[Git][NTPsec/ntpsec][master] 8 commits: Another use for keyid_t
Hal Murray
gitlab at mg.gitlab.com
Tue Mar 20 08:17:59 UTC 2018
Hal Murray pushed to branch master at NTPsec / ntpsec
Commits:
ec33243d by Hal Murray at 2018-03-20T05:22:28Z
Another use for keyid_t
- - - - -
f2a94428 by Hal Murray at 2018-03-20T05:22:28Z
Remove findmanycastpeer
We don't suport many/multi case any more.
It was also part of the pool support path,
but that went away when I cleaned up the DNS lookup.
- - - - -
6ae7d785 by Hal Murray at 2018-03-20T05:22:28Z
Remove ntohl_fp - no longer used
- - - - -
05bbeccc by Hal Murray at 2018-03-20T05:22:28Z
Remove calloc/free for parsed_pkt each received packet processed.
- - - - -
f8f4ecd8 by Hal Murray at 2018-03-20T05:22:28Z
More peer mode cleanup
- - - - -
f30f4b8b by Hal Murray at 2018-03-20T05:22:28Z
Remove more broadcast leftovers.
- - - - -
81228d7d by Hal Murray at 2018-03-20T05:22:28Z
Cleanup processing of received packets.
The old code had a complicated table to handle the
case where a peer slot wasn't setup yet. That handled
responses to pool requests (from dns), peer requests,
and multicast. All those complications are gone now.
- - - - -
df847175 by Hal Murray at 2018-03-20T07:53:44Z
Skip ntpmon on NetBSD - no curses
-bash-4.4$ ./test-all/main/ntpclients/ntpmon
ntpmon: can't find Python curses library.
No module named _curses
-bash-4.4$
- - - - -
8 changed files:
- include/ntp.h
- include/ntpd.h
- include/recvbuff.h
- ntpd/ntp_peer.c
- ntpd/ntp_proto.c
- ntpd/ntp_refclock.c
- ntpd/refclock_generic.c
- tests/option-tester.sh
Changes:
=====================================
include/ntp.h
=====================================
--- a/include/ntp.h
+++ b/include/ntp.h
@@ -334,12 +334,7 @@ struct peer {
#define LEAP_DELSECOND 0x2 /* last minute of day has 59 seconds */
#define LEAP_NOTINSYNC 0x3 /* overload, clock is free running */
-/*
- * Values for peer mode and packet mode. Only the modes through
- * MODE_BROADCAST and MODE_BCLIENT appear in the transition
- * function. MODE_CONTROL and MODE_PRIVATE can appear in packets,
- * but those never survive to the translation function.
- * See MATCH_ASSOC in ntp_peer.
+/* Packet Modes
*/
#define MODE_UNSPEC 0 /* unspecified (old version) */
#define MODE_ACTIVE 1 /* symmetric active mode */
@@ -414,10 +409,6 @@ struct parsed_pkt {
uint64_t xmt;
unsigned num_extensions;
struct exten *extensions;
- bool keyid_present;
- uint32_t keyid;
- size_t mac_len;
- char mac[20];
};
struct exten {
=====================================
include/ntpd.h
=====================================
--- a/include/ntpd.h
+++ b/include/ntpd.h
@@ -127,7 +127,7 @@ extern int mon_get_oldest_age(l_fp);
extern void init_peer (void);
extern struct peer *findexistingpeer(sockaddr_u *, const char *,
struct peer *, int);
-extern struct peer *findpeer (struct recvbuf *, int, int *);
+extern struct peer *findpeer (struct recvbuf *);
extern struct peer *findpeerbyassoc(associd_t);
extern void set_peerdstadr (struct peer *, endpt *);
extern struct peer *newpeer (sockaddr_u *, const char *,
@@ -141,7 +141,6 @@ extern void peer_refresh_interface(struct peer *);
extern void unpeer (struct peer *);
extern void clear_all (void);
extern int score_all (struct peer *);
-extern struct peer *findmanycastpeer(struct recvbuf *);
extern void peer_cleanup (void);
/* ntp_proto.c */
=====================================
include/recvbuff.h
=====================================
--- a/include/recvbuff.h
+++ b/include/recvbuff.h
@@ -16,9 +16,8 @@
/*
* Format of a recvbuf. Back when ntpd did true asynchronous
* I/O, these were used by the asynchronous receive routine to store
- * incoming packets and related information. Now, with faster processors
- * and lower latency in the synchronous I/O loop, that complexity
- * has been dropped.
