mtev_reverse_acl_decision_t
reverse_check_allow(const char *id, acceptor_closure_t *ac) {
mtev_hash_table *config;
noit_check_t *check;
const char *key;
uuid_t uuid;
char uuid_str[UUID_STR_LEN+1];
char expected_id[256];
if(strncmp(id, "check/", 6)) return MTEV_ACL_ABSTAIN;
strlcpy(uuid_str, id + 6, sizeof(uuid_str));
if(uuid_parse(uuid_str, uuid) != 0) return MTEV_ACL_DENY;
uuid_unparse_lower(uuid, uuid_str);
check = noit_poller_lookup(uuid);
if(!check) return MTEV_ACL_DENY;
config = noit_check_get_module_config(check, reverse_check_module_id);
if(config && mtev_hash_retr_str(config, "secret_key", strlen("secret_key"), &key)) {
snprintf(expected_id, sizeof(expected_id), "check/%s#%s", uuid_str, key);
}
else {
snprintf(expected_id, sizeof(expected_id), "check/%s", uuid_str);
}
if(!strncmp(id, expected_id, strlen(id))) return MTEV_ACL_ALLOW;
return MTEV_ACL_DENY;
}
static mtev_hook_return_t
reverse_check_hook_impl(void *closure, noit_check_t *check) {
mtev_hash_table *config;
config = noit_check_get_module_config(check, reverse_check_module_id);
if(config && mtev_hash_size(config)) {
mtev_hash_merge_as_dict(check->config, config);
}
return MTEV_HOOK_CONTINUE;
}
static mtev_hook_return_t
histogram_hook_special_impl(void *closure, noit_check_t *check, stats_t *stats,
const char *metric_name, metric_type_t type, const char *v,
mtev_boolean success) {
void *vht;
histotier *ht;
mtev_hash_table *config, *metrics;
const char *track = "";
mtev_dso_generic_t *self = closure;
struct histogram_config *conf = mtev_image_get_userdata(&self->hdr);
if(success) return MTEV_HOOK_CONTINUE;
config = noit_check_get_module_config(check, histogram_module_id);
if(!config || mtev_hash_size(config) == 0) return MTEV_HOOK_CONTINUE;
mtev_hash_retr_str(config, metric_name, strlen(metric_name), &track);
if(!track || strcmp(track, "add"))
return MTEV_HOOK_CONTINUE;
metrics = noit_check_get_module_metadata(check, histogram_module_id);
if(!metrics) {
metrics = calloc(1, sizeof(*metrics));
noit_check_set_module_metadata(check, histogram_module_id,
metrics, free_hash_o_histotier);
}
if(!mtev_hash_retrieve(metrics, metric_name, strlen(metric_name),
&vht)) {
ht = calloc(1, sizeof(*ht));
vht = ht;
mtev_hash_store(metrics, strdup(metric_name), strlen(metric_name),
vht);
}
else ht = vht;
if(v != NULL) {
/* We expect: H[<float>]=%d */
const char *lhs;
char *endptr;
double bucket;
u_int64_t cnt;
if(v[0] != 'H' || v[1] != '[') return MTEV_HOOK_CONTINUE;
if(NULL == (lhs = strchr(v+2, ']'))) return MTEV_HOOK_CONTINUE;
lhs++;
if(*lhs++ != '=') return MTEV_HOOK_CONTINUE;
bucket = strtod(v+2, &endptr);
if(endptr == v+2) return MTEV_HOOK_CONTINUE;
cnt = strtoull(lhs, &endptr, 10);
if(endptr == lhs) return MTEV_HOOK_CONTINUE;
update_histotier(ht, time(NULL), conf, check, metric_name, bucket, cnt);
}
return MTEV_HOOK_CONTINUE;
}
static mtev_hook_return_t
histogram_hook_impl(void *closure, noit_check_t *check, stats_t *stats,
metric_t *m) {
void *vht;
histotier *ht;
mtev_hash_table *config, *metrics;
const char *track = "";
mtev_dso_generic_t *self = closure;
struct histogram_config *conf = mtev_image_get_userdata(&self->hdr);
config = noit_check_get_module_config(check, histogram_module_id);
if(!config || mtev_hash_size(config) == 0) return MTEV_HOOK_CONTINUE;
mtev_hash_retr_str(config, m->metric_name, strlen(m->metric_name), &track);
if(!track || strcmp(track, "add"))
