4c4,5
< * $FreeBSD: head/contrib/ntp/ntpd/ntp_proto.c 106166 2002-10-29 20:04:27Z roberto $
---
> * ATTENTION: Get approval from Dave Mills on all changes to this file!
> *
15d15
< #include "ntp_crypto.h"
36a37
> u_int32 sys_peer_refid; /* hashed refid of our current peer */
39c40
< struct peer *sys_peer; /* our current peer */
---
> struct peer *sys_peer; /* our current peer */
41c42,44
< #ifdef AUTOKEY
---
> int sys_kod; /* kod credit */
> int sys_kod_rate = 2; /* max kod packets per second */
> #ifdef OPENSSL
43c46
< #endif /* AUTOKEY */
---
> #endif /* OPENSSL */
48,49c51,53
< int sys_bclient; /* we set our time to broadcasts */
< double sys_bdelay; /* broadcast client default delay */
---
> int sys_bclient; /* broadcast client enable */
> double sys_bdelay; /* broadcast client default delay */
> int sys_calldelay; /* modem callup delay (s) */
52c56
< static u_long sys_authdly[2]; /* authentication delay shift reg */
---
> static u_long sys_authdly[2]; /* authentication delay shift reg */
54c58
< static double sys_selerr; /* select error (squares) */
---
> static double sys_selerr; /* select error (squares) */
58d61
< u_int sys_survivors; /* truest of the truechimers */
60c63,64
< #ifdef AUTOKEY
---
> int sys_survivors; /* truest of the truechimers */
> #ifdef OPENSSL
62c66
< #endif /* AUTOKEY */
---
> #endif /* OPENSSL */
64a69,79
> * TOS and multicast mapping stuff
> */
> int sys_floor = 1; /* cluster stratum floor */
> int sys_ceiling = STRATUM_UNSPEC; /* cluster stratum ceiling*/
> int sys_minsane = 1; /* minimum candidates */
> int sys_minclock = NTP_MINCLOCK; /* minimum survivors */
> int sys_cohort = 0; /* cohort switch */
> int sys_ttlmax; /* max ttl mapping vector index */
> u_char sys_ttl[MAX_TTL]; /* ttl mapping vector */
>
> /*
67,72c82,83
< u_long sys_stattime; /* time when we started recording */
< u_long sys_badstratum; /* packets with invalid stratum */
< u_long sys_oldversionpkt; /* old version packets received */
< u_long sys_newversionpkt; /* new version packets received */
< u_long sys_unknownversion; /* don't know version packets */
< u_long sys_badlength; /* packets with bad length */
---
> u_long sys_stattime; /* time since reset */
> u_long sys_received; /* packets received */
74,75c85,91
< u_long sys_badauth; /* packets dropped because of auth */
< u_long sys_limitrejected; /* pkts rejected due to client count per net */
---
> u_long sys_newversionpkt; /* current version */
> u_long sys_oldversionpkt; /* recent version */
> u_long sys_unknownversion; /* invalid version */
> u_long sys_restricted; /* access denied */
> u_long sys_badlength; /* bad length or format */
> u_long sys_badauth; /* bad authentication */
> u_long sys_limitrejected; /* rate exceeded */
82a99
> static int peer_unfit P((struct peer *));
84d100
<
94c110
< int hpoll;
---
> int hpoll;
95a112,118
>
> /*
> * The polling state machine. There are two kinds of machines,
> * those that never expect a reply (broadcast and manycast
> * server modes) and those that do (all other modes). The dance
> * is intricate...
> */
97,98c120
< if (peer->burst == 0) {
< u_char oreach;
---
> if (peer->cast_flags & (MDF_BCAST | MDF_MCAST)) {
101,104c123,124
< * The polling state machine. There are two kinds of
< * machines, those that never expect a reply (broadcast
< * and manycast server modes) and those that do (all
< * other modes). The dance is intricate...
---
> * In broadcast mode the poll interval is fixed
> * at minpoll.
106c126,127
< if (peer->cast_flags & (MDF_BCAST | MDF_MCAST)) {
---
> hpoll = peer->minpoll;
> } else if (peer->cast_flags & MDF_ACAST) {
108,115c129,149
< /*
< * In broadcast mode the poll interval is fixed
< * at minpoll and the ttl at ttlmax.
< */
< hpoll = peer->minpoll;
< peer->ttl = peer->ttlmax;
< #ifdef AUTOKEY
< } else if (peer->cast_flags & MDF_ACAST) {
---
> /*
> * In manycast mode we start with the minpoll interval
> * and ttl. However, the actual poll interval is eight
> * times the nominal poll interval shown here. If fewer
> * than sys_minclock servers are found, the ttl is
> * increased by one and we try again. If this continues
> * to the max ttl, the poll interval is bumped by one
> * and we try again. If at least sys_minclock servers
> * are found, the poll interval increases with the
> * system poll interval to the max and we continue
> * indefinately. However, about once per day when the
> * agreement parameters are refreshed, the manycast
> * clients are reset and we start from the beginning.
> * This is to catch and clamp the ttl to the lowest
> * practical value and avoid knocking on spurious doors.
> */
> if (sys_survivors < sys_minclock && peer->ttl <
> sys_ttlmax)
> peer->ttl++;
> hpoll = sys_poll;
> } else {
117,141c151,161
< /*
< * In manycast mode we start with the minpoll
< * interval and ttl. However, the actual poll
< * interval is eight times the nominal poll
< * interval shown here. If fewer than three
< * servers are found, the ttl is increased by
< * one and we try again. If this continues to
< * the max ttl, the poll interval is bumped by
< * one and we try again. If at least three
< * servers are found, the poll interval
< * increases with the system poll interval to
< * the max and we continue indefinately.
< * However, about once per day when the
< * agreement parameters are refreshed, the
< * manycast clients are reset and we start from
< * the beginning. This is to catch and clamp the
< * ttl to the lowest practical value and avoid
< * knocking on spurious doors.
< */
< if (sys_survivors < NTP_MINCLOCK && peer->ttl <
< peer->ttlmax)
< peer->ttl++;
< hpoll = sys_poll;
< #endif /* AUTOKEY */
< } else {
---
> /*
> * For associations expecting a reply, the watchdog
> * counter is bumped by one if the peer has not been
> * heard since the previous poll. If the counter reaches
> * the max, the poll interval is doubled and the peer is
> * demobilized if not configured.
> */
> peer->unreach++;
> if (peer->unreach >= NTP_UNREACH) {
> hpoll++;
> if (peer->flags & FLAG_CONFIG) {
143,154c163,173
< /*
< * For associations expecting a reply, the
< * watchdog counter is bumped by one if the peer
< * has not been heard since the previous poll.
< * If the counter reaches the max, the peer is
< * demobilized if not configured and just
< * cleared if it is, but in this case the poll
< * interval is bumped by one.
< */
< if (peer->unreach < NTP_UNREACH) {
< peer->unreach++;
< } else if (!(peer->flags & FLAG_CONFIG)) {
---
> /*
> * If nothing is likely to change in
> * future, flash the access denied bit
> * so we won't bother the dude again.
> */
> if (memcmp((char *)&peer->refid,
> "DENY", 4) == 0 ||
> memcmp((char *)&peer->refid,
> "CRYP", 4) == 0)
> peer->flash |= TEST4;
> } else {
156d174
< clock_select();
158,161d175
<
< } else {
< peer_clear(peer);
< hpoll++;
164,166c178,179
< oreach = peer->reach;
< peer->reach <<= 1;
< if (peer->reach == 0) {
---
> if (peer->burst == 0) {
> u_char oreach;
168,176c181,218
< /*
< * If this association has become unreachable,
< * clear it and raise a trap.
< */
< if (oreach != 0) {
< report_event(EVNT_UNREACH, peer);
< peer->timereachable = current_time;
< if (!(peer->flags & FLAG_CONFIG)) {
< unpeer(peer);
---
> oreach = peer->reach;
> peer->reach <<= 1;
> peer->hyst *= HYST_TC;
> if (peer->reach == 0) {
>
> /*
> * If this association has become
> * unreachable, clear it and raise a
> * trap.
> */
> if (oreach != 0) {
> report_event(EVNT_UNREACH,
> peer);
> peer->timereachable =
> current_time;
> if (peer->flags & FLAG_CONFIG) {
> peer_clear(peer,
> "INIT");
> } else {
> unpeer(peer);
> return;
> }
> }
> if (peer->flags & FLAG_IBURST)
> peer->burst = NTP_BURST;
> } else {
> /*
> * Here the peer is reachable. If it has
> * not been heard for three consecutive
> * polls, stuff the clock filter. Next,
> * determine the poll interval. If the
> * peer is unfit for synchronization,
> * increase it by one; otherwise, use
> * the system poll interval.
> */
> if (!(peer->reach & 0x07)) {
> clock_filter(peer, 0., 0.,
> MAXDISPERSE);
178,181d219
< return;
< } else {
< peer_clear(peer);
< hpoll = peer->minpoll;
182a221,226
> if (peer_unfit(peer))
> hpoll++;
> else
> hpoll = sys_poll;
> if (peer->flags & FLAG_BURST)
> peer->burst = NTP_BURST;
184,185d227
< if (peer->flags & FLAG_IBURST)
< peer->burst = NTP_SHIFT;
189,198c231,232
< * Here the peer is reachable. If it has not
< * been heard for three consecutive polls, stuff
< * the clock filter. Next, determine the poll
< * interval. If the peer is a synchronization
< * candidate, use the system poll interval. If
< * the peer is not sane, increase it by one. If
< * the number of valid updates is not greater
< * than half the register size, clamp it to the
< * minimum. This is to quickly recover the time
< * variables when a noisy peer shows life.
---
> * Source rate control. If we are restrained,
> * each burst consists of only one packet.
200,207c234,236
< if (!(peer->reach & 0x07)) {
< clock_filter(peer, 0., 0., MAXDISPERSE);
< clock_select();
< }
< if ((peer->stratum > 1 && peer->refid ==
< peer->dstadr->sin.sin_addr.s_addr) ||
< peer->stratum >= STRATUM_UNSPEC)
< hpoll++;
---
> if (memcmp((char *)&peer->refid, "RSTR", 4) ==
> 0)
> peer->burst = 0;
209,215c238,254
< hpoll = sys_poll;
< if (peer->flags & FLAG_BURST)
< peer->burst = NTP_SHIFT;
< }
< } else {
< peer->burst--;
< if (peer->burst == 0) {
---
> peer->burst--;
> if (peer->burst == 0) {
> /*
> * If a broadcast client at this point,
> * the burst has concluded, so we switch
> * to client mode and purge the keylist,
> * since no further transmissions will
> * be made.
> */
> if (peer->cast_flags & MDF_BCLNT) {
> peer->hmode = MODE_BCLIENT;
> #ifdef OPENSSL
> key_expire(peer);
> #endif /* OPENSSL */
> }
> poll_update(peer, hpoll);
> clock_select();
217,227c256,274
< /*
< * If a broadcast client at this point, the
< * burst has concluded, so we switch to client
< * mode and purge the keylist, since no further
< * transmissions will be made.
< */
< if (peer->cast_flags & MDF_BCLNT) {
< peer->hmode = MODE_BCLIENT;
< #ifdef AUTOKEY
< key_expire(peer);
< #endif /* AUTOKEY */
---
> /*
> * If ntpdate mode and the clock has not
> * been set and all peers have completed
> * the burst, we declare a successful
> * failure.
> */
> if (mode_ntpdate) {
> peer_ntpdate--;
> if (peer_ntpdate > 0) {
> poll_update(
> peer, hpoll);
> return;
> }
> msyslog(LOG_NOTICE,
> "no reply; clock not set");
> exit (0);
> }
> poll_update(peer, hpoll);
> return;
229,249d275
< poll_update(peer, hpoll);
< clock_select();
<
< /*
< * If ntpdate mode and the clock has not been
< * set and all peers have completed the burst,
< * we declare a successful failure.
< */
< if (mode_ntpdate) {
< peer_ntpdate--;
< if (peer_ntpdate > 0)
< return;
< NLOG(NLOG_SYNCEVENT | NLOG_SYSEVENT)
< msyslog(LOG_NOTICE,
< "no reply; clock not set");
< printf(
< "ntpd: no reply; clock not set\n");
< exit(0);
< }
< return;
<
253d278
< poll_update(peer, hpoll);
256,259c281,282
< * We need to be very careful about honking uncivilized time.
< * Never transmit if in broadcast client mode or access denied.
< * If in broadcast mode, transmit only if synchronized to a
< * valid source.
---
> * Do not transmit if in broadcast cclient mode or access has
> * been denied.
261a285
> poll_update(peer, hpoll);
263,265c287,293
< } else if (peer->hmode == MODE_BROADCAST) {
< if (sys_peer == NULL)
< return;
---
>
> /*
> * Do not transmit in broadcast mode unless we are synchronized.
