upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge conflicts with the import of 4.0.99b.

Browse source
This commit is contained in:
Ollivier Robert 2000-01-28 15:02:35 +00:00
parent 4edd720b8a
commit b073df1269
1 changed files with 267 additions and 227 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

494
contrib/ntp/ntpd/ntp_proto.c
View file

@ -72,6 +72,7 @@ static double clock_combine P((struct peer **, int));
static void peer_xmit P((struct peer *));
static void fast_xmit P((struct recvbuf *, int, u_long));
static void clock_update P((void));
int default_get_precision P((void));
#ifdef MD5
static void make_keylist P((struct peer *));
#endif /* MD5 */
@ -102,8 +103,8 @@ transmit(
peer->valid++;
if (oreach & 0x80)
peer->valid--;
if (!(peer->flags & FLAG_CONFIG) &&
peer->valid > NTP_SHIFT / 2 && (peer->reach & 0x80) &&
if (!(peer->flags & FLAG_CONFIG) && peer->valid >
NTP_SHIFT / 2 && (peer->reach & 0x80) &&
peer->status < CTL_PST_SEL_SYNCCAND)
peer->reach = 0;
peer->reach <<= 1;
@ -261,8 +262,8 @@ receive(
if (PKT_MODE(pkt->li_vn_mode) == MODE_PRIVATE) {
if (restrict_mask & RES_NOQUERY)
return;
process_private(rbufp, ((restrict_mask & RES_NOMODIFY) ==
0));
process_private(rbufp, ((restrict_mask &
RES_NOMODIFY) == 0));
return;
}
if (PKT_MODE(pkt->li_vn_mode) == MODE_CONTROL) {
@ -291,17 +292,18 @@ receive(
/*
* If we are not a broadcast client, ignore broadcast packets.
*/
if ((PKT_MODE(pkt->li_vn_mode) == MODE_BROADCAST && !sys_bclient))
if ((PKT_MODE(pkt->li_vn_mode) == MODE_BROADCAST &&
!sys_bclient))
return;
/*
* This is really awful ugly. We figure out whether an extension
* field is present and then measure the MAC size. If the number
* of words following the packet header is less than or equal to
* 5, no extension field is present and these words constitute the
* MAC. If the number of words is greater than 5, an extension
* field is present and the first word contains the length of
* the extension field and the MAC follows that.
* 5, no extension field is present and these words constitute
* the MAC. If the number of words is greater than 5, an
* extension field is present and the first word contains the
* length of the extension field and the MAC follows that.
*/
has_mac = 0;
/* pkeyid = 0; */
@ -323,7 +325,8 @@ receive(
* MAC itself.
*/
/* pkeyid = (u_long)ntohl(pkt->keyid2) & 0xffffffff; */
skeyid = tkeyid = (u_long)ntohl(pkt->keyid3) & 0xffffffff;
skeyid = tkeyid = (u_long)ntohl(pkt->keyid3) &
0xffffffff;
}
/*
@ -366,11 +369,12 @@ receive(
/*
* For multicast mode, generate the session key
* and install in the key cache. For client mode,
* generate the session key for the unicast
* address. For server mode, the session key should
* already be in the key cache, since it was
* generated when the last request was sent.
* and install in the key cache. For client
* mode, generate the session key for the
* unicast address. For server mode, the session
* key should already be in the key cache, since
* it was generated when the last request was
* sent.
*/
if (hismode == MODE_BROADCAST) {
tkeyid = session_key(
@ -391,7 +395,8 @@ receive(
* Compute the cryptosum. Note a clogging attack may
* succceed in bloating the key cache.
*/
if (authdecrypt(skeyid, (u_int32 *)pkt, authlen, has_mac))
if (authdecrypt(skeyid, (u_int32 *)pkt, authlen,
has_mac))
is_authentic = 1;
else
sys_badauth++;
@ -411,137 +416,148 @@ receive(
peer = findpeer(&rbufp->recv_srcadr, rbufp->dstadr, rbufp->fd,
hismode, &retcode);
/*
* The new association matching rules are driven by a table specified
* in ntp.h. We have replaced the *default* behaviour of replying
* to bogus packets in server mode in this version.
