116
131
* server modes) and those that do (all other modes). The dance
117
132
* is intricate...
135
* Orphan mode is active when enabled and when no servers less
136
* than the orphan statum are available. In this mode packets
137
* are sent at the orphan stratum. An orphan with no other
138
* synchronization source is an orphan parent. It assumes root
139
* delay zero and reference ID the loopback address. All others
140
* are orphan children with root delay randomized over a 1-s
141
* range. The root delay is used by the election algorithm to
142
* select the order of synchronization.
119
144
hpoll = peer->hpoll;
145
if (sys_orphan < STRATUM_UNSPEC && sys_peer == NULL) {
146
sys_leap = LEAP_NOWARNING;
147
sys_stratum = sys_orphan;
148
sys_refid = htonl(LOOPBACKADR);
150
sys_rootdispersion = 0;
154
* In broadcast mode the poll interval is never changed from
120
157
if (peer->cast_flags & (MDF_BCAST | MDF_MCAST)) {
123
* In broadcast mode the poll interval is never changed
128
} else if (peer->cast_flags & MDF_ACAST) {
131
* In manycast mode we start with the minpoll interval
132
* and unity ttl. The ttl is increased by one for each
133
* poll until either enough servers have been found or
134
* the maximum ttl is reached. About once per day when
135
* the agreement parameters are refreshed, the manycast
136
* clients are reset and we start from the beginning.
137
* This is to catch and clamp the ttl to the lowest
138
* practical value and avoid knocking on spurious doors.
140
if (sys_survivors < sys_minclock && peer->ttl <
158
peer->outdate = current_time;
160
poll_update(peer, hpoll);
165
* In manycast mode we start with unity ttl. The ttl is
166
* increased by one for each poll until either sys_maxclock
167
* servers have been found or the maximum ttl is reached. When
168
* sys_maxclock servers are found we stop polling until one or
169
* more servers have timed out or until less than minpoll
170
* associations turn up. In this case additional better servers
171
* are dragged in and preempt the existing ones.
173
if (peer->cast_flags & MDF_ACAST) {
174
peer->outdate = current_time;
175
if (peer->unreach > sys_beacon) {
179
} else if (sys_survivors < sys_minclock ||
180
peer_preempt < sys_maxclock) {
181
if (peer->ttl < sys_ttlmax)
186
poll_update(peer, hpoll);
191
* In unicast modes the dance is much more intricate. It is
192
* desigmed to back off whenever possible to minimize network
195
if (peer->burst == 0) {
199
* Update the reachability status. If not heard for
200
* three consecutive polls, stuff infinity in the clock
203
oreach = peer->reach;
204
peer->outdate = current_time;
205
if (peer == sys_peer)
208
if (!(peer->reach & 0x07))
209
clock_filter(peer, 0., 0., MAXDISPERSE);
213
* Here the peer is unreachable. If it was
214
* previously reachable, raise a trap.
217
report_event(EVNT_UNREACH, peer);
218
peer->timereachable = current_time;
222
* Send a burst if enabled, but only once after
223
* a peer becomes unreachable. If the prempt
224
* flag is dim, bump the unreach counter by one;
225
* otherwise, bump it by three.
227
if (peer->flags & FLAG_IBURST &&
228
peer->unreach == 0) {
229
peer->burst = NTP_BURST;
231
if (!(peer->flags & FLAG_PREEMPT))
238
* Here the peer is reachable. Set the poll
239
* interval to the system poll interval. Send a
240
* burst only if enabled and the peer is fit.
242
* Respond to the peer evaluation produced by
243
* the selection algorithm. If less than the
244
* outlyer level, up the unreach by three. If
245
* there are excess associations, up the unreach
246
* by two if not a candidate and by one if so.
248
if (!(peer->flags & FLAG_PREEMPT)) {
250
} else if (peer->status < CTL_PST_SEL_SELCAND) {
252
} else if (peer_preempt > sys_maxclock) {
253
if (peer->status < CTL_PST_SEL_SYNCCAND)
261
if (peer->flags & FLAG_BURST &&
263
peer->burst = NTP_BURST;
267
* Watch for timeout. If ephemeral or preemptable, toss
268
* the rascal; otherwise, bump the poll interval.
270
if (peer->unreach >= NTP_UNREACH) {
271
if (peer->flags & FLAG_PREEMPT ||
272
!(peer->flags & FLAG_CONFIG)) {
273
peer_clear(peer, "TIME");
284
* If a broadcast client at this point, the burst has
285
* concluded, so we switch to client mode and purge the
286
* keylist, since no further transmissions will be made.
144
288
if (peer->burst == 0) {
147
oreach = peer->reach;
149
peer->hyst *= HYST_TC;
150
if (peer->reach == 0) {
153
* If this association has become
154
* unreachable, clear it and raise a
158
report_event(EVNT_UNREACH,
160
peer->timereachable =
162
if (peer->flags & FLAG_CONFIG) {
172
* If a configured association has been
173
* unreachable for a long time, double
174
* it at each poll and send a single
175
* packet instead of a burst. If not
176
* configured, off it. If it flashes
177
* authentic error, mark it
178
* cryptographically dead.
180
if (peer->unreach < NTP_UNREACH) {
182
if (peer->flags & FLAG_IBURST &&
183
!(peer->flash & TEST5))
184
peer->burst = NTP_BURST;
185
} else if (!(peer->flags &
190
} else if (peer->flash & TEST5) {
191
peer_clear(peer, "CRYPTO");
192
peer->flash += TEST4;
194
if (hpoll < peer->maxpoll)
199
* Here the peer is reachable. If it has
200
* not been heard for three consecutive
201
* polls, stuff infinity in the clock
202
* filter. Next, determine the poll
203
* interval. If the peer is unfit for
204
* synchronization, increase it by one;
205
* else, use the system poll interval,
206
* but clamp it within bounds for this
210
if (!(peer->reach & 0x07))
211
clock_filter(peer, 0., 0.,
213
if (peer_unfit(peer)) {
214
if (hpoll < peer->maxpoll)
218
if (hpoll > peer->maxpoll)
219
hpoll = peer->maxpoll;
220
else if (hpoll < peer->minpoll)
221
hpoll = peer->minpoll;
222
if (peer->flags & FLAG_BURST)
223
peer->burst = NTP_BURST;
289
if (peer->cast_flags & MDF_BCLNT) {
290
peer->hmode = MODE_BCLIENT;
229
* Call-gap control. If we are restrained, each
230
* burst consists of only one packet.
297
* If ntpdate mode and the clock has not been
298
* set and all peers have completed the burst,
299
* we declare a successful failure.
232
if (memcmp(&peer->refid, "RSTR", 4) == 0)
236
if (peer->burst == 0) {
239
* If a broadcast client at this point,
240
* the burst has concluded, so we switch
241
* to client mode and purge the keylist,
242
* since no further transmissions will
245
if (peer->cast_flags & MDF_BCLNT) {
246
peer->hmode = MODE_BCLIENT;
253
* If ntpdate mode and the clock has not
254
* been set and all peers have completed
255
* the burst, we declare a successful
260
if (peer_ntpdate == 0) {
262
"no reply; clock not set");
267
poll_update(peer, hpoll);
303
if (peer_ntpdate == 0) {
305
"no reply; clock not set");
272
peer->outdate = peer->nextdate = current_time;
275
313
* Do not transmit if in broadcast client mode.
