1 /* $NetBSD: ntp_io.c,v 1.23 2016/06/03 20:39:02 christos Exp $ */ 2 3 /* 4 * ntp_io.c - input/output routines for ntpd. The socket-opening code 5 * was shamelessly stolen from ntpd. 6 */ 7 8 #ifdef HAVE_CONFIG_H 9 # include <config.h> 10 #endif 11 12 #include <stdio.h> 13 #include <signal.h> 14 #ifdef HAVE_FNMATCH_H 15 # include <fnmatch.h> 16 # if !defined(FNM_CASEFOLD) && defined(FNM_IGNORECASE) 17 # define FNM_CASEFOLD FNM_IGNORECASE 18 # endif 19 #endif 20 #ifdef HAVE_SYS_PARAM_H 21 # include <sys/param.h> 22 #endif 23 #ifdef HAVE_SYS_IOCTL_H 24 # include <sys/ioctl.h> 25 #endif 26 #ifdef HAVE_SYS_SOCKIO_H /* UXPV: SIOC* #defines (Frank Vance <fvance@waii.com>) */ 27 # include <sys/sockio.h> 28 #endif 29 #ifdef HAVE_SYS_UIO_H 30 # include <sys/uio.h> 31 #endif 32 33 #include "ntp_machine.h" 34 #include "ntpd.h" 35 #include "ntp_io.h" 36 #include "iosignal.h" 37 #include "ntp_lists.h" 38 #include "ntp_refclock.h" 39 #include "ntp_stdlib.h" 40 #include "ntp_worker.h" 41 #include "ntp_request.h" 42 #include "ntp_assert.h" 43 #include "timevalops.h" 44 #include "timespecops.h" 45 #include "ntpd-opts.h" 46 #include "safecast.h" 47 48 /* Don't include ISC's version of IPv6 variables and structures */ 49 #define ISC_IPV6_H 1 50 #include <isc/mem.h> 51 #include <isc/interfaceiter.h> 52 #include <isc/netaddr.h> 53 #include <isc/result.h> 54 #include <isc/sockaddr.h> 55 56 #ifdef SIM 57 #include "ntpsim.h" 58 #endif 59 60 #ifdef HAS_ROUTING_SOCKET 61 # include <net/route.h> 62 # ifdef HAVE_RTNETLINK 63 # include <linux/rtnetlink.h> 64 # endif 65 #endif 66 67 /* 68 * setsockopt does not always have the same arg declaration 69 * across all platforms. If it's not defined we make it empty 70 */ 71 72 #ifndef SETSOCKOPT_ARG_CAST 73 #define SETSOCKOPT_ARG_CAST 74 #endif 75 76 extern int listen_to_virtual_ips; 77 78 #ifndef IPTOS_DSCP_EF 79 #define IPTOS_DSCP_EF 0xb8 80 #endif 81 int qos = IPTOS_DSCP_EF; /* QoS RFC3246 */ 82 83 #ifdef LEAP_SMEAR 84 /* TODO burnicki: This should be moved to ntp_timer.c, but if we do so 85 * we get a linker error. Since we're running out of time before the leap 86 * second occurs, we let it here where it just works. 87 */ 88 int leap_smear_intv; 89 #endif 90 91 /* 92 * NIC rule entry 93 */ 94 typedef struct nic_rule_tag nic_rule; 95 96 struct nic_rule_tag { 97 nic_rule * next; 98 nic_rule_action action; 99 nic_rule_match match_type; 100 char * if_name; 101 sockaddr_u addr; 102 int prefixlen; 103 }; 104 105 /* 106 * NIC rule listhead. Entries are added at the head so that the first 107 * match in the list is the last matching rule specified. 108 */ 109 nic_rule *nic_rule_list; 110 111 112 #if defined(SO_BINTIME) && defined(SCM_BINTIME) && defined(CMSG_FIRSTHDR) 113 # define HAVE_PACKET_TIMESTAMP 114 # define HAVE_BINTIME 115 # ifdef BINTIME_CTLMSGBUF_SIZE 116 # define CMSG_BUFSIZE BINTIME_CTLMSGBUF_SIZE 117 # else 118 # define CMSG_BUFSIZE 1536 /* moderate default */ 119 # endif 120 #elif defined(SO_TIMESTAMPNS) && defined(SCM_TIMESTAMPNS) && defined(CMSG_FIRSTHDR) 121 # define HAVE_PACKET_TIMESTAMP 122 # define HAVE_TIMESTAMPNS 123 # ifdef TIMESTAMPNS_CTLMSGBUF_SIZE 124 # define CMSG_BUFSIZE TIMESTAMPNS_CTLMSGBUF_SIZE 125 # else 126 # define CMSG_BUFSIZE 1536 /* moderate default */ 127 # endif 128 #elif defined(SO_TIMESTAMP) && defined(SCM_TIMESTAMP) && defined(CMSG_FIRSTHDR) 129 # define HAVE_PACKET_TIMESTAMP 130 # define HAVE_TIMESTAMP 131 # ifdef TIMESTAMP_CTLMSGBUF_SIZE 132 # define CMSG_BUFSIZE TIMESTAMP_CTLMSGBUF_SIZE 133 # else 134 # define CMSG_BUFSIZE 1536 /* moderate default */ 135 # endif 136 #else 137 /* fill in for old/other timestamp interfaces */ 138 #endif 139 140 #if defined(SYS_WINNT) 141 #include "win32_io.h" 142 #include <isc/win32os.h> 143 #endif 144 145 /* 146 * We do asynchronous input using the SIGIO facility. A number of 147 * recvbuf buffers are preallocated for input. In the signal 148 * handler we poll to see which sockets are ready and read the 149 * packets from them into the recvbuf's along with a time stamp and 150 * an indication of the source host and the interface it was received 151 * through. This allows us to get as accurate receive time stamps 152 * as possible independent of other processing going on. 153 * 154 * We watch the number of recvbufs available to the signal handler 155 * and allocate more when this number drops below the low water 156 * mark. If the signal handler should run out of buffers in the 157 * interim it will drop incoming frames, the idea being that it is 158 * better to drop a packet than to be inaccurate. 159 */ 160 161 162 /* 163 * Other statistics of possible interest 164 */ 165 volatile u_long packets_dropped; /* total number of packets dropped on reception */ 166 volatile u_long packets_ignored; /* packets received on wild card interface */ 167 volatile u_long packets_received; /* total number of packets received */ 168 u_long packets_sent; /* total number of packets sent */ 169 u_long packets_notsent; /* total number of packets which couldn't be sent */ 170 171 volatile u_long handler_calls; /* number of calls to interrupt handler */ 172 volatile u_long handler_pkts; /* number of pkts received by handler */ 173 u_long io_timereset; /* time counters were reset */ 174 175 /* 176 * Interface stuff 177 */ 178 endpt * any_interface; /* wildcard ipv4 interface */ 179 endpt * any6_interface; /* wildcard ipv6 interface */ 180 endpt * loopback_interface; /* loopback ipv4 interface */ 181 182 isc_boolean_t broadcast_client_enabled; /* is broadcast client enabled */ 183 u_int sys_ifnum; /* next .ifnum to assign */ 184 int ninterfaces; /* Total number of interfaces */ 185 186 int disable_dynamic_updates; /* scan interfaces once only */ 187 188 #ifdef REFCLOCK 189 /* 190 * Refclock stuff. We keep a chain of structures with data concerning 191 * the guys we are doing I/O for. 192 */ 193 static struct refclockio *refio; 194 #endif /* REFCLOCK */ 195 196 /* 197 * File descriptor masks etc. for call to select 198 * Not needed for I/O Completion Ports or anything outside this file 199 */ 200 static fd_set activefds; 201 static int maxactivefd; 202 203 /* 204 * bit alternating value to detect verified interfaces during an update cycle 205 */ 206 static u_short sys_interphase = 0; 207 208 static endpt * new_interface(endpt *); 209 static void add_interface(endpt *); 210 static int update_interfaces(u_short, interface_receiver_t, 211 void *); 212 static void remove_interface(endpt *); 213 static endpt * create_interface(u_short, endpt *); 214 215 static int is_wildcard_addr (const sockaddr_u *); 216 217 /* 218 * Multicast functions 219 */ 220 static isc_boolean_t addr_ismulticast (sockaddr_u *); 221 static isc_boolean_t is_anycast (sockaddr_u *, 222 const char *); 223 224 /* 225 * Not all platforms support multicast 226 */ 227 #ifdef MCAST 228 static isc_boolean_t socket_multicast_enable (endpt *, sockaddr_u *); 229 static isc_boolean_t socket_multicast_disable(endpt *, sockaddr_u *); 230 #endif 231 232 #ifdef DEBUG 233 static void interface_dump (const endpt *); 234 static void sockaddr_dump (const sockaddr_u *); 235 static void print_interface (const endpt *, const char *, const char *); 236 #define DPRINT_INTERFACE(level, args) do { if (debug >= (level)) { print_interface args; } } while (0) 237 #else 238 #define DPRINT_INTERFACE(level, args) do {} while (0) 239 #endif 240 241 typedef struct vsock vsock_t; 242 enum desc_type { FD_TYPE_SOCKET, FD_TYPE_FILE }; 243 244 struct vsock { 245 vsock_t * link; 246 SOCKET fd; 247 enum desc_type type; 248 }; 249 250 vsock_t *fd_list; 251 252 #if !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) 253 /* 254 * async notification processing (e. g. routing sockets) 255 */ 256 /* 257 * support for receiving data on fd that is not a refclock or a socket 258 * like e. g. routing sockets 259 */ 260 struct asyncio_reader { 261 struct asyncio_reader *link; /* the list this is being kept in */ 262 SOCKET fd; /* fd to be read */ 263 void *data; /* possibly local data */ 264 void (*receiver)(struct asyncio_reader *); /* input handler */ 265 }; 266 267 struct asyncio_reader *asyncio_reader_list; 268 269 static void delete_asyncio_reader (struct asyncio_reader *); 270 static struct asyncio_reader *new_asyncio_reader (void); 271 static void add_asyncio_reader (struct asyncio_reader *, enum desc_type); 272 static void remove_asyncio_reader (struct asyncio_reader *); 273 274 #endif /* !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) */ 275 276 static void init_async_notifications (void); 277 278 static int addr_eqprefix (const sockaddr_u *, const sockaddr_u *, 279 int); 280 static int addr_samesubnet (const sockaddr_u *, const sockaddr_u *, 281 const sockaddr_u *, const sockaddr_u *); 282 static int create_sockets (u_short); 283 static SOCKET open_socket (sockaddr_u *, int, int, endpt *); 284 static void set_reuseaddr (int); 285 static isc_boolean_t socket_broadcast_enable (struct interface *, SOCKET, sockaddr_u *); 286 287 #if !defined(HAVE_IO_COMPLETION_PORT) && !defined(HAVE_SIGNALED_IO) 288 static char * fdbits (int, const fd_set *); 289 #endif 290 #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES 291 static isc_boolean_t socket_broadcast_disable (struct interface *, sockaddr_u *); 292 #endif 293 294 typedef struct remaddr remaddr_t; 295 296 struct remaddr { 297 remaddr_t * link; 298 sockaddr_u addr; 299 endpt * ep; 300 }; 301 302 remaddr_t * remoteaddr_list; 303 endpt * ep_list; /* complete endpt list */ 304 endpt * mc4_list; /* IPv4 mcast-capable unicast endpts */ 305 endpt * mc6_list; /* IPv6 mcast-capable unicast endpts */ 306 307 static endpt * wildipv4; 308 static endpt * wildipv6; 309 310 #ifdef SYS_WINNT 311 int accept_wildcard_if_for_winnt; 312 #else 313 const int accept_wildcard_if_for_winnt = FALSE; 314 #endif 315 316 static void add_fd_to_list (SOCKET, enum desc_type); 317 static endpt * find_addr_in_list (sockaddr_u *); 318 static endpt * find_flagged_addr_in_list(sockaddr_u *, u_int32); 319 static void delete_addr_from_list (sockaddr_u *); 320 static void delete_interface_from_list(endpt *); 321 static void close_and_delete_fd_from_list(SOCKET); 322 static void add_addr_to_list (sockaddr_u *, endpt *); 323 static void create_wildcards (u_short); 324 static endpt * findlocalinterface (sockaddr_u *, int, int); 325 static endpt * findclosestinterface (sockaddr_u *, int); 326 #ifdef DEBUG 327 static const char * action_text (nic_rule_action); 328 #endif 329 static nic_rule_action interface_action(char *, sockaddr_u *, u_int32); 330 static void convert_isc_if (isc_interface_t *, 331 endpt *, u_short); 332 static void calc_addr_distance(sockaddr_u *, 333 const sockaddr_u *, 334 const sockaddr_u *); 335 static int cmp_addr_distance(const sockaddr_u *, 336 const sockaddr_u *); 337 338 /* 339 * Routines to read the ntp packets 340 */ 341 #if !defined(HAVE_IO_COMPLETION_PORT) 342 static inline int read_network_packet (SOCKET, struct interface *, l_fp); 343 static void ntpd_addremove_io_fd (int, int, int); 344 static void input_handler_scan (const l_fp*, const fd_set*); 345 static int/*BOOL*/ sanitize_fdset (int errc); 346 #ifdef REFCLOCK 347 static inline int read_refclock_packet (SOCKET, struct refclockio *, l_fp); 348 #endif 349 #ifdef HAVE_SIGNALED_IO 350 static void input_handler (l_fp*); 351 #endif 352 #endif 353 354 355 #ifndef HAVE_IO_COMPLETION_PORT 356 void 357 maintain_activefds( 358 int fd, 359 int closing 360 ) 361 { 362 int i; 363 364 if (fd < 0 || fd >= FD_SETSIZE) { 365 msyslog(LOG_ERR, 366 "Too many sockets in use, FD_SETSIZE %d exceeded by fd %d", 367 FD_SETSIZE, fd); 368 exit(1); 369 } 370 371 if (!closing) { 372 FD_SET(fd, &activefds); 373 maxactivefd = max(fd, maxactivefd); 374 } else { 375 FD_CLR(fd, &activefds); 376 if (maxactivefd && fd == maxactivefd) { 377 for (i = maxactivefd - 1; i >= 0; i--) 378 if (FD_ISSET(i, &activefds)) { 379 maxactivefd = i; 380 break; 381 } 382 INSIST(fd != maxactivefd); 383 } 384 } 385 } 386 #endif /* !HAVE_IO_COMPLETION_PORT */ 387 388 389 #ifdef DEBUG_TIMING 390 /* 391 * collect timing information for various processing 392 * paths. currently we only pass them on to the file 393 * for later processing. this could also do histogram 394 * based analysis in other to reduce the load (and skew) 395 * dur to the file output 396 */ 397 void 398 collect_timing(struct recvbuf *rb, const char *tag, int count, l_fp *dts) 399 { 400 char buf[256]; 401 402 snprintf(buf, sizeof(buf), "%s %d %s %s", 403 (rb != NULL) 404 ? ((rb->dstadr != NULL) 405 ? stoa(&rb->recv_srcadr) 406 : "-REFCLOCK-") 407 : "-", 408 count, lfptoa(dts, 9), tag); 409 record_timing_stats(buf); 410 } 411 #endif 412 413 /* 414 * About dynamic interfaces, sockets, reception and more... 415 * 416 * the code solves following tasks: 417 * 418 * - keep a current list of active interfaces in order 419 * to bind to to the interface address on NTP_PORT so that 420 * all wild and specific bindings for NTP_PORT are taken by ntpd 421 * to avoid other daemons messing with the time or sockets. 422 * - all interfaces keep a list of peers that are referencing 423 * the interface in order to quickly re-assign the peers to 424 * new interface in case an interface is deleted (=> gone from system or 425 * down) 426 * - have a preconfigured socket ready with the right local address 427 * for transmission and reception 428 * - have an address list for all destination addresses used within ntpd 429 * to find the "right" preconfigured socket. 430 * - facilitate updating the internal interface list with respect to 431 * the current kernel state 432 * 433 * special issues: 434 * 435 * - mapping of multicast addresses to the interface affected is not always 436 * one to one - especially on hosts with multiple interfaces 437 * the code here currently allocates a separate interface entry for those 438 * multicast addresses 439 * iff it is able to bind to a *new* socket with the multicast address (flags |= MCASTIF) 440 * in case of failure the multicast address is bound to an existing interface. 441 * - on some systems it is perfectly legal to assign the same address to 442 * multiple interfaces. Therefore this code does not keep a list of interfaces 443 * but a list of interfaces that represent a unique address as determined by the kernel 444 * by the procedure in findlocalinterface. Thus it is perfectly legal to see only 445 * one representative of a group of real interfaces if they share the same address. 446 * 447 * Frank Kardel 20050910 448 */ 449 450 /* 451 * init_io - initialize I/O module. 452 */ 453 void 454 init_io(void) 455 { 456 /* Init buffer free list and stat counters */ 457 init_recvbuff(RECV_INIT); 458 /* update interface every 5 minutes as default */ 459 interface_interval = 300; 460 461 #ifdef WORK_PIPE 462 addremove_io_fd = &ntpd_addremove_io_fd; 463 #endif 464 465 #if defined(SYS_WINNT) 466 init_io_completion_port(); 467 #elif defined(HAVE_SIGNALED_IO) 468 (void) set_signal(input_handler); 469 #endif 470 } 471 472 473 static void 474 ntpd_addremove_io_fd( 475 int fd, 476 int is_pipe, 477 int remove_it 478 ) 479 { 480 UNUSED_ARG(is_pipe); 481 482 #ifdef HAVE_SIGNALED_IO 483 if (!remove_it) 484 init_socket_sig(fd); 485 #endif /* not HAVE_SIGNALED_IO */ 486 487 maintain_activefds(fd, remove_it); 488 } 489 490 491 /* 492 * io_open_sockets - call socket creation routine 493 */ 494 void 495 io_open_sockets(void) 496 { 497 static int already_opened; 498 499 if (already_opened || HAVE_OPT( SAVECONFIGQUIT )) 500 return; 501 502 already_opened = 1; 503 504 /* 505 * Create the sockets 506 */ 507 BLOCKIO(); 508 create_sockets(NTP_PORT); 509 UNBLOCKIO(); 510 511 init_async_notifications(); 512 513 DPRINTF(3, ("io_open_sockets: maxactivefd %d\n", maxactivefd)); 514 } 515 516 517 #ifdef DEBUG 518 /* 519 * function to dump the contents of the interface structure 520 * for debugging use only. 521 */ 522 void 523 interface_dump(const endpt *itf) 524 { 525 printf("Dumping interface: %p\n", itf); 526 printf("fd = %d\n", itf->fd); 527 printf("bfd = %d\n", itf->bfd); 528 printf("sin = %s,\n", stoa(&itf->sin)); 529 sockaddr_dump(&itf->sin); 530 printf("bcast = %s,\n", stoa(&itf->bcast)); 531 sockaddr_dump(&itf->bcast); 532 printf("mask = %s,\n", stoa(&itf->mask)); 533 sockaddr_dump(&itf->mask); 534 printf("name = %s\n", itf->name); 535 printf("flags = 0x%08x\n", itf->flags); 536 printf("last_ttl = %d\n", itf->last_ttl); 537 printf("addr_refid = %08x\n", itf->addr_refid); 538 printf("num_mcast = %d\n", itf->num_mcast); 539 printf("received = %ld\n", itf->received); 540 printf("sent = %ld\n", itf->sent); 541 printf("notsent = %ld\n", itf->notsent); 542 printf("ifindex = %u\n", itf->ifindex); 543 printf("peercnt = %u\n", itf->peercnt); 544 printf("phase = %u\n", itf->phase); 545 } 546 547 /* 548 * sockaddr_dump - hex dump the start of a sockaddr_u 549 */ 550 static void 551 sockaddr_dump(const sockaddr_u *psau) 552 { 553 /* Limit the size of the sockaddr_in6 hex dump */ 554 const int maxsize = min(32, sizeof(psau->sa6)); 555 const u_char * cp; 556 int i; 557 558 /* XXX: Should we limit maxsize based on psau->saX.sin_family? */ 559 cp = (const void *)&psau->sa6; 560 561 for(i = 0; i < maxsize; i++) { 562 printf("%02x", *cp++); 563 if (!