diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-15 16:28:20 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-15 16:28:20 +0000 |
commit | dcc721a95bef6f0d8e6d8775b8efe33e5aecd562 (patch) | |
tree | 66a2774cd0ee294d019efd71d2544c70f42b2842 /plugins/imdtls | |
parent | Initial commit. (diff) | |
download | rsyslog-dcc721a95bef6f0d8e6d8775b8efe33e5aecd562.tar.xz rsyslog-dcc721a95bef6f0d8e6d8775b8efe33e5aecd562.zip |
Adding upstream version 8.2402.0.upstream/8.2402.0
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'plugins/imdtls')
-rw-r--r-- | plugins/imdtls/Makefile.am | 6 | ||||
-rw-r--r-- | plugins/imdtls/Makefile.in | 797 | ||||
-rw-r--r-- | plugins/imdtls/imdtls.c | 1164 |
3 files changed, 1967 insertions, 0 deletions
diff --git a/plugins/imdtls/Makefile.am b/plugins/imdtls/Makefile.am new file mode 100644 index 0000000..bf544b3 --- /dev/null +++ b/plugins/imdtls/Makefile.am @@ -0,0 +1,6 @@ +pkglib_LTLIBRARIES = imdtls.la +imdtls_la_DEPENDENCIES = ../../runtime/lmnsd_ossl.la +imdtls_la_SOURCES = imdtls.c +imdtls_la_CPPFLAGS = -I$(top_srcdir) $(PTHREADS_CFLAGS) $(RSRT_CFLAGS) $(OPENSSL_CFLAGS) +imdtls_la_LDFLAGS = -module -avoid-version +imdtls_la_LIBADD = $(OPENSSL_LIBS) ../../runtime/lmnsd_ossl.la diff --git a/plugins/imdtls/Makefile.in b/plugins/imdtls/Makefile.in new file mode 100644 index 0000000..03043f4 --- /dev/null +++ b/plugins/imdtls/Makefile.in @@ -0,0 +1,797 @@ +# Makefile.in generated by automake 1.16.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2018 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = plugins/imdtls +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/ac_check_define.m4 \ + $(top_srcdir)/m4/atomic_operations.m4 \ + $(top_srcdir)/m4/atomic_operations_64bit.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(pkglibdir)" +LTLIBRARIES = $(pkglib_LTLIBRARIES) +am__DEPENDENCIES_1 = +am_imdtls_la_OBJECTS = imdtls_la-imdtls.lo +imdtls_la_OBJECTS = $(am_imdtls_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +imdtls_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(imdtls_la_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__maybe_remake_depfiles = depfiles +am__depfiles_remade = ./$(DEPDIR)/imdtls_la-imdtls.Plo +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(imdtls_la_SOURCES) +DIST_SOURCES = $(imdtls_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +APU_CFLAGS = @APU_CFLAGS@ +APU_LIBS = @APU_LIBS@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CIVETWEB_LIBS = @CIVETWEB_LIBS@ +CONF_FILE_PATH = @CONF_FILE_PATH@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CURL_CFLAGS = @CURL_CFLAGS@ +CURL_LIBS = @CURL_LIBS@ +CYGPATH_W = @CYGPATH_W@ +CZMQ_CFLAGS = @CZMQ_CFLAGS@ +CZMQ_LIBS = @CZMQ_LIBS@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DL_LIBS = @DL_LIBS@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FAUP_LIBS = @FAUP_LIBS@ +FGREP = @FGREP@ +GLIB_CFLAGS = @GLIB_CFLAGS@ +GLIB_LIBS = @GLIB_LIBS@ +GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ +GNUTLS_LIBS = @GNUTLS_LIBS@ +GREP = @GREP@ +GSS_LIBS = @GSS_LIBS@ +GT_KSI_LS12_CFLAGS = @GT_KSI_LS12_CFLAGS@ +GT_KSI_LS12_LIBS = @GT_KSI_LS12_LIBS@ +HASH_XXHASH_LIBS = @HASH_XXHASH_LIBS@ +HIREDIS_CFLAGS = @HIREDIS_CFLAGS@ +HIREDIS_LIBS = @HIREDIS_LIBS@ +IMUDP_LIBS = @IMUDP_LIBS@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +IP = @IP@ +JAVA = @JAVA@ +JAVAC = @JAVAC@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBCAPNG_CFLAGS = @LIBCAPNG_CFLAGS@ +LIBCAPNG_LIBS = @LIBCAPNG_LIBS@ +LIBCAPNG_PRESENT_CFLAGS = @LIBCAPNG_PRESENT_CFLAGS@ +LIBCAPNG_PRESENT_LIBS = @LIBCAPNG_PRESENT_LIBS@ +LIBDBI_CFLAGS = @LIBDBI_CFLAGS@ +LIBDBI_LIBS = @LIBDBI_LIBS@ +LIBESTR_CFLAGS = @LIBESTR_CFLAGS@ +LIBESTR_LIBS = @LIBESTR_LIBS@ +LIBEVENT_CFLAGS = @LIBEVENT_CFLAGS@ +LIBEVENT_LIBS = @LIBEVENT_LIBS@ +LIBFASTJSON_CFLAGS = @LIBFASTJSON_CFLAGS@ +LIBFASTJSON_LIBS = @LIBFASTJSON_LIBS@ +LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ +LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ +LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ +LIBLOGGING_CFLAGS = @LIBLOGGING_CFLAGS@ +LIBLOGGING_LIBS = @LIBLOGGING_LIBS@ +LIBLOGGING_STDLOG_CFLAGS = @LIBLOGGING_STDLOG_CFLAGS@ +LIBLOGGING_STDLOG_LIBS = @LIBLOGGING_STDLOG_LIBS@ +LIBLOGNORM_CFLAGS = @LIBLOGNORM_CFLAGS@ +LIBLOGNORM_LIBS = @LIBLOGNORM_LIBS@ +LIBLZ4_CFLAGS = @LIBLZ4_CFLAGS@ +LIBLZ4_LIBS = @LIBLZ4_LIBS@ +LIBM = @LIBM@ +LIBMONGOC_CFLAGS = @LIBMONGOC_CFLAGS@ +LIBMONGOC_LIBS = @LIBMONGOC_LIBS@ +LIBOBJS = @LIBOBJS@ +LIBRDKAFKA_CFLAGS = @LIBRDKAFKA_CFLAGS@ +LIBRDKAFKA_LIBS = @LIBRDKAFKA_LIBS@ +LIBS = @LIBS@ +LIBSYSTEMD_CFLAGS = @LIBSYSTEMD_CFLAGS@ +LIBSYSTEMD_JOURNAL_CFLAGS = @LIBSYSTEMD_JOURNAL_CFLAGS@ +LIBSYSTEMD_JOURNAL_LIBS = @LIBSYSTEMD_JOURNAL_LIBS@ +LIBSYSTEMD_LIBS = @LIBSYSTEMD_LIBS@ +LIBTOOL = @LIBTOOL@ +LIBUUID_CFLAGS = @LIBUUID_CFLAGS@ +LIBUUID_LIBS = @LIBUUID_LIBS@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQL_CFLAGS = @MYSQL_CFLAGS@ +MYSQL_CONFIG = @MYSQL_CONFIG@ +MYSQL_LIBS = @MYSQL_LIBS@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ +OPENSSL_LIBS = @OPENSSL_LIBS@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PGSQL_CFLAGS = @PGSQL_CFLAGS@ +PGSQL_LIBS = @PGSQL_LIBS@ +PG_CONFIG = @PG_CONFIG@ +PID_FILE_PATH = @PID_FILE_PATH@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PROTON_CFLAGS = @PROTON_CFLAGS@ +PROTON_LIBS = @PROTON_LIBS@ +PROTON_PROACTOR_CFLAGS = @PROTON_PROACTOR_CFLAGS@ +PROTON_PROACTOR_LIBS = @PROTON_PROACTOR_LIBS@ +PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ +PTHREADS_LIBS = @PTHREADS_LIBS@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +RABBITMQ_CFLAGS = @RABBITMQ_CFLAGS@ +RABBITMQ_LIBS = @RABBITMQ_LIBS@ +RANLIB = @RANLIB@ +READLINK = @READLINK@ +REDIS = @REDIS@ +RELP_CFLAGS = @RELP_CFLAGS@ +RELP_LIBS = @RELP_LIBS@ +RSRT_CFLAGS = @RSRT_CFLAGS@ +RSRT_CFLAGS1 = @RSRT_CFLAGS1@ +RSRT_LIBS = @RSRT_LIBS@ +RSRT_LIBS1 = @RSRT_LIBS1@ +RST2MAN = @RST2MAN@ +RT_LIBS = @RT_LIBS@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SNMP_CFLAGS = @SNMP_CFLAGS@ +SNMP_LIBS = @SNMP_LIBS@ +SOL_LIBS = @SOL_LIBS@ +STRIP = @STRIP@ +TCL_BIN_DIR = @TCL_BIN_DIR@ +TCL_INCLUDE_SPEC = @TCL_INCLUDE_SPEC@ +TCL_LIB_FILE = @TCL_LIB_FILE@ +TCL_LIB_FLAG = @TCL_LIB_FLAG@ +TCL_LIB_SPEC = @TCL_LIB_SPEC@ +TCL_PATCH_LEVEL = @TCL_PATCH_LEVEL@ +TCL_SRC_DIR = @TCL_SRC_DIR@ +TCL_STUB_LIB_FILE = @TCL_STUB_LIB_FILE@ +TCL_STUB_LIB_FLAG = @TCL_STUB_LIB_FLAG@ +TCL_STUB_LIB_SPEC = @TCL_STUB_LIB_SPEC@ +TCL_VERSION = @TCL_VERSION@ +UDPSPOOF_CFLAGS = @UDPSPOOF_CFLAGS@ +UDPSPOOF_LIBS = @UDPSPOOF_LIBS@ +VALGRIND = @VALGRIND@ +VERSION = @VERSION@ +WARN_CFLAGS = @WARN_CFLAGS@ +WARN_LDFLAGS = @WARN_LDFLAGS@ +WARN_SCANNERFLAGS = @WARN_SCANNERFLAGS@ +WGET = @WGET@ +YACC = @YACC@ +YACC_FOUND = @YACC_FOUND@ +YFLAGS = @YFLAGS@ +ZLIB_CFLAGS = @ZLIB_CFLAGS@ +ZLIB_LIBS = @ZLIB_LIBS@ +ZSTD_CFLAGS = @ZSTD_CFLAGS@ +ZSTD_LIBS = @ZSTD_LIBS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +moddirs = @moddirs@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +runstatedir = @runstatedir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +pkglib_LTLIBRARIES = imdtls.la +imdtls_la_DEPENDENCIES = ../../runtime/lmnsd_ossl.la +imdtls_la_SOURCES = imdtls.c +imdtls_la_CPPFLAGS = -I$(top_srcdir) $(PTHREADS_CFLAGS) $(RSRT_CFLAGS) $(OPENSSL_CFLAGS) +imdtls_la_LDFLAGS = -module -avoid-version +imdtls_la_LIBADD = $(OPENSSL_LIBS) ../../runtime/lmnsd_ossl.la +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu plugins/imdtls/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu plugins/imdtls/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +install-pkglibLTLIBRARIES: $(pkglib_LTLIBRARIES) + @$(NORMAL_INSTALL) + @list='$(pkglib_LTLIBRARIES)'; test -n "$(pkglibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(pkglibdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(pkglibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(pkglibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(pkglibdir)"; \ + } + +uninstall-pkglibLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(pkglib_LTLIBRARIES)'; test -n "$(pkglibdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(pkglibdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(pkglibdir)/$$f"; \ + done + +clean-pkglibLTLIBRARIES: + -test -z "$(pkglib_LTLIBRARIES)" || rm -f $(pkglib_LTLIBRARIES) + @list='$(pkglib_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +imdtls.la: $(imdtls_la_OBJECTS) $(imdtls_la_DEPENDENCIES) $(EXTRA_imdtls_la_DEPENDENCIES) + $(AM_V_CCLD)$(imdtls_la_LINK) -rpath $(pkglibdir) $(imdtls_la_OBJECTS) $(imdtls_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imdtls_la-imdtls.Plo@am__quote@ # am--include-marker + +$(am__depfiles_remade): + @$(MKDIR_P) $(@D) + @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + +am--depfiles: $(am__depfiles_remade) + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +imdtls_la-imdtls.lo: imdtls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(imdtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT imdtls_la-imdtls.lo -MD -MP -MF $(DEPDIR)/imdtls_la-imdtls.Tpo -c -o imdtls_la-imdtls.lo `test -f 'imdtls.c' || echo '$(srcdir)/'`imdtls.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/imdtls_la-imdtls.Tpo $(DEPDIR)/imdtls_la-imdtls.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='imdtls.c' object='imdtls_la-imdtls.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(imdtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o imdtls_la-imdtls.lo `test -f 'imdtls.c' || echo '$(srcdir)/'`imdtls.c + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(pkglibdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-pkglibLTLIBRARIES \ + mostlyclean-am + +distclean: distclean-am + -rm -f ./$(DEPDIR)/imdtls_la-imdtls.Plo + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-pkglibLTLIBRARIES + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f ./$(DEPDIR)/imdtls_la-imdtls.Plo + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pkglibLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \ + clean-generic clean-libtool clean-pkglibLTLIBRARIES \ + cscopelist-am ctags ctags-am distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-pkglibLTLIBRARIES install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ + uninstall-am uninstall-pkglibLTLIBRARIES + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/plugins/imdtls/imdtls.c b/plugins/imdtls/imdtls.c new file mode 100644 index 0000000..6501d9c --- /dev/null +++ b/plugins/imdtls/imdtls.c @@ -0,0 +1,1164 @@ +/** + * The dtls input module, uses OpenSSL as library to implement DTLS. + * + * \author Andre Lorbach <alorbach@adiscon.com> + * + * Copyright (C) 2023 Adiscon GmbH. + * + * This file is part of rsyslog. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * -or- + * see COPYING.ASL20 in the source distribution + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "config.h" + +#include <stdio.h> +#include <arpa/inet.h> +#include <fcntl.h> +#include <unistd.h> +#include <sys/errno.h> +#include <poll.h> +#include <assert.h> +#include <time.h> + +// --- Include openssl headers as well +#include <openssl/ssl.h> +#include <openssl/x509v3.h> +#include <openssl/err.h> +#if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER) +# include <openssl/bioerr.h> +#endif +#include <openssl/engine.h> +// --- + +#include "rsyslog.h" +#include "dirty.h" +#include "module-template.h" +#include "cfsysline.h" +#include "msg.h" +#include "errmsg.h" +#include "glbl.h" +#include "srUtils.h" +#include "msg.h" +#include "parser.h" +#include "datetime.h" +#include "net.h" +#include "net_ossl.h" +#include "prop.h" +#include "ruleset.h" +#include "statsobj.h" +#include "unicode-helper.h" + +MODULE_TYPE_INPUT +MODULE_TYPE_NOKEEP +MODULE_CNFNAME("imdtls") + +/* defines */ +#define MAX_DTLS_CLIENTS 1024 +#define MAX_DTLS_MSGSIZE 65536 +#define DTLS_LISTEN_PORT "4433" +// 1800 seconds = 30 minutes +#define DTLS_DEFAULT_TIMEOUT 1800 + +/* Module static data */ +DEF_OMOD_STATIC_DATA +DEFobjCurrIf(glbl) +DEFobjCurrIf(datetime) +DEFobjCurrIf(prop) +DEFobjCurrIf(ruleset) +DEFobjCurrIf(statsobj) +DEFobjCurrIf(net) +DEFobjCurrIf(net_ossl) + +#define DTLS_MAX_RCVBUF 8192 /* Maximum DTLS packet is 8192 bytes which fits into Jumbo Frames. If not enabled + * message fragmentation (Ethernet MTU of ~ 1500 bytes) can occur.