summaryrefslogtreecommitdiffstats
path: root/plugins/imdtls
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/imdtls')
-rw-r--r--plugins/imdtls/Makefile.am6
-rw-r--r--plugins/imdtls/Makefile.in797
-rw-r--r--plugins/imdtls/imdtls.c1164
3 files changed, 1967 insertions, 0 deletions
diff --git a/plugins/imdtls/Makefile.am b/plugins/imdtls/Makefile.am
new file mode 100644
index 0000000..bf544b3
--- /dev/null
+++ b/plugins/imdtls/Makefile.am
@@ -0,0 +1,6 @@
+pkglib_LTLIBRARIES = imdtls.la
+imdtls_la_DEPENDENCIES = ../../runtime/lmnsd_ossl.la
+imdtls_la_SOURCES = imdtls.c
+imdtls_la_CPPFLAGS = -I$(top_srcdir) $(PTHREADS_CFLAGS) $(RSRT_CFLAGS) $(OPENSSL_CFLAGS)
+imdtls_la_LDFLAGS = -module -avoid-version
+imdtls_la_LIBADD = $(OPENSSL_LIBS) ../../runtime/lmnsd_ossl.la
diff --git a/plugins/imdtls/Makefile.in b/plugins/imdtls/Makefile.in
new file mode 100644
index 0000000..03043f4
--- /dev/null
+++ b/plugins/imdtls/Makefile.in
@@ -0,0 +1,797 @@
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = plugins/imdtls
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/ac_check_define.m4 \
+ $(top_srcdir)/m4/atomic_operations.m4 \
+ $(top_srcdir)/m4/atomic_operations_64bit.m4 \
+ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
+ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
+ $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+am__installdirs = "$(DESTDIR)$(pkglibdir)"
+LTLIBRARIES = $(pkglib_LTLIBRARIES)
+am__DEPENDENCIES_1 =
+am_imdtls_la_OBJECTS = imdtls_la-imdtls.lo
+imdtls_la_OBJECTS = $(am_imdtls_la_OBJECTS)
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+imdtls_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(imdtls_la_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/imdtls_la-imdtls.Plo
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
+SOURCES = $(imdtls_la_SOURCES)
+DIST_SOURCES = $(imdtls_la_SOURCES)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+APU_CFLAGS = @APU_CFLAGS@
+APU_LIBS = @APU_LIBS@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CIVETWEB_LIBS = @CIVETWEB_LIBS@
+CONF_FILE_PATH = @CONF_FILE_PATH@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CURL_CFLAGS = @CURL_CFLAGS@
+CURL_LIBS = @CURL_LIBS@
+CYGPATH_W = @CYGPATH_W@
+CZMQ_CFLAGS = @CZMQ_CFLAGS@
+CZMQ_LIBS = @CZMQ_LIBS@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DL_LIBS = @DL_LIBS@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FAUP_LIBS = @FAUP_LIBS@
+FGREP = @FGREP@
+GLIB_CFLAGS = @GLIB_CFLAGS@
+GLIB_LIBS = @GLIB_LIBS@
+GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
+GNUTLS_LIBS = @GNUTLS_LIBS@
+GREP = @GREP@
+GSS_LIBS = @GSS_LIBS@
+GT_KSI_LS12_CFLAGS = @GT_KSI_LS12_CFLAGS@
+GT_KSI_LS12_LIBS = @GT_KSI_LS12_LIBS@
+HASH_XXHASH_LIBS = @HASH_XXHASH_LIBS@
+HIREDIS_CFLAGS = @HIREDIS_CFLAGS@
+HIREDIS_LIBS = @HIREDIS_LIBS@
+IMUDP_LIBS = @IMUDP_LIBS@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+IP = @IP@
+JAVA = @JAVA@
+JAVAC = @JAVAC@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBCAPNG_CFLAGS = @LIBCAPNG_CFLAGS@
+LIBCAPNG_LIBS = @LIBCAPNG_LIBS@
+LIBCAPNG_PRESENT_CFLAGS = @LIBCAPNG_PRESENT_CFLAGS@
+LIBCAPNG_PRESENT_LIBS = @LIBCAPNG_PRESENT_LIBS@
+LIBDBI_CFLAGS = @LIBDBI_CFLAGS@
+LIBDBI_LIBS = @LIBDBI_LIBS@
+LIBESTR_CFLAGS = @LIBESTR_CFLAGS@
+LIBESTR_LIBS = @LIBESTR_LIBS@
+LIBEVENT_CFLAGS = @LIBEVENT_CFLAGS@
+LIBEVENT_LIBS = @LIBEVENT_LIBS@
+LIBFASTJSON_CFLAGS = @LIBFASTJSON_CFLAGS@
+LIBFASTJSON_LIBS = @LIBFASTJSON_LIBS@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
+LIBLOGGING_CFLAGS = @LIBLOGGING_CFLAGS@
+LIBLOGGING_LIBS = @LIBLOGGING_LIBS@
+LIBLOGGING_STDLOG_CFLAGS = @LIBLOGGING_STDLOG_CFLAGS@
+LIBLOGGING_STDLOG_LIBS = @LIBLOGGING_STDLOG_LIBS@
+LIBLOGNORM_CFLAGS = @LIBLOGNORM_CFLAGS@
+LIBLOGNORM_LIBS = @LIBLOGNORM_LIBS@
+LIBLZ4_CFLAGS = @LIBLZ4_CFLAGS@
+LIBLZ4_LIBS = @LIBLZ4_LIBS@
+LIBM = @LIBM@
+LIBMONGOC_CFLAGS = @LIBMONGOC_CFLAGS@
+LIBMONGOC_LIBS = @LIBMONGOC_LIBS@
+LIBOBJS = @LIBOBJS@
+LIBRDKAFKA_CFLAGS = @LIBRDKAFKA_CFLAGS@
+LIBRDKAFKA_LIBS = @LIBRDKAFKA_LIBS@
+LIBS = @LIBS@
+LIBSYSTEMD_CFLAGS = @LIBSYSTEMD_CFLAGS@
+LIBSYSTEMD_JOURNAL_CFLAGS = @LIBSYSTEMD_JOURNAL_CFLAGS@
+LIBSYSTEMD_JOURNAL_LIBS = @LIBSYSTEMD_JOURNAL_LIBS@
+LIBSYSTEMD_LIBS = @LIBSYSTEMD_LIBS@
+LIBTOOL = @LIBTOOL@
+LIBUUID_CFLAGS = @LIBUUID_CFLAGS@
+LIBUUID_LIBS = @LIBUUID_LIBS@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MYSQL_CFLAGS = @MYSQL_CFLAGS@
+MYSQL_CONFIG = @MYSQL_CONFIG@
+MYSQL_LIBS = @MYSQL_LIBS@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
+OPENSSL_LIBS = @OPENSSL_LIBS@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PGSQL_CFLAGS = @PGSQL_CFLAGS@
+PGSQL_LIBS = @PGSQL_LIBS@
+PG_CONFIG = @PG_CONFIG@
+PID_FILE_PATH = @PID_FILE_PATH@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PROTON_CFLAGS = @PROTON_CFLAGS@
+PROTON_LIBS = @PROTON_LIBS@
+PROTON_PROACTOR_CFLAGS = @PROTON_PROACTOR_CFLAGS@
+PROTON_PROACTOR_LIBS = @PROTON_PROACTOR_LIBS@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
+RABBITMQ_CFLAGS = @RABBITMQ_CFLAGS@
+RABBITMQ_LIBS = @RABBITMQ_LIBS@
+RANLIB = @RANLIB@
+READLINK = @READLINK@
+REDIS = @REDIS@
+RELP_CFLAGS = @RELP_CFLAGS@
+RELP_LIBS = @RELP_LIBS@
+RSRT_CFLAGS = @RSRT_CFLAGS@
+RSRT_CFLAGS1 = @RSRT_CFLAGS1@
+RSRT_LIBS = @RSRT_LIBS@
+RSRT_LIBS1 = @RSRT_LIBS1@
+RST2MAN = @RST2MAN@
+RT_LIBS = @RT_LIBS@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SNMP_CFLAGS = @SNMP_CFLAGS@
+SNMP_LIBS = @SNMP_LIBS@
+SOL_LIBS = @SOL_LIBS@
+STRIP = @STRIP@
+TCL_BIN_DIR = @TCL_BIN_DIR@
+TCL_INCLUDE_SPEC = @TCL_INCLUDE_SPEC@
+TCL_LIB_FILE = @TCL_LIB_FILE@
+TCL_LIB_FLAG = @TCL_LIB_FLAG@
+TCL_LIB_SPEC = @TCL_LIB_SPEC@
+TCL_PATCH_LEVEL = @TCL_PATCH_LEVEL@
+TCL_SRC_DIR = @TCL_SRC_DIR@
+TCL_STUB_LIB_FILE = @TCL_STUB_LIB_FILE@
+TCL_STUB_LIB_FLAG = @TCL_STUB_LIB_FLAG@
+TCL_STUB_LIB_SPEC = @TCL_STUB_LIB_SPEC@
+TCL_VERSION = @TCL_VERSION@
+UDPSPOOF_CFLAGS = @UDPSPOOF_CFLAGS@
+UDPSPOOF_LIBS = @UDPSPOOF_LIBS@
+VALGRIND = @VALGRIND@
+VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
+WARN_LDFLAGS = @WARN_LDFLAGS@
+WARN_SCANNERFLAGS = @WARN_SCANNERFLAGS@
+WGET = @WGET@
+YACC = @YACC@
+YACC_FOUND = @YACC_FOUND@
+YFLAGS = @YFLAGS@
+ZLIB_CFLAGS = @ZLIB_CFLAGS@
+ZLIB_LIBS = @ZLIB_LIBS@
+ZSTD_CFLAGS = @ZSTD_CFLAGS@
+ZSTD_LIBS = @ZSTD_LIBS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+moddirs = @moddirs@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
