aboutsummaryrefslogtreecommitdiff
path: root/plugins-root
diff options
context:
space:
mode:
Diffstat (limited to 'plugins-root')
-rw-r--r--plugins-root/.cvsignore5
-rw-r--r--plugins-root/Makefile.am74
-rw-r--r--plugins-root/check_dhcp.c1261
-rw-r--r--plugins-root/check_icmp.c1199
4 files changed, 2539 insertions, 0 deletions
diff --git a/plugins-root/.cvsignore b/plugins-root/.cvsignore
new file mode 100644
index 00000000..e3a62594
--- /dev/null
+++ b/plugins-root/.cvsignore
@@ -0,0 +1,5 @@
+.deps
+Makefile.in
+Makefile
+check_dhcp
+check_icmp
diff --git a/plugins-root/Makefile.am b/plugins-root/Makefile.am
new file mode 100644
index 00000000..aae9adbe
--- /dev/null
+++ b/plugins-root/Makefile.am
@@ -0,0 +1,74 @@
+## Process this file with automake to produce Makefile.in
+
+VPATH = $(top_srcdir) $(top_srcdir)/lib $(top_srcdir)/plugins $(top_srcdir)/plugins/t
+
+INCLUDES = -I.. -I$(top_srcdir)/lib -I$(top_srcdir)/intl -I$(top_srcdir)/plugins
+
+datadir = @datadir@
+localedir = $(datadir)/locale
+DEFS = -DLOCALEDIR=\"$(localedir)\" @DEFS@
+LIBS = @LIBINTL@ @LIBS@ @SSLINCLUDE@
+
+EXTRA_PROGRAMS = check_dhcp check_icmp
+
+BASEOBJS = ../plugins/utils.o ../lib/libnagiosplug.a ../lib/libcoreutils.a
+NETOBJS = ../plugins/netutils.o $(BASEOBJS) $(EXTRA_NETOBJS)
+NETLIBS = $(NETOBJS) $(SOCKETLIBS)
+
+TESTS_ENVIRONMENT = perl -I $(top_builddir) -I $(top_srcdir)
+
+TESTS = @PLUGIN_TEST@
+
+test:
+ perl -I $(top_builddir) -I $(top_srcdir) ../test.pl
+
+all-local: $(EXTRA_PROGRAMS)
+
+setuid_root_mode = 4550
+
+group = nagios
+
+# /* Author Coreutils team - see ACKNOWLEDGEMENTS */
+
+INSTALL_SUID = \
+ for f in $(EXTRA_PROGRAMS) ; do \
+ p=$$f; \
+ echo " $(INSTALL_PROGRAM) $$p $(DESTDIR)$(libexecdir)/$$p"; \
+ $(INSTALL_PROGRAM) $$p $(DESTDIR)$(libexecdir)/$$p; \
+ echo " chown root $(DESTDIR)$(libexecdir)/$$p"; \
+ chown root $(DESTDIR)$(libexecdir)/$$p; \
+ echo " chmod $(setuid_root_mode) $(DESTDIR)$(libexecdir)/$$p"; \
+ chmod $(setuid_root_mode) $(DESTDIR)$(libexecdir)/$$p; \
+ done
+
+install-root: $(EXTRA_PROGRAMS)
+ @$(INSTALL_SUID)
+
+install-exec-local: $(EXTRA_PROGRAMS)
+ @TMPFILE=$(DESTDIR)$(libexecdir)/.setuid-$$$$; \
+ rm -f $$TMPFILE; \
+ echo > $$TMPFILE; \
+ ## See if we can create a setuid root executable in $(libexecdir).
+ ## If not, then don't even try to install setuid plugins.
+ can_create_suid_root_executable=no; \
+ chown root $$TMPFILE > /dev/null 2>&1 \
+ && chmod $(setuid_root_mode) $$TMPFILE > /dev/null 2>&1 \
+ && can_create_suid_root_executable=yes; \
+ rm -f $$TMPFILE; \
+ if test $$can_create_suid_root_executable = yes; then \
+ $(INSTALL_SUID); \
+ else \
+ echo "WARNING: insufficient access; not installing setuid plugins"; \
+ echo "NOTE: to install setuid plugins, run 'make install-root' as root"; \
+ fi
+
+# /* Author Coreutils team sub-citation */
+
+##############################################################################
+# the actual targets
+check_dhcp_LDADD = $(NETLIBS)
+check_icmp_LDADD = $(SOCKETLIBS)
+
+check_dhcp_DEPENDENCIES = check_dhcp.c $(NETOBJS) $(DEPLIBS)
+check_icmp_DEPENDENCIES = check_icmp.c
+
diff --git a/plugins-root/check_dhcp.c b/plugins-root/check_dhcp.c
new file mode 100644
index 00000000..a3e0c53c
--- /dev/null
+++ b/plugins-root/check_dhcp.c
@@ -0,0 +1,1261 @@
+/******************************************************************************
+*
+* CHECK_DHCP.C
+*
+* Program: DHCP plugin for Nagios
+* License: GPL
+* Copyright (c) 2001-2004 Ethan Galstad (nagios@nagios.org)
+*
+* License Information:
+*
+* This program is free software; you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation; either version 2 of the License, or
+* (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program; if not, write to the Free Software
+* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*
+* $Id$
+*
+*****************************************************************************/
+
+const char *progname = "check_dhcp";
+const char *revision = "$Revision$";
+const char *copyright = "2001-2004";
+const char *email = "nagiosplug-devel@lists.sourceforge.net";
+
+#include "common.h"
+#include "netutils.h"
+#include "utils.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <sys/time.h>
+#include <sys/ioctl.h>
+#include <fcntl.h>
+#include <getopt.h>
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <netdb.h>
+#include <netinet/in.h>
+#include <net/if.h>
+#include <arpa/inet.h>
+
+#if defined( __linux__ )
+
+#include <linux/if_ether.h>
+#include <features.h>
+
+#elif defined (__bsd__)
+
+#include <netinet/if_ether.h>
+#include <sys/sysctl.h>
+#include <net/if_dl.h>
+
+#elif defined(__sun__) || defined(__solaris__) || defined(__hpux__)
+
+#define INSAP 22
+#define OUTSAP 24
+
+#include <signal.h>
+#include <ctype.h>
+#include <sys/stropts.h>
+#include <sys/poll.h>
+#include <sys/dlpi.h>
+
+#define bcopy(source, destination, length) memcpy(destination, source, length)
+
+#define AREA_SZ 5000 /* buffer length in bytes */
+static u_long ctl_area[AREA_SZ];
+static u_long dat_area[AREA_SZ];
+static struct strbuf ctl = {AREA_SZ, 0, (char *)ctl_area};
+static struct strbuf dat = {AREA_SZ, 0, (char *)dat_area};
+
+#define GOT_CTRL 1
+#define GOT_DATA 2
+#define GOT_BOTH 3
+#define GOT_INTR 4
+#define GOT_ERR 128
+
+#define u_int8_t uint8_t
+#define u_int16_t uint16_t
+#define u_int32_t uint32_t
+
+static int get_msg(int);
+static int check_ctrl(int);
+static int put_ctrl(int, int, int);
+static int put_both(int, int, int, int);
+static int dl_open(const char *, int, int *);
+static int dl_bind(int, int, u_char *);
+long mac_addr_dlpi( const char *, int, u_char *);
+
+#endif
+
+#define HAVE_GETOPT_H
+
+
+/**** Common definitions ****/
+
+#define STATE_OK 0
+#define STATE_WARNING 1
+#define STATE_CRITICAL 2
+#define STATE_UNKNOWN -1
+
+#define OK 0
+#define ERROR -1
+
+#define FALSE 0
+#define TRUE 1
+
+
+/**** DHCP definitions ****/
+
+#define MAX_DHCP_CHADDR_LENGTH 16
+#define MAX_DHCP_SNAME_LENGTH 64
+#define MAX_DHCP_FILE_LENGTH 128
+#define MAX_DHCP_OPTIONS_LENGTH 312
+
+
+typedef struct dhcp_packet_struct{
+ u_int8_t op; /* packet type */
+ u_int8_t htype; /* type of hardware address for this machine (Ethernet, etc) */
+ u_int8_t hlen; /* length of hardware address (of this machine) */
+ u_int8_t hops; /* hops */
+ u_int32_t xid; /* random transaction id number - chosen by this machine */
+ u_int16_t secs; /* seconds used in timing */
+ u_int16_t flags; /* flags */
+ struct in_addr ciaddr; /* IP address of this machine (if we already have one) */
+ struct in_addr yiaddr; /* IP address of this machine (offered by the DHCP server) */
+ struct in_addr siaddr; /* IP address of DHCP server */
+ struct in_addr giaddr; /* IP address of DHCP relay */
+ unsigned char chaddr [MAX_DHCP_CHADDR_LENGTH]; /* hardware address of this machine */
+ char sname [MAX_DHCP_SNAME_LENGTH]; /* name of DHCP server */
+ char file [MAX_DHCP_FILE_LENGTH]; /* boot file name (used for diskless booting?) */
+ char options[MAX_DHCP_OPTIONS_LENGTH]; /* options */
+ }dhcp_packet;
+
+
+typedef struct dhcp_offer_struct{
+ struct in_addr server_address; /* address of DHCP server that sent this offer */
+ struct in_addr offered_address; /* the IP address that was offered to us */
+ u_int32_t lease_time; /* lease time in seconds */
+ u_int32_t renewal_time; /* renewal time in seconds */
+ u_int32_t rebinding_time; /* rebinding time in seconds */
+ struct dhcp_offer_struct *next;
+ }dhcp_offer;
+
+
+typedef struct requested_server_struct{
+ struct in_addr server_address;
+ struct requested_server_struct *next;
+ }requested_server;
+
+
+#define BOOTREQUEST 1
+#define BOOTREPLY 2
+
+#define DHCPDISCOVER 1
+#define DHCPOFFER 2
+#define DHCPREQUEST 3
+#define DHCPDECLINE 4
+#define DHCPACK 5
+#define DHCPNACK 6
+#define DHCPRELEASE 7
+
+#define DHCP_OPTION_MESSAGE_TYPE 53
+#define DHCP_OPTION_HOST_NAME 12
+#define DHCP_OPTION_BROADCAST_ADDRESS 28
+#define DHCP_OPTION_REQUESTED_ADDRESS 50
+#define DHCP_OPTION_LEASE_TIME 51
+#define DHCP_OPTION_RENEWAL_TIME 58
+#define DHCP_OPTION_REBINDING_TIME 59
+
+#define DHCP_INFINITE_TIME 0xFFFFFFFF
+
+#define DHCP_BROADCAST_FLAG 32768
+
+#define DHCP_SERVER_PORT 67
+#define DHCP_CLIENT_PORT 68
+
+#define ETHERNET_HARDWARE_ADDRESS 1 /* used in htype field of dhcp packet */
+#define ETHERNET_HARDWARE_ADDRESS_LENGTH 6 /* length of Ethernet hardware addresses */
+
+unsigned char client_hardware_address[MAX_DHCP_CHADDR_LENGTH]="";
+
+char network_interface_name[8]="eth0";
+
+u_int32_t packet_xid=0;
+
+u_int32_t dhcp_lease_time=0;
+u_int32_t dhcp_renewal_time=0;
+u_int32_t dhcp_rebinding_time=0;
+
+int dhcpoffer_timeout=2;
+
+dhcp_offer *dhcp_offer_list=NULL;
