1 /* $NetBSD: ntp_peer.c,v 1.11 2017/04/13 20:17:42 christos Exp $ */ 2 3 /* 4 * ntp_peer.c - management of data maintained for peer associations 5 */ 6 #ifdef HAVE_CONFIG_H 7 #include <config.h> 8 #endif 9 10 #include <stdio.h> 11 #include <sys/types.h> 12 13 #include "ntpd.h" 14 #include "ntp_lists.h" 15 #include "ntp_stdlib.h" 16 #include "ntp_control.h" 17 #include <ntp_random.h> 18 19 /* 20 * Table of valid association combinations 21 * --------------------------------------- 22 * 23 * packet->mode 24 * peer->mode | UNSPEC ACTIVE PASSIVE CLIENT SERVER BCAST 25 * ---------- | --------------------------------------------- 26 * NO_PEER | e 1 0 1 1 1 27 * ACTIVE | e 1 1 0 0 0 28 * PASSIVE | e 1 e 0 0 0 29 * CLIENT | e 0 0 0 1 0 30 * SERVER | e 0 0 0 0 0 31 * BCAST | e 0 0 0 0 0 32 * BCLIENT | e 0 0 0 e 1 33 * 34 * One point to note here: a packet in BCAST mode can potentially match 35 * a peer in CLIENT mode, but we that is a special case and we check for 36 * that early in the decision process. This avoids having to keep track 37 * of what kind of associations are possible etc... We actually 38 * circumvent that problem by requiring that the first b(m)roadcast 39 * received after the change back to BCLIENT mode sets the clock. 40 */ 41 #define AM_MODES 7 /* number of rows and columns */ 42 #define NO_PEER 0 /* action when no peer is found */ 43 44 int AM[AM_MODES][AM_MODES] = { 45 /* packet->mode */ 46 /* peer { UNSPEC, ACTIVE, PASSIVE, CLIENT, SERVER, BCAST } */ 47 /* mode */ 48 /*NONE*/{ AM_ERR, AM_NEWPASS, AM_NOMATCH, AM_FXMIT, AM_MANYCAST, AM_NEWBCL}, 49 50 /*A*/ { AM_ERR, AM_PROCPKT, AM_PROCPKT, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH}, 51 52 /*P*/ { AM_ERR, AM_PROCPKT, AM_ERR, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH}, 53 54 /*C*/ { AM_ERR, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH, AM_PROCPKT, AM_NOMATCH}, 55 56 /*S*/ { AM_ERR, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH}, 57 58 /*BCST*/{ AM_ERR, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH}, 59 60 /*BCL*/ { AM_ERR, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH, AM_PROCPKT}, 61 }; 62 63 #define MATCH_ASSOC(x, y) AM[(x)][(y)] 64 65 /* 66 * These routines manage the allocation of memory to peer structures 67 * and the maintenance of three data structures involving all peers: 68 * 69 * - peer_list is a single list with all peers, suitable for scanning 70 * operations over all peers. 71 * - peer_adr_hash is an array of lists indexed by hashed peer address. 72 * - peer_aid_hash is an array of lists indexed by hashed associd. 73 * 74 * They also maintain a free list of peer structures, peer_free. 75 * 76 * The three main entry points are findpeer(), which looks for matching 77 * peer structures in the peer list, newpeer(), which allocates a new 78 * peer structure and adds it to the list, and unpeer(), which 79 * demobilizes the association and deallocates the structure. 80 */ 81 /* 82 * Peer hash tables 83 */ 84 struct peer *peer_hash[NTP_HASH_SIZE]; /* peer hash table */ 85 int peer_hash_count[NTP_HASH_SIZE]; /* peers in each bucket */ 86 struct peer *assoc_hash[NTP_HASH_SIZE]; /* association ID hash table */ 87 int assoc_hash_count[NTP_HASH_SIZE];/* peers in each bucket */ 88 struct peer *peer_list; /* peer structures list */ 89 static struct peer *peer_free; /* peer structures free list */ 90 int peer_free_count; /* count of free structures */ 91 92 /* 93 * Association ID. We initialize this value randomly, then assign a new 94 * value every time an association is mobilized. 95 */ 96 static associd_t current_association_ID; /* association ID */ 97 static associd_t initial_association_ID; /* association ID */ 98 99 /* 100 * Memory allocation watermarks. 