Blame SOURCES/rsyslog-8.2102.0-rhbz2046158-gnutls-broken-connection.patch

9315e5
diff -up rsyslog-8.2102.0/runtime/nsd_gtls.c.orig rsyslog-8.2102.0/runtime/nsd_gtls.c
9315e5
--- rsyslog-8.2102.0/runtime/nsd_gtls.c.orig	2022-04-11 09:26:17.826271989 +0200
9315e5
+++ rsyslog-8.2102.0/runtime/nsd_gtls.c	2022-04-11 09:33:28.702012052 +0200
9315e5
@@ -556,7 +556,9 @@ gtlsRecordRecv(nsd_gtls_t *pThis)
9315e5
 	DEFiRet;
9315e5
 
9315e5
 	ISOBJ_TYPE_assert(pThis, nsd_gtls);
9315e5
-	DBGPRINTF("gtlsRecordRecv: start\n");
9315e5
+	DBGPRINTF("gtlsRecordRecv: start (Pending Data: %zd | Wanted Direction: %s)\n",
9315e5
+		gnutls_record_check_pending(pThis->sess),
9315e5
+		(gnutls_record_get_direction(pThis->sess) == gtlsDir_READ ? "READ" : "WRITE") );
9315e5
 
9315e5
 	lenRcvd = gnutls_record_recv(pThis->sess, pThis->pszRcvBuf, NSD_GTLS_MAX_RCVBUF);
9315e5
 	if(lenRcvd >= 0) {
9315e5
@@ -581,14 +583,30 @@ gtlsRecordRecv(nsd_gtls_t *pThis)
9315e5
 					(NSD_GTLS_MAX_RCVBUF+lenRcvd));
9315e5
 				pThis->lenRcvBuf = NSD_GTLS_MAX_RCVBUF+lenRcvd;
9315e5
 			} else {
9315e5
-				goto sslerr;
9315e5
+				if (lenRcvd == GNUTLS_E_AGAIN || lenRcvd == GNUTLS_E_INTERRUPTED) {
9315e5
+					goto sslerragain;	/* Go to ERR AGAIN handling */
9315e5
+				} else {
9315e5
+					/* Do all other error handling */
9315e5
+					int gnuRet = lenRcvd;
9315e5
+					ABORTgnutls;
9315e5
+				}
9315e5
 			}
9315e5
 		}
9315e5
 	} else if(lenRcvd == GNUTLS_E_AGAIN || lenRcvd == GNUTLS_E_INTERRUPTED) {
9315e5
-sslerr:
9315e5
-		pThis->rtryCall = gtlsRtry_recv;
9315e5
-		dbgprintf("GnuTLS receive requires a retry (this most probably is OK and no error condition)\n");
9315e5
-		ABORT_FINALIZE(RS_RET_RETRY);
9315e5
+sslerragain:
9315e5
+		/* Check if the underlaying file descriptor needs to read or write data!*/
9315e5
+		if (gnutls_record_get_direction(pThis->sess) == gtlsDir_READ) {
9315e5
+			pThis->rtryCall = gtlsRtry_recv;
9315e5
+			dbgprintf("GnuTLS receive requires a retry, this most probably is OK and no error condition\n");
9315e5
+			ABORT_FINALIZE(RS_RET_RETRY);
9315e5
+		} else {
9315e5
+			uchar *pErr = gtlsStrerror(lenRcvd);
9315e5
+			LogError(0, RS_RET_GNUTLS_ERR, "GnuTLS receive error %zd has wrong read direction(wants write) "
9315e5
+				"- this could be caused by a broken connection. GnuTLS reports: %s\n",
9315e5
+				lenRcvd, pErr);
9315e5
+			free(pErr);
9315e5
+			ABORT_FINALIZE(RS_RET_GNUTLS_ERR);
9315e5
+		}
9315e5
 	} else {
9315e5
 		int gnuRet = lenRcvd;
9315e5
 		ABORTgnutls;
9315e5
@@ -1978,6 +1996,7 @@ static rsRetVal
9315e5
 Send(nsd_t *pNsd, uchar *pBuf, ssize_t *pLenBuf)
9315e5
 {
9315e5
 	int iSent;
9315e5
+	int wantsWriteData = 0;
9315e5
 	nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd;
9315e5
 	DEFiRet;
9315e5
 	ISOBJ_TYPE_assert(pThis, nsd_gtls);
9315e5
@@ -1998,10 +2017,12 @@ Send(nsd_t *pNsd, uchar *pBuf, ssize_t *
9315e5
 			break;
9315e5
 		}
9315e5
 		if(iSent != GNUTLS_E_INTERRUPTED && iSent != GNUTLS_E_AGAIN) {
9315e5
+			/* Check if the underlaying file descriptor needs to read or write data!*/
9315e5
+			wantsWriteData = gnutls_record_get_direction(pThis->sess);
9315e5
 			uchar *pErr = gtlsStrerror(iSent);
9315e5
-			LogError(0, RS_RET_GNUTLS_ERR, "unexpected GnuTLS error %d - this "
9315e5
-				"could be caused by a broken connection. GnuTLS reports: %s \n",
9315e5
-				iSent, pErr);
9315e5
+			LogError(0, RS_RET_GNUTLS_ERR, "unexpected GnuTLS error %d, wantsWriteData=%d - this "
9315e5
+				"could be caused by a broken connection. GnuTLS reports: %s\n",
9315e5
+				iSent, wantsWriteData, pErr);
9315e5
 			free(pErr);
9315e5
 			gnutls_perror(iSent);
9315e5
 			ABORT_FINALIZE(RS_RET_GNUTLS_ERR);
9315e5
diff -up rsyslog-8.2102.0/runtime/nsd_gtls.h.orig rsyslog-8.2102.0/runtime/nsd_gtls.h
9315e5
--- rsyslog-8.2102.0/runtime/nsd_gtls.h.orig	2022-04-11 09:26:32.744262781 +0200
9315e5
+++ rsyslog-8.2102.0/runtime/nsd_gtls.h	2022-04-11 09:34:29.909982895 +0200
9315e5
@@ -33,6 +33,11 @@ typedef enum {
9315e5
 	gtlsRtry_recv = 2
9315e5
 } gtlsRtryCall_t;		/**< IDs of calls that needs to be retried */
9315e5
 