+runstatedir = @runstatedir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+pkglib_LTLIBRARIES = imdtls.la
+imdtls_la_DEPENDENCIES = ../../runtime/lmnsd_ossl.la
+imdtls_la_SOURCES = imdtls.c
+imdtls_la_CPPFLAGS = -I$(top_srcdir) $(PTHREADS_CFLAGS) $(RSRT_CFLAGS) $(OPENSSL_CFLAGS)
+imdtls_la_LDFLAGS = -module -avoid-version
+imdtls_la_LIBADD = $(OPENSSL_LIBS) ../../runtime/lmnsd_ossl.la
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu plugins/imdtls/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu plugins/imdtls/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+install-pkglibLTLIBRARIES: $(pkglib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ @list='$(pkglib_LTLIBRARIES)'; test -n "$(pkglibdir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(MKDIR_P) '$(DESTDIR)$(pkglibdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(pkglibdir)" || exit 1; \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(pkglibdir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(pkglibdir)"; \
+ }
+
+uninstall-pkglibLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(pkglib_LTLIBRARIES)'; test -n "$(pkglibdir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(pkglibdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(pkglibdir)/$$f"; \
+ done
+
+clean-pkglibLTLIBRARIES:
+ -test -z "$(pkglib_LTLIBRARIES)" || rm -f $(pkglib_LTLIBRARIES)
+ @list='$(pkglib_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+
+imdtls.la: $(imdtls_la_OBJECTS) $(imdtls_la_DEPENDENCIES) $(EXTRA_imdtls_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(imdtls_la_LINK) -rpath $(pkglibdir) $(imdtls_la_OBJECTS) $(imdtls_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imdtls_la-imdtls.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+ @$(MKDIR_P) $(@D)
+ @echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
+
+.c.o:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+imdtls_la-imdtls.lo: imdtls.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(imdtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT imdtls_la-imdtls.lo -MD -MP -MF $(DEPDIR)/imdtls_la-imdtls.Tpo -c -o imdtls_la-imdtls.lo `test -f 'imdtls.c' || echo '$(srcdir)/'`imdtls.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/imdtls_la-imdtls.Tpo $(DEPDIR)/imdtls_la-imdtls.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='imdtls.c' object='imdtls_la-imdtls.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(imdtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o imdtls_la-imdtls.lo `test -f 'imdtls.c' || echo '$(srcdir)/'`imdtls.c
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ set x; \
+ here=`pwd`; \
+ $(am__define_uniq_tagged_files); \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(pkglibdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-pkglibLTLIBRARIES \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -f ./$(DEPDIR)/imdtls_la-imdtls.Plo
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-pkglibLTLIBRARIES
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f ./$(DEPDIR)/imdtls_la-imdtls.Plo
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pkglibLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \
+ clean-generic clean-libtool clean-pkglibLTLIBRARIES \
+ cscopelist-am ctags ctags-am distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-pkglibLTLIBRARIES install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
+ uninstall-am uninstall-pkglibLTLIBRARIES
+
+.PRECIOUS: Makefile
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/plugins/imdtls/imdtls.c b/plugins/imdtls/imdtls.c
new file mode 100644
index 0000000..6501d9c
--- /dev/null
+++ b/plugins/imdtls/imdtls.c
@@ -0,0 +1,1164 @@
+/**
+ * The dtls input module, uses OpenSSL as library to implement DTLS.
+ *
+ * \author Andre Lorbach <alorbach@adiscon.com>
+ *
+ * Copyright (C) 2023 Adiscon GmbH.
+ *
+ * This file is part of rsyslog.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * -or-
+ * see COPYING.ASL20 in the source distribution
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "config.h"
+
+#include <stdio.h>
+#include <arpa/inet.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/errno.h>
+#include <poll.h>
+#include <assert.h>
+#include <time.h>
+
+// --- Include openssl headers as well
+#include <openssl/ssl.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER)
+# include <openssl/bioerr.h>
+#endif
+#include <openssl/engine.h>
+// ---
+
+#include "rsyslog.h"
+#include "dirty.h"
+#include "module-template.h"
+#include "cfsysline.h"
+#include "msg.h"
+#include "errmsg.h"
+#include "glbl.h"
+#include "srUtils.h"
+#include "msg.h"
+#include "parser.h"
+#include "datetime.h"
+#include "net.h"
+#include "net_ossl.h"
+#include "prop.h"
+#include "ruleset.h"
+#include "statsobj.h"
+#include "unicode-helper.h"
+
+MODULE_TYPE_INPUT
+MODULE_TYPE_NOKEEP
+MODULE_CNFNAME("imdtls")
+
+/* defines */
+#define MAX_DTLS_CLIENTS 1024
+#define MAX_DTLS_MSGSIZE 65536
+#define DTLS_LISTEN_PORT "4433"
+// 1800 seconds = 30 minutes
+#define DTLS_DEFAULT_TIMEOUT 1800
+
+/* Module static data */
+DEF_OMOD_STATIC_DATA
+DEFobjCurrIf(glbl)
+DEFobjCurrIf(datetime)
+DEFobjCurrIf(prop)
+DEFobjCurrIf(ruleset)
+DEFobjCurrIf(statsobj)
+DEFobjCurrIf(net)
+DEFobjCurrIf(net_ossl)
+
+#define DTLS_MAX_RCVBUF 8192 /* Maximum DTLS packet is 8192 bytes which fits into Jumbo Frames. If not enabled
+ * message fragmentation (Ethernet MTU of ~ 1500 bytes) can occur.*/
+
+/* config settings */
+typedef struct configSettings_s {
+ uchar *pszBindRuleset; /* name of Ruleset to bind to */
+} configSettings_t;
+static configSettings_t cs;
+
+struct dtlsClient_s {
+ SSL* sslClient; /* DTSL (SSL) Client */
+ time_t lastActivityTime; /* Last Activity Time */
+ int clientfd; /* ClientFD */
+};
+
+// Use typedef to define a type 'dtlsClient_t' based on 'struct dtlsClient_s'
+typedef struct dtlsClient_s dtlsClient_t;
+
+struct instanceConf_s {
+ /* Network properties */
+ uchar *pszBindAddr; /* Listening IP Address */
+ uchar *pszBindPort; /* Port to bind socket to */
+ int timeout; /* Default timeout for DTLS Sessions */
+ /* Common properties */
+ uchar *pszBindRuleset; /* name of ruleset to bind to */
+ uchar *pszInputName;