> */
> } else if (peer->hmode == MODE_BROADCAST && sys_peer == NULL) {
> poll_update(peer, hpoll);
> return;
267a296
> poll_update(peer, hpoll);
278,291c307,324
< register struct peer *peer;
< register struct pkt *pkt;
< int hismode;
< int oflags;
< int restrict_mask;
< int has_mac; /* length of MAC field */
< int authlen; /* offset of MAC field */
< int is_authentic; /* cryptosum ok */
< keyid_t skeyid; /* cryptographic keys */
< struct sockaddr_in *dstadr_sin; /* active runway */
< #ifdef AUTOKEY
< keyid_t pkeyid, tkeyid; /* cryptographic keys */
< #endif /* AUTOKEY */
< struct peer *peer2;
---
> register struct peer *peer; /* peer structure pointer */
> register struct pkt *pkt; /* receive packet pointer */
> int hismode; /* packet mode */
> int restrict_mask; /* restrict bits */
> int has_mac; /* length of MAC field */
> int authlen; /* offset of MAC field */
> int is_authentic; /* cryptosum ok */
> keyid_t skeyid = 0; /* key ID */
> struct sockaddr_storage *dstadr_sin; /* active runway */
> struct peer *peer2; /* aux peer structure pointer */
> l_fp p_org; /* originate timestamp */
> l_fp p_xmt; /* transmit timestamp */
> #ifdef OPENSSL
> keyid_t tkeyid = 0; /* temporary key ID */
> keyid_t pkeyid = 0; /* previous key ID */
> struct autokey *ap; /* autokey structure pointer */
> int rval; /* cookie snatcher */
> #endif /* OPENSSL */
303a337,345
> /*
> * Bogus port check is before anything, since it probably
> * reveals a clogging attack.
> */
> sys_received++;
> if (SRCPORT(&rbufp->recv_srcadr) == 0) {
> sys_badlength++;
> return; /* bogus port */
> }
307,310c349,352
< if (debug > 2)
< printf("receive: at %ld %s<-%s restrict %02x\n",
< current_time, ntoa(&rbufp->dstadr->sin),
< ntoa(&rbufp->recv_srcadr), restrict_mask);
---
> if (debug > 1)
> printf("receive: at %ld %s<-%s restrict %03x\n",
> current_time, stoa(&rbufp->dstadr->sin),
> stoa(&rbufp->recv_srcadr), restrict_mask);
312c354,355
< if (restrict_mask & RES_IGNORE)
---
> if (restrict_mask & RES_IGNORE) {
> sys_restricted++;
314,323d356
<
< pkt = &rbufp->recv_pkt;
< if (PKT_VERSION(pkt->li_vn_mode) == NTP_VERSION) {
< sys_newversionpkt++; /* new version */
< } else if (!(restrict_mask & RES_VERSION) &&
< PKT_VERSION(pkt->li_vn_mode) >= NTP_OLDVERSION) {
< sys_oldversionpkt++; /* old version */
< } else {
< sys_unknownversion++;
< return; /* invalid version */
325,326c358,362
< if (PKT_MODE(pkt->li_vn_mode) == MODE_PRIVATE) {
< if (restrict_mask & RES_NOQUERY)
---
> pkt = &rbufp->recv_pkt;
> hismode = (int)PKT_MODE(pkt->li_vn_mode);
> if (hismode == MODE_PRIVATE) {
> if (restrict_mask & RES_NOQUERY) {
> sys_restricted++;
327a364
> }
332,333c369,371
< if (PKT_MODE(pkt->li_vn_mode) == MODE_CONTROL) {
< if (restrict_mask & RES_NOQUERY)
---
> if (hismode == MODE_CONTROL) {
> if (restrict_mask & RES_NOQUERY) {
> sys_restricted++;
334a373
> }
337a377,380
> if (restrict_mask & RES_DONTSERVE) {
> sys_restricted++;
> return; /* no time */
> }
341a385,398
>
> /*
> * Version check must be after the query packets, since they
> * intentionally use early version.
> */
> if (PKT_VERSION(pkt->li_vn_mode) == NTP_VERSION) {
> sys_newversionpkt++; /* new version */
> } else if (!(restrict_mask & RES_VERSION) &&
> PKT_VERSION(pkt->li_vn_mode) >= NTP_OLDVERSION) {
> sys_oldversionpkt++; /* previous version */
> } else {
> sys_unknownversion++;
> return; /* old version */
> }
344c401,404
< * Validate mode. Note that NTPv1 is no longer supported.
---
> * Figure out his mode and validate the packet. This has some
> * legacy raunch that probably should be removed. In very early
> * NTP versions mode 0 was equivalent to what later versions
> * would interpret as client mode.
346d405
< hismode = (int)PKT_MODE(pkt->li_vn_mode);
348,349c407,412
< sys_badlength++;
< return; /* invalid mode */
---
> if (PKT_VERSION(pkt->li_vn_mode) == NTP_OLDVERSION) {
> hismode = MODE_CLIENT;
> } else {
> sys_badlength++;
> return; /* invalid mode */
> }
353,354c416,420
< * Discard broadcast packets received on the wildcard interface
< * or if not enabled as broadcast client.
---
> * Discard broadcast if not enabled as broadcast client. If
> * Autokey, the wildcard interface cannot be used, so dump
> * packets gettiing off the bus at that stop as well. This means
> * that some systems with broken interface code, specifically
> * Linux, will not work with Autokey.
356,358c422,433
< if (PKT_MODE(pkt->li_vn_mode) == MODE_BROADCAST &&
< (rbufp->dstadr == any_interface || !sys_bclient))
< return;
---
> if (hismode == MODE_BROADCAST) {
> if (!sys_bclient || restrict_mask & RES_NOPEER) {
> sys_restricted++;
> return; /* no client */
> }
> #ifdef OPENSSL
> if (crypto_flags && rbufp->dstadr == any_interface) {
> sys_restricted++;
> return; /* no client */
> }
> #endif /* OPENSSL */
> }
371,374d445
< skeyid = 0;
< #ifdef AUTOKEY
< pkeyid = tkeyid = 0;
< #endif /* AUTOKEY */
376c447,448
< while ((has_mac = rbufp->recv_length - authlen) > 0) {
---
> has_mac = rbufp->recv_length - authlen;
> while (has_mac > 0) {
381c453
< return;
---
> return; /* bad MAC length */
391c463,464
< if (temp < 4 || temp % 4 != 0) {
---
> if (temp < 4 || temp > NTP_MAXEXTEN || temp % 4
> != 0) {
393c466
< return;
---
> return; /* bad MAC length */
395a469
> has_mac -= temp;
398c472
< return;
---
> return; /* bad MAC length */
400a475,477
> #ifdef OPENSSL
> pkeyid = tkeyid = 0;
> #endif /* OPENSSL */
407c484
< * MD5 or DES cycles, again to reduce exposure. There may be no
---
> * MD5 cycles, again to reduce exposure. There may be no
429,430c506,508
< current_time, ntoa(&rbufp->dstadr->sin),
< ntoa(&rbufp->recv_srcadr), hismode, retcode);
---
> current_time, stoa(&rbufp->dstadr->sin),
> stoa(&rbufp->recv_srcadr), hismode,
> retcode);
433c511
< #ifdef AUTOKEY
---
> #ifdef OPENSSL
476,477c554
< if (rbufp->dstadr->bcast.sin_addr.s_addr
< != 0)
---
> if (!SOCKNUL(&rbufp->dstadr->bcast))
485c562
< pkeyid = peer->pcookie.key;
---
> pkeyid = peer->pcookie;
508c585
< #endif /* AUTOKEY */
---
> #endif /* OPENSSL */
514c591,592
< * again.
---
> * again. If the packet is authentic, it may mobilize an
> * association.
517c595
< has_mac))
---
> has_mac)) {
519c597,598
< else
---
> restrict_mask &= ~RES_DONTTRUST;
> } else {
521c600,601
< #ifdef AUTOKEY
---
> }
> #ifdef OPENSSL
524c604
< #endif /* AUTOKEY */
---
> #endif /* OPENSSL */
529,530c609,610
< current_time, ntoa(dstadr_sin),
< ntoa(&rbufp->recv_srcadr), hismode, retcode,
---
> current_time, stoa(dstadr_sin),
> stoa(&rbufp->recv_srcadr), hismode, retcode,
542,544c622,625
< * aassociation; a server packet mobilizes a client association;
< * a symmetric active packet mobilizes a symmetric passive
< * association. And, the adventure continues...
---
> * aassociation; a manycast server packet mobilizes a manycast
> * client association; a symmetric active packet mobilizes a
> * symmetric passive association. And, the adventure
> * continues...
560,564c641,643
< * We are picky about responding to a
< * manycaster. There is no reason to respond to
< * a request if our time is worse than the
< * manycaster. We certainly don't reply if not
< * synchronized to proventic time.
---
> * There is no reason to respond to a request if
> * our time is worse than the manycaster or it
> * has already synchronized to us.
566,574c645,651
< if (sys_peer == NULL)
< return;
<
< /*
< * We don't reply if the our stratum is greater
< * than the manycaster.
< */
< if (PKT_TO_STRATUM(pkt->stratum) < sys_stratum)
< return;
---
> if (sys_peer == NULL ||
> PKT_TO_STRATUM(pkt->stratum) <
> sys_stratum || (sys_cohort &&
> PKT_TO_STRATUM(pkt->stratum) ==
> sys_stratum) ||
> rbufp->dstadr->addr_refid == pkt->refid)
> return; /* manycast dropped */
580c657
< * set the key ID to zero to tell the caller about this.
---
> * send a crypto-NAK to tell the caller about this.
582c659,661
< if (is_authentic)
---
> if (has_mac && !is_authentic)
> fast_xmit(rbufp, MODE_SERVER, 0, restrict_mask);
> else
585,586d663
< else
< fast_xmit(rbufp, MODE_SERVER, 0, restrict_mask);
599,603c676,680
< * First, make sure the packet is authentic. If so and
< * the manycast association is found, we mobilize a
< * client mode association, copy pertinent variables
< * from the manycast to the client mode association and
< * wind up the spring.
---
> * First, make sure the packet is authentic and not
> * restricted. If so and the manycast association is
> * found, we mobilize a client association and copy
> * pertinent variables from the manycast association to
> * the new client association.
607c684,685
< * immediately.
---
> * immediately. If the guy is already here, don't fire
> * up a duplicate.
609,612c687,690
< if ((restrict_mask & (RES_DONTSERVE | RES_LIMITED |
< RES_NOPEER)) || (sys_authenticate &&
< !is_authentic))
< return;
---
> if (restrict_mask & RES_DONTTRUST) {
> sys_restricted++;
> return; /* no trust */
> }
614,616c692,693
< peer2 = findmanycastpeer(rbufp);
< if (peer2 == 0)
< return;
---
> if (sys_authenticate && !is_authentic)
> return; /* bad auth */
618c695,698
< peer = newpeer(&rbufp->recv_srcadr, rbufp->dstadr,
---
> if ((peer2 = findmanycastpeer(rbufp)) == NULL)
> return; /* no assoc match */
>
> if ((peer = newpeer(&rbufp->recv_srcadr, rbufp->dstadr,
620,624c700,707
< sys_minpoll, NTP_MAXDPOLL, FLAG_IBURST |
< (peer2->flags & (FLAG_AUTHENABLE | FLAG_SKEY)),
< MDF_UCAST, 0, skeyid);
< if (peer == NULL)
< return;
---
> NTP_MINDPOLL, NTP_MAXDPOLL, FLAG_IBURST, MDF_UCAST |
> MDF_ACLNT, 0, skeyid)) == NULL)
> return; /* system error */
>
> /*
> * We don't need these, but it warms the billboards.
> */
> peer->ttl = peer2->ttl;
631,633c714,717
< * active peer. First, make sure the packet is
< * authentic. If so, mobilize a symmetric passive
< * association.
---
> * active peer. First, make sure it is authentic and not
> * restricted. If so, mobilize a passive association.
> * If authentication fails send a crypto-NAK; otherwise,
> * kiss the frog.
635,637c719,723
< if ((restrict_mask & (RES_DONTSERVE | RES_LIMITED |
< RES_NOPEER)) || (sys_authenticate &&
< !is_authentic)) {
---
> if (restrict_mask & RES_DONTTRUST) {
> sys_restricted++;
> return; /* no trust */
> }
> if (sys_authenticate && !is_authentic) {
640c726
< return;
---
> return; /* bad auth */
642c728
< peer = newpeer(&rbufp->recv_srcadr, rbufp->dstadr,
---
> if ((peer = newpeer(&rbufp->recv_srcadr, rbufp->dstadr,
644,647c730,733
< sys_minpoll, NTP_MAXDPOLL, sys_authenticate ?
< FLAG_AUTHENABLE : 0, MDF_UCAST, 0, skeyid);
< if (peer == NULL)
< return;
---
> NTP_MINDPOLL, NTP_MAXDPOLL, 0, MDF_UCAST, 0,
> skeyid)) == NULL)
> return; /* system error */
>
654,657c740,743
< * server. First, make sure the packet is authentic, not
< * restricted and that we are a broadcast or multicast
< * client. If so, mobilize a broadcast client
< * association.
---
> * server. First, make sure it is authentic and not
> * restricted and that we are a broadcast client. If so,
> * mobilize a broadcast client association. We don't
> * kiss any frogs here.
659,662c745,750
< if ((restrict_mask & (RES_DONTSERVE | RES_LIMITED |
< RES_NOPEER)) || (sys_authenticate &&
< !is_authentic) || !sys_bclient)
< return;
---
> if (restrict_mask & RES_DONTTRUST) {
> sys_restricted++;
> return; /* no trust */
> }
> if (sys_authenticate && !is_authentic)
> return; /* bad auth */
664c752,755
< peer = newpeer(&rbufp->recv_srcadr, rbufp->dstadr,
---
> if (!sys_bclient)
> return; /* not a client */
>
> if ((peer = newpeer(&rbufp->recv_srcadr, rbufp->dstadr,
666,676c757,786
< sys_minpoll, NTP_MAXDPOLL, FLAG_MCAST |
< FLAG_IBURST | (sys_authenticate ?
