fluent
diff --git a/‎CMakeLists.txt‎
Lines changed: 1 addition & 0 deletions b/‎CMakeLists.txt‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎include/fluent-bit/config_format/flb_cf.h‎
Lines changed: 4 additions & 0 deletions b/‎include/fluent-bit/config_format/flb_cf.h‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎include/fluent-bit/flb_config.h‎
Lines changed: 4 additions & 0 deletions b/‎include/fluent-bit/flb_config.h‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎include/fluent-bit/flb_connection.h‎
Lines changed: 3 additions & 0 deletions b/‎include/fluent-bit/flb_connection.h‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎include/fluent-bit/flb_input.h‎
Lines changed: 4 additions & 0 deletions b/‎include/fluent-bit/flb_input.h‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎include/fluent-bit/flb_network_verifier.h‎
Lines changed: 95 additions & 0 deletions b/‎include/fluent-bit/flb_network_verifier.h‎
Lines changed: 95 additions & 0 deletions
diff --git a/‎include/fluent-bit/flb_network_verifier_plugin.h‎
Lines changed: 47 additions & 0 deletions b/‎include/fluent-bit/flb_network_verifier_plugin.h‎
Lines changed: 47 additions & 0 deletions
diff --git a/‎include/fluent-bit/flb_output.h‎
Lines changed: 2 additions & 0 deletions b/‎include/fluent-bit/flb_output.h‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎include/fluent-bit/flb_plugin.h‎
Lines changed: 2 additions & 0 deletions b/‎include/fluent-bit/flb_plugin.h‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎include/fluent-bit/flb_plugins.h.in‎
Lines changed: 11 additions & 0 deletions b/‎include/fluent-bit/flb_plugins.h.in‎
Lines changed: 11 additions & 0 deletions
@@ -743,6 +743,7 @@ if(FLB_TLS)
   find_package(OpenSSL)
   if(OPENSSL_FOUND)
     FLB_DEFINITION(FLB_HAVE_OPENSSL)
+    include_directories(${OPENSSL_INCLUDE_DIR})
   endif()
 
   if (FLB_SYSTEM_WINDOWS AND NOT(OPENSSL_FOUND))
 
@@ -60,6 +60,7 @@ enum section_type {
     FLB_CF_PLUGINS,               /* plugins             */
     FLB_CF_UPSTREAM_SERVERS,      /* upstream_servers    */
     FLB_CF_CUSTOM,                /* [CUSTOM]            */
+    FLB_CF_NETWORK_VERIFIER,      /* [network_verifier]      */
     FLB_CF_INPUT,                 /* [INPUT]             */
     FLB_CF_FILTER,                /* [FILTER]            */
     FLB_CF_OUTPUT,                /* [OUTPUT]            */
@@ -112,6 +113,9 @@ struct flb_cf {
     /* 'custom' type plugins */
     struct mk_list customs;
 
+    /* 'network_verifier' type plugins */
+    struct mk_list network_verifiers;
+
     /* pipeline */
     struct mk_list inputs;
     struct mk_list filters;
 
@@ -136,6 +136,7 @@ struct flb_config {
     struct mk_list parser_plugins;      /* not yet implemented */
     struct mk_list filter_plugins;
     struct mk_list out_plugins;
+    struct mk_list network_verifier_plugins;
 
     /* Custom instances */
     struct mk_list customs;
@@ -156,6 +157,9 @@ struct flb_config {
     /* Filter instances */
     struct mk_list filters;
 
+    /* Network Verifier instances */
+    struct mk_list network_verifiers;
+
     struct mk_event_loop *evl;          /* the event loop (mk_core) */
 
     struct flb_bucket_queue *evl_bktq;   /* bucket queue for evl track event priority */
 
@@ -181,4 +181,7 @@ void flb_connection_unset_connection_timeout(struct flb_connection *connection);
 void flb_connection_reset_io_timeout(struct flb_connection *connection);
 void flb_connection_unset_io_timeout(struct flb_connection *connection);
 
+void flb_connection_notify_error(const struct flb_connection* conn,
+    const char* dest, int port, int error_code, const char* error_msg);
+
 #endif
@@ -458,6 +458,10 @@ struct flb_input_instance {
     char *tls_max_version;               /* Maximum protocol version of TLS */
     char *tls_ciphers;                   /* TLS ciphers */
 
