Annotation of embedaddon/ntp/ntpd/ntp_proto.c, revision 1.1
1.1 ! misho 1: /*
! 2: * ntp_proto.c - NTP version 4 protocol machinery
! 3: *
! 4: * ATTENTION: Get approval from Dave Mills on all changes to this file!
! 5: *
! 6: */
! 7: #ifdef HAVE_CONFIG_H
! 8: #include <config.h>
! 9: #endif
! 10:
! 11: #include "ntpd.h"
! 12: #include "ntp_stdlib.h"
! 13: #include "ntp_unixtime.h"
! 14: #include "ntp_control.h"
! 15: #include "ntp_string.h"
! 16:
! 17: #include <stdio.h>
! 18: #ifdef HAVE_LIBSCF_H
! 19: #include <libscf.h>
! 20: #include <unistd.h>
! 21: #endif /* HAVE_LIBSCF_H */
! 22:
! 23:
! 24: #if defined(VMS) && defined(VMS_LOCALUNIT) /*wjm*/
! 25: #include "ntp_refclock.h"
! 26: #endif
! 27:
! 28: /*
! 29: * This macro defines the authentication state. If x is 1 authentication
! 30: * is required; othewise it is optional.
! 31: */
! 32: #define AUTH(x, y) ((x) ? (y) == AUTH_OK : (y) == AUTH_OK || \
! 33: (y) == AUTH_NONE)
! 34:
! 35: #define AUTH_NONE 0 /* authentication not required */
! 36: #define AUTH_OK 1 /* authentication OK */
! 37: #define AUTH_ERROR 2 /* authentication error */
! 38: #define AUTH_CRYPTO 3 /* crypto_NAK */
! 39:
! 40: /*
! 41: * traffic shaping parameters
! 42: */
! 43: #define NTP_IBURST 6 /* packets in iburst */
! 44: #define RESP_DELAY 1 /* refclock burst delay (s) */
! 45:
! 46: /*
! 47: * System variables are declared here. Unless specified otherwise, all
! 48: * times are in seconds.
! 49: */
! 50: u_char sys_leap; /* system leap indicator */
! 51: u_char sys_stratum; /* system stratum */
! 52: s_char sys_precision; /* local clock precision (log2 s) */
! 53: double sys_rootdelay; /* roundtrip delay to primary source */
! 54: double sys_rootdisp; /* dispersion to primary source */
! 55: u_int32 sys_refid; /* reference id (network byte order) */
! 56: l_fp sys_reftime; /* last update time */
! 57: struct peer *sys_peer; /* current peer */
! 58:
! 59: /*
! 60: * Rate controls. Leaky buckets are used to throttle the packet
! 61: * transmission rates in order to protect busy servers such as at NIST
! 62: * and USNO. There is a counter for each association and another for KoD
! 63: * packets. The association counter decrements each second, but not
! 64: * below zero. Each time a packet is sent the counter is incremented by
! 65: * a configurable value representing the average interval between
! 66: * packets. A packet is delayed as long as the counter is greater than
! 67: * zero. Note this does not affect the time value computations.
! 68: */
! 69: /*
! 70: * Nonspecified system state variables
! 71: */
! 72: int sys_bclient; /* broadcast client enable */
! 73: double sys_bdelay; /* broadcast client default delay */
! 74: int sys_authenticate; /* requre authentication for config */
! 75: l_fp sys_authdelay; /* authentication delay */
! 76: double sys_offset; /* current local clock offset */
! 77: double sys_mindisp = MINDISPERSE; /* minimum distance (s) */
! 78: double sys_maxdist = MAXDISTANCE; /* selection threshold */
! 79: double sys_jitter; /* system jitter */
! 80: u_long sys_epoch; /* last clock update time */
! 81: static double sys_clockhop; /* clockhop threshold */
! 82: int leap_tai; /* TAI at next next leap */
! 83: u_long leap_sec; /* next scheduled leap from file */
! 84: u_long leap_peers; /* next scheduled leap from peers */
! 85: u_long leap_expire; /* leap information expiration */
! 86: static int leap_vote; /* leap consensus */
! 87: keyid_t sys_private; /* private value for session seed */
! 88: int sys_manycastserver; /* respond to manycast client pkts */
! 89: int peer_ntpdate; /* active peers in ntpdate mode */
! 90: int sys_survivors; /* truest of the truechimers */
! 91:
! 92: /*
! 93: * TOS and multicast mapping stuff
! 94: */
! 95: int sys_floor = 0; /* cluster stratum floor */
! 96: int sys_ceiling = STRATUM_UNSPEC; /* cluster stratum ceiling */
! 97: int sys_minsane = 1; /* minimum candidates */
! 98: int sys_minclock = NTP_MINCLOCK; /* minimum candidates */
! 99: int sys_maxclock = NTP_MAXCLOCK; /* maximum candidates */
! 100: int sys_cohort = 0; /* cohort switch */
! 101: int sys_orphan = STRATUM_UNSPEC + 1; /* orphan stratum */
! 102: int sys_beacon = BEACON; /* manycast beacon interval */
! 103: int sys_ttlmax; /* max ttl mapping vector index */
! 104: u_char sys_ttl[MAX_TTL]; /* ttl mapping vector */
! 105:
! 106: /*
! 107: * Statistics counters - first the good, then the bad
! 108: */
! 109: u_long sys_stattime; /* elapsed time */
! 110: u_long sys_received; /* packets received */
! 111: u_long sys_processed; /* packets for this host */
! 112: u_long sys_newversion; /* current version */
! 113: u_long sys_oldversion; /* old version */
! 114: u_long sys_restricted; /* access denied */
! 115: u_long sys_badlength; /* bad length or format */
! 116: u_long sys_badauth; /* bad authentication */
! 117: u_long sys_declined; /* declined */
! 118: u_long sys_limitrejected; /* rate exceeded */
! 119: u_long sys_kodsent; /* KoD sent */
! 120:
! 121: static double root_distance (struct peer *);
! 122: static void clock_combine (struct peer **, int);
! 123: static void peer_xmit (struct peer *);
! 124: static void fast_xmit (struct recvbuf *, int, keyid_t,
! 125: int);
! 126: static void clock_update (struct peer *);
! 127: static int default_get_precision (void);
! 128: static int local_refid (struct peer *);
! 129: static int peer_unfit (struct peer *);
! 130:
! 131:
! 132: /*
! 133: * transmit - transmit procedure called by poll timeout
! 134: */
! 135: void
! 136: transmit(
! 137: struct peer *peer /* peer structure pointer */
! 138: )
! 139: {
! 140: int hpoll;
! 141:
! 142: /*
! 143: * The polling state machine. There are two kinds of machines,
! 144: * those that never expect a reply (broadcast and manycast
! 145: * server modes) and those that do (all other modes). The dance
! 146: * is intricate...
! 147: */
! 148: hpoll = peer->hpoll;
! 149:
! 150: /*
! 151: * In broadcast mode the poll interval is never changed from
! 152: * minpoll.
! 153: */
! 154: if (peer->cast_flags & (MDF_BCAST | MDF_MCAST)) {
! 155: peer->outdate = current_time;
! 156: if (sys_leap != LEAP_NOTINSYNC)
! 157: peer_xmit(peer);
! 158: poll_update(peer, hpoll);
! 159: return;
! 160: }
! 161:
! 162: /*
! 163: * In manycast mode we start with unity ttl. The ttl is
! 164: * increased by one for each poll until either sys_maxclock
! 165: * servers have been found or the maximum ttl is reached. When
! 166: * sys_maxclock servers are found we stop polling until one or
! 167: * more servers have timed out or until less than minpoll
! 168: * associations turn up. In this case additional better servers
! 169: * are dragged in and preempt the existing ones.
! 170: */
! 171: if (peer->cast_flags & MDF_ACAST) {
! 172: peer->outdate = current_time;
! 173: if (peer->unreach > sys_beacon) {
! 174: peer->unreach = 0;
! 175: peer->ttl = 0;
! 176: peer_xmit(peer);
! 177: } else if (sys_survivors < sys_minclock ||
! 178: peer_associations < sys_maxclock) {
! 179: if (peer->ttl < sys_ttlmax)
! 180: peer->ttl++;
! 181: peer_xmit(peer);
! 182: }
! 183: peer->unreach++;
! 184: poll_update(peer, hpoll);
! 185: return;
! 186: }
! 187:
! 188: /*
! 189: * In unicast modes the dance is much more intricate. It is
! 190: * desigmed to back off whenever possible to minimize network
! 191: * traffic.
! 192: */
! 193: if (peer->burst == 0) {
! 194: u_char oreach;
! 195:
! 196: /*
! 197: * Update the reachability status. If not heard for
! 198: * three consecutive polls, stuff infinity in the clock
! 199: * filter.
! 200: */
! 201: oreach = peer->reach;
! 202: peer->outdate = current_time;
! 203: peer->unreach++;
! 204: peer->reach <<= 1;
! 205: if (!(peer->reach & 0x0f))
! 206: clock_filter(peer, 0., 0., MAXDISPERSE);
! 207: if (!peer->reach) {
! 208:
! 209: /*
! 210: * Here the peer is unreachable. If it was
! 211: * previously reachable raise a trap. Send a
! 212: * burst if enabled.
! 213: */
! 214: if (oreach)
! 215: report_event(PEVNT_UNREACH, peer, NULL);
! 216: if ((peer->flags & FLAG_IBURST) &&
! 217: peer->retry == 0)
! 218: peer->retry = NTP_RETRY;
! 219: } else {
! 220:
! 221: /*
! 222: * Here the peer is reachable. Send a burst if
! 223: * enabled and the peer is fit.
! 224: */
! 225: hpoll = sys_poll;
! 226: if (!(peer->flags & FLAG_PREEMPT &&
! 227: peer->hmode == MODE_CLIENT))
! 228: peer->unreach = 0;
! 229: if ((peer->flags & FLAG_BURST) && peer->retry ==
! 230: 0 && !peer_unfit(peer))
! 231: peer->retry = NTP_RETRY;
! 232: }
! 233:
! 234: /*
! 235: * Watch for timeout. If preemptable, toss the rascal;
! 236: * otherwise, bump the poll interval. Note the
! 237: * poll_update() routine will clamp it to maxpoll.
! 238: */
! 239: if (peer->unreach >= NTP_UNREACH) {
! 240: hpoll++;
! 241: if (peer->flags & FLAG_PREEMPT) {
! 242: report_event(PEVNT_RESTART, peer,
! 243: "timeout");
! 244: if (peer->hmode != MODE_CLIENT) {
! 245: peer_clear(peer, "TIME");
! 246: unpeer(peer);
! 247: return;
! 248: }
! 249: if (peer_associations > sys_maxclock &&
! 250: score_all(peer)) {
! 251: peer_clear(peer, "TIME");
! 252: unpeer(peer);
! 253: return;
! 254: }
! 255: }
! 256: }
! 257: } else {
! 258: peer->burst--;
! 259: if (peer->burst == 0) {
! 260:
! 261: /*
! 262: * If ntpdate mode and the clock has not been
! 263: * set and all peers have completed the burst,
! 264: * we declare a successful failure.
! 265: */
! 266: if (mode_ntpdate) {
! 267: peer_ntpdate--;
! 268: if (peer_ntpdate == 0) {
! 269: msyslog(LOG_NOTICE,
! 270: "ntpd: no servers found");
! 271: printf(
! 272: "ntpd: no servers found\n");
! 273: exit (0);
! 274: }
! 275: }
! 276: }
! 277: }
! 278: if (peer->retry > 0)
! 279: peer->retry--;
! 280:
! 281: /*
! 282: * Do not transmit if in broadcast client mode.
! 283: */
! 284: if (peer->hmode != MODE_BCLIENT)
! 285: peer_xmit(peer);
! 286: poll_update(peer, hpoll);
! 287: }
! 288:
! 289:
! 290: /*
! 291: * receive - receive procedure called for each packet received
! 292: */
! 293: void
! 294: receive(
! 295: struct recvbuf *rbufp
! 296: )
! 297: {
! 298: register struct peer *peer; /* peer structure pointer */
! 299: register struct pkt *pkt; /* receive packet pointer */
! 300: int hisversion; /* packet version */
! 301: int hisleap; /* packet leap indicator */
! 302: int hismode; /* packet mode */
! 303: int hisstratum; /* packet stratum */
! 304: int restrict_mask; /* restrict bits */
! 305: int has_mac; /* length of MAC field */
! 306: int authlen; /* offset of MAC field */
! 307: int is_authentic = 0; /* cryptosum ok */
! 308: int retcode = AM_NOMATCH; /* match code */
! 309: keyid_t skeyid = 0; /* key IDs */
! 310: u_int32 opcode = 0; /* extension field opcode */
! 311: sockaddr_u *dstadr_sin; /* active runway */
! 312: struct peer *peer2; /* aux peer structure pointer */
! 313: endpt * match_ep; /* newpeer() local address */
! 314: l_fp p_org; /* origin timestamp */
! 315: l_fp p_rec; /* receive timestamp */
! 316: l_fp p_xmt; /* transmit timestamp */
! 317: #ifdef OPENSSL
! 318: struct autokey *ap; /* autokey structure pointer */
! 319: int rval; /* cookie snatcher */
! 320: keyid_t pkeyid = 0, tkeyid = 0; /* key IDs */
! 321: #endif /* OPENSSL */
! 322: #ifdef HAVE_NTP_SIGND
! 323: static unsigned char zero_key[16];
! 324: #endif /* HAVE_NTP_SIGND */
! 325:
! 326: /*
! 327: * Monitor the packet and get restrictions. Note that the packet
! 328: * length for control and private mode packets must be checked
! 329: * by the service routines. Some restrictions have to be handled
! 330: * later in order to generate a kiss-o'-death packet.
! 331: */
! 332: /*
! 333: * Bogus port check is before anything, since it probably
! 334: * reveals a clogging attack.
! 335: */
! 336: sys_received++;
! 337: if (SRCPORT(&rbufp->recv_srcadr) < NTP_PORT) {
! 338: sys_badlength++;
! 339: return; /* bogus port */
! 340: }
! 341: restrict_mask = restrictions(&rbufp->recv_srcadr);
! 342: #ifdef DEBUG
! 343: if (debug > 1)
! 344: printf("receive: at %ld %s<-%s flags %x restrict %03x\n",
! 345: current_time, stoa(&rbufp->dstadr->sin),
! 346: stoa(&rbufp->recv_srcadr),
! 347: rbufp->dstadr->flags, restrict_mask);
! 348: #endif
! 349: pkt = &rbufp->recv_pkt;
! 350: hisversion = PKT_VERSION(pkt->li_vn_mode);
! 351: hisleap = PKT_LEAP(pkt->li_vn_mode);
! 352: hismode = (int)PKT_MODE(pkt->li_vn_mode);
! 353: hisstratum = PKT_TO_STRATUM(pkt->stratum);
! 354: if (restrict_mask & RES_IGNORE) {
! 355: sys_restricted++;
! 356: return; /* ignore everything */
! 357: }
! 358: if (hismode == MODE_PRIVATE) {
! 359: if (restrict_mask & RES_NOQUERY) {
! 360: sys_restricted++;
! 361: return; /* no query private */
! 362: }
! 363: process_private(rbufp, ((restrict_mask &
! 364: RES_NOMODIFY) == 0));
! 365: return;
! 366: }
! 367: if (hismode == MODE_CONTROL) {
! 368: if (restrict_mask & RES_NOQUERY) {
! 369: sys_restricted++;
! 370: return; /* no query control */
! 371: }
! 372: process_control(rbufp, restrict_mask);
! 373: return;
! 374: }
! 375: if (restrict_mask & RES_DONTSERVE) {
! 376: sys_restricted++;
! 377: return; /* no time serve */
! 378: }
! 379:
! 380: /*
! 381: * This is for testing. If restricted drop ten percent of
! 382: * surviving packets.
! 383: */
! 384: if (restrict_mask & RES_TIMEOUT) {
! 385: if ((double)ntp_random() / 0x7fffffff < .1) {
! 386: sys_restricted++;
! 387: return; /* no flakeway */
! 388: }
! 389: }
! 390:
! 391: /*
! 392: * Version check must be after the query packets, since they
! 393: * intentionally use an early version.
! 394: */
! 395: if (hisversion == NTP_VERSION) {
! 396: sys_newversion++; /* new version */
! 397: } else if (!(restrict_mask & RES_VERSION) && hisversion >=
! 398: NTP_OLDVERSION) {
! 399: sys_oldversion++; /* previous version */
! 400: } else {
! 401: sys_badlength++;
! 402: return; /* old version */
! 403: }
! 404:
! 405: /*
! 406: * Figure out his mode and validate the packet. This has some
! 407: * legacy raunch that probably should be removed. In very early
! 408: * NTP versions mode 0 was equivalent to what later versions
! 409: * would interpret as client mode.
! 410: */
! 411: if (hismode == MODE_UNSPEC) {
! 412: if (hisversion == NTP_OLDVERSION) {
! 413: hismode = MODE_CLIENT;
! 414: } else {
! 415: sys_badlength++;
! 416: return; /* invalid mode */
! 417: }
! 418: }
! 419:
! 420: /*
! 421: * Parse the extension field if present. We figure out whether
! 422: * an extension field is present by measuring the MAC size. If
! 423: * the number of words following the packet header is 0, no MAC
! 424: * is present and the packet is not authenticated. If 1, the
! 425: * packet is a crypto-NAK; if 3, the packet is authenticated
! 426: * with DES; if 5, the packet is authenticated with MD5; if 6,
! 427: * the packet is authenticated with SHA. If 2 or * 4, the packet
! 428: * is a runt and discarded forthwith. If greater than 6, an
! 429: * extension field is present, so we subtract the length of the
! 430: * field and go around again.
! 431: */
! 432: authlen = LEN_PKT_NOMAC;
! 433: has_mac = rbufp->recv_length - authlen;
! 434: while (has_mac != 0) {
! 435: u_int32 len;
! 436:
! 437: if (has_mac % 4 != 0 || has_mac < MIN_MAC_LEN) {
! 438: sys_badlength++;
! 439: return; /* bad length */
! 440: }
! 441: if (has_mac <= MAX_MAC_LEN) {
! 442: skeyid = ntohl(((u_int32 *)pkt)[authlen / 4]);
! 443: break;
! 444:
! 445: } else {
! 446: opcode = ntohl(((u_int32 *)pkt)[authlen / 4]);
! 447: len = opcode & 0xffff;
! 448: if (len % 4 != 0 || len < 4 || len + authlen >
! 449: rbufp->recv_length) {
! 450: sys_badlength++;
! 451: return; /* bad length */
! 452: }
! 453: authlen += len;
! 454: has_mac -= len;
! 455: }
! 456: }
! 457:
! 458: /*
! 459: * If authentication required, a MAC must be present.
! 460: */
! 461: if (restrict_mask & RES_DONTTRUST && has_mac == 0) {
! 462: sys_restricted++;
! 463: return; /* access denied */
! 464: }
! 465:
! 466: /*
! 467: * Update the MRU list and finger the cloggers. It can be a
! 468: * little expensive, so turn it off for production use.
! 469: */
! 470: restrict_mask = ntp_monitor(rbufp, restrict_mask);
! 471: if (restrict_mask & RES_LIMITED) {
! 472: sys_limitrejected++;
! 473: if (!(restrict_mask & RES_KOD) || MODE_BROADCAST ==
! 474: hismode || MODE_SERVER == hismode)
! 475: return; /* rate exceeded */
! 476:
! 477: if (hismode == MODE_CLIENT)
! 478: fast_xmit(rbufp, MODE_SERVER, skeyid,
! 479: restrict_mask);
! 480: else
! 481: fast_xmit(rbufp, MODE_ACTIVE, skeyid,
! 482: restrict_mask);
! 483: return; /* rate exceeded */
! 484: }
! 485: restrict_mask &= ~RES_KOD;
! 486:
! 487: /*
! 488: * We have tossed out as many buggy packets as possible early in
! 489: * the game to reduce the exposure to a clogging attack. now we
! 490: * have to burn some cycles to find the association and
! 491: * authenticate the packet if required. Note that we burn only
! 492: * MD5 cycles, again to reduce exposure. There may be no
! 493: * matching association and that's okay.