< FLAG_AUTHENABLE : 0), MDF_BCLNT, 0, skeyid);
< #ifdef AUTOKEY
< #ifdef PUBKEY
< if (peer == NULL)
< return;
< if (peer->flags & FLAG_SKEY)
< crypto_recv(peer, rbufp);
< #endif /* PUBKEY */
< #endif /* AUTOKEY */
---
> NTP_MINDPOLL, NTP_MAXDPOLL, FLAG_MCAST |
> FLAG_IBURST, MDF_BCLNT, 0, skeyid)) == NULL)
> return; /* system error */
> #ifdef OPENSSL
> /*
> * Danger looms. If this is autokey, go process the
> * extension fields. If something goes wrong, abandon
> * ship and don't trust subsequent packets.
> */
> if (crypto_flags) {
> if ((rval = crypto_recv(peer, rbufp)) !=
> XEVNT_OK) {
> struct sockaddr_storage mskadr_sin;
>
> unpeer(peer);
> sys_restricted++;
> SET_HOSTMASK(&mskadr_sin,
> rbufp->recv_srcadr.ss_family);
> hack_restrict(RESTRICT_FLAGS,
> &rbufp->recv_srcadr, &mskadr_sin,
> 0, RES_DONTTRUST | RES_TIMEOUT);
> #ifdef DEBUG
> if (debug)
> printf(
> "packet: bad exten %x\n",
> rval);
> #endif
> }
> }
> #endif /* OPENSSL */
679a790,796
>
> /*
> * This is a broadcast packet received in client mode.
> * It could happen if the initial client/server volley
> * is not complete before the next broadcast packet is
> * received. Be liberal in what we accept.
> */
683c800,807
< * Happiness and nothing broke. Earn some revenue.
---
> * This is a symmetric mode packet received in symmetric
> * mode, a server packet received in client mode or a
> * broadcast packet received in broadcast client mode.
> * If it is restricted, this is very strange because it
> * is rude to send a packet to a restricted address. If
> * anyway, flash a restrain kiss and skedaddle to
> * Seattle. If not authentic, leave a light on and
> * continue.
684a809,819
> peer->flash = 0;
> if (restrict_mask & RES_DONTTRUST) {
> sys_restricted++;
> if (peer->flags & FLAG_CONFIG)
> peer_clear(peer, "RSTR");
> else
> unpeer(peer);
> return; /* no trust */
> }
> if (has_mac && !is_authentic)
> peer->flash |= TEST5; /* bad auth */
690,691c825,832
< * Invalid mode combination. Leave the island
< * immediately.
---
> * Invalid mode combination. This happens when a passive
> * mode packet arrives and matches another passive
> * association or no association at all, or when a
> * server mode packet arrives and matches a broadcast
> * client association. This is usually the result of
> * reconfiguring a client on-fly. If authenticated
> * passive mode packet, send a crypto-NAK; otherwise,
> * ignore it.
692a834,835
> if (has_mac && hismode == MODE_PASSIVE)
> fast_xmit(rbufp, MODE_ACTIVE, 0, restrict_mask);
701,706c844,847
< * If the peer isn't configured, set his authenable and autokey
< * status based on the packet. Once the status is set, it can't
< * be unset. It seems like a silly idea to do this here, rather
< * in the configuration routine, but in some goofy cases the
< * first packet sent cannot be authenticated and we need a way
< * for the dude to change his mind.
---
> * We do a little homework. Note we can get here with an
> * authentication error. We Need to do this in order to validate
> * a crypto-NAK later. Note the order of processing; it is very
> * important to avoid livelocks, deadlocks and lockpicks.
708d848
< oflags = peer->flags;
711,717c851,856
< if (!(peer->flags & FLAG_CONFIG) && has_mac) {
< peer->flags |= FLAG_AUTHENABLE;
< #ifdef AUTOKEY
< if (skeyid > NTP_MAXKEY)
< peer->flags |= FLAG_SKEY;
< #endif /* AUTOKEY */
< }
---
> if (peer->flash & TEST5)
> peer->flags &= ~FLAG_AUTHENTIC;
> else
> peer->flags |= FLAG_AUTHENTIC;
> NTOHL_FP(&pkt->org, &p_org);
> NTOHL_FP(&pkt->xmt, &p_xmt);
720,726c859,860
< * A valid packet must be from an authentic and allowed source.
< * All packets must pass the authentication allowed tests.
< * Autokey authenticated packets must pass additional tests and
< * public-key authenticated packets must have the credentials
< * verified. If all tests are passed, the packet is forwarded
< * for processing. If not, the packet is discarded and the
< * association demobilized if appropriate.
---
> * If the packet is an old duplicate, we let it through so the
> * extension fields will be processed.
728,730c862,943
< peer->flash = 0;
< if (is_authentic) {
< peer->flags |= FLAG_AUTHENTIC;
---
> if (L_ISEQU(&peer->org, &p_xmt)) { /* test 1 */
> peer->flash |= TEST1; /* dupe */
> /* fall through */
>
> /*
> * For broadcast server mode, loopback checking is disabled. An
> * authentication error probably means the server restarted or
> * rolled a new private value. If so, dump the association
> * and wait for the next message.
> */
> } else if (hismode == MODE_BROADCAST) {
> if (peer->flash & TEST5) {
> unpeer(peer);
> return;
> }
> /* fall through */
>
> /*
> * For server and symmetric modes, if the association transmit
> * timestamp matches the packet originate timestamp, loopback is
> * confirmed. Note in symmetric modes this also happens when the
> * first packet from the active peer arrives at the newly
> * mobilized passive peer. An authentication error probably
> * means the server or peer restarted or rolled a new private
> * value, but could be an intruder trying to stir up trouble.
> * However, if this is a crypto-NAK, we know it is authentic, so
> * dump the association and wait for the next message.
> */
> } else if (L_ISEQU(&peer->xmt, &p_org)) {
> if (peer->flash & TEST5) {
> if (has_mac == 4 && pkt->exten[0] == 0) {
> if (peer->flags & FLAG_CONFIG)
> peer_clear(peer, "AUTH");
> else
> unpeer(peer);
> }
> return;
> }
> /* fall through */
>
> /*
> * If the client or passive peer has never transmitted anything,
> * this is either the first message from a symmetric peer or
> * possibly a duplicate received before the transmit timeout.
> * Pass it on.
> */
> } else if (L_ISZERO(&peer->xmt)) {
> /* fall through */
>
> /*
> * Now it gets interesting. We have transmitted at least one
> * packet. If the packet originate timestamp is nonzero, it
> * does not match the association transmit timestamp, which is a
> * loopback error. This error might mean a manycast server has
> * answered a manycast honk from us and we already have an
> * association for him, in which case quietly drop the packet
> * here. It might mean an old duplicate, dropped packet or
> * intruder replay, in which case we drop it later after
> * extension field processing, but never let it touch the time
> * values.
> */
> } else if (!L_ISZERO(&p_org)) {
> if (peer->cast_flags & MDF_ACLNT)
> return; /* not a client */
>
> peer->flash |= TEST2;
> /* fall through */
>
> /*
> * The packet originate timestamp is zero, meaning the other guy
> * either didn't receive the first packet or died and restarted.
> * If the association originate timestamp is zero, this is the
> * first packet received, so we pass it on.
> */
> } else if (L_ISZERO(&peer->org)) {
> /* fall through */
>
> /*
> * The other guy has restarted and we are still on the wire. We
> * should demobilize/clear and get out of Dodge. If this is
> * symmetric mode, we should also send a crypto-NAK.
> */
732,744c945,950
< peer->flags &= ~FLAG_AUTHENTIC;
< }
< if (peer->hmode == MODE_BROADCAST &&
< (restrict_mask & RES_DONTTRUST)) /* test 4 */
< peer->flash |= TEST4; /* access denied */
< if (peer->flags & FLAG_AUTHENABLE) {
< if (!(peer->flags & FLAG_AUTHENTIC)) /* test 5 */
< peer->flash |= TEST5; /* auth failed */
< else if (!(oflags & FLAG_AUTHENABLE))
< report_event(EVNT_PEERAUTH, peer);
< }
< if (peer->flash) {
< #ifdef DEBUG
---
> if (hismode == MODE_ACTIVE)
> fast_xmit(rbufp, MODE_PASSIVE, 0,
> restrict_mask);
> else if (hismode == MODE_PASSIVE)
> fast_xmit(rbufp, MODE_ACTIVE, 0, restrict_mask);
> #if DEBUG
746c952
< printf("receive: bad auth %03x\n", peer->flash);
---
> printf("receive: dropped %03x\n", peer->flash);
747a954,957
> if (peer->flags & FLAG_CONFIG)
> peer_clear(peer, "DROP");
> else
> unpeer(peer);
749a960,962
> if (peer->flash & ~TEST2) {
> return;
> }
751c964
< #ifdef AUTOKEY
---
> #ifdef OPENSSL
757c970,974
< * 2. If an extension field contains a verified signature, it is
---
> * 2. If this packet is in response to the one just previously
> * sent or from a broadcast server, do the extension fields.
> * Otherwise, assume bogosity and bail out.
> *
> * 3. If an extension field contains a verified signature, it is
760c977
< * 3. If this is a server reply, check only to see that the
---
> * 4. If this is a server reply, check only to see that the
763c980
< * 4. Check to see that one or more hashes of the current key ID
---
> * 5. Check to see that one or more hashes of the current key ID
768c985
< if (peer->flags & FLAG_SKEY) {
---
> if (crypto_flags && (peer->flags & FLAG_SKEY)) {
770,772c987,991
< crypto_recv(peer, rbufp);
< poll_update(peer, peer->hpoll);
< if (hismode == MODE_SERVER) {
---
> rval = crypto_recv(peer, rbufp);
> if (rval != XEVNT_OK) {
> /* fall through */
>
> } else if (hismode == MODE_SERVER) {
777c996,997
< } else {
---
> } else if ((ap = (struct autokey *)peer->recval.ptr) !=
> NULL) {
782c1002
< tkeyid == peer->recauto.key) {
---
> tkeyid == ap->key) {
787c1007
< if (i > peer->recauto.seq)
---
> if (i > ap->seq)
794c1014,1015
< #ifdef PUBKEY
---
> if (!(peer->crypto & CRYPTO_FLAG_PROV)) /* test 11 */
> peer->flash |= TEST11; /* not proventic */
797,802c1018,1019
< * This is delicious. Ordinarily, we kick out all errors
< * at this point; however, in symmetric mode and just
< * warming up, an unsynchronized peer must inject the
< * timestamps, even if it fails further up the road. So,
< * let the dude by here, but only if the jerk is not yet
< * reachable. After that, he's on his own.
---
> * If the transmit queue is nonempty, clamp the host
> * poll interval to the packet poll interval.
804,806c1021,1041
< if (!(peer->flags & FLAG_PROVEN))
< peer->flash |= TEST11;
< if (peer->flash && peer->reach) {
---
> if (peer->cmmd != 0) {
> peer->ppoll = pkt->ppoll;
> poll_update(peer, 0);
> }
>
> /*
> * If the return code from extension field processing is
> * not okay, we scrub the association and start over.
> */
> if (rval != XEVNT_OK) {
>
> /*
> * If the return code is bad, the crypto machine
> * may be jammed or an intruder may lurk. First,
> * we demobilize the association, then see if
> * the error is recoverable.
> */
> if (peer->flags & FLAG_CONFIG)
> peer_clear(peer, "CRYP");
> else
> unpeer(peer);
809c1044,1061
< printf("packet: bad autokey %03x\n",
---
> printf("packet: bad exten %x\n", rval);
> #endif
> return;
> }
>
> /*
> * If TEST10 is lit, the autokey sequence has broken,
> * which probably means the server has refreshed its
> * private value. We reset the poll interval to the
> & minimum and scrub the association clean.
> */
> if (peer->flash & TEST10 && peer->crypto &
> CRYPTO_FLAG_AUTO) {
> poll_update(peer, peer->minpoll);
> #ifdef DEBUG
> if (debug)
> printf(
> "packet: bad auto %03x\n",
811a1064,1067
> if (peer->flags & FLAG_CONFIG)
> peer_clear(peer, "AUTO");
> else
> unpeer(peer);
814d1069
< #endif /* PUBKEY */
816c1071
< #endif /* AUTOKEY */
---
> #endif /* OPENSSL */
822c1077,1079
< * transmit routine if not reachable after timeout.
---
> * transmit routine if not reachable after timeout. However, if
> * either symmetric mode and the crypto code has something
> * urgent to say, we expedite the response.
838c1095
< l_fp *recv_ts
---
> l_fp *recv_ts
841,846c1098,1103
< l_fp t10, t23;
< double p_offset, p_del, p_disp;
< double dtemp;
< l_fp p_rec, p_xmt, p_org, p_reftime;
< l_fp ci;
< int pmode, pleap, pstratum;
---
> l_fp t34, t21;
> double p_offset, p_del, p_disp;
> double dtemp;
> l_fp p_rec, p_xmt, p_org, p_reftime;
> l_fp ci;
> u_char pmode, pleap, pstratum;
861c1118,1120
< if (PKT_MODE(pkt->li_vn_mode) != MODE_BROADCAST)
---
> pmode = PKT_MODE(pkt->li_vn_mode);
> pleap = PKT_LEAP(pkt->li_vn_mode);
> if (pmode != MODE_BROADCAST)
864a1124
> pstratum = PKT_TO_STRATUM(pkt->stratum);
867c1127
< * Test for old, duplicate or unsynch packets (tests 1-3).