+requested_server *requested_server_list=NULL;
+
+int valid_responses=0; /* number of valid DHCPOFFERs we received */
+int requested_servers=0;
+int requested_responses=0;
+
+int request_specific_address=FALSE;
+int received_requested_address=FALSE;
+int verbose=0;
+struct in_addr requested_address;
+
+
+int process_arguments(int, char **);
+int call_getopt(int, char **);
+int validate_arguments(void);
+void print_usage(void);
+void print_help(void);
+
+int get_hardware_address(int,char *);
+
+int send_dhcp_discover(int);
+int get_dhcp_offer(int);
+
+int get_results(void);
+
+int add_dhcp_offer(struct in_addr,dhcp_packet *);
+int free_dhcp_offer_list(void);
+int free_requested_server_list(void);
+
+int create_dhcp_socket(void);
+int close_dhcp_socket(int);
+int send_dhcp_packet(void *,int,int,struct sockaddr_in *);
+int receive_dhcp_packet(void *,int,int,int,struct sockaddr_in *);
+
+
+
+int main(int argc, char **argv){
+ int dhcp_socket;
+ int result;
+
+ setlocale (LC_ALL, "");
+ bindtextdomain (PACKAGE, LOCALEDIR);
+ textdomain (PACKAGE);
+
+ if(process_arguments(argc,argv)!=OK){
+ usage4 (_("Could not parse arguments"));
+ }
+
+ /* create socket for DHCP communications */
+ dhcp_socket=create_dhcp_socket();
+
+ /* get hardware address of client machine */
+ get_hardware_address(dhcp_socket,network_interface_name);
+
+ /* send DHCPDISCOVER packet */
+ send_dhcp_discover(dhcp_socket);
+
+ /* wait for a DHCPOFFER packet */
+ get_dhcp_offer(dhcp_socket);
+
+ /* close socket we created */
+ close_dhcp_socket(dhcp_socket);
+
+ /* determine state/plugin output to return */
+ result=get_results();
+
+ /* free allocated memory */
+ free_dhcp_offer_list();
+ free_requested_server_list();
+
+ return result;
+ }
+
+
+
+/* determines hardware address on client machine */
+int get_hardware_address(int sock,char *interface_name){
+
+ int i;
+
+#if defined(__linux__)
+ struct ifreq ifr;
+
+ strncpy((char *)&ifr.ifr_name,interface_name,sizeof(ifr.ifr_name));
+
+ /* try and grab hardware address of requested interface */
+ if(ioctl(sock,SIOCGIFHWADDR,&ifr)<0){
+ printf(_("Error: Could not get hardware address of interface '%s'\n"),interface_name);
+ exit(STATE_UNKNOWN);
+ }
+
+ memcpy(&client_hardware_address[0],&ifr.ifr_hwaddr.sa_data,6);
+
+#elif defined(__bsd__)
+ /* King 2004 see ACKNOWLEDGEMENTS */
+
+ int mib[6], len;
+ char *buf;
+ unsigned char *ptr;
+ struct if_msghdr *ifm;
+ struct sockaddr_dl *sdl;
+
+ mib[0] = CTL_NET;
+ mib[1] = AF_ROUTE;
+ mib[2] = 0;
+ mib[3] = AF_LINK;
+ mib[4] = NET_RT_IFLIST;
+
+ if ((mib[5] = if_nametoindex(interface_name)) == 0) {
+ printf(_("Error: if_nametoindex error - %s.\n"), strerror(errno));
+ exit(STATE_UNKNOWN);
+ }
+
+ if (sysctl(mib, 6, NULL, &len, NULL, 0) < 0) {
+ printf(_("Error: Couldn't get hardware address from %s. sysctl 1 error - %s.\n"), interface_name, strerror(errno));
+ exit(STATE_UNKNOWN);
+ }
+
+ if ((buf = malloc(len)) == NULL) {
+ printf(_("Error: Couldn't get hardware address from interface %s. malloc error - %s.\n"), interface_name, strerror(errno));
+ exit(4);
+ }
+
+ if (sysctl(mib, 6, buf, &len, NULL, 0) < 0) {
+ printf(_("Error: Couldn't get hardware address from %s. sysctl 2 error - %s.\n"), interface_name, strerror(errno));
+ exit(STATE_UNKNOWN);
+ }
+
+ ifm = (struct if_msghdr *)buf;
+ sdl = (struct sockaddr_dl *)(ifm + 1);
+ ptr = (unsigned char *)LLADDR(sdl);
+ memcpy(&client_hardware_address[0], ptr, 6) ;
+ /* King 2004 */
+
+#elif defined(__sun__) || defined(__solaris__)
+
+ /* Kompf 2000-2003 see ACKNOWLEDGEMENTS */
+ long stat;
+ char dev[20] = "/dev/";
+ char *p;
+ int unit;
+
+ for (p = interface_name; *p && isalpha(*p); p++)
+ /* no-op */ ;
+ if ( p != '\0' ) {
+ unit = atoi(p) ;
+ *p = '\0' ;
+ strncat(dev, interface_name, 6) ;
+ } else {
+ printf(_("Error: can't find unit number in interface_name (%s) - expecting TypeNumber eg lnc0.\n"), interface_name);
+ exit(STATE_UNKNOWN);
+ }
+ stat = mac_addr_dlpi(dev, unit, client_hardware_address);
+ if (stat != 0) {
+ printf(_("Error: can't read MAC address from DLPI streams interface for device %s unit %d.\n"), dev, unit);
+ exit(STATE_UNKNOWN);
+ }
+
+#elif defined(__hpux__)
+
+ long stat;
+ char dev[20] = "/dev/dlpi" ;
+ int unit = 0;
+
+ stat = mac_addr_dlpi(dev, unit, client_hardware_address);
+ if (stat != 0) {
+ printf(_("Error: can't read MAC address from DLPI streams interface for device %s unit %d.\n"), dev, unit);
+ exit(STATE_UNKNOWN);
+ }
+ /* Kompf 2000-2003 */
+
+#else
+ printf(_("Error: can't get MAC address for this architecture.\n"));
+ exit(STATE_UNKNOWN);
+#endif
+
+ if (verbose) {
+ printf(_("Hardware address: "));
+ for (i=0; i<6; ++i)
+ printf("%2.2x", client_hardware_address[i]);
+ printf( "\n");
+ }
+
+ return OK;
+ }
+
+
+/* sends a DHCPDISCOVER broadcast message in an attempt to find DHCP servers */
+int send_dhcp_discover(int sock){
+ dhcp_packet discover_packet;
+ struct sockaddr_in sockaddr_broadcast;
+
+
+ /* clear the packet data structure */
+ bzero(&discover_packet,sizeof(discover_packet));
+
+
+ /* boot request flag (backward compatible with BOOTP servers) */
+ discover_packet.op=BOOTREQUEST;
+
+ /* hardware address type */
+ discover_packet.htype=ETHERNET_HARDWARE_ADDRESS;
+
+ /* length of our hardware address */
+ discover_packet.hlen=ETHERNET_HARDWARE_ADDRESS_LENGTH;
+
+ discover_packet.hops=0;
+
+ /* transaction id is supposed to be random */
+ srand(time(NULL));
+ packet_xid=random();
+ discover_packet.xid=htonl(packet_xid);
+
+ /**** WHAT THE HECK IS UP WITH THIS?!? IF I DON'T MAKE THIS CALL, ONLY ONE SERVER RESPONSE IS PROCESSED!!!! ****/
+ /* downright bizzarre... */
+ ntohl(discover_packet.xid);
+
+ /*discover_packet.secs=htons(65535);*/
+ discover_packet.secs=0xFF;
+
+ /* tell server it should broadcast its response */
+ discover_packet.flags=htons(DHCP_BROADCAST_FLAG);
+
+ /* our hardware address */
+ memcpy(discover_packet.chaddr,client_hardware_address,ETHERNET_HARDWARE_ADDRESS_LENGTH);
+
+ /* first four bytes of options field is magic cookie (as per RFC 2132) */
+ discover_packet.options[0]='\x63';
+ discover_packet.options[1]='\x82';
+ discover_packet.options[2]='\x53';
+ discover_packet.options[3]='\x63';
+
+ /* DHCP message type is embedded in options field */
+ discover_packet.options[4]=DHCP_OPTION_MESSAGE_TYPE; /* DHCP message type option identifier */
+ discover_packet.options[5]='\x01'; /* DHCP message option length in bytes */
+ discover_packet.options[6]=DHCPDISCOVER;
+
+ /* the IP address we're requesting */
+ if(request_specific_address==TRUE){
+ discover_packet.options[7]=DHCP_OPTION_REQUESTED_ADDRESS;
+ discover_packet.options[8]='\x04';
+ memcpy(&discover_packet.options[9],&requested_address,sizeof(requested_address));
+ }
+
+ /* send the DHCPDISCOVER packet to broadcast address */
+ sockaddr_broadcast.sin_family=AF_INET;
+ sockaddr_broadcast.sin_port=htons(DHCP_SERVER_PORT);
+ sockaddr_broadcast.sin_addr.s_addr=INADDR_BROADCAST;
+ bzero(&sockaddr_broadcast.sin_zero,sizeof(sockaddr_broadcast.sin_zero));
+
+
+ if (verbose) {
+ printf(_("DHCPDISCOVER to %s port %d\n"),inet_ntoa(sockaddr_broadcast.sin_addr),ntohs(sockaddr_broadcast.sin_port));
+ printf("DHCPDISCOVER XID: %lu (0x%X)\n",ntohl(discover_packet.xid),ntohl(discover_packet.xid));
+ printf("DHCDISCOVER ciaddr: %s\n",inet_ntoa(discover_packet.ciaddr));
+ printf("DHCDISCOVER yiaddr: %s\n",inet_ntoa(discover_packet.yiaddr));
+ printf("DHCDISCOVER siaddr: %s\n",inet_ntoa(discover_packet.siaddr));
+ printf("DHCDISCOVER giaddr: %s\n",inet_ntoa(discover_packet.giaddr));
+ }
+
+ /* send the DHCPDISCOVER packet out */
+ send_dhcp_packet(&discover_packet,sizeof(discover_packet),sock,&sockaddr_broadcast);
+
+ if (verbose)
+ printf("\n\n");
+
+ return OK;
+ }
+
+
+
+
+/* waits for a DHCPOFFER message from one or more DHCP servers */
+int get_dhcp_offer(int sock){
+ dhcp_packet offer_packet;
+ struct sockaddr_in source;
+ int result=OK;
+ int timeout=1;
+ int responses=0;
+ int x;
+ time_t start_time;
+ time_t current_time;
+
+ time(&start_time);
+
+ /* receive as many responses as we can */
+ for(responses=0,valid_responses=0;;){
+
+ time(&current_time);
+ if((current_time-start_time)>=dhcpoffer_timeout)
+ break;
+
+ if (verbose)
+ printf("\n\n");
+
+ bzero(&source,sizeof(source));
+ bzero(&offer_packet,sizeof(offer_packet));
+
+ result=OK;
+ result=receive_dhcp_packet(&offer_packet,sizeof(offer_packet),sock,dhcpoffer_timeout,&source);
+
+ if(result!=OK){
+ if (verbose)
+ printf(_("Result=ERROR\n"));
+
+ continue;
+ }
+ else{
+ if (verbose)
+ printf(_("Result=OK\n"));
+
+ responses++;
+ }
+
+ if (verbose) {
+ printf(_("DHCPOFFER from IP address %s\n"),inet_ntoa(source.sin_addr));
