summaryrefslogtreecommitdiffstats
path: root/ntp_core.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 18:43:21 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 18:43:21 +0000
commit104f986b0650b8f93540785d2bcf486905e49b62 (patch)
tree2b2ae5113d9b57425d4bb3f726e325316b87e00a /ntp_core.c
parentInitial commit. (diff)
downloadchrony-104f986b0650b8f93540785d2bcf486905e49b62.tar.xz
chrony-104f986b0650b8f93540785d2bcf486905e49b62.zip
Adding upstream version 3.4.upstream/3.4upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'ntp_core.c')
-rw-r--r--ntp_core.c2662
1 files changed, 2662 insertions, 0 deletions
diff --git a/ntp_core.c b/ntp_core.c
new file mode 100644
index 0000000..49d1ae7
--- /dev/null
+++ b/ntp_core.c
@@ -0,0 +1,2662 @@
+/*
+ chronyd/chronyc - Programs for keeping computer clocks accurate.
+
+ **********************************************************************
+ * Copyright (C) Richard P. Curnow 1997-2003
+ * Copyright (C) Miroslav Lichvar 2009-2018
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ **********************************************************************
+
+ =======================================================================
+
+ Core NTP protocol engine
+ */
+
+#include "config.h"
+
+#include "sysincl.h"
+
+#include "array.h"
+#include "ntp_core.h"
+#include "ntp_io.h"
+#include "ntp_signd.h"
+#include "memory.h"
+#include "sched.h"
+#include "reference.h"
+#include "local.h"
+#include "samplefilt.h"
+#include "smooth.h"
+#include "sources.h"
+#include "util.h"
+#include "conf.h"
+#include "logging.h"
+#include "keys.h"
+#include "addrfilt.h"
+#include "clientlog.h"
+
+/* ================================================== */
+
+static LOG_FileID logfileid;
+static int log_raw_measurements;
+
+/* ================================================== */
+/* Enumeration used for remembering the operating mode of one of the
+ sources */
+
+typedef enum {
+ MD_OFFLINE, /* No sampling at all */
+ MD_ONLINE, /* Normal sampling based on sampling interval */
+ MD_BURST_WAS_OFFLINE, /* Burst sampling, return to offline afterwards */
+ MD_BURST_WAS_ONLINE, /* Burst sampling, return to online afterwards */
+} OperatingMode;
+
+/* ================================================== */
+/* Enumeration for authentication modes of NTP packets */
+
+typedef enum {
+ AUTH_NONE = 0, /* No authentication */
+ AUTH_SYMMETRIC, /* MAC using symmetric key (RFC 1305, RFC 5905) */
+ AUTH_MSSNTP, /* MS-SNTP authenticator field */
+ AUTH_MSSNTP_EXT, /* MS-SNTP extended authenticator field */
+} AuthenticationMode;
+
+/* ================================================== */
+/* Structure used for holding a single peer/server's
+ protocol machine */
+
+struct NCR_Instance_Record {
+ NTP_Remote_Address remote_addr; /* Needed for routing transmit packets */
+ NTP_Local_Address local_addr; /* Local address/socket used to send packets */
+ NTP_Mode mode; /* The source's NTP mode
+ (client/server or symmetric active peer) */
+ int interleaved; /* Boolean enabling interleaved NTP mode */
+ OperatingMode opmode; /* Whether we are sampling this source
+ or not and in what way */
+ SCH_TimeoutID rx_timeout_id; /* Timeout ID for latest received response */
+ SCH_TimeoutID tx_timeout_id; /* Timeout ID for next transmission */
+ int tx_suspended; /* Boolean indicating we can't transmit yet */
+
+ int auto_burst; /* If 1, initiate a burst on each poll */
+ int auto_offline; /* If 1, automatically go offline when requests
+ cannot be sent */
+
+ int local_poll; /* Log2 of polling interval at our end */
+ int remote_poll; /* Log2 of server/peer's polling interval (recovered
+ from received packets) */
+ int remote_stratum; /* Stratum of the server/peer (recovered from
+ received packets) */
+
+ int presend_minpoll; /* If the current polling interval is
+ at least this, an extra client packet
+ will be send some time before normal
+ transmit. This ensures that both
+ us and the server/peer have an ARP
+ entry for each other ready, which
+ means our measurement is not
+ botched by an ARP round-trip on one
+ side or the other. */
+
+ int presend_done; /* The presend packet has been sent */
+
+ int minpoll; /* Log2 of minimum defined polling interval */
+ int maxpoll; /* Log2 of maximum defined polling interval */
+
+ int min_stratum; /* Increase stratum in received packets to the
+ minimum */
+
+ int poll_target; /* Target number of sourcestats samples */
+
+ int version; /* Version set in packets for server/peer */
+
+ double poll_score; /* Score of current local poll */
+
+ double max_delay; /* Maximum round-trip delay to the
+ peer that we can tolerate and still
+ use the sample for generating
+ statistics from */
+
+ double max_delay_ratio; /* Largest ratio of delay /
+ min_delay_in_register that we can
+ tolerate. */
+
+ double max_delay_dev_ratio; /* Maximum ratio of increase in delay / stddev */
+
+ double offset_correction; /* Correction applied to measured offset
+ (e.g. for asymmetry in network delay) */
+
+ AuthenticationMode auth_mode; /* Authentication mode of our requests */
+ uint32_t auth_key_id; /* The ID of the authentication key to
+ use. */
+
+ /* Count of transmitted packets since last valid response */
+ unsigned int tx_count;
+
+ /* Flag indicating a valid response was received since last request */
+ int valid_rx;
+
+ /* Flag indicating the timestamps below are from a valid packet and may
+ be used for synchronisation */
+ int valid_timestamps;
+
+ /* Receive and transmit timestamps from the last valid response */
+ NTP_int64 remote_ntp_rx;
+ NTP_int64 remote_ntp_tx;
+
+ /* Local timestamp when the last valid response was received from the
+ source. We have to be prepared to tinker with this if the local
+ clock has its frequency adjusted before we repond. The value we
+ store here is what our own local time was when the same arrived.
+ Before replying, we have to correct this to fit with the
+ parameters for the current reference. (It must be stored
+ relative to local time to permit frequency and offset adjustments
+ to be made when we trim the local clock). */
+ NTP_int64 local_ntp_rx;
+ NTP_Local_Timestamp local_rx;
+
+ /* Local timestamp when we last transmitted a packet to the source.
+ We store two versions. The first is in NTP format, and is used
+ to validate the next received packet from the source.
+ Additionally, this is corrected to bring it into line with the
+ current reference. The second is in timespec format, and is kept
+ relative to the local clock. We modify this in accordance with
+ local clock frequency/offset changes, and use this for computing
+ statistics about the source when a return packet arrives. */
+ NTP_int64 local_ntp_tx;
+ NTP_Local_Timestamp local_tx;
+
+ /* Previous values of some variables needed in interleaved mode */
+ NTP_Local_Timestamp prev_local_tx;
+ int prev_local_poll;
+ unsigned int prev_tx_count;
+
+ /* Flag indicating the two timestamps below were updated since the
+ last transmission */
+ int updated_init_timestamps;
+
+ /* Timestamps used for (re)starting the symmetric protocol, when we
+ need to respond to a packet which is not a valid response */
+ NTP_int64 init_remote_ntp_tx;
+ NTP_Local_Timestamp init_local_rx;
+
+ /* The instance record in the main source management module. This
+ performs the statistical analysis on the samples we generate */
+
+ SRC_Instance source;
+
+ /* Optional median filter for NTP measurements */
+ SPF_Instance filter;
+
+ int burst_good_samples_to_go;
+ int burst_total_samples_to_go;
+
+ /* Report from last valid response */
+ RPT_NTPReport report;
+};
+
+typedef struct {
+ NTP_Remote_Address addr;
+ NTP_Local_Address local_addr;
+ int interval;
+} BroadcastDestination;
+
+/* Array of BroadcastDestination */
+static ARR_Instance broadcasts;
+
+/* ================================================== */
+/* Initial delay period before first packet is transmitted (in seconds) */
+#define INITIAL_DELAY 0.2
+
+/* Spacing required between samples for any two servers/peers (to
+ minimise risk of network collisions) (in seconds) */
+#define MIN_SAMPLING_SEPARATION 0.002
+#define MAX_SAMPLING_SEPARATION 0.2
+
+/* Randomness added to spacing between samples for one server/peer */
+#define SAMPLING_RANDOMNESS 0.02
+
+/* Adjustment of the peer polling interval */
+#define PEER_SAMPLING_ADJ 1.1
+
+/* Maximum spacing between samples in the burst mode as an absolute
+ value and ratio to the normal polling interval */
+#define MAX_BURST_INTERVAL 2.0
+#define MAX_BURST_POLL_RATIO 0.25
+
+/* Number of samples in initial burst */
+#define IBURST_GOOD_SAMPLES 4
+#define IBURST_TOTAL_SAMPLES SOURCE_REACH_BITS
+
+/* Number of samples in automatic burst */
+#define BURST_GOOD_SAMPLES 1
+#define MAX_BURST_TOTAL_SAMPLES 4
+
+/* Time to wait after sending packet to 'warm up' link */
+#define WARM_UP_DELAY 2.0
+
+/* Compatible NTP protocol versions */
+#define NTP_MAX_COMPAT_VERSION NTP_VERSION
+#define NTP_MIN_COMPAT_VERSION 1
+
+/* Maximum allowed dispersion - as defined in RFC 5905 (16 seconds) */
+#define NTP_MAX_DISPERSION 16.0
+
+/* Invalid stratum number */
+#define NTP_INVALID_STRATUM 0
+
+/* Maximum allowed time for server to process client packet */
+#define MAX_SERVER_INTERVAL 4.0
+
+/* Maximum acceptable delay in transmission for timestamp correction */
+#define MAX_TX_DELAY 1.0
+
+/* Maximum allowed values of maxdelay parameters */
+#define MAX_MAXDELAY 1.0e3
+#define MAX_MAXDELAYRATIO 1.0e6
+#define MAX_MAXDELAYDEVRATIO 1.0e6
+
+/* Minimum and maximum allowed poll interval */
+#define MIN_POLL -6
+#define MAX_POLL 24
+
+/* Enable sub-second polling intervals only when the peer delay is not
+ longer than 10 milliseconds to restrict them to local networks */
+#define MIN_NONLAN_POLL 0
+#define MAX_LAN_PEER_DELAY 0.01
+
+/* Kiss-o'-Death codes */
+#define KOD_RATE 0x52415445UL /* RATE */
+
+/* Maximum poll interval set by KoD RATE */
+#define MAX_KOD_RATE_POLL SRC_DEFAULT_MAXPOLL
+
+/* Maximum number of missed responses to accept samples using old timestamps
+ in the interleaved client/server mode */
+#define MAX_CLIENT_INTERLEAVED_TX 4
+
+/* Maximum ratio of local intervals in the timestamp selection of the
+ interleaved mode to prefer a sample using previous timestamps */
+#define MAX_INTERLEAVED_L2L_RATIO 0.1
+
+/* Invalid socket, different from the one in ntp_io.c */
+#define INVALID_SOCK_FD -2
+
+/* ================================================== */
+
+/* Server IPv4/IPv6 sockets */
+static int server_sock_fd4;
+static int server_sock_fd6;
+
+static ADF_AuthTable access_auth_table;
+
+/* Characters for printing synchronisation status and timestamping source */
+static const char leap_chars[4] = {'N', '+', '-', '?'};
+static const char tss_chars[3] = {'D', 'K', 'H'};
+
+/* ================================================== */
+/* Forward prototypes */
+
+static void transmit_timeout(void *arg);
+static double get_transmit_delay(NCR_Instance inst, int on_tx, double last_tx);
+static double get_separation(int poll);
+
+/* ================================================== */
+
+static void
+do_size_checks(void)
+{
+ /* Assertions to check the sizes of certain data types
+ and the positions of certain record fields */
+
+ /* Check that certain invariants are true */
+ assert(sizeof(NTP_int32) == 4);
+ assert(sizeof(NTP_int64) == 8);
+
+ /* Check offsets of all fields in the NTP packet format */
+ assert(offsetof(NTP_Packet, lvm) == 0);
+ assert(offsetof(NTP_Packet, stratum) == 1);
+ assert(offsetof(NTP_Packet, poll) == 2);
+ assert(offsetof(NTP_Packet, precision) == 3);
+ assert(offsetof(NTP_Packet, root_delay) == 4);
+ assert(offsetof(NTP_Packet, root_dispersion) == 8);
+ assert(offsetof(NTP_Packet, reference_id) == 12);
+ assert(offsetof(NTP_Packet, reference_ts) == 16);
+ assert(offsetof(NTP_Packet, originate_ts) == 24);
+ assert(offsetof(NTP_Packet, receive_ts) == 32);
+ assert(offsetof(NTP_Packet, transmit_ts) == 40);
+}
+
+/* ================================================== */
+
+static void
+do_time_checks(void)
+{
+ struct timespec now;
+ time_t warning_advance = 3600 * 24 * 365 * 10; /* 10 years */
+
+#ifdef HAVE_LONG_TIME_T
+ /* Check that time before NTP_ERA_SPLIT underflows correctly */
+
+ struct timespec ts1 = {NTP_ERA_SPLIT, 1}, ts2 = {NTP_ERA_SPLIT - 1, 1};
+ NTP_int64 nts1, nts2;
+ int r;
+
+ UTI_TimespecToNtp64(&ts1, &nts1, NULL);
+ UTI_TimespecToNtp64(&ts2, &nts2, NULL);
+ UTI_Ntp64ToTimespec(&nts1, &ts1);
+ UTI_Ntp64ToTimespec(&nts2, &ts2);
+
+ r = ts1.tv_sec == NTP_ERA_SPLIT &&
+ ts1.tv_sec + (1ULL << 32) - 1 == ts2.tv_sec;
+
+ assert(r);
+
+ LCL_ReadRawTime(&now);
+ if (ts2.tv_sec - now.tv_sec < warning_advance)
+ LOG(LOGS_WARN, "Assumed NTP time ends at %s!", UTI_TimeToLogForm(ts2.tv_sec));
+#else
+ LCL_ReadRawTime(&now);
+ if (now.tv_sec > 0x7fffffff - warning_advance)
+ LOG(LOGS_WARN, "System time ends at %s!", UTI_TimeToLogForm(0x7fffffff));
+#endif
+}
+
+/* ================================================== */
+
+static void
+zero_local_timestamp(NTP_Local_Timestamp *ts)
+{
+ UTI_ZeroTimespec(&ts->ts);
+ ts->err = 0.0;
+ ts->source = NTP_TS_DAEMON;
+}
+
+/* ================================================== */
+
+void
+NCR_Initialise(void)
+{
+ do_size_checks();
+ do_time_checks();
+
+ logfileid = CNF_GetLogMeasurements(&log_raw_measurements) ? LOG_FileOpen("measurements",
+ " Date (UTC) Time IP Address L St 123 567 ABCD LP RP Score Offset Peer del. Peer disp. Root del. Root disp. Refid MTxRx")
+ : -1;
+
+ access_auth_table = ADF_CreateTable();
+ broadcasts = ARR_CreateInstance(sizeof (BroadcastDestination));
+
+ /* Server socket will be opened when access is allowed */
+ server_sock_fd4 = INVALID_SOCK_FD;
+ server_sock_fd6 = INVALID_SOCK_FD;
+}
+
+/* ================================================== */
+
+void
+NCR_Finalise(void)
+{
+ unsigned int i;
+
+ if (server_sock_fd4 != INVALID_SOCK_FD)
+ NIO_CloseServerSocket(server_sock_fd4);
+ if (server_sock_fd6 != INVALID_SOCK_FD)
+ NIO_CloseServerSocket(server_sock_fd6);
+
+ for (i = 0; i < ARR_GetSize(broadcasts); i++)
+ NIO_CloseServerSocket(((BroadcastDestination *)ARR_GetElement(broadcasts, i))->local_addr.sock_fd);
+
+ ARR_DestroyInstance(broadcasts);
+ ADF_DestroyTable(access_auth_table);
+}
+
+/* ================================================== */
+
+static void
+restart_timeout(NCR_Instance inst, double delay)
+{
+ /* Check if we can transmit */
+ if (inst->tx_suspended) {
+ assert(!inst->tx_timeout_id);
+ return;
+ }
+
+ /* Stop both rx and tx timers if running */
+ SCH_RemoveTimeout(inst->rx_timeout_id);
+ inst->rx_timeout_id = 0;
+ SCH_RemoveTimeout(inst->tx_timeout_id);
+
+ /* Start new timer for transmission */
+ inst->tx_timeout_id = SCH_AddTimeoutInClass(delay, get_separation(inst->local_poll),
+ SAMPLING_RANDOMNESS,
+ inst->mode == MODE_CLIENT ?
