Package: nagios-plugins-basic
Version: 1.4.16-1
Severity: important
Tags: upstream patch
Dear Maintainer,
After hardening the ntp configuration, I noticed that the nagios check was
no longer functioning. The line I added to ntp.conf was:
restrict default limited kod nomodify notrap nopeer noquery
The culprit turned out to be the 'kod' option in the restrict line.
The nagios check does not understand the contents of the 'KoD' package and
only reports that the server stratum is 0. Which is part of the KoD packet.
I created a patch to deal with this situation. The patch is in the
attachment.
-- System Information:
Debian Release: 7.5
APT prefers stable
APT policy: (990, 'stable')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages nagios-plugins-basic depends on:
ii iputils-ping 3:20101006-1+b1
ii libc6 2.13-38+deb7u1
ii libssl1.0.0 1.0.1e-2+deb7u11
ii nagios-plugins-common 1.4.16-1
ii procps 1:3.3.3-3
ii ucf 3.0025+nmu3
nagios-plugins-basic recommends no packages.
Versions of packages nagios-plugins-basic suggests:
pn nagios3 | icinga <none>
-- no debconf information
--- check_ntp_time.c.orig 2012-06-27 19:32:47.000000000 +0200
+++ check_ntp_time.c 2014-10-09 15:48:44.000000000 +0200
@@ -393,6 +393,21 @@
read(ufds[i].fd, &req[i], sizeof(ntp_message));
gettimeofday(&recv_time, NULL);
DBG(print_ntp_message(&req[i]));
+ /*
+ * Check for a KoD (rate limiting) response, cease and decist.
+ */
+ if ((LI(req[i].flags) == LI_ALARM) && (req[i].stratum == 0) &&
+ !memcmp("RATE", &(req[i].refid), 4)) {
+ if (verbose) {
+ printf("rate limit response from server.\n");
+ }
+ servers[i].num_responses=AVG_NUM;
+ servers[i].waiting=0;
+ servers_readable--;
+ servers_completed++;
+ continue;
+ }
+
respnum=servers[i].num_responses++;
servers[i].offset[respnum]=calc_offset(&req[i], &recv_time);
if(verbose) {
