370
371
return; /* bogus port */
373
restrict_mask = restrictions(&rbufp->recv_srcadr);
373
at_listhead = ntp_monitor(rbufp);
374
restrict_mask = restrictions(&rbufp->recv_srcadr, at_listhead);
376
377
printf("receive: at %ld %s<-%s flags %x restrict %03x\n",
1135
1136
* Capture the header values.
1137
record_raw_stats(&peer->srcadr, &peer->dstadr->sin, &p_org,
1138
record_raw_stats(&peer->srcadr, peer->dstadr ? &peer->dstadr->sin : NULL, &p_org,
1138
1139
&p_rec, &p_xmt, &peer->rec);
1139
1140
peer->leap = pleap;
1140
1141
peer->stratum = min(pstratum, STRATUM_UNSPEC);
1475
* peer_clear - clear peer filter registers. See Section 3.4.8 of the spec.
1475
* peer_crypto_clear - discard crypto information
1479
struct peer *peer, /* peer structure */
1480
char *ident /* tally lights */
1486
1483
* If cryptographic credentials have been acquired, toss them to
1487
1484
* Valhalla. Note that autokeys are ephemeral, in that they are
1491
1488
* purged, too. This makes it much harder to sneak in some
1492
1489
* unauthenticated data in the clock filter.
1491
DPRINTF(1, ("peer_crypto_clear: at %ld next %ld assoc ID %d\n",
1492
current_time, peer->nextdate, peer->associd));
1496
1498
if (peer->pkey != NULL)
1497
1499
EVP_PKEY_free(peer->pkey);
1498
if (peer->ident_pkey != NULL)
1499
EVP_PKEY_free(peer->ident_pkey);
1502
peer->digest = NULL; /* XXX MEMLEAK? check whether this needs to be freed in any way - never was freed */
1500
1504
if (peer->subject != NULL)
1501
1505
free(peer->subject);
1506
peer->subject = NULL;
1502
1508
if (peer->issuer != NULL)
1503
1509
free(peer->issuer);
1510
peer->issuer = NULL;
1516
if (peer->ident_pkey != NULL)
1517
EVP_PKEY_free(peer->ident_pkey);
1518
peer->ident_pkey = NULL;
1520
memset(&peer->fstamp, 0, sizeof(peer->fstamp));
1504
1522
if (peer->iffval != NULL)
1505
1523
BN_free(peer->iffval);
1524
peer->iffval = NULL;
1506
1526
if (peer->grpkey != NULL)
1507
1527
BN_free(peer->grpkey);
1528
peer->grpkey = NULL;
1530
value_free(&peer->cookval);
1531
value_free(&peer->recval);
1508
1533
if (peer->cmmd != NULL) {
1509
1534
free(peer->cmmd);
1510
1535
peer->cmmd = NULL;
1512
value_free(&peer->cookval);
1513
value_free(&peer->recval);
1514
1540
value_free(&peer->encrypt);
1515
value_free(&peer->sndval);
1516
1541
#endif /* OPENSSL */
1545
* peer_clear - clear peer filter registers. See Section 3.4.8 of the spec.
1549
struct peer *peer, /* peer structure */
1550
char *ident /* tally lights */
1555
peer_crypto_clear(peer);
1517
1557
if (peer == sys_peer)
1518
1558
sys_peer = NULL;
1557
1597
peer->nextdate += (ntp_random() & ((1 << NTP_MINDPOLL) -
1561
printf("peer_clear: at %ld next %ld assoc ID %d refid %s\n",
1562
current_time, peer->nextdate, peer->associd, ident);
1600
DPRINTF(1, ("peer_clear: at %ld next %ld assoc ID %d refid %s\n",
1601
current_time, peer->nextdate, peer->associd, ident));
1627
* Sort the samples in both lists by distance. Note, we do not
1628
* displace a higher distance sample by a lower distance one
1629
* unless lower by at least the precision.
1665
* If the clock discipline has stabilized, sort the samples in
1666
* both lists by distance. Note, we do not displace a higher
1667
* distance sample by a lower distance one unless lower by at
1668
* least the precision.