+ printf("DHCPOFFER XID: %lu (0x%X)\n",ntohl(offer_packet.xid),ntohl(offer_packet.xid));
+ }
+
+ /* check packet xid to see if its the same as the one we used in the discover packet */
+ if(ntohl(offer_packet.xid)!=packet_xid){
+ if (verbose)
+ printf(_("DHCPOFFER XID (%lu) did not match DHCPDISCOVER XID (%lu) - ignoring packet\n"),ntohl(offer_packet.xid),packet_xid);
+
+ continue;
+ }
+
+ /* check hardware address */
+ result=OK;
+ if (verbose)
+ printf("DHCPOFFER chaddr: ");
+
+ for(x=0;x<ETHERNET_HARDWARE_ADDRESS_LENGTH;x++){
+ if (verbose)
+ printf("%02X",(unsigned char)offer_packet.chaddr[x]);
+
+ if(offer_packet.chaddr[x]!=client_hardware_address[x])
+ result=ERROR;
+ }
+ if (verbose)
+ printf("\n");
+
+ if(result==ERROR){
+ if (verbose)
+ printf(_("DHCPOFFER hardware address did not match our own - ignoring packet\n"));
+
+ continue;
+ }
+
+ if (verbose) {
+ printf("DHCPOFFER ciaddr: %s\n",inet_ntoa(offer_packet.ciaddr));
+ printf("DHCPOFFER yiaddr: %s\n",inet_ntoa(offer_packet.yiaddr));
+ printf("DHCPOFFER siaddr: %s\n",inet_ntoa(offer_packet.siaddr));
+ printf("DHCPOFFER giaddr: %s\n",inet_ntoa(offer_packet.giaddr));
+ }
+
+ add_dhcp_offer(source.sin_addr,&offer_packet);
+
+ valid_responses++;
+ }
+
+ if (verbose) {
+ printf(_("Total responses seen on the wire: %d\n"),responses);
+ printf(_("Valid responses for this machine: %d\n"),valid_responses);
+ }
+
+ return OK;
+ }
+
+
+
+/* sends a DHCP packet */
+int send_dhcp_packet(void *buffer, int buffer_size, int sock, struct sockaddr_in *dest){
+ struct sockaddr_in myname;
+ int result;
+
+ result=sendto(sock,(char *)buffer,buffer_size,0,(struct sockaddr *)dest,sizeof(*dest));
+
+ if (verbose)
+ printf(_("send_dhcp_packet result: %d\n"),result);
+
+ if(result<0)
+ return ERROR;
+
+ return OK;
+ }
+
+
+
+/* receives a DHCP packet */
+int receive_dhcp_packet(void *buffer, int buffer_size, int sock, int timeout, struct sockaddr_in *address){
+ struct timeval tv;
+ fd_set readfds;
+ int recv_result;
+ socklen_t address_size;
+ struct sockaddr_in source_address;
+
+
+ /* wait for data to arrive (up time timeout) */
+ tv.tv_sec=timeout;
+ tv.tv_usec=0;
+ FD_ZERO(&readfds);
+ FD_SET(sock,&readfds);
+ select(sock+1,&readfds,NULL,NULL,&tv);
+
+ /* make sure some data has arrived */
+ if(!FD_ISSET(sock,&readfds)){
+ if (verbose)
+ printf(_("No (more) data received\n"));
+ return ERROR;
+ }
+
+ else{
+
+ /* why do we need to peek first? i don't know, its a hack. without it, the source address of the first packet received was
+ not being interpreted correctly. sigh... */
+ bzero(&source_address,sizeof(source_address));
+ address_size=sizeof(source_address);
+ recv_result=recvfrom(sock,(char *)buffer,buffer_size,MSG_PEEK,(struct sockaddr *)&source_address,&address_size);
+ if (verbose)
+ printf("recv_result_1: %d\n",recv_result);
+ recv_result=recvfrom(sock,(char *)buffer,buffer_size,0,(struct sockaddr *)&source_address,&address_size);
+ if (verbose)
+ printf("recv_result_2: %d\n",recv_result);
+
+ if(recv_result==-1){
+ if (verbose) {
+ printf(_("recvfrom() failed, "));
+ printf("errno: (%d) -> %s\n",errno,strerror(errno));
+ }
+ return ERROR;
+ }
+ else{
+ if (verbose) {
+ printf(_("receive_dhcp_packet() result: %d\n"),recv_result);
+ printf(_("receive_dhcp_packet() source: %s\n"),inet_ntoa(source_address.sin_addr));
+ }
+
+ memcpy(address,&source_address,sizeof(source_address));
+ return OK;
+ }
+ }
+
+ return OK;
+ }
+
+
+/* creates a socket for DHCP communication */
+int create_dhcp_socket(void){
+ struct sockaddr_in myname;
+ struct ifreq interface;
+ int sock;
+ int flag=1;
+
+ /* Set up the address we're going to bind to. */
+ bzero(&myname,sizeof(myname));
+ myname.sin_family=AF_INET;
+ myname.sin_port=htons(DHCP_CLIENT_PORT);
+ myname.sin_addr.s_addr=INADDR_ANY; /* listen on any address */
+ bzero(&myname.sin_zero,sizeof(myname.sin_zero));
+
+ /* create a socket for DHCP communications */
+ sock=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
+ if(sock<0){
+ printf(_("Error: Could not create socket!\n"));
+ exit(STATE_UNKNOWN);
+ }
+
+ if (verbose)
+ printf("DHCP socket: %d\n",sock);
+
+ /* set the reuse address flag so we don't get errors when restarting */
+ flag=1;
+ if(setsockopt(sock,SOL_SOCKET,SO_REUSEADDR,(char *)&flag,sizeof(flag))<0){
+ printf(_("Error: Could not set reuse address option on DHCP socket!\n"));
+ exit(STATE_UNKNOWN);
+ }
+
+ /* set the broadcast option - we need this to listen to DHCP broadcast messages */
+ if(setsockopt(sock,SOL_SOCKET,SO_BROADCAST,(char *)&flag,sizeof flag)<0){
+ printf(_("Error: Could not set broadcast option on DHCP socket!\n"));
+ exit(STATE_UNKNOWN);
+ }
+
+ /* bind socket to interface */
+#if defined(__linux__)
+ strncpy(interface.ifr_ifrn.ifrn_name,network_interface_name,IFNAMSIZ);
+ if(setsockopt(sock,SOL_SOCKET,SO_BINDTODEVICE,(char *)&interface,sizeof(interface))<0){
+ printf(_("Error: Could not bind socket to interface %s. Check your privileges...\n"),network_interface_name);
+ exit(STATE_UNKNOWN);
+ }
+
+#else
+ strncpy(interface.ifr_name,network_interface_name,IFNAMSIZ);
+#endif
+
+ /* bind the socket */
+ if(bind(sock,(struct sockaddr *)&myname,sizeof(myname))<0){
+ printf(_("Error: Could not bind to DHCP socket (port %d)! Check your privileges...\n"),DHCP_CLIENT_PORT);
+ exit(STATE_UNKNOWN);
+ }
+
+ return sock;
+ }
+
+
+/* closes DHCP socket */
+int close_dhcp_socket(int sock){
+
+ close(sock);
+
+ return OK;
+ }
+
+
+/* adds a requested server address to list in memory */
+int add_requested_server(struct in_addr server_address){
+ requested_server *new_server;
+
+ new_server=(requested_server *)malloc(sizeof(requested_server));
+ if(new_server==NULL)
+ return ERROR;
+
+ new_server->server_address=server_address;
+
+ new_server->next=requested_server_list;
+ requested_server_list=new_server;
+
+ requested_servers++;
+
+ if (verbose)
+ printf(_("Requested server address: %s\n"),inet_ntoa(new_server->server_address));
+
+ return OK;
+ }
+
+
+
+
+/* adds a DHCP OFFER to list in memory */
+int add_dhcp_offer(struct in_addr source,dhcp_packet *offer_packet){
+ dhcp_offer *new_offer;
+ int x;
+ int y;
+ unsigned option_type;
+ unsigned option_length;
+
+ if(offer_packet==NULL)
+ return ERROR;
+
+ /* process all DHCP options present in the packet */
+ for(x=4;x<MAX_DHCP_OPTIONS_LENGTH;){
+
+ /* end of options (0 is really just a pad, but bail out anyway) */
+ if((int)offer_packet->options[x]==-1 || (int)offer_packet->options[x]==0)
+ break;
+
+ /* get option type */
+ option_type=offer_packet->options[x++];
+
+ /* get option length */
+ option_length=offer_packet->options[x++];
+
+ if (verbose)
+ printf("Option: %d (0x%02X)\n",option_type,option_length);
+
+ /* get option data */
+ if(option_type==DHCP_OPTION_LEASE_TIME) {
+ memcpy(&dhcp_lease_time, &offer_packet->options[x],
+ sizeof(dhcp_lease_time));
+ dhcp_lease_time = ntohl(dhcp_lease_time);
+ }
+ if(option_type==DHCP_OPTION_RENEWAL_TIME) {
+ memcpy(&dhcp_renewal_time, &offer_packet->options[x],
+ sizeof(dhcp_renewal_time));
+ dhcp_renewal_time = ntohl(dhcp_renewal_time);
+ }
+ if(option_type==DHCP_OPTION_REBINDING_TIME) {
+ memcpy(&dhcp_rebinding_time, &offer_packet->options[x],
+ sizeof(dhcp_rebinding_time));
+ dhcp_rebinding_time = ntohl(dhcp_rebinding_time);
+ }
+
+ /* skip option data we're ignoring */
+ else
+ for(y=0;y<option_length;y++,x++);
+ }
+
+ if (verbose) {
+ if(dhcp_lease_time==DHCP_INFINITE_TIME)
+ printf(_("Lease Time: Infinite\n"));
+ else
+ printf(_("Lease Time: %lu seconds\n"),(unsigned long)dhcp_lease_time);
+ if(dhcp_renewal_time==DHCP_INFINITE_TIME)
+ printf(_("Renewal Time: Infinite\n"));
+ else
+ printf(_("Renewal Time: %lu seconds\n"),(unsigned long)dhcp_renewal_time);
+ if(dhcp_rebinding_time==DHCP_INFINITE_TIME)
+ printf(_("Rebinding Time: Infinite\n"));
+ printf(_("Rebinding Time: %lu seconds\n"),(unsigned long)dhcp_rebinding_time);
+ }
+
+ new_offer=(dhcp_offer *)malloc(sizeof(dhcp_offer));
+
+ if(new_offer==NULL)
+ return ERROR;
+
+ new_offer->server_address=source;
+ new_offer->offered_address=offer_packet->yiaddr;
+ new_offer->lease_time=dhcp_lease_time;
+ new_offer->renewal_time=dhcp_renewal_time;
+ new_offer->rebinding_time=dhcp_rebinding_time;
+
+
+ if (verbose) {
+ printf(_("Added offer from server @ %s"),inet_ntoa(new_offer->server_address));
+ printf(_(" of IP address %s\n"),inet_ntoa(new_offer->offered_address));
+ }
+
+ /* add new offer to head of list */
+ new_offer->next=dhcp_offer_list;
+ dhcp_offer_list=new_offer;
+
+ return OK;
+ }
+
+
+/* frees memory allocated to DHCP OFFER list */
+int free_dhcp_offer_list(void){
+ dhcp_offer *this_offer;
