From: Harlan Stenn Date: Wed, 14 Mar 2001 05:08:04 +0000 (-0000) Subject: Many files: X-Git-Tag: NTP_4_0_99_M~113 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e80a7e147baa496f415ac76d8b080ac2b5242556;p=thirdparty%2Fntp.git Many files: * ntpdc/ntpdc_ops.c (printpeer): No more "valid". * ntpd/ntp_request.c (peer_info): No more "valid". * ntpd/ntp_refclock.c (refclock_transmit): valid/hpoll cleanup. * ntpd/ntp_proto.c (transmit): valid/hpoll and peer->ttl cleanup. peer->valid/oreach cleanup. (receive): Call newpeer() with the pkt->ppoll, not NTP_MINDPOLL (in several places). In AM_NEWPASS, if we have a NULL peer, return. (poll_update): Added xpoll definition, fixed oldpoll definition. Algorithmic improvements. * ntpd/ntp_peer.c (newpeer): Better minpoll/maxpoll initialization. (resetmanycast): That's a poll_update() on an MDF_ACAST, not a poll_clear(). * ntpd/ntp_crypto.c: include . (crypto_recv): Leave the crypto_flags alone when wiggling the peer-> stuff. (crypto_cert): Make room for daddy. Do a real open() on the cert file. Read the cert. Initial hack and slash. Better debug info. * ntpd/ntp_control.c: CP_VALID now does "unreach". (ctl_putpeer): Ditto. * include/ntp_request.h: info_peer gets a placeholder for "valid". * include/ntp_crypto.h (CRYPTO_FLAG_CERT): Comment update. * include/ntp.h: Lose "valid" from struct peer. From: Dave Mills. bk: 3aaefcb4Kjy7KGgRaAV7dWsYMLoUFA --- diff --git a/ChangeLog b/ChangeLog index e134967325..e5d9ccdb46 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,31 @@ +2001-03-14 Harlan Stenn + + * ntpdc/ntpdc_ops.c (printpeer): No more "valid". + * ntpd/ntp_request.c (peer_info): No more "valid". + * ntpd/ntp_refclock.c (refclock_transmit): valid/hpoll cleanup. + * ntpd/ntp_proto.c (transmit): valid/hpoll and peer->ttl cleanup. + peer->valid/oreach cleanup. + (receive): Call newpeer() with the pkt->ppoll, not + NTP_MINDPOLL (in several places). + In AM_NEWPASS, if we have a NULL peer, return. + (poll_update): Added xpoll definition, fixed oldpoll definition. + Algorithmic improvements. + * ntpd/ntp_peer.c (newpeer): Better minpoll/maxpoll + initialization. + (resetmanycast): That's a poll_update() on an MDF_ACAST, not a + poll_clear(). + * ntpd/ntp_crypto.c: include . + (crypto_recv): Leave the crypto_flags alone when wiggling the + peer-> stuff. + (crypto_cert): Make room for daddy. Do a real open() on the cert + file. Read the cert. Initial hack and slash. Better debug info. + * ntpd/ntp_control.c: CP_VALID now does "unreach". + (ctl_putpeer): Ditto. + * include/ntp_request.h: info_peer gets a placeholder for "valid". + * include/ntp_crypto.h (CRYPTO_FLAG_CERT): Comment update. + * include/ntp.h: Lose "valid" from struct peer. + From: Dave Mills. + 2001-03-05 Harlan Stenn * ntpd/ntp_proto.c (transmit): hpoll calc logic cleanup. diff --git a/include/ntp.h b/include/ntp.h index 38a5da2db1..db14b18a03 100644 --- a/include/ntp.h +++ b/include/ntp.h @@ -297,7 +297,6 @@ struct peer { /* * Ephemeral state variables */ - u_int valid; /* valid update counter */ u_char status; /* peer status */ u_char pollsw; /* what it says */ u_char ttl; /* ttl for manycast mode */ diff --git a/include/ntp_crypto.h b/include/ntp_crypto.h index 9d93dfe586..7fa0f91284 100644 --- a/include/ntp_crypto.h +++ b/include/ntp_crypto.h @@ -14,7 +14,7 @@ */ #define CRYPTO_FLAG_ENAB 0x01 /* crypto enable */ #define CRYPTO_FLAG_RSA 0x02 /* public/private keys */ -#define CRYPTO_FLAG_CERT 0x04 /* PKI certificate */ +#define CRYPTO_FLAG_CERT 0x04 /* certificate */ #define CRYPTO_FLAG_DH 0x08 /* agreement parameters */ #define CRYPTO_FLAG_TAI 0x10 /* leapseconds table */ diff --git a/include/ntp_request.h b/include/ntp_request.h index c35b60abf1..a64094a2d4 100644 --- a/include/ntp_request.h +++ b/include/ntp_request.h @@ -336,7 +336,7 @@ struct info_peer { u_char hpoll; /* peer.hpoll */ s_char precision; /* peer.precision */ u_char version; /* peer.version */ - u_char valid; /* peer.valid */ + u_char unused8; u_char reach; /* peer.reach */ u_char unreach; /* peer.unreach */ u_char flash; /* old peer.flash */ diff --git a/ntpd/ntp_control.c b/ntpd/ntp_control.c index 7761652a91..c6c89a0d09 100644 --- a/ntpd/ntp_control.c +++ b/ntpd/ntp_control.c @@ -189,7 +189,7 @@ static struct ctl_var peer_var[] = { { CP_REC, RO, "rec" }, /* 19 */ { CP_XMT, RO, "xmt" }, /* 20 */ { CP_REACH, RO, "reach" }, /* 21 */ - { CP_VALID, RO, "valid" }, /* 22 */ + { CP_VALID, RO, "unreach" }, /* 22 */ { CP_TIMER, RO, "timer" }, /* 23 */ { CP_DELAY, RO, "delay" }, /* 24 */ { CP_OFFSET, RO, "offset" }, /* 25 */ @@ -1503,7 +1503,7 @@ ctl_putpeer( break; case CP_VALID: - ctl_putuint(peer_var[CP_VALID].text, peer->valid); + ctl_putuint(peer_var[CP_VALID].text, peer->unreach); break; case CP_TIMER: diff --git a/ntpd/ntp_crypto.c b/ntpd/ntp_crypto.c index c962a031b6..d29ed47adc 100644 --- a/ntpd/ntp_crypto.c +++ b/ntpd/ntp_crypto.c @@ -9,6 +9,7 @@ #include #include #include +#include #include "ntpd.h" #include "ntp_stdlib.h" @@ -685,7 +686,6 @@ crypto_recv( } peer->flash &= ~TEST10; peer->flags |= FLAG_PROVEN; - crypto_flags |= CRYPTO_FLAG_CERT; peer->crypto &= ~CRYPTO_FLAG_CERT; /* @@ -1626,16 +1626,14 @@ crypto_cert( char *cp /* file name */ ) { - FILE *str; /* file handle */ - u_char buf[MAX_LINLEN]; /* file line buffer */ - u_int certbuf[MAX_KEYLEN]; /* certificate */ + u_char buf[5000]; /* file line buffer */ char filename[MAXFILENAME]; /* name of certificate file */ char linkname[MAXFILENAME]; /* file link (for filestamp) */ u_int fstamp; /* filestamp */ u_int32 *pp; u_int len; char *rptr; - int rval, i; + int rval, fd; /* * Open the file and discard comment lines. If the first @@ -1648,8 +1646,8 @@ crypto_cert( strcpy(filename, cp); else snprintf(filename, MAXFILENAME, "%s/%s", keysdir, cp); - str = fopen(filename, "r"); - if (str == NULL) { + fd = open(filename, O_RDONLY, 0777); + if (fd <= 0) { msyslog(LOG_INFO, "crypto: certificate file %s not found", filename); @@ -1658,28 +1656,12 @@ crypto_cert( /* * We are rather paranoid here, since an intruder might cause a - * coredump by infiltrating naughty values. Empty lines and - * comments are ignored. Other lines must begin with two - * integers followed by junk or comments. The first integer is - * the NTP seconds of leap insertion, the second is the offset - * of TAI relative to UTC after that insertion. The second word - * must equal the initial insertion of ten seconds on 1 January - * 1972 plus one second for each succeeding insertion. + * coredump by infiltrating naughty values. */ - i = 0; rval = RV_OK; - while (i < MAX_LEAP) { - rptr = fgets(buf, MAX_LINLEN - 1, str); - if (rptr == NULL) - break; - if (strlen(buf) < 1) - continue; - if (*buf == '#') - continue; - i++; - } - fclose(str); - if (rval != RV_OK || i == 0) { + len = read(fd, buf, 5000); + close(fd); + if (rval != RV_OK) { msyslog(LOG_ERR, "crypto: certificate file %s error %d", cp, rval); @@ -1689,13 +1671,10 @@ crypto_cert( /* * The extension field entry consists of the raw certificate. */ - len = i * 4; - certif.vallen = htonl(len); + certif.vallen = htonl(200); /* xxxxxxxxxxxxxxxxxx */ pp = emalloc(len); certif.ptr = (u_char *)pp; - for (; i >= 0; i--) { - *pp++ = htonl(certbuf[i]); - } + memcpy(pp, buf, len); certif.sig = emalloc(private_key.bits / 8); crypto_flags |= CRYPTO_FLAG_CERT; @@ -1717,8 +1696,8 @@ crypto_cert( #ifdef DEBUG if (debug) printf( - "crypto_cert: certif file %s link %d fs %u\n", - cp, rval, fstamp); + "crypto_cert: certif file %s link %d fs %u len %d\n", + cp, rval, fstamp, len); #endif } diff --git a/ntpd/ntp_peer.c b/ntpd/ntp_peer.c index ad6650c446..d34f713730 100644 --- a/ntpd/ntp_peer.c +++ b/ntpd/ntp_peer.c @@ -539,8 +539,8 @@ newpeer( peer->srcadr = *srcadr; peer->hmode = (u_char)hmode; peer->version = (u_char)version; - peer->minpoll = (u_char)minpoll; - peer->maxpoll = (u_char)maxpoll; + peer->minpoll = (u_char)max(NTP_MINPOLL, minpoll); + peer->maxpoll = (u_char)min(NTP_MAXPOLL, maxpoll); peer->flags = flags | (key > NTP_MAXKEY ? FLAG_SKEY : 0); peer->cast_flags = cast_flags; peer->ttlmax = ttl; @@ -800,7 +800,7 @@ resetmanycast(void) peer->next) { if (peer->cast_flags & MDF_ACAST) { peer->ttl = 0; - peer_clear(peer); + poll_update(peer, peer->hpoll); } } } diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c index 6b7b9dae4e..3e5e9acc5e 100644 --- a/ntpd/ntp_proto.c +++ b/ntpd/ntp_proto.c @@ -132,14 +132,10 @@ transmit( * ttl to the lowest practical value and avoid * knocking on spurious doors. */ - if (sys_survivors < NTP_MINCLOCK) { - if (peer->ttl < peer->ttlmax) - peer->ttl++; - else - hpoll++; - } else { - hpoll = sys_poll; - } + if (sys_survivors < NTP_MINCLOCK && peer->ttl < + peer->ttlmax) + peer->ttl++; + hpoll = sys_poll; #endif /* AUTOKEY */ } else { @@ -165,10 +161,6 @@ transmit( } } oreach = peer->reach; - if (oreach & 0x01) - peer->valid++; - if (oreach & 0x80) - peer->valid--; peer->reach <<= 1; if (peer->reach == 0) { @@ -204,7 +196,7 @@ transmit( * minimum. This is to quickly recover the time * variables when a noisy peer shows life. */ - if ((peer->reach & 0x03) == 0) { + if (!