[Git][NTPsec/ntpsec][master] 8 commits: Another use for keyid_t

Hal Murray gitlab at mg.gitlab.com
Tue Mar 20 08:17:59 UTC 2018


Hal Murray pushed to branch master at NTPsec / ntpsec


Commits:
ec33243d by Hal Murray at 2018-03-20T05:22:28Z
Another use for keyid_t

- - - - -
f2a94428 by Hal Murray at 2018-03-20T05:22:28Z
Remove findmanycastpeer

We don't suport many/multi case any more.
It was also part of the pool support path,
but that went away when I cleaned up the DNS lookup.

- - - - -
6ae7d785 by Hal Murray at 2018-03-20T05:22:28Z
Remove ntohl_fp - no longer used

- - - - -
05bbeccc by Hal Murray at 2018-03-20T05:22:28Z
Remove calloc/free for parsed_pkt each received packet processed.

- - - - -
f8f4ecd8 by Hal Murray at 2018-03-20T05:22:28Z
More peer mode cleanup

- - - - -
f30f4b8b by Hal Murray at 2018-03-20T05:22:28Z
Remove more broadcast leftovers.

- - - - -
81228d7d by Hal Murray at 2018-03-20T05:22:28Z
Cleanup processing of received packets.

The old code had a complicated table to handle the
case where a peer slot wasn't setup yet.  That handled
responses to pool requests (from dns), peer requests,
and multicast.  All those complications are gone now.

- - - - -
df847175 by Hal Murray at 2018-03-20T07:53:44Z
Skip ntpmon on NetBSD - no curses

-bash-4.4$ ./test-all/main/ntpclients/ntpmon
ntpmon: can't find Python curses library.
No module named _curses
-bash-4.4$

- - - - -


8 changed files:

- include/ntp.h
- include/ntpd.h
- include/recvbuff.h
- ntpd/ntp_peer.c
- ntpd/ntp_proto.c
- ntpd/ntp_refclock.c
- ntpd/refclock_generic.c
- tests/option-tester.sh


Changes:

=====================================
include/ntp.h
=====================================
--- a/include/ntp.h
+++ b/include/ntp.h
@@ -334,12 +334,7 @@ struct peer {
 #define	LEAP_DELSECOND	0x2	/* last minute of day has 59 seconds */
 #define	LEAP_NOTINSYNC	0x3	/* overload, clock is free running */
 
-/*
- * Values for peer mode and packet mode. Only the modes through
- * MODE_BROADCAST and MODE_BCLIENT appear in the transition
- * function. MODE_CONTROL and MODE_PRIVATE can appear in packets,
- * but those never survive to the translation function.
- * See MATCH_ASSOC in ntp_peer.
+/* Packet Modes
  */
 #define	MODE_UNSPEC	0	/* unspecified (old version) */
 #define	MODE_ACTIVE	1	/* symmetric active mode */
@@ -414,10 +409,6 @@ struct parsed_pkt {
         uint64_t xmt;
         unsigned num_extensions;
         struct exten *extensions;
-        bool keyid_present;
-        uint32_t keyid;
-        size_t mac_len;
-        char mac[20];
 };
 
 struct exten {


=====================================
include/ntpd.h
=====================================
--- a/include/ntpd.h
+++ b/include/ntpd.h
@@ -127,7 +127,7 @@ extern  int	mon_get_oldest_age(l_fp);
 extern	void	init_peer	(void);
 extern	struct peer *findexistingpeer(sockaddr_u *, const char *,
 				      struct peer *, int);
-extern	struct peer *findpeer	(struct recvbuf *, int, int *);
+extern	struct peer *findpeer	(struct recvbuf *);
 extern	struct peer *findpeerbyassoc(associd_t);
 extern  void	set_peerdstadr	(struct peer *, endpt *);
 extern	struct peer *newpeer	(sockaddr_u *, const char *,
@@ -141,7 +141,6 @@ extern  void	peer_refresh_interface(struct peer *);
 extern	void	unpeer		(struct peer *);
 extern	void	clear_all	(void);
 extern	int	score_all	(struct peer *);
-extern	struct peer *findmanycastpeer(struct recvbuf *);
 extern	void	peer_cleanup	(void);
 
 /* ntp_proto.c */


=====================================
include/recvbuff.h
=====================================
--- a/include/recvbuff.h
+++ b/include/recvbuff.h
@@ -16,9 +16,8 @@
 /*
  * Format of a recvbuf.  Back when ntpd did true asynchronous
  * I/O, these were used by the asynchronous receive routine to store
- * incoming packets and related information. Now, with faster processors
- * and lower latency in the synchronous I/O loop, that complexity
- * has been dropped.
+ * incoming packets and related information. Now, with kernel
+ * time stamps on received packets, that complexity has been dropped.
  */
 
