diff options
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/check_ntp.c | 269 |
1 files changed, 247 insertions, 22 deletions
diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c index 5037786a..2954aa88 100644 --- a/plugins/check_ntp.c +++ b/plugins/check_ntp.c @@ -43,6 +43,12 @@ int process_arguments (int, char **); void print_help (void); void print_usage (void); +/* number of times to perform each request to get a good average. */ +#define AVG_NUM 4 + +/* max size of control message data */ +#define MAX_CM_SIZE 468 + /* this structure holds everything in an ntp request/response as per rfc1305 */ typedef struct { uint8_t flags; /* byte with leapindicator,vers,mode. see macros */ @@ -58,6 +64,25 @@ typedef struct { uint64_t txts; /* time at which request departed server */ } ntp_message; +/* this structure holds everything in an ntp control message as per rfc1305 */ +typedef struct { + uint8_t flags; /* byte with leapindicator,vers,mode. see macros */ + uint8_t op; /* R,E,M bits and Opcode */ + uint16_t seq; /* Packet sequence */ + uint16_t status; /* Clock status */ + uint16_t assoc; /* Association */ + uint16_t offset; /* Similar to TCP sequence # */ + uint16_t count; /* # bytes of data */ + char data[MAX_CM_SIZE]; /* ASCII data of the request */ + /* NB: not necessarily NULL terminated! */ +} ntp_control_message; + +/* this is an association/status-word pair found in control packet reponses */ +typedef struct { + uint16_t assoc; + uint16_t status; +} ntp_assoc_status_pair; + /* bits 1,2 are the leap indicator */ #define LI_MASK 0xc0 #define LI(x) ((x&LI_MASK)>>6) @@ -71,12 +96,28 @@ typedef struct { #define VN_MASK 0x38 #define VN(x) ((x&VN_MASK)>>3) #define VN_SET(x,y) do{ x |= ((y<<3)&VN_MASK); }while(0) +#define VN_RESERVED 0x02 /* bits 6,7,8 are the ntp mode */ #define MODE_MASK 0x07 #define MODE(x) (x&MODE_MASK) #define MODE_SET(x,y) do{ x |= (y&MODE_MASK); }while(0) /* here are some values */ #define MODE_CLIENT 0x03 +#define MODE_CONTROLMSG 0x06 +/* In control message, bits 8-10 are R,E,M bits */ +#define REM_MASK 0xe0 +#define REM_RESP 0x80 +#define REM_ERROR 0x40 +#define REM_MORE 0x20 +/* In control message, bits 11 - 15 are opcode */ +#define OP_MASK 0x1f +#define OP_SET(x,y) do{ x |= (y&OP_MASK); }while(0) +#define OP_READSTAT 0x01 +#define OP_READVAR 0x02 +/* In peer status bytes, bytes 6,7,8 determine clock selection status */ +#define PEER_SEL(x) (x&0x07) +#define PEER_INCLUDED 0x04 +#define PEER_SYNCSOURCE 0x06 /** ** a note about the 32-bit "fixed point" numbers: @@ -116,7 +157,7 @@ typedef struct { do{ if(!n) t.tv_sec = t.tv_usec = 0; \ else { \ t.tv_sec=ntohl(L32(n))-EPOCHDIFF; \ - t.tv_usec=(int)(0.5+(double)(ntohl(R32(n))/4294.967296)); \ + t.tv_usec=(int)(0.5+(double)(ntohl(R32(n))/4294.967296)); \ } \ }while(0) @@ -129,6 +170,17 @@ typedef struct { } \ } while(0) +/* NTP control message header is 12 bytes, plus any data in the data + * field, plus null padding to the nearest 32-bit boundary per rfc. + */ +#define SIZEOF_NTPCM(m) (12+ntohs(m.count)+((m.count)?4-(ntohs(m.count)%4):0)) + +/* finally, a little helper or two for debugging: */ +#define DBG(x) do{if(verbose>1){ x; }}while(0); +#define PRINTSOCKADDR(x) \ + do{ \ + printf("%u.%u.%u.%u", (x>>24)&0xff, (x>>16)&0xff, (x>>8)&0xff, x&0xff);\ + }while(0); /* calculate the offset of the local clock */ static inline double calc_offset(const ntp_message *m, const struct timeval *t){ @@ -142,7 +194,7 @@ static inline double calc_offset(const ntp_message *m, const struct timeval *t){ } /* print out a ntp packet in human readable/debuggable format */ -void print_packet(const ntp_message *p){ +void print_ntp_message(const ntp_message *p){ struct timeval ref, orig, rx, tx; NTP64toTV(p->refts,ref); @@ -167,6 +219,42 @@ void print_packet(const ntp_message *p){ printf("\ttxts = %-.16g\n", NTP64asDOUBLE(p->txts)); } +void print_ntp_control_message(const ntp_control_message *p){ + int i=0, numpeers=0; + const ntp_assoc_status_pair *peer=NULL; + + printf("control packet contents:\n"); + printf("\tflags: 0x%.2x , 0x%.2x\n", p->flags, p->op); + printf("\t li=%d (0x%.2x)\n", LI(p->flags), p->flags&LI_MASK); + printf("\t vn=%d (0x%.2x)\n", VN(p->flags), p->flags&VN_MASK); + printf("\t