return MTEV_HOOK_CONTINUE;
metrics = noit_check_get_module_metadata(check, histogram_module_id);
if(!metrics) {
metrics = calloc(1, sizeof(*metrics));
noit_check_set_module_metadata(check, histogram_module_id,
metrics, free_hash_o_histotier);
}
if(!mtev_hash_retrieve(metrics, m->metric_name, strlen(m->metric_name),
&vht)) {
ht = calloc(1, sizeof(*ht));
vht = ht;
mtev_hash_store(metrics, strdup(m->metric_name), strlen(m->metric_name),
vht);
}
else ht = vht;
if(m->metric_value.vp != NULL) {
#define UPDATE_HISTOTIER(a) update_histotier(ht, time(NULL), conf, check, m->metric_name, *m->metric_value.a, 1)
switch(m->metric_type) {
case METRIC_UINT64:
UPDATE_HISTOTIER(L); break;
case METRIC_INT64:
UPDATE_HISTOTIER(l); break;
case METRIC_UINT32:
UPDATE_HISTOTIER(I); break;
case METRIC_INT32:
UPDATE_HISTOTIER(i); break;
case METRIC_DOUBLE:
UPDATE_HISTOTIER(n); break;
default: /*noop*/
break;
}
}
return MTEV_HOOK_CONTINUE;
}
static mtev_hook_return_t
_histogram_logger_impl(void *closure, noit_check_t *check, mtev_boolean passive) {
const char *track = "";
mtev_hash_table *config;
config = noit_check_get_module_config(check, histogram_module_id);
if(!config || mtev_hash_size(config) == 0) return MTEV_HOOK_CONTINUE;
mtev_hash_retr_str(config, "metrics", strlen("metrics"), &track);
if(!track || strcmp(track, "replace"))
return MTEV_HOOK_CONTINUE;
/* If we're replacing other metrics, then we prevent logging */
if(strcmp(track, "replace") == 0) return MTEV_HOOK_DONE;
return MTEV_HOOK_CONTINUE;
}
static mtev_boolean
cross_module_reverse_allowed(noit_check_t *check, const char *secret) {
void *vstr;
mtev_hash_table *config;
static int reverse_check_module_id = -1;
if(reverse_check_module_id < 0) {
reverse_check_module_id = noit_check_registered_module_by_name("reverse");
if(reverse_check_module_id < 0) return mtev_false;
}
config = noit_check_get_module_config(check, reverse_check_module_id);
if(!config) return mtev_false;
if(mtev_hash_retrieve(config, "key", strlen("key"), &vstr)) {
if(!strcmp((const char *)vstr, secret)) return mtev_true;
}
return mtev_false;
}
static noit_hook_return_t
ip_acl_hook_impl(void *closure, noit_module_t *self,
noit_check_t *check, noit_check_t *cause) {
char deny_msg[128];
stats_t current;
noit_hash_table *config;
noit_hash_iter iter = NOIT_HASH_ITER_ZERO;
const char *k = NULL;
int klen;
void *data;
config = noit_check_get_module_config(check, ip_acl_module_id);
if(!config || config->size == 0) return NOIT_HOOK_CONTINUE;
while(noit_hash_next(config, &iter, &k, &klen, &data)) {
if(k) {
void *dir = NULL;
unsigned char mask;
if(noit_hash_retrieve(&acls, k, strlen(k), &data)) {
btrie *acl = data;
if(check->target_family == AF_INET) {
dir = noit_find_bpm_route_ipv4(acl, &check->target_addr.addr, &mask);
if(dir == DENY_PTR) goto prevent;
else if(dir == ALLOW_PTR) return NOIT_HOOK_CONTINUE;
}
else if(check->target_family == AF_INET6) {
dir = noit_find_bpm_route_ipv6(acl, &check->target_addr.addr6, &mask);
if(dir == DENY_PTR) goto prevent;
else if(dir == ALLOW_PTR) return NOIT_HOOK_CONTINUE;
}
}
}
}
return NOIT_HOOK_CONTINUE;
prevent:
memset(¤t, 0, sizeof(current));
current.available = NP_UNAVAILABLE;
current.state = NP_BAD;
gettimeofday(¤t.whence, NULL);
snprintf(deny_msg, sizeof(deny_msg), "prevented by ACL '%s'", k ? k : "unknown");
current.status = deny_msg;
noit_check_set_stats(check, ¤t);
return NOIT_HOOK_DONE;
}
