ntp_peer.c revision 330141
1/* 2 * ntp_peer.c - management of data maintained for peer associations 3 */ 4#ifdef HAVE_CONFIG_H 5#include <config.h> 6#endif 7 8#include <stdio.h> 9#include <sys/types.h> 10 11#include "ntpd.h" 12#include "ntp_lists.h" 13#include "ntp_stdlib.h" 14#include "ntp_control.h" 15#include <ntp_random.h> 16 17/* 18 * Table of valid association combinations 19 * --------------------------------------- 20 * 21 * packet->mode 22 * peer->mode | UNSPEC ACTIVE PASSIVE CLIENT SERVER BCAST 23 * ---------- | --------------------------------------------- 24 * NO_PEER | e 1 0 1 1 1 25 * ACTIVE | e 1 1 0 0 0 26 * PASSIVE | e 1 e 0 0 0 27 * CLIENT | e 0 0 0 1 0 28 * SERVER | e 0 0 0 0 0 29 * BCAST | e 0 0 0 0 0 30 * BCLIENT | e 0 0 0 e 1 31 * 32 * One point to note here: a packet in BCAST mode can potentially match 33 * a peer in CLIENT mode, but we that is a special case and we check for 34 * that early in the decision process. This avoids having to keep track 35 * of what kind of associations are possible etc... We actually 36 * circumvent that problem by requiring that the first b(m)roadcast 37 * received after the change back to BCLIENT mode sets the clock. 38 */ 39#define AM_MODES 7 /* number of rows and columns */ 40#define NO_PEER 0 /* action when no peer is found */ 41 42int AM[AM_MODES][AM_MODES] = { 43/* packet->mode */ 44/* peer { UNSPEC, ACTIVE, PASSIVE, CLIENT, SERVER, BCAST } */ 45/* mode */ 46/*NONE*/{ AM_ERR, AM_NEWPASS, AM_NOMATCH, AM_FXMIT, AM_MANYCAST, AM_NEWBCL}, 47 48/*A*/ { AM_ERR, AM_PROCPKT, AM_PROCPKT, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH}, 49 50/*P*/ { AM_ERR, AM_PROCPKT, AM_ERR, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH}, 51 52/*C*/ { AM_ERR, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH, AM_PROCPKT, AM_NOMATCH}, 53 54/*S*/ { AM_ERR, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH}, 55 56/*BCST*/{ AM_ERR, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH}, 57 58/*BCL*/ { AM_ERR, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH, AM_PROCPKT}, 59}; 60 61#define MATCH_ASSOC(x, y) AM[(x)][(y)] 62 63/* 64 * These routines manage the allocation of memory to peer structures 65 * and the maintenance of three data structures involving all peers: 66 * 67 * - peer_list is a single list with all peers, suitable for scanning 68 * operations over all peers. 69 * - peer_adr_hash is an array of lists indexed by hashed peer address. 70 * - peer_aid_hash is an array of lists indexed by hashed associd. 71 * 72 * They also maintain a free list of peer structures, peer_free. 73 * 74 * The three main entry points are findpeer(), which looks for matching 75 * peer structures in the peer list, newpeer(), which allocates a new 76 * peer structure and adds it to the list, and unpeer(), which 77 * demobilizes the association and deallocates the structure. 78 */ 79/* 80 * Peer hash tables 81 */ 82struct peer *peer_hash[NTP_HASH_SIZE]; /* peer hash table */ 83int peer_hash_count[NTP_HASH_SIZE]; /* peers in each bucket */ 84struct peer *assoc_hash[NTP_HASH_SIZE]; /* association ID hash table */ 85int assoc_hash_count[NTP_HASH_SIZE];/* peers in each bucket */ 86struct peer *peer_list; /* peer structures list */ 87static struct peer *peer_free; /* peer structures free list */ 88int peer_free_count; /* count of free structures */ 89 90/* 91 * Association ID. We initialize this value randomly, then assign a new 92 * value every time an association is mobilized. 93 */ 94static associd_t current_association_ID; /* association ID */ 95static associd_t initial_association_ID; /* association ID */ 96 97/* 98 * Memory allocation watermarks. 99 */ 100#define INIT_PEER_ALLOC 8 /* static preallocation */ 101#define INC_PEER_ALLOC 4 /* add N more when empty */ 102 103/* 104 * Miscellaneous statistic counters which may be queried. 