1/* 2 * NTP client/server, based on OpenNTPD 3.9p1 3 * 4 * Author: Adam Tkac <vonsch@gmail.com> 5 * 6 * Licensed under GPLv2, see file LICENSE in this tarball for details. 7 * 8 * Parts of OpenNTPD clock syncronization code is replaced by 9 * code which is based on ntp-4.2.6, whuch carries the following 10 * copyright notice: 11 * 12 *********************************************************************** 13 * * 14 * Copyright (c) University of Delaware 1992-2009 * 15 * * 16 * Permission to use, copy, modify, and distribute this software and * 17 * its documentation for any purpose with or without fee is hereby * 18 * granted, provided that the above copyright notice appears in all * 19 * copies and that both the copyright notice and this permission * 20 * notice appear in supporting documentation, and that the name * 21 * University of Delaware not be used in advertising or publicity * 22 * pertaining to distribution of the software without specific, * 23 * written prior permission. The University of Delaware makes no * 24 * representations about the suitability this software for any * 25 * purpose. It is provided "as is" without express or implied * 26 * warranty. * 27 * * 28 *********************************************************************** 29 */ 30#include "libbb.h" 31#include <math.h> 32#include <netinet/ip.h> /* For IPTOS_LOWDELAY definition */ 33#include <sys/timex.h> 34#ifndef IPTOS_LOWDELAY 35# define IPTOS_LOWDELAY 0x10 36#endif 37#ifndef IP_PKTINFO 38# error "Sorry, your kernel has to support IP_PKTINFO" 39#endif 40 41 42/* Verbosity control (max level of -dddd options accepted). 43 * max 5 is very talkative (and bloated). 2 is non-bloated, 44 * production level setting. 45 */ 46#define MAX_VERBOSE 2 47 48 49/* High-level description of the algorithm: 50 * 51 * We start running with very small poll_exp, BURSTPOLL, 52 * in order to quickly accumulate INITIAL_SAMLPES datapoints 53 * for each peer. Then, time is stepped if the offset is larger 54 * than STEP_THRESHOLD, otherwise it isn't; anyway, we enlarge 55 * poll_exp to MINPOLL and enter frequency measurement step: 56 * we collect new datapoints but ignore them for WATCH_THRESHOLD 57 * seconds. After WATCH_THRESHOLD seconds we look at accumulated 58 * offset and estimate frequency drift. 59 * 60 * (frequency measurement step seems to not be strictly needed, 61 * it is conditionally disabled with USING_INITIAL_FREQ_ESTIMATION 62 * define set to 0) 63 * 64 * After this, we enter "steady state": we collect a datapoint, 65 * we select the best peer, if this datapoint is not a new one 66 * (IOW: if this datapoint isn't for selected peer), sleep 67 * and collect another one; otherwise, use its offset to update 68 * frequency drift, if offset is somewhat large, reduce poll_exp, 69 * otherwise increase poll_exp. 70 * 71 * If offset is larger than STEP_THRESHOLD, which shouldn't normally 72 * happen, we assume that something "bad" happened (computer 73 * was hibernated, someone set totally wrong date, etc), 74 * then the time is stepped, all datapoints are discarded, 75 * and we go back to steady state. 76 */ 77 78#define RETRY_INTERVAL 5 /* on error, retry in N secs */ 79#define RESPONSE_INTERVAL 15 /* wait for reply up to N secs */ 80#define INITIAL_SAMLPES 4 /* how many samples do we want for init */ 81 82/* Clock discipline parameters and constants */ 83 84/* Step threshold (sec). std ntpd uses 0.128. 85 * Using exact power of 2 (1/8) results in smaller code */ 86#define STEP_THRESHOLD 0.125 87#define WATCH_THRESHOLD 128 /* stepout threshold (sec). std ntpd uses 900 (11 mins (!)) */ 88/* NB: set WATCH_THRESHOLD to ~60 when debugging to save time) */ 89//UNUSED: #define PANIC_THRESHOLD 1000 /* panic threshold (sec) */ 90 91#define FREQ_TOLERANCE 0.000015 /* frequency tolerance (15 PPM) */ 92#define BURSTPOLL 0 /* initial poll */ 93#define MINPOLL 5 /* minimum poll interval. std ntpd uses 6 (6: 64 sec) */ 94#define BIGPOLL 10 /* drop to lower poll at any trouble (10: 17 min) */ 95#define MAXPOLL 12 /* maximum poll interval (12: 1.1h, 17: 36.4h). std ntpd uses 17 */ 96/* Actively lower poll when we see such big offsets. 97 * With STEP_THRESHOLD = 0.125, it means we try to sync more aggressively 98 * if offset increases over 0.03 sec */ 99#define POLLDOWN_OFFSET (STEP_THRESHOLD / 4) 100#define MINDISP 0.01 /* minimum dispersion (sec) */ 101#define MAXDISP 16 /* maximum dispersion (sec) */ 102#define MAXSTRAT 16 /* maximum stratum (infinity metric) */ 103#define MAXDIST 1 /* distance threshold (sec) */ 104#define MIN_SELECTED 1 /* minimum intersection survivors */ 105#define MIN_CLUSTERED 3 /* minimum cluster survivors */ 106 107#define MAXDRIFT 0.000500 /* frequency drift we can correct (500 PPM) */ 108 109/* Poll-adjust threshold. 110 * When we see that offset is small enough compared to discipline jitter, 111 * we grow a counter: += MINPOLL. When it goes over POLLADJ_LIMIT, 112 * we poll_exp++. If offset isn't small, counter -= poll_exp*2, 113 * and when it goes below -POLLADJ_LIMIT, we poll_exp-- 114 * (bumped from 30 to 36 since otherwise I often see poll_exp going *2* steps down) 115 */ 116#define POLLADJ_LIMIT 36 117/* If offset < POLLADJ_GATE * discipline_jitter, then we can increase 118 * poll interval (we think we can't improve timekeeping 119 * by staying at smaller poll). 120 */ 121#define POLLADJ_GATE 4 122/* Compromise Allan intercept (sec). doc uses 1500, std ntpd uses 512 */ 123#define ALLAN 512 124/* PLL loop gain */ 125#define PLL 65536 126/* FLL loop gain [why it depends on MAXPOLL??] */ 127#define FLL (MAXPOLL + 1) 128/* Parameter averaging constant */ 129#define AVG 4 130 131 132enum { 133 NTP_VERSION = 4, 134 NTP_MAXSTRATUM = 15, 135 136 NTP_DIGESTSIZE = 16, 137 NTP_MSGSIZE_NOAUTH = 48, 138 NTP_MSGSIZE = (NTP_MSGSIZE_NOAUTH + 4 + NTP_DIGESTSIZE), 139 140 /* Status Masks */ 141 MODE_MASK = (7 << 0), 142 VERSION_MASK = (7 << 3), 143 VERSION_SHIFT = 3, 144 LI_MASK = (3 << 6), 145 146 /* Leap Second Codes (high order two bits of m_status) */ 147 LI_NOWARNING = (0 << 6), /* no warning */ 148 LI_PLUSSEC = (1 << 6), /* add a second (61 seconds) */ 149 LI_MINUSSEC = (2 << 6), /* minus a second (59 seconds) */ 150 LI_ALARM = (3 << 6), /* alarm condition */ 151 152 /* Mode values */ 153 MODE_RES0 = 0, /* reserved */ 154 MODE_SYM_ACT = 1, /* symmetric active */ 155 MODE_SYM_PAS = 2, /* symmetric passive */ 156 MODE_CLIENT = 3, /* client */ 157 MODE_SERVER = 4, /* server */ 158 MODE_BROADCAST = 5, /* broadcast */ 159 MODE_RES1 = 6, /* reserved for NTP control message */ 160 MODE_RES2 = 7, /* reserved for private use */ 161}; 162 163//TODO: better base selection 164#define OFFSET_1900_1970 2208988800UL /* 1970 - 1900 in seconds */ 165 166#define NUM_DATAPOINTS 8 167 168typedef struct { 169 uint32_t int_partl; 170 uint32_t fractionl; 171} l_fixedpt_t; 172 173typedef struct { 174 uint16_t int_parts; 175 uint16_t fractions; 176} s_fixedpt_t; 177 178typedef struct { 179 uint8_t m_status; /* status of local clock and leap info */ 180 uint8_t m_stratum; 181 uint8_t m_ppoll; /* poll value */ 182 int8_t m_precision_exp; 183 s_fixedpt_t m_rootdelay; 184 s_fixedpt_t m_rootdisp; 185 uint32_t m_refid; 186 l_fixedpt_t m_reftime; 187 l_fixedpt_t m_orgtime; 188 l_fixedpt_t m_rectime; 189 l_fixedpt_t m_xmttime; 190 uint32_t m_keyid; 191 uint8_t m_digest[NTP_DIGESTSIZE]; 192} msg_t; 193 194typedef struct { 195 double d_recv_time; 196 double d_offset; 197 double d_dispersion; 198} datapoint_t; 199 200typedef struct { 201 len_and_sockaddr *p_lsa; 202 char *p_dotted; 203 /* when to send new query (if p_fd == -1) 204 * or when receive times out (if p_fd >= 0): */ 205 int p_fd; 206 int datapoint_idx; 207 uint32_t lastpkt_refid; 208 uint8_t lastpkt_status; 209 uint8_t lastpkt_stratum; 210 uint8_t reachable_bits; 211 double next_action_time; 212 double p_xmttime; 213 double lastpkt_recv_time; 214 double lastpkt_delay; 215 double lastpkt_rootdelay; 216 double lastpkt_rootdisp; 217 /* produced by filter algorithm: */ 218 double filter_offset; 219 double filter_dispersion; 220 double filter_jitter; 221 datapoint_t filter_datapoint[NUM_DATAPOINTS]; 222 /* last sent packet: */ 223 msg_t p_xmt_msg; 224} peer_t; 225 226 227#define USING_KERNEL_PLL_LOOP 1 228#define USING_INITIAL_FREQ_ESTIMATION 0 229 230enum { 231 OPT_n = (1 << 0), 232 OPT_q = (1 << 1), 233 OPT_N = (1 << 2), 234 OPT_x = (1 << 3), 235 /* Insert new options above this line. */ 236 /* Non-compat options: */ 237 OPT_w = (1 << 4), 238 OPT_p = (1 << 5), 239 OPT_S = (1 << 6), 240 OPT_l = (1 << 7) * ENABLE_FEATURE_NTPD_SERVER, 241}; 242 243struct globals { 244 double cur_time; 245 /* total round trip delay to currently selected reference clock */ 246 double rootdelay; 247 /* reference timestamp: time when the system clock was last set or corrected */ 248 double reftime; 249 /* total dispersion to currently selected reference clock */ 250 double rootdisp; 251 252 double last_script_run; 253 char *script_name; 254 llist_t *ntp_peers; 255#if ENABLE_FEATURE_NTPD_SERVER 256 int listen_fd; 257#endif 258 unsigned verbose; 259 unsigned peer_cnt; 260 /* refid: 32-bit code identifying the particular server or reference clock 261 * in stratum 0 packets this is a four-character ASCII string, 262 * called the kiss code, used for debugging and monitoring 263 * in stratum 1 packets this is a four-character ASCII string 264 * assigned to the reference clock by IANA. Example: "GPS " 265 * in stratum 2+ packets, it's IPv4 address or 4 first bytes of MD5 hash of IPv6 266 */ 267 uint32_t refid; 268 uint8_t ntp_status; 269 /* precision is defined as the larger of the resolution and time to 270 * read the clock, in log2 units. For instance, the precision of a 271 * mains-frequency clock incrementing at 60 Hz is 16 ms, even when the 272 * system clock hardware representation is to the nanosecond. 