/*
* findexistingpeer - return a pointer to a peer in the hash table
*/
struct peer *
findexistingpeer(
struct sockaddr_storage *addr,
struct peer *start_peer,
int mode
)
{
register struct peer *peer;
/*
* start_peer is included so we can locate instances of the
* same peer through different interfaces in the hash table.
*/
if (start_peer == 0)
peer = peer_hash[NTP_HASH_ADDR(addr)];
else
peer = start_peer->next;
while (peer != 0) {
if (SOCKCMP(addr, &peer->srcadr)
&& NSRCPORT(addr) == NSRCPORT(&peer->srcadr)) {
if (mode == -1)
return (peer);
else if (peer->hmode == mode)
break;
}
peer = peer->next;
}
return (peer);
}
/*
* findpeer - find and return a peer in the hash table.
*/
struct peer *
findpeer(
struct sockaddr_storage *srcadr,
struct interface *dstadr,
int pkt_mode,
int *action
)
{
register struct peer *peer;
int hash;
findpeer_calls++;
hash = NTP_HASH_ADDR(srcadr);
for (peer = peer_hash[hash]; peer != NULL; peer = peer->next) {
if (SOCKCMP(srcadr, &peer->srcadr) &&
NSRCPORT(srcadr) == NSRCPORT(&peer->srcadr)) {
/*
* if the association matching rules determine
* that this is not a valid combination, then
* look for the next valid peer association.
*/
*action = MATCH_ASSOC(peer->hmode, pkt_mode);
/*
* if an error was returned, exit back right
* here.
*/
if (*action == AM_ERR)
return ((struct peer *)0);
/*
* if a match is found, we stop our search.
*/
if (*action != AM_NOMATCH)
break;
}
}
/*
* If no matching association is found
*/
if (peer == 0) {
*action = MATCH_ASSOC(NO_PEER, pkt_mode);
return ((struct peer *)0);
}
set_peerdstadr(peer, dstadr);
return (peer);
}
/*
* ntp_monitor - record stats about this packet
*
* Returns supplied restriction flags, with RES_LIMITED and RES_KOD
* cleared unless the packet should not be responded to normally
* (RES_LIMITED) and possibly should trigger a KoD response (RES_KOD).
* The returned flags are saved in the MRU entry, so that it reflects
* whether the last packet from that source triggered rate limiting,
* and if so, possible KoD response. This implies you can not tell
* whether a given address is eligible for rate limiting/KoD from the
* monlist restrict bits, only whether or not the last packet triggered
* such responses. ntpdc -c reslist lets you see whether RES_LIMITED
* or RES_KOD is lit for a particular address before ntp_monitor()'s
* typical dousing.
*/
u_short
ntp_monitor(
struct recvbuf *rbufp,
u_short flags
)
{
l_fp interval_fp;
struct pkt * pkt;
mon_entry * mon;
mon_entry * oldest;
int oldest_age;
u_int hash;
u_short restrict_mask;
u_char mode;
u_char version;
int interval;
int head; /* headway increment */
int leak; /* new headway */
int limit; /* average threshold */
REQUIRE(rbufp != NULL);
if (mon_enabled == MON_OFF)
return ~(RES_LIMITED | RES_KOD) & flags;
pkt = &rbufp->recv_pkt;
hash = MON_HASH(&rbufp->recv_srcadr);
mode = PKT_MODE(pkt->li_vn_mode);
version = PKT_VERSION(pkt->li_vn_mode);
mon = mon_hash[hash];
/*
* We keep track of all traffic for a given IP in one entry,
* otherwise cron'ed ntpdate or similar evades RES_LIMITED.