1631
for (i = 1; i < NTP_SHIFT; i++) {
1632
for (j = 0; j < i; j++) {
1633
if (dst[j] > dst[i] + LOGTOD(sys_precision)) {
1671
for (i = 1; i < NTP_SHIFT; i++) {
1672
for (j = 0; j < i; j++) {
1673
if (dst[j] > dst[i] +
1674
LOGTOD(sys_precision)) {
1695
1737
* A new sample is useful only if it is younger than the last
1696
* one used, but only if the sucker has been synchronized.
1738
* one used. Note the order is FIFO if the clock discipline has
1698
if (peer->filter_epoch[k] <= peer->epoch && sys_leap !=
1741
if (peer->filter_epoch[k] <= peer->epoch) {
1702
1744
printf("clock_filter: discard %lu\n",
2406
2451
get_systime(&peer->xmt);
2407
2452
HTONL_FP(&peer->xmt, &xpkt.xmt);
2408
2453
sendpkt(&peer->srcadr, peer->dstadr, sys_ttl[peer->ttl],
2413
2458
printf("transmit: at %ld %s->%s mode %d\n",
2414
current_time, stoa(&peer->dstadr->sin),
2415
stoa(&peer->srcadr), peer->hmode);
2459
current_time, peer->dstadr ? stoa(&peer->dstadr->sin) : "-",
2460
stoa(&peer->srcadr), peer->hmode);
2485
2530
switch (peer->hmode) {
2488
* In broadcast server mode the autokey values are
2489
* required by the broadcast clients. Push them when a
2490
* new keylist is generated; otherwise, push the
2491
* association message so the client can request them at
2533
* In broadcast server mode the autokey values are
2534
* required by the broadcast clients. Push them when a
2535
* new keylist is generated; otherwise, push the
2536
* association message so the client can request them at
2494
2539
case MODE_BROADCAST:
2495
2540
if (peer->flags & FLAG_ASSOC)
2496
2541
exten = crypto_args(peer, CRYPTO_AUTO |
2499
2544
exten = crypto_args(peer, CRYPTO_ASSOC |
2521
2566
if (!peer->crypto)
2522
2567
exten = crypto_args(peer, CRYPTO_ASSOC,
2524
2569
else if (!(peer->crypto & CRYPTO_FLAG_VALID))
2525
2570
exten = crypto_args(peer, CRYPTO_CERT,
2529
2574
* Identity. Note we have to sign the
2534
2579
else if (!(peer->crypto & CRYPTO_FLAG_VRFY))
2535
2580
exten = crypto_args(peer,
2536
crypto_ident(peer), NULL);
2581
crypto_ident(peer), NULL);
2537
2582
else if (sys_leap != LEAP_NOTINSYNC &&
2538
!(peer->crypto & CRYPTO_FLAG_SIGN))
2583
!(peer->crypto & CRYPTO_FLAG_SIGN))
2539
2584
exten = crypto_args(peer, CRYPTO_SIGN,
2543
2588
* Autokey. We request the cookie only when the
2550
2595
* the autokey values without being asked.
2552
2597
else if (sys_leap != LEAP_NOTINSYNC &&
2553
peer->leap != LEAP_NOTINSYNC &&
2554
!(peer->crypto & CRYPTO_FLAG_AGREE))
2598
peer->leap != LEAP_NOTINSYNC &&
2599
!(peer->crypto & CRYPTO_FLAG_AGREE))
2555
2600
exten = crypto_args(peer, CRYPTO_COOK,
2557
2602
else if (peer->flags & FLAG_ASSOC)
2558
2603
exten = crypto_args(peer, CRYPTO_AUTO |
2560
2605
else if (!(peer->crypto & CRYPTO_FLAG_AUTO))
2561
2606
exten = crypto_args(peer, CRYPTO_AUTO,
2565
2610
* Postamble. We trade leapseconds only when the
2566
2611
* server and client are synchronized.
