1 /* $NetBSD: ntp_io.c,v 1.27 2020/05/25 20:47:25 christos Exp $ */ 2 3 /* 4 * ntp_io.c - input/output routines for ntpd. The socket-opening code 5 * was shamelessly stolen from ntpd. 6 */ 7 8 #ifdef HAVE_CONFIG_H 9 # include <config.h> 10 #endif 11 12 #include <stdio.h> 13 #include <signal.h> 14 #ifdef HAVE_FNMATCH_H 15 # include <fnmatch.h> 16 # if !defined(FNM_CASEFOLD) && defined(FNM_IGNORECASE) 17 # define FNM_CASEFOLD FNM_IGNORECASE 18 # endif 19 #endif 20 #ifdef HAVE_SYS_PARAM_H 21 # include <sys/param.h> 22 #endif 23 #ifdef HAVE_SYS_IOCTL_H 24 # include <sys/ioctl.h> 25 #endif 26 #ifdef HAVE_SYS_SOCKIO_H /* UXPV: SIOC* #defines (Frank Vance <fvance@waii.com>) */ 27 # include <sys/sockio.h> 28 #endif 29 #ifdef HAVE_SYS_UIO_H 30 # include <sys/uio.h> 31 #endif 32 33 #include "ntp_machine.h" 34 #include "ntpd.h" 35 #include "ntp_io.h" 36 #include "iosignal.h" 37 #include "ntp_lists.h" 38 #include "ntp_refclock.h" 39 #include "ntp_stdlib.h" 40 #include "ntp_worker.h" 41 #include "ntp_request.h" 42 #include "ntp_assert.h" 43 #include "timevalops.h" 44 #include "timespecops.h" 45 #include "ntpd-opts.h" 46 #include "safecast.h" 47 48 /* Don't include ISC's version of IPv6 variables and structures */ 49 #define ISC_IPV6_H 1 50 #include <isc/mem.h> 51 #include <isc/interfaceiter.h> 52 #include <isc/netaddr.h> 53 #include <isc/result.h> 54 #include <isc/sockaddr.h> 55 56 #ifdef SIM 57 #include "ntpsim.h" 58 #endif 59 60 #ifdef HAS_ROUTING_SOCKET 61 # include <net/route.h> 62 # ifdef HAVE_RTNETLINK 63 # include <linux/rtnetlink.h> 64 # endif 65 #endif 66 67 /* 68 * setsockopt does not always have the same arg declaration 69 * across all platforms. If it's not defined we make it empty 70 */ 71 72 #ifndef SETSOCKOPT_ARG_CAST 73 #define SETSOCKOPT_ARG_CAST 74 #endif 75 76 extern int listen_to_virtual_ips; 77 78 #ifndef IPTOS_DSCP_EF 79 #define IPTOS_DSCP_EF 0xb8 80 #endif 81 int qos = IPTOS_DSCP_EF; /* QoS RFC3246 */ 82 83 #ifdef LEAP_SMEAR 84 /* TODO burnicki: This should be moved to ntp_timer.c, but if we do so 85 * we get a linker error. Since we're running out of time before the leap 86 * second occurs, we let it here where it just works. 87 */ 88 int leap_smear_intv; 89 #endif 90 91 /* 92 * NIC rule entry 93 */ 94 typedef struct nic_rule_tag nic_rule; 95 96 struct nic_rule_tag { 97 nic_rule * next; 98 nic_rule_action action; 99 nic_rule_match match_type; 100 char * if_name; 101 sockaddr_u addr; 102 int prefixlen; 103 }; 104 105 /* 106 * NIC rule listhead. Entries are added at the head so that the first 107 * match in the list is the last matching rule specified. 108 */ 109 nic_rule *nic_rule_list; 110 111 112 #if defined(SO_BINTIME) && defined(SCM_BINTIME) && defined(CMSG_FIRSTHDR) 113 # define HAVE_PACKET_TIMESTAMP 114 # define HAVE_BINTIME 115 # ifdef BINTIME_CTLMSGBUF_SIZE 116 # define CMSG_BUFSIZE BINTIME_CTLMSGBUF_SIZE 117 # else 118 # define CMSG_BUFSIZE 1536 /* moderate default */ 119 # endif 120 #elif defined(SO_TIMESTAMPNS) && defined(SCM_TIMESTAMPNS) && defined(CMSG_FIRSTHDR) 121 # define HAVE_PACKET_TIMESTAMP 122 # define HAVE_TIMESTAMPNS 123 # ifdef TIMESTAMPNS_CTLMSGBUF_SIZE 124 # define CMSG_BUFSIZE TIMESTAMPNS_CTLMSGBUF_SIZE 125 # else 126 # define CMSG_BUFSIZE 1536 /* moderate default */ 127 # endif 128 #elif defined(SO_TIMESTAMP) && defined(SCM_TIMESTAMP) && defined(CMSG_FIRSTHDR) 129 # define HAVE_PACKET_TIMESTAMP 130 # define HAVE_TIMESTAMP 131 # ifdef TIMESTAMP_CTLMSGBUF_SIZE 132 # define CMSG_BUFSIZE TIMESTAMP_CTLMSGBUF_SIZE 133 # else 134 # define CMSG_BUFSIZE 1536 /* moderate default */ 135 # endif 136 #else 137 /* fill in for old/other timestamp interfaces */ 138 #endif 139 140 #if defined(SYS_WINNT) 141 #include "win32_io.h" 142 #include <isc/win32os.h> 143 #endif 144 145 /* 146 * We do asynchronous input using the SIGIO facility. A number of 147 * recvbuf buffers are preallocated for input. In the signal 148 * handler we poll to see which sockets are ready and read the 149 * packets from them into the recvbuf's along with a time stamp and 150 * an indication of the source host and the interface it was received 151 * through. This allows us to get as accurate receive time stamps 152 * as possible independent of other processing going on. 153 * 154 * We watch the number of recvbufs available to the signal handler 155 * and allocate more when this number drops below the low water 156 * mark. If the signal handler should run out of buffers in the 157 * interim it will drop incoming frames, the idea being that it is 158 * better to drop a packet than to be inaccurate. 159 */ 160 161 162 /* 163 * Other statistics of possible interest 164 */ 165 volatile u_long packets_dropped; /* total number of packets dropped on reception */ 166 volatile u_long packets_ignored; /* packets received on wild card interface */ 167 volatile u_long packets_received; /* total number of packets received */ 168 u_long packets_sent; /* total number of packets sent */ 169 u_long packets_notsent; /* total number of packets which couldn't be sent */ 170 171 volatile u_long handler_calls; /* number of calls to interrupt handler */ 172 volatile u_long handler_pkts; /* number of pkts received by handler */ 173 u_long io_timereset; /* time counters were reset */ 174 175 /* 176 * Interface stuff 177 */ 178 endpt * any_interface; /* wildcard ipv4 interface */ 179 endpt * any6_interface; /* wildcard ipv6 interface */ 180 endpt * loopback_interface; /* loopback ipv4 interface */ 181 182 static isc_boolean_t broadcast_client_enabled; /* is broadcast client enabled */ 183 u_int sys_ifnum; /* next .ifnum to assign */ 184 int ninterfaces; /* Total number of interfaces */ 185 186 int disable_dynamic_updates; /* scan interfaces once only */ 187 188 #ifdef REFCLOCK 189 /* 190 * Refclock stuff. We keep a chain of structures with data concerning 191 * the guys we are doing I/O for. 192 */ 193 static struct refclockio *refio; 194 #endif /* REFCLOCK */ 195 196 /* 197 * File descriptor masks etc. for call to select 198 * Not needed for I/O Completion Ports or anything outside this file 199 */ 200 static fd_set activefds; 201 static int maxactivefd; 202 203 /* 204 * bit alternating value to detect verified interfaces during an update cycle 205 */ 206 static u_short sys_interphase = 0; 207 208 static endpt * new_interface(endpt *); 209 static void add_interface(endpt *); 210 static int update_interfaces(u_short, interface_receiver_t, 211 void *); 212 static void remove_interface(endpt *); 213 static endpt * create_interface(u_short, endpt *); 214 215 static int is_wildcard_addr (const sockaddr_u *); 216 217 /* 218 * Multicast functions 219 */ 220 static isc_boolean_t addr_ismulticast (sockaddr_u *); 221 static isc_boolean_t is_anycast (sockaddr_u *, 222 const char *); 223 224 /* 225 * Not all platforms support multicast 226 */ 227 #ifdef MCAST 228 static isc_boolean_t socket_multicast_enable (endpt *, sockaddr_u *); 229 static isc_boolean_t socket_multicast_disable(endpt *, sockaddr_u *); 230 #endif 231 232 #ifdef DEBUG 233 static void interface_dump (const endpt *); 234 static void sockaddr_dump (const sockaddr_u *); 235 static void print_interface (const endpt *, const char *, const char *); 236 #define DPRINT_INTERFACE(level, args) do { if (debug >= (level)) { print_interface args; } } while (0) 237 #else 238 #define DPRINT_INTERFACE(level, args) do {} while (0) 239 #endif 240 241 typedef struct vsock vsock_t; 242 enum desc_type { FD_TYPE_SOCKET, FD_TYPE_FILE }; 243 244 struct vsock { 245 vsock_t * link; 246 SOCKET fd; 247 enum desc_type type; 248 }; 249 250 vsock_t *fd_list; 251 252 #if !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) 253 /* 254 * async notification processing (e. g. routing sockets) 255 */ 256 /* 257 * support for receiving data on fd that is not a refclock or a socket 258 * like e. g. routing sockets 259 */ 260 struct asyncio_reader { 261 struct asyncio_reader *link; /* the list this is being kept in */ 262 SOCKET fd; /* fd to be read */ 263 void *data; /* possibly local data */ 264 void (*receiver)(struct asyncio_reader *); /* input handler */ 265 }; 266 267 struct asyncio_reader *asyncio_reader_list; 268 269 static void delete_asyncio_reader (struct asyncio_reader *); 270 static struct asyncio_reader *new_asyncio_reader (void); 271 static void add_asyncio_reader (struct asyncio_reader *, enum desc_type); 272 static void remove_asyncio_reader (struct asyncio_reader *); 273 274 #endif /* !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) */ 275 276 static void init_async_notifications (void); 277 278 static int addr_eqprefix (const sockaddr_u *, const sockaddr_u *, 279 int); 280 static int addr_samesubnet (const sockaddr_u *, const sockaddr_u *, 281 const sockaddr_u *, const sockaddr_u *); 282 static int create_sockets (u_short); 283 static SOCKET open_socket (sockaddr_u *, int, int, endpt *); 284 static void set_reuseaddr (int); 285 static isc_boolean_t socket_broadcast_enable (struct interface *, SOCKET, sockaddr_u *); 286 287 #if !defined(HAVE_IO_COMPLETION_PORT) && !defined(HAVE_SIGNALED_IO) 288 static char * fdbits (int, const fd_set *); 289 #endif 290 #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES 291 static isc_boolean_t socket_broadcast_disable (struct interface *, sockaddr_u *); 292 #endif 293 294 typedef struct remaddr remaddr_t; 295 296 struct remaddr { 297 remaddr_t * link; 298 sockaddr_u addr; 299 endpt * ep; 300 }; 301 302 remaddr_t * remoteaddr_list; 303 endpt * ep_list; /* complete endpt list */ 304 endpt * mc4_list; /* IPv4 mcast-capable unicast endpts */ 305 endpt * mc6_list; /* IPv6 mcast-capable unicast endpts */ 306 307 static endpt * wildipv4; 308 static endpt * wildipv6; 309 310 #ifdef SYS_WINNT 311 int accept_wildcard_if_for_winnt; 312 #else 313 const int accept_wildcard_if_for_winnt = FALSE; 314 #endif 315 316 static void add_fd_to_list (SOCKET, enum desc_type); 317 static endpt * find_addr_in_list (sockaddr_u *); 318 static endpt * find_flagged_addr_in_list(sockaddr_u *, u_int32); 319 static void delete_addr_from_list (sockaddr_u *); 320 static void delete_interface_from_list(endpt *); 321 static void close_and_delete_fd_from_list(SOCKET); 322 static void add_addr_to_list (sockaddr_u *, endpt *); 323 static void create_wildcards (u_short); 324 static endpt * findlocalinterface (sockaddr_u *, int, int); 325 static endpt * findclosestinterface (sockaddr_u *, int); 326 #ifdef DEBUG 327 static const char * action_text (nic_rule_action); 328 #endif 329 static nic_rule_action interface_action(char *, sockaddr_u *, u_int32); 330 static void convert_isc_if (isc_interface_t *, 331 endpt *, u_short); 332 static void calc_addr_distance(sockaddr_u *, 333 const sockaddr_u *, 334 const sockaddr_u *); 335 static int cmp_addr_distance(const sockaddr_u *, 336 const sockaddr_u *); 337 338 /* 339 * Routines to read the ntp packets 340 */ 341 #if !defined(HAVE_IO_COMPLETION_PORT) 342 static inline int read_network_packet (SOCKET, struct interface *, l_fp); 343 static void ntpd_addremove_io_fd (int, int, int); 344 static void input_handler_scan (const l_fp*, const fd_set*); 345 static int/*BOOL*/ sanitize_fdset (int errc); 346 #ifdef REFCLOCK 347 static inline int read_refclock_packet (SOCKET, struct refclockio *, l_fp); 348 #endif 349 #ifdef HAVE_SIGNALED_IO 350 static void input_handler (l_fp*); 351 #endif 352 #endif 353 354 355 #ifndef HAVE_IO_COMPLETION_PORT 356 void 357 maintain_activefds( 358 int fd, 359 int closing 360 ) 361 { 362 int i; 363 364 if (fd < 0 || fd >= FD_SETSIZE) { 365 msyslog(LOG_ERR, 366 "Too many sockets in use, FD_SETSIZE %d exceeded by fd %d", 367 FD_SETSIZE, fd); 368 exit(1); 369 } 370 371 if (!closing) { 372 FD_SET(fd, &activefds); 373 maxactivefd = max(fd, maxactivefd); 374 } else { 375 FD_CLR(fd, &activefds); 376 if (maxactivefd && fd == maxactivefd) { 377 for (i = maxactivefd - 1; i >= 0; i--) 378 if (FD_ISSET(i, &activefds)) { 379 maxactivefd = i; 380 break; 381 } 382 INSIST(fd != maxactivefd); 383 } 384 } 385 } 386 #endif /* !HAVE_IO_COMPLETION_PORT */ 387 388 389 #ifdef DEBUG_TIMING 390 /* 391 * collect timing information for various processing 392 * paths. currently we only pass them on to the file 393 * for later processing. this could also do histogram 394 * based analysis in other to reduce the load (and skew) 395 * dur to the file output 396 */ 397 void 398 collect_timing(struct recvbuf *rb, const char *tag, int count, l_fp *dts) 399 { 400 char buf[256]; 401 402 snprintf(buf, sizeof(buf), "%s %d %s %s", 403 (rb != NULL) 404 ? ((rb->dstadr != NULL) 405 ? stoa(&rb->recv_srcadr) 406 : "-REFCLOCK-") 407 : "-", 408 count, lfptoa(dts, 9), tag); 409 record_timing_stats(buf); 410 } 411 #endif 412 413 /* 414 * About dynamic interfaces, sockets, reception and more... 415 * 416 * the code solves following tasks: 417 * 418 * - keep a current list of active interfaces in order 419 * to bind to to the interface address on NTP_PORT so that 420 * all wild and specific bindings for NTP_PORT are taken by ntpd 421 * to avoid other daemons messing with the time or sockets. 422 * - all interfaces keep a list of peers that are referencing 423 * the interface in order to quickly re-assign the peers to 424 * new interface in case an interface is deleted (=> gone from system or 425 * down) 426 * - have a preconfigured socket ready with the right local address 427 * for transmission and reception 428 * - have an address list for all destination addresses used within ntpd 429 * to find the "right" preconfigured socket. 430 * - facilitate updating the internal interface list with respect to 431 * the current kernel state 432 * 433 * special issues: 434 * 435 * - mapping of multicast addresses to the interface affected is not always 436 * one to one - especially on hosts with multiple interfaces 437 * the code here currently allocates a separate interface entry for those 438 * multicast addresses 439 * iff it is able to bind to a *new* socket with the multicast address (flags |= MCASTIF) 440 * in case of failure the multicast address is bound to an existing interface. 441 * - on some systems it is perfectly legal to assign the same address to 442 * multiple interfaces. Therefore this code does not keep a list of interfaces 443 * but a list of interfaces that represent a unique address as determined by the kernel 444 * by the procedure in findlocalinterface. Thus it is perfectly legal to see only 445 * one representative of a group of real interfaces if they share the same address. 446 * 447 * Frank Kardel 20050910 448 */ 449 450 /* 451 * init_io - initialize I/O module. 452 */ 453 void 454 init_io(void) 455 { 456 /* Init buffer free list and stat counters */ 457 init_recvbuff(RECV_INIT); 458 /* update interface every 5 minutes as default */ 459 interface_interval = 300; 460 461 #ifdef WORK_PIPE 462 addremove_io_fd = &ntpd_addremove_io_fd; 463 #endif 464 465 #if defined(SYS_WINNT) 466 init_io_completion_port(); 467 #elif defined(HAVE_SIGNALED_IO) 468 (void) set_signal(input_handler); 469 #endif 470 } 471 472 473 static void 474 ntpd_addremove_io_fd( 475 int fd, 476 int is_pipe, 477 int remove_it 478 ) 479 { 480 UNUSED_ARG(is_pipe); 481 482 #ifdef HAVE_SIGNALED_IO 483 if (!remove_it) 484 init_socket_sig(fd); 485 #endif /* not HAVE_SIGNALED_IO */ 486 487 maintain_activefds(fd, remove_it); 488 } 489 490 491 /* 492 * io_open_sockets - call socket creation routine 493 */ 494 void 495 io_open_sockets(void) 496 { 497 static int already_opened; 498 499 if (already_opened || HAVE_OPT( SAVECONFIGQUIT )) 500 return; 501 502 already_opened = 1; 503 504 /* 505 * Create the sockets 506 */ 507 BLOCKIO(); 508 create_sockets(NTP_PORT); 509 UNBLOCKIO(); 510 511 init_async_notifications(); 512 513 DPRINTF(3, ("io_open_sockets: maxactivefd %d\n", maxactivefd)); 514 } 515 516 517 #ifdef DEBUG 518 /* 519 * function to dump the contents of the interface structure 520 * for debugging use only. 521 * We face a dilemma here -- sockets are FDs under POSIX and 522 * actually HANDLES under Windows. So we use '%lld' as format 523 * and cast the value to 'long long'; this should not hurt 524 * with UNIX-like systems and does not truncate values on Win64. 