check_curl: fixed DNS caching for SSL hostnames (avoid CURLOPT_RESOLVE entry errors)

author: Andreas Baumann <mail@andreasbaumann.cc> 2021-07-25 18:39:07 +0200
committer: Andreas Baumann <mail@andreasbaumann.cc> 2021-07-25 18:39:07 +0200
commit: 3f5c54c7830b0529030bb08e2c333497e70b6eb1 (patch)
tree: 7cf4d880cefd37241ea0706c03955eb634734912
parent: 6e696643a5701ddd18945593743286b35b5944cb (diff)
download: monitoring-plugins-3f5c54c7830b0529030bb08e2c333497e70b6eb1.tar.gz
1 files changed, 51 insertions, 3 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index ba08c36b..2c91a275 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -59,6 +59,8 @@ const char *email = "devel@monitoring-plugins.org";
 #include <openssl/opensslv.h>
 #endif
+#include <netdb.h>
 #define MAKE_LIBCURL_VERSION(major, minor, patch) ((major)*0x10000 + (minor)*0x100 + (patch))
 #define DEFAULT_BUFFER_SIZE 2048
@@ -370,12 +372,55 @@ handle_curl_option_return_code (CURLcode res, const char* option)
 }
 int
+lookup_host (const char *host, char *buf, size_t buflen)
+{
+  struct addrinfo hints, *res, *result;
+  int errcode;
+  void *ptr;
+  memset (&hints, 0, sizeof (hints));
+  hints.ai_family = address_family;
+  hints.ai_socktype = SOCK_STREAM;
+  hints.ai_flags |= AI_CANONNAME;
+  errcode = getaddrinfo (host, NULL, &hints, &result);
+  if (errcode != 0)
+    return errcode;
+  
+  res = result;
+  while (res) {
+  inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen);
+  switch (res->ai_family) {
+    case AF_INET:
+      ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr;
+      break;
+    case AF_INET6:
+      ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
+    break;
+    }
+    inet_ntop (res->ai_family, ptr, buf, buflen);
+    if (verbose >= 1)
+      printf ("* getaddrinfo IPv%d address: %s\n",
+        res->ai_family == PF_INET6 ? 6 : 4, buf);
+    res = res->ai_next;
+  }
+  
+  freeaddrinfo(result);
+  return 0;
+}
+int
 check_http (void)
 {
  int result = STATE_OK;
  int page_len = 0;
  int i;
  char *force_host_header = NULL;
+  struct curl_slist *host = NULL;
+  char addrstr[100];
+  char dnscache[DEFAULT_BUFFER_SIZE];
  /* initialize curl */
  if (curl_global_init (CURL_GLOBAL_DEFAULT) != CURLE_OK)
@@ -418,9 +463,12 @@ check_http (void)
  // fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy
  if(use_ssl && host_name != NULL) {
-      struct curl_slist *host = NULL;
+      if ( (res=lookup_host (server_address, addrstr, 100)) != 0) {
-      char dnscache[DEFAULT_BUFFER_SIZE];
+        snprintf (msg, DEFAULT_BUFFER_SIZE, _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"),
-      snprintf (dnscache, DEFAULT_BUFFER_SIZE, "%s:%d:%s", host_name, server_port, server_address);
+          server_address, res, gai_strerror (res));
+        die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
+      }
+      snprintf (dnscache, DEFAULT_BUFFER_SIZE, "%s:%d:%s", host_name, server_port, addrstr);
      host = curl_slist_append(NULL, dnscache);
      curl_easy_setopt(curl, CURLOPT_RESOLVE, host);
      if (verbose>=1)
author	Andreas Baumann <mail@andreasbaumann.cc>	2021-07-25 18:39:07 +0200
committer	Andreas Baumann <mail@andreasbaumann.cc>	2021-07-25 18:39:07 +0200
commit	3f5c54c7830b0529030bb08e2c333497e70b6eb1 (patch)
tree	7cf4d880cefd37241ea0706c03955eb634734912
parent	6e696643a5701ddd18945593743286b35b5944cb (diff)
