#define REMOTE_JOURNAL_PATH "/var/log/journal/remote"
-#define KEY_FILE CERTIFICATE_ROOT "/private/journal-remote.pem"
-#define CERT_FILE CERTIFICATE_ROOT "/certs/journal-remote.pem"
-#define TRUST_FILE CERTIFICATE_ROOT "/ca/trusted.pem"
+#define PRIV_KEY_FILE CERTIFICATE_ROOT "/private/journal-remote.pem"
+#define CERT_FILE CERTIFICATE_ROOT "/certs/journal-remote.pem"
+#define TRUST_FILE CERTIFICATE_ROOT "/ca/trusted.pem"
static char* arg_url = NULL;
static char* arg_getter = NULL;
_cleanup_strv_free_ char **words = NULL;
assert(getter);
- words = strv_split_quoted(getter);
- if (!words)
- return log_oom();
+ r = strv_split_quoted(&words, getter);
+ if (r < 0) {
+ log_error("Failed to split getter option: %s", strerror(-r));
+ return r;
+ }
r = strv_extend(&words, url);
if (r < 0) {
**********************************************************************/
static int init_writer_hashmap(RemoteServer *s) {
- static const struct {
- hash_func_t hash_func;
- compare_func_t compare_func;
- } functions[] = {
- [JOURNAL_WRITE_SPLIT_NONE] = {trivial_hash_func,
- trivial_compare_func},
- [JOURNAL_WRITE_SPLIT_HOST] = {string_hash_func,
- string_compare_func},
+ static const struct hash_ops *hash_ops[] = {
+ [JOURNAL_WRITE_SPLIT_NONE] = NULL,
+ [JOURNAL_WRITE_SPLIT_HOST] = &string_hash_ops,
};
- assert(arg_split_mode >= 0 && arg_split_mode < (int) ELEMENTSOF(functions));
+ assert(arg_split_mode >= 0 && arg_split_mode < (int) ELEMENTSOF(hash_ops));
- s->writers = hashmap_new(functions[arg_split_mode].hash_func,
- functions[arg_split_mode].compare_func);
+ s->writers = hashmap_new(hash_ops[arg_split_mode]);
if (!s->writers)
return log_oom();
int fd,
uint32_t revents,
void *userdata);
+static int dispatch_blocking_source_event(sd_event_source *event,
+ void *userdata);
static int dispatch_raw_connection_event(sd_event_source *event,
int fd,
uint32_t revents,
Writer *writer;
int r;
+ /* This takes ownership of name, but only on success. */
+
assert(fd >= 0);
assert(source);
RemoteSource *source;
int r;
+ /* This takes ownership of name, even on failure, if own_name is true. */
+
assert(s);
assert(fd >= 0);
assert(name);
if (r < 0) {
log_error("Failed to create source for fd:%d (%s): %s",
fd, name, strerror(-r));
+ free(name);
return r;
}
r = sd_event_add_io(s->events, &source->event,
fd, EPOLLIN|EPOLLRDHUP|EPOLLPRI,
dispatch_raw_source_event, s);
+ if (r == -EPERM) {
+ log_debug("Falling back to sd_event_add_defer for fd:%d (%s)", fd, name);
+ r = sd_event_add_defer(s->events, &source->event,
+ dispatch_blocking_source_event, source);
+ if (r == 0)
+ sd_event_source_set_enabled(source->event, SD_EVENT_ON);
+ }
if (r < 0) {
log_error("Failed to register event source for fd:%d: %s",
fd, strerror(-r));
log_error("MHD_get_connection_info failed: cannot get remote fd");
return mhd_respond(connection, MHD_HTTP_INTERNAL_SERVER_ERROR,
"Cannot check remote address");
- return code;
}
fd = ci->connect_fd;
goto error;
}
- r = hashmap_ensure_allocated(&s->daemons, uint64_hash_func, uint64_compare_func);
+ r = hashmap_ensure_allocated(&s->daemons, &uint64_hash_ops);
if (r < 0) {