101 */ 102 #define INIT_PEER_ALLOC 8 /* static preallocation */ 103 #define INC_PEER_ALLOC 4 /* add N more when empty */ 104 105 /* 106 * Miscellaneous statistic counters which may be queried. 107 */ 108 u_long peer_timereset; /* time stat counters zeroed */ 109 u_long findpeer_calls; /* calls to findpeer */ 110 u_long assocpeer_calls; /* calls to findpeerbyassoc */ 111 u_long peer_allocations; /* allocations from free list */ 112 u_long peer_demobilizations; /* structs freed to free list */ 113 int total_peer_structs; /* peer structs */ 114 int peer_associations; /* mobilized associations */ 115 int peer_preempt; /* preemptable associations */ 116 static struct peer init_peer_alloc[INIT_PEER_ALLOC]; /* init alloc */ 117 118 static struct peer * findexistingpeer_name(const char *, u_short, 119 struct peer *, int); 120 static struct peer * findexistingpeer_addr(sockaddr_u *, 121 struct peer *, int, 122 u_char); 123 static void free_peer(struct peer *, int); 124 static void getmorepeermem(void); 125 static int score(struct peer *); 126 127 128 /* 129 * init_peer - initialize peer data structures and counters 130 * 131 * N.B. We use the random number routine in here. It had better be 132 * initialized prior to getting here. 133 */ 134 void 135 init_peer(void) 136 { 137 int i; 138 139 /* 140 * Initialize peer free list from static allocation. 141 */ 142 for (i = COUNTOF(init_peer_alloc) - 1; i >= 0; i--) 143 LINK_SLIST(peer_free, &init_peer_alloc[i], p_link); 144 total_peer_structs = COUNTOF(init_peer_alloc); 145 peer_free_count = COUNTOF(init_peer_alloc); 146 147 /* 148 * Initialize our first association ID 149 */ 150 do 151 current_association_ID = ntp_random() & ASSOCID_MAX; 152 while (!current_association_ID); 153 initial_association_ID = current_association_ID; 154 } 155 156 157 /* 158 * getmorepeermem - add more peer structures to the free list 159 */ 160 static void 161 getmorepeermem(void) 162 { 163 int i; 164 struct peer *peers; 165 166 peers = eallocarray(INC_PEER_ALLOC, sizeof(*peers)); 167 168 for (i = INC_PEER_ALLOC - 1; i >= 0; i--) 169 LINK_SLIST(peer_free, &peers[i], p_link); 170 171 total_peer_structs += INC_PEER_ALLOC; 172 peer_free_count += INC_PEER_ALLOC; 173 } 174 175 176 static struct peer * 177 findexistingpeer_name( 178 const char * hostname, 179 u_short hname_fam, 180 struct peer * start_peer, 181 int mode 182 ) 183 { 184 struct peer *p; 185 186 if (NULL == start_peer) 187 p = peer_list; 188 else 189 p = start_peer->p_link; 190 for (; p != NULL; p = p->p_link) 191 if (p->hostname != NULL 192 && (-1 == mode || p->hmode == mode) 193 && (AF_UNSPEC == hname_fam 194 || AF_UNSPEC == AF(&p->srcadr) 195 || hname_fam == AF(&p->srcadr)) 196 && !strcasecmp(p->hostname, hostname)) 197 break; 198 return p; 199 } 200 201 202 static 203 struct peer * 204 findexistingpeer_addr( 205 sockaddr_u * addr, 206 struct peer * start_peer, 207 int mode, 208 u_char cast_flags 209 ) 210 { 211 struct peer *peer; 212 213 DPRINTF(2, ("findexistingpeer_addr(%s, %s, %d, 0x%x)\n", 214 sptoa(addr), 215 (start_peer) 216 ? sptoa(&start_peer->srcadr) 217 : "NULL", 218 mode, (u_int)cast_flags)); 219 220 /* 221 * start_peer is included so we can locate instances of the 222 * same peer through different interfaces in the hash table. 223 * Without MDF_BCLNT, a match requires the same mode and remote 224 * address. MDF_BCLNT associations start out as MODE_CLIENT 225 * if broadcastdelay is not specified, and switch to 226 * MODE_BCLIENT after estimating the one-way delay. Duplicate 227 * associations are expanded in definition to match any other 228 * MDF_BCLNT with the same srcadr (remote, unicast address). 