| blob | d1ac8cb681b115e224e3257d0ca8a61161a8e73c |
1 /* $NetBSD$ */
3 /*
4 * ntp_proto.c - NTP version 4 protocol machinery
5 *
6 * ATTENTION: Get approval from Dave Mills on all changes to this file!
7 *
8 */
9 #ifdef HAVE_CONFIG_H
10 #include <config.h>
11 #endif
19 #include <stdio.h>
20 #ifdef HAVE_LIBSCF_H
21 #include <libscf.h>
22 #include <unistd.h>
28 #endif
30 /*
31 * This macro defines the authentication state. If x is 1 authentication
32 * is required; othewise it is optional.
33 */
34 #define AUTH(x, y) ((x) ? (y) == AUTH_OK : (y) == AUTH_OK || \
35 (y) == AUTH_NONE)
42 /*
43 * traffic shaping parameters
44 */
48 /*
49 * System variables are declared here. Unless specified otherwise, all
50 * times are in seconds.
51 */
61 /*
62 * Rate controls. Leaky buckets are used to throttle the packet
63 * transmission rates in order to protect busy servers such as at NIST
64 * and USNO. There is a counter for each association and another for KoD
65 * packets. The association counter decrements each second, but not
66 * below zero. Each time a packet is sent the counter is incremented by
67 * a configurable value representing the average interval between
68 * packets. A packet is delayed as long as the counter is greater than
69 * zero. Note this does not affect the time value computations.
70 */
71 /*
72 * Nonspecified system state variables
73 */
94 /*
95 * TOS and multicast mapping stuff
96 */
108 /*
109 * Statistics counters - first the good, then the bad
110 */
133 /*
134 * transmit - transmit procedure called by poll timeout
135 */
136 void
139 )
140 {
143 /*
144 * The polling state machine. There are two kinds of machines,
145 * those that never expect a reply (broadcast and manycast
146 * server modes) and those that do (all other modes). The dance
147 * is intricate...
148 */
151 /*
152 * In broadcast mode the poll interval is never changed from
153 * minpoll.
154 */
161 }
163 /*
164 * In manycast mode we start with unity ttl. The ttl is
165 * increased by one for each poll until either sys_maxclock
166 * servers have been found or the maximum ttl is reached. When
167 * sys_maxclock servers are found we stop polling until one or
168 * more servers have timed out or until less than minpoll
169 * associations turn up. In this case additional better servers
170 * are dragged in and preempt the existing ones.
171 */
183 }
187 }
189 /*
190 * In unicast modes the dance is much more intricate. It is
191 * desigmed to back off whenever possible to minimize network
192 * traffic.
193 */
195 u_char oreach;
197 /*
198 * Update the reachability status. If not heard for
199 * three consecutive polls, stuff infinity in the clock
200 * filter.
201 */
210 /*
211 * Here the peer is unreachable. If it was
212 * previously reachable raise a trap. Send a
213 * burst if enabled.
214 */
222 /*
223 * Here the peer is reachable. Send a burst if
224 * enabled and the peer is fit.
225 */
233 }
235 /*
236 * Watch for timeout. If preemptable, toss the rascal;
237 * otherwise, bump the poll interval. Note the
238 * poll_update() routine will clamp it to maxpoll.
239 */
241 hpoll++;
249 }
255 }
256 }
257 }
262 /*
263 * If ntpdate mode and the clock has not been
264 * set and all peers have completed the burst,
265 * we declare a successful failure.
266 */
268 peer_ntpdate--;
275 }
276 }
277 }
278 }
282 /*
283 * Do not transmit if in broadcast client mode.
284 */
288 }
291 /*
292 * receive - receive procedure called for each packet received
293 */
294 void
297 )
298 {
317 #ifdef OPENSSL
322 #ifdef HAVE_NTP_SIGND
326 /*
327 * Monitor the packet and get restrictions. Note that the packet
328 * length for control and private mode packets must be checked
329 * by the service routines. Some restrictions have to be handled
330 * later in order to generate a kiss-o'-death packet.
331 */
332 /*
333 * Bogus port check is before anything, since it probably
334 * reveals a clogging attack.
335 */
336 sys_received++;
338 sys_badlength++;
340 }
342 #ifdef DEBUG
348 #endif
355 sys_restricted++;
357 }
360 sys_restricted++;
362 }
366 }
369 sys_restricted++;
371 }
374 }
376 sys_restricted++;
378 }
380 /*
381 * This is for testing. If restricted drop ten percent of
382 * surviving packets.
383 */
386 sys_restricted++;
388 }
389 }
391 /*
392 * Version check must be after the query packets, since they
393 * intentionally use an early version.
394 */
398 NTP_OLDVERSION) {
401 sys_badlength++;
403 }
405 /*
406 * Figure out his mode and validate the packet. This has some
407 * legacy raunch that probably should be removed. In very early
408 * NTP versions mode 0 was equivalent to what later versions
409 * would interpret as client mode.
410 */
415 sys_badlength++;
417 }
418 }
420 /*
421 * Parse the extension field if present. We figure out whether
422 * an extension field is present by measuring the MAC size. If
423 * the number of words following the packet header is 0, no MAC
424 * is present and the packet is not authenticated. If 1, the
425 * packet is a crypto-NAK; if 3, the packet is authenticated
426 * with DES; if 5, the packet is authenticated with MD5; if 6,
427 * the packet is authenticated with SHA. If 2 or * 4, the packet
428 * is a runt and discarded forthwith. If greater than 6, an
429 * extension field is present, so we subtract the length of the
430 * field and go around again.
431 */
435 u_int32 len;
438 sys_badlength++;
440 }
450 sys_badlength++;
452 }
455 }
456 }
458 /*
459 * If authentication required, a MAC must be present.
460 */
462 sys_restricted++;
464 }
466 /*
467 * Update the MRU list and finger the cloggers. It can be a
468 * little expensive, so turn it off for production use.
469 */
472 sys_limitrejected++;
474 MODE_BROADCAST)
479 restrict_mask);
480 else
482 restrict_mask);
484 }
487 /*
488 * We have tossed out as many buggy packets as possible early in
489 * the game to reduce the exposure to a clogging attack. now we
490 * have to burn some cycles to find the association and
491 * authenticate the packet if required. Note that we burn only
492 * MD5 cycles, again to reduce exposure. There may be no
493 * matching association and that's okay.
494 *
495 * More on the autokey mambo. Normally the local interface is
496 * found when the association was mobilized with respect to a
497 * designated remote address. We assume packets arriving from
498 * the remote address arrive via this interface and the local
499 * address used to construct the autokey is the unicast address
500 * of the interface. However, if the sender is a broadcaster,
501 * the interface broadcast address is used instead.