*/ + +/* config settings */ +typedef struct configSettings_s { + uchar *pszBindRuleset; /* name of Ruleset to bind to */ +} configSettings_t; +static configSettings_t cs; + +struct dtlsClient_s { + SSL* sslClient; /* DTSL (SSL) Client */ + time_t lastActivityTime; /* Last Activity Time */ + int clientfd; /* ClientFD */ +}; + +// Use typedef to define a type 'dtlsClient_t' based on 'struct dtlsClient_s' +typedef struct dtlsClient_s dtlsClient_t; + +struct instanceConf_s { + /* Network properties */ + uchar *pszBindAddr; /* Listening IP Address */ + uchar *pszBindPort; /* Port to bind socket to */ + int timeout; /* Default timeout for DTLS Sessions */ + /* Common properties */ + uchar *pszBindRuleset; /* name of ruleset to bind to */ + uchar *pszInputName; + prop_t *pInputName; /* InputName in property format for fast access */ + ruleset_t *pBindRuleset; /* ruleset to bind listener to (use system default if unspecified) */ + sbool bEnableLstn; /* flag to permit disabling of listener in error case */ + statsobj_t *stats; /* listener stats */ + STATSCOUNTER_DEF(ctrSubmit, mutCtrSubmit) + /* OpenSSL properties */ + uchar *tlscfgcmd; /* OpenSSL Config Command used to override any OpenSSL Settings */ + permittedPeers_t *pPermPeersRoot; /* permitted peers */ + int CertVerifyDepth; /* Verify Depth for certificate chains */ + /* Instance Variables */ + char *pszRcvBuf; + int lenRcvBuf; + /**< -1: empty, 0: connection closed, 1..NSD_OSSL_MAX_RCVBUF-1: data of that size present */ + int ptrRcvBuf; /**< offset for next recv operation if 0 < lenRcvBuf < NSD_OSSL_MAX_RCVBUF */ + + /* OpenSSL and Config Cert vars inside net_ossl_t now */ + net_ossl_t *pNetOssl; /* OSSL shared Config and object vars are here */ + int nClients; /* */ + dtlsClient_t **dtlsClients; /* Array of DTSL (SSL) Clients */ + int sockfd; /* UDP Socket used to bind to */ + struct sockaddr_in server_addr; /* Server Sockaddr */ + int port; /* Server Port as integer */ + + int id; /* Thread ID */ + thrdInfo_t *pThrd; /* Thread Instance Info */ + pthread_t tid; /* the instances thread ID */ + + struct instanceConf_s *next; + struct instanceConf_s *prev; +}; + +/* config variables */ +struct modConfData_s { + rsconf_t *pConf; /* our overall config object */ + instanceConf_t *root, *tail; + uchar *pszBindRuleset; /* default name of Ruleset to bind to */ + AuthMode drvrAuthMode; /* authenticate peer if no other name given */ +}; + +static modConfData_t *loadModConf = NULL;/* modConf ptr to use for the current load process */ +static modConfData_t *runModConf = NULL;/* modConf ptr to use for the current load process */ + +static prop_t *pInputName = NULL; + +/* module-global parameters */ +static struct cnfparamdescr modpdescr[] = { + { "ruleset", eCmdHdlrGetWord, 0 }, + { "tls.authmode", eCmdHdlrString, 0 }, +}; +static struct cnfparamblk modpblk = + { CNFPARAMBLK_VERSION, + sizeof(modpdescr)/sizeof(struct cnfparamdescr), + modpdescr + }; + +/* input instance parameters */ +static struct cnfparamdescr inppdescr[] = { + { "port", eCmdHdlrString, CNFPARAM_REQUIRED }, + { "address", eCmdHdlrString, 0 }, + { "timeout", eCmdHdlrPositiveInt, 0 }, + { "name", eCmdHdlrString, 0 }, + { "ruleset", eCmdHdlrString, 0 }, + { "tls.permittedpeer", eCmdHdlrArray, 0 }, + { "tls.authmode", eCmdHdlrString, 0 }, + { "tls.cacert", eCmdHdlrString, 0 }, + { "tls.mycert", eCmdHdlrString, 0 }, + { "tls.myprivkey", eCmdHdlrString, 0 }, + { "tls.tlscfgcmd", eCmdHdlrString, 0 } +}; +static struct cnfparamblk inppblk = + { CNFPARAMBLK_VERSION, + sizeof(inppdescr)/sizeof(struct cnfparamdescr), + inppdescr + }; +#include "im-helper.h" /* must be included AFTER the type definitions! */ + +/* create input instance, set default parameters, and + * add it to the list of instances. + */ +static rsRetVal +createInstance(instanceConf_t **pinst) +{ + instanceConf_t *inst; + DEFiRet; + CHKmalloc(inst = malloc(sizeof(instanceConf_t))); + inst->next = NULL; + + inst->pszBindAddr = NULL; + inst->pszBindPort = NULL; + inst->timeout = 1800; + inst->pszBindRuleset = loadModConf->pszBindRuleset; + inst->pszInputName = NULL; + inst->pBindRuleset = NULL; + inst->bEnableLstn = 0; + + inst->tlscfgcmd = NULL; + inst->pPermPeersRoot = NULL; + inst->CertVerifyDepth = 2; + + /* node created, let's add to config */ + if(loadModConf->tail == NULL) { + loadModConf->tail = loadModConf->root = inst; + } else { + loadModConf->tail->next = inst; + loadModConf->tail = inst; + } + + // Construct pNetOssl helper + CHKiRet(net_ossl.Construct(&inst->pNetOssl)); + inst->pNetOssl->authMode = loadModConf->drvrAuthMode; + + *pinst = inst; +finalize_it: + RETiRet; +} + + +/* function to generate an error message if the ruleset cannot be found */ +static inline void +std_checkRuleset_genErrMsg(__attribute__((unused)) modConfData_t *modConf, instanceConf_t *inst) +{ + LogError(0, NO_ERRCODE, "imdtls[%s]: ruleset '%s' not found - " + "using default ruleset instead", + inst->pszBindPort, inst->pszBindRuleset); +} + +static void +DTLSCloseSocket(instanceConf_t *inst) { + DBGPRINTF("imdtls: DTLSCloseSocket for %s:%d\n", inst->pszBindAddr, inst->port); + // Close UDP Socket + close(inst->sockfd); + inst->sockfd = 0; +} + +static rsRetVal +DTLSCreateSocket(instanceConf_t *inst) { + DEFiRet; + int optval = 1; + int flags; + + struct in_addr ip_struct; + DBGPRINTF("imdtls: DTLSCreateSocket for %s:%d\n", inst->pszBindAddr, inst->port); + + // Create UDP Socket + inst->sockfd = socket(AF_INET, SOCK_DGRAM, 0); + if (inst->sockfd < 0) { + LogError(0, NO_ERRCODE, "imdtls: Unable to create DTLS listener," + " failed to create socket, " + " ignoring port %d bind-address %s.", + inst->port, inst->pszBindAddr); + ABORT_FINALIZE(RS_RET_ERR); + } + setsockopt(inst->sockfd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval)); + setsockopt(inst->sockfd, SOL_SOCKET, SO_REUSEPORT, &optval, sizeof(optval)); + + // Set NON Blcoking Flags + flags = fcntl(inst->sockfd, F_GETFL, 0); + fcntl(inst->sockfd, F_SETFL, flags | O_NONBLOCK); + + // Convert IP Address into numeric + if (inet_pton(AF_INET, (char*) inst->pszBindAddr, &ip_struct) <= 0) { + LogError(0, NO_ERRCODE, "imdtls: Unable to create DTLS listener," + " invalid Bind Address, " + " ignoring port %d bind-address %s.", + inst->port, inst->pszBindAddr); + ABORT_FINALIZE(RS_RET_ERR); + } + + // Set Server Address + memset(&inst->server_addr, 0, sizeof(struct sockaddr_in)); + inst->server_addr.sin_family = AF_INET; + inst->server_addr.sin_port = htons(inst->port); + inst->server_addr.sin_addr.s_addr = htonl(ip_struct.s_addr); + + // Bind UDP Socket + if (bind(inst->sockfd, (struct sockaddr*)&inst->server_addr, sizeof(struct sockaddr_in)) < 0) { + LogError(0, NO_ERRCODE, "imdtls: Unable to create DTLS listener," + " unable to bind, " + " ignoring port %d bind-address %s.", + inst->port, inst->pszBindAddr); + ABORT_FINALIZE(RS_RET_ERR); + } +finalize_it: + RETiRet; +} + +/* Verify Callback for X509 Certificate validation. Force visibility as this function is not called anywhere but +* only used as callback! +*/ +static int +imdtls_verify_callback(int status, SSL* ssl) +{ + DEFiRet; + X509 *certpeer; + instanceConf_t *inst = NULL; + + dbgprintf("imdtls_verify_callback: get SSL [%p]\n", (void *)ssl); + inst = (instanceConf_t*) SSL_get_ex_data(ssl, 2); + + /* Continue check if certificate verify was valid */ + if (status == 1) { + if ( ssl != NULL && + inst != NULL) { + /* call the actual function based on current auth mode */ + switch(inst->pNetOssl->authMode) { + case OSSL_AUTH_CERTNAME: + /* if we check the name, we must ensure the cert is valid */ + certpeer = net_ossl_getpeercert(inst->pNetOssl, ssl, NULL); + dbgprintf("imdtls_verify_callback: Check peer certname[%p]=%s\n", + (void *)ssl, (certpeer != NULL ? "VALID" : "NULL")); + CHKiRet(net_ossl_chkpeercertvalidity(inst->pNetOssl, ssl, NULL)); + CHKiRet(net_ossl_chkpeername(inst->pNetOssl, certpeer, NULL)); + break; + case OSSL_AUTH_CERTFINGERPRINT: + certpeer = net_ossl_getpeercert(inst->pNetOssl, ssl, NULL); + dbgprintf("imdtls_verify_callback: Check peer fingerprint[%p]=%s\n", + (void *)ssl, (certpeer != NULL ? "VALID" : "NULL")); + CHKiRet(net_ossl_chkpeercertvalidity(inst->pNetOssl, ssl, NULL)); + CHKiRet(net_ossl_peerfingerprint(inst->pNetOssl, certpeer, NULL)); + break; + case OSSL_AUTH_CERTVALID: + certpeer = net_ossl_getpeercert(inst->pNetOssl, ssl, NULL); + dbgprintf("imdtls_verify_callback: Check peer valid[%p]=%s\n", + (void *)ssl, (certpeer != NULL ? "VALID" : "NULL")); + CHKiRet(net_ossl_chkpeercertvalidity(inst->pNetOssl, ssl, NULL)); + break; + case OSSL_AUTH_CERTANON: + dbgprintf("imdtls_verify_callback: ANON[%p]\n", (void *)ssl); + FINALIZE; + break; + } + } else { + LogMsg(0, RS_RET_NO_ERRCODE, LOG_WARNING, "imdtls_verify_callback: MISSING ssl or inst!"); + } + } +finalize_it: + if(iRet != RS_RET_OK) { + DBGPRINTF("imdtls_verify_callback: FAILED\n"); + status = 0; + } + return status; +} + + +static rsRetVal +addListner(modConfData_t __attribute__((unused)) *modConf, instanceConf_t *inst) +{ + uchar statname[64]; + DEFiRet; + DBGPRINTF("imdtls: addListner ENTER\n"); + + if(!inst->bEnableLstn) { + DBGPRINTF("imdtls: DTLS Listener not started because it is disabled by config error\n"); + FINALIZE; + } + + inst->pszInputName = ustrdup((inst->pszInputName == NULL) ? UCHAR_CONSTANT("imdtls") : inst->pszInputName); + CHKiRet(prop.Construct(&inst->pInputName)); + CHKiRet(prop.SetString(inst->pInputName, inst->pszInputName, ustrlen(inst->pszInputName))); + CHKiRet(prop.ConstructFinalize(inst->pInputName)); + + /* Init defaults */ + if (inst->pszBindPort == NULL) { + CHKmalloc(inst->pszBindPort = ustrdup((uchar*) DTLS_LISTEN_PORT)); + } + + /* Init SSL Handles! */ + CHKmalloc(inst->dtlsClients = (dtlsClient_t**) calloc(MAX_DTLS_CLIENTS, sizeof(dtlsClient_t*))); + for (int i = 0; i < MAX_DTLS_CLIENTS; ++i) { + CHKmalloc(inst->dtlsClients[i] = (dtlsClient_t*) calloc(1, sizeof(dtlsClient_t))); + } + inst->nClients = 0; + + /* support statistics gathering */ + CHKiRet(statsobj.Construct(&(inst->stats))); + snprintf((char*)statname, sizeof(statname), "%s(%s)", + inst->pszInputName, inst->pszBindPort); + statname[sizeof(statname)-1] = '\0'; /* just to be on the save side... */ + CHKiRet(statsobj.SetName(inst->stats, statname)); + CHKiRet(statsobj.SetOrigin(inst->stats, (uchar*)"imdtls")); + STATSCOUNTER_INIT(inst->ctrSubmit, inst->mutCtrSubmit); + CHKiRet(statsobj.AddCounter(inst->stats, UCHAR_CONSTANT("submitted"), + ctrType_IntCtr, CTR_FLAG_RESETTABLE, &(inst->ctrSubmit))); + CHKiRet(statsobj.ConstructFinalize(inst->stats)); + /* end stats counters */ + + // Init OpenSSL Context with DTLS_server_method + CHKiRet(net_ossl.osslCtxInit(inst->pNetOssl, DTLS_method())); + +# if OPENSSL_VERSION_NUMBER >= 0x10002000L + // Init OpenSSL Cookie Callbacks + CHKiRet(net_ossl.osslCtxInitCookie(inst->pNetOssl)); +# endif + // Run openssl config commands in Context + CHKiRet(net_ossl_apply_tlscgfcmd(inst->pNetOssl, inst->tlscfgcmd)); + + // Init Socket + CHKiRet(DTLSCreateSocket(inst)); +finalize_it: + if(iRet != RS_RET_OK) { + LogError(0, NO_ERRCODE, "DTLS Listener for thread failed to create UDP socket " + "for thread %s is not functional!", inst->pszInputName); + } else { + DBGPRINTF("imdtls: DTLS Listener for thread %s added\n", inst->pszInputName); + } + RETiRet; +} + +static rsRetVal +processMsg(instanceConf_t *inst, dtlsClient_t *dtlsClient, char *msg, size_t lenMsg) +{ + DEFiRet; + smsg_t *pMsg = NULL; + prop_t *pProp = NULL; + BIO *wbio; + BIO_ADDR *peer_addr; + + /* Get Gentime */ + time_t ttGenTime = 0; + struct syslogTime stTime; + datetime.getCurrTime(&stTime, &ttGenTime, TIME_IN_LOCALTIME); + + /* we now create our own message object and submit it to the queue */ + CHKiRet(msgConstructWithTime(&pMsg, &stTime, ttGenTime)); + MsgSetRawMsg(pMsg, msg, lenMsg); + MsgSetInputName(pMsg, inst->pInputName); + MsgSetRuleset(pMsg, inst->pBindRuleset); + MsgSetFlowControlType(pMsg, eFLOWCTL_NO_DELAY); + pMsg->msgFlags = NEEDS_PARSING | PARSE_HOSTNAME; + + // Obtain Sender from BIO + wbio = SSL_get_wbio(dtlsClient->sslClient); + peer_addr = BIO_ADDR_new(); + if (BIO_dgram_get_peer(wbio, peer_addr)) { + char *pHostname = BIO_ADDR_hostname_string(peer_addr, 1); + DBGPRINTF("imdtls: processMsg Received message from %s: %s\n", pHostname, msg); + MsgSetRcvFromStr(pMsg, (uchar *)pHostname, strlen(pHostname), &pProp); + CHKiRet(prop.Destruct(&pProp)); + OPENSSL_free(pHostname); + } else { + DBGPRINTF("imdtls: processMsg Received message from UNKNOWN: %s\n", msg); + } + BIO_ADDR_free(peer_addr); + + // Update Activity + dtlsClient->lastActivityTime = time(NULL); + + // Submit Message + CHKiRet(submitMsg2(pMsg)); + STATSCOUNTER_INC(inst->ctrSubmit, inst->mutCtrSubmit); +finalize_it: + RETiRet; +} + +static void +DTLScleanupSession(instanceConf_t *inst, int idx) { + if (inst->dtlsClients[idx]->sslClient != NULL) { + BIO *rbio = SSL_get_rbio(inst->dtlsClients[idx]->sslClient); + if (rbio) { + // Close socket FIRST! + int clientfd = -1; + BIO_get_fd(rbio, &clientfd); + if (clientfd != -1) { + close(clientfd); + } + } + SSL_free(inst->dtlsClients[idx]->sslClient); + DBGPRINTF("imdtls: DTLScleanupSession Socket/SSL for Client idx (%d) terminated.\n", idx); + } + inst->dtlsClients[idx]->sslClient = NULL; + inst->dtlsClients[idx]->lastActivityTime = 0; +} + +static void +DTLSAcceptSession(instanceConf_t *inst, int idx) { + int ret, err; + SSL* ssl = inst->dtlsClients[idx]->sslClient; + DBGPRINTF("imdtls: DTLSAcceptSession for Client idx (%d).\n", idx); + + // Check if the handshake has already been completed + ret = SSL_get_state(ssl); + if (ret != TLS_ST_OK) { + // Existing client Finish handshake + ret = SSL_accept(ssl); + if (ret <= 0) { + err = SSL_get_error(ssl, ret); + if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) { + // Non-blocking operation did not complete; retry later + DBGPRINTF("imdtls: SSL_accept didn't complete (%d). Will retry.\n", err); + } else if(err == SSL_ERROR_SYSCALL) { + DBGPRINTF("imdtls: SSL_accept failed SSL_ERROR_SYSCALL idx (%d), removing client.\n", + idx); + net_ossl_lastOpenSSLErrorMsg(NULL, err, ssl, LOG_WARNING, + "DTLSHandleSessions", "SSL_accept"); + DTLScleanupSession(inst, idx); + } else { + // An actual error occurred + DBGPRINTF("imdtls: SSL_accept failed (%d) idx (%d), removing client.\n", err, idx); + net_ossl_lastOpenSSLErrorMsg(NULL, err, ssl, LOG_ERR, + "DTLSHandleSessions", "SSL_accept"); + DTLScleanupSession(inst, idx); + } + } else { + DBGPRINTF("imdtls: SSL_accept success idx (%d), adding client.\n", idx); + inst->dtlsClients[idx]->lastActivityTime = time(NULL); + + int status = 1; + status = imdtls_verify_callback(status, ssl); + if (status == 0) { + LogMsg(0, RS_RET_NO_ERRCODE, LOG_WARNING, + "imdtls: Cert Verify FAILED for DTLS client idx (%d)",idx); + } else { + DBGPRINTF("imdtls: Cert Verify SUCCESS for DTLS client idx (%d)\n", idx); + } + } + } else { + DBGPRINTF("imdtls: SSL_get_state for DTLS client idx (%d) is %d\n", idx, ret); + } +} + +static void +DTLSTerminateClients(instanceConf_t *inst) { + // Process pending Client Data first! + for (int i = 0; i < MAX_DTLS_CLIENTS; ++i) { + if (inst->dtlsClients[i]->sslClient != NULL) { + DTLScleanupSession(inst, i); + } + } +} + +static void +DTLSReadClient(instanceConf_t *inst, int idx, short revents) { + int err; + SSL* ssl = inst->dtlsClients[idx]->sslClient; + DBGPRINTF("imdtls: DEBUG Check Client activity on index %d.\n", idx); + if (revents & POLLIN) { + if (ssl == NULL) { + DBGPRINTF("imdtls: DTLSHandleSessions MISSING SSL OBJ for index %d.\n", idx); + return; + } + DBGPRINTF("imdtls: Read Client activity on index %d.\n", idx); + char buf[MAX_DTLS_MSGSIZE]; + int len = 0; + do { + len = SSL_read(ssl, buf, sizeof(buf) - 1); + if (len > 0) { + buf[len] = '\0'; + processMsg(inst, inst->dtlsClients[idx], buf, len); + } else { + err = SSL_get_error(ssl, len); + if (err == SSL_ERROR_WANT_READ) { + DBGPRINTF("imdtls: SSL_ERROR_WANT_READ flush rbio on index %d.\n", idx); + BIO *rbio = SSL_get_rbio(ssl); + BIO_flush(rbio); + } else if (err == SSL_ERROR_WANT_WRITE) { + DBGPRINTF("imdtls: SSL_ERROR_WANT_WRITE flush wbio on index %d.\n", idx); + BIO *wbio = SSL_get_wbio(ssl); + BIO_flush(wbio); + } else if (err == SSL_ERROR_ZERO_RETURN) { + DBGPRINTF("imdtls: SSL_ERROR_ZERO_RETURN on index %d.\n", idx); + break; + } else if (err == SSL_ERROR_SYSCALL) { + DBGPRINTF("imdtls: SSL_ERROR_SYSCALL on index %d ERRNO %d\n", idx, errno); + net_ossl_lastOpenSSLErrorMsg(NULL, err, ssl, LOG_ERR, + "DTLSReadClient", "SSL_read"); + DTLScleanupSession(inst, idx); + break; + } else { + DBGPRINTF("imdtls: SSL_read error %d (%d) on idx %d, rem client.\n", + err, errno, idx); + DTLScleanupSession(inst, idx); + // Exit the loop if any error occurs + break; + } + } + } while (len > 0); + } +} + +static void +DTLSHandleSessions(instanceConf_t *inst) { + int fdToIndex[MAX_DTLS_CLIENTS + 1]; + struct pollfd fds[MAX_DTLS_CLIENTS + 1]; + int optval = 1; + int fdcount = 0; + int ret, err; + memset(fdToIndex, 0, sizeof(fdToIndex)); + memset(fds, 0, sizeof(fds)); + fds[0].fd = inst->sockfd; + fds[0].events = POLLIN; + DBGPRINTF("imdtls: DTLSHandleSessions ENTER \n"); + + // Create FDS Array for Polling sockets + for (int i = 0; i < MAX_DTLS_CLIENTS; ++i) { + if (inst->dtlsClients[i]->sslClient != NULL) { + int clientfd = -1; + fdcount++; + BIO_get_fd(SSL_get_wbio(inst->dtlsClients[i]->sslClient), &clientfd); + DBGPRINTF("imdtls: DTLSHandleSessions handle client %d (%d)\n", fdcount, clientfd); + fds[fdcount].fd = clientfd; + fds[fdcount].events = POLLIN; + fdToIndex[clientfd] = i; // Map fd to dtlsClients index + } + } + + DBGPRINTF("imdtls: Waiting for poll (clients %d) ...