![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c
index 56e5a05d9f034957ce01dbe6e3be69bf15b8e27a..149ca98f3f41db83ef3c8471c9db79b19bcca876 100644 (file)
--- a/plugins/check_ntp.c
+++ b/plugins/check_ntp.c
#include "common.h"
#include "netutils.h"
#include "utils.h"
+#include <sys/poll.h>
static char *server_address=NULL;
static int verbose=0;
void print_help (void);
void print_usage (void);
+/* number of times to perform each request to get a good average. */
+#define AVG_NUM 4
+
+/* max size of control message data */
+#define MAX_CM_SIZE 468
+
/* this structure holds everything in an ntp request/response as per rfc1305 */
typedef struct {
uint8_t flags; /* byte with leapindicator,vers,mode. see macros */
uint64_t txts; /* time at which request departed server */
} ntp_message;
+/* this structure holds data about results from querying offset from a peer */
+typedef struct {
+ int waiting; /* we set to 1 to signal waiting for a response */
+ int num_responses; /* number of successfully recieved responses */
+ double offset[AVG_NUM]; /* offsets from each response */
+} ntp_server_results;
+
+/* this structure holds everything in an ntp control message as per rfc1305 */
+typedef struct {
+ uint8_t flags; /* byte with leapindicator,vers,mode. see macros */
+ uint8_t op; /* R,E,M bits and Opcode */
+ uint16_t seq; /* Packet sequence */
+ uint16_t status; /* Clock status */
+ uint16_t assoc; /* Association */
+ uint16_t offset; /* Similar to TCP sequence # */
+ uint16_t count; /* # bytes of data */
+ char data[MAX_CM_SIZE]; /* ASCII data of the request */
+ /* NB: not necessarily NULL terminated! */
+} ntp_control_message;
+
+/* this is an association/status-word pair found in control packet reponses */
+typedef struct {
+ uint16_t assoc;
+ uint16_t status;
+} ntp_assoc_status_pair;
+
/* bits 1,2 are the leap indicator */
#define LI_MASK 0xc0
#define LI(x) ((x&LI_MASK)>>6)
#define VN_MASK 0x38
#define VN(x) ((x&VN_MASK)>>3)
#define VN_SET(x,y) do{ x |= ((y<<3)&VN_MASK); }while(0)
+#define VN_RESERVED 0x02
/* bits 6,7,8 are the ntp mode */
#define MODE_MASK 0x07
#define MODE(x) (x&MODE_MASK)
#define MODE_SET(x,y) do{ x |= (y&MODE_MASK); }while(0)
/* here are some values */
#define MODE_CLIENT 0x03
+#define MODE_CONTROLMSG 0x06
+/* In control message, bits 8-10 are R,E,M bits */
+#define REM_MASK 0xe0
+#define REM_RESP 0x80
+#define REM_ERROR 0x40
+#define REM_MORE 0x20
+/* In control message, bits 11 - 15 are opcode */
+#define OP_MASK 0x1f
+#define OP_SET(x,y) do{ x |= (y&OP_MASK); }while(0)
+#define OP_READSTAT 0x01
+#define OP_READVAR 0x02
+/* In peer status bytes, bytes 6,7,8 determine clock selection status */
+#define PEER_SEL(x) (x&0x07)
+#define PEER_INCLUDED 0x04
+#define PEER_SYNCSOURCE 0x06
/**
** a note about the 32-bit "fixed point" numbers:
do{ if(!n) t.tv_sec = t.tv_usec = 0; \
else { \
t.tv_sec=ntohl(L32(n))-EPOCHDIFF; \
- t.tv_usec=(int)(0.5+(double)(ntohl(R32(n))/4294.967296)); \
+ t.tv_usec=(int)(0.5+(double)(ntohl(R32(n))/4294.967296)); \
} \
}while(0)
} \
} while(0)
+/* NTP control message header is 12 bytes, plus any data in the data
+ * field, plus null padding to the nearest 32-bit boundary per rfc.