105 */ 106u_long peer_timereset; /* time stat counters zeroed */ 107u_long findpeer_calls; /* calls to findpeer */ 108u_long assocpeer_calls; /* calls to findpeerbyassoc */ 109u_long peer_allocations; /* allocations from free list */ 110u_long peer_demobilizations; /* structs freed to free list */ 111int total_peer_structs; /* peer structs */ 112int peer_associations; /* mobilized associations */ 113int peer_preempt; /* preemptable associations */ 114static struct peer init_peer_alloc[INIT_PEER_ALLOC]; /* init alloc */ 115 116static struct peer * findexistingpeer_name(const char *, u_short, 117 struct peer *, int); 118static struct peer * findexistingpeer_addr(sockaddr_u *, 119 struct peer *, int, 120 u_char, int *); 121static void free_peer(struct peer *, int); 122static void getmorepeermem(void); 123static int score(struct peer *); 124 125 126/* 127 * init_peer - initialize peer data structures and counters 128 * 129 * N.B. We use the random number routine in here. It had better be 130 * initialized prior to getting here. 131 */ 132void 133init_peer(void) 134{ 135 int i; 136 137 /* 138 * Initialize peer free list from static allocation. 139 */ 140 for (i = COUNTOF(init_peer_alloc) - 1; i >= 0; i--) 141 LINK_SLIST(peer_free, &init_peer_alloc[i], p_link); 142 total_peer_structs = COUNTOF(init_peer_alloc); 143 peer_free_count = COUNTOF(init_peer_alloc); 144 145 /* 146 * Initialize our first association ID 147 */ 148 do 149 current_association_ID = ntp_random() & ASSOCID_MAX; 150 while (!current_association_ID); 151 initial_association_ID = current_association_ID; 152} 153 154 155/* 156 * getmorepeermem - add more peer structures to the free list 157 */ 158static void 159getmorepeermem(void) 160{ 161 int i; 162 struct peer *peers; 163 164 peers = eallocarray(INC_PEER_ALLOC, sizeof(*peers)); 165 166 for (i = INC_PEER_ALLOC - 1; i >= 0; i--) 167 LINK_SLIST(peer_free, &peers[i], p_link); 168 169 total_peer_structs += INC_PEER_ALLOC; 170 peer_free_count += INC_PEER_ALLOC; 171} 172 173 174static struct peer * 175findexistingpeer_name( 176 const char * hostname, 177 u_short hname_fam, 178 struct peer * start_peer, 179 int mode 180 ) 181{ 182 struct peer *p; 183 184 if (NULL == start_peer) 185 p = peer_list; 186 else 187 p = start_peer->p_link; 188 for (; p != NULL; p = p->p_link) 189 if (p->hostname != NULL 190 && (-1 == mode || p->hmode == mode) 191 && (AF_UNSPEC == hname_fam 192 || AF_UNSPEC == AF(&p->srcadr) 193 || hname_fam == AF(&p->srcadr)) 194 && !strcasecmp(p->hostname, hostname)) 195 break; 196 return p; 197} 198 199 200static 201struct peer * 202findexistingpeer_addr( 203 sockaddr_u * addr, 204 struct peer * start_peer, 205 int mode, 206 u_char cast_flags, 207 int * ip_count 208 ) 209{ 210 struct peer *peer; 211 212 DPRINTF(2, ("findexistingpeer_addr(%s, %s, %d, 0x%x, %p)\n", 213 sptoa(addr), 214 (start_peer) 215 ? sptoa(&start_peer->srcadr) 216 : "NULL", 217 mode, (u_int)cast_flags, ip_count)); 218 219 /* 220 * start_peer is included so we can locate instances of the 221 * same peer through different interfaces in the hash table. 222 * Without MDF_BCLNT, a match requires the same mode and remote 223 * address. MDF_BCLNT associations start out as MODE_CLIENT 224 * if broadcastdelay is not specified, and switch to 225 * MODE_BCLIENT after estimating the one-way delay. Duplicate 226 * associations are expanded in definition to match any other 227 * MDF_BCLNT with the same srcadr (remote, unicast address). 