+ * incoming packets and related information. Now, with kernel
+ * time stamps on received packets, that complexity has been dropped.
*/
/*
@@ -35,12 +34,7 @@ typedef struct recvbuf recvbuf_t;
struct recvbuf {
recvbuf_t * link; /* next in list */
- union {
- sockaddr_u X_recv_srcadr;
- struct peer * X_recv_peer;
- } X_from_where;
-#define recv_srcadr X_from_where.X_recv_srcadr
-#define recv_peer X_from_where.X_recv_peer
+ sockaddr_u recv_srcadr;
sockaddr_u srcadr; /* where packet came from */
endpt * dstadr; /* address pkt arrived on */
SOCKET fd; /* fd on which it was received */
@@ -54,9 +48,14 @@ struct recvbuf {
} recv_space;
#define recv_pkt recv_space.X_recv_pkt
#define recv_buffer recv_space.X_recv_buffer
+ struct parsed_pkt pkt; /* host-order copy of data from wire */
int used; /* reference count */
+ bool keyid_present;
+ keyid_t keyid;
+ int mac_len;
#ifdef REFCLOCK
bool network_packet;
+ struct peer * recv_peer;
#endif /* REFCLOCK */
};
=====================================
ntpd/ntp_peer.c
=====================================
--- a/ntpd/ntp_peer.c
+++ b/ntpd/ntp_peer.c
@@ -10,51 +10,6 @@
#include "ntp_lists.h"
#include "ntp_stdlib.h"
-/*
- * Table of valid association combinations
- * ---------------------------------------
- *
- * packet->mode
- * peer->mode | UNSPEC ACTIVE PASSIVE CLIENT SERVER BCAST
- * ---------- | ---------------------------------------------
- * NO_PEER | e 1 0 1 1 1
- * ACTIVE | e 1 1 0 0 0
- * PASSIVE | e 1 e 0 0 0
- * CLIENT | e 0 0 0 1 0
- * SERVER | e 0 0 0 0 0
- * BCAST | e 0 0 0 0 0
- * BCLIENT | e 0 0 0 e 1
- *
- * One point to note here: a packet in BCAST mode can potentially match
- * a peer in CLIENT mode, but we that is a special case and we check for
- * that early in the decision process. This avoids having to keep track
- * of what kind of associations are possible etc... We actually
- * circumvent that problem by requiring that the first b(m)roadcast
- * received after the change back to BCLIENT mode sets the clock.
- */
-#define AM_MODES 7 /* number of rows and columns */
-#define NO_PEER 0 /* action when no peer is found */
-
-static int AM[AM_MODES][AM_MODES] = {
-/* packet->mode */
-/* peer { UNSPEC, ACTIVE, PASSIVE, CLIENT, SERVER, BCAST } */
-/* mode */
-/*NONE*/{ AM_ERR, AM_NEWPASS, AM_NOMATCH, AM_FXMIT, AM_MANYCAST, AM_NEWBCL},
-
-/*A*/ { AM_ERR, AM_PROCPKT, AM_PROCPKT, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH},
-
-/*P*/ { AM_ERR, AM_PROCPKT, AM_ERR, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH},
-
-/*C*/ { AM_ERR, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH, AM_PROCPKT, AM_NOMATCH},
-
-/*S*/ { AM_ERR, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH},
-
-/*BCST*/{ AM_ERR, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH},
-
-/*BCL*/ { AM_ERR, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH, AM_PROCPKT},
-};
-
-#define MATCH_ASSOC(x, y) AM[(x)][(y)]
/*
* These routines manage the allocation of memory to peer structures
@@ -118,10 +73,6 @@ static void getmorepeermem(void);
static void peer_reset (struct peer *);
static int score(struct peer *);
-static inline l_fp ntohl_fp(l_fp_w lfpw) {
- return lfpinit_u(ntohl(lfpw.l_ui), ntohl(lfpw.l_uf));
-}
-
/*
* init_peer - initialize peer data structures and counters
@@ -267,16 +218,12 @@ findexistingpeer(
*/
struct peer *
findpeer(
- struct recvbuf *rbufp,
- int pkt_mode,
- int * action
+ struct recvbuf *rbufp
)
{
struct peer * p;
sockaddr_u * srcadr;
unsigned int hash;
- struct pkt * pkt;
- l_fp pkt_org;
findpeer_calls++;
srcadr = &rbufp->recv_srcadr;
@@ -288,37 +235,10 @@ findpeer(
/* ensure peer source address matches */
if (!ADDR_PORT_EQ(srcadr, &p->srcadr)) continue;
- /* If the association matching rules determine that this
- * is not a valid combination, then look for the next
- * valid peer association.