502 * Notwithstanding this technobabble, if the sender is a
503 * multicaster, the broadcast address is null, so we use the
504 * unicast address anyway. Don't ask.
505 */
513 /*
514 * Authentication is conditioned by three switches:
515 *
516 * NOPEER (RES_NOPEER) do not mobilize an association unless
517 * authenticated
518 * NOTRUST (RES_DONTTRUST) do not allow access unless
519 * authenticated (implies NOPEER)
520 * enable (sys_authenticate) master NOPEER switch, by default
521 * on
522 *
523 * The NOPEER and NOTRUST can be specified on a per-client basis
524 * using the restrict command. The enable switch if on implies
525 * NOPEER for all clients. There are four outcomes:
526 *
527 * NONE The packet has no MAC.
528 * OK the packet has a MAC and authentication succeeds
529 * ERROR the packet has a MAC and authentication fails
530 * CRYPTO crypto-NAK. The MAC has four octets only.
531 *
532 * Note: The AUTH(x, y) macro is used to filter outcomes. If x
533 * is zero, acceptable outcomes of y are NONE and OK. If x is
534 * one, the only acceptable outcome of y is OK.
535 */
540 #ifdef DEBUG
546 authlen);
547 #endif
551 #ifdef DEBUG
558 #endif
560 #ifdef HAVE_NTP_SIGND
561 /*
562 * If the signature is 20 bytes long, the last 16 of
563 * which are zero, then this is a Microsoft client
564 * wanting AD-style authentication of the server's
565 * reply.
566 *
567 * This is described in Microsoft's WSPP docs, in MS-SNTP:
568 * http://msdn.microsoft.com/en-us/library/cc212930.aspx
569 */
579 #ifdef OPENSSL
580 /*
581 * For autokey modes, generate the session key
582 * and install in the key cache. Use the socket
583 * broadcast or unicast address as appropriate.
584 */
587 /*
588 * More on the autokey dance (AKD). A cookie is
589 * constructed from public and private values.
590 * For broadcast packets, the cookie is public
591 * (zero). For packets that match no
592 * association, the cookie is hashed from the
593 * addresses and private value. For server
594 * packets, the cookie was previously obtained
595 * from the server. For symmetric modes, the
596 * cookie was previously constructed using an
597 * agreement protocol; however, should PKI be
598 * unavailable, we construct a fake agreement as
599 * the EXOR of the peer and host cookies.
600 *
601 * hismode ephemeral persistent
602 * =======================================
603 * active 0 cookie#
604 * passive 0% cookie#
605 * client sys cookie 0%
606 * server 0% sys cookie
607 * broadcast 0 0
608 *
609 * # if unsync, 0
610 * % can't happen
611 */
613 sys_badauth++;
615 }
618 /*
619 * For broadcaster, use the interface
620 * broadcast address when available;
621 * otherwise, use the unicast address
622 * found when the association was
623 * mobilized. However, if this is from
624 * the wildcard interface, game over.
625 */
627 any_interface) {
628 sys_restricted++;
630 }
633 dstadr_sin =
641 }
643 /*
644 * The session key includes both the public
645 * values and cookie. In case of an extension
646 * field, the cookie used for authentication
647 * purposes is zero. Note the hash is saved for
648 * use later in the autokey mambo.
649 */
660 }
662 }
665 /*
666 * Compute the cryptosum. Note a clogging attack may
667 * succeed in bloating the key cache. If an autokey,
668 * purge it immediately, since we won't be needing it
669 * again. If the packet is authentic, it can mobilize an
670 * association. Note that there is no key zero.
671 */
673 has_mac))
675 else
677 #ifdef OPENSSL
681 #ifdef DEBUG
688 #endif
689 }
691 /*
692 * The association matching rules are implemented by a set of
693 * routines and an association table. A packet matching an
694 * association is processed by the peer process for that
695 * association. If there are no errors, an ephemeral association
696 * is mobilized: a broadcast packet mobilizes a broadcast client
697 * aassociation; a manycast server packet mobilizes a manycast
698 * client association; a symmetric active packet mobilizes a
699 * symmetric passive association.
700 */
703 /*
704 * This is a client mode packet not matching any association. If
705 * an ordinary client, simply toss a server mode packet back
706 * over the fence. If a manycast client, we have to work a
707 * little harder.
708 */
711 /*
712 * If authentication OK, send a server reply; otherwise,
713 * send a crypto-NAK.
714 */
717 is_authentic)) {
719 restrict_mask);
722 restrict_mask);
723 sys_badauth++;
725 sys_restricted++;
726 }
728 }
730 /*
731 * This must be manycast. Do not respond if not
732 * configured as a manycast server.
733 */
735 sys_restricted++;
737 }
739 /*
740 * Do not respond if we are not synchronized or our
741 * stratum is greater than the manycaster or the
742 * manycaster has already synchronized to us.
743 */
748 sys_declined++;
750 }
752 /*
753 * Respond only if authentication succeeds. Don't do a
754 * crypto-NAK, as that would not be useful.
755 */
758 restrict_mask);
761 /*
762 * This is a server mode packet returned in response to a client
763 * mode packet sent to a multicast group address. The origin
764 * timestamp is a good nonce to reliably associate the reply
765 * with what was sent. If there is no match, that's curious and
766 * could be an intruder attempting to clog, so we just ignore
767 * it.
768 *
769 * If the packet is authentic and the manycast association is
770 * found, we mobilize a client association and copy pertinent
771 * variables from the manycast association to the new client
772 * association. If not, just ignore the packet.
773 *
774 * There is an implosion hazard at the manycast client, since
775 * the manycast servers send the server packet immediately. If
776 * the guy is already here, don't fire up a duplicate.
777 */
781 sys_restricted++;
783 }
785 /*
786 * Do not respond if unsynchronized or stratum is below
787 * the floor or at or above the ceiling.
788 */
791 sys_declined++;
793 }
795 sys_restricted++;
797 }
801 NULL) {
802 sys_declined++;
804 }
806 /*
807 * We don't need these, but it warms the billboards.
808 */
815 /*
816 * This is the first packet received from a broadcast server. If
817 * the packet is authentic and we are enabled as broadcast
818 * client, mobilize a broadcast client association. We don't
819 * kiss any frogs here.
820 */
823 sys_restricted++;
825 }
828 sys_restricted++;
830 }
832 /*
833 * Do not respond if unsynchronized or stratum is below
834 * the floor or at or above the ceiling.
835 */
838 sys_declined++;
840 }
842 #ifdef OPENSSL
843 /*
844 * Do not respond if Autokey and the opcode is not a
845 * CRYPTO_ASSOC response with associationn ID.
846 */
849 sys_declined++;
851 }
854 /*
855 * Determine whether to execute the initial volley.
