diff options
-rw-r--r-- | lib/utils_tcp.h | 1 | ||||
-rw-r--r-- | plugins/Makefile.am | 1 | ||||
-rw-r--r-- | plugins/check_tcp.c | 777 | ||||
-rw-r--r-- | plugins/check_tcp.d/config.h | 84 | ||||
-rw-r--r-- | plugins/t/check_ftp.t | 2 | ||||
-rw-r--r-- | plugins/t/check_jabber.t | 4 | ||||
-rw-r--r-- | plugins/t/check_tcp.t | 12 | ||||
-rw-r--r-- | plugins/t/check_udp.t | 4 |
8 files changed, 546 insertions, 339 deletions
diff --git a/lib/utils_tcp.h b/lib/utils_tcp.h index d5999e9b..a7d83c59 100644 --- a/lib/utils_tcp.h +++ b/lib/utils_tcp.h | |||
@@ -11,6 +11,7 @@ | |||
11 | * server. | 11 | * server. |
12 | */ | 12 | */ |
13 | enum np_match_result { | 13 | enum np_match_result { |
14 | NP_MATCH_NONE, | ||
14 | NP_MATCH_FAILURE, | 15 | NP_MATCH_FAILURE, |
15 | NP_MATCH_SUCCESS, | 16 | NP_MATCH_SUCCESS, |
16 | NP_MATCH_RETRY | 17 | NP_MATCH_RETRY |
diff --git a/plugins/Makefile.am b/plugins/Makefile.am index 9e4924c3..30ca63d1 100644 --- a/plugins/Makefile.am +++ b/plugins/Makefile.am | |||
@@ -58,6 +58,7 @@ EXTRA_DIST = t \ | |||
58 | check_time.d \ | 58 | check_time.d \ |
59 | check_nagios.d \ | 59 | check_nagios.d \ |
60 | check_dbi.d \ | 60 | check_dbi.d \ |
61 | check_tcp.d \ | ||
61 | check_real.d \ | 62 | check_real.d \ |
62 | check_ssh.d \ | 63 | check_ssh.d \ |
63 | check_nt.d \ | 64 | check_nt.d \ |
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c index 49ad096c..22dcc74e 100644 --- a/plugins/check_tcp.c +++ b/plugins/check_tcp.c | |||
@@ -3,7 +3,7 @@ | |||
3 | * Monitoring check_tcp plugin | 3 | * Monitoring check_tcp plugin |
4 | * | 4 | * |
5 | * License: GPL | 5 | * License: GPL |
6 | * Copyright (c) 1999-2024 Monitoring Plugins Development Team | 6 | * Copyright (c) 1999-2025 Monitoring Plugins Development Team |
7 | * | 7 | * |
8 | * Description: | 8 | * Description: |
9 | * | 9 | * |
@@ -29,74 +29,63 @@ | |||
29 | 29 | ||
30 | /* progname "check_tcp" changes depending on symlink called */ | 30 | /* progname "check_tcp" changes depending on symlink called */ |
31 | char *progname; | 31 | char *progname; |
32 | const char *copyright = "1999-2024"; | 32 | const char *copyright = "1999-2025"; |
33 | const char *email = "devel@monitoring-plugins.org"; | 33 | const char *email = "devel@monitoring-plugins.org"; |
34 | 34 | ||
35 | #include "common.h" | 35 | #include "./common.h" |
36 | #include "netutils.h" | 36 | #include "./netutils.h" |
37 | #include "utils.h" | 37 | #include "./utils.h" |
38 | #include "utils_tcp.h" | 38 | #include "./check_tcp.d/config.h" |
39 | #include "output.h" | ||
40 | #include "states.h" | ||
39 | 41 | ||
42 | #include <sys/types.h> | ||
40 | #include <ctype.h> | 43 | #include <ctype.h> |
41 | #include <sys/select.h> | 44 | #include <sys/select.h> |
42 | 45 | ||
46 | ssize_t my_recv(int socket_descriptor, char *buf, size_t len, bool use_tls) { | ||
43 | #ifdef HAVE_SSL | 47 | #ifdef HAVE_SSL |
44 | static bool check_cert = false; | 48 | if (use_tls) { |
45 | static int days_till_exp_warn, days_till_exp_crit; | 49 | return np_net_ssl_read(buf, (int)len); |
46 | # define my_recv(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) | 50 | } |
47 | # define my_send(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0)) | ||
48 | #else | ||
49 | # define my_recv(buf, len) read(sd, buf, len) | ||
50 | # define my_send(buf, len) send(sd, buf, len, 0) | ||
51 | #endif | 51 | #endif |
52 | return read(socket_descriptor, buf, len); | ||
53 | } | ||
52 | 54 | ||
53 | /* int my_recv(char *, size_t); */ | 55 | ssize_t my_send(int socket_descriptor, char *buf, size_t len, bool use_tls) { |
54 | static int process_arguments(int /*argc*/, char ** /*argv*/); | 56 | #ifdef HAVE_SSL |
55 | static void print_help(void); | 57 | if (use_tls) { |
58 | return np_net_ssl_write(buf, (int)len); | ||
59 | } | ||
60 | #endif | ||
61 | return write(socket_descriptor, buf, len); | ||
62 | } | ||
63 | |||
64 | typedef struct { | ||
65 | int errorcode; | ||
66 | check_tcp_config config; | ||
67 | } check_tcp_config_wrapper; | ||
68 | static check_tcp_config_wrapper process_arguments(int /*argc*/, char ** /*argv*/, check_tcp_config /*config*/); | ||
69 | void print_help(const char *service); | ||
56 | void print_usage(void); | 70 | void print_usage(void); |
57 | 71 | ||
58 | #define EXPECT server_expect[0] | 72 | int verbosity = 0; |
59 | static char *SERVICE = "TCP"; | ||
60 | static char *SEND = NULL; | ||
61 | static char *QUIT = NULL; | ||
62 | static int PROTOCOL = IPPROTO_TCP; /* most common is default */ | ||
63 | static int PORT = 0; | ||
64 | static int READ_TIMEOUT = 2; | ||
65 | |||
66 | static int server_port = 0; | ||
67 | static char *server_address = NULL; | ||
68 | static bool host_specified = false; | ||
69 | static char *server_send = NULL; | ||
70 | static char *server_quit = NULL; | ||
71 | static char **server_expect; | ||
72 | static size_t server_expect_count = 0; | ||
73 | static ssize_t maxbytes = 0; | ||
74 | static char **warn_codes = NULL; | ||
75 | static size_t warn_codes_count = 0; | ||
76 | static char **crit_codes = NULL; | ||
77 | static size_t crit_codes_count = 0; | ||
78 | static unsigned int delay = 0; | ||
79 | static double warning_time = 0; | ||
80 | static double critical_time = 0; | ||
81 | static double elapsed_time = 0; | ||
82 | static long microsec; | ||
83 | static int sd = 0; | ||
84 | #define MAXBUF 1024 | ||
85 | static char buffer[MAXBUF]; | ||
86 | static int expect_mismatch_state = STATE_WARNING; | ||
87 | static int match_flags = NP_MATCH_EXACT; | ||
88 | 73 | ||
89 | #ifdef HAVE_SSL | 74 | static const int READ_TIMEOUT = 2; |
90 | static char *sni = NULL; | ||
91 | static bool sni_specified = false; | ||
92 | #endif | ||
93 | 75 | ||
94 | #define FLAG_SSL 0x01 | 76 | const int MAXBUF = 1024; |
95 | #define FLAG_VERBOSE 0x02 | 77 | |
96 | #define FLAG_TIME_WARN 0x04 | 78 | const int DEFAULT_FTP_PORT = 21; |
97 | #define FLAG_TIME_CRIT 0x08 | 79 | const int DEFAULT_POP_PORT = 110; |
98 | #define FLAG_HIDE_OUTPUT 0x10 | 80 | const int DEFAULT_SPOP_PORT = 995; |
99 | static size_t flags; | 81 | const int DEFAULT_SMTP_PORT = 25; |
82 | const int DEFAULT_SSMTP_PORT = 465; | ||
83 | const int DEFAULT_IMAP_PORT = 143; | ||
84 | const int DEFAULT_SIMAP_PORT = 993; | ||
85 | const int DEFAULT_XMPP_C2S_PORT = 5222; | ||
86 | const int DEFAULT_NNTP_PORT = 119; | ||
87 | const int DEFAULT_NNTPS_PORT = 563; | ||
88 | const int DEFAULT_CLAMD_PORT = 3310; | ||
100 | 89 | ||
101 | int main(int argc, char **argv) { | 90 | int main(int argc, char **argv) { |
102 | setlocale(LC_ALL, ""); | 91 | setlocale(LC_ALL, ""); |
@@ -105,277 +94,377 @@ int main(int argc, char **argv) { | |||
105 | 94 | ||
106 | /* determine program- and service-name quickly */ | 95 | /* determine program- and service-name quickly */ |
107 | progname = strrchr(argv[0], '/'); | 96 | progname = strrchr(argv[0], '/'); |
108 | if (progname != NULL) | 97 | if (progname != NULL) { |
109 | progname++; | 98 | progname++; |
110 | else | 99 | } else { |
