/* mmsnmptrapd.c
* This is a message modification module. It takes messages generated
* from snmptrapd and modifies them so that the look like they
* originated from the real originator.
*
* NOTE: read comments in module-template.h for details on the calling interface!
*
* File begun on 2011-05-05 by RGerhards
*
* Copyright 2011-2017 Rainer Gerhards and Adiscon GmbH.
*
* This file is part of rsyslog.
*
* Rsyslog is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Rsyslog is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Rsyslog. If not, see .
*
* A copy of the GPL can be found in the file "COPYING" in this distribution.
*/
#include "config.h"
#include "rsyslog.h"
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include "conf.h"
#include "msg.h"
#include "syslogd-types.h"
#include "template.h"
#include "module-template.h"
#include "errmsg.h"
#include "cfsysline.h"
#include "unicode-helper.h"
#include "dirty.h"
MODULE_TYPE_OUTPUT
MODULE_TYPE_NOKEEP
MODULE_CNFNAME("mmsnmptrapd")
static rsRetVal resetConfigVariables(uchar __attribute__((unused)) *pp, void __attribute__((unused)) *pVal);
/* static data */
/* internal structures
*/
DEF_OMOD_STATIC_DATA
struct severMap_s {
uchar *name;
int code;
struct severMap_s *next;
};
typedef struct _instanceData {
uchar *pszTagName;
uchar *pszTagID; /* cached: name plus trailing shlash (for compares) */
int lenTagID; /* cached: length of tag ID, for performance reasons */
struct severMap_s *severMap;
} instanceData;
typedef struct wrkrInstanceData {
instanceData *pData;
} wrkrInstanceData_t;
typedef struct configSettings_s {
uchar *pszTagName; /**< name of tag start value that indicates snmptrapd initiated message */
uchar *pszSeverityMapping; /**< severitystring to numerical code mapping for snmptrapd string */
} configSettings_t;
static configSettings_t cs;
BEGINinitConfVars /* (re)set config variables to default values */
CODESTARTinitConfVars
cs.pszTagName = NULL;
cs.pszSeverityMapping = NULL;
resetConfigVariables(NULL, NULL);
ENDinitConfVars
BEGINcreateInstance
CODESTARTcreateInstance
ENDcreateInstance
BEGINcreateWrkrInstance
CODESTARTcreateWrkrInstance
ENDcreateWrkrInstance
BEGINisCompatibleWithFeature
CODESTARTisCompatibleWithFeature
ENDisCompatibleWithFeature
BEGINfreeInstance
struct severMap_s *node, *nodeDel;
CODESTARTfreeInstance
for(node = pData->severMap ; node != NULL ; ) {
nodeDel = node;
node = node->next;
free(nodeDel->name);
free(nodeDel);
}
free(pData->pszTagName);
free(pData->pszTagID);
ENDfreeInstance
BEGINfreeWrkrInstance
CODESTARTfreeWrkrInstance
ENDfreeWrkrInstance
BEGINdbgPrintInstInfo
CODESTARTdbgPrintInstInfo
dbgprintf("mmsnmptrapd\n");
ENDdbgPrintInstInfo
BEGINtryResume
CODESTARTtryResume
ENDtryResume
/* check if a string is numeric (int) */
static int
isNumeric(uchar *str)
{
int r = 1;
if(*str == '-' || *str == '+')
++str;
while(*str) {
if(!isdigit(*str)) {
r = 0;
goto done;
}
++str;
}
done:
return r;
}
/* get a substring delimited by a character (or end of string). The
* string is trimmed, that is leading and trailing spaces are removed.
* The caller must provide a buffer which shall receive the substring.
* String length is returned as result. The input string is updated
* on exit, so that it may be used for another query starting at that
* position.
*/
static int
getSubstring(uchar **psrc, uchar delim, uchar *dst, int lenDst)
{
uchar *dstwrk = dst;
uchar *src = *psrc;
while(*src && isspace(*src)) {
++src; /* trim leading spaces */
}
while(*src && *src != delim && --lenDst > 0) {
*dstwrk++ = *src++;
}
dstwrk--;
while(dstwrk > dst && isspace(*dst))
--dstwrk; /* trim trailing spaces */
*++dstwrk = '\0';
/* final results */
if(*src == delim)
++src;
*psrc = src;
return(dstwrk - dst);
}
/* get string up to the next SP or '/'. Stops at max size.
* dst, lenDst (receive buffer) must be given. lenDst is
* max length on entry and actual length on exit.
