/*
* Table of valid association combinations
* ---------------------------------------
*
* packet->mode
* peer->mode | UNSPEC ACTIVE PASSIVE CLIENT SERVER BCAST
* ---------- | ---------------------------------------------
* NO_PEER | e 1 0 1 1 1
* ACTIVE | e 1 1 0 0 0
* PASSIVE | e 1 e 0 0 0
* CLIENT | e 0 0 0 1 0
* SERVER | e 0 0 0 0 0
* BCAST | e 0 0 0 0 0
* BCLIENT | e 0 0 0 e 1
*
* One point to note here: a packet in BCAST mode can potentially match
* a peer in CLIENT mode, but we that is a special case and we check for
* that early in the decision process. This avoids having to keep track
* of what kind of associations are possible etc... We actually
* circumvent that problem by requiring that the first b(m)roadcast
* received after the change back to BCLIENT mode sets the clock.
*/
#define AM_MODES 7 /* number of rows and columns */
#define NO_PEER 0 /* action when no peer is found */
/*
* These routines manage the allocation of memory to peer structures
* and the maintenance of three data structures involving all peers:
*
* - peer_list is a single list with all peers, suitable for scanning
* operations over all peers.
* - peer_adr_hash is an array of lists indexed by hashed peer address.
* - peer_aid_hash is an array of lists indexed by hashed associd.
*
* They also maintain a free list of peer structures, peer_free.
*
* The three main entry points are findpeer(), which looks for matching
* peer structures in the peer list, newpeer(), which allocates a new
* peer structure and adds it to the list, and unpeer(), which
* demobilizes the association and deallocates the structure.
*/
/*
* Peer hash tables
*/
struct peer *peer_hash[NTP_HASH_SIZE]; /* peer hash table */
int peer_hash_count[NTP_HASH_SIZE]; /* peers in each bucket */
struct peer *assoc_hash[NTP_HASH_SIZE]; /* association ID hash table */
int assoc_hash_count[NTP_HASH_SIZE];/* peers in each bucket */
struct peer *peer_list; /* peer structures list */
static struct peer *peer_free; /* peer structures free list */
int peer_free_count; /* count of free structures */
/*
* Association ID. We initialize this value randomly, then assign a new
* value every time an association is mobilized.
*/
static associd_t current_association_ID; /* actually next poss. ID */
static associd_t initial_association_ID;
/*
* Memory allocation watermarks.
*/
#define INIT_PEER_ALLOC 8 /* static preallocation */
#define INC_PEER_ALLOC 4 /* add N more when empty */
/*
* Miscellaneous statistic counters which may be queried.
*/
u_long peer_timereset; /* time stat counters zeroed */
u_long findpeer_calls; /* calls to findpeer */
u_long assocpeer_calls; /* calls to findpeerbyassoc */
u_long peer_allocations; /* allocations from free list */
u_long peer_demobilizations; /* structs freed to free list */
int total_peer_structs; /* peer structs */
int peer_associations; /* mobilized associations */
int peer_preempt; /* preemptable associations */
static struct peer init_peer_alloc[INIT_PEER_ALLOC]; /* init alloc */
/*
* init_peer - initialize peer data structures and counters
*
* N.B. We use the random number routine in here. It had better be
* initialized prior to getting here.
*/
void
init_peer(void)
{
int i;
/*
* Initialize peer free list from static allocation.
*/
for (i = COUNTOF(init_peer_alloc) - 1; i >= 0; i--)
LINK_SLIST(peer_free, &init_peer_alloc[i], p_link);
total_peer_structs = COUNTOF(init_peer_alloc);
peer_free_count = COUNTOF(init_peer_alloc);
/*
* Initialize our first association ID
*/
do
current_association_ID = ntp_random() & ASSOCID_MAX;
while (!current_association_ID);
initial_association_ID = current_association_ID;
}
/*
* getmorepeermem - add more peer structures to the free list
*/
static void
getmorepeermem(void)
{
int i;
struct peer *peers;
/*
* start_peer is included so we can locate instances of the
* same peer through different interfaces in the hash table.
