[icinga-devel] [patch] IPv6 support for nrpe and check_nrpe

MIke Becker mike.becker at redpeppersworld.de
Wed Aug 25 17:46:58 CEST 2010


Thanks for the submission. I have tried the Patch also on my icinga-nrpe
branch. It seems to work very good but it seems that depending on the
glibc Version the default socket is different (at my side the default
one was an IPv4 Socket). Also i have thought about the problem that IPv4
is in the RFC a Part of IPv6 why not making IPv6 default and mapping
IPv4 requests in it ?



Am 22.08.2010 11:25, schrieb Florian Obser:
> Hi,
> the attached 700+ lines monstrosity implements IPv6 support for nrpe
> and check_nrpe by switching socket related code to getaddrinfo.
> As getaddrinfo expects a char* as second argument for the service name
> from /etc/services or decimal port it's more convenient to treat the
> port as string from configure.in downwards.
> Because of the switch to getaddrinfo in wait_for_connections
> (src/nrpe.c) it's now possible to configure a name for
> server_address. However depending on you DNS configuration this might
> not result in what you expect. If you have an AAAA and A
> record for the name you will only get an IPv6 socket because
> wait_for_connections only accepts on the *first* addrinfo to which it
> can bind.
> There is a similar problem with leaving server_address empty. This
> will result in a socket listening on in6addr_any. On a default
> GNU/Linux installation you get a socket listening on IPv4 and IPv6
> because IPv4 connects are mapped to the IPv6 socket. This behavior can
> be changed in /proc. On systems like OpenBSD which by choice do not
> implement this mapping you will only get an IPv6 socket.
> In any case it appears to be best to configure an explicit IP address
> for server_address.
> is_an_allowed_host (src/nrpe.c) now compares sockaddr structs using
> new helper function sockaddr_equal (src/utils.c).
> get_ip_str and get_port helper functions (src/utils.c) were taken from
> / inspired by Owen DeLong's IPv6 Porting Information
> ( http://owend.corp.he.net/ipv6/ ).
> sockaddr_equal was inspired by similar code in samba
> The patch tries to mimic the style of the surrounding code, e.g. no
> line breaks after 80 characters, closing brackets on the same level as
> the containing block.
> We are using the patch in production at the company I work for since
> about a week. We are monitoring approximately 400 hosts and each host
> has at least four check_nrpe checks. We replaced the check_nrpe binary
> with the patched version so all check_nrpe checks use the patch.
> We are using the patched nrpe daemon on three IPv6 only hosts and on
> one dual stacked host. All other hosts use the unpatched nrpe daemon
> from nagios.
> So far we didn't see any problems.
> The patch was tested on OpenBSD 4.7 and Debian Lenny. Additionally 10k
> checks were send to the nrpe daemon in a tight loop and no memory leak
> was observed. (If there are leaks they should be contained in forked
> processes which die quickly.)
> I tried to send the patch inline and while my mail client didn't touch
> the long lines it non the less managed to mangle the patch in ways
> that it would no longer apply. If the attachment is filtered / lost
> you can pull from:
> git://github.com/fobser/icinga-nrpe-ipv6.git
> Best regards,
> Florian
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by 
> Make an app they can't live without
> Enter the BlackBerry Developer Challenge
> http://p.sf.net/sfu/RIM-dev2dev 
> _______________________________________________
> icinga-devel mailing list
> icinga-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/icinga-devel

More information about the icinga-devel mailing list