525 */ 526 void 527 interface_dump(const endpt *itf) 528 { 529 printf("Dumping interface: %p\n", itf); 530 printf("fd = %lld\n", (long long)itf->fd); 531 printf("bfd = %lld\n", (long long)itf->bfd); 532 printf("sin = %s,\n", stoa(&itf->sin)); 533 sockaddr_dump(&itf->sin); 534 printf("bcast = %s,\n", stoa(&itf->bcast)); 535 sockaddr_dump(&itf->bcast); 536 printf("mask = %s,\n", stoa(&itf->mask)); 537 sockaddr_dump(&itf->mask); 538 printf("name = %s\n", itf->name); 539 printf("flags = 0x%08x\n", itf->flags); 540 printf("last_ttl = %d\n", itf->last_ttl); 541 printf("addr_refid = %08x\n", itf->addr_refid); 542 printf("num_mcast = %d\n", itf->num_mcast); 543 printf("received = %ld\n", itf->received); 544 printf("sent = %ld\n", itf->sent); 545 printf("notsent = %ld\n", itf->notsent); 546 printf("ifindex = %u\n", itf->ifindex); 547 printf("peercnt = %u\n", itf->peercnt); 548 printf("phase = %u\n", itf->phase); 549 } 550 551 /* 552 * sockaddr_dump - hex dump the start of a sockaddr_u 553 */ 554 static void 555 sockaddr_dump(const sockaddr_u *psau) 556 { 557 /* Limit the size of the sockaddr_in6 hex dump */ 558 const int maxsize = min(32, sizeof(psau->sa6)); 559 const u_char * cp; 560 int i; 561 562 /* XXX: Should we limit maxsize based on psau->saX.sin_family? */ 563 cp = (const void *)&psau->sa6; 564 565 for(i = 0; i < maxsize; i++) { 566 printf("%02x", *cp++); 567 if (!((i + 1) % 4)) 568 printf(" "); 569 } 570 printf("\n"); 571 } 572 573 /* 574 * print_interface - helper to output debug information 575 */ 576 static void 577 print_interface(const endpt *iface, const char *pfx, const char *sfx) 578 { 579 printf("%sinterface #%d: fd=%lld, bfd=%lld, name=%s, flags=0x%x, ifindex=%u, sin=%s", 580 pfx, 581 iface->ifnum, 582 (long long)iface->fd, 583 (long long)iface->bfd, 584 iface->name, 585 iface->flags, 586 iface->ifindex, 587 stoa(&iface->sin)); 588 if (AF_INET == iface->family) { 589 if (iface->flags & INT_BROADCAST) 590 printf(", bcast=%s", stoa(&iface->bcast)); 591 printf(", mask=%s", stoa(&iface->mask)); 592 } 593 printf(", %s:%s", 594 (iface->ignore_packets) 595 ? "Disabled" 596 : "Enabled", 597 sfx); 598 if (debug > 4) /* in-depth debugging only */ 599 interface_dump(iface); 600 } 601 #endif 602 603 #if !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) 604 /* 605 * create an asyncio_reader structure 606 */ 607 static struct asyncio_reader * 608 new_asyncio_reader(void) 609 { 610 struct asyncio_reader *reader; 611 612 reader = emalloc_zero(sizeof(*reader)); 613 reader->fd = INVALID_SOCKET; 614 615 return reader; 616 } 617 618 /* 619 * delete a reader 620 */ 621 static void 622 delete_asyncio_reader( 623 struct asyncio_reader *reader 624 ) 625 { 626 free(reader); 627 } 628 629 /* 630 * add asynchio_reader 631 */ 632 static void 633 add_asyncio_reader( 634 struct asyncio_reader * reader, 635 enum desc_type type) 636 { 637 LINK_SLIST(asyncio_reader_list, reader, link); 638 add_fd_to_list(reader->fd, type); 639 } 640 641 /* 642 * remove asynchio_reader 643 */ 644 static void 645 remove_asyncio_reader( 646 struct asyncio_reader *reader 647 ) 648 { 649 struct asyncio_reader *unlinked; 650 651 UNLINK_SLIST(unlinked, asyncio_reader_list, reader, link, 652 struct asyncio_reader); 653 654 if (reader->fd != INVALID_SOCKET) 655 close_and_delete_fd_from_list(reader->fd); 656 657 reader->fd = INVALID_SOCKET; 658 } 659 #endif /* !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) */ 660 661 662 /* compare two sockaddr prefixes */ 663 static int 664 addr_eqprefix( 665 const sockaddr_u * a, 666 const sockaddr_u * b, 667 int prefixlen 668 ) 669 { 670 isc_netaddr_t isc_a; 671 isc_netaddr_t isc_b; 672 isc_sockaddr_t isc_sa; 673 674 ZERO(isc_sa); 675 memcpy(&isc_sa.type, a, min(sizeof(isc_sa.type), sizeof(*a))); 676 isc_netaddr_fromsockaddr(&isc_a, &isc_sa); 677 678 ZERO(isc_sa); 679 memcpy(&isc_sa.type, b, min(sizeof(isc_sa.type), sizeof(*b))); 680 isc_netaddr_fromsockaddr(&isc_b, &isc_sa); 681 682 return (int)isc_netaddr_eqprefix(&isc_a, &isc_b, 683 (u_int)prefixlen); 684 } 685 686 687 static int 688 addr_samesubnet( 689 const sockaddr_u * a, 690 const sockaddr_u * a_mask, 691 const sockaddr_u * b, 692 const sockaddr_u * b_mask 693 ) 694 { 695 const u_int32 * pa; 696 const u_int32 * pa_limit; 697 const u_int32 * pb; 698 const u_int32 * pm; 699 size_t loops; 700 701 REQUIRE(AF(a) == AF(a_mask)); 702 REQUIRE(AF(b) == AF(b_mask)); 703 /* 704 * With address and mask families verified to match, comparing 705 * the masks also validates the address's families match. 706 */ 707 if (!SOCK_EQ(a_mask, b_mask)) 708 return FALSE; 709 710 if (IS_IPV6(a)) { 711 loops = sizeof(NSRCADR6(a)) / sizeof(*pa); 712 pa = (const void *)&NSRCADR6(a); 713 pb = (const void *)&NSRCADR6(b); 714 pm = (const void *)&NSRCADR6(a_mask); 715 } else { 716 loops = sizeof(NSRCADR(a)) / sizeof(*pa); 717 pa = (const void *)&NSRCADR(a); 718 pb = (const void *)&NSRCADR(b); 719 pm = (const void *)&NSRCADR(a_mask); 720 } 721 for (pa_limit = pa + loops; pa < pa_limit; pa++, pb++, pm++) 722 if ((*pa & *pm) != (*pb & *pm)) 723 return FALSE; 724 725 return TRUE; 726 } 727 728 729 /* 730 * interface list enumerator - visitor pattern 731 */ 732 void 733 interface_enumerate( 734 interface_receiver_t receiver, 735 void * data 736 ) 737 { 738 interface_info_t ifi; 739 740 ifi.action = IFS_EXISTS; 741 for (ifi.ep = ep_list; ifi.ep != NULL; ifi.ep = ifi.ep->elink) 742 (*receiver)(data, &ifi); 743 } 744 745 /* 746 * do standard initialization of interface structure 747 */ 748 static void 749 init_interface( 750 endpt *ep 751 ) 752 { 753 ZERO(*ep); 754 ep->fd = INVALID_SOCKET; 755 ep->bfd = INVALID_SOCKET; 756 ep->phase = sys_interphase; 757 } 758 759 760 /* 761 * create new interface structure initialize from 762 * template structure or via standard initialization 763 * function 764 */ 765 static struct interface * 766 new_interface( 767 struct interface *interface 768 ) 769 { 770 struct interface * iface; 771 772 iface = emalloc(sizeof(*iface)); 773 774 if (NULL == interface) 775 init_interface(iface); 776 else /* use the template */ 777 memcpy(iface, interface, sizeof(*iface)); 778 779 /* count every new instance of an interface in the system */ 780 iface->ifnum = sys_ifnum++; 781 iface->starttime = current_time; 782 783 # ifdef HAVE_IO_COMPLETION_PORT 784 if (!io_completion_port_add_interface(iface)) { 785 msyslog(LOG_EMERG, "cannot register interface with IO engine -- will exit now"); 786 exit(1); 787 } 788 # endif 789 return iface; 790 } 791 792 793 /* 794 * return interface storage into free memory pool 795 */ 796 static void 797 delete_interface( 798 endpt *ep 799 ) 800 { 801 # ifdef HAVE_IO_COMPLETION_PORT 802 io_completion_port_remove_interface(ep); 803 # endif 804 free(ep); 805 } 806 807 808 /* 809 * link interface into list of known interfaces 810 */ 811 static void 812 add_interface( 813 endpt * ep 814 ) 815 { 816 endpt ** pmclisthead; 817 endpt * scan; 818 endpt * scan_next; 819 endpt * unlinked; 820 sockaddr_u * addr; 821 int ep_local; 822 int scan_local; 823 int same_subnet; 824 int ep_univ_iid; /* iface ID from MAC address */ 825 int scan_univ_iid; /* see RFC 4291 */ 826 int ep_privacy; /* random local iface ID */ 827 int scan_privacy; /* see RFC 4941 */ 828 int rc; 829 830 /* Calculate the refid */ 831 ep->addr_refid = addr2refid(&ep->sin); 832 /* link at tail so ntpdc -c ifstats index increases each row */ 833 LINK_TAIL_SLIST(ep_list, ep, elink, endpt); 834 ninterfaces++; 835 #ifdef MCAST 836 /* the rest is for enabled multicast-capable addresses only */ 837 if (ep->ignore_packets || !(INT_MULTICAST & ep->flags) || 838 INT_LOOPBACK & ep->flags) 839 return; 840 # ifndef INCLUDE_IPV6_MULTICAST_SUPPORT 841 if (AF_INET6 == ep->family) 842 return; 843 # endif 844 pmclisthead = (AF_INET == ep->family) 845 ? &mc4_list 846 : &mc6_list; 847 848 if (AF_INET6 == ep->family) { 849 ep_local = 850 IN6_IS_ADDR_LINKLOCAL(PSOCK_ADDR6(&ep->sin)) || 851 IN6_IS_ADDR_SITELOCAL(PSOCK_ADDR6(&ep->sin)); 852 ep_univ_iid = IS_IID_UNIV(&ep->sin); 853 ep_privacy = !!(INT_PRIVACY & ep->flags); 854 } else { 855 ep_local = FALSE; 856 ep_univ_iid = FALSE; 857 ep_privacy = FALSE; 858 } 859 DPRINTF(4, ("add_interface mcast-capable %s%s%s%s\n", 860 stoa(&ep->sin), 861 (ep_local) ? " link/scope-local" : "", 862 (ep_univ_iid) ? " univ-IID" : "", 863 (ep_privacy) ? " privacy" : "")); 864 /* 865 * If we have multiple local addresses on the same network 866 * interface, and some are link- or site-local, do not multicast 867 * out from the link-/site-local addresses by default, to avoid 868 * duplicate manycastclient associations between v6 peers using 869 * link-local and global addresses. link-local can still be 870 * chosen using "nic ignore myv6globalprefix::/64". 871 * Similarly, if we have multiple global addresses from the same 872 * prefix on the same network interface, multicast from one, 873 * preferring EUI-64, then static, then least RFC 4941 privacy 874 * addresses. 875 */ 876 for (scan = *pmclisthead; scan != NULL; scan = scan_next) { 877 scan_next = scan->mclink; 878 if (ep->family != scan->family) 879 continue; 880 if (strcmp(ep->name, scan->name)) 881 continue; 882 same_subnet = addr_samesubnet(&ep->sin, &ep->mask, 883 &scan->sin, &scan->mask); 884 if (AF_INET6 == ep->family) { 885 addr = &scan->sin; 886 scan_local = 887 IN6_IS_ADDR_LINKLOCAL(PSOCK_ADDR6(addr)) || 888 IN6_IS_ADDR_SITELOCAL(PSOCK_ADDR6(addr)); 889 scan_univ_iid = IS_IID_UNIV(addr); 890 scan_privacy = !!(INT_PRIVACY & scan->flags); 891 } else { 892 scan_local = FALSE; 893 scan_univ_iid = FALSE; 894 scan_privacy = FALSE; 895 } 896 DPRINTF(4, ("add_interface mcast-capable scan %s%s%s%s\n", 897 stoa(&scan->sin), 898 (scan_local) ? " link/scope-local" : "", 899 (scan_univ_iid) ? " univ-IID" : "", 900 (scan_privacy) ? " privacy" : "")); 901 if ((ep_local && !scan_local) || (same_subnet && 902 ((ep_privacy && !scan_privacy) || 903 (!ep_univ_iid && scan_univ_iid)))) { 904 DPRINTF(4, ("did not add %s to %s of IPv6 multicast-capable list which already has %s\n", 905 stoa(&ep->sin), 906 (ep_local) 907 ? "tail" 908 : "head", 909 stoa(&scan->sin))); 910 return; 911 } 912 if ((scan_local && !ep_local) || (same_subnet && 913 ((scan_privacy && !ep_privacy) || 914 (!scan_univ_iid && ep_univ_iid)))) { 915 UNLINK_SLIST(unlinked, *pmclisthead, 916 scan, mclink, endpt); 917 DPRINTF(4, ("%s %s from IPv6 multicast-capable list to add %s\n", 918 (unlinked != scan) 919 ? "Failed to remove" 920 : "removed", 921 stoa(&scan->sin), stoa(&ep->sin))); 922 } 923 } 924 /* 925 * Add link/site local at the tail of the multicast- 926 * capable unicast interfaces list, so that ntpd will 927 * send from global addresses before link-/site-local 928 * ones. 929 */ 930 if (ep_local) 931 LINK_TAIL_SLIST(*pmclisthead, ep, mclink, endpt); 932 else 933 LINK_SLIST(*pmclisthead, ep, mclink); 934 DPRINTF(4, ("added %s to %s of IPv%s multicast-capable unicast local address list\n", 935 stoa(&ep->sin), 936 (ep_local) 937 ? "tail" 938 : "head", 939 (AF_INET == ep->family) 940 ? "4" 941 : "6")); 942 943 if (INVALID_SOCKET == ep->fd) 944 return; 945 946 /* 947 * select the local address from which to send to multicast. 948 */ 949 switch (AF(&ep->sin)) { 950 951 case AF_INET : 952 rc = setsockopt(ep->fd, IPPROTO_IP, 953 IP_MULTICAST_IF, 954 (void *)&NSRCADR(&ep->sin), 955 sizeof(NSRCADR(&ep->sin))); 956 if (rc) 957 msyslog(LOG_ERR, 958 "setsockopt IP_MULTICAST_IF %s fails: %m", 959 stoa(&ep->sin)); 960 break; 961 962 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 963 case AF_INET6 : 964 rc = setsockopt(ep->fd, IPPROTO_IPV6, 965 IPV6_MULTICAST_IF, 966 (void *)&ep->ifindex, 967 sizeof(ep->ifindex)); 968 /* do not complain if bound addr scope is ifindex */ 969 if (rc && ep->ifindex != SCOPE(&ep->sin)) 970 msyslog(LOG_ERR, 971 "setsockopt IPV6_MULTICAST_IF %u for %s fails: %m", 972 ep->ifindex, stoa(&ep->sin)); 973 break; 974 # endif 975 } 976 #endif /* MCAST */ 977 } 978 979 980 /* 981 * remove interface from known interface list and clean up 982 * associated resources 983 */ 984 static void 985 remove_interface( 986 endpt * ep 987 ) 988 { 989 endpt * unlinked; 990 endpt ** pmclisthead; 991 sockaddr_u resmask; 992 993 UNLINK_SLIST(unlinked, ep_list, ep, elink, endpt); 994 if (!ep->ignore_packets && INT_MULTICAST & ep->flags) { 995 pmclisthead = (AF_INET == ep->family) 996 ? &mc4_list 997 : &mc6_list; 998 UNLINK_SLIST(unlinked, *pmclisthead, ep, mclink, endpt); 999 DPRINTF(4, ("%s %s IPv%s multicast-capable unicast local address list\n", 1000 stoa(&ep->sin), 1001 (unlinked != NULL) 1002 ? "removed from" 1003 : "not found on", 1004 (AF_INET == ep->family) 1005 ? "4" 1006 : "6")); 1007 } 1008 delete_interface_from_list(ep); 1009 1010 if (ep->fd != INVALID_SOCKET) { 1011 msyslog(LOG_INFO, 1012 "Deleting interface #%d %s, %s#%d, interface stats: received=%ld, sent=%ld, dropped=%ld, active_time=%ld secs", 1013 ep->ifnum, 1014 ep->name, 1015 stoa(&ep->sin), 1016 SRCPORT(&ep->sin), 1017 ep->received, 1018 ep->sent, 1019 ep->notsent, 1020 current_time - ep->starttime); 1021 # ifdef HAVE_IO_COMPLETION_PORT 1022 io_completion_port_remove_socket(ep->fd, ep); 1023 # endif 1024 close_and_delete_fd_from_list(ep->fd); 1025 ep->fd = INVALID_SOCKET; 1026 } 1027 1028 if (ep->bfd != INVALID_SOCKET) { 1029 msyslog(LOG_INFO, 1030 "stop listening for broadcasts to %s on interface #%d %s", 1031 stoa(&ep->bcast), ep->ifnum, ep->name); 1032 # ifdef HAVE_IO_COMPLETION_PORT 1033 io_completion_port_remove_socket(ep->bfd, ep); 1034 # endif 1035 close_and_delete_fd_from_list(ep->bfd); 1036 ep->bfd = INVALID_SOCKET; 1037 } 1038 # ifdef HAVE_IO_COMPLETION_PORT 1039 io_completion_port_remove_interface(ep); 1040 # endif 1041 1042 ninterfaces--; 1043 mon_clearinterface(ep); 1044 1045 /* remove restrict interface entry */ 1046 SET_HOSTMASK(&resmask, AF(&ep->sin)); 1047 hack_restrict(RESTRICT_REMOVEIF, &ep->sin, &resmask, 1048 -3, RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0); 1049 } 1050 1051 1052 static void 1053 log_listen_address( 1054 endpt * ep 1055 ) 1056 { 1057 msyslog(LOG_INFO, "%s on %d %s %s", 1058 (ep->ignore_packets) 1059 ? "Listen and drop" 1060 : "Listen normally", 1061 ep->ifnum, 1062 ep->name, 1063 sptoa(&ep->sin)); 1064 } 1065 1066 1067 static void 1068 create_wildcards( 1069 u_short port 1070 ) 1071 { 1072 int v4wild; 1073 #ifdef INCLUDE_IPV6_SUPPORT 1074 int v6wild; 1075 #endif 1076 sockaddr_u wildaddr; 1077 nic_rule_action action; 1078 struct interface * wildif; 1079 1080 /* 1081 * silence "potentially uninitialized" warnings from VC9 1082 * failing to follow the logic. Ideally action could remain 1083 * uninitialized, and the memset be the first statement under 1084 * the first if (v4wild). 