273 * 274 * Delays, jitters of various kinds are clamper down to precision. 275 * 276 * If precision_sec is too large, discipline_jitter gets clamped to it 277 * and if offset is much smaller than discipline_jitter, poll interval 278 * grows even though we really can benefit from staying at smaller one, 279 * collecting non-lagged datapoits and correcting the offset. 280 * (Lagged datapoits exist when poll_exp is large but we still have 281 * systematic offset error - the time distance between datapoints 282 * is significat and older datapoints have smaller offsets. 283 * This makes our offset estimation a bit smaller than reality) 284 * Due to this effect, setting G_precision_sec close to 285 * STEP_THRESHOLD isn't such a good idea - offsets may grow 286 * too big and we will step. I observed it with -6. 287 * 288 * OTOH, setting precision too small would result in futile attempts 289 * to syncronize to the unachievable precision. 290 * 291 * -6 is 1/64 sec, -7 is 1/128 sec and so on. 292 */ 293#define G_precision_exp -8 294#define G_precision_sec (1.0 / (1 << (- G_precision_exp))) 295 uint8_t stratum; 296 /* Bool. After set to 1, never goes back to 0: */ 297 smallint initial_poll_complete; 298 299#define STATE_NSET 0 /* initial state, "nothing is set" */ 300//#define STATE_FSET 1 /* frequency set from file */ 301#define STATE_SPIK 2 /* spike detected */ 302//#define STATE_FREQ 3 /* initial frequency */ 303#define STATE_SYNC 4 /* clock synchronized (normal operation) */ 304 uint8_t discipline_state; // doc calls it c.state 305 uint8_t poll_exp; // s.poll 306 int polladj_count; // c.count 307 long kernel_freq_drift; 308 peer_t *last_update_peer; 309 double last_update_offset; // c.last 310 double last_update_recv_time; // s.t 311 double discipline_jitter; // c.jitter 312 //double cluster_offset; // s.offset 313 //double cluster_jitter; // s.jitter 314#if !USING_KERNEL_PLL_LOOP 315 double discipline_freq_drift; // c.freq 316 /* Maybe conditionally calculate wander? it's used only for logging */ 317 double discipline_wander; // c.wander 318#endif 319}; 320#define G (*ptr_to_globals) 321 322static const int const_IPTOS_LOWDELAY = IPTOS_LOWDELAY; 323 324 325#define VERB1 if (MAX_VERBOSE && G.verbose) 326#define VERB2 if (MAX_VERBOSE >= 2 && G.verbose >= 2) 327#define VERB3 if (MAX_VERBOSE >= 3 && G.verbose >= 3) 328#define VERB4 if (MAX_VERBOSE >= 4 && G.verbose >= 4) 329#define VERB5 if (MAX_VERBOSE >= 5 && G.verbose >= 5) 330 331 332static double LOG2D(int a) 333{ 334 if (a < 0) 335 return 1.0 / (1UL << -a); 336 return 1UL << a; 337} 338static ALWAYS_INLINE double SQUARE(double x) 339{ 340 return x * x; 341} 342static ALWAYS_INLINE double MAXD(double a, double b) 343{ 344 if (a > b) 345 return a; 346 return b; 347} 348static ALWAYS_INLINE double MIND(double a, double b) 349{ 350 if (a < b) 351 return a; 352 return b; 353} 354static NOINLINE double my_SQRT(double X) 355{ 356 union { 357 float f; 358 int32_t i; 359 } v; 360 double invsqrt; 361 double Xhalf = X * 0.5; 362 363 /* Fast and good approximation to 1/sqrt(X), black magic */ 364 v.f = X; 365 /*v.i = 0x5f3759df - (v.i >> 1);*/ 366 v.i = 0x5f375a86 - (v.i >> 1); /* - this constant is slightly better */ 367 invsqrt = v.f; /* better than 0.2% accuracy */ 368 369 /* Refining it using Newton's method: x1 = x0 - f(x0)/f'(x0) 370 * f(x) = 1/(x*x) - X (f==0 when x = 1/sqrt(X)) 371 * f'(x) = -2/(x*x*x) 372 * f(x)/f'(x) = (X - 1/(x*x)) / (2/(x*x*x)) = X*x*x*x/2 - x/2 373 * x1 = x0 - (X*x0*x0*x0/2 - x0/2) = 1.5*x0 - X*x0*x0*x0/2 = x0*(1.5 - (X/2)*x0*x0) 374 */ 375 invsqrt = invsqrt * (1.5 - Xhalf * invsqrt * invsqrt); /* ~0.05% accuracy */ 376 /* invsqrt = invsqrt * (1.5 - Xhalf * invsqrt * invsqrt); 2nd iter: ~0.0001% accuracy */ 377 /* With 4 iterations, more than half results will be exact, 378 * at 6th iterations result stabilizes with about 72% results exact. 379 * We are well satisfied with 0.05% accuracy. 380 */ 381 382 return X * invsqrt; /* X * 1/sqrt(X) ~= sqrt(X) */ 383} 384static ALWAYS_INLINE double SQRT(double X) 385{ 386 /* If this arch doesn't use IEEE 754 floats, fall back to using libm */ 387 if (sizeof(float) != 4) 388 return sqrt(X); 389 390 /* This avoids needing libm, saves about 0.5k on x86-32 */ 391 return my_SQRT(X); 392} 393 394static double 395gettime1900d(void) 396{ 397 struct timeval tv; 398 gettimeofday(&tv, NULL); /* never fails */ 399 G.cur_time = tv.tv_sec + (1.0e-6 * tv.tv_usec) + OFFSET_1900_1970; 400 return G.cur_time; 401} 402 403static void 404d_to_tv(double d, struct timeval *tv) 405{ 406 tv->tv_sec = (long)d; 407 tv->tv_usec = (d - tv->tv_sec) * 1000000; 408} 409 410static double 411lfp_to_d(l_fixedpt_t lfp) 412{ 413 double ret; 414 lfp.int_partl = ntohl(lfp.int_partl); 415 lfp.fractionl = ntohl(lfp.fractionl); 416 ret = (double)lfp.int_partl + ((double)lfp.fractionl / UINT_MAX); 417 return ret; 418} 419static double 420sfp_to_d(s_fixedpt_t sfp) 421{ 422 double ret; 423 sfp.int_parts = ntohs(sfp.int_parts); 424 sfp.fractions = ntohs(sfp.fractions); 425 ret = (double)sfp.int_parts + ((double)sfp.fractions / USHRT_MAX); 426 return ret; 427} 428#if ENABLE_FEATURE_NTPD_SERVER 429static l_fixedpt_t 430d_to_lfp(double d) 431{ 432 l_fixedpt_t lfp; 433 lfp.int_partl = (uint32_t)d; 434 lfp.fractionl = (uint32_t)((d - lfp.int_partl) * UINT_MAX); 435 lfp.int_partl = htonl(lfp.int_partl); 436 lfp.fractionl = htonl(lfp.fractionl); 437 return lfp; 438} 439static s_fixedpt_t 440d_to_sfp(double d) 441{ 442 s_fixedpt_t sfp; 443 sfp.int_parts = (uint16_t)d; 444 sfp.fractions = (uint16_t)((d - sfp.int_parts) * USHRT_MAX); 445 sfp.int_parts = htons(sfp.int_parts); 446 sfp.fractions = htons(sfp.fractions); 447 return sfp; 448} 449#endif 450 451static double 452dispersion(const datapoint_t *dp) 453{ 454 return dp->d_dispersion + FREQ_TOLERANCE * (G.cur_time - dp->d_recv_time); 455} 456 457static double 458root_distance(peer_t *p) 459{ 460 /* The root synchronization distance is the maximum error due to 461 * all causes of the local clock relative to the primary server. 462 * It is defined as half the total delay plus total dispersion 463 * plus peer jitter. 464 */ 465 return MAXD(MINDISP, p->lastpkt_rootdelay + p->lastpkt_delay) / 2 466 + p->lastpkt_rootdisp 467 + p->filter_dispersion 468 + FREQ_TOLERANCE * (G.cur_time - p->lastpkt_recv_time) 469 + p->filter_jitter; 470} 471 472static void 473set_next(peer_t *p, unsigned t) 474{ 475 p->next_action_time = G.cur_time + t; 476} 477 478/* 479 * Peer clock filter and its helpers 480 */ 481static void 482filter_datapoints(peer_t *p) 483{ 484 int i, idx; 485 int got_newest; 486 double minoff, maxoff, wavg, sum, w; 487 double x = x; /* for compiler */ 488 double oldest_off = oldest_off; 489 double oldest_age = oldest_age; 490 double newest_off = newest_off; 491 double newest_age = newest_age; 492 493 minoff = maxoff = p->filter_datapoint[0].d_offset; 494 for (i = 1; i < NUM_DATAPOINTS; i++) { 495 if (minoff > p->filter_datapoint[i].d_offset) 496 minoff = p->filter_datapoint[i].d_offset; 497 if (maxoff < p->filter_datapoint[i].d_offset) 498 maxoff = p->filter_datapoint[i].d_offset; 499 } 500 501 idx = p->datapoint_idx; /* most recent datapoint */ 502 /* Average offset: 503 * Drop two outliers and take weighted average of the rest: 504 * most_recent/2 + older1/4 + older2/8 ... + older5/32 + older6/32 505 * we use older6/32, not older6/64 since sum of weights should be 1: 506 * 1/2 + 1/4 + 1/8 + 1/16 + 1/32 + 1/32 = 1 507 */ 508 wavg = 0; 509 w = 0.5; 510 /* n-1 511 * --- dispersion(i) 512 * filter_dispersion = \ ------------- 513 * / (i+1) 514 * --- 2 515 * i=0 516 */ 517 got_newest = 0; 518 sum = 0; 519 for (i = 0; i < NUM_DATAPOINTS; i++) { 520 VERB4 { 521 bb_error_msg("datapoint[%d]: off:%f disp:%f(%f) age:%f%s", 522 i, 523 p->filter_datapoint[idx].d_offset, 524 p->filter_datapoint[idx].d_dispersion, dispersion(&p->filter_datapoint[idx]), 525 G.cur_time - p->filter_datapoint[idx].d_recv_time, 526 (minoff == p->filter_datapoint[idx].d_offset || maxoff == p->filter_datapoint[idx].d_offset) 527 ? " (outlier by offset)" : "" 528 ); 529 } 530 531 sum += dispersion(&p->filter_datapoint[idx]) / (2 << i); 532 533 if (minoff == p->filter_datapoint[idx].d_offset) { 534 minoff -= 1; /* so that we don't match it ever again */ 535 } else 536 if (maxoff == p->filter_datapoint[idx].d_offset) { 537 maxoff += 1; 538 } else { 539 oldest_off = p->filter_datapoint[idx].d_offset; 540 oldest_age = G.cur_time - p->filter_datapoint[idx].d_recv_time; 541 if (!got_newest) { 542 got_newest = 1; 543 newest_off = oldest_off; 544 newest_age = oldest_age; 545 } 546 x = oldest_off * w; 547 wavg += x; 548 w /= 2; 549 } 550 551 idx = (idx - 1) & (NUM_DATAPOINTS - 1); 552 } 553 p->filter_dispersion = sum; 554 wavg += x; /* add another older6/64 to form older6/32 */ 555 /* Fix systematic underestimation with large poll intervals. 556 * Imagine that we still have a bit of uncorrected drift, 557 * and poll interval is big (say, 100 sec). Offsets form a progression: 558 * 0.0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 - 0.7 is most recent. 