示例#1
0
/*
 * findexistingpeer - return a pointer to a peer in the hash table
 */
struct peer *
findexistingpeer(
	struct sockaddr_storage *addr,
	struct peer *start_peer,
	int mode
	)
{
	register struct peer *peer;

	/*
	 * start_peer is included so we can locate instances of the
	 * same peer through different interfaces in the hash table.
	 */
	if (start_peer == 0)
		peer = peer_hash[NTP_HASH_ADDR(addr)];
	else
		peer = start_peer->next;
	
	while (peer != 0) {
		if (SOCKCMP(addr, &peer->srcadr)
		    && NSRCPORT(addr) == NSRCPORT(&peer->srcadr)) {
			if (mode == -1)
				return (peer);
			else if (peer->hmode == mode)
				break;
		}
		peer = peer->next;
	}
	return (peer);
}
示例#2
0
/*
 * findpeer - find and return a peer in the hash table.
 */
struct peer *
findpeer(
	struct sockaddr_storage *srcadr,
	struct interface *dstadr,
	int	pkt_mode,
	int	*action
	)
{
	register struct peer *peer;
	int hash;

	findpeer_calls++;
	hash = NTP_HASH_ADDR(srcadr);
	for (peer = peer_hash[hash]; peer != NULL; peer = peer->next) {
		if (SOCKCMP(srcadr, &peer->srcadr) &&
		    NSRCPORT(srcadr) == NSRCPORT(&peer->srcadr)) {

			/*
			 * if the association matching rules determine
			 * that this is not a valid combination, then
			 * look for the next valid peer association.
			 */
			*action = MATCH_ASSOC(peer->hmode, pkt_mode);

			/*
			 * if an error was returned, exit back right
			 * here.
			 */
			if (*action == AM_ERR)
				return ((struct peer *)0);

			/*
			 * if a match is found, we stop our search.
			 */
			if (*action != AM_NOMATCH)
				break;
		}
	}

	/*
	 * If no matching association is found
	 */
	if (peer == 0) {
		*action = MATCH_ASSOC(NO_PEER, pkt_mode);
		return ((struct peer *)0);
	}

	set_peerdstadr(peer, dstadr);

	return (peer);
}
示例#3
0
/*
 * ntp_monitor - record stats about this packet
 *
 * Returns supplied restriction flags, with RES_LIMITED and RES_KOD
 * cleared unless the packet should not be responded to normally
 * (RES_LIMITED) and possibly should trigger a KoD response (RES_KOD).
 * The returned flags are saved in the MRU entry, so that it reflects
 * whether the last packet from that source triggered rate limiting,
 * and if so, possible KoD response.  This implies you can not tell
 * whether a given address is eligible for rate limiting/KoD from the
 * monlist restrict bits, only whether or not the last packet triggered
 * such responses.  ntpdc -c reslist lets you see whether RES_LIMITED
 * or RES_KOD is lit for a particular address before ntp_monitor()'s
 * typical dousing.
 */
u_short
ntp_monitor(
    struct recvbuf *rbufp,
    u_short	flags
)
{
    l_fp		interval_fp;
    struct pkt *	pkt;
    mon_entry *	mon;
    mon_entry *	oldest;
    int		oldest_age;
    u_int		hash;
    u_short		restrict_mask;
    u_char		mode;
    u_char		version;
    int		interval;
    int		head;		/* headway increment */
    int		leak;		/* new headway */
    int		limit;		/* average threshold */

    REQUIRE(rbufp != NULL);

    if (mon_enabled == MON_OFF)
        return ~(RES_LIMITED | RES_KOD) & flags;

    pkt = &rbufp->recv_pkt;
    hash = MON_HASH(&rbufp->recv_srcadr);
    mode = PKT_MODE(pkt->li_vn_mode);
    version = PKT_VERSION(pkt->li_vn_mode);
    mon = mon_hash[hash];

    /*
     * We keep track of all traffic for a given IP in one entry,
     * otherwise cron'ed ntpdate or similar evades RES_LIMITED.
     */

    for (; mon != NULL; mon = mon->hash_next)
        if (SOCK_EQ(&mon->rmtadr, &rbufp->recv_srcadr))
            break;

    if (mon != NULL) {
        interval_fp = rbufp->recv_time;
        L_SUB(&interval_fp, &mon->last);
        /* add one-half second to round up */
        L_ADDUF(&interval_fp, 0x80000000);
        interval = interval_fp.l_i;
        mon->last = rbufp->recv_time;
        NSRCPORT(&mon->rmtadr) = NSRCPORT(&rbufp->recv_srcadr);
        mon->count++;
        restrict_mask = flags;
        mon->vn_mode = VN_MODE(version, mode);

