1 /* 2 * ntp_io.c - input/output routines for ntpd. The socket-opening code 3 * was shamelessly stolen from ntpd. 4 */ 5 6 #ifdef HAVE_CONFIG_H 7 # include <config.h> 8 #endif 9 10 #include <stdio.h> 11 #include <signal.h> 12 #ifdef HAVE_FNMATCH_H 13 # include <fnmatch.h> 14 # if !defined(FNM_CASEFOLD) && defined(FNM_IGNORECASE) 15 # define FNM_CASEFOLD FNM_IGNORECASE 16 # endif 17 #endif 18 #ifdef HAVE_SYS_PARAM_H 19 # include <sys/param.h> 20 #endif 21 #ifdef HAVE_SYS_IOCTL_H 22 # include <sys/ioctl.h> 23 #endif 24 #ifdef HAVE_SYS_SOCKIO_H /* UXPV: SIOC* #defines (Frank Vance <fvance@waii.com>) */ 25 # include <sys/sockio.h> 26 #endif 27 #ifdef HAVE_SYS_UIO_H 28 # include <sys/uio.h> 29 #endif 30 31 #include "ntp_machine.h" 32 #include "ntpd.h" 33 #include "ntp_io.h" 34 #include "iosignal.h" 35 #include "ntp_lists.h" 36 #include "ntp_refclock.h" 37 #include "ntp_stdlib.h" 38 #include "ntp_worker.h" 39 #include "ntp_request.h" 40 #include "ntp_assert.h" 41 #include "timevalops.h" 42 #include "timespecops.h" 43 #include "ntpd-opts.h" 44 45 /* Don't include ISC's version of IPv6 variables and structures */ 46 #define ISC_IPV6_H 1 47 #include <isc/mem.h> 48 #include <isc/interfaceiter.h> 49 #include <isc/netaddr.h> 50 #include <isc/result.h> 51 #include <isc/sockaddr.h> 52 53 #ifdef SIM 54 #include "ntpsim.h" 55 #endif 56 57 #ifdef HAS_ROUTING_SOCKET 58 # include <net/route.h> 59 # ifdef HAVE_RTNETLINK 60 # include <linux/rtnetlink.h> 61 # endif 62 #endif 63 64 65 /* 66 * setsockopt does not always have the same arg declaration 67 * across all platforms. If it's not defined we make it empty 68 */ 69 70 #ifndef SETSOCKOPT_ARG_CAST 71 #define SETSOCKOPT_ARG_CAST 72 #endif 73 74 extern int listen_to_virtual_ips; 75 76 #ifndef IPTOS_DSCP_EF 77 #define IPTOS_DSCP_EF 0xb8 78 #endif 79 int qos = IPTOS_DSCP_EF; /* QoS RFC3246 */ 80 81 #ifdef LEAP_SMEAR 82 /* TODO burnicki: This should be moved to ntp_timer.c, but if we do so 83 * we get a linker error. Since we're running out of time before the leap 84 * second occurs, we let it here where it just works. 85 */ 86 int leap_smear_intv; 87 #endif 88 89 /* 90 * NIC rule entry 91 */ 92 typedef struct nic_rule_tag nic_rule; 93 94 struct nic_rule_tag { 95 nic_rule * next; 96 nic_rule_action action; 97 nic_rule_match match_type; 98 char * if_name; 99 sockaddr_u addr; 100 int prefixlen; 101 }; 102 103 /* 104 * NIC rule listhead. Entries are added at the head so that the first 105 * match in the list is the last matching rule specified. 106 */ 107 nic_rule *nic_rule_list; 108 109 110 #if defined(SO_BINTIME) && defined(SCM_BINTIME) && defined(CMSG_FIRSTHDR) 111 # define HAVE_PACKET_TIMESTAMP 112 # define HAVE_BINTIME 113 # ifdef BINTIME_CTLMSGBUF_SIZE 114 # define CMSG_BUFSIZE BINTIME_CTLMSGBUF_SIZE 115 # else 116 # define CMSG_BUFSIZE 1536 /* moderate default */ 117 # endif 118 #elif defined(SO_TIMESTAMPNS) && defined(SCM_TIMESTAMPNS) && defined(CMSG_FIRSTHDR) 119 # define HAVE_PACKET_TIMESTAMP 120 # define HAVE_TIMESTAMPNS 121 # ifdef TIMESTAMPNS_CTLMSGBUF_SIZE 122 # define CMSG_BUFSIZE TIMESTAMPNS_CTLMSGBUF_SIZE 123 # else 124 # define CMSG_BUFSIZE 1536 /* moderate default */ 125 # endif 126 #elif defined(SO_TIMESTAMP) && defined(SCM_TIMESTAMP) && defined(CMSG_FIRSTHDR) 127 # define HAVE_PACKET_TIMESTAMP 128 # define HAVE_TIMESTAMP 129 # ifdef TIMESTAMP_CTLMSGBUF_SIZE 130 # define CMSG_BUFSIZE TIMESTAMP_CTLMSGBUF_SIZE 131 # else 132 # define CMSG_BUFSIZE 1536 /* moderate default */ 133 # endif 134 #else 135 /* fill in for old/other timestamp interfaces */ 136 #endif 137 138 #if defined(SYS_WINNT) 139 #include "win32_io.h" 140 #include <isc/win32os.h> 141 #endif 142 143 /* 144 * We do asynchronous input using the SIGIO facility. A number of 145 * recvbuf buffers are preallocated for input. In the signal 146 * handler we poll to see which sockets are ready and read the 147 * packets from them into the recvbuf's along with a time stamp and 148 * an indication of the source host and the interface it was received 149 * through. This allows us to get as accurate receive time stamps 150 * as possible independent of other processing going on. 151 * 152 * We watch the number of recvbufs available to the signal handler 153 * and allocate more when this number drops below the low water 154 * mark. If the signal handler should run out of buffers in the 155 * interim it will drop incoming frames, the idea being that it is 156 * better to drop a packet than to be inaccurate. 157 */ 158 159 160 /* 161 * Other statistics of possible interest 162 */ 163 volatile u_long packets_dropped; /* total number of packets dropped on reception */ 164 volatile u_long packets_ignored; /* packets received on wild card interface */ 165 volatile u_long packets_received; /* total number of packets received */ 166 u_long packets_sent; /* total number of packets sent */ 167 u_long packets_notsent; /* total number of packets which couldn't be sent */ 168 169 volatile u_long handler_calls; /* number of calls to interrupt handler */ 170 volatile u_long handler_pkts; /* number of pkts received by handler */ 171 u_long io_timereset; /* time counters were reset */ 172 173 /* 174 * Interface stuff 175 */ 176 endpt * any_interface; /* wildcard ipv4 interface */ 177 endpt * any6_interface; /* wildcard ipv6 interface */ 178 endpt * loopback_interface; /* loopback ipv4 interface */ 179 180 isc_boolean_t broadcast_client_enabled; /* is broadcast client enabled */ 181 u_int sys_ifnum; /* next .ifnum to assign */ 182 int ninterfaces; /* Total number of interfaces */ 183 184 int disable_dynamic_updates; /* scan interfaces once only */ 185 186 #ifdef REFCLOCK 187 /* 188 * Refclock stuff. We keep a chain of structures with data concerning 189 * the guys we are doing I/O for. 190 */ 191 static struct refclockio *refio; 192 #endif /* REFCLOCK */ 193 194 /* 195 * File descriptor masks etc. for call to select 196 * Not needed for I/O Completion Ports or anything outside this file 197 */ 198 static fd_set activefds; 199 static int maxactivefd; 200 201 /* 202 * bit alternating value to detect verified interfaces during an update cycle 203 */ 204 static u_short sys_interphase = 0; 205 206 static endpt * new_interface(endpt *); 207 static void add_interface(endpt *); 208 static int update_interfaces(u_short, interface_receiver_t, 209 void *); 210 static void remove_interface(endpt *); 211 static endpt * create_interface(u_short, endpt *); 212 213 static int is_wildcard_addr (const sockaddr_u *); 214 215 /* 216 * Multicast functions 217 */ 218 static isc_boolean_t addr_ismulticast (sockaddr_u *); 219 static isc_boolean_t is_anycast (sockaddr_u *, 220 const char *); 221 222 /* 223 * Not all platforms support multicast 224 */ 225 #ifdef MCAST 226 static isc_boolean_t socket_multicast_enable (endpt *, sockaddr_u *); 227 static isc_boolean_t socket_multicast_disable(endpt *, sockaddr_u *); 228 #endif 229 230 #ifdef DEBUG 231 static void interface_dump (const endpt *); 232 static void sockaddr_dump (const sockaddr_u *); 233 static void print_interface (const endpt *, const char *, const char *); 234 #define DPRINT_INTERFACE(level, args) do { if (debug >= (level)) { print_interface args; } } while (0) 235 #else 236 #define DPRINT_INTERFACE(level, args) do {} while (0) 237 #endif 238 239 typedef struct vsock vsock_t; 240 enum desc_type { FD_TYPE_SOCKET, FD_TYPE_FILE }; 241 242 struct vsock { 243 vsock_t * link; 244 SOCKET fd; 245 enum desc_type type; 246 }; 247 248 vsock_t *fd_list; 249 250 #if !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) 251 /* 252 * async notification processing (e. g. routing sockets) 253 */ 254 /* 255 * support for receiving data on fd that is not a refclock or a socket 256 * like e. g. routing sockets 257 */ 258 struct asyncio_reader { 259 struct asyncio_reader *link; /* the list this is being kept in */ 260 SOCKET fd; /* fd to be read */ 261 void *data; /* possibly local data */ 262 void (*receiver)(struct asyncio_reader *); /* input handler */ 263 }; 264 265 struct asyncio_reader *asyncio_reader_list; 266 267 static void delete_asyncio_reader (struct asyncio_reader *); 268 static struct asyncio_reader *new_asyncio_reader (void); 269 static void add_asyncio_reader (struct asyncio_reader *, enum desc_type); 270 static void remove_asyncio_reader (struct asyncio_reader *); 271 272 #endif /* !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) */ 273 274 static void init_async_notifications (void); 275 276 static int addr_eqprefix (const sockaddr_u *, const sockaddr_u *, 277 int); 278 static int addr_samesubnet (const sockaddr_u *, const sockaddr_u *, 279 const sockaddr_u *, const sockaddr_u *); 280 static int create_sockets (u_short); 281 static SOCKET open_socket (sockaddr_u *, int, int, endpt *); 282 static char * fdbits (int, fd_set *); 283 static void set_reuseaddr (int); 284 static isc_boolean_t socket_broadcast_enable (struct interface *, SOCKET, sockaddr_u *); 285 #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES 286 static isc_boolean_t socket_broadcast_disable (struct interface *, sockaddr_u *); 287 #endif 288 289 typedef struct remaddr remaddr_t; 290 291 struct remaddr { 292 remaddr_t * link; 293 sockaddr_u addr; 294 endpt * ep; 295 }; 296 297 remaddr_t * remoteaddr_list; 298 endpt * ep_list; /* complete endpt list */ 299 endpt * mc4_list; /* IPv4 mcast-capable unicast endpts */ 300 endpt * mc6_list; /* IPv6 mcast-capable unicast endpts */ 301 302 static endpt * wildipv4; 303 static endpt * wildipv6; 304 305 #ifdef SYS_WINNT 306 int accept_wildcard_if_for_winnt; 307 #else 308 const int accept_wildcard_if_for_winnt = FALSE; 309 #endif 310 311 static void add_fd_to_list (SOCKET, enum desc_type); 312 static endpt * find_addr_in_list (sockaddr_u *); 313 static endpt * find_flagged_addr_in_list(sockaddr_u *, u_int32); 314 static void delete_addr_from_list (sockaddr_u *); 315 static void delete_interface_from_list(endpt *); 316 static void close_and_delete_fd_from_list(SOCKET); 317 static void add_addr_to_list (sockaddr_u *, endpt *); 318 static void create_wildcards (u_short); 319 static endpt * findlocalinterface (sockaddr_u *, int, int); 320 static endpt * findclosestinterface (sockaddr_u *, int); 321 #ifdef DEBUG 322 static const char * action_text (nic_rule_action); 323 #endif 324 static nic_rule_action interface_action(char *, sockaddr_u *, u_int32); 325 static void convert_isc_if (isc_interface_t *, 326 endpt *, u_short); 327 static void calc_addr_distance(sockaddr_u *, 328 const sockaddr_u *, 329 const sockaddr_u *); 330 static int cmp_addr_distance(const sockaddr_u *, 331 const sockaddr_u *); 332 333 /* 334 * Routines to read the ntp packets 335 */ 336 #if !defined(HAVE_IO_COMPLETION_PORT) 337 static inline int read_network_packet (SOCKET, struct interface *, l_fp); 338 static void ntpd_addremove_io_fd (int, int, int); 339 static input_handler_t input_handler; 340 #ifdef REFCLOCK 341 static inline int read_refclock_packet (SOCKET, struct refclockio *, l_fp); 342 #endif 343 #endif 344 345 346 347 #ifndef HAVE_IO_COMPLETION_PORT 348 void 349 maintain_activefds( 350 int fd, 351 int closing 352 ) 353 { 354 int i; 355 356 if (fd < 0 || fd >= FD_SETSIZE) { 357 msyslog(LOG_ERR, 358 "Too many sockets in use, FD_SETSIZE %d exceeded by fd %d", 359 FD_SETSIZE, fd); 360 exit(1); 361 } 362 363 if (!closing) { 364 FD_SET(fd, &activefds); 365 maxactivefd = max(fd, maxactivefd); 366 } else { 367 FD_CLR(fd, &activefds); 368 if (maxactivefd && fd == maxactivefd) { 369 for (i = maxactivefd - 1; i >= 0; i--) 370 if (FD_ISSET(i, &activefds)) { 371 maxactivefd = i; 372 break; 373 } 374 INSIST(fd != maxactivefd); 375 } 376 } 377 } 378 #endif /* !HAVE_IO_COMPLETION_PORT */ 379 380 381 #ifdef DEBUG_TIMING 382 /* 383 * collect timing information for various processing 384 * paths. currently we only pass them on to the file 385 * for later processing. this could also do histogram 386 * based analysis in other to reduce the load (and skew) 387 * dur to the file output 388 */ 389 void 390 collect_timing(struct recvbuf *rb, const char *tag, int count, l_fp *dts) 391 { 392 char buf[256]; 393 394 snprintf(buf, sizeof(buf), "%s %d %s %s", 395 (rb != NULL) 396 ? ((rb->dstadr != NULL) 397 ? stoa(&rb->recv_srcadr) 398 : "-REFCLOCK-") 399 : "-", 400 count, lfptoa(dts, 9), tag); 401 record_timing_stats(buf); 402 } 403 #endif 404 405 /* 406 * About dynamic interfaces, sockets, reception and more... 407 * 408 * the code solves following tasks: 409 * 410 * - keep a current list of active interfaces in order 411 * to bind to to the interface address on NTP_PORT so that 412 * all wild and specific bindings for NTP_PORT are taken by ntpd 413 * to avoid other daemons messing with the time or sockets. 414 * - all interfaces keep a list of peers that are referencing 415 * the interface in order to quickly re-assign the peers to 416 * new interface in case an interface is deleted (=> gone from system or 417 * down) 418 * - have a preconfigured socket ready with the right local address 419 * for transmission and reception 420 * - have an address list for all destination addresses used within ntpd 421 * to find the "right" preconfigured socket. 422 * - facilitate updating the internal interface list with respect to 423 * the current kernel state 424 * 425 * special issues: 426 * 427 * - mapping of multicast addresses to the interface affected is not always 428 * one to one - especially on hosts with multiple interfaces 429 * the code here currently allocates a separate interface entry for those 430 * multicast addresses 431 * iff it is able to bind to a *new* socket with the multicast address (flags |= MCASTIF) 432 * in case of failure the multicast address is bound to an existing interface. 433 * - on some systems it is perfectly legal to assign the same address to 434 * multiple interfaces. Therefore this code does not keep a list of interfaces 435 * but a list of interfaces that represent a unique address as determined by the kernel 436 * by the procedure in findlocalinterface. Thus it is perfectly legal to see only 437 * one representative of a group of real interfaces if they share the same address. 438 * 439 * Frank Kardel 20050910 440 */ 441 442 /* 443 * init_io - initialize I/O module. 