diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:09:41 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:09:41 +0000 |
commit | 3271d1ac389d2ec93db9c5b9ce0991ce478476cf (patch) | |
tree | 35ff7d180e1ccc061f28535d7435b5ba1789e734 /ntp_core.c | |
parent | Initial commit. (diff) | |
download | chrony-upstream/4.3.tar.xz chrony-upstream/4.3.zip |
Adding upstream version 4.3.upstream/4.3upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'ntp_core.c')
-rw-r--r-- | ntp_core.c | 2999 |
1 files changed, 2999 insertions, 0 deletions
diff --git a/ntp_core.c b/ntp_core.c new file mode 100644 index 0000000..63c5a3a --- /dev/null +++ b/ntp_core.c @@ -0,0 +1,2999 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997-2003 + * Copyright (C) Miroslav Lichvar 2009-2022 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Core NTP protocol engine + */ + +#include "config.h" + +#include "sysincl.h" + +#include "array.h" +#include "ntp_auth.h" +#include "ntp_core.h" +#include "ntp_ext.h" +#include "ntp_io.h" +#include "memory.h" +#include "quantiles.h" +#include "sched.h" +#include "reference.h" +#include "local.h" +#include "samplefilt.h" +#include "smooth.h" +#include "sources.h" +#include "util.h" +#include "conf.h" +#include "logging.h" +#include "addrfilt.h" +#include "clientlog.h" + +/* ================================================== */ + +static LOG_FileID logfileid; +static int log_raw_measurements; + +/* ================================================== */ +/* Enumeration used for remembering the operating mode of one of the + sources */ + +typedef enum { + MD_OFFLINE, /* No sampling at all */ + MD_ONLINE, /* Normal sampling based on sampling interval */ + MD_BURST_WAS_OFFLINE, /* Burst sampling, return to offline afterwards */ + MD_BURST_WAS_ONLINE, /* Burst sampling, return to online afterwards */ +} OperatingMode; + +/* ================================================== */ +/* Structure used for holding a single peer/server's + protocol machine */ + +struct NCR_Instance_Record { + NTP_Remote_Address remote_addr; /* Needed for routing transmit packets */ + NTP_Local_Address local_addr; /* Local address/socket used to send packets */ + NTP_Mode mode; /* The source's NTP mode + (client/server or symmetric active peer) */ + int interleaved; /* Boolean enabling interleaved NTP mode */ + OperatingMode opmode; /* Whether we are sampling this source + or not and in what way */ + SCH_TimeoutID rx_timeout_id; /* Timeout ID for latest received response */ + SCH_TimeoutID tx_timeout_id; /* Timeout ID for next transmission */ + int tx_suspended; /* Boolean indicating we can't transmit yet */ + + int auto_iburst; /* If 1, initiate a burst when going online */ + int auto_burst; /* If 1, initiate a burst on each poll */ + int auto_offline; /* If 1, automatically go offline when requests + cannot be sent */ + + int local_poll; /* Log2 of polling interval at our end */ + int remote_poll; /* Log2 of server/peer's polling interval (recovered + from received packets) */ + int remote_stratum; /* Stratum of the server/peer (recovered from + received packets) */ + double remote_root_delay; /* Root delay from last valid packet */ + double remote_root_dispersion;/* Root dispersion from last valid packet */ + + int presend_minpoll; /* If the current polling interval is + at least this, an extra client packet + will be send some time before normal + transmit. This ensures that both + us and the server/peer have an ARP + entry for each other ready, which + means our measurement is not + botched by an ARP round-trip on one + side or the other. */ + + int presend_done; /* The presend packet has been sent */ + + int minpoll; /* Log2 of minimum defined polling interval */ + int maxpoll; /* Log2 of maximum defined polling interval */ + + int min_stratum; /* Increase stratum in received packets to the + minimum */ + + int copy; /* Boolean suppressing own refid and stratum */ + + int poll_target; /* Target number of sourcestats samples */ + + int version; /* Version set in packets for server/peer */ + + double poll_score; /* Score of current local poll */ + + double max_delay; /* Maximum round-trip delay to the + peer that we can tolerate and still + use the sample for generating + statistics from */ + + double max_delay_ratio; /* Largest ratio of delay / + min_delay_in_register that we can + tolerate. */ + + double max_delay_dev_ratio; /* Maximum ratio of increase in delay / stddev */ + + double offset_correction; /* Correction applied to measured offset + (e.g. for asymmetry in network delay) */ + + int ext_field_flags; /* Enabled extension fields */ + + uint32_t remote_mono_epoch; /* ID of the source's monotonic scale */ + double mono_doffset; /* Accumulated offset between source's + real-time and monotonic scales */ + + NAU_Instance auth; /* Authentication */ + + /* Count of transmitted packets since last valid response */ + unsigned int tx_count; + + /* Flag indicating a valid response was received since last request */ + int valid_rx; + + /* Flag indicating the timestamps below are from a valid packet and may + be used for synchronisation */ + int valid_timestamps; + + /* Receive and transmit timestamps from the last valid response */ + NTP_int64 remote_ntp_monorx; + NTP_int64 remote_ntp_rx; + NTP_int64 remote_ntp_tx; + + /* Local timestamp when the last valid response was received from the + source. We have to be prepared to tinker with this if the local + clock has its frequency adjusted before we repond. The value we + store here is what our own local time was when the same arrived. + Before replying, we have to correct this to fit with the + parameters for the current reference. (It must be stored + relative to local time to permit frequency and offset adjustments + to be made when we trim the local clock). */ + NTP_int64 local_ntp_rx; + NTP_Local_Timestamp local_rx; + + /* Local timestamp when we last transmitted a packet to the source. + We store two versions. The first is in NTP format, and is used + to validate the next received packet from the source. + Additionally, this is corrected to bring it into line with the + current reference. The second is in timespec format, and is kept + relative to the local clock. We modify this in accordance with + local clock frequency/offset changes, and use this for computing + statistics about the source when a return packet arrives. */ + NTP_int64 local_ntp_tx; + NTP_Local_Timestamp local_tx; + + /* Previous values of some variables needed in interleaved mode */ + NTP_Local_Timestamp prev_local_tx; + int prev_local_poll; + unsigned int prev_tx_count; + + /* Flag indicating the two timestamps below were updated since the + last transmission */ + int updated_init_timestamps; + + /* Timestamps used for (re)starting the symmetric protocol, when we + need to respond to a packet which is not a valid response */ + NTP_int64 init_remote_ntp_tx; + NTP_Local_Timestamp init_local_rx; + + /* The instance record in the main source management module. This + performs the statistical analysis on the samples we generate */ + + SRC_Instance source; + + /* Optional long-term quantile estimate of peer delay */ + QNT_Instance delay_quant; + + /* Optional median filter for NTP measurements */ + SPF_Instance filter; + int filter_count; + + int burst_good_samples_to_go; + int burst_total_samples_to_go; + + /* Report from last valid response */ + RPT_NTPReport report; +}; + +typedef struct { + NTP_Remote_Address addr; + NTP_Local_Address local_addr; + NAU_Instance auth; + int interval; +} BroadcastDestination; + +/* Array of BroadcastDestination */ +static ARR_Instance broadcasts; + +/* ================================================== */ +/* Initial delay period before first packet is transmitted (in seconds) */ +#define INITIAL_DELAY 0.2 + +/* Spacing required between samples for any two servers/peers (to + minimise risk of network collisions) (in seconds) */ +#define MIN_SAMPLING_SEPARATION 0.002 +#define MAX_SAMPLING_SEPARATION 0.2 + +/* Randomness added to spacing between samples for one server/peer */ +#define SAMPLING_RANDOMNESS 0.02 + +/* Adjustment of the peer polling interval */ +#define PEER_SAMPLING_ADJ 1.1 + +/* Maximum spacing between samples in the burst mode as an absolute + value and ratio to the normal polling interval */ +#define MAX_BURST_INTERVAL 2.0 +#define MAX_BURST_POLL_RATIO 0.25 + +/* Number of samples in initial burst */ +#define IBURST_GOOD_SAMPLES 4 +#define IBURST_TOTAL_SAMPLES SOURCE_REACH_BITS + +/* Number of samples in automatic burst */ +#define BURST_GOOD_SAMPLES 1 +#define MAX_BURST_TOTAL_SAMPLES 4 + +/* Time to wait after sending packet to 'warm up' link */ +#define WARM_UP_DELAY 2.0 + +/* Compatible NTP protocol versions */ +#define NTP_MAX_COMPAT_VERSION NTP_VERSION +#define NTP_MIN_COMPAT_VERSION 1 + +/* Maximum allowed dispersion - as defined in RFC 5905 (16 seconds) */ +#define NTP_MAX_DISPERSION 16.0 + +/* Maximum allowed time for server to process client packet */ +#define MAX_SERVER_INTERVAL 4.0 + +/* Maximum acceptable delay in transmission for timestamp correction */ +#define MAX_TX_DELAY 1.0 + +/* Maximum allowed values of maxdelay parameters */ +#define MAX_MAXDELAY 1.0e3 +#define MAX_MAXDELAYRATIO 1.0e6 +#define MAX_MAXDELAYDEVRATIO 1.0e6 + +/* Parameters for the peer delay quantile */ +#define DELAY_QUANT_Q 100 +#define DELAY_QUANT_REPEAT 7 + +/* Minimum and maximum allowed poll interval */ +#define MIN_POLL -7 +#define MAX_POLL 24 + +/* Enable sub-second polling intervals only when the peer delay is not + longer than 10 milliseconds to restrict them to local networks */ +#define MIN_NONLAN_POLL 0 +#define MAX_LAN_PEER_DELAY 0.01 + +/* Kiss-o'-Death codes */ +#define KOD_RATE 0x52415445UL /* RATE */ + +/* Maximum poll interval set by KoD RATE */ +#define MAX_KOD_RATE_POLL SRC_DEFAULT_MAXPOLL + +/* Maximum number of missed responses to accept samples using old timestamps + in the interleaved client/server mode */ +#define MAX_CLIENT_INTERLEAVED_TX 4 + +/* Maximum ratio of local intervals in the timestamp selection of the + interleaved mode to prefer a sample using previous timestamps */ +#define MAX_INTERLEAVED_L2L_RATIO 0.1 + +/* Maximum acceptable change in server mono<->real offset */ +#define MAX_MONO_DOFFSET 16.0 + +/* Invalid socket, different from the one in ntp_io.c */ +#define INVALID_SOCK_FD -2 + +/* ================================================== */ + +/* Server IPv4/IPv6 sockets */ +static int server_sock_fd4; +static int server_sock_fd6; + +static ADF_AuthTable access_auth_table; + +/* Current offset between monotonic and cooked time, and its epoch ID + which is reset on clock steps */ +static double server_mono_offset; +static uint32_t server_mono_epoch; + +/* Characters for printing synchronisation status and timestamping source */ +static const char leap_chars[4] = {'N', '+', '-', '?'