111 | progname = argv[0]; | 100 | progname = argv[0]; |
101 | } | ||
102 | |||
103 | // Initialize config here with values from above, | ||
104 | // might be changed by on disk config or cli commands | ||
105 | check_tcp_config config = check_tcp_config_init(); | ||
112 | 106 | ||
113 | size_t prog_name_len = strlen(progname); | 107 | size_t prog_name_len = strlen(progname); |
114 | if (prog_name_len > 6 && !memcmp(progname, "check_", 6)) { | 108 | const size_t prefix_length = strlen("check_"); |
115 | SERVICE = strdup(progname + 6); | 109 | |
116 | for (size_t i = 0; i < prog_name_len - 6; i++) | 110 | if (prog_name_len <= prefix_length) { |
117 | SERVICE[i] = toupper(SERVICE[i]); | 111 | die(STATE_UNKNOWN, _("Weird progname")); |
112 | } | ||
113 | |||
114 | if (!memcmp(progname, "check_", prefix_length)) { | ||
115 | config.service = strdup(progname + prefix_length); | ||
116 | if (config.service == NULL) { | ||
117 | die(STATE_UNKNOWN, _("Allocation failed")); | ||
118 | } | ||
119 | |||
120 | for (size_t i = 0; i < prog_name_len - prefix_length; i++) { | ||
121 | config.service[i] = toupper(config.service[i]); | ||
122 | } | ||
118 | } | 123 | } |
119 | 124 | ||
120 | /* set up a reasonable buffer at first (will be realloc()'ed if | 125 | /* set up a reasonable buffer at first (will be realloc()'ed if |
121 | * user specifies other options) */ | 126 | * user specifies other options) */ |
122 | server_expect = calloc(2, sizeof(char *)); | 127 | config.server_expect = calloc(2, sizeof(char *)); |
128 | |||
129 | if (config.server_expect == NULL) { | ||
130 | die(STATE_UNKNOWN, _("Allocation failed")); | ||
131 | } | ||
123 | 132 | ||
124 | /* determine defaults for this service's protocol */ | 133 | /* determine defaults for this service's protocol */ |
125 | if (!strncmp(SERVICE, "UDP", 3)) { | 134 | if (!strncmp(config.service, "UDP", strlen("UDP"))) { |
126 | PROTOCOL = IPPROTO_UDP; | 135 | config.protocol = IPPROTO_UDP; |
127 | } else if (!strncmp(SERVICE, "FTP", 3)) { | 136 | } else if (!strncmp(config.service, "FTP", strlen("FTP"))) { |
128 | EXPECT = "220"; | 137 | config.server_expect[0] = "220"; |
129 | QUIT = "QUIT\r\n"; | 138 | config.quit = "QUIT\r\n"; |
130 | PORT = 21; | 139 | config.server_port = DEFAULT_FTP_PORT; |
131 | } else if (!strncmp(SERVICE, "POP", 3) || !strncmp(SERVICE, "POP3", 4)) { | 140 | } else if (!strncmp(config.service, "POP", strlen("POP")) || !strncmp(config.service, "POP3", strlen("POP3"))) { |
132 | EXPECT = "+OK"; | 141 | config.server_expect[0] = "+OK"; |
133 | QUIT = "QUIT\r\n"; | 142 | config.quit = "QUIT\r\n"; |
134 | PORT = 110; | 143 | config.server_port = DEFAULT_POP_PORT; |
135 | } else if (!strncmp(SERVICE, "SMTP", 4)) { | 144 | } else if (!strncmp(config.service, "SMTP", strlen("SMTP"))) { |
136 | EXPECT = "220"; | 145 | config.server_expect[0] = "220"; |
137 | QUIT = "QUIT\r\n"; | 146 | config.quit = "QUIT\r\n"; |
138 | PORT = 25; | 147 | config.server_port = DEFAULT_SMTP_PORT; |
139 | } else if (!strncmp(SERVICE, "IMAP", 4)) { | 148 | } else if (!strncmp(config.service, "IMAP", strlen("IMAP"))) { |
140 | EXPECT = "* OK"; | 149 | config.server_expect[0] = "* OK"; |
141 | QUIT = "a1 LOGOUT\r\n"; | 150 | config.quit = "a1 LOGOUT\r\n"; |
142 | PORT = 143; | 151 | config.server_port = DEFAULT_IMAP_PORT; |
143 | } | 152 | } |
144 | #ifdef HAVE_SSL | 153 | #ifdef HAVE_SSL |
145 | else if (!strncmp(SERVICE, "SIMAP", 5)) { | 154 | else if (!strncmp(config.service, "SIMAP", strlen("SIMAP"))) { |
146 | EXPECT = "* OK"; | 155 | config.server_expect[0] = "* OK"; |
147 | QUIT = "a1 LOGOUT\r\n"; | 156 | config.quit = "a1 LOGOUT\r\n"; |
148 | flags |= FLAG_SSL; | 157 | config.use_tls = true; |
149 | PORT = 993; | 158 | config.server_port = DEFAULT_SIMAP_PORT; |
150 | } else if (!strncmp(SERVICE, "SPOP", 4)) { | 159 | } else if (!strncmp(config.service, "SPOP", strlen("SPOP"))) { |
151 | EXPECT = "+OK"; | 160 | config.server_expect[0] = "+OK"; |
152 | QUIT = "QUIT\r\n"; | 161 | config.quit = "QUIT\r\n"; |
153 | flags |= FLAG_SSL; | 162 | config.use_tls = true; |
154 | PORT = 995; | 163 | config.server_port = DEFAULT_SPOP_PORT; |
155 | } else if (!strncmp(SERVICE, "SSMTP", 5)) { | 164 | } else if (!strncmp(config.service, "SSMTP", strlen("SSMTP"))) { |
156 | EXPECT = "220"; | 165 | config.server_expect[0] = "220"; |
157 | QUIT = "QUIT\r\n"; | 166 | config.quit = "QUIT\r\n"; |
158 | flags |= FLAG_SSL; | 167 | config.use_tls = true; |
159 | PORT = 465; | 168 | config.server_port = DEFAULT_SSMTP_PORT; |
160 | } else if (!strncmp(SERVICE, "JABBER", 6)) { | 169 | } else if (!strncmp(config.service, "JABBER", strlen("JABBER"))) { |
161 | SEND = "<stream:stream to=\'host\' xmlns=\'jabber:client\' xmlns:stream=\'http://etherx.jabber.org/streams\'>\n"; | 170 | config.send = "<stream:stream to=\'host\' xmlns=\'jabber:client\' xmlns:stream=\'http://etherx.jabber.org/streams\'>\n"; |
162 | EXPECT = "<?xml version=\'1.0\'"; | 171 | config.server_expect[0] = "<?xml version=\'1.0\'"; |
163 | QUIT = "</stream:stream>\n"; | 172 | config.quit = "</stream:stream>\n"; |
164 | flags |= FLAG_HIDE_OUTPUT; | 173 | config.hide_output = true; |
165 | PORT = 5222; | 174 | config.server_port = DEFAULT_XMPP_C2S_PORT; |
166 | } else if (!strncmp(SERVICE, "NNTPS", 5)) { | 175 | } else if (!strncmp(config.service, "NNTPS", strlen("NNTPS"))) { |
167 | server_expect_count = 2; | 176 | config.server_expect_count = 2; |
168 | server_expect[0] = "200"; | 177 | config.server_expect[0] = "200"; |
169 | server_expect[1] = "201"; | 178 | config.server_expect[1] = "201"; |
170 | QUIT = "QUIT\r\n"; | 179 | config.quit = "QUIT\r\n"; |
171 | flags |= FLAG_SSL; | 180 | config.use_tls = true; |
172 | PORT = 563; | 181 | config.server_port = DEFAULT_NNTPS_PORT; |
173 | } | 182 | } |
174 | #endif | 183 | #endif |
175 | else if (!strncmp(SERVICE, "NNTP", 4)) { | 184 | else if (!strncmp(config.service, "NNTP", strlen("NNTP"))) { |
176 | server_expect_count = 2; | 185 | config.server_expect_count = 2; |
177 | server_expect = malloc(sizeof(char *) * server_expect_count); | 186 | char **tmp = realloc(config.server_expect, config.server_expect_count * sizeof(char *)); |
178 | server_expect[0] = strdup("200"); | 187 | if (tmp == NULL) { |
179 | server_expect[1] = strdup("201"); | 188 | free(config.server_expect); |
180 | QUIT = "QUIT\r\n"; | 189 | die(STATE_UNKNOWN, _("Allocation failed")); |
181 | PORT = 119; | 190 | } |
182 | } else if (!strncmp(SERVICE, "CLAMD", 5)) { | 191 | config.server_expect = tmp; |
183 | SEND = "PING"; | 192 | |
184 | EXPECT = "PONG"; | 193 | config.server_expect[0] = strdup("200"); |
185 | QUIT = NULL; | 194 | config.server_expect[1] = strdup("201"); |
186 | PORT = 3310; | 195 | config.quit = "QUIT\r\n"; |
196 | config.server_port = DEFAULT_NNTP_PORT; | ||
197 | } else if (!strncmp(config.service, "CLAMD", strlen("CLAMD"))) { | ||
198 | config.send = "PING"; | ||
199 | config.server_expect[0] = "PONG"; | ||
200 | config.quit = NULL; | ||
201 | config.server_port = DEFAULT_CLAMD_PORT; | ||