228 */ 229 if (NULL == start_peer) 230 peer = peer_hash[NTP_HASH_ADDR(addr)]; 231 else 232 peer = start_peer->adr_link; 233 234 while (peer != NULL) { 235 DPRINTF(3, ("%s %s %d %d 0x%x 0x%x ", sptoa(addr), 236 sptoa(&peer->srcadr), mode, peer->hmode, 237 (u_int)cast_flags, (u_int)peer->cast_flags)); 238 if (ip_count) { 239 if (SOCK_EQ(addr, &peer->srcadr)) { 240 (*ip_count)++; 241 } 242 } 243 if ((-1 == mode || peer->hmode == mode || 244 ((MDF_BCLNT & peer->cast_flags) && 245 (MDF_BCLNT & cast_flags))) && 246 ADDR_PORT_EQ(addr, &peer->srcadr)) { 247 DPRINTF(3, ("found.\n")); 248 break; 249 } 250 DPRINTF(3, ("\n")); 251 peer = peer->adr_link; 252 } 253 254 return peer; 255} 256 257 258/* 259 * findexistingpeer - search by address and return a pointer to a peer. 260 */ 261struct peer * 262findexistingpeer( 263 sockaddr_u * addr, 264 const char * hostname, 265 struct peer * start_peer, 266 int mode, 267 u_char cast_flags, 268 int * ip_count 269 ) 270{ 271 if (hostname != NULL) 272 return findexistingpeer_name(hostname, AF(addr), 273 start_peer, mode); 274 else 275 return findexistingpeer_addr(addr, start_peer, mode, 276 cast_flags, ip_count); 277} 278 279 280/* 281 * findpeer - find and return a peer match for a received datagram in 282 * the peer_hash table. 283 * 284 * [Bug 3072] To faciliate a faster reorganisation after routing changes 285 * the original code re-assigned the peer address to be the destination 286 * of the received packet and initiated another round on a mismatch. 287 * Unfortunately this leaves us wide open for a DoS attack where the 288 * attacker directs a packet with forged destination address to us -- 289 * this results in a wrong interface assignment, actually creating a DoS 290 * situation. 291 * 292 * This condition would persist until the next update of the interface 293 * list, but a continued attack would put us out of business again soon 294 * enough. Authentication alone does not help here, since it does not 295 * protect the UDP layer and leaves us open for a replay attack. 296 * 297 * So we do not update the adresses and wait until the next interface 298 * list update does the right thing for us. 299 */ 300struct peer * 301findpeer( 302 struct recvbuf *rbufp, 303 int pkt_mode, 304 int * action 305 ) 306{ 307 struct peer * p; 308 sockaddr_u * srcadr; 309 u_int hash; 310 struct pkt * pkt; 311 l_fp pkt_org; 312 313 findpeer_calls++; 314 srcadr = &rbufp->recv_srcadr; 315 hash = NTP_HASH_ADDR(srcadr); 316 for (p = peer_hash[hash]; p != NULL; p = p->adr_link) { 317 318 /* [Bug 3072] ensure interface of peer matches */ 319 /* [Bug 3356] ... if NOT a broadcast peer! */ 320 if (p->hmode != MODE_BCLIENT && p->dstadr != rbufp->dstadr) 321 continue; 322 323 /* ensure peer source address matches */ 324 if ( ! ADDR_PORT_EQ(srcadr, &p->srcadr)) 325 continue; 326 327 /* If the association matching rules determine that this 328 * is not a valid combination, then look for the next 329 * valid peer association. 330 */ 331 *action = MATCH_ASSOC(p->hmode, pkt_mode); 332 333 /* A response to our manycastclient solicitation might 334 * be misassociated with an ephemeral peer already spun 335 * for the server. If the packet's org timestamp 336 * doesn't match the peer's, check if it matches the 337 * ACST prototype peer's. If so it is a redundant 338 * solicitation response, return AM_ERR to discard it. 339 * [Bug 1762] 340 */ 341 if (MODE_SERVER == pkt_mode && AM_PROCPKT == *action) { 342 pkt = &rbufp->recv_pkt; 343 NTOHL_FP(&pkt->org, &pkt_org); 344 if (!L_ISEQU(&p->aorg, &pkt_org) && 345 findmanycastpeer(rbufp)) 346 *action = AM_ERR; 347 } 348 349 /* if an error was returned, exit back right here. */ 350 if (*action == AM_ERR) 351 return NULL; 352 353 /* if a match is found, we stop our search. */ 354 if (*action != AM_NOMATCH) 355 break; 356 } 357 358 /* If no matching association is found... */ 359 if (NULL == p) 360 *action = MATCH_ASSOC(NO_PEER, pkt_mode); 361 362 return p; 363} 364 365/* 366 * findpeerbyassoc - find and return a peer using his association ID 367 */ 368struct peer * 369findpeerbyassoc( 370 associd_t assoc 371 ) 372{ 373 struct peer *p; 374 u_int hash; 375 376 assocpeer_calls++; 377 hash = assoc & NTP_HASH_MASK; 378 for (p = assoc_hash[hash]; p != NULL; p = p->aid_link) 379 if (assoc == p->associd) 380 break; 381 return p; 382} 383 384 385/* 386 * clear_all - flush all time values for all associations 387 */ 388void 389clear_all(void) 390{ 391 struct peer *p; 392 393 /* 394 * This routine is called when the clock is stepped, and so all 395 * previously saved time values are untrusted. 