|
|
9315e5 |
diff -up rsyslog-8.2102.0/runtime/nsd_gtls.c.orig rsyslog-8.2102.0/runtime/nsd_gtls.c
|
|
|
9315e5 |
--- rsyslog-8.2102.0/runtime/nsd_gtls.c.orig 2022-04-11 09:26:17.826271989 +0200
|
|
|
9315e5 |
+++ rsyslog-8.2102.0/runtime/nsd_gtls.c 2022-04-11 09:33:28.702012052 +0200
|
|
|
9315e5 |
@@ -556,7 +556,9 @@ gtlsRecordRecv(nsd_gtls_t *pThis)
|
|
|
9315e5 |
DEFiRet;
|
|
|
9315e5 |
|
|
|
9315e5 |
ISOBJ_TYPE_assert(pThis, nsd_gtls);
|
|
|
9315e5 |
- DBGPRINTF("gtlsRecordRecv: start\n");
|
|
|
9315e5 |
+ DBGPRINTF("gtlsRecordRecv: start (Pending Data: %zd | Wanted Direction: %s)\n",
|
|
|
9315e5 |
+ gnutls_record_check_pending(pThis->sess),
|
|
|
9315e5 |
+ (gnutls_record_get_direction(pThis->sess) == gtlsDir_READ ? "READ" : "WRITE") );
|
|
|
9315e5 |
|
|
|
9315e5 |
lenRcvd = gnutls_record_recv(pThis->sess, pThis->pszRcvBuf, NSD_GTLS_MAX_RCVBUF);
|
|
|
9315e5 |
if(lenRcvd >= 0) {
|
|
|
9315e5 |
@@ -581,14 +583,30 @@ gtlsRecordRecv(nsd_gtls_t *pThis)
|
|
|
9315e5 |
(NSD_GTLS_MAX_RCVBUF+lenRcvd));
|
|
|
9315e5 |
pThis->lenRcvBuf = NSD_GTLS_MAX_RCVBUF+lenRcvd;
|
|
|
9315e5 |
} else {
|
|
|
9315e5 |
- goto sslerr;
|
|
|
9315e5 |
+ if (lenRcvd == GNUTLS_E_AGAIN || lenRcvd == GNUTLS_E_INTERRUPTED) {
|
|
|
9315e5 |
+ goto sslerragain; /* Go to ERR AGAIN handling */
|
|
|
9315e5 |
+ } else {
|
|
|
9315e5 |
+ /* Do all other error handling */
|
|
|
9315e5 |
+ int gnuRet = lenRcvd;
|
|
|
9315e5 |
+ ABORTgnutls;
|
|
|
9315e5 |
+ }
|
|
|
9315e5 |
}
|
|
|
9315e5 |
}
|
|
|
9315e5 |
} else if(lenRcvd == GNUTLS_E_AGAIN || lenRcvd == GNUTLS_E_INTERRUPTED) {
|
|
|
9315e5 |
-sslerr:
|
|
|
9315e5 |
- pThis->rtryCall = gtlsRtry_recv;
|
|
|
9315e5 |
- dbgprintf("GnuTLS receive requires a retry (this most probably is OK and no error condition)\n");
|
|
|
9315e5 |
- ABORT_FINALIZE(RS_RET_RETRY);
|
|
|
9315e5 |
+sslerragain:
|
|
|
9315e5 |
+ /* Check if the underlaying file descriptor needs to read or write data!*/
|
|
|
9315e5 |
+ if (gnutls_record_get_direction(pThis->sess) == gtlsDir_READ) {
|
|
|
9315e5 |
+ pThis->rtryCall = gtlsRtry_recv;
|
|
|
9315e5 |
+ dbgprintf("GnuTLS receive requires a retry, this most probably is OK and no error condition\n");
|
|
|
9315e5 |
+ ABORT_FINALIZE(RS_RET_RETRY);
|
|
|
9315e5 |
+ } else {
|
|
|
9315e5 |
+ uchar *pErr = gtlsStrerror(lenRcvd);
|
|
|
9315e5 |