187 | } | 202 | } |
188 | /* fallthrough check, so it's supposed to use reverse matching */ | 203 | /* fallthrough check, so it's supposed to use reverse matching */ |
189 | else if (strcmp(SERVICE, "TCP")) | 204 | else if (strcmp(config.service, "TCP")) { |
190 | usage(_("CRITICAL - Generic check_tcp called with unknown service\n")); | 205 | usage(_("CRITICAL - Generic check_tcp called with unknown service\n")); |
191 | 206 | } | |
192 | server_address = "127.0.0.1"; | ||
193 | server_port = PORT; | ||
194 | server_send = SEND; | ||
195 | server_quit = QUIT; | ||
196 | char *status = NULL; | ||
197 | 207 | ||
198 | /* Parse extra opts if any */ | 208 | /* Parse extra opts if any */ |
199 | argv = np_extra_opts(&argc, argv, progname); | 209 | argv = np_extra_opts(&argc, argv, progname); |
200 | 210 | ||
201 | if (process_arguments(argc, argv) == ERROR) | 211 | check_tcp_config_wrapper paw = process_arguments(argc, argv, config); |
212 | if (paw.errorcode == ERROR) { | ||
202 | usage4(_("Could not parse arguments")); | 213 | usage4(_("Could not parse arguments")); |
214 | } | ||
203 | 215 | ||
204 | if (flags & FLAG_VERBOSE) { | 216 | config = paw.config; |
205 | printf("Using service %s\n", SERVICE); | 217 | |
206 | printf("Port: %d\n", server_port); | 218 | if (verbosity > 0) { |
207 | printf("flags: 0x%x\n", (int)flags); | 219 | printf("Using service %s\n", config.service); |
220 | printf("Port: %d\n", config.server_port); | ||
208 | } | 221 | } |
209 | 222 | ||
210 | if (EXPECT && !server_expect_count) | 223 | if ((config.server_expect_count == 0) && config.server_expect[0]) { |
211 | server_expect_count++; | 224 | config.server_expect_count++; |
225 | } | ||
212 | 226 | ||
213 | if (PROTOCOL == IPPROTO_UDP && !(server_expect_count && server_send)) { | 227 | if (config.protocol == IPPROTO_UDP && !(config.server_expect_count && config.send)) { |
214 | usage(_("With UDP checks, a send/expect string must be specified.")); | 228 | usage(_("With UDP checks, a send/expect string must be specified.")); |
215 | } | 229 | } |
216 | 230 | ||
231 | // Initialize check stuff before setting timers | ||
232 | mp_check overall = mp_check_init(); | ||
233 | if (config.output_format_set) { | ||
234 | mp_set_format(config.output_format); | ||
235 | } | ||
236 | |||
217 | /* set up the timer */ | 237 | /* set up the timer */ |
218 | signal(SIGALRM, socket_timeout_alarm_handler); | 238 | signal(SIGALRM, socket_timeout_alarm_handler); |
219 | alarm(socket_timeout); | 239 | alarm(socket_timeout); |
220 | 240 | ||
221 | /* try to connect to the host at the given port number */ | 241 | /* try to connect to the host at the given port number */ |
222 | struct timeval tv; | 242 | struct timeval start_time; |
223 | gettimeofday(&tv, NULL); | 243 | gettimeofday(&start_time, NULL); |
224 | 244 | ||
225 | int result = STATE_UNKNOWN; | 245 | int socket_descriptor = 0; |
226 | result = np_net_connect(server_address, server_port, &sd, PROTOCOL); | 246 | mp_subcheck inital_connect_result = mp_subcheck_init(); |
227 | if (result == STATE_CRITICAL) | 247 | |
228 | return econn_refuse_state; | 248 | // Try initial connection |
249 | if (np_net_connect(config.server_address, config.server_port, &socket_descriptor, config.protocol) == STATE_CRITICAL) { | ||
250 | // Early exit here, we got connection refused | ||
251 | inital_connect_result = mp_set_subcheck_state(inital_connect_result, config.econn_refuse_state); | ||
252 | xasprintf(&inital_connect_result.output, "Connection to %s on port %i was REFUSED", config.server_address, config.server_port); | ||
253 | mp_add_subcheck_to_check(&overall, inital_connect_result); | ||
254 | mp_exit(overall); | ||
255 | } else { | ||
256 | inital_connect_result = mp_set_subcheck_state(inital_connect_result, STATE_OK); | ||
257 | xasprintf(&inital_connect_result.output, "Connection to %s on port %i was a SUCCESS", config.server_address, config.server_port); | ||
258 | mp_add_subcheck_to_check(&overall, inital_connect_result); | ||
259 | } | ||
229 | 260 | ||
230 | #ifdef HAVE_SSL | 261 | #ifdef HAVE_SSL |
231 | if (flags & FLAG_SSL) { | 262 | if (config.use_tls) { |
232 | result = np_net_ssl_init_with_hostname(sd, (sni_specified ? sni : NULL)); | 263 | mp_subcheck tls_connection_result = mp_subcheck_init(); |
233 | if (result == STATE_OK && check_cert) { | 264 | mp_state_enum result = np_net_ssl_init_with_hostname(socket_descriptor, (config.sni_specified ? config.sni : NULL)); |
234 | result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); | 265 | tls_connection_result = mp_set_subcheck_default_state(tls_connection_result, result); |
266 | |||
267 | if (result == STATE_OK) { | ||
268 | xasprintf(&tls_connection_result.output, "TLS connection succeeded"); | ||
269 | |||
270 | if (config.check_cert) { | ||
271 | result = np_net_ssl_check_cert(config.days_till_exp_warn, config.days_till_exp_crit); | ||
272 | |||
273 | mp_subcheck tls_certificate_lifetime_result = mp_subcheck_init(); | ||
274 | tls_certificate_lifetime_result = mp_set_subcheck_state(tls_certificate_lifetime_result, result); | ||
275 | |||
276 | if (result == STATE_OK) { | ||
277 | xasprintf(&tls_certificate_lifetime_result.output, "Certificate lifetime is within thresholds"); | ||
278 | } else if (result == STATE_WARNING) { | ||
279 | xasprintf(&tls_certificate_lifetime_result.output, "Certificate lifetime is violating warning threshold (%i)", | ||
280 | config.days_till_exp_warn); | ||
281 | } else if (result == STATE_CRITICAL) { | ||
282 | xasprintf(&tls_certificate_lifetime_result.output, "Certificate lifetime is violating critical threshold (%i)", | ||
283 | config.days_till_exp_crit); | ||
284 | } else { | ||
285 | xasprintf(&tls_certificate_lifetime_result.output, "Certificate lifetime is somehow unknown"); | ||
286 | } | ||
287 | |||
288 | mp_add_subcheck_to_subcheck(&tls_connection_result, tls_certificate_lifetime_result); | ||
289 | } | ||
290 | |||
291 | mp_add_subcheck_to_check(&overall, tls_connection_result); | ||
292 | } else { | ||
293 | xasprintf(&tls_connection_result.output, "TLS connection failed"); | ||
294 | mp_add_subcheck_to_check(&overall, tls_connection_result); | ||
295 | |||
296 | if (socket_descriptor) { | ||
297 | close(socket_descriptor); | ||
298 | } | ||
299 | np_net_ssl_cleanup(); | ||
300 | |||
301 | mp_exit(overall); | ||
235 | } | 302 | } |
236 | } | 303 | } |
237 | if (result != STATE_OK) { | ||
238 | if (sd) | ||
239 | close(sd); | ||
240 | np_net_ssl_cleanup(); | ||
241 | return result; | ||
242 | } | ||
243 | #endif /* HAVE_SSL */ | 304 | #endif /* HAVE_SSL */ |
244 | 305 | ||
245 | if (server_send != NULL) { /* Something to send? */ | 306 | if (config.send != NULL) { /* Something to send? */ |
246 | my_send(server_send, strlen(server_send)); | 307 | my_send(socket_descriptor, config.send, strlen(config.send), config.use_tls); |
247 | } | 308 | } |
248 | 309 | ||
249 | if (delay > 0) { | 310 | if (config.delay > 0) { |