+ SCH_NtpClientClass : SCH_NtpPeerClass,
+ transmit_timeout, (void *)inst);
+}
+
+/* ================================================== */
+
+static void
+start_initial_timeout(NCR_Instance inst)
+{
+ double delay, last_tx;
+ struct timespec now;
+
+ if (!inst->tx_timeout_id) {
+ /* This will be the first transmission after mode change */
+
+ /* Mark source active */
+ SRC_SetActive(inst->source);
+ }
+
+ /* In case the offline period was too short, adjust the delay to keep
+ the interval between packets at least as long as the current polling
+ interval */
+ SCH_GetLastEventTime(&now, NULL, NULL);
+ last_tx = UTI_DiffTimespecsToDouble(&now, &inst->local_tx.ts);
+ if (last_tx < 0.0)
+ last_tx = 0.0;
+ delay = get_transmit_delay(inst, 0, 0.0) - last_tx;
+ if (delay < INITIAL_DELAY)
+ delay = INITIAL_DELAY;
+
+ restart_timeout(inst, delay);
+}
+
+/* ================================================== */
+
+static void
+close_client_socket(NCR_Instance inst)
+{
+ if (inst->mode == MODE_CLIENT && inst->local_addr.sock_fd != INVALID_SOCK_FD) {
+ NIO_CloseClientSocket(inst->local_addr.sock_fd);
+ inst->local_addr.sock_fd = INVALID_SOCK_FD;
+ }
+
+ SCH_RemoveTimeout(inst->rx_timeout_id);
+ inst->rx_timeout_id = 0;
+}
+
+/* ================================================== */
+
+static void
+take_offline(NCR_Instance inst)
+{
+ inst->opmode = MD_OFFLINE;
+
+ SCH_RemoveTimeout(inst->tx_timeout_id);
+ inst->tx_timeout_id = 0;
+
+ /* Mark source unreachable */
+ SRC_ResetReachability(inst->source);
+
+ /* And inactive */
+ SRC_UnsetActive(inst->source);
+
+ close_client_socket(inst);
+
+ NCR_ResetInstance(inst);
+}
+
+/* ================================================== */
+
+NCR_Instance
+NCR_GetInstance(NTP_Remote_Address *remote_addr, NTP_Source_Type type, SourceParameters *params)
+{
+ NCR_Instance result;
+
+ result = MallocNew(struct NCR_Instance_Record);
+
+ result->remote_addr = *remote_addr;
+ result->local_addr.ip_addr.family = IPADDR_UNSPEC;
+ result->local_addr.if_index = INVALID_IF_INDEX;
+
+ switch (type) {
+ case NTP_SERVER:
+ /* Client socket will be obtained when sending request */
+ result->local_addr.sock_fd = INVALID_SOCK_FD;
+ result->mode = MODE_CLIENT;
+ break;
+ case NTP_PEER:
+ result->local_addr.sock_fd = NIO_OpenServerSocket(remote_addr);
+ result->mode = MODE_ACTIVE;
+ break;
+ default:
+ assert(0);
+ }
+
+ result->interleaved = params->interleaved;
+
+ result->minpoll = params->minpoll;
+ if (result->minpoll < MIN_POLL)
+ result->minpoll = SRC_DEFAULT_MINPOLL;
+ else if (result->minpoll > MAX_POLL)
+ result->minpoll = MAX_POLL;
+
+ result->maxpoll = params->maxpoll;
+ if (result->maxpoll < MIN_POLL)
+ result->maxpoll = SRC_DEFAULT_MAXPOLL;
+ else if (result->maxpoll > MAX_POLL)
+ result->maxpoll = MAX_POLL;
+ if (result->maxpoll < result->minpoll)
+ result->maxpoll = result->minpoll;
+
+ result->min_stratum = params->min_stratum;
+ if (result->min_stratum >= NTP_MAX_STRATUM)
+ result->min_stratum = NTP_MAX_STRATUM - 1;
+
+ /* Presend doesn't work in symmetric mode */
+ result->presend_minpoll = params->presend_minpoll;
+ if (result->presend_minpoll <= MAX_POLL && result->mode != MODE_CLIENT)
+ result->presend_minpoll = MAX_POLL + 1;
+
+ result->max_delay = CLAMP(0.0, params->max_delay, MAX_MAXDELAY);
+ result->max_delay_ratio = CLAMP(0.0, params->max_delay_ratio, MAX_MAXDELAYRATIO);
+ result->max_delay_dev_ratio = CLAMP(0.0, params->max_delay_dev_ratio, MAX_MAXDELAYDEVRATIO);
+ result->offset_correction = params->offset;
+ result->auto_burst = params->burst;
+ result->auto_offline = params->auto_offline;
+ result->poll_target = params->poll_target;
+
+ result->version = NTP_VERSION;
+
+ if (params->authkey == INACTIVE_AUTHKEY) {
+ result->auth_mode = AUTH_NONE;
+ result->auth_key_id = 0;
+ } else {
+ result->auth_mode = AUTH_SYMMETRIC;
+ result->auth_key_id = params->authkey;
+ if (!KEY_KeyKnown(result->auth_key_id)) {
+ LOG(LOGS_WARN, "Key %"PRIu32" used by source %s is %s",
+ result->auth_key_id, UTI_IPToString(&result->remote_addr.ip_addr),
+ "missing");
+ } else if (!KEY_CheckKeyLength(result->auth_key_id)) {
+ LOG(LOGS_WARN, "Key %"PRIu32" used by source %s is %s",
+ result->auth_key_id, UTI_IPToString(&result->remote_addr.ip_addr),
+ "too short");
+ }
+
+ /* If the MAC in NTPv4 packets would be truncated, use version 3 by
+ default for compatibility with older chronyd servers */
+ if (KEY_GetAuthLength(result->auth_key_id) + 4 > NTP_MAX_V4_MAC_LENGTH)
+ result->version = 3;
+ }
+
+ if (params->version)
+ result->version = CLAMP(NTP_MIN_COMPAT_VERSION, params->version, NTP_VERSION);
+
+ /* Create a source instance for this NTP source */
+ result->source = SRC_CreateNewInstance(UTI_IPToRefid(&remote_addr->ip_addr),
+ SRC_NTP, params->sel_options,
+ &result->remote_addr.ip_addr,
+ params->min_samples, params->max_samples,
+ params->min_delay, params->asymmetry);
+
+ if (params->filter_length >= 1)
+ result->filter = SPF_CreateInstance(params->filter_length, params->filter_length,
+ NTP_MAX_DISPERSION, 0.0);
+ else
+ result->filter = NULL;
+
+ result->rx_timeout_id = 0;
+ result->tx_timeout_id = 0;
+ result->tx_suspended = 1;
+ result->opmode = params->connectivity == SRC_ONLINE ||
+ (params->connectivity == SRC_MAYBE_ONLINE &&
+ NIO_IsServerConnectable(remote_addr)) ? MD_ONLINE : MD_OFFLINE;
+ result->local_poll = result->minpoll;
+ result->poll_score = 0.0;
+ zero_local_timestamp(&result->local_tx);
+ result->burst_good_samples_to_go = 0;
+ result->burst_total_samples_to_go = 0;
+ memset(&result->report, 0, sizeof (result->report));
+
+ NCR_ResetInstance(result);
+
+ if (params->iburst) {
+ NCR_InitiateSampleBurst(result, IBURST_GOOD_SAMPLES, IBURST_TOTAL_SAMPLES);
+ }
+
+ return result;
+}
+
+/* ================================================== */
+
+/* Destroy an instance */
+void
+NCR_DestroyInstance(NCR_Instance instance)
+{
+ if (instance->opmode != MD_OFFLINE)
+ take_offline(instance);
+
+ if (instance->mode == MODE_ACTIVE)
+ NIO_CloseServerSocket(instance->local_addr.sock_fd);
+
+ if (instance->filter)
+ SPF_DestroyInstance(instance->filter);
+
+ /* This will destroy the source instance inside the
+ structure, which will cause reselection if this was the
+ synchronising source etc. */
+ SRC_DestroyInstance(instance->source);
+
+ /* Free the data structure */
+ Free(instance);
+}
+
+/* ================================================== */
+
+void
+NCR_StartInstance(NCR_Instance instance)
+{
+ instance->tx_suspended = 0;
+ if (instance->opmode != MD_OFFLINE)
+ start_initial_timeout(instance);
+}
+
+/* ================================================== */
+
+void
+NCR_ResetInstance(NCR_Instance instance)
+{
+ instance->tx_count = 0;
+ instance->presend_done = 0;
+
+ instance->remote_poll = 0;
+ instance->remote_stratum = 0;
+
+ instance->valid_rx = 0;
+ instance->valid_timestamps = 0;
+ UTI_ZeroNtp64(&instance->remote_ntp_rx);
+ UTI_ZeroNtp64(&instance->remote_ntp_tx);
+ UTI_ZeroNtp64(&instance->local_ntp_rx);
+ UTI_ZeroNtp64(&instance->local_ntp_tx);
+ zero_local_timestamp(&instance->local_rx);
+
+ zero_local_timestamp(&instance->prev_local_tx);
+ instance->prev_local_poll = 0;
+ instance->prev_tx_count = 0;
+
+ instance->updated_init_timestamps = 0;
+ UTI_ZeroNtp64(&instance->init_remote_ntp_tx);
+ zero_local_timestamp(&instance->init_local_rx);
+
+ if (instance->filter)
+ SPF_DropSamples(instance->filter);
+}
+
+/* ================================================== */
+
+void
+NCR_ResetPoll(NCR_Instance instance)
+{
+ if (instance->local_poll != instance->minpoll) {
+ instance->local_poll = instance->minpoll;
+
+ /* The timer was set with a longer poll interval, restart it */
+ if (instance->tx_timeout_id)
+ restart_timeout(instance, get_transmit_delay(instance, 0, 0.0));
+ }
+}
+
+/* ================================================== */
+
+void
+NCR_ChangeRemoteAddress(NCR_Instance inst, NTP_Remote_Address *remote_addr)
+{
+ memset(&inst->report, 0, sizeof (inst->report));
+ NCR_ResetInstance(inst);
+ inst->remote_addr = *remote_addr;
+
+ if (inst->mode == MODE_CLIENT)
+ close_client_socket(inst);
+ else {
+ NIO_CloseServerSocket(inst->local_addr.sock_fd);
+ inst->local_addr.ip_addr.family = IPADDR_UNSPEC;
+ inst->local_addr.if_index = INVALID_IF_INDEX;
+ inst->local_addr.sock_fd = NIO_OpenServerSocket(remote_addr);
+ }
+
+ /* Update the reference ID and reset the source/sourcestats instances */
+ SRC_SetRefid(inst->source, UTI_IPToRefid(&remote_addr->ip_addr),
+ &inst->remote_addr.ip_addr);
+ SRC_ResetInstance(inst->source);
+}
+
+/* ================================================== */
+
+static void
+adjust_poll(NCR_Instance inst, double adj)
+{
+ inst->poll_score += adj;
+
+ if (inst->poll_score >= 1.0) {
+ inst->local_poll += (int)inst->poll_score;
+ inst->poll_score -= (int)inst->poll_score;
+ }
+
+ if (inst->poll_score < 0.0) {
+ inst->local_poll += (int)(inst->poll_score - 1.0);
+ inst->poll_score -= (int)(inst->poll_score - 1.0);
+ }
+
+ /* Clamp polling interval to defined range */
+ if (inst->local_poll < inst->minpoll) {
+ inst->local_poll = inst->minpoll;
+ inst->poll_score = 0;
+ } else if (inst->local_poll > inst->maxpoll) {
+ inst->local_poll = inst->maxpoll;
+ inst->poll_score = 1.0;
+ }
+