---
> * Test for unsynchronized server.
869,872d1128
< peer->rec = *recv_ts;
< pmode = PKT_MODE(pkt->li_vn_mode);
< pleap = PKT_LEAP(pkt->li_vn_mode);
< pstratum = PKT_TO_STRATUM(pkt->stratum);
875,883c1131,1132
< if (L_ISEQU(&peer->org, &p_xmt)) /* 1 */
< peer->flash |= TEST1; /* dupe */
< if (pmode != MODE_BROADCAST) {
< if (!L_ISEQU(&peer->xmt, &p_org)) /* 2 */
< peer->flash |= TEST2; /* bogus */
< if (L_ISZERO(&p_rec) || L_ISZERO(&p_org)) /* test 3 */
< peer->flash |= TEST3; /* unsynch */
< }
< if (L_ISZERO(&p_xmt)) /* 3 */
---
> if (pmode != MODE_BROADCAST && (L_ISZERO(&p_rec) ||
> L_ISZERO(&p_org))) /* test 3 */
885c1134,1135
< peer->org = p_xmt;
---
> if (L_ISZERO(&p_xmt)) /* test 3 */
> peer->flash |= TEST3; /* unsynch */
888,890c1138,1143
< * If tests 1-3 fail, the packet is discarded leaving only the
< * receive and origin timestamps and poll interval, which is
< * enough to get the protocol started.
---
> * If any tests fail, the packet is discarded leaving only the
> * timestamps, which are enough to get the protocol started. The
> * originate timestamp is copied from the packet transmit
> * timestamp and the receive timestamp is copied from the
> * packet receive timestamp. If okay so far, we save the leap,
> * stratum and refid for billboards.
891a1145,1146
> peer->org = p_xmt;
> peer->rec = *recv_ts;
895,896c1150,1151
< printf("packet: bad data %03x\n",
< peer->flash);
---
> printf("packet: bad data %03x from address: %s\n",
> peer->flash, stoa(&peer->srcadr));
899a1155,1157
> peer->leap = pleap;
> peer->stratum = pstratum;
> peer->refid = pkt->refid;
902,926d1159
< * A kiss-of-death (kod) packet is returned by a server in case
< * the client is denied access. It consists of the client
< * request packet with the leap bits indicating never
< * synchronized, stratum zero and reference ID field the ASCII
< * string "DENY". If the packet originate timestamp matches the
< * association transmit timestamp the kod is legitimate. If the
< * peer leap bits indicate never synchronized, this must be
< * access deny and the association is disabled; otherwise this
< * must be a limit reject. In either case a naughty message is
< * forced to the system log.
< */
< if (pleap == LEAP_NOTINSYNC && pstratum >= STRATUM_UNSPEC &&
< memcmp(&pkt->refid, "DENY", 4) == 0) {
< if (peer->leap == LEAP_NOTINSYNC) {
< peer->stratum = STRATUM_UNSPEC;
< peer->flash |= TEST4;
< memcpy(&peer->refid, &pkt->refid, 4);
< msyslog(LOG_INFO, "access denied");
< } else {
< msyslog(LOG_INFO, "limit reject");
< }
< return;
< }
<
< /*
932c1165
< if (pleap == LEAP_NOTINSYNC || /* 6 */
---
> if (pleap == LEAP_NOTINSYNC || /* test 6 */
935,936c1168,1169
< if (!(peer->flags & FLAG_CONFIG) && sys_peer != NULL) { /* 7 */
< if (pstratum > sys_stratum && pmode != MODE_ACTIVE) {
---
> if (!(peer->flags & FLAG_CONFIG) && sys_peer != NULL) { /* test 7 */
> if (pstratum > sys_stratum && pmode != MODE_ACTIVE)
938,939d1170
< sys_badstratum++;
< }
941c1172
< if (p_del < 0 || p_disp < 0 || p_del / /* 8 */
---
> if (p_del < 0 || p_disp < 0 || p_del / /* test 8 */
943c1174,1178
< peer->flash |= TEST8; /* bad peer distance */
---
> peer->flash |= TEST8; /* bad peer values */
>
> /*
> * If any tests fail at this point, the packet is discarded.
> */
959d1193
< peer->leap = pleap;
961d1194
< peer->stratum = pstratum;
966d1198
< peer->refid = pkt->refid;
974c1206
< poll_update(peer, peer->hpoll);
---
> poll_update(peer, 0);
985,987c1217
< * c = ((t2 - t3) + (t1 - t0)) / 2
< * d = (t2 - t3) - (t1 - t0)
< * e = (org - rec) (seconds only)
---
> * Let t1 = p_org, t2 = p_rec, t3 = p_xmt, t4 = peer->rec:
989,994c1219,1226
< t10 = p_xmt; /* compute t1 - t0 */
< L_SUB(&t10, &peer->rec);
< t23 = p_rec; /* compute t2 - t3 */
< L_SUB(&t23, &p_org);
< ci = t10;
< p_disp = clock_phi * (peer->rec.l_ui - p_org.l_ui);
---
> t34 = p_xmt; /* t3 - t4 */
> L_SUB(&t34, &peer->rec);
> t21 = p_rec; /* t2 - t1 */
> L_SUB(&t21, &p_org);
> ci = peer->rec; /* t4 - t1 */
> L_SUB(&ci, &p_org);
> LFPTOD(&ci, p_disp);
> p_disp = clock_phi * max(p_disp, LOGTOD(sys_precision));
1004a1237
> ci = t34;
1014,1015c1247,1248
< DTOLFP(peer->estbdelay, &t10);
< L_ADD(&ci, &t10);
---
> DTOLFP(peer->estbdelay, &t34);
> L_ADD(&ci, &t34);
1018c1251
< L_ADD(&ci, &t23);
---
> L_ADD(&ci, &t21); /* (t2 - t1) + (t3 - t4) */
1020,1021c1253,1254
< L_SUB(&t23, &t10);
< LFPTOD(&t23, p_del);
---
> L_SUB(&t21, &t34); /* (t2 - t1) - (t3 - t4) */
> LFPTOD(&t21, p_del);
1026,1027c1259,1260
< p_disp >= MAXDISPERSE) /* 9 */
< peer->flash |= TEST9; /* bad peer distance */
---
> p_disp >= MAXDISPERSE) /* test 9 */
> peer->flash |= TEST9; /* bad root distance */
1060,1061c1293,1294
< * system peer and we haven't seen that peer lately. Watch for
< * timewarps here.
---
> * system peer and the peer epoch is not older than the last
> * update.
1065c1298
< if (sys_peer->pollsw == FALSE || sys_peer->burst > 0)
---
> if (sys_peer->epoch <= last_time)
1067d1299
< sys_peer->pollsw = FALSE;
1081,1082c1313,1314
< report_event(EVNT_SYSFAULT, (struct peer *)0);
< exit(1);
---
> report_event(EVNT_SYSFAULT, NULL);
> exit (-1);
1091a1324
> memcpy(&sys_refid, "STEP", 4);
1093,1095c1326,1330
< NLOG(NLOG_SYNCSTATUS)
< msyslog(LOG_INFO, "synchronisation lost");
< report_event(EVNT_CLOCKRESET, (struct peer *)0);
---
> report_event(EVNT_CLOCKRESET, NULL);
> #ifdef OPENSSL
> if (oleap != LEAP_NOTINSYNC)
> expire_all();
> #endif /* OPENSSL */
1105,1106c1340,1341
< sys_stratum = sys_peer->stratum + 1;
< if (sys_stratum == 1)
---
> sys_stratum = (u_char) (sys_peer->stratum + 1);
> if (sys_stratum == 1 || sys_stratum == STRATUM_UNSPEC)
1109c1344
< sys_refid = sys_peer->srcadr.sin_addr.s_addr;
---
> sys_refid = sys_peer_refid;
1112a1348,1353
> if (oleap == LEAP_NOTINSYNC) {
> report_event(EVNT_SYNCCHG, NULL);
> #ifdef OPENSSL
> expire_all();
> #endif /* OPENSSL */
> }
1114,1119d1354
< if (oleap == LEAP_NOTINSYNC) {
< report_event(EVNT_SYNCCHG, (struct peer *)0);
< #ifdef AUTOKEY
< expire_all();
< #endif /* AUTOKEY */
< }
1121c1356
< report_event(EVNT_PEERSTCHG, (struct peer *)0);
---
> report_event(EVNT_PEERSTCHG, NULL);
1131c1366
< int hpoll
---
> int hpoll
1134,1136c1369,1371
< #ifdef AUTOKEY
< int oldpoll;
< #endif /* AUTOKEY */
---
> #ifdef OPENSSL
> int oldpoll;
> #endif /* OPENSSL */
1146c1381
< #ifdef AUTOKEY
---
> #ifdef OPENSSL
1148,1154c1383,1391
< #endif /* AUTOKEY */
< if (hpoll > peer->maxpoll)
< peer->hpoll = peer->maxpoll;
< else if (hpoll < peer->minpoll)
< peer->hpoll = peer->minpoll;
< else
< peer->hpoll = hpoll;
---
> #endif /* OPENSSL */
> if (hpoll > 0) {
> if (hpoll > peer->maxpoll)
> peer->hpoll = peer->maxpoll;
> else if (hpoll < peer->minpoll)
> peer->hpoll = peer->minpoll;
> else
> peer->hpoll = (u_char)hpoll;
> }
1157,1164c1394,1399
< * Bit of adventure here. If during a burst and not timeout,
< * just slink away. If timeout, figure what the next timeout
< * should be. If IBURST or a reference clock, use one second. If
< * not and the dude was reachable during the previous poll
< * interval, randomize over 1-4 seconds; otherwise, randomize
< * over 15-18 seconds. This is to give time for a modem to
< * complete the call, for example. If not during a burst,
< * randomize over the poll interval -1 to +2 seconds.
---
> * Bit of adventure here. If during a burst and not a poll, just
> * slink away. If a poll, figure what the next poll should be.
> * If a burst is pending and a reference clock or a pending
> * crypto response, delay for one second. If the first sent in a
> * burst, delay ten seconds for the modem to come up. For others
> * in the burst, delay two seconds.
1169c1404
< * up to 17.1 s, the beacon interval settles up to 2.3 hours.
---
> * up to 1024 s, the beacon interval settles up to 2.3 hours.
1170a1406,1411
> #ifdef OPENSSL
> if (peer->cmmd != NULL && (sys_leap != LEAP_NOTINSYNC ||
> peer->crypto)) {
> peer->nextdate = current_time + RESP_DELAY;
> } else if (peer->burst > 0) {
> #else /* OPENSSL */
1172c1413,1414
< if (peer->nextdate != current_time)
---
> #endif /* OPENSSL */
> if (hpoll == 0 && peer->nextdate != current_time)
1176c1418
< peer->nextdate++;
---
> peer->nextdate += RESP_DELAY;
1178,1179c1420,1422
< else if (peer->reach & 0x1)
< peer->nextdate += RANDPOLL(BURST_INTERVAL2);
---
> else if (peer->flags & (FLAG_IBURST | FLAG_BURST) &&
> peer->burst == NTP_BURST)
> peer->nextdate += sys_calldelay;
1181c1424
< peer->nextdate += RANDPOLL(BURST_INTERVAL1);
---
> peer->nextdate += BURST_DELAY;
1183,1184c1426,1428
< if (sys_survivors < NTP_MINCLOCK)
< peer->kpoll = peer->hpoll;
---
> if (sys_survivors >= sys_minclock || peer->ttl >=
> sys_ttlmax)
> peer->kpoll = (u_char) (peer->hpoll + 3);
1186c1430
< peer->kpoll = peer->hpoll + 3;
---
> peer->kpoll = peer->hpoll;
1189,1190c1433,1434
< peer->kpoll = max(min(peer->ppoll, peer->hpoll),
< peer->minpoll);
---
> peer->kpoll = (u_char) max(min(peer->ppoll,
> peer->hpoll), peer->minpoll);
1195c1439
< #ifdef AUTOKEY
---
> #ifdef OPENSSL
1204c1448
< #endif /* AUTOKEY */
---
> #endif /* OPENSSL */
1220c1464,1465
< register struct peer *peer
---
> struct peer *peer, /* peer structure */
> char *ident /* tally lights */
1223,1224c1468
< register int i;
< u_long u_rand;
---
> u_char oreach, i;
1235,1240c1479,1480
< #ifdef DEBUG
< if (debug)
< printf("peer_clear: at %ld assoc ID %d\n", current_time,
< peer->associd);
< #endif
< #ifdef AUTOKEY
---
> oreach = peer->reach;
> #ifdef OPENSSL
1242,1251c1482,1501
< #ifdef PUBKEY
< if (peer->keystr != NULL)
< free(peer->keystr);
< if (peer->pubkey.ptr != NULL)
< free(peer->pubkey.ptr);
< if (peer->certif.ptr != NULL)
< free(peer->certif.ptr);
< #endif /* PUBKEY */
< #endif /* AUTOKEY */
< memset(CLEAR_TO_ZERO(peer), 0, LEN_CLEAR_TO_ZERO);
---
> if (peer->pkey != NULL)
> EVP_PKEY_free(peer->pkey);
> if (peer->ident_pkey != NULL)
> EVP_PKEY_free(peer->ident_pkey);
> if (peer->subject != NULL)
> free(peer->subject);
> if (peer->issuer != NULL)
> free(peer->issuer);
> if (peer->iffval != NULL)
> BN_free(peer->iffval);
> if (peer->grpkey != NULL)
> BN_free(peer->grpkey);
> if (peer->cmmd != NULL)
> free(peer->cmmd);
> value_free(&peer->cookval);
> value_free(&peer->recval);
> value_free(&peer->tai_leap);
> value_free(&peer->encrypt);
> value_free(&peer->sndval);
> #endif /* OPENSSL */
1254,1258c1504
< * If he dies as a broadcast client, he comes back to life as
< * a broadcast client in client mode in order to recover the
< * initial autokey values. Note that there is no need to call
< * clock_select(), since the perp has already been voted off
< * the island at this point.