+ prop_t *pInputName; /* InputName in property format for fast access */
+ ruleset_t *pBindRuleset; /* ruleset to bind listener to (use system default if unspecified) */
+ sbool bEnableLstn; /* flag to permit disabling of listener in error case */
+ statsobj_t *stats; /* listener stats */
+ STATSCOUNTER_DEF(ctrSubmit, mutCtrSubmit)
+ /* OpenSSL properties */
+ uchar *tlscfgcmd; /* OpenSSL Config Command used to override any OpenSSL Settings */
+ permittedPeers_t *pPermPeersRoot; /* permitted peers */
+ int CertVerifyDepth; /* Verify Depth for certificate chains */
+ /* Instance Variables */
+ char *pszRcvBuf;
+ int lenRcvBuf;
+ /**< -1: empty, 0: connection closed, 1..NSD_OSSL_MAX_RCVBUF-1: data of that size present */
+ int ptrRcvBuf; /**< offset for next recv operation if 0 < lenRcvBuf < NSD_OSSL_MAX_RCVBUF */
+
+ /* OpenSSL and Config Cert vars inside net_ossl_t now */
+ net_ossl_t *pNetOssl; /* OSSL shared Config and object vars are here */
+ int nClients; /* */
+ dtlsClient_t **dtlsClients; /* Array of DTSL (SSL) Clients */
+ int sockfd; /* UDP Socket used to bind to */
+ struct sockaddr_in server_addr; /* Server Sockaddr */
+ int port; /* Server Port as integer */
+
+ int id; /* Thread ID */
+ thrdInfo_t *pThrd; /* Thread Instance Info */
+ pthread_t tid; /* the instances thread ID */
+
+ struct instanceConf_s *next;
+ struct instanceConf_s *prev;
+};
+
+/* config variables */
+struct modConfData_s {
+ rsconf_t *pConf; /* our overall config object */
+ instanceConf_t *root, *tail;
+ uchar *pszBindRuleset; /* default name of Ruleset to bind to */
+ AuthMode drvrAuthMode; /* authenticate peer if no other name given */
+};
+
+static modConfData_t *loadModConf = NULL;/* modConf ptr to use for the current load process */
+static modConfData_t *runModConf = NULL;/* modConf ptr to use for the current load process */
+
+static prop_t *pInputName = NULL;
+
+/* module-global parameters */
+static struct cnfparamdescr modpdescr[] = {
+ { "ruleset", eCmdHdlrGetWord, 0 },
+ { "tls.authmode", eCmdHdlrString, 0 },
+};
+static struct cnfparamblk modpblk =
+ { CNFPARAMBLK_VERSION,
+ sizeof(modpdescr)/sizeof(struct cnfparamdescr),
+ modpdescr
+ };
+
+/* input instance parameters */
+static struct cnfparamdescr inppdescr[] = {
+ { "port", eCmdHdlrString, CNFPARAM_REQUIRED },
+ { "address", eCmdHdlrString, 0 },
+ { "timeout", eCmdHdlrPositiveInt, 0 },
+ { "name", eCmdHdlrString, 0 },
+ { "ruleset", eCmdHdlrString, 0 },
+ { "tls.permittedpeer", eCmdHdlrArray, 0 },
+ { "tls.authmode", eCmdHdlrString, 0 },
+ { "tls.cacert", eCmdHdlrString, 0 },
+ { "tls.mycert", eCmdHdlrString, 0 },
+ { "tls.myprivkey", eCmdHdlrString, 0 },
+ { "tls.tlscfgcmd", eCmdHdlrString, 0 }
+};
+static struct cnfparamblk inppblk =
+ { CNFPARAMBLK_VERSION,
+ sizeof(inppdescr)/sizeof(struct cnfparamdescr),
+ inppdescr
+ };
+#include "im-helper.h" /* must be included AFTER the type definitions! */
+
+/* create input instance, set default parameters, and
+ * add it to the list of instances.
+ */
+static rsRetVal
+createInstance(instanceConf_t **pinst)
+{
+ instanceConf_t *inst;
+ DEFiRet;
+ CHKmalloc(inst = malloc(sizeof(instanceConf_t)));
+ inst->next = NULL;
+
+ inst->pszBindAddr = NULL;
+ inst->pszBindPort = NULL;
+ inst->timeout = 1800;
+ inst->pszBindRuleset = loadModConf->pszBindRuleset;
+ inst->pszInputName = NULL;
+ inst->pBindRuleset = NULL;
+ inst->bEnableLstn = 0;
+
+ inst->tlscfgcmd = NULL;
+ inst->pPermPeersRoot = NULL;
+ inst->CertVerifyDepth = 2;
+
+ /* node created, let's add to config */
+ if(loadModConf->tail == NULL) {
+ loadModConf->tail = loadModConf->root = inst;
+ } else {
+ loadModConf->tail->next = inst;
+ loadModConf->tail = inst;
+ }
+
+ // Construct pNetOssl helper
+ CHKiRet(net_ossl.Construct(&inst->pNetOssl));
+ inst->pNetOssl->authMode = loadModConf->drvrAuthMode;
+
+ *pinst = inst;
+finalize_it:
+ RETiRet;
+}
+
+
+/* function to generate an error message if the ruleset cannot be found */
+static inline void
+std_checkRuleset_genErrMsg(__attribute__((unused)) modConfData_t *modConf, instanceConf_t *inst)
+{
+ LogError(0, NO_ERRCODE, "imdtls[%s]: ruleset '%s' not found - "
+ "using default ruleset instead",
+ inst->pszBindPort, inst->pszBindRuleset);
+}
+
+static void
+DTLSCloseSocket(instanceConf_t *inst) {
+ DBGPRINTF("imdtls: DTLSCloseSocket for %s:%d\n", inst->pszBindAddr, inst->port);
+ // Close UDP Socket
+ close(inst->sockfd);
+ inst->sockfd = 0;
+}
+
+static rsRetVal
+DTLSCreateSocket(instanceConf_t *inst) {
+ DEFiRet;
+ int optval = 1;
+ int flags;
+
+ struct in_addr ip_struct;
+ DBGPRINTF("imdtls: DTLSCreateSocket for %s:%d\n", inst->pszBindAddr, inst->port);
+
+ // Create UDP Socket
+ inst->sockfd = socket(AF_INET, SOCK_DGRAM, 0);
+ if (inst->sockfd < 0) {
+ LogError(0, NO_ERRCODE, "imdtls: Unable to create DTLS listener,"
+ " failed to create socket, "
+ " ignoring port %d bind-address %s.",
+ inst->port, inst->pszBindAddr);
+ ABORT_FINALIZE(RS_RET_ERR);
+ }
+ setsockopt(inst->sockfd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval));
+ setsockopt(inst->sockfd, SOL_SOCKET, SO_REUSEPORT, &optval, sizeof(optval));
+
+ // Set NON Blcoking Flags
+ flags = fcntl(inst->sockfd, F_GETFL, 0);
+ fcntl(inst->sockfd, F_SETFL, flags | O_NONBLOCK);
+
+ // Convert IP Address into numeric
+ if (inet_pton(AF_INET, (char*) inst->pszBindAddr, &ip_struct) <= 0) {
+ LogError(0, NO_ERRCODE, "imdtls: Unable to create DTLS listener,"
+ " invalid Bind Address, "
+ " ignoring port %d bind-address %s.",
+ inst->port, inst->pszBindAddr);
+ ABORT_FINALIZE(RS_RET_ERR);
+ }
+
+ // Set Server Address
+ memset(&inst->server_addr, 0, sizeof(struct sockaddr_in));
+ inst->server_addr.sin_family = AF_INET;
+ inst->server_addr.sin_port = htons(inst->port);
+ inst->server_addr.sin_addr.s_addr = htonl(ip_struct.s_addr);
+
+ // Bind UDP Socket
+ if (bind(inst->sockfd, (struct sockaddr*)&inst->server_addr, sizeof(struct sockaddr_in)) < 0) {
+ LogError(0, NO_ERRCODE, "imdtls: Unable to create DTLS listener,"
+ " unable to bind, "
+ " ignoring port %d bind-address %s.",
+ inst->port, inst->pszBindAddr);
+ ABORT_FINALIZE(RS_RET_ERR);
+ }
+finalize_it:
+ RETiRet;
+}
+
+/* Verify Callback for X509 Certificate validation. Force visibility as this function is not called anywhere but
+* only used as callback!
