Fincer
/
openntpd-openbsd
mirror of https://github.com/Fincer/openntpd-openbsd
1
0
Fork 0
Code Issues 0 Projects 0 Releases 61 Wiki Activity
Source code pulled from OpenBSD for OpenNTPD. The place to contribute to this code is via the OpenBSD CVS tree.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3757 Commits
49 Branches
1.7 GiB
Tree: ccff097c6b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ccff097c6b'
${ noResults }
openntpd-openbsd/src/usr.sbin/ntpd/client.c

268 lines
7.3 KiB
Raw Normal View History

wrap the heads for the linked list of addresses into a new ntp_addr_wrap which, besides the head pointer for the list of course, stores the original address as specified (i. e. as hostname instead of resolved IPs) and flags and such.
20 years ago
provide most of the client functionality. hook the descriptors into the main poll and such. we're not doing anything with the reply we recive yet, tho. mostly hacked on the Frankfurt->Montreal flight, as batteries and those horrible air canada seats permitted...
20 years ago
scale query interval based on local clock offset. tested by many not as efficient as I want it to be yet, but more is coming
20 years ago
provide most of the client functionality. hook the descriptors into the main poll and such. we're not doing anything with the reply we recive yet, tho. mostly hacked on the Frankfurt->Montreal flight, as batteries and those horrible air canada seats permitted...
20 years ago
rework dns handling with all its cosequences... we know have both a "server" and "servers" keyword. they differ when the hostname resolves to more than one IP, server picks one and servers expands to all. that means no longer stuffing a sockaddr_storage into ntp_peer but a pointer to a linked list of ntp_addr structs. in the "servers" case the list of n addresses returned by host() is expanded into n ntp_peer structs and thus n individual peers. in the "server" case the whole list is attached to ntp_peer, and whenever we do not receive a reply in time we traverse the list one further, so that hosts with both AAAA and A records are first tried with the AAAA one but we gracefully fall back to the A one. semantics with theo; hacked up on the Montreal->Frankfurt flight. again Air Canada surprised me, that older 767 hat pretty decent seats.
20 years ago
provide most of the client functionality. hook the descriptors into the main poll and such. we're not doing anything with the reply we recive yet, tho. mostly hacked on the Frankfurt->Montreal flight, as batteries and those horrible air canada seats permitted...
20 years ago
wrong struct calloc'ed; ok henning@
20 years ago
provide most of the client functionality. hook the descriptors into the main poll and such. we're not doing anything with the reply we recive yet, tho. mostly hacked on the Frankfurt->Montreal flight, as batteries and those horrible air canada seats permitted...
20 years ago
rework dns handling with all its cosequences... we know have both a "server" and "servers" keyword. they differ when the hostname resolves to more than one IP, server picks one and servers expands to all. that means no longer stuffing a sockaddr_storage into ntp_peer but a pointer to a linked list of ntp_addr structs. in the "servers" case the list of n addresses returned by host() is expanded into n ntp_peer structs and thus n individual peers. in the "server" case the whole list is attached to ntp_peer, and whenever we do not receive a reply in time we traverse the list one further, so that hosts with both AAAA and A records are first tried with the AAAA one but we gracefully fall back to the A one. semantics with theo; hacked up on the Montreal->Frankfurt flight. again Air Canada surprised me, that older 767 hat pretty decent seats.
20 years ago
provide most of the client functionality. hook the descriptors into the main poll and such. we're not doing anything with the reply we recive yet, tho. mostly hacked on the Frankfurt->Montreal flight, as batteries and those horrible air canada seats permitted...
20 years ago
rework dns handling with all its cosequences... we know have both a "server" and "servers" keyword. they differ when the hostname resolves to more than one IP, server picks one and servers expands to all. that means no longer stuffing a sockaddr_storage into ntp_peer but a pointer to a linked list of ntp_addr structs. in the "servers" case the list of n addresses returned by host() is expanded into n ntp_peer structs and thus n individual peers. in the "server" case the whole list is attached to ntp_peer, and whenever we do not receive a reply in time we traverse the list one further, so that hosts with both AAAA and A records are first tried with the AAAA one but we gracefully fall back to the A one. semantics with theo; hacked up on the Montreal->Frankfurt flight. again Air Canada surprised me, that older 767 hat pretty decent seats.
20 years ago
provide most of the client functionality. hook the descriptors into the main poll and such. we're not doing anything with the reply we recive yet, tho. mostly hacked on the Frankfurt->Montreal flight, as batteries and those horrible air canada seats permitted...
20 years ago
initialize the variables that track the offset array; ok henning@
20 years ago
keep a "trustlevel" per peer. loose credit for loosing a packet, loose a lot of credit for not having supplied us with enough data within an adjtime run interval, and get a little credit each time we get a good reply packet. if a peer is below 20%, only send a packet occasionally to see wether it is back. send out queries much more often between 20 and 80% to (re-)sync quickly, and above 80% usethe regular interval. do not use peers < 60% for calculating teh local clock offset. designed with theo at the pho, alexander ok
20 years ago
provide most of the client functionality. hook the descriptors into the main poll and such. we're not doing anything with the reply we recive yet, tho. mostly hacked on the Frankfurt->Montreal flight, as batteries and those horrible air canada seats permitted...
20 years ago
rework dns handling with all its cosequences... we know have both a "server" and "servers" keyword. they differ when the hostname resolves to more than one IP, server picks one and servers expands to all. that means no longer stuffing a sockaddr_storage into ntp_peer but a pointer to a linked list of ntp_addr structs. in the "servers" case the list of n addresses returned by host() is expanded into n ntp_peer structs and thus n individual peers. in the "server" case the whole list is attached to ntp_peer, and whenever we do not receive a reply in time we traverse the list one further, so that hosts with both AAAA and A records are first tried with the AAAA one but we gracefully fall back to the A one. semantics with theo; hacked up on the Montreal->Frankfurt flight. again Air Canada surprised me, that older 767 hat pretty decent seats.
20 years ago
wrap the heads for the linked list of addresses into a new ntp_addr_wrap which, besides the head pointer for the list of course, stores the original address as specified (i. e. as hostname instead of resolved IPs) and flags and such.
20 years ago
rework dns handling with all its cosequences... we know have both a "server" and "servers" keyword. they differ when the hostname resolves to more than one IP, server picks one and servers expands to all. that means no longer stuffing a sockaddr_storage into ntp_peer but a pointer to a linked list of ntp_addr structs. in the "servers" case the list of n addresses returned by host() is expanded into n ntp_peer structs and thus n individual peers. in the "server" case the whole list is attached to ntp_peer, and whenever we do not receive a reply in time we traverse the list one further, so that hosts with both AAAA and A records are first tried with the AAAA one but we gracefully fall back to the A one. semantics with theo; hacked up on the Montreal->Frankfurt flight. again Air Canada surprised me, that older 767 hat pretty decent seats.
20 years ago
provide most of the client functionality. hook the descriptors into the main poll and such. we're not doing anything with the reply we recive yet, tho. mostly hacked on the Frankfurt->Montreal flight, as batteries and those horrible air canada seats permitted...
20 years ago
Compute the local clock offset from the server's response. ok henning@
20 years ago
provide most of the client functionality. hook the descriptors into the main poll and such. we're not doing anything with the reply we recive yet, tho. mostly hacked on the Frankfurt->Montreal flight, as batteries and those horrible air canada seats permitted...
20 years ago
don't panic when sendto() fails; for the client part just re-schedule noticed & fix tested by fries@
20 years ago
provide most of the client functionality. hook the descriptors into the main poll and such. we're not doing anything with the reply we recive yet, tho. mostly hacked on the Frankfurt->Montreal flight, as batteries and those horrible air canada seats permitted...
20 years ago
put interval defines in ntpd.h and name them consistently
20 years ago
provide most of the client functionality. hook the descriptors into the main poll and such. we're not doing anything with the reply we recive yet, tho. mostly hacked on the Frankfurt->Montreal flight, as batteries and those horrible air canada seats permitted...
20 years ago
Compute the local clock offset from the server's response. ok henning@
20 years ago
scale query interval based on local clock offset. tested by many not as efficient as I want it to be yet, but more is coming
20 years ago
provide most of the client functionality. hook the descriptors into the main poll and such. we're not doing anything with the reply we recive yet, tho. mostly hacked on the Frankfurt->Montreal flight, as batteries and those horrible air canada seats permitted...
20 years ago
there are a few recvfrom(2) errors we do not want to panic on
20 years ago
provide most of the client functionality. hook the descriptors into the main poll and such. we're not doing anything with the reply we recive yet, tho. mostly hacked on the Frankfurt->Montreal flight, as batteries and those horrible air canada seats permitted...
20 years ago
Compute the local clock offset from the server's response. ok henning@
20 years ago
provide most of the client functionality. hook the descriptors into the main poll and such. we're not doing anything with the reply we recive yet, tho. mostly hacked on the Frankfurt->Montreal flight, as batteries and those horrible air canada seats permitted...
20 years ago
if the cookie in the received packet doesn't match discard it silently; the logging was useful for development but is a bad idea in production use as a remote attacker could flood your logs
20 years ago
provide most of the client functionality. hook the descriptors into the main poll and such. we're not doing anything with the reply we recive yet, tho. mostly hacked on the Frankfurt->Montreal flight, as batteries and those horrible air canada seats permitted...
20 years ago
knf!
20 years ago
RFC 2030 is incorrect with regards to the computation of the delay value for NTP queries/replies. RFC 1305 and some of Mills' other papers have the correct formula. ok henning@
20 years ago
Compute the local clock offset from the server's response. ok henning@
20 years ago
RFC 2030 is incorrect with regards to the computation of the delay value for NTP queries/replies. RFC 1305 and some of Mills' other papers have the correct formula. ok henning@
20 years ago
Compute the local clock offset from the server's response. ok henning@
20 years ago
provide most of the client functionality. hook the descriptors into the main poll and such. we're not doing anything with the reply we recive yet, tho. mostly hacked on the Frankfurt->Montreal flight, as batteries and those horrible air canada seats permitted...
20 years ago
Implement the clock filter as descirbed by David Mills: form the last 8 replied received from a peer, find the one with the lowest delay. Use that as the peer's update taken into account for calculating the local clock's offset. Invalidate that reply and all ones received earlier than it so that they do not get used again.
20 years ago
RFC 2030 is incorrect with regards to the computation of the delay value for NTP queries/replies. RFC 1305 and some of Mills' other papers have the correct formula. ok henning@
20 years ago
Implement the clock filter as descirbed by David Mills: form the last 8 replied received from a peer, find the one with the lowest delay. Use that as the peer's update taken into account for calculating the local clock's offset. Invalidate that reply and all ones received earlier than it so that they do not get used again.
20 years ago
provide most of the client functionality. hook the descriptors into the main poll and such. we're not doing anything with the reply we recive yet, tho. mostly hacked on the Frankfurt->Montreal flight, as batteries and those horrible air canada seats permitted...
20 years ago
Start collecting the remote server state along with the calculated offsets, in preparation for having correct server statistics in responses to client queries. ok henning@
20 years ago
keep a "trustlevel" per peer. loose credit for loosing a packet, loose a lot of credit for not having supplied us with enough data within an adjtime run interval, and get a little credit each time we get a good reply packet. if a peer is below 20%, only send a packet occasionally to see wether it is back. send out queries much more often between 20 and 80% to (re-)sync quickly, and above 80% usethe regular interval. do not use peers < 60% for calculating teh local clock offset. designed with theo at the pho, alexander ok
20 years ago
scale query interval based on local clock offset. tested by many not as efficient as I want it to be yet, but more is coming
20 years ago
keep a "trustlevel" per peer. loose credit for loosing a packet, loose a lot of credit for not having supplied us with enough data within an adjtime run interval, and get a little credit each time we get a good reply packet. if a peer is below 20%, only send a packet occasionally to see wether it is back. send out queries much more often between 20 and 80% to (re-)sync quickly, and above 80% usethe regular interval. do not use peers < 60% for calculating teh local clock offset. designed with theo at the pho, alexander ok
20 years ago
scale query interval based on local clock offset. tested by many not as efficient as I want it to be yet, but more is coming
20 years ago
query interval scaling, episode II 1) base the interval calculation on the offset from the last reply, not from the last peer update. Allows us to send more queries again faster when the local clock diverges too much 2) every time we form a peer update (for which we need 8 replies) check wether we have a ready peer update for all peers that are currently trusted, and if so, calculate the total offset and call adjtime(). that means that adjtime is no longer called in fixed intervals but whenever we have enough data to reliably calculate the local clock offset. In practice, that means we call adjtime() less often, but with probably better data. 3) invalidate peer updates after beeing used. no point in re-using them - this resulted in calling adjtime() multiple times with the same offset, which doesn't make sense tested by many
20 years ago
scale query interval based on local clock offset. tested by many not as efficient as I want it to be yet, but more is coming
20 years ago
query interval scaling, episode II 1) base the interval calculation on the offset from the last reply, not from the last peer update. Allows us to send more queries again faster when the local clock diverges too much 2) every time we form a peer update (for which we need 8 replies) check wether we have a ready peer update for all peers that are currently trusted, and if so, calculate the total offset and call adjtime(). that means that adjtime is no longer called in fixed intervals but whenever we have enough data to reliably calculate the local clock offset. In practice, that means we call adjtime() less often, but with probably better data. 3) invalidate peer updates after beeing used. no point in re-using them - this resulted in calling adjtime() multiple times with the same offset, which doesn't make sense tested by many
20 years ago
oups
20 years ago
query interval scaling, episode II 1) base the interval calculation on the offset from the last reply, not from the last peer update. Allows us to send more queries again faster when the local clock diverges too much 2) every time we form a peer update (for which we need 8 replies) check wether we have a ready peer update for all peers that are currently trusted, and if so, calculate the total offset and call adjtime(). that means that adjtime is no longer called in fixed intervals but whenever we have enough data to reliably calculate the local clock offset. In practice, that means we call adjtime() less often, but with probably better data. 3) invalidate peer updates after beeing used. no point in re-using them - this resulted in calling adjtime() multiple times with the same offset, which doesn't make sense tested by many
20 years ago
scale query interval based on local clock offset. tested by many not as efficient as I want it to be yet, but more is coming
20 years ago
query interval scaling, episode II 1) base the interval calculation on the offset from the last reply, not from the last peer update. Allows us to send more queries again faster when the local clock diverges too much 2) every time we form a peer update (for which we need 8 replies) check wether we have a ready peer update for all peers that are currently trusted, and if so, calculate the total offset and call adjtime(). that means that adjtime is no longer called in fixed intervals but whenever we have enough data to reliably calculate the local clock offset. In practice, that means we call adjtime() less often, but with probably better data. 3) invalidate peer updates after beeing used. no point in re-using them - this resulted in calling adjtime() multiple times with the same offset, which doesn't make sense tested by many
20 years ago
scale query interval based on local clock offset. tested by many not as efficient as I want it to be yet, but more is coming
20 years ago
query interval scaling, episode II 1) base the interval calculation on the offset from the last reply, not from the last peer update. Allows us to send more queries again faster when the local clock diverges too much 2) every time we form a peer update (for which we need 8 replies) check wether we have a ready peer update for all peers that are currently trusted, and if so, calculate the total offset and call adjtime(). that means that adjtime is no longer called in fixed intervals but whenever we have enough data to reliably calculate the local clock offset. In practice, that means we call adjtime() less often, but with probably better data. 3) invalidate peer updates after beeing used. no point in re-using them - this resulted in calling adjtime() multiple times with the same offset, which doesn't make sense tested by many
20 years ago
scale query interval based on local clock offset. tested by many not as efficient as I want it to be yet, but more is coming
20 years ago
keep a "trustlevel" per peer. loose credit for loosing a packet, loose a lot of credit for not having supplied us with enough data within an adjtime run interval, and get a little credit each time we get a good reply packet. if a peer is below 20%, only send a packet occasionally to see wether it is back. send out queries much more often between 20 and 80% to (re-)sync quickly, and above 80% usethe regular interval. do not use peers < 60% for calculating teh local clock offset. designed with theo at the pho, alexander ok
20 years ago
scale query interval based on local clock offset. tested by many not as efficient as I want it to be yet, but more is coming
20 years ago
provide most of the client functionality. hook the descriptors into the main poll and such. we're not doing anything with the reply we recive yet, tho. mostly hacked on the Frankfurt->Montreal flight, as batteries and those horrible air canada seats permitted...
20 years ago
keep a "trustlevel" per peer. loose credit for loosing a packet, loose a lot of credit for not having supplied us with enough data within an adjtime run interval, and get a little credit each time we get a good reply packet. if a peer is below 20%, only send a packet occasionally to see wether it is back. send out queries much more often between 20 and 80% to (re-)sync quickly, and above 80% usethe regular interval. do not use peers < 60% for calculating teh local clock offset. designed with theo at the pho, alexander ok
20 years ago
Compute the local clock offset from the server's response. ok henning@
20 years ago
keep a "trustlevel" per peer. loose credit for loosing a packet, loose a lot of credit for not having supplied us with enough data within an adjtime run interval, and get a little credit each time we get a good reply packet. if a peer is below 20%, only send a packet occasionally to see wether it is back. send out queries much more often between 20 and 80% to (re-)sync quickly, and above 80% usethe regular interval. do not use peers < 60% for calculating teh local clock offset. designed with theo at the pho, alexander ok
20 years ago
keep last 8 offset,delay pairs - we'll need them for the clock filters later. for now, average over those to adjust the local clock.
20 years ago
provide most of the client functionality. hook the descriptors into the main poll and such. we're not doing anything with the reply we recive yet, tho. mostly hacked on the Frankfurt->Montreal flight, as batteries and those horrible air canada seats permitted...
20 years ago
check wether we have enough data to form a peer update on receiption of each packet, not only after each 8th (where we have enough for sure)
20 years ago
scale query interval based on local clock offset. tested by many not as efficient as I want it to be yet, but more is coming
20 years ago
lof replies with log_debug so one gets increased verbosity when in foreground/debug mode
20 years ago
check wether we have enough data to form a peer update on receiption of each packet, not only after each 8th (where we have enough for sure)
20 years ago
keep a "trustlevel" per peer. loose credit for loosing a packet, loose a lot of credit for not having supplied us with enough data within an adjtime run interval, and get a little credit each time we get a good reply packet. if a peer is below 20%, only send a packet occasionally to see wether it is back. send out queries much more often between 20 and 80% to (re-)sync quickly, and above 80% usethe regular interval. do not use peers < 60% for calculating teh local clock offset. designed with theo at the pho, alexander ok
20 years ago
scale query interval based on local clock offset. tested by many not as efficient as I want it to be yet, but more is coming
20 years ago
query interval scaling, episode II 1) base the interval calculation on the offset from the last reply, not from the last peer update. Allows us to send more queries again faster when the local clock diverges too much 2) every time we form a peer update (for which we need 8 replies) check wether we have a ready peer update for all peers that are currently trusted, and if so, calculate the total offset and call adjtime(). that means that adjtime is no longer called in fixed intervals but whenever we have enough data to reliably calculate the local clock offset. In practice, that means we call adjtime() less often, but with probably better data. 3) invalidate peer updates after beeing used. no point in re-using them - this resulted in calling adjtime() multiple times with the same offset, which doesn't make sense tested by many
20 years ago
missing {}
20 years ago
scale query interval based on local clock offset. tested by many not as efficient as I want it to be yet, but more is coming
20 years ago
missing {}
20 years ago
scale query interval based on local clock offset. tested by many not as efficient as I want it to be yet, but more is coming
20 years ago
check wether we have enough data to form a peer update on receiption of each packet, not only after each 8th (where we have enough for sure)
20 years ago
scale query interval based on local clock offset. tested by many not as efficient as I want it to be yet, but more is coming
20 years ago
query interval scaling, episode II 1) base the interval calculation on the offset from the last reply, not from the last peer update. Allows us to send more queries again faster when the local clock diverges too much 2) every time we form a peer update (for which we need 8 replies) check wether we have a ready peer update for all peers that are currently trusted, and if so, calculate the total offset and call adjtime(). that means that adjtime is no longer called in fixed intervals but whenever we have enough data to reliably calculate the local clock offset. In practice, that means we call adjtime() less often, but with probably better data. 3) invalidate peer updates after beeing used. no point in re-using them - this resulted in calling adjtime() multiple times with the same offset, which doesn't make sense tested by many
20 years ago
scale query interval based on local clock offset. tested by many not as efficient as I want it to be yet, but more is coming
20 years ago
keep a "trustlevel" per peer. loose credit for loosing a packet, loose a lot of credit for not having supplied us with enough data within an adjtime run interval, and get a little credit each time we get a good reply packet. if a peer is below 20%, only send a packet occasionally to see wether it is back. send out queries much more often between 20 and 80% to (re-)sync quickly, and above 80% usethe regular interval. do not use peers < 60% for calculating teh local clock offset. designed with theo at the pho, alexander ok
20 years ago
provide most of the client functionality. hook the descriptors into the main poll and such. we're not doing anything with the reply we recive yet, tho. mostly hacked on the Frankfurt->Montreal flight, as batteries and those horrible air canada seats permitted...
20 years ago
 
  1. /*	$OpenBSD: client.c,v 1.28 2004/07/20 16:47:55 henning Exp $ */
  2. 

  3. /*

  4.  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
  5.  * Copyright (c) 2004 Alexander Guy <alexander.guy@andern.org>
  6.  *
  7.  * Permission to use, copy, modify, and distribute this software for any
  8.  * purpose with or without fee is hereby granted, provided that the above
  9.  * copyright notice and this permission notice appear in all copies.
  10.  *
  11.  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  12.  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  13.  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  14.  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  15.  * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
  16.  * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
  17.  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  18.  */
  19. 

  20. #include <sys/param.h>

  21. #include <errno.h>

  22. #include <stdlib.h>

  23. #include <string.h>

  24. #include <time.h>

  25. #include <unistd.h>

  26. 

  27. #include "ntpd.h"

  28. 

  29. int	client_update(struct ntp_peer *);
  30. 

  31. int
  32. client_peer_init(struct ntp_peer *p)
  33. {
  34. 	struct sockaddr_in	*sa_in;
  35. 	struct sockaddr_in6	*sa_in6;
  36. 	struct ntp_addr		*h;
  37. 

  38. 	if ((p->query = calloc(1, sizeof(struct ntp_query))) == NULL)
  39. 		fatal("client_query calloc");
  40. 

  41. 	for (h = p->addr; h != NULL; h = h->next) {
  42. 		switch (h->ss.ss_family) {
  43. 		case AF_INET:
  44. 			sa_in = (struct sockaddr_in *)&h->ss;
  45. 			if (ntohs(sa_in->sin_port) == 0)
  46. 				sa_in->sin_port = htons(123);
  47. 			break;
  48. 		case AF_INET6:
  49. 			sa_in6 = (struct sockaddr_in6 *)&h->ss;
  50. 			if (ntohs(sa_in6->sin6_port) == 0)
  51. 				sa_in6->sin6_port = htons(123);
  52. 			break;
  53. 		default:
  54. 			fatal("king bula sez: wrong AF in client_peer_init");
  55. 			/* not reached */
  56. 		}
  57. 	}
  58. 

  59. 	if ((p->query->fd = socket(p->addr->ss.ss_family, SOCK_DGRAM, 0)) == -1)
  60. 		fatal("client_query socket");
  61. 

  62. 	p->query->msg.status = MODE_CLIENT | (NTP_VERSION << 3);
  63. 	p->state = STATE_NONE;
  64. 	p->next = time(NULL);
  65. 	p->shift = 0;
  66. 	p->trustlevel = TRUSTLEVEL_PATHETIC;
  67. 

  68. 	return (0);
  69. }
  70. 

  71. int
  72. client_nextaddr(struct ntp_peer *p)
  73. {
  74. 	close(p->query->fd);
  75. 

  76. 	if ((p->addr = p->addr->next) == NULL)
  77. 		p->addr = p->addr_head.a;
  78. 

  79. 	if ((p->query->fd = socket(p->addr->ss.ss_family, SOCK_DGRAM, 0)) == -1)
  80. 		fatal("client_query socket");
  81. 

  82. 	p->shift = 0;
  83. 	p->trustlevel = TRUSTLEVEL_PATHETIC;
  84. 

  85. 	return (0);
  86. }
  87. 

  88. int
  89. client_query(struct ntp_peer *p)
  90. {
  91. 	/*

  92. 	 * Send out a random 64-bit number as our transmit time.  The NTP
  93. 	 * server will copy said number into the originate field on the
  94. 	 * response that it sends us.  This is totally legal per the SNTP spec.
  95. 	 *
  96. 	 * The impact of this is two fold: we no longer send out the current
  97. 	 * system time for the world to see (which may aid an attacker), and
  98. 	 * it gives us a (not very secure) way of knowing that we're not
  99. 	 * getting spoofed by an attacker that can't capture our traffic
  100. 	 * but can spoof packets from the NTP server we're communicating with.
  101. 	 *
  102. 	 * Save the real transmit timestamp locally.
  103. 	 */
  104. 

  105. 	p->query->msg.xmttime.int_part = arc4random();
  106. 	p->query->msg.xmttime.fraction = arc4random();
  107. 	p->query->xmttime = gettime();
  108. 

  109. 	if (ntp_sendmsg(p->query->fd, (struct sockaddr *)&p->addr->ss,
  110. 	    &p->query->msg, NTP_MSGSIZE_NOAUTH, 0) == -1) {
  111. 		p->next = time(NULL) + INTERVAL_QUERY_PATHETIC;
  112. 		return (-1);
  113. 	}
  114. 

  115. 	p->state = STATE_QUERY_SENT;
  116. 	p->next = 0;
  117. 	p->deadline = time(NULL) + QUERYTIME_MAX;
  118. 

  119. 	return (0);
  120. }
  121. 

  122. int
  123. client_dispatch(struct ntp_peer *p)
  124. {
  125. 	struct sockaddr_storage	 fsa;
  126. 	socklen_t		 fsa_len;
  127. 	char			 buf[NTP_MSGSIZE];
  128. 	ssize_t			 size;
  129. 	struct ntp_msg		 msg;
  130. 	double			 T1, T2, T3, T4;
  131. 	double			 abs_offset;
  132. 	time_t			 interval;
  133. 

  134. 	fsa_len = sizeof(fsa);
  135. 	if ((size = recvfrom(p->query->fd, &buf, sizeof(buf), 0,
  136. 	    (struct sockaddr *)&fsa, &fsa_len)) == -1) {
  137. 		if (errno == EHOSTUNREACH || errno == EHOSTDOWN ||
  138. 		    errno == ENETDOWN) {
  139. 			log_warn("recvfrom %s",
  140. 			    log_sockaddr((struct sockaddr *)&fsa));
  141. 			return (0);
  142. 		} else
  143. 			fatal("recvfrom");
  144. 	}
  145. 

  146. 	T4 = gettime();
  147. 

  148. 	ntp_getmsg(buf, size, &msg);
  149. 

  150. 	if (msg.orgtime.int_part != p->query->msg.xmttime.int_part ||
  151. 	    msg.orgtime.fraction != p->query->msg.xmttime.fraction)
  152. 		return (0);
  153. 

  154. 	/*

  155. 	 * From RFC 2030 (with a correction to the delay math):
  156. 	 *
  157. 	 *      Timestamp Name          ID   When Generated
  158. 	 *     ------------------------------------------------------------
  159. 	 *     Originate Timestamp     T1   time request sent by client
  160. 	 *     Receive Timestamp       T2   time request received by server
  161. 	 *     Transmit Timestamp      T3   time reply sent by server
  162. 	 *     Destination Timestamp   T4   time reply received by client
  163. 	 *
  164. 	 *  The roundtrip delay d and local clock offset t are defined as
  165. 	 *
  166. 	 *    d = (T4 - T1) - (T3 - T2)     t = ((T2 - T1) + (T3 - T4)) / 2.
  167. 	 */
  168. 

  169. 	T1 = p->query->xmttime;
  170. 	T2 = lfp_to_d(msg.rectime);
  171. 	T3 = lfp_to_d(msg.xmttime);
  172. 

  173. 	p->reply[p->shift].offset = ((T2 - T1) + (T3 - T4)) / 2;
  174. 	p->reply[p->shift].delay = (T4 - T1) - (T3 - T2);
  175. 	p->reply[p->shift].error = (T2 - T1) - (T3 - T4);
  176. 	p->reply[p->shift].rcvd = time(NULL);
  177. 	p->reply[p->shift].good = 1;
  178. 

  179. 	p->reply[p->shift].status.leap = (msg.status & LIMASK) >> 6;
  180. 	p->reply[p->shift].status.precision = msg.precision;
  181. 	p->reply[p->shift].status.rootdelay = sfp_to_d(msg.distance);
  182. 	p->reply[p->shift].status.rootdispersion = sfp_to_d(msg.dispersion);
  183. 	p->reply[p->shift].status.refid = htonl(msg.refid);
  184. 	p->reply[p->shift].status.reftime = lfp_to_d(msg.reftime);
  185. 	p->reply[p->shift].status.poll = msg.ppoll;
  186. 

  187. 	if (p->trustlevel < TRUSTLEVEL_PATHETIC)
  188. 		interval = INTERVAL_QUERY_PATHETIC;
  189. 	else if (p->trustlevel < TRUSTLEVEL_AGRESSIVE)
  190. 		interval = INTERVAL_QUERY_AGRESSIVE;
  191. 	else {
  192. 		if (p->reply[p->shift].offset < 0)
  193. 			abs_offset = -p->reply[p->shift].offset;
  194. 		else
  195. 			abs_offset = p->reply[p->shift].offset;
  196. 

  197. 		if (abs_offset > QSCALE_OFF_MAX)
  198. 			interval = INTERVAL_QUERY_NORMAL;
  199. 		else if (abs_offset < QSCALE_OFF_MIN)
  200. 			interval = INTERVAL_QUERY_NORMAL *
  201. 			    (QSCALE_OFF_MAX / QSCALE_OFF_MIN);
  202. 		else
  203. 			interval = INTERVAL_QUERY_NORMAL *
  204. 			    (QSCALE_OFF_MAX / abs_offset);
  205. 	}
  206. 

  207. 	p->next = time(NULL) + interval;
  208. 	p->deadline = 0;
  209. 	p->state = STATE_REPLY_RECEIVED;
  210. 

  211. 	/* every received reply which we do not discard increases trust */
  212. 	if (p->trustlevel < 10) {
  213. 		if (p->trustlevel < TRUSTLEVEL_BADPEER &&
  214. 		    p->trustlevel + 1 >= TRUSTLEVEL_BADPEER)
  215. 			log_info("peer %s now valid",
  216. 			    log_sockaddr((struct sockaddr *)&fsa));
  217. 		p->trustlevel++;
  218. 	}
  219. 

  220. 	client_update(p);
  221. 

  222. 	log_debug("reply from %s: offset %f delay %f, "
  223. 	    "next query %ds", log_sockaddr((struct sockaddr *)&fsa),
  224. 	    p->reply[p->shift].offset, p->reply[p->shift].delay, interval);
  225. 

  226. 	if (++p->shift >= OFFSET_ARRAY_SIZE)
  227. 		p->shift = 0;
  228. 

  229. 	return (0);
  230. }
  231. 

  232. int
  233. client_update(struct ntp_peer *p)
  234. {
  235. 	int	i, best = 0, good = 0;
  236. 

  237. 	/*

  238. 	 * clock filter
  239. 	 * find the offset which arrived with the lowest delay
  240. 	 * use that as the peer update
  241. 	 * invalidate it and all older ones
  242. 	 */
  243. 

  244. 	for (i = 0; good == 0 && i < OFFSET_ARRAY_SIZE; i++)
  245. 		if (p->reply[i].good) {
  246. 			good++;
  247. 			best = i;
  248. 		}
  249. 

  250. 	for (; i < OFFSET_ARRAY_SIZE; i++)
  251. 		if (p->reply[i].good) {
  252. 			good++;
  253. 			if (p->reply[i].delay < p->reply[best].delay)
  254. 				best = i;
  255. 		}
  256. 

  257. 	if (good < 8)
  258. 		return (-1);
  259. 

  260. 	memcpy(&p->update, &p->reply[best], sizeof(p->update));
  261. 	ntp_adjtime();
  262. 

  263. 	for (i = 0; i < OFFSET_ARRAY_SIZE; i++)
  264. 		if (p->reply[i].rcvd <= p->reply[best].rcvd)
  265. 			p->reply[i].good = 0;
  266. 

  267. 	return (0);
  268. }