*/
static int ATTR_NONNULL()
getTagComponent(uchar *tag, uchar *const dst, int *const lenDst)
{
int end = *lenDst - 1; /* -1 for NUL-char! */
int i;
i = 0;
if(tag[i] == '/') {
++tag;
while(i < end && tag[i] != '\0' && tag[i] != ' ' && tag[i] != '/') {
dst[i] = tag[i];
++i;
}
}
dst[i] = '\0';
*lenDst = i;
return i;
}
/* lookup severity code based on provided severity
* returns -1 if severity could not be found.
*/
static int
lookupSeverityCode(instanceData *pData, uchar *sever)
{
struct severMap_s *node;
int sevCode = -1;
for(node = pData->severMap ; node != NULL ; node = node->next) {
if(!ustrcmp(node->name, sever)) {
sevCode = node->code;
break;
}
}
return sevCode;
}
BEGINdoAction_NoStrings
smsg_t **ppMsg = (smsg_t **) pMsgData;
smsg_t *pMsg = ppMsg[0];
int lenTAG;
int lenSever;
int lenHost;
int sevCode;
uchar *pszTag;
uchar pszSever[512];
uchar pszHost[512];
instanceData *pData;
CODESTARTdoAction
pData = pWrkrData->pData;
getTAG(pMsg, &pszTag, &lenTAG, LOCK_MUTEX);
if(strncmp((char*)pszTag, (char*)pData->pszTagID, pData->lenTagID)) {
DBGPRINTF("tag '%s' not matching, mmsnmptrapd ignoring this message\n",
pszTag);
FINALIZE;
}
lenSever = sizeof(pszSever);
getTagComponent(pszTag+pData->lenTagID-1, pszSever, &lenSever);
lenHost = sizeof(pszHost);
getTagComponent(pszTag+pData->lenTagID+lenSever, pszHost, &lenHost);
DBGPRINTF("mmsnmptrapd: sever '%s'(%d), host '%s'(%d)\n", pszSever, lenSever, pszHost,lenHost);
if(lenHost > 0 && pszHost[lenHost-1] == ':') {
pszHost[lenHost-1] = '\0';
--lenHost;
}
sevCode = lookupSeverityCode(pData, pszSever);
/* now apply new settings */
MsgSetTAG(pMsg, pData->pszTagName, pData->lenTagID);
MsgSetHOSTNAME(pMsg, pszHost, lenHost);
if(sevCode != -1)
pMsg->iSeverity = sevCode; /* we update like the parser does! */
finalize_it:
ENDdoAction
/* Build the severity mapping table based on user-provided configuration
* settings.
*/
static rsRetVal ATTR_NONNULL()
buildSeverityMapping(instanceData *const pData)
{
uchar pszSev[512];
uchar pszSevCode[512];
int sevCode;
uchar *mapping;
struct severMap_s *node = NULL;
DEFiRet;
mapping = cs.pszSeverityMapping;
while(1) { /* broken inside when all entries are processed */
if(getSubstring(&mapping, '/', pszSev, sizeof(pszSev)) == 0) {
FINALIZE;
}
if(getSubstring(&mapping, ',', pszSevCode, sizeof(pszSevCode)) == 0) {
LogError(0, RS_RET_ERR, "error: invalid severity mapping, cannot "
"extract code. given: '%s'\n", cs.pszSeverityMapping);
ABORT_FINALIZE(RS_RET_ERR);
}
sevCode = atoi((char*) pszSevCode);
if(!isNumeric(pszSevCode))
sevCode = -1;
if(sevCode < 0 || sevCode > 7) {
LogError(0, RS_RET_ERR, "error: severity code %d outside of valid "
"range 0..7 (was string '%s')\n", sevCode, pszSevCode);
ABORT_FINALIZE(RS_RET_ERR);
}
CHKmalloc(node = malloc(sizeof(struct severMap_s)));
CHKmalloc(node->name = ustrdup(pszSev));
node->code = sevCode;
/* we enqueue at the top, so the two lines below do all we need! */
node->next = pData->severMap;
pData->severMap = node;
node = NULL;
DBGPRINTF("mmsnmptrapd: severity string '%s' mapped to code %d\n",
pszSev, sevCode);
}
finalize_it:
if(iRet != RS_RET_OK) {
free(node);
}
RETiRet;
}
BEGINparseSelectorAct
CODESTARTparseSelectorAct
CODE_STD_STRING_REQUESTparseSelectorAct(1)
/* first check if this config line is actually for us */
if(strncmp((char*) p, ":mmsnmptrapd:", sizeof(":mmsnmptrapd:") - 1)) {
ABORT_FINALIZE(RS_RET_CONFLINE_UNPROCESSED);
}
/* ok, if we reach this point, we have something for us */
p += sizeof(":mmsnmptrapd:") - 1; /* eat indicator sequence (-1 because of '\0'!) */
CHKiRet(createInstance(&pData));
/* check if a non-standard template is to be applied */
if(*(p-1) == ';')
--p;
/* we call the function below because we need to call it via our interface definition. However,
* the format specified (if any) is always ignored.