+ dhcp_offer *next_offer;
+
+ for(this_offer=dhcp_offer_list;this_offer!=NULL;this_offer=next_offer){
+ next_offer=this_offer->next;
+ free(this_offer);
+ }
+
+ return OK;
+ }
+
+
+/* frees memory allocated to requested server list */
+int free_requested_server_list(void){
+ requested_server *this_server;
+ requested_server *next_server;
+
+ for(this_server=requested_server_list;this_server!=NULL;this_server=next_server){
+ next_server=this_server->next;
+ free(this_server);
+ }
+
+ return OK;
+ }
+
+
+/* gets state and plugin output to return */
+int get_results(void){
+ dhcp_offer *temp_offer;
+ requested_server *temp_server;
+ int result;
+ u_int32_t max_lease_time=0;
+
+ received_requested_address=FALSE;
+
+ /* checks responses from requested servers */
+ requested_responses=0;
+ if(requested_servers>0){
+
+ for(temp_server=requested_server_list;temp_server!=NULL;temp_server=temp_server->next){
+
+ for(temp_offer=dhcp_offer_list;temp_offer!=NULL;temp_offer=temp_offer->next){
+
+ /* get max lease time we were offered */
+ if(temp_offer->lease_time>max_lease_time || temp_offer->lease_time==DHCP_INFINITE_TIME)
+ max_lease_time=temp_offer->lease_time;
+
+ /* see if we got the address we requested */
+ if(!memcmp(&requested_address,&temp_offer->offered_address,sizeof(requested_address)))
+ received_requested_address=TRUE;
+
+ /* see if the servers we wanted a response from talked to us or not */
+ if(!memcmp(&temp_offer->server_address,&temp_server->server_address,sizeof(temp_server->server_address))){
+ if (verbose) {
+ printf(_("DHCP Server Match: Offerer=%s"),inet_ntoa(temp_offer->server_address));
+ printf(_(" Requested=%s\n"),inet_ntoa(temp_server->server_address));
+ }
+ requested_responses++;
+ }
+ }
+ }
+
+ }
+
+ /* else check and see if we got our requested address from any server */
+ else{
+
+ for(temp_offer=dhcp_offer_list;temp_offer!=NULL;temp_offer=temp_offer->next){
+
+ /* get max lease time we were offered */
+ if(temp_offer->lease_time>max_lease_time || temp_offer->lease_time==DHCP_INFINITE_TIME)
+ max_lease_time=temp_offer->lease_time;
+
+ /* see if we got the address we requested */
+ if(!memcmp(&requested_address,&temp_offer->offered_address,sizeof(requested_address)))
+ received_requested_address=TRUE;
+ }
+ }
+
+ result=STATE_OK;
+ if(valid_responses==0)
+ result=STATE_CRITICAL;
+ else if(requested_servers>0 && requested_responses==0)
+ result=STATE_CRITICAL;
+ else if(requested_responses<requested_servers)
+ result=STATE_WARNING;
+ else if(request_specific_address==TRUE && received_requested_address==FALSE)
+ result=STATE_WARNING;
+
+
+ printf("DHCP %s: ",(result==STATE_OK)?"ok":"problem");
+
+ /* we didn't receive any DHCPOFFERs */
+ if(dhcp_offer_list==NULL){
+ printf(_("No DHCPOFFERs were received.\n"));
+ return result;
+ }
+
+ printf(_("Received %d DHCPOFFER(s)"),valid_responses);
+
+ if(requested_servers>0)
+ printf(_(", %s%d of %d requested servers responded"),((requested_responses<requested_servers) && requested_responses>0)?"only ":"",requested_responses,requested_servers);
+
+ if(request_specific_address==TRUE)
+ printf(_(", requested address (%s) was %soffered"),inet_ntoa(requested_address),(received_requested_address==TRUE)?"":_("not "));
+
+ printf(_(", max lease time = "));
+ if(max_lease_time==DHCP_INFINITE_TIME)
+ printf(_("Infinity"));
+ else
+ printf("%lu sec",(unsigned long)max_lease_time);
+
+ printf(".\n");
+
+ return result;
+ }
+
+
+/* process command-line arguments */
+int process_arguments(int argc, char **argv){
+ int c;
+
+ if(argc<1)
+ return ERROR;
+
+ c=0;
+ while((c+=(call_getopt(argc-c,&argv[c])))<argc){
+
+ /*
+ if(is_option(argv[c]))
+ continue;
+ */
+ }
+
+ return validate_arguments();
+ }
+
+
+
+int call_getopt(int argc, char **argv){
+ int c=0;
+ int i=0;
+ struct in_addr ipaddress;
+
+#ifdef HAVE_GETOPT_H
+ int option_index = 0;
+ static struct option long_options[] =
+ {
+ {"serverip", required_argument,0,'s'},
+ {"requestedip", required_argument,0,'r'},
+ {"timeout", required_argument,0,'t'},
+ {"interface", required_argument,0,'i'},
+ {"verbose", no_argument, 0,'v'},
+ {"version", no_argument, 0,'V'},
+ {"help", no_argument, 0,'h'},
+ {0,0,0,0}
+ };
+#endif
+
+ while(1){
+#ifdef HAVE_GETOPT_H
+ c=getopt_long(argc,argv,"+hVvt:s:r:t:i:",long_options,&option_index);
+#else
+ c=getopt(argc,argv,"+?hVvt:s:r:t:i:");
+#endif
+
+ i++;
+
+ if(c==-1||c==EOF||c==1)
+ break;
+
+ switch(c){
+ case 'w':
+ case 'r':
+ case 't':
+ case 'i':
+ i++;
+ break;
+ default:
+ break;
+ }
+
+ switch(c){
+
+ case 's': /* DHCP server address */
+ if(inet_aton(optarg,&ipaddress))
+ add_requested_server(ipaddress);
+ /*
+ else
+ usage("Invalid server IP address\n");
+ */
+ break;
+
+ case 'r': /* address we are requested from DHCP servers */
+ if(inet_aton(optarg,&ipaddress)){
+ requested_address=ipaddress;
+ request_specific_address=TRUE;
+ }
+ /*
+ else
+ usage("Invalid requested IP address\n");
+ */
+ break;
+
+ case 't': /* timeout */
+
+ /*
+ if(is_intnonneg(optarg))
+ */
+ if(atoi(optarg)>0)
+ dhcpoffer_timeout=atoi(optarg);
+ /*
+ else
+ usage("Time interval must be a nonnegative integer\n");
+ */
+ break;
+
+ case 'i': /* interface name */
+
+ strncpy(network_interface_name,optarg,sizeof(network_interface_name)-1);
+ network_interface_name[sizeof(network_interface_name)-1]='\x0';
+
+ break;
+
+ case 'V': /* version */
+ print_revision(progname,revision);
+ exit(STATE_OK);
+
+ case 'h': /* help */
+ print_help();
+ exit(STATE_OK);
+
+ case 'v': /* verbose */
+ verbose=1;
+ break;
+
+ case '?': /* help */
+ usage2 (_("Unknown argument"), optarg);
+ break;
+
+ default:
+ break;
+ }
+ }
+
+ return i;
+ }
+
+
+int validate_arguments(void){
+
+ return OK;
+ }
+
+#if defined(__sun__) || defined(__solaris__) || defined(__hpux__)
+
+ /* Kompf 2000-2003 see ACKNOWLEDGEMENTS */
+
+/* get a message from a stream; return type of message */
+static int get_msg(int fd)
+{
+ int flags = 0;
+ int res, ret;
+ ctl_area[0] = 0;
+ dat_area[0] = 0;
+ ret = 0;
+ res = getmsg(fd, &ctl, &dat, &flags);
+
+ if(res < 0) {
+ if(errno == EINTR) {
+ return(GOT_INTR);
+ } else {
+ printf("%s\n", "get_msg FAILED.");
+ return(GOT_ERR);
+ }
+ }
+ if(ctl.len > 0) {
+ ret |= GOT_CTRL;
+ }
+ if(dat.len > 0) {
+ ret |= GOT_DATA;
+ }
+ return(ret);
+}
+
+/* verify that dl_primitive in ctl_area = prim */
+static int check_ctrl(int prim)
+{
+ dl_error_ack_t *err_ack = (dl_error_ack_t *)ctl_area;
+ if(err_ack->dl_primitive != prim) {
+ printf(_("Error: DLPI stream API failed to get MAC in check_ctrl: %s.\n"), strerror(errno));
+ exit(STATE_UNKNOWN);
+ }
+ return 0;
+}
+
+/* put a control message on a stream */
+static int put_ctrl(int fd, int len, int pri)
+{
+ ctl.len = len;
+ if(putmsg(fd, &ctl, 0, pri) < 0) {
+ printf(_("Error: DLPI stream API failed to get MAC in put_ctrl/putmsg(): %s.\n"), strerror(errno));
+ exit(STATE_UNKNOWN);
+ }
+ return 0;
+}
+
+/* put a control + data message on a stream */
+static int put_both(int fd, int clen, int dlen, int pri)
+{
+ ctl.len = clen;
+ dat.len = dlen;
+ if(putmsg(fd, &ctl, &dat, pri) < 0) {
+ printf(_("Error: DLPI stream API failed to get MAC in put_both/putmsg().\n"), strerror(errno));
+ exit(STATE_UNKNOWN);
+ }
+ return 0;
+}
+
+/* open file descriptor and attach */
+static int dl_open(const char *dev, int unit, int *fd)
+{
+ dl_attach_req_t *attach_req = (dl_attach_req_t *)ctl_area;
+ if((*fd = open(dev, O_RDWR)) == -1) {
+ printf(_("Error: DLPI stream API failed to get MAC in dl_attach_req/open(%s..): %s.\n"), dev, strerror(errno));
+ exit(STATE_UNKNOWN);
+ }
+ attach_req->dl_primitive = DL_ATTACH_REQ;
+ attach_req->dl_ppa = unit;
+ put_ctrl(*fd, sizeof(dl_attach_req_t), 0);
+ get_msg(*fd);
+ return check_ctrl(DL_OK_ACK);
+}
+
+/* send DL_BIND_REQ */
+static int dl_bind(int fd, int sap, u_char *addr)
+{
+ dl_bind_req_t *bind_req = (dl_bind_req_t *)ctl_area;
+ dl_bind_ack_t *bind_ack = (dl_bind_ack_t *)ctl_area;
+ bind_req->dl_primitive = DL_BIND_REQ;
+ bind_req->dl_sap = sap;
+ bind_req->dl_max_conind = 1;
+ bind_req->dl_service_mode = DL_CLDLS;
+ bind_req->dl_conn_mgmt = 0;
+ bind_req->dl_xidtest_flg = 0;
+ put_ctrl(fd, sizeof(dl_bind_req_t), 0);
+ get_msg(fd);
+ if (GOT_ERR == check_ctrl(DL_BIND_ACK)) {
+ printf(_("Error: DLPI stream API failed to get MAC in dl_bind/check_ctrl(): %s.\n"), strerror(errno));
+ exit(STATE_UNKNOWN);
+ }
+ bcopy((u_char *)bind_ack + bind_ack->dl_addr_offset, addr,
+ bind_ack->dl_addr_length);
+ return 0;
+}
+
+/***********************************************************************
+ * interface:
+ * function mac_addr_dlpi - get the mac address of the interface with
+ * type dev (eg lnc, hme) and unit (0, 1 ..)
