); -+ else if (strcasecmp("BindAddress", child->key) == 0) -+ network_config_set_bind_address(child, &se->data.client.bind_addr); - else if (strcasecmp("ResolveInterval", child->key) == 0) - cf_util_get_cdtime(child, &se->data.client.resolve_interval); - else { +/** + * collectd - src/network.c + * Copyright (C) 2005-2013 Florian octo Forster + * Copyright (C) 2009 Aman Gupta + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; only version 2.1 of the License is + * applicable. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + * + * Authors: + * Florian octo Forster + * Aman Gupta + **/ + +#define _DEFAULT_SOURCE +#define _BSD_SOURCE /* For struct ip_mreq */ + +#include "collectd.h" + +#include "common.h" +#include "plugin.h" +#include "utils_cache.h" +#include "utils_complain.h" +#include "utils_fbhash.h" + +#include "network.h" + +#if HAVE_NETDB_H +#include +#endif +#if HAVE_NETINET_IN_H +#include +#endif +#if HAVE_ARPA_INET_H +#include +#endif +#if HAVE_POLL_H +#include +#endif +#if HAVE_NET_IF_H +#include +#endif + +#if HAVE_GCRYPT_H +#if defined __APPLE__ +/* default xcode compiler throws warnings even when deprecated functionality + * is not used. -Werror breaks the build because of erroneous warnings. + * http://stackoverflow.com/questions/10556299/compiler-warnings-with-libgcrypt-v1-5-0/12830209#12830209 + */ +#pragma GCC diagnostic ignored "-Wdeprecated-declarations" +#endif +/* FreeBSD's copy of libgcrypt extends the existing GCRYPT_NO_DEPRECATED + * to properly hide all deprecated functionality. + * http://svnweb.freebsd.org/ports/head/security/libgcrypt/files/patch-src__gcrypt.h.in + */ +#define GCRYPT_NO_DEPRECATED +#include +#if defined __APPLE__ +/* Re enable deprecation warnings */ +#pragma GCC diagnostic warning "-Wdeprecated-declarations" +#endif +#if GCRYPT_VERSION_NUMBER < 0x010600 +GCRY_THREAD_OPTION_PTHREAD_IMPL; +#endif +#endif + +#ifndef IPV6_ADD_MEMBERSHIP +#ifdef IPV6_JOIN_GROUP +#define IPV6_ADD_MEMBERSHIP IPV6_JOIN_GROUP +#else +#error "Neither IP_ADD_MEMBERSHIP nor IPV6_JOIN_GROUP is defined" +#endif +#endif /* !IP_ADD_MEMBERSHIP */ + +/* + * Maximum size required for encryption / signing: + * + * 42 bytes for the encryption header + * + 64 bytes for the username + * ----------- + * = 106 bytes + */ +#define BUFF_SIG_SIZE 106 + +/* + * Private data types + */ +#define SECURITY_LEVEL_NONE 0 +#if HAVE_GCRYPT_H +#define SECURITY_LEVEL_SIGN 1 +#define SECURITY_LEVEL_ENCRYPT 2 +#endif +struct sockent_client { + int fd; + struct sockaddr_storage *addr; + socklen_t addrlen; +#if HAVE_GCRYPT_H + int security_level; + char *username; + char *password; + gcry_cipher_hd_t cypher; + unsigned char password_hash[32]; +#endif + cdtime_t next_resolve_reconnect; + cdtime_t resolve_interval; + struct sockaddr_storage *bind_addr; +}; + +struct sockent_server { + int *fd; + size_t fd_num; +#if HAVE_GCRYPT_H + int security_level; + char *auth_file; + fbhash_t *userdb; + gcry_cipher_hd_t cypher; +#endif +}; + +typedef struct sockent { +#define SOCKENT_TYPE_CLIENT 1 +#define SOCKENT_TYPE_SERVER 2 + int type; + + char *node; + char *service; + int interface; + + union { + struct sockent_client client; + struct sockent_server server; + } data; + + struct sockent *next; +} sockent_t; + +/* 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-------+-----------------------+-------------------------------+ + * ! Ver. ! ! Length ! + * +-------+-----------------------+-------------------------------+ + */ +struct part_header_s { + uint16_t type; + uint16_t length; +}; +typedef struct part_header_s part_header_t; + +/* 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-------------------------------+-------------------------------+ + * ! Type ! Length ! + * +-------------------------------+-------------------------------+ + * : (Length - 4) Bytes : + * +---------------------------------------------------------------+ + */ +struct part_string_s { + part_header_t *head; + char *value; +}; +typedef struct part_string_s part_string_t; + +/* 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-------------------------------+-------------------------------+ + * ! Type ! Length ! + * +-------------------------------+-------------------------------+ + * : (Length - 4 == 2 || 4 || 8) Bytes : + * +---------------------------------------------------------------+ + */ +struct part_number_s { + part_header_t *head; + uint64_t *value; +}; +typedef struct part_number_s part_number_t; + +/* 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-------------------------------+-------------------------------+ + * ! Type ! Length ! + * +-------------------------------+---------------+---------------+ + * ! Num of values ! Type0 ! Type1 ! + * +-------------------------------+---------------+---------------+ + * ! Value0 ! + * ! ! + * +---------------------------------------------------------------+ + * ! Value1 ! + * ! ! + * +---------------------------------------------------------------+ + */ +struct part_values_s { + part_header_t *head; + uint16_t *num_values; + uint8_t *values_types; + value_t *values; +}; +typedef struct part_values_s part_values_t; + +/* 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-------------------------------+-------------------------------+ + * ! Type ! Length ! + * +-------------------------------+-------------------------------+ + * ! Hash (Bits 0 - 31) ! + * : : : + * ! Hash (Bits 224 - 255) ! + * +---------------------------------------------------------------+ + */ +/* Minimum size */ +#define PART_SIGNATURE_SHA256_SIZE 36 +struct part_signature_sha256_s { + part_header_t head; + unsigned char hash[32]; + char *username; +}; +typedef struct part_signature_sha256_s part_signature_sha256_t; + +/* 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-------------------------------+-------------------------------+ + * ! Type ! Length ! + * +-------------------------------+-------------------------------+ + * ! Original length ! Padding (0 - 15 bytes) ! + * +-------------------------------+-------------------------------+ + * ! Hash (Bits 0 - 31) ! + * : : : + * ! Hash (Bits 128 - 159) ! + * +---------------------------------------------------------------+ + */ +/* Minimum size */ +#define PART_ENCRYPTION_AES256_SIZE 42 +struct part_encryption_aes256_s { + part_header_t head; + uint16_t username_length; + char *username; + unsigned char iv[16]; + /* */ + unsigned char hash[20]; + /* */ + /* */ +}; +typedef struct part_encryption_aes256_s part_encryption_aes256_t; + +struct receive_list_entry_s { + char *data; + int data_len; + int fd; + struct receive_list_entry_s *next; +}; +typedef struct receive_list_entry_s receive_list_entry_t; + +/* + * Private variables + */ +static int network_config_ttl; +/* Ethernet - (IPv6 + UDP) = 1500 - (40 + 8) = 1452 */ +static size_t network_config_packet_size = 1452; +static bool network_config_forward; +static bool network_config_stats; + +static sockent_t *sending_sockets; + +static receive_list_entry_t *receive_list_head; +static receive_list_entry_t *receive_list_tail; +static pthread_mutex_t receive_list_lock = PTHREAD_MUTEX_INITIALIZER; +static pthread_cond_t receive_list_cond = PTHREAD_COND_INITIALIZER; +static uint64_t receive_list_length; + +static sockent_t *listen_sockets; +static struct pollfd *listen_sockets_pollfd; +static size_t listen_sockets_num; + +/* The receive and dispatch threads will run as long as `listen_loop' is set to + * zero. */ +static int listen_loop; +static int receive_thread_running; +static pthread_t receive_thread_id; +static int dispatch_thread_running; +static pthread_t dispatch_thread_id; + +/* Buffer in which to-be-sent network packets are constructed. */ +static char *send_buffer; +static char *send_buffer_ptr; +static int send_buffer_fill; +static cdtime_t send_buffer_last_update; +static value_list_t send_buffer_vl = VALUE_LIST_INIT; +static pthread_mutex_t send_buffer_lock = PTHREAD_MUTEX_INITIALIZER; + +/* XXX: These counters are incremented from one place only. The spot in which + * the values are incremented is either only reachable by one thread (the + * dispatch thread, for example) or locked by some lock (send_buffer_lock for + * example). Only if neither is true, the stats_lock is acquired. The counters + * are always read without holding a lock in the hope that writing 8 bytes to + * memory is an atomic operation. */ +static derive_t stats_octets_rx; +static derive_t stats_octets_tx; +static derive_t stats_packets_rx; +static derive_t stats_packets_tx; +static derive_t stats_values_dispatched; +static derive_t stats_values_not_dispatched; +static derive_t stats_values_sent; +static derive_t stats_values_not_sent; +static pthread_mutex_t stats_lock = PTHREAD_MUTEX_INITIALIZER; + +/* + * Private functions + */ +static bool check_receive_okay(const value_list_t *vl) /* {{{ */ +{ + uint64_t time_sent = 0; + int status; + + status = uc_meta_data_get_unsigned_int(vl, "network:time_sent", &time_sent); + + /* This is a value we already sent. Don't allow it to be received again in + * order to avoid looping. */ + if ((status == 0) && (time_sent >= ((uint64_t)vl->time))) + return 0; + + return 1; +} /* }}} bool check_receive_okay */ + +static bool check_send_okay(const value_list_t *vl) /* {{{ */ +{ + bool received = 0; + int status; + + if (network_config_forward) + return 1; + + if (vl->meta == NULL) + return 1; + + status = meta_data_get_boolean(vl->meta, "network:received", &received); + if (status == -ENOENT) + return 1; + else if (status != 0) { + ERROR("network plugin: check_send_okay: meta_data_get_boolean failed " + "with status %i.", + status); + return 1; + } + + /* By default, only *send* value lists that were not *received* by the + * network plugin. */ + return !received; +} /* }}} bool check_send_okay */ + +static bool check_notify_received(const notification_t *n) /* {{{ */ +{ + for (notification_meta_t *ptr = n->meta; ptr != NULL; ptr = ptr->next) + if ((strcmp("network:received", ptr->name) == 0) && + (ptr->type == NM_TYPE_BOOLEAN)) + return (bool)ptr->nm_value.nm_boolean; + + return 0; +} /* }}} bool check_notify_received */ + +static bool check_send_notify_okay(const notification_t *n) /* {{{ */ +{ + static c_complain_t complain_forwarding = C_COMPLAIN_INIT_STATIC; + bool received = 0; + + if (n->meta == NULL) + return 1; + + received = check_notify_received(n); + + if (network_config_forward && received) { + c_complain_once( + LOG_ERR, &complain_forwarding, + "network plugin: A notification has been received via the network " + "and forwarding is enabled. Forwarding of notifications is currently " + "not supported, because there is not loop-deteciton available. " + "Please contact the collectd mailing list if you need this " + "feature."); + } + + /* By default, only *send* value lists that were not *received* by the + * network plugin. */ + return !received; +} /* }}} bool check_send_notify_okay */ + +static int network_dispatch_values(value_list_t *vl, /* {{{ */ + const char *username) { + int status; + + if ((vl->time == 0) || (strlen(vl->host) == 0) || (strlen(vl->plugin) == 0) || + (strlen(vl->type) == 0)) + return -EINVAL; + + if (!check_receive_okay(vl)) { +#if COLLECT_DEBUG + char name[6 * DATA_MAX_NAME_LEN]; + FORMAT_VL(name, sizeof(name), vl); + name[sizeof(name) - 1] = 0; + DEBUG("network plugin: network_dispatch_values: " + "NOT dispatching %s.", + name); +#endif + stats_values_not_dispatched++; + return 0; + } + + assert(vl->meta == NULL); + + vl->meta = meta_data_create(); + if (vl->meta == NULL) { + ERROR("network plugin: meta_data_create failed."); + return -ENOMEM; + } + + status = meta_data_add_boolean(vl->meta, "network:received", 1); + if (status != 0) { + ERROR("network plugin: meta_data_add_boolean failed."); + meta_data_destroy(vl->meta); + vl->meta = NULL; + return status; + } + + if (username != NULL) { + status = meta_data_add_string(vl->meta, "network:username", username); + if (status != 0) { + ERROR("network plugin: meta_data_add_string failed."); + meta_data_destroy(vl->meta); + vl->meta = NULL; + return status; + } + } + + plugin_dispatch_values(vl); + stats_values_dispatched++; + + meta_data_destroy(vl->meta); + vl->meta = NULL; + + return 0; +} /* }}} int network_dispatch_values */ + +static int network_dispatch_notification(notification_t *n) /* {{{ */ +{ + int status; + + assert(n->meta == NULL); + + status = plugin_notification_meta_add_boolean(n, "network:received", 1); + if (status != 0) { + ERROR("network plugin: plugin_notification_meta_add_boolean failed."); + plugin_notification_meta_free(n->meta); + n->meta = NULL; + return status; + } + + status = plugin_dispatch_notification(n); + + plugin_notification_meta_free(n->meta); + n->meta = NULL; + + return status; +} /* }}} int network_dispatch_notification */ + +#if HAVE_GCRYPT_H +static int network_init_gcrypt(void) /* {{{ */ +{ + gcry_error_t err; + + /* http://lists.gnupg.org/pipermail/gcrypt-devel/2003-August/000458.html + * Because you can't know in a library whether another library has + * already initialized the library */ + if (gcry_control(GCRYCTL_ANY_INITIALIZATION_P)) + return 0; + +/* http://www.gnupg.org/documentation/manuals/gcrypt/Multi_002dThreading.html + * To ensure thread-safety, it's important to set GCRYCTL_SET_THREAD_CBS + * *before* initalizing Libgcrypt with gcry_check_version(), which itself must + * be called before any other gcry_* function. GCRYCTL_ANY_INITIALIZATION_P + * above doesn't count, as it doesn't implicitly initalize Libgcrypt. + * + * tl;dr: keep all these gry_* statements in this exact order please. */ +#if GCRYPT_VERSION_NUMBER < 0x010600 + err = gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); + if (err) { + ERROR("network plugin: gcry_control (GCRYCTL_SET_THREAD_CBS) failed: %s", + gcry_strerror(err)); + return -1; + } +#endif + + gcry_check_version(NULL); + + err = gcry_control(GCRYCTL_INIT_SECMEM, 32768); + if (err) { + ERROR("network plugin: gcry_control (GCRYCTL_INIT_SECMEM) failed: %s", + gcry_strerror(err)); + return -1; + } + + gcry_control(GCRYCTL_INITIALIZATION_FINISHED); + return 0; +} /* }}} int network_init_gcrypt */ + +static gcry_cipher_hd_t network_get_aes256_cypher(sockent_t *se, /* {{{ */ + const void *iv, + size_t iv_size, + const char *username) { + gcry_error_t err; + gcry_cipher_hd_t *cyper_ptr; + unsigned char password_hash[32]; + + if (se->type == SOCKENT_TYPE_CLIENT) { + cyper_ptr = &se->data.client.cypher; + memcpy(password_hash, se->data.client.password_hash, sizeof(password_hash)); + } else { + char *secret; + + cyper_ptr = &se->data.server.cypher; + + if (username == NULL) + return NULL; + + secret = fbh_get(se->data.server.userdb, username); + if (secret == NULL) + return NULL; + + gcry_md_hash_buffer(GCRY_MD_SHA256, password_hash, secret, strlen(secret)); + + sfree(secret); + } + + if (*cyper_ptr == NULL) { + err = gcry_cipher_open(cyper_ptr, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_OFB, + /* flags = */ 0); + if (err != 0) { + ERROR("network plugin: gcry_cipher_open returned: %s", + gcry_strerror(err)); + *cyper_ptr = NULL; + return NULL; + } + } else { + gcry_cipher_reset(*cyper_ptr); + } + assert(*cyper_ptr != NULL); + + err = gcry_cipher_setkey(*cyper_ptr, password_hash, sizeof(password_hash)); + if (err != 0) { + ERROR("network plugin: gcry_cipher_setkey returned: %s", + gcry_strerror(err)); + gcry_cipher_close(*cyper_ptr); + *cyper_ptr = NULL; + return NULL; + } + + err = gcry_cipher_setiv(*cyper_ptr, iv, iv_size); + if (err != 0) { + ERROR("network plugin: gcry_cipher_setkey returned: %s", + gcry_strerror(err)); + gcry_cipher_close(*cyper_ptr); + *cyper_ptr = NULL; + return NULL; + } + + return *cyper_ptr; +} /* }}} int network_get_aes256_cypher */ +#endif /* HAVE_GCRYPT_H */ + +static int write_part_values(char **ret_buffer, size_t *ret_buffer_len, + const data_set_t *ds, const value_list_t *vl) { + char *packet_ptr; + size_t packet_len; + int num_values; + + part_header_t pkg_ph; + uint16_t pkg_num_values; + uint8_t *pkg_values_types; + value_t *pkg_values; + + size_t offset; + + num_values = vl->values_len; + packet_len = sizeof(part_header_t) + sizeof(uint16_t) + + (num_values * sizeof(uint8_t)) + (num_values * sizeof(value_t)); + + if (*ret_buffer_len < packet_len) + return -1; + + pkg_values_types = malloc(num_values * sizeof(*pkg_values_types)); + if (pkg_values_types == NULL) { + ERROR("network plugin: write_part_values: malloc failed."); + return -1; + } + + pkg_values = malloc(num_values * sizeof(*pkg_values)); + if (pkg_values == NULL) { + free(pkg_values_types); + ERROR("network plugin: write_part_values: malloc failed."); + return -1; + } + + pkg_ph.type = htons(TYPE_VALUES); + pkg_ph.length = htons(packet_len); + + pkg_num_values = htons((uint16_t)vl->values_len); + + for (int i = 0; i < num_values; i++) { + pkg_values_types[i] = (uint8_t)ds->ds[i].type; + switch (ds->ds[i].type) { + case DS_TYPE_COUNTER: + pkg_values[i].counter = htonll(vl->values[i].counter); + break; + + case DS_TYPE_GAUGE: + pkg_values[i].gauge = htond(vl->values[i].gauge); + break; + + case DS_TYPE_DERIVE: + pkg_values[i].derive = htonll(vl->values[i].derive); + break; + + case DS_TYPE_ABSOLUTE: + pkg_values[i].absolute = htonll(vl->values[i].absolute); + break; + + default: + free(pkg_values_types); + free(pkg_values); + ERROR("network plugin: write_part_values: " + "Unknown data source type: %i", + ds->ds[i].type); + return -1; + } /* switch (ds->ds[i].type) */ + } /* for (num_values) */ + + /* + * Use `memcpy' to write everything to the buffer, because the pointer + * may be unaligned and some architectures, such as SPARC, can't handle + * that. + */ + packet_ptr = *ret_buffer; + offset = 0; + memcpy(packet_ptr + offset, &pkg_ph, sizeof(pkg_ph)); + offset += sizeof(pkg_ph); + memcpy(packet_ptr + offset, &pkg_num_values, sizeof(pkg_num_values)); + offset += sizeof(pkg_num_values); + memcpy(packet_ptr + offset, pkg_values_types, num_values * sizeof(uint8_t)); + offset += num_values * sizeof(uint8_t); + memcpy(packet_ptr + offset, pkg_values, num_values * sizeof(value_t)); + offset += num_values * sizeof(value_t); + + assert(offset == packet_len); + + *ret_buffer = packet_ptr + packet_len; + *ret_buffer_len -= packet_len; + + free(pkg_values_types); + free(pkg_values); + + return 0; +} /* int write_part_values */ + +static int write_part_number(char **ret_buffer, size_t *ret_buffer_len, + int type, uint64_t value) { + char *packet_ptr; + size_t packet_len; + + part_header_t pkg_head; + uint64_t pkg_value; + + size_t offset; + + packet_len = sizeof(pkg_head) + sizeof(pkg_value); + + if (*ret_buffer_len < packet_len) + return -1; + + pkg_head.type = htons(type); + pkg_head.length = htons(packet_len); + pkg_value = htonll(value); + + packet_ptr = *ret_buffer; + offset = 0; + memcpy(packet_ptr + offset, &pkg_head, sizeof(pkg_head)); + offset += sizeof(pkg_head); + memcpy(packet_ptr + offset, &pkg_value, sizeof(pkg_value)); + offset += sizeof(pkg_value); + + assert(offset == packet_len); + + *ret_buffer = packet_ptr + packet_len; + *ret_buffer_len -= packet_len; + + return 0; +} /* int write_part_number */ + +static int write_part_string(char **ret_buffer, size_t *ret_buffer_len, + int type, const char *str, size_t str_len) { + char *buffer; + size_t buffer_len; + + uint16_t pkg_type; + uint16_t pkg_length; + + size_t offset; + + buffer_len = 2 * sizeof(uint16_t) + str_len + 1; + if (*ret_buffer_len < buffer_len) + return -1; + + pkg_type = htons(type); + pkg_length = htons(buffer_len); + + buffer = *ret_buffer; + offset = 0; + memcpy(buffer + offset, (void *)&pkg_type, sizeof(pkg_type)); + offset += sizeof(pkg_type); + memcpy(buffer + offset, (void *)&pkg_length, sizeof(pkg_length)); + offset += sizeof(pkg_length); + memcpy(buffer + offset, str, str_len); + offset += str_len; + memset(buffer + offset, '\0', 1); + offset += 1; + + assert(offset == buffer_len); + + *ret_buffer = buffer + buffer_len; + *ret_buffer_len -= buffer_len; + + return 0; +} /* int write_part_string */ + +static int parse_part_values(void **ret_buffer, size_t *ret_buffer_len, + value_t **ret_values, size_t *ret_num_values) { + char *buffer = *ret_buffer; + size_t buffer_len = *ret_buffer_len; + + uint16_t tmp16; + size_t exp_size; + + uint16_t pkg_length; + uint16_t pkg_type; + size_t pkg_numval; + + uint8_t *pkg_types; + value_t *pkg_values; + + if (buffer_len < 15) { + NOTICE("network plugin: packet is too short: " + "buffer_len = %" PRIsz, + buffer_len); + return -1; + } + + memcpy((void *)&tmp16, buffer, sizeof(tmp16)); + buffer += sizeof(tmp16); + pkg_type = ntohs(tmp16); + + memcpy((void *)&tmp16, buffer, sizeof(tmp16)); + buffer += sizeof(tmp16); + pkg_length = ntohs(tmp16); + + memcpy((void *)&tmp16, buffer, sizeof(tmp16)); + buffer += sizeof(tmp16); + pkg_numval = (size_t)ntohs(tmp16); + + assert(pkg_type == TYPE_VALUES); + + exp_size = + 3 * sizeof(uint16_t) + pkg_numval * (sizeof(uint8_t) + sizeof(value_t)); + if (buffer_len < exp_size) { + WARNING("network plugin: parse_part_values: " + "Packet too short: " + "Chunk of size %" PRIsz " expected, " + "but buffer has only %" PRIsz " bytes left.", + exp_size, buffer_len); + return -1; + } + assert(pkg_numval <= ((buffer_len - 6) / 9)); + + if (pkg_length != exp_size) { + WARNING("network plugin: parse_part_values: " + "Length and number of values " + "in the packet don't match."); + return -1; + } + + pkg_types = calloc(pkg_numval, sizeof(*pkg_types)); + pkg_values = calloc(pkg_numval, sizeof(*pkg_values)); + if ((pkg_types == NULL) || (pkg_values == NULL)) { + sfree(pkg_types); + sfree(pkg_values); + ERROR("network plugin: parse_part_values: calloc failed."); + return -1; + } + + memcpy(pkg_types, buffer, pkg_numval * sizeof(*pkg_types)); + buffer += pkg_numval * sizeof(*pkg_types); + memcpy(pkg_values, buffer, pkg_numval * sizeof(*pkg_values)); + buffer += pkg_numval * sizeof(*pkg_values); + + for (size_t i = 0; i < pkg_numval; i++) { + switch (pkg_types[i]) { + case DS_TYPE_COUNTER: + pkg_values[i].counter = (counter_t)ntohll(pkg_values[i].counter); + break; + + case DS_TYPE_GAUGE: + pkg_values[i].gauge = (gauge_t)ntohd(pkg_values[i].gauge); + break; + + case DS_TYPE_DERIVE: + pkg_values[i].derive = (derive_t)ntohll(pkg_values[i].derive); + break; + + case DS_TYPE_ABSOLUTE: + pkg_values[i].absolute = (absolute_t)ntohll(pkg_values[i].absolute); + break; + + default: + NOTICE("network plugin: parse_part_values: " + "Don't know how to handle data source type %" PRIu8, + pkg_types[i]); + sfree(pkg_types); + sfree(pkg_values); + return -1; + } /* switch (pkg_types[i]) */ + } + + *ret_buffer = buffer; + *ret_buffer_len = buffer_len - pkg_length; + *ret_num_values = pkg_numval; + *ret_values = pkg_values; + + sfree(pkg_types); + + return 0; +} /* int parse_part_values */ + +static int parse_part_number(void **ret_buffer, size_t *ret_buffer_len, + uint64_t *value) { + char *buffer = *ret_buffer; + size_t buffer_len = *ret_buffer_len; + + uint16_t tmp16; + uint64_t