9315e5
+typedef enum {
9315e5
+	gtlsDir_READ = 0,	/**< GNUTLS wants READ */
9315e5
+	gtlsDir_WRITE = 1	/**< GNUTLS wants WRITE */
9315e5
+} gtlsDirection_t;
9315e5
+
9315e5
 typedef nsd_if_t nsd_gtls_if_t; /* we just *implement* this interface */
9315e5
 
9315e5
 /* the nsd_gtls object */
9315e5
diff -up rsyslog-8.2102.0/runtime/nsdsel_gtls.c.orig rsyslog-8.2102.0/runtime/nsdsel_gtls.c
9315e5
--- rsyslog-8.2102.0/runtime/nsdsel_gtls.c.orig	2022-04-11 09:26:42.529256742 +0200
9315e5
+++ rsyslog-8.2102.0/runtime/nsdsel_gtls.c	2022-04-11 09:38:27.425869737 +0200
9315e5
@@ -81,6 +81,7 @@ Add(nsdsel_t *pNsdsel, nsd_t *pNsd, nsds
9315e5
 
9315e5
 	ISOBJ_TYPE_assert(pThis, nsdsel_gtls);
9315e5
 	ISOBJ_TYPE_assert(pNsdGTLS, nsd_gtls);
9315e5
+	DBGPRINTF("Add on nsd %p:\n", pNsdGTLS);
9315e5
 	if(pNsdGTLS->iMode == 1) {
9315e5
 		if(waitOp == NSDSEL_RD && gtlsHasRcvInBuffer(pNsdGTLS)) {
9315e5
 			++pThis->iBufferRcvReady;
9315e5
@@ -99,6 +100,8 @@ Add(nsdsel_t *pNsdsel, nsd_t *pNsd, nsds
9315e5
 		}
9315e5
 	}
9315e5
 