+ *
+ * parameter: addr: an array of six bytes, has to be allocated by the caller
+ *
+ * return: 0 if OK, -1 if the address could not be determined
+ *
+ *
+ ***********************************************************************/
+
+long mac_addr_dlpi( const char *dev, int unit, u_char *addr) {
+
+ int fd;
+ u_char mac_addr[25];
+
+ if (GOT_ERR != dl_open(dev, unit, &fd)) {
+ if (GOT_ERR != dl_bind(fd, INSAP, mac_addr)) {
+ bcopy( mac_addr, addr, 6);
+ return 0;
+ }
+ }
+ close(fd);
+ return -1;
+}
+
+ /* Kompf 2000-2003 */
+
+#endif
+
+
+/* print usage help */
+void print_help(void){
+
+ print_revision(progname,revision);
+
+ printf("Copyright (c) 2001-2004 Ethan Galstad (nagios@nagios.org)\n\n");
+ printf (COPYRIGHT, copyright, email);
+
+ printf(_("This plugin tests the availability of DHCP servers on a network.\n\n"));
+
+ print_usage();
+
+ printf(_("\
+ -s, --serverip=IPADDRESS\n\
+ IP address of DHCP server that we must hear from\n\
+ -r, --requestedip=IPADDRESS\n\
+ IP address that should be offered by at least one DHCP server\n\
+ -t, --timeout=INTEGER\n\
+ Seconds to wait for DHCPOFFER before timeout occurs\n\
+ -i, --interface=STRING\n\
+ Interface to to use for listening (i.e. eth0)\n\
+ -v, --verbose\n\
+ Print extra information (command-line use only)\n\
+ -h, --help\n\
+ Print detailed help screen\n\
+ -V, --version\n\
+ Print version information\n"));
+}
+
+
+void print_usage(void)
+{
+ printf("\
+Usage: %s [-s serverip] [-r requestedip] [-t timeout] [-i interface]\n\
+ [-v]",progname);
+}
+
+
+
diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c
new file mode 100644
index 00000000..2f03552f
--- /dev/null
+++ b/plugins-root/check_icmp.c
@@ -0,0 +1,1199 @@
+/*
+ * $Id$
+ *
+ * Author: Andreas Ericsson <ae@op5.se>
+ *
+ * License: GNU GPL 2.0 or any later version.
+ *
+ * Relevant RFC's: 792 (ICMP), 791 (IP)
+ *
+ * This program was modeled somewhat after the check_icmp program,
+ * which was in turn a hack of fping (www.fping.org) but has been
+ * completely rewritten since to generate higher precision rta values,
+ * and support several different modes as well as setting ttl to control.
+ * redundant routes. The only remainders of fping is currently a few
+ * function names.
+ *
+ */
+
+#include <sys/time.h>
+#include <sys/types.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <unistd.h>
+#include <stddef.h>
+#include <errno.h>
+#include <string.h>
+#include <ctype.h>
+#include <netdb.h>
+#include <sys/socket.h>
+#include <netinet/in_systm.h>
+#include <netinet/in.h>
+#include <netinet/ip.h>
+#include <netinet/ip_icmp.h>
+#include <arpa/inet.h>
+#include <signal.h>
+
+/** sometimes undefined system macros (quite a few, actually) **/
+#ifndef MAXTTL
+# define MAXTTL 255
+#endif
+#ifndef INADDR_NONE
+# define INADDR_NONE 0xffffffU
+#endif
+
+#ifndef SOL_IP
+#define SOL_IP 0
+#endif
+
+/* we bundle these in one #ifndef, since they're all from BSD
+ * Put individual #ifndef's around those that bother you */
+#ifndef ICMP_UNREACH_NET_UNKNOWN
+# define ICMP_UNREACH_NET_UNKNOWN 6
+# define ICMP_UNREACH_HOST_UNKNOWN 7
+# define ICMP_UNREACH_ISOLATED 8
+# define ICMP_UNREACH_NET_PROHIB 9
+# define ICMP_UNREACH_HOST_PROHIB 10
+# define ICMP_UNREACH_TOSNET 11
+# define ICMP_UNREACH_TOSHOST 12
+#endif
+/* tru64 has the ones above, but not these */
+#ifndef ICMP_UNREACH_FILTER_PROHIB
+# define ICMP_UNREACH_FILTER_PROHIB 13
+# define ICMP_UNREACH_HOST_PRECEDENCE 14
+# define ICMP_UNREACH_PRECEDENCE_CUTOFF 15
+#endif
+
+
+/** typedefs and such **/
+enum states {
+ STATE_OK = 0,
+ STATE_WARNING,
+ STATE_CRITICAL,
+ STATE_UNKNOWN,
+ STATE_DEPENDENT,
+ STATE_OOB
+};
+
+typedef unsigned short range_t; /* type for get_range() -- unimplemented */
+
+typedef struct rta_host {
+ unsigned short id; /* id in **table, and icmp pkts */
+ char *name; /* arg used for adding this host */
+ char *msg; /* icmp error message, if any */
+ struct sockaddr_in saddr_in; /* the address of this host */
+ struct in_addr error_addr; /* stores address of error replies */
+ unsigned long long time_waited; /* total time waited, in usecs */
+ unsigned int icmp_sent, icmp_recv, icmp_lost; /* counters */
+ unsigned char icmp_type, icmp_code; /* type and code from errors */
+ unsigned short flags; /* control/status flags */
+ double rta; /* measured RTA */
+ unsigned char pl; /* measured packet loss */
+ struct rta_host *next; /* linked list */
+} rta_host;
+
+#define FLAG_LOST_CAUSE 0x01 /* decidedly dead target. */
+
+/* threshold structure. all values are maximum allowed, exclusive */
+typedef struct threshold {
+ unsigned char pl; /* max allowed packet loss in percent */
+ unsigned int rta; /* roundtrip time average, microseconds */
+} threshold;
+
+/* the data structure */
+typedef struct icmp_ping_data {
+ struct timeval stime; /* timestamp (saved in protocol struct as well) */
+ unsigned short ping_id;
+} icmp_ping_data;
+
+/* the different modes of this program are as follows:
+ * MODE_RTA: send all packets no matter what (mimic check_icmp and check_ping)
+ * MODE_HOSTCHECK: Return immediately upon any sign of life
+ * In addition, sends packets to ALL addresses assigned
+ * to this host (as returned by gethostbyname() or
+ * gethostbyaddr() and expects one host only to be checked at
+ * a time. Therefore, any packet response what so ever will
+ * count as a sign of life, even when received outside
+ * crit.rta limit. Do not misspell any additional IP's.
+ * MODE_ALL: Requires packets from ALL requested IP to return OK (default).
+ * MODE_ICMP: implement something similar to check_icmp (MODE_RTA without
+ * tcp and udp args does this)
+ */
+#define MODE_RTA 0
+#define MODE_HOSTCHECK 1
+#define MODE_ALL 2
+#define MODE_ICMP 3
+
+/* the different ping types we can do
+ * TODO: investigate ARP ping as well */
+#define HAVE_ICMP 1
+#define HAVE_UDP 2
+#define HAVE_TCP 4
+#define HAVE_ARP 8
+
+#define MIN_PING_DATA_SIZE sizeof(struct icmp_ping_data)
+#define MAX_IP_PKT_SIZE 65536 /* (theoretical) max IP packet size */
+#define IP_HDR_SIZE 20
+#define MAX_PING_DATA (MAX_IP_PKT_SIZE - IP_HDR_SIZE - ICMP_MINLEN)
+#define DEFAULT_PING_DATA_SIZE (MIN_PING_DATA_SIZE + 44)
+
+/* various target states */
+#define TSTATE_INACTIVE 0x01 /* don't ping this host anymore */
+#define TSTATE_WAITING 0x02 /* unanswered packets on the wire */
+#define TSTATE_ALIVE 0x04 /* target is alive (has answered something) */
+#define TSTATE_UNREACH 0x08
+
+/** prototypes **/
+static void usage(unsigned char, char *);
+static u_int get_timevar(const char *);
+static u_int get_timevaldiff(struct timeval *, struct timeval *);
+static int wait_for_reply(int, u_int);
+static int recvfrom_wto(int, char *, unsigned int, struct sockaddr *, u_int *);
+static int send_icmp_ping(int, struct rta_host *);
+static int get_threshold(char *str, threshold *th);
+static void run_checks(void);
+static int add_target(char *);
+static int add_target_ip(char *, struct in_addr *);
+static int handle_random_icmp(struct icmp *, struct sockaddr_in *);
+static unsigned short icmp_checksum(unsigned short *, int);
+static void finish(int);
+static void crash(const char *, ...);
+
+/** external **/
+extern int optind, opterr, optopt;
+extern char *optarg;
+extern char **environ;
+
+/** global variables **/
+static char *progname;
+static struct rta_host **table, *cursor, *list;
+static threshold crit = {80, 500000}, warn = {40, 200000};
+static int mode, protocols, sockets, debug = 0, timeout = 10;
+static unsigned short icmp_pkt_size, icmp_data_size = DEFAULT_PING_DATA_SIZE;
+static unsigned int icmp_sent = 0, icmp_recv = 0, icmp_lost = 0;
+#define icmp_pkts_en_route (icmp_sent - (icmp_recv + icmp_lost))
+static unsigned short targets_down = 0, targets = 0, packets = 0;
+#define targets_alive (targets - targets_down)
+static unsigned int retry_interval, pkt_interval, target_interval;
+static int icmp_sock, tcp_sock, udp_sock, status = STATE_OK;
+static pid_t pid;
+static struct timezone tz;
+static struct timeval prog_start;
+static unsigned long long max_completion_time = 0;
+static unsigned char ttl = 0; /* outgoing ttl */
+static unsigned int warn_down = 1, crit_down = 1; /* host down threshold values */
+float pkt_backoff_factor = 1.5;
+float target_backoff_factor = 1.5;
+
+/** code start **/
+static void
+crash(const char *fmt, ...)