---
> * Wipe the association clean and initialize the nonzero values.
1260,1264c1506,1508
< if (peer->cast_flags & MDF_BCLNT) {
< peer->flags |= FLAG_MCAST;
< peer->hmode = MODE_CLIENT;
< }
< peer->flags &= ~(FLAG_AUTOKEY | FLAG_ASSOC);
---
> memset(CLEAR_TO_ZERO(peer), 0, LEN_CLEAR_TO_ZERO);
> if (peer == sys_peer)
> sys_peer = NULL;
1268d1511
< peer->pollsw = FALSE;
1274a1518
> memcpy(&peer->refid, ident, 4);
1275a1520,1523
> #else
> peer->leap = LEAP_NOTINSYNC;
> peer->stratum = STRATUM_UNSPEC;
> memcpy(&peer->refid, ident, 4);
1284c1532,1534
< * Randomize the first poll over 1-16s to avoid bunching.
---
> * If he dies as a broadcast client, he comes back to life as
> * a broadcast client in client mode in order to recover the
> * initial autokey values.
1286,1289c1536,1560
< peer->update = peer->outdate = current_time;
< u_rand = RANDOM;
< peer->nextdate = current_time + (u_rand & ((1 <<
< BURST_INTERVAL1) - 1)) + 1;
---
> if (peer->cast_flags & MDF_BCLNT) {
> peer->flags |= FLAG_MCAST;
> peer->hmode = MODE_CLIENT;
> }
>
> /*
> * Randomize the first poll to avoid bunching, but only if the
> * rascal has never been heard. During initialization use the
> * association count to spread out the polls at one-second
> * intervals.
> */
> peer->nextdate = peer->update = peer->outdate = current_time;
> peer->burst = 0;
> if (oreach)
> poll_update(peer, 0);
> else if (initializing)
> peer->nextdate = current_time + peer_associations;
> else
> peer->nextdate = current_time + (u_int)RANDOM %
> peer_associations;
> #ifdef DEBUG
> if (debug)
> printf("peer_clear: at %ld assoc ID %d refid %s\n",
> current_time, peer->associd, ident);
> #endif
1299,1302c1570,1573
< register struct peer *peer, /* peer structure pointer */
< double sample_offset, /* clock offset */
< double sample_delay, /* roundtrip delay */
< double sample_disp /* dispersion */
---
> struct peer *peer, /* peer structure pointer */
> double sample_offset, /* clock offset */
> double sample_delay, /* roundtrip delay */
> double sample_disp /* dispersion */
1305,1308c1576,1579
< double dst[NTP_SHIFT]; /* distance vector */
< int ord[NTP_SHIFT]; /* index vector */
< register int i, j, k, m;
< double dsp, jit, dtemp, etemp;
---
> double dst[NTP_SHIFT]; /* distance vector */
> int ord[NTP_SHIFT]; /* index vector */
> int i, j, k, m;
> double dsp, jit, dtemp, etemp;
1325,1327c1596,1597
< peer->filter_epoch[j] = current_time;
< j++; j %=NTP_SHIFT;
< peer->filter_nextpt = j;
---
> j++; j %= NTP_SHIFT;
> peer->filter_nextpt = (u_short) j;
1339c1609
< if (i != 0) {
---
> if (i != 0)
1341,1343c1611,1612
< if (peer->filter_disp[j] > MAXDISPERSE)
< peer->filter_disp[j] = MAXDISPERSE;
< }
---
> if (peer->filter_disp[j] >= MAXDISPERSE)
> peer->filter_disp[j] = MAXDISPERSE;
1350c1619
< dst[i] = peer->filter_delay[j];
---
> dst[i] = peer->filter_delay[j];
1353a1623
> peer->filter_epoch[j] = current_time;
1379c1649
< peer->filter_order[i] = ord[i];
---
> peer->filter_order[i] = (u_char) ord[i];
1392,1393c1662
< * tiptoe home leaving only the
< * dispersion.
---
> * tiptoe home leaving only the dispersion.
1416c1685,1686
< etemp = peer->offset;
---
> etemp = fabs(peer->offset - peer->filter_offset[k]);
> dtemp = sqrt(peer->jitter);
1425c1695
< * one used.
---
> * one used, but only if the sucker has been synchronized.
1427c1697,1698
< if (peer->filter_epoch[k] <= peer->epoch) {
---
> if (peer->filter_epoch[k] <= peer->epoch && sys_leap !=
> LEAP_NOTINSYNC) {
1438,1439c1709,1710
< * exceeds the jitter by CLOCK_SGATE (4) and the interval since
< * the last update is less than twice the system poll interval,
---
> * exceeds the jitter by CLOCK_SGATE and the interval since the
> * last update is less than twice the system poll interval,
1442,1444c1713,1715
< if (m > 1 && fabs(peer->offset - etemp) > SQRT(peer->jitter) *
< CLOCK_SGATE && peer->filter_epoch[k] - peer->epoch <
< (1 << (sys_poll + 1))) {
---
> if (m > 1 && etemp > CLOCK_SGATE * dtemp &&
> (long)(peer->filter_epoch[k] - peer->epoch) < (1 << (sys_poll +
> 1))) {
1447,1448c1718,1719
< printf("clock_filter: n %d popcorn spike %.6f jitter %.6f\n",
< m, peer->offset, SQRT(peer->jitter));
---
> printf("clock_filter: popcorn %.6f %.6f\n",
> etemp, dtemp);
1455c1726
< * processing, but can be processed only once.
---
> * processing.
1458d1728
< peer->pollsw = TRUE;
1470a1741,1745
> *
> * LOCKCLOCK: If the local clock is the prefer peer, it will always be
> * enabled, even if declared falseticker, (2) only the prefer peer can
> * be selected as the system peer, (3) if the external source is down,
> * the system leap bits are set to 11 and the stratum set to infinity.
1475,1481c1750,1757
< register struct peer *peer;
< int i, j, k, n;
< int nreach, nlist, nl3;
< double d, e, f;
< int allow, found, sw;
< double high, low;
< double synch[NTP_MAXCLOCK], error[NTP_MAXCLOCK];
---
> struct peer *peer;
> int i, j, k, n;
> int nlist, nl3;
>
> double d, e, f;
> int allow, sw, osurv;
> double high, low;
> double synch[NTP_MAXCLOCK], error[NTP_MAXCLOCK];
1501a1778,1779
> osurv = sys_survivors;
> sys_survivors = 0;
1503,1505c1781,1786
< nreach = nlist = 0;
< low = 1e9;
< high = -1e9;
---
> #ifdef LOCKCLOCK
> sys_leap = LEAP_NOTINSYNC;
> sys_stratum = STRATUM_UNSPEC;
> memcpy(&sys_refid, "DOWN", 4);
> #endif /* LOCKCLOCK */
> nlist = 0;
1520,1522c1801,1803
< endpoint = (struct endpoint *)emalloc(endpoint_size);
< indx = (int *)emalloc(indx_size);
< peer_list = (struct peer **)emalloc(peer_list_size);
---
> endpoint = emalloc(endpoint_size);
> indx = emalloc(indx_size);
> peer_list = emalloc(peer_list_size);
1532,1533c1813,1814
< * has dwindled to NTP_MINCLOCK (3), the survivors split a
< * million bucks and collectively crank the chimes.
---
> * has dwindled to sys_minclock, the survivors split a million
> * bucks and collectively crank the chimes.
1543,1554c1824,1827
< * A peer leaves the island immediately if
< * unreachable, synchronized to us or suffers
< * excessive root distance. Careful with the
< * root distance, since the poll interval can
< * increase to a day and a half.
< */
< if (!peer->reach || (peer->stratum > 1 &&
< peer->refid ==
< peer->dstadr->sin.sin_addr.s_addr) ||
< peer->stratum >= STRATUM_UNSPEC ||
< (root_distance(peer) >= MAXDISTANCE + 2 *
< clock_phi * ULOGTOD(sys_poll)))
---
> * Leave the island immediately if the peer is
> * unfit to synchronize.
> */
> if (peer_unfit(peer))
1566,1567c1839,1841
< /* wjm: local unit VMS_LOCALUNIT taken seriously */
< && REFCLOCKUNIT(&peer->srcadr) != VMS_LOCALUNIT
---
> /* wjm: VMS_LOCALUNIT taken seriously */
> && REFCLOCKUNIT(&peer->srcadr) !=
> VMS_LOCALUNIT
1572a1847,1850
> #ifdef LOCKCLOCK
> else
> sys_prefer = peer;
> #endif /* LOCKCLOCK */
1585d1862
< nreach++;
1606c1883
< for ( ; i >= 0; i--) {
---
> for (; i >= 0; i--) {
1616c1893
< for ( ; i >= 0; i--) {
---
> for (; i >= 0; i--) {
1633,1641c1910,1944
< i = 0;
< j = nl3 - 1;
< allow = nlist; /* falsetickers assumed */
< found = 0;
< while (allow > 0) {
< allow--;
< for (n = 0; i <= j; i++) {
< n += endpoint[indx[i]].type;
< if (n < 0)
---
> /*
> * This is the actual algorithm that cleaves the truechimers
> * from the falsetickers. The original algorithm was described
> * in Keith Marzullo's dissertation, but has been modified for
> * better accuracy.
> *
> * Briefly put, we first assume there are no falsetickers, then
> * scan the candidate list first from the low end upwards and
> * then from the high end downwards. The scans stop when the
> * number of intersections equals the number of candidates less
> * the number of falsetickers. If this doesn't happen for a
> * given number of falsetickers, we bump the number of
> * falsetickers and try again. If the number of falsetickers
> * becomes equal to or greater than half the number of
> * candidates, the Albanians have won the Byzantine wars and
> * correct synchronization is not possible.
> *
> * Here, nlist is the number of candidates and allow is the
> * number of falsetickers.
> */
> low = 1e9;
> high = -1e9;
> for (allow = 0; 2 * allow < nlist; allow++) {
> int found;
>
> /*
> * Bound the interval (low, high) as the largest
> * interval containing points from presumed truechimers.
> */
> found = 0;
> n = 0;
> for (i = 0; i < nl3; i++) {
> low = endpoint[indx[i]].val;
> n -= endpoint[indx[i]].type;
> if (n >= nlist - allow)
1646c1949,1951
< for (n = 0; i <= j; j--) {
---
> n = 0;
> for (j = nl3 - 1; j >= 0; j--) {
> high = endpoint[indx[j]].val;
1648c1953
< if (n > 0)
---
> if (n >= nlist - allow)
1652a1958,1965
>
> /*
> * If the number of candidates found outside the
> * interval is greater than the number of falsetickers,
> * then at least one truechimer is outside the interval,
> * so go around again. This is what makes this algorithm
> * different than Marzullo's.
> */
1653a1967,1974
> continue;
>
> /*
> * If an interval containing truechimers is found, stop.
> * If not, increase the number of falsetickers and go
> * around again.
> */
> if (high > low)
1655,1656d1975
< low = endpoint[indx[i++]].val;
< high = endpoint[indx[j--]].val;
1662,1663c1981,1982
< * of them as the only survivor. Otherwise, give up and declare
< * us unsynchronized.
---
> * of them as the only survivor. Otherwise, give up and leave
> * the island to the rats.
1665c1984
< if ((allow << 1) >= nlist) {
---
> if (high <= low) {
1679,1681c1998,1999
< "synchronisation lost");
< report_event(EVNT_PEERSTCHG,
< (struct peer *)0);
---
> "no servers reachable");
> report_event(EVNT_PEERSTCHG, NULL);
1683,1686c2001,2002
< sys_survivors = 0;
< #ifdef AUTOKEY
< resetmanycast();
< #endif /* AUTOKEY */
---
> if (osurv > 0)
> resetmanycast();
1690,1693d2005
< #ifdef DEBUG
< if (debug > 2)
< printf("select: low %.6f high %.6f\n", low, high);
< #endif
1695a2008,2019
> * We can only trust the survivors if the number of candidates
> * sys_minsane is at least the number required to detect and
> * cast out one falsticker. For the Byzantine agreement
> * algorithm used here, that number is 4; however, the default
> * sys_minsane is 1 to speed initial synchronization. Careful
> * operators will tinker the value to 4 and use at least that
> * number of synchronization sources.
