From: Harlan Stenn Date: Sat, 3 Oct 2009 05:26:37 +0000 (-0400) Subject: Clockhop and autokey cleanup from Dave Mills X-Git-Tag: NTP_4_2_5P226~1^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a125659225bb70dea45db64ae7ac506e8b517e00;p=thirdparty%2Fntp.git Clockhop and autokey cleanup from Dave Mills bk: 4ac6e08dHTc1bnZAFh1LrUot1Cq_wg --- diff --git a/ChangeLog b/ChangeLog index 96029d34c..b0b4c2b06 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,4 @@ +* Clockhop and autokey cleanup from Dave Mills. * Documentation updates from Dave Mills. (4.2.5p225) 2009/09/30 Released by Harlan Stenn * authopt documentation changes from Dave Mills/Dave Hart. diff --git a/include/ntp.h b/include/ntp.h index 97c03ccb3..586a70382 100644 --- a/include/ntp.h +++ b/include/ntp.h @@ -626,7 +626,7 @@ struct pkt { #define PEVNT_RATE (7 | PEER_EVENT) /* rate exceeded */ #define PEVNT_DENY (8 | PEER_EVENT) /* access denied */ #define PEVNT_ARMED (9 | PEER_EVENT) /* leap armed */ -#define PEVNT_NEWPEER (10 | PEER_EVENT) /* sys peer*/ +#define PEVNT_NEWPEER (10 | PEER_EVENT) /* sys peer */ #define PEVNT_CLOCK (11 | PEER_EVENT) /* clock event */ #define PEVNT_AUTH (12 | PEER_EVENT) /* bad auth */ #define PEVNT_POPCORN (13 | PEER_EVENT) /* popcorn */ diff --git a/libntp/statestr.c b/libntp/statestr.c index cc6d23c77..a143fcd3f 100644 --- a/libntp/statestr.c +++ b/libntp/statestr.c @@ -147,11 +147,11 @@ struct codestring peer_codes[] = { { PEVNT_DENY & ~PEER_EVENT, "access_denied" }, { PEVNT_ARMED & ~PEER_EVENT, "leap_armed" }, { PEVNT_NEWPEER & ~PEER_EVENT, "sys_peer" }, - { PEVNT_CLOCK & ~PEER_EVENT, "clock" }, + { PEVNT_CLOCK & ~PEER_EVENT, "clock_event" }, { PEVNT_AUTH & ~PEER_EVENT, "bad_auth" }, { PEVNT_POPCORN & ~PEER_EVENT, "popcorn" }, - { PEVNT_XLEAVE & ~PEER_EVENT, "xmode" }, - { PEVNT_XERR & ~PEER_EVENT, "xerr" }, + { PEVNT_XLEAVE & ~PEER_EVENT, "interleave_mode" }, + { PEVNT_XERR & ~PEER_EVENT, "interleave_error" }, { PEVNT_TAI & ~PEER_EVENT, "TAI" }, { -1, "" } }; diff --git a/ntpd/ntp_crypto.c b/ntpd/ntp_crypto.c index 73d32abc4..90d2be0b9 100644 --- a/ntpd/ntp_crypto.c +++ b/ntpd/ntp_crypto.c @@ -844,7 +844,7 @@ crypto_recv( * autokey values. */ if ((rval = crypto_verify(ep, &peer->recval, - peer)) != XEVNT_OK) + peer)) != XEVNT_OK) break; /* @@ -1426,11 +1426,10 @@ crypto_verify( opcode = ntohl(ep->opcode) & 0xffff0000; /* - * Check for valid value header opcode, association ID and - * extension field length. The request and response opcodes must - * match and the response ID must match the association ID. The - * autokey values response is the exception, as it can be sent - * unsolicited. + * Check for valid value header, association ID and extension + * field length. Remember, it is not an error to receive an + * unsolicited response; however, the response ID must match + * the association ID. */ if (opcode & CRYPTO_ERROR) return (XEVNT_ERR); @@ -1438,13 +1437,12 @@ crypto_verify( if (len < VALUE_LEN) return (XEVNT_LEN); - if (opcode == (CRYPTO_AUTO | CRYPTO_RESP)) { + if (opcode == (CRYPTO_AUTO | CRYPTO_RESP) && + peer->cast_flags & MDF_BCLNT) { if (ntohl(ep->associd) != peer->assoc) return (XEVNT_ERR); } else { - if (((htonl(peer->opcode) & 0x3fff0000) != - (opcode & 0x3fff0000)) || ntohl(ep->associd) != - peer->associd) + if (ntohl(ep->associd) != peer->associd) return (XEVNT_ERR); } diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c index fbdb61bec..0e0b49256 100644 --- a/ntpd/ntp_proto.c +++ b/ntpd/ntp_proto.c @@ -1204,7 +1204,7 @@ receive( } else { if (rval == XEVNT_ERR) { report_event(PEVNT_RESTART, peer, - "crypto"); + "crypto error"); peer_clear(peer, "CRYP"); peer->flash |= TEST9; /* bad crypt */ if (peer->flags & FLAG_PREEMPT) @@ -1259,6 +1259,8 @@ receive( &rbufp->recv_srcadr, dstadr_sin, tkeyid, pkeyid, 0); } + if (peer->flash & TEST8) + report_event(PEVNT_AUTH, peer, "keylist"); } if (!(peer->crypto & CRYPTO_FLAG_PROV)) /* test 9 */ peer->flash |= TEST8; /* bad autokey */ @@ -1269,7 +1271,8 @@ receive( * refreshed certificates and leapseconds values. */ if (current_time > peer->refresh) { - report_event(PEVNT_RESTART, peer, "timeout"); + report_event(PEVNT_RESTART, peer, + "crypto refresh"); peer_clear(peer, "TIME"); return; } @@ -2615,7 +2618,6 @@ clock_select(void) */ if (nlist > 0 && nlist >= sys_minsane) { double x; - char tbuf[80]; typesystem = peer_list[0]; if (osys_peer == NULL || osys_peer == typesystem) { @@ -2631,13 +2633,10 @@ clock_select(void) printf("select: clockhop %d %.6f %.6f\n", j, x, sys_clockhop); #endif - if (fabs(x) < sys_clockhop) { + if (fabs(x) < sys_clockhop) typesystem = osys_peer; - } else { - sprintf(tbuf, "%.6f", x); - report_event(EVNT_CLKHOP, NULL, tbuf); + else sys_clockhop = 0; - } } else { sys_clockhop = 0; } @@ -2657,6 +2656,7 @@ clock_select(void) SQUARE(sys_jitter) + SQUARE(seljitter)); } else { typesystem = sys_prefer; + sys_clockhop = 0; typesystem->status = CTL_PST_SEL_SYSPEER; sys_offset = typesystem->offset; sys_jitter = typesystem->jitter; @@ -2680,6 +2680,7 @@ clock_select(void) (typepps->refclktype == REFCLK_ATOM_PPS && (sys_prefer != NULL || (typesystem == NULL && sys_minsane == 0))))) { typesystem = typepps; + sys_clockhop = 0; typesystem->status = CTL_PST_SEL_PPS; sys_offset = typesystem->offset; sys_jitter = typesystem->jitter; @@ -3000,7 +3001,7 @@ peer_xmit( peer->associd, NULL); else if (!(peer->crypto & CRYPTO_FLAG_AUTO)) exten = crypto_args(peer, CRYPTO_AUTO, - peer->assoc, NULL); + peer->associd, NULL); else if (peer->flags & FLAG_ASSOC && peer->crypto & CRYPTO_FLAG_SIGN) exten = crypto_args(peer, CRYPTO_AUTO |