*/
for (; mon != NULL; mon = mon->hash_next)
if (SOCK_EQ(&mon->rmtadr, &rbufp->recv_srcadr))
break;
if (mon != NULL) {
interval_fp = rbufp->recv_time;
L_SUB(&interval_fp, &mon->last);
/* add one-half second to round up */
L_ADDUF(&interval_fp, 0x80000000);
interval = interval_fp.l_i;
mon->last = rbufp->recv_time;
NSRCPORT(&mon->rmtadr) = NSRCPORT(&rbufp->recv_srcadr);
mon->count++;
restrict_mask = flags;
mon->vn_mode = VN_MODE(version, mode);
/* Shuffle to the head of the MRU list. */
UNLINK_DLIST(mon, mru);
LINK_DLIST(mon_mru_list, mon, mru);
/*
* At this point the most recent arrival is first in the
* MRU list. Decrease the counter by the headway, but
* not less than zero.
*/
mon->leak -= interval;
mon->leak = max(0, mon->leak);
head = 1 << ntp_minpoll;
leak = mon->leak + head;
limit = NTP_SHIFT * head;
DPRINTF(2, ("MRU: interval %d headway %d limit %d\n",
interval, leak, limit));
/*
* If the minimum and average thresholds are not
* exceeded, douse the RES_LIMITED and RES_KOD bits and
* increase the counter by the headway increment. Note
* that we give a 1-s grace for the minimum threshold
* and a 2-s grace for the headway increment. If one or
* both thresholds are exceeded and the old counter is
* less than the average threshold, set the counter to
* the average threshold plus the increment and leave
* the RES_LIMITED and RES_KOD bits lit. Otherwise,
* leave the counter alone and douse the RES_KOD bit.
* This rate-limits the KoDs to no less than the average
* headway.
*/
if (interval + 1 >= ntp_minpkt && leak < limit) {
mon->leak = leak - 2;
restrict_mask &= ~(RES_LIMITED | RES_KOD);
} else if (mon->leak < limit)
mon->leak = limit + head;
else
restrict_mask &= ~RES_KOD;
mon->flags = restrict_mask;
return mon->flags;
}
/*
* If we got here, this is the first we've heard of this
* guy. Get him some memory, either from the free list
* or from the tail of the MRU list.
*
* The following ntp.conf "mru" knobs come into play determining
* the depth (or count) of the MRU list:
* - mru_mindepth ("mru mindepth") is a floor beneath which
* entries are kept without regard to their age. The
* default is 600 which matches the longtime implementation
* limit on the total number of entries.
* - mru_maxage ("mru maxage") is a ceiling on the age in
* seconds of entries. Entries older than this are
* reclaimed once mon_mindepth is exceeded. 64s default.
* Note that entries older than this can easily survive
* as they are reclaimed only as needed.
* - mru_maxdepth ("mru maxdepth") is a hard limit on the
* number of entries.
* - "mru maxmem" sets mru_maxdepth to the number of entries
* which fit in the given number of kilobytes. The default is
* 1024, or 1 megabyte.
* - mru_initalloc ("mru initalloc" sets the count of the
* initial allocation of MRU entries.
* - "mru initmem" sets mru_initalloc in units of kilobytes.
* The default is 4.
* - mru_incalloc ("mru incalloc" sets the number of entries to
* allocate on-demand each time the free list is empty.
* - "mru incmem" sets mru_incalloc in units of kilobytes.
* The default is 4.
* Whichever of "mru maxmem" or "mru maxdepth" occurs last in
* ntp.conf controls. Similarly for "mru initalloc" and "mru
* initmem", and for "mru incalloc" and "mru incmem".