(peer->reach & 0x03)) { clock_filter(peer, 0., 0., MAXDISPERSE); clock_select(); } @@ -620,7 +612,7 @@ receive( peer = newpeer(&rbufp->recv_srcadr, rbufp->dstadr, MODE_CLIENT, PKT_VERSION(pkt->li_vn_mode), - NTP_MINDPOLL, NTP_MAXDPOLL, FLAG_IBURST | + pkt->ppoll, NTP_MAXDPOLL, FLAG_IBURST | (peer2->flags & (FLAG_AUTHENABLE | FLAG_SKEY)), MDF_UCAST, 0, skeyid); if (peer == NULL) @@ -641,8 +633,10 @@ receive( } peer = newpeer(&rbufp->recv_srcadr, rbufp->dstadr, MODE_PASSIVE, PKT_VERSION(pkt->li_vn_mode), - NTP_MINDPOLL, NTP_MAXDPOLL, sys_authenticate ? + pkt->ppoll, NTP_MAXDPOLL, sys_authenticate ? FLAG_AUTHENABLE : 0, MDF_UCAST, 0, skeyid); + if (peer == NULL) + return; break; case AM_NEWBCL: @@ -660,12 +654,11 @@ receive( peer = newpeer(&rbufp->recv_srcadr, rbufp->dstadr, MODE_CLIENT, PKT_VERSION(pkt->li_vn_mode), - NTP_MINDPOLL, NTP_MAXDPOLL, FLAG_MCAST | + pkt->ppoll, NTP_MAXDPOLL, FLAG_MCAST | FLAG_IBURST | (sys_authenticate ? FLAG_AUTHENABLE : 0), MDF_BCLNT, 0, skeyid); if (peer == NULL) return; - break; case AM_POSSBCL: @@ -796,7 +789,7 @@ receive( */ if (!(peer->flags & FLAG_PROVEN)) peer->flash |= TEST11; - if (peer->flash && peer->reach != 0) { + if (peer->flash && peer->reach) { #ifdef DEBUG if (debug) printf("packet: bad autokey %03x\n", @@ -933,7 +926,7 @@ process_packet( peer->rootdispersion = p_disp; peer->refid = pkt->refid; peer->reftime = p_reftime; - if (peer->reach == 0) { + if (!(peer->reach)) { report_event(EVNT_REACH, peer); peer->timereachable = current_time; } @@ -1099,8 +1092,9 @@ poll_update( int hpoll ) { + int xpoll; #ifdef AUTOKEY - long oldpoll; + int oldpoll; #endif /* AUTOKEY */ #ifdef AUTOKEY @@ -1109,25 +1103,28 @@ poll_update( /* * A little foxtrot to determine what controls the poll - * interval. If the peer is reachable, but less than half the - * polls have been answered, use the minimum. If reachable and - * declared truechimer, use the system poll interval. In other - * cases use the argument set by the transmit routine. This - * allows each association to ramp up the poll interval for - * useless sources. + * interval. If the peer is reachable, but but the last four + * polls have not been answered, use the minimum. If declared + * truechimer, use the system poll interval. This allows each + * association to ramp up the poll interval for useless sources + * and to clamp it to the minimum when first starting up. */ - if (peer->valid > 0) { - if (peer->valid <= NTP_SHIFT / 2) - hpoll = peer->minpoll; + xpoll = hpoll; + if (peer->reach) { + if (!(peer->reach & 0x0f)) + xpoll = peer->minpoll; else if (peer->flags & FLAG_SYSPEER) - peer->hpoll = sys_poll; - } else { - peer->hpoll = hpoll; + xpoll = sys_poll; +#ifdef PUBKEY + } else if (peer->crypto && !