+ */
+#define SIZEOF_NTPCM(m) (12+ntohs(m.count)+((m.count)?4-(ntohs(m.count)%4):0))
+
+/* finally, a little helper or two for debugging: */
+#define DBG(x) do{if(verbose>1){ x; }}while(0);
+#define PRINTSOCKADDR(x) \
+ do{ \
+ printf("%u.%u.%u.%u", (x>>24)&0xff, (x>>16)&0xff, (x>>8)&0xff, x&0xff);\
+ }while(0);
/* calculate the offset of the local clock */
static inline double calc_offset(const ntp_message *m, const struct timeval *t){
@@ -142,7 +202,7 @@ static inline double calc_offset(const ntp_message *m, const struct timeval *t){
}
/* print out a ntp packet in human readable/debuggable format */
-void print_packet(const ntp_message *p){
+void print_ntp_message(const ntp_message *p){
struct timeval ref, orig, rx, tx;
NTP64toTV(p->refts,ref);
printf("\ttxts = %-.16g\n", NTP64asDOUBLE(p->txts));
}
+void print_ntp_control_message(const ntp_control_message *p){
+ int i=0, numpeers=0;
+ const ntp_assoc_status_pair *peer=NULL;
+
+ printf("control packet contents:\n");
+ printf("\tflags: 0x%.2x , 0x%.2x\n", p->flags, p->op);
+ printf("\t li=%d (0x%.2x)\n", LI(p->flags), p->flags&LI_MASK);
+ printf("\t vn=%d (0x%.2x)\n", VN(p->flags), p->flags&VN_MASK);
+ printf("\t mode=%d (0x%.2x)\n", MODE(p->flags), p->flags&MODE_MASK);
+ printf("\t response=%d (0x%.2x)\n", (p->op&REM_RESP)>0, p->op&REM_RESP);
+ printf("\t more=%d (0x%.2x)\n", (p->op&REM_MORE)>0, p->op&REM_MORE);
+ printf("\t error=%d (0x%.2x)\n", (p->op&REM_ERROR)>0, p->op&REM_ERROR);
+ printf("\t op=%d (0x%.2x)\n", p->op&OP_MASK, p->op&OP_MASK);
+ printf("\tsequence: %d (0x%.2x)\n", ntohs(p->seq), ntohs(p->seq));
+ printf("\tstatus: %d (0x%.2x)\n", ntohs(p->status), ntohs(p->status));
+ printf("\tassoc: %d (0x%.2x)\n", ntohs(p->assoc), ntohs(p->assoc));
+ printf("\toffset: %d (0x%.2x)\n", ntohs(p->offset), ntohs(p->offset));
+ printf("\tcount: %d (0x%.2x)\n", ntohs(p->count), ntohs(p->count));
+ numpeers=ntohs(p->count)/(sizeof(ntp_assoc_status_pair));
+ if(p->op&REM_RESP && p->op&OP_READSTAT){
+ peer=(ntp_assoc_status_pair*)p->data;
+ for(i=0;i<numpeers;i++){
+ printf("\tpeer id %.2x status %.2x",
+ ntohs(peer[i].assoc), ntohs(peer[i].status));
+ if (PEER_SEL(peer[i].status) >= PEER_INCLUDED){
+ if(PEER_SEL(peer[i].status) >= PEER_SYNCSOURCE){
+ printf(" <-- current sync source");
+ } else {
+ printf(" <-- current sync candidate");
+ }
+ }
+ printf("\n");
+ }
+ }
+}
+
void setup_request(ntp_message *p){
struct timeval t;
TVtoNTP64(t,p->txts);
}
+/* do everything we need to get the total average offset
+ * - we use a certain amount of parallelization with poll() to ensure
+ * we don't waste time sitting around waiting for single packets.
