Lines Matching +full:test2 +full:. +full:good
2 * ntp_proto.c - NTP version 4 protocol machinery
5 * (Harlan will be discussing these changes with Dave Mills.)
9 #include <config.h>
12 #include "ntpd.h"
13 #include "ntp_stdlib.h"
14 #include "ntp_unixtime.h"
15 #include "ntp_control.h"
16 #include "ntp_string.h"
17 #include "ntp_leapsec.h"
18 #include "ntp_psl.h"
19 #include "refidsmear.h"
21 #include <stdio.h>
23 #include <libscf.h>
26 #include <unistd.h>
37 x.l_uf = 0; \
38 x.l_ui &= ~((1 << SRVFUZ_SHIFT) - 1U); \
42 * This macro defines the authentication state. If x is 1 authentication
43 * is required; otherwise it is optional.
95 * clock_cluster().
105 * System variables are declared here. Unless specified otherwise, all
106 * times are in seconds.
130 * Rate controls. Leaky buckets are used to throttle the packet
132 * and USNO. There is a counter for each association and another for KoD
133 * packets. The association counter decrements each second, but not
134 * below zero. Each time a packet is sent the counter is incremented by
136 * packets. A packet is delayed as long as the counter is greater than
137 * zero. Note this does not affect the time value computations.
179 * Statistics counters - first the good, then the bad
196 * The default way is "on-receipt". If this was a packet from a
197 * well-behaved source, on-receipt will offer the fastest recovery.
199 * for a bad-guy to DoS us. So look and see what bites you harder
200 * and choose according to your environment.
243 * eventually change xmt_leap below, but never change LEAP_NOTINSYNC. in set_sys_leap()
255 * so make sure we only send "in sync". in set_sys_leap()
257 if (leap_smear.enabled) in set_sys_leap()
348 * not (yet) be a keyid, but in this case FLAG_SKEY is set. in valid_NAK()
350 * if the keyid is 0 and FLAG_SKEY is not set. in valid_NAK()
357 * The ORIGIN must match, or this cannot be a valid NAK, either. in valid_NAK()
378 /* If we ever passed all that checks, we should be safe. Well, in valid_NAK()
379 * as safe as we can ever be with an unauthenticated crypto-nak. in valid_NAK()
396 * The polling state machine. There are two kinds of machines, in transmit()
398 * server modes) and those that do (all other modes). The dance in transmit()
399 * is intricate... in transmit()
405 * send, reset ppoll. in transmit()
412 * minpoll. in transmit()
423 * In manycast mode we start with unity ttl. The ttl is in transmit()
425 * servers have been found or the maximum ttl is reached. When in transmit()
428 * associations turn up. In this case additional better servers in transmit()
429 * are dragged in and preempt the existing ones. Once every in transmit()
433 * every sys_beacon polls. in transmit()
456 * sys_maxclock associations. The hard limit prevents unbounded in transmit()
458 * result in survivor count dipping below sys_minclock often. in transmit()
460 * resulted in 60 associations without the hard limit. A in transmit()
462 * may be appropriate. in transmit()
475 /* [Bug 3851] drop pool servers which can no longer be reached. */ in transmit()
486 * In unicast modes the dance is much more intricate. It is in transmit()
488 * traffic. in transmit()
494 * Update the reachability status. If not heard for in transmit()
496 * filter. in transmit()
505 * Here the peer is unreachable. If it was in transmit()
506 * previously reachable raise a trap. Send a in transmit()
507 * burst if enabled. in transmit()
509 clock_filter(peer, 0., 0., MAXDISPERSE); in transmit()
520 * Here the peer is reachable. Send a burst if in transmit()
521 * enabled and the peer is fit. Reset unreach in transmit()
522 * for persistent and ephemeral associations. in transmit()
524 * clock_select(). in transmit()
536 * Watch for timeout. If ephemeral, toss the rascal; in transmit()
537 * otherwise, bump the poll interval. Note the in transmit()
538 * poll_update() routine will clamp it to maxpoll. in transmit()
541 * demobilize. in transmit()
568 * we declare a successful failure. in transmit()
587 * Do not transmit if in broadcast client mode. in transmit()
671 * Note that there are many places we do not call record_raw_stats(). in receive()
674 * when we've decided to drop a packet. in receive()
678 * Monitor the packet and get restrictions. Note that the packet in receive()
680 * by the service routines. Some restrictions have to be handled in receive()
681 * later in order to generate a kiss-o'-death packet. in receive()
685 * reveals a clogging attack. Likewise the mimimum packet size in receive()
686 * of 2 bytes (for mode 6/7) must be checked first. in receive()
694 restrict_mask = r4a.rflags; in receive()
730 /* If we arrive here, we should have a standard NTP packet. We in receive()
733 * there. in receive()
745 "restrict %s org 0x%x.%08x xmt 0x%x.%08x\n", in receive()
747 stoa(&rbufp->recv_srcadr), r4a.ippeerlimit, hismode, in receive()
750 ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf), in receive()
751 ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf))); in receive()
754 * This is for testing. If restricted drop ten percent of in receive()
755 * surviving packets. in receive()
758 if (ntp_uurandom() < .1) { in receive()
768 ** Validate the packet format. The packet size, packet header, in receive()
769 ** and any extension field lengths are checked. We identify in receive()
771 ** of the hash computation. in receive()
774 ** discarded with no further processing. in receive()
779 * intentionally use an early version. in receive()
793 * Figure out his mode and validate the packet. This has some in receive()
794 * legacy raunch that probably should be removed. In very early in receive()
796 * would interpret as client mode. in receive()
809 * Validate the poll interval in the packet. in receive()
810 * 0 probably indicates a data-minimized packet. in receive()
812 * a value of 0 is not allowed. We check for this below. in receive()
814 * There might be arguments against this check. If you have in receive()
815 * any of these arguments, please let us know. in receive()
817 * At this point, the packet cannot be a mode[67] packet. in receive()
836 * Parse the extension field if present. We figure out whether in receive()
837 * an extension field is present by measuring the MAC size. If in receive()
839 * is present and the packet is not authenticated. If 1, the in receive()
842 * the packet is authenticated with SHA. If 2 or * 4, the packet in receive()
843 * is a runt and discarded forthwith. If greater than 6, an in receive()
845 * field and go around again. in receive()
847 * Note the above description is lame. We should/could also check in receive()
849 * check the two bytes that tell us the EF length. A legacy MAC in receive()
851 * must be <= 64k, meaning the top two bytes will always be zero. in receive()
853 * conforming legacy MAC could ever be misinterpreted as an EF. in receive()
855 * There is more, but this isn't the place to document it. in receive()
892 * Extract calling group name for later. If in receive()