! 494: *
! 495: * More on the autokey mambo. Normally the local interface is
! 496: * found when the association was mobilized with respect to a
! 497: * designated remote address. We assume packets arriving from
! 498: * the remote address arrive via this interface and the local
! 499: * address used to construct the autokey is the unicast address
! 500: * of the interface. However, if the sender is a broadcaster,
! 501: * the interface broadcast address is used instead.
! 502: * Notwithstanding this technobabble, if the sender is a
! 503: * multicaster, the broadcast address is null, so we use the
! 504: * unicast address anyway. Don't ask.
! 505: */
! 506: peer = findpeer(rbufp, hismode, &retcode);
! 507: dstadr_sin = &rbufp->dstadr->sin;
! 508: NTOHL_FP(&pkt->org, &p_org);
! 509: NTOHL_FP(&pkt->rec, &p_rec);
! 510: NTOHL_FP(&pkt->xmt, &p_xmt);
! 511:
! 512: /*
! 513: * Authentication is conditioned by three switches:
! 514: *
! 515: * NOPEER (RES_NOPEER) do not mobilize an association unless
! 516: * authenticated
! 517: * NOTRUST (RES_DONTTRUST) do not allow access unless
! 518: * authenticated (implies NOPEER)
! 519: * enable (sys_authenticate) master NOPEER switch, by default
! 520: * on
! 521: *
! 522: * The NOPEER and NOTRUST can be specified on a per-client basis
! 523: * using the restrict command. The enable switch if on implies
! 524: * NOPEER for all clients. There are four outcomes:
! 525: *
! 526: * NONE The packet has no MAC.
! 527: * OK the packet has a MAC and authentication succeeds
! 528: * ERROR the packet has a MAC and authentication fails
! 529: * CRYPTO crypto-NAK. The MAC has four octets only.
! 530: *
! 531: * Note: The AUTH(x, y) macro is used to filter outcomes. If x
! 532: * is zero, acceptable outcomes of y are NONE and OK. If x is
! 533: * one, the only acceptable outcome of y is OK.
! 534: */
! 535:
! 536: if (has_mac == 0) {
! 537: restrict_mask &= ~RES_MSSNTP;
! 538: is_authentic = AUTH_NONE; /* not required */
! 539: #ifdef DEBUG
! 540: if (debug)
! 541: printf(
! 542: "receive: at %ld %s<-%s mode %d len %d\n",
! 543: current_time, stoa(dstadr_sin),
! 544: stoa(&rbufp->recv_srcadr), hismode,
! 545: authlen);
! 546: #endif
! 547: } else if (has_mac == 4) {
! 548: restrict_mask &= ~RES_MSSNTP;
! 549: is_authentic = AUTH_CRYPTO; /* crypto-NAK */
! 550: #ifdef DEBUG
! 551: if (debug)
! 552: printf(
! 553: "receive: at %ld %s<-%s mode %d keyid %08x len %d auth %d\n",
! 554: current_time, stoa(dstadr_sin),
! 555: stoa(&rbufp->recv_srcadr), hismode, skeyid,
! 556: authlen + has_mac, is_authentic);
! 557: #endif
! 558:
! 559: #ifdef HAVE_NTP_SIGND
! 560: /*
! 561: * If the signature is 20 bytes long, the last 16 of
! 562: * which are zero, then this is a Microsoft client
! 563: * wanting AD-style authentication of the server's
! 564: * reply.
! 565: *
! 566: * This is described in Microsoft's WSPP docs, in MS-SNTP:
! 567: * http://msdn.microsoft.com/en-us/library/cc212930.aspx
! 568: */
! 569: } else if (has_mac == MAX_MD5_LEN && (restrict_mask & RES_MSSNTP) &&
! 570: (retcode == AM_FXMIT || retcode == AM_NEWPASS) &&
! 571: (memcmp(zero_key, (char *)pkt + authlen + 4, MAX_MD5_LEN - 4) ==
! 572: 0)) {
! 573: is_authentic = AUTH_NONE;
! 574: #endif /* HAVE_NTP_SIGND */
! 575:
! 576: } else {
! 577: restrict_mask &= ~RES_MSSNTP;
! 578: #ifdef OPENSSL
! 579: /*
! 580: * For autokey modes, generate the session key
! 581: * and install in the key cache. Use the socket
! 582: * broadcast or unicast address as appropriate.
! 583: */
! 584: if (crypto_flags && skeyid > NTP_MAXKEY) {
! 585:
! 586: /*
! 587: * More on the autokey dance (AKD). A cookie is
! 588: * constructed from public and private values.
! 589: * For broadcast packets, the cookie is public
! 590: * (zero). For packets that match no
! 591: * association, the cookie is hashed from the
! 592: * addresses and private value. For server
! 593: * packets, the cookie was previously obtained
! 594: * from the server. For symmetric modes, the
! 595: * cookie was previously constructed using an
! 596: * agreement protocol; however, should PKI be
! 597: * unavailable, we construct a fake agreement as
! 598: * the EXOR of the peer and host cookies.
! 599: *
! 600: * hismode ephemeral persistent
! 601: * =======================================
! 602: * active 0 cookie#
! 603: * passive 0% cookie#
! 604: * client sys cookie 0%
! 605: * server 0% sys cookie
! 606: * broadcast 0 0
! 607: *
! 608: * # if unsync, 0
! 609: * % can't happen
! 610: */
! 611: if (has_mac < MAX_MD5_LEN) {
! 612: sys_badauth++;
! 613: return;
! 614: }
! 615: if (hismode == MODE_BROADCAST) {
! 616:
! 617: /*
! 618: * For broadcaster, use the interface
! 619: * broadcast address when available;
! 620: * otherwise, use the unicast address
! 621: * found when the association was
! 622: * mobilized. However, if this is from
! 623: * the wildcard interface, game over.
! 624: */
! 625: if (crypto_flags && rbufp->dstadr ==
! 626: any_interface) {
! 627: sys_restricted++;
! 628: return; /* no wildcard */
! 629: }
! 630: pkeyid = 0;
! 631: if (!SOCK_UNSPEC(&rbufp->dstadr->bcast))
! 632: dstadr_sin =
! 633: &rbufp->dstadr->bcast;
! 634: } else if (peer == NULL) {
! 635: pkeyid = session_key(
! 636: &rbufp->recv_srcadr, dstadr_sin, 0,
! 637: sys_private, 0);
! 638: } else {
! 639: pkeyid = peer->pcookie;
! 640: }
! 641:
! 642: /*
! 643: * The session key includes both the public
! 644: * values and cookie. In case of an extension
! 645: * field, the cookie used for authentication
! 646: * purposes is zero. Note the hash is saved for
! 647: * use later in the autokey mambo.
! 648: */
! 649: if (authlen > LEN_PKT_NOMAC && pkeyid != 0) {
! 650: session_key(&rbufp->recv_srcadr,
! 651: dstadr_sin, skeyid, 0, 2);
! 652: tkeyid = session_key(
! 653: &rbufp->recv_srcadr, dstadr_sin,
! 654: skeyid, pkeyid, 0);
! 655: } else {
! 656: tkeyid = session_key(
! 657: &rbufp->recv_srcadr, dstadr_sin,
! 658: skeyid, pkeyid, 2);
! 659: }
! 660:
! 661: }
! 662: #endif /* OPENSSL */
! 663:
! 664: /*
! 665: * Compute the cryptosum. Note a clogging attack may
! 666: * succeed in bloating the key cache. If an autokey,
! 667: * purge it immediately, since we won't be needing it
! 668: * again. If the packet is authentic, it can mobilize an
! 669: * association. Note that there is no key zero.
! 670: */
! 671: if (!authdecrypt(skeyid, (u_int32 *)pkt, authlen,
! 672: has_mac))
! 673: is_authentic = AUTH_ERROR;
! 674: else
! 675: is_authentic = AUTH_OK;
! 676: #ifdef OPENSSL
! 677: if (crypto_flags && skeyid > NTP_MAXKEY)
! 678: authtrust(skeyid, 0);
! 679: #endif /* OPENSSL */
! 680: #ifdef DEBUG
! 681: if (debug)
! 682: printf(
! 683: "receive: at %ld %s<-%s mode %d keyid %08x len %d auth %d\n",
! 684: current_time, stoa(dstadr_sin),
! 685: stoa(&rbufp->recv_srcadr), hismode, skeyid,
! 686: authlen + has_mac, is_authentic);
! 687: #endif
! 688: }
! 689:
! 690: /*
! 691: * The association matching rules are implemented by a set of
! 692: * routines and an association table. A packet matching an
! 693: * association is processed by the peer process for that
! 694: * association. If there are no errors, an ephemeral association
! 695: * is mobilized: a broadcast packet mobilizes a broadcast client
! 696: * aassociation; a manycast server packet mobilizes a manycast
! 697: * client association; a symmetric active packet mobilizes a
! 698: * symmetric passive association.
! 699: */
! 700: switch (retcode) {
! 701:
! 702: /*
! 703: * This is a client mode packet not matching any association. If
! 704: * an ordinary client, simply toss a server mode packet back
! 705: * over the fence. If a manycast client, we have to work a
! 706: * little harder.
! 707: */
! 708: case AM_FXMIT:
! 709:
! 710: /*
! 711: * If authentication OK, send a server reply; otherwise,
! 712: * send a crypto-NAK.
! 713: */
! 714: if (!(rbufp->dstadr->flags & INT_MCASTOPEN)) {
! 715: if (AUTH(restrict_mask & RES_DONTTRUST,
! 716: is_authentic)) {
! 717: fast_xmit(rbufp, MODE_SERVER, skeyid,
! 718: restrict_mask);
! 719: } else if (is_authentic == AUTH_ERROR) {
! 720: fast_xmit(rbufp, MODE_SERVER, 0,
! 721: restrict_mask);
! 722: sys_badauth++;
! 723: } else {
! 724: sys_restricted++;
! 725: }
! 726: return; /* hooray */
! 727: }
! 728:
! 729: /*
! 730: * This must be manycast. Do not respond if not
! 731: * configured as a manycast server.
! 732: */
! 733: if (!sys_manycastserver) {
! 734: sys_restricted++;
! 735: return; /* not enabled */
! 736: }
! 737:
! 738: /*
! 739: * Do not respond if we are not synchronized or our
! 740: * stratum is greater than the manycaster or the
! 741: * manycaster has already synchronized to us.
! 742: */
! 743: if (sys_leap == LEAP_NOTINSYNC || sys_stratum >=
! 744: hisstratum || (!sys_cohort && sys_stratum ==
! 745: hisstratum + 1) || rbufp->dstadr->addr_refid ==
! 746: pkt->refid) {
! 747: sys_declined++;
! 748: return; /* no help */
! 749: }
! 750:
! 751: /*
! 752: * Respond only if authentication succeeds. Don't do a
! 753: * crypto-NAK, as that would not be useful.
! 754: */
! 755: if (AUTH(restrict_mask & RES_DONTTRUST, is_authentic))
! 756: fast_xmit(rbufp, MODE_SERVER, skeyid,
! 757: restrict_mask);
! 758: return; /* hooray */
! 759:
! 760: /*
! 761: * This is a server mode packet returned in response to a client
! 762: * mode packet sent to a multicast group address. The origin
! 763: * timestamp is a good nonce to reliably associate the reply
! 764: * with what was sent. If there is no match, that's curious and
! 765: * could be an intruder attempting to clog, so we just ignore
! 766: * it.
! 767: *
! 768: * If the packet is authentic and the manycast association is
! 769: * found, we mobilize a client association and copy pertinent
! 770: * variables from the manycast association to the new client
! 771: * association. If not, just ignore the packet.
! 772: *
! 773: * There is an implosion hazard at the manycast client, since
! 774: * the manycast servers send the server packet immediately. If
! 775: * the guy is already here, don't fire up a duplicate.
! 776: */
! 777: case AM_MANYCAST:
! 778: if (!AUTH(sys_authenticate | (restrict_mask &
! 779: (RES_NOPEER | RES_DONTTRUST)), is_authentic)) {
! 780: sys_restricted++;
! 781: return; /* access denied */
! 782: }
! 783:
! 784: /*
! 785: * Do not respond if unsynchronized or stratum is below
! 786: * the floor or at or above the ceiling.
! 787: */
! 788: if (hisleap == LEAP_NOTINSYNC || hisstratum <
! 789: sys_floor || hisstratum >= sys_ceiling) {
! 790: sys_declined++;
! 791: return; /* no help */
! 792: }
! 793: if ((peer2 = findmanycastpeer(rbufp)) == NULL) {
! 794: sys_restricted++;
! 795: return; /* not enabled */
! 796: }
! 797: if ((peer = newpeer(&rbufp->recv_srcadr, rbufp->dstadr,
! 798: MODE_CLIENT, hisversion, NTP_MINDPOLL, NTP_MAXDPOLL,
! 799: FLAG_PREEMPT, MDF_UCAST | MDF_ACLNT, 0, skeyid)) ==
! 800: NULL) {
! 801: sys_declined++;
! 802: return; /* ignore duplicate */
! 803: }
! 804:
! 805: /*
! 806: * We don't need these, but it warms the billboards.
! 807: */
! 808: if (peer2->flags & FLAG_IBURST)
! 809: peer->flags |= FLAG_IBURST;
! 810: peer->minpoll = peer2->minpoll;
! 811: peer->maxpoll = peer2->maxpoll;
! 812: break;
! 813:
! 814: /*
! 815: * This is the first packet received from a broadcast server. If
! 816: * the packet is authentic and we are enabled as broadcast
! 817: * client, mobilize a broadcast client association. We don't
! 818: * kiss any frogs here.
! 819: */
! 820: case AM_NEWBCL:
! 821: if (sys_bclient == 0) {
! 822: sys_restricted++;
! 823: return; /* not enabled */
! 824: }
! 825: if (!AUTH(sys_authenticate | (restrict_mask &
! 826: (RES_NOPEER | RES_DONTTRUST)), is_authentic)) {
! 827: sys_restricted++;
! 828: return; /* access denied */
! 829: }
! 830:
! 831: /*
! 832: * Do not respond if unsynchronized or stratum is below
! 833: * the floor or at or above the ceiling.
! 834: */
! 835: if (hisleap == LEAP_NOTINSYNC || hisstratum <
! 836: sys_floor || hisstratum >= sys_ceiling) {
! 837: sys_declined++;
! 838: return; /* no help */
! 839: }
! 840:
! 841: #ifdef OPENSSL
! 842: /*
! 843: * Do not respond if Autokey and the opcode is not a
! 844: * CRYPTO_ASSOC response with associationn ID.
! 845: */
! 846: if (crypto_flags && skeyid > NTP_MAXKEY && (opcode &
! 847: 0xffff0000) != (CRYPTO_ASSOC | CRYPTO_RESP)) {
! 848: sys_declined++;
! 849: return; /* protocol error */
! 850: }
! 851: #endif /* OPENSSL */
! 852:
! 853: /*
! 854: * Broadcasts received via a multicast address may
! 855: * arrive after a unicast volley has begun
! 856: * with the same remote address. newpeer() will not
! 857: * find duplicate associations on other local endpoints
! 858: * if a non-NULL endpoint is supplied. multicastclient
! 859: * ephemeral associations are unique across all local
! 860: * endpoints.
! 861: */
! 862: if (!(INT_MCASTOPEN & rbufp->dstadr->flags))
! 863: match_ep = rbufp->dstadr;
! 864: else
! 865: match_ep = NULL;
! 866:
! 867: /*
! 868: * Determine whether to execute the initial volley.
! 869: */
! 870: if (sys_bdelay != 0) {
! 871: #ifdef OPENSSL
! 872: /*
! 873: * If a two-way exchange is not possible,
! 874: * neither is Autokey.
! 875: */
! 876: if (crypto_flags && skeyid > NTP_MAXKEY) {
! 877: sys_restricted++;
! 878: return; /* no autokey */
! 879: }
! 880: #endif /* OPENSSL */
! 881:
! 882: /*
! 883: * Do not execute the volley. Start out in
! 884: * broadcast client mode.
! 885: */
! 886: peer = newpeer(&rbufp->recv_srcadr, match_ep,
! 887: MODE_BCLIENT, hisversion, pkt->ppoll,
! 888: pkt->ppoll, FLAG_PREEMPT, MDF_BCLNT, 0,
! 889: skeyid);
! 890: if (NULL == peer) {
! 891: sys_restricted++;
! 892: return; /* ignore duplicate */
! 893:
! 894: } else {
! 895: peer->delay = sys_bdelay;
! 896: peer->bias = -sys_bdelay / 2.;
! 897: }
! 898: break;
! 899: }
! 900:
! 901: /*
! 902: * Execute the initial volley in order to calibrate the
! 903: * propagation delay and run the Autokey protocol.
! 904: *
! 905: * Note that the minpoll is taken from the broadcast
! 906: * packet, normally 6 (64 s) and that the poll interval
! 907: * is fixed at this value.
! 908: */
! 909: peer = newpeer(&rbufp->recv_srcadr, match_ep,
! 910: MODE_CLIENT, hisversion, pkt->ppoll, pkt->ppoll,
! 911: FLAG_BC_VOL | FLAG_IBURST | FLAG_PREEMPT, MDF_BCLNT,
! 912: 0, skeyid);
! 913: if (NULL == peer) {
! 914: sys_restricted++;
! 915: return; /* ignore duplicate */
! 916: }
! 917: #ifdef OPENSSL
! 918: if (skeyid > NTP_MAXKEY)
! 919: crypto_recv(peer, rbufp);
! 920: #endif /* OPENSSL */
! 921:
! 922: return; /* hooray */
! 923:
! 924: /*
! 925: * This is the first packet received from a symmetric active
! 926: * peer. If the packet is authentic and the first he sent,
! 927: * mobilize a passive association. If not, kiss the frog.
! 928: */
! 929: case AM_NEWPASS:
! 930: if (!AUTH(sys_authenticate | (restrict_mask &
! 931: (RES_NOPEER | RES_DONTTRUST)), is_authentic)) {
! 932:
! 933: /*
! 934: * If authenticated but cannot mobilize an
! 935: * association, send a symmetric passive
! 936: * response without mobilizing an association.
! 937: * This is for drat broken Windows clients. See
! 938: * Microsoft KB 875424 for preferred workaround.
! 939: */
! 940: if (AUTH(restrict_mask & RES_DONTTRUST,
! 941: is_authentic)) {
! 942: fast_xmit(rbufp, MODE_PASSIVE, skeyid,
! 943: restrict_mask);
! 944: return; /* hooray */
! 945: }
! 946: if (is_authentic == AUTH_ERROR) {
! 947: fast_xmit(rbufp, MODE_ACTIVE, 0,
! 948: restrict_mask);
! 949: sys_restricted++;
! 950: }
! 951: }
! 952:
! 953: /*
! 954: * Do not respond if synchronized and stratum is either
! 955: * below the floor or at or above the ceiling. Note,
! 956: * this allows an unsynchronized peer to synchronize to
! 957: * us. It would be very strange if he did and then was
! 958: * nipped, but that could only happen if we were
! 959: * operating at the top end of the range.
! 960: */
! 961: if (hisleap != LEAP_NOTINSYNC && (hisstratum <
! 962: sys_floor || hisstratum >= sys_ceiling)) {
! 963: sys_declined++;
! 964: return; /* no help */
! 965: }
! 966:
! 967: /*
! 968: * The message is correctly authenticated and
! 969: * allowed. Mobiliae a symmetric passive association.