444 */ 445 void 446 init_io(void) 447 { 448 /* Init buffer free list and stat counters */ 449 init_recvbuff(RECV_INIT); 450 /* update interface every 5 minutes as default */ 451 interface_interval = 300; 452 453 #ifdef WORK_PIPE 454 addremove_io_fd = &ntpd_addremove_io_fd; 455 #endif 456 457 #ifdef SYS_WINNT 458 init_io_completion_port(); 459 #endif 460 461 #if defined(HAVE_SIGNALED_IO) 462 (void) set_signal(input_handler); 463 #endif 464 } 465 466 467 static void 468 ntpd_addremove_io_fd( 469 int fd, 470 int is_pipe, 471 int remove_it 472 ) 473 { 474 UNUSED_ARG(is_pipe); 475 476 #ifdef HAVE_SIGNALED_IO 477 init_socket_sig(fd); 478 #endif /* not HAVE_SIGNALED_IO */ 479 480 maintain_activefds(fd, remove_it); 481 } 482 483 484 /* 485 * io_open_sockets - call socket creation routine 486 */ 487 void 488 io_open_sockets(void) 489 { 490 static int already_opened; 491 492 if (already_opened || HAVE_OPT( SAVECONFIGQUIT )) 493 return; 494 495 already_opened = 1; 496 497 /* 498 * Create the sockets 499 */ 500 BLOCKIO(); 501 create_sockets(NTP_PORT); 502 UNBLOCKIO(); 503 504 init_async_notifications(); 505 506 DPRINTF(3, ("io_open_sockets: maxactivefd %d\n", maxactivefd)); 507 } 508 509 510 #ifdef DEBUG 511 /* 512 * function to dump the contents of the interface structure 513 * for debugging use only. 514 */ 515 void 516 interface_dump(const endpt *itf) 517 { 518 printf("Dumping interface: %p\n", itf); 519 printf("fd = %d\n", itf->fd); 520 printf("bfd = %d\n", itf->bfd); 521 printf("sin = %s,\n", stoa(&itf->sin)); 522 sockaddr_dump(&itf->sin); 523 printf("bcast = %s,\n", stoa(&itf->bcast)); 524 sockaddr_dump(&itf->bcast); 525 printf("mask = %s,\n", stoa(&itf->mask)); 526 sockaddr_dump(&itf->mask); 527 printf("name = %s\n", itf->name); 528 printf("flags = 0x%08x\n", itf->flags); 529 printf("last_ttl = %d\n", itf->last_ttl); 530 printf("addr_refid = %08x\n", itf->addr_refid); 531 printf("num_mcast = %d\n", itf->num_mcast); 532 printf("received = %ld\n", itf->received); 533 printf("sent = %ld\n", itf->sent); 534 printf("notsent = %ld\n", itf->notsent); 535 printf("ifindex = %u\n", itf->ifindex); 536 printf("peercnt = %u\n", itf->peercnt); 537 printf("phase = %u\n", itf->phase); 538 } 539 540 /* 541 * sockaddr_dump - hex dump the start of a sockaddr_u 542 */ 543 static void 544 sockaddr_dump(const sockaddr_u *psau) 545 { 546 /* Limit the size of the sockaddr_in6 hex dump */ 547 const int maxsize = min(32, sizeof(psau->sa6)); 548 const u_char * cp; 549 int i; 550 551 /* XXX: Should we limit maxsize based on psau->saX.sin_family? */ 552 cp = (const void *)&psau->sa6; 553 554 for(i = 0; i < maxsize; i++) { 555 printf("%02x", *cp++); 556 if (!((i + 1) % 4)) 557 printf(" "); 558 } 559 printf("\n"); 560 } 561 562 /* 563 * print_interface - helper to output debug information 564 */ 565 static void 566 print_interface(const endpt *iface, const char *pfx, const char *sfx) 567 { 568 printf("%sinterface #%d: fd=%d, bfd=%d, name=%s, flags=0x%x, ifindex=%u, sin=%s", 569 pfx, 570 iface->ifnum, 571 iface->fd, 572 iface->bfd, 573 iface->name, 574 iface->flags, 575 iface->ifindex, 576 stoa(&iface->sin)); 577 if (AF_INET == iface->family) { 578 if (iface->flags & INT_BROADCAST) 579 printf(", bcast=%s", stoa(&iface->bcast)); 580 printf(", mask=%s", stoa(&iface->mask)); 581 } 582 printf(", %s:%s", 583 (iface->ignore_packets) 584 ? "Disabled" 585 : "Enabled", 586 sfx); 587 if (debug > 4) /* in-depth debugging only */ 588 interface_dump(iface); 589 } 590 #endif 591 592 #if !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) 593 /* 594 * create an asyncio_reader structure 595 */ 596 static struct asyncio_reader * 597 new_asyncio_reader(void) 598 { 599 struct asyncio_reader *reader; 600 601 reader = emalloc_zero(sizeof(*reader)); 602 reader->fd = INVALID_SOCKET; 603 604 return reader; 605 } 606 607 /* 608 * delete a reader 609 */ 610 static void 611 delete_asyncio_reader( 612 struct asyncio_reader *reader 613 ) 614 { 615 free(reader); 616 } 617 618 /* 619 * add asynchio_reader 620 */ 621 static void 622 add_asyncio_reader( 623 struct asyncio_reader * reader, 624 enum desc_type type) 625 { 626 LINK_SLIST(asyncio_reader_list, reader, link); 627 add_fd_to_list(reader->fd, type); 628 } 629 630 /* 631 * remove asynchio_reader 632 */ 633 static void 634 remove_asyncio_reader( 635 struct asyncio_reader *reader 636 ) 637 { 638 struct asyncio_reader *unlinked; 639 640 UNLINK_SLIST(unlinked, asyncio_reader_list, reader, link, 641 struct asyncio_reader); 642 643 if (reader->fd != INVALID_SOCKET) 644 close_and_delete_fd_from_list(reader->fd); 645 646 reader->fd = INVALID_SOCKET; 647 } 648 #endif /* !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) */ 649 650 651 /* compare two sockaddr prefixes */ 652 static int 653 addr_eqprefix( 654 const sockaddr_u * a, 655 const sockaddr_u * b, 656 int prefixlen 657 ) 658 { 659 isc_netaddr_t isc_a; 660 isc_netaddr_t isc_b; 661 isc_sockaddr_t isc_sa; 662 663 ZERO(isc_sa); 664 memcpy(&isc_sa.type, a, min(sizeof(isc_sa.type), sizeof(*a))); 665 isc_netaddr_fromsockaddr(&isc_a, &isc_sa); 666 667 ZERO(isc_sa); 668 memcpy(&isc_sa.type, b, min(sizeof(isc_sa.type), sizeof(*b))); 669 isc_netaddr_fromsockaddr(&isc_b, &isc_sa); 670 671 return (int)isc_netaddr_eqprefix(&isc_a, &isc_b, 672 (u_int)prefixlen); 673 } 674 675 676 static int 677 addr_samesubnet( 678 const sockaddr_u * a, 679 const sockaddr_u * a_mask, 680 const sockaddr_u * b, 681 const sockaddr_u * b_mask 682 ) 683 { 684 const u_int32 * pa; 685 const u_int32 * pa_limit; 686 const u_int32 * pb; 687 const u_int32 * pm; 688 size_t loops; 689 690 REQUIRE(AF(a) == AF(a_mask)); 691 REQUIRE(AF(b) == AF(b_mask)); 692 /* 693 * With address and mask families verified to match, comparing 694 * the masks also validates the address's families match. 695 */ 696 if (!SOCK_EQ(a_mask, b_mask)) 697 return FALSE; 698 699 if (IS_IPV6(a)) { 700 loops = sizeof(NSRCADR6(a)) / sizeof(*pa); 701 pa = (const void *)&NSRCADR6(a); 702 pb = (const void *)&NSRCADR6(b); 703 pm = (const void *)&NSRCADR6(a_mask); 704 } else { 705 loops = sizeof(NSRCADR(a)) / sizeof(*pa); 706 pa = (const void *)&NSRCADR(a); 707 pb = (const void *)&NSRCADR(b); 708 pm = (const void *)&NSRCADR(a_mask); 709 } 710 for (pa_limit = pa + loops; pa < pa_limit; pa++, pb++, pm++) 711 if ((*pa & *pm) != (*pb & *pm)) 712 return FALSE; 713 714 return TRUE; 715 } 716 717 718 /* 719 * Code to tell if we have an IP address 720 * If we have then return the sockaddr structure 721 * and set the return value 722 * see the bind9/getaddresses.c for details 723 */ 724 int 725 is_ip_address( 726 const char * host, 727 u_short af, 728 sockaddr_u * addr 729 ) 730 { 731 struct in_addr in4; 732 struct addrinfo hints; 733 struct addrinfo *result; 734 struct sockaddr_in6 *resaddr6; 735 char tmpbuf[128]; 736 char *pch; 737 738 REQUIRE(host != NULL); 739 REQUIRE(addr != NULL); 740 741 ZERO_SOCK(addr); 742 743 /* 744 * Try IPv4, then IPv6. In order to handle the extended format 745 * for IPv6 scoped addresses (address%scope_ID), we'll use a local 746 * working buffer of 128 bytes. The length is an ad-hoc value, but 747 * should be enough for this purpose; the buffer can contain a string 748 * of at least 80 bytes for scope_ID in addition to any IPv6 numeric 749 * addresses (up to 46 bytes), the delimiter character and the 750 * terminating NULL character. 751 */ 752 if (AF_UNSPEC == af || AF_INET == af) 753 if (inet_pton(AF_INET, host, &in4) == 1) { 754 AF(addr) = AF_INET; 755 SET_ADDR4N(addr, in4.s_addr); 756 757 return TRUE; 758 } 759 760 if (AF_UNSPEC == af || AF_INET6 == af) 761 if (sizeof(tmpbuf) > strlen(host)) { 762 if ('[' == host[0]) { 763 strlcpy(tmpbuf, &host[1], sizeof(tmpbuf)); 764 pch = strchr(tmpbuf, ']'); 765 if (pch != NULL) 766 *pch = '\0'; 767 } else { 768 strlcpy(tmpbuf, host, sizeof(tmpbuf)); 769 } 770 ZERO(hints); 771 hints.ai_family = AF_INET6; 772 hints.ai_flags |= AI_NUMERICHOST; 773 if (getaddrinfo(tmpbuf, NULL, &hints, &result) == 0) { 774 AF(addr) = AF_INET6; 775 resaddr6 = (struct sockaddr_in6 *)result->ai_addr; 776 SET_ADDR6N(addr, resaddr6->sin6_addr); 777 SET_SCOPE(addr, resaddr6->sin6_scope_id); 778 779 freeaddrinfo(result); 780 return TRUE; 781 } 782 } 783 /* 784 * If we got here it was not an IP address 785 */ 786 return FALSE; 787 } 788 789 790 /* 791 * interface list enumerator - visitor pattern 792 */ 793 void 794 interface_enumerate( 795 interface_receiver_t receiver, 796 void * data 797 ) 798 { 799 interface_info_t ifi; 800 801 ifi.action = IFS_EXISTS; 802 for (ifi.ep = ep_list; ifi.ep != NULL; ifi.ep = ifi.ep->elink) 803 (*receiver)(data, &ifi); 804 } 805 806 /* 807 * do standard initialization of interface structure 808 */ 809 static void 810 init_interface( 811 endpt *ep 812 ) 813 { 814 ZERO(*ep); 815 ep->fd = INVALID_SOCKET; 816 ep->bfd = INVALID_SOCKET; 817 ep->phase = sys_interphase; 818 } 819 820 821 /* 822 * create new interface structure initialize from 823 * template structure or via standard initialization 824 * function 825 */ 826 static struct interface * 827 new_interface( 828 struct interface *interface 829 ) 830 { 831 struct interface * iface; 832 833 iface = emalloc(sizeof(*iface)); 834 835 if (NULL == interface) 836 init_interface(iface); 837 else /* use the template */ 838 memcpy(iface, interface, sizeof(*iface)); 839 840 /* count every new instance of an interface in the system */ 841 iface->ifnum = sys_ifnum++; 842 iface->starttime = current_time; 843 844 return iface; 845 } 846 847 848 /* 849 * return interface storage into free memory pool 850 */ 851 static inline void 852 delete_interface( 853 endpt *ep 854 ) 855 { 856 free(ep); 857 } 858 859 860 /* 861 * link interface into list of known interfaces 862 */ 863 static void 864 add_interface( 865 endpt * ep 866 ) 867 { 868 endpt ** pmclisthead; 869 endpt * scan; 870 endpt * scan_next; 871 endpt * unlinked; 872 sockaddr_u * addr; 873 int ep_local; 874 int scan_local; 875 int same_subnet; 876 int ep_univ_iid; /* iface ID from MAC address */ 877 int scan_univ_iid; /* see RFC 4291 */ 878 int ep_privacy; /* random local iface ID */ 879 int scan_privacy; /* see RFC 4941 */ 880 int rc; 881 882 /* Calculate the refid */ 883 ep->addr_refid = addr2refid(&ep->sin); 884 /* link at tail so ntpdc -c ifstats index increases each row */ 885 LINK_TAIL_SLIST(ep_list, ep, elink, endpt); 886 ninterfaces++; 887 #ifdef MCAST 888 /* the rest is for enabled multicast-capable addresses only */ 889 if (ep->ignore_packets || !(INT_MULTICAST & ep->flags) || 890 INT_LOOPBACK & ep->flags) 891 return; 892 # ifndef INCLUDE_IPV6_MULTICAST_SUPPORT 893 if (AF_INET6 == ep->family) 894 return; 895 # endif 896 pmclisthead = (AF_INET == ep->family) 897 ? &mc4_list 898 : &mc6_list; 899 900 if (AF_INET6 == ep->family) { 901 ep_local = 902 IN6_IS_ADDR_LINKLOCAL(PSOCK_ADDR6(&ep->sin)) || 903 IN6_IS_ADDR_SITELOCAL(PSOCK_ADDR6(&ep->sin)); 904 ep_univ_iid = IS_IID_UNIV(&ep->sin); 905 ep_privacy = !!(INT_PRIVACY & ep->flags); 906 } else { 907 ep_local = FALSE; 908 ep_univ_iid = FALSE; 909 ep_privacy = FALSE; 910 } 911 DPRINTF(4, ("add_interface mcast-capable %s%s%s%s\n", 912 stoa(&ep->sin), 913 (ep_local) ? " link/scope-local" : "", 914 (ep_univ_iid) ? " univ-IID" : "", 915 (ep_privacy) ? " privacy" : "")); 916 /* 917 * If we have multiple local addresses on the same network 918 * interface, and some are link- or site-local, do not multicast 919 * out from the link-/site-local addresses by default, to avoid 920 * duplicate manycastclient associations between v6 peers using 921 * link-local and global addresses. link-local can still be 922 * chosen using "nic ignore myv6globalprefix::/64". 923 * Similarly, if we have multiple global addresses from the same 924 * prefix on the same network interface, multicast from one, 925 * preferring EUI-64, then static, then least RFC 4941 privacy 926 * addresses. 927 */ 928 for (scan = *pmclisthead; scan != NULL; scan = scan_next) { 929 scan_next = scan->mclink; 930 if (ep->family != scan->family) 931 continue; 932 if (strcmp(ep->name, scan->name)) 933 continue; 934 same_subnet = addr_samesubnet(&ep->sin, &ep->mask, 935 &scan->sin, &scan->mask); 936 if (AF_INET6 == ep->family) { 937 addr = &scan->sin; 938 scan_local = 939 IN6_IS_ADDR_LINKLOCAL(PSOCK_ADDR6(addr)) || 940 IN6_IS_ADDR_SITELOCAL(PSOCK_ADDR6(addr)); 941 scan_univ_iid = IS_IID_UNIV(addr); 942 scan_privacy = !!(INT_PRIVACY & scan->flags); 943 } else { 944 scan_local = FALSE; 945 scan_univ_iid = FALSE; 946 scan_privacy = FALSE; 947 } 948 DPRINTF(4, ("add_interface mcast-capable scan %s%s%s%s\n", 949 stoa(&scan->sin), 950 (scan_local) ? " link/scope-local" : "", 951 (scan_univ_iid) ? " univ-IID" : "", 952 (scan_privacy) ? " privacy" : "")); 953 if ((ep_local && !scan_local) || (same_subnet && 954 ((ep_privacy && !scan_privacy) || 955 (!ep_univ_iid && scan_univ_iid)))) { 956 DPRINTF(4, ("did not add %s to %s of IPv6 multicast-capable list which already has %s\n", 957 stoa(&ep->sin), 958 (ep_local) 959 ? "tail" 960 : "head", 961 stoa(&scan->sin))); 962 return; 963 } 964 if ((scan_local && !ep_local) || (same_subnet && 965 ((scan_privacy && !ep_privacy) || 966 (!scan_univ_iid && ep_univ_iid)))) { 967 UNLINK_SLIST(unlinked, *pmclisthead, 968 scan, mclink, endpt); 969 DPRINTF(4, ("%s %s from IPv6 multicast-capable list to add %s\n", 970 (unlinked != scan) 971 ? "Failed to remove" 972 : "removed", 973 stoa(&scan->sin), stoa(&ep->sin))); 974 } 975 } 976 /* 977 * Add link/site local at the tail of the multicast- 978 * capable unicast interfaces list, so that ntpd will 979 * send from global addresses before link-/site-local 980 * ones. 981 */ 982 if (ep_local) 983 LINK_TAIL_SLIST(*pmclisthead, ep, mclink, endpt); 984 else 985 LINK_SLIST(*pmclisthead, ep, mclink); 986 DPRINTF(4, ("added %s to %s of IPv%s multicast-capable unicast local address list\n", 987 stoa(&ep->sin), 988 (ep_local) 989 ? "tail" 990 : "head", 991 (AF_INET == ep->family) 992 ? "4" 993 : "6")); 994 995 if (INVALID_SOCKET == ep->fd) 996 return; 997 998 /* 999 * select the local address from which to send to multicast. 