250 | tv.tv_sec += delay; | 311 | start_time.tv_sec += config.delay; |
251 | sleep(delay); | 312 | sleep(config.delay); |
252 | } | 313 | } |
253 | 314 | ||
254 | if (flags & FLAG_VERBOSE) { | 315 | if (verbosity > 0) { |
255 | if (server_send) { | 316 | if (config.send) { |
256 | printf("Send string: %s\n", server_send); | 317 | printf("Send string: %s\n", config.send); |
318 | } | ||
319 | if (config.quit) { | ||
320 | printf("Quit string: %s\n", config.quit); | ||
257 | } | 321 | } |
258 | if (server_quit) { | 322 | printf("server_expect_count: %d\n", (int)config.server_expect_count); |
259 | printf("Quit string: %s\n", server_quit); | 323 | for (size_t i = 0; i < config.server_expect_count; i++) { |
324 | printf("\t%zd: %s\n", i, config.server_expect[i]); | ||
260 | } | 325 | } |
261 | printf("server_expect_count: %d\n", (int)server_expect_count); | ||
262 | for (size_t i = 0; i < server_expect_count; i++) | ||
263 | printf("\t%zd: %s\n", i, server_expect[i]); | ||
264 | } | 326 | } |
265 | 327 | ||
266 | /* if(len) later on, we know we have a non-NULL response */ | 328 | /* if(len) later on, we know we have a non-NULL response */ |
267 | ssize_t len = 0; | 329 | ssize_t len = 0; |
330 | char *received_buffer = NULL; | ||
331 | enum np_match_result match = NP_MATCH_NONE; | ||
332 | mp_subcheck expected_data_result = mp_subcheck_init(); | ||
268 | 333 | ||
269 | int match = -1; | 334 | if (config.server_expect_count) { |
270 | struct timeval timeout; | ||
271 | fd_set rfds; | ||
272 | FD_ZERO(&rfds); | ||
273 | if (server_expect_count) { | ||
274 | ssize_t received = 0; | 335 | ssize_t received = 0; |
336 | char buffer[MAXBUF]; | ||
275 | 337 | ||
276 | /* watch for the expect string */ | 338 | /* watch for the expect string */ |
277 | while ((received = my_recv(buffer, sizeof(buffer))) > 0) { | 339 | while ((received = my_recv(socket_descriptor, buffer, sizeof(buffer), config.use_tls)) > 0) { |
278 | status = realloc(status, len + received + 1); | 340 | received_buffer = realloc(received_buffer, len + received + 1); |
279 | memcpy(&status[len], buffer, received); | 341 | |
342 | if (received_buffer == NULL) { | ||
343 | die(STATE_UNKNOWN, _("Allocation failed")); | ||
344 | } | ||
345 | |||
346 | memcpy(&received_buffer[len], buffer, received); | ||
280 | len += received; | 347 | len += received; |
281 | status[len] = '\0'; | 348 | received_buffer[len] = '\0'; |
282 | 349 | ||
283 | /* stop reading if user-forced */ | 350 | /* stop reading if user-forced */ |
284 | if (maxbytes && len >= maxbytes) | 351 | if (config.maxbytes && len >= config.maxbytes) { |
285 | break; | 352 | break; |
353 | } | ||
286 | 354 | ||
287 | if ((match = np_expect_match(status, server_expect, server_expect_count, match_flags)) != NP_MATCH_RETRY) | 355 | if ((match = np_expect_match(received_buffer, config.server_expect, config.server_expect_count, config.match_flags)) != |
356 | NP_MATCH_RETRY) { | ||
288 | break; | 357 | break; |
358 | } | ||
359 | |||
360 | fd_set rfds; | ||
361 | FD_ZERO(&rfds); | ||
362 | FD_SET(socket_descriptor, &rfds); | ||
289 | 363 | ||
290 | /* some protocols wait for further input, so make sure we don't wait forever */ | 364 | /* some protocols wait for further input, so make sure we don't wait forever */ |
291 | FD_SET(sd, &rfds); | 365 | struct timeval timeout; |
292 | timeout.tv_sec = READ_TIMEOUT; | 366 | timeout.tv_sec = READ_TIMEOUT; |
293 | timeout.tv_usec = 0; | 367 | timeout.tv_usec = 0; |
294 | if (select(sd + 1, &rfds, NULL, NULL, &timeout) <= 0) | 368 | |
369 | if (select(socket_descriptor + 1, &rfds, NULL, NULL, &timeout) <= 0) { | ||
295 | break; | 370 | break; |
371 | } | ||
296 | } | 372 | } |
297 | 373 | ||
298 | if (match == NP_MATCH_RETRY) | 374 | if (match == NP_MATCH_RETRY) { |
299 | match = NP_MATCH_FAILURE; | 375 | match = NP_MATCH_FAILURE; |
376 | } | ||
300 | 377 | ||
301 | /* no data when expected, so return critical */ | 378 | /* no data when expected, so return critical */ |
302 | if (len == 0) | 379 | if (len == 0) { |
303 | die(STATE_CRITICAL, _("No data received from host\n")); | 380 | xasprintf(&expected_data_result.output, "Received no data when some was expected"); |
381 | expected_data_result = mp_set_subcheck_state(expected_data_result, STATE_CRITICAL); | ||
382 | mp_add_subcheck_to_check(&overall, expected_data_result); | ||
383 | mp_exit(overall); | ||
384 | } | ||
304 | 385 | ||
305 | /* print raw output if we're debugging */ | 386 | /* print raw output if we're debugging */ |
306 | if (flags & FLAG_VERBOSE) | 387 | if (verbosity > 0) { |
307 | printf("received %d bytes from host\n#-raw-recv-------#\n%s\n#-raw-recv-------#\n", (int)len + 1, status); | 388 | printf("received %d bytes from host\n#-raw-recv-------#\n%s\n#-raw-recv-------#\n", (int)len + 1, received_buffer); |
389 | } | ||
308 | /* strip whitespace from end of output */ | 390 | /* strip whitespace from end of output */ |
309 | while (--len > 0 && isspace(status[len])) | 391 | while (--len > 0 && isspace(received_buffer[len])) { |
310 | status[len] = '\0'; | 392 | received_buffer[len] = '\0'; |
393 | } | ||
311 | } | 394 | } |
312 | 395 | ||
313 | if (server_quit != NULL) { | 396 | if (config.quit != NULL) { |
314 | my_send(server_quit, strlen(server_quit)); | 397 | my_send(socket_descriptor, config.quit, strlen(config.quit), config.use_tls); |
398 | } | ||
399 | |||
400 | if (socket_descriptor) { | ||
401 | close(socket_descriptor); | ||
315 | } | 402 | } |
316 | if (sd) | ||
317 | close(sd); | ||
318 | #ifdef HAVE_SSL | 403 | #ifdef HAVE_SSL |
319 | np_net_ssl_cleanup(); | 404 | np_net_ssl_cleanup(); |
320 | #endif | 405 | #endif |
321 | 406 | ||
322 | microsec = deltime(tv); | 407 | long microsec = deltime(start_time); |
323 | elapsed_time = (double)microsec / 1.0e6; | 408 | double elapsed_time = (double)microsec / 1.0e6; |
324 | 409 | ||
325 | if (flags & FLAG_TIME_CRIT && elapsed_time > critical_time) | 410 | mp_subcheck elapsed_time_result = mp_subcheck_init(); |
326 | result = STATE_CRITICAL; | ||
327 | else if (flags & FLAG_TIME_WARN && elapsed_time > warning_time) | ||
328 | result = STATE_WARNING; | ||
329 | 411 | ||
330 | /* did we get the response we hoped? */ | 412 | mp_perfdata time_pd = perfdata_init(); |
331 | if (match == NP_MATCH_FAILURE && result != STATE_CRITICAL) | 413 | time_pd = mp_set_pd_value(time_pd, elapsed_time); |
332 | result = expect_mismatch_state; | 414 | time_pd.label = "time"; |
415 | time_pd.uom = "s"; | ||
333 | 416 | ||
334 | /* reset the alarm */ | 417 | if (config.critical_time_set && elapsed_time > config.critical_time) { |
335 | alarm(0); | 418 | xasprintf(&elapsed_time_result.output, "Connection time %fs exceeded critical threshold (%f)", elapsed_time, config.critical_time); |
419 | |||
420 | elapsed_time_result = mp_set_subcheck_state(elapsed_time_result, STATE_CRITICAL); | ||
421 | time_pd.crit_present = true; | ||
422 | mp_range crit_val = mp_range_init(); | ||
423 | |||
424 | crit_val.end = mp_create_pd_value(config.critical_time); | ||
