--=-ViIK4orZiNaE3QCdTssf
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Hi,
When using nrpe in inetd mode, if the command that is executed by nrpe
outputs any data to stderr, then the message
CHECK_NRPE: Response packet had invalid CRC32.
is output.
I described the issue and its cause in an email to the users list a few
months ago. As there were no offers to fix it, here is a patch.
How to demonstrate the problem:
* create shellscript /tmp/dostderr containing:
#!/bin/sh
echo "an error" 1>&2
echo "an output"
exit 0
* set up an nrpe config file with the following:
command[check_stderr]=/tmp/dostderr
* set up nrpe to run from inetd
run:
./check_nrpe -H localhost -c check_stderr
The cause:
When inetd forks and creates an nrpe process after a user connects, the
created process has both STDOUT and STDERR connected to the socket back
to the client. When popen is used to execute the actual command, the
spawned command's STDOUT goes into the pipe that nrpe explicitly reads
from. However the spawned command's STDERR is not overridden - so any
output by the command to stderr goes immediately and directly back to
the remote client process.
The result is that if the command writes to STDERR, then the client
(check_nrpe) sees this output before nrpe writes the "packet header" and
therefore interprets the result as a packet with corrupt checksum.
The fix:
In inetd mode, force STDERR to map to/dev/null. Any STDERR output
generated by the command therefore is discarded. It would be even nicer
to cause a command's stderr and stdout to be "merged", but I can't see
any way to do that without replacing the "popen" call with something
significantly smarter.
The daemon mode doesn't experience this problem, because STDERR is
already redirected to /dev/null using the same technique.
Maybe the "popen.c" file in the main nagios distribution could be used
here, but that would be a much bigger fix. At least the minimal fix
attached here solves the main problem (strange CRC32 error).
Regards,
Simon
--=-ViIK4orZiNaE3QCdTssf
Content-Disposition: attachment; filename=nrpe.crc.patch.txt
Content-Type: text/x-patch; name=nrpe.crc.patch.txt; charset=
Content-Transfer-Encoding: 7bit
Index: nrpe.c
===================================================================
RCS file: /cvsroot/nagios/nrpe/src/nrpe.c,v
retrieving revision 1.32
diff -u -r1.32 nrpe.c
--- nrpe.c 24 Oct 2003 23:55:14 -0000 1.32
+++ nrpe.c 5 Mar 2004 05:11:32 -0000
@@ -227,6 +227,13 @@
/* make sure we're not root */
check_privileges();
+ /* force STDERR to be discarded, so that output to stderr from the
+ * executed command doesn't stream directly back to the remote
+ * check_nrpe app, thereby causing it to report a bad packet
+ * header (invalid CRC32). */
+ close(2);
+ open("/dev/null", O_WRONLY); /* creates new fd 2 */
+
/* handle the connection */
handle_connection(0);
}
--=-ViIK4orZiNaE3QCdTssf--
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]