856 */
858 #ifdef OPENSSL
859 /*
860 * If a two-way exchange is not possible,
861 * neither is Autokey.
862 */
864 sys_restricted++;
866 }
869 /*
870 * Do not execute the volley. Start out in
871 * broadcast client mode.
872 */
877 sys_restricted++;
883 }
885 }
887 /*
888 * Execute the initial volley in order to calibrate the
889 * propagation delay and run the Autokey protocol.
890 *
891 * Note that the minpoll is taken from the broadcast
892 * packet, normally 6 (64 s) and that the poll interval
893 * is fixed at this value.
894 */
899 sys_restricted++;
901 }
902 #ifdef OPENSSL
909 /*
910 * This is the first packet received from a symmetric active
911 * peer. If the packet is authentic and the first he sent,
912 * mobilize a passive association. If not, kiss the frog.
913 */
918 /*
919 * If authenticated but cannot mobilize an
920 * association, send a symmetric passive
921 * response without mobilizing an association.
922 * This is for drat broken Windows clients. See
923 * Microsoft KB 875424 for preferred workaround.
924 */
926 is_authentic)) {
928 restrict_mask);
930 }
933 restrict_mask);
934 sys_restricted++;
935 }
936 }
938 /*
939 * Do not respond if synchronized and stratum is either
940 * below the floor or at or above the ceiling. Note,
941 * this allows an unsynchronized peer to synchronize to
942 * us. It would be very strange if he did and then was
943 * nipped, but that could only happen if we were
944 * operating at the top end of the range.
945 */
948 sys_declined++;
950 }
952 /*
953 * The message is correctly authenticated and
954 * allowed. Mobiliae a symmetric passive association.
955 */
960 sys_declined++;
962 }
966 /*
967 * Process regular packet. Nothing special.
968 */
972 /*
973 * A passive packet matches a passive association. This is
974 * usually the result of reconfiguring a client on the fly. As
975 * this association might be legitamate and this packet an
976 * attempt to deny service, just ignore it.
977 */
979 sys_declined++;
982 /*
983 * For everything else there is the bit bucket.
984 */
986 sys_declined++;
988 }
990 #ifdef OPENSSL
991 /*
992 * If the association is configured for Autokey, the packet must
993 * have a public key ID; if not, the packet must have a
994 * symmetric key ID.
995 */
999 sys_badauth++;
1001 }
1008 }
1010 /*
1011 * Next comes a rigorous schedule of timestamp checking. If the
1012 * transmit timestamp is zero, the server has not initialized in
1013 * interleaved modes or is horribly broken.
1014 */
1018 /*
1019 * If the transmit timestamp duplicates a previous one, the
1020 * packet is a replay. This prevents the bad guys from replaying
1021 * the most recent packet, authenticated or not.
1022 */
1028 /*
1029 * If this is a broadcast mode packet, skip further checking. If
1030 * an intial volley, bail out now and let the client do its
1031 * stuff. If the origin timestamp is nonzero, this is an
1032 * interleaved broadcast. so restart the protocol.
1033 */
1041 }
1043 /*
1044 * Check for bogus packet in basic mode. If found, switch to
1045 * interleaved mode and resynchronize, but only after confirming
1046 * the packet is not bogus in symmetric interleaved mode.
1047 */
1056 }
1059 }
1061 /*
1062 * Check for valid nonzero timestamp fields.
1063 */
1068 /*
1069 * Check for bogus packet in interleaved symmetric mode. This
1070 * can happen if a packet is lost, duplicat or crossed. If
1071 * found, flip and resynchronize.
1072 */
1078 }
1080 /*
1081 * Update the state variables.
1082 */
1087 }
1090 /*
1091 * If this is a crypto_NAK, the server cannot authenticate a
1092 * client packet. The server might have just changed keys. Clear
1093 * the association and restart the protocol.
1094 */
1102 }
1103 #ifdef OPENSSL
1109 /*
1110 * If the digest fails, the client cannot authenticate a server
1111 * reply to a client packet previously sent. The loopback check
1112 * is designed to avoid a bait-and-switch attack, which was
1113 * possible in past versions. If symmetric modes, return a
1114 * crypto-NAK. The peer should restart the protocol.
1115 */
1117 is_authentic)) {
1126 }
1127 #ifdef OPENSSL
1132 }
1134 /*
1135 * Set the peer ppoll to the maximum of the packet ppoll and the
1136 * peer minpoll. If a kiss-o'-death, set the peer minpoll to
1137 * this maximumn and advance the headway to give the sender some
1138 * headroom. Very intricate.
1139 */
1152 }
1154 /*
1155 * That was hard and I am sweaty, but the packet is squeaky
1156 * clean. Get on with real work.
1157 */
1161 else
1164 #ifdef OPENSSL
1165 /*
1166 * More autokey dance. The rules of the cha-cha are as follows:
1167 *
1168 * 1. If there is no key or the key is not auto, do nothing.
1169 *
1170 * 2. If this packet is in response to the one just previously
1171 * sent or from a broadcast server, do the extension fields.
1172 * Otherwise, assume bogosity and bail out.
1173 *
1174 * 3. If an extension field contains a verified signature, it is
1175 * self-authenticated and we sit the dance.
1176 *
1177 * 4. If this is a server reply, check only to see that the
1178 * transmitted key ID matches the received key ID.
1179 *
1180 * 5. Check to see that one or more hashes of the current key ID
1181 * matches the previous key ID or ultimate original key ID
1182 * obtained from the broadcaster or symmetric peer. If no
1183 * match, sit the dance and call for new autokey values.
1184 *
1185 * In case of crypto error, fire the orchestra, stop dancing and
1186 * restart the protocol.
1187 */
1189 /*
1190 * Decrement remaining audokey hashes. This isn't
1191 * perfect if a packet is lost, but results in no harm.
1192 */
1197 }
1210 }
1212 }
1214 /*
1215 * If server mode, verify the receive key ID matches
1216 * the transmit key ID.
1217 */
1222 /*
1223 * If an extension field is present, verify only that it
1224 * has been correctly signed. We don't need a sequence
1225 * check here, but the sequence continues.
1226 */
1230 /*
1231 * Now the fun part. Here, skeyid is the current ID in
1232 * the packet, pkeyid is the ID in the last packet and
1233 * tkeyid is the hash of skeyid. If the autokey values
1234 * have not been received, this is an automatic error.
1235 * If so, check that the tkeyid matches pkeyid. If not,
1236 * hash tkeyid and try again. If the number of hashes
1237 * exceeds the number remaining in the sequence, declare
1238 * a successful failure and refresh the autokey values.
