diff options
| author | roberto <roberto@FreeBSD.org> | 2008-08-17 17:37:33 +0000 |
|---|---|---|
| committer | roberto <roberto@FreeBSD.org> | 2008-08-17 17:37:33 +0000 |
| commit | 4ded1c1fa0bc21c61f91a2dbe864835986745121 (patch) | |
| tree | 16d100fbc9dae63888d48b464e471ba0e5065193 /contrib/ntp/ntpd/ntp_proto.c | |
| parent | 8b5a86d4fda08a9c68231415812edcb26be52f79 (diff) | |
| download | FreeBSD-src-4ded1c1fa0bc21c61f91a2dbe864835986745121.zip FreeBSD-src-4ded1c1fa0bc21c61f91a2dbe864835986745121.tar.gz | |
Flatten the dist and various 4.n.n trees in preparation of future ntp imports.
Diffstat (limited to 'contrib/ntp/ntpd/ntp_proto.c')
| -rw-r--r-- | contrib/ntp/ntpd/ntp_proto.c | 3208 |
1 files changed, 0 insertions, 3208 deletions
diff --git a/contrib/ntp/ntpd/ntp_proto.c b/contrib/ntp/ntpd/ntp_proto.c deleted file mode 100644 index 451bc9a..0000000 --- a/contrib/ntp/ntpd/ntp_proto.c +++ /dev/null @@ -1,3208 +0,0 @@ -/* - * ntp_proto.c - NTP version 4 protocol machinery - * - * ATTENTION: Get approval from Dave Mills on all changes to this file! - * - */ -#ifdef HAVE_CONFIG_H -#include <config.h> -#endif - -#include "ntpd.h" -#include "ntp_stdlib.h" -#include "ntp_unixtime.h" -#include "ntp_control.h" -#include "ntp_string.h" - -#include <stdio.h> - -#if defined(VMS) && defined(VMS_LOCALUNIT) /*wjm*/ -#include "ntp_refclock.h" -#endif - -#if defined(__FreeBSD__) && __FreeBSD__ >= 3 -#include <sys/sysctl.h> -#endif - -/* - * System variables are declared here. See Section 3.2 of the - * specification. - */ -u_char sys_leap; /* system leap indicator */ -u_char sys_stratum; /* stratum of system */ -s_char sys_precision; /* local clock precision */ -double sys_rootdelay; /* roundtrip delay to primary source */ -double sys_rootdispersion; /* dispersion to primary source */ -u_int32 sys_refid; /* reference source for local clock */ -u_int32 sys_peer_refid; /* hashed refid of our current peer */ -static double sys_offset; /* current local clock offset */ -l_fp sys_reftime; /* time we were last updated */ -struct peer *sys_peer; /* our current peer */ -struct peer *sys_prefer; /* our cherished peer */ -int sys_kod; /* kod credit */ -int sys_kod_rate = 2; /* max kod packets per second */ -#ifdef OPENSSL -u_long sys_automax; /* maximum session key lifetime */ -#endif /* OPENSSL */ - -/* - * Nonspecified system state variables. - */ -int sys_bclient; /* broadcast client enable */ -double sys_bdelay; /* broadcast client default delay */ -int sys_calldelay; /* modem callup delay (s) */ -int sys_authenticate; /* requre authentication for config */ -l_fp sys_authdelay; /* authentication delay */ -static u_long sys_authdly[2]; /* authentication delay shift reg */ -static u_char leap_consensus; /* consensus of survivor leap bits */ -static double sys_selerr; /* select error (squares) */ -static double sys_syserr; /* system error (squares) */ -keyid_t sys_private; /* private value for session seed */ -int sys_manycastserver; /* respond to manycast client pkts */ -int peer_ntpdate; /* active peers in ntpdate mode */ -int sys_survivors; /* truest of the truechimers */ -#ifdef OPENSSL -char *sys_hostname; /* gethostname() name */ -#endif /* OPENSSL */ - -/* - * TOS and multicast mapping stuff - */ -int sys_floor = 1; /* cluster stratum floor */ -int sys_ceiling = STRATUM_UNSPEC; /* cluster stratum ceiling*/ -int sys_minsane = 1; /* minimum candidates */ -int sys_minclock = NTP_MINCLOCK; /* minimum survivors */ -int sys_cohort = 0; /* cohort switch */ -int sys_ttlmax; /* max ttl mapping vector index */ -u_char sys_ttl[MAX_TTL]; /* ttl mapping vector */ - -/* - * Statistics counters - */ -u_long sys_stattime; /* time since reset */ -u_long sys_received; /* packets received */ -u_long sys_processed; /* packets processed */ -u_long sys_newversionpkt; /* current version */ -u_long sys_oldversionpkt; /* recent version */ -u_long sys_unknownversion; /* invalid version */ -u_long sys_restricted; /* access denied */ -u_long sys_badlength; /* bad length or format */ -u_long sys_badauth; /* bad authentication */ -u_long sys_limitrejected; /* rate exceeded */ - -static double root_distance P((struct peer *)); -static double clock_combine P((struct peer **, int)); -static void peer_xmit P((struct peer *)); -static void fast_xmit P((struct recvbuf *, int, keyid_t, int)); -static void clock_update P((void)); -int default_get_precision P((void)); -static int peer_unfit P((struct peer *)); - -/* - * transmit - Transmit Procedure. See Section 3.4.2 of the - * specification. - */ -void -transmit( - struct peer *peer /* peer structure pointer */ - ) -{ - int hpoll; - - - /* - * The polling state machine. There are two kinds of machines, - * those that never expect a reply (broadcast and manycast - * server modes) and those that do (all other modes). The dance - * is intricate... - */ - hpoll = peer->hpoll; - if (peer->cast_flags & (MDF_BCAST | MDF_MCAST)) { - - /* - * In broadcast mode the poll interval is fixed - * at minpoll. - */ - hpoll = peer->minpoll; - } else if (peer->cast_flags & MDF_ACAST) { - - /* - * In manycast mode we start with the minpoll interval - * and ttl. However, the actual poll interval is eight - * times the nominal poll interval shown here. If fewer - * than sys_minclock servers are found, the ttl is - * increased by one and we try again. If this continues - * to the max ttl, the poll interval is bumped by one - * and we try again. If at least sys_minclock servers - * are found, the poll interval increases with the - * system poll interval to the max and we continue - * indefinately. However, about once per day when the - * agreement parameters are refreshed, the manycast - * clients are reset and we start from the beginning. - * This is to catch and clamp the ttl to the lowest - * practical value and avoid knocking on spurious doors. - */ - if (sys_survivors < sys_minclock && peer->ttl < - sys_ttlmax) - peer->ttl++; - hpoll = sys_poll; - } else { - - /* - * For associations expecting a reply, the watchdog - * counter is bumped by one if the peer has not been - * heard since the previous poll. If the counter reaches - * the max, the poll interval is doubled and the peer is - * demobilized if not configured. - */ - peer->unreach++; - if (peer->unreach >= NTP_UNREACH) { - hpoll++; - if (peer->flags & FLAG_CONFIG) { - - /* - * If nothing is likely to change in - * future, flash the access denied bit - * so we won't bother the dude again. - */ - if (memcmp((char *)&peer->refid, - "DENY", 4) == 0 || - memcmp((char *)&peer->refid, - "CRYP", 4) == 0) - peer->flash |= TEST4; - } else { - unpeer(peer); - return; - } - } - if (peer->burst == 0) { - u_char oreach; - - oreach = peer->reach; - peer->reach <<= 1; - peer->hyst *= HYST_TC; - if (peer->reach == 0) { - - /* - * If this association has become - * unreachable, clear it and raise a - * trap. - */ - if (oreach != 0) { - report_event(EVNT_UNREACH, - peer); - peer->timereachable = - current_time; - if (peer->flags & FLAG_CONFIG) { - peer_clear(peer, - "INIT"); - } else { - unpeer(peer); - return; - } - } - if (peer->flags & FLAG_IBURST) - peer->burst = NTP_BURST; - } else { - /* - * Here the peer is reachable. If it has - * not been heard for three consecutive - * polls, stuff the clock filter. Next, - * determine the poll interval. If the - * peer is unfit for synchronization, - * increase it by one; otherwise, use - * the system poll interval. - */ - if (!(peer->reach & 0x07)) { - clock_filter(peer, 0., 0., - MAXDISPERSE); - clock_select(); - } - if (peer_unfit(peer)) - hpoll++; - else - hpoll = sys_poll; - if (peer->flags & FLAG_BURST) - peer->burst = NTP_BURST; - } - } else { - - /* - * Source rate control. If we are restrained, - * each burst consists of only one packet. - */ - if (memcmp((char *)&peer->refid, "RSTR", 4) == - 0) - peer->burst = 0; - else - peer->burst--; - if (peer->burst == 0) { - /* - * If a broadcast client at this point, - * the burst has concluded, so we switch - * to client mode and purge the keylist, - * since no further transmissions will - * be made. - */ - if (peer->cast_flags & MDF_BCLNT) { - peer->hmode = MODE_BCLIENT; -#ifdef OPENSSL - key_expire(peer); -#endif /* OPENSSL */ - } - poll_update(peer, hpoll); - clock_select(); - - /* - * If ntpdate mode and the clock has not - * been set and all peers have completed - * the burst, we declare a successful - * failure. - */ - if (mode_ntpdate) { - peer_ntpdate--; - if (peer_ntpdate > 0) { - poll_update( - peer, hpoll); - return; - } - msyslog(LOG_NOTICE, - "no reply; clock not set"); - exit (0); - } - poll_update(peer, hpoll); - return; - } - } - } - peer->outdate = current_time; - - /* - * Do not transmit if in broadcast cclient mode or access has - * been denied. - */ - if (peer->hmode == MODE_BCLIENT || peer->flash & TEST4) { - poll_update(peer, hpoll); - return; - - /* - * Do not transmit in broadcast mode unless we are synchronized. - */ - } else if (peer->hmode == MODE_BROADCAST && sys_peer == NULL) { - poll_update(peer, hpoll); - return; - } - peer_xmit(peer); - poll_update(peer, hpoll); -} - -/* - * receive - Receive Procedure. See section 3.4.3 in the specification. - */ -void -receive( - struct recvbuf *rbufp - ) -{ - register struct peer *peer; /* peer structure pointer */ - register struct pkt *pkt; /* receive packet pointer */ - int hismode; /* packet mode */ - int restrict_mask; /* restrict bits */ - int has_mac; /* length of MAC field */ - int authlen; /* offset of MAC field */ - int is_authentic; /* cryptosum ok */ - keyid_t skeyid = 0; /* key ID */ - struct sockaddr_storage *dstadr_sin; /* active runway */ - struct peer *peer2; /* aux peer structure pointer */ - l_fp p_org; /* originate timestamp */ - l_fp p_xmt; /* transmit timestamp */ -#ifdef OPENSSL - keyid_t tkeyid = 0; /* temporary key ID */ - keyid_t pkeyid = 0; /* previous key ID */ - struct autokey *ap; /* autokey structure pointer */ - int rval; /* cookie snatcher */ -#endif /* OPENSSL */ - int retcode = AM_NOMATCH; - - /* - * Monitor the packet and get restrictions. Note that the packet - * length for control and private mode packets must be checked - * by the service routines. Note that no statistics counters are - * recorded for restrict violations, since these counters are in - * the restriction routine. Note the careful distinctions here - * between a packet with a format error and a packet that is - * simply discarded without prejudice. Some restrictions have to - * be handled later in order to generate a kiss-of-death packet. - */ - /* - * Bogus port check is before anything, since it probably - * reveals a clogging attack. - */ - sys_received++; - if (SRCPORT(&rbufp->recv_srcadr) == 0) { - sys_badlength++; - return; /* bogus port */ - } - ntp_monitor(rbufp); - restrict_mask = restrictions(&rbufp->recv_srcadr); -#ifdef DEBUG - if (debug > 1) - printf("receive: at %ld %s<-%s restrict %03x\n", - current_time, stoa(&rbufp->dstadr->sin), - stoa(&rbufp->recv_srcadr), restrict_mask); -#endif - if (restrict_mask & RES_IGNORE) { - sys_restricted++; - return; /* no anything */ - } - pkt = &rbufp->recv_pkt; - hismode = (int)PKT_MODE(pkt->li_vn_mode); - if (hismode == MODE_PRIVATE) { - if (restrict_mask & RES_NOQUERY) { - sys_restricted++; - return; /* no query private */ - } - process_private(rbufp, ((restrict_mask & - RES_NOMODIFY) == 0)); - return; - } - if (hismode == MODE_CONTROL) { - if (restrict_mask & RES_NOQUERY) { - sys_restricted++; - return; /* no query control */ - } - process_control(rbufp, restrict_mask); - return; - } - if (restrict_mask & RES_DONTSERVE) { - sys_restricted++; - return; /* no time */ - } - if (rbufp->recv_length < LEN_PKT_NOMAC) { - sys_badlength++; - return; /* runt packet */ - } - - /* - * Version check must be after the query packets, since they - * intentionally use early version. - */ - if (PKT_VERSION(pkt->li_vn_mode) == NTP_VERSION) { - sys_newversionpkt++; /* new version */ - } else if (!