559 * The algorithm above drops 0.0 and 0.7 as outliers, 560 * and then we have this estimation, ~25% off from 0.7: 561 * 0.1/32 + 0.2/32 + 0.3/16 + 0.4/8 + 0.5/4 + 0.6/2 = 0.503125 562 */ 563 x = oldest_age - newest_age; 564 if (x != 0) { 565 x = newest_age / x; /* in above example, 100 / (600 - 100) */ 566 if (x < 1) { /* paranoia check */ 567 x = (newest_off - oldest_off) * x; /* 0.5 * 100/500 = 0.1 */ 568 wavg += x; 569 } 570 } 571 p->filter_offset = wavg; 572 573 /* +----- -----+ ^ 1/2 574 * | n-1 | 575 * | --- | 576 * | 1 \ 2 | 577 * filter_jitter = | --- * / (avg-offset_j) | 578 * | n --- | 579 * | j=0 | 580 * +----- -----+ 581 * where n is the number of valid datapoints in the filter (n > 1); 582 * if filter_jitter < precision then filter_jitter = precision 583 */ 584 sum = 0; 585 for (i = 0; i < NUM_DATAPOINTS; i++) { 586 sum += SQUARE(wavg - p->filter_datapoint[i].d_offset); 587 } 588 sum = SQRT(sum / NUM_DATAPOINTS); 589 p->filter_jitter = sum > G_precision_sec ? sum : G_precision_sec; 590 591 VERB3 bb_error_msg("filter offset:%f(corr:%e) disp:%f jitter:%f", 592 p->filter_offset, x, 593 p->filter_dispersion, 594 p->filter_jitter); 595 596} 597 598static void 599reset_peer_stats(peer_t *p, double offset) 600{ 601 int i; 602 bool small_ofs = fabs(offset) < 16 * STEP_THRESHOLD; 603 604 for (i = 0; i < NUM_DATAPOINTS; i++) { 605 if (small_ofs) { 606 p->filter_datapoint[i].d_recv_time += offset; 607 if (p->filter_datapoint[i].d_offset != 0) { 608 p->filter_datapoint[i].d_offset += offset; 609 } 610 } else { 611 p->filter_datapoint[i].d_recv_time = G.cur_time; 612 p->filter_datapoint[i].d_offset = 0; 613 p->filter_datapoint[i].d_dispersion = MAXDISP; 614 } 615 } 616 if (small_ofs) { 617 p->lastpkt_recv_time += offset; 618 } else { 619 p->reachable_bits = 0; 620 p->lastpkt_recv_time = G.cur_time; 621 } 622 filter_datapoints(p); /* recalc p->filter_xxx */ 623 VERB5 bb_error_msg("%s->lastpkt_recv_time=%f", p->p_dotted, p->lastpkt_recv_time); 624} 625 626static void 627add_peers(char *s) 628{ 629 peer_t *p; 630 631 p = xzalloc(sizeof(*p)); 632 p->p_lsa = xhost2sockaddr(s, 123); 633 p->p_dotted = xmalloc_sockaddr2dotted_noport(&p->p_lsa->u.sa); 634 p->p_fd = -1; 635 p->p_xmt_msg.m_status = MODE_CLIENT | (NTP_VERSION << 3); 636 p->next_action_time = G.cur_time; /* = set_next(p, 0); */ 637 reset_peer_stats(p, 16 * STEP_THRESHOLD); 638 639 llist_add_to(&G.ntp_peers, p); 640 G.peer_cnt++; 641} 642 643static int 644do_sendto(int fd, 645 const struct sockaddr *from, const struct sockaddr *to, socklen_t addrlen, 646 msg_t *msg, ssize_t len) 647{ 648 ssize_t ret; 649 650 errno = 0; 651 if (!from) { 652 ret = sendto(fd, msg, len, MSG_DONTWAIT, to, addrlen); 653 } else { 654 ret = send_to_from(fd, msg, len, MSG_DONTWAIT, to, from, addrlen); 655 } 656 if (ret != len) { 657 bb_perror_msg("send failed"); 658 return -1; 659 } 660 return 0; 661} 662 663static void 664send_query_to_peer(peer_t *p) 665{ 666 /* Why do we need to bind()? 667 * See what happens when we don't bind: 668 * 669 * socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 3 670 * setsockopt(3, SOL_IP, IP_TOS, [16], 4) = 0 671 * gettimeofday({1259071266, 327885}, NULL) = 0 672 * sendto(3, "xxx", 48, MSG_DONTWAIT, {sa_family=AF_INET, sin_port=htons(123), sin_addr=inet_addr("10.34.32.125")}, 16) = 48 673 * ^^^ we sent it from some source port picked by kernel. 674 * time(NULL) = 1259071266 675 * write(2, "ntpd: entering poll 15 secs\n", 28) = 28 676 * poll([{fd=3, events=POLLIN}], 1, 15000) = 1 ([{fd=3, revents=POLLIN}]) 677 * recv(3, "yyy", 68, MSG_DONTWAIT) = 48 678 * ^^^ this recv will receive packets to any local port! 679 * 680 * Uncomment this and use strace to see it in action: 681 */ 682#define PROBE_LOCAL_ADDR /* { len_and_sockaddr lsa; lsa.len = LSA_SIZEOF_SA; getsockname(p->query.fd, &lsa.u.sa, &lsa.len); } */ 683 684 if (p->p_fd == -1) { 685 int fd, family; 686 len_and_sockaddr *local_lsa; 687 688 family = p->p_lsa->u.sa.sa_family; 689 p->p_fd = fd = xsocket_type(&local_lsa, family, SOCK_DGRAM); 690 /* local_lsa has "null" address and port 0 now. 691 * bind() ensures we have a *particular port* selected by kernel 692 * and remembered in p->p_fd, thus later recv(p->p_fd) 693 * receives only packets sent to this port. 694 */ 695 PROBE_LOCAL_ADDR 696 xbind(fd, &local_lsa->u.sa, local_lsa->len); 697 PROBE_LOCAL_ADDR 698#if ENABLE_FEATURE_IPV6 699 if (family == AF_INET) 700#endif 701 setsockopt(fd, IPPROTO_IP, IP_TOS, &const_IPTOS_LOWDELAY, sizeof(const_IPTOS_LOWDELAY)); 702 free(local_lsa); 703 } 704 705 /* 706 * Send out a random 64-bit number as our transmit time. The NTP 707 * server will copy said number into the originate field on the 708 * response that it sends us. This is totally legal per the SNTP spec. 709 * 710 * The impact of this is two fold: we no longer send out the current 711 * system time for the world to see (which may aid an attacker), and 712 * it gives us a (not very secure) way of knowing that we're not 713 * getting spoofed by an attacker that can't capture our traffic 714 * but can spoof packets from the NTP server we're communicating with. 715 * 716 * Save the real transmit timestamp locally. 717 */ 718 p->p_xmt_msg.m_xmttime.int_partl = random(); 719 p->p_xmt_msg.m_xmttime.fractionl = random(); 720 p->p_xmttime = gettime1900d(); 721 722 if (do_sendto(p->p_fd, /*from:*/ NULL, /*to:*/ &p->p_lsa->u.sa, /*addrlen:*/ p->p_lsa->len, 723 &p->p_xmt_msg, NTP_MSGSIZE_NOAUTH) == -1 724 ) { 725 close(p->p_fd); 726 p->p_fd = -1; 727 set_next(p, RETRY_INTERVAL); 728 return; 729 } 730 731 p->reachable_bits <<= 1; 732 VERB1 bb_error_msg("sent query to %s", p->p_dotted); 733 set_next(p, RESPONSE_INTERVAL); 734} 735 736 737/* Note that there is no provision to prevent several run_scripts 738 * to be done in quick succession. In fact, it happens rather often 739 * if initial syncronization results in a step. 740 * You will see "step" and then "stratum" script runs, sometimes 741 * as close as only 0.002 seconds apart. 742 * Script should be ready to deal with this. 743 */ 744static void run_script(const char *action, double offset) 745{ 746 char *argv[3]; 747 char *env1, *env2, *env3, *env4; 748 749 if (!G.script_name) 750 return; 751 752 argv[0] = (char*) G.script_name; 753 argv[1] = (char*) action; 754 argv[2] = NULL; 755 756 VERB1 bb_error_msg("executing '%s %s'", G.script_name, action); 757 758 env1 = xasprintf("%s=%u", "stratum", G.stratum); 759 putenv(env1); 760 env2 = xasprintf("%s=%ld", "freq_drift_ppm", G.kernel_freq_drift); 761 putenv(env2); 762 env3 = xasprintf("%s=%u", "poll_interval", 1 << G.poll_exp); 763 putenv(env3); 764 env4 = xasprintf("%s=%f", "offset", offset); 765 putenv(env4); 766 /* Other items of potential interest: selected peer, 767 * rootdelay, reftime, rootdisp, refid, ntp_status, 768 * last_update_offset, last_update_recv_time, discipline_jitter, 769 * how many peers have reachable_bits = 0? 770 */ 771 772 /* Don't want to wait: it may run hwclock --systohc, and that 773 * may take some time (seconds): */ 774 /*spawn_and_wait(argv);*/ 775 spawn(argv); 776 777 unsetenv("stratum"); 778 unsetenv("freq_drift_ppm"); 779 unsetenv("poll_interval"); 780 unsetenv("offset"); 781 free(env1); 782 free(env2); 783 free(env3); 784 free(env4); 785 786 G.last_script_run = G.cur_time; 787} 788 789static NOINLINE void 790step_time(double offset) 791{ 792 llist_t *item; 793 double dtime; 794 struct timeval tv; 795 char buf[80]; 796 time_t tval; 797 798 gettimeofday(&tv, NULL); /* never fails */ 799 dtime = offset + tv.tv_sec; 800 dtime += 1.0e-6 * tv.tv_usec; 801 d_to_tv(dtime, &tv); 802 803 if (settimeofday(&tv, NULL) == -1) 804 bb_perror_msg_and_die("settimeofday"); 805 806 tval = tv.tv_sec; 807 strftime(buf, sizeof(buf), "%a %b %e %H:%M:%S %Z %Y", localtime(&tval)); 808 809 bb_error_msg("setting clock to %s (offset %fs)", buf, offset); 810 811 /* Correct various fields which contain time-relative values: */ 812 813 /* p->lastpkt_recv_time, p->next_action_time and such: */ 814 for (item = G.ntp_peers; item != NULL; item = item->link) { 815 peer_t *pp = (peer_t *) item->data; 816 reset_peer_stats(pp, offset); 817 //bb_error_msg("offset:%f pp->next_action_time:%f -> %f", 818 // offset, pp->next_action_time, pp->next_action_time + offset); 819 pp->next_action_time += offset; 820 } 821 /* Globals: */ 822 G.cur_time += offset; 823 G.last_update_recv_time += offset; 824 G.last_script_run += offset; 825} 826 827 828/* 829 * Selection and clustering, and their helpers 830 */ 831typedef struct { 832 peer_t *p; 833 int type; 834 double edge; 835 double opt_rd; /* optimization */ 836} point_t; 837static int 838compare_point_edge(const void *aa, const void *bb) 839{ 840 const point_t *a = aa; 841 const point_t *b = bb; 842 if (a->edge < b->edge) { 843 return -1; 844 } 845 return (a->edge > b->edge); 846} 847typedef struct { 848 peer_t *p; 849 double metric; 850} survivor_t; 851static int 852compare_survivor_metric(const void *aa, const void *bb) 853{ 854 const survivor_t *a = aa; 855 const survivor_t *b = bb; 856 if (a->metric < b->metric) { 857 return -1; 858 } 859 return (a->metric > b->metric); 860} 861static int 862fit(peer_t *p, double rd) 863{ 864 if ((p->reachable_bits & (p->reachable_bits-1)) == 0) { 865 /* One or zero bits in reachable_bits */ 866 VERB3 bb_error_msg("peer %s unfit for selection: unreachable", p->p_dotted); 867 return 0; 868 } 869#if 0 /* we filter out such packets earlier */ 870 if ((p->lastpkt_status & LI_ALARM) == LI_ALARM 871 || p->lastpkt_stratum >= MAXSTRAT 872 ) { 873 VERB3 bb_error_msg("peer %s unfit for selection: bad status/stratum", p->p_dotted); 874 return 0; 875 } 876#endif 877 /* rd is root_distance(p) */ 878 if (rd > MAXDIST + FREQ_TOLERANCE * (1 << G.poll_exp)) { 879 VERB3 bb_error_msg("peer %s unfit for selection: root distance too high", p->p_dotted); 880 return 0; 881 } 882//TODO 883// /* Do we have a loop? */ 884// if (p->refid == p->dstaddr || p->refid == s.refid) 885// return 0; 886 return 1; 887} 888static peer_t* 889select_and_cluster(void) 890{ 891 peer_t *p; 892 llist_t *item; 893 int i, j; 894 int size = 3 * G.peer_cnt; 895 /* for selection algorithm */ 896 point_t point[size]; 897 unsigned num_points, num_candidates; 898 double low, high; 899 unsigned num_falsetickers; 900 /* for cluster algorithm */ 901 survivor_t survivor[size]; 902 unsigned num_survivors; 903 904 /* Selection */ 905 906 num_points = 0; 907 item = G.ntp_peers; 908 if (G.initial_poll_complete) while (item != NULL) { 909 double rd, offset; 910 911 p = (peer_t *) item->data; 912 rd = root_distance(p); 913 offset = p->filter_offset; 914 if (!fit(p, rd)) { 915 item = item->link; 916 continue; 917 } 918 919 VERB4 bb_error_msg("interval: [%f %f %f] %s", 920 offset - rd, 921 offset, 922 offset + rd, 923 p->p_dotted 924 ); 925 point[num_points].p = p; 926 point[num_points].type = -1; 927 point[num_points].edge = offset - rd; 928 point[num_points].opt_rd = rd; 929 num_points++; 930 point[num_points].p = p; 931 point[num_points].type = 0; 932 point[num_points].edge = offset; 933 point[num_points].opt_rd = rd; 934 num_points++; 935 point[num_points].p = p; 936 point[num_points].type = 1; 937 point[num_points].edge = offset + rd; 938 point[num_points].opt_rd = rd; 939 num_points++; 940 item = item->link; 941 } 942 num_candidates = num_points / 3; 943 if (num_candidates == 0) { 944 VERB3 bb_error_msg("no valid datapoints, no peer selected"); 945 return NULL; 946 } 947//TODO: sorting does not seem to be done in reference code 948 qsort(point, num_points, sizeof(point[0]), compare_point_edge); 949 950 /* Start with the assumption that there are no falsetickers. 951 * Attempt to find a nonempty intersection interval containing 952 * the midpoints of all truechimers. 953 * If a nonempty interval cannot be found, increase the number 954 * of assumed falsetickers by one and try again. 955 * If a nonempty interval is found and the number of falsetickers 956 * is less than the number of truechimers, a majority has been found 957 * and the midpoint of each truechimer represents 958 * the candidates available to the cluster algorithm. 959 */ 960 num_falsetickers = 0; 961 while (1) { 962 int c; 963 unsigned num_midpoints = 0; 964 965 low = 1 << 9; 966 high = - (1 << 9); 967 c = 0; 968 for (i = 0; i < num_points; i++) { 969 /* We want to do: 970 * if (point[i].type == -1) c++; 971 * if (point[i].type == 1) c--; 972 * and it's simpler to do it this way: 973 */ 974 c -= point[i].type; 975 if (c >= num_candidates - num_falsetickers) { 976 /* If it was c++ and it got big enough... */ 977 low = point[i].edge; 978 break; 979 } 980 if (point[i].type == 0) 981 num_midpoints++; 982 } 983 c = 0; 984 for (i = num_points-1; i >= 0; i--) { 985 c += point[i].type; 986 if (c >= num_candidates - num_falsetickers) { 987 high = point[i].edge; 988 break; 989 } 990 if (point[i].type == 0) 991 num_midpoints++; 992 } 993 /* If the number of midpoints is greater than the number 994 * of allowed falsetickers, the intersection contains at 995 * least one truechimer with no midpoint - bad. 996 * Also, interval should be nonempty. 997 */ 998 if (num_midpoints <= num_falsetickers && low < high) 999 break; 1000 num_falsetickers++; 1001 if (num_falsetickers * 2 >= num_candidates) { 1002 VERB3 bb_error_msg("too many falsetickers:%d (candidates:%d), no peer selected", 1003 num_falsetickers, num_candidates); 1004 return NULL; 1005 } 1006 } 1007 VERB3 bb_error_msg("selected interval: [%f, %f]; candidates:%d falsetickers:%d", 1008 low, high, num_candidates, num_falsetickers); 1009 1010 /* Clustering */ 1011 1012 /* Construct a list of survivors (p, metric) 1013 * from the chime list, where metric is dominated 1014 * first by stratum and then by root distance. 1015 * All other things being equal, this is the order of preference. 1016 */ 1017 num_survivors = 0; 1018 for (i = 0; i < num_points; i++) { 1019 if (point[i].edge < low || point[i].edge > high) 1020 continue; 1021 p = point[i].p; 1022 survivor[num_survivors].p = p; 1023 /* x.opt_rd == root_distance(p); */ 1024 survivor[num_survivors].metric = MAXDIST * p->lastpkt_stratum + point[i].opt_rd; 1025 VERB4 bb_error_msg("survivor[%d] metric:%f peer:%s", 1026 num_survivors, survivor[num_survivors].metric, p->p_dotted); 1027 num_survivors++; 1028 } 1029 /* There must be at least MIN_SELECTED survivors to satisfy the 1030 * correctness assertions. Ordinarily, the Byzantine criteria 1031 * require four survivors, but for the demonstration here, one 1032 * is acceptable. 1033 */ 1034 if (num_survivors < MIN_SELECTED) { 1035 VERB3 bb_error_msg("num_survivors %d < %d, no peer selected", 1036 num_survivors, MIN_SELECTED); 1037 return NULL; 1038 } 1039 1040//looks like this is ONLY used by the fact that later we pick survivor[0]. 1041//we can avoid sorting then, just find the minimum once! 1042 qsort(survivor, num_survivors, sizeof(survivor[0]), compare_survivor_metric); 1043 1044 /* For each association p in turn, calculate the selection 1045 * jitter p->sjitter as the square root of the sum of squares 1046 * (p->offset - q->offset) over all q associations. The idea is 1047 * to repeatedly discard the survivor with maximum selection 1048 * jitter until a termination condition is met. 1049 */ 1050 while (1) { 1051 unsigned max_idx = max_idx; 1052 double max_selection_jitter = max_selection_jitter; 1053 double min_jitter = min_jitter; 1054 1055 if (num_survivors <= MIN_CLUSTERED) { 1056 VERB3 bb_error_msg("num_survivors %d <= %d, not discarding more", 1057 num_survivors, MIN_CLUSTERED); 1058 break; 1059 } 1060 1061 /* To make sure a few survivors are left 1062 * for the clustering algorithm to chew on, 1063 * we stop if the number of survivors 1064 * is less than or equal to MIN_CLUSTERED (3). 1065 */ 1066 for (i = 0; i < num_survivors; i++) { 1067 double selection_jitter_sq; 1068 1069 p = survivor[i].p; 1070 if (i == 0 || p->filter_jitter < min_jitter) 1071 min_jitter = p->filter_jitter; 1072 1073 selection_jitter_sq = 0; 1074 for (j = 0; j < num_survivors; j++) { 1075 peer_t *q = survivor[j].p; 1076 selection_jitter_sq += SQUARE(p->filter_offset - q->filter_offset); 1077 } 1078 if (i == 0 || selection_jitter_sq > max_selection_jitter) { 1079 max_selection_jitter = selection_jitter_sq; 1080 max_idx = i; 1081 } 1082 VERB5 bb_error_msg("survivor %d selection_jitter^2:%f", 1083 i, selection_jitter_sq); 1084 } 1085 max_selection_jitter = SQRT(max_selection_jitter / num_survivors); 1086 VERB4 bb_error_msg("max_selection_jitter (at %d):%f min_jitter:%f", 1087 max_idx, max_selection_jitter, min_jitter); 1088 1089 /* If the maximum selection jitter is less than the 1090 * minimum peer jitter, then tossing out more survivors 1091 * will not lower the minimum peer jitter, so we might 1092 * as well stop. 1093 */ 1094 if (max_selection_jitter < min_jitter) { 1095 VERB3 bb_error_msg("max_selection_jitter:%f < min_jitter:%f, num_survivors:%d, not discarding more", 1096 max_selection_jitter, min_jitter, num_survivors); 1097 break; 1098 } 1099 1100 /* Delete survivor[max_idx] from the list 1101 * and go around again. 1102 */ 1103 VERB5 bb_error_msg("dropping survivor %d", max_idx); 1104 num_survivors--; 1105 while (max_idx < num_survivors) { 1106 survivor[max_idx] = survivor[max_idx + 1]; 1107 max_idx++; 1108 } 1109 } 1110 1111 if (0) { 1112 /* Combine the offsets of the clustering algorithm survivors 1113 * using a weighted average with weight determined by the root 1114 * distance. Compute the selection jitter as the weighted RMS 1115 * difference between the first survivor and the remaining 1116 * survivors. In some cases the inherent clock jitter can be 1117 * reduced by not using this algorithm, especially when frequent 1118 * clockhopping is involved. bbox: thus we don't do it. 1119 */ 1120 double x, y, z, w; 1121 y = z = w = 0; 1122 for (i = 0; i < num_survivors; i++) { 1123 p = survivor[i].p; 1124 x = root_distance(p); 1125 y += 1 / x; 1126 z += p->filter_offset / x; 1127 w += SQUARE(p->filter_offset - survivor[0].p->filter_offset) / x; 1128 } 1129 //G.cluster_offset = z / y; 1130 //G.cluster_jitter = SQRT(w / y); 1131 } 1132 1133 /* Pick the best clock. If the old system peer is on the list 1134 * and at the same stratum as the first survivor on the list, 1135 * then don't do a clock hop. Otherwise, select the first 1136 * survivor on the list as the new system peer. 1137 */ 1138 p = survivor[0].p; 1139 if (G.last_update_peer 1140 && G.last_update_peer->lastpkt_stratum <= p->lastpkt_stratum 1141 ) { 1142 /* Starting from 1 is ok here */ 1143 for (i = 1; i < num_survivors; i++) { 1144 if (G.last_update_peer == survivor[i].p) { 1145 VERB4 bb_error_msg("keeping old synced peer"); 1146 p = G.last_update_peer; 1147 goto keep_old; 1148 } 1149 } 1150 } 1151 G.last_update_peer = p; 1152 keep_old: 1153 VERB3 bb_error_msg("selected