+ /* Don't allow a sub-second polling interval if the source is not reachable
+ or it is not in a local network according to the measured delay */
+ if (inst->local_poll < MIN_NONLAN_POLL &&
+ (!SRC_IsReachable(inst->source) ||
+ SST_MinRoundTripDelay(SRC_GetSourcestats(inst->source)) > MAX_LAN_PEER_DELAY))
+ inst->local_poll = MIN_NONLAN_POLL;
+}
+
+/* ================================================== */
+
+static double
+get_poll_adj(NCR_Instance inst, double error_in_estimate, double peer_distance)
+{
+ double poll_adj;
+ int samples;
+
+ if (error_in_estimate > peer_distance) {
+ /* If the prediction is not even within +/- the peer distance of the peer,
+ we are clearly not tracking the peer at all well, so we back off the
+ sampling rate depending on just how bad the situation is */
+ poll_adj = -log(error_in_estimate / peer_distance) / log(2.0);
+ } else {
+ samples = SST_Samples(SRC_GetSourcestats(inst->source));
+
+ /* Adjust polling interval so that the number of sourcestats samples
+ remains close to the target value */
+ poll_adj = ((double)samples / inst->poll_target - 1.0) / inst->poll_target;
+
+ /* Make interval shortening quicker */
+ if (samples < inst->poll_target) {
+ poll_adj *= 2.0;
+ }
+ }
+
+ return poll_adj;
+}
+
+/* ================================================== */
+
+static int
+get_transmit_poll(NCR_Instance inst)
+{
+ int poll;
+
+ poll = inst->local_poll;
+
+ /* In symmetric mode, if the peer is responding, use shorter of the local
+ and remote poll interval, but not shorter than the minimum */
+ if (inst->mode == MODE_ACTIVE && poll > inst->remote_poll &&
+ SRC_IsReachable(inst->source))
+ poll = MAX(inst->remote_poll, inst->minpoll);
+
+ return poll;
+}
+
+/* ================================================== */
+
+static double
+get_transmit_delay(NCR_Instance inst, int on_tx, double last_tx)
+{
+ int poll_to_use, stratum_diff;
+ double delay_time;
+
+ /* If we're in burst mode, queue for immediate dispatch.
+
+ If we're operating in client/server mode, queue the timeout for
+ the poll interval hence. The fact that a timeout has been queued
+ in the transmit handler is immaterial - that is only done so that
+ we at least send something, if no reply is heard.
+
+ If we're in symmetric mode, we have to take account of the peer's
+ wishes, otherwise his sampling regime will fall to pieces. If
+ we're in client/server mode, we don't care what poll interval the
+ server responded with last time. */
+
+ poll_to_use = get_transmit_poll(inst);
+ delay_time = UTI_Log2ToDouble(poll_to_use);
+
+ switch (inst->opmode) {
+ case MD_OFFLINE:
+ assert(0);
+ break;
+ case MD_ONLINE:
+ switch(inst->mode) {
+ case MODE_CLIENT:
+ if (inst->presend_done)
+ delay_time = WARM_UP_DELAY;
+ break;
+
+ case MODE_ACTIVE:
+ /* If the remote stratum is higher than ours, wait a bit for the next
+ packet before responding in order to minimize the delay of the
+ measurement and its error for the peer which has higher stratum.
+ If the remote stratum is equal to ours, try to interleave packets
+ evenly with the peer. */
+ stratum_diff = inst->remote_stratum - REF_GetOurStratum();
+ if ((stratum_diff > 0 && last_tx * PEER_SAMPLING_ADJ < delay_time) ||
+ (!on_tx && !stratum_diff &&
+ last_tx / delay_time > PEER_SAMPLING_ADJ - 0.5))
+ delay_time *= PEER_SAMPLING_ADJ;
+
+ /* Substract the already spend time */
+ if (last_tx > 0.0)
+ delay_time -= last_tx;
+ if (delay_time < 0.0)
+ delay_time = 0.0;
+
+ break;
+ default:
+ assert(0);
+ break;
+ }
+ break;
+
+ case MD_BURST_WAS_ONLINE:
+ case MD_BURST_WAS_OFFLINE:
+ /* Burst modes */
+ delay_time = MIN(MAX_BURST_INTERVAL, MAX_BURST_POLL_RATIO * delay_time);
+ break;
+ default:
+ assert(0);
+ break;
+ }
+
+ return delay_time;
+}
+
+/* ================================================== */
+/* Calculate sampling separation for given polling interval */
+
+static double
+get_separation(int poll)
+{
+ double separation;
+
+ assert(poll >= MIN_POLL && poll <= MAX_POLL);
+
+ /* Allow up to 8 sources using the same short interval to not be limited
+ by the separation */
+ separation = UTI_Log2ToDouble(poll - 3);
+
+ return CLAMP(MIN_SAMPLING_SEPARATION, separation, MAX_SAMPLING_SEPARATION);
+}
+
+/* ================================================== */
+/* Timeout handler for closing the client socket when no acceptable
+ reply can be received from the server */
+
+static void
+receive_timeout(void *arg)
+{
+ NCR_Instance inst = (NCR_Instance)arg;
+
+ DEBUG_LOG("Receive timeout for [%s:%d]",
+ UTI_IPToString(&inst->remote_addr.ip_addr), inst->remote_addr.port);
+
+ inst->rx_timeout_id = 0;
+ close_client_socket(inst);
+}
+
+/* ================================================== */
+
+static int
+transmit_packet(NTP_Mode my_mode, /* The mode this machine wants to be */
+ int interleaved, /* Flag enabling interleaved mode */
+ int my_poll, /* The log2 of the local poll interval */
+ int version, /* The NTP version to be set in the packet */
+ int auth_mode, /* The authentication mode */
+ uint32_t key_id, /* The authentication key ID */
+ NTP_int64 *remote_ntp_rx, /* The receive timestamp from received packet */
+ NTP_int64 *remote_ntp_tx, /* The transmit timestamp from received packet */
+ NTP_Local_Timestamp *local_rx, /* The RX time of the received packet */
+ NTP_Local_Timestamp *local_tx, /* The TX time of the previous packet
+ RESULT : TX time of this packet */
+ NTP_int64 *local_ntp_rx, /* The receive timestamp from the previous packet
+ RESULT : receive timestamp from this packet */
+ NTP_int64 *local_ntp_tx, /* The transmit timestamp from the previous packet
+ RESULT : transmit timestamp from this packet */
+ NTP_Remote_Address *where_to, /* Where to address the reponse to */
+ NTP_Local_Address *from /* From what address to send it */
+ )
+{
+ NTP_Packet message;
+ int auth_len, max_auth_len, length, ret, precision;
+ struct timespec local_receive, local_transmit;
+ double smooth_offset, local_transmit_err;
+ NTP_int64 ts_fuzz;
+
+ /* Parameters read from reference module */
+ int are_we_synchronised, our_stratum, smooth_time;
+ NTP_Leap leap_status;
+ uint32_t our_ref_id;
+ struct timespec our_ref_time;
+ double our_root_delay, our_root_dispersion;
+
+ /* Don't reply with version higher than ours */
+ if (version > NTP_VERSION) {
+ version = NTP_VERSION;
+ }
+
+ /* Check if the packet can be formed in the interleaved mode */
+ if (interleaved && (!remote_ntp_rx || !local_tx || UTI_IsZeroTimespec(&local_tx->ts)))
+ interleaved = 0;
+
+ smooth_time = 0;
+ smooth_offset = 0.0;
+
+ if (my_mode == MODE_CLIENT) {
+ /* Don't reveal local time or state of the clock in client packets */
+ precision = 32;
+ leap_status = our_stratum = our_ref_id = 0;
+ our_root_delay = our_root_dispersion = 0.0;
+ UTI_ZeroTimespec(&our_ref_time);
+ } else {
+ /* This is accurate enough and cheaper than calling LCL_ReadCookedTime.
+ A more accurate timestamp will be taken later in this function. */
+ SCH_GetLastEventTime(&local_transmit, NULL, NULL);
+
+ REF_GetReferenceParams(&local_transmit,
+ &are_we_synchronised, &leap_status,
+ &our_stratum,
+ &our_ref_id, &our_ref_time,
+ &our_root_delay, &our_root_dispersion);
+
+ /* Get current smoothing offset when sending packet to a client */
+ if (SMT_IsEnabled() && (my_mode == MODE_SERVER || my_mode == MODE_BROADCAST)) {
+ smooth_offset = SMT_GetOffset(&local_transmit);
+ smooth_time = fabs(smooth_offset) > LCL_GetSysPrecisionAsQuantum();
+
+ /* Suppress leap second when smoothing and slew mode are enabled */
+ if (REF_GetLeapMode() == REF_LeapModeSlew &&
+ (leap_status == LEAP_InsertSecond || leap_status == LEAP_DeleteSecond))
+ leap_status = LEAP_Normal;
+ }
+
+ precision = LCL_GetSysPrecisionAsLog();
+ }
+
+ if (smooth_time && !UTI_IsZeroTimespec(&local_rx->ts)) {
+ our_ref_id = NTP_REFID_SMOOTH;
+ UTI_AddDoubleToTimespec(&our_ref_time, smooth_offset, &our_ref_time);
+ UTI_AddDoubleToTimespec(&local_rx->ts, smooth_offset, &local_receive);
+ } else {
+ local_receive = local_rx->ts;
+ }
+
+ /* Generate transmit packet */
+ message.lvm = NTP_LVM(leap_status, version, my_mode);
+ /* Stratum 16 and larger are invalid */
+ if (our_stratum < NTP_MAX_STRATUM) {
+ message.stratum = our_stratum;
+ } else {
+ message.stratum = NTP_INVALID_STRATUM;
+ }
+
+ message.poll = my_poll;
+ message.precision = precision;
+
+ /* If we're sending a client mode packet and we aren't synchronized yet,
+ we might have to set up artificial values for some of these parameters */
+ message.root_delay = UTI_DoubleToNtp32(our_root_delay);
+ message.root_dispersion = UTI_DoubleToNtp32(our_root_dispersion);
+
+ message.reference_id = htonl(our_ref_id);
+
+ /* Now fill in timestamps */
+
+ UTI_TimespecToNtp64(&our_ref_time, &message.reference_ts, NULL);
+
+ /* Don't reveal timestamps which are not necessary for the protocol */
+
+ if (my_mode != MODE_CLIENT || interleaved) {
+ /* Originate - this comes from the last packet the source sent us */
+ message.originate_ts = interleaved ? *remote_ntp_rx : *remote_ntp_tx;
+
+ do {
+ /* Prepare random bits which will be added to the receive timestamp */
+ UTI_GetNtp64Fuzz(&ts_fuzz, precision);
+
+ /* Receive - this is when we received the last packet from the source.