 /*
@@ -35,12 +34,7 @@ typedef struct recvbuf recvbuf_t;
 
 struct recvbuf {
 	recvbuf_t *	link;	/* next in list */
-	union {
-		sockaddr_u	X_recv_srcadr;
-		struct peer *	X_recv_peer;
-	} X_from_where;
-#define recv_srcadr		X_from_where.X_recv_srcadr
-#define recv_peer		X_from_where.X_recv_peer
+	sockaddr_u	recv_srcadr;
 	sockaddr_u	srcadr;		/* where packet came from */
 	endpt *		dstadr;		/* address pkt arrived on */
 	SOCKET		fd;		/* fd on which it was received */
@@ -54,9 +48,14 @@ struct recvbuf {
 	} recv_space;
 #define	recv_pkt		recv_space.X_recv_pkt
 #define	recv_buffer		recv_space.X_recv_buffer
+	struct parsed_pkt pkt;  /* host-order copy of data from wire */
 	int used;		/* reference count */
+	bool keyid_present;
+	keyid_t keyid;
+	int mac_len;
 #ifdef REFCLOCK
 	bool network_packet;
+	struct peer *	recv_peer;
 #endif /* REFCLOCK */
 };
 


=====================================
ntpd/ntp_peer.c
=====================================
--- a/ntpd/ntp_peer.c
+++ b/ntpd/ntp_peer.c
@@ -10,51 +10,6 @@
 #include "ntp_lists.h"
 #include "ntp_stdlib.h"
 
-/*
- *		    Table of valid association combinations
- *		    ---------------------------------------
- *
- *                             packet->mode
- * peer->mode      | UNSPEC  ACTIVE PASSIVE  CLIENT  SERVER  BCAST
- * ----------      | ---------------------------------------------
- * NO_PEER         |   e       1       0       1       1       1
- * ACTIVE          |   e       1       1       0       0       0
- * PASSIVE         |   e       1       e       0       0       0
- * CLIENT          |   e       0       0       0       1       0
- * SERVER          |   e       0       0       0       0       0
- * BCAST           |   e       0       0       0       0       0
- * BCLIENT         |   e       0       0       0       e       1
- *
- * One point to note here: a packet in BCAST mode can potentially match
- * a peer in CLIENT mode, but we that is a special case and we check for
- * that early in the decision process.  This avoids having to keep track
- * of what kind of associations are possible etc...  We actually
- * circumvent that problem by requiring that the first b(m)roadcast
- * received after the change back to BCLIENT mode sets the clock.
- */
-#define AM_MODES	7	/* number of rows and columns */
-#define NO_PEER		0	/* action when no peer is found */
-
-static int AM[AM_MODES][AM_MODES] = {
-/*			packet->mode					    */
-/* peer { UNSPEC,   ACTIVE,     PASSIVE,    CLIENT,     SERVER,     BCAST } */
-/* mode */
-/*NONE*/{ AM_ERR, AM_NEWPASS, AM_NOMATCH, AM_FXMIT,   AM_MANYCAST, AM_NEWBCL},
-
-/*A*/	{ AM_ERR, AM_PROCPKT, AM_PROCPKT, AM_NOMATCH, AM_NOMATCH,  AM_NOMATCH},
-
-/*P*/	{ AM_ERR, AM_PROCPKT, AM_ERR,     AM_NOMATCH, AM_NOMATCH,  AM_NOMATCH},
-
-/*C*/	{ AM_ERR, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH, AM_PROCPKT,  AM_NOMATCH},
-
-/*S*/	{ AM_ERR, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH,  AM_NOMATCH},
-
-/*BCST*/{ AM_ERR, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH,  AM_NOMATCH},
-
-/*BCL*/ { AM_ERR, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH,  AM_PROCPKT},
-};
-
-#define MATCH_ASSOC(x, y)	AM[(x)][(y)]
 
 /*
  * These routines manage the allocation of memory to peer structures
@@ -118,10 +73,6 @@ static void		getmorepeermem(void);
 static	void		peer_reset	(struct peer *);
 static int		score(struct peer *);
 
-static inline l_fp ntohl_fp(l_fp_w lfpw) {
-    return lfpinit_u(ntohl(lfpw.l_ui), ntohl(lfpw.l_uf));
-}
-
 
 /*
  * init_peer - initialize peer data structures and counters
@@ -267,16 +218,12 @@ findexistingpeer(
  */
 struct peer *
 findpeer(
-	struct recvbuf *rbufp,
-	int		pkt_mode,
-	int *		action
+	struct recvbuf *rbufp
 	)
 {
 	struct peer *	p;
 	sockaddr_u *	srcadr;
 	unsigned int	hash;
-	struct pkt *	pkt;
-	l_fp		pkt_org;
 
 	findpeer_calls++;
 	srcadr = &rbufp->recv_srcadr;
@@ -288,37 +235,10 @@ findpeer(
                 /* ensure peer source address matches */
                 if (!ADDR_PORT_EQ(srcadr, &p->srcadr)) continue;
 