> */
> if (nlist < sys_minsane)
> return;
>
> /*
1697,1702c2021,2031
< * by stratum then by root distance. If we have more than
< * MAXCLOCK peers, keep only the best MAXCLOCK of them. Scan the
< * list to find falsetickers, who leave the island immediately.
< * If a falseticker is not configured, his association raft is
< * drowned as well. We must leave at least one peer to collect
< * the million bucks.
---
> * by stratum then by root distance, but keep only the best
> * NTP_MAXCLOCK of them. Scan the list to find falsetickers, who
> * leave the island immediately. If a falseticker is not
> * configured, his association raft is drowned as well, but only
> * if at at least eight poll intervals have gone. We must leave
> * at least one peer to collect the million bucks.
> *
> * Note the hysteresis gimmick that increases the effective
> * distance for those rascals that have not made the final cut.
> * This is to discourage clockhopping. Note also the prejudice
> * against lower stratum peers if the floor is elevated.
1707c2036
< if (nlist > 1 && (low >= peer->offset || peer->offset >=
---
> if (nlist > 1 && (peer->offset <= low || peer->offset >=
1714c2043,2049
< d = root_distance(peer) + peer->stratum * MAXDISPERSE;
---
> d = peer->stratum;
> if (d < sys_floor)
> d += sys_floor;
> if (d > sys_ceiling)
> d = STRATUM_UNSPEC;
> d = root_distance(peer) + d * MAXDISTANCE;
> d *= 1. - peer->hyst;
1733a2069,2075
> if (nlist == 0) {
> #ifdef DEBUG
> if (debug)
> printf("clock_select: empty intersection interval\n");
> #endif
> return;
> }
1739,1740c2081,2083
< printf("select: %s distance %.6f\n",
< ntoa(&peer_list[i]->srcadr), synch[i]);
---
> printf("select: %s distance %.6f jitter %.6f\n",
> ntoa(&peer_list[i]->srcadr), synch[i],
> SQRT(error[i]));
1747c2090
< * than NTP_MINCLOCK survivors and the minimum select jitter
---
> * than sys_minclock survivors and the minimum select jitter
1757d2099
<
1767d2108
< f = max(f, SQUARE(LOGTOD(sys_precision)));
1774c2115,2118
<
---
> f = max(sys_selerr, SQUARE(LOGTOD(sys_precision)));
> if (nlist <= sys_minclock || f <= d ||
> peer_list[k]->flags & FLAG_PREFER)
> break;
1778,1779c2122,2124
< "select: survivors %d select %.6f peer %.6f\n",
< k, SQRT(sys_selerr), SQRT(d));
---
> "select: drop %s select %.6f jitter %.6f\n",
> ntoa(&peer_list[k]->srcadr),
> SQRT(sys_selerr), SQRT(d));
1781,1784c2126,2127
< if (nlist <= NTP_MINCLOCK || sys_selerr <= d ||
< peer_list[k]->flags & FLAG_PREFER)
< break;
< if (!(peer_list[k]->flags & FLAG_CONFIG))
---
> if (!(peer_list[k]->flags & FLAG_CONFIG) &&
> peer_list[k]->hmode == MODE_CLIENT)
1793d2135
< #ifdef AUTOKEY
1795,1820c2137
< * In manycast client mode we may have spooked a sizeable number
< * of servers that we don't need. If there are at least
< * NTP_MINCLOCK of them, the manycast message will be turned
< * off. By the time we get here we nay be ready to prune some of
< * them back, but we want to make sure all the candicates have
< * had a chance. If they didn't pass the sanity and intersection
< * tests, they have already been voted off the island.
< */
< if (sys_survivors >= NTP_MINCLOCK && nlist < NTP_MINCLOCK)
< resetmanycast();
< #endif /* AUTOKEY */
< sys_survivors = nlist;
<
< #ifdef DEBUG
< if (debug > 2) {
< for (i = 0; i < nlist; i++)
< printf(
< "select: %s offset %.6f, distance %.6f poll %d\n",
< ntoa(&peer_list[i]->srcadr),
< peer_list[i]->offset, synch[i],
< peer_list[i]->pollsw);
< }
< #endif
<
< /*
< * What remains is a list of not greater than NTP_MINCLOCK
---
> * What remains is a list usually not greater than sys_minclock
1824,1831c2141,2146
< * flags and clamp the poll intervals. Then, consider the peers
< * at the lowest stratum. Of these, OR the leap bits on the
< * assumption that, if some of them honk nonzero bits, they must
< * know what they are doing. Also, check for prefer and pps
< * peers. If a prefer peer is found within clock_max, update the
< * pps switch. Of the other peers not at the lowest stratum,
< * check if the system peer is among them and, if found, zap
< * him. We note that the head of the list is at the lowest
---
> * flags and clamp the poll intervals. Then, consider each peer
> * in turn and OR the leap bits on the assumption that, if some
> * of them honk nonzero bits, they must know what they are
> * doing. Check for prefer and pps peers at any stratum. Check
> * if the old system peer is among the peers at the lowest
> * stratum. Note that the head of the list is at the lowest
1835,1839c2150,2154
< * Note that we go no further, unless the number of survivors is
< * a majority of the suckers that have been found reachable and
< * no prior source is available. This avoids the transient when
< * one of a flock of sources is out to lunch and just happens
< * to be the first survivor.
---
> * Fiddle for hysteresis. Pump it up for a peer only if the peer
> * stratum is at least the floor and there are enough survivors.
> * This minimizes the pain when tossing out rascals beneath the
> * floorboard. Don't count peers with stratum above the ceiling.
> * Manycast is sooo complicated.
1841,1842d2155
< if (osys_peer == NULL && 2 * nlist < min(nreach, NTP_MINCLOCK))
< return;
1845a2159
> leap_consensus |= peer->leap;
1846a2161
> peer->rank++;
1848,1858c2163,2176
< poll_update(peer, peer->hpoll);
< if (peer->stratum == peer_list[0]->stratum) {
< leap_consensus |= peer->leap;
< if (peer->refclktype == REFCLK_ATOM_PPS &&
< peer->stratum < STRATUM_UNSPEC)
< typepps = peer;
< if (peer == osys_peer)
< typesystem = peer;
< if (peer->flags & FLAG_PREFER)
< sys_prefer = peer;
< }
---
> if (peer->stratum >= sys_floor && osurv >= sys_minclock)
> peer->hyst = HYST;
> else
> peer->hyst = 0;
> if (peer->stratum <= sys_ceiling)
> sys_survivors++;
> if (peer->flags & FLAG_PREFER)
> sys_prefer = peer;
> if (peer->refclktype == REFCLK_ATOM_PPS &&
> peer->stratum < STRATUM_UNSPEC)
> typepps = peer;
> if (peer->stratum == peer_list[0]->stratum && peer ==
> osys_peer)
> typesystem = peer;
1861a2180,2191
> * In manycast client mode we may have spooked a sizeable number
> * of peers that we don't need. If there are at least
> * sys_minclock of them, the manycast message will be turned
> * off. By the time we get here we nay be ready to prune some of
> * them back, but we want to make sure all the candicates have
> * had a chance. If they didn't pass the sanity and intersection
> * tests, they have already been voted off the island.
> */
> if (sys_survivors < sys_minclock && osurv >= sys_minclock)
> resetmanycast();
>
> /*
1889c2219,2221
< } else if (typepps) {
---
> }
> #ifndef LOCKCLOCK
> else if (typepps) {
1896,1897c2228
< msyslog(LOG_INFO,
< "pps sync enabled");
---
> msyslog(LOG_INFO, "pps sync enabled");
1909a2241
> sys_peer->rank++;
1918,1919c2250,2269
< if (osys_peer != sys_peer)
< report_event(EVNT_PEERSTCHG, (struct peer *)0);
---
> #endif /* LOCKCLOCK */
> if (osys_peer != sys_peer) {
> char *src;
>
> if (sys_peer == NULL)
> sys_peer_refid = 0;
> else
> sys_peer_refid = addr2refid(&sys_peer->srcadr);
> report_event(EVNT_PEERSTCHG, NULL);
>
> #ifdef REFCLOCK
> if (ISREFCLOCKADR(&sys_peer->srcadr))
> src = refnumtoa(&sys_peer->srcadr);
> else
> #endif
> src = ntoa(&sys_peer->srcadr);
> NLOG(NLOG_SYNCSTATUS)
> msyslog(LOG_INFO, "synchronized to %s, stratum=%d", src,
> sys_peer->stratum);
> }
1929c2279
< int npeers
---
> int npeers
1932,1933c2282,2284
< int i;
< double x, y, z;
---
> int i;
> double x, y, z;
>
1970,1972c2321,2323
< int sendlen, authlen;
< keyid_t xkeyid; /* transmit key ID */
< l_fp xmt_tx;
---
> int sendlen, authlen;
> keyid_t xkeyid = 0; /* transmit key ID */
> l_fp xmt_tx;
2003,2004c2354,2355
< sendpkt(&peer->srcadr, peer->dstadr, peer->ttl, &xpkt,
< sendlen);
---
> sendpkt(&peer->srcadr, peer->dstadr, sys_ttl[peer->ttl],
> &xpkt, sendlen);
2009,2010c2360,2361
< current_time, ntoa(&peer->dstadr->sin),
< ntoa(&peer->srcadr), peer->hmode);
---
> current_time, stoa(&peer->dstadr->sin),
> stoa(&peer->srcadr), peer->hmode);
2020,2022c2371,2374
< #ifdef AUTOKEY
< if ((peer->flags & FLAG_SKEY)) {
< u_int cmmd;
---
> #ifdef OPENSSL
> if (crypto_flags && (peer->flags & FLAG_SKEY)) {
> struct exten *exten; /* extension field */
> u_int opcode;
2082,2085c2434,2438
< * In broadcast mode the autokey values are required.
< * Send them when a new keylist is generated; otherwise,
< * send the association ID so the client can request
< * them at other times.
---
> * In broadcast server mode the autokey values are
> * required by the broadcast clients. Push them when a
> * new keylist is generated; otherwise, push the
> * association message so the client can request them at
> * other times.
2089c2442,2443
< cmmd = CRYPTO_AUTO | CRYPTO_RESP;
---
> exten = crypto_args(peer, CRYPTO_AUTO |
> CRYPTO_RESP, NULL);
2091,2093c2445,2449
< cmmd = CRYPTO_ASSOC | CRYPTO_RESP;
< sendlen += crypto_xmit((u_int32 *)&xpkt,
< sendlen, cmmd, 0, peer->associd);
---
> exten = crypto_args(peer, CRYPTO_ASSOC |
> CRYPTO_RESP, NULL);
> sendlen += crypto_xmit(&xpkt, &peer->srcadr,
> sendlen, exten, 0);
> free(exten);
2097,2115c2453,2459
< * In symmetric modes the public key, leapsecond table,
< * agreement parameters and autokey values are required.
< *
< * 1. If a response is pending, always send it first.
< *
< * 2. Don't send anything except a public-key request
< * until the public key has been stored.
< *
< * 3. Once the public key has been stored, don't send
< * anything except an agreement parameter request
< * until the agreement parameters have been stored.
< *
< * 4. Once the argeement parameters have been stored,
< * don't send anything except a public value request
< * until the agreed key has been stored.
< *
< * 5. When the agreed key has been stored and the key
< * list is regenerated, send the autokey values
< * gratis unless they have already been sent.
---
> * In symmetric modes the digest, certificate, agreement
> * parameters, cookie and autokey values are required.
> * The leapsecond table is optional. But, a passive peer
> * will not believe the active peer until the latter has
> * synchronized, so the agreement must be postponed
> * until then. In any case, if a new keylist is
> * generated, the autokey values are pushed.