*/
if (mru_entries < mru_mindepth) {
if (NULL == mon_free)
mon_getmoremem();
UNLINK_HEAD_SLIST(mon, mon_free, hash_next);
} else {
oldest = TAIL_DLIST(mon_mru_list, mru);
oldest_age = 0; /* silence uninit warning */
if (oldest != NULL) {
interval_fp = rbufp->recv_time;
L_SUB(&interval_fp, &oldest->last);
/* add one-half second to round up */
L_ADDUF(&interval_fp, 0x80000000);
oldest_age = interval_fp.l_i;
}
/* note -1 is legal for mru_maxage (disables) */
if (oldest != NULL && mru_maxage < oldest_age) {
mon_reclaim_entry(oldest);
mon = oldest;
} else if (mon_free != NULL || mru_alloc <
mru_maxdepth) {
if (NULL == mon_free)
mon_getmoremem();
UNLINK_HEAD_SLIST(mon, mon_free, hash_next);
/* Preempt from the MRU list if old enough. */
} else if (ntp_random() / (2. * FRAC) >
(double)oldest_age / mon_age) {
return ~(RES_LIMITED | RES_KOD) & flags;
} else {
mon_reclaim_entry(oldest);
mon = oldest;
}
}
INSIST(mon != NULL);
/*
* Got one, initialize it
*/
mru_entries++;
mru_peakentries = max(mru_peakentries, mru_entries);
mon->last = rbufp->recv_time;
mon->first = mon->last;
mon->count = 1;
mon->flags = ~(RES_LIMITED | RES_KOD) & flags;
mon->leak = 0;
memcpy(&mon->rmtadr, &rbufp->recv_srcadr, sizeof(mon->rmtadr));
mon->vn_mode = VN_MODE(version, mode);
mon->lcladr = rbufp->dstadr;
mon->cast_flags = (u_char)(((rbufp->dstadr->flags &
INT_MCASTOPEN) && rbufp->fd == mon->lcladr->fd) ? MDF_MCAST
: rbufp->fd == mon->lcladr->bfd ? MDF_BCAST : MDF_UCAST);
/*
* Drop him into front of the hash table. Also put him on top of
* the MRU list.
*/
LINK_SLIST(mon_hash[hash], mon, hash_next);
LINK_DLIST(mon_mru_list, mon, mru);
return mon->flags;
}
/*
* openhost - open a socket to a host
*/
static int
openhost(
const char *hname
)
{
char temphost[LENHOSTNAME];
int a_info;
struct addrinfo hints, *ai = NULL;
sockaddr_u addr;
size_t octets;
const char *cp;
char name[LENHOSTNAME];
char service[5];
/*
* We need to get by the [] if they were entered
*/
if (*hname == '[') {
cp = strchr(hname + 1, ']');
if (!cp || (octets = (size_t)(cp - hname) - 1) >= sizeof(name)) {
errno = EINVAL;
warning("%s", "bad hostname/address");
return 0;
}
memcpy(name, hname + 1, octets);
name[octets] = '\0';
hname = name;
}
/*
* First try to resolve it as an ip address and if that fails,
* do a fullblown (dns) lookup. That way we only use the dns
* when it is needed and work around some implementations that
* will return an "IPv4-mapped IPv6 address" address if you
* give it an IPv4 address to lookup.
*/
strlcpy(service, "ntp", sizeof(service));
ZERO(hints);
hints.ai_family = ai_fam_templ;
hints.ai_protocol = IPPROTO_UDP;
hints.ai_socktype = SOCK_DGRAM;
hints.ai_flags = Z_AI_NUMERICHOST;
a_info = getaddrinfo(hname, service, &hints, &ai);
if (a_info == EAI_NONAME
#ifdef EAI_NODATA
|| a_info == EAI_NODATA
#endif
) {
hints.ai_flags = AI_CANONNAME;
#ifdef AI_ADDRCONFIG
hints.ai_flags |= AI_ADDRCONFIG;
#endif
a_info = getaddrinfo(hname, service, &hints, &ai);
}
/* Some older implementations don't like AI_ADDRCONFIG. */
if (a_info == EAI_BADFLAGS) {
hints.ai_flags = AI_CANONNAME;
a_info = getaddrinfo(hname, service, &hints, &ai);
}
if (a_info != 0) {
fprintf(stderr, "%s\n", gai_strerror(a_info));
if (ai != NULL)
freeaddrinfo(ai);
return 0;
}
/*
* getaddrinfo() has returned without error so ai should not
* be NULL.
