NRPE have a 1024 output size, should be 4k according to spec

[littlesandra88]

In the bug tracker have I attached your changes as a patch, and even when I leave out the changes in src/snprintf.c, it crashes nrpe for me.

Code: Select all

# src/check_nrpe -H localhost -c check_zfs_zpool 
CHECK_NRPE: Received 0 bytes from daemon.  Check the remote server logs for error messages.

[tmcdonald]

Did anything show up in the remote logs?

Code: Select all

grep -i "localhost nrpe" /var/log/messages | less

[littlesandra88]

I get this

Code: Select all

Jan 31 10:49:47 nas nrpe[23317]: [ID 261363 daemon.error] Error: Request packet had invalid CRC32.
Jan 31 10:49:47 nas nrpe[23317]: [ID 900267 daemon.error] Client request was invalid, bailing out...

[tmcdonald]

So it looks like the error-checking is off. Have you tried with multiple plugins? It's a pretty heavy day here support-wise but I'll try and look at the code.

[littlesandra88]

Yes, even with this plugin

Code: Select all

#!/usr/bin/bash
cat /etc/passwd
exit 0

I get the same error. Weird don't you think?

[tmcdonald]

I poked around and found the CRC generation code. This does seem to be a bit out of my league, and I am sure I would step on some toes if I spent too long doing dev work. I'll talk to one of the developers and see if he has an opinion, might be a quick for him. Not sure why it is working on my system and not yours though.

[littlesandra88]

I have found this old thread

http://comments.gmane.org/gmane.network ... devel/8291

which talks about a patch which have to be found by archive.org

https://web.archive.org/web/20120309192 ... rge-output

https://web.archive.org/web/20121001020 ... line.patch

but it is not a trivial problem to fix it seams. I the thread they talk about how deployed it have been, but locally it still only gives 1024 bytes output.

Code: Select all

diff -ur nrpe-2.12.original/include/common.h nrpe-2.12/include/common.h
--- nrpe-2.12.original/include/common.h	2008-03-10 22:04:42.000000000 +0100
+++ nrpe-2.12/include/common.h	2008-08-05 00:27:10.664753368 +0200
@@ -41,7 +41,7 @@
 #define DEFAULT_SOCKET_TIMEOUT	10	/* timeout after 10 seconds */
 #define DEFAULT_CONNECTION_TIMEOUT 300	/* timeout if daemon is waiting for connection more than this time */
 
-#define MAX_INPUT_BUFFER	2048	/* max size of most buffers we use */
+#define MAX_INPUT_BUFFER	16384	/* max size of most buffers we use */
 #define MAX_FILENAME_LENGTH     256
 
 #define MAX_HOST_ADDRESS_LENGTH	256	/* max size of a host address */
@@ -55,12 +55,14 @@
 
 #define QUERY_PACKET		1		/* id code for a packet containing a query */
 #define	RESPONSE_PACKET		2		/* id code for a packet containing a response */
+#define	RESPONSE_PACKET_WITH_MORE	3	/* id code for a packet containing a response, with more data to follow */
 
 #define NRPE_PACKET_VERSION_3   3               /* packet version identifier */
 #define NRPE_PACKET_VERSION_2   2               
 #define NRPE_PACKET_VERSION_1	1		/* older packet version identifiers (no longer supported) */
 
-#define MAX_PACKETBUFFER_LENGTH	1024		/* max amount of data we'll send in one query/response */
+#define MAX_PACKETBUFFER_LENGTH	1024		/* max amount of data we'll send in one query/response. WARNING - do not change this
+						as older clients/servers will not work */
 
 typedef struct packet_struct{
 	int16_t   packet_version;
Binary files nrpe-2.12.original/src/check_nrpe and nrpe-2.12/src/check_nrpe differ
diff -ur nrpe-2.12.original/src/check_nrpe.c nrpe-2.12/src/check_nrpe.c
--- nrpe-2.12.original/src/check_nrpe.c	2008-03-10 22:04:43.000000000 +0100
+++ nrpe-2.12/src/check_nrpe.c	2008-08-05 00:48:00.731981872 +0200
@@ -221,6 +221,11 @@
 			return STATE_UNKNOWN;
 		        }
 
+		/* Altinity patch: Allow multiple packets to be received */
+		/* Indentation not corrected to allow simpler patching */
+		/* START MULTI_PACKET LOOP */
+		do {
+
 		/* wait for the response packet */
 		bytes_to_recv=sizeof(receive_packet);
 		if(use_ssl==FALSE)
@@ -233,31 +238,24 @@
 		/* reset timeout */
 		alarm(0);
 
-		/* close the connection */
-#ifdef HAVE_SSL
-		if(use_ssl==TRUE){
-			SSL_shutdown(ssl);
-			SSL_free(ssl);
-			SSL_CTX_free(ctx);
-	                }
-#endif
-		graceful_close(sd,1000);
-
 		/* recv() error */
 		if(rc<0){
 			printf("CHECK_NRPE: Error receiving data from daemon.\n");
+			graceful_close(sd,1000);
 			return STATE_UNKNOWN;
 		        }
 
 		/* server disconnected */
 		else if(rc==0){
 			printf("CHECK_NRPE: Received 0 bytes from daemon.  Check the remote server logs for error messages.\n");
+			graceful_close(sd,1000);
 			return STATE_UNKNOWN;
 		        }
 
 		/* receive underflow */
 		else if(bytes_to_recv<sizeof(receive_packet)){
 			printf("CHECK_NRPE: Receive underflow - only %d bytes received (%d expected).\n",bytes_to_recv,sizeof(receive_packet));
+			graceful_close(sd,1000);
 			return STATE_UNKNOWN;
 		        }
 