        /* Shuffle to the head of the MRU list. */
        UNLINK_DLIST(mon, mru);
        LINK_DLIST(mon_mru_list, mon, mru);

        /*
         * At this point the most recent arrival is first in the
         * MRU list.  Decrease the counter by the headway, but
         * not less than zero.
         */
        mon->leak -= interval;
        mon->leak = max(0, mon->leak);
        head = 1 << ntp_minpoll;
        leak = mon->leak + head;
        limit = NTP_SHIFT * head;

        DPRINTF(2, ("MRU: interval %d headway %d limit %d\n",
                    interval, leak, limit));

        /*
         * If the minimum and average thresholds are not
         * exceeded, douse the RES_LIMITED and RES_KOD bits and
         * increase the counter by the headway increment.  Note
         * that we give a 1-s grace for the minimum threshold
         * and a 2-s grace for the headway increment.  If one or
         * both thresholds are exceeded and the old counter is
         * less than the average threshold, set the counter to
         * the average threshold plus the increment and leave
         * the RES_LIMITED and RES_KOD bits lit. Otherwise,
         * leave the counter alone and douse the RES_KOD bit.
         * This rate-limits the KoDs to no less than the average
         * headway.
         */
        if (interval + 1 >= ntp_minpkt && leak < limit) {
            mon->leak = leak - 2;
            restrict_mask &= ~(RES_LIMITED | RES_KOD);
        } else if (mon->leak < limit)
            mon->leak = limit + head;
        else
            restrict_mask &= ~RES_KOD;

        mon->flags = restrict_mask;

        return mon->flags;
    }

    /*
     * If we got here, this is the first we've heard of this
     * guy.  Get him some memory, either from the free list
     * or from the tail of the MRU list.
     *
     * The following ntp.conf "mru" knobs come into play determining
     * the depth (or count) of the MRU list:
     * - mru_mindepth ("mru mindepth") is a floor beneath which
     *   entries are kept without regard to their age.  The
     *   default is 600 which matches the longtime implementation
     *   limit on the total number of entries.
     * - mru_maxage ("mru maxage") is a ceiling on the age in
     *   seconds of entries.  Entries older than this are
     *   reclaimed once mon_mindepth is exceeded.  64s default.
     *   Note that entries older than this can easily survive
     *   as they are reclaimed only as needed.
     * - mru_maxdepth ("mru maxdepth") is a hard limit on the
     *   number of entries.
     * - "mru maxmem" sets mru_maxdepth to the number of entries
     *   which fit in the given number of kilobytes.  The default is
     *   1024, or 1 megabyte.
     * - mru_initalloc ("mru initalloc" sets the count of the
     *   initial allocation of MRU entries.
     * - "mru initmem" sets mru_initalloc in units of kilobytes.
     *   The default is 4.
     * - mru_incalloc ("mru incalloc" sets the number of entries to
     *   allocate on-demand each time the free list is empty.
     * - "mru incmem" sets mru_incalloc in units of kilobytes.
     *   The default is 4.
     * Whichever of "mru maxmem" or "mru maxdepth" occurs last in
     * ntp.conf controls.  Similarly for "mru initalloc" and "mru
     * initmem", and for "mru incalloc" and "mru incmem".
     */
    if (mru_entries < mru_mindepth) {
        if (NULL == mon_free)
            mon_getmoremem();
        UNLINK_HEAD_SLIST(mon, mon_free, hash_next);
    } else {
        oldest = TAIL_DLIST(mon_mru_list, mru);
        oldest_age = 0;		/* silence uninit warning */
        if (oldest != NULL) {
            interval_fp = rbufp->recv_time;
            L_SUB(&interval_fp, &oldest->last);
            /* add one-half second to round up */
            L_ADDUF(&interval_fp, 0x80000000);
            oldest_age = interval_fp.l_i;
        }
        /* note -1 is legal for mru_maxage (disables) */
        if (oldest != NULL && mru_maxage < oldest_age) {
            mon_reclaim_entry(oldest);
            mon = oldest;
        } else if (mon_free != NULL || mru_alloc <
                   mru_maxdepth) {
            if (NULL == mon_free)
                mon_getmoremem();
            UNLINK_HEAD_SLIST(mon, mon_free, hash_next);
            /* Preempt from the MRU list if old enough. */
        } else if (ntp_random() / (2. * FRAC) >
                   (double)oldest_age / mon_age) {
            return ~(RES_LIMITED | RES_KOD) & flags;
        } else {
            mon_reclaim_entry(oldest);
            mon = oldest;
        }
    }