+ This timestamp will have been adjusted so that it will now look to
+ the source like we have been running on our latest estimate of
+ frequency all along */
+ UTI_TimespecToNtp64(&local_receive, &message.receive_ts, &ts_fuzz);
+
+ /* Do not send a packet with a non-zero receive timestamp equal to the
+ originate timestamp or previous receive timestamp */
+ } while (!UTI_IsZeroNtp64(&message.receive_ts) &&
+ UTI_IsEqualAnyNtp64(&message.receive_ts, &message.originate_ts,
+ local_ntp_rx, NULL));
+ } else {
+ UTI_ZeroNtp64(&message.originate_ts);
+ UTI_ZeroNtp64(&message.receive_ts);
+ }
+
+ do {
+ /* Prepare random bits which will be added to the transmit timestamp */
+ UTI_GetNtp64Fuzz(&ts_fuzz, precision);
+
+ /* Transmit - this our local time right now! Also, we might need to
+ store this for our own use later, next time we receive a message
+ from the source we're sending to now. */
+ LCL_ReadCookedTime(&local_transmit, &local_transmit_err);
+
+ if (smooth_time)
+ UTI_AddDoubleToTimespec(&local_transmit, smooth_offset, &local_transmit);
+
+ length = NTP_NORMAL_PACKET_LENGTH;
+
+ /* Authenticate the packet */
+
+ if (auth_mode == AUTH_SYMMETRIC || auth_mode == AUTH_MSSNTP) {
+ /* Pre-compensate the transmit time by approximately how long it will
+ take to generate the authentication data */
+ local_transmit.tv_nsec += auth_mode == AUTH_SYMMETRIC ?
+ KEY_GetAuthDelay(key_id) : NSD_GetAuthDelay(key_id);
+ UTI_NormaliseTimespec(&local_transmit);
+ UTI_TimespecToNtp64(interleaved ? &local_tx->ts : &local_transmit,
+ &message.transmit_ts, &ts_fuzz);
+
+ if (auth_mode == AUTH_SYMMETRIC) {
+ /* Truncate long MACs in NTPv4 packets to allow deterministic parsing
+ of extension fields (RFC 7822) */
+ max_auth_len = version == 4 ?
+ NTP_MAX_V4_MAC_LENGTH - 4 : sizeof (message.auth_data);
+
+ auth_len = KEY_GenerateAuth(key_id, (unsigned char *) &message,
+ offsetof(NTP_Packet, auth_keyid),
+ (unsigned char *)&message.auth_data, max_auth_len);
+ if (!auth_len) {
+ DEBUG_LOG("Could not generate auth data with key %"PRIu32, key_id);
+ return 0;
+ }
+
+ message.auth_keyid = htonl(key_id);
+ length += sizeof (message.auth_keyid) + auth_len;
+ } else if (auth_mode == AUTH_MSSNTP) {
+ /* MS-SNTP packets are signed (asynchronously) by ntp_signd */
+ return NSD_SignAndSendPacket(key_id, &message, where_to, from, length);
+ }
+ } else {
+ UTI_TimespecToNtp64(interleaved ? &local_tx->ts : &local_transmit,
+ &message.transmit_ts, &ts_fuzz);
+ }
+
+ /* Do not send a packet with a non-zero transmit timestamp which is
+ equal to any of the following timestamps:
+ - receive (to allow reliable detection of the interleaved mode)
+ - originate (to prevent the packet from being its own valid response
+ in the symmetric mode)
+ - previous transmit (to invalidate responses to the previous packet)
+ (the precision must be at least -30 to prevent an infinite loop!) */
+ } while (!UTI_IsZeroNtp64(&message.transmit_ts) &&
+ UTI_IsEqualAnyNtp64(&message.transmit_ts, &message.receive_ts,
+ &message.originate_ts, local_ntp_tx));
+
+ ret = NIO_SendPacket(&message, where_to, from, length, local_tx != NULL);
+
+ if (local_tx) {
+ local_tx->ts = local_transmit;
+ local_tx->err = local_transmit_err;
+ local_tx->source = NTP_TS_DAEMON;
+ }
+
+ if (local_ntp_rx)
+ *local_ntp_rx = message.receive_ts;
+ if (local_ntp_tx)
+ *local_ntp_tx = message.transmit_ts;
+
+ return ret;
+}
+
+/* ================================================== */
+/* Timeout handler for transmitting to a source. */
+
+static void
+transmit_timeout(void *arg)
+{
+ NCR_Instance inst = (NCR_Instance) arg;
+ NTP_Local_Address local_addr;
+ int interleaved, initial, sent;
+
+ inst->tx_timeout_id = 0;
+
+ switch (inst->opmode) {
+ case MD_BURST_WAS_ONLINE:
+ /* With online burst switch to online before last packet */
+ if (inst->burst_total_samples_to_go <= 1)
+ inst->opmode = MD_ONLINE;
+ break;
+ case MD_BURST_WAS_OFFLINE:
+ if (inst->burst_total_samples_to_go <= 0)
+ take_offline(inst);
+ break;
+ case MD_ONLINE:
+ /* Start a new burst if the burst option is enabled and the average
+ polling interval including the burst will not fall below the
+ minimum polling interval */
+ if (inst->auto_burst && inst->local_poll > inst->minpoll)
+ NCR_InitiateSampleBurst(inst, BURST_GOOD_SAMPLES,
+ MIN(1 << (inst->local_poll - inst->minpoll),
+ MAX_BURST_TOTAL_SAMPLES));
+ break;
+ default:
+ break;
+ }
+
+ if (inst->opmode == MD_OFFLINE) {
+ return;
+ }
+
+ DEBUG_LOG("Transmit timeout for [%s:%d]",
+ UTI_IPToString(&inst->remote_addr.ip_addr), inst->remote_addr.port);
+
+ /* Open new client socket */
+ if (inst->mode == MODE_CLIENT) {
+ close_client_socket(inst);
+ assert(inst->local_addr.sock_fd == INVALID_SOCK_FD);
+ inst->local_addr.sock_fd = NIO_OpenClientSocket(&inst->remote_addr);
+ }
+
+ /* Don't require the packet to be sent from the same address as before */
+ local_addr.ip_addr.family = IPADDR_UNSPEC;
+ local_addr.if_index = INVALID_IF_INDEX;
+ local_addr.sock_fd = inst->local_addr.sock_fd;
+
+ /* In symmetric mode, don't send a packet in interleaved mode unless it
+ is the first response to the last valid request received from the peer
+ and there was just one response to the previous valid request. This
+ prevents the peer from matching the transmit timestamp with an older
+ response if it can't detect missed responses. In client mode, which has
+ at most one response per request, check how many responses are missing to
+ prevent the server from responding with a very old transmit timestamp. */
+ interleaved = inst->interleaved &&
+ ((inst->mode == MODE_CLIENT &&
+ inst->tx_count < MAX_CLIENT_INTERLEAVED_TX) ||
+ (inst->mode == MODE_ACTIVE &&
+ inst->prev_tx_count == 1 && inst->tx_count == 0));
+
+ /* In symmetric mode, if no valid response was received since the previous
+ transmission, respond to the last received packet even if it failed some
+ specific NTP tests. This is necessary for starting and restarting the
+ protocol, e.g. when a packet was lost. */
+ initial = inst->mode == MODE_ACTIVE && !inst->valid_rx &&
+ !UTI_IsZeroNtp64(&inst->init_remote_ntp_tx);
+
+ /* Prepare for the response */
+ inst->valid_rx = 0;
+ inst->updated_init_timestamps = 0;
+ if (initial)
+ inst->valid_timestamps = 0;
+
+ /* Check whether we need to 'warm up' the link to the other end by
+ sending an NTP exchange to ensure both ends' ARP caches are
+ primed or whether we need to send two packets first to ensure a
+ server in the interleaved mode has a fresh timestamp for us. */
+ if (inst->presend_minpoll <= inst->local_poll && !inst->presend_done &&
+ !inst->burst_total_samples_to_go) {
+ inst->presend_done = interleaved ? 2 : 1;
+ } else if (inst->presend_done > 0) {
+ inst->presend_done--;
+ }
+
+ /* Send the request (which may also be a response in the symmetric mode) */
+ sent = transmit_packet(inst->mode, interleaved, inst->local_poll, inst->version,
+ inst->auth_mode, inst->auth_key_id,
+ initial ? NULL : &inst->remote_ntp_rx,
+ initial ? &inst->init_remote_ntp_tx : &inst->remote_ntp_tx,
+ initial ? &inst->init_local_rx : &inst->local_rx,
+ &inst->local_tx, &inst->local_ntp_rx, &inst->local_ntp_tx,
+ &inst->remote_addr, &local_addr);
+
+ ++inst->tx_count;
+ if (sent)
+ inst->report.total_tx_count++;
+
+ /* If the source loses connectivity and our packets are still being sent,
+ back off the sampling rate to reduce the network traffic. If it's the
+ source to which we are currently locked, back off slowly. */
+
+ if (inst->tx_count >= 2) {
+ /* Implies we have missed at least one transmission */
+
+ if (sent) {
+ adjust_poll(inst, SRC_IsSyncPeer(inst->source) ? 0.1 : 0.25);
+ }
+
+ SRC_UpdateReachability(inst->source, 0);
+ }
+
+ /* With auto_offline take the source offline if sending failed */
+ if (!sent && inst->auto_offline)
+ NCR_SetConnectivity(inst, SRC_OFFLINE);
+
+ switch (inst->opmode) {
+ case MD_BURST_WAS_ONLINE:
+ /* When not reachable, don't stop online burst until sending succeeds */
+ if (!sent && !SRC_IsReachable(inst->source))
+ break;
+ /* Fall through */
+ case MD_BURST_WAS_OFFLINE:
+ --inst->burst_total_samples_to_go;
+ break;
+ case MD_OFFLINE:
+ return;
+ default:
+ break;
+ }
+
+ /* Restart timer for this message */
+ restart_timeout(inst, get_transmit_delay(inst, 1, 0.0));
+
+ /* If a client packet was just sent, schedule a timeout to close the socket
+ at the time when all server replies would fail the delay test, so the
+ socket is not open for longer than necessary */
+ if (inst->mode == MODE_CLIENT)
+ inst->rx_timeout_id = SCH_AddTimeoutByDelay(inst->max_delay + MAX_SERVER_INTERVAL,
+ receive_timeout, (void *)inst);
+}
+
+/* ================================================== */
+
+static int
+check_packet_format(NTP_Packet *message, int length)
+{
+ int version;
+
+ /* Check version and length */
+
+ version = NTP_LVM_TO_VERSION(message->lvm);
+ if (version < NTP_MIN_COMPAT_VERSION || version > NTP_MAX_COMPAT_VERSION) {
+ DEBUG_LOG("NTP packet has invalid version %d", version);
+ return 0;
+ }
+
+ if (length < NTP_NORMAL_PACKET_LENGTH || (unsigned int)length % 4) {
+ DEBUG_LOG("NTP packet has invalid length %d", length);
+ return 0;
+ }
+
+ /* We can't reliably check the packet for invalid extension fields as we
+ support MACs longer than the shortest valid extension field */
+
+ return 1;
+}
+
+/* ================================================== */
+
+static int
+is_zero_data(unsigned char *data, int length)
+{
+ int i;
+
+ for (i = 0; i < length; i++)
+ if (data[i])
+ return 0;
+ return 1;
+}
+
+/* ================================================== */
+
+static int
+check_packet_auth(NTP_Packet *pkt, int length,
+ AuthenticationMode *auth_mode, uint32_t *key_id)
+{
+ int i, version, remainder, ext_length, max_mac_length;
+ unsigned char *data;
+ uint32_t id;
+
+ /* Go through extension fields and see if there is a valid MAC */
+
+ version = NTP_LVM_TO_VERSION(pkt->lvm);
+ i = NTP_NORMAL_PACKET_LENGTH;
+ data = (void *)pkt;
+
+ while (1) {
+ remainder = length - i;
+
+ /* Check if the remaining data is a valid MAC. There is a limit on MAC
+ length in NTPv4 packets to allow deterministic parsing of extension
+ fields (RFC 7822), but we need to support longer MACs to not break
+ compatibility with older chrony clients. This needs to be done before
+ trying to parse the data as an extension field. */
+
+ max_mac_length = version == 4 && remainder <= NTP_MAX_V4_MAC_LENGTH ?