425 | crit_val.end_infinity = false; | ||
336 | 426 | ||
337 | /* this is a bit stupid, because we don't want to print the | 427 | time_pd.crit = crit_val; |
338 | * response time (which can look ok to the user) if we didn't get | 428 | } else if (config.warning_time_set && elapsed_time > config.warning_time) { |
339 | * the response we were looking for. if-else */ | 429 | xasprintf(&elapsed_time_result.output, "Connection time %fs exceeded warning threshold (%f)", elapsed_time, config.critical_time); |
340 | printf("%s %s - ", SERVICE, state_text(result)); | 430 | |
341 | 431 | elapsed_time_result = mp_set_subcheck_state(elapsed_time_result, STATE_WARNING); | |
342 | if (match == NP_MATCH_FAILURE && len && !(flags & FLAG_HIDE_OUTPUT)) | 432 | time_pd.warn_present = true; |
343 | printf("Unexpected response from host/socket: %s", status); | 433 | mp_range warn_val = mp_range_init(); |
344 | else { | 434 | warn_val.end = mp_create_pd_value(config.critical_time); |
345 | if (match == NP_MATCH_FAILURE) | 435 | warn_val.end_infinity = false; |
346 | printf("Unexpected response from host/socket on "); | 436 | |
347 | else | 437 | time_pd.warn = warn_val; |
348 | printf("%.3f second response time on ", elapsed_time); | 438 | } else { |
349 | if (server_address[0] != '/') { | 439 | elapsed_time_result = mp_set_subcheck_state(elapsed_time_result, STATE_OK); |
350 | if (host_specified) | 440 | xasprintf(&elapsed_time_result.output, "Connection time %fs is within thresholds", elapsed_time); |
351 | printf("%s port %d", server_address, server_port); | ||
352 | else | ||
353 | printf("port %d", server_port); | ||
354 | } else | ||
355 | printf("socket %s", server_address); | ||
356 | } | 441 | } |
357 | 442 | ||
358 | if (match != NP_MATCH_FAILURE && !(flags & FLAG_HIDE_OUTPUT) && len) | 443 | mp_add_perfdata_to_subcheck(&elapsed_time_result, time_pd); |
359 | printf(" [%s]", status); | 444 | mp_add_subcheck_to_check(&overall, elapsed_time_result); |
360 | 445 | ||
361 | /* perf-data doesn't apply when server doesn't talk properly, | 446 | /* did we get the response we hoped? */ |
362 | * so print all zeroes on warn and crit. Use fperfdata since | 447 | if (match == NP_MATCH_FAILURE) { |
363 | * localisation settings can make different outputs */ | 448 | expected_data_result = mp_set_subcheck_state(expected_data_result, config.expect_mismatch_state); |
364 | if (match == NP_MATCH_FAILURE) | 449 | xasprintf(&expected_data_result.output, "Answer failed to match expectation"); |
365 | printf("|%s", fperfdata("time", elapsed_time, "s", (flags & FLAG_TIME_WARN ? true : false), 0, | 450 | mp_add_subcheck_to_check(&overall, expected_data_result); |
366 | (flags & FLAG_TIME_CRIT ? true : false), 0, true, 0, true, socket_timeout)); | 451 | } else if (match == NP_MATCH_SUCCESS) { |
367 | else | 452 | expected_data_result = mp_set_subcheck_state(expected_data_result, STATE_OK); |
368 | printf("|%s", fperfdata("time", elapsed_time, "s", (flags & FLAG_TIME_WARN ? true : false), warning_time, | 453 | xasprintf(&expected_data_result.output, "The answer of the server matched the expectation"); |
369 | (flags & FLAG_TIME_CRIT ? true : false), critical_time, true, 0, true, socket_timeout)); | 454 | mp_add_subcheck_to_check(&overall, expected_data_result); |
455 | } | ||
370 | 456 | ||
371 | putchar('\n'); | 457 | /* reset the alarm */ |
372 | return result; | 458 | alarm(0); |
459 | |||
460 | mp_exit(overall); | ||
373 | } | 461 | } |
374 | 462 | ||
375 | /* process command-line arguments */ | 463 | /* process command-line arguments */ |
376 | static int process_arguments(int argc, char **argv) { | 464 | static check_tcp_config_wrapper process_arguments(int argc, char **argv, check_tcp_config config) { |
377 | enum { | 465 | enum { |
378 | SNI_OPTION = CHAR_MAX + 1 | 466 | SNI_OPTION = CHAR_MAX + 1, |
467 | output_format_index, | ||
379 | }; | 468 | }; |
380 | 469 | ||
381 | static struct option longopts[] = {{"hostname", required_argument, 0, 'H'}, | 470 | static struct option longopts[] = {{"hostname", required_argument, 0, 'H'}, |
@@ -404,54 +493,58 @@ static int process_arguments(int argc, char **argv) { | |||
404 | {"ssl", no_argument, 0, 'S'}, | 493 | {"ssl", no_argument, 0, 'S'}, |
405 | {"sni", required_argument, 0, SNI_OPTION}, | 494 | {"sni", required_argument, 0, SNI_OPTION}, |
406 | {"certificate", required_argument, 0, 'D'}, | 495 | {"certificate", required_argument, 0, 'D'}, |
496 | {"output-format", required_argument, 0, output_format_index}, | ||
407 | {0, 0, 0, 0}}; | 497 | {0, 0, 0, 0}}; |
408 | 498 | ||
409 | if (argc < 2) | 499 | if (argc < 2) { |
410 | usage4(_("No arguments found")); | 500 | usage4(_("No arguments found")); |
501 | } | ||
411 | 502 | ||
412 | /* backwards compatibility */ | 503 | /* backwards compatibility */ |
413 | for (int i = 1; i < argc; i++) { | 504 | for (int i = 1; i < argc; i++) { |
414 | if (strcmp("-to", argv[i]) == 0) | 505 | if (strcmp("-to", argv[i]) == 0) { |
415 | strcpy(argv[i], "-t"); | 506 | strcpy(argv[i], "-t"); |
416 | else if (strcmp("-wt", argv[i]) == 0) | 507 | } else if (strcmp("-wt", argv[i]) == 0) { |
417 | strcpy(argv[i], "-w"); | 508 | strcpy(argv[i], "-w"); |
418 | else if (strcmp("-ct", argv[i]) == 0) | 509 | } else if (strcmp("-ct", argv[i]) == 0) { |
419 | strcpy(argv[i], "-c"); | 510 | strcpy(argv[i], "-c"); |
511 | } | ||
420 | } | 512 | } |
421 | 513 | ||
422 | if (!is_option(argv[1])) { | 514 | if (!is_option(argv[1])) { |
423 | server_address = argv[1]; | 515 | config.server_address = argv[1]; |
424 | argv[1] = argv[0]; | 516 | argv[1] = argv[0]; |
425 | argv = &argv[1]; | 517 | argv = &argv[1]; |
426 | argc--; | 518 | argc--; |
427 | } | 519 | } |
428 | 520 | ||
429 | int option_char; | ||
430 | bool escape = false; | 521 | bool escape = false; |
522 | |||
431 | while (true) { | 523 | while (true) { |
432 | int option = 0; | 524 | int option = 0; |
433 | option_char = getopt_long(argc, argv, "+hVv46EAH:s:e:q:m:c:w:t:p:C:W:d:Sr:jD:M:", longopts, &option); | 525 | int option_index = getopt_long(argc, argv, "+hVv46EAH:s:e:q:m:c:w:t:p:C:W:d:Sr:jD:M:", longopts, &option); |
434 | 526 | ||
435 | if (option_char == -1 || option_char == EOF || option_char == 1) | 527 | if (option_index == -1 || option_index == EOF || option_index == 1) { |
436 | break; | 528 | break; |
529 | } | ||
437 | 530 | ||
438 | switch (option_char) { | 531 | switch (option_index) { |
439 | case '?': /* print short usage statement if args not parsable */ | 532 | case '?': /* print short usage statement if args not parsable */ |
440 | usage5(); | 533 | usage5(); |
441 | case 'h': /* help */ | 534 | case 'h': /* help */ |
442 | print_help(); | 535 | print_help(config.service); |
443 | exit(STATE_UNKNOWN); | 536 | exit(STATE_UNKNOWN); |
444 | case 'V': /* version */ | 537 | case 'V': /* version */ |
445 | print_revision(progname, NP_VERSION); | 538 | print_revision(progname, NP_VERSION); |
446 | exit(STATE_UNKNOWN); | 539 | exit(STATE_UNKNOWN); |
