OK,
To those of you who have been waiting for my Ganglia host spoofing
mod/hack - I'm sorry! Time to put the powers of open source
development to work. This modification of mine will allow you to send
gmetric messages on behalf of another host. This host may be real or
imaginary. No steps are taken to verify the host name and IP you
provide to gmetric!!!
Example:
gmetric --conf=/var/ganglia/gmond.conf --
spoof=123.456.678.901:YemiAbstractDevice --name=speed --value=35 --
units=mph --type=uint8
Will cause recipient gmond daemons to insert the metric update under
the host name "YemiAbstractDevice" with the IP address
123.456.678.901 .
This may prove to be invaluable for monitoring SNMP devices or
anything else you cannot run gmond on directly.
To implement this feature I added a spoof gmetric message structure
to the xdr protocol. The spoof data consists of the fake name and IP
address along with the regular gmetric data. Nothing fancy. When
gmond gets this message it uses the spoof data instead of taking the
info from the IP header. Once the data is inserted into the gmond
hash table it is indistinguishable. You can see this by querying the
XML port.
This is a first attempt and I hope that we can revise and improve
this code in order to get it into a future release. We should
consider the security implications of this feature. I suggest you
restrict your user's access to this patched implementation for now.
Below are patches for the ganglia-3.0.3 source code files:
lib/protocol.x
lib/libgmond.c
lib/ganglia.h
gmond/gmond.c
gmetric/gmetric.c
Save the patches to patchfiles and use the patch command:
patch <originalfile> <patchfile>
The only other mod required is to gmetric/cmdline.sh . Just add the
following option line to this file and run gengetopt:
option "spoof" S "IP address and name of host/device (colon
separated) we are spoofing" string default="" no
I think gmetric/cmdline.sh may only be available from the CVS source
tree.
That's it. recompile and try sending a spoof message to a modified
gmond. I look forward to your feedback. Let's see if we can get this
(or something like it) in an upcoming release.
-------
Yemi
===== Use the following to patch lib/protocol.x ==========
26a27,33
/* Yemi */
struct Ganglia_spoof_message {
string spoofName<>;
string spoofIP<>;
struct Ganglia_gmetric_message gmetric;
};
95c102,104
< GANGLIA_NUM_25_METRICS /* this should always directly follow the
last 25 metric_* */
---
GANGLIA_NUM_25_METRICS, /* this should always directly follow
the last 25 metric_* */
/* Yemi */
spoof_metric
100a110,112
/* Yemi */
case spoof_metric:
Ganglia_spoof_message spmetric;
===== Use the following to patch lib/libgmond.c ==========
702a703,750
// Yemi
int
Ganglia_gmetric_send_spoof( Ganglia_gmetric gmetric,
Ganglia_udp_send_channels send_channels, char* spoof_info)
{
int len;
XDR x;
char gmetricmsg[1500];
Ganglia_message msg;
char *spoofName;
char *spoofIP;
char *buff;
int spoof_info_len;
int result;
spoof_info_len = strlen(spoof_info);
buff = malloc(spoof_info_len+1);
strcpy(buff,spoof_info);
spoofIP = buff;
if( !(spoofName = strchr(buff+1,':')) ){
fprintf(stderr,"Incorrect format for spoof argument.
exiting.
\n");
exit(1);
}
*spoofName = 0;
spoofName++;
if(!(*spoofName)){
fprintf(stderr,"Incorrect format for spoof argument.
exiting.
\n");
exit(1);
}
printf(" spoofName: %s spoofIP: %s \n",spoofName,spoofIP);
msg.id = spoof_metric;
msg.Ganglia_message_u.spmetric.spoofName = spoofName;
msg.Ganglia_message_u.spmetric.spoofIP = spoofIP;
msg.Ganglia_message_u.spmetric.gmetric = *(gmetric->msg);
// memcpy( &(msg.Ganglia_message_u.gmetric), gmetric->msg,
sizeof
(Ganglia_gmetric_message));
/* Send the message */
xdrmem_create(&x, gmetricmsg, 1500, XDR_ENCODE);
xdr_Ganglia_message(&x, &msg);
len = xdr_getpos(&x);
result = Ganglia_udp_send_message( send_channels, gmetricmsg,
len);
free(buff);
return result;
}
===== Use the following to patch lib/ganglia.h ==========
60a61,62
// Yemi
int Ganglia_gmetric_send_spoof( Ganglia_gmetric gmetric,
Ganglia_udp_send_channels send_channels, char* spoof_info);
===== Use the following to patch gmond/gmond.c ==========
581c581
<
---
// Yemi
583c583
< Ganglia_host_get( char *remoteip, apr_sockaddr_t *sa,
Ganglia_message *fullmsg)
---
Ganglia_host_get( char *remIP, apr_sockaddr_t *sa, Ganglia_message
*fullmsg)
589c589,590
<
---
char *remoteip = remIP;
593a595,599
if(fullmsg->id == spoof_metric){
hostname = fullmsg->Ganglia_message_u.spmetric.spoofName;
remoteip = fullmsg->Ganglia_message_u.spmetric.spoofIP;
}
741a748,756
// Yemi
static Ganglia_metric *
Ganglia_message_find_spmetric( Ganglia_host *host, Ganglia_message
*message)
{
/* Keyed on the name element of the gmetric sent */
return (Ganglia_metric *)apr_hash_get( host->gmetrics,
message-
Ganglia_message_u.spmetric.gmetric.name,
APR_HASH_KEY_STRING);
}
756c771
<
---
764a780,784
// Yemi
else if(message->id == spoof_metric)
{
metric = Ganglia_message_find_spmetric( host, message);
}
787a808,812
// Yemi
if(message->id == spoof_metric)
{
metric->name = apr_pstrdup( metric->pool, message-
Ganglia_message_u.spmetric.gmetric.name );
}
796c821,823
< memcpy(&(metric->message), message, sizeof(Ganglia_message));
---
// Yemi
if(message->id == spoof_metric){
// Store data as regular gmetric in hash table!!
798c825,833
< if(message->id == metric_user_defined)
---
metric->message.id = metric_user_defined;
metric->message.Ganglia_message_u.gmetric = message-
Ganglia_message_u.spmetric.gmetric;
}else{
memcpy(&(metric->message), message,
sizeof(Ganglia_message));
}
if(message->id == metric_user_defined || message->id ==
spoof_metric)
===== Use the following to patch gmetric/gmetric.c ==========
75c75,81
< rval = Ganglia_gmetric_send(gmetric, send_channels);
---
//Yemi
if(!strlen(args_info.spoof_arg))
{
rval = Ganglia_gmetric_send(gmetric, send_channels);
}else{
rval = Ganglia_gmetric_send_spoof(gmetric,
send_channels,args_info.spoof_arg);
}
==== end of patches =======
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services,
security?
Get stuff done quickly with pre-integrated technology to make your
job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache
Geronimo