tmp64; + size_t exp_size = 2 * sizeof(uint16_t) + sizeof(uint64_t); + + uint16_t pkg_length; + + if (buffer_len < exp_size) { + WARNING("network plugin: parse_part_number: " + "Packet too short: " + "Chunk of size %" PRIsz " expected, " + "but buffer has only %" PRIsz " bytes left.", + exp_size, buffer_len); + return -1; + } + + memcpy((void *)&tmp16, buffer, sizeof(tmp16)); + buffer += sizeof(tmp16); + /* pkg_type = ntohs (tmp16); */ + + memcpy((void *)&tmp16, buffer, sizeof(tmp16)); + buffer += sizeof(tmp16); + pkg_length = ntohs(tmp16); + + memcpy((void *)&tmp64, buffer, sizeof(tmp64)); + buffer += sizeof(tmp64); + *value = ntohll(tmp64); + + *ret_buffer = buffer; + *ret_buffer_len = buffer_len - pkg_length; + + return 0; +} /* int parse_part_number */ + +static int parse_part_string(void **ret_buffer, size_t *ret_buffer_len, + char *output, size_t const output_len) { + char *buffer = *ret_buffer; + size_t buffer_len = *ret_buffer_len; + + uint16_t tmp16; + size_t const header_size = 2 * sizeof(uint16_t); + + uint16_t pkg_length; + size_t payload_size; + + if (output_len == 0) + return EINVAL; + + if (buffer_len < header_size) { + WARNING("network plugin: parse_part_string: " + "Packet too short: " + "Chunk of at least size %" PRIsz " expected, " + "but buffer has only %" PRIsz " bytes left.", + header_size, buffer_len); + return -1; + } + + memcpy((void *)&tmp16, buffer, sizeof(tmp16)); + buffer += sizeof(tmp16); + /* pkg_type = ntohs (tmp16); */ + + memcpy((void *)&tmp16, buffer, sizeof(tmp16)); + buffer += sizeof(tmp16); + pkg_length = ntohs(tmp16); + payload_size = ((size_t)pkg_length) - header_size; + + /* Check that packet fits in the input buffer */ + if (pkg_length > buffer_len) { + WARNING("network plugin: parse_part_string: " + "Packet too big: " + "Chunk of size %" PRIu16 " received, " + "but buffer has only %" PRIsz " bytes left.", + pkg_length, buffer_len); + return -1; + } + + /* Check that pkg_length is in the valid range */ + if (pkg_length <= header_size) { + WARNING("network plugin: parse_part_string: " + "Packet too short: " + "Header claims this packet is only %hu " + "bytes long.", + pkg_length); + return -1; + } + + /* Check that the package data fits into the output buffer. + * The previous if-statement ensures that: + * `pkg_length > header_size' */ + if (output_len < payload_size) { + WARNING("network plugin: parse_part_string: " + "Buffer too small: " + "Output buffer holds %" PRIsz " bytes, " + "which is too small to hold the received " + "%" PRIsz " byte string.", + output_len, payload_size); + return -1; + } + + /* All sanity checks successfull, let's copy the data over */ + memcpy((void *)output, (void *)buffer, payload_size); + buffer += payload_size; + + /* For some very weird reason '\0' doesn't do the trick on SPARC in + * this statement. */ + if (output[payload_size - 1] != 0) { + WARNING("network plugin: parse_part_string: " + "Received string does not end " + "with a NULL-byte."); + return -1; + } + + *ret_buffer = buffer; + *ret_buffer_len = buffer_len - pkg_length; + + return 0; +} /* int parse_part_string */ + +/* Forward declaration: parse_part_sign_sha256 and parse_part_encr_aes256 call + * parse_packet and vice versa. */ +#define PP_SIGNED 0x01 +#define PP_ENCRYPTED 0x02 +static int parse_packet(sockent_t *se, void *buffer, size_t buffer_size, + int flags, const char *username); + +#define BUFFER_READ(p, s) \ + do { \ + memcpy((p), buffer + buffer_offset, (s)); \ + buffer_offset += (s); \ + } while (0) + +#if HAVE_GCRYPT_H +static int parse_part_sign_sha256(sockent_t *se, /* {{{ */ + void **ret_buffer, size_t *ret_buffer_len, + int flags) { + static c_complain_t complain_no_users = C_COMPLAIN_INIT_STATIC; + + char *buffer; + size_t buffer_len; + size_t buffer_offset; + + size_t username_len; + char *secret; + + part_signature_sha256_t pss; + uint16_t pss_head_length; + char hash[sizeof(pss.hash)]; + + gcry_md_hd_t hd; + gcry_error_t err; + unsigned char *hash_ptr; + + buffer = *ret_buffer; + buffer_len = *ret_buffer_len; + buffer_offset = 0; + + /* Check if the buffer has enough data for this structure. */ + if (buffer_len <= PART_SIGNATURE_SHA256_SIZE) + return -ENOMEM; + + /* Read type and length header */ + BUFFER_READ(&pss.head.type, sizeof(pss.head.type)); + BUFFER_READ(&pss.head.length, sizeof(pss.head.length)); + pss_head_length = ntohs(pss.head.length); + + /* Check if the `pss_head_length' is within bounds. */ + if ((pss_head_length <= PART_SIGNATURE_SHA256_SIZE) || + (pss_head_length > buffer_len)) { + ERROR("network plugin: HMAC-SHA-256 with invalid length received."); + return -1; + } + + if (se->data.server.userdb == NULL) { + c_complain( + LOG_NOTICE, &complain_no_users, + "network plugin: Received signed network packet but can't verify it " + "because no user DB has been configured. Will accept it."); + + *ret_buffer = buffer + pss_head_length; + *ret_buffer_len -= pss_head_length; + + return 0; + } + + /* Copy the hash. */ + BUFFER_READ(pss.hash, sizeof(pss.hash)); + + /* Calculate username length (without null byte) and allocate memory */ + username_len = pss_head_length - PART_SIGNATURE_SHA256_SIZE; + pss.username = malloc(username_len + 1); + if (pss.username == NULL) + return -ENOMEM; + + /* Read the username */ + BUFFER_READ(pss.username, username_len); + pss.username[username_len] = 0; + + assert(buffer_offset == pss_head_length); + + /* Query the password */ + secret = fbh_get(se->data.server.userdb, pss.username); + if (secret == NULL) { + ERROR("network plugin: Unknown user: %s", pss.username); + sfree(pss.username); + return -ENOENT; + } + + /* Create a hash device and check the HMAC */ + hd = NULL; + err = gcry_md_open(&hd, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC); + if (err != 0) { + ERROR("network plugin: Creating HMAC-SHA-256 object failed: %s", + gcry_strerror(err)); + sfree(secret); + sfree(pss.username); + return -1; + } + + err = gcry_md_setkey(hd, secret, strlen(secret)); + if (err != 0) { + ERROR("network plugin: gcry_md_setkey failed: %s", gcry_strerror(err)); + gcry_md_close(hd); + sfree(secret); + sfree(pss.username); + return -1; + } + + gcry_md_write(hd, buffer + PART_SIGNATURE_SHA256_SIZE, + buffer_len - PART_SIGNATURE_SHA256_SIZE); + hash_ptr = gcry_md_read(hd, GCRY_MD_SHA256); + if (hash_ptr == NULL) { + ERROR("network plugin: gcry_md_read failed."); + gcry_md_close(hd); + sfree(secret); + sfree(pss.username); + return -1; + } + memcpy(hash, hash_ptr, sizeof(hash)); + + /* Clean up */ + gcry_md_close(hd); + hd = NULL; + + if (memcmp(pss.hash, hash, sizeof(pss.hash)) != 0) { + WARNING("network plugin: Verifying HMAC-SHA-256 signature failed: " + "Hash mismatch. Username: %s", + pss.username); + } else { + parse_packet(se, buffer + buffer_offset, buffer_len - buffer_offset, + flags | PP_SIGNED, pss.username); + } + + sfree(secret); + sfree(pss.username); + + *ret_buffer = buffer + buffer_len; + *ret_buffer_len = 0; + + return 0; +} /* }}} int parse_part_sign_sha256 */ +/* #endif HAVE_GCRYPT_H */ + +#else /* if !HAVE_GCRYPT_H */ +static int parse_part_sign_sha256(sockent_t *se, /* {{{ */ + void **ret_buffer, size_t *ret_buffer_size, + int flags) { + static int warning_has_been_printed; + + char *buffer; + size_t buffer_size; + size_t buffer_offset; + uint16_t part_len; + + part_signature_sha256_t pss; + + buffer = *ret_buffer; + buffer_size = *ret_buffer_size; + buffer_offset = 0; + + if (buffer_size <= PART_SIGNATURE_SHA256_SIZE) + return -ENOMEM; + + BUFFER_READ(&pss.head.type, sizeof(pss.head.type)); + BUFFER_READ(&pss.head.length, sizeof(pss.head.length)); + part_len = ntohs(pss.head.length); + + if ((part_len <= PART_SIGNATURE_SHA256_SIZE) || (part_len > buffer_size)) + return -EINVAL; + + if (warning_has_been_printed == 0) { + WARNING("network plugin: Received signed packet, but the network " + "plugin was not linked with libgcrypt, so I cannot " + "verify the signature. The packet will be accepted."); + warning_has_been_printed = 1; + } + + parse_packet(se, buffer + part_len, buffer_size - part_len, flags, + /* username = */ NULL); + + *ret_buffer = buffer + buffer_size; + *ret_buffer_size = 0; + + return 0; +} /* }}} int parse_part_sign_sha256 */ +#endif /* !HAVE_GCRYPT_H */ + +#if HAVE_GCRYPT_H +static int parse_part_encr_aes256(sockent_t *se, /* {{{ */ + void **ret_buffer, size_t *ret_buffer_len, + int flags) { + char *buffer = *ret_buffer; + size_t buffer_len = *ret_buffer_len; + size_t payload_len; + size_t part_size; + size_t buffer_offset; + uint16_t username_len; + part_encryption_aes256_t pea; + unsigned char hash[sizeof(pea.hash)] = {0}; + + gcry_cipher_hd_t cypher; + gcry_error_t err; + + /* Make sure at least the header if available. */ + if (buffer_len <= PART_ENCRYPTION_AES256_SIZE) { + NOTICE("network plugin: parse_part_encr_aes256: " + "Discarding short packet."); + return -1; + } + + buffer_offset = 0; + + /* Copy the unencrypted information into `pea'. */ + BUFFER_READ(&pea.head.type, sizeof(pea.head.type)); + BUFFER_READ(&pea.head.length, sizeof(pea.head.length)); + + /* Check the `part size'. */ + part_size = ntohs(pea.head.length); + if ((part_size <= PART_ENCRYPTION_AES256_SIZE) || (part_size > buffer_len)) { + NOTICE("network plugin: parse_part_encr_aes256: " + "Discarding part with invalid size."); + return -1; + } + + /* Read the username */ + BUFFER_READ(&username_len, sizeof(username_len)); + username_len = ntohs(username_len); + + if ((username_len == 0) || + (username_len > (part_size - (PART_ENCRYPTION_AES256_SIZE + 1)))) { + NOTICE("network plugin: parse_part_encr_aes256: " + "Discarding part with invalid username length."); + return -1; + } + + assert(username_len > 0); + pea.username = malloc(username_len + 1); + if (pea.username == NULL) + return -ENOMEM; + BUFFER_READ(pea.username, username_len); + pea.username[username_len] = 0; + + /* Last but not least, the initialization vector */ + BUFFER_READ(pea.iv, sizeof(pea.iv)); + + /* Make sure we are at the right position */ + assert(buffer_offset == + (username_len + PART_ENCRYPTION_AES256_SIZE - sizeof(pea.hash))); + + cypher = network_get_aes256_cypher(se, pea.iv, sizeof(pea.iv), pea.username); + if (cypher == NULL) { + ERROR("network plugin: Failed to get cypher. Username: %s", pea.username); + sfree(pea.username); + return -1; + } + + payload_len = part_size - (PART_ENCRYPTION_AES256_SIZE + username_len); + assert(payload_len > 0); + + /* Decrypt the packet in-place */ + err = gcry_cipher_decrypt(cypher, buffer + buffer_offset, + part_size - buffer_offset, + /* in = */ NULL, /* in len = */ 0); + if (err != 0) { + ERROR("network plugin: gcry_cipher_decrypt returned: %s. Username: %s", + gcry_strerror(err), pea.username); + sfree(pea.username); + return -1; + } + + /* Read the hash */ + BUFFER_READ(pea.hash, sizeof(pea.hash)); + + /* Make sure we're at the right position - again */ + assert(buffer_offset == (username_len + PART_ENCRYPTION_AES256_SIZE)); + assert(buffer_offset == (part_size - payload_len)); + + /* Check hash sum */ + gcry_md_hash_buffer(GCRY_MD_SHA1, hash, buffer + buffer_offset, payload_len); + if (memcmp(hash, pea.hash, sizeof(hash)) != 0) { + ERROR("network plugin: Checksum mismatch. Username: %s", pea.username); + sfree(pea.username); + return -1; + } + + parse_packet(se, buffer + buffer_offset, payload_len, flags | PP_ENCRYPTED, + pea.username); + + /* Update return values */ + *ret_buffer = buffer + part_size; + *ret_buffer_len = buffer_len - part_size; + + sfree(pea.username); + + return 