* Without MDF_BCLNT, a match requires the same mode and remote
* address. MDF_BCLNT associations start out as MODE_CLIENT
* if broadcastdelay is not specified, and switch to
* MODE_BCLIENT after estimating the one-way delay. Duplicate
* associations are expanded in definition to match any other
* MDF_BCLNT with the same srcadr (remote, unicast address).
*/
if (NULL == start_peer)
peer = peer_hash[NTP_HASH_ADDR(addr)];
else
peer = start_peer->adr_link;
/*
* findpeer - find and return a peer match for a received datagram in
* the peer_hash table.
*
* [Bug 3072] To faciliate a faster reorganisation after routing changes
* the original code re-assigned the peer address to be the destination
* of the received packet and initiated another round on a mismatch.
* Unfortunately this leaves us wide open for a DoS attack where the
* attacker directs a packet with forged destination address to us --
* this results in a wrong interface assignment, actually creating a DoS
* situation.
*
* This condition would persist until the next update of the interface
* list, but a continued attack would put us out of business again soon
* enough. Authentication alone does not help here, since it does not
* protect the UDP layer and leaves us open for a replay attack.
*
* So we do not update the addresses and wait until the next interface
* list update does the right thing for us.
*/
struct peer *
findpeer(
struct recvbuf *rbufp,
int pkt_mode,
int * action
)
{
struct peer * p;
sockaddr_u * srcadr;
u_int hash;
struct pkt * pkt;
l_fp pkt_org;
findpeer_calls++;
srcadr = &rbufp->recv_srcadr;
hash = NTP_HASH_ADDR(srcadr);
for (p = peer_hash[hash]; p != NULL; p = p->adr_link) {
/* [Bug 3072] ensure interface of peer matches */
/* [Bug 3356] ... if NOT a broadcast peer! */
if (p->hmode != MODE_BCLIENT && p->dstadr != rbufp->dstadr)
continue;
/* If the association matching rules determine that this
* is not a valid combination, then look for the next
* valid peer association.
*/
*action = MATCH_ASSOC(p->hmode, pkt_mode);
/* A response to our manycastclient solicitation might
* be misassociated with an ephemeral peer already spun
* for the server. If the packet's org timestamp
* doesn't match the peer's, check if it matches the
* ACST prototype peer's. If so it is a redundant
* solicitation response, return AM_ERR to discard it.
* [Bug 1762]
*/
if (MODE_SERVER == pkt_mode && AM_PROCPKT == *action) {
pkt = &rbufp->recv_pkt;
NTOHL_FP(&pkt->org, &pkt_org);
if (!L_ISEQU(&p->aorg, &pkt_org) &&
findmanycastpeer(rbufp))
*action = AM_ERR;
}
/* if an error was returned, exit back right here. */
if (*action == AM_ERR) {
return NULL;
}
/* if a match is found, we stop our search. */
if (*action != AM_NOMATCH) {
break;
}
}
/* If no matching association is found... */
if (NULL == p) {
*action = MATCH_ASSOC(NO_PEER, pkt_mode);
}
return p;
}
/*
* findpeerbyassoc - find and return a peer using his association ID
*/
struct peer *
findpeerbyassoc(
associd_t assoc
)
{
struct peer *p;
u_int hash;
assocpeer_calls++;
hash = assoc & NTP_HASH_MASK;
for (p = assoc_hash[hash]; p != NULL; p = p->aid_link)
if (assoc == p->associd)
break;
return p;
}
/*
* clear_all - flush all time values for all associations
*/
void
clear_all(void)
{
struct peer *p;
/*
* This routine is called when the clock is stepped, and so all
* previously saved time values are untrusted.
