ntp_io.c revision 294904
1/* 2 * ntp_io.c - input/output routines for ntpd. The socket-opening code 3 * was shamelessly stolen from ntpd. 4 */ 5 6#ifdef HAVE_CONFIG_H 7# include <config.h> 8#endif 9 10#include <stdio.h> 11#include <signal.h> 12#ifdef HAVE_FNMATCH_H 13# include <fnmatch.h> 14# if !defined(FNM_CASEFOLD) && defined(FNM_IGNORECASE) 15# define FNM_CASEFOLD FNM_IGNORECASE 16# endif 17#endif 18#ifdef HAVE_SYS_PARAM_H 19# include <sys/param.h> 20#endif 21#ifdef HAVE_SYS_IOCTL_H 22# include <sys/ioctl.h> 23#endif 24#ifdef HAVE_SYS_SOCKIO_H /* UXPV: SIOC* #defines (Frank Vance <fvance@waii.com>) */ 25# include <sys/sockio.h> 26#endif 27#ifdef HAVE_SYS_UIO_H 28# include <sys/uio.h> 29#endif 30 31#include "ntp_machine.h" 32#include "ntpd.h" 33#include "ntp_io.h" 34#include "iosignal.h" 35#include "ntp_lists.h" 36#include "ntp_refclock.h" 37#include "ntp_stdlib.h" 38#include "ntp_worker.h" 39#include "ntp_request.h" 40#include "ntp_assert.h" 41#include "timevalops.h" 42#include "timespecops.h" 43#include "ntpd-opts.h" 44#include "safecast.h" 45 46/* Don't include ISC's version of IPv6 variables and structures */ 47#define ISC_IPV6_H 1 48#include <isc/mem.h> 49#include <isc/interfaceiter.h> 50#include <isc/netaddr.h> 51#include <isc/result.h> 52#include <isc/sockaddr.h> 53 54#ifdef SIM 55#include "ntpsim.h" 56#endif 57 58#ifdef HAS_ROUTING_SOCKET 59# include <net/route.h> 60# ifdef HAVE_RTNETLINK 61# include <linux/rtnetlink.h> 62# endif 63#endif 64 65#if defined(HAVE_SIGNALED_IO) && defined(DEBUG_TIMING) 66# undef DEBUG_TIMING 67#endif 68 69/* 70 * setsockopt does not always have the same arg declaration 71 * across all platforms. If it's not defined we make it empty 72 */ 73 74#ifndef SETSOCKOPT_ARG_CAST 75#define SETSOCKOPT_ARG_CAST 76#endif 77 78extern int listen_to_virtual_ips; 79 80#ifndef IPTOS_DSCP_EF 81#define IPTOS_DSCP_EF 0xb8 82#endif 83int qos = IPTOS_DSCP_EF; /* QoS RFC3246 */ 84 85#ifdef LEAP_SMEAR 86/* TODO burnicki: This should be moved to ntp_timer.c, but if we do so 87 * we get a linker error. Since we're running out of time before the leap 88 * second occurs, we let it here where it just works. 89 */ 90int leap_smear_intv; 91#endif 92 93/* 94 * NIC rule entry 95 */ 96typedef struct nic_rule_tag nic_rule; 97 98struct nic_rule_tag { 99 nic_rule * next; 100 nic_rule_action action; 101 nic_rule_match match_type; 102 char * if_name; 103 sockaddr_u addr; 104 int prefixlen; 105}; 106 107/* 108 * NIC rule listhead. Entries are added at the head so that the first 109 * match in the list is the last matching rule specified. 110 */ 111nic_rule *nic_rule_list; 112 113 114#if defined(SO_BINTIME) && defined(SCM_BINTIME) && defined(CMSG_FIRSTHDR) 115# define HAVE_PACKET_TIMESTAMP 116# define HAVE_BINTIME 117# ifdef BINTIME_CTLMSGBUF_SIZE 118# define CMSG_BUFSIZE BINTIME_CTLMSGBUF_SIZE 119# else 120# define CMSG_BUFSIZE 1536 /* moderate default */ 121# endif 122#elif defined(SO_TIMESTAMPNS) && defined(SCM_TIMESTAMPNS) && defined(CMSG_FIRSTHDR) 123# define HAVE_PACKET_TIMESTAMP 124# define HAVE_TIMESTAMPNS 125# ifdef TIMESTAMPNS_CTLMSGBUF_SIZE 126# define CMSG_BUFSIZE TIMESTAMPNS_CTLMSGBUF_SIZE 127# else 128# define CMSG_BUFSIZE 1536 /* moderate default */ 129# endif 130#elif defined(SO_TIMESTAMP) && defined(SCM_TIMESTAMP) && defined(CMSG_FIRSTHDR) 131# define HAVE_PACKET_TIMESTAMP 132# define HAVE_TIMESTAMP 133# ifdef TIMESTAMP_CTLMSGBUF_SIZE 134# define CMSG_BUFSIZE TIMESTAMP_CTLMSGBUF_SIZE 135# else 136# define CMSG_BUFSIZE 1536 /* moderate default */ 137# endif 138#else 139/* fill in for old/other timestamp interfaces */ 140#endif 141 142#if defined(SYS_WINNT) 143#include "win32_io.h" 144#include <isc/win32os.h> 145#endif 146 147/* 148 * We do asynchronous input using the SIGIO facility. A number of 149 * recvbuf buffers are preallocated for input. In the signal 150 * handler we poll to see which sockets are ready and read the 151 * packets from them into the recvbuf's along with a time stamp and 152 * an indication of the source host and the interface it was received 153 * through. This allows us to get as accurate receive time stamps 154 * as possible independent of other processing going on. 155 * 156 * We watch the number of recvbufs available to the signal handler 157 * and allocate more when this number drops below the low water 158 * mark. If the signal handler should run out of buffers in the 159 * interim it will drop incoming frames, the idea being that it is 160 * better to drop a packet than to be inaccurate. 161 */ 162 163 164/* 165 * Other statistics of possible interest 166 */ 167volatile u_long packets_dropped; /* total number of packets dropped on reception */ 168volatile u_long packets_ignored; /* packets received on wild card interface */ 169volatile u_long packets_received; /* total number of packets received */ 170 u_long packets_sent; /* total number of packets sent */ 171 u_long packets_notsent; /* total number of packets which couldn't be sent */ 172 173volatile u_long handler_calls; /* number of calls to interrupt handler */ 174volatile u_long handler_pkts; /* number of pkts received by handler */ 175u_long io_timereset; /* time counters were reset */ 176 177/* 178 * Interface stuff 179 */ 180endpt * any_interface; /* wildcard ipv4 interface */ 181endpt * any6_interface; /* wildcard ipv6 interface */ 182endpt * loopback_interface; /* loopback ipv4 interface */ 183 184isc_boolean_t broadcast_client_enabled; /* is broadcast client enabled */ 185u_int sys_ifnum; /* next .ifnum to assign */ 186int ninterfaces; /* Total number of interfaces */ 187 188int disable_dynamic_updates; /* scan interfaces once only */ 189 190#ifdef REFCLOCK 191/* 192 * Refclock stuff. We keep a chain of structures with data concerning 193 * the guys we are doing I/O for. 194 */ 195static struct refclockio *refio; 196#endif /* REFCLOCK */ 197 198/* 199 * File descriptor masks etc. for call to select 200 * Not needed for I/O Completion Ports or anything outside this file 201 */ 202static fd_set activefds; 203static int maxactivefd; 204 205/* 206 * bit alternating value to detect verified interfaces during an update cycle 207 */ 208static u_short sys_interphase = 0; 209 210static endpt * new_interface(endpt *); 211static void add_interface(endpt *); 212static int update_interfaces(u_short, interface_receiver_t, 213 void *); 214static void remove_interface(endpt *); 215static endpt * create_interface(u_short, endpt *); 216 217static int is_wildcard_addr (const sockaddr_u *); 218 219/* 220 * Multicast functions 221 */ 222static isc_boolean_t addr_ismulticast (sockaddr_u *); 223static isc_boolean_t is_anycast (sockaddr_u *, 224 const char *); 225 226/* 227 * Not all platforms support multicast 228 */ 229#ifdef MCAST 230static isc_boolean_t socket_multicast_enable (endpt *, sockaddr_u *); 231static isc_boolean_t socket_multicast_disable(endpt *, sockaddr_u *); 232#endif 233 234#ifdef DEBUG 235static void interface_dump (const endpt *); 236static void sockaddr_dump (const sockaddr_u *); 237static void print_interface (const endpt *, const char *, const char *); 238#define DPRINT_INTERFACE(level, args) do { if (debug >= (level)) { print_interface args; } } while (0) 239#else 240#define DPRINT_INTERFACE(level, args) do {} while (0) 241#endif 242 243typedef struct vsock vsock_t; 244enum desc_type { FD_TYPE_SOCKET, FD_TYPE_FILE }; 245 246struct vsock { 247 vsock_t * link; 248 SOCKET fd; 249 enum desc_type type; 250}; 251 252vsock_t *fd_list; 253 254#if !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) 255/* 256 * async notification processing (e. g. routing sockets) 257 */ 258/* 259 * support for receiving data on fd that is not a refclock or a socket 260 * like e. g. routing sockets 261 */ 262struct asyncio_reader { 263 struct asyncio_reader *link; /* the list this is being kept in */ 264 SOCKET fd; /* fd to be read */ 265 void *data; /* possibly local data */ 266 void (*receiver)(struct asyncio_reader *); /* input handler */ 267}; 268 269struct asyncio_reader *asyncio_reader_list; 270 271static void delete_asyncio_reader (struct asyncio_reader *); 272static struct asyncio_reader *new_asyncio_reader (void); 273static void add_asyncio_reader (struct asyncio_reader *, enum desc_type); 274static void remove_asyncio_reader (struct asyncio_reader *); 275 276#endif /* !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) */ 277 278static void init_async_notifications (void); 279 280static int addr_eqprefix (const sockaddr_u *, const sockaddr_u *, 281 int); 282static int addr_samesubnet (const sockaddr_u *, const sockaddr_u *, 283 const sockaddr_u *, const sockaddr_u *); 284static int create_sockets (u_short); 285static SOCKET open_socket (sockaddr_u *, int, int, endpt *); 286static void set_reuseaddr (int); 287static isc_boolean_t socket_broadcast_enable (struct interface *, SOCKET, sockaddr_u *); 288 289#if !defined(HAVE_IO_COMPLETION_PORT) && !defined(HAVE_SIGNALED_IO) 290static char * fdbits (int, const fd_set *); 291#endif 292#ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES 293static isc_boolean_t socket_broadcast_disable (struct interface *, sockaddr_u *); 294#endif 295 296typedef struct remaddr remaddr_t; 297 298struct remaddr { 299 remaddr_t * link; 300 sockaddr_u addr; 301 endpt * ep; 302}; 303 304remaddr_t * remoteaddr_list; 305endpt * ep_list; /* complete endpt list */ 306endpt * mc4_list; /* IPv4 mcast-capable unicast endpts */ 307endpt * mc6_list; /* IPv6 mcast-capable unicast endpts */ 308 309static endpt * wildipv4; 310static endpt * wildipv6; 311 312#ifdef SYS_WINNT 313int accept_wildcard_if_for_winnt; 314#else 315const int accept_wildcard_if_for_winnt = FALSE; 316#endif 317 318static void add_fd_to_list (SOCKET, enum desc_type); 319static endpt * find_addr_in_list (sockaddr_u *); 320static endpt * find_flagged_addr_in_list(sockaddr_u *, u_int32); 321static void delete_addr_from_list (sockaddr_u *); 322static void delete_interface_from_list(endpt *); 323static void close_and_delete_fd_from_list(SOCKET); 324static void add_addr_to_list (sockaddr_u *, endpt *); 325static void create_wildcards (u_short); 326static endpt * findlocalinterface (sockaddr_u *, int, int); 327static endpt * findclosestinterface (sockaddr_u *, int); 328#ifdef DEBUG 329static const char * action_text (nic_rule_action); 330#endif 331static nic_rule_action interface_action(char *, sockaddr_u *, u_int32); 332static void convert_isc_if (isc_interface_t *, 333 endpt *, u_short); 334static void calc_addr_distance(sockaddr_u *, 335 const sockaddr_u *, 336 const sockaddr_u *); 337static int cmp_addr_distance(const sockaddr_u *, 338 const sockaddr_u *); 339 340/* 341 * Routines to read the ntp packets 342 */ 343#if !defined(HAVE_IO_COMPLETION_PORT) 344static inline int read_network_packet (SOCKET, struct interface *, l_fp); 345static void ntpd_addremove_io_fd (int, int, int); 346static void input_handler_scan (const l_fp*, const fd_set*); 347static int/*BOOL*/ sanitize_fdset (int errc); 348#ifdef REFCLOCK 349static inline int read_refclock_packet (SOCKET, struct refclockio *, l_fp); 350#endif 351#ifdef HAVE_SIGNALED_IO 352static void input_handler (l_fp*); 353#endif 354#endif 355 356 357#ifndef HAVE_IO_COMPLETION_PORT 358void 359maintain_activefds( 360 int fd, 361 int closing 362 ) 363{ 364 int i; 365 366 if (fd < 0 || fd >= FD_SETSIZE) { 367 msyslog(LOG_ERR, 368 "Too many sockets in use, FD_SETSIZE %d exceeded by fd %d", 369 FD_SETSIZE, fd); 370 exit(1); 371 } 372 373 if (!closing) { 374 FD_SET(fd, &activefds); 375 maxactivefd = max(fd, maxactivefd); 376 } else { 377 FD_CLR(fd, &activefds); 378 if (maxactivefd && fd == maxactivefd) { 379 for (i = maxactivefd - 1; i >= 0; i--) 380 if (FD_ISSET(i, &activefds)) { 381 maxactivefd = i; 382 break; 383 } 384 INSIST(fd != maxactivefd); 385 } 386 } 387} 388#endif /* !HAVE_IO_COMPLETION_PORT */ 389 390 391#ifdef DEBUG_TIMING 392/* 393 * collect timing information for various processing 394 * paths. currently we only pass them on to the file 395 * for later processing. this could also do histogram 396 * based analysis in other to reduce the load (and skew) 397 * dur to the file output 398 */ 399void 400collect_timing(struct recvbuf *rb, const char *tag, int count, l_fp *dts) 401{ 402 char buf[256]; 403 404 snprintf(buf, sizeof(buf), "%s %d %s %s", 405 (rb != NULL) 406 ? ((rb->dstadr != NULL) 407 ? stoa(&rb->recv_srcadr) 408 : "-REFCLOCK-") 409 : "-", 410 count, lfptoa(dts, 9), tag); 411 record_timing_stats(buf); 412} 413#endif 414 415/* 416 * About dynamic interfaces, sockets, reception and more... 417 * 418 * the code solves following tasks: 419 * 420 * - keep a current list of active interfaces in order 421 * to bind to to the interface address on NTP_PORT so that 422 * all wild and specific bindings for NTP_PORT are taken by ntpd 423 * to avoid other daemons messing with the time or sockets. 424 * - all interfaces keep a list of peers that are referencing 425 * the interface in order to quickly re-assign the peers to 426 * new interface in case an interface is deleted (=> gone from system or 427 * down) 428 * - have a preconfigured socket ready with the right local address 429 * for transmission and reception 430 * - have an address list for all destination addresses used within ntpd 431 * to find the "right" preconfigured socket. 432 * - facilitate updating the internal interface list with respect to 433 * the current kernel state 434 * 435 * special issues: 436 * 437 * - mapping of multicast addresses to the interface affected is not always 438 * one to one - especially on hosts with multiple interfaces 439 * the code here currently allocates a separate interface entry for those 440 * multicast addresses 441 * iff it is able to bind to a *new* socket with the multicast address (flags |= MCASTIF) 442 * in case of failure the multicast address is bound to an existing interface. 443 * - on some systems it is perfectly legal to assign the same address to 444 * multiple interfaces. Therefore this code does not keep a list of interfaces 445 * but a list of interfaces that represent a unique address as determined by the kernel 446 * by the procedure in findlocalinterface. Thus it is perfectly legal to see only 447 * one representative of a group of real interfaces if they share the same address. 448 * 449 * Frank Kardel 20050910 450 */ 451 452/* 453 * init_io - initialize I/O module. 