+ * - we also "manually" handle resolving host names and connecting, because
+ * we have to do it in a way that our lazy macros don't handle currently :( */
+double offset_request(const char *host){
+ int i=0, j=0, ga_result=0, num_hosts=0, *socklist=NULL, respnum=0;
+ int servers_completed=0, one_written=0, servers_readable=0, offsets_recvd=0;
+ ntp_message *req=NULL;
+ double avg_offset=0.;
+ struct timeval recv_time;
+ struct addrinfo *ai=NULL, *ai_tmp=NULL, hints;
+ struct pollfd *ufds=NULL;
+ ntp_server_results *servers=NULL;
+
+ /* setup hints to only return results from getaddrinfo that we'd like */
+ memset(&hints, 0, sizeof(struct addrinfo));
+ hints.ai_family = address_family;
+ hints.ai_protocol = IPPROTO_UDP;
+ hints.ai_socktype = SOCK_DGRAM;
+
+ /* fill in ai with the list of hosts resolved by the host name */
+ ga_result = getaddrinfo(host, "123", &hints, &ai);
+ if(ga_result!=0){
+ die(STATE_UNKNOWN, "error getting address for %s: %s\n",
+ host, gai_strerror(ga_result));
+ }
+
+ /* count the number of returned hosts, and allocate stuff accordingly */
+ for(ai_tmp=ai; ai_tmp!=NULL; ai_tmp=ai_tmp->ai_next){ num_hosts++; }
+ req=(ntp_message*)malloc(sizeof(ntp_message)*num_hosts);
+ if(req==NULL) die(STATE_UNKNOWN, "can not allocate ntp message array");
+ socklist=(int*)malloc(sizeof(int)*num_hosts);
+ if(socklist==NULL) die(STATE_UNKNOWN, "can not allocate socket array");
+ ufds=(struct pollfd*)malloc(sizeof(struct pollfd)*num_hosts);
+ if(ufds==NULL) die(STATE_UNKNOWN, "can not allocate socket array");
+ servers=(ntp_server_results*)malloc(sizeof(ntp_server_results)*num_hosts);
+ if(servers==NULL) die(STATE_UNKNOWN, "can not allocate server array");
+ memset(servers, 0, sizeof(ntp_server_results)*num_hosts);
+
+ /* setup each socket for writing, and the corresponding struct pollfd */
+ ai_tmp=ai;
+ for(i=0;ai_tmp;i++){
+ socklist[i]=socket(ai_tmp->ai_family, SOCK_DGRAM, IPPROTO_UDP);
+ if(socklist[i] == -1) {
+ perror(NULL);
+ die(STATE_UNKNOWN, "can not create new socket");
+ }
+ if(connect(socklist[i], ai_tmp->ai_addr, ai_tmp->ai_addrlen)){
+ die(STATE_UNKNOWN, "can't create socket connection");
+ } else {
+ ufds[i].fd=socklist[i];
+ ufds[i].events=POLLIN;
+ ufds[i].revents=0;
+ }
+ ai_tmp = ai_tmp->ai_next;
+ }
+
+ /* now do AVG_NUM checks to each host. */
+ while(servers_completed<num_hosts){
+
+ /* write to any servers that are free and have done < AVG_NUM reqs */
+ /* XXX we need some kind of ability to retransmit lost packets.
+ * XXX one way would be replace "waiting" with a timestamp and
+ * XXX if the timestamp is old enough the request is re-transmitted.
+ * XXX then a certain number of failures could mark a server as
+ * XXX bad, which is what i imagine that ntpdate does though
+ * XXX i can't confirm it (i think it still only sends a max
+ * XXX of AVG_NUM requests, but what does it do if one fails
+ * XXX but the others succeed? */
+ /* XXX also we need the ability to cut out failed/unresponsive
+ * XXX servers. currently after doing all other servers we
+ * XXX still wait for them until the bitter end/timeout. */
+ one_written=0;
+ for(i=0; i<num_hosts; i++){
+ if(!servers[i].waiting && servers[i].num_responses<AVG_NUM){
+ if(verbose) printf("sending request to peer %d\n", i);
+ setup_request(&req[i]);
+ write(socklist[i], &req[i], sizeof(ntp_message));
+ servers[i].waiting=1;
+ one_written=1;
+ break;
+ }
+ }
+
+ /* quickly poll for any sockets with pending data */
+ servers_readable=poll(ufds, num_hosts, 100);
+ if(servers_readable==-1){
+ perror("polling ntp sockets");
+ die(STATE_UNKNOWN, "communication errors");
+ }
+
+ /* read from any sockets with pending data */
+ for(i=0; servers_readable && i<num_hosts; i++){
+ if(ufds[i].revents&POLLIN){
+ if(verbose) {
+ printf("response from peer %d: ", i);
+ }
+ read(ufds[i].fd, &req[i], sizeof(ntp_message));
+ gettimeofday(&recv_time, NULL);
+ respnum=servers[i].num_responses++;
+ servers[i].offset[respnum]=calc_offset(&req[i], &recv_time);
+ if(verbose) {
+ printf("offset %g\n", servers[i].offset[respnum]);
+ }
+ servers[i].waiting=0;
+ servers_readable--;
