Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Hofi <[email protected]>

…ransportStack

Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Hofi <[email protected]>

Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Hofi <[email protected]>

Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Hofi <[email protected]>

Previously TLS compression was enabled using an overly complicated mechanism
crossing a number of layers (TransportMapperInet -> TransportFactoryTLS ->
TLSSession -> SSL). This can be a lot simpler, which this patch
implements.

NOTE: compression will not work in most cases due to OpenSSL security
levels and this patch adds a warning about it.

Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Hofi <[email protected]>

Instead of going to the fd directly, wrap the lower-level LogTransport
instance into a BIO and use that. This implements proper stacking
for LogTransportTLS.

This adds the use of OpenSSL BIOs to wrap the lower level LogTransport
instance.

Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Hofi <[email protected]>

Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Hofi <[email protected]>

…rtStack level

Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Hofi <[email protected]>

Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Hofi <[email protected]>

…sages

The "auto" protocol can be applied to both syslog() and network(), so
it's not strictly RFC6587 related and it does not add too much information
anyway.

Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Hofi <[email protected]>

Instead of using proxy protocol specific name value pairs, set the
addresses in the message's saddr/daddr members.

This should be a lot faster and a lot easier to use.

Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Hofi <[email protected]>

…resses

Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Hofi <[email protected]>

…e_index

Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Hofi <[email protected]>

…e message

Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Hofi <[email protected]>

This reworks the various boolean members in TransportMapperInet that
control which logproto/transport we apply to a specific connection.

With these renames, it's much easier to follow what happens and why.

NOTE: there's a followup bugfix that fixes the same bug as syslog-ng#482.

Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Hofi <[email protected]>

"auto" has originally been planned to auto-detect TLS as well as framing
format, but at this point it does not do TLS auto-detection.

But this means that transport(auto) with tls() options set will start reading
data without SSL, e.g. the encrypted stuff will make it into the
messages received.

This patch fixes that for both the syslog() and the network() driver. The
only change is that delegate_tls_start_to_logproto is FALSE for the "auto"
case. This will be changed once the TLS auto detection feature is also
in.

Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Hofi <[email protected]>

… transports

Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Hofi <[email protected]>

This was a one-off allocation, but it's better if it is freed.

Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Hofi <[email protected]>

Instead of just exercising the proxyprotocol try all valid transports, including
the "auto" variants.

Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Hofi <[email protected]>

Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Hofi <[email protected]>

Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Hofi <[email protected]>