* A packet must now match an association in order to be processed.
* In the event that no association exists, then an association is
* mobilized if need be. Two different associations can be mobilized
* a) passive associations
* b) client associations due to broadcasts or manycasts.
* The new association matching rules are driven by a table
* specified in ntp.h. We have replaced the *default* behaviour
* of replying to bogus packets in server mode in this version.
* A packet must now match an association in order to be
* processed. In the event that no association exists, then an
* association is mobilized if need be. Two different
* associations can be mobilized a) passive associations b)
* client associations due to broadcasts or manycasts.
*/
is_error = 0;
switch (retcode) {
case AM_FXMIT:
/*
* If the client is configured purely as a broadcast client and
* not as an manycast server, it has no business being a server.
* Simply go home. Otherwise, send a MODE_SERVER response and go
* home. Note that we don't do a authentication check here,
* since we can't set the system clock; but, we do set the
* key ID to zero to tell the caller about this.
*/
if (!sys_bclient || sys_manycastserver) {
if (is_authentic)
fast_xmit(rbufp, MODE_SERVER, skeyid);
else
fast_xmit(rbufp, MODE_SERVER, 0);
}
/*
* We can't get here if an association is mobilized, so just
* toss the key, if appropriate.
*/
if (!is_mystic && skeyid > NTP_MAXKEY)
authtrust(skeyid, 0);
return;
/*
* If the client is configured purely as a broadcast
* client and not as an manycast server, it has no
* business being a server. Simply go home. Otherwise,
* send a MODE_SERVER response and go home. Note that we
* don't do a authentication check here, since we can't
* set the system clock; but, we do set the key ID to
* zero to tell the caller about this.
*/
if (!sys_bclient || sys_manycastserver) {
if (is_authentic)
fast_xmit(rbufp, MODE_SERVER, skeyid);
else
fast_xmit(rbufp, MODE_SERVER, 0);
}
/*
* We can't get here if an association is mobilized, so
* just toss the key, if appropriate.
*/
if (!is_mystic && skeyid > NTP_MAXKEY)
authtrust(skeyid, 0);
return;
case AM_MANYCAST:
/*
* This could be in response to a multicast packet sent by
* the "manycast" mode association. Find peer based on the
* originate timestamp in the packet. Note that we don't
* mobilize a new association, unless the packet is properly
* authenticated. The response must be properly authenticated
* and it's darn funny of the manycaster isn't around now.
*/
if ((sys_authenticate && !is_authentic)) {
is_error = 1;
break;
}
peer2 = (struct peer *)findmanycastpeer(&pkt->org);
if (peer2 == 0) {
is_error = 1;
break;
}
/*
* Create a new association and copy the peer variables to it.
* If something goes wrong, carefully pry the new association
* away and return its marbles to the candy store.
*/
peer = newpeer(&rbufp->recv_srcadr,
rbufp->dstadr, MODE_CLIENT, PKT_VERSION(pkt->li_vn_mode),
NTP_MINDPOLL, NTP_MAXDPOLL, 0, skeyid);
if (peer == 0) {
is_error = 1;
break;
}
peer_config_manycast(peer2, peer);
break;
/*
* This could be in response to a multicast packet sent
* by the "manycast" mode association. Find peer based
* on the originate timestamp in the packet. Note that
* we don't mobilize a new association, unless the
* packet is properly authenticated. The response must
* be properly authenticated and it's darn funny of the
* manycaster isn't around now.
*/
if ((sys_authenticate && !is_authentic)) {
is_error = 1;
break;
}
peer2 = (struct peer *)findmanycastpeer(&pkt->org);
if (peer2 == 0) {
is_error = 1;
break;
}
/*
* Create a new association and copy the peer variables
* to it. If something goes wrong, carefully pry the new
* association away and return its marbles to the candy
* store.
*/
peer = newpeer(&rbufp->recv_srcadr, rbufp->dstadr,
MODE_CLIENT, PKT_VERSION(pkt->li_vn_mode),
NTP_MINDPOLL, NTP_MAXDPOLL, 0, skeyid);
if (peer == 0) {
is_error = 1;
break;
}
peer_config_manycast(peer2, peer);
break;
case AM_ERR:
/*
* Something bad happened. Dirty floor will be mopped by the
* code at the end of this adventure.
