#define REMOTE_JOURNAL_PATH "/var/log/journal/remote"
-#define KEY_FILE CERTIFICATE_ROOT "/private/journal-remote.pem"
-#define CERT_FILE CERTIFICATE_ROOT "/certs/journal-remote.pem"
-#define TRUST_FILE CERTIFICATE_ROOT "/ca/trusted.pem"
+#define PRIV_KEY_FILE CERTIFICATE_ROOT "/private/journal-remote.pem"
+#define CERT_FILE CERTIFICATE_ROOT "/certs/journal-remote.pem"
+#define TRUST_FILE CERTIFICATE_ROOT "/ca/trusted.pem"
static char* arg_url = NULL;
static char* arg_getter = NULL;
_cleanup_strv_free_ char **words = NULL;
assert(getter);
- words = strv_split_quoted(getter);
- if (!words)
- return log_oom();
+ r = strv_split_quoted(&words, getter, false);
+ if (r < 0) {
+ log_error_errno(r, "Failed to split getter option: %m");
+ return r;
+ }
r = strv_extend(&words, url);
if (r < 0) {
- log_error("Failed to create command line: %s", strerror(-r));
+ log_error_errno(r, "Failed to create command line: %m");
return r;
}
w->mmap,
NULL, &w->journal);
if (r < 0)
- log_error("Failed to open output journal %s: %s",
- output, strerror(-r));
+ log_error_errno(r, "Failed to open output journal %s: %m",
+ output);
else
log_info("Opened output file %s", w->journal->path);
return r;
**********************************************************************/
static int init_writer_hashmap(RemoteServer *s) {
- static const struct {
- hash_func_t hash_func;
- compare_func_t compare_func;
- } functions[] = {
- [JOURNAL_WRITE_SPLIT_NONE] = {trivial_hash_func,
- trivial_compare_func},
- [JOURNAL_WRITE_SPLIT_HOST] = {string_hash_func,
- string_compare_func},
+ static const struct hash_ops *hash_ops[] = {
+ [JOURNAL_WRITE_SPLIT_NONE] = NULL,
+ [JOURNAL_WRITE_SPLIT_HOST] = &string_hash_ops,
};
- assert(arg_split_mode >= 0 && arg_split_mode < (int) ELEMENTSOF(functions));
+ assert(arg_split_mode >= 0 && arg_split_mode < (int) ELEMENTSOF(hash_ops));
- s->writers = hashmap_new(functions[arg_split_mode].hash_func,
- functions[arg_split_mode].compare_func);
+ s->writers = hashmap_new(hash_ops[arg_split_mode]);
if (!s->writers)
return log_oom();
int fd,
uint32_t revents,
void *userdata);
+static int dispatch_blocking_source_event(sd_event_source *event,
+ void *userdata);
static int dispatch_raw_connection_event(sd_event_source *event,
int fd,
uint32_t revents,
Writer *writer;
int r;
+ /* This takes ownership of name, but only on success. */
+
assert(fd >= 0);
assert(source);
return log_oom();
r = get_writer(s, name, &writer);
- if (r < 0) {
- log_warning("Failed to get writer for source %s: %s",
- name, strerror(-r));
- return r;
- }
+ if (r < 0)
+ return log_warning_errno(r, "Failed to get writer for source %s: %m",
+ name);
if (s->sources[fd] == NULL) {
s->sources[fd] = source_new(fd, false, name, writer);
RemoteSource *source;
int r;
+ /* This takes ownership of name, even on failure, if own_name is true. */
+
assert(s);
assert(fd >= 0);
assert(name);
r = get_source_for_fd(s, fd, name, &source);
if (r < 0) {
- log_error("Failed to create source for fd:%d (%s): %s",
- fd, name, strerror(-r));
+ log_error_errno(r, "Failed to create source for fd:%d (%s): %m",
+ fd, name);
+ free(name);
return r;
}
r = sd_event_add_io(s->events, &source->event,
fd, EPOLLIN|EPOLLRDHUP|EPOLLPRI,
dispatch_raw_source_event, s);
+ if (r == -EPERM) {
+ log_debug("Falling back to sd_event_add_defer for fd:%d (%s)", fd, name);
+ r = sd_event_add_defer(s->events, &source->event,
+ dispatch_blocking_source_event, source);
+ if (r == 0)
+ sd_event_source_set_enabled(source->event, SD_EVENT_ON);
+ }
if (r < 0) {
- log_error("Failed to register event source for fd:%d: %s",
- fd, strerror(-r));
+ log_error_errno(r, "Failed to register event source for fd:%d: %m",
+ fd);
+ goto error;
+ }
+
+ r = sd_event_source_set_description(source->event, name);