(restrict_mask & RES_VERSION) && - PKT_VERSION(pkt->li_vn_mode) >= NTP_OLDVERSION) { - sys_oldversionpkt++; /* previous version */ - } else { - sys_unknownversion++; - return; /* old version */ - } - - /* - * Figure out his mode and validate the packet. This has some - * legacy raunch that probably should be removed. In very early - * NTP versions mode 0 was equivalent to what later versions - * would interpret as client mode. - */ - if (hismode == MODE_UNSPEC) { - if (PKT_VERSION(pkt->li_vn_mode) == NTP_OLDVERSION) { - hismode = MODE_CLIENT; - } else { - sys_badlength++; - return; /* invalid mode */ - } - } - - /* - * Discard broadcast if not enabled as broadcast client. If - * Autokey, the wildcard interface cannot be used, so dump - * packets gettiing off the bus at that stop as well. This means - * that some systems with broken interface code, specifically - * Linux, will not work with Autokey. - */ - if (hismode == MODE_BROADCAST) { - if (!sys_bclient || restrict_mask & RES_NOPEER) { - sys_restricted++; - return; /* no client */ - } -#ifdef OPENSSL - if (crypto_flags && rbufp->dstadr == any_interface) { - sys_restricted++; - return; /* no client */ - } -#endif /* OPENSSL */ - } - - /* - * Parse the extension field if present. We figure out whether - * an extension field is present by measuring the MAC size. If - * the number of words following the packet header is 0 or 1, no - * MAC is present and the packet is not authenticated. If 1, the - * packet is a reply to a previous request that failed to - * authenticate. If 3, the packet is authenticated with DES; if - * 5, the packet is authenticated with MD5. If greater than 5, - * an extension field is present. If 2 or 4, the packet is a - * runt and goes poof! with a brilliant flash. - */ - authlen = LEN_PKT_NOMAC; - has_mac = rbufp->recv_length - authlen; - while (has_mac > 0) { - int temp; - - if (has_mac % 4 != 0 || has_mac < 0) { - sys_badlength++; - return; /* bad MAC length */ - } - if (has_mac == 1 * 4 || has_mac == 3 * 4 || has_mac == - MAX_MAC_LEN) { - skeyid = ntohl(((u_int32 *)pkt)[authlen / 4]); - break; - - } else if (has_mac > MAX_MAC_LEN) { - temp = ntohl(((u_int32 *)pkt)[authlen / 4]) & - 0xffff; - if (temp < 4 || temp > NTP_MAXEXTEN || temp % 4 - != 0) { - sys_badlength++; - return; /* bad MAC length */ - } - authlen += temp; - has_mac -= temp; - } else { - sys_badlength++; - return; /* bad MAC length */ - } - } -#ifdef OPENSSL - pkeyid = tkeyid = 0; -#endif /* OPENSSL */ - - /* - * We have tossed out as many buggy packets as possible early in - * the game to reduce the exposure to a clogging attack. Now we - * have to burn some cycles to find the association and - * authenticate the packet if required. Note that we burn only - * MD5 cycles, again to reduce exposure. There may be no - * matching association and that's okay. - * - * More on the autokey mambo. Normally the local interface is - * found when the association was mobilized with respect to a - * designated remote address. We assume packets arriving from - * the remote address arrive via this interface and the local - * address used to construct the autokey is the unicast address - * of the interface. However, if the sender is a broadcaster, - * the interface broadcast address is used instead. - * Notwithstanding this technobabble, if the sender is a - * multicaster, the broadcast address is null, so we use the - * unicast address anyway. Don't ask. - */ - peer = findpeer(&rbufp->recv_srcadr, rbufp->dstadr, rbufp->fd, - hismode, &retcode); - is_authentic = 0; - dstadr_sin = &rbufp->dstadr->sin; - if (has_mac == 0) { -#ifdef DEBUG - if (debug) - printf("receive: at %ld %s<-%s mode %d code %d\n", - current_time, stoa(&rbufp->dstadr->sin), - stoa(&rbufp->recv_srcadr), hismode, - retcode); -#endif - } else { -#ifdef OPENSSL - /* - * For autokey modes, generate the session key - * and install in the key cache. Use the socket - * broadcast or unicast address as appropriate. - */ - if (skeyid > NTP_MAXKEY) { - - /* - * More on the autokey dance (AKD). A cookie is - * constructed from public and private values. - * For broadcast packets, the cookie is public - * (zero). For packets that match no - * association, the cookie is hashed from the - * addresses and private value. For server - * packets, the cookie was previously obtained - * from the server. For symmetric modes, the - * cookie was previously constructed using an - * agreement protocol; however, should PKI be - * unavailable, we construct a fake agreement as - * the EXOR of the peer and host cookies. - * - * hismode ephemeral persistent - * ======================================= - * active 0 cookie# - * passive 0% cookie# - * client sys cookie 0% - * server 0% sys cookie - * broadcast 0 0 - * - * # if unsync, 0 - * % can't happen - */ - if (hismode == MODE_BROADCAST) { - - /* - * For broadcaster, use the interface - * broadcast address when available; - * otherwise, use the unicast address - * found when the association was - * mobilized. - */ - pkeyid = 0; - if (!SOCKNUL(&rbufp->dstadr->bcast)) - dstadr_sin = - &rbufp->dstadr->bcast; - } else if (peer == NULL) { - pkeyid = session_key( - &rbufp->recv_srcadr, dstadr_sin, 0, - sys_private, 0); - } else { - pkeyid = peer->pcookie; - } - - /* - * The session key includes both the public - * values and cookie. In case of an extension - * field, the cookie used for authentication - * purposes is zero. Note the hash is saved for - * use later in the autokey mambo. - */ - if (authlen > LEN_PKT_NOMAC && pkeyid != 0) { - session_key(&rbufp->recv_srcadr, - dstadr_sin, skeyid, 0, 2); - tkeyid = session_key( - &rbufp->recv_srcadr, dstadr_sin, - skeyid, pkeyid, 0); - } else { - tkeyid = session_key( - &rbufp->recv_srcadr, dstadr_sin, - skeyid, pkeyid, 2); - } - - } -#endif /* OPENSSL */ - - /* - * Compute the cryptosum. Note a clogging attack may - * succeed in bloating the key cache. If an autokey, - * purge it immediately, since we won't be needing it - * again. If the packet is authentic, it may mobilize an - * association. - */ - if (authdecrypt(skeyid, (u_int32 *)pkt, authlen, - has_mac)) { - is_authentic = 1; - restrict_mask &= ~RES_DONTTRUST; - } else { - sys_badauth++; - } -#ifdef OPENSSL - if (skeyid > NTP_MAXKEY) - authtrust(skeyid, 0); -#endif /* OPENSSL */ -#ifdef DEBUG - if (debug) - printf( - "receive: at %ld %s<-%s mode %d code %d keyid %08x len %d mac %d auth %d\n", - current_time, stoa(dstadr_sin), - stoa(&rbufp->recv_srcadr), hismode, retcode, - skeyid, authlen, has_mac, - is_authentic); -#endif - } - - /* - * The association matching rules are implemented by a set of - * routines and a table in ntp_peer.c. A packet matching an - * association is processed by that association. If not and - * certain conditions prevail, then an ephemeral association is - * mobilized: a broadcast packet mobilizes a broadcast client - * aassociation; a manycast server packet mobilizes a manycast - * client association; a symmetric active packet mobilizes a - * symmetric passive association. And, the adventure - * continues... - */ - switch (retcode) { - case AM_FXMIT: - - /* - * This is a client mode packet not matching a known - * association. If from a manycast client we run a few - * sanity checks before deciding to send a unicast - * server response. Otherwise, it must be a client - * request, so send a server response and go home. - */ - if (sys_manycastserver && (rbufp->dstadr->flags & - INT_MULTICAST)) { - - /* - * There is no reason to respond to a request if - * our time is worse than the manycaster or it - * has already synchronized to us. - */ - if (sys_peer == NULL || - PKT_TO_STRATUM(pkt->stratum) < - sys_stratum || (sys_cohort && - PKT_TO_STRATUM(pkt->stratum) == - sys_stratum) || - rbufp->dstadr->addr_refid == pkt->refid) - return; /* manycast dropped */ - } - - /* - * Note that we don't require an authentication check - * here, since we can't set the system clock; but, we do - * send a crypto-NAK to tell the caller about this. - */ - if (has_mac && !is_authentic) - fast_xmit(rbufp, MODE_SERVER, 0, restrict_mask); - else - fast_xmit(rbufp, MODE_SERVER, skeyid, - restrict_mask); - return; - - case AM_MANYCAST: - - /* - * This is a server mode packet returned in response to - * a client mode packet sent to a multicast group - * address. The originate timestamp is a good nonce to - * reliably associate the reply with what was sent. If - * there is no match, that's curious and could be an - * intruder attempting to clog, so we just ignore it. - * - * First, make sure the packet is authentic and not - * restricted. If so and the manycast association is - * found, we mobilize a client association and copy - * pertinent variables from the manycast association to - * the new client association. - * - * There is an implosion hazard at the manycast client, - * since the manycast servers send the server packet - * immediately. If the guy is already here, don't fire - * up a duplicate. - */ - if (restrict_mask & RES_DONTTRUST) { - sys_restricted++; - return; /* no trust */ - } - - if (sys_authenticate && !is_authentic) - return; /* bad auth */ - - if ((peer2 = findmanycastpeer(rbufp)) == NULL) - return; /* no assoc match */ - - if ((peer = newpeer(&rbufp->recv_srcadr, rbufp->dstadr, - MODE_CLIENT, PKT_VERSION(pkt->li_vn_mode), - NTP_MINDPOLL, NTP_MAXDPOLL, FLAG_IBURST, MDF_UCAST | - MDF_ACLNT, 0, skeyid)) == NULL) - return; /* system error */ - - /* - * We don't need these, but it warms the billboards. - */ - peer->ttl = peer2->ttl; - break; - - case AM_NEWPASS: - - /* - * This is the first packet received from a symmetric - * active peer. First, make sure it is authentic and not - * restricted. If so, mobilize a passive association. - * If authentication fails send a crypto-NAK; otherwise, - * kiss the frog. - */ - if (restrict_mask & RES_DONTTRUST) { - sys_restricted++; - return; /* no trust */ - } - if (sys_authenticate && !is_authentic) { - fast_xmit(rbufp, MODE_PASSIVE, 0, - restrict_mask); - return; /* bad auth */ - } - if ((peer = newpeer(&rbufp->recv_srcadr, rbufp->dstadr, - MODE_PASSIVE, PKT_VERSION(pkt->li_vn_mode), - NTP_MINDPOLL, NTP_MAXDPOLL, 0, MDF_UCAST, 0, - skeyid)) == NULL) - return; /* system error */ - - break; - - case AM_NEWBCL: - - /* - * This is the first packet received from a broadcast - * server. First, make sure it is authentic and not - * restricted