396 */ 397 for (p = peer_list; p != NULL; p = p->p_link) 398 if (!(MDF_TXONLY_MASK & p->cast_flags)) 399 peer_clear(p, "STEP"); 400 401 DPRINTF(1, ("clear_all: at %lu\n", current_time)); 402} 403 404 405/* 406 * score_all() - determine if an association can be demobilized 407 */ 408int 409score_all( 410 struct peer *peer /* peer structure pointer */ 411 ) 412{ 413 struct peer *speer; 414 int temp, tamp; 415 int x; 416 417 /* 418 * This routine finds the minimum score for all preemptible 419 * associations and returns > 0 if the association can be 420 * demobilized. 421 */ 422 tamp = score(peer); 423 temp = 100; 424 for (speer = peer_list; speer != NULL; speer = speer->p_link) 425 if (speer->flags & FLAG_PREEMPT) { 426 x = score(speer); 427 if (x < temp) 428 temp = x; 429 } 430 DPRINTF(1, ("score_all: at %lu score %d min %d\n", 431 current_time, tamp, temp)); 432 433 if (tamp != temp) 434 temp = 0; 435 436 return temp; 437} 438 439 440/* 441 * score() - calculate preemption score 442 */ 443static int 444score( 445 struct peer *peer /* peer structure pointer */ 446 ) 447{ 448 int temp; 449 450 /* 451 * This routine calculates the premption score from the peer 452 * error bits and status. Increasing values are more cherished. 453 */ 454 temp = 0; 455 if (!(peer->flash & TEST10)) 456 temp++; /* 1 good synch and stratum */ 457 if (!(peer->flash & TEST13)) 458 temp++; /* 2 reachable */ 459 if (!(peer->flash & TEST12)) 460 temp++; /* 3 no loop */ 461 if (!(peer->flash & TEST11)) 462 temp++; /* 4 good distance */ 463 if (peer->status >= CTL_PST_SEL_SELCAND) 464 temp++; /* 5 in the hunt */ 465 if (peer->status != CTL_PST_SEL_EXCESS) 466 temp++; /* 6 not spare tire */ 467 return (temp); /* selection status */ 468} 469 470 471/* 472 * free_peer - internal routine to free memory referred to by a struct 473 * peer and return it to the peer free list. If unlink is 474 * nonzero, unlink from the various lists. 475 */ 476static void 477free_peer( 478 struct peer * p, 479 int unlink_peer 480 ) 481{ 482 struct peer * unlinked; 483 int hash; 484 485 if (unlink_peer) { 486 hash = NTP_HASH_ADDR(&p->srcadr); 487 peer_hash_count[hash]--; 488 489 UNLINK_SLIST(unlinked, peer_hash[hash], p, adr_link, 490 struct peer); 491 if (NULL == unlinked) { 492 peer_hash_count[hash]++; 493 msyslog(LOG_ERR, "peer %s not in address table!", 494 stoa(&p->srcadr)); 495 } 496 497 /* 498 * Remove him from the association hash as well. 499 */ 500 hash = p->associd & NTP_HASH_MASK; 501 assoc_hash_count[hash]--; 502 503 UNLINK_SLIST(unlinked, assoc_hash[hash], p, aid_link, 504 struct peer); 505 if (NULL == unlinked) { 506 assoc_hash_count[hash]++; 507 msyslog(LOG_ERR, 508 "peer %s not in association ID table!", 509 stoa(&p->srcadr)); 510 } 511 512 /* Remove him from the overall list. */ 513 UNLINK_SLIST(unlinked, peer_list, p, p_link, 514 struct peer); 515 if (NULL == unlinked) 516 msyslog(LOG_ERR, "%s not in peer list!", 517 stoa(&p->srcadr)); 518 } 519 520 if (p->hostname != NULL) 521 free(p->hostname); 522 523 if (p->ident != NULL) 524 free(p->ident); 525 526 if (p->addrs != NULL) 527 free(p->addrs); /* from copy_addrinfo_list() */ 528 529 /* Add his corporeal form to peer free list */ 530 ZERO(*p); 531 LINK_SLIST(peer_free, p, p_link); 532 peer_free_count++; 533} 534 