*/
is_error = 1;
break;
/*
* Something bad happened. Dirty floor will be mopped by
* the code at the end of this adventure.
*/
is_error = 1;
break;
case AM_NEWPASS:
/*
* Okay, we're going to keep him around. Allocate him some
* memory. But, don't do that unless the packet is properly
* authenticated.
*/
if ((sys_authenticate && !is_authentic)) {
is_error = 1;
break;
}
peer = newpeer(&rbufp->recv_srcadr,
rbufp->dstadr, MODE_PASSIVE, PKT_VERSION(pkt->li_vn_mode),
NTP_MINDPOLL, NTP_MAXDPOLL, 0, skeyid);
break;
/*
* Okay, we're going to keep him around. Allocate him
* some memory. But, don't do that unless the packet is
* properly authenticated.
*/
if ((sys_authenticate && !is_authentic)) {
is_error = 1;
break;
}
peer = newpeer(&rbufp->recv_srcadr, rbufp->dstadr,
MODE_PASSIVE, PKT_VERSION(pkt->li_vn_mode),
NTP_MINDPOLL, NTP_MAXDPOLL, 0, skeyid);
break;
case AM_NEWBCL:
/*
* Broadcast client being set up now. Do this only if the
* packet is properly authenticated.
*/
if ((restrict_mask & RES_NOPEER) || !sys_bclient ||
(sys_authenticate && !is_authentic)) {
is_error = 1;
break;
}
peer = newpeer(&rbufp->recv_srcadr,
rbufp->dstadr, MODE_MCLIENT, PKT_VERSION(pkt->li_vn_mode),
NTP_MINDPOLL, NTP_MAXDPOLL, 0, skeyid);
if (peer == 0)
break;
peer->flags |= FLAG_MCAST1 | FLAG_MCAST2 | FLAG_BURST;
peer->hmode = MODE_CLIENT;
break;
/*
* Broadcast client being set up now. Do this only if
* the packet is properly authenticated.
*/
if ((restrict_mask & RES_NOPEER) || !sys_bclient ||
(sys_authenticate && !is_authentic)) {
is_error = 1;
break;
}
peer = newpeer(&rbufp->recv_srcadr, rbufp->dstadr,
MODE_MCLIENT, PKT_VERSION(pkt->li_vn_mode),
NTP_MINDPOLL, NTP_MAXDPOLL, 0, skeyid);
if (peer == 0)
break;
peer->flags |= FLAG_MCAST1 | FLAG_MCAST2 | FLAG_BURST;
peer->hmode = MODE_CLIENT;
break;
case AM_POSSBCL:
case AM_PROCPKT:
/*
* It seems like it is okay to process the packet now
*/
break;
/*
* It seems like it is okay to process the packet now
*/
break;
default:
/*
* shouldn't be getting here, but simply return anyway!
*/
is_error = 1;
/*
* shouldn't be getting here, but simply return anyway!
*/
is_error = 1;
}
if (is_error) {
/*
* Error stub. If we get here, something broke. We scuttle
* the autokey if necessary and sink the ship. This can
* occur only upon mobilization, so we can throw the
* structure away without fear of breaking anything.
* Error stub. If we get here, something broke. We
* scuttle the autokey if necessary and sink the ship.
* This can occur only upon mobilization, so we can
* throw the structure away without fear of breaking
* anything.
*/
if (!is_mystic && skeyid > NTP_MAXKEY)
authtrust(skeyid, 0);
@ -550,8 +566,8 @@ receive(
unpeer(peer);
#ifdef DEBUG
if (debug)
printf("match error code %d assoc %d\n", retcode,
peer_associations);
printf("match error code %d assoc %d\n",
retcode, peer_associations);
#endif
return;
}
@ -574,22 +590,23 @@ receive(
/*
* Determine if this guy is basically trustable. If not, flush
* the bugger. If this is the first packet that is authenticated,
* flush the clock filter. This is to foil clogging attacks that
* might starve the poor dear.
* the bugger. If this is the first packet that is
* authenticated, flush the clock filter. This is to foil
* clogging attacks that might starve the poor dear.