+ if (r < 0) {
+ log_error_errno(r, "Failed to set source name for fd:%d: %m", fd);
goto error;
}
static int add_raw_socket(RemoteServer *s, int fd) {
int r;
+ _cleanup_close_ int fd_ = fd;
+ char name[strlen("raw-socket-") + DECIMAL_STR_MAX(int)];
+
+ assert(fd >= 0);
r = sd_event_add_io(s->events, &s->listen_event,
fd, EPOLLIN,
dispatch_raw_connection_event, s);
- if (r < 0) {
- close(fd);
+ if (r < 0)
+ return r;
+
+ snprintf(name, sizeof(name), "raw-socket-%d", fd);
+
+ r = sd_event_source_set_description(s->listen_event, name);
+ if (r < 0)
return r;
- }
+ fd_ = -1;
s->active ++;
return 0;
}
**********************************************************************
**********************************************************************/
-static RemoteSource *request_meta(void **connection_cls, int fd, char *hostname) {
+static int request_meta(void **connection_cls, int fd, char *hostname) {
RemoteSource *source;
Writer *writer;
int r;
assert(connection_cls);
if (*connection_cls)
- return *connection_cls;
+ return 0;
r = get_writer(server, hostname, &writer);
- if (r < 0) {
- log_warning("Failed to get writer for source %s: %s",
- hostname, strerror(-r));
- return NULL;
- }
+ if (r < 0)
+ return log_warning_errno(r, "Failed to get writer for source %s: %m",
+ hostname);
source = source_new(fd, true, hostname, writer);
if (!source) {
- log_oom();
writer_unref(writer);
- return NULL;
+ return log_oom();
}
log_debug("Added RemoteSource as connection metadata %p", source);
*connection_cls = source;
- return source;
+ return 0;
}
static void request_meta_free(void *cls,
assert(connection_cls);
s = *connection_cls;
- log_debug("Cleaning up connection metadata %p", s);
- source_free(s);
- *connection_cls = NULL;
+ if (s) {
+ log_debug("Cleaning up connection metadata %p", s);
+ source_free(s);
+ *connection_cls = NULL;
+ }
}
static int process_http_upload(
assert(source);
- log_debug("request_handler_upload: connection %p, %zu bytes",
- connection, *upload_data_size);
+ log_trace("%s: connection %p, %zu bytes",
+ __func__, connection, *upload_data_size);
if (*upload_data_size) {
- log_debug("Received %zu bytes", *upload_data_size);
+ log_trace("Received %zu bytes", *upload_data_size);
r = push_data(source, upload_data, *upload_data_size);
if (r < 0)
assert(url);
assert(method);
- log_debug("Handling a connection %s %s %s", method, url, version);
+ log_trace("Handling a connection %s %s %s", method, url, version);
if (*connection_cls)
return process_http_upload(connection,
log_error("MHD_get_connection_info failed: cannot get remote fd");
return mhd_respond(connection, MHD_HTTP_INTERNAL_SERVER_ERROR,
"Cannot check remote address");
- return code;
}
fd = ci->connect_fd;
assert(hostname);
- if (!request_meta(connection_cls, fd, hostname))
+ r = request_meta(connection_cls, fd, hostname);
+ if (r == -ENOMEM)
return respond_oom(connection);
+ else if (r < 0)
+ return mhd_respond(connection, MHD_HTTP_INTERNAL_SERVER_ERROR,
+ strerror(-r));
+
hostname = NULL;
return MHD_YES;
}
r = fd_nonblock(fd, true);
if (r < 0) {
- log_error("Failed to make fd:%d nonblocking: %s", fd, strerror(-r));
+ log_error_errno(r, "Failed to make fd:%d nonblocking: %m", fd);
return r;
}
epoll_fd, EPOLLIN,
dispatch_http_event, d);
if (r < 0) {
- log_error("Failed to add event callback: %s", strerror(-r));
+ log_error_errno(r, "Failed to add event callback: %m");
+ goto error;
+ }
+
+ r = sd_event_source_set_description(d->event, "epoll-fd");
+ if (r < 0) {
+ log_error_errno(r, "Failed to set source name: %m");
goto error;
}
- r = hashmap_ensure_allocated(&s->daemons, uint64_hash_func, uint64_compare_func);
+ r = hashmap_ensure_allocated(&s->daemons, &uint64_hash_ops);
if (r < 0) {
log_oom();