    INSIST(mon != NULL);

    /*
     * Got one, initialize it
     */
    mru_entries++;
    mru_peakentries = max(mru_peakentries, mru_entries);
    mon->last = rbufp->recv_time;
    mon->first = mon->last;
    mon->count = 1;
    mon->flags = ~(RES_LIMITED | RES_KOD) & flags;
    mon->leak = 0;
    memcpy(&mon->rmtadr, &rbufp->recv_srcadr, sizeof(mon->rmtadr));
    mon->vn_mode = VN_MODE(version, mode);
    mon->lcladr = rbufp->dstadr;
    mon->cast_flags = (u_char)(((rbufp->dstadr->flags &
                                 INT_MCASTOPEN) && rbufp->fd == mon->lcladr->fd) ? MDF_MCAST
                               : rbufp->fd == mon->lcladr->bfd ? MDF_BCAST : MDF_UCAST);

    /*
     * Drop him into front of the hash table. Also put him on top of
     * the MRU list.
     */
    LINK_SLIST(mon_hash[hash], mon, hash_next);
    LINK_DLIST(mon_mru_list, mon, mru);

    return mon->flags;
}
示例#4
0
/*
 * openhost - open a socket to a host
 */
static int
openhost(
	const char *hname
	)
{
	char temphost[LENHOSTNAME];
	int a_info;
	struct addrinfo hints, *ai = NULL;
	sockaddr_u addr;
	size_t octets;
	const char *cp;
	char name[LENHOSTNAME];
	char service[5];

	/*
	 * We need to get by the [] if they were entered 
	 */
	if (*hname == '[') {
		cp = strchr(hname + 1, ']');
		if (!cp || (octets = (size_t)(cp - hname) - 1) >= sizeof(name)) {
			errno = EINVAL;
			warning("%s", "bad hostname/address");
			return 0;
		}
		memcpy(name, hname + 1, octets);
		name[octets] = '\0';
		hname = name;
	}

	/*
	 * First try to resolve it as an ip address and if that fails,
	 * do a fullblown (dns) lookup. That way we only use the dns
	 * when it is needed and work around some implementations that
	 * will return an "IPv4-mapped IPv6 address" address if you
	 * give it an IPv4 address to lookup.
	 */
	strlcpy(service, "ntp", sizeof(service));
	ZERO(hints);
	hints.ai_family = ai_fam_templ;
	hints.ai_protocol = IPPROTO_UDP;
	hints.ai_socktype = SOCK_DGRAM;
	hints.ai_flags = Z_AI_NUMERICHOST;

	a_info = getaddrinfo(hname, service, &hints, &ai);
	if (a_info == EAI_NONAME
#ifdef EAI_NODATA
	    || a_info == EAI_NODATA
#endif
	   ) {
		hints.ai_flags = AI_CANONNAME;
#ifdef AI_ADDRCONFIG
		hints.ai_flags |= AI_ADDRCONFIG;
#endif
		a_info = getaddrinfo(hname, service, &hints, &ai);	
	}
	/* Some older implementations don't like AI_ADDRCONFIG. */
	if (a_info == EAI_BADFLAGS) {
		hints.ai_flags = AI_CANONNAME;
		a_info = getaddrinfo(hname, service, &hints, &ai);	
	}
	if (a_info != 0) {
		fprintf(stderr, "%s\n", gai_strerror(a_info));
		if (ai != NULL)
			freeaddrinfo(ai);
		return 0;
	}

