From: Harlan Stenn Date: Fri, 8 Sep 2006 23:23:32 +0000 (-0400) Subject: [Bug 691] ntp_monitor()/restrictions() interaction fixes X-Git-Tag: NTP_4_2_3P41~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9c5a3e108a476be43c9ae2f8927157a19c567086;p=thirdparty%2Fntp.git [Bug 691] ntp_monitor()/restrictions() interaction fixes bk: 4501fb74ok2LEZlHdNofbtKeI5k8Bw --- diff --git a/include/ntpd.h b/include/ntpd.h index 7651331ac..d51ddf74f 100644 --- a/include/ntpd.h +++ b/include/ntpd.h @@ -126,7 +126,7 @@ extern u_long sys_tai; extern void init_mon P((void)); extern void mon_start P((int)); extern void mon_stop P((int)); -extern void ntp_monitor P((struct recvbuf *)); +extern int ntp_monitor P((struct recvbuf *)); extern void ntp_monclearinterface P((struct interface *interface)); /* ntp_peer.c */ @@ -211,7 +211,7 @@ extern void process_private P((struct recvbuf *, int)); /* ntp_restrict.c */ extern void init_restrict P((void)); -extern int restrictions P((struct sockaddr_storage *)); +extern int restrictions P((struct sockaddr_storage *, int)); extern void hack_restrict P((int, struct sockaddr_storage *, struct sockaddr_storage *, int, int)); /* ntp_timer.c */ diff --git a/ntpd/ntp_monitor.c b/ntpd/ntp_monitor.c index d4f495f46..753fa767c 100644 --- a/ntpd/ntp_monitor.c +++ b/ntpd/ntp_monitor.c @@ -199,8 +199,10 @@ ntp_monclearinterface(struct interface *interface) /* * ntp_monitor - record stats about this packet + * + * Returns 1 if the packet is at the head of the list, 0 otherwise. */ -void +int ntp_monitor( struct recvbuf *rbufp ) @@ -212,7 +214,7 @@ ntp_monitor( register int mode; if (mon_enabled == MON_OFF) - return; + return 0; pkt = &rbufp->recv_pkt; memset(&addr, 0, sizeof(addr)); @@ -242,7 +244,7 @@ ntp_monitor( md->mru_prev = &mon_mru_list; mon_mru_list.mru_next->mru_prev = md; mon_mru_list.mru_next = md; - return; + return 1; } md = md->hash_next; } @@ -261,7 +263,7 @@ ntp_monitor( /* We get 31 bits from ntp_random() */ if (((u_long)ntp_random()) / FRAC > (double)(current_time - md->lasttime) / mon_age) - return; + return 0; md->mru_prev->mru_next = &mon_mru_list; mon_mru_list.mru_prev = md->mru_prev; @@ -300,6 +302,7 @@ ntp_monitor( md->mru_prev = &mon_mru_list; mon_mru_list.mru_next->mru_prev = md; mon_mru_list.mru_next = md; + return 1; } diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c index 0ce6a8b11..1dae30e35 100644 --- a/ntpd/ntp_proto.c +++ b/ntpd/ntp_proto.c @@ -349,6 +349,7 @@ receive( int rval; /* cookie snatcher */ #endif /* OPENSSL */ int retcode = AM_NOMATCH; + int at_listhead; /* * Monitor the packet and get restrictions. Note that the packet @@ -369,8 +370,8 @@ receive( sys_badlength++; return; /* bogus port */ } - ntp_monitor(rbufp); - restrict_mask = restrictions(&rbufp->recv_srcadr); + at_listhead = ntp_monitor(rbufp); + restrict_mask = restrictions(&rbufp->recv_srcadr, at_listhead); #ifdef DEBUG if (debug > 1) printf("receive: at %ld %s<-%s flags %x restrict %03x\n", diff --git a/ntpd/ntp_restrict.c b/ntpd/ntp_restrict.c index 23f50392d..334b538c0 100644 --- a/ntpd/ntp_restrict.c +++ b/ntpd/ntp_restrict.c @@ -158,7 +158,8 @@ init_restrict(void) */ int restrictions( - struct sockaddr_storage *srcadr + struct sockaddr_storage *srcadr, + int at_listhead ) { struct restrictlist *rl; @@ -260,7 +261,7 @@ restrictions( * packet is greater than res_min_interval and the average is * greater thatn res_avg_interval. */ - if (mon_enabled == MON_OFF) { + if (!at_listhead || mon_enabled == MON_OFF) { flags &= ~RES_LIMITED; } else { struct mon_data *md;