*/
peer->flash = 0;
if (is_authentic)
peer->flags |= FLAG_AUTHENTIC;
else
peer->flags &= ~FLAG_AUTHENTIC;
if (peer->hmode == MODE_BROADCAST && (restrict_mask & RES_DONTTRUST))
if (peer->hmode == MODE_BROADCAST && (restrict_mask &
RES_DONTTRUST))
peer->flash |= TEST10; /* access denied */
if (peer->flags & FLAG_AUTHENABLE) {
if (!(peer->flags & FLAG_AUTHENTIC))
peer->flash |= TEST5; /* authentication failed */
peer->flash |= TEST5; /* auth failed */
else if (skeyid == 0)
peer->flash |= TEST9; /* peer not authenticated */
peer->flash |= TEST9; /* peer not auth */
else if (!(oflags & FLAG_AUTHENABLE)) {
peer_clear(peer);
report_event(EVNT_PEERAUTH, peer);
@ -598,10 +615,10 @@ receive(
if ((peer->flash & ~(u_int)TEST9) != 0) {
/*
* The packet is bogus, so we throw it away before becoming
* a denial-of-service hazard. We don't throw the current
* association away if it is configured or if it has prior
* reachable friends.
* The packet is bogus, so we throw it away before
* becoming a denial-of-service hazard. We don't throw
* the current association away if it is configured or
* if it has prior reachable friends.
*/
if (!is_mystic && skeyid > NTP_MAXKEY)
authtrust(skeyid, 0);
@ -619,8 +636,8 @@ receive(
#ifdef MD5
/*
* The autokey dance. The cha-cha requires that the hash of the
* current session key matches the previous key identifier. Heaps
* of trouble if the steps falter.
* current session key matches the previous key identifier.
* Heaps of trouble if the steps falter.
*/
if (skeyid > NTP_MAXKEY) {
int i;
@ -635,7 +652,8 @@ receive(
} else if (peer->flags & FLAG_MCAST2) {
if (peer->pkeyid > NTP_MAXKEY)
authtrust(peer->pkeyid, 0);
for (i = 0; i < 4 && tkeyid != peer->pkeyid; i++) {
for (i = 0; i < 4 && tkeyid != peer->pkeyid;
i++) {
tkeyid = session_key(
ntohl((&rbufp->recv_srcadr)->sin_addr.s_addr),
ntohl(rbufp->dstadr->bcast.sin_addr.s_addr),
@ -644,7 +662,8 @@ receive(
} else {
if (peer->pkeyid > NTP_MAXKEY)
authtrust(peer->pkeyid, 0);
for (i = 0; i < 4 && tkeyid != peer->pkeyid; i++) {
for (i = 0; i < 4 && tkeyid != peer->pkeyid;
i++) {
tkeyid = session_key(
ntohl((&rbufp->recv_srcadr)->sin_addr.s_addr),
ntohl(rbufp->dstadr->sin.sin_addr.s_addr),
@ -660,9 +679,10 @@ receive(
#endif /* MD5 */
/*
* Gawdz, it's come to this. Process the dang packet. If something
* breaks and the association doesn't deserve to live, toss it.
* Be careful in active mode and return a packet anyway.
* Gawdz, it's come to this. Process the dang packet. If
* something breaks and the association doesn't deserve to live,
* toss it. Be careful in active mode and return a packet
* anyway.
*/
process_packet(peer, pkt, &(rbufp->recv_time));
if (!(peer->flags & FLAG_CONFIG) && peer->reach == 0) {
@ -812,15 +832,15 @@ process_packet(
p_disp = CLOCK_PHI * (peer->rec.l_ui - p_org.l_ui);
/*
* If running in a broadcast association, the clock offset is (t1
* - t0) corrected by the one-way delay, but we can't measure
* that directly; therefore, we start up in client/server mode,
* calculate the clock offset, using the engineered refinement
* algorithms, while also receiving broadcasts. When a broadcast
* is received in client/server mode, we calculate a correction
* factor to use after switching back to broadcast mode. We know
* NTP_SKEWFACTOR == 16, which accounts for the simplified ei
* calculation.