1000 */ 1001 switch (AF(&ep->sin)) { 1002 1003 case AF_INET : 1004 rc = setsockopt(ep->fd, IPPROTO_IP, 1005 IP_MULTICAST_IF, 1006 (void *)&NSRCADR(&ep->sin), 1007 sizeof(NSRCADR(&ep->sin))); 1008 if (rc) 1009 msyslog(LOG_ERR, 1010 "setsockopt IP_MULTICAST_IF %s fails: %m", 1011 stoa(&ep->sin)); 1012 break; 1013 1014 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 1015 case AF_INET6 : 1016 rc = setsockopt(ep->fd, IPPROTO_IPV6, 1017 IPV6_MULTICAST_IF, 1018 (void *)&ep->ifindex, 1019 sizeof(ep->ifindex)); 1020 /* do not complain if bound addr scope is ifindex */ 1021 if (rc && ep->ifindex != SCOPE(&ep->sin)) 1022 msyslog(LOG_ERR, 1023 "setsockopt IPV6_MULTICAST_IF %u for %s fails: %m", 1024 ep->ifindex, stoa(&ep->sin)); 1025 break; 1026 # endif 1027 } 1028 #endif /* MCAST */ 1029 } 1030 1031 1032 /* 1033 * remove interface from known interface list and clean up 1034 * associated resources 1035 */ 1036 static void 1037 remove_interface( 1038 endpt * ep 1039 ) 1040 { 1041 endpt * unlinked; 1042 endpt ** pmclisthead; 1043 sockaddr_u resmask; 1044 1045 UNLINK_SLIST(unlinked, ep_list, ep, elink, endpt); 1046 if (!ep->ignore_packets && INT_MULTICAST & ep->flags) { 1047 pmclisthead = (AF_INET == ep->family) 1048 ? &mc4_list 1049 : &mc6_list; 1050 UNLINK_SLIST(unlinked, *pmclisthead, ep, mclink, endpt); 1051 DPRINTF(4, ("%s %s IPv%s multicast-capable unicast local address list\n", 1052 stoa(&ep->sin), 1053 (unlinked != NULL) 1054 ? "removed from" 1055 : "not found on", 1056 (AF_INET == ep->family) 1057 ? "4" 1058 : "6")); 1059 } 1060 delete_interface_from_list(ep); 1061 1062 if (ep->fd != INVALID_SOCKET) { 1063 msyslog(LOG_INFO, 1064 "Deleting interface #%d %s, %s#%d, interface stats: received=%ld, sent=%ld, dropped=%ld, active_time=%ld secs", 1065 ep->ifnum, 1066 ep->name, 1067 stoa(&ep->sin), 1068 SRCPORT(&ep->sin), 1069 ep->received, 1070 ep->sent, 1071 ep->notsent, 1072 current_time - ep->starttime); 1073 close_and_delete_fd_from_list(ep->fd); 1074 ep->fd = INVALID_SOCKET; 1075 } 1076 1077 if (ep->bfd != INVALID_SOCKET) { 1078 msyslog(LOG_INFO, 1079 "stop listening for broadcasts to %s on interface #%d %s", 1080 stoa(&ep->bcast), ep->ifnum, ep->name); 1081 close_and_delete_fd_from_list(ep->bfd); 1082 ep->bfd = INVALID_SOCKET; 1083 ep->flags &= ~INT_BCASTOPEN; 1084 } 1085 1086 ninterfaces--; 1087 mon_clearinterface(ep); 1088 1089 /* remove restrict interface entry */ 1090 SET_HOSTMASK(&resmask, AF(&ep->sin)); 1091 hack_restrict(RESTRICT_REMOVEIF, &ep->sin, &resmask, 1092 RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0); 1093 } 1094 1095 1096 static void 1097 log_listen_address( 1098 endpt * ep 1099 ) 1100 { 1101 msyslog(LOG_INFO, "%s on %d %s %s", 1102 (ep->ignore_packets) 1103 ? "Listen and drop" 1104 : "Listen normally", 1105 ep->ifnum, 1106 ep->name, 1107 sptoa(&ep->sin)); 1108 } 1109 1110 1111 static void 1112 create_wildcards( 1113 u_short port 1114 ) 1115 { 1116 int v4wild; 1117 #ifdef INCLUDE_IPV6_SUPPORT 1118 int v6wild; 1119 #endif 1120 sockaddr_u wildaddr; 1121 nic_rule_action action; 1122 struct interface * wildif; 1123 1124 /* 1125 * silence "potentially uninitialized" warnings from VC9 1126 * failing to follow the logic. Ideally action could remain 1127 * uninitialized, and the memset be the first statement under 1128 * the first if (v4wild). 1129 */ 1130 action = ACTION_LISTEN; 1131 ZERO(wildaddr); 1132 1133 #ifdef INCLUDE_IPV6_SUPPORT 1134 /* 1135 * create pseudo-interface with wildcard IPv6 address 1136 */ 1137 v6wild = ipv6_works; 1138 if (v6wild) { 1139 /* set wildaddr to the v6 wildcard address :: */ 1140 ZERO(wildaddr); 1141 AF(&wildaddr) = AF_INET6; 1142 SET_ADDR6N(&wildaddr, in6addr_any); 1143 SET_PORT(&wildaddr, port); 1144 SET_SCOPE(&wildaddr, 0); 1145 1146 /* check for interface/nic rules affecting the wildcard */ 1147 action = interface_action(NULL, &wildaddr, 0); 1148 v6wild = (ACTION_IGNORE != action); 1149 } 1150 if (v6wild) { 1151 wildif = new_interface(NULL); 1152 1153 strlcpy(wildif->name, "v6wildcard", sizeof(wildif->name)); 1154 memcpy(&wildif->sin, &wildaddr, sizeof(wildif->sin)); 1155 wildif->family = AF_INET6; 1156 AF(&wildif->mask) = AF_INET6; 1157 SET_ONESMASK(&wildif->mask); 1158 1159 wildif->flags = INT_UP | INT_WILDCARD; 1160 wildif->ignore_packets = (ACTION_DROP == action); 1161 1162 wildif->fd = open_socket(&wildif->sin, 0, 1, wildif); 1163 1164 if (wildif->fd != INVALID_SOCKET) { 1165 wildipv6 = wildif; 1166 any6_interface = wildif; 1167 add_addr_to_list(&wildif->sin, wildif); 1168 add_interface(wildif); 1169 log_listen_address(wildif); 1170 } else { 1171 msyslog(LOG_ERR, 1172 "unable to bind to wildcard address %s - another process may be running - EXITING", 1173 stoa(&wildif->sin)); 1174 exit(1); 1175 } 1176 DPRINT_INTERFACE(2, (wildif, "created ", "\n")); 1177 } 1178 #endif 1179 1180 /* 1181 * create pseudo-interface with wildcard IPv4 address 1182 */ 1183 v4wild = ipv4_works; 1184 if (v4wild) { 1185 /* set wildaddr to the v4 wildcard address 0.0.0.0 */ 1186 AF(&wildaddr) = AF_INET; 1187 SET_ADDR4N(&wildaddr, INADDR_ANY); 1188 SET_PORT(&wildaddr, port); 1189 1190 /* check for interface/nic rules affecting the wildcard */ 1191 action = interface_action(NULL, &wildaddr, 0); 1192 v4wild = (ACTION_IGNORE != action); 1193 } 1194 if (v4wild) { 1195 wildif = new_interface(NULL); 1196 1197 strlcpy(wildif->name, "v4wildcard", sizeof(wildif->name)); 1198 memcpy(&wildif->sin, &wildaddr, sizeof(wildif->sin)); 1199 wildif->family = AF_INET; 1200 AF(&wildif->mask) = AF_INET; 1201 SET_ONESMASK(&wildif->mask); 1202 1203 wildif->flags = INT_BROADCAST | INT_UP | INT_WILDCARD; 1204 wildif->ignore_packets = (ACTION_DROP == action); 1205 #if defined(MCAST) 1206 /* 1207 * enable multicast reception on the broadcast socket 1208 */ 1209 AF(&wildif->bcast) = AF_INET; 1210 SET_ADDR4N(&wildif->bcast, INADDR_ANY); 1211 SET_PORT(&wildif->bcast, port); 1212 #endif /* MCAST */ 1213 wildif->fd = open_socket(&wildif->sin, 0, 1, wildif); 1214 1215 if (wildif->fd != INVALID_SOCKET) { 1216 wildipv4 = wildif; 1217 any_interface = wildif; 1218 1219 add_addr_to_list(&wildif->sin, wildif); 1220 add_interface(wildif); 1221 log_listen_address(wildif); 1222 } else { 1223 msyslog(LOG_ERR, 1224 "unable to bind to wildcard address %s - another process may be running - EXITING", 1225 stoa(&wildif->sin)); 1226 exit(1); 1227 } 1228 DPRINT_INTERFACE(2, (wildif, "created ", "\n")); 1229 } 1230 } 1231 1232 1233 /* 1234 * add_nic_rule() -- insert a rule entry at the head of nic_rule_list. 1235 */ 1236 void 1237 add_nic_rule( 1238 nic_rule_match match_type, 1239 const char * if_name, /* interface name or numeric address */ 1240 int prefixlen, 1241 nic_rule_action action 1242 ) 1243 { 1244 nic_rule * rule; 1245 isc_boolean_t is_ip; 1246 1247 rule = emalloc_zero(sizeof(*rule)); 1248 rule->match_type = match_type; 1249 rule->prefixlen = prefixlen; 1250 rule->action = action; 1251 1252 if (MATCH_IFNAME == match_type) { 1253 REQUIRE(NULL != if_name); 1254 rule->if_name = estrdup(if_name); 1255 } else if (MATCH_IFADDR == match_type) { 1256 REQUIRE(NULL != if_name); 1257 /* set rule->addr */ 1258 is_ip = is_ip_address(if_name, AF_UNSPEC, &rule->addr); 1259 REQUIRE(is_ip); 1260 } else 1261 REQUIRE(NULL == if_name); 1262 1263 LINK_SLIST(nic_rule_list, rule, next); 1264 } 1265 1266 1267 #ifdef DEBUG 1268 static const char * 1269 action_text( 1270 nic_rule_action action 1271 ) 1272 { 1273 const char *t; 1274 1275 switch (action) { 1276 1277 default: 1278 t = "ERROR"; /* quiet uninit warning */ 1279 DPRINTF(1, ("fatal: unknown nic_rule_action %d\n", 1280 action)); 1281 ENSURE(0); 1282 break; 1283 1284 case ACTION_LISTEN: 1285 t = "listen"; 1286 break; 1287 1288 case ACTION_IGNORE: 1289 t = "ignore"; 1290 break; 1291 1292 case ACTION_DROP: 1293 t = "drop"; 1294 break; 1295 } 1296 1297 return t; 1298 } 1299 #endif /* DEBUG */ 1300 1301 1302 static nic_rule_action 1303 interface_action( 1304 char * if_name, 1305 sockaddr_u * if_addr, 1306 u_int32 if_flags 1307 ) 1308 { 1309 nic_rule * rule; 1310 int isloopback; 1311 int iswildcard; 1312 1313 DPRINTF(4, ("interface_action: interface %s ", 1314 (if_name != NULL) ? if_name : "wildcard")); 1315 1316 iswildcard = is_wildcard_addr(if_addr); 1317 isloopback = !!(INT_LOOPBACK & if_flags); 1318 1319 /* 1320 * Find any matching NIC rule from --interface / -I or ntp.conf 1321 * interface/nic rules. 1322 */ 1323 for (rule = nic_rule_list; rule != NULL; rule = rule->next) { 1324 1325 switch (rule->match_type) { 1326 1327 case MATCH_ALL: 1328 /* loopback and wildcard excluded from "all" */ 1329 if (isloopback || iswildcard) 1330 break; 1331 DPRINTF(4, ("nic all %s\n", 1332 action_text(rule->action))); 1333 return rule->action; 1334 1335 case MATCH_IPV4: 1336 if (IS_IPV4(if_addr)) { 1337 DPRINTF(4, ("nic ipv4 %s\n", 1338 action_text(rule->action))); 1339 return rule->action; 1340 } 1341 break; 1342 1343 case MATCH_IPV6: 1344 if (IS_IPV6(if_addr)) { 1345 DPRINTF(4, ("nic ipv6 %s\n", 1346 action_text(rule->action))); 1347 return rule->action; 1348 } 1349 break; 1350 1351 case MATCH_WILDCARD: 1352 if (iswildcard) { 1353 DPRINTF(4, ("nic wildcard %s\n", 1354 action_text(rule->action))); 1355 return rule->action; 1356 } 1357 break; 1358 1359 case MATCH_IFADDR: 1360 if (rule->prefixlen != -1) { 1361 if (addr_eqprefix(if_addr, &rule->addr, 1362 rule->prefixlen)) { 1363 1364 DPRINTF(4, ("subnet address match - %s\n", 1365 action_text(rule->action))); 1366 return rule->action; 1367 } 1368 } else 1369 if (SOCK_EQ(if_addr, &rule->addr)) { 1370 1371 DPRINTF(4, ("address match - %s\n", 1372 action_text(rule->action))); 1373 return rule->action; 1374 } 1375 break; 1376 1377 case MATCH_IFNAME: 1378 if (if_name != NULL 1379 #if defined(HAVE_FNMATCH) && defined(FNM_CASEFOLD) 1380 && !fnmatch(rule->if_name, if_name, FNM_CASEFOLD) 1381 #else 1382 && !strcasecmp(if_name, rule->if_name) 1383 #endif 1384 ) { 1385 1386 DPRINTF(4, ("interface name match - %s\n", 1387 action_text(rule->action))); 1388 return rule->action; 1389 } 1390 break; 1391 } 1392 } 1393 1394 /* 1395 * Unless explicitly disabled such as with "nic ignore ::1" 1396 * listen on loopback addresses. Since ntpq and ntpdc query 1397 * "localhost" by default, which typically resolves to ::1 and 1398 * 127.0.0.1, it's useful to default to listening on both. 1399 */ 1400 if (isloopback) { 1401 DPRINTF(4, ("default loopback listen\n")); 1402 return ACTION_LISTEN; 1403 } 1404 1405 /* 1406 * Treat wildcard addresses specially. If there is no explicit 1407 * "nic ... wildcard" or "nic ... 0.0.0.0" or "nic ... ::" rule 1408 * default to drop. 1409 */ 1410 if (iswildcard) { 1411 DPRINTF(4, ("default wildcard drop\n")); 1412 return ACTION_DROP; 1413 } 1414 1415 /* 1416 * Check for "virtual IP" (colon in the interface name) after 1417 * the rules so that "ntpd --interface eth0:1 -novirtualips" 1418 * does indeed listen on eth0:1's addresses. 1419 */ 1420 if (!listen_to_virtual_ips && if_name != NULL 1421 && (strchr(if_name, ':') != NULL)) { 1422 1423 DPRINTF(4, ("virtual ip - ignore\n")); 1424 return ACTION_IGNORE; 1425 } 1426 1427 /* 1428 * If there are no --interface/-I command-line options and no 1429 * interface/nic rules in ntp.conf, the default action is to 1430 * listen. In the presence of rules from either, the default 1431 * is to ignore. This implements ntpd's traditional listen- 1432 * every default with no interface listen configuration, and 1433 * ensures a single -I eth0 or "nic listen eth0" means do not 1434 * listen on any other addresses. 1435 */ 1436 if (NULL == nic_rule_list) { 1437 DPRINTF(4, ("default listen\n")); 1438 return ACTION_LISTEN; 1439 } 1440 1441 DPRINTF(4, ("implicit ignore\n")); 1442 return ACTION_IGNORE; 1443 } 1444 1445 1446 static void 1447 convert_isc_if( 1448 isc_interface_t *isc_if, 1449 endpt *itf, 1450 u_short port 1451 ) 1452 { 1453 const u_char v6loop[16] = {0, 0, 0, 0, 0, 0, 0, 0, 1454 0, 0, 0, 0, 0, 0, 0, 1}; 1455 1456 strlcpy(itf->name, isc_if->name, sizeof(itf->name)); 1457 itf->ifindex = isc_if->ifindex; 1458 itf->family = (u_short)isc_if->af; 1459 AF(&itf->sin) = itf->family; 1460 AF(&itf->mask) = itf->family; 1461 AF(&itf->bcast) = itf->family; 1462 SET_PORT(&itf->sin, port); 1463 SET_PORT(&itf->mask, port); 1464 SET_PORT(&itf->bcast, port); 1465 1466 if (IS_IPV4(&itf->sin)) { 1467 NSRCADR(&itf->sin) = isc_if->address.type.in.s_addr; 1468 NSRCADR(&itf->mask) = isc_if->netmask.type.in.s_addr; 1469 1470 if (isc_if->flags & INTERFACE_F_BROADCAST) { 1471 itf->flags |= INT_BROADCAST; 1472 NSRCADR(&itf->bcast) = 1473 isc_if->broadcast.type.in.s_addr; 1474 } 1475 } 1476 #ifdef INCLUDE_IPV6_SUPPORT 1477 else if (IS_IPV6(&itf->sin)) { 1478 SET_ADDR6N(&itf->sin, isc_if->address.type.in6); 1479 SET_ADDR6N(&itf->mask, isc_if->netmask.type.in6); 1480 1481 SET_SCOPE(&itf->sin, isc_if->address.zone); 1482 } 1483 #endif /* INCLUDE_IPV6_SUPPORT */ 1484 1485 1486 /* Process the rest of the flags */ 1487 1488 itf->flags |= 1489 ((INTERFACE_F_UP & isc_if->flags) 1490 ? INT_UP : 0) 1491 | ((INTERFACE_F_LOOPBACK & isc_if->flags) 1492 ? INT_LOOPBACK : 0) 1493 | ((INTERFACE_F_POINTTOPOINT & isc_if->flags) 1494 ? INT_PPP : 0) 1495 | ((INTERFACE_F_MULTICAST & isc_if->flags) 1496 ? INT_MULTICAST : 0) 1497 | ((INTERFACE_F_PRIVACY & isc_if->flags) 1498 ? INT_PRIVACY : 0) 1499 ; 1500 1501 /* 1502 * Clear the loopback flag if the address is not localhost. 1503 * http://bugs.ntp.org/1683 1504 */ 1505 if (INT_LOOPBACK & itf->flags) { 1506 if (AF_INET == itf->family) { 1507 if (127 != (SRCADR(&itf->sin) >> 24)) 1508 itf->flags &= ~INT_LOOPBACK; 1509 } else { 1510 if (memcmp(v6loop, NSRCADR6(&itf->sin), 1511 sizeof(NSRCADR6(&itf->sin)))) 1512 itf->flags &= ~INT_LOOPBACK; 1513 } 1514 } 1515 } 1516 1517 1518 /* 1519 * refresh_interface 1520 * 1521 * some OSes have been observed to keep 1522 * cached routes even when more specific routes 1523 * become available. 1524 * this can be mitigated by re-binding 1525 * the socket. 1526 */ 1527 static int 1528 refresh_interface( 1529 struct interface * interface 1530 ) 1531 { 1532 #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES 1533 if (interface->fd != INVALID_SOCKET) { 1534 int bcast = (interface->flags & INT_BCASTXMIT) != 0; 1535 /* as we forcibly close() the socket remove the 1536 broadcast permission indication */ 1537 if (bcast) 1538 socket_broadcast_disable(interface, &interface->sin); 1539 1540 close_and_delete_fd_from_list(interface->fd); 1541 1542 /* create new socket picking up a new first hop binding 1543 at connect() time */ 1544 interface->fd = open_socket(&interface->sin, 1545 bcast, 0, interface); 1546 /* 1547 * reset TTL indication so TTL is is set again 1548 * next time around 1549 */ 1550 interface->last_ttl = 0; 1551 return (interface->fd != INVALID_SOCKET); 1552 } else 1553 return 0; /* invalid sockets are not refreshable */ 1554 #else /* !OS_MISSES_SPECIFIC_ROUTE_UPDATES */ 1555 return (interface->fd != INVALID_SOCKET); 1556 #endif /* !OS_MISSES_SPECIFIC_ROUTE_UPDATES */ 1557 } 1558 1559 /* 1560 * interface_update - externally callable update function 1561 */ 1562 void 1563 interface_update( 1564 interface_receiver_t receiver, 1565 void * data) 1566 { 1567 int new_interface_found; 1568 1569 if (disable_dynamic_updates) 1570 return; 1571 1572 BLOCKIO(); 1573 new_interface_found = update_interfaces(NTP_PORT, receiver, data); 1574 UNBLOCKIO(); 1575 1576 if (!new_interface_found) 1577 return; 1578 1579 #ifdef DEBUG 1580 msyslog(LOG_DEBUG, "new interface(s) found: waking up resolver"); 1581 #endif 1582 interrupt_worker_sleep(); 1583 } 1584 1585 1586 /* 1587 * sau_from_netaddr() - convert network address on-wire formats. 