peer %s filter_offset:%f age:%f", 1154 p->p_dotted, 1155 p->filter_offset, 1156 G.cur_time - p->lastpkt_recv_time 1157 ); 1158 return p; 1159} 1160 1161 1162/* 1163 * Local clock discipline and its helpers 1164 */ 1165static void 1166set_new_values(int disc_state, double offset, double recv_time) 1167{ 1168 /* Enter new state and set state variables. Note we use the time 1169 * of the last clock filter sample, which must be earlier than 1170 * the current time. 1171 */ 1172 VERB3 bb_error_msg("disc_state=%d last update offset=%f recv_time=%f", 1173 disc_state, offset, recv_time); 1174 G.discipline_state = disc_state; 1175 G.last_update_offset = offset; 1176 G.last_update_recv_time = recv_time; 1177} 1178/* Return: -1: decrease poll interval, 0: leave as is, 1: increase */ 1179static NOINLINE int 1180update_local_clock(peer_t *p) 1181{ 1182 int rc; 1183 struct timex tmx; 1184 /* Note: can use G.cluster_offset instead: */ 1185 double offset = p->filter_offset; 1186 double recv_time = p->lastpkt_recv_time; 1187 double abs_offset; 1188#if !USING_KERNEL_PLL_LOOP 1189 double freq_drift; 1190#endif 1191 double since_last_update; 1192 double etemp, dtemp; 1193 1194 abs_offset = fabs(offset); 1195 1196#if 0 1197 /* If needed, -S script can do it by looking at $offset 1198 * env var and killing parent */ 1199 /* If the offset is too large, give up and go home */ 1200 if (abs_offset > PANIC_THRESHOLD) { 1201 bb_error_msg_and_die("offset %f far too big, exiting", offset); 1202 } 1203#endif 1204 1205 /* If this is an old update, for instance as the result 1206 * of a system peer change, avoid it. We never use 1207 * an old sample or the same sample twice. 1208 */ 1209 if (recv_time <= G.last_update_recv_time) { 1210 VERB3 bb_error_msg("same or older datapoint: %f >= %f, not using it", 1211 G.last_update_recv_time, recv_time); 1212 return 0; /* "leave poll interval as is" */ 1213 } 1214 1215 /* Clock state machine transition function. This is where the 1216 * action is and defines how the system reacts to large time 1217 * and frequency errors. 1218 */ 1219 since_last_update = recv_time - G.reftime; 1220#if !USING_KERNEL_PLL_LOOP 1221 freq_drift = 0; 1222#endif 1223#if USING_INITIAL_FREQ_ESTIMATION 1224 if (G.discipline_state == STATE_FREQ) { 1225 /* Ignore updates until the stepout threshold */ 1226 if (since_last_update < WATCH_THRESHOLD) { 1227 VERB3 bb_error_msg("measuring drift, datapoint ignored, %f sec remains", 1228 WATCH_THRESHOLD - since_last_update); 1229 return 0; /* "leave poll interval as is" */ 1230 } 1231# if !USING_KERNEL_PLL_LOOP 1232 freq_drift = (offset - G.last_update_offset) / since_last_update; 1233# endif 1234 } 1235#endif 1236 1237 /* There are two main regimes: when the 1238 * offset exceeds the step threshold and when it does not. 1239 */ 1240 if (abs_offset > STEP_THRESHOLD) { 1241 switch (G.discipline_state) { 1242 case STATE_SYNC: 1243 /* The first outlyer: ignore it, switch to SPIK state */ 1244 VERB3 bb_error_msg("offset:%f - spike detected", offset); 1245 G.discipline_state = STATE_SPIK; 1246 return -1; /* "decrease poll interval" */ 1247 1248 case STATE_SPIK: 1249 /* Ignore succeeding outlyers until either an inlyer 1250 * is found or the stepout threshold is exceeded. 1251 */ 1252 if (since_last_update < WATCH_THRESHOLD) { 1253 VERB3 bb_error_msg("spike detected, datapoint ignored, %f sec remains", 1254 WATCH_THRESHOLD - since_last_update); 1255 return -1; /* "decrease poll interval" */ 1256 } 1257 /* fall through: we need to step */ 1258 } /* switch */ 1259 1260 /* Step the time and clamp down the poll interval. 1261 * 1262 * In NSET state an initial frequency correction is 1263 * not available, usually because the frequency file has 1264 * not yet been written. Since the time is outside the 1265 * capture range, the clock is stepped. The frequency 1266 * will be set directly following the stepout interval. 1267 * 1268 * In FSET state the initial frequency has been set 1269 * from the frequency file. Since the time is outside 1270 * the capture range, the clock is stepped immediately, 1271 * rather than after the stepout interval. Guys get 1272 * nervous if it takes 17 minutes to set the clock for 1273 * the first time. 1274 * 1275 * In SPIK state the stepout threshold has expired and 1276 * the phase is still above the step threshold. Note 1277 * that a single spike greater than the step threshold 1278 * is always suppressed, even at the longer poll 1279 * intervals. 1280 */ 1281 VERB3 bb_error_msg("stepping time by %f; poll_exp=MINPOLL", offset); 1282 step_time(offset); 1283 if (option_mask32 & OPT_q) { 1284 /* We were only asked to set time once. Done. */ 1285 exit(0); 1286 } 1287 1288 G.polladj_count = 0; 1289 G.poll_exp = MINPOLL; 1290 G.stratum = MAXSTRAT; 1291 1292 run_script("step", offset); 1293 1294#if USING_INITIAL_FREQ_ESTIMATION 1295 if (G.discipline_state == STATE_NSET) { 1296 set_new_values(STATE_FREQ, /*offset:*/ 0, recv_time); 1297 return 1; /* "ok to increase poll interval" */ 1298 } 1299#endif 1300 set_new_values(STATE_SYNC, /*offset:*/ 0, recv_time); 1301 1302 } else { /* abs_offset <= STEP_THRESHOLD */ 1303 1304 if (G.poll_exp < MINPOLL && G.initial_poll_complete) { 1305 VERB3 bb_error_msg("small offset:%f, disabling burst mode", offset); 1306 G.polladj_count = 0; 1307 G.poll_exp = MINPOLL; 1308 } 1309 1310 /* Compute the clock jitter as the RMS of exponentially 1311 * weighted offset differences. Used by the poll adjust code. 1312 */ 1313 etemp = SQUARE(G.discipline_jitter); 1314 dtemp = SQUARE(MAXD(fabs(offset - G.last_update_offset), G_precision_sec)); 1315 G.discipline_jitter = SQRT(etemp + (dtemp - etemp) / AVG); 1316 VERB3 bb_error_msg("discipline jitter=%f", G.discipline_jitter); 1317 1318 switch (G.discipline_state) { 1319 case STATE_NSET: 1320 if (option_mask32 & OPT_q) { 1321 /* We were only asked to set time once. 1322 * The clock is precise enough, no need to step. 1323 */ 1324 exit(0); 1325 } 1326#if USING_INITIAL_FREQ_ESTIMATION 1327 /* This is the first update received and the frequency 1328 * has not been initialized. The first thing to do 1329 * is directly measure the oscillator frequency. 1330 */ 1331 set_new_values(STATE_FREQ, offset, recv_time); 1332#else 1333 set_new_values(STATE_SYNC, offset, recv_time); 1334#endif 1335 VERB3 bb_error_msg("transitioning to FREQ, datapoint ignored"); 1336 return 0; /* "leave poll interval as is" */ 1337 1338#if 0 /* this is dead code for now */ 1339 case STATE_FSET: 1340 /* This is the first update and the frequency 1341 * has been initialized. Adjust the phase, but 1342 * don't adjust the frequency until the next update. 1343 */ 1344 set_new_values(STATE_SYNC, offset, recv_time); 1345 /* freq_drift remains 0 */ 1346 break; 1347#endif 1348 1349#if USING_INITIAL_FREQ_ESTIMATION 1350 case STATE_FREQ: 1351 /* since_last_update >= WATCH_THRESHOLD, we waited enough. 1352 * Correct the phase and frequency and switch to SYNC state. 1353 * freq_drift was already estimated (see code above) 1354 */ 1355 set_new_values(STATE_SYNC, offset, recv_time); 1356 break; 1357#endif 1358 1359 default: 1360#if !USING_KERNEL_PLL_LOOP 1361 /* Compute freq_drift due to PLL and FLL contributions. 1362 * 1363 * The FLL and PLL frequency gain constants 1364 * depend on the poll interval and Allan 1365 * intercept. The FLL is not used below one-half 1366 * the Allan intercept. Above that the loop gain 1367 * increases in steps to 1 / AVG. 1368 */ 1369 if ((1 << G.poll_exp) > ALLAN / 2) { 1370 etemp = FLL - G.poll_exp; 1371 if (etemp < AVG) 1372 etemp = AVG; 1373 freq_drift += (offset - G.last_update_offset) / (MAXD(since_last_update, ALLAN) * etemp); 1374 } 1375 /* For the PLL the integration interval 1376 * (numerator) is the minimum of the update 1377 * interval and poll interval. This allows 1378 * oversampling, but not undersampling. 1379 */ 1380 etemp = MIND(since_last_update, (1 << G.poll_exp)); 1381 dtemp = (4 * PLL) << G.poll_exp; 1382 freq_drift += offset * etemp / SQUARE(dtemp); 1383#endif 1384 set_new_values(STATE_SYNC, offset, recv_time); 1385 break; 1386 } 1387 if (G.stratum != p->lastpkt_stratum + 1) { 1388 G.stratum = p->lastpkt_stratum + 1; 1389 run_script("stratum", offset); 1390 } 1391 } 1392 1393 G.reftime = G.cur_time; 1394 G.ntp_status = p->lastpkt_status; 1395 G.refid = p->lastpkt_refid; 1396 G.rootdelay = p->lastpkt_rootdelay + p->lastpkt_delay; 1397 dtemp = p->filter_jitter; // SQRT(SQUARE(p->filter_jitter) + SQUARE(G.cluster_jitter)); 1398 dtemp += MAXD(p->filter_dispersion + FREQ_TOLERANCE * (G.cur_time - p->lastpkt_recv_time) + abs_offset, MINDISP); 1399 G.rootdisp = p->lastpkt_rootdisp + dtemp; 1400 VERB3 bb_error_msg("updating leap/refid/reftime/rootdisp from peer %s", p->p_dotted); 1401 1402 /* We are in STATE_SYNC now, but did not do adjtimex yet. 1403 * (Any other state does not reach this, they all return earlier) 1404 * By this time, freq_drift and G.last_update_offset are set 1405 * to values suitable for adjtimex. 1406 */ 1407#if !USING_KERNEL_PLL_LOOP 1408 /* Calculate the new frequency drift and frequency stability (wander). 