}; +static const char tss_chars[3] = {'D', 'K', 'H'}; + +/* ================================================== */ +/* Forward prototypes */ + +static void transmit_timeout(void *arg); +static double get_transmit_delay(NCR_Instance inst, int on_tx, double last_tx); +static double get_separation(int poll); +static int parse_packet(NTP_Packet *packet, int length, NTP_PacketInfo *info); +static void process_sample(NCR_Instance inst, NTP_Sample *sample); +static void set_connectivity(NCR_Instance inst, SRC_Connectivity connectivity); + +/* ================================================== */ + +static void +do_size_checks(void) +{ + /* Assertions to check the sizes of certain data types + and the positions of certain record fields */ + + /* Check that certain invariants are true */ + assert(sizeof(NTP_int32) == 4); + assert(sizeof(NTP_int64) == 8); + + /* Check offsets of all fields in the NTP packet format */ + assert(offsetof(NTP_Packet, lvm) == 0); + assert(offsetof(NTP_Packet, stratum) == 1); + assert(offsetof(NTP_Packet, poll) == 2); + assert(offsetof(NTP_Packet, precision) == 3); + assert(offsetof(NTP_Packet, root_delay) == 4); + assert(offsetof(NTP_Packet, root_dispersion) == 8); + assert(offsetof(NTP_Packet, reference_id) == 12); + assert(offsetof(NTP_Packet, reference_ts) == 16); + assert(offsetof(NTP_Packet, originate_ts) == 24); + assert(offsetof(NTP_Packet, receive_ts) == 32); + assert(offsetof(NTP_Packet, transmit_ts) == 40); +} + +/* ================================================== */ + +static void +do_time_checks(void) +{ + struct timespec now; + time_t warning_advance = 3600 * 24 * 365 * 10; /* 10 years */ + +#ifdef HAVE_LONG_TIME_T + /* Check that time before NTP_ERA_SPLIT underflows correctly */ + + struct timespec ts1 = {NTP_ERA_SPLIT, 1}, ts2 = {NTP_ERA_SPLIT - 1, 1}; + NTP_int64 nts1, nts2; + int r; + + UTI_TimespecToNtp64(&ts1, &nts1, NULL); + UTI_TimespecToNtp64(&ts2, &nts2, NULL); + UTI_Ntp64ToTimespec(&nts1, &ts1); + UTI_Ntp64ToTimespec(&nts2, &ts2); + + r = ts1.tv_sec == NTP_ERA_SPLIT && + ts1.tv_sec + (1ULL << 32) - 1 == ts2.tv_sec; + + assert(r); + + LCL_ReadRawTime(&now); + if (ts2.tv_sec - now.tv_sec < warning_advance) + LOG(LOGS_WARN, "Assumed NTP time ends at %s!", UTI_TimeToLogForm(ts2.tv_sec)); +#else + LCL_ReadRawTime(&now); + if (now.tv_sec > 0x7fffffff - warning_advance) + LOG(LOGS_WARN, "System time ends at %s!", UTI_TimeToLogForm(0x7fffffff)); +#endif +} + +/* ================================================== */ + +static void +zero_local_timestamp(NTP_Local_Timestamp *ts) +{ + UTI_ZeroTimespec(&ts->ts); + ts->err = 0.0; + ts->source = NTP_TS_DAEMON; +} + +/* ================================================== */ + +static void +handle_slew(struct timespec *raw, struct timespec *cooked, double dfreq, + double doffset, LCL_ChangeType change_type, void *anything) +{ + if (change_type == LCL_ChangeAdjust) { + server_mono_offset += doffset; + } else { + UTI_GetRandomBytes(&server_mono_epoch, sizeof (server_mono_epoch)); + server_mono_offset = 0.0; + } +} + +/* ================================================== */ + +void +NCR_Initialise(void) +{ + do_size_checks(); + do_time_checks(); + + logfileid = CNF_GetLogMeasurements(&log_raw_measurements) ? LOG_FileOpen("measurements", + " Date (UTC) Time IP Address L St 123 567 ABCD LP RP Score Offset Peer del. Peer disp. Root del. Root disp. Refid MTxRx") + : -1; + + access_auth_table = ADF_CreateTable(); + broadcasts = ARR_CreateInstance(sizeof (BroadcastDestination)); + + /* Server socket will be opened when access is allowed */ + server_sock_fd4 = INVALID_SOCK_FD; + server_sock_fd6 = INVALID_SOCK_FD; + + LCL_AddParameterChangeHandler(handle_slew, NULL); + handle_slew(NULL, NULL, 0.0, 0.0, LCL_ChangeUnknownStep, NULL); +} + +/* ================================================== */ + +void +NCR_Finalise(void) +{ + unsigned int i; + + LCL_RemoveParameterChangeHandler(handle_slew, NULL); + + if (server_sock_fd4 != INVALID_SOCK_FD) + NIO_CloseServerSocket(server_sock_fd4); + if (server_sock_fd6 != INVALID_SOCK_FD) + NIO_CloseServerSocket(server_sock_fd6); + + for (i = 0; i < ARR_GetSize(broadcasts); i++) { + NIO_CloseServerSocket(((BroadcastDestination *)ARR_GetElement(broadcasts, i))->local_addr.sock_fd); + NAU_DestroyInstance(((BroadcastDestination *)ARR_GetElement(broadcasts, i))->auth); + } + + ARR_DestroyInstance(broadcasts); + ADF_DestroyTable(access_auth_table); +} + +/* ================================================== */ + +static void +restart_timeout(NCR_Instance inst, double delay) +{ + /* Check if we can transmit */ + if (inst->tx_suspended) { + assert(!inst->tx_timeout_id); + return; + } + + /* Stop both rx and tx timers if running */ + SCH_RemoveTimeout(inst->rx_timeout_id); + inst->rx_timeout_id = 0; + SCH_RemoveTimeout(inst->tx_timeout_id); + + /* Start new timer for transmission */ + inst->tx_timeout_id = SCH_AddTimeoutInClass(delay, get_separation(inst->local_poll), + SAMPLING_RANDOMNESS, + inst->mode == MODE_CLIENT ? + SCH_NtpClientClass : SCH_NtpPeerClass, + transmit_timeout, (void *)inst); +} + +/* ================================================== */ + +static void +start_initial_timeout(NCR_Instance inst) +{ + double delay, last_tx; + struct timespec now; + + if (!inst->tx_timeout_id) { + /* This will be the first transmission after mode change */ + + /* Mark source active */ + SRC_SetActive(inst->source); + } + + /* In case the offline period was too short, adjust the delay to keep + the interval between packets at least as long as the current polling + interval */ + if (!UTI_IsZeroTimespec(&inst->local_tx.ts)) { + SCH_GetLastEventTime(&now, NULL, NULL); + last_tx = UTI_DiffTimespecsToDouble(&now, &inst->local_tx.ts); + if (last_tx < 0.0) + last_tx = 0.0; + delay = get_transmit_delay(inst, 0, 0.0) - last_tx; + } else { + delay = 0.0; + } + + if (delay < INITIAL_DELAY) + delay = INITIAL_DELAY; + + restart_timeout(inst, delay); +} + +/* ================================================== */ + +static void +close_client_socket(NCR_Instance inst) +{ + if (inst->mode == MODE_CLIENT && inst->local_addr.sock_fd != INVALID_SOCK_FD) { + NIO_CloseClientSocket(inst->local_addr.sock_fd); + inst->local_addr.sock_fd = INVALID_SOCK_FD; + } + + SCH_RemoveTimeout(inst->rx_timeout_id); + inst->rx_timeout_id = 0; +} + +/* ================================================== */ + +static void +take_offline(NCR_Instance inst) +{ + inst->opmode = MD_OFFLINE; + + SCH_RemoveTimeout(inst->tx_timeout_id); + inst->tx_timeout_id = 0; + + /* Mark source unreachable */ + SRC_ResetReachability(inst->source); + + /* And inactive */ + SRC_UnsetActive(inst->source); + + close_client_socket(inst); + + NCR_ResetInstance(inst); +} + +/* ================================================== */ + +static void +reset_report(NCR_Instance inst) +{ + memset(&inst->report, 0, sizeof (inst->report)); + inst->report.remote_addr = inst->remote_addr.ip_addr; + inst->report.remote_port = inst->remote_addr.port; +} + +/* ================================================== */ + +NCR_Instance +NCR_CreateInstance(NTP_Remote_Address *remote_addr, NTP_Source_Type type, + SourceParameters *params, const char *name) +{ + NCR_Instance result; + + result = MallocNew(struct NCR_Instance_Record); + + result->remote_addr = *remote_addr; + result->local_addr.ip_addr.family = IPADDR_UNSPEC; + result->local_addr.if_index = INVALID_IF_INDEX; + + switch (type) { + case NTP_SERVER: + /* Client socket will be obtained when sending request */ + result->local_addr.sock_fd = INVALID_SOCK_FD; + result->mode = MODE_CLIENT; + break; + case NTP_PEER: + result->local_addr.sock_fd = NIO_OpenServerSocket(remote_addr); + result->mode = MODE_ACTIVE; + break; + default: + assert(0); + } + + result->interleaved = params->interleaved; + + result->minpoll = params->minpoll; + if (result->minpoll < MIN_POLL) + result->minpoll = SRC_DEFAULT_MINPOLL; + else if (result->minpoll > MAX_POLL) + result->minpoll = MAX_POLL; + + result->maxpoll = params->maxpoll; + if (result->maxpoll < MIN_POLL) + result->maxpoll = SRC_DEFAULT_MAXPOLL; + else if (result->maxpoll > MAX_POLL) + result->maxpoll = MAX_POLL; + if (result->maxpoll < result->minpoll) + result->maxpoll = result->minpoll; + + result->min_stratum = params->min_stratum; + if (result->min_stratum >= NTP_MAX_STRATUM) + result->min_stratum = NTP_MAX_STRATUM - 1; + + /* Presend doesn't work in symmetric mode */ + result->presend_minpoll = params->presend_minpoll; + if (result->presend_minpoll <= MAX_POLL && result->mode != MODE_CLIENT) + result->presend_minpoll = MAX_POLL + 1; + + result->max_delay = CLAMP(0.0, params->max_delay, MAX_MAXDELAY); + result->max_delay_ratio = CLAMP(0.0, params->max_delay_ratio, MAX_MAXDELAYRATIO); + result->max_delay_dev_ratio = CLAMP(0.0, params->max_delay_dev_ratio, MAX_MAXDELAYDEVRATIO); + result->offset_correction = params->offset; + result->auto_iburst = params->iburst; + result->auto_burst = params->burst; + result->auto_offline = params->auto_offline; + result->copy = params->copy && result->mode == MODE_CLIENT; + result->poll_target = params->poll_target; + result->ext_field_flags = params->ext_fields; + + if (params->nts) { + IPSockAddr nts_address; + + if (result->mode == MODE_ACTIVE) + LOG(LOGS_WARN, "NTS not supported with peers"); + + nts_address.ip_addr = remote_addr->ip_addr; + nts_address.port = params->nts_port; + + result->auth = NAU_CreateNtsInstance(&nts_address, name, params->cert_set, + result->remote_addr.port); + } else if (params->authkey != INACTIVE_AUTHKEY) { + result->auth = NAU_CreateSymmetricInstance(params->authkey); + } else { + result->auth = NAU_CreateNoneInstance(); + } + + if (result->ext_field_flags || result->interleaved) + result->version = NTP_VERSION; + else + result->version = NAU_GetSuggestedNtpVersion(result->auth); + + if (params->version) + result->version = CLAMP(NTP_MIN_COMPAT_VERSION, params->version, NTP_VERSION); + + /* Create a source instance for this NTP source */ + result->source = SRC_CreateNewInstance(UTI_IPToRefid(&remote_addr->ip_addr), + SRC_NTP, NAU_IsAuthEnabled(result->auth), + params->sel_options, &result->remote_addr.ip_addr, + params->min_samples, params->max_samples, + params->min_delay, params->asymmetry); + + if (params->max_delay_quant > 0.0) { + int k = round(CLAMP(0.05, params->max_delay_quant, 0.95) * DELAY_QUANT_Q); + result->delay_quant = QNT_CreateInstance(k, k, DELAY_QUANT_Q, DELAY_QUANT_REPEAT, + LCL_GetSysPrecisionAsQuantum() / 2.0); + } else { + result->delay_quant = NULL; + } + + if (params->filter_length >= 1) + result->filter = SPF_CreateInstance(1, params->filter_length, NTP_MAX_DISPERSION, 0.0); + else + result->filter = NULL; + + result->rx_timeout_id = 0; + result->tx_timeout_id = 0; + result->tx_suspended = 1; + result->opmode = MD_OFFLINE; + result->local_poll = MAX(result->minpoll, MIN_NONLAN_POLL); + result->poll_score = 0.0; + zero_local_timestamp(&result->local_tx); + result->burst_good_samples_to_go = 0; + result->burst_total_samples_to_go = 0; + + NCR_ResetInstance(result); + + set_connectivity(result, params->connectivity); + + reset_report(result); + + return result; +} + +/* ================================================== */ + +/* Destroy an instance */ +void +NCR_DestroyInstance(NCR_Instance instance) +{ + if (instance->opmode != MD_OFFLINE) + take_offline(instance); + + if (instance->mode == MODE_ACTIVE) + NIO_CloseServerSocket(instance->local_addr.sock_fd); + + if (instance->delay_quant) + QNT_DestroyInstance(instance->delay_quant); + if (instance->filter) + SPF_DestroyInstance(instance->filter); + + NAU_DestroyInstance(instance->auth); + + /* This will destroy the source instance inside the + structure, which will cause reselection if this was the + synchronising source etc. */ + SRC_DestroyInstance(instance->source); + + /* Free the data structure */ + Free(instance); +} + +/* ================================================== */ + +void +NCR_StartInstance(NCR_Instance instance) +{ + instance->tx_suspended = 0; + if (instance->opmode != MD_OFFLINE) + start_initial_timeout(instance); +} + +/* ================================================== */ + +void +NCR_ResetInstance(NCR_Instance instance) +{ + instance->tx_count = 0; + instance->presend_done = 0; + + instance->remote_poll = 0; + instance->remote_stratum = 0; + instance->remote_root_delay = 0.0; + instance->remote_root_dispersion = 0.0; + instance->remote_mono_epoch = 0; + instance->mono_doffset = 0.0; + + instance->valid_rx = 0; + instance->valid_timestamps = 0; + UTI_ZeroNtp64(&instance->remote_ntp_monorx); + UTI_ZeroNtp64(&instance->remote_ntp_rx); + UTI_ZeroNtp64(&instance->remote_ntp_tx); + UTI_ZeroNtp64(&instance->local_ntp_rx); + UTI_ZeroNtp64(&instance->local_ntp_tx); + zero_local_timestamp(&instance->local_rx); + + zero_local_timestamp(&instance->prev_local_tx); + instance->prev_local_poll = 0; + instance->prev_tx_count = 0; + + instance->updated_init_timestamps = 0; + UTI_ZeroNtp64(&instance->init_remote_ntp_tx); + zero_local_timestamp(&instance->init_local_rx); + + if (instance->delay_quant) + QNT_Reset(instance->delay_quant); + if (instance->filter) + SPF_DropSamples(instance->filter); + instance->filter_count = 0; +} + +/* ================================================== */ + +void +NCR_ResetPoll(NCR_Instance instance) +{ + if (instance->local_poll != instance->minpoll) { + instance->local_poll = instance->minpoll; + + /* The timer was set with a longer poll interval, restart it */ + if (instance->tx_timeout_id) + restart_timeout(instance, get_transmit_delay(instance, 0, 0.0)); + } +} + +/* ================================================== */ + +void +NCR_ChangeRemoteAddress(NCR_Instance inst, NTP_Remote_Address *remote_addr, int ntp_only) +{ + NCR_ResetInstance(inst); + + if (!ntp_only) + NAU_ChangeAddress(inst->auth, &remote_addr->ip_addr); + + inst->remote_addr = *remote_addr; + + if (inst->mode == MODE_CLIENT) + close_client_socket(inst); + else { + NIO_CloseServerSocket(inst->local_addr.sock_fd); + inst->local_addr.ip_addr.family = IPADDR_UNSPEC; + inst->local_addr.if_index = INVALID_IF_INDEX; + inst->local_addr.sock_fd = NIO_OpenServerSocket(remote_addr); + } + + /* Update the reference ID and reset the source/sourcestats instances */ + SRC_SetRefid(inst->source, UTI_IPToRefid(&remote_addr->ip_addr), + &inst->remote_addr.ip_addr); + SRC_ResetInstance(inst->source); + + reset_report(inst); +} + +/* ================================================== */ + +static void +adjust_poll(NCR_Instance inst, double adj) +{ + NTP_Sample last_sample; + + inst->poll_score += adj; + + if (inst->poll_score >= 1.0) { + inst->local_poll += (int)inst->poll_score; + inst->poll_score -= (int)inst->poll_score; + } + + if (inst->poll_score < 0.0) { + inst->local_poll += (int)(inst->poll_score - 1.0); + inst->poll_score -= (int)(inst->poll_score - 1.0); + } + + /* Clamp polling interval to defined range */ + if (inst->local_poll < inst->minpoll) { + inst->local_poll = inst->minpoll; + inst->poll_score = 0; + } else if (inst->local_poll > inst->maxpoll) { + inst->local_poll = inst->maxpoll; + inst->poll_score = 1.0; + } + + /* Don't allow a sub-second polling interval if the source is not reachable + or it is not in a local network according to the measured delay */ + if (inst->local_poll < MIN_NONLAN_POLL && + (!SRC_IsReachable(inst->source) || + (SST_MinRoundTripDelay(SRC_GetSourcestats(inst->source)) > MAX_LAN_PEER_DELAY && + (!inst->filter || !SPF_GetLastSample(inst->filter, &last_sample) || + last_sample.peer_delay > MAX_LAN_PEER_DELAY)))) + inst->local_poll = MIN_NONLAN_POLL; +} + +/* ================================================== */ + +static double +get_poll_adj(NCR_Instance inst, double error_in_estimate, double peer_distance) +{ + double poll_adj; + int samples; + + if (error_in_estimate > peer_distance) { + /* If the prediction is not even within +/- the peer distance of the peer, + we are clearly not tracking the peer at all well, so we back off the + sampling rate depending on just how bad the situation is */ + poll_adj = -log(error_in_estimate / peer_distance) / log(2.0); + } else { + samples = SST_Samples(SRC_GetSourcestats(inst->source)); + + /* Adjust polling interval so that the number of sourcestats samples + remains close to the target value */ + poll_adj = ((double)samples / inst->poll_target - 1.0) / inst->poll_target; + + /* Make interval shortening quicker */ + if (samples < inst->poll_target) { + poll_adj *= 2.0; + } + } + + return poll_adj; +} + +/* ================================================== */ + +static int +get_transmit_poll(NCR_Instance inst) +{ + int poll; + + poll = inst->local_poll; + + /* In symmetric mode, if the peer is responding, use shorter of the local + and remote poll interval, but not shorter than the minimum */ + if (inst->mode == MODE_ACTIVE && poll > inst->remote_poll && + SRC_IsReachable(inst->source)) + poll = MAX(inst->remote_poll, inst->minpoll); + + return poll; +} + +/* ================================================== */ + +static double +get_transmit_delay(NCR_Instance inst, int on_tx, double last_tx) +{ + int poll_to_use, stratum_diff; + double delay_time; + + /* If we're in burst mode, queue for immediate dispatch. + + If we're operating in client/server mode, queue the timeout for + the poll interval hence. The fact that a timeout has been queued + in the transmit handler is immaterial - that is only done so that + we at least send something, if no reply is heard. + + If we're in symmetric mode, we have to take account of the peer's + wishes, otherwise his sampling regime will fall to pieces. If + we're in client/server mode, we don't care what poll interval the + server responded with last time. */ + + poll_to_use = get_transmit_poll(inst); + delay_time = UTI_Log2ToDouble(poll_to_use); + + switch (inst->opmode) { + case MD_OFFLINE: + assert(0); + break; + case MD_ONLINE: + switch(inst->mode) { + case MODE_CLIENT: + if (inst->presend_done) + delay_time = WARM_UP_DELAY; + break; + + case MODE_ACTIVE: + /* If the remote stratum is higher than ours, wait a bit for the next + packet before responding in order to minimize the delay of the + measurement and its error for the peer which has higher stratum. + If the remote stratum is equal to ours, try to interleave packets + evenly with the peer. */ + stratum_diff = inst->remote_stratum - REF_GetOurStratum(); + if ((stratum_diff > 0 && last_tx * PEER_SAMPLING_ADJ < delay_time) || + (!on_tx && !stratum_diff && + last_tx / delay_time > PEER_SAMPLING_ADJ - 0.5)) + delay_time *= PEER_SAMPLING_ADJ; + + /* Substract the already spend time */ + if (last_tx > 0.0) + delay_time -= last_tx; + if (delay_time < 0.0) + delay_time = 0.0; + + break; + default: + assert(0); + break; + } + break; + + case MD_BURST_WAS_ONLINE: + case MD_BURST_WAS_OFFLINE: + /* Burst modes */ + delay_time = MIN(MAX_BURST_INTERVAL, MAX_BURST_POLL_RATIO * delay_time); + break; + default: + assert(0); + break; + } + + return delay_time; +} + +/* ================================================== */ +/* Calculate sampling separation for given polling interval */ + +static double +get_separation(int poll) +{ + double separation; + + assert(poll >= MIN_POLL && poll <= MAX_POLL); + + /* Allow up to 8 sources using the same short interval to not be limited + by the separation */ + separation = UTI_Log2ToDouble(poll - 3); + + return CLAMP(MIN_SAMPLING_SEPARATION, separation, MAX_SAMPLING_SEPARATION); +} + +/* ================================================== */ +/* Timeout handler for closing the client socket when no acceptable + reply can be received from the server */ + +static void +receive_timeout(void *arg) +{ + NCR_Instance inst = (NCR_Instance)arg; + + DEBUG_LOG("Receive timeout for %s", UTI_IPSockAddrToString(&inst->remote_addr)); + + inst->rx_timeout_id = 0; + close_client_socket(inst); +} + +/* ================================================== */ + +static int +add_ext_exp1(NTP_Packet *message, NTP_PacketInfo *info, struct timespec *rx, + double root_delay, double root_dispersion) +{ + struct timespec mono_rx; + NTP_ExtFieldExp1 exp1; + NTP_int64 ts_fuzz; + + memset(&exp1, 0, sizeof (exp1)); + exp1.magic = htonl(NTP_EF_EXP1_MAGIC); + + if (info->mode != MODE_CLIENT) { + exp1.root_delay = UTI_DoubleToNtp32f28(root_delay); + exp1.root_dispersion = UTI_DoubleToNtp32f28(root_dispersion); + if (rx) + UTI_AddDoubleToTimespec(rx, server_mono_offset, &mono_rx); + else + UTI_ZeroTimespec(&mono_rx); + UTI_GetNtp64Fuzz(&ts_fuzz, message->precision); + UTI_TimespecToNtp64(&mono_rx, &exp1.mono_receive_ts, &ts_fuzz); + exp1.mono_epoch = htonl(server_mono_epoch); + } + + if (!NEF_AddField(message, info, NTP_EF_EXP1, &exp1, sizeof (exp1))) { + DEBUG_LOG("Could not add EF"); + return 0; + } + + info->ext_field_flags |= NTP_EF_FLAG_EXP1; + + return 1; +} + +/* ================================================== */ + +static int +transmit_packet(NTP_Mode my_mode, /* The mode this machine wants to be */ + int interleaved, /* Flag enabling interleaved mode */ + int my_poll, /* The log2 of the local poll interval */ + int version, /* The NTP version to be set in the packet */ + uint32_t kod, /* KoD code - 0 disabled */ + int ext_field_flags, /* Extension fields to be included in the packet */ + NAU_Instance auth, /* The authentication to be used for the packet */ + NTP_int64 *remote_ntp_rx, /* The receive timestamp from received packet */ + NTP_int64 *remote_ntp_tx, /* The transmit timestamp from received packet */ + NTP_Local_Timestamp *local_rx, /* The RX time of the received packet */ + NTP_Local_Timestamp *local_tx, /* The TX time of the previous packet + RESULT : TX time of this packet */ + NTP_int64 *local_ntp_rx, /* The receive timestamp from the previous packet + RESULT : receive timestamp from this packet */ + NTP_int64 *local_ntp_tx, /* The transmit timestamp from the previous packet + RESULT : transmit timestamp from this packet */ + NTP_Remote_Address *where_to, /* Where to address the reponse to */ + NTP_Local_Address *from, /* From what address to send it */ + NTP_Packet *request, /* The received packet if responding */ + NTP_PacketInfo *request_info /* and its info */ + ) +{ + NTP_PacketInfo info; + NTP_Packet message; + struct timespec local_receive, local_transmit; + double smooth_offset, local_transmit_err; + int ret, precision; + NTP_int64 ts_fuzz; + + /* Parameters read from reference module */ + int are_we_synchronised, our_stratum, smooth_time; + NTP_Leap leap_status; + uint32_t our_ref_id; + struct timespec our_ref_time; + double our_root_delay, our_root_dispersion; + + assert(auth || (request && request_info)); + + /* Don't reply with version higher than ours */ + if (version > NTP_VERSION) { + version = NTP_VERSION; + } + + /* Check if the packet can be formed in the interleaved mode */ + if (interleaved && (!remote_ntp_rx || !local_tx || UTI_IsZeroTimespec(&local_tx->ts))) + interleaved = 0; + + smooth_time = 0; + smooth_offset = 0.0; + + /* Get an initial transmit timestamp. A more accurate timestamp will be + taken later in this function. */ + SCH_GetLastEventTime(&local_transmit, NULL, NULL); + + if (my_mode == MODE_CLIENT) { + /* Don't reveal local time or state of the clock in client packets */ + precision = 32; + leap_status = our_stratum = our_ref_id = 0; + our_root_delay = our_root_dispersion = 0.0; + UTI_ZeroTimespec(&our_ref_time); + } else { + REF_GetReferenceParams(&local_transmit, + &are_we_synchronised, &leap_status, + &our_stratum, + &our_ref_id, &our_ref_time, + &our_root_delay, &our_root_dispersion); + + /* Get current smoothing offset when sending packet to a client */ + if (SMT_IsEnabled() && (my_mode == MODE_SERVER || my_mode == MODE_BROADCAST)) { + smooth_offset = SMT_GetOffset(&local_transmit); + smooth_time = fabs(smooth_offset) > LCL_GetSysPrecisionAsQuantum(); + + /* Suppress leap second when smoothing and slew mode are enabled */ + if (REF_GetLeapMode() == REF_LeapModeSlew && + (leap_status == LEAP_InsertSecond || leap_status == LEAP_DeleteSecond)) + leap_status = LEAP_Normal; + } + + precision = LCL_GetSysPrecisionAsLog(); + } + + if (smooth_time && !UTI_IsZeroTimespec(&local_rx->ts)) { + our_ref_id = NTP_REFID_SMOOTH; + UTI_AddDoubleToTimespec(&our_ref_time, smooth_offset, &our_ref_time); + UTI_AddDoubleToTimespec(&local_rx->ts, smooth_offset, &local_receive); + } else { + local_receive = local_rx->ts; + } + + if (kod != 0) { + leap_status = LEAP_Unsynchronised; + our_stratum = NTP_INVALID_STRATUM; + our_ref_id = kod; + } + + /* Generate transmit packet */ + message.lvm = NTP_LVM(leap_status, version, my_mode); + /* Stratum 16 and larger are invalid */ + if (our_stratum < NTP_MAX_STRATUM) { + message.stratum = our_stratum; + } else { + message.stratum = NTP_INVALID_STRATUM; + } + + message.poll = my_poll; + message.precision = precision; + message.root_delay = UTI_DoubleToNtp32(our_root_delay); + message.root_dispersion = UTI_DoubleToNtp32(our_root_dispersion); + message.reference_id = htonl(our_ref_id); + + /* Now fill in timestamps */ + + UTI_TimespecToNtp64(&our_ref_time, &message.reference_ts, NULL); + + /* Don't reveal timestamps which are not necessary for the protocol */ + + if (my_mode != MODE_CLIENT || interleaved) { + /* Originate - this comes from the last packet the source sent us */ + message.originate_ts = interleaved ? *remote_ntp_rx : *remote_ntp_tx; + + do { + /* Prepare random bits which will be added to the receive timestamp */ + UTI_GetNtp64Fuzz(&ts_fuzz, precision); + + /* Receive - this is when we received the last packet from the source. + This timestamp will have been adjusted so that it will now look to + the source like we have been running on our latest estimate of + frequency all along */ + UTI_TimespecToNtp64(&local_receive, &message.receive_ts, &ts_fuzz); + + /* Do not send a packet with a non-zero receive timestamp equal to the + originate timestamp or previous receive timestamp */ + } while (!UTI_IsZeroNtp64(&message.receive_ts) && + UTI_IsEqualAnyNtp64(&message.receive_ts, &message.originate_ts, + local_ntp_rx, NULL)); + } else { + UTI_ZeroNtp64(&message.originate_ts); + UTI_ZeroNtp64(&message.receive_ts); + } + + if (!parse_packet(&message, NTP_HEADER_LENGTH, &info)) + return 0; + + if (ext_field_flags) { + if (ext_field_flags & NTP_EF_FLAG_EXP1) { + if (!add_ext_exp1(&message, &info, smooth_time ? NULL : &local_receive, + our_root_delay, our_root_dispersion)) + return 0; + } + } + + do { + /* Prepare random bits which will be added to the transmit timestamp */ + UTI_GetNtp64Fuzz(&ts_fuzz, precision); + + /* Get a more accurate transmit timestamp if it needs to be saved in the + packet (i.e. in the server, symmetric, and broadcast basic modes) */ + if (!interleaved && precision < 32) { + LCL_ReadCookedTime(&local_transmit, &local_transmit_err); + if (smooth_time) + UTI_AddDoubleToTimespec(&local_transmit, smooth_offset, &local_transmit); + } + + UTI_TimespecToNtp64(interleaved ? &local_tx->ts : &local_transmit, + &message.transmit_ts, &ts_fuzz); + + /* Do not send a packet with a non-zero transmit timestamp which is + equal to any of the following timestamps: + - receive (to allow reliable detection of the interleaved mode) + - originate (to prevent the packet from being its own valid response + in the symmetric mode) + - previous transmit (to invalidate responses to the previous packet) + (the precision must be at least -30 to prevent an infinite loop!) */ + } while (!UTI_IsZeroNtp64(&message.transmit_ts) && + UTI_IsEqualAnyNtp64(&message.transmit_ts, &message.receive_ts, + &message.originate_ts, local_ntp_tx)); + + /* Encode in server timestamps a flag indicating RX timestamp to avoid + saving all RX timestamps for detection of interleaved requests */ + if (my_mode == MODE_SERVER || my_mode == MODE_PASSIVE) { + message.receive_ts.lo |= htonl(1); + message.transmit_ts.lo &= ~htonl(1); + } + + /* Generate the authentication data */ + if (auth) { + if (!NAU_GenerateRequestAuth(auth, &message, &info)) { + DEBUG_LOG("Could not generate request auth"); + return 0; + } + } else { + if (!NAU_GenerateResponseAuth(request, request_info, &message, &info, + where_to, from, kod)) { + DEBUG_LOG("Could not generate response auth"); + return 0; + } + } + + if (request_info && request_info->length < info.length) { + DEBUG_LOG("Response longer than request req_len=%d res_len=%d", + request_info->length, info.length); + return 0; + } + + /* If the transmit timestamp will be saved, get an even more + accurate daemon timestamp closer to the transmission */ + if (local_tx) + LCL_ReadCookedTime(&local_transmit, &local_transmit_err); + + ret = NIO_SendPacket(&message, where_to, from, info.length, local_tx != NULL); + + if (local_tx) { + if (smooth_time) + UTI_AddDoubleToTimespec(&local_transmit, smooth_offset, &local_transmit); + local_tx->ts = local_transmit; + local_tx->err = local_transmit_err; + local_tx->source = NTP_TS_DAEMON; + } + + if (local_ntp_rx) + *local_ntp_rx = message.receive_ts; + if (local_ntp_tx) + *local_ntp_tx = message.transmit_ts; + + return ret; +} + +/* ================================================== */ +/* Timeout handler for transmitting to a source. */ + +static void +transmit_timeout(void *arg) +{ + NCR_Instance inst = (NCR_Instance) arg; + NTP_Local_Address local_addr; + int interleaved, initial, sent; + + inst->tx_timeout_id = 0; + + switch (inst->opmode) { + case MD_BURST_WAS_ONLINE: + /* With online burst switch to online before last packet */ + if (inst->burst_total_samples_to_go <= 1) + inst->opmode = MD_ONLINE; + break; + case MD_BURST_WAS_OFFLINE: + if (inst->burst_total_samples_to_go <= 0) + take_offline(inst); + break; + case MD_ONLINE: + /* Start a new burst if the burst option is enabled and the average + polling interval including the burst will not fall below the + minimum polling interval */ + if (inst->auto_burst && inst->local_poll > inst->minpoll) + NCR_InitiateSampleBurst(inst, BURST_GOOD_SAMPLES, + MIN(1 << (inst->local_poll - inst->minpoll), + MAX_BURST_TOTAL_SAMPLES)); + break; + default: + break; + } + + if (inst->opmode == MD_OFFLINE) { + return; + } + + DEBUG_LOG("Transmit timeout for %s", UTI_IPSockAddrToString(&inst->remote_addr)); + + /* Prepare authentication */ + if (!NAU_PrepareRequestAuth(inst->auth)) { + if (inst->burst_total_samples_to_go > 0) + inst->burst_total_samples_to_go--; + adjust_poll(inst, 0.25); + SRC_UpdateReachability(inst->source, 0); + restart_timeout(inst, get_transmit_delay(inst, 1, 0.0)); + return; + } + + /* Open new client socket */ + if (inst->mode == MODE_CLIENT) { + close_client_socket(inst); + assert(inst->local_addr.sock_fd == INVALID_SOCK_FD); + inst->local_addr.sock_fd = NIO_OpenClientSocket(&inst->remote_addr); + } + + /* Don't require the packet to be sent from the same address as before */ + local_addr.ip_addr.family = IPADDR_UNSPEC; + local_addr.if_index = INVALID_IF_INDEX; + local_addr.sock_fd = inst->local_addr.sock_fd; + + /* In symmetric mode, don't send a packet in interleaved mode unless it + is the first response to the last valid request received from the peer + and there was just one response to the previous valid request. This + prevents the peer from matching the transmit timestamp with an older + response if it can't detect missed responses. In client mode, which has + at most one response per request, check how many responses are missing to + prevent the server from responding with a very old transmit timestamp. */ + interleaved = inst->interleaved && + ((inst->mode == MODE_CLIENT && + inst->tx_count < MAX_CLIENT_INTERLEAVED_TX) || + (inst->mode == MODE_ACTIVE && + inst->prev_tx_count == 1 && inst->tx_count == 0)); + + /* In symmetric mode, if no valid response was received since the previous + transmission, respond to the last received packet even if it failed some + specific NTP tests. This is necessary for starting and restarting the + protocol, e.g. when a packet was lost. */ + initial = inst->mode == MODE_ACTIVE && !inst->valid_rx && + !UTI_IsZeroNtp64(&inst->init_remote_ntp_tx); + + /* Prepare for the response */ + inst->valid_rx = 0; + inst->updated_init_timestamps = 0; + if (initial) + inst->valid_timestamps = 0; + + /* Check whether we need to 'warm up' the link to the other end by + sending an NTP exchange to ensure both ends' ARP caches are + primed or whether we need to send two packets first to ensure a + server in the interleaved mode has a fresh timestamp for us. */ + if (inst->presend_minpoll <= inst->local_poll && !inst->presend_done && + !inst->burst_total_samples_to_go) { + inst->presend_done = interleaved ? 2 : 1; + } else if (inst->presend_done > 0) { + inst->presend_done--; + } + + /* Send the request (which may also be a response in the symmetric mode) */ + sent = transmit_packet(inst->mode, interleaved, inst->local_poll, inst->version, 0, + inst->ext_field_flags, inst->auth, + initial ? NULL : &inst->remote_ntp_rx, + initial ? &inst->init_remote_ntp_tx : &inst->remote_ntp_tx, + initial ? &inst->init_local_rx : &inst->local_rx, + &inst->local_tx, &inst->local_ntp_rx, &inst->local_ntp_tx, + &inst->remote_addr, &local_addr, NULL, NULL); + + ++inst->tx_count; + if (sent) + inst->report.total_tx_count++; + + /* If the source loses connectivity and our packets are still being sent, + back off the sampling rate to reduce the network traffic. If it's the + source to which we are currently locked, back off slowly. */ + + if (inst->tx_count >= 2) { + /* Implies we have missed at least one transmission */ + + if (sent) { + adjust_poll(inst, SRC_IsSyncPeer(inst->source) ? 0.1 : 0.25); + } + + SRC_UpdateReachability(inst->source, 0); + + /* Count missing samples for the sample filter */ + process_sample(inst, NULL); + } + + /* With auto_offline take the source offline if sending failed */ + if (!sent && inst->auto_offline) + NCR_SetConnectivity(inst, SRC_OFFLINE); + + switch (inst->opmode) { + case MD_BURST_WAS_ONLINE: + /* When not reachable, don't stop online burst until sending succeeds */ + if (!sent && !SRC_IsReachable(inst->source)) + break; + /* Fall through */ + case MD_BURST_WAS_OFFLINE: + --inst->burst_total_samples_to_go; + break; + case MD_OFFLINE: + return; + default: + break; + } + + /* Restart timer for this message */ + restart_timeout(inst, get_transmit_delay(inst, 1, 0.0)); + + /* If a client packet was just sent, schedule a timeout to close the socket + at the time when all server replies would fail the delay test, so the + socket is not open for longer than necessary */ + if (inst->mode == MODE_CLIENT) + inst->rx_timeout_id = SCH_AddTimeoutByDelay(inst->max_delay + MAX_SERVER_INTERVAL, + receive_timeout, (void *)inst); +} + +/* ================================================== */ + +static int +is_zero_data(unsigned char *data, int length) +{ + int i; + + for (i = 0; i < length; i++) + if (data[i] != 0) + return 0; + return 1; +} + +/* ================================================== */ + +static int +parse_packet(NTP_Packet *packet, int length, NTP_PacketInfo *info) +{ + int parsed, remainder, ef_length, ef_type, ef_body_length; + unsigned char *data; + void *ef_body; + + if (length < NTP_HEADER_LENGTH || length % 4U != 0) { + DEBUG_LOG("NTP packet has invalid length %d", length); + return 0; + } + + info->length = length; + info->version = NTP_LVM_TO_VERSION(packet->lvm); + info->mode = NTP_LVM_TO_MODE(packet->lvm); + info->ext_fields = 0; + info->ext_field_flags = 0; + info->auth.mode = NTP_AUTH_NONE; + + if (info->version < NTP_MIN_COMPAT_VERSION || info->version > NTP_MAX_COMPAT_VERSION) { + DEBUG_LOG("NTP packet has invalid version %d", info->version); + return 0; + } + + data = (void *)packet; + parsed = NTP_HEADER_LENGTH; + remainder = info->length - parsed; + + /* Check if this is a plain NTP packet with no extension fields or MAC */ + if (remainder <= 0) + return 1; + + assert(remainder % 4 == 0); + + /* In NTPv3 and older packets don't have extension fields. Anything after + the header is assumed to be a MAC. */ + if (info->version <= 3) { + info->auth.mode = NTP_AUTH_SYMMETRIC; + info->auth.mac.start = parsed; + info->auth.mac.length = remainder; + info->auth.mac.key_id = ntohl(*(uint32_t *)(data + parsed)); + + /* Check if it is an MS-SNTP authenticator field or extended authenticator + field with zeroes as digest */ + if (info->version == 3 && info->auth.mac.key_id != 0) { + if (remainder == 20 && is_zero_data(data + parsed + 4, remainder - 4)) + info->auth.mode = NTP_AUTH_MSSNTP; + else if (remainder == 72 && is_zero_data(data + parsed + 8, remainder - 8)) + info->auth.mode = NTP_AUTH_MSSNTP_EXT; + } + + return 1; + } + + /* Check for a crypto NAK */ + if (remainder == 4 && ntohl(*(uint32_t *)(data + parsed)) == 0) { + info->auth.mode = NTP_AUTH_SYMMETRIC; + info->auth.mac.start = parsed; + info->auth.mac.length = remainder; + info->auth.mac.key_id = 0; + return 1; + } + + /* Parse the rest of the NTPv4 packet */ + + while (remainder > 0) { + /* Check if the remaining data is a MAC */ + if (remainder >= NTP_MIN_MAC_LENGTH && remainder <= NTP_MAX_V4_MAC_LENGTH) + break; + + /* Check if this is a valid NTPv4 extension field and skip it */ + if (!NEF_ParseField(packet, info->length, parsed, + &ef_length, &ef_type, &ef_body, &ef_body_length)) { + DEBUG_LOG("Invalid format"); + return 0; + } + + assert(ef_length > 0 && ef_length % 4 == 0); + + switch (ef_type) { + case NTP_EF_NTS_UNIQUE_IDENTIFIER: + case NTP_EF_NTS_COOKIE: + case NTP_EF_NTS_COOKIE_PLACEHOLDER: + case NTP_EF_NTS_AUTH_AND_EEF: + info->auth.mode = NTP_AUTH_NTS; + break; + case NTP_EF_EXP1: + if (ef_body_length == sizeof (NTP_ExtFieldExp1) && + ntohl(((NTP_ExtFieldExp1 *)ef_body)->magic) == NTP_EF_EXP1_MAGIC) + info->ext_field_flags |= NTP_EF_FLAG_EXP1; + break; + default: + DEBUG_LOG("Unknown extension field type=%x", (unsigned int)ef_type); + } + + info->ext_fields++; + parsed += ef_length; + remainder = info->length - parsed; + } + + if (remainder == 0) { + /* No MAC */ + return 1; + } else if (remainder >= NTP_MIN_MAC_LENGTH) { + info->auth.mode = NTP_AUTH_SYMMETRIC; + info->auth.mac.start = parsed; + info->auth.mac.length = remainder; + info->auth.mac.key_id = ntohl(*(uint32_t *)(data + parsed)); + return 1; + } + + DEBUG_LOG("Invalid format"); + return 0; +} + +/* ================================================== */ + +static int +check_delay_ratio(NCR_Instance inst, SST_Stats stats, + struct timespec *sample_time, double delay) +{ + double last_sample_ago, predicted_offset, min_delay, skew, std_dev; + double max_delay; + + if (inst->max_delay_ratio < 1.0 || + !SST_GetDelayTestData(stats, sample_time, &last_sample_ago, + &predicted_offset, &min_delay, &skew, &std_dev)) + return 1; + + max_delay = min_delay * inst->max_delay_ratio + + last_sample_ago * (skew + LCL_GetMaxClockError()); + + if (delay <= max_delay) + return 1; + + DEBUG_LOG("maxdelayratio: delay=%e max_delay=%e", delay, max_delay); + return 0; +} + +/* ================================================== */ + +static int +check_delay_quant(NCR_Instance inst, double delay) +{ + double quant; + + quant = QNT_GetQuantile(inst->delay_quant, QNT_GetMinK(inst->delay_quant)); + + if (delay <= quant) + return 1; + + DEBUG_LOG("maxdelayquant: delay=%e quant=%e", delay, quant); + return 0; +} + +/* ================================================== */ + +static int +check_delay_dev_ratio(NCR_Instance inst, SST_Stats stats, + struct timespec *sample_time, double offset, double delay) +{ + double last_sample_ago, predicted_offset, min_delay, skew, std_dev; + double delta, max_delta, error_in_estimate; + + if (!SST_GetDelayTestData(stats, sample_time, &last_sample_ago, + &predicted_offset, &min_delay, &skew, &std_dev)) + return 1; + + /* Require that the ratio of the increase in delay from the minimum to the + standard deviation is less than max_delay_dev_ratio. In the allowed + increase in delay include also dispersion. */ + + max_delta = std_dev * inst->max_delay_dev_ratio + + last_sample_ago * (skew + LCL_GetMaxClockError()); + delta = (delay - min_delay) / 2.0; + + if (delta <= max_delta) + return 1; + + error_in_estimate = offset + predicted_offset; + + /* Before we decide to drop the sample, make sure the difference between + measured offset and predicted offset is not significantly larger than + the increase in delay */ + if (fabs(error_in_estimate) - delta > max_delta) + return 1; + + DEBUG_LOG("maxdelaydevratio: error=%e delay=%e delta=%e max_delta=%e", + error_in_estimate, delay, delta, max_delta); + return 0; +} + +/* ================================================== */ + +static int +check_sync_loop(NCR_Instance inst, NTP_Packet *message, NTP_Local_Address *local_addr, + struct timespec *local_ts) +{ + double our_root_delay, our_root_dispersion; + int are_we_synchronised, our_stratum; + struct timespec our_ref_time; + NTP_Leap leap_status; + uint32_t our_ref_id; + + /* Check if a client or peer can be synchronised to us */ + if (!NIO_IsServerSocketOpen() || REF_GetMode() != REF_ModeNormal) + return 1; + + /* Check if the source indicates that it is synchronised to our address + (assuming it uses the same address as the one from which we send requests + to the source) */ + if (message->stratum > 1 && + message->reference_id == htonl(UTI_IPToRefid(&local_addr->ip_addr))) + return 0; + + /* Compare our reference data with the source to make sure it is not us + (e.g. due to a misconfiguration) */ + + REF_GetReferenceParams(local_ts, &are_we_synchronised, &leap_status, &our_stratum, + &our_ref_id, &our_ref_time, &our_root_delay, &our_root_dispersion); + + if (message->stratum == our_stratum && + message->reference_id == htonl(our_ref_id) && + message->root_delay == UTI_DoubleToNtp32(our_root_delay) && + !UTI_IsZeroNtp64(&message->reference_ts)) { + NTP_int64 ntp_ref_time; + + UTI_TimespecToNtp64(&our_ref_time, &ntp_ref_time, NULL); + if (UTI_CompareNtp64(&message->reference_ts, &ntp_ref_time) == 0) { + DEBUG_LOG("Source %s is me", UTI_IPToString(&inst->remote_addr.ip_addr)); + return 0; + } + } + + return 1; +} + +/* ================================================== */ + +static void +process_sample(NCR_Instance inst, NTP_Sample *sample) +{ + double estimated_offset, error_in_estimate; + NTP_Sample filtered_sample; + + /* Accumulate the sample to the median filter if enabled and wait for + the configured number of samples before processing (NULL indicates + a missing sample) */ + if (inst->filter) { + if (sample) + SPF_AccumulateSample(inst->filter, sample); + + if (++inst->filter_count < SPF_GetMaxSamples(inst->filter)) + return; + + if (!SPF_GetFilteredSample(inst->filter, &filtered_sample)) + return; + + sample = &filtered_sample; + inst->filter_count = 0; + } + + if (!sample) + return; + + /* Get the estimated offset predicted from previous samples. The + convention here is that positive means local clock FAST of + reference, i.e. backwards to the way that 'offset' is defined. */ + estimated_offset = SST_PredictOffset(SRC_GetSourcestats(inst->source), &sample->time); + + error_in_estimate = fabs(-sample->offset - estimated_offset); + + if (inst->mono_doffset != 0.0 && fabs(inst->mono_doffset) <= MAX_MONO_DOFFSET) { + DEBUG_LOG("Monotonic correction offset=%.9f", inst->mono_doffset); + SST_CorrectOffset(SRC_GetSourcestats(inst->source), inst->mono_doffset); + } + inst->mono_doffset = 0.0; + + SRC_AccumulateSample(inst->source, sample); + SRC_SelectSource(inst->source); + + adjust_poll(inst, get_poll_adj(inst, error_in_estimate, + sample->peer_dispersion + 0.5 * sample->peer_delay)); +} + +/* ================================================== */ + +static int +process_response(NCR_Instance inst, NTP_Local_Address *local_addr, + NTP_Local_Timestamp *rx_ts, NTP_Packet *message, NTP_PacketInfo *info) +{ + NTP_Sample sample; + SST_Stats stats; + + int pkt_leap, pkt_version; + uint32_t pkt_refid; + double pkt_root_delay; + double pkt_root_dispersion; + + /* The skew and estimated frequency offset relative to the remote source */ + double skew, source_freq_lo, source_freq_hi; + + /* RFC 5905 packet tests */ + int test1, test2n, test2i, test2, test3, test5, test6, test7; + int interleaved_packet, valid_packet, synced_packet; + + /* Additional tests */ + int testA, testB, testC, testD; + int good_packet; + + /* Kiss-o'-Death codes */ + int kod_rate; + + /* Extension fields */ + int parsed, ef_length, ef_type, ef_body_length; + void *ef_body; + NTP_ExtFieldExp1 *ef_exp1; + + NTP_Local_Timestamp local_receive, local_transmit; + double remote_interval, local_interval, response_time; + double delay_time, precision, mono_doffset; + int updated_timestamps; + + /* ==================== */ + + stats = SRC_GetSourcestats(inst->source); + + ef_exp1 = NULL; + + /* Find requested non-authentication extension fields */ + if (inst->ext_field_flags & info->ext_field_flags) { + for (parsed = NTP_HEADER_LENGTH; parsed < info->length; parsed += ef_length) { + if (!NEF_ParseField(message, info->length, parsed, + &ef_length, &ef_type, &ef_body, &ef_body_length)) + break; + + switch (ef_type) { + case NTP_EF_EXP1: + if (inst->ext_field_flags & NTP_EF_FLAG_EXP1 && + ef_body_length == sizeof (*ef_exp1) && + ntohl(((NTP_ExtFieldExp1 *)ef_body)->magic) == NTP_EF_EXP1_MAGIC) + ef_exp1 = ef_body; + break; + } + } + } + + pkt_leap = NTP_LVM_TO_LEAP(message->lvm); + pkt_version = NTP_LVM_TO_VERSION(message->lvm); + pkt_refid = ntohl(message->reference_id); + if (ef_exp1) { + pkt_root_delay = UTI_Ntp32f28ToDouble(ef_exp1->root_delay); + pkt_root_dispersion = UTI_Ntp32f28ToDouble(ef_exp1->root_dispersion); + } else { + pkt_root_delay = UTI_Ntp32ToDouble(message->root_delay); + pkt_root_dispersion = UTI_Ntp32ToDouble(message->root_dispersion); + } + + /* Check if the packet is valid per RFC 5905, section 8. + The test values are 1 when passed and 0 when failed. */ + + /* Test 1 checks for duplicate packet */ + test1 = UTI_CompareNtp64(&message->receive_ts, &inst->remote_ntp_rx) || + UTI_CompareNtp64(&message->transmit_ts, &inst->remote_ntp_tx); + + /* Test 2 checks for bogus packet in the basic and interleaved modes. This + ensures the source is responding to the latest packet we sent to it. */ + test2n = !UTI_CompareNtp64(&message->originate_ts, &inst->local_ntp_tx); + test2i = inst->interleaved && + !UTI_CompareNtp64(&message->originate_ts, &inst->local_ntp_rx); + test2 = test2n || test2i; + interleaved_packet = !test2n && test2i; + + /* Test 3 checks for invalid timestamps. This can happen when the + association if not properly 'up'. */ + test3 = !UTI_IsZeroNtp64(&message->originate_ts) && + !UTI_IsZeroNtp64(&message->receive_ts) && + !UTI_IsZeroNtp64(&message->transmit_ts); + + /* Test 4 would check for denied access. It would always pass as this + function is called only for known sources. */ + + /* Test 5 checks for authentication failure */ + test5 = NAU_CheckResponseAuth(inst->auth, message, info); + + /* Test 6 checks for unsynchronised server */ + test6 = pkt_leap != LEAP_Unsynchronised && + message->stratum < NTP_MAX_STRATUM && + message->stratum != NTP_INVALID_STRATUM; + + /* Test 7 checks for bad data. The root distance must be smaller than a + defined maximum. */ + test7 = pkt_root_delay / 2.0 + pkt_root_dispersion < NTP_MAX_DISPERSION; + + /* The packet is considered valid if the tests 1-5 passed. The timestamps + can be used for synchronisation if the tests 6 and 7 passed too. */ + valid_packet = test1 && test2 && test3 && test5; + synced_packet = valid_packet && test6 && test7; + + /* Check for Kiss-o'-Death codes */ + kod_rate = 0; + if (test1 && test2 && test5 && pkt_leap == LEAP_Unsynchronised && + message->stratum == NTP_INVALID_STRATUM) { + if (pkt_refid == KOD_RATE) + kod_rate = 1; + } + + if (synced_packet && (!interleaved_packet || inst->valid_timestamps)) { + /* These are the timespec equivalents of the remote and local epochs */ + struct timespec remote_receive, remote_transmit, remote_request_receive; + struct timespec local_average, remote_average, prev_remote_transmit; + double prev_remote_poll_interval, root_delay, root_dispersion; + + /* If the remote monotonic timestamps are available and are from the same + epoch, calculate the change in the offset between the monotonic and + real-time clocks, i.e. separate the source's time corrections from + frequency corrections. The offset is accumulated between measurements. + It will correct old measurements kept in sourcestats before accumulating + the new sample. In the interleaved mode, cancel the correction out in + remote timestamps of the previous request and response, which were + captured before the source accumulated the new time corrections. */ + if (ef_exp1 && inst->remote_mono_epoch == ntohl(ef_exp1->mono_epoch) && + !UTI_IsZeroNtp64(&ef_exp1->mono_receive_ts) && + !UTI_IsZeroNtp64(&inst->remote_ntp_monorx)) { + mono_doffset = + UTI_DiffNtp64ToDouble(&ef_exp1->mono_receive_ts, &inst->remote_ntp_monorx) - + UTI_DiffNtp64ToDouble(&message->receive_ts, &inst->remote_ntp_rx); + if (fabs(mono_doffset) > MAX_MONO_DOFFSET) + mono_doffset = 0.0; + } else { + mono_doffset = 0.0; + } + + /* Select remote and local timestamps for the new sample */ + if (interleaved_packet) { + /* Prefer previous local TX and remote RX timestamps if it will make + the intervals significantly shorter in order to improve the accuracy + of the measured delay */ + if (!UTI_IsZeroTimespec(&inst->prev_local_tx.ts) && + MAX_INTERLEAVED_L2L_RATIO * + UTI_DiffTimespecsToDouble(&inst->local_tx.ts, &inst->local_rx.ts) > + UTI_DiffTimespecsToDouble(&inst->local_rx.ts, &inst->prev_local_tx.ts)) { + UTI_Ntp64ToTimespec(&inst->remote_ntp_rx, &remote_receive); + UTI_AddDoubleToTimespec(&remote_receive, -mono_doffset, &remote_receive); + remote_request_receive = remote_receive; + local_transmit = inst->prev_local_tx; + root_delay = inst->remote_root_delay; + root_dispersion = inst->remote_root_dispersion; + } else { + UTI_Ntp64ToTimespec(&message->receive_ts, &remote_receive); + UTI_Ntp64ToTimespec(&inst->remote_ntp_rx, &remote_request_receive); + local_transmit = inst->local_tx; + root_delay = MAX(pkt_root_delay, inst->remote_root_delay); + root_dispersion = MAX(pkt_root_dispersion, inst->remote_root_dispersion); + } + UTI_Ntp64ToTimespec(&message->transmit_ts, &remote_transmit); + UTI_AddDoubleToTimespec(&remote_transmit, -mono_doffset, &remote_transmit); + UTI_Ntp64ToTimespec(&inst->remote_ntp_tx, &prev_remote_transmit); + local_receive = inst->local_rx; + } else { + UTI_Ntp64ToTimespec(&message->receive_ts, &remote_receive); + UTI_Ntp64ToTimespec(&message->transmit_ts, &remote_transmit); + UTI_ZeroTimespec(&prev_remote_transmit); + remote_request_receive = remote_receive; + local_receive = *rx_ts; + local_transmit = inst->local_tx; + root_delay = pkt_root_delay; + root_dispersion = pkt_root_dispersion; + } + + /* Calculate intervals between remote and local timestamps */ + UTI_AverageDiffTimespecs(&remote_receive, &remote_transmit, + &remote_average, &remote_interval); + UTI_AverageDiffTimespecs(&local_transmit.ts, &local_receive.ts, + &local_average, &local_interval); + response_time = fabs(UTI_DiffTimespecsToDouble(&remote_transmit, + &remote_request_receive)); + + precision = LCL_GetSysPrecisionAsQuantum() + UTI_Log2ToDouble(message->precision); + + /* Calculate delay */ + sample.peer_delay = fabs(local_interval - remote_interval); + if (sample.peer_delay < precision) + sample.peer_delay = precision; + + /* Calculate offset. Following the NTP definition, this is negative + if we are fast of the remote source. */ + sample.offset = UTI_DiffTimespecsToDouble(&remote_average, &local_average); + + /* Apply configured correction */ + sample.offset += inst->offset_correction; + + /* We treat the time of the sample as being midway through the local + measurement period. An analysis assuming constant relative + frequency and zero network delay shows this is the only possible + choice to estimate the frequency difference correctly for every + sample pair. */ + sample.time = local_average; + + SST_GetFrequencyRange(stats, &source_freq_lo, &source_freq_hi); + + /* Calculate skew */ + skew = (source_freq_hi - source_freq_lo) / 2.0; + + /* and then calculate peer dispersion and the rest of the sample */ + sample.peer_dispersion = MAX(precision, MAX(local_transmit.err, local_receive.err)) + + skew * fabs(local_interval); + sample.root_delay = root_delay + sample.peer_delay; + sample.root_dispersion = root_dispersion + sample.peer_dispersion; + + /* If the source is an active peer, this is the minimum assumed interval + between previous two transmissions (if not constrained by minpoll) */ + prev_remote_poll_interval = UTI_Log2ToDouble(MIN(inst->remote_poll, + inst->prev_local_poll)); + + /* Additional tests required to pass before accumulating the sample */ + + /* Test A requires that the minimum estimate of the peer delay is not + larger than the configured maximum, in both client modes that the server + processing time is sane, in interleaved client/server mode that the + previous response was not in basic mode (which prevents using timestamps + that minimise delay error), and in interleaved symmetric mode that the + measured delay and intervals between remote timestamps don't indicate + a missed response */ + testA = sample.peer_delay - sample.peer_dispersion <= inst->max_delay && + precision <= inst->max_delay && + !(inst->mode == MODE_CLIENT && response_time > MAX_SERVER_INTERVAL) && + !(inst->mode == MODE_CLIENT && interleaved_packet && + UTI_IsZeroTimespec(&inst->prev_local_tx.ts) && + UTI_CompareTimespecs(&local_transmit.ts, &inst->local_tx.ts) == 0) && + !(inst->mode == MODE_ACTIVE && interleaved_packet && + (sample.peer_delay > 0.5 * prev_remote_poll_interval || + UTI_CompareNtp64(&message->receive_ts, &message->transmit_ts) <= 0 || + (inst->remote_poll <= inst->prev_local_poll && + UTI_DiffTimespecsToDouble(&remote_transmit, &prev_remote_transmit) > + 1.5 * prev_remote_poll_interval))); + + /* Test B requires in client mode that the ratio of the round trip delay + to the minimum one currently in the stats data register is less than an + administrator-defined value */ + testB = check_delay_ratio(inst, stats, &sample.time, sample.peer_delay); + + /* Test C either requires that the delay is less than an estimate of an + administrator-defined quantile, or (if the quantile is not specified) + it requires that the ratio of the increase in delay from the minimum + one in the stats data register to the standard deviation of the offsets + in the register is less than an administrator-defined value or the + difference between measured offset and predicted offset is larger than + the increase in delay */ + if (inst->delay_quant) + testC = check_delay_quant(inst, sample.peer_delay); + else + testC = check_delay_dev_ratio(inst, stats, &sample.time, sample.offset, + sample.peer_delay); + + /* Test D requires that the source is not synchronised to us and is not us + to prevent a synchronisation loop */ + testD = check_sync_loop(inst, message, local_addr, &rx_ts->ts); + } else { + remote_interval = local_interval = response_time = 0.0; + sample.offset = sample.peer_delay = sample.peer_dispersion = 0.0; + sample.root_delay = sample.root_dispersion = 0.0; + sample.time = rx_ts->ts; + mono_doffset = 0.0; + local_receive = *rx_ts; + local_transmit = inst->local_tx; + testA = testB = testC = testD = 0; + } + + /* The packet is considered good for synchronisation if + the additional tests passed */ + good_packet = testA && testB && testC && testD; + + /* Update the NTP timestamps. If it's a valid packet from a synchronised + source, the timestamps may be used later when processing a packet in the + interleaved mode. Protect the timestamps against replay attacks in client + mode, and also in symmetric mode as long as the peers use the same polling + interval and never start with clocks in future or very distant past. + The authentication test (test5) is required to prevent DoS attacks using + unauthenticated packets on authenticated symmetric associations. */ + if ((inst->mode == MODE_CLIENT && valid_packet && !inst->valid_rx) || + (inst->mode == MODE_ACTIVE && valid_packet && + (!inst->valid_rx || + UTI_CompareNtp64(&inst->remote_ntp_tx, &message->transmit_ts) < 0))) { + inst->remote_ntp_rx = message->receive_ts; + inst->remote_ntp_tx = message->transmit_ts; + inst->local_rx = *rx_ts; + inst->valid_timestamps = synced_packet; + + UTI_ZeroNtp64(&inst->init_remote_ntp_tx); + zero_local_timestamp(&inst->init_local_rx); + inst->updated_init_timestamps = 0; + updated_timestamps = 2; + + /* If available, update the monotonic timestamp and accumulate the offset. + This needs to be done here to not lose changes in remote_ntp_rx in + symmetric mode when there are multiple responses per request. */ + if (ef_exp1 && !UTI_IsZeroNtp64(&ef_exp1->mono_receive_ts)) { + inst->remote_mono_epoch = ntohl(ef_exp1->mono_epoch); + inst->remote_ntp_monorx = ef_exp1->mono_receive_ts; + inst->mono_doffset += mono_doffset; + } else { + inst->remote_mono_epoch = 0; + UTI_ZeroNtp64(&inst->remote_ntp_monorx); + inst->mono_doffset = 0.0; + } + + /* Don't use the same set of timestamps for the next sample */ + if (interleaved_packet) + inst->prev_local_tx = inst->local_tx; + else + zero_local_timestamp(&inst->prev_local_tx); + } else if (inst->mode == MODE_ACTIVE && + test1 && !UTI_IsZeroNtp64(&message->transmit_ts) && test5 && + (!inst->updated_init_timestamps || + UTI_CompareNtp64(&inst->init_remote_ntp_tx, &message->transmit_ts) < 0)) { + inst->init_remote_ntp_tx = message->transmit_ts; + inst->init_local_rx = *rx_ts; + inst->updated_init_timestamps = 1; + updated_timestamps = 1; + } else { + updated_timestamps = 0; + } + + /* Accept at most one response per request. The NTP specification recommends + resetting local_ntp_tx to make the following packets fail test2 or test3, + but that would not allow the code above to make multiple updates of the + timestamps in symmetric mode. Also, ignore presend responses. */ + if (inst->valid_rx) { + test2 = test3 = 0; + valid_packet = synced_packet = good_packet = 0; + } else if (valid_packet) { + if (inst->presend_done) { + testA = 0; + good_packet = 0; + } + inst->valid_rx = 1; + } + + if ((unsigned int)local_receive.source >= sizeof (tss_chars) || + (unsigned int)local_transmit.source >= sizeof (tss_chars)) + assert(0); + + DEBUG_LOG("NTP packet lvm=%o stratum=%d poll=%d prec=%d root_delay=%.9f root_disp=%.9f refid=%"PRIx32" [%s]", + message->lvm, message->stratum, message->poll, message->precision, + pkt_root_delay, pkt_root_dispersion, pkt_refid, + message->stratum == NTP_INVALID_STRATUM || message->stratum == 1 ? + UTI_RefidToString(pkt_refid) : ""); + DEBUG_LOG("reference=%s origin=%s receive=%s transmit=%s", + UTI_Ntp64ToString(&message->reference_ts), + UTI_Ntp64ToString(&message->originate_ts), + UTI_Ntp64ToString(&message->receive_ts), + UTI_Ntp64ToString(&message->transmit_ts)); + DEBUG_LOG("offset=%.9f delay=%.9f dispersion=%f root_delay=%f root_dispersion=%f", + sample.offset, sample.peer_delay, sample.peer_dispersion, + sample.root_delay, sample.root_dispersion); + DEBUG_LOG("remote_interval=%.9f local_interval=%.9f response_time=%.9f mono_doffset=%.9f txs=%c rxs=%c", + remote_interval, local_interval, response_time, mono_doffset, + tss_chars[local_transmit.source], tss_chars[local_receive.source]); + DEBUG_LOG("test123=%d%d%d test567=%d%d%d testABCD=%d%d%d%d kod_rate=%d interleaved=%d" + " presend=%d valid=%d good=%d updated=%d", + test1, test2, test3, test5, test6, test7, testA, testB, testC, testD, + kod_rate, interleaved_packet, inst->presend_done, valid_packet, good_packet, + updated_timestamps); + + if (valid_packet) { + inst->remote_poll = message->poll; + inst->remote_stratum = message->stratum != NTP_INVALID_STRATUM ? + MIN(message->stratum, NTP_MAX_STRATUM) : NTP_MAX_STRATUM; + inst->remote_root_delay = pkt_root_delay; + inst->remote_root_dispersion = pkt_root_dispersion; + + inst->prev_local_poll = inst->local_poll; + inst->prev_tx_count = inst->tx_count; + inst->tx_count = 0; + + SRC_UpdateReachability(inst->source, synced_packet); + + if (synced_packet) { + if (inst->copy && inst->remote_stratum > 0) { + /* Assume the reference ID and stratum of the server */ + inst->remote_stratum--; + SRC_SetRefid(inst->source, ntohl(message->reference_id), &inst->remote_addr.ip_addr); + } + + SRC_UpdateStatus(inst->source, MAX(inst->remote_stratum, inst->min_stratum), pkt_leap); + + if (inst->delay_quant) + QNT_Accumulate(inst->delay_quant, sample.peer_delay); + } + + if (good_packet) { + /* Adjust the polling interval, accumulate the sample, etc. */ + process_sample(inst, &sample); + + /* If we're in burst mode, check whether the burst is completed and + revert to the previous mode */ + switch (inst->opmode) { + case MD_BURST_WAS_ONLINE: + case MD_BURST_WAS_OFFLINE: + --inst->burst_good_samples_to_go; + if (inst->burst_good_samples_to_go <= 0) { + if (inst->opmode == MD_BURST_WAS_ONLINE) + inst->opmode = MD_ONLINE; + else + take_offline(inst); + } + break; + default: + break; + } + } else { + /* Slowly increase the polling interval if we can't get a good response */ + adjust_poll(inst, testD ? 