+ LogError(0, RS_RET_GNUTLS_ERR, "GnuTLS receive error %zd has wrong read direction(wants write) "
|
|
|
9315e5 |
+ "- this could be caused by a broken connection. GnuTLS reports: %s\n",
|
|
|
9315e5 |
+ lenRcvd, pErr);
|
|
|
9315e5 |
+ free(pErr);
|
|
|
9315e5 |
+ ABORT_FINALIZE(RS_RET_GNUTLS_ERR);
|
|
|
9315e5 |
+ }
|
|
|
9315e5 |
} else {
|
|
|
9315e5 |
int gnuRet = lenRcvd;
|
|
|
9315e5 |
ABORTgnutls;
|
|
|
9315e5 |
@@ -1978,6 +1996,7 @@ static rsRetVal
|
|
|
9315e5 |
Send(nsd_t *pNsd, uchar *pBuf, ssize_t *pLenBuf)
|
|
|
9315e5 |
{
|
|
|
9315e5 |
int iSent;
|
|
|
9315e5 |
+ int wantsWriteData = 0;
|
|
|
9315e5 |
nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd;
|
|
|
9315e5 |
DEFiRet;
|
|
|
9315e5 |
ISOBJ_TYPE_assert(pThis, nsd_gtls);
|
|
|
9315e5 |
@@ -1998,10 +2017,12 @@ Send(nsd_t *pNsd, uchar *pBuf, ssize_t *
|
|
|
9315e5 |
break;
|
|
|
9315e5 |
}
|
|
|
9315e5 |
if(iSent != GNUTLS_E_INTERRUPTED && iSent != GNUTLS_E_AGAIN) {
|
|
|
9315e5 |
+ /* Check if the underlaying file descriptor needs to read or write data!*/
|
|
|
9315e5 |
+ wantsWriteData = gnutls_record_get_direction(pThis->sess);
|
|
|
9315e5 |
uchar *pErr = gtlsStrerror(iSent);
|
|
|
9315e5 |
- LogError(0, RS_RET_GNUTLS_ERR, "unexpected GnuTLS error %d - this "
|
|
|
9315e5 |
- "could be caused by a broken connection. GnuTLS reports: %s \n",
|
|
|
9315e5 |
- iSent, pErr);
|
|
|
9315e5 |
+ LogError(0, RS_RET_GNUTLS_ERR, "unexpected GnuTLS error %d, wantsWriteData=%d - this "
|
|
|
9315e5 |
+ "could be caused by a broken connection. GnuTLS reports: %s\n",
|
|
|
9315e5 |
+ iSent, wantsWriteData, pErr);
|
|
|
9315e5 |
free(pErr);
|
|
|
9315e5 |
gnutls_perror(iSent);
|
|
|
9315e5 |
ABORT_FINALIZE(RS_RET_GNUTLS_ERR);
|
|
|
9315e5 |
diff -up rsyslog-8.2102.0/runtime/nsd_gtls.h.orig rsyslog-8.2102.0/runtime/nsd_gtls.h
|
|
|
9315e5 |
--- rsyslog-8.2102.0/runtime/nsd_gtls.h.orig 2022-04-11 09:26:32.744262781 +0200
|
|
|
9315e5 |
+++ rsyslog-8.2102.0/runtime/nsd_gtls.h 2022-04-11 09:34:29.909982895 +0200
|
|
|
9315e5 |
@@ -33,6 +33,11 @@ typedef enum {
|
|
|
9315e5 |
gtlsRtry_recv = 2
|
|
|
9315e5 |
} gtlsRtryCall_t; /**< IDs of calls that needs to be retried */
|
|
|
9315e5 |
|
|
|
9315e5 |
+typedef enum {
|
|
|
9315e5 |
+ gtlsDir_READ = 0, /**< GNUTLS wants READ */
|
|
|
9315e5 |
+ gtlsDir_WRITE = 1 /**< GNUTLS wants WRITE */
|
|
|
9315e5 |
+} gtlsDirection_t;
|
|
|
9315e5 |
+
|
|
|
9315e5 |