* If running in a broadcast association, the clock offset is
* (t1 - t0) corrected by the one-way delay, but we can't
* measure that directly; therefore, we start up in
* client/server mode, calculate the clock offset, using the
* engineered refinement algorithms, while also receiving
* broadcasts. When a broadcast is received in client/server
* mode, we calculate a correction factor to use after switching
* back to broadcast mode. We know NTP_SKEWFACTOR == 16, which
* accounts for the simplified ei calculation.
*
* If FLAG_MCAST2 is set, we are a broadcast/multicast client.
* If FLAG_MCAST1 is set, we haven't calculated the propagation
@ -870,7 +890,8 @@ process_packet(
clock_filter(peer, p_offset, p_del, fabs(p_disp));
clock_select();
record_peer_stats(&peer->srcadr, ctlpeerstatus(peer),
peer->offset, peer->delay, peer->disp, SQRT(peer->variance));
peer->offset, peer->delay, peer->disp,
SQRT(peer->variance));
return(1);
}
@ -943,7 +964,8 @@ clock_update(void)
else
sys_refid = sys_peer->srcadr.sin_addr.s_addr;
sys_reftime = sys_peer->rec;
sys_rootdelay = sys_peer->rootdelay + fabs(sys_peer->delay);
sys_rootdelay = sys_peer->rootdelay +
fabs(sys_peer->delay);
sys_leap = leap_consensus;
}
if (oleap != sys_leap)
@ -994,14 +1016,15 @@ poll_update(
else
peer->nextdate += RANDPOLL(BURST_INTERVAL1);
} else {
update = max(min(peer->ppoll, peer->hpoll), peer->minpoll);
update = max(min(peer->ppoll, peer->hpoll),
peer->minpoll);
peer->nextdate = peer->outdate + RANDPOLL(update);
}
#ifdef DEBUG
if (debug > 1)
printf("poll_update: at %lu %s poll %d burst %d last %lu next %lu\n",
current_time, ntoa(&peer->srcadr), hpoll, peer->burst,
peer->outdate, peer->nextdate);
current_time, ntoa(&peer->srcadr), hpoll,
peer->burst, peer->outdate, peer->nextdate);
#endif
}
@ -1081,7 +1104,8 @@ clock_filter(
*/
peer->filter_offset[peer->filter_nextpt] = sample_offset;
peer->filter_delay[peer->filter_nextpt] = sample_delay;
x = LOGTOD(peer->precision) + LOGTOD(sys_precision) + sample_disp;
x = LOGTOD(peer->precision) + LOGTOD(sys_precision) +
sample_disp;
peer->filter_disp[peer->filter_nextpt] = min(x, MAXDISPERSE);
peer->filter_epoch[peer->filter_nextpt] = current_time;
distance[0] = min(x + fabs(sample_delay) / 2, MAXDISTANCE);
@ -1117,7 +1141,8 @@ clock_filter(
x = NTP_FWEIGHT * (x + peer->filter_disp[ord[i]]);
if (i < n) {
z += 1. / distance[i];
off += peer->filter_offset[ord[i]] / distance[i];
off += peer->filter_offset[ord[i]] /
distance[i];
y += DIFF(peer->filter_offset[ord[i]],
peer->filter_offset[ord[0]]);
}
@ -1241,7 +1266,7 @@ clock_select(void)
peer->flags &= ~FLAG_SYSPEER;
peer->status = CTL_PST_SEL_REJECT;
if (peer->flags & FLAG_NOSELECT)
continue; /* noselect (survey only) */
continue; /* noselect (survey) */
if (peer->reach == 0)
continue; /* unreachable */
if (peer->stratum > 1 && peer->refid ==
@ -1250,7 +1275,7 @@ clock_select(void)
if (root_distance(peer) >= MAXDISTANCE + 2 *
CLOCK_PHI * ULOGTOD(sys_poll)) {
peer->seldisptoolarge++;
continue; /* too noisy or broken */
continue; /* noisy or broken */
}
/*
@ -1323,7 +1348,7 @@ clock_select(void)
if (debug > 1)
for (i = 0; i < nl3; i++)
printf("select: endpoint %2d %.6f\n",