1409 * Compute the clock wander as the RMS of exponentially weighted 1410 * frequency differences. This is not used directly, but can, 1411 * along with the jitter, be a highly useful monitoring and 1412 * debugging tool. 1413 */ 1414 dtemp = G.discipline_freq_drift + freq_drift; 1415 G.discipline_freq_drift = MAXD(MIND(MAXDRIFT, dtemp), -MAXDRIFT); 1416 etemp = SQUARE(G.discipline_wander); 1417 dtemp = SQUARE(dtemp); 1418 G.discipline_wander = SQRT(etemp + (dtemp - etemp) / AVG); 1419 1420 VERB3 bb_error_msg("discipline freq_drift=%.9f(int:%ld corr:%e) wander=%f", 1421 G.discipline_freq_drift, 1422 (long)(G.discipline_freq_drift * 65536e6), 1423 freq_drift, 1424 G.discipline_wander); 1425#endif 1426 VERB3 { 1427 memset(&tmx, 0, sizeof(tmx)); 1428 if (adjtimex(&tmx) < 0) 1429 bb_perror_msg_and_die("adjtimex"); 1430 VERB3 bb_error_msg("p adjtimex freq:%ld offset:%ld constant:%ld status:0x%x", 1431 tmx.freq, tmx.offset, tmx.constant, tmx.status); 1432 } 1433 1434 memset(&tmx, 0, sizeof(tmx)); 1435#if 0 1436//doesn't work, offset remains 0 (!) in kernel: 1437//ntpd: set adjtimex freq:1786097 tmx.offset:77487 1438//ntpd: prev adjtimex freq:1786097 tmx.offset:0 1439//ntpd: cur adjtimex freq:1786097 tmx.offset:0 1440 tmx.modes = ADJ_FREQUENCY | ADJ_OFFSET; 1441 /* 65536 is one ppm */ 1442 tmx.freq = G.discipline_freq_drift * 65536e6; 1443 tmx.offset = G.last_update_offset * 1000000; /* usec */ 1444#endif 1445 tmx.modes = ADJ_OFFSET | ADJ_STATUS | ADJ_TIMECONST;// | ADJ_MAXERROR | ADJ_ESTERROR; 1446 tmx.offset = (G.last_update_offset * 1000000); /* usec */ 1447 /* + (G.last_update_offset < 0 ? -0.5 : 0.5) - too small to bother */ 1448 tmx.status = STA_PLL; 1449 if (G.ntp_status & LI_PLUSSEC) 1450 tmx.status |= STA_INS; 1451 if (G.ntp_status & LI_MINUSSEC) 1452 tmx.status |= STA_DEL; 1453 tmx.constant = G.poll_exp - 4; 1454 //tmx.esterror = (u_int32)(clock_jitter * 1e6); 1455 //tmx.maxerror = (u_int32)((sys_rootdelay / 2 + sys_rootdisp) * 1e6); 1456 rc = adjtimex(&tmx); 1457 if (rc < 0) 1458 bb_perror_msg_and_die("adjtimex"); 1459 /* NB: here kernel returns constant == G.poll_exp, not == G.poll_exp - 4. 1460 * Not sure why. Perhaps it is normal. 1461 */ 1462 VERB3 bb_error_msg("adjtimex:%d freq:%ld offset:%ld constant:%ld status:0x%x", 1463 rc, tmx.freq, tmx.offset, tmx.constant, tmx.status); 1464#if 0 1465 VERB3 { 1466 /* always gives the same output as above msg */ 1467 memset(&tmx, 0, sizeof(tmx)); 1468 if (adjtimex(&tmx) < 0) 1469 bb_perror_msg_and_die("adjtimex"); 1470 VERB3 bb_error_msg("c adjtimex freq:%ld offset:%ld constant:%ld status:0x%x", 1471 tmx.freq, tmx.offset, tmx.constant, tmx.status); 1472 } 1473#endif 1474 G.kernel_freq_drift = tmx.freq / 65536; 1475 VERB2 bb_error_msg("update peer:%s, offset:%f, clock drift:%ld ppm", 1476 p->p_dotted, G.last_update_offset, G.kernel_freq_drift); 1477 1478 return 1; /* "ok to increase poll interval" */ 1479} 1480 1481 1482/* 1483 * We've got a new reply packet from a peer, process it 1484 * (helpers first) 1485 */ 1486static unsigned 1487retry_interval(void) 1488{ 1489 /* Local problem, want to retry soon */ 1490 unsigned interval, r; 1491 interval = RETRY_INTERVAL; 1492 r = random(); 1493 interval += r % (unsigned)(RETRY_INTERVAL / 4); 1494 VERB3 bb_error_msg("chose retry interval:%u", interval); 1495 return interval; 1496} 1497static unsigned 1498poll_interval(int exponent) 1499{ 1500 unsigned interval, r; 1501 exponent = G.poll_exp + exponent; 1502 if (exponent < 0) 1503 exponent = 0; 1504 interval = 1 << exponent; 1505 r = random(); 1506 interval += ((r & (interval-1)) >> 4) + ((r >> 8) & 1); /* + 1/16 of interval, max */ 1507 VERB3 bb_error_msg("chose poll interval:%u (poll_exp:%d exp:%d)", interval, G.poll_exp, exponent); 1508 return interval; 1509} 1510static NOINLINE void 1511recv_and_process_peer_pkt(peer_t *p) 1512{ 1513 int rc; 1514 ssize_t size; 1515 msg_t msg; 1516 double T1, T2, T3, T4; 1517 unsigned interval; 1518 datapoint_t *datapoint; 1519 peer_t *q; 1520 1521 /* We can recvfrom here and check from.IP, but some multihomed 1522 * ntp servers reply from their *other IP*. 1523 * TODO: maybe we should check at least what we can: from.port == 123? 1524 */ 1525 size = recv(p->p_fd, &msg, sizeof(msg), MSG_DONTWAIT); 1526 if (size == -1) { 1527 bb_perror_msg("recv(%s) error", p->p_dotted); 1528 if (errno == EHOSTUNREACH || errno == EHOSTDOWN 1529 || errno == ENETUNREACH || errno == ENETDOWN 1530 || errno == ECONNREFUSED || errno == EADDRNOTAVAIL 1531 || errno == EAGAIN 1532 ) { 1533//TODO: always do this? 1534 interval = retry_interval(); 1535 goto set_next_and_close_sock; 1536 } 1537 xfunc_die(); 1538 } 1539 1540 if (size != NTP_MSGSIZE_NOAUTH && size != NTP_MSGSIZE) { 1541 bb_error_msg("malformed packet received from %s", p->p_dotted); 1542 goto bail; 1543 } 1544 1545 if (msg.m_orgtime.int_partl != p->p_xmt_msg.m_xmttime.int_partl 1546 || msg.m_orgtime.fractionl != p->p_xmt_msg.m_xmttime.fractionl 1547 ) { 1548 goto bail; 1549 } 1550 1551 if ((msg.m_status & LI_ALARM) == LI_ALARM 1552 || msg.m_stratum == 0 1553 || msg.m_stratum > NTP_MAXSTRATUM 1554 ) { 1555// TODO: stratum 0 responses may have commands in 32-bit m_refid field: 1556// "DENY", "RSTR" - peer does not like us at all 1557// "RATE" - peer is overloaded, reduce polling freq 1558 interval = poll_interval(0); 1559 bb_error_msg("reply from %s: not synced, next query in %us", p->p_dotted, interval); 1560 goto set_next_and_close_sock; 1561 } 1562 1563// /* Verify valid root distance */ 1564// if (msg.m_rootdelay / 2 + msg.m_rootdisp >= MAXDISP || p->lastpkt_reftime > msg.m_xmt) 1565// return; /* invalid header values */ 1566 1567 p->lastpkt_status = msg.m_status; 1568 p->lastpkt_stratum = msg.m_stratum; 1569 p->lastpkt_rootdelay = sfp_to_d(msg.m_rootdelay); 1570 p->lastpkt_rootdisp = sfp_to_d(msg.m_rootdisp); 1571 p->lastpkt_refid = msg.m_refid; 1572 1573 /* 1574 * From RFC 2030 (with a correction to the delay math): 1575 * 1576 * Timestamp Name ID When Generated 1577 * ------------------------------------------------------------ 1578 * Originate Timestamp T1 time request sent by client 1579 * Receive Timestamp T2 time request received by server 1580 * Transmit Timestamp T3 time reply sent by server 1581 * Destination Timestamp T4 time reply received by client 1582 * 1583 * The roundtrip delay and local clock offset are defined as 1584 * 1585 * delay = (T4 - T1) - (T3 - T2); offset = ((T2 - T1) + (T3 - T4)) / 2 1586 */ 1587 T1 = p->p_xmttime; 1588 T2 = lfp_to_d(msg.m_rectime); 1589 T3 = lfp_to_d(msg.m_xmttime); 1590 T4 = G.cur_time; 1591 1592 p->lastpkt_recv_time = T4; 1593 1594 VERB5 bb_error_msg("%s->lastpkt_recv_time=%f", p->p_dotted, p->lastpkt_recv_time); 1595 p->datapoint_idx = p->reachable_bits ? (p->datapoint_idx + 1) % NUM_DATAPOINTS : 0; 1596 datapoint = &p->filter_datapoint[p->datapoint_idx]; 1597 datapoint->d_recv_time = T4; 1598 datapoint->d_offset = ((T2 - T1) + (T3 - T4)) / 2; 1599 /* The delay calculation is a special case. In cases where the 1600 * server and client clocks are running at different rates and 1601 * with very fast networks, the delay can appear negative. In 1602 * order to avoid violating the Principle of Least Astonishment, 1603 * the delay is clamped not less than the system precision. 1604 */ 1605 p->lastpkt_delay = (T4 - T1) - (T3 - T2); 1606 if (p->lastpkt_delay < G_precision_sec) 1607 p->lastpkt_delay = G_precision_sec; 1608 datapoint->d_dispersion = LOG2D(msg.m_precision_exp) + G_precision_sec; 1609 if (!p->reachable_bits) { 1610 /* 1st datapoint ever - replicate offset in every element */ 1611 int i; 1612 for (i = 1; i < NUM_DATAPOINTS; i++) { 1613 p->filter_datapoint[i].d_offset = datapoint->d_offset; 1614 } 1615 } 1616 1617 p->reachable_bits |= 1; 1618 if ((MAX_VERBOSE && G.verbose) || (option_mask32 & OPT_w)) { 1619 bb_error_msg("reply from %s: reach 0x%02x offset %f delay %f status 0x%02x strat %d refid 0x%08x rootdelay %f", 1620 p->p_dotted, 1621 p->reachable_bits, 1622 datapoint->d_offset, 1623 p->lastpkt_delay, 1624 p->lastpkt_status, 1625 p->lastpkt_stratum, 1626 p->lastpkt_refid, 1627 p->lastpkt_rootdelay 1628 /* not shown: m_ppoll, m_precision_exp, m_rootdisp, 1629 * m_reftime, m_orgtime, m_rectime, m_xmttime 1630 */ 1631 ); 1632 } 1633 1634 /* Muck with statictics and update the clock */ 1635 filter_datapoints(p); 1636 q = select_and_cluster(); 1637 rc = -1; 1638 if (q) { 1639 rc = 0; 1640 if (!(option_mask32 & OPT_w)) { 1641 rc = update_local_clock(q); 1642 /* If drift is dangerously large, immediately 1643 * drop poll interval one step down. 1644 */ 1645 if (fabs(q->filter_offset) >= POLLDOWN_OFFSET) { 1646 VERB3 bb_error_msg("offset:%f > POLLDOWN_OFFSET", q->filter_offset); 1647 goto poll_down; 1648 } 1649 } 1650 } 1651 /* else: no peer selected, rc = -1: we want to poll more often */ 1652 1653 if (rc != 0) { 1654 /* Adjust the poll interval by comparing the current offset 1655 * with the clock jitter. If the offset is less than 1656 * the clock jitter times a constant, then the averaging interval 1657 * is increased, otherwise it is decreased. A bit of hysteresis 1658 * helps calm the dance. Works best using burst mode. 1659 */ 1660 VERB4 if (rc > 0) { 1661 bb_error_msg("offset:%f POLLADJ_GATE*discipline_jitter:%f poll:%s", 1662 q->filter_offset, POLLADJ_GATE * G.discipline_jitter, 1663 fabs(q->filter_offset) < POLLADJ_GATE * G.discipline_jitter 1664 ? "grows" : "falls" 1665 ); 1666 } 1667 if (rc > 0 && fabs(q->filter_offset) < POLLADJ_GATE * G.discipline_jitter) { 1668 /* was += G.poll_exp but it is a bit 1669 * too optimistic for my taste at high poll_exp's */ 1670 G.polladj_count += MINPOLL; 1671 if (G.polladj_count > POLLADJ_LIMIT) { 1672 G.polladj_count = 0; 1673 if (G.poll_exp < MAXPOLL) { 1674 G.poll_exp++; 1675 VERB3 bb_error_msg("polladj: discipline_jitter:%f ++poll_exp=%d", 1676 G.discipline_jitter, G.poll_exp); 1677 } 1678 } else { 1679 VERB3 bb_error_msg("polladj: incr:%d", G.polladj_count); 1680 } 1681 } else { 1682 G.polladj_count -= G.poll_exp * 2; 1683 if (G.polladj_count < -POLLADJ_LIMIT || G.poll_exp >= BIGPOLL) { 1684 poll_down: 1685 G.polladj_count = 0; 1686 if (G.poll_exp > MINPOLL) { 1687 llist_t *item; 1688 1689 G.poll_exp--; 1690 /* Correct p->next_action_time in each peer 1691 * which waits for sending, so that they send earlier. 