454 */ 455void 456init_io(void) 457{ 458 /* Init buffer free list and stat counters */ 459 init_recvbuff(RECV_INIT); 460 /* update interface every 5 minutes as default */ 461 interface_interval = 300; 462 463#ifdef WORK_PIPE 464 addremove_io_fd = &ntpd_addremove_io_fd; 465#endif 466 467#if defined(SYS_WINNT) 468 init_io_completion_port(); 469#elif defined(HAVE_SIGNALED_IO) 470 (void) set_signal(input_handler); 471#endif 472} 473 474 475static void 476ntpd_addremove_io_fd( 477 int fd, 478 int is_pipe, 479 int remove_it 480 ) 481{ 482 UNUSED_ARG(is_pipe); 483 484#ifdef HAVE_SIGNALED_IO 485 if (!remove_it) 486 init_socket_sig(fd); 487#endif /* not HAVE_SIGNALED_IO */ 488 489 maintain_activefds(fd, remove_it); 490} 491 492 493/* 494 * io_open_sockets - call socket creation routine 495 */ 496void 497io_open_sockets(void) 498{ 499 static int already_opened; 500 501 if (already_opened || HAVE_OPT( SAVECONFIGQUIT )) 502 return; 503 504 already_opened = 1; 505 506 /* 507 * Create the sockets 508 */ 509 BLOCKIO(); 510 create_sockets(NTP_PORT); 511 UNBLOCKIO(); 512 513 init_async_notifications(); 514 515 DPRINTF(3, ("io_open_sockets: maxactivefd %d\n", maxactivefd)); 516} 517 518 519#ifdef DEBUG 520/* 521 * function to dump the contents of the interface structure 522 * for debugging use only. 523 */ 524void 525interface_dump(const endpt *itf) 526{ 527 printf("Dumping interface: %p\n", itf); 528 printf("fd = %d\n", itf->fd); 529 printf("bfd = %d\n", itf->bfd); 530 printf("sin = %s,\n", stoa(&itf->sin)); 531 sockaddr_dump(&itf->sin); 532 printf("bcast = %s,\n", stoa(&itf->bcast)); 533 sockaddr_dump(&itf->bcast); 534 printf("mask = %s,\n", stoa(&itf->mask)); 535 sockaddr_dump(&itf->mask); 536 printf("name = %s\n", itf->name); 537 printf("flags = 0x%08x\n", itf->flags); 538 printf("last_ttl = %d\n", itf->last_ttl); 539 printf("addr_refid = %08x\n", itf->addr_refid); 540 printf("num_mcast = %d\n", itf->num_mcast); 541 printf("received = %ld\n", itf->received); 542 printf("sent = %ld\n", itf->sent); 543 printf("notsent = %ld\n", itf->notsent); 544 printf("ifindex = %u\n", itf->ifindex); 545 printf("peercnt = %u\n", itf->peercnt); 546 printf("phase = %u\n", itf->phase); 547} 548 549/* 550 * sockaddr_dump - hex dump the start of a sockaddr_u 551 */ 552static void 553sockaddr_dump(const sockaddr_u *psau) 554{ 555 /* Limit the size of the sockaddr_in6 hex dump */ 556 const int maxsize = min(32, sizeof(psau->sa6)); 557 const u_char * cp; 558 int i; 559 560 /* XXX: Should we limit maxsize based on psau->saX.sin_family? */ 561 cp = (const void *)&psau->sa6; 562 563 for(i = 0; i < maxsize; i++) { 564 printf("%02x", *cp++); 565 if (!((i + 1) % 4)) 566 printf(" "); 567 } 568 printf("\n"); 569} 570 571/* 572 * print_interface - helper to output debug information 573 */ 574static void 575print_interface(const endpt *iface, const char *pfx, const char *sfx) 576{ 577 printf("%sinterface #%d: fd=%d, bfd=%d, name=%s, flags=0x%x, ifindex=%u, sin=%s", 578 pfx, 579 iface->ifnum, 580 iface->fd, 581 iface->bfd, 582 iface->name, 583 iface->flags, 584 iface->ifindex, 585 stoa(&iface->sin)); 586 if (AF_INET == iface->family) { 587 if (iface->flags & INT_BROADCAST) 588 printf(", bcast=%s", stoa(&iface->bcast)); 589 printf(", mask=%s", stoa(&iface->mask)); 590 } 591 printf(", %s:%s", 592 (iface->ignore_packets) 593 ? "Disabled" 594 : "Enabled", 595 sfx); 596 if (debug > 4) /* in-depth debugging only */ 597 interface_dump(iface); 598} 599#endif 600 601#if !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) 602/* 603 * create an asyncio_reader structure 604 */ 605static struct asyncio_reader * 606new_asyncio_reader(void) 607{ 608 struct asyncio_reader *reader; 609 610 reader = emalloc_zero(sizeof(*reader)); 611 reader->fd = INVALID_SOCKET; 612 613 return reader; 614} 615 616/* 617 * delete a reader 618 */ 619static void 620delete_asyncio_reader( 621 struct asyncio_reader *reader 622 ) 623{ 624 free(reader); 625} 626 627/* 628 * add asynchio_reader 629 */ 630static void 631add_asyncio_reader( 632 struct asyncio_reader * reader, 633 enum desc_type type) 634{ 635 LINK_SLIST(asyncio_reader_list, reader, link); 636 add_fd_to_list(reader->fd, type); 637} 638 639/* 640 * remove asynchio_reader 641 */ 642static void 643remove_asyncio_reader( 644 struct asyncio_reader *reader 645 ) 646{ 647 struct asyncio_reader *unlinked; 648 649 UNLINK_SLIST(unlinked, asyncio_reader_list, reader, link, 650 struct asyncio_reader); 651 652 if (reader->fd != INVALID_SOCKET) 653 close_and_delete_fd_from_list(reader->fd); 654 655 reader->fd = INVALID_SOCKET; 656} 657#endif /* !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) */ 658 659 660/* compare two sockaddr prefixes */ 661static int 662addr_eqprefix( 663 const sockaddr_u * a, 664 const sockaddr_u * b, 665 int prefixlen 666 ) 667{ 668 isc_netaddr_t isc_a; 669 isc_netaddr_t isc_b; 670 isc_sockaddr_t isc_sa; 671 672 ZERO(isc_sa); 673 memcpy(&isc_sa.type, a, min(sizeof(isc_sa.type), sizeof(*a))); 674 isc_netaddr_fromsockaddr(&isc_a, &isc_sa); 675 676 ZERO(isc_sa); 677 memcpy(&isc_sa.type, b, min(sizeof(isc_sa.type), sizeof(*b))); 678 isc_netaddr_fromsockaddr(&isc_b, &isc_sa); 679 680 return (int)isc_netaddr_eqprefix(&isc_a, &isc_b, 681 (u_int)prefixlen); 682} 683 684 685static int 686addr_samesubnet( 687 const sockaddr_u * a, 688 const sockaddr_u * a_mask, 689 const sockaddr_u * b, 690 const sockaddr_u * b_mask 691 ) 692{ 693 const u_int32 * pa; 694 const u_int32 * pa_limit; 695 const u_int32 * pb; 696 const u_int32 * pm; 697 size_t loops; 698 699 REQUIRE(AF(a) == AF(a_mask)); 700 REQUIRE(AF(b) == AF(b_mask)); 701 /* 702 * With address and mask families verified to match, comparing 703 * the masks also validates the address's families match. 704 */ 705 if (!SOCK_EQ(a_mask, b_mask)) 706 return FALSE; 707 708 if (IS_IPV6(a)) { 709 loops = sizeof(NSRCADR6(a)) / sizeof(*pa); 710 pa = (const void *)&NSRCADR6(a); 711 pb = (const void *)&NSRCADR6(b); 712 pm = (const void *)&NSRCADR6(a_mask); 713 } else { 714 loops = sizeof(NSRCADR(a)) / sizeof(*pa); 715 pa = (const void *)&NSRCADR(a); 716 pb = (const void *)&NSRCADR(b); 717 pm = (const void *)&NSRCADR(a_mask); 718 } 719 for (pa_limit = pa + loops; pa < pa_limit; pa++, pb++, pm++) 720 if ((*pa & *pm) != (*pb & *pm)) 721 return FALSE; 722 723 return TRUE; 724} 725 726 727/* 728 * interface list enumerator - visitor pattern 729 */ 730void 731interface_enumerate( 732 interface_receiver_t receiver, 733 void * data 734 ) 735{ 736 interface_info_t ifi; 737 738 ifi.action = IFS_EXISTS; 739 for (ifi.ep = ep_list; ifi.ep != NULL; ifi.ep = ifi.ep->elink) 740 (*receiver)(data, &ifi); 741} 742 743/* 744 * do standard initialization of interface structure 745 */ 746static void 747init_interface( 748 endpt *ep 749 ) 750{ 751 ZERO(*ep); 752 ep->fd = INVALID_SOCKET; 753 ep->bfd = INVALID_SOCKET; 754 ep->phase = sys_interphase; 755} 756 757 758/* 759 * create new interface structure initialize from 760 * template structure or via standard initialization 761 * function 762 */ 763static struct interface * 764new_interface( 765 struct interface *interface 766 ) 767{ 768 struct interface * iface; 769 770 iface = emalloc(sizeof(*iface)); 771 772 if (NULL == interface) 773 init_interface(iface); 774 else /* use the template */ 775 memcpy(iface, interface, sizeof(*iface)); 776 777 /* count every new instance of an interface in the system */ 778 iface->ifnum = sys_ifnum++; 779 iface->starttime = current_time; 780 781 return iface; 782} 783 784 785/* 786 * return interface storage into free memory pool 787 */ 788static inline void 789delete_interface( 790 endpt *ep 791 ) 792{ 793 free(ep); 794} 795 796 797/* 798 * link interface into list of known interfaces 799 */ 800static void 801add_interface( 802 endpt * ep 803 ) 804{ 805 endpt ** pmclisthead; 806 endpt * scan; 807 endpt * scan_next; 808 endpt * unlinked; 809 sockaddr_u * addr; 810 int ep_local; 811 int scan_local; 812 int same_subnet; 813 int ep_univ_iid; /* iface ID from MAC address */ 814 int scan_univ_iid; /* see RFC 4291 */ 815 int ep_privacy; /* random local iface ID */ 816 int scan_privacy; /* see RFC 4941 */ 817 int rc; 818 819 /* Calculate the refid */ 820 ep->addr_refid = addr2refid(&ep->sin); 821 /* link at tail so ntpdc -c ifstats index increases each row */ 822 LINK_TAIL_SLIST(ep_list, ep, elink, endpt); 823 ninterfaces++; 824#ifdef MCAST 825 /* the rest is for enabled multicast-capable addresses only */ 826 if (ep->ignore_packets || !(INT_MULTICAST & ep->flags) || 827 INT_LOOPBACK & ep->flags) 828 return; 829# ifndef INCLUDE_IPV6_MULTICAST_SUPPORT 830 if (AF_INET6 == ep->family) 831 return; 832# endif 833 pmclisthead = (AF_INET == ep->family) 834 ? &mc4_list 835 : &mc6_list; 836 837 if (AF_INET6 == ep->family) { 838 ep_local = 839 IN6_IS_ADDR_LINKLOCAL(PSOCK_ADDR6(&ep->sin)) || 840 IN6_IS_ADDR_SITELOCAL(PSOCK_ADDR6(&ep->sin)); 841 ep_univ_iid = IS_IID_UNIV(&ep->sin); 842 ep_privacy = !!(INT_PRIVACY & ep->flags); 843 } else { 844 ep_local = FALSE; 845 ep_univ_iid = FALSE; 846 ep_privacy = FALSE; 847 } 848 DPRINTF(4, ("add_interface mcast-capable %s%s%s%s\n", 849 stoa(&ep->sin), 850 (ep_local) ? " link/scope-local" : "", 851 (ep_univ_iid) ? " univ-IID" : "", 852 (ep_privacy) ? " privacy" : "")); 853 /* 854 * If we have multiple local addresses on the same network 855 * interface, and some are link- or site-local, do not multicast 856 * out from the link-/site-local addresses by default, to avoid 857 * duplicate manycastclient associations between v6 peers using 858 * link-local and global addresses. link-local can still be 859 * chosen using "nic ignore myv6globalprefix::/64". 860 * Similarly, if we have multiple global addresses from the same 861 * prefix on the same network interface, multicast from one, 862 * preferring EUI-64, then static, then least RFC 4941 privacy 863 * addresses. 864 */ 865 for (scan = *pmclisthead; scan != NULL; scan = scan_next) { 866 scan_next = scan->mclink; 867 if (ep->family != scan->family) 868 continue; 869 if (strcmp(ep->name, scan->name)) 870 continue; 871 same_subnet = addr_samesubnet(&ep->sin, &ep->mask, 872 &scan->sin, &scan->mask); 873 if (AF_INET6 == ep->family) { 874 addr = &scan->sin; 875 scan_local = 876 IN6_IS_ADDR_LINKLOCAL(PSOCK_ADDR6(addr)) || 877 IN6_IS_ADDR_SITELOCAL(PSOCK_ADDR6(addr)); 878 scan_univ_iid = IS_IID_UNIV(addr); 879 scan_privacy = !!(INT_PRIVACY & scan->flags); 880 } else { 881 scan_local = FALSE; 882 scan_univ_iid = FALSE; 883 scan_privacy = FALSE; 884 } 885 DPRINTF(4, ("add_interface mcast-capable scan %s%s%s%s\n", 886 stoa(&scan->sin), 887 (scan_local) ? " link/scope-local" : "", 888 (scan_univ_iid) ? " univ-IID" : "", 889 (scan_privacy) ? " privacy" : "")); 890 if ((ep_local && !scan_local) || (same_subnet && 891 ((ep_privacy && !scan_privacy) || 892 (!ep_univ_iid && scan_univ_iid)))) { 893 DPRINTF(4, ("did not add %s to %s of IPv6 multicast-capable list which already has %s\n", 894 stoa(&ep->sin), 895 (ep_local) 896 ? "tail" 897 : "head", 898 stoa(&scan->sin))); 899 return; 900 } 901 if ((scan_local && !ep_local) || (same_subnet && 902 ((scan_privacy && !ep_privacy) || 903 (!scan_univ_iid && ep_univ_iid)))) { 904 UNLINK_SLIST(unlinked, *pmclisthead, 905 scan, mclink, endpt); 906 DPRINTF(4, ("%s %s from IPv6 multicast-capable list to add %s\n", 907 (unlinked != scan) 908 ? "Failed to remove" 909 : "removed", 910 stoa(&scan->sin), stoa(&ep->sin))); 911 } 912 } 913 /* 914 * Add link/site local at the tail of the multicast- 915 * capable unicast interfaces list, so that ntpd will 916 * send from global addresses before link-/site-local 917 * ones. 918 */ 919 if (ep_local) 920 LINK_TAIL_SLIST(*pmclisthead, ep, mclink, endpt); 921 else 922 LINK_SLIST(*pmclisthead, ep, mclink); 923 DPRINTF(4, ("added %s to %s of IPv%s multicast-capable unicast local address list\n", 924 stoa(&ep->sin), 925 (ep_local) 926 ? "tail" 927 : "head", 928 (AF_INET == ep->family) 929 ? "4" 930 : "6")); 931 932 if (INVALID_SOCKET == ep->fd) 933 return; 934 935 /* 936 * select the local address from which to send to multicast. 937 */ 938 switch (AF(&ep->sin)) { 939 940 case AF_INET : 941 rc = setsockopt(ep->fd, IPPROTO_IP, 942 IP_MULTICAST_IF, 943 (void *)&NSRCADR(&ep->sin), 944 sizeof(NSRCADR(&ep->sin))); 945 if (rc) 946 msyslog(LOG_ERR, 947 "setsockopt IP_MULTICAST_IF %s fails: %m", 948 stoa(&ep->sin)); 949 break; 950 951# ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 952 case AF_INET6 : 953 rc = setsockopt(ep->fd, IPPROTO_IPV6, 954 IPV6_MULTICAST_IF, 955 (void *)&ep->ifindex, 956 sizeof(ep->ifindex)); 957 /* do not complain if bound addr scope is ifindex */ 958 if (rc && ep->ifindex != SCOPE(&ep->sin)) 959 msyslog(LOG_ERR, 960 "setsockopt IPV6_MULTICAST_IF %u for %s fails: %m", 961 ep->ifindex, stoa(&ep->sin)); 962 break; 963# endif 964 } 965#endif /* MCAST */ 966} 967 968 969/* 970 * remove interface from known interface list and clean up 971 * associated resources 972 */ 973static void 974remove_interface( 975 endpt * ep 976 ) 977{ 978 endpt * unlinked; 979 endpt ** pmclisthead; 980 sockaddr_u resmask; 981 982 UNLINK_SLIST(unlinked, ep_list, ep, elink, endpt); 983 if (!ep->ignore_packets && INT_MULTICAST & ep->flags) { 984 pmclisthead = (AF_INET == ep->family) 985 ? &mc4_list 986 : &mc6_list; 987 UNLINK_SLIST(unlinked, *pmclisthead, ep, mclink, endpt); 988 DPRINTF(4, ("%s %s IPv%s multicast-capable unicast local address list\n", 989 stoa(&ep->sin), 990 (unlinked != NULL) 991 ? "removed from" 992 : "not found on", 993 (AF_INET == ep->family) 994 ? "4" 995 : "6")); 996 } 997 delete_interface_from_list(ep); 998 999 if (ep->fd != INVALID_SOCKET) { 1000 msyslog(LOG_INFO, 1001 "Deleting interface #%d %s, %s#%d, interface stats: received=%ld, sent=%ld, dropped=%ld, active_time=%ld secs", 1002 ep->ifnum, 1003 ep->name, 1004 stoa(&ep->sin), 1005 SRCPORT(&ep->sin), 1006 ep->received, 1007 ep->sent, 1008 ep->notsent, 1009 current_time - ep->starttime); 1010 close_and_delete_fd_from_list(ep->fd); 1011 ep->fd = INVALID_SOCKET; 1012 } 1013 1014 if (ep->bfd != INVALID_SOCKET) { 1015 msyslog(LOG_INFO, 1016 "stop listening for broadcasts to %s on interface #%d %s", 1017 stoa(&ep->bcast), ep->ifnum, ep->name); 1018 close_and_delete_fd_from_list(ep->bfd); 1019 ep->bfd = INVALID_SOCKET; 1020 ep->flags &= ~INT_BCASTOPEN; 1021 } 1022 1023 ninterfaces--; 1024 mon_clearinterface(ep); 1025 1026 /* remove restrict interface entry */ 1027 SET_HOSTMASK(&resmask, AF(&ep->sin)); 1028 hack_restrict(RESTRICT_REMOVEIF, &ep->sin, &resmask, 1029 RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0); 1030} 1031 1032 1033static void 1034log_listen_address( 1035 endpt * ep 1036 ) 1037{ 1038 msyslog(LOG_INFO, "%s on %d %s %s", 1039 (ep->ignore_packets) 1040 ? "Listen and drop" 1041 : "Listen normally", 1042 ep->ifnum, 1043 ep->name, 1044 sptoa(&ep->sin)); 1045} 1046 1047 1048static void 1049create_wildcards( 1050 u_short port 1051 ) 1052{ 1053 int v4wild; 1054#ifdef INCLUDE_IPV6_SUPPORT 1055 int v6wild; 1056#endif 1057 sockaddr_u wildaddr; 1058 nic_rule_action action; 1059 struct interface * wildif; 1060 1061 /* 1062 * silence "potentially uninitialized" warnings from VC9 1063 * failing to follow the logic. Ideally action could remain 1064 * uninitialized, and the memset be the first statement under 1065 * the first if (v4wild). 