- */
- *action = MATCH_ASSOC(p->hmode, pkt_mode);
-
- /* A response to our manycastclient solicitation might
- * be misassociated with an ephemeral peer already spun
- * for the server. If the packet's org timestamp
- * doesn't match the peer's, check if it matches the
- * ACST prototype peer's. If so it is a redundant
- * solicitation response, return AM_ERR to discard it.
- * [Classic Bug 1762]
- */
- if (MODE_SERVER == pkt_mode && AM_PROCPKT == *action) {
- pkt = &rbufp->recv_pkt;
- pkt_org = ntohl_fp(pkt->org);
- if (p->org != pkt_org && findmanycastpeer(rbufp))
- *action = AM_ERR;
- }
-
- /* If an error was returned, exit back right here. */
- if (*action == AM_ERR) return NULL;
-
- /* If a match is found, we stop our search. */
- if (*action != AM_NOMATCH) break;
+ return p;
}
- /* If no matching association is found */
- if (NULL == p) *action = MATCH_ASSOC(NO_PEER, pkt_mode);
- return p;
+ return NULL;
}
/*
@@ -832,39 +752,6 @@ peer_all_reset(void)
}
-/*
- * findmanycastpeer - find and return a manycastclient or pool
- * association matching a received response.
- */
-struct peer *
-findmanycastpeer(
- struct recvbuf *rbufp /* receive buffer pointer */
- )
-{
- struct peer *peer;
- struct pkt *pkt;
- l_fp p_org;
-
- /*
- * This routine is called upon arrival of a server-mode response
- * to a manycastclient multicast solicitation, or to a pool
- * server unicast solicitation. Search the peer list for a
- * manycastclient association where the last transmit timestamp
- * matches the response packet's originate timestamp. There can
- * be multiple manycastclient associations, or multiple pool
- * solicitation assocations, so this assumes the transmit
- * timestamps are unique for such.
- */
- pkt = &rbufp->recv_pkt;
- for (peer = peer_list; peer != NULL; peer = peer->p_link)
- if (MDF_SOLICIT_MASK & peer->cast_flags) {
- p_org = ntohl_fp(pkt->org);
- if (p_org == peer->org)
- break;
- }
-
- return peer;
-}
/* peer_cleanup - clean peer list prior to shutdown */
void peer_cleanup(void)
=====================================
ntpd/ntp_proto.c
=====================================
--- a/ntpd/ntp_proto.c
+++ b/ntpd/ntp_proto.c
@@ -235,33 +235,29 @@ is_control_packet(
PKT_MODE(rbufp->recv_space.X_recv_buffer[0]) == MODE_CONTROL;
}
-/* Free a parsed_pkt structure allocated by parsed_packet(). In the
- event of a parse error, this function may be called from within
- parse_packet() while the structure is only partially initialized, so
- we must be careful not to dereference uninitialized pointers. This
- is achieved by making sure we use calloc() everywhere in
- parse_packet(), and then comparing to NULL before dereferencing.
+/* There used to be a calloc/free for each received packet.
+ Now, the parse_pkt version lives in a recvbuf.
+ The alloc/free only happens for extensions and we don't support
+ any of them.