! 970: */
! 971: if ((peer = newpeer(&rbufp->recv_srcadr,
! 972: rbufp->dstadr, MODE_PASSIVE, hisversion, pkt->ppoll,
! 973: NTP_MAXDPOLL, FLAG_PREEMPT, MDF_UCAST, 0,
! 974: skeyid)) == NULL) {
! 975: sys_declined++;
! 976: return; /* ignore duplicate */
! 977: }
! 978: break;
! 979:
! 980:
! 981: /*
! 982: * Process regular packet. Nothing special.
! 983: */
! 984: case AM_PROCPKT:
! 985: break;
! 986:
! 987: /*
! 988: * A passive packet matches a passive association. This is
! 989: * usually the result of reconfiguring a client on the fly. As
! 990: * this association might be legitamate and this packet an
! 991: * attempt to deny service, just ignore it.
! 992: */
! 993: case AM_ERR:
! 994: sys_declined++;
! 995: return;
! 996:
! 997: /*
! 998: * For everything else there is the bit bucket.
! 999: */
! 1000: default:
! 1001: sys_declined++;
! 1002: return;
! 1003: }
! 1004:
! 1005: #ifdef OPENSSL
! 1006: /*
! 1007: * If the association is configured for Autokey, the packet must
! 1008: * have a public key ID; if not, the packet must have a
! 1009: * symmetric key ID.
! 1010: */
! 1011: if (is_authentic != AUTH_CRYPTO && (((peer->flags &
! 1012: FLAG_SKEY) && skeyid <= NTP_MAXKEY) || (!(peer->flags &
! 1013: FLAG_SKEY) && skeyid > NTP_MAXKEY))) {
! 1014: sys_badauth++;
! 1015: return;
! 1016: }
! 1017: #endif /* OPENSSL */
! 1018: peer->received++;
! 1019: peer->flash &= ~PKT_TEST_MASK;
! 1020: if (peer->flags & FLAG_XBOGUS) {
! 1021: peer->flags &= ~FLAG_XBOGUS;
! 1022: peer->flash |= TEST3;
! 1023: }
! 1024:
! 1025: /*
! 1026: * Next comes a rigorous schedule of timestamp checking. If the
! 1027: * transmit timestamp is zero, the server has not initialized in
! 1028: * interleaved modes or is horribly broken.
! 1029: */
! 1030: if (L_ISZERO(&p_xmt)) {
! 1031: peer->flash |= TEST3; /* unsynch */
! 1032:
! 1033: /*
! 1034: * If the transmit timestamp duplicates a previous one, the
! 1035: * packet is a replay. This prevents the bad guys from replaying
! 1036: * the most recent packet, authenticated or not.
! 1037: */
! 1038: } else if (L_ISEQU(&peer->xmt, &p_xmt)) {
! 1039: peer->flash |= TEST1; /* duplicate */
! 1040: peer->oldpkt++;
! 1041: return;
! 1042:
! 1043: /*
! 1044: * If this is a broadcast mode packet, skip further checking. If
! 1045: * an intial volley, bail out now and let the client do its
! 1046: * stuff. If the origin timestamp is nonzero, this is an
! 1047: * interleaved broadcast. so restart the protocol.
! 1048: */
! 1049: } else if (hismode == MODE_BROADCAST) {
! 1050: if (!L_ISZERO(&p_org) && !(peer->flags & FLAG_XB)) {
! 1051: peer->flags |= FLAG_XB;
! 1052: peer->aorg = p_xmt;
! 1053: peer->borg = rbufp->recv_time;
! 1054: report_event(PEVNT_XLEAVE, peer, NULL);
! 1055: return;
! 1056: }
! 1057:
! 1058: /*
! 1059: * Check for bogus packet in basic mode. If found, switch to
! 1060: * interleaved mode and resynchronize, but only after confirming
! 1061: * the packet is not bogus in symmetric interleaved mode.
! 1062: */
! 1063: } else if (peer->flip == 0) {
! 1064: if (!L_ISEQU(&p_org, &peer->aorg)) {
! 1065: peer->bogusorg++;
! 1066: peer->flash |= TEST2; /* bogus */
! 1067: if (!L_ISZERO(&peer->dst) && L_ISEQU(&p_org,
! 1068: &peer->dst)) {
! 1069: peer->flip = 1;
! 1070: report_event(PEVNT_XLEAVE, peer, NULL);
! 1071: }
! 1072: } else {
! 1073: L_CLR(&peer->aorg);
! 1074: }
! 1075:
! 1076: /*
! 1077: * Check for valid nonzero timestamp fields.
! 1078: */
! 1079: } else if (L_ISZERO(&p_org) || L_ISZERO(&p_rec) ||
! 1080: L_ISZERO(&peer->dst)) {
! 1081: peer->flash |= TEST3; /* unsynch */
! 1082:
! 1083: /*
! 1084: * Check for bogus packet in interleaved symmetric mode. This
! 1085: * can happen if a packet is lost, duplicat or crossed. If
! 1086: * found, flip and resynchronize.
! 1087: */
! 1088: } else if (!L_ISZERO(&peer->dst) && !L_ISEQU(&p_org,
! 1089: &peer->dst)) {
! 1090: peer->bogusorg++;
! 1091: peer->flags |= FLAG_XBOGUS;
! 1092: peer->flash |= TEST2; /* bogus */
! 1093: }
! 1094:
! 1095: /*
! 1096: * Update the state variables.
! 1097: */
! 1098: if (peer->flip == 0) {
! 1099: if (hismode != MODE_BROADCAST)
! 1100: peer->rec = p_xmt;
! 1101: peer->dst = rbufp->recv_time;
! 1102: }
! 1103: peer->xmt = p_xmt;
! 1104:
! 1105: /*
! 1106: * If this is a crypto_NAK, the server cannot authenticate a
! 1107: * client packet. The server might have just changed keys. Clear
! 1108: * the association and restart the protocol.
! 1109: */
! 1110: if (is_authentic == AUTH_CRYPTO) {
! 1111: report_event(PEVNT_AUTH, peer, "crypto_NAK");
! 1112: peer->flash |= TEST5; /* bad auth */
! 1113: peer->badauth++;
! 1114: if (peer->flags & FLAG_PREEMPT) {
! 1115: unpeer(peer);
! 1116: return;
! 1117: }
! 1118: #ifdef OPENSSL
! 1119: if (peer->crypto)
! 1120: peer_clear(peer, "AUTH");
! 1121: #endif /* OPENSSL */
! 1122: return;
! 1123:
! 1124: /*
! 1125: * If the digest fails, the client cannot authenticate a server
! 1126: * reply to a client packet previously sent. The loopback check
! 1127: * is designed to avoid a bait-and-switch attack, which was
! 1128: * possible in past versions. If symmetric modes, return a
! 1129: * crypto-NAK. The peer should restart the protocol.
! 1130: */
! 1131: } else if (!AUTH(has_mac || (restrict_mask & RES_DONTTRUST),
! 1132: is_authentic)) {
! 1133: report_event(PEVNT_AUTH, peer, "digest");
! 1134: peer->flash |= TEST5; /* bad auth */
! 1135: peer->badauth++;
! 1136: if (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE)
! 1137: fast_xmit(rbufp, MODE_ACTIVE, 0, restrict_mask);
! 1138: if (peer->flags & FLAG_PREEMPT) {
! 1139: unpeer(peer);
! 1140: return;
! 1141: }
! 1142: #ifdef OPENSSL
! 1143: if (peer->crypto)
! 1144: peer_clear(peer, "AUTH");
! 1145: #endif /* OPENSSL */
! 1146: return;
! 1147: }
! 1148:
! 1149: /*
! 1150: * Set the peer ppoll to the maximum of the packet ppoll and the
! 1151: * peer minpoll. If a kiss-o'-death, set the peer minpoll to
! 1152: * this maximumn and advance the headway to give the sender some
! 1153: * headroom. Very intricate.
! 1154: */
! 1155: peer->ppoll = max(peer->minpoll, pkt->ppoll);
! 1156: if (hismode == MODE_SERVER && hisleap == LEAP_NOTINSYNC &&
! 1157: hisstratum == STRATUM_UNSPEC && memcmp(&pkt->refid,
! 1158: "RATE", 4) == 0) {
! 1159: peer->selbroken++;
! 1160: report_event(PEVNT_RATE, peer, NULL);
! 1161: if (pkt->ppoll > peer->minpoll)
! 1162: peer->minpoll = peer->ppoll;
! 1163: peer->burst = peer->retry = 0;
! 1164: peer->throttle = (NTP_SHIFT + 1) * (1 << peer->minpoll);
! 1165: poll_update(peer, pkt->ppoll);
! 1166: return; /* kiss-o'-death */
! 1167: }
! 1168:
! 1169: /*
! 1170: * That was hard and I am sweaty, but the packet is squeaky
! 1171: * clean. Get on with real work.
! 1172: */
! 1173: peer->timereceived = current_time;
! 1174: if (is_authentic == AUTH_OK)
! 1175: peer->flags |= FLAG_AUTHENTIC;
! 1176: else
! 1177: peer->flags &= ~FLAG_AUTHENTIC;
! 1178:
! 1179: #ifdef OPENSSL
! 1180: /*
! 1181: * More autokey dance. The rules of the cha-cha are as follows:
! 1182: *
! 1183: * 1. If there is no key or the key is not auto, do nothing.
! 1184: *
! 1185: * 2. If this packet is in response to the one just previously
! 1186: * sent or from a broadcast server, do the extension fields.
! 1187: * Otherwise, assume bogosity and bail out.
! 1188: *
! 1189: * 3. If an extension field contains a verified signature, it is
! 1190: * self-authenticated and we sit the dance.
! 1191: *
! 1192: * 4. If this is a server reply, check only to see that the
! 1193: * transmitted key ID matches the received key ID.
! 1194: *
! 1195: * 5. Check to see that one or more hashes of the current key ID
! 1196: * matches the previous key ID or ultimate original key ID
! 1197: * obtained from the broadcaster or symmetric peer. If no
! 1198: * match, sit the dance and call for new autokey values.
! 1199: *
! 1200: * In case of crypto error, fire the orchestra, stop dancing and
! 1201: * restart the protocol.
! 1202: */
! 1203: if (peer->flags & FLAG_SKEY) {
! 1204: /*
! 1205: * Decrement remaining audokey hashes. This isn't
! 1206: * perfect if a packet is lost, but results in no harm.
! 1207: */
! 1208: ap = (struct autokey *)peer->recval.ptr;
! 1209: if (ap != NULL) {
! 1210: if (ap->seq > 0)
! 1211: ap->seq--;
! 1212: }
! 1213: peer->flash |= TEST8;
! 1214: rval = crypto_recv(peer, rbufp);
! 1215: if (rval == XEVNT_OK) {
! 1216: peer->unreach = 0;
! 1217: } else {
! 1218: if (rval == XEVNT_ERR) {
! 1219: report_event(PEVNT_RESTART, peer,
! 1220: "crypto error");
! 1221: peer_clear(peer, "CRYP");
! 1222: peer->flash |= TEST9; /* bad crypt */
! 1223: if (peer->flags & FLAG_PREEMPT)
! 1224: unpeer(peer);
! 1225: }
! 1226: return;
! 1227: }
! 1228:
! 1229: /*
! 1230: * If server mode, verify the receive key ID matches
! 1231: * the transmit key ID.
! 1232: */
! 1233: if (hismode == MODE_SERVER) {
! 1234: if (skeyid == peer->keyid)
! 1235: peer->flash &= ~TEST8;
! 1236:
! 1237: /*
! 1238: * If an extension field is present, verify only that it
! 1239: * has been correctly signed. We don't need a sequence
! 1240: * check here, but the sequence continues.
! 1241: */
! 1242: } else if (!(peer->flash & TEST8)) {
! 1243: peer->pkeyid = skeyid;
! 1244:
! 1245: /*
! 1246: * Now the fun part. Here, skeyid is the current ID in
! 1247: * the packet, pkeyid is the ID in the last packet and
! 1248: * tkeyid is the hash of skeyid. If the autokey values
! 1249: * have not been received, this is an automatic error.
! 1250: * If so, check that the tkeyid matches pkeyid. If not,
! 1251: * hash tkeyid and try again. If the number of hashes
! 1252: * exceeds the number remaining in the sequence, declare
! 1253: * a successful failure and refresh the autokey values.
! 1254: */
! 1255: } else if (ap != NULL) {
! 1256: int i;
! 1257:
! 1258: for (i = 0; ; i++) {
! 1259: if (tkeyid == peer->pkeyid ||
! 1260: tkeyid == ap->key) {
! 1261: peer->flash &= ~TEST8;
! 1262: peer->pkeyid = skeyid;
! 1263: ap->seq -= i;
! 1264: break;
! 1265: }
! 1266: if (i > ap->seq) {
! 1267: peer->crypto &=
! 1268: ~CRYPTO_FLAG_AUTO;
! 1269: break;
! 1270: }
! 1271: tkeyid = session_key(
! 1272: &rbufp->recv_srcadr, dstadr_sin,
! 1273: tkeyid, pkeyid, 0);
! 1274: }
! 1275: if (peer->flash & TEST8)
! 1276: report_event(PEVNT_AUTH, peer, "keylist");
! 1277: }
! 1278: if (!(peer->crypto & CRYPTO_FLAG_PROV)) /* test 9 */
! 1279: peer->flash |= TEST8; /* bad autokey */
! 1280:
! 1281: /*
! 1282: * The maximum lifetime of the protocol is about one
! 1283: * week before restarting the Autokey protocol to
! 1284: * refreshed certificates and leapseconds values.
! 1285: */
! 1286: if (current_time > peer->refresh) {
! 1287: report_event(PEVNT_RESTART, peer,
! 1288: "crypto refresh");
! 1289: peer_clear(peer, "TIME");
! 1290: return;
! 1291: }
! 1292: }
! 1293: #endif /* OPENSSL */
! 1294:
! 1295: /*
! 1296: * The dance is complete and the flash bits have been lit. Toss
! 1297: * the packet over the fence for processing, which may light up
! 1298: * more flashers.
! 1299: */
! 1300: process_packet(peer, pkt, rbufp->recv_length);
! 1301:
! 1302: /*
! 1303: * In interleaved mode update the state variables. Also adjust the
! 1304: * transmit phase to avoid crossover.
! 1305: */
! 1306: if (peer->flip != 0) {
! 1307: peer->rec = p_rec;
! 1308: peer->dst = rbufp->recv_time;
! 1309: if (peer->nextdate - current_time < (1 << min(peer->ppoll,
! 1310: peer->hpoll)) / 2)
! 1311: peer->nextdate++;
! 1312: else
! 1313: peer->nextdate--;
! 1314: }
! 1315: }
! 1316:
! 1317:
! 1318: /*
! 1319: * process_packet - Packet Procedure, a la Section 3.4.4 of the
! 1320: * specification. Or almost, at least. If we're in here we have a
! 1321: * reasonable expectation that we will be having a long term
! 1322: * relationship with this host.
! 1323: */
! 1324: void
! 1325: process_packet(
! 1326: register struct peer *peer,
! 1327: register struct pkt *pkt,
! 1328: u_int len
! 1329: )
! 1330: {
! 1331: double t34, t21;
! 1332: double p_offset, p_del, p_disp;
! 1333: l_fp p_rec, p_xmt, p_org, p_reftime, ci;
! 1334: u_char pmode, pleap, pstratum;
! 1335: char statstr[NTP_MAXSTRLEN];
! 1336: #ifdef ASSYM
! 1337: int itemp;
! 1338: double etemp, ftemp, td;
! 1339: #endif /* ASSYM */
! 1340:
! 1341: sys_processed++;
! 1342: peer->processed++;
! 1343: p_del = FPTOD(NTOHS_FP(pkt->rootdelay));
! 1344: p_offset = 0;
! 1345: p_disp = FPTOD(NTOHS_FP(pkt->rootdisp));
! 1346: NTOHL_FP(&pkt->reftime, &p_reftime);
! 1347: NTOHL_FP(&pkt->org, &p_org);
! 1348: NTOHL_FP(&pkt->rec, &p_rec);
! 1349: NTOHL_FP(&pkt->xmt, &p_xmt);
! 1350: pmode = PKT_MODE(pkt->li_vn_mode);
! 1351: pleap = PKT_LEAP(pkt->li_vn_mode);
! 1352: pstratum = PKT_TO_STRATUM(pkt->stratum);
! 1353:
! 1354: /*
! 1355: * Capture the header values in the client/peer association..
! 1356: */
! 1357: record_raw_stats(&peer->srcadr, peer->dstadr ?
! 1358: &peer->dstadr->sin : NULL, &p_org, &p_rec, &p_xmt,
! 1359: &peer->dst);
! 1360: peer->leap = pleap;
! 1361: peer->stratum = min(pstratum, STRATUM_UNSPEC);
! 1362: peer->pmode = pmode;
! 1363: peer->precision = pkt->precision;
! 1364: peer->rootdelay = p_del;
! 1365: peer->rootdisp = p_disp;
! 1366: peer->refid = pkt->refid; /* network byte order */
! 1367: peer->reftime = p_reftime;
! 1368:
! 1369: /*
! 1370: * First, if either burst mode is armed, enable the burst.
! 1371: * Compute the headway for the next packet and delay if
! 1372: * necessary to avoid exceeding the threshold.
! 1373: */
! 1374: if (peer->retry > 0) {
! 1375: peer->retry = 0;
! 1376: if (peer->reach)
! 1377: peer->burst = min(1 << (peer->hpoll -
! 1378: peer->minpoll), NTP_SHIFT) - 1;
! 1379: else
! 1380: peer->burst = NTP_IBURST - 1;
! 1381: if (peer->burst > 0)
! 1382: peer->nextdate = current_time;
! 1383: }
! 1384: poll_update(peer, peer->hpoll);
! 1385:
! 1386: /*
! 1387: * Verify the server is synchronized; that is, the leap bits,
! 1388: * stratum and root distance are valid.
! 1389: */
! 1390: if (pleap == LEAP_NOTINSYNC || /* test 6 */
! 1391: pstratum < sys_floor || pstratum >= sys_ceiling)
! 1392: peer->flash |= TEST6; /* bad synch or strat */
! 1393: if (p_del / 2 + p_disp >= MAXDISPERSE) /* test 7 */
! 1394: peer->flash |= TEST7; /* bad header */
! 1395:
! 1396: /*
! 1397: * If any tests fail at this point, the packet is discarded.
! 1398: * Note that some flashers may have already been set in the
! 1399: * receive() routine.
! 1400: */
! 1401: if (peer->flash & PKT_TEST_MASK) {
! 1402: peer->seldisptoolarge++;
! 1403: #ifdef DEBUG
! 1404: if (debug)
! 1405: printf("packet: flash header %04x\n",
! 1406: peer->flash);
! 1407: #endif
! 1408: return;
! 1409: }
! 1410:
! 1411: /*
! 1412: * If the peer was previously unreachable, raise a trap. In any
! 1413: * case, mark it reachable.
! 1414: */
! 1415: if (!peer->reach) {
! 1416: report_event(PEVNT_REACH, peer, NULL);
! 1417: peer->timereachable = current_time;
! 1418: }
! 1419: peer->reach |= 1;
! 1420:
! 1421: /*
! 1422: * For a client/server association, calculate the clock offset,
! 1423: * roundtrip delay and dispersion. The equations are reordered
! 1424: * from the spec for more efficient use of temporaries. For a
! 1425: * broadcast association, offset the last measurement by the
! 1426: * computed delay during the client/server volley. Note the
! 1427: * computation of dispersion includes the system precision plus
! 1428: * that due to the frequency error since the origin time.