1085 */ 1086 action = ACTION_LISTEN; 1087 ZERO(wildaddr); 1088 1089 #ifdef INCLUDE_IPV6_SUPPORT 1090 /* 1091 * create pseudo-interface with wildcard IPv6 address 1092 */ 1093 v6wild = ipv6_works; 1094 if (v6wild) { 1095 /* set wildaddr to the v6 wildcard address :: */ 1096 ZERO(wildaddr); 1097 AF(&wildaddr) = AF_INET6; 1098 SET_ADDR6N(&wildaddr, in6addr_any); 1099 SET_PORT(&wildaddr, port); 1100 SET_SCOPE(&wildaddr, 0); 1101 1102 /* check for interface/nic rules affecting the wildcard */ 1103 action = interface_action(NULL, &wildaddr, 0); 1104 v6wild = (ACTION_IGNORE != action); 1105 } 1106 if (v6wild) { 1107 wildif = new_interface(NULL); 1108 1109 strlcpy(wildif->name, "v6wildcard", sizeof(wildif->name)); 1110 memcpy(&wildif->sin, &wildaddr, sizeof(wildif->sin)); 1111 wildif->family = AF_INET6; 1112 AF(&wildif->mask) = AF_INET6; 1113 SET_ONESMASK(&wildif->mask); 1114 1115 wildif->flags = INT_UP | INT_WILDCARD; 1116 wildif->ignore_packets = (ACTION_DROP == action); 1117 1118 wildif->fd = open_socket(&wildif->sin, 0, 1, wildif); 1119 1120 if (wildif->fd != INVALID_SOCKET) { 1121 wildipv6 = wildif; 1122 any6_interface = wildif; 1123 add_addr_to_list(&wildif->sin, wildif); 1124 add_interface(wildif); 1125 log_listen_address(wildif); 1126 } else { 1127 msyslog(LOG_ERR, 1128 "unable to bind to wildcard address %s - another process may be running - EXITING", 1129 stoa(&wildif->sin)); 1130 exit(1); 1131 } 1132 DPRINT_INTERFACE(2, (wildif, "created ", "\n")); 1133 } 1134 #endif 1135 1136 /* 1137 * create pseudo-interface with wildcard IPv4 address 1138 */ 1139 v4wild = ipv4_works; 1140 if (v4wild) { 1141 /* set wildaddr to the v4 wildcard address 0.0.0.0 */ 1142 AF(&wildaddr) = AF_INET; 1143 SET_ADDR4N(&wildaddr, INADDR_ANY); 1144 SET_PORT(&wildaddr, port); 1145 1146 /* check for interface/nic rules affecting the wildcard */ 1147 action = interface_action(NULL, &wildaddr, 0); 1148 v4wild = (ACTION_IGNORE != action); 1149 } 1150 if (v4wild) { 1151 wildif = new_interface(NULL); 1152 1153 strlcpy(wildif->name, "v4wildcard", sizeof(wildif->name)); 1154 memcpy(&wildif->sin, &wildaddr, sizeof(wildif->sin)); 1155 wildif->family = AF_INET; 1156 AF(&wildif->mask) = AF_INET; 1157 SET_ONESMASK(&wildif->mask); 1158 1159 wildif->flags = INT_BROADCAST | INT_UP | INT_WILDCARD; 1160 wildif->ignore_packets = (ACTION_DROP == action); 1161 #if defined(MCAST) 1162 /* 1163 * enable multicast reception on the broadcast socket 1164 */ 1165 AF(&wildif->bcast) = AF_INET; 1166 SET_ADDR4N(&wildif->bcast, INADDR_ANY); 1167 SET_PORT(&wildif->bcast, port); 1168 #endif /* MCAST */ 1169 wildif->fd = open_socket(&wildif->sin, 0, 1, wildif); 1170 1171 if (wildif->fd != INVALID_SOCKET) { 1172 wildipv4 = wildif; 1173 any_interface = wildif; 1174 1175 add_addr_to_list(&wildif->sin, wildif); 1176 add_interface(wildif); 1177 log_listen_address(wildif); 1178 } else { 1179 msyslog(LOG_ERR, 1180 "unable to bind to wildcard address %s - another process may be running - EXITING", 1181 stoa(&wildif->sin)); 1182 exit(1); 1183 } 1184 DPRINT_INTERFACE(2, (wildif, "created ", "\n")); 1185 } 1186 } 1187 1188 1189 /* 1190 * add_nic_rule() -- insert a rule entry at the head of nic_rule_list. 1191 */ 1192 void 1193 add_nic_rule( 1194 nic_rule_match match_type, 1195 const char * if_name, /* interface name or numeric address */ 1196 int prefixlen, 1197 nic_rule_action action 1198 ) 1199 { 1200 nic_rule * rule; 1201 isc_boolean_t is_ip; 1202 1203 rule = emalloc_zero(sizeof(*rule)); 1204 rule->match_type = match_type; 1205 rule->prefixlen = prefixlen; 1206 rule->action = action; 1207 1208 if (MATCH_IFNAME == match_type) { 1209 REQUIRE(NULL != if_name); 1210 rule->if_name = estrdup(if_name); 1211 } else if (MATCH_IFADDR == match_type) { 1212 REQUIRE(NULL != if_name); 1213 /* set rule->addr */ 1214 is_ip = is_ip_address(if_name, AF_UNSPEC, &rule->addr); 1215 REQUIRE(is_ip); 1216 } else 1217 REQUIRE(NULL == if_name); 1218 1219 LINK_SLIST(nic_rule_list, rule, next); 1220 } 1221 1222 1223 #ifdef DEBUG 1224 static const char * 1225 action_text( 1226 nic_rule_action action 1227 ) 1228 { 1229 const char *t; 1230 1231 switch (action) { 1232 1233 default: 1234 t = "ERROR"; /* quiet uninit warning */ 1235 DPRINTF(1, ("fatal: unknown nic_rule_action %d\n", 1236 action)); 1237 ENSURE(0); 1238 break; 1239 1240 case ACTION_LISTEN: 1241 t = "listen"; 1242 break; 1243 1244 case ACTION_IGNORE: 1245 t = "ignore"; 1246 break; 1247 1248 case ACTION_DROP: 1249 t = "drop"; 1250 break; 1251 } 1252 1253 return t; 1254 } 1255 #endif /* DEBUG */ 1256 1257 1258 static nic_rule_action 1259 interface_action( 1260 char * if_name, 1261 sockaddr_u * if_addr, 1262 u_int32 if_flags 1263 ) 1264 { 1265 nic_rule * rule; 1266 int isloopback; 1267 int iswildcard; 1268 1269 DPRINTF(4, ("interface_action: interface %s ", 1270 (if_name != NULL) ? if_name : "wildcard")); 1271 1272 iswildcard = is_wildcard_addr(if_addr); 1273 isloopback = !!(INT_LOOPBACK & if_flags); 1274 1275 /* 1276 * Find any matching NIC rule from --interface / -I or ntp.conf 1277 * interface/nic rules. 1278 */ 1279 for (rule = nic_rule_list; rule != NULL; rule = rule->next) { 1280 1281 switch (rule->match_type) { 1282 1283 case MATCH_ALL: 1284 /* loopback and wildcard excluded from "all" */ 1285 if (isloopback || iswildcard) 1286 break; 1287 DPRINTF(4, ("nic all %s\n", 1288 action_text(rule->action))); 1289 return rule->action; 1290 1291 case MATCH_IPV4: 1292 if (IS_IPV4(if_addr)) { 1293 DPRINTF(4, ("nic ipv4 %s\n", 1294 action_text(rule->action))); 1295 return rule->action; 1296 } 1297 break; 1298 1299 case MATCH_IPV6: 1300 if (IS_IPV6(if_addr)) { 1301 DPRINTF(4, ("nic ipv6 %s\n", 1302 action_text(rule->action))); 1303 return rule->action; 1304 } 1305 break; 1306 1307 case MATCH_WILDCARD: 1308 if (iswildcard) { 1309 DPRINTF(4, ("nic wildcard %s\n", 1310 action_text(rule->action))); 1311 return rule->action; 1312 } 1313 break; 1314 1315 case MATCH_IFADDR: 1316 if (rule->prefixlen != -1) { 1317 if (addr_eqprefix(if_addr, &rule->addr, 1318 rule->prefixlen)) { 1319 1320 DPRINTF(4, ("subnet address match - %s\n", 1321 action_text(rule->action))); 1322 return rule->action; 1323 } 1324 } else 1325 if (SOCK_EQ(if_addr, &rule->addr)) { 1326 1327 DPRINTF(4, ("address match - %s\n", 1328 action_text(rule->action))); 1329 return rule->action; 1330 } 1331 break; 1332 1333 case MATCH_IFNAME: 1334 if (if_name != NULL 1335 #if defined(HAVE_FNMATCH) && defined(FNM_CASEFOLD) 1336 && !fnmatch(rule->if_name, if_name, FNM_CASEFOLD) 1337 #else 1338 && !strcasecmp(if_name, rule->if_name) 1339 #endif 1340 ) { 1341 1342 DPRINTF(4, ("interface name match - %s\n", 1343 action_text(rule->action))); 1344 return rule->action; 1345 } 1346 break; 1347 } 1348 } 1349 1350 /* 1351 * Unless explicitly disabled such as with "nic ignore ::1" 1352 * listen on loopback addresses. Since ntpq and ntpdc query 1353 * "localhost" by default, which typically resolves to ::1 and 1354 * 127.0.0.1, it's useful to default to listening on both. 1355 */ 1356 if (isloopback) { 1357 DPRINTF(4, ("default loopback listen\n")); 1358 return ACTION_LISTEN; 1359 } 1360 1361 /* 1362 * Treat wildcard addresses specially. If there is no explicit 1363 * "nic ... wildcard" or "nic ... 0.0.0.0" or "nic ... ::" rule 1364 * default to drop. 1365 */ 1366 if (iswildcard) { 1367 DPRINTF(4, ("default wildcard drop\n")); 1368 return ACTION_DROP; 1369 } 1370 1371 /* 1372 * Check for "virtual IP" (colon in the interface name) after 1373 * the rules so that "ntpd --interface eth0:1 -novirtualips" 1374 * does indeed listen on eth0:1's addresses. 1375 */ 1376 if (!listen_to_virtual_ips && if_name != NULL 1377 && (strchr(if_name, ':') != NULL)) { 1378 1379 DPRINTF(4, ("virtual ip - ignore\n")); 1380 return ACTION_IGNORE; 1381 } 1382 1383 /* 1384 * If there are no --interface/-I command-line options and no 1385 * interface/nic rules in ntp.conf, the default action is to 1386 * listen. In the presence of rules from either, the default 1387 * is to ignore. This implements ntpd's traditional listen- 1388 * every default with no interface listen configuration, and 1389 * ensures a single -I eth0 or "nic listen eth0" means do not 1390 * listen on any other addresses. 1391 */ 1392 if (NULL == nic_rule_list) { 1393 DPRINTF(4, ("default listen\n")); 1394 return ACTION_LISTEN; 1395 } 1396 1397 DPRINTF(4, ("implicit ignore\n")); 1398 return ACTION_IGNORE; 1399 } 1400 1401 1402 static void 1403 convert_isc_if( 1404 isc_interface_t *isc_if, 1405 endpt *itf, 1406 u_short port 1407 ) 1408 { 1409 const u_char v6loop[16] = {0, 0, 0, 0, 0, 0, 0, 0, 1410 0, 0, 0, 0, 0, 0, 0, 1}; 1411 1412 strlcpy(itf->name, isc_if->name, sizeof(itf->name)); 1413 itf->ifindex = isc_if->ifindex; 1414 itf->family = (u_short)isc_if->af; 1415 AF(&itf->sin) = itf->family; 1416 AF(&itf->mask) = itf->family; 1417 AF(&itf->bcast) = itf->family; 1418 SET_PORT(&itf->sin, port); 1419 SET_PORT(&itf->mask, port); 1420 SET_PORT(&itf->bcast, port); 1421 1422 if (IS_IPV4(&itf->sin)) { 1423 NSRCADR(&itf->sin) = isc_if->address.type.in.s_addr; 1424 NSRCADR(&itf->mask) = isc_if->netmask.type.in.s_addr; 1425 1426 if (isc_if->flags & INTERFACE_F_BROADCAST) { 1427 itf->flags |= INT_BROADCAST; 1428 NSRCADR(&itf->bcast) = 1429 isc_if->broadcast.type.in.s_addr; 1430 } 1431 } 1432 #ifdef INCLUDE_IPV6_SUPPORT 1433 else if (IS_IPV6(&itf->sin)) { 1434 SET_ADDR6N(&itf->sin, isc_if->address.type.in6); 1435 SET_ADDR6N(&itf->mask, isc_if->netmask.type.in6); 1436 1437 SET_SCOPE(&itf->sin, isc_if->address.zone); 1438 } 1439 #endif /* INCLUDE_IPV6_SUPPORT */ 1440 1441 1442 /* Process the rest of the flags */ 1443 1444 itf->flags |= 1445 ((INTERFACE_F_UP & isc_if->flags) 1446 ? INT_UP : 0) 1447 | ((INTERFACE_F_LOOPBACK & isc_if->flags) 1448 ? INT_LOOPBACK : 0) 1449 | ((INTERFACE_F_POINTTOPOINT & isc_if->flags) 1450 ? INT_PPP : 0) 1451 | ((INTERFACE_F_MULTICAST & isc_if->flags) 1452 ? INT_MULTICAST : 0) 1453 | ((INTERFACE_F_PRIVACY & isc_if->flags) 1454 ? INT_PRIVACY : 0) 1455 ; 1456 1457 /* 1458 * Clear the loopback flag if the address is not localhost. 1459 * http://bugs.ntp.org/1683 1460 */ 1461 if (INT_LOOPBACK & itf->flags) { 1462 if (AF_INET == itf->family) { 1463 if (127 != (SRCADR(&itf->sin) >> 24)) 1464 itf->flags &= ~INT_LOOPBACK; 1465 } else { 1466 if (memcmp(v6loop, NSRCADR6(&itf->sin), 1467 sizeof(NSRCADR6(&itf->sin)))) 1468 itf->flags &= ~INT_LOOPBACK; 1469 } 1470 } 1471 } 1472 1473 1474 /* 1475 * refresh_interface 1476 * 1477 * some OSes have been observed to keep 1478 * cached routes even when more specific routes 1479 * become available. 1480 * this can be mitigated by re-binding 1481 * the socket. 1482 */ 1483 static int 1484 refresh_interface( 1485 struct interface * interface 1486 ) 1487 { 1488 #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES 1489 if (interface->fd != INVALID_SOCKET) { 1490 int bcast = (interface->flags & INT_BCASTXMIT) != 0; 1491 /* as we forcibly close() the socket remove the 1492 broadcast permission indication */ 1493 if (bcast) 1494 socket_broadcast_disable(interface, &interface->sin); 1495 1496 close_and_delete_fd_from_list(interface->fd); 1497 1498 /* create new socket picking up a new first hop binding 1499 at connect() time */ 1500 interface->fd = open_socket(&interface->sin, 1501 bcast, 0, interface); 1502 /* 1503 * reset TTL indication so TTL is is set again 1504 * next time around 1505 */ 1506 interface->last_ttl = 0; 1507 return (interface->fd != INVALID_SOCKET); 1508 } else 1509 return 0; /* invalid sockets are not refreshable */ 1510 #else /* !OS_MISSES_SPECIFIC_ROUTE_UPDATES */ 1511 return (interface->fd != INVALID_SOCKET); 1512 #endif /* !OS_MISSES_SPECIFIC_ROUTE_UPDATES */ 1513 } 1514 1515 /* 1516 * interface_update - externally callable update function 1517 */ 1518 void 1519 interface_update( 1520 interface_receiver_t receiver, 1521 void * data) 1522 { 1523 int new_interface_found; 1524 1525 if (disable_dynamic_updates) 1526 return; 1527 1528 BLOCKIO(); 1529 new_interface_found = update_interfaces(NTP_PORT, receiver, data); 1530 UNBLOCKIO(); 1531 1532 if (!new_interface_found) 1533 return; 1534 1535 #ifdef DEBUG 1536 msyslog(LOG_DEBUG, "new interface(s) found: waking up resolver"); 1537 #endif 1538 interrupt_worker_sleep(); 1539 } 1540 1541 1542 /* 1543 * sau_from_netaddr() - convert network address on-wire formats. 1544 * Convert from libisc's isc_netaddr_t to NTP's sockaddr_u 1545 */ 1546 void 1547 sau_from_netaddr( 1548 sockaddr_u *psau, 1549 const isc_netaddr_t *pna 1550 ) 1551 { 1552 ZERO_SOCK(psau); 1553 AF(psau) = (u_short)pna->family; 1554 switch (pna->family) { 1555 1556 case AF_INET: 1557 memcpy(&psau->sa4.sin_addr, &pna->type.in, 1558 sizeof(psau->sa4.sin_addr)); 1559 break; 1560 1561 case AF_INET6: 1562 memcpy(&psau->sa6.sin6_addr, &pna->type.in6, 1563 sizeof(psau->sa6.sin6_addr)); 1564 break; 1565 } 1566 } 1567 1568 1569 static int 1570 is_wildcard_addr( 1571 const sockaddr_u *psau 1572 ) 1573 { 1574 if (IS_IPV4(psau) && !NSRCADR(psau)) 1575 return 1; 1576 1577 #ifdef INCLUDE_IPV6_SUPPORT 1578 if (IS_IPV6(psau) && S_ADDR6_EQ(psau, &in6addr_any)) 1579 return 1; 1580 #endif 1581 1582 return 0; 1583 } 1584 1585 1586 #ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND 1587 /* 1588 * enable/disable re-use of wildcard address socket 1589 */ 1590 static void 1591 set_wildcard_reuse( 1592 u_short family, 1593 int on 1594 ) 1595 { 1596 struct interface *any; 1597 SOCKET fd = INVALID_SOCKET; 1598 1599 any = ANY_INTERFACE_BYFAM(family); 1600 if (any != NULL) 1601 fd = any->fd; 1602 1603 if (fd != INVALID_SOCKET) { 1604 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, 1605 (void *)&on, sizeof(on))) 1606 msyslog(LOG_ERR, 1607 "set_wildcard_reuse: setsockopt(SO_REUSEADDR, %s) failed: %m", 1608 on ? "on" : "off"); 1609 1610 DPRINTF(4, ("set SO_REUSEADDR to %s on %s\n", 1611 on ? "on" : "off", 1612 stoa(&any->sin))); 1613 } 1614 } 1615 #endif /* OS_NEEDS_REUSEADDR_FOR_IFADDRBIND */ 1616 1617 static isc_boolean_t 1618 check_flags( 1619 sockaddr_u *psau, 1620 const char *name, 1621 u_int32 flags 1622 ) 1623 { 1624 #if defined(SIOCGIFAFLAG_IN) 1625 struct ifreq ifr; 1626 int fd; 1627 1628 if (psau->sa.sa_family != AF_INET) 1629 return ISC_FALSE; 1630 if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) 1631 return ISC_FALSE; 1632 ZERO(ifr); 1633 memcpy(&ifr.ifr_addr, &psau->sa, sizeof(ifr.ifr_addr)); 1634 strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); 1635 if (ioctl(fd, SIOCGIFAFLAG_IN, &ifr) < 0) { 1636 close(fd); 1637 return ISC_FALSE; 1638 } 1639 close(fd); 1640 if ((ifr.ifr_addrflags & flags) != 0) 1641 return ISC_TRUE; 1642 #endif /* SIOCGIFAFLAG_IN */ 1643 return ISC_FALSE; 1644 } 1645 1646 static isc_boolean_t 1647 check_flags6( 1648 sockaddr_u *psau, 1649 const char *name, 1650 u_int32 flags6 1651 ) 1652 { 1653 #if defined(INCLUDE_IPV6_SUPPORT) && defined(SIOCGIFAFLAG_IN6) 1654 struct in6_ifreq ifr6; 1655 int fd; 1656 1657 if (psau->sa.sa_family != AF_INET6) 1658 return ISC_FALSE; 1659 if ((fd = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) 1660 return ISC_FALSE; 1661 ZERO(ifr6); 1662 memcpy(&ifr6.ifr_addr, &psau->sa6, sizeof(ifr6.ifr_addr)); 1663 strlcpy(ifr6.ifr_name, name, sizeof(ifr6.ifr_name)); 1664 if (ioctl(fd, SIOCGIFAFLAG_IN6, &ifr6) < 0) { 1665 close(fd); 1666 return ISC_FALSE; 1667 } 1668 close(fd); 1669 if ((ifr6.ifr_ifru.ifru_flags6 & flags6) != 0) 1670 return ISC_TRUE; 1671 #endif /* INCLUDE_IPV6_SUPPORT && SIOCGIFAFLAG_IN6 */ 1672 return ISC_FALSE; 1673 } 1674 1675 static isc_boolean_t 1676 is_anycast( 1677 sockaddr_u *psau, 1678 const char *name 1679 ) 1680 { 1681 #ifdef IN6_IFF_ANYCAST 1682 return check_flags6(psau, name, IN6_IFF_ANYCAST); 1683 #else 1684 return ISC_FALSE; 1685 #endif 1686 } 1687 1688 static isc_boolean_t 1689 is_valid( 1690 sockaddr_u *psau, 1691 const char *name 1692 ) 1693 { 1694 u_int32 flags; 1695 1696 flags = 0; 1697 switch (psau->sa.sa_family) { 1698 case AF_INET: 1699 #ifdef IN_IFF_DETACHED 1700 flags |= IN_IFF_DETACHED; 1701 #endif 1702 #ifdef IN_IFF_TENTATIVE 1703 flags |= IN_IFF_TENTATIVE; 1704 #endif 1705 return check_flags(psau, name, flags) ? ISC_FALSE : ISC_TRUE; 1706 case AF_INET6: 1707 #ifdef IN6_IFF_DEPARTED 1708 flags |= IN6_IFF_DEPARTED; 1709 #endif 1710 #ifdef IN6_IFF_DETACHED 1711 flags |= IN6_IFF_DETACHED; 1712 #endif 1713 #ifdef IN6_IFF_TENTATIVE 1714 flags |= IN6_IFF_TENTATIVE; 1715 #endif 1716 return check_flags6(psau, name, flags) ? ISC_FALSE : ISC_TRUE; 1717 default: 1718 return ISC_FALSE; 1719 } 1720 } 1721 1722 /* 1723 * update_interface strategy 1724 * 1725 * toggle configuration phase 1726 * 1727 * Phase 1: 1728 * forall currently existing interfaces 1729 * if address is known: 1730 * drop socket - rebind again 1731 * 1732 * if address is NOT known: 1733 * attempt to create a new interface entry 1734 * 1735 * Phase 2: 1736 * forall currently known non MCAST and WILDCARD interfaces 1737 * if interface does not match configuration phase (not seen in phase 1): 1738 * remove interface from known interface list 1739 * forall peers associated with this interface 1740 * disconnect peer from this interface 1741 * 1742 * Phase 3: 1743 * attempt to re-assign interfaces to peers 1744 * 1745 */ 1746 1747 static int 1748 update_interfaces( 1749 u_short port, 1750 interface_receiver_t receiver, 1751 void * data 1752 ) 1753 { 1754 isc_mem_t * mctx = (void *)-1; 1755 interface_info_t ifi; 1756 isc_interfaceiter_t * iter; 1757 isc_result_t result; 1758 isc_interface_t isc_if; 1759 int new_interface_found; 1760 unsigned int family; 1761 endpt enumep; 1762 endpt * ep; 1763 endpt * next_ep; 1764 1765 DPRINTF(3, ("update_interfaces(%d)\n", port)); 1766 1767 /* 1768 * phase one - scan interfaces 1769 * - create those that are not found 1770 * - update those that are found 1771 */ 1772 1773 new_interface_found = FALSE; 1774 iter = NULL; 1775 result = isc_interfaceiter_create(mctx, &iter); 1776 1777 if (result != ISC_R_SUCCESS) 1778 return 0; 1779 1780 /* 1781 * Toggle system interface scan phase to find untouched 1782 * interfaces to be deleted. 