0; +} /* }}} int parse_part_encr_aes256 */ +/* #endif HAVE_GCRYPT_H */ + +#else /* if !HAVE_GCRYPT_H */ +static int parse_part_encr_aes256(sockent_t *se, /* {{{ */ + void **ret_buffer, size_t *ret_buffer_size, + int flags) { + static int warning_has_been_printed; + + char *buffer; + size_t buffer_size; + size_t buffer_offset; + + part_header_t ph; + size_t ph_length; + + buffer = *ret_buffer; + buffer_size = *ret_buffer_size; + buffer_offset = 0; + + /* parse_packet assures this minimum size. */ + assert(buffer_size >= (sizeof(ph.type) + sizeof(ph.length))); + + BUFFER_READ(&ph.type, sizeof(ph.type)); + BUFFER_READ(&ph.length, sizeof(ph.length)); + ph_length = ntohs(ph.length); + + if ((ph_length <= PART_ENCRYPTION_AES256_SIZE) || (ph_length > buffer_size)) { + ERROR("network plugin: AES-256 encrypted part " + "with invalid length received."); + return -1; + } + + if (warning_has_been_printed == 0) { + WARNING("network plugin: Received encrypted packet, but the network " + "plugin was not linked with libgcrypt, so I cannot " + "decrypt it. The part will be discarded."); + warning_has_been_printed = 1; + } + + *ret_buffer = (void *)(((char *)*ret_buffer) + ph_length); + *ret_buffer_size -= ph_length; + + return 0; +} /* }}} int parse_part_encr_aes256 */ +#endif /* !HAVE_GCRYPT_H */ + +#undef BUFFER_READ + +static int parse_packet(sockent_t *se, /* {{{ */ + void *buffer, size_t buffer_size, int flags, + const char *username) { + int status; + + value_list_t vl = VALUE_LIST_INIT; + notification_t n = {0}; + +#if HAVE_GCRYPT_H + int packet_was_signed = (flags & PP_SIGNED); + int packet_was_encrypted = (flags & PP_ENCRYPTED); + int printed_ignore_warning = 0; +#endif /* HAVE_GCRYPT_H */ + + memset(&vl, '\0', sizeof(vl)); + status = 0; + + while ((status == 0) && (0 < buffer_size) && + ((unsigned int)buffer_size > sizeof(part_header_t))) { + uint16_t pkg_length; + uint16_t pkg_type; + + memcpy((void *)&pkg_type, (void *)buffer, sizeof(pkg_type)); + memcpy((void *)&pkg_length, (void *)(((char *)buffer) + sizeof(pkg_type)), + sizeof(pkg_length)); + + pkg_length = ntohs(pkg_length); + pkg_type = ntohs(pkg_type); + + if (pkg_length > buffer_size) + break; + /* Ensure that this loop terminates eventually */ + if (pkg_length < (2 * sizeof(uint16_t))) + break; + + if (pkg_type == TYPE_ENCR_AES256) { + status = parse_part_encr_aes256(se, &buffer, &buffer_size, flags); + if (status != 0) { + ERROR("network plugin: Decrypting AES256 " + "part failed " + "with status %i.", + status); + break; + } + } +#if HAVE_GCRYPT_H + else if ((se->data.server.security_level == SECURITY_LEVEL_ENCRYPT) && + (packet_was_encrypted == 0)) { + if (printed_ignore_warning == 0) { + INFO("network plugin: Unencrypted packet or " + "part has been ignored."); + printed_ignore_warning = 1; + } + buffer = ((char *)buffer) + pkg_length; + buffer_size -= (size_t)pkg_length; + continue; + } +#endif /* HAVE_GCRYPT_H */ + else if (pkg_type == TYPE_SIGN_SHA256) { + status = parse_part_sign_sha256(se, &buffer, &buffer_size, flags); + if (status != 0) { + ERROR("network plugin: Verifying HMAC-SHA-256 " + "signature failed " + "with status %i.", + status); + break; + } + } +#if HAVE_GCRYPT_H + else if ((se->data.server.security_level == SECURITY_LEVEL_SIGN) && + (packet_was_encrypted == 0) && (packet_was_signed == 0)) { + if (printed_ignore_warning == 0) { + INFO("network plugin: Unsigned packet or " + "part has been ignored."); + printed_ignore_warning = 1; + } + buffer = ((char *)buffer) + pkg_length; + buffer_size -= (size_t)pkg_length; + continue; + } +#endif /* HAVE_GCRYPT_H */ + else if (pkg_type == TYPE_VALUES) { + status = + parse_part_values(&buffer, &buffer_size, &vl.values, &vl.values_len); + if (status != 0) + break; + + network_dispatch_values(&vl, username); + + sfree(vl.values); + } else if (pkg_type == TYPE_TIME) { + uint64_t tmp = 0; + status = parse_part_number(&buffer, &buffer_size, &tmp); + if (status == 0) { + vl.time = TIME_T_TO_CDTIME_T(tmp); + n.time = TIME_T_TO_CDTIME_T(tmp); + } + } else if (pkg_type == TYPE_TIME_HR) { + uint64_t tmp = 0; + status = parse_part_number(&buffer, &buffer_size, &tmp); + if (status == 0) { + vl.time = (cdtime_t)tmp; + n.time = (cdtime_t)tmp; + } + } else if (pkg_type == TYPE_INTERVAL) { + uint64_t tmp = 0; + status = parse_part_number(&buffer, &buffer_size, &tmp); + if (status == 0) + vl.interval = TIME_T_TO_CDTIME_T(tmp); + } else if (pkg_type == TYPE_INTERVAL_HR) { + uint64_t tmp = 0; + status = parse_part_number(&buffer, &buffer_size, &tmp); + if (status == 0) + vl.interval = (cdtime_t)tmp; + } else if (pkg_type == TYPE_HOST) { + status = + parse_part_string(&buffer, &buffer_size, vl.host, sizeof(vl.host)); + if (status == 0) + sstrncpy(n.host, vl.host, sizeof(n.host)); + } else if (pkg_type == TYPE_PLUGIN) { + status = parse_part_string(&buffer, &buffer_size, vl.plugin, + sizeof(vl.plugin)); + if (status == 0) + sstrncpy(n.plugin, vl.plugin, sizeof(n.plugin)); + } else if (pkg_type == TYPE_PLUGIN_INSTANCE) { + status = parse_part_string(&buffer, &buffer_size, vl.plugin_instance, + sizeof(vl.plugin_instance)); + if (status == 0) + sstrncpy(n.plugin_instance, vl.plugin_instance, + sizeof(n.plugin_instance)); + } else if (pkg_type == TYPE_TYPE) { + status = + parse_part_string(&buffer, &buffer_size, vl.type, sizeof(vl.type)); + if (status == 0) + sstrncpy(n.type, vl.type, sizeof(n.type)); + } else if (pkg_type == TYPE_TYPE_INSTANCE) { + status = parse_part_string(&buffer, &buffer_size, vl.type_instance, + sizeof(vl.type_instance)); + if (status == 0) + sstrncpy(n.type_instance, vl.type_instance, sizeof(n.type_instance)); + } else if (pkg_type == TYPE_MESSAGE) { + status = parse_part_string(&buffer, &buffer_size, n.message, + sizeof(n.message)); + + if (status != 0) { + /* do nothing */ + } else if ((n.severity != NOTIF_FAILURE) && + (n.severity != NOTIF_WARNING) && (n.severity != NOTIF_OKAY)) { + INFO("network plugin: " + "Ignoring notification with " + "unknown severity %i.", + n.severity); + } else if (n.time == 0) { + INFO("network plugin: " + "Ignoring notification with " + "time == 0."); + } else if (strlen(n.message) == 0) { + INFO("network plugin: " + "Ignoring notification with " + "an empty message."); + } else { + network_dispatch_notification(&n); + } + } else if (pkg_type == TYPE_SEVERITY) { + uint64_t tmp = 0; + status = parse_part_number(&buffer, &buffer_size, &tmp); + if (status == 0) + n.severity = (int)tmp; + } else { + DEBUG("network plugin: parse_packet: Unknown part" + " type: 0x%04hx", + pkg_type); + buffer = ((char *)buffer) + pkg_length; + buffer_size -= (size_t)pkg_length; + } + } /* while (buffer_size > sizeof (part_header_t)) */ + + if (status == 0 && buffer_size > 0) + WARNING("network plugin: parse_packet: Received truncated " + "packet, try increasing `MaxPacketSize'"); + + return status; +} /* }}} int parse_packet */ + +static void free_sockent_client(struct sockent_client *sec) /* {{{ */ +{ + if (sec->fd >= 0) { + close(sec->fd); + sec->fd = -1; + } + sfree(sec->addr); + sfree(sec->bind_addr); +#if HAVE_GCRYPT_H + sfree(sec->username); + sfree(sec->password); + if (sec->cypher != NULL) + gcry_cipher_close(sec->cypher); +#endif +} /* }}} void free_sockent_client */ + +static void free_sockent_server(struct sockent_server *ses) /* {{{ */ +{ + for (size_t i = 0; i < ses->fd_num; i++) { + if (ses->fd[i] >= 0) { + close(ses->fd[i]); + ses->fd[i] = -1; + } + } + + sfree(ses->fd); +#if HAVE_GCRYPT_H + sfree(ses->auth_file); + fbh_destroy(ses->userdb); + if (ses->cypher != NULL) + gcry_cipher_close(ses->cypher); +#endif +} /* }}} void free_sockent_server */ + +static void sockent_destroy(sockent_t *se) /* {{{ */ +{ + sockent_t *next; + + DEBUG("network plugin: sockent_destroy (se = %p);", (void *)se); + + while (se != NULL) { + next = se->next; + + sfree(se->node); + sfree(se->service); + + if (se->type == SOCKENT_TYPE_CLIENT) + free_sockent_client(&se->data.client); + else + free_sockent_server(&se->data.server); + + sfree(se); + se = next; + } +} /* }}} void sockent_destroy */ + +/* + * int network_set_ttl + * + * Set the `IP_MULTICAST_TTL', `IP_TTL', `IPV6_MULTICAST_HOPS' or + * `IPV6_UNICAST_HOPS', depending on which option is applicable. + * + * The `struct addrinfo' is used to destinguish between unicast and multicast + * sockets. + */ +static int network_set_ttl(const sockent_t *se, const struct addrinfo *ai) { + DEBUG("network plugin: network_set_ttl: network_config_ttl = %i;", + network_config_ttl); + + assert(se->type == SOCKENT_TYPE_CLIENT); + + if ((network_config_ttl < 1) || (network_config_ttl > 255)) + return -1; + + if (ai->ai_family == AF_INET) { + struct sockaddr_in *addr = (struct sockaddr_in *)ai->ai_addr; + int optname; + + if (IN_MULTICAST(ntohl(addr->sin_addr.s_addr))) + optname = IP_MULTICAST_TTL; + else + optname = IP_TTL; + + if (setsockopt(se->data.client.fd, IPPROTO_IP, optname, &network_config_ttl, + sizeof(network_config_ttl)) != 0) { + ERROR("network plugin: setsockopt (ipv4-ttl): %s", STRERRNO); + return -1; + } + } else if (ai->ai_family == AF_INET6) { + /* Useful example: + * http://gsyc.escet.urjc.es/~eva/IPv6-web/examples/mcast.html */ + struct sockaddr_in6 *addr = (struct sockaddr_in6 *)ai->ai_addr; + int optname; + + if (IN6_IS_ADDR_MULTICAST(&addr->sin6_addr)) + optname = IPV6_MULTICAST_HOPS; + else + optname = IPV6_UNICAST_HOPS; + + if (setsockopt(se->data.client.fd, IPPROTO_IPV6, optname, + &network_config_ttl, sizeof(network_config_ttl)) != 0) { + ERROR("network plugin: setsockopt(ipv6-ttl): %s", STRERRNO); + return -1; + } + } + + return 0; +} /* int network_set_ttl */ + +static int network_set_interface(const sockent_t *se, + const struct addrinfo *ai) /* {{{ */ +{ + DEBUG("network plugin: network_set_interface: interface index = %i;", + se->interface); + + assert(se->type == SOCKENT_TYPE_CLIENT); + + if (ai->ai_family == AF_INET) { + struct sockaddr_in *addr = (struct sockaddr_in *)ai->ai_addr; + + if (IN_MULTICAST(ntohl(addr->sin_addr.s_addr))) { +#if HAVE_STRUCT_IP_MREQN_IMR_IFINDEX + /* If possible, use the "ip_mreqn" structure which has + * an "interface index" member. Using the interface + * index is preferred here, because of its similarity + * to the way IPv6 handles this. Unfortunately, it + * appears not to be portable. */ + struct ip_mreqn mreq = {.imr_multiaddr.s_addr = addr->sin_addr.s_addr, + .imr_address.s_addr = ntohl(INADDR_ANY), + .imr_ifindex = se->interface}; +#else + struct ip_mreq mreq = {.imr_multiaddr.s_addr = addr->sin_addr.s_addr, + .imr_interface.s_addr = ntohl(INADDR_ANY)}; +#endif + + if (setsockopt(se->data.client.fd, IPPROTO_IP, IP_MULTICAST_IF, &mreq, + sizeof(mreq)) != 0) { + ERROR("network plugin: setsockopt (ipv4-multicast-if): %s", STRERRNO); + return -1; + } + + return 0; + } + } else if (ai->ai_family == AF_INET6) { + struct sockaddr_in6 *addr = (struct sockaddr_in6 *)ai->ai_addr; + + if (IN6_IS_ADDR_MULTICAST(&addr->sin6_addr)) { + if (setsockopt(se->data.client.fd, IPPROTO_IPV6, IPV6_MULTICAST_IF, + &se->interface, sizeof(se->interface)) != 0) { + ERROR("network plugin: setsockopt (ipv6-multicast-if): %s", STRERRNO); + return -1; + } + + return 0; + } + } + + /* else: Not a multicast interface. */ + if (se->interface != 0) { +#if defined(HAVE_IF_INDEXTONAME) && HAVE_IF_INDEXTONAME && \ + defined(SO_BINDTODEVICE) + char interface_name[IFNAMSIZ]; + + if (if_indextoname(se->interface, interface_name) == NULL) + return -1; + + DEBUG("network plugin: Binding socket to interface %s", interface_name); + + if (setsockopt(se->data.client.fd, SOL_SOCKET, SO_BINDTODEVICE, + interface_name, sizeof(interface_name)) == -1) { + ERROR("network plugin: setsockopt (bind-if): %s", STRERRNO); + return -1; + } +/* #endif HAVE_IF_INDEXTONAME && SO_BINDTODEVICE */ + +#else + WARNING("network plugin: Cannot set the interface on a unicast " + "socket because " +#if !defined(SO_BINDTODEVICE) + "the \"SO_BINDTODEVICE\" socket option " +#else + "the \"if_indextoname\" function " +#endif + "is not available on your system."); +#endif + } + + return 0; +} /* }}} network_set_interface */ + +static int network_bind_socket_to_addr(sockent_t *se, + const struct addrinfo *ai) { + + if (se->data.client.bind_addr == NULL) + return 0; + + DEBUG("network_plugin: fd %i: bind socket to address", se->data.client.fd); + char pbuffer[64]; + + if (ai->ai_family == AF_INET) { + struct sockaddr_in *addr = + (struct sockaddr_in *)(se->data.client.bind_addr); + inet_ntop(AF_INET, &(addr->sin_addr), pbuffer, 64); + DEBUG("network_plugin: binding client socket to ipv4 address: %s", pbuffer); + if (bind(se->data.client.fd, (struct sockaddr *)addr, sizeof(*addr)) == + -1) { + ERROR("network_plugin: failed to bind client socket (ipv4): %s", + STRERRNO); + return -1; + } + } else if (ai->ai_family == AF_INET6) { + struct sockaddr_in6 *addr = + (struct sockaddr_in6 *)(se->data.client.bind_addr); + inet_ntop(AF_INET, &(addr->sin6_addr), pbuffer, 64); + DEBUG("network_plugin: binding client socket to ipv6 address: %s", pbuffer); + if (bind(se->data.client.fd, (struct sockaddr *)addr, sizeof(*addr)) == + -1) { + ERROR("network_plugin: failed to bind client socket (ipv6): %s", + STRERRNO); + return -1; + } + } + + return 0; +} /* int network_bind_socket_to_addr */ + +static int network_bind_socket(int fd, const struct addrinfo *ai, + const int interface_idx) { +#if KERNEL_SOLARIS + char loop = 0; +#else + int loop = 0; +#endif + int yes = 1; + + /* allow multiple sockets to use the same PORT number */ + if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes)) == -1) { + ERROR("network plugin: setsockopt (reuseaddr): %s", STRERRNO); + return -1; + } + + DEBUG("fd = %i; calling `bind'", fd); + + if (bind(fd, ai->ai_addr, ai->ai_addrlen) == -1) { + ERROR("bind: %s", STRERRNO); + return -1; + } + + if (ai->ai_family == AF_INET) { + struct sockaddr_in *addr = (struct sockaddr_in *)ai->ai_addr; + if (IN_MULTICAST(ntohl(addr->sin_addr.s_addr))) { +#if HAVE_STRUCT_IP_MREQN_IMR_IFINDEX + struct ip_mreqn mreq; +#else + struct ip_mreq mreq; +#endif + + DEBUG("fd = %i; IPv4 multicast address found", fd); + + mreq.imr_multiaddr.s_addr = addr->sin_addr.s_addr; +#if HAVE_STRUCT_IP_MREQN_IMR_IFINDEX + /* Set the interface using the interface index if + * possible (available). Unfortunately, the struct + * ip_mreqn is not portable. */ + mreq.imr_address.s_addr = ntohl(INADDR_ANY); + mreq.imr_ifindex = interface_idx; +#else + mreq.imr_interface.s_addr = ntohl(INADDR_ANY); +#endif + + if (setsockopt(fd, IPPROTO_IP, IP_MULTICAST_LOOP, &loop, sizeof(loop)) == + -1) { + ERROR("network plugin: setsockopt (multicast-loop): %s", STRERRNO); + return -1; + } + + if (setsockopt(fd, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq)) == + -1) { + ERROR("network plugin: setsockopt (add-membership): %s", STRERRNO); + return -1; + } + + return 0; + } + } else if (ai->ai_family == AF_INET6) { + /* Useful example: + * http://gsyc.escet.urjc.es/~eva/IPv6-web/examples/mcast.html */ + struct sockaddr_in6 *addr = (struct sockaddr_in6 *)ai->ai_addr; + if (IN6_IS_ADDR_MULTICAST(&addr->sin6_addr)) { + struct ipv6_mreq mreq; + + DEBUG("fd = %i; IPv6 multicast address found", fd); + + memcpy(&mreq.ipv6mr_multiaddr, &addr->sin6_addr, sizeof(addr->sin6_addr)); + + /* http://developer.apple.com/documentation/Darwin/Reference/ManPages/man4/ip6.4.html + * ipv6mr_interface may be set to zeroes to + * choose the default multicast interface or to + * the index of a particular multicast-capable + * interface if the host is multihomed. + * Membership is associ-associated with a + * single interface; programs running on + * multihomed hosts may need to join the same + * group on more than one interface.*/ + mreq.ipv6mr_interface = interface_idx; + + if (setsockopt(fd, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, &loop, + sizeof(loop)) == -1) { + ERROR("network plugin: setsockopt (ipv6-multicast-loop): %s", STRERRNO); + return -1; + } + + if (setsockopt(fd, IPPROTO_IPV6, IPV6_ADD_MEMBERSHIP, &mreq, + sizeof(mreq)) == -1) { + ERROR("network plugin: setsockopt (ipv6-add-membership): %s", STRERRNO); + return -1; + } + + return 0; + } + } + +#if defined(HAVE_IF_INDEXTONAME) && HAVE_IF_INDEXTONAME && \ + defined(SO_BINDTODEVICE) + /* if a specific interface was set, bind the socket to it. But to avoid + * possible problems with multicast routing, only do that for non-multicast + * addresses */ + if (interface_idx != 0) { + char interface_name[IFNAMSIZ]; + + if (if_indextoname(interface_idx, interface_name) == NULL) + return -1; + + DEBUG("fd = %i; Binding socket to interface %s", fd, interface_name); + + if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, interface_name, + sizeof(interface_name)) == -1) { + ERROR("network plugin: setsockopt (bind-if): %s", STRERRNO); + return -1; + } + } +#endif /* HAVE_IF_INDEXTONAME && SO_BINDTODEVICE */ + + return 0; +} /* int network_bind_socket */ + +/* Initialize a sockent structure. `type' must be either `SOCKENT_TYPE_CLIENT' + * or `SOCKENT_TYPE_SERVER' */ +static sockent_t *sockent_create(int type) /* {{{ */ +{ + sockent_t *se; + + if ((type != SOCKENT_TYPE_CLIENT) && (type != SOCKENT_TYPE_SERVER)) + return NULL; + + se = calloc(1, sizeof(*se)); + if (se == NULL) + return NULL; + + se->type = type; + se->node = NULL; + se->service = NULL; + se->interface = 0; + se->next = NULL; + + if (type == SOCKENT_TYPE_SERVER) { + se->data.server.fd = NULL; + se->data.server.fd_num = 0; +#if HAVE_GCRYPT_H + se->data.server.security_level = SECURITY_LEVEL_NONE; + se->data.server.auth_file = NULL; + se->data.server.userdb = NULL; + se->data.server.cypher = NULL; +#endif + } else { + se->data.client.fd = -1; + se->data.client.addr = NULL; + se->data.client.bind_addr = NULL; + se->data.client.resolve_interval = 0; + se->data.client.next_resolve_reconnect = 0; +#if HAVE_GCRYPT_H + se->data.client.security_level = SECURITY_LEVEL_NONE; + se->data.client.username = NULL; + se->data.client.password = NULL; + se->data.client.cypher = NULL; +#endif + } + + return se; +} /* }}} sockent_t *sockent_create */ + +static int sockent_init_crypto(sockent_t *se) /* {{{ */ +{ +#if HAVE_GCRYPT_H /* {{{ */ + if (se->type == SOCKENT_TYPE_CLIENT) { + if (se->data.client.security_level > SECURITY_LEVEL_NONE) { + if (network_init_gcrypt() < 0) { + ERROR("network plugin: Cannot configure client socket with " + "security: Failed to initialize crypto library."); + return -1; + } + + if ((se->data.client.username == NULL) || + (se->data.client.password == NULL)) { + ERROR("network plugin: Client socket with " + "security requested, but no " + "credentials are configured."); + return -1; + } + gcry_md_hash_buffer(GCRY_MD_SHA256, se->data.client.password_hash, + se->data.client.password, + strlen(se->data.client.password)); + } + } else /* (se->type == SOCKENT_TYPE_SERVER) */ + { + if ((se->data.server.security_level > SECURITY_LEVEL_NONE) && + (se->data.server.auth_file == NULL)) { + ERROR("network plugin: Server socket with security requested, " + "but no \"AuthFile\" is configured."); + return -1; + } + if (se->data.server.auth_file != NULL) { + if (network_init_gcrypt() < 0) { + ERROR("network plugin: Cannot configure server socket with security: " + "Failed to initialize crypto library."); + return -1; + } + + se->data.server.userdb = fbh_create(se->data.server.auth_file); + if (se->data.server.userdb == NULL) { + ERROR("network plugin: Reading password file \"%s\" failed.", + se->data.server.auth_file); + return -1; + } + } + } +#endif /* }}} HAVE_GCRYPT_H */ + + return 0; +} /* }}} int sockent_init_crypto */ + +static int sockent_client_disconnect(sockent_t *se) /* {{{ */ +{ + struct sockent_client *client; + + if ((se == NULL) || (se->type != SOCKENT_TYPE_CLIENT)) + return EINVAL; + + client = &se->data.client; + if (client->fd >= 0) /* connected */ + { + close(client->fd); + client->fd = -1; + } + + sfree(client->addr); + client->addrlen = 0; + + return 0; +} /* }}} int sockent_client_disconnect */ + +static int sockent_client_connect(sockent_t *se) /* {{{ */ +{ + static c_complain_t complaint = C_COMPLAIN_INIT_STATIC; + + struct sockent_client *client; + struct addrinfo *ai_list; + int status; + bool reconnect = false; + cdtime_t now; + + if ((se == NULL) || (se->type != SOCKENT_TYPE_CLIENT)) + return EINVAL; + + client = &se->data.client; + + now = cdtime(); + if (client->resolve_interval != 0 && client->next_resolve_reconnect < now) { + DEBUG("network plugin: Reconnecting socket, resolve_interval = %lf, " + "next_resolve_reconnect = %lf", + CDTIME_T_TO_DOUBLE(client->resolve_interval), + CDTIME_T_TO_DOUBLE(client->next_resolve_reconnect)); + reconnect = true; + } + + if (client->fd >= 0 && !reconnect) /* already connected and not stale*/ + return 0; + + struct addrinfo ai_hints = {.ai_family = AF_UNSPEC, + .ai_flags = AI_ADDRCONFIG, + .ai_protocol = IPPROTO_UDP, + .ai_socktype = SOCK_DGRAM}; + + status = getaddrinfo(se->node, + (se->service != NULL) ? se->service : NET_DEFAULT_PORT, + &ai_hints, &ai_list); + if (status != 0) { + c_complain( + LOG_ERR, &complaint, "network plugin: getaddrinfo (%s, %s) failed: %s", + (se->node == NULL) ? "(null)" : se->node, + (se->service == NULL) ? "(null)" : se->service, gai_strerror(status)); + return -1; + } else { + c_release(LOG_NOTICE, &complaint, + "network plugin: Successfully resolved \"%s\".", se->node); + } + + for (struct addrinfo *ai_ptr = ai_list; ai_ptr != NULL; + ai_ptr = ai_ptr->ai_next) { + if (client->fd >= 0) /* when we reconnect */ + sockent_client_disconnect(se); + + client->fd = + socket(ai_ptr->ai_family, ai_ptr->ai_socktype, ai_ptr->ai_protocol); + if (client->fd < 0) { + ERROR("network plugin: socket(2) failed: %s", STRERRNO); + continue; + } + + client->addr = calloc(1, sizeof(*client->addr)); + if (client->addr == NULL) { + ERROR("network plugin: calloc failed."); + close(client->fd); + client->fd = -1; + continue; + } + + assert(sizeof(*client->addr) >= ai_ptr->ai_addrlen); + memcpy(client->addr, ai_ptr->ai_addr, ai_ptr->ai_addrlen); + client->addrlen = ai_ptr->ai_addrlen; + + network_set_ttl(se, ai_ptr); + network_set_interface(se, ai_ptr); + network_bind_socket_to_addr(se, ai_ptr); + + /* We don't open more than one write-socket per + * node/service pair.. */ + break; + } + + freeaddrinfo(ai_list); + if (client->fd < 0) + return -1; + + if (client->resolve_interval > 0) + client->next_resolve_reconnect = now + client->resolve_interval; + return 0; +} /* }}} int sockent_client_connect */ + +/* Open the file descriptors for a initialized sockent structure. */ +static int sockent_server_listen(sockent_t *se) /* {{{ */ +{ + struct addrinfo *ai_list; + int status; + + const char *node; + const char *service; + + if (se == NULL) + return -1; + + assert(se->data.server.fd == NULL); + assert(se->data.server.fd_num == 0); + + node = se->node; + service = se->service; + + if (service == NULL) + service = NET_DEFAULT_PORT; + + DEBUG("network plugin: sockent_server_listen: node = %s; service = %s;", node, + service); + + struct addrinfo ai_hints = {.ai_family = AF_UNSPEC, + .ai_flags = AI_ADDRCONFIG | AI_PASSIVE, + .ai_protocol = IPPROTO_UDP, + .ai_socktype = SOCK_DGRAM}; + + status = getaddrinfo(node, service, &ai_hints, &ai_list); + if (status != 0) { + ERROR("network plugin: getaddrinfo (%s, %s) failed: %s", + (se->node == NULL) ? "(null)" : se->node, + (se->service == NULL) ? "(null)" : se->service, gai_strerror(status)); + return -1; + } + + for (struct addrinfo *ai_ptr = ai_list; ai_ptr != NULL; + ai_ptr = ai_ptr->ai_next) { + int *tmp; + + tmp = realloc(se->data.server.fd, + sizeof(*tmp) * (se->data.server.fd_num + 1)); + if (tmp == NULL) { + ERROR("network plugin: realloc failed."); + continue; + } + se->data.server.fd = tmp; + tmp = se->data.server.fd + se->data.server.fd_num; + + *tmp = socket(ai_ptr->ai_family, ai_ptr->ai_socktype, ai_ptr->ai_protocol); + if (*tmp < 0) { + ERROR("network plugin: socket(2) failed: %s", STRERRNO); + continue; + } + + status = network_bind_socket(*tmp, ai_ptr, se->interface); + if (status != 0) { + close(*tmp); + *tmp = -1; + continue; + } + + se->data.server.fd_num++; + continue; + } /* for (ai_list) */ + + freeaddrinfo(ai_list); + + if (se->data.server.fd_num == 0) + return -1; + return 0; +} /* }}} int sockent_server_listen */ + +/* Add a sockent to the global list of sockets */ +static int sockent_add(sockent_t *se) /* {{{ */ +{ + sockent_t *last_ptr; + + if (se == NULL) + return -1; + + if (se->type == SOCKENT_TYPE_SERVER) { + struct pollfd *tmp; + + tmp = realloc(listen_sockets_pollfd, + sizeof(*tmp) * (listen_sockets_num + se->data.server.fd_num)); + if (tmp == NULL) { + ERROR("network plugin: realloc failed."); + return -1; + } + listen_sockets_pollfd = tmp; + tmp = listen_sockets_pollfd + listen_sockets_num; + + for (size_t i = 0; i < se->data.server.fd_num; i++) { + memset(tmp + i, 0, sizeof(*tmp)); + tmp[i].fd = se->data.server.fd[i]; + tmp[i].events = POLLIN | POLLPRI; + tmp[i].revents = 0; + } + + listen_sockets_num += se->data.server.fd_num; + + if (listen_sockets == NULL) { + listen_sockets = se; + return 0; + } + last_ptr = listen_sockets; + } else /* if (se->type == SOCKENT_TYPE_CLIENT) */ + { + if (sending_sockets == NULL) { + sending_sockets = se; + return 0; + } + last_ptr = sending_sockets; + } + + while (last_ptr->next != NULL) + last_ptr = last_ptr->next; + last_ptr->next = se; + + return 0; +} /* }}} int sockent_add */ + +static void *dispatch_thread(void __attribute__((unused)) * arg) /* {{{ */ +{ + while (42) { + receive_list_entry_t *ent; + sockent_t *se; + + /* Lock and wait for more data to come in */ + pthread_mutex_lock(&receive_list_lock); + while ((listen_loop == 0) && (receive_list_head == NULL)) + pthread_cond_wait(&receive_list_cond, &receive_list_lock); + + /* Remove the head entry and unlock */ + ent = receive_list_head; + if (ent != NULL) + receive_list_head = ent->next; + receive_list_length--; + pthread_mutex_unlock(&receive_list_lock); + + /* Check whether we are supposed to exit. We do NOT check `listen_loop' + * because we dispatch all missing packets before shutting down. */ + if (ent == NULL) + break; + + /* Look for the correct `sockent_t' */ + se = listen_sockets; + while (se != NULL) { + size_t i; + + for (i = 0; i < se->data.server.fd_num; i++) + if (se->data.server.fd[i] == ent->fd) + break; + + if (i < se->data.server.fd_num) + break; + + se = se->next; + } + + if (se == NULL) { + ERROR("network plugin: Got packet from FD %i, but can't " + "find an appropriate socket entry.", + ent->fd); + sfree(ent->data); + sfree(ent); + continue; + } + + parse_packet(se, ent->data, ent->data_len, /* flags = */ 0, + /* username = */ NULL); + sfree(ent->data); + sfree(ent); + } /* while (42) */ + + return NULL; +} /* }}} void *dispatch_thread */ + +static int network_receive(void) /* {{{ */ +{ + char buffer[network_config_packet_size]; + int buffer_len; + + int status = 0; + + receive_list_entry_t *private_list_head; + receive_list_entry_t *private_list_tail; + uint64_t private_list_length; + + assert(listen_sockets_num > 0); + + private_list_head = NULL; + private_list_tail = NULL; + private_list_length = 0; + + while (listen_loop == 0) { + status = poll(listen_sockets_pollfd, listen_sockets_num, -1); + if (status <= 0) { + if (errno == EINTR) + continue; + ERROR("network plugin: poll(2) failed: %s", STRERRNO); + break; + } + + for (size_t i = 0; (i < listen_sockets_num) && (status > 0); i++) { + receive_list_entry_t *ent; + + if ((listen_sockets_pollfd[i].revents & (POLLIN | POLLPRI)) == 0) + continue; + status--; + + buffer_len = recv(listen_sockets_pollfd[i].fd, buffer, sizeof(buffer), + 0 /* no flags */); + if (buffer_len < 0) { + status = (errno != 0) ? errno : -1; + ERROR("network plugin: recv(2) failed: %s", STRERRNO); + break; + } + + stats_octets_rx += ((uint64_t)buffer_len); + stats_packets_rx++; + + /* TODO: Possible performance enhancement: Do not free + * these entries in the dispatch thread but put them in + * another list, so we don't have to allocate more and + * more of these structures. */ + ent = calloc(1, sizeof(*ent)); + if (ent == NULL) { + ERROR("network plugin: calloc failed."); + status = ENOMEM; + break; + } + + ent->data = malloc(network_config_packet_size); + if (ent->data == NULL) { + sfree(ent); + ERROR("network plugin: malloc failed."); + status = ENOMEM; + break; + } + ent->fd = listen_sockets_pollfd[i].fd; + ent->next = NULL; + + memcpy(ent->data, buffer, buffer_len); + ent->data_len = buffer_len; + + if (private_list_head == NULL) + private_list_head = ent; + else + private_list_tail->next = ent; + private_list_tail = ent; + private_list_length++; + + /* Do not block here. Blocking here has led to + * insufficient performance in the past. */ + if (pthread_mutex_trylock(&receive_list_lock) == 0) { + assert(((receive_list_head == NULL) && (receive_list_length == 0)) || + ((receive_list_head != NULL) && (receive_list_length != 0))); + + if (receive_list_head == NULL) + receive_list_head = private_list_head; + else + receive_list_tail->next = private_list_head; + receive_list_tail = private_list_tail; + receive_list_length += private_list_length; + + pthread_cond_signal(&receive_list_cond); + pthread_mutex_unlock(&receive_list_lock); + + private_list_head = NULL; + private_list_tail = NULL; + private_list_length = 0; + } + + status = 0; + } /* for (listen_sockets_pollfd) */ + + if (status != 0) + break; + } /* while (listen_loop == 0) */ + + /* Make sure everything is dispatched before exiting. */ + if (private_list_head != NULL) { + pthread_mutex_lock(&receive_list_lock); + + if (receive_list_head == NULL) + receive_list_head = private_list_head; + else + receive_list_tail->next = private_list_head; + receive_list_tail = private_list_tail; + receive_list_length += private_list_length; + + pthread_cond_signal(&receive_list_cond); + pthread_mutex_unlock(&receive_list_lock); + } + + return status; +} /* }}} int network_receive */ + +static void *receive_thread(void __attribute__((unused)) * arg) { + return network_receive() ? (void *)1 : (void *)0; +} /* void *receive_thread */ + +static void network_init_buffer(void) { + memset(send_buffer, 0, network_config_packet_size); + send_buffer_ptr = send_buffer; + send_buffer_fill = 0; + send_buffer_last_update = 0; + + memset(&send_buffer_vl, 0, sizeof(send_buffer_vl)); +} /* int network_init_buffer */ + +static void network_send_buffer_plain(sockent_t *se, /* {{{ */ + const char *buffer, size_t buffer_size) { + int status; + + while (42) { + status = sockent_client_connect(se); + if (status != 0) + return; + + status = sendto(se->data.client.fd, buffer, buffer_size, + /* flags = */ 0, (struct sockaddr *)se->data.client.addr, + se->data.client.addrlen); + if (status < 0) { + if ((errno == EINTR) || (errno == EAGAIN)) + continue; + + ERROR("network plugin: sendto failed: %s. Closing sending socket.", + STRERRNO); + sockent_client_disconnect(se); + return; + } + + break; + } /* while (42) */ +} /* }}} void network_send_buffer_plain */ + +#if HAVE_GCRYPT_H +#define BUFFER_ADD(p, s) \ + do { \ + memcpy(buffer + buffer_offset, (p), (s)); \ + buffer_offset += (s); \ + } while (0) + +static void network_send_buffer_signed(sockent_t *se, /* {{{ */ + const char *in_buffer, + size_t in_buffer_size) { + char buffer[BUFF_SIG_SIZE + in_buffer_size]; + size_t buffer_offset; + size_t username_len; + + gcry_md_hd_t hd; + gcry_error_t err; + unsigned char *hash; + + hd = NULL; + err = gcry_md_open(&hd, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC); + if (err != 0) { + ERROR("network plugin: Creating HMAC object failed: %s", + gcry_strerror(err)); + return; + } + + err = gcry_md_setkey(hd, se->data.client.password, + strlen(se->data.client.password)); + if (err != 0) { + ERROR("network plugin: gcry_md_setkey failed: %s", gcry_strerror(err)); + gcry_md_close(hd); + return; + } + + username_len = strlen(se->data.client.username); + if (username_len > (BUFF_SIG_SIZE - PART_SIGNATURE_SHA256_SIZE)) { + ERROR("network plugin: Username too long: %s", se->data.client.username); + return; + } + + memcpy(buffer + PART_SIGNATURE_SHA256_SIZE, se->data.client.username, + username_len); + memcpy(buffer + PART_SIGNATURE_SHA256_SIZE + username_len, in_buffer, + in_buffer_size); + + /* Initialize the `ps' structure. */ + part_signature_sha256_t ps = { + .head.type = htons(TYPE_SIGN_SHA256), + .head.length = htons(PART_SIGNATURE_SHA256_SIZE + username_len)}; + + /* Calculate the hash value. */ + gcry_md_write(hd, buffer + PART_SIGNATURE_SHA256_SIZE, + username_len + in_buffer_size); + hash = gcry_md_read(hd, GCRY_MD_SHA256); + if (hash == NULL) { + ERROR("network plugin: gcry_md_read failed."); + gcry_md_close(hd); + return; + } + memcpy(ps.hash, hash, sizeof(ps.hash)); + + /* Add the header */ + buffer_offset = 0; + + BUFFER_ADD(&ps.head.type, sizeof(ps.head.type)); + BUFFER_ADD(&ps.head.length, sizeof(ps.head.length)); + BUFFER_ADD(ps.hash, sizeof(ps.hash)); + + assert(buffer_offset == PART_SIGNATURE_SHA256_SIZE); + + gcry_md_close(hd); + hd = NULL; + + buffer_offset = PART_SIGNATURE_SHA256_SIZE + username_len + in_buffer_size; + network_send_buffer_plain(se, buffer, buffer_offset); +} /* }}} void network_send_buffer_signed */ + +static void network_send_buffer_encrypted(sockent_t *se, /* {{{ */ + const char *in_buffer, + size_t in_buffer_size) { + char buffer[BUFF_SIG_SIZE + in_buffer_size]; + size_t buffer_size; + size_t buffer_offset; + size_t header_size; + size_t username_len; + gcry_error_t err; + gcry_cipher_hd_t cypher; + + /* Initialize the header fields */ + part_encryption_aes256_t pea = {.head.type = htons(TYPE_ENCR_AES256), + .username = se->data.client.username}; + + username_len = strlen(pea.username); + if ((PART_ENCRYPTION_AES256_SIZE + username_len) > BUFF_SIG_SIZE) { + ERROR("network plugin: Username too long: %s", pea.username); + return; + } + + buffer_size = PART_ENCRYPTION_AES256_SIZE + username_len + in_buffer_size; + header_size = PART_ENCRYPTION_AES256_SIZE + username_len - sizeof(pea.hash); + + assert(buffer_size <= sizeof(buffer)); + DEBUG("network plugin: network_send_buffer_encrypted: " + "buffer_size = %" PRIsz ";", + buffer_size); + + pea.head.length = htons( + (uint16_t)(PART_ENCRYPTION_AES256_SIZE + username_len + in_buffer_size)); + pea.username_length = htons((uint16_t)username_len); + + /* Chose a random initialization vector. */ + gcry_randomize((void *)&pea.iv, sizeof(pea.iv), GCRY_STRONG_RANDOM); + + /* Create hash of the