-                /* If the association matching rules determine that this
-                 * is not a valid combination, then look for the next
-                 * valid peer association.
-                 */
-                *action = MATCH_ASSOC(p->hmode, pkt_mode);
-
-                /* A response to our manycastclient solicitation might
-                 * be misassociated with an ephemeral peer already spun
-                 * for the server.  If the packet's org timestamp
-                 * doesn't match the peer's, check if it matches the
-                 * ACST prototype peer's.  If so it is a redundant
-                 * solicitation response, return AM_ERR to discard it.
-                 * [Classic Bug 1762]
-                 */
-                if (MODE_SERVER == pkt_mode && AM_PROCPKT == *action) {
-                        pkt = &rbufp->recv_pkt;
-                        pkt_org = ntohl_fp(pkt->org);
-                        if (p->org != pkt_org && findmanycastpeer(rbufp))
-                                *action = AM_ERR;
-                }
-
-                /* If an error was returned, exit back right here. */
-                if (*action == AM_ERR) return NULL;
-
-                /* If a match is found, we stop our search. */
-                if (*action != AM_NOMATCH) break;
+		return p;
         }
 
-	/* If no matching association is found */
-	if (NULL == p) *action = MATCH_ASSOC(NO_PEER, pkt_mode);
-	return p;
+	return NULL;
 }
 
 /*
@@ -832,39 +752,6 @@ peer_all_reset(void)
 }
 
 
-/*
- * findmanycastpeer - find and return a manycastclient or pool
- *		      association matching a received response.
- */
-struct peer *
-findmanycastpeer(
-	struct recvbuf *rbufp	/* receive buffer pointer */
-	)
-{
-	struct peer *peer;
-	struct pkt *pkt;
-	l_fp p_org;
-
-	/*
-	 * This routine is called upon arrival of a server-mode response
-	 * to a manycastclient multicast solicitation, or to a pool
-	 * server unicast solicitation.  Search the peer list for a
-	 * manycastclient association where the last transmit timestamp
-	 * matches the response packet's originate timestamp.  There can
-	 * be multiple manycastclient associations, or multiple pool
-	 * solicitation assocations, so this assumes the transmit
-	 * timestamps are unique for such.
-	 */
-	pkt = &rbufp->recv_pkt;
-	for (peer = peer_list; peer != NULL; peer = peer->p_link)
-		if (MDF_SOLICIT_MASK & peer->cast_flags) {
-			p_org = ntohl_fp(pkt->org);
-			if (p_org == peer->org)
-				break;
-		}
-
-	return peer;
-}
 
 /* peer_cleanup - clean peer list prior to shutdown */
 void peer_cleanup(void)


=====================================
ntpd/ntp_proto.c
=====================================
--- a/ntpd/ntp_proto.c
+++ b/ntpd/ntp_proto.c
@@ -235,33 +235,29 @@ is_control_packet(
 	    PKT_MODE(rbufp->recv_space.X_recv_buffer[0]) == MODE_CONTROL;
 }
 
-/* Free a parsed_pkt structure allocated by parsed_packet(). In the
-   event of a parse error, this function may be called from within
-   parse_packet() while the structure is only partially initialized, so
-   we must be careful not to dereference uninitialized pointers.  This
-   is achieved by making sure we use calloc() everywhere in
-   parse_packet(), and then comparing to NULL before dereferencing.
+/* There used to be a calloc/free for each received packet.
+   Now, the parse_pkt version lives in a recvbuf.
+   The alloc/free only happens for extensions and we don't support
+   any of them.
 */
 static void
-free_packet(
-	struct parsed_pkt *pkt
+free_extens(
+	struct recvbuf *rbufp
 	)
 {
-	if(pkt == NULL) { return; };
-	if(pkt->extensions != NULL) {
-		for(size_t i = 0; i < pkt->num_extensions; i++) {
-			free(pkt->extensions[i].body);
-			pkt->extensions[i].body = NULL;
+	if(rbufp->pkt.extensions != NULL) {
+		for(size_t i = 0; i < rbufp->pkt.num_extensions; i++) {
+			free(rbufp->pkt.extensions[i].body);
+			rbufp->pkt.extensions[i].body = NULL;
 		}
-		free(pkt->extensions);
-		pkt->extensions = NULL;
+		free(rbufp->pkt.extensions);
+		rbufp->pkt.extensions = NULL;
 	}
-	free(pkt);
 }
 
-static struct parsed_pkt*
+static bool
 parse_packet(
-	struct recvbuf const* rbufp
+	struct recvbuf * rbufp
 	)
 {
 	REQUIRE(rbufp != NULL);
@@ -271,14 +267,12 @@ parse_packet(
 
 	if(recv_length < LEN_PKT_NOMAC) {
 		/* Packet is too short to possibly be valid. */
-		return NULL;
+		return false;
 	}
 