277
if (peer->hmode == MODE_BCLIENT) {
278
poll_update(peer, hpoll);
282
* Do not transmit in broadcast mode unless we are synchronized.
284
} else if (peer->hmode == MODE_BROADCAST && sys_peer == NULL) {
285
poll_update(peer, hpoll);
290
* Do not transmit if in access-deny or crypto jail. Clamp the
291
* poll to minimum if a get out of jail free card shows up.
293
if (peer->flash & TEST4) {
294
if (!(peer->flags & FLAG_CONFIG)) {
298
poll_update(peer, peer->minpoll);
315
if (peer->hmode != MODE_BCLIENT)
301
poll_update(peer, hpoll);
317
poll_update(peer, hpoll);
306
322
* receive - Receive Procedure. See section 3.4.3 in the specification.
497
502
* address used to construct the autokey is the unicast address
498
503
* of the interface. However, if the sender is a broadcaster,
499
504
* the interface broadcast address is used instead.
500
* Notwithstanding this technobabble, if the sender is a
505
& Notwithstanding this technobabble, if the sender is a
501
506
* multicaster, the broadcast address is null, so we use the
502
507
* unicast address anyway. Don't ask.
504
peer = findpeer(&rbufp->recv_srcadr, rbufp->dstadr, rbufp->fd,
509
peer = findpeer(&rbufp->recv_srcadr, rbufp->dstadr, hismode,
507
511
dstadr_sin = &rbufp->dstadr->sin;
512
NTOHL_FP(&pkt->org, &p_org);
513
NTOHL_FP(&pkt->rec, &p_rec);
514
NTOHL_FP(&pkt->xmt, &p_xmt);
517
* Authentication is conditioned by three switches:
519
* NOPEER (RES_NOPEER) do not mobilize an association unless
521
* NOTRUST (RES_DONTTRUST) do not allow access unless
522
* authenticated (implies NOPEER)
523
* enable (sys_authenticate) master NOPEER switch, by default
526
* The NOPEER and NOTRUST can be specified on a per-client basis
527
* using the restrict command. The enable switch if on implies
528
* NOPEER for all clients. There are four outcomes:
530
* NONE The packet has no MAC.
531
* OK the packet has a MAC and authentication succeeds
532
* ERROR the packet has a MAC and authentication fails
533
* CRYPTO crypto-NAK. The MAC has four octets only.
535
* Note: The AUTH(x, y) macro is used to filter outcomes. If x
536
* is zero, acceptable outcomes of y are NONE and OK. If x is
537
* one, the only acceptable outcome of y is OK.
508
539
if (has_mac == 0) {
511
printf("receive: at %ld %s<-%s mode %d code %d\n",
512
current_time, stoa(&rbufp->dstadr->sin),
513
stoa(&rbufp->recv_srcadr), hismode,
540
is_authentic = AUTH_NONE; /* not required */
543
printf("receive: at %ld %s<-%s mode %d code %d auth %d\n",
544
current_time, stoa(dstadr_sin),
545
stoa(&rbufp->recv_srcadr), hismode, retcode,
548
} else if (has_mac == 4) {
549
is_authentic = AUTH_CRYPTO; /* crypto-NAK */
553
"receive: at %ld %s<-%s mode %d code %d keyid %08x len %d mac %d auth %d\n",
554
current_time, stoa(dstadr_sin),
555
stoa(&rbufp->recv_srcadr), hismode, retcode,
556
skeyid, authlen, has_mac, is_authentic);
614
662
"receive: at %ld %s<-%s mode %d code %d keyid %08x len %d mac %d auth %d\n",
615
663
current_time, stoa(dstadr_sin),
616
664
stoa(&rbufp->recv_srcadr), hismode, retcode,
617
skeyid, authlen, has_mac,
665
skeyid, authlen, has_mac, is_authentic);
623
670
* The association matching rules are implemented by a set of
624
* routines and a table in ntp_peer.c. A packet matching an
625
* association is processed by that association. If not and
626
* certain conditions prevail, then an ephemeral association is
627
* mobilized: a broadcast packet mobilizes a broadcast client
671
* routines and an association table. A packet matching an
672
* association is processed by the peer process for that
673
* association. If there are no errors, an ephemeral association
674
* is mobilized: a broadcast packet mobilizes a broadcast client
628
675
* aassociation; a manycast server packet mobilizes a manycast
629
676
* client association; a symmetric active packet mobilizes a
630
* symmetric passive association. And, the adventure
677
* symmetric passive association.
633
679
switch (retcode) {
682
* This is a client mode packet not matching any association. If
683
* an ordinary client, simply toss a server mode packet back
684
* over the fence. If a manycast client, we have to work a
637
* This is a client mode packet not matching a known
638
* association. If from a manycast client we run a few
639
* sanity checks before deciding to send a unicast
640
* server response. Otherwise, it must be a client
641
* request, so send a server response and go home.
643
if (rbufp->dstadr->flags & INT_MULTICAST) {
646
* Do not respond to multicast if not configured
647
* as a manycast server.
649
if (hismode == MODE_CLIENT &&
654
* There is no reason to respond to a request if
655
* our time is worse than the manycaster or it
656
* has already synchronized to us.
658
if (sys_peer == NULL ||
659
PKT_TO_STRATUM(pkt->stratum) <
660
sys_stratum || (sys_cohort &&
661
PKT_TO_STRATUM(pkt->stratum) ==
662
sys_stratum) || rbufp->dstadr->addr_refid ==
664
return; /* manycast dropped */
668
* Note that we don't require an authentication check
669
* here, since we can't set the system clock; but, we do
670
* send a crypto-NAK to tell the caller about this.
672
if (has_mac && !is_authentic)
673
fast_xmit(rbufp, MODE_SERVER, 0, restrict_mask);
690
* The vanilla case is when this is not a multicast
691
* interface. If authentication succeeds, return a
692
* server mode packet; if not and the key ID is nonzero,
693
* return a crypto-NAK.
695
if (!(rbufp->dstadr->flags & INT_MCASTOPEN)) {
696
if (AUTH(restrict_mask & RES_DONTTRUST,
698
fast_xmit(rbufp, MODE_SERVER, skeyid,
700
else if (is_authentic == AUTH_ERROR)
701
fast_xmit(rbufp, MODE_SERVER, 0,
707
* This must be manycast. Do not respond if not
708
* configured as a manycast server.
710
if (!sys_manycastserver) {
712
return; /* not enabled */
716
* Do not respond if unsynchronized or stratum is below
717
* the floor or at or above the ceiling.
719
if (sys_leap == LEAP_NOTINSYNC || sys_stratum <
720
sys_floor || sys_stratum >= sys_ceiling)
721
return; /* bad stratum */
724
* Do not respond if our stratum is greater than the
725
* manycaster or it has already synchronized to us.
727
if (sys_peer == NULL || hisstratum < sys_stratum ||
728
(sys_cohort && hisstratum == sys_stratum) ||
729
rbufp->dstadr->addr_refid == pkt->refid)
730
return; /* no help */
733
* Respond only if authentication succeeds. Don't do a
734
* crypto-NAK, as that would not be useful.