229 */ 230 if (NULL == start_peer) 231 peer = peer_hash[NTP_HASH_ADDR(addr)]; 232 else 233 peer = start_peer->adr_link; 234 235 while (peer != NULL) { 236 DPRINTF(3, ("%s %s %d %d 0x%x 0x%x ", sptoa(addr), 237 sptoa(&peer->srcadr), mode, peer->hmode, 238 (u_int)cast_flags, (u_int)peer->cast_flags)); 239 if ((-1 == mode || peer->hmode == mode || 240 ((MDF_BCLNT & peer->cast_flags) && 241 (MDF_BCLNT & cast_flags))) && 242 ADDR_PORT_EQ(addr, &peer->srcadr)) { 243 DPRINTF(3, ("found.\n")); 244 break; 245 } 246 DPRINTF(3, ("\n")); 247 peer = peer->adr_link; 248 } 249 250 return peer; 251 } 252 253 254 /* 255 * findexistingpeer - search by address and return a pointer to a peer. 256 */ 257 struct peer * 258 findexistingpeer( 259 sockaddr_u * addr, 260 const char * hostname, 261 struct peer * start_peer, 262 int mode, 263 u_char cast_flags 264 ) 265 { 266 if (hostname != NULL) 267 return findexistingpeer_name(hostname, AF(addr), 268 start_peer, mode); 269 else 270 return findexistingpeer_addr(addr, start_peer, mode, 271 cast_flags); 272 } 273 274 275 /* 276 * findpeer - find and return a peer match for a received datagram in 277 * the peer_hash table. 278 * 279 * [Bug 3072] To faciliate a faster reorganisation after routing changes 280 * the original code re-assigned the peer address to be the destination 281 * of the received packet and initiated another round on a mismatch. 282 * Unfortunately this leaves us wide open for a DoS attack where the 283 * attacker directs a packet with forged destination address to us -- 284 * this results in a wrong interface assignment, actually creating a DoS 285 * situation. 286 * 287 * This condition would persist until the next update of the interface 288 * list, but a continued attack would put us out of business again soon 289 * enough. Authentication alone does not help here, since it does not 290 * protect the UDP layer and leaves us open for a replay attack. 291 * 292 * So we do not update the adresses and wait until the next interface 293 * list update does the right thing for us. 294 */ 295 struct peer * 296 findpeer( 297 struct recvbuf *rbufp, 298 int pkt_mode, 299 int * action 300 ) 301 { 302 struct peer * p; 303 sockaddr_u * srcadr; 304 u_int hash; 305 struct pkt * pkt; 306 l_fp pkt_org; 307 308 findpeer_calls++; 309 srcadr = &rbufp->recv_srcadr; 310 hash = NTP_HASH_ADDR(srcadr); 311 for (p = peer_hash[hash]; p != NULL; p = p->adr_link) { 312 313 /* [Bug 3072] ensure interface of peer matches */ 314 /* [Bug 3356] ... if NOT a broadcast peer! */ 315 if (p->hmode != MODE_BCLIENT && p->dstadr != rbufp->dstadr) 316 continue; 317 318 /* ensure peer source address matches */ 319 if ( ! ADDR_PORT_EQ(srcadr, &p->srcadr)) 320 continue; 321 322 /* If the association matching rules determine that this 323 * is not a valid combination, then look for the next 324 * valid peer association. 325 */ 326 *action = MATCH_ASSOC(p->hmode, pkt_mode); 327 328 /* A response to our manycastclient solicitation might 329 * be misassociated with an ephemeral peer already spun 330 * for the server. If the packet's org timestamp 331 * doesn't match the peer's, check if it matches the 332 * ACST prototype peer's. If so it is a redundant 333 * solicitation response, return AM_ERR to discard it. 334 * [Bug 1762] 335 */ 336 if (MODE_SERVER == pkt_mode && AM_PROCPKT == *action) { 337 pkt = &rbufp->recv_pkt; 338 NTOHL_FP(&pkt->org, &pkt_org); 339 if (!L_ISEQU(&p->aorg, &pkt_org) && 340 findmanycastpeer(rbufp)) 341 *action = AM_ERR; 342 } 343 344 /* if an error was returned, exit back right here. */ 345 if (*action == AM_ERR) 346 return NULL; 347 348 /* if a match is found, we stop our search. */ 349 if (*action != AM_NOMATCH) 350 break; 351 } 352 353 /* If no matching association is found... */ 