-	struct parsed_pkt *pkt = calloc(1, sizeof (struct parsed_pkt));
+	struct parsed_pkt * pkt = &rbufp->pkt;
 	uint8_t const* bufptr = recv_buf + LEN_PKT_NOMAC;
 
-	if(pkt == NULL) { goto fail; }
-
 	/* Parse header fields */
 	pkt->li_vn_mode = recv_buf[0];
 	pkt->stratum = recv_buf[1];
@@ -292,13 +286,13 @@ parse_packet(
 	pkt->rec = ntp_be64dec(recv_buf + 32);
 	pkt->xmt = ntp_be64dec(recv_buf + 40);
 
-	/* These initializations should have already been taken care of
-	   by calloc(), but let's be explicit. */
-	pkt->num_extensions = 0;
+	/* Make sure these are clean before we might bail. */
+        pkt->num_extensions = 0;
 	pkt->extensions = NULL;
-	pkt->keyid_present = false;
-	pkt->keyid = 0;
-	pkt->mac_len = 0;
+
+	rbufp->keyid_present = false;
+	rbufp->keyid = 0;
+	rbufp->mac_len = 0;
 
 	if(PKT_VERSION(pkt->li_vn_mode) > 4) {
 		/* Unsupported version */
@@ -346,9 +340,9 @@ parse_packet(
 	switch(recv_buf + recv_length - bufptr) {
 	    case 0:
 		/* No authenticator */
-		pkt->keyid_present = false;
-		pkt->keyid = 0;
-		pkt->mac_len = 0;
+		rbufp->keyid_present = false;
+		rbufp->keyid = 0;
+		rbufp->mac_len = 0;
 		break;
 	    case 4:
 		/* crypto-NAK */
@@ -356,17 +350,17 @@ parse_packet(
 			/* Only allowed as of NTPv3 */
 			goto fail;
 		}
-		pkt->keyid_present = true;
-		pkt->keyid = ntp_be32dec(bufptr);
-		pkt->mac_len = 0;
+		rbufp->keyid_present = true;
+		rbufp->keyid = ntp_be32dec(bufptr);
+		rbufp->mac_len = 0;
 		break;
 	    case 6:
 		/* NTPv2 authenticator, which we allow but strip because
 		   we don't support it any more */
 		if(PKT_VERSION(pkt->li_vn_mode) != 2) { goto fail; }
-		pkt->keyid_present = false;
-		pkt->keyid = 0;
-		pkt->mac_len = 0;
+		rbufp->keyid_present = false;
+		rbufp->keyid = 0;
+		rbufp->mac_len = 0;
 		break;
 	    case 20:
 		/* MD5 authenticator */
@@ -374,10 +368,9 @@ parse_packet(
 			/* Only allowed as of NTPv3 */
 			goto fail;
 		}
-		pkt->keyid_present = true;
-		pkt->keyid = ntp_be32dec(bufptr);
-		pkt->mac_len = 16;
-		memcpy(pkt->mac, bufptr + 4, 16);
+		rbufp->keyid_present = true;
+		rbufp->keyid = ntp_be32dec(bufptr);
+		rbufp->mac_len = 16;
 		break;
 	    case 24:
 		/* SHA-1 authenticator */
@@ -385,10 +378,9 @@ parse_packet(
 			/* Only allowed as of NTPv3 */
 			goto fail;
 		}
-		pkt->keyid_present = true;
-		pkt->keyid = ntp_be32dec(bufptr);
-		pkt->mac_len = 20;
-		memcpy(pkt->mac, bufptr + 4, 20);
+		rbufp->keyid_present = true;
+		rbufp->keyid = ntp_be32dec(bufptr);
+		rbufp->mac_len = 20;
 		break;
 	    case 72:
 		/* MS-SNTP */
@@ -400,9 +392,9 @@ parse_packet(
 		/* We don't deal with the MS-SNTP fields, so just strip
 		 * them.
 		 */
-		pkt->keyid_present = false;
-		pkt->keyid = 0;
-		pkt->mac_len = 0;
+		rbufp->keyid_present = false;
+		rbufp->keyid = 0;
+		rbufp->mac_len = 0;
 
 		break;
 	    default:
@@ -410,10 +402,10 @@ parse_packet(
 		goto fail;
 	}
 
-	return pkt;
+	return true;
   fail:
-	free_packet(pkt);
-	return NULL;
+	free_extens(rbufp);
+	return false;
 }
 