((i + 1) % 4)) 564 printf(" "); 565 } 566 printf("\n"); 567 } 568 569 /* 570 * print_interface - helper to output debug information 571 */ 572 static void 573 print_interface(const endpt *iface, const char *pfx, const char *sfx) 574 { 575 printf("%sinterface #%d: fd=%d, bfd=%d, name=%s, flags=0x%x, ifindex=%u, sin=%s", 576 pfx, 577 iface->ifnum, 578 iface->fd, 579 iface->bfd, 580 iface->name, 581 iface->flags, 582 iface->ifindex, 583 stoa(&iface->sin)); 584 if (AF_INET == iface->family) { 585 if (iface->flags & INT_BROADCAST) 586 printf(", bcast=%s", stoa(&iface->bcast)); 587 printf(", mask=%s", stoa(&iface->mask)); 588 } 589 printf(", %s:%s", 590 (iface->ignore_packets) 591 ? "Disabled" 592 : "Enabled", 593 sfx); 594 if (debug > 4) /* in-depth debugging only */ 595 interface_dump(iface); 596 } 597 #endif 598 599 #if !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) 600 /* 601 * create an asyncio_reader structure 602 */ 603 static struct asyncio_reader * 604 new_asyncio_reader(void) 605 { 606 struct asyncio_reader *reader; 607 608 reader = emalloc_zero(sizeof(*reader)); 609 reader->fd = INVALID_SOCKET; 610 611 return reader; 612 } 613 614 /* 615 * delete a reader 616 */ 617 static void 618 delete_asyncio_reader( 619 struct asyncio_reader *reader 620 ) 621 { 622 free(reader); 623 } 624 625 /* 626 * add asynchio_reader 627 */ 628 static void 629 add_asyncio_reader( 630 struct asyncio_reader * reader, 631 enum desc_type type) 632 { 633 LINK_SLIST(asyncio_reader_list, reader, link); 634 add_fd_to_list(reader->fd, type); 635 } 636 637 /* 638 * remove asynchio_reader 639 */ 640 static void 641 remove_asyncio_reader( 642 struct asyncio_reader *reader 643 ) 644 { 645 struct asyncio_reader *unlinked; 646 647 UNLINK_SLIST(unlinked, asyncio_reader_list, reader, link, 648 struct asyncio_reader); 649 650 if (reader->fd != INVALID_SOCKET) 651 close_and_delete_fd_from_list(reader->fd); 652 653 reader->fd = INVALID_SOCKET; 654 } 655 #endif /* !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) */ 656 657 658 /* compare two sockaddr prefixes */ 659 static int 660 addr_eqprefix( 661 const sockaddr_u * a, 662 const sockaddr_u * b, 663 int prefixlen 664 ) 665 { 666 isc_netaddr_t isc_a; 667 isc_netaddr_t isc_b; 668 isc_sockaddr_t isc_sa; 669 670 ZERO(isc_sa); 671 memcpy(&isc_sa.type, a, min(sizeof(isc_sa.type), sizeof(*a))); 672 isc_netaddr_fromsockaddr(&isc_a, &isc_sa); 673 674 ZERO(isc_sa); 675 memcpy(&isc_sa.type, b, min(sizeof(isc_sa.type), sizeof(*b))); 676 isc_netaddr_fromsockaddr(&isc_b, &isc_sa); 677 678 return (int)isc_netaddr_eqprefix(&isc_a, &isc_b, 679 (u_int)prefixlen); 680 } 681 682 683 static int 684 addr_samesubnet( 685 const sockaddr_u * a, 686 const sockaddr_u * a_mask, 687 const sockaddr_u * b, 688 const sockaddr_u * b_mask 689 ) 690 { 691 const u_int32 * pa; 692 const u_int32 * pa_limit; 693 const u_int32 * pb; 694 const u_int32 * pm; 695 size_t loops; 696 697 REQUIRE(AF(a) == AF(a_mask)); 698 REQUIRE(AF(b) == AF(b_mask)); 699 /* 700 * With address and mask families verified to match, comparing 701 * the masks also validates the address's families match. 702 */ 703 if (!SOCK_EQ(a_mask, b_mask)) 704 return FALSE; 705 706 if (IS_IPV6(a)) { 707 loops = sizeof(NSRCADR6(a)) / sizeof(*pa); 708 pa = (const void *)&NSRCADR6(a); 709 pb = (const void *)&NSRCADR6(b); 710 pm = (const void *)&NSRCADR6(a_mask); 711 } else { 712 loops = sizeof(NSRCADR(a)) / sizeof(*pa); 713 pa = (const void *)&NSRCADR(a); 714 pb = (const void *)&NSRCADR(b); 715 pm = (const void *)&NSRCADR(a_mask); 716 } 717 for (pa_limit = pa + loops; pa < pa_limit; pa++, pb++, pm++) 718 if ((*pa & *pm) != (*pb & *pm)) 719 return FALSE; 720 721 return TRUE; 722 } 723 724 725 /* 726 * interface list enumerator - visitor pattern 727 */ 728 void 729 interface_enumerate( 730 interface_receiver_t receiver, 731 void * data 732 ) 733 { 734 interface_info_t ifi; 735 736 ifi.action = IFS_EXISTS; 737 for (ifi.ep = ep_list; ifi.ep != NULL; ifi.ep = ifi.ep->elink) 738 (*receiver)(data, &ifi); 739 } 740 741 /* 742 * do standard initialization of interface structure 743 */ 744 static void 745 init_interface( 746 endpt *ep 747 ) 748 { 749 ZERO(*ep); 750 ep->fd = INVALID_SOCKET; 751 ep->bfd = INVALID_SOCKET; 752 ep->phase = sys_interphase; 753 } 754 755 756 /* 757 * create new interface structure initialize from 758 * template structure or via standard initialization 759 * function 760 */ 761 static struct interface * 762 new_interface( 763 struct interface *interface 764 ) 765 { 766 struct interface * iface; 767 768 iface = emalloc(sizeof(*iface)); 769 770 if (NULL == interface) 771 init_interface(iface); 772 else /* use the template */ 773 memcpy(iface, interface, sizeof(*iface)); 774 775 /* count every new instance of an interface in the system */ 776 iface->ifnum = sys_ifnum++; 777 iface->starttime = current_time; 778 779 # ifdef HAVE_IO_COMPLETION_PORT 780 if (!io_completion_port_add_interface(iface)) { 781 msyslog(LOG_EMERG, "cannot register interface with IO engine -- will exit now"); 782 exit(1); 783 } 784 # endif 785 return iface; 786 } 787 788 789 /* 790 * return interface storage into free memory pool 791 */ 792 static void 793 delete_interface( 794 endpt *ep 795 ) 796 { 797 # ifdef HAVE_IO_COMPLETION_PORT 798 io_completion_port_remove_interface(ep); 799 # endif 800 free(ep); 801 } 802 803 804 /* 805 * link interface into list of known interfaces 806 */ 807 static void 808 add_interface( 809 endpt * ep 810 ) 811 { 812 endpt ** pmclisthead; 813 endpt * scan; 814 endpt * scan_next; 815 endpt * unlinked; 816 sockaddr_u * addr; 817 int ep_local; 818 int scan_local; 819 int same_subnet; 820 int ep_univ_iid; /* iface ID from MAC address */ 821 int scan_univ_iid; /* see RFC 4291 */ 822 int ep_privacy; /* random local iface ID */ 823 int scan_privacy; /* see RFC 4941 */ 824 int rc; 825 826 /* Calculate the refid */ 827 ep->addr_refid = addr2refid(&ep->sin); 828 /* link at tail so ntpdc -c ifstats index increases each row */ 829 LINK_TAIL_SLIST(ep_list, ep, elink, endpt); 830 ninterfaces++; 831 #ifdef MCAST 832 /* the rest is for enabled multicast-capable addresses only */ 833 if (ep->ignore_packets || !(INT_MULTICAST & ep->flags) || 834 INT_LOOPBACK & ep->flags) 835 return; 836 # ifndef INCLUDE_IPV6_MULTICAST_SUPPORT 837 if (AF_INET6 == ep->family) 838 return; 839 # endif 840 pmclisthead = (AF_INET == ep->family) 841 ? &mc4_list 842 : &mc6_list; 843 844 if (AF_INET6 == ep->family) { 845 ep_local = 846 IN6_IS_ADDR_LINKLOCAL(PSOCK_ADDR6(&ep->sin)) || 847 IN6_IS_ADDR_SITELOCAL(PSOCK_ADDR6(&ep->sin)); 848 ep_univ_iid = IS_IID_UNIV(&ep->sin); 849 ep_privacy = !!(INT_PRIVACY & ep->flags); 850 } else { 851 ep_local = FALSE; 852 ep_univ_iid = FALSE; 853 ep_privacy = FALSE; 854 } 855 DPRINTF(4, ("add_interface mcast-capable %s%s%s%s\n", 856 stoa(&ep->sin), 857 (ep_local) ? " link/scope-local" : "", 858 (ep_univ_iid) ? " univ-IID" : "", 859 (ep_privacy) ? " privacy" : "")); 860 /* 861 * If we have multiple local addresses on the same network 862 * interface, and some are link- or site-local, do not multicast 863 * out from the link-/site-local addresses by default, to avoid 864 * duplicate manycastclient associations between v6 peers using 865 * link-local and global addresses. link-local can still be 866 * chosen using "nic ignore myv6globalprefix::/64". 867 * Similarly, if we have multiple global addresses from the same 868 * prefix on the same network interface, multicast from one, 869 * preferring EUI-64, then static, then least RFC 4941 privacy 870 * addresses. 871 */ 872 for (scan = *pmclisthead; scan != NULL; scan = scan_next) { 873 scan_next = scan->mclink; 874 if (ep->family != scan->family) 875 continue; 876 if (strcmp(ep->name, scan->name)) 877 continue; 878 same_subnet = addr_samesubnet(&ep->sin, &ep->mask, 879 &scan->sin, &scan->mask); 880 if (AF_INET6 == ep->family) { 881 addr = &scan->sin; 882 scan_local = 883 IN6_IS_ADDR_LINKLOCAL(PSOCK_ADDR6(addr)) || 884 IN6_IS_ADDR_SITELOCAL(PSOCK_ADDR6(addr)); 885 scan_univ_iid = IS_IID_UNIV(addr); 886 scan_privacy = !!(INT_PRIVACY & scan->flags); 887 } else { 888 scan_local = FALSE; 889 scan_univ_iid = FALSE; 890 scan_privacy = FALSE; 891 } 892 DPRINTF(4, ("add_interface mcast-capable scan %s%s%s%s\n", 893 stoa(&scan->sin), 894 (scan_local) ? " link/scope-local" : "", 895 (scan_univ_iid) ? " univ-IID" : "", 896 (scan_privacy) ? " privacy" : "")); 897 if ((ep_local && !scan_local) || (same_subnet && 898 ((ep_privacy && !scan_privacy) || 899 (!ep_univ_iid && scan_univ_iid)))) { 900 DPRINTF(4, ("did not add %s to %s of IPv6 multicast-capable list which already has %s\n", 901 stoa(&ep->sin), 902 (ep_local) 903 ? "tail" 904 : "head", 905 stoa(&scan->sin))); 906 return; 907 } 908 if ((scan_local && !ep_local) || (same_subnet && 909 ((scan_privacy && !ep_privacy) || 910 (!scan_univ_iid && ep_univ_iid)))) { 911 UNLINK_SLIST(unlinked, *pmclisthead, 912 scan, mclink, endpt); 913 DPRINTF(4, ("%s %s from IPv6 multicast-capable list to add %s\n", 914 (unlinked != scan) 915 ? "Failed to remove" 916 : "removed", 917 stoa(&scan->sin), stoa(&ep->sin))); 918 } 919 } 920 /* 921 * Add link/site local at the tail of the multicast- 922 * capable unicast interfaces list, so that ntpd will 923 * send from global addresses before link-/site-local 924 * ones. 925 */ 926 if (ep_local) 927 LINK_TAIL_SLIST(*pmclisthead, ep, mclink, endpt); 928 else 929 LINK_SLIST(*pmclisthead, ep, mclink); 930 DPRINTF(4, ("added %s to %s of IPv%s multicast-capable unicast local address list\n", 931 stoa(&ep->sin), 932 (ep_local) 933 ? "tail" 934 : "head", 935 (AF_INET == ep->family) 936 ? "4" 937 : "6")); 938 939 if (INVALID_SOCKET == ep->fd) 940 return; 941 942 /* 943 * select the local address from which to send to multicast. 944 */ 945 switch (AF(&ep->sin)) { 946 947 case AF_INET : 948 rc = setsockopt(ep->fd, IPPROTO_IP, 949 IP_MULTICAST_IF, 950 (void *)&NSRCADR(&ep->sin), 951 sizeof(NSRCADR(&ep->sin))); 952 if (rc) 953 msyslog(LOG_ERR, 954 "setsockopt IP_MULTICAST_IF %s fails: %m", 955 stoa(&ep->sin)); 956 break; 957 958 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 959 case AF_INET6 : 960 rc = setsockopt(ep->fd, IPPROTO_IPV6, 961 IPV6_MULTICAST_IF, 962 (void *)&ep->ifindex, 963 sizeof(ep->ifindex)); 964 /* do not complain if bound addr scope is ifindex */ 965 if (rc && ep->ifindex != SCOPE(&ep->sin)) 966 msyslog(LOG_ERR, 967 "setsockopt IPV6_MULTICAST_IF %u for %s fails: %m", 968 ep->ifindex, stoa(&ep->sin)); 969 break; 970 # endif 971 } 972 #endif /* MCAST */ 973 } 974 975 976 /* 977 * remove interface from known interface list and clean up 978 * associated resources 979 */ 980 static void 981 remove_interface( 982 endpt * ep 983 ) 984 { 985 endpt * unlinked; 986 endpt ** pmclisthead; 987 sockaddr_u resmask; 988 989 UNLINK_SLIST(unlinked, ep_list, ep, elink, endpt); 990 if (!ep->ignore_packets && INT_MULTICAST & ep->flags) { 991 pmclisthead = (AF_INET == ep->family) 992 ? &mc4_list 993 : &mc6_list; 994 UNLINK_SLIST(unlinked, *pmclisthead, ep, mclink, endpt); 995 DPRINTF(4, ("%s %s IPv%s multicast-capable unicast local address list\n", 996 stoa(&ep->sin), 997 (unlinked != NULL) 998 ? "removed from" 999 : "not found on", 1000 (AF_INET == ep->family) 1001 ? "4" 1002 : "6")); 1003 } 1004 delete_interface_from_list(ep); 1005 1006 if (ep->fd != INVALID_SOCKET) { 1007 msyslog(LOG_INFO, 1008 "Deleting interface #%d %s, %s#%d, interface stats: received=%ld, sent=%ld, dropped=%ld, active_time=%ld secs", 1009 ep->ifnum, 1010 ep->name, 1011 stoa(&ep->sin), 1012 SRCPORT(&ep->sin), 1013 ep->received, 1014 ep->sent, 1015 ep->notsent, 1016 current_time - ep->starttime); 1017 # ifdef HAVE_IO_COMPLETION_PORT 1018 io_completion_port_remove_socket(ep->fd, ep); 1019 # endif 1020 close_and_delete_fd_from_list(ep->fd); 1021 ep->fd = INVALID_SOCKET; 1022 } 1023 1024 if (ep->bfd != INVALID_SOCKET) { 1025 msyslog(LOG_INFO, 1026 "stop listening for broadcasts to %s on interface #%d %s", 1027 stoa(&ep->bcast), ep->ifnum, ep->name); 1028 # ifdef HAVE_IO_COMPLETION_PORT 1029 io_completion_port_remove_socket(ep->bfd, ep); 1030 # endif 1031 close_and_delete_fd_from_list(ep->bfd); 1032 ep->bfd = INVALID_SOCKET; 1033 } 1034 # ifdef HAVE_IO_COMPLETION_PORT 1035 io_completion_port_remove_interface(ep); 1036 # endif 1037 1038 ninterfaces--; 1039 mon_clearinterface(ep); 1040 1041 /* remove restrict interface entry */ 1042 SET_HOSTMASK(&resmask, AF(&ep->sin)); 1043 hack_restrict(RESTRICT_REMOVEIF, &ep->sin, &resmask, 1044 RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0); 1045 } 1046 1047 1048 static void 1049 log_listen_address( 1050 endpt * ep 1051 ) 1052 { 1053 msyslog(LOG_INFO, "%s on %d %s %s", 1054 (ep->ignore_packets) 1055 ? "Listen and drop" 1056 : "Listen normally", 1057 ep->ifnum, 1058 ep->name, 1059 sptoa(&ep->sin)); 1060 } 1061 1062 1063 static void 1064 create_wildcards( 1065 u_short port 1066 ) 1067 { 1068 int v4wild; 1069 #ifdef INCLUDE_IPV6_SUPPORT 1070 int v6wild; 1071 #endif 1072 sockaddr_u wildaddr; 1073 nic_rule_action action; 1074 struct interface * wildif; 1075 1076 /* 1077 * silence "potentially uninitialized" warnings from VC9 1078 * failing to follow the logic. Ideally action could remain 1079 * uninitialized, and the memset be the first statement under 1080 * the first if (v4wild). 