1692 * Old pp->next_action_time are on the order 1693 * of t + (1 << old_poll_exp) + small_random, 1694 * we simply need to subtract ~half of that. 1695 */ 1696 for (item = G.ntp_peers; item != NULL; item = item->link) { 1697 peer_t *pp = (peer_t *) item->data; 1698 if (pp->p_fd < 0) 1699 pp->next_action_time -= (1 << G.poll_exp); 1700 } 1701 VERB3 bb_error_msg("polladj: discipline_jitter:%f --poll_exp=%d", 1702 G.discipline_jitter, G.poll_exp); 1703 } 1704 } else { 1705 VERB3 bb_error_msg("polladj: decr:%d", G.polladj_count); 1706 } 1707 } 1708 } 1709 1710 /* Decide when to send new query for this peer */ 1711 interval = poll_interval(0); 1712 1713 set_next_and_close_sock: 1714 set_next(p, interval); 1715 /* We do not expect any more packets from this peer for now. 1716 * Closing the socket informs kernel about it. 1717 * We open a new socket when we send a new query. 1718 */ 1719 close(p->p_fd); 1720 p->p_fd = -1; 1721 bail: 1722 return; 1723} 1724 1725#if ENABLE_FEATURE_NTPD_SERVER 1726static NOINLINE void 1727recv_and_process_client_pkt(void /*int fd*/) 1728{ 1729 ssize_t size; 1730 uint8_t version; 1731 len_and_sockaddr *to; 1732 struct sockaddr *from; 1733 msg_t msg; 1734 uint8_t query_status; 1735 l_fixedpt_t query_xmttime; 1736 1737 to = get_sock_lsa(G.listen_fd); 1738 from = xzalloc(to->len); 1739 1740 size = recv_from_to(G.listen_fd, &msg, sizeof(msg), MSG_DONTWAIT, from, &to->u.sa, to->len); 1741 if (size != NTP_MSGSIZE_NOAUTH && size != NTP_MSGSIZE) { 1742 char *addr; 1743 if (size < 0) { 1744 if (errno == EAGAIN) 1745 goto bail; 1746 bb_perror_msg_and_die("recv"); 1747 } 1748 addr = xmalloc_sockaddr2dotted_noport(from); 1749 bb_error_msg("malformed packet received from %s: size %u", addr, (int)size); 1750 free(addr); 1751 goto bail; 1752 } 1753 1754 query_status = msg.m_status; 1755 query_xmttime = msg.m_xmttime; 1756 1757 /* Build a reply packet */ 1758 memset(&msg, 0, sizeof(msg)); 1759 msg.m_status = G.stratum < MAXSTRAT ? G.ntp_status : LI_ALARM; 1760 msg.m_status |= (query_status & VERSION_MASK); 1761 msg.m_status |= ((query_status & MODE_MASK) == MODE_CLIENT) ? 1762 MODE_SERVER : MODE_SYM_PAS; 1763 msg.m_stratum = G.stratum; 1764 msg.m_ppoll = G.poll_exp; 1765 msg.m_precision_exp = G_precision_exp; 1766 /* this time was obtained between poll() and recv() */ 1767 msg.m_rectime = d_to_lfp(G.cur_time); 1768 msg.m_xmttime = d_to_lfp(gettime1900d()); /* this instant */ 1769 msg.m_reftime = d_to_lfp(G.reftime); 1770 msg.m_orgtime = query_xmttime; 1771 msg.m_rootdelay = d_to_sfp(G.rootdelay); 1772//simple code does not do this, fix simple code! 1773 msg.m_rootdisp = d_to_sfp(G.rootdisp); 1774 version = (query_status & VERSION_MASK); /* ... >> VERSION_SHIFT - done below instead */ 1775 msg.m_refid = G.refid; // (version > (3 << VERSION_SHIFT)) ? G.refid : G.refid3; 1776 1777 /* We reply from the local address packet was sent to, 1778 * this makes to/from look swapped here: */ 1779 do_sendto(G.listen_fd, 1780 /*from:*/ &to->u.sa, /*to:*/ from, /*addrlen:*/ to->len, 1781 &msg, size); 1782 1783 bail: 1784 free(to); 1785 free(from); 1786} 1787#endif 1788 1789/* Upstream ntpd's options: 1790 * 1791 * -4 Force DNS resolution of host names to the IPv4 namespace. 1792 * -6 Force DNS resolution of host names to the IPv6 namespace. 1793 * -a Require cryptographic authentication for broadcast client, 1794 * multicast client and symmetric passive associations. 1795 * This is the default. 1796 * -A Do not require cryptographic authentication for broadcast client, 1797 * multicast client and symmetric passive associations. 1798 * This is almost never a good idea. 1799 * -b Enable the client to synchronize to broadcast servers. 1800 * -c conffile 1801 * Specify the name and path of the configuration file, 1802 * default /etc/ntp.conf 1803 * -d Specify debugging mode. This option may occur more than once, 1804 * with each occurrence indicating greater detail of display. 1805 * -D level 1806 * Specify debugging level directly. 1807 * -f driftfile 1808 * Specify the name and path of the frequency file. 1809 * This is the same operation as the "driftfile FILE" 1810 * configuration command. 1811 * -g Normally, ntpd exits with a message to the system log 1812 * if the offset exceeds the panic threshold, which is 1000 s 1813 * by default. This option allows the time to be set to any value 1814 * without restriction; however, this can happen only once. 1815 * If the threshold is exceeded after that, ntpd will exit 1816 * with a message to the system log. This option can be used 1817 * with the -q and -x options. See the tinker command for other options. 1818 * -i jaildir 1819 * Chroot the server to the directory jaildir. This option also implies 1820 * that the server attempts to drop root privileges at startup 1821 * (otherwise, chroot gives very little additional security). 1822 * You may need to also specify a -u option. 1823 * -k keyfile 1824 * Specify the name and path of the symmetric key file, 1825 * default /etc/ntp/keys. This is the same operation 1826 * as the "keys FILE" configuration command. 1827 * -l logfile 1828 * Specify the name and path of the log file. The default 1829 * is the system log file. This is the same operation as 1830 * the "logfile FILE" configuration command. 1831 * -L Do not listen to virtual IPs. The default is to listen. 1832 * -n Don't fork. 1833 * -N To the extent permitted by the operating system, 1834 * run the ntpd at the highest priority. 1835 * -p pidfile 1836 * Specify the name and path of the file used to record the ntpd 1837 * process ID. This is the same operation as the "pidfile FILE" 1838 * configuration command. 1839 * -P priority 1840 * To the extent permitted by the operating system, 1841 * run the ntpd at the specified priority. 1842 * -q Exit the ntpd just after the first time the clock is set. 1843 * This behavior mimics that of the ntpdate program, which is 1844 * to be retired. The -g and -x options can be used with this option. 1845 * Note: The kernel time discipline is disabled with this option. 1846 * -r broadcastdelay 1847 * Specify the default propagation delay from the broadcast/multicast 1848 * server to this client. This is necessary only if the delay 1849 * cannot be computed automatically by the protocol. 1850 * -s statsdir 1851 * Specify the directory path for files created by the statistics 1852 * facility. This is the same operation as the "statsdir DIR" 1853 * configuration command. 1854 * -t key 1855 * Add a key number to the trusted key list. This option can occur 1856 * more than once. 1857 * -u user[:group] 1858 * Specify a user, and optionally a group, to switch to. 1859 * -v variable 1860 * -V variable 1861 * Add a system variable listed by default. 1862 * -x Normally, the time is slewed if the offset is less than the step 1863 * threshold, which is 128 ms by default, and stepped if above 1864 * the threshold. This option sets the threshold to 600 s, which is 1865 * well within the accuracy window to set the clock manually. 1866 * Note: since the slew rate of typical Unix kernels is limited 1867 * to 0.5 ms/s, each second of adjustment requires an amortization 1868 * interval of 2000 s. Thus, an adjustment as much as 600 s 1869 * will take almost 14 days to complete. This option can be used 1870 * with the -g and -q options. See the tinker command for other options. 1871 * Note: The kernel time discipline is disabled with this option. 1872 */ 1873 1874/* By doing init in a separate function we decrease stack usage 1875 * in main loop. 1876 */ 1877static NOINLINE void ntp_init(char **argv) 1878{ 1879 unsigned opts; 1880 llist_t *peers; 1881 1882 srandom(getpid()); 1883 1884 if (getuid()) 1885 bb_error_msg_and_die(bb_msg_you_must_be_root); 1886 1887 /* Set some globals */ 1888 G.stratum = MAXSTRAT; 1889 if (BURSTPOLL != 0) 1890 G.poll_exp = BURSTPOLL; /* speeds up initial sync */ 1891 G.last_script_run = G.reftime = G.last_update_recv_time = gettime1900d(); /* sets G.cur_time too */ 1892 1893 /* Parse options */ 1894 peers = NULL; 1895 opt_complementary = "dd:p::wn"; /* d: counter; p: list; -w implies -n */ 1896 opts = getopt32(argv, 1897 "nqNx" /* compat */ 1898 "wp:S:"IF_FEATURE_NTPD_SERVER("l") /* NOT compat */ 1899 "d" /* compat */ 1900 "46aAbgL", /* compat, ignored */ 1901 &peers, &G.script_name, &G.verbose); 1902 if (!(opts & (OPT_p|OPT_l))) 1903 bb_show_usage(); 1904// if (opts & OPT_x) /* disable stepping, only slew is allowed */ 1905// G.time_was_stepped = 1; 1906 while (peers) 1907 add_peers(llist_pop(&peers)); 1908 if (!