+*/
+static int
+imdtls_verify_callback(int status, SSL* ssl)
+{
+ DEFiRet;
+ X509 *certpeer;
+ instanceConf_t *inst = NULL;
+
+ dbgprintf("imdtls_verify_callback: get SSL [%p]\n", (void *)ssl);
+ inst = (instanceConf_t*) SSL_get_ex_data(ssl, 2);
+
+ /* Continue check if certificate verify was valid */
+ if (status == 1) {
+ if ( ssl != NULL &&
+ inst != NULL) {
+ /* call the actual function based on current auth mode */
+ switch(inst->pNetOssl->authMode) {
+ case OSSL_AUTH_CERTNAME:
+ /* if we check the name, we must ensure the cert is valid */
+ certpeer = net_ossl_getpeercert(inst->pNetOssl, ssl, NULL);
+ dbgprintf("imdtls_verify_callback: Check peer certname[%p]=%s\n",
+ (void *)ssl, (certpeer != NULL ? "VALID" : "NULL"));
+ CHKiRet(net_ossl_chkpeercertvalidity(inst->pNetOssl, ssl, NULL));
+ CHKiRet(net_ossl_chkpeername(inst->pNetOssl, certpeer, NULL));
+ break;
+ case OSSL_AUTH_CERTFINGERPRINT:
+ certpeer = net_ossl_getpeercert(inst->pNetOssl, ssl, NULL);
+ dbgprintf("imdtls_verify_callback: Check peer fingerprint[%p]=%s\n",
+ (void *)ssl, (certpeer != NULL ? "VALID" : "NULL"));
+ CHKiRet(net_ossl_chkpeercertvalidity(inst->pNetOssl, ssl, NULL));
+ CHKiRet(net_ossl_peerfingerprint(inst->pNetOssl, certpeer, NULL));
+ break;
+ case OSSL_AUTH_CERTVALID:
+ certpeer = net_ossl_getpeercert(inst->pNetOssl, ssl, NULL);
+ dbgprintf("imdtls_verify_callback: Check peer valid[%p]=%s\n",
+ (void *)ssl, (certpeer != NULL ? "VALID" : "NULL"));
+ CHKiRet(net_ossl_chkpeercertvalidity(inst->pNetOssl, ssl, NULL));
+ break;
+ case OSSL_AUTH_CERTANON:
+ dbgprintf("imdtls_verify_callback: ANON[%p]\n", (void *)ssl);
+ FINALIZE;
+ break;
+ }
+ } else {
+ LogMsg(0, RS_RET_NO_ERRCODE, LOG_WARNING, "imdtls_verify_callback: MISSING ssl or inst!");
+ }
+ }
+finalize_it:
+ if(iRet != RS_RET_OK) {
+ DBGPRINTF("imdtls_verify_callback: FAILED\n");
+ status = 0;
+ }
+ return status;
+}
+
+
+static rsRetVal
+addListner(modConfData_t __attribute__((unused)) *modConf, instanceConf_t *inst)
+{
+ uchar statname[64];
+ DEFiRet;
+ DBGPRINTF("imdtls: addListner ENTER\n");
+
+ if(!inst->bEnableLstn) {
+ DBGPRINTF("imdtls: DTLS Listener not started because it is disabled by config error\n");
+ FINALIZE;
+ }
+
+ inst->pszInputName = ustrdup((inst->pszInputName == NULL) ? UCHAR_CONSTANT("imdtls") : inst->pszInputName);
+ CHKiRet(prop.Construct(&inst->pInputName));
+ CHKiRet(prop.SetString(inst->pInputName, inst->pszInputName, ustrlen(inst->pszInputName)));
+ CHKiRet(prop.ConstructFinalize(inst->pInputName));
+
+ /* Init defaults */
+ if (inst->pszBindPort == NULL) {
+ CHKmalloc(inst->pszBindPort = ustrdup((uchar*) DTLS_LISTEN_PORT));
+ }
+
+ /* Init SSL Handles! */
+ CHKmalloc(inst->dtlsClients = (dtlsClient_t**) calloc(MAX_DTLS_CLIENTS, sizeof(dtlsClient_t*)));
+ for (int i = 0; i < MAX_DTLS_CLIENTS; ++i) {
+ CHKmalloc(inst->dtlsClients[i] = (dtlsClient_t*) calloc(1, sizeof(dtlsClient_t)));
+ }
+ inst->nClients = 0;
+
+ /* support statistics gathering */
+ CHKiRet(statsobj.Construct(&(inst->stats)));
+ snprintf((char*)statname, sizeof(statname), "%s(%s)",
+ inst->pszInputName, inst->pszBindPort);
+ statname[sizeof(statname)-1] = '\0'; /* just to be on the save side... */
+ CHKiRet(statsobj.SetName(inst->stats, statname));
+ CHKiRet(statsobj.SetOrigin(inst->stats, (uchar*)"imdtls"));
+ STATSCOUNTER_INIT(inst->ctrSubmit, inst->mutCtrSubmit);
+ CHKiRet(statsobj.AddCounter(inst->stats, UCHAR_CONSTANT("submitted"),
+ ctrType_IntCtr, CTR_FLAG_RESETTABLE, &(inst->ctrSubmit)));
+ CHKiRet(statsobj.ConstructFinalize(inst->stats));
+ /* end stats counters */
+
+ // Init OpenSSL Context with DTLS_server_method
+ CHKiRet(net_ossl.osslCtxInit(inst->pNetOssl, DTLS_method()));
+
+# if OPENSSL_VERSION_NUMBER >= 0x10002000L
+ // Init OpenSSL Cookie Callbacks
+ CHKiRet(net_ossl.osslCtxInitCookie(inst->pNetOssl));
+# endif
+ // Run openssl config commands in Context
+ CHKiRet(net_ossl_apply_tlscgfcmd(inst->pNetOssl, inst->tlscfgcmd));
+
+ // Init Socket
+ CHKiRet(DTLSCreateSocket(inst));
+finalize_it:
+ if(iRet != RS_RET_OK) {
+ LogError(0, NO_ERRCODE, "DTLS Listener for thread failed to create UDP socket "
+ "for thread %s is not functional!", inst->pszInputName);
+ } else {
+ DBGPRINTF("imdtls: DTLS Listener for thread %s added\n", inst->pszInputName);
+ }
+ RETiRet;
+}
+
+static rsRetVal
+processMsg(instanceConf_t *inst, dtlsClient_t *dtlsClient, char *msg, size_t lenMsg)
+{
+ DEFiRet;
+ smsg_t *pMsg = NULL;
+ prop_t *pProp = NULL;
+ BIO *wbio;
+ BIO_ADDR *peer_addr;
+
+ /* Get Gentime */
+ time_t ttGenTime = 0;
+ struct syslogTime stTime;
+ datetime.getCurrTime(&stTime, &ttGenTime, TIME_IN_LOCALTIME);
+
+ /* we now create our own message object and submit it to the queue */
+ CHKiRet(msgConstructWithTime(&pMsg, &stTime, ttGenTime));
+ MsgSetRawMsg(pMsg, msg, lenMsg);
+ MsgSetInputName(pMsg, inst->pInputName);
+ MsgSetRuleset(pMsg, inst->pBindRuleset);
+ MsgSetFlowControlType(pMsg, eFLOWCTL_NO_DELAY);
+ pMsg->msgFlags = NEEDS_PARSING | PARSE_HOSTNAME;
+
+ // Obtain Sender from BIO
+ wbio = SSL_get_wbio(dtlsClient->sslClient);
+ peer_addr = BIO_ADDR_new();
+ if (BIO_dgram_get_peer(wbio, peer_addr)) {
+ char *pHostname = BIO_ADDR_hostname_string(peer_addr, 1);
+ DBGPRINTF("imdtls: processMsg Received message from %s: %s\n", pHostname, msg);
+ MsgSetRcvFromStr(pMsg, (uchar *)pHostname, strlen(pHostname), &pProp);
+ CHKiRet(prop.Destruct(&pProp));
+ OPENSSL_free(pHostname);
+ } else {
+ DBGPRINTF("imdtls: processMsg Received message from UNKNOWN: %s\n", msg);
+ }
+ BIO_ADDR_free(peer_addr);
+
+ // Update Activity
+ dtlsClient->lastActivityTime = time(NULL);
+
+ // Submit Message
+ CHKiRet(submitMsg2(pMsg));
+ STATSCOUNTER_INC(inst->ctrSubmit, inst->mutCtrSubmit);
+finalize_it:
+ RETiRet;
+}
+
+static void
+DTLScleanupSession(instanceConf_t *inst, int idx) {
+ if (inst->dtlsClients[idx]->sslClient != NULL) {
+ BIO *rbio = SSL_get_rbio(inst->dtlsClients[idx]->sslClient);
+ if (rbio) {
+ // Close socket FIRST!
