[Nagios-devel] RFC: NRPE Protocol

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
Guest

[Nagios-devel] RFC: NRPE Protocol

Post by Guest »

--14dae93b62a2b7ce4004d2724bf0
Content-Type: multipart/alternative; boundary=14dae93b62a2b7ce3c04d2724bee

--14dae93b62a2b7ce3c04d2724bee
Content-Type: text/plain; charset=ISO-8859-1

Hi everyone,

I'm currently trying to figure out the "on-the-wire" protocol NRPE speaks
so I could implement a pure perl module that could talk NRPE.

During this endeavour I found a couple of strange things I'd like to ask
you folks about.

Beware that this is my first time I write an application using raw TCP/IP
and am not too sufficient in C. Therefore I'd love to know where and when I
went wrong in my assumptions and/or code.

As mentioned above I use Perl as my target language and simultainously
started reading the code in check_nrpe.c . So far I came up with this as an
unpack template:

my ($packet_version, $packet_type, $crc32_value, $result_code, $buffer) =
unpack('S S n S A[1024]',$str);

print $packet_version." ".$packet_type." ".$crc32_value." ".$result_code."
".$buffer;

Where $str is the hex encoded data from the TCP conversation and is
attached to this mail(data.hex). As a result I get this:

512 256 22286 20613 krcheck_users

From looking at the code I can gather that:

- 512 is the NRPE version 2*256=512
as NRPE_PACKET_VERSION_2 defines it in common.h
- 256 is the packet type 1*256=256 as common.h defines it
QUERY_PACKET 1
- 22286 the checksum over the packet which I - for now - blindly trust is
correct
Now this os where it starts boggling in my mind. common.h defines packet
as:

typedef struct packet_struct{
int16_t packet_version;
int16_t packet_type;
u_int32_t crc32_value;
int16_t result_code;
char buffer[MAX_PACKETBUFFER_LENGTH];
}packet;

So logically a result and/or zero should be here for a Query package right?
But what I find is:
- 20613

After that there is only $buffer left which is:
"krcheck_users"
Which is semi-correct since I queried the server for the state of
check_users. But the first 2 characters bother me. They showed up
consistently over the last 4-5 test packets I looked at with wireshark and
were always semi random. If I could find an explanation for them I'd be
happy. Otherwise maybe I'm just wrong in assuming that result_code is
actually relevant in this context and it is actually part of the
semi_random data you filled packet with before filling in the relevant
parts.

Otherwise I'd love to have something in the form of an RFC for the NRPE
Protocol versions. This would definitely make implementing NRPE much
easier.

Thanks in advance and a Happy New Year,

Andreas Marschke.

--14dae93b62a2b7ce3c04d2724bee
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hi everyone,I=
'm currently trying to figure out the "on-the-wire" protocol =
NRPE speaks so I could implement a pure perl module that could talk NRPE.
During this endeavour =
I found a couple of strange things I'd like to ask you folks about.
Beware that this is my=
first time I write an application using raw TCP/IP and am not too sufficie=
nt in C. Therefore I'd love to know where and when I went wrong in my a=
ssumptions and/or code.=A0
As mentioned above I u=
se Perl as my target language and simultainously started reading the code i=
n check_nrpe.c . So far I came up with this as an unpack template:=A0
my ($packet_versi=

...[email truncated]...


This post was automatically imported from historical nagios-devel mailing list archives
Original poster: andreas.marschke@gmail.com
Locked