894 * a group name provided to elicit a response. in receive()
924 * If has_mac is < 0 we had a malformed packet. in receive()
935 ** This layer verifies the packet data content. If in receive()
936 ** authentication is required, a MAC must be present. in receive()
937 ** If a MAC is present, it must validate. in receive()
940 ** If authentication fails, we're done. in receive()
944 * If authentication is explicitly required, a MAC must be present. in receive()
953 * Update the MRU list and finger the cloggers. It can be a in receive()
954 * little expensive, so turn it off for production use. in receive()
956 * restrict_mask unless one or both actions are warranted. in receive()
985 * the game to reduce the exposure to a clogging attack. Now we in receive()
987 * authenticate the packet if required. Note that we burn only in receive()
988 * digest cycles, again to reduce exposure. There may be no in receive()
989 * matching association and that's okay. in receive()
991 * More on the autokey mambo. Normally the local interface is in receive()
993 * designated remote address. We assume packets arriving from in receive()
996 * of the interface. However, if the sender is a broadcaster, in receive()
997 * the interface broadcast address is used instead. in receive()
1000 * unicast address anyway. Don't ask. in receive()
1024 * using the restrict command. The enable switch if on implies in receive()
1025 * NOPEER for all clients. There are four outcomes: in receive()
1027 * NONE The packet has no MAC. in receive()
1030 * CRYPTO crypto-NAK. The MAC has four octets only. in receive()
1032 * Note: The AUTH(x, y) macro is used to filter outcomes. If x in receive()
1033 * is zero, acceptable outcomes of y are NONE and OK. If x is in receive()
1034 * one, the only acceptable outcome of y is OK. in receive()
1054 DPRINTF(1, ("receive: at %ld %s<-%s mode %d/%s:%s len %d org 0x%x.%08x xmt 0x%x.%08x NOMAC\n", in receive()
1058 ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf), in receive()
1059 ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf))); in receive()
1063 …ceive: at %ld %s<-%s mode %d/%s:%s keyid %08x len %d auth %d org 0x%x.%08x xmt 0x%x.%08x CRYPTONAK… in receive()
1067 ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf), in receive()
1068 ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf))); in receive()
1075 * reply. in receive()
1078 * http://msdn.microsoft.com/en-us/library/cc212930.aspx in receive()
1086 DPRINTF(1, ("receive: at %ld %s<-%s mode %d/%s:%s len %d org %x.%08x xmt %x.%08x SIGND\n", in receive()
1090 ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf), in receive()
1091 ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf))); in receive()
1100 * So there is a MAC here. in receive()
1107 * and install in the key cache. Use the socket in receive()
1108 * broadcast or unicast address as appropriate. in receive()
1113 * More on the autokey dance (AKD). A cookie is in receive()
1114 * constructed from public and private values. in receive()
1116 * (zero). For packets that match no in receive()
1118 * addresses and private value. For server in receive()
1120 * from the server. For symmetric modes, the in receive()
1124 * the EXOR of the peer and host cookies. in receive()
1149 * mobilized. However, if this is from in receive()
1150 * the wildcard interface, game over. in receive()
1173 * values and cookie. In case of an extension in receive()
1175 * purposes is zero. Note the hash is saved for in receive()
1176 * use later in the autokey mambo. in receive()
1194 * Compute the cryptosum. Note a clogging attack may in receive()
1195 * succeed in bloating the key cache. If an autokey, in receive()
1197 * again. If the packet is authentic, it can mobilize an in receive()
1198 * association. Note that there is no key zero. in receive()
1209 …"receive: at %ld %s<-%s mode %d/%s:%s keyid %08x len %d auth %d org 0x%x.%08x xmt 0x%x.%08x MAC\n", in receive()
1213 ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf), in receive()
1214 ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf))); in receive()
1222 * - If we expect a MAC and it's not there, we drop it. in receive()
1223 * - If we expect one keyID and get another, we drop it. in receive()
1224 * - If we have a MAC ahd it hasn't been validated yet, try. in receive()
1225 * - if the provided MAC doesn't validate, we drop it. in receive()
1227 * There might be more to this. in receive()
1235 * - different keyID than what we expect. in receive()
1246 * if has_mac != 0 ... in receive()
1247 * - If it has not yet been validated, do so. in receive()
1249 * - if missing or bad MAC, log and drop. in receive()
1277 ** Verify protocol operations consistent with the on-wire protocol. in receive()
1280 ** packets. The operations are controlled by two timestamps: in receive()
1282 ** and the origin timestamp in the server packet header. The in receive()
1283 ** comparison of these two timestamps is called the loopback test. in receive()
1285 ** response corresponds to the original request. The transmit in receive()
1287 ** packet. Upon failure of either test, the packet is discarded in receive()
1288 ** with no further action. in receive()
1293 * routines and an association table. A packet matching an in receive()
1295 * association. If there are no errors, an ephemeral association in receive()
1299 * symmetric passive association. in receive()
1306 * This is a client mode packet not matching any association. If in receive()
1308 * over the fence. If a manycast client, we have to work a in receive()
1309 * little harder. in receive()
1311 * There are cases here where we do not call record_raw_stats(). in receive()
1317 * send a crypto-NAK. in receive()
1354 * This must be manycast. Do not respond if not in receive()
1355 * configured as a manycast server. in receive()
1365 * Do not respond if not the same group. in receive()
1377 * manycaster has already synchronized to us. in receive()
1397 * global address, to avoid duplicate associations. in receive()
1406 * Respond only if authentication succeeds. Don't do a in receive()
1407 * crypto-NAK, as that would not be useful. in receive()
1433 * manycastclient) or to a unicast address (for pool). The in receive()
1434 * origin timestamp is a good nonce to reliably associate the in receive()
1435 * reply with what was sent. If there is no match, that's in receive()
1437 * just ignore it. in receive()
1442 * association to the new client association. If not, just in receive()
1443 * ignore the packet. in receive()
1446 * the manycast servers send the server packet immediately. If in receive()
1447 * the guy is already here, don't fire up a duplicate. in receive()
1449 * There are cases here where we do not call record_raw_stats(). in receive()
1455 * Do not respond if not the same group. in receive()
1487 * the floor or at or above the ceiling. in receive()
1501 r4a.ippeerlimit, MODE_CLIENT, hisversion, in receive()
1514 * the pool will fill promptly. in receive()
1524 * first sync. in receive()
