diff options
| -rw-r--r-- | ChangeLog | 1 | ||||
| -rw-r--r-- | configure.ac | 2 | ||||
| -rw-r--r-- | doc/imrelp.html | 13 | ||||
| -rw-r--r-- | doc/omrelp.html | 5 | ||||
| -rw-r--r-- | plugins/imrelp/imrelp.c | 13 | ||||
| -rw-r--r-- | plugins/omrelp/omrelp.c | 11 |
6 files changed, 40 insertions, 5 deletions
@@ -1,5 +1,6 @@ --------------------------------------------------------------------------- Version 7.5.0 [devel] 2013-0?-?? +- imrelp/omrelp: add TLS & compression (zip) support - omrelp: add "rebindInterval" parameter - add -S command line option to specify IP address to use for RELP client connections diff --git a/configure.ac b/configure.ac index 233eba44..7c05d109 100644 --- a/configure.ac +++ b/configure.ac @@ -973,7 +973,7 @@ AC_ARG_ENABLE(relp, [enable_relp=no] ) if test "x$enable_relp" = "xyes"; then - PKG_CHECK_MODULES(RELP, relp >= 1.1.0) + PKG_CHECK_MODULES(RELP, relp >= 1.1.1) fi AM_CONDITIONAL(ENABLE_RELP, test x$enable_relp = xyes) diff --git a/doc/imrelp.html b/doc/imrelp.html index bcf52414..1fd913f9 100644 --- a/doc/imrelp.html +++ b/doc/imrelp.html @@ -35,8 +35,17 @@ Binds the specified ruleset to all RELP listeners. <li><b>Port</b> <port><br> Starts a RELP server on selected port</li> <li><b>tls</b> (not mandatory, values "on","off", default "off")<br> - If set to "on", the RELP connection will be encrypted by TLS, so that the data is protected against observers. Please note that both the client and the server must have set TLS to either "on" or "off". Other combinations lead to unpredictable results. - </li> +If set to "on", the RELP connection will be encrypted by TLS, +so that the data is protected against observers. Please note +that both the client and the server must have set TLS to +either "on" or "off". Other combinations lead to unpredictable +results. +</li> +<li><b>tls.compression</b> (not mandatory, values "on","off", default "off")<br> +The controls if the TLS stream should be compressed (zipped). While this +increases CPU use, the network bandwidth should be reduced. Note that +typical text-based log records usually compress rather well. +</li> </ul> <b>Caveats/Known Bugs:</b> <ul> diff --git a/doc/omrelp.html b/doc/omrelp.html index e1f744cb..39f253bd 100644 --- a/doc/omrelp.html +++ b/doc/omrelp.html @@ -37,6 +37,11 @@ must be used. <li><b>tls</b> (not mandatory, values "on","off", default "off")<br> If set to "on", the RELP connection will be encrypted by TLS, so that the data is protected against observers. Please note that both the client and the server must have set TLS to either "on" or "off". Other combinations lead to unpredictable results. </li> + <li><b>tls.compression</b> (not mandatory, values "on","off", default "off")<br> + The controls if the TLS stream should be compressed (zipped). While this + increases CPU use, the network bandwidth should be reduced. Note that + typical text-based log records usually compress rather well. + </li> </ul> <p><b>Sample:</b></p> <p>The following sample sends all messages to the central server diff --git a/plugins/imrelp/imrelp.c b/plugins/imrelp/imrelp.c index f3972233..5994faca 100644 --- a/plugins/imrelp/imrelp.c +++ b/plugins/imrelp/imrelp.c @@ -75,6 +75,7 @@ static struct configSettings_s { struct instanceConf_s { uchar *pszBindPort; /* port to bind to */ sbool bEnableTLS; + sbool bEnableTLSZip; struct instanceConf_s *next; }; @@ -92,7 +93,8 @@ static modConfData_t *runModConf = NULL;/* modConf ptr to use for the current lo /* input instance parameters */ static struct cnfparamdescr inppdescr[] = { { "port", eCmdHdlrString, CNFPARAM_REQUIRED }, - { "tls", eCmdHdlrBinary, 0 } + { "tls", eCmdHdlrBinary, 0 }, + { "tls.compression", eCmdHdlrBinary, 0 } }; static struct cnfparamblk inppblk = { CNFPARAMBLK_VERSION, @@ -158,6 +160,7 @@ createInstance(instanceConf_t **pinst) inst->pszBindPort = NULL; inst->bEnableTLS = 0; + inst->bEnableTLSZip = 0; /* node created, let's add to config */ if(loadModConf->tail == NULL) { @@ -222,8 +225,12 @@ addListner(modConfData_t __attribute__((unused)) *modConf, instanceConf_t *inst) CHKiRet(relpEngineListnerConstruct(pRelpEngine, &pSrv)); CHKiRet(relpSrvSetLstnPort(pSrv, inst->pszBindPort)); - if(inst->bEnableTLS) + if(inst->bEnableTLS) { relpSrvEnableTLS(pSrv); + if(inst->bEnableTLSZip) { + relpSrvEnableTLSZip(pSrv); + } + } CHKiRet(relpEngineListnerConstructFinalize(pRelpEngine, pSrv)); finalize_it: @@ -259,6 +266,8 @@ CODESTARTnewInpInst inst->pszBindPort = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); } else if(!strcmp(inppblk.descr[i].name, "tls")) { inst->bEnableTLS = (unsigned) pvals[i].val.d.n; + } else if(!strcmp(inppblk.descr[i].name, "tls.compression")) { + inst->bEnableTLSZip = (unsigned) pvals[i].val.d.n; } else { dbgprintf("imrelp: program error, non-handled " "param '%s'\n", inppblk.descr[i].name); diff --git a/plugins/omrelp/omrelp.c b/plugins/omrelp/omrelp.c index a8e2e55c..50f6f905 100644 --- a/plugins/omrelp/omrelp.c +++ b/plugins/omrelp/omrelp.c @@ -56,6 +56,7 @@ DEFobjCurrIf(errmsg) DEFobjCurrIf(glbl) #define DFLT_ENABLE_TLS 0 +#define DFLT_ENABLE_TLSZIP 0 static relpEngine_t *pRelpEngine; /* our relp engine */ @@ -69,6 +70,7 @@ typedef struct _instanceData { unsigned nSent; relpClt_t *pRelpClt; /* relp client for this instance */ sbool bEnableTLS; + sbool bEnableTLSZip; uchar *tplName; } instanceData; @@ -83,6 +85,7 @@ static configSettings_t __attribute__((unused)) cs; static struct cnfparamdescr actpdescr[] = { { "target", eCmdHdlrGetWord, 1 }, { "tls", eCmdHdlrBinary, 0 }, + { "tls.compression", eCmdHdlrBinary, 0 }, { "port", eCmdHdlrGetWord, 0 }, { "rebindinterval", eCmdHdlrInt, 0 }, { "timeout", eCmdHdlrInt, 0 }, @@ -122,6 +125,10 @@ doCreateRelpClient(instanceData *pData) if(pData->bEnableTLS) { if(relpCltEnableTLS(pData->pRelpClt) != RELP_RET_OK) ABORT_FINALIZE(RS_RET_RELP_ERR); + if(pData->bEnableTLSZip) { + if(relpCltEnableTLSZip(pData->pRelpClt) != RELP_RET_OK) + ABORT_FINALIZE(RS_RET_RELP_ERR); + } } if(glbl.GetSourceIPofLocalClient() == NULL) { /* ar Do we have a client IP set? */ if(relpCltSetClientIP(pData->pRelpClt, glbl.GetSourceIPofLocalClient()) != RELP_RET_OK) @@ -139,6 +146,7 @@ CODESTARTcreateInstance pData->timeout = 90; pData->rebindInterval = 0; pData->bEnableTLS = DFLT_ENABLE_TLS; + pData->bEnableTLSZip = DFLT_ENABLE_TLSZIP; ENDcreateInstance BEGINfreeInstance @@ -159,6 +167,7 @@ setInstParamDefaults(instanceData *pData) pData->timeout = 90; pData->rebindInterval = 0; pData->bEnableTLS = DFLT_ENABLE_TLS; + pData->bEnableTLSZip = DFLT_ENABLE_TLSZIP; } @@ -188,6 +197,8 @@ CODESTARTnewActInst pData->rebindInterval = (unsigned) pvals[i].val.d.n; } else if(!strcmp(actpblk.descr[i].name, "tls")) { pData->bEnableTLS = (unsigned) pvals[i].val.d.n; + } else if(!strcmp(actpblk.descr[i].name, "tls.compression")) { + pData->bEnableTLSZip = (unsigned) pvals[i].val.d.n; } else { dbgprintf("omrelp: program error, non-handled " "param '%s'\n", actpblk.descr[i].name); |