typedef nsd_if_t nsd_gtls_if_t; /* we just *implement* this interface */
|
|
|
9315e5 |
|
|
|
9315e5 |
/* the nsd_gtls object */
|
|
|
9315e5 |
diff -up rsyslog-8.2102.0/runtime/nsdsel_gtls.c.orig rsyslog-8.2102.0/runtime/nsdsel_gtls.c
|
|
|
9315e5 |
--- rsyslog-8.2102.0/runtime/nsdsel_gtls.c.orig 2022-04-11 09:26:42.529256742 +0200
|
|
|
9315e5 |
+++ rsyslog-8.2102.0/runtime/nsdsel_gtls.c 2022-04-11 09:38:27.425869737 +0200
|
|
|
9315e5 |
@@ -81,6 +81,7 @@ Add(nsdsel_t *pNsdsel, nsd_t *pNsd, nsds
|
|
|
9315e5 |
|
|
|
9315e5 |
ISOBJ_TYPE_assert(pThis, nsdsel_gtls);
|
|
|
9315e5 |
ISOBJ_TYPE_assert(pNsdGTLS, nsd_gtls);
|
|
|
9315e5 |
+ DBGPRINTF("Add on nsd %p:\n", pNsdGTLS);
|
|
|
9315e5 |
if(pNsdGTLS->iMode == 1) {
|
|
|
9315e5 |
if(waitOp == NSDSEL_RD && gtlsHasRcvInBuffer(pNsdGTLS)) {
|
|
|
9315e5 |
++pThis->iBufferRcvReady;
|
|
|
9315e5 |
@@ -99,6 +100,8 @@ Add(nsdsel_t *pNsdsel, nsd_t *pNsd, nsds
|
|
|
9315e5 |
}
|
|
|
9315e5 |
}
|
|
|
9315e5 |
|
|
|
9315e5 |
+ dbgprintf("nsdsel_gtls: reached end on nsd %p, calling nsdsel_ptcp.Add with waitOp %d... \n", pNsdGTLS, waitOp);
|
|
|
9315e5 |
+
|
|
|
9315e5 |
/* if we reach this point, we need no special handling */
|
|
|
9315e5 |
CHKiRet(nsdsel_ptcp.Add(pThis->pTcp, pNsdGTLS->pTcp, waitOp));
|
|
|
9315e5 |
|
|
|
9315e5 |
@@ -120,7 +123,8 @@ Select(nsdsel_t *pNsdsel, int *piNumRead
|
|
|
9315e5 |
if(pThis->iBufferRcvReady > 0) {
|
|
|
9315e5 |
/* we still have data ready! */
|
|
|
9315e5 |
*piNumReady = pThis->iBufferRcvReady;
|
|
|
9315e5 |
- dbgprintf("nsdsel_gtls: doing dummy select, data present\n");
|
|
|
9315e5 |
+ dbgprintf("nsdsel_gtls: doing dummy select for %p->iBufferRcvReady=%d, data present\n",
|
|
|
9315e5 |
+ pThis, pThis->iBufferRcvReady);
|
|
|
9315e5 |
} else {
|
|
|
9315e5 |
iRet = nsdsel_ptcp.Select(pThis->pTcp, piNumReady);
|
|
|
9315e5 |
}
|
|
|
9315e5 |
@@ -138,7 +142,7 @@ doRetry(nsd_gtls_t *pNsd)
|
|
|
9315e5 |
DEFiRet;
|
|
|
9315e5 |
int gnuRet;
|
|
|
9315e5 |
|
|
|
9315e5 |
- dbgprintf("GnuTLS requested retry of %d operation - executing\n", pNsd->rtryCall);
|
|
|
9315e5 |
+ dbgprintf("doRetry: GnuTLS requested retry of %d operation - executing\n", pNsd->rtryCall);
|
|
|
9315e5 |
|
|
|
9315e5 |
/* We follow a common scheme here: first, we do the systen call and
|
|
|
9315e5 |
* then we check the result. So far, the result is checked after the
|
|
|
9315e5 |