736
if (AUTH(restrict_mask & RES_DONTTRUST, is_authentic))
675
737
fast_xmit(rbufp, MODE_SERVER, skeyid,
743
* This is a server mode packet returned in response to a client
744
* mode packet sent to a multicast group address. The origin
745
* timestamp is a good nonce to reliably associate the reply
746
* with what was sent. If there is no match, that's curious and
747
* could be an intruder attempting to clog, so we just ignore
750
* If the packet is authentic and the manycast association is
751
* found, we mobilize a client association and copy pertinent
752
* variables from the manycast association to the new client
753
* association. If not, just ignore the packet.
755
* There is an implosion hazard at the manycast client, since
756
* the manycast servers send the server packet immediately. If
757
* the guy is already here, don't fire up a duplicate.
679
759
case AM_MANYCAST:
760
if (!AUTH(sys_authenticate | (restrict_mask &
761
(RES_NOPEER | RES_DONTTRUST)), is_authentic))
762
return; /* bad auth */
682
* This is a server mode packet returned in response to
683
* a client mode packet sent to a multicast group
684
* address. The originate timestamp is a good nonce to
685
* reliably associate the reply with what was sent. If
686
* there is no match, that's curious and could be an
687
* intruder attempting to clog, so we just ignore it.
689
* First, make sure the packet is authentic and not
690
* restricted. If so and the manycast association is
691
* found, we mobilize a client association and copy
692
* pertinent variables from the manycast association to
693
* the new client association.
695
* There is an implosion hazard at the manycast client,
696
* since the manycast servers send the server packet
697
* immediately. If the guy is already here, don't fire
700
if (restrict_mask & RES_DONTTRUST) {
764
if ((peer2 = findmanycastpeer(rbufp)) == NULL) {
701
765
sys_restricted++;
702
return; /* no trust */
766
return; /* not enabled */
704
if (sys_authenticate && !is_authentic)
705
return; /* bad auth */
707
if ((peer2 = findmanycastpeer(rbufp)) == NULL)
708
return; /* no assoc match */
710
if ((peer = newpeer(&rbufp->recv_srcadr, rbufp->dstadr,
711
MODE_CLIENT, PKT_VERSION(pkt->li_vn_mode),
712
NTP_MINDPOLL, NTP_MAXDPOLL, FLAG_IBURST, MDF_UCAST |
713
MDF_ACLNT, 0, skeyid)) == NULL)
768
if ((peer = newpeer(&rbufp->recv_srcadr,
769
rbufp->dstadr, MODE_CLIENT,
770
hisversion, NTP_MINDPOLL, NTP_MAXDPOLL,
771
FLAG_IBURST | FLAG_PREEMPT, MDF_UCAST | MDF_ACLNT,
714
773
return; /* system error */
719
778
peer->ttl = peer2->ttl;
782
* This is the first packet received from a broadcast server. If
783
* the packet is authentic and we are enabled as broadcast
784
* client, mobilize a broadcast client association. We don't
785
* kiss any frogs here.
788
if (!AUTH(sys_authenticate | (restrict_mask &
789
(RES_NOPEER | RES_DONTTRUST)), is_authentic))
790
return; /* bad auth */
793
* Do not respond if unsynchronized or stratum is below
794
* the floor or at or above the ceiling.
796
if (hisleap == LEAP_NOTINSYNC || hisstratum <
797
sys_floor || hisstratum >= sys_ceiling)
798
return; /* bad stratum */
800
switch (sys_bclient) {
803
* If not enabled, just skedaddle.
807
return; /* not enabled */
810
* Execute the initial volley in order to calibrate the
811
* propagation delay and run the Autokey protocol, if
815
if ((peer = newpeer(&rbufp->recv_srcadr,
816
rbufp->dstadr, MODE_CLIENT, hisversion,
817
NTP_MINDPOLL, NTP_MAXDPOLL, FLAG_MCAST |
818
FLAG_IBURST, MDF_BCLNT, 0, skeyid)) ==
820
return; /* system error */
822
if (skeyid > NTP_MAXKEY)
823
crypto_recv(peer, rbufp);
829
* Do not execute the initial volley.
834
* If a two-way exchange is not possible,
835
* neither is Autokey.
837
if (skeyid > NTP_MAXKEY) {
839
"receive: autokey requires two-way communication");
840
return; /* no autokey */
843
if ((peer = newpeer(&rbufp->recv_srcadr,
844
rbufp->dstadr, MODE_BCLIENT, hisversion,
845
NTP_MINDPOLL, NTP_MAXDPOLL, 0, MDF_BCLNT, 0,
847
return; /* system error */
852
* This is the first packet received from a symmetric active
853
* peer. If the packet is authentic and the first he sent,
854
* mobilize a passive association. If not, kiss the frog.
725
* This is the first packet received from a symmetric
726
* active peer. First, make sure it is authentic and not
727
* restricted. If so, mobilize a passive association.
728
* If authentication fails send a crypto-NAK; otherwise,
859
* If the inbound packet is correctly authenticated and
860
* enabled, a symmetric passive association is
861
* mobilized. If not but correctly authenticated, a
862
* symmetric active response is sent. If authentication
863
* fails, send a crypto-NAK packet.
731
if (restrict_mask & RES_DONTTRUST) {
733
return; /* no trust */
865
if (!AUTH(restrict_mask & RES_DONTTRUST, is_authentic))
867
if (is_authentic == AUTH_ERROR)
868
fast_xmit(rbufp, MODE_ACTIVE, 0,
870
return; /* bad auth */
735
if (sys_authenticate && !is_authentic) {
736
fast_xmit(rbufp, MODE_PASSIVE, 0,
872
if (!AUTH(sys_authenticate | (restrict_mask &
873
RES_NOPEER), is_authentic)) {
874
fast_xmit(rbufp, MODE_ACTIVE, skeyid,
738
return; /* bad auth */
740
if ((peer = newpeer(&rbufp->recv_srcadr, rbufp->dstadr,
741
MODE_PASSIVE, PKT_VERSION(pkt->li_vn_mode),
880
* Do not respond if stratum is below the floor.
882
if (hisstratum < sys_floor)
883
return; /* bad stratum */
885
if ((peer = newpeer(&rbufp->recv_srcadr,
886
rbufp->dstadr, MODE_PASSIVE, hisversion,
742
887
NTP_MINDPOLL, NTP_MAXDPOLL, 0, MDF_UCAST, 0,
743
888
skeyid)) == NULL)
744
889
return; /* system error */
751
* This is the first packet received from a broadcast
752
* server. First, make sure it is authentic and not
753
* restricted and that we are a broadcast client. If so,
754
* mobilize a broadcast client association. We don't
755
* kiss any frogs here.