+ NTP_MAX_V4_MAC_LENGTH : NTP_MAX_MAC_LENGTH;
+
+ if (remainder >= NTP_MIN_MAC_LENGTH && remainder <= max_mac_length) {
+ id = ntohl(*(uint32_t *)(data + i));
+ if (KEY_CheckAuth(id, (void *)pkt, i, (void *)(data + i + 4),
+ remainder - 4, max_mac_length - 4)) {
+ *auth_mode = AUTH_SYMMETRIC;
+ *key_id = id;
+
+ /* If it's an NTPv4 packet with long MAC and no extension fields,
+ rewrite the version in the packet to respond with long MAC too */
+ if (version == 4 && NTP_NORMAL_PACKET_LENGTH + remainder == length &&
+ remainder > NTP_MAX_V4_MAC_LENGTH)
+ pkt->lvm = NTP_LVM(NTP_LVM_TO_LEAP(pkt->lvm), 3, NTP_LVM_TO_MODE(pkt->lvm));
+
+ return 1;
+ }
+ }
+
+ /* Check if this is a valid NTPv4 extension field and skip it. It should
+ have a 16-bit type, 16-bit length, and data padded to 32 bits. */
+ if (version == 4 && remainder >= NTP_MIN_EXTENSION_LENGTH) {
+ ext_length = ntohs(*(uint16_t *)(data + i + 2));
+ if (ext_length >= NTP_MIN_EXTENSION_LENGTH &&
+ ext_length <= remainder && ext_length % 4 == 0) {
+ i += ext_length;
+ continue;
+ }
+ }
+
+ /* Invalid or missing MAC, or format error */
+ break;
+ }
+
+ /* This is not 100% reliable as a MAC could fail to authenticate and could
+ pass as an extension field, leaving reminder smaller than the minimum MAC
+ length */
+ if (remainder >= NTP_MIN_MAC_LENGTH) {
+ *auth_mode = AUTH_SYMMETRIC;
+ *key_id = ntohl(*(uint32_t *)(data + i));
+
+ /* Check if it is an MS-SNTP authenticator field or extended authenticator
+ field with zeroes as digest */
+ if (version == 3 && *key_id) {
+ if (remainder == 20 && is_zero_data(data + i + 4, remainder - 4))
+ *auth_mode = AUTH_MSSNTP;
+ else if (remainder == 72 && is_zero_data(data + i + 8, remainder - 8))
+ *auth_mode = AUTH_MSSNTP_EXT;
+ }
+ } else {
+ *auth_mode = AUTH_NONE;
+ *key_id = 0;
+ }
+
+ return 0;
+}
+
+/* ================================================== */
+
+static int
+check_delay_ratio(NCR_Instance inst, SST_Stats stats,
+ struct timespec *sample_time, double delay)
+{
+ double last_sample_ago, predicted_offset, min_delay, skew, std_dev;
+ double max_delay;
+
+ if (inst->max_delay_ratio < 1.0 ||
+ !SST_GetDelayTestData(stats, sample_time, &last_sample_ago,
+ &predicted_offset, &min_delay, &skew, &std_dev))
+ return 1;
+
+ max_delay = min_delay * inst->max_delay_ratio +
+ last_sample_ago * (skew + LCL_GetMaxClockError());
+
+ if (delay <= max_delay)
+ return 1;
+
+ DEBUG_LOG("maxdelayratio: delay=%e max_delay=%e", delay, max_delay);
+ return 0;
+}
+
+/* ================================================== */
+
+static int
+check_delay_dev_ratio(NCR_Instance inst, SST_Stats stats,
+ struct timespec *sample_time, double offset, double delay)
+{
+ double last_sample_ago, predicted_offset, min_delay, skew, std_dev;
+ double delta, max_delta, error_in_estimate;
+
+ if (!SST_GetDelayTestData(stats, sample_time, &last_sample_ago,
+ &predicted_offset, &min_delay, &skew, &std_dev))
+ return 1;
+
+ /* Require that the ratio of the increase in delay from the minimum to the
+ standard deviation is less than max_delay_dev_ratio. In the allowed
+ increase in delay include also dispersion. */
+
+ max_delta = std_dev * inst->max_delay_dev_ratio +
+ last_sample_ago * (skew + LCL_GetMaxClockError());
+ delta = (delay - min_delay) / 2.0;
+
+ if (delta <= max_delta)
+ return 1;
+
+ error_in_estimate = offset + predicted_offset;
+
+ /* Before we decide to drop the sample, make sure the difference between
+ measured offset and predicted offset is not significantly larger than
+ the increase in delay */
+ if (fabs(error_in_estimate) - delta > max_delta)
+ return 1;
+
+ DEBUG_LOG("maxdelaydevratio: error=%e delay=%e delta=%e max_delta=%e",
+ error_in_estimate, delay, delta, max_delta);
+ return 0;
+}
+
+/* ================================================== */
+
+static void
+process_sample(NCR_Instance inst, NTP_Sample *sample)
+{
+ double estimated_offset, error_in_estimate, filtered_sample_ago;
+ NTP_Sample filtered_sample;
+ int filtered_samples;
+
+ /* Accumulate the sample to the median filter if it is enabled. When the
+ filter produces a result, check if it is not too old, i.e. the filter did
+ not miss too many samples due to missing responses or failing tests. */
+ if (inst->filter) {
+ SPF_AccumulateSample(inst->filter, sample);
+
+ filtered_samples = SPF_GetNumberOfSamples(inst->filter);
+
+ if (!SPF_GetFilteredSample(inst->filter, &filtered_sample))
+ return;
+
+ filtered_sample_ago = UTI_DiffTimespecsToDouble(&sample->time, &filtered_sample.time);
+
+ if (filtered_sample_ago > SOURCE_REACH_BITS / 2 * filtered_samples *
+ UTI_Log2ToDouble(inst->local_poll)) {
+ DEBUG_LOG("filtered sample dropped ago=%f poll=%d", filtered_sample_ago,
+ inst->local_poll);
+ return;
+ }
+
+ sample = &filtered_sample;
+ }
+
+ /* Get the estimated offset predicted from previous samples. The
+ convention here is that positive means local clock FAST of
+ reference, i.e. backwards to the way that 'offset' is defined. */
+ estimated_offset = SST_PredictOffset(SRC_GetSourcestats(inst->source), &sample->time);
+
+ error_in_estimate = fabs(-sample->offset - estimated_offset);
+
+ SRC_AccumulateSample(inst->source, sample);
+ SRC_SelectSource(inst->source);
+
+ adjust_poll(inst, get_poll_adj(inst, error_in_estimate,
+ sample->peer_dispersion + 0.5 * sample->peer_delay));
+}
+
+/* ================================================== */
+
+static int
+receive_packet(NCR_Instance inst, NTP_Local_Address *local_addr,
+ NTP_Local_Timestamp *rx_ts, NTP_Packet *message, int length)
+{
+ NTP_Sample sample;
+ SST_Stats stats;
+
+ int pkt_leap, pkt_version;
+ uint32_t pkt_refid, pkt_key_id;
+ double pkt_root_delay;
+ double pkt_root_dispersion;
+ AuthenticationMode pkt_auth_mode;
+
+ /* The skew and estimated frequency offset relative to the remote source */
+ double skew, source_freq_lo, source_freq_hi;
+
+ /* RFC 5905 packet tests */
+ int test1, test2n, test2i, test2, test3, test5, test6, test7;
+ int interleaved_packet, valid_packet, synced_packet;
+
+ /* Additional tests */
+ int testA, testB, testC, testD;
+ int good_packet;
+
+ /* Kiss-o'-Death codes */
+ int kod_rate;
+
+ NTP_Local_Timestamp local_receive, local_transmit;
+ double remote_interval, local_interval, response_time;
+ double delay_time, precision;
+ int updated_timestamps;
+
+ /* ==================== */
+
+ stats = SRC_GetSourcestats(inst->source);
+
+ inst->report.total_rx_count++;
+
+ pkt_leap = NTP_LVM_TO_LEAP(message->lvm);
+ pkt_version = NTP_LVM_TO_VERSION(message->lvm);
+ pkt_refid = ntohl(message->reference_id);
+ pkt_root_delay = UTI_Ntp32ToDouble(message->root_delay);
+ pkt_root_dispersion = UTI_Ntp32ToDouble(message->root_dispersion);
+
+ /* Check if the packet is valid per RFC 5905, section 8.
+ The test values are 1 when passed and 0 when failed. */
+
+ /* Test 1 checks for duplicate packet */
+ test1 = UTI_CompareNtp64(&message->receive_ts, &inst->remote_ntp_rx) ||
+ UTI_CompareNtp64(&message->transmit_ts, &inst->remote_ntp_tx);
+
+ /* Test 2 checks for bogus packet in the basic and interleaved modes. This
+ ensures the source is responding to the latest packet we sent to it. */
+ test2n = !UTI_CompareNtp64(&message->originate_ts, &inst->local_ntp_tx);
+ test2i = inst->interleaved &&
+ !UTI_CompareNtp64(&message->originate_ts, &inst->local_ntp_rx);
+ test2 = test2n || test2i;
+ interleaved_packet = !test2n && test2i;
+
+ /* Test 3 checks for invalid timestamps. This can happen when the
+ association if not properly 'up'. */
+ test3 = !UTI_IsZeroNtp64(&message->originate_ts) &&
+ !UTI_IsZeroNtp64(&message->receive_ts) &&
+ !UTI_IsZeroNtp64(&message->transmit_ts);
+
+ /* Test 4 would check for denied access. It would always pass as this
+ function is called only for known sources. */
+
+ /* Test 5 checks for authentication failure. If we expect authenticated info
+ from this peer/server and the packet doesn't have it, the authentication
+ is bad, or it's authenticated with a different key than expected, it's got
+ to fail. If we don't expect the packet to be authenticated, just ignore
+ the test. */
+ test5 = inst->auth_mode == AUTH_NONE ||
+ (check_packet_auth(message, length, &pkt_auth_mode, &pkt_key_id) &&
+ pkt_auth_mode == inst->auth_mode && pkt_key_id == inst->auth_key_id);
+
+ /* Test 6 checks for unsynchronised server */
+ test6 = pkt_leap != LEAP_Unsynchronised &&
+ message->stratum < NTP_MAX_STRATUM &&
+ message->stratum != NTP_INVALID_STRATUM;
+
+ /* Test 7 checks for bad data. The root distance must be smaller than a
+ defined maximum. */
+ test7 = pkt_root_delay / 2.0 + pkt_root_dispersion < NTP_MAX_DISPERSION;
+
+ /* The packet is considered valid if the tests 1-5 passed. The timestamps
+ can be used for synchronisation if the tests 6 and 7 passed too. */
+ valid_packet = test1 && test2 && test3 && test5;
+ synced_packet = valid_packet && test6 && test7;
+
+ /* Check for Kiss-o'-Death codes */
+ kod_rate = 0;
+ if (test1 && test2 && test5 && pkt_leap == LEAP_Unsynchronised &&
+ message->stratum == NTP_INVALID_STRATUM) {
+ if (pkt_refid == KOD_RATE)
+ kod_rate = 1;
+ }
+
+ if (synced_packet && (!interleaved_packet || inst->valid_timestamps)) {
+ /* These are the timespec equivalents of the remote and local epochs */
+ struct timespec remote_receive, remote_transmit, remote_request_receive;
+ struct timespec local_average, remote_average, prev_remote_transmit;
+ double prev_remote_poll_interval;
+
+ /* Select remote and local timestamps for the new sample */
+ if (interleaved_packet) {
+ /* Prefer previous local TX and remote RX timestamps if it will make
+ the intervals significantly shorter in order to improve the accuracy
+ of the measured delay */
+ if (!UTI_IsZeroTimespec(&inst->prev_local_tx.ts) &&
+ MAX_INTERLEAVED_L2L_RATIO *
+ UTI_DiffTimespecsToDouble(&inst->local_tx.ts, &inst->local_rx.ts) >
+ UTI_DiffTimespecsToDouble(&inst->local_rx.ts, &inst->prev_local_tx.ts)) {
+ UTI_Ntp64ToTimespec(&inst->remote_ntp_rx, &remote_receive);
+ remote_request_receive = remote_receive;
+ local_transmit = inst->prev_local_tx;
+ } else {
+ UTI_Ntp64ToTimespec(&message->receive_ts, &remote_receive);
+ UTI_Ntp64ToTimespec(&inst->remote_ntp_rx, &remote_request_receive);
+ local_transmit = inst->local_tx;
+ }
+ UTI_Ntp64ToTimespec(&message->transmit_ts, &remote_transmit);
+ UTI_Ntp64ToTimespec(&inst->remote_ntp_tx, &prev_remote_transmit);
+ local_receive = inst->local_rx;
+ } else {
+ UTI_Ntp64ToTimespec(&message->receive_ts, &remote_receive);
+ UTI_Ntp64ToTimespec(&message->transmit_ts, &remote_transmit);
+ UTI_ZeroTimespec(&prev_remote_transmit);
+ remote_request_receive = remote_receive;
+ local_receive = *rx_ts;
+ local_transmit = inst->local_tx;
+ }
+
+ /* Calculate intervals between remote and local timestamps */
+ UTI_AverageDiffTimespecs(&remote_receive, &remote_transmit,
+ &remote_average, &remote_interval);
+ UTI_AverageDiffTimespecs(&local_transmit.ts, &local_receive.ts,
+ &local_average, &local_interval);
+ response_time = fabs(UTI_DiffTimespecsToDouble(&remote_transmit,
+ &remote_request_receive));
+
+ precision = LCL_GetSysPrecisionAsQuantum() + UTI_Log2ToDouble(message->precision);
+
+ /* Calculate delay */
+ sample.peer_delay = fabs(local_interval - remote_interval);
+ if (sample.peer_delay < precision)
+ sample.peer_delay = precision;
+
+ /* Calculate offset. Following the NTP definition, this is negative
+ if we are fast of the remote source. */
+ sample.offset = UTI_DiffTimespecsToDouble(&remote_average, &local_average);
+
+ /* Apply configured correction */
+ sample.offset += inst->offset_correction;
+
+ /* We treat the time of the sample as being midway through the local
+ measurement period. An analysis assuming constant relative
+ frequency and zero network delay shows this is the only possible
+ choice to estimate the frequency difference correctly for every
+ sample pair. */
+ sample.time = local_average;
+
+ SST_GetFrequencyRange(stats, &source_freq_lo, &source_freq_hi);
+
+ /* Calculate skew */
+ skew = (source_freq_hi - source_freq_lo) / 2.0;
+
+ /* and then calculate peer dispersion */
+ sample.peer_dispersion = MAX(precision, MAX(local_transmit.err, local_receive.err)) +
+ skew * fabs(local_interval);
+
+ /* If the source is an active peer, this is the minimum assumed interval
+ between previous two transmissions (if not constrained by minpoll) */
+ prev_remote_poll_interval = UTI_Log2ToDouble(MIN(inst->remote_poll,
+ inst->prev_local_poll));
+
+ /* Additional tests required to pass before accumulating the sample */
+
+ /* Test A requires that the minimum estimate of the peer delay is not
+ larger than the configured maximum, in both client modes that the server
+ processing time is sane, and in interleaved symmetric mode that the
+ measured delay and intervals between remote timestamps don't indicate
+ a missed response */
+ testA = sample.peer_delay - sample.peer_dispersion <= inst->max_delay &&
+ precision <= inst->max_delay &&
+ !(inst->mode == MODE_CLIENT && response_time > MAX_SERVER_INTERVAL) &&
+ !(inst->mode == MODE_ACTIVE && interleaved_packet &&
+ (sample.peer_delay > 0.5 * prev_remote_poll_interval ||
+ UTI_CompareNtp64(&message->receive_ts, &message->transmit_ts) <= 0 ||
+ (inst->remote_poll <= inst->prev_local_poll &&
+ UTI_DiffTimespecsToDouble(&remote_transmit, &prev_remote_transmit) >
+ 1.5 * prev_remote_poll_interval)));
+
+ /* Test B requires in client mode that the ratio of the round trip delay
+ to the minimum one currently in the stats data register is less than an
+ administrator-defined value */
+ testB = check_delay_ratio(inst, stats, &sample.time, sample.peer_delay);
+
+ /* Test C requires that the ratio of the increase in delay from the minimum
+ one in the stats data register to the standard deviation of the offsets
+ in the register is less than an administrator-defined value or the
+ difference between measured offset and predicted offset is larger than
+ the increase in delay */
+ testC = check_delay_dev_ratio(inst, stats, &sample.time, sample.offset, sample.peer_delay);
+
+ /* Test D requires that the remote peer is not synchronised to us to
+ prevent a synchronisation loop */
+ testD = message->stratum <= 1 || REF_GetMode() != REF_ModeNormal ||
+ pkt_refid != UTI_IPToRefid(&local_addr->ip_addr);
+ } else {
+ remote_interval = local_interval = response_time = 0.0;
+ sample.offset = sample.peer_delay = sample.peer_dispersion = 0.0;
+ sample.time = rx_ts->ts;
+ local_receive = *rx_ts;
+ local_transmit = inst->local_tx;
+ testA = testB = testC = testD = 0;
+ }
+
+ /* The packet is considered good for synchronisation if
+ the additional tests passed */
+ good_packet = testA && testB && testC && testD;
+
+ sample.root_delay = pkt_root_delay + sample.peer_delay;
+ sample.root_dispersion = pkt_root_dispersion + sample.peer_dispersion;
+ sample.stratum = MAX(message->stratum, inst->min_stratum);
+ sample.leap = (NTP_Leap)pkt_leap;
+
+ /* Update the NTP timestamps. If it's a valid packet from a synchronised
+ source, the timestamps may be used later when processing a packet in the
+ interleaved mode. Protect the timestamps against replay attacks in client
+ mode, and also in symmetric mode as long as the peers use the same polling
+ interval and never start with clocks in future or very distant past.