9315e5
+	dbgprintf("nsdsel_gtls: reached end on nsd %p, calling nsdsel_ptcp.Add with waitOp %d... \n", pNsdGTLS, waitOp);
9315e5
+
9315e5
 	/* if we reach this point, we need no special handling */
9315e5
 	CHKiRet(nsdsel_ptcp.Add(pThis->pTcp, pNsdGTLS->pTcp, waitOp));
9315e5
 
9315e5
@@ -120,7 +123,8 @@ Select(nsdsel_t *pNsdsel, int *piNumRead
9315e5
 	if(pThis->iBufferRcvReady > 0) {
9315e5
 		/* we still have data ready! */
9315e5
 		*piNumReady = pThis->iBufferRcvReady;
9315e5
-		dbgprintf("nsdsel_gtls: doing dummy select, data present\n");
9315e5
+		dbgprintf("nsdsel_gtls: doing dummy select for %p->iBufferRcvReady=%d, data present\n",
9315e5
+			pThis, pThis->iBufferRcvReady);
9315e5
 	} else {
9315e5
 		iRet = nsdsel_ptcp.Select(pThis->pTcp, piNumReady);
9315e5
 	}
9315e5
@@ -138,7 +142,7 @@ doRetry(nsd_gtls_t *pNsd)
9315e5
 	DEFiRet;
9315e5
 	int gnuRet;
9315e5
 
9315e5
-	dbgprintf("GnuTLS requested retry of %d operation - executing\n", pNsd->rtryCall);
9315e5
+	dbgprintf("doRetry: GnuTLS requested retry of %d operation - executing\n", pNsd->rtryCall);
9315e5
 
9315e5
 	/* We follow a common scheme here: first, we do the systen call and
9315e5
 	 * then we check the result. So far, the result is checked after the
9315e5
@@ -151,7 +155,7 @@ doRetry(nsd_gtls_t *pNsd)
9315e5
 		case gtlsRtry_handshake:
9315e5
 			gnuRet = gnutls_handshake(pNsd->sess);
9315e5
 			if(gnuRet == GNUTLS_E_AGAIN || gnuRet == GNUTLS_E_INTERRUPTED) {
9315e5
-				dbgprintf("GnuTLS handshake retry did not finish - "
9315e5
+				dbgprintf("doRetry: GnuTLS handshake retry did not finish - "
9315e5
 					"setting to retry (this is OK and can happen)\n");
9315e5
 				FINALIZE;
9315e5
 			} else if(gnuRet == 0) {
9315e5
@@ -167,9 +171,20 @@ doRetry(nsd_gtls_t *pNsd)
9315e5
 			}
9315e5
 			break;
9315e5
 		case gtlsRtry_recv:
9315e5
-			dbgprintf("retrying gtls recv, nsd: %p\n", pNsd);
9315e5
-			CHKiRet(gtlsRecordRecv(pNsd));
9315e5
-			pNsd->rtryCall = gtlsRtry_None; /* we are done */
9315e5
+			dbgprintf("doRetry: retrying gtls recv, nsd: %p\n", pNsd);
9315e5
+			iRet = gtlsRecordRecv(pNsd);
9315e5
+			if (iRet == RS_RET_RETRY) {
9315e5
+				// Check if there is pending data
9315e5
+				size_t stBytesLeft = gnutls_record_check_pending(pNsd->sess);
9315e5
+				if (stBytesLeft > 0) {
9315e5
+					// We are in retry and more data waiting, finalize it
9315e5
+					goto finalize_it;
9315e5
+				} else {
9315e5
+					dbgprintf("doRetry: gtlsRecordRecv returned RETRY, but there is no pending"
9315e5
+						"data on nsd: %p\n", pNsd);
9315e5
+				}
9315e5
+			}
9315e5
+			pNsd->rtryCall = gtlsRtry_None; /* no more data, we are done */
9315e5
 			gnuRet = 0;
9315e5
 			break;
9315e5
 		case gtlsRtry_None:
9315e5
@@ -241,7 +256,7 @@ IsReady(nsdsel_t *pNsdsel, nsd_t *pNsd,
9315e5
 		 * socket. -- rgerhards, 2010-11-20
9315e5
 		 */
9315e5
 		if(pThis->iBufferRcvReady) {
9315e5
-			dbgprintf("nsd_gtls: dummy read, buffer not available for this FD\n");
9315e5
+			dbgprintf("nsd_gtls: dummy read, %p->buffer not available for this FD\n", pThis);
9315e5
 			*pbIsReady = 0;
9315e5
 			FINALIZE;
9315e5
 		}
9315e5
diff -up rsyslog-8.2102.0/runtime/tcpsrv.c.orig rsyslog-8.2102.0/runtime/tcpsrv.c
9315e5
--- rsyslog-8.2102.0/runtime/tcpsrv.c.orig	2022-04-11 09:27:00.376245726 +0200
9315e5
+++ rsyslog-8.2102.0/runtime/tcpsrv.c	2022-04-11 09:41:57.885777708 +0200
9315e5
@@ -609,14 +609,15 @@ doReceive(tcpsrv_t *pThis, tcps_sess_t *
9315e5
 	int oserr = 0;
9315e5
 