354 if (NULL == p) 355 *action = MATCH_ASSOC(NO_PEER, pkt_mode); 356 357 return p; 358 } 359 360 /* 361 * findpeerbyassoc - find and return a peer using his association ID 362 */ 363 struct peer * 364 findpeerbyassoc( 365 associd_t assoc 366 ) 367 { 368 struct peer *p; 369 u_int hash; 370 371 assocpeer_calls++; 372 hash = assoc & NTP_HASH_MASK; 373 for (p = assoc_hash[hash]; p != NULL; p = p->aid_link) 374 if (assoc == p->associd) 375 break; 376 return p; 377 } 378 379 380 /* 381 * clear_all - flush all time values for all associations 382 */ 383 void 384 clear_all(void) 385 { 386 struct peer *p; 387 388 /* 389 * This routine is called when the clock is stepped, and so all 390 * previously saved time values are untrusted. 391 */ 392 for (p = peer_list; p != NULL; p = p->p_link) 393 if (!(MDF_TXONLY_MASK & p->cast_flags)) 394 peer_clear(p, "STEP"); 395 396 DPRINTF(1, ("clear_all: at %lu\n", current_time)); 397 } 398 399 400 /* 401 * score_all() - determine if an association can be demobilized 402 */ 403 int 404 score_all( 405 struct peer *peer /* peer structure pointer */ 406 ) 407 { 408 struct peer *speer; 409 int temp, tamp; 410 int x; 411 412 /* 413 * This routine finds the minimum score for all preemptible 414 * associations and returns > 0 if the association can be 415 * demobilized. 416 */ 417 tamp = score(peer); 418 temp = 100; 419 for (speer = peer_list; speer != NULL; speer = speer->p_link) 420 if (speer->flags & FLAG_PREEMPT) { 421 x = score(speer); 422 if (x < temp) 423 temp = x; 424 } 425 DPRINTF(1, ("score_all: at %lu score %d min %d\n", 426 current_time, tamp, temp)); 427 428 if (tamp != temp) 429 temp = 0; 430 431 return temp; 432 } 433 434 435 /* 436 * score() - calculate preemption score 437 */ 438 static int 439 score( 440 struct peer *peer /* peer structure pointer */ 441 ) 442 { 443 int temp; 444 445 /* 446 * This routine calculates the premption score from the peer 447 * error bits and status. Increasing values are more cherished. 448 */ 449 temp = 0; 450 if (!(peer->flash & TEST10)) 451 temp++; /* 1 good synch and stratum */ 452 if (!(peer->flash & TEST13)) 453 temp++; /* 2 reachable */ 454 if (!(peer->flash & TEST12)) 455 temp++; /* 3 no loop */ 456 if (!(peer->flash & TEST11)) 457 temp++; /* 4 good distance */ 458 if (peer->status >= CTL_PST_SEL_SELCAND) 459 temp++; /* 5 in the hunt */ 460 if (peer->status != CTL_PST_SEL_EXCESS) 461 temp++; /* 6 not spare tire */ 462 return (temp); /* selection status */ 463 } 464 465 466 /* 467 * free_peer - internal routine to free memory referred to by a struct 468 * peer and return it to the peer free list. If unlink is 469 * nonzero, unlink from the various lists. 470 */ 471 static void 472 free_peer( 473 struct peer * p, 474 int unlink_peer 475 ) 476 { 477 struct peer * unlinked; 478 int hash; 479 480 if (unlink_peer) { 481 hash = NTP_HASH_ADDR(&p->srcadr); 482 peer_hash_count[hash]--; 483 484 UNLINK_SLIST(unlinked, peer_hash[hash], p, adr_link, 485 struct peer); 486 if (NULL == unlinked) { 487 peer_hash_count[hash]++; 488 msyslog(LOG_ERR, "peer %s not in address table!", 489 stoa(&p->srcadr)); 490 } 491 492 /* 493 * Remove him from the association hash as well. 494 */ 495 hash = p->associd & NTP_HASH_MASK; 496 assoc_hash_count[hash]--; 497 498 UNLINK_SLIST(unlinked, assoc_hash[hash], p, aid_link, 499 struct peer); 500 if (NULL == unlinked) { 501 assoc_hash_count[hash]++; 502 msyslog(LOG_ERR, 503 "peer %s not in association ID table!", 504 stoa(&p->srcadr)); 505 } 506 507 /* Remove him from the overall list. */ 508 UNLINK_SLIST(unlinked, peer_list, p, p_link, 509 struct peer); 510 if (NULL == unlinked) 511 msyslog(LOG_ERR, "%s not in peer list!", 512 stoa(&p->srcadr)); 513 } 514 515 if (p->hostname != NULL) 516 free(p->hostname); 517 518 if (p->ident != NULL) 519 free(p->ident); 520 521 if (p->addrs != NULL) 522 free(p->addrs); /* from copy_addrinfo_list() */ 523 524 /* Add his corporeal form to peer free list */ 525 ZERO(*p); 526 LINK_SLIST(peer_free, p, p_link); 527 peer_free_count++; 528 } 529 530 531 /* 532 * unpeer - remove peer structure from hash table and free structure 533 */ 534 void 535 unpeer( 536 struct peer *peer 537 ) 538 { 539 mprintf_event(PEVNT_DEMOBIL, peer, "assoc %u", peer->associd); 540 restrict_source(&peer->srcadr, 1, 0); 541 set_peerdstadr(peer, NULL); 542 peer_demobilizations++; 543 peer_associations--; 544 if (FLAG_PREEMPT & peer->flags) 545 peer_preempt--; 546 #ifdef REFCLOCK 547 /* 548 * If this peer is actually a clock, shut it down first 549 */ 550 if (FLAG_REFCLOCK & peer->flags) 551 refclock_unpeer(peer); 552 #endif 553 554 free_peer(peer, TRUE); 555 } 556 557 558 /* 559 * peer_config - configure a new association 560 */ 561 struct peer * 562 peer_config( 563 sockaddr_u * srcadr, 564 const char * hostname, 565 endpt * dstadr, 566 u_char hmode, 567 u_char version, 568 u_char minpoll, 569 u_char maxpoll, 570 u_int flags, 571 u_int32 ttl, 572 keyid_t key, 573 const char * ident /* autokey group */ 574 ) 575 { 576 u_char cast_flags; 577 578 /* 579 * We do a dirty little jig to figure the cast flags. This is 580 * probably not the best place to do this, at least until the 581 * configure code is rebuilt. Note only one flag can be set. 582 */ 583 switch (hmode) { 584 case MODE_BROADCAST: 585 if (IS_MCAST(srcadr)) 586 cast_flags = MDF_MCAST; 587 else 588 cast_flags = MDF_BCAST; 589 break; 590 591 case MODE_CLIENT: 592 if (hostname != NULL && SOCK_UNSPEC(srcadr)) 593 cast_flags = MDF_POOL; 594 else if (IS_MCAST(srcadr)) 595 cast_flags = MDF_ACAST; 596 else 597 cast_flags = MDF_UCAST; 598 break; 599 600 default: 601 cast_flags = MDF_UCAST; 602 } 603 604 /* 605 * Mobilize the association and initialize its variables. If 606 * emulating ntpdate, force iburst. For pool and manycastclient 607 * strip FLAG_PREEMPT as the prototype associations are not 608 * themselves preemptible, though the resulting associations 609 * are. 610 */ 611 flags |= FLAG_CONFIG; 612 if (mode_ntpdate) 613 flags |= FLAG_IBURST; 614 if ((MDF_ACAST | MDF_POOL) & cast_flags) 615 flags &= ~FLAG_PREEMPT; 616 return newpeer(srcadr, hostname, dstadr, hmode, version, 617 minpoll, maxpoll, flags, cast_flags, ttl, key, ident); 618 } 619 620 /* 621 * setup peer dstadr field keeping it in sync with the interface 622 * structures 623 */ 624 void 625 set_peerdstadr( 626 struct peer * p, 627 endpt * dstadr 628 ) 629 { 630 struct peer * unlinked; 631 632 DEBUG_INSIST(p != NULL); 633 634 if (p == NULL) 635 return; 636 637 /* check for impossible or identical assignment */ 638 if (p->dstadr == dstadr) 639 return; 640 641 /* 642 * Don't accept updates to a separate multicast receive-only 643 * endpt while a BCLNT peer is running its unicast protocol. 644 */ 645 if (dstadr != NULL && (FLAG_BC_VOL & p->flags) && 646 (INT_MCASTIF & dstadr->flags) && MODE_CLIENT == p->hmode) { 647 return; 648 } 649 650 /* unlink from list if we have an address prior to assignment */ 651 if (p->dstadr != NULL) { 652 p->dstadr->peercnt--; 653 UNLINK_SLIST(unlinked, p->dstadr->peers, p, ilink, 654 struct peer); 655 msyslog(LOG_INFO, "%s local addr %s -> %s", 656 stoa(&p->srcadr), latoa(p->dstadr), 657 latoa(dstadr)); 658 } 659 660 p->dstadr = dstadr; 661 662 /* link to list if we have an address after assignment */ 663 if (p->dstadr != NULL) { 664 LINK_SLIST(dstadr->peers, p, ilink); 665 dstadr->peercnt++; 666 } 667 } 668 669 /* 670 * attempt to re-rebind interface if necessary 671 */ 672 static void 673 peer_refresh_interface( 674 struct peer *p 675 ) 676 { 677 endpt * niface; 678 endpt * piface; 679 680 niface = select_peerinterface(p, &p->srcadr, NULL); 681 682 DPRINTF(4, ( 683 "peer_refresh_interface: %s->%s mode %d vers %d poll %d %d flags 0x%x 0x%x ttl %u key %08x: new interface: ", 684 p->dstadr == NULL ? "<null>" : 685 stoa(&p->dstadr->sin), stoa(&p->srcadr), p->hmode, 686 p->version, p->minpoll, p->maxpoll, p->flags, p->cast_flags, 687 p->ttl, p->keyid)); 688 if (niface != NULL) { 689 DPRINTF(4, ( 690 "fd=%d, bfd=%d, name=%.16s, flags=0x%x, ifindex=%u, sin=%s", 691 niface->fd, niface->bfd, niface->name, 692 niface->flags, niface->ifindex, 693 stoa(&niface->sin))); 694 if (niface->flags & INT_BROADCAST) 695 DPRINTF(4, (", bcast=%s", 696 stoa(&niface->bcast))); 697 DPRINTF(4, (", mask=%s\n", stoa(&niface->mask))); 698 } else { 699 DPRINTF(4, ("<NONE>\n")); 700 } 701 702 piface = p->dstadr; 703 set_peerdstadr(p, niface); 704 if (p->dstadr != NULL) { 705 /* 706 * clear crypto if we change the local address 707 */ 708 if (p->dstadr != piface && !(MDF_ACAST & p->cast_flags) 709 && MODE_BROADCAST != p->pmode) 710 peer_clear(p, "XFAC"); 711 712 /* 713 * Broadcast needs the socket enabled for broadcast 714 */ 715 if (MDF_BCAST & p->cast_flags) 716 enable_broadcast(p->dstadr, &p->srcadr); 717 718 /* 719 * Multicast needs the socket interface enabled for 720 * multicast 721 */ 722 if (MDF_MCAST & p->cast_flags) 723 enable_multicast_if(p->dstadr, &p->srcadr); 724 } 725 } 726 727 728 /* 729 * refresh_all_peerinterfaces - see that all interface bindings are up 730 * to date 731 */ 732 void 733 refresh_all_peerinterfaces(void) 734 { 735 struct peer *p; 736 737 /* 738 * this is called when the interface list has changed 739 * give all peers a chance to find a better interface 740 * but only if either they don't have an address already 741 * or if the one they have hasn't worked for a while. 742 */ 743 for (p = peer_list; p != NULL; p = p->p_link) { 744 if (!(p->dstadr && (p->reach & 0x3))) // Bug 2849 XOR 2043 745 peer_refresh_interface(p); 746 } 747 } 748 749 750 /* 751 * newpeer - initialize a new peer association 752 */ 753 struct peer * 754 newpeer( 755 sockaddr_u * srcadr, 756 const char * hostname, 757 endpt * dstadr, 758 u_char hmode, 759 u_char version, 760 u_char minpoll, 761 u_char maxpoll, 762 u_int flags, 763 u_char cast_flags, 764 u_int32 ttl, 765 keyid_t key, 766 const char * ident 767 ) 768 { 769 struct peer * peer; 770 u_int hash; 771 772 DEBUG_REQUIRE(srcadr); 773 774 #ifdef AUTOKEY 775 /* 776 * If Autokey is requested but not configured, complain loudly. 777 */ 778 if (!crypto_flags) { 779 if (key > NTP_MAXKEY) { 780 return (NULL); 781 782 } else if (flags & FLAG_SKEY) { 783 msyslog(LOG_ERR, "Autokey not configured"); 784 return (NULL); 785 } 786 } 787 #endif /* AUTOKEY */ 788 789 /* 790 * For now only pool associations have a hostname. 791 */ 792 INSIST(NULL == hostname || (MDF_POOL & cast_flags)); 793 794 /* 795 * First search from the beginning for an association with given 796 * remote address and mode. If an interface is given, search 797 * from there to find the association which matches that 798 * destination. If the given interface is "any", track down the 799 * actual interface, because that's what gets put into the peer 800 * structure. 