447 | case 'v': /* verbose mode */ | 540 | case 'v': /* verbose mode */ |
448 | flags |= FLAG_VERBOSE; | 541 | verbosity++; |
449 | match_flags |= NP_MATCH_VERBOSE; | 542 | config.match_flags |= NP_MATCH_VERBOSE; |
450 | break; | 543 | break; |
451 | case '4': | 544 | case '4': // Apparently unused TODO |
452 | address_family = AF_INET; | 545 | address_family = AF_INET; |
453 | break; | 546 | break; |
454 | case '6': | 547 | case '6': // Apparently unused TODO |
455 | #ifdef USE_IPV6 | 548 | #ifdef USE_IPV6 |
456 | address_family = AF_INET6; | 549 | address_family = AF_INET6; |
457 | #else | 550 | #else |
@@ -459,163 +552,190 @@ static int process_arguments(int argc, char **argv) { | |||
459 | #endif | 552 | #endif |
460 | break; | 553 | break; |
461 | case 'H': /* hostname */ | 554 | case 'H': /* hostname */ |
462 | host_specified = true; | 555 | config.host_specified = true; |
463 | server_address = optarg; | 556 | config.server_address = optarg; |
464 | break; | 557 | break; |
465 | case 'c': /* critical */ | 558 | case 'c': /* critical */ |
466 | critical_time = strtod(optarg, NULL); | 559 | config.critical_time = strtod(optarg, NULL); |
467 | flags |= FLAG_TIME_CRIT; | 560 | config.critical_time_set = true; |
468 | break; | 561 | break; |
469 | case 'j': /* hide output */ | 562 | case 'j': /* hide output */ |
470 | flags |= FLAG_HIDE_OUTPUT; | 563 | config.hide_output = true; |
471 | break; | 564 | break; |
472 | case 'w': /* warning */ | 565 | case 'w': /* warning */ |
473 | warning_time = strtod(optarg, NULL); | 566 | config.warning_time = strtod(optarg, NULL); |
474 | flags |= FLAG_TIME_WARN; | 567 | config.warning_time_set = true; |
475 | break; | ||
476 | case 'C': | ||
477 | crit_codes = realloc(crit_codes, ++crit_codes_count); | ||
478 | crit_codes[crit_codes_count - 1] = optarg; | ||
479 | break; | ||
480 | case 'W': | ||
481 | warn_codes = realloc(warn_codes, ++warn_codes_count); | ||
482 | warn_codes[warn_codes_count - 1] = optarg; | ||
483 | break; | 568 | break; |
484 | case 't': /* timeout */ | 569 | case 't': /* timeout */ |
485 | if (!is_intpos(optarg)) | 570 | if (!is_intpos(optarg)) { |
486 | usage4(_("Timeout interval must be a positive integer")); | 571 | usage4(_("Timeout interval must be a positive integer")); |
487 | else | 572 | } else { |
488 | socket_timeout = atoi(optarg); | 573 | socket_timeout = atoi(optarg); |
574 | } | ||
489 | break; | 575 | break; |
490 | case 'p': /* port */ | 576 | case 'p': /* port */ |
491 | if (!is_intpos(optarg)) | 577 | if (!is_intpos(optarg)) { |
492 | usage4(_("Port must be a positive integer")); | 578 | usage4(_("Port must be a positive integer")); |
493 | else | 579 | } else { |
494 | server_port = atoi(optarg); | 580 | config.server_port = atoi(optarg); |
581 | } | ||
495 | break; | 582 | break; |
496 | case 'E': | 583 | case 'E': |
497 | escape = true; | 584 | escape = true; |
498 | break; | 585 | break; |
499 | case 's': | 586 | case 's': |
500 | if (escape) | 587 | if (escape) { |
501 | server_send = np_escaped_string(optarg); | 588 | config.send = np_escaped_string(optarg); |
502 | else | 589 | } else { |
503 | xasprintf(&server_send, "%s", optarg); | 590 | xasprintf(&config.send, "%s", optarg); |
591 | } | ||
504 | break; | 592 | break; |
505 | case 'e': /* expect string (may be repeated) */ | 593 | case 'e': /* expect string (may be repeated) */ |
506 | match_flags &= ~NP_MATCH_EXACT; | 594 | config.match_flags &= ~NP_MATCH_EXACT; |
507 | if (server_expect_count == 0) | 595 | if (config.server_expect_count == 0) { |
508 | server_expect = malloc(sizeof(char *) * (++server_expect_count)); | 596 | config.server_expect = malloc(sizeof(char *) * (++config.server_expect_count)); |
509 | else | 597 | } else { |
510 | server_expect = realloc(server_expect, sizeof(char *) * (++server_expect_count)); | 598 | config.server_expect = realloc(config.server_expect, sizeof(char *) * (++config.server_expect_count)); |
511 | server_expect[server_expect_count - 1] = optarg; | 599 | } |
600 | |||
601 | if (config.server_expect == NULL) { | ||
602 | die(STATE_UNKNOWN, _("Allocation failed")); | ||
603 | } | ||
604 | config.server_expect[config.server_expect_count - 1] = optarg; | ||
512 | break; | 605 | break; |
513 | case 'm': | 606 | case 'm': |
514 | if (!is_intpos(optarg)) | 607 | if (!is_intpos(optarg)) { |
515 | usage4(_("Maxbytes must be a positive integer")); | 608 | usage4(_("Maxbytes must be a positive integer")); |
516 | else | 609 | } else { |
517 | maxbytes = strtol(optarg, NULL, 0); | 610 | config.maxbytes = strtol(optarg, NULL, 0); |
611 | } | ||
518 | break; | 612 | break; |
519 | case 'q': | 613 | case 'q': |
520 | if (escape) | 614 | if (escape) { |
521 | server_quit = np_escaped_string(optarg); | 615 | config.quit = np_escaped_string(optarg); |
522 | else | 616 | } else { |
523 | xasprintf(&server_quit, "%s\r\n", optarg); | 617 | xasprintf(&config.quit, "%s\r\n", optarg); |
618 | } | ||
524 | break; | 619 | break; |
525 | case 'r': | 620 | case 'r': |
526 | if (!strncmp(optarg, "ok", 2)) | 621 | if (!strncmp(optarg, "ok", 2)) { |
527 | econn_refuse_state = STATE_OK; | 622 | config.econn_refuse_state = STATE_OK; |
528 | else if (!strncmp(optarg, "warn", 4)) | 623 | } else if (!strncmp(optarg, "warn", 4)) { |
529 | econn_refuse_state = STATE_WARNING; | 624 | config.econn_refuse_state = STATE_WARNING; |
530 | else if (!strncmp(optarg, "crit", 4)) | 625 | } else if (!strncmp(optarg, "crit", 4)) { |
531 | econn_refuse_state = STATE_CRITICAL; | 626 | config.econn_refuse_state = STATE_CRITICAL; |
532 | else | 627 | } else { |
533 | usage4(_("Refuse must be one of ok, warn, crit")); | 628 | usage4(_("Refuse must be one of ok, warn, crit")); |
629 | } | ||
534 | break; | 630 | break; |
535 | case 'M': | 631 | case 'M': |
536 | if (!strncmp(optarg, "ok", 2)) | 632 | if (!strncmp(optarg, "ok", 2)) { |
537 | expect_mismatch_state = STATE_OK; | 633 | config.expect_mismatch_state = STATE_OK; |
538 | else if (!strncmp(optarg, "warn", 4)) | 634 | } else if (!strncmp(optarg, "warn", 4)) { |
539 | expect_mismatch_state = STATE_WARNING; | 635 | config.expect_mismatch_state = STATE_WARNING; |
540 | else if (!strncmp(optarg, "crit", 4)) | 636 | } else if (!strncmp(optarg, "crit", 4)) { |
541 | expect_mismatch_state = STATE_CRITICAL; | 637 | config.expect_mismatch_state = STATE_CRITICAL; |
542 | else | 638 | } else { |
543 | usage4(_("Mismatch must be one of ok, warn, crit")); | 639 | usage4(_("Mismatch must be one of ok, warn, crit")); |
640 | } | ||
544 | break; | 641 | break; |
545 | case 'd': | 642 | case 'd': |
546 | if (is_intpos(optarg)) | 643 | if (is_intpos(optarg)) { |
547 | delay = atoi(optarg); | 644 | config.delay = atoi(optarg); |
548 | else | 645 | } else { |
549 | usage4(_("Delay must be a positive integer")); | 646 | usage4(_("Delay must be a positive integer")); |
647 | } | ||
550 | break; | 648 | break; |
551 | case 'D': { /* Check SSL cert validity - days 'til certificate expiration */ | 649 | case 'D': /* Check SSL cert validity - days 'til certificate expiration */ |