1081 */ 1082 action = ACTION_LISTEN; 1083 ZERO(wildaddr); 1084 1085 #ifdef INCLUDE_IPV6_SUPPORT 1086 /* 1087 * create pseudo-interface with wildcard IPv6 address 1088 */ 1089 v6wild = ipv6_works; 1090 if (v6wild) { 1091 /* set wildaddr to the v6 wildcard address :: */ 1092 ZERO(wildaddr); 1093 AF(&wildaddr) = AF_INET6; 1094 SET_ADDR6N(&wildaddr, in6addr_any); 1095 SET_PORT(&wildaddr, port); 1096 SET_SCOPE(&wildaddr, 0); 1097 1098 /* check for interface/nic rules affecting the wildcard */ 1099 action = interface_action(NULL, &wildaddr, 0); 1100 v6wild = (ACTION_IGNORE != action); 1101 } 1102 if (v6wild) { 1103 wildif = new_interface(NULL); 1104 1105 strlcpy(wildif->name, "v6wildcard", sizeof(wildif->name)); 1106 memcpy(&wildif->sin, &wildaddr, sizeof(wildif->sin)); 1107 wildif->family = AF_INET6; 1108 AF(&wildif->mask) = AF_INET6; 1109 SET_ONESMASK(&wildif->mask); 1110 1111 wildif->flags = INT_UP | INT_WILDCARD; 1112 wildif->ignore_packets = (ACTION_DROP == action); 1113 1114 wildif->fd = open_socket(&wildif->sin, 0, 1, wildif); 1115 1116 if (wildif->fd != INVALID_SOCKET) { 1117 wildipv6 = wildif; 1118 any6_interface = wildif; 1119 add_addr_to_list(&wildif->sin, wildif); 1120 add_interface(wildif); 1121 log_listen_address(wildif); 1122 } else { 1123 msyslog(LOG_ERR, 1124 "unable to bind to wildcard address %s - another process may be running - EXITING", 1125 stoa(&wildif->sin)); 1126 exit(1); 1127 } 1128 DPRINT_INTERFACE(2, (wildif, "created ", "\n")); 1129 } 1130 #endif 1131 1132 /* 1133 * create pseudo-interface with wildcard IPv4 address 1134 */ 1135 v4wild = ipv4_works; 1136 if (v4wild) { 1137 /* set wildaddr to the v4 wildcard address 0.0.0.0 */ 1138 AF(&wildaddr) = AF_INET; 1139 SET_ADDR4N(&wildaddr, INADDR_ANY); 1140 SET_PORT(&wildaddr, port); 1141 1142 /* check for interface/nic rules affecting the wildcard */ 1143 action = interface_action(NULL, &wildaddr, 0); 1144 v4wild = (ACTION_IGNORE != action); 1145 } 1146 if (v4wild) { 1147 wildif = new_interface(NULL); 1148 1149 strlcpy(wildif->name, "v4wildcard", sizeof(wildif->name)); 1150 memcpy(&wildif->sin, &wildaddr, sizeof(wildif->sin)); 1151 wildif->family = AF_INET; 1152 AF(&wildif->mask) = AF_INET; 1153 SET_ONESMASK(&wildif->mask); 1154 1155 wildif->flags = INT_BROADCAST | INT_UP | INT_WILDCARD; 1156 wildif->ignore_packets = (ACTION_DROP == action); 1157 #if defined(MCAST) 1158 /* 1159 * enable multicast reception on the broadcast socket 1160 */ 1161 AF(&wildif->bcast) = AF_INET; 1162 SET_ADDR4N(&wildif->bcast, INADDR_ANY); 1163 SET_PORT(&wildif->bcast, port); 1164 #endif /* MCAST */ 1165 wildif->fd = open_socket(&wildif->sin, 0, 1, wildif); 1166 1167 if (wildif->fd != INVALID_SOCKET) { 1168 wildipv4 = wildif; 1169 any_interface = wildif; 1170 1171 add_addr_to_list(&wildif->sin, wildif); 1172 add_interface(wildif); 1173 log_listen_address(wildif); 1174 } else { 1175 msyslog(LOG_ERR, 1176 "unable to bind to wildcard address %s - another process may be running - EXITING", 1177 stoa(&wildif->sin)); 1178 exit(1); 1179 } 1180 DPRINT_INTERFACE(2, (wildif, "created ", "\n")); 1181 } 1182 } 1183 1184 1185 /* 1186 * add_nic_rule() -- insert a rule entry at the head of nic_rule_list. 1187 */ 1188 void 1189 add_nic_rule( 1190 nic_rule_match match_type, 1191 const char * if_name, /* interface name or numeric address */ 1192 int prefixlen, 1193 nic_rule_action action 1194 ) 1195 { 1196 nic_rule * rule; 1197 isc_boolean_t is_ip; 1198 1199 rule = emalloc_zero(sizeof(*rule)); 1200 rule->match_type = match_type; 1201 rule->prefixlen = prefixlen; 1202 rule->action = action; 1203 1204 if (MATCH_IFNAME == match_type) { 1205 REQUIRE(NULL != if_name); 1206 rule->if_name = estrdup(if_name); 1207 } else if (MATCH_IFADDR == match_type) { 1208 REQUIRE(NULL != if_name); 1209 /* set rule->addr */ 1210 is_ip = is_ip_address(if_name, AF_UNSPEC, &rule->addr); 1211 REQUIRE(is_ip); 1212 } else 1213 REQUIRE(NULL == if_name); 1214 1215 LINK_SLIST(nic_rule_list, rule, next); 1216 } 1217 1218 1219 #ifdef DEBUG 1220 static const char * 1221 action_text( 1222 nic_rule_action action 1223 ) 1224 { 1225 const char *t; 1226 1227 switch (action) { 1228 1229 default: 1230 t = "ERROR"; /* quiet uninit warning */ 1231 DPRINTF(1, ("fatal: unknown nic_rule_action %d\n", 1232 action)); 1233 ENSURE(0); 1234 break; 1235 1236 case ACTION_LISTEN: 1237 t = "listen"; 1238 break; 1239 1240 case ACTION_IGNORE: 1241 t = "ignore"; 1242 break; 1243 1244 case ACTION_DROP: 1245 t = "drop"; 1246 break; 1247 } 1248 1249 return t; 1250 } 1251 #endif /* DEBUG */ 1252 1253 1254 static nic_rule_action 1255 interface_action( 1256 char * if_name, 1257 sockaddr_u * if_addr, 1258 u_int32 if_flags 1259 ) 1260 { 1261 nic_rule * rule; 1262 int isloopback; 1263 int iswildcard; 1264 1265 DPRINTF(4, ("interface_action: interface %s ", 1266 (if_name != NULL) ? if_name : "wildcard")); 1267 1268 iswildcard = is_wildcard_addr(if_addr); 1269 isloopback = !!(INT_LOOPBACK & if_flags); 1270 1271 /* 1272 * Find any matching NIC rule from --interface / -I or ntp.conf 1273 * interface/nic rules. 1274 */ 1275 for (rule = nic_rule_list; rule != NULL; rule = rule->next) { 1276 1277 switch (rule->match_type) { 1278 1279 case MATCH_ALL: 1280 /* loopback and wildcard excluded from "all" */ 1281 if (isloopback || iswildcard) 1282 break; 1283 DPRINTF(4, ("nic all %s\n", 1284 action_text(rule->action))); 1285 return rule->action; 1286 1287 case MATCH_IPV4: 1288 if (IS_IPV4(if_addr)) { 1289 DPRINTF(4, ("nic ipv4 %s\n", 1290 action_text(rule->action))); 1291 return rule->action; 1292 } 1293 break; 1294 1295 case MATCH_IPV6: 1296 if (IS_IPV6(if_addr)) { 1297 DPRINTF(4, ("nic ipv6 %s\n", 1298 action_text(rule->action))); 1299 return rule->action; 1300 } 1301 break; 1302 1303 case MATCH_WILDCARD: 1304 if (iswildcard) { 1305 DPRINTF(4, ("nic wildcard %s\n", 1306 action_text(rule->action))); 1307 return rule->action; 1308 } 1309 break; 1310 1311 case MATCH_IFADDR: 1312 if (rule->prefixlen != -1) { 1313 if (addr_eqprefix(if_addr, &rule->addr, 1314 rule->prefixlen)) { 1315 1316 DPRINTF(4, ("subnet address match - %s\n", 1317 action_text(rule->action))); 1318 return rule->action; 1319 } 1320 } else 1321 if (SOCK_EQ(if_addr, &rule->addr)) { 1322 1323 DPRINTF(4, ("address match - %s\n", 1324 action_text(rule->action))); 1325 return rule->action; 1326 } 1327 break; 1328 1329 case MATCH_IFNAME: 1330 if (if_name != NULL 1331 #if defined(HAVE_FNMATCH) && defined(FNM_CASEFOLD) 1332 && !fnmatch(rule->if_name, if_name, FNM_CASEFOLD) 1333 #else 1334 && !strcasecmp(if_name, rule->if_name) 1335 #endif 1336 ) { 1337 1338 DPRINTF(4, ("interface name match - %s\n", 1339 action_text(rule->action))); 1340 return rule->action; 1341 } 1342 break; 1343 } 1344 } 1345 1346 /* 1347 * Unless explicitly disabled such as with "nic ignore ::1" 1348 * listen on loopback addresses. Since ntpq and ntpdc query 1349 * "localhost" by default, which typically resolves to ::1 and 1350 * 127.0.0.1, it's useful to default to listening on both. 1351 */ 1352 if (isloopback) { 1353 DPRINTF(4, ("default loopback listen\n")); 1354 return ACTION_LISTEN; 1355 } 1356 1357 /* 1358 * Treat wildcard addresses specially. If there is no explicit 1359 * "nic ... wildcard" or "nic ... 0.0.0.0" or "nic ... ::" rule 1360 * default to drop. 1361 */ 1362 if (iswildcard) { 1363 DPRINTF(4, ("default wildcard drop\n")); 1364 return ACTION_DROP; 1365 } 1366 1367 /* 1368 * Check for "virtual IP" (colon in the interface name) after 1369 * the rules so that "ntpd --interface eth0:1 -novirtualips" 1370 * does indeed listen on eth0:1's addresses. 1371 */ 1372 if (!listen_to_virtual_ips && if_name != NULL 1373 && (strchr(if_name, ':') != NULL)) { 1374 1375 DPRINTF(4, ("virtual ip - ignore\n")); 1376 return ACTION_IGNORE; 1377 } 1378 1379 /* 1380 * If there are no --interface/-I command-line options and no 1381 * interface/nic rules in ntp.conf, the default action is to 1382 * listen. In the presence of rules from either, the default 1383 * is to ignore. This implements ntpd's traditional listen- 1384 * every default with no interface listen configuration, and 1385 * ensures a single -I eth0 or "nic listen eth0" means do not 1386 * listen on any other addresses. 1387 */ 1388 if (NULL == nic_rule_list) { 1389 DPRINTF(4, ("default listen\n")); 1390 return ACTION_LISTEN; 1391 } 1392 1393 DPRINTF(4, ("implicit ignore\n")); 1394 return ACTION_IGNORE; 1395 } 1396 1397 1398 static void 1399 convert_isc_if( 1400 isc_interface_t *isc_if, 1401 endpt *itf, 1402 u_short port 1403 ) 1404 { 1405 const u_char v6loop[16] = {0, 0, 0, 0, 0, 0, 0, 0, 1406 0, 0, 0, 0, 0, 0, 0, 1}; 1407 1408 strlcpy(itf->name, isc_if->name, sizeof(itf->name)); 1409 itf->ifindex = isc_if->ifindex; 1410 itf->family = (u_short)isc_if->af; 1411 AF(&itf->sin) = itf->family; 1412 AF(&itf->mask) = itf->family; 1413 AF(&itf->bcast) = itf->family; 1414 SET_PORT(&itf->sin, port); 1415 SET_PORT(&itf->mask, port); 1416 SET_PORT(&itf->bcast, port); 1417 1418 if (IS_IPV4(&itf->sin)) { 1419 NSRCADR(&itf->sin) = isc_if->address.type.in.s_addr; 1420 NSRCADR(&itf->mask) = isc_if->netmask.type.in.s_addr; 1421 1422 if (isc_if->flags & INTERFACE_F_BROADCAST) { 1423 itf->flags |= INT_BROADCAST; 1424 NSRCADR(&itf->bcast) = 1425 isc_if->broadcast.type.in.s_addr; 1426 } 1427 } 1428 #ifdef INCLUDE_IPV6_SUPPORT 1429 else if (IS_IPV6(&itf->sin)) { 1430 SET_ADDR6N(&itf->sin, isc_if->address.type.in6); 1431 SET_ADDR6N(&itf->mask, isc_if->netmask.type.in6); 1432 1433 SET_SCOPE(&itf->sin, isc_if->address.zone); 1434 } 1435 #endif /* INCLUDE_IPV6_SUPPORT */ 1436 1437 1438 /* Process the rest of the flags */ 1439 1440 itf->flags |= 1441 ((INTERFACE_F_UP & isc_if->flags) 1442 ? INT_UP : 0) 1443 | ((INTERFACE_F_LOOPBACK & isc_if->flags) 1444 ? INT_LOOPBACK : 0) 1445 | ((INTERFACE_F_POINTTOPOINT & isc_if->flags) 1446 ? INT_PPP : 0) 1447 | ((INTERFACE_F_MULTICAST & isc_if->flags) 1448 ? INT_MULTICAST : 0) 1449 | ((INTERFACE_F_PRIVACY & isc_if->flags) 1450 ? INT_PRIVACY : 0) 1451 ; 1452 1453 /* 1454 * Clear the loopback flag if the address is not localhost. 1455 * http://bugs.ntp.org/1683 1456 */ 1457 if (INT_LOOPBACK & itf->flags) { 1458 if (AF_INET == itf->family) { 1459 if (127 != (SRCADR(&itf->sin) >> 24)) 1460 itf->flags &= ~INT_LOOPBACK; 1461 } else { 1462 if (memcmp(v6loop, NSRCADR6(&itf->sin), 1463 sizeof(NSRCADR6(&itf->sin)))) 1464 itf->flags &= ~INT_LOOPBACK; 1465 } 1466 } 1467 } 1468 1469 1470 /* 1471 * refresh_interface 1472 * 1473 * some OSes have been observed to keep 1474 * cached routes even when more specific routes 1475 * become available. 1476 * this can be mitigated by re-binding 1477 * the socket. 1478 */ 1479 static int 1480 refresh_interface( 1481 struct interface * interface 1482 ) 1483 { 1484 #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES 1485 if (interface->fd != INVALID_SOCKET) { 1486 int bcast = (interface->flags & INT_BCASTXMIT) != 0; 1487 /* as we forcibly close() the socket remove the 1488 broadcast permission indication */ 1489 if (bcast) 1490 socket_broadcast_disable(interface, &interface->sin); 1491 1492 close_and_delete_fd_from_list(interface->fd); 1493 1494 /* create new socket picking up a new first hop binding 1495 at connect() time */ 1496 interface->fd = open_socket(&interface->sin, 1497 bcast, 0, interface); 1498 /* 1499 * reset TTL indication so TTL is is set again 1500 * next time around 1501 */ 1502 interface->last_ttl = 0; 1503 return (interface->fd != INVALID_SOCKET); 1504 } else 1505 return 0; /* invalid sockets are not refreshable */ 1506 #else /* !OS_MISSES_SPECIFIC_ROUTE_UPDATES */ 1507 return (interface->fd != INVALID_SOCKET); 1508 #endif /* !OS_MISSES_SPECIFIC_ROUTE_UPDATES */ 1509 } 1510 1511 /* 1512 * interface_update - externally callable update function 1513 */ 1514 void 1515 interface_update( 1516 interface_receiver_t receiver, 1517 void * data) 1518 { 1519 int new_interface_found; 1520 1521 if (disable_dynamic_updates) 1522 return; 1523 1524 BLOCKIO(); 1525 new_interface_found = update_interfaces(NTP_PORT, receiver, data); 1526 UNBLOCKIO(); 1527 1528 if (!new_interface_found) 1529 return; 1530 1531 #ifdef DEBUG 1532 msyslog(LOG_DEBUG, "new interface(s) found: waking up resolver"); 1533 #endif 1534 interrupt_worker_sleep(); 1535 } 1536 1537 1538 /* 1539 * sau_from_netaddr() - convert network address on-wire formats. 1540 * Convert from libisc's isc_netaddr_t to NTP's sockaddr_u 1541 */ 1542 void 1543 sau_from_netaddr( 1544 sockaddr_u *psau, 1545 const isc_netaddr_t *pna 1546 ) 1547 { 1548 ZERO_SOCK(psau); 1549 AF(psau) = (u_short)pna->family; 1550 switch (pna->family) { 1551 1552 case AF_INET: 1553 memcpy(&psau->sa4.sin_addr, &pna->type.in, 1554 sizeof(psau->sa4.sin_addr)); 1555 break; 1556 1557 case AF_INET6: 1558 memcpy(&psau->sa6.sin6_addr, &pna->type.in6, 1559 sizeof(psau->sa6.sin6_addr)); 1560 break; 1561 } 1562 } 1563 1564 1565 static int 1566 is_wildcard_addr( 1567 const sockaddr_u *psau 1568 ) 1569 { 1570 if (IS_IPV4(psau) && !NSRCADR(psau)) 1571 return 1; 1572 1573 #ifdef INCLUDE_IPV6_SUPPORT 1574 if (IS_IPV6(psau) && S_ADDR6_EQ(psau, &in6addr_any)) 1575 return 1; 1576 #endif 1577 1578 return 0; 1579 } 1580 1581 1582 #ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND 1583 /* 1584 * enable/disable re-use of wildcard address socket 1585 */ 1586 static void 1587 set_wildcard_reuse( 1588 u_short family, 1589 int on 1590 ) 1591 { 1592 struct interface *any; 1593 SOCKET fd = INVALID_SOCKET; 1594 1595 any = ANY_INTERFACE_BYFAM(family); 1596 if (any != NULL) 1597 fd = any->fd; 1598 1599 if (fd != INVALID_SOCKET) { 1600 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, 1601 (char *)&on, sizeof(on))) 1602 msyslog(LOG_ERR, 1603 "set_wildcard_reuse: setsockopt(SO_REUSEADDR, %s) failed: %m", 1604 on ? "on" : "off"); 1605 1606 DPRINTF(4, ("set SO_REUSEADDR to %s on %s\n", 1607 on ? "on" : "off", 1608 stoa(&any->sin))); 1609 } 1610 } 1611 #endif /* OS_NEEDS_REUSEADDR_FOR_IFADDRBIND */ 1612 1613 static isc_boolean_t 1614 check_flags( 1615 sockaddr_u *psau, 1616 const char *name, 1617 u_int32 flags 1618 ) 1619 { 1620 #if defined(SIOCGIFAFLAG_IN) 1621 struct ifreq ifr; 1622 int fd; 1623 1624 if (psau->sa.sa_family != AF_INET) 1625 return ISC_FALSE; 1626 if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) 1627 return ISC_FALSE; 1628 ZERO(ifr); 1629 memcpy(&ifr.ifr_addr, &psau->sa, sizeof(ifr.ifr_addr)); 1630 strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); 1631 if (ioctl(fd, SIOCGIFAFLAG_IN, &ifr) < 0) { 1632 close(fd); 1633 return ISC_FALSE; 1634 } 1635 close(fd); 1636 if ((ifr.ifr_addrflags & flags) != 0) 1637 return ISC_TRUE; 1638 #endif /* SIOCGIFAFLAG_IN */ 1639 return ISC_FALSE; 1640 } 1641 1642 static isc_boolean_t 1643 check_flags6( 1644 sockaddr_u *psau, 1645 const char *name, 1646 u_int32 flags6 1647 ) 1648 { 1649 #if defined(INCLUDE_IPV6_SUPPORT) && defined(SIOCGIFAFLAG_IN6) 1650 struct in6_ifreq ifr6; 1651 int fd; 1652 1653 if (psau->sa.sa_family != AF_INET6) 1654 return ISC_FALSE; 1655 if ((fd = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) 1656 return ISC_FALSE; 1657 ZERO(ifr6); 1658 memcpy(&ifr6.ifr_addr, &psau->sa6, sizeof(ifr6.ifr_addr)); 1659 strlcpy(ifr6.ifr_name, name, sizeof(ifr6.ifr_name)); 1660 if (ioctl(fd, SIOCGIFAFLAG_IN6, &ifr6) < 0) { 1661 close(fd); 1662 return ISC_FALSE; 1663 } 1664 close(fd); 1665 if ((ifr6.ifr_ifru.ifru_flags6 & flags6) != 0) 1666 return ISC_TRUE; 1667 #endif /* INCLUDE_IPV6_SUPPORT && SIOCGIFAFLAG_IN6 */ 1668 return ISC_FALSE; 1669 } 1670 1671 static isc_boolean_t 1672 is_anycast( 1673 sockaddr_u *psau, 1674 const char *name 1675 ) 1676 { 1677 #ifdef IN6_IFF_ANYCAST 1678 return check_flags6(psau, name, IN6_IFF_ANYCAST); 1679 #else 1680 return ISC_FALSE; 1681 #endif 1682 } 1683 1684 static isc_boolean_t 1685 is_valid( 1686 sockaddr_u *psau, 1687 const char *name 1688 ) 1689 { 1690 u_int32 flags; 1691 1692 flags = 0; 1693 switch (psau->sa.sa_family) { 1694 case AF_INET: 1695 #ifdef IN_IFF_DETACHED 1696 flags |= IN_IFF_DETACHED; 1697 #endif 1698 #ifdef IN_IFF_TENTATIVE 1699 flags |= IN_IFF_TENTATIVE; 1700 #endif 1701 return check_flags(psau, name, flags) ? ISC_FALSE : ISC_TRUE; 1702 case AF_INET6: 1703 #ifdef IN6_IFF_DEPARTED 1704 flags |= IN6_IFF_DEPARTED; 1705 #endif 1706 #ifdef IN6_IFF_DETACHED 1707 flags |= IN6_IFF_DETACHED; 1708 #endif 1709 #ifdef IN6_IFF_TENTATIVE 1710 flags |= IN6_IFF_TENTATIVE; 1711 #endif 1712 return check_flags6(psau, name, flags) ? ISC_FALSE : ISC_TRUE; 1713 default: 1714 return ISC_FALSE; 1715 } 1716 } 1717 1718 /* 1719 * update_interface strategy 1720 * 1721 * toggle configuration phase 1722 * 1723 * Phase 1: 1724 * forall currently existing interfaces 1725 * if address is known: 1726 * drop socket - rebind again 1727 * 1728 * if address is NOT known: 1729 * attempt to create a new interface entry 1730 * 1731 * Phase 2: 1732 * forall currently known non MCAST and WILDCARD interfaces 1733 * if interface does not match configuration phase (not seen in phase 1): 1734 * remove interface from known interface list 1735 * forall peers associated with this interface 1736 * disconnect peer from this interface 1737 * 1738 * Phase 3: 1739 * attempt to re-assign interfaces to peers 1740 * 1741 */ 1742 1743 static int 1744 update_interfaces( 1745 u_short port, 1746 interface_receiver_t receiver, 1747 void * data 1748 ) 1749 { 1750 isc_mem_t * mctx = (void *)-1; 1751 interface_info_t ifi; 1752 isc_interfaceiter_t * iter; 1753 isc_result_t result; 1754 isc_interface_t isc_if; 1755 int new_interface_found; 1756 unsigned int family; 1757 endpt enumep; 1758 endpt * ep; 1759 endpt * next_ep; 1760 1761 DPRINTF(3, ("update_interfaces(%d)\n", port)); 1762 1763 /* 1764 * phase one - scan interfaces 1765 * - create those that are not found 1766 * - update those that are found 1767 */ 1768 1769 new_interface_found = FALSE; 1770 iter = NULL; 1771 result = isc_interfaceiter_create(mctx, &iter); 1772 1773 if (result != ISC_R_SUCCESS) 1774 return 0; 1775 1776 /* 1777 * Toggle system interface scan phase to find untouched 1778 * interfaces to be deleted. 