logstash-input-tcp 6.3.0-java → 6.3.1-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/lib/logstash/inputs/tcp/decoder_impl.rb +17 -5
- data/lib/logstash/inputs/tcp.rb +12 -8
- data/lib/logstash-input-tcp_jars.rb +1 -1
- data/spec/inputs/tcp_spec.rb +37 -2
- data/vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/6.3.1/logstash-input-tcp-6.3.1.jar +0 -0
- data/version +1 -1
- metadata +3 -3
- data/vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/6.3.0/logstash-input-tcp-6.3.0.jar +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2fb789cdfaf2019169729724b4ab5f0f330d7a136594310a5f823f90d59b807c
|
4
|
+
data.tar.gz: f385f458414136970b159cc1f4e20ff053da79ac55c9358a30e35a741969de0b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 990b51998a4229fd5638083df9ab64daad5dc5a1cf98f6d78fbd3b2e53cce22a8c2ecc0ee61afce2577901b9d68ded2fd27fe34504d92c1f03ee7efef7e885b7
|
7
|
+
data.tar.gz: 8495257bef6b00b3fd06e7bd8d5981adf688d268c531c10f9ae8bf24126f1a367e030d2622dd3a0a0b707b066e822bbc31628bc4f22d184494ceeb78e2987de4
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,6 @@
|
|
1
|
+
## 6.3.1
|
2
|
+
- Fixes a regression in which the ssl_subject was missing for SSL-secured connections in server mode [#199](https://github.com/logstash-plugins/logstash-input-tcp/pull/199)
|
3
|
+
|
1
4
|
## 6.3.0
|
2
5
|
- Feat: ssl_supported_protocols (TLSv1.3) + ssl_cipher_suites [#198](https://github.com/logstash-plugins/logstash-input-tcp/pull/198)
|
3
6
|
|
@@ -11,16 +11,17 @@ class LogStash::Inputs::Tcp::DecoderImpl
|
|
11
11
|
@first_read = true
|
12
12
|
end
|
13
13
|
|
14
|
-
def decode(
|
14
|
+
def decode(ctx, data)
|
15
|
+
channel = ctx.channel()
|
15
16
|
bytes = Java::byte[data.readableBytes].new
|
16
17
|
data.getBytes(0, bytes)
|
17
18
|
data.release
|
18
19
|
tbuf = String.from_java_bytes bytes, "ASCII-8BIT"
|
19
20
|
if @first_read
|
20
|
-
tbuf = init_first_read(
|
21
|
+
tbuf = init_first_read(channel, tbuf)
|
21
22
|
end
|
22
23
|
@tcp.decode_buffer(@ip_address, @address, @port, @codec,
|
23
|
-
|
24
|
+
@proxy_address, @proxy_port, tbuf, @sslsubject)
|
24
25
|
end
|
25
26
|
|
26
27
|
def copy
|
@@ -28,11 +29,12 @@ class LogStash::Inputs::Tcp::DecoderImpl
|
|
28
29
|
end
|
29
30
|
|
30
31
|
def flush
|
31
|
-
@tcp.flush_codec(@codec, @ip_address, @address, @port,
|
32
|
+
@tcp.flush_codec(@codec, @ip_address, @address, @port, @sslsubject)
|
32
33
|
end
|
33
34
|
|
34
35
|
private
|
35
|
-
def init_first_read(
|
36
|
+
def init_first_read(channel, received)
|
37
|
+
channel_addr = channel.remoteAddress()
|
36
38
|
if @tcp.proxy_protocol
|
37
39
|
pp_hdr, filtered = received.split("\r\n", 2)
|
38
40
|
pp_info = pp_hdr.split(/\s/)
|
@@ -53,10 +55,20 @@ class LogStash::Inputs::Tcp::DecoderImpl
|
|
53
55
|
@address = extract_host_name(channel_addr) # name _or_ address of sender
|
54
56
|
@port = channel_addr.get_port # outgoing port of sender (probably random)
|
55
57
|
end
|
58
|
+
@sslsubject = extract_sslsubject(channel)
|
56
59
|
@first_read = false
|
57
60
|
filtered
|
58
61
|
end
|
59
62
|
|
63
|
+
private
|
64
|
+
def extract_sslsubject(channel)
|
65
|
+
return nil unless @tcp.ssl_enable && @tcp.ssl_verify
|
66
|
+
|
67
|
+
channel.pipeline().get("ssl-handler").engine().getSession().getPeerPrincipal().getName()
|
68
|
+
rescue Exception => e
|
69
|
+
nil
|
70
|
+
end
|
71
|
+
|
60
72
|
private
|
61
73
|
def extract_host_name(channel_addr)
|
62
74
|
