summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--NEWS2
-rw-r--r--THANKS.in1
-rw-r--r--plugins/check_dns.c36
3 files changed, 30 insertions, 9 deletions
diff --git a/NEWS b/NEWS
index 2db2a2cb..0848705c 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,8 @@ This file documents the major additions and syntax changes between releases.
5 check_dns: allow 'expected address' (-a) to be specified in CIDR notation 5 check_dns: allow 'expected address' (-a) to be specified in CIDR notation
6 (IPv4 only). 6 (IPv4 only).
7 check_dns: allow for IPv6 RDNS 7 check_dns: allow for IPv6 RDNS
8 check_dns: allow unsorted addresses
9 check_dns: allow forcing complete match of all addresses
8 check_apt: add --only-critical switch 10 check_apt: add --only-critical switch
9 check_apt: add -l/--list option to print packages 11 check_apt: add -l/--list option to print packages
10 12
diff --git a/THANKS.in b/THANKS.in
index ebc81556..9bb43828 100644
--- a/THANKS.in
+++ b/THANKS.in
@@ -356,3 +356,4 @@ Sven Geggus
356Thomas Kurschel 356Thomas Kurschel
357Yannick Charton 357Yannick Charton
358Nicolai Søborg 358Nicolai Søborg
359Rolf Eike Beer
diff --git a/plugins/check_dns.c b/plugins/check_dns.c
index f2061636..25bd31dc 100644
--- a/plugins/check_dns.c
+++ b/plugins/check_dns.c
@@ -56,6 +56,7 @@ char **expected_address = NULL;
56int expected_address_cnt = 0; 56int expected_address_cnt = 0;
57 57
58int expect_authority = FALSE; 58int expect_authority = FALSE;
59int all_match = FALSE;
59thresholds *time_thresholds = NULL; 60thresholds *time_thresholds = NULL;
60 61
61static int 62static int
@@ -168,8 +169,8 @@ main (int argc, char **argv)
168 temp_buffer++; 169 temp_buffer++;
169 170
170 /* Strip leading spaces */ 171 /* Strip leading spaces */
171 for (; *temp_buffer != '\0' && *temp_buffer == ' '; temp_buffer++) 172 while (*temp_buffer == ' ')
172 /* NOOP */; 173 temp_buffer++;
173 174
174 strip(temp_buffer); 175 strip(temp_buffer);
175 if (temp_buffer==NULL || strlen(temp_buffer)==0) { 176 if (temp_buffer==NULL || strlen(temp_buffer)==0) {
@@ -228,16 +229,27 @@ main (int argc, char **argv)
228 if (result == STATE_OK && expected_address_cnt > 0) { 229 if (result == STATE_OK && expected_address_cnt > 0) {
229 result = STATE_CRITICAL; 230 result = STATE_CRITICAL;
230 temp_buffer = ""; 231 temp_buffer = "";
232 unsigned long expect_match = (1 << expected_address_cnt) - 1;
233 unsigned long addr_match = (1 << n_addresses) - 1;
231 234
232 for (i=0; i<expected_address_cnt; i++) { 235 for (i=0; i<expected_address_cnt; i++) {
236 int j;
233 /* check if we get a match on 'raw' ip or cidr */ 237 /* check if we get a match on 'raw' ip or cidr */
234 if ( strcmp(address, expected_address[i]) == 0 238 for (j=0; j<n_addresses; j++) {
235 || ip_match_cidr(address, expected_address[i]) ) 239 if ( strcmp(addresses[j], expected_address[i]) == 0
236 result = STATE_OK; 240 || ip_match_cidr(addresses[j], expected_address[i]) ) {
241 result = STATE_OK;
242 addr_match &= ~(1 << j);
243 expect_match &= ~(1 << i);
244 }
245 }
237 246
238 /* prepare an error string */ 247 /* prepare an error string */
239 xasprintf(&temp_buffer, "%s%s; ", temp_buffer, expected_address[i]); 248 xasprintf(&temp_buffer, "%s%s; ", temp_buffer, expected_address[i]);
240 } 249 }
250 /* check if expected_address must cover all in addresses and none may be missing */
251 if (all_match && (expect_match != 0 || addr_match != 0))
252 result = STATE_CRITICAL;
241 if (result == STATE_CRITICAL) { 253 if (result == STATE_CRITICAL) {
242 /* Strip off last semicolon... */ 254 /* Strip off last semicolon... */
243 temp_buffer[strlen(temp_buffer)-2] = '\0'; 255 temp_buffer[strlen(temp_buffer)-2] = '\0';