801 */ 802 if (dstadr != NULL) { 803 peer = findexistingpeer(srcadr, hostname, NULL, hmode, 804 cast_flags); 805 while (peer != NULL) { 806 if (peer->dstadr == dstadr || 807 ((MDF_BCLNT & cast_flags) && 808 (MDF_BCLNT & peer->cast_flags))) 809 break; 810 811 if (dstadr == ANY_INTERFACE_CHOOSE(srcadr) && 812 peer->dstadr == findinterface(srcadr)) 813 break; 814 815 peer = findexistingpeer(srcadr, hostname, peer, 816 hmode, cast_flags); 817 } 818 } else { 819 /* no endpt address given */ 820 peer = findexistingpeer(srcadr, hostname, NULL, hmode, 821 cast_flags); 822 } 823 824 /* 825 * If a peer is found, this would be a duplicate and we don't 826 * allow that. This avoids duplicate ephemeral (broadcast/ 827 * multicast) and preemptible (manycast and pool) client 828 * associations. 829 */ 830 if (peer != NULL) { 831 DPRINTF(2, ("newpeer(%s) found existing association\n", 832 (hostname) 833 ? hostname 834 : stoa(srcadr))); 835 return NULL; 836 } 837 838 /* 839 * Allocate a new peer structure. Some dirt here, since some of 840 * the initialization requires knowlege of our system state. 841 */ 842 if (peer_free_count == 0) 843 getmorepeermem(); 844 UNLINK_HEAD_SLIST(peer, peer_free, p_link); 845 INSIST(peer != NULL); 846 peer_free_count--; 847 peer_associations++; 848 if (FLAG_PREEMPT & flags) 849 peer_preempt++; 850 851 /* 852 * Assign an association ID and increment the system variable. 853 */ 854 peer->associd = current_association_ID; 855 if (++current_association_ID == 0) 856 ++current_association_ID; 857 858 peer->srcadr = *srcadr; 859 if (hostname != NULL) 860 peer->hostname = estrdup(hostname); 861 peer->hmode = hmode; 862 peer->version = version; 863 peer->flags = flags; 864 peer->cast_flags = cast_flags; 865 set_peerdstadr(peer, 866 select_peerinterface(peer, srcadr, dstadr)); 867 868 /* 869 * It is an error to set minpoll less than NTP_MINPOLL or to 870 * set maxpoll greater than NTP_MAXPOLL. However, minpoll is 871 * clamped not greater than NTP_MAXPOLL and maxpoll is clamped 872 * not less than NTP_MINPOLL without complaint. Finally, 873 * minpoll is clamped not greater than maxpoll. 874 */ 875 if (minpoll == 0) 876 peer->minpoll = NTP_MINDPOLL; 877 else 878 peer->minpoll = min(minpoll, NTP_MAXPOLL); 879 if (maxpoll == 0) 880 peer->maxpoll = NTP_MAXDPOLL; 881 else 882 peer->maxpoll = max(maxpoll, NTP_MINPOLL); 883 if (peer->minpoll > peer->maxpoll) 884 peer->minpoll = peer->maxpoll; 885 886 if (peer->dstadr != NULL) 887 DPRINTF(3, ("newpeer(%s): using fd %d and our addr %s\n", 888 stoa(srcadr), peer->dstadr->fd, 889 stoa(&peer->dstadr->sin))); 890 else 891 DPRINTF(3, ("newpeer(%s): local interface currently not bound\n", 892 stoa(srcadr))); 893 894 /* 895 * Broadcast needs the socket enabled for broadcast 896 */ 897 if ((MDF_BCAST & cast_flags) && peer->dstadr != NULL) 898 enable_broadcast(peer->dstadr, srcadr); 899 900 /* 901 * Multicast needs the socket interface enabled for multicast 902 */ 903 if ((MDF_MCAST & cast_flags) && peer->dstadr != NULL) 904 enable_multicast_if(peer->dstadr, srcadr); 905 906 #ifdef AUTOKEY 907 if (key > NTP_MAXKEY) 908 peer->flags |= FLAG_SKEY; 909 #endif /* AUTOKEY */ 910 peer->ttl = ttl; 911 peer->keyid = key; 912 if (ident != NULL) 913 peer->ident = estrdup(ident); 914 peer->precision = sys_precision; 915 peer->hpoll = peer->minpoll; 916 if (cast_flags & MDF_ACAST) 917 peer_clear(peer, "ACST"); 918 else if (cast_flags & MDF_POOL) 919 peer_clear(peer, "POOL"); 920 else if (cast_flags & MDF_MCAST) 921 peer_clear(peer, "MCST"); 922 else if (cast_flags & MDF_BCAST) 923 peer_clear(peer, "BCST"); 924 else 925 peer_clear(peer, "INIT"); 926 if (mode_ntpdate) 927 peer_ntpdate++; 928 929 /* 930 * Note time on statistics timers. 