* [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve
time. Include passive servers in this check. HStenn.
* [Sec 2945] Additional KoD packet checks. HStenn.
+* [Sec 2978] Interleave can be partially triggered. HStenn.
* [Sec 3008] Always check the return value of ctl_getitem().
- initial work by HStenn
- Additional cleanup of ctl_getitem by perlinger@ntp.org
esac
AC_MSG_RESULT([$ntp_ok])
+###
+
+AC_MSG_CHECKING([if we want dynamic interleave support])
+AC_ARG_ENABLE(
+ [dynamic-interleave],
+ [AS_HELP_STRING(
+ [--enable-dynamic-interleave],
+ [- dynamic interleave support]
+ )],
+ [ntp_ok=$enableval],
+ [ntp_ok=no]
+)
+ntp_dynamic_interleave=0
+case "$ntp_ok" in
+ yes)
+ ntp_dynamic_interleave=1
+ ;;
+esac
+AC_DEFINE_UNQUOTED([DYNAMIC_INTERLEAVE], [$ntp_dynamic_interleave],
+ [support dynamic interleave?])
+AC_MSG_RESULT([$ntp_ok])
+
NTP_UNITYBUILD
dnl gtest is needed for our tests subdirs. It would be nice if we could
#include <unistd.h>
#endif
-/*[Bug 3031] define automatic broadcastdelay cutoff preset */
+/* [Bug 3031] define automatic broadcastdelay cutoff preset */
#ifndef BDELAY_DEFAULT
# define BDELAY_DEFAULT (-0.050)
#endif
int unpeer_crypto_nak_early = 1; /* crypto_NAK (TEST5) */
int unpeer_digest_early = 1; /* bad digest (TEST5) */
+int dynamic_interleave = DYNAMIC_INTERLEAVE; /* Bug 2978 mitigation */
+
int kiss_code_check(u_char hisleap, u_char hisstratum, u_char hismode, u_int32 refid);
enum nak_error_codes valid_NAK(struct peer *peer, struct recvbuf *rbufp, u_char hismode);
static double root_distance (struct peer *);
if ( !L_ISZERO(&peer->dst)
&& L_ISEQU(&p_org, &peer->dst)) {
/* Might be the start of an interleave */
- peer->flip = 1;
- report_event(PEVNT_XLEAVE, peer, NULL);
+ if (dynamic_interleave) {
+ peer->flip = 1;
+ report_event(PEVNT_XLEAVE, peer, NULL);
+ } else {
+ msyslog(LOG_INFO,
+ "receive: Dynamic interleave from %s@%s denied",
+ hm_str, ntoa(&peer->srcadr));
+ }
}
} else {
L_CLR(&peer->aorg);
projects / thirdparty / ntp.git / commitdiff