+{
+ va_list ap;
+
+ printf("%s: ", progname);
+
+ va_start(ap, fmt);
+ vprintf(fmt, ap);
+ va_end(ap);
+
+ if(errno) printf(": %s", strerror(errno));
+ puts("");
+
+ exit(3);
+}
+
+
+static char *
+get_icmp_error_msg(unsigned char icmp_type, unsigned char icmp_code)
+{
+ char *msg = "unreachable";
+
+ if(debug > 1) printf("get_icmp_error_msg(%u, %u)\n", icmp_type, icmp_code);
+ switch(icmp_type) {
+ case ICMP_UNREACH:
+ switch(icmp_code) {
+ case ICMP_UNREACH_NET: msg = "Net unreachable"; break;
+ case ICMP_UNREACH_HOST: msg = "Host unreachable"; break;
+ case ICMP_UNREACH_PROTOCOL: msg = "Protocol unreachable (firewall?)"; break;
+ case ICMP_UNREACH_PORT: msg = "Port unreachable (firewall?)"; break;
+ case ICMP_UNREACH_NEEDFRAG: msg = "Fragmentation needed"; break;
+ case ICMP_UNREACH_SRCFAIL: msg = "Source route failed"; break;
+ case ICMP_UNREACH_ISOLATED: msg = "Source host isolated"; break;
+ case ICMP_UNREACH_NET_UNKNOWN: msg = "Unknown network"; break;
+ case ICMP_UNREACH_HOST_UNKNOWN: msg = "Unknown host"; break;
+ case ICMP_UNREACH_NET_PROHIB: msg = "Network denied (firewall?)"; break;
+ case ICMP_UNREACH_HOST_PROHIB: msg = "Host denied (firewall?)"; break;
+ case ICMP_UNREACH_TOSNET: msg = "Bad TOS for network (firewall?)"; break;
+ case ICMP_UNREACH_TOSHOST: msg = "Bad TOS for host (firewall?)"; break;
+ case ICMP_UNREACH_FILTER_PROHIB: msg = "Prohibited by filter (firewall)"; break;
+ case ICMP_UNREACH_HOST_PRECEDENCE: msg = "Host precedence violation"; break;
+ case ICMP_UNREACH_PRECEDENCE_CUTOFF: msg = "Precedence cutoff"; break;
+ default: msg = "Invalid code"; break;
+ }
+ break;
+
+ case ICMP_TIMXCEED:
+ /* really 'out of reach', or non-existant host behind a router serving
+ * two different subnets */
+ switch(icmp_code) {
+ case ICMP_TIMXCEED_INTRANS: msg = "Time to live exceeded in transit"; break;
+ case ICMP_TIMXCEED_REASS: msg = "Fragment reassembly time exceeded"; break;
+ default: msg = "Invalid code"; break;
+ }
+ break;
+
+ case ICMP_SOURCEQUENCH: msg = "Transmitting too fast"; break;
+ case ICMP_REDIRECT: msg = "Redirect (change route)"; break;
+ case ICMP_PARAMPROB: msg = "Bad IP header (required option absent)"; break;
+
+ /* the following aren't error messages, so ignore */
+ case ICMP_TSTAMP:
+ case ICMP_TSTAMPREPLY:
+ case ICMP_IREQ:
+ case ICMP_IREQREPLY:
+ case ICMP_MASKREQ:
+ case ICMP_MASKREPLY:
+ default: msg = ""; break;
+ }
+
+ return msg;
+}
+
+static int
+handle_random_icmp(struct icmp *p, struct sockaddr_in *addr)
+{
+ struct icmp *sent_icmp = NULL;
+ struct rta_host *host = NULL;
+ unsigned char *ptr;
+
+ if(p->icmp_type == ICMP_ECHO && p->icmp_id == pid) {
+ /* echo request from us to us (pinging localhost) */
+ return 0;
+ }
+
+ ptr = (unsigned char *)p;
+ if(debug) printf("handle_random_icmp(%p, %p)\n", (void *)p, (void *)addr);
+
+ /* only handle a few types, since others can't possibly be replies to
+ * us in a sane network (if it is anyway, it will be counted as lost
+ * at summary time, but not as quickly as a proper response */
+ /* TIMXCEED can be an unreach from a router with multiple IP's which
+ * serves two different subnets on the same interface and a dead host
+ * on one net is pinged from the other. The router will respond to
+ * itself and thus set TTL=0 so as to not loop forever. Even when
+ * TIMXCEED actually sends a proper icmp response we will have passed
+ * too many hops to have a hope of reaching it later, in which case it
+ * indicates overconfidence in the network, poor routing or both. */
+ if(p->icmp_type != ICMP_UNREACH && p->icmp_type != ICMP_TIMXCEED &&
+ p->icmp_type != ICMP_SOURCEQUENCH && p->icmp_type != ICMP_PARAMPROB)
+ {
+ return 0;
+ }
+
+ /* might be for us. At least it holds the original package (according
+ * to RFC 792). If it isn't, just ignore it */
+ sent_icmp = (struct icmp *)(ptr + 28);
+ if(sent_icmp->icmp_type != ICMP_ECHO || sent_icmp->icmp_id != pid ||
+ sent_icmp->icmp_seq >= targets)
+ {
+ if(debug) printf("Packet is no response to a packet we sent\n");
+ return 0;
+ }
+
+ /* it is indeed a response for us */
+ host = table[sent_icmp->icmp_seq];
+ if(debug) {
+ printf("Received \"%s\" from %s for ICMP ECHO sent to %s.\n",
+ get_icmp_error_msg(p->icmp_type, p->icmp_code),
+ inet_ntoa(addr->sin_addr), host->name);
+ }
+
+ icmp_lost++;
+ host->icmp_lost++;
+ /* don't spend time on lost hosts any more */
+ if(host->flags & FLAG_LOST_CAUSE) return 0;
+
+ /* source quench means we're sending too fast, so increase the
+ * interval and mark this packet lost */
+ if(p->icmp_type == ICMP_SOURCEQUENCH) {
+ pkt_interval *= pkt_backoff_factor;
+ target_interval *= target_backoff_factor;
+ }
+ else {
+ targets_down++;
+ host->flags |= FLAG_LOST_CAUSE;
+ }
+ host->icmp_type = p->icmp_type;
+ host->icmp_code = p->icmp_code;
+ host->error_addr.s_addr = addr->sin_addr.s_addr;
+
+ return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+ int i;
+ char *ptr;
+ long int arg;
+ int icmp_sockerrno, udp_sockerrno, tcp_sockerrno;
+ int result;
+ struct rta_host *host;
+
+ /* we only need to be setsuid when we get the sockets, so do
+ * that before pointer magic (esp. on network data) */
+ icmp_sockerrno = udp_sockerrno = tcp_sockerrno = sockets = 0;
+
+ if((icmp_sock = socket(PF_INET, SOCK_RAW, IPPROTO_ICMP)) != -1)
+ sockets |= HAVE_ICMP;
+ else icmp_sockerrno = errno;
+
+ /* if((udp_sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP)) != -1) */
+ /* sockets |= HAVE_UDP; */
+ /* else udp_sockerrno = errno; */
+
+ /* if((tcp_sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) != -1) */
+ /* sockets |= HAVE_TCP; */
+ /* else tcp_sockerrno = errno; */
+
+ /* now drop privileges (no effect if not setsuid or geteuid() == 0) */
+ setuid(getuid());
+
+ /* POSIXLY_CORRECT might break things, so unset it (the portable way) */
+ environ = NULL;
+
+ /* use the pid to mark packets as ours */
+ pid = getpid();
+ /* printf("pid = %u\n", pid); */
+
+ /* get calling name the old-fashioned way for portability instead
+ * of relying on the glibc-ism __progname */
+ ptr = strrchr(argv[0], '/');
+ if(ptr) progname = &ptr[1];
+ else progname = argv[0];
+
+ /* now set defaults. Use progname to set them initially (allows for
+ * superfast check_host program when target host is up */
+ cursor = list = NULL;
+ table = NULL;
+
+ mode = MODE_RTA;
+ crit.rta = 500000;
+ crit.pl = 80;
+ warn.rta = 200000;
+ warn.pl = 40;
+ protocols = HAVE_ICMP | HAVE_UDP | HAVE_TCP;
+ pkt_interval = 80000; /* 80 msec packet interval by default */
+ packets = 5;
+
+ if(!strcmp(progname, "check_icmp") || !strcmp(progname, "check_ping")) {
+ mode = MODE_ICMP;
+ protocols = HAVE_ICMP;
+ }
+ else if(!strcmp(progname, "check_host")) {
+ mode = MODE_HOSTCHECK;
+ pkt_interval = 1000000;
+ packets = 5;
+ crit.rta = warn.rta = 1000000;
+ crit.pl = warn.pl = 100;
+ }
+ else if(!strcmp(progname, "check_rta_multi")) {
+ mode = MODE_ALL;
+ target_interval = 0;
+ pkt_interval = 50000;
+ packets = 5;
+ }
+
+ /* parse the arguments */
+ for(i = 1; i < argc; i++) {
+ while((arg = getopt(argc, argv, "vhVw:c:n:p:t:H:i:b:I:l:")) != EOF) {
+ switch(arg) {
+ case 'v':
+ debug++;
+ break;
+ case 'b':
+ /* silently ignored for now */
+ break;
+ case 'i':
+ pkt_interval = get_timevar(optarg);
+ break;
+ case 'I':
+ target_interval = get_timevar(optarg);
+ break;
+ case 'w':
+ get_threshold(optarg, &warn);
+ break;
+ case 'c':
+ get_threshold(optarg, &crit);
+ break;
+ case 'n':
+ case 'p':
+ packets = strtoul(optarg, NULL, 0);
+ break;
+ case 't':
+ timeout = strtoul(optarg, NULL, 0);
+ if(!timeout) timeout = 10;
+ break;
+ case 'H':
+ add_target(optarg);
+ break;
+ case 'l':
+ ttl = (unsigned char)strtoul(optarg, NULL, 0);
+ break;
+ case 'd': /* implement later, for cluster checks */
+ warn_down = (unsigned char)strtoul(optarg, &ptr, 0);
+ if(ptr) {
+ crit_down = (unsigned char)strtoul(ptr + 1, NULL, 0);
+ }
+ break;
+ case 'h': case 'V': default:
+ usage(arg, NULL);
+ break;
+ }
+ }
+ }
+
+ argv = &argv[optind];
+ while(*argv) {
+ add_target(*argv);
+ argv++;
+ }
+ if(!targets) {
+ errno = 0;
+ crash("No hosts to check");
+ exit(3);
+ }
+
+ if(!sockets) {
+ if(icmp_sock == -1) {
+ errno = icmp_sockerrno;
+ crash("Failed to obtain ICMP socket");
+ return -1;
+ }
+ /* if(udp_sock == -1) { */
+ /* errno = icmp_sockerrno; */
+ /* crash("Failed to obtain UDP socket"); */
+ /* return -1; */
+ /* } */
+ /* if(tcp_sock == -1) { */
+ /* errno = icmp_sockerrno; */
+ /* crash("Failed to obtain TCP socker"); */
+ /* return -1; */
+ /* } */
+ }
+ if(!ttl) ttl = 64;
+
+ if(icmp_sock) {
+ result = setsockopt(icmp_sock, SOL_IP, IP_TTL, &ttl, sizeof(ttl));
+ if(debug) {
+ if(result == -1) printf("setsockopt failed\n");
+ else printf("ttl set to %u\n", ttl);
+ }
+ }
+
+ /* stupid users should be able to give whatever thresholds they want
+ * (nothing will break if they do), but some anal plugin maintainer
+ * will probably add some printf() thing here later, so it might be
+ * best to at least show them where to do it. ;) */
+ if(warn.pl > crit.pl) warn.pl = crit.pl;
+ if(warn.rta > crit.rta) warn.rta = crit.rta;
+ if(warn_down > crit_down) crit_down = warn_down;
+
+ signal(SIGINT, finish);
+ signal(SIGHUP, finish);
+ signal(SIGTERM, finish);
+ signal(SIGALRM, finish);
+ if(debug) printf("Setting alarm timeout to %u seconds\n", timeout);
+ alarm(timeout);
+
