1 /* 2 * ntp_io.c - input/output routines for ntpd. The socket-opening code 3 * was shamelessly stolen from ntpd. 4 */ 5 6 #ifdef HAVE_CONFIG_H 7 # include <config.h> 8 #endif 9 10 #include <stdio.h> 11 #include <signal.h> 12 #ifdef HAVE_FNMATCH_H 13 # include <fnmatch.h> 14 # if !defined(FNM_CASEFOLD) && defined(FNM_IGNORECASE) 15 # define FNM_CASEFOLD FNM_IGNORECASE 16 # endif 17 #endif 18 #ifdef HAVE_SYS_PARAM_H 19 # include <sys/param.h> 20 #endif 21 #ifdef HAVE_SYS_IOCTL_H 22 # include <sys/ioctl.h> 23 #endif 24 #ifdef HAVE_SYS_SOCKIO_H /* UXPV: SIOC* #defines (Frank Vance <fvance@waii.com>) */ 25 # include <sys/sockio.h> 26 #endif 27 #ifdef HAVE_SYS_UIO_H 28 # include <sys/uio.h> 29 #endif 30 31 #include "ntp_machine.h" 32 #include "ntpd.h" 33 #include "ntp_io.h" 34 #include "iosignal.h" 35 #include "ntp_lists.h" 36 #include "ntp_refclock.h" 37 #include "ntp_stdlib.h" 38 #include "ntp_worker.h" 39 #include "ntp_request.h" 40 #include "ntp_assert.h" 41 #include "timevalops.h" 42 #include "timespecops.h" 43 #include "ntpd-opts.h" 44 #include "safecast.h" 45 46 /* Don't include ISC's version of IPv6 variables and structures */ 47 #define ISC_IPV6_H 1 48 #include <isc/mem.h> 49 #include <isc/interfaceiter.h> 50 #include <isc/netaddr.h> 51 #include <isc/result.h> 52 #include <isc/sockaddr.h> 53 54 #ifdef SIM 55 #include "ntpsim.h" 56 #endif 57 58 #ifdef HAS_ROUTING_SOCKET 59 # include <net/route.h> 60 # ifdef HAVE_RTNETLINK 61 # include <linux/rtnetlink.h> 62 # endif 63 #endif 64 65 /* 66 * setsockopt does not always have the same arg declaration 67 * across all platforms. If it's not defined we make it empty 68 */ 69 70 #ifndef SETSOCKOPT_ARG_CAST 71 #define SETSOCKOPT_ARG_CAST 72 #endif 73 74 extern int listen_to_virtual_ips; 75 76 #ifndef IPTOS_DSCP_EF 77 #define IPTOS_DSCP_EF 0xb8 78 #endif 79 int qos = IPTOS_DSCP_EF; /* QoS RFC3246 */ 80 81 #ifdef LEAP_SMEAR 82 /* TODO burnicki: This should be moved to ntp_timer.c, but if we do so 83 * we get a linker error. Since we're running out of time before the leap 84 * second occurs, we let it here where it just works. 85 */ 86 int leap_smear_intv; 87 #endif 88 89 /* 90 * NIC rule entry 91 */ 92 typedef struct nic_rule_tag nic_rule; 93 94 struct nic_rule_tag { 95 nic_rule * next; 96 nic_rule_action action; 97 nic_rule_match match_type; 98 char * if_name; 99 sockaddr_u addr; 100 int prefixlen; 101 }; 102 103 /* 104 * NIC rule listhead. Entries are added at the head so that the first 105 * match in the list is the last matching rule specified. 106 */ 107 nic_rule *nic_rule_list; 108 109 110 #if defined(SO_BINTIME) && defined(SCM_BINTIME) && defined(CMSG_FIRSTHDR) 111 # define HAVE_PACKET_TIMESTAMP 112 # define HAVE_BINTIME 113 # ifdef BINTIME_CTLMSGBUF_SIZE 114 # define CMSG_BUFSIZE BINTIME_CTLMSGBUF_SIZE 115 # else 116 # define CMSG_BUFSIZE 1536 /* moderate default */ 117 # endif 118 #elif defined(SO_TIMESTAMPNS) && defined(SCM_TIMESTAMPNS) && defined(CMSG_FIRSTHDR) 119 # define HAVE_PACKET_TIMESTAMP 120 # define HAVE_TIMESTAMPNS 121 # ifdef TIMESTAMPNS_CTLMSGBUF_SIZE 122 # define CMSG_BUFSIZE TIMESTAMPNS_CTLMSGBUF_SIZE 123 # else 124 # define CMSG_BUFSIZE 1536 /* moderate default */ 125 # endif 126 #elif defined(SO_TIMESTAMP) && defined(SCM_TIMESTAMP) && defined(CMSG_FIRSTHDR) 127 # define HAVE_PACKET_TIMESTAMP 128 # define HAVE_TIMESTAMP 129 # ifdef TIMESTAMP_CTLMSGBUF_SIZE 130 # define CMSG_BUFSIZE TIMESTAMP_CTLMSGBUF_SIZE 131 # else 132 # define CMSG_BUFSIZE 1536 /* moderate default */ 133 # endif 134 #else 135 /* fill in for old/other timestamp interfaces */ 136 #endif 137 138 #if defined(SYS_WINNT) 139 #include "win32_io.h" 140 #include <isc/win32os.h> 141 #endif 142 143 /* 144 * We do asynchronous input using the SIGIO facility. A number of 145 * recvbuf buffers are preallocated for input. In the signal 146 * handler we poll to see which sockets are ready and read the 147 * packets from them into the recvbuf's along with a time stamp and 148 * an indication of the source host and the interface it was received 149 * through. This allows us to get as accurate receive time stamps 150 * as possible independent of other processing going on. 151 * 152 * We watch the number of recvbufs available to the signal handler 153 * and allocate more when this number drops below the low water 154 * mark. If the signal handler should run out of buffers in the 155 * interim it will drop incoming frames, the idea being that it is 156 * better to drop a packet than to be inaccurate. 157 */ 158 159 160 /* 161 * Other statistics of possible interest 162 */ 163 volatile u_long packets_dropped; /* total number of packets dropped on reception */ 164 volatile u_long packets_ignored; /* packets received on wild card interface */ 165 volatile u_long packets_received; /* total number of packets received */ 166 u_long packets_sent; /* total number of packets sent */ 167 u_long packets_notsent; /* total number of packets which couldn't be sent */ 168 169 volatile u_long handler_calls; /* number of calls to interrupt handler */ 170 volatile u_long handler_pkts; /* number of pkts received by handler */ 171 u_long io_timereset; /* time counters were reset */ 172 173 /* 174 * Interface stuff 175 */ 176 endpt * any_interface; /* wildcard ipv4 interface */ 177 endpt * any6_interface; /* wildcard ipv6 interface */ 178 endpt * loopback_interface; /* loopback ipv4 interface */ 179 180 static isc_boolean_t broadcast_client_enabled; /* is broadcast client enabled */ 181 u_int sys_ifnum; /* next .ifnum to assign */ 182 int ninterfaces; /* Total number of interfaces */ 183 184 int disable_dynamic_updates; /* scan interfaces once only */ 185 186 #ifdef REFCLOCK 187 /* 188 * Refclock stuff. We keep a chain of structures with data concerning 189 * the guys we are doing I/O for. 190 */ 191 static struct refclockio *refio; 192 #endif /* REFCLOCK */ 193 194 /* 195 * File descriptor masks etc. for call to select 196 * Not needed for I/O Completion Ports or anything outside this file 197 */ 198 static fd_set activefds; 199 static int maxactivefd; 200 201 /* 202 * bit alternating value to detect verified interfaces during an update cycle 203 */ 204 static u_short sys_interphase = 0; 205 206 static endpt * new_interface(endpt *); 207 static void add_interface(endpt *); 208 static int update_interfaces(u_short, interface_receiver_t, 209 void *); 210 static void remove_interface(endpt *); 211 static endpt * create_interface(u_short, endpt *); 212 213 static int is_wildcard_addr (const sockaddr_u *); 214 215 /* 216 * Multicast functions 217 */ 218 static isc_boolean_t addr_ismulticast (sockaddr_u *); 219 static isc_boolean_t is_anycast (sockaddr_u *, 220 const char *); 221 222 /* 223 * Not all platforms support multicast 224 */ 225 #ifdef MCAST 226 static isc_boolean_t socket_multicast_enable (endpt *, sockaddr_u *); 227 static isc_boolean_t socket_multicast_disable(endpt *, sockaddr_u *); 228 #endif 229 230 #ifdef DEBUG 231 static void interface_dump (const endpt *); 232 static void sockaddr_dump (const sockaddr_u *); 233 static void print_interface (const endpt *, const char *, const char *); 234 #define DPRINT_INTERFACE(level, args) do { if (debug >= (level)) { print_interface args; } } while (0) 235 #else 236 #define DPRINT_INTERFACE(level, args) do {} while (0) 237 #endif 238 239 typedef struct vsock vsock_t; 240 enum desc_type { FD_TYPE_SOCKET, FD_TYPE_FILE }; 241 242 struct vsock { 243 vsock_t * link; 244 SOCKET fd; 245 enum desc_type type; 246 }; 247 248 vsock_t *fd_list; 249 250 #if !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) 251 /* 252 * async notification processing (e. g. routing sockets) 253 */ 254 /* 255 * support for receiving data on fd that is not a refclock or a socket 256 * like e. g. routing sockets 257 */ 258 struct asyncio_reader { 259 struct asyncio_reader *link; /* the list this is being kept in */ 260 SOCKET fd; /* fd to be read */ 261 void *data; /* possibly local data */ 262 void (*receiver)(struct asyncio_reader *); /* input handler */ 263 }; 264 265 struct asyncio_reader *asyncio_reader_list; 266 267 static void delete_asyncio_reader (struct asyncio_reader *); 268 static struct asyncio_reader *new_asyncio_reader (void); 269 static void add_asyncio_reader (struct asyncio_reader *, enum desc_type); 270 static void remove_asyncio_reader (struct asyncio_reader *); 271 272 #endif /* !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) */ 273 274 static void init_async_notifications (void); 275 276 static int addr_eqprefix (const sockaddr_u *, const sockaddr_u *, 277 int); 278 static int addr_samesubnet (const sockaddr_u *, const sockaddr_u *, 279 const sockaddr_u *, const sockaddr_u *); 280 static int create_sockets (u_short); 281 static SOCKET open_socket (sockaddr_u *, int, int, endpt *); 282 static void set_reuseaddr (int); 283 static isc_boolean_t socket_broadcast_enable (struct interface *, SOCKET, sockaddr_u *); 284 285 #if !defined(HAVE_IO_COMPLETION_PORT) && !defined(HAVE_SIGNALED_IO) 286 static char * fdbits (int, const fd_set *); 287 #endif 288 #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES 289 static isc_boolean_t socket_broadcast_disable (struct interface *, sockaddr_u *); 290 #endif 291 292 typedef struct remaddr remaddr_t; 293 294 struct remaddr { 295 remaddr_t * link; 296 sockaddr_u addr; 297 endpt * ep; 298 }; 299 300 remaddr_t * remoteaddr_list; 301 endpt * ep_list; /* complete endpt list */ 302 endpt * mc4_list; /* IPv4 mcast-capable unicast endpts */ 303 endpt * mc6_list; /* IPv6 mcast-capable unicast endpts */ 304 305 static endpt * wildipv4; 306 static endpt * wildipv6; 307 308 #ifdef SYS_WINNT 309 int accept_wildcard_if_for_winnt; 310 #else 311 const int accept_wildcard_if_for_winnt = FALSE; 312 #endif 313 314 static void add_fd_to_list (SOCKET, enum desc_type); 315 static endpt * find_addr_in_list (sockaddr_u *); 316 static endpt * find_flagged_addr_in_list(sockaddr_u *, u_int32); 317 static void delete_addr_from_list (sockaddr_u *); 318 static void delete_interface_from_list(endpt *); 319 static void close_and_delete_fd_from_list(SOCKET); 320 static void add_addr_to_list (sockaddr_u *, endpt *); 321 static void create_wildcards (u_short); 322 static endpt * findlocalinterface (sockaddr_u *, int, int); 323 static endpt * findclosestinterface (sockaddr_u *, int); 324 #ifdef DEBUG 325 static const char * action_text (nic_rule_action); 326 #endif 327 static nic_rule_action interface_action(char *, sockaddr_u *, u_int32); 328 static void convert_isc_if (isc_interface_t *, 329 endpt *, u_short); 330 static void calc_addr_distance(sockaddr_u *, 331 const sockaddr_u *, 332 const sockaddr_u *); 333 static int cmp_addr_distance(const sockaddr_u *, 334 const sockaddr_u *); 335 336 /* 337 * Routines to read the ntp packets 338 */ 339 #if !defined(HAVE_IO_COMPLETION_PORT) 340 static inline int read_network_packet (SOCKET, struct interface *, l_fp); 341 static void ntpd_addremove_io_fd (int, int, int); 342 static void input_handler_scan (const l_fp*, const fd_set*); 343 static int/*BOOL*/ sanitize_fdset (int errc); 344 #ifdef REFCLOCK 345 static inline int read_refclock_packet (SOCKET, struct refclockio *, l_fp); 346 #endif 347 #ifdef HAVE_SIGNALED_IO 348 static void input_handler (l_fp*); 349 #endif 350 #endif 351 352 353 #ifndef HAVE_IO_COMPLETION_PORT 354 void 355 maintain_activefds( 356 int fd, 357 int closing 358 ) 359 { 360 int i; 361 362 if (fd < 0 || fd >= FD_SETSIZE) { 363 msyslog(LOG_ERR, 364 "Too many sockets in use, FD_SETSIZE %d exceeded by fd %d", 365 FD_SETSIZE, fd); 366 exit(1); 367 } 368 369 if (!closing) { 370 FD_SET(fd, &activefds); 371 maxactivefd = max(fd, maxactivefd); 372 } else { 373 FD_CLR(fd, &activefds); 374 if (maxactivefd && fd == maxactivefd) { 375 for (i = maxactivefd - 1; i >= 0; i--) 376 if (FD_ISSET(i, &activefds)) { 377 maxactivefd = i; 378 break; 379 } 380 INSIST(fd != maxactivefd); 381 } 382 } 383 } 384 #endif /* !HAVE_IO_COMPLETION_PORT */ 385 386 387 #ifdef DEBUG_TIMING 388 /* 389 * collect timing information for various processing 390 * paths. currently we only pass them on to the file 391 * for later processing. this could also do histogram 392 * based analysis in other to reduce the load (and skew) 393 * dur to the file output 394 */ 395 void 396 collect_timing(struct recvbuf *rb, const char *tag, int count, l_fp *dts) 397 { 398 char buf[256]; 399 400 snprintf(buf, sizeof(buf), "%s %d %s %s", 401 (rb != NULL) 402 ? ((rb->dstadr != NULL) 403 ? stoa(&rb->recv_srcadr) 404 : "-REFCLOCK-") 405 : "-", 406 count, lfptoa(dts, 9), tag); 407 record_timing_stats(buf); 408 } 409 #endif 410 411 /* 412 * About dynamic interfaces, sockets, reception and more... 413 * 414 * the code solves following tasks: 415 * 416 * - keep a current list of active interfaces in order 417 * to bind to to the interface address on NTP_PORT so that 418 * all wild and specific bindings for NTP_PORT are taken by ntpd 419 * to avoid other daemons messing with the time or sockets. 420 * - all interfaces keep a list of peers that are referencing 421 * the interface in order to quickly re-assign the peers to 422 * new interface in case an interface is deleted (=> gone from system or 423 * down) 424 * - have a preconfigured socket ready with the right local address 425 * for transmission and reception 426 * - have an address list for all destination addresses used within ntpd 427 * to find the "right" preconfigured socket. 428 * - facilitate updating the internal interface list with respect to 429 * the current kernel state 430 * 431 * special issues: 432 * 433 * - mapping of multicast addresses to the interface affected is not always 434 * one to one - especially on hosts with multiple interfaces 435 * the code here currently allocates a separate interface entry for those 436 * multicast addresses 437 * iff it is able to bind to a *new* socket with the multicast address (flags |= MCASTIF) 438 * in case of failure the multicast address is bound to an existing interface. 439 * - on some systems it is perfectly legal to assign the same address to 440 * multiple interfaces. Therefore this code does not keep a list of interfaces 441 * but a list of interfaces that represent a unique address as determined by the kernel 442 * by the procedure in findlocalinterface. Thus it is perfectly legal to see only 443 * one representative of a group of real interfaces if they share the same address. 444 * 445 * Frank Kardel 20050910 446 */ 447 448 /* 449 * init_io - initialize I/O module. 450 */ 451 void 452 init_io(void) 453 { 454 /* Init buffer free list and stat counters */ 455 init_recvbuff(RECV_INIT); 456 /* update interface every 5 minutes as default */ 457 interface_interval = 300; 458 459 #ifdef WORK_PIPE 460 addremove_io_fd = &ntpd_addremove_io_fd; 461 #endif 462 463 #if defined(SYS_WINNT) 464 init_io_completion_port(); 465 #elif defined(HAVE_SIGNALED_IO) 466 (void) set_signal(input_handler); 467 #endif 468 } 469 470 471 static void 472 ntpd_addremove_io_fd( 473 int fd, 474 int is_pipe, 475 int remove_it 476 ) 477 { 478 UNUSED_ARG(is_pipe); 479 480 #ifdef HAVE_SIGNALED_IO 481 if (!remove_it) 482 init_socket_sig(fd); 483 #endif /* not HAVE_SIGNALED_IO */ 484 485 maintain_activefds(fd, remove_it); 486 } 487 488 489 /* 490 * io_open_sockets - call socket creation routine 491 */ 492 void 493 io_open_sockets(void) 494 { 495 static int already_opened; 496 497 if (already_opened || HAVE_OPT( SAVECONFIGQUIT )) 498 return; 499 500 already_opened = 1; 501 502 /* 503 * Create the sockets 504 */ 505 BLOCKIO(); 506 create_sockets(NTP_PORT); 507 UNBLOCKIO(); 508 509 init_async_notifications(); 510 511 DPRINTF(3, ("io_open_sockets: maxactivefd %d\n", maxactivefd)); 512 } 513 514 515 #ifdef DEBUG 516 /* 517 * function to dump the contents of the interface structure 518 * for debugging use only. 519 * We face a dilemma here -- sockets are FDs under POSIX and 520 * actually HANDLES under Windows. So we use '%lld' as format 521 * and cast the value to 'long long'; this should not hurt 522 * with UNIX-like systems and does not truncate values on Win64. 