goto error;
r = hashmap_put(s->daemons, &d->fd, d);
if (r < 0) {
- log_error("Failed to add daemon to hashmap: %s", strerror(-r));
+ log_error_errno(r, "Failed to add daemon to hashmap: %m");
goto error;
}
**********************************************************************
**********************************************************************/
-static int dispatch_sigterm(sd_event_source *event,
- const struct signalfd_siginfo *si,
- void *userdata) {
- RemoteServer *s = userdata;
-
- assert(s);
-
- log_received_signal(LOG_INFO, si);
-
- sd_event_exit(s->events, 0);
- return 0;
-}
-
static int setup_signals(RemoteServer *s) {
sigset_t mask;
int r;
sigset_add_many(&mask, SIGINT, SIGTERM, -1);
assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0);
- r = sd_event_add_signal(s->events, &s->sigterm_event, SIGTERM, dispatch_sigterm, s);
+ r = sd_event_add_signal(s->events, &s->sigterm_event, SIGTERM, NULL, s);
if (r < 0)
return r;
- r = sd_event_add_signal(s->events, &s->sigint_event, SIGINT, dispatch_sigterm, s);
+ r = sd_event_add_signal(s->events, &s->sigint_event, SIGINT, NULL, s);
if (r < 0)
return r;
return 0;
}
-static int fd_fd(const char *spec) {
+static int negative_fd(const char *spec) {
+ /* Return a non-positive number as its inverse, -EINVAL otherwise. */
+
int fd, r;
r = safe_atoi(spec, &fd);
if (r < 0)
return r;
- return -1;
+ if (fd > 0)
+ return -EINVAL;
+ else
+ return -fd;
}
-
static int remoteserver_init(RemoteServer *s,
const char* key,
const char* cert,
assert(s);
-
if ((arg_listen_raw || arg_listen_http) && trust) {
log_error("Option --trust makes all non-HTTPS connections untrusted.");
return -EINVAL;
}
- sd_event_default(&s->events);
+ r = sd_event_default(&s->events);
+ if (r < 0) {
+ log_error_errno(r, "Failed to allocate event loop: %m");
+ return r;
+ }
setup_signals(s);
assert(server == NULL);
server = s;
+ r = init_writer_hashmap(s);
+ if (r < 0)
+ return r;
+
n = sd_listen_fds(true);
- if (n < 0) {
- log_error("Failed to read listening file descriptors from environment: %s",
- strerror(-n));
- return n;
- } else
+ if (n < 0)
+ return log_error_errno(n, "Failed to read listening file descriptors from environment: %m");
+ else
log_info("Received %d descriptors", n);
if (MAX(http_socket, https_socket) >= SD_LISTEN_FDS_START + n) {
}
for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
- if (sd_is_socket(fd, AF_UNSPEC, 0, false)) {
+ if (sd_is_socket(fd, AF_UNSPEC, 0, true)) {
log_info("Received a listening socket (fd:%d)", fd);
if (fd == http_socket)
r = setup_microhttpd_server(s, fd, key, cert, trust);
else
r = add_raw_socket(s, fd);
- } else if (sd_is_socket(fd, AF_UNSPEC, 0, true)) {
+ } else if (sd_is_socket(fd, AF_UNSPEC, 0, false)) {
char *hostname;
r = getnameinfo_pretty(fd, &hostname);
if (r < 0) {
- log_error("Failed to retrieve remote name: %s", strerror(-r));
+ log_error_errno(r, "Failed to retrieve remote name: %m");
return r;
}
log_info("Received a connection socket (fd:%d) from %s", fd, hostname);
r = add_source(s, fd, hostname, true);
- if (r < 0)
- free(hostname);
} else {
log_error("Unknown socket passed on fd:%d", fd);
}
if(r < 0) {
- log_error("Failed to register socket (fd:%d): %s",
- fd, strerror(-r));
+ log_error_errno(r, "Failed to register socket (fd:%d): %m",
+ fd);
return r;
}
}
return -EINVAL;
}
- r = init_writer_hashmap(s);
- if (r < 0)
- return r;
-
if (arg_split_mode == JOURNAL_WRITE_SPLIT_NONE) {
/* In this case we know what the writer will be
called, so we can create it and verify that we can
} else if (r == -EAGAIN) {
return 0;
} else if (r < 0) {
- log_info("Closing connection: %s", strerror(-r));
+ log_info_errno(r, "Closing connection: %m");
remove_source(server, fd);
return 0;
} else
return 1;
}
