diff options
| author | Andris Mednis <Andris.Mednis@zabbix.com> | 2017-09-06 18:46:12 +0300 |
|---|---|---|
| committer | Andris Mednis <Andris.Mednis@zabbix.com> | 2017-09-06 18:46:12 +0300 |
| commit | 92f6de049d88807e9c44d32b92fe58b043cd3f74 (patch) | |
| tree | 0fdee34a84e460b0068b7c62352a31566619a876 /include/comms.h | |
| parent | c2cf80d8d0c445679e1f185b99485b11ac25d415 (diff) | |
...G...PS. [ZBX-10820] fixed potential loss of data when server/proxy processes zabbix_sender data
...G...PS. [ZBX-4252] eliminated sending of DNS AAAA queries when checking IPv4 incoming connection
in agent or for trapper item and A queries in case of IPv6
With this change:
- after an incoming connection is established its peer IP address is
obtained immediately, stored and used in all following checks and error
reporting. If the peer IP address cannot be obtained the connection is
closed.
- buffer lengths have been increased from 64 to 256 bytes to prevent
truncation of long DNS names when getting 'net.tcp.port',
'net.tcp.service', 'net.tcp.service.perf', 'net.udp.service.perf'
and 'net.udp.service' items.
- ZBX-4252 "Agent sends AAAA queries when operating system IPv6 support is disabled" is fixed.
- zbx_tcp_check_security() is refactored and renamed to zbx_tcp_check_allowed_peers() to better
reflect its purpose.
- getaddrinfo() in zbx_tcp_check_allowed_peers() now returns result only for TCP protocol,
this eliminates unnecessary calls to zbx_ip_cmp().
Diffstat (limited to 'include/comms.h')
| -rw-r--r-- | include/comms.h | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/include/comms.h b/include/comms.h index 0e46f401951..081f6f6fed0 100644 --- a/include/comms.h +++ b/include/comms.h @@ -56,6 +56,12 @@ typedef SOCKET ZBX_SOCKET; typedef int ZBX_SOCKET; #endif +#if defined(HAVE_IPV6) +# define ZBX_SOCKADDR struct sockaddr_storage +#else +# define ZBX_SOCKADDR struct sockaddr_in +#endif + typedef enum { ZBX_BUF_TYPE_STAT = 0, @@ -65,7 +71,6 @@ zbx_buf_type_t; #define ZBX_SOCKET_COUNT 256 #define ZBX_STAT_BUF_LEN 2048 -#define ZBX_SOCKET_PEER_BUF_LEN 129 #if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) typedef struct zbx_tls_context zbx_tls_context_t; @@ -90,9 +95,10 @@ typedef struct int num_socks; ZBX_SOCKET sockets[ZBX_SOCKET_COUNT]; char buf_stat[ZBX_STAT_BUF_LEN]; - /* Peer hostname or IP address for diagnostics (after TCP connection is established). */ + ZBX_SOCKADDR peer_info; /* getpeername() result */ + /* Peer host DNS name or IP address for diagnostics (after TCP connection is established). */ /* TLS connection may be shut down at any time and it will not be possible to get peer IP address anymore. */ - char peer[ZBX_SOCKET_PEER_BUF_LEN]; + char peer[MAX_ZBX_DNSNAME_LEN + 1]; } zbx_socket_t; @@ -143,11 +149,8 @@ void zbx_tcp_unaccept(zbx_socket_t *s); ssize_t zbx_tcp_recv_ext(zbx_socket_t *s, unsigned char flags, int timeout); const char *zbx_tcp_recv_line(zbx_socket_t *s); -#define ZBX_TCP_REJECT_IF_EMPTY 0 -#define ZBX_TCP_PERMIT_IF_EMPTY 1 - int zbx_validate_peer_list(const char *peer_list, char **error); -int zbx_tcp_check_security(zbx_socket_t *s, const char *peer_list, int action_if_empty); +int zbx_tcp_check_allowed_peers(zbx_socket_t *s, const char *peer_list); int zbx_udp_connect(zbx_socket_t *s, const char *source_ip, const char *ip, unsigned short port, int timeout); int zbx_udp_send(zbx_socket_t *s, const char *data, size_t data_len, int timeout); |