*/
static void
-free_packet(
- struct parsed_pkt *pkt
+free_extens(
+ struct recvbuf *rbufp
)
{
- if(pkt == NULL) { return; };
- if(pkt->extensions != NULL) {
- for(size_t i = 0; i < pkt->num_extensions; i++) {
- free(pkt->extensions[i].body);
- pkt->extensions[i].body = NULL;
+ if(rbufp->pkt.extensions != NULL) {
+ for(size_t i = 0; i < rbufp->pkt.num_extensions; i++) {
+ free(rbufp->pkt.extensions[i].body);
+ rbufp->pkt.extensions[i].body = NULL;
}
- free(pkt->extensions);
- pkt->extensions = NULL;
+ free(rbufp->pkt.extensions);
+ rbufp->pkt.extensions = NULL;
}
- free(pkt);
}
-static struct parsed_pkt*
+static bool
parse_packet(
- struct recvbuf const* rbufp
+ struct recvbuf * rbufp
)
{
REQUIRE(rbufp != NULL);
@@ -271,14 +267,12 @@ parse_packet(
if(recv_length < LEN_PKT_NOMAC) {
/* Packet is too short to possibly be valid. */
- return NULL;
+ return false;
}
- struct parsed_pkt *pkt = calloc(1, sizeof (struct parsed_pkt));
+ struct parsed_pkt * pkt = &rbufp->pkt;
uint8_t const* bufptr = recv_buf + LEN_PKT_NOMAC;
- if(pkt == NULL) { goto fail; }
-
/* Parse header fields */
pkt->li_vn_mode = recv_buf[0];
pkt->stratum = recv_buf[1];
@@ -292,13 +286,13 @@ parse_packet(
pkt->rec = ntp_be64dec(recv_buf + 32);
pkt->xmt = ntp_be64dec(recv_buf + 40);
- /* These initializations should have already been taken care of
- by calloc(), but let's be explicit. */
- pkt->num_extensions = 0;
+ /* Make sure these are clean before we might bail. */
+ pkt->num_extensions = 0;
pkt->extensions = NULL;
- pkt->keyid_present = false;
- pkt->keyid = 0;
- pkt->mac_len = 0;
+
+ rbufp->keyid_present = false;
+ rbufp->keyid = 0;
+ rbufp->mac_len = 0;
if(PKT_VERSION(pkt->li_vn_mode) > 4) {
/* Unsupported version */
@@ -346,9 +340,9 @@ parse_packet(
switch(recv_buf + recv_length - bufptr) {
case 0:
/* No authenticator */
- pkt->keyid_present = false;
- pkt->keyid = 0;
- pkt->mac_len = 0;
+ rbufp->keyid_present = false;
+ rbufp->keyid = 0;
+ rbufp->mac_len = 0;
break;
case 4:
/* crypto-NAK */
@@ -356,17 +350,17 @@ parse_packet(
/* Only allowed as of NTPv3 */
goto fail;
}
- pkt->keyid_present = true;
- pkt->keyid = ntp_be32dec(bufptr);
- pkt->mac_len = 0;
+ rbufp->keyid_present = true;
+ rbufp->keyid = ntp_be32dec(bufptr);
+ rbufp->mac_len = 0;
break;
case 6:
/* NTPv2 authenticator, which we allow but strip because
we don't support it any more */
if(PKT_VERSION(pkt->li_vn_mode) != 2) { goto fail; }
- pkt->keyid_present = false;
- pkt->keyid = 0;
- pkt->mac_len = 0;
+ rbufp->keyid_present = false;
+ rbufp->keyid = 0;
+ rbufp->mac_len = 0;
break;
case 20:
/* MD5 authenticator */
@@ -374,10 +368,9 @@ parse_packet(
/* Only allowed as of NTPv3 */
goto fail;
}
- pkt->keyid_present = true;
- pkt->keyid = ntp_be32dec(bufptr);
- pkt->mac_len = 16;
- memcpy(pkt->mac, bufptr + 4, 16);
+ rbufp->keyid_present = true;
+ rbufp->keyid = ntp_be32dec(bufptr);
+ rbufp->mac_len = 16;
break;
case 24:
/* SHA-1 authenticator */
@@ -385,10 +378,9 @@ parse_packet(
/* Only allowed as of NTPv3 */
goto fail;
}
- pkt->keyid_present = true;
- pkt->keyid = ntp_be32dec(bufptr);
- pkt->mac_len = 20;
- memcpy(pkt->mac, bufptr + 4, 20);
+ rbufp->keyid_present = true;
+ rbufp->keyid = ntp_be32dec(bufptr);
+ rbufp->mac_len = 20;
break;
case 72:
/* MS-SNTP */
@@ -400,9 +392,9 @@ parse_packet(
/* We don't deal with the MS-SNTP fields, so just strip
* them.