! 1429: *
! 1430: * It is very important to respect the hazards of overflow. The
! 1431: * only permitted operation on raw timestamps is subtraction,
! 1432: * where the result is a signed quantity spanning from 68 years
! 1433: * in the past to 68 years in the future. To avoid loss of
! 1434: * precision, these calculations are done using 64-bit integer
! 1435: * arithmetic. However, the offset and delay calculations are
! 1436: * sums and differences of these first-order differences, which
! 1437: * if done using 64-bit integer arithmetic, would be valid over
! 1438: * only half that span. Since the typical first-order
! 1439: * differences are usually very small, they are converted to 64-
! 1440: * bit doubles and all remaining calculations done in floating-
! 1441: * double arithmetic. This preserves the accuracy while
! 1442: * retaining the 68-year span.
! 1443: *
! 1444: * There are three interleaving schemes, basic, interleaved
! 1445: * symmetric and interleaved broadcast. The timestamps are
! 1446: * idioscyncratically different. See the onwire briefing/white
! 1447: * paper at www.eecis.udel.edu/~mills for details.
! 1448: *
! 1449: * Interleaved symmetric mode
! 1450: * t1 = peer->aorg/borg, t2 = peer->rec, t3 = p_xmt,
! 1451: * t4 = peer->dst
! 1452: */
! 1453: if (peer->flip != 0) {
! 1454: ci = p_xmt; /* t3 - t4 */
! 1455: L_SUB(&ci, &peer->dst);
! 1456: LFPTOD(&ci, t34);
! 1457: ci = p_rec; /* t2 - t1 */
! 1458: if (peer->flip > 0)
! 1459: L_SUB(&ci, &peer->borg);
! 1460: else
! 1461: L_SUB(&ci, &peer->aorg);
! 1462: LFPTOD(&ci, t21);
! 1463: p_del = t21 - t34;
! 1464: p_offset = (t21 + t34) / 2.;
! 1465: if (p_del < 0 || p_del > 1.) {
! 1466: sprintf(statstr, "t21 %.6f t34 %.6f", t21, t34);
! 1467: report_event(PEVNT_XERR, peer, statstr);
! 1468: return;
! 1469: }
! 1470:
! 1471: /*
! 1472: * Broadcast modes
! 1473: */
! 1474: } else if (peer->pmode == MODE_BROADCAST) {
! 1475:
! 1476: /*
! 1477: * Interleaved broadcast mode. Use interleaved timestamps.
! 1478: * t1 = peer->borg, t2 = p_org, t3 = p_org, t4 = aorg
! 1479: */
! 1480: if (peer->flags & FLAG_XB) {
! 1481: ci = p_org; /* delay */
! 1482: L_SUB(&ci, &peer->aorg);
! 1483: LFPTOD(&ci, t34);
! 1484: ci = p_org; /* t2 - t1 */
! 1485: L_SUB(&ci, &peer->borg);
! 1486: LFPTOD(&ci, t21);
! 1487: peer->aorg = p_xmt;
! 1488: peer->borg = peer->dst;
! 1489: if (t34 < 0 || t34 > 1.) {
! 1490: sprintf(statstr,
! 1491: "offset %.6f delay %.6f", t21, t34);
! 1492: report_event(PEVNT_XERR, peer, statstr);
! 1493: return;
! 1494: }
! 1495: p_offset = t21;
! 1496: peer->xleave = t34;
! 1497:
! 1498: /*
! 1499: * Basic broadcast - use direct timestamps.
! 1500: * t3 = p_xmt, t4 = peer->dst
! 1501: */
! 1502: } else {
! 1503: ci = p_xmt; /* t3 - t4 */
! 1504: L_SUB(&ci, &peer->dst);
! 1505: LFPTOD(&ci, t34);
! 1506: p_offset = t34;
! 1507: }
! 1508:
! 1509: /*
! 1510: * When calibration is complete and the clock is
! 1511: * synchronized, the bias is calculated as the difference
! 1512: * between the unicast timestamp and the broadcast
! 1513: * timestamp. This works for both basic and interleaved
! 1514: * modes.
! 1515: */
! 1516: if (FLAG_BC_VOL & peer->flags) {
! 1517: peer->flags &= ~FLAG_BC_VOL;
! 1518: peer->delay = (peer->offset - p_offset) * 2;
! 1519: }
! 1520: p_del = peer->delay;
! 1521: p_offset += p_del / 2;
! 1522:
! 1523:
! 1524: /*
! 1525: * Basic mode, otherwise known as the old fashioned way.
! 1526: *
! 1527: * t1 = p_org, t2 = p_rec, t3 = p_xmt, t4 = peer->dst
! 1528: */
! 1529: } else {
! 1530: ci = p_xmt; /* t3 - t4 */
! 1531: L_SUB(&ci, &peer->dst);
! 1532: LFPTOD(&ci, t34);
! 1533: ci = p_rec; /* t2 - t1 */
! 1534: L_SUB(&ci, &p_org);
! 1535: LFPTOD(&ci, t21);
! 1536: p_del = fabs(t21 - t34);
! 1537: p_offset = (t21 + t34) / 2.;
! 1538: }
! 1539: p_offset += peer->bias;
! 1540: p_disp = LOGTOD(sys_precision) + LOGTOD(peer->precision) +
! 1541: clock_phi * p_del;
! 1542:
! 1543: #if ASSYM
! 1544: /*
! 1545: * This code calculates the outbound and inbound data rates by
! 1546: * measuring the differences between timestamps at different
! 1547: * packet lengths. This is helpful in cases of large asymmetric
! 1548: * delays commonly experienced on deep space communication
! 1549: * links.
! 1550: */
! 1551: if (peer->t21_last > 0 && peer->t34_bytes > 0) {
! 1552: itemp = peer->t21_bytes - peer->t21_last;
! 1553: if (itemp > 25) {
! 1554: etemp = t21 - peer->t21;
! 1555: if (fabs(etemp) > 1e-6) {
! 1556: ftemp = itemp / etemp;
! 1557: if (ftemp > 1000.)
! 1558: peer->r21 = ftemp;
! 1559: }
! 1560: }
! 1561: itemp = len - peer->t34_bytes;
! 1562: if (itemp > 25) {
! 1563: etemp = -t34 - peer->t34;
! 1564: if (fabs(etemp) > 1e-6) {
! 1565: ftemp = itemp / etemp;
! 1566: if (ftemp > 1000.)
! 1567: peer->r34 = ftemp;
! 1568: }
! 1569: }
! 1570: }
! 1571:
! 1572: /*
! 1573: * The following section compensates for different data rates on
! 1574: * the outbound (d21) and inbound (t34) directions. To do this,
! 1575: * it finds t such that r21 * t - r34 * (d - t) = 0, where d is
! 1576: * the roundtrip delay. Then it calculates the correction as a
! 1577: * fraction of d.
! 1578: */
! 1579: peer->t21 = t21;
! 1580: peer->t21_last = peer->t21_bytes;
! 1581: peer->t34 = -t34;
! 1582: peer->t34_bytes = len;
! 1583: #ifdef DEBUG
! 1584: if (debug > 1)
! 1585: printf("packet: t21 %.9lf %d t34 %.9lf %d\n", peer->t21,
! 1586: peer->t21_bytes, peer->t34, peer->t34_bytes);
! 1587: #endif
! 1588: if (peer->r21 > 0 && peer->r34 > 0 && p_del > 0) {
! 1589: if (peer->pmode != MODE_BROADCAST)
! 1590: td = (peer->r34 / (peer->r21 + peer->r34) -
! 1591: .5) * p_del;
! 1592: else
! 1593: td = 0;
! 1594:
! 1595: /*
! 1596: * Unfortunately, in many cases the errors are
! 1597: * unacceptable, so for the present the rates are not
! 1598: * used. In future, we might find conditions where the
! 1599: * calculations are useful, so this should be considered
! 1600: * a work in progress.
! 1601: */
! 1602: t21 -= td;
! 1603: t34 -= td;
! 1604: #ifdef DEBUG
! 1605: if (debug > 1)
! 1606: printf("packet: del %.6lf r21 %.1lf r34 %.1lf %.6lf\n",
! 1607: p_del, peer->r21 / 1e3, peer->r34 / 1e3,
! 1608: td);
! 1609: #endif
! 1610: }
! 1611: #endif /* ASSYM */
! 1612:
! 1613: /*
! 1614: * That was awesome. Now hand off to the clock filter.
! 1615: */
! 1616: clock_filter(peer, p_offset, p_del, p_disp);
! 1617:
! 1618: /*
! 1619: * If we are in broadcast calibrate mode, return to broadcast
! 1620: * client mode when the client is fit and the autokey dance is
! 1621: * complete.
! 1622: */
! 1623: if ((FLAG_BC_VOL & peer->flags) && MODE_CLIENT == peer->hmode &&
! 1624: !(TEST11 & peer_unfit(peer))) { /* distance exceeded */
! 1625: #ifdef OPENSSL
! 1626: if (peer->flags & FLAG_SKEY) {
! 1627: if (!(~peer->crypto & CRYPTO_FLAG_ALL))
! 1628: peer->hmode = MODE_BCLIENT;
! 1629: } else {
! 1630: peer->hmode = MODE_BCLIENT;
! 1631: }
! 1632: #else /* OPENSSL */
! 1633: peer->hmode = MODE_BCLIENT;
! 1634: #endif /* OPENSSL */
! 1635: }
! 1636: }
! 1637:
! 1638:
! 1639: /*
! 1640: * clock_update - Called at system process update intervals.
! 1641: */
! 1642: static void
! 1643: clock_update(
! 1644: struct peer *peer /* peer structure pointer */
! 1645: )
! 1646: {
! 1647: double dtemp;
! 1648: l_fp now;
! 1649: #ifdef HAVE_LIBSCF_H
! 1650: char *fmri;
! 1651: #endif /* HAVE_LIBSCF_H */
! 1652:
! 1653: /*
! 1654: * Update the system state variables. We do this very carefully,
! 1655: * as the poll interval might need to be clamped differently.
! 1656: */
! 1657: sys_peer = peer;
! 1658: sys_epoch = peer->epoch;
! 1659: if (sys_poll < peer->minpoll)
! 1660: sys_poll = peer->minpoll;
! 1661: if (sys_poll > peer->maxpoll)
! 1662: sys_poll = peer->maxpoll;
! 1663: poll_update(peer, sys_poll);
! 1664: sys_stratum = min(peer->stratum + 1, STRATUM_UNSPEC);
! 1665: if (peer->stratum == STRATUM_REFCLOCK ||
! 1666: peer->stratum == STRATUM_UNSPEC)
! 1667: sys_refid = peer->refid;
! 1668: else
! 1669: sys_refid = addr2refid(&peer->srcadr);
! 1670: dtemp = sys_jitter + fabs(sys_offset) + peer->disp +
! 1671: (peer->delay + peer->rootdelay) / 2 + clock_phi *
! 1672: (current_time - peer->update);
! 1673: sys_rootdisp = dtemp + peer->rootdisp;
! 1674: sys_rootdelay = peer->delay + peer->rootdelay;
! 1675: sys_reftime = peer->dst;
! 1676:
! 1677: #ifdef DEBUG
! 1678: if (debug)
! 1679: printf(
! 1680: "clock_update: at %lu sample %lu associd %d\n",
! 1681: current_time, peer->epoch, peer->associd);
! 1682: #endif
! 1683:
! 1684: /*
! 1685: * Comes now the moment of truth. Crank the clock discipline and
! 1686: * see what comes out.
! 1687: */
! 1688: switch (local_clock(peer, sys_offset)) {
! 1689:
! 1690: /*
! 1691: * Clock exceeds panic threshold. Life as we know it ends.
! 1692: */
! 1693: case -1:
! 1694: #ifdef HAVE_LIBSCF_H
! 1695: /*
! 1696: * For Solaris enter the maintenance mode.
! 1697: */
! 1698: if ((fmri = getenv("SMF_FMRI")) != NULL) {
! 1699: if (smf_maintain_instance(fmri, 0) < 0) {
! 1700: printf("smf_maintain_instance: %s\n",
! 1701: scf_strerror(scf_error()));
! 1702: exit(1);
! 1703: }
! 1704: /*
! 1705: * Sleep until SMF kills us.
! 1706: */
! 1707: for (;;)
! 1708: pause();
! 1709: }
! 1710: #endif /* HAVE_LIBSCF_H */
! 1711: exit (-1);
! 1712: /* not reached */
! 1713:
! 1714: /*
! 1715: * Clock was stepped. Flush all time values of all peers.
! 1716: */
! 1717: case 2:
! 1718: clear_all();
! 1719: sys_leap = LEAP_NOTINSYNC;
! 1720: sys_stratum = STRATUM_UNSPEC;
! 1721: memcpy(&sys_refid, "STEP", 4);
! 1722: sys_rootdelay = 0;
! 1723: sys_rootdisp = 0;
! 1724: L_CLR(&sys_reftime);
! 1725: sys_jitter = LOGTOD(sys_precision);
! 1726: leapsec = 0;
! 1727: break;
! 1728:
! 1729: /*
! 1730: * Clock was slewed. Handle the leapsecond stuff.
! 1731: */
! 1732: case 1:
! 1733:
! 1734: /*
! 1735: * If this is the first time the clock is set, reset the
! 1736: * leap bits. If crypto, the timer will goose the setup
! 1737: * process.
! 1738: */
! 1739: if (sys_leap == LEAP_NOTINSYNC) {
! 1740: sys_leap = LEAP_NOWARNING;
! 1741: #ifdef OPENSSL
! 1742: if (crypto_flags)
! 1743: crypto_update();
! 1744: #endif /* OPENSSL */
! 1745: }
! 1746:
! 1747: /*
! 1748: * If the leapseconds values are from file or network
! 1749: * and the leap is in the future, schedule a leap at the
! 1750: * given epoch. Otherwise, if the number of survivor
! 1751: * leap bits is greater than half the number of
! 1752: * survivors, schedule a leap for the end of the current
! 1753: * month.
! 1754: */
! 1755: get_systime(&now);
! 1756: if (leap_sec > 0) {
! 1757: if (leap_sec > now.l_ui) {
! 1758: sys_tai = leap_tai - 1;
! 1759: if (leapsec == 0)
! 1760: report_event(EVNT_ARMED, NULL,
! 1761: NULL);
! 1762: leapsec = leap_sec - now.l_ui;
! 1763: } else {
! 1764: sys_tai = leap_tai;
! 1765: }
! 1766: break;
! 1767:
! 1768: } else if (leap_vote > sys_survivors / 2) {
! 1769: leap_peers = now.l_ui + leap_month(now.l_ui);
! 1770: if (leap_peers > now.l_ui) {
! 1771: if (leapsec == 0)
! 1772: report_event(PEVNT_ARMED, peer,
! 1773: NULL);
! 1774: leapsec = leap_peers - now.l_ui;
! 1775: }
! 1776: } else if (leapsec > 0) {
! 1777: report_event(EVNT_DISARMED, NULL, NULL);
! 1778: leapsec = 0;
! 1779: }
! 1780: break;
! 1781:
! 1782: /*
! 1783: * Popcorn spike or step threshold exceeded. Pretend it never
! 1784: * happened.
! 1785: */
! 1786: default:
! 1787: break;
! 1788: }
! 1789: }
! 1790:
! 1791:
! 1792: /*
! 1793: * poll_update - update peer poll interval
! 1794: */
! 1795: void
! 1796: poll_update(
! 1797: struct peer *peer, /* peer structure pointer */
! 1798: int mpoll
! 1799: )
! 1800: {
! 1801: int hpoll, minpkt;
! 1802: u_long next, utemp;
! 1803:
! 1804: /*
! 1805: * This routine figures out when the next poll should be sent.
! 1806: * That turns out to be wickedly complicated. One problem is
! 1807: * that sometimes the time for the next poll is in the past when
! 1808: * the poll interval is reduced. We watch out for races here
! 1809: * between the receive process and the poll process.
! 1810: *
! 1811: * First, bracket the poll interval according to the type of
! 1812: * association and options. If a fixed interval is configured,
! 1813: * use minpoll. This primarily is for reference clocks, but
! 1814: * works for any association. Otherwise, clamp the poll interval
! 1815: * between minpoll and maxpoll.
! 1816: */
! 1817: if (peer->cast_flags & MDF_BCLNT)
! 1818: hpoll = peer->minpoll;
! 1819: else
! 1820: hpoll = max(min(peer->maxpoll, mpoll), peer->minpoll);
! 1821:
! 1822: #ifdef OPENSSL
! 1823: /*
! 1824: * If during the crypto protocol the poll interval has changed,
! 1825: * the lifetimes in the key list are probably bogus. Purge the
! 1826: * the key list and regenerate it later.
! 1827: */
! 1828: if ((peer->flags & FLAG_SKEY) && hpoll != peer->hpoll)
! 1829: key_expire(peer);
! 1830: #endif /* OPENSSL */
! 1831: peer->hpoll = hpoll;
! 1832:
! 1833: /*
! 1834: * There are three variables important for poll scheduling, the
! 1835: * current time (current_time), next scheduled time (nextdate)
! 1836: * and the earliest time (utemp). The earliest time is 2 s
! 1837: * seconds, but could be more due to rate management. When
! 1838: * sending in a burst, use the earliest time. When not in a
! 1839: * burst but with a reply pending, send at the earliest time
! 1840: * unless the next scheduled time has not advanced. This can
! 1841: * only happen if multiple replies are peinding in the same
! 1842: * response interval. Otherwise, send at the later of the next
! 1843: * scheduled time and the earliest time.
! 1844: *
! 1845: * Now we figure out if there is an override. If a burst is in
! 1846: * progress and we get called from the receive process, just
! 1847: * slink away. If called from the poll process, delay 1 s for a
! 1848: * reference clock, otherwise 2 s.
! 1849: */
! 1850: minpkt = 1 << ntp_minpkt;
! 1851: utemp = current_time + max(peer->throttle - (NTP_SHIFT - 1) *
! 1852: (1 << peer->minpoll), minpkt);
! 1853: if (peer->burst > 0) {
! 1854: if (peer->nextdate > current_time)
! 1855: return;
! 1856: #ifdef REFCLOCK
! 1857: else if (peer->flags & FLAG_REFCLOCK)
! 1858: peer->nextdate = current_time + RESP_DELAY;
! 1859: #endif /* REFCLOCK */
! 1860: else
! 1861: peer->nextdate = utemp;
! 1862:
! 1863: #ifdef OPENSSL
! 1864: /*
! 1865: * If a burst is not in progress and a crypto response message
! 1866: * is pending, delay 2 s, but only if this is a new interval.
! 1867: */
! 1868: } else if (peer->cmmd != NULL) {
! 1869: if (peer->nextdate > current_time) {
! 1870: if (peer->nextdate + minpkt != utemp)
! 1871: peer->nextdate = utemp;
! 1872: } else {
! 1873: peer->nextdate = utemp;
! 1874: }
! 1875: #endif /* OPENSSL */
! 1876:
! 1877: /*
! 1878: * The ordinary case. If a retry, use minpoll; if unreachable,
! 1879: * use host poll; otherwise, use the minimum of host and peer
! 1880: * polls; In other words, oversampling is okay but
! 1881: * understampling is evil. Use the maximum of this value and the
! 1882: * headway. If the average headway is greater than the headway
! 1883: * threshold, increase the headway by the minimum interval.