1783 */ 1784 sys_interphase ^= 0x1; 1785 1786 for (result = isc_interfaceiter_first(iter); 1787 ISC_R_SUCCESS == result; 1788 result = isc_interfaceiter_next(iter)) { 1789 1790 result = isc_interfaceiter_current(iter, &isc_if); 1791 1792 if (result != ISC_R_SUCCESS) 1793 break; 1794 1795 /* See if we have a valid family to use */ 1796 family = isc_if.address.family; 1797 if (AF_INET != family && AF_INET6 != family) 1798 continue; 1799 if (AF_INET == family && !ipv4_works) 1800 continue; 1801 if (AF_INET6 == family && !ipv6_works) 1802 continue; 1803 1804 /* create prototype */ 1805 init_interface(&enumep); 1806 1807 convert_isc_if(&isc_if, &enumep, port); 1808 1809 DPRINT_INTERFACE(4, (&enumep, "examining ", "\n")); 1810 1811 /* 1812 * Check if and how we are going to use the interface. 1813 */ 1814 switch (interface_action(enumep.name, &enumep.sin, 1815 enumep.flags)) { 1816 1817 case ACTION_IGNORE: 1818 DPRINTF(4, ("ignoring interface %s (%s) - by nic rules\n", 1819 enumep.name, stoa(&enumep.sin))); 1820 continue; 1821 1822 case ACTION_LISTEN: 1823 DPRINTF(4, ("listen interface %s (%s) - by nic rules\n", 1824 enumep.name, stoa(&enumep.sin))); 1825 enumep.ignore_packets = ISC_FALSE; 1826 break; 1827 1828 case ACTION_DROP: 1829 DPRINTF(4, ("drop on interface %s (%s) - by nic rules\n", 1830 enumep.name, stoa(&enumep.sin))); 1831 enumep.ignore_packets = ISC_TRUE; 1832 break; 1833 } 1834 1835 /* interfaces must be UP to be usable */ 1836 if (!(enumep.flags & INT_UP)) { 1837 DPRINTF(4, ("skipping interface %s (%s) - DOWN\n", 1838 enumep.name, stoa(&enumep.sin))); 1839 continue; 1840 } 1841 1842 /* 1843 * skip any interfaces UP and bound to a wildcard 1844 * address - some dhcp clients produce that in the 1845 * wild 1846 */ 1847 if (is_wildcard_addr(&enumep.sin)) 1848 continue; 1849 1850 if (is_anycast(&enumep.sin, isc_if.name)) 1851 continue; 1852 1853 /* 1854 * skip any address that is an invalid state to be used 1855 */ 1856 if (!is_valid(&enumep.sin, isc_if.name)) 1857 continue; 1858 1859 /* 1860 * map to local *address* in order to map all duplicate 1861 * interfaces to an endpt structure with the appropriate 1862 * socket. Our name space is (ip-address), NOT 1863 * (interface name, ip-address). 1864 */ 1865 ep = getinterface(&enumep.sin, INT_WILDCARD); 1866 1867 if (ep != NULL && refresh_interface(ep)) { 1868 /* 1869 * found existing and up to date interface - 1870 * mark present. 1871 */ 1872 if (ep->phase != sys_interphase) { 1873 /* 1874 * On a new round we reset the name so 1875 * the interface name shows up again if 1876 * this address is no longer shared. 1877 * We reset ignore_packets from the 1878 * new prototype to respect any runtime 1879 * changes to the nic rules. 1880 */ 1881 strlcpy(ep->name, enumep.name, 1882 sizeof(ep->name)); 1883 ep->ignore_packets = 1884 enumep.ignore_packets; 1885 } else { 1886 /* name collision - rename interface */ 1887 strlcpy(ep->name, "*multiple*", 1888 sizeof(ep->name)); 1889 } 1890 1891 DPRINT_INTERFACE(4, (ep, "updating ", 1892 " present\n")); 1893 1894 if (ep->ignore_packets != 1895 enumep.ignore_packets) { 1896 /* 1897 * We have conflicting configurations 1898 * for the interface address. This is 1899 * caused by using -I <interfacename> 1900 * for an interface that shares its 1901 * address with other interfaces. We 1902 * can not disambiguate incoming 1903 * packets delivered to this socket 1904 * without extra syscalls/features. 1905 * These are not (commonly) available. 1906 * Note this is a more unusual 1907 * configuration where several 1908 * interfaces share an address but 1909 * filtering via interface name is 1910 * attempted. We resolve the 1911 * configuration conflict by disabling 1912 * the processing of received packets. 1913 * This leads to no service on the 1914 * interface address where the conflict 1915 * occurs. 1916 */ 1917 msyslog(LOG_ERR, 1918 "WARNING: conflicting enable configuration for interfaces %s and %s for address %s - unsupported configuration - address DISABLED", 1919 enumep.name, ep->name, 1920 stoa(&enumep.sin)); 1921 1922 ep->ignore_packets = ISC_TRUE; 1923 } 1924 1925 ep->phase = sys_interphase; 1926 1927 ifi.action = IFS_EXISTS; 1928 ifi.ep = ep; 1929 if (receiver != NULL) 1930 (*receiver)(data, &ifi); 1931 } else { 1932 /* 1933 * This is new or refreshing failed - add to 1934 * our interface list. If refreshing failed we 1935 * will delete the interface structure in phase 1936 * 2 as the interface was not marked current. 1937 * We can bind to the address as the refresh 1938 * code already closed the offending socket 1939 */ 1940 ep = create_interface(port, &enumep); 1941 1942 if (ep != NULL) { 1943 ifi.action = IFS_CREATED; 1944 ifi.ep = ep; 1945 if (receiver != NULL) 1946 (*receiver)(data, &ifi); 1947 1948 new_interface_found = TRUE; 1949 DPRINT_INTERFACE(3, 1950 (ep, "updating ", 1951 " new - created\n")); 1952 } else { 1953 DPRINT_INTERFACE(3, 1954 (&enumep, "updating ", 1955 " new - creation FAILED")); 1956 1957 msyslog(LOG_INFO, 1958 "failed to init interface for address %s", 1959 stoa(&enumep.sin)); 1960 continue; 1961 } 1962 } 1963 } 1964 1965 isc_interfaceiter_destroy(&iter); 1966 1967 /* 1968 * phase 2 - delete gone interfaces - reassigning peers to 1969 * other interfaces 1970 */ 1971 for (ep = ep_list; ep != NULL; ep = next_ep) { 1972 next_ep = ep->elink; 1973 1974 /* 1975 * if phase does not match sys_phase this interface was 1976 * not enumerated during the last interface scan - so it 1977 * is gone and will be deleted here unless it did not 1978 * originate from interface enumeration (INT_WILDCARD, 1979 * INT_MCASTIF). 1980 */ 1981 if (((INT_WILDCARD | INT_MCASTIF) & ep->flags) || 1982 ep->phase == sys_interphase) 1983 continue; 1984 1985 DPRINT_INTERFACE(3, (ep, "updating ", 1986 "GONE - deleting\n")); 1987 remove_interface(ep); 1988 1989 ifi.action = IFS_DELETED; 1990 ifi.ep = ep; 1991 if (receiver != NULL) 1992 (*receiver)(data, &ifi); 1993 1994 /* disconnect peers from deleted endpt. */ 1995 while (ep->peers != NULL) 1996 set_peerdstadr(ep->peers, NULL); 1997 1998 /* 1999 * update globals in case we lose 2000 * a loopback interface 2001 */ 2002 if (ep == loopback_interface) 2003 loopback_interface = NULL; 2004 2005 delete_interface(ep); 2006 } 2007 2008 /* 2009 * phase 3 - re-configure as the world has possibly changed 2010 * 2011 * never ever make this conditional again - it is needed to track 2012 * routing updates. see bug #2506 2013 */ 2014 refresh_all_peerinterfaces(); 2015 2016 if (broadcast_client_enabled || sys_bclient) 2017 io_setbclient(); 2018 2019 #ifdef MCAST 2020 /* 2021 * Check multicast interfaces and try to join multicast groups if 2022 * not joined yet. 2023 */ 2024 for (ep = ep_list; ep != NULL; ep = ep->elink) { 2025 remaddr_t *entry; 2026 2027 if (!(INT_MCASTIF & ep->flags) || (INT_MCASTOPEN & ep->flags)) 2028 continue; 2029 2030 /* Find remote address that was linked to this interface */ 2031 for (entry = remoteaddr_list; 2032 entry != NULL; 2033 entry = entry->link) { 2034 if (entry->ep == ep) { 2035 if (socket_multicast_enable(ep, &entry->addr)) { 2036 msyslog(LOG_INFO, 2037 "Joined %s socket to multicast group %s", 2038 stoa(&ep->sin), 2039 stoa(&entry->addr)); 2040 } 2041 break; 2042 } 2043 } 2044 } 2045 #endif /* MCAST */ 2046 2047 return new_interface_found; 2048 } 2049 2050 2051 /* 2052 * create_sockets - create a socket for each interface plus a default 2053 * socket for when we don't know where to send 2054 */ 2055 static int 2056 create_sockets( 2057 u_short port 2058 ) 2059 { 2060 #ifndef HAVE_IO_COMPLETION_PORT 2061 /* 2062 * I/O Completion Ports don't care about the select and FD_SET 2063 */ 2064 maxactivefd = 0; 2065 FD_ZERO(&activefds); 2066 #endif 2067 2068 DPRINTF(2, ("create_sockets(%d)\n", port)); 2069 2070 create_wildcards(port); 2071 2072 update_interfaces(port, NULL, NULL); 2073 2074 /* 2075 * Now that we have opened all the sockets, turn off the reuse 2076 * flag for security. 2077 */ 2078 set_reuseaddr(0); 2079 2080 DPRINTF(2, ("create_sockets: Total interfaces = %d\n", ninterfaces)); 2081 2082 return ninterfaces; 2083 } 2084 2085 /* 2086 * create_interface - create a new interface for a given prototype 2087 * binding the socket. 2088 */ 2089 static struct interface * 2090 create_interface( 2091 u_short port, 2092 struct interface * protot 2093 ) 2094 { 2095 sockaddr_u resmask; 2096 endpt * iface; 2097 #if defined(MCAST) && defined(MULTICAST_NONEWSOCKET) 2098 remaddr_t * entry; 2099 remaddr_t * next_entry; 2100 #endif 2101 DPRINTF(2, ("create_interface(%s#%d)\n", stoa(&protot->sin), 2102 port)); 2103 2104 /* build an interface */ 2105 iface = new_interface(protot); 2106 2107 /* 2108 * create socket 2109 */ 2110 iface->fd = open_socket(&iface->sin, 0, 0, iface); 2111 2112 if (iface->fd != INVALID_SOCKET) 2113 log_listen_address(iface); 2114 2115 if ((INT_BROADCAST & iface->flags) 2116 && iface->bfd != INVALID_SOCKET) 2117 msyslog(LOG_INFO, "Listening on broadcast address %s#%d", 2118 stoa((&iface->bcast)), port); 2119 2120 if (INVALID_SOCKET == iface->fd 2121 && INVALID_SOCKET == iface->bfd) { 2122 msyslog(LOG_ERR, "unable to create socket on %s (%d) for %s#%d", 2123 iface->name, 2124 iface->ifnum, 2125 stoa((&iface->sin)), 2126 port); 2127 delete_interface(iface); 2128 return NULL; 2129 } 2130 2131 /* 2132 * Blacklist our own addresses, no use talking to ourself 2133 */ 2134 SET_HOSTMASK(&resmask, AF(&iface->sin)); 2135 hack_restrict(RESTRICT_FLAGS, &iface->sin, &resmask, 2136 -4, RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0); 2137 2138 /* 2139 * set globals with the first found 2140 * loopback interface of the appropriate class 2141 */ 2142 if (NULL == loopback_interface && AF_INET == iface->family 2143 && (INT_LOOPBACK & iface->flags)) 2144 loopback_interface = iface; 2145 2146 /* 2147 * put into our interface list 2148 */ 2149 add_addr_to_list(&iface->sin, iface); 2150 add_interface(iface); 2151 2152 #if defined(MCAST) && defined(MULTICAST_NONEWSOCKET) 2153 /* 2154 * Join any previously-configured compatible multicast groups. 2155 */ 2156 if (INT_MULTICAST & iface->flags && 2157 !((INT_LOOPBACK | INT_WILDCARD) & iface->flags) && 2158 !iface->ignore_packets) { 2159 for (entry = remoteaddr_list; 2160 entry != NULL; 2161 entry = next_entry) { 2162 next_entry = entry->link; 2163 if (AF(&iface->sin) != AF(&entry->addr) || 2164 !IS_MCAST(&entry->addr)) 2165 continue; 2166 if (socket_multicast_enable(iface, 2167 &entry->addr)) 2168 msyslog(LOG_INFO, 2169 "Joined %s socket to multicast group %s", 2170 stoa(&iface->sin), 2171 stoa(&entry->addr)); 2172 else 2173 msyslog(LOG_ERR, 2174 "Failed to join %s socket to multicast group %s", 2175 stoa(&iface->sin), 2176 stoa(&entry->addr)); 2177 } 2178 } 2179 #endif /* MCAST && MCAST_NONEWSOCKET */ 2180 2181 DPRINT_INTERFACE(2, (iface, "created ", "\n")); 2182 return iface; 2183 } 2184 2185 2186 #ifdef SO_EXCLUSIVEADDRUSE 2187 static void 2188 set_excladdruse( 2189 SOCKET fd 2190 ) 2191 { 2192 int one = 1; 2193 int failed; 2194 #ifdef SYS_WINNT 2195 DWORD err; 2196 #endif 2197 2198 failed = setsockopt(fd, SOL_SOCKET, SO_EXCLUSIVEADDRUSE, 2199 (void *)&one, sizeof(one)); 2200 2201 if (!failed) 2202 return; 2203 2204 #ifdef SYS_WINNT 2205 /* 2206 * Prior to Windows XP setting SO_EXCLUSIVEADDRUSE can fail with 2207 * error WSAINVAL depending on service pack level and whether 2208 * the user account is in the Administrators group. Do not 2209 * complain if it fails that way on versions prior to XP (5.1). 2210 */ 2211 err = GetLastError(); 2212 2213 if (isc_win32os_versioncheck(5, 1, 0, 0) < 0 /* < 5.1/XP */ 2214 && WSAEINVAL == err) 2215 return; 2216 2217 SetLastError(err); 2218 #endif 2219 msyslog(LOG_ERR, 2220 "setsockopt(%d, SO_EXCLUSIVEADDRUSE, on): %m", 2221 (int)fd); 2222 } 2223 #endif /* SO_EXCLUSIVEADDRUSE */ 2224 2225 2226 /* 2227 * set_reuseaddr() - set/clear REUSEADDR on all sockets 2228 * NB possible hole - should we be doing this on broadcast 2229 * fd's also? 2230 */ 2231 static void 2232 set_reuseaddr( 2233 int flag 2234 ) 2235 { 2236 #ifndef SO_EXCLUSIVEADDRUSE 2237 endpt *ep; 2238 2239 for (ep = ep_list; ep != NULL; ep = ep->elink) { 2240 if (ep->flags & INT_WILDCARD) 2241 continue; 2242 2243 /* 2244 * if ep->fd is INVALID_SOCKET, we might have a adapter 2245 * configured but not present 2246 */ 2247 DPRINTF(4, ("setting SO_REUSEADDR on %.16s@%s to %s\n", 2248 ep->name, stoa(&ep->sin), 2249 flag ? "on" : "off")); 2250 2251 if (ep->fd != INVALID_SOCKET) { 2252 if (setsockopt(ep->fd, SOL_SOCKET, SO_REUSEADDR, 2253 (void *)&flag, sizeof(flag))) { 2254 msyslog(LOG_ERR, "set_reuseaddr: setsockopt(%s, SO_REUSEADDR, %s) failed: %m", 2255 stoa(&ep->sin), flag ? "on" : "off"); 2256 } 2257 } 2258 } 2259 #endif /* ! SO_EXCLUSIVEADDRUSE */ 2260 } 2261 2262 /* 2263 * This is just a wrapper around an internal function so we can 2264 * make other changes as necessary later on 2265 */ 2266 void 2267 enable_broadcast( 2268 struct interface * iface, 2269 sockaddr_u * baddr 2270 ) 2271 { 2272 #ifdef OPEN_BCAST_SOCKET 2273 socket_broadcast_enable(iface, iface->fd, baddr); 2274 #endif 2275 } 2276 2277 #ifdef OPEN_BCAST_SOCKET 2278 /* 2279 * Enable a broadcast address to a given socket 2280 * The socket is in the ep_list all we need to do is enable 2281 * broadcasting. It is not this function's job to select the socket 2282 */ 2283 static isc_boolean_t 2284 socket_broadcast_enable( 2285 struct interface * iface, 2286 SOCKET fd, 2287 sockaddr_u * baddr 2288 ) 2289 { 2290 #ifdef SO_BROADCAST 2291 int on = 1; 2292 2293 if (IS_IPV4(baddr)) { 2294 /* if this interface can support broadcast, set SO_BROADCAST */ 2295 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, 2296 (void *)&on, sizeof(on))) 2297 msyslog(LOG_ERR, 2298 "setsockopt(SO_BROADCAST) enable failure on address %s: %m", 2299 stoa(baddr)); 2300 else 2301 DPRINTF(2, ("Broadcast enabled on socket %d for address %s\n", 2302 fd, stoa(baddr))); 2303 } 2304 iface->flags |= INT_BCASTXMIT; 2305 return ISC_TRUE; 2306 #else 2307 return ISC_FALSE; 2308 #endif /* SO_BROADCAST */ 2309 } 2310 2311 #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES 2312 /* 2313 * Remove a broadcast address from a given socket 2314 * The socket is in the ep_list all we need to do is disable 2315 * broadcasting. It is not this function's job to select the socket 2316 */ 2317 static isc_boolean_t 2318 socket_broadcast_disable( 2319 struct interface * iface, 2320 sockaddr_u * baddr 2321 ) 2322 { 2323 #ifdef SO_BROADCAST 2324 int off = 0; /* This seems to be OK as an int */ 2325 2326 if (IS_IPV4(baddr) && setsockopt(iface->fd, SOL_SOCKET, 2327 SO_BROADCAST, (void *)&off, sizeof(off))) 2328 msyslog(LOG_ERR, 2329 "setsockopt(SO_BROADCAST) disable failure on address %s: %m", 2330 stoa(baddr)); 2331 2332 iface->flags &= ~INT_BCASTXMIT; 2333 return ISC_TRUE; 2334 #else 2335 return ISC_FALSE; 2336 #endif /* SO_BROADCAST */ 2337 } 2338 #endif /* OS_MISSES_SPECIFIC_ROUTE_UPDATES */ 2339 2340 #endif /* OPEN_BCAST_SOCKET */ 2341 2342 /* 2343 * return the broadcast client flag value 2344 */ 2345 /*isc_boolean_t 2346 get_broadcastclient_flag(void) 2347 { 2348 return (broadcast_client_enabled); 2349 } 2350 */ 2351 2352 /* 2353 * Check to see if the address is a multicast address 2354 */ 2355 static isc_boolean_t 2356 addr_ismulticast( 2357 sockaddr_u *maddr 2358 ) 2359 { 2360 isc_boolean_t result; 2361 2362 #ifndef INCLUDE_IPV6_MULTICAST_SUPPORT 2363 /* 2364 * If we don't have IPV6 support any IPV6 addr is not multicast 2365 */ 2366 if (IS_IPV6(maddr)) 2367 result = ISC_FALSE; 2368 else 2369 #endif 2370 result = IS_MCAST(maddr); 2371 2372 if (!result) 2373 DPRINTF(4, ("address %s is not multicast\n", 2374 stoa(maddr))); 2375 2376 return result; 2377 } 2378 2379 /* 2380 * Multicast servers need to set the appropriate Multicast interface 2381 * socket option in order for it to know which interface to use for 2382 * send the multicast packet. 