 /* Returns true if we should not accept any unauthenticated packets from
@@ -434,15 +426,15 @@ parse_packet(
 static bool
 i_require_authentication(
 	struct peer const* peer,
-	struct parsed_pkt const* pkt,
+	struct recvbuf const* rbufp,
 	unsigned short restrict_mask
 	)
 {
         bool restrict_notrust = restrict_mask & RES_DONTTRUST;
         bool peer_has_key = peer != NULL && peer->cfg.peerkey != 0;
         bool wants_association =
-            PKT_MODE(pkt->li_vn_mode) == MODE_BROADCAST ||
-            (peer == NULL && PKT_MODE(pkt->li_vn_mode == MODE_ACTIVE));
+            PKT_MODE(rbufp->pkt.li_vn_mode) == MODE_BROADCAST ||
+            (peer == NULL && PKT_MODE(rbufp->pkt.li_vn_mode == MODE_ACTIVE));
         bool restrict_nopeer =
             (restrict_mask & RES_NOPEER) &&
             wants_association;
@@ -452,18 +444,18 @@ i_require_authentication(
 
 static bool
 is_crypto_nak(
-	struct parsed_pkt const* pkt
+	struct recvbuf const* rbufp
 	)
 {
-	return pkt->keyid_present && pkt->keyid == 0 && pkt->mac_len == 0;
+	return rbufp->keyid_present && rbufp->keyid == 0 && rbufp->mac_len == 0;
 }
 
 static bool is_kod(
-	struct parsed_pkt const* pkt
+	struct recvbuf const* rbufp
 	)
 {
-	return PKT_LEAP(pkt->li_vn_mode) == LEAP_NOTINSYNC &&
-	    PKT_TO_STRATUM(pkt->stratum) == STRATUM_UNSPEC;
+	return PKT_LEAP(rbufp->pkt.li_vn_mode) == LEAP_NOTINSYNC &&
+	    PKT_TO_STRATUM(rbufp->pkt.stratum) == STRATUM_UNSPEC;
 }
 
 /* Check the restrictions which can be checked just based on the source
@@ -489,16 +481,11 @@ static void
 handle_fastxmit(
 	struct recvbuf *rbufp,
 	unsigned short restrict_mask,
-	struct parsed_pkt const* pkt,
-	struct peer *peer,
 	bool request_already_authenticated
 	)
 {
 	uint32_t xkeyid;
 
-	/* This argument is currently unused. */
-	(void)peer;
-
 	if (rbufp->dstadr->flags & INT_MCASTOPEN) {
 			sys_restricted++;
 	}
@@ -507,33 +494,27 @@ handle_fastxmit(
 	   the response if the request passed authentication.
 	*/
 	if(request_already_authenticated ||
-	   (pkt->keyid_present &&
-	    authdecrypt(pkt->keyid,
+	   (rbufp->keyid_present &&
+	    authdecrypt(rbufp->keyid,
 			(uint32_t*)rbufp->recv_space.X_recv_buffer,
-			(int)(rbufp->recv_length - (pkt->mac_len + 4)),
-			(int)(pkt->mac_len + 4)))) {
-		xkeyid = pkt->keyid;
+			(int)(rbufp->recv_length - (rbufp->mac_len + 4)),
+			(int)(rbufp->mac_len + 4)))) {
+		xkeyid = rbufp->keyid;
 	} else {
 		xkeyid = 0;
 	}
 
         int xmode =
-            PKT_MODE(pkt->li_vn_mode) == MODE_ACTIVE ? MODE_PASSIVE : MODE_SERVER;
+            PKT_MODE(rbufp->pkt.li_vn_mode) == MODE_ACTIVE ? MODE_PASSIVE : MODE_SERVER;
 	fast_xmit(rbufp, xmode, xkeyid, restrict_mask);
 }
 
 static void
 handle_procpkt(
 	struct recvbuf *rbufp,
-	unsigned short restrict_mask,
-	struct parsed_pkt const* pkt,
-	struct peer *peer,
-	bool request_already_authenticated
+	struct peer *peer
 	)
 {
-	/* These arguments are currently unused. */
-	(void)restrict_mask;
-	(void)request_already_authenticated;
 
 	/* Shouldn't happen, but include this for safety. */
 	if(peer == NULL) { return; }
@@ -541,24 +522,24 @@ handle_procpkt(
 	peer->flash &= ~PKT_BOGON_MASK;
 
 	/* Duplicate detection */
-	if(pkt->xmt == peer->xmt) {
+	if(rbufp->pkt.xmt == peer->xmt) {
 		peer->flash |= BOGON1;
 		peer->oldpkt++;
 		return;
 	}
 
 	/* Origin timestamp validation */
-	if(PKT_MODE(pkt->li_vn_mode) == MODE_SERVER) {
+	if(PKT_MODE(rbufp->pkt.li_vn_mode) == MODE_SERVER) {
 		if(peer->outcount == 0) {
 			peer->flash |= BOGON1;
 			peer->oldpkt++;
 			return;
 		}
-		if(pkt->org == 0) {
+		if(rbufp->pkt.org == 0) {
 			peer->flash |= BOGON3;
 			peer->bogusorg++;
 			return;
-		} else if(pkt->org != peer->org) {
+		} else if(rbufp->pkt.org != peer->org) {
 			peer->flash |= BOGON2;
 			peer->bogusorg++;
 			return;
@@ -577,8 +558,8 @@ handle_procpkt(
 
 	peer->outcount = 0;
 