+ if(servers[i].num_responses==AVG_NUM) servers_completed++;
+ }
+ }
+ /* lather, rinse, repeat. */
+ }
+
+ /* finally, calculate the average offset */
+ /* XXX still something about the "top 5" */
+ for(i=0;i<num_hosts;i++){
+ for(j=0;j<servers[i].num_responses;j++){
+ offsets_recvd++;
+ avg_offset+=servers[i].offset[j];
+ }
+ }
+ avg_offset/=offsets_recvd;
+
+ /* cleanup */
+ for(j=0; j<num_hosts; j++){ close(socklist[j]); }
+ free(socklist);
+ free(ufds);
+ free(servers);
+ free(req);
+ freeaddrinfo(ai);
+
+ if(verbose) printf("overall average offset: %g\n", avg_offset);
+ return avg_offset;
+}
+
+void
+setup_control_request(ntp_control_message *p, uint8_t opcode, uint16_t seq){
+ memset(p, 0, sizeof(ntp_control_message));
+ LI_SET(p->flags, LI_NOWARNING);
+ VN_SET(p->flags, VN_RESERVED);
+ MODE_SET(p->flags, MODE_CONTROLMSG);
+ OP_SET(p->op, opcode);
+ p->seq = htons(seq);
+ /* Remaining fields are zero for requests */
+}
+
+/* XXX handle responses with the error bit set */
+double jitter_request(const char *host){
+ int conn=-1, i, npeers=0, num_candidates=0, syncsource_found=0;
+ int run=0, min_peer_sel=PEER_INCLUDED, num_selected=0, num_valid=0;
+ ntp_assoc_status_pair *peers;
+ ntp_control_message req;
+ double rval = 0.0, jitter = -1.0;
+ char *startofvalue=NULL, *nptr=NULL;
+
+ /* Long-winded explanation:
+ * Getting the jitter requires a number of steps:
+ * 1) Send a READSTAT request.
+ * 2) Interpret the READSTAT reply
+ * a) The data section contains a list of peer identifiers (16 bits)
+ * and associated status words (16 bits)
+ * b) We want the value of 0x06 in the SEL (peer selection) value,
+ * which means "current synchronizatin source". If that's missing,
+ * we take anything better than 0x04 (see the rfc for details) but
+ * set a minimum of warning.
+ * 3) Send a READVAR request for information on each peer identified
+ * in 2b greater than the minimum selection value.
+ * 4) Extract the jitter value from the data[] (it's ASCII)
+ */
+ my_udp_connect(server_address, 123, &conn);
+ setup_control_request(&req, OP_READSTAT, 1);
+
+ DBG(printf("sending READSTAT request"));
+ write(conn, &req, SIZEOF_NTPCM(req));
+ DBG(print_ntp_control_message(&req));
+ /* Attempt to read the largest size packet possible
+ * Is it possible for an NTP server to have more than 117 synchronization
+ * sources? If so, we will receive a second datagram with additional
+ * peers listed, since 117 is the maximum number that can fit in a
+ * single NTP control datagram. This code doesn't handle that case */
+ /* XXX check the REM_MORE bit */
+ req.count=htons(MAX_CM_SIZE);
+ DBG(printf("recieving READSTAT response"))
+ read(conn, &req, SIZEOF_NTPCM(req));
+ DBG(print_ntp_control_message(&req));
+ /* Each peer identifier is 4 bytes in the data section, which
+ * we represent as a ntp_assoc_status_pair datatype.
+ */
+ npeers=ntohs(req.count)/sizeof(ntp_assoc_status_pair);
+ peers=(ntp_assoc_status_pair*)malloc(sizeof(ntp_assoc_status_pair)*npeers);
+ memcpy((void*)peers, (void*)req.data, sizeof(ntp_assoc_status_pair)*npeers);
+ /* first, let's find out if we have a sync source, or if there are
+ * at least some candidates. in the case of the latter we'll issue
+ * a warning but go ahead with the check on them. */
+ for (i = 0; i < npeers; i++){
+ if (PEER_SEL(peers[i].status) >= PEER_INCLUDED){
+ num_candidates++;
+ if(PEER_SEL(peers[i].status) >= PEER_SYNCSOURCE){
+ syncsource_found=1;
+ min_peer_sel=PEER_SYNCSOURCE;
+ }
+ }
+ }
+ if(verbose) printf("%d candiate peers available\n", num_candidates);
+ if(verbose && syncsource_found) printf("synchronization source found\n");
+ /* XXX if ! syncsource_found set status to warning */
+
+ for (run=0; run<AVG_NUM; run++){
+ if(verbose) printf("jitter run %d of %d\n", run+1, AVG_NUM);
+ for (i = 0; i < npeers; i++){
+ /* Only query this server if it is the current sync source */
+ if (PEER_SEL(peers[i].status) >= min_peer_sel){
+ setup_control_request(&req, OP_READVAR, 2);
+ req.assoc = peers[i].assoc;
+ /* By spec, putting the variable name "jitter" in the request
+ * should cause the server to provide _only_ the jitter value.