+ /* make sure we don't wait any longer than necessary */
+ gettimeofday(&prog_start, &tz);
+ max_completion_time =
+ ((targets * packets * pkt_interval) + (targets * target_interval)) +
+ (targets * packets * crit.rta) + crit.rta;
+
+ if(debug) {
+ printf("packets: %u, targets: %u\n"
+ "target_interval: %0.3f, pkt_interval %0.3f\n"
+ "crit.rta: %0.3f\n"
+ "max_completion_time: %0.3f\n",
+ packets, targets,
+ (float)target_interval / 1000, (float)pkt_interval / 1000,
+ (float)crit.rta / 1000,
+ (float)max_completion_time / 1000);
+ }
+
+ if(debug) {
+ if(max_completion_time > (u_int)timeout * 1000000) {
+ printf("max_completion_time: %llu timeout: %u\n",
+ max_completion_time, timeout);
+ printf("Timout must be at lest %llu\n",
+ max_completion_time / 1000000 + 1);
+ }
+ }
+
+ icmp_pkt_size = icmp_data_size + ICMP_MINLEN;
+ if(debug > 2) printf("icmp_pkt_size = %u\n", icmp_pkt_size);
+ if(icmp_pkt_size < sizeof(struct icmp) + sizeof(struct icmp_ping_data)) {
+ icmp_pkt_size = sizeof(struct icmp) + sizeof(struct icmp_ping_data);
+ }
+ if(debug > 2) printf("icmp_pkt_size = %u\n", icmp_pkt_size);
+
+ if(debug) {
+ printf("crit = {%u, %u%%}, warn = {%u, %u%%}\n",
+ crit.rta, crit.pl, warn.rta, warn.pl);
+ printf("pkt_interval: %u target_interval: %u retry_interval: %u\n",
+ pkt_interval, target_interval, retry_interval);
+ printf("icmp_pkt_size: %u timeout: %u\n",
+ icmp_pkt_size, timeout);
+ }
+
+ if(packets > 20) {
+ errno = 0;
+ crash("packets is > 20 (%d)", packets);
+ }
+
+ host = list;
+ table = malloc(sizeof(struct rta_host **) * (argc - 1));
+ i = 0;
+ while(host) {
+ host->id = i;
+ table[i] = host;
+ host = host->next;
+ i++;
+ }
+
+ run_checks();
+
+ errno = 0;
+ finish(0);
+
+ return(0);
+}
+
+static void
+run_checks()
+{
+ u_int i, t, result;
+ u_int final_wait, time_passed;
+
+ /* this loop might actually violate the pkt_interval or target_interval
+ * settings, but only if there aren't any packets on the wire which
+ * indicates that the target can handle an increased packet rate */
+ for(i = 0; i < packets; i++) {
+ for(t = 0; t < targets; t++) {
+ /* don't send useless packets */
+ if(!targets_alive) finish(0);
+ if(table[t]->flags & FLAG_LOST_CAUSE) {
+ if(debug) printf("%s is a lost cause. not sending any more\n",
+ table[t]->name);
+ continue;
+ }
+
+ /* we're still in the game, so send next packet */
+ (void)send_icmp_ping(icmp_sock, table[t]);
+ result = wait_for_reply(icmp_sock, target_interval);
+ }
+ result = wait_for_reply(icmp_sock, pkt_interval * targets);
+ }
+
+ if(icmp_pkts_en_route && targets_alive) {
+ time_passed = get_timevaldiff(NULL, NULL);
+ final_wait = max_completion_time - time_passed;
+
+ if(debug) {
+ printf("time_passed: %u final_wait: %u max_completion_time: %llu\n",
+ time_passed, final_wait, max_completion_time);
+ }
+ if(time_passed > max_completion_time) {
+ if(debug) printf("Time passed. Finishing up\n");
+ finish(0);
+ }
+
+ /* catch the packets that might come in within the timeframe, but
+ * haven't yet */
+ if(debug) printf("Waiting for %u micro-seconds (%0.3f msecs)\n",
+ final_wait, (float)final_wait / 1000);
+ result = wait_for_reply(icmp_sock, final_wait);
+ }
+}
+
+/* response structure:
+ * ip header : 20 bytes
+ * icmp header : 28 bytes
+ * icmp echo reply : the rest
+ */
+static int
+wait_for_reply(int sock, u_int t)
+{
+ int n, hlen;
+ static char buf[4096];
+ struct sockaddr_in resp_addr;
+ struct ip *ip;
+ struct icmp *icp, *sent_icmp;
+ struct rta_host *host;
+ struct icmp_ping_data *data;
+ struct timeval wait_start, now;
+ u_int tdiff, i, per_pkt_wait;
+
+ /* if we can't listen or don't have anything to listen to, just return */
+ if(!t || !icmp_pkts_en_route) return 0;
+
+ gettimeofday(&wait_start, &tz);
+
+ i = t;
+ per_pkt_wait = t / icmp_pkts_en_route;
+ while(icmp_pkts_en_route && get_timevaldiff(&wait_start, NULL) < i) {
+ t = per_pkt_wait;
+
+ /* wrap up if all targets are declared dead */
+ if(!targets_alive ||
+ get_timevaldiff(&prog_start, NULL) >= max_completion_time ||
+ (mode == MODE_HOSTCHECK && targets_down))
+ {
+ finish(0);
+ }
+
+ /* reap responses until we hit a timeout */
+ n = recvfrom_wto(sock, buf, sizeof(buf),
+ (struct sockaddr *)&resp_addr, &t);
+ if(!n) {
+ if(debug > 1) {
+ printf("recvfrom_wto() timed out during a %u usecs wait\n",
+ per_pkt_wait);
+ }
+ continue; /* timeout for this one, so keep trying */
+ }
+ if(n < 0) {
+ if(debug) printf("recvfrom_wto() returned errors\n");
+ return n;
+ }
+
+ ip = (struct ip *)buf;
+ if(debug > 1) printf("received %u bytes from %s\n",
+ ntohs(ip->ip_len), inet_ntoa(resp_addr.sin_addr));
+
+/* obsolete. alpha on tru64 provides the necessary defines, but isn't broken */
+/* #if defined( __alpha__ ) && __STDC__ && !defined( __GLIBC__ ) */
+ /* alpha headers are decidedly broken. Using an ansi compiler,
+ * they provide ip_vhl instead of ip_hl and ip_v, so we mask
+ * off the bottom 4 bits */
+/* hlen = (ip->ip_vhl & 0x0f) << 2; */
+/* #else */
+ hlen = ip->ip_hl << 2;
+/* #endif */
+
+ if(n < (hlen + ICMP_MINLEN)) {
+ crash("received packet too short for ICMP (%d bytes, expected %d) from %s\n",
+ n, hlen + icmp_pkt_size, inet_ntoa(resp_addr.sin_addr));
+ }
+ /* else if(debug) { */
+ /* printf("ip header size: %u, packet size: %u (expected %u, %u)\n", */
+ /* hlen, ntohs(ip->ip_len) - hlen, */
+ /* sizeof(struct ip), icmp_pkt_size); */
+ /* } */
+
+ /* check the response */
+ icp = (struct icmp *)(buf + hlen);
+ sent_icmp = (struct icmp *)(buf + hlen + ICMP_MINLEN);
+ /* printf("buf: %p, icp: %p, distance: %u (expected %u)\n", */
+ /* buf, icp, */
+ /* (u_int)icp - (u_int)buf, hlen); */
+ /* printf("buf: %p, sent_icmp: %p, distance: %u (expected %u)\n", */
+ /* buf, sent_icmp, */
+ /* (u_int)sent_icmp - (u_int)buf, hlen + ICMP_MINLEN); */
+
+ if(icp->icmp_id != pid) {
+ handle_random_icmp(icp, &resp_addr);
+ continue;
+ }
+
+ if(icp->icmp_type != ICMP_ECHOREPLY || icp->icmp_seq >= targets) {
+ if(debug > 2) printf("not a proper ICMP_ECHOREPLY\n");
+ handle_random_icmp(icp, &resp_addr);
+ continue;
+ }
+
+ /* this is indeed a valid response */
+ data = (struct icmp_ping_data *)(icp->icmp_data);
+
+ host = table[icp->icmp_seq];
+ gettimeofday(&now, &tz);
+ tdiff = get_timevaldiff(&data->stime, &now);
+
+ host->time_waited += tdiff;
+ host->icmp_recv++;
+ icmp_recv++;
+
+ if(debug) {
+ printf("%0.3f ms rtt from %s, outgoing ttl: %u, incoming ttl: %u\n",
+ (float)tdiff / 1000, inet_ntoa(resp_addr.sin_addr),
+ ttl, ip->ip_ttl);
+ }
+
+ /* if we're in hostcheck mode, exit with limited printouts */
+ if(mode == MODE_HOSTCHECK) {
+ printf("OK - %s responds to ICMP. Packet %u, rta %0.3fms|"
+ "pkt=%u;;0;%u rta=%0.3f;%0.3f;%0.3f;;\n",
+ host->name, icmp_recv, (float)tdiff / 1000,
+ icmp_recv, packets, (float)tdiff / 1000,
+ (float)warn.rta / 1000, (float)crit.rta / 1000);
+ exit(STATE_OK);
+ }
+ }
+
+ return 0;
+}
+
+/* the ping functions */
+static int
+send_icmp_ping(int sock, struct rta_host *host)
+{
+ static char *buf = NULL; /* re-use so we prevent leaks */
+ long int len;
+ struct icmp *icp;
+ struct icmp_ping_data *data;
+ struct timeval tv;
+ struct sockaddr *addr;
+
+
+ if(sock == -1) {
+ errno = 0;
+ crash("Attempt to send on bogus socket");
+ return -1;
+ }
+ addr = (struct sockaddr *)&host->saddr_in;
+
+ if(!buf) {
+ buf = (char *)malloc(icmp_pkt_size + sizeof(struct ip));
+ if(!buf) {
+ crash("send_icmp_ping(): failed to malloc %d bytes for send buffer",
+ icmp_pkt_size);
+ return -1; /* might be reached if we're in debug mode */
+ }
+ }
+ memset(buf, 0, icmp_pkt_size + sizeof(struct ip));
+
+ if((gettimeofday(&tv, &tz)) == -1) return -1;
+
+ icp = (struct icmp *)buf;
+ icp->icmp_type = ICMP_ECHO;
+ icp->icmp_code = 0;
+ icp->icmp_cksum = 0;
+ icp->icmp_id = pid;
+ icp->icmp_seq = host->id;
+ data = (struct icmp_ping_data *)icp->icmp_data;
+ data->ping_id = 10; /* host->icmp.icmp_sent; */
+ memcpy(&data->stime, &tv, sizeof(struct timeval));
+ icp->icmp_cksum = icmp_checksum((u_short *)icp, icmp_pkt_size);
+
+ len = sendto(sock, buf, icmp_pkt_size, 0, (struct sockaddr *)addr,
+ sizeof(struct sockaddr));
+
+ if(len < 0 || (unsigned int)len != icmp_pkt_size) {
+ if(debug) printf("Failed to send ping to %s\n",
+ inet_ntoa(host->saddr_in.sin_addr));
+ return -1;
+ }
+
+ icmp_sent++;
+ host->icmp_sent++;
+
+ return 0;
+}
+
+static int
+recvfrom_wto(int sock, char *buf, unsigned int len, struct sockaddr *saddr,
+ u_int *timo)
+{
+ u_int slen;
+ int n;
+ struct timeval to, then, now;
+ fd_set rd, wr;
+
+ if(!*timo) {
+ if(debug) printf("*timo is not\n");
+ return 0;
+ }
+
+ to.tv_sec = *timo / 1000000;
+ to.tv_usec = (*timo - (to.tv_sec * 1000000));
+
+ FD_ZERO(&rd);
+ FD_ZERO(&wr);
+ FD_SET(sock, &rd);
+ errno = 0;
+ gettimeofday(&then, &tz);
+ n = select(sock + 1, &rd, &wr, NULL, &to);
+ if(n < 0) crash("select() in recvfrom_wto");
+ gettimeofday(&now, &tz);
+ *timo = get_timevaldiff(&then, &now);
+
+ if(!n) return 0; /* timeout */
+
+ slen = sizeof(struct sockaddr);
+
+ return recvfrom(sock, buf, len, 0, saddr, &slen);
+}
+
+static void
+finish(int sig)
+{
+ u_int i = 0;
+ unsigned char pl;
+ double rta;
+ struct rta_host *host;
+ char *status_string[] =
+ {"OK", "WARNING", "CRITICAL", "UNKNOWN", "DEPENDENT"};
+
+ alarm(0);
+ if(debug > 1) printf("finish(%d) called\n", sig);
+
+ if(icmp_sock != -1) close(icmp_sock);
+ if(udp_sock != -1) close(udp_sock);
