logstash-input-tcp 6.0.5-java → 6.0.10-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0cb08a389f60e23d92944fa9d34519326425c8c794da67134dd6f36ce5c156e6
-  data.tar.gz: 8e3c0728570dcf17e9f38330a9118576f08343730cfa06935b99c2cbb1ef4ccf
+  metadata.gz: 877ef458e968d48f3cd99ecd7f6846ac2f371e8c3897a6ed831b86e1f584d245
+  data.tar.gz: fab3cedbc3b4fab8c5915e219e03cfa6da6ba3aa9bb61d3245e0339535067894
 SHA512:
-  metadata.gz: 899df3894b0a24fe75dfa054be9a30fd3b43208bce377d215778c2f162bfdb541679e8aa7d173e915798b7dfbef07bb0274b6d0fc066b524e387c174fb6d1b13
-  data.tar.gz: 61ec0890ccbcc36e4554aca9bbbcb0c8adeaeb322419c8e3e47b1a9c3deb6ffef195efe77664cac13761cdb5c452c1be08953b292355bf67fa58ff544b359d85
+  metadata.gz: 6196c01efc835b13d84528bbc780d6915d40adc7e86b7427d5b0e445fef3f9b3df6049301dbeb6f7321510b908dc16910920b50d602a30e6f049461f9fc8509c
+  data.tar.gz: 41102085f47d341e9db45d8ded793ced779f703102c22929c1382b1047d41269849d8d116e2a73531498b2b9b4430cde135c38a50e29b43aab2e8dc015784231

data/CHANGELOG.md

@@ -1,3 +1,23 @@
+## 6.0.10
+  - bumping dependency commons-io [#174](https://github.com/logstash-plugins/logstash-input-tcp/pull/174)
+
+## 6.0.9
+  - [DOC] Reorder options alphabetically [#171](https://github.com/logstash-plugins/logstash-input-tcp/pull/171)
+
+## 6.0.8
+  - [DOC] better description for `tcp_keep_alive` option [#169](https://github.com/logstash-plugins/logstash-input-tcp/pull/169)
+
+## 6.0.7
+  - Fix: reduce error logging (to info level) on connection resets [#168](https://github.com/logstash-plugins/logstash-input-tcp/pull/168)
+  - Refactor: only patch Socket classes once (on first input)
+  - Refactor: use a proper log4j logger (in Java to avoid surprises when unwrapping `LogStash::Logging::Logger`)
+
+## 6.0.6
+  - Updated Netty dependencies. Additionally, this release removes the dependency on `tcnative` +
+    `boringssl`, using JVM supplied ciphers instead. This may result in fewer ciphers being available if the JCE
+    unlimited strength jurisdiction policy is not installed. (This policy is installed by default on versions of the
+    JDK from u161 onwards)[#157](https://github.com/logstash-plugins/logstash-input-tcp/pull/157)
+
 ## 6.0.5
   - Fix potential startup crash that could occur when multiple instances of this plugin were started simultaneously [#155](https://github.com/logstash-plugins/logstash-input-tcp/pull/155)
 

data/README.md

@@ -1,6 +1,6 @@
 # Logstash Plugin
 
-[![Travis Build Status](https://travis-ci.org/logstash-plugins/logstash-input-tcp.svg)](https://travis-ci.org/logstash-plugins/logstash-input-tcp)
+[![Travis Build Status](https://travis-ci.com/logstash-plugins/logstash-input-tcp.svg)](https://travis-ci.com/logstash-plugins/logstash-input-tcp)
 
 This is a plugin for [Logstash](https://github.com/elastic/logstash).
 

data/docs/index.asciidoc

@@ -78,6 +78,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 [cols="<,<,<",options="header",]
 |=======================================================================
 |Setting |Input type|Required
+| <<plugins-{type}s-{plugin}-dns_reverse_lookup_enabled>> |<<boolean,boolean>>|No
 | <<plugins-{type}s-{plugin}-host>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-mode>> |<<string,string>>, one of `["server", "client"]`|No
 | <<plugins-{type}s-{plugin}-port>> |<<number,number>>|Yes
@@ -90,7 +91,6 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 | <<plugins-{type}s-{plugin}-ssl_key_passphrase>> |<<password,password>>|No
 | <<plugins-{type}s-{plugin}-ssl_verify>> |<<boolean,boolean>>|No
 | <<plugins-{type}s-{plugin}-tcp_keep_alive>> |<<boolean,boolean>>|No
-| <<plugins-{type}s-{plugin}-dns_reverse_lookup_enabled>> |<<boolean,boolean>>|No
 |=======================================================================
 
 Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
@@ -98,6 +98,16 @@ input plugins.
 