@@ -151,7 +155,7 @@ doRetry(nsd_gtls_t *pNsd)
|
|
|
9315e5 |
case gtlsRtry_handshake:
|
|
|
9315e5 |
gnuRet = gnutls_handshake(pNsd->sess);
|
|
|
9315e5 |
if(gnuRet == GNUTLS_E_AGAIN || gnuRet == GNUTLS_E_INTERRUPTED) {
|
|
|
9315e5 |
- dbgprintf("GnuTLS handshake retry did not finish - "
|
|
|
9315e5 |
+ dbgprintf("doRetry: GnuTLS handshake retry did not finish - "
|
|
|
9315e5 |
"setting to retry (this is OK and can happen)\n");
|
|
|
9315e5 |
FINALIZE;
|
|
|
9315e5 |
} else if(gnuRet == 0) {
|
|
|
9315e5 |
@@ -167,9 +171,20 @@ doRetry(nsd_gtls_t *pNsd)
|
|
|
9315e5 |
}
|
|
|
9315e5 |
break;
|
|
|
9315e5 |
case gtlsRtry_recv:
|
|
|
9315e5 |
- dbgprintf("retrying gtls recv, nsd: %p\n", pNsd);
|
|
|
9315e5 |
- CHKiRet(gtlsRecordRecv(pNsd));
|
|
|
9315e5 |
- pNsd->rtryCall = gtlsRtry_None; /* we are done */
|
|
|
9315e5 |
+ dbgprintf("doRetry: retrying gtls recv, nsd: %p\n", pNsd);
|
|
|
9315e5 |
+ iRet = gtlsRecordRecv(pNsd);
|
|
|
9315e5 |
+ if (iRet == RS_RET_RETRY) {
|
|
|
9315e5 |
+ // Check if there is pending data
|
|
|
9315e5 |
+ size_t stBytesLeft = gnutls_record_check_pending(pNsd->sess);
|
|
|
9315e5 |
+ if (stBytesLeft > 0) {
|
|
|
9315e5 |
+ // We are in retry and more data waiting, finalize it
|
|
|
9315e5 |
+ goto finalize_it;
|
|
|
9315e5 |
+ } else {
|
|
|
9315e5 |
+ dbgprintf("doRetry: gtlsRecordRecv returned RETRY, but there is no pending"
|
|
|
9315e5 |
+ "data on nsd: %p\n", pNsd);
|
|
|
9315e5 |
+ }
|
|
|
9315e5 |
+ }
|
|
|
9315e5 |
+ pNsd->rtryCall = gtlsRtry_None; /* no more data, we are done */
|
|
|
9315e5 |
gnuRet = 0;
|
|
|
9315e5 |
break;
|
|
|
9315e5 |
case gtlsRtry_None:
|
|
|
9315e5 |
@@ -241,7 +256,7 @@ IsReady(nsdsel_t *pNsdsel, nsd_t *pNsd,
|
|
|
9315e5 |
* socket. -- rgerhards, 2010-11-20
|
|
|
9315e5 |
*/
|
|
|
9315e5 |
if(pThis->iBufferRcvReady) {
|
|
|
9315e5 |
- dbgprintf("nsd_gtls: dummy read, buffer not available for this FD\n");
|
|
|
9315e5 |
+ dbgprintf("nsd_gtls: dummy read, %p->buffer not available for this FD\n", pThis);
|
|
|
9315e5 |
*pbIsReady = 0;
|
|
|
9315e5 |
FINALIZE;
|
|
|
9315e5 |
}
|
|
|
9315e5 |
diff -up rsyslog-8.2102.0/runtime/tcpsrv.c.orig rsyslog-8.2102.0/runtime/tcpsrv.c
|
|
|
9315e5 |
--- rsyslog-8.2102.0/runtime/tcpsrv.c.orig 2022-04-11 09:27:00.376245726 +0200
|
|
|
9315e5 |
+++ rsyslog-8.2102.0/runtime/tcpsrv.c 2022-04-11 09:41:57.885777708 +0200
|
|
|
9315e5 |