and that we are a broadcast client. If so, - * mobilize a broadcast client association. We don't - * kiss any frogs here. - */ - if (restrict_mask & RES_DONTTRUST) { - sys_restricted++; - return; /* no trust */ - } - if (sys_authenticate && !is_authentic) - return; /* bad auth */ - - if (!sys_bclient) - return; /* not a client */ - - if ((peer = newpeer(&rbufp->recv_srcadr, rbufp->dstadr, - MODE_CLIENT, PKT_VERSION(pkt->li_vn_mode), - NTP_MINDPOLL, NTP_MAXDPOLL, FLAG_MCAST | - FLAG_IBURST, MDF_BCLNT, 0, skeyid)) == NULL) - return; /* system error */ -#ifdef OPENSSL - /* - * Danger looms. If this is autokey, go process the - * extension fields. If something goes wrong, abandon - * ship and don't trust subsequent packets. - */ - if (crypto_flags) { - if ((rval = crypto_recv(peer, rbufp)) != - XEVNT_OK) { - struct sockaddr_storage mskadr_sin; - - unpeer(peer); - sys_restricted++; - SET_HOSTMASK(&mskadr_sin, - rbufp->recv_srcadr.ss_family); - hack_restrict(RESTRICT_FLAGS, - &rbufp->recv_srcadr, &mskadr_sin, - 0, RES_DONTTRUST | RES_TIMEOUT); -#ifdef DEBUG - if (debug) - printf( - "packet: bad exten %x\n", - rval); -#endif - } - } -#endif /* OPENSSL */ - return; - - case AM_POSSBCL: - - /* - * This is a broadcast packet received in client mode. - * It could happen if the initial client/server volley - * is not complete before the next broadcast packet is - * received. Be liberal in what we accept. - */ - case AM_PROCPKT: - - /* - * This is a symmetric mode packet received in symmetric - * mode, a server packet received in client mode or a - * broadcast packet received in broadcast client mode. - * If it is restricted, this is very strange because it - * is rude to send a packet to a restricted address. If - * anyway, flash a restrain kiss and skedaddle to - * Seattle. If not authentic, leave a light on and - * continue. - */ - peer->flash = 0; - if (restrict_mask & RES_DONTTRUST) { - sys_restricted++; - if (peer->flags & FLAG_CONFIG) - peer_clear(peer, "RSTR"); - else - unpeer(peer); - return; /* no trust */ - } - if (has_mac && !is_authentic) - peer->flash |= TEST5; /* bad auth */ - break; - - default: - - /* - * Invalid mode combination. This happens when a passive - * mode packet arrives and matches another passive - * association or no association at all, or when a - * server mode packet arrives and matches a broadcast - * client association. This is usually the result of - * reconfiguring a client on-fly. If authenticated - * passive mode packet, send a crypto-NAK; otherwise, - * ignore it. - */ - if (has_mac && hismode == MODE_PASSIVE) - fast_xmit(rbufp, MODE_ACTIVE, 0, restrict_mask); -#ifdef DEBUG - if (debug) - printf("receive: bad protocol %d\n", retcode); -#endif - return; - } - - /* - * We do a little homework. Note we can get here with an - * authentication error. We Need to do this in order to validate - * a crypto-NAK later. Note the order of processing; it is very - * important to avoid livelocks, deadlocks and lockpicks. - */ - peer->timereceived = current_time; - peer->received++; - if (peer->flash & TEST5) - peer->flags &= ~FLAG_AUTHENTIC; - else - peer->flags |= FLAG_AUTHENTIC; - NTOHL_FP(&pkt->org, &p_org); - NTOHL_FP(&pkt->xmt, &p_xmt); - - /* - * If the packet is an old duplicate, we let it through so the - * extension fields will be processed. - */ - if (L_ISEQU(&peer->org, &p_xmt)) { /* test 1 */ - peer->flash |= TEST1; /* dupe */ - /* fall through */ - - /* - * For broadcast server mode, loopback checking is disabled. An - * authentication error probably means the server restarted or - * rolled a new private value. If so, dump the association - * and wait for the next message. - */ - } else if (hismode == MODE_BROADCAST) { - if (peer->flash & TEST5) { - unpeer(peer); - return; - } - /* fall through */ - - /* - * For server and symmetric modes, if the association transmit - * timestamp matches the packet originate timestamp, loopback is - * confirmed. Note in symmetric modes this also happens when the - * first packet from the active peer arrives at the newly - * mobilized passive peer. An authentication error probably - * means the server or peer restarted or rolled a new private - * value, but could be an intruder trying to stir up trouble. - * However, if this is a crypto-NAK, we know it is authentic, so - * dump the association and wait for the next message. - */ - } else if (L_ISEQU(&peer->xmt, &p_org)) { - if (peer->flash & TEST5) { - if (has_mac == 4 && pkt->exten[0] == 0) { - if (peer->flags & FLAG_CONFIG) - peer_clear(peer, "AUTH"); - else - unpeer(peer); - } - return; - } - /* fall through */ - - /* - * If the client or passive peer has never transmitted anything, - * this is either the first message from a symmetric peer or - * possibly a duplicate received before the transmit timeout. - * Pass it on. - */ - } else if (L_ISZERO(&peer->xmt)) { - /* fall through */ - - /* - * Now it gets interesting. We have transmitted at least one - * packet. If the packet originate timestamp is nonzero, it - * does not match the association transmit timestamp, which is a - * loopback error. This error might mean a manycast server has - * answered a manycast honk from us and we already have an - * association for him, in which case quietly drop the packet - * here. It might mean an old duplicate, dropped packet or - * intruder replay, in which case we drop it later after - * extension field processing, but never let it touch the time - * values. - */ - } else if (!L_ISZERO(&p_org)) { - if (peer->cast_flags & MDF_ACLNT) - return; /* not a client */ - - peer->flash |= TEST2; - /* fall through */ - - /* - * The packet originate timestamp is zero, meaning the other guy - * either didn't receive the first packet or died and restarted. - * If the association originate timestamp is zero, this is the - * first packet received, so we pass it on. - */ - } else if (L_ISZERO(&peer->org)) { - /* fall through */ - - /* - * The other guy has restarted and we are still on the wire. We - * should demobilize/clear and get out of Dodge. If this is - * symmetric mode, we should also send a crypto-NAK. - */ - } else { - if (hismode == MODE_ACTIVE) - fast_xmit(rbufp, MODE_PASSIVE, 0, - restrict_mask); - else if (hismode == MODE_PASSIVE) - fast_xmit(rbufp, MODE_ACTIVE, 0, restrict_mask); -#if DEBUG - if (debug) - printf("receive: dropped %03x\n", peer->flash); -#endif - if (peer->flags & FLAG_CONFIG) - peer_clear(peer, "DROP"); - else - unpeer(peer); - return; - } - if (peer->flash & ~TEST2) { - return; - } - -#ifdef OPENSSL - /* - * More autokey dance. The rules of the cha-cha are as follows: - * - * 1. If there is no key or the key is not auto, do nothing. - * - * 2. If this packet is in response to the one just previously - * sent or from a broadcast server, do the extension fields. - * Otherwise, assume bogosity and bail out. - * - * 3. If an extension field contains a verified signature, it is - * self-authenticated and we sit the dance. - * - * 4. If this is a server reply, check only to see that the - * transmitted key ID matches the received key ID. - * - * 5. Check to see that one or more hashes of the current key ID - * matches the previous key ID or ultimate original key ID - * obtained from the broadcaster or symmetric peer. If no - * match, sit the dance and wait for timeout. - */ - if (crypto_flags && (peer->flags & FLAG_SKEY)) { - peer->flash |= TEST10; - rval = crypto_recv(peer, rbufp); - if (rval != XEVNT_OK) { - /* fall through */ - - } else if (hismode == MODE_SERVER) { - if (skeyid == peer->keyid) - peer->flash &= ~TEST10; - } else if (!peer->flash & TEST10) { - peer->pkeyid = skeyid; - } else if ((ap = (struct autokey *)peer->recval.ptr) != - NULL) { - int i; - - for (i = 0; ; i++) { - if (tkeyid == peer->pkeyid || - tkeyid == ap->key) { - peer->flash &= ~TEST10; - peer->pkeyid = skeyid; - break; - } - if (i > ap->seq) - break; - tkeyid = session_key( - &rbufp->recv_srcadr, dstadr_sin, - tkeyid, pkeyid, 0); - } - } - if (!(peer->crypto & CRYPTO_FLAG_PROV)) /* test 11 */ - peer->flash |= TEST11; /* not proventic */ - - /* - * If the transmit queue is nonempty, clamp the host - * poll interval to the packet poll interval. - */ - if (peer->cmmd != 0) { - peer->ppoll = pkt->ppoll; - poll_update(peer, 0); - } - - /* - * If the return code from extension field processing is - * not okay, we scrub the association and start over. - */ - if (rval != XEVNT_OK) { - - /* - * If the return code is bad, the crypto machine - * may be jammed or an intruder may lurk. First, - * we demobilize the association, then see if - * the error is recoverable. - */ - if (peer->flags & FLAG_CONFIG) - peer_clear(peer, "CRYP"); - else - unpeer(peer); -#ifdef DEBUG - if (debug) - printf("packet: bad exten %x\n", rval); -#endif - return; - } - - /* - * If TEST10 is lit, the autokey sequence has broken, - * which probably means the server has refreshed its - * private value. We reset the poll interval to the - & minimum and scrub the association clean. - */ - if (peer->flash & TEST10 && peer->crypto & - CRYPTO_FLAG_AUTO) { - poll_update(peer, peer->minpoll); -#ifdef DEBUG - if (debug) - printf( - "packet: bad auto %03x\n", - peer->flash); -#endif - if (peer->flags & FLAG_CONFIG) - peer_clear(peer, "AUTO"); - else - unpeer(peer); - return; - } - } -#endif /* OPENSSL */ - - /* - * We have survived the gaunt. Forward to the packet routine. If - * a symmetric passive association has been mobilized and the - * association doesn't deserve to live, it will die in the - * transmit routine if not reachable after timeout. However, if - * either symmetric mode and the crypto code has something - * urgent to say, we expedite the response. - */ - process_packet(peer, pkt, &rbufp->recv_time); -} - - -/* - * process_packet - Packet Procedure, a la Section 3.4.4 of the - * specification. Or almost, at least. If we're in here we have a - * reasonable expectation that we will be having a long term - * relationship with this host. - */ -void -process_packet( - register struct peer *peer, - register struct pkt *pkt, - l_fp *recv_ts - ) -{ - l_fp t34, t21; - double p_offset, p_del, p_disp; - double dtemp; - l_fp p_rec, p_xmt, p_org, p_reftime; - l_fp ci; - u_char pmode, pleap, pstratum; - - /* - * Swap header fields and keep the books. The books amount to - * the receive timestamp and poll interval in the header. We - * need these even if there are other problems in order to crank - * up the state machine. - */ - sys_processed++; - peer->processed++; - p_del = FPTOD(NTOHS_FP(pkt->rootdelay)); - p_disp = FPTOD(NTOHS_FP(pkt->rootdispersion)); - NTOHL_FP(&pkt->reftime, &p_reftime); - NTOHL_FP(&pkt->rec, &p_rec); - NTOHL_FP(&pkt->xmt, &p_xmt); - pmode = PKT_MODE(pkt->li_vn_mode); - pleap = PKT_LEAP(pkt->li_vn_mode); - if (pmode != MODE_BROADCAST) - NTOHL_FP(&pkt->org, &p_org); - else - p_org = peer->rec; - pstratum = PKT_TO_STRATUM(pkt->stratum); - - /* - * Test for unsynchronized server. - */ - if (L_ISHIS(&peer->org, &p_xmt)) /* count old packets */ - peer->oldpkt++; - if (pmode != MODE_BROADCAST && (L_ISZERO(&p_rec) || - L_ISZERO(&p_org))) /* test 3 */ - peer->flash |= TEST3; /* unsynch */ - if (L_ISZERO(&p_xmt)) /* test 3 */ - peer->flash |= TEST3; /* unsynch */ - - /* - * If any tests fail, the packet is discarded leaving only the - * timestamps, which are enough to get the protocol started. The - * originate timestamp is copied from the packet transmit - * timestamp and the receive timestamp is copied from the - * packet receive timestamp. If okay so far, we save the leap, - * stratum and refid for billboards. - */ - peer->org = p_xmt; - peer->rec = *recv_ts; - if (peer->flash) { -#ifdef DEBUG - if (debug) - printf("packet: bad data %03x from address: %s\n", - peer->flash, stoa(&peer->srcadr)); -#endif - return; - } - peer->leap = pleap; - peer->stratum = pstratum; - peer->refid = pkt->refid; - - /* - * Test for valid peer data (tests 6-8) - */ - ci = p_xmt; - L_SUB(&ci, &p_reftime); - LFPTOD(&ci, dtemp); - if (pleap == LEAP_NOTINSYNC || /* test 6 */ - pstratum >= STRATUM_UNSPEC || dtemp < 0) - peer->flash |= TEST6; /* bad synch */ - if (!