(opts & OPT_n)) { 1909 bb_daemonize_or_rexec(DAEMON_DEVNULL_STDIO, argv); 1910 logmode = LOGMODE_NONE; 1911 } 1912#if ENABLE_FEATURE_NTPD_SERVER 1913 G.listen_fd = -1; 1914 if (opts & OPT_l) { 1915 G.listen_fd = create_and_bind_dgram_or_die(NULL, 123); 1916 socket_want_pktinfo(G.listen_fd); 1917 setsockopt(G.listen_fd, IPPROTO_IP, IP_TOS, &const_IPTOS_LOWDELAY, sizeof(const_IPTOS_LOWDELAY)); 1918 } 1919#endif 1920 /* I hesitate to set -20 prio. -15 should be high enough for timekeeping */ 1921 if (opts & OPT_N) 1922 setpriority(PRIO_PROCESS, 0, -15); 1923 1924 bb_signals((1 << SIGTERM) | (1 << SIGINT), record_signo); 1925 /* Removed SIGHUP here: */ 1926 bb_signals((1 << SIGPIPE) | (1 << SIGCHLD), SIG_IGN); 1927} 1928 1929int ntpd_main(int argc UNUSED_PARAM, char **argv) MAIN_EXTERNALLY_VISIBLE; 1930int ntpd_main(int argc UNUSED_PARAM, char **argv) 1931{ 1932#undef G 1933 struct globals G; 1934 struct pollfd *pfd; 1935 peer_t **idx2peer; 1936 unsigned cnt; 1937 1938 memset(&G, 0, sizeof(G)); 1939 SET_PTR_TO_GLOBALS(&G); 1940 1941 ntp_init(argv); 1942 1943 /* If ENABLE_FEATURE_NTPD_SERVER, + 1 for listen_fd: */ 1944 cnt = G.peer_cnt + ENABLE_FEATURE_NTPD_SERVER; 1945 idx2peer = xzalloc(sizeof(idx2peer[0]) * cnt); 1946 pfd = xzalloc(sizeof(pfd[0]) * cnt); 1947 1948 /* Countdown: we never sync before we sent INITIAL_SAMLPES+1 1949 * packets to each peer. 1950 * NB: if some peer is not responding, we may end up sending 1951 * fewer packets to it and more to other peers. 1952 * NB2: sync usually happens using INITIAL_SAMLPES packets, 1953 * since last reply does not come back instantaneously. 1954 */ 1955 cnt = G.peer_cnt * (INITIAL_SAMLPES + 1); 1956 1957 while (!bb_got_signal) { 1958 llist_t *item; 1959 unsigned i, j; 1960 int nfds, timeout; 1961 double nextaction; 1962 1963 /* Nothing between here and poll() blocks for any significant time */ 1964 1965 nextaction = G.cur_time + 3600; 1966 1967 i = 0; 1968#if ENABLE_FEATURE_NTPD_SERVER 1969 if (G.listen_fd != -1) { 1970 pfd[0].fd = G.listen_fd; 1971 pfd[0].events = POLLIN; 1972 i++; 1973 } 1974#endif 1975 /* Pass over peer list, send requests, time out on receives */ 1976 for (item = G.ntp_peers; item != NULL; item = item->link) { 1977 peer_t *p = (peer_t *) item->data; 1978 1979 if (p->next_action_time <= G.cur_time) { 1980 if (p->p_fd == -1) { 1981 /* Time to send new req */ 1982 if (--cnt == 0) { 1983 G.initial_poll_complete = 1; 1984 } 1985 send_query_to_peer(p); 1986 } else { 1987 /* Timed out waiting for reply */ 1988 close(p->p_fd); 1989 p->p_fd = -1; 1990 timeout = poll_interval(-2); /* -2: try a bit sooner */ 1991 bb_error_msg("timed out waiting for %s, reach 0x%02x, next query in %us", 1992 p->p_dotted, p->reachable_bits, timeout); 1993 set_next(p, timeout); 1994 } 1995 } 1996 1997 if (p->next_action_time < nextaction) 1998 nextaction = p->next_action_time; 1999 2000 if (p->p_fd >= 0) { 2001 /* Wait for reply from this peer */ 2002 pfd[i].fd = p->p_fd; 2003 pfd[i].events = POLLIN; 2004 idx2peer[i] = p; 2005 i++; 2006 } 2007 } 2008 2009 timeout = nextaction - G.cur_time; 2010 if (timeout < 0) 2011 timeout = 0; 2012 timeout++; /* (nextaction - G.cur_time) rounds down, compensating */ 2013 2014 /* Here we may block */ 2015 VERB2 bb_error_msg("poll %us, sockets:%u, poll interval:%us", timeout, i, 1 << G.poll_exp); 2016 nfds = poll(pfd, i, timeout * 1000); 2017 gettime1900d(); /* sets G.cur_time */ 2018 if (nfds <= 0) { 2019 if (G.script_name && G.cur_time - G.last_script_run > 11*60) { 2020 /* Useful for updating battery-backed RTC and such */ 2021 run_script("periodic", G.last_update_offset); 2022 gettime1900d(); /* sets G.cur_time */ 2023 } 2024 continue; 2025 } 2026 2027 /* Process any received packets */ 2028 j = 0; 2029#if ENABLE_FEATURE_NTPD_SERVER 2030 if (G.listen_fd != -1) { 2031 if (pfd[0].revents /* & (POLLIN|POLLERR)*/) { 2032 nfds--; 2033 recv_and_process_client_pkt(/*G.listen_fd*/); 2034 gettime1900d(); /* sets G.cur_time */ 2035 } 2036 j = 1; 2037 } 2038#endif 2039 for (; nfds != 0 && j < i; j++) { 2040 if (pfd[j].revents /* & (POLLIN|POLLERR)*/) { 2041 nfds--; 2042 recv_and_process_peer_pkt(idx2peer[j]); 2043 gettime1900d(); /* sets G.cur_time */ 2044 } 2045 } 2046 } /* while (!bb_got_signal) */ 2047 2048 kill_myself_with_sig(bb_got_signal); 2049} 2050 2051 2052 2053 2054 2055 2056/*** openntpd-4.6 uses only adjtime, not adjtimex ***/ 2057 2058/*** ntp-4.2.6/ntpd/ntp_loopfilter.c - adjtimex usage ***/ 2059 2060#if 0 2061static double 2062direct_freq(double fp_offset) 2063{ 2064 2065#ifdef KERNEL_PLL 2066 /* 2067 * If the kernel is enabled, we need the residual offset to 2068 * calculate the frequency correction. 2069 */ 2070 if (pll_control && kern_enable) { 2071 memset(&ntv, 0, sizeof(ntv)); 2072 ntp_adjtime(&ntv); 2073#ifdef STA_NANO 2074 clock_offset = ntv.offset / 1e9; 2075#else /* STA_NANO */ 2076 clock_offset = ntv.offset / 1e6; 2077#endif /* STA_NANO */ 2078 drift_comp = FREQTOD(ntv.freq); 2079 } 2080#endif /* KERNEL_PLL */ 2081 set_freq((fp_offset - clock_offset) / (current_time - clock_epoch) + drift_comp); 2082 wander_resid = 0; 2083 return drift_comp; 2084} 2085 2086static void 2087set_freq(double freq) /* frequency update */ 2088{ 2089 char tbuf[80]; 2090 2091 drift_comp = freq; 2092 2093#ifdef KERNEL_PLL 2094 /* 2095 * If the kernel is enabled, update the kernel frequency. 2096 */ 2097 if (pll_control && kern_enable) { 2098 memset(&ntv, 0, sizeof(ntv)); 2099 ntv.modes = MOD_FREQUENCY; 2100 ntv.freq = DTOFREQ(drift_comp); 2101 ntp_adjtime(&ntv); 2102 snprintf(tbuf, sizeof(tbuf), "kernel %.3f PPM", drift_comp * 1e6); 2103 report_event(EVNT_FSET, NULL, tbuf); 2104 } else { 2105 snprintf(tbuf, sizeof(tbuf), "ntpd %.3f PPM", drift_comp * 1e6); 2106 report_event(EVNT_FSET, NULL, tbuf); 2107 } 2108#else /* KERNEL_PLL */ 2109 snprintf(tbuf, sizeof(tbuf), "ntpd %.3f PPM", drift_comp * 1e6); 2110 report_event(EVNT_FSET, NULL, tbuf); 2111#endif /* KERNEL_PLL */ 2112} 2113 2114... 2115... 2116... 2117 2118#ifdef KERNEL_PLL 2119 /* 2120 * This code segment works when clock adjustments are made using 2121 * precision time kernel support and the ntp_adjtime() system 2122 * call. This support is available in Solaris 2.6 and later, 2123 * Digital Unix 4.0 and later, FreeBSD, Linux and specially 2124 * modified kernels for HP-UX 9 and Ultrix 4. In the case of the 2125 * DECstation 5000/240 and Alpha AXP, additional kernel 2126 * modifications provide a true microsecond clock and nanosecond 2127 * clock, respectively. 2128 * 2129 * Important note: The kernel discipline is used only if the 2130 * step threshold is less than 0.5 s, as anything higher can 2131 * lead to overflow problems. This might occur if some misguided 2132 * lad set the step threshold to something ridiculous. 2133 */ 2134 if (pll_control && kern_enable) { 2135 2136#define MOD_BITS (MOD_OFFSET | MOD_MAXERROR | MOD_ESTERROR | MOD_STATUS | MOD_TIMECONST) 2137 2138 /* 2139 * We initialize the structure for the ntp_adjtime() 2140 * system call. We have to convert everything to 2141 * microseconds or nanoseconds first. Do not update the 2142 * system variables if the ext_enable flag is set. In 2143 * this case, the external clock driver will update the 2144 * variables, which will be read later by the local 2145 * clock driver. Afterwards, remember the time and 2146 * frequency offsets for jitter and stability values and 2147 * to update the frequency file. 2148 */ 2149 memset(&ntv, 0, sizeof(ntv)); 2150 if (ext_enable) { 2151 ntv.modes = MOD_STATUS; 2152 } else { 2153#ifdef STA_NANO 2154 ntv.modes = MOD_BITS | MOD_NANO; 2155#else /* STA_NANO */ 2156 ntv.modes = MOD_BITS; 2157#endif /* STA_NANO */ 2158 if (clock_offset < 0) 2159 dtemp = -.5; 2160 else 2161 dtemp = .5; 2162#ifdef STA_NANO 2163 ntv.offset = (int32)(clock_offset * 1e9 + dtemp); 2164 ntv.constant = sys_poll; 2165#else /* STA_NANO */ 2166 ntv.offset = (int32)(clock_offset * 1e6 + dtemp); 2167 ntv.constant = sys_poll - 4; 2168#endif /* STA_NANO */ 2169 ntv.esterror = (u_int32)(clock_jitter * 1e6); 2170 ntv.maxerror = (u_int32)((sys_rootdelay / 2 + sys_rootdisp) * 1e6); 2171 ntv.status = STA_PLL; 2172 2173 /* 2174 * Enable/disable the PPS if requested. 2175 */ 2176 if (pps_enable) { 2177 if (!(pll_status & STA_PPSTIME)) 2178 report_event(EVNT_KERN, 2179 NULL, "PPS enabled"); 2180 ntv.status |= STA_PPSTIME | STA_PPSFREQ; 2181 } else { 2182 if (pll_status & STA_PPSTIME) 2183 report_event(EVNT_KERN, 2184 NULL, "PPS disabled"); 2185 ntv.status &= ~(STA_PPSTIME | 2186 STA_PPSFREQ); 2187 } 2188 if (sys_leap == LEAP_ADDSECOND) 2189 ntv.status |= STA_INS; 2190 else if (sys_leap == LEAP_DELSECOND) 2191 ntv.status |= STA_DEL; 2192 } 2193 2194 /* 2195 * Pass the stuff to the kernel. If it squeals, turn off 2196 * the pps. In any case, fetch the kernel offset, 2197 * frequency and jitter. 2198 */ 2199 if (ntp_adjtime(&ntv) == TIME_ERROR) { 2200 if (!(ntv.status & STA_PPSSIGNAL)) 2201 report_event(EVNT_KERN, NULL, 2202 "PPS no signal"); 2203 } 2204 pll_status = ntv.status; 2205#ifdef STA_NANO 2206 clock_offset = ntv.offset / 1e9; 2207#else /* STA_NANO */ 2208 clock_offset = ntv.offset / 1e6; 2209#endif /* STA_NANO */ 2210 clock_frequency = FREQTOD(ntv.freq); 2211 2212 /* 2213 * If the kernel PPS is lit, monitor its performance. 2214 */ 2215 if (ntv.status & STA_PPSTIME) { 2216#ifdef STA_NANO 2217 clock_jitter = ntv.jitter / 1e9; 2218#else /* STA_NANO */ 2219 clock_jitter = ntv.jitter / 1e6; 2220#endif /* STA_NANO */ 2221 } 2222 2223#if defined(STA_NANO) && NTP_API == 4 2224 /* 2225 * If the TAI changes, update the kernel TAI. 2226 */ 2227 if (loop_tai != sys_tai) { 2228 loop_tai = sys_tai; 2229 ntv.modes = MOD_TAI; 2230 ntv.constant = sys_tai; 2231 ntp_adjtime(&ntv); 2232 } 2233#endif /* STA_NANO */ 2234 } 2235#endif /* KERNEL_PLL */ 2236#endif 2237