1/*
2 * ntp_timer.c - event timer support routines
3 */
4#ifdef HAVE_CONFIG_H
5# include <config.h>
6#endif
7
8#include "ntp_machine.h"
9#include "ntpd.h"
10#include "ntp_stdlib.h"
11#include "ntp_calendar.h"
12#include "ntp_leapsec.h"
13
14#if defined(HAVE_IO_COMPLETION_PORT)
15# include "ntp_iocompletionport.h"
16# include "ntp_timer.h"
17#endif
18
19#include <stdio.h>
20#include <signal.h>
21#ifdef HAVE_SYS_SIGNAL_H
22# include <sys/signal.h>
23#endif
24#ifdef HAVE_UNISTD_H
25# include <unistd.h>
26#endif
27
28#ifdef KERNEL_PLL
29#include "ntp_syscall.h"
30#endif /* KERNEL_PLL */
31
32#ifdef AUTOKEY
33#include <openssl/rand.h>
34#endif	/* AUTOKEY */
35
36
37/* TC_ERR represents the timer_create() error return value. */
38#ifdef SYS_VXWORKS
39#define	TC_ERR	ERROR
40#else
41#define	TC_ERR	(-1)
42#endif
43
44
45static void check_leapsec(u_int32, const time_t*, int/*BOOL*/);
46
47/*
48 * These routines provide support for the event timer.  The timer is
49 * implemented by an interrupt routine which sets a flag once every
50 * second, and a timer routine which is called when the mainline code
51 * gets around to seeing the flag.  The timer routine dispatches the
52 * clock adjustment code if its time has come, then searches the timer
53 * queue for expiries which are dispatched to the transmit procedure.
54 * Finally, we call the hourly procedure to do cleanup and print a
55 * message.
56 */
57volatile int interface_interval;     /* init_io() sets def. 300s */
58
59/*
60 * Initializing flag.  All async routines watch this and only do their
61 * thing when it is clear.
62 */
63int initializing;
64
65/*
66 * Alarm flag. The mainline code imports this.
67 */
68volatile int alarm_flag;
69
70/*
71 * The counters and timeouts
72 */
73static  u_long interface_timer;	/* interface update timer */
74static	u_long adjust_timer;	/* second timer */
75static	u_long stats_timer;	/* stats timer */
76static	u_long leapf_timer;	/* Report leapfile problems once/day */
77static	u_long huffpuff_timer;	/* huff-n'-puff timer */
78static	u_long worker_idle_timer;/* next check for idle intres */
79u_long	leapsec;	        /* seconds to next leap (proximity class) */
80int     leapdif;                /* TAI difference step at next leap second*/
81u_long	orphwait; 		/* orphan wait time */
82#ifdef AUTOKEY
83static	u_long revoke_timer;	/* keys revoke timer */
84static	u_long keys_timer;	/* session key timer */
85u_char	sys_revoke = KEY_REVOKE; /* keys revoke timeout (log2 s) */
86u_char	sys_automax = NTP_AUTOMAX; /* key list timeout (log2 s) */
87#endif	/* AUTOKEY */
88
89/*
90 * Statistics counter for the interested.
91 */
92volatile u_long alarm_overflow;
93
94u_long current_time;		/* seconds since startup */
95
96/*
97 * Stats.  Number of overflows and number of calls to transmit().