1588 * Convert from libisc's isc_netaddr_t to NTP's sockaddr_u 1589 */ 1590 void 1591 sau_from_netaddr( 1592 sockaddr_u *psau, 1593 const isc_netaddr_t *pna 1594 ) 1595 { 1596 ZERO_SOCK(psau); 1597 AF(psau) = (u_short)pna->family; 1598 switch (pna->family) { 1599 1600 case AF_INET: 1601 memcpy(&psau->sa4.sin_addr, &pna->type.in, 1602 sizeof(psau->sa4.sin_addr)); 1603 break; 1604 1605 case AF_INET6: 1606 memcpy(&psau->sa6.sin6_addr, &pna->type.in6, 1607 sizeof(psau->sa6.sin6_addr)); 1608 break; 1609 } 1610 } 1611 1612 1613 static int 1614 is_wildcard_addr( 1615 const sockaddr_u *psau 1616 ) 1617 { 1618 if (IS_IPV4(psau) && !NSRCADR(psau)) 1619 return 1; 1620 1621 #ifdef INCLUDE_IPV6_SUPPORT 1622 if (IS_IPV6(psau) && S_ADDR6_EQ(psau, &in6addr_any)) 1623 return 1; 1624 #endif 1625 1626 return 0; 1627 } 1628 1629 1630 #ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND 1631 /* 1632 * enable/disable re-use of wildcard address socket 1633 */ 1634 static void 1635 set_wildcard_reuse( 1636 u_short family, 1637 int on 1638 ) 1639 { 1640 struct interface *any; 1641 SOCKET fd = INVALID_SOCKET; 1642 1643 any = ANY_INTERFACE_BYFAM(family); 1644 if (any != NULL) 1645 fd = any->fd; 1646 1647 if (fd != INVALID_SOCKET) { 1648 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, 1649 (char *)&on, sizeof(on))) 1650 msyslog(LOG_ERR, 1651 "set_wildcard_reuse: setsockopt(SO_REUSEADDR, %s) failed: %m", 1652 on ? "on" : "off"); 1653 1654 DPRINTF(4, ("set SO_REUSEADDR to %s on %s\n", 1655 on ? "on" : "off", 1656 stoa(&any->sin))); 1657 } 1658 } 1659 #endif /* OS_NEEDS_REUSEADDR_FOR_IFADDRBIND */ 1660 1661 1662 static isc_boolean_t 1663 check_flags6( 1664 sockaddr_u *psau, 1665 const char *name, 1666 u_int32 flags6 1667 ) 1668 { 1669 #if defined(INCLUDE_IPV6_SUPPORT) && defined(SIOCGIFAFLAG_IN6) 1670 struct in6_ifreq ifr6; 1671 int fd; 1672 1673 if (psau->sa.sa_family != AF_INET6) 1674 return ISC_FALSE; 1675 if ((fd = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) 1676 return ISC_FALSE; 1677 ZERO(ifr6); 1678 memcpy(&ifr6.ifr_addr, &psau->sa6, sizeof(ifr6.ifr_addr)); 1679 strlcpy(ifr6.ifr_name, name, sizeof(ifr6.ifr_name)); 1680 if (ioctl(fd, SIOCGIFAFLAG_IN6, &ifr6) < 0) { 1681 close(fd); 1682 return ISC_FALSE; 1683 } 1684 close(fd); 1685 if ((ifr6.ifr_ifru.ifru_flags6 & flags6) != 0) 1686 return ISC_TRUE; 1687 #endif /* INCLUDE_IPV6_SUPPORT && SIOCGIFAFLAG_IN6 */ 1688 return ISC_FALSE; 1689 } 1690 1691 static isc_boolean_t 1692 is_anycast( 1693 sockaddr_u *psau, 1694 const char *name 1695 ) 1696 { 1697 #ifdef IN6_IFF_ANYCAST 1698 return check_flags6(psau, name, IN6_IFF_ANYCAST); 1699 #else 1700 return ISC_FALSE; 1701 #endif 1702 } 1703 1704 static isc_boolean_t 1705 is_valid( 1706 sockaddr_u *psau, 1707 const char *name 1708 ) 1709 { 1710 u_int32 flags6; 1711 1712 flags6 = 0; 1713 #ifdef IN6_IFF_DEPARTED 1714 flags6 |= IN6_IFF_DEPARTED; 1715 #endif 1716 #ifdef IN6_IFF_DETACHED 1717 flags6 |= IN6_IFF_DETACHED; 1718 #endif 1719 #ifdef IN6_IFF_TENTATIVE 1720 flags6 |= IN6_IFF_TENTATIVE; 1721 #endif 1722 return check_flags6(psau, name, flags6) ? ISC_FALSE : ISC_TRUE; 1723 } 1724 1725 /* 1726 * update_interface strategy 1727 * 1728 * toggle configuration phase 1729 * 1730 * Phase 1: 1731 * forall currently existing interfaces 1732 * if address is known: 1733 * drop socket - rebind again 1734 * 1735 * if address is NOT known: 1736 * attempt to create a new interface entry 1737 * 1738 * Phase 2: 1739 * forall currently known non MCAST and WILDCARD interfaces 1740 * if interface does not match configuration phase (not seen in phase 1): 1741 * remove interface from known interface list 1742 * forall peers associated with this interface 1743 * disconnect peer from this interface 1744 * 1745 * Phase 3: 1746 * attempt to re-assign interfaces to peers 1747 * 1748 */ 1749 1750 static int 1751 update_interfaces( 1752 u_short port, 1753 interface_receiver_t receiver, 1754 void * data 1755 ) 1756 { 1757 isc_mem_t * mctx = (void *)-1; 1758 interface_info_t ifi; 1759 isc_interfaceiter_t * iter; 1760 isc_result_t result; 1761 isc_interface_t isc_if; 1762 int new_interface_found; 1763 unsigned int family; 1764 endpt enumep; 1765 endpt * ep; 1766 endpt * next_ep; 1767 1768 DPRINTF(3, ("update_interfaces(%d)\n", port)); 1769 1770 /* 1771 * phase one - scan interfaces 1772 * - create those that are not found 1773 * - update those that are found 1774 */ 1775 1776 new_interface_found = FALSE; 1777 iter = NULL; 1778 result = isc_interfaceiter_create(mctx, &iter); 1779 1780 if (result != ISC_R_SUCCESS) 1781 return 0; 1782 1783 /* 1784 * Toggle system interface scan phase to find untouched 1785 * interfaces to be deleted. 1786 */ 1787 sys_interphase ^= 0x1; 1788 1789 for (result = isc_interfaceiter_first(iter); 1790 ISC_R_SUCCESS == result; 1791 result = isc_interfaceiter_next(iter)) { 1792 1793 result = isc_interfaceiter_current(iter, &isc_if); 1794 1795 if (result != ISC_R_SUCCESS) 1796 break; 1797 1798 /* See if we have a valid family to use */ 1799 family = isc_if.address.family; 1800 if (AF_INET != family && AF_INET6 != family) 1801 continue; 1802 if (AF_INET == family && !ipv4_works) 1803 continue; 1804 if (AF_INET6 == family && !ipv6_works) 1805 continue; 1806 1807 /* create prototype */ 1808 init_interface(&enumep); 1809 1810 convert_isc_if(&isc_if, &enumep, port); 1811 1812 DPRINT_INTERFACE(4, (&enumep, "examining ", "\n")); 1813 1814 /* 1815 * Check if and how we are going to use the interface. 1816 */ 1817 switch (interface_action(enumep.name, &enumep.sin, 1818 enumep.flags)) { 1819 1820 case ACTION_IGNORE: 1821 DPRINTF(4, ("ignoring interface %s (%s) - by nic rules\n", 1822 enumep.name, stoa(&enumep.sin))); 1823 continue; 1824 1825 case ACTION_LISTEN: 1826 DPRINTF(4, ("listen interface %s (%s) - by nic rules\n", 1827 enumep.name, stoa(&enumep.sin))); 1828 enumep.ignore_packets = ISC_FALSE; 1829 break; 1830 1831 case ACTION_DROP: 1832 DPRINTF(4, ("drop on interface %s (%s) - by nic rules\n", 1833 enumep.name, stoa(&enumep.sin))); 1834 enumep.ignore_packets = ISC_TRUE; 1835 break; 1836 } 1837 1838 /* interfaces must be UP to be usable */ 1839 if (!(enumep.flags & INT_UP)) { 1840 DPRINTF(4, ("skipping interface %s (%s) - DOWN\n", 1841 enumep.name, stoa(&enumep.sin))); 1842 continue; 1843 } 1844 1845 /* 1846 * skip any interfaces UP and bound to a wildcard 1847 * address - some dhcp clients produce that in the 1848 * wild 1849 */ 1850 if (is_wildcard_addr(&enumep.sin)) 1851 continue; 1852 1853 if (is_anycast(&enumep.sin, isc_if.name)) 1854 continue; 1855 1856 /* 1857 * skip any address that is an invalid state to be used 1858 */ 1859 if (!is_valid(&enumep.sin, isc_if.name)) 1860 continue; 1861 1862 /* 1863 * map to local *address* in order to map all duplicate 1864 * interfaces to an endpt structure with the appropriate 1865 * socket. Our name space is (ip-address), NOT 1866 * (interface name, ip-address). 1867 */ 1868 ep = getinterface(&enumep.sin, INT_WILDCARD); 1869 1870 if (ep != NULL && refresh_interface(ep)) { 1871 /* 1872 * found existing and up to date interface - 1873 * mark present. 1874 */ 1875 if (ep->phase != sys_interphase) { 1876 /* 1877 * On a new round we reset the name so 1878 * the interface name shows up again if 1879 * this address is no longer shared. 1880 * We reset ignore_packets from the 1881 * new prototype to respect any runtime 1882 * changes to the nic rules. 1883 */ 1884 strlcpy(ep->name, enumep.name, 1885 sizeof(ep->name)); 1886 ep->ignore_packets = 1887 enumep.ignore_packets; 1888 } else { 1889 /* name collision - rename interface */ 1890 strlcpy(ep->name, "*multiple*", 1891 sizeof(ep->name)); 1892 } 1893 1894 DPRINT_INTERFACE(4, (ep, "updating ", 1895 " present\n")); 1896 1897 if (ep->ignore_packets != 1898 enumep.ignore_packets) { 1899 /* 1900 * We have conflicting configurations 1901 * for the interface address. This is 1902 * caused by using -I <interfacename> 1903 * for an interface that shares its 1904 * address with other interfaces. We 1905 * can not disambiguate incoming 1906 * packets delivered to this socket 1907 * without extra syscalls/features. 1908 * These are not (commonly) available. 1909 * Note this is a more unusual 1910 * configuration where several 1911 * interfaces share an address but 1912 * filtering via interface name is 1913 * attempted. We resolve the 1914 * configuration conflict by disabling 1915 * the processing of received packets. 1916 * This leads to no service on the 1917 * interface address where the conflict 1918 * occurs. 1919 */ 1920 msyslog(LOG_ERR, 1921 "WARNING: conflicting enable configuration for interfaces %s and %s for address %s - unsupported configuration - address DISABLED", 1922 enumep.name, ep->name, 1923 stoa(&enumep.sin)); 1924 1925 ep->ignore_packets = ISC_TRUE; 1926 } 1927 1928 ep->phase = sys_interphase; 1929 1930 ifi.action = IFS_EXISTS; 1931 ifi.ep = ep; 1932 if (receiver != NULL) 1933 (*receiver)(data, &ifi); 1934 } else { 1935 /* 1936 * This is new or refreshing failed - add to 1937 * our interface list. If refreshing failed we 1938 * will delete the interface structure in phase 1939 * 2 as the interface was not marked current. 1940 * We can bind to the address as the refresh 1941 * code already closed the offending socket 1942 */ 1943 ep = create_interface(port, &enumep); 1944 1945 if (ep != NULL) { 1946 ifi.action = IFS_CREATED; 1947 ifi.ep = ep; 1948 if (receiver != NULL) 1949 (*receiver)(data, &ifi); 1950 1951 new_interface_found = TRUE; 1952 DPRINT_INTERFACE(3, 1953 (ep, "updating ", 1954 " new - created\n")); 1955 } else { 1956 DPRINT_INTERFACE(3, 1957 (&enumep, "updating ", 1958 " new - creation FAILED")); 1959 1960 msyslog(LOG_INFO, 1961 "failed to init interface for address %s", 1962 stoa(&enumep.sin)); 1963 continue; 1964 } 1965 } 1966 } 1967 1968 isc_interfaceiter_destroy(&iter); 1969 1970 /* 1971 * phase 2 - delete gone interfaces - reassigning peers to 1972 * other interfaces 1973 */ 1974 for (ep = ep_list; ep != NULL; ep = next_ep) { 1975 next_ep = ep->elink; 1976 1977 /* 1978 * if phase does not match sys_phase this interface was 1979 * not enumerated during the last interface scan - so it 1980 * is gone and will be deleted here unless it did not 1981 * originate from interface enumeration (INT_WILDCARD, 1982 * INT_MCASTIF). 1983 */ 1984 if (((INT_WILDCARD | INT_MCASTIF) & ep->flags) || 1985 ep->phase == sys_interphase) 1986 continue; 1987 1988 DPRINT_INTERFACE(3, (ep, "updating ", 1989 "GONE - deleting\n")); 1990 remove_interface(ep); 1991 1992 ifi.action = IFS_DELETED; 1993 ifi.ep = ep; 1994 if (receiver != NULL) 1995 (*receiver)(data, &ifi); 1996 1997 /* disconnect peers from deleted endpt. */ 1998 while (ep->peers != NULL) 1999 set_peerdstadr(ep->peers, NULL); 2000 2001 /* 2002 * update globals in case we lose 2003 * a loopback interface 2004 */ 2005 if (ep == loopback_interface) 2006 loopback_interface = NULL; 2007 2008 delete_interface(ep); 2009 } 2010 2011 /* 2012 * phase 3 - re-configure as the world has possibly changed 2013 * 2014 * never ever make this conditional again - it is needed to track 2015 * routing updates. see bug #2506 2016 */ 2017 refresh_all_peerinterfaces(); 2018 2019 if (broadcast_client_enabled) 2020 io_setbclient(); 2021 2022 if (sys_bclient) 2023 io_setbclient(); 2024 2025 #ifdef MCAST 2026 /* 2027 * Check multicast interfaces and try to join multicast groups if 2028 * not joined yet. 2029 */ 2030 for (ep = ep_list; ep != NULL; ep = ep->elink) { 2031 remaddr_t *entry; 2032 2033 if (!(INT_MCASTIF & ep->flags) || (INT_MCASTOPEN & ep->flags)) 2034 continue; 2035 2036 /* Find remote address that was linked to this interface */ 2037 for (entry = remoteaddr_list; 2038 entry != NULL; 2039 entry = entry->link) { 2040 if (entry->ep == ep) { 2041 if (socket_multicast_enable(ep, &entry->addr)) { 2042 msyslog(LOG_INFO, 2043 "Joined %s socket to multicast group %s", 2044 stoa(&ep->sin), 2045 stoa(&entry->addr)); 2046 } 2047 break; 2048 } 2049 } 2050 } 2051 #endif /* MCAST */ 2052 2053 return new_interface_found; 2054 } 2055 2056 2057 /* 2058 * create_sockets - create a socket for each interface plus a default 2059 * socket for when we don't know where to send 2060 */ 2061 static int 2062 create_sockets( 2063 u_short port 2064 ) 2065 { 2066 #ifndef HAVE_IO_COMPLETION_PORT 2067 /* 2068 * I/O Completion Ports don't care about the select and FD_SET 2069 */ 2070 maxactivefd = 0; 2071 FD_ZERO(&activefds); 2072 #endif 2073 2074 DPRINTF(2, ("create_sockets(%d)\n", port)); 2075 2076 create_wildcards(port); 2077 2078 update_interfaces(port, NULL, NULL); 2079 2080 /* 2081 * Now that we have opened all the sockets, turn off the reuse 2082 * flag for security. 2083 */ 2084 set_reuseaddr(0); 2085 2086 DPRINTF(2, ("create_sockets: Total interfaces = %d\n", ninterfaces)); 2087 2088 return ninterfaces; 2089 } 2090 2091 /* 2092 * create_interface - create a new interface for a given prototype 2093 * binding the socket. 2094 */ 2095 static struct interface * 2096 create_interface( 2097 u_short port, 2098 struct interface * protot 2099 ) 2100 { 2101 sockaddr_u resmask; 2102 endpt * iface; 2103 #if defined(MCAST) && defined(MULTICAST_NONEWSOCKET) 2104 remaddr_t * entry; 2105 remaddr_t * next_entry; 2106 #endif 2107 DPRINTF(2, ("create_interface(%s#%d)\n", stoa(&protot->sin), 2108 port)); 2109 2110 /* build an interface */ 2111 iface = new_interface(protot); 2112 2113 /* 2114 * create socket 2115 */ 2116 iface->fd = open_socket(&iface->sin, 0, 0, iface); 2117 2118 if (iface->fd != INVALID_SOCKET) 2119 log_listen_address(iface); 2120 2121 if ((INT_BROADCAST & iface->flags) 2122 && iface->bfd != INVALID_SOCKET) 2123 msyslog(LOG_INFO, "Listening on broadcast address %s#%d", 2124 stoa((&iface->bcast)), port); 2125 2126 if (INVALID_SOCKET == iface->fd 2127 && INVALID_SOCKET == iface->bfd) { 2128 msyslog(LOG_ERR, "unable to create socket on %s (%d) for %s#%d", 2129 iface->name, 2130 iface->ifnum, 2131 stoa((&iface->sin)), 2132 port); 2133 delete_interface(iface); 2134 return NULL; 2135 } 2136 2137 /* 2138 * Blacklist our own addresses, no use talking to ourself 2139 */ 2140 SET_HOSTMASK(&resmask, AF(&iface->sin)); 2141 hack_restrict(RESTRICT_FLAGS, &iface->sin, &resmask, 2142 RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0); 2143 2144 /* 2145 * set globals with the first found 2146 * loopback interface of the appropriate class 2147 */ 2148 if (NULL == loopback_interface && AF_INET == iface->family 2149 && (INT_LOOPBACK & iface->flags)) 2150 loopback_interface = iface; 2151 2152 /* 2153 * put into our interface list 2154 */ 2155 add_addr_to_list(&iface->sin, iface); 2156 add_interface(iface); 2157 2158 #if defined(MCAST) && defined(MULTICAST_NONEWSOCKET) 2159 /* 2160 * Join any previously-configured compatible multicast groups. 2161 */ 2162 if (INT_MULTICAST & iface->flags && 2163 !