1239 */
1250 }
1255 }
1259 }
1262 }
1266 /*
1267 * The maximum lifetime of the protocol is about one
1268 * week before restarting the Autokey protocol to
1269 * refreshed certificates and leapseconds values.
1270 */
1276 }
1277 }
1280 /*
1281 * The dance is complete and the flash bits have been lit. Toss
1282 * the packet over the fence for processing, which may light up
1283 * more flashers.
1284 */
1287 /*
1288 * In interleaved mode update the state variables. Also adjust the
1289 * transmit phase to avoid crossover.
1290 */
1297 else
1299 }
1300 }
1303 /*
1304 * process_packet - Packet Procedure, a la Section 3.4.4 of the
1305 * specification. Or almost, at least. If we're in here we have a
1306 * reasonable expectation that we will be having a long term
1307 * relationship with this host.
1308 */
1309 void
1313 u_int len
1314 )
1315 {
1321 #ifdef ASSYM
1326 sys_processed++;
1339 /*
1340 * Capture the header values in the client/peer association..
1341 */
1354 /*
1355 * First, if either burst mode is armed, enable the burst.
1356 * Compute the headway for the next packet and delay if
1357 * necessary to avoid exceeding the threshold.
1358 */
1364 else
1368 }
1371 /*
1372 * Verify the server is synchronized; that is, the leap bits,
1373 * stratum and root distance are valid.
1374 */
1381 /*
1382 * If any tests fail at this point, the packet is discarded.
1383 * Note that some flashers may have already been set in the
1384 * receive() routine.
1385 */
1388 #ifdef DEBUG
1392 #endif
1394 }
1396 /*
1397 * If the peer was previously unreachable, raise a trap. In any
1398 * case, mark it reachable.
1399 */
1403 }
1406 /*
1407 * For a client/server association, calculate the clock offset,
1408 * roundtrip delay and dispersion. The equations are reordered
1409 * from the spec for more efficient use of temporaries. For a
1410 * broadcast association, offset the last measurement by the
1411 * computed delay during the client/server volley. Note the
1412 * computation of dispersion includes the system precision plus
1413 * that due to the frequency error since the origin time.
1414 *
1415 * It is very important to respect the hazards of overflow. The
1416 * only permitted operation on raw timestamps is subtraction,
1417 * where the result is a signed quantity spanning from 68 years
1418 * in the past to 68 years in the future. To avoid loss of
1419 * precision, these calculations are done using 64-bit integer
1420 * arithmetic. However, the offset and delay calculations are
1421 * sums and differences of these first-order differences, which
1422 * if done using 64-bit integer arithmetic, would be valid over
1423 * only half that span. Since the typical first-order
1424 * differences are usually very small, they are converted to 64-
1425 * bit doubles and all remaining calculations done in floating-
1426 * double arithmetic. This preserves the accuracy while
1427 * retaining the 68-year span.
1428 *
1429 * There are three interleaving schemes, basic, interleaved
1430 * symmetric and interleaved broadcast. The timestamps are
1431 * idioscyncratically different. See the onwire briefing/white
1432 * paper at www.eecis.udel.edu/~mills for details.
1433 *
1434 * Interleaved symmetric mode
1435 * t1 = peer->aorg/borg, t2 = peer->rec, t3 = p_xmt,
1436 * t4 = peer->dst
1437 */
1445 else
1454 }
1456 /*
1457 * Broadcast modes
1458 */
1461 /*
1462 * Interleaved broadcast mode. Use interleaved timestamps.
1463 * t1 = peer->borg, t2 = p_org, t3 = p_org, t4 = aorg
1464 */
1479 }
1483 /*
1484 * Basic broadcast - use direct timestamps.
1485 * t3 = p_xmt, t4 = peer->dst
1486 */
1492 }
1494 /*
1495 * When calibration is complete and the clock is
1496 * synchronized, the bias is calculated as the difference
1497 * between the unicast timestamp and the broadcast
1498 * timestamp. This works for both basic and interleaved
1499 * modes.
1500 */
1504 }
1509 /*
1510 * Basic mode, otherwise known as the old fashioned way.
1511 *
1512 * t1 = p_org, t2 = p_rec, t3 = p_xmt, t4 = peer->dst
1513 */
1523 }
1528 #if ASSYM
1529 /*
1530 * This code calculates the outbound and inbound data rates by
1531 * measuring the differences between timestamps at different
1532 * packet lengths. This is helpful in cases of large asymmetric
1533 * delays commonly experienced on deep space communication
1534 * links.
1535 */
1544 }
1545 }
1553 }
1554 }
1555 }
1557 /*
1558 * The following section compensates for different data rates on
1559 * the outbound (d21) and inbound (t34) directions. To do this,
1560 * it finds t such that r21 * t - r34 * (d - t) = 0, where d is
1561 * the roundtrip delay. Then it calculates the correction as a
1562 * fraction of d.
1563 */
1568 #ifdef DEBUG
1572 #endif
1577 else
1580 /*
1581 * Unfortunately, in many cases the errors are
1582 * unacceptable, so for the present the rates are not
1583 * used. In future, we might find conditions where the
1584 * calculations are useful, so this should be considered
1585 * a work in progress.
1586 */
1589 #ifdef DEBUG
1593 td);
1594 #endif
1595 }
1598 /*
1599 * That was awesome. Now hand off to the clock filter.
1600 */
1603 /*
1604 * If we are in broadcast calibrate mode, return to broadcast
1605 * client mode when the client is fit and the autokey dance is
1606 * complete.
1607 */
1609 TEST11)) {
1610 #ifdef OPENSSL
1616 }
1620 }
1621 }
1624 /*
1625 * clock_update - Called at system process update intervals.
1626 */
1627 static void
1630 )
1631 {
1633 l_fp now;
1634 #ifdef HAVE_LIBSCF_H
1638 /*
1639 * Update the system state variables. We do this very carefully,
1640 * as the poll interval might need to be clamped differently.
1641 */
1653 else
1661 #ifdef DEBUG
1666 #endif
1668 /*
1669 * Comes now the moment of truth. Crank the clock discipline and
1670 * see what comes out.
1671 */
1674 /*
1675 * Clock exceeds panic threshold. Life as we know it ends.
1676 */
1678 #ifdef HAVE_LIBSCF_H
1679 /*
1680 * For Solaris enter the maintenance mode.
1681 */
1687 }
1688 /*
1689 * Sleep until SMF kills us.
1690 */
1693 }
1696 /* not reached */
1698 /*
1699 * Clock was stepped. Flush all time values of all peers.
1700 */
1713 /*
1714 * Clock was slewed. Handle the leapsecond stuff.
1715 */
1718 /*
1719 * If this is the first time the clock is set, reset the
1720 * leap bits. If crypto, the timer will goose the setup
1721 * process.