-	if(is_kod(pkt)) {
-		if(!memcmp(pkt->refid, "RATE", REFIDLEN)) {
+	if(is_kod(rbufp)) {
+		if(!memcmp(rbufp->pkt.refid, "RATE", REFIDLEN)) {
 			peer->selbroken++;
 			report_event(PEVNT_RATE, peer, NULL);
 			if (peer->cfg.minpoll < 10) { peer->cfg.minpoll = 10; }
@@ -589,14 +570,14 @@ handle_procpkt(
 		return;
 	}
 
-	if (PKT_LEAP(pkt->li_vn_mode) == LEAP_NOTINSYNC ||
-	    PKT_TO_STRATUM(pkt->stratum) < sys_floor ||
-	    PKT_TO_STRATUM(pkt->stratum) >= sys_ceiling) {
+	if (PKT_LEAP(rbufp->pkt.li_vn_mode) == LEAP_NOTINSYNC ||
+	    PKT_TO_STRATUM(rbufp->pkt.stratum) < sys_floor ||
+	    PKT_TO_STRATUM(rbufp->pkt.stratum) >= sys_ceiling) {
 		peer->flash |= BOGON6;
 		return;
 	}
 
-	if(scalbn((double)pkt->rootdelay/2.0 + (double)pkt->rootdisp, -16) >=
+	if(scalbn((double)rbufp->pkt.rootdelay/2.0 + (double)rbufp->pkt.rootdisp, -16) >=
 	   sys_maxdisp) {
 		peer->flash |= BOGON7;
 		return;
@@ -610,13 +591,13 @@ handle_procpkt(
 	*/
 
 	const double t34 =
-	    (pkt->xmt >= rbufp->recv_time) ?
-	    scalbn((double)(pkt->xmt - rbufp->recv_time), -32) :
-	    -scalbn((double)(rbufp->recv_time - pkt->xmt), -32);
+	    (rbufp->pkt.xmt >= rbufp->recv_time) ?
+	    scalbn((double)(rbufp->pkt.xmt - rbufp->recv_time), -32) :
+	    -scalbn((double)(rbufp->recv_time - rbufp->pkt.xmt), -32);
 	const double t21 =
-	    (pkt->rec >= peer->org) ?
-	    scalbn((double)(pkt->rec - peer->org), -32) :
-	    -scalbn((double)(peer->org - pkt->rec), -32);
+	    (rbufp->pkt.rec >= peer->org) ?
+	    scalbn((double)(rbufp->pkt.rec - peer->org), -32) :
+	    -scalbn((double)(peer->org - rbufp->pkt.rec), -32);
 	const double theta = (t21 + t34) / 2.;
 	const double delta = fabs(t21 - t34);
 	const double epsilon = LOGTOD(sys_precision) +
@@ -641,16 +622,16 @@ handle_procpkt(
 	  return;
 	}
 
-	peer->leap = PKT_LEAP(pkt->li_vn_mode);
-	peer->stratum = min(PKT_TO_STRATUM(pkt->stratum), STRATUM_UNSPEC);
-	peer->pmode = PKT_MODE(pkt->li_vn_mode);
-	peer->precision = pkt->precision;
-	peer->rootdelay = scalbn((double)pkt->rootdelay, -16);
-	peer->rootdisp = scalbn((double)pkt->rootdisp, -16);
-	memcpy(&peer->refid, pkt->refid, REFIDLEN);
-	peer->reftime = pkt->reftime;
-	peer->rec = pkt->rec;
-	peer->xmt = pkt->xmt;
+	peer->leap = PKT_LEAP(rbufp->pkt.li_vn_mode);
+	peer->stratum = min(PKT_TO_STRATUM(rbufp->pkt.stratum), STRATUM_UNSPEC);
+	peer->pmode = PKT_MODE(rbufp->pkt.li_vn_mode);
+	peer->precision = rbufp->pkt.precision;
+	peer->rootdelay = scalbn((double)rbufp->pkt.rootdelay, -16);
+	peer->rootdisp = scalbn((double)rbufp->pkt.rootdisp, -16);
+	memcpy(&peer->refid, rbufp->pkt.refid, REFIDLEN);
+	peer->reftime = rbufp->pkt.reftime;
+	peer->rec = rbufp->pkt.rec;
+	peer->xmt = rbufp->pkt.xmt;
 	peer->dst = rbufp->recv_time;
 