	/* 
	 * getaddrinfo() has returned without error so ai should not 
	 * be NULL.
	 */
	INSIST(ai != NULL);
	ZERO(addr);
	octets = min(sizeof(addr), ai->ai_addrlen);
	memcpy(&addr, ai->ai_addr, octets);

	if (ai->ai_canonname == NULL)
		strlcpy(temphost, stoa(&addr), sizeof(temphost));
	else
		strlcpy(temphost, ai->ai_canonname, sizeof(temphost));

	if (debug > 2)
		printf("Opening host %s\n", temphost);

	if (havehost == 1) {
		if (debug > 2)
			printf("Closing old host %s\n", currenthost);
		closesocket(sockfd);
		havehost = 0;
	}
	strlcpy(currenthost, temphost, sizeof(currenthost));
	
	/* port maps to the same in both families */
	s_port = NSRCPORT(&addr);; 
#ifdef SYS_VXWORKS
	((struct sockaddr_in6 *)&hostaddr)->sin6_port = htons(SERVER_PORT_NUM);
	if (ai->ai_family == AF_INET)
		*(struct sockaddr_in *)&hostaddr= 
			*((struct sockaddr_in *)ai->ai_addr);
	else 
		*(struct sockaddr_in6 *)&hostaddr= 
			*((struct sockaddr_in6 *)ai->ai_addr);
#endif /* SYS_VXWORKS */

#ifdef SYS_WINNT
	{
		int optionValue = SO_SYNCHRONOUS_NONALERT;
		int err;

		err = setsockopt(INVALID_SOCKET, SOL_SOCKET, SO_OPENTYPE, (void *)&optionValue, sizeof(optionValue));
		if (err != NO_ERROR) {
			(void) fprintf(stderr, "cannot open nonoverlapped sockets\n");
			exit(1);
		}
	}
#endif /* SYS_WINNT */

	sockfd = socket(ai->ai_family, SOCK_DGRAM, 0);
	if (sockfd == INVALID_SOCKET) {
		error("socket");
		exit(-1);
	}
	
#ifdef NEED_RCVBUF_SLOP
# ifdef SO_RCVBUF
	{
		int rbufsize = INITDATASIZE + 2048; /* 2K for slop */

		if (setsockopt(sockfd, SOL_SOCKET, SO_RCVBUF,
			       (void *)&rbufsize, sizeof(int)) == -1)
		    error("setsockopt");
	}
# endif
#endif

#ifdef SYS_VXWORKS
	if (connect(sockfd, (struct sockaddr *)&hostaddr, 
		    sizeof(hostaddr)) == -1)
#else
	if (connect(sockfd, ai->ai_addr, ai->ai_addrlen) == -1)
#endif /* SYS_VXWORKS */
	{
		error("connect");
		exit(-1);
	}

	freeaddrinfo(ai);
	havehost = 1;
	req_pkt_size = REQ_LEN_NOMAC;
	impl_ver = IMPL_XNTPD;
	return 1;
}
示例#5
0
文件: ntpdc.c 项目: fgken/netbsd-src
/*
 * openhost - open a socket to a host
 */
static int
openhost(
	const char *hname
	)
{
	char temphost[LENHOSTNAME];
	int a_info, i;
	struct addrinfo hints, *ai = NULL;
	sockaddr_u addr;
	size_t octets;
	register const char *cp;
	char name[LENHOSTNAME];
	char service[5];

	/*
	 * We need to get by the [] if they were entered 
	 */
	
	cp = hname;
	
	if (*cp == '[') {
		cp++;	
		for (i = 0; *cp && *cp != ']'; cp++, i++)
			name[i] = *cp;
		if (*cp == ']') {
			name[i] = '\0';
			hname = name;
		} else {
			return 0;
		}
	}	

	/*
	 * First try to resolve it as an ip address and if that fails,
	 * do a fullblown (dns) lookup. That way we only use the dns
	 * when it is needed and work around some implementations that
	 * will return an "IPv4-mapped IPv6 address" address if you
	 * give it an IPv4 address to lookup.
	 */
	strlcpy(service, "ntp", sizeof(service));
	ZERO(hints);
	hints.ai_family = ai_fam_templ;
	hints.ai_protocol = IPPROTO_UDP;
	hints.ai_socktype = SOCK_DGRAM;
	hints.ai_flags = Z_AI_NUMERICHOST;

	a_info = getaddrinfo(hname, service, &hints, &ai);
	if (a_info == EAI_NONAME
#ifdef EAI_NODATA
	    || a_info == EAI_NODATA
#endif
	   ) {
		hints.ai_flags = AI_CANONNAME;
#ifdef AI_ADDRCONFIG
		hints.ai_flags |= AI_ADDRCONFIG;
#endif
		a_info = getaddrinfo(hname, service, &hints, &ai);	
	}
	/* Some older implementations don't like AI_ADDRCONFIG. */
	if (a_info == EAI_BADFLAGS) {
		hints.ai_flags = AI_CANONNAME;
		a_info = getaddrinfo(hname, service, &hints, &ai);	
	}
	if (a_info != 0) {
		fprintf(stderr, "%s\n", gai_strerror(a_info));
		if (ai != NULL)
			freeaddrinfo(ai);
		return 0;
	}