*/
for (p = peer_list; p != NULL; p = p->p_link)
if (!(MDF_TXONLY_MASK & p->cast_flags))
peer_clear(p, "STEP");
DPRINTF(1, ("clear_all: at %lu\n", current_time));
}
/*
* score_all() - determine if an association can be demobilized
*/
int
score_all(
struct peer *peer /* peer structure pointer */
)
{
struct peer *speer;
int temp, tamp;
int x;
/*
* This routine finds the minimum score for all preemptible
* associations and returns > 0 if the association can be
* demobilized.
*/
tamp = score(peer);
temp = 100;
for (speer = peer_list; speer != NULL; speer = speer->p_link)
if (speer->flags & FLAG_PREEMPT) {
x = score(speer);
if (x < temp)
temp = x;
}
DPRINTF(1, ("score_all: at %lu score %d min %d\n",
current_time, tamp, temp));
/*
* This routine calculates the premption score from the peer
* error bits and status. Increasing values are more cherished.
*/
temp = 0;
if (!(peer->flash & TEST10))
temp++; /* 1 good synch and stratum */
if (!(peer->flash & TEST13))
temp++; /* 2 reachable */
if (!(peer->flash & TEST12))
temp++; /* 3 no loop */
if (!(peer->flash & TEST11))
temp++; /* 4 good distance */
if (peer->status >= CTL_PST_SEL_SELCAND)
temp++; /* 5 in the hunt */
if (peer->status != CTL_PST_SEL_EXCESS)
temp++; /* 6 not spare tire */
return (temp); /* selection status */
}
/*
* free_peer - internal routine to free memory referred to by a struct
* peer and return it to the peer free list. If unlink is
* nonzero, unlink from the various lists.
*/
static void
free_peer(
struct peer * p,
int unlink_peer
)
{
struct peer * unlinked;
int hash;
if (unlink_peer) {
hash = NTP_HASH_ADDR(&p->srcadr);
peer_hash_count[hash]--;
UNLINK_SLIST(unlinked, peer_hash[hash], p, adr_link,
struct peer);
if (NULL == unlinked) {
peer_hash_count[hash]++;
msyslog(LOG_ERR, "peer %s not in address table!",
stoa(&p->srcadr));
}
/*
* Remove him from the association hash as well.
*/
hash = p->associd & NTP_HASH_MASK;
assoc_hash_count[hash]--;
UNLINK_SLIST(unlinked, assoc_hash[hash], p, aid_link,
struct peer);
if (NULL == unlinked) {
assoc_hash_count[hash]++;
msyslog(LOG_ERR,
"peer %s not in association ID table!",
stoa(&p->srcadr));
}
/* Remove him from the overall list. */
UNLINK_SLIST(unlinked, peer_list, p, p_link,
struct peer);
if (NULL == unlinked)
msyslog(LOG_ERR, "%s not in peer list!",
stoa(&p->srcadr));
}
if (p->hostname != NULL)
free(p->hostname);
if (p->ident != NULL)
free(p->ident);
if (p->addrs != NULL)
free(p->addrs); /* from copy_addrinfo_list() */
/* Add his corporeal form to peer free list */
ZERO(*p);
LINK_SLIST(peer_free, p, p_link);
peer_free_count++;
}
/*
* unpeer - remove peer structure from hash table and free structure
*/
void
unpeer(
struct peer *peer
)
{
mprintf_event(PEVNT_DEMOBIL, peer, "assoc %u", peer->associd);
restrict_source(&peer->srcadr, TRUE, 0);
peer->flags |= FLAG_DISABLED;
set_peerdstadr(peer, NULL);
peer_demobilizations++;
peer_associations--;
if (FLAG_PREEMPT & peer->flags)
peer_preempt--;
#ifdef REFCLOCK
/*
* If this peer is actually a clock, shut it down first
*/
if (FLAG_REFCLOCK & peer->flags)
refclock_unpeer(peer);
#endif
/*
* We do a dirty little jig to figure the cast flags. This is
* probably not the best place to do this, at least until the
* configure code is rebuilt. Note only one flag can be set.