757
if (restrict_mask & RES_DONTTRUST) {
759
return; /* no trust */
761
if (sys_authenticate && !is_authentic)
762
return; /* bad auth */
764
if (sys_bclient == 0)
765
return; /* not a client */
767
if (sys_bclient == 1)
768
peer = newpeer(&rbufp->recv_srcadr, rbufp->dstadr,
769
MODE_CLIENT, PKT_VERSION(pkt->li_vn_mode),
770
NTP_MINDPOLL, NTP_MAXDPOLL, FLAG_MCAST |
771
FLAG_IBURST, MDF_BCLNT, 0, skeyid);
773
peer = newpeer(&rbufp->recv_srcadr, rbufp->dstadr,
774
MODE_BCLIENT, PKT_VERSION(pkt->li_vn_mode),
775
NTP_MINDPOLL, NTP_MAXDPOLL, 0, MDF_BCLNT, 0,
778
return; /* system error */
781
* Danger looms. If this is autokey, go process the
782
* extension fields. If something goes wrong, abandon
783
* ship and don't trust subsequent packets.
786
if ((rval = crypto_recv(peer, rbufp)) !=
788
struct sockaddr_storage mskadr_sin;
792
SET_HOSTMASK(&mskadr_sin,
793
rbufp->recv_srcadr.ss_family);
794
hack_restrict(RESTRICT_FLAGS,
795
&rbufp->recv_srcadr, &mskadr_sin,
796
0, RES_DONTTRUST | RES_TIMEOUT);
800
"packet: bad exten %x\n",
811
* This is a broadcast packet received in client mode.
812
* It could happen if the initial client/server volley
813
* is not complete before the next broadcast packet is
814
* received. Be liberal in what we accept.
893
* Process regular packet. Nothing special.
819
* This is a symmetric mode packet received in symmetric
820
* mode, a server packet received in client mode or a
821
* broadcast packet received in broadcast client mode.
822
* If it is restricted, this is very strange because it
823
* is rude to send a packet to a restricted address. If
824
* anyway, flash a restrain kiss and skedaddle to
825
* Seattle. If not authentic, leave a light on and
828
if (restrict_mask & RES_DONTTRUST) {
830
if (peer->flags & FLAG_CONFIG)
831
peer_clear(peer, "RSTR");
834
return; /* no trust */
899
* A passive packet matches a passive association. This is
900
* usually the result of reconfiguring a client on the fly. As
901
* this association might be legitamate and this packet an
902
* attempt to deny service, just ignore it.
908
* For everything else there is the bit bucket.
841
* Invalid mode combination. This happens when a passive
842
* mode packet arrives and matches another passive
843
* association or no association at all, or when a
844
* server mode packet arrives and matches a broadcast
845
* client association. This is usually the result of
846
* reconfiguring a client on-fly. If authenticated
847
* passive mode packet, send a crypto-NAK; otherwise,
850
if (has_mac && hismode == MODE_PASSIVE)
913
peer->flash &= ~PKT_TEST_MASK;
916
* Next comes a rigorous schedule of timestamp checking. If the
917
* transmit timestamp is zero, the server is horribly broken.
919
if (L_ISZERO(&p_xmt)) {
920
return; /* read rfc1305 */
923
* If the transmit timestamp duplicates a previous one, the
924
* packet is a replay. This prevents the bad guys from replaying
925
* the most recent packet, authenticated or not.
927
} else if (L_ISEQU(&peer->org, &p_xmt)) {
928
peer->flash |= TEST1;
930
return; /* duplicate packet */
934
* If this is a broadcast mode packet, skip further checking.
936
} else if (hismode != MODE_BROADCAST) {
937
if (L_ISZERO(&p_org))
938
peer->flash |= TEST3; /* protocol unsynch */
939
else if (!L_ISEQU(&p_org, &peer->xmt))
940
peer->flash |= TEST2; /* bogus packet */
944
* Update the origin and destination timestamps. If
945
* unsynchronized or bogus abandon ship. If the crypto machine
946
* breaks, light the crypto bit and plaint the log.
949
peer->rec = rbufp->recv_time;
950
if (peer->flash & PKT_TEST_MASK) {
952
if (crypto_flags && (peer->flags & FLAG_SKEY)) {
953
rval = crypto_recv(peer, rbufp);
954
if (rval != XEVNT_OK) {
955
peer_clear(peer, "CRYP");
956
peer->flash |= TEST9; /* crypto error */
960
return; /* unsynch */
964
* The timestamps are valid and the receive packet matches the
965
* last one sent. If the packet is a crypto-NAK, the server
966
* might have just changed keys. We reset the association
967
* and restart the protocol.
969
if (is_authentic == AUTH_CRYPTO) {
970
peer_clear(peer, "AUTH");
971
return; /* crypto-NAK */
974
* If the association is authenticated, the key ID is nonzero
975
* and received packets must be authenticated. This is designed
976
* to avoid a bait-and-switch attack, which was possible in past
977
* versions. If symmetric modes, return a crypto-NAK. The peer
978
* should restart the protocol.
980
} else if (!AUTH(peer->keyid || (restrict_mask & RES_DONTTRUST),
982
peer->flash |= TEST5;
983
if (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE)
851
984
fast_xmit(rbufp, MODE_ACTIVE, 0, restrict_mask);
854
printf("receive: bad protocol %d\n", retcode);
985
return; /* bad auth */
860
* We do a little homework. Note we can get here with an
861
* authentication error. We need to do this in order to validate
862
* a crypto-NAK later. Note the order of processing; it is very
863
* important to avoid livelocks, deadlocks and lockpicks.
989
* That was hard and I am sweaty, but the packet is squeaky
990
* clean. Get on with real work.
865
992
peer->received++;
866
993
peer->timereceived = current_time;
868
peer->flags &= ~FLAG_AUTHENTIC;
871
peer->flags |= FLAG_AUTHENTIC;
872
else if (sys_authenticate)
873
peer->flash |= TEST5; /* bad auth */
875
NTOHL_FP(&pkt->org, &p_org);
876
NTOHL_FP(&pkt->xmt, &p_xmt);
879
* If the packet is an old duplicate, drop it.
881
if (L_ISEQU(&peer->org, &p_xmt)) { /* test 1 */
882
peer->flash |= TEST1; /* dupe */
886
* For broadcast server mode, loopback checking is disabled. An
887
* authentication error probably means the server restarted or
888
* rolled a new private value. If so, dump the association
889
* and wait for the next message.
891
} else if (hismode == MODE_BROADCAST) {
892
if (peer->flash & TEST5) {
899
* For server and symmetric modes, if the association transmit
900
* timestamp matches the packet originate timestamp, loopback is
901
* confirmed. Note in symmetric modes this also happens when the
902
* first packet from the active peer arrives at the newly
903
* mobilized passive peer. An authentication error probably
904
* means the server or peer restarted or rolled a new private
905
* value, but could be an intruder trying to stir up trouble.
906
* However, if this is a crypto-NAK, we know it is authentic. If
907
* the server is reachable, restart the protocol; if not, ignore
908
* it and wait for timeout.
910
} else if (L_ISEQU(&peer->xmt, &p_org)) {
911
if (peer->flash & TEST5) {
912
if (has_mac == 4 && pkt->exten[0] == 0 &&
914
if (peer->flags & FLAG_CONFIG) {
915
peer_clear(peer, "AUTH");
925
* If the client or passive peer has never transmitted anything,
926
* this is either the first message from a symmetric peer or
927
* possibly a duplicate received before the transmit timeout.