\n", fdcount); + ret = poll(fds, fdcount+1, -1); + if(glbl.GetGlobalInputTermState() == 1) { + DBGPRINTF("imdtls: DTLSHandleSessions Terminate State\n"); + return; /* terminate input! */ + } + if (ret < 0) { + DBGPRINTF("imdtls: DTLSHandleSessions ERROR poll failed %d with err %d\n", ret , errno); + return; + } + + // Process pending Client Data first! + DBGPRINTF("imdtls: DTLSHandleSessions handle client sockets (%d) \n", fdcount); + for (int i = 1; i <= fdcount; ++i) { + DTLSReadClient(inst, fdToIndex[fds[i].fd], fds[i].revents); + } + + // Check session timeouts + for (int i = 0; i < MAX_DTLS_CLIENTS; ++i) { + if (inst->dtlsClients[i]->sslClient != NULL) { + if (difftime(time(NULL), inst->dtlsClients[i]->lastActivityTime) > inst->timeout) { + DBGPRINTF("imdtls: Session timeout (%d) for client index %d.\n", i, inst->timeout); + DTLScleanupSession(inst, i); + continue; + } + } + } + + // Check MAIN socket for new connections + if (fds[0].revents & POLLIN) { + DBGPRINTF("imdtls: DTLSHandleSessions handle main socket\n"); + + // Create BIO Object for potential new client + BIO *sbio = BIO_new_dgram(inst->sockfd, BIO_NOCLOSE); + BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); + + // Create SSL Object for new client and apply default callbacks + SSL *ssl = SSL_new(inst->pNetOssl->ctx); + SSL_set_bio(ssl, sbio, sbio); + SSL_set_accept_state(ssl); + if (inst->pNetOssl->authMode != OSSL_AUTH_CERTANON) { + dbgprintf("imdtls: enable certificate checking (Mode=%d, VerifyDepth=%d)\n", + inst->pNetOssl->authMode, inst->CertVerifyDepth); + net_ossl_set_ssl_verify_callback(ssl, + SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT); + if (inst->CertVerifyDepth != 0) { + SSL_set_verify_depth(ssl, inst->CertVerifyDepth); + } + } + + // Store reference in SSL obj + SSL_set_ex_data(ssl, 0, NULL); /* Reserved for pTcp */ + SSL_set_ex_data(ssl, 1, NULL); /* Reserved for permitExpiredCerts */ + SSL_set_ex_data(ssl, 2, inst); /* Used in imdtls */ + + // Debug Callback for conn sbio! + net_ossl_set_bio_callback(sbio); + + // Connect the new Client + BIO_ADDR *client_addr = BIO_ADDR_new(); + + // Start DTLS Listen and Session + do { + ret = DTLSv1_listen(ssl, client_addr); + if (ret > 0) { + dbgprintf("imdtls: DTLSHandleSessions DTLSv1_listen SUCCESS\n"); + // Create new CLIENT socket for communication! + int clientfd = socket(BIO_ADDR_family(client_addr), SOCK_DGRAM, 0); + if (clientfd < 0) { + LogError(0, NO_ERRCODE, "imdtls: DTLSHandleSessions unable to create" + " client socket"); + return; + } + setsockopt(clientfd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval)); + setsockopt(clientfd, SOL_SOCKET, SO_REUSEPORT, &optval, sizeof(optval)); + // Bind and Connect Client Socket + if (bind(clientfd, + (struct sockaddr*) &inst->server_addr, sizeof(struct sockaddr_in)) < 0) { + LogError(0, NO_ERRCODE, "imdtls: DTLSHandleSessions unable to bind" + " client socket" + " ignoring port %d bind-address %s.", + inst->port, inst->pszBindAddr); + return; + } + // Set new fd and set BIO to connected + BIO *rbio = SSL_get_rbio(ssl); + BIO_set_fd(rbio, clientfd, BIO_NOCLOSE); + + // Set and activate timeouts + struct timeval timeout; + timeout.tv_sec = inst->timeout; + timeout.tv_usec = 0; + BIO_ctrl(rbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); + + // Set BIO to connected + ret = BIO_connect(clientfd, client_addr, 0); + if (ret == 0) { + err = SSL_get_error(ssl, ret); + DBGPRINTF("imdtls: DTLSHandleSessions BIO_connect ERROR %d\n", err); + net_ossl_lastOpenSSLErrorMsg(NULL, err, ssl, LOG_WARNING, + "DTLSHandleSessions", "BIO_connect"); + LogMsg(0, RS_RET_NO_ERRCODE, LOG_WARNING, + "imdtls: BIO_connect failed for DTLS client"); + SSL_free(ssl); + } else { + BIO_ctrl_set_connected(rbio, client_addr); + DBGPRINTF("imdtls: BIO_connect succeeded.\n"); + + // Add to DTLS Clients + for (int i = 0; i < MAX_DTLS_CLIENTS; ++i) { + if (inst->dtlsClients[i]->sslClient == NULL) { + inst->dtlsClients[i]->sslClient = ssl; + inst->dtlsClients[i]->lastActivityTime = time(NULL); + DBGPRINTF("imdtls: New Client added at idx %d.\n", i); + DTLSAcceptSession(inst, i); + break; + } + } + } + break; + } else { + err = SSL_get_error(ssl, ret); + if ( (ret == 0 && err == SSL_ERROR_SYSCALL) || + (err == SSL_ERROR_SYSCALL && errno == EAGAIN)) { + DBGPRINTF("imdtls: DTLSv1_listen RET %d (ERR %d / ERRNO %d), retry\n", + ret, err, errno); + // Wait little and retry DTLSv1_listen + srSleep(0, 100000); + continue; + } else { + DBGPRINTF("imdtls: DTLSv1_listen RET %d (ERR %d / ERRNO %d), abort\n", + ret, err, errno); + net_ossl_lastOpenSSLErrorMsg(NULL, err, ssl, LOG_WARNING, + "DTLSHandleSessions", "DTLSv1_listen"); + LogMsg(0, RS_RET_NO_ERRCODE, LOG_WARNING, + "imdtls: DTLSv1_listen failed for DTLS client"); + SSL_free(ssl); + break; + } + } + } + while (1); + BIO_ADDR_free(client_addr); + } +} + +static void* +startDtlsHandler(void *myself) { + instanceConf_t *inst = (instanceConf_t *) myself; + DBGPRINTF("imdtls: start DtlsHandler for thread %s\n", inst->pszInputName); + + /* DTLS Receiving Loop */ + while(glbl.GetGlobalInputTermState() == 0) { + DBGPRINTF("imdtls: begin handle DTSL Client Sessions\n"); + DTLSHandleSessions(inst); + } + + /* DTLS Terminate Sessions */ + DBGPRINTF("imdtls: Terminate DTLS Client Sessions\n"); + DTLSTerminateClients(inst); + + DBGPRINTF("imdtls: stop DtlsHandler for thread %s\n", inst->pszInputName); + return NULL; +} + +/* Set permitted peers. It is depending on the auth mode if this are + * fingerprints