98 */
99u_long timer_timereset;
100u_long timer_overflows;
101u_long timer_xmtcalls;
102
103#if defined(VMS)
104static int vmstimer[2]; 	/* time for next timer AST */
105static int vmsinc[2];		/* timer increment */
106#endif /* VMS */
107
108#ifdef SYS_WINNT
109HANDLE WaitableTimerHandle;
110#else
111static	RETSIGTYPE alarming (int);
112#endif /* SYS_WINNT */
113
114#if !defined(VMS)
115# if !defined SYS_WINNT || defined(SYS_CYGWIN32)
116#  ifdef HAVE_TIMER_CREATE
117static timer_t timer_id;
118typedef struct itimerspec intervaltimer;
119#   define	itv_frac	tv_nsec
120#  else
121typedef struct itimerval intervaltimer;
122#   define	itv_frac	tv_usec
123#  endif
124intervaltimer itimer;
125# endif
126#endif
127
128#if !defined(SYS_WINNT) && !defined(VMS)
129void	set_timer_or_die(const intervaltimer *);
130#endif
131
132
133#if !defined(SYS_WINNT) && !defined(VMS)
134void
135set_timer_or_die(
136	const intervaltimer *	ptimer
137	)
138{
139	const char *	setfunc;
140	int		rc;
141
142# ifdef HAVE_TIMER_CREATE
143	setfunc = "timer_settime";
144	rc = timer_settime(timer_id, 0, &itimer, NULL);
145# else
146	setfunc = "setitimer";
147	rc = setitimer(ITIMER_REAL, &itimer, NULL);
148# endif
149	if (-1 == rc) {
150		msyslog(LOG_ERR, "interval timer %s failed, %m",
151			setfunc);
152		exit(1);
153	}
154}
155#endif	/* !SYS_WINNT && !VMS */
156
157
158/*
159 * reinit_timer - reinitialize interval timer after a clock step.
160 */
161void
162reinit_timer(void)
163{
164#if !defined(SYS_WINNT) && !defined(VMS)
165	ZERO(itimer);
166# ifdef HAVE_TIMER_CREATE
167	timer_gettime(timer_id, &itimer);
168# else
169	getitimer(ITIMER_REAL, &itimer);
170# endif
171	if (itimer.it_value.tv_sec < 0 ||
172	    itimer.it_value.tv_sec > (1 << EVENT_TIMEOUT))
173		itimer.it_value.tv_sec = (1 << EVENT_TIMEOUT);
174	if (itimer.it_value.itv_frac < 0)
175		itimer.it_value.itv_frac = 0;
176	if (0 == itimer.it_value.tv_sec &&
177	    0 == itimer.it_value.itv_frac)
178		itimer.it_value.tv_sec = (1 << EVENT_TIMEOUT);
179	itimer.it_interval.tv_sec = (1 << EVENT_TIMEOUT);
180	itimer.it_interval.itv_frac = 0;
181	set_timer_or_die(&itimer);
182# endif /* VMS */
183}
184
185
186/*
187 * init_timer - initialize the timer data structures
188 */
189void
190init_timer(void)
191{
192	/*
193	 * Initialize...
194	 */
195	alarm_flag = FALSE;
196	alarm_overflow = 0;
197	adjust_timer = 1;
198	stats_timer = SECSPERHR;
199	leapf_timer = SECSPERDAY;
200	huffpuff_timer = 0;
201	interface_timer = 0;
202	current_time = 0;
203	timer_overflows = 0;
204	timer_xmtcalls = 0;
205	timer_timereset = 0;
206
207#ifndef SYS_WINNT
208	/*
209	 * Set up the alarm interrupt.	The first comes 2**EVENT_TIMEOUT
210	 * seconds from now and they continue on every 2**EVENT_TIMEOUT
211	 * seconds.
212	 */
213# ifndef VMS
214#  ifdef HAVE_TIMER_CREATE
215	if (TC_ERR == timer_create(CLOCK_REALTIME, NULL, &timer_id)) {
216		msyslog(LOG_ERR, "timer_create failed, %m");
217		exit(1);
218	}
219#  endif
220	signal_no_reset(SIGALRM, alarming);
221	itimer.it_interval.tv_sec =
222		itimer.it_value.tv_sec = (1 << EVENT_TIMEOUT);
223	itimer.it_interval.itv_frac = itimer.it_value.itv_frac = 0;
224	set_timer_or_die(&itimer);
225# else	/* VMS follows */
226	vmsinc[0] = 10000000;		/* 1 sec */
227	vmsinc[1] = 0;
228	lib$emul(&(1<<EVENT_TIMEOUT), &vmsinc, &0, &vmsinc);
229
230	sys$gettim(&vmstimer);	/* that's "now" as abstime */
231
232	lib$addx(&vmsinc, &vmstimer, &vmstimer);
233	sys$setimr(0, &vmstimer, alarming, alarming, 0);
234# endif	/* VMS */
235#else	/* SYS_WINNT follows */
236	/*
237	 * Set up timer interrupts for every 2**EVENT_TIMEOUT seconds
238	 * Under Windows/NT,
239	 */
240
241	WaitableTimerHandle = CreateWaitableTimer(NULL, FALSE, NULL);
242	if (WaitableTimerHandle == NULL) {
243		msyslog(LOG_ERR, "CreateWaitableTimer failed: %m");
244		exit(1);
245	}
246	else {
247		DWORD		Period;
248		LARGE_INTEGER	DueTime;
249		BOOL		rc;
250
251		Period = (1 << EVENT_TIMEOUT) * 1000;
252		DueTime.QuadPart = Period * 10000i64;
253		rc = SetWaitableTimer(WaitableTimerHandle, &DueTime,
254				      Period, NULL, NULL, FALSE);
255		if (!rc) {
256			msyslog(LOG_ERR, "SetWaitableTimer failed: %m");
257			exit(1);
258		}
259	}
260
261#endif	/* SYS_WINNT */
262}
263
264
265/*
266 * intres_timeout_req(s) is invoked in the parent to schedule an idle
267 * timeout to fire in s seconds, if not reset earlier by a call to
268 * intres_timeout_req(0), which clears any pending timeout.  When the
269 * timeout expires, worker_idle_timer_fired() is invoked (again, in the
270 * parent).