@@ -401,6 +413,7 @@ process_arguments (int argc, char **argv)
401 {"reverse-server", required_argument, 0, 'r'}, 413 {"reverse-server", required_argument, 0, 'r'},
402 {"expected-address", required_argument, 0, 'a'}, 414 {"expected-address", required_argument, 0, 'a'},
403 {"expect-authority", no_argument, 0, 'A'}, 415 {"expect-authority", no_argument, 0, 'A'},
416 {"all", no_argument, 0, 'L'},
404 {"warning", required_argument, 0, 'w'}, 417 {"warning", required_argument, 0, 'w'},
405 {"critical", required_argument, 0, 'c'}, 418 {"critical", required_argument, 0, 'c'},
406 {0, 0, 0, 0} 419 {0, 0, 0, 0}
@@ -414,7 +427,7 @@ process_arguments (int argc, char **argv)
414 strcpy (argv[c], "-t"); 427 strcpy (argv[c], "-t");
415 428
416 while (1) { 429 while (1) {
417 c = getopt_long (argc, argv, "hVvAt:H:s:r:a:w:c:", long_opts, &opt_index); 430 c = getopt_long (argc, argv, "hVvALt:H:s:r:a:w:c:", long_opts, &opt_index);
418 431
419 if (c == -1 || c == EOF) 432 if (c == -1 || c == EOF)
420 break; 433 break;
@@ -462,6 +475,9 @@ process_arguments (int argc, char **argv)
462 case 'A': /* expect authority */ 475 case 'A': /* expect authority */
463 expect_authority = TRUE; 476 expect_authority = TRUE;
464 break; 477 break;
478 case 'L': /* all must match */
479 all_match = TRUE;
480 break;
465 case 'w': 481 case 'w':
466 warning = optarg; 482 warning = optarg;
467 break; 483 break;
@@ -530,14 +546,16 @@ print_help (void)
530 printf (" -a, --expected-address=IP-ADDRESS|CIDR|HOST\n"); 546 printf (" -a, --expected-address=IP-ADDRESS|CIDR|HOST\n");
531 printf (" %s\n", _("Optional IP-ADDRESS/CIDR you expect the DNS server to return. HOST must end")); 547 printf (" %s\n", _("Optional IP-ADDRESS/CIDR you expect the DNS server to return. HOST must end"));
532 printf (" %s\n", _("with a dot (.). This option can be repeated multiple times (Returns OK if any")); 548 printf (" %s\n", _("with a dot (.). This option can be repeated multiple times (Returns OK if any"));
533 printf (" %s\n", _("value match). If multiple addresses are returned at once, you have to match")); 549 printf (" %s\n", _("value matches)."));
534 printf (" %s\n", _("the whole string of addresses separated with commas (sorted alphabetically)."));
535 printf (" -A, --expect-authority\n"); 550 printf (" -A, --expect-authority\n");
536 printf (" %s\n", _("Optionally expect the DNS server to be authoritative for the lookup")); 551 printf (" %s\n", _("Optionally expect the DNS server to be authoritative for the lookup"));
537 printf (" -w, --warning=seconds\n"); 552 printf (" -w, --warning=seconds\n");
538 printf (" %s\n", _("Return warning if elapsed time exceeds value. Default off")); 553 printf (" %s\n", _("Return warning if elapsed time exceeds value. Default off"));
539 printf (" -c, --critical=seconds\n"); 554 printf (" -c, --critical=seconds\n");
540 printf (" %s\n", _("Return critical if elapsed time exceeds value. Default off")); 555 printf (" %s\n", _("Return critical if elapsed time exceeds value. Default off"));
556 printf (" -L, --all\n");
557 printf (" %s\n", _("Return critical the list of expected addresses does not match all addresses"));
558 printf (" %s\n", _("returned. Default off"));
541 559
542 printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); 560 printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
543 561
@@ -549,5 +567,5 @@ void
549print_usage (void) 567print_usage (void)
550{ 568{
551 printf ("%s\n", _("Usage:")); 569 printf ("%s\n", _("Usage:"));
552 printf ("%s -H host [-s server] [-a expected-address] [-A] [-t timeout] [-w warn] [-c crit]\n", progname); 570 printf ("%s -H host [-s server] [-a expected-address] [-A] [-t timeout] [-w warn] [-c crit] [-L]\n", progname);
553} 571}