mode=%d (0x%.2x)\n", MODE(p->flags), p->flags&MODE_MASK); + printf("\t response=%d (0x%.2x)\n", (p->op&REM_RESP)>0, p->op&REM_RESP); + printf("\t more=%d (0x%.2x)\n", (p->op&REM_MORE)>0, p->op&REM_MORE); + printf("\t error=%d (0x%.2x)\n", (p->op&REM_ERROR)>0, p->op&REM_ERROR); + printf("\t op=%d (0x%.2x)\n", p->op&OP_MASK, p->op&OP_MASK); + printf("\tsequence: %d (0x%.2x)\n", ntohs(p->seq), ntohs(p->seq)); + printf("\tstatus: %d (0x%.2x)\n", ntohs(p->status), ntohs(p->status)); + printf("\tassoc: %d (0x%.2x)\n", ntohs(p->assoc), ntohs(p->assoc)); + printf("\toffset: %d (0x%.2x)\n", ntohs(p->offset), ntohs(p->offset)); + printf("\tcount: %d (0x%.2x)\n", ntohs(p->count), ntohs(p->count)); + numpeers=ntohs(p->count)/(sizeof(ntp_assoc_status_pair)); + if(p->op&REM_RESP && p->op&OP_READSTAT){ + peer=(ntp_assoc_status_pair*)p->data; + for(i=0;i<numpeers;i++){ + printf("\tpeer id %.2x status %.2x", + ntohs(peer[i].assoc), ntohs(peer[i].status)); + if (PEER_SEL(peer[i].status) >= PEER_INCLUDED){ + if(PEER_SEL(peer[i].status) >= PEER_SYNCSOURCE){ + printf(" <-- current sync source"); + } else { + printf(" <-- current sync candidate"); + } + } + printf("\n"); + } + } +} + void setup_request(ntp_message *p){ struct timeval t; @@ -189,7 +277,8 @@ double offset_request(const char *host){ double next_offset=0., avg_offset=0.; struct timeval recv_time; - for(i=0; i<4; i++){ + for(i=0; i<AVG_NUM; i++){ + if(verbose) printf("offset run: %d/%d\n", i+1, AVG_NUM); setup_request(&req); my_udp_connect(server_address, 123, &conn); write(conn, &req, sizeof(ntp_message)); @@ -201,12 +290,134 @@ double offset_request(const char *host){ if(verbose) printf("offset: %g\n", next_offset); avg_offset+=next_offset; } - return avg_offset/4.; + avg_offset/=AVG_NUM; + if(verbose) printf("average offset: %g\n", avg_offset); + return avg_offset; +} + +void +setup_control_request(ntp_control_message *p, uint8_t opcode, uint16_t seq){ + memset(p, 0, sizeof(ntp_control_message)); + LI_SET(p->flags, LI_NOWARNING); + VN_SET(p->flags, VN_RESERVED); + MODE_SET(p->flags, MODE_CONTROLMSG); + OP_SET(p->op, opcode); + p->seq = htons(seq); + /* Remaining fields are zero for requests */ } -/* not yet implemented yet */ +/* XXX handle responses with the error bit set */ double jitter_request(const char *host){ - return 0.; + int conn=-1, i, npeers=0, num_candidates=0, syncsource_found=0; + int run=0, min_peer_sel=PEER_INCLUDED, num_selected=0, num_valid=0; + ntp_assoc_status_pair *peers; + ntp_control_message req; + double rval = 0.0, jitter = -1.0; + char *startofvalue=NULL, *nptr=NULL; + + /* Long-winded explanation: + * Getting the jitter requires a number of steps: + * 1) Send a READSTAT request. + * 2) Interpret the READSTAT reply + * a) The data section contains a list of peer identifiers (16 bits) + * and associated status words (16 bits) + * b) We want the value of 0x06 in the SEL (peer selection) value, + * which means "current synchronizatin source". If that's missing, + * we take anything better than 0x04 (see the rfc for details) but + * set a minimum of warning. + * 3) Send a READVAR request for information on each peer identified + * in 2b greater than the minimum selection value. + * 4) Extract the jitter value from the data[] (it's ASCII) + */ + my_udp_connect(server_address, 123, &conn); + setup_control_request(&req, OP_READSTAT, 1); + + DBG(printf("sending READSTAT request")); + write(conn, &req, SIZEOF_NTPCM(req)); + DBG(print_ntp_control_message(&req)); + /* Attempt to read the largest size packet possible + * Is it possible for an NTP server to have more than 117 synchronization + * sources? If so, we will receive a second datagram with additional + * peers listed, since 117 is the maximum number that can fit in a + * single NTP control datagram. This code doesn't handle that case */ + /* XXX check the REM_MORE bit */ + req.count=htons(MAX_CM_SIZE); + DBG(printf("recieving READSTAT response")) + read(conn, &req, SIZEOF_NTPCM(req)); + DBG(print_ntp_control_message(&req)); + /* Each peer identifier is 4 bytes in the data section, which + * we represent as a ntp_assoc_status_pair datatype. + */ + npeers=ntohs(req.count)/sizeof(ntp_assoc_status_pair); + peers=(ntp_assoc_status_pair*)malloc(sizeof(ntp_assoc_status_pair)*npeers); + memcpy((void*)peers, (void*)req.data, sizeof(ntp_assoc_status_pair)*npeers); + /* first, let's find out if we have a sync source, or if there are + * at least some candidates. in the case of the latter we'll issue + * a warning but go ahead with the check on them. */ + for (i = 0; i < npeers; i++){ + if (PEER_SEL(peers[i].status) >= PEER_INCLUDED){ + num_candidates++; + if(PEER_SEL(peers[i].status) >= PEER_SYNCSOURCE){ + syncsource_found=1; + min_peer_sel=PEER_SYNCSOURCE; + } + } + } + if(verbose) printf("%d candiate peers available\n", num_candidates); + if(verbose && syncsource_found) printf("synchronization source found\n"); + /* XXX if ! syncsource_found set status to warning */ + + for (run=0; run<AVG_NUM; run++){ + if(verbose) printf("jitter run %d of %d\n", run+1, AVG_NUM); + for (i = 0; i < npeers; i++){ + /* Only query this server if it is the current sync source */ + if (PEER_SEL(peers[i].status) >= min_peer_sel){ + setup_control_request(&req, OP_READVAR, 2); + req.assoc = peers[i].assoc; + /* By spec, putting the variable name "jitter" in the request + * should cause the server to provide _only_ the jitter value. + * thus reducing net traffic, guaranteeing us only a single + * datagram in reply, and making intepretation much simpler + */ + strncpy(req.data, "jitter", 6); + req.count = htons(6); + DBG(printf("sending READVAR request...\n")); + write(conn, &req, SIZEOF_NTPCM(req)); + DBG(print_ntp_control_message(&req)); + + req.count = htons(MAX_CM_SIZE); + DBG(printf("recieving READVAR response...\n")); + read(conn, &req, SIZEOF_NTPCM(req)); + DBG(print_ntp_control_message(&req)); + + /* get to the float value */ + if(verbose) { + printf("parsing jitter from peer %.2x: ", peers[i].assoc); + } + startofvalue = strchr(req.data, '=') + 1; + jitter = strtod(startofvalue, &nptr); + num_selected++; + if(jitter == 0 && startofvalue==nptr){ + printf("warning: unable to parse server response.\n"); + /* XXX errors value ... */ + } else { + if(verbose) printf("%g\n", jitter); + num_valid++; + rval += jitter; + } + } + } + if(verbose){ + printf("jitter parsed from %d/%d peers\n", num_selected, num_valid); + } + } + + rval /= num_valid; + + close(conn); + free(peers); + /* If we return -1.0, it means no synchronization source was found */ + return rval; } int process_arguments(int argc, char **argv){ @@ -247,7 +458,7 @@ int process_arguments(int argc, char **argv){ exit(STATE_OK); break; case 'v': - verbose = 1; + verbose++; break; case 'w': owarn = atof(optarg); @@ -321,35 +532,49 @@ int main(int argc, char *argv[]){ offset = offset_request(server_address); if(offset > ocrit){ - printf("NTP CRITICAL: "); result = STATE_CRITICAL; } else if(offset > owarn) { - printf("NTP WARNING: "); result = STATE_WARNING; } else { - printf("NTP OK: "); result = STATE_OK; } - /* not implemented yet: */ - jitter=jitter_request(server_address); - - /* not implemented yet: + /* If not told to check the jitter, we don't even send packets. + * jitter is checked using NTP control packets, which not all + * servers recognize. Trying to check the jitter on OpenNTPD + * (for example) will result in an error + */ if(do_jitter){ + jitter=jitter_request(server_address); if(jitter > jcrit){ - printf("NTP CRITICAL: "); - result = STATE_CRITICAL; + result = max_state(result, STATE_CRITICAL); } else if(jitter > jwarn) { + result = max_state(result, STATE_WARNING); + } else if(jitter == -1.0 && result == STATE_OK){ + /* -1 indicates that we couldn't calculate the jitter + * Only overrides STATE_OK from the offset */ + result = STATE_UNKNOWN; + } + } + + switch (result) { + case STATE_CRITICAL : + printf("NTP CRITICAL: "); + break; + case STATE_WARNING : printf("NTP WARNING: "); - result = STATE_WARNING; - } else { + break; + case STATE_OK : printf("NTP OK: "); - result = STATE_OK; - } + break; + default : + printf("NTP UNKNOWN: "); + break; } - */ - printf("Offset %g secs|offset=%g\n", offset, offset); + printf("Offset %g secs|offset=%g", offset, offset); + if (do_jitter) printf("|jitter=%f", jitter); + printf("\n"); if(server_address!=NULL) free(server_address); return result; |