1066 */ 1067 action = ACTION_LISTEN; 1068 ZERO(wildaddr); 1069 1070#ifdef INCLUDE_IPV6_SUPPORT 1071 /* 1072 * create pseudo-interface with wildcard IPv6 address 1073 */ 1074 v6wild = ipv6_works; 1075 if (v6wild) { 1076 /* set wildaddr to the v6 wildcard address :: */ 1077 ZERO(wildaddr); 1078 AF(&wildaddr) = AF_INET6; 1079 SET_ADDR6N(&wildaddr, in6addr_any); 1080 SET_PORT(&wildaddr, port); 1081 SET_SCOPE(&wildaddr, 0); 1082 1083 /* check for interface/nic rules affecting the wildcard */ 1084 action = interface_action(NULL, &wildaddr, 0); 1085 v6wild = (ACTION_IGNORE != action); 1086 } 1087 if (v6wild) { 1088 wildif = new_interface(NULL); 1089 1090 strlcpy(wildif->name, "v6wildcard", sizeof(wildif->name)); 1091 memcpy(&wildif->sin, &wildaddr, sizeof(wildif->sin)); 1092 wildif->family = AF_INET6; 1093 AF(&wildif->mask) = AF_INET6; 1094 SET_ONESMASK(&wildif->mask); 1095 1096 wildif->flags = INT_UP | INT_WILDCARD; 1097 wildif->ignore_packets = (ACTION_DROP == action); 1098 1099 wildif->fd = open_socket(&wildif->sin, 0, 1, wildif); 1100 1101 if (wildif->fd != INVALID_SOCKET) { 1102 wildipv6 = wildif; 1103 any6_interface = wildif; 1104 add_addr_to_list(&wildif->sin, wildif); 1105 add_interface(wildif); 1106 log_listen_address(wildif); 1107 } else { 1108 msyslog(LOG_ERR, 1109 "unable to bind to wildcard address %s - another process may be running - EXITING", 1110 stoa(&wildif->sin)); 1111 exit(1); 1112 } 1113 DPRINT_INTERFACE(2, (wildif, "created ", "\n")); 1114 } 1115#endif 1116 1117 /* 1118 * create pseudo-interface with wildcard IPv4 address 1119 */ 1120 v4wild = ipv4_works; 1121 if (v4wild) { 1122 /* set wildaddr to the v4 wildcard address 0.0.0.0 */ 1123 AF(&wildaddr) = AF_INET; 1124 SET_ADDR4N(&wildaddr, INADDR_ANY); 1125 SET_PORT(&wildaddr, port); 1126 1127 /* check for interface/nic rules affecting the wildcard */ 1128 action = interface_action(NULL, &wildaddr, 0); 1129 v4wild = (ACTION_IGNORE != action); 1130 } 1131 if (v4wild) { 1132 wildif = new_interface(NULL); 1133 1134 strlcpy(wildif->name, "v4wildcard", sizeof(wildif->name)); 1135 memcpy(&wildif->sin, &wildaddr, sizeof(wildif->sin)); 1136 wildif->family = AF_INET; 1137 AF(&wildif->mask) = AF_INET; 1138 SET_ONESMASK(&wildif->mask); 1139 1140 wildif->flags = INT_BROADCAST | INT_UP | INT_WILDCARD; 1141 wildif->ignore_packets = (ACTION_DROP == action); 1142#if defined(MCAST) 1143 /* 1144 * enable multicast reception on the broadcast socket 1145 */ 1146 AF(&wildif->bcast) = AF_INET; 1147 SET_ADDR4N(&wildif->bcast, INADDR_ANY); 1148 SET_PORT(&wildif->bcast, port); 1149#endif /* MCAST */ 1150 wildif->fd = open_socket(&wildif->sin, 0, 1, wildif); 1151 1152 if (wildif->fd != INVALID_SOCKET) { 1153 wildipv4 = wildif; 1154 any_interface = wildif; 1155 1156 add_addr_to_list(&wildif->sin, wildif); 1157 add_interface(wildif); 1158 log_listen_address(wildif); 1159 } else { 1160 msyslog(LOG_ERR, 1161 "unable to bind to wildcard address %s - another process may be running - EXITING", 1162 stoa(&wildif->sin)); 1163 exit(1); 1164 } 1165 DPRINT_INTERFACE(2, (wildif, "created ", "\n")); 1166 } 1167} 1168 1169 1170/* 1171 * add_nic_rule() -- insert a rule entry at the head of nic_rule_list. 1172 */ 1173void 1174add_nic_rule( 1175 nic_rule_match match_type, 1176 const char * if_name, /* interface name or numeric address */ 1177 int prefixlen, 1178 nic_rule_action action 1179 ) 1180{ 1181 nic_rule * rule; 1182 isc_boolean_t is_ip; 1183 1184 rule = emalloc_zero(sizeof(*rule)); 1185 rule->match_type = match_type; 1186 rule->prefixlen = prefixlen; 1187 rule->action = action; 1188 1189 if (MATCH_IFNAME == match_type) { 1190 REQUIRE(NULL != if_name); 1191 rule->if_name = estrdup(if_name); 1192 } else if (MATCH_IFADDR == match_type) { 1193 REQUIRE(NULL != if_name); 1194 /* set rule->addr */ 1195 is_ip = is_ip_address(if_name, AF_UNSPEC, &rule->addr); 1196 REQUIRE(is_ip); 1197 } else 1198 REQUIRE(NULL == if_name); 1199 1200 LINK_SLIST(nic_rule_list, rule, next); 1201} 1202 1203 1204#ifdef DEBUG 1205static const char * 1206action_text( 1207 nic_rule_action action 1208 ) 1209{ 1210 const char *t; 1211 1212 switch (action) { 1213 1214 default: 1215 t = "ERROR"; /* quiet uninit warning */ 1216 DPRINTF(1, ("fatal: unknown nic_rule_action %d\n", 1217 action)); 1218 ENSURE(0); 1219 break; 1220 1221 case ACTION_LISTEN: 1222 t = "listen"; 1223 break; 1224 1225 case ACTION_IGNORE: 1226 t = "ignore"; 1227 break; 1228 1229 case ACTION_DROP: 1230 t = "drop"; 1231 break; 1232 } 1233 1234 return t; 1235} 1236#endif /* DEBUG */ 1237 1238 1239static nic_rule_action 1240interface_action( 1241 char * if_name, 1242 sockaddr_u * if_addr, 1243 u_int32 if_flags 1244 ) 1245{ 1246 nic_rule * rule; 1247 int isloopback; 1248 int iswildcard; 1249 1250 DPRINTF(4, ("interface_action: interface %s ", 1251 (if_name != NULL) ? if_name : "wildcard")); 1252 1253 iswildcard = is_wildcard_addr(if_addr); 1254 isloopback = !!(INT_LOOPBACK & if_flags); 1255 1256 /* 1257 * Find any matching NIC rule from --interface / -I or ntp.conf 1258 * interface/nic rules. 1259 */ 1260 for (rule = nic_rule_list; rule != NULL; rule = rule->next) { 1261 1262 switch (rule->match_type) { 1263 1264 case MATCH_ALL: 1265 /* loopback and wildcard excluded from "all" */ 1266 if (isloopback || iswildcard) 1267 break; 1268 DPRINTF(4, ("nic all %s\n", 1269 action_text(rule->action))); 1270 return rule->action; 1271 1272 case MATCH_IPV4: 1273 if (IS_IPV4(if_addr)) { 1274 DPRINTF(4, ("nic ipv4 %s\n", 1275 action_text(rule->action))); 1276 return rule->action; 1277 } 1278 break; 1279 1280 case MATCH_IPV6: 1281 if (IS_IPV6(if_addr)) { 1282 DPRINTF(4, ("nic ipv6 %s\n", 1283 action_text(rule->action))); 1284 return rule->action; 1285 } 1286 break; 1287 1288 case MATCH_WILDCARD: 1289 if (iswildcard) { 1290 DPRINTF(4, ("nic wildcard %s\n", 1291 action_text(rule->action))); 1292 return rule->action; 1293 } 1294 break; 1295 1296 case MATCH_IFADDR: 1297 if (rule->prefixlen != -1) { 1298 if (addr_eqprefix(if_addr, &rule->addr, 1299 rule->prefixlen)) { 1300 1301 DPRINTF(4, ("subnet address match - %s\n", 1302 action_text(rule->action))); 1303 return rule->action; 1304 } 1305 } else 1306 if (SOCK_EQ(if_addr, &rule->addr)) { 1307 1308 DPRINTF(4, ("address match - %s\n", 1309 action_text(rule->action))); 1310 return rule->action; 1311 } 1312 break; 1313 1314 case MATCH_IFNAME: 1315 if (if_name != NULL 1316#if defined(HAVE_FNMATCH) && defined(FNM_CASEFOLD) 1317 && !fnmatch(rule->if_name, if_name, FNM_CASEFOLD) 1318#else 1319 && !strcasecmp(if_name, rule->if_name) 1320#endif 1321 ) { 1322 1323 DPRINTF(4, ("interface name match - %s\n", 1324 action_text(rule->action))); 1325 return rule->action; 1326 } 1327 break; 1328 } 1329 } 1330 1331 /* 1332 * Unless explicitly disabled such as with "nic ignore ::1" 1333 * listen on loopback addresses. Since ntpq and ntpdc query 1334 * "localhost" by default, which typically resolves to ::1 and 1335 * 127.0.0.1, it's useful to default to listening on both. 1336 */ 1337 if (isloopback) { 1338 DPRINTF(4, ("default loopback listen\n")); 1339 return ACTION_LISTEN; 1340 } 1341 1342 /* 1343 * Treat wildcard addresses specially. If there is no explicit 1344 * "nic ... wildcard" or "nic ... 0.0.0.0" or "nic ... ::" rule 1345 * default to drop. 1346 */ 1347 if (iswildcard) { 1348 DPRINTF(4, ("default wildcard drop\n")); 1349 return ACTION_DROP; 1350 } 1351 1352 /* 1353 * Check for "virtual IP" (colon in the interface name) after 1354 * the rules so that "ntpd --interface eth0:1 -novirtualips" 1355 * does indeed listen on eth0:1's addresses. 1356 */ 1357 if (!listen_to_virtual_ips && if_name != NULL 1358 && (strchr(if_name, ':') != NULL)) { 1359 1360 DPRINTF(4, ("virtual ip - ignore\n")); 1361 return ACTION_IGNORE; 1362 } 1363 1364 /* 1365 * If there are no --interface/-I command-line options and no 1366 * interface/nic rules in ntp.conf, the default action is to 1367 * listen. In the presence of rules from either, the default 1368 * is to ignore. This implements ntpd's traditional listen- 1369 * every default with no interface listen configuration, and 1370 * ensures a single -I eth0 or "nic listen eth0" means do not 1371 * listen on any other addresses. 1372 */ 1373 if (NULL == nic_rule_list) { 1374 DPRINTF(4, ("default listen\n")); 1375 return ACTION_LISTEN; 1376 } 1377 1378 DPRINTF(4, ("implicit ignore\n")); 1379 return ACTION_IGNORE; 1380} 1381 1382 1383static void 1384convert_isc_if( 1385 isc_interface_t *isc_if, 1386 endpt *itf, 1387 u_short port 1388 ) 1389{ 1390 const u_char v6loop[16] = {0, 0, 0, 0, 0, 0, 0, 0, 1391 0, 0, 0, 0, 0, 0, 0, 1}; 1392 1393 strlcpy(itf->name, isc_if->name, sizeof(itf->name)); 1394 itf->ifindex = isc_if->ifindex; 1395 itf->family = (u_short)isc_if->af; 1396 AF(&itf->sin) = itf->family; 1397 AF(&itf->mask) = itf->family; 1398 AF(&itf->bcast) = itf->family; 1399 SET_PORT(&itf->sin, port); 1400 SET_PORT(&itf->mask, port); 1401 SET_PORT(&itf->bcast, port); 1402 1403 if (IS_IPV4(&itf->sin)) { 1404 NSRCADR(&itf->sin) = isc_if->address.type.in.s_addr; 1405 NSRCADR(&itf->mask) = isc_if->netmask.type.in.s_addr; 1406 1407 if (isc_if->flags & INTERFACE_F_BROADCAST) { 1408 itf->flags |= INT_BROADCAST; 1409 NSRCADR(&itf->bcast) = 1410 isc_if->broadcast.type.in.s_addr; 1411 } 1412 } 1413#ifdef INCLUDE_IPV6_SUPPORT 1414 else if (IS_IPV6(&itf->sin)) { 1415 SET_ADDR6N(&itf->sin, isc_if->address.type.in6); 1416 SET_ADDR6N(&itf->mask, isc_if->netmask.type.in6); 1417 1418 SET_SCOPE(&itf->sin, isc_if->address.zone); 1419 } 1420#endif /* INCLUDE_IPV6_SUPPORT */ 1421 1422 1423 /* Process the rest of the flags */ 1424 1425 itf->flags |= 1426 ((INTERFACE_F_UP & isc_if->flags) 1427 ? INT_UP : 0) 1428 | ((INTERFACE_F_LOOPBACK & isc_if->flags) 1429 ? INT_LOOPBACK : 0) 1430 | ((INTERFACE_F_POINTTOPOINT & isc_if->flags) 1431 ? INT_PPP : 0) 1432 | ((INTERFACE_F_MULTICAST & isc_if->flags) 1433 ? INT_MULTICAST : 0) 1434 | ((INTERFACE_F_PRIVACY & isc_if->flags) 1435 ? INT_PRIVACY : 0) 1436 ; 1437 1438 /* 1439 * Clear the loopback flag if the address is not localhost. 1440 * http://bugs.ntp.org/1683 1441 */ 1442 if (INT_LOOPBACK & itf->flags) { 1443 if (AF_INET == itf->family) { 1444 if (127 != (SRCADR(&itf->sin) >> 24)) 1445 itf->flags &= ~INT_LOOPBACK; 1446 } else { 1447 if (memcmp(v6loop, NSRCADR6(&itf->sin), 1448 sizeof(NSRCADR6(&itf->sin)))) 1449 itf->flags &= ~INT_LOOPBACK; 1450 } 1451 } 1452} 1453 1454 1455/* 1456 * refresh_interface 1457 * 1458 * some OSes have been observed to keep 1459 * cached routes even when more specific routes 1460 * become available. 1461 * this can be mitigated by re-binding 1462 * the socket. 1463 */ 1464static int 1465refresh_interface( 1466 struct interface * interface 1467 ) 1468{ 1469#ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES 1470 if (interface->fd != INVALID_SOCKET) { 1471 int bcast = (interface->flags & INT_BCASTXMIT) != 0; 1472 /* as we forcibly close() the socket remove the 1473 broadcast permission indication */ 1474 if (bcast) 1475 socket_broadcast_disable(interface, &interface->sin); 1476 1477 close_and_delete_fd_from_list(interface->fd); 1478 1479 /* create new socket picking up a new first hop binding 1480 at connect() time */ 1481 interface->fd = open_socket(&interface->sin, 1482 bcast, 0, interface); 1483 /* 1484 * reset TTL indication so TTL is is set again 1485 * next time around 1486 */ 1487 interface->last_ttl = 0; 1488 return (interface->fd != INVALID_SOCKET); 1489 } else 1490 return 0; /* invalid sockets are not refreshable */ 1491#else /* !OS_MISSES_SPECIFIC_ROUTE_UPDATES */ 1492 return (interface->fd != INVALID_SOCKET); 1493#endif /* !OS_MISSES_SPECIFIC_ROUTE_UPDATES */ 1494} 1495 1496/* 1497 * interface_update - externally callable update function 1498 */ 1499void 1500interface_update( 1501 interface_receiver_t receiver, 1502 void * data) 1503{ 1504 int new_interface_found; 1505 1506 if (disable_dynamic_updates) 1507 return; 1508 1509 BLOCKIO(); 1510 new_interface_found = update_interfaces(NTP_PORT, receiver, data); 1511 UNBLOCKIO(); 1512 1513 if (!new_interface_found) 1514 return; 1515 1516#ifdef DEBUG 1517 msyslog(LOG_DEBUG, "new interface(s) found: waking up resolver"); 1518#endif 1519 interrupt_worker_sleep(); 1520} 1521 1522 1523/* 1524 * sau_from_netaddr() - convert network address on-wire formats. 1525 * Convert from libisc's isc_netaddr_t to NTP's sockaddr_u 1526 */ 1527void 1528sau_from_netaddr( 1529 sockaddr_u *psau, 1530 const isc_netaddr_t *pna 1531 ) 1532{ 1533 ZERO_SOCK(psau); 1534 AF(psau) = (u_short)pna->family; 1535 switch (pna->family) { 1536 1537 case AF_INET: 1538 memcpy(&psau->sa4.sin_addr, &pna->type.in, 1539 sizeof(psau->sa4.sin_addr)); 1540 break; 1541 1542 case AF_INET6: 1543 memcpy(&psau->sa6.sin6_addr, &pna->type.in6, 1544 sizeof(psau->sa6.sin6_addr)); 1545 break; 1546 } 1547} 1548 1549 1550static int 1551is_wildcard_addr( 1552 const sockaddr_u *psau 1553 ) 1554{ 1555 if (IS_IPV4(psau) && !NSRCADR(psau)) 1556 return 1; 1557 1558#ifdef INCLUDE_IPV6_SUPPORT 1559 if (IS_IPV6(psau) && S_ADDR6_EQ(psau, &in6addr_any)) 1560 return 1; 1561#endif 1562 1563 return 0; 1564} 1565 1566 1567#ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND 1568/* 1569 * enable/disable re-use of wildcard address socket 1570 */ 1571static void 1572set_wildcard_reuse( 1573 u_short family, 1574 int on 1575 ) 1576{ 1577 struct interface *any; 1578 SOCKET fd = INVALID_SOCKET; 1579 1580 any = ANY_INTERFACE_BYFAM(family); 1581 if (any != NULL) 1582 fd = any->fd; 1583 1584 if (fd != INVALID_SOCKET) { 1585 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, 1586 (char *)&on, sizeof(on))) 1587 msyslog(LOG_ERR, 1588 "set_wildcard_reuse: setsockopt(SO_REUSEADDR, %s) failed: %m", 1589 on ? "on" : "off"); 1590 1591 DPRINTF(4, ("set SO_REUSEADDR to %s on %s\n", 1592 on ? "on" : "off", 1593 stoa(&any->sin))); 1594 } 1595} 1596#endif /* OS_NEEDS_REUSEADDR_FOR_IFADDRBIND */ 1597 1598 1599static isc_boolean_t 1600check_flags6( 1601 sockaddr_u *psau, 1602 const char *name, 1603 u_int32 flags6 1604 ) 1605{ 1606#if defined(INCLUDE_IPV6_SUPPORT) && defined(SIOCGIFAFLAG_IN6) 1607 struct in6_ifreq ifr6; 1608 int fd; 1609 1610 if (psau->sa.sa_family != AF_INET6) 1611 return ISC_FALSE; 1612 if ((fd = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) 1613 return ISC_FALSE; 1614 ZERO(ifr6); 1615 memcpy(&ifr6.ifr_addr, &psau->sa6, sizeof(ifr6.ifr_addr)); 1616 strlcpy(ifr6.ifr_name, name, sizeof(ifr6.ifr_name)); 1617 if (ioctl(fd, SIOCGIFAFLAG_IN6, &ifr6) < 0) { 1618 close(fd); 1619 return ISC_FALSE; 1620 } 1621 close(fd); 1622 if ((ifr6.ifr_ifru.ifru_flags6 & flags6) != 0) 1623 return ISC_TRUE; 1624#endif /* INCLUDE_IPV6_SUPPORT && SIOCGIFAFLAG_IN6 */ 1625 return ISC_FALSE; 1626} 1627 1628static isc_boolean_t 1629is_anycast( 1630 sockaddr_u *psau, 1631 const char *name 1632 ) 1633{ 1634#ifdef IN6_IFF_ANYCAST 1635 return check_flags6(psau, name, IN6_IFF_ANYCAST); 1636#else 1637 return ISC_FALSE; 1638#endif 1639} 1640 1641static isc_boolean_t 1642is_valid( 1643 sockaddr_u *psau, 1644 const char *name 1645 ) 1646{ 1647 u_int32 flags6; 1648 1649 flags6 = 0; 1650#ifdef IN6_IFF_DEPARTED 1651 flags6 |= IN6_IFF_DEPARTED; 1652#endif 1653#ifdef IN6_IFF_DETACHED 1654 flags6 |= IN6_IFF_DETACHED; 1655#endif 1656#ifdef IN6_IFF_TENTATIVE 1657 flags6 |= IN6_IFF_TENTATIVE; 1658#endif 1659 return check_flags6(psau, name, flags6) ? ISC_FALSE : ISC_TRUE; 1660} 1661 1662/* 1663 * update_interface strategy 1664 * 1665 * toggle configuration phase 1666 * 1667 * Phase 1: 1668 * forall currently existing interfaces 1669 * if address is known: 1670 * drop socket - rebind again 1671 * 1672 * if address is NOT known: 1673 * attempt to create a new interface entry 1674 * 1675 * Phase 2: 1676 * forall currently known non MCAST and WILDCARD interfaces 1677 * if interface does not match configuration phase (not seen in phase 1): 1678 * remove interface from known interface list 1679 * forall peers associated with this interface 1680 * disconnect peer from this interface 1681 * 1682 * Phase 3: 1683 * attempt to re-assign interfaces to peers 1684 * 1685 */ 1686 1687static int 1688update_interfaces( 1689 u_short port, 1690 interface_receiver_t receiver, 1691 void * data 1692 ) 1693{ 1694 isc_mem_t * mctx = (void *)-1; 1695 interface_info_t ifi; 1696 isc_interfaceiter_t * iter; 1697 isc_result_t result; 1698 isc_interface_t isc_if; 1699 int new_interface_found; 1700 unsigned int family; 1701 endpt enumep; 1702 endpt * ep; 1703 endpt * next_ep; 1704 1705 DPRINTF(3, ("update_interfaces(%d)\n", port)); 1706 1707 /* 1708 * phase one - scan interfaces 1709 * - create those that are not found 1710 * - update those that are found 1711 */ 1712 1713 new_interface_found = FALSE; 1714 iter = NULL; 1715 result = isc_interfaceiter_create(mctx, &iter); 1716 1717 if (result != ISC_R_SUCCESS) 1718 return 0; 1719 1720 /* 1721 * Toggle system interface scan phase to find untouched 1722 * interfaces to be deleted. 