930
} else if (L_ISZERO(&peer->xmt)) {
934
* Now it gets interesting. We have transmitted at least one
935
* packet. If the packet originate timestamp is nonzero, it
936
* does not match the association transmit timestamp, which is a
937
* loopback error. This error might mean a manycast server has
938
* answered a manycast honk from us and we already have an
939
* association for him, in which case quietly drop the packet
940
* here. It might mean an old duplicate, dropped packet or
941
* intruder replay, in which case we drop it later after
942
* extension field processing, but never let it touch the time
945
} else if (!L_ISZERO(&p_org)) {
946
if (peer->cast_flags & MDF_ACLNT)
947
return; /* not a client */
949
peer->flash |= TEST2;
953
* The packet originate timestamp is zero, meaning the other guy
954
* either didn't receive the first packet or died and restarted.
955
* If the association originate timestamp is zero, this is the
956
* first packet received, so we pass it on.
958
} else if (L_ISZERO(&peer->org)) {
962
* The other guy has restarted and we are still on the wire. We
963
* should demobilize/clear and get out of Dodge. If this is
964
* symmetric mode, we should also send a crypto-NAK.
967
if (hismode == MODE_ACTIVE)
968
fast_xmit(rbufp, MODE_PASSIVE, 0,
970
else if (hismode == MODE_PASSIVE)
971
fast_xmit(rbufp, MODE_ACTIVE, 0, restrict_mask);
974
printf("receive: dropped %03x\n", peer->flash);
976
if (peer->flags & FLAG_CONFIG)
977
peer_clear(peer, "DROP");
982
if (peer->flash & ~TEST2) {
994
if (is_authentic == AUTH_OK)
995
peer->flags |= FLAG_AUTHENTIC;
997
peer->flags &= ~FLAG_AUTHENTIC;
988
1000
* More autokey dance. The rules of the cha-cha are as follows:
1132
1123
pstratum = PKT_TO_STRATUM(pkt->stratum);
1135
* Test for kiss-o'death packet (DENY or CRYP)
1126
* Test for kiss-o'death packet)
1137
1128
if (pleap == LEAP_NOTINSYNC && pstratum == STRATUM_UNSPEC) {
1138
1129
if (memcmp(&pkt->refid, "DENY", 4) == 0) {
1139
1130
peer_clear(peer, "DENY");
1140
peer->flash |= TEST4; /* access deny */
1141
} else if (memcmp(&pkt->refid, "CRYP", 4) == 0) {
1142
peer_clear(peer, "CRYP");
1143
peer->flash |= TEST4; /* crypto error */
1131
peer->flash |= TEST4; /* access denied */
1148
* Test for unsynchronized server.
1150
if (L_ISHIS(&peer->org, &p_xmt)) /* count old packets */
1152
if (pmode != MODE_BROADCAST && (L_ISZERO(&p_rec) ||
1153
L_ISZERO(&p_org))) /* test 3 */
1154
peer->flash |= TEST3; /* unsynch */
1155
if (L_ISZERO(&p_xmt)) /* test 3 */
1156
peer->flash |= TEST3; /* unsynch */
1159
* If any tests fail, the packet is discarded leaving only the
1160
* timestamps, which are enough to get the protocol started. The
1161
* originate timestamp is copied from the packet transmit
1162
* timestamp and the receive timestamp is copied from the
1163
* packet receive timestamp. If okay so far, we save the leap,
1164
* stratum and refid for billboards.
1167
peer->rec = *recv_ts;
1171
printf("packet: bad data %03x from %s\n",
1172
peer->flash, stoa(&peer->srcadr));
1136
* Capture the header values.
1138
record_raw_stats(&peer->srcadr, peer->dstadr ? &peer->dstadr->sin : NULL, &p_org,
1139
&p_rec, &p_xmt, &peer->rec);
1176
1140
peer->leap = pleap;
1177
peer->stratum = pstratum;
1178
peer->refid = pkt->refid;
1181
* Test for valid peer data (tests 6-8)
1184
L_SUB(&ci, &p_reftime);
1186
if (pleap == LEAP_NOTINSYNC || /* test 6 */
1187
pstratum >= STRATUM_UNSPEC || dtemp < 0)
1188
peer->flash |= TEST6; /* bad synch */
1189
if (!(peer->flags & FLAG_CONFIG) && sys_peer != NULL) { /* test 7 */
1190
if (pstratum > sys_stratum && pmode != MODE_ACTIVE)
1191
peer->flash |= TEST7; /* bad stratum */
1193
if (p_del < 0 || p_disp < 0 || p_del / /* test 8 */
1194
2 + p_disp >= MAXDISPERSE)
1195
peer->flash |= TEST8; /* bad peer values */
1198
* If any tests fail at this point, the packet is discarded.
1203
printf("packet: bad header %03x\n",
1210
* The header is valid. Capture the remaining header values and
1211
* mark as reachable.
1213
record_raw_stats(&peer->srcadr, &peer->dstadr->sin, &p_org,
1214
&p_rec, &p_xmt, &peer->rec);
1141
peer->stratum = min(pstratum, STRATUM_UNSPEC);
1215
1142
peer->pmode = pmode;
1216
1143
peer->ppoll = pkt->ppoll;
1217
1144
peer->precision = pkt->precision;
1218
1145
peer->rootdelay = p_del;
1219
1146
peer->rootdispersion = p_disp;
1147
peer->refid = pkt->refid; /* network byte order */
1220
1148
peer->reftime = p_reftime;
1151
* Verify the server is synchronized; that is, the leap bits and
1152
* stratum are valid, the root delay and root dispersion are
1153
* valid and the reference timestamp is not later than the
1154
* transmit timestamp.
1156
if (pleap == LEAP_NOTINSYNC || /* test 6 */
1157
pstratum < sys_floor || pstratum >= sys_ceiling)
1158
peer->flash |= TEST6; /* peer not synch */
1159
if (p_del < 0 || p_disp < 0 || p_del / /* test 7 */
1160
2 + p_disp >= MAXDISPERSE || !L_ISHIS(&p_xmt, &p_reftime))
1161
peer->flash |= TEST7; /* bad header */
1164
* If any tests fail at this point, the packet is discarded.
1165
* Note that some flashers may have already been set in the
1166
* receive() routine.
1168
if (peer->flash & PKT_TEST_MASK) {
1171
printf("packet: flash header %04x\n",
1221
1176
if (!(peer->reach)) {
1222
1177
report_event(EVNT_REACH, peer);
1223
1178
peer->timereachable = current_time;
1180
poll_update(peer, peer->hpoll);
1225
1181
peer->reach |= 1;
1226
poll_update(peer, peer->hpoll);
1229
1184
* For a client/server association, calculate the clock offset,
1342
1283
switch (local_clock(sys_peer, sys_offset)) {
1345
* Clock is too screwed up. Just exit for now.
1286
* Clock exceeds panic threshold. Life as we know it ends.
1348
1289
report_event(EVNT_SYSFAULT, NULL);
1353
1294
* Clock was stepped. Flush all time values of all peers.