271 *
272 * sntp and ntpd each provide implementations adapted to their timers.
273 */
274void
275intres_timeout_req(
276	u_int	seconds		/* 0 cancels */
277	)
278{
279#if defined(HAVE_DROPROOT) && defined(NEED_EARLY_FORK)
280	if (droproot) {
281		worker_idle_timer = 0;
282		return;
283	}
284#endif
285	if (0 == seconds) {
286		worker_idle_timer = 0;
287		return;
288	}
289	worker_idle_timer = current_time + seconds;
290}
291
292
293/*
294 * timer - event timer
295 */
296void
297timer(void)
298{
299	struct peer *	p;
300	struct peer *	next_peer;
301	l_fp		now;
302	time_t          tnow;
303
304	/*
305	 * The basic timerevent is one second.  This is used to adjust the
306	 * system clock in time and frequency, implement the kiss-o'-death
307	 * function and the association polling function.
308	 */
309	current_time++;
310	if (adjust_timer <= current_time) {
311		adjust_timer += 1;
312		adj_host_clock();
313#ifdef REFCLOCK
314		for (p = peer_list; p != NULL; p = next_peer) {
315			next_peer = p->p_link;
316			if (FLAG_REFCLOCK & p->flags)
317				refclock_timer(p);
318		}
319#endif /* REFCLOCK */
320	}
321
322	/*
323	 * Now dispatch any peers whose event timer has expired. Be
324	 * careful here, since the peer structure might go away as the
325	 * result of the call.
326	 */
327	for (p = peer_list; p != NULL; p = next_peer) {
328		next_peer = p->p_link;
329
330		/*
331		 * Restrain the non-burst packet rate not more
332		 * than one packet every 16 seconds. This is
333		 * usually tripped using iburst and minpoll of
334		 * 128 s or less.
335		 */
336		if (p->throttle > 0)
337			p->throttle--;
338		if (p->nextdate <= current_time) {
339#ifdef REFCLOCK
340			if (FLAG_REFCLOCK & p->flags)
341				refclock_transmit(p);
342			else
343#endif	/* REFCLOCK */
344				transmit(p);
345		}
346	}
347
348	/*
349	 * Orphan mode is active when enabled and when no servers less
350	 * than the orphan stratum are available. A server with no other
351	 * synchronization source is an orphan. It shows offset zero and
352	 * reference ID the loopback address.
353	 *
354	 * [bug 3644] If the orphan stratum is >= STRATUM_UNSPEC, we
355	 * have to do it a bit different. 'clock_select()' simply
356	 * tiptoed home, but since we're unsync'd and have no peer, we
357	 * should eventually declare we're out of sync. Otherwise we
358	 * would persistently claim we're good, and we're everything but
359	 * that...
360	 *
361	 * XXX: do we want to log an event about this?