@@ -609,14 +609,15 @@ doReceive(tcpsrv_t *pThis, tcps_sess_t *
|
|
|
9315e5 |
int oserr = 0;
|
|
|
9315e5 |
|
|
|
9315e5 |
ISOBJ_TYPE_assert(pThis, tcpsrv);
|
|
|
9315e5 |
- DBGPRINTF("netstream %p with new data\n", (*ppSess)->pStrm);
|
|
|
9315e5 |
+ prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
|
|
|
9315e5 |
+ DBGPRINTF("netstream %p with new data from remote peer %s\n", (*ppSess)->pStrm, pszPeer);
|
|
|
9315e5 |
/* Receive message */
|
|
|
9315e5 |
iRet = pThis->pRcvData(*ppSess, buf, sizeof(buf), &iRcvd, &oserr);
|
|
|
9315e5 |
switch(iRet) {
|
|
|
9315e5 |
case RS_RET_CLOSED:
|
|
|
9315e5 |
if(pThis->bEmitMsgOnClose) {
|
|
|
9315e5 |
errno = 0;
|
|
|
9315e5 |
- prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
|
|
|
9315e5 |
+ // prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
|
|
|
9315e5 |
LogError(0, RS_RET_PEER_CLOSED_CONN, "Netstream session %p closed by remote "
|
|
|
9315e5 |
"peer %s.\n", (*ppSess)->pStrm, pszPeer);
|
|
|
9315e5 |
}
|
|
|
9315e5 |
@@ -632,13 +633,13 @@ doReceive(tcpsrv_t *pThis, tcps_sess_t *
|
|
|
9315e5 |
/* in this case, something went awfully wrong.
|
|
|
9315e5 |
* We are instructed to terminate the session.
|
|
|
9315e5 |
*/
|
|
|
9315e5 |
- prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
|
|
|
9315e5 |
+ // prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
|
|
|
9315e5 |
LogError(oserr, localRet, "Tearing down TCP Session from %s", pszPeer);
|
|
|
9315e5 |
CHKiRet(closeSess(pThis, ppSess, pPoll));
|
|
|
9315e5 |
}
|
|
|
9315e5 |
break;
|
|
|
9315e5 |
default:
|
|
|
9315e5 |
- prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
|
|
|
9315e5 |
+ // prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
|
|
|
9315e5 |
LogError(oserr, iRet, "netstream session %p from %s will be closed due to error",
|
|
|
9315e5 |
(*ppSess)->pStrm, pszPeer);
|
|
|
9315e5 |
CHKiRet(closeSess(pThis, ppSess, pPoll));
|
|
|
9315e5 |
@@ -838,6 +839,7 @@ RunSelect(tcpsrv_t *pThis, nsd_epworkset
|
|
|
9315e5 |
while(iTCPSess != -1) {
|
|
|
9315e5 |
/* TODO: access to pNsd is NOT really CLEAN, use method... */
|
|
|
9315e5 |
CHKiRet(nssel.Add(pSel, pThis->pSessions[iTCPSess]->pStrm, NSDSEL_RD));
|
|
|
9315e5 |
+ DBGPRINTF("tcpsrv process session %d:\n", iTCPSess);
|
|
|
9315e5 |
/* now get next... */
|
|
|
9315e5 |
iTCPSess = TCPSessGetNxtSess(pThis, iTCPSess);
|
|
|
9315e5 |
}
|