1298
sys_leap = LEAP_NOTINSYNC;
1358
1299
sys_stratum = STRATUM_UNSPEC;
1359
memcpy(&sys_refid, "STEP", 4);
1360
sys_poll = NTP_MINPOLL;
1302
sys_rootdispersion = 0;
1303
memcpy(&sys_refid, "STEP", 4);
1361
1304
report_event(EVNT_CLOCKRESET, NULL);
1363
if (oleap != LEAP_NOTINSYNC)
1365
#endif /* OPENSSL */
1369
* Update the system stratum, leap bits, root delay, root
1370
* dispersion, reference ID and reference time. We also update
1371
* select dispersion and max frequency error. If the leap
1372
* changes, we gotta reroll the keys.
1308
* Clock was slewed. Update the system stratum, leap bits, root
1309
* delay, root dispersion, reference ID and reference time. If
1310
* the leap changes, we gotta reroll the keys. Except for
1311
* reference clocks, the minimum dispersion increment is not
1312
* less than sys_mindisp.
1375
sys_stratum = (u_char) (sys_peer->stratum + 1);
1376
if (sys_stratum == 1 || sys_stratum == STRATUM_UNSPEC)
1377
sys_refid = sys_peer->refid;
1379
sys_refid = sys_peer_refid;
1315
sys_leap = leap_next;
1316
sys_stratum = min(sys_peer->stratum + 1,
1380
1318
sys_reftime = sys_peer->rec;
1381
sys_rootdelay = sys_peer->rootdelay + sys_peer->delay;
1382
sys_leap = leap_consensus;
1321
* In orphan mode the stratum defaults to the orphan
1322
* stratum. The root delay is set to a random value
1323
* generated at startup. The root dispersion is set from
1324
* the peer dispersion; the peer root dispersion is
1327
dtemp = sys_peer->disp + clock_phi * (current_time -
1328
sys_peer->update) + sys_jitter +
1329
fabs(sys_peer->offset);
1331
if (!(sys_peer->flags & FLAG_REFCLOCK) && dtemp <
1333
dtemp = sys_mindisp;
1335
if (dtemp < sys_mindisp)
1336
dtemp = sys_mindisp;
1337
#endif /* REFCLOCK */
1338
if (sys_stratum >= sys_orphan) {
1339
sys_stratum = sys_orphan;
1340
sys_rootdelay = sys_peer->delay;
1341
sys_rootdispersion = dtemp;
1343
sys_rootdelay = sys_peer->delay +
1344
sys_peer->rootdelay;
1345
sys_rootdispersion = dtemp +
1346
sys_peer->rootdispersion;
1383
1348
if (oleap == LEAP_NOTINSYNC) {
1384
1349
report_event(EVNT_SYNCCHG, NULL);
1387
1353
#endif /* OPENSSL */
1357
* Popcorn spike or step threshold exceeded. Pretend it never
1390
1363
if (ostratum != sys_stratum)
1391
1364
report_event(EVNT_PEERSTCHG, NULL);
2177
2164
* What remains is a list usually not greater than sys_minclock
2178
2165
* peers. We want only a peer at the lowest stratum to become
2179
2166
* the system peer, although all survivors are eligible for the
2180
* combining algorithm. First record their order, diddle the
2181
* flags and clamp the poll intervals. Then, consider each peer
2182
* in turn and OR the leap bits on the assumption that, if some
2183
* of them honk nonzero bits, they must know what they are
2184
* doing. Check for prefer and pps peers at any stratum. Check
2185
* if the old system peer is among the peers at the lowest
2186
* stratum. Note that the head of the list is at the lowest
2187
* stratum and that unsynchronized peers cannot survive this
2190
* Fiddle for hysteresis. Pump it up for a peer only if the peer
2191
* stratum is at least the floor and there are enough survivors.
2192
* This minimizes the pain when tossing out rascals beneath the
2193
* floorboard. Don't count peers with stratum above the ceiling.
2194
* Manycast is sooo complicated.
2167
* combining algorithm. Consider each peer in turn and OR the
2168
* leap bits on the assumption that, if some of them honk
2169
* nonzero bits, they must know what they are doing. Check for
2170
* prefer and pps peers at any stratum. Note that the head of
2171
* the list is at the lowest stratum and that unsynchronized
2172
* peers cannot survive this far.
2197
for (i = nlist - 1; i >= 0; i--) {
2175
for (i = 0; i < nlist; i++) {
2198
2176
peer = peer_list[i];
2199
leap_consensus |= peer->leap;
2178
leap_next |= peer->leap;
2200
2179
peer->status = CTL_PST_SEL_SYNCCAND;
2202
peer->flags |= FLAG_SYSPEER;
2203
if (peer->stratum >= sys_floor && osurv >= sys_minclock)
2207
if (peer->stratum <= sys_ceiling)
2209
2180
if (peer->flags & FLAG_PREFER)
2210
2181
sys_prefer = peer;
2211
if (peer->refclktype == REFCLK_ATOM_PPS &&
2212
peer->stratum < STRATUM_UNSPEC)
2214
if (peer->stratum == peer_list[0]->stratum && peer ==
2182
if (peer == osys_peer)
2216
2183
typesystem = peer;
2185
if (peer->refclktype == REFCLK_ATOM_PPS)
2187
#endif /* REFCLOCK */
2190
printf("cluster: survivor %s metric %.6f\n",
2191
ntoa(&peer_list[i]->srcadr), synch[i]);
2220
* In manycast client mode we may have spooked a sizeable number
2221
* of peers that we don't need. If there are at least
2222
* sys_minclock of them, the manycast message will be turned
2223
* off. By the time we get here we nay be ready to prune some of
2224
* them back, but we want to make sure all the candicates have
2225
* had a chance. If they didn't pass the sanity and intersection
2226
* tests, they have already been voted off the island.
2196
* Anticlockhop provision. Keep the current system peer if it is
2197
* a survivor but not first in the list. But do that only HOPPER
2228
if (sys_survivors < sys_minclock && osurv >= sys_minclock)
2200
if (osys_peer == NULL || typesystem == NULL || typesystem ==
2201
peer_list[0] || sys_hopper > sys_maxhop) {
2202
typesystem = peer_list[0];
2232
2209
* Mitigation rules of the game. There are several types of
2233
* peers that make a difference here: (1) prefer local peers
2234
* (type REFCLK_LOCALCLOCK with FLAG_PREFER) or prefer modem
2235
* peers (type REFCLK_NIST_ATOM etc with FLAG_PREFER), (2) pps
2236
* peers (type REFCLK_ATOM_PPS), (3) remaining prefer peers
2237
* (flag FLAG_PREFER), (4) the existing system peer, if any, (5)
2238
* the head of the survivor list. Note that only one peer can be
2239
* declared prefer. The order of preference is in the order
2240
* stated. Note that all of these must be at the lowest stratum,
2241
* i.e., the stratum of the head of the survivor list.
