]> git.ipfire.org Git - thirdparty/ntp.git/commitdiff
Many files:
authorHarlan Stenn <stenn@ntp.org>
Fri, 27 Apr 2001 03:16:54 +0000 (03:16 -0000)
committerHarlan Stenn <stenn@ntp.org>
Fri, 27 Apr 2001 03:16:54 +0000 (03:16 -0000)
  * ntpdc/ntpdc_ops.c: restrict/unrestrict support for version and
  demobilize.  Implement demobilze.
  * ntpd/ntp_proto.c (receive): Improve version testing, including
  RES_DEMOBILIZE support.
  (fast_xmit): Patches to kiss-of-death packet.
  * ntpd/ntp_loopfilter.c (local_clock): S_SYNC case now also checks
  abs(clock_offset) against CLOCK_PGATE*sys_jitter.
  * ntpd/ntp_config.c: CONF_RES_DEMOBILIZE/demobilize support.
  * include/ntp_config.h (CONF_RES_DEMOBILIZE): Added.
  * include/ntp.h (RES_DEMOBILIZE): Added.
  From Dave Mills.

bk: 3ae8e4a6sijIldOIIUxx0uzPBwagKg

ChangeLog
include/ntp.h
include/ntp_config.h
ntpd/ntp_config.c
ntpd/ntp_loopfilter.c
ntpd/ntp_proto.c
ntpdc/ntpdc_ops.c

index 085f9a27bd7581fb7d0b08db38e63a4a59df46bb..420974c5c7d3c14a36cb0a766e96ee13603a46c4 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,17 @@
+2001-04-26  Harlan Stenn  <stenn@whimsy.udel.edu>
+
+       * ntpdc/ntpdc_ops.c: restrict/unrestrict support for version and
+       demobilize.  Implement demobilze.
+       * ntpd/ntp_proto.c (receive): Improve version testing, including
+       RES_DEMOBILIZE support.
+       (fast_xmit): Patches to kiss-of-death packet.
+       * ntpd/ntp_loopfilter.c (local_clock): S_SYNC case now also checks
+       abs(clock_offset) against CLOCK_PGATE*sys_jitter.
+       * ntpd/ntp_config.c: CONF_RES_DEMOBILIZE/demobilize support.
+       * include/ntp_config.h (CONF_RES_DEMOBILIZE): Added.
+       * include/ntp.h (RES_DEMOBILIZE): Added.
+       From Dave Mills.
+
 2001-04-25  Harlan Stenn  <stenn@whimsy.udel.edu>
 
        * html/accopt.htm: Document the "version" parameter
index c2c47e96297f436813c4efdbc3774bbc97571b41..4cf3c8625ee1f13914ceabe9a1285a6cd767217c 100644 (file)
@@ -749,6 +749,7 @@ struct restrictlist {
 #define        RES_LPTRAP              0x080   /* traps set by him are low priority */
 #define RES_LIMITED            0x100   /* limit per net number of clients */
 #define        RES_VERSION             0x200   /* serve only current version */
+#define RES_DEMOBILIZE         0x400   /* demobilize association */
 
 #define        RES_ALLFLAGS \
     (RES_IGNORE|RES_DONTSERVE|RES_DONTTRUST|RES_NOQUERY\
index 5dea3d25f8dfc583670519448ab36a38ca435ddf..94f5ff1b02661bf30c0224b52907aa34468d8d04 100644 (file)
@@ -89,6 +89,7 @@
 #define CONF_RES_NTPPORT       10
 #define CONF_RES_LIMITED       11
 #define CONF_RES_VERSION       12
+#define CONF_RES_DEMOBILIZE    13
 
 /*
  * "trap" modifier keywords
index d1a7a831468333a11a71e7f974339a2ba12b69b1..f60f87009f5afbc7c60ea573efaee3db5ac927c3 100644 (file)
@@ -177,6 +177,7 @@ static      struct keyword res_keywords[] = {
        { "notrust",            CONF_RES_NOTRUST },
        { "ntpport",            CONF_RES_NTPPORT },
        { "version",            CONF_RES_VERSION },
+       { "demobilize",         CONF_RES_DEMOBILIZE },
        { "",                   CONFIG_UNKNOWN }
 };
 
@@ -1103,6 +1104,10 @@ getconfig(
                                        peerversion |= RES_VERSION;
                                        break;
 