1779 */ 1780 sys_interphase ^= 0x1; 1781 1782 for (result = isc_interfaceiter_first(iter); 1783 ISC_R_SUCCESS == result; 1784 result = isc_interfaceiter_next(iter)) { 1785 1786 result = isc_interfaceiter_current(iter, &isc_if); 1787 1788 if (result != ISC_R_SUCCESS) 1789 break; 1790 1791 /* See if we have a valid family to use */ 1792 family = isc_if.address.family; 1793 if (AF_INET != family && AF_INET6 != family) 1794 continue; 1795 if (AF_INET == family && !ipv4_works) 1796 continue; 1797 if (AF_INET6 == family && !ipv6_works) 1798 continue; 1799 1800 /* create prototype */ 1801 init_interface(&enumep); 1802 1803 convert_isc_if(&isc_if, &enumep, port); 1804 1805 DPRINT_INTERFACE(4, (&enumep, "examining ", "\n")); 1806 1807 /* 1808 * Check if and how we are going to use the interface. 1809 */ 1810 switch (interface_action(enumep.name, &enumep.sin, 1811 enumep.flags)) { 1812 1813 case ACTION_IGNORE: 1814 DPRINTF(4, ("ignoring interface %s (%s) - by nic rules\n", 1815 enumep.name, stoa(&enumep.sin))); 1816 continue; 1817 1818 case ACTION_LISTEN: 1819 DPRINTF(4, ("listen interface %s (%s) - by nic rules\n", 1820 enumep.name, stoa(&enumep.sin))); 1821 enumep.ignore_packets = ISC_FALSE; 1822 break; 1823 1824 case ACTION_DROP: 1825 DPRINTF(4, ("drop on interface %s (%s) - by nic rules\n", 1826 enumep.name, stoa(&enumep.sin))); 1827 enumep.ignore_packets = ISC_TRUE; 1828 break; 1829 } 1830 1831 /* interfaces must be UP to be usable */ 1832 if (!(enumep.flags & INT_UP)) { 1833 DPRINTF(4, ("skipping interface %s (%s) - DOWN\n", 1834 enumep.name, stoa(&enumep.sin))); 1835 continue; 1836 } 1837 1838 /* 1839 * skip any interfaces UP and bound to a wildcard 1840 * address - some dhcp clients produce that in the 1841 * wild 1842 */ 1843 if (is_wildcard_addr(&enumep.sin)) 1844 continue; 1845 1846 if (is_anycast(&enumep.sin, isc_if.name)) 1847 continue; 1848 1849 /* 1850 * skip any address that is an invalid state to be used 1851 */ 1852 if (!is_valid(&enumep.sin, isc_if.name)) 1853 continue; 1854 1855 /* 1856 * map to local *address* in order to map all duplicate 1857 * interfaces to an endpt structure with the appropriate 1858 * socket. Our name space is (ip-address), NOT 1859 * (interface name, ip-address). 1860 */ 1861 ep = getinterface(&enumep.sin, INT_WILDCARD); 1862 1863 if (ep != NULL && refresh_interface(ep)) { 1864 /* 1865 * found existing and up to date interface - 1866 * mark present. 1867 */ 1868 if (ep->phase != sys_interphase) { 1869 /* 1870 * On a new round we reset the name so 1871 * the interface name shows up again if 1872 * this address is no longer shared. 1873 * We reset ignore_packets from the 1874 * new prototype to respect any runtime 1875 * changes to the nic rules. 1876 */ 1877 strlcpy(ep->name, enumep.name, 1878 sizeof(ep->name)); 1879 ep->ignore_packets = 1880 enumep.ignore_packets; 1881 } else { 1882 /* name collision - rename interface */ 1883 strlcpy(ep->name, "*multiple*", 1884 sizeof(ep->name)); 1885 } 1886 1887 DPRINT_INTERFACE(4, (ep, "updating ", 1888 " present\n")); 1889 1890 if (ep->ignore_packets != 1891 enumep.ignore_packets) { 1892 /* 1893 * We have conflicting configurations 1894 * for the interface address. This is 1895 * caused by using -I <interfacename> 1896 * for an interface that shares its 1897 * address with other interfaces. We 1898 * can not disambiguate incoming 1899 * packets delivered to this socket 1900 * without extra syscalls/features. 1901 * These are not (commonly) available. 1902 * Note this is a more unusual 1903 * configuration where several 1904 * interfaces share an address but 1905 * filtering via interface name is 1906 * attempted. We resolve the 1907 * configuration conflict by disabling 1908 * the processing of received packets. 1909 * This leads to no service on the 1910 * interface address where the conflict 1911 * occurs. 1912 */ 1913 msyslog(LOG_ERR, 1914 "WARNING: conflicting enable configuration for interfaces %s and %s for address %s - unsupported configuration - address DISABLED", 1915 enumep.name, ep->name, 1916 stoa(&enumep.sin)); 1917 1918 ep->ignore_packets = ISC_TRUE; 1919 } 1920 1921 ep->phase = sys_interphase; 1922 1923 ifi.action = IFS_EXISTS; 1924 ifi.ep = ep; 1925 if (receiver != NULL) 1926 (*receiver)(data, &ifi); 1927 } else { 1928 /* 1929 * This is new or refreshing failed - add to 1930 * our interface list. If refreshing failed we 1931 * will delete the interface structure in phase 1932 * 2 as the interface was not marked current. 1933 * We can bind to the address as the refresh 1934 * code already closed the offending socket 1935 */ 1936 ep = create_interface(port, &enumep); 1937 1938 if (ep != NULL) { 1939 ifi.action = IFS_CREATED; 1940 ifi.ep = ep; 1941 if (receiver != NULL) 1942 (*receiver)(data, &ifi); 1943 1944 new_interface_found = TRUE; 1945 DPRINT_INTERFACE(3, 1946 (ep, "updating ", 1947 " new - created\n")); 1948 } else { 1949 DPRINT_INTERFACE(3, 1950 (&enumep, "updating ", 1951 " new - creation FAILED")); 1952 1953 msyslog(LOG_INFO, 1954 "failed to init interface for address %s", 1955 stoa(&enumep.sin)); 1956 continue; 1957 } 1958 } 1959 } 1960 1961 isc_interfaceiter_destroy(&iter); 1962 1963 /* 1964 * phase 2 - delete gone interfaces - reassigning peers to 1965 * other interfaces 1966 */ 1967 for (ep = ep_list; ep != NULL; ep = next_ep) { 1968 next_ep = ep->elink; 1969 1970 /* 1971 * if phase does not match sys_phase this interface was 1972 * not enumerated during the last interface scan - so it 1973 * is gone and will be deleted here unless it did not 1974 * originate from interface enumeration (INT_WILDCARD, 1975 * INT_MCASTIF). 1976 */ 1977 if (((INT_WILDCARD | INT_MCASTIF) & ep->flags) || 1978 ep->phase == sys_interphase) 1979 continue; 1980 1981 DPRINT_INTERFACE(3, (ep, "updating ", 1982 "GONE - deleting\n")); 1983 remove_interface(ep); 1984 1985 ifi.action = IFS_DELETED; 1986 ifi.ep = ep; 1987 if (receiver != NULL) 1988 (*receiver)(data, &ifi); 1989 1990 /* disconnect peers from deleted endpt. */ 1991 while (ep->peers != NULL) 1992 set_peerdstadr(ep->peers, NULL); 1993 1994 /* 1995 * update globals in case we lose 1996 * a loopback interface 1997 */ 1998 if (ep == loopback_interface) 1999 loopback_interface = NULL; 2000 2001 delete_interface(ep); 2002 } 2003 2004 /* 2005 * phase 3 - re-configure as the world has possibly changed 2006 * 2007 * never ever make this conditional again - it is needed to track 2008 * routing updates. see bug #2506 2009 */ 2010 refresh_all_peerinterfaces(); 2011 2012 if (broadcast_client_enabled) 2013 io_setbclient(); 2014 2015 if (sys_bclient) 2016 io_setbclient(); 2017 2018 #ifdef MCAST 2019 /* 2020 * Check multicast interfaces and try to join multicast groups if 2021 * not joined yet. 2022 */ 2023 for (ep = ep_list; ep != NULL; ep = ep->elink) { 2024 remaddr_t *entry; 2025 2026 if (!(INT_MCASTIF & ep->flags) || (INT_MCASTOPEN & ep->flags)) 2027 continue; 2028 2029 /* Find remote address that was linked to this interface */ 2030 for (entry = remoteaddr_list; 2031 entry != NULL; 2032 entry = entry->link) { 2033 if (entry->ep == ep) { 2034 if (socket_multicast_enable(ep, &entry->addr)) { 2035 msyslog(LOG_INFO, 2036 "Joined %s socket to multicast group %s", 2037 stoa(&ep->sin), 2038 stoa(&entry->addr)); 2039 } 2040 break; 2041 } 2042 } 2043 } 2044 #endif /* MCAST */ 2045 2046 return new_interface_found; 2047 } 2048 2049 2050 /* 2051 * create_sockets - create a socket for each interface plus a default 2052 * socket for when we don't know where to send 2053 */ 2054 static int 2055 create_sockets( 2056 u_short port 2057 ) 2058 { 2059 #ifndef HAVE_IO_COMPLETION_PORT 2060 /* 2061 * I/O Completion Ports don't care about the select and FD_SET 2062 */ 2063 maxactivefd = 0; 2064 FD_ZERO(&activefds); 2065 #endif 2066 2067 DPRINTF(2, ("create_sockets(%d)\n", port)); 2068 2069 create_wildcards(port); 2070 2071 update_interfaces(port, NULL, NULL); 2072 2073 /* 2074 * Now that we have opened all the sockets, turn off the reuse 2075 * flag for security. 2076 */ 2077 set_reuseaddr(0); 2078 2079 DPRINTF(2, ("create_sockets: Total interfaces = %d\n", ninterfaces)); 2080 2081 return ninterfaces; 2082 } 2083 2084 /* 2085 * create_interface - create a new interface for a given prototype 2086 * binding the socket. 2087 */ 2088 static struct interface * 2089 create_interface( 2090 u_short port, 2091 struct interface * protot 2092 ) 2093 { 2094 sockaddr_u resmask; 2095 endpt * iface; 2096 #if defined(MCAST) && defined(MULTICAST_NONEWSOCKET) 2097 remaddr_t * entry; 2098 remaddr_t * next_entry; 2099 #endif 2100 DPRINTF(2, ("create_interface(%s#%d)\n", stoa(&protot->sin), 2101 port)); 2102 2103 /* build an interface */ 2104 iface = new_interface(protot); 2105 2106 /* 2107 * create socket 2108 */ 2109 iface->fd = open_socket(&iface->sin, 0, 0, iface); 2110 2111 if (iface->fd != INVALID_SOCKET) 2112 log_listen_address(iface); 2113 2114 if ((INT_BROADCAST & iface->flags) 2115 && iface->bfd != INVALID_SOCKET) 2116 msyslog(LOG_INFO, "Listening on broadcast address %s#%d", 2117 stoa((&iface->bcast)), port); 2118 2119 if (INVALID_SOCKET == iface->fd 2120 && INVALID_SOCKET == iface->bfd) { 2121 msyslog(LOG_ERR, "unable to create socket on %s (%d) for %s#%d", 2122 iface->name, 2123 iface->ifnum, 2124 stoa((&iface->sin)), 2125 port); 2126 delete_interface(iface); 2127 return NULL; 2128 } 2129 2130 /* 2131 * Blacklist our own addresses, no use talking to ourself 2132 */ 2133 SET_HOSTMASK(&resmask, AF(&iface->sin)); 2134 hack_restrict(RESTRICT_FLAGS, &iface->sin, &resmask, 2135 RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0); 2136 2137 /* 2138 * set globals with the first found 2139 * loopback interface of the appropriate class 2140 */ 2141 if (NULL == loopback_interface && AF_INET == iface->family 2142 && (INT_LOOPBACK & iface->flags)) 2143 loopback_interface = iface; 2144 2145 /* 2146 * put into our interface list 2147 */ 2148 add_addr_to_list(&iface->sin, iface); 2149 add_interface(iface); 2150 2151 #if defined(MCAST) && defined(MULTICAST_NONEWSOCKET) 2152 /* 2153 * Join any previously-configured compatible multicast groups. 2154 */ 2155 if (INT_MULTICAST & iface->flags && 2156 !((INT_LOOPBACK | INT_WILDCARD) & iface->flags) && 2157 !iface->ignore_packets) { 2158 for (entry = remoteaddr_list; 2159 entry != NULL; 2160 entry = next_entry) { 2161 next_entry = entry->link; 2162 if (AF(&iface->sin) != AF(&entry->addr) || 2163 !IS_MCAST(&entry->addr)) 2164 continue; 2165 if (socket_multicast_enable(iface, 2166 &entry->addr)) 2167 msyslog(LOG_INFO, 2168 "Joined %s socket to multicast group %s", 2169 stoa(&iface->sin), 2170 stoa(&entry->addr)); 2171 else 2172 msyslog(LOG_ERR, 2173 "Failed to join %s socket to multicast group %s", 2174 stoa(&iface->sin), 2175 stoa(&entry->addr)); 2176 } 2177 } 2178 #endif /* MCAST && MCAST_NONEWSOCKET */ 2179 2180 DPRINT_INTERFACE(2, (iface, "created ", "\n")); 2181 return iface; 2182 } 2183 2184 2185 #ifdef SO_EXCLUSIVEADDRUSE 2186 static void 2187 set_excladdruse( 2188 SOCKET fd 2189 ) 2190 { 2191 int one = 1; 2192 int failed; 2193 #ifdef SYS_WINNT 2194 DWORD err; 2195 #endif 2196 2197 failed = setsockopt(fd, SOL_SOCKET, SO_EXCLUSIVEADDRUSE, 2198 (char *)&one, sizeof(one)); 2199 2200 if (!failed) 2201 return; 2202 2203 #ifdef SYS_WINNT 2204 /* 2205 * Prior to Windows XP setting SO_EXCLUSIVEADDRUSE can fail with 2206 * error WSAINVAL depending on service pack level and whether 2207 * the user account is in the Administrators group. Do not 2208 * complain if it fails that way on versions prior to XP (5.1). 2209 */ 2210 err = GetLastError(); 2211 2212 if (isc_win32os_versioncheck(5, 1, 0, 0) < 0 /* < 5.1/XP */ 2213 && WSAEINVAL == err) 2214 return; 2215 2216 SetLastError(err); 2217 #endif 2218 msyslog(LOG_ERR, 2219 "setsockopt(%d, SO_EXCLUSIVEADDRUSE, on): %m", 2220 (int)fd); 2221 } 2222 #endif /* SO_EXCLUSIVEADDRUSE */ 2223 2224 2225 /* 2226 * set_reuseaddr() - set/clear REUSEADDR on all sockets 2227 * NB possible hole - should we be doing this on broadcast 2228 * fd's also? 2229 */ 2230 static void 2231 set_reuseaddr( 2232 int flag 2233 ) 2234 { 2235 #ifndef SO_EXCLUSIVEADDRUSE 2236 endpt *ep; 2237 2238 for (ep = ep_list; ep != NULL; ep = ep->elink) { 2239 if (ep->flags & INT_WILDCARD) 2240 continue; 2241 2242 /* 2243 * if ep->fd is INVALID_SOCKET, we might have a adapter 2244 * configured but not present 2245 */ 2246 DPRINTF(4, ("setting SO_REUSEADDR on %.16s@%s to %s\n", 2247 ep->name, stoa(&ep->sin), 2248 flag ? "on" : "off")); 2249 2250 if (ep->fd != INVALID_SOCKET) { 2251 if (setsockopt(ep->fd, SOL_SOCKET, SO_REUSEADDR, 2252 (char *)&flag, sizeof(flag))) { 2253 msyslog(LOG_ERR, "set_reuseaddr: setsockopt(%s, SO_REUSEADDR, %s) failed: %m", 2254 stoa(&ep->sin), flag ? "on" : "off"); 2255 } 2256 } 2257 } 2258 #endif /* ! SO_EXCLUSIVEADDRUSE */ 2259 } 2260 2261 /* 2262 * This is just a wrapper around an internal function so we can 2263 * make other changes as necessary later on 2264 */ 2265 void 2266 enable_broadcast( 2267 struct interface * iface, 2268 sockaddr_u * baddr 2269 ) 2270 { 2271 #ifdef OPEN_BCAST_SOCKET 2272 socket_broadcast_enable(iface, iface->fd, baddr); 2273 #endif 2274 } 2275 2276 #ifdef OPEN_BCAST_SOCKET 2277 /* 2278 * Enable a broadcast address to a given socket 2279 * The socket is in the ep_list all we need to do is enable 2280 * broadcasting. It is not this function's job to select the socket 2281 */ 2282 static isc_boolean_t 2283 socket_broadcast_enable( 2284 struct interface * iface, 2285 SOCKET fd, 2286 sockaddr_u * baddr 2287 ) 2288 { 2289 #ifdef SO_BROADCAST 2290 int on = 1; 2291 2292 if (IS_IPV4(baddr)) { 2293 /* if this interface can support broadcast, set SO_BROADCAST */ 2294 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, 2295 (char *)&on, sizeof(on))) 2296 msyslog(LOG_ERR, 2297 "setsockopt(SO_BROADCAST) enable failure on address %s: %m", 2298 stoa(baddr)); 2299 else 2300 DPRINTF(2, ("Broadcast enabled on socket %d for address %s\n", 2301 fd, stoa(baddr))); 2302 } 2303 iface->flags |= INT_BCASTXMIT; 2304 return ISC_TRUE; 2305 #else 2306 return ISC_FALSE; 2307 #endif /* SO_BROADCAST */ 2308 } 2309 2310 #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES 2311 /* 2312 * Remove a broadcast address from a given socket 2313 * The socket is in the ep_list all we need to do is disable 2314 * broadcasting. It is not this function's job to select the socket 2315 */ 2316 static isc_boolean_t 2317 socket_broadcast_disable( 2318 struct interface * iface, 2319 sockaddr_u * baddr 2320 ) 2321 { 2322 #ifdef SO_BROADCAST 2323 int off = 0; /* This seems to be OK as an int */ 2324 2325 if (IS_IPV4(baddr) && setsockopt(iface->fd, SOL_SOCKET, 2326 SO_BROADCAST, (char *)&off, sizeof(off))) 2327 msyslog(LOG_ERR, 2328 "setsockopt(SO_BROADCAST) disable failure on address %s: %m", 2329 stoa(baddr)); 2330 2331 iface->flags &= ~INT_BCASTXMIT; 2332 return ISC_TRUE; 2333 #else 2334 return ISC_FALSE; 2335 #endif /* SO_BROADCAST */ 2336 } 2337 #endif /* OS_MISSES_SPECIFIC_ROUTE_UPDATES */ 2338 2339 #endif /* OPEN_BCAST_SOCKET */ 2340 2341 /* 2342 * return the broadcast client flag value 2343 */ 2344 isc_boolean_t 2345 get_broadcastclient_flag(void) 2346 { 2347 return (broadcast_client_enabled); 2348 } 2349 2350 /* 2351 * Check to see if the address is a multicast address 2352 */ 2353 static isc_boolean_t 2354 addr_ismulticast( 2355 sockaddr_u *maddr 2356 ) 2357 { 2358 isc_boolean_t result; 2359 2360 #ifndef INCLUDE_IPV6_MULTICAST_SUPPORT 2361 /* 2362 * If we don't have IPV6 support any IPV6 addr is not multicast 2363 */ 2364 if (IS_IPV6(maddr)) 2365 result = ISC_FALSE; 2366 else 2367 #endif 2368 result = IS_MCAST(maddr); 2369 2370 if (!result) 2371 DPRINTF(4, ("address %s is not multicast\n", 2372 stoa(maddr))); 2373 2374 return result; 2375 } 2376 2377 /* 2378 * Multicast servers need to set the appropriate Multicast interface 2379 * socket option in order for it to know which interface to use for 2380 * send the multicast packet. 