channel_addr = java.net.InetSocketAddress.new(channel_addr, 0) if channel_addr.kind_of?(String)
|
data/lib/logstash/inputs/tcp.rb
CHANGED
@@ -190,19 +190,19 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
|
|
190
190
|
end
|
191
191
|
|
192
192
|
def decode_buffer(client_ip_address, client_address, client_port, codec, proxy_address,
|
193
|
-
proxy_port, tbuf,
|
193
|
+
proxy_port, tbuf, ssl_subject)
|
194
194
|
codec.decode(tbuf) do |event|
|
195
195
|
if @proxy_protocol
|
196
196
|
event.set(@field_proxy_host, proxy_address) unless event.get(@field_proxy_host)
|
197
197
|
event.set(@field_proxy_port, proxy_port) unless event.get(@field_proxy_port)
|
198
198
|
end
|
199
|
-
enqueue_decorated(event, client_ip_address, client_address, client_port,
|
199
|
+
enqueue_decorated(event, client_ip_address, client_address, client_port, ssl_subject)
|
200
200
|
end
|
201
201
|
end
|
202
202
|
|
203
|
-
def flush_codec(codec, client_ip_address, client_address, client_port,
|
203
|
+
def flush_codec(codec, client_ip_address, client_address, client_port, ssl_subject)
|
204
204
|
codec.flush do |event|
|
205
|
-
enqueue_decorated(event, client_ip_address, client_address, client_port,
|
205
|
+
enqueue_decorated(event, client_ip_address, client_address, client_port, ssl_subject)
|
206
206
|
end
|
207
207
|
end
|
208
208
|
|
@@ -222,10 +222,14 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
|
|
222
222
|
client_socket.close rescue nil
|
223
223
|
end
|
224
224
|
|
225
|
+
# only called in client mode
|
225
226
|
def handle_socket(socket)
|
226
227
|
client_address = socket.peeraddr[3]
|
227
228
|
client_ip_address = socket.peeraddr[2]
|
228
229
|
client_port = socket.peeraddr[1]
|
230
|
+
|
231
|
+
# Client mode sslsubject extraction, server mode happens in DecoderImpl#decode
|
232
|
+
ssl_subject = socket.peer_cert.subject.to_s if @ssl_enable && @ssl_verify
|
229
233
|
peer = "#{client_address}:#{client_port}"
|
230
234
|
first_read = true
|
231
235
|
codec = @codec.clone
|
@@ -249,7 +253,7 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
|
|
249
253
|
end
|
250
254
|
end
|
251
255
|
decode_buffer(client_ip_address, client_address, client_port, codec, proxy_address,
|
252
|
-
proxy_port, tbuf,
|
256
|
+
proxy_port, tbuf, ssl_subject)
|
253
257
|
end
|
254
258
|
rescue EOFError
|
255
259
|
@logger.debug? && @logger.debug("Connection closed", :client => peer)
|
@@ -263,14 +267,14 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
|
|
263
267
|
ensure
|
264
268
|
# catch all rescue nil on close to discard any close errors or invalid socket
|
265
269
|
socket.close rescue nil
|
266
|
-
flush_codec(codec, client_ip_address, client_address, client_port,
|
270
|
+
flush_codec(codec, client_ip_address, client_address, client_port, ssl_subject)
|
267
271
|
end
|
268
272
|
|
269
|
-
def enqueue_decorated(event, client_ip_address, client_address, client_port,
|
273
|
+
def enqueue_decorated(event, client_ip_address, client_address, client_port, ssl_subject)
|
270
274
|
event.set(@field_host, client_address) unless event.get(@field_host)
|
271
275
|
event.set(@field_host_ip, client_ip_address) unless event.get(@field_host_ip)
|
272
276
|
event.set(@field_port, client_port) unless event.get(@field_port)
|
273
|
-
event.set(@field_sslsubject,
|
277
|
+
event.set(@field_sslsubject, ssl_subject) unless ssl_subject.nil? || event.get(@field_sslsubject)
|
274
278
|
decorate(event)
|
275
279
|