9315e5
 	ISOBJ_TYPE_assert(pThis, tcpsrv);
9315e5
-	DBGPRINTF("netstream %p with new data\n", (*ppSess)->pStrm);
9315e5
+	prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
9315e5
+	DBGPRINTF("netstream %p with new data from remote peer %s\n", (*ppSess)->pStrm, pszPeer);
9315e5
 	/* Receive message */
9315e5
 	iRet = pThis->pRcvData(*ppSess, buf, sizeof(buf), &iRcvd, &oserr);
9315e5
 	switch(iRet) {
9315e5
 	case RS_RET_CLOSED:
9315e5
 		if(pThis->bEmitMsgOnClose) {
9315e5
 			errno = 0;
9315e5
-			prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
9315e5
+			// prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
9315e5
 			LogError(0, RS_RET_PEER_CLOSED_CONN, "Netstream session %p closed by remote "
9315e5
 				"peer %s.\n", (*ppSess)->pStrm, pszPeer);
9315e5
 		}
9315e5
@@ -632,13 +633,13 @@ doReceive(tcpsrv_t *pThis, tcps_sess_t *
9315e5
 			/* in this case, something went awfully wrong.
9315e5
 			 * We are instructed to terminate the session.
9315e5
 			 */
9315e5
-			prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
9315e5
+			// prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
9315e5
 			LogError(oserr, localRet, "Tearing down TCP Session from %s", pszPeer);
9315e5
 			CHKiRet(closeSess(pThis, ppSess, pPoll));
9315e5
 		}
9315e5
 		break;
9315e5
 	default:
9315e5
-		prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
9315e5
+		// prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
9315e5
 		LogError(oserr, iRet, "netstream session %p from %s will be closed due to error",
9315e5
 				(*ppSess)->pStrm, pszPeer);
9315e5
 		CHKiRet(closeSess(pThis, ppSess, pPoll));
9315e5
@@ -838,6 +839,7 @@ RunSelect(tcpsrv_t *pThis, nsd_epworkset
9315e5
 		while(iTCPSess != -1) {
9315e5
 			/* TODO: access to pNsd is NOT really CLEAN, use method... */
9315e5
 			CHKiRet(nssel.Add(pSel, pThis->pSessions[iTCPSess]->pStrm, NSDSEL_RD));
9315e5
+			DBGPRINTF("tcpsrv process session %d:\n", iTCPSess);
9315e5
 			/* now get next... */
9315e5
 			iTCPSess = TCPSessGetNxtSess(pThis, iTCPSess);
9315e5
 		}