2381 */ 2382 void 2383 enable_multicast_if( 2384 struct interface * iface, 2385 sockaddr_u * maddr 2386 ) 2387 { 2388 #ifdef MCAST 2389 #ifdef IP_MULTICAST_LOOP 2390 TYPEOF_IP_MULTICAST_LOOP off = 0; 2391 #endif 2392 #if defined(INCLUDE_IPV6_MULTICAST_SUPPORT) && defined(IPV6_MULTICAST_LOOP) 2393 u_int off6 = 0; 2394 #endif 2395 2396 REQUIRE(AF(maddr) == AF(&iface->sin)); 2397 2398 switch (AF(&iface->sin)) { 2399 2400 case AF_INET: 2401 #ifdef IP_MULTICAST_LOOP 2402 /* 2403 * Don't send back to itself, but allow failure to set 2404 */ 2405 if (setsockopt(iface->fd, IPPROTO_IP, 2406 IP_MULTICAST_LOOP, 2407 SETSOCKOPT_ARG_CAST &off, 2408 sizeof(off))) { 2409 2410 msyslog(LOG_ERR, 2411 "setsockopt IP_MULTICAST_LOOP failed: %m on socket %d, addr %s for multicast address %s", 2412 iface->fd, stoa(&iface->sin), 2413 stoa(maddr)); 2414 } 2415 #endif 2416 break; 2417 2418 case AF_INET6: 2419 #ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2420 #ifdef IPV6_MULTICAST_LOOP 2421 /* 2422 * Don't send back to itself, but allow failure to set 2423 */ 2424 if (setsockopt(iface->fd, IPPROTO_IPV6, 2425 IPV6_MULTICAST_LOOP, 2426 (char *) &off6, sizeof(off6))) { 2427 2428 msyslog(LOG_ERR, 2429 "setsockopt IPV6_MULTICAST_LOOP failed: %m on socket %d, addr %s for multicast address %s", 2430 iface->fd, stoa(&iface->sin), 2431 stoa(maddr)); 2432 } 2433 #endif 2434 break; 2435 #else 2436 return; 2437 #endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */ 2438 } 2439 return; 2440 #endif 2441 } 2442 2443 /* 2444 * Add a multicast address to a given socket 2445 * The socket is in the ep_list all we need to do is enable 2446 * multicasting. It is not this function's job to select the socket 2447 */ 2448 #if defined(MCAST) 2449 static isc_boolean_t 2450 socket_multicast_enable( 2451 endpt * iface, 2452 sockaddr_u * maddr 2453 ) 2454 { 2455 struct ip_mreq mreq; 2456 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2457 struct ipv6_mreq mreq6; 2458 # endif 2459 switch (AF(maddr)) { 2460 2461 case AF_INET: 2462 ZERO(mreq); 2463 mreq.imr_multiaddr = SOCK_ADDR4(maddr); 2464 mreq.imr_interface.s_addr = htonl(INADDR_ANY); 2465 if (setsockopt(iface->fd, 2466 IPPROTO_IP, 2467 IP_ADD_MEMBERSHIP, 2468 (char *)&mreq, 2469 sizeof(mreq))) { 2470 DPRINTF(2, ( 2471 "setsockopt IP_ADD_MEMBERSHIP failed: %m on socket %d, addr %s for %x / %x (%s)", 2472 iface->fd, stoa(&iface->sin), 2473 mreq.imr_multiaddr.s_addr, 2474 mreq.imr_interface.s_addr, 2475 stoa(maddr))); 2476 return ISC_FALSE; 2477 } 2478 DPRINTF(4, ("Added IPv4 multicast membership on socket %d, addr %s for %x / %x (%s)\n", 2479 iface->fd, stoa(&iface->sin), 2480 mreq.imr_multiaddr.s_addr, 2481 mreq.imr_interface.s_addr, stoa(maddr))); 2482 break; 2483 2484 case AF_INET6: 2485 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2486 /* 2487 * Enable reception of multicast packets. 2488 * If the address is link-local we can get the 2489 * interface index from the scope id. Don't do this 2490 * for other types of multicast addresses. For now let 2491 * the kernel figure it out. 2492 */ 2493 ZERO(mreq6); 2494 mreq6.ipv6mr_multiaddr = SOCK_ADDR6(maddr); 2495 mreq6.ipv6mr_interface = iface->ifindex; 2496 2497 if (setsockopt(iface->fd, IPPROTO_IPV6, 2498 IPV6_JOIN_GROUP, (char *)&mreq6, 2499 sizeof(mreq6))) { 2500 DPRINTF(2, ( 2501 "setsockopt IPV6_JOIN_GROUP failed: %m on socket %d, addr %s for interface %u (%s)", 2502 iface->fd, stoa(&iface->sin), 2503 mreq6.ipv6mr_interface, stoa(maddr))); 2504 return ISC_FALSE; 2505 } 2506 DPRINTF(4, ("Added IPv6 multicast group on socket %d, addr %s for interface %u (%s)\n", 2507 iface->fd, stoa(&iface->sin), 2508 mreq6.ipv6mr_interface, stoa(maddr))); 2509 # else 2510 return ISC_FALSE; 2511 # endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */ 2512 } 2513 iface->flags |= INT_MCASTOPEN; 2514 iface->num_mcast++; 2515 2516 return ISC_TRUE; 2517 } 2518 #endif /* MCAST */ 2519 2520 2521 /* 2522 * Remove a multicast address from a given socket 2523 * The socket is in the ep_list all we need to do is disable 2524 * multicasting. It is not this function's job to select the socket 2525 */ 2526 #ifdef MCAST 2527 static isc_boolean_t 2528 socket_multicast_disable( 2529 struct interface * iface, 2530 sockaddr_u * maddr 2531 ) 2532 { 2533 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2534 struct ipv6_mreq mreq6; 2535 # endif 2536 struct ip_mreq mreq; 2537 2538 ZERO(mreq); 2539 2540 if (find_addr_in_list(maddr) == NULL) { 2541 DPRINTF(4, ("socket_multicast_disable(%s): not found\n", 2542 stoa(maddr))); 2543 return ISC_TRUE; 2544 } 2545 2546 switch (AF(maddr)) { 2547 2548 case AF_INET: 2549 mreq.imr_multiaddr = SOCK_ADDR4(maddr); 2550 mreq.imr_interface = SOCK_ADDR4(&iface->sin); 2551 if (setsockopt(iface->fd, IPPROTO_IP, 2552 IP_DROP_MEMBERSHIP, (char *)&mreq, 2553 sizeof(mreq))) { 2554 2555 msyslog(LOG_ERR, 2556 "setsockopt IP_DROP_MEMBERSHIP failed: %m on socket %d, addr %s for %x / %x (%s)", 2557 iface->fd, stoa(&iface->sin), 2558 SRCADR(maddr), SRCADR(&iface->sin), 2559 stoa(maddr)); 2560 return ISC_FALSE; 2561 } 2562 break; 2563 case AF_INET6: 2564 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2565 /* 2566 * Disable reception of multicast packets 2567 * If the address is link-local we can get the 2568 * interface index from the scope id. Don't do this 2569 * for other types of multicast addresses. For now let 2570 * the kernel figure it out. 2571 */ 2572 mreq6.ipv6mr_multiaddr = SOCK_ADDR6(maddr); 2573 mreq6.ipv6mr_interface = iface->ifindex; 2574 2575 if (setsockopt(iface->fd, IPPROTO_IPV6, 2576 IPV6_LEAVE_GROUP, (char *)&mreq6, 2577 sizeof(mreq6))) { 2578 2579 msyslog(LOG_ERR, 2580 "setsockopt IPV6_LEAVE_GROUP failure: %m on socket %d, addr %s for %d (%s)", 2581 iface->fd, stoa(&iface->sin), 2582 iface->ifindex, stoa(maddr)); 2583 return ISC_FALSE; 2584 } 2585 break; 2586 # else 2587 return ISC_FALSE; 2588 # endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */ 2589 } 2590 2591 iface->num_mcast--; 2592 if (!iface->num_mcast) 2593 iface->flags &= ~INT_MCASTOPEN; 2594 2595 return ISC_TRUE; 2596 } 2597 #endif /* MCAST */ 2598 2599 /* 2600 * io_setbclient - open the broadcast client sockets 2601 */ 2602 void 2603 io_setbclient(void) 2604 { 2605 #ifdef OPEN_BCAST_SOCKET 2606 struct interface * interf; 2607 int nif; 2608 2609 nif = 0; 2610 set_reuseaddr(1); 2611 2612 for (interf = ep_list; 2613 interf != NULL; 2614 interf = interf->elink) { 2615 2616 if (interf->flags & (INT_WILDCARD | INT_LOOPBACK)) 2617 continue; 2618 2619 /* use only allowed addresses */ 2620 if (interf->ignore_packets) 2621 continue; 2622 2623 /* Need a broadcast-capable interface */ 2624 if (!(interf->flags & INT_BROADCAST)) 2625 continue; 2626 2627 /* Only IPv4 addresses are valid for broadcast */ 2628 REQUIRE(IS_IPV4(&interf->bcast)); 2629 2630 /* Do we already have the broadcast address open? */ 2631 if (interf->flags & INT_BCASTOPEN) { 2632 /* 2633 * account for already open interfaces to avoid 2634 * misleading warning below 2635 */ 2636 nif++; 2637 continue; 2638 } 2639 2640 /* 2641 * Try to open the broadcast address 2642 */ 2643 interf->family = AF_INET; 2644 interf->bfd = open_socket(&interf->bcast, 1, 0, interf); 2645 2646 /* 2647 * If we succeeded then we use it otherwise enable 2648 * broadcast on the interface address 2649 */ 2650 if (interf->bfd != INVALID_SOCKET) { 2651 nif++; 2652 interf->flags |= INT_BCASTOPEN; 2653 msyslog(LOG_INFO, 2654 "Listen for broadcasts to %s on interface #%d %s", 2655 stoa(&interf->bcast), interf->ifnum, interf->name); 2656 } else switch (errno) { 2657 /* Silently ignore EADDRINUSE as we probably 2658 * opened the socket already for an address in 2659 * the same network */ 2660 case EADDRINUSE: 2661 /* Some systems cannot bind a socket to a broadcast 2662 * address, as that is not a valid host address. */ 2663 case EADDRNOTAVAIL: 2664 # ifdef SYS_WINNT /*TODO: use for other systems, too? */ 2665 /* avoid recurrence here -- if we already have a 2666 * regular socket, it's quite useless to try this 2667 * again. 2668 */ 2669 if (interf->fd != INVALID_SOCKET) { 2670 interf->flags |= INT_BCASTOPEN; 2671 nif++; 2672 } 2673 # endif 2674 break; 2675 2676 default: 2677 msyslog(LOG_INFO, 2678 "failed to listen for broadcasts to %s on interface #%d %s", 2679 stoa(&interf->bcast), interf->ifnum, interf->name); 2680 break; 2681 } 2682 } 2683 set_reuseaddr(0); 2684 if (nif > 0) { 2685 broadcast_client_enabled = ISC_TRUE; 2686 DPRINTF(1, ("io_setbclient: listening to %d broadcast addresses\n", nif)); 2687 } 2688 else if (!nif) { 2689 broadcast_client_enabled = ISC_FALSE; 2690 msyslog(LOG_ERR, 2691 "Unable to listen for broadcasts, no broadcast interfaces available"); 2692 } 2693 #else 2694 msyslog(LOG_ERR, 2695 "io_setbclient: Broadcast Client disabled by build"); 2696 #endif /* OPEN_BCAST_SOCKET */ 2697 } 2698 2699 /* 2700 * io_unsetbclient - close the broadcast client sockets 2701 */ 2702 void 2703 io_unsetbclient(void) 2704 { 2705 endpt *ep; 2706 2707 for (ep = ep_list; ep != NULL; ep = ep->elink) { 2708 if (INT_WILDCARD & ep->flags) 2709 continue; 2710 if (!(INT_BCASTOPEN & ep->flags)) 2711 continue; 2712 2713 if (ep->bfd != INVALID_SOCKET) { 2714 /* destroy broadcast listening socket */ 2715 msyslog(LOG_INFO, 2716 "stop listening for broadcasts to %s on interface #%d %s", 2717 stoa(&ep->bcast), ep->ifnum, ep->name); 2718 # ifdef HAVE_IO_COMPLETION_PORT 2719 io_completion_port_remove_socket(ep->bfd, ep); 2720 # endif 2721 close_and_delete_fd_from_list(ep->bfd); 2722 ep->bfd = INVALID_SOCKET; 2723 } 2724 ep->flags &= ~INT_BCASTOPEN; 2725 } 2726 broadcast_client_enabled = ISC_FALSE; 2727 } 2728 2729 /* 2730 * io_multicast_add() - add multicast group address 2731 */ 2732 void 2733 io_multicast_add( 2734 sockaddr_u *addr 2735 ) 2736 { 2737 #ifdef MCAST 2738 endpt * ep; 2739 endpt * one_ep; 2740 2741 /* 2742 * Check to see if this is a multicast address 2743 */ 2744 if (!addr_ismulticast(addr)) 2745 return; 2746 2747 /* If we already have it we can just return */ 2748 if (NULL != find_flagged_addr_in_list(addr, INT_MCASTOPEN)) { 2749 msyslog(LOG_INFO, 2750 "Duplicate request found for multicast address %s", 2751 stoa(addr)); 2752 return; 2753 } 2754 2755 # ifndef MULTICAST_NONEWSOCKET 2756 ep = new_interface(NULL); 2757 2758 /* 2759 * Open a new socket for the multicast address 2760 */ 2761 ep->sin = *addr; 2762 SET_PORT(&ep->sin, NTP_PORT); 2763 ep->family = AF(&ep->sin); 2764 AF(&ep->mask) = ep->family; 2765 SET_ONESMASK(&ep->mask); 2766 2767 set_reuseaddr(1); 2768 ep->bfd = INVALID_SOCKET; 2769 ep->fd = open_socket(&ep->sin, 0, 0, ep); 2770 if (ep->fd != INVALID_SOCKET) { 2771 ep->ignore_packets = ISC_FALSE; 2772 ep->flags |= INT_MCASTIF; 2773 2774 strlcpy(ep->name, "multicast", sizeof(ep->name)); 2775 DPRINT_INTERFACE(2, (ep, "multicast add ", "\n")); 2776 add_interface(ep); 2777 log_listen_address(ep); 2778 } else { 2779 /* bind failed, re-use wildcard interface */ 2780 delete_interface(ep); 2781 2782 if (IS_IPV4(addr)) 2783 ep = wildipv4; 2784 else if (IS_IPV6(addr)) 2785 ep = wildipv6; 2786 else 2787 ep = NULL; 2788 2789 if (ep != NULL) { 2790 /* HACK ! -- stuff in an address */ 2791 /* because we don't bind addr? DH */ 2792 ep->bcast = *addr; 2793 msyslog(LOG_ERR, 2794 "multicast address %s using wildcard interface #%d %s", 2795 stoa(addr), ep->ifnum, ep->name); 2796 } else { 2797 msyslog(LOG_ERR, 2798 "No multicast socket available to use for address %s", 2799 stoa(addr)); 2800 return; 2801 } 2802 } 2803 { /* in place of the { following for in #else clause */ 2804 one_ep = ep; 2805 # else /* MULTICAST_NONEWSOCKET follows */ 2806 /* 2807 * For the case where we can't use a separate socket (Windows) 2808 * join each applicable endpoint socket to the group address. 2809 */ 2810 if (IS_IPV4(addr)) 2811 one_ep = wildipv4; 2812 else 2813 one_ep = wildipv6; 2814 for (ep = ep_list; ep != NULL; ep = ep->elink) { 2815 if (ep->ignore_packets || AF(&ep->sin) != AF(addr) || 2816 !(INT_MULTICAST & ep->flags) || 2817 (INT_LOOPBACK | INT_WILDCARD) & ep->flags) 2818 continue; 2819 one_ep = ep; 2820 # endif /* MULTICAST_NONEWSOCKET */ 2821 if (socket_multicast_enable(ep, addr)) 2822 msyslog(LOG_INFO, 2823 "Joined %s socket to multicast group %s", 2824 stoa(&ep->sin), 2825 stoa(addr)); 2826 } 2827 2828 add_addr_to_list(addr, one_ep); 2829 #else /* !MCAST follows*/ 2830 msyslog(LOG_ERR, 2831 "Can not add multicast address %s: no multicast support", 2832 stoa(addr)); 2833 #endif 2834 return; 2835 } 2836 2837 2838 /* 2839 * io_multicast_del() - delete multicast group address 2840 */ 2841 void 2842 io_multicast_del( 2843 sockaddr_u * addr 2844 ) 2845 { 2846 #ifdef MCAST 2847 endpt *iface; 2848 2849 /* 2850 * Check to see if this is a multicast address 2851 */ 2852 if (!addr_ismulticast(addr)) { 2853 msyslog(LOG_ERR, "invalid multicast address %s", 2854 stoa(addr)); 2855 return; 2856 } 2857 2858 /* 2859 * Disable reception of multicast packets 2860 */ 2861 while ((iface = find_flagged_addr_in_list(addr, INT_MCASTOPEN)) 2862 != NULL) 2863 socket_multicast_disable(iface, addr); 2864 2865 delete_addr_from_list(addr); 2866 2867 #else /* not MCAST */ 2868 msyslog(LOG_ERR, 2869 "Can not delete multicast address %s: no multicast support", 2870 stoa(addr)); 2871 #endif /* not MCAST */ 2872 } 2873 2874 2875 /* 2876 * open_socket - open a socket, returning the file descriptor 2877 */ 2878 2879 static SOCKET 2880 open_socket( 2881 sockaddr_u * addr, 2882 int bcast, 2883 int turn_off_reuse, 2884 endpt * interf 2885 ) 2886 { 2887 SOCKET fd; 2888 int errval; 2889 /* 2890 * int is OK for REUSEADR per 2891 * http://www.kohala.com/start/mcast.api.txt 2892 */ 2893 int on = 1; 2894 int off = 0; 2895 2896 if (IS_IPV6(addr) && !ipv6_works) 2897 return INVALID_SOCKET; 2898 2899 /* create a datagram (UDP) socket */ 2900 fd = socket(AF(addr), SOCK_DGRAM, 0); 2901 if (INVALID_SOCKET == fd) { 2902 errval = socket_errno(); 2903 msyslog(LOG_ERR, 2904 "socket(AF_INET%s, SOCK_DGRAM, 0) failed on address %s: %m", 2905 IS_IPV6(addr) ? "6" : "", stoa(addr)); 2906 2907 if (errval == EPROTONOSUPPORT || 2908 errval == EAFNOSUPPORT || 2909 errval == EPFNOSUPPORT) 2910 return (INVALID_SOCKET); 2911 2912 errno = errval; 2913 msyslog(LOG_ERR, 2914 "unexpected socket() error %m code %d (not EPROTONOSUPPORT nor EAFNOSUPPORT nor EPFNOSUPPORT) - exiting", 2915 errno); 2916 exit(1); 2917 } 2918 2919 #ifdef SYS_WINNT 2920 connection_reset_fix(fd, addr); 2921 #endif 2922 /* 2923 * Fixup the file descriptor for some systems 2924 * See bug #530 for details of the issue. 2925 */ 2926 fd = move_fd(fd); 2927 2928 /* 2929 * set SO_REUSEADDR since we will be binding the same port 2930 * number on each interface according to turn_off_reuse. 2931 * This is undesirable on Windows versions starting with 2932 * Windows XP (numeric version 5.1). 2933 */ 2934 #ifdef SYS_WINNT 2935 if (isc_win32os_versioncheck(5, 1, 0, 0) < 0) /* before 5.1 */ 2936 #endif 2937 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, 2938 (char *)((turn_off_reuse) 2939 ? &off 2940 : &on), 2941 sizeof(on))) { 2942 2943 msyslog(LOG_ERR, 2944 "setsockopt SO_REUSEADDR %s fails for address %s: %m", 2945 (turn_off_reuse) 2946 ? "off" 2947 : "on", 2948 stoa(addr)); 2949 closesocket(fd); 2950 return INVALID_SOCKET; 2951 } 2952 #ifdef SO_EXCLUSIVEADDRUSE 2953 /* 2954 * setting SO_EXCLUSIVEADDRUSE on the wildcard we open 2955 * first will cause more specific binds to fail. 2956 */ 2957 if (!