	/* 
	 * getaddrinfo() has returned without error so ai should not 
	 * be NULL.
	 */
	INSIST(ai != NULL);
	ZERO(addr);
	octets = min(sizeof(addr), ai->ai_addrlen);
	memcpy(&addr, ai->ai_addr, octets);

	if (ai->ai_canonname == NULL)
		strlcpy(temphost, stoa(&addr), sizeof(temphost));
	else
		strlcpy(temphost, ai->ai_canonname, sizeof(temphost));

	if (debug > 2)
		printf("Opening host %s\n", temphost);

	if (havehost == 1) {
		if (debug > 2)
			printf("Closing old host %s\n", currenthost);
		closesocket(sockfd);
		havehost = 0;
	}
	strlcpy(currenthost, temphost, sizeof(currenthost));
	
	/* port maps to the same in both families */
	s_port = NSRCPORT(&addr);; 
#ifdef SYS_VXWORKS
	((struct sockaddr_in6 *)&hostaddr)->sin6_port = htons(SERVER_PORT_NUM);
	if (ai->ai_family == AF_INET)
		*(struct sockaddr_in *)&hostaddr= 
			*((struct sockaddr_in *)ai->ai_addr);
	else 
		*(struct sockaddr_in6 *)&hostaddr= 
			*((struct sockaddr_in6 *)ai->ai_addr);
#endif /* SYS_VXWORKS */

#ifdef SYS_WINNT
	{
		int optionValue = SO_SYNCHRONOUS_NONALERT;
		int err;

		err = setsockopt(INVALID_SOCKET, SOL_SOCKET, SO_OPENTYPE, (char *)&optionValue, sizeof(optionValue));
		if (err != NO_ERROR) {
			(void) fprintf(stderr, "cannot open nonoverlapped sockets\n");
			exit(1);
		}
	}
#endif /* SYS_WINNT */

	sockfd = socket(ai->ai_family, SOCK_DGRAM, 0);
	if (sockfd == INVALID_SOCKET) {
		error("socket");
		exit(-1);
	}
	
#ifdef NEED_RCVBUF_SLOP
# ifdef SO_RCVBUF
	{
		int rbufsize = INITDATASIZE + 2048; /* 2K for slop */

		if (setsockopt(sockfd, SOL_SOCKET, SO_RCVBUF,
			       &rbufsize, sizeof(int)) == -1)
		    error("setsockopt");
	}
# endif
#endif

#ifdef SYS_VXWORKS
	if (connect(sockfd, (struct sockaddr *)&hostaddr, 
		    sizeof(hostaddr)) == -1) {
#else
	if (connect(sockfd, ai->ai_addr, ai->ai_addrlen) == -1) {
#endif /* SYS_VXWORKS */
		error("connect");
		exit(-1);
	}

	freeaddrinfo(ai);
	havehost = 1;
	req_pkt_size = REQ_LEN_NOMAC;
	impl_ver = IMPL_XNTPD;
	return 1;
}


/* XXX ELIMINATE sendpkt similar in ntpq.c, ntpdc.c, ntp_io.c, ntptrace.c */
/*
 * sendpkt - send a packet to the remote host
 */
static int
sendpkt(
	void *	xdata,
	size_t	xdatalen
	)
{
	if (send(sockfd, xdata, xdatalen, 0) == -1) {
		warning("write to %s failed", currenthost);
		return -1;
	}

	return 0;
}


/*
 * growpktdata - grow the packet data area
 */
static void
growpktdata(void)
{
	size_t priorsz;

	priorsz = (size_t)pktdatasize;
	pktdatasize += INCDATASIZE;
	pktdata = erealloc_zero(pktdata, (size_t)pktdatasize, priorsz);
}