*/
switch (hmode) {
case MODE_BROADCAST:
if (IS_MCAST(srcadr))
cast_flags = MDF_MCAST;
else
cast_flags = MDF_BCAST;
break;
case MODE_CLIENT:
if (hostname != NULL && SOCK_UNSPEC(srcadr))
cast_flags = MDF_POOL;
else if (IS_MCAST(srcadr))
cast_flags = MDF_ACAST;
else
cast_flags = MDF_UCAST;
break;
default:
cast_flags = MDF_UCAST;
}
/*
* Mobilize the association and initialize its variables. If
* emulating ntpdate, force iburst. For pool and manycastclient
* strip FLAG_PREEMPT as the prototype associations are not
* themselves preemptible, though the resulting associations
* are.
*/
flags |= FLAG_CONFIG;
if (mode_ntpdate)
flags |= FLAG_IBURST;
if ((MDF_ACAST | MDF_POOL) & cast_flags)
flags &= ~FLAG_PREEMPT;
return newpeer(srcadr, hostname, dstadr, ippeerlimit, hmode, version,
minpoll, maxpoll, flags, cast_flags, ttl, key, ident);
}
/*
* setup peer dstadr field keeping it in sync with the interface
* structures
*/
void
set_peerdstadr(
struct peer * p,
endpt * dstadr
)
{
struct peer * unlinked;
DEBUG_INSIST(p != NULL);
if (p == NULL)
return;
/* check for impossible or identical assignment */
if (p->dstadr == dstadr)
return;
/*
* Do not change the local address of a link-local
* peer address.
*/
if ( p->dstadr != NULL && is_linklocal(&p->dstadr->sin)
&& dstadr != NULL) {
return;
}
/*
* Do not set the local address for a link-local IPv6 peer
* to one with a different scope ID.
*/
if ( dstadr != NULL && IS_IPV6(&p->srcadr)
&& SCOPE(&dstadr->sin) != SCOPE(&p->srcadr)) {
return;
}
/*
* Don't accept updates to a separate multicast receive-only
* endpt while a BCLNT peer is running its unicast protocol.
*/
if (dstadr != NULL && (FLAG_BC_VOL & p->flags) &&
(INT_MCASTIF & dstadr->flags) && MODE_CLIENT == p->hmode) {
return;
}
/* unlink from list if we have an address prior to assignment */
if (p->dstadr != NULL) {
p->dstadr->peercnt--;
UNLINK_SLIST(unlinked, p->dstadr->peers, p, ilink,
struct peer);
}
if ( !IS_MCAST(&p->srcadr) && !(FLAG_DISABLED & p->flags)
&& !initializing) {
msyslog(LOG_INFO, "%s local addr %s -> %s",
stoa(&p->srcadr), eptoa(p->dstadr),
eptoa(dstadr));
}
p->dstadr = dstadr;
/* link to list if we have an address after assignment */
if (p->dstadr != NULL) {
LINK_SLIST(dstadr->peers, p, ilink);
dstadr->peercnt++;
}
}
piface = p->dstadr;
set_peerdstadr(p, niface);
if (p->dstadr != NULL) {
/*
* clear crypto if we change the local address
*/
if (p->dstadr != piface && !(MDF_ACAST & p->cast_flags)
&& MODE_BROADCAST != p->pmode)
peer_clear(p, "XFAC");
/*
* Broadcast needs the socket enabled for broadcast
*/
if (MDF_BCAST & p->cast_flags)
enable_broadcast(p->dstadr, &p->srcadr);
/*
* Multicast needs the socket interface enabled for
* multicast
*/
if (MDF_MCAST & p->cast_flags)
enable_multicast_if(p->dstadr, &p->srcadr);
}
}
/*
* refresh_all_peerinterfaces - see that all interface bindings are up
* to date
*/
void
refresh_all_peerinterfaces(void)
{
struct peer *p;
/*
* This is called when the interface list has changed.
* Give peers a chance to find a better interface.
*/
for (p = peer_list; p != NULL; p = p->p_link) {
/*
* Bug 2849 XOR 2043
* Change local address only if the peer doesn't
* have a local address already or if the one
* they have hasn't worked for a while.