552 | #ifdef HAVE_SSL | 650 | #ifdef HAVE_SSL |
553 | # ifdef USE_OPENSSL /* XXX */ | 651 | # ifdef USE_OPENSSL /* XXX */ |
652 | { | ||
554 | char *temp; | 653 | char *temp; |
555 | if ((temp = strchr(optarg, ',')) != NULL) { | 654 | if ((temp = strchr(optarg, ',')) != NULL) { |
556 | *temp = '\0'; | 655 | *temp = '\0'; |
557 | if (!is_intnonneg(optarg)) | 656 | if (!is_intnonneg(optarg)) { |
558 | usage2(_("Invalid certificate expiration period"), optarg); | 657 | usage2(_("Invalid certificate expiration period"), optarg); |
559 | days_till_exp_warn = atoi(optarg); | 658 | } |
659 | config.days_till_exp_warn = atoi(optarg); | ||
560 | *temp = ','; | 660 | *temp = ','; |
561 | temp++; | 661 | temp++; |
562 | if (!is_intnonneg(temp)) | 662 | if (!is_intnonneg(temp)) { |
563 | usage2(_("Invalid certificate expiration period"), temp); | 663 | usage2(_("Invalid certificate expiration period"), temp); |
564 | days_till_exp_crit = atoi(temp); | 664 | } |
665 | config.days_till_exp_crit = atoi(temp); | ||
565 | } else { | 666 | } else { |
566 | days_till_exp_crit = 0; | 667 | config.days_till_exp_crit = 0; |
567 | if (!is_intnonneg(optarg)) | 668 | if (!is_intnonneg(optarg)) { |
568 | usage2(_("Invalid certificate expiration period"), optarg); | 669 | usage2(_("Invalid certificate expiration period"), optarg); |
569 | days_till_exp_warn = atoi(optarg); | 670 | } |
671 | config.days_till_exp_warn = atoi(optarg); | ||
570 | } | 672 | } |
571 | check_cert = true; | 673 | config.check_cert = true; |
572 | flags |= FLAG_SSL; | 674 | config.use_tls = true; |
573 | } break; | 675 | } break; |
574 | # endif /* USE_OPENSSL */ | 676 | # endif /* USE_OPENSSL */ |
575 | #endif | 677 | #endif |
576 | /* fallthrough if we don't have ssl */ | 678 | /* fallthrough if we don't have ssl */ |
577 | case 'S': | 679 | case 'S': |
578 | #ifdef HAVE_SSL | 680 | #ifdef HAVE_SSL |
579 | flags |= FLAG_SSL; | 681 | config.use_tls = true; |
580 | #else | 682 | #else |
581 | die(STATE_UNKNOWN, _("Invalid option - SSL is not available")); | 683 | die(STATE_UNKNOWN, _("Invalid option - SSL is not available")); |
582 | #endif | 684 | #endif |
583 | break; | 685 | break; |
584 | case SNI_OPTION: | 686 | case SNI_OPTION: |
585 | #ifdef HAVE_SSL | 687 | #ifdef HAVE_SSL |
586 | flags |= FLAG_SSL; | 688 | config.use_tls = true; |
587 | sni_specified = true; | 689 | config.sni_specified = true; |
588 | sni = optarg; | 690 | config.sni = optarg; |
589 | #else | 691 | #else |
590 | die(STATE_UNKNOWN, _("Invalid option - SSL is not available")); | 692 | die(STATE_UNKNOWN, _("Invalid option - SSL is not available")); |
591 | #endif | 693 | #endif |
592 | break; | 694 | break; |
593 | case 'A': | 695 | case 'A': |
594 | match_flags |= NP_MATCH_ALL; | 696 | config.match_flags |= NP_MATCH_ALL; |
697 | break; | ||
698 | case output_format_index: { | ||
699 | parsed_output_format parser = mp_parse_output_format(optarg); | ||
700 | if (!parser.parsing_success) { | ||
701 | // TODO List all available formats here, maybe add anothoer usage function | ||
702 | printf("Invalid output format: %s\n", optarg); | ||
703 | exit(STATE_UNKNOWN); | ||
704 | } | ||
705 | |||
706 | config.output_format_set = true; | ||
707 | config.output_format = parser.output_format; | ||
595 | break; | 708 | break; |
596 | } | 709 | } |
710 | } | ||
597 | } | 711 | } |
598 | 712 | ||
599 | option_char = optind; | 713 | int index = optind; |
600 | if (!host_specified && option_char < argc) | 714 | if (!config.host_specified && index < argc) { |
601 | server_address = strdup(argv[option_char++]); | 715 | config.server_address = strdup(argv[index++]); |
716 | } | ||
602 | 717 | ||
603 | if (server_address == NULL) | 718 | if (config.server_address == NULL) { |
604 | usage4(_("You must provide a server address")); | 719 | usage4(_("You must provide a server address")); |
605 | else if (server_address[0] != '/' && !is_host(server_address)) | 720 | } else if (config.server_address[0] != '/' && !is_host(config.server_address)) { |
606 | die(STATE_CRITICAL, "%s %s - %s: %s\n", SERVICE, state_text(STATE_CRITICAL), _("Invalid hostname, address or socket"), | 721 | die(STATE_CRITICAL, "%s %s - %s: %s\n", config.service, state_text(STATE_CRITICAL), _("Invalid hostname, address or socket"), |
607 | server_address); | 722 | config.server_address); |
723 | } | ||
608 | 724 | ||
609 | return OK; | 725 | check_tcp_config_wrapper result = { |
726 | .config = config, | ||
727 | .errorcode = OK, | ||
728 | }; | ||
729 | return result; | ||
610 | } | 730 | } |
611 | 731 | ||
612 | void print_help(void) { | 732 | void print_help(const char *service) { |
613 | print_revision(progname, NP_VERSION); | 733 | print_revision(progname, NP_VERSION); |
614 | 734 | ||
615 | printf("Copyright (c) 1999 Ethan Galstad <nagios@nagios.org>\n"); | 735 | printf("Copyright (c) 1999 Ethan Galstad <nagios@nagios.org>\n"); |
616 | printf(COPYRIGHT, copyright, email); | 736 | printf(COPYRIGHT, copyright, email); |
617 | 737 | ||
618 | printf(_("This plugin tests %s connections with the specified host (or unix socket).\n\n"), SERVICE); | 738 | printf(_("This plugin tests %s connections with the specified host (or unix socket).\n\n"), service); |
619 | 739 | ||
620 | print_usage(); | 740 | print_usage(); |
621 | 741 | ||
@@ -662,6 +782,7 @@ void print_help(void) { | |||
662 | 782 | ||
663 | printf(UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); | 783 | printf(UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); |
664 | 784 | ||
785 | printf(UT_OUTPUT_FORMAT); | ||
665 | printf(UT_VERBOSE); | 786 | printf(UT_VERBOSE); |
666 | 787 | ||
667 | printf(UT_SUPPORT); | 788 | printf(UT_SUPPORT); |
diff --git a/plugins/check_tcp.d/config.h b/plugins/check_tcp.d/config.h new file mode 100644 index 00000000..dc25d79e --- /dev/null +++ b/plugins/check_tcp.d/config.h | |||
@@ -0,0 +1,84 @@ | |||
1 | #pragma once | ||
2 | |||
3 | #include "../../lib/utils_tcp.h" | ||
4 | #include "output.h" | ||
5 | #include "states.h" | ||
6 | #include <netinet/in.h> | ||
7 | |||
8 | typedef struct { | ||
9 | char *server_address; | ||
10 | bool host_specified; | ||
11 | int server_port; // TODO can this be a uint16? | ||
12 | |||
13 | int protocol; /* most common is default */ | ||
14 | char *service; | ||
15 | char *send; | ||
16 | char *quit; | ||
17 | char **server_expect; | ||
18 | size_t server_expect_count; | ||
19 | bool use_tls; | ||
20 | #ifdef HAVE_SSL | ||
21 | char *sni; | ||
22 | bool sni_specified; | ||
23 | bool check_cert; | ||
24 | int days_till_exp_warn; | ||
25 | int days_till_exp_crit; | ||
26 | #endif // HAVE_SSL | ||
27 | int match_flags; | ||
28 | mp_state_enum expect_mismatch_state; | ||
29 | unsigned int delay; | ||
30 | |||
31 | bool warning_time_set; | ||
32 | double warning_time; | ||
33 | bool critical_time_set; | ||
34 | double critical_time; | ||
35 | |||
36 | mp_state_enum econn_refuse_state; | ||
37 | |||
38 | ssize_t maxbytes; | ||
39 | |||
40 | bool hide_output; | ||