1722 */
1725 #ifdef OPENSSL
1729 }
1731 /*
1732 * If the leapseconds values are from file or network
1733 * and the leap is in the future, schedule a leap at the
1734 * given epoch. Otherwise, if the number of survivor
1735 * leap bits is greater than half the number of
1736 * survivors, schedule a leap for the end of the current
1737 * month.
1738 */
1745 NULL);
1749 }
1757 NULL);
1759 }
1763 }
1766 /*
1767 * Popcorn spike or step threshold exceeded. Pretend it never
1768 * happened.
1769 */
1772 }
1773 }
1776 /*
1777 * poll_update - update peer poll interval
1778 */
1779 void
1782 int mpoll
1783 )
1784 {
1788 /*
1789 * This routine figures out when the next poll should be sent.
1790 * That turns out to be wickedly complicated. One problem is
1791 * that sometimes the time for the next poll is in the past when
1792 * the poll interval is reduced. We watch out for races here
1793 * between the receive process and the poll process.
1794 *
1795 * First, bracket the poll interval according to the type of
1796 * association and options. If a fixed interval is configured,
1797 * use minpoll. This primarily is for reference clocks, but
1798 * works for any association. Otherwise, clamp the poll interval
1799 * between minpoll and maxpoll.
1800 */
1803 else
1806 #ifdef OPENSSL
1807 /*
1808 * If during the crypto protocol the poll interval has changed,
1809 * the lifetimes in the key list are probably bogus. Purge the
1810 * the key list and regenerate it later.
1811 */
1817 /*
1818 * There are three variables important for poll scheduling, the
1819 * current time (current_time), next scheduled time (nextdate)
1820 * and the earliest time (utemp). The earliest time is 2 s
1821 * seconds, but could be more due to rate management. When
1822 * sending in a burst, use the earliest time. When not in a
1823 * burst but with a reply pending, send at the earliest time
1824 * unless the next scheduled time has not advanced. This can
1825 * only happen if multiple replies are peinding in the same
1826 * response interval. Otherwise, send at the later of the next
1827 * scheduled time and the earliest time.
1828 *
1829 * Now we figure out if there is an override. If a burst is in
1830 * progress and we get called from the receive process, just
1831 * slink away. If called from the poll process, delay 1 s for a
1832 * reference clock, otherwise 2 s.
1833 */
1840 #ifdef REFCLOCK
1844 else
1847 #ifdef OPENSSL
1848 /*
1849 * If a burst is not in progress and a crypto response message
1850 * is pending, delay 2 s, but only if this is a new interval.
1851 */
1858 }
1861 /*
1862 * The ordinary case. If a retry, use minpoll; if unreachable,
1863 * use host poll; otherwise, use the minimum of host and peer
1864 * polls; In other words, oversampling is okay but
1865 * understampling is evil. Use the maximum of this value and the
1866 * headway. If the average headway is greater than the headway
1867 * threshold, increase the headway by the minimum interval.
1868 */
1874 else
1876 #ifdef REFCLOCK
1879 else
1889 else
1894 }
1895 #ifdef DEBUG
1901 current_time);
1902 #endif
1903 }
1906 /*
1907 * peer_clear - clear peer filter registers. See Section 3.4.8 of the
1908 * spec.
1909 */
1910 void
1914 )
1915 {
1918 #ifdef OPENSSL
1919 /*
1920 * If cryptographic credentials have been acquired, toss them to
1921 * Valhalla. Note that autokeys are ephemeral, in that they are
1922 * tossed immediately upon use. Therefore, the keylist can be
1923 * purged anytime without needing to preserve random keys. Note
1924 * that, if the peer is purged, the cryptographic variables are
1925 * purged, too. This makes it much harder to sneak in some
1926 * unauthenticated data in the clock filter.
1927 */
1943 /*
1944 * Clear all values, including the optional crypto values above.
1945 */
1953 /*
1954 * If interleave mode, initialize the alternate origin switch.
1955 */
1961 }
1962 #ifdef REFCLOCK
1967 }
1968 #else
1974 /*
1975 * During initialization use the association count to spread out
1976 * the polls at one-second intervals. Otherwise, randomize over
1977 * the minimum poll interval in order to avoid broadcast
1978 * implosion.
1979 */
1987 }
1988 #ifdef OPENSSL
1991 #ifdef DEBUG
1996 ident);
1997 #endif
1998 }
2001 /*
2002 * clock_filter - add incoming clock sample to filter register and run
2003 * the filter procedure to find the best sample.
2004 */
2005 void
2011 )
2012 {
2019 /*
2020 * A sample consists of the offset, delay, dispersion and epoch
2021 * of arrival. The offset and delay are determined by the on-
2022 * wire protcol. The dispersion grows from the last outbound
2023 * packet to the arrival of this one increased by the sum of the
2024 * peer precision and the system precision as required by the
2025 * error budget. First, shift the new arrival into the shift
2026 * register discarding the oldest one.
2027 */
2036 /*
2037 * Update dispersions since the last update and at the same
2038 * time initialize the distance and index lists. Since samples
2039 * become increasingly uncorrelated beyond the Allan intercept,
2040 * only under exceptional cases will an older sample be used.
2041 * Therefore, the distance list uses a compound metric. If the
2042 * dispersion is greater than the maximum dispersion, clamp the
2043 * distance at that value. If the time since the last update is
2044 * less than the Allan intercept use the delay; otherwise, use
2045 * the sum of the delay and dispersion.
2046 */
2061 }
2064 }
2066 /*
2067 * If the clock discipline has stabilized, sort the samples by
2068 * distance.
2069 */
2080 }
2081 }
2082 }
2083 }
2085 /*
2086 * Copy the index list to the association structure so ntpq
2087 * can see it later. Prune the distance list to leave only
2088 * samples less than the maximum dispersion, which disfavors
2089 * uncorrelated samples older than the Allan intercept. To
2090 * further improve the jitter estimate, of the remainder leave
2091 * only samples less than the maximum distance, but keep at
2092 * least two samples for jitter calculation.
2093 */
2098 sys_maxdist))
2100 m++;
2101 }
2103 /*
2104 * Compute the dispersion and jitter. The dispersion is weighted
2105 * exponentially by NTP_FWEIGHT (0.5) so it is normalized close
2106 * to 1.0. The jitter is the RMS differences relative to the
2107 * lowest delay sample.
2108 */
2118 }
2120 /*
2121 * If no acceptable samples remain in the shift register,
2122 * quietly tiptoe home leaving only the dispersion. Otherwise,
2123 * save the offset, delay and jitter. Note the jitter must not
2124 * be less than the precision.
2125 */
2136 /*
2137 * If the the new sample and the current sample are both valid
2138 * and the difference between their offsets exceeds CLOCK_SGATE
2139 * (3) times the jitter and the interval between them is less
2140 * than twice the host poll interval, consider the new sample
2141 * a popcorn spike and ignore it.