1529 * This is the first packet received from a broadcast server. If in receive()
1531 * client, mobilize a broadcast client association. We don't in receive()
1532 * kiss any frogs here. in receive()
1534 * There are cases here where we do not call record_raw_stats(). in receive()
1540 * Do not respond if not the same group. in receive()
1564 * the floor or at or above the ceiling. in receive()
1577 * CRYPTO_ASSOC response with association ID. in receive()
1590 * with the same remote address. newpeer() will not in receive()
1592 * if a non-NULL endpoint is supplied. multicastclient in receive()
1594 * endpoints. in receive()
1602 * Determine whether to execute the initial volley. in receive()
1608 * neither is Autokey. in receive()
1618 * Do not execute the volley. Start out in in receive()
1619 * broadcast client mode. in receive()
1622 r4a.ippeerlimit, MODE_BCLIENT, hisversion, in receive()
1639 * propagation delay and run the Autokey protocol. in receive()
1643 * is fixed at this value. in receive()
1646 r4a.ippeerlimit, MODE_CLIENT, hisversion, in receive()
1665 * symmetric active peer. First, deal with broken Windows clients. in receive()
1666 * Then, if NOEPEER is enabled, drop it. If the packet meets our in receive()
1668 * a passive association. in receive()
1669 * Otherwise, kiss the frog. in receive()
1671 * There are cases here where we do not call record_raw_stats(). in receive()
1679 * Do not respond if not the same group. in receive()
1693 * response without mobilizing an association. in receive()
1694 * This is for drat broken Windows clients. See in receive()
1695 * Microsoft KB 875424 for preferred workaround. in receive()
1723 * should just drop it on the floor. For example, in receive()
1725 * will make it this far. This is just in receive()
1727 * flooding. in receive()
1746 * below the floor or at or above the ceiling. Note, in receive()
1748 * us. It would be very strange if he did and then was in receive()
1750 * operating at the top end of the range. It also means in receive()
1752 * MODE_ACTIVE KoDs, which will time out eventually. in receive()
1763 * The message is correctly authenticated and allowed. in receive()
1765 * exceed the ippeerlimit. in receive()
1768 r4a.ippeerlimit, MODE_PASSIVE, hisversion, in receive()
1779 * Process regular packet. Nothing special. in receive()
1781 * There are cases here where we do not call record_raw_stats(). in receive()
1787 * Do not respond if not the same group. in receive()
1834 * packet was received. We limit the check to in receive()
1838 * denial of service condition. in receive()
1851 /* Alert if time from the server is non-monotonic. in receive()
1853 * [Bug 3114] is about Broadcast mode replay DoS. in receive()
1855 * Broadcast mode *assumes* a trusted network. in receive()
1857 * of attacks. in receive()
1863 * - the broadcast server had a backward step. in receive()
1865 * - somebody is trying a replay attack. in receive()
1869 * broadcast packets as we receive them. But in receive()
1871 * delays before believing a backward step. in receive()
1882 tdiff.l_ui = tdiff.l_uf = 0; in receive()
1887 if ( tdiff.l_i < 0 in receive()
1890 …INFO, "receive: broadcast packet from %s contains non-monotonic timestamp: 0x%x.%08x -> 0x%x.%08x", in receive()
1892 peer->bxmt.l_ui, peer->bxmt.l_uf, in receive()
1893 p_xmt.l_ui, p_xmt.l_uf in receive()
1909 * A passive packet matches a passive association. This is in receive()
1910 * usually the result of reconfiguring a client on the fly. As in receive()
1912 * attempt to deny service, just ignore it. in receive()
1915 DPRINTF(2, ("receive: AM_ERR drop.\n")); in receive()
1920 * For everything else there is the bit bucket. in receive()
1923 DPRINTF(2, ("receive: default drop.\n")); in receive()
1932 * symmetric key ID. in receive()
1951 * Next comes a rigorous schedule of timestamp checking. If the in receive()
1953 * interleaved modes or is horribly broken. in receive()
1956 * timestamp. in receive()
1964 peer->bogusorg++; /* for TEST2 or TEST3 */ in receive()
1973 * packet is a replay. This prevents the bad guys from replaying in receive()
1974 * the most recent packet, authenticated or not. in receive()
1986 * is appropriate. Don't do anything else here - we wait to in receive()
1988 * we've validated the MAC that SHOULD be provided. in receive()
1990 * hisstratum cannot be 0 - see assertion above. in receive()
1992 * at least we'll be able to sync with the broadcast server. in receive()
2007 * KoD packets are a mixed-blessing. Forged KoD packets in receive()
2008 * are DoS attacks. There are rare situations where we might in receive()
2009 * get a valid KoD response, though. Since KoD packets are in receive()
2011 * handle the basic KoD checks here. in receive()
2015 * that we have previously sent out. Watch interleave mode. in receive()
2023 "receive: KoD packet from %s has a zero org or rec timestamp. Ignoring.", in receive()
2032 "receive: KoD packet from %s has inconsistent xmt/org/rec timestamps. Ignoring.", in receive()
2041 "receive: flip 0 KoD origin timestamp 0x%x.%08x from %s does not match 0x%x.%08x - ignoring.", in receive()
2042 p_org.l_ui, p_org.l_uf, in receive()
2044 peer->aorg.l_ui, peer->aorg.l_uf); in receive()
2049 …"receive: flip 1 KoD origin timestamp 0x%x.%08x from %s does not match interleave 0x%x.%08x - igno… in receive()
2050 p_org.l_ui, p_org.l_uf, in receive()
2052 peer->borg.l_ui, peer->borg.l_uf); in receive()
2060 * packet or we've already received a response to our query. in receive()
2063 * reply. There is a window of one nanosecond once every in receive()
2064 * 136 years' time where this is possible. We currently in receive()
2066 * is (quietly?) disallowed. in receive()
2068 * Otherwise, check for bogus packet in basic mode. in receive()
2071 * not bogus in symmetric interleaved mode. in receive()
2074 * to be from us, attempting to cause our server to KoD us. in receive()
2076 * We have earlier asserted that hisstratum cannot be 0. in receive()
2077 * If hisstratum is STRATUM_UNSPEC, it means he's not sync'd. in receive()
2117 peer->flash |= TEST2; /* bogus */ in receive()
2126 "receive: %s 0 origin timestamp from %s@%s xmt 0x%x.%08x", in receive()
2128 ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf)); in receive()
2134 /* Should we set TEST2 if we decide to try xleave? */ in receive()
2136 peer->flash |= TEST2; /* bogus */ in receive()
2138 "duplicate or replay: org 0x%x.%08x does not match 0x%x.%08x from %s@%s", in receive()
2139 ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf), in receive()
2140 peer->aorg.l_ui, peer->aorg.l_uf, in receive()
2160 * Check for valid nonzero timestamp fields. in receive()
2168 * Check for bogus packet in interleaved symmetric mode. This in receive()
2169 * can happen if a packet is lost, duplicated or crossed. If in receive()
2170 * found, flip and resynchronize. in receive()
2177 peer->flash |= TEST2; /* bogus */ in receive()
2187 * client packet. The server might have just changed keys. Clear in receive()
2188 * the association and restart the protocol. in receive()