@output_queue << event
|
276
280
|
end
|
data/spec/inputs/tcp_spec.rb
CHANGED
@@ -541,7 +541,7 @@ describe LogStash::Inputs::Tcp, :ecs_compatibility_support do
|
|
541
541
|
end
|
542
542
|
end
|
543
543
|
|
544
|
-
describe "#receive" do
|
544
|
+
describe "#receive", :ecs_compatibility_support do
|
545
545
|
shared_examples "receiving events" do
|
546
546
|
# TODO(sissel): Implement normal event-receipt tests as as a shared example
|
547
547
|
end
|
@@ -549,7 +549,10 @@ describe LogStash::Inputs::Tcp, :ecs_compatibility_support do
|
|
549
549
|
context "when ssl_enable is true" do
|
550
550
|
let(:input) { subject }
|
551
551
|
let(:queue) { Queue.new }
|
552
|
-
before(:each)
|
552
|
+
before(:each) do
|
553
|
+
allow_any_instance_of(described_class).to receive(:ecs_compatibility).and_return(ecs_compatibility) if defined?(ecs_compatibility)
|
554
|
+
subject.register
|
555
|
+
end
|
553
556
|
|
554
557
|
context "when using a certificate chain" do
|
555
558
|
chain_of_certificates = TcpHelpers.new.chain_of_certificates
|
@@ -651,6 +654,38 @@ describe LogStash::Inputs::Tcp, :ecs_compatibility_support do
|
|
651
654
|
end
|
652
655
|
end
|
653
656
|
|
657
|
+
context "with a regular TLS setup" do
|
658
|
+
let(:config) do
|
659
|
+
{
|
660
|
+
"host" => "127.0.0.1",
|
661
|
+
"port" => port,
|
662
|
+
"ssl_enable" => true,
|
663
|
+
"ssl_cert" => chain_of_certificates[:b_cert].path,
|
664
|
+
"ssl_key" => chain_of_certificates[:b_key].path,
|
665
|
+
"ssl_extra_chain_certs" => [ chain_of_certificates[:a_cert].path ],
|
666
|
+
"ssl_certificate_authorities" => [ chain_of_certificates[:root_ca].path ],
|
667
|
+
"ssl_verify" => true
|
668
|
+
}
|
669
|
+
end
|
670
|
+
|
671
|
+
ecs_compatibility_matrix(:disabled,:v1, :v8 => :v1) do |ecs_select|
|
672
|
+
it "extracts the TLS subject from connections" do
|
673
|
+
result = TcpHelpers.pipelineless_input(subject, 1) do
|
674
|
+
sslsocket.connect
|
675
|
+
sslsocket.write("#{message}\n")
|
676
|
+
tcp.flush
|
677
|
+
sslsocket.close
|
678
|
+
tcp.close
|
679
|
+
end
|
680
|
+
expect(result.size).to eq(1)
|
681
|
+
event = result.first
|
682
|
+
|
683
|
+
ssl_subject_field = ecs_select[disabled: 'sslsubject', v1:'[@metadata][input][tcp][tls][client][subject]']
|
684
|
+
expect(event.get(ssl_subject_field)).to eq("CN=RubyAA_Cert,DC=ruby-lang,DC=org")
|
685
|
+
end
|
686
|
+
end
|
687
|
+
end
|
688
|
+
|
654
689
|
context "with enforced protocol version" do
|
655
690
|
let(:config) do
|
656
691
|
base_config.merge 'ssl_supported_protocols' => [ tls_version ]
|
Binary file
|
data/version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
6.3.
|
1
|
+
6.3.1
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-input-tcp
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.3.
|
4
|
+
version: 6.3.1
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-10-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -233,7 +233,7 @@ files:
|
|
233
233
|
- spec/spec_helper.rb
|
234
234
|
- vendor/jar-dependencies/commons-io/commons-io/2.8.0/commons-io-2.8.0.jar
|
235
235
|
- vendor/jar-dependencies/io/netty/netty-all/4.1.65.Final/netty-all-4.1.65.Final.jar
|
236
|
-
- vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/6.3.
|
236
|
+
- vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/6.3.1/logstash-input-tcp-6.3.1.jar
|
237
237
|
- version
|
238
238
|
homepage: http://www.elastic.co/guide/en/logstash/current/index.html
|
239
239
|
licenses:
|