*/
if (p->dstadr != NULL && (p->reach & 0x3)) {
continue;
}
peer_refresh_interface(p);
}
}
#ifdef AUTOKEY
/*
* If Autokey is requested but not configured, complain loudly.
*/
if (!crypto_flags) {
if (key > NTP_MAXKEY) {
return (NULL);
} else if (flags & FLAG_SKEY) {
msyslog(LOG_ERR, "Rejecting Autokey with %s,"
" built without support.",
stoa(srcadr));
return (NULL);
}
}
#endif /* AUTOKEY */
/*
* For now only pool associations have a hostname.
*/
INSIST(NULL == hostname || (MDF_POOL & cast_flags));
/*
* First search from the beginning for an association with given
* remote address and mode. If an interface is given, search
* from there to find the association which matches that
* destination. If the given interface is "any", track down the
* actual interface, because that's what gets put into the peer
* structure.
*/
if (dstadr != NULL) {
peer = findexistingpeer(srcadr, hostname, NULL, hmode,
cast_flags, &ip_count);
while (peer != NULL) {
if ( peer->dstadr == dstadr
|| ( (MDF_BCLNT & cast_flags)
&& (MDF_BCLNT & peer->cast_flags)))
break;
if (dstadr == ANY_INTERFACE_CHOOSE(srcadr) &&
peer->dstadr == findinterface(srcadr))
break;
/*
* In any case, do not create an association with a duplicate
* remote address (srcadr) except for undefined (zero) address.
* Arguably this should be part of the logic above but
* [Bug 3888] exposed a situation with manycastclient where
* duplicate associations happened.
*/
if (NULL == peer) {
for (peer = peer_list;
peer != NULL;
peer = peer->p_link) {
if ( SOCK_EQ(srcadr, &peer->srcadr)
&& !SOCK_UNSPEC(srcadr)
&& !SOCK_UNSPEC(&peer->srcadr)) {
/* leave peer non-NULL */
break;
}
}
}
/*
* If a peer is found, this would be a duplicate and we don't
* allow that. This avoids duplicate ephemeral (broadcast/
* multicast) and preemptible (manycast and pool) client
* associations.
*/
if (peer != NULL) {
DPRINTF(2, ("%s(%s) found existing association\n",
__func__,
(hostname)
? hostname
: stoa(srcadr)));
return NULL;
}
#if 0
DPRINTF(1, ("newpeer(%s) found no existing and %d other associations\n",
(hostname)
? hostname
: stoa(srcadr),
ip_count));
#endif
/*
* Allocate a new peer structure. Some dirt here, since some of
* the initialization requires knowlege of our system state.
*/
if (peer_free_count == 0)
getmorepeermem();
UNLINK_HEAD_SLIST(peer, peer_free, p_link);
INSIST(peer != NULL);
peer_free_count--;
peer_associations++;
if (FLAG_PREEMPT & flags)
peer_preempt++;
/*
* Assign an available association ID. Zero is reserved.
*/
do {
while (0 == ++current_association_ID) {
/* EMPTY */
}
} while (NULL != findpeerbyassoc(current_association_ID));
peer->associd = current_association_ID;
/*
* Zero for minpoll or maxpoll means use defaults.
*/
peer->maxpoll = (0 == maxpoll)
? NTP_MAXDPOLL
: maxpoll;
peer->minpoll = (0 == minpoll)
? NTP_MINDPOLL
: minpoll;
/*
* Clamp maxpoll and minpoll within NTP_MINPOLL and NTP_MAXPOLL,
* and further clamp minpoll less than or equal maxpoll.