535 536/* 537 * unpeer - remove peer structure from hash table and free structure 538 */ 539void 540unpeer( 541 struct peer *peer 542 ) 543{ 544 mprintf_event(PEVNT_DEMOBIL, peer, "assoc %u", peer->associd); 545 restrict_source(&peer->srcadr, 1, 0); 546 set_peerdstadr(peer, NULL); 547 peer_demobilizations++; 548 peer_associations--; 549 if (FLAG_PREEMPT & peer->flags) 550 peer_preempt--; 551#ifdef REFCLOCK 552 /* 553 * If this peer is actually a clock, shut it down first 554 */ 555 if (FLAG_REFCLOCK & peer->flags) 556 refclock_unpeer(peer); 557#endif 558 559 free_peer(peer, TRUE); 560} 561 562 563/* 564 * peer_config - configure a new association 565 */ 566struct peer * 567peer_config( 568 sockaddr_u * srcadr, 569 const char * hostname, 570 endpt * dstadr, 571 int ippeerlimit, 572 u_char hmode, 573 u_char version, 574 u_char minpoll, 575 u_char maxpoll, 576 u_int flags, 577 u_int32 ttl, 578 keyid_t key, 579 const char * ident /* autokey group */ 580 ) 581{ 582 u_char cast_flags; 583 584 /* 585 * We do a dirty little jig to figure the cast flags. This is 586 * probably not the best place to do this, at least until the 587 * configure code is rebuilt. Note only one flag can be set. 588 */ 589 switch (hmode) { 590 case MODE_BROADCAST: 591 if (IS_MCAST(srcadr)) 592 cast_flags = MDF_MCAST; 593 else 594 cast_flags = MDF_BCAST; 595 break; 596 597 case MODE_CLIENT: 598 if (hostname != NULL && SOCK_UNSPEC(srcadr)) 599 cast_flags = MDF_POOL; 600 else if (IS_MCAST(srcadr)) 601 cast_flags = MDF_ACAST; 602 else 603 cast_flags = MDF_UCAST; 604 break; 605 606 default: 607 cast_flags = MDF_UCAST; 608 } 609 610 /* 611 * Mobilize the association and initialize its variables. If 612 * emulating ntpdate, force iburst. For pool and manycastclient 613 * strip FLAG_PREEMPT as the prototype associations are not 614 * themselves preemptible, though the resulting associations 615 * are. 616 */ 617 flags |= FLAG_CONFIG; 618 if (mode_ntpdate) 619 flags |= FLAG_IBURST; 620 if ((MDF_ACAST | MDF_POOL) & cast_flags) 621 flags &= ~FLAG_PREEMPT; 622 return newpeer(srcadr, hostname, dstadr, ippeerlimit, hmode, version, 623 minpoll, maxpoll, flags, cast_flags, ttl, key, ident); 624} 625 626/* 627 * setup peer dstadr field keeping it in sync with the interface 628 * structures 629 */ 630void 631set_peerdstadr( 632 struct peer * p, 633 endpt * dstadr 634 ) 635{ 636 struct peer * unlinked; 637 638 DEBUG_INSIST(p != NULL); 639 640 if (p == NULL) 641 return; 642 643 /* check for impossible or identical assignment */ 644 if (p->dstadr == dstadr) 645 return; 646 647 /* 648 * Don't accept updates to a separate multicast receive-only 649 * endpt while a BCLNT peer is running its unicast protocol. 650 */ 651 if (dstadr != NULL && (FLAG_BC_VOL & p->flags) && 652 (INT_MCASTIF & dstadr->flags) && MODE_CLIENT == p->hmode) { 653 return; 654 } 655 656 /* unlink from list if we have an address prior to assignment */ 657 if (p->dstadr != NULL) { 658 p->dstadr->peercnt--; 659 UNLINK_SLIST(unlinked, p->dstadr->peers, p, ilink, 660 struct peer); 661 msyslog(LOG_INFO, "%s local addr %s -> %s", 662 stoa(&p->srcadr), latoa(p->dstadr), 663 latoa(dstadr)); 664 } 665 666 p->dstadr = dstadr; 667 668 /* link to list if we have an address after assignment */ 669 if (p->dstadr != NULL) { 670 LINK_SLIST(dstadr->peers, p, ilink); 671 dstadr->peercnt++; 672 } 673} 674 675/* 676 * attempt to re-rebind interface if necessary 677 */ 678static void 679peer_refresh_interface( 680 struct peer *p 681 ) 682{ 683 endpt * niface; 684 endpt * piface; 685 686 niface = select_peerinterface(p, &p->srcadr, NULL); 687 688 DPRINTF(4, ( 689 "peer_refresh_interface: %s->%s mode %d vers %d poll %d %d flags 0x%x 0x%x ttl %u key %08x: new interface: ", 690 p->dstadr == NULL ? "<null>" : 691 stoa(&p->dstadr->sin), stoa(&p->srcadr), p->hmode, 