 &nbsp;
 
+[id="plugins-{type}s-{plugin}-dns_reverse_lookup_enabled"]
+===== `dns_reverse_lookup_enabled`
+
+  * Value type is <<boolean,boolean>>
+  * Default value is `true`
+
+It is possible to avoid DNS reverse-lookups by disabling this setting. If disabled,
+the address metadata that is added to events will contain the source address as-specified
+at the TCP layer and IPs will not be resolved to hostnames.
+
 [id="plugins-{type}s-{plugin}-host"]
 ===== `host` 
 
@@ -202,17 +212,9 @@ For input, sets the field `sslsubject` to that of the client certificate.
   * Value type is <<boolean,boolean>>
   * Default value is `false`
 
-Instruct the socket to use TCP keep alives. Uses OS defaults for keep alive settings.
-
-[id="plugins-{type}s-{plugin}-dns_reverse_lookup_enabled"]
-===== `dns_reverse_lookup_enabled`
-
-  * Value type is <<boolean,boolean>>
-  * Default value is `true`
-
-It is possible to avoid DNS reverse-lookups by disabling this setting. If disabled,
-the address metadata that is added to events will contain the source address as-specified
-at the TCP layer and IPs will not be resolved to hostnames.
+Instruct the socket to use TCP keep alive. If it's `true` then the underlying socket
+will use the OS defaults settings for keep alive. If it's `false` it doesn't configure any
+keep alive setting for the underlying socket.
 
 
 [id="plugins-{type}s-{plugin}-common-options"]

data/lib/logstash/inputs/tcp.rb

@@ -119,15 +119,21 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
   PROXY_PORT_FIELD = "proxy_port".freeze
   SSLSUBJECT_FIELD = "sslsubject".freeze
 
-  PLUGIN_GLOBAL_MUTEX = Mutex.new
-  private_constant :PLUGIN_GLOBAL_MUTEX
+  # Monkey patch TCPSocket and SSLSocket to include socket peer
+  # @private
+  def self.patch_socket_peer!
+    unless TCPSocket < ::LogStash::Util::SocketPeer
+      TCPSocket.send :include, ::LogStash::Util::SocketPeer
+    end
+    unless OpenSSL::SSL::SSLSocket < ::LogStash::Util::SocketPeer
+      OpenSSL::SSL::SSLSocket.send :include, ::LogStash::Util::SocketPeer
+    end
+  end
 
   def initialize(*args)
     super(*args)
 
-    # monkey patch TCPSocket and SSLSocket to include socket peer
-    TCPSocket.module_eval{include ::LogStash::Util::SocketPeer}
-    OpenSSL::SSL::SSLSocket.module_eval{include ::LogStash::Util::SocketPeer}
+    self.class.patch_socket_peer!
 
     # threadsafe socket bookkeeping
     @server_socket = nil
@@ -144,22 +150,15 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
     if server?
       ssl_context = get_ssl_context(SslOptions)
 
-      # RubyObject#to_java is not threadsafe, and we cannot guarantee
-      # that ours is the only reference to the underlying logger, which
-      # is memoized at a class level.
-      log4j_logger = PLUGIN_GLOBAL_MUTEX.synchronize do
-        @logger.to_java(org.apache.logging.log4j.Logger)
-      end
 
-      @loop = InputLoop.new(@host, @port, DecoderImpl.new(@codec, self), @tcp_keep_alive,
-                            ssl_context, log4j_logger)
+      @loop = InputLoop.new(@host, @port, DecoderImpl.new(@codec, self), @tcp_keep_alive, ssl_context)
     end
   end
 