! 1884: */
! 1885: } else {
! 1886: if (peer->retry > 0)
! 1887: hpoll = peer->minpoll;
! 1888: else if (!(peer->reach))
! 1889: hpoll = peer->hpoll;
! 1890: else
! 1891: hpoll = min(peer->ppoll, peer->hpoll);
! 1892: #ifdef REFCLOCK
! 1893: if (peer->flags & FLAG_REFCLOCK)
! 1894: next = 1 << hpoll;
! 1895: else
! 1896: next = ((0x1000UL | (ntp_random() & 0x0ff)) <<
! 1897: hpoll) >> 12;
! 1898: #else /* REFCLOCK */
! 1899: next = ((0x1000UL | (ntp_random() & 0x0ff)) << hpoll) >>
! 1900: 12;
! 1901: #endif /* REFCLOCK */
! 1902: next += peer->outdate;
! 1903: if (next > utemp)
! 1904: peer->nextdate = next;
! 1905: else
! 1906: peer->nextdate = utemp;
! 1907: hpoll = peer->throttle - (1 << peer->minpoll);
! 1908: if (hpoll > 0)
! 1909: peer->nextdate += minpkt;
! 1910: }
! 1911: #ifdef DEBUG
! 1912: if (debug > 1)
! 1913: printf("poll_update: at %lu %s poll %d burst %d retry %d head %d early %lu next %lu\n",
! 1914: current_time, ntoa(&peer->srcadr), peer->hpoll,
! 1915: peer->burst, peer->retry, peer->throttle,
! 1916: utemp - current_time, peer->nextdate -
! 1917: current_time);
! 1918: #endif
! 1919: }
! 1920:
! 1921:
! 1922: /*
! 1923: * peer_clear - clear peer filter registers. See Section 3.4.8 of the
! 1924: * spec.
! 1925: */
! 1926: void
! 1927: peer_clear(
! 1928: struct peer *peer, /* peer structure */
! 1929: char *ident /* tally lights */
! 1930: )
! 1931: {
! 1932: int i;
! 1933:
! 1934: #ifdef OPENSSL
! 1935: /*
! 1936: * If cryptographic credentials have been acquired, toss them to
! 1937: * Valhalla. Note that autokeys are ephemeral, in that they are
! 1938: * tossed immediately upon use. Therefore, the keylist can be
! 1939: * purged anytime without needing to preserve random keys. Note
! 1940: * that, if the peer is purged, the cryptographic variables are
! 1941: * purged, too. This makes it much harder to sneak in some
! 1942: * unauthenticated data in the clock filter.
! 1943: */
! 1944: key_expire(peer);
! 1945: if (peer->iffval != NULL)
! 1946: BN_free(peer->iffval);
! 1947: value_free(&peer->cookval);
! 1948: value_free(&peer->recval);
! 1949: value_free(&peer->encrypt);
! 1950: value_free(&peer->sndval);
! 1951: if (peer->cmmd != NULL)
! 1952: free(peer->cmmd);
! 1953: if (peer->subject != NULL)
! 1954: free(peer->subject);
! 1955: if (peer->issuer != NULL)
! 1956: free(peer->issuer);
! 1957: #endif /* OPENSSL */
! 1958:
! 1959: /*
! 1960: * Clear all values, including the optional crypto values above.
! 1961: */
! 1962: memset(CLEAR_TO_ZERO(peer), 0, LEN_CLEAR_TO_ZERO);
! 1963: peer->ppoll = peer->maxpoll;
! 1964: peer->hpoll = peer->minpoll;
! 1965: peer->disp = MAXDISPERSE;
! 1966: peer->flash = peer_unfit(peer);
! 1967: peer->jitter = LOGTOD(sys_precision);
! 1968:
! 1969: /*
! 1970: * If interleave mode, initialize the alternate origin switch.
! 1971: */
! 1972: if (peer->flags & FLAG_XLEAVE)
! 1973: peer->flip = 1;
! 1974: for (i = 0; i < NTP_SHIFT; i++) {
! 1975: peer->filter_order[i] = i;
! 1976: peer->filter_disp[i] = MAXDISPERSE;
! 1977: }
! 1978: #ifdef REFCLOCK
! 1979: if (!(peer->flags & FLAG_REFCLOCK)) {
! 1980: peer->leap = LEAP_NOTINSYNC;
! 1981: peer->stratum = STRATUM_UNSPEC;
! 1982: memcpy(&peer->refid, ident, 4);
! 1983: }
! 1984: #else
! 1985: peer->leap = LEAP_NOTINSYNC;
! 1986: peer->stratum = STRATUM_UNSPEC;
! 1987: memcpy(&peer->refid, ident, 4);
! 1988: #endif /* REFCLOCK */
! 1989:
! 1990: /*
! 1991: * During initialization use the association count to spread out
! 1992: * the polls at one-second intervals. Otherwise, randomize over
! 1993: * the minimum poll interval in order to avoid broadcast
! 1994: * implosion.
! 1995: */
! 1996: peer->nextdate = peer->update = peer->outdate = current_time;
! 1997: if (initializing) {
! 1998: peer->nextdate += peer_associations;
! 1999: } else if (peer->hmode == MODE_PASSIVE) {
! 2000: peer->nextdate += 1 << ntp_minpkt;
! 2001: } else {
! 2002: peer->nextdate += ntp_random() % peer_associations;
! 2003: }
! 2004: #ifdef OPENSSL
! 2005: peer->refresh = current_time + (1 << NTP_REFRESH);
! 2006: #endif /* OPENSSL */
! 2007: #ifdef DEBUG
! 2008: if (debug)
! 2009: printf(
! 2010: "peer_clear: at %ld next %ld associd %d refid %s\n",
! 2011: current_time, peer->nextdate, peer->associd,
! 2012: ident);
! 2013: #endif
! 2014: }
! 2015:
! 2016:
! 2017: /*
! 2018: * clock_filter - add incoming clock sample to filter register and run
! 2019: * the filter procedure to find the best sample.
! 2020: */
! 2021: void
! 2022: clock_filter(
! 2023: struct peer *peer, /* peer structure pointer */
! 2024: double sample_offset, /* clock offset */
! 2025: double sample_delay, /* roundtrip delay */
! 2026: double sample_disp /* dispersion */
! 2027: )
! 2028: {
! 2029: double dst[NTP_SHIFT]; /* distance vector */
! 2030: int ord[NTP_SHIFT]; /* index vector */
! 2031: int i, j, k, m;
! 2032: double dtemp, etemp;
! 2033: char tbuf[80];
! 2034:
! 2035: /*
! 2036: * A sample consists of the offset, delay, dispersion and epoch
! 2037: * of arrival. The offset and delay are determined by the on-
! 2038: * wire protocol. The dispersion grows from the last outbound
! 2039: * packet to the arrival of this one increased by the sum of the
! 2040: * peer precision and the system precision as required by the
! 2041: * error budget. First, shift the new arrival into the shift
! 2042: * register discarding the oldest one.
! 2043: */
! 2044: j = peer->filter_nextpt;
! 2045: peer->filter_offset[j] = sample_offset;
! 2046: peer->filter_delay[j] = sample_delay;
! 2047: peer->filter_disp[j] = sample_disp;
! 2048: peer->filter_epoch[j] = current_time;
! 2049: j = (j + 1) % NTP_SHIFT;
! 2050: peer->filter_nextpt = j;
! 2051:
! 2052: /*
! 2053: * Update dispersions since the last update and at the same
! 2054: * time initialize the distance and index lists. Since samples
! 2055: * become increasingly uncorrelated beyond the Allan intercept,
! 2056: * only under exceptional cases will an older sample be used.
! 2057: * Therefore, the distance list uses a compound metric. If the
! 2058: * dispersion is greater than the maximum dispersion, clamp the
! 2059: * distance at that value. If the time since the last update is
! 2060: * less than the Allan intercept use the delay; otherwise, use
! 2061: * the sum of the delay and dispersion.
! 2062: */
! 2063: dtemp = clock_phi * (current_time - peer->update);
! 2064: peer->update = current_time;
! 2065: for (i = NTP_SHIFT - 1; i >= 0; i--) {
! 2066: if (i != 0)
! 2067: peer->filter_disp[j] += dtemp;
! 2068: if (peer->filter_disp[j] >= MAXDISPERSE) {
! 2069: peer->filter_disp[j] = MAXDISPERSE;
! 2070: dst[i] = MAXDISPERSE;
! 2071: } else if (peer->update - peer->filter_epoch[j] >
! 2072: ULOGTOD(allan_xpt)) {
! 2073: dst[i] = peer->filter_delay[j] +
! 2074: peer->filter_disp[j];
! 2075: } else {
! 2076: dst[i] = peer->filter_delay[j];
! 2077: }
! 2078: ord[i] = j;
! 2079: j = (j + 1) % NTP_SHIFT;
! 2080: }
! 2081:
! 2082: /*
! 2083: * If the clock discipline has stabilized, sort the samples by
! 2084: * distance.
! 2085: */
! 2086: if (sys_leap != LEAP_NOTINSYNC) {
! 2087: for (i = 1; i < NTP_SHIFT; i++) {
! 2088: for (j = 0; j < i; j++) {
! 2089: if (dst[j] > dst[i]) {
! 2090: k = ord[j];
! 2091: ord[j] = ord[i];
! 2092: ord[i] = k;
! 2093: etemp = dst[j];
! 2094: dst[j] = dst[i];
! 2095: dst[i] = etemp;
! 2096: }
! 2097: }
! 2098: }
! 2099: }
! 2100:
! 2101: /*
! 2102: * Copy the index list to the association structure so ntpq
! 2103: * can see it later. Prune the distance list to leave only
! 2104: * samples less than the maximum dispersion, which disfavors
! 2105: * uncorrelated samples older than the Allan intercept. To
! 2106: * further improve the jitter estimate, of the remainder leave
! 2107: * only samples less than the maximum distance, but keep at
! 2108: * least two samples for jitter calculation.
! 2109: */
! 2110: m = 0;
! 2111: for (i = 0; i < NTP_SHIFT; i++) {
! 2112: peer->filter_order[i] = (u_char) ord[i];
! 2113: if (dst[i] >= MAXDISPERSE || (m >= 2 && dst[i] >=
! 2114: sys_maxdist))
! 2115: continue;
! 2116: m++;
! 2117: }
! 2118:
! 2119: /*
! 2120: * Compute the dispersion and jitter. The dispersion is weighted
! 2121: * exponentially by NTP_FWEIGHT (0.5) so it is normalized close
! 2122: * to 1.0. The jitter is the RMS differences relative to the
! 2123: * lowest delay sample.
! 2124: */
! 2125: peer->disp = peer->jitter = 0;
! 2126: k = ord[0];
! 2127: for (i = NTP_SHIFT - 1; i >= 0; i--) {
! 2128: j = ord[i];
! 2129: peer->disp = NTP_FWEIGHT * (peer->disp +
! 2130: peer->filter_disp[j]);
! 2131: if (i < m)
! 2132: peer->jitter += DIFF(peer->filter_offset[j],
! 2133: peer->filter_offset[k]);
! 2134: }
! 2135:
! 2136: /*
! 2137: * If no acceptable samples remain in the shift register,
! 2138: * quietly tiptoe home leaving only the dispersion. Otherwise,
! 2139: * save the offset, delay and jitter. Note the jitter must not
! 2140: * be less than the precision.
! 2141: */
! 2142: if (m == 0) {
! 2143: clock_select();
! 2144: return;
! 2145: }
! 2146:
! 2147: etemp = fabs(peer->offset - peer->filter_offset[k]);
! 2148: peer->offset = peer->filter_offset[k];
! 2149: peer->delay = peer->filter_delay[k];
! 2150: if (m > 1)
! 2151: peer->jitter /= m - 1;
! 2152: peer->jitter = max(SQRT(peer->jitter), LOGTOD(sys_precision));
! 2153:
! 2154: /*
! 2155: * If the the new sample and the current sample are both valid
! 2156: * and the difference between their offsets exceeds CLOCK_SGATE
! 2157: * (3) times the jitter and the interval between them is less
! 2158: * than twice the host poll interval, consider the new sample
! 2159: * a popcorn spike and ignore it.
! 2160: */
! 2161: if (peer->disp < sys_maxdist && peer->filter_disp[k] <
! 2162: sys_maxdist && etemp > CLOCK_SGATE * peer->jitter &&
! 2163: peer->filter_epoch[k] - peer->epoch < 2. *
! 2164: ULOGTOD(peer->hpoll)) {
! 2165: snprintf(tbuf, sizeof(tbuf), "%.6f s", etemp);
! 2166: report_event(PEVNT_POPCORN, peer, tbuf);
! 2167: return;
! 2168: }
! 2169:
! 2170: /*
! 2171: * A new minimum sample is useful only if it is later than the
! 2172: * last one used. In this design the maximum lifetime of any
! 2173: * sample is not greater than eight times the poll interval, so
! 2174: * the maximum interval between minimum samples is eight
! 2175: * packets.
! 2176: */
! 2177: if (peer->filter_epoch[k] <= peer->epoch) {
! 2178: #if DEBUG
! 2179: if (debug)
! 2180: printf("clock_filter: old sample %lu\n", current_time -
! 2181: peer->filter_epoch[k]);
! 2182: #endif
! 2183: return;
! 2184: }
! 2185: peer->epoch = peer->filter_epoch[k];
! 2186:
! 2187: /*
! 2188: * The mitigated sample statistics are saved for later
! 2189: * processing. If not synchronized or not in a burst, tickle the
! 2190: * clock select algorithm.
! 2191: */
! 2192: record_peer_stats(&peer->srcadr, ctlpeerstatus(peer),
! 2193: peer->offset, peer->delay, peer->disp, peer->jitter);
! 2194: #ifdef DEBUG
! 2195: if (debug)
! 2196: printf(
! 2197: "clock_filter: n %d off %.6f del %.6f dsp %.6f jit %.6f\n",
! 2198: m, peer->offset, peer->delay, peer->disp,
! 2199: peer->jitter);
! 2200: #endif
! 2201: if (peer->burst == 0 || sys_leap == LEAP_NOTINSYNC)
! 2202: clock_select();
! 2203: }
! 2204:
! 2205:
! 2206: /*
! 2207: * clock_select - find the pick-of-the-litter clock
! 2208: *
! 2209: * LOCKCLOCK: (1) If the local clock is the prefer peer, it will always
! 2210: * be enabled, even if declared falseticker, (2) only the prefer peer
! 2211: * caN Be selected as the system peer, (3) if the external source is
! 2212: * down, the system leap bits are set to 11 and the stratum set to
! 2213: * infinity.
! 2214: */
! 2215: void
! 2216: clock_select(void)
! 2217: {
! 2218: struct peer *peer;
! 2219: int i, j, k, n;
! 2220: int nlist, nl3;
! 2221: int allow, osurv;
! 2222: double d, e, f, g;
! 2223: double high, low;
! 2224: double seljitter;
! 2225: double synch[NTP_MAXASSOC], error[NTP_MAXASSOC];
! 2226: double orphmet = 2.0 * U_INT32_MAX; /* 2x is greater than */
! 2227: struct peer *osys_peer = NULL;
! 2228: struct peer *sys_prefer = NULL; /* prefer peer */
! 2229: struct peer *typesystem = NULL;
! 2230: struct peer *typeorphan = NULL;
! 2231: #ifdef REFCLOCK
! 2232: struct peer *typeacts = NULL;
! 2233: struct peer *typelocal = NULL;
! 2234: struct peer *typepps = NULL;
! 2235: #endif /* REFCLOCK */
! 2236:
! 2237: static int list_alloc = 0;
! 2238: static struct endpoint *endpoint = NULL;
! 2239: static int *indx = NULL;
! 2240: static struct peer **peer_list = NULL;
! 2241: static u_int endpoint_size = 0;
! 2242: static u_int indx_size = 0;
! 2243: static u_int peer_list_size = 0;
! 2244:
! 2245: /*
! 2246: * Initialize and create endpoint, index and peer lists big
! 2247: * enough to handle all associations.
! 2248: */
! 2249: osys_peer = sys_peer;
! 2250: osurv = sys_survivors;
! 2251: sys_survivors = 0;
! 2252: #ifdef LOCKCLOCK
! 2253: sys_leap = LEAP_NOTINSYNC;
! 2254: sys_stratum = STRATUM_UNSPEC;
! 2255: memcpy(&sys_refid, "DOWN", 4);
! 2256: #endif /* LOCKCLOCK */
! 2257: nlist = 0;
! 2258: for (n = 0; n < NTP_HASH_SIZE; n++)
! 2259: nlist += peer_hash_count[n];
! 2260: if (nlist > list_alloc) {
! 2261: if (list_alloc > 0) {
! 2262: free(endpoint);
! 2263: free(indx);
! 2264: free(peer_list);
! 2265: }
! 2266: while (list_alloc < nlist) {
! 2267: list_alloc += 5;
! 2268: endpoint_size += 5 * 3 * sizeof(*endpoint);
! 2269: indx_size += 5 * 3 * sizeof(*indx);
! 2270: peer_list_size += 5 * sizeof(*peer_list);
! 2271: }
! 2272: endpoint = (struct endpoint *)emalloc(endpoint_size);
! 2273: indx = (int *)emalloc(indx_size);
! 2274: peer_list = (struct peer **)emalloc(peer_list_size);
! 2275: }
! 2276:
! 2277: /*
! 2278: * Initially, we populate the island with all the rifraff peers
! 2279: * that happen to be lying around. Those with seriously
! 2280: * defective clocks are immediately booted off the island. Then,
! 2281: * the falsetickers are culled and put to sea. The truechimers
! 2282: * remaining are subject to repeated rounds where the most
! 2283: * unpopular at each round is kicked off. When the population
! 2284: * has dwindled to sys_minclock, the survivors split a million
! 2285: * bucks and collectively crank the chimes.
! 2286: */
! 2287: nlist = nl3 = 0; /* none yet */
! 2288: for (n = 0; n < NTP_HASH_SIZE; n++) {
! 2289: for (peer = peer_hash[n]; peer != NULL; peer =
! 2290: peer->next) {
! 2291: peer->new_status = CTL_PST_SEL_REJECT;
! 2292:
! 2293: /*
! 2294: * Leave the island immediately if the peer is
! 2295: * unfit to synchronize.
! 2296: */
! 2297: if (peer_unfit(peer))
! 2298: continue;
! 2299:
! 2300: /*
! 2301: * If this peer is an orphan parent, elect the
! 2302: * one with the lowest metric defined as the
! 2303: * IPv4 address or the first 64 bits of the
! 2304: * hashed IPv6 address. To ensure convergence
! 2305: * on the same selected orphan, consider as
! 2306: * well that this system may have the lowest
! 2307: * metric and be the orphan parent. If this
! 2308: * system wins, sys_peer will be NULL to trigger
! 2309: * orphan mode in timer().
! 2310: */
! 2311: if (peer->stratum == sys_orphan) {
! 2312: u_int32 localmet;
! 2313: u_int32 peermet;
! 2314:
! 2315: if (peer->dstadr != NULL)
! 2316: localmet = ntohl(peer->dstadr->addr_refid);
! 2317: else
! 2318: localmet = U_INT32_MAX;
! 2319: peermet = ntohl(addr2refid(&peer->srcadr));
! 2320: if (peermet < localmet &&
! 2321: peermet < orphmet) {
! 2322: typeorphan = peer;
! 2323: orphmet = peermet;
! 2324: }
! 2325: continue;
! 2326: }
! 2327:
! 2328: /*
! 2329: * If this peer could have the orphan parent
! 2330: * as a synchronization ancestor, exclude it
! 2331: * from selection to avoid forming a
! 2332: * synchronization loop within the orphan mesh,
! 2333: * triggering stratum climb to infinity
! 2334: * instability. Peers at stratum higher than
! 2335: * the orphan stratum could have the orphan
! 2336: * parent in ancestry so are excluded.
! 2337: * See http://bugs.ntp.org/2050
! 2338: */
! 2339: if (peer->stratum > sys_orphan)
! 2340: continue;
! 2341: #ifdef REFCLOCK
! 2342: /*
! 2343: * The following are special cases. We deal
! 2344: * with them later.