+
+    char *network_verifier;           /* Network Verifier alias */
+    struct flb_network_verifier_instance* verifier_ins;
+
     struct mk_list *tls_config_map;
 
 #ifdef FLB_HAVE_TLS
 
@@ -0,0 +1,95 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+
+/*  Fluent Bit
+ *  ==========
+ *  Copyright (C) 2015-2024 The Fluent Bit Authors
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+#ifndef FLB_NETWORK_VERIFIER_H
+#define FLB_NETWORK_VERIFIER_H
+
+#include <fluent-bit/flb_info.h>
+#include <fluent-bit/flb_config.h>
+#include <fluent-bit/flb_config_map.h>
+
+#include <openssl/types.h>
+
+#define FLB_X509_STORE_EX_INDEX 0
+
+struct flb_network_verifier_instance;
+
+struct flb_network_verifier_plugin {
+    char *name;            /* Name                               */
+    char *description;     /* Description                        */
+
+    /* Config map */
+    struct flb_config_map *config_map;
+
+    /* Callbacks */
+    int (*cb_init) (struct flb_network_verifier_instance *, struct flb_config *);
+    int (*cb_verify_tls) (int, X509_STORE_CTX *);
+    int (*cb_connection_failure) (struct flb_network_verifier_instance*, const char*, int, int, const char*);
+    int (*cb_exit) (void *, struct flb_config *);
+
+    struct mk_list _head;  /* Link to parent list (config->network_verifier_plugins) */
+};
+
+/*
+ * Each initialized plugin must have an instance, the same plugin may be
+ * loaded more than one time.
+ *
+ * An instance will contain basic fixed plugin data while also
+ * allowing for plugin context data, generated when the plugin is invoked.
+ */
+struct flb_network_verifier_instance {
+    int id;                                 /* instance id              */
+    int log_level;                          /* instance log level       */
+    char name[32];                          /* numbered name            */
+    char *alias;                            /* alias name               */
+    void *context;                          /* Instance local context   */
+    struct flb_network_verifier_plugin *plugin; /* original plugin   */
+
+    struct mk_list properties;              /* config properties        */
+    struct mk_list *config_map;             /* configuration map        */
+
+    /* Keep a reference to the original context this instance belongs to */
+    const struct flb_config *config;
+
+    struct mk_list _head;                   /* config->network_verifiers  */
+};
+
+struct flb_network_verifier_instance *flb_network_verifier_new(
+    struct flb_config *config, const char *name);
+
+const char *flb_network_verifier_get_alias(
+    struct flb_network_verifier_instance *ins);
+
+int flb_network_verifier_set_property(
+   struct flb_network_verifier_instance *ins, const char *k, const char *v);
+int flb_network_verifier_plugin_property_check(
+    struct flb_network_verifier_instance *ins,
+    struct flb_config *config);
+int flb_network_verifier_init_all(struct flb_config *config);
+void flb_network_verifier_exit(struct flb_config *config);
+
+void flb_network_verifier_instance_destroy(
+    struct flb_network_verifier_instance *ins);
+
+const struct flb_network_verifier_instance *find_network_verifier_instance(
+                struct flb_config *config,
+                const char* alias);
+
+
+#endif
@@ -0,0 +1,47 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+
+/*  Fluent Bit
+ *  ==========
+ *  Copyright (C) 2015-2024 The Fluent Bit Authors
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+#ifndef FLB_NETWORK_VERIFIER_PLUGIN_H
+#define FLB_NETWORK_VERIFIER_PLUGIN_H
+
+#include <fluent-bit/flb_info.h>
+#include <fluent-bit/flb_network_verifier.h>
+#include <fluent-bit/flb_log.h>
+
+#define flb_plg_log(ctx, level, fmt, ...)                                \
+    if (flb_log_check_level(ctx->log_level, level))                      \
+        flb_log_print(level, NULL, 0, "[network_verifier:%s:%s] " fmt,       \
+                      ctx->plugin->name,                                 \
+                      flb_network_verifier_get_alias(ctx), ##__VA_ARGS__)
+
+#define flb_plg_error(ctx, fmt, ...) \
+    flb_plg_log(ctx, FLB_LOG_ERROR, fmt, ##__VA_ARGS__)
+
+#define flb_plg_warn(ctx, fmt, ...)  \
+    flb_plg_log(ctx, FLB_LOG_WARN, fmt, ##__VA_ARGS__)
+
+#define flb_plg_info(ctx, fmt, ...)  \
+    flb_plg_log(ctx, FLB_LOG_INFO, fmt, ##__VA_ARGS__)
+
+#define flb_plg_debug(ctx, fmt, ...) \
+    flb_plg_log(ctx, FLB_LOG_DEBUG, fmt, ##__VA_ARGS__)
+
+#define flb_plg_trace(ctx, fmt, ...) \
+    flb_plg_log(ctx, FLB_LOG_TRACE, fmt, ##__VA_ARGS__)
+#endif
@@ -377,6 +377,8 @@ struct flb_output_instance {
     char *tls_win_thumbprints;               /* CertStore Thumbprints (Windows) */
 # endif
 #endif
+    char* network_verifier;           /* Connection Verifier alias */
+    struct flb_network_verifier_instance* verifier_ins;
 