@@ -271,21 +269,21 @@
 		calculated_crc32=calculate_crc32((char *)&receive_packet,sizeof(receive_packet));
 		if(packet_crc32!=calculated_crc32){
 			printf("CHECK_NRPE: Response packet had invalid CRC32.\n");
-			close(sd);
+			graceful_close(sd,1000);
 			return STATE_UNKNOWN;
                         }
 	
 		/* check packet version */
 		if(ntohs(receive_packet.packet_version)!=NRPE_PACKET_VERSION_2){
 			printf("CHECK_NRPE: Invalid packet version received from server.\n");
-			close(sd);
+			graceful_close(sd,1000);
 			return STATE_UNKNOWN;
 			}
 
 		/* check packet type */
-		if(ntohs(receive_packet.packet_type)!=RESPONSE_PACKET){
+		if(ntohs(receive_packet.packet_type)!=RESPONSE_PACKET && ntohs(receive_packet.packet_type)!=RESPONSE_PACKET_WITH_MORE){
 			printf("CHECK_NRPE: Invalid packet type received from server.\n");
-			close(sd);
+			graceful_close(sd,1000);
 			return STATE_UNKNOWN;
 			}
 
@@ -297,8 +295,18 @@
 		if(!strcmp(receive_packet.buffer,""))
 			printf("CHECK_NRPE: No output returned from daemon.\n");
 		else
-			printf("%s\n",receive_packet.buffer);
-	        }
+			printf("%s",receive_packet.buffer);
+
+		} while (ntohs(receive_packet.packet_type)==RESPONSE_PACKET_WITH_MORE);
+		/* END MULTI_PACKET LOOP */
+
+		/* Finish output with newline */
+		printf("\n");
+
+		/* close the connection */
+		graceful_close(sd,1000);
+
+		}
 
 	/* reset the alarm */
 	else
@@ -434,6 +442,14 @@
         struct timeval tv;
         char buf[1000];
 
+#ifdef HAVE_SSL
+	if(use_ssl==TRUE){
+		SSL_shutdown(ssl);
+		SSL_free(ssl);
+		SSL_CTX_free(ctx);
+		}
+#endif
+
 	/* send FIN packet */
         shutdown(sd,SHUT_WR);  
         for(;;){
Binary files nrpe-2.12.original/src/nrpe and nrpe-2.12/src/nrpe differ
diff -ur nrpe-2.12.original/src/nrpe.c nrpe-2.12/src/nrpe.c
--- nrpe-2.12.original/src/nrpe.c	2008-08-04 16:17:25.729637000 +0200
+++ nrpe-2.12/src/nrpe.c	2008-08-05 00:52:47.690415400 +0200
@@ -1029,6 +1029,8 @@
 	char processed_command[MAX_INPUT_BUFFER];
 	int result=STATE_OK;
 	int early_timeout=FALSE;
+	int bytes_copied=0;
+	char *pbuffer=&buffer[0];
 	int rc;
 	int x;
 #ifdef DEBUG
@@ -1245,6 +1247,14 @@
 	if(buffer[strlen(buffer)-1]=='\n')
 		buffer[strlen(buffer)-1]='\x0';
 
+	/* Altinity patch to allow multi packet responses */
+	/* Loop not indented to allow easier patching */
+	/* START MULTI_PACKET LOOP */
+	do {
+
+	if(debug==TRUE)
+		syslog(LOG_DEBUG,"Sending response - bytes left: %d", strlen(pbuffer));
+
 	/* clear the response packet buffer */
 	bzero(&send_packet,sizeof(send_packet));
 
@@ -1253,11 +1263,17 @@
 
 	/* initialize response packet data */
 	send_packet.packet_version=(int16_t)htons(NRPE_PACKET_VERSION_2);
-	send_packet.packet_type=(int16_t)htons(RESPONSE_PACKET);
 	send_packet.result_code=(int16_t)htons(result);
-	strncpy(&send_packet.buffer[0],buffer,MAX_PACKETBUFFER_LENGTH);
+	strncpy(&send_packet.buffer[0],pbuffer,MAX_PACKETBUFFER_LENGTH);
 	send_packet.buffer[MAX_PACKETBUFFER_LENGTH-1]='\x0';
 	
+	bytes_copied = strlen(&send_packet.buffer[0]);
+	pbuffer = pbuffer+bytes_copied;
+	if(strlen(pbuffer)>0)
+		send_packet.packet_type=(int16_t)htons(RESPONSE_PACKET_WITH_MORE);
+	else
+		send_packet.packet_type=(int16_t)htons(RESPONSE_PACKET);
+
 	/* calculate the crc 32 value of the packet */
 	send_packet.crc32_value=(u_int32_t)0L;
 	calculated_crc32=calculate_crc32((char *)&send_packet,sizeof(send_packet));
@@ -1276,6 +1292,9 @@
 		SSL_write(ssl,&send_packet,bytes_to_send);
 #endif
 
+	} while (strlen(pbuffer) > 0);
+	/* END MULTI_PACKET LOOP */
+
 #ifdef HAVE_SSL
 	if(ssl){
 		SSL_shutdown(ssl);

[tmcdonald]

This might be best posted to our tracker.nagios.org bug/feature list. I've done what I can but not being a dev I'm pretty unfamiliar with the codebase. Posting there is the best way to make sure someone who knows what they are doing sees it.

[littlesandra88]

Thanks a lot for looking into it. I have updated the bug report with the patch, which needs a bit of modification for be applied to nrpe 2.15.

[littlesandra88]

Just found this blog post, which explains how the multiline 4k patch works.

http://www.opsview.com/whats-new/blog/e ... rge-output