ntp_peer.c:

  Bug 789 (backported from ntp-dev):
  Fix multicast client crypto authentication and make sure arriving
  multicast packets do not disturb the autokey dance.
ChangeLog:
  Bug 789 (backported from ntp-dev):
  Fix multicast client crypto authentication and make sure arriving
  multicast packets do not disturb the autokey dance.

bk: 46331fcdeio_-DVPk-ERSSGssCQ2nA

diff --git a/ChangeLog b/ChangeLog
index f0e272edd2d42209aa65cb72667d70e4918799b6..0d01ee1216d9797a6cbe727196d4d868be857977 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,7 @@
-* [Bug 785] improve handling of multicast interfaces (multicast routers still need to run a multicast routing software/daemon)
+* [Bug 789] Fix multicast client crypto authentication and make sure arriving
+           multicast packets do not disturb the autokey dance.
+* [Bug 785] improve handling of multicast interfaces
+           (multicast routers still need to run a multicast routing software/daemon)
 (4.2.4p1) Released by Harlan Stenn <stenn@ntp.org>
 * [Bug 811] ntpd should not read a .ntprc file.
 * [Bug 793] Update Hans Lambermont's email address in ntpsweep.

diff --git a/ntpd/ntp_peer.c b/ntpd/ntp_peer.c
index d568ab437426b45df31050c7df855a8ee41d29ba..1655d327e2846965011ff866ab02f63980c99915 100644 (file)
--- a/ntpd/ntp_peer.c
+++ b/ntpd/ntp_peer.c
@@ -530,7 +530,17 @@ void
 set_peerdstadr(struct peer *peer, struct interface *interface)
 {
        if (peer->dstadr != interface) {
-               struct interface *prev_dstadr = peer->dstadr;
+               if (interface != NULL &&
+                   (peer->cast_flags & MDF_BCLNT) &&
+                   (interface->flags & INT_MCASTIF) &&
+                   peer->burst) {
+                       /*
+                        * don't accept updates to a true multicast reception
+                        * interface while a BCLNT peer is running it's
+                        * unicast protocol
+                        */
+                       return;
+               }
 
                if (peer->dstadr != NULL)
                {
@@ -545,16 +555,6 @@ set_peerdstadr(struct peer *peer, struct interface *interface)
 
                peer->dstadr = interface;
 
-               if (prev_dstadr != NULL) {
-                       /*
-                        * reset crypto information if we change from an
-                        * active interface
-                        * all other crypto updates are handled by the crypto
-                        * machinery
-                        */
-                       peer_crypto_clear(peer);
-               }
-
                if (peer->dstadr != NULL)
                {
                        ISC_LIST_APPEND(peer->dstadr->peers, peer, ilink);
@@ -569,7 +569,7 @@ set_peerdstadr(struct peer *peer, struct interface *interface)
 static void
 peer_refresh_interface(struct peer *peer)
 {
-       struct interface *niface;
+       struct interface *niface, *piface;
 
        niface = select_peerinterface(peer, &peer->srcadr, NULL, peer->cast_flags);
 
@@ -607,9 +607,18 @@ peer_refresh_interface(struct peer *peer)
        }
 #endif
 
+       piface = peer->dstadr;
+
        set_peerdstadr(peer, niface);
 
        if (peer->dstadr) {
+                /*
+                 * clear crypto if we change the local address
+                 */
+                if (peer->dstadr != piface && !(peer->cast_flags & MDF_BCLNT)) {
+                       peer_crypto_clear(peer);
+               }
+
                /*
                 * Broadcast needs the socket enabled for broadcast
                 */