+ int clientfd = -1;
+ BIO_get_fd(rbio, &clientfd);
+ if (clientfd != -1) {
+ close(clientfd);
+ }
+ }
+ SSL_free(inst->dtlsClients[idx]->sslClient);
+ DBGPRINTF("imdtls: DTLScleanupSession Socket/SSL for Client idx (%d) terminated.\n", idx);
+ }
+ inst->dtlsClients[idx]->sslClient = NULL;
+ inst->dtlsClients[idx]->lastActivityTime = 0;
+}
+
+static void
+DTLSAcceptSession(instanceConf_t *inst, int idx) {
+ int ret, err;
+ SSL* ssl = inst->dtlsClients[idx]->sslClient;
+ DBGPRINTF("imdtls: DTLSAcceptSession for Client idx (%d).\n", idx);
+
+ // Check if the handshake has already been completed
+ ret = SSL_get_state(ssl);
+ if (ret != TLS_ST_OK) {
+ // Existing client Finish handshake
+ ret = SSL_accept(ssl);
+ if (ret <= 0) {
+ err = SSL_get_error(ssl, ret);
+ if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) {
+ // Non-blocking operation did not complete; retry later
+ DBGPRINTF("imdtls: SSL_accept didn't complete (%d). Will retry.\n", err);
+ } else if(err == SSL_ERROR_SYSCALL) {
+ DBGPRINTF("imdtls: SSL_accept failed SSL_ERROR_SYSCALL idx (%d), removing client.\n",
+ idx);
+ net_ossl_lastOpenSSLErrorMsg(NULL, err, ssl, LOG_WARNING,
+ "DTLSHandleSessions", "SSL_accept");
+ DTLScleanupSession(inst, idx);
+ } else {
+ // An actual error occurred
+ DBGPRINTF("imdtls: SSL_accept failed (%d) idx (%d), removing client.\n", err, idx);
+ net_ossl_lastOpenSSLErrorMsg(NULL, err, ssl, LOG_ERR,
+ "DTLSHandleSessions", "SSL_accept");
+ DTLScleanupSession(inst, idx);
+ }
+ } else {
+ DBGPRINTF("imdtls: SSL_accept success idx (%d), adding client.\n", idx);
+ inst->dtlsClients[idx]->lastActivityTime = time(NULL);
+
+ int status = 1;
+ status = imdtls_verify_callback(status, ssl);
+ if (status == 0) {
+ LogMsg(0, RS_RET_NO_ERRCODE, LOG_WARNING,
+ "imdtls: Cert Verify FAILED for DTLS client idx (%d)",idx);
+ } else {
+ DBGPRINTF("imdtls: Cert Verify SUCCESS for DTLS client idx (%d)\n", idx);
+ }
+ }
+ } else {
+ DBGPRINTF("imdtls: SSL_get_state for DTLS client idx (%d) is %d\n", idx, ret);
+ }
+}
+
+static void
+DTLSTerminateClients(instanceConf_t *inst) {
+ // Process pending Client Data first!
+ for (int i = 0; i < MAX_DTLS_CLIENTS; ++i) {
+ if (inst->dtlsClients[i]->sslClient != NULL) {
+ DTLScleanupSession(inst, i);
+ }
+ }
+}
+
+static void
+DTLSReadClient(instanceConf_t *inst, int idx, short revents) {
+ int err;
+ SSL* ssl = inst->dtlsClients[idx]->sslClient;
+ DBGPRINTF("imdtls: DEBUG Check Client activity on index %d.\n", idx);
+ if (revents & POLLIN) {
+ if (ssl == NULL) {
+ DBGPRINTF("imdtls: DTLSHandleSessions MISSING SSL OBJ for index %d.\n", idx);
+ return;
+ }
+ DBGPRINTF("imdtls: Read Client activity on index %d.\n", idx);
+ char buf[MAX_DTLS_MSGSIZE];
+ int len = 0;
+ do {
+ len = SSL_read(ssl, buf, sizeof(buf) - 1);
+ if (len > 0) {
+ buf[len] = '\0';
+ processMsg(inst, inst->dtlsClients[idx], buf, len);
+ } else {
+ err = SSL_get_error(ssl, len);
+ if (err == SSL_ERROR_WANT_READ) {
+ DBGPRINTF("imdtls: SSL_ERROR_WANT_READ flush rbio on index %d.\n", idx);
+ BIO *rbio = SSL_get_rbio(ssl);
+ BIO_flush(rbio);
+ } else if (err == SSL_ERROR_WANT_WRITE) {
+ DBGPRINTF("imdtls: SSL_ERROR_WANT_WRITE flush wbio on index %d.\n", idx);
+ BIO *wbio = SSL_get_wbio(ssl);
+ BIO_flush(wbio);
+ } else if (err == SSL_ERROR_ZERO_RETURN) {
+ DBGPRINTF("imdtls: SSL_ERROR_ZERO_RETURN on index %d.\n", idx);
+ break;
+ } else if (err == SSL_ERROR_SYSCALL) {
+ DBGPRINTF("imdtls: SSL_ERROR_SYSCALL on index %d ERRNO %d\n", idx, errno);
+ net_ossl_lastOpenSSLErrorMsg(NULL, err, ssl, LOG_ERR,
+ "DTLSReadClient", "SSL_read");
+ DTLScleanupSession(inst, idx);
+ break;
+ } else {
+ DBGPRINTF("imdtls: SSL_read error %d (%d) on idx %d, rem client.\n",
+ err, errno, idx);
+ DTLScleanupSession(inst, idx);
+ // Exit the loop if any error occurs
+ break;
+ }
+ }
+ } while (len > 0);
+ }
+}
+
+static void
+DTLSHandleSessions(instanceConf_t *inst) {
+ int fdToIndex[MAX_DTLS_CLIENTS + 1];
+ struct pollfd fds[MAX_DTLS_CLIENTS + 1];
+ int optval = 1;
+ int fdcount = 0;
+ int ret, err;
+ memset(fdToIndex, 0, sizeof(fdToIndex));
+ memset(fds, 0, sizeof(fds));
+ fds[0].fd = inst->sockfd;
+ fds[0].events = POLLIN;
+ DBGPRINTF("imdtls: DTLSHandleSessions ENTER \n");
+
+ // Create FDS Array for Polling sockets
+ for (int i = 0; i < MAX_DTLS_CLIENTS; ++i) {
+ if (inst->dtlsClients[i]->sslClient != NULL) {
+ int clientfd = -1;
+ fdcount++;
+ BIO_get_fd(SSL_get_wbio(inst->dtlsClients[i]->sslClient), &clientfd);
+ DBGPRINTF("imdtls: DTLSHandleSessions handle client %d (%d)\n", fdcount, clientfd);
+ fds[fdcount].fd = clientfd;
+ fds[fdcount].events = POLLIN;
+ fdToIndex[clientfd] = i; // Map fd to dtlsClients index
+ }
+ }
+
+ DBGPRINTF("imdtls: Waiting for poll (clients %d) ...\n", fdcount);
+ ret = poll(fds, fdcount+1, -1);
+ if(glbl.GetGlobalInputTermState() == 1) {
+ DBGPRINTF("imdtls: DTLSHandleSessions Terminate State\n");
+ return; /* terminate input! */
+ }
+ if (ret < 0) {
+ DBGPRINTF("imdtls: DTLSHandleSessions ERROR poll failed %d with err %d\n", ret , errno);
+ return;
+ }
+
+ // Process pending Client Data first!