362	 */
363	if (sys_peer == NULL && current_time > orphwait) {
364		if (sys_orphan < STRATUM_UNSPEC) {
365			if (sys_leap == LEAP_NOTINSYNC) {
366				set_sys_leap(LEAP_NOWARNING);
367#ifdef AUTOKEY
368				if (crypto_flags)
369					crypto_update();
370#endif	/* AUTOKEY */
371			}
372			sys_stratum = (u_char)sys_orphan;
373		} else {
374			if (sys_leap != LEAP_NOTINSYNC) {
375				set_sys_leap(LEAP_NOTINSYNC);
376				msyslog(LOG_WARNING, "%s",
377					"no peer for too long, server running free now");
378			}
379			sys_stratum = STRATUM_UNSPEC;
380		}
381		if (sys_stratum > 1)
382		    sys_refid = htonl(LOOPBACKADR);
383		else
384		    memcpy(&sys_refid, "LOOP", 4);
385		sys_offset = 0;
386		sys_rootdelay = 0;
387		sys_rootdisp = 0;
388	}
389
390	get_systime(&now);
391	time(&tnow);
392
393	/*
394	 * Leapseconds. Get time and defer to worker if either something
395	 * is imminent or every 8th second.
396	 */
397	if (leapsec > LSPROX_NOWARN || 0 == (current_time & 7))
398		check_leapsec(now.l_ui, &tnow,
399                                (sys_leap == LEAP_NOTINSYNC));
400        if (sys_leap != LEAP_NOTINSYNC) {
401                if (leapsec >= LSPROX_ANNOUNCE && leapdif) {
402		        if (leapdif > 0)
403			        set_sys_leap(LEAP_ADDSECOND);
404		        else
405			        set_sys_leap(LEAP_DELSECOND);
406                } else {
407                        set_sys_leap(LEAP_NOWARNING);
408                }
409	}
410
411	/*
412	 * Update huff-n'-puff filter.
413	 */
414	if (huffpuff_timer <= current_time) {
415		huffpuff_timer += HUFFPUFF;
416		huffpuff();
417	}
418
419#ifdef AUTOKEY
420	/*
421	 * Garbage collect expired keys.
422	 */
423	if (keys_timer <= current_time) {
424		keys_timer += (1UL << sys_automax);
425		auth_agekeys();
426	}
427
428	/*
429	 * Generate new private value. This causes all associations
430	 * to regenerate cookies.
431	 */
432	if (revoke_timer && revoke_timer <= current_time) {
433		revoke_timer += (1UL << sys_revoke);
434		RAND_bytes((u_char *)&sys_private, 4);
435	}
436#endif	/* AUTOKEY */
437
438	/*
439	 * Interface update timer
440	 */
441	if (interface_interval && interface_timer <= current_time) {
442		timer_interfacetimeout(current_time +
443		    interface_interval);
444		DPRINTF(2, ("timer: interface update\n"));
445		interface_update(NULL, NULL);
446	}
447
448	if (worker_idle_timer && worker_idle_timer <= current_time)
449		worker_idle_timer_fired();
450
451	/*
452	 * Finally, write hourly stats and do the hourly
453	 * and daily leapfile checks.
454	 */
455	if (stats_timer <= current_time) {
456		stats_timer += SECSPERHR;
457		write_stats();
458		if (leapf_timer <= current_time) {
459			leapf_timer += SECSPERDAY;
460			check_leap_file(TRUE, now.l_ui, &tnow);
461		} else {
462			check_leap_file(FALSE, now.l_ui, &tnow);
463		}
464	}
465}
466
467
468#ifndef SYS_WINNT
469/*
470 * alarming - tell the world we've been alarmed
471 */
472static RETSIGTYPE
473alarming(
474	int sig
475	)
476{
477# ifdef DEBUG
478	const char *msg = "alarming: initializing TRUE\n";
479# endif
480
481	if (!initializing) {
482		if (alarm_flag) {
483			alarm_overflow++;
484# ifdef DEBUG
485			msg = "alarming: overflow\n";
486# endif
487		} else {
488# ifndef VMS
489			alarm_flag++;
490# else
491			/* VMS AST routine, increment is no good */
492			alarm_flag = 1;
493# endif
494# ifdef DEBUG
495			msg = "alarming: normal\n";
496# endif
497		}
498	}
499# ifdef VMS
500	lib$addx(&vmsinc, &vmstimer, &vmstimer);
501	sys$setimr(0, &vmstimer, alarming, alarming, 0);
502# endif
503# ifdef DEBUG
504	if (debug >= 4)
505		(void)(-1 == write(1, msg, strlen(msg)));
506# endif
507}
508#endif /* SYS_WINNT */
509
510
511void
512timer_interfacetimeout(u_long timeout)
513{
514	interface_timer = timeout;
515}
516
517
518/*
519 * timer_clr_stats - clear timer module stat counters
520 */
521void
522timer_clr_stats(void)
523{
524	timer_overflows = 0;
525	timer_xmtcalls = 0;
526	timer_timereset = current_time;