692 p->version, p->minpoll, p->maxpoll, p->flags, p->cast_flags, 693 p->ttl, p->keyid)); 694 if (niface != NULL) { 695 DPRINTF(4, ( 696 "fd=%d, bfd=%d, name=%.16s, flags=0x%x, ifindex=%u, sin=%s", 697 niface->fd, niface->bfd, niface->name, 698 niface->flags, niface->ifindex, 699 stoa(&niface->sin))); 700 if (niface->flags & INT_BROADCAST) 701 DPRINTF(4, (", bcast=%s", 702 stoa(&niface->bcast))); 703 DPRINTF(4, (", mask=%s\n", stoa(&niface->mask))); 704 } else { 705 DPRINTF(4, ("<NONE>\n")); 706 } 707 708 piface = p->dstadr; 709 set_peerdstadr(p, niface); 710 if (p->dstadr != NULL) { 711 /* 712 * clear crypto if we change the local address 713 */ 714 if (p->dstadr != piface && !(MDF_ACAST & p->cast_flags) 715 && MODE_BROADCAST != p->pmode) 716 peer_clear(p, "XFAC"); 717 718 /* 719 * Broadcast needs the socket enabled for broadcast 720 */ 721 if (MDF_BCAST & p->cast_flags) 722 enable_broadcast(p->dstadr, &p->srcadr); 723 724 /* 725 * Multicast needs the socket interface enabled for 726 * multicast 727 */ 728 if (MDF_MCAST & p->cast_flags) 729 enable_multicast_if(p->dstadr, &p->srcadr); 730 } 731} 732 733 734/* 735 * refresh_all_peerinterfaces - see that all interface bindings are up 736 * to date 737 */ 738void 739refresh_all_peerinterfaces(void) 740{ 741 struct peer *p; 742 743 /* 744 * this is called when the interface list has changed 745 * give all peers a chance to find a better interface 746 * but only if either they don't have an address already 747 * or if the one they have hasn't worked for a while. 748 */ 749 for (p = peer_list; p != NULL; p = p->p_link) { 750 if (!(p->dstadr && (p->reach & 0x3))) // Bug 2849 XOR 2043 751 peer_refresh_interface(p); 752 } 753} 754 755 756/* 757 * newpeer - initialize a new peer association 758 */ 759struct peer * 760newpeer( 761 sockaddr_u * srcadr, 762 const char * hostname, 763 endpt * dstadr, 764 int ippeerlimit, 765 u_char hmode, 766 u_char version, 767 u_char minpoll, 768 u_char maxpoll, 769 u_int flags, 770 u_char cast_flags, 771 u_int32 ttl, 772 keyid_t key, 773 const char * ident 774 ) 775{ 776 struct peer * peer; 777 u_int hash; 778 int ip_count = 0; 779 780 781 DEBUG_REQUIRE(srcadr); 782 783#ifdef AUTOKEY 784 /* 785 * If Autokey is requested but not configured, complain loudly. 786 */ 787 if (!crypto_flags) { 788 if (key > NTP_MAXKEY) { 789 return (NULL); 790 791 } else if (flags & FLAG_SKEY) { 792 msyslog(LOG_ERR, "Autokey not configured"); 793 return (NULL); 794 } 795 } 796#endif /* AUTOKEY */ 797 798 /* 799 * For now only pool associations have a hostname. 800 */ 801 INSIST(NULL == hostname || (MDF_POOL & cast_flags)); 802 803 /* 804 * First search from the beginning for an association with given 805 * remote address and mode. If an interface is given, search 806 * from there to find the association which matches that 807 * destination. If the given interface is "any", track down the 808 * actual interface, because that's what gets put into the peer 809 * structure. 810 */ 811 if (dstadr != NULL) { 812 peer = findexistingpeer(srcadr, hostname, NULL, hmode, 813 cast_flags, &ip_count); 814 while (peer != NULL) { 815 if ( peer->dstadr == dstadr 816 || ( (MDF_BCLNT & cast_flags) 817 && (MDF_BCLNT & peer->cast_flags))) 818 break; 819 820 if (dstadr == ANY_INTERFACE_CHOOSE(srcadr) && 821 peer->dstadr == findinterface(srcadr)) 822 break; 823 824 peer = findexistingpeer(srcadr, hostname, peer, 825 hmode, cast_flags, &ip_count); 826 } 827 } else { 828 /* no endpt address given */ 829 peer = findexistingpeer(srcadr, hostname, NULL, hmode, 830 cast_flags, &ip_count); 831 } 832 833 /* 834 * If a peer is found, this would be a duplicate and we don't 835 * allow that. This avoids duplicate ephemeral (broadcast/ 836 * multicast) and preemptible (manycast and pool) client 837 * associations. 