+ * thus reducing net traffic, guaranteeing us only a single
+ * datagram in reply, and making intepretation much simpler
+ */
+ strncpy(req.data, "jitter", 6);
+ req.count = htons(6);
+ DBG(printf("sending READVAR request...\n"));
+ write(conn, &req, SIZEOF_NTPCM(req));
+ DBG(print_ntp_control_message(&req));
+
+ req.count = htons(MAX_CM_SIZE);
+ DBG(printf("recieving READVAR response...\n"));
+ read(conn, &req, SIZEOF_NTPCM(req));
+ DBG(print_ntp_control_message(&req));
+
+ /* get to the float value */
+ if(verbose) {
+ printf("parsing jitter from peer %.2x: ", peers[i].assoc);
+ }
+ startofvalue = strchr(req.data, '=') + 1;
+ jitter = strtod(startofvalue, &nptr);
+ num_selected++;
+ if(jitter == 0 && startofvalue==nptr){
+ printf("warning: unable to parse server response.\n");
+ /* XXX errors value ... */
+ } else {
+ if(verbose) printf("%g\n", jitter);
+ num_valid++;
+ rval += jitter;
+ }
+ }
+ }
+ if(verbose){
+ printf("jitter parsed from %d/%d peers\n", num_selected, num_valid);
+ }
+ }
+
+ rval /= num_valid;
+
+ close(conn);
+ free(peers);
+ /* If we return -1.0, it means no synchronization source was found */
+ return rval;
+}
+
int process_arguments(int argc, char **argv){
int c;
int option=0;
exit(STATE_OK);
break;
case 'v':
- verbose = 1;
+ verbose++;
break;
case 'w':
owarn = atof(optarg);
int main(int argc, char *argv[]){
int result = STATE_UNKNOWN;
- int conn;
- ntp_message m;
- struct timeval recv_time;
double offset=0, jitter=0;
if (process_arguments (argc, argv) == ERROR)
/* set socket timeout */
alarm (socket_timeout);
- setup_request(&m);
- if(verbose) print_packet(&m);
- my_udp_connect(server_address, 123, &conn);
- write(conn, &m, sizeof(ntp_message));
- read(conn, &m, sizeof(ntp_message));
- gettimeofday(&recv_time, NULL);
- if(verbose) print_packet(&m);
- close(conn);
-
- offset=calc_offset(&m, &recv_time);
- printf("total offset: %g\n", offset);
-
+ offset = offset_request(server_address);
if(offset > ocrit){
- printf("NTP CRITICAL: ");
result = STATE_CRITICAL;
} else if(offset > owarn) {
- printf("NTP WARNING: ");
result = STATE_WARNING;
} else {
- printf("NTP OK: ");
result = STATE_OK;
}
- /* not implemented yet:
- jitter=calc_jitter(&m, &recv_time);
-
+ /* If not told to check the jitter, we don't even send packets.
+ * jitter is checked using NTP control packets, which not all
+ * servers recognize. Trying to check the jitter on OpenNTPD
+ * (for example) will result in an error
+ */
if(do_jitter){
- if(offset > ocrit){
+ jitter=jitter_request(server_address);
+ if(jitter > jcrit){
+ result = max_state(result, STATE_CRITICAL);
+ } else if(jitter > jwarn) {
+ result = max_state(result, STATE_WARNING);
+ } else if(jitter == -1.0 && result == STATE_OK){
+ /* -1 indicates that we couldn't calculate the jitter
+ * Only overrides STATE_OK from the offset */
+ result = STATE_UNKNOWN;
+ }
+ }
+
+ switch (result) {
+ case STATE_CRITICAL :
printf("NTP CRITICAL: ");
- result = STATE_CRITICAL;
- } else if(offset > owarn) {
+ break;
+ case STATE_WARNING :
printf("NTP WARNING: ");
- result = STATE_WARNING;
- } else {
+ break;
+ case STATE_OK :
printf("NTP OK: ");
- result = STATE_OK;
- }
+ break;
+ default :
+ printf("NTP UNKNOWN: ");
+ break;
}
- */
- printf("Offset %g secs|offset=%g\n", offset, offset);
+ printf("Offset %g secs|offset=%g", offset, offset);
+ if (do_jitter) printf("|jitter=%f", jitter);
+ printf("\n");
if(server_address!=NULL) free(server_address);
return result;