1723 */ 1724 sys_interphase ^= 0x1; 1725 1726 for (result = isc_interfaceiter_first(iter); 1727 ISC_R_SUCCESS == result; 1728 result = isc_interfaceiter_next(iter)) { 1729 1730 result = isc_interfaceiter_current(iter, &isc_if); 1731 1732 if (result != ISC_R_SUCCESS) 1733 break; 1734 1735 /* See if we have a valid family to use */ 1736 family = isc_if.address.family; 1737 if (AF_INET != family && AF_INET6 != family) 1738 continue; 1739 if (AF_INET == family && !ipv4_works) 1740 continue; 1741 if (AF_INET6 == family && !ipv6_works) 1742 continue; 1743 1744 /* create prototype */ 1745 init_interface(&enumep); 1746 1747 convert_isc_if(&isc_if, &enumep, port); 1748 1749 DPRINT_INTERFACE(4, (&enumep, "examining ", "\n")); 1750 1751 /* 1752 * Check if and how we are going to use the interface. 1753 */ 1754 switch (interface_action(enumep.name, &enumep.sin, 1755 enumep.flags)) { 1756 1757 case ACTION_IGNORE: 1758 DPRINTF(4, ("ignoring interface %s (%s) - by nic rules\n", 1759 enumep.name, stoa(&enumep.sin))); 1760 continue; 1761 1762 case ACTION_LISTEN: 1763 DPRINTF(4, ("listen interface %s (%s) - by nic rules\n", 1764 enumep.name, stoa(&enumep.sin))); 1765 enumep.ignore_packets = ISC_FALSE; 1766 break; 1767 1768 case ACTION_DROP: 1769 DPRINTF(4, ("drop on interface %s (%s) - by nic rules\n", 1770 enumep.name, stoa(&enumep.sin))); 1771 enumep.ignore_packets = ISC_TRUE; 1772 break; 1773 } 1774 1775 /* interfaces must be UP to be usable */ 1776 if (!(enumep.flags & INT_UP)) { 1777 DPRINTF(4, ("skipping interface %s (%s) - DOWN\n", 1778 enumep.name, stoa(&enumep.sin))); 1779 continue; 1780 } 1781 1782 /* 1783 * skip any interfaces UP and bound to a wildcard 1784 * address - some dhcp clients produce that in the 1785 * wild 1786 */ 1787 if (is_wildcard_addr(&enumep.sin)) 1788 continue; 1789 1790 if (is_anycast(&enumep.sin, isc_if.name)) 1791 continue; 1792 1793 /* 1794 * skip any address that is an invalid state to be used 1795 */ 1796 if (!is_valid(&enumep.sin, isc_if.name)) 1797 continue; 1798 1799 /* 1800 * map to local *address* in order to map all duplicate 1801 * interfaces to an endpt structure with the appropriate 1802 * socket. Our name space is (ip-address), NOT 1803 * (interface name, ip-address). 1804 */ 1805 ep = getinterface(&enumep.sin, INT_WILDCARD); 1806 1807 if (ep != NULL && refresh_interface(ep)) { 1808 /* 1809 * found existing and up to date interface - 1810 * mark present. 1811 */ 1812 if (ep->phase != sys_interphase) { 1813 /* 1814 * On a new round we reset the name so 1815 * the interface name shows up again if 1816 * this address is no longer shared. 1817 * We reset ignore_packets from the 1818 * new prototype to respect any runtime 1819 * changes to the nic rules. 1820 */ 1821 strlcpy(ep->name, enumep.name, 1822 sizeof(ep->name)); 1823 ep->ignore_packets = 1824 enumep.ignore_packets; 1825 } else { 1826 /* name collision - rename interface */ 1827 strlcpy(ep->name, "*multiple*", 1828 sizeof(ep->name)); 1829 } 1830 1831 DPRINT_INTERFACE(4, (ep, "updating ", 1832 " present\n")); 1833 1834 if (ep->ignore_packets != 1835 enumep.ignore_packets) { 1836 /* 1837 * We have conflicting configurations 1838 * for the interface address. This is 1839 * caused by using -I <interfacename> 1840 * for an interface that shares its 1841 * address with other interfaces. We 1842 * can not disambiguate incoming 1843 * packets delivered to this socket 1844 * without extra syscalls/features. 1845 * These are not (commonly) available. 1846 * Note this is a more unusual 1847 * configuration where several 1848 * interfaces share an address but 1849 * filtering via interface name is 1850 * attempted. We resolve the 1851 * configuration conflict by disabling 1852 * the processing of received packets. 1853 * This leads to no service on the 1854 * interface address where the conflict 1855 * occurs. 1856 */ 1857 msyslog(LOG_ERR, 1858 "WARNING: conflicting enable configuration for interfaces %s and %s for address %s - unsupported configuration - address DISABLED", 1859 enumep.name, ep->name, 1860 stoa(&enumep.sin)); 1861 1862 ep->ignore_packets = ISC_TRUE; 1863 } 1864 1865 ep->phase = sys_interphase; 1866 1867 ifi.action = IFS_EXISTS; 1868 ifi.ep = ep; 1869 if (receiver != NULL) 1870 (*receiver)(data, &ifi); 1871 } else { 1872 /* 1873 * This is new or refreshing failed - add to 1874 * our interface list. If refreshing failed we 1875 * will delete the interface structure in phase 1876 * 2 as the interface was not marked current. 1877 * We can bind to the address as the refresh 1878 * code already closed the offending socket 1879 */ 1880 ep = create_interface(port, &enumep); 1881 1882 if (ep != NULL) { 1883 ifi.action = IFS_CREATED; 1884 ifi.ep = ep; 1885 if (receiver != NULL) 1886 (*receiver)(data, &ifi); 1887 1888 new_interface_found = TRUE; 1889 DPRINT_INTERFACE(3, 1890 (ep, "updating ", 1891 " new - created\n")); 1892 } else { 1893 DPRINT_INTERFACE(3, 1894 (&enumep, "updating ", 1895 " new - creation FAILED")); 1896 1897 msyslog(LOG_INFO, 1898 "failed to init interface for address %s", 1899 stoa(&enumep.sin)); 1900 continue; 1901 } 1902 } 1903 } 1904 1905 isc_interfaceiter_destroy(&iter); 1906 1907 /* 1908 * phase 2 - delete gone interfaces - reassigning peers to 1909 * other interfaces 1910 */ 1911 for (ep = ep_list; ep != NULL; ep = next_ep) { 1912 next_ep = ep->elink; 1913 1914 /* 1915 * if phase does not match sys_phase this interface was 1916 * not enumerated during the last interface scan - so it 1917 * is gone and will be deleted here unless it did not 1918 * originate from interface enumeration (INT_WILDCARD, 1919 * INT_MCASTIF). 1920 */ 1921 if (((INT_WILDCARD | INT_MCASTIF) & ep->flags) || 1922 ep->phase == sys_interphase) 1923 continue; 1924 1925 DPRINT_INTERFACE(3, (ep, "updating ", 1926 "GONE - deleting\n")); 1927 remove_interface(ep); 1928 1929 ifi.action = IFS_DELETED; 1930 ifi.ep = ep; 1931 if (receiver != NULL) 1932 (*receiver)(data, &ifi); 1933 1934 /* disconnect peers from deleted endpt. */ 1935 while (ep->peers != NULL) 1936 set_peerdstadr(ep->peers, NULL); 1937 1938 /* 1939 * update globals in case we lose 1940 * a loopback interface 1941 */ 1942 if (ep == loopback_interface) 1943 loopback_interface = NULL; 1944 1945 delete_interface(ep); 1946 } 1947 1948 /* 1949 * phase 3 - re-configure as the world has possibly changed 1950 * 1951 * never ever make this conditional again - it is needed to track 1952 * routing updates. see bug #2506 1953 */ 1954 refresh_all_peerinterfaces(); 1955 1956 if (broadcast_client_enabled) 1957 io_setbclient(); 1958 1959 if (sys_bclient) 1960 io_setbclient(); 1961 1962#ifdef MCAST 1963 /* 1964 * Check multicast interfaces and try to join multicast groups if 1965 * not joined yet. 1966 */ 1967 for (ep = ep_list; ep != NULL; ep = ep->elink) { 1968 remaddr_t *entry; 1969 1970 if (!(INT_MCASTIF & ep->flags) || (INT_MCASTOPEN & ep->flags)) 1971 continue; 1972 1973 /* Find remote address that was linked to this interface */ 1974 for (entry = remoteaddr_list; 1975 entry != NULL; 1976 entry = entry->link) { 1977 if (entry->ep == ep) { 1978 if (socket_multicast_enable(ep, &entry->addr)) { 1979 msyslog(LOG_INFO, 1980 "Joined %s socket to multicast group %s", 1981 stoa(&ep->sin), 1982 stoa(&entry->addr)); 1983 } 1984 break; 1985 } 1986 } 1987 } 1988#endif /* MCAST */ 1989 1990 return new_interface_found; 1991} 1992 1993 1994/* 1995 * create_sockets - create a socket for each interface plus a default 1996 * socket for when we don't know where to send 1997 */ 1998static int 1999create_sockets( 2000 u_short port 2001 ) 2002{ 2003#ifndef HAVE_IO_COMPLETION_PORT 2004 /* 2005 * I/O Completion Ports don't care about the select and FD_SET 2006 */ 2007 maxactivefd = 0; 2008 FD_ZERO(&activefds); 2009#endif 2010 2011 DPRINTF(2, ("create_sockets(%d)\n", port)); 2012 2013 create_wildcards(port); 2014 2015 update_interfaces(port, NULL, NULL); 2016 2017 /* 2018 * Now that we have opened all the sockets, turn off the reuse 2019 * flag for security. 2020 */ 2021 set_reuseaddr(0); 2022 2023 DPRINTF(2, ("create_sockets: Total interfaces = %d\n", ninterfaces)); 2024 2025 return ninterfaces; 2026} 2027 2028/* 2029 * create_interface - create a new interface for a given prototype 2030 * binding the socket. 2031 */ 2032static struct interface * 2033create_interface( 2034 u_short port, 2035 struct interface * protot 2036 ) 2037{ 2038 sockaddr_u resmask; 2039 endpt * iface; 2040#if defined(MCAST) && defined(MULTICAST_NONEWSOCKET) 2041 remaddr_t * entry; 2042 remaddr_t * next_entry; 2043#endif 2044 DPRINTF(2, ("create_interface(%s#%d)\n", stoa(&protot->sin), 2045 port)); 2046 2047 /* build an interface */ 2048 iface = new_interface(protot); 2049 2050 /* 2051 * create socket 2052 */ 2053 iface->fd = open_socket(&iface->sin, 0, 0, iface); 2054 2055 if (iface->fd != INVALID_SOCKET) 2056 log_listen_address(iface); 2057 2058 if ((INT_BROADCAST & iface->flags) 2059 && iface->bfd != INVALID_SOCKET) 2060 msyslog(LOG_INFO, "Listening on broadcast address %s#%d", 2061 stoa((&iface->bcast)), port); 2062 2063 if (INVALID_SOCKET == iface->fd 2064 && INVALID_SOCKET == iface->bfd) { 2065 msyslog(LOG_ERR, "unable to create socket on %s (%d) for %s#%d", 2066 iface->name, 2067 iface->ifnum, 2068 stoa((&iface->sin)), 2069 port); 2070 delete_interface(iface); 2071 return NULL; 2072 } 2073 2074 /* 2075 * Blacklist our own addresses, no use talking to ourself 2076 */ 2077 SET_HOSTMASK(&resmask, AF(&iface->sin)); 2078 hack_restrict(RESTRICT_FLAGS, &iface->sin, &resmask, 2079 RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0); 2080 2081 /* 2082 * set globals with the first found 2083 * loopback interface of the appropriate class 2084 */ 2085 if (NULL == loopback_interface && AF_INET == iface->family 2086 && (INT_LOOPBACK & iface->flags)) 2087 loopback_interface = iface; 2088 2089 /* 2090 * put into our interface list 2091 */ 2092 add_addr_to_list(&iface->sin, iface); 2093 add_interface(iface); 2094 2095#if defined(MCAST) && defined(MULTICAST_NONEWSOCKET) 2096 /* 2097 * Join any previously-configured compatible multicast groups. 2098 */ 2099 if (INT_MULTICAST & iface->flags && 2100 !((INT_LOOPBACK | INT_WILDCARD) & iface->flags) && 2101 !iface->ignore_packets) { 2102 for (entry = remoteaddr_list; 2103 entry != NULL; 2104 entry = next_entry) { 2105 next_entry = entry->link; 2106 if (AF(&iface->sin) != AF(&entry->addr) || 2107 !IS_MCAST(&entry->addr)) 2108 continue; 2109 if (socket_multicast_enable(iface, 2110 &entry->addr)) 2111 msyslog(LOG_INFO, 2112 "Joined %s socket to multicast group %s", 2113 stoa(&iface->sin), 2114 stoa(&entry->addr)); 2115 else 2116 msyslog(LOG_ERR, 2117 "Failed to join %s socket to multicast group %s", 2118 stoa(&iface->sin), 2119 stoa(&entry->addr)); 2120 } 2121 } 2122#endif /* MCAST && MCAST_NONEWSOCKET */ 2123 2124 DPRINT_INTERFACE(2, (iface, "created ", "\n")); 2125 return iface; 2126} 2127 2128 2129#ifdef SO_EXCLUSIVEADDRUSE 2130static void 2131set_excladdruse( 2132 SOCKET fd 2133 ) 2134{ 2135 int one = 1; 2136 int failed; 2137#ifdef SYS_WINNT 2138 DWORD err; 2139#endif 2140 2141 failed = setsockopt(fd, SOL_SOCKET, SO_EXCLUSIVEADDRUSE, 2142 (char *)&one, sizeof(one)); 2143 2144 if (!failed) 2145 return; 2146 2147#ifdef SYS_WINNT 2148 /* 2149 * Prior to Windows XP setting SO_EXCLUSIVEADDRUSE can fail with 2150 * error WSAINVAL depending on service pack level and whether 2151 * the user account is in the Administrators group. Do not 2152 * complain if it fails that way on versions prior to XP (5.1). 2153 */ 2154 err = GetLastError(); 2155 2156 if (isc_win32os_versioncheck(5, 1, 0, 0) < 0 /* < 5.1/XP */ 2157 && WSAEINVAL == err) 2158 return; 2159 2160 SetLastError(err); 2161#endif 2162 msyslog(LOG_ERR, 2163 "setsockopt(%d, SO_EXCLUSIVEADDRUSE, on): %m", 2164 (int)fd); 2165} 2166#endif /* SO_EXCLUSIVEADDRUSE */ 2167 2168 2169/* 2170 * set_reuseaddr() - set/clear REUSEADDR on all sockets 2171 * NB possible hole - should we be doing this on broadcast 2172 * fd's also? 2173 */ 2174static void 2175set_reuseaddr( 2176 int flag 2177 ) 2178{ 2179#ifndef SO_EXCLUSIVEADDRUSE 2180 endpt *ep; 2181 2182 for (ep = ep_list; ep != NULL; ep = ep->elink) { 2183 if (ep->flags & INT_WILDCARD) 2184 continue; 2185 2186 /* 2187 * if ep->fd is INVALID_SOCKET, we might have a adapter 2188 * configured but not present 2189 */ 2190 DPRINTF(4, ("setting SO_REUSEADDR on %.16s@%s to %s\n", 2191 ep->name, stoa(&ep->sin), 2192 flag ? "on" : "off")); 2193 2194 if (ep->fd != INVALID_SOCKET) { 2195 if (setsockopt(ep->fd, SOL_SOCKET, SO_REUSEADDR, 2196 (char *)&flag, sizeof(flag))) { 2197 msyslog(LOG_ERR, "set_reuseaddr: setsockopt(%s, SO_REUSEADDR, %s) failed: %m", 2198 stoa(&ep->sin), flag ? "on" : "off"); 2199 } 2200 } 2201 } 2202#endif /* ! SO_EXCLUSIVEADDRUSE */ 2203} 2204 2205/* 2206 * This is just a wrapper around an internal function so we can 2207 * make other changes as necessary later on 2208 */ 2209void 2210enable_broadcast( 2211 struct interface * iface, 2212 sockaddr_u * baddr 2213 ) 2214{ 2215#ifdef OPEN_BCAST_SOCKET 2216 socket_broadcast_enable(iface, iface->fd, baddr); 2217#endif 2218} 2219 2220#ifdef OPEN_BCAST_SOCKET 2221/* 2222 * Enable a broadcast address to a given socket 2223 * The socket is in the ep_list all we need to do is enable 2224 * broadcasting. It is not this function's job to select the socket 2225 */ 2226static isc_boolean_t 2227socket_broadcast_enable( 2228 struct interface * iface, 2229 SOCKET fd, 2230 sockaddr_u * baddr 2231 ) 2232{ 2233#ifdef SO_BROADCAST 2234 int on = 1; 2235 2236 if (IS_IPV4(baddr)) { 2237 /* if this interface can support broadcast, set SO_BROADCAST */ 2238 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, 2239 (char *)&on, sizeof(on))) 2240 msyslog(LOG_ERR, 2241 "setsockopt(SO_BROADCAST) enable failure on address %s: %m", 2242 stoa(baddr)); 2243 else 2244 DPRINTF(2, ("Broadcast enabled on socket %d for address %s\n", 2245 fd, stoa(baddr))); 2246 } 2247 iface->flags |= INT_BCASTXMIT; 2248 return ISC_TRUE; 2249#else 2250 return ISC_FALSE; 2251#endif /* SO_BROADCAST */ 2252} 2253 2254#ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES 2255/* 2256 * Remove a broadcast address from a given socket 2257 * The socket is in the ep_list all we need to do is disable 2258 * broadcasting. It is not this function's job to select the socket 2259 */ 2260static isc_boolean_t 2261socket_broadcast_disable( 2262 struct interface * iface, 2263 sockaddr_u * baddr 2264 ) 2265{ 2266#ifdef SO_BROADCAST 2267 int off = 0; /* This seems to be OK as an int */ 2268 2269 if (IS_IPV4(baddr) && setsockopt(iface->fd, SOL_SOCKET, 2270 SO_BROADCAST, (char *)&off, sizeof(off))) 2271 msyslog(LOG_ERR, 2272 "setsockopt(SO_BROADCAST) disable failure on address %s: %m", 2273 stoa(baddr)); 2274 2275 iface->flags &= ~INT_BCASTXMIT; 2276 return ISC_TRUE; 2277#else 2278 return ISC_FALSE; 2279#endif /* SO_BROADCAST */ 2280} 2281#endif /* OS_MISSES_SPECIFIC_ROUTE_UPDATES */ 2282 2283#endif /* OPEN_BCAST_SOCKET */ 2284 2285/* 2286 * return the broadcast client flag value 2287 */ 2288isc_boolean_t 2289get_broadcastclient_flag(void) 2290{ 2291 return (broadcast_client_enabled); 2292} 2293 2294/* 2295 * Check to see if the address is a multicast address 2296 */ 2297static isc_boolean_t 2298addr_ismulticast( 2299 sockaddr_u *maddr 2300 ) 2301{ 2302 isc_boolean_t result; 2303 2304#ifndef INCLUDE_IPV6_MULTICAST_SUPPORT 2305 /* 2306 * If we don't have IPV6 support any IPV6 addr is not multicast 2307 */ 2308 if (IS_IPV6(maddr)) 2309 result = ISC_FALSE; 2310 else 2311#endif 2312 result = IS_MCAST(maddr); 2313 2314 if (!result) 2315 DPRINTF(4, ("address %s is not multicast\n", 2316 stoa(maddr))); 2317 2318 return result; 2319} 2320 2321/* 2322 * Multicast servers need to set the appropriate Multicast interface 2323 * socket option in order for it to know which interface to use for 2324 * send the multicast packet. 