2210
* peers that can be selected here: (1) orphan, (2) prefer peer
2211
* (flag FLAG_PREFER) (3) pps peers (type REFCLK_ATOM_PPS), (4)
2212
* the existing system peer, if any, and (5) the head of the
2244
sw = sys_prefer->refclktype == REFCLK_LOCALCLOCK ||
2245
sys_prefer->sstclktype == CTL_SST_TS_TELEPHONE ||
2250
sys_peer = sys_prefer;
2215
if (typesystem->stratum >= sys_orphan) {
2218
* If in orphan mode, choose the system peer. If the
2219
* lowest distance, we are the orphan parent and the
2222
sys_peer = typesystem;
2251
2223
sys_peer->status = CTL_PST_SEL_SYSPEER;
2252
sys_offset = sys_peer->offset;
2253
sys_error = SQRT(sys_peer->jitter);
2256
printf("select: prefer offset %.6f\n",
2263
sys_peer->status = CTL_PST_SEL_PPS;
2264
sys_offset = sys_peer->offset;
2265
sys_error = SQRT(sys_peer->jitter);
2268
msyslog(LOG_INFO, "pps sync enabled");
2269
pps_control = current_time;
2272
printf("select: pps offset %.6f\n",
2224
if (sys_orphandelay < sys_peer->rootdelay) {
2226
sys_refid = htonl(LOOPBACKADR);
2228
sys_offset = sys_peer->offset;
2229
sys_refid = addr2refid(&sys_peer->srcadr);
2231
sys_jitter = LOGTOD(sys_precision);
2234
printf("select: orphan offset %.6f\n",
2237
} else if (sys_prefer) {
2240
* If a pps peer is present, choose it; otherwise,
2241
* choose the prefer peer.
2245
sys_peer->status = CTL_PST_SEL_PPS;
2246
sys_offset = sys_peer->offset;
2250
"pps sync enabled");
2251
pps_control = current_time;
2254
printf("select: pps offset %.6f\n",
2258
sys_peer = sys_prefer;
2259
sys_peer->status = CTL_PST_SEL_SYSPEER;
2260
sys_offset = sys_peer->offset;
2263
printf("select: prefer offset %.6f\n",
2267
if (sys_peer->stratum == STRATUM_REFCLOCK ||
2268
sys_peer->stratum == STRATUM_UNSPEC)
2269
sys_refid = sys_peer->refid;
2271
sys_refid = addr2refid(&sys_peer->srcadr);
2272
sys_jitter = sys_peer->jitter;
2277
sys_peer = osys_peer;
2276
* Otherwise, choose the anticlockhopper.
2278
sys_peer = typesystem;
2279
sys_peer->status = CTL_PST_SEL_SYSPEER;
2280
clock_combine(peer_list, nlist);
2281
if (sys_peer->stratum == STRATUM_REFCLOCK ||
2282
sys_peer->stratum == STRATUM_UNSPEC)
2283
sys_refid = sys_peer->refid;
2279
sys_peer = peer_list[0];
2280
sys_peer->status = CTL_PST_SEL_SYSPEER;
2282
sys_offset = clock_combine(peer_list, nlist);
2283
sys_error = SQRT(sys_peer->jitter + sys_selerr);
2285
sys_refid = addr2refid(&sys_peer->srcadr);
2286
sys_jitter = SQRT(SQUARE(sys_peer->jitter) +
2287
SQUARE(sys_jitter));
2286
2290
printf("select: combine offset %.6f\n",
2290
#endif /* LOCKCLOCK */
2296
* We have found the alpha male.
2298
sys_peer->flags |= FLAG_SYSPEER;
2291
2299
if (osys_peer != sys_peer) {
2294
if (sys_peer == NULL)
2297
sys_peer_refid = addr2refid(&sys_peer->srcadr);
2298
2302
report_event(EVNT_PEERSTCHG, NULL);
2300
2304
#ifdef REFCLOCK
2301
if (ISREFCLOCKADR(&sys_peer->srcadr))
2305
if (sys_peer->flags & FLAG_REFCLOCK)
2302
2306
src = refnumtoa(&sys_peer->srcadr);
2308
#endif /* REFCLOCK */
2305
2309
src = ntoa(&sys_peer->srcadr);
2306
2310
NLOG(NLOG_SYNCSTATUS)
2307
2311
msyslog(LOG_INFO, "synchronized to %s, stratum %d",
2569
2635
* requests them and the protocol blinds it using the
2570
2636
* agreed key. It is a protocol error if the client has
2571
2637
* the parameters but the server does not.
2639
* If the crypto bit is lit, don't send requests.
2573
2641
case MODE_CLIENT:
2642
if (peer->flash & TEST9)
2645
* Parameter and certificate.
2574
2647
if (!peer->crypto)
2575
2648
exten = crypto_args(peer, CRYPTO_ASSOC,
2577
2650
else if (!(peer->crypto & CRYPTO_FLAG_VALID))
2578
2651
exten = crypto_args(peer, CRYPTO_CERT,
2584
2657
else if (!(peer->crypto & CRYPTO_FLAG_VRFY))
2585
2658
exten = crypto_args(peer,
2586
crypto_ident(peer), NULL);
2659
crypto_ident(peer), NULL);
2591
2664
else if (!(peer->crypto & CRYPTO_FLAG_AGREE))
2592
2665
exten = crypto_args(peer, CRYPTO_COOK,
2594
2667
else if (!(peer->crypto & CRYPTO_FLAG_AUTO) &&
2595
(peer->cast_flags & MDF_BCLNT))
2668
(peer->cast_flags & MDF_BCLNT))
2596
2669
exten = crypto_args(peer, CRYPTO_AUTO,
2600
2673
* Postamble. We can sign the certificate here,
2601
2674
* since there is no chance of deadlock.
2603
2676
else if (sys_leap != LEAP_NOTINSYNC &&
2604
!(peer->crypto & CRYPTO_FLAG_SIGN))
2677
!(peer->crypto & CRYPTO_FLAG_SIGN))
2605
2678
exten = crypto_args(peer, CRYPTO_SIGN,
2607
2680
else if (sys_leap != LEAP_NOTINSYNC &&
2608
peer->crypto & CRYPTO_FLAG_TAI &&
2609
!(peer->crypto & CRYPTO_FLAG_LEAP))
2681
peer->crypto & CRYPTO_FLAG_TAI &&
2682
!(peer->crypto & CRYPTO_FLAG_LEAP))
2610
2683
exten = crypto_args(peer, CRYPTO_TAI,
2616
* Build the extension fields if available. If an error
2617
* occured, the crypto machinery broke or was
2618
* misconfigured, so plaint the log and douse the
2689
* Build the extension fields as directed. A response to
2690
* a request is always sent, even if an error. If an
2691
* error occurs when sending a request, the crypto
2692
* machinery broke or was misconfigured. In that case
2693
* light the crypto bit to suppress further requests.
2621
2695
if (peer->cmmd != NULL) {
2622
2696
peer->cmmd->associd = htonl(peer->associd);
2623
2697
sendlen += crypto_xmit(&xpkt, &peer->srcadr,
2624
sendlen, peer->cmmd, 0);
2698
sendlen, peer->cmmd, 0);
2625
2699
free(peer->cmmd);
2626
2700
peer->cmmd = NULL;
2628
2702
if (exten != NULL) {
2629
2705
if (exten->opcode != 0) {
2630
sendlen += crypto_xmit(&xpkt,
2631
&peer->srcadr, sendlen, exten, 0);
2633
peer_clear(peer, "CRYP");
2634
peer->flash |= TEST4; /* crypto error */
2636
"transmit: crypto error for %s",
2637
stoa(&peer->srcadr));
2706
ltemp = crypto_xmit(&xpkt,
2707
&peer->srcadr, sendlen, exten, 0);
2709
peer->flash |= TEST9; /* crypto error */
2643
2719
* If extension fields are present, we must use a
2644
* private cookie value of zero. Most intricate.
