[collectd-changes] collectd, the system statistics collection daemon: Changes to 'master'
octo at verplant.org
Sat Apr 11 01:26:08 CEST 2009
configure.in | 84 +++++
src/Makefile.am | 6 +
src/collectd.conf.pod | 39 +++
src/network.c | 905 ++++++++++++++++++++++++++++++++++++++++---------
src/network.h | 7 +
5 files changed, 888 insertions(+), 153 deletions(-)
Author: Florian Forster <octo at leeloo.lan.home.verplant.org>
Date: Sat Apr 11 01:08:40 2009 +0200
network plugin: Implement signing and encryption of network traffic.
The patch adds shared secret signing and encryption of network traffic.
Currently, there are three âsecurity levelsâ:
Encrypt outgoing data and only accept encrypted data when receiving.
Outgoing data is signed; signed and encrypted data is accepted when
Send without any cryptography and accept anything when receiving.
The security level and shared secret can be set per-socket, so that
forwarding instances can re-encrypt and similar goodies.
The libgcrypt library is used to calculate hashes, encrypt and decrypt,
see <http://www.gnu.org/software/libgcrypt/>. I tested compiling the
`network' plugin without libgcrypt afterwards, but haven't tested this
Algorithms used are SHA-256 for signing and AES-256 in ECB mode /
SHA-224 when encrypting. Also, SHA-256 is used to get the 32 byte key
for AES-256 from the user-supplied secret.
More information about the collectd-changes