838 */ 839 if (peer != NULL) { 840 DPRINTF(2, ("newpeer(%s) found existing association\n", 841 (hostname) 842 ? hostname 843 : stoa(srcadr))); 844 return NULL; 845 } 846 847DPRINTF(1, ("newpeer(%s) found no existing and %d other associations\n", 848 (hostname) 849 ? hostname 850 : stoa(srcadr), 851 ip_count)); 852 853 /* Check ippeerlimit wrt ip_count */ 854 if (ippeerlimit > -1) { 855 if (ip_count + 1 > ippeerlimit) { 856 DPRINTF(2, ("newpeer(%s) denied - ippeerlimit %d\n", 857 (hostname) 858 ? hostname 859 : stoa(srcadr), 860 ippeerlimit)); 861 return NULL; 862 } 863 } else { 864 DPRINTF(1, ("newpeer(%s) - ippeerlimit %d ignored\n", 865 (hostname) 866 ? hostname 867 : stoa(srcadr), 868 ippeerlimit)); 869 } 870 871 /* 872 * Allocate a new peer structure. Some dirt here, since some of 873 * the initialization requires knowlege of our system state. 874 */ 875 if (peer_free_count == 0) 876 getmorepeermem(); 877 UNLINK_HEAD_SLIST(peer, peer_free, p_link); 878 INSIST(peer != NULL); 879 peer_free_count--; 880 peer_associations++; 881 if (FLAG_PREEMPT & flags) 882 peer_preempt++; 883 884 /* 885 * Assign an association ID and increment the system variable. 886 */ 887 peer->associd = current_association_ID; 888 if (++current_association_ID == 0) 889 ++current_association_ID; 890 891 peer->srcadr = *srcadr; 892 if (hostname != NULL) 893 peer->hostname = estrdup(hostname); 894 peer->hmode = hmode; 895 peer->version = version; 896 peer->flags = flags; 897 peer->cast_flags = cast_flags; 898 set_peerdstadr(peer, 899 select_peerinterface(peer, srcadr, dstadr)); 900 901 /* 902 * It is an error to set minpoll less than NTP_MINPOLL or to 903 * set maxpoll greater than NTP_MAXPOLL. However, minpoll is 904 * clamped not greater than NTP_MAXPOLL and maxpoll is clamped 905 * not less than NTP_MINPOLL without complaint. Finally, 906 * minpoll is clamped not greater than maxpoll. 907 */ 908 if (minpoll == 0) 909 peer->minpoll = NTP_MINDPOLL; 910 else 911 peer->minpoll = min(minpoll, NTP_MAXPOLL); 912 if (maxpoll == 0) 913 peer->maxpoll = NTP_MAXDPOLL; 914 else 915 peer->maxpoll = max(maxpoll, NTP_MINPOLL); 916 if (peer->minpoll > peer->maxpoll) 917 peer->minpoll = peer->maxpoll; 918 919 if (peer->dstadr != NULL) 920 DPRINTF(3, ("newpeer(%s): using fd %d and our addr %s\n", 921 stoa(srcadr), peer->dstadr->fd, 922 stoa(&peer->dstadr->sin))); 923 else 924 DPRINTF(3, ("newpeer(%s): local interface currently not bound\n", 925 stoa(srcadr))); 926 927 /* 928 * Broadcast needs the socket enabled for broadcast 929 */ 930 if ((MDF_BCAST & cast_flags) && peer->dstadr != NULL) 931 enable_broadcast(peer->dstadr, srcadr); 932 933 /* 934 * Multicast needs the socket interface enabled for multicast 935 */ 936 if ((MDF_MCAST & cast_flags) && peer->dstadr != NULL) 937 enable_multicast_if(peer->dstadr, srcadr); 938 939#ifdef AUTOKEY 940 if (key > NTP_MAXKEY) 941 peer->flags |= FLAG_SKEY; 942#endif /* AUTOKEY */ 943 peer->ttl = ttl; 944 peer->keyid = key; 945 if (ident != NULL) 946 peer->ident = estrdup(ident); 947 peer->precision = sys_precision; 948 peer->hpoll = peer->minpoll; 949 if (cast_flags & MDF_ACAST) 950 peer_clear(peer, "ACST"); 951 else if (cast_flags & MDF_POOL) 952 peer_clear(peer, "POOL"); 953 else if (cast_flags & MDF_MCAST) 954 peer_clear(peer, "MCST"); 955 else if (cast_flags & MDF_BCAST) 956 peer_clear(peer, "BCST"); 957 else 958 peer_clear(peer, "INIT"); 959 if (mode_ntpdate) 960 peer_ntpdate++; 961 962 /* 963 * Note time on statistics timers. 