*/
- pkt->keyid_present = false;
- pkt->keyid = 0;
- pkt->mac_len = 0;
+ rbufp->keyid_present = false;
+ rbufp->keyid = 0;
+ rbufp->mac_len = 0;
break;
default:
@@ -410,10 +402,10 @@ parse_packet(
goto fail;
}
- return pkt;
+ return true;
fail:
- free_packet(pkt);
- return NULL;
+ free_extens(rbufp);
+ return false;
}
/* Returns true if we should not accept any unauthenticated packets from
@@ -434,15 +426,15 @@ parse_packet(
static bool
i_require_authentication(
struct peer const* peer,
- struct parsed_pkt const* pkt,
+ struct recvbuf const* rbufp,
unsigned short restrict_mask
)
{
bool restrict_notrust = restrict_mask & RES_DONTTRUST;
bool peer_has_key = peer != NULL && peer->cfg.peerkey != 0;
bool wants_association =
- PKT_MODE(pkt->li_vn_mode) == MODE_BROADCAST ||
- (peer == NULL && PKT_MODE(pkt->li_vn_mode == MODE_ACTIVE));
+ PKT_MODE(rbufp->pkt.li_vn_mode) == MODE_BROADCAST ||
+ (peer == NULL && PKT_MODE(rbufp->pkt.li_vn_mode == MODE_ACTIVE));
bool restrict_nopeer =
(restrict_mask & RES_NOPEER) &&
wants_association;
@@ -452,18 +444,18 @@ i_require_authentication(
static bool
is_crypto_nak(
- struct parsed_pkt const* pkt
+ struct recvbuf const* rbufp
)
{
- return pkt->keyid_present && pkt->keyid == 0 && pkt->mac_len == 0;
+ return rbufp->keyid_present && rbufp->keyid == 0 && rbufp->mac_len == 0;
}
static bool is_kod(
- struct parsed_pkt const* pkt
+ struct recvbuf const* rbufp
)
{
- return PKT_LEAP(pkt->li_vn_mode) == LEAP_NOTINSYNC &&
- PKT_TO_STRATUM(pkt->stratum) == STRATUM_UNSPEC;
+ return PKT_LEAP(rbufp->pkt.li_vn_mode) == LEAP_NOTINSYNC &&
+ PKT_TO_STRATUM(rbufp->pkt.stratum) == STRATUM_UNSPEC;
}
/* Check the restrictions which can be checked just based on the source
@@ -489,16 +481,11 @@ static void
handle_fastxmit(
struct recvbuf *rbufp,
unsigned short restrict_mask,
- struct parsed_pkt const* pkt,
- struct peer *peer,
bool request_already_authenticated
)
{
uint32_t xkeyid;
- /* This argument is currently unused. */
- (void)peer;
-
if (rbufp->dstadr->flags & INT_MCASTOPEN) {
sys_restricted++;
}
@@ -507,33 +494,27 @@ handle_fastxmit(
the response if the request passed authentication.
*/
if(request_already_authenticated ||
- (pkt->keyid_present &&
- authdecrypt(pkt->keyid,
+ (rbufp->keyid_present &&
+ authdecrypt(rbufp->keyid,
(uint32_t*)rbufp->recv_space.X_recv_buffer,
- (int)(rbufp->recv_length - (pkt->mac_len + 4)),
- (int)(pkt->mac_len + 4)))) {
- xkeyid = pkt->keyid;
+ (int)(rbufp->recv_length - (rbufp->mac_len + 4)),
+ (int)(rbufp->mac_len + 4)))) {
+ xkeyid = rbufp->keyid;
} else {
xkeyid = 0;
}
int xmode =
- PKT_MODE(pkt->li_vn_mode) == MODE_ACTIVE ? MODE_PASSIVE : MODE_SERVER;
+ PKT_MODE(rbufp->pkt.li_vn_mode) == MODE_ACTIVE ? MODE_PASSIVE : MODE_SERVER;
fast_xmit(rbufp, xmode, xkeyid, restrict_mask);
}
static void
handle_procpkt(
struct recvbuf *rbufp,
- unsigned short restrict_mask,
- struct parsed_pkt const* pkt,
- struct peer *peer,
- bool request_already_authenticated
+ struct peer *peer
)
{
- /* These arguments are currently unused. */
- (void)restrict_mask;
- (void)request_already_authenticated;
/* Shouldn't happen, but include this for safety. */
if(peer == NULL) { return; }
@@ -541,24 +522,24 @@ handle_procpkt(
peer->flash &= ~PKT_BOGON_MASK;
/* Duplicate detection */
- if(pkt->xmt == peer->xmt) {
+ if(rbufp->pkt.xmt == peer->xmt) {
peer->flash |= BOGON1;
peer->oldpkt++;
return;
}
/* Origin timestamp validation */
- if(PKT_MODE(pkt->li_vn_mode) == MODE_SERVER) {
+ if(PKT_MODE(rbufp->pkt.li_vn_mode) == MODE_SERVER) {
if(peer->outcount == 0) {
peer->flash |= BOGON1;
peer->oldpkt++;
return;
}
- if(pkt->org == 0) {
+ if(rbufp->pkt.org == 0) {
peer->flash |= BOGON3;