41 | |||
42 | bool output_format_set; | ||
43 | mp_output_format output_format; | ||
44 | } check_tcp_config; | ||
45 | |||
46 | check_tcp_config check_tcp_config_init() { | ||
47 | check_tcp_config result = { | ||
48 | .server_address = "127.0.0.1", | ||
49 | .host_specified = false, | ||
50 | .server_port = 0, | ||
51 | |||
52 | .protocol = IPPROTO_TCP, | ||
53 | .service = "TCP", | ||
54 | .send = NULL, | ||
55 | .quit = NULL, | ||
56 | .server_expect = NULL, | ||
57 | .server_expect_count = 0, | ||
58 | .use_tls = false, | ||
59 | #ifdef HAVE_SSL | ||
60 | .sni = NULL, | ||
61 | .sni_specified = false, | ||
62 | .check_cert = false, | ||
63 | .days_till_exp_warn = 0, | ||
64 | .days_till_exp_crit = 0, | ||
65 | #endif // HAVE_SSL | ||
66 | .match_flags = NP_MATCH_EXACT, | ||
67 | .expect_mismatch_state = STATE_WARNING, | ||
68 | .delay = 0, | ||
69 | |||
70 | .warning_time_set = false, | ||
71 | .warning_time = 0, | ||
72 | .critical_time_set = false, | ||
73 | .critical_time = 0, | ||
74 | |||
75 | .econn_refuse_state = STATE_CRITICAL, | ||
76 | |||
77 | .maxbytes = 0, | ||
78 | |||
79 | .hide_output = false, | ||
80 | |||
81 | .output_format_set = false, | ||
82 | }; | ||
83 | return result; | ||
84 | } | ||
diff --git a/plugins/t/check_ftp.t b/plugins/t/check_ftp.t index 93a7d7c3..a2f79dca 100644 --- a/plugins/t/check_ftp.t +++ b/plugins/t/check_ftp.t | |||
@@ -15,7 +15,7 @@ my $host_tcp_ftp = getTestParameter("NP_HOST_TCP_FTP", "A host providing t | |||
15 | my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1"); | 15 | my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1"); |
16 | my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost"); | 16 | my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost"); |
17 | 17 | ||
18 | my $successOutput = '/FTP OK -\s+[0-9]?\.?[0-9]+ second response time/'; | 18 | my $successOutput = '/Connection time\s+[0-9]?\.?[0-9]+/'; |
19 | 19 | ||
20 | my $t; | 20 | my $t; |
21 | 21 | ||
diff --git a/plugins/t/check_jabber.t b/plugins/t/check_jabber.t index 08cadcbd..dc46f4c3 100644 --- a/plugins/t/check_jabber.t +++ b/plugins/t/check_jabber.t | |||
@@ -15,11 +15,11 @@ my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname | |||
15 | my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost"); | 15 | my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost"); |
16 | 16 | ||
17 | 17 | ||
18 | my $jabberOK = '/JABBER OK\s-\s\d+\.\d+\ssecond response time on '.$host_tcp_jabber.' port 5222/'; | 18 | my $jabberOK = '/Connection to '.$host_tcp_jabber.' on port 5222/'; |
19 | 19 | ||
20 | my $jabberUnresponsive = '/Socket timeout after\s\d+\sseconds/'; | 20 | my $jabberUnresponsive = '/Socket timeout after\s\d+\sseconds/'; |
21 | 21 | ||
22 | my $jabberInvalid = '/JABBER CRITICAL - Invalid hostname, address or socket:\s.+/'; | 22 | my $jabberInvalid = '/Invalid hostname, address or socket:\s.+/'; |
23 | 23 | ||
24 | my $r; | 24 | my $r; |
25 | 25 | ||
diff --git a/plugins/t/check_tcp.t b/plugins/t/check_tcp.t index cb4de53d..5c8fd0be 100644 --- a/plugins/t/check_tcp.t +++ b/plugins/t/check_tcp.t | |||
@@ -21,19 +21,19 @@ my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname | |||
21 | my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost"); | 21 | my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost"); |
22 | my $internet_access = getTestParameter("NP_INTERNET_ACCESS", "Is this system directly connected to the internet?", "yes"); | 22 | my $internet_access = getTestParameter("NP_INTERNET_ACCESS", "Is this system directly connected to the internet?", "yes"); |
23 | 23 | ||
24 | my $successOutput = '/^TCP OK\s-\s+[0-9]?\.?[0-9]+ second response time on port [0-9]+/'; | 24 | my $successOutput = '/Connection time\s+[0-9]?\.?[0-9]+s is within thresholds+/'; |
25 | 25 | ||
26 | my $failedExpect = '/^TCP WARNING\s-\sUnexpected response from host/socket on port [0-9]+/'; | 26 | my $failedExpect = '/Answer failed to match/'; |
27 | 27 | ||
28 | my $t; | 28 | my $t; |
29 | 29 | ||
30 | $tests = $tests - 4 if $internet_access eq "no"; | 30 | $tests = $tests - 4 if $internet_access eq "no"; |
31 | plan tests => $tests; | 31 | plan tests => $tests; |
32 | 32 | ||
33 | $t += checkCmd( "./check_tcp $host_tcp_http -p 80 -wt 300 -ct 600", 0, $successOutput ); | 33 | $t += checkCmd( "./check_tcp $host_tcp_http -p 80 -w 300 -c 600", 0, $successOutput ); |
34 | $t += checkCmd( "./check_tcp $host_tcp_http -p 81 -wt 0 -ct 0 -to 1", 2 ); # use invalid port for this test | 34 | $t += checkCmd( "./check_tcp $host_tcp_http -p 81 -w 0 -c 0 -t 1", 2 ); # use invalid port for this test |
35 | $t += checkCmd( "./check_tcp $host_nonresponsive -p 80 -wt 0 -ct 0 -to 1", 2 ); | 35 | $t += checkCmd( "./check_tcp $host_nonresponsive -p 80 -w 0 -c 0 -t 1", 2 ); |
36 | $t += checkCmd( "./check_tcp $hostname_invalid -p 80 -wt 0 -ct 0 -to 1", 2 ); | 36 | $t += checkCmd( "./check_tcp $hostname_invalid -p 80 -w 0 -c 0 -t 1", 2 ); |
37 | if($internet_access ne "no") { | 37 | if($internet_access ne "no") { |
38 | $t += checkCmd( "./check_tcp -S -D 1 -H $host_tls_http -p 443", 0 ); | 38 | $t += checkCmd( "./check_tcp -S -D 1 -H $host_tls_http -p 443", 0 ); |
39 | $t += checkCmd( "./check_tcp -S -D 9000,1 -H $host_tls_http -p 443", 1 ); | 39 | $t += checkCmd( "./check_tcp -S -D 9000,1 -H $host_tls_http -p 443", 1 ); |
diff --git a/plugins/t/check_udp.t b/plugins/t/check_udp.t index 6c47d095..5cb9e6dc 100644 --- a/plugins/t/check_udp.t +++ b/plugins/t/check_udp.t | |||
@@ -28,7 +28,7 @@ like ( $res->output, '/With UDP checks, a send/expect string must be specified. | |||
28 | 28 | ||
29 | $res = NPTest->testCmd( "./check_udp -H localhost -p 3333 -s foo -e bar" ); | 29 | $res = NPTest->testCmd( "./check_udp -H localhost -p 3333 -s foo -e bar" ); |
30 | cmp_ok( $res->return_code, '==', 2, "Errors correctly because no udp service running" ); | 30 | cmp_ok( $res->return_code, '==', 2, "Errors correctly because no udp service running" ); |
31 | like ( $res->output, '/No data received from host/', "Output OK"); | 31 | like ( $res->output, '/Received no data /', "Output OK"); |
32 | 32 | ||
33 | my $nc; | 33 | my $nc; |
34 | if(system("which nc.traditional >/dev/null 2>&1") == 0) { | 34 | if(system("which nc.traditional >/dev/null 2>&1") == 0) { |
@@ -48,7 +48,7 @@ SKIP: { | |||
48 | sleep 1; | 48 | sleep 1; |
49 | $res = NPTest->testCmd( "./check_udp -H localhost -p 3333 -s '' -e barbar -4" ); | 49 | $res = NPTest->testCmd( "./check_udp -H localhost -p 3333 -s '' -e barbar -4" ); |
50 | cmp_ok( $res->return_code, '==', 0, "Got barbar response back" ); | 50 | cmp_ok( $res->return_code, '==', 0, "Got barbar response back" ); |
51 | like ( $res->output, '/\[barbar\]/', "Output OK"); | 51 | like ( $res->output, '/answer of the server matched/', "Output OK"); |
52 | close NC; | 52 | close NC; |
53 | 53 | ||
54 | # Start up a udp server listening on port 3333, quit after 3 seconds | 54 | # Start up a udp server listening on port 3333, quit after 3 seconds |