add initial version of mmanon (anonymoization support)

8 files changed, 325 insertions, 5 deletions

diff --git a/ChangeLog b/ChangeLog
index 19032277..870d34fa 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
 ---------------------------------------------------------------------------
 Version 7.3.7  [devel] 2013-02-??
+- add support for anonymizing IPv4 addresses
 - add support for writing to the Linux Journal (omjournal)
 - imuxsock: add capability to ignore messages from ourselfes
   This helps prevent message routing loops, and is vital to have
diff --git a/Makefile.am b/Makefile.am
index 1c044074..f99fa9c7 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -229,6 +229,10 @@ if ENABLE_MMAUDIT
 SUBDIRS += plugins/mmaudit
 endif
 
+if ENABLE_MMANON
+SUBDIRS += plugins/mmanon
+endif
+
 if ENABLE_ORACLE
 SUBDIRS += plugins/omoracle
 endif
diff --git a/configure.ac b/configure.ac
index 0d5dc11e..a0c063c2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -875,7 +875,6 @@ fi
 AM_CONDITIONAL(ENABLE_MMJSONPARSE, test x$enable_mmjsonparse = xyes)
 
 
-
 # mmaudit
 AC_ARG_ENABLE(mmaudit,
         [AS_HELP_STRING([--enable-mmaudit],[Enable building mmaudit support @<:@default=no@:>@])],
@@ -892,6 +891,19 @@ fi
 AM_CONDITIONAL(ENABLE_MMAUDIT, test x$enable_mmaudit = xyes)
 
 
+# mmanon
+AC_ARG_ENABLE(mmanon,
+        [AS_HELP_STRING([--enable-mmanon],[Enable building mmanon support @<:@default=no@:>@])],
+        [case "${enableval}" in
+         yes) enable_mmanon="yes" ;;
+          no) enable_mmanon="no" ;;
+           *) AC_MSG_ERROR(bad value ${enableval} for --enable-mmanon) ;;
+         esac],
+        [enable_mmanon=no]
+)
+AM_CONDITIONAL(ENABLE_MMANON, test x$enable_mmanon = xyes)
+
+
 # RELP support
 AC_ARG_ENABLE(relp,
         [AS_HELP_STRING([--enable-relp],[Enable RELP support @<:@default=no@:>@])],
@@ -1328,7 +1340,7 @@ AC_CONFIG_FILES([Makefile \
 		plugins/impstats/Makefile \
 		plugins/imrelp/Makefile \
 		plugins/imdiag/Makefile \
-        plugins/imzmq3/Makefile \
+		plugins/imzmq3/Makefile \
 		plugins/omtesting/Makefile \
 		plugins/omgssapi/Makefile \
 		plugins/ommysql/Makefile \
@@ -1340,11 +1352,12 @@ AC_CONFIG_FILES([Makefile \
 		plugins/omoracle/Makefile \
 		plugins/omudpspoof/Makefile \
 		plugins/ommongodb/Makefile \
-        plugins/omhiredis/Makefile \
-        plugins/omzmq3/Makefile \
+		plugins/omhiredis/Makefile \
+		plugins/omzmq3/Makefile \
 		plugins/mmnormalize/Makefile \
 		plugins/mmjsonparse/Makefile \
 		plugins/mmaudit/Makefile \
+		plugins/mmanon/Makefile \
 		plugins/omelasticsearch/Makefile \
 		plugins/sm_cust_bindcdr/Makefile \
 		plugins/mmsnmptrapd/Makefile \
@@ -1364,6 +1377,7 @@ echo "    rsyslogd will be built:                   $enable_rsyslogd"
 echo "    GUI components will be built:             $enable_gui"
 echo "    Unlimited select() support enabled:       $enable_unlimited_select"
 echo "    uuid support enabled:                     $enable_uuid"
+echo "    anonymization support enabled:            $enable_mmanon"
 echo
 echo "---{ input plugins }---"
 echo "    Klog functionality enabled:               $enable_klog ($os_type)"
diff --git a/doc/Makefile.am b/doc/Makefile.am
index b907c5bf..de2e1df5 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -35,6 +35,7 @@ html_files = \