 	record_raw_stats(peer,
@@ -661,15 +642,14 @@ handle_procpkt(
 			    peer structure is a convenience, because
 			    they're already in the l_fp format that
 			    record_raw_stats() expects. */
-			 PKT_LEAP(pkt->li_vn_mode),
-			 PKT_VERSION(pkt->li_vn_mode),
-			 PKT_MODE(pkt->li_vn_mode),
-			 PKT_TO_STRATUM(pkt->stratum),
-			 pkt->ppoll, pkt->precision,
-			 pkt->rootdelay, pkt->rootdisp,
+			 PKT_LEAP(rbufp->pkt.li_vn_mode),
+			 PKT_VERSION(rbufp->pkt.li_vn_mode),
+			 PKT_MODE(rbufp->pkt.li_vn_mode),
+			 PKT_TO_STRATUM(rbufp->pkt.stratum),
+			 rbufp->pkt.ppoll, rbufp->pkt.precision,
+			 rbufp->pkt.rootdelay, rbufp->pkt.rootdisp,
 			 /* FIXME: this cast is disgusting */
-			 *(const uint32_t*)pkt->refid,
-			 /* This will always be 0 by the time we get here */
+			 *(const uint32_t*)rbufp->pkt.refid,
 			 peer->outcount);
 
 	/* If either burst mode is armed, enable the burst.
@@ -699,57 +679,14 @@ handle_procpkt(
 	clock_filter(peer, theta + peer->cfg.bias, delta, epsilon);
 }
 
-static void
-handle_manycast(
-	struct recvbuf *rbufp,
-	unsigned short restrict_mask,
-	struct parsed_pkt const* pkt,
-	struct peer *mpeer,
-	bool request_already_authenticated
-	)
-{
-	struct peer_ctl mctl;
-	(void)request_already_authenticated;
-	(void)restrict_mask;
-
-	if(mpeer == NULL) {
-		sys_restricted++;
-		return;
-	};
-
-	if(mpeer->cast_flags & MDF_POOL) {
-		mpeer->nextdate = current_time + 1;
-	}
-
-	/* Don't bother associating with unsynchronized servers */
-	if (PKT_LEAP(pkt->li_vn_mode) == LEAP_NOTINSYNC ||
-	    PKT_TO_STRATUM(pkt->stratum) < sys_floor ||
-	    PKT_TO_STRATUM(pkt->stratum) >= sys_ceiling ||
-	    scalbn((double)pkt->rootdelay/2.0 + (double)pkt->rootdisp, -16) >=
-	    sys_maxdisp) {
-		return;
-	}
 
-	memset(&mctl, '\0', sizeof(struct peer_ctl));
-	mctl.version = PKT_VERSION(pkt->li_vn_mode);
-	mctl.flags = FLAG_PREEMPT | (FLAG_IBURST & mpeer->cfg.flags);
-	mctl.minpoll = mpeer->cfg.minpoll;
-	mctl.maxpoll = mpeer->cfg.maxpoll;
-	mctl.mode = 0;
-	mctl.peerkey = mpeer->cfg.peerkey;
-	newpeer(&rbufp->recv_srcadr, NULL, rbufp->dstadr,
-		MODE_CLIENT, &mctl, MDF_UCAST | MDF_UCLNT, false);
-}
-	
 void
 receive(
 	struct recvbuf *rbufp
 	)
 {
-	struct parsed_pkt *pkt = NULL;
 	struct peer *peer = NULL;
 	unsigned short restrict_mask;
-	int match = AM_NOMATCH;
 	bool authenticated = false;
 
 	sys_received++;
@@ -759,6 +696,8 @@ receive(
 		goto done;
 	}
 
+/* FIXME: This is lots more cleanup to do in this area. */
+
 #ifdef REFCLOCK
 	restrict_mask = rbufp->network_packet ?
 	    restrictions(&rbufp->recv_srcadr) :
@@ -801,33 +740,29 @@ receive(
 	}
 	}
 
-	pkt = parse_packet(rbufp);
-	if(pkt == NULL) {
+	if (!parse_packet(rbufp)) {
 		sys_badlength++;
 		goto done;
 	}
-	peer = findpeer(rbufp, PKT_MODE(pkt->li_vn_mode), &match);
-	if(peer == NULL && match == AM_MANYCAST) {
-		peer = findmanycastpeer(rbufp);
-	}
+	peer = findpeer(rbufp);
 