or names. -- rgerhards, 2008-05-19 + */ +static rsRetVal +SetPermPeers(instanceConf_t *inst, permittedPeers_t *pPermPeers) +{ + DEFiRet; + if(pPermPeers == NULL) + FINALIZE; + + if(inst->pNetOssl->authMode != OSSL_AUTH_CERTFINGERPRINT && inst->pNetOssl->authMode != OSSL_AUTH_CERTNAME) { + LogError(0, RS_RET_VALUE_NOT_IN_THIS_MODE, "authentication not supported by " + "imdtls in the configured authentication mode - ignored"); + ABORT_FINALIZE(RS_RET_VALUE_NOT_IN_THIS_MODE); + } + inst->pNetOssl->pPermPeers = pPermPeers; +finalize_it: + RETiRet; +} +BEGINnewInpInst + struct cnfparamvals *pvals; + instanceConf_t *inst = NULL; + int i,j; + FILE *fp; +CODESTARTnewInpInst + DBGPRINTF("newInpInst (imdtls)\n"); + + if((pvals = nvlstGetParams(lst, &inppblk, NULL)) == NULL) { + ABORT_FINALIZE(RS_RET_MISSING_CNFPARAMS); + } + + if(Debug) { + dbgprintf("input param blk in imdtls:\n"); + cnfparamsPrint(&inppblk, pvals); + } + + CHKiRet(createInstance(&inst)); + + for(i = 0 ; i < inppblk.nParams ; ++i) { + if(!pvals[i].bUsed) + continue; + if(!strcmp(inppblk.descr[i].name, "port")) { + inst->pszBindPort = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); + } else if(!strcmp(inppblk.descr[i].name, "address")) { + inst->pszBindAddr = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); + } else if(!strcmp(inppblk.descr[i].name, "timeout")) { + inst->timeout = (int) pvals[i].val.d.n; + } else if(!strcmp(inppblk.descr[i].name, "ruleset")) { + inst->pszBindRuleset = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); + } else if(!strcmp(inppblk.descr[i].name, "name")) { + inst->pszInputName = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); + } else if(!strcmp(inppblk.descr[i].name, "tls.authmode")) { + char* pszAuthMode = es_str2cstr(pvals[i].val.d.estr, NULL); + if(!strcasecmp(pszAuthMode, "fingerprint")) + inst->pNetOssl->authMode = OSSL_AUTH_CERTFINGERPRINT; + else if(!strcasecmp(pszAuthMode, "name")) + inst->pNetOssl->authMode = OSSL_AUTH_CERTNAME; + else if(!strcasecmp(pszAuthMode, "certvalid")) + inst->pNetOssl->authMode = OSSL_AUTH_CERTVALID; + else + inst->pNetOssl->authMode = OSSL_AUTH_CERTANON; + free(pszAuthMode); + } else if(!strcmp(inppblk.descr[i].name, "tls.cacert")) { + inst->pNetOssl->pszCAFile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); + fp = fopen((const char*)inst->pNetOssl->pszCAFile, "r"); + if(fp == NULL) { + char errStr[1024]; + rs_strerror_r(errno, errStr, sizeof(errStr)); + LogError(0, RS_RET_NO_FILE_ACCESS, + "error: certificate file %s couldn't be accessed: %s\n", + inst->pNetOssl->pszCAFile, errStr); + } else { + fclose(fp); + } + } else if(!strcmp(inppblk.descr[i].name, "tls.mycert")) { + inst->pNetOssl->pszCertFile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); + fp = fopen((const char*)inst->pNetOssl->pszCertFile, "r"); + if(fp == NULL) { + char errStr[1024]; + rs_strerror_r(errno, errStr, sizeof(errStr)); + LogError(0, RS_RET_NO_FILE_ACCESS, + "error: certificate file %s couldn't be accessed: %s\n", + inst->pNetOssl->pszCertFile, errStr); + } else { + fclose(fp); + } + } else if(!strcmp(inppblk.descr[i].name, "tls.myprivkey")) { + inst->pNetOssl->pszKeyFile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); + fp = fopen((const char*)inst->pNetOssl->pszKeyFile, "r"); + if(fp == NULL) { + char errStr[1024]; + rs_strerror_r(errno, errStr, sizeof(errStr)); + LogError(0, RS_RET_NO_FILE_ACCESS, + "error: certificate file %s couldn't be accessed: %s\n", + inst->pNetOssl->pszKeyFile, errStr); + } else { + fclose(fp); + } + } else if(!strcmp(inppblk.descr[i].name, "tls.tlscfgcmd")) { + inst->tlscfgcmd = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); + } else if(!strcmp(inppblk.descr[i].name, "tls.permittedpeer")) { + for(j = 0 ; j < pvals[i].val.d.ar->nmemb ; ++j) { + uchar *const peer = (uchar*) es_str2cstr(pvals[i].val.d.ar->arr[j], NULL); + CHKiRet(net.AddPermittedPeer(&inst->pPermPeersRoot, peer)); + free(peer); + } + } else { + dbgprintf("imdtls: program error, non-handled " + "param '%s'\n", inppblk.descr[i].name); + } + } + + /* check if no port is set. If not, we use DEFAULT of 4433 */ + if(inst->pszBindPort == NULL) { + CHKmalloc(inst->pszBindPort = (uchar*)strdup("4433")); + } + inst->port = atoi((char*)inst->pszBindPort); + /* check if BinAddr is set. If not, we use DEFAULT of 0.0.0.0 */ + if(inst->pszBindAddr == NULL) { + CHKmalloc(inst->pszBindAddr = (uchar*)strdup("0.0.0.0")); + } + + // Assign Loaded Peers to Netossl + SetPermPeers(inst, inst->pPermPeersRoot); + + /* all ok, ready to start up */ + inst->bEnableLstn = -1; + +finalize_it: +CODE_STD_FINALIZERnewInpInst + cnfparamvalsDestruct(pvals, &inppblk); +ENDnewInpInst + + +BEGINbeginCnfLoad +CODESTARTbeginCnfLoad + loadModConf = pModConf; + pModConf->pConf = pConf; + pModConf->pszBindRuleset = NULL; + pModConf->drvrAuthMode = OSSL_AUTH_CERTANON; + /* init legacy config variables */ + cs.pszBindRuleset = NULL; +ENDbeginCnfLoad + + +BEGINsetModCnf + struct cnfparamvals *pvals = NULL; + int i; +CODESTARTsetModCnf + pvals = nvlstGetParams(lst, &modpblk, NULL); + if(pvals == NULL) { + LogError(0, RS_RET_MISSING_CNFPARAMS, "imdtls: error processing module " + "config parameters [module(...)]"); + ABORT_FINALIZE(RS_RET_MISSING_CNFPARAMS); + } + + if(Debug) { + dbgprintf("module (global) param blk for imdtls:\n"); + cnfparamsPrint(&modpblk, pvals); + } + + for(i = 0 ; i < modpblk.nParams ; ++i) { + if(!pvals[i].bUsed) + continue; + if(!strcmp(modpblk.descr[i].name, "tls.authmode")) { + char* pszAuthMode = es_str2cstr(pvals[i].val.d.estr, NULL); + if(!strcasecmp(pszAuthMode, "fingerprint")) + loadModConf->drvrAuthMode = OSSL_AUTH_CERTFINGERPRINT; + else if(!strcasecmp(pszAuthMode, "name")) + loadModConf->drvrAuthMode = OSSL_AUTH_CERTNAME; + else if(!strcasecmp(pszAuthMode, "certvalid")) + loadModConf->drvrAuthMode = OSSL_AUTH_CERTVALID; + else + loadModConf->drvrAuthMode = OSSL_AUTH_CERTANON; + free(pszAuthMode); + } else if(!strcmp(modpblk.descr[i].name, "ruleset")) { + loadModConf->pszBindRuleset = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); + } else { + dbgprintf("imdtls: program error, non-handled " + "param '%s' in beginCnfLoad\n", modpblk.descr[i].name); + } + } +finalize_it: + if(pvals != NULL) + cnfparamvalsDestruct(pvals, &modpblk); +ENDsetModCnf + + +BEGINendCnfLoad +CODESTARTendCnfLoad + if(loadModConf->pszBindRuleset == NULL) { + if((cs.pszBindRuleset == NULL) || (cs.pszBindRuleset[0] == '\0')) { + loadModConf->pszBindRuleset = NULL; + } else { + CHKmalloc(loadModConf->pszBindRuleset = ustrdup(cs.pszBindRuleset)); + } + } else { + if((cs.pszBindRuleset != NULL) && (cs.pszBindRuleset[0] != '\0')) { + LogError(0, RS_RET_DUP_PARAM, "imdtls: ruleset " + "set via legacy directive ignored"); + } + } +finalize_it: + free(cs.pszBindRuleset); + cs.pszBindRuleset = NULL; + loadModConf = NULL; /* done loading */ +ENDendCnfLoad + + +BEGINcheckCnf + instanceConf_t *inst; +CODESTARTcheckCnf + for(inst = pModConf->root ; inst != NULL ; inst = inst->next) { + if(inst->pszBindRuleset == NULL && pModConf->pszBindRuleset != NULL) { + CHKmalloc(inst->pszBindRuleset = ustrdup(pModConf->pszBindRuleset)); + } + std_checkRuleset(pModConf, inst); + } +finalize_it: +ENDcheckCnf + + +BEGINactivateCnfPrePrivDrop + instanceConf_t *inst; +CODESTARTactivateCnfPrePrivDrop + runModConf = pModConf; + DBGPRINTF("imdtls: activate addListners for dtls\n"); + for(inst = runModConf->root ; inst != NULL ; inst = inst->next) { + addListner(pModConf, inst); + } +ENDactivateCnfPrePrivDrop + +BEGINactivateCnf +CODESTARTactivateCnf +ENDactivateCnf + + +BEGINfreeCnf + instanceConf_t *inst, *del; + int i; +CODESTARTfreeCnf + for(inst = pModConf->root ; inst != NULL ; ) { + free(inst->pszBindPort); + if (inst->pszBindAddr != NULL) { + free(inst->pszBindAddr); + } + free(inst->pszBindRuleset); + free(inst->pszInputName); + + // --- CleanUP OpenSSL ressources + // Remove SSL CLients + if(inst->dtlsClients != NULL) { + for (i = 0; i < MAX_DTLS_CLIENTS; ++i) { + DTLScleanupSession(inst, i); + free(inst->dtlsClients[i]); + } + free(inst->dtlsClients); + } + + // DeConstruct pNetOssl helper + net_ossl.Destruct(&inst->pNetOssl); + + // --- + + if(inst->pPermPeersRoot != NULL) { + net.DestructPermittedPeers(&inst->pPermPeersRoot); + } + + if(inst->bEnableLstn) { + prop.Destruct(&inst->pInputName); + statsobj.Destruct(&(inst->stats)); + } + del = inst; + inst = inst->next; + free(del); + } + free(pModConf->pszBindRuleset); +ENDfreeCnf + + + +/* This function is called to gather input. + * In essence, it just starts the pool of workers. To save resources, + * we run one of the workers on our own thread -- otherwise that thread would + * just idle around and wait for the workers to finish. + */ +BEGINrunInput + instanceConf_t *inst; + pthread_attr_t wrkrThrdAttr; +CODESTARTrunInput + pthread_attr_init(&wrkrThrdAttr); + pthread_attr_setstacksize(&wrkrThrdAttr, 4096*1024); + + DBGPRINTF("imdtls: create dtls handling threads\n"); + for(inst = runModConf->root ; inst != NULL ; inst = inst->next) { + if(inst->bEnableLstn) { + pthread_create(&inst->tid, &wrkrThrdAttr, startDtlsHandler, inst); + } + } + pthread_attr_destroy(&wrkrThrdAttr); + + DBGPRINTF("imdtls: starting to wait for close condition\n"); + while(glbl.GetGlobalInputTermState() == 0) { + srSleep(0, 400000); + } + + DBGPRINTF("imdtls: received close signal, signaling instance threads...\n"); + for (inst = runModConf->root; inst != NULL; inst = inst->next) { + pthread_kill(inst->tid, SIGTTIN); + DTLSCloseSocket(inst); + } + + DBGPRINTF("imdtls: threads signaled, waiting for join..."); + for (inst = runModConf->root ; inst != NULL ; inst = inst->next) { + pthread_join(inst->tid, NULL); + } + + DBGPRINTF("imdtls: finished threads, stopping\n"); +ENDrunInput + + +BEGINwillRun +CODESTARTwillRun + /* we need to create the inputName property (only once during our lifetime) */ + CHKiRet(prop.Construct(&pInputName)); + CHKiRet(prop.SetString(pInputName, UCHAR_CONSTANT("imdtls"), sizeof("imdtls") - 1)); + CHKiRet(prop.ConstructFinalize(pInputName)); +finalize_it: +ENDwillRun + +/* This function is called by the framework after runInput() has been terminated. It + * shall free any resources and prepare the module for unload. + * CODEqueryEtryPt_STD_IMOD_QUERIES + */ +BEGINafterRun +CODESTARTafterRun + /* TODO: do cleanup here ?! */ + dbgprintf("imdtls: AfterRun\n"); + if(pInputName != NULL) + prop.Destruct(&pInputName); +ENDafterRun + +BEGINmodExit +CODESTARTmodExit + DBGPRINTF("imdtls: modExit\n"); + /* release objects we used */ + objRelease(net_ossl, LM_NET_OSSL_FILENAME); + objRelease(statsobj, CORE_COMPONENT); + objRelease(ruleset, CORE_COMPONENT); + objRelease(datetime, CORE_COMPONENT); + objRelease(prop, CORE_COMPONENT); + objRelease(net, LM_NET_FILENAME); + objRelease(glbl, CORE_COMPONENT); +ENDmodExit + +BEGINisCompatibleWithFeature +CODESTARTisCompatibleWithFeature + if(eFeat == sFEATURENonCancelInputTermination) + iRet = RS_RET_OK; +ENDisCompatibleWithFeature + +BEGINqueryEtryPt +CODESTARTqueryEtryPt +CODEqueryEtryPt_STD_IMOD_QUERIES +CODEqueryEtryPt_STD_CONF2_QUERIES +CODEqueryEtryPt_STD_CONF2_setModCnf_QUERIES +CODEqueryEtryPt_STD_CONF2_PREPRIVDROP_QUERIES +CODEqueryEtryPt_STD_CONF2_IMOD_QUERIES +CODEqueryEtryPt_IsCompatibleWithFeature_IF_OMOD_QUERIES +ENDqueryEtryPt + +BEGINmodInit() +CODESTARTmodInit + *ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */ +CODEmodInit_QueryRegCFSLineHdlr + DBGPRINTF("imdtls: modInit\n"); + /* request objects we use */ + CHKiRet(objUse(glbl, CORE_COMPONENT)); + CHKiRet(objUse(prop, CORE_COMPONENT)); + CHKiRet(objUse(net, LM_NET_FILENAME)); + CHKiRet(objUse(net_ossl, LM_NET_OSSL_FILENAME)); + CHKiRet(objUse(datetime, CORE_COMPONENT)); + CHKiRet(objUse(ruleset, CORE_COMPONENT)); + CHKiRet(objUse(statsobj, CORE_COMPONENT)); +ENDmodInit |