peer->bogusorg++;
return;
- } else if(pkt->org != peer->org) {
+ } else if(rbufp->pkt.org != peer->org) {
peer->flash |= BOGON2;
peer->bogusorg++;
return;
@@ -577,8 +558,8 @@ handle_procpkt(
peer->outcount = 0;
- if(is_kod(pkt)) {
- if(!memcmp(pkt->refid, "RATE", REFIDLEN)) {
+ if(is_kod(rbufp)) {
+ if(!memcmp(rbufp->pkt.refid, "RATE", REFIDLEN)) {
peer->selbroken++;
report_event(PEVNT_RATE, peer, NULL);
if (peer->cfg.minpoll < 10) { peer->cfg.minpoll = 10; }
@@ -589,14 +570,14 @@ handle_procpkt(
return;
}
- if (PKT_LEAP(pkt->li_vn_mode) == LEAP_NOTINSYNC ||
- PKT_TO_STRATUM(pkt->stratum) < sys_floor ||
- PKT_TO_STRATUM(pkt->stratum) >= sys_ceiling) {
+ if (PKT_LEAP(rbufp->pkt.li_vn_mode) == LEAP_NOTINSYNC ||
+ PKT_TO_STRATUM(rbufp->pkt.stratum) < sys_floor ||
+ PKT_TO_STRATUM(rbufp->pkt.stratum) >= sys_ceiling) {
peer->flash |= BOGON6;
return;
}
- if(scalbn((double)pkt->rootdelay/2.0 + (double)pkt->rootdisp, -16) >=
+ if(scalbn((double)rbufp->pkt.rootdelay/2.0 + (double)rbufp->pkt.rootdisp, -16) >=
sys_maxdisp) {
peer->flash |= BOGON7;
return;
@@ -610,13 +591,13 @@ handle_procpkt(
*/
const double t34 =
- (pkt->xmt >= rbufp->recv_time) ?
- scalbn((double)(pkt->xmt - rbufp->recv_time), -32) :
- -scalbn((double)(rbufp->recv_time - pkt->xmt), -32);
+ (rbufp->pkt.xmt >= rbufp->recv_time) ?
+ scalbn((double)(rbufp->pkt.xmt - rbufp->recv_time), -32) :
+ -scalbn((double)(rbufp->recv_time - rbufp->pkt.xmt), -32);
const double t21 =
- (pkt->rec >= peer->org) ?
- scalbn((double)(pkt->rec - peer->org), -32) :
- -scalbn((double)(peer->org - pkt->rec), -32);
+ (rbufp->pkt.rec >= peer->org) ?
+ scalbn((double)(rbufp->pkt.rec - peer->org), -32) :
+ -scalbn((double)(peer->org - rbufp->pkt.rec), -32);
const double theta = (t21 + t34) / 2.;
const double delta = fabs(t21 - t34);
const double epsilon = LOGTOD(sys_precision) +
@@ -641,16 +622,16 @@ handle_procpkt(
return;
}
- peer->leap = PKT_LEAP(pkt->li_vn_mode);
- peer->stratum = min(PKT_TO_STRATUM(pkt->stratum), STRATUM_UNSPEC);
- peer->pmode = PKT_MODE(pkt->li_vn_mode);
- peer->precision = pkt->precision;
- peer->rootdelay = scalbn((double)pkt->rootdelay, -16);
- peer->rootdisp = scalbn((double)pkt->rootdisp, -16);
- memcpy(&peer->refid, pkt->refid, REFIDLEN);
- peer->reftime = pkt->reftime;
- peer->rec = pkt->rec;
- peer->xmt = pkt->xmt;
+ peer->leap = PKT_LEAP(rbufp->pkt.li_vn_mode);
+ peer->stratum = min(PKT_TO_STRATUM(rbufp->pkt.stratum), STRATUM_UNSPEC);
+ peer->pmode = PKT_MODE(rbufp->pkt.li_vn_mode);
+ peer->precision = rbufp->pkt.precision;
+ peer->rootdelay = scalbn((double)rbufp->pkt.rootdelay, -16);
+ peer->rootdisp = scalbn((double)rbufp->pkt.rootdisp, -16);
+ memcpy(&peer->refid, rbufp->pkt.refid, REFIDLEN);
+ peer->reftime = rbufp->pkt.reftime;
+ peer->rec = rbufp->pkt.rec;
+ peer->xmt = rbufp->pkt.xmt;
peer->dst = rbufp->recv_time;
record_raw_stats(peer,
@@ -661,15 +642,14 @@ handle_procpkt(
peer structure is a convenience, because
they're already in the l_fp format that
record_raw_stats() expects. */
- PKT_LEAP(pkt->li_vn_mode),
- PKT_VERSION(pkt->li_vn_mode),
- PKT_MODE(pkt->li_vn_mode),
- PKT_TO_STRATUM(pkt->stratum),
- pkt->ppoll, pkt->precision,
- pkt->rootdelay, pkt->rootdisp,
+ PKT_LEAP(rbufp->pkt.li_vn_mode),
+ PKT_VERSION(rbufp->pkt.li_vn_mode),
+ PKT_MODE(rbufp->pkt.li_vn_mode),
+ PKT_TO_STRATUM(rbufp->pkt.stratum),
+ rbufp->pkt.ppoll, rbufp->pkt.precision,
+ rbufp->pkt.rootdelay, rbufp->pkt.rootdisp,
/* FIXME: this cast is disgusting */
- *(const uint32_t*)pkt->refid,
- /* This will always be 0 by the time we get here */
+ *(const uint32_t*)rbufp->pkt.refid,
peer->outcount);
/* If either burst mode is armed, enable the burst.