2119,2124c2463,2472
< #ifdef PUBKEY
< if (peer->cmmd != 0)
< sendlen += crypto_xmit((u_int32 *)&xpkt,
< sendlen, (peer->cmmd >> 16) |
< CRYPTO_RESP, peer->hcookie,
< peer->associd);
---
> if (peer->cmmd != NULL) {
> peer->cmmd->associd =
> htonl(peer->associd);
> sendlen += crypto_xmit(&xpkt,
> &peer->srcadr, sendlen, peer->cmmd,
> 0);
> free(peer->cmmd);
> peer->cmmd = NULL;
> }
> exten = NULL;
2126,2182c2474,2529
< sendlen += crypto_xmit((u_int32 *)&xpkt,
< sendlen, CRYPTO_ASSOC,
< peer->hcookie, peer->assoc);
< else if (!crypto_flags &&
< peer->pcookie.tstamp == 0 && sys_leap !=
< LEAP_NOTINSYNC)
< sendlen += crypto_xmit((u_int32 *)&xpkt,
< sendlen, CRYPTO_PRIV, peer->hcookie,
< peer->assoc);
< else if (crypto_flags && peer->pubkey.ptr ==
< NULL)
< sendlen += crypto_xmit((u_int32 *)&xpkt,
< sendlen, CRYPTO_NAME, peer->hcookie,
< peer->assoc);
< else if (peer->crypto & CRYPTO_FLAG_CERT)
< sendlen += crypto_xmit((u_int32 *)&xpkt,
< sendlen, CRYPTO_CERT, peer->hcookie,
< peer->assoc);
< else if (crypto_flags && peer->crypto &
< CRYPTO_FLAG_DH && sys_leap !=
< LEAP_NOTINSYNC)
< sendlen += crypto_xmit((u_int32 *)&xpkt,
< sendlen, CRYPTO_DHPAR,
< peer->hcookie, peer->assoc);
< else if (crypto_flags && peer->pcookie.tstamp ==
< 0 && sys_leap != LEAP_NOTINSYNC)
< sendlen += crypto_xmit((u_int32 *)&xpkt,
< sendlen, CRYPTO_DH, peer->hcookie,
< peer->assoc);
< #else
< if (peer->cmmd != 0)
< sendlen += crypto_xmit((u_int32 *)&xpkt,
< sendlen, (peer->cmmd >> 16) |
< CRYPTO_RESP, peer->hcookie,
< peer->associd);
< if (peer->pcookie.tstamp == 0 && sys_leap !=
< LEAP_NOTINSYNC)
< sendlen += crypto_xmit((u_int32 *)&xpkt,
< sendlen, CRYPTO_PRIV, peer->hcookie,
< peer->assoc);
< #endif /* PUBKEY */
< else if (!(peer->flags & FLAG_AUTOKEY))
< sendlen += crypto_xmit((u_int32 *)&xpkt,
< sendlen, CRYPTO_AUTO, peer->hcookie,
< peer->assoc);
< else if ((peer->flags & FLAG_ASSOC) &&
< (peer->cmmd >> 16) != CRYPTO_AUTO)
< sendlen += crypto_xmit((u_int32 *)&xpkt,
< sendlen, CRYPTO_AUTO | CRYPTO_RESP,
< peer->hcookie, peer->associd);
< #ifdef PUBKEY
< else if (peer->crypto & CRYPTO_FLAG_TAI)
< sendlen += crypto_xmit((u_int32 *)&xpkt,
< sendlen, CRYPTO_TAI, peer->hcookie,
< peer->assoc);
< #endif /* PUBKEY */
< peer->cmmd = 0;
---
> exten = crypto_args(peer, CRYPTO_ASSOC,
> sys_hostname);
> else if (!(peer->crypto & CRYPTO_FLAG_VALID))
> exten = crypto_args(peer, CRYPTO_CERT,
> peer->issuer);
>
> /*
> * Identity. Note we have to sign the
> * certificate before the cookie to avoid a
> * deadlock when the passive peer is walking the
> * certificate trail. Awesome.
> */
> else if ((opcode = crypto_ident(peer)) != 0)
> exten = crypto_args(peer, opcode, NULL);
> else if (sys_leap != LEAP_NOTINSYNC &&
> !(peer->crypto & CRYPTO_FLAG_SIGN))
> exten = crypto_args(peer, CRYPTO_SIGN,
> sys_hostname);
>
> /*
> * Autokey. We request the cookie only when the
> * server and client are synchronized and
> * signatures work both ways. On the other hand,
> * the active peer needs the autokey values
> * before then and when the passive peer is
> * waiting for the active peer to synchronize.
> * Any time we regenerate the key list, we offer
> * the autokey values without being asked.
> */
> else if (sys_leap != LEAP_NOTINSYNC &&
> peer->leap != LEAP_NOTINSYNC &&
> !(peer->crypto & CRYPTO_FLAG_AGREE))
> exten = crypto_args(peer, CRYPTO_COOK,
> NULL);
> else if (peer->flags & FLAG_ASSOC)
> exten = crypto_args(peer, CRYPTO_AUTO |
> CRYPTO_RESP, NULL);
> else if (!(peer->crypto & CRYPTO_FLAG_AUTO))
> exten = crypto_args(peer, CRYPTO_AUTO,
> NULL);
>
> /*
> * Postamble. We trade leapseconds only when the
> * server and client are synchronized.
> */
> else if (sys_leap != LEAP_NOTINSYNC &&
> peer->leap != LEAP_NOTINSYNC &&
> peer->crypto & CRYPTO_FLAG_TAI &&
> !(peer->crypto & CRYPTO_FLAG_LEAP))
> exten = crypto_args(peer, CRYPTO_TAI,
> NULL);
> if (exten != NULL) {
> sendlen += crypto_xmit(&xpkt,
> &peer->srcadr, sendlen, exten, 0);
> free(exten);
> }
2186,2188c2533,2537
< * In client mode, the public key, host cookie and
< * autokey values are required. In broadcast client
< * mode, these values must be acquired during the
---
> * In client mode the digest, certificate, agreement
> * parameters and cookie are required. The leapsecond
> * table is optional. If broadcast client mode, the
> * autokey values are required as well. In broadcast
> * client mode, these values must be acquired during the
2192,2193c2541,2548
< * unreachable and attempting rebirth. Note that we ask
< * for the cookie at each key list regeneration anyway.
---
> * unreachable and attempting rebirth.
> *
> * If neither the server or client have the agreement
> * parameters, the protocol transmits the cookie in the
> * clear. If the server has the parameters, the client
> * requests them and the protocol blinds it using the
> * agreed key. It is a protocol error if the client has
> * the parameters but the server does not.
2196,2200c2551,2560
< if (peer->cmmd != 0)
< sendlen += crypto_xmit((u_int32 *)&xpkt,
< sendlen, (peer->cmmd >> 16) |
< CRYPTO_RESP, peer->hcookie,
< peer->associd);
---
> if (peer->cmmd != NULL) {
> peer->cmmd->associd =
> htonl(peer->associd);
> sendlen += crypto_xmit(&xpkt,
> &peer->srcadr, sendlen, peer->cmmd,
> 0);
> free(peer->cmmd);
> peer->cmmd = NULL;
> }
> exten = NULL;
2202,2220c2562,2580
< sendlen += crypto_xmit((u_int32 *)&xpkt,
< sendlen, CRYPTO_ASSOC,
< peer->hcookie, peer->assoc);
< #ifdef PUBKEY
< else if (crypto_flags && peer->pubkey.ptr ==
< NULL)
< sendlen += crypto_xmit((u_int32 *)&xpkt,
< sendlen, CRYPTO_NAME, peer->hcookie,
< peer->assoc);
< else if (peer->crypto & CRYPTO_FLAG_CERT)
< sendlen += crypto_xmit((u_int32 *)&xpkt,
< sendlen, CRYPTO_CERT, peer->hcookie,
< peer->assoc);
< #endif /* PUBKEY */
< else if (peer->pcookie.tstamp == 0)
< sendlen += crypto_xmit((u_int32 *)&xpkt,
< sendlen, CRYPTO_PRIV, peer->hcookie,
< peer->assoc);
< else if (!(peer->flags & FLAG_AUTOKEY) &&
---
> exten = crypto_args(peer, CRYPTO_ASSOC,
> sys_hostname);
> else if (!(peer->crypto & CRYPTO_FLAG_VALID))
> exten = crypto_args(peer, CRYPTO_CERT,
> peer->issuer);
>
> /*
> * Identity.
> */
> else if ((opcode = crypto_ident(peer)) != 0)
> exten = crypto_args(peer, opcode, NULL);
>
> /*
> * Autokey
> */
> else if (!(peer->crypto & CRYPTO_FLAG_AGREE))
> exten = crypto_args(peer, CRYPTO_COOK,
> NULL);
> else if (!(peer->crypto & CRYPTO_FLAG_AUTO) &&
2222,2231c2582,2602
< sendlen += crypto_xmit((u_int32 *)&xpkt,
< sendlen, CRYPTO_AUTO, peer->hcookie,
< peer->assoc);
< #ifdef PUBKEY
< else if (peer->crypto & CRYPTO_FLAG_TAI)
< sendlen += crypto_xmit((u_int32 *)&xpkt,
< sendlen, CRYPTO_TAI, peer->hcookie,
< peer->assoc);
< #endif /* PUBKEY */
< peer->cmmd = 0;
---
> exten = crypto_args(peer, CRYPTO_AUTO,
> NULL);
>
> /*
> * Postamble. We can sign the certificate here,
> * since there is no chance of deadlock.
> */
> else if (sys_leap != LEAP_NOTINSYNC &&
> !(peer->crypto & CRYPTO_FLAG_SIGN))
> exten = crypto_args(peer, CRYPTO_SIGN,
> sys_hostname);
> else if (sys_leap != LEAP_NOTINSYNC &&
> peer->crypto & CRYPTO_FLAG_TAI &&
> !(peer->crypto & CRYPTO_FLAG_LEAP))
> exten = crypto_args(peer, CRYPTO_TAI,
> NULL);
> if (exten != NULL) {
> sendlen += crypto_xmit(&xpkt,
> &peer->srcadr, sendlen, exten, 0);
> free(exten);
> }
2237c2608
< * private value of zero and force min poll interval.
---
> * private value of zero and force min poll interval.
2244c2615
< #endif /* AUTOKEY */
---
> #endif /* OPENSSL */
2251,2253c2622,2627
< msyslog(LOG_NOTICE,
< "transmit: no encryption key found");
< peer->flash |= TEST4 | TEST5;
---
> msyslog(LOG_INFO,
> "transmit: encryption key %d not found", xkeyid);
> if (peer->flags & FLAG_CONFIG)
> peer_clear(peer, "NKEY");
> else
> unpeer(peer);
2257c2631
< #ifdef AUTOKEY
---
> #ifdef OPENSSL
2260c2634
< #endif /* AUTOKEY */
---
> #endif /* OPENSSL */
2264c2638
< exit(-1);
---
> exit (-1);
2266c2640,2641
< sendpkt(&peer->srcadr, peer->dstadr, peer->ttl, &xpkt, sendlen);
---
> sendpkt(&peer->srcadr, peer->dstadr, sys_ttl[peer->ttl], &xpkt,
> sendlen);
2281c2656
< #ifdef AUTOKEY
---
> #ifdef OPENSSL
2287,2288c2662,2663
< ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen,
< authlen, peer->keynumber);
---
> ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen -
> authlen, authlen, peer->keynumber);
2296,2297c2671,2672
< ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen,
< authlen);
---
> ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen -
> authlen, authlen);
2299c2674
< #endif /* AUTOKEY */
---
> #endif /* OPENSSL */
2310,2312c2685,2687
< int xmode, /* transmit mode */
< keyid_t xkeyid, /* transmit key ID */
< int mask /* restrict mask */
---
> int xmode, /* transmit mode */
> keyid_t xkeyid, /* transmit key ID */
> int mask /* restrict mask */
2315,2319c2690,2697
< struct pkt xpkt; /* transmit packet structure */
< struct pkt *rpkt; /* receive packet structure */
< l_fp xmt_ts; /* transmit timestamp */
< l_fp xmt_tx; /* transmit timestamp after authent */
< int sendlen, authlen;
---
> struct pkt xpkt; /* transmit packet structure */
> struct pkt *rpkt; /* receive packet structure */
> l_fp xmt_ts; /* timestamp */
> l_fp xmt_tx; /* timestamp after authent */
> int sendlen, authlen;
> #ifdef OPENSSL
> u_int32 temp32;
> #endif
2332,2333c2710,2711
< * If the caller is restricted, return a kiss-of-death packet;
< * otherwise, smooch politely.
---
> * If the packet has picked up a restriction due to either
> * access denied or rate exceeded, decide what to do with it.
2335,2343c2713,2721
< if (mask & (RES_DONTSERVE | RES_LIMITED)) {
< if (!(mask & RES_DEMOBILIZE)) {
< return;
< } else {
< xpkt.li_vn_mode =
< PKT_LI_VN_MODE(LEAP_NOTINSYNC,
< PKT_VERSION(rpkt->li_vn_mode), xmode);
< xpkt.stratum = STRATUM_UNSPEC;
< memcpy(&xpkt.refid, "DENY", 4);
---
> if (mask & (RES_DONTTRUST | RES_LIMITED)) {
> char *code = "????";
>
> if (mask & RES_LIMITED) {
> sys_limitrejected++;
> code = "RATE";
> } else if (mask & RES_DONTTRUST) {
> sys_restricted++;
> code = "DENY";
2344a2723,2738
>
> /*
> * Here we light up a kiss-of-death packet. Note the
> * rate limit on these packets. Once a second initialize
> * a bucket counter. Every packet sent decrements the
> * counter until reaching zero. If the counter is zero,
> * drop the kod.