2325 */ 2326void 2327enable_multicast_if( 2328 struct interface * iface, 2329 sockaddr_u * maddr 2330 ) 2331{ 2332#ifdef MCAST 2333#ifdef IP_MULTICAST_LOOP 2334 TYPEOF_IP_MULTICAST_LOOP off = 0; 2335#endif 2336#if defined(INCLUDE_IPV6_MULTICAST_SUPPORT) && defined(IPV6_MULTICAST_LOOP) 2337 u_int off6 = 0; 2338#endif 2339 2340 REQUIRE(AF(maddr) == AF(&iface->sin)); 2341 2342 switch (AF(&iface->sin)) { 2343 2344 case AF_INET: 2345#ifdef IP_MULTICAST_LOOP 2346 /* 2347 * Don't send back to itself, but allow failure to set 2348 */ 2349 if (setsockopt(iface->fd, IPPROTO_IP, 2350 IP_MULTICAST_LOOP, 2351 SETSOCKOPT_ARG_CAST &off, 2352 sizeof(off))) { 2353 2354 msyslog(LOG_ERR, 2355 "setsockopt IP_MULTICAST_LOOP failed: %m on socket %d, addr %s for multicast address %s", 2356 iface->fd, stoa(&iface->sin), 2357 stoa(maddr)); 2358 } 2359#endif 2360 break; 2361 2362 case AF_INET6: 2363#ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2364#ifdef IPV6_MULTICAST_LOOP 2365 /* 2366 * Don't send back to itself, but allow failure to set 2367 */ 2368 if (setsockopt(iface->fd, IPPROTO_IPV6, 2369 IPV6_MULTICAST_LOOP, 2370 (char *) &off6, sizeof(off6))) { 2371 2372 msyslog(LOG_ERR, 2373 "setsockopt IPV6_MULTICAST_LOOP failed: %m on socket %d, addr %s for multicast address %s", 2374 iface->fd, stoa(&iface->sin), 2375 stoa(maddr)); 2376 } 2377#endif 2378 break; 2379#else 2380 return; 2381#endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */ 2382 } 2383 return; 2384#endif 2385} 2386 2387/* 2388 * Add a multicast address to a given socket 2389 * The socket is in the ep_list all we need to do is enable 2390 * multicasting. It is not this function's job to select the socket 2391 */ 2392#if defined(MCAST) 2393static isc_boolean_t 2394socket_multicast_enable( 2395 endpt * iface, 2396 sockaddr_u * maddr 2397 ) 2398{ 2399 struct ip_mreq mreq; 2400# ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2401 struct ipv6_mreq mreq6; 2402# endif 2403 switch (AF(maddr)) { 2404 2405 case AF_INET: 2406 ZERO(mreq); 2407 mreq.imr_multiaddr = SOCK_ADDR4(maddr); 2408 mreq.imr_interface.s_addr = htonl(INADDR_ANY); 2409 if (setsockopt(iface->fd, 2410 IPPROTO_IP, 2411 IP_ADD_MEMBERSHIP, 2412 (char *)&mreq, 2413 sizeof(mreq))) { 2414 DPRINTF(2, ( 2415 "setsockopt IP_ADD_MEMBERSHIP failed: %m on socket %d, addr %s for %x / %x (%s)", 2416 iface->fd, stoa(&iface->sin), 2417 mreq.imr_multiaddr.s_addr, 2418 mreq.imr_interface.s_addr, 2419 stoa(maddr))); 2420 return ISC_FALSE; 2421 } 2422 DPRINTF(4, ("Added IPv4 multicast membership on socket %d, addr %s for %x / %x (%s)\n", 2423 iface->fd, stoa(&iface->sin), 2424 mreq.imr_multiaddr.s_addr, 2425 mreq.imr_interface.s_addr, stoa(maddr))); 2426 break; 2427 2428 case AF_INET6: 2429# ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2430 /* 2431 * Enable reception of multicast packets. 2432 * If the address is link-local we can get the 2433 * interface index from the scope id. Don't do this 2434 * for other types of multicast addresses. For now let 2435 * the kernel figure it out. 2436 */ 2437 ZERO(mreq6); 2438 mreq6.ipv6mr_multiaddr = SOCK_ADDR6(maddr); 2439 mreq6.ipv6mr_interface = iface->ifindex; 2440 2441 if (setsockopt(iface->fd, IPPROTO_IPV6, 2442 IPV6_JOIN_GROUP, (char *)&mreq6, 2443 sizeof(mreq6))) { 2444 DPRINTF(2, ( 2445 "setsockopt IPV6_JOIN_GROUP failed: %m on socket %d, addr %s for interface %u (%s)", 2446 iface->fd, stoa(&iface->sin), 2447 mreq6.ipv6mr_interface, stoa(maddr))); 2448 return ISC_FALSE; 2449 } 2450 DPRINTF(4, ("Added IPv6 multicast group on socket %d, addr %s for interface %u (%s)\n", 2451 iface->fd, stoa(&iface->sin), 2452 mreq6.ipv6mr_interface, stoa(maddr))); 2453# else 2454 return ISC_FALSE; 2455# endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */ 2456 } 2457 iface->flags |= INT_MCASTOPEN; 2458 iface->num_mcast++; 2459 2460 return ISC_TRUE; 2461} 2462#endif /* MCAST */ 2463 2464 2465/* 2466 * Remove a multicast address from a given socket 2467 * The socket is in the ep_list all we need to do is disable 2468 * multicasting. It is not this function's job to select the socket 2469 */ 2470#ifdef MCAST 2471static isc_boolean_t 2472socket_multicast_disable( 2473 struct interface * iface, 2474 sockaddr_u * maddr 2475 ) 2476{ 2477# ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2478 struct ipv6_mreq mreq6; 2479# endif 2480 struct ip_mreq mreq; 2481 2482 ZERO(mreq); 2483 2484 if (find_addr_in_list(maddr) == NULL) { 2485 DPRINTF(4, ("socket_multicast_disable(%s): not found\n", 2486 stoa(maddr))); 2487 return ISC_TRUE; 2488 } 2489 2490 switch (AF(maddr)) { 2491 2492 case AF_INET: 2493 mreq.imr_multiaddr = SOCK_ADDR4(maddr); 2494 mreq.imr_interface = SOCK_ADDR4(&iface->sin); 2495 if (setsockopt(iface->fd, IPPROTO_IP, 2496 IP_DROP_MEMBERSHIP, (char *)&mreq, 2497 sizeof(mreq))) { 2498 2499 msyslog(LOG_ERR, 2500 "setsockopt IP_DROP_MEMBERSHIP failed: %m on socket %d, addr %s for %x / %x (%s)", 2501 iface->fd, stoa(&iface->sin), 2502 SRCADR(maddr), SRCADR(&iface->sin), 2503 stoa(maddr)); 2504 return ISC_FALSE; 2505 } 2506 break; 2507 case AF_INET6: 2508# ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2509 /* 2510 * Disable reception of multicast packets 2511 * If the address is link-local we can get the 2512 * interface index from the scope id. Don't do this 2513 * for other types of multicast addresses. For now let 2514 * the kernel figure it out. 2515 */ 2516 mreq6.ipv6mr_multiaddr = SOCK_ADDR6(maddr); 2517 mreq6.ipv6mr_interface = iface->ifindex; 2518 2519 if (setsockopt(iface->fd, IPPROTO_IPV6, 2520 IPV6_LEAVE_GROUP, (char *)&mreq6, 2521 sizeof(mreq6))) { 2522 2523 msyslog(LOG_ERR, 2524 "setsockopt IPV6_LEAVE_GROUP failure: %m on socket %d, addr %s for %d (%s)", 2525 iface->fd, stoa(&iface->sin), 2526 iface->ifindex, stoa(maddr)); 2527 return ISC_FALSE; 2528 } 2529 break; 2530# else 2531 return ISC_FALSE; 2532# endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */ 2533 } 2534 2535 iface->num_mcast--; 2536 if (!iface->num_mcast) 2537 iface->flags &= ~INT_MCASTOPEN; 2538 2539 return ISC_TRUE; 2540} 2541#endif /* MCAST */ 2542 2543/* 2544 * io_setbclient - open the broadcast client sockets 2545 */ 2546void 2547io_setbclient(void) 2548{ 2549#ifdef OPEN_BCAST_SOCKET 2550 struct interface * interf; 2551 int nif; 2552 2553 nif = 0; 2554 set_reuseaddr(1); 2555 2556 for (interf = ep_list; 2557 interf != NULL; 2558 interf = interf->elink) { 2559 2560 if (interf->flags & (INT_WILDCARD | INT_LOOPBACK)) 2561 continue; 2562 2563 /* use only allowed addresses */ 2564 if (interf->ignore_packets) 2565 continue; 2566 2567 /* Need a broadcast-capable interface */ 2568 if (!(interf->flags & INT_BROADCAST)) 2569 continue; 2570 2571 /* Only IPv4 addresses are valid for broadcast */ 2572 REQUIRE(IS_IPV4(&interf->sin)); 2573 2574 /* Do we already have the broadcast address open? */ 2575 if (interf->flags & INT_BCASTOPEN) { 2576 /* 2577 * account for already open interfaces to avoid 2578 * misleading warning below 2579 */ 2580 nif++; 2581 continue; 2582 } 2583 2584 /* 2585 * Try to open the broadcast address 2586 */ 2587 interf->family = AF_INET; 2588 interf->bfd = open_socket(&interf->bcast, 1, 0, interf); 2589 2590 /* 2591 * If we succeeded then we use it otherwise enable 2592 * broadcast on the interface address 2593 */ 2594 if (interf->bfd != INVALID_SOCKET) { 2595 nif++; 2596 interf->flags |= INT_BCASTOPEN; 2597 msyslog(LOG_INFO, 2598 "Listen for broadcasts to %s on interface #%d %s", 2599 stoa(&interf->bcast), interf->ifnum, interf->name); 2600 } else { 2601 /* silently ignore EADDRINUSE as we probably opened 2602 the socket already for an address in the same network */ 2603 if (errno != EADDRINUSE) 2604 msyslog(LOG_INFO, 2605 "failed to listen for broadcasts to %s on interface #%d %s", 2606 stoa(&interf->bcast), interf->ifnum, interf->name); 2607 } 2608 } 2609 set_reuseaddr(0); 2610 if (nif > 0) { 2611 broadcast_client_enabled = ISC_TRUE; 2612 DPRINTF(1, ("io_setbclient: listening to %d broadcast addresses\n", nif)); 2613 } 2614 else if (!nif) { 2615 broadcast_client_enabled = ISC_FALSE; 2616 msyslog(LOG_ERR, 2617 "Unable to listen for broadcasts, no broadcast interfaces available"); 2618 } 2619#else 2620 msyslog(LOG_ERR, 2621 "io_setbclient: Broadcast Client disabled by build"); 2622#endif /* OPEN_BCAST_SOCKET */ 2623} 2624 2625/* 2626 * io_unsetbclient - close the broadcast client sockets 2627 */ 2628void 2629io_unsetbclient(void) 2630{ 2631 endpt *ep; 2632 2633 for (ep = ep_list; ep != NULL; ep = ep->elink) { 2634 if (INT_WILDCARD & ep->flags) 2635 continue; 2636 if (!(INT_BCASTOPEN & ep->flags)) 2637 continue; 2638 2639 if (ep->bfd != INVALID_SOCKET) { 2640 /* destroy broadcast listening socket */ 2641 msyslog(LOG_INFO, 2642 "stop listening for broadcasts to %s on interface #%d %s", 2643 stoa(&ep->bcast), ep->ifnum, ep->name); 2644 close_and_delete_fd_from_list(ep->bfd); 2645 ep->bfd = INVALID_SOCKET; 2646 ep->flags &= ~INT_BCASTOPEN; 2647 } 2648 } 2649 broadcast_client_enabled = ISC_FALSE; 2650} 2651 2652/* 2653 * io_multicast_add() - add multicast group address 2654 */ 2655void 2656io_multicast_add( 2657 sockaddr_u *addr 2658 ) 2659{ 2660#ifdef MCAST 2661 endpt * ep; 2662 endpt * one_ep; 2663 2664 /* 2665 * Check to see if this is a multicast address 2666 */ 2667 if (!addr_ismulticast(addr)) 2668 return; 2669 2670 /* If we already have it we can just return */ 2671 if (NULL != find_flagged_addr_in_list(addr, INT_MCASTOPEN)) { 2672 msyslog(LOG_INFO, 2673 "Duplicate request found for multicast address %s", 2674 stoa(addr)); 2675 return; 2676 } 2677 2678# ifndef MULTICAST_NONEWSOCKET 2679 ep = new_interface(NULL); 2680 2681 /* 2682 * Open a new socket for the multicast address 2683 */ 2684 ep->sin = *addr; 2685 SET_PORT(&ep->sin, NTP_PORT); 2686 ep->family = AF(&ep->sin); 2687 AF(&ep->mask) = ep->family; 2688 SET_ONESMASK(&ep->mask); 2689 2690 set_reuseaddr(1); 2691 ep->bfd = INVALID_SOCKET; 2692 ep->fd = open_socket(&ep->sin, 0, 0, ep); 2693 if (ep->fd != INVALID_SOCKET) { 2694 ep->ignore_packets = ISC_FALSE; 2695 ep->flags |= INT_MCASTIF; 2696 2697 strlcpy(ep->name, "multicast", sizeof(ep->name)); 2698 DPRINT_INTERFACE(2, (ep, "multicast add ", "\n")); 2699 add_interface(ep); 2700 log_listen_address(ep); 2701 } else { 2702 /* bind failed, re-use wildcard interface */ 2703 delete_interface(ep); 2704 2705 if (IS_IPV4(addr)) 2706 ep = wildipv4; 2707 else if (IS_IPV6(addr)) 2708 ep = wildipv6; 2709 else 2710 ep = NULL; 2711 2712 if (ep != NULL) { 2713 /* HACK ! -- stuff in an address */ 2714 /* because we don't bind addr? DH */ 2715 ep->bcast = *addr; 2716 msyslog(LOG_ERR, 2717 "multicast address %s using wildcard interface #%d %s", 2718 stoa(addr), ep->ifnum, ep->name); 2719 } else { 2720 msyslog(LOG_ERR, 2721 "No multicast socket available to use for address %s", 2722 stoa(addr)); 2723 return; 2724 } 2725 } 2726 { /* in place of the { following for in #else clause */ 2727 one_ep = ep; 2728# else /* MULTICAST_NONEWSOCKET follows */ 2729 /* 2730 * For the case where we can't use a separate socket (Windows) 2731 * join each applicable endpoint socket to the group address. 2732 */ 2733 if (IS_IPV4(addr)) 2734 one_ep = wildipv4; 2735 else 2736 one_ep = wildipv6; 2737 for (ep = ep_list; ep != NULL; ep = ep->elink) { 2738 if (ep->ignore_packets || AF(&ep->sin) != AF(addr) || 2739 !(INT_MULTICAST & ep->flags) || 2740 (INT_LOOPBACK | INT_WILDCARD) & ep->flags) 2741 continue; 2742 one_ep = ep; 2743# endif /* MULTICAST_NONEWSOCKET */ 2744 if (socket_multicast_enable(ep, addr)) 2745 msyslog(LOG_INFO, 2746 "Joined %s socket to multicast group %s", 2747 stoa(&ep->sin), 2748 stoa(addr)); 2749 } 2750 2751 add_addr_to_list(addr, one_ep); 2752#else /* !MCAST follows*/ 2753 msyslog(LOG_ERR, 2754 "Can not add multicast address %s: no multicast support", 2755 stoa(addr)); 2756#endif 2757 return; 2758} 2759 2760 2761/* 2762 * io_multicast_del() - delete multicast group address 2763 */ 2764void 2765io_multicast_del( 2766 sockaddr_u * addr 2767 ) 2768{ 2769#ifdef MCAST 2770 endpt *iface; 2771 2772 /* 2773 * Check to see if this is a multicast address 2774 */ 2775 if (!addr_ismulticast(addr)) { 2776 msyslog(LOG_ERR, "invalid multicast address %s", 2777 stoa(addr)); 2778 return; 2779 } 2780 2781 /* 2782 * Disable reception of multicast packets 2783 */ 2784 while ((iface = find_flagged_addr_in_list(addr, INT_MCASTOPEN)) 2785 != NULL) 2786 socket_multicast_disable(iface, addr); 2787 2788 delete_addr_from_list(addr); 2789 2790#else /* not MCAST */ 2791 msyslog(LOG_ERR, 2792 "Can not delete multicast address %s: no multicast support", 2793 stoa(addr)); 2794#endif /* not MCAST */ 2795} 2796 2797 2798/* 2799 * open_socket - open a socket, returning the file descriptor 2800 */ 2801 2802static SOCKET 2803open_socket( 2804 sockaddr_u * addr, 2805 int bcast, 2806 int turn_off_reuse, 2807 endpt * interf 2808 ) 2809{ 2810 SOCKET fd; 2811 int errval; 2812 /* 2813 * int is OK for REUSEADR per 2814 * http://www.kohala.com/start/mcast.api.txt 2815 */ 2816 int on = 1; 2817 int off = 0; 2818 2819 if (IS_IPV6(addr) && !ipv6_works) 2820 return INVALID_SOCKET; 2821 2822 /* create a datagram (UDP) socket */ 2823 fd = socket(AF(addr), SOCK_DGRAM, 0); 2824 if (INVALID_SOCKET == fd) { 2825 errval = socket_errno(); 2826 msyslog(LOG_ERR, 2827 "socket(AF_INET%s, SOCK_DGRAM, 0) failed on address %s: %m", 2828 IS_IPV6(addr) ? "6" : "", stoa(addr)); 2829 2830 if (errval == EPROTONOSUPPORT || 2831 errval == EAFNOSUPPORT || 2832 errval == EPFNOSUPPORT) 2833 return (INVALID_SOCKET); 2834 2835 errno = errval; 2836 msyslog(LOG_ERR, 2837 "unexpected socket() error %m code %d (not EPROTONOSUPPORT nor EAFNOSUPPORT nor EPFNOSUPPORT) - exiting", 2838 errno); 2839 exit(1); 2840 } 2841 2842#ifdef SYS_WINNT 2843 connection_reset_fix(fd, addr); 2844#endif 2845 /* 2846 * Fixup the file descriptor for some systems 2847 * See bug #530 for details of the issue. 2848 */ 2849 fd = move_fd(fd); 2850 2851 /* 2852 * set SO_REUSEADDR since we will be binding the same port 2853 * number on each interface according to turn_off_reuse. 2854 * This is undesirable on Windows versions starting with 2855 * Windows XP (numeric version 5.1). 2856 */ 2857#ifdef SYS_WINNT 2858 if (isc_win32os_versioncheck(5, 1, 0, 0) < 0) /* before 5.1 */ 2859#endif 2860 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, 2861 (char *)((turn_off_reuse) 2862 ? &off 2863 : &on), 2864 sizeof(on))) { 2865 2866 msyslog(LOG_ERR, 2867 "setsockopt SO_REUSEADDR %s fails for address %s: %m", 2868 (turn_off_reuse) 2869 ? "off" 2870 : "on", 2871 stoa(addr)); 2872 closesocket(fd); 2873 return INVALID_SOCKET; 2874 } 2875#ifdef SO_EXCLUSIVEADDRUSE 2876 /* 2877 * setting SO_EXCLUSIVEADDRUSE on the wildcard we open 2878 * first will cause more specific binds to fail. 2879 */ 2880 if (!