endpoint[index[i]].type, endpoint[index[i]].val);
endpoint[index[i]].type, endpoint[index[i]].val);
#endif
i = 0;
j = nl3 - 1;
@ -1369,9 +1394,10 @@ clock_select(void)
} else {
if (sys_peer != 0) {
report_event(EVNT_PEERSTCHG,
(struct peer *)0);
(struct peer *)0);
NLOG(NLOG_SYNCSTATUS)
msyslog(LOG_INFO, "synchronisation lost");
msyslog(LOG_INFO,
"synchronisation lost");
}
sys_peer = 0;
return;
@ -1418,7 +1444,7 @@ clock_select(void)
if (debug > 1)
for (i = 0; i < nlist; i++)
printf("select: %s distance %.6f\n",
ntoa(&peer_list[i]->srcadr), synch[i]);
ntoa(&peer_list[i]->srcadr), synch[i]);
#endif
/*
@ -1508,7 +1534,8 @@ clock_select(void)
typesystem = peer_list[i];
if (peer_list[i]->flags & FLAG_PREFER) {
typeprefer = peer_list[i];
if (fabs(typeprefer->offset) < clock_max)
if (fabs(typeprefer->offset) <
clock_max)
pps_update = 1;
}
} else {
@ -1521,24 +1548,26 @@ clock_select(void)
* Mitigation rules of the game. There are several types of
* peers that make a difference here: (1) prefer local peers
* (type REFCLK_LOCALCLOCK with FLAG_PREFER) or prefer modem
* peers (type REFCLK_NIST_ATOM etc with FLAG_PREFER), (2) pps peers
* (type REFCLK_ATOM_PPS), (3) remaining prefer peers (flag
* FLAG_PREFER), (4) the existing system peer, if any, (5) the
* head of the survivor list. Note that only one peer can be
* peers (type REFCLK_NIST_ATOM etc with FLAG_PREFER), (2) pps
* peers (type REFCLK_ATOM_PPS), (3) remaining prefer peers
* (flag FLAG_PREFER), (4) the existing system peer, if any, (5)
* the head of the survivor list. Note that only one peer can be
* declared prefer. The order of preference is in the order
* stated. Note that all of these must be at the lowest stratum,
* i.e., the stratum of the head of the survivor list.
*/
osys_peer = sys_peer;
if (typeprefer && (typeprefer->refclktype == REFCLK_LOCALCLOCK ||
typeprefer->sstclktype == CTL_SST_TS_TELEPHONE || !typepps)) {
if (typeprefer && (typeprefer->refclktype == REFCLK_LOCALCLOCK
|| typeprefer->sstclktype == CTL_SST_TS_TELEPHONE ||
!typepps)) {
sys_peer = typeprefer;
sys_peer->status = CTL_PST_SEL_SYSPEER;
sys_offset = sys_peer->offset;
sys_epsil = sys_peer->variance;
#ifdef DEBUG
if (debug > 1)
printf("select: prefer offset %.6f\n", sys_offset);
printf("select: prefer offset %.6f\n",
sys_offset);
#endif
} else if (typepps && pps_update) {
sys_peer = typepps;
@ -1652,15 +1681,18 @@ peer_xmit(
if (peer->flags & FLAG_SKEY) {
/*
* In SKEY mode, allocate and initialize a key list if
* not already done. Then, use the list in inverse
* order, discarding keys once used. Keep the latest
* key around until the next one, so clients can use
* client/server packets to compute propagation delay.
* Note we have to wait until the receive side of the
* socket is bound and the server address confirmed.
* In autokey mode, allocate and initialize a
* key list if not already done. Then, use the
* list in inverse order, discarding keys once
* used. Keep the latest key around until the
* next one, so clients can use client/server
* packets to compute propagation delay. Note we
* have to wait until the receive side of the
* socket is bound and the server address
* confirmed.