2142 */
2150 }
2152 /*
2153 * A new minimum sample is useful only if it is later than the
2154 * last one used. In this design the maximum lifetime of any
2155 * sample is not greater than eight times the poll interval, so
2156 * the maximum interval between minimum samples is eight
2157 * packets.
2158 */
2160 #if DEBUG
2164 #endif
2166 }
2169 /*
2170 * The mitigated sample statistics are saved for later
2171 * processing. If not synchronized or not in a burst, tickle the
2172 * clock select algorithm.
2173 */
2176 #ifdef DEBUG
2182 #endif
2185 }
2188 /*
2189 * clock_select - find the pick-of-the-litter clock
2190 *
2191 * LOCKCLOCK: (1) If the local clock is the prefer peer, it will always
2192 * be enabled, even if declared falseticker, (2) only the prefer peer
2193 * caN Be selected as the system peer, (3) if the external source is
2194 * down, the system leap bits are set to 11 and the stratum set to
2195 * infinity.
2196 */
2197 void
2199 {
2213 #ifdef REFCLOCK
2227 /*
2228 * Initialize and create endpoint, index and peer lists big
2229 * enough to handle all associations.
2230 */
2234 #ifdef LOCKCLOCK
2247 }
2253 }
2257 }
2259 /*
2260 * Initially, we populate the island with all the rifraff peers
2261 * that happen to be lying around. Those with seriously
2262 * defective clocks are immediately booted off the island. Then,
2263 * the falsetickers are culled and put to sea. The truechimers
2264 * remaining are subject to repeated rounds where the most
2265 * unpopular at each round is kicked off. When the population
2266 * has dwindled to sys_minclock, the survivors split a million
2267 * bucks and collectively crank the chimes.
2268 */
2276 /*
2277 * Leave the island immediately if the peer is
2278 * unfit to synchronize.
2279 */
2283 /*
2284 * If this is an orphan, choose the one with
2285 * the lowest metric defined as the IPv4 address
2286 * or the first 64 bits of the hashed IPv6 address.
2287 */
2295 }
2297 }
2298 #ifdef REFCLOCK
2299 /*
2300 * The following are special cases. We deal
2301 * with them later.
2302 */
2315 }
2318 /*
2319 * If we get this far, the peer can stay on the
2320 * island, but does not yet have the immunity
2321 * idol.
2322 */
2326 /*
2327 * Insert each interval endpoint on the sorted
2328 * list.
2329 */
2338 }
2349 }
2360 }
2364 }
2365 }
2366 #ifdef DEBUG
2372 #endif
2373 /*
2374 * This is the actual algorithm that cleaves the truechimers
2375 * from the falsetickers. The original algorithm was described
2376 * in Keith Marzullo's dissertation, but has been modified for
2377 * better accuracy.
2378 *
2379 * Briefly put, we first assume there are no falsetickers, then
2380 * scan the candidate list first from the low end upwards and
2381 * then from the high end downwards. The scans stop when the
2382 * number of intersections equals the number of candidates less
2383 * the number of falsetickers. If this doesn't happen for a
2384 * given number of falsetickers, we bump the number of
2385 * falsetickers and try again. If the number of falsetickers
2386 * becomes equal to or greater than half the number of
2387 * candidates, the Albanians have won the Byzantine wars and
2388 * correct synchronization is not possible.
2389 *
2390 * Here, nlist is the number of candidates and allow is the
2391 * number of falsetickers. Upon exit, the truechimers are the
2392 * susvivors with offsets not less than low and not greater than
2393 * high. There may be none of them.
2394 */
2400 /*
2401 * Bound the interval (low, high) as the largest
2402 * interval containing points from presumed truechimers.
2403 */
2412 found++;
2413 }
2421 found++;
2422 }
2424 /*
2425 * If the number of candidates found outside the
2426 * interval is greater than the number of falsetickers,
2427 * then at least one truechimer is outside the interval,
2428 * so go around again. This is what makes this algorithm
2429 * different than Marzullo's.
2430 */
2434 /*
2435 * If an interval containing truechimers is found, stop.
2436 * If not, increase the number of falsetickers and go
2437 * around again.
2438 */
2441 }
2443 /*
2444 * Clustering algorithm. Construct candidate list in order first
2445 * by stratum then by root distance, but keep only the best
2446 * NTP_MAXASSOC of them. Scan the list to find falsetickers, who
2447 * leave the island immediately. The TRUE peer is always a
2448 * truechimer. We must leave at least one peer to collect the
2449 * million bucks.
2450 */
2458 #ifdef REFCLOCK
2459 /*
2460 * Elegible PPS peers must survive the intersection
2461 * algorithm. Use the first one found, but don't
2462 * include any of them in the cluster population.
2463 */
2468 }
2471 /*
2472 * The metric is the scaled root distance at the next
2473 * poll interval plus the peer stratum.
2474 */
2480 else
2481 j--;
2482 }
2490 }
2494 j++;
2495 }
2498 /*
2499 * If no survivors remain at this point, check if the modem
2500 * driver, local driver or orphan parent in that order. If so,
2501 * nominate the first one found as the only survivor.
2502 * Otherwise, give up and leave the island to the rats.
2503 */
2507 #ifdef REFCLOCK
2514 }
2519 }
2520 }
2522 /*
2523 * Mark the candidates at this point as truechimers.
2524 */
2527 #ifdef DEBUG
2531 #endif
2532 }
2534 /*
2535 * Now, vote outlyers off the island by select jitter weighted
2536 * by root distance. Continue voting as long as there are more
2537 * than sys_minclock survivors and the minimum select jitter is
2538 * greater than the maximum peer jitter. Stop if we are about to
2539 * discard a TRUE or PREFER peer, who of course has the
2540 * immunity idol.
2541 */
2557 }
2562 }
2563 }
2572 }
2573 #ifdef DEBUG
2578 #endif
2585 }
2586 nlist--;
2587 }
2589 /*
2590 * What remains is a list usually not greater than sys_minclock
2591 * peers. Note that the head of the list is the system peer at
2592 * the lowest stratum and that unsynchronized peers cannot
2593 * survive this far.
2594 *
2595 * While at it, count the number of leap warning bits found.
2596 * This will be used later to vote the system leap warning bit.
2597 * If a leap warning bit is found on a reference clock, the vote
2598 * is always won.
2599 */
2605 sys_survivors++;
2609 else
2610 leap_vote++;
2611 }
2614 }
2616 /*
2617 * Unless there are at least sys_misane survivors, leave the
2618 * building dark. Otherwise, do a clockhop dance. Ordinarily,
2619 * use the first survivor on the survivor list. However, if the
2620 * last selection is not first on the list, use it as long as
2621 * it doesn't get too old or too ugly.