523 */ 524 void 525 interface_dump(const endpt *itf) 526 { 527 printf("Dumping interface: %p\n", itf); 528 printf("fd = %lld\n", (long long)itf->fd); 529 printf("bfd = %lld\n", (long long)itf->bfd); 530 printf("sin = %s,\n", stoa(&itf->sin)); 531 sockaddr_dump(&itf->sin); 532 printf("bcast = %s,\n", stoa(&itf->bcast)); 533 sockaddr_dump(&itf->bcast); 534 printf("mask = %s,\n", stoa(&itf->mask)); 535 sockaddr_dump(&itf->mask); 536 printf("name = %s\n", itf->name); 537 printf("flags = 0x%08x\n", itf->flags); 538 printf("last_ttl = %d\n", itf->last_ttl); 539 printf("addr_refid = %08x\n", itf->addr_refid); 540 printf("num_mcast = %d\n", itf->num_mcast); 541 printf("received = %ld\n", itf->received); 542 printf("sent = %ld\n", itf->sent); 543 printf("notsent = %ld\n", itf->notsent); 544 printf("ifindex = %u\n", itf->ifindex); 545 printf("peercnt = %u\n", itf->peercnt); 546 printf("phase = %u\n", itf->phase); 547 } 548 549 /* 550 * sockaddr_dump - hex dump the start of a sockaddr_u 551 */ 552 static void 553 sockaddr_dump(const sockaddr_u *psau) 554 { 555 /* Limit the size of the sockaddr_in6 hex dump */ 556 const int maxsize = min(32, sizeof(psau->sa6)); 557 const u_char * cp; 558 int i; 559 560 /* XXX: Should we limit maxsize based on psau->saX.sin_family? */ 561 cp = (const void *)&psau->sa6; 562 563 for(i = 0; i < maxsize; i++) { 564 printf("%02x", *cp++); 565 if (!((i + 1) % 4)) 566 printf(" "); 567 } 568 printf("\n"); 569 } 570 571 /* 572 * print_interface - helper to output debug information 573 */ 574 static void 575 print_interface(const endpt *iface, const char *pfx, const char *sfx) 576 { 577 printf("%sinterface #%d: fd=%lld, bfd=%lld, name=%s, flags=0x%x, ifindex=%u, sin=%s", 578 pfx, 579 iface->ifnum, 580 (long long)iface->fd, 581 (long long)iface->bfd, 582 iface->name, 583 iface->flags, 584 iface->ifindex, 585 stoa(&iface->sin)); 586 if (AF_INET == iface->family) { 587 if (iface->flags & INT_BROADCAST) 588 printf(", bcast=%s", stoa(&iface->bcast)); 589 printf(", mask=%s", stoa(&iface->mask)); 590 } 591 printf(", %s:%s", 592 (iface->ignore_packets) 593 ? "Disabled" 594 : "Enabled", 595 sfx); 596 if (debug > 4) /* in-depth debugging only */ 597 interface_dump(iface); 598 } 599 #endif 600 601 #if !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) 602 /* 603 * create an asyncio_reader structure 604 */ 605 static struct asyncio_reader * 606 new_asyncio_reader(void) 607 { 608 struct asyncio_reader *reader; 609 610 reader = emalloc_zero(sizeof(*reader)); 611 reader->fd = INVALID_SOCKET; 612 613 return reader; 614 } 615 616 /* 617 * delete a reader 618 */ 619 static void 620 delete_asyncio_reader( 621 struct asyncio_reader *reader 622 ) 623 { 624 free(reader); 625 } 626 627 /* 628 * add asynchio_reader 629 */ 630 static void 631 add_asyncio_reader( 632 struct asyncio_reader * reader, 633 enum desc_type type) 634 { 635 LINK_SLIST(asyncio_reader_list, reader, link); 636 add_fd_to_list(reader->fd, type); 637 } 638 639 /* 640 * remove asynchio_reader 641 */ 642 static void 643 remove_asyncio_reader( 644 struct asyncio_reader *reader 645 ) 646 { 647 struct asyncio_reader *unlinked; 648 649 UNLINK_SLIST(unlinked, asyncio_reader_list, reader, link, 650 struct asyncio_reader); 651 652 if (reader->fd != INVALID_SOCKET) 653 close_and_delete_fd_from_list(reader->fd); 654 655 reader->fd = INVALID_SOCKET; 656 } 657 #endif /* !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) */ 658 659 660 /* compare two sockaddr prefixes */ 661 static int 662 addr_eqprefix( 663 const sockaddr_u * a, 664 const sockaddr_u * b, 665 int prefixlen 666 ) 667 { 668 isc_netaddr_t isc_a; 669 isc_netaddr_t isc_b; 670 isc_sockaddr_t isc_sa; 671 672 ZERO(isc_sa); 673 memcpy(&isc_sa.type, a, min(sizeof(isc_sa.type), sizeof(*a))); 674 isc_netaddr_fromsockaddr(&isc_a, &isc_sa); 675 676 ZERO(isc_sa); 677 memcpy(&isc_sa.type, b, min(sizeof(isc_sa.type), sizeof(*b))); 678 isc_netaddr_fromsockaddr(&isc_b, &isc_sa); 679 680 return (int)isc_netaddr_eqprefix(&isc_a, &isc_b, 681 (u_int)prefixlen); 682 } 683 684 685 static int 686 addr_samesubnet( 687 const sockaddr_u * a, 688 const sockaddr_u * a_mask, 689 const sockaddr_u * b, 690 const sockaddr_u * b_mask 691 ) 692 { 693 const u_int32 * pa; 694 const u_int32 * pa_limit; 695 const u_int32 * pb; 696 const u_int32 * pm; 697 size_t loops; 698 699 REQUIRE(AF(a) == AF(a_mask)); 700 REQUIRE(AF(b) == AF(b_mask)); 701 /* 702 * With address and mask families verified to match, comparing 703 * the masks also validates the address's families match. 704 */ 705 if (!SOCK_EQ(a_mask, b_mask)) 706 return FALSE; 707 708 if (IS_IPV6(a)) { 709 loops = sizeof(NSRCADR6(a)) / sizeof(*pa); 710 pa = (const void *)&NSRCADR6(a); 711 pb = (const void *)&NSRCADR6(b); 712 pm = (const void *)&NSRCADR6(a_mask); 713 } else { 714 loops = sizeof(NSRCADR(a)) / sizeof(*pa); 715 pa = (const void *)&NSRCADR(a); 716 pb = (const void *)&NSRCADR(b); 717 pm = (const void *)&NSRCADR(a_mask); 718 } 719 for (pa_limit = pa + loops; pa < pa_limit; pa++, pb++, pm++) 720 if ((*pa & *pm) != (*pb & *pm)) 721 return FALSE; 722 723 return TRUE; 724 } 725 726 727 /* 728 * interface list enumerator - visitor pattern 729 */ 730 void 731 interface_enumerate( 732 interface_receiver_t receiver, 733 void * data 734 ) 735 { 736 interface_info_t ifi; 737 738 ifi.action = IFS_EXISTS; 739 for (ifi.ep = ep_list; ifi.ep != NULL; ifi.ep = ifi.ep->elink) 740 (*receiver)(data, &ifi); 741 } 742 743 /* 744 * do standard initialization of interface structure 745 */ 746 static void 747 init_interface( 748 endpt *ep 749 ) 750 { 751 ZERO(*ep); 752 ep->fd = INVALID_SOCKET; 753 ep->bfd = INVALID_SOCKET; 754 ep->phase = sys_interphase; 755 } 756 757 758 /* 759 * create new interface structure initialize from 760 * template structure or via standard initialization 761 * function 762 */ 763 static struct interface * 764 new_interface( 765 struct interface *interface 766 ) 767 { 768 struct interface * iface; 769 770 iface = emalloc(sizeof(*iface)); 771 772 if (NULL == interface) 773 init_interface(iface); 774 else /* use the template */ 775 memcpy(iface, interface, sizeof(*iface)); 776 777 /* count every new instance of an interface in the system */ 778 iface->ifnum = sys_ifnum++; 779 iface->starttime = current_time; 780 781 # ifdef HAVE_IO_COMPLETION_PORT 782 if (!io_completion_port_add_interface(iface)) { 783 msyslog(LOG_EMERG, "cannot register interface with IO engine -- will exit now"); 784 exit(1); 785 } 786 # endif 787 return iface; 788 } 789 790 791 /* 792 * return interface storage into free memory pool 793 */ 794 static void 795 delete_interface( 796 endpt *ep 797 ) 798 { 799 # ifdef HAVE_IO_COMPLETION_PORT 800 io_completion_port_remove_interface(ep); 801 # endif 802 free(ep); 803 } 804 805 806 /* 807 * link interface into list of known interfaces 808 */ 809 static void 810 add_interface( 811 endpt * ep 812 ) 813 { 814 endpt ** pmclisthead; 815 endpt * scan; 816 endpt * scan_next; 817 endpt * unlinked; 818 sockaddr_u * addr; 819 int ep_local; 820 int scan_local; 821 int same_subnet; 822 int ep_univ_iid; /* iface ID from MAC address */ 823 int scan_univ_iid; /* see RFC 4291 */ 824 int ep_privacy; /* random local iface ID */ 825 int scan_privacy; /* see RFC 4941 */ 826 int rc; 827 828 /* Calculate the refid */ 829 ep->addr_refid = addr2refid(&ep->sin); 830 /* link at tail so ntpdc -c ifstats index increases each row */ 831 LINK_TAIL_SLIST(ep_list, ep, elink, endpt); 832 ninterfaces++; 833 #ifdef MCAST 834 /* the rest is for enabled multicast-capable addresses only */ 835 if (ep->ignore_packets || !(INT_MULTICAST & ep->flags) || 836 INT_LOOPBACK & ep->flags) 837 return; 838 # ifndef INCLUDE_IPV6_MULTICAST_SUPPORT 839 if (AF_INET6 == ep->family) 840 return; 841 # endif 842 pmclisthead = (AF_INET == ep->family) 843 ? &mc4_list 844 : &mc6_list; 845 846 if (AF_INET6 == ep->family) { 847 ep_local = 848 IN6_IS_ADDR_LINKLOCAL(PSOCK_ADDR6(&ep->sin)) || 849 IN6_IS_ADDR_SITELOCAL(PSOCK_ADDR6(&ep->sin)); 850 ep_univ_iid = IS_IID_UNIV(&ep->sin); 851 ep_privacy = !!(INT_PRIVACY & ep->flags); 852 } else { 853 ep_local = FALSE; 854 ep_univ_iid = FALSE; 855 ep_privacy = FALSE; 856 } 857 DPRINTF(4, ("add_interface mcast-capable %s%s%s%s\n", 858 stoa(&ep->sin), 859 (ep_local) ? " link/scope-local" : "", 860 (ep_univ_iid) ? " univ-IID" : "", 861 (ep_privacy) ? " privacy" : "")); 862 /* 863 * If we have multiple local addresses on the same network 864 * interface, and some are link- or site-local, do not multicast 865 * out from the link-/site-local addresses by default, to avoid 866 * duplicate manycastclient associations between v6 peers using 867 * link-local and global addresses. link-local can still be 868 * chosen using "nic ignore myv6globalprefix::/64". 869 * Similarly, if we have multiple global addresses from the same 870 * prefix on the same network interface, multicast from one, 871 * preferring EUI-64, then static, then least RFC 4941 privacy 872 * addresses. 873 */ 874 for (scan = *pmclisthead; scan != NULL; scan = scan_next) { 875 scan_next = scan->mclink; 876 if (ep->family != scan->family) 877 continue; 878 if (strcmp(ep->name, scan->name)) 879 continue; 880 same_subnet = addr_samesubnet(&ep->sin, &ep->mask, 881 &scan->sin, &scan->mask); 882 if (AF_INET6 == ep->family) { 883 addr = &scan->sin; 884 scan_local = 885 IN6_IS_ADDR_LINKLOCAL(PSOCK_ADDR6(addr)) || 886 IN6_IS_ADDR_SITELOCAL(PSOCK_ADDR6(addr)); 887 scan_univ_iid = IS_IID_UNIV(addr); 888 scan_privacy = !!(INT_PRIVACY & scan->flags); 889 } else { 890 scan_local = FALSE; 891 scan_univ_iid = FALSE; 892 scan_privacy = FALSE; 893 } 894 DPRINTF(4, ("add_interface mcast-capable scan %s%s%s%s\n", 895 stoa(&scan->sin), 896 (scan_local) ? " link/scope-local" : "", 897 (scan_univ_iid) ? " univ-IID" : "", 898 (scan_privacy) ? " privacy" : "")); 899 if ((ep_local && !scan_local) || (same_subnet && 900 ((ep_privacy && !scan_privacy) || 901 (!ep_univ_iid && scan_univ_iid)))) { 902 DPRINTF(4, ("did not add %s to %s of IPv6 multicast-capable list which already has %s\n", 903 stoa(&ep->sin), 904 (ep_local) 905 ? "tail" 906 : "head", 907 stoa(&scan->sin))); 908 return; 909 } 910 if ((scan_local && !ep_local) || (same_subnet && 911 ((scan_privacy && !ep_privacy) || 912 (!scan_univ_iid && ep_univ_iid)))) { 913 UNLINK_SLIST(unlinked, *pmclisthead, 914 scan, mclink, endpt); 915 DPRINTF(4, ("%s %s from IPv6 multicast-capable list to add %s\n", 916 (unlinked != scan) 917 ? "Failed to remove" 918 : "removed", 919 stoa(&scan->sin), stoa(&ep->sin))); 920 } 921 } 922 /* 923 * Add link/site local at the tail of the multicast- 924 * capable unicast interfaces list, so that ntpd will 925 * send from global addresses before link-/site-local 926 * ones. 927 */ 928 if (ep_local) 929 LINK_TAIL_SLIST(*pmclisthead, ep, mclink, endpt); 930 else 931 LINK_SLIST(*pmclisthead, ep, mclink); 932 DPRINTF(4, ("added %s to %s of IPv%s multicast-capable unicast local address list\n", 933 stoa(&ep->sin), 934 (ep_local) 935 ? "tail" 936 : "head", 937 (AF_INET == ep->family) 938 ? "4" 939 : "6")); 940 941 if (INVALID_SOCKET == ep->fd) 942 return; 943 944 /* 945 * select the local address from which to send to multicast. 946 */ 947 switch (AF(&ep->sin)) { 948 949 case AF_INET : 950 rc = setsockopt(ep->fd, IPPROTO_IP, 951 IP_MULTICAST_IF, 952 (void *)&NSRCADR(&ep->sin), 953 sizeof(NSRCADR(&ep->sin))); 954 if (rc) 955 msyslog(LOG_ERR, 956 "setsockopt IP_MULTICAST_IF %s fails: %m", 957 stoa(&ep->sin)); 958 break; 959 960 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 961 case AF_INET6 : 962 rc = setsockopt(ep->fd, IPPROTO_IPV6, 963 IPV6_MULTICAST_IF, 964 (void *)&ep->ifindex, 965 sizeof(ep->ifindex)); 966 /* do not complain if bound addr scope is ifindex */ 967 if (rc && ep->ifindex != SCOPE(&ep->sin)) 968 msyslog(LOG_ERR, 969 "setsockopt IPV6_MULTICAST_IF %u for %s fails: %m", 970 ep->ifindex, stoa(&ep->sin)); 971 break; 972 # endif 973 } 974 #endif /* MCAST */ 975 } 976 977 978 /* 979 * remove interface from known interface list and clean up 980 * associated resources 981 */ 982 static void 983 remove_interface( 984 endpt * ep 985 ) 986 { 987 endpt * unlinked; 988 endpt ** pmclisthead; 989 sockaddr_u resmask; 990 991 UNLINK_SLIST(unlinked, ep_list, ep, elink, endpt); 992 if (!ep->ignore_packets && INT_MULTICAST & ep->flags) { 993 pmclisthead = (AF_INET == ep->family) 994 ? &mc4_list 995 : &mc6_list; 996 UNLINK_SLIST(unlinked, *pmclisthead, ep, mclink, endpt); 997 DPRINTF(4, ("%s %s IPv%s multicast-capable unicast local address list\n", 998 stoa(&ep->sin), 999 (unlinked != NULL) 1000 ? "removed from" 1001 : "not found on", 1002 (AF_INET == ep->family) 1003 ? "4" 1004 : "6")); 1005 } 1006 delete_interface_from_list(ep); 1007 1008 if (ep->fd != INVALID_SOCKET) { 1009 msyslog(LOG_INFO, 1010 "Deleting interface #%d %s, %s#%d, interface stats: received=%ld, sent=%ld, dropped=%ld, active_time=%ld secs", 1011 ep->ifnum, 1012 ep->name, 1013 stoa(&ep->sin), 1014 SRCPORT(&ep->sin), 1015 ep->received, 1016 ep->sent, 1017 ep->notsent, 1018 current_time - ep->starttime); 1019 # ifdef HAVE_IO_COMPLETION_PORT 1020 io_completion_port_remove_socket(ep->fd, ep); 1021 # endif 1022 close_and_delete_fd_from_list(ep->fd); 1023 ep->fd = INVALID_SOCKET; 1024 } 1025 1026 if (ep->bfd != INVALID_SOCKET) { 1027 msyslog(LOG_INFO, 1028 "stop listening for broadcasts to %s on interface #%d %s", 1029 stoa(&ep->bcast), ep->ifnum, ep->name); 1030 # ifdef HAVE_IO_COMPLETION_PORT 1031 io_completion_port_remove_socket(ep->bfd, ep); 1032 # endif 1033 close_and_delete_fd_from_list(ep->bfd); 1034 ep->bfd = INVALID_SOCKET; 1035 } 1036 # ifdef HAVE_IO_COMPLETION_PORT 1037 io_completion_port_remove_interface(ep); 1038 # endif 1039 1040 ninterfaces--; 1041 mon_clearinterface(ep); 1042 1043 /* remove restrict interface entry */ 1044 SET_HOSTMASK(&resmask, AF(&ep->sin)); 1045 hack_restrict(RESTRICT_REMOVEIF, &ep->sin, &resmask, 1046 -3, RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0); 1047 } 1048 1049 1050 static void 1051 log_listen_address( 1052 endpt * ep 1053 ) 1054 { 1055 msyslog(LOG_INFO, "%s on %d %s %s", 1056 (ep->ignore_packets) 1057 ? "Listen and drop" 1058 : "Listen normally", 1059 ep->ifnum, 1060 ep->name, 1061 sptoa(&ep->sin)); 1062 } 1063 1064 1065 static void 1066 create_wildcards( 1067 u_short port 1068 ) 1069 { 1070 int v4wild; 1071 #ifdef INCLUDE_IPV6_SUPPORT 1072 int v6wild; 1073 #endif 1074 sockaddr_u wildaddr; 1075 nic_rule_action action; 1076 struct interface * wildif; 1077 1078 /* 1079 * silence "potentially uninitialized" warnings from VC9 1080 * failing to follow the logic. Ideally action could remain 1081 * uninitialized, and the memset be the first statement under 1082 * the first if (v4wild). 