int
process_pkt (
struct pkt *rpkt,
sockaddr_u *sas,
int pkt_len,
int mode,
struct pkt *spkt,
const char * func_name
)
{
unsigned int key_id = 0;
struct key *pkt_key = NULL;
int is_authentic = 0;
unsigned int exten_words, exten_words_used = 0;
int mac_size;
/*
* Parse the extension field if present. We figure out whether
* an extension field is present by measuring the MAC size. If
* the number of words following the packet header is 0, no MAC
* is present and the packet is not authenticated. If 1, the
* packet is a crypto-NAK; if 3, the packet is authenticated
* with DES; if 5, the packet is authenticated with MD5; if 6,
* the packet is authenticated with SHA. If 2 or 4, the packet
* is a runt and discarded forthwith. If greater than 6, an
* extension field is present, so we subtract the length of the
* field and go around again.
*/
if (pkt_len < (int)LEN_PKT_NOMAC || (pkt_len & 3) != 0) {
unusable:
if (ENABLED_OPT(NORMALVERBOSE))
printf("sntp %s: Funny packet length: %i. Discarding package.\n", func_name, pkt_len);
return PACKET_UNUSEABLE;
}
/* skip past the extensions, if any */
exten_words = ((unsigned)pkt_len - LEN_PKT_NOMAC) >> 2;
while (exten_words > 6) {
unsigned int exten_len;
exten_len = ntohl(rpkt->exten[exten_words_used]) & 0xffff;
exten_len = (exten_len + 7) >> 2; /* convert to words, add 1 */
if (exten_len > exten_words || exten_len < 5)
goto unusable;
exten_words -= exten_len;
exten_words_used += exten_len;
}
switch (exten_words) {
case 1:
key_id = ntohl(rpkt->exten[exten_words_used]);
printf("Crypto NAK = 0x%08x\n", key_id);
break;
case 5:
case 6:
/* Look for the key used by the server in the specified keyfile
* and if existent, fetch it or else leave the pointer untouched */
key_id = ntohl(rpkt->exten[exten_words_used]);
get_key(key_id, &pkt_key);
if (!pkt_key) {
printf("unrecognized key ID = 0x%08x\n", key_id);
break;
}
/* Seems like we've got a key with matching keyid */
/* Generate a md5sum of the packet with the key from our keyfile
* and compare those md5sums */
mac_size = exten_words << 2;
if (!auth_md5((char *)rpkt, pkt_len - mac_size, mac_size - 4, pkt_key)) {
break;
}
/* Yay! Things worked out! */
if (ENABLED_OPT(NORMALVERBOSE)) {
char *hostname = ss_to_str(sas);
printf("sntp %s: packet received from %s successfully authenticated using key id %i.\n",
func_name, hostname, key_id);
free(hostname);
}
is_authentic = 1;
break;
case 0:
break;
default:
goto unusable;
break;
}
if (!is_authentic) {
if (ENABLED_OPT(AUTHENTICATION)) {
/* We want a authenticated packet */
if (ENABLED_OPT(NORMALVERBOSE)) {
char *hostname = ss_to_str(sas);
printf("sntp %s: packet received from %s is not authentic. Will discard it.\n",
func_name, hostname);
free(hostname);
}
return SERVER_AUTH_FAIL;
}
/* We don't know if the user wanted authentication so let's
* use it anyways */
if (ENABLED_OPT(NORMALVERBOSE)) {
char *hostname = ss_to_str(sas);
printf("sntp %s: packet received from %s is not authentic. Authentication not enforced.\n",
func_name, hostname);
free(hostname);
}
}
/* Check for server's ntp version */
if (PKT_VERSION(rpkt->li_vn_mode) < NTP_OLDVERSION ||
PKT_VERSION(rpkt->li_vn_mode) > NTP_VERSION) {
if (ENABLED_OPT(NORMALVERBOSE))
printf("sntp %s: Packet shows wrong version (%i)\n",