(interf->flags & INT_WILDCARD)) 2881 set_excladdruse(fd); 2882#endif 2883 2884 /* 2885 * IPv4 specific options go here 2886 */ 2887 if (IS_IPV4(addr)) { 2888#if defined(IPPROTO_IP) && defined(IP_TOS) 2889 if (setsockopt(fd, IPPROTO_IP, IP_TOS, (char*)&qos, 2890 sizeof(qos))) 2891 msyslog(LOG_ERR, 2892 "setsockopt IP_TOS (%02x) fails on address %s: %m", 2893 qos, stoa(addr)); 2894#endif /* IPPROTO_IP && IP_TOS */ 2895 if (bcast) 2896 socket_broadcast_enable(interf, fd, addr); 2897 } 2898 2899 /* 2900 * IPv6 specific options go here 2901 */ 2902 if (IS_IPV6(addr)) { 2903#if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS) 2904 if (setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, (char*)&qos, 2905 sizeof(qos))) 2906 msyslog(LOG_ERR, 2907 "setsockopt IPV6_TCLASS (%02x) fails on address %s: %m", 2908 qos, stoa(addr)); 2909#endif /* IPPROTO_IPV6 && IPV6_TCLASS */ 2910#ifdef IPV6_V6ONLY 2911 if (isc_net_probe_ipv6only() == ISC_R_SUCCESS 2912 && setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, 2913 (char*)&on, sizeof(on))) 2914 msyslog(LOG_ERR, 2915 "setsockopt IPV6_V6ONLY on fails on address %s: %m", 2916 stoa(addr)); 2917#endif 2918#ifdef IPV6_BINDV6ONLY 2919 if (setsockopt(fd, IPPROTO_IPV6, IPV6_BINDV6ONLY, 2920 (char*)&on, sizeof(on))) 2921 msyslog(LOG_ERR, 2922 "setsockopt IPV6_BINDV6ONLY on fails on address %s: %m", 2923 stoa(addr)); 2924#endif 2925 } 2926 2927#ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND 2928 /* 2929 * some OSes don't allow binding to more specific 2930 * addresses if a wildcard address already bound 2931 * to the port and SO_REUSEADDR is not set 2932 */ 2933 if (!is_wildcard_addr(addr)) 2934 set_wildcard_reuse(AF(addr), 1); 2935#endif 2936 2937 /* 2938 * bind the local address. 2939 */ 2940 errval = bind(fd, &addr->sa, SOCKLEN(addr)); 2941 2942#ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND 2943 if (!is_wildcard_addr(addr)) 2944 set_wildcard_reuse(AF(addr), 0); 2945#endif 2946 2947 if (errval < 0) { 2948 /* 2949 * Don't log this under all conditions 2950 */ 2951 if (turn_off_reuse == 0 2952#ifdef DEBUG 2953 || debug > 1 2954#endif 2955 ) { 2956 msyslog(LOG_ERR, 2957 "bind(%d) AF_INET%s %s#%d%s flags 0x%x failed: %m", 2958 fd, IS_IPV6(addr) ? "6" : "", 2959 stoa(addr), SRCPORT(addr), 2960 IS_MCAST(addr) ? " (multicast)" : "", 2961 interf->flags); 2962 } 2963 2964 closesocket(fd); 2965 2966 return INVALID_SOCKET; 2967 } 2968 2969#ifdef HAVE_TIMESTAMP 2970 { 2971 if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMP, 2972 (char*)&on, sizeof(on))) 2973 msyslog(LOG_DEBUG, 2974 "setsockopt SO_TIMESTAMP on fails on address %s: %m", 2975 stoa(addr)); 2976 else 2977 DPRINTF(4, ("setsockopt SO_TIMESTAMP enabled on fd %d address %s\n", 2978 fd, stoa(addr))); 2979 } 2980#endif 2981#ifdef HAVE_TIMESTAMPNS 2982 { 2983 if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMPNS, 2984 (char*)&on, sizeof(on))) 2985 msyslog(LOG_DEBUG, 2986 "setsockopt SO_TIMESTAMPNS on fails on address %s: %m", 2987 stoa(addr)); 2988 else 2989 DPRINTF(4, ("setsockopt SO_TIMESTAMPNS enabled on fd %d address %s\n", 2990 fd, stoa(addr))); 2991 } 2992#endif 2993#ifdef HAVE_BINTIME 2994 { 2995 if (setsockopt(fd, SOL_SOCKET, SO_BINTIME, 2996 (char*)&on, sizeof(on))) 2997 msyslog(LOG_DEBUG, 2998 "setsockopt SO_BINTIME on fails on address %s: %m", 2999 stoa(addr)); 3000 else 3001 DPRINTF(4, ("setsockopt SO_BINTIME enabled on fd %d address %s\n", 3002 fd, stoa(addr))); 3003 } 3004#endif 3005 3006 DPRINTF(4, ("bind(%d) AF_INET%s, addr %s%%%d#%d, flags 0x%x\n", 3007 fd, IS_IPV6(addr) ? "6" : "", stoa(addr), 3008 SCOPE(addr), SRCPORT(addr), interf->flags)); 3009 3010 make_socket_nonblocking(fd); 3011 3012#ifdef HAVE_SIGNALED_IO 3013 init_socket_sig(fd); 3014#endif /* not HAVE_SIGNALED_IO */ 3015 3016 add_fd_to_list(fd, FD_TYPE_SOCKET); 3017 3018#if !defined(SYS_WINNT) && !defined(VMS) 3019 DPRINTF(4, ("flags for fd %d: 0x%x\n", fd, 3020 fcntl(fd, F_GETFL, 0))); 3021#endif /* SYS_WINNT || VMS */ 3022 3023#if defined (HAVE_IO_COMPLETION_PORT) 3024/* 3025 * Add the socket to the completion port 3026 */ 3027 if (io_completion_port_add_socket(fd, interf)) { 3028 msyslog(LOG_ERR, "unable to set up io completion port - EXITING"); 3029 exit(1); 3030 } 3031#endif 3032 return fd; 3033} 3034 3035 3036#ifdef SYS_WINNT 3037#define sendto(fd, buf, len, flags, dest, destsz) \ 3038 io_completion_port_sendto(fd, buf, len, (sockaddr_u *)(dest)) 3039#endif 3040 3041/* XXX ELIMINATE sendpkt similar in ntpq.c, ntpdc.c, ntp_io.c, ntptrace.c */ 3042/* 3043 * sendpkt - send a packet to the specified destination. Maintain a 3044 * send error cache so that only the first consecutive error for a 3045 * destination is logged. 3046 */ 3047void 3048sendpkt( 3049 sockaddr_u * dest, 3050 struct interface * ep, 3051 int ttl, 3052 struct pkt * pkt, 3053 int len 3054 ) 3055{ 3056 endpt * src; 3057 int ismcast; 3058 int cc; 3059 int rc; 3060 u_char cttl; 3061 3062 ismcast = IS_MCAST(dest); 3063 if (!ismcast) 3064 src = ep; 3065 else 3066 src = (IS_IPV4(dest)) 3067 ? mc4_list 3068 : mc6_list; 3069 3070 if (NULL == src) { 3071 /* 3072 * unbound peer - drop request and wait for better 3073 * network conditions 3074 */ 3075 DPRINTF(2, ("%ssendpkt(dst=%s, ttl=%d, len=%d): no interface - IGNORED\n", 3076 ismcast ? "\tMCAST\t***** " : "", 3077 stoa(dest), ttl, len)); 3078 return; 3079 } 3080 3081 do { 3082 DPRINTF(2, ("%ssendpkt(%d, dst=%s, src=%s, ttl=%d, len=%d)\n", 3083 ismcast ? "\tMCAST\t***** " : "", src->fd, 3084 stoa(dest), stoa(&src->sin), ttl, len)); 3085#ifdef MCAST 3086 /* 3087 * for the moment we use the bcast option to set multicast ttl 3088 */ 3089 if (ismcast && ttl > 0 && ttl != src->last_ttl) { 3090 /* 3091 * set the multicast ttl for outgoing packets 3092 */ 3093 switch (AF(&src->sin)) { 3094 3095 case AF_INET : 3096 cttl = (u_char)ttl; 3097 rc = setsockopt(src->fd, IPPROTO_IP, 3098 IP_MULTICAST_TTL, 3099 (void *)&cttl, 3100 sizeof(cttl)); 3101 break; 3102 3103# ifdef INCLUDE_IPV6_SUPPORT 3104 case AF_INET6 : 3105 rc = setsockopt(src->fd, IPPROTO_IPV6, 3106 IPV6_MULTICAST_HOPS, 3107 (void *)&ttl, 3108 sizeof(ttl)); 3109 break; 3110# endif /* INCLUDE_IPV6_SUPPORT */ 3111 3112 default: 3113 rc = 0; 3114 } 3115 3116 if (!rc) 3117 src->last_ttl = ttl; 3118 else 3119 msyslog(LOG_ERR, 3120 "setsockopt IP_MULTICAST_TTL/IPV6_MULTICAST_HOPS fails on address %s: %m", 3121 stoa(&src->sin)); 3122 } 3123#endif /* MCAST */ 3124 3125#ifdef SIM 3126 cc = simulate_server(dest, src, pkt); 3127#else 3128 cc = sendto(src->fd, (char *)pkt, (u_int)len, 0, 3129 &dest->sa, SOCKLEN(dest)); 3130#endif 3131 if (cc == -1) { 3132 src->notsent++; 3133 packets_notsent++; 3134 } else { 3135 src->sent++; 3136 packets_sent++; 3137 } 3138 if (ismcast) 3139 src = src->mclink; 3140 } while (ismcast && src != NULL); 3141} 3142 3143 3144#if !defined(HAVE_IO_COMPLETION_PORT) && !defined(HAVE_SIGNALED_IO) 3145/* 3146 * fdbits - generate ascii representation of fd_set (FAU debug support) 3147 * HFDF format - highest fd first. 3148 */ 3149static char * 3150fdbits( 3151 int count, 3152 const fd_set* set 3153 ) 3154{ 3155 static char buffer[256]; 3156 char * buf = buffer; 3157 3158 count = min(count, 255); 3159 3160 while (count >= 0) { 3161 *buf++ = FD_ISSET(count, set) ? '#' : '-'; 3162 count--; 3163 } 3164 *buf = '\0'; 3165 3166 return buffer; 3167} 3168#endif 3169 3170#ifdef REFCLOCK 3171/* 3172 * Routine to read the refclock packets for a specific interface 3173 * Return the number of bytes read. That way we know if we should 3174 * read it again or go on to the next one if no bytes returned 3175 */ 3176static inline int 3177read_refclock_packet( 3178 SOCKET fd, 3179 struct refclockio * rp, 3180 l_fp ts 3181 ) 3182{ 3183 u_int read_count; 3184 int buflen; 3185 int saved_errno; 3186 int consumed; 3187 struct recvbuf * rb; 3188 3189 rb = get_free_recv_buffer(); 3190 3191 if (NULL == rb) { 3192 /* 3193 * No buffer space available - just drop the packet 3194 */ 3195 char buf[RX_BUFF_SIZE]; 3196 3197 buflen = read(fd, buf, sizeof buf); 3198 packets_dropped++; 3199 return (buflen); 3200 } 3201 3202 /* TALOS-CAN-0064: avoid signed/unsigned clashes that can lead 3203 * to buffer overrun and memory corruption 3204 */ 3205 if (rp->datalen <= 0 || (size_t)rp->datalen > sizeof(rb->recv_space)) 3206 read_count = sizeof(rb->recv_space); 3207 else 3208 read_count = (u_int)rp->datalen; 3209 do { 3210 buflen = read(fd, (char *)&rb->recv_space, read_count); 3211 } while (buflen < 0 && EINTR == errno); 3212 3213 if (buflen <= 0) { 3214 saved_errno = errno; 3215 freerecvbuf(rb); 3216 errno = saved_errno; 3217 return buflen; 3218 } 3219 3220 /* 3221 * Got one. Mark how and when it got here, 3222 * put it on the full list and do bookkeeping. 3223 */ 3224 rb->recv_length = buflen; 3225 rb->recv_peer = rp->srcclock; 3226 rb->dstadr = 0; 3227 rb->fd = fd; 3228 rb->recv_time = ts; 3229 rb->receiver = rp->clock_recv; 3230 3231 consumed = indicate_refclock_packet(rp, rb); 3232 if (!consumed) { 3233 rp->recvcount++; 3234 packets_received++; 3235 } 3236 3237 return buflen; 3238} 3239#endif /* REFCLOCK */ 3240 3241 3242#ifdef HAVE_PACKET_TIMESTAMP 3243/* 3244 * extract timestamps from control message buffer 3245 */ 3246static l_fp 3247fetch_timestamp( 3248 struct recvbuf * rb, 3249 struct msghdr * msghdr, 3250 l_fp ts 3251 ) 3252{ 3253 struct cmsghdr * cmsghdr; 3254#ifdef HAVE_BINTIME 3255 struct bintime * btp; 3256#endif 3257#ifdef HAVE_TIMESTAMPNS 3258 struct timespec * tsp; 3259#endif 3260#ifdef HAVE_TIMESTAMP 3261 struct timeval * tvp; 3262#endif 3263 unsigned long ticks; 3264 double fuzz; 3265 l_fp lfpfuzz; 3266 l_fp nts; 3267#ifdef DEBUG_TIMING 3268 l_fp dts; 3269#endif 3270 3271 cmsghdr = CMSG_FIRSTHDR(msghdr); 3272 while (cmsghdr != NULL) { 3273 switch (cmsghdr->cmsg_type) 3274 { 3275#ifdef HAVE_BINTIME 3276 case SCM_BINTIME: 3277#endif /* HAVE_BINTIME */ 3278#ifdef HAVE_TIMESTAMPNS 3279 case SCM_TIMESTAMPNS: 3280#endif /* HAVE_TIMESTAMPNS */ 3281#ifdef HAVE_TIMESTAMP 3282 case SCM_TIMESTAMP: 3283#endif /* HAVE_TIMESTAMP */ 3284#if defined(HAVE_BINTIME) || defined (HAVE_TIMESTAMPNS) || defined(HAVE_TIMESTAMP) 3285 switch (cmsghdr->cmsg_type) 3286 { 3287#ifdef HAVE_BINTIME 3288 case SCM_BINTIME: 3289 btp = (struct bintime *)CMSG_DATA(cmsghdr); 3290 /* 3291 * bintime documentation is at http://phk.freebsd.dk/pubs/timecounter.pdf 3292 */ 3293 nts.l_i = btp->sec + JAN_1970; 3294 nts.l_uf = (u_int32)(btp->frac >> 32); 3295 if (sys_tick > measured_tick && 3296 sys_tick > 1e-9) { 3297 ticks = (unsigned long)(nts.l_uf / (unsigned long)(sys_tick * FRAC)); 3298 nts.l_uf = (unsigned long)(ticks * (unsigned long)(sys_tick * FRAC)); 3299 } 3300 DPRINTF(4, ("fetch_timestamp: system bintime network time stamp: %ld.%09lu\n", 3301 btp->sec, (unsigned long)((nts.l_uf / FRAC) * 1e9))); 3302 break; 3303#endif /* HAVE_BINTIME */ 3304#ifdef HAVE_TIMESTAMPNS 3305 case SCM_TIMESTAMPNS: 3306 tsp = UA_PTR(struct timespec, CMSG_DATA(cmsghdr)); 3307 if (sys_tick > measured_tick && 3308 sys_tick > 1e-9) { 3309 ticks = (unsigned long)((tsp->tv_nsec * 1e-9) / 3310 sys_tick); 3311 tsp->tv_nsec = (long)(ticks * 1e9 * 3312 sys_tick); 3313 } 3314 DPRINTF(4, ("fetch_timestamp: system nsec network time stamp: %ld.%09ld\n", 3315 tsp->tv_sec, tsp->tv_nsec)); 3316 nts = tspec_stamp_to_lfp(*tsp); 3317 break; 3318#endif /* HAVE_TIMESTAMPNS */ 3319#ifdef HAVE_TIMESTAMP 3320 case SCM_TIMESTAMP: 3321 tvp = (struct timeval *)CMSG_DATA(cmsghdr); 3322 if (sys_tick > measured_tick && 3323 sys_tick > 1e-6) { 3324 ticks = (unsigned long)((tvp->tv_usec * 1e-6) / 3325 sys_tick); 3326 tvp->tv_usec = (long)(ticks * 1e6 * 3327 sys_tick); 3328 } 3329 DPRINTF(4, ("fetch_timestamp: system usec network time stamp: %jd.%06ld\n", 3330 (intmax_t)tvp->tv_sec, (long)tvp->tv_usec)); 3331 nts = tval_stamp_to_lfp(*tvp); 3332 break; 3333#endif /* HAVE_TIMESTAMP */ 3334 } 3335 fuzz = ntp_random() * 2. / FRAC * sys_fuzz; 3336 DTOLFP(fuzz, &lfpfuzz); 3337 L_ADD(&nts, &lfpfuzz); 3338#ifdef DEBUG_TIMING 3339 dts = ts; 3340 L_SUB(&dts, &nts); 3341 collect_timing(rb, "input processing delay", 1, 3342 &dts); 3343 DPRINTF(4, ("fetch_timestamp: timestamp delta: %s (incl. fuzz)\n", 3344 lfptoa(&dts, 9))); 3345#endif /* DEBUG_TIMING */ 3346 ts = nts; /* network time stamp */ 3347 break; 3348#endif /* HAVE_BINTIME || HAVE_TIMESTAMPNS || HAVE_TIMESTAMP */ 3349 3350 default: 3351 DPRINTF(4, ("fetch_timestamp: skipping control message 0x%x\n", 3352 cmsghdr->cmsg_type)); 3353 } 3354 cmsghdr = CMSG_NXTHDR(msghdr, cmsghdr); 3355 } 3356 return ts; 3357} 3358#endif /* HAVE_PACKET_TIMESTAMP */ 3359 3360 3361/* 3362 * Routine to read the network NTP packets for a specific interface 3363 * Return the number of bytes read. That way we know if we should 3364 * read it again or go on to the next one if no bytes returned 3365 */ 3366static inline int 3367read_network_packet( 3368 SOCKET fd, 3369 struct interface * itf, 3370 l_fp ts 3371 ) 3372{ 3373 GETSOCKNAME_SOCKLEN_TYPE fromlen; 3374 int buflen; 3375 register struct recvbuf *rb; 3376#ifdef HAVE_PACKET_TIMESTAMP 3377 struct msghdr msghdr; 3378 struct iovec iovec; 3379 char control[CMSG_BUFSIZE]; 3380#endif 3381 3382 /* 3383 * Get a buffer and read the frame. If we 3384 * haven't got a buffer, or this is received 3385 * on a disallowed socket, just dump the 3386 * packet. 3387 */ 3388 3389 rb = get_free_recv_buffer(); 3390 if (NULL == rb || itf->ignore_packets) { 3391 char buf[RX_BUFF_SIZE]; 3392 sockaddr_u from; 3393 3394 if (rb != NULL) 3395 freerecvbuf(rb); 3396 3397 fromlen = sizeof(from); 3398 buflen = recvfrom(fd, buf, sizeof(buf), 0, 3399 &from.sa, &fromlen); 3400 DPRINTF(4, ("%s on (%lu) fd=%d from %s\n", 3401 (itf->ignore_packets) 3402 ? "ignore" 3403 : "drop", 3404 free_recvbuffs(), fd, stoa(&from))); 3405 if (itf->ignore_packets) 3406 packets_ignored++; 3407 else 3408 packets_dropped++; 3409 return (buflen); 3410 } 3411 3412 fromlen = sizeof(rb->recv_srcadr); 3413 3414#ifndef HAVE_PACKET_TIMESTAMP 3415 rb->recv_length = recvfrom(fd, (char *)&rb->recv_space, 3416 sizeof(rb->recv_space), 0, 3417 &rb->recv_srcadr.sa, &fromlen); 3418#else 3419 iovec.iov_base = &rb->recv_space; 3420 iovec.iov_len = sizeof(rb->recv_space); 3421 msghdr.msg_name = &rb->recv_srcadr; 3422 msghdr.msg_namelen = fromlen; 3423 msghdr.msg_iov = &iovec; 3424 msghdr.msg_iovlen = 1; 3425 msghdr.msg_control = (void *)&control; 3426 msghdr.msg_controllen = sizeof(control); 3427 msghdr.msg_flags = 0; 3428 rb->recv_length = recvmsg(fd, &msghdr, 0); 3429#endif 3430 3431 buflen = rb->recv_length; 3432 3433 if (buflen == 0 || (buflen == -1 && 3434 (EWOULDBLOCK == errno 3435#ifdef EAGAIN 3436 || EAGAIN == errno 3437#endif 3438 ))) { 3439 freerecvbuf(rb); 3440 return (buflen); 3441 } else if (buflen < 0) { 3442 msyslog(LOG_ERR, "recvfrom(%s) fd=%d: %m", 3443 stoa(&rb->recv_srcadr), fd); 3444 DPRINTF(5, ("read_network_packet: fd=%d dropped (bad recvfrom)\n", 3445 fd)); 3446 freerecvbuf(rb); 3447 return (buflen); 3448 } 3449 3450 DPRINTF(3, ("read_network_packet: fd=%d length %d from %s\n", 3451 fd, buflen, stoa(&rb->recv_srcadr))); 3452 3453 /* 3454 ** Bug 2672: Some OSes (MacOSX and Linux) don't block spoofed ::1 3455 */ 3456 3457 if (AF_INET6 == itf->family) { 3458 DPRINTF(2, ("Got an IPv6 packet, from <%s> (%d) to <%s> (%d)\n", 3459 stoa(&rb->recv_srcadr), 3460 IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr)), 3461 stoa(&itf->sin), 3462 !IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&itf->sin)) 3463 )); 3464 3465 if ( IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr)) 3466 && !IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&itf->sin)) 3467 ) { 3468 packets_dropped++; 3469 DPRINTF(2, ("DROPPING that packet\n")); 3470 freerecvbuf(rb); 3471 return buflen; 3472 } 3473 DPRINTF(2, ("processing that packet\n")); 3474 } 3475 3476 /* 3477 * Got one. Mark how and when it got here, 3478 * put it on the full list and do bookkeeping. 