(interf->flags & INT_WILDCARD)) 2958 set_excladdruse(fd); 2959 #endif 2960 2961 /* 2962 * IPv4 specific options go here 2963 */ 2964 if (IS_IPV4(addr)) { 2965 #if defined(IPPROTO_IP) && defined(IP_TOS) 2966 if (setsockopt(fd, IPPROTO_IP, IP_TOS, (char*)&qos, 2967 sizeof(qos))) 2968 msyslog(LOG_ERR, 2969 "setsockopt IP_TOS (%02x) fails on address %s: %m", 2970 qos, stoa(addr)); 2971 #endif /* IPPROTO_IP && IP_TOS */ 2972 if (bcast) 2973 socket_broadcast_enable(interf, fd, addr); 2974 } 2975 2976 /* 2977 * IPv6 specific options go here 2978 */ 2979 if (IS_IPV6(addr)) { 2980 #if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS) 2981 if (setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, (char*)&qos, 2982 sizeof(qos))) 2983 msyslog(LOG_ERR, 2984 "setsockopt IPV6_TCLASS (%02x) fails on address %s: %m", 2985 qos, stoa(addr)); 2986 #endif /* IPPROTO_IPV6 && IPV6_TCLASS */ 2987 #ifdef IPV6_V6ONLY 2988 if (isc_net_probe_ipv6only() == ISC_R_SUCCESS 2989 && setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, 2990 (char*)&on, sizeof(on))) 2991 msyslog(LOG_ERR, 2992 "setsockopt IPV6_V6ONLY on fails on address %s: %m", 2993 stoa(addr)); 2994 #endif 2995 #ifdef IPV6_BINDV6ONLY 2996 if (setsockopt(fd, IPPROTO_IPV6, IPV6_BINDV6ONLY, 2997 (char*)&on, sizeof(on))) 2998 msyslog(LOG_ERR, 2999 "setsockopt IPV6_BINDV6ONLY on fails on address %s: %m", 3000 stoa(addr)); 3001 #endif 3002 } 3003 3004 #ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND 3005 /* 3006 * some OSes don't allow binding to more specific 3007 * addresses if a wildcard address already bound 3008 * to the port and SO_REUSEADDR is not set 3009 */ 3010 if (!is_wildcard_addr(addr)) 3011 set_wildcard_reuse(AF(addr), 1); 3012 #endif 3013 3014 /* 3015 * bind the local address. 3016 */ 3017 errval = bind(fd, &addr->sa, SOCKLEN(addr)); 3018 3019 #ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND 3020 if (!is_wildcard_addr(addr)) 3021 set_wildcard_reuse(AF(addr), 0); 3022 #endif 3023 3024 if (errval < 0) { 3025 /* 3026 * Don't log this under all conditions 3027 */ 3028 if (turn_off_reuse == 0 3029 #ifdef DEBUG 3030 || debug > 1 3031 #endif 3032 ) { 3033 msyslog(LOG_ERR, 3034 "bind(%d) AF_INET%s %s#%d%s flags 0x%x failed: %m", 3035 fd, IS_IPV6(addr) ? "6" : "", 3036 stoa(addr), SRCPORT(addr), 3037 IS_MCAST(addr) ? " (multicast)" : "", 3038 interf->flags); 3039 } 3040 3041 closesocket(fd); 3042 3043 return INVALID_SOCKET; 3044 } 3045 3046 #ifdef HAVE_TIMESTAMP 3047 { 3048 if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMP, 3049 (char*)&on, sizeof(on))) 3050 msyslog(LOG_DEBUG, 3051 "setsockopt SO_TIMESTAMP on fails on address %s: %m", 3052 stoa(addr)); 3053 else 3054 DPRINTF(4, ("setsockopt SO_TIMESTAMP enabled on fd %d address %s\n", 3055 fd, stoa(addr))); 3056 } 3057 #endif 3058 #ifdef HAVE_TIMESTAMPNS 3059 { 3060 if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMPNS, 3061 (char*)&on, sizeof(on))) 3062 msyslog(LOG_DEBUG, 3063 "setsockopt SO_TIMESTAMPNS on fails on address %s: %m", 3064 stoa(addr)); 3065 else 3066 DPRINTF(4, ("setsockopt SO_TIMESTAMPNS enabled on fd %d address %s\n", 3067 fd, stoa(addr))); 3068 } 3069 #endif 3070 #ifdef HAVE_BINTIME 3071 { 3072 if (setsockopt(fd, SOL_SOCKET, SO_BINTIME, 3073 (char*)&on, sizeof(on))) 3074 msyslog(LOG_DEBUG, 3075 "setsockopt SO_BINTIME on fails on address %s: %m", 3076 stoa(addr)); 3077 else 3078 DPRINTF(4, ("setsockopt SO_BINTIME enabled on fd %d address %s\n", 3079 fd, stoa(addr))); 3080 } 3081 #endif 3082 3083 DPRINTF(4, ("bind(%d) AF_INET%s, addr %s%%%d#%d, flags 0x%x\n", 3084 fd, IS_IPV6(addr) ? "6" : "", stoa(addr), 3085 SCOPE(addr), SRCPORT(addr), interf->flags)); 3086 3087 make_socket_nonblocking(fd); 3088 3089 #ifdef HAVE_SIGNALED_IO 3090 init_socket_sig(fd); 3091 #endif /* not HAVE_SIGNALED_IO */ 3092 3093 add_fd_to_list(fd, FD_TYPE_SOCKET); 3094 3095 #if !defined(SYS_WINNT) && !defined(VMS) 3096 DPRINTF(4, ("flags for fd %d: 0x%x\n", fd, 3097 fcntl(fd, F_GETFL, 0))); 3098 #endif /* SYS_WINNT || VMS */ 3099 3100 #if defined(HAVE_IO_COMPLETION_PORT) 3101 /* 3102 * Add the socket to the completion port 3103 */ 3104 if (!io_completion_port_add_socket(fd, interf, bcast)) { 3105 msyslog(LOG_ERR, "unable to set up io completion port - EXITING"); 3106 exit(1); 3107 } 3108 #endif 3109 return fd; 3110 } 3111 3112 3113 3114 /* XXX ELIMINATE sendpkt similar in ntpq.c, ntpdc.c, ntp_io.c, ntptrace.c */ 3115 /* 3116 * sendpkt - send a packet to the specified destination. Maintain a 3117 * send error cache so that only the first consecutive error for a 3118 * destination is logged. 3119 */ 3120 void 3121 sendpkt( 3122 sockaddr_u * dest, 3123 struct interface * ep, 3124 int ttl, 3125 struct pkt * pkt, 3126 int len 3127 ) 3128 { 3129 endpt * src; 3130 int ismcast; 3131 int cc; 3132 int rc; 3133 u_char cttl; 3134 3135 ismcast = IS_MCAST(dest); 3136 if (!ismcast) 3137 src = ep; 3138 else 3139 src = (IS_IPV4(dest)) 3140 ? mc4_list 3141 : mc6_list; 3142 3143 if (NULL == src) { 3144 /* 3145 * unbound peer - drop request and wait for better 3146 * network conditions 3147 */ 3148 DPRINTF(2, ("%ssendpkt(dst=%s, ttl=%d, len=%d): no interface - IGNORED\n", 3149 ismcast ? "\tMCAST\t***** " : "", 3150 stoa(dest), ttl, len)); 3151 return; 3152 } 3153 3154 do { 3155 DPRINTF(2, ("%ssendpkt(%d, dst=%s, src=%s, ttl=%d, len=%d)\n", 3156 ismcast ? "\tMCAST\t***** " : "", src->fd, 3157 stoa(dest), stoa(&src->sin), ttl, len)); 3158 #ifdef MCAST 3159 /* 3160 * for the moment we use the bcast option to set multicast ttl 3161 */ 3162 if (ismcast && ttl > 0 && ttl != src->last_ttl) { 3163 /* 3164 * set the multicast ttl for outgoing packets 3165 */ 3166 switch (AF(&src->sin)) { 3167 3168 case AF_INET : 3169 cttl = (u_char)ttl; 3170 rc = setsockopt(src->fd, IPPROTO_IP, 3171 IP_MULTICAST_TTL, 3172 (void *)&cttl, 3173 sizeof(cttl)); 3174 break; 3175 3176 # ifdef INCLUDE_IPV6_SUPPORT 3177 case AF_INET6 : 3178 rc = setsockopt(src->fd, IPPROTO_IPV6, 3179 IPV6_MULTICAST_HOPS, 3180 (void *)&ttl, 3181 sizeof(ttl)); 3182 break; 3183 # endif /* INCLUDE_IPV6_SUPPORT */ 3184 3185 default: 3186 rc = 0; 3187 } 3188 3189 if (!rc) 3190 src->last_ttl = ttl; 3191 else 3192 msyslog(LOG_ERR, 3193 "setsockopt IP_MULTICAST_TTL/IPV6_MULTICAST_HOPS fails on address %s: %m", 3194 stoa(&src->sin)); 3195 } 3196 #endif /* MCAST */ 3197 3198 #ifdef SIM 3199 cc = simulate_server(dest, src, pkt); 3200 #elif defined(HAVE_IO_COMPLETION_PORT) 3201 cc = io_completion_port_sendto(src, src->fd, pkt, 3202 (size_t)len, (sockaddr_u *)&dest->sa); 3203 #else 3204 cc = sendto(src->fd, (char *)pkt, (u_int)len, 0, 3205 &dest->sa, SOCKLEN(dest)); 3206 #endif 3207 if (cc == -1) { 3208 src->notsent++; 3209 packets_notsent++; 3210 } else { 3211 src->sent++; 3212 packets_sent++; 3213 } 3214 if (ismcast) 3215 src = src->mclink; 3216 } while (ismcast && src != NULL); 3217 } 3218 3219 3220 #if !defined(HAVE_IO_COMPLETION_PORT) 3221 #if !defined(HAVE_SIGNALED_IO) 3222 /* 3223 * fdbits - generate ascii representation of fd_set (FAU debug support) 3224 * HFDF format - highest fd first. 3225 */ 3226 static char * 3227 fdbits( 3228 int count, 3229 const fd_set* set 3230 ) 3231 { 3232 static char buffer[256]; 3233 char * buf = buffer; 3234 3235 count = min(count, 255); 3236 3237 while (count >= 0) { 3238 *buf++ = FD_ISSET(count, set) ? '#' : '-'; 3239 count--; 3240 } 3241 *buf = '\0'; 3242 3243 return buffer; 3244 } 3245 #endif 3246 3247 #ifdef REFCLOCK 3248 /* 3249 * Routine to read the refclock packets for a specific interface 3250 * Return the number of bytes read. That way we know if we should 3251 * read it again or go on to the next one if no bytes returned 3252 */ 3253 static inline int 3254 read_refclock_packet( 3255 SOCKET fd, 3256 struct refclockio * rp, 3257 l_fp ts 3258 ) 3259 { 3260 u_int read_count; 3261 int buflen; 3262 int saved_errno; 3263 int consumed; 3264 struct recvbuf * rb; 3265 3266 rb = get_free_recv_buffer(); 3267 3268 if (NULL == rb) { 3269 /* 3270 * No buffer space available - just drop the packet 3271 */ 3272 char buf[RX_BUFF_SIZE]; 3273 3274 buflen = read(fd, buf, sizeof buf); 3275 packets_dropped++; 3276 return (buflen); 3277 } 3278 3279 /* TALOS-CAN-0064: avoid signed/unsigned clashes that can lead 3280 * to buffer overrun and memory corruption 3281 */ 3282 if (rp->datalen <= 0 || (size_t)rp->datalen > sizeof(rb->recv_space)) 3283 read_count = sizeof(rb->recv_space); 3284 else 3285 read_count = (u_int)rp->datalen; 3286 do { 3287 buflen = read(fd, (char *)&rb->recv_space, read_count); 3288 } while (buflen < 0 && EINTR == errno); 3289 3290 if (buflen <= 0) { 3291 saved_errno = errno; 3292 freerecvbuf(rb); 3293 errno = saved_errno; 3294 return buflen; 3295 } 3296 3297 /* 3298 * Got one. Mark how and when it got here, 3299 * put it on the full list and do bookkeeping. 3300 */ 3301 rb->recv_length = buflen; 3302 rb->recv_peer = rp->srcclock; 3303 rb->dstadr = 0; 3304 rb->fd = fd; 3305 rb->recv_time = ts; 3306 rb->receiver = rp->clock_recv; 3307 3308 consumed = indicate_refclock_packet(rp, rb); 3309 if (!consumed) { 3310 rp->recvcount++; 3311 packets_received++; 3312 } 3313 3314 return buflen; 3315 } 3316 #endif /* REFCLOCK */ 3317 3318 3319 #ifdef HAVE_PACKET_TIMESTAMP 3320 /* 3321 * extract timestamps from control message buffer 3322 */ 3323 static l_fp 3324 fetch_timestamp( 3325 struct recvbuf * rb, 3326 struct msghdr * msghdr, 3327 l_fp ts 3328 ) 3329 { 3330 struct cmsghdr * cmsghdr; 3331 unsigned long ticks; 3332 double fuzz; 3333 l_fp lfpfuzz; 3334 l_fp nts; 3335 #ifdef DEBUG_TIMING 3336 l_fp dts; 3337 #endif 3338 3339 cmsghdr = CMSG_FIRSTHDR(msghdr); 3340 while (cmsghdr != NULL) { 3341 switch (cmsghdr->cmsg_type) 3342 { 3343 #ifdef HAVE_BINTIME 3344 case SCM_BINTIME: 3345 #endif /* HAVE_BINTIME */ 3346 #ifdef HAVE_TIMESTAMPNS 3347 case SCM_TIMESTAMPNS: 3348 #endif /* HAVE_TIMESTAMPNS */ 3349 #ifdef HAVE_TIMESTAMP 3350 case SCM_TIMESTAMP: 3351 #endif /* HAVE_TIMESTAMP */ 3352 #if defined(HAVE_BINTIME) || defined (HAVE_TIMESTAMPNS) || defined(HAVE_TIMESTAMP) 3353 switch (cmsghdr->cmsg_type) 3354 { 3355 #ifdef HAVE_BINTIME 3356 case SCM_BINTIME: 3357 { 3358 struct bintime pbt; 3359 memcpy(&pbt, CMSG_DATA(cmsghdr), sizeof(pbt)); 3360 /* 3361 * bintime documentation is at http://phk.freebsd.dk/pubs/timecounter.pdf 3362 */ 3363 nts.l_i = pbt.sec + JAN_1970; 3364 nts.l_uf = (u_int32)(pbt.frac >> 32); 3365 if (sys_tick > measured_tick && 3366 sys_tick > 1e-9) { 3367 ticks = (unsigned long)(nts.l_uf / (unsigned long)(sys_tick * FRAC)); 3368 nts.l_uf = (unsigned long)(ticks * (unsigned long)(sys_tick * FRAC)); 3369 } 3370 DPRINTF(4, ("fetch_timestamp: system bintime network time stamp: %ld.%09lu\n", 3371 pbt.sec, (unsigned long)((nts.l_uf / FRAC) * 1e9))); 3372 } 3373 break; 3374 #endif /* HAVE_BINTIME */ 3375 #ifdef HAVE_TIMESTAMPNS 3376 case SCM_TIMESTAMPNS: 3377 { 3378 struct timespec pts; 3379 memcpy(&pts, CMSG_DATA(cmsghdr), sizeof(pts)); 3380 if (sys_tick > measured_tick && 3381 sys_tick > 1e-9) { 3382 ticks = (unsigned long)((pts.tv_nsec * 1e-9) / 3383 sys_tick); 3384 pts.tv_nsec = (long)(ticks * 1e9 * 3385 sys_tick); 3386 } 3387 DPRINTF(4, ("fetch_timestamp: system nsec network time stamp: %ld.%09ld\n", 3388 pts.tv_sec, pts.tv_nsec)); 3389 nts = tspec_stamp_to_lfp(pts); 3390 } 3391 break; 3392 #endif /* HAVE_TIMESTAMPNS */ 3393 #ifdef HAVE_TIMESTAMP 3394 case SCM_TIMESTAMP: 3395 { 3396 struct timeval ptv; 3397 memcpy(&ptv, CMSG_DATA(cmsghdr), sizeof(ptv)); 3398 if (sys_tick > measured_tick && 3399 sys_tick > 1e-6) { 3400 ticks = (unsigned long)((ptv.tv_usec * 1e-6) / 3401 sys_tick); 3402 ptv.tv_usec = (long)(ticks * 1e6 * 3403 sys_tick); 3404 } 3405 DPRINTF(4, ("fetch_timestamp: system usec network time stamp: %jd.%06ld\n", 3406 (intmax_t)ptv.tv_sec, (long)ptv.tv_usec)); 3407 nts = tval_stamp_to_lfp(ptv); 3408 } 3409 break; 3410 #endif /* HAVE_TIMESTAMP */ 3411 } 3412 fuzz = ntp_random() * 2. / FRAC * sys_fuzz; 3413 DTOLFP(fuzz, &lfpfuzz); 3414 L_ADD(&nts, &lfpfuzz); 3415 #ifdef DEBUG_TIMING 3416 dts = ts; 3417 L_SUB(&dts, &nts); 3418 collect_timing(rb, "input processing delay", 1, 3419 &dts); 3420 DPRINTF(4, ("fetch_timestamp: timestamp delta: %s (incl. fuzz)\n", 3421 lfptoa(&dts, 9))); 3422 #endif /* DEBUG_TIMING */ 3423 ts = nts; /* network time stamp */ 3424 break; 3425 #endif /* HAVE_BINTIME || HAVE_TIMESTAMPNS || HAVE_TIMESTAMP */ 3426 3427 default: 3428 DPRINTF(4, ("fetch_timestamp: skipping control message 0x%x\n", 3429 cmsghdr->cmsg_type)); 3430 } 3431 cmsghdr = CMSG_NXTHDR(msghdr, cmsghdr); 3432 } 3433 return ts; 3434 } 3435 #endif /* HAVE_PACKET_TIMESTAMP */ 3436 3437 3438 /* 3439 * Routine to read the network NTP packets for a specific interface 3440 * Return the number of bytes read. That way we know if we should 3441 * read it again or go on to the next one if no bytes returned 3442 */ 3443 static inline int 3444 read_network_packet( 3445 SOCKET fd, 3446 struct interface * itf, 3447 l_fp ts 3448 ) 3449 { 3450 GETSOCKNAME_SOCKLEN_TYPE fromlen; 3451 int buflen; 3452 register struct recvbuf *rb; 3453 #ifdef HAVE_PACKET_TIMESTAMP 3454 struct msghdr msghdr; 3455 struct iovec iovec; 3456 char control[CMSG_BUFSIZE]; 3457 #endif 3458 3459 /* 3460 * Get a buffer and read the frame. If we 3461 * haven't got a buffer, or this is received 3462 * on a disallowed socket, just dump the 3463 * packet. 3464 */ 3465 3466 rb = get_free_recv_buffer(); 3467 if (NULL == rb || itf->ignore_packets) { 3468 char buf[RX_BUFF_SIZE]; 3469 sockaddr_u from; 3470 3471 if (rb != NULL) 3472 freerecvbuf(rb); 3473 3474 fromlen = sizeof(from); 3475 buflen = recvfrom(fd, buf, sizeof(buf), 0, 3476 &from.sa, &fromlen); 3477 DPRINTF(4, ("%s on (%lu) fd=%d from %s\n", 3478 (itf->ignore_packets) 3479 ? "ignore" 3480 : "drop", 3481 free_recvbuffs(), fd, stoa(&from))); 3482 if (itf->ignore_packets) 3483 packets_ignored++; 3484 else 3485 packets_dropped++; 3486 return (buflen); 3487 } 3488 3489 fromlen = sizeof(rb->recv_srcadr); 3490 3491 #ifndef HAVE_PACKET_TIMESTAMP 3492 rb->recv_length = recvfrom(fd, (char *)&rb->recv_space, 3493 sizeof(rb->recv_space), 0, 3494 &rb->recv_srcadr.sa, &fromlen); 3495 #else 3496 iovec.iov_base = &rb->recv_space; 3497 iovec.iov_len = sizeof(rb->recv_space); 3498 msghdr.msg_name = &rb->recv_srcadr; 3499 msghdr.msg_namelen = fromlen; 3500 msghdr.msg_iov = &iovec; 3501 msghdr.msg_iovlen = 1; 3502 msghdr.msg_control = (void *)&control; 3503 msghdr.msg_controllen = sizeof(control); 3504 msghdr.msg_flags = 0; 3505 rb->recv_length = recvmsg(fd, &msghdr, 0); 3506 #endif 3507 3508 buflen = rb->recv_length; 3509 3510 if (buflen == 0 || (buflen == -1 && 3511 (EWOULDBLOCK == errno 3512 #ifdef EAGAIN 3513 || EAGAIN == errno 3514 #endif 3515 ))) { 3516 freerecvbuf(rb); 3517 return (buflen); 3518 } else if (buflen < 0) { 3519 msyslog(LOG_ERR, "recvfrom(%s) fd=%d: %m", 3520 stoa(&rb->recv_srcadr), fd); 3521 DPRINTF(5, ("read_network_packet: fd=%d dropped (bad recvfrom)\n", 3522 fd)); 3523 freerecvbuf(rb); 3524 return (buflen); 3525 } 3526 3527 DPRINTF(3, ("read_network_packet: fd=%d length %d from %s\n", 3528 fd, buflen, stoa(&rb->recv_srcadr))); 3529 3530 #ifdef ENABLE_BUG3020_FIX 3531 if (ISREFCLOCKADR(&rb->recv_srcadr)) { 3532 msyslog(LOG_ERR, "recvfrom(%s) fd=%d: refclock srcadr on a network interface!", 3533 stoa(&rb->recv_srcadr), fd); 3534 DPRINTF(1, ("read_network_packet: fd=%d dropped (refclock srcadr))\n", 3535 fd)); 3536 packets_dropped++; 3537 freerecvbuf(rb); 3538 return (buflen); 3539 } 3540 #endif 3541 3542 /* 3543 ** Bug 2672: Some OSes (MacOSX and Linux) don't block spoofed ::1 3544 */ 3545 3546 if (AF_INET6 == itf->family) { 3547 DPRINTF(2, ("Got an IPv6 packet, from <%s> (%d) to <%s> (%d)\n", 3548 stoa(&rb->recv_srcadr), 3549 IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr)), 3550 stoa(&itf->sin), 3551 !IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&itf->sin)) 3552 )); 3553 3554 if ( IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr)) 3555 && !IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&itf->sin)) 3556 ) { 3557 packets_dropped++; 3558 DPRINTF(2, ("DROPPING that packet\n")); 3559 freerecvbuf(rb); 3560 return buflen; 3561 } 3562 DPRINTF(2, ("processing that packet\n")); 3563 } 3564 3565 /* 3566 * Got one. Mark how and when it got here, 3567 * put it on the full list and do bookkeeping. 