aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Holger Weiss <holger@zedat.fu-berlin.de> 2013-06-30 16:05:48 +0200
committerGravatar Holger Weiss <holger@zedat.fu-berlin.de> 2013-06-30 16:05:48 +0200
commit9dad98f33efe2519b67c76dbc4ce00e4201c8009 (patch)
tree1e1634dcb0d409343258c7fb352debf6209c0ebf
parent1eb879e3feefac3221efc636be50effb5ac5547d (diff)
downloadmonitoring-plugins-9dad98f33efe2519b67c76dbc4ce00e4201c8009.tar.gz
check_ntp_peer: Verify type of response packets
The check_ntp_peer plugin now ignores response packets with an unexpected "Operation Code" and/or "Sequence" number (cf. RFC 1305, Appendix B). This fixes an issue where the check_ntp_peer requests got duplicated on their way to the server (due to some network switch bug), and the server therefore sent multiple responses per request. Thanks to Marc Haber for reporting the issue.
-rw-r--r--plugins/check_ntp_peer.c32
1 files changed, 19 insertions, 13 deletions
diff --git a/plugins/check_ntp_peer.c b/plugins/check_ntp_peer.c
index b59c056d..76152e17 100644
--- a/plugins/check_ntp_peer.c
+++ b/plugins/check_ntp_peer.c
@@ -241,15 +241,19 @@ int ntp_request(const char *host, double *offset, int *offset_result, double *ji
DBG(printf("sending READSTAT request"));
write(conn, &req, SIZEOF_NTPCM(req));
DBG(print_ntp_control_message(&req));
- /* Attempt to read the largest size packet possible */
- req.count=htons(MAX_CM_SIZE);
- DBG(printf("recieving READSTAT response"))
- if(read(conn, &req, SIZEOF_NTPCM(req)) == -1)
- die(STATE_CRITICAL, "NTP CRITICAL: No response from NTP server\n");
- DBG(print_ntp_control_message(&req));
- /* discard obviously invalid packets */
- if (ntohs(req.count) > MAX_CM_SIZE)
- die(STATE_CRITICAL, "NTP CRITICAL: Invalid packet received from NTP server\n");
+
+ do {
+ /* Attempt to read the largest size packet possible */
+ req.count=htons(MAX_CM_SIZE);
+ DBG(printf("recieving READSTAT response"))
+ if(read(conn, &req, SIZEOF_NTPCM(req)) == -1)
+ die(STATE_CRITICAL, "NTP CRITICAL: No response from NTP server\n");
+ DBG(print_ntp_control_message(&req));
+ /* discard obviously invalid packets */
+ if (ntohs(req.count) > MAX_CM_SIZE)
+ die(STATE_CRITICAL, "NTP CRITICAL: Invalid packet received from NTP server\n");
+ } while (!(req.op&OP_READSTAT && ntohs(req.seq) == 1));
+
if (LI(req.flags) == LI_ALARM) li_alarm = 1;
/* Each peer identifier is 4 bytes in the data section, which
* we represent as a ntp_assoc_status_pair datatype.
@@ -312,10 +316,12 @@ int ntp_request(const char *host, double *offset, int *offset_result, double *ji
write(conn, &req, SIZEOF_NTPCM(req));
DBG(print_ntp_control_message(&req));
- req.count = htons(MAX_CM_SIZE);
- DBG(printf("receiving READVAR response...\n"));
- read(conn, &req, SIZEOF_NTPCM(req));
- DBG(print_ntp_control_message(&req));
+ do {
+ req.count = htons(MAX_CM_SIZE);
+ DBG(printf("receiving READVAR response...\n"));
+ read(conn, &req, SIZEOF_NTPCM(req));
+ DBG(print_ntp_control_message(&req));
+ } while (!(req.op&OP_READVAR && ntohs(req.seq) == 2));
if(!(req.op&REM_ERROR))
xasprintf(&data, "%s%s", data, req.data);