1083 */ 1084 action = ACTION_LISTEN; 1085 ZERO(wildaddr); 1086 1087 #ifdef INCLUDE_IPV6_SUPPORT 1088 /* 1089 * create pseudo-interface with wildcard IPv6 address 1090 */ 1091 v6wild = ipv6_works; 1092 if (v6wild) { 1093 /* set wildaddr to the v6 wildcard address :: */ 1094 ZERO(wildaddr); 1095 AF(&wildaddr) = AF_INET6; 1096 SET_ADDR6N(&wildaddr, in6addr_any); 1097 SET_PORT(&wildaddr, port); 1098 SET_SCOPE(&wildaddr, 0); 1099 1100 /* check for interface/nic rules affecting the wildcard */ 1101 action = interface_action(NULL, &wildaddr, 0); 1102 v6wild = (ACTION_IGNORE != action); 1103 } 1104 if (v6wild) { 1105 wildif = new_interface(NULL); 1106 1107 strlcpy(wildif->name, "v6wildcard", sizeof(wildif->name)); 1108 memcpy(&wildif->sin, &wildaddr, sizeof(wildif->sin)); 1109 wildif->family = AF_INET6; 1110 AF(&wildif->mask) = AF_INET6; 1111 SET_ONESMASK(&wildif->mask); 1112 1113 wildif->flags = INT_UP | INT_WILDCARD; 1114 wildif->ignore_packets = (ACTION_DROP == action); 1115 1116 wildif->fd = open_socket(&wildif->sin, 0, 1, wildif); 1117 1118 if (wildif->fd != INVALID_SOCKET) { 1119 wildipv6 = wildif; 1120 any6_interface = wildif; 1121 add_addr_to_list(&wildif->sin, wildif); 1122 add_interface(wildif); 1123 log_listen_address(wildif); 1124 } else { 1125 msyslog(LOG_ERR, 1126 "unable to bind to wildcard address %s - another process may be running - EXITING", 1127 stoa(&wildif->sin)); 1128 exit(1); 1129 } 1130 DPRINT_INTERFACE(2, (wildif, "created ", "\n")); 1131 } 1132 #endif 1133 1134 /* 1135 * create pseudo-interface with wildcard IPv4 address 1136 */ 1137 v4wild = ipv4_works; 1138 if (v4wild) { 1139 /* set wildaddr to the v4 wildcard address 0.0.0.0 */ 1140 AF(&wildaddr) = AF_INET; 1141 SET_ADDR4N(&wildaddr, INADDR_ANY); 1142 SET_PORT(&wildaddr, port); 1143 1144 /* check for interface/nic rules affecting the wildcard */ 1145 action = interface_action(NULL, &wildaddr, 0); 1146 v4wild = (ACTION_IGNORE != action); 1147 } 1148 if (v4wild) { 1149 wildif = new_interface(NULL); 1150 1151 strlcpy(wildif->name, "v4wildcard", sizeof(wildif->name)); 1152 memcpy(&wildif->sin, &wildaddr, sizeof(wildif->sin)); 1153 wildif->family = AF_INET; 1154 AF(&wildif->mask) = AF_INET; 1155 SET_ONESMASK(&wildif->mask); 1156 1157 wildif->flags = INT_BROADCAST | INT_UP | INT_WILDCARD; 1158 wildif->ignore_packets = (ACTION_DROP == action); 1159 #if defined(MCAST) 1160 /* 1161 * enable multicast reception on the broadcast socket 1162 */ 1163 AF(&wildif->bcast) = AF_INET; 1164 SET_ADDR4N(&wildif->bcast, INADDR_ANY); 1165 SET_PORT(&wildif->bcast, port); 1166 #endif /* MCAST */ 1167 wildif->fd = open_socket(&wildif->sin, 0, 1, wildif); 1168 1169 if (wildif->fd != INVALID_SOCKET) { 1170 wildipv4 = wildif; 1171 any_interface = wildif; 1172 1173 add_addr_to_list(&wildif->sin, wildif); 1174 add_interface(wildif); 1175 log_listen_address(wildif); 1176 } else { 1177 msyslog(LOG_ERR, 1178 "unable to bind to wildcard address %s - another process may be running - EXITING", 1179 stoa(&wildif->sin)); 1180 exit(1); 1181 } 1182 DPRINT_INTERFACE(2, (wildif, "created ", "\n")); 1183 } 1184 } 1185 1186 1187 /* 1188 * add_nic_rule() -- insert a rule entry at the head of nic_rule_list. 1189 */ 1190 void 1191 add_nic_rule( 1192 nic_rule_match match_type, 1193 const char * if_name, /* interface name or numeric address */ 1194 int prefixlen, 1195 nic_rule_action action 1196 ) 1197 { 1198 nic_rule * rule; 1199 isc_boolean_t is_ip; 1200 1201 rule = emalloc_zero(sizeof(*rule)); 1202 rule->match_type = match_type; 1203 rule->prefixlen = prefixlen; 1204 rule->action = action; 1205 1206 if (MATCH_IFNAME == match_type) { 1207 REQUIRE(NULL != if_name); 1208 rule->if_name = estrdup(if_name); 1209 } else if (MATCH_IFADDR == match_type) { 1210 REQUIRE(NULL != if_name); 1211 /* set rule->addr */ 1212 is_ip = is_ip_address(if_name, AF_UNSPEC, &rule->addr); 1213 REQUIRE(is_ip); 1214 } else 1215 REQUIRE(NULL == if_name); 1216 1217 LINK_SLIST(nic_rule_list, rule, next); 1218 } 1219 1220 1221 #ifdef DEBUG 1222 static const char * 1223 action_text( 1224 nic_rule_action action 1225 ) 1226 { 1227 const char *t; 1228 1229 switch (action) { 1230 1231 default: 1232 t = "ERROR"; /* quiet uninit warning */ 1233 DPRINTF(1, ("fatal: unknown nic_rule_action %d\n", 1234 action)); 1235 ENSURE(0); 1236 break; 1237 1238 case ACTION_LISTEN: 1239 t = "listen"; 1240 break; 1241 1242 case ACTION_IGNORE: 1243 t = "ignore"; 1244 break; 1245 1246 case ACTION_DROP: 1247 t = "drop"; 1248 break; 1249 } 1250 1251 return t; 1252 } 1253 #endif /* DEBUG */ 1254 1255 1256 static nic_rule_action 1257 interface_action( 1258 char * if_name, 1259 sockaddr_u * if_addr, 1260 u_int32 if_flags 1261 ) 1262 { 1263 nic_rule * rule; 1264 int isloopback; 1265 int iswildcard; 1266 1267 DPRINTF(4, ("interface_action: interface %s ", 1268 (if_name != NULL) ? if_name : "wildcard")); 1269 1270 iswildcard = is_wildcard_addr(if_addr); 1271 isloopback = !!(INT_LOOPBACK & if_flags); 1272 1273 /* 1274 * Find any matching NIC rule from --interface / -I or ntp.conf 1275 * interface/nic rules. 1276 */ 1277 for (rule = nic_rule_list; rule != NULL; rule = rule->next) { 1278 1279 switch (rule->match_type) { 1280 1281 case MATCH_ALL: 1282 /* loopback and wildcard excluded from "all" */ 1283 if (isloopback || iswildcard) 1284 break; 1285 DPRINTF(4, ("nic all %s\n", 1286 action_text(rule->action))); 1287 return rule->action; 1288 1289 case MATCH_IPV4: 1290 if (IS_IPV4(if_addr)) { 1291 DPRINTF(4, ("nic ipv4 %s\n", 1292 action_text(rule->action))); 1293 return rule->action; 1294 } 1295 break; 1296 1297 case MATCH_IPV6: 1298 if (IS_IPV6(if_addr)) { 1299 DPRINTF(4, ("nic ipv6 %s\n", 1300 action_text(rule->action))); 1301 return rule->action; 1302 } 1303 break; 1304 1305 case MATCH_WILDCARD: 1306 if (iswildcard) { 1307 DPRINTF(4, ("nic wildcard %s\n", 1308 action_text(rule->action))); 1309 return rule->action; 1310 } 1311 break; 1312 1313 case MATCH_IFADDR: 1314 if (rule->prefixlen != -1) { 1315 if (addr_eqprefix(if_addr, &rule->addr, 1316 rule->prefixlen)) { 1317 1318 DPRINTF(4, ("subnet address match - %s\n", 1319 action_text(rule->action))); 1320 return rule->action; 1321 } 1322 } else 1323 if (SOCK_EQ(if_addr, &rule->addr)) { 1324 1325 DPRINTF(4, ("address match - %s\n", 1326 action_text(rule->action))); 1327 return rule->action; 1328 } 1329 break; 1330 1331 case MATCH_IFNAME: 1332 if (if_name != NULL 1333 #if defined(HAVE_FNMATCH) && defined(FNM_CASEFOLD) 1334 && !fnmatch(rule->if_name, if_name, FNM_CASEFOLD) 1335 #else 1336 && !strcasecmp(if_name, rule->if_name) 1337 #endif 1338 ) { 1339 1340 DPRINTF(4, ("interface name match - %s\n", 1341 action_text(rule->action))); 1342 return rule->action; 1343 } 1344 break; 1345 } 1346 } 1347 1348 /* 1349 * Unless explicitly disabled such as with "nic ignore ::1" 1350 * listen on loopback addresses. Since ntpq and ntpdc query 1351 * "localhost" by default, which typically resolves to ::1 and 1352 * 127.0.0.1, it's useful to default to listening on both. 1353 */ 1354 if (isloopback) { 1355 DPRINTF(4, ("default loopback listen\n")); 1356 return ACTION_LISTEN; 1357 } 1358 1359 /* 1360 * Treat wildcard addresses specially. If there is no explicit 1361 * "nic ... wildcard" or "nic ... 0.0.0.0" or "nic ... ::" rule 1362 * default to drop. 1363 */ 1364 if (iswildcard) { 1365 DPRINTF(4, ("default wildcard drop\n")); 1366 return ACTION_DROP; 1367 } 1368 1369 /* 1370 * Check for "virtual IP" (colon in the interface name) after 1371 * the rules so that "ntpd --interface eth0:1 -novirtualips" 1372 * does indeed listen on eth0:1's addresses. 1373 */ 1374 if (!listen_to_virtual_ips && if_name != NULL 1375 && (strchr(if_name, ':') != NULL)) { 1376 1377 DPRINTF(4, ("virtual ip - ignore\n")); 1378 return ACTION_IGNORE; 1379 } 1380 1381 /* 1382 * If there are no --interface/-I command-line options and no 1383 * interface/nic rules in ntp.conf, the default action is to 1384 * listen. In the presence of rules from either, the default 1385 * is to ignore. This implements ntpd's traditional listen- 1386 * every default with no interface listen configuration, and 1387 * ensures a single -I eth0 or "nic listen eth0" means do not 1388 * listen on any other addresses. 1389 */ 1390 if (NULL == nic_rule_list) { 1391 DPRINTF(4, ("default listen\n")); 1392 return ACTION_LISTEN; 1393 } 1394 1395 DPRINTF(4, ("implicit ignore\n")); 1396 return ACTION_IGNORE; 1397 } 1398 1399 1400 static void 1401 convert_isc_if( 1402 isc_interface_t *isc_if, 1403 endpt *itf, 1404 u_short port 1405 ) 1406 { 1407 const u_char v6loop[16] = {0, 0, 0, 0, 0, 0, 0, 0, 1408 0, 0, 0, 0, 0, 0, 0, 1}; 1409 1410 strlcpy(itf->name, isc_if->name, sizeof(itf->name)); 1411 itf->ifindex = isc_if->ifindex; 1412 itf->family = (u_short)isc_if->af; 1413 AF(&itf->sin) = itf->family; 1414 AF(&itf->mask) = itf->family; 1415 AF(&itf->bcast) = itf->family; 1416 SET_PORT(&itf->sin, port); 1417 SET_PORT(&itf->mask, port); 1418 SET_PORT(&itf->bcast, port); 1419 1420 if (IS_IPV4(&itf->sin)) { 1421 NSRCADR(&itf->sin) = isc_if->address.type.in.s_addr; 1422 NSRCADR(&itf->mask) = isc_if->netmask.type.in.s_addr; 1423 1424 if (isc_if->flags & INTERFACE_F_BROADCAST) { 1425 itf->flags |= INT_BROADCAST; 1426 NSRCADR(&itf->bcast) = 1427 isc_if->broadcast.type.in.s_addr; 1428 } 1429 } 1430 #ifdef INCLUDE_IPV6_SUPPORT 1431 else if (IS_IPV6(&itf->sin)) { 1432 SET_ADDR6N(&itf->sin, isc_if->address.type.in6); 1433 SET_ADDR6N(&itf->mask, isc_if->netmask.type.in6); 1434 1435 SET_SCOPE(&itf->sin, isc_if->address.zone); 1436 } 1437 #endif /* INCLUDE_IPV6_SUPPORT */ 1438 1439 1440 /* Process the rest of the flags */ 1441 1442 itf->flags |= 1443 ((INTERFACE_F_UP & isc_if->flags) 1444 ? INT_UP : 0) 1445 | ((INTERFACE_F_LOOPBACK & isc_if->flags) 1446 ? INT_LOOPBACK : 0) 1447 | ((INTERFACE_F_POINTTOPOINT & isc_if->flags) 1448 ? INT_PPP : 0) 1449 | ((INTERFACE_F_MULTICAST & isc_if->flags) 1450 ? INT_MULTICAST : 0) 1451 | ((INTERFACE_F_PRIVACY & isc_if->flags) 1452 ? INT_PRIVACY : 0) 1453 ; 1454 1455 /* 1456 * Clear the loopback flag if the address is not localhost. 1457 * http://bugs.ntp.org/1683 1458 */ 1459 if (INT_LOOPBACK & itf->flags) { 1460 if (AF_INET == itf->family) { 1461 if (127 != (SRCADR(&itf->sin) >> 24)) 1462 itf->flags &= ~INT_LOOPBACK; 1463 } else { 1464 if (memcmp(v6loop, NSRCADR6(&itf->sin), 1465 sizeof(NSRCADR6(&itf->sin)))) 1466 itf->flags &= ~INT_LOOPBACK; 1467 } 1468 } 1469 } 1470 1471 1472 /* 1473 * refresh_interface 1474 * 1475 * some OSes have been observed to keep 1476 * cached routes even when more specific routes 1477 * become available. 1478 * this can be mitigated by re-binding 1479 * the socket. 1480 */ 1481 static int 1482 refresh_interface( 1483 struct interface * interface 1484 ) 1485 { 1486 #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES 1487 if (interface->fd != INVALID_SOCKET) { 1488 int bcast = (interface->flags & INT_BCASTXMIT) != 0; 1489 /* as we forcibly close() the socket remove the 1490 broadcast permission indication */ 1491 if (bcast) 1492 socket_broadcast_disable(interface, &interface->sin); 1493 1494 close_and_delete_fd_from_list(interface->fd); 1495 1496 /* create new socket picking up a new first hop binding 1497 at connect() time */ 1498 interface->fd = open_socket(&interface->sin, 1499 bcast, 0, interface); 1500 /* 1501 * reset TTL indication so TTL is is set again 1502 * next time around 1503 */ 1504 interface->last_ttl = 0; 1505 return (interface->fd != INVALID_SOCKET); 1506 } else 1507 return 0; /* invalid sockets are not refreshable */ 1508 #else /* !OS_MISSES_SPECIFIC_ROUTE_UPDATES */ 1509 return (interface->fd != INVALID_SOCKET); 1510 #endif /* !OS_MISSES_SPECIFIC_ROUTE_UPDATES */ 1511 } 1512 1513 /* 1514 * interface_update - externally callable update function 1515 */ 1516 void 1517 interface_update( 1518 interface_receiver_t receiver, 1519 void * data) 1520 { 1521 int new_interface_found; 1522 1523 if (disable_dynamic_updates) 1524 return; 1525 1526 BLOCKIO(); 1527 new_interface_found = update_interfaces(NTP_PORT, receiver, data); 1528 UNBLOCKIO(); 1529 1530 if (!new_interface_found) 1531 return; 1532 1533 #ifdef DEBUG 1534 msyslog(LOG_DEBUG, "new interface(s) found: waking up resolver"); 1535 #endif 1536 interrupt_worker_sleep(); 1537 } 1538 1539 1540 /* 1541 * sau_from_netaddr() - convert network address on-wire formats. 1542 * Convert from libisc's isc_netaddr_t to NTP's sockaddr_u 1543 */ 1544 void 1545 sau_from_netaddr( 1546 sockaddr_u *psau, 1547 const isc_netaddr_t *pna 1548 ) 1549 { 1550 ZERO_SOCK(psau); 1551 AF(psau) = (u_short)pna->family; 1552 switch (pna->family) { 1553 1554 case AF_INET: 1555 memcpy(&psau->sa4.sin_addr, &pna->type.in, 1556 sizeof(psau->sa4.sin_addr)); 1557 break; 1558 1559 case AF_INET6: 1560 memcpy(&psau->sa6.sin6_addr, &pna->type.in6, 1561 sizeof(psau->sa6.sin6_addr)); 1562 break; 1563 } 1564 } 1565 1566 1567 static int 1568 is_wildcard_addr( 1569 const sockaddr_u *psau 1570 ) 1571 { 1572 if (IS_IPV4(psau) && !NSRCADR(psau)) 1573 return 1; 1574 1575 #ifdef INCLUDE_IPV6_SUPPORT 1576 if (IS_IPV6(psau) && S_ADDR6_EQ(psau, &in6addr_any)) 1577 return 1; 1578 #endif 1579 1580 return 0; 1581 } 1582 1583 1584 #ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND 1585 /* 1586 * enable/disable re-use of wildcard address socket 1587 */ 1588 static void 1589 set_wildcard_reuse( 1590 u_short family, 1591 int on 1592 ) 1593 { 1594 struct interface *any; 1595 SOCKET fd = INVALID_SOCKET; 1596 1597 any = ANY_INTERFACE_BYFAM(family); 1598 if (any != NULL) 1599 fd = any->fd; 1600 1601 if (fd != INVALID_SOCKET) { 1602 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, 1603 (void *)&on, sizeof(on))) 1604 msyslog(LOG_ERR, 1605 "set_wildcard_reuse: setsockopt(SO_REUSEADDR, %s) failed: %m", 1606 on ? "on" : "off"); 1607 1608 DPRINTF(4, ("set SO_REUSEADDR to %s on %s\n", 1609 on ? "on" : "off", 1610 stoa(&any->sin))); 1611 } 1612 } 1613 #endif /* OS_NEEDS_REUSEADDR_FOR_IFADDRBIND */ 1614 1615 static isc_boolean_t 1616 check_flags( 1617 sockaddr_u *psau, 1618 const char *name, 1619 u_int32 flags 1620 ) 1621 { 1622 #if defined(SIOCGIFAFLAG_IN) 1623 struct ifreq ifr; 1624 int fd; 1625 1626 if (psau->sa.sa_family != AF_INET) 1627 return ISC_FALSE; 1628 if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) 1629 return ISC_FALSE; 1630 ZERO(ifr); 1631 memcpy(&ifr.ifr_addr, &psau->sa, sizeof(ifr.ifr_addr)); 1632 strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); 1633 if (ioctl(fd, SIOCGIFAFLAG_IN, &ifr) < 0) { 1634 close(fd); 1635 return ISC_FALSE; 1636 } 1637 close(fd); 1638 if ((ifr.ifr_addrflags & flags) != 0) 1639 return ISC_TRUE; 1640 #endif /* SIOCGIFAFLAG_IN */ 1641 return ISC_FALSE; 1642 } 1643 1644 static isc_boolean_t 1645 check_flags6( 1646 sockaddr_u *psau, 1647 const char *name, 1648 u_int32 flags6 1649 ) 1650 { 1651 #if defined(INCLUDE_IPV6_SUPPORT) && defined(SIOCGIFAFLAG_IN6) 1652 struct in6_ifreq ifr6; 1653 int fd; 1654 1655 if (psau->sa.sa_family != AF_INET6) 1656 return ISC_FALSE; 1657 if ((fd = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) 1658 return ISC_FALSE; 1659 ZERO(ifr6); 1660 memcpy(&ifr6.ifr_addr, &psau->sa6, sizeof(ifr6.ifr_addr)); 1661 strlcpy(ifr6.ifr_name, name, sizeof(ifr6.ifr_name)); 1662 if (ioctl(fd, SIOCGIFAFLAG_IN6, &ifr6) < 0) { 1663 close(fd); 1664 return ISC_FALSE; 1665 } 1666 close(fd); 1667 if ((ifr6.ifr_ifru.ifru_flags6 & flags6) != 0) 1668 return ISC_TRUE; 1669 #endif /* INCLUDE_IPV6_SUPPORT && SIOCGIFAFLAG_IN6 */ 1670 return ISC_FALSE; 1671 } 1672 1673 static isc_boolean_t 1674 is_anycast( 1675 sockaddr_u *psau, 1676 const char *name 1677 ) 1678 { 1679 #ifdef IN6_IFF_ANYCAST 1680 return check_flags6(psau, name, IN6_IFF_ANYCAST); 1681 #else 1682 return ISC_FALSE; 1683 #endif 1684 } 1685 1686 static isc_boolean_t 1687 is_valid( 1688 sockaddr_u *psau, 1689 const char *name 1690 ) 1691 { 1692 u_int32 flags; 1693 1694 flags = 0; 1695 switch (psau->sa.sa_family) { 1696 case AF_INET: 1697 #ifdef IN_IFF_DETACHED 1698 flags |= IN_IFF_DETACHED; 1699 #endif 1700 #ifdef IN_IFF_TENTATIVE 1701 flags |= IN_IFF_TENTATIVE; 1702 #endif 1703 return check_flags(psau, name, flags) ? ISC_FALSE : ISC_TRUE; 1704 case AF_INET6: 1705 #ifdef IN6_IFF_DEPARTED 1706 flags |= IN6_IFF_DEPARTED; 1707 #endif 1708 #ifdef IN6_IFF_DETACHED 1709 flags |= IN6_IFF_DETACHED; 1710 #endif 1711 #ifdef IN6_IFF_TENTATIVE 1712 flags |= IN6_IFF_TENTATIVE; 1713 #endif 1714 return check_flags6(psau, name, flags) ? ISC_FALSE : ISC_TRUE; 1715 default: 1716 return ISC_FALSE; 1717 } 1718 } 1719 1720 /* 1721 * update_interface strategy 1722 * 1723 * toggle configuration phase 1724 * 1725 * Phase 1: 1726 * forall currently existing interfaces 1727 * if address is known: 1728 * drop socket - rebind again 1729 * 1730 * if address is NOT known: 1731 * attempt to create a new interface entry 1732 * 1733 * Phase 2: 1734 * forall currently known non MCAST and WILDCARD interfaces 1735 * if interface does not match configuration phase (not seen in phase 1): 1736 * remove interface from known interface list 1737 * forall peers associated with this interface 1738 * disconnect peer from this interface 1739 * 1740 * Phase 3: 1741 * attempt to re-assign interfaces to peers 1742 * 1743 */ 1744 1745 static int 1746 update_interfaces( 1747 u_short port, 1748 interface_receiver_t receiver, 1749 void * data 1750 ) 1751 { 1752 isc_mem_t * mctx = (void *)-1; 1753 interface_info_t ifi; 1754 isc_interfaceiter_t * iter; 1755 isc_result_t result; 1756 isc_interface_t isc_if; 1757 int new_interface_found; 1758 unsigned int family; 1759 endpt enumep; 1760 endpt * ep; 1761 endpt * next_ep; 1762 1763 DPRINTF(3, ("update_interfaces(%d)\n", port)); 1764 1765 /* 1766 * phase one - scan interfaces 1767 * - create those that are not found 1768 * - update those that are found 1769 */ 1770 1771 new_interface_found = FALSE; 1772 iter = NULL; 1773 result = isc_interfaceiter_create(mctx, &iter); 1774 1775 if (result != ISC_R_SUCCESS) 1776 return 0; 1777 1778 /* 1779 * Toggle system interface scan phase to find untouched 1780 * interfaces to be deleted. 