3479 */ 3480 rb->dstadr = itf; 3481 rb->fd = fd; 3482#ifdef HAVE_PACKET_TIMESTAMP 3483 /* pick up a network time stamp if possible */ 3484 ts = fetch_timestamp(rb, &msghdr, ts); 3485#endif 3486 rb->recv_time = ts; 3487 rb->receiver = receive; 3488 3489 add_full_recv_buffer(rb); 3490 3491 itf->received++; 3492 packets_received++; 3493 return (buflen); 3494} 3495 3496/* 3497 * attempt to handle io (select()/signaled IO) 3498 */ 3499void 3500io_handler(void) 3501{ 3502# ifndef HAVE_SIGNALED_IO 3503 fd_set rdfdes; 3504 int nfound; 3505 3506 /* 3507 * Use select() on all on all input fd's for unlimited 3508 * time. select() will terminate on SIGALARM or on the 3509 * reception of input. Using select() means we can't do 3510 * robust signal handling and we get a potential race 3511 * between checking for alarms and doing the select(). 3512 * Mostly harmless, I think. 3513 */ 3514 /* 3515 * On VMS, I suspect that select() can't be interrupted 3516 * by a "signal" either, so I take the easy way out and 3517 * have select() time out after one second. 3518 * System clock updates really aren't time-critical, 3519 * and - lacking a hardware reference clock - I have 3520 * yet to learn about anything else that is. 3521 */ 3522 ++handler_calls; 3523 rdfdes = activefds; 3524# if !defined(VMS) && !defined(SYS_VXWORKS) 3525 nfound = select(maxactivefd + 1, &rdfdes, NULL, 3526 NULL, NULL); 3527# else /* VMS, VxWorks */ 3528 /* make select() wake up after one second */ 3529 { 3530 struct timeval t1; 3531 t1.tv_sec = 1; 3532 t1.tv_usec = 0; 3533 nfound = select(maxactivefd + 1, 3534 &rdfdes, NULL, NULL, 3535 &t1); 3536 } 3537# endif /* VMS, VxWorks */ 3538 if (nfound < 0 && sanitize_fdset(errno)) { 3539 struct timeval t1; 3540 t1.tv_sec = 0; 3541 t1.tv_usec = 0; 3542 rdfdes = activefds; 3543 nfound = select(maxactivefd + 1, 3544 &rdfdes, NULL, NULL, 3545 &t1); 3546 } 3547 3548 if (nfound > 0) { 3549 l_fp ts; 3550 3551 get_systime(&ts); 3552 3553 input_handler_scan(&ts, &rdfdes); 3554 } else if (nfound == -1 && errno != EINTR) { 3555 msyslog(LOG_ERR, "select() error: %m"); 3556 } 3557# ifdef DEBUG 3558 else if (debug > 4) { 3559 msyslog(LOG_DEBUG, "select(): nfound=%d, error: %m", nfound); 3560 } else { 3561 DPRINTF(3, ("select() returned %d: %m\n", nfound)); 3562 } 3563# endif /* DEBUG */ 3564# else /* HAVE_SIGNALED_IO */ 3565 wait_for_signal(); 3566# endif /* HAVE_SIGNALED_IO */ 3567} 3568 3569#ifdef HAVE_SIGNALED_IO 3570/* 3571 * input_handler - receive packets asynchronously 3572 * 3573 * ALWAYS IN SIGNAL HANDLER CONTEXT -- only async-safe functions allowed! 3574 */ 3575static RETSIGTYPE 3576input_handler( 3577 l_fp * cts 3578 ) 3579{ 3580 int n; 3581 struct timeval tvzero; 3582 fd_set fds; 3583 3584 ++handler_calls; 3585 3586 /* 3587 * Do a poll to see who has data 3588 */ 3589 3590 fds = activefds; 3591 tvzero.tv_sec = tvzero.tv_usec = 0; 3592 3593 n = select(maxactivefd + 1, &fds, NULL, NULL, &tvzero); 3594 if (n < 0 && sanitize_fdset(errno)) { 3595 fds = activefds; 3596 tvzero.tv_sec = tvzero.tv_usec = 0; 3597 n = select(maxactivefd + 1, &fds, NULL, NULL, &tvzero); 3598 } 3599 if (n > 0) 3600 input_handler_scan(cts, &fds); 3601} 3602#endif /* HAVE_SIGNALED_IO */ 3603 3604 3605/* 3606 * Try to sanitize the global FD set 3607 * 3608 * SIGNAL HANDLER CONTEXT if HAVE_SIGNALED_IO, ordinary userspace otherwise 3609 */ 3610static int/*BOOL*/ 3611sanitize_fdset( 3612 int errc 3613 ) 3614{ 3615 int j, b, maxscan; 3616 3617# ifndef HAVE_SIGNALED_IO 3618 /* 3619 * extended FAU debugging output 3620 */ 3621 if (errc != EINTR) { 3622 msyslog(LOG_ERR, 3623 "select(%d, %s, 0L, 0L, &0.0) error: %m", 3624 maxactivefd + 1, 3625 fdbits(maxactivefd, &activefds)); 3626 } 3627# endif 3628 3629 if (errc != EBADF) 3630 return FALSE; 3631 3632 /* if we have oviously bad FDs, try to sanitize the FD set. */ 3633 for (j = 0, maxscan = 0; j <= maxactivefd; j++) { 3634 if (FD_ISSET(j, &activefds)) { 3635 if (-1 != read(j, &b, 0)) { 3636 maxscan = j; 3637 continue; 3638 } 3639# ifndef HAVE_SIGNALED_IO 3640 msyslog(LOG_ERR, 3641 "Removing bad file descriptor %d from select set", 3642 j); 3643# endif 3644 FD_CLR(j, &activefds); 3645 } 3646 } 3647 if (maxactivefd != maxscan) 3648 maxactivefd = maxscan; 3649 return TRUE; 3650} 3651 3652/* 3653 * scan the known FDs (clocks, servers, ...) for presence in a 'fd_set'. 3654 * 3655 * SIGNAL HANDLER CONTEXT if HAVE_SIGNALED_IO, ordinary userspace otherwise 3656 */ 3657static void 3658input_handler_scan( 3659 const l_fp * cts, 3660 const fd_set * pfds 3661 ) 3662{ 3663 int buflen; 3664 u_int idx; 3665 int doing; 3666 SOCKET fd; 3667 blocking_child *c; 3668 l_fp ts; /* Timestamp at BOselect() gob */ 3669 3670#if defined(DEBUG_TIMING) 3671 l_fp ts_e; /* Timestamp at EOselect() gob */ 3672#endif 3673 endpt * ep; 3674#ifdef REFCLOCK 3675 struct refclockio *rp; 3676 int saved_errno; 3677 const char * clk; 3678#endif 3679#ifdef HAS_ROUTING_SOCKET 3680 struct asyncio_reader * asyncio_reader; 3681 struct asyncio_reader * next_asyncio_reader; 3682#endif 3683 3684 ++handler_pkts; 3685 ts = *cts; 3686 3687#ifdef REFCLOCK 3688 /* 3689 * Check out the reference clocks first, if any 3690 */ 3691 3692 for (rp = refio; rp != NULL; rp = rp->next) { 3693 fd = rp->fd; 3694 3695 if (!FD_ISSET(fd, pfds)) 3696 continue; 3697 buflen = read_refclock_packet(fd, rp, ts); 3698 /* 3699 * The first read must succeed after select() indicates 3700 * readability, or we've reached a permanent EOF. 3701 * http://bugs.ntp.org/1732 reported ntpd munching CPU 3702 * after a USB GPS was unplugged because select was 3703 * indicating EOF but ntpd didn't remove the descriptor 3704 * from the activefds set. 3705 */ 3706 if (buflen < 0 && EAGAIN != errno) { 3707 saved_errno = errno; 3708 clk = refnumtoa(&rp->srcclock->srcadr); 3709 errno = saved_errno; 3710 msyslog(LOG_ERR, "%s read: %m", clk); 3711 maintain_activefds(fd, TRUE); 3712 } else if (0 == buflen) { 3713 clk = refnumtoa(&rp->srcclock->srcadr); 3714 msyslog(LOG_ERR, "%s read EOF", clk); 3715 maintain_activefds(fd, TRUE); 3716 } else { 3717 /* drain any remaining refclock input */ 3718 do { 3719 buflen = read_refclock_packet(fd, rp, ts); 3720 } while (buflen > 0); 3721 } 3722 } 3723#endif /* REFCLOCK */ 3724 3725 /* 3726 * Loop through the interfaces looking for data to read. 3727 */ 3728 for (ep = ep_list; ep != NULL; ep = ep->elink) { 3729 for (doing = 0; doing < 2; doing++) { 3730 if (!doing) { 3731 fd = ep->fd; 3732 } else { 3733 if (!(ep->flags & INT_BCASTOPEN)) 3734 break; 3735 fd = ep->bfd; 3736 } 3737 if (fd < 0) 3738 continue; 3739 if (FD_ISSET(fd, pfds)) 3740 do { 3741 buflen = read_network_packet( 3742 fd, ep, ts); 3743 } while (buflen > 0); 3744 /* Check more interfaces */ 3745 } 3746 } 3747 3748#ifdef HAS_ROUTING_SOCKET 3749 /* 3750 * scan list of asyncio readers - currently only used for routing sockets 3751 */ 3752 asyncio_reader = asyncio_reader_list; 3753 3754 while (asyncio_reader != NULL) { 3755 /* callback may unlink and free asyncio_reader */ 3756 next_asyncio_reader = asyncio_reader->link; 3757 if (FD_ISSET(asyncio_reader->fd, pfds)) 3758 (*asyncio_reader->receiver)(asyncio_reader); 3759 asyncio_reader = next_asyncio_reader; 3760 } 3761#endif /* HAS_ROUTING_SOCKET */ 3762 3763 /* 3764 * Check for a response from a blocking child 3765 */ 3766 for (idx = 0; idx < blocking_children_alloc; idx++) { 3767 c = blocking_children[idx]; 3768 if (NULL == c || -1 == c->resp_read_pipe) 3769 continue; 3770 if (FD_ISSET(c->resp_read_pipe, pfds)) { 3771 ++c->resp_ready_seen; 3772 ++blocking_child_ready_seen; 3773 } 3774 } 3775 3776 /* We've done our work */ 3777#if defined(DEBUG_TIMING) 3778 get_systime(&ts_e); 3779 /* 3780 * (ts_e - ts) is the amount of time we spent 3781 * processing this gob of file descriptors. Log 3782 * it. 3783 */ 3784 L_SUB(&ts_e, &ts); 3785 collect_timing(NULL, "input handler", 1, &ts_e); 3786 if (debug > 3) 3787 msyslog(LOG_DEBUG, 3788 "input_handler: Processed a gob of fd's in %s msec", 3789 lfptoms(&ts_e, 6)); 3790#endif /* DEBUG_TIMING */ 3791} 3792 3793 3794/* 3795 * find an interface suitable for the src address 3796 */ 3797endpt * 3798select_peerinterface( 3799 struct peer * peer, 3800 sockaddr_u * srcadr, 3801 endpt * dstadr 3802 ) 3803{ 3804 endpt *ep; 3805#ifndef SIM 3806 endpt *wild; 3807 3808 wild = ANY_INTERFACE_CHOOSE(srcadr); 3809 3810 /* 3811 * Initialize the peer structure and dance the interface jig. 3812 * Reference clocks step the loopback waltz, the others 3813 * squaredance around the interface list looking for a buddy. If 3814 * the dance peters out, there is always the wildcard interface. 3815 * This might happen in some systems and would preclude proper 3816 * operation with public key cryptography. 3817 */ 3818 if (ISREFCLOCKADR(srcadr)) { 3819 ep = loopback_interface; 3820 } else if (peer->cast_flags & 3821 (MDF_BCLNT | MDF_ACAST | MDF_MCAST | MDF_BCAST)) { 3822 ep = findbcastinter(srcadr); 3823 if (ep != NULL) 3824 DPRINTF(4, ("Found *-cast interface %s for address %s\n", 3825 stoa(&ep->sin), stoa(srcadr))); 3826 else 3827 DPRINTF(4, ("No *-cast local address found for address %s\n", 3828 stoa(srcadr))); 3829 } else { 3830 ep = dstadr; 3831 if (NULL == ep) 3832 ep = wild; 3833 } 3834 /* 3835 * If it is a multicast address, findbcastinter() may not find 3836 * it. For unicast, we get to find the interface when dstadr is 3837 * given to us as the wildcard (ANY_INTERFACE_CHOOSE). Either 3838 * way, try a little harder. 3839 */ 3840 if (wild == ep) 3841 ep = findinterface(srcadr); 3842 /* 3843 * we do not bind to the wildcard interfaces for output 3844 * as our (network) source address would be undefined and 3845 * crypto will not work without knowing the own transmit address 3846 */ 3847 if (ep != NULL && INT_WILDCARD & ep->flags) 3848 if (!accept_wildcard_if_for_winnt) 3849 ep = NULL; 3850#else /* SIM follows */ 3851 ep = loopback_interface; 3852#endif 3853 3854 return ep; 3855} 3856 3857 3858/* 3859 * findinterface - find local interface corresponding to address 3860 */ 3861endpt * 3862findinterface( 3863 sockaddr_u *addr 3864 ) 3865{ 3866 endpt *iface; 3867 3868 iface = findlocalinterface(addr, INT_WILDCARD, 0); 3869 3870 if (NULL == iface) { 3871 DPRINTF(4, ("Found no interface for address %s - returning wildcard\n", 3872 stoa(addr))); 3873 3874 iface = ANY_INTERFACE_CHOOSE(addr); 3875 } else 3876 DPRINTF(4, ("Found interface #%d %s for address %s\n", 3877 iface->ifnum, iface->name, stoa(addr))); 3878 3879 return iface; 3880} 3881 3882/* 3883 * findlocalinterface - find local interface corresponding to addr, 3884 * which does not have any of flags set. If bast is nonzero, addr is 3885 * a broadcast address. 3886 * 3887 * This code attempts to find the local sending address for an outgoing 3888 * address by connecting a new socket to destinationaddress:NTP_PORT 3889 * and reading the sockname of the resulting connect. 3890 * the complicated sequence simulates the routing table lookup 3891 * for to first hop without duplicating any of the routing logic into 3892 * ntpd. preferably we would have used an API call - but its not there - 3893 * so this is the best we can do here short of duplicating to entire routing 3894 * logic in ntpd which would be a silly and really unportable thing to do. 3895 * 3896 */ 3897static endpt * 3898findlocalinterface( 3899 sockaddr_u * addr, 3900 int flags, 3901 int bcast 3902 ) 3903{ 3904 GETSOCKNAME_SOCKLEN_TYPE sockaddrlen; 3905 endpt * iface; 3906 sockaddr_u saddr; 3907 SOCKET s; 3908 int rtn; 3909 int on; 3910 3911 DPRINTF(4, ("Finding interface for addr %s in list of addresses\n", 3912 stoa(addr))); 3913 3914 s = socket(AF(addr), SOCK_DGRAM, 0); 3915 if (INVALID_SOCKET == s) 3916 return NULL; 3917 3918 /* 3919 * If we are looking for broadcast interface we need to set this 3920 * socket to allow broadcast 3921 */ 3922 if (bcast) { 3923 on = 1; 3924 if (SOCKET_ERROR == setsockopt(s, SOL_SOCKET, 3925 SO_BROADCAST, 3926 (char *)&on, 3927 sizeof(on))) { 3928 closesocket(s); 3929 return NULL; 3930 } 3931 } 3932 3933 rtn = connect(s, &addr->sa, SOCKLEN(addr)); 3934 if (SOCKET_ERROR == rtn) { 3935 closesocket(s); 3936 return NULL; 3937 } 3938 3939 sockaddrlen = sizeof(saddr); 3940 rtn = getsockname(s, &saddr.sa, &sockaddrlen); 3941 closesocket(s); 3942 if (SOCKET_ERROR == rtn) 3943 return NULL; 3944 3945 DPRINTF(4, ("findlocalinterface: kernel maps %s to %s\n", 3946 stoa(addr), stoa(&saddr))); 3947 3948 iface = getinterface(&saddr, flags); 3949 3950 /* 3951 * if we didn't find an exact match on saddr, find the closest 3952 * available local address. This handles the case of the 3953 * address suggested by the kernel being excluded by nic rules 3954 * or the user's -I and -L options to ntpd. 3955 * See http://bugs.ntp.org/1184 and http://bugs.ntp.org/1683 3956 * for more background. 3957 */ 3958 if (NULL == iface || iface->ignore_packets) 3959 iface = findclosestinterface(&saddr, 3960 flags | INT_LOOPBACK); 3961 3962 /* Don't use an interface which will ignore replies */ 3963 if (iface != NULL && iface->ignore_packets) 3964 iface = NULL; 3965 3966 return iface; 3967} 3968 3969 3970/* 3971 * findclosestinterface 3972 * 3973 * If there are -I/--interface or -L/novirtualips command-line options, 3974 * or "nic" or "interface" rules in ntp.conf, findlocalinterface() may 3975 * find the kernel's preferred local address for a given peer address is 3976 * administratively unavailable to ntpd, and punt to this routine's more 3977 * expensive search. 3978 * 3979 * Find the numerically closest local address to the one connect() 3980 * suggested. This matches an address on the same subnet first, as 3981 * needed by Bug 1184, and provides a consistent choice if there are 3982 * multiple feasible local addresses, regardless of the order ntpd 3983 * enumerated them. 3984 */ 3985endpt * 3986findclosestinterface( 3987 sockaddr_u * addr, 3988 int flags 3989 ) 3990{ 3991 endpt * ep; 3992 endpt * winner; 3993 sockaddr_u addr_dist; 3994 sockaddr_u min_dist; 3995 3996 ZERO_SOCK(&min_dist); 3997 winner = NULL; 3998 3999 for (ep = ep_list; ep != NULL; ep = ep->elink) { 4000 if (ep->ignore_packets || 4001 AF(addr) != ep->family || 4002 flags & ep->flags) 4003 continue; 4004 4005 calc_addr_distance(&addr_dist, addr, &ep->sin); 4006 if (NULL == winner || 4007 -1 == cmp_addr_distance(&addr_dist, &min_dist)) { 4008 min_dist = addr_dist; 4009 winner = ep; 4010 } 4011 } 4012 if (NULL == winner) 4013 DPRINTF(4, ("findclosestinterface(%s) failed\n", 4014 stoa(addr))); 4015 else 4016 DPRINTF(4, ("findclosestinterface(%s) -> %s\n", 4017 stoa(addr), stoa(&winner->sin))); 4018 4019 return winner; 4020} 4021 4022 4023/* 4024 * calc_addr_distance - calculate the distance between two addresses, 4025 * the absolute value of the difference between 4026 * the addresses numerically, stored as an address. 