librelp issues

Fix seldom another sessionbreak memory leak

2

Another memoryleak appears to be happening but more seldom, see buildbot run: https://build.rsyslog.com/#/builders/79/builds/323 > ==5081== > ==5081== HEAP SUMMARY: > ==5081== in use at exit: 32 bytes in 1 blocks...

alorbach

Please make librelp compliant to crypto-policy

1

Usually, crypto-policies (such as https://fedoraproject.org/wiki/Packaging:CryptoPolicies) require among other thing GnuTLS libs to use default TLS priority. This is currently not the case in librelp

jvymazal

Consider return value: pSess->pEngine->onSyslogRcv2

https://github.com/rsyslog/librelp/blob/60fb51342f7ffd614bf7df9bfbea21b08c6e4f3e/src/scsyslog.c#L60 https://github.com/rsyslog/librelp/blob/60fb51342f7ffd614bf7df9bfbea21b08c6e4f3e/src/scsyslog.c#L63 https://github.com/rsyslog/librelp/blob/60fb51342f7ffd614bf7df9bfbea21b08c6e4f3e/src/scsyslog.c#L70 Should we consider checking the return value from onSyslogRcv2/onSyslogRcv callbacks? At the moment the return status of those callbacks is ignored.

alorbach

multithreading support in librelp (or rsyslog relp input)

RELP input was eating 100% of single CPU core under my load (about 100k msg/s). It was unable to process message queue. So I switched to imptcp which able to...

jay7x

librelp does not emit error messages

... in many important cases, e.g. connection failure or breakage. see also https://github.com/rsyslog/rsyslog/issues/3294

rgerhards

change API to use "const char" for strings that are actually constant

1

Unfortunately the API did expose them as char. This is bad from a "clean compile" perspective, but may also convey the idea that these strings are actually modifiable. That is...

rgerhards

Unable to configure RELP (imrelp) module to bind to single IP

1

Apologies in advance if this is a limitation of rsyslog not librelp. Currently it appears that when you enable librelp (imrelp) in rsyslog that it listens on all available IPs...

SuperJuice

relp tls fingerprint authentication

Would you consider adding a feature to match tls.permittedpeer fingerprints with hostnames? Currently if you have a list of peers using omrelp to write to a "master" node, which is...

jeanpaulgalea

TLS: Validate solely against caCert if permittedPeers is empty

1

Hi, The option to validate the TLS peer **solely** based on an X.509 certificate chain (caCert) is not supported in librelp. The current logic is: 1) Verify the peer certificate...

mathias-nyman

tcp: avoid deprecated ENGINE_cleanup

ENGINE_cleanup is deprecated as of OpenSSL 1.1.0, and may not be available with 3.0 and OPENSSL_NO_ENGINE (e.g. Fedora 41 and RHEL 10).

yselkowitz

librelp
librelp copied to clipboard

Metadata

Fix seldom another sessionbreak memory leak

Please make librelp compliant to crypto-policy

Consider return value: pSess->pEngine->onSyslogRcv2

multithreading support in librelp (or rsyslog relp input)

librelp does not emit error messages

change API to use "const char" for strings that are actually constant

Unable to configure RELP (imrelp) module to bind to single IP

relp tls fingerprint authentication

TLS: Validate solely against caCert if permittedPeers is empty

tcp: avoid deprecated ENGINE_cleanup

← Metadata

Owner

Metadata

librelp librelp copied to clipboard

Metadata

← Metadata

Owner

Metadata

librelp
librelp copied to clipboard