((INT_LOOPBACK | INT_WILDCARD) & iface->flags) && 2164 !iface->ignore_packets) { 2165 for (entry = remoteaddr_list; 2166 entry != NULL; 2167 entry = next_entry) { 2168 next_entry = entry->link; 2169 if (AF(&iface->sin) != AF(&entry->addr) || 2170 !IS_MCAST(&entry->addr)) 2171 continue; 2172 if (socket_multicast_enable(iface, 2173 &entry->addr)) 2174 msyslog(LOG_INFO, 2175 "Joined %s socket to multicast group %s", 2176 stoa(&iface->sin), 2177 stoa(&entry->addr)); 2178 else 2179 msyslog(LOG_ERR, 2180 "Failed to join %s socket to multicast group %s", 2181 stoa(&iface->sin), 2182 stoa(&entry->addr)); 2183 } 2184 } 2185 #endif /* MCAST && MCAST_NONEWSOCKET */ 2186 2187 DPRINT_INTERFACE(2, (iface, "created ", "\n")); 2188 return iface; 2189 } 2190 2191 2192 #ifdef SO_EXCLUSIVEADDRUSE 2193 static void 2194 set_excladdruse( 2195 SOCKET fd 2196 ) 2197 { 2198 int one = 1; 2199 int failed; 2200 #ifdef SYS_WINNT 2201 DWORD err; 2202 #endif 2203 2204 failed = setsockopt(fd, SOL_SOCKET, SO_EXCLUSIVEADDRUSE, 2205 (char *)&one, sizeof(one)); 2206 2207 if (!failed) 2208 return; 2209 2210 #ifdef SYS_WINNT 2211 /* 2212 * Prior to Windows XP setting SO_EXCLUSIVEADDRUSE can fail with 2213 * error WSAINVAL depending on service pack level and whether 2214 * the user account is in the Administrators group. Do not 2215 * complain if it fails that way on versions prior to XP (5.1). 2216 */ 2217 err = GetLastError(); 2218 2219 if (isc_win32os_versioncheck(5, 1, 0, 0) < 0 /* < 5.1/XP */ 2220 && WSAEINVAL == err) 2221 return; 2222 2223 SetLastError(err); 2224 #endif 2225 msyslog(LOG_ERR, 2226 "setsockopt(%d, SO_EXCLUSIVEADDRUSE, on): %m", 2227 (int)fd); 2228 } 2229 #endif /* SO_EXCLUSIVEADDRUSE */ 2230 2231 2232 /* 2233 * set_reuseaddr() - set/clear REUSEADDR on all sockets 2234 * NB possible hole - should we be doing this on broadcast 2235 * fd's also? 2236 */ 2237 static void 2238 set_reuseaddr( 2239 int flag 2240 ) 2241 { 2242 #ifndef SO_EXCLUSIVEADDRUSE 2243 endpt *ep; 2244 2245 for (ep = ep_list; ep != NULL; ep = ep->elink) { 2246 if (ep->flags & INT_WILDCARD) 2247 continue; 2248 2249 /* 2250 * if ep->fd is INVALID_SOCKET, we might have a adapter 2251 * configured but not present 2252 */ 2253 DPRINTF(4, ("setting SO_REUSEADDR on %.16s@%s to %s\n", 2254 ep->name, stoa(&ep->sin), 2255 flag ? "on" : "off")); 2256 2257 if (ep->fd != INVALID_SOCKET) { 2258 if (setsockopt(ep->fd, SOL_SOCKET, SO_REUSEADDR, 2259 (char *)&flag, sizeof(flag))) { 2260 msyslog(LOG_ERR, "set_reuseaddr: setsockopt(%s, SO_REUSEADDR, %s) failed: %m", 2261 stoa(&ep->sin), flag ? "on" : "off"); 2262 } 2263 } 2264 } 2265 #endif /* ! SO_EXCLUSIVEADDRUSE */ 2266 } 2267 2268 /* 2269 * This is just a wrapper around an internal function so we can 2270 * make other changes as necessary later on 2271 */ 2272 void 2273 enable_broadcast( 2274 struct interface * iface, 2275 sockaddr_u * baddr 2276 ) 2277 { 2278 #ifdef OPEN_BCAST_SOCKET 2279 socket_broadcast_enable(iface, iface->fd, baddr); 2280 #endif 2281 } 2282 2283 #ifdef OPEN_BCAST_SOCKET 2284 /* 2285 * Enable a broadcast address to a given socket 2286 * The socket is in the ep_list all we need to do is enable 2287 * broadcasting. It is not this function's job to select the socket 2288 */ 2289 static isc_boolean_t 2290 socket_broadcast_enable( 2291 struct interface * iface, 2292 SOCKET fd, 2293 sockaddr_u * baddr 2294 ) 2295 { 2296 #ifdef SO_BROADCAST 2297 int on = 1; 2298 2299 if (IS_IPV4(baddr)) { 2300 /* if this interface can support broadcast, set SO_BROADCAST */ 2301 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, 2302 (char *)&on, sizeof(on))) 2303 msyslog(LOG_ERR, 2304 "setsockopt(SO_BROADCAST) enable failure on address %s: %m", 2305 stoa(baddr)); 2306 else 2307 DPRINTF(2, ("Broadcast enabled on socket %d for address %s\n", 2308 fd, stoa(baddr))); 2309 } 2310 iface->flags |= INT_BCASTXMIT; 2311 return ISC_TRUE; 2312 #else 2313 return ISC_FALSE; 2314 #endif /* SO_BROADCAST */ 2315 } 2316 2317 #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES 2318 /* 2319 * Remove a broadcast address from a given socket 2320 * The socket is in the ep_list all we need to do is disable 2321 * broadcasting. It is not this function's job to select the socket 2322 */ 2323 static isc_boolean_t 2324 socket_broadcast_disable( 2325 struct interface * iface, 2326 sockaddr_u * baddr 2327 ) 2328 { 2329 #ifdef SO_BROADCAST 2330 int off = 0; /* This seems to be OK as an int */ 2331 2332 if (IS_IPV4(baddr) && setsockopt(iface->fd, SOL_SOCKET, 2333 SO_BROADCAST, (char *)&off, sizeof(off))) 2334 msyslog(LOG_ERR, 2335 "setsockopt(SO_BROADCAST) disable failure on address %s: %m", 2336 stoa(baddr)); 2337 2338 iface->flags &= ~INT_BCASTXMIT; 2339 return ISC_TRUE; 2340 #else 2341 return ISC_FALSE; 2342 #endif /* SO_BROADCAST */ 2343 } 2344 #endif /* OS_MISSES_SPECIFIC_ROUTE_UPDATES */ 2345 2346 #endif /* OPEN_BCAST_SOCKET */ 2347 2348 /* 2349 * return the broadcast client flag value 2350 */ 2351 isc_boolean_t 2352 get_broadcastclient_flag(void) 2353 { 2354 return (broadcast_client_enabled); 2355 } 2356 /* 2357 * Check to see if the address is a multicast address 2358 */ 2359 static isc_boolean_t 2360 addr_ismulticast( 2361 sockaddr_u *maddr 2362 ) 2363 { 2364 isc_boolean_t result; 2365 2366 #ifndef INCLUDE_IPV6_MULTICAST_SUPPORT 2367 /* 2368 * If we don't have IPV6 support any IPV6 addr is not multicast 2369 */ 2370 if (IS_IPV6(maddr)) 2371 result = ISC_FALSE; 2372 else 2373 #endif 2374 result = IS_MCAST(maddr); 2375 2376 if (!result) 2377 DPRINTF(4, ("address %s is not multicast\n", 2378 stoa(maddr))); 2379 2380 return result; 2381 } 2382 2383 /* 2384 * Multicast servers need to set the appropriate Multicast interface 2385 * socket option in order for it to know which interface to use for 2386 * send the multicast packet. 2387 */ 2388 void 2389 enable_multicast_if( 2390 struct interface * iface, 2391 sockaddr_u * maddr 2392 ) 2393 { 2394 #ifdef MCAST 2395 #ifdef IP_MULTICAST_LOOP 2396 TYPEOF_IP_MULTICAST_LOOP off = 0; 2397 #endif 2398 #if defined(INCLUDE_IPV6_MULTICAST_SUPPORT) && defined(IPV6_MULTICAST_LOOP) 2399 u_int off6 = 0; 2400 #endif 2401 2402 REQUIRE(AF(maddr) == AF(&iface->sin)); 2403 2404 switch (AF(&iface->sin)) { 2405 2406 case AF_INET: 2407 #ifdef IP_MULTICAST_LOOP 2408 /* 2409 * Don't send back to itself, but allow failure to set 2410 */ 2411 if (setsockopt(iface->fd, IPPROTO_IP, 2412 IP_MULTICAST_LOOP, 2413 SETSOCKOPT_ARG_CAST &off, 2414 sizeof(off))) { 2415 2416 msyslog(LOG_ERR, 2417 "setsockopt IP_MULTICAST_LOOP failed: %m on socket %d, addr %s for multicast address %s", 2418 iface->fd, stoa(&iface->sin), 2419 stoa(maddr)); 2420 } 2421 #endif 2422 break; 2423 2424 case AF_INET6: 2425 #ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2426 #ifdef IPV6_MULTICAST_LOOP 2427 /* 2428 * Don't send back to itself, but allow failure to set 2429 */ 2430 if (setsockopt(iface->fd, IPPROTO_IPV6, 2431 IPV6_MULTICAST_LOOP, 2432 (char *) &off6, sizeof(off6))) { 2433 2434 msyslog(LOG_ERR, 2435 "setsockopt IPV6_MULTICAST_LOOP failed: %m on socket %d, addr %s for multicast address %s", 2436 iface->fd, stoa(&iface->sin), 2437 stoa(maddr)); 2438 } 2439 #endif 2440 break; 2441 #else 2442 return; 2443 #endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */ 2444 } 2445 return; 2446 #endif 2447 } 2448 2449 /* 2450 * Add a multicast address to a given socket 2451 * The socket is in the ep_list all we need to do is enable 2452 * multicasting. It is not this function's job to select the socket 2453 */ 2454 #if defined(MCAST) 2455 static isc_boolean_t 2456 socket_multicast_enable( 2457 endpt * iface, 2458 sockaddr_u * maddr 2459 ) 2460 { 2461 struct ip_mreq mreq; 2462 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2463 struct ipv6_mreq mreq6; 2464 # endif 2465 switch (AF(maddr)) { 2466 2467 case AF_INET: 2468 ZERO(mreq); 2469 mreq.imr_multiaddr = SOCK_ADDR4(maddr); 2470 mreq.imr_interface.s_addr = htonl(INADDR_ANY); 2471 if (setsockopt(iface->fd, 2472 IPPROTO_IP, 2473 IP_ADD_MEMBERSHIP, 2474 (char *)&mreq, 2475 sizeof(mreq))) { 2476 DPRINTF(2, ( 2477 "setsockopt IP_ADD_MEMBERSHIP failed: %m on socket %d, addr %s for %x / %x (%s)", 2478 iface->fd, stoa(&iface->sin), 2479 mreq.imr_multiaddr.s_addr, 2480 mreq.imr_interface.s_addr, 2481 stoa(maddr))); 2482 return ISC_FALSE; 2483 } 2484 DPRINTF(4, ("Added IPv4 multicast membership on socket %d, addr %s for %x / %x (%s)\n", 2485 iface->fd, stoa(&iface->sin), 2486 mreq.imr_multiaddr.s_addr, 2487 mreq.imr_interface.s_addr, stoa(maddr))); 2488 break; 2489 2490 case AF_INET6: 2491 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2492 /* 2493 * Enable reception of multicast packets. 2494 * If the address is link-local we can get the 2495 * interface index from the scope id. Don't do this 2496 * for other types of multicast addresses. For now let 2497 * the kernel figure it out. 2498 */ 2499 ZERO(mreq6); 2500 mreq6.ipv6mr_multiaddr = SOCK_ADDR6(maddr); 2501 mreq6.ipv6mr_interface = iface->ifindex; 2502 2503 if (setsockopt(iface->fd, IPPROTO_IPV6, 2504 IPV6_JOIN_GROUP, (char *)&mreq6, 2505 sizeof(mreq6))) { 2506 DPRINTF(2, ( 2507 "setsockopt IPV6_JOIN_GROUP failed: %m on socket %d, addr %s for interface %u (%s)", 2508 iface->fd, stoa(&iface->sin), 2509 mreq6.ipv6mr_interface, stoa(maddr))); 2510 return ISC_FALSE; 2511 } 2512 DPRINTF(4, ("Added IPv6 multicast group on socket %d, addr %s for interface %u (%s)\n", 2513 iface->fd, stoa(&iface->sin), 2514 mreq6.ipv6mr_interface, stoa(maddr))); 2515 # else 2516 return ISC_FALSE; 2517 # endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */ 2518 } 2519 iface->flags |= INT_MCASTOPEN; 2520 iface->num_mcast++; 2521 2522 return ISC_TRUE; 2523 } 2524 #endif /* MCAST */ 2525 2526 2527 /* 2528 * Remove a multicast address from a given socket 2529 * The socket is in the ep_list all we need to do is disable 2530 * multicasting. It is not this function's job to select the socket 2531 */ 2532 #ifdef MCAST 2533 static isc_boolean_t 2534 socket_multicast_disable( 2535 struct interface * iface, 2536 sockaddr_u * maddr 2537 ) 2538 { 2539 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2540 struct ipv6_mreq mreq6; 2541 # endif 2542 struct ip_mreq mreq; 2543 2544 ZERO(mreq); 2545 2546 if (find_addr_in_list(maddr) == NULL) { 2547 DPRINTF(4, ("socket_multicast_disable(%s): not found\n", 2548 stoa(maddr))); 2549 return ISC_TRUE; 2550 } 2551 2552 switch (AF(maddr)) { 2553 2554 case AF_INET: 2555 mreq.imr_multiaddr = SOCK_ADDR4(maddr); 2556 mreq.imr_interface = SOCK_ADDR4(&iface->sin); 2557 if (setsockopt(iface->fd, IPPROTO_IP, 2558 IP_DROP_MEMBERSHIP, (char *)&mreq, 2559 sizeof(mreq))) { 2560 2561 msyslog(LOG_ERR, 2562 "setsockopt IP_DROP_MEMBERSHIP failed: %m on socket %d, addr %s for %x / %x (%s)", 2563 iface->fd, stoa(&iface->sin), 2564 SRCADR(maddr), SRCADR(&iface->sin), 2565 stoa(maddr)); 2566 return ISC_FALSE; 2567 } 2568 break; 2569 case AF_INET6: 2570 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2571 /* 2572 * Disable reception of multicast packets 2573 * If the address is link-local we can get the 2574 * interface index from the scope id. Don't do this 2575 * for other types of multicast addresses. For now let 2576 * the kernel figure it out. 2577 */ 2578 mreq6.ipv6mr_multiaddr = SOCK_ADDR6(maddr); 2579 mreq6.ipv6mr_interface = iface->ifindex; 2580 2581 if (setsockopt(iface->fd, IPPROTO_IPV6, 2582 IPV6_LEAVE_GROUP, (char *)&mreq6, 2583 sizeof(mreq6))) { 2584 2585 msyslog(LOG_ERR, 2586 "setsockopt IPV6_LEAVE_GROUP failure: %m on socket %d, addr %s for %d (%s)", 2587 iface->fd, stoa(&iface->sin), 2588 iface->ifindex, stoa(maddr)); 2589 return ISC_FALSE; 2590 } 2591 break; 2592 # else 2593 return ISC_FALSE; 2594 # endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */ 2595 } 2596 2597 iface->num_mcast--; 2598 if (!iface->num_mcast) 2599 iface->flags &= ~INT_MCASTOPEN; 2600 2601 return ISC_TRUE; 2602 } 2603 #endif /* MCAST */ 2604 2605 /* 2606 * io_setbclient - open the broadcast client sockets 2607 */ 2608 void 2609 io_setbclient(void) 2610 { 2611 #ifdef OPEN_BCAST_SOCKET 2612 struct interface * interf; 2613 int nif; 2614 2615 nif = 0; 2616 set_reuseaddr(1); 2617 2618 for (interf = ep_list; 2619 interf != NULL; 2620 interf = interf->elink) { 2621 2622 if (interf->flags & (INT_WILDCARD | INT_LOOPBACK)) 2623 continue; 2624 2625 /* use only allowed addresses */ 2626 if (interf->ignore_packets) 2627 continue; 2628 2629 /* Need a broadcast-capable interface */ 2630 if (!(interf->flags & INT_BROADCAST)) 2631 continue; 2632 2633 /* Only IPv4 addresses are valid for broadcast */ 2634 REQUIRE(IS_IPV4(&interf->sin)); 2635 2636 /* Do we already have the broadcast address open? */ 2637 if (interf->flags & INT_BCASTOPEN) { 2638 /* 2639 * account for already open interfaces to avoid 2640 * misleading warning below 2641 */ 2642 nif++; 2643 continue; 2644 } 2645 2646 /* 2647 * Try to open the broadcast address 2648 */ 2649 interf->family = AF_INET; 2650 interf->bfd = open_socket(&interf->bcast, 1, 0, interf); 2651 2652 /* 2653 * If we succeeded then we use it otherwise enable 2654 * broadcast on the interface address 2655 */ 2656 if (interf->bfd != INVALID_SOCKET) { 2657 nif++; 2658 interf->flags |= INT_BCASTOPEN; 2659 msyslog(LOG_INFO, 2660 "Listen for broadcasts to %s on interface #%d %s", 2661 stoa(&interf->bcast), interf->ifnum, interf->name); 2662 } else { 2663 /* silently ignore EADDRINUSE as we probably opened 2664 the socket already for an address in the same network */ 2665 if (errno != EADDRINUSE) 2666 msyslog(LOG_INFO, 2667 "failed to listen for broadcasts to %s on interface #%d %s", 2668 stoa(&interf->bcast), interf->ifnum, interf->name); 2669 } 2670 } 2671 set_reuseaddr(0); 2672 if (nif > 0) { 2673 broadcast_client_enabled = ISC_TRUE; 2674 DPRINTF(1, ("io_setbclient: listening to %d broadcast addresses\n", nif)); 2675 } 2676 else if (!nif) { 2677 broadcast_client_enabled = ISC_FALSE; 2678 msyslog(LOG_ERR, 2679 "Unable to listen for broadcasts, no broadcast interfaces available"); 2680 } 2681 #else 2682 msyslog(LOG_ERR, 2683 "io_setbclient: Broadcast Client disabled by build"); 2684 #endif /* OPEN_BCAST_SOCKET */ 2685 } 2686 2687 /* 2688 * io_unsetbclient - close the broadcast client sockets 2689 */ 2690 void 2691 io_unsetbclient(void) 2692 { 2693 endpt *ep; 2694 2695 for (ep = ep_list; ep != NULL; ep = ep->elink) { 2696 if (INT_WILDCARD & ep->flags) 2697 continue; 2698 if (!