527}
528
529
530static void
531check_leap_sec_in_progress( const leap_result_t *lsdata ) {
532	int prv_leap_sec_in_progress = leap_sec_in_progress;
533	leap_sec_in_progress = lsdata->tai_diff && (lsdata->ddist < 3);
534
535	/* if changed we may have to update the leap status sent to clients */
536	if (leap_sec_in_progress != prv_leap_sec_in_progress)
537		set_sys_leap(sys_leap);
538}
539
540
541static void
542check_leapsec(
543	u_int32        now  ,
544	const time_t * tpiv ,
545        int/*BOOL*/    reset)
546{
547	static const char leapmsg_p_step[] =
548	    "Positive leap second, stepped backward.";
549	static const char leapmsg_p_slew[] =
550	    "Positive leap second, no step correction. "
551	    "System clock will be inaccurate for a long time.";
552
553	static const char leapmsg_n_step[] =
554	    "Negative leap second, stepped forward.";
555	static const char leapmsg_n_slew[] =
556	    "Negative leap second, no step correction. "
557	    "System clock will be inaccurate for a long time.";
558
559	leap_result_t lsdata;
560	u_int32       lsprox;
561#ifdef AUTOKEY
562	int/*BOOL*/   update_autokey = FALSE;
563#endif
564
565#ifndef SYS_WINNT  /* WinNT port has its own leap second handling */
566# ifdef KERNEL_PLL
567	leapsec_electric(pll_control && kern_enable);
568# else
569	leapsec_electric(0);
570# endif
571#endif
572#ifdef LEAP_SMEAR
573	leap_smear.enabled = leap_smear_intv != 0;
574#endif
575	if (reset) {
576		lsprox = LSPROX_NOWARN;
577		leapsec_reset_frame();
578		memset(&lsdata, 0, sizeof(lsdata));
579	} else {
580	  int fired;
581
582	  fired = leapsec_query(&lsdata, now, tpiv);
583
584	  DPRINTF(3, ("*** leapsec_query: fired %i, now %u (0x%08X), tai_diff %i, ddist %u\n",
585		  fired, now, now, lsdata.tai_diff, lsdata.ddist));
586
587#ifdef LEAP_SMEAR
588	  leap_smear.in_progress = 0;
589	  leap_smear.doffset = 0.0;
590
591	  if (leap_smear.enabled) {
592		if (lsdata.tai_diff) {
593			if (leap_smear.interval == 0) {
594				leap_smear.interval = leap_smear_intv;
595				leap_smear.intv_end = lsdata.ttime.Q_s;
596				leap_smear.intv_start = leap_smear.intv_end - leap_smear.interval;
597				DPRINTF(1, ("*** leapsec_query: setting leap_smear interval %li, begin %.0f, end %.0f\n",
598					leap_smear.interval, leap_smear.intv_start, leap_smear.intv_end));
599			}
600		} else {
601			if (leap_smear.interval)
602				DPRINTF(1, ("*** leapsec_query: clearing leap_smear interval\n"));
603			leap_smear.interval = 0;
604		}
605
606		if (leap_smear.interval) {
607			double dtemp = now;
608			if (dtemp >= leap_smear.intv_start && dtemp <= leap_smear.intv_end) {
609				double leap_smear_time = dtemp - leap_smear.intv_start;
610				/*
611				 * For now we just do a linear interpolation over the smear interval
612				 */
613#if 0
614				// linear interpolation
615				leap_smear.doffset = -(leap_smear_time * lsdata.tai_diff / leap_smear.interval);
616#else
617				// Google approach: lie(t) = (1.0 - cos(pi * t / w)) / 2.0
618				leap_smear.doffset = -((double) lsdata.tai_diff - cos( M_PI * leap_smear_time / leap_smear.interval)) / 2.0;
619#endif
620				/*
621				 * TODO see if we're inside an inserted leap second, so we need to compute
622				 * leap_smear.doffset = 1.0 - leap_smear.doffset
623				 */
624				leap_smear.in_progress = 1;
625#if 0 && defined( DEBUG )
626				msyslog(LOG_NOTICE, "*** leapsec_query: [%.0f:%.0f] (%li), now %u (%.0f), smear offset %.6f ms\n",
627					leap_smear.intv_start, leap_smear.intv_end, leap_smear.interval,
628					now, leap_smear_time, leap_smear.doffset);
629#else
630				DPRINTF(1, ("*** leapsec_query: [%.0f:%.0f] (%li), now %u (%.0f), smear offset %.6f ms\n",
631					leap_smear.intv_start, leap_smear.intv_end, leap_smear.interval,
632					now, leap_smear_time, leap_smear.doffset));
633#endif
634
635			}
636		}
637	  }
638	  else
639		leap_smear.interval = 0;
640
641	  /*
642	   * Update the current leap smear offset, eventually 0.0 if outside smear interval.