2212 * reply to a client packet previously sent. The loopback check in receive()
2214 * possible in past versions. If symmetric modes, return a in receive()
2215 * crypto-NAK. The peer should restart the protocol. in receive()
2254 * client do its stuff. in receive()
2258 * interleaved broadcast, so restart the protocol. in receive()
2259 * - else, this is not an interleaved broadcast packet. in receive()
2289 * update peer->bxmt. in receive()
2296 ** Update the state variables. in receive()
2307 * peer minpoll. If a kiss-o'-death, set the peer minpoll to in receive()
2309 * headroom. Very intricate. in receive()
2313 * Check for any kiss codes. Note this is only used when a server in receive()
2314 * responds to a packet request. in receive()
2356 * then see if the sender's IP is trusted for this keyid. in receive()
2357 * If it is, great - nothing special to do here. in receive()
2358 * Otherwise, we should report and bail. in receive()
2360 * Autokey-authenticated packets are accepted. in receive()
2397 * clean. Get on with real work. in receive()
2408 * More autokey dance. The rules of the cha-cha are as follows: in receive()
2410 * 1. If there is no key or the key is not auto, do nothing. in receive()
2412 * 2. If this packet is in response to the one just previously in receive()
2413 * sent or from a broadcast server, do the extension fields. in receive()
2414 * Otherwise, assume bogosity and bail out. in receive()
2416 * 3. If an extension field contains a verified signature, it is in receive()
2417 * self-authenticated and we sit the dance. in receive()
2419 * 4. If this is a server reply, check only to see that the in receive()
2420 * transmitted key ID matches the received key ID. in receive()
2422 * 5. Check to see that one or more hashes of the current key ID in receive()
2424 * obtained from the broadcaster or symmetric peer. If no in receive()
2425 * match, sit the dance and call for new autokey values. in receive()
2428 * restart the protocol. in receive()
2432 * Decrement remaining autokey hashes. This isn't in receive()
2433 * perfect if a packet is lost, but results in no harm. in receive()
2435 ap = (struct autokey *)peer->recval.ptr; in receive()
2461 * the transmit key ID. in receive()
2469 * has been correctly signed. We don't need a sequence in receive()
2470 * check here, but the sequence continues. in receive()
2476 * Now the fun part. Here, skeyid is the current ID in in receive()
2478 * tkeyid is the hash of skeyid. If the autokey values in receive()
2479 * have not been received, this is an automatic error. in receive()
2480 * If so, check that the tkeyid matches pkeyid. If not, in receive()
2481 * hash tkeyid and try again. If the number of hashes in receive()
2483 * a successful failure and refresh the autokey values. in receive()
2514 * refresh certificates and leapseconds values. in receive()
2526 * The dance is complete and the flash bits have been lit. Toss in receive()
2528 * more flashers. Leave if the packet is not good. in receive()
2536 /* [bug 3592] Update poll. Ideally this should not happen in a in receive()
2537 * receive branch, but too much is going on here... at least we in receive()
2538 * do it only if the packet was good! in receive()
2543 * In interleaved mode update the state variables. Also adjust the in receive()
2544 * transmit phase to avoid crossover. in receive()
2559 * process_packet - Packet Procedure, a la Section 3.4.4 of RFC-1305
2560 * Or almost, at least. If we're in here we have a reasonable
2562 * relationship with this host.
2594 * stratum and root distance are valid. in process_packet()
2603 * If any tests fail at this point, the packet is discarded. in process_packet()
2605 * receive() routine. in process_packet()
2622 * Capture the header values in the client/peer association.. in process_packet()
2640 * First, if either burst mode is armed, enable the burst. in process_packet()
2642 * necessary to avoid exceeding the threshold. in process_packet()
2656 * If the peer was previously unreachable, raise a trap. In any in process_packet()
2657 * case, mark it reachable. in process_packet()
2667 * roundtrip delay and dispersion. The equations are reordered in process_packet()
2668 * from the spec for more efficient use of temporaries. For a in process_packet()
2670 * computed delay during the client/server volley. Note the in process_packet()
2672 * that due to the frequency error since the origin time. in process_packet()
2674 * It is very important to respect the hazards of overflow. The in process_packet()
2677 * in the past to 68 years in the future. To avoid loss of in process_packet()
2679 * arithmetic. However, the offset and delay calculations are in process_packet()
2682 * only half that span. Since the typical first-order in process_packet()
2685 * double arithmetic. This preserves the accuracy while in process_packet()
2686 * retaining the 68-year span. in process_packet()
2689 * symmetric and interleaved broadcast. The timestamps are in process_packet()
2690 * idioscyncratically different. See the onwire briefing/white in process_packet()
2691 * paper at www.eecis.udel.edu/~mills for details. in process_packet()
2708 p_offset = (t21 + t34) / 2.; in process_packet()
2709 if (p_del < 0 || p_del > 1.) { in process_packet()
2711 "t21 %.9f t34 %.9f", t21, t34); in process_packet()
2721 * Interleaved broadcast mode. Use interleaved timestamps. in process_packet()
2733 if (t34 < 0 || t34 > 1.) { in process_packet()
2738 "offset %.9f delay %.9f", in process_packet()
2746 * Basic broadcast - use direct timestamps. in process_packet()
2760 * timestamp. This works for both basic and interleaved in process_packet()
2761 * modes. in process_packet()
2763 * calculation gives reason to suspect clock steps. in process_packet()
2764 * This is assumed for delays > 50ms. in process_packet()
2769 DPRINTF(2, ("broadcast volley: initial delay=%.6f\n", in process_packet()
2784 * Basic mode, otherwise known as the old fashioned way. in process_packet()
2796 p_offset = (t21 + t34) / 2.; in process_packet()
2806 * packet lengths. This is helpful in cases of large asymmetric in process_packet()
2808 * links. in process_packet()
2816 if (ftemp > 1000.) in process_packet()
2825 if (ftemp > 1000.) in process_packet()
2833 * the outbound (d21) and inbound (t34) directions. To do this, in process_packet()
2835 * the roundtrip delay. Then it calculates the correction as a in process_packet()
2836 * fraction of d. in process_packet()
2842 DPRINTF(2, ("packet: t21 %.9lf %d t34 %.9lf %d\n", peer->t21, in process_packet()
2847 .5) * p_del; in process_packet()
2854 * used. In future, we might find conditions where the in process_packet()
2856 * a work in progress. in process_packet()
2860 DPRINTF(2, ("packet: del %.6lf r21 %.1lf r34 %.1lf %.6lf\n", in process_packet()
2867 * That was awesome. Now hand off to the clock filter. in process_packet()
2874 * complete. in process_packet()
2894 * clock_update - Called at system process update intervals.