! 2345: */
! 2346: if (!(peer->flags & FLAG_PREFER)) {
! 2347: switch (peer->refclktype) {
! 2348: case REFCLK_LOCALCLOCK:
! 2349: if (typelocal == NULL)
! 2350: typelocal = peer;
! 2351: continue;
! 2352:
! 2353: case REFCLK_ACTS:
! 2354: if (typeacts == NULL)
! 2355: typeacts = peer;
! 2356: continue;
! 2357: }
! 2358: }
! 2359: #endif /* REFCLOCK */
! 2360:
! 2361: /*
! 2362: * If we get this far, the peer can stay on the
! 2363: * island, but does not yet have the immunity
! 2364: * idol.
! 2365: */
! 2366: peer->new_status = CTL_PST_SEL_SANE;
! 2367: peer_list[nlist++] = peer;
! 2368:
! 2369: /*
! 2370: * Insert each interval endpoint on the sorted
! 2371: * list.
! 2372: */
! 2373: e = peer->offset; /* Upper end */
! 2374: f = root_distance(peer);
! 2375: e = e + f;
! 2376: for (i = nl3 - 1; i >= 0; i--) {
! 2377: if (e >= endpoint[indx[i]].val)
! 2378: break;
! 2379:
! 2380: indx[i + 3] = indx[i];
! 2381: }
! 2382: indx[i + 3] = nl3;
! 2383: endpoint[nl3].type = 1;
! 2384: endpoint[nl3++].val = e;
! 2385:
! 2386: e = e - f; /* Center point */
! 2387: for (; i >= 0; i--) {
! 2388: if (e >= endpoint[indx[i]].val)
! 2389: break;
! 2390:
! 2391: indx[i + 2] = indx[i];
! 2392: }
! 2393: indx[i + 2] = nl3;
! 2394: endpoint[nl3].type = 0;
! 2395: endpoint[nl3++].val = e;
! 2396:
! 2397: e = e - f; /* Lower end */
! 2398: for (; i >= 0; i--) {
! 2399: if (e >= endpoint[indx[i]].val)
! 2400: break;
! 2401:
! 2402: indx[i + 1] = indx[i];
! 2403: }
! 2404: indx[i + 1] = nl3;
! 2405: endpoint[nl3].type = -1;
! 2406: endpoint[nl3++].val = e;
! 2407: }
! 2408: }
! 2409: #ifdef DEBUG
! 2410: if (debug > 2)
! 2411: for (i = 0; i < nl3; i++)
! 2412: printf("select: endpoint %2d %.6f\n",
! 2413: endpoint[indx[i]].type,
! 2414: endpoint[indx[i]].val);
! 2415: #endif
! 2416: /*
! 2417: * This is the actual algorithm that cleaves the truechimers
! 2418: * from the falsetickers. The original algorithm was described
! 2419: * in Keith Marzullo's dissertation, but has been modified for
! 2420: * better accuracy.
! 2421: *
! 2422: * Briefly put, we first assume there are no falsetickers, then
! 2423: * scan the candidate list first from the low end upwards and
! 2424: * then from the high end downwards. The scans stop when the
! 2425: * number of intersections equals the number of candidates less
! 2426: * the number of falsetickers. If this doesn't happen for a
! 2427: * given number of falsetickers, we bump the number of
! 2428: * falsetickers and try again. If the number of falsetickers
! 2429: * becomes equal to or greater than half the number of
! 2430: * candidates, the Albanians have won the Byzantine wars and
! 2431: * correct synchronization is not possible.
! 2432: *
! 2433: * Here, nlist is the number of candidates and allow is the
! 2434: * number of falsetickers. Upon exit, the truechimers are the
! 2435: * survivors with offsets not less than low and not greater than
! 2436: * high. There may be none of them.
! 2437: */
! 2438: low = 1e9;
! 2439: high = -1e9;
! 2440: for (allow = 0; 2 * allow < nlist; allow++) {
! 2441: int found;
! 2442:
! 2443: /*
! 2444: * Bound the interval (low, high) as the largest
! 2445: * interval containing points from presumed truechimers.
! 2446: */
! 2447: found = 0;
! 2448: n = 0;
! 2449: for (i = 0; i < nl3; i++) {
! 2450: low = endpoint[indx[i]].val;
! 2451: n -= endpoint[indx[i]].type;
! 2452: if (n >= nlist - allow)
! 2453: break;
! 2454: if (endpoint[indx[i]].type == 0)
! 2455: found++;
! 2456: }
! 2457: n = 0;
! 2458: for (j = nl3 - 1; j >= 0; j--) {
! 2459: high = endpoint[indx[j]].val;
! 2460: n += endpoint[indx[j]].type;
! 2461: if (n >= nlist - allow)
! 2462: break;
! 2463: if (endpoint[indx[j]].type == 0)
! 2464: found++;
! 2465: }
! 2466:
! 2467: /*
! 2468: * If the number of candidates found outside the
! 2469: * interval is greater than the number of falsetickers,
! 2470: * then at least one truechimer is outside the interval,
! 2471: * so go around again. This is what makes this algorithm
! 2472: * different than Marzullo's.
! 2473: */
! 2474: if (found > allow)
! 2475: continue;
! 2476:
! 2477: /*
! 2478: * If an interval containing truechimers is found, stop.
! 2479: * If not, increase the number of falsetickers and go
! 2480: * around again.
! 2481: */
! 2482: if (high > low)
! 2483: break;
! 2484: }
! 2485:
! 2486: /*
! 2487: * Clustering algorithm. Construct candidate list in order first
! 2488: * by stratum then by root distance, but keep only the best
! 2489: * NTP_MAXASSOC of them. Scan the list to find falsetickers, who
! 2490: * leave the island immediately. The TRUE peer is always a
! 2491: * truechimer. We must leave at least one peer to collect the
! 2492: * million bucks.
! 2493: */
! 2494: j = 0;
! 2495: for (i = 0; i < nlist; i++) {
! 2496: peer = peer_list[i];
! 2497: if (nlist > 1 && (peer->offset <= low || peer->offset >=
! 2498: high) && !(peer->flags & FLAG_TRUE))
! 2499: continue;
! 2500:
! 2501: #ifdef REFCLOCK
! 2502: /*
! 2503: * Eligible PPS peers must survive the intersection
! 2504: * algorithm. Use the first one found, but don't
! 2505: * include any of them in the cluster population.
! 2506: */
! 2507: if (peer->flags & FLAG_PPS) {
! 2508: if (typepps == NULL)
! 2509: typepps = peer;
! 2510: continue;
! 2511: }
! 2512: #endif /* REFCLOCK */
! 2513:
! 2514: /*
! 2515: * The metric is the scaled root distance at the next
! 2516: * poll interval plus the peer stratum.
! 2517: */
! 2518: d = (root_distance(peer) + clock_phi * (peer->nextdate -
! 2519: current_time)) / sys_maxdist + peer->stratum;
! 2520: if (j >= NTP_MAXASSOC) {
! 2521: if (d >= synch[j - 1])
! 2522: continue;
! 2523: else
! 2524: j--;
! 2525: }
! 2526: for (k = j; k > 0; k--) {
! 2527: if (d >= synch[k - 1])
! 2528: break;
! 2529:
! 2530: peer_list[k] = peer_list[k - 1];
! 2531: error[k] = error[k - 1];
! 2532: synch[k] = synch[k - 1];
! 2533: }
! 2534: peer_list[k] = peer;
! 2535: error[k] = peer->jitter;
! 2536: synch[k] = d;
! 2537: j++;
! 2538: }
! 2539: nlist = j;
! 2540:
! 2541: /*
! 2542: * If no survivors remain at this point, check if the modem
! 2543: * driver, local driver or orphan parent in that order. If so,
! 2544: * nominate the first one found as the only survivor.
! 2545: * Otherwise, give up and leave the island to the rats.
! 2546: */
! 2547: if (nlist == 0) {
! 2548: error[0] = 0;
! 2549: synch[0] = 0;
! 2550: #ifdef REFCLOCK
! 2551: if (typeacts != NULL) {
! 2552: peer_list[0] = typeacts;
! 2553: nlist = 1;
! 2554: } else if (typelocal != NULL) {
! 2555: peer_list[0] = typelocal;
! 2556: nlist = 1;
! 2557: } else
! 2558: #endif /* REFCLOCK */
! 2559: if (typeorphan != NULL) {
! 2560: peer_list[0] = typeorphan;
! 2561: nlist = 1;
! 2562: }
! 2563: }
! 2564:
! 2565: /*
! 2566: * Mark the candidates at this point as truechimers.
! 2567: */
! 2568: for (i = 0; i < nlist; i++) {
! 2569: peer_list[i]->new_status = CTL_PST_SEL_SELCAND;
! 2570: #ifdef DEBUG
! 2571: if (debug > 1)
! 2572: printf("select: survivor %s %f\n",
! 2573: stoa(&peer_list[i]->srcadr), synch[i]);
! 2574: #endif
! 2575: }
! 2576:
! 2577: /*
! 2578: * Now, vote outlyers off the island by select jitter weighted
! 2579: * by root distance. Continue voting as long as there are more
! 2580: * than sys_minclock survivors and the minimum select jitter is
! 2581: * greater than the maximum peer jitter. Stop if we are about to
! 2582: * discard a TRUE or PREFER peer, who of course has the
! 2583: * immunity idol.
! 2584: */
! 2585: seljitter = 0;
! 2586: while (1) {
! 2587: d = 1e9;
! 2588: e = -1e9;
! 2589: f = g = 0;
! 2590: k = 0;
! 2591: for (i = 0; i < nlist; i++) {
! 2592: if (error[i] < d)
! 2593: d = error[i];
! 2594: f = 0;
! 2595: if (nlist > 1) {
! 2596: for (j = 0; j < nlist; j++)
! 2597: f += DIFF(peer_list[j]->offset,
! 2598: peer_list[i]->offset);
! 2599: f = SQRT(f / (nlist - 1));
! 2600: }
! 2601: if (f * synch[i] > e) {
! 2602: g = f;
! 2603: e = f * synch[i];
! 2604: k = i;
! 2605: }
! 2606: }
! 2607: f = max(f, LOGTOD(sys_precision));
! 2608: if (nlist <= sys_minsane || nlist <= sys_minclock) {
! 2609: break;
! 2610:
! 2611: } else if (f <= d || peer_list[k]->flags &
! 2612: (FLAG_TRUE | FLAG_PREFER)) {
! 2613: seljitter = f;
! 2614: break;
! 2615: }
! 2616: #ifdef DEBUG
! 2617: if (debug > 2)
! 2618: printf(
! 2619: "select: drop %s seljit %.6f jit %.6f\n",
! 2620: ntoa(&peer_list[k]->srcadr), g, d);
! 2621: #endif
! 2622: if (nlist > sys_maxclock)
! 2623: peer_list[k]->new_status = CTL_PST_SEL_EXCESS;
! 2624: for (j = k + 1; j < nlist; j++) {
! 2625: peer_list[j - 1] = peer_list[j];
! 2626: synch[j - 1] = synch[j];
! 2627: error[j - 1] = error[j];
! 2628: }
! 2629: nlist--;
! 2630: }
! 2631:
! 2632: /*
! 2633: * What remains is a list usually not greater than sys_minclock
! 2634: * peers. Note that the head of the list is the system peer at
! 2635: * the lowest stratum and that unsynchronized peers cannot
! 2636: * survive this far.
! 2637: *
! 2638: * While at it, count the number of leap warning bits found.
! 2639: * This will be used later to vote the system leap warning bit.
! 2640: * If a leap warning bit is found on a reference clock, the vote
! 2641: * is always won.
! 2642: */
! 2643: leap_vote = 0;
! 2644: for (i = 0; i < nlist; i++) {
! 2645: peer = peer_list[i];
! 2646: peer->unreach = 0;
! 2647: peer->new_status = CTL_PST_SEL_SYNCCAND;
! 2648: sys_survivors++;
! 2649: if (peer->leap == LEAP_ADDSECOND) {
! 2650: if (peer->flags & FLAG_REFCLOCK)
! 2651: leap_vote = nlist;
! 2652: else
! 2653: leap_vote++;
! 2654: }
! 2655: if (peer->flags & FLAG_PREFER)
! 2656: sys_prefer = peer;
! 2657: }
! 2658:
! 2659: /*
! 2660: * Unless there are at least sys_misane survivors, leave the
! 2661: * building dark. Otherwise, do a clockhop dance. Ordinarily,
! 2662: * use the first survivor on the survivor list. However, if the
! 2663: * last selection is not first on the list, use it as long as
! 2664: * it doesn't get too old or too ugly.
! 2665: */
! 2666: if (nlist > 0 && nlist >= sys_minsane) {
! 2667: double x;
! 2668:
! 2669: typesystem = peer_list[0];
! 2670: if (osys_peer == NULL || osys_peer == typesystem) {
! 2671: sys_clockhop = 0;
! 2672: } else if ((x = fabs(typesystem->offset -
! 2673: osys_peer->offset)) < sys_mindisp) {
! 2674: if (sys_clockhop == 0)
! 2675: sys_clockhop = sys_mindisp;
! 2676: else
! 2677: sys_clockhop *= .5;
! 2678: #ifdef DEBUG
! 2679: if (debug)
! 2680: printf("select: clockhop %d %.6f %.6f\n",
! 2681: j, x, sys_clockhop);
! 2682: #endif
! 2683: if (fabs(x) < sys_clockhop)
! 2684: typesystem = osys_peer;
! 2685: else
! 2686: sys_clockhop = 0;
! 2687: } else {
! 2688: sys_clockhop = 0;
! 2689: }
! 2690: }
! 2691:
! 2692: /*
! 2693: * Mitigation rules of the game. We have the pick of the
! 2694: * litter in typesystem if any survivors are left. If
! 2695: * there is a prefer peer, use its offset and jitter.
! 2696: * Otherwise, use the combined offset and jitter of all kitters.
! 2697: */
! 2698: if (typesystem != NULL) {
! 2699: if (sys_prefer == NULL) {
! 2700: typesystem->new_status = CTL_PST_SEL_SYSPEER;
! 2701: clock_combine(peer_list, sys_survivors);
! 2702: sys_jitter = SQRT(SQUARE(sys_jitter) +
! 2703: SQUARE(seljitter));
! 2704: } else {
! 2705: typesystem = sys_prefer;
! 2706: sys_clockhop = 0;
! 2707: typesystem->new_status = CTL_PST_SEL_SYSPEER;
! 2708: sys_offset = typesystem->offset;
! 2709: sys_jitter = typesystem->jitter;
! 2710: }
! 2711: #ifdef DEBUG
! 2712: if (debug)
! 2713: printf("select: combine offset %.9f jitter %.9f\n",
! 2714: sys_offset, sys_jitter);
! 2715: #endif
! 2716: }
! 2717: #ifdef REFCLOCK
! 2718: /*
! 2719: * If a PPS driver is lit and the combined offset is less than
! 2720: * 0.4 s, select the driver as the PPS peer and use its offset
! 2721: * and jitter. However, if this is the atom driver, use it only
! 2722: * if there is a prefer peer or there are no survivors and none
! 2723: * are required.
! 2724: */
! 2725: if (typepps != NULL && fabs(sys_offset) < 0.4 &&
! 2726: (typepps->refclktype != REFCLK_ATOM_PPS ||
! 2727: (typepps->refclktype == REFCLK_ATOM_PPS && (sys_prefer !=
! 2728: NULL || (typesystem == NULL && sys_minsane == 0))))) {
! 2729: typesystem = typepps;
! 2730: sys_clockhop = 0;
! 2731: typesystem->new_status = CTL_PST_SEL_PPS;
! 2732: sys_offset = typesystem->offset;
! 2733: sys_jitter = typesystem->jitter;
! 2734: #ifdef DEBUG
! 2735: if (debug)
! 2736: printf("select: pps offset %.9f jitter %.9f\n",
! 2737: sys_offset, sys_jitter);
! 2738: #endif
! 2739: }
! 2740: #endif /* REFCLOCK */
! 2741:
! 2742: /*
! 2743: * If there are no survivors at this point, there is no
! 2744: * system peer. If so and this is an old update, keep the
! 2745: * current statistics, but do not update the clock.
! 2746: */
! 2747: if (typesystem == NULL) {
! 2748: if (osys_peer != NULL)
! 2749: report_event(EVNT_NOPEER, NULL, NULL);
! 2750: sys_peer = NULL;
! 2751: for (n = 0; n < NTP_HASH_SIZE; n++)
! 2752: for (peer = peer_hash[n]; peer != NULL; peer =
! 2753: peer->next)
! 2754: peer->status = peer->new_status;
! 2755: return;
! 2756: }
! 2757:
! 2758: /*
! 2759: * Do not use old data, as this may mess up the clock discipline
! 2760: * stability.
! 2761: */
! 2762: if (typesystem->epoch <= sys_epoch)
! 2763: return;
! 2764:
! 2765: /*
! 2766: * We have found the alpha male. Wind the clock.
! 2767: */
! 2768: if (osys_peer != typesystem)
! 2769: report_event(PEVNT_NEWPEER, typesystem, NULL);
! 2770: for (n = 0; n < NTP_HASH_SIZE; n++)
! 2771: for (peer = peer_hash[n]; peer != NULL; peer =
! 2772: peer->next)
! 2773: peer->status = peer->new_status;
! 2774: clock_update(typesystem);
! 2775: }
! 2776:
! 2777:
! 2778: /*
! 2779: * clock_combine - compute system offset and jitter from selected peers
! 2780: */
! 2781: static void
! 2782: clock_combine(
! 2783: struct peer **peers, /* survivor list */
! 2784: int npeers /* number of survivors */
! 2785: )
! 2786: {
! 2787: int i;
! 2788: double x, y, z, w;
! 2789:
! 2790: y = z = w = 0;
! 2791: for (i = 0; i < npeers; i++) {
! 2792: x = root_distance(peers[i]);
! 2793: y += 1. / x;
! 2794: z += peers[i]->offset / x;
! 2795: w += SQUARE(peers[i]->offset - peers[0]->offset) / x;
! 2796: }
! 2797: sys_offset = z / y;
! 2798: sys_jitter = SQRT(w / y);
! 2799: }
! 2800:
! 2801:
! 2802: /*
! 2803: * root_distance - compute synchronization distance from peer to root
! 2804: */
! 2805: static double
! 2806: root_distance(
! 2807: struct peer *peer /* peer structure pointer */
! 2808: )
! 2809: {
! 2810: double dtemp;
! 2811:
! 2812: /*
! 2813: * Careful squeak here. The value returned must be greater than
! 2814: * the minimum root dispersion in order to avoid clockhop with
! 2815: * highly precise reference clocks. Note that the root distance
! 2816: * cannot exceed the sys_maxdist, as this is the cutoff by the
! 2817: * selection algorithm.
! 2818: */
! 2819: dtemp = (peer->delay + peer->rootdelay) / 2 + peer->disp +
! 2820: peer->rootdisp + clock_phi * (current_time - peer->update) +
! 2821: peer->jitter;
! 2822: if (dtemp < sys_mindisp)
! 2823: dtemp = sys_mindisp;
! 2824: return (dtemp);
! 2825: }
! 2826:
! 2827:
! 2828: /*
! 2829: * peer_xmit - send packet for persistent association.