func_name, PKT_VERSION(rpkt->li_vn_mode));
return SERVER_UNUSEABLE;
}
/* We want a server to sync with */
if (PKT_MODE(rpkt->li_vn_mode) != mode &&
PKT_MODE(rpkt->li_vn_mode) != MODE_PASSIVE) {
if (ENABLED_OPT(NORMALVERBOSE))
printf("sntp %s: mode %d stratum %i\n", func_name,
PKT_MODE(rpkt->li_vn_mode), rpkt->stratum);
return SERVER_UNUSEABLE;
}
/* Stratum is unspecified (0) check what's going on */
if (STRATUM_PKT_UNSPEC == rpkt->stratum) {
char *ref_char;
if (ENABLED_OPT(NORMALVERBOSE))
printf("sntp %s: Stratum unspecified, going to check for KOD (stratum: %i)\n",
func_name, rpkt->stratum);
ref_char = (char *) &rpkt->refid;
if (ENABLED_OPT(NORMALVERBOSE))
printf("sntp %s: Packet refid: %c%c%c%c\n", func_name,
ref_char[0], ref_char[1], ref_char[2], ref_char[3]);
/* If it's a KOD packet we'll just use the KOD information */
if (ref_char[0] != 'X') {
if (strncmp(ref_char, "DENY", 4) == 0)
return KOD_DEMOBILIZE;
if (strncmp(ref_char, "RSTR", 4) == 0)
return KOD_DEMOBILIZE;
if (strncmp(ref_char, "RATE", 4) == 0)
return KOD_RATE;
/* There are other interesting kiss codes which might be interesting for authentication */
}
}
/* If the server is not synced it's not really useable for us */
if (LEAP_NOTINSYNC == PKT_LEAP(rpkt->li_vn_mode)) {
if (ENABLED_OPT(NORMALVERBOSE))
printf("sntp %s: Server not in sync, skipping this server\n", func_name);
return SERVER_UNUSEABLE;
}
/*
* Decode the org timestamp and make sure we're getting a response
* to our last request, but only if we're not in broadcast mode.
*/
#ifdef DEBUG
printf("rpkt->org:\n");
l_fp_output(&rpkt->org, stdout);
printf("spkt->xmt:\n");
l_fp_output(&spkt->xmt, stdout);
#endif
if (mode != MODE_BROADCAST && !L_ISEQU(&rpkt->org, &spkt->xmt)) {
if (ENABLED_OPT(NORMALVERBOSE))
printf("sntp process_pkt: pkt.org and peer.xmt differ\n");
return PACKET_UNUSEABLE;
}
return pkt_len;
}
void
offset_calculation(
struct pkt *rpkt,
int rpktl,
struct timeval *tv_dst,
double *offset,
double *precision,
double *synch_distance
)
{
l_fp p_rec, p_xmt, p_ref, p_org, tmp, dst;
u_fp p_rdly, p_rdsp;
double t21, t34, delta;
/* Convert timestamps from network to host byte order */
p_rdly = NTOHS_FP(rpkt->rootdelay);
p_rdsp = NTOHS_FP(rpkt->rootdisp);
NTOHL_FP(&rpkt->reftime, &p_ref);
NTOHL_FP(&rpkt->org, &p_org);
NTOHL_FP(&rpkt->rec, &p_rec);
NTOHL_FP(&rpkt->xmt, &p_xmt);
*precision = LOGTOD(rpkt->precision);
TRACE(3, ("offset_calculation: LOGTOD(rpkt->precision): %f\n", *precision));
/* Compute offset etc. */
tmp = p_rec;
L_SUB(&tmp, &p_org);
LFPTOD(&tmp, t21);
TVTOTS(tv_dst, &dst);
dst.l_ui += JAN_1970;
tmp = p_xmt;
L_SUB(&tmp, &dst);
LFPTOD(&tmp, t34);
*offset = (t21 + t34) / 2.;
delta = t21 - t34;
// synch_distance is:
// (peer->delay + peer->rootdelay) / 2 + peer->disp
// + peer->rootdisp + clock_phi * (current_time - peer->update)
// + peer->jitter;
//
// and peer->delay = fabs(peer->offset - p_offset) * 2;
// and peer->offset needs history, so we're left with
// p_offset = (t21 + t34) / 2.;
// peer->disp = 0; (we have no history to augment this)
// clock_phi = 15e-6;
// peer->jitter = LOGTOD(sys_precision); (we have no history to augment this)
// and ntp_proto.c:set_sys_tick_precision() should get us sys_precision.
