tcp client: tls-support marked as deprecated

dmachard · Nov 1, 2023 · 0732f6b · 0732f6b
1 parent 13ef4b0
commit 0732f6b
Show file tree

Hide file tree

Showing 6 changed files with 53 additions and 39 deletions.
diff --git a/dnsutils/config.go b/dnsutils/config.go
@@ -18,18 +18,6 @@ func IsValidMode(mode string) bool {
 	return false
 }
 
-func IsValidTLS(mode string) bool {
-	switch mode {
-	case
-		TLS_v10,
-		TLS_v11,
-		TLS_v12,
-		TLS_v13:
-		return true
-	}
-	return false
-}
-
 type MultiplexInOut struct {
 	Name       string                 `yaml:"name"`
 	Transforms map[string]interface{} `yaml:"transforms"`

diff --git a/dnsutils/tls_config.go b/dnsutils/tls_config.go
@@ -14,6 +14,18 @@ var clientCipherSuites = []uint16{
 	tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 }
 
+func IsValidTLS(mode string) bool {
+	switch mode {
+	case
+		TLS_v10,
+		TLS_v11,
+		TLS_v12,
+		TLS_v13:
+		return true
+	}
+	return false
+}
+
 type TlsOptions struct {
 	CAFile             string
 	CertFile           string
@@ -23,6 +35,7 @@ type TlsOptions struct {
 }
 
 func TlsClientConfig(options TlsOptions) (*tls.Config, error) {
+
 	tlsConfig := &tls.Config{
 		MinVersion:         tls.VersionTLS12,
 		InsecureSkipVerify: false,

diff --git a/dnsutils/tls_config_test.go b/dnsutils/tls_config_test.go
@@ -7,7 +7,7 @@ import (
 )
 
 func TestConfigClientTLSNoVerify(t *testing.T) {
-	tlsConfig, err := TlsClientConfig(TlsOptions{InsecureSkipVerify: true})
+	tlsConfig, err := TlsClientConfig(TlsOptions{InsecureSkipVerify: true, MinVersion: TLS_v12})
 
 	if err != nil || tlsConfig == nil {
 		t.Fatal("Unable to configure client TLS", err)

diff --git a/docs/loggers/logger_tcp.md b/docs/loggers/logger_tcp.md
@@ -10,14 +10,14 @@ Tcp/unix stream client logger.
 
 Options:
 
-* `transport`: (string) network transport to use: tcp|unix
+* `transport`: (string) network transport to use: tcp|unix|tcp+tls
 * `remote-ip`: (string) remote address
 * `remote-port`: (integer) remote tcp port
-* `sock-path`: (string) unix socket path
+* `sock-path` **DEPRECATED**: (string) unix socket path
 * `connect-timeout`: (integer) connect timeout in second
 * `retry-interval`: (integer) interval in second between retry reconnect
 * `flush-interval`: (integer) interval in second before to flush the buffer
-* `tls-support`: (boolean) enable tls
+* `tls-support` **DEPRECATED**: (boolean) enable tls
 * `tls-insecure`: (boolean) insecure skip verify
 * `tls-min-version`: (string) min tls version, default to 1.2
 * `ca-file`: (string) provide CA file to verify the server certificate
@@ -35,11 +35,9 @@ tcpclient:
   transport: tcp
   remote-address: 127.0.0.1
   remote-port: 9999
-  sock-path: null
   connect-timeout: 5
   retry-interval: 10
   flush-interval: 30
-  tls-support: false
   tls-insecure: false
   tls-min-version: 1.2
   ca-file: ""

diff --git a/loggers/syslog.go b/loggers/syslog.go
@@ -151,8 +151,6 @@ func (o *Syslog) Stop() {
 }
 
 func (o *Syslog) ConnectToRemote() {
-	//connTimeout := time.Duration(o.config.Loggers.Dnstap.ConnectTimeout) * time.Second
-
 	for {
 		if o.syslogWriter != nil {
 			o.syslogWriter.Close()
@@ -168,14 +166,14 @@ func (o *Syslog) ConnectToRemote() {
 			o.LogInfo("connecting to local syslog...")
 			logWriter, err = syslog.New(o.facility|o.severity, "")
 		case dnsutils.SOCKET_UNIX, dnsutils.SOCKET_UDP, dnsutils.SOCKET_TCP:
-			o.LogInfo("connecting to syslog %s://%s ...",
+			o.LogInfo("connecting to %s://%s ...",
 				o.config.Loggers.Syslog.Transport,
 				o.config.Loggers.Syslog.RemoteAddress)
 			logWriter, err = syslog.Dial(o.config.Loggers.Syslog.Transport,
 				o.config.Loggers.Syslog.RemoteAddress, o.facility|o.severity,
 				o.config.Loggers.Syslog.Tag)
 		case dnsutils.SOCKET_TLS:
-			o.LogInfo("connecting to syslog %s://%s ...",
+			o.LogInfo("connecting to %s://%s ...",
 				o.config.Loggers.Syslog.Transport,
 				o.config.Loggers.Syslog.RemoteAddress)
 