964 */ 965 peer->timereset = current_time; 966 peer->timereachable = current_time; 967 peer->timereceived = current_time; 968 969 if (ISREFCLOCKADR(&peer->srcadr)) { 970#ifdef REFCLOCK 971 /* 972 * We let the reference clock support do clock 973 * dependent initialization. This includes setting 974 * the peer timer, since the clock may have requirements 975 * for this. 976 */ 977 if (maxpoll == 0) 978 peer->maxpoll = peer->minpoll; 979 if (!refclock_newpeer(peer)) { 980 /* 981 * Dump it, something screwed up 982 */ 983 set_peerdstadr(peer, NULL); 984 free_peer(peer, 0); 985 return NULL; 986 } 987#else /* REFCLOCK */ 988 msyslog(LOG_ERR, "refclock %s isn't supported. ntpd was compiled without refclock support.", 989 stoa(&peer->srcadr)); 990 set_peerdstadr(peer, NULL); 991 free_peer(peer, 0); 992 return NULL; 993#endif /* REFCLOCK */ 994 } 995 996 /* 997 * Put the new peer in the hash tables. 998 */ 999 hash = NTP_HASH_ADDR(&peer->srcadr); 1000 LINK_SLIST(peer_hash[hash], peer, adr_link); 1001 peer_hash_count[hash]++; 1002 hash = peer->associd & NTP_HASH_MASK; 1003 LINK_SLIST(assoc_hash[hash], peer, aid_link); 1004 assoc_hash_count[hash]++; 1005 LINK_SLIST(peer_list, peer, p_link); 1006 1007 restrict_source(&peer->srcadr, 0, 0); 1008 mprintf_event(PEVNT_MOBIL, peer, "assoc %d", peer->associd); 1009 DPRINTF(1, ("newpeer: %s->%s mode %u vers %u poll %u %u flags 0x%x 0x%x ttl %u key %08x\n", 1010 latoa(peer->dstadr), stoa(&peer->srcadr), peer->hmode, 1011 peer->version, peer->minpoll, peer->maxpoll, peer->flags, 1012 peer->cast_flags, peer->ttl, peer->keyid)); 1013 return peer; 1014} 1015 1016 1017/* 1018 * peer_clr_stats - clear peer module statistics counters 1019 */ 1020void 1021peer_clr_stats(void) 1022{ 1023 findpeer_calls = 0; 1024 assocpeer_calls = 0; 1025 peer_allocations = 0; 1026 peer_demobilizations = 0; 1027 peer_timereset = current_time; 1028} 1029 1030 1031/* 1032 * peer_reset - reset statistics counters 1033 */ 1034void 1035peer_reset( 1036 struct peer *peer 1037 ) 1038{ 1039 if (peer == NULL) 1040 return; 1041 1042 peer->timereset = current_time; 1043 peer->sent = 0; 1044 peer->received = 0; 1045 peer->processed = 0; 1046 peer->badauth = 0; 1047 peer->bogusorg = 0; 1048 peer->oldpkt = 0; 1049 peer->seldisptoolarge = 0; 1050 peer->selbroken = 0; 1051} 1052 1053 1054/* 1055 * peer_all_reset - reset all peer statistics counters 1056 */ 1057void 1058peer_all_reset(void) 1059{ 1060 struct peer *peer; 1061 1062 for (peer = peer_list; peer != NULL; peer = peer->p_link) 1063 peer_reset(peer); 1064} 1065 1066 1067/* 1068 * findmanycastpeer - find and return a manycastclient or pool 1069 * association matching a received response. 1070 */ 1071struct peer * 1072findmanycastpeer( 1073 struct recvbuf *rbufp /* receive buffer pointer */ 1074 ) 1075{ 1076 struct peer *peer; 1077 struct pkt *pkt; 1078 l_fp p_org; 1079 1080 /* 1081 * This routine is called upon arrival of a server-mode response 1082 * to a manycastclient multicast solicitation, or to a pool 1083 * server unicast solicitation. Search the peer list for a 1084 * manycastclient association where the last transmit timestamp 1085 * matches the response packet's originate timestamp. There can 1086 * be multiple manycastclient associations, or multiple pool 1087 * solicitation assocations, so this assumes the transmit 1088 * timestamps are unique for such. 1089 */ 1090 pkt = &rbufp->recv_pkt; 1091 for (peer = peer_list; peer != NULL; peer = peer->p_link) 1092 if (MDF_SOLICIT_MASK & peer->cast_flags) { 1093 NTOHL_FP(&pkt->org, &p_org); 1094 if (L_ISEQU(&p_org, &peer->aorg)) 1095 break; 1096 } 1097 1098 return peer; 1099} 1100 1101/* peer_cleanup - clean peer list prior to shutdown */ 1102void peer_cleanup(void) 1103{ 1104 struct peer *peer; 1105 associd_t assoc; 1106 1107 for (assoc = initial_association_ID; assoc != current_association_ID; assoc++) { 1108 if (assoc != 0U) { 1109 peer = findpeerbyassoc(assoc); 1110 if (peer != NULL) 1111 unpeer(peer); 1112 } 1113 } 1114 peer = findpeerbyassoc(current_association_ID); 1115 if (peer != NULL) 1116 unpeer(peer); 1117} 1118