(peer->flags & FLAG_AUTOKEY)) { + xpoll = peer->minpoll; +#endif /* PUBKEY */ } - if (peer->hpoll > peer->maxpoll) - peer->hpoll = peer->maxpoll; - else if (peer->hpoll < peer->minpoll) - peer->hpoll = peer->minpoll; + if (xpoll > peer->maxpoll) + xpoll = peer->maxpoll; + else if (xpoll < peer->minpoll) + xpoll = peer->minpoll; + peer->hpoll = xpoll; /* * Bit of adventure here. If during a burst and not timeout, @@ -1154,7 +1151,10 @@ poll_update( else peer->nextdate += RANDPOLL(BURST_INTERVAL1); } else if (peer->cast_flags & MDF_ACAST) { - peer->kpoll = peer->hpoll + 3; + if (sys_survivors < NTP_MINCLOCK) + peer->kpoll = peer->hpoll; + else + peer->kpoll = peer->hpoll + 3; peer->nextdate = peer->outdate + RANDPOLL(peer->kpoll); } else { peer->kpoll = max(min(peer->ppoll, peer->hpoll), @@ -1495,7 +1495,7 @@ clock_select(void) * root distance, since the poll interval can * increase to a day and a half. */ - if (peer->reach == 0 || (peer->stratum > 1 && + if (!peer->reach || (peer->stratum > 1 && peer->refid == peer->dstadr->sin.sin_addr.s_addr) || peer->stratum >= STRATUM_UNSPEC || diff --git a/ntpd/ntp_refclock.c b/ntpd/ntp_refclock.c index aacdf6ba7c..4a569f3ef8 100644 --- a/ntpd/ntp_refclock.c +++ b/ntpd/ntp_refclock.c @@ -342,25 +342,21 @@ refclock_transmit( * network code. */ oreach = peer->reach; - if (oreach & 0x01) - peer->valid++; - if (oreach & 0x80) - peer->valid--; - peer->reach <<= 1; - if (peer->reach == 0) { - if (oreach != 0) { + peer->reach <<= 1; + if (!peer->reach) { + if (oreach) { report_event(EVNT_UNREACH, peer); peer->timereachable = current_time; peer_clear(peer); } } else { - if ((oreach & 0x03) == 0) { + if (!(oreach & 0x03)) { clock_filter(peer, 0., 0., MAXDISPERSE); clock_select(); } - if (peer->valid <= 2) { + if (!(oreach & 0x0f)) { hpoll--; - } else if (peer->valid > NTP_SHIFT - 2) + } else if ((oreach & 0x0f) == 0x0f) hpoll++; if (peer->flags & FLAG_BURST) peer->burst = NSTAGE; @@ -575,7 +571,7 @@ refclock_receive( refclock_report(peer, CEVNT_FAULT); return; } - if (peer->reach == 0) + if (!peer->reach) report_event(EVNT_REACH, peer); peer->reach |= 1; peer->reftime = peer->org = pp->lastrec; diff --git a/ntpd/ntp_request.c b/ntpd/ntp_request.c index aace08406e..9dbff283f6 100644 --- a/ntpd/ntp_request.c +++ b/ntpd/ntp_request.c @@ -739,7 +739,6 @@ peer_info ( ip->hpoll = pp->hpoll; ip->precision = pp->precision; ip->version = pp->version; - ip->valid = pp->valid; ip->reach = pp->reach; ip->unreach = pp->unreach; ip->flash = (u_char)pp->flash; diff --git a/ntpdc/ntpdc_ops.c b/ntpdc/ntpdc_ops.c index 723852d001..62bddd53ca 100644 --- a/ntpdc/ntpdc_ops.c +++ b/ntpdc/ntpdc_ops.c @@ -470,8 +470,8 @@ printpeer( pp->ppoll, pp->hpoll, (u_long)pp->keyid, pp->version, ntohs(pp->associd)); (void) fprintf(fp, - "valid %d, reach %03o, unreach %d, flash 0x%04x, ", - pp->valid, pp->reach, pp->unreach, pp->flash2); + "reach %03o, unreach %d, flash 0x%04x, ", + pp->reach, pp->unreach, pp->flash2); (void) fprintf(fp, "boffset %s, ttl/mode %d\n", fptoa(NTOHS_FP(pp->estbdelay), 5), pp->ttl);