2908 * Update the system state variables. We do this very carefully, in clock_update()
2909 * as the poll interval might need to be clamped differently. in clock_update()
2927 * E = p.epsilon_r + p.epsilon + p.psi + PHI*(s.t - p.t) + |THETA| in clock_update()
2930 * p.epsilon_r is the PollProc's root dispersion in clock_update()
2931 * p.epsilon is the PollProc's dispersion in clock_update()
2932 * p.psi is the PollProc's jitter in clock_update()
2936 * what they mean. When did peer->update happen? Has anything in clock_update()
2940 * DLM thinks this equation is probably the best of all worse choices. in clock_update()
2969 * Comes now the moment of truth. Crank the clock discipline and in clock_update()
2970 * see what comes out. in clock_update()
2975 * Clock exceeds panic threshold. Life as we know it ends. in clock_update()
2978 msyslog(LOG_ERR, "Clock offset exceeds panic threshold."); in clock_update()
2981 * For Solaris enter the maintenance mode. in clock_update()
2990 * Sleep until SMF kills us. in clock_update()
2992 msyslog(LOG_ERR, "%s placed into maintenance. " in clock_update()
2993 "Set system clock by hand before clearing.", in clock_update()
2999 msyslog(LOG_ERR, "Set system clock by hand."); in clock_update()
3004 * Clock was stepped. Flush all time values of all peers. in clock_update()
3023 * Clock was slewed. Handle the leapsecond stuff. in clock_update()
3029 * leap bits. If crypto, the timer will goose the setup in clock_update()
3030 * process. in clock_update()
3045 * current month. (This only works if no leap second for in clock_update()
3047 * once is mostly harmless.) in clock_update()
3053 leapsec_add_dyn(TRUE, now.l_ui, NULL); in clock_update()
3058 leapsec_add_dyn(FALSE, now.l_ui, NULL); in clock_update()
3064 * Popcorn spike or step threshold exceeded. Pretend it never in clock_update()
3065 * happened. in clock_update()
3087 * This routine figures out when the next poll should be sent. in poll_update()
3088 * That turns out to be wickedly complicated. One problem is in poll_update()
3090 * the poll interval is reduced. We watch out for races here in poll_update()
3091 * between the receive process and the poll process. in poll_update()
3093 * Clamp the poll interval between minpoll and maxpoll. in poll_update()
3100 * the lifetimes in the key list are probably bogus. Purge the in poll_update()
3101 * the key list and regenerate it later. in poll_update()
3111 * and the earliest time (utemp). The earliest time is 2 s in poll_update()
3112 * seconds, but could be more due to rate management. When in poll_update()
3113 * sending in a burst, use the earliest time. When not in a in poll_update()
3115 * unless the next scheduled time has not advanced. This can in poll_update()
3117 * response interval. Otherwise, send at the later of the next in poll_update()
3118 * scheduled time and the earliest time. in poll_update()
3120 * Now we figure out if there is an override. If a burst is in in poll_update()
3122 * slink away. If called from the poll process, delay 1 s for a in poll_update()
3123 * reference clock, otherwise 2 s. in poll_update()
3149 * is pending, delay 2 s, but only if this is a new interval. in poll_update()
3161 * The ordinary case. If a retry, use minpoll; if unreachable, in poll_update()
3164 * understampling is evil. Use the maximum of this value and the in poll_update()
3165 * headway. If the average headway is greater than the headway in poll_update()
3166 * threshold, increase the headway by the minimum interval. in poll_update()
3186 int sub = psi.sub; in poll_update()
3187 int qty = psi.qty; in poll_update()
3188 int msk = psi.msk; in poll_update()
3227 * peer_clear - clear peer filter registers. See Section 3.4.8 of the
3228 * spec.
3243 * Valhalla. Note that autokeys are ephemeral, in that they are in peer_clear()
3244 * tossed immediately upon use. Therefore, the keylist can be in peer_clear()
3245 * purged anytime without needing to preserve random keys. Note in peer_clear()
3247 * purged, too. This makes it much harder to sneak in some in peer_clear()
3248 * unauthenticated data in the clock filter. in peer_clear()
3266 * Clear all values, including the optional crypto values above. in peer_clear()
3280 * If interleave mode, initialize the alternate origin switch. in peer_clear()
3304 * the polls at one-second intervals. Unconfigured associations' in peer_clear()
3306 * rate limiting. Other post-startup new or cleared associations in peer_clear()
3308 * avoid implosion. in peer_clear()
3334 * the filter procedure to find the best sample.
3352 * of arrival. The offset and delay are determined by the on- in clock_filter()
3353 * wire protocol. The dispersion grows from the last outbound in clock_filter()
3356 * error budget. First, shift the new arrival into the shift in clock_filter()
3357 * register discarding the oldest one. in clock_filter()
3369 * time initialize the distance and index lists. Since samples in clock_filter()
3371 * only under exceptional cases will an older sample be used. in clock_filter()
3372 * Therefore, the distance list uses a compound metric. If the in clock_filter()
3374 * distance at that value. If the time since the last update is in clock_filter()
3376 * the sum of the delay and dispersion. in clock_filter()
3398 * If the clock has stabilized, sort the samples by distance. in clock_filter()
3417 * can see it later. Prune the distance list to leave only in clock_filter()
3419 * uncorrelated samples older than the Allan intercept. To in clock_filter()
3422 * least two samples for jitter calculation. in clock_filter()
3434 * Compute the dispersion and jitter. The dispersion is weighted in clock_filter()
3436 * to 1.0. The jitter is the RMS differences relative to the in clock_filter()
3437 * lowest delay sample. in clock_filter()
3453 * quietly tiptoe home leaving only the dispersion. Otherwise, in clock_filter()
3454 * save the offset, delay and jitter. Note the jitter must not in clock_filter()
3455 * be less than the precision. in clock_filter()
3474 * a popcorn spike and ignore it. in clock_filter()
3480 < 2. * ULOGTOD(peer->hpoll)) { in clock_filter()
3481 mprintf_event(PEVNT_POPCORN, peer, "%.9f s", etemp); in clock_filter()
3487 * last one used. In this design the maximum lifetime of any in clock_filter()
3490 * NTP_SHIFT packets. in clock_filter()
3501 * processing. If not synchronized or not in a burst, tickle the in clock_filter()
3502 * clock select algorithm. in clock_filter()
3506 DPRINTF(1, ("clock_filter: n %hu off %.9f del %.9f dsp %.9f jit %.9f\n", in clock_filter()
3522 * infinity.