 	omfwd.html \
 	omfile.html \
 	omjournal.html \
+	mmanon.html \
 	omusrmsg.html \
 	omstdout.html \
 	omudpspoof.html \
diff --git a/doc/mmanon.html b/doc/mmanon.html
new file mode 100644
index 00000000..23aa8446
--- /dev/null
+++ b/doc/mmanon.html
@@ -0,0 +1,59 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head>
+<meta http-equiv="Content-Language" content="en">
+<title>IP Address Anonimization Module (mmanon)</title></head>
+
+<body>
+<a href="rsyslog_conf_modules.html">back</a>
+
+<h1>IP Address Anonimization Module (mmanon)</h1>
+<p><b>Module Name:&nbsp;&nbsp;&nbsp; omjournal</b></p>
+<p><b>Author: </b>Rainer Gerhards &lt;rgerhards@adiscon.com&gt;</p>
+<p><b>Available since</b>: 7.3.7</p>
+<p><b>Description</b>:</p>
+<p>The mmanon module permits to anonymize IP addresses. It is a message 
+modification module that actually changes the IP address inside the message,
+so after calling mmanon, the original message can no longer be obtained.
+Note that anonymization will break digital signutures on the message, if
+such exists.
+<p>&nbsp;</p>
+
+<p><b>Module Configuration Parameters</b>:</p>
+<p>Currently none.
+<p>&nbsp;</p>
+<p><b>Action Confguration Parameters</b>:</p>
+<p>Currently none.
+
+<p><b>Caveats/Known Bugs:</b>
+<ul>
+<li><b>This module is currently experimental.</b> This does not mean
+the code is not solid. What it means is that the functionality is limited
+and it got limited practice drill so far.
+<li><b>only IPv4</b> is supported
+<li>The anonymization replaces the numerical parts of the ip address.
+However, the number of digits is not normalized. So one can probably
+draw conlusions just based on the length of the various octets.
+<li>Needed config parameters are missing.
+</ul>
+
+<p><b>Sample:</b></p>
+<p>In this snippet, we write one file without anonymization and another one
+with the message anonymized. Note that once mmanon has run, access to the 
+original message is no longer possible (execept if stored in user
+variables before anonymization).
+<p><textarea rows="5" cols="60">module(load="mmanon")
+action(type="omfile" file="/path/to/non-anon.log")
+action(type="mmanon")
+action(type="omfile" file="/path/to/anon.log")
+</textarea>
+
+
+<p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>] [<a href="manual.html">manual 
+index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p>
+<p><font size="2">This documentation is part of the
+<a href="http://www.rsyslog.com/">rsyslog</a> project.<br>
+Copyright &copy; 2008-2013 by <a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and
+<a href="http://www.adiscon.com/">Adiscon</a>. Released under the GNU GPL 
+version 3 or higher.</font></p>
+
+</body></html>
diff --git a/doc/omjournal.html b/doc/omjournal.html
index 8fa8c4fb..c42d9841 100644
--- a/doc/omjournal.html
+++ b/doc/omjournal.html
@@ -8,7 +8,7 @@
 
 <h1>Linux Journal Output Module (omjournal)</h1>
 <p><b>Module Name:&nbsp;&nbsp;&nbsp; omjournal</b></p>
-<p><b>Author: </b>Rainer Gerhards &lt;rgergards@adiscon.com&gt;</p>
+<p><b>Author: </b>Rainer Gerhards &lt;rgerhards@adiscon.com&gt;</p>
 <p><b>Available since</b>: 7.3.7</p>
 <p><b>Description</b>:</p>
 <p>The omjournal output module provides an interface to the Linux journal.