+                                   case CONF_RES_DEMOBILIZE:
+                                       peerversion |= RES_DEMOBILIZE;
+                                       break;
+
                                    case CONF_RES_LIMITED:
                                        peerversion |= RES_LIMITED;
                                        break;
index 6d16f9ed3dd831975a07e58f6412c195c04a725e..55488536e9c9aa2262ca97123e77808fd9714893 100644 (file)
@@ -613,7 +613,8 @@ local_clock(
         * helps calm the dance. Works best using burst mode.
         */
        if (state == S_SYNC) {
-               if (sys_jitter / mu > clock_stability) {
+               if (sys_jitter / mu > clock_stability &&
+                   fabs(clock_offset) < CLOCK_PGATE * sys_jitter) {
                        tc_counter += sys_poll;
                        if (tc_counter > CLOCK_LIMIT) {
                                tc_counter = CLOCK_LIMIT;
index bf689e73b690e18796b42f32b355701bf5af4000..c1efea8ade14d667c5ce58907080be5be3d116dc 100644 (file)
@@ -293,7 +293,9 @@ receive(
         * length for control and private mode packets must be checked
         * by the service routines. Note that no statistics counters are
         * recorded for restrict violations, since these counters are in
-        * the restriction routine.
+        * the restriction routine. In case of invalid version,
+        * restricted service or too many clients, return a kiss-of-
+        * death packet. 
         */
        ntp_monitor(rbufp);
        restrict_mask = restrictions(&rbufp->recv_srcadr);
@@ -308,14 +310,14 @@ receive(
        }
        pkt = &rbufp->recv_pkt;
        if (PKT_VERSION(pkt->li_vn_mode) == NTP_VERSION) {
-               sys_newversionpkt++;
-       } else if (restrict_mask & RES_VERSION) {
-               sys_unknownversion++;           /* unknown version */
-               return;
-       } else if (PKT_VERSION(pkt->li_vn_mode) >= NTP_OLDVERSION) {
-               sys_oldversionpkt++;
+               sys_newversionpkt++;            /* new version */
+       } else if (!(restrict_mask & RES_VERSION) &&
+           PKT_VERSION(pkt->li_vn_mode) >= NTP_OLDVERSION) {
+               sys_oldversionpkt++;            /* old version */
        } else {
-               sys_unknownversion++;           /* unknown version */
+               if (restrict_mask & RES_DEMOBILIZE)
+                       fast_xmit(rbufp, 0, 0); /* unknown version */
+               sys_unknownversion++;
                return;
        }
        if (PKT_MODE(pkt->li_vn_mode) == MODE_PRIVATE) {
@@ -331,11 +333,16 @@ receive(
                process_control(rbufp, restrict_mask);
                return;
        }
-       if (restrict_mask & RES_DONTSERVE)
-               return;                         /* no time service */
+       if (restrict_mask & RES_DONTSERVE) {
+               if (restrict_mask & RES_DEMOBILIZE)
+                       fast_xmit(rbufp, 0, 0); /* no time service */
+               return;
+       }
        if (restrict_mask & RES_LIMITED) {
+               if (restrict_mask & RES_DEMOBILIZE)
+                       fast_xmit(rbufp, 0, 0); /* too many clients */
                sys_limitrejected++;
-                return;                                /* too many clients */
+                return;
         }
        if (rbufp->recv_length < LEN_PKT_NOMAC) {
                sys_badlength++;
@@ -438,6 +445,17 @@ receive(
         */
        peer = findpeer(&rbufp->recv_srcadr, rbufp->dstadr, rbufp->fd,
            hismode, &retcode);
+
+       /*
+        * Kiss-of-death packet
+        */
+       if (PKT_LEAP(pkt->li_vn_mode) == LEAP_NOTINSYNC &&
+           pkt->stratum == 0 && memcmp(&pkt->refid, "DENY", 4) == 0) {
+
+printf("xxx %x %d %4s\n", PKT_LEAP(pkt->li_vn_mode),
+       pkt->stratum, &pkt->refid);
+
+       }
        is_authentic = 0;
        dstadr_sin = &rbufp->dstadr->sin;
        if (has_mac == 0) {
@@ -2324,7 +2342,7 @@ fast_xmit(
                xpkt.li_vn_mode = PKT_LI_VN_MODE((LEAP_NOTINSYNC),
                    PKT_VERSION(rpkt->li_vn_mode),
                    PKT_MODE(rpkt->li_vn_mode));
-               xpkt.stratum = STRATUM_TO_PKT(0);
+               xpkt.stratum = 0;
                memcpy(&xpkt.refid, "DENY", 4);
        } else {
                xpkt.li_vn_mode = PKT_LI_VN_MODE(sys_leap,
index 9c72ed15be50ae9267ddec8ed7ad08dc4f49a10b..01ce82c90601ddd69534d879cdc9cd0177298695 100644 (file)
@@ -142,12 +142,12 @@ struct xcmd opcmds[] = {
          "display the server's restrict list" },
        { "restrict",   new_restrict,   { ADD, ADD, NTP_STR, OPT|NTP_STR },
          { "address", "mask",
-           "ntpport|ignore|noserve|notrust|noquery|nomodify|nopeer",
+           "ntpport|ignore|noserve|notrust|noquery|nomodify|nopeer|version|demobilize",
            "..." },
          "create restrict entry/add flags to entry" },
        { "unrestrict", unrestrict,     { ADD, ADD, NTP_STR, OPT|NTP_STR },
          { "address", "mask",
-           "ntpport|ignore|noserve|notrust|noquery|nomodify|nopeer",
+           "ntpport|ignore|noserve|notrust|noquery|nomodify|nopeer|version|demobilize",
            "..." },
          "remove flags from a restrict entry" },
        { "delrestrict", delrestrict,   { ADD, ADD, OPT|NTP_STR, NO },
@@ -1306,6 +1306,8 @@ static struct resflags resflags[] = {
        { "lptrap",     RES_LPTRAP },
        { "limited",    RES_LIMITED },
        { "version",    RES_VERSION },
+       { "demobilize", RES_DEMOBILIZE },
+
        { "",           0 }
 };