2720
* private cookie value of zero. Don't send if the
2721
* crypto bit is set and no extension field is present,
2722
* but in that case give back the key. Most intricate.
2646
if (sendlen > LEN_PKT_NOMAC)
2724
if (sendlen > LEN_PKT_NOMAC) {
2647
2725
session_key(&peer->dstadr->sin, &peer->srcadr,
2727
} else if (peer->flash & TEST9) {
2728
authtrust(xkeyid, 0);
2650
2732
#endif /* OPENSSL */
2653
* If something broke go directly to jail without sending the
2735
* Stash the transmit timestamp corrected for the encryption
2736
* delay. If autokey, give back the key, as we use keys only
2737
* once. Check for errors such as missing keys, buffer overflow,
2656
if (peer->flash & TEST4)
2659
2740
xkeyid = peer->keyid;
2660
2741
get_systime(&peer->xmt);
2661
2742
L_ADD(&peer->xmt, &sys_authdelay);
2662
2743
HTONL_FP(&peer->xmt, &xpkt.xmt);
2663
2744
authlen = authencrypt(xkeyid, (u_int32 *)&xpkt, sendlen);
2664
2745
if (authlen == 0) {
2665
peer_clear(peer, "NKEY");
2666
peer->flash |= TEST4; /* no key found */
2667
msyslog(LOG_INFO, "transmit: key %u not found for %s",
2668
xkeyid, stoa(&peer->srcadr));
2746
msyslog(LOG_INFO, "transmit: %s key %u not found",
2747
stoa(&peer->srcadr), xkeyid);
2748
peer->flash |= TEST9; /* no key found */
2671
2751
sendlen += authlen;
2742
2822
* buffer provided. We leave some fields intact as received. If
2743
2823
* the gazinta was from a multicast address, the gazoutta must
2744
2824
* go out another way.
2826
* The root delay field is special. If the system stratum is
2827
* less than the orphan stratum, send the real root delay.
2828
* Otherwise, if there is no system peer, send the orphan delay.
2829
* Otherwise, we must be an orphan parent, so send zero.
2746
2831
rpkt = &rbufp->recv_pkt;
2747
if (rbufp->dstadr->flags & INT_MULTICAST)
2832
if (rbufp->dstadr->flags & INT_MCASTOPEN)
2748
2833
rbufp->dstadr = findinterface(&rbufp->recv_srcadr);
2751
* If the packet has picked up a restriction due to either
2752
* access denied or rate exceeded, decide what to do with it.
2754
if (mask & (RES_DONTTRUST | RES_LIMITED)) {
2755
char *code = "????";
2757
if (mask & RES_LIMITED) {
2758
sys_limitrejected++;
2760
} else if (mask & RES_DONTTRUST) {
2766
* Here we light up a kiss-of-death (KoD) packet. KoD
2767
* packets have leap bits unsynchronized, stratum zero
2768
* and reference ID the four-character error code. Note
2769
* the rate limit on these packets. Once a second
2770
* initialize a bucket counter. Every packet sent
2771
* decrements the counter until reaching zero. If the
2772
* counter is zero, drop the kod.
2836
* This is deliciously complicated. There are four cases.
2838
* case leap stratum refid delay dispersion
2840
* KoD 11 16 KISS system system
2841
* normal system system system system system
2842
* orphan child 00 orphan system orphan system
2843
* orphan parent 00 orphan loopbk 0 0
2846
* This is a kiss-of-death (KoD) packet. Show leap
2847
* unsynchronized, stratum zero, reference ID the four-character
2848
* kiss code and system root delay. Note the rate limit on these
2849
* packets. Once a second initialize a bucket counter. Every
2850
* packet sent decrements the counter until reaching zero. If
2851
* the counter is zero, drop the kiss.
2853
if (mask & RES_LIMITED) {
2854
sys_limitrejected++;
2774
2855
if (sys_kod == 0 || !(mask & RES_DEMOBILIZE))
2778
memcpy(&xpkt.refid, code, 4);
2779
2859
xpkt.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOTINSYNC,
2780
2860
PKT_VERSION(rpkt->li_vn_mode), xmode);
2781
2861
xpkt.stratum = STRATUM_UNSPEC;
2862
memcpy(&xpkt.refid, "RATE", 4);
2863
xpkt.rootdelay = HTONS_FP(DTOFP(sys_rootdelay));
2864
xpkt.rootdispersion =
2865
HTONS_FP(DTOUFP(sys_rootdispersion));
2868
* This is a normal packet. Use the system variables.
2870
} else if (sys_stratum < sys_orphan) {
2783
2871
xpkt.li_vn_mode = PKT_LI_VN_MODE(sys_leap,
2784
2872
PKT_VERSION(rpkt->li_vn_mode), xmode);
2785
2873
xpkt.stratum = STRATUM_TO_PKT(sys_stratum);
2786
2874
xpkt.refid = sys_refid;
2875
xpkt.rootdelay = HTONS_FP(DTOFP(sys_rootdelay));
2876
xpkt.rootdispersion =
2877
HTONS_FP(DTOUFP(sys_rootdispersion));
2880
* This is a orphan child packet. The host is synchronized to an
2881
* orphan parent. Show leap synchronized, orphan stratum, system
2882
* reference ID and orphan root delay.
2884
} else if (sys_peer != NULL) {
2885
xpkt.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOWARNING,
2886
PKT_VERSION(rpkt->li_vn_mode), xmode);
2887
xpkt.stratum = STRATUM_TO_PKT(sys_orphan);
2888
xpkt.refid = sys_refid;
2889
xpkt.rootdelay = HTONS_FP(DTOFP(sys_orphandelay));
2890
xpkt.rootdispersion =
2891
HTONS_FP(DTOUFP(sys_rootdispersion));
2894
* This is an orphan parent. Show leap synchronized, orphan
2895
* stratum, loopack reference ID and zero root delay.
2898
xpkt.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOWARNING,
2899
PKT_VERSION(rpkt->li_vn_mode), xmode);
2900
xpkt.stratum = STRATUM_TO_PKT(sys_orphan);
2901
xpkt.refid = htonl(LOOPBACKADR);
2902
xpkt.rootdelay = HTONS_FP(DTOFP(0));
2903
xpkt.rootdispersion = HTONS_FP(DTOFP(0));
2788
2905
xpkt.ppoll = rpkt->ppoll;
2789
2906
xpkt.precision = sys_precision;
2790
xpkt.rootdelay = HTONS_FP(DTOFP(sys_rootdelay));
2791
xpkt.rootdispersion =
2792
HTONS_FP(DTOUFP(sys_rootdispersion));
2907
xpkt.rootdispersion = HTONS_FP(DTOUFP(sys_rootdispersion));
2793
2908
HTONL_FP(&sys_reftime, &xpkt.reftime);
2794
2909
xpkt.org = rpkt->xmt;
2795
2910
HTONL_FP(&rbufp->recv_time, &xpkt.rec);