1781 */ 1782 sys_interphase ^= 0x1; 1783 1784 for (result = isc_interfaceiter_first(iter); 1785 ISC_R_SUCCESS == result; 1786 result = isc_interfaceiter_next(iter)) { 1787 1788 result = isc_interfaceiter_current(iter, &isc_if); 1789 1790 if (result != ISC_R_SUCCESS) 1791 break; 1792 1793 /* See if we have a valid family to use */ 1794 family = isc_if.address.family; 1795 if (AF_INET != family && AF_INET6 != family) 1796 continue; 1797 if (AF_INET == family && !ipv4_works) 1798 continue; 1799 if (AF_INET6 == family && !ipv6_works) 1800 continue; 1801 1802 /* create prototype */ 1803 init_interface(&enumep); 1804 1805 convert_isc_if(&isc_if, &enumep, port); 1806 1807 DPRINT_INTERFACE(4, (&enumep, "examining ", "\n")); 1808 1809 /* 1810 * Check if and how we are going to use the interface. 1811 */ 1812 switch (interface_action(enumep.name, &enumep.sin, 1813 enumep.flags)) { 1814 1815 case ACTION_IGNORE: 1816 DPRINTF(4, ("ignoring interface %s (%s) - by nic rules\n", 1817 enumep.name, stoa(&enumep.sin))); 1818 continue; 1819 1820 case ACTION_LISTEN: 1821 DPRINTF(4, ("listen interface %s (%s) - by nic rules\n", 1822 enumep.name, stoa(&enumep.sin))); 1823 enumep.ignore_packets = ISC_FALSE; 1824 break; 1825 1826 case ACTION_DROP: 1827 DPRINTF(4, ("drop on interface %s (%s) - by nic rules\n", 1828 enumep.name, stoa(&enumep.sin))); 1829 enumep.ignore_packets = ISC_TRUE; 1830 break; 1831 } 1832 1833 /* interfaces must be UP to be usable */ 1834 if (!(enumep.flags & INT_UP)) { 1835 DPRINTF(4, ("skipping interface %s (%s) - DOWN\n", 1836 enumep.name, stoa(&enumep.sin))); 1837 continue; 1838 } 1839 1840 /* 1841 * skip any interfaces UP and bound to a wildcard 1842 * address - some dhcp clients produce that in the 1843 * wild 1844 */ 1845 if (is_wildcard_addr(&enumep.sin)) 1846 continue; 1847 1848 if (is_anycast(&enumep.sin, isc_if.name)) 1849 continue; 1850 1851 /* 1852 * skip any address that is an invalid state to be used 1853 */ 1854 if (!is_valid(&enumep.sin, isc_if.name)) 1855 continue; 1856 1857 /* 1858 * map to local *address* in order to map all duplicate 1859 * interfaces to an endpt structure with the appropriate 1860 * socket. Our name space is (ip-address), NOT 1861 * (interface name, ip-address). 1862 */ 1863 ep = getinterface(&enumep.sin, INT_WILDCARD); 1864 1865 if (ep != NULL && refresh_interface(ep)) { 1866 /* 1867 * found existing and up to date interface - 1868 * mark present. 1869 */ 1870 if (ep->phase != sys_interphase) { 1871 /* 1872 * On a new round we reset the name so 1873 * the interface name shows up again if 1874 * this address is no longer shared. 1875 * We reset ignore_packets from the 1876 * new prototype to respect any runtime 1877 * changes to the nic rules. 1878 */ 1879 strlcpy(ep->name, enumep.name, 1880 sizeof(ep->name)); 1881 ep->ignore_packets = 1882 enumep.ignore_packets; 1883 } else { 1884 /* name collision - rename interface */ 1885 strlcpy(ep->name, "*multiple*", 1886 sizeof(ep->name)); 1887 } 1888 1889 DPRINT_INTERFACE(4, (ep, "updating ", 1890 " present\n")); 1891 1892 if (ep->ignore_packets != 1893 enumep.ignore_packets) { 1894 /* 1895 * We have conflicting configurations 1896 * for the interface address. This is 1897 * caused by using -I <interfacename> 1898 * for an interface that shares its 1899 * address with other interfaces. We 1900 * can not disambiguate incoming 1901 * packets delivered to this socket 1902 * without extra syscalls/features. 1903 * These are not (commonly) available. 1904 * Note this is a more unusual 1905 * configuration where several 1906 * interfaces share an address but 1907 * filtering via interface name is 1908 * attempted. We resolve the 1909 * configuration conflict by disabling 1910 * the processing of received packets. 1911 * This leads to no service on the 1912 * interface address where the conflict 1913 * occurs. 1914 */ 1915 msyslog(LOG_ERR, 1916 "WARNING: conflicting enable configuration for interfaces %s and %s for address %s - unsupported configuration - address DISABLED", 1917 enumep.name, ep->name, 1918 stoa(&enumep.sin)); 1919 1920 ep->ignore_packets = ISC_TRUE; 1921 } 1922 1923 ep->phase = sys_interphase; 1924 1925 ifi.action = IFS_EXISTS; 1926 ifi.ep = ep; 1927 if (receiver != NULL) 1928 (*receiver)(data, &ifi); 1929 } else { 1930 /* 1931 * This is new or refreshing failed - add to 1932 * our interface list. If refreshing failed we 1933 * will delete the interface structure in phase 1934 * 2 as the interface was not marked current. 1935 * We can bind to the address as the refresh 1936 * code already closed the offending socket 1937 */ 1938 ep = create_interface(port, &enumep); 1939 1940 if (ep != NULL) { 1941 ifi.action = IFS_CREATED; 1942 ifi.ep = ep; 1943 if (receiver != NULL) 1944 (*receiver)(data, &ifi); 1945 1946 new_interface_found = TRUE; 1947 DPRINT_INTERFACE(3, 1948 (ep, "updating ", 1949 " new - created\n")); 1950 } else { 1951 DPRINT_INTERFACE(3, 1952 (&enumep, "updating ", 1953 " new - creation FAILED")); 1954 1955 msyslog(LOG_INFO, 1956 "failed to init interface for address %s", 1957 stoa(&enumep.sin)); 1958 continue; 1959 } 1960 } 1961 } 1962 1963 isc_interfaceiter_destroy(&iter); 1964 1965 /* 1966 * phase 2 - delete gone interfaces - reassigning peers to 1967 * other interfaces 1968 */ 1969 for (ep = ep_list; ep != NULL; ep = next_ep) { 1970 next_ep = ep->elink; 1971 1972 /* 1973 * if phase does not match sys_phase this interface was 1974 * not enumerated during the last interface scan - so it 1975 * is gone and will be deleted here unless it did not 1976 * originate from interface enumeration (INT_WILDCARD, 1977 * INT_MCASTIF). 1978 */ 1979 if (((INT_WILDCARD | INT_MCASTIF) & ep->flags) || 1980 ep->phase == sys_interphase) 1981 continue; 1982 1983 DPRINT_INTERFACE(3, (ep, "updating ", 1984 "GONE - deleting\n")); 1985 remove_interface(ep); 1986 1987 ifi.action = IFS_DELETED; 1988 ifi.ep = ep; 1989 if (receiver != NULL) 1990 (*receiver)(data, &ifi); 1991 1992 /* disconnect peers from deleted endpt. */ 1993 while (ep->peers != NULL) 1994 set_peerdstadr(ep->peers, NULL); 1995 1996 /* 1997 * update globals in case we lose 1998 * a loopback interface 1999 */ 2000 if (ep == loopback_interface) 2001 loopback_interface = NULL; 2002 2003 delete_interface(ep); 2004 } 2005 2006 /* 2007 * phase 3 - re-configure as the world has possibly changed 2008 * 2009 * never ever make this conditional again - it is needed to track 2010 * routing updates. see bug #2506 2011 */ 2012 refresh_all_peerinterfaces(); 2013 2014 if (sys_bclient) 2015 io_setbclient(); 2016 2017 #ifdef MCAST 2018 /* 2019 * Check multicast interfaces and try to join multicast groups if 2020 * not joined yet. 2021 */ 2022 for (ep = ep_list; ep != NULL; ep = ep->elink) { 2023 remaddr_t *entry; 2024 2025 if (!(INT_MCASTIF & ep->flags) || (INT_MCASTOPEN & ep->flags)) 2026 continue; 2027 2028 /* Find remote address that was linked to this interface */ 2029 for (entry = remoteaddr_list; 2030 entry != NULL; 2031 entry = entry->link) { 2032 if (entry->ep == ep) { 2033 if (socket_multicast_enable(ep, &entry->addr)) { 2034 msyslog(LOG_INFO, 2035 "Joined %s socket to multicast group %s", 2036 stoa(&ep->sin), 2037 stoa(&entry->addr)); 2038 } 2039 break; 2040 } 2041 } 2042 } 2043 #endif /* MCAST */ 2044 2045 return new_interface_found; 2046 } 2047 2048 2049 /* 2050 * create_sockets - create a socket for each interface plus a default 2051 * socket for when we don't know where to send 2052 */ 2053 static int 2054 create_sockets( 2055 u_short port 2056 ) 2057 { 2058 #ifndef HAVE_IO_COMPLETION_PORT 2059 /* 2060 * I/O Completion Ports don't care about the select and FD_SET 2061 */ 2062 maxactivefd = 0; 2063 FD_ZERO(&activefds); 2064 #endif 2065 2066 DPRINTF(2, ("create_sockets(%d)\n", port)); 2067 2068 create_wildcards(port); 2069 2070 update_interfaces(port, NULL, NULL); 2071 2072 /* 2073 * Now that we have opened all the sockets, turn off the reuse 2074 * flag for security. 2075 */ 2076 set_reuseaddr(0); 2077 2078 DPRINTF(2, ("create_sockets: Total interfaces = %d\n", ninterfaces)); 2079 2080 return ninterfaces; 2081 } 2082 2083 /* 2084 * create_interface - create a new interface for a given prototype 2085 * binding the socket. 2086 */ 2087 static struct interface * 2088 create_interface( 2089 u_short port, 2090 struct interface * protot 2091 ) 2092 { 2093 sockaddr_u resmask; 2094 endpt * iface; 2095 #if defined(MCAST) && defined(MULTICAST_NONEWSOCKET) 2096 remaddr_t * entry; 2097 remaddr_t * next_entry; 2098 #endif 2099 DPRINTF(2, ("create_interface(%s#%d)\n", stoa(&protot->sin), 2100 port)); 2101 2102 /* build an interface */ 2103 iface = new_interface(protot); 2104 2105 /* 2106 * create socket 2107 */ 2108 iface->fd = open_socket(&iface->sin, 0, 0, iface); 2109 2110 if (iface->fd != INVALID_SOCKET) 2111 log_listen_address(iface); 2112 2113 if ((INT_BROADCAST & iface->flags) 2114 && iface->bfd != INVALID_SOCKET) 2115 msyslog(LOG_INFO, "Listening on broadcast address %s#%d", 2116 stoa((&iface->bcast)), port); 2117 2118 if (INVALID_SOCKET == iface->fd 2119 && INVALID_SOCKET == iface->bfd) { 2120 msyslog(LOG_ERR, "unable to create socket on %s (%d) for %s#%d", 2121 iface->name, 2122 iface->ifnum, 2123 stoa((&iface->sin)), 2124 port); 2125 delete_interface(iface); 2126 return NULL; 2127 } 2128 2129 /* 2130 * Blacklist our own addresses, no use talking to ourself 2131 */ 2132 SET_HOSTMASK(&resmask, AF(&iface->sin)); 2133 hack_restrict(RESTRICT_FLAGS, &iface->sin, &resmask, 2134 -4, RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0); 2135 2136 /* 2137 * set globals with the first found 2138 * loopback interface of the appropriate class 2139 */ 2140 if (NULL == loopback_interface && AF_INET == iface->family 2141 && (INT_LOOPBACK & iface->flags)) 2142 loopback_interface = iface; 2143 2144 /* 2145 * put into our interface list 2146 */ 2147 add_addr_to_list(&iface->sin, iface); 2148 add_interface(iface); 2149 2150 #if defined(MCAST) && defined(MULTICAST_NONEWSOCKET) 2151 /* 2152 * Join any previously-configured compatible multicast groups. 2153 */ 2154 if (INT_MULTICAST & iface->flags && 2155 !((INT_LOOPBACK | INT_WILDCARD) & iface->flags) && 2156 !iface->ignore_packets) { 2157 for (entry = remoteaddr_list; 2158 entry != NULL; 2159 entry = next_entry) { 2160 next_entry = entry->link; 2161 if (AF(&iface->sin) != AF(&entry->addr) || 2162 !IS_MCAST(&entry->addr)) 2163 continue; 2164 if (socket_multicast_enable(iface, 2165 &entry->addr)) 2166 msyslog(LOG_INFO, 2167 "Joined %s socket to multicast group %s", 2168 stoa(&iface->sin), 2169 stoa(&entry->addr)); 2170 else 2171 msyslog(LOG_ERR, 2172 "Failed to join %s socket to multicast group %s", 2173 stoa(&iface->sin), 2174 stoa(&entry->addr)); 2175 } 2176 } 2177 #endif /* MCAST && MCAST_NONEWSOCKET */ 2178 2179 DPRINT_INTERFACE(2, (iface, "created ", "\n")); 2180 return iface; 2181 } 2182 2183 2184 #ifdef SO_EXCLUSIVEADDRUSE 2185 static void 2186 set_excladdruse( 2187 SOCKET fd 2188 ) 2189 { 2190 int one = 1; 2191 int failed; 2192 #ifdef SYS_WINNT 2193 DWORD err; 2194 #endif 2195 2196 failed = setsockopt(fd, SOL_SOCKET, SO_EXCLUSIVEADDRUSE, 2197 (void *)&one, sizeof(one)); 2198 2199 if (!failed) 2200 return; 2201 2202 #ifdef SYS_WINNT 2203 /* 2204 * Prior to Windows XP setting SO_EXCLUSIVEADDRUSE can fail with 2205 * error WSAINVAL depending on service pack level and whether 2206 * the user account is in the Administrators group. Do not 2207 * complain if it fails that way on versions prior to XP (5.1). 2208 */ 2209 err = GetLastError(); 2210 2211 if (isc_win32os_versioncheck(5, 1, 0, 0) < 0 /* < 5.1/XP */ 2212 && WSAEINVAL == err) 2213 return; 2214 2215 SetLastError(err); 2216 #endif 2217 msyslog(LOG_ERR, 2218 "setsockopt(%d, SO_EXCLUSIVEADDRUSE, on): %m", 2219 (int)fd); 2220 } 2221 #endif /* SO_EXCLUSIVEADDRUSE */ 2222 2223 2224 /* 2225 * set_reuseaddr() - set/clear REUSEADDR on all sockets 2226 * NB possible hole - should we be doing this on broadcast 2227 * fd's also? 2228 */ 2229 static void 2230 set_reuseaddr( 2231 int flag 2232 ) 2233 { 2234 #ifndef SO_EXCLUSIVEADDRUSE 2235 endpt *ep; 2236 2237 for (ep = ep_list; ep != NULL; ep = ep->elink) { 2238 if (ep->flags & INT_WILDCARD) 2239 continue; 2240 2241 /* 2242 * if ep->fd is INVALID_SOCKET, we might have a adapter 2243 * configured but not present 2244 */ 2245 DPRINTF(4, ("setting SO_REUSEADDR on %.16s@%s to %s\n", 2246 ep->name, stoa(&ep->sin), 2247 flag ? "on" : "off")); 2248 2249 if (ep->fd != INVALID_SOCKET) { 2250 if (setsockopt(ep->fd, SOL_SOCKET, SO_REUSEADDR, 2251 (void *)&flag, sizeof(flag))) { 2252 msyslog(LOG_ERR, "set_reuseaddr: setsockopt(%s, SO_REUSEADDR, %s) failed: %m", 2253 stoa(&ep->sin), flag ? "on" : "off"); 2254 } 2255 } 2256 } 2257 #endif /* ! SO_EXCLUSIVEADDRUSE */ 2258 } 2259 2260 /* 2261 * This is just a wrapper around an internal function so we can 2262 * make other changes as necessary later on 2263 */ 2264 void 2265 enable_broadcast( 2266 struct interface * iface, 2267 sockaddr_u * baddr 2268 ) 2269 { 2270 #ifdef OPEN_BCAST_SOCKET 2271 socket_broadcast_enable(iface, iface->fd, baddr); 2272 #endif 2273 } 2274 2275 #ifdef OPEN_BCAST_SOCKET 2276 /* 2277 * Enable a broadcast address to a given socket 2278 * The socket is in the ep_list all we need to do is enable 2279 * broadcasting. It is not this function's job to select the socket 2280 */ 2281 static isc_boolean_t 2282 socket_broadcast_enable( 2283 struct interface * iface, 2284 SOCKET fd, 2285 sockaddr_u * baddr 2286 ) 2287 { 2288 #ifdef SO_BROADCAST 2289 int on = 1; 2290 2291 if (IS_IPV4(baddr)) { 2292 /* if this interface can support broadcast, set SO_BROADCAST */ 2293 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, 2294 (void *)&on, sizeof(on))) 2295 msyslog(LOG_ERR, 2296 "setsockopt(SO_BROADCAST) enable failure on address %s: %m", 2297 stoa(baddr)); 2298 else 2299 DPRINTF(2, ("Broadcast enabled on socket %d for address %s\n", 2300 fd, stoa(baddr))); 2301 } 2302 iface->flags |= INT_BCASTXMIT; 2303 return ISC_TRUE; 2304 #else 2305 return ISC_FALSE; 2306 #endif /* SO_BROADCAST */ 2307 } 2308 2309 #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES 2310 /* 2311 * Remove a broadcast address from a given socket 2312 * The socket is in the ep_list all we need to do is disable 2313 * broadcasting. It is not this function's job to select the socket 2314 */ 2315 static isc_boolean_t 2316 socket_broadcast_disable( 2317 struct interface * iface, 2318 sockaddr_u * baddr 2319 ) 2320 { 2321 #ifdef SO_BROADCAST 2322 int off = 0; /* This seems to be OK as an int */ 2323 2324 if (IS_IPV4(baddr) && setsockopt(iface->fd, SOL_SOCKET, 2325 SO_BROADCAST, (void *)&off, sizeof(off))) 2326 msyslog(LOG_ERR, 2327 "setsockopt(SO_BROADCAST) disable failure on address %s: %m", 2328 stoa(baddr)); 2329 2330 iface->flags &= ~INT_BCASTXMIT; 2331 return ISC_TRUE; 2332 #else 2333 return ISC_FALSE; 2334 #endif /* SO_BROADCAST */ 2335 } 2336 #endif /* OS_MISSES_SPECIFIC_ROUTE_UPDATES */ 2337 2338 #endif /* OPEN_BCAST_SOCKET */ 2339 2340 /* 2341 * return the broadcast client flag value 2342 */ 2343 /*isc_boolean_t 2344 get_broadcastclient_flag(void) 2345 { 2346 return (broadcast_client_enabled); 2347 } 2348 */ 2349 2350 /* 2351 * Check to see if the address is a multicast address 2352 */ 2353 static isc_boolean_t 2354 addr_ismulticast( 2355 sockaddr_u *maddr 2356 ) 2357 { 2358 isc_boolean_t result; 2359 2360 #ifndef INCLUDE_IPV6_MULTICAST_SUPPORT 2361 /* 2362 * If we don't have IPV6 support any IPV6 addr is not multicast 2363 */ 2364 if (IS_IPV6(maddr)) 2365 result = ISC_FALSE; 2366 else 2367 #endif 2368 result = IS_MCAST(maddr); 2369 2370 if (!result) 2371 DPRINTF(4, ("address %s is not multicast\n", 2372 stoa(maddr))); 2373 2374 return result; 2375 } 2376 2377 /* 2378 * Multicast servers need to set the appropriate Multicast interface 2379 * socket option in order for it to know which interface to use for 2380 * send the multicast packet. 2381 */ 2382 void 2383 enable_multicast_if( 2384 struct interface * iface, 2385 sockaddr_u * maddr 2386 ) 2387 { 2388 #ifdef MCAST 2389 #ifdef IP_MULTICAST_LOOP 2390 TYPEOF_IP_MULTICAST_LOOP off = 0; 2391 #endif 2392 #if defined(INCLUDE_IPV6_MULTICAST_SUPPORT) && defined(IPV6_MULTICAST_LOOP) 2393 u_int off6 = 0; 2394 #endif 2395 2396 REQUIRE(AF(maddr) == AF(&iface->sin)); 2397 2398 switch (AF(&iface->sin)) { 2399 2400 case AF_INET: 2401 #ifdef IP_MULTICAST_LOOP 2402 /* 2403 * Don't send back to itself, but allow failure to set 2404 */ 2405 if (setsockopt(iface->fd, IPPROTO_IP, 2406 IP_MULTICAST_LOOP, 2407 (void *)&off, 2408 sizeof(off))) { 2409 2410 msyslog(LOG_ERR, 2411 "setsockopt IP_MULTICAST_LOOP failed: %m on socket %d, addr %s for multicast address %s", 2412 iface->fd, stoa(&iface->sin), 2413 stoa(maddr)); 2414 } 2415 #endif 2416 break; 2417 2418 case AF_INET6: 2419 #ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2420 #ifdef IPV6_MULTICAST_LOOP 2421 /* 2422 * Don't send back to itself, but allow failure to set 2423 */ 2424 if (setsockopt(iface->fd, IPPROTO_IPV6, 2425 IPV6_MULTICAST_LOOP, 2426 (void *) &off6, sizeof(off6))) { 2427 2428 msyslog(LOG_ERR, 2429 "setsockopt IPV6_MULTICAST_LOOP failed: %m on socket %d, addr %s for multicast address %s", 2430 iface->fd, stoa(&iface->sin), 2431 stoa(maddr)); 2432 } 2433 #endif 2434 break; 2435 #else 2436 return; 2437 #endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */ 2438 } 2439 return; 2440 #endif 2441 } 2442 2443 /* 2444 * Add a multicast address to a given socket 2445 * The socket is in the ep_list all we need to do is enable 2446 * multicasting. It is not this function's job to select the socket 2447 */ 2448 #if defined(MCAST) 2449 static isc_boolean_t 2450 socket_multicast_enable( 2451 endpt * iface, 2452 sockaddr_u * maddr 2453 ) 2454 { 2455 struct ip_mreq mreq; 2456 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2457 struct ipv6_mreq mreq6; 2458 # endif 2459 switch (AF(maddr)) { 2460 2461 case AF_INET: 2462 ZERO(mreq); 2463 mreq.imr_multiaddr = SOCK_ADDR4(maddr); 2464 mreq.imr_interface.s_addr = htonl(INADDR_ANY); 2465 if (setsockopt(iface->fd, 2466 IPPROTO_IP, 2467 IP_ADD_MEMBERSHIP, 2468 (void *)&mreq, 2469 sizeof(mreq))) { 2470 DPRINTF(2, ( 2471 "setsockopt IP_ADD_MEMBERSHIP failed: %m on socket %d, addr %s for %x / %x (%s)", 2472 iface->fd, stoa(&iface->sin), 2473 mreq.imr_multiaddr.s_addr, 2474 mreq.imr_interface.s_addr, 2475 stoa(maddr))); 2476 return ISC_FALSE; 2477 } 2478 DPRINTF(4, ("Added IPv4 multicast membership on socket %d, addr %s for %x / %x (%s)\n", 2479 iface->fd, stoa(&iface->sin), 2480 mreq.imr_multiaddr.s_addr, 2481 mreq.imr_interface.s_addr, stoa(maddr))); 2482 break; 2483 2484 case AF_INET6: 2485 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2486 /* 2487 * Enable reception of multicast packets. 2488 * If the address is link-local we can get the 2489 * interface index from the scope id. Don't do this 2490 * for other types of multicast addresses. For now let 2491 * the kernel figure it out. 2492 */ 2493 ZERO(mreq6); 2494 mreq6.ipv6mr_multiaddr = SOCK_ADDR6(maddr); 2495 mreq6.ipv6mr_interface = iface->ifindex; 2496 2497 if (setsockopt(iface->fd, IPPROTO_IPV6, 2498 IPV6_JOIN_GROUP, (void *)&mreq6, 2499 sizeof(mreq6))) { 2500 DPRINTF(2, ( 2501 "setsockopt IPV6_JOIN_GROUP failed: %m on socket %d, addr %s for interface %u (%s)", 2502 iface->fd, stoa(&iface->sin), 2503 mreq6.ipv6mr_interface, stoa(maddr))); 2504 return ISC_FALSE; 2505 } 2506 DPRINTF(4, ("Added IPv6 multicast group on socket %d, addr %s for interface %u (%s)\n", 2507 iface->fd, stoa(&iface->sin), 2508 mreq6.ipv6mr_interface, stoa(maddr))); 2509 # else 2510 return ISC_FALSE; 2511 # endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */ 2512 } 2513 iface->flags |= INT_MCASTOPEN; 2514 iface->num_mcast++; 2515 2516 return ISC_TRUE; 2517 } 2518 #endif /* MCAST */ 2519 2520 2521 /* 2522 * Remove a multicast address from a given socket 2523 * The socket is in the ep_list all we need to do is disable 2524 * multicasting. It is not this function's job to select the socket 2525 */ 2526 #ifdef MCAST 2527 static isc_boolean_t 2528 socket_multicast_disable( 2529 struct interface * iface, 2530 sockaddr_u * maddr 2531 ) 2532 { 2533 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2534 struct ipv6_mreq mreq6; 2535 # endif 2536 struct ip_mreq mreq; 2537 2538 ZERO(mreq); 2539 2540 if (find_addr_in_list(maddr) == NULL) { 2541 DPRINTF(4, ("socket_multicast_disable(%s): not found\n", 2542 stoa(maddr))); 2543 return ISC_TRUE; 2544 } 2545 2546 switch (AF(maddr)) { 2547 2548 case AF_INET: 2549 mreq.imr_multiaddr = SOCK_ADDR4(maddr); 2550 mreq.imr_interface = SOCK_ADDR4(&iface->sin); 2551 if (setsockopt(iface->fd, IPPROTO_IP, 2552 IP_DROP_MEMBERSHIP, (void *)&mreq, 2553 sizeof(mreq))) { 2554 2555 msyslog(LOG_ERR, 2556 "setsockopt IP_DROP_MEMBERSHIP failed: %m on socket %d, addr %s for %x / %x (%s)", 2557 iface->fd, stoa(&iface->sin), 2558 SRCADR(maddr), SRCADR(&iface->sin), 2559 stoa(maddr)); 2560 return ISC_FALSE; 2561 } 2562 break; 2563 case AF_INET6: 2564 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2565 /* 2566 * Disable reception of multicast packets 2567 * If the address is link-local we can get the 2568 * interface index from the scope id. Don't do this 2569 * for other types of multicast addresses. For now let 2570 * the kernel figure it out. 2571 */ 2572 mreq6.ipv6mr_multiaddr = SOCK_ADDR6(maddr); 2573 mreq6.ipv6mr_interface = iface->ifindex; 2574 2575 if (setsockopt(iface->fd, IPPROTO_IPV6, 2576 IPV6_LEAVE_GROUP, (void *)&mreq6, 2577 sizeof(mreq6))) { 2578 2579 msyslog(LOG_ERR, 2580 "setsockopt IPV6_LEAVE_GROUP failure: %m on socket %d, addr %s for %d (%s)", 2581 iface->fd, stoa(&iface->sin), 2582 iface->ifindex, stoa(maddr)); 2583 return ISC_FALSE; 2584 } 2585 break; 2586 # else 2587 return ISC_FALSE; 2588 # endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */ 2589 } 2590 2591 iface->num_mcast--; 2592 if (!iface->num_mcast) 2593 iface->flags &= ~INT_MCASTOPEN; 2594 2595 return ISC_TRUE; 2596 } 2597 #endif /* MCAST */ 2598 2599 /* 2600 * io_setbclient - open the broadcast client sockets 2601 */ 2602 void 2603 io_setbclient(void) 2604 { 2605 #ifdef OPEN_BCAST_SOCKET 2606 endpt * ep; 2607 unsigned int nif, ni4; 2608 2609 nif = ni4 = 0; 2610 set_reuseaddr(1); 2611 2612 for (ep = ep_list; ep != NULL; ep = ep->elink) { 2613 /* count IPv4 interfaces. Needed later to decide 2614 * if we should log an error or not. 2615 */ 2616 if (AF_INET == ep->family) { 2617 ++ni4; 2618 } 2619 2620 if (ep->flags & (INT_WILDCARD | INT_LOOPBACK)) 2621 continue; 2622 2623 /* use only allowed addresses */ 2624 if (ep->ignore_packets) 2625 continue; 2626 2627 /* Need a broadcast-capable interface */ 2628 if (!(ep->flags & INT_BROADCAST)) 2629 continue; 2630 2631 /* Only IPv4 addresses are valid for broadcast */ 2632 REQUIRE(IS_IPV4(&ep->bcast)); 2633 2634 /* Do we already have the broadcast address open? */ 2635 if (ep->flags & INT_BCASTOPEN) { 2636 /* 2637 * account for already open interfaces to avoid 2638 * misleading warning below 2639 */ 2640 nif++; 2641 continue; 2642 } 2643 2644 /* 2645 * Try to open the broadcast address 2646 */ 2647 ep->family = AF_INET; 2648 ep->bfd = open_socket(&ep->bcast, 1, 0, ep); 2649 2650 /* 2651 * If we succeeded then we use it otherwise enable 2652 * broadcast on the interface address 2653 */ 2654 if (ep->bfd != INVALID_SOCKET) { 2655 nif++; 2656 ep->flags |= INT_BCASTOPEN; 2657 msyslog(LOG_INFO, 2658 "Listen for broadcasts to %s on interface #%d %s", 2659 stoa(&ep->bcast), ep->ifnum, ep->name); 2660 } else switch (errno) { 2661 /* Silently ignore EADDRINUSE as we probably 2662 * opened the socket already for an address in 2663 * the same network */ 2664 case EADDRINUSE: 2665 /* Some systems cannot bind a socket to a broadcast 2666 * address, as that is not a valid host address. */ 2667 case EADDRNOTAVAIL: 2668 # ifdef SYS_WINNT /*TODO: use for other systems, too? */ 2669 /* avoid recurrence here -- if we already have a 2670 * regular socket, it's quite useless to try this 2671 * again. 2672 */ 2673 if (ep->fd != INVALID_SOCKET) { 2674 ep->flags |= INT_BCASTOPEN; 2675 nif++; 2676 } 2677 # endif 2678 break; 2679 2680 default: 2681 msyslog(LOG_INFO, 2682 "failed to listen for broadcasts to %s on interface #%d %s", 2683 stoa(&ep->bcast), ep->ifnum, ep->name); 2684 break; 2685 } 2686 } 2687 set_reuseaddr(0); 2688 if (nif != 0) { 2689 broadcast_client_enabled = ISC_TRUE; 2690 DPRINTF(1, ("io_setbclient: listening to %d broadcast addresses\n", nif)); 2691 } else { 2692 broadcast_client_enabled = ISC_FALSE; 2693 /* This is expected when having only IPv6 interfaces 2694 * and no IPv4 interfaces at all. We suppress the error 2695 * log in that case... everything else should work! 2696 */ 2697 if (ni4) { 2698 msyslog(LOG_ERR, 2699 "Unable to listen for broadcasts, no broadcast interfaces available"); 2700 } 2701 } 2702 #else 2703 msyslog(LOG_ERR, 2704 "io_setbclient: Broadcast Client disabled by build"); 2705 #endif /* OPEN_BCAST_SOCKET */ 2706 } 2707 2708 /* 2709 * io_unsetbclient - close the broadcast client sockets 2710 */ 2711 void 2712 io_unsetbclient(void) 2713 { 2714 endpt *ep; 2715 2716 for (ep = ep_list; ep != NULL; ep = ep->elink) { 2717 if (INT_WILDCARD & ep->flags) 2718 continue; 2719 if (!(INT_BCASTOPEN & ep->flags)) 2720 continue; 2721 2722 if (ep->bfd != INVALID_SOCKET) { 2723 /* destroy broadcast listening socket */ 2724 msyslog(LOG_INFO, 2725 "stop listening for broadcasts to %s on interface #%d %s", 2726 stoa(&ep->bcast), ep->ifnum, ep->name); 2727 # ifdef HAVE_IO_COMPLETION_PORT 2728 io_completion_port_remove_socket(ep->bfd, ep); 2729 # endif 2730 close_and_delete_fd_from_list(ep->bfd); 2731 ep->bfd = INVALID_SOCKET; 2732 } 2733 ep->flags &= ~INT_BCASTOPEN; 2734 } 2735 broadcast_client_enabled = ISC_FALSE; 2736 } 2737 2738 /* 2739 * io_multicast_add() - add multicast group address 2740 */ 2741 void 2742 io_multicast_add( 2743 sockaddr_u *addr 2744 ) 2745 { 2746 #ifdef MCAST 2747 endpt * ep; 2748 endpt * one_ep; 2749 2750 /* 2751 * Check to see if this is a multicast address 2752 */ 2753 if (!addr_ismulticast(addr)) 2754 return; 2755 2756 /* If we already have it we can just return */ 2757 if (NULL != find_flagged_addr_in_list(addr, INT_MCASTOPEN)) { 2758 msyslog(LOG_INFO, 2759 "Duplicate request found for multicast address %s", 2760 stoa(addr)); 2761 return; 2762 } 2763 2764 # ifndef MULTICAST_NONEWSOCKET 2765 ep = new_interface(NULL); 2766 2767 /* 2768 * Open a new socket for the multicast address 2769 */ 2770 ep->sin = *addr; 2771 SET_PORT(&ep->sin, NTP_PORT); 2772 ep->family = AF(&ep->sin); 2773 AF(&ep->mask) = ep->family; 2774 SET_ONESMASK(&ep->mask); 2775 2776 set_reuseaddr(1); 2777 ep->bfd = INVALID_SOCKET; 2778 ep->fd = open_socket(&ep->sin, 0, 0, ep); 2779 if (ep->fd != INVALID_SOCKET) { 2780 ep->ignore_packets = ISC_FALSE; 2781 ep->flags |= INT_MCASTIF; 2782 ep->ifindex = SCOPE(addr); 2783 2784 strlcpy(ep->name, "multicast", sizeof(ep->name)); 2785 DPRINT_INTERFACE(2, (ep, "multicast add ", "\n")); 2786 add_interface(ep); 2787 log_listen_address(ep); 2788 } else { 2789 /* bind failed, re-use wildcard interface */ 2790 delete_interface(ep); 2791 2792 if (IS_IPV4(addr)) 2793 ep = wildipv4; 2794 else if (IS_IPV6(addr)) 2795 ep = wildipv6; 2796 else 2797 ep = NULL; 2798 2799 if (ep != NULL) { 2800 /* HACK ! -- stuff in an address */ 2801 /* because we don't bind addr? DH */ 2802 ep->bcast = *addr; 2803 msyslog(LOG_ERR, 2804 "multicast address %s using wildcard interface #%d %s", 2805 stoa(addr), ep->ifnum, ep->name); 2806 } else { 2807 msyslog(LOG_ERR, 2808 "No multicast socket available to use for address %s", 2809 stoa(addr)); 2810 return; 2811 } 2812 } 2813 { /* in place of the { following for in #else clause */ 2814 one_ep = ep; 2815 # else /* MULTICAST_NONEWSOCKET follows */ 2816 /* 2817 * For the case where we can't use a separate socket (Windows) 2818 * join each applicable endpoint socket to the group address. 2819 */ 2820 if (IS_IPV4(addr)) 2821 one_ep = wildipv4; 2822 else 2823 one_ep = wildipv6; 2824 for (ep = ep_list; ep != NULL; ep = ep->elink) { 2825 if (ep->ignore_packets || AF(&ep->sin) != AF(addr) || 2826 !(INT_MULTICAST & ep->flags) || 2827 (INT_LOOPBACK | INT_WILDCARD) & ep->flags) 2828 continue; 2829 one_ep = ep; 2830 # endif /* MULTICAST_NONEWSOCKET */ 2831 if (socket_multicast_enable(ep, addr)) 2832 msyslog(LOG_INFO, 2833 "Joined %s socket to multicast group %s", 2834 stoa(&ep->sin), 2835 stoa(addr)); 2836 } 2837 2838 add_addr_to_list(addr, one_ep); 2839 #else /* !MCAST follows*/ 2840 msyslog(LOG_ERR, 2841 "Can not add multicast address %s: no multicast support", 2842 stoa(addr)); 2843 #endif 2844 return; 2845 } 2846 2847 2848 /* 2849 * io_multicast_del() - delete multicast group address 2850 */ 2851 void 2852 io_multicast_del( 2853 sockaddr_u * addr 2854 ) 2855 { 2856 #ifdef MCAST 2857 endpt *iface; 2858 2859 /* 2860 * Check to see if this is a multicast address 2861 */ 2862 if (!addr_ismulticast(addr)) { 2863 msyslog(LOG_ERR, "invalid multicast address %s", 2864 stoa(addr)); 2865 return; 2866 } 2867 2868 /* 2869 * Disable reception of multicast packets 2870 */ 2871 while ((iface = find_flagged_addr_in_list(addr, INT_MCASTOPEN)) 2872 != NULL) 2873 socket_multicast_disable(iface, addr); 2874 2875 delete_addr_from_list(addr); 2876 2877 #else /* not MCAST */ 2878 msyslog(LOG_ERR, 2879 "Can not delete multicast address %s: no multicast support", 2880 stoa(addr)); 2881 #endif /* not MCAST */ 2882 } 2883 2884 2885 /* 2886 * open_socket - open a socket, returning the file descriptor 2887 */ 2888 2889 static SOCKET 2890 open_socket( 2891 sockaddr_u * addr, 2892 int bcast, 2893 int turn_off_reuse, 2894 endpt * interf 2895 ) 2896 { 2897 SOCKET fd; 2898 int errval; 2899 /* 2900 * int is OK for REUSEADR per 2901 * http://www.kohala.com/start/mcast.api.txt 2902 */ 2903 int on = 1; 2904 int off = 0; 2905 2906 if (IS_IPV6(addr) && !ipv6_works) 2907 return INVALID_SOCKET; 2908 2909 /* create a datagram (UDP) socket */ 2910 fd = socket(AF(addr), SOCK_DGRAM, 0); 2911 if (INVALID_SOCKET == fd) { 2912 errval = socket_errno(); 2913 msyslog(LOG_ERR, 2914 "socket(AF_INET%s, SOCK_DGRAM, 0) failed on address %s: %m", 2915 IS_IPV6(addr) ? "6" : "", stoa(addr)); 2916 2917 if (errval == EPROTONOSUPPORT || 2918 errval == EAFNOSUPPORT || 2919 errval == EPFNOSUPPORT) 2920 return (INVALID_SOCKET); 2921 2922 errno = errval; 2923 msyslog(LOG_ERR, 2924 "unexpected socket() error %m code %d (not EPROTONOSUPPORT nor EAFNOSUPPORT nor EPFNOSUPPORT) - exiting", 2925 errno); 2926 exit(1); 2927 } 2928 2929 #ifdef SYS_WINNT 2930 connection_reset_fix(fd, addr); 2931 #endif 2932 /* 2933 * Fixup the file descriptor for some systems 2934 * See bug #530 for details of the issue. 2935 */ 2936 fd = move_fd(fd); 2937 2938 /* 2939 * set SO_REUSEADDR since we will be binding the same port 2940 * number on each interface according to turn_off_reuse. 2941 * This is undesirable on Windows versions starting with 2942 * Windows XP (numeric version 5.1). 2943 */ 2944 #ifdef SYS_WINNT 2945 if (isc_win32os_versioncheck(5, 1, 0, 0) < 0) /* before 5.1 */ 2946 #endif 2947 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, 2948 (void *)((turn_off_reuse) 2949 ? &off 2950 : &on), 2951 sizeof(on))) { 2952 2953 msyslog(LOG_ERR, 2954 "setsockopt SO_REUSEADDR %s fails for address %s: %m", 2955 (turn_off_reuse) 2956 ? "off" 2957 : "on", 2958 stoa(addr)); 2959 closesocket(fd); 2960 return INVALID_SOCKET; 2961 } 2962 #ifdef SO_EXCLUSIVEADDRUSE 2963 /* 2964 * setting SO_EXCLUSIVEADDRUSE on the wildcard we open 2965 * first will cause more specific binds to fail. 2966 */ 2967 if (!(interf->flags & INT_WILDCARD)) 2968 set_excladdruse(fd); 2969 #endif 2970 2971 /* 2972 * IPv4 specific options go here 2973 */ 2974 if (IS_IPV4(addr)) { 2975 #if defined(IPPROTO_IP) && defined(IP_TOS) 2976 if (setsockopt(fd, IPPROTO_IP, IP_TOS, (void *)&qos, 2977 sizeof(qos))) 2978 msyslog(LOG_ERR, 2979 "setsockopt IP_TOS (%02x) fails on address %s: %m", 2980 qos, stoa(addr)); 2981 #endif /* IPPROTO_IP && IP_TOS */ 2982 if (bcast) 2983 socket_broadcast_enable(interf, fd, addr); 2984 } 2985 2986 /* 2987 * IPv6 specific options go here 2988 */ 2989 if (IS_IPV6(addr)) { 2990 #if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS) 2991 if (setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, (void *)&qos, 2992 sizeof(qos))) 2993 msyslog(LOG_ERR, 2994 "setsockopt IPV6_TCLASS (%02x) fails on address %s: %m", 2995 qos, stoa(addr)); 2996 #endif /* IPPROTO_IPV6 && IPV6_TCLASS */ 2997 #ifdef IPV6_V6ONLY 2998 if (isc_net_probe_ipv6only() == ISC_R_SUCCESS 2999 && setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, 3000 (void *)&on, sizeof(on))) 3001 msyslog(LOG_ERR, 3002 "setsockopt IPV6_V6ONLY on fails on address %s: %m", 3003 stoa(addr)); 3004 #endif 3005 #ifdef IPV6_BINDV6ONLY 3006 if (setsockopt(fd, IPPROTO_IPV6, IPV6_BINDV6ONLY, 3007 (void *)&on, sizeof(on))) 3008 msyslog(LOG_ERR, 3009 "setsockopt IPV6_BINDV6ONLY on fails on address %s: %m", 3010 stoa(addr)); 3011 #endif 3012 } 3013 3014 #ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND 3015 /* 3016 * some OSes don't allow binding to more specific 3017 * addresses if a wildcard address already bound 3018 * to the port and SO_REUSEADDR is not set 3019 */ 3020 if (!is_wildcard_addr(addr)) 3021 set_wildcard_reuse(AF(addr), 1); 3022 #endif 3023 3024 /* 3025 * bind the local address. 3026 */ 3027 errval = bind(fd, &addr->sa, SOCKLEN(addr)); 3028 3029 #ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND 3030 if (!is_wildcard_addr(addr)) 3031 set_wildcard_reuse(AF(addr), 0); 3032 #endif 3033 3034 if (errval < 0) { 3035 /* 3036 * Don't log this under all conditions 3037 */ 3038 if (turn_off_reuse == 0 3039 #ifdef DEBUG 3040 || debug > 1 3041 #endif 3042 ) { 3043 msyslog(LOG_ERR, 3044 "bind(%d) AF_INET%s %s#%d%s flags 0x%x failed: %m", 3045 fd, IS_IPV6(addr) ? "6" : "", 3046 stoa(addr), SRCPORT(addr), 3047 IS_MCAST(addr) ? " (multicast)" : "", 3048 interf->flags); 3049 } 3050 3051 closesocket(fd); 3052 3053 return INVALID_SOCKET; 3054 } 3055 3056 #ifdef HAVE_TIMESTAMP 3057 { 3058 if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMP, 3059 (void *)&on, sizeof(on))) 3060 msyslog(LOG_DEBUG, 3061 "setsockopt SO_TIMESTAMP on fails on address %s: %m", 3062 stoa(addr)); 3063 else 3064 DPRINTF(4, ("setsockopt SO_TIMESTAMP enabled on fd %d address %s\n", 3065 fd, stoa(addr))); 3066 } 3067 #endif 3068 #ifdef HAVE_TIMESTAMPNS 3069 { 3070 if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMPNS, 3071 (void *)&on, sizeof(on))) 3072 msyslog(LOG_DEBUG, 3073 "setsockopt SO_TIMESTAMPNS on fails on address %s: %m", 3074 stoa(addr)); 3075 else 3076 DPRINTF(4, ("setsockopt SO_TIMESTAMPNS enabled on fd %d address %s\n", 3077 fd, stoa(addr))); 3078 } 3079 #endif 3080 #ifdef HAVE_BINTIME 3081 { 3082 if (setsockopt(fd, SOL_SOCKET, SO_BINTIME, 3083 (void *)&on, sizeof(on))) 3084 msyslog(LOG_DEBUG, 3085 "setsockopt SO_BINTIME on fails on address %s: %m", 3086 stoa(addr)); 3087 else 3088 DPRINTF(4, ("setsockopt SO_BINTIME enabled on fd %d address %s\n", 3089 fd, stoa(addr))); 3090 } 3091 #endif 3092 3093 DPRINTF(4, ("bind(%d) AF_INET%s, addr %s%%%d#%d, flags 0x%x\n", 3094 fd, IS_IPV6(addr) ? "6" : "", stoa(addr), 3095 SCOPE(addr), SRCPORT(addr), interf->flags)); 3096 3097 make_socket_nonblocking(fd); 3098 3099 #ifdef HAVE_SIGNALED_IO 3100 init_socket_sig(fd); 3101 #endif /* not HAVE_SIGNALED_IO */ 3102 3103 add_fd_to_list(fd, FD_TYPE_SOCKET); 3104 3105 #if !defined(SYS_WINNT) && !defined(VMS) 3106 DPRINTF(4, ("flags for fd %d: 0x%x\n", fd, 3107 fcntl(fd, F_GETFL, 0))); 3108 #endif /* SYS_WINNT || VMS */ 3109 3110 #if defined(HAVE_IO_COMPLETION_PORT) 3111 /* 3112 * Add the socket to the completion port 3113 */ 3114 if (!io_completion_port_add_socket(fd, interf, bcast)) { 3115 msyslog(LOG_ERR, "unable to set up io completion port - EXITING"); 3116 exit(1); 3117 } 3118 #endif 3119 return fd; 3120 } 3121 3122 3123 3124 /* XXX ELIMINATE sendpkt similar in ntpq.c, ntpdc.c, ntp_io.c, ntptrace.c */ 3125 /* 3126 * sendpkt - send a packet to the specified destination. Maintain a 3127 * send error cache so that only the first consecutive error for a 3128 * destination is logged. 3129 */ 3130 void 3131 sendpkt( 3132 sockaddr_u * dest, 3133 struct interface * ep, 3134 int ttl, 3135 struct pkt * pkt, 3136 int len 3137 ) 3138 { 3139 endpt * src; 3140 int ismcast; 3141 int cc; 3142 int rc; 3143 u_char cttl; 3144 l_fp fp_zero = { { 0 }, 0 }; 3145 l_fp org, rec, xmt; 3146 3147 ismcast = IS_MCAST(dest); 3148 if (!ismcast) 3149 src = ep; 3150 else 3151 src = (IS_IPV4(dest)) 3152 ? mc4_list 3153 : mc6_list; 3154 3155 if (NULL == src) { 3156 /* 3157 * unbound peer - drop request and wait for better 3158 * network conditions 3159 */ 3160 DPRINTF(2, ("%ssendpkt(dst=%s, ttl=%d, len=%d): no interface - IGNORED\n", 3161 ismcast ? "\tMCAST\t***** " : "", 3162 stoa(dest), ttl, len)); 3163 return; 3164 } 3165 3166 do { 3167 DPRINTF(2, ("%ssendpkt(%d, dst=%s, src=%s, ttl=%d, len=%d)\n", 3168 ismcast ? "\tMCAST\t***** " : "", src->fd, 3169 stoa(dest), stoa(&src->sin), ttl, len)); 3170 #ifdef MCAST 3171 /* 3172 * for the moment we use the bcast option to set multicast ttl 3173 */ 3174 if (ismcast && ttl > 0 && ttl != src->last_ttl) { 3175 /* 3176 * set the multicast ttl for outgoing packets 3177 */ 3178 switch (AF(&src->sin)) { 3179 3180 case AF_INET : 3181 cttl = (u_char)ttl; 3182 rc = setsockopt(src->fd, IPPROTO_IP, 3183 IP_MULTICAST_TTL, 3184 (void *)&cttl, 3185 sizeof(cttl)); 3186 break; 3187 3188 # ifdef INCLUDE_IPV6_SUPPORT 3189 case AF_INET6 : 3190 rc = setsockopt(src->fd, IPPROTO_IPV6, 3191 IPV6_MULTICAST_HOPS, 3192 (void *)&ttl, 3193 sizeof(ttl)); 3194 break; 3195 # endif /* INCLUDE_IPV6_SUPPORT */ 3196 3197 default: 3198 rc = 0; 3199 } 3200 3201 if (!rc) 3202 src->last_ttl = ttl; 3203 else 3204 msyslog(LOG_ERR, 3205 "setsockopt IP_MULTICAST_TTL/IPV6_MULTICAST_HOPS fails on address %s: %m", 3206 stoa(&src->sin)); 3207 } 3208 #endif /* MCAST */ 3209 3210 #ifdef SIM 3211 cc = simulate_server(dest, src, pkt); 3212 #elif defined(HAVE_IO_COMPLETION_PORT) 3213 cc = io_completion_port_sendto(src, src->fd, pkt, 3214 (size_t)len, (sockaddr_u *)&dest->sa); 3215 #else 3216 cc = sendto(src->fd, (char *)pkt, (u_int)len, 0, 3217 &dest->sa, SOCKLEN(dest)); 3218 #endif 3219 if (cc == -1) { 3220 src->notsent++; 3221 packets_notsent++; 3222 } else { 3223 src->sent++; 3224 packets_sent++; 3225 } 3226 if (ismcast) 3227 src = src->mclink; 3228 } while (ismcast && src != NULL); 3229 3230 /* HMS: pkt->rootdisp is usually random here */ 3231 NTOHL_FP(&pkt->org, &org); 3232 NTOHL_FP(&pkt->rec, &rec); 3233 NTOHL_FP(&pkt->xmt, &xmt); 3234 record_raw_stats(src ? &src->sin : NULL, dest, 3235 &org, &rec, &xmt, &fp_zero, 3236 PKT_LEAP(pkt->li_vn_mode), 3237 PKT_VERSION(pkt->li_vn_mode), 3238 PKT_MODE(pkt->li_vn_mode), 3239 pkt->stratum, 3240 pkt->ppoll, pkt->precision, 3241 FPTOD(NTOHS_FP(pkt->rootdelay)), 3242 FPTOD(NTOHS_FP(pkt->rootdisp)), pkt->refid, 3243 len - MIN_V4_PKT_LEN, (u_char *)&pkt->exten); 3244 3245 return; 3246 } 3247 3248 3249 #if !defined(HAVE_IO_COMPLETION_PORT) 3250 #if !defined(HAVE_SIGNALED_IO) 3251 /* 3252 * fdbits - generate ascii representation of fd_set (FAU debug support) 3253 * HFDF format - highest fd first. 3254 */ 3255 static char * 3256 fdbits( 3257 int count, 3258 const fd_set* set 3259 ) 3260 { 3261 static char buffer[256]; 3262 char * buf = buffer; 3263 3264 count = min(count, 255); 3265 3266 while (count >= 0) { 3267 *buf++ = FD_ISSET(count, set) ? '#' : '-'; 3268 count--; 3269 } 3270 *buf = '\0'; 3271 3272 return buffer; 3273 } 3274 #endif 3275 3276 #ifdef REFCLOCK 3277 /* 3278 * Routine to read the refclock packets for a specific interface 3279 * Return the number of bytes read. That way we know if we should 3280 * read it again or go on to the next one if no bytes returned 3281 */ 3282 static inline int 3283 read_refclock_packet( 3284 SOCKET fd, 3285 struct refclockio * rp, 3286 l_fp ts 3287 ) 3288 { 3289 u_int read_count; 3290 int buflen; 3291 int saved_errno; 3292 int consumed; 3293 struct recvbuf * rb; 3294 3295 rb = get_free_recv_buffer(TRUE); 3296 3297 if (NULL == rb) { 3298 /* 3299 * No buffer space available - just drop the 'packet'. 3300 * Since this is a non-blocking character stream we read 3301 * all data that we can. 3302 * 3303 * ...hmmmm... what about "tcflush(fd,TCIFLUSH)" here?!? 3304 */ 3305 char buf[128]; 3306 do 3307 buflen = read(fd, buf, sizeof(buf)); 3308 while (buflen > 0); 3309 packets_dropped++; 3310 return (buflen); 3311 } 3312 3313 /* TALOS-CAN-0064: avoid signed/unsigned clashes that can lead 3314 * to buffer overrun and memory corruption 3315 */ 3316 if (rp->datalen <= 0 || (size_t)rp->datalen > sizeof(rb->recv_space)) 3317 read_count = sizeof(rb->recv_space); 3318 else 3319 read_count = (u_int)rp->datalen; 3320 do { 3321 buflen = read(fd, (char *)&rb->recv_space, read_count); 3322 } while (buflen < 0 && EINTR == errno); 3323 3324 if (buflen <= 0) { 3325 saved_errno = errno; 3326 freerecvbuf(rb); 3327 errno = saved_errno; 3328 return buflen; 3329 } 3330 3331 /* 3332 * Got one. Mark how and when it got here, 3333 * put it on the full list and do bookkeeping. 3334 */ 3335 rb->recv_length = buflen; 3336 rb->recv_peer = rp->srcclock; 3337 rb->dstadr = 0; 3338 rb->fd = fd; 3339 rb->recv_time = ts; 3340 rb->receiver = rp->clock_recv; 3341 3342 consumed = indicate_refclock_packet(rp, rb); 3343 if (!consumed) { 3344 rp->recvcount++; 3345 packets_received++; 3346 } 3347 3348 return buflen; 3349 } 3350 #endif /* REFCLOCK */ 3351 3352 3353 #ifdef HAVE_PACKET_TIMESTAMP 3354 /* 3355 * extract timestamps from control message buffer 3356 */ 3357 static l_fp 3358 fetch_timestamp( 3359 struct recvbuf * rb, 3360 struct msghdr * msghdr, 3361 l_fp ts 3362 ) 3363 { 3364 struct cmsghdr * cmsghdr; 3365 unsigned long ticks; 3366 double fuzz; 3367 l_fp lfpfuzz; 3368 l_fp nts; 3369 #ifdef DEBUG_TIMING 3370 l_fp dts; 3371 #endif 3372 3373 cmsghdr = CMSG_FIRSTHDR(msghdr); 3374 while (cmsghdr != NULL) { 3375 switch (cmsghdr->cmsg_type) 3376 { 3377 #ifdef HAVE_BINTIME 3378 case SCM_BINTIME: 3379 #endif /* HAVE_BINTIME */ 3380 #ifdef HAVE_TIMESTAMPNS 3381 case SCM_TIMESTAMPNS: 3382 #endif /* HAVE_TIMESTAMPNS */ 3383 #ifdef HAVE_TIMESTAMP 3384 case SCM_TIMESTAMP: 3385 #endif /* HAVE_TIMESTAMP */ 3386 #if defined(HAVE_BINTIME) || defined (HAVE_TIMESTAMPNS) || defined(HAVE_TIMESTAMP) 3387 switch (cmsghdr->cmsg_type) 3388 { 3389 #ifdef HAVE_BINTIME 3390 case SCM_BINTIME: 3391 { 3392 struct bintime pbt; 3393 memcpy(&pbt, CMSG_DATA(cmsghdr), sizeof(pbt)); 3394 /* 3395 * bintime documentation is at http://phk.freebsd.dk/pubs/timecounter.pdf 3396 */ 3397 nts.l_i = pbt.sec + JAN_1970; 3398 nts.l_uf = (u_int32)(pbt.frac >> 32); 3399 if (sys_tick > measured_tick && 3400 sys_tick > 1e-9) { 3401 ticks = (unsigned long)(nts.l_uf / (unsigned long)(sys_tick * FRAC)); 3402 nts.l_uf = (unsigned long)(ticks * (unsigned long)(sys_tick * FRAC)); 3403 } 3404 DPRINTF(4, ("fetch_timestamp: system bintime network time stamp: %ld.%09lu\n", 3405 (long)pbt.sec, (u_long)((nts.l_uf / FRAC) * 1e9))); 3406 } 3407 break; 3408 #endif /* HAVE_BINTIME */ 3409 #ifdef HAVE_TIMESTAMPNS 3410 case SCM_TIMESTAMPNS: 3411 { 3412 struct timespec pts; 3413 memcpy(&pts, CMSG_DATA(cmsghdr), sizeof(pts)); 3414 if (sys_tick > measured_tick && 3415 sys_tick > 1e-9) { 3416 ticks = (unsigned long)((pts.tv_nsec * 1e-9) / 3417 sys_tick); 3418 pts.tv_nsec = (long)(ticks * 1e9 * 3419 sys_tick); 3420 } 3421 DPRINTF(4, ("fetch_timestamp: system nsec network time stamp: %ld.%09ld\n", 3422 pts.tv_sec, pts.tv_nsec)); 3423 nts = tspec_stamp_to_lfp(pts); 3424 } 3425 break; 3426 #endif /* HAVE_TIMESTAMPNS */ 3427 #ifdef HAVE_TIMESTAMP 3428 case SCM_TIMESTAMP: 3429 { 3430 struct timeval ptv; 3431 memcpy(&ptv, CMSG_DATA(cmsghdr), sizeof(ptv)); 3432 if (sys_tick > measured_tick && 3433 sys_tick > 1e-6) { 3434 ticks = (unsigned long)((ptv.tv_usec * 1e-6) / 3435 sys_tick); 3436 ptv.tv_usec = (long)(ticks * 1e6 * 3437 sys_tick); 3438 } 3439 DPRINTF(4, ("fetch_timestamp: system usec network time stamp: %jd.%06ld\n", 3440 (intmax_t)ptv.tv_sec, (long)ptv.tv_usec)); 3441 nts = tval_stamp_to_lfp(ptv); 3442 } 3443 break; 3444 #endif /* HAVE_TIMESTAMP */ 3445 } 3446 fuzz = ntp_uurandom() * sys_fuzz; 3447 DTOLFP(fuzz, &lfpfuzz); 3448 L_ADD(&nts, &lfpfuzz); 3449 #ifdef DEBUG_TIMING 3450 dts = ts; 3451 L_SUB(&dts, &nts); 3452 collect_timing(rb, "input processing delay", 1, 3453 &dts); 3454 DPRINTF(4, ("fetch_timestamp: timestamp delta: %s (incl. fuzz)\n", 3455 lfptoa(&dts, 9))); 3456 #endif /* DEBUG_TIMING */ 3457 ts = nts; /* network time stamp */ 3458 break; 3459 #endif /* HAVE_BINTIME || HAVE_TIMESTAMPNS || HAVE_TIMESTAMP */ 3460 3461 default: 3462 DPRINTF(4, ("fetch_timestamp: skipping control message 0x%x\n", 3463 cmsghdr->cmsg_type)); 3464 } 3465 cmsghdr = CMSG_NXTHDR(msghdr, cmsghdr); 3466 } 3467 return ts; 3468 } 3469 #endif /* HAVE_PACKET_TIMESTAMP */ 3470 3471 3472 /* 3473 * Routine to read the network NTP packets for a specific interface 3474 * Return the number of bytes read. That way we know if we should 3475 * read it again or go on to the next one if no bytes returned 3476 */ 3477 static inline int 3478 read_network_packet( 3479 SOCKET fd, 3480 struct interface * itf, 3481 l_fp ts 3482 ) 3483 { 3484 GETSOCKNAME_SOCKLEN_TYPE fromlen; 3485 int buflen; 3486 register struct recvbuf *rb; 3487 #ifdef HAVE_PACKET_TIMESTAMP 3488 struct msghdr msghdr; 3489 struct iovec iovec; 3490 char control[CMSG_BUFSIZE]; 3491 #endif 3492 3493 /* 3494 * Get a buffer and read the frame. If we haven't got a buffer, 3495 * or this is received on a disallowed socket, just dump the 3496 * packet. 3497 */ 3498 3499 rb = itf->ignore_packets ? NULL : get_free_recv_buffer(FALSE); 3500 if (NULL == rb) { 3501 /* A partial read on a UDP socket truncates the data and 3502 * removes the message from the queue. So there's no 3503 * need to have a full buffer here on the stack. 3504 */ 3505 char buf[16]; 3506 sockaddr_u from; 3507 3508 if (rb != NULL) 3509 freerecvbuf(rb); 3510 3511 fromlen = sizeof(from); 3512 buflen = recvfrom(fd, buf, sizeof(buf), 0, 3513 &from.sa, &fromlen); 3514 DPRINTF(4, ("%s on (%lu) fd=%d from %s\n", 3515 (itf->ignore_packets) 3516 ? "ignore" 3517 : "drop", 3518 free_recvbuffs(), fd, stoa(&from))); 3519 if (itf->ignore_packets) 3520 packets_ignored++; 3521 else 3522 packets_dropped++; 3523 return (buflen); 3524 } 3525 3526 fromlen = sizeof(rb->recv_srcadr); 3527 3528 #ifndef HAVE_PACKET_TIMESTAMP 3529 rb->recv_length = recvfrom(fd, (char *)&rb->recv_space, 3530 sizeof(rb->recv_space), 0, 3531 &rb->recv_srcadr.sa, &fromlen); 3532 #else 3533 iovec.iov_base = &rb->recv_space; 3534 iovec.iov_len = sizeof(rb->recv_space); 3535 msghdr.msg_name = &rb->recv_srcadr; 3536 msghdr.msg_namelen = fromlen; 3537 msghdr.msg_iov = &iovec; 3538 msghdr.msg_iovlen = 1; 3539 msghdr.msg_control = (void *)&control; 3540 msghdr.msg_controllen = sizeof(control); 3541 msghdr.msg_flags = 0; 3542 rb->recv_length = recvmsg(fd, &msghdr, 0); 3543 #endif 3544 3545 buflen = rb->recv_length; 3546 3547 if (buflen == 0 || (buflen == -1 && 3548 (EWOULDBLOCK == errno 3549 #ifdef EAGAIN 3550 || EAGAIN == errno 3551 #endif 3552 ))) { 3553 freerecvbuf(rb); 3554 return (buflen); 3555 } else if (buflen < 0) { 3556 msyslog(LOG_ERR, "recvfrom(%s) fd=%d: %m", 3557 stoa(&rb->recv_srcadr), fd); 3558 DPRINTF(5, ("read_network_packet: fd=%d dropped (bad recvfrom)\n", 3559 fd)); 3560 freerecvbuf(rb); 3561 return (buflen); 3562 } 3563 3564 DPRINTF(3, ("read_network_packet: fd=%d length %d from %s\n", 3565 fd, buflen, stoa(&rb->recv_srcadr))); 3566 3567 #ifdef ENABLE_BUG3020_FIX 3568 if (ISREFCLOCKADR(&rb->recv_srcadr)) { 3569 msyslog(LOG_ERR, "recvfrom(%s) fd=%d: refclock srcadr on a network interface!", 3570 stoa(&rb->recv_srcadr), fd); 3571 DPRINTF(1, ("read_network_packet: fd=%d dropped (refclock srcadr))\n", 3572 fd)); 3573 packets_dropped++; 3574 freerecvbuf(rb); 3575 return (buflen); 3576 } 3577 #endif 3578 3579 /* 3580 ** Bug 2672: Some OSes (MacOSX and Linux) don't block spoofed ::1 3581 */ 3582 3583 if (AF_INET6 == itf->family) { 3584 DPRINTF(2, ("Got an IPv6 packet, from <%s> (%d) to <%s> (%d)\n", 3585 stoa(&rb->recv_srcadr), 3586 IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr)), 3587 stoa(&itf->sin), 3588 !IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&itf->sin)) 3589 )); 3590 3591 if ( IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr)) 3592 && !IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&itf->sin)) 3593 ) { 3594 packets_dropped++; 3595 DPRINTF(2, ("DROPPING that packet\n")); 3596 freerecvbuf(rb); 3597 return buflen; 3598 } 3599 DPRINTF(2, ("processing that packet\n")); 3600 } 3601 3602 /* 3603 * Got one. Mark how and when it got here, 3604 * put it on the full list and do bookkeeping. 3605 */ 3606 rb->dstadr = itf; 3607 rb->fd = fd; 3608 #ifdef HAVE_PACKET_TIMESTAMP 3609 /* pick up a network time stamp if possible */ 3610 ts = fetch_timestamp(rb, &msghdr, ts); 3611 #endif 3612 rb->recv_time = ts; 3613 rb->receiver = receive; 3614 3615 add_full_recv_buffer(rb); 3616 3617 itf->received++; 3618 packets_received++; 3619 return (buflen); 3620 } 3621 3622 /* 3623 * attempt to handle io (select()/signaled IO) 3624 */ 3625 void 3626 io_handler(void) 3627 { 3628 # ifndef HAVE_SIGNALED_IO 3629 fd_set rdfdes; 3630 int nfound; 3631 3632 /* 3633 * Use select() on all on all input fd's for unlimited 3634 * time. select() will terminate on SIGALARM or on the 3635 * reception of input. Using select() means we can't do 3636 * robust signal handling and we get a potential race 3637 * between checking for alarms and doing the select(). 3638 * Mostly harmless, I think. 3639 */ 3640 /* 3641 * On VMS, I suspect that select() can't be interrupted 3642 * by a "signal" either, so I take the easy way out and 3643 * have select() time out after one second. 3644 * System clock updates really aren't time-critical, 3645 * and - lacking a hardware reference clock - I have 3646 * yet to learn about anything else that is. 3647 */ 3648 ++handler_calls; 3649 rdfdes = activefds; 3650 # if !defined(VMS) && !defined(SYS_VXWORKS) 3651 nfound = select(maxactivefd + 1, &rdfdes, NULL, 3652 NULL, NULL); 3653 # else /* VMS, VxWorks */ 3654 /* make select() wake up after one second */ 3655 { 3656 struct timeval t1; 3657 t1.tv_sec = 1; 3658 t1.tv_usec = 0; 3659 nfound = select(maxactivefd + 1, 3660 &rdfdes, NULL, NULL, 3661 &t1); 3662 } 3663 # endif /* VMS, VxWorks */ 3664 if (nfound < 0 && sanitize_fdset(errno)) { 3665 struct timeval t1; 3666 t1.tv_sec = 0; 3667 t1.tv_usec = 0; 3668 rdfdes = activefds; 3669 nfound = select(maxactivefd + 1, 3670 &rdfdes, NULL, NULL, 3671 &t1); 3672 } 3673 3674 if (nfound > 0) { 3675 l_fp ts; 3676 3677 get_systime(&ts); 3678 3679 input_handler_scan(&ts, &rdfdes); 3680 } else if (nfound == -1 && errno != EINTR) { 3681 msyslog(LOG_ERR, "select() error: %m"); 3682 } 3683 # ifdef DEBUG 3684 else if (debug > 4) { 3685 msyslog(LOG_DEBUG, "select(): nfound=%d, error: %m", nfound); 3686 } else { 3687 DPRINTF(3, ("select() returned %d: %m\n", nfound)); 3688 } 3689 # endif /* DEBUG */ 3690 # else /* HAVE_SIGNALED_IO */ 3691 wait_for_signal(); 3692 # endif /* HAVE_SIGNALED_IO */ 3693 } 3694 3695 #ifdef HAVE_SIGNALED_IO 3696 /* 3697 * input_handler - receive packets asynchronously 3698 * 3699 * ALWAYS IN SIGNAL HANDLER CONTEXT -- only async-safe functions allowed! 3700 */ 3701 static RETSIGTYPE 3702 input_handler( 3703 l_fp * cts 3704 ) 3705 { 3706 int n; 3707 struct timeval tvzero; 3708 fd_set fds; 3709 3710 ++handler_calls; 3711 3712 /* 3713 * Do a poll to see who has data 3714 */ 3715 3716 fds = activefds; 3717 tvzero.tv_sec = tvzero.tv_usec = 0; 3718 3719 n = select(maxactivefd + 1, &fds, NULL, NULL, &tvzero); 3720 if (n < 0 && sanitize_fdset(errno)) { 3721 fds = activefds; 3722 tvzero.tv_sec = tvzero.tv_usec = 0; 3723 n = select(maxactivefd + 1, &fds, NULL, NULL, &tvzero); 3724 } 3725 if (n > 0) 3726 input_handler_scan(cts, &fds); 3727 } 3728 #endif /* HAVE_SIGNALED_IO */ 3729 3730 3731 /* 3732 * Try to sanitize the global FD set 3733 * 3734 * SIGNAL HANDLER CONTEXT if HAVE_SIGNALED_IO, ordinary userspace otherwise 3735 */ 3736 static int/*BOOL*/ 3737 sanitize_fdset( 3738 int errc 3739 ) 3740 { 3741 int j, b, maxscan; 3742 3743 # ifndef HAVE_SIGNALED_IO 3744 /* 3745 * extended FAU debugging output 3746 */ 3747 if (errc != EINTR) { 3748 msyslog(LOG_ERR, 3749 "select(%d, %s, 0L, 0L, &0.0) error: %m", 3750 maxactivefd + 1, 3751 fdbits(maxactivefd, &activefds)); 3752 } 3753 # endif 3754 3755 if (errc != EBADF) 3756 return FALSE; 3757 3758 /* if we have oviously bad FDs, try to sanitize the FD set. */ 3759 for (j = 0, maxscan = 0; j <= maxactivefd; j++) { 3760 if (FD_ISSET(j, &activefds)) { 3761 if (-1 != read(j, &b, 0)) { 3762 maxscan = j; 3763 continue; 3764 } 3765 # ifndef HAVE_SIGNALED_IO 3766 msyslog(LOG_ERR, 3767 "Removing bad file descriptor %d from select set", 3768 j); 3769 # endif 3770 FD_CLR(j, &activefds); 3771 } 3772 } 3773 if (maxactivefd != maxscan) 3774 maxactivefd = maxscan; 3775 return TRUE; 3776 } 3777 3778 /* 3779 * scan the known FDs (clocks, servers, ...) for presence in a 'fd_set'. 3780 * 3781 * SIGNAL HANDLER CONTEXT if HAVE_SIGNALED_IO, ordinary userspace otherwise 3782 */ 3783 static void 3784 input_handler_scan( 3785 const l_fp * cts, 3786 const fd_set * pfds 3787 ) 3788 { 3789 int buflen; 3790 u_int idx; 3791 int doing; 3792 SOCKET fd; 3793 blocking_child *c; 3794 l_fp ts; /* Timestamp at BOselect() gob */ 3795 3796 #if defined(DEBUG_TIMING) 3797 l_fp ts_e; /* Timestamp at EOselect() gob */ 3798 #endif 3799 endpt * ep; 3800 #ifdef REFCLOCK 3801 struct refclockio *rp; 3802 int saved_errno; 3803 const char * clk; 3804 #endif 3805 #ifdef HAS_ROUTING_SOCKET 3806 struct asyncio_reader * asyncio_reader; 3807 struct asyncio_reader * next_asyncio_reader; 3808 #endif 3809 3810 ++handler_pkts; 3811 ts = *cts; 3812 3813 #ifdef REFCLOCK 3814 /* 3815 * Check out the reference clocks first, if any 3816 */ 3817 3818 for (rp = refio; rp != NULL; rp = rp->next) { 3819 fd = rp->fd; 3820 3821 if (!FD_ISSET(fd, pfds)) 3822 continue; 3823 buflen = read_refclock_packet(fd, rp, ts); 3824 /* 3825 * The first read must succeed after select() indicates 3826 * readability, or we've reached a permanent EOF. 3827 * http://bugs.ntp.org/1732 reported ntpd munching CPU 3828 * after a USB GPS was unplugged because select was 3829 * indicating EOF but ntpd didn't remove the descriptor 3830 * from the activefds set. 3831 */ 3832 if (buflen < 0 && EAGAIN != errno) { 3833 saved_errno = errno; 3834 clk = refnumtoa(&rp->srcclock->srcadr); 3835 errno = saved_errno; 3836 msyslog(LOG_ERR, "%s read: %m", clk); 3837 maintain_activefds(fd, TRUE); 3838 } else if (0 == buflen) { 3839 clk = refnumtoa(&rp->srcclock->srcadr); 3840 msyslog(LOG_ERR, "%s read EOF", clk); 3841 maintain_activefds(fd, TRUE); 3842 } else { 3843 /* drain any remaining refclock input */ 3844 do { 3845 buflen = read_refclock_packet(fd, rp, ts); 3846 } while (buflen > 0); 3847 } 3848 } 3849 #endif /* REFCLOCK */ 3850 3851 /* 3852 * Loop through the interfaces looking for data to read. 3853 */ 3854 for (ep = ep_list; ep != NULL; ep = ep->elink) { 3855 for (doing = 0; doing < 2; doing++) { 3856 if (!doing) { 3857 fd = ep->fd; 3858 } else { 3859 if (!(ep->flags & INT_BCASTOPEN)) 3860 break; 3861 fd = ep->bfd; 3862 } 3863 if (fd < 0) 3864 continue; 3865 if (FD_ISSET(fd, pfds)) 3866 do { 3867 buflen = read_network_packet( 3868 fd, ep, ts); 3869 } while (buflen > 0); 3870 /* Check more interfaces */ 3871 } 3872 } 3873 3874 #ifdef HAS_ROUTING_SOCKET 3875 /* 3876 * scan list of asyncio readers - currently only used for routing sockets 3877 */ 3878 asyncio_reader = asyncio_reader_list; 3879 3880 while (asyncio_reader != NULL) { 3881 /* callback may unlink and free asyncio_reader */ 3882 next_asyncio_reader = asyncio_reader->link; 3883 if (FD_ISSET(asyncio_reader->fd, pfds)) 3884 (*asyncio_reader->receiver)(asyncio_reader); 3885 asyncio_reader = next_asyncio_reader; 3886 } 3887 #endif /* HAS_ROUTING_SOCKET */ 3888 3889 /* 3890 * Check for a response from a blocking child 3891 */ 3892 for (idx = 0; idx < blocking_children_alloc; idx++) { 3893 c = blocking_children[idx]; 3894 if (NULL == c || -1 == c->resp_read_pipe) 3895 continue; 3896 if (FD_ISSET(c->resp_read_pipe, pfds)) { 3897 ++c->resp_ready_seen; 3898 ++blocking_child_ready_seen; 3899 } 3900 } 3901 3902 /* We've done our work */ 3903 #if defined(DEBUG_TIMING) 3904 get_systime(&ts_e); 3905 /* 3906 * (ts_e - ts) is the amount of time we spent 3907 * processing this gob of file descriptors. Log 3908 * it. 3909 */ 3910 L_SUB(&ts_e, &ts); 3911 collect_timing(NULL, "input handler", 1, &ts_e); 3912 if (debug > 3) 3913 msyslog(LOG_DEBUG, 3914 "input_handler: Processed a gob of fd's in %s msec", 3915 lfptoms(&ts_e, 6)); 3916 #endif /* DEBUG_TIMING */ 3917 } 3918 #endif /* !HAVE_IO_COMPLETION_PORT */ 3919 3920 /* 3921 * find an interface suitable for the src address 3922 */ 3923 endpt * 3924 select_peerinterface( 3925 struct peer * peer, 3926 sockaddr_u * srcadr, 3927 endpt * dstadr 3928 ) 3929 { 3930 endpt *ep; 3931 #ifndef SIM 3932 endpt *wild; 3933 3934 wild = ANY_INTERFACE_CHOOSE(srcadr); 3935 3936 /* 3937 * Initialize the peer structure and dance the interface jig. 3938 * Reference clocks step the loopback waltz, the others 3939 * squaredance around the interface list looking for a buddy. If 3940 * the dance peters out, there is always the wildcard interface. 3941 * This might happen in some systems and would preclude proper 3942 * operation with public key cryptography. 3943 */ 3944 if (ISREFCLOCKADR(srcadr)) { 3945 ep = loopback_interface; 3946 } else if (peer->cast_flags & 3947 (MDF_BCLNT | MDF_ACAST | MDF_MCAST | MDF_BCAST)) { 3948 ep = findbcastinter(srcadr); 3949 if (ep != NULL) 3950 DPRINTF(4, ("Found *-cast interface %s for address %s\n", 3951 stoa(&ep->sin), stoa(srcadr))); 3952 else 3953 DPRINTF(4, ("No *-cast local address found for address %s\n", 3954 stoa(srcadr))); 3955 } else { 3956 ep = dstadr; 3957 if (NULL == ep) 3958 ep = wild; 3959 } 3960 /* 3961 * If it is a multicast address, findbcastinter() may not find 3962 * it. For unicast, we get to find the interface when dstadr is 3963 * given to us as the wildcard (ANY_INTERFACE_CHOOSE). Either 3964 * way, try a little harder. 3965 */ 3966 if (wild == ep) 3967 ep = findinterface(srcadr); 3968 /* 3969 * we do not bind to the wildcard interfaces for output 3970 * as our (network) source address would be undefined and 3971 * crypto will not work without knowing the own transmit address 3972 */ 3973 if (ep != NULL && INT_WILDCARD & ep->flags) 3974 if (!accept_wildcard_if_for_winnt) 3975 ep = NULL; 3976 #else /* SIM follows */ 3977 ep = loopback_interface; 3978 #endif 3979 3980 return ep; 3981 } 3982 3983 3984 /* 3985 * findinterface - find local interface corresponding to address 3986 */ 3987 endpt * 3988 findinterface( 3989 sockaddr_u *addr 3990 ) 3991 { 3992 endpt *iface; 3993 3994 iface = findlocalinterface(addr, INT_WILDCARD, 0); 3995 3996 if (NULL == iface) { 3997 DPRINTF(4, ("Found no interface for address %s - returning wildcard\n", 3998 stoa(addr))); 3999 4000 iface = ANY_INTERFACE_CHOOSE(addr); 4001 } else 4002 DPRINTF(4, ("Found interface #%d %s for address %s\n", 4003 iface->ifnum, iface->name, stoa(addr))); 4004 4005 return iface; 4006 } 4007 4008 /* 4009 * findlocalinterface - find local interface corresponding to addr, 4010 * which does not have any of flags set. If bast is nonzero, addr is 4011 * a broadcast address. 4012 * 4013 * This code attempts to find the local sending address for an outgoing 4014 * address by connecting a new socket to destinationaddress:NTP_PORT 4015 * and reading the sockname of the resulting connect. 4016 * the complicated sequence simulates the routing table lookup 4017 * for to first hop without duplicating any of the routing logic into 4018 * ntpd. preferably we would have used an API call - but its not there - 4019 * so this is the best we can do here short of duplicating to entire routing 4020 * logic in ntpd which would be a silly and really unportable thing to do. 4021 * 4022 */ 4023 static endpt * 4024 findlocalinterface( 4025 sockaddr_u * addr, 4026 int flags, 4027 int bcast 4028 ) 4029 { 4030 GETSOCKNAME_SOCKLEN_TYPE sockaddrlen; 4031 endpt * iface; 4032 sockaddr_u saddr; 4033 SOCKET s; 4034 int rtn; 4035 int on; 4036 4037 DPRINTF(4, ("Finding interface for addr %s in list of addresses\n", 4038 stoa(addr))); 4039 4040 /* [Bug 3437] The dummy POOL peer comes in with an AF of 4041 * zero. This is bound to fail, but on the way to nowhere it 4042 * triggers a security incident on SELinux. 4043 * 4044 * Checking the condition and failing early is probably a good 4045 * advice, and even saves us some syscalls in that case. 4046 * Thanks to Miroslav Lichvar for finding this. 4047 */ 4048 if (AF_UNSPEC == AF(addr)) 4049 return NULL; 4050 4051 s = socket(AF(addr), SOCK_DGRAM, 0); 4052 if (INVALID_SOCKET == s) 4053 return NULL; 4054 4055 /* 4056 * If we are looking for broadcast interface we need to set this 4057 * socket to allow broadcast 4058 */ 4059 if (bcast) { 4060 on = 1; 4061 if (SOCKET_ERROR == setsockopt(s, SOL_SOCKET, 4062 SO_BROADCAST, 4063 (void *)&on, 4064 sizeof(on))) { 4065 closesocket(s); 4066 return NULL; 4067 } 4068 } 4069 4070 rtn = connect(s, &addr->sa, SOCKLEN(addr)); 4071 if (SOCKET_ERROR == rtn) { 4072 closesocket(s); 4073 return NULL; 4074 } 4075 4076 sockaddrlen = sizeof(saddr); 4077 rtn = getsockname(s, &saddr.sa, &sockaddrlen); 4078 closesocket(s); 4079 if (SOCKET_ERROR == rtn) 4080 return NULL; 4081 4082 DPRINTF(4, ("findlocalinterface: kernel maps %s to %s\n", 4083 stoa(addr), stoa(&saddr))); 4084 4085 iface = getinterface(&saddr, flags); 4086 4087 /* 4088 * if we didn't find an exact match on saddr, find the closest 4089 * available local address. This handles the case of the 4090 * address suggested by the kernel being excluded by nic rules 4091 * or the user's -I and -L options to ntpd. 4092 * See http://bugs.ntp.org/1184 and http://bugs.ntp.org/1683 4093 * for more background. 4094 */ 4095 if (NULL == iface || iface->ignore_packets) 4096 iface = findclosestinterface(&saddr, 4097 flags | INT_LOOPBACK); 4098 4099 /* Don't use an interface which will ignore replies */ 4100 if (iface != NULL && iface->ignore_packets) 4101 iface = NULL; 4102 4103 return iface; 4104 } 4105 4106 4107 /* 4108 * findclosestinterface 4109 * 4110 * If there are -I/--interface or -L/novirtualips command-line options, 4111 * or "nic" or "interface" rules in ntp.conf, findlocalinterface() may 4112 * find the kernel's preferred local address for a given peer address is 4113 * administratively unavailable to ntpd, and punt to this routine's more 4114 * expensive search. 4115 * 4116 * Find the numerically closest local address to the one connect() 4117 * suggested. This matches an address on the same subnet first, as 4118 * needed by Bug 1184, and provides a consistent choice if there are 4119 * multiple feasible local addresses, regardless of the order ntpd 4120 * enumerated them. 4121 */ 4122 endpt * 4123 findclosestinterface( 4124 sockaddr_u * addr, 4125 int flags 4126 ) 4127 { 4128 endpt * ep; 4129 endpt * winner; 4130 sockaddr_u addr_dist; 4131 sockaddr_u min_dist; 4132 4133 ZERO_SOCK(&min_dist); 4134 winner = NULL; 4135 4136 for (ep = ep_list; ep != NULL; ep = ep->elink) { 4137 if (ep->ignore_packets || 4138 AF(addr) != ep->family || 4139 flags & ep->flags) 4140 continue; 4141 4142 calc_addr_distance(&addr_dist, addr, &ep->sin); 4143 if (NULL == winner || 4144 -1 == cmp_addr_distance(&addr_dist, &min_dist)) { 4145 min_dist = addr_dist; 4146 winner = ep; 4147 } 4148 } 4149 if (NULL == winner) 4150 DPRINTF(4, ("findclosestinterface(%s) failed\n", 4151 stoa(addr))); 4152 else 4153 DPRINTF(4, ("findclosestinterface(%s) -> %s\n", 4154 stoa(addr), stoa(&winner->sin))); 4155 4156 return winner; 4157 } 4158 4159 4160 /* 4161 * calc_addr_distance - calculate the distance between two addresses, 4162 * the absolute value of the difference between 4163 * the addresses numerically, stored as an address. 4164 */ 4165 static void 4166 calc_addr_distance( 4167 sockaddr_u * dist, 4168 const sockaddr_u * a1, 4169 const sockaddr_u * a2 4170 ) 4171 { 4172 u_int32 a1val; 4173 u_int32 a2val; 4174 u_int32 v4dist; 4175 int found_greater; 4176 int a1_greater; 4177 int i; 4178 4179 REQUIRE(AF(a1) == AF(a2)); 4180 4181 ZERO_SOCK(dist); 4182 AF(dist) = AF(a1); 4183 4184 /* v4 can be done a bit simpler */ 4185 if (IS_IPV4(a1)) { 4186 a1val = SRCADR(a1); 4187 a2val = SRCADR(a2); 4188 v4dist = (a1val > a2val) 4189 ? a1val - a2val 4190 : a2val - a1val; 4191 SET_ADDR4(dist, v4dist); 4192 4193 return; 4194 } 4195 4196 found_greater = FALSE; 4197 a1_greater = FALSE; /* suppress pot. uninit. warning */ 4198 for (i = 0; i < (int)sizeof(NSRCADR6(a1)); i++) { 4199 if (!found_greater && 4200 NSRCADR6(a1)[i] != NSRCADR6(a2)[i]) { 4201 found_greater = TRUE; 4202 a1_greater = (NSRCADR6(a1)[i] > NSRCADR6(a2)[i]); 4203 } 4204 if (!found_greater) { 4205 NSRCADR6(dist)[i] = 0; 4206 } else { 4207 if (a1_greater) 4208 NSRCADR6(dist)[i] = NSRCADR6(a1)[i] - 4209 NSRCADR6(a2)[i]; 4210 else 4211 NSRCADR6(dist)[i] = NSRCADR6(a2)[i] - 4212 NSRCADR6(a1)[i]; 4213 } 4214 } 4215 } 4216 4217 4218 /* 4219 * cmp_addr_distance - compare two address distances, returning -1, 0, 4220 * 1 to indicate their relationship. 4221 */ 4222 static int 4223 cmp_addr_distance( 4224 const sockaddr_u * d1, 4225 const sockaddr_u * d2 4226 ) 4227 { 4228 int i; 4229 4230 REQUIRE(AF(d1) == AF(d2)); 4231 4232 if (IS_IPV4(d1)) { 4233 if (SRCADR(d1) < SRCADR(d2)) 4234 return -1; 4235 else if (SRCADR(d1) == SRCADR(d2)) 4236 return 0; 4237 else 4238 return 1; 4239 } 4240 4241 for (i = 0; i < (int)sizeof(NSRCADR6(d1)); i++) { 4242 if (NSRCADR6(d1)[i] < NSRCADR6(d2)[i]) 4243 return -1; 4244 else if (NSRCADR6(d1)[i] > NSRCADR6(d2)[i]) 4245 return 1; 4246 } 4247 4248 return 0; 4249 } 4250 4251 4252 4253 /* 4254 * fetch an interface structure the matches the 4255 * address and has the given flags NOT set 4256 */ 4257 endpt * 4258 getinterface( 4259 sockaddr_u * addr, 4260 u_int32 flags 4261 ) 4262 { 4263 endpt *iface; 4264 4265 iface = find_addr_in_list(addr); 4266 4267 if (iface != NULL && (iface->flags & flags)) 4268 iface = NULL; 4269 4270 return iface; 4271 } 4272 4273 4274 /* 4275 * findbcastinter - find broadcast interface corresponding to address 4276 */ 4277 endpt * 4278 findbcastinter( 4279 sockaddr_u *addr 4280 ) 4281 { 4282 endpt * iface; 4283 4284 iface = NULL; 4285 #if !defined(MPE) && (defined(SIOCGIFCONF) || defined(SYS_WINNT)) 4286 DPRINTF(4, ("Finding broadcast/multicast interface for addr %s in list of addresses\n", 4287 stoa(addr))); 4288 4289 iface = findlocalinterface(addr, INT_LOOPBACK | INT_WILDCARD, 4290 1); 4291 if (iface != NULL) { 4292 DPRINTF(4, ("Easily found bcast-/mcast- interface index #%d %s\n", 4293 iface->ifnum, iface->name)); 4294 return iface; 4295 } 4296 4297 /* 4298 * plan B - try to find something reasonable in our lists in 4299 * case kernel lookup doesn't help 4300 */ 4301 for (iface = ep_list; iface != NULL; iface = iface->elink) { 4302 if (iface->flags & INT_WILDCARD) 4303 continue; 4304 4305 /* Don't bother with ignored interfaces */ 4306 if (iface->ignore_packets) 4307 continue; 4308 4309 /* 4310 * First look if this is the correct family 4311 */ 4312 if(AF(&iface->sin) != AF(addr)) 4313 continue; 4314 4315 /* Skip the loopback addresses */ 4316 if (iface->flags & INT_LOOPBACK) 4317 continue; 4318 4319 /* 4320 * If we are looking to match a multicast address and 4321 * this interface is one... 4322 */ 4323 if (addr_ismulticast(addr) 4324 && (iface->flags & INT_MULTICAST)) { 4325 #ifdef INCLUDE_IPV6_SUPPORT 4326 /* 4327 * ...it is the winner unless we're looking for 4328 * an interface to use for link-local multicast 4329 * and its address is not link-local. 4330 */ 4331 if (IS_IPV6(addr) 4332 && IN6_IS_ADDR_MC_LINKLOCAL(PSOCK_ADDR6(addr)) 4333 && !IN6_IS_ADDR_LINKLOCAL(PSOCK_ADDR6(&iface->sin))) 4334 continue; 4335 #endif 4336 break; 4337 } 4338 4339 /* 4340 * We match only those interfaces marked as 4341 * broadcastable and either the explicit broadcast 4342 * address or the network portion of the IP address. 4343 * Sloppy. 4344 */ 4345 if (IS_IPV4(addr)) { 4346 if (SOCK_EQ(&iface->bcast, addr)) 4347 break; 4348 4349 if ((NSRCADR(&iface->sin) & NSRCADR(&iface->mask)) 4350 == (NSRCADR(addr) & NSRCADR(&iface->mask))) 4351 break; 4352 } 4353 #ifdef INCLUDE_IPV6_SUPPORT 4354 else if (IS_IPV6(addr)) { 4355 if (SOCK_EQ(&iface->bcast, addr)) 4356 break; 4357 4358 if (SOCK_EQ(netof(&iface->sin), netof(addr))) 4359 break; 4360 } 4361 #endif 4362 } 4363 #endif /* SIOCGIFCONF */ 4364 if (NULL == iface) { 4365 DPRINTF(4, ("No bcast interface found for %s\n", 4366 stoa(addr))); 4367 iface = ANY_INTERFACE_CHOOSE(addr); 4368 } else { 4369 DPRINTF(4, ("Found bcast-/mcast- interface index #%d %s\n", 4370 iface->ifnum, iface->name)); 4371 } 4372 4373 return iface; 4374 } 4375 4376 4377 /* 4378 * io_clr_stats - clear I/O module statistics 4379 */ 4380 void 4381 io_clr_stats(void) 4382 { 4383 packets_dropped = 0; 4384 packets_ignored = 0; 4385 packets_received = 0; 4386 packets_sent = 0; 4387 packets_notsent = 0; 4388 4389 handler_calls = 0; 4390 handler_pkts = 0; 4391 io_timereset = current_time; 4392 } 4393 4394 4395 #ifdef REFCLOCK 4396 /* 4397 * io_addclock - add a reference clock to the list and arrange that we 4398 * get SIGIO interrupts from it. 4399 */ 4400 int 4401 io_addclock( 4402 struct refclockio *rio 4403 ) 4404 { 4405 BLOCKIO(); 4406 4407 /* 4408 * Stuff the I/O structure in the list and mark the descriptor 4409 * in use. There is a harmless (I hope) race condition here. 4410 */ 4411 rio->active = TRUE; 4412 4413 # ifdef HAVE_SIGNALED_IO 4414 if (init_clock_sig(rio)) { 4415 UNBLOCKIO(); 4416 return 0; 4417 } 4418 # elif defined(HAVE_IO_COMPLETION_PORT) 4419 if (!io_completion_port_add_clock_io(rio)) { 4420 UNBLOCKIO(); 4421 return 0; 4422 } 4423 # endif 4424 4425 /* 4426 * enqueue 4427 */ 4428 LINK_SLIST(refio, rio, next); 4429 4430 /* 4431 * register fd 4432 */ 4433 add_fd_to_list(rio->fd, FD_TYPE_FILE); 4434 4435 UNBLOCKIO(); 4436 return 1; 4437 } 4438 4439 4440 /* 4441 * io_closeclock - close the clock in the I/O structure given 4442 */ 4443 void 4444 io_closeclock( 4445 struct refclockio *rio 4446 ) 4447 { 4448 struct refclockio *unlinked; 4449 4450 BLOCKIO(); 4451 4452 /* 4453 * Remove structure from the list 4454 */ 4455 rio->active = FALSE; 4456 UNLINK_SLIST(unlinked, refio, rio, next, struct refclockio); 4457 if (NULL != unlinked) { 4458 /* Close the descriptor. The order of operations is 4459 * important here in case of async / overlapped IO: 4460 * only after we have removed the clock from the 4461 * IO completion port we can be sure no further 4462 * input is queued. So... 4463 * - we first disable feeding to the queu by removing 4464 * the clock from the IO engine 4465 * - close the file (which brings down any IO on it) 4466 * - clear the buffer from results for this fd 4467 */ 4468 # ifdef HAVE_IO_COMPLETION_PORT 4469 io_completion_port_remove_clock_io(rio); 4470 # endif 4471 close_and_delete_fd_from_list(rio->fd); 4472 purge_recv_buffers_for_fd(rio->fd); 4473 rio->fd = -1; 4474 } 4475 4476 UNBLOCKIO(); 4477 } 4478 #endif /* REFCLOCK */ 4479 4480 4481 /* 4482 * On NT a SOCKET is an unsigned int so we cannot possibly keep it in 4483 * an array. So we use one of the ISC_LIST functions to hold the 4484 * socket value and use that when we want to enumerate it. 4485 * 4486 * This routine is called by the forked intres child process to close 4487 * all open sockets. On Windows there's no need as intres runs in 4488 * the same process as a thread. 4489 */ 4490 #ifndef SYS_WINNT 4491 void 4492 kill_asyncio( 4493 int startfd 4494 ) 4495 { 4496 BLOCKIO(); 4497 4498 /* 4499 * In the child process we do not maintain activefds and 4500 * maxactivefd. Zeroing maxactivefd disables code which 4501 * maintains it in close_and_delete_fd_from_list(). 4502 */ 4503 maxactivefd = 0; 4504 4505 while (fd_list != NULL) 4506 close_and_delete_fd_from_list(fd_list->fd); 4507 4508 UNBLOCKIO(); 4509 } 4510 #endif /* !SYS_WINNT */ 4511 4512 4513 /* 4514 * Add and delete functions for the list of input file descriptors 4515 */ 4516 static void 4517 add_fd_to_list( 4518 SOCKET fd, 4519 enum desc_type type 4520 ) 4521 { 4522 vsock_t *lsock = emalloc(sizeof(*lsock)); 4523 4524 lsock->fd = fd; 4525 lsock->type = type; 4526 4527 LINK_SLIST(fd_list, lsock, link); 4528 maintain_activefds(fd, 0); 4529 } 4530 4531 4532 static void 4533 close_and_delete_fd_from_list( 4534 SOCKET fd 4535 ) 4536 { 4537 vsock_t *lsock; 4538 4539 UNLINK_EXPR_SLIST(lsock, fd_list, fd == 4540 UNLINK_EXPR_SLIST_CURRENT()->fd, link, vsock_t); 4541 4542 if (NULL == lsock) 4543 return; 4544 4545 switch (lsock->type) { 4546 4547 case FD_TYPE_SOCKET: 4548 closesocket(lsock->fd); 4549 break; 4550 4551 case FD_TYPE_FILE: 4552 closeserial((int)lsock->fd); 4553 break; 4554 4555 default: 4556 msyslog(LOG_ERR, 4557 "internal error - illegal descriptor type %d - EXITING", 4558 (int)lsock->type); 4559 exit(1); 4560 } 4561 4562 free(lsock); 4563 /* 4564 * remove from activefds 4565 */ 4566 maintain_activefds(fd, 1); 4567 } 4568 4569 4570 static void 4571 add_addr_to_list( 4572 sockaddr_u * addr, 4573 endpt * ep 4574 ) 4575 { 4576 remaddr_t *laddr; 4577 4578 #ifdef DEBUG 4579 if (find_addr_in_list(addr) == NULL) { 4580 #endif 4581 /* not there yet - add to list */ 4582 laddr = emalloc(sizeof(*laddr)); 4583 laddr->addr = *addr; 4584 laddr->ep = ep; 4585 4586 LINK_SLIST(remoteaddr_list, laddr, link); 4587 4588 DPRINTF(4, ("Added addr %s to list of addresses\n", 4589 stoa(addr))); 4590 #ifdef DEBUG 4591 } else 4592 DPRINTF(4, ("WARNING: Attempt to add duplicate addr %s to address list\n", 4593 stoa(addr))); 4594 #endif 4595 } 4596 4597 4598 static void 4599 delete_addr_from_list( 4600 sockaddr_u *addr 4601 ) 4602 { 4603 remaddr_t *unlinked; 4604 4605 UNLINK_EXPR_SLIST(unlinked, remoteaddr_list, SOCK_EQ(addr, 4606 &(UNLINK_EXPR_SLIST_CURRENT()->addr)), link, remaddr_t); 4607 4608 if (unlinked != NULL) { 4609 DPRINTF(4, ("Deleted addr %s from list of addresses\n", 4610 stoa(addr))); 4611 free(unlinked); 4612 } 4613 } 4614 4615 4616 static void 4617 delete_interface_from_list( 4618 endpt *iface 4619 ) 4620 { 4621 remaddr_t *unlinked; 4622 4623 for (;;) { 4624 UNLINK_EXPR_SLIST(unlinked, remoteaddr_list, iface == 4625 UNLINK_EXPR_SLIST_CURRENT()->ep, link, 4626 remaddr_t); 4627 4628 if (unlinked == NULL) 4629 break; 4630 DPRINTF(4, ("Deleted addr %s for interface #%d %s from list of addresses\n", 4631 stoa(&unlinked->addr), iface->ifnum, 4632 iface->name)); 4633 free(unlinked); 4634 } 4635 } 4636 4637 4638 static struct interface * 4639 find_addr_in_list( 4640 sockaddr_u *addr 4641 ) 4642 { 4643 remaddr_t *entry; 4644 4645 DPRINTF(4, ("Searching for addr %s in list of addresses - ", 4646 stoa(addr))); 4647 4648 for (entry = remoteaddr_list; 4649 entry != NULL; 4650 entry = entry->link) 4651 if (SOCK_EQ(&entry->addr, addr)) { 4652 DPRINTF(4, ("FOUND\n")); 4653 return entry->ep; 4654 } 4655 4656 DPRINTF(4, ("NOT FOUND\n")); 4657 return NULL; 4658 } 4659 4660 4661 /* 4662 * Find the given address with the all given flags set in the list 4663 */ 4664 static endpt * 4665 find_flagged_addr_in_list( 4666 sockaddr_u * addr, 4667 u_int32 flags 4668 ) 4669 { 4670 remaddr_t *entry; 4671 4672 DPRINTF(4, ("Finding addr %s with flags %d in list: ", 4673 stoa(addr), flags)); 4674 4675 for (entry = remoteaddr_list; 4676 entry != NULL; 4677 entry = entry->link) 4678 4679 if (SOCK_EQ(&entry->addr, addr) 4680 && (entry->ep->flags & flags) == flags) { 4681 4682 DPRINTF(4, ("FOUND\n")); 4683 return entry->ep; 4684 } 4685 4686 DPRINTF(4, ("NOT FOUND\n")); 4687 return NULL; 4688 } 4689 4690 4691 const char * 4692 localaddrtoa( 4693 endpt *la 4694 ) 4695 { 4696 return (NULL == la) 4697 ? "<null>" 4698 : stoa(&la->sin); 4699 } 4700 4701 4702 #ifdef HAS_ROUTING_SOCKET 4703 # ifndef UPDATE_GRACE 4704 # define UPDATE_GRACE 3 /* min. UPDATE_GRACE - 1 seconds before scanning */ 4705 # endif 4706 4707 static void 4708 process_routing_msgs(struct asyncio_reader *reader) 4709 { 4710 static char * buffer; 4711 static size_t buffsz = 8192; 4712 int cnt, new, msg_type; 4713 socklen_t len; 4714 #ifdef HAVE_RTNETLINK 4715 struct nlmsghdr *nh; 4716 #else 4717 struct rt_msghdr rtm; 4718 char *p; 4719 #endif 4720 4721 if (disable_dynamic_updates) { 4722 /* 4723 * discard ourselves if we are not needed any more 4724 * usually happens when running unprivileged 4725 */ 4726 remove_asyncio_reader(reader); 4727 delete_asyncio_reader(reader); 4728 return; 4729 } 4730 4731 if (NULL == buffer) { 4732 buffer = emalloc(buffsz); 4733 } 4734 4735 cnt = read(reader->fd, buffer, buffsz); 4736 4737 if (cnt < 0) { 4738 if (errno == ENOBUFS) { 4739 /* increase socket buffer by 25% */ 4740 len = sizeof cnt; 4741 if (0 > getsockopt(reader->fd, SOL_SOCKET, SO_RCVBUF, &cnt, &len) || 4742 sizeof cnt != len) { 4743 msyslog(LOG_ERR, 4744 "routing getsockopt SO_RCVBUF %u %u: %m - disabling", 4745 (u_int)cnt, (u_int)sizeof cnt); 4746 goto disable; 4747 } 4748 new = cnt + (cnt / 4); 4749 if (0 > setsockopt(reader->fd, SOL_SOCKET, SO_RCVBUF, &new, sizeof new)) { 4750 msyslog(LOG_ERR, 4751 "routing setsockopt SO_RCVBUF %d -> %d: %m - disabling", 4752 cnt, new); 4753 goto disable; 4754 } 4755 } else { 4756 msyslog(LOG_ERR, 4757 "routing socket reports: %m - disabling"); 4758 disable: 4759 remove_asyncio_reader(reader); 4760 delete_asyncio_reader(reader); 4761 } 4762 return; 4763 } 4764 4765 /* 4766 * process routing message 4767 */ 4768 #ifdef HAVE_RTNETLINK 4769 for (nh = UA_PTR(struct nlmsghdr, buffer); 4770 NLMSG_OK(nh, cnt); 4771 nh = NLMSG_NEXT(nh, cnt)) 4772 { 4773 msg_type = nh->nlmsg_type; 4774 #else 4775 for (p = buffer; 4776 (p + sizeof(struct rt_msghdr)) <= (buffer + cnt); 4777 p += rtm.rtm_msglen) 4778 { 4779 memcpy(&rtm, p, sizeof(rtm)); 4780 if (rtm.rtm_version != RTM_VERSION) { 4781 msyslog(LOG_ERR, 4782 "version mismatch (got %d - expected %d) on routing socket - disabling", 4783 rtm.rtm_version, RTM_VERSION); 4784 4785 remove_asyncio_reader(reader); 4786 delete_asyncio_reader(reader); 4787 return; 4788 } 4789 msg_type = rtm.rtm_type; 4790 #endif 4791 switch (msg_type) { 4792 #ifdef RTM_NEWADDR 4793 case RTM_NEWADDR: 4794 #endif 4795 #ifdef RTM_DELADDR 4796 case RTM_DELADDR: 4797 #endif 4798 #ifdef RTM_ADD 4799 case RTM_ADD: 4800 #endif 4801 #ifdef RTM_DELETE 4802 case RTM_DELETE: 4803 #endif 4804 #ifdef RTM_REDIRECT 4805 case RTM_REDIRECT: 4806 #endif 4807 #ifdef RTM_CHANGE 4808 case RTM_CHANGE: 4809 #endif 4810 #ifdef RTM_LOSING 4811 case RTM_LOSING: 4812 #endif 4813 #ifdef RTM_IFINFO 4814 case RTM_IFINFO: 4815 #endif 4816 #ifdef RTM_IFANNOUNCE 4817 case RTM_IFANNOUNCE: 4818 #endif 4819 #ifdef RTM_NEWLINK 4820 case RTM_NEWLINK: 4821 #endif 4822 #ifdef RTM_DELLINK 4823 case RTM_DELLINK: 4824 #endif 4825 #ifdef RTM_NEWROUTE 4826 case RTM_NEWROUTE: 4827 #endif 4828 #ifdef RTM_DELROUTE 4829 case RTM_DELROUTE: 4830 #endif 4831 /* 4832 * we are keen on new and deleted addresses and 4833 * if an interface goes up and down or routing 4834 * changes 4835 */ 4836 DPRINTF(3, ("routing message op = %d: scheduling interface update\n", 4837 msg_type)); 4838 timer_interfacetimeout(current_time + UPDATE_GRACE); 4839 break; 4840 #ifdef HAVE_RTNETLINK 4841 case NLMSG_DONE: 4842 /* end of multipart message */ 4843 return; 4844 #endif 4845 default: 4846 /* 4847 * the rest doesn't bother us. 4848 */ 4849 DPRINTF(4, ("routing message op = %d: ignored\n", 4850 msg_type)); 4851 break; 4852 } 4853 } 4854 } 4855 4856 /* 4857 * set up routing notifications 4858 */ 4859 static void 4860 init_async_notifications() 4861 { 4862 struct asyncio_reader *reader; 4863 #ifdef HAVE_RTNETLINK 4864 int fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE); 4865 struct sockaddr_nl sa; 4866 #else 4867 int fd = socket(PF_ROUTE, SOCK_RAW, 0); 4868 #endif 4869 if (fd < 0) { 4870 msyslog(LOG_ERR, 4871 "unable to open routing socket (%m) - using polled interface update"); 4872 return; 4873 } 4874 4875 fd = move_fd(fd); 4876 #ifdef HAVE_RTNETLINK 4877 ZERO(sa); 4878 sa.nl_family = PF_NETLINK; 4879 sa.nl_groups = RTMGRP_LINK | RTMGRP_IPV4_IFADDR 4880 | RTMGRP_IPV6_IFADDR | RTMGRP_IPV4_ROUTE 4881 | RTMGRP_IPV4_MROUTE | RTMGRP_IPV6_ROUTE 4882 | RTMGRP_IPV6_MROUTE; 4883 if (bind(fd, (struct sockaddr *)&sa, sizeof(sa)) < 0) { 4884 msyslog(LOG_ERR, 4885 "bind failed on routing socket (%m) - using polled interface update"); 4886 return; 4887 } 4888 #endif 4889 make_socket_nonblocking(fd); 4890 #if defined(HAVE_SIGNALED_IO) 4891 init_socket_sig(fd); 4892 #endif /* HAVE_SIGNALED_IO */ 4893 4894 reader = new_asyncio_reader(); 4895 4896 reader->fd = fd; 4897 reader->receiver = process_routing_msgs; 4898 4899 add_asyncio_reader(reader, FD_TYPE_SOCKET); 4900 msyslog(LOG_INFO, 4901 "Listening on routing socket on fd #%d for interface updates", 4902 fd); 4903 } 4904 #else 4905 /* HAS_ROUTING_SOCKET not defined */ 4906 static void 4907 init_async_notifications(void) 4908 { 4909 } 4910 #endif 4911 4912