2568
2613
else if (sys_leap != LEAP_NOTINSYNC &&
2569
peer->leap != LEAP_NOTINSYNC &&
2570
peer->crypto & CRYPTO_FLAG_TAI &&
2571
!(peer->crypto & CRYPTO_FLAG_LEAP))
2614
peer->leap != LEAP_NOTINSYNC &&
2615
peer->crypto & CRYPTO_FLAG_TAI &&
2616
!(peer->crypto & CRYPTO_FLAG_LEAP))
2572
2617
exten = crypto_args(peer, CRYPTO_TAI,
2602
2647
if (!peer->crypto)
2603
2648
exten = crypto_args(peer, CRYPTO_ASSOC,
2605
2650
else if (!(peer->crypto & CRYPTO_FLAG_VALID))
2606
2651
exten = crypto_args(peer, CRYPTO_CERT,
2612
2657
else if (!(peer->crypto & CRYPTO_FLAG_VRFY))
2613
2658
exten = crypto_args(peer,
2614
crypto_ident(peer), NULL);
2659
crypto_ident(peer), NULL);
2619
2664
else if (!(peer->crypto & CRYPTO_FLAG_AGREE))
2620
2665
exten = crypto_args(peer, CRYPTO_COOK,
2622
2667
else if (!(peer->crypto & CRYPTO_FLAG_AUTO) &&
2623
(peer->cast_flags & MDF_BCLNT))
2668
(peer->cast_flags & MDF_BCLNT))
2624
2669
exten = crypto_args(peer, CRYPTO_AUTO,
2628
2673
* Postamble. We can sign the certificate here,
2629
2674
* since there is no chance of deadlock.
2631
2676
else if (sys_leap != LEAP_NOTINSYNC &&
2632
!(peer->crypto & CRYPTO_FLAG_SIGN))
2677
!(peer->crypto & CRYPTO_FLAG_SIGN))
2633
2678
exten = crypto_args(peer, CRYPTO_SIGN,
2635
2680
else if (sys_leap != LEAP_NOTINSYNC &&
2636
peer->crypto & CRYPTO_FLAG_TAI &&
2637
!(peer->crypto & CRYPTO_FLAG_LEAP))
2681
peer->crypto & CRYPTO_FLAG_TAI &&
2682
!(peer->crypto & CRYPTO_FLAG_LEAP))
2638
2683
exten = crypto_args(peer, CRYPTO_TAI,
2660
2705
if (exten->opcode != 0) {
2661
2706
ltemp = crypto_xmit(&xpkt,
2662
&peer->srcadr, sendlen, exten, 0);
2707
&peer->srcadr, sendlen, exten, 0);
2663
2708
if (ltemp == 0) {
2664
2709
peer->flash |= TEST9; /* crypto error */
2736
"transmit: at %ld %s->%s mode %d keyid %08x len %d mac %d index %d\n",
2737
current_time, ntoa(&peer->dstadr->sin),
2738
ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen -
2739
authlen, authlen, peer->keynumber);
2781
"transmit: at %ld %s->%s mode %d keyid %08x len %d mac %d index %d\n",
2782
current_time, peer->dstadr ? ntoa(&peer->dstadr->sin) : "-",
2783
ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen -
2784
authlen, authlen, peer->keynumber);
2745
"transmit: at %ld %s->%s mode %d keyid %08x len %d mac %d\n",
2746
current_time, ntoa(&peer->dstadr->sin),
2747
ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen -
2790
"transmit: at %ld %s->%s mode %d keyid %08x len %d mac %d\n",
2791
current_time, peer->dstadr ? ntoa(&peer->dstadr->sin) : "-",
2792
ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen -
2750
2795
#endif /* OPENSSL */
3031
3077
* the orphan parent.
3033
3079
if (peer->stratum > 1 && peer->refid != htonl(LOOPBACKADR) &&
3034
(peer->refid == peer->dstadr->addr_refid || peer->refid ==
3080
((!peer->dstadr || peer->refid == peer->dstadr->addr_refid) ||
3081
peer->refid == sys_refid))
3036
3082
rval |= TEST12; /* synch loop */