-	if(i_require_authentication(peer, pkt, restrict_mask)) {
+	if(i_require_authentication(peer, rbufp, restrict_mask)) {
 		if(
 			/* Check whether an authenticator is even present. */
-			!pkt->keyid_present || is_crypto_nak(pkt) ||
+			!rbufp->keyid_present || is_crypto_nak(rbufp) ||
 			/* If we require a specific key from this peer,
 			   check that it matches. */
 			(peer != NULL && peer->cfg.peerkey != 0 &&
-			 peer->cfg.peerkey != pkt->keyid) ||
+			 peer->cfg.peerkey != rbufp->keyid) ||
 			/* Verify the MAC.
 			   TODO: rewrite authdecrypt() to give it a
 			   better name and a saner interface so we don't
 			   have to do this screwy buffer-length
 			   arithmetic in order to call it. */
-			!authdecrypt(pkt->keyid,
+			!authdecrypt(rbufp->keyid,
 				 (uint32_t*)rbufp->recv_space.X_recv_buffer,
-				 (int)(rbufp->recv_length - (pkt->mac_len + 4)),
-				 (int)(pkt->mac_len + 4))) {
+				 (int)(rbufp->recv_length - (rbufp->mac_len + 4)),
+				 (int)(rbufp->mac_len + 4))) {
 
 			sys_badauth++;
 			if(peer != NULL) {
@@ -845,26 +780,19 @@ receive(
 		peer->timereceived = current_time;
 	}
 
-	switch(match) {
-	    case AM_FXMIT:
-            case AM_NEWPASS:
-		handle_fastxmit(rbufp, restrict_mask, pkt, peer, authenticated);
+	switch (PKT_MODE(rbufp->pkt.li_vn_mode)) {
+	    case MODE_CLIENT:
+		/* Request for us as a server. */
+		handle_fastxmit(rbufp, restrict_mask, authenticated);
 		sys_processed++;
-		if (peer != NULL)	/* possible during pool query */
-		    peer->processed++;
 		break;
-	    case AM_PROCPKT:
-		handle_procpkt(rbufp, restrict_mask, pkt, peer, authenticated);
+	    case MODE_SERVER:
+		/* Reply to our request. */
+		handle_procpkt(rbufp, peer);
 		sys_processed++;
 		if (peer != NULL)	/* just to be on the safe side */
 		    peer->processed++;
 		break;
-	    case AM_MANYCAST:
-		handle_manycast(rbufp, restrict_mask, pkt, peer, authenticated);
-		sys_processed++;
-		if (peer != NULL)	/* possible during pool query */
-		    peer->processed++;
-		break;
 	    default:
 		/* Everything else is for broadcast modes,
 		   which are a security nightmare.  So they go to the
@@ -875,7 +803,7 @@ receive(
 	}
 
   done:
-	free_packet(pkt);
+	free_extens(rbufp);
 }
 
 /*


=====================================
ntpd/ntp_refclock.c
=====================================
--- a/ntpd/ntp_refclock.c
+++ b/ntpd/ntp_refclock.c
@@ -205,16 +205,9 @@ refclock_newpeer(
 
 	/*
 	 * Set peer.pmode based on the hmode. For appearances only.
+	 * Leftover from "peer" modes.
 	 */
-	switch (peer->hmode) {
-	case MODE_ACTIVE:
-		peer->pmode = MODE_PASSIVE;
-		break;
-
-	default:
-		peer->pmode = MODE_SERVER;
-		break;
-	}
+	peer->pmode = MODE_SERVER;
 
 	/*
 	 * Do driver dependent initialization. The above defaults


=====================================
ntpd/refclock_generic.c
=====================================
--- a/ntpd/refclock_generic.c
+++ b/ntpd/refclock_generic.c
@@ -1900,7 +1900,7 @@ local_input(
 					buf->dstadr       = rbufp->dstadr;
 					buf->receiver     = rbufp->receiver;
 					buf->fd           = rbufp->fd;
-					buf->X_from_where = rbufp->X_from_where;
+					buf->recv_peer    = rbufp->recv_peer;
 					parse->generic->io.recvcount++;
 					packets_received++;
 					add_full_recv_buffer(buf);


=====================================
tests/option-tester.sh
=====================================
--- a/tests/option-tester.sh
+++ b/tests/option-tester.sh
@@ -47,8 +47,12 @@ doit ()
     ./$DIR/main/ntpclients/ntpq --version        |& tee -a $DIR/test.log
     echo -n "VERSION: "                          |& tee -a $DIR/test.log
     ./$DIR/main/ntpclients/ntpdig --version      |& tee -a $DIR/test.log
-    echo -n "VERSION: "                          |& tee -a $DIR/test.log
-    ./$DIR/main/ntpclients/ntpmon --version      |& tee -a $DIR/test.log
+    if [ `uname -s` != "NetBSD" ]
+    then
+      # no Python/curses on NetBSD
+      echo -n "VERSION: "                        |& tee -a $DIR/test.log
+      ./$DIR/main/ntpclients/ntpmon --version    |& tee -a $DIR/test.log
+    fi
 if [ "`which gpsmon 2>/dev/null`" != "" ]
 then
     # needs GPSD library



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/2a302721f7353c5c79dbcfb28a6c7ad6237e1b56...df8471751ffe1081a7de076cccfc32a25c5cc059

---
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/2a302721f7353c5c79dbcfb28a6c7ad6237e1b56...df8471751ffe1081a7de076cccfc32a25c5cc059
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20180320/6c69651e/attachment.html>


More information about the vc mailing list