+ DBGPRINTF("imdtls: DTLSHandleSessions handle client sockets (%d) \n", fdcount);
+ for (int i = 1; i <= fdcount; ++i) {
+ DTLSReadClient(inst, fdToIndex[fds[i].fd], fds[i].revents);
+ }
+
+ // Check session timeouts
+ for (int i = 0; i < MAX_DTLS_CLIENTS; ++i) {
+ if (inst->dtlsClients[i]->sslClient != NULL) {
+ if (difftime(time(NULL), inst->dtlsClients[i]->lastActivityTime) > inst->timeout) {
+ DBGPRINTF("imdtls: Session timeout (%d) for client index %d.\n", i, inst->timeout);
+ DTLScleanupSession(inst, i);
+ continue;
+ }
+ }
+ }
+
+ // Check MAIN socket for new connections
+ if (fds[0].revents & POLLIN) {
+ DBGPRINTF("imdtls: DTLSHandleSessions handle main socket\n");
+
+ // Create BIO Object for potential new client
+ BIO *sbio = BIO_new_dgram(inst->sockfd, BIO_NOCLOSE);
+ BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
+
+ // Create SSL Object for new client and apply default callbacks
+ SSL *ssl = SSL_new(inst->pNetOssl->ctx);
+ SSL_set_bio(ssl, sbio, sbio);
+ SSL_set_accept_state(ssl);
+ if (inst->pNetOssl->authMode != OSSL_AUTH_CERTANON) {
+ dbgprintf("imdtls: enable certificate checking (Mode=%d, VerifyDepth=%d)\n",
+ inst->pNetOssl->authMode, inst->CertVerifyDepth);
+ net_ossl_set_ssl_verify_callback(ssl,
+ SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT);
+ if (inst->CertVerifyDepth != 0) {
+ SSL_set_verify_depth(ssl, inst->CertVerifyDepth);
+ }
+ }
+
+ // Store reference in SSL obj
+ SSL_set_ex_data(ssl, 0, NULL); /* Reserved for pTcp */
+ SSL_set_ex_data(ssl, 1, NULL); /* Reserved for permitExpiredCerts */
+ SSL_set_ex_data(ssl, 2, inst); /* Used in imdtls */
+
+ // Debug Callback for conn sbio!
+ net_ossl_set_bio_callback(sbio);
+
+ // Connect the new Client
+ BIO_ADDR *client_addr = BIO_ADDR_new();
+
+ // Start DTLS Listen and Session
+ do {
+ ret = DTLSv1_listen(ssl, client_addr);
+ if (ret > 0) {
+ dbgprintf("imdtls: DTLSHandleSessions DTLSv1_listen SUCCESS\n");
+ // Create new CLIENT socket for communication!
+ int clientfd = socket(BIO_ADDR_family(client_addr), SOCK_DGRAM, 0);
+ if (clientfd < 0) {
+ LogError(0, NO_ERRCODE, "imdtls: DTLSHandleSessions unable to create"
+ " client socket");
+ return;
+ }
+ setsockopt(clientfd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval));
+ setsockopt(clientfd, SOL_SOCKET, SO_REUSEPORT, &optval, sizeof(optval));
+ // Bind and Connect Client Socket
+ if (bind(clientfd,
+ (struct sockaddr*) &inst->server_addr, sizeof(struct sockaddr_in)) < 0) {
+ LogError(0, NO_ERRCODE, "imdtls: DTLSHandleSessions unable to bind"
+ " client socket"
+ " ignoring port %d bind-address %s.",
+ inst->port, inst->pszBindAddr);
+ return;
+ }
+ // Set new fd and set BIO to connected
+ BIO *rbio = SSL_get_rbio(ssl);
+ BIO_set_fd(rbio, clientfd, BIO_NOCLOSE);
+
+ // Set and activate timeouts
+ struct timeval timeout;
+ timeout.tv_sec = inst->timeout;
+ timeout.tv_usec = 0;
+ BIO_ctrl(rbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
+
+ // Set BIO to connected
+ ret = BIO_connect(clientfd, client_addr, 0);
+ if (ret == 0) {
+ err = SSL_get_error(ssl, ret);
+ DBGPRINTF("imdtls: DTLSHandleSessions BIO_connect ERROR %d\n", err);
+ net_ossl_lastOpenSSLErrorMsg(NULL, err, ssl, LOG_WARNING,
+ "DTLSHandleSessions", "BIO_connect");
+ LogMsg(0, RS_RET_NO_ERRCODE, LOG_WARNING,
+ "imdtls: BIO_connect failed for DTLS client");
+ SSL_free(ssl);
+ } else {
+ BIO_ctrl_set_connected(rbio, client_addr);
+ DBGPRINTF("imdtls: BIO_connect succeeded.\n");
+
+ // Add to DTLS Clients
+ for (int i = 0; i < MAX_DTLS_CLIENTS; ++i) {
+ if (inst->dtlsClients[i]->sslClient == NULL) {
+ inst->dtlsClients[i]->sslClient = ssl;
+ inst->dtlsClients[i]->lastActivityTime = time(NULL);
+ DBGPRINTF("imdtls: New Client added at idx %d.\n", i);
+ DTLSAcceptSession(inst, i);
+ break;
+ }
+ }
+ }
+ break;
+ } else {
+ err = SSL_get_error(ssl, ret);
+ if ( (ret == 0 && err == SSL_ERROR_SYSCALL) ||
+ (err == SSL_ERROR_SYSCALL && errno == EAGAIN)) {
+ DBGPRINTF("imdtls: DTLSv1_listen RET %d (ERR %d / ERRNO %d), retry\n",
+ ret, err, errno);
+ // Wait little and retry DTLSv1_listen
+ srSleep(0, 100000);
+ continue;
+ } else {
+ DBGPRINTF("imdtls: DTLSv1_listen RET %d (ERR %d / ERRNO %d), abort\n",
+ ret, err, errno);
+ net_ossl_lastOpenSSLErrorMsg(NULL, err, ssl, LOG_WARNING,
+ "DTLSHandleSessions", "DTLSv1_listen");
+ LogMsg(0, RS_RET_NO_ERRCODE, LOG_WARNING,
+ "imdtls: DTLSv1_listen failed for DTLS client");
+ SSL_free(ssl);
+ break;
+ }
+ }
+ }
+ while (1);
+ BIO_ADDR_free(client_addr);
+ }
+}
+
+static void*
+startDtlsHandler(void *myself) {
+ instanceConf_t *inst = (instanceConf_t *) myself;
+ DBGPRINTF("imdtls: start DtlsHandler for thread %s\n", inst->pszInputName);
+
+ /* DTLS Receiving Loop */
+ while(glbl.GetGlobalInputTermState() == 0) {
+ DBGPRINTF("imdtls: begin handle DTSL Client Sessions\n");
+ DTLSHandleSessions(inst);
+ }
+
+ /* DTLS Terminate Sessions */
+ DBGPRINTF("imdtls: Terminate DTLS Client Sessions\n");
+ DTLSTerminateClients(inst);
+
+ DBGPRINTF("imdtls: stop DtlsHandler for thread %s\n", inst->pszInputName);
+ return NULL;
+}
+
+/* Set permitted peers. It is depending on the auth mode if this are
+ * fingerprints or names. -- rgerhards, 2008-05-19
+ */
+static rsRetVal
+SetPermPeers(instanceConf_t *inst, permittedPeers_t *pPermPeers)
+{
+ DEFiRet;
+ if(pPermPeers == NULL)
+ FINALIZE;
+
+ if(inst->pNetOssl->authMode != OSSL_AUTH_CERTFINGERPRINT && inst->pNetOssl->authMode != OSSL_AUTH_CERTNAME) {
+ LogError(0, RS_RET_VALUE_NOT_IN_THIS_MODE, "authentication not supported by "
+ "imdtls in the configured authentication mode - ignored");
+ ABORT_FINALIZE(RS_RET_VALUE_NOT_IN_THIS_MODE);
+ }