@@ -699,57 +679,14 @@ handle_procpkt(
clock_filter(peer, theta + peer->cfg.bias, delta, epsilon);
}
-static void
-handle_manycast(
- struct recvbuf *rbufp,
- unsigned short restrict_mask,
- struct parsed_pkt const* pkt,
- struct peer *mpeer,
- bool request_already_authenticated
- )
-{
- struct peer_ctl mctl;
- (void)request_already_authenticated;
- (void)restrict_mask;
-
- if(mpeer == NULL) {
- sys_restricted++;
- return;
- };
-
- if(mpeer->cast_flags & MDF_POOL) {
- mpeer->nextdate = current_time + 1;
- }
-
- /* Don't bother associating with unsynchronized servers */
- if (PKT_LEAP(pkt->li_vn_mode) == LEAP_NOTINSYNC ||
- PKT_TO_STRATUM(pkt->stratum) < sys_floor ||
- PKT_TO_STRATUM(pkt->stratum) >= sys_ceiling ||
- scalbn((double)pkt->rootdelay/2.0 + (double)pkt->rootdisp, -16) >=
- sys_maxdisp) {
- return;
- }
- memset(&mctl, '\0', sizeof(struct peer_ctl));
- mctl.version = PKT_VERSION(pkt->li_vn_mode);
- mctl.flags = FLAG_PREEMPT | (FLAG_IBURST & mpeer->cfg.flags);
- mctl.minpoll = mpeer->cfg.minpoll;
- mctl.maxpoll = mpeer->cfg.maxpoll;
- mctl.mode = 0;
- mctl.peerkey = mpeer->cfg.peerkey;
- newpeer(&rbufp->recv_srcadr, NULL, rbufp->dstadr,
- MODE_CLIENT, &mctl, MDF_UCAST | MDF_UCLNT, false);
-}
-
void
receive(
struct recvbuf *rbufp
)
{
- struct parsed_pkt *pkt = NULL;
struct peer *peer = NULL;
unsigned short restrict_mask;
- int match = AM_NOMATCH;
bool authenticated = false;
sys_received++;
@@ -759,6 +696,8 @@ receive(
goto done;
}
+/* FIXME: This is lots more cleanup to do in this area. */
+
#ifdef REFCLOCK
restrict_mask = rbufp->network_packet ?
restrictions(&rbufp->recv_srcadr) :
@@ -801,33 +740,29 @@ receive(
}
}
- pkt = parse_packet(rbufp);
- if(pkt == NULL) {
+ if (!parse_packet(rbufp)) {
sys_badlength++;
goto done;
}
- peer = findpeer(rbufp, PKT_MODE(pkt->li_vn_mode), &match);
- if(peer == NULL && match == AM_MANYCAST) {
- peer = findmanycastpeer(rbufp);
- }
+ peer = findpeer(rbufp);
- if(i_require_authentication(peer, pkt, restrict_mask)) {
+ if(i_require_authentication(peer, rbufp, restrict_mask)) {
if(
/* Check whether an authenticator is even present. */
- !pkt->keyid_present || is_crypto_nak(pkt) ||
+ !rbufp->keyid_present || is_crypto_nak(rbufp) ||
/* If we require a specific key from this peer,
check that it matches. */
(peer != NULL && peer->cfg.peerkey != 0 &&
- peer->cfg.peerkey != pkt->keyid) ||
+ peer->cfg.peerkey != rbufp->keyid) ||
/* Verify the MAC.