*/
if (ntohl(peer->dstadr->sin.sin_addr.s_addr) == 0 &&
if (ntohl(peer->dstadr->sin.sin_addr.s_addr) ==
0 &&
ntohl(peer->dstadr->bcast.sin_addr.s_addr) == 0)
peer->keyid = 0;
else {
@ -1688,13 +1720,13 @@ peer_xmit(
get_systime(&peer->xmt);
L_ADD(&peer->xmt, &sys_authdelay);
HTONL_FP(&peer->xmt, &xpkt.xmt);
sendlen += authencrypt(xkeyid, (u_int32 *)&xpkt, sendlen);
sendlen += authencrypt(xkeyid, (u_int32 *)&xpkt,
sendlen);
get_systime(&xmt_tx);
sendpkt(&peer->srcadr, find_rtt ? any_interface :
peer->dstadr,
((peer->cast_flags & MDF_MCAST) && !find_rtt) ?
((peer->cast_flags & MDF_ACAST) ? -7 : peer->ttl) : -7,
&xpkt, sendlen);
peer->dstadr, ((peer->cast_flags & MDF_MCAST) &&
!find_rtt) ? ((peer->cast_flags & MDF_ACAST) ? -7 :
peer->ttl) : -7, &xpkt, sendlen);
/*
* Calculate the encryption delay. Keep the minimum over
@ -1712,9 +1744,9 @@ peer_xmit(
#ifdef DEBUG
if (debug)
printf(
"transmit: at %ld to %s mode %d keyid %08lx index %d\n",
current_time, ntoa(&peer->srcadr),
peer->hmode, xkeyid, peer->keynumber);
"transmit: at %ld to %s mode %d keyid %08lx index %d\n",
current_time, ntoa(&peer->srcadr),
peer->hmode, xkeyid, peer->keynumber);
#endif
} else {
/*
@ -1723,10 +1755,9 @@ peer_xmit(
get_systime(&(peer->xmt));
HTONL_FP(&peer->xmt, &xpkt.xmt);
sendpkt(&(peer->srcadr), find_rtt ? any_interface :
peer->dstadr,
((peer->cast_flags & MDF_MCAST) && !find_rtt) ?
((peer->cast_flags & MDF_ACAST) ? -7 : peer->ttl) : -8,
&xpkt, sendlen);
peer->dstadr, ((peer->cast_flags & MDF_MCAST) &&
!find_rtt) ? ((peer->cast_flags & MDF_ACAST) ? -7 :
peer->ttl) : -8, &xpkt, sendlen);
peer->sent++;
#ifdef DEBUG
if (debug)
@ -1785,10 +1816,11 @@ fast_xmit(
get_systime(&xmt_ts);
L_ADD(&xmt_ts, &sys_authdelay);
HTONL_FP(&xmt_ts, &xpkt.xmt);
sendlen += authencrypt(xkeyid, (u_int32 *)&xpkt, sendlen);
sendlen += authencrypt(xkeyid, (u_int32 *)&xpkt,
sendlen);
get_systime(&xmt_tx);
sendpkt(&rbufp->recv_srcadr, rbufp->dstadr, -9, &xpkt,
sendlen);
sendlen);
/*
* Calculate the encryption delay. Keep the minimum over
@ -1805,9 +1837,9 @@ fast_xmit(
#ifdef DEBUG
if (debug)
printf(
"transmit: at %ld to %s mode %d keyid %08lx\n",
current_time, ntoa(&rbufp->recv_srcadr),
xmode, xkeyid);
"transmit: at %ld to %s mode %d keyid %08lx\n",
current_time, ntoa(&rbufp->recv_srcadr),
xmode, xkeyid);
#endif
} else {
@ -1870,15 +1902,14 @@ make_keylist(
peer->keylist[i] = keyid;
peer->keynumber = i;
keyid = session_key(
ntohl(peer->dstadr->sin.sin_addr.s_addr),
(peer->hmode == MODE_BROADCAST || (peer->flags &
FLAG_MCAST2)) ?
ntohl(peer->dstadr->bcast.sin_addr.s_addr):
ntohl(peer->srcadr.sin_addr.s_addr),
keyid, ltemp);
ntohl(peer->dstadr->sin.sin_addr.s_addr),
(peer->hmode == MODE_BROADCAST || (peer->flags &
FLAG_MCAST2)) ?