*/
CHKiRet(cflineParseTemplateName(&p, *ppOMSR, 0, OMSR_TPL_AS_MSG, (uchar*) "RSYSLOG_FileFormat"));
/* finally build the instance */
if(cs.pszTagName == NULL) {
CHKmalloc(pData->pszTagName = (uchar*) strdup("snmptrapd:"));
CHKmalloc(pData->pszTagID = (uchar*) strdup("snmptrapd/"));
} else {
int lenTag = ustrlen(cs.pszTagName);
/* new tag value (with colon at the end) */
CHKmalloc(pData->pszTagName = malloc(lenTag + 2));
memcpy(pData->pszTagName, cs.pszTagName, lenTag);
memcpy(pData->pszTagName+lenTag, ":", 2);
/* tag ID for comparisions */
CHKmalloc(pData->pszTagID = malloc(lenTag + 2));
memcpy(pData->pszTagID, cs.pszTagName, lenTag);
memcpy(pData->pszTagID+lenTag, "/", 2);
free(cs.pszTagName); /* no longer needed */
}
pData->lenTagID = ustrlen(pData->pszTagID);
if(cs.pszSeverityMapping != NULL) {
CHKiRet(buildSeverityMapping(pData));
}
/* all config vars auto-reset! */
cs.pszTagName = NULL;
free(cs.pszSeverityMapping);
cs.pszSeverityMapping = NULL;
CODE_STD_FINALIZERparseSelectorAct
ENDparseSelectorAct
BEGINmodExit
CODESTARTmodExit
ENDmodExit
BEGINqueryEtryPt
CODESTARTqueryEtryPt
CODEqueryEtryPt_STD_OMOD_QUERIES
CODEqueryEtryPt_STD_OMOD8_QUERIES
CODEqueryEtryPt_STD_CONF2_CNFNAME_QUERIES
ENDqueryEtryPt
/* Reset config variables for this module to default values.
*/
static rsRetVal resetConfigVariables(uchar __attribute__((unused)) *pp, void __attribute__((unused)) *pVal)
{
DEFiRet;
free(cs.pszTagName);
cs.pszTagName = NULL;
free(cs.pszSeverityMapping);
cs.pszSeverityMapping = NULL;
RETiRet;
}
BEGINmodInit()
rsRetVal localRet;
rsRetVal (*pomsrGetSupportedTplOpts)(unsigned long *pOpts);
unsigned long opts;
int bMsgPassingSupported;
CODESTARTmodInit
INITLegCnfVars
*ipIFVersProvided = CURR_MOD_IF_VERSION;
/* we only support the current interface specification */
CODEmodInit_QueryRegCFSLineHdlr
/* check if the rsyslog core supports parameter passing code */
bMsgPassingSupported = 0;
localRet = pHostQueryEtryPt((uchar*)"OMSRgetSupportedTplOpts",
&pomsrGetSupportedTplOpts);
if(localRet == RS_RET_OK) {
/* found entry point, so let's see if core supports msg passing */
CHKiRet((*pomsrGetSupportedTplOpts)(&opts));
if(opts & OMSR_TPL_AS_MSG)
bMsgPassingSupported = 1;
} else if(localRet != RS_RET_ENTRY_POINT_NOT_FOUND) {
ABORT_FINALIZE(localRet); /* Something else went wrong, not acceptable */
}
if(!bMsgPassingSupported) {
DBGPRINTF("mmsnmptrapd: msg-passing is not supported by rsyslog core, "
"can not continue.\n");
ABORT_FINALIZE(RS_RET_NO_MSG_PASSING);
}
/* TODO: config vars ininit can be replaced by commented-out code above in v6 */
cs.pszTagName = NULL;
cs.pszSeverityMapping = NULL;
CHKiRet(omsdRegCFSLineHdlr((uchar *)"mmsnmptrapdtag", 0, eCmdHdlrGetWord,
NULL, &cs.pszTagName, STD_LOADABLE_MODULE_ID));
CHKiRet(omsdRegCFSLineHdlr((uchar *)"mmsnmptrapdseveritymapping", 0, eCmdHdlrGetWord,
NULL, &cs.pszSeverityMapping, STD_LOADABLE_MODULE_ID));
CHKiRet(omsdRegCFSLineHdlr((uchar *)"resetconfigvariables", 1, eCmdHdlrCustomHandler,
resetConfigVariables, NULL, STD_LOADABLE_MODULE_ID));
ENDmodInit
/* vi:set ai:
*/