*/
INSIST(ai != NULL);
ZERO(addr);
octets = min(sizeof(addr), ai->ai_addrlen);
memcpy(&addr, ai->ai_addr, octets);
if (ai->ai_canonname == NULL)
strlcpy(temphost, stoa(&addr), sizeof(temphost));
else
strlcpy(temphost, ai->ai_canonname, sizeof(temphost));
if (debug > 2)
printf("Opening host %s\n", temphost);
if (havehost == 1) {
if (debug > 2)
printf("Closing old host %s\n", currenthost);
closesocket(sockfd);
havehost = 0;
}
strlcpy(currenthost, temphost, sizeof(currenthost));
/* port maps to the same in both families */
s_port = NSRCPORT(&addr);;
#ifdef SYS_VXWORKS
((struct sockaddr_in6 *)&hostaddr)->sin6_port = htons(SERVER_PORT_NUM);
if (ai->ai_family == AF_INET)
*(struct sockaddr_in *)&hostaddr=
*((struct sockaddr_in *)ai->ai_addr);
else
*(struct sockaddr_in6 *)&hostaddr=
*((struct sockaddr_in6 *)ai->ai_addr);
#endif /* SYS_VXWORKS */
#ifdef SYS_WINNT
{
int optionValue = SO_SYNCHRONOUS_NONALERT;
int err;
err = setsockopt(INVALID_SOCKET, SOL_SOCKET, SO_OPENTYPE, (void *)&optionValue, sizeof(optionValue));
if (err != NO_ERROR) {
(void) fprintf(stderr, "cannot open nonoverlapped sockets\n");
exit(1);
}
}
#endif /* SYS_WINNT */
sockfd = socket(ai->ai_family, SOCK_DGRAM, 0);
if (sockfd == INVALID_SOCKET) {
error("socket");
exit(-1);
}
#ifdef NEED_RCVBUF_SLOP
# ifdef SO_RCVBUF
{
int rbufsize = INITDATASIZE + 2048; /* 2K for slop */
if (setsockopt(sockfd, SOL_SOCKET, SO_RCVBUF,
(void *)&rbufsize, sizeof(int)) == -1)
error("setsockopt");
}
# endif
#endif
#ifdef SYS_VXWORKS
if (connect(sockfd, (struct sockaddr *)&hostaddr,
sizeof(hostaddr)) == -1)
#else
if (connect(sockfd, ai->ai_addr, ai->ai_addrlen) == -1)
#endif /* SYS_VXWORKS */
{
error("connect");
exit(-1);
}
freeaddrinfo(ai);
havehost = 1;
req_pkt_size = REQ_LEN_NOMAC;
impl_ver = IMPL_XNTPD;
return 1;
}
/*
* openhost - open a socket to a host
*/
static int
openhost(
const char *hname
)
{
char temphost[LENHOSTNAME];
int a_info, i;
struct addrinfo hints, *ai = NULL;
sockaddr_u addr;
size_t octets;
register const char *cp;
char name[LENHOSTNAME];
char service[5];
/*
* We need to get by the [] if they were entered
*/
cp = hname;
if (*cp == '[') {
cp++;
for (i = 0; *cp && *cp != ']'; cp++, i++)
name[i] = *cp;
if (*cp == ']') {
name[i] = '\0';
hname = name;
} else {
return 0;
}
}
/*
* First try to resolve it as an ip address and if that fails,
* do a fullblown (dns) lookup. That way we only use the dns
* when it is needed and work around some implementations that
* will return an "IPv4-mapped IPv6 address" address if you
* give it an IPv4 address to lookup.
*/
strlcpy(service, "ntp", sizeof(service));
ZERO(hints);
hints.ai_family = ai_fam_templ;
hints.ai_protocol = IPPROTO_UDP;
hints.ai_socktype = SOCK_DGRAM;
hints.ai_flags = Z_AI_NUMERICHOST;
a_info = getaddrinfo(hname, service, &hints, &ai);
if (a_info == EAI_NONAME
#ifdef EAI_NODATA
|| a_info == EAI_NODATA
#endif
) {
hints.ai_flags = AI_CANONNAME;
#ifdef AI_ADDRCONFIG
hints.ai_flags |= AI_ADDRCONFIG;
#endif
a_info = getaddrinfo(hname, service, &hints, &ai);
}
/* Some older implementations don't like AI_ADDRCONFIG. */
if (a_info == EAI_BADFLAGS) {
hints.ai_flags = AI_CANONNAME;
a_info = getaddrinfo(hname, service, &hints, &ai);
}
if (a_info != 0) {
fprintf(stderr, "%s\n", gai_strerror(a_info));
if (ai != NULL)
freeaddrinfo(ai);
return 0;
}
/*
* getaddrinfo() has returned without error so ai should not
* be NULL.