3568 */ 3569 rb->dstadr = itf; 3570 rb->fd = fd; 3571 #ifdef HAVE_PACKET_TIMESTAMP 3572 /* pick up a network time stamp if possible */ 3573 ts = fetch_timestamp(rb, &msghdr, ts); 3574 #endif 3575 rb->recv_time = ts; 3576 rb->receiver = receive; 3577 3578 add_full_recv_buffer(rb); 3579 3580 itf->received++; 3581 packets_received++; 3582 return (buflen); 3583 } 3584 3585 /* 3586 * attempt to handle io (select()/signaled IO) 3587 */ 3588 void 3589 io_handler(void) 3590 { 3591 # ifndef HAVE_SIGNALED_IO 3592 fd_set rdfdes; 3593 int nfound; 3594 3595 /* 3596 * Use select() on all on all input fd's for unlimited 3597 * time. select() will terminate on SIGALARM or on the 3598 * reception of input. Using select() means we can't do 3599 * robust signal handling and we get a potential race 3600 * between checking for alarms and doing the select(). 3601 * Mostly harmless, I think. 3602 */ 3603 /* 3604 * On VMS, I suspect that select() can't be interrupted 3605 * by a "signal" either, so I take the easy way out and 3606 * have select() time out after one second. 3607 * System clock updates really aren't time-critical, 3608 * and - lacking a hardware reference clock - I have 3609 * yet to learn about anything else that is. 3610 */ 3611 ++handler_calls; 3612 rdfdes = activefds; 3613 # if !defined(VMS) && !defined(SYS_VXWORKS) 3614 nfound = select(maxactivefd + 1, &rdfdes, NULL, 3615 NULL, NULL); 3616 # else /* VMS, VxWorks */ 3617 /* make select() wake up after one second */ 3618 { 3619 struct timeval t1; 3620 t1.tv_sec = 1; 3621 t1.tv_usec = 0; 3622 nfound = select(maxactivefd + 1, 3623 &rdfdes, NULL, NULL, 3624 &t1); 3625 } 3626 # endif /* VMS, VxWorks */ 3627 if (nfound < 0 && sanitize_fdset(errno)) { 3628 struct timeval t1; 3629 t1.tv_sec = 0; 3630 t1.tv_usec = 0; 3631 rdfdes = activefds; 3632 nfound = select(maxactivefd + 1, 3633 &rdfdes, NULL, NULL, 3634 &t1); 3635 } 3636 3637 if (nfound > 0) { 3638 l_fp ts; 3639 3640 get_systime(&ts); 3641 3642 input_handler_scan(&ts, &rdfdes); 3643 } else if (nfound == -1 && errno != EINTR) { 3644 msyslog(LOG_ERR, "select() error: %m"); 3645 } 3646 # ifdef DEBUG 3647 else if (debug > 4) { 3648 msyslog(LOG_DEBUG, "select(): nfound=%d, error: %m", nfound); 3649 } else { 3650 DPRINTF(3, ("select() returned %d: %m\n", nfound)); 3651 } 3652 # endif /* DEBUG */ 3653 # else /* HAVE_SIGNALED_IO */ 3654 wait_for_signal(); 3655 # endif /* HAVE_SIGNALED_IO */ 3656 } 3657 3658 #ifdef HAVE_SIGNALED_IO 3659 /* 3660 * input_handler - receive packets asynchronously 3661 * 3662 * ALWAYS IN SIGNAL HANDLER CONTEXT -- only async-safe functions allowed! 3663 */ 3664 static RETSIGTYPE 3665 input_handler( 3666 l_fp * cts 3667 ) 3668 { 3669 int n; 3670 struct timeval tvzero; 3671 fd_set fds; 3672 3673 ++handler_calls; 3674 3675 /* 3676 * Do a poll to see who has data 3677 */ 3678 3679 fds = activefds; 3680 tvzero.tv_sec = tvzero.tv_usec = 0; 3681 3682 n = select(maxactivefd + 1, &fds, NULL, NULL, &tvzero); 3683 if (n < 0 && sanitize_fdset(errno)) { 3684 fds = activefds; 3685 tvzero.tv_sec = tvzero.tv_usec = 0; 3686 n = select(maxactivefd + 1, &fds, NULL, NULL, &tvzero); 3687 } 3688 if (n > 0) 3689 input_handler_scan(cts, &fds); 3690 } 3691 #endif /* HAVE_SIGNALED_IO */ 3692 3693 3694 /* 3695 * Try to sanitize the global FD set 3696 * 3697 * SIGNAL HANDLER CONTEXT if HAVE_SIGNALED_IO, ordinary userspace otherwise 3698 */ 3699 static int/*BOOL*/ 3700 sanitize_fdset( 3701 int errc 3702 ) 3703 { 3704 int j, b, maxscan; 3705 3706 # ifndef HAVE_SIGNALED_IO 3707 /* 3708 * extended FAU debugging output 3709 */ 3710 if (errc != EINTR) { 3711 msyslog(LOG_ERR, 3712 "select(%d, %s, 0L, 0L, &0.0) error: %m", 3713 maxactivefd + 1, 3714 fdbits(maxactivefd, &activefds)); 3715 } 3716 # endif 3717 3718 if (errc != EBADF) 3719 return FALSE; 3720 3721 /* if we have oviously bad FDs, try to sanitize the FD set. */ 3722 for (j = 0, maxscan = 0; j <= maxactivefd; j++) { 3723 if (FD_ISSET(j, &activefds)) { 3724 if (-1 != read(j, &b, 0)) { 3725 maxscan = j; 3726 continue; 3727 } 3728 # ifndef HAVE_SIGNALED_IO 3729 msyslog(LOG_ERR, 3730 "Removing bad file descriptor %d from select set", 3731 j); 3732 # endif 3733 FD_CLR(j, &activefds); 3734 } 3735 } 3736 if (maxactivefd != maxscan) 3737 maxactivefd = maxscan; 3738 return TRUE; 3739 } 3740 3741 /* 3742 * scan the known FDs (clocks, servers, ...) for presence in a 'fd_set'. 3743 * 3744 * SIGNAL HANDLER CONTEXT if HAVE_SIGNALED_IO, ordinary userspace otherwise 3745 */ 3746 static void 3747 input_handler_scan( 3748 const l_fp * cts, 3749 const fd_set * pfds 3750 ) 3751 { 3752 int buflen; 3753 u_int idx; 3754 int doing; 3755 SOCKET fd; 3756 blocking_child *c; 3757 l_fp ts; /* Timestamp at BOselect() gob */ 3758 3759 #if defined(DEBUG_TIMING) 3760 l_fp ts_e; /* Timestamp at EOselect() gob */ 3761 #endif 3762 endpt * ep; 3763 #ifdef REFCLOCK 3764 struct refclockio *rp; 3765 int saved_errno; 3766 const char * clk; 3767 #endif 3768 #ifdef HAS_ROUTING_SOCKET 3769 struct asyncio_reader * asyncio_reader; 3770 struct asyncio_reader * next_asyncio_reader; 3771 #endif 3772 3773 ++handler_pkts; 3774 ts = *cts; 3775 3776 #ifdef REFCLOCK 3777 /* 3778 * Check out the reference clocks first, if any 3779 */ 3780 3781 for (rp = refio; rp != NULL; rp = rp->next) { 3782 fd = rp->fd; 3783 3784 if (!FD_ISSET(fd, pfds)) 3785 continue; 3786 buflen = read_refclock_packet(fd, rp, ts); 3787 /* 3788 * The first read must succeed after select() indicates 3789 * readability, or we've reached a permanent EOF. 3790 * http://bugs.ntp.org/1732 reported ntpd munching CPU 3791 * after a USB GPS was unplugged because select was 3792 * indicating EOF but ntpd didn't remove the descriptor 3793 * from the activefds set. 3794 */ 3795 if (buflen < 0 && EAGAIN != errno) { 3796 saved_errno = errno; 3797 clk = refnumtoa(&rp->srcclock->srcadr); 3798 errno = saved_errno; 3799 msyslog(LOG_ERR, "%s read: %m", clk); 3800 maintain_activefds(fd, TRUE); 3801 } else if (0 == buflen) { 3802 clk = refnumtoa(&rp->srcclock->srcadr); 3803 msyslog(LOG_ERR, "%s read EOF", clk); 3804 maintain_activefds(fd, TRUE); 3805 } else { 3806 /* drain any remaining refclock input */ 3807 do { 3808 buflen = read_refclock_packet(fd, rp, ts); 3809 } while (buflen > 0); 3810 } 3811 } 3812 #endif /* REFCLOCK */ 3813 3814 /* 3815 * Loop through the interfaces looking for data to read. 3816 */ 3817 for (ep = ep_list; ep != NULL; ep = ep->elink) { 3818 for (doing = 0; doing < 2; doing++) { 3819 if (!doing) { 3820 fd = ep->fd; 3821 } else { 3822 if (!(ep->flags & INT_BCASTOPEN)) 3823 break; 3824 fd = ep->bfd; 3825 } 3826 if (fd < 0) 3827 continue; 3828 if (FD_ISSET(fd, pfds)) 3829 do { 3830 buflen = read_network_packet( 3831 fd, ep, ts); 3832 } while (buflen > 0); 3833 /* Check more interfaces */ 3834 } 3835 } 3836 3837 #ifdef HAS_ROUTING_SOCKET 3838 /* 3839 * scan list of asyncio readers - currently only used for routing sockets 3840 */ 3841 asyncio_reader = asyncio_reader_list; 3842 3843 while (asyncio_reader != NULL) { 3844 /* callback may unlink and free asyncio_reader */ 3845 next_asyncio_reader = asyncio_reader->link; 3846 if (FD_ISSET(asyncio_reader->fd, pfds)) 3847 (*asyncio_reader->receiver)(asyncio_reader); 3848 asyncio_reader = next_asyncio_reader; 3849 } 3850 #endif /* HAS_ROUTING_SOCKET */ 3851 3852 /* 3853 * Check for a response from a blocking child 3854 */ 3855 for (idx = 0; idx < blocking_children_alloc; idx++) { 3856 c = blocking_children[idx]; 3857 if (NULL == c || -1 == c->resp_read_pipe) 3858 continue; 3859 if (FD_ISSET(c->resp_read_pipe, pfds)) { 3860 ++c->resp_ready_seen; 3861 ++blocking_child_ready_seen; 3862 } 3863 } 3864 3865 /* We've done our work */ 3866 #if defined(DEBUG_TIMING) 3867 get_systime(&ts_e); 3868 /* 3869 * (ts_e - ts) is the amount of time we spent 3870 * processing this gob of file descriptors. Log 3871 * it. 3872 */ 3873 L_SUB(&ts_e, &ts); 3874 collect_timing(NULL, "input handler", 1, &ts_e); 3875 if (debug > 3) 3876 msyslog(LOG_DEBUG, 3877 "input_handler: Processed a gob of fd's in %s msec", 3878 lfptoms(&ts_e, 6)); 3879 #endif /* DEBUG_TIMING */ 3880 } 3881 #endif /* !HAVE_IO_COMPLETION_PORT */ 3882 3883 /* 3884 * find an interface suitable for the src address 3885 */ 3886 endpt * 3887 select_peerinterface( 3888 struct peer * peer, 3889 sockaddr_u * srcadr, 3890 endpt * dstadr 3891 ) 3892 { 3893 endpt *ep; 3894 #ifndef SIM 3895 endpt *wild; 3896 3897 wild = ANY_INTERFACE_CHOOSE(srcadr); 3898 3899 /* 3900 * Initialize the peer structure and dance the interface jig. 3901 * Reference clocks step the loopback waltz, the others 3902 * squaredance around the interface list looking for a buddy. If 3903 * the dance peters out, there is always the wildcard interface. 3904 * This might happen in some systems and would preclude proper 3905 * operation with public key cryptography. 3906 */ 3907 if (ISREFCLOCKADR(srcadr)) { 3908 ep = loopback_interface; 3909 } else if (peer->cast_flags & 3910 (MDF_BCLNT | MDF_ACAST | MDF_MCAST | MDF_BCAST)) { 3911 ep = findbcastinter(srcadr); 3912 if (ep != NULL) 3913 DPRINTF(4, ("Found *-cast interface %s for address %s\n", 3914 stoa(&ep->sin), stoa(srcadr))); 3915 else 3916 DPRINTF(4, ("No *-cast local address found for address %s\n", 3917 stoa(srcadr))); 3918 } else { 3919 ep = dstadr; 3920 if (NULL == ep) 3921 ep = wild; 3922 } 3923 /* 3924 * If it is a multicast address, findbcastinter() may not find 3925 * it. For unicast, we get to find the interface when dstadr is 3926 * given to us as the wildcard (ANY_INTERFACE_CHOOSE). Either 3927 * way, try a little harder. 3928 */ 3929 if (wild == ep) 3930 ep = findinterface(srcadr); 3931 /* 3932 * we do not bind to the wildcard interfaces for output 3933 * as our (network) source address would be undefined and 3934 * crypto will not work without knowing the own transmit address 3935 */ 3936 if (ep != NULL && INT_WILDCARD & ep->flags) 3937 if (!accept_wildcard_if_for_winnt) 3938 ep = NULL; 3939 #else /* SIM follows */ 3940 ep = loopback_interface; 3941 #endif 3942 3943 return ep; 3944 } 3945 3946 3947 /* 3948 * findinterface - find local interface corresponding to address 3949 */ 3950 endpt * 3951 findinterface( 3952 sockaddr_u *addr 3953 ) 3954 { 3955 endpt *iface; 3956 3957 iface = findlocalinterface(addr, INT_WILDCARD, 0); 3958 3959 if (NULL == iface) { 3960 DPRINTF(4, ("Found no interface for address %s - returning wildcard\n", 3961 stoa(addr))); 3962 3963 iface = ANY_INTERFACE_CHOOSE(addr); 3964 } else 3965 DPRINTF(4, ("Found interface #%d %s for address %s\n", 3966 iface->ifnum, iface->name, stoa(addr))); 3967 3968 return iface; 3969 } 3970 3971 /* 3972 * findlocalinterface - find local interface corresponding to addr, 3973 * which does not have any of flags set. If bast is nonzero, addr is 3974 * a broadcast address. 3975 * 3976 * This code attempts to find the local sending address for an outgoing 3977 * address by connecting a new socket to destinationaddress:NTP_PORT 3978 * and reading the sockname of the resulting connect. 3979 * the complicated sequence simulates the routing table lookup 3980 * for to first hop without duplicating any of the routing logic into 3981 * ntpd. preferably we would have used an API call - but its not there - 3982 * so this is the best we can do here short of duplicating to entire routing 3983 * logic in ntpd which would be a silly and really unportable thing to do. 3984 * 3985 */ 3986 static endpt * 3987 findlocalinterface( 3988 sockaddr_u * addr, 3989 int flags, 3990 int bcast 3991 ) 3992 { 3993 GETSOCKNAME_SOCKLEN_TYPE sockaddrlen; 3994 endpt * iface; 3995 sockaddr_u saddr; 3996 SOCKET s; 3997 int rtn; 3998 int on; 3999 4000 DPRINTF(4, ("Finding interface for addr %s in list of addresses\n", 4001 stoa(addr))); 4002 4003 s = socket(AF(addr), SOCK_DGRAM, 0); 4004 if (INVALID_SOCKET == s) 4005 return NULL; 4006 4007 /* 4008 * If we are looking for broadcast interface we need to set this 4009 * socket to allow broadcast 4010 */ 4011 if (bcast) { 4012 on = 1; 4013 if (SOCKET_ERROR == setsockopt(s, SOL_SOCKET, 4014 SO_BROADCAST, 4015 (char *)&on, 4016 sizeof(on))) { 4017 closesocket(s); 4018 return NULL; 4019 } 4020 } 4021 4022 rtn = connect(s, &addr->sa, SOCKLEN(addr)); 4023 if (SOCKET_ERROR == rtn) { 4024 closesocket(s); 4025 return NULL; 4026 } 4027 4028 sockaddrlen = sizeof(saddr); 4029 rtn = getsockname(s, &saddr.sa, &sockaddrlen); 4030 closesocket(s); 4031 if (SOCKET_ERROR == rtn) 4032 return NULL; 4033 4034 DPRINTF(4, ("findlocalinterface: kernel maps %s to %s\n", 4035 stoa(addr), stoa(&saddr))); 4036 4037 iface = getinterface(&saddr, flags); 4038 4039 /* 4040 * if we didn't find an exact match on saddr, find the closest 4041 * available local address. This handles the case of the 4042 * address suggested by the kernel being excluded by nic rules 4043 * or the user's -I and -L options to ntpd. 4044 * See http://bugs.ntp.org/1184 and http://bugs.ntp.org/1683 4045 * for more background. 4046 */ 4047 if (NULL == iface || iface->ignore_packets) 4048 iface = findclosestinterface(&saddr, 4049 flags | INT_LOOPBACK); 4050 4051 /* Don't use an interface which will ignore replies */ 4052 if (iface != NULL && iface->ignore_packets) 4053 iface = NULL; 4054 4055 return iface; 4056 } 4057 4058 4059 /* 4060 * findclosestinterface 4061 * 4062 * If there are -I/--interface or -L/novirtualips command-line options, 4063 * or "nic" or "interface" rules in ntp.conf, findlocalinterface() may 4064 * find the kernel's preferred local address for a given peer address is 4065 * administratively unavailable to ntpd, and punt to this routine's more 4066 * expensive search. 4067 * 4068 * Find the numerically closest local address to the one connect() 4069 * suggested. This matches an address on the same subnet first, as 4070 * needed by Bug 1184, and provides a consistent choice if there are 4071 * multiple feasible local addresses, regardless of the order ntpd 4072 * enumerated them. 4073 */ 4074 endpt * 4075 findclosestinterface( 4076 sockaddr_u * addr, 4077 int flags 4078 ) 4079 { 4080 endpt * ep; 4081 endpt * winner; 4082 sockaddr_u addr_dist; 4083 sockaddr_u min_dist; 4084 4085 ZERO_SOCK(&min_dist); 4086 winner = NULL; 4087 4088 for (ep = ep_list; ep != NULL; ep = ep->elink) { 4089 if (ep->ignore_packets || 4090 AF(addr) != ep->family || 4091 flags & ep->flags) 4092 continue; 4093 4094 calc_addr_distance(&addr_dist, addr, &ep->sin); 4095 if (NULL == winner || 4096 -1 == cmp_addr_distance(&addr_dist, &min_dist)) { 4097 min_dist = addr_dist; 4098 winner = ep; 4099 } 4100 } 4101 if (NULL == winner) 4102 DPRINTF(4, ("findclosestinterface(%s) failed\n", 4103 stoa(addr))); 4104 else 4105 DPRINTF(4, ("findclosestinterface(%s) -> %s\n", 4106 stoa(addr), stoa(&winner->sin))); 4107 4108 return winner; 4109 } 4110 4111 4112 /* 4113 * calc_addr_distance - calculate the distance between two addresses, 4114 * the absolute value of the difference between 4115 * the addresses numerically, stored as an address. 4116 */ 4117 static void 4118 calc_addr_distance( 4119 sockaddr_u * dist, 4120 const sockaddr_u * a1, 4121 const sockaddr_u * a2 4122 ) 4123 { 4124 u_int32 a1val; 4125 u_int32 a2val; 4126 u_int32 v4dist; 4127 int found_greater; 4128 int a1_greater; 4129 int i; 4130 4131 REQUIRE(AF(a1) == AF(a2)); 4132 4133 ZERO_SOCK(dist); 4134 AF(dist) = AF(a1); 4135 4136 /* v4 can be done a bit simpler */ 4137 if (IS_IPV4(a1)) { 4138 a1val = SRCADR(a1); 4139 a2val = SRCADR(a2); 4140 v4dist = (a1val > a2val) 4141 ? a1val - a2val 4142 : a2val - a1val; 4143 SET_ADDR4(dist, v4dist); 4144 4145 return; 4146 } 4147 4148 found_greater = FALSE; 4149 a1_greater = FALSE; /* suppress pot. uninit. warning */ 4150 for (i = 0; i < (int)sizeof(NSRCADR6(a1)); i++) { 4151 if (!found_greater && 4152 NSRCADR6(a1)[i] != NSRCADR6(a2)[i]) { 4153 found_greater = TRUE; 4154 a1_greater = (NSRCADR6(a1)[i] > NSRCADR6(a2)[i]); 4155 } 4156 if (!found_greater) { 4157 NSRCADR6(dist)[i] = 0; 4158 } else { 4159 if (a1_greater) 4160 NSRCADR6(dist)[i] = NSRCADR6(a1)[i] - 4161 NSRCADR6(a2)[i]; 4162 else 4163 NSRCADR6(dist)[i] = NSRCADR6(a2)[i] - 4164 NSRCADR6(a1)[i]; 4165 } 4166 } 4167 } 4168 4169 4170 /* 4171 * cmp_addr_distance - compare two address distances, returning -1, 0, 4172 * 1 to indicate their relationship. 4173 */ 4174 static int 4175 cmp_addr_distance( 4176 const sockaddr_u * d1, 4177 const sockaddr_u * d2 4178 ) 4179 { 4180 int i; 4181 4182 REQUIRE(AF(d1) == AF(d2)); 4183 4184 if (IS_IPV4(d1)) { 4185 if (SRCADR(d1) < SRCADR(d2)) 4186 return -1; 4187 else if (SRCADR(d1) == SRCADR(d2)) 4188 return 0; 4189 else 4190 return 1; 4191 } 4192 4193 for (i = 0; i < (int)sizeof(NSRCADR6(d1)); i++) { 4194 if (NSRCADR6(d1)[i] < NSRCADR6(d2)[i]) 4195 return -1; 4196 else if (NSRCADR6(d1)[i] > NSRCADR6(d2)[i]) 4197 return 1; 4198 } 4199 4200 return 0; 4201 } 4202 4203 4204 4205 /* 4206 * fetch an interface structure the matches the 4207 * address and has the given flags NOT set 4208 */ 4209 endpt * 4210 getinterface( 4211 sockaddr_u * addr, 4212 u_int32 flags 4213 ) 4214 { 4215 endpt *iface; 4216 4217 iface = find_addr_in_list(addr); 4218 4219 if (iface != NULL && (iface->flags & flags)) 4220 iface = NULL; 4221 4222 return iface; 4223 } 4224 4225 4226 /* 4227 * findbcastinter - find broadcast interface corresponding to address 4228 */ 4229 endpt * 4230 findbcastinter( 4231 sockaddr_u *addr 4232 ) 4233 { 4234 endpt * iface; 4235 4236 iface = NULL; 4237 #if !defined(MPE) && (defined(SIOCGIFCONF) || defined(SYS_WINNT)) 4238 DPRINTF(4, ("Finding broadcast/multicast interface for addr %s in list of addresses\n", 4239 stoa(addr))); 4240 4241 iface = findlocalinterface(addr, INT_LOOPBACK | INT_WILDCARD, 4242 1); 4243 if (iface != NULL) { 4244 DPRINTF(4, ("Easily found bcast-/mcast- interface index #%d %s\n", 4245 iface->ifnum, iface->name)); 4246 return iface; 4247 } 4248 4249 /* 4250 * plan B - try to find something reasonable in our lists in 4251 * case kernel lookup doesn't help 4252 */ 4253 for (iface = ep_list; iface != NULL; iface = iface->elink) { 4254 if (iface->flags & INT_WILDCARD) 4255 continue; 4256 4257 /* Don't bother with ignored interfaces */ 4258 if (iface->ignore_packets) 4259 continue; 4260 4261 /* 4262 * First look if this is the correct family 4263 */ 4264 if(AF(&iface->sin) != AF(addr)) 4265 continue; 4266 4267 /* Skip the loopback addresses */ 4268 if (iface->flags & INT_LOOPBACK) 4269 continue; 4270 4271 /* 4272 * If we are looking to match a multicast address and 4273 * this interface is one... 4274 */ 4275 if (addr_ismulticast(addr) 4276 && (iface->flags & INT_MULTICAST)) { 4277 #ifdef INCLUDE_IPV6_SUPPORT 4278 /* 4279 * ...it is the winner unless we're looking for 4280 * an interface to use for link-local multicast 4281 * and its address is not link-local. 4282 */ 4283 if (IS_IPV6(addr) 4284 && IN6_IS_ADDR_MC_LINKLOCAL(PSOCK_ADDR6(addr)) 4285 && !IN6_IS_ADDR_LINKLOCAL(PSOCK_ADDR6(&iface->sin))) 4286 continue; 4287 #endif 4288 break; 4289 } 4290 4291 /* 4292 * We match only those interfaces marked as 4293 * broadcastable and either the explicit broadcast 4294 * address or the network portion of the IP address. 4295 * Sloppy. 4296 */ 4297 if (IS_IPV4(addr)) { 4298 if (SOCK_EQ(&iface->bcast, addr)) 4299 break; 4300 4301 if ((NSRCADR(&iface->sin) & NSRCADR(&iface->mask)) 4302 == (NSRCADR(addr) & NSRCADR(&iface->mask))) 4303 break; 4304 } 4305 #ifdef INCLUDE_IPV6_SUPPORT 4306 else if (IS_IPV6(addr)) { 4307 if (SOCK_EQ(&iface->bcast, addr)) 4308 break; 4309 4310 if (SOCK_EQ(netof(&iface->sin), netof(addr))) 4311 break; 4312 } 4313 #endif 4314 } 4315 #endif /* SIOCGIFCONF */ 4316 if (NULL == iface) { 4317 DPRINTF(4, ("No bcast interface found for %s\n", 4318 stoa(addr))); 4319 iface = ANY_INTERFACE_CHOOSE(addr); 4320 } else { 4321 DPRINTF(4, ("Found bcast-/mcast- interface index #%d %s\n", 4322 iface->ifnum, iface->name)); 4323 } 4324 4325 return iface; 4326 } 4327 4328 4329 /* 4330 * io_clr_stats - clear I/O module statistics 4331 */ 4332 void 4333 io_clr_stats(void) 4334 { 4335 packets_dropped = 0; 4336 packets_ignored = 0; 4337 packets_received = 0; 4338 packets_sent = 0; 4339 packets_notsent = 0; 4340 4341 handler_calls = 0; 4342 handler_pkts = 0; 4343 io_timereset = current_time; 4344 } 4345 4346 4347 #ifdef REFCLOCK 4348 /* 4349 * io_addclock - add a reference clock to the list and arrange that we 4350 * get SIGIO interrupts from it. 4351 */ 4352 int 4353 io_addclock( 4354 struct refclockio *rio 4355 ) 4356 { 4357 BLOCKIO(); 4358 4359 /* 4360 * Stuff the I/O structure in the list and mark the descriptor 4361 * in use. There is a harmless (I hope) race condition here. 4362 */ 4363 rio->active = TRUE; 4364 4365 # ifdef HAVE_SIGNALED_IO 4366 if (init_clock_sig(rio)) { 4367 UNBLOCKIO(); 4368 return 0; 4369 } 4370 # elif defined(HAVE_IO_COMPLETION_PORT) 4371 if (!io_completion_port_add_clock_io(rio)) { 4372 UNBLOCKIO(); 4373 return 0; 4374 } 4375 # endif 4376 4377 /* 4378 * enqueue 4379 */ 4380 LINK_SLIST(refio, rio, next); 4381 4382 /* 4383 * register fd 4384 */ 4385 add_fd_to_list(rio->fd, FD_TYPE_FILE); 4386 4387 UNBLOCKIO(); 4388 return 1; 4389 } 4390 4391 4392 /* 4393 * io_closeclock - close the clock in the I/O structure given 4394 */ 4395 void 4396 io_closeclock( 4397 struct refclockio *rio 4398 ) 4399 { 4400 struct refclockio *unlinked; 4401 4402 BLOCKIO(); 4403 4404 /* 4405 * Remove structure from the list 4406 */ 4407 rio->active = FALSE; 4408 UNLINK_SLIST(unlinked, refio, rio, next, struct refclockio); 4409 if (NULL != unlinked) { 4410 /* Close the descriptor. The order of operations is 4411 * important here in case of async / overlapped IO: 4412 * only after we have removed the clock from the 4413 * IO completion port we can be sure no further 4414 * input is queued. So... 4415 * - we first disable feeding to the queu by removing 4416 * the clock from the IO engine 4417 * - close the file (which brings down any IO on it) 4418 * - clear the buffer from results for this fd 4419 */ 4420 # ifdef HAVE_IO_COMPLETION_PORT 4421 io_completion_port_remove_clock_io(rio); 4422 # endif 4423 close_and_delete_fd_from_list(rio->fd); 4424 purge_recv_buffers_for_fd(rio->fd); 4425 rio->fd = -1; 4426 } 4427 4428 UNBLOCKIO(); 4429 } 4430 #endif /* REFCLOCK */ 4431 4432 4433 /* 4434 * On NT a SOCKET is an unsigned int so we cannot possibly keep it in 4435 * an array. So we use one of the ISC_LIST functions to hold the 4436 * socket value and use that when we want to enumerate it. 4437 * 4438 * This routine is called by the forked intres child process to close 4439 * all open sockets. On Windows there's no need as intres runs in 4440 * the same process as a thread. 4441 */ 4442 #ifndef SYS_WINNT 4443 void 4444 kill_asyncio( 4445 int startfd 4446 ) 4447 { 4448 BLOCKIO(); 4449 4450 /* 4451 * In the child process we do not maintain activefds and 4452 * maxactivefd. Zeroing maxactivefd disables code which 4453 * maintains it in close_and_delete_fd_from_list(). 4454 */ 4455 maxactivefd = 0; 4456 4457 while (fd_list != NULL) 4458 close_and_delete_fd_from_list(fd_list->fd); 4459 4460 UNBLOCKIO(); 4461 } 4462 #endif /* !SYS_WINNT */ 4463 4464 4465 /* 4466 * Add and delete functions for the list of open sockets 4467 */ 4468 static void 4469 add_fd_to_list( 4470 SOCKET fd, 4471 enum desc_type type 4472 ) 4473 { 4474 vsock_t *lsock = emalloc(sizeof(*lsock)); 4475 4476 lsock->fd = fd; 4477 lsock->type = type; 4478 4479 LINK_SLIST(fd_list, lsock, link); 4480 maintain_activefds(fd, 0); 4481 } 4482 4483 4484 static void 4485 close_and_delete_fd_from_list( 4486 SOCKET fd 4487 ) 4488 { 4489 vsock_t *lsock; 4490 4491 UNLINK_EXPR_SLIST(lsock, fd_list, fd == 4492 UNLINK_EXPR_SLIST_CURRENT()->fd, link, vsock_t); 4493 4494 if (NULL == lsock) 4495 return; 4496 4497 switch (lsock->type) { 4498 4499 case FD_TYPE_SOCKET: 4500 closesocket(lsock->fd); 4501 break; 4502 4503 case FD_TYPE_FILE: 4504 closeserial((int)lsock->fd); 4505 break; 4506 4507 default: 4508 msyslog(LOG_ERR, 4509 "internal error - illegal descriptor type %d - EXITING", 4510 (int)lsock->type); 4511 exit(1); 4512 } 4513 4514 free(lsock); 4515 /* 4516 * remove from activefds 4517 */ 4518 maintain_activefds(fd, 1); 4519 } 4520 4521 4522 static void 4523 add_addr_to_list( 4524 sockaddr_u * addr, 4525 endpt * ep 4526 ) 4527 { 4528 remaddr_t *laddr; 4529 4530 #ifdef DEBUG 4531 if (find_addr_in_list(addr) == NULL) { 4532 #endif 4533 /* not there yet - add to list */ 4534 laddr = emalloc(sizeof(*laddr)); 4535 laddr->addr = *addr; 4536 laddr->ep = ep; 4537 4538 LINK_SLIST(remoteaddr_list, laddr, link); 4539 4540 DPRINTF(4, ("Added addr %s to list of addresses\n", 4541 stoa(addr))); 4542 #ifdef DEBUG 4543 } else 4544 DPRINTF(4, ("WARNING: Attempt to add duplicate addr %s to address list\n", 4545 stoa(addr))); 4546 #endif 4547 } 4548 4549 4550 static void 4551 delete_addr_from_list( 4552 sockaddr_u *addr 4553 ) 4554 { 4555 remaddr_t *unlinked; 4556 4557 UNLINK_EXPR_SLIST(unlinked, remoteaddr_list, SOCK_EQ(addr, 4558 &(UNLINK_EXPR_SLIST_CURRENT()->addr)), link, remaddr_t); 4559 4560 if (unlinked != NULL) { 4561 DPRINTF(4, ("Deleted addr %s from list of addresses\n", 4562 stoa(addr))); 4563 free(unlinked); 4564 } 4565 } 4566 4567 4568 static void 4569 delete_interface_from_list( 4570 endpt *iface 4571 ) 4572 { 4573 remaddr_t *unlinked; 4574 4575 for (;;) { 4576 UNLINK_EXPR_SLIST(unlinked, remoteaddr_list, iface == 4577 UNLINK_EXPR_SLIST_CURRENT()->ep, link, 4578 remaddr_t); 4579 4580 if (unlinked == NULL) 4581 break; 4582 DPRINTF(4, ("Deleted addr %s for interface #%d %s from list of addresses\n", 4583 stoa(&unlinked->addr), iface->ifnum, 4584 iface->name)); 4585 free(unlinked); 4586 } 4587 } 4588 4589 4590 static struct interface * 4591 find_addr_in_list( 4592 sockaddr_u *addr 4593 ) 4594 { 4595 remaddr_t *entry; 4596 4597 DPRINTF(4, ("Searching for addr %s in list of addresses - ", 4598 stoa(addr))); 4599 4600 for (entry = remoteaddr_list; 4601 entry != NULL; 4602 entry = entry->link) 4603 if (SOCK_EQ(&entry->addr, addr)) { 4604 DPRINTF(4, ("FOUND\n")); 4605 return entry->ep; 4606 } 4607 4608 DPRINTF(4, ("NOT FOUND\n")); 4609 return NULL; 4610 } 4611 4612 4613 /* 4614 * Find the given address with the all given flags set in the list 4615 */ 4616 static endpt * 4617 find_flagged_addr_in_list( 4618 sockaddr_u * addr, 4619 u_int32 flags 4620 ) 4621 { 4622 remaddr_t *entry; 4623 4624 DPRINTF(4, ("Finding addr %s with flags %d in list: ", 4625 stoa(addr), flags)); 4626 4627 for (entry = remoteaddr_list; 4628 entry != NULL; 4629 entry = entry->link) 4630 4631 if (SOCK_EQ(&entry->addr, addr) 4632 && (entry->ep->flags & flags) == flags) { 4633 4634 DPRINTF(4, ("FOUND\n")); 4635 return entry->ep; 4636 } 4637 4638 DPRINTF(4, ("NOT FOUND\n")); 4639 return NULL; 4640 } 4641 4642 4643 const char * 4644 localaddrtoa( 4645 endpt *la 4646 ) 4647 { 4648 return (NULL == la) 4649 ? "<null>" 4650 : stoa(&la->sin); 4651 } 4652 4653 4654 #ifdef HAS_ROUTING_SOCKET 4655 # ifndef UPDATE_GRACE 4656 # define UPDATE_GRACE 2 /* wait UPDATE_GRACE seconds before scanning */ 4657 # endif 4658 4659 static void 4660 process_routing_msgs(struct asyncio_reader *reader) 4661 { 4662 char buffer[5120]; 4663 int cnt, msg_type; 4664 #ifdef HAVE_RTNETLINK 4665 struct nlmsghdr *nh; 4666 #else 4667 struct rt_msghdr rtm; 4668 char *p; 4669 #endif 4670 4671 if (disable_dynamic_updates) { 4672 /* 4673 * discard ourselves if we are not needed any more 4674 * usually happens when running unprivileged 4675 */ 4676 remove_asyncio_reader(reader); 4677 delete_asyncio_reader(reader); 4678 return; 4679 } 4680 4681 cnt = read(reader->fd, buffer, sizeof(buffer)); 4682 4683 if (cnt < 0) { 4684 if (errno == ENOBUFS) { 4685 msyslog(LOG_ERR, 4686 "routing socket reports: %m"); 4687 } else { 4688 msyslog(LOG_ERR, 4689 "routing socket reports: %m - disabling"); 4690 remove_asyncio_reader(reader); 4691 delete_asyncio_reader(reader); 4692 } 4693 return; 4694 } 4695 4696 /* 4697 * process routing message 4698 */ 4699 #ifdef HAVE_RTNETLINK 4700 for (nh = UA_PTR(struct nlmsghdr, buffer); 4701 NLMSG_OK(nh, cnt); 4702 nh = NLMSG_NEXT(nh, cnt)) { 4703 msg_type = nh->nlmsg_type; 4704 #else 4705 for (p = buffer; 4706 (p + sizeof(struct rt_msghdr)) <= (buffer + cnt); 4707 p += rtm.rtm_msglen) { 4708 memcpy(&rtm, p, sizeof(rtm)); 4709 if (rtm.rtm_version != RTM_VERSION) { 4710 msyslog(LOG_ERR, 4711 "version mismatch (got %d - expected %d) on routing socket - disabling", 4712 rtm.rtm_version, RTM_VERSION); 4713 4714 remove_asyncio_reader(reader); 4715 delete_asyncio_reader(reader); 4716 return; 4717 } 4718 msg_type = rtm.rtm_type; 4719 #endif 4720 switch (msg_type) { 4721 #ifdef RTM_NEWADDR 4722 case RTM_NEWADDR: 4723 #endif 4724 #ifdef RTM_DELADDR 4725 case RTM_DELADDR: 4726 #endif 4727 #ifdef RTM_ADD 4728 case RTM_ADD: 4729 #endif 4730 #ifdef RTM_DELETE 4731 case RTM_DELETE: 4732 #endif 4733 #ifdef RTM_REDIRECT 4734 case RTM_REDIRECT: 4735 #endif 4736 #ifdef RTM_CHANGE 4737 case RTM_CHANGE: 4738 #endif 4739 #ifdef RTM_LOSING 4740 case RTM_LOSING: 4741 #endif 4742 #ifdef RTM_IFINFO 4743 case RTM_IFINFO: 4744 #endif 4745 #ifdef RTM_IFANNOUNCE 4746 case RTM_IFANNOUNCE: 4747 #endif 4748 #ifdef RTM_NEWLINK 4749 case RTM_NEWLINK: 4750 #endif 4751 #ifdef RTM_DELLINK 4752 case RTM_DELLINK: 4753 #endif 4754 #ifdef RTM_NEWROUTE 4755 case RTM_NEWROUTE: 4756 #endif 4757 #ifdef RTM_DELROUTE 4758 case RTM_DELROUTE: 4759 #endif 4760 /* 4761 * we are keen on new and deleted addresses and 4762 * if an interface goes up and down or routing 4763 * changes 4764 */ 4765 DPRINTF(3, ("routing message op = %d: scheduling interface update\n", 4766 msg_type)); 4767 timer_interfacetimeout(current_time + UPDATE_GRACE); 4768 break; 4769 #ifdef HAVE_RTNETLINK 4770 case NLMSG_DONE: 4771 /* end of multipart message */ 4772 return; 4773 #endif 4774 default: 4775 /* 4776 * the rest doesn't bother us. 4777 */ 4778 DPRINTF(4, ("routing message op = %d: ignored\n", 4779 msg_type)); 4780 break; 4781 } 4782 } 4783 } 4784 4785 /* 4786 * set up routing notifications 4787 */ 4788 static void 4789 init_async_notifications() 4790 { 4791 struct asyncio_reader *reader; 4792 #ifdef HAVE_RTNETLINK 4793 int fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE); 4794 struct sockaddr_nl sa; 4795 #else 4796 int fd = socket(PF_ROUTE, SOCK_RAW, 0); 4797 #endif 4798 if (fd < 0) { 4799 msyslog(LOG_ERR, 4800 "unable to open routing socket (%m) - using polled interface update"); 4801 return; 4802 } 4803 4804 fd = move_fd(fd); 4805 #ifdef HAVE_RTNETLINK 4806 ZERO(sa); 4807 sa.nl_family = PF_NETLINK; 4808 sa.nl_groups = RTMGRP_LINK | RTMGRP_IPV4_IFADDR 4809 | RTMGRP_IPV6_IFADDR | RTMGRP_IPV4_ROUTE 4810 | RTMGRP_IPV4_MROUTE | RTMGRP_IPV6_ROUTE 4811 | RTMGRP_IPV6_MROUTE; 4812 if (bind(fd, (struct sockaddr *)&sa, sizeof(sa)) < 0) { 4813 msyslog(LOG_ERR, 4814 "bind failed on routing socket (%m) - using polled interface update"); 4815 return; 4816 } 4817 #endif 4818 make_socket_nonblocking(fd); 4819 #if defined(HAVE_SIGNALED_IO) 4820 init_socket_sig(fd); 4821 #endif /* HAVE_SIGNALED_IO */ 4822 4823 reader = new_asyncio_reader(); 4824 4825 reader->fd = fd; 4826 reader->receiver = process_routing_msgs; 4827 4828 add_asyncio_reader(reader, FD_TYPE_SOCKET); 4829 msyslog(LOG_INFO, 4830 "Listening on routing socket on fd #%d for interface updates", 4831 fd); 4832 } 4833 #else 4834 /* HAS_ROUTING_SOCKET not defined */ 4835 static void 4836 init_async_notifications(void) 4837 { 4838 } 4839 #endif 4840 4841