3558 * enough to handle all associations. in clock_select()
3570 * associations. in clock_select()
3585 * that happen to be lying around. Those with seriously in clock_select()
3586 * defective clocks are immediately booted off the island. Then, in clock_select()
3587 * the falsetickers are culled and put to sea. The truechimers in clock_select()
3589 * unpopular at each round is kicked off. When the population in clock_select()
3591 * bucks and collectively crank the chimes. in clock_select()
3599 * unfit to synchronize. in clock_select()
3608 * has the lowest root distance. This can be used as a last in clock_select()
3609 * resort if all else fails. Once we get an initial sync in clock_select()
3611 * function becomes disabled. in clock_select()
3625 * hashed IPv6 address. To ensure convergence in clock_select()
3628 * metric and be the orphan parent. If this in clock_select()
3630 * orphan mode in timer(). in clock_select()
3654 * instability. Peers at stratum higher than in clock_select()
3656 * parent in ancestry so are excluded. in clock_select()
3657 * See http://bugs.ntp.org/2050 in clock_select()
3664 * The following are special cases. We deal in clock_select()
3665 * with them later. in clock_select()
3687 * idol. in clock_select()
3691 peers[nlist].peer = peer; in clock_select()
3692 peers[nlist].error = peer->jitter; in clock_select()
3693 peers[nlist].synch = f; in clock_select()
3698 * endpoint[] list. in clock_select()
3701 endpoint[nl2].type = -1; /* lower end */ in clock_select()
3702 endpoint[nl2].val = e - f; in clock_select()
3704 endpoint[nl2].type = 1; /* upper end */ in clock_select()
3705 endpoint[nl2].val = e + f; in clock_select()
3710 * offset. in clock_select()
3716 e = endp.val; in clock_select()
3720 if (endp.val < e) { in clock_select()
3721 e = endp.val; in clock_select()
3732 DPRINTF(3, ("select: endpoint %2d %.6f\n", in clock_select()
3733 endpoint[indx[i]].type, endpoint[indx[i]].val)); in clock_select()
3737 * from the falsetickers. The original algorithm was described in clock_select()
3739 * better accuracy. in clock_select()
3743 * then from the high end downwards. The scans stop when the in clock_select()
3745 * the number of falsetickers. If this doesn't happen for a in clock_select()
3747 * falsetickers and try again. If the number of falsetickers in clock_select()
3750 * correct synchronization is not possible. in clock_select()
3753 * number of falsetickers. Upon exit, the truechimers are the in clock_select()
3755 * high. There may be none of them. in clock_select()
3763 * interval containing points from the most sources. in clock_select()
3767 low = endpoint[indx[i]].val; in clock_select()
3768 n -= endpoint[indx[i]].type; in clock_select()
3774 high = endpoint[indx[j]].val; in clock_select()
3775 n += endpoint[indx[j]].type; in clock_select()
3781 * If an interval containing truechimers is found, stop. in clock_select()
3783 * around again. in clock_select()
3790 * Clustering algorithm. Whittle candidate list of falsetickers, in clock_select()
3791 * who leave the island immediately. The TRUE peer is always a in clock_select()
3792 * truechimer. We must leave at least one peer to collect the in clock_select()
3793 * million bucks. in clock_select()
3797 * contained in the interval. For this purpose, a truechimer is in clock_select()
3799 * intersection interval. in clock_select()
3805 peer = peers[i].peer; in clock_select()
3806 h = peers[i].synch; in clock_select()
3816 * algorithm. Use the first one found, but don't in clock_select()
3817 * include any of them in the cluster population. in clock_select()
3835 * driver, local driver or orphan parent in that order. If so, in clock_select()
3836 * nominate the first one found as the only survivor. in clock_select()
3837 * Otherwise, give up and leave the island to the rats. in clock_select()
3840 peers[0].error = 0; in clock_select()
3841 peers[0].synch = sys_mindisp; in clock_select()
3844 peers[0].peer = typeacts; in clock_select()
3847 peers[0].peer = typelocal; in clock_select()
3852 peers[0].peer = typeorphan; in clock_select()
3855 peers[0].peer = typelastresort; in clock_select()
3861 * Mark the candidates at this point as truechimers. in clock_select()
3864 peers[i].peer->new_status = CTL_PST_SEL_SELCAND; in clock_select()
3866 stoa(&peers[i].peer->srcadr), peers[i].synch)); in clock_select()
3871 * by root distance. Continue voting as long as there are more in clock_select()
3874 * jitter. Stop if we are about to discard a TRUE or PREFER in clock_select()
3875 * peer, who of course have the immunity idol. in clock_select()
3883 if (peers[i].error < d) in clock_select()
3884 d = peers[i].error; in clock_select()
3885 peers[i].seljit = 0; in clock_select()
3889 f += DIFF(peers[j].peer->offset, in clock_select()
3890 peers[i].peer->offset); in clock_select()
3891 peers[i].seljit = SQRT(f / (nlist - 1)); in clock_select()
3893 if (peers[i].seljit * peers[i].synch > e) { in clock_select()
3894 g = peers[i].seljit; in clock_select()
3895 e = peers[i].seljit * peers[i].synch; in clock_select()
3902 || ((FLAG_TRUE | FLAG_PREFER) & peers[k].peer->flags)) in clock_select()
3905 DPRINTF(3, ("select: drop %s seljit %.9f jit %.9f\n", in clock_select()
3906 ntoa(&peers[k].peer->srcadr), g, d)); in clock_select()
3908 peers[k].peer->new_status = CTL_PST_SEL_EXCESS; in clock_select()
3916 * peers. Note that unsynchronized peers cannot survive this in clock_select()
3917 * far. Count and mark these survivors. in clock_select()
3919 * While at it, count the number of leap warning bits found. in clock_select()
3920 * This will be used later to vote the system leap warning bit. in clock_select()
3922 * is always won. in clock_select()
3926 * stratum scaled by sys_mindisp (.001 by default). The goal of in clock_select()
3930 * sys_mindisp. in clock_select()
3932 * In contrast, ntpd 4.2.6 and earlier used stratum primarily in clock_select()
3934 * additional root distance per stratum. This heavy bias is no in clock_select()
3936 * more rational metric carrying the cumulative error budget. in clock_select()
3943 peer = peers[i].peer; in clock_select()
3961 speermet = peers[i].seljit * peers[i].synch + in clock_select()
3971 * building dark. Otherwise, do a clockhop dance. Ordinarily, in clock_select()
3972 * use the selected survivor speer. However, if the current in clock_select()
3974 * as long as it doesn't get too old or too ugly. in clock_select()
3979 typesystem = peers[speer].peer; in clock_select()
3987 sys_clockhop *= .5; in clock_select()
3988 DPRINTF(1, ("select: clockhop %d %.9f %.9f\n", in clock_select()
4000 * Mitigation rules of the game. We have the pick of the in clock_select()
4001 * litter in typesystem if any survivors are left. If in clock_select()
4002 * there is a prefer peer, use its offset and jitter. in clock_select()
4003 * Otherwise, use the combined offset and jitter of all kitters. in clock_select()
4016 DPRINTF(1, ("select: combine offset %.9f jitter %.9f\n", in clock_select()
4023 * and jitter. However, if this is the atom driver, use it only in clock_select()
4025 * are required. in clock_select()
4038 DPRINTF(1, ("select: pps offset %.9f jitter %.9f\n", in clock_select()
4045 * system peer. If so and this is an old update, keep the in clock_select()
4046 * current statistics, but do not update the clock. in clock_select()
4061 * stability. in clock_select()
4067 * We have found the alpha male. Wind the clock. in clock_select()
4081 int syspeer /* index of sys.peer */ in clock_combine()
4089 x = 1. / peers[i].synch; in clock_combine()
4091 z += x * peers[i].peer->offset; in clock_combine()
4092 w += x * DIFF(peers[i].peer->offset, in clock_combine()
4093 peers[syspeer].peer->offset); in clock_combine()
4096 sys_jitter = SQRT(w / y + SQUARE(peers[syspeer].seljit)); in clock_combine()
4123 * the alternatives are, and the various pros/cons. in root_distance()
4126 * other worse choices. in root_distance()
4134 * Careful squeak here. The value returned must be greater than in root_distance()
4136 * highly precise reference clocks. Note that the root distance in root_distance()
4138 * selection algorithm. in root_distance()
4147 * peer_xmit - send packet for persistent association.