diff --git a/plugins/mmanon/Makefile.am b/plugins/mmanon/Makefile.am
new file mode 100644
index 00000000..98f0da24
--- /dev/null
+++ b/plugins/mmanon/Makefile.am
@@ -0,0 +1,8 @@
+pkglib_LTLIBRARIES = mmanon.la
+
+mmanon_la_SOURCES = mmanon.c
+mmanon_la_CPPFLAGS =  $(RSRT_CFLAGS) $(PTHREADS_CFLAGS)
+mmanon_la_LDFLAGS = -module -avoid-version
+mmanon_la_LIBADD = 
+
+EXTRA_DIST = 
diff --git a/plugins/mmanon/mmanon.c b/plugins/mmanon/mmanon.c
new file mode 100644
index 00000000..90e7fc81
--- /dev/null
+++ b/plugins/mmanon/mmanon.c
@@ -0,0 +1,233 @@
+/* mmanon.c
+ * anonnymize IP addresses inside the syslog message part
+ *
+ * Copyright 2013 Adiscon GmbH.
+ *
+ * This file is part of rsyslog.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *       -or-
+ *       see COPYING.ASL20 in the source distribution
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "config.h"
+#include "rsyslog.h"
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <signal.h>
+#include <errno.h>
+#include <unistd.h>
+#include "conf.h"
+#include "syslogd-types.h"
+#include "srUtils.h"
+#include "template.h"
+#include "module-template.h"
+#include "errmsg.h"
+
+MODULE_TYPE_OUTPUT
+MODULE_TYPE_NOKEEP
+MODULE_CNFNAME("mmanon")
+
+
+DEFobjCurrIf(errmsg);
+DEF_OMOD_STATIC_DATA
+
+/* config variables */
+
+
+typedef struct _instanceData {
+} instanceData;
+
+struct modConfData_s {
+	rsconf_t *pConf;	/* our overall config object */
+};
+static modConfData_t *loadModConf = NULL;/* modConf ptr to use for the current load process */
+static modConfData_t *runModConf = NULL;/* modConf ptr to use for the current exec process */
+
+BEGINbeginCnfLoad
+CODESTARTbeginCnfLoad
+	loadModConf = pModConf;
+	pModConf->pConf = pConf;
+ENDbeginCnfLoad
+
+BEGINendCnfLoad
+CODESTARTendCnfLoad
+ENDendCnfLoad
+
+BEGINcheckCnf
+CODESTARTcheckCnf
+ENDcheckCnf
+
+BEGINactivateCnf
+CODESTARTactivateCnf
+	runModConf = pModConf;
+ENDactivateCnf
+
+BEGINfreeCnf
+CODESTARTfreeCnf
+ENDfreeCnf
+
+
+BEGINcreateInstance
+CODESTARTcreateInstance
+ENDcreateInstance
+
+
+BEGINisCompatibleWithFeature
+CODESTARTisCompatibleWithFeature
+ENDisCompatibleWithFeature
+
+
+BEGINfreeInstance
+CODESTARTfreeInstance
+ENDfreeInstance
+
+
+BEGINnewActInst
+CODESTARTnewActInst
+	/* Note: we currently do not have any parameters, so we do not need
+	 * the lst ptr. However, we will most probably need params in the 
+	 * future.