(INT_BCASTOPEN & ep->flags)) 2699 continue; 2700 2701 if (ep->bfd != INVALID_SOCKET) { 2702 /* destroy broadcast listening socket */ 2703 msyslog(LOG_INFO, 2704 "stop listening for broadcasts to %s on interface #%d %s", 2705 stoa(&ep->bcast), ep->ifnum, ep->name); 2706 close_and_delete_fd_from_list(ep->bfd); 2707 ep->bfd = INVALID_SOCKET; 2708 ep->flags &= ~INT_BCASTOPEN; 2709 } 2710 } 2711 broadcast_client_enabled = ISC_FALSE; 2712 } 2713 2714 /* 2715 * io_multicast_add() - add multicast group address 2716 */ 2717 void 2718 io_multicast_add( 2719 sockaddr_u *addr 2720 ) 2721 { 2722 #ifdef MCAST 2723 endpt * ep; 2724 endpt * one_ep; 2725 2726 /* 2727 * Check to see if this is a multicast address 2728 */ 2729 if (!addr_ismulticast(addr)) 2730 return; 2731 2732 /* If we already have it we can just return */ 2733 if (NULL != find_flagged_addr_in_list(addr, INT_MCASTOPEN)) { 2734 msyslog(LOG_INFO, 2735 "Duplicate request found for multicast address %s", 2736 stoa(addr)); 2737 return; 2738 } 2739 2740 # ifndef MULTICAST_NONEWSOCKET 2741 ep = new_interface(NULL); 2742 2743 /* 2744 * Open a new socket for the multicast address 2745 */ 2746 ep->sin = *addr; 2747 SET_PORT(&ep->sin, NTP_PORT); 2748 ep->family = AF(&ep->sin); 2749 AF(&ep->mask) = ep->family; 2750 SET_ONESMASK(&ep->mask); 2751 2752 set_reuseaddr(1); 2753 ep->bfd = INVALID_SOCKET; 2754 ep->fd = open_socket(&ep->sin, 0, 0, ep); 2755 if (ep->fd != INVALID_SOCKET) { 2756 ep->ignore_packets = ISC_FALSE; 2757 ep->flags |= INT_MCASTIF; 2758 2759 strlcpy(ep->name, "multicast", sizeof(ep->name)); 2760 DPRINT_INTERFACE(2, (ep, "multicast add ", "\n")); 2761 add_interface(ep); 2762 log_listen_address(ep); 2763 } else { 2764 /* bind failed, re-use wildcard interface */ 2765 delete_interface(ep); 2766 2767 if (IS_IPV4(addr)) 2768 ep = wildipv4; 2769 else if (IS_IPV6(addr)) 2770 ep = wildipv6; 2771 else 2772 ep = NULL; 2773 2774 if (ep != NULL) { 2775 /* HACK ! -- stuff in an address */ 2776 /* because we don't bind addr? DH */ 2777 ep->bcast = *addr; 2778 msyslog(LOG_ERR, 2779 "multicast address %s using wildcard interface #%d %s", 2780 stoa(addr), ep->ifnum, ep->name); 2781 } else { 2782 msyslog(LOG_ERR, 2783 "No multicast socket available to use for address %s", 2784 stoa(addr)); 2785 return; 2786 } 2787 } 2788 { /* in place of the { following for in #else clause */ 2789 one_ep = ep; 2790 # else /* MULTICAST_NONEWSOCKET follows */ 2791 /* 2792 * For the case where we can't use a separate socket (Windows) 2793 * join each applicable endpoint socket to the group address. 2794 */ 2795 if (IS_IPV4(addr)) 2796 one_ep = wildipv4; 2797 else 2798 one_ep = wildipv6; 2799 for (ep = ep_list; ep != NULL; ep = ep->elink) { 2800 if (ep->ignore_packets || AF(&ep->sin) != AF(addr) || 2801 !(INT_MULTICAST & ep->flags) || 2802 (INT_LOOPBACK | INT_WILDCARD) & ep->flags) 2803 continue; 2804 one_ep = ep; 2805 # endif /* MULTICAST_NONEWSOCKET */ 2806 if (socket_multicast_enable(ep, addr)) 2807 msyslog(LOG_INFO, 2808 "Joined %s socket to multicast group %s", 2809 stoa(&ep->sin), 2810 stoa(addr)); 2811 } 2812 2813 add_addr_to_list(addr, one_ep); 2814 #else /* !MCAST follows*/ 2815 msyslog(LOG_ERR, 2816 "Can not add multicast address %s: no multicast support", 2817 stoa(addr)); 2818 #endif 2819 return; 2820 } 2821 2822 2823 /* 2824 * io_multicast_del() - delete multicast group address 2825 */ 2826 void 2827 io_multicast_del( 2828 sockaddr_u * addr 2829 ) 2830 { 2831 #ifdef MCAST 2832 endpt *iface; 2833 2834 /* 2835 * Check to see if this is a multicast address 2836 */ 2837 if (!addr_ismulticast(addr)) { 2838 msyslog(LOG_ERR, "invalid multicast address %s", 2839 stoa(addr)); 2840 return; 2841 } 2842 2843 /* 2844 * Disable reception of multicast packets 2845 */ 2846 while ((iface = find_flagged_addr_in_list(addr, INT_MCASTOPEN)) 2847 != NULL) 2848 socket_multicast_disable(iface, addr); 2849 2850 delete_addr_from_list(addr); 2851 2852 #else /* not MCAST */ 2853 msyslog(LOG_ERR, 2854 "Can not delete multicast address %s: no multicast support", 2855 stoa(addr)); 2856 #endif /* not MCAST */ 2857 } 2858 2859 2860 /* 2861 * open_socket - open a socket, returning the file descriptor 2862 */ 2863 2864 static SOCKET 2865 open_socket( 2866 sockaddr_u * addr, 2867 int bcast, 2868 int turn_off_reuse, 2869 endpt * interf 2870 ) 2871 { 2872 SOCKET fd; 2873 int errval; 2874 /* 2875 * int is OK for REUSEADR per 2876 * http://www.kohala.com/start/mcast.api.txt 2877 */ 2878 int on = 1; 2879 int off = 0; 2880 2881 if (IS_IPV6(addr) && !ipv6_works) 2882 return INVALID_SOCKET; 2883 2884 /* create a datagram (UDP) socket */ 2885 fd = socket(AF(addr), SOCK_DGRAM, 0); 2886 if (INVALID_SOCKET == fd) { 2887 errval = socket_errno(); 2888 msyslog(LOG_ERR, 2889 "socket(AF_INET%s, SOCK_DGRAM, 0) failed on address %s: %m", 2890 IS_IPV6(addr) ? "6" : "", stoa(addr)); 2891 2892 if (errval == EPROTONOSUPPORT || 2893 errval == EAFNOSUPPORT || 2894 errval == EPFNOSUPPORT) 2895 return (INVALID_SOCKET); 2896 2897 errno = errval; 2898 msyslog(LOG_ERR, 2899 "unexpected socket() error %m code %d (not EPROTONOSUPPORT nor EAFNOSUPPORT nor EPFNOSUPPORT) - exiting", 2900 errno); 2901 exit(1); 2902 } 2903 2904 #ifdef SYS_WINNT 2905 connection_reset_fix(fd, addr); 2906 #endif 2907 /* 2908 * Fixup the file descriptor for some systems 2909 * See bug #530 for details of the issue. 2910 */ 2911 fd = move_fd(fd); 2912 2913 /* 2914 * set SO_REUSEADDR since we will be binding the same port 2915 * number on each interface according to turn_off_reuse. 2916 * This is undesirable on Windows versions starting with 2917 * Windows XP (numeric version 5.1). 2918 */ 2919 #ifdef SYS_WINNT 2920 if (isc_win32os_versioncheck(5, 1, 0, 0) < 0) /* before 5.1 */ 2921 #endif 2922 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, 2923 (char *)((turn_off_reuse) 2924 ? &off 2925 : &on), 2926 sizeof(on))) { 2927 2928 msyslog(LOG_ERR, 2929 "setsockopt SO_REUSEADDR %s fails for address %s: %m", 2930 (turn_off_reuse) 2931 ? "off" 2932 : "on", 2933 stoa(addr)); 2934 closesocket(fd); 2935 return INVALID_SOCKET; 2936 } 2937 #ifdef SO_EXCLUSIVEADDRUSE 2938 /* 2939 * setting SO_EXCLUSIVEADDRUSE on the wildcard we open 2940 * first will cause more specific binds to fail. 2941 */ 2942 if (!(interf->flags & INT_WILDCARD)) 2943 set_excladdruse(fd); 2944 #endif 2945 2946 /* 2947 * IPv4 specific options go here 2948 */ 2949 if (IS_IPV4(addr)) { 2950 #if defined(IPPROTO_IP) && defined(IP_TOS) 2951 if (setsockopt(fd, IPPROTO_IP, IP_TOS, (char*)&qos, 2952 sizeof(qos))) 2953 msyslog(LOG_ERR, 2954 "setsockopt IP_TOS (%02x) fails on address %s: %m", 2955 qos, stoa(addr)); 2956 #endif /* IPPROTO_IP && IP_TOS */ 2957 if (bcast) 2958 socket_broadcast_enable(interf, fd, addr); 2959 } 2960 2961 /* 2962 * IPv6 specific options go here 2963 */ 2964 if (IS_IPV6(addr)) { 2965 #if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS) 2966 if (setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, (char*)&qos, 2967 sizeof(qos))) 2968 msyslog(LOG_ERR, 2969 "setsockopt IPV6_TCLASS (%02x) fails on address %s: %m", 2970 qos, stoa(addr)); 2971 #endif /* IPPROTO_IPV6 && IPV6_TCLASS */ 2972 #ifdef IPV6_V6ONLY 2973 if (isc_net_probe_ipv6only() == ISC_R_SUCCESS 2974 && setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, 2975 (char*)&on, sizeof(on))) 2976 msyslog(LOG_ERR, 2977 "setsockopt IPV6_V6ONLY on fails on address %s: %m", 2978 stoa(addr)); 2979 #endif 2980 #ifdef IPV6_BINDV6ONLY 2981 if (setsockopt(fd, IPPROTO_IPV6, IPV6_BINDV6ONLY, 2982 (char*)&on, sizeof(on))) 2983 msyslog(LOG_ERR, 2984 "setsockopt IPV6_BINDV6ONLY on fails on address %s: %m", 2985 stoa(addr)); 2986 #endif 2987 } 2988 2989 #ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND 2990 /* 2991 * some OSes don't allow binding to more specific 2992 * addresses if a wildcard address already bound 2993 * to the port and SO_REUSEADDR is not set 2994 */ 2995 if (!is_wildcard_addr(addr)) 2996 set_wildcard_reuse(AF(addr), 1); 2997 #endif 2998 2999 /* 3000 * bind the local address. 3001 */ 3002 errval = bind(fd, &addr->sa, SOCKLEN(addr)); 3003 3004 #ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND 3005 if (!is_wildcard_addr(addr)) 3006 set_wildcard_reuse(AF(addr), 0); 3007 #endif 3008 3009 if (errval < 0) { 3010 /* 3011 * Don't log this under all conditions 3012 */ 3013 if (turn_off_reuse == 0 3014 #ifdef DEBUG 3015 || debug > 1 3016 #endif 3017 ) { 3018 msyslog(LOG_ERR, 3019 "bind(%d) AF_INET%s %s#%d%s flags 0x%x failed: %m", 3020 fd, IS_IPV6(addr) ? "6" : "", 3021 stoa(addr), SRCPORT(addr), 3022 IS_MCAST(addr) ? " (multicast)" : "", 3023 interf->flags); 3024 } 3025 3026 closesocket(fd); 3027 3028 return INVALID_SOCKET; 3029 } 3030 3031 #ifdef HAVE_TIMESTAMP 3032 { 3033 if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMP, 3034 (char*)&on, sizeof(on))) 3035 msyslog(LOG_DEBUG, 3036 "setsockopt SO_TIMESTAMP on fails on address %s: %m", 3037 stoa(addr)); 3038 else 3039 DPRINTF(4, ("setsockopt SO_TIMESTAMP enabled on fd %d address %s\n", 3040 fd, stoa(addr))); 3041 } 3042 #endif 3043 #ifdef HAVE_TIMESTAMPNS 3044 { 3045 if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMPNS, 3046 (char*)&on, sizeof(on))) 3047 msyslog(LOG_DEBUG, 3048 "setsockopt SO_TIMESTAMPNS on fails on address %s: %m", 3049 stoa(addr)); 3050 else 3051 DPRINTF(4, ("setsockopt SO_TIMESTAMPNS enabled on fd %d address %s\n", 3052 fd, stoa(addr))); 3053 } 3054 #endif 3055 #ifdef HAVE_BINTIME 3056 { 3057 if (setsockopt(fd, SOL_SOCKET, SO_BINTIME, 3058 (char*)&on, sizeof(on))) 3059 msyslog(LOG_DEBUG, 3060 "setsockopt SO_BINTIME on fails on address %s: %m", 3061 stoa(addr)); 3062 else 3063 DPRINTF(4, ("setsockopt SO_BINTIME enabled on fd %d address %s\n", 3064 fd, stoa(addr))); 3065 } 3066 #endif 3067 3068 DPRINTF(4, ("bind(%d) AF_INET%s, addr %s%%%d#%d, flags 0x%x\n", 3069 fd, IS_IPV6(addr) ? "6" : "", stoa(addr), 3070 SCOPE(addr), SRCPORT(addr), interf->flags)); 3071 3072 make_socket_nonblocking(fd); 3073 3074 #ifdef HAVE_SIGNALED_IO 3075 init_socket_sig(fd); 3076 #endif /* not HAVE_SIGNALED_IO */ 3077 3078 add_fd_to_list(fd, FD_TYPE_SOCKET); 3079 3080 #if !defined(SYS_WINNT) && !defined(VMS) 3081 DPRINTF(4, ("flags for fd %d: 0x%x\n", fd, 3082 fcntl(fd, F_GETFL, 0))); 3083 #endif /* SYS_WINNT || VMS */ 3084 3085 #if defined (HAVE_IO_COMPLETION_PORT) 3086 /* 3087 * Add the socket to the completion port 3088 */ 3089 if (io_completion_port_add_socket(fd, interf)) { 3090 msyslog(LOG_ERR, "unable to set up io completion port - EXITING"); 3091 exit(1); 3092 } 3093 #endif 3094 return fd; 3095 } 3096 3097 3098 #ifdef SYS_WINNT 3099 #define sendto(fd, buf, len, flags, dest, destsz) \ 3100 io_completion_port_sendto(fd, buf, len, (sockaddr_u *)(dest)) 3101 #endif 3102 3103 /* XXX ELIMINATE sendpkt similar in ntpq.c, ntpdc.c, ntp_io.c, ntptrace.c */ 3104 /* 3105 * sendpkt - send a packet to the specified destination. Maintain a 3106 * send error cache so that only the first consecutive error for a 3107 * destination is logged. 3108 */ 3109 void 3110 sendpkt( 3111 sockaddr_u * dest, 3112 struct interface * ep, 3113 int ttl, 3114 struct pkt * pkt, 3115 int len 3116 ) 3117 { 3118 endpt * src; 3119 int ismcast; 3120 int cc; 3121 int rc; 3122 u_char cttl; 3123 3124 ismcast = IS_MCAST(dest); 3125 if (!ismcast) 3126 src = ep; 3127 else 3128 src = (IS_IPV4(dest)) 3129 ? mc4_list 3130 : mc6_list; 3131 3132 if (NULL == src) { 3133 /* 3134 * unbound peer - drop request and wait for better 3135 * network conditions 3136 */ 3137 DPRINTF(2, ("%ssendpkt(dst=%s, ttl=%d, len=%d): no interface - IGNORED\n", 3138 ismcast ? "\tMCAST\t***** " : "", 3139 stoa(dest), ttl, len)); 3140 return; 3141 } 3142 3143 do { 3144 DPRINTF(2, ("%ssendpkt(%d, dst=%s, src=%s, ttl=%d, len=%d)\n", 3145 ismcast ? "\tMCAST\t***** " : "", src->fd, 3146 stoa(dest), stoa(&src->sin), ttl, len)); 3147 #ifdef MCAST 3148 /* 3149 * for the moment we use the bcast option to set multicast ttl 3150 */ 3151 if (ismcast && ttl > 0 && ttl != src->last_ttl) { 3152 /* 3153 * set the multicast ttl for outgoing packets 3154 */ 3155 switch (AF(&src->sin)) { 3156 3157 case AF_INET : 3158 cttl = (u_char)ttl; 3159 rc = setsockopt(src->fd, IPPROTO_IP, 3160 IP_MULTICAST_TTL, 3161 (void *)&cttl, 3162 sizeof(cttl)); 3163 break; 3164 3165 # ifdef INCLUDE_IPV6_SUPPORT 3166 case AF_INET6 : 3167 rc = setsockopt(src->fd, IPPROTO_IPV6, 3168 IPV6_MULTICAST_HOPS, 3169 (void *)&ttl, 3170 sizeof(ttl)); 3171 break; 3172 # endif /* INCLUDE_IPV6_SUPPORT */ 3173 3174 default: 3175 rc = 0; 3176 } 3177 3178 if (!rc) 3179 src->last_ttl = ttl; 3180 else 3181 msyslog(LOG_ERR, 3182 "setsockopt IP_MULTICAST_TTL/IPV6_MULTICAST_HOPS fails on address %s: %m", 3183 stoa(&src->sin)); 3184 } 3185 #endif /* MCAST */ 3186 3187 #ifdef SIM 3188 cc = simulate_server(dest, src, pkt); 3189 #else 3190 cc = sendto(src->fd, (char *)pkt, (u_int)len, 0, 3191 &dest->sa, SOCKLEN(dest)); 3192 #endif 3193 if (cc == -1) { 3194 src->notsent++; 3195 packets_notsent++; 3196 } else { 3197 src->sent++; 3198 packets_sent++; 3199 } 3200 if (ismcast) 3201 src = src->mclink; 3202 } while (ismcast && src != NULL); 3203 } 3204 3205 3206 #if !defined(HAVE_IO_COMPLETION_PORT) 3207 /* 3208 * fdbits - generate ascii representation of fd_set (FAU debug support) 3209 * HFDF format - highest fd first. 3210 */ 3211 static char * 3212 fdbits( 3213 int count, 3214 fd_set *set 3215 ) 3216 { 3217 static char buffer[256]; 3218 char * buf = buffer; 3219 3220 count = min(count, 255); 3221 3222 while (count >= 0) { 3223 *buf++ = FD_ISSET(count, set) ? '#' : '-'; 3224 count--; 3225 } 3226 *buf = '\0'; 3227 3228 return buffer; 3229 } 3230 3231 3232 #ifdef REFCLOCK 3233 /* 3234 * Routine to read the refclock packets for a specific interface 3235 * Return the number of bytes read. That way we know if we should 3236 * read it again or go on to the next one if no bytes returned 3237 */ 3238 static inline int 3239 read_refclock_packet( 3240 SOCKET fd, 3241 struct refclockio * rp, 3242 l_fp ts 3243 ) 3244 { 3245 u_int read_count; 3246 int buflen; 3247 int saved_errno; 3248 int consumed; 3249 struct recvbuf * rb; 3250 3251 rb = get_free_recv_buffer(); 3252 3253 if (NULL == rb) { 3254 /* 3255 * No buffer space available - just drop the packet 3256 */ 3257 char buf[RX_BUFF_SIZE]; 3258 3259 buflen = read(fd, buf, sizeof buf); 3260 packets_dropped++; 3261 return (buflen); 3262 } 3263 3264 /* TALOS-CAN-0064: avoid signed/unsigned clashes that can lead 3265 * to buffer overrun and memory corruption 3266 */ 3267 if (rp->datalen <= 0 || rp->datalen > sizeof(rb->recv_space)) 3268 read_count = sizeof(rb->recv_space); 3269 else 3270 read_count = (u_int)rp->datalen; 3271 do { 3272 buflen = read(fd, (char *)&rb->recv_space, read_count); 3273 } while (buflen < 0 && EINTR == errno); 3274 3275 if (buflen <= 0) { 3276 saved_errno = errno; 3277 freerecvbuf(rb); 3278 errno = saved_errno; 3279 return buflen; 3280 } 3281 3282 /* 3283 * Got one. Mark how and when it got here, 3284 * put it on the full list and do bookkeeping. 