   def run(output_queue)
     @output_queue = output_queue
     if server?
-      @logger.info("Starting tcp input listener", :address => "#{@host}:#{@port}", :ssl_enable => "#{@ssl_enable}")
+      @logger.info("Starting tcp input listener", :address => "#{@host}:#{@port}", :ssl_enable => @ssl_enable)
       @loop.run
     else
       run_client()
@@ -252,12 +251,10 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
   rescue Errno::ECONNRESET
     @logger.debug? && @logger.debug("Connection reset by peer", :client => peer)
   rescue OpenSSL::SSL::SSLError => e
-    # Fixes issue #23
-    @logger.error("SSL Error", :exception => e, :backtrace => e.backtrace)
-    socket.close rescue nil
+    @logger.error("SSL error", :client => peer, :message => e.message, :exception => e.class, :backtrace => e.backtrace)
   rescue => e
     # if plugin is stopping, don't bother logging it as an error
-    !stop? && @logger.error("An error occurred. Closing connection", :client => peer, :exception => e, :backtrace => e.backtrace)
+    !stop? && @logger.error("An error occurred, closing connection", :client => peer, :message => e.message, :exception => e.class, :backtrace => e.backtrace)
   ensure
     # catch all rescue nil on close to discard any close errors or invalid socket
     socket.close rescue nil
@@ -293,7 +290,7 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
         @ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
       end
     rescue => e
-      @logger.error("Could not inititalize SSL context", :exception => e, :backtrace => e.backtrace)
+      @logger.error("Could not inititalize SSL context", :message => e.message, :exception => e.class, :backtrace => e.backtrace)
       raise e
     end
 

data/lib/logstash/inputs/tcp/compat_ssl_options.rb

@@ -1,4 +1,5 @@
 require 'openssl'
+require "logstash/util/loggable"
 
 # Simulate a normal SslOptions builder:
 #
@@ -12,10 +13,12 @@ require 'openssl'
 #       .set_ssl_certificate_authorities(@ssl_certificate_authorities.to_java(:string))
 #       .build.toSslContext()
 class SslOptions
+  include LogStash::Util::Loggable
 
   java_import 'io.netty.handler.ssl.ClientAuth'
   java_import 'io.netty.handler.ssl.SslContextBuilder'
   java_import 'java.security.cert.X509Certificate'
+  java_import 'javax.crypto.Cipher'
   java_import 'org.bouncycastle.asn1.pkcs.PrivateKeyInfo'
   java_import 'org.bouncycastle.jce.provider.BouncyCastleProvider'
   java_import 'org.bouncycastle.openssl.PEMKeyPair'
@@ -70,6 +73,8 @@ class SslOptions
   def toSslContext
     return nil unless @ssl_enabled
 
+    # Check key strength
+    logger.warn("JCE Unlimited Strength Jurisdiction Policy not installed - max key length is 128 bits") unless Cipher.getMaxAllowedKeyLength("AES") > 128
     # create certificate object
     cf = java.security.cert.CertificateFactory.getInstance("X.509")
     cert_chain = []

data/lib/logstash/inputs/tcp/decoder_impl.rb

@@ -38,8 +38,8 @@ class DecoderImpl
       pp_info = pp_hdr.split(/\s/)
       # PROXY proto clientip proxyip clientport proxyport
       if pp_info[0] != "PROXY"
-        @tcp.logger.error("invalid proxy protocol header label", :hdr => pp_hdr)
-        raise IOError
+        @tcp.logger.error("Invalid proxy protocol header label", :header => pp_hdr)
+        raise IOError.new("Invalid proxy protocol header label #{pp_hdr.inspect}")
       else
         @proxy_address = pp_info[3]
         @proxy_port = pp_info[5]

data/spec/inputs/tcp_spec.rb

@@ -341,8 +341,7 @@ describe LogStash::Inputs::Tcp do
             "port" => port,
             "ssl_enable" => true,
             "ssl_cert" => certificate_file.path,
-            "ssl_key" => key_file.path,
-            "ssl_extra_chain_certs" => certificate_file.path
+            "ssl_key" => key_file.path
           }
         end
 
@@ -368,7 +367,6 @@ describe LogStash::Inputs::Tcp do
             File.unlink(certificate_file.path)
             File.unlink(key_file.path)
           end
-
         end
 
         context "with pkcs#8 keys" do

data/version

@@ -1 +1 @@
-6.0.5
+6.0.10

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-input-tcp
 version: !ruby/object:Gem::Version
-  version: 6.0.5
+  version: 6.0.10
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-04-02 00:00:00.000000000 Z
+date: 2021-04-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -178,7 +178,7 @@ files:
 - logstash-input-tcp.gemspec
 - spec/inputs/tcp_spec.rb
 - spec/spec_helper.rb
-- vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/6.0.5/logstash-input-tcp-6.0.5.jar
+- vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/6.0.10/logstash-input-tcp-6.0.10.jar
 - version
 homepage: http://www.elastic.co/guide/en/logstash/current/index.html
 licenses: