1 /*
2 * ntp_io.c - input/output routines for ntpd. The socket-opening code
3 * was shamelessly stolen from ntpd.
4 */
5
6 #ifdef HAVE_CONFIG_H
7 # include <config.h>
8 #endif
9
10 #include <stdio.h>
11 #include <signal.h>
12 #ifdef HAVE_FNMATCH_H
13 # include <fnmatch.h>
14 # if !defined(FNM_CASEFOLD) && defined(FNM_IGNORECASE)
15 # define FNM_CASEFOLD FNM_IGNORECASE
16 # endif
17 #endif
18 #ifdef HAVE_SYS_PARAM_H
19 # include <sys/param.h>
20 #endif
21 #ifdef HAVE_SYS_IOCTL_H
22 # include <sys/ioctl.h>
23 #endif
24 #ifdef HAVE_SYS_SOCKIO_H /* UXPV: SIOC* #defines (Frank Vance <fvance@waii.com>) */
25 # include <sys/sockio.h>
26 #endif
27 #ifdef HAVE_SYS_UIO_H
28 # include <sys/uio.h>
29 #endif
30
31 #include "ntp_machine.h"
32 #include "ntpd.h"
33 #include "ntp_io.h"
34 #include "iosignal.h"
35 #include "ntp_lists.h"
36 #include "ntp_refclock.h"
37 #include "ntp_stdlib.h"
38 #include "ntp_worker.h"
39 #include "ntp_request.h"
40 #include "ntp_assert.h"
41 #include "timevalops.h"
42 #include "timespecops.h"
43 #include "ntpd-opts.h"
44 #include "safecast.h"
45
46 /* Don't include ISC's version of IPv6 variables and structures */
47 #define ISC_IPV6_H 1
48 #include <isc/mem.h>
49 #include <isc/interfaceiter.h>
50 #include <isc/netaddr.h>
51 #include <isc/result.h>
52 #include <isc/sockaddr.h>
53
54 #ifdef SIM
55 #include "ntpsim.h"
56 #endif
57
58 #ifdef HAS_ROUTING_SOCKET
59 # include <net/route.h>
60 # ifdef HAVE_RTNETLINK
61 # include <linux/rtnetlink.h>
62 # endif
63 #endif
64
65 /*
66 * setsockopt does not always have the same arg declaration
67 * across all platforms. If it's not defined we make it empty
68 */
69
70 #ifndef SETSOCKOPT_ARG_CAST
71 #define SETSOCKOPT_ARG_CAST
72 #endif
73
74 extern int listen_to_virtual_ips;
75
76 #ifndef IPTOS_DSCP_EF
77 #define IPTOS_DSCP_EF 0xb8
78 #endif
79 int qos = IPTOS_DSCP_EF; /* QoS RFC3246 */
80
81 #ifdef LEAP_SMEAR
82 /* TODO burnicki: This should be moved to ntp_timer.c, but if we do so
83 * we get a linker error. Since we're running out of time before the leap
84 * second occurs, we let it here where it just works.
85 */
86 int leap_smear_intv;
87 #endif
88
89 /*
90 * NIC rule entry
91 */
92 typedef struct nic_rule_tag nic_rule;
93
94 struct nic_rule_tag {
95 nic_rule * next;
96 nic_rule_action action;
97 nic_rule_match match_type;
98 char * if_name;
99 sockaddr_u addr;
100 int prefixlen;
101 };
102
103 /*
104 * NIC rule listhead. Entries are added at the head so that the first
105 * match in the list is the last matching rule specified.
106 */
107 nic_rule *nic_rule_list;
108
109
110 #if defined(SO_BINTIME) && defined(SCM_BINTIME) && defined(CMSG_FIRSTHDR)
111 # define HAVE_PACKET_TIMESTAMP
112 # define HAVE_BINTIME
113 # ifdef BINTIME_CTLMSGBUF_SIZE
114 # define CMSG_BUFSIZE BINTIME_CTLMSGBUF_SIZE
115 # else
116 # define CMSG_BUFSIZE 1536 /* moderate default */
117 # endif
118 #elif defined(SO_TIMESTAMPNS) && defined(SCM_TIMESTAMPNS) && defined(CMSG_FIRSTHDR)
119 # define HAVE_PACKET_TIMESTAMP
120 # define HAVE_TIMESTAMPNS
121 # ifdef TIMESTAMPNS_CTLMSGBUF_SIZE
122 # define CMSG_BUFSIZE TIMESTAMPNS_CTLMSGBUF_SIZE
123 # else
124 # define CMSG_BUFSIZE 1536 /* moderate default */
125 # endif
126 #elif defined(SO_TIMESTAMP) && defined(SCM_TIMESTAMP) && defined(CMSG_FIRSTHDR)
127 # define HAVE_PACKET_TIMESTAMP
128 # define HAVE_TIMESTAMP
129 # ifdef TIMESTAMP_CTLMSGBUF_SIZE
130 # define CMSG_BUFSIZE TIMESTAMP_CTLMSGBUF_SIZE
131 # else
132 # define CMSG_BUFSIZE 1536 /* moderate default */
133 # endif
134 #else
135 /* fill in for old/other timestamp interfaces */
136 #endif
137
138 #if defined(SYS_WINNT)
139 #include "win32_io.h"
140 #include <isc/win32os.h>
141 #endif
142
143 /*
144 * We do asynchronous input using the SIGIO facility. A number of
145 * recvbuf buffers are preallocated for input. In the signal
146 * handler we poll to see which sockets are ready and read the
147 * packets from them into the recvbuf's along with a time stamp and
148 * an indication of the source host and the interface it was received
149 * through. This allows us to get as accurate receive time stamps
150 * as possible independent of other processing going on.
151 *
152 * We watch the number of recvbufs available to the signal handler
153 * and allocate more when this number drops below the low water
154 * mark. If the signal handler should run out of buffers in the
155 * interim it will drop incoming frames, the idea being that it is
156 * better to drop a packet than to be inaccurate.
157 */
158
159
160 /*
161 * Other statistics of possible interest
162 */
163 volatile u_long packets_dropped; /* total number of packets dropped on reception */
164 volatile u_long packets_ignored; /* packets received on wild card interface */
165 volatile u_long packets_received; /* total number of packets received */
166 u_long packets_sent; /* total number of packets sent */
167 u_long packets_notsent; /* total number of packets which couldn't be sent */
168
169 volatile u_long handler_calls; /* number of calls to interrupt handler */
170 volatile u_long handler_pkts; /* number of pkts received by handler */
171 u_long io_timereset; /* time counters were reset */
172
173 /*
174 * Interface stuff
175 */
176 endpt * any_interface; /* wildcard ipv4 interface */
177 endpt * any6_interface; /* wildcard ipv6 interface */
178 endpt * loopback_interface; /* loopback ipv4 interface */
179
180 static isc_boolean_t broadcast_client_enabled;
181 u_int sys_ifnum; /* next .ifnum to assign */
182 int ninterfaces; /* Total number of interfaces */
183
184 int no_periodic_scan; /* network endpoint scans */
185 int scan_addrs_once; /* because dropped privs */
186 int nonlocal_v4_addr_up; /* should we try IPv4 pool? */
187 int nonlocal_v6_addr_up; /* should we try IPv6 pool? */
188
189 #ifdef REFCLOCK
190 /*
191 * Refclock stuff. We keep a chain of structures with data concerning
192 * the guys we are doing I/O for.
193 */
194 static struct refclockio *refio;
195 #endif /* REFCLOCK */
196
197 /*
198 * File descriptor masks etc. for call to select
199 * Not needed for I/O Completion Ports or anything outside this file
200 */
201 static fd_set activefds;
202 static int maxactivefd;
203
204 /*
205 * bit alternating value to detect verified interfaces during an update cycle
206 */
207 static u_short sys_interphase = 0;
208
209 static endpt * new_interface(endpt *);
210 static void add_interface(endpt *);
211 static int update_interfaces(u_short, interface_receiver_t,
212 void *);
213 static void remove_interface(endpt *);
214 static endpt * create_interface(u_short, endpt *);
215
216 static inline int is_wildcard_addr(const sockaddr_u *psau);
217
218 /*
219 * Multicast functions
220 */
221 static isc_boolean_t addr_ismulticast (sockaddr_u *);
222 static isc_boolean_t is_anycast (sockaddr_u *,
223 const char *);
224
225 /*
226 * Not all platforms support multicast
227 */
228 #ifdef MCAST
229 static isc_boolean_t socket_multicast_enable (endpt *, sockaddr_u *);
230 static isc_boolean_t socket_multicast_disable(endpt *, sockaddr_u *);
231 #endif
232
233 #ifdef DEBUG
234 static void interface_dump (const endpt *);
235 static void print_interface (const endpt *, const char *, const char *);
236 #define DPRINT_INTERFACE(level, args) do { if (debug >= (level)) { print_interface args; } } while (0)
237 #else
238 #define DPRINT_INTERFACE(level, args) do {} while (0)
239 #endif
240
241 typedef struct vsock vsock_t;
242 enum desc_type { FD_TYPE_SOCKET, FD_TYPE_FILE };
243
244 struct vsock {
245 vsock_t * link;
246 SOCKET fd;
247 enum desc_type type;
248 };
249
250 vsock_t *fd_list;
251
252 #if !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET)
253 /*
254 * async notification processing (e. g. routing sockets)
255 */
256 /*
257 * support for receiving data on fd that is not a refclock or a socket
258 * like e. g. routing sockets
259 */
260 struct asyncio_reader {
261 struct asyncio_reader *link; /* the list this is being kept in */
262 SOCKET fd; /* fd to be read */
263 void *data; /* possibly local data */
264 void (*receiver)(struct asyncio_reader *); /* input handler */
265 };
266
267 struct asyncio_reader *asyncio_reader_list;
268
269 static void delete_asyncio_reader (struct asyncio_reader *);
270 static struct asyncio_reader *new_asyncio_reader (void);
271 static void add_asyncio_reader (struct asyncio_reader *, enum desc_type);
272 static void remove_asyncio_reader (struct asyncio_reader *);
273
274 #endif /* !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) */
275
276 static void init_async_notifications (void);
277
278 static int addr_eqprefix (const sockaddr_u *, const sockaddr_u *,
279 int);
280 static int addr_samesubnet (const sockaddr_u *, const sockaddr_u *,
281 const sockaddr_u *, const sockaddr_u *);
282 static int create_sockets (u_short);
283 static SOCKET open_socket (sockaddr_u *, int, int, endpt *);
284 static void set_reuseaddr (int);
285 static isc_boolean_t socket_broadcast_enable (endpt *, SOCKET, sockaddr_u *);
286
287 #if !defined(HAVE_IO_COMPLETION_PORT) && !defined(HAVE_SIGNALED_IO)
288 static char * fdbits (int, const fd_set *);
289 #endif
290 #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES
291 static isc_boolean_t socket_broadcast_disable (endpt *, sockaddr_u *);
292 #endif
293
294 typedef struct remaddr remaddr_t;
295
296 struct remaddr {
297 remaddr_t * link;
298 sockaddr_u addr;
299 endpt * ep;
300 };
301
302 remaddr_t * remoteaddr_list;
303 endpt * ep_list; /* complete endpt list */
304 endpt * mc4_list; /* IPv4 mcast-capable unicast endpts */
305 endpt * mc6_list; /* IPv6 mcast-capable unicast endpts */
306
307 static endpt * wildipv4;
308 static endpt * wildipv6;
309
310 #define RFC3927_ADDR 0xa9fe0000 /* 169.254. */
311 #define RFC3927_MASK 0xffff0000
312 #define IS_AUTOCONF(addr4) \
313 ((SRCADR(addr4) & RFC3927_MASK) == RFC3927_ADDR)
314
315 #ifdef SYS_WINNT
316 int accept_wildcard_if_for_winnt;
317 #else
318 const int accept_wildcard_if_for_winnt = FALSE;
319 #define init_io_completion_port() do {} while (FALSE)
320 #endif
321
322 static void add_fd_to_list (SOCKET, enum desc_type);
323 static endpt * find_addr_in_list (sockaddr_u *);
324 static endpt * find_flagged_addr_in_list(sockaddr_u *, u_int32);
325 static void delete_addr_from_list (sockaddr_u *);
326 static void delete_interface_from_list(endpt *);
327 static void close_and_delete_fd_from_list(SOCKET, endpt *);
328 static void add_addr_to_list (sockaddr_u *, endpt *);
329 static void create_wildcards (u_short);
330 static endpt * findlocalinterface (sockaddr_u *, int, int);
331 static endpt * findclosestinterface (sockaddr_u *, int);
332 #ifdef DEBUG
333 static const char * action_text (nic_rule_action);
334 #endif
335 static nic_rule_action interface_action(char *, sockaddr_u *, u_int32);
336 static void convert_isc_if (isc_interface_t *,
337 endpt *, u_short);
338 static void calc_addr_distance(sockaddr_u *,
339 const sockaddr_u *,
340 const sockaddr_u *);
341 static int cmp_addr_distance(const sockaddr_u *,
342 const sockaddr_u *);
343
344 /*
345 * Routines to read the ntp packets
346 */
347 #if !defined(HAVE_IO_COMPLETION_PORT)
348 static inline int read_network_packet (SOCKET, endpt *, l_fp);
349 static void ntpd_addremove_io_fd (int, int, int);
350 static void input_handler_scan (const l_fp*, const fd_set*);
351 static int/*BOOL*/ sanitize_fdset (int errc);
352 #ifdef REFCLOCK
353 static inline int read_refclock_packet (SOCKET, struct refclockio *, l_fp);
354 #endif
355 #ifdef HAVE_SIGNALED_IO
356 static void input_handler (l_fp*);
357 #endif
358 #endif
359
360
361 #ifndef HAVE_IO_COMPLETION_PORT
362 void
maintain_activefds(int fd,int closing)363 maintain_activefds(
364 int fd,
365 int closing
366 )
367 {
368 int i;
369
370 if (fd < 0 || fd >= FD_SETSIZE) {
371 msyslog(LOG_ERR,
372 "Too many sockets in use, FD_SETSIZE %d exceeded by fd %d",
373 FD_SETSIZE, fd);
374 exit(1);
375 }
376
377 if (!closing) {
378 FD_SET(fd, &activefds);
379 maxactivefd = max(fd, maxactivefd);
380 } else {
381 FD_CLR(fd, &activefds);
382 if (maxactivefd && fd == maxactivefd) {
383 for (i = maxactivefd - 1; i >= 0; i--)
384 if (FD_ISSET(i, &activefds)) {
385 maxactivefd = i;
386 break;
387 }
388 INSIST(fd != maxactivefd);
389 }
390 }
391 }
392 #endif /* !HAVE_IO_COMPLETION_PORT */
393
394
395 #ifdef DEBUG_TIMING
396 /*
397 * collect timing information for various processing
398 * paths. currently we only pass them on to the file
399 * for later processing. this could also do histogram
400 * based analysis in other to reduce the load (and skew)
401 * dur to the file output
402 */
403 void
collect_timing(struct recvbuf * rb,const char * tag,int count,l_fp * dts)404 collect_timing(struct recvbuf *rb, const char *tag, int count, l_fp *dts)
405 {
406 char buf[256];
407
408 snprintf(buf, sizeof(buf), "%s %d %s %s",
409 (rb != NULL)
410 ? ((rb->dstadr != NULL)
411 ? stoa(&rb->recv_srcadr)
412 : "-REFCLOCK-")
413 : "-",
414 count, lfptoa(dts, 9), tag);
415 record_timing_stats(buf);
416 }
417 #endif
418
419 /*
420 * About dynamic interfaces, sockets, reception and more...
421 *
422 * the code solves following tasks:
423 *
424 * - keep a current list of active interfaces in order
425 * to bind to to the interface address on NTP_PORT so that
426 * all wild and specific bindings for NTP_PORT are taken by ntpd
427 * to avoid other daemons messing with the time or sockets.
428 * - all interfaces keep a list of peers that are referencing
429 * the interface in order to quickly re-assign the peers to
430 * new interface in case an interface is deleted (=> gone from system or
431 * down)
432 * - have a preconfigured socket ready with the right local address
433 * for transmission and reception
434 * - have an address list for all destination addresses used within ntpd
435 * to find the "right" preconfigured socket.
436 * - facilitate updating the internal interface list with respect to
437 * the current kernel state
438 *
439 * special issues:
440 *
441 * - mapping of multicast addresses to the interface affected is not always
442 * one to one - especially on hosts with multiple interfaces
443 * the code here currently allocates a separate interface entry for those
444 * multicast addresses
445 * iff it is able to bind to a *new* socket with the multicast address (flags |= MCASTIF)
446 * in case of failure the multicast address is bound to an existing interface.
447 * - on some systems it is perfectly legal to assign the same address to
448 * multiple interfaces. Therefore this code does not keep a list of interfaces
449 * but a list of interfaces that represent a unique address as determined by the kernel
450 * by the procedure in findlocalinterface. Thus it is perfectly legal to see only
451 * one representative of a group of real interfaces if they share the same address.
452 *
453 * Frank Kardel 20050910
454 */
455
456 /*
457 * init_io - initialize I/O module.
458 */
459 void
init_io(void)460 init_io(void)
461 {
462 /* Init buffer free list and stat counters */
463 init_recvbuff(RECV_INIT);
464 /* update interface every 5 minutes as default */
465 endpt_scan_period = 301;
466
467 #ifdef WORK_PIPE
468 addremove_io_fd = &ntpd_addremove_io_fd;
469 #endif
470
471 init_io_completion_port();
472 #if defined(HAVE_SIGNALED_IO)
473 (void) set_signal(input_handler);
474 #endif
475 }
476
477
478 static void
ntpd_addremove_io_fd(int fd,int is_pipe,int remove_it)479 ntpd_addremove_io_fd(
480 int fd,
481 int is_pipe,
482 int remove_it
483 )
484 {
485 UNUSED_ARG(is_pipe);
486
487 #ifdef HAVE_SIGNALED_IO
488 if (!remove_it)
489 init_socket_sig(fd);
490 #endif /* not HAVE_SIGNALED_IO */
491
492 maintain_activefds(fd, remove_it);
493 }
494
495
496 /*
497 * io_open_sockets - call socket creation routine
498 */
499 void
io_open_sockets(void)500 io_open_sockets(void)
501 {
502 static int already_opened;
503
504 if (already_opened || HAVE_OPT( SAVECONFIGQUIT ))
505 return;
506
507 already_opened = 1;
508
509 /*
510 * Create the sockets
511 */
512 BLOCKIO();
513 create_sockets(NTP_PORT);
514 UNBLOCKIO();
515
516 init_async_notifications();
517
518 DPRINTF(3, ("io_open_sockets: maxactivefd %d\n", maxactivefd));
519 }
520
521
522 #ifdef DEBUG
523 /*
524 * function to dump the contents of the interface structure
525 * for debugging use only.
526 * We face a dilemma here -- sockets are FDs under POSIX and
527 * actually HANDLES under Windows. So we use '%lld' as format
528 * and cast the value to 'long long'; this should not hurt
529 * with UNIX-like systems and does not truncate values on Win64.
530 */
531 void
interface_dump(const endpt * itf)532 interface_dump(const endpt *itf)
533 {
534 printf("Dumping interface: %p\n", itf);
535 printf("fd = %lld\n", (long long)itf->fd);
536 printf("bfd = %lld\n", (long long)itf->bfd);
537 printf("sin = %s,\n", stoa(&itf->sin));
538 printf("bcast = %s,\n", stoa(&itf->bcast));
539 printf("mask = %s,\n", stoa(&itf->mask));
540 printf("name = %s\n", itf->name);
541 printf("flags = 0x%08x\n", itf->flags);
542 printf("last_ttl = %d\n", itf->last_ttl);
543 printf("addr_refid = %08x\n", itf->addr_refid);
544 printf("num_mcast = %d\n", itf->num_mcast);
545 printf("received = %ld\n", itf->received);
546 printf("sent = %ld\n", itf->sent);
547 printf("notsent = %ld\n", itf->notsent);
548 printf("ifindex = %u\n", itf->ifindex);
549 printf("peercnt = %u\n", itf->peercnt);
550 printf("phase = %u\n", itf->phase);
551 }
552
553
554 /*
555 * print_interface - helper to output debug information
556 */
557 static void
print_interface(const endpt * iface,const char * pfx,const char * sfx)558 print_interface(const endpt *iface, const char *pfx, const char *sfx)
559 {
560 printf("%sinterface #%d: fd=%lld, bfd=%lld, name=%s, flags=0x%x, ifindex=%u, sin=%s",
561 pfx,
562 iface->ifnum,
563 (long long)iface->fd,
564 (long long)iface->bfd,
565 iface->name,
566 iface->flags,
567 iface->ifindex,
568 stoa(&iface->sin));
569 if (AF_INET == iface->family) {
570 if (iface->flags & INT_BROADCAST)
571 printf(", bcast=%s", stoa(&iface->bcast));
572 printf(", mask=%s", stoa(&iface->mask));
573 }
574 printf(", %s:%s",
575 (iface->ignore_packets)
576 ? "Disabled"
577 : "Enabled",
578 sfx);
579 if (debug > 4) /* in-depth debugging only */
580 interface_dump(iface);
581 }
582 #endif
583
584 #if !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET)
585 /*
586 * create an asyncio_reader structure
587 */
588 static struct asyncio_reader *
new_asyncio_reader(void)589 new_asyncio_reader(void)
590 {
591 struct asyncio_reader *reader;
592
593 reader = emalloc_zero(sizeof(*reader));
594 reader->fd = INVALID_SOCKET;
595
596 return reader;
597 }
598
599 /*
600 * delete a reader
601 */
602 static void
delete_asyncio_reader(struct asyncio_reader * reader)603 delete_asyncio_reader(
604 struct asyncio_reader *reader
605 )
606 {
607 free(reader);
608 }
609
610 /*
611 * add asynchio_reader
612 */
613 static void
add_asyncio_reader(struct asyncio_reader * reader,enum desc_type type)614 add_asyncio_reader(
615 struct asyncio_reader * reader,
616 enum desc_type type)
617 {
618 LINK_SLIST(asyncio_reader_list, reader, link);
619 add_fd_to_list(reader->fd, type);
620 }
621
622 /*
623 * remove asyncio_reader
624 */
625 static void
remove_asyncio_reader(struct asyncio_reader * reader)626 remove_asyncio_reader(
627 struct asyncio_reader *reader
628 )
629 {
630 struct asyncio_reader *unlinked;
631
632 UNLINK_SLIST(unlinked, asyncio_reader_list, reader, link,
633 struct asyncio_reader);
634
635 if (reader->fd != INVALID_SOCKET) {
636 close_and_delete_fd_from_list(reader->fd, NULL);
637 }
638 reader->fd = INVALID_SOCKET;
639 }
640 #endif /* !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) */
641
642
643 /* compare two sockaddr prefixes */
644 static int
addr_eqprefix(const sockaddr_u * a,const sockaddr_u * b,int prefixlen)645 addr_eqprefix(
646 const sockaddr_u * a,
647 const sockaddr_u * b,
648 int prefixlen
649 )
650 {
651 isc_netaddr_t isc_a;
652 isc_netaddr_t isc_b;
653 isc_sockaddr_t isc_sa;
654
655 ZERO(isc_sa);
656 memcpy(&isc_sa.type, a, min(sizeof(isc_sa.type), sizeof(*a)));
657 isc_netaddr_fromsockaddr(&isc_a, &isc_sa);
658
659 ZERO(isc_sa);
660 memcpy(&isc_sa.type, b, min(sizeof(isc_sa.type), sizeof(*b)));
661 isc_netaddr_fromsockaddr(&isc_b, &isc_sa);
662
663 return (int)isc_netaddr_eqprefix(&isc_a, &isc_b,
664 (u_int)prefixlen);
665 }
666
667
668 static int
addr_samesubnet(const sockaddr_u * a,const sockaddr_u * a_mask,const sockaddr_u * b,const sockaddr_u * b_mask)669 addr_samesubnet(
670 const sockaddr_u * a,
671 const sockaddr_u * a_mask,
672 const sockaddr_u * b,
673 const sockaddr_u * b_mask
674 )
675 {
676 const u_int32 * pa;
677 const u_int32 * pa_limit;
678 const u_int32 * pb;
679 const u_int32 * pm;
680 size_t loops;
681
682 REQUIRE(AF(a) == AF(a_mask));
683 REQUIRE(AF(b) == AF(b_mask));
684 /*
685 * With address and mask families verified to match, comparing
686 * the masks also validates the address's families match.
687 */
688 if (!SOCK_EQ(a_mask, b_mask))
689 return FALSE;
690
691 if (IS_IPV6(a)) {
692 loops = sizeof(NSRCADR6(a)) / sizeof(*pa);
693 pa = (const void *)&NSRCADR6(a);
694 pb = (const void *)&NSRCADR6(b);
695 pm = (const void *)&NSRCADR6(a_mask);
696 } else {
697 loops = sizeof(NSRCADR(a)) / sizeof(*pa);
698 pa = (const void *)&NSRCADR(a);
699 pb = (const void *)&NSRCADR(b);
700 pm = (const void *)&NSRCADR(a_mask);
701 }
702 for (pa_limit = pa + loops; pa < pa_limit; pa++, pb++, pm++)
703 if ((*pa & *pm) != (*pb & *pm))
704 return FALSE;
705
706 return TRUE;
707 }
708
709
710 /*
711 * interface list enumerator - visitor pattern
712 */
713 void
interface_enumerate(interface_receiver_t receiver,void * data)714 interface_enumerate(
715 interface_receiver_t receiver,
716 void * data
717 )
718 {
719 interface_info_t ifi;
720
721 ifi.action = IFS_EXISTS;
722 for (ifi.ep = ep_list; ifi.ep != NULL; ifi.ep = ifi.ep->elink)
723 (*receiver)(data, &ifi);
724 }
725
726 /*
727 * do standard initialization of interface structure
728 */
729 static inline void
init_interface(endpt * ep)730 init_interface(
731 endpt *ep
732 )
733 {
734 ZERO(*ep);
735 ep->fd = INVALID_SOCKET;
736 ep->bfd = INVALID_SOCKET;
737 ep->phase = sys_interphase;
738 }
739
740
741 /*
742 * create new interface structure initialize from
743 * template structure or via standard initialization
744 * function
745 */
746 static endpt *
new_interface(endpt * protot)747 new_interface(
748 endpt *protot
749 )
750 {
751 endpt * iface;
752
753 iface = emalloc(sizeof(*iface));
754 if (NULL == protot) {
755 ZERO(*iface);
756 } else {
757 memcpy(iface, protot, sizeof(*iface));
758 }
759 /* count every new instance of an interface in the system */
760 iface->ifnum = sys_ifnum++;
761 iface->starttime = current_time;
762
763 # ifdef HAVE_IO_COMPLETION_PORT
764 if (!io_completion_port_add_interface(iface)) {
765 msyslog(LOG_EMERG, "cannot register interface with IO engine -- will exit now");
766 exit(1);
767 }
768 # endif
769 return iface;
770 }
771
772
773 /*
774 * return interface storage into free memory pool
775 */
776 static void
delete_interface(endpt * ep)777 delete_interface(
778 endpt *ep
779 )
780 {
781 # ifdef HAVE_IO_COMPLETION_PORT
782 io_completion_port_remove_interface(ep);
783 # endif
784 free(ep);
785 }
786
787
788 /*
789 * link interface into list of known interfaces
790 */
791 static void
add_interface(endpt * ep)792 add_interface(
793 endpt * ep
794 )
795 {
796 endpt ** pmclisthead;
797 endpt * scan;
798 endpt * scan_next;
799 int same_subnet;
800 int rc;
801
802 /* Calculate the refid */
803 ep->addr_refid = addr2refid(&ep->sin);
804 # ifdef WORDS_BIGENDIAN
805 if (IS_IPV6(&ep->sin)) {
806 ep->old_refid = BYTESWAP32(ep->addr_refid);
807 }
808 # endif
809 /* link at tail so ntpdc -c ifstats index increases each row */
810 LINK_TAIL_SLIST(ep_list, ep, elink, endpt);
811 ninterfaces++;
812 #ifdef MCAST
813 /* the rest is for enabled multicast-capable addresses only */
814 if (ep->ignore_packets || !(INT_MULTICAST & ep->flags) ||
815 INT_LOOPBACK & ep->flags)
816 return;
817 # ifndef INCLUDE_IPV6_MULTICAST_SUPPORT
818 if (AF_INET6 == ep->family)
819 return;
820 # endif
821 pmclisthead = (AF_INET == ep->family)
822 ? &mc4_list
823 : &mc6_list;
824
825 /*
826 * If we have multiple global addresses from the same prefix
827 * on the same network interface, multicast from one.
828 */
829 for (scan = *pmclisthead; scan != NULL; scan = scan_next) {
830 scan_next = scan->mclink;
831 if ( ep->family != scan->family
832 || ep->ifindex != scan->ifindex) {
833 continue;
834 }
835 same_subnet = addr_samesubnet(&ep->sin, &ep->mask,
836 &scan->sin, &scan->mask);
837 if (same_subnet) {
838 DPRINTF(4, ("did not add %s to multicast-capable list"
839 "which already has %s\n",
840 stoa(&ep->sin), stoa(&scan->sin)));
841 return;
842 }
843 }
844 LINK_SLIST(*pmclisthead, ep, mclink);
845 if (INVALID_SOCKET == ep->fd)
846 return;
847
848 /*
849 * select the local address from which to send to multicast.
850 */
851 switch (AF(&ep->sin)) {
852
853 case AF_INET :
854 rc = setsockopt(ep->fd, IPPROTO_IP,
855 IP_MULTICAST_IF,
856 (void *)&NSRCADR(&ep->sin),
857 sizeof(NSRCADR(&ep->sin)));
858 if (rc)
859 msyslog(LOG_ERR,
860 "setsockopt IP_MULTICAST_IF %s fails: %m",
861 stoa(&ep->sin));
862 break;
863
864 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
865 case AF_INET6 :
866 rc = setsockopt(ep->fd, IPPROTO_IPV6,
867 IPV6_MULTICAST_IF,
868 (void *)&ep->ifindex,
869 sizeof(ep->ifindex));
870 /* do not complain if bound addr scope is ifindex */
871 if (rc && ep->ifindex != SCOPE(&ep->sin))
872 msyslog(LOG_ERR,
873 "setsockopt IPV6_MULTICAST_IF %u for %s fails: %m",
874 ep->ifindex, stoa(&ep->sin));
875 break;
876 # endif
877 }
878 #endif /* MCAST */
879 }
880
881
882 /*
883 * remove interface from known interface list and clean up
884 * associated resources
885 */
886 static void
remove_interface(endpt * ep)887 remove_interface(
888 endpt * ep
889 )
890 {
891 endpt * unlinked;
892 endpt ** pmclisthead;
893 sockaddr_u resmask;
894 int/*BOOL*/ success;
895
896 UNLINK_SLIST(unlinked, ep_list, ep, elink, endpt);
897 if (!ep->ignore_packets && INT_MULTICAST & ep->flags) {
898 pmclisthead = (AF_INET == ep->family)
899 ? &mc4_list
900 : &mc6_list;
901 UNLINK_SLIST(unlinked, *pmclisthead, ep, mclink, endpt);
902 DPRINTF(4, ("%s %s IPv%s multicast-capable unicast local address list\n",
903 stoa(&ep->sin),
904 (unlinked != NULL)
905 ? "removed from"
906 : "not found on",
907 (AF_INET == ep->family)
908 ? "4"
909 : "6"));
910 }
911 delete_interface_from_list(ep);
912
913 if (ep->fd != INVALID_SOCKET) {
914 msyslog(LOG_INFO,
915 "Deleting %d %s, [%s]:%hd, stats:"
916 " received=%ld, sent=%ld, dropped=%ld,"
917 " active_time=%ld secs",
918 ep->ifnum,
919 ep->name,
920 stoa(&ep->sin),
921 SRCPORT(&ep->sin),
922 ep->received,
923 ep->sent,
924 ep->notsent,
925 current_time - ep->starttime);
926 close_and_delete_fd_from_list(ep->fd, ep);
927 ep->fd = INVALID_SOCKET;
928 }
929
930 if (ep->bfd != INVALID_SOCKET) {
931 msyslog(LOG_INFO,
932 "stop listening for broadcasts to %s on interface #%d %s",
933 stoa(&ep->bcast), ep->ifnum, ep->name);
934 close_and_delete_fd_from_list(ep->bfd, ep);
935 ep->bfd = INVALID_SOCKET;
936 }
937 # ifdef HAVE_IO_COMPLETION_PORT
938 io_completion_port_remove_interface(ep);
939 # endif
940
941 ninterfaces--;
942 mon_clearinterface(ep);
943
944 /* remove restrict interface entry */
945 SET_HOSTMASK(&resmask, AF(&ep->sin));
946 success = hack_restrict(RESTRICT_REMOVEIF, &ep->sin, &resmask, 0,
947 RESM_NTPONLY | RESM_INTERFACE, 0, 0);
948 if (!success) {
949 msyslog(LOG_ERR,
950 "unable to remove self-restriction for %s",
951 stoa(&ep->sin));
952 }
953
954 }
955
956
957 static void
log_listen_address(endpt * ep)958 log_listen_address(
959 endpt * ep
960 )
961 {
962 msyslog(LOG_INFO, "%s on %d %s %s",
963 (ep->ignore_packets)
964 ? "Listen and drop"
965 : "Listen normally",
966 ep->ifnum,
967 ep->name,
968 sptoa(&ep->sin));
969 }
970
971
972 static void
create_wildcards(u_short port)973 create_wildcards(
974 u_short port
975 )
976 {
977 int v4wild;
978 #ifdef INCLUDE_IPV6_SUPPORT
979 int v6wild;
980 #endif
981 sockaddr_u wildaddr;
982 nic_rule_action action;
983 endpt * wildif;
984
985 /*
986 * silence "potentially uninitialized" warnings from VC9
987 * failing to follow the logic. Ideally action could remain
988 * uninitialized, and the memset be the first statement under
989 * the first if (v4wild).
990 */
991 action = ACTION_LISTEN;
992 ZERO(wildaddr);
993
994 #ifdef INCLUDE_IPV6_SUPPORT
995 /*
996 * create pseudo-interface with wildcard IPv6 address
997 */
998 v6wild = ipv6_works;
999 if (v6wild) {
1000 /* set wildaddr to the v6 wildcard address :: */
1001 ZERO(wildaddr);
1002 AF(&wildaddr) = AF_INET6;
1003 SET_ADDR6N(&wildaddr, in6addr_any);
1004 SET_PORT(&wildaddr, port);
1005 SET_SCOPE(&wildaddr, 0);
1006
1007 /* check for interface/nic rules affecting the wildcard */
1008 action = interface_action(NULL, &wildaddr, 0);
1009 v6wild = (ACTION_IGNORE != action);
1010 }
1011 if (v6wild) {
1012 wildif = new_interface(NULL);
1013
1014 strlcpy(wildif->name, "v6wildcard", sizeof(wildif->name));
1015 memcpy(&wildif->sin, &wildaddr, sizeof(wildif->sin));
1016 wildif->family = AF_INET6;
1017 AF(&wildif->mask) = AF_INET6;
1018 SET_ONESMASK(&wildif->mask);
1019
1020 wildif->flags = INT_UP | INT_WILDCARD;
1021 wildif->ignore_packets = (ACTION_DROP == action);
1022
1023 wildif->fd = open_socket(&wildif->sin, 0, 1, wildif);
1024
1025 if (wildif->fd != INVALID_SOCKET) {
1026 wildipv6 = wildif;
1027 any6_interface = wildif;
1028 add_addr_to_list(&wildif->sin, wildif);
1029 add_interface(wildif);
1030 log_listen_address(wildif);
1031 } else {
1032 msyslog(LOG_ERR,
1033 "unable to bind to wildcard address %s - another process may be running - EXITING",
1034 stoa(&wildif->sin));
1035 exit(1);
1036 }
1037 DPRINT_INTERFACE(2, (wildif, "created ", "\n"));
1038 }
1039 #endif
1040
1041 /*
1042 * create pseudo-interface with wildcard IPv4 address
1043 */
1044 v4wild = ipv4_works;
1045 if (v4wild) {
1046 /* set wildaddr to the v4 wildcard address 0.0.0.0 */
1047 AF(&wildaddr) = AF_INET;
1048 SET_ADDR4N(&wildaddr, INADDR_ANY);
1049 SET_PORT(&wildaddr, port);
1050
1051 /* check for interface/nic rules affecting the wildcard */
1052 action = interface_action(NULL, &wildaddr, 0);
1053 v4wild = (ACTION_IGNORE != action);
1054 }
1055 if (v4wild) {
1056 wildif = new_interface(NULL);
1057
1058 strlcpy(wildif->name, "v4wildcard", sizeof(wildif->name));
1059 memcpy(&wildif->sin, &wildaddr, sizeof(wildif->sin));
1060 wildif->family = AF_INET;
1061 AF(&wildif->mask) = AF_INET;
1062 SET_ONESMASK(&wildif->mask);
1063
1064 wildif->flags = INT_BROADCAST | INT_UP | INT_WILDCARD;
1065 wildif->ignore_packets = (ACTION_DROP == action);
1066 #if defined(MCAST)
1067 /*
1068 * enable multicast reception on the broadcast socket
1069 */
1070 AF(&wildif->bcast) = AF_INET;
1071 SET_ADDR4N(&wildif->bcast, INADDR_ANY);
1072 SET_PORT(&wildif->bcast, port);
1073 #endif /* MCAST */
1074 wildif->fd = open_socket(&wildif->sin, 0, 1, wildif);
1075
1076 if (wildif->fd != INVALID_SOCKET) {
1077 wildipv4 = wildif;
1078 any_interface = wildif;
1079
1080 add_addr_to_list(&wildif->sin, wildif);
1081 add_interface(wildif);
1082 log_listen_address(wildif);
1083 } else {
1084 msyslog(LOG_ERR,
1085 "unable to bind to wildcard address %s - another process may be running - EXITING",
1086 stoa(&wildif->sin));
1087 exit(1);
1088 }
1089 DPRINT_INTERFACE(2, (wildif, "created ", "\n"));
1090 }
1091 }
1092
1093
1094 /*
1095 * add_nic_rule() -- insert a rule entry at the head of nic_rule_list.
1096 */
1097 void
add_nic_rule(nic_rule_match match_type,const char * if_name,int prefixlen,nic_rule_action action)1098 add_nic_rule(
1099 nic_rule_match match_type,
1100 const char * if_name, /* interface name or numeric address */
1101 int prefixlen,
1102 nic_rule_action action
1103 )
1104 {
1105 nic_rule * rule;
1106 isc_boolean_t is_ip;
1107
1108 rule = emalloc_zero(sizeof(*rule));
1109 rule->match_type = match_type;
1110 rule->prefixlen = prefixlen;
1111 rule->action = action;
1112
1113 if (MATCH_IFNAME == match_type) {
1114 REQUIRE(NULL != if_name);
1115 rule->if_name = estrdup(if_name);
1116 } else if (MATCH_IFADDR == match_type) {
1117 REQUIRE(NULL != if_name);
1118 /* set rule->addr */
1119 is_ip = is_ip_address(if_name, AF_UNSPEC, &rule->addr);
1120 REQUIRE(is_ip);
1121 } else
1122 REQUIRE(NULL == if_name);
1123
1124 LINK_SLIST(nic_rule_list, rule, next);
1125 }
1126
1127
1128 #ifdef DEBUG
1129 static const char *
action_text(nic_rule_action action)1130 action_text(
1131 nic_rule_action action
1132 )
1133 {
1134 const char *t;
1135
1136 switch (action) {
1137
1138 default:
1139 t = "ERROR"; /* quiet uninit warning */
1140 DPRINTF(1, ("fatal: unknown nic_rule_action %d\n",
1141 action));
1142 ENSURE(0);
1143 break;
1144
1145 case ACTION_LISTEN:
1146 t = "listen";
1147 break;
1148
1149 case ACTION_IGNORE:
1150 t = "ignore";
1151 break;
1152
1153 case ACTION_DROP:
1154 t = "drop";
1155 break;
1156 }
1157
1158 return t;
1159 }
1160 #endif /* DEBUG */
1161
1162
1163 static nic_rule_action
interface_action(char * if_name,sockaddr_u * if_addr,u_int32 if_flags)1164 interface_action(
1165 char * if_name,
1166 sockaddr_u * if_addr,
1167 u_int32 if_flags
1168 )
1169 {
1170 nic_rule * rule;
1171 int isloopback;
1172 int iswildcard;
1173
1174 DPRINTF(4, ("interface_action: interface %s ",
1175 (if_name != NULL) ? if_name : "wildcard"));
1176
1177 iswildcard = is_wildcard_addr(if_addr);
1178 isloopback = !!(INT_LOOPBACK & if_flags);
1179
1180 /*
1181 * Find any matching NIC rule from --interface / -I or ntp.conf
1182 * interface/nic rules.
1183 */
1184 for (rule = nic_rule_list; rule != NULL; rule = rule->next) {
1185
1186 switch (rule->match_type) {
1187
1188 case MATCH_ALL:
1189 /* loopback and wildcard excluded from "all" */
1190 if (isloopback || iswildcard)
1191 break;
1192 DPRINTF(4, ("nic all %s\n",
1193 action_text(rule->action)));
1194 return rule->action;
1195
1196 case MATCH_IPV4:
1197 if (IS_IPV4(if_addr)) {
1198 DPRINTF(4, ("nic ipv4 %s\n",
1199 action_text(rule->action)));
1200 return rule->action;
1201 }
1202 break;
1203
1204 case MATCH_IPV6:
1205 if (IS_IPV6(if_addr)) {
1206 DPRINTF(4, ("nic ipv6 %s\n",
1207 action_text(rule->action)));
1208 return rule->action;
1209 }
1210 break;
1211
1212 case MATCH_WILDCARD:
1213 if (iswildcard) {
1214 DPRINTF(4, ("nic wildcard %s\n",
1215 action_text(rule->action)));
1216 return rule->action;
1217 }
1218 break;
1219
1220 case MATCH_IFADDR:
1221 if (rule->prefixlen != -1) {
1222 if (addr_eqprefix(if_addr, &rule->addr,
1223 rule->prefixlen)) {
1224
1225 DPRINTF(4, ("subnet address match - %s\n",
1226 action_text(rule->action)));
1227 return rule->action;
1228 }
1229 } else
1230 if (SOCK_EQ(if_addr, &rule->addr)) {
1231
1232 DPRINTF(4, ("address match - %s\n",
1233 action_text(rule->action)));
1234 return rule->action;
1235 }
1236 break;
1237
1238 case MATCH_IFNAME:
1239 if (if_name != NULL
1240 #if defined(HAVE_FNMATCH) && defined(FNM_CASEFOLD)
1241 && !fnmatch(rule->if_name, if_name, FNM_CASEFOLD)
1242 #else
1243 && !strcasecmp(if_name, rule->if_name)
1244 #endif
1245 ) {
1246
1247 DPRINTF(4, ("interface name match - %s\n",
1248 action_text(rule->action)));
1249 return rule->action;
1250 }
1251 break;
1252 }
1253 }
1254
1255 /*
1256 * Unless explicitly disabled such as with "nic ignore ::1"
1257 * listen on loopback addresses. Since ntpq and ntpdc query
1258 * "localhost" by default, which typically resolves to ::1 and
1259 * 127.0.0.1, it's useful to default to listening on both.
1260 */
1261 if (isloopback) {
1262 DPRINTF(4, ("default loopback listen\n"));
1263 return ACTION_LISTEN;
1264 }
1265
1266 /*
1267 * Treat wildcard addresses specially. If there is no explicit
1268 * "nic ... wildcard" or "nic ... 0.0.0.0" or "nic ... ::" rule
1269 * default to drop.
1270 */
1271 if (iswildcard) {
1272 DPRINTF(4, ("default wildcard drop\n"));
1273 return ACTION_DROP;
1274 }
1275
1276 /*
1277 * Check for "virtual IP" (colon in the interface name) after
1278 * the rules so that "ntpd --interface eth0:1 -novirtualips"
1279 * does indeed listen on eth0:1's addresses.
1280 */
1281 if (!listen_to_virtual_ips && if_name != NULL
1282 && (strchr(if_name, ':') != NULL)) {
1283
1284 DPRINTF(4, ("virtual ip - ignore\n"));
1285 return ACTION_IGNORE;
1286 }
1287
1288 /*
1289 * If there are no --interface/-I command-line options and no
1290 * interface/nic rules in ntp.conf, the default action is to
1291 * listen. In the presence of rules from either, the default
1292 * is to ignore. This implements ntpd's traditional listen-
1293 * every default with no interface listen configuration, and
1294 * ensures a single -I eth0 or "nic listen eth0" means do not
1295 * listen on any other addresses.
1296 */
1297 if (NULL == nic_rule_list) {
1298 DPRINTF(4, ("default listen\n"));
1299 return ACTION_LISTEN;
1300 }
1301
1302 DPRINTF(4, ("implicit ignore\n"));
1303 return ACTION_IGNORE;
1304 }
1305
1306
1307 static void
convert_isc_if(isc_interface_t * isc_if,endpt * itf,u_short port)1308 convert_isc_if(
1309 isc_interface_t *isc_if,
1310 endpt *itf,
1311 u_short port
1312 )
1313 {
1314 strlcpy(itf->name, isc_if->name, sizeof(itf->name));
1315 itf->ifindex = isc_if->ifindex;
1316 itf->family = (u_short)isc_if->af;
1317 AF(&itf->sin) = itf->family;
1318 AF(&itf->mask) = itf->family;
1319 AF(&itf->bcast) = itf->family;
1320 SET_PORT(&itf->sin, port);
1321 SET_PORT(&itf->mask, port);
1322 SET_PORT(&itf->bcast, port);
1323
1324 if (IS_IPV4(&itf->sin)) {
1325 NSRCADR(&itf->sin) = isc_if->address.type.in.s_addr;
1326 NSRCADR(&itf->mask) = isc_if->netmask.type.in.s_addr;
1327
1328 if (isc_if->flags & INTERFACE_F_BROADCAST) {
1329 itf->flags |= INT_BROADCAST;
1330 NSRCADR(&itf->bcast) =
1331 isc_if->broadcast.type.in.s_addr;
1332 }
1333 }
1334 #ifdef INCLUDE_IPV6_SUPPORT
1335 else if (IS_IPV6(&itf->sin)) {
1336 SET_ADDR6N(&itf->sin, isc_if->address.type.in6);
1337 SET_ADDR6N(&itf->mask, isc_if->netmask.type.in6);
1338
1339 SET_SCOPE(&itf->sin, isc_if->address.zone);
1340 }
1341 #endif /* INCLUDE_IPV6_SUPPORT */
1342
1343
1344 /* Process the rest of the flags */
1345
1346 itf->flags |=
1347 ((INTERFACE_F_UP & isc_if->flags)
1348 ? INT_UP : 0)
1349 | ((INTERFACE_F_LOOPBACK & isc_if->flags)
1350 ? INT_LOOPBACK : 0)
1351 | ((INTERFACE_F_POINTTOPOINT & isc_if->flags)
1352 ? INT_PPP : 0)
1353 | ((INTERFACE_F_MULTICAST & isc_if->flags)
1354 ? INT_MULTICAST : 0)
1355 | ((INTERFACE_F_PRIVACY & isc_if->flags)
1356 ? INT_PRIVACY : 0)
1357 ;
1358
1359 /*
1360 * Clear the loopback flag if the address is not localhost.
1361 * http://bugs.ntp.org/1683
1362 */
1363 if ((INT_LOOPBACK & itf->flags) && !IS_LOOPBACK_ADDR(&itf->sin)) {
1364 itf->flags &= ~INT_LOOPBACK;
1365 }
1366 }
1367
1368
1369 /*
1370 * refresh_interface
1371 *
1372 * some OSes have been observed to keep
1373 * cached routes even when more specific routes
1374 * become available.
1375 * this can be mitigated by re-binding
1376 * the socket.
1377 */
1378 static int
refresh_interface(endpt * iface)1379 refresh_interface(
1380 endpt * iface
1381 )
1382 {
1383 #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES
1384 if (iface->fd != INVALID_SOCKET) {
1385 int bcast = (iface->flags & INT_BCASTXMIT) != 0;
1386 /* as we forcibly close() the socket remove the
1387 broadcast permission indication */
1388 if (bcast)
1389 socket_broadcast_disable(iface, &iface->sin);
1390
1391 close_and_delete_fd_from_list(iface->fd);
1392
1393 /* create new socket picking up a new first hop binding
1394 at connect() time */
1395 iface->fd = open_socket(&iface->sin,
1396 bcast, 0, iface);
1397 /*
1398 * reset TTL indication so TTL is is set again
1399 * next time around
1400 */
1401 iface->last_ttl = 0;
1402 return (iface->fd != INVALID_SOCKET);
1403 } else
1404 return 0; /* invalid sockets are not refreshable */
1405 #else /* !OS_MISSES_SPECIFIC_ROUTE_UPDATES */
1406 return (iface->fd != INVALID_SOCKET);
1407 #endif /* !OS_MISSES_SPECIFIC_ROUTE_UPDATES */
1408 }
1409
1410 /*
1411 * interface_update - externally callable update function
1412 */
1413 void
interface_update(interface_receiver_t receiver,void * data)1414 interface_update(
1415 interface_receiver_t receiver,
1416 void * data
1417 )
1418 {
1419 int new_interface_found;
1420
1421 if (scan_addrs_once) {
1422 return;
1423 }
1424 BLOCKIO();
1425 new_interface_found = update_interfaces(NTP_PORT, receiver, data);
1426 UNBLOCKIO();
1427
1428 if (!new_interface_found) {
1429 return;
1430 }
1431 #ifdef DEBUG
1432 msyslog(LOG_DEBUG, "new interface(s) found: waking up resolver");
1433 #endif
1434 interrupt_worker_sleep();
1435 }
1436
1437
1438 /*
1439 * sau_from_netaddr() - convert network address on-wire formats.
1440 * Convert from libisc's isc_netaddr_t to NTP's sockaddr_u
1441 */
1442 void
sau_from_netaddr(sockaddr_u * psau,const isc_netaddr_t * pna)1443 sau_from_netaddr(
1444 sockaddr_u *psau,
1445 const isc_netaddr_t *pna
1446 )
1447 {
1448 ZERO_SOCK(psau);
1449 AF(psau) = (u_short)pna->family;
1450 switch (pna->family) {
1451
1452 case AF_INET:
1453 psau->sa4.sin_addr = pna->type.in;
1454 break;
1455
1456 case AF_INET6:
1457 psau->sa6.sin6_addr = pna->type.in6;
1458 break;
1459 }
1460 }
1461
1462
1463 static int
is_wildcard_addr(const sockaddr_u * psau)1464 is_wildcard_addr(
1465 const sockaddr_u *psau
1466 )
1467 {
1468 if (IS_IPV4(psau) && !NSRCADR(psau))
1469 return 1;
1470
1471 #ifdef INCLUDE_IPV6_SUPPORT
1472 if (IS_IPV6(psau) && S_ADDR6_EQ(psau, &in6addr_any))
1473 return 1;
1474 #endif
1475
1476 return 0;
1477 }
1478
1479
1480 isc_boolean_t
is_linklocal(sockaddr_u * psau)1481 is_linklocal(
1482 sockaddr_u * psau
1483 )
1484 {
1485 struct in6_addr * p6addr;
1486
1487 if (IS_IPV6(psau)) {
1488 p6addr = &psau->sa6.sin6_addr;
1489 if (IN6_IS_ADDR_LINKLOCAL(p6addr)) {
1490 return TRUE;
1491 }
1492 } else if (IS_IPV4(psau)) {
1493 /* autoconf are link-local 169.254.0.0/16 */
1494 if (IS_AUTOCONF(psau)) {
1495 return TRUE;
1496 }
1497 }
1498 return FALSE;
1499 }
1500
1501
1502 #ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND
1503 /*
1504 * enable/disable re-use of wildcard address socket
1505 */
1506 static void
set_wildcard_reuse(u_short family,int on)1507 set_wildcard_reuse(
1508 u_short family,
1509 int on
1510 )
1511 {
1512 endpt *any;
1513 SOCKET fd = INVALID_SOCKET;
1514
1515 any = ANY_INTERFACE_BYFAM(family);
1516 if (any != NULL)
1517 fd = any->fd;
1518
1519 if (fd != INVALID_SOCKET) {
1520 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR,
1521 (void *)&on, sizeof(on)))
1522 msyslog(LOG_ERR,
1523 "set_wildcard_reuse: setsockopt(SO_REUSEADDR, %s) failed: %m",
1524 on ? "on" : "off");
1525
1526 DPRINTF(4, ("set SO_REUSEADDR to %s on %s\n",
1527 on ? "on" : "off",
1528 stoa(&any->sin)));
1529 }
1530 }
1531 #endif /* OS_NEEDS_REUSEADDR_FOR_IFADDRBIND */
1532
1533 static isc_boolean_t
check_flags(sockaddr_u * psau,const char * name,u_int32 flags)1534 check_flags(
1535 sockaddr_u *psau,
1536 const char *name,
1537 u_int32 flags
1538 )
1539 {
1540 #if defined(SIOCGIFAFLAG_IN)
1541 struct ifreq ifr;
1542 int fd;
1543
1544 if (psau->sa.sa_family != AF_INET)
1545 return ISC_FALSE;
1546 if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
1547 return ISC_FALSE;
1548 ZERO(ifr);
1549 memcpy(&ifr.ifr_addr, &psau->sa, sizeof(ifr.ifr_addr));
1550 strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name));
1551 if (ioctl(fd, SIOCGIFAFLAG_IN, &ifr) < 0) {
1552 close(fd);
1553 return ISC_FALSE;
1554 }
1555 close(fd);
1556 if ((ifr.ifr_addrflags & flags) != 0)
1557 return ISC_TRUE;
1558 #endif /* SIOCGIFAFLAG_IN */
1559 return ISC_FALSE;
1560 }
1561
1562 static isc_boolean_t
check_flags6(sockaddr_u * psau,const char * name,u_int32 flags6)1563 check_flags6(
1564 sockaddr_u *psau,
1565 const char *name,
1566 u_int32 flags6
1567 )
1568 {
1569 #if defined(INCLUDE_IPV6_SUPPORT) && defined(SIOCGIFAFLAG_IN6)
1570 struct in6_ifreq ifr6;
1571 int fd;
1572
1573 if (psau->sa.sa_family != AF_INET6)
1574 return ISC_FALSE;
1575 if ((fd = socket(AF_INET6, SOCK_DGRAM, 0)) < 0)
1576 return ISC_FALSE;
1577 ZERO(ifr6);
1578 memcpy(&ifr6.ifr_addr, &psau->sa6, sizeof(ifr6.ifr_addr));
1579 strlcpy(ifr6.ifr_name, name, sizeof(ifr6.ifr_name));
1580 if (ioctl(fd, SIOCGIFAFLAG_IN6, &ifr6) < 0) {
1581 close(fd);
1582 return ISC_FALSE;
1583 }
1584 close(fd);
1585 if ((ifr6.ifr_ifru.ifru_flags6 & flags6) != 0)
1586 return ISC_TRUE;
1587 #endif /* INCLUDE_IPV6_SUPPORT && SIOCGIFAFLAG_IN6 */
1588 return ISC_FALSE;
1589 }
1590
1591 static isc_boolean_t
is_anycast(sockaddr_u * psau,const char * name)1592 is_anycast(
1593 sockaddr_u *psau,
1594 const char *name
1595 )
1596 {
1597 #ifdef IN6_IFF_ANYCAST
1598 return check_flags6(psau, name, IN6_IFF_ANYCAST);
1599 #else
1600 return ISC_FALSE;
1601 #endif
1602 }
1603
1604 static isc_boolean_t
is_valid(sockaddr_u * psau,const char * name)1605 is_valid(
1606 sockaddr_u *psau,
1607 const char *name
1608 )
1609 {
1610 u_int32 flags;
1611
1612 flags = 0;
1613 switch (psau->sa.sa_family) {
1614 case AF_INET:
1615 #ifdef IN_IFF_DETACHED
1616 flags |= IN_IFF_DETACHED;
1617 #endif
1618 #ifdef IN_IFF_TENTATIVE
1619 flags |= IN_IFF_TENTATIVE;
1620 #endif
1621 return check_flags(psau, name, flags) ? ISC_FALSE : ISC_TRUE;
1622 case AF_INET6:
1623 #ifdef IN6_IFF_DEPARTED
1624 flags |= IN6_IFF_DEPARTED;
1625 #endif
1626 #ifdef IN6_IFF_DETACHED
1627 flags |= IN6_IFF_DETACHED;
1628 #endif
1629 #ifdef IN6_IFF_TENTATIVE
1630 flags |= IN6_IFF_TENTATIVE;
1631 #endif
1632 return check_flags6(psau, name, flags) ? ISC_FALSE : ISC_TRUE;
1633 default:
1634 return ISC_FALSE;
1635 }
1636 }
1637
1638 /*
1639 * update_interface strategy
1640 *
1641 * toggle configuration phase
1642 *
1643 * Phase 1a:
1644 * forall currently existing interfaces
1645 * if address is known:
1646 * drop socket - rebind again
1647 *
1648 * if address is NOT known:
1649 * Add address to list of new addresses
1650 *
1651 * Phase 1b:
1652 * Scan the list of new addresses marking IPv6 link-local addresses
1653 * which also have a global v6 address using the same OS ifindex.
1654 * Attempt to create a new interface entry
1655 *
1656 * Phase 2:
1657 * forall currently known non MCAST and WILDCARD interfaces
1658 * if interface does not match configuration phase (not seen in phase 1):
1659 * remove interface from known interface list
1660 * forall peers associated with this interface
1661 * disconnect peer from this interface
1662 *
1663 * Phase 3:
1664 * attempt to re-assign interfaces to peers
1665 *
1666 */
1667
1668 static int
update_interfaces(u_short port,interface_receiver_t receiver,void * data)1669 update_interfaces(
1670 u_short port,
1671 interface_receiver_t receiver,
1672 void * data
1673 )
1674 {
1675 isc_mem_t * mctx = (void *)-1;
1676 interface_info_t ifi;
1677 isc_interfaceiter_t * iter;
1678 isc_result_t result;
1679 isc_interface_t isc_if;
1680 int new_interface_found;
1681 unsigned int family;
1682 endpt enumep;
1683 endpt * ep;
1684 endpt * next_ep;
1685 endpt * newaddrs;
1686 endpt * newaddrs_tail;
1687 endpt * ep2;
1688
1689 DPRINTF(3, ("update_interfaces(%d)\n", port));
1690
1691 /*
1692 * phase 1a - scan OS local addresses
1693 * - update those that ntpd already knows
1694 * - build a list of newly-discovered addresses.
1695 */
1696
1697 new_interface_found = FALSE;
1698 nonlocal_v4_addr_up = nonlocal_v6_addr_up = FALSE;
1699 iter = NULL;
1700 newaddrs = newaddrs_tail = NULL;
1701 result = isc_interfaceiter_create(mctx, &iter);
1702
1703 if (result != ISC_R_SUCCESS)
1704 return 0;
1705
1706 /*
1707 * Toggle system interface scan phase to find untouched
1708 * interfaces to be deleted.
1709 */
1710 sys_interphase ^= 0x1;
1711
1712 for (result = isc_interfaceiter_first(iter);
1713 ISC_R_SUCCESS == result;
1714 result = isc_interfaceiter_next(iter)) {
1715
1716 result = isc_interfaceiter_current(iter, &isc_if);
1717
1718 if (result != ISC_R_SUCCESS) {
1719 break;
1720 }
1721 /* See if we have a valid family to use */
1722 family = isc_if.address.family;
1723 if (AF_INET != family && AF_INET6 != family)
1724 continue;
1725 if (AF_INET == family && !ipv4_works)
1726 continue;
1727 if (AF_INET6 == family && !ipv6_works)
1728 continue;
1729
1730 /* create prototype */
1731 init_interface(&enumep);
1732
1733 convert_isc_if(&isc_if, &enumep, port);
1734
1735 DPRINT_INTERFACE(4, (&enumep, "examining ", "\n"));
1736
1737 /*
1738 * Check if and how we are going to use the interface.
1739 */
1740 switch (interface_action(enumep.name, &enumep.sin,
1741 enumep.flags)) {
1742
1743 case ACTION_IGNORE:
1744 DPRINTF(4, ("ignoring interface %s (%s) - by nic rules\n",
1745 enumep.name, stoa(&enumep.sin)));
1746 continue;
1747
1748 case ACTION_LISTEN:
1749 DPRINTF(4, ("listen interface %s (%s) - by nic rules\n",
1750 enumep.name, stoa(&enumep.sin)));
1751 enumep.ignore_packets = ISC_FALSE;
1752 break;
1753
1754 case ACTION_DROP:
1755 DPRINTF(4, ("drop on interface %s (%s) - by nic rules\n",
1756 enumep.name, stoa(&enumep.sin)));
1757 enumep.ignore_packets = ISC_TRUE;
1758 break;
1759 }
1760
1761 /* interfaces must be UP to be usable */
1762 if (!(enumep.flags & INT_UP)) {
1763 DPRINTF(4, ("skipping interface %s (%s) - DOWN\n",
1764 enumep.name, stoa(&enumep.sin)));
1765 continue;
1766 }
1767
1768 /*
1769 * skip any interfaces UP and bound to a wildcard
1770 * address - some dhcp clients produce that in the
1771 * wild
1772 */
1773 if (is_wildcard_addr(&enumep.sin))
1774 continue;
1775
1776 if (is_anycast(&enumep.sin, isc_if.name))
1777 continue;
1778
1779 /*
1780 * skip any address that is an invalid state to be used
1781 */
1782 if (!is_valid(&enumep.sin, isc_if.name))
1783 continue;
1784
1785 /*
1786 * Keep track of having non-linklocal connectivity
1787 * for IPv4 and IPv6 so we don't solicit pool hosts
1788 * when it can't work.
1789 */
1790 if ( !(INT_LOOPBACK & enumep.flags)
1791 && !is_linklocal(&enumep.sin)) {
1792 if (IS_IPV6(&enumep.sin)) {
1793 nonlocal_v6_addr_up = TRUE;
1794 } else {
1795 nonlocal_v4_addr_up = TRUE;
1796 }
1797 }
1798 /*
1799 * map to local *address* in order to map all duplicate
1800 * interfaces to an endpt structure with the appropriate
1801 * socket. Our name space is (ip-address), NOT
1802 * (interface name, ip-address).
1803 */
1804 ep = getinterface(&enumep.sin, INT_WILDCARD);
1805
1806 if (NULL == ep) {
1807 ep = emalloc(sizeof(*ep));
1808 memcpy(ep, &enumep, sizeof(*ep));
1809 if (NULL != newaddrs_tail) {
1810 newaddrs_tail->elink = ep;
1811 newaddrs_tail = ep;
1812 } else {
1813 newaddrs_tail = newaddrs = ep;
1814 }
1815 continue;
1816 }
1817
1818 if (!refresh_interface(ep)) {
1819 /*
1820 * Refreshing failed, we will delete the endpt
1821 * in phase 2 because it was not marked current.
1822 * We can bind to the address as the refresh
1823 * code already closed the endpt's socket.
1824 */
1825 continue;
1826 }
1827 /*
1828 * found existing and up to date interface -
1829 * mark present.
1830 */
1831 if (ep->phase != sys_interphase) {
1832 /*
1833 * On a new round we reset the name so
1834 * the interface name shows up again if
1835 * this address is no longer shared.
1836 * We reset ignore_packets from the
1837 * new prototype to respect any runtime
1838 * changes to the nic rules.
1839 */
1840 strlcpy(ep->name, enumep.name, sizeof(ep->name));
1841 ep->ignore_packets = enumep.ignore_packets;
1842 } else {
1843 /*
1844 * DLH: else branch might be dead code from
1845 * when both address and name were compared.
1846 */
1847 msyslog(LOG_INFO, "%s on %u %s -> *multiple*",
1848 stoa(&ep->sin), ep->ifnum, ep->name);
1849 /* name collision - rename interface */
1850 strlcpy(ep->name, "*multiple*", sizeof(ep->name));
1851 }
1852
1853 DPRINT_INTERFACE(4, (ep, "updating ", " present\n"));
1854
1855 if (ep->ignore_packets != enumep.ignore_packets) {
1856 /*
1857 * We have conflicting configurations for the
1858 * address. This can happen with
1859 * -I <interfacename> on the command line for an
1860 * interface that shares its address with other
1861 * interfaces. We cannot disambiguate incoming
1862 * packets delivered to this socket without extra
1863 * syscalls/features. Note this is an unusual
1864 * configuration where several interfaces share
1865 * an address but filtering via interface name is
1866 * attempted. We resolve the config conflict by
1867 * disabling the processing of received packets.
1868 * This leads to no service on the address where
1869 * the conflict occurs.
1870 */
1871 msyslog(LOG_WARNING,
1872 "conflicting listen configuration between"
1873 " %s and %s for %s, disabled",
1874 enumep.name, ep->name, stoa(&enumep.sin));
1875
1876 ep->ignore_packets = TRUE;
1877 }
1878
1879 ep->phase = sys_interphase;
1880
1881 ifi.action = IFS_EXISTS;
1882 ifi.ep = ep;
1883 if (receiver != NULL) {
1884 (*receiver)(data, &ifi);
1885 }
1886 }
1887
1888 isc_interfaceiter_destroy(&iter);
1889
1890 /*
1891 * Phase 1b
1892 */
1893 for (ep = newaddrs; ep != NULL; ep = ep->elink) {
1894 if (IS_IPV6(&ep->sin) && is_linklocal(&ep->sin)) {
1895 for (ep2 = newaddrs; ep2 != NULL; ep2 = ep2->elink) {
1896 if ( IS_IPV6(&ep2->sin)
1897 && ep != ep2
1898 && !is_linklocal(&ep2->sin)) {
1899
1900 ep->flags |= INT_LL_OF_GLOB;
1901 break;
1902 }
1903 }
1904 }
1905 }
1906 for (ep2 = newaddrs; ep2 != NULL; ep2 = next_ep) {
1907 next_ep = ep2->elink;
1908 ep2->elink = NULL;
1909 ep = create_interface(port, ep2);
1910 if (ep != NULL) {
1911 ifi.action = IFS_CREATED;
1912 ifi.ep = ep;
1913 if (receiver != NULL) {
1914 (*receiver)(data, &ifi);
1915 }
1916 new_interface_found = TRUE;
1917 DPRINT_INTERFACE(3,
1918 (ep, "updating ", " new - created\n"));
1919 }
1920 else {
1921 DPRINT_INTERFACE(3,
1922 (ep2, "updating ", " new - FAILED"));
1923
1924 msyslog(LOG_ERR,
1925 "cannot bind address %s",
1926 stoa(&ep->sin));
1927 }
1928 free(ep2);
1929 }
1930
1931 /*
1932 * phase 2 - delete gone interfaces - reassigning peers to
1933 * other interfaces
1934 */
1935 for (ep = ep_list; ep != NULL; ep = next_ep) {
1936 next_ep = ep->elink;
1937
1938 /*
1939 * if phase does not match sys_phase this interface was
1940 * not enumerated during the last interface scan - so it
1941 * is gone and will be deleted here unless it did not
1942 * originate from interface enumeration (INT_WILDCARD,
1943 * INT_MCASTIF).
1944 */
1945 if (((INT_WILDCARD | INT_MCASTIF) & ep->flags) ||
1946 ep->phase == sys_interphase)
1947 continue;
1948
1949 DPRINT_INTERFACE(3, (ep, "updating ",
1950 "GONE - deleting\n"));
1951 remove_interface(ep);
1952
1953 ifi.action = IFS_DELETED;
1954 ifi.ep = ep;
1955 if (receiver != NULL) {
1956 (*receiver)(data, &ifi);
1957 }
1958 /* disconnect peers from deleted endpt. */
1959 while (ep->peers != NULL) {
1960 set_peerdstadr(ep->peers, NULL);
1961 }
1962 /*
1963 * update globals in case we lose
1964 * a loopback interface
1965 */
1966 if (ep == loopback_interface) {
1967 loopback_interface = NULL;
1968 }
1969 delete_interface(ep);
1970 }
1971
1972 /*
1973 * phase 3 - re-configure as the world has possibly changed
1974 *
1975 * never ever make this conditional again - it is needed to track
1976 * routing updates. see bug #2506
1977 */
1978 refresh_all_peerinterfaces();
1979
1980 if (sys_bclient) {
1981 io_setbclient();
1982 }
1983 #ifdef MCAST
1984 /*
1985 * Check multicast interfaces and try to join multicast groups if
1986 * not joined yet.
1987 */
1988 for (ep = ep_list; ep != NULL; ep = ep->elink) {
1989 remaddr_t *entry;
1990
1991 if (!(INT_MCASTIF & ep->flags) || (INT_MCASTOPEN & ep->flags)) {
1992 continue;
1993 }
1994 /* Find remote address that was linked to this interface */
1995 for (entry = remoteaddr_list;
1996 entry != NULL;
1997 entry = entry->link) {
1998 if (entry->ep == ep) {
1999 if (socket_multicast_enable(ep, &entry->addr)) {
2000 msyslog(LOG_INFO,
2001 "Joined %s socket to multicast group %s",
2002 stoa(&ep->sin),
2003 stoa(&entry->addr));
2004 }
2005 break;
2006 }
2007 }
2008 }
2009 #endif /* MCAST */
2010
2011 return new_interface_found;
2012 }
2013
2014
2015 /*
2016 * create_sockets - create a socket for each interface plus a default
2017 * socket for when we don't know where to send
2018 */
2019 static int
create_sockets(u_short port)2020 create_sockets(
2021 u_short port
2022 )
2023 {
2024 #ifndef HAVE_IO_COMPLETION_PORT
2025 /*
2026 * I/O Completion Ports don't care about the select and FD_SET
2027 */
2028 maxactivefd = 0;
2029 FD_ZERO(&activefds);
2030 #endif
2031
2032 DPRINTF(2, ("create_sockets(%d)\n", port));
2033
2034 create_wildcards(port);
2035
2036 update_interfaces(port, NULL, NULL);
2037
2038 /*
2039 * Now that we have opened all the sockets, turn off the reuse
2040 * flag for security.
2041 */
2042 set_reuseaddr(0);
2043
2044 DPRINTF(2, ("create_sockets: Total interfaces = %d\n", ninterfaces));
2045
2046 return ninterfaces;
2047 }
2048
2049 /*
2050 * create_interface - create a new interface for a given prototype
2051 * binding the socket.
2052 */
2053 static endpt *
create_interface(u_short port,endpt * protot)2054 create_interface(
2055 u_short port,
2056 endpt * protot
2057 )
2058 {
2059 sockaddr_u resmask;
2060 endpt * iface;
2061 int/*BOOL*/ success;
2062 #if defined(MCAST) && defined(MULTICAST_NONEWSOCKET)
2063 remaddr_t * entry;
2064 remaddr_t * next_entry;
2065 #endif
2066 DPRINTF(2, ("create_interface(%s)\n", sptoa(&protot->sin)));
2067
2068 /* build an interface */
2069 iface = new_interface(protot);
2070
2071 /*
2072 * create socket
2073 */
2074 iface->fd = open_socket(&iface->sin, 0, 0, iface);
2075
2076 if (iface->fd != INVALID_SOCKET)
2077 log_listen_address(iface);
2078
2079 if ((INT_BROADCAST & iface->flags)
2080 && iface->bfd != INVALID_SOCKET)
2081 msyslog(LOG_INFO, "Listening on broadcast address %s",
2082 sptoa(&iface->bcast));
2083
2084 if (INVALID_SOCKET == iface->fd
2085 && INVALID_SOCKET == iface->bfd) {
2086 msyslog(LOG_ERR, "unable to create socket on %s (%d) for %s",
2087 iface->name,
2088 iface->ifnum,
2089 sptoa(&iface->sin));
2090 delete_interface(iface);
2091 return NULL;
2092 }
2093
2094 /*
2095 * Blacklist our own addresses, no use talking to ourself
2096 */
2097 SET_HOSTMASK(&resmask, AF(&iface->sin));
2098 success = hack_restrict(RESTRICT_FLAGS, &iface->sin, &resmask,
2099 -4, RESM_NTPONLY | RESM_INTERFACE,
2100 RES_IGNORE, 0);
2101 if (!success) {
2102 msyslog(LOG_ERR,
2103 "unable to self-restrict %s", stoa(&iface->sin));
2104 }
2105
2106 /*
2107 * set globals with the first found
2108 * loopback interface of the appropriate class
2109 */
2110 if (NULL == loopback_interface && AF_INET == iface->family
2111 && (INT_LOOPBACK & iface->flags))
2112 loopback_interface = iface;
2113
2114 /*
2115 * put into our interface list
2116 */
2117 add_addr_to_list(&iface->sin, iface);
2118 add_interface(iface);
2119
2120 #if defined(MCAST) && defined(MULTICAST_NONEWSOCKET)
2121 /*
2122 * Join any previously-configured compatible multicast groups.
2123 */
2124 if (INT_MULTICAST & iface->flags &&
2125 !((INT_LOOPBACK | INT_WILDCARD) & iface->flags) &&
2126 !iface->ignore_packets) {
2127 for (entry = remoteaddr_list;
2128 entry != NULL;
2129 entry = next_entry) {
2130 next_entry = entry->link;
2131 if (AF(&iface->sin) != AF(&entry->addr) ||
2132 !IS_MCAST(&entry->addr))
2133 continue;
2134 if (socket_multicast_enable(iface,
2135 &entry->addr))
2136 msyslog(LOG_INFO,
2137 "Joined %s socket to multicast group %s",
2138 stoa(&iface->sin),
2139 stoa(&entry->addr));
2140 else
2141 msyslog(LOG_ERR,
2142 "Failed to join %s socket to multicast group %s",
2143 stoa(&iface->sin),
2144 stoa(&entry->addr));
2145 }
2146 }
2147 #endif /* MCAST && MCAST_NONEWSOCKET */
2148
2149 DPRINT_INTERFACE(2, (iface, "created ", "\n"));
2150 return iface;
2151 }
2152
2153
2154 #ifdef DEBUG
2155 const char *
iflags_str(u_int32 iflags)2156 iflags_str(
2157 u_int32 iflags
2158 )
2159 {
2160 const size_t sz = LIB_BUFLENGTH;
2161 char * ifs;
2162
2163 LIB_GETBUF(ifs);
2164 ifs[0] = '\0';
2165
2166 if (iflags & INT_UP) {
2167 CLEAR_BIT_IF_DEBUG(INT_UP, iflags);
2168 append_flagstr(ifs, sz, "up");
2169 }
2170
2171 if (iflags & INT_PPP) {
2172 CLEAR_BIT_IF_DEBUG(INT_PPP, iflags);
2173 append_flagstr(ifs, sz, "ppp");
2174 }
2175
2176 if (iflags & INT_LOOPBACK) {
2177 CLEAR_BIT_IF_DEBUG(INT_LOOPBACK, iflags);
2178 append_flagstr(ifs, sz, "loopback");
2179 }
2180
2181 if (iflags & INT_BROADCAST) {
2182 CLEAR_BIT_IF_DEBUG(INT_BROADCAST, iflags);
2183 append_flagstr(ifs, sz, "broadcast");
2184 }
2185
2186 if (iflags & INT_MULTICAST) {
2187 CLEAR_BIT_IF_DEBUG(INT_MULTICAST, iflags);
2188 append_flagstr(ifs, sz, "multicast");
2189 }
2190
2191 if (iflags & INT_BCASTOPEN) {
2192 CLEAR_BIT_IF_DEBUG(INT_BCASTOPEN, iflags);
2193 append_flagstr(ifs, sz, "bcastopen");
2194 }
2195
2196 if (iflags & INT_MCASTOPEN) {
2197 CLEAR_BIT_IF_DEBUG(INT_MCASTOPEN, iflags);
2198 append_flagstr(ifs, sz, "mcastopen");
2199 }
2200
2201 if (iflags & INT_WILDCARD) {
2202 CLEAR_BIT_IF_DEBUG(INT_WILDCARD, iflags);
2203 append_flagstr(ifs, sz, "wildcard");
2204 }
2205
2206 if (iflags & INT_MCASTIF) {
2207 CLEAR_BIT_IF_DEBUG(INT_MCASTIF, iflags);
2208 append_flagstr(ifs, sz, "mcastif");
2209 }
2210
2211 if (iflags & INT_PRIVACY) {
2212 CLEAR_BIT_IF_DEBUG(INT_PRIVACY, iflags);
2213 append_flagstr(ifs, sz, "IPv6privacy");
2214 }
2215
2216 if (iflags & INT_BCASTXMIT) {
2217 CLEAR_BIT_IF_DEBUG(INT_BCASTXMIT, iflags);
2218 append_flagstr(ifs, sz, "bcastxmit");
2219 }
2220
2221 if (iflags & INT_LL_OF_GLOB) {
2222 CLEAR_BIT_IF_DEBUG(INT_LL_OF_GLOB, iflags);
2223 append_flagstr(ifs, sz, "linklocal-w-global");
2224 }
2225
2226 DEBUG_INVARIANT(!iflags);
2227
2228 return ifs;
2229 }
2230 #endif /* DEBUG */
2231
2232
2233 #ifdef SO_EXCLUSIVEADDRUSE
2234 static void
set_excladdruse(SOCKET fd)2235 set_excladdruse(
2236 SOCKET fd
2237 )
2238 {
2239 int one = 1;
2240 int failed;
2241 #ifdef SYS_WINNT
2242 DWORD err;
2243 #endif
2244
2245 failed = setsockopt(fd, SOL_SOCKET, SO_EXCLUSIVEADDRUSE,
2246 (void *)&one, sizeof(one));
2247
2248 if (!failed)
2249 return;
2250
2251 #ifdef SYS_WINNT
2252 /*
2253 * Prior to Windows XP setting SO_EXCLUSIVEADDRUSE can fail with
2254 * error WSAINVAL depending on service pack level and whether
2255 * the user account is in the Administrators group. Do not
2256 * complain if it fails that way on versions prior to XP (5.1).
2257 */
2258 err = GetLastError();
2259
2260 if (isc_win32os_versioncheck(5, 1, 0, 0) < 0 /* < 5.1/XP */
2261 && WSAEINVAL == err)
2262 return;
2263
2264 SetLastError(err);
2265 #endif
2266 msyslog(LOG_ERR,
2267 "setsockopt(%d, SO_EXCLUSIVEADDRUSE, on): %m",
2268 (int)fd);
2269 }
2270 #endif /* SO_EXCLUSIVEADDRUSE */
2271
2272
2273 /*
2274 * set_reuseaddr() - set/clear REUSEADDR on all sockets
2275 * NB possible hole - should we be doing this on broadcast
2276 * fd's also?
2277 */
2278 static void
set_reuseaddr(int flag)2279 set_reuseaddr(
2280 int flag
2281 )
2282 {
2283 #ifndef SO_EXCLUSIVEADDRUSE
2284 endpt *ep;
2285
2286 for (ep = ep_list; ep != NULL; ep = ep->elink) {
2287 if (ep->flags & INT_WILDCARD)
2288 continue;
2289
2290 /*
2291 * if ep->fd is INVALID_SOCKET, we might have a adapter
2292 * configured but not present
2293 */
2294 DPRINTF(4, ("setting SO_REUSEADDR on %.16s@%s to %s\n",
2295 ep->name, stoa(&ep->sin),
2296 flag ? "on" : "off"));
2297
2298 if (ep->fd != INVALID_SOCKET) {
2299 if (setsockopt(ep->fd, SOL_SOCKET, SO_REUSEADDR,
2300 (void *)&flag, sizeof(flag))) {
2301 msyslog(LOG_ERR, "set_reuseaddr: setsockopt(%s, SO_REUSEADDR, %s) failed: %m",
2302 stoa(&ep->sin), flag ? "on" : "off");
2303 }
2304 }
2305 }
2306 #endif /* ! SO_EXCLUSIVEADDRUSE */
2307 }
2308
2309 /*
2310 * This is just a wrapper around an internal function so we can
2311 * make other changes as necessary later on
2312 */
2313 void
enable_broadcast(endpt * iface,sockaddr_u * baddr)2314 enable_broadcast(
2315 endpt * iface,
2316 sockaddr_u * baddr
2317 )
2318 {
2319 #ifdef OPEN_BCAST_SOCKET
2320 socket_broadcast_enable(iface, iface->fd, baddr);
2321 #endif
2322 }
2323
2324 #ifdef OPEN_BCAST_SOCKET
2325 /*
2326 * Enable a broadcast address to a given socket
2327 * The socket is in the ep_list all we need to do is enable
2328 * broadcasting. It is not this function's job to select the socket
2329 */
2330 static isc_boolean_t
socket_broadcast_enable(endpt * iface,SOCKET fd,sockaddr_u * baddr)2331 socket_broadcast_enable(
2332 endpt * iface,
2333 SOCKET fd,
2334 sockaddr_u * baddr
2335 )
2336 {
2337 #ifdef SO_BROADCAST
2338 int on = 1;
2339
2340 if (IS_IPV4(baddr)) {
2341 /* if this interface can support broadcast, set SO_BROADCAST */
2342 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST,
2343 (void *)&on, sizeof(on)))
2344 msyslog(LOG_ERR,
2345 "setsockopt(SO_BROADCAST) enable failure on address %s: %m",
2346 stoa(baddr));
2347 else
2348 DPRINTF(2, ("Broadcast enabled on socket %d for address %s\n",
2349 fd, stoa(baddr)));
2350 }
2351 iface->flags |= INT_BCASTXMIT;
2352 return ISC_TRUE;
2353 #else
2354 return ISC_FALSE;
2355 #endif /* SO_BROADCAST */
2356 }
2357
2358 #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES
2359 /*
2360 * Remove a broadcast address from a given socket
2361 * The socket is in the ep_list all we need to do is disable
2362 * broadcasting. It is not this function's job to select the socket
2363 */
2364 static isc_boolean_t
socket_broadcast_disable(endpt * iface,sockaddr_u * baddr)2365 socket_broadcast_disable(
2366 endpt * iface,
2367 sockaddr_u * baddr
2368 )
2369 {
2370 #ifdef SO_BROADCAST
2371 int off = 0; /* This seems to be OK as an int */
2372
2373 if (IS_IPV4(baddr) && setsockopt(iface->fd, SOL_SOCKET,
2374 SO_BROADCAST, (void *)&off, sizeof(off)))
2375 msyslog(LOG_ERR,
2376 "setsockopt(SO_BROADCAST) disable failure on address %s: %m",
2377 stoa(baddr));
2378
2379 iface->flags &= ~INT_BCASTXMIT;
2380 return ISC_TRUE;
2381 #else
2382 return ISC_FALSE;
2383 #endif /* SO_BROADCAST */
2384 }
2385 #endif /* OS_MISSES_SPECIFIC_ROUTE_UPDATES */
2386
2387 #endif /* OPEN_BCAST_SOCKET */
2388
2389
2390 /*
2391 * Check to see if the address is a multicast address
2392 */
2393 static isc_boolean_t
addr_ismulticast(sockaddr_u * maddr)2394 addr_ismulticast(
2395 sockaddr_u *maddr
2396 )
2397 {
2398 isc_boolean_t result;
2399
2400 #ifndef INCLUDE_IPV6_MULTICAST_SUPPORT
2401 /*
2402 * If we don't have IPV6 support any IPV6 addr is not multicast
2403 */
2404 if (IS_IPV6(maddr))
2405 result = ISC_FALSE;
2406 else
2407 #endif
2408 result = IS_MCAST(maddr);
2409
2410 if (!result)
2411 DPRINTF(4, ("address %s is not multicast\n",
2412 stoa(maddr)));
2413
2414 return result;
2415 }
2416
2417 /*
2418 * Multicast servers need to set the appropriate Multicast interface
2419 * socket option in order for it to know which interface to use for
2420 * send the multicast packet.
2421 */
2422 void
enable_multicast_if(endpt * iface,sockaddr_u * maddr)2423 enable_multicast_if(
2424 endpt * iface,
2425 sockaddr_u * maddr
2426 )
2427 {
2428 #ifdef MCAST
2429 #ifdef IP_MULTICAST_LOOP
2430 TYPEOF_IP_MULTICAST_LOOP off = 0;
2431 #endif
2432 #if defined(INCLUDE_IPV6_MULTICAST_SUPPORT) && defined(IPV6_MULTICAST_LOOP)
2433 u_int off6 = 0;
2434 #endif
2435
2436 REQUIRE(AF(maddr) == AF(&iface->sin));
2437
2438 switch (AF(&iface->sin)) {
2439
2440 case AF_INET:
2441 #ifdef IP_MULTICAST_LOOP
2442 /*
2443 * Don't send back to itself, but allow failure to set
2444 */
2445 if (setsockopt(iface->fd, IPPROTO_IP,
2446 IP_MULTICAST_LOOP,
2447 (void *)&off,
2448 sizeof(off))) {
2449
2450 msyslog(LOG_ERR,
2451 "setsockopt IP_MULTICAST_LOOP failed: %m on socket %d, addr %s for multicast address %s",
2452 iface->fd, stoa(&iface->sin),
2453 stoa(maddr));
2454 }
2455 #endif
2456 break;
2457
2458 case AF_INET6:
2459 #ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
2460 #ifdef IPV6_MULTICAST_LOOP
2461 /*
2462 * Don't send back to itself, but allow failure to set
2463 */
2464 if (setsockopt(iface->fd, IPPROTO_IPV6,
2465 IPV6_MULTICAST_LOOP,
2466 (void *) &off6, sizeof(off6))) {
2467
2468 msyslog(LOG_ERR,
2469 "setsockopt IPV6_MULTICAST_LOOP failed: %m on socket %d, addr %s for multicast address %s",
2470 iface->fd, stoa(&iface->sin),
2471 stoa(maddr));
2472 }
2473 #endif
2474 break;
2475 #else
2476 return;
2477 #endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */
2478 }
2479 return;
2480 #endif
2481 }
2482
2483 /*
2484 * Add a multicast address to a given socket
2485 * The socket is in the ep_list all we need to do is enable
2486 * multicasting. It is not this function's job to select the socket
2487 */
2488 #if defined(MCAST)
2489 static isc_boolean_t
socket_multicast_enable(endpt * iface,sockaddr_u * maddr)2490 socket_multicast_enable(
2491 endpt * iface,
2492 sockaddr_u * maddr
2493 )
2494 {
2495 struct ip_mreq mreq;
2496 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
2497 struct ipv6_mreq mreq6;
2498 # endif
2499 switch (AF(maddr)) {
2500
2501 case AF_INET:
2502 ZERO(mreq);
2503 mreq.imr_multiaddr = SOCK_ADDR4(maddr);
2504 mreq.imr_interface.s_addr = htonl(INADDR_ANY);
2505 if (setsockopt(iface->fd,
2506 IPPROTO_IP,
2507 IP_ADD_MEMBERSHIP,
2508 (void *)&mreq,
2509 sizeof(mreq))) {
2510 DPRINTF(2, (
2511 "setsockopt IP_ADD_MEMBERSHIP failed: %m on socket %d, addr %s for %x / %x (%s)",
2512 iface->fd, stoa(&iface->sin),
2513 mreq.imr_multiaddr.s_addr,
2514 mreq.imr_interface.s_addr,
2515 stoa(maddr)));
2516 return ISC_FALSE;
2517 }
2518 DPRINTF(4, ("Added IPv4 multicast membership on socket %d, addr %s for %x / %x (%s)\n",
2519 iface->fd, stoa(&iface->sin),
2520 mreq.imr_multiaddr.s_addr,
2521 mreq.imr_interface.s_addr, stoa(maddr)));
2522 break;
2523
2524 case AF_INET6:
2525 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
2526 /*
2527 * Enable reception of multicast packets.
2528 * If the address is link-local we can get the
2529 * interface index from the scope id. Don't do this
2530 * for other types of multicast addresses. For now let
2531 * the kernel figure it out.
2532 */
2533 ZERO(mreq6);
2534 mreq6.ipv6mr_multiaddr = SOCK_ADDR6(maddr);
2535 mreq6.ipv6mr_interface = iface->ifindex;
2536
2537 if (setsockopt(iface->fd, IPPROTO_IPV6,
2538 IPV6_JOIN_GROUP, (void *)&mreq6,
2539 sizeof(mreq6))) {
2540 DPRINTF(2, (
2541 "setsockopt IPV6_JOIN_GROUP failed: %m on socket %d, addr %s for interface %u (%s)",
2542 iface->fd, stoa(&iface->sin),
2543 mreq6.ipv6mr_interface, stoa(maddr)));
2544 return ISC_FALSE;
2545 }
2546 DPRINTF(4, ("Added IPv6 multicast group on socket %d, addr %s for interface %u (%s)\n",
2547 iface->fd, stoa(&iface->sin),
2548 mreq6.ipv6mr_interface, stoa(maddr)));
2549 # else
2550 return ISC_FALSE;
2551 # endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */
2552 }
2553 iface->flags |= INT_MCASTOPEN;
2554 iface->num_mcast++;
2555
2556 return ISC_TRUE;
2557 }
2558 #endif /* MCAST */
2559
2560
2561 /*
2562 * Remove a multicast address from a given socket
2563 * The socket is in the ep_list all we need to do is disable
2564 * multicasting. It is not this function's job to select the socket
2565 */
2566 #ifdef MCAST
2567 static isc_boolean_t
socket_multicast_disable(endpt * iface,sockaddr_u * maddr)2568 socket_multicast_disable(
2569 endpt * iface,
2570 sockaddr_u * maddr
2571 )
2572 {
2573 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
2574 struct ipv6_mreq mreq6;
2575 # endif
2576 struct ip_mreq mreq;
2577
2578 if (find_addr_in_list(maddr) == NULL) {
2579 DPRINTF(4, ("socket_multicast_disable(%s): not found\n",
2580 stoa(maddr)));
2581 return ISC_TRUE;
2582 }
2583
2584 switch (AF(maddr)) {
2585
2586 case AF_INET:
2587 ZERO(mreq);
2588 mreq.imr_multiaddr = SOCK_ADDR4(maddr);
2589 mreq.imr_interface = SOCK_ADDR4(&iface->sin);
2590 if (setsockopt(iface->fd, IPPROTO_IP,
2591 IP_DROP_MEMBERSHIP, (void *)&mreq,
2592 sizeof(mreq))) {
2593
2594 msyslog(LOG_ERR,
2595 "setsockopt IP_DROP_MEMBERSHIP failed: %m on socket %d, addr %s for %x / %x (%s)",
2596 iface->fd, stoa(&iface->sin),
2597 SRCADR(maddr), SRCADR(&iface->sin),
2598 stoa(maddr));
2599 return ISC_FALSE;
2600 }
2601 break;
2602 case AF_INET6:
2603 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
2604 /*
2605 * Disable reception of multicast packets
2606 * If the address is link-local we can get the
2607 * interface index from the scope id. Don't do this
2608 * for other types of multicast addresses. For now let
2609 * the kernel figure it out.
2610 */
2611 ZERO(mreq6);
2612 mreq6.ipv6mr_multiaddr = SOCK_ADDR6(maddr);
2613 mreq6.ipv6mr_interface = iface->ifindex;
2614
2615 if (setsockopt(iface->fd, IPPROTO_IPV6,
2616 IPV6_LEAVE_GROUP, (void *)&mreq6,
2617 sizeof(mreq6))) {
2618
2619 msyslog(LOG_ERR,
2620 "setsockopt IPV6_LEAVE_GROUP failure: %m on socket %d, addr %s for %d (%s)",
2621 iface->fd, stoa(&iface->sin),
2622 iface->ifindex, stoa(maddr));
2623 return ISC_FALSE;
2624 }
2625 break;
2626 # else
2627 return ISC_FALSE;
2628 # endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */
2629 }
2630
2631 iface->num_mcast--;
2632 if (iface->num_mcast <= 0) {
2633 iface->flags &= ~INT_MCASTOPEN;
2634 }
2635 return ISC_TRUE;
2636 }
2637 #endif /* MCAST */
2638
2639
2640 /*
2641 * io_setbclient - open the broadcast client sockets
2642 */
2643 void
io_setbclient(void)2644 io_setbclient(void)
2645 {
2646 #ifdef OPEN_BCAST_SOCKET
2647 endpt * ep;
2648 unsigned int nif, ni4;
2649
2650 nif = ni4 = 0;
2651 set_reuseaddr(1);
2652
2653 for (ep = ep_list; ep != NULL; ep = ep->elink) {
2654 /* count IPv4 interfaces. Needed later to decide
2655 * if we should log an error or not.
2656 */
2657 if (AF_INET == ep->family) {
2658 ++ni4;
2659 }
2660
2661 if (ep->flags & (INT_WILDCARD | INT_LOOPBACK))
2662 continue;
2663
2664 /* use only allowed addresses */
2665 if (ep->ignore_packets)
2666 continue;
2667
2668 /* Need a broadcast-capable interface */
2669 if (!(ep->flags & INT_BROADCAST))
2670 continue;
2671
2672 /* Only IPv4 addresses are valid for broadcast */
2673 REQUIRE(IS_IPV4(&ep->bcast));
2674
2675 /* Do we already have the broadcast address open? */
2676 if (ep->flags & INT_BCASTOPEN) {
2677 /*
2678 * account for already open interfaces to avoid
2679 * misleading warning below
2680 */
2681 nif++;
2682 continue;
2683 }
2684
2685 /*
2686 * Try to open the broadcast address
2687 */
2688 ep->family = AF_INET;
2689 ep->bfd = open_socket(&ep->bcast, 1, 0, ep);
2690
2691 /*
2692 * If we succeeded then we use it otherwise enable
2693 * broadcast on the interface address
2694 */
2695 if (ep->bfd != INVALID_SOCKET) {
2696 nif++;
2697 ep->flags |= INT_BCASTOPEN;
2698 msyslog(LOG_INFO,
2699 "Listen for broadcasts to %s on interface #%d %s",
2700 stoa(&ep->bcast), ep->ifnum, ep->name);
2701 } else switch (errno) {
2702 /* Silently ignore EADDRINUSE as we probably
2703 * opened the socket already for an address in
2704 * the same network */
2705 case EADDRINUSE:
2706 /* Some systems cannot bind a socket to a broadcast
2707 * address, as that is not a valid host address. */
2708 case EADDRNOTAVAIL:
2709 # ifdef SYS_WINNT /*TODO: use for other systems, too? */
2710 /* avoid recurrence here -- if we already have a
2711 * regular socket, it's quite useless to try this
2712 * again.
2713 */
2714 if (ep->fd != INVALID_SOCKET) {
2715 ep->flags |= INT_BCASTOPEN;
2716 nif++;
2717 }
2718 # endif
2719 break;
2720
2721 default:
2722 msyslog(LOG_INFO,
2723 "failed to listen for broadcasts to %s on interface #%d %s",
2724 stoa(&ep->bcast), ep->ifnum, ep->name);
2725 break;
2726 }
2727 }
2728 set_reuseaddr(0);
2729 if (nif != 0) {
2730 broadcast_client_enabled = ISC_TRUE;
2731 DPRINTF(1, ("io_setbclient: listening to %d broadcast addresses\n", nif));
2732 } else {
2733 broadcast_client_enabled = ISC_FALSE;
2734 /* This is expected when having only IPv6 interfaces
2735 * and no IPv4 interfaces at all. We suppress the error
2736 * log in that case... everything else should work!
2737 */
2738 if (ni4) {
2739 msyslog(LOG_ERR,
2740 "Unable to listen for broadcasts, no broadcast interfaces available");
2741 }
2742 }
2743 #else
2744 msyslog(LOG_ERR,
2745 "io_setbclient: Broadcast Client disabled by build");
2746 #endif /* OPEN_BCAST_SOCKET */
2747 }
2748
2749
2750 /*
2751 * io_unsetbclient - close the broadcast client sockets
2752 */
2753 void
io_unsetbclient(void)2754 io_unsetbclient(void)
2755 {
2756 endpt *ep;
2757
2758 for (ep = ep_list; ep != NULL; ep = ep->elink) {
2759 if (INT_WILDCARD & ep->flags)
2760 continue;
2761 if (!(INT_BCASTOPEN & ep->flags))
2762 continue;
2763
2764 if (ep->bfd != INVALID_SOCKET) {
2765 /* destroy broadcast listening socket */
2766 msyslog(LOG_INFO,
2767 "stop listening for broadcasts to %s on interface #%d %s",
2768 stoa(&ep->bcast), ep->ifnum, ep->name);
2769 close_and_delete_fd_from_list(ep->bfd, ep);
2770 ep->bfd = INVALID_SOCKET;
2771 }
2772 ep->flags &= ~INT_BCASTOPEN;
2773 }
2774 broadcast_client_enabled = ISC_FALSE;
2775 }
2776
2777
2778 /*
2779 * io_multicast_add() - add multicast group address
2780 */
2781 void
io_multicast_add(sockaddr_u * addr)2782 io_multicast_add(
2783 sockaddr_u *addr
2784 )
2785 {
2786 #ifdef MCAST
2787 endpt * ep;
2788 endpt * one_ep;
2789
2790 /*
2791 * Check to see if this is a multicast address
2792 */
2793 if (!addr_ismulticast(addr))
2794 return;
2795
2796 /* If we already have it we can just return */
2797 if (NULL != find_flagged_addr_in_list(addr, INT_MCASTOPEN)) {
2798 return;
2799 }
2800
2801 # ifndef MULTICAST_NONEWSOCKET
2802 ep = new_interface(NULL);
2803
2804 /*
2805 * Open a new socket for the multicast address
2806 */
2807 ep->sin = *addr;
2808 SET_PORT(&ep->sin, NTP_PORT);
2809 ep->family = AF(&ep->sin);
2810 AF(&ep->mask) = ep->family;
2811 SET_ONESMASK(&ep->mask);
2812
2813 set_reuseaddr(1);
2814 ep->bfd = INVALID_SOCKET;
2815 ep->fd = open_socket(&ep->sin, 0, 0, ep);
2816 if (ep->fd != INVALID_SOCKET) {
2817 ep->ignore_packets = ISC_FALSE;
2818 ep->flags |= INT_MCASTIF;
2819 ep->ifindex = SCOPE(addr);
2820
2821 strlcpy(ep->name, "multicast", sizeof(ep->name));
2822 DPRINT_INTERFACE(2, (ep, "multicast add ", "\n"));
2823 add_interface(ep);
2824 log_listen_address(ep);
2825 } else {
2826 /* bind failed, re-use wildcard interface */
2827 delete_interface(ep);
2828
2829 if (IS_IPV4(addr))
2830 ep = wildipv4;
2831 else if (IS_IPV6(addr))
2832 ep = wildipv6;
2833 else
2834 ep = NULL;
2835
2836 if (ep != NULL) {
2837 /* HACK ! -- stuff in an address */
2838 /* because we don't bind addr? DH */
2839 ep->bcast = *addr;
2840 msyslog(LOG_ERR,
2841 "multicast address %s using wildcard interface #%d %s",
2842 stoa(addr), ep->ifnum, ep->name);
2843 } else {
2844 msyslog(LOG_ERR,
2845 "No multicast socket available to use for address %s",
2846 stoa(addr));
2847 return;
2848 }
2849 }
2850 { /* in place of the { following for in #else clause */
2851 one_ep = ep;
2852 # else /* MULTICAST_NONEWSOCKET follows */
2853 /*
2854 * For the case where we can't use a separate socket (Windows)
2855 * join each applicable endpoint socket to the group address.
2856 */
2857 if (IS_IPV4(addr))
2858 one_ep = wildipv4;
2859 else
2860 one_ep = wildipv6;
2861 for (ep = ep_list; ep != NULL; ep = ep->elink) {
2862 if (ep->ignore_packets || AF(&ep->sin) != AF(addr) ||
2863 !(INT_MULTICAST & ep->flags) ||
2864 (INT_LOOPBACK | INT_WILDCARD) & ep->flags)
2865 continue;
2866 one_ep = ep;
2867 # endif /* MULTICAST_NONEWSOCKET */
2868 if (socket_multicast_enable(ep, addr))
2869 msyslog(LOG_INFO,
2870 "Joined %s socket to multicast group %s",
2871 stoa(&ep->sin),
2872 stoa(addr));
2873 }
2874
2875 add_addr_to_list(addr, one_ep);
2876 #else /* !MCAST follows*/
2877 msyslog(LOG_ERR,
2878 "Can not add multicast address %s: no multicast support",
2879 stoa(addr));
2880 #endif
2881 return;
2882 }
2883
2884
2885 /*
2886 * io_multicast_del() - delete multicast group address
2887 */
2888 void
2889 io_multicast_del(
2890 sockaddr_u * addr
2891 )
2892 {
2893 #ifdef MCAST
2894 endpt *iface;
2895
2896 /*
2897 * Check to see if this is a multicast address
2898 */
2899 if (!addr_ismulticast(addr)) {
2900 msyslog(LOG_ERR, "invalid multicast address %s",
2901 stoa(addr));
2902 return;
2903 }
2904
2905 /*
2906 * Disable reception of multicast packets
2907 */
2908 while ((iface = find_flagged_addr_in_list(addr, INT_MCASTOPEN))
2909 != NULL)
2910 socket_multicast_disable(iface, addr);
2911
2912 delete_addr_from_list(addr);
2913
2914 #else /* not MCAST */
2915 msyslog(LOG_ERR,
2916 "Can not delete multicast address %s: no multicast support",
2917 stoa(addr));
2918 #endif /* not MCAST */
2919 }
2920
2921
2922 /*
2923 * open_socket - open a socket, returning the file descriptor
2924 */
2925
2926 static SOCKET
2927 open_socket(
2928 sockaddr_u * addr,
2929 int bcast,
2930 int turn_off_reuse,
2931 endpt * interf
2932 )
2933 {
2934 SOCKET fd;
2935 int errval;
2936 /*
2937 * int is OK for REUSEADR per
2938 * http://www.kohala.com/start/mcast.api.txt
2939 */
2940 int on = 1;
2941 int off = 0;
2942
2943 if (IS_IPV6(addr) && !ipv6_works)
2944 return INVALID_SOCKET;
2945
2946 /* create a datagram (UDP) socket */
2947 fd = socket(AF(addr), SOCK_DGRAM, 0);
2948 if (INVALID_SOCKET == fd) {
2949 errval = socket_errno();
2950 msyslog(LOG_ERR,
2951 "socket(AF_INET%s, SOCK_DGRAM, 0) failed on address %s: %m",
2952 IS_IPV6(addr) ? "6" : "", stoa(addr));
2953
2954 if (errval == EPROTONOSUPPORT ||
2955 errval == EAFNOSUPPORT ||
2956 errval == EPFNOSUPPORT)
2957 return (INVALID_SOCKET);
2958
2959 errno = errval;
2960 msyslog(LOG_ERR,
2961 "unexpected socket() error %m code %d (not EPROTONOSUPPORT nor EAFNOSUPPORT nor EPFNOSUPPORT) - exiting",
2962 errno);
2963 exit(1);
2964 }
2965
2966 #ifdef SYS_WINNT
2967 connection_reset_fix(fd, addr);
2968 #endif
2969 /*
2970 * Fixup the file descriptor for some systems
2971 * See bug #530 for details of the issue.
2972 */
2973 fd = move_fd(fd);
2974
2975 /*
2976 * set SO_REUSEADDR since we will be binding the same port
2977 * number on each interface according to turn_off_reuse.
2978 * This is undesirable on Windows versions starting with
2979 * Windows XP (numeric version 5.1).
2980 */
2981 #ifdef SYS_WINNT
2982 if (isc_win32os_versioncheck(5, 1, 0, 0) < 0) /* before 5.1 */
2983 #endif
2984 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR,
2985 (void *)((turn_off_reuse)
2986 ? &off
2987 : &on),
2988 sizeof(on))) {
2989
2990 msyslog(LOG_ERR,
2991 "setsockopt SO_REUSEADDR %s fails for address %s: %m",
2992 (turn_off_reuse)
2993 ? "off"
2994 : "on",
2995 stoa(addr));
2996 closesocket(fd);
2997 return INVALID_SOCKET;
2998 }
2999 #ifdef SO_EXCLUSIVEADDRUSE
3000 /*
3001 * setting SO_EXCLUSIVEADDRUSE on the wildcard we open
3002 * first will cause more specific binds to fail.
3003 */
3004 if (!(interf->flags & INT_WILDCARD))
3005 set_excladdruse(fd);
3006 #endif
3007
3008 /*
3009 * IPv4 specific options go here
3010 */
3011 if (IS_IPV4(addr)) {
3012 #if defined(IPPROTO_IP) && defined(IP_TOS)
3013 if (setsockopt(fd, IPPROTO_IP, IP_TOS, (void *)&qos,
3014 sizeof(qos)))
3015 msyslog(LOG_ERR,
3016 "setsockopt IP_TOS (%02x) fails on address %s: %m",
3017 qos, stoa(addr));
3018 #endif /* IPPROTO_IP && IP_TOS */
3019 if (bcast)
3020 socket_broadcast_enable(interf, fd, addr);
3021 }
3022
3023 /*
3024 * IPv6 specific options go here
3025 */
3026 if (IS_IPV6(addr)) {
3027 #if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS)
3028 if (setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, (void *)&qos,
3029 sizeof(qos)))
3030 msyslog(LOG_ERR,
3031 "setsockopt IPV6_TCLASS (%02x) fails on address %s: %m",
3032 qos, stoa(addr));
3033 #endif /* IPPROTO_IPV6 && IPV6_TCLASS */
3034 #ifdef IPV6_V6ONLY
3035 if (isc_net_probe_ipv6only() == ISC_R_SUCCESS
3036 && setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY,
3037 (void *)&on, sizeof(on)))
3038 msyslog(LOG_ERR,
3039 "setsockopt IPV6_V6ONLY on fails on address %s: %m",
3040 stoa(addr));
3041 #endif
3042 #ifdef IPV6_BINDV6ONLY
3043 if (setsockopt(fd, IPPROTO_IPV6, IPV6_BINDV6ONLY,
3044 (void *)&on, sizeof(on)))
3045 msyslog(LOG_ERR,
3046 "setsockopt IPV6_BINDV6ONLY on fails on address %s: %m",
3047 stoa(addr));
3048 #endif
3049 }
3050
3051 #ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND
3052 /*
3053 * some OSes don't allow binding to more specific
3054 * addresses if a wildcard address already bound
3055 * to the port and SO_REUSEADDR is not set
3056 */
3057 if (!is_wildcard_addr(addr))
3058 set_wildcard_reuse(AF(addr), 1);
3059 #endif
3060
3061 /*
3062 * bind the local address.
3063 */
3064 errval = bind(fd, &addr->sa, SOCKLEN(addr));
3065
3066 #ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND
3067 if (!is_wildcard_addr(addr))
3068 set_wildcard_reuse(AF(addr), 0);
3069 #endif
3070
3071 if (errval < 0) {
3072 /*
3073 * Don't log this under all conditions
3074 */
3075 if (turn_off_reuse == 0
3076 #ifdef DEBUG
3077 || debug > 1
3078 #endif
3079 ) {
3080 msyslog(LOG_ERR,
3081 "bind(%d) AF_INET%s %s%s flags 0x%x failed: %m",
3082 fd, IS_IPV6(addr) ? "6" : "",
3083 sptoa(addr),
3084 IS_MCAST(addr) ? " (multicast)" : "",
3085 interf->flags);
3086 }
3087
3088 closesocket(fd);
3089
3090 return INVALID_SOCKET;
3091 }
3092
3093 #ifdef HAVE_TIMESTAMP
3094 {
3095 if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMP,
3096 (void *)&on, sizeof(on)))
3097 msyslog(LOG_DEBUG,
3098 "setsockopt SO_TIMESTAMP on fails on address %s: %m",
3099 stoa(addr));
3100 else
3101 DPRINTF(4, ("setsockopt SO_TIMESTAMP enabled on fd %d address %s\n",
3102 fd, stoa(addr)));
3103 }
3104 #endif
3105 #ifdef HAVE_TIMESTAMPNS
3106 {
3107 if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMPNS,
3108 (void *)&on, sizeof(on)))
3109 msyslog(LOG_DEBUG,
3110 "setsockopt SO_TIMESTAMPNS on fails on address %s: %m",
3111 stoa(addr));
3112 else
3113 DPRINTF(4, ("setsockopt SO_TIMESTAMPNS enabled on fd %d address %s\n",
3114 fd, stoa(addr)));
3115 }
3116 #endif
3117 #ifdef HAVE_BINTIME
3118 {
3119 if (setsockopt(fd, SOL_SOCKET, SO_BINTIME,
3120 (void *)&on, sizeof(on)))
3121 msyslog(LOG_DEBUG,
3122 "setsockopt SO_BINTIME on fails on address %s: %m",
3123 stoa(addr));
3124 else
3125 DPRINTF(4, ("setsockopt SO_BINTIME enabled on fd %d address %s\n",
3126 fd, stoa(addr)));
3127 }
3128 #endif
3129
3130 DPRINTF(4, ("bind(%d) addr %s, flags 0x%x\n",
3131 fd, sptoa(addr), interf->flags));
3132
3133 make_socket_nonblocking(fd);
3134
3135 #ifdef HAVE_SIGNALED_IO
3136 init_socket_sig(fd);
3137 #endif /* not HAVE_SIGNALED_IO */
3138
3139 add_fd_to_list(fd, FD_TYPE_SOCKET);
3140
3141 #if !defined(SYS_WINNT) && !defined(VMS)
3142 DPRINTF(4, ("flags for fd %d: 0x%x\n", fd,
3143 fcntl(fd, F_GETFL, 0)));
3144 #endif /* SYS_WINNT || VMS */
3145
3146 #if defined(HAVE_IO_COMPLETION_PORT)
3147 /*
3148 * Add the socket to the completion port
3149 */
3150 if (!io_completion_port_add_socket(fd, interf, bcast)) {
3151 msyslog(LOG_ERR, "unable to set up io completion port - EXITING");
3152 exit(1);
3153 }
3154 #endif
3155 return fd;
3156 }
3157
3158
3159
3160 /* XXX ELIMINATE sendpkt similar in ntpq.c, ntpdc.c, ntp_io.c, ntptrace.c */
3161 /*
3162 * sendpkt - send a packet to the specified destination from the given endpt
3163 * except for multicast, which may be sent from several addresses.
3164 */
3165 void
3166 sendpkt(
3167 sockaddr_u * dest,
3168 endpt * ep,
3169 int ttl,
3170 struct pkt * pkt,
3171 int len
3172 )
3173 {
3174 endpt * src;
3175 int ismcast;
3176 int cc;
3177 int rc;
3178 u_char cttl;
3179 l_fp fp_zero = { { 0 }, 0 };
3180 l_fp org, rec, xmt;
3181
3182 ismcast = IS_MCAST(dest);
3183 if (!ismcast) {
3184 src = ep;
3185 } else {
3186 #ifndef MCAST
3187 return;
3188 #endif
3189 src = (IS_IPV4(dest))
3190 ? mc4_list
3191 : mc6_list;
3192 }
3193
3194 if (NULL == src) {
3195 /*
3196 * unbound peer - drop request and wait for better
3197 * network conditions
3198 */
3199 DPRINTF(2, ("%ssendpkt(dst=%s, ttl=%d, len=%d): no interface - IGNORED\n",
3200 ismcast ? "\tMCAST\t***** " : "",
3201 stoa(dest), ttl, len));
3202 return;
3203 }
3204
3205 do {
3206 if (ismcast && INT_LL_OF_GLOB & src->flags) {
3207 /* avoid duplicate multicasts on same IPv6 net */
3208 goto loop;
3209 }
3210 DPRINTF(2, ("%ssendpkt(%d, dst=%s, src=%s, ttl=%d, len=%d)\n",
3211 ismcast ? "\tMCAST\t***** " : "", src->fd,
3212 stoa(dest), stoa(&src->sin), ttl, len));
3213 #ifdef MCAST
3214 if (ismcast && ttl > 0 && ttl != src->last_ttl) {
3215 /*
3216 * set the multicast ttl for outgoing packets
3217 */
3218 switch (AF(&src->sin)) {
3219
3220 case AF_INET :
3221 cttl = (u_char)ttl;
3222 rc = setsockopt(src->fd, IPPROTO_IP,
3223 IP_MULTICAST_TTL,
3224 (void *)&cttl,
3225 sizeof(cttl));
3226 break;
3227
3228 # ifdef INCLUDE_IPV6_SUPPORT
3229 case AF_INET6 :
3230 rc = setsockopt(src->fd, IPPROTO_IPV6,
3231 IPV6_MULTICAST_HOPS,
3232 (void *)&ttl,
3233 sizeof(ttl));
3234 break;
3235 # endif /* INCLUDE_IPV6_SUPPORT */
3236
3237 default:
3238 rc = 0;
3239 }
3240
3241 if (!rc)
3242 src->last_ttl = ttl;
3243 else
3244 msyslog(LOG_ERR,
3245 "setsockopt IP_MULTICAST_TTL/IPV6_MULTICAST_HOPS fails on address %s: %m",
3246 stoa(&src->sin));
3247 }
3248 #endif /* MCAST */
3249
3250 #ifdef SIM
3251 cc = simulate_server(dest, src, pkt);
3252 #elif defined(HAVE_IO_COMPLETION_PORT)
3253 cc = io_completion_port_sendto(src, src->fd, pkt,
3254 (size_t)len, dest);
3255 #else
3256 cc = sendto(src->fd, (char *)pkt, (u_int)len, 0,
3257 &dest->sa, SOCKLEN(dest));
3258 #endif
3259 if (cc == -1) {
3260 src->notsent++;
3261 packets_notsent++;
3262 } else {
3263 src->sent++;
3264 packets_sent++;
3265 }
3266 loop:
3267 if (ismcast)
3268 src = src->mclink;
3269 } while (ismcast && src != NULL);
3270
3271 /* HMS: pkt->rootdisp is usually random here */
3272 NTOHL_FP(&pkt->org, &org);
3273 NTOHL_FP(&pkt->rec, &rec);
3274 NTOHL_FP(&pkt->xmt, &xmt);
3275 record_raw_stats(src ? &src->sin : NULL, dest,
3276 &org, &rec, &xmt, &fp_zero,
3277 PKT_LEAP(pkt->li_vn_mode),
3278 PKT_VERSION(pkt->li_vn_mode),
3279 PKT_MODE(pkt->li_vn_mode),
3280 pkt->stratum,
3281 pkt->ppoll, pkt->precision,
3282 FPTOD(NTOHS_FP(pkt->rootdelay)),
3283 FPTOD(NTOHS_FP(pkt->rootdisp)), pkt->refid,
3284 len - MIN_V4_PKT_LEN, (u_char *)&pkt->exten);
3285 }
3286
3287
3288 #if !defined(HAVE_IO_COMPLETION_PORT)
3289 #if !defined(HAVE_SIGNALED_IO)
3290 /*
3291 * fdbits - generate ascii representation of fd_set (FAU debug support)
3292 * HFDF format - highest fd first.
3293 */
3294 static char *
3295 fdbits(
3296 int count,
3297 const fd_set* set
3298 )
3299 {
3300 static char buffer[256];
3301 char * buf = buffer;
3302
3303 count = min(count, sizeof(buffer) - 1);
3304
3305 while (count >= 0) {
3306 *buf++ = FD_ISSET(count, set) ? '#' : '-';
3307 count--;
3308 }
3309 *buf = '\0';
3310
3311 return buffer;
3312 }
3313 #endif
3314
3315 #ifdef REFCLOCK
3316 /*
3317 * Routine to read the refclock packets for a specific interface
3318 * Return the number of bytes read. That way we know if we should
3319 * read it again or go on to the next one if no bytes returned
3320 */
3321 static inline int
3322 read_refclock_packet(
3323 SOCKET fd,
3324 struct refclockio * rp,
3325 l_fp ts
3326 )
3327 {
3328 u_int read_count;
3329 int buflen;
3330 int saved_errno;
3331 int consumed;
3332 struct recvbuf * rb;
3333
3334 rb = get_free_recv_buffer(TRUE);
3335
3336 if (NULL == rb) {
3337 /*
3338 * No buffer space available - just drop the 'packet'.
3339 * Since this is a non-blocking character stream we read
3340 * all data that we can.
3341 *
3342 * ...hmmmm... what about "tcflush(fd,TCIFLUSH)" here?!?
3343 */
3344 char buf[128];
3345 do
3346 buflen = read(fd, buf, sizeof(buf));
3347 while (buflen > 0);
3348 packets_dropped++;
3349 return (buflen);
3350 }
3351
3352 /* TALOS-CAN-0064: avoid signed/unsigned clashes that can lead
3353 * to buffer overrun and memory corruption
3354 */
3355 if (rp->datalen <= 0 || (size_t)rp->datalen > sizeof(rb->recv_space))
3356 read_count = sizeof(rb->recv_space);
3357 else
3358 read_count = (u_int)rp->datalen;
3359 do {
3360 buflen = read(fd, (char *)&rb->recv_space, read_count);
3361 } while (buflen < 0 && EINTR == errno);
3362
3363 if (buflen <= 0) {
3364 saved_errno = errno;
3365 freerecvbuf(rb);
3366 errno = saved_errno;
3367 return buflen;
3368 }
3369
3370 /*
3371 * Got one. Mark how and when it got here,
3372 * put it on the full list and do bookkeeping.
3373 */
3374 rb->recv_length = buflen;
3375 rb->recv_peer = rp->srcclock;
3376 rb->dstadr = NULL;
3377 rb->fd = fd;
3378 rb->recv_time = ts;
3379 rb->receiver = rp->clock_recv;
3380
3381 consumed = indicate_refclock_packet(rp, rb);
3382 if (!consumed) {
3383 rp->recvcount++;
3384 packets_received++;
3385 }
3386
3387 return buflen;
3388 }
3389 #endif /* REFCLOCK */
3390
3391
3392 #ifdef HAVE_PACKET_TIMESTAMP
3393 /*
3394 * extract timestamps from control message buffer
3395 */
3396 static l_fp
3397 fetch_timestamp(
3398 struct recvbuf * rb,
3399 struct msghdr * msghdr,
3400 l_fp ts
3401 )
3402 {
3403 struct cmsghdr * cmsghdr;
3404 unsigned long ticks;
3405 double fuzz;
3406 l_fp lfpfuzz;
3407 l_fp nts;
3408 #ifdef DEBUG_TIMING
3409 l_fp dts;
3410 #endif
3411
3412 cmsghdr = CMSG_FIRSTHDR(msghdr);
3413 while (cmsghdr != NULL) {
3414 switch (cmsghdr->cmsg_type)
3415 {
3416 #ifdef HAVE_BINTIME
3417 case SCM_BINTIME:
3418 #endif /* HAVE_BINTIME */
3419 #ifdef HAVE_TIMESTAMPNS
3420 case SCM_TIMESTAMPNS:
3421 #endif /* HAVE_TIMESTAMPNS */
3422 #ifdef HAVE_TIMESTAMP
3423 case SCM_TIMESTAMP:
3424 #endif /* HAVE_TIMESTAMP */
3425 #if defined(HAVE_BINTIME) || defined (HAVE_TIMESTAMPNS) || defined(HAVE_TIMESTAMP)
3426 switch (cmsghdr->cmsg_type)
3427 {
3428 #ifdef HAVE_BINTIME
3429 case SCM_BINTIME:
3430 {
3431 struct bintime pbt;
3432 memcpy(&pbt, CMSG_DATA(cmsghdr), sizeof(pbt));
3433 /*
3434 * bintime documentation is at http://phk.freebsd.dk/pubs/timecounter.pdf
3435 */
3436 nts.l_i = pbt.sec + JAN_1970;
3437 nts.l_uf = (u_int32)(pbt.frac >> 32);
3438 if (sys_tick > measured_tick &&
3439 sys_tick > 1e-9) {
3440 ticks = (unsigned long)(nts.l_uf / (unsigned long)(sys_tick * FRAC));
3441 nts.l_uf = (unsigned long)(ticks * (unsigned long)(sys_tick * FRAC));
3442 }
3443 DPRINTF(4, ("fetch_timestamp: system bintime network time stamp: %ld.%09lu\n",
3444 (long)pbt.sec, (u_long)((nts.l_uf / FRAC) * 1e9)));
3445 }
3446 break;
3447 #endif /* HAVE_BINTIME */
3448 #ifdef HAVE_TIMESTAMPNS
3449 case SCM_TIMESTAMPNS:
3450 {
3451 struct timespec pts;
3452 memcpy(&pts, CMSG_DATA(cmsghdr), sizeof(pts));
3453 if (sys_tick > measured_tick &&
3454 sys_tick > 1e-9) {
3455 ticks = (unsigned long)((pts.tv_nsec * 1e-9) /
3456 sys_tick);
3457 pts.tv_nsec = (long)(ticks * 1e9 *
3458 sys_tick);
3459 }
3460 DPRINTF(4, ("fetch_timestamp: system nsec network time stamp: %ld.%09ld\n",
3461 pts.tv_sec, pts.tv_nsec));
3462 nts = tspec_stamp_to_lfp(pts);
3463 }
3464 break;
3465 #endif /* HAVE_TIMESTAMPNS */
3466 #ifdef HAVE_TIMESTAMP
3467 case SCM_TIMESTAMP:
3468 {
3469 struct timeval ptv;
3470 memcpy(&ptv, CMSG_DATA(cmsghdr), sizeof(ptv));
3471 if (sys_tick > measured_tick &&
3472 sys_tick > 1e-6) {
3473 ticks = (unsigned long)((ptv.tv_usec * 1e-6) /
3474 sys_tick);
3475 ptv.tv_usec = (long)(ticks * 1e6 *
3476 sys_tick);
3477 }
3478 DPRINTF(4, ("fetch_timestamp: system usec network time stamp: %jd.%06ld\n",
3479 (intmax_t)ptv.tv_sec, (long)ptv.tv_usec));
3480 nts = tval_stamp_to_lfp(ptv);
3481 }
3482 break;
3483 #endif /* HAVE_TIMESTAMP */
3484 }
3485 fuzz = ntp_uurandom() * sys_fuzz;
3486 DTOLFP(fuzz, &lfpfuzz);
3487 L_ADD(&nts, &lfpfuzz);
3488 #ifdef DEBUG_TIMING
3489 dts = ts;
3490 L_SUB(&dts, &nts);
3491 collect_timing(rb, "input processing delay", 1,
3492 &dts);
3493 DPRINTF(4, ("fetch_timestamp: timestamp delta: %s (incl. fuzz)\n",
3494 lfptoa(&dts, 9)));
3495 #endif /* DEBUG_TIMING */
3496 ts = nts; /* network time stamp */
3497 break;
3498 #endif /* HAVE_BINTIME || HAVE_TIMESTAMPNS || HAVE_TIMESTAMP */
3499
3500 default:
3501 DPRINTF(4, ("fetch_timestamp: skipping control message 0x%x\n",
3502 cmsghdr->cmsg_type));
3503 }
3504 cmsghdr = CMSG_NXTHDR(msghdr, cmsghdr);
3505 }
3506 return ts;
3507 }
3508 #endif /* HAVE_PACKET_TIMESTAMP */
3509
3510
3511 /*
3512 * Routine to read the network NTP packets for a specific interface
3513 * Return the number of bytes read. That way we know if we should
3514 * read it again or go on to the next one if no bytes returned
3515 */
3516 static inline int
3517 read_network_packet(
3518 SOCKET fd,
3519 endpt * itf,
3520 l_fp ts
3521 )
3522 {
3523 GETSOCKNAME_SOCKLEN_TYPE fromlen;
3524 int buflen;
3525 register struct recvbuf *rb;
3526 #ifdef HAVE_PACKET_TIMESTAMP
3527 struct msghdr msghdr;
3528 struct iovec iovec;
3529 char control[CMSG_BUFSIZE];
3530 #endif
3531
3532 /*
3533 * Get a buffer and read the frame. If we haven't got a buffer,
3534 * or this is received on a disallowed socket, just dump the
3535 * packet.
3536 */
3537
3538 rb = itf->ignore_packets ? NULL : get_free_recv_buffer(FALSE);
3539 if (NULL == rb) {
3540 /* A partial read on a UDP socket truncates the data and
3541 * removes the message from the queue. So there's no
3542 * need to have a full buffer here on the stack.
3543 */
3544 char buf[16];
3545 sockaddr_u from;
3546
3547 if (rb != NULL)
3548 freerecvbuf(rb);
3549
3550 fromlen = sizeof(from);
3551 buflen = recvfrom(fd, buf, sizeof(buf), 0,
3552 &from.sa, &fromlen);
3553 DPRINTF(4, ("%s on (%lu) fd=%d from %s\n",
3554 (itf->ignore_packets)
3555 ? "ignore"
3556 : "drop",
3557 free_recvbuffs(), fd, stoa(&from)));
3558 if (itf->ignore_packets)
3559 packets_ignored++;
3560 else
3561 packets_dropped++;
3562 return (buflen);
3563 }
3564
3565 fromlen = sizeof(rb->recv_srcadr);
3566
3567 #ifndef HAVE_PACKET_TIMESTAMP
3568 rb->recv_length = recvfrom(fd, (char *)&rb->recv_space,
3569 sizeof(rb->recv_space), 0,
3570 &rb->recv_srcadr.sa, &fromlen);
3571 #else
3572 iovec.iov_base = &rb->recv_space;
3573 iovec.iov_len = sizeof(rb->recv_space);
3574 msghdr.msg_name = &rb->recv_srcadr;
3575 msghdr.msg_namelen = fromlen;
3576 msghdr.msg_iov = &iovec;
3577 msghdr.msg_iovlen = 1;
3578 msghdr.msg_control = (void *)&control;
3579 msghdr.msg_controllen = sizeof(control);
3580 msghdr.msg_flags = 0;
3581 rb->recv_length = recvmsg(fd, &msghdr, 0);
3582 #endif
3583
3584 buflen = rb->recv_length;
3585
3586 if (buflen == 0 || (buflen == -1 &&
3587 (EWOULDBLOCK == errno
3588 #ifdef EAGAIN
3589 || EAGAIN == errno
3590 #endif
3591 ))) {
3592 freerecvbuf(rb);
3593 return (buflen);
3594 } else if (buflen < 0) {
3595 msyslog(LOG_ERR, "recvfrom(%s) fd=%d: %m",
3596 stoa(&rb->recv_srcadr), fd);
3597 DPRINTF(5, ("read_network_packet: fd=%d dropped (bad recvfrom)\n",
3598 fd));
3599 freerecvbuf(rb);
3600 return (buflen);
3601 }
3602
3603 DPRINTF(3, ("read_network_packet: fd=%d length %d from %s\n",
3604 fd, buflen, stoa(&rb->recv_srcadr)));
3605
3606 #ifdef ENABLE_BUG3020_FIX
3607 if (ISREFCLOCKADR(&rb->recv_srcadr)) {
3608 msyslog(LOG_ERR, "recvfrom(%s) fd=%d: refclock srcadr on a network interface!",
3609 stoa(&rb->recv_srcadr), fd);
3610 DPRINTF(1, ("read_network_packet: fd=%d dropped (refclock srcadr))\n",
3611 fd));
3612 packets_dropped++;
3613 freerecvbuf(rb);
3614 return (buflen);
3615 }
3616 #endif
3617
3618 /*
3619 ** Bug 2672: Some OSes (MacOSX and Linux) don't block spoofed ::1
3620 */
3621
3622 if ( IS_IPV6(&rb->recv_srcadr)
3623 && IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr))
3624 && !(INT_LOOPBACK & itf->flags)) {
3625
3626 packets_dropped++;
3627 DPRINTF(2, ("DROPPING pkt with spoofed ::1 source on %s\n", latoa(itf)));
3628 freerecvbuf(rb);
3629 return -1;
3630 }
3631
3632 /*
3633 * Got one. Mark how and when it got here,
3634 * put it on the full list and do bookkeeping.
3635 */
3636 rb->dstadr = itf;
3637 rb->fd = fd;
3638 #ifdef HAVE_PACKET_TIMESTAMP
3639 /* pick up a network time stamp if possible */
3640 ts = fetch_timestamp(rb, &msghdr, ts);
3641 #endif
3642 rb->recv_time = ts;
3643 rb->receiver = receive;
3644
3645 add_full_recv_buffer(rb);
3646
3647 itf->received++;
3648 packets_received++;
3649 return (buflen);
3650 }
3651
3652 /*
3653 * attempt to handle io (select()/signaled IO)
3654 */
3655 void
3656 io_handler(void)
3657 {
3658 # ifndef HAVE_SIGNALED_IO
3659 fd_set rdfdes;
3660 int nfound;
3661
3662 /*
3663 * Use select() on all on all input fd's for unlimited
3664 * time. select() will terminate on SIGALARM or on the
3665 * reception of input. Using select() means we can't do
3666 * robust signal handling and we get a potential race
3667 * between checking for alarms and doing the select().
3668 * Mostly harmless, I think.
3669 */
3670 /*
3671 * On VMS, I suspect that select() can't be interrupted
3672 * by a "signal" either, so I take the easy way out and
3673 * have select() time out after one second.
3674 * System clock updates really aren't time-critical,
3675 * and - lacking a hardware reference clock - I have
3676 * yet to learn about anything else that is.
3677 */
3678 ++handler_calls;
3679 rdfdes = activefds;
3680 # if !defined(VMS) && !defined(SYS_VXWORKS)
3681 nfound = select(maxactivefd + 1, &rdfdes, NULL,
3682 NULL, NULL);
3683 # else /* VMS, VxWorks */
3684 /* make select() wake up after one second */
3685 {
3686 struct timeval t1;
3687 t1.tv_sec = 1;
3688 t1.tv_usec = 0;
3689 nfound = select(maxactivefd + 1,
3690 &rdfdes, NULL, NULL,
3691 &t1);
3692 }
3693 # endif /* VMS, VxWorks */
3694 if (nfound < 0 && sanitize_fdset(errno)) {
3695 struct timeval t1;
3696 t1.tv_sec = 0;
3697 t1.tv_usec = 0;
3698 rdfdes = activefds;
3699 nfound = select(maxactivefd + 1,
3700 &rdfdes, NULL, NULL,
3701 &t1);
3702 }
3703
3704 if (nfound > 0) {
3705 l_fp ts;
3706
3707 get_systime(&ts);
3708
3709 input_handler_scan(&ts, &rdfdes);
3710 } else if (nfound == -1 && errno != EINTR) {
3711 msyslog(LOG_ERR, "select() error: %m");
3712 }
3713 # ifdef DEBUG
3714 else if (debug > 4) {
3715 msyslog(LOG_DEBUG, "select(): nfound=%d, error: %m", nfound);
3716 } else {
3717 DPRINTF(3, ("select() returned %d: %m\n", nfound));
3718 }
3719 # endif /* DEBUG */
3720 # else /* HAVE_SIGNALED_IO */
3721 wait_for_signal();
3722 # endif /* HAVE_SIGNALED_IO */
3723 }
3724
3725 #ifdef HAVE_SIGNALED_IO
3726 /*
3727 * input_handler - receive packets asynchronously
3728 *
3729 * ALWAYS IN SIGNAL HANDLER CONTEXT -- only async-safe functions allowed!
3730 */
3731 static RETSIGTYPE
3732 input_handler(
3733 l_fp * cts
3734 )
3735 {
3736 int n;
3737 struct timeval tvzero;
3738 fd_set fds;
3739
3740 ++handler_calls;
3741
3742 /*
3743 * Do a poll to see who has data
3744 */
3745
3746 fds = activefds;
3747 tvzero.tv_sec = tvzero.tv_usec = 0;
3748
3749 n = select(maxactivefd + 1, &fds, NULL, NULL, &tvzero);
3750 if (n < 0 && sanitize_fdset(errno)) {
3751 fds = activefds;
3752 tvzero.tv_sec = tvzero.tv_usec = 0;
3753 n = select(maxactivefd + 1, &fds, NULL, NULL, &tvzero);
3754 }
3755 if (n > 0)
3756 input_handler_scan(cts, &fds);
3757 }
3758 #endif /* HAVE_SIGNALED_IO */
3759
3760
3761 /*
3762 * Try to sanitize the global FD set
3763 *
3764 * SIGNAL HANDLER CONTEXT if HAVE_SIGNALED_IO, ordinary userspace otherwise
3765 */
3766 static int/*BOOL*/
3767 sanitize_fdset(
3768 int errc
3769 )
3770 {
3771 int j, b, maxscan;
3772
3773 # ifndef HAVE_SIGNALED_IO
3774 /*
3775 * extended FAU debugging output
3776 */
3777 if (errc != EINTR) {
3778 msyslog(LOG_ERR,
3779 "select(%d, %s, 0L, 0L, &0.0) error: %m",
3780 maxactivefd + 1,
3781 fdbits(maxactivefd, &activefds));
3782 }
3783 # endif
3784
3785 if (errc != EBADF)
3786 return FALSE;
3787
3788 /* if we have oviously bad FDs, try to sanitize the FD set. */
3789 for (j = 0, maxscan = 0; j <= maxactivefd; j++) {
3790 if (FD_ISSET(j, &activefds)) {
3791 if (-1 != read(j, &b, 0)) {
3792 maxscan = j;
3793 continue;
3794 }
3795 # ifndef HAVE_SIGNALED_IO
3796 msyslog(LOG_ERR,
3797 "Removing bad file descriptor %d from select set",
3798 j);
3799 # endif
3800 FD_CLR(j, &activefds);
3801 }
3802 }
3803 if (maxactivefd != maxscan)
3804 maxactivefd = maxscan;
3805 return TRUE;
3806 }
3807
3808 /*
3809 * scan the known FDs (clocks, servers, ...) for presence in a 'fd_set'.
3810 *
3811 * SIGNAL HANDLER CONTEXT if HAVE_SIGNALED_IO, ordinary userspace otherwise
3812 */
3813 static void
3814 input_handler_scan(
3815 const l_fp * cts,
3816 const fd_set * pfds
3817 )
3818 {
3819 int buflen;
3820 u_int idx;
3821 int doing;
3822 SOCKET fd;
3823 blocking_child *c;
3824 l_fp ts; /* Timestamp at BOselect() gob */
3825
3826 #if defined(DEBUG_TIMING)
3827 l_fp ts_e; /* Timestamp at EOselect() gob */
3828 #endif
3829 endpt * ep;
3830 #ifdef REFCLOCK
3831 struct refclockio *rp;
3832 int saved_errno;
3833 const char * clk;
3834 #endif
3835 #ifdef HAS_ROUTING_SOCKET
3836 struct asyncio_reader * asyncio_reader;
3837 struct asyncio_reader * next_asyncio_reader;
3838 #endif
3839
3840 ++handler_pkts;
3841 ts = *cts;
3842
3843 #ifdef REFCLOCK
3844 /*
3845 * Check out the reference clocks first, if any
3846 */
3847
3848 for (rp = refio; rp != NULL; rp = rp->next) {
3849 fd = rp->fd;
3850
3851 if (!FD_ISSET(fd, pfds))
3852 continue;
3853 buflen = read_refclock_packet(fd, rp, ts);
3854 /*
3855 * The first read must succeed after select() indicates
3856 * readability, or we've reached a permanent EOF.
3857 * http://bugs.ntp.org/1732 reported ntpd munching CPU
3858 * after a USB GPS was unplugged because select was
3859 * indicating EOF but ntpd didn't remove the descriptor
3860 * from the activefds set.
3861 */
3862 if (buflen < 0 && EAGAIN != errno) {
3863 saved_errno = errno;
3864 clk = refnumtoa(&rp->srcclock->srcadr);
3865 errno = saved_errno;
3866 msyslog(LOG_ERR, "%s read: %m", clk);
3867 maintain_activefds(fd, TRUE);
3868 } else if (0 == buflen) {
3869 clk = refnumtoa(&rp->srcclock->srcadr);
3870 msyslog(LOG_ERR, "%s read EOF", clk);
3871 maintain_activefds(fd, TRUE);
3872 } else {
3873 /* drain any remaining refclock input */
3874 do {
3875 buflen = read_refclock_packet(fd, rp, ts);
3876 } while (buflen > 0);
3877 }
3878 }
3879 #endif /* REFCLOCK */
3880
3881 /*
3882 * Loop through the interfaces looking for data to read.
3883 */
3884 for (ep = ep_list; ep != NULL; ep = ep->elink) {
3885 for (doing = 0; doing < 2; doing++) {
3886 if (!doing) {
3887 fd = ep->fd;
3888 } else {
3889 if (!(ep->flags & INT_BCASTOPEN))
3890 break;
3891 fd = ep->bfd;
3892 }
3893 if (fd < 0)
3894 continue;
3895 if (FD_ISSET(fd, pfds))
3896 do {
3897 buflen = read_network_packet(
3898 fd, ep, ts);
3899 } while (buflen > 0);
3900 /* Check more interfaces */
3901 }
3902 }
3903
3904 #ifdef HAS_ROUTING_SOCKET
3905 /*
3906 * scan list of asyncio readers - currently only used for routing sockets
3907 */
3908 asyncio_reader = asyncio_reader_list;
3909
3910 while (asyncio_reader != NULL) {
3911 /* callback may unlink and free asyncio_reader */
3912 next_asyncio_reader = asyncio_reader->link;
3913 if (FD_ISSET(asyncio_reader->fd, pfds))
3914 (*asyncio_reader->receiver)(asyncio_reader);
3915 asyncio_reader = next_asyncio_reader;
3916 }
3917 #endif /* HAS_ROUTING_SOCKET */
3918
3919 /*
3920 * Check for a response from a blocking child
3921 */
3922 for (idx = 0; idx < blocking_children_alloc; idx++) {
3923 c = blocking_children[idx];
3924 if (NULL == c || -1 == c->resp_read_pipe)
3925 continue;
3926 if (FD_ISSET(c->resp_read_pipe, pfds)) {
3927 ++c->resp_ready_seen;
3928 ++blocking_child_ready_seen;
3929 }
3930 }
3931
3932 /* We've done our work */
3933 #if defined(DEBUG_TIMING)
3934 get_systime(&ts_e);
3935 /*
3936 * (ts_e - ts) is the amount of time we spent
3937 * processing this gob of file descriptors. Log
3938 * it.
3939 */
3940 L_SUB(&ts_e, &ts);
3941 collect_timing(NULL, "input handler", 1, &ts_e);
3942 if (debug > 3)
3943 msyslog(LOG_DEBUG,
3944 "input_handler: Processed a gob of fd's in %s msec",
3945 lfptoms(&ts_e, 6));
3946 #endif /* DEBUG_TIMING */
3947 }
3948 #endif /* !HAVE_IO_COMPLETION_PORT */
3949
3950 /*
3951 * find an interface suitable for the src address
3952 */
3953 endpt *
3954 select_peerinterface(
3955 struct peer * peer,
3956 sockaddr_u * srcadr,
3957 endpt * dstadr
3958 )
3959 {
3960 endpt *ep;
3961 #ifndef SIM
3962 endpt *wild;
3963
3964 wild = ANY_INTERFACE_CHOOSE(srcadr);
3965
3966 /*
3967 * Initialize the peer structure and dance the interface jig.
3968 * Reference clocks step the loopback waltz, the others
3969 * squaredance around the interface list looking for a buddy. If
3970 * the dance peters out, there is always the wildcard interface.
3971 * This might happen in some systems and would preclude proper
3972 * operation with public key cryptography.
3973 */
3974 if (ISREFCLOCKADR(srcadr)) {
3975 ep = loopback_interface;
3976 } else if (peer->cast_flags &
3977 (MDF_BCLNT | MDF_ACAST | MDF_MCAST | MDF_BCAST)) {
3978 ep = findbcastinter(srcadr);
3979 if (ep != NULL)
3980 DPRINTF(4, ("Found *-cast interface %s for address %s\n",
3981 stoa(&ep->sin), stoa(srcadr)));
3982 else
3983 DPRINTF(4, ("No *-cast local address found for address %s\n",
3984 stoa(srcadr)));
3985 } else {
3986 ep = dstadr;
3987 if (NULL == ep) {
3988 ep = wild;
3989 }
3990 }
3991 /*
3992 * If it is a multicast address, findbcastinter() may not find
3993 * it. For unicast, we get to find the interface when dstadr is
3994 * given to us as the wildcard (ANY_INTERFACE_CHOOSE). Either
3995 * way, try a little harder.
3996 */
3997 if (wild == ep) {
3998 ep = findinterface(srcadr);
3999 }
4000 /*
4001 * we do not bind to the wildcard interfaces for output
4002 * as our (network) source address would be undefined and
4003 * crypto will not work without knowing the own transmit address
4004 */
4005 if (ep != NULL && (INT_WILDCARD & ep->flags)) {
4006 if (!accept_wildcard_if_for_winnt) {
4007 ep = NULL;
4008 }
4009 }
4010 #else /* SIM follows */
4011 ep = loopback_interface;
4012 #endif
4013
4014 return ep;
4015 }
4016
4017
4018 /*
4019 * findinterface - find local interface corresponding to address
4020 */
4021 endpt *
4022 findinterface(
4023 sockaddr_u *addr
4024 )
4025 {
4026 endpt *iface;
4027
4028 iface = findlocalinterface(addr, INT_WILDCARD, 0);
4029
4030 if (NULL == iface) {
4031 DPRINTF(4, ("Found no interface for address %s - returning wildcard\n",
4032 stoa(addr)));
4033
4034 iface = ANY_INTERFACE_CHOOSE(addr);
4035 } else
4036 DPRINTF(4, ("Found interface #%d %s for address %s\n",
4037 iface->ifnum, iface->name, stoa(addr)));
4038
4039 return iface;
4040 }
4041
4042 /*
4043 * findlocalinterface - find local interface corresponding to addr,
4044 * which does not have any of flags set. If bcast is nonzero, addr is
4045 * a broadcast address.
4046 *
4047 * This code attempts to find the local sending address for an outgoing
4048 * address by connecting a new socket to destinationaddress:NTP_PORT
4049 * and reading the sockname of the resulting connect.
4050 * the complicated sequence simulates the routing table lookup
4051 * for to first hop without duplicating any of the routing logic into
4052 * ntpd. preferably we would have used an API call - but its not there -
4053 * so this is the best we can do here short of duplicating to entire routing
4054 * logic in ntpd which would be a silly and really unportable thing to do.
4055 *
4056 */
4057 static endpt *
4058 findlocalinterface(
4059 sockaddr_u * addr,
4060 int flags,
4061 int bcast
4062 )
4063 {
4064 GETSOCKNAME_SOCKLEN_TYPE sockaddrlen;
4065 endpt * iface;
4066 sockaddr_u saddr;
4067 SOCKET s;
4068 int rtn;
4069 int on;
4070
4071 DPRINTF(4, ("Finding interface for addr %s in list of addresses\n",
4072 stoa(addr)));
4073
4074 /* [Bug 3437] The prototype POOL peer can be AF_UNSPEC.
4075 * This is bound to fail, but on the way to nowhere it
4076 * triggers a security incident on SELinux.
4077 *
4078 * Checking the condition and failing early is probably good
4079 * advice, and even saves us some syscalls in that case.
4080 * Thanks to Miroslav Lichvar for finding this.
4081 */
4082 if (AF_UNSPEC == AF(addr)) {
4083 return NULL;
4084 }
4085 s = socket(AF(addr), SOCK_DGRAM, 0);
4086 if (INVALID_SOCKET == s) {
4087 return NULL;
4088 }
4089 /*
4090 * If we are looking for broadcast interface we need to set this
4091 * socket to allow broadcast
4092 */
4093 if (bcast) {
4094 on = 1;
4095 if (SOCKET_ERROR == setsockopt(s, SOL_SOCKET,
4096 SO_BROADCAST,
4097 (void *)&on,
4098 sizeof(on))) {
4099 closesocket(s);
4100 return NULL;
4101 }
4102 }
4103
4104 rtn = connect(s, &addr->sa, SOCKLEN(addr));
4105 if (SOCKET_ERROR == rtn) {
4106 closesocket(s);
4107 return NULL;
4108 }
4109
4110 sockaddrlen = sizeof(saddr);
4111 rtn = getsockname(s, &saddr.sa, &sockaddrlen);
4112 closesocket(s);
4113 if (SOCKET_ERROR == rtn)
4114 return NULL;
4115
4116 DPRINTF(4, ("findlocalinterface: kernel maps %s to %s\n",
4117 stoa(addr), stoa(&saddr)));
4118
4119 iface = getinterface(&saddr, flags);
4120
4121 /*
4122 * if we didn't find an exact match on saddr, find the closest
4123 * available local address. This handles the case of the
4124 * address suggested by the kernel being excluded by nic rules
4125 * or the user's -I and -L options to ntpd.
4126 * See http://bugs.ntp.org/1184 and http://bugs.ntp.org/1683
4127 * for more background.
4128 */
4129 if (NULL == iface || iface->ignore_packets) {
4130 iface = findclosestinterface(&saddr,
4131 flags | INT_LOOPBACK);
4132 }
4133 /*
4134 * Don't select an interface which will ignore replies, or one
4135 * dedicated to multicast receive.
4136 */
4137 if ( iface != NULL
4138 && (iface->ignore_packets || (INT_MCASTIF & iface->flags))) {
4139 iface = NULL;
4140 }
4141 return iface;
4142 }
4143
4144
4145 /*
4146 * findclosestinterface
4147 *
4148 * If there are -I/--interface or -L/novirtualips command-line options,
4149 * or "nic" or "interface" rules in ntp.conf, findlocalinterface() may
4150 * find the kernel's preferred local address for a given peer address is
4151 * administratively unavailable to ntpd, and punt to this routine's more
4152 * expensive search.
4153 *
4154 * Find the numerically closest local address to the one connect()
4155 * suggested. This matches an address on the same subnet first, as
4156 * needed by Bug 1184, and provides a consistent choice if there are
4157 * multiple feasible local addresses, regardless of the order ntpd
4158 * enumerated them.
4159 */
4160 endpt *
4161 findclosestinterface(
4162 sockaddr_u * addr,
4163 int flags
4164 )
4165 {
4166 endpt * ep;
4167 endpt * winner;
4168 sockaddr_u addr_dist;
4169 sockaddr_u min_dist;
4170
4171 ZERO_SOCK(&min_dist);
4172 winner = NULL;
4173
4174 for (ep = ep_list; ep != NULL; ep = ep->elink) {
4175 if (ep->ignore_packets ||
4176 AF(addr) != ep->family ||
4177 flags & ep->flags)
4178 continue;
4179
4180 calc_addr_distance(&addr_dist, addr, &ep->sin);
4181 if (NULL == winner ||
4182 -1 == cmp_addr_distance(&addr_dist, &min_dist)) {
4183 min_dist = addr_dist;
4184 winner = ep;
4185 }
4186 }
4187 if (NULL == winner)
4188 DPRINTF(4, ("findclosestinterface(%s) failed\n",
4189 stoa(addr)));
4190 else
4191 DPRINTF(4, ("findclosestinterface(%s) -> %s\n",
4192 stoa(addr), stoa(&winner->sin)));
4193
4194 return winner;
4195 }
4196
4197
4198 /*
4199 * calc_addr_distance - calculate the distance between two addresses,
4200 * the absolute value of the difference between
4201 * the addresses numerically, stored as an address.
4202 */
4203 static void
4204 calc_addr_distance(
4205 sockaddr_u * dist,
4206 const sockaddr_u * a1,
4207 const sockaddr_u * a2
4208 )
4209 {
4210 u_char * pdist;
4211 const u_char * p1;
4212 const u_char * p2;
4213 size_t cb;
4214 int different;
4215 int a1_greater;
4216 u_int u;
4217
4218 REQUIRE(AF(a1) == AF(a2));
4219
4220 ZERO_SOCK(dist);
4221 AF(dist) = AF(a1);
4222
4223 if (IS_IPV4(a1)) {
4224 pdist = ( u_char *)&NSRCADR(dist);
4225 p1 = (const u_char *)&NSRCADR(a1);
4226 p2 = (const u_char *)&NSRCADR(a2);
4227 } else {
4228 pdist = ( u_char *)&NSRCADR(dist);
4229 p1 = (const u_char *)&NSRCADR(a1);
4230 p2 = (const u_char *)&NSRCADR(a2);
4231 }
4232 cb = SIZEOF_INADDR(AF(dist));
4233 different = FALSE;
4234 a1_greater = FALSE;
4235 for (u = 0; u < cb; u++) {
4236 if (!different && p1[u] != p2[u]) {
4237 a1_greater = (p1[u] > p2[u]);
4238 different = TRUE;
4239 }
4240 if (a1_greater) {
4241 pdist[u] = p1[u] - p2[u];
4242 } else {
4243 pdist[u] = p2[u] - p1[u];
4244 }
4245 }
4246 }
4247
4248
4249 /*
4250 * cmp_addr_distance - compare two address distances, returning -1, 0,
4251 * 1 to indicate their relationship.
4252 */
4253 static int
4254 cmp_addr_distance(
4255 const sockaddr_u * d1,
4256 const sockaddr_u * d2
4257 )
4258 {
4259 int i;
4260
4261 REQUIRE(AF(d1) == AF(d2));
4262
4263 if (IS_IPV4(d1)) {
4264 if (SRCADR(d1) < SRCADR(d2))
4265 return -1;
4266 else if (SRCADR(d1) == SRCADR(d2))
4267 return 0;
4268 else
4269 return 1;
4270 }
4271
4272 for (i = 0; i < (int)sizeof(NSRCADR6(d1)); i++) {
4273 if (NSRCADR6(d1)[i] < NSRCADR6(d2)[i])
4274 return -1;
4275 else if (NSRCADR6(d1)[i] > NSRCADR6(d2)[i])
4276 return 1;
4277 }
4278
4279 return 0;
4280 }
4281
4282
4283
4284 /*
4285 * fetch an interface structure the matches the
4286 * address and has the given flags NOT set
4287 */
4288 endpt *
4289 getinterface(
4290 sockaddr_u * addr,
4291 u_int32 flags
4292 )
4293 {
4294 endpt *iface;
4295
4296 iface = find_addr_in_list(addr);
4297
4298 if (iface != NULL && (iface->flags & flags))
4299 iface = NULL;
4300
4301 return iface;
4302 }
4303
4304
4305 /*
4306 * findbcastinter - find broadcast interface corresponding to address
4307 */
4308 endpt *
4309 findbcastinter(
4310 sockaddr_u *addr
4311 )
4312 {
4313 endpt * iface;
4314
4315 iface = NULL;
4316 #if !defined(MPE) && (defined(SIOCGIFCONF) || defined(SYS_WINNT))
4317 DPRINTF(4, ("Finding broadcast/multicast interface for addr %s in list of addresses\n",
4318 stoa(addr)));
4319
4320 iface = findlocalinterface(addr, INT_LOOPBACK | INT_WILDCARD,
4321 1);
4322 if (iface != NULL) {
4323 DPRINTF(4, ("Easily found bcast-/mcast- interface index #%d %s\n",
4324 iface->ifnum, iface->name));
4325 return iface;
4326 }
4327
4328 /*
4329 * plan B - try to find something reasonable in our lists in
4330 * case kernel lookup doesn't help
4331 */
4332 for (iface = ep_list; iface != NULL; iface = iface->elink) {
4333 if (iface->flags & INT_WILDCARD)
4334 continue;
4335
4336 /* Don't bother with ignored interfaces */
4337 if (iface->ignore_packets)
4338 continue;
4339
4340 /*
4341 * First look if this is the correct family
4342 */
4343 if(AF(&iface->sin) != AF(addr))
4344 continue;
4345
4346 /* Skip the loopback addresses */
4347 if (iface->flags & INT_LOOPBACK)
4348 continue;
4349
4350 /*
4351 * If we are looking to match a multicast address and
4352 * this interface is one...
4353 */
4354 if (addr_ismulticast(addr)
4355 && (iface->flags & INT_MULTICAST)) {
4356 #ifdef INCLUDE_IPV6_SUPPORT
4357 /*
4358 * ...it is the winner unless we're looking for
4359 * an interface to use for link-local multicast
4360 * and its address is not link-local.
4361 */
4362 if (IS_IPV6(addr)
4363 && IN6_IS_ADDR_MC_LINKLOCAL(PSOCK_ADDR6(addr))
4364 && !IN6_IS_ADDR_LINKLOCAL(PSOCK_ADDR6(&iface->sin)))
4365 continue;
4366 #endif
4367 break;
4368 }
4369
4370 /*
4371 * We match only those interfaces marked as
4372 * broadcastable and either the explicit broadcast
4373 * address or the network portion of the IP address.
4374 * Sloppy.
4375 */
4376 if (IS_IPV4(addr)) {
4377 if (SOCK_EQ(&iface->bcast, addr))
4378 break;
4379
4380 if ((NSRCADR(&iface->sin) & NSRCADR(&iface->mask))
4381 == (NSRCADR(addr) & NSRCADR(&iface->mask)))
4382 break;
4383 }
4384 #ifdef INCLUDE_IPV6_SUPPORT
4385 else if (IS_IPV6(addr)) {
4386 if (SOCK_EQ(&iface->bcast, addr))
4387 break;
4388
4389 if (SOCK_EQ(netof(&iface->sin), netof(addr)))
4390 break;
4391 }
4392 #endif
4393 }
4394 #endif /* SIOCGIFCONF */
4395 if (NULL == iface) {
4396 DPRINTF(4, ("No bcast interface found for %s\n",
4397 stoa(addr)));
4398 iface = ANY_INTERFACE_CHOOSE(addr);
4399 } else {
4400 DPRINTF(4, ("Found bcast-/mcast- interface index #%d %s\n",
4401 iface->ifnum, iface->name));
4402 }
4403
4404 return iface;
4405 }
4406
4407
4408 /*
4409 * io_clr_stats - clear I/O module statistics
4410 */
4411 void
4412 io_clr_stats(void)
4413 {
4414 packets_dropped = 0;
4415 packets_ignored = 0;
4416 packets_received = 0;
4417 packets_sent = 0;
4418 packets_notsent = 0;
4419
4420 handler_calls = 0;
4421 handler_pkts = 0;
4422 io_timereset = current_time;
4423 }
4424
4425
4426 #ifdef REFCLOCK
4427 /*
4428 * io_addclock - add a reference clock to the list and arrange that we
4429 * get SIGIO interrupts from it.
4430 */
4431 int
4432 io_addclock(
4433 struct refclockio *rio
4434 )
4435 {
4436 BLOCKIO();
4437
4438 /*
4439 * Stuff the I/O structure in the list and mark the descriptor
4440 * in use. There is a harmless (I hope) race condition here.
4441 */
4442 rio->active = TRUE;
4443
4444 # ifdef HAVE_SIGNALED_IO
4445 if (init_clock_sig(rio)) {
4446 UNBLOCKIO();
4447 return 0;
4448 }
4449 # elif defined(HAVE_IO_COMPLETION_PORT)
4450 if (!io_completion_port_add_clock_io(rio)) {
4451 UNBLOCKIO();
4452 return 0;
4453 }
4454 # endif
4455
4456 /*
4457 * enqueue
4458 */
4459 LINK_SLIST(refio, rio, next);
4460
4461 /*
4462 * register fd
4463 */
4464 add_fd_to_list(rio->fd, FD_TYPE_FILE);
4465
4466 UNBLOCKIO();
4467 return 1;
4468 }
4469
4470
4471 /*
4472 * io_closeclock - close the clock in the I/O structure given
4473 */
4474 void
4475 io_closeclock(
4476 struct refclockio *rio
4477 )
4478 {
4479 struct refclockio *unlinked;
4480
4481 BLOCKIO();
4482
4483 /*
4484 * Remove structure from the list
4485 */
4486 rio->active = FALSE;
4487 UNLINK_SLIST(unlinked, refio, rio, next, struct refclockio);
4488 if (NULL != unlinked) {
4489 /* Close the descriptor. The order of operations is
4490 * important here in case of async / overlapped IO:
4491 * only after we have removed the clock from the
4492 * IO completion port we can be sure no further
4493 * input is queued. So...
4494 * - we first disable feeding to the queu by removing
4495 * the clock from the IO engine
4496 * - close the file (which brings down any IO on it)
4497 * - clear the buffer from results for this fd
4498 */
4499 # ifdef HAVE_IO_COMPLETION_PORT
4500 io_completion_port_remove_clock_io(rio);
4501 # endif
4502 close_and_delete_fd_from_list(rio->fd, NULL);
4503 purge_recv_buffers_for_fd(rio->fd);
4504 rio->fd = -1;
4505 }
4506
4507 UNBLOCKIO();
4508 }
4509 #endif /* REFCLOCK */
4510
4511
4512 /*
4513 * On NT a SOCKET is an unsigned int so we cannot possibly keep it in
4514 * an array. So we use one of the ISC_LIST functions to hold the
4515 * socket value and use that when we want to enumerate it.
4516 *
4517 * This routine is called by the forked intres child process to close
4518 * all open sockets. On Windows there's no need as intres runs in
4519 * the same process as a thread.
4520 */
4521 #ifndef SYS_WINNT
4522 void
4523 kill_asyncio(
4524 int startfd
4525 )
4526 {
4527 BLOCKIO();
4528
4529 /*
4530 * In the child process we do not maintain activefds and
4531 * maxactivefd. Zeroing maxactivefd disables code which
4532 * maintains it in close_and_delete_fd_from_list().
4533 */
4534 maxactivefd = 0;
4535
4536 while (fd_list != NULL)
4537 close_and_delete_fd_from_list(fd_list->fd, NULL);
4538
4539 UNBLOCKIO();
4540 }
4541 #endif /* !SYS_WINNT */
4542
4543
4544 /*
4545 * Add and delete functions for the list of input file descriptors
4546 */
4547 static void
4548 add_fd_to_list(
4549 SOCKET fd,
4550 enum desc_type type
4551 )
4552 {
4553 vsock_t *lsock = emalloc(sizeof(*lsock));
4554
4555 lsock->fd = fd;
4556 lsock->type = type;
4557
4558 LINK_SLIST(fd_list, lsock, link);
4559 maintain_activefds(fd, 0);
4560 }
4561
4562
4563 static void
4564 close_and_delete_fd_from_list(
4565 SOCKET fd,
4566 endpt *ep /* req. if fd is in struct endpt */
4567 )
4568 {
4569 vsock_t *lsock;
4570
4571 UNLINK_EXPR_SLIST(lsock, fd_list, fd ==
4572 UNLINK_EXPR_SLIST_CURRENT()->fd, link, vsock_t);
4573
4574 if (NULL == lsock)
4575 return;
4576
4577 switch (lsock->type) {
4578
4579 case FD_TYPE_SOCKET:
4580 #ifdef HAVE_IO_COMPLETION_PORT
4581 if (ep != NULL) {
4582 io_completion_port_remove_socket(fd, ep);
4583 }
4584 #endif
4585 closesocket(lsock->fd);
4586 break;
4587
4588 case FD_TYPE_FILE:
4589 closeserial((int)lsock->fd);
4590 break;
4591
4592 default:
4593 msyslog(LOG_ERR,
4594 "internal error - illegal descriptor type %d - EXITING",
4595 (int)lsock->type);
4596 exit(1);
4597 }
4598
4599 free(lsock);
4600 /*
4601 * remove from activefds
4602 */
4603 maintain_activefds(fd, 1);
4604 }
4605
4606
4607 static void
4608 add_addr_to_list(
4609 sockaddr_u * addr,
4610 endpt * ep
4611 )
4612 {
4613 remaddr_t *laddr;
4614
4615 #ifdef DEBUG
4616 if (find_addr_in_list(addr) == NULL) {
4617 #endif
4618 /* not there yet - add to list */
4619 laddr = emalloc(sizeof(*laddr));
4620 laddr->addr = *addr;
4621 laddr->ep = ep;
4622
4623 LINK_SLIST(remoteaddr_list, laddr, link);
4624
4625 DPRINTF(4, ("Added addr %s to list of addresses\n",
4626 stoa(addr)));
4627 #ifdef DEBUG
4628 } else
4629 DPRINTF(4, ("WARNING: Attempt to add duplicate addr %s to address list\n",
4630 stoa(addr)));
4631 #endif
4632 }
4633
4634
4635 static void
4636 delete_addr_from_list(
4637 sockaddr_u *addr
4638 )
4639 {
4640 remaddr_t *unlinked;
4641
4642 UNLINK_EXPR_SLIST(unlinked, remoteaddr_list, SOCK_EQ(addr,
4643 &(UNLINK_EXPR_SLIST_CURRENT()->addr)), link, remaddr_t);
4644
4645 if (unlinked != NULL) {
4646 DPRINTF(4, ("Deleted addr %s from list of addresses\n",
4647 stoa(addr)));
4648 free(unlinked);
4649 }
4650 }
4651
4652
4653 static void
4654 delete_interface_from_list(
4655 endpt *iface
4656 )
4657 {
4658 remaddr_t *unlinked;
4659
4660 for (;;) {
4661 UNLINK_EXPR_SLIST(unlinked, remoteaddr_list, iface ==
4662 UNLINK_EXPR_SLIST_CURRENT()->ep, link,
4663 remaddr_t);
4664
4665 if (unlinked == NULL)
4666 break;
4667 DPRINTF(4, ("Deleted addr %s for interface #%d %s from list of addresses\n",
4668 stoa(&unlinked->addr), iface->ifnum,
4669 iface->name));
4670 free(unlinked);
4671 }
4672 }
4673
4674
4675 static endpt *
4676 find_addr_in_list(
4677 sockaddr_u *addr
4678 )
4679 {
4680 remaddr_t *entry;
4681
4682 DPRINTF(4, ("Searching for addr %s in list of addresses - ",
4683 stoa(addr)));
4684
4685 for (entry = remoteaddr_list;
4686 entry != NULL;
4687 entry = entry->link)
4688 if (SOCK_EQ(&entry->addr, addr)) {
4689 DPRINTF(4, ("FOUND\n"));
4690 return entry->ep;
4691 }
4692
4693 DPRINTF(4, ("NOT FOUND\n"));
4694 return NULL;
4695 }
4696
4697
4698 /*
4699 * Find the given address with the all given flags set in the list
4700 */
4701 static endpt *
4702 find_flagged_addr_in_list(
4703 sockaddr_u * addr,
4704 u_int32 flags
4705 )
4706 {
4707 remaddr_t *entry;
4708
4709 DPRINTF(4, ("Finding addr %s with flags %d in list: ",
4710 stoa(addr), flags));
4711
4712 for (entry = remoteaddr_list;
4713 entry != NULL;
4714 entry = entry->link)
4715
4716 if (SOCK_EQ(&entry->addr, addr)
4717 && (entry->ep->flags & flags) == flags) {
4718
4719 DPRINTF(4, ("FOUND\n"));
4720 return entry->ep;
4721 }
4722
4723 DPRINTF(4, ("NOT FOUND\n"));
4724 return NULL;
4725 }
4726
4727
4728 const char *
4729 localaddrtoa(
4730 endpt *la
4731 )
4732 {
4733 return (NULL == la)
4734 ? "<null>"
4735 : stoa(&la->sin);
4736 }
4737
4738
4739 #ifdef HAS_ROUTING_SOCKET
4740 # ifndef UPDATE_GRACE
4741 # define UPDATE_GRACE 3 /* min. UPDATE_GRACE - 1 seconds before scanning */
4742 # endif
4743
4744 static void
4745 process_routing_msgs(struct asyncio_reader *reader)
4746 {
4747 static void * buffer;
4748 static size_t buffsz = 8192;
4749 int cnt, new, msg_type;
4750 socklen_t len;
4751 #ifdef HAVE_RTNETLINK
4752 struct nlmsghdr *nh;
4753 #else
4754 struct rt_msghdr rtm;
4755 char *p;
4756 char *endp;
4757 #endif
4758
4759 if (scan_addrs_once) {
4760 /*
4761 * discard ourselves if we are not needed any more
4762 * usually happens when running unprivileged
4763 */
4764 goto disable;
4765 }
4766
4767 if (NULL == buffer) {
4768 buffer = emalloc(buffsz);
4769 }
4770
4771 cnt = read(reader->fd, buffer, buffsz);
4772
4773 if (cnt < 0) {
4774 if (errno == ENOBUFS) {
4775 /* increase socket buffer by 25% */
4776 len = sizeof cnt;
4777 if (0 > getsockopt(reader->fd, SOL_SOCKET, SO_RCVBUF, &cnt, &len) ||
4778 sizeof cnt != len) {
4779 msyslog(LOG_ERR,
4780 "routing getsockopt SO_RCVBUF %u %u: %m - disabling",
4781 (u_int)cnt, (u_int)sizeof cnt);
4782 goto disable;
4783 }
4784 new = cnt + (cnt / 4);
4785 if (0 > setsockopt(reader->fd, SOL_SOCKET, SO_RCVBUF, &new, sizeof new)) {
4786 msyslog(LOG_ERR,
4787 "routing setsockopt SO_RCVBUF %d -> %d: %m - disabling",
4788 cnt, new);
4789 goto disable;
4790 }
4791 } else {
4792 msyslog(LOG_ERR,
4793 "routing socket reports: %m - disabling");
4794 disable:
4795 remove_asyncio_reader(reader);
4796 delete_asyncio_reader(reader);
4797 return;
4798 }
4799 }
4800
4801 /*
4802 * process routing message
4803 */
4804 #ifdef HAVE_RTNETLINK
4805 for (nh = buffer; NLMSG_OK(nh, cnt); nh = NLMSG_NEXT(nh, cnt))
4806 {
4807 msg_type = nh->nlmsg_type;
4808 #else
4809 for (p = buffer, endp = p + cnt;
4810 (p + sizeof(struct rt_msghdr)) <= endp;
4811 p += rtm.rtm_msglen)
4812 {
4813 memcpy(&rtm, p, sizeof(rtm));
4814 if (rtm.rtm_version != RTM_VERSION) {
4815 msyslog(LOG_ERR,
4816 "version mismatch (got %d - expected %d) on routing socket - disabling",
4817 rtm.rtm_version, RTM_VERSION);
4818
4819 remove_asyncio_reader(reader);
4820 delete_asyncio_reader(reader);
4821 return;
4822 }
4823 msg_type = rtm.rtm_type;
4824 #endif /* !HAVE_RTNETLINK */
4825 switch (msg_type) {
4826 #ifdef RTM_NEWADDR
4827 case RTM_NEWADDR:
4828 #endif
4829 #ifdef RTM_DELADDR
4830 case RTM_DELADDR:
4831 #endif
4832 #ifdef RTM_ADD
4833 case RTM_ADD:
4834 #endif
4835 #ifdef RTM_DELETE
4836 case RTM_DELETE:
4837 #endif
4838 #ifdef RTM_REDIRECT
4839 case RTM_REDIRECT:
4840 #endif
4841 #ifdef RTM_CHANGE
4842 case RTM_CHANGE:
4843 #endif
4844 #ifdef RTM_LOSING
4845 case RTM_LOSING:
4846 #endif
4847 #ifdef RTM_IFINFO
4848 case RTM_IFINFO:
4849 #endif
4850 #ifdef RTM_IFANNOUNCE
4851 case RTM_IFANNOUNCE:
4852 #endif
4853 #ifdef RTM_NEWLINK
4854 case RTM_NEWLINK:
4855 #endif
4856 #ifdef RTM_DELLINK
4857 case RTM_DELLINK:
4858 #endif
4859 #ifdef RTM_NEWROUTE
4860 case RTM_NEWROUTE:
4861 #endif
4862 #ifdef RTM_DELROUTE
4863 case RTM_DELROUTE:
4864 #endif
4865 /*
4866 * we are keen on new and deleted addresses and
4867 * if an interface goes up and down or routing
4868 * changes
4869 */
4870 DPRINTF(3, ("routing message op = %d: scheduling interface update\n",
4871 msg_type));
4872 endpt_scan_timer = UPDATE_GRACE + current_time;
4873 break;
4874 #ifdef HAVE_RTNETLINK
4875 case NLMSG_DONE:
4876 /* end of multipart message */
4877 return;
4878 #endif
4879 default:
4880 /*
4881 * the rest doesn't bother us.
4882 */
4883 DPRINTF(4, ("routing message op = %d: ignored\n",
4884 msg_type));
4885 break;
4886 }
4887 }
4888 }
4889
4890 /*
4891 * set up routing notifications
4892 */
4893 static void
4894 init_async_notifications(void)
4895 {
4896 struct asyncio_reader *reader;
4897 #ifdef HAVE_RTNETLINK
4898 int fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
4899 struct sockaddr_nl sa;
4900 #else
4901 int fd = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC);
4902 #endif
4903 if (fd < 0) {
4904 msyslog(LOG_ERR,
4905 "unable to open routing socket (%m) - using polled interface update");
4906 return;
4907 }
4908
4909 fd = move_fd(fd);
4910 #ifdef HAVE_RTNETLINK
4911 ZERO(sa);
4912 sa.nl_family = PF_NETLINK;
4913 sa.nl_groups = RTMGRP_LINK | RTMGRP_IPV4_IFADDR
4914 | RTMGRP_IPV6_IFADDR | RTMGRP_IPV4_ROUTE
4915 | RTMGRP_IPV4_MROUTE | RTMGRP_IPV6_ROUTE
4916 | RTMGRP_IPV6_MROUTE;
4917 if (bind(fd, (struct sockaddr *)&sa, sizeof(sa)) < 0) {
4918 msyslog(LOG_ERR,
4919 "bind failed on routing socket (%m) - using polled interface update");
4920 return;
4921 }
4922 #endif
4923 make_socket_nonblocking(fd);
4924 #if defined(HAVE_SIGNALED_IO)
4925 init_socket_sig(fd);
4926 #endif /* HAVE_SIGNALED_IO */
4927
4928 reader = new_asyncio_reader();
4929
4930 reader->fd = fd;
4931 reader->receiver = process_routing_msgs;
4932
4933 add_asyncio_reader(reader, FD_TYPE_SOCKET);
4934 msyslog(LOG_INFO,
4935 "Listening on routing socket on fd #%d for interface updates",
4936 fd);
4937 }
4938 #else
4939 /* HAS_ROUTING_SOCKET not defined */
4940 static void
4941 init_async_notifications(void)
4942 {
4943 }
4944 #endif
4945