3285 */ 3286 rb->recv_length = buflen; 3287 rb->recv_peer = rp->srcclock; 3288 rb->dstadr = 0; 3289 rb->fd = fd; 3290 rb->recv_time = ts; 3291 rb->receiver = rp->clock_recv; 3292 3293 consumed = indicate_refclock_packet(rp, rb); 3294 if (!consumed) { 3295 rp->recvcount++; 3296 packets_received++; 3297 } 3298 3299 return buflen; 3300 } 3301 #endif /* REFCLOCK */ 3302 3303 3304 #ifdef HAVE_PACKET_TIMESTAMP 3305 /* 3306 * extract timestamps from control message buffer 3307 */ 3308 static l_fp 3309 fetch_timestamp( 3310 struct recvbuf * rb, 3311 struct msghdr * msghdr, 3312 l_fp ts 3313 ) 3314 { 3315 struct cmsghdr * cmsghdr; 3316 #ifdef HAVE_BINTIME 3317 struct bintime * btp; 3318 #endif 3319 #ifdef HAVE_TIMESTAMPNS 3320 struct timespec * tsp; 3321 #endif 3322 #ifdef HAVE_TIMESTAMP 3323 struct timeval * tvp; 3324 #endif 3325 unsigned long ticks; 3326 double fuzz; 3327 l_fp lfpfuzz; 3328 l_fp nts; 3329 #ifdef DEBUG_TIMING 3330 l_fp dts; 3331 #endif 3332 3333 cmsghdr = CMSG_FIRSTHDR(msghdr); 3334 while (cmsghdr != NULL) { 3335 switch (cmsghdr->cmsg_type) 3336 { 3337 #ifdef HAVE_BINTIME 3338 case SCM_BINTIME: 3339 #endif /* HAVE_BINTIME */ 3340 #ifdef HAVE_TIMESTAMPNS 3341 case SCM_TIMESTAMPNS: 3342 #endif /* HAVE_TIMESTAMPNS */ 3343 #ifdef HAVE_TIMESTAMP 3344 case SCM_TIMESTAMP: 3345 #endif /* HAVE_TIMESTAMP */ 3346 #if defined(HAVE_BINTIME) || defined (HAVE_TIMESTAMPNS) || defined(HAVE_TIMESTAMP) 3347 switch (cmsghdr->cmsg_type) 3348 { 3349 #ifdef HAVE_BINTIME 3350 case SCM_BINTIME: 3351 btp = (struct bintime *)CMSG_DATA(cmsghdr); 3352 /* 3353 * bintime documentation is at http://phk.freebsd.dk/pubs/timecounter.pdf 3354 */ 3355 nts.l_i = btp->sec + JAN_1970; 3356 nts.l_uf = (u_int32)(btp->frac >> 32); 3357 if (sys_tick > measured_tick && 3358 sys_tick > 1e-9) { 3359 ticks = (unsigned long)(nts.l_uf / (unsigned long)(sys_tick * FRAC)); 3360 nts.l_uf = (unsigned long)(ticks * (unsigned long)(sys_tick * FRAC)); 3361 } 3362 DPRINTF(4, ("fetch_timestamp: system bintime network time stamp: %ld.%09lu\n", 3363 btp->sec, (unsigned long)((nts.l_uf / FRAC) * 1e9))); 3364 break; 3365 #endif /* HAVE_BINTIME */ 3366 #ifdef HAVE_TIMESTAMPNS 3367 case SCM_TIMESTAMPNS: 3368 tsp = (struct timespec *)CMSG_DATA(cmsghdr); 3369 if (sys_tick > measured_tick && 3370 sys_tick > 1e-9) { 3371 ticks = (unsigned long)((tsp->tv_nsec * 1e-9) / 3372 sys_tick); 3373 tsp->tv_nsec = (long)(ticks * 1e9 * 3374 sys_tick); 3375 } 3376 DPRINTF(4, ("fetch_timestamp: system nsec network time stamp: %ld.%09ld\n", 3377 tsp->tv_sec, tsp->tv_nsec)); 3378 nts = tspec_stamp_to_lfp(*tsp); 3379 break; 3380 #endif /* HAVE_TIMESTAMPNS */ 3381 #ifdef HAVE_TIMESTAMP 3382 case SCM_TIMESTAMP: 3383 tvp = (struct timeval *)CMSG_DATA(cmsghdr); 3384 if (sys_tick > measured_tick && 3385 sys_tick > 1e-6) { 3386 ticks = (unsigned long)((tvp->tv_usec * 1e-6) / 3387 sys_tick); 3388 tvp->tv_usec = (long)(ticks * 1e6 * 3389 sys_tick); 3390 } 3391 DPRINTF(4, ("fetch_timestamp: system usec network time stamp: %jd.%06ld\n", 3392 (intmax_t)tvp->tv_sec, (long)tvp->tv_usec)); 3393 nts = tval_stamp_to_lfp(*tvp); 3394 break; 3395 #endif /* HAVE_TIMESTAMP */ 3396 } 3397 fuzz = ntp_random() * 2. / FRAC * sys_fuzz; 3398 DTOLFP(fuzz, &lfpfuzz); 3399 L_ADD(&nts, &lfpfuzz); 3400 #ifdef DEBUG_TIMING 3401 dts = ts; 3402 L_SUB(&dts, &nts); 3403 collect_timing(rb, "input processing delay", 1, 3404 &dts); 3405 DPRINTF(4, ("fetch_timestamp: timestamp delta: %s (incl. fuzz)\n", 3406 lfptoa(&dts, 9))); 3407 #endif /* DEBUG_TIMING */ 3408 ts = nts; /* network time stamp */ 3409 break; 3410 #endif /* HAVE_BINTIME || HAVE_TIMESTAMPNS || HAVE_TIMESTAMP */ 3411 3412 default: 3413 DPRINTF(4, ("fetch_timestamp: skipping control message 0x%x\n", 3414 cmsghdr->cmsg_type)); 3415 } 3416 cmsghdr = CMSG_NXTHDR(msghdr, cmsghdr); 3417 } 3418 return ts; 3419 } 3420 #endif /* HAVE_PACKET_TIMESTAMP */ 3421 3422 3423 /* 3424 * Routine to read the network NTP packets for a specific interface 3425 * Return the number of bytes read. That way we know if we should 3426 * read it again or go on to the next one if no bytes returned 3427 */ 3428 static inline int 3429 read_network_packet( 3430 SOCKET fd, 3431 struct interface * itf, 3432 l_fp ts 3433 ) 3434 { 3435 GETSOCKNAME_SOCKLEN_TYPE fromlen; 3436 int buflen; 3437 register struct recvbuf *rb; 3438 #ifdef HAVE_PACKET_TIMESTAMP 3439 struct msghdr msghdr; 3440 struct iovec iovec; 3441 char control[CMSG_BUFSIZE]; 3442 #endif 3443 3444 /* 3445 * Get a buffer and read the frame. If we 3446 * haven't got a buffer, or this is received 3447 * on a disallowed socket, just dump the 3448 * packet. 3449 */ 3450 3451 rb = get_free_recv_buffer(); 3452 if (NULL == rb || itf->ignore_packets) { 3453 char buf[RX_BUFF_SIZE]; 3454 sockaddr_u from; 3455 3456 if (rb != NULL) 3457 freerecvbuf(rb); 3458 3459 fromlen = sizeof(from); 3460 buflen = recvfrom(fd, buf, sizeof(buf), 0, 3461 &from.sa, &fromlen); 3462 DPRINTF(4, ("%s on (%lu) fd=%d from %s\n", 3463 (itf->ignore_packets) 3464 ? "ignore" 3465 : "drop", 3466 free_recvbuffs(), fd, stoa(&from))); 3467 if (itf->ignore_packets) 3468 packets_ignored++; 3469 else 3470 packets_dropped++; 3471 return (buflen); 3472 } 3473 3474 fromlen = sizeof(rb->recv_srcadr); 3475 3476 #ifndef HAVE_PACKET_TIMESTAMP 3477 rb->recv_length = recvfrom(fd, (char *)&rb->recv_space, 3478 sizeof(rb->recv_space), 0, 3479 &rb->recv_srcadr.sa, &fromlen); 3480 #else 3481 iovec.iov_base = &rb->recv_space; 3482 iovec.iov_len = sizeof(rb->recv_space); 3483 msghdr.msg_name = &rb->recv_srcadr; 3484 msghdr.msg_namelen = fromlen; 3485 msghdr.msg_iov = &iovec; 3486 msghdr.msg_iovlen = 1; 3487 msghdr.msg_control = (void *)&control; 3488 msghdr.msg_controllen = sizeof(control); 3489 msghdr.msg_flags = 0; 3490 rb->recv_length = recvmsg(fd, &msghdr, 0); 3491 #endif 3492 3493 buflen = rb->recv_length; 3494 3495 if (buflen == 0 || (buflen == -1 && 3496 (EWOULDBLOCK == errno 3497 #ifdef EAGAIN 3498 || EAGAIN == errno 3499 #endif 3500 ))) { 3501 freerecvbuf(rb); 3502 return (buflen); 3503 } else if (buflen < 0) { 3504 msyslog(LOG_ERR, "recvfrom(%s) fd=%d: %m", 3505 stoa(&rb->recv_srcadr), fd); 3506 DPRINTF(5, ("read_network_packet: fd=%d dropped (bad recvfrom)\n", 3507 fd)); 3508 freerecvbuf(rb); 3509 return (buflen); 3510 } 3511 3512 DPRINTF(3, ("read_network_packet: fd=%d length %d from %s\n", 3513 fd, buflen, stoa(&rb->recv_srcadr))); 3514 3515 /* 3516 ** Bug 2672: Some OSes (MacOSX and Linux) don't block spoofed ::1 3517 */ 3518 3519 if (AF_INET6 == itf->family) { 3520 DPRINTF(2, ("Got an IPv6 packet, from <%s> (%d) to <%s> (%d)\n", 3521 stoa(&rb->recv_srcadr), 3522 IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr)), 3523 stoa(&itf->sin), 3524 !IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&itf->sin)) 3525 )); 3526 3527 if ( IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr)) 3528 && !IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&itf->sin)) 3529 ) { 3530 packets_dropped++; 3531 DPRINTF(2, ("DROPPING that packet\n")); 3532 freerecvbuf(rb); 3533 return buflen; 3534 } 3535 DPRINTF(2, ("processing that packet\n")); 3536 } 3537 3538 /* 3539 * Got one. Mark how and when it got here, 3540 * put it on the full list and do bookkeeping. 3541 */ 3542 rb->dstadr = itf; 3543 rb->fd = fd; 3544 #ifdef HAVE_PACKET_TIMESTAMP 3545 /* pick up a network time stamp if possible */ 3546 ts = fetch_timestamp(rb, &msghdr, ts); 3547 #endif 3548 rb->recv_time = ts; 3549 rb->receiver = receive; 3550 3551 add_full_recv_buffer(rb); 3552 3553 itf->received++; 3554 packets_received++; 3555 return (buflen); 3556 } 3557 3558 /* 3559 * attempt to handle io (select()/signaled IO) 3560 */ 3561 void 3562 io_handler(void) 3563 { 3564 # ifndef HAVE_SIGNALED_IO 3565 fd_set rdfdes; 3566 int nfound; 3567 3568 /* 3569 * Use select() on all on all input fd's for unlimited 3570 * time. select() will terminate on SIGALARM or on the 3571 * reception of input. Using select() means we can't do 3572 * robust signal handling and we get a potential race 3573 * between checking for alarms and doing the select(). 3574 * Mostly harmless, I think. 3575 */ 3576 /* 3577 * On VMS, I suspect that select() can't be interrupted 3578 * by a "signal" either, so I take the easy way out and 3579 * have select() time out after one second. 3580 * System clock updates really aren't time-critical, 3581 * and - lacking a hardware reference clock - I have 3582 * yet to learn about anything else that is. 3583 */ 3584 rdfdes = activefds; 3585 # if !defined(VMS) && !defined(SYS_VXWORKS) 3586 nfound = select(maxactivefd + 1, &rdfdes, NULL, 3587 NULL, NULL); 3588 # else /* VMS, VxWorks */ 3589 /* make select() wake up after one second */ 3590 { 3591 struct timeval t1; 3592 3593 t1.tv_sec = 1; 3594 t1.tv_usec = 0; 3595 nfound = select(maxactivefd + 1, 3596 &rdfdes, NULL, NULL, 3597 &t1); 3598 } 3599 # endif /* VMS, VxWorks */ 3600 if (nfound > 0) { 3601 l_fp ts; 3602 3603 get_systime(&ts); 3604 3605 input_handler(&ts); 3606 } else if (nfound == -1 && errno != EINTR) { 3607 msyslog(LOG_ERR, "select() error: %m"); 3608 } 3609 # ifdef DEBUG 3610 else if (debug > 4) { 3611 msyslog(LOG_DEBUG, "select(): nfound=%d, error: %m", nfound); 3612 } else { 3613 DPRINTF(3, ("select() returned %d: %m\n", nfound)); 3614 } 3615 # endif /* DEBUG */ 3616 # else /* HAVE_SIGNALED_IO */ 3617 wait_for_signal(); 3618 # endif /* HAVE_SIGNALED_IO */ 3619 } 3620 3621 /* 3622 * input_handler - receive packets asynchronously 3623 */ 3624 static void 3625 input_handler( 3626 l_fp * cts 3627 ) 3628 { 3629 int buflen; 3630 int n; 3631 u_int idx; 3632 int doing; 3633 SOCKET fd; 3634 blocking_child *c; 3635 struct timeval tvzero; 3636 l_fp ts; /* Timestamp at BOselect() gob */ 3637 #ifdef DEBUG_TIMING 3638 l_fp ts_e; /* Timestamp at EOselect() gob */ 3639 #endif 3640 fd_set fds; 3641 size_t select_count; 3642 endpt * ep; 3643 #ifdef REFCLOCK 3644 struct refclockio *rp; 3645 int saved_errno; 3646 const char * clk; 3647 #endif 3648 #ifdef HAS_ROUTING_SOCKET 3649 struct asyncio_reader * asyncio_reader; 3650 struct asyncio_reader * next_asyncio_reader; 3651 #endif 3652 3653 handler_calls++; 3654 select_count = 0; 3655 3656 /* 3657 * If we have something to do, freeze a timestamp. 3658 * See below for the other cases (nothing left to do or error) 3659 */ 3660 ts = *cts; 3661 3662 /* 3663 * Do a poll to see who has data 3664 */ 3665 3666 fds = activefds; 3667 tvzero.tv_sec = tvzero.tv_usec = 0; 3668 3669 n = select(maxactivefd + 1, &fds, (fd_set *)0, (fd_set *)0, 3670 &tvzero); 3671 3672 /* 3673 * If there are no packets waiting just return 3674 */ 3675 if (n < 0) { 3676 int err = errno; 3677 int j, b, prior; 3678 /* 3679 * extended FAU debugging output 3680 */ 3681 if (err != EINTR) 3682 msyslog(LOG_ERR, 3683 "select(%d, %s, 0L, 0L, &0.0) error: %m", 3684 maxactivefd + 1, 3685 fdbits(maxactivefd, &activefds)); 3686 if (err != EBADF) 3687 goto ih_return; 3688 for (j = 0, prior = 0; j <= maxactivefd; j++) { 3689 if (FD_ISSET(j, &activefds)) { 3690 if (-1 != read(j, &b, 0)) { 3691 prior = j; 3692 continue; 3693 } 3694 msyslog(LOG_ERR, 3695 "Removing bad file descriptor %d from select set", 3696 j); 3697 FD_CLR(j, &activefds); 3698 if (j == maxactivefd) 3699 maxactivefd = prior; 3700 } 3701 } 3702 goto ih_return; 3703 } 3704 else if (n == 0) 3705 goto ih_return; 3706 3707 ++handler_pkts; 3708 3709 #ifdef REFCLOCK 3710 /* 3711 * Check out the reference clocks first, if any 3712 */ 3713 3714 if (refio != NULL) { 3715 for (rp = refio; rp != NULL; rp = rp->next) { 3716 fd = rp->fd; 3717 3718 if (!FD_ISSET(fd, &fds)) 3719 continue; 3720 ++select_count; 3721 buflen = read_refclock_packet(fd, rp, ts); 3722 /* 3723 * The first read must succeed after select() 3724 * indicates readability, or we've reached 3725 * a permanent EOF. http://bugs.ntp.org/1732 3726 * reported ntpd munching CPU after a USB GPS 3727 * was unplugged because select was indicating 3728 * EOF but ntpd didn't remove the descriptor 3729 * from the activefds set. 3730 */ 3731 if (buflen < 0 && EAGAIN != errno) { 3732 saved_errno = errno; 3733 clk = refnumtoa(&rp->srcclock->srcadr); 3734 errno = saved_errno; 3735 msyslog(LOG_ERR, "%s read: %m", clk); 3736 maintain_activefds(fd, TRUE); 3737 } else if (0 == buflen) { 3738 clk = refnumtoa(&rp->srcclock->srcadr); 3739 msyslog(LOG_ERR, "%s read EOF", clk); 3740 maintain_activefds(fd, TRUE); 3741 } else { 3742 /* drain any remaining refclock input */ 3743 do { 3744 buflen = read_refclock_packet(fd, rp, ts); 3745 } while (buflen > 0); 3746 } 3747 } 3748 } 3749 #endif /* REFCLOCK */ 3750 3751 /* 3752 * Loop through the interfaces looking for data to read. 3753 */ 3754 for (ep = ep_list; ep != NULL; ep = ep->elink) { 3755 for (doing = 0; doing < 2; doing++) { 3756 if (!doing) { 3757 fd = ep->fd; 3758 } else { 3759 if (!(ep->flags & INT_BCASTOPEN)) 3760 break; 3761 fd = ep->bfd; 3762 } 3763 if (fd < 0) 3764 continue; 3765 if (FD_ISSET(fd, &fds)) 3766 do { 3767 ++select_count; 3768 buflen = read_network_packet( 3769 fd, ep, ts); 3770 } while (buflen > 0); 3771 /* Check more interfaces */ 3772 } 3773 } 3774 3775 #ifdef HAS_ROUTING_SOCKET 3776 /* 3777 * scan list of asyncio readers - currently only used for routing sockets 3778 */ 3779 asyncio_reader = asyncio_reader_list; 3780 3781 while (asyncio_reader != NULL) { 3782 /* callback may unlink and free asyncio_reader */ 3783 next_asyncio_reader = asyncio_reader->link; 3784 if (FD_ISSET(asyncio_reader->fd, &fds)) { 3785 ++select_count; 3786 (*asyncio_reader->receiver)(asyncio_reader); 3787 } 3788 asyncio_reader = next_asyncio_reader; 3789 } 3790 #endif /* HAS_ROUTING_SOCKET */ 3791 3792 /* 3793 * Check for a response from a blocking child 3794 */ 3795 for (idx = 0; idx < blocking_children_alloc; idx++) { 3796 c = blocking_children[idx]; 3797 if (NULL == c || -1 == c->resp_read_pipe) 3798 continue; 3799 if (FD_ISSET(c->resp_read_pipe, &fds)) { 3800 select_count++; 3801 process_blocking_resp(c); 3802 } 3803 } 3804 3805 /* 3806 * Done everything from that select. 3807 * If nothing to do, just return. 3808 * If an error occurred, complain and return. 