ntohl(peer->dstadr->bcast.sin_addr.s_addr):
ntohl(peer->srcadr.sin_addr.s_addr), keyid, ltemp);
ltemp -= 1 << peer->hpoll;
if (auth_havekey(keyid) || keyid <= NTP_MAXKEY ||
ltemp <= (1 << (peer->hpoll + 1)))
ltemp <= (1 << (peer->hpoll + 1)))
break;
}
}
@ -1933,17 +1964,15 @@ default_get_precision(void)
* which drives our timekeeping
*/
j = sizeof freq;
i = sysctlbyname("kern.timecounter.frequency",
&freq, &j , 0, 0);
i = sysctlbyname("kern.timecounter.frequency", &freq, &j , 0,
0);
if (i)
i = sysctlbyname("machdep.tsc_freq",
&freq, &j , 0, 0);
i = sysctlbyname("machdep.tsc_freq", &freq, &j , 0, 0);
if (i)
i = sysctlbyname("machdep.i586_freq",
&freq, &j , 0, 0);
i = sysctlbyname("machdep.i586_freq", &freq, &j , 0, 0);
if (i)
i = sysctlbyname("machdep.i8254_freq",
&freq, &j , 0, 0);
i = sysctlbyname("machdep.i8254_freq", &freq, &j , 0,
0);
if (!i) {
for (i = 1; freq ; i--)
freq >>= 1;
@ -1979,7 +2008,7 @@ default_get_precision(void)
val = diff;
}
}
NLOG(NLOG_SYSINFO) /* conditional if clause for conditional syslog */
NLOG(NLOG_SYSINFO)
msyslog(LOG_INFO, "precision = %ld usec", val);
if (usec >= HUSECS)
val = MINSTEP; /* val <= MINSTEP; fast machine */
@ -2044,9 +2073,9 @@ init_proto(void)
* Some system clocks should only be adjusted in 10ms increments.
*/
#if defined RELIANTUNIX_CLOCK
systime_10ms_ticks = 1; /* Reliant UNIX */
systime_10ms_ticks = 1; /* Reliant UNIX */
#elif defined SCO5_CLOCK
if (sys_precision >= (s_char)-10) /* pre- SCO OpenServer 5.0.6 */
if (sys_precision >= (s_char)-10) /* pre-SCO OpenServer 5.0.6 */
systime_10ms_ticks = 1;
#endif
if (systime_10ms_ticks)
@ -2068,21 +2097,24 @@ proto_config(
* Figure out what he wants to change, then do it
*/
switch (item) {
case PROTO_KERNEL:
case PROTO_KERNEL:
/*
* Turn on/off kernel discipline
*/
kern_enable = (int)value;
break;
case PROTO_NTP:
case PROTO_NTP:
/*
* Turn on/off clock discipline
*/
ntp_enable = (int)value;
break;
case PROTO_MONITOR:
case PROTO_MONITOR:
/*
* Turn on/off monitoring
*/
@ -2092,14 +2124,16 @@ proto_config(
mon_stop(MON_ON);
break;
case PROTO_FILEGEN:
case PROTO_FILEGEN:
/*
* Turn on/off statistics
*/
stats_control = (int)value;
break;
case PROTO_BROADCLIENT:
case PROTO_BROADCLIENT:
/*
* Turn on/off facility to listen to broadcasts
*/
@ -2110,39 +2144,45 @@ proto_config(
io_unsetbclient();
break;
case PROTO_MULTICAST_ADD:
case PROTO_MULTICAST_ADD:
/*
* Add muliticast group address
*/
io_multicast_add(value);
break;
case PROTO_MULTICAST_DEL:
case PROTO_MULTICAST_DEL:
/*
* Delete multicast group address
*/
io_multicast_del(value);
break;
case PROTO_BROADDELAY:
case PROTO_BROADDELAY:
/*
* Set default broadcast delay
*/
sys_bdelay = dvalue;
break;
case PROTO_AUTHENTICATE:
case PROTO_AUTHENTICATE:
/*
* Specify the use of authenticated data
*/
sys_authenticate = (int)value;
break;
default:
default:
/*
* Log this error
*/
msyslog(LOG_ERR, "proto_config: illegal item %d, value %ld",
msyslog(LOG_ERR,
"proto_config: illegal item %d, value %ld",
item, value);
break;
}