! 2830: */
! 2831: static void
! 2832: peer_xmit(
! 2833: struct peer *peer /* peer structure pointer */
! 2834: )
! 2835: {
! 2836: struct pkt xpkt; /* transmit packet */
! 2837: int sendlen, authlen;
! 2838: keyid_t xkeyid = 0; /* transmit key ID */
! 2839: l_fp xmt_tx, xmt_ty;
! 2840:
! 2841: if (!peer->dstadr) /* drop peers without interface */
! 2842: return;
! 2843:
! 2844: xpkt.li_vn_mode = PKT_LI_VN_MODE(sys_leap, peer->version,
! 2845: peer->hmode);
! 2846: xpkt.stratum = STRATUM_TO_PKT(sys_stratum);
! 2847: xpkt.ppoll = peer->hpoll;
! 2848: xpkt.precision = sys_precision;
! 2849: xpkt.refid = sys_refid;
! 2850: xpkt.rootdelay = HTONS_FP(DTOFP(sys_rootdelay));
! 2851: xpkt.rootdisp = HTONS_FP(DTOUFP(sys_rootdisp));
! 2852: HTONL_FP(&sys_reftime, &xpkt.reftime);
! 2853: HTONL_FP(&peer->rec, &xpkt.org);
! 2854: HTONL_FP(&peer->dst, &xpkt.rec);
! 2855:
! 2856: /*
! 2857: * If the received packet contains a MAC, the transmitted packet
! 2858: * is authenticated and contains a MAC. If not, the transmitted
! 2859: * packet is not authenticated.
! 2860: *
! 2861: * It is most important when autokey is in use that the local
! 2862: * interface IP address be known before the first packet is
! 2863: * sent. Otherwise, it is not possible to compute a correct MAC
! 2864: * the recipient will accept. Thus, the I/O semantics have to do
! 2865: * a little more work. In particular, the wildcard interface
! 2866: * might not be usable.
! 2867: */
! 2868: sendlen = LEN_PKT_NOMAC;
! 2869: #ifdef OPENSSL
! 2870: if (!(peer->flags & FLAG_SKEY) && peer->keyid == 0) {
! 2871: #else
! 2872: if (peer->keyid == 0) {
! 2873: #endif /* OPENSSL */
! 2874:
! 2875: /*
! 2876: * Transmit a-priori timestamps
! 2877: */
! 2878: get_systime(&xmt_tx);
! 2879: if (peer->flip == 0) { /* basic mode */
! 2880: peer->aorg = xmt_tx;
! 2881: HTONL_FP(&xmt_tx, &xpkt.xmt);
! 2882: } else { /* interleaved modes */
! 2883: if (peer->hmode == MODE_BROADCAST) { /* bcst */
! 2884: HTONL_FP(&xmt_tx, &xpkt.xmt);
! 2885: if (peer->flip > 0)
! 2886: HTONL_FP(&peer->borg,
! 2887: &xpkt.org);
! 2888: else
! 2889: HTONL_FP(&peer->aorg,
! 2890: &xpkt.org);
! 2891: } else { /* symmetric */
! 2892: if (peer->flip > 0)
! 2893: HTONL_FP(&peer->borg,
! 2894: &xpkt.xmt);
! 2895: else
! 2896: HTONL_FP(&peer->aorg,
! 2897: &xpkt.xmt);
! 2898: }
! 2899: }
! 2900: peer->t21_bytes = sendlen;
! 2901: sendpkt(&peer->srcadr, peer->dstadr, sys_ttl[peer->ttl],
! 2902: &xpkt, sendlen);
! 2903: peer->sent++;
! 2904: peer->throttle += (1 << peer->minpoll) - 2;
! 2905:
! 2906: /*
! 2907: * Capture a-posteriori timestamps
! 2908: */
! 2909: get_systime(&xmt_ty);
! 2910: if (peer->flip != 0) { /* interleaved modes */
! 2911: if (peer->flip > 0)
! 2912: peer->aorg = xmt_ty;
! 2913: else
! 2914: peer->borg = xmt_ty;
! 2915: peer->flip = -peer->flip;
! 2916: }
! 2917: L_SUB(&xmt_ty, &xmt_tx);
! 2918: LFPTOD(&xmt_ty, peer->xleave);
! 2919: #ifdef DEBUG
! 2920: if (debug)
! 2921: printf("transmit: at %ld %s->%s mode %d len %d\n",
! 2922: current_time, peer->dstadr ?
! 2923: stoa(&peer->dstadr->sin) : "-",
! 2924: stoa(&peer->srcadr), peer->hmode, sendlen);
! 2925: #endif
! 2926: return;
! 2927: }
! 2928:
! 2929: /*
! 2930: * Authentication is enabled, so the transmitted packet must be
! 2931: * authenticated. If autokey is enabled, fuss with the various
! 2932: * modes; otherwise, symmetric key cryptography is used.
! 2933: */
! 2934: #ifdef OPENSSL
! 2935: if (peer->flags & FLAG_SKEY) {
! 2936: struct exten *exten; /* extension field */
! 2937:
! 2938: /*
! 2939: * The Public Key Dance (PKD): Cryptographic credentials
! 2940: * are contained in extension fields, each including a
! 2941: * 4-octet length/code word followed by a 4-octet
! 2942: * association ID and optional additional data. Optional
! 2943: * data includes a 4-octet data length field followed by
! 2944: * the data itself. Request messages are sent from a
! 2945: * configured association; response messages can be sent
! 2946: * from a configured association or can take the fast
! 2947: * path without ever matching an association. Response
! 2948: * messages have the same code as the request, but have
! 2949: * a response bit and possibly an error bit set. In this
! 2950: * implementation, a message may contain no more than
! 2951: * one command and one or more responses.
! 2952: *
! 2953: * Cryptographic session keys include both a public and
! 2954: * a private componet. Request and response messages
! 2955: * using extension fields are always sent with the
! 2956: * private component set to zero. Packets without
! 2957: * extension fields indlude the private component when
! 2958: * the session key is generated.
! 2959: */
! 2960: while (1) {
! 2961:
! 2962: /*
! 2963: * Allocate and initialize a keylist if not
! 2964: * already done. Then, use the list in inverse
! 2965: * order, discarding keys once used. Keep the
! 2966: * latest key around until the next one, so
! 2967: * clients can use client/server packets to
! 2968: * compute propagation delay.
! 2969: *
! 2970: * Note that once a key is used from the list,
! 2971: * it is retained in the key cache until the
! 2972: * next key is used. This is to allow a client
! 2973: * to retrieve the encrypted session key
! 2974: * identifier to verify authenticity.
! 2975: *
! 2976: * If for some reason a key is no longer in the
! 2977: * key cache, a birthday has happened or the key
! 2978: * has expired, so the pseudo-random sequence is
! 2979: * broken. In that case, purge the keylist and
! 2980: * regenerate it.
! 2981: */
! 2982: if (peer->keynumber == 0)
! 2983: make_keylist(peer, peer->dstadr);
! 2984: else
! 2985: peer->keynumber--;
! 2986: xkeyid = peer->keylist[peer->keynumber];
! 2987: if (authistrusted(xkeyid))
! 2988: break;
! 2989: else
! 2990: key_expire(peer);
! 2991: }
! 2992: peer->keyid = xkeyid;
! 2993: exten = NULL;
! 2994: switch (peer->hmode) {
! 2995:
! 2996: /*
! 2997: * In broadcast server mode the autokey values are
! 2998: * required by the broadcast clients. Push them when a
! 2999: * new keylist is generated; otherwise, push the
! 3000: * association message so the client can request them at
! 3001: * other times.
! 3002: */
! 3003: case MODE_BROADCAST:
! 3004: if (peer->flags & FLAG_ASSOC)
! 3005: exten = crypto_args(peer, CRYPTO_AUTO |
! 3006: CRYPTO_RESP, peer->associd, NULL);
! 3007: else
! 3008: exten = crypto_args(peer, CRYPTO_ASSOC |
! 3009: CRYPTO_RESP, peer->associd, NULL);
! 3010: break;
! 3011:
! 3012: /*
! 3013: * In symmetric modes the parameter, certificate,
! 3014: * identity, cookie and autokey exchanges are
! 3015: * required. The leapsecond exchange is optional. But, a
! 3016: * peer will not believe the other peer until the other
! 3017: * peer has synchronized, so the certificate exchange
! 3018: * might loop until then. If a peer finds a broken
! 3019: * autokey sequence, it uses the autokey exchange to
! 3020: * retrieve the autokey values. In any case, if a new
! 3021: * keylist is generated, the autokey values are pushed.
! 3022: */
! 3023: case MODE_ACTIVE:
! 3024: case MODE_PASSIVE:
! 3025:
! 3026: /*
! 3027: * Parameter, certificate and identity.
! 3028: */
! 3029: if (!peer->crypto)
! 3030: exten = crypto_args(peer, CRYPTO_ASSOC,
! 3031: peer->associd, sys_hostname);
! 3032: else if (!(peer->crypto & CRYPTO_FLAG_CERT))
! 3033: exten = crypto_args(peer, CRYPTO_CERT,
! 3034: peer->associd, peer->issuer);
! 3035: else if (!(peer->crypto & CRYPTO_FLAG_VRFY))
! 3036: exten = crypto_args(peer,
! 3037: crypto_ident(peer), peer->associd,
! 3038: NULL);
! 3039:
! 3040: /*
! 3041: * Cookie and autokey. We request the cookie
! 3042: * only when the this peer and the other peer
! 3043: * are synchronized. But, this peer needs the
! 3044: * autokey values when the cookie is zero. Any
! 3045: * time we regenerate the key list, we offer the
! 3046: * autokey values without being asked. If for
! 3047: * some reason either peer finds a broken
! 3048: * autokey sequence, the autokey exchange is
! 3049: * used to retrieve the autokey values.
! 3050: */
! 3051: else if (sys_leap != LEAP_NOTINSYNC &&
! 3052: peer->leap != LEAP_NOTINSYNC &&
! 3053: !(peer->crypto & CRYPTO_FLAG_COOK))
! 3054: exten = crypto_args(peer, CRYPTO_COOK,
! 3055: peer->associd, NULL);
! 3056: else if (!(peer->crypto & CRYPTO_FLAG_AUTO))
! 3057: exten = crypto_args(peer, CRYPTO_AUTO,
! 3058: peer->associd, NULL);
! 3059: else if (peer->flags & FLAG_ASSOC &&
! 3060: peer->crypto & CRYPTO_FLAG_SIGN)
! 3061: exten = crypto_args(peer, CRYPTO_AUTO |
! 3062: CRYPTO_RESP, peer->assoc, NULL);
! 3063:
! 3064: /*
! 3065: * Wait for clock sync, then sign the
! 3066: * certificate and retrieve the leapsecond
! 3067: * values.
! 3068: */
! 3069: else if (sys_leap == LEAP_NOTINSYNC)
! 3070: break;
! 3071:
! 3072: else if (!(peer->crypto & CRYPTO_FLAG_SIGN))
! 3073: exten = crypto_args(peer, CRYPTO_SIGN,
! 3074: peer->associd, sys_hostname);
! 3075: else if (!(peer->crypto & CRYPTO_FLAG_LEAP))
! 3076: exten = crypto_args(peer, CRYPTO_LEAP,
! 3077: peer->associd, NULL);
! 3078: break;
! 3079:
! 3080: /*
! 3081: * In client mode the parameter, certificate, identity,
! 3082: * cookie and sign exchanges are required. The
! 3083: * leapsecond exchange is optional. If broadcast client
! 3084: * mode the same exchanges are required, except that the
! 3085: * autokey exchange is substitutes for the cookie
! 3086: * exchange, since the cookie is always zero. If the
! 3087: * broadcast client finds a broken autokey sequence, it
! 3088: * uses the autokey exchange to retrieve the autokey
! 3089: * values.
! 3090: */
! 3091: case MODE_CLIENT:
! 3092:
! 3093: /*
! 3094: * Parameter, certificate and identity.
! 3095: */
! 3096: if (!peer->crypto)
! 3097: exten = crypto_args(peer, CRYPTO_ASSOC,
! 3098: peer->associd, sys_hostname);
! 3099: else if (!(peer->crypto & CRYPTO_FLAG_CERT))
! 3100: exten = crypto_args(peer, CRYPTO_CERT,
! 3101: peer->associd, peer->issuer);
! 3102: else if (!(peer->crypto & CRYPTO_FLAG_VRFY))
! 3103: exten = crypto_args(peer,
! 3104: crypto_ident(peer), peer->associd,
! 3105: NULL);
! 3106:
! 3107: /*
! 3108: * Cookie and autokey. These are requests, but
! 3109: * we use the peer association ID with autokey
! 3110: * rather than our own.
! 3111: */
! 3112: else if (!(peer->crypto & CRYPTO_FLAG_COOK))
! 3113: exten = crypto_args(peer, CRYPTO_COOK,
! 3114: peer->associd, NULL);
! 3115: else if (!(peer->crypto & CRYPTO_FLAG_AUTO))
! 3116: exten = crypto_args(peer, CRYPTO_AUTO,
! 3117: peer->assoc, NULL);
! 3118:
! 3119: /*
! 3120: * Wait for clock sync, then sign the
! 3121: * certificate and retrieve the leapsecond
! 3122: * values.
! 3123: */
! 3124: else if (sys_leap == LEAP_NOTINSYNC)
! 3125: break;
! 3126:
! 3127: else if (!(peer->crypto & CRYPTO_FLAG_SIGN))
! 3128: exten = crypto_args(peer, CRYPTO_SIGN,
! 3129: peer->associd, sys_hostname);
! 3130: else if (!(peer->crypto & CRYPTO_FLAG_LEAP))
! 3131: exten = crypto_args(peer, CRYPTO_LEAP,
! 3132: peer->associd, NULL);
! 3133: break;
! 3134: }
! 3135:
! 3136: /*
! 3137: * Add a queued extension field if present. This is
! 3138: * always a request message, so the reply ID is already
! 3139: * in the message. If an error occurs, the error bit is
! 3140: * lit in the response.
! 3141: */
! 3142: if (peer->cmmd != NULL) {
! 3143: u_int32 temp32;
! 3144:
! 3145: temp32 = CRYPTO_RESP;
! 3146: peer->cmmd->opcode |= htonl(temp32);
! 3147: sendlen += crypto_xmit(peer, &xpkt, NULL,
! 3148: sendlen, peer->cmmd, 0);
! 3149: free(peer->cmmd);
! 3150: peer->cmmd = NULL;
! 3151: }
! 3152:
! 3153: /*
! 3154: * Add an extension field created above. All but the
! 3155: * autokey response message are request messages.
! 3156: */
! 3157: if (exten != NULL) {
! 3158: if (exten->opcode != 0)
! 3159: sendlen += crypto_xmit(peer, &xpkt,
! 3160: NULL, sendlen, exten, 0);
! 3161: free(exten);
! 3162: }
! 3163:
! 3164: /*
! 3165: * Calculate the next session key. Since extension
! 3166: * fields are present, the cookie value is zero.
! 3167: */
! 3168: if (sendlen > LEN_PKT_NOMAC) {
! 3169: session_key(&peer->dstadr->sin, &peer->srcadr,
! 3170: xkeyid, 0, 2);
! 3171: }
! 3172: }
! 3173: #endif /* OPENSSL */
! 3174:
! 3175: /*
! 3176: * Transmit a-priori timestamps
! 3177: */
! 3178: get_systime(&xmt_tx);
! 3179: if (peer->flip == 0) { /* basic mode */
! 3180: peer->aorg = xmt_tx;
! 3181: HTONL_FP(&xmt_tx, &xpkt.xmt);
! 3182: } else { /* interleaved modes */
! 3183: if (peer->hmode == MODE_BROADCAST) { /* bcst */
! 3184: HTONL_FP(&xmt_tx, &xpkt.xmt);
! 3185: if (peer->flip > 0)
! 3186: HTONL_FP(&peer->borg, &xpkt.org);
! 3187: else
! 3188: HTONL_FP(&peer->aorg, &xpkt.org);
! 3189: } else { /* symmetric */
! 3190: if (peer->flip > 0)
! 3191: HTONL_FP(&peer->borg, &xpkt.xmt);
! 3192: else
! 3193: HTONL_FP(&peer->aorg, &xpkt.xmt);
! 3194: }
! 3195: }
! 3196: xkeyid = peer->keyid;
! 3197: authlen = authencrypt(xkeyid, (u_int32 *)&xpkt, sendlen);
! 3198: if (authlen == 0) {
! 3199: report_event(PEVNT_AUTH, peer, "no key");
! 3200: peer->flash |= TEST5; /* auth error */
! 3201: peer->badauth++;
! 3202: return;
! 3203: }
! 3204: sendlen += authlen;
! 3205: #ifdef OPENSSL
! 3206: if (xkeyid > NTP_MAXKEY)
! 3207: authtrust(xkeyid, 0);
! 3208: #endif /* OPENSSL */
! 3209: if (sendlen > sizeof(xpkt)) {
! 3210: msyslog(LOG_ERR, "proto: buffer overflow %u", sendlen);
! 3211: exit (-1);
! 3212: }
! 3213: peer->t21_bytes = sendlen;
! 3214: sendpkt(&peer->srcadr, peer->dstadr, sys_ttl[peer->ttl], &xpkt,
! 3215: sendlen);
! 3216: peer->sent++;
! 3217: peer->throttle += (1 << peer->minpoll) - 2;
! 3218:
! 3219: /*
! 3220: * Capture a-posteriori timestamps
! 3221: */
! 3222: get_systime(&xmt_ty);
! 3223: if (peer->flip != 0) { /* interleaved modes */
! 3224: if (peer->flip > 0)
! 3225: peer->aorg = xmt_ty;
! 3226: else
! 3227: peer->borg = xmt_ty;
! 3228: peer->flip = -peer->flip;
! 3229: }
! 3230: L_SUB(&xmt_ty, &xmt_tx);
! 3231: LFPTOD(&xmt_ty, peer->xleave);
! 3232: #ifdef OPENSSL
! 3233: #ifdef DEBUG
! 3234: if (debug)
! 3235: printf("transmit: at %ld %s->%s mode %d keyid %08x len %d index %d\n",
! 3236: current_time, peer->dstadr ?
! 3237: ntoa(&peer->dstadr->sin) : "-",
! 3238: ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen,
! 3239: peer->keynumber);
! 3240: #endif
! 3241: #else /* OPENSSL */
! 3242: #ifdef DEBUG
! 3243: if (debug)
! 3244: printf("transmit: at %ld %s->%s mode %d keyid %08x len %d\n",
! 3245: current_time, peer->dstadr ?
! 3246: ntoa(&peer->dstadr->sin) : "-",
! 3247: ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen);
! 3248: #endif
! 3249: #endif /* OPENSSL */
! 3250: }
! 3251:
! 3252:
! 3253: /*
! 3254: * fast_xmit - Send packet for nonpersistent association. Note that
! 3255: * neither the source or destination can be a broadcast address.
! 3256: */
! 3257: static void
! 3258: fast_xmit(
! 3259: struct recvbuf *rbufp, /* receive packet pointer */
! 3260: int xmode, /* receive mode */
! 3261: keyid_t xkeyid, /* transmit key ID */
! 3262: int flags /* restrict mask */
! 3263: )
! 3264: {
! 3265: struct pkt xpkt; /* transmit packet structure */
! 3266: struct pkt *rpkt; /* receive packet structure */
! 3267: l_fp xmt_tx, xmt_ty;
! 3268: int sendlen;
! 3269: #ifdef OPENSSL
! 3270: u_int32 temp32;
! 3271: #endif
! 3272:
! 3273: /*
! 3274: * Initialize transmit packet header fields from the receive
! 3275: * buffer provided. We leave the fields intact as received, but
! 3276: * set the peer poll at the maximum of the receive peer poll and
! 3277: * the system minimum poll (ntp_minpoll). This is for KoD rate
! 3278: * control and not strictly specification compliant, but doesn't
! 3279: * break anything.
! 3280: *
! 3281: * If the gazinta was from a multicast address, the gazoutta
! 3282: * must go out another way.