log_oom();
goto error;
r = safe_atoi(spec, &fd);
if (r < 0)
return r;
+ if (fd < 0)
+ return -EINVAL;
- return -1;
+ return fd;
}
-
static int remoteserver_init(RemoteServer *s,
const char* key,
const char* cert,
assert(s);
-
if ((arg_listen_raw || arg_listen_http) && trust) {
log_error("Option --trust makes all non-HTTPS connections untrusted.");
return -EINVAL;
}
- sd_event_default(&s->events);
+ r = sd_event_default(&s->events);
+ if (r < 0) {
+ log_error("Failed to allocate event loop: %s", strerror(-r));
+ return r;
+ }
setup_signals(s);
assert(server == NULL);
server = s;
+ r = init_writer_hashmap(s);
+ if (r < 0)
+ return r;
+
n = sd_listen_fds(true);
if (n < 0) {
log_error("Failed to read listening file descriptors from environment: %s",
log_info("Received a connection socket (fd:%d) from %s", fd, hostname);
r = add_source(s, fd, hostname, true);
- if (r < 0)
- free(hostname);
} else {
log_error("Unknown socket passed on fd:%d", fd);
return -EINVAL;
}
- r = init_writer_hashmap(s);
- if (r < 0)
- return r;
-
if (arg_split_mode == JOURNAL_WRITE_SPLIT_NONE) {
/* In this case we know what the writer will be
called, so we can create it and verify that we can
return 1;
}
+static int dispatch_blocking_source_event(sd_event_source *event,
+ void *userdata) {
+ RemoteSource *source = userdata;
+
+ return dispatch_raw_source_event(event, source->fd, EPOLLIN, server);
+}
+
static int accept_connection(const char* type, int fd,
SocketAddress *addr, char **hostname) {
int fd2, r;
uint32_t revents,
void *userdata) {
RemoteServer *s = userdata;
- int fd2, r;
+ int fd2;
SocketAddress addr = {
.size = sizeof(union sockaddr_union),
.type = SOCK_STREAM,
if (fd2 < 0)
return fd2;
- r = add_source(s, fd2, hostname, true);
- if (r < 0)
- free(hostname);
- return r;
+ return add_source(s, fd2, hostname, true);
}
/**********************************************************************
static void help(void) {
printf("%s [OPTIONS...] {FILE|-}...\n\n"
"Write external journal events to journal file(s).\n\n"
- "Options:\n"
- " --url=URL Read events from systemd-journal-gatewayd at URL\n"
- " --getter=COMMAND Read events from the output of COMMAND\n"
- " --listen-raw=ADDR Listen for connections at ADDR\n"
- " --listen-http=ADDR Listen for HTTP connections at ADDR\n"
- " --listen-https=ADDR Listen for HTTPS connections at ADDR\n"
+ " -h --help Show this help\n"
+ " --version Show package version\n"
+ " --url=URL Read events from systemd-journal-gatewayd at URL\n"
+ " --getter=COMMAND Read events from the output of COMMAND\n"
+ " --listen-raw=ADDR Listen for connections at ADDR\n"
+ " --listen-http=ADDR Listen for HTTP connections at ADDR\n"
+ " --listen-https=ADDR Listen for HTTPS connections at ADDR\n"
" -o --output=FILE|DIR Write output to FILE or DIR/external-*.journal\n"
- " --[no-]compress Use XZ-compression in the output journal (default: yes)\n"
- " --[no-]seal Use Event sealing in the output journal (default: no)\n"
- " --key=FILENAME Specify key in PEM format (default:\n"
- " \"" KEY_FILE "\")\n"
- " --cert=FILENAME Specify certificate in PEM format (default:\n"