643	   */
644	  DTOLFP(leap_smear.doffset, &leap_smear.offset);
645
646#endif	/* LEAP_SMEAR */
647
648	  if (fired) {
649		/* Full hit. Eventually step the clock, but always
650		 * announce the leap event has happened.
651		 */
652		const char *leapmsg = NULL;
653		double      lswarp  = lsdata.warped;
654		if (lswarp < 0.0) {
655			if (clock_max_back > 0.0 &&
656			    clock_max_back < -lswarp) {
657				step_systime(lswarp);
658				leapmsg = leapmsg_p_step;
659			} else {
660				leapmsg = leapmsg_p_slew;
661			}
662		} else 	if (lswarp > 0.0) {
663			if (clock_max_fwd > 0.0 &&
664			    clock_max_fwd < lswarp) {
665				step_systime(lswarp);
666				leapmsg = leapmsg_n_step;
667			} else {
668				leapmsg = leapmsg_n_slew;
669			}
670		}
671		if (leapmsg)
672			msyslog(LOG_NOTICE, "%s", leapmsg);
673		report_event(EVNT_LEAP, NULL, NULL);
674#ifdef AUTOKEY
675		update_autokey = TRUE;
676#endif
677		lsprox  = LSPROX_NOWARN;
678		leapsec = LSPROX_NOWARN;
679		sys_tai = lsdata.tai_offs;
680	  } else {
681#ifdef AUTOKEY
682		  update_autokey = (sys_tai != (u_int)lsdata.tai_offs);
683#endif
684		  lsprox  = lsdata.proximity;
685		  sys_tai = lsdata.tai_offs;
686	  }
687	}
688
689	/* We guard against panic alarming during the red alert phase.
690	 * Strange and evil things might happen if we go from stone cold
691	 * to piping hot in one step. If things are already that wobbly,
692	 * we let the normal clock correction take over, even if a jump
693	 * is involved.
694         * Also make sure the alarming events are edge-triggered, that is,
695         * ceated only when the threshold is crossed.
696         */
697	if (  (leapsec > 0 || lsprox < LSPROX_ALERT)
698	    && leapsec < lsprox                     ) {
699		if (  leapsec < LSPROX_SCHEDULE
700                   && lsprox >= LSPROX_SCHEDULE) {
701			if (lsdata.dynamic)
702				report_event(PEVNT_ARMED, sys_peer, NULL);
703			else
704				report_event(EVNT_ARMED, NULL, NULL);
705		}
706		leapsec = lsprox;
707	}
708	if (leapsec > lsprox) {
709		if (  leapsec >= LSPROX_SCHEDULE
710                   && lsprox   < LSPROX_SCHEDULE) {
711			report_event(EVNT_DISARMED, NULL, NULL);
712		}
713		leapsec = lsprox;
714	}
715
716	if (leapsec >= LSPROX_SCHEDULE)
717		leapdif = lsdata.tai_diff;
718	else
719		leapdif = 0;
720
721	check_leap_sec_in_progress(&lsdata);
722
723#ifdef AUTOKEY
724	if (update_autokey)
725		crypto_update_taichange();
726#endif
727}
728