(peer->flags & FLAG_CONFIG) && sys_peer != NULL) { /* test 7 */ - if (pstratum > sys_stratum && pmode != MODE_ACTIVE) - peer->flash |= TEST7; /* bad stratum */ - } - if (p_del < 0 || p_disp < 0 || p_del / /* test 8 */ - 2 + p_disp >= MAXDISPERSE) - peer->flash |= TEST8; /* bad peer values */ - - /* - * If any tests fail at this point, the packet is discarded. - */ - if (peer->flash) { -#ifdef DEBUG - if (debug) - printf("packet: bad header %03x\n", - peer->flash); -#endif - return; - } - - /* - * The header is valid. Capture the remaining header values and - * mark as reachable. - */ - record_raw_stats(&peer->srcadr, &peer->dstadr->sin, &p_org, - &p_rec, &p_xmt, &peer->rec); - peer->pmode = pmode; - peer->ppoll = pkt->ppoll; - peer->precision = pkt->precision; - peer->rootdelay = p_del; - peer->rootdispersion = p_disp; - peer->reftime = p_reftime; - if (!(peer->reach)) { - report_event(EVNT_REACH, peer); - peer->timereachable = current_time; - } - peer->reach |= 1; - peer->unreach = 0; - poll_update(peer, 0); - - /* - * If running in a client/server association, calculate the - * clock offset c, roundtrip delay d and dispersion e. We use - * the equations (reordered from those in the spec). Note that, - * in a broadcast association, org has been set to the time of - * last reception. Note the computation of dispersion includes - * the system precision plus that due to the frequency error - * since the originate time. - * - * Let t1 = p_org, t2 = p_rec, t3 = p_xmt, t4 = peer->rec: - */ - t34 = p_xmt; /* t3 - t4 */ - L_SUB(&t34, &peer->rec); - t21 = p_rec; /* t2 - t1 */ - L_SUB(&t21, &p_org); - ci = peer->rec; /* t4 - t1 */ - L_SUB(&ci, &p_org); - LFPTOD(&ci, p_disp); - p_disp = clock_phi * max(p_disp, LOGTOD(sys_precision)); - - /* - * If running in a broadcast association, the clock offset is - * (t1 - t0) corrected by the one-way delay, but we can't - * measure that directly. Therefore, we start up in MODE_CLIENT - * mode, set FLAG_MCAST and exchange eight messages to determine - * the clock offset. When the last message is sent, we switch to - * MODE_BCLIENT mode. The next broadcast message after that - * computes the broadcast offset and clears FLAG_MCAST. - */ - ci = t34; - if (pmode == MODE_BROADCAST) { - if (peer->flags & FLAG_MCAST) { - LFPTOD(&ci, p_offset); - peer->estbdelay = peer->offset - p_offset; - if (peer->hmode == MODE_CLIENT) - return; - - peer->flags &= ~FLAG_MCAST; - } - DTOLFP(peer->estbdelay, &t34); - L_ADD(&ci, &t34); - p_del = peer->delay; - } else { - L_ADD(&ci, &t21); /* (t2 - t1) + (t3 - t4) */ - L_RSHIFT(&ci); - L_SUB(&t21, &t34); /* (t2 - t1) - (t3 - t4) */ - LFPTOD(&t21, p_del); - } - p_del = max(p_del, LOGTOD(sys_precision)); - LFPTOD(&ci, p_offset); - if ((peer->rootdelay + p_del) / 2. + peer->rootdispersion + - p_disp >= MAXDISPERSE) /* test 9 */ - peer->flash |= TEST9; /* bad root distance */ - - /* - * If any flasher bits remain set at this point, abandon ship. - * Otherwise, forward to the clock filter. - */ - if (peer->flash) { -#ifdef DEBUG - if (debug) - printf("packet: bad packet data %03x\n", - peer->flash); -#endif - return; - } - clock_filter(peer, p_offset, p_del, p_disp); - clock_select(); - record_peer_stats(&peer->srcadr, ctlpeerstatus(peer), - peer->offset, peer->delay, peer->disp, - SQRT(peer->jitter)); -} - - -/* - * clock_update - Called at system process update intervals. - */ -static void -clock_update(void) -{ - u_char oleap; - u_char ostratum; - - /* - * Reset/adjust the system clock. Do this only if there is a - * system peer and the peer epoch is not older than the last - * update. - */ - if (sys_peer == NULL) - return; - if (sys_peer->epoch <= last_time) - return; -#ifdef DEBUG - if (debug) - printf("clock_update: at %ld assoc %d \n", current_time, - peer_associations); -#endif - oleap = sys_leap; - ostratum = sys_stratum; - switch (local_clock(sys_peer, sys_offset, sys_syserr)) { - - /* - * Clock is too screwed up. Just exit for now. - */ - case -1: - report_event(EVNT_SYSFAULT, NULL); - exit (-1); - /*NOTREACHED*/ - - /* - * Clock was stepped. Flush all time values of all peers. - */ - case 1: - clear_all(); - sys_peer = NULL; - sys_stratum = STRATUM_UNSPEC; - memcpy(&sys_refid, "STEP", 4); - sys_poll = NTP_MINPOLL; - report_event(EVNT_CLOCKRESET, NULL); -#ifdef OPENSSL - if (oleap != LEAP_NOTINSYNC) - expire_all(); -#endif /* OPENSSL */ - break; - - /* - * Update the system stratum, leap bits, root delay, root - * dispersion, reference ID and reference time. We also update - * select dispersion and max frequency error. If the leap - * changes, we gotta reroll the keys. - */ - default: - sys_stratum = (u_char) (sys_peer->stratum + 1); - if (sys_stratum == 1 || sys_stratum == STRATUM_UNSPEC) - sys_refid = sys_peer->refid; - else - sys_refid = sys_peer_refid; - sys_reftime = sys_peer->rec; - sys_rootdelay = sys_peer->rootdelay + sys_peer->delay; - sys_leap = leap_consensus; - if (oleap == LEAP_NOTINSYNC) { - report_event(EVNT_SYNCCHG, NULL); -#ifdef OPENSSL - expire_all(); -#endif /* OPENSSL */ - } - } - if (ostratum != sys_stratum) - report_event(EVNT_PEERSTCHG, NULL); -} - - -/* - * poll_update - update peer poll interval - */ -void -poll_update( - struct peer *peer, - int hpoll - ) -{ -#ifdef OPENSSL - int oldpoll; -#endif /* OPENSSL */ - - /* - * A little foxtrot to determine what controls the poll - * interval. If the peer is reachable, but the last four polls - * have not been answered, use the minimum. If declared - * truechimer, use the system poll interval. This allows each - * association to ramp up the poll interval for useless sources - * and to clamp it to the minimum when first starting up. - */ -#ifdef OPENSSL - oldpoll = peer->kpoll; -#endif /* OPENSSL */ - if (hpoll > 0) { - if (hpoll > peer->maxpoll) - peer->hpoll = peer->maxpoll; - else if (hpoll < peer->minpoll) - peer->hpoll = peer->minpoll; - else - peer->hpoll = (u_char)hpoll; - } - - /* - * Bit of adventure here. If during a burst and not a poll, just - * slink away. If a poll, figure what the next poll should be. - * If a burst is pending and a reference clock or a pending - * crypto response, delay for one second. If the first sent in a - * burst, delay ten seconds for the modem to come up. For others - * in the burst, delay two seconds. - * - * In case of manycast server, make the poll interval, which is - * axtually the manycast beacon interval, eight times the system - * poll interval. Normally when the host poll interval settles - * up to 1024 s, the beacon interval settles up to 2.3 hours. - */ -#ifdef OPENSSL - if (peer->cmmd != NULL && (sys_leap != LEAP_NOTINSYNC || - peer->crypto)) { - peer->nextdate = current_time + RESP_DELAY; - } else if (peer->burst > 0) { -#else /* OPENSSL */ - if (peer->burst > 0) { -#endif /* OPENSSL */ - if (hpoll == 0 && peer->nextdate != current_time) - return; -#ifdef REFCLOCK - else if (peer->flags & FLAG_REFCLOCK) - peer->nextdate += RESP_DELAY; -#endif - else if (peer->flags & (FLAG_IBURST | FLAG_BURST) && - peer->burst == NTP_BURST) - peer->nextdate += sys_calldelay; - else - peer->nextdate += BURST_DELAY; - } else if (peer->cast_flags & MDF_ACAST) { - if (sys_survivors >= sys_minclock || peer->ttl >= - sys_ttlmax) - peer->kpoll = (u_char) (peer->hpoll + 3); - else - peer->kpoll = peer->hpoll; - peer->nextdate = peer->outdate + RANDPOLL(peer->kpoll); - } else { - peer->kpoll = (u_char) max(min(peer->ppoll, - peer->hpoll), peer->minpoll); - peer->nextdate = peer->outdate + RANDPOLL(peer->kpoll); - } - if (peer->nextdate < current_time) - peer->nextdate = current_time; -#ifdef OPENSSL - /* - * Bit of crass arrogance at this point. If the poll interval - * has changed and we have a keylist, the lifetimes in the - * keylist are probably bogus. In this case purge the keylist - * and regenerate it later. - */ - if (peer->kpoll != oldpoll) - key_expire(peer); -#endif /* OPENSSL */ -#ifdef DEBUG - if (debug > 1) - printf("poll_update: at %lu %s flags %04x poll %d burst %d last %lu next %lu\n", - current_time, ntoa(&peer->srcadr), peer->flags, - peer->kpoll, peer->burst, peer->outdate, - peer->nextdate); -#endif -} - - -/* - * clear - clear peer filter registers. See Section 3.4.8 of the spec. - */ -void -peer_clear( - struct peer *peer, /* peer structure */ - char *ident /* tally lights */ - ) -{ - u_char oreach, i; - - /* - * If cryptographic credentials have been acquired, toss them to - * Valhalla. Note that autokeys are ephemeral, in that they are - * tossed immediately upon use. Therefore, the keylist can be - * purged anytime without needing to preserve random keys. Note - * that, if the peer is purged, the cryptographic variables are - * purged, too. This makes it much harder to sneak in some - * unauthenticated data in the clock filter. - */ - oreach = peer->reach; -#ifdef OPENSSL - key_expire(peer); - if (peer->pkey != NULL) - EVP_PKEY_free(peer->pkey); - if (peer->ident_pkey != NULL) - EVP_PKEY_free(peer->ident_pkey); - if (peer->subject != NULL) - free(peer->subject); - if (peer->issuer != NULL) - free(peer->issuer); - if (peer->iffval != NULL) - BN_free(peer->iffval); - if (peer->grpkey != NULL) - BN_free(peer->grpkey); - if (peer->cmmd != NULL) - free(peer->cmmd); - value_free(&peer->cookval); - value_free(&peer->recval); - value_free(&peer->tai_leap); - value_free(&peer->encrypt); - value_free(&peer->sndval); -#endif /* OPENSSL */ - - /* - * Wipe the association clean and initialize the nonzero values. - */ - memset(CLEAR_TO_ZERO(peer), 0, LEN_CLEAR_TO_ZERO); - if (peer == sys_peer) - sys_peer = NULL; - peer->estbdelay = sys_bdelay; - peer->hpoll = peer->kpoll = peer->minpoll; - peer->ppoll = peer->maxpoll; - peer->jitter = MAXDISPERSE; - peer->epoch = current_time; -#ifdef REFCLOCK - if (!