4162 xpkt.li_vn_mode = PKT_LI_VN_MODE(sys_leap, peer->version, in peer_xmit()
4164 xpkt.stratum = STRATUM_TO_PKT(sys_stratum); in peer_xmit()
4165 xpkt.ppoll = peer->hpoll; in peer_xmit()
4166 xpkt.precision = sys_precision; in peer_xmit()
4167 xpkt.refid = sys_refid; in peer_xmit()
4168 xpkt.rootdelay = HTONS_FP(DTOFP(sys_rootdelay)); in peer_xmit()
4169 xpkt.rootdisp = HTONS_FP(DTOUFP(sys_rootdisp)); in peer_xmit()
4171 HTONL_FP(&sys_reftime, &xpkt.reftime); in peer_xmit()
4172 HTONL_FP(&peer->rec, &xpkt.org); in peer_xmit()
4173 HTONL_FP(&peer->dst, &xpkt.rec); in peer_xmit()
4177 * is authenticated and contains a MAC. If not, the transmitted in peer_xmit()
4178 * packet is not authenticated. in peer_xmit()
4182 * sent. Otherwise, it is not possible to compute a correct MAC in peer_xmit()
4183 * the recipient will accept. Thus, the I/O semantics have to do in peer_xmit()
4184 * a little more work. In particular, the wildcard interface in peer_xmit()
4185 * might not be usable. in peer_xmit()
4200 HTONL_FP(&xmt_tx, &xpkt.xmt); in peer_xmit()
4203 HTONL_FP(&xmt_tx, &xpkt.xmt); in peer_xmit()
4206 &xpkt.org); in peer_xmit()
4209 &xpkt.org); in peer_xmit()
4213 &xpkt.xmt); in peer_xmit()
4216 &xpkt.xmt); in peer_xmit()
4239 DPRINTF(1, ("peer_xmit: at %ld %s->%s mode %d len %zu xmt 0x%x.%08x\n", in peer_xmit()
4242 xmt_tx.l_ui, xmt_tx.l_uf)); in peer_xmit()
4248 * authenticated. If autokey is enabled, fuss with the various in peer_xmit()
4249 * modes; otherwise, symmetric key cryptography is used. in peer_xmit()
4259 * association ID and optional additional data. Optional in peer_xmit()
4261 * the data itself. Request messages are sent from a in peer_xmit()
4264 * path without ever matching an association. Response in peer_xmit()
4266 * a response bit and possibly an error bit set. In this in peer_xmit()
4268 * one command and one or more responses. in peer_xmit()
4271 * a private componet. Request and response messages in peer_xmit()
4273 * private component set to zero. Packets without in peer_xmit()
4275 * the session key is generated. in peer_xmit()
4281 * already done. Then, use the list in inverse in peer_xmit()
4282 * order, discarding keys once used. Keep the in peer_xmit()
4285 * compute propagation delay. in peer_xmit()
4289 * next key is used. This is to allow a client in peer_xmit()
4291 * identifier to verify authenticity. in peer_xmit()
4296 * broken. In that case, purge the keylist and in peer_xmit()
4297 * regenerate it. in peer_xmit()
4315 * required by the broadcast clients. Push them when a in peer_xmit()
4318 * other times. in peer_xmit()
4332 * required. The leapsecond exchange is optional. But, a in peer_xmit()
4335 * might loop until then. If a peer finds a broken in peer_xmit()
4337 * retrieve the autokey values. In any case, if a new in peer_xmit()
4338 * keylist is generated, the autokey values are pushed. in peer_xmit()
4344 * Parameter, certificate and identity. in peer_xmit()
4348 peer->associd, hostval.ptr); in peer_xmit()
4358 * Cookie and autokey. We request the cookie in peer_xmit()
4360 * are synchronized. But, this peer needs the in peer_xmit()
4361 * autokey values when the cookie is zero. Any in peer_xmit()
4363 * autokey values without being asked. If for in peer_xmit()
4366 * used to retrieve the autokey values. in peer_xmit()
4384 * values. in peer_xmit()
4391 peer->associd, hostval.ptr); in peer_xmit()
4399 * cookie and sign exchanges are required. The in peer_xmit()
4400 * leapsecond exchange is optional. If broadcast client in peer_xmit()
4403 * exchange, since the cookie is always zero. If the in peer_xmit()
4406 * values. in peer_xmit()
4411 * Parameter, certificate and identity. in peer_xmit()
4415 peer->associd, hostval.ptr); in peer_xmit()
4425 * Cookie and autokey. These are requests, but in peer_xmit()
4427 * rather than our own. in peer_xmit()
4439 * values. in peer_xmit()
4446 peer->associd, hostval.ptr); in peer_xmit()
4454 * Add a queued extension field if present. This is in peer_xmit()
4456 * in the message. If an error occurs, the error bit is in peer_xmit()
4457 * lit in the response. in peer_xmit()
4471 * Add an extension field created above. All but the in peer_xmit()
4472 * autokey response message are request messages. in peer_xmit()
4482 * Calculate the next session key. Since extension in peer_xmit()
4483 * fields are present, the cookie value is zero. in peer_xmit()
4498 HTONL_FP(&xmt_tx, &xpkt.xmt); in peer_xmit()
4501 HTONL_FP(&xmt_tx, &xpkt.xmt); in peer_xmit()
4503 HTONL_FP(&peer->borg, &xpkt.org); in peer_xmit()
4505 HTONL_FP(&peer->aorg, &xpkt.org); in peer_xmit()
4508 HTONL_FP(&peer->borg, &xpkt.xmt); in peer_xmit()
4510 HTONL_FP(&peer->aorg, &xpkt.xmt); in peer_xmit()
4574 L_ADD(t, &leap_smear.offset); in leap_smear_add_offs()
4587 * fast_xmit - Send packet for nonpersistent association. Note that
4588 * neither the source or destination can be a broadcast address.
4608 * buffer provided. We leave the fields intact as received, but in fast_xmit()
4610 * the system minimum poll (ntp_minpoll). This is for KoD rate in fast_xmit()
4612 * break anything. in fast_xmit()
4618 * a unicast endpoint. in fast_xmit()
4627 " reply to %s mcast.", in fast_xmit()
4637 * kiss code and (???) system root delay. Note we don't reveal in fast_xmit()
4639 * synchronization. in fast_xmit()
4643 xpkt.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOTINSYNC, in fast_xmit()
4645 xpkt.stratum = STRATUM_PKT_UNSPEC; in fast_xmit()
4646 xpkt.ppoll = max(rpkt->ppoll, ntp_minpoll); in fast_xmit()
4647 xpkt.precision = rpkt->precision; in fast_xmit()
4648 memcpy(&xpkt.refid, "RATE", 4); in fast_xmit()
4649 xpkt.rootdelay = rpkt->rootdelay; in fast_xmit()
4650 xpkt.rootdisp = rpkt->rootdisp; in fast_xmit()
4651 xpkt.reftime = rpkt->reftime; in fast_xmit()
4652 xpkt.org = rpkt->xmt; in fast_xmit()
4653 xpkt.rec = rpkt->xmt; in fast_xmit()
4654 xpkt.xmt = rpkt->xmt; in fast_xmit()
4657 * This is a normal packet. Use the system variables. in fast_xmit()
4665 * Make copies of the variables which can be affected by smearing. in fast_xmit()
4676 * reftime isn't later than the transmit/receive times. in fast_xmit()
4678 xpkt.li_vn_mode = PKT_LI_VN_MODE(xmt_leap, in fast_xmit()
4681 xpkt.stratum = STRATUM_TO_PKT(sys_stratum); in fast_xmit()
4682 xpkt.ppoll = max(rpkt->ppoll, ntp_minpoll); in fast_xmit()
4683 xpkt.precision = sys_precision; in fast_xmit()
4684 xpkt.refid = sys_refid; in fast_xmit()
4685 xpkt.rootdelay = HTONS_FP(DTOFP(sys_rootdelay)); in fast_xmit()
4716 xpkt.rootdisp = HTONS_FP(DTOUFP(this_rootdisp)); in fast_xmit()
4723 if (leap_smear.in_progress) { in fast_xmit()
4726 * reftime being later than the transmit time. in fast_xmit()
4732 HTONL_FP(&this_ref_time, &xpkt.reftime); in fast_xmit()
4739 if (leap_smear.in_progress) { in fast_xmit()
4740 xpkt.refid = convertLFPToRefID(leap_smear.offset); in fast_xmit()
4741 DPRINTF(2, ("fast_xmit: leap_smear.in_progress: refid %8x, smear %s\n", in fast_xmit()
4742 ntohl(xpkt.refid), in fast_xmit()
4743 lfptoa(&leap_smear.offset, 8) in fast_xmit()
4752 xpkt.org = rpkt->xmt; in fast_xmit()
4759 if (leap_smear.in_progress) in fast_xmit()
4761 HTONL_FP(&this_recv_time, &xpkt.rec); in fast_xmit()
4763 HTONL_FP(&rbufp->recv_time, &xpkt.rec); in fast_xmit()
4772 if (leap_smear.in_progress) in fast_xmit()
4775 HTONL_FP(&xmt_tx, &xpkt.xmt); in fast_xmit()
4787 * is authenticated and contains a MAC. If not, the transmitted in fast_xmit()
4788 * packet is not authenticated. in fast_xmit()
4803 * must be authenticated. For symmetric key cryptography, use in fast_xmit()
4805 * cryptosum. For autokey cryptography, use the server private in fast_xmit()
4807 * source-destination-key ID combination. in fast_xmit()
4816 * MODE_SERVER. If an extension field is present, there in fast_xmit()
4817 * can be only one and that must be a command. Do what in fast_xmit()
4819 * jerk can decode it. If no extension field is present, in fast_xmit()
4820 * use the cookie to generate the session key. in fast_xmit()
4856 * pool_xmit - resolve hostname or send unicast solicitation for pool.
4891 hints.ai_family = AF(&pool->srcadr); in pool_xmit()
4892 hints.ai_socktype = SOCK_DGRAM; in pool_xmit()
4893 hints.ai_protocol = IPPROTO_UDP; in pool_xmit()
4929 xpkt.li_vn_mode = PKT_LI_VN_MODE(sys_leap, pool->version, in pool_xmit()
4931 xpkt.stratum = STRATUM_TO_PKT(sys_stratum); in pool_xmit()
4932 xpkt.ppoll = pool->hpoll; in pool_xmit()
4933 xpkt.precision = sys_precision; in pool_xmit()
4934 xpkt.refid = sys_refid; in pool_xmit()
4935 xpkt.rootdelay = HTONS_FP(DTOFP(sys_rootdelay)); in pool_xmit()
4936 xpkt.rootdisp = HTONS_FP(DTOUFP(sys_rootdisp)); in pool_xmit()
4938 HTONL_FP(&sys_reftime, &xpkt.reftime); in pool_xmit()
4947 nonce.l_ui = ntp_random(); in pool_xmit()
4948 } while (0 == nonce.l_ui); in pool_xmit()
4950 nonce.l_uf = ntp_random(); in pool_xmit()
4951 } while (0 == nonce.l_uf); in pool_xmit()
4953 HTONL_FP(&nonce, &xpkt.xmt); in pool_xmit()
4956 HTONL_FP(&xmt_tx, &xpkt.xmt); in pool_xmit()
5072 * currently synced to this ntpd.
5073 * Note that until 4.2.8p18 and 4.3.1XX ntpd calculated the IPv6
5074 * refid differently on different-endian systems. It now calculates
5076 * in the past. On big-endian systems, ntpd also calculates a
5078 * as endpt.old_refid and also detects a loop when seeing it. This
5081 * loops with IPv6 refids correctly. Thanks to Hal Murray for
5082 * the byte-swapping idea.
5129 * greater than or equal to the ceiling. in peer_unfit()
5140 * plus the increment due to one host poll interval. in peer_unfit()
5152 * neither a reference clock nor an orphan. in peer_unfit()
5160 * the noselect bit is set. in peer_unfit()
5178 #define MAXLOOPS ((int)(1. / MINSTEP)) /* avoid infinite loop */
5183 * clock. However, if a difference is less than MINSTEP, the clock has
5185 * ignored. We set MINSTEP greater than zero in case something happens
5188 * using an underlying stepping (not interpolated) clock.
5192 * size for lower-precision stepping clocks.
5196 * the underlying clock. With either type of clock, the minimum time
5198 * get_systime() readings always increase and are fuzzed below sys_fuzz.
5205 * is effectively disabled. trunc_os_clock is FALSE to disable in measure_precision()
5206 * get_ostime() simulation of a low-precision system clock. in measure_precision()
5208 set_sys_fuzz(0.); in measure_precision()
5212 msyslog(LOG_INFO, "proto: precision = %.3f usec (%d)", in measure_precision()
5215 msyslog(LOG_NOTICE, "proto: fuzz beneath %.3f usec", in measure_precision()
5226 * between successive clock readings and the time to read the clock.
5285 if (tick > 1.) { in set_sys_tick_precision()
5287 "unsupported tick %.3f > 1s ignored", tick); in set_sys_tick_precision()
5292 "proto: tick %.3f less than measured tick %.3f, ignored", in set_sys_tick_precision()
5298 "proto: truncating system clock to multiples of %.9f", in set_sys_tick_precision()
5304 * Find the nearest power of two. in set_sys_tick_precision()
5325 * Fill in the sys_* stuff. Default is don't listen to in init_proto()
5326 * broadcasting, require authentication. in init_proto()
5375 * enable and disable commands - arguments are Boolean. in proto_config()