+ The authentication test (test5) is required to prevent DoS attacks using
+ unauthenticated packets on authenticated symmetric associations. */
+ if ((inst->mode == MODE_CLIENT && valid_packet && !inst->valid_rx) ||
+ (inst->mode == MODE_ACTIVE && valid_packet &&
+ (!inst->valid_rx ||
+ UTI_CompareNtp64(&inst->remote_ntp_tx, &message->transmit_ts) < 0))) {
+ inst->remote_ntp_rx = message->receive_ts;
+ inst->remote_ntp_tx = message->transmit_ts;
+ inst->local_rx = *rx_ts;
+ inst->valid_timestamps = synced_packet;
+
+ UTI_ZeroNtp64(&inst->init_remote_ntp_tx);
+ zero_local_timestamp(&inst->init_local_rx);
+ inst->updated_init_timestamps = 0;
+ updated_timestamps = 2;
+
+ /* Don't use the same set of timestamps for the next sample */
+ if (interleaved_packet)
+ inst->prev_local_tx = inst->local_tx;
+ else
+ zero_local_timestamp(&inst->prev_local_tx);
+ } else if (inst->mode == MODE_ACTIVE &&
+ test1 && !UTI_IsZeroNtp64(&message->transmit_ts) && test5 &&
+ (!inst->updated_init_timestamps ||
+ UTI_CompareNtp64(&inst->init_remote_ntp_tx, &message->transmit_ts) < 0)) {
+ inst->init_remote_ntp_tx = message->transmit_ts;
+ inst->init_local_rx = *rx_ts;
+ inst->updated_init_timestamps = 1;
+ updated_timestamps = 1;
+ } else {
+ updated_timestamps = 0;
+ }
+
+ /* Accept at most one response per request. The NTP specification recommends
+ resetting local_ntp_tx to make the following packets fail test2 or test3,
+ but that would not allow the code above to make multiple updates of the
+ timestamps in symmetric mode. Also, ignore presend responses. */
+ if (inst->valid_rx) {
+ test2 = test3 = 0;
+ valid_packet = synced_packet = good_packet = 0;
+ } else if (valid_packet) {
+ if (inst->presend_done) {
+ testA = 0;
+ good_packet = 0;
+ }
+ inst->valid_rx = 1;
+ }
+
+ if ((unsigned int)local_receive.source >= sizeof (tss_chars) ||
+ (unsigned int)local_transmit.source >= sizeof (tss_chars))
+ assert(0);
+
+ DEBUG_LOG("NTP packet lvm=%o stratum=%d poll=%d prec=%d root_delay=%f root_disp=%f refid=%"PRIx32" [%s]",
+ message->lvm, message->stratum, message->poll, message->precision,
+ pkt_root_delay, pkt_root_dispersion, pkt_refid,
+ message->stratum == NTP_INVALID_STRATUM ? UTI_RefidToString(pkt_refid) : "");
+ DEBUG_LOG("reference=%s origin=%s receive=%s transmit=%s",
+ UTI_Ntp64ToString(&message->reference_ts),
+ UTI_Ntp64ToString(&message->originate_ts),
+ UTI_Ntp64ToString(&message->receive_ts),
+ UTI_Ntp64ToString(&message->transmit_ts));
+ DEBUG_LOG("offset=%.9f delay=%.9f dispersion=%f root_delay=%f root_dispersion=%f",
+ sample.offset, sample.peer_delay, sample.peer_dispersion,
+ sample.root_delay, sample.root_dispersion);
+ DEBUG_LOG("remote_interval=%.9f local_interval=%.9f response_time=%.9f txs=%c rxs=%c",
+ remote_interval, local_interval, response_time,
+ tss_chars[local_transmit.source], tss_chars[local_receive.source]);
+ DEBUG_LOG("test123=%d%d%d test567=%d%d%d testABCD=%d%d%d%d kod_rate=%d interleaved=%d"
+ " presend=%d valid=%d good=%d updated=%d",
+ test1, test2, test3, test5, test6, test7, testA, testB, testC, testD,
+ kod_rate, interleaved_packet, inst->presend_done, valid_packet, good_packet,
+ updated_timestamps);
+
+ if (valid_packet) {
+ inst->remote_poll = message->poll;
+ inst->remote_stratum = message->stratum != NTP_INVALID_STRATUM ?
+ message->stratum : NTP_MAX_STRATUM;
+
+ inst->prev_local_poll = inst->local_poll;
+ inst->prev_tx_count = inst->tx_count;
+ inst->tx_count = 0;
+
+ SRC_UpdateReachability(inst->source, synced_packet);
+
+ if (good_packet) {
+ /* Adjust the polling interval, accumulate the sample, etc. */
+ process_sample(inst, &sample);
+
+ /* If we're in burst mode, check whether the burst is completed and
+ revert to the previous mode */
+ switch (inst->opmode) {
+ case MD_BURST_WAS_ONLINE:
+ case MD_BURST_WAS_OFFLINE:
+ --inst->burst_good_samples_to_go;
+ if (inst->burst_good_samples_to_go <= 0) {
+ if (inst->opmode == MD_BURST_WAS_ONLINE)
+ inst->opmode = MD_ONLINE;
+ else
+ take_offline(inst);
+ }
+ break;
+ default:
+ break;
+ }
+ } else {
+ /* Slowly increase the polling interval if we can't get good packet */
+ adjust_poll(inst, 0.1);
+ }
+
+ /* If in client mode, no more packets are expected to be coming from the
+ server and the socket can be closed */
+ close_client_socket(inst);
+
+ /* Update the local address and interface */
+ inst->local_addr.ip_addr = local_addr->ip_addr;
+ inst->local_addr.if_index = local_addr->if_index;
+
+ /* And now, requeue the timer */
+ if (inst->opmode != MD_OFFLINE) {
+ delay_time = get_transmit_delay(inst, 0,
+ UTI_DiffTimespecsToDouble(&inst->local_rx.ts, &inst->local_tx.ts));
+
+ if (kod_rate) {
+ LOG(LOGS_WARN, "Received KoD RATE from %s",
+ UTI_IPToString(&inst->remote_addr.ip_addr));
+
+ /* Back off for a while and stop ongoing burst */
+ delay_time += 4 * UTI_Log2ToDouble(inst->local_poll);
+
+ if (inst->opmode == MD_BURST_WAS_OFFLINE || inst->opmode == MD_BURST_WAS_ONLINE) {
+ inst->burst_good_samples_to_go = 0;
+ }
+ }
+
+ /* Get rid of old timeout and start a new one */
+ assert(inst->tx_timeout_id);
+ restart_timeout(inst, delay_time);
+ }
+
+ /* Update the NTP report */
+ inst->report.remote_addr = inst->remote_addr.ip_addr;
+ inst->report.local_addr = inst->local_addr.ip_addr;
+ inst->report.remote_port = inst->remote_addr.port;
+ inst->report.leap = pkt_leap;
+ inst->report.version = pkt_version;
+ inst->report.mode = NTP_LVM_TO_MODE(message->lvm);
+ inst->report.stratum = message->stratum;
+ inst->report.poll = message->poll;
+ inst->report.precision = message->precision;
+ inst->report.root_delay = pkt_root_delay;
+ inst->report.root_dispersion = pkt_root_dispersion;
+ inst->report.ref_id = pkt_refid;
+ UTI_Ntp64ToTimespec(&message->reference_ts, &inst->report.ref_time);
+ inst->report.offset = sample.offset;
+ inst->report.peer_delay = sample.peer_delay;
+ inst->report.peer_dispersion = sample.peer_dispersion;
+ inst->report.response_time = response_time;
+ inst->report.jitter_asymmetry = SST_GetJitterAsymmetry(stats);
+ inst->report.tests = ((((((((test1 << 1 | test2) << 1 | test3) << 1 |
+ test5) << 1 | test6) << 1 | test7) << 1 |
+ testA) << 1 | testB) << 1 | testC) << 1 | testD;
+ inst->report.interleaved = interleaved_packet;
+ inst->report.authenticated = inst->auth_mode != AUTH_NONE;
+ inst->report.tx_tss_char = tss_chars[local_transmit.source];
+ inst->report.rx_tss_char = tss_chars[local_receive.source];
+
+ inst->report.total_valid_count++;
+ }
+
+ /* Do measurement logging */
+ if (logfileid != -1 && (log_raw_measurements || synced_packet)) {
+ LOG_FileWrite(logfileid, "%s %-15s %1c %2d %1d%1d%1d %1d%1d%1d %1d%1d%1d%d %2d %2d %4.2f %10.3e %10.3e %10.3e %10.3e %10.3e %08"PRIX32" %1d%1c %1c %1c",
+ UTI_TimeToLogForm(sample.time.tv_sec),
+ UTI_IPToString(&inst->remote_addr.ip_addr),
+ leap_chars[pkt_leap],
+ message->stratum,
+ test1, test2, test3, test5, test6, test7, testA, testB, testC, testD,
+ inst->local_poll, message->poll,
+ inst->poll_score,
+ sample.offset, sample.peer_delay, sample.peer_dispersion,
+ pkt_root_delay, pkt_root_dispersion, pkt_refid,
+ NTP_LVM_TO_MODE(message->lvm), interleaved_packet ? 'I' : 'B',
+ tss_chars[local_transmit.source],
+ tss_chars[local_receive.source]);
+ }
+
+ return good_packet;
+}
+
+/* ================================================== */
+/* From RFC 5905, the standard handling of received packets, depending
+ on the mode of the packet and of the source, is :
+
+ +------------------+---------------------------------------+
+ | | Packet Mode |
+ +------------------+-------+-------+-------+-------+-------+
+ | Association Mode | 1 | 2 | 3 | 4 | 5 |
+ +------------------+-------+-------+-------+-------+-------+
+ | No Association 0 | NEWPS | DSCRD | FXMIT | MANY | NEWBC |
+ | Symm. Active 1 | PROC | PROC | DSCRD | DSCRD | DSCRD |
+ | Symm. Passive 2 | PROC | ERR | DSCRD | DSCRD | DSCRD |
+ | Client 3 | DSCRD | DSCRD | DSCRD | PROC | DSCRD |
+ | Server 4 | DSCRD | DSCRD | DSCRD | DSCRD | DSCRD |
+ | Broadcast 5 | DSCRD | DSCRD | DSCRD | DSCRD | DSCRD |
+ | Bcast Client 6 | DSCRD | DSCRD | DSCRD | DSCRD | PROC |
+ +------------------+-------+-------+-------+-------+-------+
+
+ Association mode 0 is implemented in NCR_ProcessRxUnknown(), other modes
+ in NCR_ProcessRxKnown().