payload */ + gcry_md_hash_buffer(GCRY_MD_SHA1, pea.hash, in_buffer, in_buffer_size); + + /* Initialize the buffer */ + buffer_offset = 0; + memset(buffer, 0, sizeof(buffer)); + + BUFFER_ADD(&pea.head.type, sizeof(pea.head.type)); + BUFFER_ADD(&pea.head.length, sizeof(pea.head.length)); + BUFFER_ADD(&pea.username_length, sizeof(pea.username_length)); + BUFFER_ADD(pea.username, username_len); + BUFFER_ADD(pea.iv, sizeof(pea.iv)); + assert(buffer_offset == header_size); + BUFFER_ADD(pea.hash, sizeof(pea.hash)); + BUFFER_ADD(in_buffer, in_buffer_size); + + assert(buffer_offset == buffer_size); + + cypher = network_get_aes256_cypher(se, pea.iv, sizeof(pea.iv), + se->data.client.password); + if (cypher == NULL) + return; + + /* Encrypt the buffer in-place */ + err = gcry_cipher_encrypt(cypher, buffer + header_size, + buffer_size - header_size, + /* in = */ NULL, /* in len = */ 0); + if (err != 0) { + ERROR("network plugin: gcry_cipher_encrypt returned: %s", + gcry_strerror(err)); + return; + } + + /* Send it out without further modifications */ + network_send_buffer_plain(se, buffer, buffer_size); +} /* }}} void network_send_buffer_encrypted */ +#undef BUFFER_ADD +#endif /* HAVE_GCRYPT_H */ + +static void network_send_buffer(char *buffer, size_t buffer_len) /* {{{ */ +{ + DEBUG("network plugin: network_send_buffer: buffer_len = %" PRIsz, + buffer_len); + + for (sockent_t *se = sending_sockets; se != NULL; se = se->next) { +#if HAVE_GCRYPT_H + if (se->data.client.security_level == SECURITY_LEVEL_ENCRYPT) + network_send_buffer_encrypted(se, buffer, buffer_len); + else if (se->data.client.security_level == SECURITY_LEVEL_SIGN) + network_send_buffer_signed(se, buffer, buffer_len); + else /* if (se->data.client.security_level == SECURITY_LEVEL_NONE) */ +#endif /* HAVE_GCRYPT_H */ + network_send_buffer_plain(se, buffer, buffer_len); + } /* for (sending_sockets) */ +} /* }}} void network_send_buffer */ + +static int add_to_buffer(char *buffer, size_t buffer_size, /* {{{ */ + value_list_t *vl_def, const data_set_t *ds, + const value_list_t *vl) { + char *buffer_orig = buffer; + + if (strcmp(vl_def->host, vl->host) != 0) { + if (write_part_string(&buffer, &buffer_size, TYPE_HOST, vl->host, + strlen(vl->host)) != 0) + return -1; + sstrncpy(vl_def->host, vl->host, sizeof(vl_def->host)); + } + + if (vl_def->time != vl->time) { + if (write_part_number(&buffer, &buffer_size, TYPE_TIME_HR, + (uint64_t)vl->time)) + return -1; + vl_def->time = vl->time; + } + + if (vl_def->interval != vl->interval) { + if (write_part_number(&buffer, &buffer_size, TYPE_INTERVAL_HR, + (uint64_t)vl->interval)) + return -1; + vl_def->interval = vl->interval; + } + + if (strcmp(vl_def->plugin, vl->plugin) != 0) { + if (write_part_string(&buffer, &buffer_size, TYPE_PLUGIN, vl->plugin, + strlen(vl->plugin)) != 0) + return -1; + sstrncpy(vl_def->plugin, vl->plugin, sizeof(vl_def->plugin)); + } + + if (strcmp(vl_def->plugin_instance, vl->plugin_instance) != 0) { + if (write_part_string(&buffer, &buffer_size, TYPE_PLUGIN_INSTANCE, + vl->plugin_instance, + strlen(vl->plugin_instance)) != 0) + return -1; + sstrncpy(vl_def->plugin_instance, vl->plugin_instance, + sizeof(vl_def->plugin_instance)); + } + + if (strcmp(vl_def->type, vl->type) != 0) { + if (write_part_string(&buffer, &buffer_size, TYPE_TYPE, vl->type, + strlen(vl->type)) != 0) + return -1; + sstrncpy(vl_def->type, ds->type, sizeof(vl_def->type)); + } + + if (strcmp(vl_def->type_instance, vl->type_instance) != 0) { + if (write_part_string(&buffer, &buffer_size, TYPE_TYPE_INSTANCE, + vl->type_instance, strlen(vl->type_instance)) != 0) + return -1; + sstrncpy(vl_def->type_instance, vl->type_instance, + sizeof(vl_def->type_instance)); + } + + if (write_part_values(&buffer, &buffer_size, ds, vl) != 0) + return -1; + + return buffer - buffer_orig; +} /* }}} int add_to_buffer */ + +static void flush_buffer(void) { + DEBUG("network plugin: flush_buffer: send_buffer_fill = %i", + send_buffer_fill); + + network_send_buffer(send_buffer, (size_t)send_buffer_fill); + + stats_octets_tx += ((uint64_t)send_buffer_fill); + stats_packets_tx++; + + network_init_buffer(); +} + +static int network_write(const data_set_t *ds, const value_list_t *vl, + user_data_t __attribute__((unused)) * user_data) { + int status; + + /* listen_loop is set to non-zero in the shutdown callback, which is + * guaranteed to be called *after* all the write threads have been shut + * down. */ + assert(listen_loop == 0); + + if (!check_send_okay(vl)) { +#if COLLECT_DEBUG + char name[6 * DATA_MAX_NAME_LEN]; + FORMAT_VL(name, sizeof(name), vl); + name[sizeof(name) - 1] = 0; + DEBUG("network plugin: network_write: " + "NOT sending %s.", + name); +#endif + /* Counter is not protected by another lock and may be reached by + * multiple threads */ + pthread_mutex_lock(&stats_lock); + stats_values_not_sent++; + pthread_mutex_unlock(&stats_lock); + return 0; + } + + uc_meta_data_add_unsigned_int(vl, "network:time_sent", (uint64_t)vl->time); + + pthread_mutex_lock(&send_buffer_lock); + + status = add_to_buffer(send_buffer_ptr, + network_config_packet_size - + (send_buffer_fill + BUFF_SIG_SIZE), + &send_buffer_vl, ds, vl); + if (status >= 0) { + /* status == bytes added to the buffer */ + send_buffer_fill += status; + send_buffer_ptr += status; + send_buffer_last_update = cdtime(); + + stats_values_sent++; + } else { + flush_buffer(); + + status = add_to_buffer(send_buffer_ptr, + network_config_packet_size - + (send_buffer_fill + BUFF_SIG_SIZE), + &send_buffer_vl, ds, vl); + + if (status >= 0) { + send_buffer_fill += status; + send_buffer_ptr += status; + + stats_values_sent++; + } + } + + if (status < 0) { + ERROR("network plugin: Unable to append to the " + "buffer for some weird reason"); + } else if ((network_config_packet_size - send_buffer_fill) < 15) { + flush_buffer(); + } + + pthread_mutex_unlock(&send_buffer_lock); + + return (status < 0) ? -1 : 0; +} /* int network_write */ + +static int network_config_set_ttl(const oconfig_item_t *ci) /* {{{ */ +{ + int tmp = 0; + + if (cf_util_get_int(ci, &tmp) != 0) + return -1; + else if ((tmp > 0) && (tmp <= 255)) + network_config_ttl = tmp; + else { + WARNING("network plugin: The `TimeToLive' must be between 1 and 255."); + return -1; + } + + return 0; +} /* }}} int network_config_set_ttl */ + +static int network_config_set_interface(const oconfig_item_t *ci, /* {{{ */ + int *interface) { + char if_name[256]; + + if (cf_util_get_string_buffer(ci, if_name, sizeof(if_name)) != 0) + return -1; + + *interface = if_nametoindex(if_name); + return 0; +} /* }}} int network_config_set_interface */ + +static int +network_config_set_bind_address(const oconfig_item_t *ci, + struct sockaddr_storage **bind_address) { + if ((*bind_address) != NULL) { + ERROR("network_plugin: only a single bind address is allowed"); + return -1; + } + + char addr_text[256]; + + if (cf_util_get_string_buffer(ci, addr_text, sizeof(addr_text)) != 0) + return -1; + + int ret; + struct addrinfo hint, *res = NULL; + + memset(&hint, '\0', sizeof hint); + hint.ai_family = PF_UNSPEC; + hint.ai_flags = AI_NUMERICHOST; + + ret = getaddrinfo(addr_text, NULL, &hint, &res); + if (ret) { + ERROR("network plugin: Bind address option has invalid address set: %s", + gai_strerror(ret)); + return -1; + } + + *bind_address = malloc(sizeof(**bind_address)); + (*bind_address)->ss_family = res->ai_family; + if (res->ai_family == AF_INET) { + struct sockaddr_in *addr = (struct sockaddr_in *)(*bind_address); + inet_pton(AF_INET, addr_text, &(addr->sin_addr)); + } else if (res->ai_family == AF_INET6) { + struct sockaddr_in6 *addr = (struct sockaddr_in6 *)(*bind_address); + inet_pton(AF_INET6, addr_text, &(addr->sin6_addr)); + } else { + ERROR("network plugin: %s is an unknown address format %d\n", addr_text, + res->ai_family); + sfree(*bind_address); + return -1; + } + + return 0; +} /* int network_config_set_bind_address */ + +static int network_config_set_buffer_size(const oconfig_item_t *ci) /* {{{ */ +{ + int tmp = 0; + + if (cf_util_get_int(ci, &tmp) != 0) + return -1; + else if ((tmp >= 1024) && (tmp <= 65535)) + network_config_packet_size = tmp; + else { + WARNING( + "network plugin: The `MaxPacketSize' must be between 1024 and 65535."); + return -1; + } + + return 0; +} /* }}} int network_config_set_buffer_size */ + +#if HAVE_GCRYPT_H +static int network_config_set_security_level(oconfig_item_t *ci, /* {{{ */ + int *retval) { + char *str; + if ((ci->values_num != 1) || (ci->values[0].type != OCONFIG_TYPE_STRING)) { + WARNING("network plugin: The `SecurityLevel' config option needs exactly " + "one string argument."); + return -1; + } + + str = ci->values[0].value.string; + if (strcasecmp("Encrypt", str) == 0) + *retval = SECURITY_LEVEL_ENCRYPT; + else if (strcasecmp("Sign", str) == 0) + *retval = SECURITY_LEVEL_SIGN; + else if (strcasecmp("None", str) == 0) + *retval = SECURITY_LEVEL_NONE; + else { + WARNING("network plugin: Unknown security level: %s.", str); + return -1; + } + + return 0; +} /* }}} int network_config_set_security_level */ +#endif /* HAVE_GCRYPT_H */ + +static int network_config_add_listen(const oconfig_item_t *ci) /* {{{ */ +{ + sockent_t *se; + int status; + + if ((ci->values_num < 1) || (ci->values_num > 2) || + (ci->values[0].type != OCONFIG_TYPE_STRING) || + ((ci->values_num > 1) && (ci->values[1].type != OCONFIG_TYPE_STRING))) { + ERROR("network plugin: The `%s' config option needs " + "one or two string arguments.", + ci->key); + return -1; + } + + se = sockent_create(SOCKENT_TYPE_SERVER); + if (se == NULL) { + ERROR("network plugin: sockent_create failed."); + return -1; + } + + se->node = strdup(ci->values[0].value.string); + if (ci->values_num >= 2) + se->service = strdup(ci->values[1].value.string); + + for (int i = 0; i < ci->children_num; i++) { + oconfig_item_t *child = ci->children + i; + +#if HAVE_GCRYPT_H + if (strcasecmp("AuthFile", child->key) == 0) + cf_util_get_string(child, &se->data.server.auth_file); + else if (strcasecmp("SecurityLevel", child->key) == 0) + network_config_set_security_level(child, &se->data.server.security_level); + else +#endif /* HAVE_GCRYPT_H */ + if (strcasecmp("Interface", child->key) == 0) + network_config_set_interface(child, &se->interface); + else { + WARNING("network plugin: Option `%s' is not allowed here.", child->key); + } + } + +#if HAVE_GCRYPT_H + if ((se->data.server.security_level > SECURITY_LEVEL_NONE) && + (se->data.server.auth_file == NULL)) { + ERROR("network plugin: A security level higher than `none' was " + "requested, but no AuthFile option was given. Cowardly refusing to " + "open this socket!"); + sockent_destroy(se); + return -1; + } +#endif /* HAVE_GCRYPT_H */ + + status = sockent_init_crypto(se); + if (status != 0) { + ERROR("network plugin: network_config_add_listen: sockent_init_crypto() " + "failed."); + sockent_destroy(se); + return -1; + } + + status = sockent_server_listen(se); + if (status != 0) { + ERROR("network plugin: network_config_add_listen: sockent_server_listen " + "failed."); + sockent_destroy(se); + return -1; + } + + status = sockent_add(se); + if (status != 0) { + ERROR("network plugin: network_config_add_listen: sockent_add failed."); + sockent_destroy(se); + return -1; + } + + return 0; +} /* }}} int network_config_add_listen */ + +static int network_config_add_server(const oconfig_item_t *ci) /* {{{ */ +{ + sockent_t *se; + int status; + + if ((ci->values_num < 1) || (ci->values_num > 2) || + (ci->values[0].type != OCONFIG_TYPE_STRING) || + ((ci->values_num > 1) && (ci->values[1].type != OCONFIG_TYPE_STRING))) { + ERROR("network plugin: The `%s' config option needs " + "one or two string arguments.", + ci->key); + return -1; + } + + se = sockent_create(SOCKENT_TYPE_CLIENT); + if (se == NULL) { + ERROR("network plugin: sockent_create failed."); + return -1; + } + + se->node = strdup(ci->values[0].value.string); + if (ci->values_num >= 2) + se->service = strdup(ci->values[1].value.string); + + for (int i = 0; i < ci->children_num; i++) { + oconfig_item_t *child = ci->children + i; + +#if HAVE_GCRYPT_H + if (strcasecmp("Username", child->key) == 0) + cf_util_get_string(child, &se->data.client.username); + else if (strcasecmp("Password", child->key) == 0) + cf_util_get_string(child, &se->data.client.password); + else if (strcasecmp("SecurityLevel", child->key) == 0) + network_config_set_security_level(child, &se->data.client.security_level); + else +#endif /* HAVE_GCRYPT_H */ + if (strcasecmp("Interface", child->key) == 0) + network_config_set_interface(child, &se->interface); + else if (strcasecmp("BindAddress", child->key) == 0) + network_config_set_bind_address(child, &se->data.client.bind_addr); + else if (strcasecmp("ResolveInterval", child->key) == 0) + cf_util_get_cdtime(child, &se->data.client.resolve_interval); + else { + WARNING("network plugin: Option `%s' is not allowed here.", child->key); + } + } + +#if HAVE_GCRYPT_H + if ((se->data.client.security_level > SECURITY_LEVEL_NONE) && + ((se->data.client.username == NULL) || + (se->data.client.password == NULL))) { + ERROR("network plugin: A security level higher than `none' was " + "requested, but no Username or Password option was given. " + "Cowardly refusing to open this socket!"); + sockent_destroy(se); + return -1; + } +#endif /* HAVE_GCRYPT_H */ + + status = sockent_init_crypto(se); + if (status != 0) { + ERROR("network plugin: network_config_add_server: sockent_init_crypto() " + "failed."); + sockent_destroy(se); + return -1; + } + + /* No call to sockent_client_connect() here -- it is called from + * network_send_buffer_plain(). */ + + status = sockent_add(se); + if (status != 0) { + ERROR("network plugin: network_config_add_server: sockent_add failed."); + sockent_destroy(se); + return -1; + } + + return 0; +} /* }}} int network_config_add_server */ + +static int network_config(oconfig_item_t *ci) /* {{{ */ +{ + /* The options need to be applied first */ + for (int i = 0; i < ci->children_num; i++) { + oconfig_item_t *child = ci->children + i; + if (strcasecmp("TimeToLive", child->key) == 0) + network_config_set_ttl(child); + } + + for (int i = 0; i < ci->children_num; i++) { + oconfig_item_t *child = ci->children + i; + + if (strcasecmp("Listen", child->key) == 0) + network_config_add_listen(child); + else if (strcasecmp("Server", child->key) == 0) + network_config_add_server(child); + else if (strcasecmp("TimeToLive", child->key) == 0) { + /* Handled earlier */ + } else if (strcasecmp("MaxPacketSize", child->key) == 0) + network_config_set_buffer_size(child); + else if (strcasecmp("Forward", child->key) == 0) + cf_util_get_boolean(child, &network_config_forward); + else if (strcasecmp("ReportStats", child->key) == 0) + cf_util_get_boolean(child, &network_config_stats); + else { + WARNING("network plugin: Option `%s' is not allowed here.", child->key); + } + } + + return 0; +} /* }}} int network_config */ + +static int network_notification(const notification_t *n, + user_data_t __attribute__((unused)) * + user_data) { + char buffer[network_config_packet_size]; + char *buffer_ptr = buffer; + size_t buffer_free = sizeof(buffer); + int status; + + if (!check_send_notify_okay(n)) + return 0; + + memset(buffer, 0, sizeof(buffer)); + + status = write_part_number(&buffer_ptr, &buffer_free, TYPE_TIME_HR, + (uint64_t)n->time); + if (status != 0) + return -1; + + status = write_part_number(&buffer_ptr, &buffer_free, TYPE_SEVERITY, + (uint64_t)n->severity); + if (status != 0) + return -1; + + if (strlen(n->host) > 0) { + status = write_part_string(&buffer_ptr, &buffer_free, TYPE_HOST, n->host, + strlen(n->host)); + if (status != 0) + return -1; + } + + if (strlen(n->plugin) > 0) { + status = write_part_string(&buffer_ptr, &buffer_free, TYPE_PLUGIN, + n->plugin, strlen(n->plugin)); + if (status != 0) + return -1; + } + + if (strlen(n->plugin_instance) > 0) { + status = write_part_string(&buffer_ptr, &buffer_free, TYPE_PLUGIN_INSTANCE, + n->plugin_instance, strlen(n->plugin_instance)); + if (status != 0) + return -1; + } + + if (strlen(n->type) > 0) { + status = write_part_string(&buffer_ptr, &buffer_free, TYPE_TYPE, n->type, + strlen(n->type)); + if (status != 0) + return -1; + } + + if (strlen(n->type_instance) > 0) { + status = write_part_string(&buffer_ptr, &buffer_free, TYPE_TYPE_INSTANCE, + n->type_instance, strlen(n->type_instance)); + if (status != 0) + return -1; + } + + status = write_part_string(&buffer_ptr, &buffer_free, TYPE_MESSAGE, + n->message, strlen(n->message)); + if (status != 0) + return -1; + + network_send_buffer(buffer, sizeof(buffer) - buffer_free); + + return 0; +} /* int network_notification */ + +static int network_shutdown(void) { + listen_loop++; + + /* Kill the listening thread */ + if (receive_thread_running != 0) { + INFO("network plugin: Stopping receive thread."); + pthread_kill(receive_thread_id, SIGTERM); + pthread_join(receive_thread_id, NULL /* no return value */); + memset(&receive_thread_id, 0, sizeof(receive_thread_id)); + receive_thread_running = 0; + } + + /* Shutdown the dispatching thread */ + if (dispatch_thread_running != 0) { + INFO("network plugin: Stopping dispatch thread."); + pthread_mutex_lock(&receive_list_lock); + pthread_cond_broadcast(&receive_list_cond); + pthread_mutex_unlock(&receive_list_lock); + pthread_join(dispatch_thread_id, /* ret = */ NULL); + dispatch_thread_running = 0; + } + + sockent_destroy(listen_sockets); + + if (send_buffer_fill > 0) + flush_buffer(); + + sfree(send_buffer); + + for (sockent_t *se = sending_sockets; se != NULL; se = se->next) + sockent_client_disconnect(se); + sockent_destroy(sending_sockets); + + plugin_unregister_config("network"); + plugin_unregister_init("network"); + plugin_unregister_write("network"); + plugin_unregister_shutdown("network"); + + return 0; +} /* int network_shutdown */ + +static int network_stats_read(void) /* {{{ */ +{ + derive_t copy_octets_rx; + derive_t copy_octets_tx; + derive_t copy_packets_rx; + derive_t copy_packets_tx; + derive_t copy_values_dispatched; + derive_t copy_values_not_dispatched; + derive_t copy_values_sent; + derive_t copy_values_not_sent; + derive_t copy_receive_list_length; + value_list_t vl = VALUE_LIST_INIT; + value_t values[2]; + + copy_octets_rx = stats_octets_rx; + copy_octets_tx = stats_octets_tx; + copy_packets_rx = stats_packets_rx; + copy_packets_tx = stats_packets_tx; + copy_values_dispatched = stats_values_dispatched; + copy_values_not_dispatched = stats_values_not_dispatched; + copy_values_sent = stats_values_sent; + copy_values_not_sent = stats_values_not_sent; + copy_receive_list_length = receive_list_length; + + /* Initialize `vl' */ + vl.values = values; + vl.values_len = 2; + vl.time = 0; + sstrncpy(vl.plugin, "network", sizeof(vl.plugin)); + + /* Octets received / sent */ + vl.values[0].derive = (derive_t)copy_octets_rx; + vl.values[1].derive = (derive_t)copy_octets_tx; + sstrncpy(vl.type, "if_octets", sizeof(vl.type)); + plugin_dispatch_values(&vl); + + /* Packets received / send */ + vl.values[0].derive = (derive_t)copy_packets_rx; + vl.values[1].derive = (derive_t)copy_packets_tx; + sstrncpy(vl.type, "if_packets", sizeof(vl.type)); + plugin_dispatch_values(&vl); + + /* Values (not) dispatched and (not) send */ + sstrncpy(vl.type, "total_values", sizeof(vl.type)); + vl.values_len = 1; + + vl.values[0].derive = (derive_t)copy_values_dispatched; + sstrncpy(vl.type_instance, "dispatch-accepted", sizeof(vl.type_instance)); + plugin_dispatch_values(&vl); + + vl.values[0].derive = (derive_t)copy_values_not_dispatched; + sstrncpy(vl.type_instance, "dispatch-rejected", sizeof(vl.type_instance)); + plugin_dispatch_values(&vl); + + vl.values[0].derive = (derive_t)copy_values_sent; + sstrncpy(vl.type_instance, "send-accepted", sizeof(vl.type_instance)); + plugin_dispatch_values(&vl); + + vl.values[0].derive = (derive_t)copy_values_not_sent; + sstrncpy(vl.type_instance, "send-rejected", sizeof(vl.type_instance)); + plugin_dispatch_values(&vl); + + /* Receive queue length */ + vl.values[0].gauge = (gauge_t)copy_receive_list_length; + sstrncpy(vl.type, "queue_length", sizeof(vl.type)); + vl.type_instance[0] = 0; + plugin_dispatch_values(&vl); + + return 0; +} /* }}} int network_stats_read */ + +static int network_init(void) { + static bool have_init; + + /* Check if we were already initialized. If so, just return - there's + * nothing more to do (for now, that is). */ + if (have_init) + return 0; + have_init = true; + + if (network_config_stats) + plugin_register_read("network", network_stats_read); + + plugin_register_shutdown("network", network_shutdown); + + send_buffer = malloc(network_config_packet_size); + if (send_buffer == NULL) { + ERROR("network plugin: malloc failed."); + return -1; + } + network_init_buffer(); + + /* setup socket(s) and so on */ + if (sending_sockets != NULL) { + plugin_register_write("network", network_write, + /* user_data = */ NULL); + plugin_register_notification("network", network_notification, + /* user_data = */ NULL); + } + + /* If no threads need to be started, return here. */ + if ((listen_sockets_num == 0) || + ((dispatch_thread_running != 0) && (receive_thread_running != 0))) + return 0; + + if (dispatch_thread_running == 0) { + int status; + status = plugin_thread_create(&dispatch_thread_id, NULL /* no attributes */, + dispatch_thread, NULL /* no argument */, + "network disp"); + if (status != 0) { + ERROR("network: pthread_create failed: %s", STRERRNO); + } else { + dispatch_thread_running = 1; + } + } + + if (receive_thread_running == 0) { + int status; + status = plugin_thread_create(&receive_thread_id, NULL /* no attributes */, + receive_thread, NULL /* no argument */, + "network recv"); + if (status != 0) { + ERROR("network: pthread_create failed: %s", STRERRNO); + } else { + receive_thread_running = 1; + } + } + + return 0; +} /* int network_init */ + +/* + * The flush option of the network plugin cannot flush individual identifiers. + * All the values are added to a buffer and sent when the buffer is full, the + * requested value may or may not be in there, it's not worth finding out. We + * just send the buffer if `flush' is called - if the requested value was in + * there, good. If not, well, then there is nothing to flush.. -octo + */ +static int network_flush(cdtime_t timeout, + __attribute__((unused)) const char *identifier, + __attribute__((unused)) user_data_t *user_data) { + pthread_mutex_lock(&send_buffer_lock); + + if (send_buffer_fill > 0) { + if (timeout > 0) { + cdtime_t now = cdtime(); + if ((send_buffer_last_update + timeout) > now) { + pthread_mutex_unlock(&send_buffer_lock); + return 0; + } + } + flush_buffer(); + } + pthread_mutex_unlock(&send_buffer_lock); + + return 0; +} /* int network_flush */ + +void module_register(void) { + plugin_register_complex_config("network", network_config); + plugin_register_init("network", network_init); + plugin_register_flush("network", network_flush, + /* user_data = */ NULL); +} /* void module_register */ -- 2.11.0