(peer->flags & FLAG_REFCLOCK)) { - peer->leap = LEAP_NOTINSYNC; - peer->stratum = STRATUM_UNSPEC; - memcpy(&peer->refid, ident, 4); - } -#else - peer->leap = LEAP_NOTINSYNC; - peer->stratum = STRATUM_UNSPEC; - memcpy(&peer->refid, ident, 4); -#endif - for (i = 0; i < NTP_SHIFT; i++) { - peer->filter_order[i] = i; - peer->filter_disp[i] = MAXDISPERSE; - peer->filter_epoch[i] = current_time; - } - - /* - * If he dies as a broadcast client, he comes back to life as - * a broadcast client in client mode in order to recover the - * initial autokey values. - */ - if (peer->cast_flags & MDF_BCLNT) { - peer->flags |= FLAG_MCAST; - peer->hmode = MODE_CLIENT; - } - - /* - * Randomize the first poll to avoid bunching, but only if the - * rascal has never been heard. During initialization use the - * association count to spread out the polls at one-second - * intervals. - */ - peer->nextdate = peer->update = peer->outdate = current_time; - peer->burst = 0; - if (oreach) - poll_update(peer, 0); - else if (initializing) - peer->nextdate = current_time + peer_associations; - else - peer->nextdate = current_time + (u_int)RANDOM % - peer_associations; -#ifdef DEBUG - if (debug) - printf("peer_clear: at %ld assoc ID %d refid %s\n", - current_time, peer->associd, ident); -#endif -} - - -/* - * clock_filter - add incoming clock sample to filter register and run - * the filter procedure to find the best sample. - */ -void -clock_filter( - struct peer *peer, /* peer structure pointer */ - double sample_offset, /* clock offset */ - double sample_delay, /* roundtrip delay */ - double sample_disp /* dispersion */ - ) -{ - double dst[NTP_SHIFT]; /* distance vector */ - int ord[NTP_SHIFT]; /* index vector */ - int i, j, k, m; - double dsp, jit, dtemp, etemp; - - /* - * Shift the new sample into the register and discard the oldest - * one. The new offset and delay come directly from the - * timestamp calculations. The dispersion grows from the last - * outbound packet or reference clock update to the present time - * and increased by the sum of the peer precision and the system - * precision. The delay can sometimes swing negative due to - * frequency skew, so it is clamped non-negative. - */ - dsp = min(LOGTOD(peer->precision) + LOGTOD(sys_precision) + - sample_disp, MAXDISPERSE); - j = peer->filter_nextpt; - peer->filter_offset[j] = sample_offset; - peer->filter_delay[j] = max(0, sample_delay); - peer->filter_disp[j] = dsp; - j++; j %= NTP_SHIFT; - peer->filter_nextpt = (u_short) j; - - /* - * Update dispersions since the last update and at the same - * time initialize the distance and index lists. The distance - * list uses a compound metric. If the sample is valid and - * younger than the minimum Allan intercept, use delay; - * otherwise, use biased dispersion. - */ - dtemp = clock_phi * (current_time - peer->update); - peer->update = current_time; - for (i = NTP_SHIFT - 1; i >= 0; i--) { - if (i != 0) - peer->filter_disp[j] += dtemp; - if (peer->filter_disp[j] >= MAXDISPERSE) - peer->filter_disp[j] = MAXDISPERSE; - if (peer->filter_disp[j] >= MAXDISPERSE) - dst[i] = MAXDISPERSE; - else if (peer->update - peer->filter_epoch[j] > - allan_xpt) - dst[i] = MAXDISTANCE + peer->filter_disp[j]; - else - dst[i] = peer->filter_delay[j]; - ord[i] = j; - j++; j %= NTP_SHIFT; - } - peer->filter_epoch[j] = current_time; - - /* - * Sort the samples in both lists by distance. - */ - for (i = 1; i < NTP_SHIFT; i++) { - for (j = 0; j < i; j++) { - if (dst[j] > dst[i]) { - k = ord[j]; - ord[j] = ord[i]; - ord[i] = k; - etemp = dst[j]; - dst[j] = dst[i]; - dst[i] = etemp; - } - } - } - - /* - * Copy the index list to the association structure so ntpq - * can see it later. Prune the distance list to samples less - * than MAXDISTANCE, but keep at least two valid samples for - * jitter calculation. - */ - m = 0; - for (i = 0; i < NTP_SHIFT; i++) { - peer->filter_order[i] = (u_char) ord[i]; - if (dst[i] >= MAXDISPERSE || (m >= 2 && dst[i] >= - MAXDISTANCE)) - continue; - m++; - } - - /* - * Compute the dispersion and jitter squares. The dispersion - * is weighted exponentially by NTP_FWEIGHT (0.5) so it is - * normalized close to 1.0. The jitter is the mean of the square - * differences relative to the lowest delay sample. If no - * acceptable samples remain in the shift register, quietly - * tiptoe home leaving only the dispersion. - */ - jit = 0; - peer->disp = 0; - k = ord[0]; - for (i = NTP_SHIFT - 1; i >= 0; i--) { - - j = ord[i]; - peer->disp = NTP_FWEIGHT * (peer->disp + - peer->filter_disp[j]); - if (i < m) - jit += DIFF(peer->filter_offset[j], - peer->filter_offset[k]); - } - - /* - * If no acceptable samples remain in the shift register, - * quietly tiptoe home leaving only the dispersion. Otherwise, - * save the offset, delay and jitter average. Note the jitter - * must not be less than the system precision. - */ - if (m == 0) - return; - etemp = fabs(peer->offset - peer->filter_offset[k]); - dtemp = sqrt(peer->jitter); - peer->offset = peer->filter_offset[k]; - peer->delay = peer->filter_delay[k]; - if (m > 1) - jit /= m - 1; - peer->jitter = max(jit, SQUARE(LOGTOD(sys_precision))); - - /* - * A new sample is useful only if it is younger than the last - * one used, but only if the sucker has been synchronized. - */ - if (peer->filter_epoch[k] <= peer->epoch && sys_leap != - LEAP_NOTINSYNC) { -#ifdef DEBUG - if (debug) - printf("clock_filter: discard %lu\n", - peer->epoch - peer->filter_epoch[k]); -#endif - return; - } - - /* - * If the difference between the last offset and the current one - * exceeds the jitter by CLOCK_SGATE and the interval since the - * last update is less than twice the system poll interval, - * consider the update a popcorn spike and ignore it. - */ - if (m > 1 && etemp > CLOCK_SGATE * dtemp && - (long)(peer->filter_epoch[k] - peer->epoch) < (1 << (sys_poll + - 1))) { -#ifdef DEBUG - if (debug) - printf("clock_filter: popcorn %.6f %.6f\n", - etemp, dtemp); -#endif - return; - } - - /* - * The mitigated sample statistics are saved for later - * processing. - */ - peer->epoch = peer->filter_epoch[k]; -#ifdef DEBUG - if (debug) - printf( - "clock_filter: n %d off %.6f del %.6f dsp %.6f jit %.6f, age %lu\n", - m, peer->offset, peer->delay, peer->disp, - SQRT(peer->jitter), peer->update - peer->epoch); -#endif -} - - -/* - * clock_select - find the pick-of-the-litter clock - * - * LOCKCLOCK: If the local clock is the prefer peer, it will always be - * enabled, even if declared falseticker, (2) only the prefer peer can - * be selected as the system peer, (3) if the external source is down, - * the system leap bits are set to 11 and the stratum set to infinity. - */ -void -clock_select(void) -{ - struct peer *peer; - int i, j, k, n; - int nlist, nl3; - - double d, e, f; - int allow, sw, osurv; - double high, low; - double synch[NTP_MAXCLOCK], error[NTP_MAXCLOCK]; - struct peer *osys_peer; - struct peer *typeacts = NULL; - struct peer *typelocal = NULL; - struct peer *typepps = NULL; - struct peer *typesystem = NULL; - - static int list_alloc = 0; - static struct endpoint *endpoint = NULL; - static int *indx = NULL; - static struct peer **peer_list = NULL; - static u_int endpoint_size = 0; - static u_int indx_size = 0; - static u_int peer_list_size = 0; - - /* - * Initialize and create endpoint, index and peer lists big - * enough to handle all associations. - */ - osys_peer = sys_peer; - sys_peer = NULL; - osurv = sys_survivors; - sys_survivors = 0; - sys_prefer = NULL; -#ifdef LOCKCLOCK - sys_leap = LEAP_NOTINSYNC; - sys_stratum = STRATUM_UNSPEC; - memcpy(&sys_refid, "DOWN", 4); -#endif /* LOCKCLOCK */ - nlist = 0; - for (n = 0; n < HASH_SIZE; n++) - nlist += peer_hash_count[n]; - if (nlist > list_alloc) { - if (list_alloc > 0) { - free(endpoint); - free(indx); - free(peer_list); - } - while (list_alloc < nlist) { - list_alloc += 5; - endpoint_size += 5 * 3 * sizeof(*endpoint); - indx_size += 5 * 3 * sizeof(*indx); - peer_list_size += 5 * sizeof(*peer_list); - } - endpoint = emalloc(endpoint_size); - indx = emalloc(indx_size); - peer_list = emalloc(peer_list_size); - } - - /* - * Initially, we populate the island with all the rifraff peers - * that happen to be lying around. Those with seriously - * defective clocks are immediately booted off the island. Then, - * the falsetickers are culled and put to sea. The truechimers - * remaining are subject to repeated rounds where the most - * unpopular at each round is kicked off. When the population - * has dwindled to sys_minclock, the survivors split a million - * bucks and collectively crank the chimes. - */ - nlist = nl3 = 0; /* none yet */ - for (n = 0; n < HASH_SIZE; n++) { - for (peer = peer_hash[n]; peer != NULL; peer = - peer->next) { - peer->flags &= ~FLAG_SYSPEER; - peer->status = CTL_PST_SEL_REJECT; - - /* - * Leave the island immediately if the peer is - * unfit to synchronize. - */ - if (peer_unfit(peer)) - continue; - - /* - * Don't allow the local clock or modem drivers - * in the kitchen at this point, unless the - * prefer peer. Do that later, but only if - * nobody else is around. These guys are all - * configured, so we never throw them away. - */ - if (peer->refclktype == REFCLK_LOCALCLOCK -#if defined(VMS) && defined(VMS_LOCALUNIT) - /* wjm: VMS_LOCALUNIT taken seriously */ - && REFCLOCKUNIT(&peer->srcadr) != - VMS_LOCALUNIT -#endif /* VMS && VMS_LOCALUNIT */ - ) { - typelocal = peer; - if (!(peer->flags & FLAG_PREFER)) - continue; /* no local clock */ -#ifdef LOCKCLOCK - else - sys_prefer = peer; -#endif /* LOCKCLOCK */ - } - if (peer->sstclktype == CTL_SST_TS_TELEPHONE) { - typeacts = peer; - if (!(peer->flags & FLAG_PREFER)) - continue; /* no acts */ - } - - /* - * If we get this far, the peer can stay on the - * island, but does not yet have the immunity - * idol. - */ - peer->status = CTL_PST_SEL_SANE; - peer_list[nlist++] = peer; - - /* - * Insert each interval endpoint on the sorted - * list. - */ - e = peer->offset; /* Upper end */ - f = root_distance(peer); - e = e + f; - for (i = nl3 - 1; i >= 0; i--) { - if (e >= endpoint[indx[i]].val) - break; - indx[i + 3] = indx[i]; - } - indx[i + 3] = nl3; - endpoint[nl3].type = 1; - endpoint[nl3++].val = e; - - e = e - f; /* Center point */ - for (; i >= 0; i--) { - if (e >= endpoint[indx[i]].val) - break; - indx[i + 2] = indx[i]; - } - indx[i + 2] = nl3; - endpoint[nl3].type = 0; - endpoint[nl3++].val = e; - - e = e - f; /* Lower end */ - for (; i >= 0; i--) { - if (e >= endpoint[indx[i]].val) - break; - indx[i + 1] = indx[i]; - } - indx[i + 1] = nl3; - endpoint[nl3].type = -1; - endpoint[nl3++].val = e; - } - } -#ifdef DEBUG - if (debug > 2) - for (i = 0; i < nl3; i++) - printf("select: endpoint %2d %.6f\n", - endpoint[indx[i]].type, - endpoint[indx[i]].val); -#endif - /* - * This is the actual algorithm that cleaves the truechimers - * from the falsetickers. The original algorithm was described - * in Keith Marzullo's dissertation, but has been modified for - * better accuracy. - * - * Briefly put, we first assume there are no falsetickers, then - * scan the candidate list first from the low end upwards and - * then from the high end downwards. The scans stop when the - * number of intersections equals the number of candidates less - * the number of falsetickers. If this doesn't happen for a - * given number of falsetickers, we bump the number of - * falsetickers and try again. If the number of falsetickers - * becomes equal to or greater than half the number of - * candidates, the Albanians have won the Byzantine wars and - * correct synchronization is not possible. - * - * Here, nlist is the number