0.02 : 0.1); + + /* Count missing samples for the sample filter */ + process_sample(inst, NULL); + } + + /* If in client mode, no more packets are expected to be coming from the + server and the socket can be closed */ + close_client_socket(inst); + + /* Update the local address and interface */ + inst->local_addr.ip_addr = local_addr->ip_addr; + inst->local_addr.if_index = local_addr->if_index; + + /* And now, requeue the timer */ + if (inst->opmode != MD_OFFLINE) { + delay_time = get_transmit_delay(inst, 0, + UTI_DiffTimespecsToDouble(&inst->local_rx.ts, &inst->local_tx.ts)); + + if (kod_rate) { + LOG(LOGS_WARN, "Received KoD RATE from %s", + UTI_IPToString(&inst->remote_addr.ip_addr)); + + /* Back off for a while and stop ongoing burst */ + delay_time += 4 * UTI_Log2ToDouble(inst->local_poll); + + if (inst->opmode == MD_BURST_WAS_OFFLINE || inst->opmode == MD_BURST_WAS_ONLINE) { + inst->burst_good_samples_to_go = 0; + } + } + + /* Get rid of old timeout and start a new one */ + assert(inst->tx_timeout_id); + restart_timeout(inst, delay_time); + } + + /* Update the NTP report */ + inst->report.local_addr = inst->local_addr.ip_addr; + inst->report.leap = pkt_leap; + inst->report.version = pkt_version; + inst->report.mode = NTP_LVM_TO_MODE(message->lvm); + inst->report.stratum = message->stratum; + inst->report.poll = message->poll; + inst->report.precision = message->precision; + inst->report.root_delay = pkt_root_delay; + inst->report.root_dispersion = pkt_root_dispersion; + inst->report.ref_id = pkt_refid; + UTI_Ntp64ToTimespec(&message->reference_ts, &inst->report.ref_time); + inst->report.offset = sample.offset; + inst->report.peer_delay = sample.peer_delay; + inst->report.peer_dispersion = sample.peer_dispersion; + inst->report.response_time = response_time; + inst->report.jitter_asymmetry = SST_GetJitterAsymmetry(stats); + inst->report.tests = ((((((((test1 << 1 | test2) << 1 | test3) << 1 | + test5) << 1 | test6) << 1 | test7) << 1 | + testA) << 1 | testB) << 1 | testC) << 1 | testD; + inst->report.interleaved = interleaved_packet; + inst->report.authenticated = NAU_IsAuthEnabled(inst->auth); + inst->report.tx_tss_char = tss_chars[local_transmit.source]; + inst->report.rx_tss_char = tss_chars[local_receive.source]; + + inst->report.total_valid_count++; + if (good_packet) + inst->report.total_good_count++; + } + + /* Do measurement logging */ + if (logfileid != -1 && (log_raw_measurements || synced_packet)) { + LOG_FileWrite(logfileid, "%s %-15s %1c %2d %1d%1d%1d %1d%1d%1d %1d%1d%1d%d %2d %2d %4.2f %10.3e %10.3e %10.3e %10.3e %10.3e %08"PRIX32" %1d%1c %1c %1c", + UTI_TimeToLogForm(sample.time.tv_sec), + UTI_IPToString(&inst->remote_addr.ip_addr), + leap_chars[pkt_leap], + message->stratum, + test1, test2, test3, test5, test6, test7, testA, testB, testC, testD, + inst->local_poll, message->poll, + inst->poll_score, + sample.offset, sample.peer_delay, sample.peer_dispersion, + pkt_root_delay, pkt_root_dispersion, pkt_refid, + NTP_LVM_TO_MODE(message->lvm), interleaved_packet ? 'I' : 'B', + tss_chars[local_transmit.source], + tss_chars[local_receive.source]); + } + + return good_packet; +} + +/* ================================================== */ +/* From RFC 5905, the standard handling of received packets, depending + on the mode of the packet and of the source, is : + + +------------------+---------------------------------------+ + | | Packet Mode | + +------------------+-------+-------+-------+-------+-------+ + | Association Mode | 1 | 2 | 3 | 4 | 5 | + +------------------+-------+-------+-------+-------+-------+ + | No Association 0 | NEWPS | DSCRD | FXMIT | MANY | NEWBC | + | Symm. Active 1 | PROC | PROC | DSCRD | DSCRD | DSCRD | + | Symm. Passive 2 | PROC | ERR | DSCRD | DSCRD | DSCRD | + | Client 3 | DSCRD | DSCRD | DSCRD | PROC | DSCRD | + | Server 4 | DSCRD | DSCRD | DSCRD | DSCRD | DSCRD | + | Broadcast 5 | DSCRD | DSCRD | DSCRD | DSCRD | DSCRD | + | Bcast Client 6 | DSCRD | DSCRD | DSCRD | DSCRD | PROC | + +------------------+-------+-------+-------+-------+-------+ + + Association mode 0 is implemented in NCR_ProcessRxUnknown(), other modes + in NCR_ProcessRxKnown(). + + Broadcast, manycast and ephemeral symmetric passive associations are not + supported yet. + */ + +/* ================================================== */ +/* This routine is called when a new packet arrives off the network, + and it relates to a source we have an ongoing protocol exchange with */ + +int +NCR_ProcessRxKnown(NCR_Instance inst, NTP_Local_Address *local_addr, + NTP_Local_Timestamp *rx_ts, NTP_Packet *message, int length) +{ + int proc_packet, proc_as_unknown; + NTP_PacketInfo info; + + inst->report.total_rx_count++; + + if (!parse_packet(message, length, &info)) + return 0; + + proc_packet = 0; + proc_as_unknown = 0; + + /* Now, depending on the mode we decide what to do */ + switch (info.mode) { + case MODE_ACTIVE: + switch (inst->mode) { + case MODE_ACTIVE: + /* Ordinary symmetric peering */ + proc_packet = 1; + break; + case MODE_PASSIVE: + /* In this software this case should not arise, we don't + support unconfigured peers */ + break; + case MODE_CLIENT: + /* This is where we have the remote configured as a server and he has + us configured as a peer, process as from an unknown source */ + proc_as_unknown = 1; + break; + default: + /* Discard */ + break; + } + break; + + case MODE_PASSIVE: + switch (inst->mode) { + case MODE_ACTIVE: + /* This would arise if we have the remote configured as a peer and + he does not have us configured */ + proc_packet = 1; + break; + case MODE_PASSIVE: + /* Error condition in RFC 5905 */ + break; + default: + /* Discard */ + break; + } + break; + + case MODE_CLIENT: + /* If message is client mode, we just respond with a server mode + packet, regardless of what we think the remote machine is + supposed to be. However, even though this is a configured + peer or server, we still implement access restrictions on + client mode operation. + + This copes with the case for an isolated network where one + machine is set by eye and is used as the master, with the + other machines pointed at it. If the master goes down, we + want to be able to reset its time at startup by relying on + one of the secondaries to flywheel it. The behaviour coded here + is required in the secondaries to make this possible. */ + + proc_as_unknown = 1; + break; + + case MODE_SERVER: + switch (inst->mode) { + case MODE_CLIENT: + /* Standard case where he's a server and we're the client */ + proc_packet = 1; + break; + default: + /* Discard */ + break; + } + break; + + case MODE_BROADCAST: + /* Just ignore these */ + break; + + default: + /* Obviously ignore */ + break; + } + + if (proc_packet) { + /* Check if the reply was received by the socket that sent the request */ + if (local_addr->sock_fd != inst->local_addr.sock_fd) { + DEBUG_LOG("Packet received by wrong socket %d (expected %d)", + local_addr->sock_fd, inst->local_addr.sock_fd); + return 0; + } + + /* Ignore packets from offline sources */ + if (inst->opmode == MD_OFFLINE || inst->tx_suspended) { + DEBUG_LOG("Packet from offline source"); + return 0; + } + + return process_response(inst, local_addr, rx_ts, message, &info); + } else if (proc_as_unknown) { + NCR_ProcessRxUnknown(&inst->remote_addr, local_addr, rx_ts, message, length); + /* It's not a reply to our request, don't return success */ + return 0; + } else { + DEBUG_LOG("NTP packet discarded mode=%d our_mode=%u", (int)info.mode, inst->mode); + return 0; + } +} + +/* ================================================== */ +/* This routine is called when a new packet arrives off the network, + and it relates to a source we don't know (not our server or peer) */ + +void +NCR_ProcessRxUnknown(NTP_Remote_Address *remote_addr, NTP_Local_Address *local_addr, + NTP_Local_Timestamp *rx_ts, NTP_Packet *message, int length) +{ + NTP_PacketInfo info; + NTP_Mode my_mode; + NTP_Local_Timestamp local_tx, *tx_ts; + NTP_int64 ntp_rx, *local_ntp_rx; + int log_index, interleaved, poll, version; + uint32_t kod; + + /* Ignore the packet if it wasn't received by server socket */ + if (!NIO_IsServerSocket(local_addr->sock_fd)) { + DEBUG_LOG("NTP request packet received by client socket %d", local_addr->sock_fd); + return; + } + + if (!parse_packet(message, length, &info)) + return; + + if (!ADF_IsAllowed(access_auth_table, &remote_addr->ip_addr)) { + DEBUG_LOG("NTP packet received from unauthorised host %s", + UTI_IPToString(&remote_addr->ip_addr)); + return; + } + + switch (info.mode) { + case MODE_ACTIVE: + /* We are symmetric passive, even though we don't ever lock to him */ + my_mode = MODE_PASSIVE; + break; + case MODE_CLIENT: + /* Reply with server packet */ + my_mode = MODE_SERVER; + break; + case MODE_UNDEFINED: + /* Check if it is an NTPv1 client request (NTPv1 packets have a reserved + field instead of the mode field and the actual mode is determined from + the port numbers). Don't ever respond with a mode 0 packet! */ + if (info.version == 1 && remote_addr->port != NTP_PORT) { + my_mode = MODE_SERVER; + break; + } + /* Fall through */ + default: + /* Discard */ + DEBUG_LOG("NTP packet discarded mode=%d", (int)info.mode); + return; + } + + kod = 0; + log_index = CLG_LogServiceAccess(CLG_NTP, &remote_addr->ip_addr, &rx_ts->ts); + + /* Don't reply to all requests if the rate is excessive */ + if (log_index >= 0 && CLG_LimitServiceRate(CLG_NTP, log_index)) { + DEBUG_LOG("NTP packet discarded to limit response rate"); + return; + } + + /* Check authentication */ + if (!NAU_CheckRequestAuth(message, &info, &kod)) { + DEBUG_LOG("NTP packet failed auth mode=%d kod=%"PRIx32, (int)info.auth.mode, kod); + + /* Don't respond unless a non-zero KoD was returned */ + if (kod == 0) + return; + } else if (info.auth.mode != NTP_AUTH_NONE && info.auth.mode != NTP_AUTH_MSSNTP) { + CLG_LogAuthNtpRequest(); + } + + local_ntp_rx = NULL; + tx_ts = NULL; + interleaved = 0; + + /* Handle requests formed in the interleaved mode. As an optimisation to + avoid saving all receive timestamps, require that the origin timestamp + has the lowest bit equal to 1, which indicates it was set to one of our + receive timestamps instead of transmit timestamps or zero. Respond in the + interleaved mode if the receive timestamp is found and it has a non-zero + transmit timestamp (this is verified in transmit_packet()). For a new + client starting with a zero origin timestamp, the third response is the + earliest one that can be interleaved. */ + if (kod == 0 && log_index >= 0 && info.version == 4 && + message->originate_ts.lo & htonl(1) && + UTI_CompareNtp64(&message->receive_ts, &message->transmit_ts) != 0) { + ntp_rx = message->originate_ts; + local_ntp_rx = &ntp_rx; + UTI_ZeroTimespec(&local_tx.ts); + interleaved = CLG_GetNtpTxTimestamp(&ntp_rx, &local_tx.ts); + + tx_ts = &local_tx; + if (interleaved) + CLG_DisableNtpTimestamps(&ntp_rx); + } + + /* Suggest the client to increase its polling interval if it indicates + the interval is shorter than the rate limiting interval */ + poll = CLG_GetNtpMinPoll(); + poll = MAX(poll, message->poll); + + /* Respond with the same version */ + version = info.version; + + /* Send a reply */ + if (!transmit_packet(my_mode, interleaved, poll, version, kod, info.ext_field_flags, NULL, + &message->receive_ts, &message->transmit_ts, + rx_ts, tx_ts, local_ntp_rx, NULL, remote_addr, local_addr, + message, &info)) + return; + + if (local_ntp_rx) + CLG_SaveNtpTimestamps(local_ntp_rx, tx_ts ? &tx_ts->ts : NULL); +} + +/* ================================================== */ + +static void +update_tx_timestamp(NTP_Local_Timestamp *tx_ts, NTP_Local_Timestamp *new_tx_ts, + NTP_int64 *local_ntp_rx, NTP_int64 *local_ntp_tx, NTP_Packet *message) +{ + double delay; + + if (UTI_IsZeroTimespec(&tx_ts->ts)) { + DEBUG_LOG("Unexpected TX update"); + return; + } + + /* Check if this is the last packet that was sent */ + if ((local_ntp_rx && UTI_CompareNtp64(&message->receive_ts, local_ntp_rx)) || + (local_ntp_tx && UTI_CompareNtp64(&message->transmit_ts, local_ntp_tx))) { + DEBUG_LOG("RX/TX timestamp mismatch"); + return; + } + + delay = UTI_DiffTimespecsToDouble(&new_tx_ts->ts, &tx_ts->ts); + + if (delay < 0.0 || delay > MAX_TX_DELAY) { + DEBUG_LOG("Unacceptable TX delay %.9f", delay); + return; + } + + *tx_ts = *new_tx_ts; + + DEBUG_LOG("Updated TX timestamp delay=%.9f", delay); +} + +/* ================================================== */ + +void +NCR_ProcessTxKnown(NCR_Instance inst, NTP_Local_Address *local_addr, + NTP_Local_Timestamp *tx_ts, NTP_Packet *message, int length) +{ + NTP_PacketInfo info; + + if (!parse_packet(message, length, &info)) + return; + + /* Server and passive mode packets are responses to unknown sources */ + if (info.mode != MODE_CLIENT && info.mode != MODE_ACTIVE) { + NCR_ProcessTxUnknown(&inst->remote_addr, local_addr, tx_ts, message, length); + return; + } + + update_tx_timestamp(&inst->local_tx, tx_ts, &inst->local_ntp_rx, &inst->local_ntp_tx, + message); +} + +/* ================================================== */ + +void +NCR_ProcessTxUnknown(NTP_Remote_Address *remote_addr, NTP_Local_Address *local_addr, + NTP_Local_Timestamp *tx_ts, NTP_Packet *message, int length) +{ + NTP_Local_Timestamp old_tx, new_tx; + NTP_int64 *local_ntp_rx; + NTP_PacketInfo info; + + if (!parse_packet(message, length, &info)) + return; + + if (info.mode == MODE_BROADCAST) + return; + + if (SMT_IsEnabled() && info.mode == MODE_SERVER) + UTI_AddDoubleToTimespec(&tx_ts->ts, SMT_GetOffset(&tx_ts->ts), &tx_ts->ts); + + local_ntp_rx = &message->receive_ts; + new_tx = *tx_ts; + + if (!CLG_GetNtpTxTimestamp(local_ntp_rx, &old_tx.ts)) + return; + + /* Undo a clock adjustment between the RX and TX timestamps to minimise error + in the delay measured by the client */ + CLG_UndoNtpTxTimestampSlew(local_ntp_rx, &new_tx.ts); + + update_tx_timestamp(&old_tx, &new_tx, local_ntp_rx, NULL, message); + + CLG_UpdateNtpTxTimestamp(local_ntp_rx, &new_tx.ts); +} + +/* ================================================== */ + +void +NCR_SlewTimes(NCR_Instance inst, struct timespec *when, double dfreq, double doffset) +{ + double delta; + + if (!UTI_IsZeroTimespec(&inst->local_rx.ts)) + UTI_AdjustTimespec(&inst->local_rx.ts, when, &inst->local_rx.ts, &delta, dfreq, doffset); + if (!UTI_IsZeroTimespec(&inst->local_tx.ts)) + UTI_AdjustTimespec(&inst->local_tx.ts, when, &inst->local_tx.ts, &delta, dfreq, doffset); + if (!UTI_IsZeroTimespec(&inst->prev_local_tx.ts)) + UTI_AdjustTimespec(&inst->prev_local_tx.ts, when, &inst->prev_local_tx.ts, &delta, dfreq, + doffset); + if (!UTI_IsZeroTimespec(&inst->init_local_rx.ts)) + UTI_AdjustTimespec(&inst->init_local_rx.ts, when, &inst->init_local_rx.ts, &delta, dfreq, + doffset); + + if (inst->filter) + SPF_SlewSamples(inst->filter, when, dfreq, doffset); +} + +/* ================================================== */ + +static void +set_connectivity(NCR_Instance inst, SRC_Connectivity connectivity) +{ + if (connectivity == SRC_MAYBE_ONLINE) + connectivity = NIO_IsServerConnectable(&inst->remote_addr) ? SRC_ONLINE : SRC_OFFLINE; + + switch (connectivity) { + case SRC_ONLINE: + switch (inst->opmode) { + case MD_ONLINE: + /* Nothing to do */ + break; + case MD_OFFLINE: + inst->opmode = MD_ONLINE; + NCR_ResetInstance(inst); + start_initial_timeout(inst); + if (inst->auto_iburst) + NCR_InitiateSampleBurst(inst, IBURST_GOOD_SAMPLES, IBURST_TOTAL_SAMPLES); + break; + case MD_BURST_WAS_ONLINE: + /* Will revert */ + break; + case MD_BURST_WAS_OFFLINE: + inst->opmode = MD_BURST_WAS_ONLINE; + break; + default: + assert(0); + } + break; + case SRC_OFFLINE: + switch (inst->opmode) { + case MD_ONLINE: + take_offline(inst); + break; + case MD_OFFLINE: + break; + case MD_BURST_WAS_ONLINE: + inst->opmode = MD_BURST_WAS_OFFLINE; + break; + case MD_BURST_WAS_OFFLINE: + break; + default: + assert(0); + } + break; + default: + assert(0); + } +} + +/* ================================================== */ + +void +NCR_SetConnectivity(NCR_Instance inst, SRC_Connectivity connectivity) +{ + OperatingMode prev_opmode; + int was_online, is_online; + + prev_opmode = inst->opmode; + + set_connectivity(inst, connectivity); + + /* Report an important change */ + was_online = prev_opmode == MD_ONLINE || prev_opmode == MD_BURST_WAS_ONLINE; + is_online = inst->opmode == MD_ONLINE || inst->opmode == MD_BURST_WAS_ONLINE; + if (was_online != is_online) + LOG(LOGS_INFO, "Source %s %s", + UTI_IPToString(&inst->remote_addr.ip_addr), is_online ? "online" : "offline"); +} + +/* ================================================== */ + +void +NCR_ModifyMinpoll(NCR_Instance inst, int new_minpoll) +{ + if (new_minpoll < MIN_POLL || new_minpoll > MAX_POLL) + return; + inst->minpoll = new_minpoll; + LOG(LOGS_INFO, "Source %s new minpoll %d", UTI_IPToString(&inst->remote_addr.ip_addr), new_minpoll); + if (inst->maxpoll < inst->minpoll) + NCR_ModifyMaxpoll(inst, inst->minpoll); +} + +/* ================================================== */ + +void +NCR_ModifyMaxpoll(NCR_Instance inst, int new_maxpoll) +{ + if (new_maxpoll < MIN_POLL || new_maxpoll > MAX_POLL) + return; + inst->maxpoll = new_maxpoll; + LOG(LOGS_INFO, "Source %s new maxpoll %d", UTI_IPToString(&inst->remote_addr.ip_addr), new_maxpoll); + if (inst->minpoll > inst->maxpoll) + NCR_ModifyMinpoll(inst, inst->maxpoll); +} + +/* ================================================== */ + +void +NCR_ModifyMaxdelay(NCR_Instance inst, double new_max_delay) +{ + inst->max_delay = CLAMP(0.0, new_max_delay, MAX_MAXDELAY); + LOG(LOGS_INFO, "Source %s new maxdelay %f", + UTI_IPToString(&inst->remote_addr.ip_addr), inst->max_delay); +} + +/* ================================================== */ + +void +NCR_ModifyMaxdelayratio(NCR_Instance inst, double new_max_delay_ratio) +{ + inst->max_delay_ratio = CLAMP(0.0, new_max_delay_ratio, MAX_MAXDELAYRATIO); + LOG(LOGS_INFO, "Source %s new maxdelayratio %f", + UTI_IPToString(&inst->remote_addr.ip_addr), inst->max_delay_ratio); +} + +/* ================================================== */ + +void +NCR_ModifyMaxdelaydevratio(NCR_Instance inst, double new_max_delay_dev_ratio) +{ + inst->max_delay_dev_ratio = CLAMP(0.0, new_max_delay_dev_ratio, MAX_MAXDELAYDEVRATIO); + LOG(LOGS_INFO, "Source %s new maxdelaydevratio %f", + UTI_IPToString(&inst->remote_addr.ip_addr), inst->max_delay_dev_ratio); +} + +/* ================================================== */ + +void +NCR_ModifyMinstratum(NCR_Instance inst, int new_min_stratum) +{ + inst->min_stratum = new_min_stratum; + LOG(LOGS_INFO, "Source %s new minstratum %d", + UTI_IPToString(&inst->remote_addr.ip_addr), new_min_stratum); +} + +/* ================================================== */ + +void +NCR_ModifyPolltarget(NCR_Instance inst, int new_poll_target) +{ + inst->poll_target = new_poll_target; + LOG(LOGS_INFO, "Source %s new polltarget %d", + UTI_IPToString(&inst->remote_addr.ip_addr), new_poll_target); +} + +/* ================================================== */ + +void +NCR_InitiateSampleBurst(NCR_Instance inst, int n_good_samples, int n_total_samples) +{ + + if (inst->mode == MODE_CLIENT) { + + /* We want to prevent burst mode being used on symmetric active + associations - it will play havoc with the peer's sampling + strategy. (This obviously relies on us having the peer + configured that way if he has us configured symmetric active - + but there's not much else we can do.) */ + + switch (inst->opmode) { + case MD_BURST_WAS_OFFLINE: + case MD_BURST_WAS_ONLINE: + /* If already burst sampling, don't start again */ + break; + + case MD_ONLINE: + case MD_OFFLINE: + inst->opmode = inst->opmode == MD_ONLINE ? + MD_BURST_WAS_ONLINE : MD_BURST_WAS_OFFLINE; + inst->burst_good_samples_to_go = n_good_samples; + inst->burst_total_samples_to_go = n_total_samples; + start_initial_timeout(inst); + break; + default: + assert(0); + break; + } + } + +} + +/* ================================================== */ + +void +NCR_ReportSource(NCR_Instance inst, RPT_SourceReport *report, struct timespec *now) +{ + report->poll = get_transmit_poll(inst); + + switch (inst->mode) { + case MODE_CLIENT: + report->mode = RPT_NTP_CLIENT; + break; + case MODE_ACTIVE: + report->mode = RPT_NTP_PEER; + break; + default: + assert(0); + } +} + +/* ================================================== */ + +void +NCR_GetAuthReport(NCR_Instance inst, RPT_AuthReport *report) +{ + NAU_GetReport(inst->auth, report); +} + +/* ================================================== */ + +void +NCR_GetNTPReport(NCR_Instance inst, RPT_NTPReport *report) +{ + *report = inst->report; +} + +/* ================================================== */ + +int +NCR_AddAccessRestriction(IPAddr *ip_addr, int subnet_bits, int allow, int all) + { + ADF_Status status; + + if (allow) { + if (all) { + status = ADF_AllowAll(access_auth_table, ip_addr, subnet_bits); + } else { + status = ADF_Allow(access_auth_table, ip_addr, subnet_bits); + } + } else { + if (all) { + status = ADF_DenyAll(access_auth_table, ip_addr, subnet_bits); + } else { + status = ADF_Deny(access_auth_table, ip_addr, subnet_bits); + } + } + + if (status != ADF_SUCCESS) + return 0; + + /* Keep server sockets open only when an address allowed */ + if (allow) { + NTP_Remote_Address remote_addr; + + if (server_sock_fd4 == INVALID_SOCK_FD && + ADF_IsAnyAllowed(access_auth_table, IPADDR_INET4)) { + remote_addr.ip_addr.family = IPADDR_INET4; + remote_addr.port = 0; + server_sock_fd4 = NIO_OpenServerSocket(&remote_addr); + } + if (server_sock_fd6 == INVALID_SOCK_FD && + ADF_IsAnyAllowed(access_auth_table, IPADDR_INET6)) { + remote_addr.ip_addr.family = IPADDR_INET6; + remote_addr.port = 0; + server_sock_fd6 = NIO_OpenServerSocket(&remote_addr); + } + } else { + if (server_sock_fd4 != INVALID_SOCK_FD && + !ADF_IsAnyAllowed(access_auth_table, IPADDR_INET4)) { + NIO_CloseServerSocket(server_sock_fd4); + server_sock_fd4 = INVALID_SOCK_FD; + } + if (server_sock_fd6 != INVALID_SOCK_FD && + !ADF_IsAnyAllowed(access_auth_table, IPADDR_INET6)) { + NIO_CloseServerSocket(server_sock_fd6); + server_sock_fd6 = INVALID_SOCK_FD; + } + } + + return 1; +} + +/* ================================================== */ + +int +NCR_CheckAccessRestriction(IPAddr *ip_addr) +{ + return ADF_IsAllowed(access_auth_table, ip_addr); +} + +/* ================================================== */ + +void +NCR_IncrementActivityCounters(NCR_Instance inst, int *online, int *offline, + int *burst_online, int *burst_offline) +{ + switch (inst->opmode) { + case MD_BURST_WAS_OFFLINE: + ++*burst_offline; + break; + case MD_BURST_WAS_ONLINE: + ++*burst_online; + break; + case MD_ONLINE: + ++*online; + break; + case MD_OFFLINE: + ++*offline; + break; + default: + assert(0); + break; + } +} + +/* ================================================== */ + +NTP_Remote_Address * +NCR_GetRemoteAddress(NCR_Instance inst) +{ + return &inst->remote_addr; +} + +/* ================================================== */ + +uint32_t +NCR_GetLocalRefid(NCR_Instance inst) +{ + return UTI_IPToRefid(&inst->local_addr.ip_addr); +} + +/* ================================================== */ + +int NCR_IsSyncPeer(NCR_Instance inst) +{ + return SRC_IsSyncPeer(inst->source); +} + +/* ================================================== */ + +void +NCR_DumpAuthData(NCR_Instance inst) +{ + NAU_DumpData(inst->auth); +} + +/* ================================================== */ + +static void +broadcast_timeout(void *arg) +{ + BroadcastDestination *destination; + NTP_int64 orig_ts; + NTP_Local_Timestamp recv_ts; + int poll; + + destination = ARR_GetElement(broadcasts, (long)arg); + poll = round(log(destination->interval) / log(2.0)); + + UTI_ZeroNtp64(&orig_ts); + zero_local_timestamp(&recv_ts); + + transmit_packet(MODE_BROADCAST, 0, poll, NTP_VERSION, 0, 0, destination->auth, + &orig_ts, &orig_ts, &recv_ts, NULL, NULL, NULL, + &destination->addr, &destination->local_addr, NULL, NULL); + + /* Requeue timeout. We don't care if interval drifts gradually. */ + SCH_AddTimeoutInClass(destination->interval, get_separation(poll), SAMPLING_RANDOMNESS, + SCH_NtpBroadcastClass, broadcast_timeout, arg); +} + +/* ================================================== */ + +void +NCR_AddBroadcastDestination(NTP_Remote_Address *addr, int interval) +{ + BroadcastDestination *destination; + + destination = (BroadcastDestination *)ARR_GetNewElement(broadcasts); + + destination->addr = *addr; + destination->local_addr.ip_addr.family = IPADDR_UNSPEC; + destination->local_addr.if_index = INVALID_IF_INDEX; + destination->local_addr.sock_fd = NIO_OpenServerSocket(&destination->addr); + destination->auth = NAU_CreateNoneInstance(); + destination->interval = CLAMP(1, interval, 1 << MAX_POLL); + + SCH_AddTimeoutInClass(destination->interval, MAX_SAMPLING_SEPARATION, SAMPLING_RANDOMNESS, + SCH_NtpBroadcastClass, broadcast_timeout, + (void *)(long)(ARR_GetSize(broadcasts) - 1)); +} |