2383 */ 2384 void 2385 enable_multicast_if( 2386 struct interface * iface, 2387 sockaddr_u * maddr 2388 ) 2389 { 2390 #ifdef MCAST 2391 #ifdef IP_MULTICAST_LOOP 2392 TYPEOF_IP_MULTICAST_LOOP off = 0; 2393 #endif 2394 #if defined(INCLUDE_IPV6_MULTICAST_SUPPORT) && defined(IPV6_MULTICAST_LOOP) 2395 u_int off6 = 0; 2396 #endif 2397 2398 REQUIRE(AF(maddr) == AF(&iface->sin)); 2399 2400 switch (AF(&iface->sin)) { 2401 2402 case AF_INET: 2403 #ifdef IP_MULTICAST_LOOP 2404 /* 2405 * Don't send back to itself, but allow failure to set 2406 */ 2407 if (setsockopt(iface->fd, IPPROTO_IP, 2408 IP_MULTICAST_LOOP, 2409 (void *)&off, 2410 sizeof(off))) { 2411 2412 msyslog(LOG_ERR, 2413 "setsockopt IP_MULTICAST_LOOP failed: %m on socket %d, addr %s for multicast address %s", 2414 iface->fd, stoa(&iface->sin), 2415 stoa(maddr)); 2416 } 2417 #endif 2418 break; 2419 2420 case AF_INET6: 2421 #ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2422 #ifdef IPV6_MULTICAST_LOOP 2423 /* 2424 * Don't send back to itself, but allow failure to set 2425 */ 2426 if (setsockopt(iface->fd, IPPROTO_IPV6, 2427 IPV6_MULTICAST_LOOP, 2428 (void *) &off6, sizeof(off6))) { 2429 2430 msyslog(LOG_ERR, 2431 "setsockopt IPV6_MULTICAST_LOOP failed: %m on socket %d, addr %s for multicast address %s", 2432 iface->fd, stoa(&iface->sin), 2433 stoa(maddr)); 2434 } 2435 #endif 2436 break; 2437 #else 2438 return; 2439 #endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */ 2440 } 2441 return; 2442 #endif 2443 } 2444 2445 /* 2446 * Add a multicast address to a given socket 2447 * The socket is in the ep_list all we need to do is enable 2448 * multicasting. It is not this function's job to select the socket 2449 */ 2450 #if defined(MCAST) 2451 static isc_boolean_t 2452 socket_multicast_enable( 2453 endpt * iface, 2454 sockaddr_u * maddr 2455 ) 2456 { 2457 struct ip_mreq mreq; 2458 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2459 struct ipv6_mreq mreq6; 2460 # endif 2461 switch (AF(maddr)) { 2462 2463 case AF_INET: 2464 ZERO(mreq); 2465 mreq.imr_multiaddr = SOCK_ADDR4(maddr); 2466 mreq.imr_interface.s_addr = htonl(INADDR_ANY); 2467 if (setsockopt(iface->fd, 2468 IPPROTO_IP, 2469 IP_ADD_MEMBERSHIP, 2470 (void *)&mreq, 2471 sizeof(mreq))) { 2472 DPRINTF(2, ( 2473 "setsockopt IP_ADD_MEMBERSHIP failed: %m on socket %d, addr %s for %x / %x (%s)", 2474 iface->fd, stoa(&iface->sin), 2475 mreq.imr_multiaddr.s_addr, 2476 mreq.imr_interface.s_addr, 2477 stoa(maddr))); 2478 return ISC_FALSE; 2479 } 2480 DPRINTF(4, ("Added IPv4 multicast membership on socket %d, addr %s for %x / %x (%s)\n", 2481 iface->fd, stoa(&iface->sin), 2482 mreq.imr_multiaddr.s_addr, 2483 mreq.imr_interface.s_addr, stoa(maddr))); 2484 break; 2485 2486 case AF_INET6: 2487 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2488 /* 2489 * Enable reception of multicast packets. 2490 * If the address is link-local we can get the 2491 * interface index from the scope id. Don't do this 2492 * for other types of multicast addresses. For now let 2493 * the kernel figure it out. 2494 */ 2495 ZERO(mreq6); 2496 mreq6.ipv6mr_multiaddr = SOCK_ADDR6(maddr); 2497 mreq6.ipv6mr_interface = iface->ifindex; 2498 2499 if (setsockopt(iface->fd, IPPROTO_IPV6, 2500 IPV6_JOIN_GROUP, (void *)&mreq6, 2501 sizeof(mreq6))) { 2502 DPRINTF(2, ( 2503 "setsockopt IPV6_JOIN_GROUP failed: %m on socket %d, addr %s for interface %u (%s)", 2504 iface->fd, stoa(&iface->sin), 2505 mreq6.ipv6mr_interface, stoa(maddr))); 2506 return ISC_FALSE; 2507 } 2508 DPRINTF(4, ("Added IPv6 multicast group on socket %d, addr %s for interface %u (%s)\n", 2509 iface->fd, stoa(&iface->sin), 2510 mreq6.ipv6mr_interface, stoa(maddr))); 2511 # else 2512 return ISC_FALSE; 2513 # endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */ 2514 } 2515 iface->flags |= INT_MCASTOPEN; 2516 iface->num_mcast++; 2517 2518 return ISC_TRUE; 2519 } 2520 #endif /* MCAST */ 2521 2522 2523 /* 2524 * Remove a multicast address from a given socket 2525 * The socket is in the ep_list all we need to do is disable 2526 * multicasting. It is not this function's job to select the socket 2527 */ 2528 #ifdef MCAST 2529 static isc_boolean_t 2530 socket_multicast_disable( 2531 struct interface * iface, 2532 sockaddr_u * maddr 2533 ) 2534 { 2535 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2536 struct ipv6_mreq mreq6; 2537 # endif 2538 struct ip_mreq mreq; 2539 2540 ZERO(mreq); 2541 2542 if (find_addr_in_list(maddr) == NULL) { 2543 DPRINTF(4, ("socket_multicast_disable(%s): not found\n", 2544 stoa(maddr))); 2545 return ISC_TRUE; 2546 } 2547 2548 switch (AF(maddr)) { 2549 2550 case AF_INET: 2551 mreq.imr_multiaddr = SOCK_ADDR4(maddr); 2552 mreq.imr_interface = SOCK_ADDR4(&iface->sin); 2553 if (setsockopt(iface->fd, IPPROTO_IP, 2554 IP_DROP_MEMBERSHIP, (void *)&mreq, 2555 sizeof(mreq))) { 2556 2557 msyslog(LOG_ERR, 2558 "setsockopt IP_DROP_MEMBERSHIP failed: %m on socket %d, addr %s for %x / %x (%s)", 2559 iface->fd, stoa(&iface->sin), 2560 SRCADR(maddr), SRCADR(&iface->sin), 2561 stoa(maddr)); 2562 return ISC_FALSE; 2563 } 2564 break; 2565 case AF_INET6: 2566 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2567 /* 2568 * Disable reception of multicast packets 2569 * If the address is link-local we can get the 2570 * interface index from the scope id. Don't do this 2571 * for other types of multicast addresses. For now let 2572 * the kernel figure it out. 2573 */ 2574 mreq6.ipv6mr_multiaddr = SOCK_ADDR6(maddr); 2575 mreq6.ipv6mr_interface = iface->ifindex; 2576 2577 if (setsockopt(iface->fd, IPPROTO_IPV6, 2578 IPV6_LEAVE_GROUP, (void *)&mreq6, 2579 sizeof(mreq6))) { 2580 2581 msyslog(LOG_ERR, 2582 "setsockopt IPV6_LEAVE_GROUP failure: %m on socket %d, addr %s for %d (%s)", 2583 iface->fd, stoa(&iface->sin), 2584 iface->ifindex, stoa(maddr)); 2585 return ISC_FALSE; 2586 } 2587 break; 2588 # else 2589 return ISC_FALSE; 2590 # endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */ 2591 } 2592 2593 iface->num_mcast--; 2594 if (!iface->num_mcast) 2595 iface->flags &= ~INT_MCASTOPEN; 2596 2597 return ISC_TRUE; 2598 } 2599 #endif /* MCAST */ 2600 2601 /* 2602 * io_setbclient - open the broadcast client sockets 2603 */ 2604 void 2605 io_setbclient(void) 2606 { 2607 #ifdef OPEN_BCAST_SOCKET 2608 endpt * ep; 2609 unsigned int nif, ni4, ni6; 2610 2611 nif = ni4 = ni6 = 0; 2612 set_reuseaddr(1); 2613 2614 for (ep = ep_list; ep != NULL; ep = ep->elink) { 2615 /* count IPv6 vs IPv4 interfaces. Needed later to decide 2616 * if we should log an error or not. 2617 */ 2618 switch (ep->family) { 2619 case AF_INET : ++ni4; break; 2620 case AF_INET6: ++ni6; break; 2621 default : break; 2622 } 2623 2624 if (ep->flags & (INT_WILDCARD | INT_LOOPBACK)) 2625 continue; 2626 2627 /* use only allowed addresses */ 2628 if (ep->ignore_packets) 2629 continue; 2630 2631 /* Need a broadcast-capable interface */ 2632 if (!(ep->flags & INT_BROADCAST)) 2633 continue; 2634 2635 /* Only IPv4 addresses are valid for broadcast */ 2636 REQUIRE(IS_IPV4(&ep->bcast)); 2637 2638 /* Do we already have the broadcast address open? */ 2639 if (ep->flags & INT_BCASTOPEN) { 2640 /* 2641 * account for already open interfaces to avoid 2642 * misleading warning below 2643 */ 2644 nif++; 2645 continue; 2646 } 2647 2648 /* 2649 * Try to open the broadcast address 2650 */ 2651 ep->family = AF_INET; 2652 ep->bfd = open_socket(&ep->bcast, 1, 0, ep); 2653 2654 /* 2655 * If we succeeded then we use it otherwise enable 2656 * broadcast on the interface address 2657 */ 2658 if (ep->bfd != INVALID_SOCKET) { 2659 nif++; 2660 ep->flags |= INT_BCASTOPEN; 2661 msyslog(LOG_INFO, 2662 "Listen for broadcasts to %s on interface #%d %s", 2663 stoa(&ep->bcast), ep->ifnum, ep->name); 2664 } else switch (errno) { 2665 /* Silently ignore EADDRINUSE as we probably 2666 * opened the socket already for an address in 2667 * the same network */ 2668 case EADDRINUSE: 2669 /* Some systems cannot bind a socket to a broadcast 2670 * address, as that is not a valid host address. */ 2671 case EADDRNOTAVAIL: 2672 # ifdef SYS_WINNT /*TODO: use for other systems, too? */ 2673 /* avoid recurrence here -- if we already have a 2674 * regular socket, it's quite useless to try this 2675 * again. 2676 */ 2677 if (ep->fd != INVALID_SOCKET) { 2678 ep->flags |= INT_BCASTOPEN; 2679 nif++; 2680 } 2681 # endif 2682 break; 2683 2684 default: 2685 msyslog(LOG_INFO, 2686 "failed to listen for broadcasts to %s on interface #%d %s", 2687 stoa(&ep->bcast), ep->ifnum, ep->name); 2688 break; 2689 } 2690 } 2691 set_reuseaddr(0); 2692 if (nif != 0) { 2693 broadcast_client_enabled = ISC_TRUE; 2694 DPRINTF(1, ("io_setbclient: listening to %d broadcast addresses\n", nif)); 2695 } else { 2696 broadcast_client_enabled = ISC_FALSE; 2697 /* This is expected when having only IPv6 interfaces 2698 * and no IPv4 interfaces at all. We suppress the error 2699 * log in that case... everything else should work! 2700 */ 2701 if (ni4 && !ni6) { 2702 msyslog(LOG_ERR, 2703 "Unable to listen for broadcasts, no broadcast interfaces available"); 2704 } 2705 } 2706 #else 2707 msyslog(LOG_ERR, 2708 "io_setbclient: Broadcast Client disabled by build"); 2709 #endif /* OPEN_BCAST_SOCKET */ 2710 } 2711 2712 /* 2713 * io_unsetbclient - close the broadcast client sockets 2714 */ 2715 void 2716 io_unsetbclient(void) 2717 { 2718 endpt *ep; 2719 2720 for (ep = ep_list; ep != NULL; ep = ep->elink) { 2721 if (INT_WILDCARD & ep->flags) 2722 continue; 2723 if (!(INT_BCASTOPEN & ep->flags)) 2724 continue; 2725 2726 if (ep->bfd != INVALID_SOCKET) { 2727 /* destroy broadcast listening socket */ 2728 msyslog(LOG_INFO, 2729 "stop listening for broadcasts to %s on interface #%d %s", 2730 stoa(&ep->bcast), ep->ifnum, ep->name); 2731 # ifdef HAVE_IO_COMPLETION_PORT 2732 io_completion_port_remove_socket(ep->bfd, ep); 2733 # endif 2734 close_and_delete_fd_from_list(ep->bfd); 2735 ep->bfd = INVALID_SOCKET; 2736 } 2737 ep->flags &= ~INT_BCASTOPEN; 2738 } 2739 broadcast_client_enabled = ISC_FALSE; 2740 } 2741 2742 /* 2743 * io_multicast_add() - add multicast group address 2744 */ 2745 void 2746 io_multicast_add( 2747 sockaddr_u *addr 2748 ) 2749 { 2750 #ifdef MCAST 2751 endpt * ep; 2752 endpt * one_ep; 2753 2754 /* 2755 * Check to see if this is a multicast address 2756 */ 2757 if (!addr_ismulticast(addr)) 2758 return; 2759 2760 /* If we already have it we can just return */ 2761 if (NULL != find_flagged_addr_in_list(addr, INT_MCASTOPEN)) { 2762 msyslog(LOG_INFO, 2763 "Duplicate request found for multicast address %s", 2764 stoa(addr)); 2765 return; 2766 } 2767 2768 # ifndef MULTICAST_NONEWSOCKET 2769 ep = new_interface(NULL); 2770 2771 /* 2772 * Open a new socket for the multicast address 2773 */ 2774 ep->sin = *addr; 2775 SET_PORT(&ep->sin, NTP_PORT); 2776 ep->family = AF(&ep->sin); 2777 AF(&ep->mask) = ep->family; 2778 SET_ONESMASK(&ep->mask); 2779 2780 set_reuseaddr(1); 2781 ep->bfd = INVALID_SOCKET; 2782 ep->fd = open_socket(&ep->sin, 0, 0, ep); 2783 if (ep->fd != INVALID_SOCKET) { 2784 ep->ignore_packets = ISC_FALSE; 2785 ep->flags |= INT_MCASTIF; 2786 ep->ifindex = SCOPE(addr); 2787 2788 strlcpy(ep->name, "multicast", sizeof(ep->name)); 2789 DPRINT_INTERFACE(2, (ep, "multicast add ", "\n")); 2790 add_interface(ep); 2791 log_listen_address(ep); 2792 } else { 2793 /* bind failed, re-use wildcard interface */ 2794 delete_interface(ep); 2795 2796 if (IS_IPV4(addr)) 2797 ep = wildipv4; 2798 else if (IS_IPV6(addr)) 2799 ep = wildipv6; 2800 else 2801 ep = NULL; 2802 2803 if (ep != NULL) { 2804 /* HACK ! -- stuff in an address */ 2805 /* because we don't bind addr? DH */ 2806 ep->bcast = *addr; 2807 msyslog(LOG_ERR, 2808 "multicast address %s using wildcard interface #%d %s", 2809 stoa(addr), ep->ifnum, ep->name); 2810 } else { 2811 msyslog(LOG_ERR, 2812 "No multicast socket available to use for address %s", 2813 stoa(addr)); 2814 return; 2815 } 2816 } 2817 { /* in place of the { following for in #else clause */ 2818 one_ep = ep; 2819 # else /* MULTICAST_NONEWSOCKET follows */ 2820 /* 2821 * For the case where we can't use a separate socket (Windows) 2822 * join each applicable endpoint socket to the group address. 2823 */ 2824 if (IS_IPV4(addr)) 2825 one_ep = wildipv4; 2826 else 2827 one_ep = wildipv6; 2828 for (ep = ep_list; ep != NULL; ep = ep->elink) { 2829 if (ep->ignore_packets || AF(&ep->sin) != AF(addr) || 2830 !(INT_MULTICAST & ep->flags) || 2831 (INT_LOOPBACK | INT_WILDCARD) & ep->flags) 2832 continue; 2833 one_ep = ep; 2834 # endif /* MULTICAST_NONEWSOCKET */ 2835 if (socket_multicast_enable(ep, addr)) 2836 msyslog(LOG_INFO, 2837 "Joined %s socket to multicast group %s", 2838 stoa(&ep->sin), 2839 stoa(addr)); 2840 } 2841 2842 add_addr_to_list(addr, one_ep); 2843 #else /* !MCAST follows*/ 2844 msyslog(LOG_ERR, 2845 "Can not add multicast address %s: no multicast support", 2846 stoa(addr)); 2847 #endif 2848 return; 2849 } 2850 2851 2852 /* 2853 * io_multicast_del() - delete multicast group address 2854 */ 2855 void 2856 io_multicast_del( 2857 sockaddr_u * addr 2858 ) 2859 { 2860 #ifdef MCAST 2861 endpt *iface; 2862 2863 /* 2864 * Check to see if this is a multicast address 2865 */ 2866 if (!addr_ismulticast(addr)) { 2867 msyslog(LOG_ERR, "invalid multicast address %s", 2868 stoa(addr)); 2869 return; 2870 } 2871 2872 /* 2873 * Disable reception of multicast packets 2874 */ 2875 while ((iface = find_flagged_addr_in_list(addr, INT_MCASTOPEN)) 2876 != NULL) 2877 socket_multicast_disable(iface, addr); 2878 2879 delete_addr_from_list(addr); 2880 2881 #else /* not MCAST */ 2882 msyslog(LOG_ERR, 2883 "Can not delete multicast address %s: no multicast support", 2884 stoa(addr)); 2885 #endif /* not MCAST */ 2886 } 2887 2888 2889 /* 2890 * open_socket - open a socket, returning the file descriptor 2891 */ 2892 2893 static SOCKET 2894 open_socket( 2895 sockaddr_u * addr, 2896 int bcast, 2897 int turn_off_reuse, 2898 endpt * interf 2899 ) 2900 { 2901 SOCKET fd; 2902 int errval; 2903 /* 2904 * int is OK for REUSEADR per 2905 * http://www.kohala.com/start/mcast.api.txt 2906 */ 2907 int on = 1; 2908 int off = 0; 2909 2910 if (IS_IPV6(addr) && !ipv6_works) 2911 return INVALID_SOCKET; 2912 2913 /* create a datagram (UDP) socket */ 2914 fd = socket(AF(addr), SOCK_DGRAM, 0); 2915 if (INVALID_SOCKET == fd) { 2916 errval = socket_errno(); 2917 msyslog(LOG_ERR, 2918 "socket(AF_INET%s, SOCK_DGRAM, 0) failed on address %s: %m", 2919 IS_IPV6(addr) ? "6" : "", stoa(addr)); 2920 2921 if (errval == EPROTONOSUPPORT || 2922 errval == EAFNOSUPPORT || 2923 errval == EPFNOSUPPORT) 2924 return (INVALID_SOCKET); 2925 2926 errno = errval; 2927 msyslog(LOG_ERR, 2928 "unexpected socket() error %m code %d (not EPROTONOSUPPORT nor EAFNOSUPPORT nor EPFNOSUPPORT) - exiting", 2929 errno); 2930 exit(1); 2931 } 2932 2933 #ifdef SYS_WINNT 2934 connection_reset_fix(fd, addr); 2935 #endif 2936 /* 2937 * Fixup the file descriptor for some systems 2938 * See bug #530 for details of the issue. 2939 */ 2940 fd = move_fd(fd); 2941 2942 /* 2943 * set SO_REUSEADDR since we will be binding the same port 2944 * number on each interface according to turn_off_reuse. 2945 * This is undesirable on Windows versions starting with 2946 * Windows XP (numeric version 5.1). 2947 */ 2948 #ifdef SYS_WINNT 2949 if (isc_win32os_versioncheck(5, 1, 0, 0) < 0) /* before 5.1 */ 2950 #endif 2951 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, 2952 (void *)((turn_off_reuse) 2953 ? &off 2954 : &on), 2955 sizeof(on))) { 2956 2957 msyslog(LOG_ERR, 2958 "setsockopt SO_REUSEADDR %s fails for address %s: %m", 2959 (turn_off_reuse) 2960 ? "off" 2961 : "on", 2962 stoa(addr)); 2963 closesocket(fd); 2964 return INVALID_SOCKET; 2965 } 2966 #ifdef SO_EXCLUSIVEADDRUSE 2967 /* 2968 * setting SO_EXCLUSIVEADDRUSE on the wildcard we open 2969 * first will cause more specific binds to fail. 2970 */ 2971 if (!