+	 */
+	DBGPRINTF("newActInst (mmanon)\n");
+	CODE_STD_STRING_REQUESTnewActInst(1)
+	CHKiRet(OMSRsetEntry(*ppOMSR, 0, NULL, OMSR_TPL_AS_MSG));
+	CHKiRet(createInstance(&pData));
+	/*setInstParamDefaults(pData);*/
+CODE_STD_FINALIZERnewActInst
+/*	cnfparamvalsDestruct(pvals, &actpblk);*/
+ENDnewActInst
+
+
+BEGINdbgPrintInstInfo
+CODESTARTdbgPrintInstInfo
+ENDdbgPrintInstInfo
+
+
+BEGINtryResume
+CODESTARTtryResume
+ENDtryResume
+
+
+static int
+getnum(uchar *msg, int lenMsg, int *idx)
+{
+	int num = 0;
+	int i = *idx;
+
+dbgprintf("DDDD: in getnum: %s\n", msg+(*idx));
+	while(i < lenMsg && msg[i] >= '0' && msg[i] <= '9') {
+		num = num * 10 + msg[i] - '0';
+		++i;
+	}
+
+	*idx = i;
+dbgprintf("DDDD: got octet %d\n", num);
+	return num;
+}
+
+
+/* currently works for IPv4 only! */
+void
+anonip(uchar *msg, int lenMsg, int *idx)
+{
+	int i = *idx;
+	int octet;
+	int ipstart;
+
+dbgprintf("DDDD: in anonip: %s\n", msg+(*idx));
+	while(i < lenMsg && (msg[i] <= '0' || msg[i] >= '9')) {
+		++i; /* skip to first number */
+	}
+	if(i >= lenMsg)
+		goto done;
+	
+	/* got digit, let's see if ip */
+	ipstart = i;
+	octet = getnum(msg, lenMsg, &i);
+	if(octet > 255 || msg[i] != '.') goto done;
+	++i;
+	octet = getnum(msg, lenMsg, &i);
+	if(octet > 255 || msg[i] != '.') goto done;
+	++i;
+	octet = getnum(msg, lenMsg, &i);
+	if(octet > 255 || msg[i] != '.') goto done;
+	++i;
+	octet = getnum(msg, lenMsg, &i);
+	if(octet > 255 || msg[i] != ' ') goto done;
+
+	/* OK, we now found an ip address */
+	while(ipstart < i) {
+		if(msg[ipstart] != '.')
+			msg[ipstart] = 'x';
+		++ipstart;
+	}
+
+done:	*idx = i;
+	return;
+}
+
+
+BEGINdoAction
+	msg_t *pMsg;
+	uchar *msg;
+	int lenMsg;
+	int i;
+CODESTARTdoAction
+	pMsg = (msg_t*) ppString[0];
+	lenMsg = getMSGLen(pMsg);
+	msg = getMSG(pMsg);
+	DBGPRINTF("DDDD: calling mmanon with msg '%s'\n", msg);
+	for(i = 0 ; i < lenMsg ; ++i) {
+		anonip(msg, lenMsg, &i);
+	}
+ENDdoAction
+
+
+BEGINparseSelectorAct
+CODESTARTparseSelectorAct
+CODE_STD_STRING_REQUESTparseSelectorAct(1)
+	if(strncmp((char*) p, ":mmanon:", sizeof(":mmanon:") - 1)) {
+		errmsg.LogError(0, RS_RET_LEGA_ACT_NOT_SUPPORTED,
+			"mmanon supports only v6+ config format, use: "
+			"action(type=\"mmanon\" ...)");
+	}
+	ABORT_FINALIZE(RS_RET_CONFLINE_UNPROCESSED);
+CODE_STD_FINALIZERparseSelectorAct
+ENDparseSelectorAct
+
+
+BEGINmodExit
+CODESTARTmodExit
+	objRelease(errmsg, CORE_COMPONENT);
+ENDmodExit
+
+
+BEGINqueryEtryPt
+CODESTARTqueryEtryPt
+CODEqueryEtryPt_STD_OMOD_QUERIES
+CODEqueryEtryPt_STD_CONF2_OMOD_QUERIES
+CODEqueryEtryPt_STD_CONF2_QUERIES
+ENDqueryEtryPt
+
+
+
+BEGINmodInit()
+CODESTARTmodInit
+	*ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */
+CODEmodInit_QueryRegCFSLineHdlr
+	DBGPRINTF("mmanon: module compiled with rsyslog version %s.\n", VERSION);
+	CHKiRet(objUse(errmsg, CORE_COMPONENT));
+ENDmodInit