diff --git a/loggers/tcpclient.go b/loggers/tcpclient.go
@@ -26,6 +26,7 @@ type TcpClient struct {
 	logger             *logger.Logger
 	textFormat         []string
 	name               string
+	transport          string
 	transportWriter    *bufio.Writer
 	transportConn      net.Conn
 	transportReady     chan bool
@@ -60,9 +61,16 @@ func (c *TcpClient) GetName() string { return c.name }
 func (c *TcpClient) SetLoggers(loggers []dnsutils.Worker) {}
 
 func (o *TcpClient) ReadConfig() {
-	if !dnsutils.IsValidTLS(o.config.Loggers.TcpClient.TlsMinVersion) {
-		o.logger.Fatal("logger tcp - invalid tls min version")
+	o.transport = o.config.Loggers.TcpClient.Transport
+
+	// begin backward compatibility
+	if o.config.Loggers.TcpClient.TlsSupport {
+		o.transport = dnsutils.SOCKET_TLS
+	}
+	if len(o.config.Loggers.TcpClient.SockPath) > 0 {
+		o.transport = dnsutils.SOCKET_UNIX
 	}
+	// end
 
 	if len(o.config.Loggers.TcpClient.TextFormat) > 0 {
 		o.textFormat = strings.Fields(o.config.Loggers.TcpClient.TextFormat)
@@ -106,27 +114,37 @@ func (o *TcpClient) Disconnect() {
 }
 
 func (o *TcpClient) ConnectToRemote() {
-	// prepare the address
-	var address string
-	if len(o.config.Loggers.TcpClient.SockPath) > 0 {
-		address = o.config.Loggers.TcpClient.SockPath
-	} else {
-		address = o.config.Loggers.TcpClient.RemoteAddress + ":" + strconv.Itoa(o.config.Loggers.TcpClient.RemotePort)
-	}
-	connTimeout := time.Duration(o.config.Loggers.TcpClient.ConnectTimeout) * time.Second
 
 	for {
 		if o.transportConn != nil {
 			o.transportConn.Close()
 			o.transportConn = nil
 		}
 
+		address := o.config.Loggers.TcpClient.RemoteAddress + ":" + strconv.Itoa(o.config.Loggers.TcpClient.RemotePort)
+		connTimeout := time.Duration(o.config.Loggers.TcpClient.ConnectTimeout) * time.Second
+
 		// make the connection
 		var conn net.Conn
 		var err error
-		var tlsConfig *tls.Config
-		if o.config.Loggers.TcpClient.TlsSupport {
-			o.LogInfo("connecting to tls://%s", address)
+
+		switch o.transport {
+		case dnsutils.SOCKET_UNIX:
+			address = o.config.Loggers.TcpClient.RemoteAddress
+			if len(o.config.Loggers.TcpClient.SockPath) > 0 {
+				address = o.config.Loggers.TcpClient.SockPath
+			}
+			o.LogInfo("connecting to %s://%s", o.transport, address)
+			conn, err = net.DialTimeout(o.transport, address, connTimeout)
+
+		case dnsutils.SOCKET_TCP:
+			o.LogInfo("connecting to %s://%s", o.transport, address)
+			conn, err = net.DialTimeout(o.transport, address, connTimeout)
+
+		case dnsutils.SOCKET_TLS:
+			o.LogInfo("connecting to %s://%s", o.transport, address)
+
+			var tlsConfig *tls.Config
 
 			tlsOptions := dnsutils.TlsOptions{
 				InsecureSkipVerify: o.config.Loggers.TcpClient.TlsInsecure,
@@ -139,11 +157,10 @@ func (o *TcpClient) ConnectToRemote() {
 			tlsConfig, err = dnsutils.TlsClientConfig(tlsOptions)
 			if err == nil {
 				dialer := &net.Dialer{Timeout: connTimeout}
-				conn, err = tls.DialWithDialer(dialer, o.config.Loggers.TcpClient.Transport, address, tlsConfig)
+				conn, err = tls.DialWithDialer(dialer, dnsutils.SOCKET_TCP, address, tlsConfig)
 			}
-		} else {
-			o.LogInfo("connecting to tcp://%s", address)
-			conn, err = net.DialTimeout(o.config.Loggers.TcpClient.Transport, address, connTimeout)
+		default:
+			o.logger.Fatal("logger=dnstap - invalid transport:", o.transport, err)
 		}
 
 		// something is wrong during connection ?