//
// so our answer seems to be:
//
// (fabs(t21 + t34) + peer->rootdelay) / 3.
// + 0 (peer->disp)
// + peer->rootdisp
// + 15e-6 (clock_phi)
// + LOGTOD(sys_precision)
INSIST( FPTOD(p_rdly) >= 0. );
#if 1
*synch_distance = (fabs(t21 + t34) + FPTOD(p_rdly)) / 3.
+ 0.
+ FPTOD(p_rdsp)
+ 15e-6
+ 0. /* LOGTOD(sys_precision) when we can get it */
;
INSIST( *synch_distance >= 0. );
#else
*synch_distance = (FPTOD(p_rdly) + FPTOD(p_rdsp))/2.0;
#endif
#ifdef DEBUG
if (debug > 3) {
printf("sntp rootdelay: %f\n", FPTOD(p_rdly));
printf("sntp rootdisp: %f\n", FPTOD(p_rdsp));
printf("sntp syncdist: %f\n", *synch_distance);
pkt_output(rpkt, rpktl, stdout);
printf("sntp offset_calculation: rpkt->reftime:\n");
l_fp_output(&p_ref, stdout);
printf("sntp offset_calculation: rpkt->org:\n");
l_fp_output(&p_org, stdout);
printf("sntp offset_calculation: rpkt->rec:\n");
l_fp_output(&p_rec, stdout);
printf("sntp offset_calculation: rpkt->xmt:\n");
l_fp_output(&p_xmt, stdout);
}
#endif
TRACE(3, ("sntp offset_calculation:\trec - org t21: %.6f\n"
"\txmt - dst t34: %.6f\tdelta: %.6f\toffset: %.6f\n",
t21, t34, delta, *offset));
return;
}
void
offset_calculation (
struct pkt *rpkt,
int rpktl,
struct timeval *tv_dst,
double *offset,
double *precision,
double *root_dispersion
)
{
l_fp p_rec, p_xmt, p_ref, p_org, tmp, dst;
u_fp p_rdly, p_rdsp;
double t21, t34, delta;
/* Convert timestamps from network to host byte order */
p_rdly = NTOHS_FP(rpkt->rootdelay);
p_rdsp = NTOHS_FP(rpkt->rootdisp);
NTOHL_FP(&rpkt->reftime, &p_ref);
NTOHL_FP(&rpkt->org, &p_org);
NTOHL_FP(&rpkt->rec, &p_rec);
NTOHL_FP(&rpkt->xmt, &p_xmt);
*precision = LOGTOD(rpkt->precision);
#ifdef DEBUG
printf("sntp precision: %f\n", *precision);
#endif /* DEBUG */
*root_dispersion = FPTOD(p_rdsp);
#ifdef DEBUG
printf("sntp rootdelay: %f\n", FPTOD(p_rdly));
printf("sntp rootdisp: %f\n", *root_dispersion);
pkt_output(rpkt, rpktl, stdout);
printf("sntp offset_calculation: rpkt->reftime:\n");
l_fp_output(&(rpkt->reftime), stdout);
printf("sntp offset_calculation: rpkt->org:\n");
l_fp_output(&(rpkt->org), stdout);
printf("sntp offset_calculation: rpkt->rec:\n");
l_fp_output(&(rpkt->rec), stdout);
printf("sntp offset_calculation: rpkt->rec:\n");
l_fp_output_bin(&(rpkt->rec), stdout);
printf("sntp offset_calculation: rpkt->rec:\n");
l_fp_output_dec(&(rpkt->rec), stdout);
printf("sntp offset_calculation: rpkt->xmt:\n");
l_fp_output(&(rpkt->xmt), stdout);
#endif
/* Compute offset etc. */
tmp = p_rec;
L_SUB(&tmp, &p_org);
LFPTOD(&tmp, t21);
TVTOTS(tv_dst, &dst);
dst.l_ui += JAN_1970;
tmp = p_xmt;
L_SUB(&tmp, &dst);
LFPTOD(&tmp, t34);
*offset = (t21 + t34) / 2.;
delta = t21 - t34;
if (ENABLED_OPT(NORMALVERBOSE))
printf("sntp offset_calculation:\tt21: %.6f\t\t t34: %.6f\n\t\tdelta: %.6f\t offset: %.6f\n",
t21, t34, delta, *offset);
}
/* Fetch data, check if it's data for us and whether it's useable or not. If not, return
* a failure code so we can delete this server from our list and continue with another one.