*/
INSIST(ai != NULL);
ZERO(addr);
octets = min(sizeof(addr), ai->ai_addrlen);
memcpy(&addr, ai->ai_addr, octets);
if (ai->ai_canonname == NULL)
strlcpy(temphost, stoa(&addr), sizeof(temphost));
else
strlcpy(temphost, ai->ai_canonname, sizeof(temphost));
if (debug > 2)
printf("Opening host %s\n", temphost);
if (havehost == 1) {
if (debug > 2)
printf("Closing old host %s\n", currenthost);
closesocket(sockfd);
havehost = 0;
}
strlcpy(currenthost, temphost, sizeof(currenthost));
/* port maps to the same in both families */
s_port = NSRCPORT(&addr);;
#ifdef SYS_VXWORKS
((struct sockaddr_in6 *)&hostaddr)->sin6_port = htons(SERVER_PORT_NUM);
if (ai->ai_family == AF_INET)
*(struct sockaddr_in *)&hostaddr=
*((struct sockaddr_in *)ai->ai_addr);
else
*(struct sockaddr_in6 *)&hostaddr=
*((struct sockaddr_in6 *)ai->ai_addr);
#endif /* SYS_VXWORKS */
#ifdef SYS_WINNT
{
int optionValue = SO_SYNCHRONOUS_NONALERT;
int err;
err = setsockopt(INVALID_SOCKET, SOL_SOCKET, SO_OPENTYPE, (char *)&optionValue, sizeof(optionValue));
if (err != NO_ERROR) {
(void) fprintf(stderr, "cannot open nonoverlapped sockets\n");
exit(1);
}
}
#endif /* SYS_WINNT */
sockfd = socket(ai->ai_family, SOCK_DGRAM, 0);
if (sockfd == INVALID_SOCKET) {
error("socket");
exit(-1);
}
#ifdef NEED_RCVBUF_SLOP
# ifdef SO_RCVBUF
{
int rbufsize = INITDATASIZE + 2048; /* 2K for slop */
if (setsockopt(sockfd, SOL_SOCKET, SO_RCVBUF,
&rbufsize, sizeof(int)) == -1)
error("setsockopt");
}
# endif
#endif
#ifdef SYS_VXWORKS
if (connect(sockfd, (struct sockaddr *)&hostaddr,
sizeof(hostaddr)) == -1) {
#else
if (connect(sockfd, ai->ai_addr, ai->ai_addrlen) == -1) {
#endif /* SYS_VXWORKS */
error("connect");
exit(-1);
}
freeaddrinfo(ai);
havehost = 1;
req_pkt_size = REQ_LEN_NOMAC;
impl_ver = IMPL_XNTPD;
return 1;
}
/* XXX ELIMINATE sendpkt similar in ntpq.c, ntpdc.c, ntp_io.c, ntptrace.c */
/*
* sendpkt - send a packet to the remote host
*/
static int
sendpkt(
void * xdata,
size_t xdatalen
)
{
if (send(sockfd, xdata, xdatalen, 0) == -1) {
warning("write to %s failed", currenthost);
return -1;
}
return 0;
}
/*
* growpktdata - grow the packet data area
*/
static void
growpktdata(void)
{
size_t priorsz;
priorsz = (size_t)pktdatasize;
pktdatasize += INCDATASIZE;
pktdata = erealloc_zero(pktdata, (size_t)pktdatasize, priorsz);
}