- " \"" CERT_FILE "\")\n"
- " --trust=FILENAME|all Specify CA certificate or disable checking (default:\n"
- " \"" TRUST_FILE "\")\n"
- " --gnutls-log=CATEGORY...\n"
- " Specify a list of gnutls logging categories\n"
- " -h --help Show this help and exit\n"
- " --version Print version string and exit\n"
+ " --compress[=BOOL] Use XZ-compression in the output journal (default: yes)\n"
+ " --seal[=BOOL] Use Event sealing in the output journal (default: no)\n"
+ " --key=FILENAME Specify key in PEM format (default:\n"
+ " \"" PRIV_KEY_FILE "\")\n"
+ " --cert=FILENAME Specify certificate in PEM format (default:\n"
+ " \"" CERT_FILE "\")\n"
+ " --trust=FILENAME|all Specify CA certificate or disable checking (default:\n"
+ " \"" TRUST_FILE "\")\n"
+ " --gnutls-log=CATEGORY...\n"
+ " Specify a list of gnutls logging categories\n"
"\n"
"Note: file descriptors from sd_listen_fds() will be consumed, too.\n"
, program_invocation_short_name);
ARG_GETTER,
ARG_SPLIT_MODE,
ARG_COMPRESS,
- ARG_NO_COMPRESS,
ARG_SEAL,
- ARG_NO_SEAL,
ARG_KEY,
ARG_CERT,
ARG_TRUST,
{ "listen-https", required_argument, NULL, ARG_LISTEN_HTTPS },
{ "output", required_argument, NULL, 'o' },
{ "split-mode", required_argument, NULL, ARG_SPLIT_MODE },
- { "compress", no_argument, NULL, ARG_COMPRESS },
- { "no-compress", no_argument, NULL, ARG_NO_COMPRESS },
- { "seal", no_argument, NULL, ARG_SEAL },
- { "no-seal", no_argument, NULL, ARG_NO_SEAL },
+ { "compress", optional_argument, NULL, ARG_COMPRESS },
+ { "seal", optional_argument, NULL, ARG_SEAL },
{ "key", required_argument, NULL, ARG_KEY },
{ "cert", required_argument, NULL, ARG_CERT },
{ "trust", required_argument, NULL, ARG_TRUST },
break;
case ARG_COMPRESS:
- arg_compress = true;
- break;
- case ARG_NO_COMPRESS:
- arg_compress = false;
+ if (optarg) {
+ r = parse_boolean(optarg);
+ if (r < 0) {
+ log_error("Failed to parse --compress= parameter.");
+ return -EINVAL;
+ }
+
+ arg_compress = !!r;
+ } else
+ arg_compress = true;
+
break;
+
case ARG_SEAL:
- arg_seal = true;
- break;
- case ARG_NO_SEAL:
- arg_seal = false;
+ if (optarg) {
+ r = parse_boolean(optarg);
+ if (r < 0) {
+ log_error("Failed to parse --seal= parameter.");
+ return -EINVAL;
+ }
+
+ arg_seal = !!r;
+ } else
+ arg_seal = true;
+
break;
case ARG_GNUTLS_LOG: {
return -EINVAL;
default:
- log_error("Unknown option code %c", c);
- return -EINVAL;
+ assert_not_reached("Unknown option code.");
}
if (optind < argc)
static int load_certificates(char **key, char **cert, char **trust) {
int r;
- r = read_full_file(arg_key ?: KEY_FILE, key, NULL);
+ r = read_full_file(arg_key ?: PRIV_KEY_FILE, key, NULL);
if (r < 0) {
log_error("Failed to read key from file '%s': %s",
- arg_key ?: KEY_FILE, strerror(-r));
+ arg_key ?: PRIV_KEY_FILE, strerror(-r));
return r;
}
}
}
- server_destroy(&s);
+ sd_notifyf(false,
+ "STOPPING=1\n"
+ "STATUS=Shutting down after writing %" PRIu64 " entries...", s.event_count);
log_info("Finishing after writing %" PRIu64 " entries", s.event_count);
- sd_notify(false, "STATUS=Shutting down...");
+ server_destroy(&s);
free(arg_key);
free(arg_cert);
~ianmdlvl / elogind.git / blobdiff