(interf->flags & INT_WILDCARD)) 2972 set_excladdruse(fd); 2973 #endif 2974 2975 /* 2976 * IPv4 specific options go here 2977 */ 2978 if (IS_IPV4(addr)) { 2979 #if defined(IPPROTO_IP) && defined(IP_TOS) 2980 if (setsockopt(fd, IPPROTO_IP, IP_TOS, (void *)&qos, 2981 sizeof(qos))) 2982 msyslog(LOG_ERR, 2983 "setsockopt IP_TOS (%02x) fails on address %s: %m", 2984 qos, stoa(addr)); 2985 #endif /* IPPROTO_IP && IP_TOS */ 2986 if (bcast) 2987 socket_broadcast_enable(interf, fd, addr); 2988 } 2989 2990 /* 2991 * IPv6 specific options go here 2992 */ 2993 if (IS_IPV6(addr)) { 2994 #if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS) 2995 if (setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, (void *)&qos, 2996 sizeof(qos))) 2997 msyslog(LOG_ERR, 2998 "setsockopt IPV6_TCLASS (%02x) fails on address %s: %m", 2999 qos, stoa(addr)); 3000 #endif /* IPPROTO_IPV6 && IPV6_TCLASS */ 3001 #ifdef IPV6_V6ONLY 3002 if (isc_net_probe_ipv6only() == ISC_R_SUCCESS 3003 && setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, 3004 (void *)&on, sizeof(on))) 3005 msyslog(LOG_ERR, 3006 "setsockopt IPV6_V6ONLY on fails on address %s: %m", 3007 stoa(addr)); 3008 #endif 3009 #ifdef IPV6_BINDV6ONLY 3010 if (setsockopt(fd, IPPROTO_IPV6, IPV6_BINDV6ONLY, 3011 (void *)&on, sizeof(on))) 3012 msyslog(LOG_ERR, 3013 "setsockopt IPV6_BINDV6ONLY on fails on address %s: %m", 3014 stoa(addr)); 3015 #endif 3016 } 3017 3018 #ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND 3019 /* 3020 * some OSes don't allow binding to more specific 3021 * addresses if a wildcard address already bound 3022 * to the port and SO_REUSEADDR is not set 3023 */ 3024 if (!is_wildcard_addr(addr)) 3025 set_wildcard_reuse(AF(addr), 1); 3026 #endif 3027 3028 /* 3029 * bind the local address. 3030 */ 3031 errval = bind(fd, &addr->sa, SOCKLEN(addr)); 3032 3033 #ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND 3034 if (!is_wildcard_addr(addr)) 3035 set_wildcard_reuse(AF(addr), 0); 3036 #endif 3037 3038 if (errval < 0) { 3039 /* 3040 * Don't log this under all conditions 3041 */ 3042 if (turn_off_reuse == 0 3043 #ifdef DEBUG 3044 || debug > 1 3045 #endif 3046 ) { 3047 msyslog(LOG_ERR, 3048 "bind(%d) AF_INET%s %s#%d%s flags 0x%x failed: %m", 3049 fd, IS_IPV6(addr) ? "6" : "", 3050 stoa(addr), SRCPORT(addr), 3051 IS_MCAST(addr) ? " (multicast)" : "", 3052 interf->flags); 3053 } 3054 3055 closesocket(fd); 3056 3057 return INVALID_SOCKET; 3058 } 3059 3060 #ifdef HAVE_TIMESTAMP 3061 { 3062 if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMP, 3063 (void *)&on, sizeof(on))) 3064 msyslog(LOG_DEBUG, 3065 "setsockopt SO_TIMESTAMP on fails on address %s: %m", 3066 stoa(addr)); 3067 else 3068 DPRINTF(4, ("setsockopt SO_TIMESTAMP enabled on fd %d address %s\n", 3069 fd, stoa(addr))); 3070 } 3071 #endif 3072 #ifdef HAVE_TIMESTAMPNS 3073 { 3074 if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMPNS, 3075 (void *)&on, sizeof(on))) 3076 msyslog(LOG_DEBUG, 3077 "setsockopt SO_TIMESTAMPNS on fails on address %s: %m", 3078 stoa(addr)); 3079 else 3080 DPRINTF(4, ("setsockopt SO_TIMESTAMPNS enabled on fd %d address %s\n", 3081 fd, stoa(addr))); 3082 } 3083 #endif 3084 #ifdef HAVE_BINTIME 3085 { 3086 if (setsockopt(fd, SOL_SOCKET, SO_BINTIME, 3087 (void *)&on, sizeof(on))) 3088 msyslog(LOG_DEBUG, 3089 "setsockopt SO_BINTIME on fails on address %s: %m", 3090 stoa(addr)); 3091 else 3092 DPRINTF(4, ("setsockopt SO_BINTIME enabled on fd %d address %s\n", 3093 fd, stoa(addr))); 3094 } 3095 #endif 3096 3097 DPRINTF(4, ("bind(%d) AF_INET%s, addr %s%%%d#%d, flags 0x%x\n", 3098 fd, IS_IPV6(addr) ? "6" : "", stoa(addr), 3099 SCOPE(addr), SRCPORT(addr), interf->flags)); 3100 3101 make_socket_nonblocking(fd); 3102 3103 #ifdef HAVE_SIGNALED_IO 3104 init_socket_sig(fd); 3105 #endif /* not HAVE_SIGNALED_IO */ 3106 3107 add_fd_to_list(fd, FD_TYPE_SOCKET); 3108 3109 #if !defined(SYS_WINNT) && !defined(VMS) 3110 DPRINTF(4, ("flags for fd %d: 0x%x\n", fd, 3111 fcntl(fd, F_GETFL, 0))); 3112 #endif /* SYS_WINNT || VMS */ 3113 3114 #if defined(HAVE_IO_COMPLETION_PORT) 3115 /* 3116 * Add the socket to the completion port 3117 */ 3118 if (!io_completion_port_add_socket(fd, interf, bcast)) { 3119 msyslog(LOG_ERR, "unable to set up io completion port - EXITING"); 3120 exit(1); 3121 } 3122 #endif 3123 return fd; 3124 } 3125 3126 3127 3128 /* XXX ELIMINATE sendpkt similar in ntpq.c, ntpdc.c, ntp_io.c, ntptrace.c */ 3129 /* 3130 * sendpkt - send a packet to the specified destination. Maintain a 3131 * send error cache so that only the first consecutive error for a 3132 * destination is logged. 3133 */ 3134 void 3135 sendpkt( 3136 sockaddr_u * dest, 3137 struct interface * ep, 3138 int ttl, 3139 struct pkt * pkt, 3140 int len 3141 ) 3142 { 3143 endpt * src; 3144 int ismcast; 3145 int cc; 3146 int rc; 3147 u_char cttl; 3148 l_fp fp_zero = { { 0 }, 0 }; 3149 l_fp org, rec, xmt; 3150 3151 ismcast = IS_MCAST(dest); 3152 if (!ismcast) 3153 src = ep; 3154 else 3155 src = (IS_IPV4(dest)) 3156 ? mc4_list 3157 : mc6_list; 3158 3159 if (NULL == src) { 3160 /* 3161 * unbound peer - drop request and wait for better 3162 * network conditions 3163 */ 3164 DPRINTF(2, ("%ssendpkt(dst=%s, ttl=%d, len=%d): no interface - IGNORED\n", 3165 ismcast ? "\tMCAST\t***** " : "", 3166 stoa(dest), ttl, len)); 3167 return; 3168 } 3169 3170 do { 3171 DPRINTF(2, ("%ssendpkt(%d, dst=%s, src=%s, ttl=%d, len=%d)\n", 3172 ismcast ? "\tMCAST\t***** " : "", src->fd, 3173 stoa(dest), stoa(&src->sin), ttl, len)); 3174 #ifdef MCAST 3175 /* 3176 * for the moment we use the bcast option to set multicast ttl 3177 */ 3178 if (ismcast && ttl > 0 && ttl != src->last_ttl) { 3179 /* 3180 * set the multicast ttl for outgoing packets 3181 */ 3182 switch (AF(&src->sin)) { 3183 3184 case AF_INET : 3185 cttl = (u_char)ttl; 3186 rc = setsockopt(src->fd, IPPROTO_IP, 3187 IP_MULTICAST_TTL, 3188 (void *)&cttl, 3189 sizeof(cttl)); 3190 break; 3191 3192 # ifdef INCLUDE_IPV6_SUPPORT 3193 case AF_INET6 : 3194 rc = setsockopt(src->fd, IPPROTO_IPV6, 3195 IPV6_MULTICAST_HOPS, 3196 (void *)&ttl, 3197 sizeof(ttl)); 3198 break; 3199 # endif /* INCLUDE_IPV6_SUPPORT */ 3200 3201 default: 3202 rc = 0; 3203 } 3204 3205 if (!rc) 3206 src->last_ttl = ttl; 3207 else 3208 msyslog(LOG_ERR, 3209 "setsockopt IP_MULTICAST_TTL/IPV6_MULTICAST_HOPS fails on address %s: %m", 3210 stoa(&src->sin)); 3211 } 3212 #endif /* MCAST */ 3213 3214 #ifdef SIM 3215 cc = simulate_server(dest, src, pkt); 3216 #elif defined(HAVE_IO_COMPLETION_PORT) 3217 cc = io_completion_port_sendto(src, src->fd, pkt, 3218 (size_t)len, (sockaddr_u *)&dest->sa); 3219 #else 3220 cc = sendto(src->fd, (char *)pkt, (u_int)len, 0, 3221 &dest->sa, SOCKLEN(dest)); 3222 #endif 3223 if (cc == -1) { 3224 src->notsent++; 3225 packets_notsent++; 3226 } else { 3227 src->sent++; 3228 packets_sent++; 3229 } 3230 if (ismcast) 3231 src = src->mclink; 3232 } while (ismcast && src != NULL); 3233 3234 /* HMS: pkt->rootdisp is usually random here */ 3235 NTOHL_FP(&pkt->org, &org); 3236 NTOHL_FP(&pkt->rec, &rec); 3237 NTOHL_FP(&pkt->xmt, &xmt); 3238 record_raw_stats(src ? &src->sin : NULL, dest, 3239 &org, &rec, &xmt, &fp_zero, 3240 PKT_LEAP(pkt->li_vn_mode), 3241 PKT_VERSION(pkt->li_vn_mode), 3242 PKT_MODE(pkt->li_vn_mode), 3243 pkt->stratum, 3244 pkt->ppoll, pkt->precision, 3245 pkt->rootdelay, pkt->rootdisp, pkt->refid, 3246 len - MIN_V4_PKT_LEN, (u_char *)&pkt->exten); 3247 3248 return; 3249 } 3250 3251 3252 #if !defined(HAVE_IO_COMPLETION_PORT) 3253 #if !defined(HAVE_SIGNALED_IO) 3254 /* 3255 * fdbits - generate ascii representation of fd_set (FAU debug support) 3256 * HFDF format - highest fd first. 3257 */ 3258 static char * 3259 fdbits( 3260 int count, 3261 const fd_set* set 3262 ) 3263 { 3264 static char buffer[256]; 3265 char * buf = buffer; 3266 3267 count = min(count, 255); 3268 3269 while (count >= 0) { 3270 *buf++ = FD_ISSET(count, set) ? '#' : '-'; 3271 count--; 3272 } 3273 *buf = '\0'; 3274 3275 return buffer; 3276 } 3277 #endif 3278 3279 #ifdef REFCLOCK 3280 /* 3281 * Routine to read the refclock packets for a specific interface 3282 * Return the number of bytes read. That way we know if we should 3283 * read it again or go on to the next one if no bytes returned 3284 */ 3285 static inline int 3286 read_refclock_packet( 3287 SOCKET fd, 3288 struct refclockio * rp, 3289 l_fp ts 3290 ) 3291 { 3292 u_int read_count; 3293 int buflen; 3294 int saved_errno; 3295 int consumed; 3296 struct recvbuf * rb; 3297 3298 rb = get_free_recv_buffer(); 3299 3300 if (NULL == rb) { 3301 /* 3302 * No buffer space available - just drop the packet 3303 */ 3304 char buf[RX_BUFF_SIZE]; 3305 3306 buflen = read(fd, buf, sizeof buf); 3307 packets_dropped++; 3308 return (buflen); 3309 } 3310 3311 /* TALOS-CAN-0064: avoid signed/unsigned clashes that can lead 3312 * to buffer overrun and memory corruption 3313 */ 3314 if (rp->datalen <= 0 || (size_t)rp->datalen > sizeof(rb->recv_space)) 3315 read_count = sizeof(rb->recv_space); 3316 else 3317 read_count = (u_int)rp->datalen; 3318 do { 3319 buflen = read(fd, (char *)&rb->recv_space, read_count); 3320 } while (buflen < 0 && EINTR == errno); 3321 3322 if (buflen <= 0) { 3323 saved_errno = errno; 3324 freerecvbuf(rb); 3325 errno = saved_errno; 3326 return buflen; 3327 } 3328 3329 /* 3330 * Got one. Mark how and when it got here, 3331 * put it on the full list and do bookkeeping. 3332 */ 3333 rb->recv_length = buflen; 3334 rb->recv_peer = rp->srcclock; 3335 rb->dstadr = 0; 3336 rb->fd = fd; 3337 rb->recv_time = ts; 3338 rb->receiver = rp->clock_recv; 3339 3340 consumed = indicate_refclock_packet(rp, rb); 3341 if (!consumed) { 3342 rp->recvcount++; 3343 packets_received++; 3344 } 3345 3346 return buflen; 3347 } 3348 #endif /* REFCLOCK */ 3349 3350 3351 #ifdef HAVE_PACKET_TIMESTAMP 3352 /* 3353 * extract timestamps from control message buffer 3354 */ 3355 static l_fp 3356 fetch_timestamp( 3357 struct recvbuf * rb, 3358 struct msghdr * msghdr, 3359 l_fp ts 3360 ) 3361 { 3362 struct cmsghdr * cmsghdr; 3363 unsigned long ticks; 3364 double fuzz; 3365 l_fp lfpfuzz; 3366 l_fp nts; 3367 #ifdef DEBUG_TIMING 3368 l_fp dts; 3369 #endif 3370 3371 cmsghdr = CMSG_FIRSTHDR(msghdr); 3372 while (cmsghdr != NULL) { 3373 switch (cmsghdr->cmsg_type) 3374 { 3375 #ifdef HAVE_BINTIME 3376 case SCM_BINTIME: 3377 #endif /* HAVE_BINTIME */ 3378 #ifdef HAVE_TIMESTAMPNS 3379 case SCM_TIMESTAMPNS: 3380 #endif /* HAVE_TIMESTAMPNS */ 3381 #ifdef HAVE_TIMESTAMP 3382 case SCM_TIMESTAMP: 3383 #endif /* HAVE_TIMESTAMP */ 3384 #if defined(HAVE_BINTIME) || defined (HAVE_TIMESTAMPNS) || defined(HAVE_TIMESTAMP) 3385 switch (cmsghdr->cmsg_type) 3386 { 3387 #ifdef HAVE_BINTIME 3388 case SCM_BINTIME: 3389 { 3390 struct bintime pbt; 3391 memcpy(&pbt, CMSG_DATA(cmsghdr), sizeof(pbt)); 3392 /* 3393 * bintime documentation is at http://phk.freebsd.dk/pubs/timecounter.pdf 3394 */ 3395 nts.l_i = pbt.sec + JAN_1970; 3396 nts.l_uf = (u_int32)(pbt.frac >> 32); 3397 if (sys_tick > measured_tick && 3398 sys_tick > 1e-9) { 3399 ticks = (unsigned long)(nts.l_uf / (unsigned long)(sys_tick * FRAC)); 3400 nts.l_uf = (unsigned long)(ticks * (unsigned long)(sys_tick * FRAC)); 3401 } 3402 DPRINTF(4, ("fetch_timestamp: system bintime network time stamp: %ld.%09lu\n", 3403 pbt.sec, (unsigned long)((nts.l_uf / FRAC) * 1e9))); 3404 } 3405 break; 3406 #endif /* HAVE_BINTIME */ 3407 #ifdef HAVE_TIMESTAMPNS 3408 case SCM_TIMESTAMPNS: 3409 { 3410 struct timespec pts; 3411 memcpy(&pts, CMSG_DATA(cmsghdr), sizeof(pts)); 3412 if (sys_tick > measured_tick && 3413 sys_tick > 1e-9) { 3414 ticks = (unsigned long)((pts.tv_nsec * 1e-9) / 3415 sys_tick); 3416 pts.tv_nsec = (long)(ticks * 1e9 * 3417 sys_tick); 3418 } 3419 DPRINTF(4, ("fetch_timestamp: system nsec network time stamp: %ld.%09ld\n", 3420 pts.tv_sec, pts.tv_nsec)); 3421 nts = tspec_stamp_to_lfp(pts); 3422 } 3423 break; 3424 #endif /* HAVE_TIMESTAMPNS */ 3425 #ifdef HAVE_TIMESTAMP 3426 case SCM_TIMESTAMP: 3427 { 3428 struct timeval ptv; 3429 memcpy(&ptv, CMSG_DATA(cmsghdr), sizeof(ptv)); 3430 if (sys_tick > measured_tick && 3431 sys_tick > 1e-6) { 3432 ticks = (unsigned long)((ptv.tv_usec * 1e-6) / 3433 sys_tick); 3434 ptv.tv_usec = (long)(ticks * 1e6 * 3435 sys_tick); 3436 } 3437 DPRINTF(4, ("fetch_timestamp: system usec network time stamp: %jd.%06ld\n", 3438 (intmax_t)ptv.tv_sec, (long)ptv.tv_usec)); 3439 nts = tval_stamp_to_lfp(ptv); 3440 } 3441 break; 3442 #endif /* HAVE_TIMESTAMP */ 3443 } 3444 fuzz = ntp_random() * 2. / FRAC * sys_fuzz; 3445 DTOLFP(fuzz, &lfpfuzz); 3446 L_ADD(&nts, &lfpfuzz); 3447 #ifdef DEBUG_TIMING 3448 dts = ts; 3449 L_SUB(&dts, &nts); 3450 collect_timing(rb, "input processing delay", 1, 3451 &dts); 3452 DPRINTF(4, ("fetch_timestamp: timestamp delta: %s (incl. fuzz)\n", 3453 lfptoa(&dts, 9))); 3454 #endif /* DEBUG_TIMING */ 3455 ts = nts; /* network time stamp */ 3456 break; 3457 #endif /* HAVE_BINTIME || HAVE_TIMESTAMPNS || HAVE_TIMESTAMP */ 3458 3459 default: 3460 DPRINTF(4, ("fetch_timestamp: skipping control message 0x%x\n", 3461 cmsghdr->cmsg_type)); 3462 } 3463 cmsghdr = CMSG_NXTHDR(msghdr, cmsghdr); 3464 } 3465 return ts; 3466 } 3467 #endif /* HAVE_PACKET_TIMESTAMP */ 3468 3469 3470 /* 3471 * Routine to read the network NTP packets for a specific interface 3472 * Return the number of bytes read. That way we know if we should 3473 * read it again or go on to the next one if no bytes returned 3474 */ 3475 static inline int 3476 read_network_packet( 3477 SOCKET fd, 3478 struct interface * itf, 3479 l_fp ts 3480 ) 3481 { 3482 GETSOCKNAME_SOCKLEN_TYPE fromlen; 3483 int buflen; 3484 register struct recvbuf *rb; 3485 #ifdef HAVE_PACKET_TIMESTAMP 3486 struct msghdr msghdr; 3487 struct iovec iovec; 3488 char control[CMSG_BUFSIZE]; 3489 #endif 3490 3491 /* 3492 * Get a buffer and read the frame. If we 3493 * haven't got a buffer, or this is received 3494 * on a disallowed socket, just dump the 3495 * packet. 3496 */ 3497 3498 rb = get_free_recv_buffer(); 3499 if (NULL == rb || itf->ignore_packets) { 3500 char buf[RX_BUFF_SIZE]; 3501 sockaddr_u from; 3502 3503 if (rb != NULL) 3504 freerecvbuf(rb); 3505 3506 fromlen = sizeof(from); 3507 buflen = recvfrom(fd, buf, sizeof(buf), 0, 3508 &from.sa, &fromlen); 3509 DPRINTF(4, ("%s on (%lu) fd=%d from %s\n", 3510 (itf->ignore_packets) 3511 ? "ignore" 3512 : "drop", 3513 free_recvbuffs(), fd, stoa(&from))); 3514 if (itf->ignore_packets) 3515 packets_ignored++; 3516 else 3517 packets_dropped++; 3518 return (buflen); 3519 } 3520 3521 fromlen = sizeof(rb->recv_srcadr); 3522 3523 #ifndef HAVE_PACKET_TIMESTAMP 3524 rb->recv_length = recvfrom(fd, (char *)&rb->recv_space, 3525 sizeof(rb->recv_space), 0, 3526 &rb->recv_srcadr.sa, &fromlen); 3527 #else 3528 iovec.iov_base = &rb->recv_space; 3529 iovec.iov_len = sizeof(rb->recv_space); 3530 msghdr.msg_name = &rb->recv_srcadr; 3531 msghdr.msg_namelen = fromlen; 3532 msghdr.msg_iov = &iovec; 3533 msghdr.msg_iovlen = 1; 3534 msghdr.msg_control = (void *)&control; 3535 msghdr.msg_controllen = sizeof(control); 3536 msghdr.msg_flags = 0; 3537 rb->recv_length = recvmsg(fd, &msghdr, 0); 3538 #endif 3539 3540 buflen = rb->recv_length; 3541 3542 if (buflen == 0 || (buflen == -1 && 3543 (EWOULDBLOCK == errno 3544 #ifdef EAGAIN 3545 || EAGAIN == errno 3546 #endif 3547 ))) { 3548 freerecvbuf(rb); 3549 return (buflen); 3550 } else if (buflen < 0) { 3551 msyslog(LOG_ERR, "recvfrom(%s) fd=%d: %m", 3552 stoa(&rb->recv_srcadr), fd); 3553 DPRINTF(5, ("read_network_packet: fd=%d dropped (bad recvfrom)\n", 3554 fd)); 3555 freerecvbuf(rb); 3556 return (buflen); 3557 } 3558 3559 DPRINTF(3, ("read_network_packet: fd=%d length %d from %s\n", 3560 fd, buflen, stoa(&rb->recv_srcadr))); 3561 3562 #ifdef ENABLE_BUG3020_FIX 3563 if (ISREFCLOCKADR(&rb->recv_srcadr)) { 3564 msyslog(LOG_ERR, "recvfrom(%s) fd=%d: refclock srcadr on a network interface!", 3565 stoa(&rb->recv_srcadr), fd); 3566 DPRINTF(1, ("read_network_packet: fd=%d dropped (refclock srcadr))\n", 3567 fd)); 3568 packets_dropped++; 3569 freerecvbuf(rb); 3570 return (buflen); 3571 } 3572 #endif 3573 3574 /* 3575 ** Bug 2672: Some OSes (MacOSX and Linux) don't block spoofed ::1 3576 */ 3577 3578 if (AF_INET6 == itf->family) { 3579 DPRINTF(2, ("Got an IPv6 packet, from <%s> (%d) to <%s> (%d)\n", 3580 stoa(&rb->recv_srcadr), 3581 IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr)), 3582 stoa(&itf->sin), 3583 !IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&itf->sin)) 3584 )); 3585 3586 if ( IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr)) 3587 && !IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&itf->sin)) 3588 ) { 3589 packets_dropped++; 3590 DPRINTF(2, ("DROPPING that packet\n")); 3591 freerecvbuf(rb); 3592 return buflen; 3593 } 3594 DPRINTF(2, ("processing that packet\n")); 3595 } 3596 3597 /* 3598 * Got one. Mark how and when it got here, 3599 * put it on the full list and do bookkeeping. 