+ inst->pNetOssl->pPermPeers = pPermPeers;
+finalize_it:
+ RETiRet;
+}
+BEGINnewInpInst
+ struct cnfparamvals *pvals;
+ instanceConf_t *inst = NULL;
+ int i,j;
+ FILE *fp;
+CODESTARTnewInpInst
+ DBGPRINTF("newInpInst (imdtls)\n");
+
+ if((pvals = nvlstGetParams(lst, &inppblk, NULL)) == NULL) {
+ ABORT_FINALIZE(RS_RET_MISSING_CNFPARAMS);
+ }
+
+ if(Debug) {
+ dbgprintf("input param blk in imdtls:\n");
+ cnfparamsPrint(&inppblk, pvals);
+ }
+
+ CHKiRet(createInstance(&inst));
+
+ for(i = 0 ; i < inppblk.nParams ; ++i) {
+ if(!pvals[i].bUsed)
+ continue;
+ if(!strcmp(inppblk.descr[i].name, "port")) {
+ inst->pszBindPort = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+ } else if(!strcmp(inppblk.descr[i].name, "address")) {
+ inst->pszBindAddr = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+ } else if(!strcmp(inppblk.descr[i].name, "timeout")) {
+ inst->timeout = (int) pvals[i].val.d.n;
+ } else if(!strcmp(inppblk.descr[i].name, "ruleset")) {
+ inst->pszBindRuleset = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+ } else if(!strcmp(inppblk.descr[i].name, "name")) {
+ inst->pszInputName = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+ } else if(!strcmp(inppblk.descr[i].name, "tls.authmode")) {
+ char* pszAuthMode = es_str2cstr(pvals[i].val.d.estr, NULL);
+ if(!strcasecmp(pszAuthMode, "fingerprint"))
+ inst->pNetOssl->authMode = OSSL_AUTH_CERTFINGERPRINT;
+ else if(!strcasecmp(pszAuthMode, "name"))
+ inst->pNetOssl->authMode = OSSL_AUTH_CERTNAME;
+ else if(!strcasecmp(pszAuthMode, "certvalid"))
+ inst->pNetOssl->authMode = OSSL_AUTH_CERTVALID;
+ else
+ inst->pNetOssl->authMode = OSSL_AUTH_CERTANON;
+ free(pszAuthMode);
+ } else if(!strcmp(inppblk.descr[i].name, "tls.cacert")) {
+ inst->pNetOssl->pszCAFile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+ fp = fopen((const char*)inst->pNetOssl->pszCAFile, "r");
+ if(fp == NULL) {
+ char errStr[1024];
+ rs_strerror_r(errno, errStr, sizeof(errStr));
+ LogError(0, RS_RET_NO_FILE_ACCESS,
+ "error: certificate file %s couldn't be accessed: %s\n",
+ inst->pNetOssl->pszCAFile, errStr);
+ } else {
+ fclose(fp);
+ }
+ } else if(!strcmp(inppblk.descr[i].name, "tls.mycert")) {
+ inst->pNetOssl->pszCertFile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+ fp = fopen((const char*)inst->pNetOssl->pszCertFile, "r");
+ if(fp == NULL) {
+ char errStr[1024];
+ rs_strerror_r(errno, errStr, sizeof(errStr));
+ LogError(0, RS_RET_NO_FILE_ACCESS,
+ "error: certificate file %s couldn't be accessed: %s\n",
+ inst->pNetOssl->pszCertFile, errStr);
+ } else {
+ fclose(fp);
+ }
+ } else if(!strcmp(inppblk.descr[i].name, "tls.myprivkey")) {
+ inst->pNetOssl->pszKeyFile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+ fp = fopen((const char*)inst->pNetOssl->pszKeyFile, "r");
+ if(fp == NULL) {
+ char errStr[1024];
+ rs_strerror_r(errno, errStr, sizeof(errStr));
+ LogError(0, RS_RET_NO_FILE_ACCESS,
+ "error: certificate file %s couldn't be accessed: %s\n",
+ inst->pNetOssl->pszKeyFile, errStr);
+ } else {
+ fclose(fp);
+ }
+ } else if(!strcmp(inppblk.descr[i].name, "tls.tlscfgcmd")) {
+ inst->tlscfgcmd = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+ } else if(!strcmp(inppblk.descr[i].name, "tls.permittedpeer")) {
+ for(j = 0 ; j < pvals[i].val.d.ar->nmemb ; ++j) {
+ uchar *const peer = (uchar*) es_str2cstr(pvals[i].val.d.ar->arr[j], NULL);
+ CHKiRet(net.AddPermittedPeer(&inst->pPermPeersRoot, peer));
+ free(peer);
+ }
+ } else {
+ dbgprintf("imdtls: program error, non-handled "
+ "param '%s'\n", inppblk.descr[i].name);
+ }
+ }
+
+ /* check if no port is set. If not, we use DEFAULT of 4433 */
+ if(inst->pszBindPort == NULL) {
+ CHKmalloc(inst->pszBindPort = (uchar*)strdup("4433"));
+ }
+ inst->port = atoi((char*)inst->pszBindPort);
+ /* check if BinAddr is set. If not, we use DEFAULT of 0.0.0.0 */
+ if(inst->pszBindAddr == NULL) {
+ CHKmalloc(inst->pszBindAddr = (uchar*)strdup("0.0.0.0"));
+ }
+
+ // Assign Loaded Peers to Netossl
+ SetPermPeers(inst, inst->pPermPeersRoot);
+
+ /* all ok, ready to start up */
+ inst->bEnableLstn = -1;
+
+finalize_it:
+CODE_STD_FINALIZERnewInpInst
+ cnfparamvalsDestruct(pvals, &inppblk);
+ENDnewInpInst
+
+
+BEGINbeginCnfLoad
+CODESTARTbeginCnfLoad
+ loadModConf = pModConf;
+ pModConf->pConf = pConf;
+ pModConf->pszBindRuleset = NULL;
+ pModConf->drvrAuthMode = OSSL_AUTH_CERTANON;
+ /* init legacy config variables */
+ cs.pszBindRuleset = NULL;
+ENDbeginCnfLoad
+
+
+BEGINsetModCnf
+ struct cnfparamvals *pvals = NULL;
+ int i;
+CODESTARTsetModCnf
+ pvals = nvlstGetParams(lst, &modpblk, NULL);
+ if(pvals == NULL) {
+ LogError(0, RS_RET_MISSING_CNFPARAMS, "imdtls: error processing module "
+ "config parameters [module(...)]");
+ ABORT_FINALIZE(RS_RET_MISSING_CNFPARAMS);
+ }
+
+ if(Debug) {
+ dbgprintf("module (global) param blk for imdtls:\n");
+ cnfparamsPrint(&modpblk, pvals);
+ }
+
+ for(i = 0 ; i < modpblk.nParams ; ++i) {
+ if(!pvals[i].bUsed)
+ continue;
+ if(!strcmp(modpblk.descr[i].name, "tls.authmode")) {
+ char* pszAuthMode = es_str2cstr(pvals[i].val.d.estr, NULL);
+ if(!strcasecmp(pszAuthMode, "fingerprint"))
+ loadModConf->drvrAuthMode = OSSL_AUTH_CERTFINGERPRINT;
+ else if(!strcasecmp(pszAuthMode, "name"))
+ loadModConf->drvrAuthMode = OSSL_AUTH_CERTNAME;
+ else if(!strcasecmp(pszAuthMode, "certvalid"))
+ loadModConf->drvrAuthMode = OSSL_AUTH_CERTVALID;
+ else
+ loadModConf->drvrAuthMode = OSSL_AUTH_CERTANON;
+ free(pszAuthMode);
+ } else if(!strcmp(modpblk.descr[i].name, "ruleset")) {
+ loadModConf->pszBindRuleset = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+ } else {
+ dbgprintf("imdtls: program error, non-handled "
+ "param '%s' in beginCnfLoad\n", modpblk.descr[i].name);