download	monitoring-plugins-3f5c54c7830b0529030bb08e2c333497e70b6eb1.tar.gz

diff --git a/plugins/check_curl.c b/plugins/check_curl.c index ba08c36b..2c91a275 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c
@@ -59,6 +59,8 @@ const char *email = "devel@monitoring-plugins.org";
59	#include <openssl/opensslv.h>	59	#include <openssl/opensslv.h>
60	#endif	60	#endif
61		61
		62	#include <netdb.h>
		63
62	#define MAKE_LIBCURL_VERSION(major, minor, patch) ((major)0x10000 + (minor)0x100 + (patch))	64	#define MAKE_LIBCURL_VERSION(major, minor, patch) ((major)0x10000 + (minor)0x100 + (patch))
63		65
64	#define DEFAULT_BUFFER_SIZE 2048	66	#define DEFAULT_BUFFER_SIZE 2048
@@ -370,12 +372,55 @@ handle_curl_option_return_code (CURLcode res, const char* option)
370	}	372	}
371		373
372	int	374	int
		375	lookup_host (const char host, char buf, size_t buflen)
		376	{
		377	struct addrinfo hints, res, result;
		378	int errcode;
		379	void *ptr;
		380
		381	memset (&hints, 0, sizeof (hints));
		382	hints.ai_family = address_family;
		383	hints.ai_socktype = SOCK_STREAM;
		384	hints.ai_flags \|= AI_CANONNAME;
		385
		386	errcode = getaddrinfo (host, NULL, &hints, &result);
		387	if (errcode != 0)
		388	return errcode;
		389
		390	res = result;
		391
		392	while (res) {
		393	inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen);
		394	switch (res->ai_family) {
		395	case AF_INET:
		396	ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr;
		397	break;
		398	case AF_INET6:
		399	ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
		400	break;
		401	}
		402	inet_ntop (res->ai_family, ptr, buf, buflen);
		403	if (verbose >= 1)
		404	printf ("* getaddrinfo IPv%d address: %s\n",
		405	res->ai_family == PF_INET6 ? 6 : 4, buf);
		406	res = res->ai_next;
		407	}
		408
		409	freeaddrinfo(result);
		410
		411	return 0;
		412	}
		413
		414	int
373	check_http (void)	415	check_http (void)
374	{	416	{
375	int result = STATE_OK;	417	int result = STATE_OK;
376	int page_len = 0;	418	int page_len = 0;
377	int i;	419	int i;
378	char *force_host_header = NULL;	420	char *force_host_header = NULL;
		421	struct curl_slist *host = NULL;
		422	char addrstr[100];
		423	char dnscache[DEFAULT_BUFFER_SIZE];
379		424
380	/* initialize curl */	425	/* initialize curl */
381	if (curl_global_init (CURL_GLOBAL_DEFAULT) != CURLE_OK)	426	if (curl_global_init (CURL_GLOBAL_DEFAULT) != CURLE_OK)
@@ -418,9 +463,12 @@ check_http (void)
418		463
419	// fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy	464	// fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy
420	if(use_ssl && host_name != NULL) {	465	if(use_ssl && host_name != NULL) {
421	struct curl_slist *host = NULL;	466	if ( (res=lookup_host (server_address, addrstr, 100)) != 0) {
422	char dnscache[DEFAULT_BUFFER_SIZE];	467	snprintf (msg, DEFAULT_BUFFER_SIZE, _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"),
423	snprintf (dnscache, DEFAULT_BUFFER_SIZE, "%s:%d:%s", host_name, server_port, server_address);	468	server_address, res, gai_strerror (res));
		469	die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
		470	}
		471	snprintf (dnscache, DEFAULT_BUFFER_SIZE, "%s:%d:%s", host_name, server_port, addrstr);
424	host = curl_slist_append(NULL, dnscache);	472	host = curl_slist_append(NULL, dnscache);
425	curl_easy_setopt(curl, CURLOPT_RESOLVE, host);	473	curl_easy_setopt(curl, CURLOPT_RESOLVE, host);
426	if (verbose>=1)	474	if (verbose>=1)