of candidates and allow is the - * number of falsetickers. - */ - low = 1e9; - high = -1e9; - for (allow = 0; 2 * allow < nlist; allow++) { - int found; - - /* - * Bound the interval (low, high) as the largest - * interval containing points from presumed truechimers. - */ - found = 0; - n = 0; - for (i = 0; i < nl3; i++) { - low = endpoint[indx[i]].val; - n -= endpoint[indx[i]].type; - if (n >= nlist - allow) - break; - if (endpoint[indx[i]].type == 0) - found++; - } - n = 0; - for (j = nl3 - 1; j >= 0; j--) { - high = endpoint[indx[j]].val; - n += endpoint[indx[j]].type; - if (n >= nlist - allow) - break; - if (endpoint[indx[j]].type == 0) - found++; - } - - /* - * If the number of candidates found outside the - * interval is greater than the number of falsetickers, - * then at least one truechimer is outside the interval, - * so go around again. This is what makes this algorithm - * different than Marzullo's. - */ - if (found > allow) - continue; - - /* - * If an interval containing truechimers is found, stop. - * If not, increase the number of falsetickers and go - * around again. - */ - if (high > low) - break; - } - - /* - * If no survivors remain at this point, check if the local - * clock or modem drivers have been found. If so, nominate one - * of them as the only survivor. Otherwise, give up and leave - * the island to the rats. - */ - if (high <= low) { - if (typeacts != 0) { - typeacts->status = CTL_PST_SEL_SANE; - peer_list[0] = typeacts; - nlist = 1; - } else if (typelocal != 0) { - typelocal->status = CTL_PST_SEL_SANE; - peer_list[0] = typelocal; - nlist = 1; - } else { - if (osys_peer != NULL) { - sys_poll = NTP_MINPOLL; - NLOG(NLOG_SYNCSTATUS) - msyslog(LOG_INFO, - "no servers reachable"); - report_event(EVNT_PEERSTCHG, NULL); - } - if (osurv > 0) - resetmanycast(); - return; - } - } - - /* - * We can only trust the survivors if the number of candidates - * sys_minsane is at least the number required to detect and - * cast out one falsticker. For the Byzantine agreement - * algorithm used here, that number is 4; however, the default - * sys_minsane is 1 to speed initial synchronization. Careful - * operators will tinker the value to 4 and use at least that - * number of synchronization sources. - */ - if (nlist < sys_minsane) - return; - - /* - * Clustering algorithm. Construct candidate list in order first - * by stratum then by root distance, but keep only the best - * NTP_MAXCLOCK of them. Scan the list to find falsetickers, who - * leave the island immediately. If a falseticker is not - * configured, his association raft is drowned as well, but only - * if at at least eight poll intervals have gone. We must leave - * at least one peer to collect the million bucks. - * - * Note the hysteresis gimmick that increases the effective - * distance for those rascals that have not made the final cut. - * This is to discourage clockhopping. Note also the prejudice - * against lower stratum peers if the floor is elevated. - */ - j = 0; - for (i = 0; i < nlist; i++) { - peer = peer_list[i]; - if (nlist > 1 && (peer->offset <= low || peer->offset >= - high)) { - if (!(peer->flags & FLAG_CONFIG)) - unpeer(peer); - continue; - } - peer->status = CTL_PST_SEL_DISTSYSPEER; - d = peer->stratum; - if (d < sys_floor) - d += sys_floor; - if (d > sys_ceiling) - d = STRATUM_UNSPEC; - d = root_distance(peer) + d * MAXDISTANCE; - d *= 1. - peer->hyst; - if (j >= NTP_MAXCLOCK) { - if (d >= synch[j - 1]) - continue; - else - j--; - } - for (k = j; k > 0; k--) { - if (d >= synch[k - 1]) - break; - peer_list[k] = peer_list[k - 1]; - error[k] = error[k - 1]; - synch[k] = synch[k - 1]; - } - peer_list[k] = peer; - error[k] = peer->jitter; - synch[k] = d; - j++; - } - nlist = j; - if (nlist == 0) { -#ifdef DEBUG - if (debug) - printf("clock_select: empty intersection interval\n"); -#endif - return; - } - for (i = 0; i < nlist; i++) { - peer_list[i]->status = CTL_PST_SEL_SELCAND; - -#ifdef DEBUG - if (debug > 2) - printf("select: %s distance %.6f jitter %.6f\n", - ntoa(&peer_list[i]->srcadr), synch[i], - SQRT(error[i])); -#endif - } - - /* - * Now, vote outlyers off the island by select jitter weighted - * by root dispersion. Continue voting as long as there are more - * than sys_minclock survivors and the minimum select jitter - * squared is greater than the maximum peer jitter squared. Stop - * if we are about to discard a prefer peer, who of course has - * the immunity idol. - */ - while (1) { - d = 1e9; - e = -1e9; - k = 0; - for (i = 0; i < nlist; i++) { - if (error[i] < d) - d = error[i]; - f = 0; - if (nlist > 1) { - for (j = 0; j < nlist; j++) - f += DIFF(peer_list[j]->offset, - peer_list[i]->offset); - f /= nlist - 1; - } - if (f * synch[i] > e) { - sys_selerr = f; - e = f * synch[i]; - k = i; - } - } - f = max(sys_selerr, SQUARE(LOGTOD(sys_precision))); - if (nlist <= sys_minclock || f <= d || - peer_list[k]->flags & FLAG_PREFER) - break; -#ifdef DEBUG - if (debug > 2) - printf( - "select: drop %s select %.6f jitter %.6f\n", - ntoa(&peer_list[k]->srcadr), - SQRT(sys_selerr), SQRT(d)); -#endif - if (!(peer_list[k]->flags & FLAG_CONFIG) && - peer_list[k]->hmode == MODE_CLIENT) - unpeer(peer_list[k]); - for (j = k + 1; j < nlist; j++) { - peer_list[j - 1] = peer_list[j]; - error[j - 1] = error[j]; - } - nlist--; - } - - /* - * What remains is a list usually not greater than sys_minclock - * peers. We want only a peer at the lowest stratum to become - * the system peer, although all survivors are eligible for the - * combining algorithm. First record their order, diddle the - * flags and clamp the poll intervals. Then, consider each peer - * in turn and OR the leap bits on the assumption that, if some - * of them honk nonzero bits, they must know what they are - * doing. Check for prefer and pps peers at any stratum. Check - * if the old system peer is among the peers at the lowest - * stratum. Note that the head of the list is at the lowest - * stratum and that unsynchronized peers cannot survive this - * far. - * - * Fiddle for hysteresis. Pump it up for a peer only if the peer - * stratum is at least the floor and there are enough survivors. - * This minimizes the pain when tossing out rascals beneath the - * floorboard. Don't count peers with stratum above the ceiling. - * Manycast is sooo complicated. - */ - leap_consensus = 0; - for (i = nlist - 1; i >= 0; i--) { - peer = peer_list[i]; - leap_consensus |= peer->leap; - peer->status = CTL_PST_SEL_SYNCCAND; - peer->rank++; - peer->flags |= FLAG_SYSPEER; - if (peer->stratum >= sys_floor && osurv >= sys_minclock) - peer->hyst = HYST; - else - peer->hyst = 0; - if (peer->stratum <= sys_ceiling) - sys_survivors++; - if (peer->flags & FLAG_PREFER) - sys_prefer = peer; - if (peer->refclktype == REFCLK_ATOM_PPS && - peer->stratum < STRATUM_UNSPEC) - typepps = peer; - if (peer->stratum == peer_list[0]->stratum && peer == - osys_peer) - typesystem = peer; - } - - /* - * In manycast client mode we may have spooked a sizeable number - * of peers that we don't need. If there are at least - * sys_minclock of them, the manycast message will be turned - * off. By the time we get here we nay be ready to prune some of - * them back, but we want to make sure all the candicates have - * had a chance. If they didn't pass the sanity and intersection - * tests, they have already been voted off the island. - */ - if (sys_survivors < sys_minclock && osurv >= sys_minclock) - resetmanycast(); - - /* - * Mitigation rules of the game. There are several types of - * peers that make a difference here: (1) prefer local peers - * (type REFCLK_LOCALCLOCK with FLAG_PREFER) or prefer modem - * peers (type REFCLK_NIST_ATOM etc with FLAG_PREFER), (2) pps - * peers (type REFCLK_ATOM_PPS), (3) remaining prefer peers - * (flag FLAG_PREFER), (4) the existing system peer, if any, (5) - * the head of the survivor list. Note that only one peer can be - * declared prefer. The order of preference is in the order - * stated. Note that all of these must be at the lowest stratum, - * i.e., the stratum of the head of the survivor list. - */ - if (sys_prefer) - sw = sys_prefer->refclktype == REFCLK_LOCALCLOCK || - sys_prefer->sstclktype == CTL_SST_TS_TELEPHONE || - !typepps; - else - sw = 0; - if (sw) { - sys_peer = sys_prefer; - sys_peer->status = CTL_PST_SEL_SYSPEER; - sys_offset = sys_peer->offset; - sys_syserr = sys_peer->jitter; -#ifdef DEBUG - if (debug > 1) - printf("select: prefer offset %.6f\n", - sys_offset); -#endif - } -#ifndef LOCKCLOCK - else if (typepps) { - sys_peer = typepps; - sys_peer->status = CTL_PST_SEL_PPS; - sys_offset = sys_peer->offset; - sys_syserr = sys_peer->jitter; - if (!pps_control) - NLOG(NLOG_SYSEVENT) - msyslog(LOG_INFO, "pps sync enabled"); - pps_control = current_time; -#ifdef DEBUG - if (debug > 1) - printf("select: pps offset %.6f\n", - sys_offset); -#endif - } else { - if (typesystem) - sys_peer = osys_peer; - else - sys_peer = peer_list[0]; - sys_peer->status = CTL_PST_SEL_SYSPEER; - sys_peer->rank++; - sys_offset = clock_combine(peer_list, nlist); - sys_syserr = sys_peer->jitter + sys_selerr; -#ifdef DEBUG - if (debug > 1) - printf("select: combine offset %.6f\n", - sys_offset); -#endif - } -#endif /* LOCKCLOCK */ - if (osys_peer != sys_peer) { - char *src; - - if (sys_peer == NULL) - sys_peer_refid = 0; - else - sys_peer_refid = addr2refid(&sys_peer->srcadr); - report_event(EVNT_PEERSTCHG, NULL); - -#ifdef REFCLOCK - if (ISREFCLOCKADR(&sys_peer->srcadr)) - src = refnumtoa(&sys_peer->srcadr); - else -#endif - src = ntoa(&sys_peer->srcadr); - NLOG(NLOG_SYNCSTATUS) - msyslog(LOG_INFO, "synchronized to %s, stratum=%d", src, - sys_peer->stratum); - } - clock_update(); -} - -/* - * clock_combine - combine offsets from selected peers - */ -static double -clock_combine( - struct peer **peers, - int npeers - ) -{ - int i; - double x, y, z; - - y = z = 0; - for (i = 0; i < npeers; i++) { - x = root_distance(peers[i]); - y += 1. / x; - z += peers[i]->offset / x; - } - return (z / y); -} - -/* - * root_distance - compute synchronization distance from peer to root - */ -static double -root_distance( - struct peer *peer - ) -{ - /* - * Careful squeak here. The value returned must be greater than - * zero blamed on the peer jitter, which must be at least the - * square of sys_precision. - */ - return ((peer->rootdelay + peer->delay) / 2 + - peer->rootdispersion + peer->disp + clock_phi * - (current_time - peer->update) + SQRT(peer->jitter)); -} - -/* - * peer_xmit - send packet for persistent association. - */ -static void -peer_xmit( - struct peer *peer /* peer structure pointer */ - ) -{ - struct pkt xpkt; /* transmit packet */ - int sendlen, authlen; - keyid_t xkeyid = 0; /* transmit key ID */ - l_fp xmt_tx; - - /* - * Initialize transmit packet header fields. - */ - xpkt.li_vn_mode = PKT_LI_VN_MODE(sys_leap, peer->version, - peer->hmode); - xpkt.stratum = STRATUM_TO_PKT(sys_stratum); - xpkt.ppoll = peer->hpoll; - xpkt.precision = sys_precision; - xpkt.rootdelay = HTONS_FP(DTOFP(sys_rootdelay)); - xpkt.rootdispersion = HTONS_FP(DTOUFP(sys_rootdispersion)); - xpkt.refid = sys_refid; - HTONL_FP(&sys_reftime, &xpkt.reftime); - HTONL_FP(&peer->org, &xpkt.org); - HTONL_FP(&peer->rec, &xpkt.rec); - - /* - * If the received packet contains a MAC, the transmitted packet - * is authenticated and contains a MAC. If not, the transmitted - * packet is not authenticated. - * - * In the current I/O semantics the default interface is set - * until after receiving a packet and setting the right - * interface. So, the first packet goes out unauthenticated. - * That's why the really icky test next is here. - */ - sendlen = LEN_PKT_NOMAC; - if (!