*/
peer->maxpoll = CLAMP(peer->maxpoll, NTP_MINPOLL, NTP_MAXPOLL);
peer->minpoll = CLAMP(peer->minpoll, NTP_MINPOLL, peer->maxpoll);
if (peer->dstadr != NULL) {
DPRINTF(3, ("newpeer(%s): using fd %d and our addr %s\n",
stoa(srcadr), peer->dstadr->fd,
stoa(&peer->dstadr->sin)));
} else {
DPRINTF(3, ("newpeer(%s): local addr unavailable\n",
stoa(srcadr)));
}
/*
* Broadcast needs the socket enabled for broadcast
*/
if ((MDF_BCAST & cast_flags) && peer->dstadr != NULL) {
enable_broadcast(peer->dstadr, srcadr);
}
/*
* Multicast needs the socket interface enabled for multicast
*/
if ((MDF_MCAST & cast_flags) && peer->dstadr != NULL) {
enable_multicast_if(peer->dstadr, srcadr);
}
#ifdef AUTOKEY
if (key > NTP_MAXKEY)
peer->flags |= FLAG_SKEY;
#endif /* AUTOKEY */
peer->ttl = ttl;
peer->keyid = key;
if (ident != NULL) {
peer->ident = estrdup(ident);
}
peer->precision = sys_precision;
peer->hpoll = peer->minpoll;
if (cast_flags & MDF_ACAST) {
peer_clear(peer, "ACST");
} else if (cast_flags & MDF_POOL) {
peer_clear(peer, "POOL");
} else if (cast_flags & MDF_MCAST) {
peer_clear(peer, "MCST");
} else if (cast_flags & MDF_BCAST) {
peer_clear(peer, "BCST");
} else {
peer_clear(peer, "INIT");
}
if (mode_ntpdate) {
peer_ntpdate++;
}
/*
* Note time on statistics timers.
*/
peer->timereset = current_time;
peer->timereachable = current_time;
peer->timereceived = current_time;
if (ISREFCLOCKADR(&peer->srcadr)) {
#ifdef REFCLOCK
/*
* We let the reference clock support do clock
* dependent initialization. This includes setting
* the peer timer, since the clock may have requirements
* for this.
*/
if (!refclock_newpeer(peer)) {
/*
* Dump it, something screwed up
*/
set_peerdstadr(peer, NULL);
free_peer(peer, 0);
return NULL;
}
#else /* REFCLOCK */
msyslog(LOG_ERR, "refclock %s isn't supported. ntpd was compiled without refclock support.",
stoa(&peer->srcadr));
set_peerdstadr(peer, NULL);
free_peer(peer, 0);
return NULL;
#endif /* REFCLOCK */
}
/*
* Put the new peer in the hash tables.
*/
hash = NTP_HASH_ADDR(&peer->srcadr);
LINK_SLIST(peer_hash[hash], peer, adr_link);
peer_hash_count[hash]++;
hash = peer->associd & NTP_HASH_MASK;
LINK_SLIST(assoc_hash[hash], peer, aid_link);
assoc_hash_count[hash]++;
LINK_SLIST(peer_list, peer, p_link);
/*
* findmanycastpeer - find and return a manycastclient or pool
* association matching a received response.
*/
struct peer *
findmanycastpeer(
struct recvbuf *rbufp /* receive buffer pointer */
)
{
struct peer *peer;
struct pkt *pkt;
l_fp p_org;
/*
* This routine is called upon arrival of a server-mode response
* to a manycastclient multicast solicitation, or to a pool
* server unicast solicitation. Search the peer list for a
* manycastclient association where the last transmit timestamp
* matches the response packet's originate timestamp. There can
* be multiple manycastclient associations, or multiple pool
* solicitation assocations, so this assumes the transmit
* timestamps are unique for such.
*/
pkt = &rbufp->recv_pkt;
for (peer = peer_list; peer != NULL; peer = peer->p_link)
if (MDF_SOLICIT_MASK & peer->cast_flags) {
NTOHL_FP(&pkt->org, &p_org);
if (L_ISEQU(&p_org, &peer->aorg)) {
break;
}
}
return peer;
}
/* peer_cleanup - clean peer list prior to shutdown */
void peer_cleanup(void)
{
struct peer *peer;
struct peer *nextpeer;