> */
> if (sys_kod == 0 || !(mask & RES_DEMOBILIZE))
> return;
>
> sys_kod--;
> memcpy(&xpkt.refid, code, 4);
> xpkt.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOTINSYNC,
> PKT_VERSION(rpkt->li_vn_mode), xmode);
> xpkt.stratum = STRATUM_UNSPEC;
2374,2375c2768,2769
< current_time, ntoa(&rbufp->dstadr->sin),
< ntoa(&rbufp->recv_srcadr), xmode);
---
> current_time, stoa(&rbufp->dstadr->sin),
> stoa(&rbufp->recv_srcadr), xmode);
2388c2782
< #ifdef AUTOKEY
---
> #ifdef OPENSSL
2391d2784
< u_int code, associd;
2402d2794
< code = (htonl(rpkt->exten[0]) >> 16) | CRYPTO_RESP;
2405,2407c2797,2798
< associd = htonl(rpkt->exten[1]);
< if (rbufp->recv_length >= sendlen + MAX_MAC_LEN + 2 *
< sizeof(u_int32)) {
---
> if (rbufp->recv_length >= (int)(sendlen + MAX_MAC_LEN + 2 *
> sizeof(u_int32))) {
2410,2411c2801,2805
< sendlen += crypto_xmit((u_int32 *)&xpkt,
< sendlen, code, cookie, associd);
---
> temp32 = CRYPTO_RESP;
> rpkt->exten[0] |= htonl(temp32);
> sendlen += crypto_xmit(&xpkt,
> &rbufp->recv_srcadr, sendlen,
> (struct exten *)rpkt->exten, cookie);
2417c2811
< #endif /* AUTOKEY */
---
> #endif /* OPENSSL */
2423c2817
< #ifdef AUTOKEY
---
> #ifdef OPENSSL
2426c2820
< #endif /* AUTOKEY */
---
> #endif /* OPENSSL */
2430c2824
< exit(-1);
---
> exit (-1);
2451,2452c2845,2846
< ntoa(&rbufp->recv_srcadr), xmode, xkeyid, sendlen,
< authlen);
---
> ntoa(&rbufp->recv_srcadr), xmode, xkeyid, sendlen -
> authlen, authlen);
2457c2851
< #ifdef AUTOKEY
---
> #ifdef OPENSSL
2468c2862
< if (peer->keylist != NULL) {
---
> if (peer->keylist != NULL) {
2474c2868,2869
< peer->keynumber = peer->sndauto.seq = 0;
---
> value_free(&peer->sndval);
> peer->keynumber = 0;
2480c2875
< #endif /* AUTOKEY */
---
> #endif /* OPENSSL */
2481a2877
>
2482a2879,2902
> * Determine if the peer is unfit for synchronization
> *
> * A peer is unfit for synchronization if
> * > not reachable
> * > a synchronization loop would form
> * > never been synchronized
> * > stratum undefined or too high
> * > too long without synchronization
> * > designated noselect
> */
> static int /* 0 if no, 1 if yes */
> peer_unfit(
> struct peer *peer /* peer structure pointer */
> )
> {
> return (!peer->reach || (peer->stratum > 1 && peer->refid ==
> peer->dstadr->addr_refid) || peer->leap == LEAP_NOTINSYNC ||
> peer->stratum >= STRATUM_UNSPEC || root_distance(peer) >=
> MAXDISTANCE + 2. * clock_phi * ULOGTOD(sys_poll) ||
> peer->flags & FLAG_NOSELECT );
> }
>
>
> /*
2485,2489c2905,2907
< #define DUSECS 1000000 /* us in a s */
< #define HUSECS (1 << 20) /* approx DUSECS for shifting etc */
< #define MINSTEP 5 /* minimum clock increment (us) */
< #define MAXSTEP 20000 /* maximum clock increment (us) */
< #define MINLOOPS 5 /* minimum number of step samples */
---
> #define MINSTEP 100e-9 /* minimum clock increment (s) */
> #define MAXSTEP 20e-3 /* maximum clock increment (s) */
> #define MINLOOPS 5 /* minimum number of step samples */
2492,2501c2910,2921
< * This routine calculates the differences between successive calls to
< * gettimeofday(). If a difference is less than zero, the us field
< * has rolled over to the next second, so we add a second in us. If
< * the difference is greater than zero and less than MINSTEP, the
< * clock has been advanced by a small amount to avoid standing still.
< * If the clock has advanced by a greater amount, then a timer interrupt
< * has occurred and this amount represents the precision of the clock.
< * In order to guard against spurious values, which could occur if we
< * happen to hit a fat interrupt, we do this for MINLOOPS times and
< * keep the minimum value obtained.
---
> * This routine calculates the system precision, defined as the minimum
> * of a sequency of differences between successive readings of the
> * system clock. However, if the system clock can be read more than once
> * during a tick interval, the difference can be zero or one LSB unit,
> * where the LSB corresponds to one nanosecond or one microsecond.
> * Conceivably, if some other process preempts this one and reads the
> * clock, the difference can be more than one LSB unit.
> *
> * For hardware clock frequencies of 10 MHz or less, we assume the
> * logical clock advances only at the hardware clock tick. For higher
> * frequencies, we assume the logical clock can advance no more than 100
> * nanoseconds between ticks.
2506,2526c2926,2931
< struct timeval tp;
< #if !defined(SYS_WINNT) && !defined(VMS) && !defined(_SEQUENT_) && \
< !defined(MPE)
< struct timezone tzp;
< #elif defined(VMS) || defined(_SEQUENT_)
< struct timezone {
< int tz_minuteswest;
< int tz_dsttime;
< } tzp;
< #endif /* defined(VMS) || defined(_SEQUENT_) */
< long last;
< int i;
< long diff;
< long val;
< long usec;
< #ifdef HAVE_GETCLOCK
< struct timespec ts;
< #endif
< #if defined(__FreeBSD__) && __FreeBSD__ >= 3
< u_long freq;
< size_t j;
---
> l_fp val; /* current seconds fraction */
> l_fp last; /* last seconds fraction */
> l_fp diff; /* difference */
> double tick; /* computed tick value */
> double dtemp; /* scratch */
> int i; /* log2 precision */
2528,2529c2933,2936
< /* Try to see if we can find the frequency of of the counter
< * which drives our timekeeping
---
> /*
> * Loop to find tick value in nanoseconds. Toss out outlyer
> * values less than the minimun tick value. In wacky cases, use
> * the default maximum value.
2531,2544c2938,2950
< j = sizeof freq;
< i = sysctlbyname("kern.timecounter.frequency", &freq, &j , 0,
< 0);
< if (i)
< i = sysctlbyname("machdep.tsc_freq", &freq, &j , 0, 0);
< if (i)
< i = sysctlbyname("machdep.i586_freq", &freq, &j , 0, 0);
< if (i)
< i = sysctlbyname("machdep.i8254_freq", &freq, &j , 0,
< 0);
< if (!i) {
< for (i = 1; freq ; i--)
< freq >>= 1;
< return (i);
---
> get_systime(&last);
> tick = MAXSTEP;
> for (i = 0; i < MINLOOPS;) {
> get_systime(&val);
> diff = val;
> L_SUB(&diff, &last);
> last = val;
> LFPTOD(&diff, dtemp);
> if (dtemp < MINSTEP)
> continue;
> i++;
> if (dtemp < tick)
> tick = dtemp;
2546,2583c2952,2962
< #endif
< usec = 0;
< val = MAXSTEP;
< #ifdef HAVE_GETCLOCK
< (void) getclock(TIMEOFDAY, &ts);
< tp.tv_sec = ts.tv_sec;
< tp.tv_usec = ts.tv_nsec / 1000;
< #else /* not HAVE_GETCLOCK */
< GETTIMEOFDAY(&tp, &tzp);
< #endif /* not HAVE_GETCLOCK */
< last = tp.tv_usec;
< for (i = 0; i < MINLOOPS && usec < HUSECS;) {
< #ifdef HAVE_GETCLOCK
< (void) getclock(TIMEOFDAY, &ts);
< tp.tv_sec = ts.tv_sec;
< tp.tv_usec = ts.tv_nsec / 1000;
< #else /* not HAVE_GETCLOCK */
< GETTIMEOFDAY(&tp, &tzp);
< #endif /* not HAVE_GETCLOCK */
< diff = tp.tv_usec - last;
< last = tp.tv_usec;
< if (diff < 0)
< diff += DUSECS;
< usec += diff;
< if (diff > MINSTEP) {
< i++;
< if (diff < val)
< val = diff;
< }
< }
< NLOG(NLOG_SYSINFO)
< msyslog(LOG_INFO, "precision = %ld usec", val);
< if (usec >= HUSECS)
< val = MINSTEP; /* val <= MINSTEP; fast machine */
< diff = HUSECS;
< for (i = 0; diff > val; i--)
< diff >>= 1;
< return (i);
---
>
> /*
> * Find the nearest power of two.
> */
> NLOG(NLOG_SYSEVENT)
> msyslog(LOG_INFO, "precision = %.3f usec", tick * 1e6);
> for (i = 0; tick <= 1; i++)
> tick *= 2;
> if (tick - 1. > 1. - tick / 2)
> i--;
> return (-i);
2585a2965
>
2586a2967,2976
> * kod_proto - called once per second to limit kiss-of-death packets
> */
> void
> kod_proto(void)
> {
> sys_kod = sys_kod_rate;
> }
>
>
> /*
2592c2982,2983
< l_fp dummy;
---
> l_fp dummy;
> int i;
2599a2991
> memcpy(&sys_refid, "INIT", 4);
2604d2995
< sys_refid = 0;
2608a3000
> sys_manycastserver = 0;
2610a3003
> sys_calldelay = BURST_DELAY;
2615,2623c3008,3013
< sys_badstratum = 0;
< sys_oldversionpkt = 0;
< sys_newversionpkt = 0;
< sys_badlength = 0;
< sys_unknownversion = 0;
< sys_processed = 0;
< sys_badauth = 0;
< sys_manycastserver = 0;
< #ifdef AUTOKEY
---
> proto_clr_stats();
> for (i = 0; i < MAX_TTL; i++) {
> sys_ttl[i] = (u_char)((i * 256) / MAX_TTL);
> sys_ttlmax = i;
> }
> #ifdef OPENSSL
2625c3015
< #endif /* AUTOKEY */
---
> #endif /* OPENSSL */
2636,2648d3025
<
< /*
< * Some system clocks should only be adjusted in 10ms
< * increments.
< */
< #if defined RELIANTUNIX_CLOCK
< systime_10ms_ticks = 1; /* Reliant UNIX */
< #elif defined SCO5_CLOCK
< if (sys_precision >= (s_char)-10) /* pre-SCO OpenServer 5.0.6 */
< systime_10ms_ticks = 1;
< #endif
< if (systime_10ms_ticks)
< msyslog(LOG_INFO, "using 10ms tick adjustments");
2657,2659c3034,3037
< int item,
< u_long value,
< double dvalue
---
> int item,
> u_long value,
> double dvalue,
> struct sockaddr_storage* svalue
2666d3043
< case PROTO_KERNEL:
2668,2670c3045,3048
< /*
< * Turn on/off kernel discipline
< */
---
> /*
> * Turn on/off kernel discipline.
> */
> case PROTO_KERNEL:
2673a3052,3054
> /*
> * Turn on/off clock discipline.
> */
2675,2678d3055
<
< /*
< * Turn on/off clock discipline
< */
2681a3059,3061
> /*
> * Turn on/off monitoring.
> */
2683,2686d3062
<
< /*
< * Turn on/off monitoring
< */
2692a3069,3071
> /*
> * Turn on/off statistics.
> */
2694,2697d3072
<
< /*
< * Turn on/off statistics
< */
2700a3076,3078
> /*
> * Turn on/off facility to listen to broadcasts.
> */
2702,2705d3079
<
< /*
< * Turn on/off facility to listen to broadcasts
< */
2712a3087,3089
> /*
> * Add muliticast group address.
> */
2714,2718c3091,3092
<
< /*
< * Add muliticast group address
< */
< io_multicast_add(value);
---
> if (svalue)
> io_multicast_add(*svalue);
2720a3095,3097
> /*
> * Delete multicast group address.
> */
2722,2726c3099,3100
<
< /*
< * Delete multicast group address
< */
< io_multicast_del(value);
---
> if (svalue)
> io_multicast_del(*svalue);
2728a3103,3105
> /*
> * Set default broadcast delay.
> */
2730,2733d3106
<
< /*
< * Set default broadcast delay
< */
2737c3110,3115
< case PROTO_AUTHENTICATE:
---
> /*
> * Set modem call delay.
> */
> case PROTO_CALLDELAY:
> sys_calldelay = (int)value;
> break;
2739,2741c3117,3120
< /*
< * Specify the use of authenticated data
< */
---
> /*
> * Require authentication to mobilize ephemeral associations.
> */
> case PROTO_AUTHENTICATE:
2744a3124,3126
> /*
> * Turn on/off PPS discipline.
> */
2746,2749d3127
<
< /*
< * Turn on/off PPS discipline
< */
2752a3131,3171
> /*
> * Set the minimum number of survivors.
> */
> case PROTO_MINCLOCK:
> sys_minclock = (int)dvalue;
> break;
>
> /*
> * Set the minimum number of candidates.
> */
> case PROTO_MINSANE:
> sys_minsane = (int)dvalue;
> break;
>
> /*
> * Set the stratum floor.
> */
> case PROTO_FLOOR:
> sys_floor = (int)dvalue;
> break;
>
> /*
> * Set the stratum ceiling.
> */
> case PROTO_CEILING:
> sys_ceiling = (int)dvalue;
> break;
>
> /*
> * Set the cohort switch.
> */
> case PROTO_COHORT:
> sys_cohort= (int)dvalue;
> break;
> /*
> * Set the adjtime() resolution (s).
> */
> case PROTO_ADJ:
> sys_tick = dvalue;
> break;
>
2753a3173,3175
> /*
> * Turn on/off refclock calibrate
> */
2755,2758d3176
<
< /*
< * Turn on/off refclock calibrate
< */
2762d3179
<
2766c3183
< * Log this error
---
> * Log this error.
2768,2769c3185,3186
< msyslog(LOG_ERR,
< "proto_config: illegal item %d, value %ld",
---
> msyslog(LOG_INFO,
> "proto_config: illegal item %d, value %ld",
2771d3187
< break;
2782,2783c3198,3200
< sys_badstratum = 0;
< sys_oldversionpkt = 0;
---
> sys_stattime = current_time;
> sys_received = 0;
> sys_processed = 0;
2784a3202
> sys_oldversionpkt = 0;
2785a3204
> sys_restricted = 0;
2787d3205
< sys_processed = 0;
2789d3206
< sys_stattime = current_time;