NRPE SSL_shutdown patch
Jari Takkala
jtakkala at gmail.com
Thu Mar 29 10:52:46 CEST 2012
Hello,
I came across the same TCP RST issue as reported in
http://tracker.nagios.org/view.php?id=305. I've attached a patch for
nrpe.c, and also check_nrpe.c as pointed out by dnsmichi.
The problem is that when we call SSL_shutdown() only once, the server
sends an SSL shutdown message to the client. The client then responds
with it's own SSL shutdown message, and this ends up in the server's
socket receive buffer. However, since we never consume this message,
the kernel will send a RST to the client when the server process
exits. This pollutes our firewall logs and makes it harder to detect
more serious TCP errors in our monitoring.
The solution is to call SSL_shutdown() at least twice, and up to 4
times to be safe (usually SSL_shutdown() will return 1 after two
calls). There's a good explanation of this behaviour in the links I
provided within the bug report. I won't take up too much space
explaining it here.
Please apply the attached patch. Thanks!
Jari
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nrpe-ssl_shutdown-2.patch
Type: text/x-patch
Size: 1593 bytes
Desc: not available
URL: <https://www.monitoring-lists.org/archive/developers/attachments/20120329/83446e03/attachment.bin>
-------------- next part --------------
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
-------------- next part --------------
_______________________________________________
Nagios-devel mailing list
Nagios-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-devel
More information about the Developers
mailing list