931 */ 932 peer->timereset = current_time; 933 peer->timereachable = current_time; 934 peer->timereceived = current_time; 935 936 if (ISREFCLOCKADR(&peer->srcadr)) { 937 #ifdef REFCLOCK 938 /* 939 * We let the reference clock support do clock 940 * dependent initialization. This includes setting 941 * the peer timer, since the clock may have requirements 942 * for this. 943 */ 944 if (maxpoll == 0) 945 peer->maxpoll = peer->minpoll; 946 if (!refclock_newpeer(peer)) { 947 /* 948 * Dump it, something screwed up 949 */ 950 set_peerdstadr(peer, NULL); 951 free_peer(peer, 0); 952 return NULL; 953 } 954 #else /* REFCLOCK */ 955 msyslog(LOG_ERR, "refclock %s isn't supported. ntpd was compiled without refclock support.", 956 stoa(&peer->srcadr)); 957 set_peerdstadr(peer, NULL); 958 free_peer(peer, 0); 959 return NULL; 960 #endif /* REFCLOCK */ 961 } 962 963 /* 964 * Put the new peer in the hash tables. 965 */ 966 hash = NTP_HASH_ADDR(&peer->srcadr); 967 LINK_SLIST(peer_hash[hash], peer, adr_link); 968 peer_hash_count[hash]++; 969 hash = peer->associd & NTP_HASH_MASK; 970 LINK_SLIST(assoc_hash[hash], peer, aid_link); 971 assoc_hash_count[hash]++; 972 LINK_SLIST(peer_list, peer, p_link); 973 974 restrict_source(&peer->srcadr, 0, 0); 975 mprintf_event(PEVNT_MOBIL, peer, "assoc %d", peer->associd); 976 DPRINTF(1, ("newpeer: %s->%s mode %u vers %u poll %u %u flags 0x%x 0x%x ttl %u key %08x\n", 977 latoa(peer->dstadr), stoa(&peer->srcadr), peer->hmode, 978 peer->version, peer->minpoll, peer->maxpoll, peer->flags, 979 peer->cast_flags, peer->ttl, peer->keyid)); 980 return peer; 981 } 982 983 984 /* 985 * peer_clr_stats - clear peer module statistics counters 986 */ 987 void 988 peer_clr_stats(void) 989 { 990 findpeer_calls = 0; 991 assocpeer_calls = 0; 992 peer_allocations = 0; 993 peer_demobilizations = 0; 994 peer_timereset = current_time; 995 } 996 997 998 /* 999 * peer_reset - reset statistics counters 1000 */ 1001 void 1002 peer_reset( 1003 struct peer *peer 1004 ) 1005 { 1006 if (peer == NULL) 1007 return; 1008 1009 peer->timereset = current_time; 1010 peer->sent = 0; 1011 peer->received = 0; 1012 peer->processed = 0; 1013 peer->badauth = 0; 1014 peer->bogusorg = 0; 1015 peer->oldpkt = 0; 1016 peer->seldisptoolarge = 0; 1017 peer->selbroken = 0; 1018 } 1019 1020 1021 /* 1022 * peer_all_reset - reset all peer statistics counters 1023 */ 1024 void 1025 peer_all_reset(void) 1026 { 1027 struct peer *peer; 1028 1029 for (peer = peer_list; peer != NULL; peer = peer->p_link) 1030 peer_reset(peer); 1031 } 1032 1033 1034 /* 1035 * findmanycastpeer - find and return a manycastclient or pool 1036 * association matching a received response. 1037 */ 1038 struct peer * 1039 findmanycastpeer( 1040 struct recvbuf *rbufp /* receive buffer pointer */ 1041 ) 1042 { 1043 struct peer *peer; 1044 struct pkt *pkt; 1045 l_fp p_org; 1046 1047 /* 1048 * This routine is called upon arrival of a server-mode response 1049 * to a manycastclient multicast solicitation, or to a pool 1050 * server unicast solicitation. Search the peer list for a 1051 * manycastclient association where the last transmit timestamp 1052 * matches the response packet's originate timestamp. There can 1053 * be multiple manycastclient associations, or multiple pool 1054 * solicitation assocations, so this assumes the transmit 1055 * timestamps are unique for such. 1056 */ 1057 pkt = &rbufp->recv_pkt; 1058 for (peer = peer_list; peer != NULL; peer = peer->p_link) 1059 if (MDF_SOLICIT_MASK & peer->cast_flags) { 1060 NTOHL_FP(&pkt->org, &p_org); 1061 if (L_ISEQU(&p_org, &peer->aorg)) 1062 break; 1063 } 1064 1065 return peer; 1066 } 1067 1068 /* peer_cleanup - clean peer list prior to shutdown */ 1069 void peer_cleanup(void) 1070 { 1071 struct peer *peer; 1072 associd_t assoc; 1073 1074 for (assoc = initial_association_ID; assoc != current_association_ID; assoc++) { 1075 if (assoc != 0U) { 1076 peer = findpeerbyassoc(assoc); 1077 if (peer != NULL) 1078 unpeer(peer); 1079 } 1080 } 1081 peer = findpeerbyassoc(current_association_ID); 1082 if (peer != NULL) 1083 unpeer(peer); 1084 } 1085