3600 */ 3601 rb->dstadr = itf; 3602 rb->fd = fd; 3603 #ifdef HAVE_PACKET_TIMESTAMP 3604 /* pick up a network time stamp if possible */ 3605 ts = fetch_timestamp(rb, &msghdr, ts); 3606 #endif 3607 rb->recv_time = ts; 3608 rb->receiver = receive; 3609 3610 add_full_recv_buffer(rb); 3611 3612 itf->received++; 3613 packets_received++; 3614 return (buflen); 3615 } 3616 3617 /* 3618 * attempt to handle io (select()/signaled IO) 3619 */ 3620 void 3621 io_handler(void) 3622 { 3623 # ifndef HAVE_SIGNALED_IO 3624 fd_set rdfdes; 3625 int nfound; 3626 3627 /* 3628 * Use select() on all on all input fd's for unlimited 3629 * time. select() will terminate on SIGALARM or on the 3630 * reception of input. Using select() means we can't do 3631 * robust signal handling and we get a potential race 3632 * between checking for alarms and doing the select(). 3633 * Mostly harmless, I think. 3634 */ 3635 /* 3636 * On VMS, I suspect that select() can't be interrupted 3637 * by a "signal" either, so I take the easy way out and 3638 * have select() time out after one second. 3639 * System clock updates really aren't time-critical, 3640 * and - lacking a hardware reference clock - I have 3641 * yet to learn about anything else that is. 3642 */ 3643 ++handler_calls; 3644 rdfdes = activefds; 3645 # if !defined(VMS) && !defined(SYS_VXWORKS) 3646 nfound = select(maxactivefd + 1, &rdfdes, NULL, 3647 NULL, NULL); 3648 # else /* VMS, VxWorks */ 3649 /* make select() wake up after one second */ 3650 { 3651 struct timeval t1; 3652 t1.tv_sec = 1; 3653 t1.tv_usec = 0; 3654 nfound = select(maxactivefd + 1, 3655 &rdfdes, NULL, NULL, 3656 &t1); 3657 } 3658 # endif /* VMS, VxWorks */ 3659 if (nfound < 0 && sanitize_fdset(errno)) { 3660 struct timeval t1; 3661 t1.tv_sec = 0; 3662 t1.tv_usec = 0; 3663 rdfdes = activefds; 3664 nfound = select(maxactivefd + 1, 3665 &rdfdes, NULL, NULL, 3666 &t1); 3667 } 3668 3669 if (nfound > 0) { 3670 l_fp ts; 3671 3672 get_systime(&ts); 3673 3674 input_handler_scan(&ts, &rdfdes); 3675 } else if (nfound == -1 && errno != EINTR) { 3676 msyslog(LOG_ERR, "select() error: %m"); 3677 } 3678 # ifdef DEBUG 3679 else if (debug > 4) { 3680 msyslog(LOG_DEBUG, "select(): nfound=%d, error: %m", nfound); 3681 } else { 3682 DPRINTF(3, ("select() returned %d: %m\n", nfound)); 3683 } 3684 # endif /* DEBUG */ 3685 # else /* HAVE_SIGNALED_IO */ 3686 wait_for_signal(); 3687 # endif /* HAVE_SIGNALED_IO */ 3688 } 3689 3690 #ifdef HAVE_SIGNALED_IO 3691 /* 3692 * input_handler - receive packets asynchronously 3693 * 3694 * ALWAYS IN SIGNAL HANDLER CONTEXT -- only async-safe functions allowed! 3695 */ 3696 static RETSIGTYPE 3697 input_handler( 3698 l_fp * cts 3699 ) 3700 { 3701 int n; 3702 struct timeval tvzero; 3703 fd_set fds; 3704 3705 ++handler_calls; 3706 3707 /* 3708 * Do a poll to see who has data 3709 */ 3710 3711 fds = activefds; 3712 tvzero.tv_sec = tvzero.tv_usec = 0; 3713 3714 n = select(maxactivefd + 1, &fds, NULL, NULL, &tvzero); 3715 if (n < 0 && sanitize_fdset(errno)) { 3716 fds = activefds; 3717 tvzero.tv_sec = tvzero.tv_usec = 0; 3718 n = select(maxactivefd + 1, &fds, NULL, NULL, &tvzero); 3719 } 3720 if (n > 0) 3721 input_handler_scan(cts, &fds); 3722 } 3723 #endif /* HAVE_SIGNALED_IO */ 3724 3725 3726 /* 3727 * Try to sanitize the global FD set 3728 * 3729 * SIGNAL HANDLER CONTEXT if HAVE_SIGNALED_IO, ordinary userspace otherwise 3730 */ 3731 static int/*BOOL*/ 3732 sanitize_fdset( 3733 int errc 3734 ) 3735 { 3736 int j, b, maxscan; 3737 3738 # ifndef HAVE_SIGNALED_IO 3739 /* 3740 * extended FAU debugging output 3741 */ 3742 if (errc != EINTR) { 3743 msyslog(LOG_ERR, 3744 "select(%d, %s, 0L, 0L, &0.0) error: %m", 3745 maxactivefd + 1, 3746 fdbits(maxactivefd, &activefds)); 3747 } 3748 # endif 3749 3750 if (errc != EBADF) 3751 return FALSE; 3752 3753 /* if we have oviously bad FDs, try to sanitize the FD set. */ 3754 for (j = 0, maxscan = 0; j <= maxactivefd; j++) { 3755 if (FD_ISSET(j, &activefds)) { 3756 if (-1 != read(j, &b, 0)) { 3757 maxscan = j; 3758 continue; 3759 } 3760 # ifndef HAVE_SIGNALED_IO 3761 msyslog(LOG_ERR, 3762 "Removing bad file descriptor %d from select set", 3763 j); 3764 # endif 3765 FD_CLR(j, &activefds); 3766 } 3767 } 3768 if (maxactivefd != maxscan) 3769 maxactivefd = maxscan; 3770 return TRUE; 3771 } 3772 3773 /* 3774 * scan the known FDs (clocks, servers, ...) for presence in a 'fd_set'. 3775 * 3776 * SIGNAL HANDLER CONTEXT if HAVE_SIGNALED_IO, ordinary userspace otherwise 3777 */ 3778 static void 3779 input_handler_scan( 3780 const l_fp * cts, 3781 const fd_set * pfds 3782 ) 3783 { 3784 int buflen; 3785 u_int idx; 3786 int doing; 3787 SOCKET fd; 3788 blocking_child *c; 3789 l_fp ts; /* Timestamp at BOselect() gob */ 3790 3791 #if defined(DEBUG_TIMING) 3792 l_fp ts_e; /* Timestamp at EOselect() gob */ 3793 #endif 3794 endpt * ep; 3795 #ifdef REFCLOCK 3796 struct refclockio *rp; 3797 int saved_errno; 3798 const char * clk; 3799 #endif 3800 #ifdef HAS_ROUTING_SOCKET 3801 struct asyncio_reader * asyncio_reader; 3802 struct asyncio_reader * next_asyncio_reader; 3803 #endif 3804 3805 ++handler_pkts; 3806 ts = *cts; 3807 3808 #ifdef REFCLOCK 3809 /* 3810 * Check out the reference clocks first, if any 3811 */ 3812 3813 for (rp = refio; rp != NULL; rp = rp->next) { 3814 fd = rp->fd; 3815 3816 if (!FD_ISSET(fd, pfds)) 3817 continue; 3818 buflen = read_refclock_packet(fd, rp, ts); 3819 /* 3820 * The first read must succeed after select() indicates 3821 * readability, or we've reached a permanent EOF. 3822 * http://bugs.ntp.org/1732 reported ntpd munching CPU 3823 * after a USB GPS was unplugged because select was 3824 * indicating EOF but ntpd didn't remove the descriptor 3825 * from the activefds set. 3826 */ 3827 if (buflen < 0 && EAGAIN != errno) { 3828 saved_errno = errno; 3829 clk = refnumtoa(&rp->srcclock->srcadr); 3830 errno = saved_errno; 3831 msyslog(LOG_ERR, "%s read: %m", clk); 3832 maintain_activefds(fd, TRUE); 3833 } else if (0 == buflen) { 3834 clk = refnumtoa(&rp->srcclock->srcadr); 3835 msyslog(LOG_ERR, "%s read EOF", clk); 3836 maintain_activefds(fd, TRUE); 3837 } else { 3838 /* drain any remaining refclock input */ 3839 do { 3840 buflen = read_refclock_packet(fd, rp, ts); 3841 } while (buflen > 0); 3842 } 3843 } 3844 #endif /* REFCLOCK */ 3845 3846 /* 3847 * Loop through the interfaces looking for data to read. 3848 */ 3849 for (ep = ep_list; ep != NULL; ep = ep->elink) { 3850 for (doing = 0; doing < 2; doing++) { 3851 if (!doing) { 3852 fd = ep->fd; 3853 } else { 3854 if (!(ep->flags & INT_BCASTOPEN)) 3855 break; 3856 fd = ep->bfd; 3857 } 3858 if (fd < 0) 3859 continue; 3860 if (FD_ISSET(fd, pfds)) 3861 do { 3862 buflen = read_network_packet( 3863 fd, ep, ts); 3864 } while (buflen > 0); 3865 /* Check more interfaces */ 3866 } 3867 } 3868 3869 #ifdef HAS_ROUTING_SOCKET 3870 /* 3871 * scan list of asyncio readers - currently only used for routing sockets 3872 */ 3873 asyncio_reader = asyncio_reader_list; 3874 3875 while (asyncio_reader != NULL) { 3876 /* callback may unlink and free asyncio_reader */ 3877 next_asyncio_reader = asyncio_reader->link; 3878 if (FD_ISSET(asyncio_reader->fd, pfds)) 3879 (*asyncio_reader->receiver)(asyncio_reader); 3880 asyncio_reader = next_asyncio_reader; 3881 } 3882 #endif /* HAS_ROUTING_SOCKET */ 3883 3884 /* 3885 * Check for a response from a blocking child 3886 */ 3887 for (idx = 0; idx < blocking_children_alloc; idx++) { 3888 c = blocking_children[idx]; 3889 if (NULL == c || -1 == c->resp_read_pipe) 3890 continue; 3891 if (FD_ISSET(c->resp_read_pipe, pfds)) { 3892 ++c->resp_ready_seen; 3893 ++blocking_child_ready_seen; 3894 } 3895 } 3896 3897 /* We've done our work */ 3898 #if defined(DEBUG_TIMING) 3899 get_systime(&ts_e); 3900 /* 3901 * (ts_e - ts) is the amount of time we spent 3902 * processing this gob of file descriptors. Log 3903 * it. 3904 */ 3905 L_SUB(&ts_e, &ts); 3906 collect_timing(NULL, "input handler", 1, &ts_e); 3907 if (debug > 3) 3908 msyslog(LOG_DEBUG, 3909 "input_handler: Processed a gob of fd's in %s msec", 3910 lfptoms(&ts_e, 6)); 3911 #endif /* DEBUG_TIMING */ 3912 } 3913 #endif /* !HAVE_IO_COMPLETION_PORT */ 3914 3915 /* 3916 * find an interface suitable for the src address 3917 */ 3918 endpt * 3919 select_peerinterface( 3920 struct peer * peer, 3921 sockaddr_u * srcadr, 3922 endpt * dstadr 3923 ) 3924 { 3925 endpt *ep; 3926 #ifndef SIM 3927 endpt *wild; 3928 3929 wild = ANY_INTERFACE_CHOOSE(srcadr); 3930 3931 /* 3932 * Initialize the peer structure and dance the interface jig. 3933 * Reference clocks step the loopback waltz, the others 3934 * squaredance around the interface list looking for a buddy. If 3935 * the dance peters out, there is always the wildcard interface. 3936 * This might happen in some systems and would preclude proper 3937 * operation with public key cryptography. 3938 */ 3939 if (ISREFCLOCKADR(srcadr)) { 3940 ep = loopback_interface; 3941 } else if (peer->cast_flags & 3942 (MDF_BCLNT | MDF_ACAST | MDF_MCAST | MDF_BCAST)) { 3943 ep = findbcastinter(srcadr); 3944 if (ep != NULL) 3945 DPRINTF(4, ("Found *-cast interface %s for address %s\n", 3946 stoa(&ep->sin), stoa(srcadr))); 3947 else 3948 DPRINTF(4, ("No *-cast local address found for address %s\n", 3949 stoa(srcadr))); 3950 } else { 3951 ep = dstadr; 3952 if (NULL == ep) 3953 ep = wild; 3954 } 3955 /* 3956 * If it is a multicast address, findbcastinter() may not find 3957 * it. For unicast, we get to find the interface when dstadr is 3958 * given to us as the wildcard (ANY_INTERFACE_CHOOSE). Either 3959 * way, try a little harder. 3960 */ 3961 if (wild == ep) 3962 ep = findinterface(srcadr); 3963 /* 3964 * we do not bind to the wildcard interfaces for output 3965 * as our (network) source address would be undefined and 3966 * crypto will not work without knowing the own transmit address 3967 */ 3968 if (ep != NULL && INT_WILDCARD & ep->flags) 3969 if (!accept_wildcard_if_for_winnt) 3970 ep = NULL; 3971 #else /* SIM follows */ 3972 ep = loopback_interface; 3973 #endif 3974 3975 return ep; 3976 } 3977 3978 3979 /* 3980 * findinterface - find local interface corresponding to address 3981 */ 3982 endpt * 3983 findinterface( 3984 sockaddr_u *addr 3985 ) 3986 { 3987 endpt *iface; 3988 3989 iface = findlocalinterface(addr, INT_WILDCARD, 0); 3990 3991 if (NULL == iface) { 3992 DPRINTF(4, ("Found no interface for address %s - returning wildcard\n", 3993 stoa(addr))); 3994 3995 iface = ANY_INTERFACE_CHOOSE(addr); 3996 } else 3997 DPRINTF(4, ("Found interface #%d %s for address %s\n", 3998 iface->ifnum, iface->name, stoa(addr))); 3999 4000 return iface; 4001 } 4002 4003 /* 4004 * findlocalinterface - find local interface corresponding to addr, 4005 * which does not have any of flags set. If bast is nonzero, addr is 4006 * a broadcast address. 4007 * 4008 * This code attempts to find the local sending address for an outgoing 4009 * address by connecting a new socket to destinationaddress:NTP_PORT 4010 * and reading the sockname of the resulting connect. 4011 * the complicated sequence simulates the routing table lookup 4012 * for to first hop without duplicating any of the routing logic into 4013 * ntpd. preferably we would have used an API call - but its not there - 4014 * so this is the best we can do here short of duplicating to entire routing 4015 * logic in ntpd which would be a silly and really unportable thing to do. 4016 * 4017 */ 4018 static endpt * 4019 findlocalinterface( 4020 sockaddr_u * addr, 4021 int flags, 4022 int bcast 4023 ) 4024 { 4025 GETSOCKNAME_SOCKLEN_TYPE sockaddrlen; 4026 endpt * iface; 4027 sockaddr_u saddr; 4028 SOCKET s; 4029 int rtn; 4030 int on; 4031 4032 DPRINTF(4, ("Finding interface for addr %s in list of addresses\n", 4033 stoa(addr))); 4034 4035 /* [Bug 3437] The dummy POOL peer comes in with an AF of 4036 * zero. This is bound to fail, but on the way to nowhere it 4037 * triggers a security incident on SELinux. 4038 * 4039 * Checking the condition and failing early is probably a good 4040 * advice, and even saves us some syscalls in that case. 4041 * Thanks to Miroslav Lichvar for finding this. 4042 */ 4043 if (AF_UNSPEC == AF(addr)) 4044 return NULL; 4045 4046 s = socket(AF(addr), SOCK_DGRAM, 0); 4047 if (INVALID_SOCKET == s) 4048 return NULL; 4049 4050 /* 4051 * If we are looking for broadcast interface we need to set this 4052 * socket to allow broadcast 4053 */ 4054 if (bcast) { 4055 on = 1; 4056 if (SOCKET_ERROR == setsockopt(s, SOL_SOCKET, 4057 SO_BROADCAST, 4058 (void *)&on, 4059 sizeof(on))) { 4060 closesocket(s); 4061 return NULL; 4062 } 4063 } 4064 4065 rtn = connect(s, &addr->sa, SOCKLEN(addr)); 4066 if (SOCKET_ERROR == rtn) { 4067 closesocket(s); 4068 return NULL; 4069 } 4070 4071 sockaddrlen = sizeof(saddr); 4072 rtn = getsockname(s, &saddr.sa, &sockaddrlen); 4073 closesocket(s); 4074 if (SOCKET_ERROR == rtn) 4075 return NULL; 4076 4077 DPRINTF(4, ("findlocalinterface: kernel maps %s to %s\n", 4078 stoa(addr), stoa(&saddr))); 4079 4080 iface = getinterface(&saddr, flags); 4081 4082 /* 4083 * if we didn't find an exact match on saddr, find the closest 4084 * available local address. This handles the case of the 4085 * address suggested by the kernel being excluded by nic rules 4086 * or the user's -I and -L options to ntpd. 4087 * See http://bugs.ntp.org/1184 and http://bugs.ntp.org/1683 4088 * for more background. 4089 */ 4090 if (NULL == iface || iface->ignore_packets) 4091 iface = findclosestinterface(&saddr, 4092 flags | INT_LOOPBACK); 4093 4094 /* Don't use an interface which will ignore replies */ 4095 if (iface != NULL && iface->ignore_packets) 4096 iface = NULL; 4097 4098 return iface; 4099 } 4100 4101 4102 /* 4103 * findclosestinterface 4104 * 4105 * If there are -I/--interface or -L/novirtualips command-line options, 4106 * or "nic" or "interface" rules in ntp.conf, findlocalinterface() may 4107 * find the kernel's preferred local address for a given peer address is 4108 * administratively unavailable to ntpd, and punt to this routine's more 4109 * expensive search. 4110 * 4111 * Find the numerically closest local address to the one connect() 4112 * suggested. This matches an address on the same subnet first, as 4113 * needed by Bug 1184, and provides a consistent choice if there are 4114 * multiple feasible local addresses, regardless of the order ntpd 4115 * enumerated them. 4116 */ 4117 endpt * 4118 findclosestinterface( 4119 sockaddr_u * addr, 4120 int flags 4121 ) 4122 { 4123 endpt * ep; 4124 endpt * winner; 4125 sockaddr_u addr_dist; 4126 sockaddr_u min_dist; 4127 4128 ZERO_SOCK(&min_dist); 4129 winner = NULL; 4130 4131 for (ep = ep_list; ep != NULL; ep = ep->elink) { 4132 if (ep->ignore_packets || 4133 AF(addr) != ep->family || 4134 flags & ep->flags) 4135 continue; 4136 4137 calc_addr_distance(&addr_dist, addr, &ep->sin); 4138 if (NULL == winner || 4139 -1 == cmp_addr_distance(&addr_dist, &min_dist)) { 4140 min_dist = addr_dist; 4141 winner = ep; 4142 } 4143 } 4144 if (NULL == winner) 4145 DPRINTF(4, ("findclosestinterface(%s) failed\n", 4146 stoa(addr))); 4147 else 4148 DPRINTF(4, ("findclosestinterface(%s) -> %s\n", 4149 stoa(addr), stoa(&winner->sin))); 4150 4151 return winner; 4152 } 4153 4154 4155 /* 4156 * calc_addr_distance - calculate the distance between two addresses, 4157 * the absolute value of the difference between 4158 * the addresses numerically, stored as an address. 4159 */ 4160 static void 4161 calc_addr_distance( 4162 sockaddr_u * dist, 4163 const sockaddr_u * a1, 4164 const sockaddr_u * a2 4165 ) 4166 { 4167 u_int32 a1val; 4168 u_int32 a2val; 4169 u_int32 v4dist; 4170 int found_greater; 4171 int a1_greater; 4172 int i; 4173 4174 REQUIRE(AF(a1) == AF(a2)); 4175 4176 ZERO_SOCK(dist); 4177 AF(dist) = AF(a1); 4178 4179 /* v4 can be done a bit simpler */ 4180 if (IS_IPV4(a1)) { 4181 a1val = SRCADR(a1); 4182 a2val = SRCADR(a2); 4183 v4dist = (a1val > a2val) 4184 ? a1val - a2val 4185 : a2val - a1val; 4186 SET_ADDR4(dist, v4dist); 4187 4188 return; 4189 } 4190 4191 found_greater = FALSE; 4192 a1_greater = FALSE; /* suppress pot. uninit. warning */ 4193 for (i = 0; i < (int)sizeof(NSRCADR6(a1)); i++) { 4194 if (!found_greater && 4195 NSRCADR6(a1)[i] != NSRCADR6(a2)[i]) { 4196 found_greater = TRUE; 4197 a1_greater = (NSRCADR6(a1)[i] > NSRCADR6(a2)[i]); 4198 } 4199 if (!found_greater) { 4200 NSRCADR6(dist)[i] = 0; 4201 } else { 4202 if (a1_greater) 4203 NSRCADR6(dist)[i] = NSRCADR6(a1)[i] - 4204 NSRCADR6(a2)[i]; 4205 else 4206 NSRCADR6(dist)[i] = NSRCADR6(a2)[i] - 4207 NSRCADR6(a1)[i]; 4208 } 4209 } 4210 } 4211 4212 4213 /* 4214 * cmp_addr_distance - compare two address distances, returning -1, 0, 4215 * 1 to indicate their relationship. 