+static int dispatch_blocking_source_event(sd_event_source *event,
+ void *userdata) {
+ RemoteSource *source = userdata;
+
+ return dispatch_raw_source_event(event, source->fd, EPOLLIN, server);
+}
+
static int accept_connection(const char* type, int fd,
SocketAddress *addr, char **hostname) {
int fd2, r;
r = socket_address_print(addr, &a);
if (r < 0) {
- log_error("socket_address_print(): %s", strerror(-r));
+ log_error_errno(r, "socket_address_print(): %m");
close(fd2);
return r;
}
uint32_t revents,
void *userdata) {
RemoteServer *s = userdata;
- int fd2, r;
+ int fd2;
SocketAddress addr = {
.size = sizeof(union sockaddr_union),
.type = SOCK_STREAM,
if (fd2 < 0)
return fd2;
- r = add_source(s, fd2, hostname, true);
- if (r < 0)
- free(hostname);
- return r;
+ return add_source(s, fd2, hostname, true);
}
/**********************************************************************
{ "Remote", "ServerCertificateFile", config_parse_path, 0, &arg_cert },
{ "Remote", "TrustedCertificateFile", config_parse_path, 0, &arg_trust },
{}};
- int r;
- r = config_parse(NULL, PKGSYSCONFDIR "/journal-remote.conf", NULL,
- "Remote\0",
- config_item_table_lookup, items,
- false, false, NULL);
- if (r < 0)
- log_error("Failed to parse configuration file: %s", strerror(-r));
-
- return r;
+ return config_parse(NULL, PKGSYSCONFDIR "/journal-remote.conf", NULL,
+ "Remote\0",
+ config_item_table_lookup, items,
+ false, false, true, NULL);
}
static void help(void) {
printf("%s [OPTIONS...] {FILE|-}...\n\n"
"Write external journal events to journal file(s).\n\n"
- "Options:\n"
- " --url=URL Read events from systemd-journal-gatewayd at URL\n"
- " --getter=COMMAND Read events from the output of COMMAND\n"
- " --listen-raw=ADDR Listen for connections at ADDR\n"
- " --listen-http=ADDR Listen for HTTP connections at ADDR\n"
- " --listen-https=ADDR Listen for HTTPS connections at ADDR\n"
- " -o --output=FILE|DIR Write output to FILE or DIR/external-*.journal\n"
- " --[no-]compress Use XZ-compression in the output journal (default: yes)\n"
- " --[no-]seal Use Event sealing in the output journal (default: no)\n"
- " --key=FILENAME Specify key in PEM format (default:\n"
- " \"" KEY_FILE "\")\n"
- " --cert=FILENAME Specify certificate in PEM format (default:\n"
- " \"" CERT_FILE "\")\n"
- " --trust=FILENAME|all Specify CA certificate or disable checking (default:\n"
- " \"" TRUST_FILE "\")\n"
- " --gnutls-log=CATEGORY...\n"
- " Specify a list of gnutls logging categories\n"
- " -h --help Show this help and exit\n"
- " --version Print version string and exit\n"
+ " -h --help Show this help\n"
+ " --version Show package version\n"
+ " --url=URL Read events from systemd-journal-gatewayd at URL\n"
+ " --getter=COMMAND Read events from the output of COMMAND\n"
+ " --listen-raw=ADDR Listen for connections at ADDR\n"
+ " --listen-http=ADDR Listen for HTTP connections at ADDR\n"
+ " --listen-https=ADDR Listen for HTTPS connections at ADDR\n"
+ " -o --output=FILE|DIR Write output to FILE or DIR/external-*.journal\n"
+ " --compress[=BOOL] XZ-compress the output journal (default: yes)\n"
+ " --seal[=BOOL] Use event sealing (default: no)\n"
+ " --key=FILENAME SSL key in PEM format (default:\n"
+ " \"" PRIV_KEY_FILE "\")\n"
+ " --cert=FILENAME SSL certificate in PEM format (default:\n"
+ " \"" CERT_FILE "\")\n"
+ " --trust=FILENAME|all SSL CA certificate or disable checking (default:\n"
+ " \"" TRUST_FILE "\")\n"
+ " --gnutls-log=CATEGORY...\n"
+ " Specify a list of gnutls logging categories\n"
+ " --split-mode=none|host How many output files to create\n"
"\n"
"Note: file descriptors from sd_listen_fds() will be consumed, too.\n"
, program_invocation_short_name);
ARG_GETTER,
ARG_SPLIT_MODE,
ARG_COMPRESS,
- ARG_NO_COMPRESS,