*/
int
recvpkt (
SOCKET rsock,
struct pkt *rpkt,
struct pkt *spkt
)
{
sockaddr_u sender;
char *rdata /* , done */;
register int a;
int has_mac, is_authentic, pkt_len, orig_pkt_len;
/* Much space, just to be sure */
rdata = emalloc(sizeof(char) * 256);
pkt_len = recvdata(rsock, &sender, rdata, 256);
#if 0 /* done uninitialized */
if (!done) {
/* Do something about it, first check for a maximum length of ntp packets,
* probably that's something we can avoid
*/
}
#endif
if (pkt_len < 0) {
if (ENABLED_OPT(NORMALVERBOSE)) {
printf("sntp recvpkt failed: %d.\n", pkt_len);
}
free(rdata);
return pkt_len;
}
/* Some checks to see if that packet is intended for us */
/* No MAC, no authentication */
if (LEN_PKT_NOMAC == pkt_len)
has_mac = 0;
/* If there's more than just the NTP packet it should be a MAC */
else if (pkt_len > LEN_PKT_NOMAC)
has_mac = pkt_len - LEN_PKT_NOMAC;
else {
if (ENABLED_OPT(NORMALVERBOSE))
printf("sntp recvpkt: Funny packet length: %i. Discarding package.\n", pkt_len);
free(rdata);
return PACKET_UNUSEABLE;
}
/* Packet too big */
if (pkt_len > LEN_PKT_MAC) {
if (ENABLED_OPT(NORMALVERBOSE))
printf("sntp recvpkt: Received packet is too big (%i bytes), trying again to get a useable packet\n",
pkt_len);
free(rdata);
return PACKET_UNUSEABLE;
}
orig_pkt_len = pkt_len;
pkt_len = min(pkt_len, sizeof(struct pkt));
for (a = 0; a < pkt_len; a++)
/* FIXME! */
if (a < orig_pkt_len)
((char *) rpkt)[a] = rdata[a];
else
((char *) rpkt)[a] = 0;
free(rdata);
rdata = NULL;
/* MAC could be useable for us */
if (has_mac) {
/* Two more things that the MAC must conform to */
if(has_mac > MAX_MAC_LEN || has_mac % 4 != 0) {
is_authentic = 0; /* Or should we discard this packet? */
}
else {
if (MAX_MAC_LEN == has_mac) {
struct key *pkt_key = NULL;
/*
* Look for the key used by the server in the specified keyfile
* and if existent, fetch it or else leave the pointer untouched
*/
get_key(rpkt->mac[0], &pkt_key);
/* Seems like we've got a key with matching keyid */
if (pkt_key != NULL) {
/*
* Generate a md5sum of the packet with the key from our keyfile
* and compare those md5sums
*/
if (!auth_md5((char *) rpkt, has_mac, pkt_key)) {
if (ENABLED_OPT(AUTHENTICATION)) {
/* We want a authenticated packet */
if (ENABLED_OPT(NORMALVERBOSE)) {
char *hostname = ss_to_str(&sender);
printf("sntp recvpkt: Broadcast packet received from %s is not authentic. Will discard this packet.\n",
hostname);
free(hostname);
}
return SERVER_AUTH_FAIL;
}
else {
/*
* We don't know if the user wanted authentication so let's