+ if(tcp_sock != -1) close(tcp_sock);
+
+ if(debug) {
+ printf("icmp_sent: %u icmp_recv: %u icmp_lost: %u\n",
+ icmp_sent, icmp_recv, icmp_lost);
+ printf("targets: %u targets_alive: %u\n", targets, targets_alive);
+ }
+
+ /* iterate thrice to calculate values, give output, and print perfparse */
+ host = list;
+ while(host) {
+ if(!host->icmp_recv) {
+ /* rta 0 is ofcourse not entirely correct, but will still show up
+ * conspicuosly as missing entries in perfparse and cacti */
+ pl = 100;
+ rta = 0;
+ status = STATE_CRITICAL;
+ /* up the down counter if not already counted */
+ if(!(host->flags & FLAG_LOST_CAUSE) && targets_alive) targets_down++;
+ }
+ else {
+ pl = ((host->icmp_sent - host->icmp_recv) * 100) / host->icmp_sent;
+ rta = (double)host->time_waited / host->icmp_recv;
+ }
+ host->pl = pl;
+ host->rta = rta;
+ if(!status && (pl >= warn.pl || rta >= warn.rta)) status = STATE_WARNING;
+ if(pl >= crit.pl || rta >= crit.rta) status = STATE_CRITICAL;
+
+ host = host->next;
+ }
+ /* this is inevitable */
+ if(!targets_alive) status = STATE_CRITICAL;
+ printf("%s - ", status_string[status]);
+
+ host = list;
+ while(host) {
+ if(debug) puts("");
+ if(i) {
+ if(i < targets) printf(" :: ");
+ else printf("\n");
+ }
+ i++;
+ if(!host->icmp_recv) {
+ status = STATE_CRITICAL;
+ if(host->flags & FLAG_LOST_CAUSE) {
+ printf("%s: %s @ %s. rta nan, lost %d%%",
+ host->name,
+ get_icmp_error_msg(host->icmp_type, host->icmp_code),
+ inet_ntoa(host->error_addr),
+ 100);
+ }
+ else { /* not marked as lost cause, so we have no flags for it */
+ printf("%s: rta nan, lost 100%%", host->name);
+ }
+ }
+ else { /* !icmp_recv */
+ printf("%s: rta %0.3fms, lost %u%%",
+ host->name, host->rta / 1000, host->pl);
+ }
+
+ host = host->next;
+ }
+
+ /* iterate once more for pretty perfparse output */
+ printf("|");
+ i = 0;
+ host = list;
+ while(host) {
+ if(debug) puts("");
+ printf("%srta=%0.3fms;%0.3f;%0.3f;0; %spl=%u%%;%u;%u;; ",
+ (targets > 1) ? host->name : "",
+ host->rta / 1000, (float)warn.rta / 1000, (float)crit.rta / 1000,
+ (targets > 1) ? host->name : "",
+ host->pl, warn.pl, crit.pl);
+
+ host = host->next;
+ }
+
+ /* finish with an empty line */
+ puts("");
+ if(debug) printf("targets: %u, targets_alive: %u\n",
+ targets, targets_alive);
+
+ exit(status);
+}
+
+static u_int
+get_timevaldiff(struct timeval *early, struct timeval *later)
+{
+ u_int ret;
+ struct timeval now;
+
+ if(!later) {
+ gettimeofday(&now, &tz);
+ later = &now;
+ }
+ if(!early) early = &prog_start;
+
+ /* if early > later we return 0 so as to indicate a timeout */
+ if(early->tv_sec > early->tv_sec ||
+ (early->tv_sec == later->tv_sec && early->tv_usec > later->tv_usec))
+ {
+ return 0;
+ }
+
+ ret = (later->tv_sec - early->tv_sec) * 1000000;
+ ret += later->tv_usec - early->tv_usec;
+
+ return ret;
+}
+
+static int
+add_target_ip(char *arg, struct in_addr *in)
+{
+ struct rta_host *host;
+
+ /* disregard obviously stupid addresses */
+ if(in->s_addr == INADDR_NONE || in->s_addr == INADDR_ANY)
+ return -1;
+
+ /* no point in adding two identical IP's, so don't. ;) */
+ host = list;
+ while(host) {
+ if(host->saddr_in.sin_addr.s_addr == in->s_addr) {
+ if(debug) printf("Identical IP already exists. Not adding %s\n", arg);
+ return -1;
+ }
+ host = host->next;
+ }
+
+ /* add the fresh ip */
+ host = malloc(sizeof(struct rta_host));
+ if(!host) {
+ crash("add_target_ip(%s, %s): malloc(%d) failed",
+ arg, inet_ntoa(*in), sizeof(struct rta_host));
+ }
+ memset(host, 0, sizeof(struct rta_host));
+
+ /* set the values. use calling name for output */
+ host->name = strdup(arg);
+
+ /* fill out the sockaddr_in struct */
+ host->saddr_in.sin_family = AF_INET;
+ host->saddr_in.sin_addr.s_addr = in->s_addr;
+
+ if(!list) list = cursor = host;
+ else cursor->next = host;
+
+ cursor = host;
+ targets++;
+
+ return 0;
+}
+
+/* wrapper for add_target_ip */
+static int
+add_target(char *arg)
+{
+ int i;
+ struct hostent *he;
+ struct in_addr *in, ip;
+
+ /* don't resolve if we don't have to */
+ if((ip.s_addr = inet_addr(arg)) != INADDR_NONE) {
+ /* don't add all ip's if we were given a specific one */
+ return add_target_ip(arg, &ip);
+ /* he = gethostbyaddr((char *)in, sizeof(struct in_addr), AF_INET); */
+ /* if(!he) return add_target_ip(arg, in); */
+ }
+ else {
+ errno = 0;
+ he = gethostbyname(arg);
+ if(!he) {
+ errno = 0;
+ crash("Failed to resolve %s", arg);
+ return -1;
+ }
+ }
+
+ /* possibly add all the IP's as targets */
+ for(i = 0; he->h_addr_list[i]; i++) {
+ in = (struct in_addr *)he->h_addr_list[i];
+ add_target_ip(arg, in);
+
+ /* this is silly, but it works */
+ if(mode == MODE_HOSTCHECK || mode == MODE_ALL) {
+ printf("mode: %d\n", mode);
+ continue;
+ }
+ break;
+ }
+
+ return 0;
+}
+/*
+ * u = micro
+ * m = milli
+ * s = seconds
+ * return value is in microseconds
+ */
+static u_int
+get_timevar(const char *str)
+{
+ char p, u, *ptr;
+ unsigned int len;
+ u_int i, d; /* integer and decimal, respectively */
+ u_int factor = 1000; /* default to milliseconds */
+
+ if(!str) return 0;
+ len = strlen(str);
+ if(!len) return 0;
+
+ /* unit might be given as ms|m (millisec),
+ * us|u (microsec) or just plain s, for seconds */
+ u = p = '\0';
+ u = str[len - 1];
+ if(len >= 2 && !isdigit((int)str[len - 2])) p = str[len - 2];
+ if(p && u == 's') u = p;
+ else if(!p) p = u;
+ if(debug > 2) printf("evaluating %s, u: %c, p: %c\n", str, u, p);
+
+ if(u == 'u') factor = 1; /* microseconds */
+ else if(u == 'm') factor = 1000; /* milliseconds */
+ else if(u == 's') factor = 1000000; /* seconds */
+ if(debug > 2) printf("factor is %u\n", factor);
+
+ i = strtoul(str, &ptr, 0);
+ if(!ptr || *ptr != '.' || strlen(ptr) < 2 || factor == 1)
+ return i * factor;
+
+ /* time specified in usecs can't have decimal points, so ignore them */
+ if(factor == 1) return i;
+
+ d = strtoul(ptr + 1, NULL, 0);
+
+ /* d is decimal, so get rid of excess digits */
+ while(d >= factor) d /= 10;
+
+ /* the last parenthesis avoids floating point exceptions. */
+ return ((i * factor) + (d * (factor / 10)));
+}
+
+/* not too good at checking errors, but it'll do (main() should barfe on -1) */
+static int
+get_threshold(char *str, threshold *th)
+{
+ char *p = NULL, i = 0;
+
+ if(!str || !strlen(str) || !th) return -1;
+
+ /* pointer magic slims code by 10 lines. i is bof-stop on stupid libc's */
+ p = &str[strlen(str) - 1];
+ while(p != &str[1]) {
+ if(*p == '%') *p = '\0';
+ else if(*p == ',' && i) {
+ *p = '\0'; /* reset it so get_timevar(str) works nicely later */
+ th->pl = (unsigned char)strtoul(p+1, NULL, 0);
+ break;
+ }
+ i = 1;
+ p--;
+ }
+ th->rta = get_timevar(str);
+
+ if(!th->rta) return -1;
+
+ if(th->rta > MAXTTL * 1000000) th->rta = MAXTTL * 1000000;
+ if(th->pl > 100) th->pl = 100;
+
+ return 0;
+}
+
+unsigned short
+icmp_checksum(unsigned short *p, int n)
+{
+ register unsigned short cksum;
+ register long sum = 0;
+
+ while(n > 1) {
+ sum += *p++;
+ n -= 2;
+ }
+
+ /* mop up the occasional odd byte */
+ if(n == 1) sum += (unsigned char)*p;
+
+ sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
+ sum += (sum >> 16); /* add carry */
+ cksum = ~sum; /* ones-complement, trunc to 16 bits */
+
+ return cksum;
+}
+
+/* make core plugin developers happy (silly, really) */
+static void
+usage(unsigned char arg, char *msg)
+{
+ if(msg) printf("%s: %s\n", progname, msg);
+
+ if(arg == 'V') {
+ printf("$Id$\n");
+ exit(STATE_UNKNOWN);
+ }
+
+ printf("Usage: %s [options] [-H] host1 host2 hostn\n\n", progname);
+
+ if(arg != 'h') exit(3);
+
+ printf("Where options are any combination of:\n"
+ " * -H | --host specify a target\n"
+ " * -w | --warn warning threshold (currently %0.3fms,%u%%)\n"
+ " * -c | --crit critical threshold (currently %0.3fms,%u%%)\n"
+ " * -n | --packets number of packets to send (currently %u)\n"
+ " * -i | --interval max packet interval (currently %0.3fms)\n"
+ " * -I | --hostint max target interval (currently %0.3fms)\n"
+ " * -l | --ttl TTL on outgoing packets (currently %u)\n"
+ " * -t | --timeout timeout value (seconds, currently %u)\n"
+ " * -b | --bytes icmp packet size (currenly ignored)\n"
+ " -v | --verbose verbosity++\n"
+ " -h | --help this cruft\n",
+ (float)warn.rta / 1000, warn.pl, (float)crit.rta / 1000, crit.pl,
+ packets,
+ (float)pkt_interval / 1000, (float)target_interval / 1000,
+ ttl, timeout);
+
+ puts("\nThe -H switch is optional. Naming a host (or several) to check is not.\n\n"
+ "Threshold format for -w and -c is 200.25,60% for 200.25 msec RTA and 60%\n"
+ "packet loss. The default values should work well for most users.\n"
+ "You can specify different RTA factors using the standardized abbreviations\n"
+ "us (microseconds), ms (milliseconds, default) or just plain s for seconds.\n\n"
+ "Threshold format for -d is warn,crit. 12,14 means WARNING if >= 12 hops\n"
+ "are spent and CRITICAL if >= 14 hops are spent.\n"
+ "NOTE: Some systems decrease TTL when forming ICMP_ECHOREPLY, others do not.\n\n"
+ "The -v switch can be specified several times for increased verbosity.\n\n"
+ "Long options are currently unsupported.\n\n"
+ "Options marked with * require an argument\n");
+
+ puts("The latest version of this plugin can be found at http://oss.op5.se/nagios\n"
+ "or https://devel.op5.se/oss until the day it is included in the official\n"
+ "plugin distribution.\n");
+
+ exit(3);
+}