(peer->flags & FLAG_AUTHENABLE)) { - get_systime(&peer->xmt); - HTONL_FP(&peer->xmt, &xpkt.xmt); - sendpkt(&peer->srcadr, peer->dstadr, sys_ttl[peer->ttl], - &xpkt, sendlen); - peer->sent++; -#ifdef DEBUG - if (debug) - printf("transmit: at %ld %s->%s mode %d\n", - current_time, stoa(&peer->dstadr->sin), - stoa(&peer->srcadr), peer->hmode); -#endif - return; - } - - /* - * The received packet contains a MAC, so the transmitted packet - * must be authenticated. If autokey is enabled, fuss with the - * various modes; otherwise, private key cryptography is used. - */ -#ifdef OPENSSL - if (crypto_flags && (peer->flags & FLAG_SKEY)) { - struct exten *exten; /* extension field */ - u_int opcode; - - /* - * The Public Key Dance (PKD): Cryptographic credentials - * are contained in extension fields, each including a - * 4-octet length/code word followed by a 4-octet - * association ID and optional additional data. Optional - * data includes a 4-octet data length field followed by - * the data itself. Request messages are sent from a - * configured association; response messages can be sent - * from a configured association or can take the fast - * path without ever matching an association. Response - * messages have the same code as the request, but have - * a response bit and possibly an error bit set. In this - * implementation, a message may contain no more than - * one command and no more than one response. - * - * Cryptographic session keys include both a public and - * a private componet. Request and response messages - * using extension fields are always sent with the - * private component set to zero. Packets without - * extension fields indlude the private component when - * the session key is generated. - */ - while (1) { - - /* - * Allocate and initialize a keylist if not - * already done. Then, use the list in inverse - * order, discarding keys once used. Keep the - * latest key around until the next one, so - * clients can use client/server packets to - * compute propagation delay. - * - * Note that once a key is used from the list, - * it is retained in the key cache until the - * next key is used. This is to allow a client - * to retrieve the encrypted session key - * identifier to verify authenticity. - * - * If for some reason a key is no longer in the - * key cache, a birthday has happened and the - * pseudo-random sequence is probably broken. In - * that case, purge the keylist and regenerate - * it. - */ - if (peer->keynumber == 0) - make_keylist(peer, peer->dstadr); - else - peer->keynumber--; - xkeyid = peer->keylist[peer->keynumber]; - if (authistrusted(xkeyid)) - break; - else - key_expire(peer); - } - peer->keyid = xkeyid; - switch (peer->hmode) { - - /* - * In broadcast server mode the autokey values are - * required by the broadcast clients. Push them when a - * new keylist is generated; otherwise, push the - * association message so the client can request them at - * other times. - */ - case MODE_BROADCAST: - if (peer->flags & FLAG_ASSOC) - exten = crypto_args(peer, CRYPTO_AUTO | - CRYPTO_RESP, NULL); - else - exten = crypto_args(peer, CRYPTO_ASSOC | - CRYPTO_RESP, NULL); - sendlen += crypto_xmit(&xpkt, &peer->srcadr, - sendlen, exten, 0); - free(exten); - break; - - /* - * In symmetric modes the digest, certificate, agreement - * parameters, cookie and autokey values are required. - * The leapsecond table is optional. But, a passive peer - * will not believe the active peer until the latter has - * synchronized, so the agreement must be postponed - * until then. In any case, if a new keylist is - * generated, the autokey values are pushed. - */ - case MODE_ACTIVE: - case MODE_PASSIVE: - if (peer->cmmd != NULL) { - peer->cmmd->associd = - htonl(peer->associd); - sendlen += crypto_xmit(&xpkt, - &peer->srcadr, sendlen, peer->cmmd, - 0); - free(peer->cmmd); - peer->cmmd = NULL; - } - exten = NULL; - if (!peer->crypto) - exten = crypto_args(peer, CRYPTO_ASSOC, - sys_hostname); - else if (!(peer->crypto & CRYPTO_FLAG_VALID)) - exten = crypto_args(peer, CRYPTO_CERT, - peer->issuer); - - /* - * Identity. Note we have to sign the - * certificate before the cookie to avoid a - * deadlock when the passive peer is walking the - * certificate trail. Awesome. - */ - else if ((opcode = crypto_ident(peer)) != 0) - exten = crypto_args(peer, opcode, NULL); - else if (sys_leap != LEAP_NOTINSYNC && - !(peer->crypto & CRYPTO_FLAG_SIGN)) - exten = crypto_args(peer, CRYPTO_SIGN, - sys_hostname); - - /* - * Autokey. We request the cookie only when the - * server and client are synchronized and - * signatures work both ways. On the other hand, - * the active peer needs the autokey values - * before then and when the passive peer is - * waiting for the active peer to synchronize. - * Any time we regenerate the key list, we offer - * the autokey values without being asked. - */ - else if (sys_leap != LEAP_NOTINSYNC && - peer->leap != LEAP_NOTINSYNC && - !(peer->crypto & CRYPTO_FLAG_AGREE)) - exten = crypto_args(peer, CRYPTO_COOK, - NULL); - else if (peer->flags & FLAG_ASSOC) - exten = crypto_args(peer, CRYPTO_AUTO | - CRYPTO_RESP, NULL); - else if (!(peer->crypto & CRYPTO_FLAG_AUTO)) - exten = crypto_args(peer, CRYPTO_AUTO, - NULL); - - /* - * Postamble. We trade leapseconds only when the - * server and client are synchronized. - */ - else if (sys_leap != LEAP_NOTINSYNC && - peer->leap != LEAP_NOTINSYNC && - peer->crypto & CRYPTO_FLAG_TAI && - !(peer->crypto & CRYPTO_FLAG_LEAP)) - exten = crypto_args(peer, CRYPTO_TAI, - NULL); - if (exten != NULL) { - sendlen += crypto_xmit(&xpkt, - &peer->srcadr, sendlen, exten, 0); - free(exten); - } - break; - - /* - * In client mode the digest, certificate, agreement - * parameters and cookie are required. The leapsecond - * table is optional. If broadcast client mode, the - * autokey values are required as well. In broadcast - * client mode, these values must be acquired during the - * client/server exchange to avoid having to wait until - * the next key list regeneration. Otherwise, the poor - * dude may die a lingering death until becoming - * unreachable and attempting rebirth. - * - * If neither the server or client have the agreement - * parameters, the protocol transmits the cookie in the - * clear. If the server has the parameters, the client - * requests them and the protocol blinds it using the - * agreed key. It is a protocol error if the client has - * the parameters but the server does not. - */ - case MODE_CLIENT: - if (peer->cmmd != NULL) { - peer->cmmd->associd = - htonl(peer->associd); - sendlen += crypto_xmit(&xpkt, - &peer->srcadr, sendlen, peer->cmmd, - 0); - free(peer->cmmd); - peer->cmmd = NULL; - } - exten = NULL; - if (!peer->crypto) - exten = crypto_args(peer, CRYPTO_ASSOC, - sys_hostname); - else if (!(peer->crypto & CRYPTO_FLAG_VALID)) - exten = crypto_args(peer, CRYPTO_CERT, - peer->issuer); - - /* - * Identity. - */ - else if ((opcode = crypto_ident(peer)) != 0) - exten = crypto_args(peer, opcode, NULL); - - /* - * Autokey - */ - else if (!(peer->crypto & CRYPTO_FLAG_AGREE)) - exten = crypto_args(peer, CRYPTO_COOK, - NULL); - else if (!(peer->crypto & CRYPTO_FLAG_AUTO) && - (peer->cast_flags & MDF_BCLNT)) - exten = crypto_args(peer, CRYPTO_AUTO, - NULL); - - /* - * Postamble. We can sign the certificate here, - * since there is no chance of deadlock. - */ - else if (sys_leap != LEAP_NOTINSYNC && - !(peer->crypto & CRYPTO_FLAG_SIGN)) - exten = crypto_args(peer, CRYPTO_SIGN, - sys_hostname); - else if (sys_leap != LEAP_NOTINSYNC && - peer->crypto & CRYPTO_FLAG_TAI && - !(peer->crypto & CRYPTO_FLAG_LEAP)) - exten = crypto_args(peer, CRYPTO_TAI, - NULL); - if (exten != NULL) { - sendlen += crypto_xmit(&xpkt, - &peer->srcadr, sendlen, exten, 0); - free(exten); - } - break; - } - - /* - * If extension fields are present, we must use a - * private value of zero and force min poll interval. - * Most intricate. - */ - if (sendlen > LEN_PKT_NOMAC) - session_key(&peer->dstadr->sin, &peer->srcadr, - xkeyid, 0, 2); - } -#endif /* OPENSSL */ - xkeyid = peer->keyid; - get_systime(&peer->xmt); - L_ADD(&peer->xmt, &sys_authdelay); - HTONL_FP(&peer->xmt, &xpkt.xmt); - authlen = authencrypt(xkeyid, (u_int32 *)&xpkt, sendlen); - if (authlen == 0) { - msyslog(LOG_INFO, - "transmit: encryption key %d not found", xkeyid); - if (peer->flags & FLAG_CONFIG) - peer_clear(peer, "NKEY"); - else - unpeer(peer); - return; - } - sendlen += authlen; -#ifdef OPENSSL - if (xkeyid > NTP_MAXKEY) - authtrust(xkeyid, 0); -#endif /* OPENSSL */ - get_systime(&xmt_tx); - if (sendlen > sizeof(xpkt)) { - msyslog(LOG_ERR, "buffer overflow %u", sendlen); - exit (-1); - } - sendpkt(&peer->srcadr, peer->dstadr, sys_ttl[peer->ttl], &xpkt, - sendlen); - - /* - * Calculate the encryption delay. Keep the minimum over - * the latest two samples. - */ - L_SUB(&xmt_tx, &peer->xmt); - L_ADD(&xmt_tx, &sys_authdelay); - sys_authdly[1] = sys_authdly[0]; - sys_authdly[0] = xmt_tx.l_uf; - if (sys_authdly[0] < sys_authdly[1]) - sys_authdelay.l_uf = sys_authdly[0]; - else - sys_authdelay.l_uf = sys_authdly[1]; - peer->sent++; -#ifdef OPENSSL -#ifdef DEBUG - if (debug) - printf( - "transmit: at %ld %s->%s mode %d keyid %08x len %d mac %d index %d\n", - current_time, ntoa(&peer->dstadr->sin), - ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen - - authlen, authlen, peer->keynumber); -#endif -#else -#ifdef DEBUG - if (debug) - printf( - "transmit: at %ld %s->%s mode %d keyid %08x len %d mac %d\n", - current_time, ntoa(&peer->dstadr->sin), - ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen - - authlen, authlen); -#endif -#endif /* OPENSSL */ -} - - -/* - * fast_xmit - Send packet for nonpersistent association. Note that - * neither the source or destination can be a broadcast address. - */ -static void -fast_xmit( - struct recvbuf *rbufp, /* receive packet pointer */ - int xmode, /* transmit mode */ - keyid_t xkeyid, /* transmit key ID */ - int mask /* restrict mask */ - ) -{ - struct pkt xpkt; /* transmit packet structure */ - struct pkt *rpkt; /* receive packet structure */ - l_fp xmt_ts; /* timestamp */ - l_fp xmt_tx; /* timestamp after authent */ - int sendlen, authlen; -#ifdef OPENSSL - u_int32 temp32; -#endif - - /* - * Initialize transmit packet header fields from the receive - * buffer provided. We leave some fields intact as received. If - * the gazinta was from a multicast address, the gazouta must go - * out another way. - */ - rpkt = &rbufp->recv_pkt; - if (rbufp->dstadr->flags & INT_MULTICAST) - rbufp->dstadr = findinterface(&rbufp->recv_srcadr); - - /* - * If the packet has picked up a restriction due to either - * access denied or rate exceeded, decide what to do with it. - */ - if (mask & (RES_DONTTRUST | RES_LIMITED)) { - char *code = "????"; - - if (mask & RES_LIMITED) { - sys_limitrejected++; - code = "RATE"; - } else if (mask & RES_DONTTRUST) { - sys_restricted++; - code = "DENY"; - } - - /* - * Here we light up a kiss-of-death packet. Note the - * rate limit on these packets. Once a second initialize - * a bucket counter. Every packet sent decrements the - * counter until reaching zero. If the counter is zero, - * drop the kod. - */ - if (sys_kod == 0 || !