2622 */
2633 else
2635 #ifdef DEBUG
2639 #endif
2642 else
2646 }
2647 }
2649 /*
2650 * Mitigation rules of the game. We have the pick of the
2651 * litter in typesystem if any survivors are left. If
2652 * there is a prefer peer, use its offset and jitter.
2653 * Otherwise, use the combined offset and jitter of all kitters.
2654 */
2667 }
2668 #ifdef DEBUG
2672 #endif
2673 }
2674 #ifdef REFCLOCK
2675 /*
2676 * If a PPS driver is lit and the combined offset is less than
2677 * 0.4 s, select the driver as the PPS peer and use its offset
2678 * and jitter. However, if this is the atom driver, use it only
2679 * if there is a prefer peer or there are no survivors and none
2680 * are required.
2681 */
2691 #ifdef DEBUG
2695 #endif
2696 }
2699 /*
2700 * If there are no survivors at this point, there is no
2701 * system peer. If so and this is an old update, keep the
2702 * current statistics, but do not update the clock.
2703 */
2709 }
2711 /*
2712 * Do not use old data, as this may mess up the clock discipline
2713 * stability.
2714 */
2718 /*
2719 * We have found the alpha male. Wind the clock.
2720 */
2725 }
2728 /*
2729 * clock_combine - compute system offset and jitter from selected peers
2730 */
2731 static void
2735 )
2736 {
2746 }
2749 }
2752 /*
2753 * root_distance - compute synchronization distance from peer to root
2754 */
2755 static double
2758 )
2759 {
2762 /*
2763 * Careful squeak here. The value returned must be greater than
2764 * the minimum root dispersion in order to avoid clockhop with
2765 * highly precise reference clocks. Note that the root distance
2766 * cannot exceed the sys_maxdist, as this is the cutoff by the
2767 * selection algorithm.
2768 */
2775 }
2778 /*
2779 * peer_xmit - send packet for persistent association.
2780 */
2781 static void
2784 )
2785 {
2806 /*
2807 * If the received packet contains a MAC, the transmitted packet
2808 * is authenticated and contains a MAC. If not, the transmitted
2809 * packet is not authenticated.
2810 *
2811 * It is most important when autokey is in use that the local
2812 * interface IP address be known before the first packet is
2813 * sent. Otherwise, it is not possible to compute a correct MAC
2814 * the recipient will accept. Thus, the I/O semantics have to do
2815 * a little more work. In particular, the wildcard interface
2816 * might not be usable.
2817 */
2819 #ifdef OPENSSL
2821 #else
2825 /*
2826 * Transmit a-priori timestamps
2827 */
2838 else
2845 else
2848 }
2849 }
2856 /*
2857 * Capture a-posteriori timestamps
2858 */
2863 else
2866 }
2869 #ifdef DEBUG
2875 #endif
2877 }
2879 /*
2880 * Authentication is enabled, so the transmitted packet must be
2881 * authenticated. If autokey is enabled, fuss with the various
2882 * modes; otherwise, symmetric key cryptography is used.
2883 */
2884 #ifdef OPENSSL
2888 /*
2889 * The Public Key Dance (PKD): Cryptographic credentials
2890 * are contained in extension fields, each including a
2891 * 4-octet length/code word followed by a 4-octet
2892 * association ID and optional additional data. Optional
2893 * data includes a 4-octet data length field followed by
2894 * the data itself. Request messages are sent from a
2895 * configured association; response messages can be sent
2896 * from a configured association or can take the fast
2897 * path without ever matching an association. Response
2898 * messages have the same code as the request, but have
2899 * a response bit and possibly an error bit set. In this
2900 * implementation, a message may contain no more than
2901 * one command and one or more responses.
2902 *
2903 * Cryptographic session keys include both a public and
2904 * a private componet. Request and response messages
2905 * using extension fields are always sent with the
2906 * private component set to zero. Packets without
2907 * extension fields indlude the private component when
2908 * the session key is generated.
2909 */
2912 /*
2913 * Allocate and initialize a keylist if not
2914 * already done. Then, use the list in inverse
2915 * order, discarding keys once used. Keep the
2916 * latest key around until the next one, so
2917 * clients can use client/server packets to
2918 * compute propagation delay.
2919 *
2920 * Note that once a key is used from the list,
2921 * it is retained in the key cache until the
2922 * next key is used. This is to allow a client
2923 * to retrieve the encrypted session key
2924 * identifier to verify authenticity.
2925 *
2926 * If for some reason a key is no longer in the
2927 * key cache, a birthday has happened or the key
2928 * has expired, so the pseudo-random sequence is
2929 * broken. In that case, purge the keylist and
2930 * regenerate it.
2931 */
2934 else
2939 else
2941 }
2946 /*
2947 * In broadcast server mode the autokey values are
2948 * required by the broadcast clients. Push them when a
2949 * new keylist is generated; otherwise, push the
2950 * association message so the client can request them at
2951 * other times.
2952 */
2957 else
2962 /*
2963 * In symmetric modes the parameter, certificate,
2964 * identity, cookie and autokey exchanges are
2965 * required. The leapsecond exchange is optional. But, a
2966 * peer will not believe the other peer until the other
2967 * peer has synchronized, so the certificate exchange
2968 * might loop until then. If a peer finds a broken
2969 * autokey sequence, it uses the autokey exchange to
2970 * retrieve the autokey values. In any case, if a new
2971 * keylist is generated, the autokey values are pushed.
2972 */
2976 /*
2977 * Parameter, certificate and identity.
2978 */
2988 NULL);
2990 /*
2991 * Cookie and autokey. We request the cookie
2992 * only when the this peer and the other peer
2993 * are synchronized. But, this peer needs the
2994 * autokey values when the cookie is zero. Any
2995 * time we regenerate the key list, we offer the
2996 * autokey values without being asked. If for
2997 * some reason either peer finds a broken
2998 * autokey sequence, the autokey exchange is
2999 * used to retrieve the autokey values.
3000 */
3014 /*
3015 * Wait for clock sync, then sign the
3016 * certificate and retrieve the leapsecond
3017 * values.
3018 */
3030 /*
3031 * In client mode the parameter, certificate, identity,
3032 * cookie and sign exchanges are required. The
3033 * leapsecond exchange is optional. If broadcast client
3034 * mode the same exchanges are required, except that the
3035 * autokey exchange is substitutes for the cookie
3036 * exchange, since the cookie is always zero. If the
3037 * broadcast client finds a broken autokey sequence, it
3038 * uses the autokey exchange to retrieve the autokey
3039 * values.