     /*
      * network info:
 
@@ -28,6 +28,7 @@
 #define FLB_PLUGIN_FILTER    2
 #define FLB_PLUGIN_OUTPUT    3
 #define FLB_PLUGIN_PROCESSOR 4
+#define FLB_PLUGIN_NETWORK_VERIFIER 5
 
 /* Informational contexts for discovered dynamic plugins */
 struct flb_plugin {
@@ -42,6 +43,7 @@ struct flb_plugins {
     struct mk_list processor;
     struct mk_list filter;
     struct mk_list output;
+    struct mk_list network_verifier;
 };
 
 struct flb_plugins *flb_plugin_create();
 
@@ -25,6 +25,7 @@
 #include <fluent-bit/flb_input.h>
 #include <fluent-bit/flb_output.h>
 #include <fluent-bit/flb_filter.h>
+#include <fluent-bit/flb_network_verifier.h>
 #include <fluent-bit/flb_config.h>
 #include <fluent-bit/flb_log.h>
 
@@ -34,6 +35,7 @@ extern struct flb_output_plugin *flb_zig_native_output_plugin_init(void *);
 @FLB_OUT_PLUGINS_DECL@
 @FLB_FILTER_PLUGINS_DECL@
 @FLB_PROCESSOR_PLUGINS_DECL@
+@FLB_NETWORK_VERIFIER_PLUGINS_DECL@
 
 int flb_plugins_register(struct flb_config *config)
 {
@@ -42,12 +44,14 @@ int flb_plugins_register(struct flb_config *config)
     struct flb_output_plugin *out;
     struct flb_filter_plugin *filter;
     struct flb_processor_plugin *processor;
+    struct flb_network_verifier_plugin *network_verifier;
 
 @FLB_CUSTOM_PLUGINS_ADD@
 @FLB_IN_PLUGINS_ADD@
 @FLB_OUT_PLUGINS_ADD@
 @FLB_FILTER_PLUGINS_ADD@
 @FLB_PROCESSOR_PLUGINS_ADD@
+@FLB_NETWORK_VERIFIER_PLUGINS_ADD@
 
     return 0;
 }
@@ -61,6 +65,7 @@ void flb_plugins_unregister(struct flb_config *config)
     struct flb_output_plugin *out;
     struct flb_filter_plugin *filter;
     struct flb_processor_plugin *processor;
+    struct flb_network_verifier_plugin *network_verifier;
 
     mk_list_foreach_safe(head, tmp, &config->custom_plugins) {
         custom = mk_list_entry(head, struct flb_custom_plugin, _head);
@@ -100,6 +105,12 @@ void flb_plugins_unregister(struct flb_config *config)
         mk_list_del(&processor->_head);
         flb_free(processor);
     }
+
+    mk_list_foreach_safe(head, tmp, &config->network_verifier_plugins) {
+        network_verifier = mk_list_entry(head, struct flb_network_verifier_plugin, _head);
+        mk_list_del(&network_verifier->_head);
+        flb_free(network_verifier);
+    }
 }
 
 #endif