TODO: rewrite authdecrypt() to give it a
better name and a saner interface so we don't
have to do this screwy buffer-length
arithmetic in order to call it. */
- !authdecrypt(pkt->keyid,
+ !authdecrypt(rbufp->keyid,
(uint32_t*)rbufp->recv_space.X_recv_buffer,
- (int)(rbufp->recv_length - (pkt->mac_len + 4)),
- (int)(pkt->mac_len + 4))) {
+ (int)(rbufp->recv_length - (rbufp->mac_len + 4)),
+ (int)(rbufp->mac_len + 4))) {
sys_badauth++;
if(peer != NULL) {
@@ -845,26 +780,19 @@ receive(
peer->timereceived = current_time;
}
- switch(match) {
- case AM_FXMIT:
- case AM_NEWPASS:
- handle_fastxmit(rbufp, restrict_mask, pkt, peer, authenticated);
+ switch (PKT_MODE(rbufp->pkt.li_vn_mode)) {
+ case MODE_CLIENT:
+ /* Request for us as a server. */
+ handle_fastxmit(rbufp, restrict_mask, authenticated);
sys_processed++;
- if (peer != NULL) /* possible during pool query */
- peer->processed++;
break;
- case AM_PROCPKT:
- handle_procpkt(rbufp, restrict_mask, pkt, peer, authenticated);
+ case MODE_SERVER:
+ /* Reply to our request. */
+ handle_procpkt(rbufp, peer);
sys_processed++;
if (peer != NULL) /* just to be on the safe side */
peer->processed++;
break;
- case AM_MANYCAST:
- handle_manycast(rbufp, restrict_mask, pkt, peer, authenticated);
- sys_processed++;
- if (peer != NULL) /* possible during pool query */
- peer->processed++;
- break;
default:
/* Everything else is for broadcast modes,
which are a security nightmare. So they go to the
@@ -875,7 +803,7 @@ receive(
}
done:
- free_packet(pkt);
+ free_extens(rbufp);
}
/*
=====================================
ntpd/ntp_refclock.c
=====================================
--- a/ntpd/ntp_refclock.c
+++ b/ntpd/ntp_refclock.c
@@ -205,16 +205,9 @@ refclock_newpeer(
/*
* Set peer.pmode based on the hmode. For appearances only.
+ * Leftover from "peer" modes.
*/
- switch (peer->hmode) {
- case MODE_ACTIVE:
- peer->pmode = MODE_PASSIVE;
- break;
-
- default:
- peer->pmode = MODE_SERVER;
- break;
- }
+ peer->pmode = MODE_SERVER;
/*
* Do driver dependent initialization. The above defaults
=====================================
ntpd/refclock_generic.c
=====================================
--- a/ntpd/refclock_generic.c
+++ b/ntpd/refclock_generic.c
@@ -1900,7 +1900,7 @@ local_input(
buf->dstadr = rbufp->dstadr;
buf->receiver = rbufp->receiver;
buf->fd = rbufp->fd;
- buf->X_from_where = rbufp->X_from_where;
+ buf->recv_peer = rbufp->recv_peer;
parse->generic->io.recvcount++;
packets_received++;
add_full_recv_buffer(buf);
=====================================
tests/option-tester.sh
=====================================
--- a/tests/option-tester.sh
+++ b/tests/option-tester.sh
@@ -47,8 +47,12 @@ doit ()
./$DIR/main/ntpclients/ntpq --version |& tee -a $DIR/test.log
echo -n "VERSION: " |& tee -a $DIR/test.log
./$DIR/main/ntpclients/ntpdig --version |& tee -a $DIR/test.log
- echo -n "VERSION: " |& tee -a $DIR/test.log
- ./$DIR/main/ntpclients/ntpmon --version |& tee -a $DIR/test.log
+ if [ `uname -s` != "NetBSD" ]
+ then
+ # no Python/curses on NetBSD
+ echo -n "VERSION: " |& tee -a $DIR/test.log
+ ./$DIR/main/ntpclients/ntpmon --version |& tee -a $DIR/test.log
+ fi
if [ "`which gpsmon 2>/dev/null`" != "" ]
then
# needs GPSD library
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/2a302721f7353c5c79dbcfb28a6c7ad6237e1b56...df8471751ffe1081a7de076cccfc32a25c5cc059
---
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/2a302721f7353c5c79dbcfb28a6c7ad6237e1b56...df8471751ffe1081a7de076cccfc32a25c5cc059
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20180320/6c69651e/attachment.html>
More information about the vc
mailing list