4216 */ 4217 static int 4218 cmp_addr_distance( 4219 const sockaddr_u * d1, 4220 const sockaddr_u * d2 4221 ) 4222 { 4223 int i; 4224 4225 REQUIRE(AF(d1) == AF(d2)); 4226 4227 if (IS_IPV4(d1)) { 4228 if (SRCADR(d1) < SRCADR(d2)) 4229 return -1; 4230 else if (SRCADR(d1) == SRCADR(d2)) 4231 return 0; 4232 else 4233 return 1; 4234 } 4235 4236 for (i = 0; i < (int)sizeof(NSRCADR6(d1)); i++) { 4237 if (NSRCADR6(d1)[i] < NSRCADR6(d2)[i]) 4238 return -1; 4239 else if (NSRCADR6(d1)[i] > NSRCADR6(d2)[i]) 4240 return 1; 4241 } 4242 4243 return 0; 4244 } 4245 4246 4247 4248 /* 4249 * fetch an interface structure the matches the 4250 * address and has the given flags NOT set 4251 */ 4252 endpt * 4253 getinterface( 4254 sockaddr_u * addr, 4255 u_int32 flags 4256 ) 4257 { 4258 endpt *iface; 4259 4260 iface = find_addr_in_list(addr); 4261 4262 if (iface != NULL && (iface->flags & flags)) 4263 iface = NULL; 4264 4265 return iface; 4266 } 4267 4268 4269 /* 4270 * findbcastinter - find broadcast interface corresponding to address 4271 */ 4272 endpt * 4273 findbcastinter( 4274 sockaddr_u *addr 4275 ) 4276 { 4277 endpt * iface; 4278 4279 iface = NULL; 4280 #if !defined(MPE) && (defined(SIOCGIFCONF) || defined(SYS_WINNT)) 4281 DPRINTF(4, ("Finding broadcast/multicast interface for addr %s in list of addresses\n", 4282 stoa(addr))); 4283 4284 iface = findlocalinterface(addr, INT_LOOPBACK | INT_WILDCARD, 4285 1); 4286 if (iface != NULL) { 4287 DPRINTF(4, ("Easily found bcast-/mcast- interface index #%d %s\n", 4288 iface->ifnum, iface->name)); 4289 return iface; 4290 } 4291 4292 /* 4293 * plan B - try to find something reasonable in our lists in 4294 * case kernel lookup doesn't help 4295 */ 4296 for (iface = ep_list; iface != NULL; iface = iface->elink) { 4297 if (iface->flags & INT_WILDCARD) 4298 continue; 4299 4300 /* Don't bother with ignored interfaces */ 4301 if (iface->ignore_packets) 4302 continue; 4303 4304 /* 4305 * First look if this is the correct family 4306 */ 4307 if(AF(&iface->sin) != AF(addr)) 4308 continue; 4309 4310 /* Skip the loopback addresses */ 4311 if (iface->flags & INT_LOOPBACK) 4312 continue; 4313 4314 /* 4315 * If we are looking to match a multicast address and 4316 * this interface is one... 4317 */ 4318 if (addr_ismulticast(addr) 4319 && (iface->flags & INT_MULTICAST)) { 4320 #ifdef INCLUDE_IPV6_SUPPORT 4321 /* 4322 * ...it is the winner unless we're looking for 4323 * an interface to use for link-local multicast 4324 * and its address is not link-local. 4325 */ 4326 if (IS_IPV6(addr) 4327 && IN6_IS_ADDR_MC_LINKLOCAL(PSOCK_ADDR6(addr)) 4328 && !IN6_IS_ADDR_LINKLOCAL(PSOCK_ADDR6(&iface->sin))) 4329 continue; 4330 #endif 4331 break; 4332 } 4333 4334 /* 4335 * We match only those interfaces marked as 4336 * broadcastable and either the explicit broadcast 4337 * address or the network portion of the IP address. 4338 * Sloppy. 4339 */ 4340 if (IS_IPV4(addr)) { 4341 if (SOCK_EQ(&iface->bcast, addr)) 4342 break; 4343 4344 if ((NSRCADR(&iface->sin) & NSRCADR(&iface->mask)) 4345 == (NSRCADR(addr) & NSRCADR(&iface->mask))) 4346 break; 4347 } 4348 #ifdef INCLUDE_IPV6_SUPPORT 4349 else if (IS_IPV6(addr)) { 4350 if (SOCK_EQ(&iface->bcast, addr)) 4351 break; 4352 4353 if (SOCK_EQ(netof(&iface->sin), netof(addr))) 4354 break; 4355 } 4356 #endif 4357 } 4358 #endif /* SIOCGIFCONF */ 4359 if (NULL == iface) { 4360 DPRINTF(4, ("No bcast interface found for %s\n", 4361 stoa(addr))); 4362 iface = ANY_INTERFACE_CHOOSE(addr); 4363 } else { 4364 DPRINTF(4, ("Found bcast-/mcast- interface index #%d %s\n", 4365 iface->ifnum, iface->name)); 4366 } 4367 4368 return iface; 4369 } 4370 4371 4372 /* 4373 * io_clr_stats - clear I/O module statistics 4374 */ 4375 void 4376 io_clr_stats(void) 4377 { 4378 packets_dropped = 0; 4379 packets_ignored = 0; 4380 packets_received = 0; 4381 packets_sent = 0; 4382 packets_notsent = 0; 4383 4384 handler_calls = 0; 4385 handler_pkts = 0; 4386 io_timereset = current_time; 4387 } 4388 4389 4390 #ifdef REFCLOCK 4391 /* 4392 * io_addclock - add a reference clock to the list and arrange that we 4393 * get SIGIO interrupts from it. 4394 */ 4395 int 4396 io_addclock( 4397 struct refclockio *rio 4398 ) 4399 { 4400 BLOCKIO(); 4401 4402 /* 4403 * Stuff the I/O structure in the list and mark the descriptor 4404 * in use. There is a harmless (I hope) race condition here. 4405 */ 4406 rio->active = TRUE; 4407 4408 # ifdef HAVE_SIGNALED_IO 4409 if (init_clock_sig(rio)) { 4410 UNBLOCKIO(); 4411 return 0; 4412 } 4413 # elif defined(HAVE_IO_COMPLETION_PORT) 4414 if (!io_completion_port_add_clock_io(rio)) { 4415 UNBLOCKIO(); 4416 return 0; 4417 } 4418 # endif 4419 4420 /* 4421 * enqueue 4422 */ 4423 LINK_SLIST(refio, rio, next); 4424 4425 /* 4426 * register fd 4427 */ 4428 add_fd_to_list(rio->fd, FD_TYPE_FILE); 4429 4430 UNBLOCKIO(); 4431 return 1; 4432 } 4433 4434 4435 /* 4436 * io_closeclock - close the clock in the I/O structure given 4437 */ 4438 void 4439 io_closeclock( 4440 struct refclockio *rio 4441 ) 4442 { 4443 struct refclockio *unlinked; 4444 4445 BLOCKIO(); 4446 4447 /* 4448 * Remove structure from the list 4449 */ 4450 rio->active = FALSE; 4451 UNLINK_SLIST(unlinked, refio, rio, next, struct refclockio); 4452 if (NULL != unlinked) { 4453 /* Close the descriptor. The order of operations is 4454 * important here in case of async / overlapped IO: 4455 * only after we have removed the clock from the 4456 * IO completion port we can be sure no further 4457 * input is queued. So... 4458 * - we first disable feeding to the queu by removing 4459 * the clock from the IO engine 4460 * - close the file (which brings down any IO on it) 4461 * - clear the buffer from results for this fd 4462 */ 4463 # ifdef HAVE_IO_COMPLETION_PORT 4464 io_completion_port_remove_clock_io(rio); 4465 # endif 4466 close_and_delete_fd_from_list(rio->fd); 4467 purge_recv_buffers_for_fd(rio->fd); 4468 rio->fd = -1; 4469 } 4470 4471 UNBLOCKIO(); 4472 } 4473 #endif /* REFCLOCK */ 4474 4475 4476 /* 4477 * On NT a SOCKET is an unsigned int so we cannot possibly keep it in 4478 * an array. So we use one of the ISC_LIST functions to hold the 4479 * socket value and use that when we want to enumerate it. 4480 * 4481 * This routine is called by the forked intres child process to close 4482 * all open sockets. On Windows there's no need as intres runs in 4483 * the same process as a thread. 4484 */ 4485 #ifndef SYS_WINNT 4486 void 4487 kill_asyncio( 4488 int startfd 4489 ) 4490 { 4491 BLOCKIO(); 4492 4493 /* 4494 * In the child process we do not maintain activefds and 4495 * maxactivefd. Zeroing maxactivefd disables code which 4496 * maintains it in close_and_delete_fd_from_list(). 4497 */ 4498 maxactivefd = 0; 4499 4500 while (fd_list != NULL) 4501 close_and_delete_fd_from_list(fd_list->fd); 4502 4503 UNBLOCKIO(); 4504 } 4505 #endif /* !SYS_WINNT */ 4506 4507 4508 /* 4509 * Add and delete functions for the list of open sockets 4510 */ 4511 static void 4512 add_fd_to_list( 4513 SOCKET fd, 4514 enum desc_type type 4515 ) 4516 { 4517 vsock_t *lsock = emalloc(sizeof(*lsock)); 4518 4519 lsock->fd = fd; 4520 lsock->type = type; 4521 4522 LINK_SLIST(fd_list, lsock, link); 4523 maintain_activefds(fd, 0); 4524 } 4525 4526 4527 static void 4528 close_and_delete_fd_from_list( 4529 SOCKET fd 4530 ) 4531 { 4532 vsock_t *lsock; 4533 4534 UNLINK_EXPR_SLIST(lsock, fd_list, fd == 4535 UNLINK_EXPR_SLIST_CURRENT()->fd, link, vsock_t); 4536 4537 if (NULL == lsock) 4538 return; 4539 4540 switch (lsock->type) { 4541 4542 case FD_TYPE_SOCKET: 4543 closesocket(lsock->fd); 4544 break; 4545 4546 case FD_TYPE_FILE: 4547 closeserial((int)lsock->fd); 4548 break; 4549 4550 default: 4551 msyslog(LOG_ERR, 4552 "internal error - illegal descriptor type %d - EXITING", 4553 (int)lsock->type); 4554 exit(1); 4555 } 4556 4557 free(lsock); 4558 /* 4559 * remove from activefds 4560 */ 4561 maintain_activefds(fd, 1); 4562 } 4563 4564 4565 static void 4566 add_addr_to_list( 4567 sockaddr_u * addr, 4568 endpt * ep 4569 ) 4570 { 4571 remaddr_t *laddr; 4572 4573 #ifdef DEBUG 4574 if (find_addr_in_list(addr) == NULL) { 4575 #endif 4576 /* not there yet - add to list */ 4577 laddr = emalloc(sizeof(*laddr)); 4578 laddr->addr = *addr; 4579 laddr->ep = ep; 4580 4581 LINK_SLIST(remoteaddr_list, laddr, link); 4582 4583 DPRINTF(4, ("Added addr %s to list of addresses\n", 4584 stoa(addr))); 4585 #ifdef DEBUG 4586 } else 4587 DPRINTF(4, ("WARNING: Attempt to add duplicate addr %s to address list\n", 4588 stoa(addr))); 4589 #endif 4590 } 4591 4592 4593 static void 4594 delete_addr_from_list( 4595 sockaddr_u *addr 4596 ) 4597 { 4598 remaddr_t *unlinked; 4599 4600 UNLINK_EXPR_SLIST(unlinked, remoteaddr_list, SOCK_EQ(addr, 4601 &(UNLINK_EXPR_SLIST_CURRENT()->addr)), link, remaddr_t); 4602 4603 if (unlinked != NULL) { 4604 DPRINTF(4, ("Deleted addr %s from list of addresses\n", 4605 stoa(addr))); 4606 free(unlinked); 4607 } 4608 } 4609 4610 4611 static void 4612 delete_interface_from_list( 4613 endpt *iface 4614 ) 4615 { 4616 remaddr_t *unlinked; 4617 4618 for (;;) { 4619 UNLINK_EXPR_SLIST(unlinked, remoteaddr_list, iface == 4620 UNLINK_EXPR_SLIST_CURRENT()->ep, link, 4621 remaddr_t); 4622 4623 if (unlinked == NULL) 4624 break; 4625 DPRINTF(4, ("Deleted addr %s for interface #%d %s from list of addresses\n", 4626 stoa(&unlinked->addr), iface->ifnum, 4627 iface->name)); 4628 free(unlinked); 4629 } 4630 } 4631 4632 4633 static struct interface * 4634 find_addr_in_list( 4635 sockaddr_u *addr 4636 ) 4637 { 4638 remaddr_t *entry; 4639 4640 DPRINTF(4, ("Searching for addr %s in list of addresses - ", 4641 stoa(addr))); 4642 4643 for (entry = remoteaddr_list; 4644 entry != NULL; 4645 entry = entry->link) 4646 if (SOCK_EQ(&entry->addr, addr)) { 4647 DPRINTF(4, ("FOUND\n")); 4648 return entry->ep; 4649 } 4650 4651 DPRINTF(4, ("NOT FOUND\n")); 4652 return NULL; 4653 } 4654 4655 4656 /* 4657 * Find the given address with the all given flags set in the list 4658 */ 4659 static endpt * 4660 find_flagged_addr_in_list( 4661 sockaddr_u * addr, 4662 u_int32 flags 4663 ) 4664 { 4665 remaddr_t *entry; 4666 4667 DPRINTF(4, ("Finding addr %s with flags %d in list: ", 4668 stoa(addr), flags)); 4669 4670 for (entry = remoteaddr_list; 4671 entry != NULL; 4672 entry = entry->link) 4673 4674 if (SOCK_EQ(&entry->addr, addr) 4675 && (entry->ep->flags & flags) == flags) { 4676 4677 DPRINTF(4, ("FOUND\n")); 4678 return entry->ep; 4679 } 4680 4681 DPRINTF(4, ("NOT FOUND\n")); 4682 return NULL; 4683 } 4684 4685 4686 const char * 4687 localaddrtoa( 4688 endpt *la 4689 ) 4690 { 4691 return (NULL == la) 4692 ? "<null>" 4693 : stoa(&la->sin); 4694 } 4695 4696 4697 #ifdef HAS_ROUTING_SOCKET 4698 # ifndef UPDATE_GRACE 4699 # define UPDATE_GRACE 2 /* wait UPDATE_GRACE seconds before scanning */ 4700 # endif 4701 4702 static void 4703 process_routing_msgs(struct asyncio_reader *reader) 4704 { 4705 char buffer[5120]; 4706 int cnt, msg_type; 4707 #ifdef HAVE_RTNETLINK 4708 struct nlmsghdr *nh; 4709 #else 4710 struct rt_msghdr rtm; 4711 char *p; 4712 #endif 4713 4714 if (disable_dynamic_updates) { 4715 /* 4716 * discard ourselves if we are not needed any more 4717 * usually happens when running unprivileged 4718 */ 4719 remove_asyncio_reader(reader); 4720 delete_asyncio_reader(reader); 4721 return; 4722 } 4723 4724 cnt = read(reader->fd, buffer, sizeof(buffer)); 4725 4726 if (cnt < 0) { 4727 if (errno == ENOBUFS) { 4728 msyslog(LOG_ERR, 4729 "routing socket reports: %m"); 4730 } else { 4731 msyslog(LOG_ERR, 4732 "routing socket reports: %m - disabling"); 4733 remove_asyncio_reader(reader); 4734 delete_asyncio_reader(reader); 4735 } 4736 return; 4737 } 4738 4739 /* 4740 * process routing message 4741 */ 4742 #ifdef HAVE_RTNETLINK 4743 for (nh = UA_PTR(struct nlmsghdr, buffer); 4744 NLMSG_OK(nh, cnt); 4745 nh = NLMSG_NEXT(nh, cnt)) { 4746 msg_type = nh->nlmsg_type; 4747 #else 4748 for (p = buffer; 4749 (p + sizeof(struct rt_msghdr)) <= (buffer + cnt); 4750 p += rtm.rtm_msglen) { 4751 memcpy(&rtm, p, sizeof(rtm)); 4752 if (rtm.rtm_version != RTM_VERSION) { 4753 msyslog(LOG_ERR, 4754 "version mismatch (got %d - expected %d) on routing socket - disabling", 4755 rtm.rtm_version, RTM_VERSION); 4756 4757 remove_asyncio_reader(reader); 4758 delete_asyncio_reader(reader); 4759 return; 4760 } 4761 msg_type = rtm.rtm_type; 4762 #endif 4763 switch (msg_type) { 4764 #ifdef RTM_NEWADDR 4765 case RTM_NEWADDR: 4766 #endif 4767 #ifdef RTM_DELADDR 4768 case RTM_DELADDR: 4769 #endif 4770 #ifdef RTM_ADD 4771 case RTM_ADD: 4772 #endif 4773 #ifdef RTM_DELETE 4774 case RTM_DELETE: 4775 #endif 4776 #ifdef RTM_REDIRECT 4777 case RTM_REDIRECT: 4778 #endif 4779 #ifdef RTM_CHANGE 4780 case RTM_CHANGE: 4781 #endif 4782 #ifdef RTM_LOSING 4783 case RTM_LOSING: 4784 #endif 4785 #ifdef RTM_IFINFO 4786 case RTM_IFINFO: 4787 #endif 4788 #ifdef RTM_IFANNOUNCE 4789 case RTM_IFANNOUNCE: 4790 #endif 4791 #ifdef RTM_NEWLINK 4792 case RTM_NEWLINK: 4793 #endif 4794 #ifdef RTM_DELLINK 4795 case RTM_DELLINK: 4796 #endif 4797 #ifdef RTM_NEWROUTE 4798 case RTM_NEWROUTE: 4799 #endif 4800 #ifdef RTM_DELROUTE 4801 case RTM_DELROUTE: 4802 #endif 4803 /* 4804 * we are keen on new and deleted addresses and 4805 * if an interface goes up and down or routing 4806 * changes 4807 */ 4808 DPRINTF(3, ("routing message op = %d: scheduling interface update\n", 4809 msg_type)); 4810 timer_interfacetimeout(current_time + UPDATE_GRACE); 4811 break; 4812 #ifdef HAVE_RTNETLINK 4813 case NLMSG_DONE: 4814 /* end of multipart message */ 4815 return; 4816 #endif 4817 default: 4818 /* 4819 * the rest doesn't bother us. 4820 */ 4821 DPRINTF(4, ("routing message op = %d: ignored\n", 4822 msg_type)); 4823 break; 4824 } 4825 } 4826 } 4827 4828 /* 4829 * set up routing notifications 4830 */ 4831 static void 4832 init_async_notifications() 4833 { 4834 struct asyncio_reader *reader; 4835 #ifdef HAVE_RTNETLINK 4836 int fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE); 4837 struct sockaddr_nl sa; 4838 #else 4839 int fd = socket(PF_ROUTE, SOCK_RAW, 0); 4840 #endif 4841 #ifdef RO_MSGFILTER 4842 unsigned char msgfilter[] = { 4843 #ifdef RTM_NEWADDR 4844 RTM_NEWADDR, 4845 #endif 4846 #ifdef RTM_DELADDR 4847 RTM_DELADDR, 4848 #endif 4849 #ifdef RTM_ADD 4850 RTM_ADD, 4851 #endif 4852 #ifdef RTM_DELETE 4853 RTM_DELETE, 4854 #endif 4855 #ifdef RTM_REDIRECT 4856 RTM_REDIRECT, 4857 #endif 4858 #ifdef RTM_CHANGE 4859 RTM_CHANGE, 4860 #endif 4861 #ifdef RTM_LOSING 4862 RTM_LOSING, 4863 #endif 4864 #ifdef RTM_IFINFO 4865 RTM_IFINFO, 4866 #endif 4867 #ifdef RTM_IFANNOUNCE 4868 RTM_IFANNOUNCE, 4869 #endif 4870 #ifdef RTM_NEWLINK 4871 RTM_NEWLINK, 4872 #endif 4873 #ifdef RTM_DELLINK 4874 RTM_DELLINK, 4875 #endif 4876 #ifdef RTM_NEWROUTE 4877 RTM_NEWROUTE, 4878 #endif 4879 #ifdef RTM_DELROUTE 4880 RTM_DELROUTE, 4881 #endif 4882 }; 4883 #endif /* !RO_MSGFILTER */ 4884 4885 if (fd < 0) { 4886 msyslog(LOG_ERR, 4887 "unable to open routing socket (%m) - using polled interface update"); 4888 return; 4889 } 4890 4891 fd = move_fd(fd); 4892 #ifdef HAVE_RTNETLINK 4893 ZERO(sa); 4894 sa.nl_family = PF_NETLINK; 4895 sa.nl_groups = RTMGRP_LINK | RTMGRP_IPV4_IFADDR 4896 | RTMGRP_IPV6_IFADDR | RTMGRP_IPV4_ROUTE 4897 | RTMGRP_IPV4_MROUTE | RTMGRP_IPV6_ROUTE 4898 | RTMGRP_IPV6_MROUTE; 4899 if (bind(fd, (struct sockaddr *)&sa, sizeof(sa)) < 0) { 4900 msyslog(LOG_ERR, 4901 "bind failed on routing socket (%m) - using polled interface update"); 4902 return; 4903 } 4904 #endif 4905 #ifdef RO_MSGFILTER 4906 if (setsockopt(fd, PF_ROUTE, RO_MSGFILTER, 4907 &msgfilter, sizeof(msgfilter)) == -1) 4908 msyslog(LOG_ERR, "RO_MSGFILTER: %m"); 4909 #endif 4910 make_socket_nonblocking(fd); 4911 #if defined(HAVE_SIGNALED_IO) 4912 init_socket_sig(fd); 4913 #endif /* HAVE_SIGNALED_IO */ 4914 4915 reader = new_asyncio_reader(); 4916 4917 reader->fd = fd; 4918 reader->receiver = process_routing_msgs; 4919 4920 add_asyncio_reader(reader, FD_TYPE_SOCKET); 4921 msyslog(LOG_INFO, 4922 "Listening on routing socket on fd #%d for interface updates", 4923 fd); 4924 } 4925 #else 4926 /* HAS_ROUTING_SOCKET not defined */ 4927 static void 4928 init_async_notifications(void) 4929 { 4930 } 4931 #endif 4932 4933