Home Explore Help
Sign In
LBP
/
nagios-plugins
mirror of https://github.com/nagios-plugins/nagios-plugins.git
4
0
Fork 0
Files Issues 0 Wiki
Browse Source

check_ntp_peer: Verify type of response packets

The check_ntp_peer plugin now ignores response packets with an
unexpected "Operation Code" and/or "Sequence" number (cf. RFC 1305,
Appendix B).  This fixes an issue where the check_ntp_peer requests got
duplicated on their way to the server (due to some network switch bug),
and the server therefore sent multiple responses per request.

Thanks to Marc Haber for reporting the issue.
Holger Weiss 12 years ago
parent
1eb879e3fe
commit
9dad98f33e
1 changed files with 19 additions and 13 deletions
Unified View Show Diff Stats
  1. 19 13
      plugins/check_ntp_peer.c

+ 19 - 13
plugins/check_ntp_peer.c
View File 

@@ -241,15 +241,19 @@ int ntp_request(const char *host, double *offset, int *offset_result, double *ji
 
 		DBG(printf("sending READSTAT request"));
 
 		DBG(printf("sending READSTAT request"));
 
 		write(conn, &req, SIZEOF_NTPCM(req));
 
 		write(conn, &req, SIZEOF_NTPCM(req));
 
 		DBG(print_ntp_control_message(&req));
 
 		DBG(print_ntp_control_message(&req));
 
-		/* Attempt to read the largest size packet possible */
 
-		req.count=htons(MAX_CM_SIZE);
 
-		DBG(printf("recieving READSTAT response"))
 
-		if(read(conn, &req, SIZEOF_NTPCM(req)) == -1)
 
-			die(STATE_CRITICAL, "NTP CRITICAL: No response from NTP server\n");
 
-		DBG(print_ntp_control_message(&req));
 
-		/* discard obviously invalid packets */
 
-		if (ntohs(req.count) > MAX_CM_SIZE)
 
-			die(STATE_CRITICAL, "NTP CRITICAL: Invalid packet received from NTP server\n");
 
+
 
+		do {
 
+			/* Attempt to read the largest size packet possible */
 
+			req.count=htons(MAX_CM_SIZE);
 
+			DBG(printf("recieving READSTAT response"))
 
+			if(read(conn, &req, SIZEOF_NTPCM(req)) == -1)
 
+				die(STATE_CRITICAL, "NTP CRITICAL: No response from NTP server\n");
 
+			DBG(print_ntp_control_message(&req));
 
+			/* discard obviously invalid packets */
 
+			if (ntohs(req.count) > MAX_CM_SIZE)
 
+				die(STATE_CRITICAL, "NTP CRITICAL: Invalid packet received from NTP server\n");
 
+		} while (!(req.op&OP_READSTAT && ntohs(req.seq) == 1));
 
+
 
 		if (LI(req.flags) == LI_ALARM) li_alarm = 1;
 
 		if (LI(req.flags) == LI_ALARM) li_alarm = 1;
 
 		/* Each peer identifier is 4 bytes in the data section, which
 
 		/* Each peer identifier is 4 bytes in the data section, which
 
 	 	 * we represent as a ntp_assoc_status_pair datatype.
 
 	 	 * we represent as a ntp_assoc_status_pair datatype.
 
@@ -312,10 +316,12 @@ int ntp_request(const char *host, double *offset, int *offset_result, double *ji
 
 				write(conn, &req, SIZEOF_NTPCM(req));
 
 				write(conn, &req, SIZEOF_NTPCM(req));
 
 				DBG(print_ntp_control_message(&req));
 
 				DBG(print_ntp_control_message(&req));
 
 
 
-				req.count = htons(MAX_CM_SIZE);
 
-				DBG(printf("receiving READVAR response...\n"));
 
-				read(conn, &req, SIZEOF_NTPCM(req));
 
-				DBG(print_ntp_control_message(&req));
 
+				do {
 
+					req.count = htons(MAX_CM_SIZE);
 
+					DBG(printf("receiving READVAR response...\n"));
 
+					read(conn, &req, SIZEOF_NTPCM(req));
 
+					DBG(print_ntp_control_message(&req));
 
+				} while (!(req.op&OP_READVAR && ntohs(req.seq) == 2));
 
 
 
 				if(!(req.op&REM_ERROR))
 
 				if(!(req.op&REM_ERROR))
 
 					xasprintf(&data, "%s%s", data, req.data);
 
 					xasprintf(&data, "%s%s", data, req.data);