+ }
+ }
+finalize_it:
+ if(pvals != NULL)
+ cnfparamvalsDestruct(pvals, &modpblk);
+ENDsetModCnf
+
+
+BEGINendCnfLoad
+CODESTARTendCnfLoad
+ if(loadModConf->pszBindRuleset == NULL) {
+ if((cs.pszBindRuleset == NULL) || (cs.pszBindRuleset[0] == '\0')) {
+ loadModConf->pszBindRuleset = NULL;
+ } else {
+ CHKmalloc(loadModConf->pszBindRuleset = ustrdup(cs.pszBindRuleset));
+ }
+ } else {
+ if((cs.pszBindRuleset != NULL) && (cs.pszBindRuleset[0] != '\0')) {
+ LogError(0, RS_RET_DUP_PARAM, "imdtls: ruleset "
+ "set via legacy directive ignored");
+ }
+ }
+finalize_it:
+ free(cs.pszBindRuleset);
+ cs.pszBindRuleset = NULL;
+ loadModConf = NULL; /* done loading */
+ENDendCnfLoad
+
+
+BEGINcheckCnf
+ instanceConf_t *inst;
+CODESTARTcheckCnf
+ for(inst = pModConf->root ; inst != NULL ; inst = inst->next) {
+ if(inst->pszBindRuleset == NULL && pModConf->pszBindRuleset != NULL) {
+ CHKmalloc(inst->pszBindRuleset = ustrdup(pModConf->pszBindRuleset));
+ }
+ std_checkRuleset(pModConf, inst);
+ }
+finalize_it:
+ENDcheckCnf
+
+
+BEGINactivateCnfPrePrivDrop
+ instanceConf_t *inst;
+CODESTARTactivateCnfPrePrivDrop
+ runModConf = pModConf;
+ DBGPRINTF("imdtls: activate addListners for dtls\n");
+ for(inst = runModConf->root ; inst != NULL ; inst = inst->next) {
+ addListner(pModConf, inst);
+ }
+ENDactivateCnfPrePrivDrop
+
+BEGINactivateCnf
+CODESTARTactivateCnf
+ENDactivateCnf
+
+
+BEGINfreeCnf
+ instanceConf_t *inst, *del;
+ int i;
+CODESTARTfreeCnf
+ for(inst = pModConf->root ; inst != NULL ; ) {
+ free(inst->pszBindPort);
+ if (inst->pszBindAddr != NULL) {
+ free(inst->pszBindAddr);
+ }
+ free(inst->pszBindRuleset);
+ free(inst->pszInputName);
+
+ // --- CleanUP OpenSSL ressources
+ // Remove SSL CLients
+ if(inst->dtlsClients != NULL) {
+ for (i = 0; i < MAX_DTLS_CLIENTS; ++i) {
+ DTLScleanupSession(inst, i);
+ free(inst->dtlsClients[i]);
+ }
+ free(inst->dtlsClients);
+ }
+
+ // DeConstruct pNetOssl helper
+ net_ossl.Destruct(&inst->pNetOssl);
+
+ // ---
+
+ if(inst->pPermPeersRoot != NULL) {
+ net.DestructPermittedPeers(&inst->pPermPeersRoot);
+ }
+
+ if(inst->bEnableLstn) {
+ prop.Destruct(&inst->pInputName);
+ statsobj.Destruct(&(inst->stats));
+ }
+ del = inst;
+ inst = inst->next;
+ free(del);
+ }
+ free(pModConf->pszBindRuleset);
+ENDfreeCnf
+
+
+
+/* This function is called to gather input.
+ * In essence, it just starts the pool of workers. To save resources,
+ * we run one of the workers on our own thread -- otherwise that thread would
+ * just idle around and wait for the workers to finish.
+ */
+BEGINrunInput
+ instanceConf_t *inst;
+ pthread_attr_t wrkrThrdAttr;
+CODESTARTrunInput
+ pthread_attr_init(&wrkrThrdAttr);
+ pthread_attr_setstacksize(&wrkrThrdAttr, 4096*1024);
+
+ DBGPRINTF("imdtls: create dtls handling threads\n");
+ for(inst = runModConf->root ; inst != NULL ; inst = inst->next) {
+ if(inst->bEnableLstn) {
+ pthread_create(&inst->tid, &wrkrThrdAttr, startDtlsHandler, inst);
+ }
+ }
+ pthread_attr_destroy(&wrkrThrdAttr);
+
+ DBGPRINTF("imdtls: starting to wait for close condition\n");
+ while(glbl.GetGlobalInputTermState() == 0) {
+ srSleep(0, 400000);
+ }
+
+ DBGPRINTF("imdtls: received close signal, signaling instance threads...\n");
+ for (inst = runModConf->root; inst != NULL; inst = inst->next) {
+ pthread_kill(inst->tid, SIGTTIN);
+ DTLSCloseSocket(inst);
+ }
+
+ DBGPRINTF("imdtls: threads signaled, waiting for join...");
+ for (inst = runModConf->root ; inst != NULL ; inst = inst->next) {
+ pthread_join(inst->tid, NULL);
+ }
+
+ DBGPRINTF("imdtls: finished threads, stopping\n");
+ENDrunInput
+
+
+BEGINwillRun
+CODESTARTwillRun
+ /* we need to create the inputName property (only once during our lifetime) */
+ CHKiRet(prop.Construct(&pInputName));
+ CHKiRet(prop.SetString(pInputName, UCHAR_CONSTANT("imdtls"), sizeof("imdtls") - 1));
+ CHKiRet(prop.ConstructFinalize(pInputName));
+finalize_it:
+ENDwillRun
+
+/* This function is called by the framework after runInput() has been terminated. It
+ * shall free any resources and prepare the module for unload.
+ * CODEqueryEtryPt_STD_IMOD_QUERIES
+ */
+BEGINafterRun
+CODESTARTafterRun
+ /* TODO: do cleanup here ?! */
+ dbgprintf("imdtls: AfterRun\n");
+ if(pInputName != NULL)
+ prop.Destruct(&pInputName);
+ENDafterRun
+
+BEGINmodExit
+CODESTARTmodExit
+ DBGPRINTF("imdtls: modExit\n");
+ /* release objects we used */
+ objRelease(net_ossl, LM_NET_OSSL_FILENAME);
+ objRelease(statsobj, CORE_COMPONENT);
+ objRelease(ruleset, CORE_COMPONENT);
+ objRelease(datetime, CORE_COMPONENT);
+ objRelease(prop, CORE_COMPONENT);
+ objRelease(net, LM_NET_FILENAME);
+ objRelease(glbl, CORE_COMPONENT);
+ENDmodExit
+
+BEGINisCompatibleWithFeature
+CODESTARTisCompatibleWithFeature
+ if(eFeat == sFEATURENonCancelInputTermination)
+ iRet = RS_RET_OK;
+ENDisCompatibleWithFeature
+
+BEGINqueryEtryPt
+CODESTARTqueryEtryPt
+CODEqueryEtryPt_STD_IMOD_QUERIES
+CODEqueryEtryPt_STD_CONF2_QUERIES
+CODEqueryEtryPt_STD_CONF2_setModCnf_QUERIES
+CODEqueryEtryPt_STD_CONF2_PREPRIVDROP_QUERIES
+CODEqueryEtryPt_STD_CONF2_IMOD_QUERIES
+CODEqueryEtryPt_IsCompatibleWithFeature_IF_OMOD_QUERIES
+ENDqueryEtryPt
+
+BEGINmodInit()
+CODESTARTmodInit
+ *ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */
+CODEmodInit_QueryRegCFSLineHdlr
+ DBGPRINTF("imdtls: modInit\n");
+ /* request objects we use */
+ CHKiRet(objUse(glbl, CORE_COMPONENT));
+ CHKiRet(objUse(prop, CORE_COMPONENT));
+ CHKiRet(objUse(net, LM_NET_FILENAME));
+ CHKiRet(objUse(net_ossl, LM_NET_OSSL_FILENAME));
+ CHKiRet(objUse(datetime, CORE_COMPONENT));
+ CHKiRet(objUse(ruleset, CORE_COMPONENT));
+ CHKiRet(objUse(statsobj, CORE_COMPONENT));
+ENDmodInit