+
+ Broadcast, manycast and ephemeral symmetric passive associations are not
+ supported yet.
+ */
+
+/* ================================================== */
+/* This routine is called when a new packet arrives off the network,
+ and it relates to a source we have an ongoing protocol exchange with */
+
+int
+NCR_ProcessRxKnown(NCR_Instance inst, NTP_Local_Address *local_addr,
+ NTP_Local_Timestamp *rx_ts, NTP_Packet *message, int length)
+{
+ int pkt_mode, proc_packet, proc_as_unknown;
+
+ if (!check_packet_format(message, length))
+ return 0;
+
+ pkt_mode = NTP_LVM_TO_MODE(message->lvm);
+ proc_packet = 0;
+ proc_as_unknown = 0;
+
+ /* Now, depending on the mode we decide what to do */
+ switch (pkt_mode) {
+ case MODE_ACTIVE:
+ switch (inst->mode) {
+ case MODE_ACTIVE:
+ /* Ordinary symmetric peering */
+ proc_packet = 1;
+ break;
+ case MODE_PASSIVE:
+ /* In this software this case should not arise, we don't
+ support unconfigured peers */
+ break;
+ case MODE_CLIENT:
+ /* This is where we have the remote configured as a server and he has
+ us configured as a peer, process as from an unknown source */
+ proc_as_unknown = 1;
+ break;
+ default:
+ /* Discard */
+ break;
+ }
+ break;
+
+ case MODE_PASSIVE:
+ switch (inst->mode) {
+ case MODE_ACTIVE:
+ /* This would arise if we have the remote configured as a peer and
+ he does not have us configured */
+ proc_packet = 1;
+ break;
+ case MODE_PASSIVE:
+ /* Error condition in RFC 5905 */
+ break;
+ default:
+ /* Discard */
+ break;
+ }
+ break;
+
+ case MODE_CLIENT:
+ /* If message is client mode, we just respond with a server mode
+ packet, regardless of what we think the remote machine is
+ supposed to be. However, even though this is a configured
+ peer or server, we still implement access restrictions on
+ client mode operation.
+
+ This copes with the case for an isolated network where one
+ machine is set by eye and is used as the master, with the
+ other machines pointed at it. If the master goes down, we
+ want to be able to reset its time at startup by relying on
+ one of the secondaries to flywheel it. The behaviour coded here
+ is required in the secondaries to make this possible. */
+
+ proc_as_unknown = 1;
+ break;
+
+ case MODE_SERVER:
+ switch (inst->mode) {
+ case MODE_CLIENT:
+ /* Standard case where he's a server and we're the client */
+ proc_packet = 1;
+ break;
+ default:
+ /* Discard */
+ break;
+ }
+ break;
+
+ case MODE_BROADCAST:
+ /* Just ignore these */
+ break;
+
+ default:
+ /* Obviously ignore */
+ break;
+ }
+
+ if (proc_packet) {
+ /* Check if the reply was received by the socket that sent the request */
+ if (local_addr->sock_fd != inst->local_addr.sock_fd) {
+ DEBUG_LOG("Packet received by wrong socket %d (expected %d)",
+ local_addr->sock_fd, inst->local_addr.sock_fd);
+ return 0;
+ }
+
+ /* Ignore packets from offline sources */
+ if (inst->opmode == MD_OFFLINE || inst->tx_suspended) {
+ DEBUG_LOG("Packet from offline source");
+ return 0;
+ }
+
+ return receive_packet(inst, local_addr, rx_ts, message, length);
+ } else if (proc_as_unknown) {
+ NCR_ProcessRxUnknown(&inst->remote_addr, local_addr, rx_ts, message, length);
+ /* It's not a reply to our request, don't return success */
+ return 0;
+ } else {
+ DEBUG_LOG("NTP packet discarded pkt_mode=%d our_mode=%u", pkt_mode, inst->mode);
+ return 0;
+ }
+}
+
+/* ================================================== */
+/* This routine is called when a new packet arrives off the network,
+ and it relates to a source we don't know (not our server or peer) */
+
+void
+NCR_ProcessRxUnknown(NTP_Remote_Address *remote_addr, NTP_Local_Address *local_addr,
+ NTP_Local_Timestamp *rx_ts, NTP_Packet *message, int length)
+{
+ NTP_Mode pkt_mode, my_mode;
+ NTP_int64 *local_ntp_rx, *local_ntp_tx;
+ NTP_Local_Timestamp local_tx, *tx_ts;
+ int pkt_version, valid_auth, log_index, interleaved, poll;
+ AuthenticationMode auth_mode;
+ uint32_t key_id;
+
+ /* Ignore the packet if it wasn't received by server socket */
+ if (!NIO_IsServerSocket(local_addr->sock_fd)) {
+ DEBUG_LOG("NTP request packet received by client socket %d", local_addr->sock_fd);
+ return;
+ }
+
+ if (!check_packet_format(message, length))
+ return;
+
+ if (!ADF_IsAllowed(access_auth_table, &remote_addr->ip_addr)) {
+ DEBUG_LOG("NTP packet received from unauthorised host %s port %d",
+ UTI_IPToString(&remote_addr->ip_addr),
+ remote_addr->port);
+ return;
+ }
+
+ pkt_mode = NTP_LVM_TO_MODE(message->lvm);
+ pkt_version = NTP_LVM_TO_VERSION(message->lvm);
+
+ switch (pkt_mode) {
+ case MODE_ACTIVE:
+ /* We are symmetric passive, even though we don't ever lock to him */
+ my_mode = MODE_PASSIVE;
+ break;
+ case MODE_CLIENT:
+ /* Reply with server packet */
+ my_mode = MODE_SERVER;
+ break;
+ case MODE_UNDEFINED:
+ /* Check if it is an NTPv1 client request (NTPv1 packets have a reserved
+ field instead of the mode field and the actual mode is determined from
+ the port numbers). Don't ever respond with a mode 0 packet! */
+ if (pkt_version == 1 && remote_addr->port != NTP_PORT) {
+ my_mode = MODE_SERVER;
+ break;
+ }
+ /* Fall through */
+ default:
+ /* Discard */
+ DEBUG_LOG("NTP packet discarded pkt_mode=%u", pkt_mode);
+ return;
+ }
+
+ log_index = CLG_LogNTPAccess(&remote_addr->ip_addr, &rx_ts->ts);
+
+ /* Don't reply to all requests if the rate is excessive */
+ if (log_index >= 0 && CLG_LimitNTPResponseRate(log_index)) {
+ DEBUG_LOG("NTP packet discarded to limit response rate");
+ return;
+ }
+
+ /* Check if the packet includes MAC that authenticates properly */
+ valid_auth = check_packet_auth(message, length, &auth_mode, &key_id);
+
+ /* If authentication failed, select whether and how we should respond */
+ if (!valid_auth) {
+ switch (auth_mode) {
+ case AUTH_NONE:
+ /* Reply with no MAC */
+ break;
+ case AUTH_MSSNTP:
+ /* Ignore the failure (MS-SNTP servers don't check client MAC) */
+ break;
+ default:
+ /* Discard packets in other modes */
+ DEBUG_LOG("NTP packet discarded auth_mode=%u", auth_mode);
+ return;
+ }
+ }
+
+ local_ntp_rx = local_ntp_tx = NULL;
+ tx_ts = NULL;
+ interleaved = 0;
+
+ /* Check if the client is using the interleaved mode. If it is, save the
+ new transmit timestamp and if the old transmit timestamp is valid, respond
+ in the interleaved mode. This means the third reply to a new client is
+ the earliest one that can be interleaved. We don't want to waste time
+ on clients that are not using the interleaved mode. */
+ if (log_index >= 0) {
+ CLG_GetNtpTimestamps(log_index, &local_ntp_rx, &local_ntp_tx);
+ interleaved = !UTI_IsZeroNtp64(local_ntp_rx) &&
+ !UTI_CompareNtp64(&message->originate_ts, local_ntp_rx) &&
+ UTI_CompareNtp64(&message->receive_ts, &message->transmit_ts);
+
+ if (interleaved) {
+ UTI_Ntp64ToTimespec(local_ntp_tx, &local_tx.ts);
+ tx_ts = &local_tx;
+ } else {
+ UTI_ZeroNtp64(local_ntp_tx);
+ local_ntp_tx = NULL;
+ }
+ }
+
+ /* Suggest the client to increase its polling interval if it indicates
+ the interval is shorter than the rate limiting interval */
+ poll = CLG_GetNtpMinPoll();
+ poll = MAX(poll, message->poll);
+
+ /* Send a reply */
+ transmit_packet(my_mode, interleaved, poll, pkt_version,
+ auth_mode, key_id, &message->receive_ts, &message->transmit_ts,
+ rx_ts, tx_ts, local_ntp_rx, NULL, remote_addr, local_addr);
+
+ /* Save the transmit timestamp */
+ if (tx_ts)
+ UTI_TimespecToNtp64(&tx_ts->ts, local_ntp_tx, NULL);
+}
+
+/* ================================================== */
+
+static void
+update_tx_timestamp(NTP_Local_Timestamp *tx_ts, NTP_Local_Timestamp *new_tx_ts,
+ NTP_int64 *local_ntp_rx, NTP_int64 *local_ntp_tx, NTP_Packet *message)
+{
+ double delay;
+
+ if (UTI_IsZeroTimespec(&tx_ts->ts)) {
+ DEBUG_LOG("Unexpected TX update");
+ return;
+ }
+
+ /* Check if this is the last packet that was sent */
+ if ((local_ntp_rx && UTI_CompareNtp64(&message->receive_ts, local_ntp_rx)) ||
+ (local_ntp_tx && UTI_CompareNtp64(&message->transmit_ts, local_ntp_tx))) {
+ DEBUG_LOG("RX/TX timestamp mismatch");
+ return;
+ }
+
+ delay = UTI_DiffTimespecsToDouble(&new_tx_ts->ts, &tx_ts->ts);
+
+ if (delay < 0.0 || delay > MAX_TX_DELAY) {
+ DEBUG_LOG("Unacceptable TX delay %.9f", delay);
+ return;
+ }
+
+ *tx_ts = *new_tx_ts;
+
+ DEBUG_LOG("Updated TX timestamp delay=%.9f", delay);
+}
+
+/* ================================================== */
+
+void
+NCR_ProcessTxKnown(NCR_Instance inst, NTP_Local_Address *local_addr,
+ NTP_Local_Timestamp *tx_ts, NTP_Packet *message, int length)
+{
+ NTP_Mode pkt_mode;
+
+ if (!check_packet_format(message, length))
+ return;
+
+ pkt_mode = NTP_LVM_TO_MODE(message->lvm);
+
+ /* Server and passive mode packets are responses to unknown sources */
+ if (pkt_mode != MODE_CLIENT && pkt_mode != MODE_ACTIVE) {
+ NCR_ProcessTxUnknown(&inst->remote_addr, local_addr, tx_ts, message, length);
+ return;
+ }
+
+ update_tx_timestamp(&inst->local_tx, tx_ts, &inst->local_ntp_rx, &inst->local_ntp_tx,
+ message);
+}
+
+/* ================================================== */
+
+void
+NCR_ProcessTxUnknown(NTP_Remote_Address *remote_addr, NTP_Local_Address *local_addr,
+ NTP_Local_Timestamp *tx_ts, NTP_Packet *message, int length)
+{
+ NTP_int64 *local_ntp_rx, *local_ntp_tx;
+ NTP_Local_Timestamp local_tx;
+ int log_index;
+
+ if (!check_packet_format(message, length))
+ return;
+
+ if (NTP_LVM_TO_MODE(message->lvm) == MODE_BROADCAST)
+ return;
+
+ log_index = CLG_GetClientIndex(&remote_addr->ip_addr);
+ if (log_index < 0)
+ return;
+
+ if (SMT_IsEnabled() && NTP_LVM_TO_MODE(message->lvm) == MODE_SERVER)
+ UTI_AddDoubleToTimespec(&tx_ts->ts, SMT_GetOffset(&tx_ts->ts), &tx_ts->ts);
+
+ CLG_GetNtpTimestamps(log_index, &local_ntp_rx, &local_ntp_tx);
+
+ UTI_Ntp64ToTimespec(local_ntp_tx, &local_tx.ts);
+ update_tx_timestamp(&local_tx, tx_ts, local_ntp_rx, NULL, message);
+ UTI_TimespecToNtp64(&local_tx.ts, local_ntp_tx, NULL);
+}
+
+/* ================================================== */
+
+void