4027 */ 4028static void 4029calc_addr_distance( 4030 sockaddr_u * dist, 4031 const sockaddr_u * a1, 4032 const sockaddr_u * a2 4033 ) 4034{ 4035 u_int32 a1val; 4036 u_int32 a2val; 4037 u_int32 v4dist; 4038 int found_greater; 4039 int a1_greater; 4040 int i; 4041 4042 REQUIRE(AF(a1) == AF(a2)); 4043 4044 ZERO_SOCK(dist); 4045 AF(dist) = AF(a1); 4046 4047 /* v4 can be done a bit simpler */ 4048 if (IS_IPV4(a1)) { 4049 a1val = SRCADR(a1); 4050 a2val = SRCADR(a2); 4051 v4dist = (a1val > a2val) 4052 ? a1val - a2val 4053 : a2val - a1val; 4054 SET_ADDR4(dist, v4dist); 4055 4056 return; 4057 } 4058 4059 found_greater = FALSE; 4060 a1_greater = FALSE; /* suppress pot. uninit. warning */ 4061 for (i = 0; i < (int)sizeof(NSRCADR6(a1)); i++) { 4062 if (!found_greater && 4063 NSRCADR6(a1)[i] != NSRCADR6(a2)[i]) { 4064 found_greater = TRUE; 4065 a1_greater = (NSRCADR6(a1)[i] > NSRCADR6(a2)[i]); 4066 } 4067 if (!found_greater) { 4068 NSRCADR6(dist)[i] = 0; 4069 } else { 4070 if (a1_greater) 4071 NSRCADR6(dist)[i] = NSRCADR6(a1)[i] - 4072 NSRCADR6(a2)[i]; 4073 else 4074 NSRCADR6(dist)[i] = NSRCADR6(a2)[i] - 4075 NSRCADR6(a1)[i]; 4076 } 4077 } 4078} 4079 4080 4081/* 4082 * cmp_addr_distance - compare two address distances, returning -1, 0, 4083 * 1 to indicate their relationship. 4084 */ 4085static int 4086cmp_addr_distance( 4087 const sockaddr_u * d1, 4088 const sockaddr_u * d2 4089 ) 4090{ 4091 int i; 4092 4093 REQUIRE(AF(d1) == AF(d2)); 4094 4095 if (IS_IPV4(d1)) { 4096 if (SRCADR(d1) < SRCADR(d2)) 4097 return -1; 4098 else if (SRCADR(d1) == SRCADR(d2)) 4099 return 0; 4100 else 4101 return 1; 4102 } 4103 4104 for (i = 0; i < (int)sizeof(NSRCADR6(d1)); i++) { 4105 if (NSRCADR6(d1)[i] < NSRCADR6(d2)[i]) 4106 return -1; 4107 else if (NSRCADR6(d1)[i] > NSRCADR6(d2)[i]) 4108 return 1; 4109 } 4110 4111 return 0; 4112} 4113 4114 4115 4116/* 4117 * fetch an interface structure the matches the 4118 * address and has the given flags NOT set 4119 */ 4120endpt * 4121getinterface( 4122 sockaddr_u * addr, 4123 u_int32 flags 4124 ) 4125{ 4126 endpt *iface; 4127 4128 iface = find_addr_in_list(addr); 4129 4130 if (iface != NULL && (iface->flags & flags)) 4131 iface = NULL; 4132 4133 return iface; 4134} 4135 4136 4137/* 4138 * findbcastinter - find broadcast interface corresponding to address 4139 */ 4140endpt * 4141findbcastinter( 4142 sockaddr_u *addr 4143 ) 4144{ 4145 endpt * iface; 4146 4147 iface = NULL; 4148#if !defined(MPE) && (defined(SIOCGIFCONF) || defined(SYS_WINNT)) 4149 DPRINTF(4, ("Finding broadcast/multicast interface for addr %s in list of addresses\n", 4150 stoa(addr))); 4151 4152 iface = findlocalinterface(addr, INT_LOOPBACK | INT_WILDCARD, 4153 1); 4154 if (iface != NULL) { 4155 DPRINTF(4, ("Easily found bcast-/mcast- interface index #%d %s\n", 4156 iface->ifnum, iface->name)); 4157 return iface; 4158 } 4159 4160 /* 4161 * plan B - try to find something reasonable in our lists in 4162 * case kernel lookup doesn't help 4163 */ 4164 for (iface = ep_list; iface != NULL; iface = iface->elink) { 4165 if (iface->flags & INT_WILDCARD) 4166 continue; 4167 4168 /* Don't bother with ignored interfaces */ 4169 if (iface->ignore_packets) 4170 continue; 4171 4172 /* 4173 * First look if this is the correct family 4174 */ 4175 if(AF(&iface->sin) != AF(addr)) 4176 continue; 4177 4178 /* Skip the loopback addresses */ 4179 if (iface->flags & INT_LOOPBACK) 4180 continue; 4181 4182 /* 4183 * If we are looking to match a multicast address and 4184 * this interface is one... 4185 */ 4186 if (addr_ismulticast(addr) 4187 && (iface->flags & INT_MULTICAST)) { 4188#ifdef INCLUDE_IPV6_SUPPORT 4189 /* 4190 * ...it is the winner unless we're looking for 4191 * an interface to use for link-local multicast 4192 * and its address is not link-local. 4193 */ 4194 if (IS_IPV6(addr) 4195 && IN6_IS_ADDR_MC_LINKLOCAL(PSOCK_ADDR6(addr)) 4196 && !IN6_IS_ADDR_LINKLOCAL(PSOCK_ADDR6(&iface->sin))) 4197 continue; 4198#endif 4199 break; 4200 } 4201 4202 /* 4203 * We match only those interfaces marked as 4204 * broadcastable and either the explicit broadcast 4205 * address or the network portion of the IP address. 4206 * Sloppy. 4207 */ 4208 if (IS_IPV4(addr)) { 4209 if (SOCK_EQ(&iface->bcast, addr)) 4210 break; 4211 4212 if ((NSRCADR(&iface->sin) & NSRCADR(&iface->mask)) 4213 == (NSRCADR(addr) & NSRCADR(&iface->mask))) 4214 break; 4215 } 4216#ifdef INCLUDE_IPV6_SUPPORT 4217 else if (IS_IPV6(addr)) { 4218 if (SOCK_EQ(&iface->bcast, addr)) 4219 break; 4220 4221 if (SOCK_EQ(netof(&iface->sin), netof(addr))) 4222 break; 4223 } 4224#endif 4225 } 4226#endif /* SIOCGIFCONF */ 4227 if (NULL == iface) { 4228 DPRINTF(4, ("No bcast interface found for %s\n", 4229 stoa(addr))); 4230 iface = ANY_INTERFACE_CHOOSE(addr); 4231 } else { 4232 DPRINTF(4, ("Found bcast-/mcast- interface index #%d %s\n", 4233 iface->ifnum, iface->name)); 4234 } 4235 4236 return iface; 4237} 4238 4239 4240/* 4241 * io_clr_stats - clear I/O module statistics 4242 */ 4243void 4244io_clr_stats(void) 4245{ 4246 packets_dropped = 0; 4247 packets_ignored = 0; 4248 packets_received = 0; 4249 packets_sent = 0; 4250 packets_notsent = 0; 4251 4252 handler_calls = 0; 4253 handler_pkts = 0; 4254 io_timereset = current_time; 4255} 4256 4257 4258#ifdef REFCLOCK 4259/* 4260 * io_addclock - add a reference clock to the list and arrange that we 4261 * get SIGIO interrupts from it. 4262 */ 4263int 4264io_addclock( 4265 struct refclockio *rio 4266 ) 4267{ 4268 BLOCKIO(); 4269 4270 /* 4271 * Stuff the I/O structure in the list and mark the descriptor 4272 * in use. There is a harmless (I hope) race condition here. 4273 */ 4274 rio->active = TRUE; 4275 4276# ifdef HAVE_SIGNALED_IO 4277 if (init_clock_sig(rio)) { 4278 UNBLOCKIO(); 4279 return 0; 4280 } 4281# elif defined(HAVE_IO_COMPLETION_PORT) 4282 if (io_completion_port_add_clock_io(rio)) { 4283 UNBLOCKIO(); 4284 return 0; 4285 } 4286# endif 4287 4288 /* 4289 * enqueue 4290 */ 4291 LINK_SLIST(refio, rio, next); 4292 4293 /* 4294 * register fd 4295 */ 4296 add_fd_to_list(rio->fd, FD_TYPE_FILE); 4297 4298 UNBLOCKIO(); 4299 return 1; 4300} 4301 4302 4303/* 4304 * io_closeclock - close the clock in the I/O structure given 4305 */ 4306void 4307io_closeclock( 4308 struct refclockio *rio 4309 ) 4310{ 4311 struct refclockio *unlinked; 4312 4313 BLOCKIO(); 4314 4315 /* 4316 * Remove structure from the list 4317 */ 4318 rio->active = FALSE; 4319 UNLINK_SLIST(unlinked, refio, rio, next, struct refclockio); 4320 if (NULL != unlinked) { 4321 purge_recv_buffers_for_fd(rio->fd); 4322 /* 4323 * Close the descriptor. 4324 */ 4325 close_and_delete_fd_from_list(rio->fd); 4326 } 4327 rio->fd = -1; 4328 4329 UNBLOCKIO(); 4330} 4331#endif /* REFCLOCK */ 4332 4333 4334/* 4335 * On NT a SOCKET is an unsigned int so we cannot possibly keep it in 4336 * an array. So we use one of the ISC_LIST functions to hold the 4337 * socket value and use that when we want to enumerate it. 4338 * 4339 * This routine is called by the forked intres child process to close 4340 * all open sockets. On Windows there's no need as intres runs in 4341 * the same process as a thread. 4342 */ 4343#ifndef SYS_WINNT 4344void 4345kill_asyncio( 4346 int startfd 4347 ) 4348{ 4349 BLOCKIO(); 4350 4351 /* 4352 * In the child process we do not maintain activefds and 4353 * maxactivefd. Zeroing maxactivefd disables code which 4354 * maintains it in close_and_delete_fd_from_list(). 4355 */ 4356 maxactivefd = 0; 4357 4358 while (fd_list != NULL) 4359 close_and_delete_fd_from_list(fd_list->fd); 4360 4361 UNBLOCKIO(); 4362} 4363#endif /* !SYS_WINNT */ 4364 4365 4366/* 4367 * Add and delete functions for the list of open sockets 4368 */ 4369static void 4370add_fd_to_list( 4371 SOCKET fd, 4372 enum desc_type type 4373 ) 4374{ 4375 vsock_t *lsock = emalloc(sizeof(*lsock)); 4376 4377 lsock->fd = fd; 4378 lsock->type = type; 4379 4380 LINK_SLIST(fd_list, lsock, link); 4381 maintain_activefds(fd, 0); 4382} 4383 4384 4385static void 4386close_and_delete_fd_from_list( 4387 SOCKET fd 4388 ) 4389{ 4390 vsock_t *lsock; 4391 4392 UNLINK_EXPR_SLIST(lsock, fd_list, fd == 4393 UNLINK_EXPR_SLIST_CURRENT()->fd, link, vsock_t); 4394 4395 if (NULL == lsock) 4396 return; 4397 4398 switch (lsock->type) { 4399 4400 case FD_TYPE_SOCKET: 4401 closesocket(lsock->fd); 4402 break; 4403 4404 case FD_TYPE_FILE: 4405 closeserial((int)lsock->fd); 4406 break; 4407 4408 default: 4409 msyslog(LOG_ERR, 4410 "internal error - illegal descriptor type %d - EXITING", 4411 (int)lsock->type); 4412 exit(1); 4413 } 4414 4415 free(lsock); 4416 /* 4417 * remove from activefds 4418 */ 4419 maintain_activefds(fd, 1); 4420} 4421 4422 4423static void 4424add_addr_to_list( 4425 sockaddr_u * addr, 4426 endpt * ep 4427 ) 4428{ 4429 remaddr_t *laddr; 4430 4431#ifdef DEBUG 4432 if (find_addr_in_list(addr) == NULL) { 4433#endif 4434 /* not there yet - add to list */ 4435 laddr = emalloc(sizeof(*laddr)); 4436 laddr->addr = *addr; 4437 laddr->ep = ep; 4438 4439 LINK_SLIST(remoteaddr_list, laddr, link); 4440 4441 DPRINTF(4, ("Added addr %s to list of addresses\n", 4442 stoa(addr))); 4443#ifdef DEBUG 4444 } else 4445 DPRINTF(4, ("WARNING: Attempt to add duplicate addr %s to address list\n", 4446 stoa(addr))); 4447#endif 4448} 4449 4450 4451static void 4452delete_addr_from_list( 4453 sockaddr_u *addr 4454 ) 4455{ 4456 remaddr_t *unlinked; 4457 4458 UNLINK_EXPR_SLIST(unlinked, remoteaddr_list, SOCK_EQ(addr, 4459 &(UNLINK_EXPR_SLIST_CURRENT()->addr)), link, remaddr_t); 4460 4461 if (unlinked != NULL) { 4462 DPRINTF(4, ("Deleted addr %s from list of addresses\n", 4463 stoa(addr))); 4464 free(unlinked); 4465 } 4466} 4467 4468 4469static void 4470delete_interface_from_list( 4471 endpt *iface 4472 ) 4473{ 4474 remaddr_t *unlinked; 4475 4476 for (;;) { 4477 UNLINK_EXPR_SLIST(unlinked, remoteaddr_list, iface == 4478 UNLINK_EXPR_SLIST_CURRENT()->ep, link, 4479 remaddr_t); 4480 4481 if (unlinked == NULL) 4482 break; 4483 DPRINTF(4, ("Deleted addr %s for interface #%d %s from list of addresses\n", 4484 stoa(&unlinked->addr), iface->ifnum, 4485 iface->name)); 4486 free(unlinked); 4487 } 4488} 4489 4490 4491static struct interface * 4492find_addr_in_list( 4493 sockaddr_u *addr 4494 ) 4495{ 4496 remaddr_t *entry; 4497 4498 DPRINTF(4, ("Searching for addr %s in list of addresses - ", 4499 stoa(addr))); 4500 4501 for (entry = remoteaddr_list; 4502 entry != NULL; 4503 entry = entry->link) 4504 if (SOCK_EQ(&entry->addr, addr)) { 4505 DPRINTF(4, ("FOUND\n")); 4506 return entry->ep; 4507 } 4508 4509 DPRINTF(4, ("NOT FOUND\n")); 4510 return NULL; 4511} 4512 4513 4514/* 4515 * Find the given address with the all given flags set in the list 4516 */ 4517static endpt * 4518find_flagged_addr_in_list( 4519 sockaddr_u * addr, 4520 u_int32 flags 4521 ) 4522{ 4523 remaddr_t *entry; 4524 4525 DPRINTF(4, ("Finding addr %s with flags %d in list: ", 4526 stoa(addr), flags)); 4527 4528 for (entry = remoteaddr_list; 4529 entry != NULL; 4530 entry = entry->link) 4531 4532 if (SOCK_EQ(&entry->addr, addr) 4533 && (entry->ep->flags & flags) == flags) { 4534 4535 DPRINTF(4, ("FOUND\n")); 4536 return entry->ep; 4537 } 4538 4539 DPRINTF(4, ("NOT FOUND\n")); 4540 return NULL; 4541} 4542 4543 4544const char * 4545localaddrtoa( 4546 endpt *la 4547 ) 4548{ 4549 return (NULL == la) 4550 ? "<null>" 4551 : stoa(&la->sin); 4552} 4553 4554 4555#ifdef HAS_ROUTING_SOCKET 4556# ifndef UPDATE_GRACE 4557# define UPDATE_GRACE 2 /* wait UPDATE_GRACE seconds before scanning */ 4558# endif 4559 4560static void 4561process_routing_msgs(struct asyncio_reader *reader) 4562{ 4563 char buffer[5120]; 4564 int cnt, msg_type; 4565#ifdef HAVE_RTNETLINK 4566 struct nlmsghdr *nh; 4567#else 4568 struct rt_msghdr rtm; 4569 char *p; 4570#endif 4571 4572 if (disable_dynamic_updates) { 4573 /* 4574 * discard ourselves if we are not needed any more 4575 * usually happens when running unprivileged 4576 */ 4577 remove_asyncio_reader(reader); 4578 delete_asyncio_reader(reader); 4579 return; 4580 } 4581 4582 cnt = read(reader->fd, buffer, sizeof(buffer)); 4583 4584 if (cnt < 0) { 4585 if (errno == ENOBUFS) { 4586 msyslog(LOG_ERR, 4587 "routing socket reports: %m"); 4588 } else { 4589 msyslog(LOG_ERR, 4590 "routing socket reports: %m - disabling"); 4591 remove_asyncio_reader(reader); 4592 delete_asyncio_reader(reader); 4593 } 4594 return; 4595 } 4596 4597 /* 4598 * process routing message 4599 */ 4600#ifdef HAVE_RTNETLINK 4601 for (nh = UA_PTR(struct nlmsghdr, buffer); 4602 NLMSG_OK(nh, cnt); 4603 nh = NLMSG_NEXT(nh, cnt)) { 4604 msg_type = nh->nlmsg_type; 4605#else 4606 for (p = buffer; 4607 (p + sizeof(struct rt_msghdr)) <= (buffer + cnt); 4608 p += rtm.rtm_msglen) { 4609 memcpy(&rtm, p, sizeof(rtm)); 4610 if (rtm.rtm_version != RTM_VERSION) { 4611 msyslog(LOG_ERR, 4612 "version mismatch (got %d - expected %d) on routing socket - disabling", 4613 rtm.rtm_version, RTM_VERSION); 4614 4615 remove_asyncio_reader(reader); 4616 delete_asyncio_reader(reader); 4617 return; 4618 } 4619 msg_type = rtm.rtm_type; 4620#endif 4621 switch (msg_type) { 4622#ifdef RTM_NEWADDR 4623 case RTM_NEWADDR: 4624#endif 4625#ifdef RTM_DELADDR 4626 case RTM_DELADDR: 4627#endif 4628#ifdef RTM_ADD 4629 case RTM_ADD: 4630#endif 4631#ifdef RTM_DELETE 4632 case RTM_DELETE: 4633#endif 4634#ifdef RTM_REDIRECT 4635 case RTM_REDIRECT: 4636#endif 4637#ifdef RTM_CHANGE 4638 case RTM_CHANGE: 4639#endif 4640#ifdef RTM_LOSING 4641 case RTM_LOSING: 4642#endif 4643#ifdef RTM_IFINFO 4644 case RTM_IFINFO: 4645#endif 4646#ifdef RTM_IFANNOUNCE 4647 case RTM_IFANNOUNCE: 4648#endif 4649#ifdef RTM_NEWLINK 4650 case RTM_NEWLINK: 4651#endif 4652#ifdef RTM_DELLINK 4653 case RTM_DELLINK: 4654#endif 4655#ifdef RTM_NEWROUTE 4656 case RTM_NEWROUTE: 4657#endif 4658#ifdef RTM_DELROUTE 4659 case RTM_DELROUTE: 4660#endif 4661 /* 4662 * we are keen on new and deleted addresses and 4663 * if an interface goes up and down or routing 4664 * changes 4665 */ 4666 DPRINTF(3, ("routing message op = %d: scheduling interface update\n", 4667 msg_type)); 4668 timer_interfacetimeout(current_time + UPDATE_GRACE); 4669 break; 4670#ifdef HAVE_RTNETLINK 4671 case NLMSG_DONE: 4672 /* end of multipart message */ 4673 return; 4674#endif 4675 default: 4676 /* 4677 * the rest doesn't bother us. 4678 */ 4679 DPRINTF(4, ("routing message op = %d: ignored\n", 4680 msg_type)); 4681 break; 4682 } 4683 } 4684} 4685 4686/* 4687 * set up routing notifications 4688 */ 4689static void 4690init_async_notifications() 4691{ 4692 struct asyncio_reader *reader; 4693#ifdef HAVE_RTNETLINK 4694 int fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE); 4695 struct sockaddr_nl sa; 4696#else 4697 int fd = socket(PF_ROUTE, SOCK_RAW, 0); 4698#endif 4699 if (fd < 0) { 4700 msyslog(LOG_ERR, 4701 "unable to open routing socket (%m) - using polled interface update"); 4702 return; 4703 } 4704 4705 fd = move_fd(fd); 4706#ifdef HAVE_RTNETLINK 4707 ZERO(sa); 4708 sa.nl_family = PF_NETLINK; 4709 sa.nl_groups = RTMGRP_LINK | RTMGRP_IPV4_IFADDR 4710 | RTMGRP_IPV6_IFADDR | RTMGRP_IPV4_ROUTE 4711 | RTMGRP_IPV4_MROUTE | RTMGRP_IPV6_ROUTE 4712 | RTMGRP_IPV6_MROUTE; 4713 if (bind(fd, (struct sockaddr *)&sa, sizeof(sa)) < 0) { 4714 msyslog(LOG_ERR, 4715 "bind failed on routing socket (%m) - using polled interface update"); 4716 return; 4717 } 4718#endif 4719 make_socket_nonblocking(fd); 4720#if defined(HAVE_SIGNALED_IO) 4721 init_socket_sig(fd); 4722#endif /* HAVE_SIGNALED_IO */ 4723 4724 reader = new_asyncio_reader(); 4725 4726 reader->fd = fd; 4727 reader->receiver = process_routing_msgs; 4728 4729 add_asyncio_reader(reader, FD_TYPE_SOCKET); 4730 msyslog(LOG_INFO, 4731 "Listening on routing socket on fd #%d for interface updates", 4732 fd); 4733} 4734#else 4735/* HAS_ROUTING_SOCKET not defined */ 4736static void 4737init_async_notifications(void) 4738{ 4739} 4740#endif 4741 4742