summaryrefslogtreecommitdiffstats
path: root/libnetdata/socket/security.c
diff options
context:
space:
mode:
Diffstat (limited to 'libnetdata/socket/security.c')
-rw-r--r--libnetdata/socket/security.c41
1 files changed, 24 insertions, 17 deletions
diff --git a/libnetdata/socket/security.c b/libnetdata/socket/security.c
index efd8df9419..4deb766239 100644
--- a/libnetdata/socket/security.c
+++ b/libnetdata/socket/security.c
@@ -24,7 +24,7 @@ static SOCKET_PEERS netdata_ssl_peers(NETDATA_SSL *ssl) {
}
static void netdata_ssl_log_error_queue(const char *call, NETDATA_SSL *ssl, unsigned long err) {
- error_limit_static_thread_var(erl, 1, 0);
+ nd_log_limit_static_thread_var(erl, 1, 0);
if(err == SSL_ERROR_NONE)
err = ERR_get_error();
@@ -103,8 +103,9 @@ static void netdata_ssl_log_error_queue(const char *call, NETDATA_SSL *ssl, unsi
ERR_error_string_n(err, str, 1024);
str[1024] = '\0';
SOCKET_PEERS peers = netdata_ssl_peers(ssl);
- error_limit(&erl, "SSL: %s() on socket local [[%s]:%d] <-> remote [[%s]:%d], returned error %lu (%s): %s",
- call, peers.local.ip, peers.local.port, peers.peer.ip, peers.peer.port, err, code, str);
+ nd_log_limit(&erl, NDLS_DAEMON, NDLP_ERR,
+ "SSL: %s() on socket local [[%s]:%d] <-> remote [[%s]:%d], returned error %lu (%s): %s",
+ call, peers.local.ip, peers.local.port, peers.peer.ip, peers.peer.port, err, code, str);
} while((err = ERR_get_error()));
}
@@ -179,7 +180,7 @@ void netdata_ssl_close(NETDATA_SSL *ssl) {
}
static inline bool is_handshake_complete(NETDATA_SSL *ssl, const char *op) {
- error_limit_static_thread_var(erl, 1, 0);
+ nd_log_limit_static_thread_var(erl, 1, 0);
if(unlikely(!ssl->conn)) {
internal_error(true, "SSL: trying to %s on a NULL connection", op);
@@ -189,22 +190,25 @@ static inline bool is_handshake_complete(NETDATA_SSL *ssl, const char *op) {
switch(ssl->state) {
case NETDATA_SSL_STATE_NOT_SSL: {
SOCKET_PEERS peers = netdata_ssl_peers(ssl);
- error_limit(&erl, "SSL: on socket local [[%s]:%d] <-> remote [[%s]:%d], attempt to %s on non-SSL connection",
- peers.local.ip, peers.local.port, peers.peer.ip, peers.peer.port, op);
+ nd_log_limit(&erl, NDLS_DAEMON, NDLP_WARNING,
+ "SSL: on socket local [[%s]:%d] <-> remote [[%s]:%d], attempt to %s on non-SSL connection",
+ peers.local.ip, peers.local.port, peers.peer.ip, peers.peer.port, op);
return false;
}
case NETDATA_SSL_STATE_INIT: {
SOCKET_PEERS peers = netdata_ssl_peers(ssl);
- error_limit(&erl, "SSL: on socket local [[%s]:%d] <-> remote [[%s]:%d], attempt to %s on an incomplete connection",
- peers.local.ip, peers.local.port, peers.peer.ip, peers.peer.port, op);
+ nd_log_limit(&erl, NDLS_DAEMON, NDLP_WARNING,
+ "SSL: on socket local [[%s]:%d] <-> remote [[%s]:%d], attempt to %s on an incomplete connection",
+ peers.local.ip, peers.local.port, peers.peer.ip, peers.peer.port, op);
return false;
}
case NETDATA_SSL_STATE_FAILED: {
SOCKET_PEERS peers = netdata_ssl_peers(ssl);
- error_limit(&erl, "SSL: on socket local [[%s]:%d] <-> remote [[%s]:%d], attempt to %s on a failed connection",
- peers.local.ip, peers.local.port, peers.peer.ip, peers.peer.port, op);
+ nd_log_limit(&erl, NDLS_DAEMON, NDLP_WARNING,
+ "SSL: on socket local [[%s]:%d] <-> remote [[%s]:%d], attempt to %s on a failed connection",
+ peers.local.ip, peers.local.port, peers.peer.ip, peers.peer.port, op);
return false;
}
@@ -296,7 +300,7 @@ ssize_t netdata_ssl_write(NETDATA_SSL *ssl, const void *buf, size_t num) {
}
static inline bool is_handshake_initialized(NETDATA_SSL *ssl, const char *op) {
- error_limit_static_thread_var(erl, 1, 0);
+ nd_log_limit_static_thread_var(erl, 1, 0);
if(unlikely(!ssl->conn)) {
internal_error(true, "SSL: trying to %s on a NULL connection", op);
@@ -306,8 +310,9 @@ static inline bool is_handshake_initialized(NETDATA_SSL *ssl, const char *op) {
switch(ssl->state) {
case NETDATA_SSL_STATE_NOT_SSL: {
SOCKET_PEERS peers = netdata_ssl_peers(ssl);
- error_limit(&erl, "SSL: on socket local [[%s]:%d] <-> remote [[%s]:%d], attempt to %s on non-SSL connection",
- peers.local.ip, peers.local.port, peers.peer.ip, peers.peer.port, op);
+ nd_log_limit(&erl, NDLS_DAEMON, NDLP_WARNING,
+ "SSL: on socket local [[%s]:%d] <-> remote [[%s]:%d], attempt to %s on non-SSL connection",
+ peers.local.ip, peers.local.port, peers.peer.ip, peers.peer.port, op);
return false;
}
@@ -317,15 +322,17 @@ static inline bool is_handshake_initialized(NETDATA_SSL *ssl, const char *op) {
case NETDATA_SSL_STATE_FAILED: {
SOCKET_PEERS peers = netdata_ssl_peers(ssl);
- error_limit(&erl, "SSL: on socket local [[%s]:%d] <-> remote [[%s]:%d], attempt to %s on a failed connection",
- peers.local.ip, peers.local.port, peers.peer.ip, peers.peer.port, op);
+ nd_log_limit(&erl, NDLS_DAEMON, NDLP_WARNING,
+ "SSL: on socket local [[%s]:%d] <-> remote [[%s]:%d], attempt to %s on a failed connection",
+ peers.local.ip, peers.local.port, peers.peer.ip, peers.peer.port, op);
return false;
}
case NETDATA_SSL_STATE_COMPLETE: {
SOCKET_PEERS peers = netdata_ssl_peers(ssl);
- error_limit(&erl, "SSL: on socket local [[%s]:%d] <-> remote [[%s]:%d], attempt to %s on an complete connection",
- peers.local.ip, peers.local.port, peers.peer.ip, peers.peer.port, op);
+ nd_log_limit(&erl, NDLS_DAEMON, NDLP_WARNING,
+ "SSL: on socket local [[%s]:%d] <-> remote [[%s]:%d], attempt to %s on an complete connection",
+ peers.local.ip, peers.local.port, peers.peer.ip, peers.peer.port, op);
return false;
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-14 12:54:03 +0000