* use it anyways
*/
if (ENABLED_OPT(NORMALVERBOSE)) {
char *hostname = ss_to_str(&sender);
printf("sntp recvpkt: Broadcast packet received from %s is not authentic. Authentication not enforced.\n",
hostname);
free(hostname);
}
is_authentic = 0;
}
}
else {
/* Yay! Things worked out! */
if (ENABLED_OPT(NORMALVERBOSE)) {
char *hostname = ss_to_str(&sender);
printf("sntp recvpkt: Broadcast packet received from %s successfully authenticated using key id %i.\n",
hostname, rpkt->mac[0]);
free(hostname);
}
is_authentic = 1;
}
}
}
}
}
/* Check for server's ntp version */
if (PKT_VERSION(rpkt->li_vn_mode) < NTP_OLDVERSION ||
PKT_VERSION(rpkt->li_vn_mode) > NTP_VERSION) {
if (ENABLED_OPT(NORMALVERBOSE))
printf("sntp recvpkt: Packet got wrong version (%i)\n", PKT_VERSION(rpkt->li_vn_mode));
return SERVER_UNUSEABLE;
}
/* We want a server to sync with */
if (PKT_MODE(rpkt->li_vn_mode) != MODE_SERVER &&
PKT_MODE(rpkt->li_vn_mode) != MODE_PASSIVE) {
if (ENABLED_OPT(NORMALVERBOSE))
printf("sntp recvpkt: mode %d stratum %i\n",
PKT_MODE(rpkt->li_vn_mode), rpkt->stratum);
return SERVER_UNUSEABLE;
}
/* Stratum is unspecified (0) check what's going on */
if (STRATUM_PKT_UNSPEC == rpkt->stratum) {
char *ref_char;
if (ENABLED_OPT(NORMALVERBOSE))
printf("sntp recvpkt: Stratum unspecified, going to check for KOD (stratum: %i)\n", rpkt->stratum);
ref_char = (char *) &rpkt->refid;
if (ENABLED_OPT(NORMALVERBOSE))
printf("sntp recvpkt: Packet refid: %c%c%c%c\n", ref_char[0], ref_char[1], ref_char[2], ref_char[3]);
/* If it's a KOD packet we'll just use the KOD information */
if (ref_char[0] != 'X') {
if (!strncmp(ref_char, "DENY", 4))
return KOD_DEMOBILIZE;
if (!strncmp(ref_char, "RSTR", 4))
return KOD_DEMOBILIZE;
if (!strncmp(ref_char, "RATE", 4))
return KOD_RATE;
/* There are other interesting kiss codes which might be interesting for authentication */
}
}
/* If the server is not synced it's not really useable for us */
if (LEAP_NOTINSYNC == PKT_LEAP(rpkt->li_vn_mode)) {
if (ENABLED_OPT(NORMALVERBOSE))
printf("sntp recvpkt: Server not in sync, skipping this server\n");
return SERVER_UNUSEABLE;
}
/*
* Decode the org timestamp and make sure we're getting a response
* to our last request.
*/
#ifdef DEBUG
printf("rpkt->org:\n");
l_fp_output(&rpkt->org, stdout);
printf("spkt->xmt:\n");
l_fp_output(&spkt->xmt, stdout);
#endif
if (!L_ISEQU(&rpkt->org, &spkt->xmt)) {
if (ENABLED_OPT(NORMALVERBOSE))
printf("sntp recvpkt: pkt.org and peer.xmt differ\n");
return PACKET_UNUSEABLE;
}
return pkt_len;
}
