search

NagiosEnterprises / nrpe

NRPE Agent
GNU General Public License v2.0
259 stars 133 forks source link

invalid CRC32 error message #223

Closed hariwe closed 4 years ago

hariwe commented 4 years ago

Affects version: 4.0.0 OS: RHEL7

With nrpe 4.0.0 (used for check_nrpe and nrpe daemon) I always get following errors in the logs:

nrpe[26700]: Error: Request packet had invalid CRC32. nrpe[26700]: Client request from 127.0.0.1 was invalid, bailing out... check_nrpe: Remote 127.0.0.1 does not support version 3/4 packets

The version 2 request afterwards is working fine. I do not see this issue with version 3.2.1

christimpaler commented 4 years ago

Same "problem" here. The log files are flooded with these messages. OS: RHEL 7

sawolf commented 4 years ago

Are you using version 4 for both the daemon and for check_nrpe? In my testing, that log message only appears if you use 3.x and 4.x together.

hariwe commented 4 years ago

Yes, I'm using version 4 for both of them.

christimpaler commented 4 years ago

I am also using both (nrpe & check_nrpe) in version 4.

christimpaler commented 4 years ago

Compiling: ./configure --with-nrpe-user=nagios --with-nrpe-group=nagios --with-nagios-user=root --with-nagios-group=nagios --disable-command-args --disable-bash-command-substitution make all

./check_nrpe_v4 -H -c -p 5666 -t 40:UNKNOWN -f check_nrpe.config

check_nrpe.config contains: --client-cert=/etc/pki/tls/certs/server.crt --key-file=/etc/pki/tls/private/server.key --ca-cert-file=/etc/pki/tls/certs/ca.crt

nrpe.cfg: server_port=5666 nrpe_user=nagios nrpe_group=nagios debug=0 command_timeout=60 allow_bash_command_substitution=0 dont_blame_nrpe=0 ssl_logging=0x00 ssl_privatekey_file=/etc/pki/tls/private/nrpe.key ssl_cert_file=/etc/pki/tls/certs/nrpe.crt ssl_cacert_file=/etc/pki/tls/certs/ca.crt ssl_cipher_list=AES256-GCM-SHA384 ssl_version=TLSv1.2+ ssl_use_adh=0 ssl_client_certs=2

I hope this helps.

christimpaler commented 4 years ago

Debug output of "nrpe".

Jan 22 14:08:41 nrpe[13968]: INFO: SSL/TLS initialized. All network traffic will be encrypted. Jan 22 14:08:41 nrpe[13968]: Error: Request packet had invalid CRC32. Jan 22 14:08:41 nrpe[13968]: Client request from was invalid, bailing out... Jan 22 14:08:41 nrpe[13969]: INFO: SSL/TLS initialized. All network traffic will be encrypted. Jan 22 14:08:41 nrpe[13970]: WARNING: my_system() seteuid(0): Operation not permitted

SELinux was permissive, so this should not be the problem.

sebastic commented 4 years ago

The pkt_size seems to differ between check_nrpe & nrpe, adding some debug logging to send_request() in check_nrpe.c and validate_request() in nrpe.c shows:

Jan 22 15:20:35 foobar check_nrpe: v3 - crc32_value: 658913308, pkt_size: 1036
Jan 22 15:20:35 foobar nrpe[5807]: v3 - crc32_value: 0, calculated_crc32: 4151722210, pkt_size: 1033
...
Jan 22 15:20:35 foobar check_nrpe: v2 - crc32_value: 1923810245, pkt_size: 1036
Jan 22 15:20:35 foobar nrpe[5809]: v2 - crc32_value: 0, calculated_crc32: 3305352050, pkt_size: 1036

For v2 packets the size is the same in check_nrpe & nrpe.

Adding the 3 missing bytes to pkt_size helps, but it causes check_nrpe to segfault in read_response():

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x000055555555a3ed in read_response () at ./check_nrpe.c:1387
1387                    result = ntohs(v2_receive_packet->result_code);
(gdb) bt full
#0  0x000055555555a3ed in read_response () at ./check_nrpe.c:1387
        v2_receive_packet = 0x0
        v3_receive_packet = 0x55555559ce30
        packet_crc32 = 3179841556
        calculated_crc32 = 3179841556
        pkt_size = 27
        buffer_size = 11
        rc = 16
        result = 1431940256
#1  0x00005555555579ba in main (argc=4, argv=0x7fffffffdf98) at ./check_nrpe.c:177
        result = 0
sawolf commented 4 years ago

I was able to reproduce the issue as well. Thanks for the extra info @sebastic. It looks like I missed a spot when updating the buffer lengths for the new version, and a version check as well near the end of the program.

Compiling from the pull request just above, do any of you continue to have issues?

sebastic commented 4 years ago

Looking good with the changes from #225 applied:

Jan 22 20:19:10 foobar nrpe[8305]: CONN_CHECK_PEER: checking if host is allowed: 127.0.0.1 port 30345
Jan 22 20:19:10 foobar nrpe[8305]: Connection from 127.0.0.1 port 30345
Jan 22 20:19:10 foobar nrpe[8305]: is_an_allowed_host (AF_INET): is host >127.0.0.1< an allowed host >127.0.0.1<
Jan 22 20:19:10 foobar nrpe[8305]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan 22 20:19:10 foobar nrpe[8305]: Host address is in allowed_hosts
Jan 22 20:19:10 foobar nrpe[8305]: Host 127.0.0.1 is asking for command '_NRPE_CHECK' to be run...
Jan 22 20:19:10 foobar nrpe[8305]: Response to 127.0.0.1: NRPE v4.0.0
Jan 22 20:19:10 foobar nrpe[8305]: Return Code: 0, Output: NRPE v4.0.0
Jan 22 20:19:10 foobar nrpe[8305]: Connection from 127.0.0.1 closed.
hariwe commented 4 years ago

Looking also fine for me with the changes applied from above.