ARG_SEAL,
- ARG_NO_SEAL,
ARG_KEY,
ARG_CERT,
ARG_TRUST,
{ "listen-https", required_argument, NULL, ARG_LISTEN_HTTPS },
{ "output", required_argument, NULL, 'o' },
{ "split-mode", required_argument, NULL, ARG_SPLIT_MODE },
- { "compress", no_argument, NULL, ARG_COMPRESS },
- { "no-compress", no_argument, NULL, ARG_NO_COMPRESS },
- { "seal", no_argument, NULL, ARG_SEAL },
- { "no-seal", no_argument, NULL, ARG_NO_SEAL },
+ { "compress", optional_argument, NULL, ARG_COMPRESS },
+ { "seal", optional_argument, NULL, ARG_SEAL },
{ "key", required_argument, NULL, ARG_KEY },
{ "cert", required_argument, NULL, ARG_CERT },
{ "trust", required_argument, NULL, ARG_TRUST },
return -EINVAL;
}
- r = fd_fd(optarg);
+ r = negative_fd(optarg);
if (r >= 0)
http_socket = r;
else
return -EINVAL;
}
- r = fd_fd(optarg);
+ r = negative_fd(optarg);
if (r >= 0)
https_socket = r;
else
break;
case ARG_COMPRESS:
- arg_compress = true;
- break;
- case ARG_NO_COMPRESS:
- arg_compress = false;
+ if (optarg) {
+ r = parse_boolean(optarg);
+ if (r < 0) {
+ log_error("Failed to parse --compress= parameter.");
+ return -EINVAL;
+ }
+
+ arg_compress = !!r;
+ } else
+ arg_compress = true;
+
break;
+
case ARG_SEAL:
- arg_seal = true;
- break;
- case ARG_NO_SEAL:
- arg_seal = false;
+ if (optarg) {
+ r = parse_boolean(optarg);
+ if (r < 0) {
+ log_error("Failed to parse --seal= parameter.");
+ return -EINVAL;
+ }
+
+ arg_seal = !!r;
+ } else
+ arg_seal = true;
+
break;
case ARG_GNUTLS_LOG: {
#ifdef HAVE_GNUTLS
- char *word, *state;
+ const char *word, *state;
size_t size;
FOREACH_WORD_SEPARATOR(word, size, optarg, ",", state) {
return -EINVAL;
default:
- log_error("Unknown option code %c", c);
- return -EINVAL;
+ assert_not_reached("Unknown option code.");
}
if (optind < argc)
static int load_certificates(char **key, char **cert, char **trust) {
int r;
- r = read_full_file(arg_key ?: KEY_FILE, key, NULL);
- if (r < 0) {
- log_error("Failed to read key from file '%s': %s",
- arg_key ?: KEY_FILE, strerror(-r));
- return r;
- }
+ r = read_full_file(arg_key ?: PRIV_KEY_FILE, key, NULL);
+ if (r < 0)
+ return log_error_errno(r, "Failed to read key from file '%s': %m",
+ arg_key ?: PRIV_KEY_FILE);
r = read_full_file(arg_cert ?: CERT_FILE, cert, NULL);
- if (r < 0) {
- log_error("Failed to read certificate from file '%s': %s",
- arg_cert ?: CERT_FILE, strerror(-r));
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to read certificate from file '%s': %m",
+ arg_cert ?: CERT_FILE);
if (arg_trust_all)
log_info("Certificate checking disabled.");
else {
r = read_full_file(arg_trust ?: TRUST_FILE, trust, NULL);
- if (r < 0) {
- log_error("Failed to read CA certificate file '%s': %s",
- arg_trust ?: TRUST_FILE, strerror(-r));
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to read CA certificate file '%s': %m",
+ arg_trust ?: TRUST_FILE);
}
return 0;
if (remoteserver_init(&s, key, cert, trust) < 0)
return EXIT_FAILURE;
- sd_event_set_watchdog(s.events, true);
+ r = sd_event_set_watchdog(s.events, true);
+ if (r < 0)
+ log_error_errno(r, "Failed to enable watchdog: %m");
+ else
+ log_debug("Watchdog is %s.", r > 0 ? "enabled" : "disabled");
log_debug("%s running as pid "PID_FMT,
program_invocation_short_name, getpid());
r = sd_event_run(s.events, -1);
if (r < 0) {
- log_error("Failed to run event loop: %s", strerror(-r));
+ log_error_errno(r, "Failed to run event loop: %m");
break;
}
}
- server_destroy(&s);
+ sd_notifyf(false,
+ "STOPPING=1\n"
+ "STATUS=Shutting down after writing %" PRIu64 " entries...", s.event_count);
log_info("Finishing after writing %" PRIu64 " entries", s.event_count);
- sd_notify(false, "STATUS=Shutting down...");
+ server_destroy(&s);
free(arg_key);
free(arg_cert);
~ianmdlvl / elogind.git / blobdiff