3040 */
3043 /*
3044 * Parameter, certificate and identity.
3045 */
3055 NULL);
3057 /*
3058 * Cookie and autokey. These are requests, but
3059 * we use the peer association ID with autokey
3060 * rather than our own.
3061 */
3069 /*
3070 * Wait for clock sync, then sign the
3071 * certificate and retrieve the leapsecond
3072 * values.
3073 */
3084 }
3086 /*
3087 * Add a queued extension field if present. This is
3088 * always a request message, so the reply ID is already
3089 * in the message. If an error occurs, the error bit is
3090 * lit in the response.
3091 */
3093 u_int32 temp32;
3101 }
3103 /*
3104 * Add an extension field created above. All but the
3105 * autokey response message are request messages.
3106 */
3112 }
3114 /*
3115 * Calculate the next session key. Since extension
3116 * fields are present, the cookie value is zero.
3117 */
3121 }
3122 }
3125 /*
3126 * Transmit a-priori timestamps
3127 */
3137 else
3142 else
3144 }
3145 }
3153 }
3155 #ifdef OPENSSL
3162 }
3165 sendlen);
3169 /*
3170 * Capture a-posteriori timestamps
3171 */
3176 else
3179 }
3182 #ifdef OPENSSL
3183 #ifdef DEBUG
3190 #endif
3192 #ifdef DEBUG
3198 #endif
3200 }
3203 /*
3204 * fast_xmit - Send packet for nonpersistent association. Note that
3205 * neither the source or destination can be a broadcast address.
3206 */
3207 static void
3213 )
3214 {
3219 #ifdef OPENSSL
3220 u_int32 temp32;
3221 #endif
3223 /*
3224 * Initialize transmit packet header fields from the receive
3225 * buffer provided. We leave the fields intact as received, but
3226 * set the peer poll at the maximum of the receive peer poll and
3227 * the system minimum poll (ntp_minpoll). This is for KoD rate
3228 * control and not strictly specification compliant, but doesn't
3229 * break anything.
3230 *
3231 * If the gazinta was from a multicast address, the gazoutta
3232 * must go out another way.
3233 */
3238 /*
3239 * If this is a kiss-o'-death (KoD) packet, show leap
3240 * unsynchronized, stratum zero, reference ID the four-character
3241 * kiss code and system root delay. Note we don't reveal the
3242 * local time, so these packets can't be used for
3243 * synchronization.
3244 */
3246 sys_kodsent++;
3256 /*
3257 * This is a normal packet. Use the system variables.
3258 */
3273 }
3275 #ifdef HAVE_NTP_SIGND
3279 }
3282 /*
3283 * If the received packet contains a MAC, the transmitted packet
3284 * is authenticated and contains a MAC. If not, the transmitted
3285 * packet is not authenticated.
3286 */
3290 sendlen);
3291 #ifdef DEBUG
3297 #endif
3299 }
3301 /*
3302 * The received packet contains a MAC, so the transmitted packet
3303 * must be authenticated. For symmetric key cryptography, use
3304 * the predefined and trusted symmetric keys to generate the
3305 * cryptosum. For autokey cryptography, use the server private
3306 * value to generate the cookie, which is unique for every
3307 * source-destination-key ID combination.
3308 */
3309 #ifdef OPENSSL
3311 keyid_t cookie;
3313 /*
3314 * The only way to get here is a reply to a legitimate
3315 * client request message, so the mode must be
3316 * MODE_SERVER. If an extension field is present, there
3317 * can be only one and that must be a command. Do what
3318 * needs, but with private value of zero so the poor
3319 * jerk can decode it. If no extension field is present,
3320 * use the cookie to generate the session key.
3321 */
3331 cookie);
3335 }
3336 }
3340 #ifdef OPENSSL
3348 #ifdef DEBUG
3354 #endif
3355 }
3358 #ifdef OPENSSL
3359 /*
3360 * key_expire - purge the key list
3361 */
3362 void
3365 )
3366 {
3374 }
3378 #ifdef DEBUG
3382 #endif
3383 }
3387 /*
3388 * Determine if the peer is unfit for synchronization
3389 *
3390 * A peer is unfit for synchronization if
3391 * > TEST10 bad leap or stratum below floor or at or above ceiling
3392 * > TEST11 root distance exceeded for remote peer
3393 * > TEST12 a direct or indirect synchronization loop would form
3394 * > TEST13 unreachable or noselect
3395 */
3399 )
3400 {
3403 /*
3404 * A stratum error occurs if (1) the server has never been
3405 * synchronized, (2) the server stratum is below the floor or
3406 * greater than or equal to the ceiling.
3407 */
3412 /*
3413 * A distance error for a remote peer occurs if the root
3414 * distance is greater than or equal to the distance threshold
3415 * plus the increment due to one host poll interval.
3416 */
3421 /*
3422 * A loop error occurs if the remote peer is synchronized to the
3423 * local peer or if the remote peer is synchronized to the same
3424 * server as the local peer but only if the remote peer is
3425 * neither a reference clock nor an orphan.
3426 */
3432 /*
3433 * An unreachable error occurs if the server is unreachable or
3434 * the noselect bit is set.
3435 */
3442 }
3445 /*
3446 * Find the precision of this particular machine
3447 */
3452 /*
3453 * This routine measures the system precision defined as the minimum of
3454 * a sequence of differences between successive readings of the system
3455 * clock. However, if a difference is less than MINSTEP, the clock has
3456 * been read more than once during a clock tick and the difference is
3457 * ignored. We set MINSTEP greater than zero in case something happens
3458 * like a cache miss.
3459 */
3460 int
3462 {
3470 /*
3471 * Loop to find precision value in seconds.
3472 */
3489 }
3492 /*
3493 * Find the nearest power of two.
3494 */
3499 i--;
3501 }
3504 /*
3505 * init_proto - initialize the protocol module's data
3506 */
3507 void
3509 {
3510 l_fp dummy;
3513 /*
3514 * Fill in the sys_* stuff. Default is don't listen to
3515 * broadcasting, require authentication.
3516 */
3537 }
3540 }
3543 /*
3544 * proto_config - configure the protocol module
3545 */
3546 void
3549 u_long value,
3551 sockaddr_u *svalue
3552 )
3553 {
3554 /*
3555 * Figure out what he wants to change, then do it
3556 */
3562 /*
3563 * enable and disable commands - arguments are Boolean.
3564 */
3573 else
3577 #ifdef REFCLOCK
3590 else
3606 /*
3607 * tos command - arguments are double, sometimes cast to int
3608 */
3660 /*
3661 * Miscellaneous commands
3662 */
3677 }
3678 }
3681 /*
3682 * proto_clr_stats - clear protocol stat counters
3683 */
3684 void
3686 {
3697 }