(mask & RES_DEMOBILIZE)) - return; - - sys_kod--; - memcpy(&xpkt.refid, code, 4); - xpkt.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOTINSYNC, - PKT_VERSION(rpkt->li_vn_mode), xmode); - xpkt.stratum = STRATUM_UNSPEC; - } else { - xpkt.li_vn_mode = PKT_LI_VN_MODE(sys_leap, - PKT_VERSION(rpkt->li_vn_mode), xmode); - xpkt.stratum = STRATUM_TO_PKT(sys_stratum); - xpkt.refid = sys_refid; - } - xpkt.ppoll = rpkt->ppoll; - xpkt.precision = sys_precision; - xpkt.rootdelay = HTONS_FP(DTOFP(sys_rootdelay)); - xpkt.rootdispersion = - HTONS_FP(DTOUFP(sys_rootdispersion)); - HTONL_FP(&sys_reftime, &xpkt.reftime); - xpkt.org = rpkt->xmt; - HTONL_FP(&rbufp->recv_time, &xpkt.rec); - - /* - * If the received packet contains a MAC, the transmitted packet - * is authenticated and contains a MAC. If not, the transmitted - * packet is not authenticated. - */ - sendlen = LEN_PKT_NOMAC; - if (rbufp->recv_length == sendlen) { - get_systime(&xmt_ts); - HTONL_FP(&xmt_ts, &xpkt.xmt); - sendpkt(&rbufp->recv_srcadr, rbufp->dstadr, 0, &xpkt, - sendlen); -#ifdef DEBUG - if (debug) - printf("transmit: at %ld %s->%s mode %d\n", - current_time, stoa(&rbufp->dstadr->sin), - stoa(&rbufp->recv_srcadr), xmode); -#endif - return; - } - - /* - * The received packet contains a MAC, so the transmitted packet - * must be authenticated. For private-key cryptography, use the - * predefined private keys to generate the cryptosum. For - * autokey cryptography, use the server private value to - * generate the cookie, which is unique for every source- - * destination-key ID combination. - */ -#ifdef OPENSSL - if (xkeyid > NTP_MAXKEY) { - keyid_t cookie; - - /* - * The only way to get here is a reply to a legitimate - * client request message, so the mode must be - * MODE_SERVER. If an extension field is present, there - * can be only one and that must be a command. Do what - * needs, but with private value of zero so the poor - * jerk can decode it. If no extension field is present, - * use the cookie to generate the session key. - */ - cookie = session_key(&rbufp->recv_srcadr, - &rbufp->dstadr->sin, 0, sys_private, 0); - if (rbufp->recv_length >= (int)(sendlen + MAX_MAC_LEN + 2 * - sizeof(u_int32))) { - session_key(&rbufp->dstadr->sin, - &rbufp->recv_srcadr, xkeyid, 0, 2); - temp32 = CRYPTO_RESP; - rpkt->exten[0] |= htonl(temp32); - sendlen += crypto_xmit(&xpkt, - &rbufp->recv_srcadr, sendlen, - (struct exten *)rpkt->exten, cookie); - } else { - session_key(&rbufp->dstadr->sin, - &rbufp->recv_srcadr, xkeyid, cookie, 2); - } - } -#endif /* OPENSSL */ - get_systime(&xmt_ts); - L_ADD(&xmt_ts, &sys_authdelay); - HTONL_FP(&xmt_ts, &xpkt.xmt); - authlen = authencrypt(xkeyid, (u_int32 *)&xpkt, sendlen); - sendlen += authlen; -#ifdef OPENSSL - if (xkeyid > NTP_MAXKEY) - authtrust(xkeyid, 0); -#endif /* OPENSSL */ - get_systime(&xmt_tx); - if (sendlen > sizeof(xpkt)) { - msyslog(LOG_ERR, "buffer overflow %u", sendlen); - exit (-1); - } - sendpkt(&rbufp->recv_srcadr, rbufp->dstadr, 0, &xpkt, sendlen); - - /* - * Calculate the encryption delay. Keep the minimum over the - * latest two samples. - */ - L_SUB(&xmt_tx, &xmt_ts); - L_ADD(&xmt_tx, &sys_authdelay); - sys_authdly[1] = sys_authdly[0]; - sys_authdly[0] = xmt_tx.l_uf; - if (sys_authdly[0] < sys_authdly[1]) - sys_authdelay.l_uf = sys_authdly[0]; - else - sys_authdelay.l_uf = sys_authdly[1]; -#ifdef DEBUG - if (debug) - printf( - "transmit: at %ld %s->%s mode %d keyid %08x len %d mac %d\n", - current_time, ntoa(&rbufp->dstadr->sin), - ntoa(&rbufp->recv_srcadr), xmode, xkeyid, sendlen - - authlen, authlen); -#endif -} - - -#ifdef OPENSSL -/* - * key_expire - purge the key list - */ -void -key_expire( - struct peer *peer /* peer structure pointer */ - ) -{ - int i; - - if (peer->keylist != NULL) { - for (i = 0; i <= peer->keynumber; i++) - authtrust(peer->keylist[i], 0); - free(peer->keylist); - peer->keylist = NULL; - } - value_free(&peer->sndval); - peer->keynumber = 0; -#ifdef DEBUG - if (debug) - printf("key_expire: at %lu\n", current_time); -#endif -} -#endif /* OPENSSL */ - - -/* - * Determine if the peer is unfit for synchronization - * - * A peer is unfit for synchronization if - * > not reachable - * > a synchronization loop would form - * > never been synchronized - * > stratum undefined or too high - * > too long without synchronization - * > designated noselect - */ -static int /* 0 if no, 1 if yes */ -peer_unfit( - struct peer *peer /* peer structure pointer */ - ) -{ - return (!peer->reach || (peer->stratum > 1 && peer->refid == - peer->dstadr->addr_refid) || peer->leap == LEAP_NOTINSYNC || - peer->stratum >= STRATUM_UNSPEC || root_distance(peer) >= - MAXDISTANCE + 2. * clock_phi * ULOGTOD(sys_poll) || - peer->flags & FLAG_NOSELECT ); -} - - -/* - * Find the precision of this particular machine - */ -#define MINSTEP 100e-9 /* minimum clock increment (s) */ -#define MAXSTEP 20e-3 /* maximum clock increment (s) */ -#define MINLOOPS 5 /* minimum number of step samples */ - -/* - * This routine calculates the system precision, defined as the minimum - * of a sequency of differences between successive readings of the - * system clock. However, if the system clock can be read more than once - * during a tick interval, the difference can be zero or one LSB unit, - * where the LSB corresponds to one nanosecond or one microsecond. - * Conceivably, if some other process preempts this one and reads the - * clock, the difference can be more than one LSB unit. - * - * For hardware clock frequencies of 10 MHz or less, we assume the - * logical clock advances only at the hardware clock tick. For higher - * frequencies, we assume the logical clock can advance no more than 100 - * nanoseconds between ticks. - */ -int -default_get_precision(void) -{ - l_fp val; /* current seconds fraction */ - l_fp last; /* last seconds fraction */ - l_fp diff; /* difference */ - double tick; /* computed tick value */ - double dtemp; /* scratch */ - int i; /* log2 precision */ - - /* - * Loop to find tick value in nanoseconds. Toss out outlyer - * values less than the minimun tick value. In wacky cases, use - * the default maximum value. - */ - get_systime(&last); - tick = MAXSTEP; - for (i = 0; i < MINLOOPS;) { - get_systime(&val); - diff = val; - L_SUB(&diff, &last); - last = val; - LFPTOD(&diff, dtemp); - if (dtemp < MINSTEP) - continue; - i++; - if (dtemp < tick) - tick = dtemp; - } - - /* - * Find the nearest power of two. - */ - NLOG(NLOG_SYSEVENT) - msyslog(LOG_INFO, "precision = %.3f usec", tick * 1e6); - for (i = 0; tick <= 1; i++) - tick *= 2; - if (tick - 1. > 1. - tick / 2) - i--; - return (-i); -} - - -/* - * kod_proto - called once per second to limit kiss-of-death packets - */ -void -kod_proto(void) -{ - sys_kod = sys_kod_rate; -} - - -/* - * init_proto - initialize the protocol module's data - */ -void -init_proto(void) -{ - l_fp dummy; - int i; - - /* - * Fill in the sys_* stuff. Default is don't listen to - * broadcasting, authenticate. - */ - sys_leap = LEAP_NOTINSYNC; - sys_stratum = STRATUM_UNSPEC; - memcpy(&sys_refid, "INIT", 4); - sys_precision = (s_char)default_get_precision(); - sys_jitter = LOGTOD(sys_precision); - sys_rootdelay = 0; - sys_rootdispersion = 0; - L_CLR(&sys_reftime); - sys_peer = NULL; - sys_survivors = 0; - get_systime(&dummy); - sys_manycastserver = 0; - sys_bclient = 0; - sys_bdelay = DEFBROADDELAY; - sys_calldelay = BURST_DELAY; - sys_authenticate = 1; - L_CLR(&sys_authdelay); - sys_authdly[0] = sys_authdly[1] = 0; - sys_stattime = 0; - proto_clr_stats(); - for (i = 0; i < MAX_TTL; i++) { - sys_ttl[i] = (u_char)((i * 256) / MAX_TTL); - sys_ttlmax = i; - } -#ifdef OPENSSL - sys_automax = 1 << NTP_AUTOMAX; -#endif /* OPENSSL */ - - /* - * Default these to enable - */ - ntp_enable = 1; -#ifndef KERNEL_FLL_BUG - kern_enable = 1; -#endif - pps_enable = 0; - stats_control = 1; -} - - -/* - * proto_config - configure the protocol module - */ -void -proto_config( - int item, - u_long value, - double dvalue, - struct sockaddr_storage* svalue - ) -{ - /* - * Figure out what he wants to change, then do it - */ - switch (item) { - - /* - * Turn on/off kernel discipline. - */ - case PROTO_KERNEL: - kern_enable = (int)value; - break; - - /* - * Turn on/off clock discipline. - */ - case PROTO_NTP: - ntp_enable = (int)value; - break; - - /* - * Turn on/off monitoring. - */ - case PROTO_MONITOR: - if (value) - mon_start(MON_ON); - else - mon_stop(MON_ON); - break; - - /* - * Turn on/off statistics. - */ - case PROTO_FILEGEN: - stats_control = (int)value; - break; - - /* - * Turn on/off facility to listen to broadcasts. - */ - case PROTO_BROADCLIENT: - sys_bclient = (int)value; - if (value) - io_setbclient(); - else - io_unsetbclient(); - break; - - /* - * Add muliticast group address. - */ - case PROTO_MULTICAST_ADD: - if (svalue) - io_multicast_add(*svalue); - break; - - /* - * Delete multicast group address. - */ - case PROTO_MULTICAST_DEL: - if (svalue) - io_multicast_del(*svalue); - break; - - /* - * Set default broadcast delay. - */ - case PROTO_BROADDELAY: - sys_bdelay = dvalue; - break; - - /* - * Set modem call delay. - */ - case PROTO_CALLDELAY: - sys_calldelay = (int)value; - break; - - /* - * Require authentication to mobilize ephemeral associations. - */ - case PROTO_AUTHENTICATE: - sys_authenticate = (int)value; - break; - - /* - * Turn on/off PPS discipline. - */ - case PROTO_PPS: - pps_enable = (int)value; - break; - - /* - * Set the minimum number of survivors. - */ - case PROTO_MINCLOCK: - sys_minclock = (int)dvalue; - break; - - /* - * Set the minimum number of candidates. - */ - case PROTO_MINSANE: - sys_minsane = (int)dvalue; - break; - - /* - * Set the stratum floor. - */ - case PROTO_FLOOR: - sys_floor = (int)dvalue; - break; - - /* - * Set the stratum ceiling. - */ - case PROTO_CEILING: - sys_ceiling = (int)dvalue; - break; - - /* - * Set the cohort switch. - */ - case PROTO_COHORT: - sys_cohort= (int)dvalue; - break; - /* - * Set the adjtime() resolution (s). - */ - case PROTO_ADJ: - sys_tick = dvalue; - break; - -#ifdef REFCLOCK - /* - * Turn on/off refclock calibrate - */ - case PROTO_CAL: - cal_enable = (int)value; - break; -#endif - default: - - /* - * Log this error. - */ - msyslog(LOG_INFO, - "proto_config: illegal item %d, value %ld", - item, value); - } -} - - -/* - * proto_clr_stats - clear protocol stat counters - */ -void -proto_clr_stats(void) -{ - sys_stattime = current_time; - sys_received = 0; - sys_processed = 0; - sys_newversionpkt = 0; - sys_oldversionpkt = 0; - sys_unknownversion = 0; - sys_restricted = 0; - sys_badlength = 0; - sys_badauth = 0; - sys_limitrejected = 0; -} |