+NCR_SlewTimes(NCR_Instance inst, struct timespec *when, double dfreq, double doffset)
+{
+ double delta;
+
+ if (!UTI_IsZeroTimespec(&inst->local_rx.ts))
+ UTI_AdjustTimespec(&inst->local_rx.ts, when, &inst->local_rx.ts, &delta, dfreq, doffset);
+ if (!UTI_IsZeroTimespec(&inst->local_tx.ts))
+ UTI_AdjustTimespec(&inst->local_tx.ts, when, &inst->local_tx.ts, &delta, dfreq, doffset);
+ if (!UTI_IsZeroTimespec(&inst->prev_local_tx.ts))
+ UTI_AdjustTimespec(&inst->prev_local_tx.ts, when, &inst->prev_local_tx.ts, &delta, dfreq,
+ doffset);
+ if (!UTI_IsZeroTimespec(&inst->init_local_rx.ts))
+ UTI_AdjustTimespec(&inst->init_local_rx.ts, when, &inst->init_local_rx.ts, &delta, dfreq,
+ doffset);
+
+ if (inst->filter)
+ SPF_SlewSamples(inst->filter, when, dfreq, doffset);
+}
+
+/* ================================================== */
+
+void
+NCR_SetConnectivity(NCR_Instance inst, SRC_Connectivity connectivity)
+{
+ char *s;
+
+ s = UTI_IPToString(&inst->remote_addr.ip_addr);
+
+ if (connectivity == SRC_MAYBE_ONLINE)
+ connectivity = NIO_IsServerConnectable(&inst->remote_addr) ? SRC_ONLINE : SRC_OFFLINE;
+
+ switch (connectivity) {
+ case SRC_ONLINE:
+ switch (inst->opmode) {
+ case MD_ONLINE:
+ /* Nothing to do */
+ break;
+ case MD_OFFLINE:
+ LOG(LOGS_INFO, "Source %s online", s);
+ inst->opmode = MD_ONLINE;
+ NCR_ResetInstance(inst);
+ start_initial_timeout(inst);
+ break;
+ case MD_BURST_WAS_ONLINE:
+ /* Will revert */
+ break;
+ case MD_BURST_WAS_OFFLINE:
+ inst->opmode = MD_BURST_WAS_ONLINE;
+ LOG(LOGS_INFO, "Source %s online", s);
+ break;
+ default:
+ assert(0);
+ }
+ break;
+ case SRC_OFFLINE:
+ switch (inst->opmode) {
+ case MD_ONLINE:
+ LOG(LOGS_INFO, "Source %s offline", s);
+ take_offline(inst);
+ break;
+ case MD_OFFLINE:
+ break;
+ case MD_BURST_WAS_ONLINE:
+ inst->opmode = MD_BURST_WAS_OFFLINE;
+ LOG(LOGS_INFO, "Source %s offline", s);
+ break;
+ case MD_BURST_WAS_OFFLINE:
+ break;
+ default:
+ assert(0);
+ }
+ break;
+ default:
+ assert(0);
+ }
+}
+
+/* ================================================== */
+
+void
+NCR_ModifyMinpoll(NCR_Instance inst, int new_minpoll)
+{
+ if (new_minpoll < MIN_POLL || new_minpoll > MAX_POLL)
+ return;
+ inst->minpoll = new_minpoll;
+ LOG(LOGS_INFO, "Source %s new minpoll %d", UTI_IPToString(&inst->remote_addr.ip_addr), new_minpoll);
+ if (inst->maxpoll < inst->minpoll)
+ NCR_ModifyMaxpoll(inst, inst->minpoll);
+}
+
+/* ================================================== */
+
+void
+NCR_ModifyMaxpoll(NCR_Instance inst, int new_maxpoll)
+{
+ if (new_maxpoll < MIN_POLL || new_maxpoll > MAX_POLL)
+ return;
+ inst->maxpoll = new_maxpoll;
+ LOG(LOGS_INFO, "Source %s new maxpoll %d", UTI_IPToString(&inst->remote_addr.ip_addr), new_maxpoll);
+ if (inst->minpoll > inst->maxpoll)
+ NCR_ModifyMinpoll(inst, inst->maxpoll);
+}
+
+/* ================================================== */
+
+void
+NCR_ModifyMaxdelay(NCR_Instance inst, double new_max_delay)
+{
+ inst->max_delay = CLAMP(0.0, new_max_delay, MAX_MAXDELAY);
+ LOG(LOGS_INFO, "Source %s new maxdelay %f",
+ UTI_IPToString(&inst->remote_addr.ip_addr), inst->max_delay);
+}
+
+/* ================================================== */
+
+void
+NCR_ModifyMaxdelayratio(NCR_Instance inst, double new_max_delay_ratio)
+{
+ inst->max_delay_ratio = CLAMP(0.0, new_max_delay_ratio, MAX_MAXDELAYRATIO);
+ LOG(LOGS_INFO, "Source %s new maxdelayratio %f",
+ UTI_IPToString(&inst->remote_addr.ip_addr), inst->max_delay_ratio);
+}
+
+/* ================================================== */
+
+void
+NCR_ModifyMaxdelaydevratio(NCR_Instance inst, double new_max_delay_dev_ratio)
+{
+ inst->max_delay_dev_ratio = CLAMP(0.0, new_max_delay_dev_ratio, MAX_MAXDELAYDEVRATIO);
+ LOG(LOGS_INFO, "Source %s new maxdelaydevratio %f",
+ UTI_IPToString(&inst->remote_addr.ip_addr), inst->max_delay_dev_ratio);
+}
+
+/* ================================================== */
+
+void
+NCR_ModifyMinstratum(NCR_Instance inst, int new_min_stratum)
+{
+ inst->min_stratum = new_min_stratum;
+ LOG(LOGS_INFO, "Source %s new minstratum %d",
+ UTI_IPToString(&inst->remote_addr.ip_addr), new_min_stratum);
+}
+
+/* ================================================== */
+
+void
+NCR_ModifyPolltarget(NCR_Instance inst, int new_poll_target)
+{
+ inst->poll_target = new_poll_target;
+ LOG(LOGS_INFO, "Source %s new polltarget %d",
+ UTI_IPToString(&inst->remote_addr.ip_addr), new_poll_target);
+}
+
+/* ================================================== */
+
+void
+NCR_InitiateSampleBurst(NCR_Instance inst, int n_good_samples, int n_total_samples)
+{
+
+ if (inst->mode == MODE_CLIENT) {
+
+ /* We want to prevent burst mode being used on symmetric active
+ associations - it will play havoc with the peer's sampling
+ strategy. (This obviously relies on us having the peer
+ configured that way if he has us configured symmetric active -
+ but there's not much else we can do.) */
+
+ switch (inst->opmode) {
+ case MD_BURST_WAS_OFFLINE:
+ case MD_BURST_WAS_ONLINE:
+ /* If already burst sampling, don't start again */
+ break;
+
+ case MD_ONLINE:
+ case MD_OFFLINE:
+ inst->opmode = inst->opmode == MD_ONLINE ?
+ MD_BURST_WAS_ONLINE : MD_BURST_WAS_OFFLINE;
+ inst->burst_good_samples_to_go = n_good_samples;
+ inst->burst_total_samples_to_go = n_total_samples;
+ start_initial_timeout(inst);
+ break;
+ default:
+ assert(0);
+ break;
+ }
+ }
+
+}
+
+/* ================================================== */
+
+void
+NCR_ReportSource(NCR_Instance inst, RPT_SourceReport *report, struct timespec *now)
+{
+ report->poll = get_transmit_poll(inst);
+
+ switch (inst->mode) {
+ case MODE_CLIENT:
+ report->mode = RPT_NTP_CLIENT;
+ break;
+ case MODE_ACTIVE:
+ report->mode = RPT_NTP_PEER;
+ break;
+ default:
+ assert(0);
+ }
+}
+
+/* ================================================== */
+
+void
+NCR_GetNTPReport(NCR_Instance inst, RPT_NTPReport *report)
+{
+ *report = inst->report;
+}
+
+/* ================================================== */
+
+int
+NCR_AddAccessRestriction(IPAddr *ip_addr, int subnet_bits, int allow, int all)
+ {
+ ADF_Status status;
+
+ if (allow) {
+ if (all) {
+ status = ADF_AllowAll(access_auth_table, ip_addr, subnet_bits);
+ } else {
+ status = ADF_Allow(access_auth_table, ip_addr, subnet_bits);
+ }
+ } else {
+ if (all) {
+ status = ADF_DenyAll(access_auth_table, ip_addr, subnet_bits);
+ } else {
+ status = ADF_Deny(access_auth_table, ip_addr, subnet_bits);
+ }
+ }
+
+ if (status != ADF_SUCCESS)
+ return 0;
+
+ /* Keep server sockets open only when an address allowed */
+ if (allow) {
+ NTP_Remote_Address remote_addr;
+
+ if (server_sock_fd4 == INVALID_SOCK_FD &&
+ ADF_IsAnyAllowed(access_auth_table, IPADDR_INET4)) {
+ remote_addr.ip_addr.family = IPADDR_INET4;
+ server_sock_fd4 = NIO_OpenServerSocket(&remote_addr);
+ }
+ if (server_sock_fd6 == INVALID_SOCK_FD &&
+ ADF_IsAnyAllowed(access_auth_table, IPADDR_INET6)) {
+ remote_addr.ip_addr.family = IPADDR_INET6;
+ server_sock_fd6 = NIO_OpenServerSocket(&remote_addr);
+ }
+ } else {
+ if (server_sock_fd4 != INVALID_SOCK_FD &&
+ !ADF_IsAnyAllowed(access_auth_table, IPADDR_INET4)) {
+ NIO_CloseServerSocket(server_sock_fd4);
+ server_sock_fd4 = INVALID_SOCK_FD;
+ }
+ if (server_sock_fd6 != INVALID_SOCK_FD &&
+ !ADF_IsAnyAllowed(access_auth_table, IPADDR_INET6)) {
+ NIO_CloseServerSocket(server_sock_fd6);
+ server_sock_fd6 = INVALID_SOCK_FD;
+ }
+ }
+
+ return 1;
+}
+
+/* ================================================== */
+
+int
+NCR_CheckAccessRestriction(IPAddr *ip_addr)
+{
+ return ADF_IsAllowed(access_auth_table, ip_addr);
+}
+
+/* ================================================== */
+
+void
+NCR_IncrementActivityCounters(NCR_Instance inst, int *online, int *offline,
+ int *burst_online, int *burst_offline)
+{
+ switch (inst->opmode) {
+ case MD_BURST_WAS_OFFLINE:
+ ++*burst_offline;
+ break;
+ case MD_BURST_WAS_ONLINE:
+ ++*burst_online;
+ break;
+ case MD_ONLINE:
+ ++*online;
+ break;
+ case MD_OFFLINE:
+ ++*offline;
+ break;
+ default:
+ assert(0);
+ break;
+ }
+}
+
+/* ================================================== */
+
+NTP_Remote_Address *
+NCR_GetRemoteAddress(NCR_Instance inst)
+{
+ return &inst->remote_addr;
+}
+
+/* ================================================== */
+
+uint32_t
+NCR_GetLocalRefid(NCR_Instance inst)
+{
+ return UTI_IPToRefid(&inst->local_addr.ip_addr);
+}
+
+/* ================================================== */
+
+int NCR_IsSyncPeer(NCR_Instance inst)
+{
+ return SRC_IsSyncPeer(inst->source);
+}
+
+/* ================================================== */
+
+static void
+broadcast_timeout(void *arg)
+{
+ BroadcastDestination *destination;
+ NTP_int64 orig_ts;
+ NTP_Local_Timestamp recv_ts;
+ int poll;
+
+ destination = ARR_GetElement(broadcasts, (long)arg);
+ poll = log(destination->interval) / log(2.0) + 0.5;
+
+ UTI_ZeroNtp64(&orig_ts);
+ zero_local_timestamp(&recv_ts);
+
+ transmit_packet(MODE_BROADCAST, 0, poll, NTP_VERSION, 0, 0, &orig_ts, &orig_ts, &recv_ts,
+ NULL, NULL, NULL, &destination->addr, &destination->local_addr);
+
+ /* Requeue timeout. We don't care if interval drifts gradually. */
+ SCH_AddTimeoutInClass(destination->interval, get_separation(poll), SAMPLING_RANDOMNESS,
+ SCH_NtpBroadcastClass, broadcast_timeout, arg);
+}
+
+/* ================================================== */
+
+void
+NCR_AddBroadcastDestination(IPAddr *addr, unsigned short port, int interval)
+{
+ BroadcastDestination *destination;
+
+ destination = (BroadcastDestination *)ARR_GetNewElement(broadcasts);
+
+ destination->addr.ip_addr = *addr;
+ destination->addr.port = port;
+ destination->local_addr.ip_addr.family = IPADDR_UNSPEC;
+ destination->local_addr.if_index = INVALID_IF_INDEX;
+ destination->local_addr.sock_fd = NIO_OpenServerSocket(&destination->addr);
+ destination->interval = CLAMP(1, interval, 1 << MAX_POLL);
+
+ SCH_AddTimeoutInClass(destination->interval, MAX_SAMPLING_SEPARATION, SAMPLING_RANDOMNESS,
+ SCH_NtpBroadcastClass, broadcast_timeout,
+ (void *)(long)(ARR_GetSize(broadcasts) - 1));
+}