! 3283: */
! 3284: rpkt = &rbufp->recv_pkt;
! 3285: if (rbufp->dstadr->flags & INT_MCASTOPEN)
! 3286: rbufp->dstadr = findinterface(&rbufp->recv_srcadr);
! 3287:
! 3288: /*
! 3289: * If this is a kiss-o'-death (KoD) packet, show leap
! 3290: * unsynchronized, stratum zero, reference ID the four-character
! 3291: * kiss code and system root delay. Note we don't reveal the
! 3292: * local time, so these packets can't be used for
! 3293: * synchronization.
! 3294: */
! 3295: if (flags & RES_KOD) {
! 3296: sys_kodsent++;
! 3297: xpkt.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOTINSYNC,
! 3298: PKT_VERSION(rpkt->li_vn_mode), xmode);
! 3299: xpkt.stratum = STRATUM_PKT_UNSPEC;
! 3300: xpkt.ppoll = max(rpkt->ppoll, ntp_minpoll);
! 3301: memcpy(&xpkt.refid, "RATE", 4);
! 3302: xpkt.org = rpkt->xmt;
! 3303: xpkt.rec = rpkt->xmt;
! 3304: xpkt.xmt = rpkt->xmt;
! 3305:
! 3306: /*
! 3307: * This is a normal packet. Use the system variables.
! 3308: */
! 3309: } else {
! 3310: xpkt.li_vn_mode = PKT_LI_VN_MODE(sys_leap,
! 3311: PKT_VERSION(rpkt->li_vn_mode), xmode);
! 3312: xpkt.stratum = STRATUM_TO_PKT(sys_stratum);
! 3313: xpkt.ppoll = max(rpkt->ppoll, ntp_minpoll);
! 3314: xpkt.precision = sys_precision;
! 3315: xpkt.refid = sys_refid;
! 3316: xpkt.rootdelay = HTONS_FP(DTOFP(sys_rootdelay));
! 3317: xpkt.rootdisp = HTONS_FP(DTOUFP(sys_rootdisp));
! 3318: HTONL_FP(&sys_reftime, &xpkt.reftime);
! 3319: xpkt.org = rpkt->xmt;
! 3320: HTONL_FP(&rbufp->recv_time, &xpkt.rec);
! 3321: get_systime(&xmt_tx);
! 3322: HTONL_FP(&xmt_tx, &xpkt.xmt);
! 3323: }
! 3324:
! 3325: #ifdef HAVE_NTP_SIGND
! 3326: if (flags & RES_MSSNTP) {
! 3327: send_via_ntp_signd(rbufp, xmode, xkeyid, flags, &xpkt);
! 3328: return;
! 3329: }
! 3330: #endif /* HAVE_NTP_SIGND */
! 3331:
! 3332: /*
! 3333: * If the received packet contains a MAC, the transmitted packet
! 3334: * is authenticated and contains a MAC. If not, the transmitted
! 3335: * packet is not authenticated.
! 3336: */
! 3337: sendlen = LEN_PKT_NOMAC;
! 3338: if (rbufp->recv_length == sendlen) {
! 3339: sendpkt(&rbufp->recv_srcadr, rbufp->dstadr, 0, &xpkt,
! 3340: sendlen);
! 3341: #ifdef DEBUG
! 3342: if (debug)
! 3343: printf(
! 3344: "transmit: at %ld %s->%s mode %d len %d\n",
! 3345: current_time, stoa(&rbufp->dstadr->sin),
! 3346: stoa(&rbufp->recv_srcadr), xmode, sendlen);
! 3347: #endif
! 3348: return;
! 3349: }
! 3350:
! 3351: /*
! 3352: * The received packet contains a MAC, so the transmitted packet
! 3353: * must be authenticated. For symmetric key cryptography, use
! 3354: * the predefined and trusted symmetric keys to generate the
! 3355: * cryptosum. For autokey cryptography, use the server private
! 3356: * value to generate the cookie, which is unique for every
! 3357: * source-destination-key ID combination.
! 3358: */
! 3359: #ifdef OPENSSL
! 3360: if (xkeyid > NTP_MAXKEY) {
! 3361: keyid_t cookie;
! 3362:
! 3363: /*
! 3364: * The only way to get here is a reply to a legitimate
! 3365: * client request message, so the mode must be
! 3366: * MODE_SERVER. If an extension field is present, there
! 3367: * can be only one and that must be a command. Do what
! 3368: * needs, but with private value of zero so the poor
! 3369: * jerk can decode it. If no extension field is present,
! 3370: * use the cookie to generate the session key.
! 3371: */
! 3372: cookie = session_key(&rbufp->recv_srcadr,
! 3373: &rbufp->dstadr->sin, 0, sys_private, 0);
! 3374: if (rbufp->recv_length > sendlen + MAX_MAC_LEN) {
! 3375: session_key(&rbufp->dstadr->sin,
! 3376: &rbufp->recv_srcadr, xkeyid, 0, 2);
! 3377: temp32 = CRYPTO_RESP;
! 3378: rpkt->exten[0] |= htonl(temp32);
! 3379: sendlen += crypto_xmit(NULL, &xpkt, rbufp,
! 3380: sendlen, (struct exten *)rpkt->exten,
! 3381: cookie);
! 3382: } else {
! 3383: session_key(&rbufp->dstadr->sin,
! 3384: &rbufp->recv_srcadr, xkeyid, cookie, 2);
! 3385: }
! 3386: }
! 3387: #endif /* OPENSSL */
! 3388: get_systime(&xmt_tx);
! 3389: sendlen += authencrypt(xkeyid, (u_int32 *)&xpkt, sendlen);
! 3390: #ifdef OPENSSL
! 3391: if (xkeyid > NTP_MAXKEY)
! 3392: authtrust(xkeyid, 0);
! 3393: #endif /* OPENSSL */
! 3394: sendpkt(&rbufp->recv_srcadr, rbufp->dstadr, 0, &xpkt, sendlen);
! 3395: get_systime(&xmt_ty);
! 3396: L_SUB(&xmt_ty, &xmt_tx);
! 3397: sys_authdelay = xmt_ty;
! 3398: #ifdef DEBUG
! 3399: if (debug)
! 3400: printf(
! 3401: "transmit: at %ld %s->%s mode %d keyid %08x len %d\n",
! 3402: current_time, ntoa(&rbufp->dstadr->sin),
! 3403: ntoa(&rbufp->recv_srcadr), xmode, xkeyid, sendlen);
! 3404: #endif
! 3405: }
! 3406:
! 3407:
! 3408: #ifdef OPENSSL
! 3409: /*
! 3410: * key_expire - purge the key list
! 3411: */
! 3412: void
! 3413: key_expire(
! 3414: struct peer *peer /* peer structure pointer */
! 3415: )
! 3416: {
! 3417: int i;
! 3418:
! 3419: if (peer->keylist != NULL) {
! 3420: for (i = 0; i <= peer->keynumber; i++)
! 3421: authtrust(peer->keylist[i], 0);
! 3422: free(peer->keylist);
! 3423: peer->keylist = NULL;
! 3424: }
! 3425: value_free(&peer->sndval);
! 3426: peer->keynumber = 0;
! 3427: peer->flags &= ~FLAG_ASSOC;
! 3428: #ifdef DEBUG
! 3429: if (debug)
! 3430: printf("key_expire: at %lu associd %d\n", current_time,
! 3431: peer->associd);
! 3432: #endif
! 3433: }
! 3434: #endif /* OPENSSL */
! 3435:
! 3436:
! 3437: /*
! 3438: * local_refid(peer) - check peer refid to avoid selecting peers
! 3439: * currently synced to this ntpd.
! 3440: */
! 3441: static int
! 3442: local_refid(
! 3443: struct peer * p
! 3444: )
! 3445: {
! 3446: endpt * unicast_ep;
! 3447:
! 3448: if (p->dstadr != NULL && !(INT_MCASTIF & p->dstadr->flags))
! 3449: unicast_ep = p->dstadr;
! 3450: else
! 3451: unicast_ep = findinterface(&p->srcadr);
! 3452:
! 3453: if (unicast_ep != NULL && p->refid == unicast_ep->addr_refid)
! 3454: return TRUE;
! 3455: else
! 3456: return FALSE;
! 3457: }
! 3458:
! 3459:
! 3460: /*
! 3461: * Determine if the peer is unfit for synchronization
! 3462: *
! 3463: * A peer is unfit for synchronization if
! 3464: * > TEST10 bad leap or stratum below floor or at or above ceiling
! 3465: * > TEST11 root distance exceeded for remote peer
! 3466: * > TEST12 a direct or indirect synchronization loop would form
! 3467: * > TEST13 unreachable or noselect
! 3468: */
! 3469: int /* FALSE if fit, TRUE if unfit */
! 3470: peer_unfit(
! 3471: struct peer *peer /* peer structure pointer */
! 3472: )
! 3473: {
! 3474: int rval = 0;
! 3475:
! 3476: /*
! 3477: * A stratum error occurs if (1) the server has never been
! 3478: * synchronized, (2) the server stratum is below the floor or
! 3479: * greater than or equal to the ceiling.
! 3480: */
! 3481: if (peer->leap == LEAP_NOTINSYNC || peer->stratum < sys_floor ||
! 3482: peer->stratum >= sys_ceiling)
! 3483: rval |= TEST10; /* bad synch or stratum */
! 3484:
! 3485: /*
! 3486: * A distance error for a remote peer occurs if the root
! 3487: * distance is greater than or equal to the distance threshold
! 3488: * plus the increment due to one host poll interval.
! 3489: */
! 3490: if (!(peer->flags & FLAG_REFCLOCK) && root_distance(peer) >=
! 3491: sys_maxdist + clock_phi * ULOGTOD(peer->hpoll))
! 3492: rval |= TEST11; /* distance exceeded */
! 3493:
! 3494: /*
! 3495: * A loop error occurs if the remote peer is synchronized to the
! 3496: * local peer or if the remote peer is synchronized to the same
! 3497: * server as the local peer but only if the remote peer is
! 3498: * neither a reference clock nor an orphan.
! 3499: */
! 3500: if (peer->stratum > 1 && local_refid(peer))
! 3501: rval |= TEST12; /* synchronization loop */
! 3502:
! 3503: /*
! 3504: * An unreachable error occurs if the server is unreachable or
! 3505: * the noselect bit is set.
! 3506: */
! 3507: if (!peer->reach || (peer->flags & FLAG_NOSELECT))
! 3508: rval |= TEST13; /* unreachable */
! 3509:
! 3510: peer->flash &= ~PEER_TEST_MASK;
! 3511: peer->flash |= rval;
! 3512: return (rval);
! 3513: }
! 3514:
! 3515:
! 3516: /*
! 3517: * Find the precision of this particular machine
! 3518: */
! 3519: #define MINSTEP 100e-9 /* minimum clock increment (s) */
! 3520: #define MAXSTEP 20e-3 /* maximum clock increment (s) */
! 3521: #define MINLOOPS 5 /* minimum number of step samples */
! 3522:
! 3523: /*
! 3524: * This routine measures the system precision defined as the minimum of
! 3525: * a sequence of differences between successive readings of the system
! 3526: * clock. However, if a difference is less than MINSTEP, the clock has
! 3527: * been read more than once during a clock tick and the difference is
! 3528: * ignored. We set MINSTEP greater than zero in case something happens
! 3529: * like a cache miss.
! 3530: */
! 3531: int
! 3532: default_get_precision(void)
! 3533: {
! 3534: l_fp val; /* current seconds fraction */
! 3535: l_fp last; /* last seconds fraction */
! 3536: l_fp diff; /* difference */
! 3537: double tick; /* computed tick value */
! 3538: double dtemp; /* scratch */
! 3539: int i; /* log2 precision */
! 3540:
! 3541: /*
! 3542: * Loop to find precision value in seconds.
! 3543: */
! 3544: tick = MAXSTEP;
! 3545: i = 0;
! 3546: get_systime(&last);
! 3547: while (1) {
! 3548: get_systime(&val);
! 3549: diff = val;
! 3550: L_SUB(&diff, &last);
! 3551: last = val;
! 3552: LFPTOD(&diff, dtemp);
! 3553: if (dtemp < MINSTEP)
! 3554: continue;
! 3555:
! 3556: if (dtemp < tick)
! 3557: tick = dtemp;
! 3558: if (++i >= MINLOOPS)
! 3559: break;
! 3560: }
! 3561: sys_tick = tick;
! 3562:
! 3563: /*
! 3564: * Find the nearest power of two.
! 3565: */
! 3566: msyslog(LOG_NOTICE, "proto: precision = %.3f usec", tick * 1e6);
! 3567: for (i = 0; tick <= 1; i++)
! 3568: tick *= 2;
! 3569: if (tick - 1 > 1 - tick / 2)
! 3570: i--;
! 3571: return (-i);
! 3572: }
! 3573:
! 3574:
! 3575: /*
! 3576: * init_proto - initialize the protocol module's data
! 3577: */
! 3578: void
! 3579: init_proto(void)
! 3580: {
! 3581: l_fp dummy;
! 3582: int i;
! 3583:
! 3584: /*
! 3585: * Fill in the sys_* stuff. Default is don't listen to
! 3586: * broadcasting, require authentication.
! 3587: */
! 3588: sys_leap = LEAP_NOTINSYNC;
! 3589: sys_stratum = STRATUM_UNSPEC;
! 3590: memcpy(&sys_refid, "INIT", 4);
! 3591: sys_peer = NULL;
! 3592: sys_rootdelay = 0;
! 3593: sys_rootdisp = 0;
! 3594: L_CLR(&sys_reftime);
! 3595: sys_jitter = 0;
! 3596: sys_precision = (s_char)default_get_precision();
! 3597: get_systime(&dummy);
! 3598: sys_survivors = 0;
! 3599: sys_manycastserver = 0;
! 3600: sys_bclient = 0;
! 3601: sys_bdelay = 0;
! 3602: sys_authenticate = 1;
! 3603: sys_stattime = current_time;
! 3604: proto_clr_stats();
! 3605: for (i = 0; i < MAX_TTL; i++) {
! 3606: sys_ttl[i] = (u_char)((i * 256) / MAX_TTL);
! 3607: sys_ttlmax = i;
! 3608: }
! 3609: pps_enable = 0;
! 3610: stats_control = 1;
! 3611: }
! 3612:
! 3613:
! 3614: /*
! 3615: * proto_config - configure the protocol module
! 3616: */
! 3617: void
! 3618: proto_config(
! 3619: int item,
! 3620: u_long value,
! 3621: double dvalue,
! 3622: sockaddr_u *svalue
! 3623: )
! 3624: {
! 3625: /*
! 3626: * Figure out what he wants to change, then do it
! 3627: */
! 3628: DPRINTF(2, ("proto_config: code %d value %lu dvalue %lf\n",
! 3629: item, value, dvalue));
! 3630:
! 3631: switch (item) {
! 3632:
! 3633: /*
! 3634: * enable and disable commands - arguments are Boolean.
! 3635: */
! 3636: case PROTO_AUTHENTICATE: /* authentication (auth) */
! 3637: sys_authenticate = value;
! 3638: break;
! 3639:
! 3640: case PROTO_BROADCLIENT: /* broadcast client (bclient) */
! 3641: sys_bclient = (int)value;
! 3642: if (sys_bclient == 0)
! 3643: io_unsetbclient();
! 3644: else
! 3645: io_setbclient();
! 3646: break;
! 3647:
! 3648: #ifdef REFCLOCK
! 3649: case PROTO_CAL: /* refclock calibrate (calibrate) */
! 3650: cal_enable = value;
! 3651: break;
! 3652: #endif /* REFCLOCK */
! 3653:
! 3654: case PROTO_KERNEL: /* kernel discipline (kernel) */
! 3655: kern_enable = value;
! 3656: break;
! 3657:
! 3658: case PROTO_MONITOR: /* monitoring (monitor) */
! 3659: if (value)
! 3660: mon_start(MON_ON);
! 3661: else
! 3662: mon_stop(MON_ON);
! 3663: break;
! 3664:
! 3665: case PROTO_NTP: /* NTP discipline (ntp) */
! 3666: ntp_enable = value;
! 3667: break;
! 3668:
! 3669: case PROTO_PPS: /* PPS discipline (pps) */
! 3670: pps_enable = value;
! 3671: break;
! 3672:
! 3673: case PROTO_FILEGEN: /* statistics (stats) */
! 3674: stats_control = value;
! 3675: break;
! 3676:
! 3677: /*
! 3678: * tos command - arguments are double, sometimes cast to int
! 3679: */
! 3680: case PROTO_BEACON: /* manycast beacon (beacon) */
! 3681: sys_beacon = (int)dvalue;
! 3682: break;
! 3683:
! 3684: case PROTO_BROADDELAY: /* default broadcast delay (bdelay) */
! 3685: sys_bdelay = dvalue;
! 3686: break;
! 3687:
! 3688: case PROTO_CEILING: /* stratum ceiling (ceiling) */
! 3689: sys_ceiling = (int)dvalue;
! 3690: break;
! 3691:
! 3692: case PROTO_COHORT: /* cohort switch (cohort) */
! 3693: sys_cohort = (int)dvalue;
! 3694: break;
! 3695:
! 3696: case PROTO_FLOOR: /* stratum floor (floor) */
! 3697: sys_floor = (int)dvalue;
! 3698: break;
! 3699:
! 3700: case PROTO_MAXCLOCK: /* maximum candidates (maxclock) */
! 3701: sys_maxclock = (int)dvalue;
! 3702: break;
! 3703:
! 3704: case PROTO_MAXDIST: /* select threshold (maxdist) */
! 3705: sys_maxdist = dvalue;
! 3706: break;
! 3707:
! 3708: case PROTO_CALLDELAY: /* modem call delay (mdelay) */
! 3709: break; /* NOT USED */
! 3710:
! 3711: case PROTO_MINCLOCK: /* minimum candidates (minclock) */
! 3712: sys_minclock = (int)dvalue;
! 3713: break;
! 3714:
! 3715: case PROTO_MINDISP: /* minimum distance (mindist) */
! 3716: sys_mindisp = dvalue;
! 3717: break;
! 3718:
! 3719: case PROTO_MINSANE: /* minimum survivors (minsane) */
! 3720: sys_minsane = (int)dvalue;
! 3721: break;
! 3722:
! 3723: case PROTO_ORPHAN: /* orphan stratum (orphan) */
! 3724: sys_orphan = (int)dvalue;
! 3725: break;
! 3726:
! 3727: case PROTO_ADJ: /* tick increment (tick) */
! 3728: sys_tick = dvalue;
! 3729: break;
! 3730:
! 3731: /*
! 3732: * Miscellaneous commands
! 3733: */
! 3734: case PROTO_MULTICAST_ADD: /* add group address */
! 3735: if (svalue != NULL)
! 3736: io_multicast_add(svalue);
! 3737: sys_bclient = 1;
! 3738: break;
! 3739:
! 3740: case PROTO_MULTICAST_DEL: /* delete group address */
! 3741: if (svalue != NULL)
! 3742: io_multicast_del(svalue);
! 3743: break;
! 3744:
! 3745: default:
! 3746: msyslog(LOG_NOTICE,
! 3747: "proto: unsupported option %d", item);
! 3748: }
! 3749: }
! 3750:
! 3751:
! 3752: /*
! 3753: * proto_clr_stats - clear protocol stat counters
! 3754: */
! 3755: void
! 3756: proto_clr_stats(void)
! 3757: {
! 3758: sys_stattime = current_time;
! 3759: sys_received = 0;
! 3760: sys_processed = 0;
! 3761: sys_newversion = 0;
! 3762: sys_oldversion = 0;
! 3763: sys_declined = 0;
! 3764: sys_restricted = 0;
! 3765: sys_badlength = 0;
! 3766: sys_badauth = 0;
! 3767: sys_limitrejected = 0;
! 3768: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to ntp_proto.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ntp / ntpd