3809 */ 3810 if (select_count == 0) { /* We really had nothing to do */ 3811 #ifdef DEBUG 3812 if (debug) 3813 msyslog(LOG_DEBUG, "input_handler: select() returned 0"); 3814 #endif /* DEBUG */ 3815 goto ih_return; 3816 } 3817 /* We've done our work */ 3818 #ifdef DEBUG_TIMING 3819 get_systime(&ts_e); 3820 /* 3821 * (ts_e - ts) is the amount of time we spent 3822 * processing this gob of file descriptors. Log 3823 * it. 3824 */ 3825 L_SUB(&ts_e, &ts); 3826 collect_timing(NULL, "input handler", 1, &ts_e); 3827 if (debug > 3) 3828 msyslog(LOG_DEBUG, 3829 "input_handler: Processed a gob of fd's in %s msec", 3830 lfptoms(&ts_e, 6)); 3831 #endif /* DEBUG_TIMING */ 3832 /* We're done... */ 3833 ih_return: 3834 return; 3835 } 3836 #endif /* !HAVE_IO_COMPLETION_PORT */ 3837 3838 3839 /* 3840 * find an interface suitable for the src address 3841 */ 3842 endpt * 3843 select_peerinterface( 3844 struct peer * peer, 3845 sockaddr_u * srcadr, 3846 endpt * dstadr 3847 ) 3848 { 3849 endpt *ep; 3850 #ifndef SIM 3851 endpt *wild; 3852 3853 wild = ANY_INTERFACE_CHOOSE(srcadr); 3854 3855 /* 3856 * Initialize the peer structure and dance the interface jig. 3857 * Reference clocks step the loopback waltz, the others 3858 * squaredance around the interface list looking for a buddy. If 3859 * the dance peters out, there is always the wildcard interface. 3860 * This might happen in some systems and would preclude proper 3861 * operation with public key cryptography. 3862 */ 3863 if (ISREFCLOCKADR(srcadr)) { 3864 ep = loopback_interface; 3865 } else if (peer->cast_flags & 3866 (MDF_BCLNT | MDF_ACAST | MDF_MCAST | MDF_BCAST)) { 3867 ep = findbcastinter(srcadr); 3868 if (ep != NULL) 3869 DPRINTF(4, ("Found *-cast interface %s for address %s\n", 3870 stoa(&ep->sin), stoa(srcadr))); 3871 else 3872 DPRINTF(4, ("No *-cast local address found for address %s\n", 3873 stoa(srcadr))); 3874 } else { 3875 ep = dstadr; 3876 if (NULL == ep) 3877 ep = wild; 3878 } 3879 /* 3880 * If it is a multicast address, findbcastinter() may not find 3881 * it. For unicast, we get to find the interface when dstadr is 3882 * given to us as the wildcard (ANY_INTERFACE_CHOOSE). Either 3883 * way, try a little harder. 3884 */ 3885 if (wild == ep) 3886 ep = findinterface(srcadr); 3887 /* 3888 * we do not bind to the wildcard interfaces for output 3889 * as our (network) source address would be undefined and 3890 * crypto will not work without knowing the own transmit address 3891 */ 3892 if (ep != NULL && INT_WILDCARD & ep->flags) 3893 if (!accept_wildcard_if_for_winnt) 3894 ep = NULL; 3895 #else /* SIM follows */ 3896 ep = loopback_interface; 3897 #endif 3898 3899 return ep; 3900 } 3901 3902 3903 /* 3904 * findinterface - find local interface corresponding to address 3905 */ 3906 endpt * 3907 findinterface( 3908 sockaddr_u *addr 3909 ) 3910 { 3911 endpt *iface; 3912 3913 iface = findlocalinterface(addr, INT_WILDCARD, 0); 3914 3915 if (NULL == iface) { 3916 DPRINTF(4, ("Found no interface for address %s - returning wildcard\n", 3917 stoa(addr))); 3918 3919 iface = ANY_INTERFACE_CHOOSE(addr); 3920 } else 3921 DPRINTF(4, ("Found interface #%d %s for address %s\n", 3922 iface->ifnum, iface->name, stoa(addr))); 3923 3924 return iface; 3925 } 3926 3927 /* 3928 * findlocalinterface - find local interface corresponding to addr, 3929 * which does not have any of flags set. If bast is nonzero, addr is 3930 * a broadcast address. 3931 * 3932 * This code attempts to find the local sending address for an outgoing 3933 * address by connecting a new socket to destinationaddress:NTP_PORT 3934 * and reading the sockname of the resulting connect. 3935 * the complicated sequence simulates the routing table lookup 3936 * for to first hop without duplicating any of the routing logic into 3937 * ntpd. preferably we would have used an API call - but its not there - 3938 * so this is the best we can do here short of duplicating to entire routing 3939 * logic in ntpd which would be a silly and really unportable thing to do. 3940 * 3941 */ 3942 static endpt * 3943 findlocalinterface( 3944 sockaddr_u * addr, 3945 int flags, 3946 int bcast 3947 ) 3948 { 3949 GETSOCKNAME_SOCKLEN_TYPE sockaddrlen; 3950 endpt * iface; 3951 sockaddr_u saddr; 3952 SOCKET s; 3953 int rtn; 3954 int on; 3955 3956 DPRINTF(4, ("Finding interface for addr %s in list of addresses\n", 3957 stoa(addr))); 3958 3959 s = socket(AF(addr), SOCK_DGRAM, 0); 3960 if (INVALID_SOCKET == s) 3961 return NULL; 3962 3963 /* 3964 * If we are looking for broadcast interface we need to set this 3965 * socket to allow broadcast 3966 */ 3967 if (bcast) { 3968 on = 1; 3969 if (SOCKET_ERROR == setsockopt(s, SOL_SOCKET, 3970 SO_BROADCAST, 3971 (char *)&on, 3972 sizeof(on))) { 3973 closesocket(s); 3974 return NULL; 3975 } 3976 } 3977 3978 rtn = connect(s, &addr->sa, SOCKLEN(addr)); 3979 if (SOCKET_ERROR == rtn) { 3980 closesocket(s); 3981 return NULL; 3982 } 3983 3984 sockaddrlen = sizeof(saddr); 3985 rtn = getsockname(s, &saddr.sa, &sockaddrlen); 3986 closesocket(s); 3987 if (SOCKET_ERROR == rtn) 3988 return NULL; 3989 3990 DPRINTF(4, ("findlocalinterface: kernel maps %s to %s\n", 3991 stoa(addr), stoa(&saddr))); 3992 3993 iface = getinterface(&saddr, flags); 3994 3995 /* 3996 * if we didn't find an exact match on saddr, find the closest 3997 * available local address. This handles the case of the 3998 * address suggested by the kernel being excluded by nic rules 3999 * or the user's -I and -L options to ntpd. 4000 * See http://bugs.ntp.org/1184 and http://bugs.ntp.org/1683 4001 * for more background. 4002 */ 4003 if (NULL == iface || iface->ignore_packets) 4004 iface = findclosestinterface(&saddr, 4005 flags | INT_LOOPBACK); 4006 4007 /* Don't use an interface which will ignore replies */ 4008 if (iface != NULL && iface->ignore_packets) 4009 iface = NULL; 4010 4011 return iface; 4012 } 4013 4014 4015 /* 4016 * findclosestinterface 4017 * 4018 * If there are -I/--interface or -L/novirtualips command-line options, 4019 * or "nic" or "interface" rules in ntp.conf, findlocalinterface() may 4020 * find the kernel's preferred local address for a given peer address is 4021 * administratively unavailable to ntpd, and punt to this routine's more 4022 * expensive search. 4023 * 4024 * Find the numerically closest local address to the one connect() 4025 * suggested. This matches an address on the same subnet first, as 4026 * needed by Bug 1184, and provides a consistent choice if there are 4027 * multiple feasible local addresses, regardless of the order ntpd 4028 * enumerated them. 4029 */ 4030 endpt * 4031 findclosestinterface( 4032 sockaddr_u * addr, 4033 int flags 4034 ) 4035 { 4036 endpt * ep; 4037 endpt * winner; 4038 sockaddr_u addr_dist; 4039 sockaddr_u min_dist; 4040 4041 ZERO_SOCK(&min_dist); 4042 winner = NULL; 4043 4044 for (ep = ep_list; ep != NULL; ep = ep->elink) { 4045 if (ep->ignore_packets || 4046 AF(addr) != ep->family || 4047 flags & ep->flags) 4048 continue; 4049 4050 calc_addr_distance(&addr_dist, addr, &ep->sin); 4051 if (NULL == winner || 4052 -1 == cmp_addr_distance(&addr_dist, &min_dist)) { 4053 min_dist = addr_dist; 4054 winner = ep; 4055 } 4056 } 4057 if (NULL == winner) 4058 DPRINTF(4, ("findclosestinterface(%s) failed\n", 4059 stoa(addr))); 4060 else 4061 DPRINTF(4, ("findclosestinterface(%s) -> %s\n", 4062 stoa(addr), stoa(&winner->sin))); 4063 4064 return winner; 4065 } 4066 4067 4068 /* 4069 * calc_addr_distance - calculate the distance between two addresses, 4070 * the absolute value of the difference between 4071 * the addresses numerically, stored as an address. 4072 */ 4073 static void 4074 calc_addr_distance( 4075 sockaddr_u * dist, 4076 const sockaddr_u * a1, 4077 const sockaddr_u * a2 4078 ) 4079 { 4080 u_int32 a1val; 4081 u_int32 a2val; 4082 u_int32 v4dist; 4083 int found_greater; 4084 int a1_greater; 4085 int i; 4086 4087 REQUIRE(AF(a1) == AF(a2)); 4088 4089 ZERO_SOCK(dist); 4090 AF(dist) = AF(a1); 4091 4092 /* v4 can be done a bit simpler */ 4093 if (IS_IPV4(a1)) { 4094 a1val = SRCADR(a1); 4095 a2val = SRCADR(a2); 4096 v4dist = (a1val > a2val) 4097 ? a1val - a2val 4098 : a2val - a1val; 4099 SET_ADDR4(dist, v4dist); 4100 4101 return; 4102 } 4103 4104 found_greater = FALSE; 4105 a1_greater = FALSE; /* suppress pot. uninit. warning */ 4106 for (i = 0; i < (int)sizeof(NSRCADR6(a1)); i++) { 4107 if (!found_greater && 4108 NSRCADR6(a1)[i] != NSRCADR6(a2)[i]) { 4109 found_greater = TRUE; 4110 a1_greater = (NSRCADR6(a1)[i] > NSRCADR6(a2)[i]); 4111 } 4112 if (!found_greater) { 4113 NSRCADR6(dist)[i] = 0; 4114 } else { 4115 if (a1_greater) 4116 NSRCADR6(dist)[i] = NSRCADR6(a1)[i] - 4117 NSRCADR6(a2)[i]; 4118 else 4119 NSRCADR6(dist)[i] = NSRCADR6(a2)[i] - 4120 NSRCADR6(a1)[i]; 4121 } 4122 } 4123 } 4124 4125 4126 /* 4127 * cmp_addr_distance - compare two address distances, returning -1, 0, 4128 * 1 to indicate their relationship. 4129 */ 4130 static int 4131 cmp_addr_distance( 4132 const sockaddr_u * d1, 4133 const sockaddr_u * d2 4134 ) 4135 { 4136 int i; 4137 4138 REQUIRE(AF(d1) == AF(d2)); 4139 4140 if (IS_IPV4(d1)) { 4141 if (SRCADR(d1) < SRCADR(d2)) 4142 return -1; 4143 else if (SRCADR(d1) == SRCADR(d2)) 4144 return 0; 4145 else 4146 return 1; 4147 } 4148 4149 for (i = 0; i < (int)sizeof(NSRCADR6(d1)); i++) { 4150 if (NSRCADR6(d1)[i] < NSRCADR6(d2)[i]) 4151 return -1; 4152 else if (NSRCADR6(d1)[i] > NSRCADR6(d2)[i]) 4153 return 1; 4154 } 4155 4156 return 0; 4157 } 4158 4159 4160 4161 /* 4162 * fetch an interface structure the matches the 4163 * address and has the given flags NOT set 4164 */ 4165 endpt * 4166 getinterface( 4167 sockaddr_u * addr, 4168 u_int32 flags 4169 ) 4170 { 4171 endpt *iface; 4172 4173 iface = find_addr_in_list(addr); 4174 4175 if (iface != NULL && (iface->flags & flags)) 4176 iface = NULL; 4177 4178 return iface; 4179 } 4180 4181 4182 /* 4183 * findbcastinter - find broadcast interface corresponding to address 4184 */ 4185 endpt * 4186 findbcastinter( 4187 sockaddr_u *addr 4188 ) 4189 { 4190 endpt * iface; 4191 4192 iface = NULL; 4193 #if !defined(MPE) && (defined(SIOCGIFCONF) || defined(SYS_WINNT)) 4194 DPRINTF(4, ("Finding broadcast/multicast interface for addr %s in list of addresses\n", 4195 stoa(addr))); 4196 4197 iface = findlocalinterface(addr, INT_LOOPBACK | INT_WILDCARD, 4198 1); 4199 if (iface != NULL) { 4200 DPRINTF(4, ("Easily found bcast-/mcast- interface index #%d %s\n", 4201 iface->ifnum, iface->name)); 4202 return iface; 4203 } 4204 4205 /* 4206 * plan B - try to find something reasonable in our lists in 4207 * case kernel lookup doesn't help 4208 */ 4209 for (iface = ep_list; iface != NULL; iface = iface->elink) { 4210 if (iface->flags & INT_WILDCARD) 4211 continue; 4212 4213 /* Don't bother with ignored interfaces */ 4214 if (iface->ignore_packets) 4215 continue; 4216 4217 /* 4218 * First look if this is the correct family 4219 */ 4220 if(AF(&iface->sin) != AF(addr)) 4221 continue; 4222 4223 /* Skip the loopback addresses */ 4224 if (iface->flags & INT_LOOPBACK) 4225 continue; 4226 4227 /* 4228 * If we are looking to match a multicast address and 4229 * this interface is one... 4230 */ 4231 if (addr_ismulticast(addr) 4232 && (iface->flags & INT_MULTICAST)) { 4233 #ifdef INCLUDE_IPV6_SUPPORT 4234 /* 4235 * ...it is the winner unless we're looking for 4236 * an interface to use for link-local multicast 4237 * and its address is not link-local. 4238 */ 4239 if (IS_IPV6(addr) 4240 && IN6_IS_ADDR_MC_LINKLOCAL(PSOCK_ADDR6(addr)) 4241 && !IN6_IS_ADDR_LINKLOCAL(PSOCK_ADDR6(&iface->sin))) 4242 continue; 4243 #endif 4244 break; 4245 } 4246 4247 /* 4248 * We match only those interfaces marked as 4249 * broadcastable and either the explicit broadcast 4250 * address or the network portion of the IP address. 4251 * Sloppy. 4252 */ 4253 if (IS_IPV4(addr)) { 4254 if (SOCK_EQ(&iface->bcast, addr)) 4255 break; 4256 4257 if ((NSRCADR(&iface->sin) & NSRCADR(&iface->mask)) 4258 == (NSRCADR(addr) & NSRCADR(&iface->mask))) 4259 break; 4260 } 4261 #ifdef INCLUDE_IPV6_SUPPORT 4262 else if (IS_IPV6(addr)) { 4263 if (SOCK_EQ(&iface->bcast, addr)) 4264 break; 4265 4266 if (SOCK_EQ(netof(&iface->sin), netof(addr))) 4267 break; 4268 } 4269 #endif 4270 } 4271 #endif /* SIOCGIFCONF */ 4272 if (NULL == iface) { 4273 DPRINTF(4, ("No bcast interface found for %s\n", 4274 stoa(addr))); 4275 iface = ANY_INTERFACE_CHOOSE(addr); 4276 } else { 4277 DPRINTF(4, ("Found bcast-/mcast- interface index #%d %s\n", 4278 iface->ifnum, iface->name)); 4279 } 4280 4281 return iface; 4282 } 4283 4284 4285 /* 4286 * io_clr_stats - clear I/O module statistics 4287 */ 4288 void 4289 io_clr_stats(void) 4290 { 4291 packets_dropped = 0; 4292 packets_ignored = 0; 4293 packets_received = 0; 4294 packets_sent = 0; 4295 packets_notsent = 0; 4296 4297 handler_calls = 0; 4298 handler_pkts = 0; 4299 io_timereset = current_time; 4300 } 4301 4302 4303 #ifdef REFCLOCK 4304 /* 4305 * io_addclock - add a reference clock to the list and arrange that we 4306 * get SIGIO interrupts from it. 4307 */ 4308 int 4309 io_addclock( 4310 struct refclockio *rio 4311 ) 4312 { 4313 BLOCKIO(); 4314 4315 /* 4316 * Stuff the I/O structure in the list and mark the descriptor 4317 * in use. There is a harmless (I hope) race condition here. 4318 */ 4319 rio->active = TRUE; 4320 4321 # ifdef HAVE_SIGNALED_IO 4322 if (init_clock_sig(rio)) { 4323 UNBLOCKIO(); 4324 return 0; 4325 } 4326 # elif defined(HAVE_IO_COMPLETION_PORT) 4327 if (io_completion_port_add_clock_io(rio)) { 4328 UNBLOCKIO(); 4329 return 0; 4330 } 4331 # endif 4332 4333 /* 4334 * enqueue 4335 */ 4336 LINK_SLIST(refio, rio, next); 4337 4338 /* 4339 * register fd 4340 */ 4341 add_fd_to_list(rio->fd, FD_TYPE_FILE); 4342 4343 UNBLOCKIO(); 4344 return 1; 4345 } 4346 4347 4348 /* 4349 * io_closeclock - close the clock in the I/O structure given 4350 */ 4351 void 4352 io_closeclock( 4353 struct refclockio *rio 4354 ) 4355 { 4356 struct refclockio *unlinked; 4357 4358 BLOCKIO(); 4359 4360 /* 4361 * Remove structure from the list 4362 */ 4363 rio->active = FALSE; 4364 UNLINK_SLIST(unlinked, refio, rio, next, struct refclockio); 4365 if (NULL != unlinked) { 4366 purge_recv_buffers_for_fd(rio->fd); 4367 /* 4368 * Close the descriptor. 4369 */ 4370 close_and_delete_fd_from_list(rio->fd); 4371 } 4372 rio->fd = -1; 4373 4374 UNBLOCKIO(); 4375 } 4376 #endif /* REFCLOCK */ 4377 4378 4379 /* 4380 * On NT a SOCKET is an unsigned int so we cannot possibly keep it in 4381 * an array. So we use one of the ISC_LIST functions to hold the 4382 * socket value and use that when we want to enumerate it. 4383 * 4384 * This routine is called by the forked intres child process to close 4385 * all open sockets. On Windows there's no need as intres runs in 4386 * the same process as a thread. 4387 */ 4388 #ifndef SYS_WINNT 4389 void 4390 kill_asyncio( 4391 int startfd 4392 ) 4393 { 4394 BLOCKIO(); 4395 4396 /* 4397 * In the child process we do not maintain activefds and 4398 * maxactivefd. Zeroing maxactivefd disables code which 4399 * maintains it in close_and_delete_fd_from_list(). 4400 */ 4401 maxactivefd = 0; 4402 4403 while (fd_list != NULL) 4404 close_and_delete_fd_from_list(fd_list->fd); 4405 4406 UNBLOCKIO(); 4407 } 4408 #endif /* !SYS_WINNT */ 4409 4410 4411 /* 4412 * Add and delete functions for the list of open sockets 4413 */ 4414 static void 4415 add_fd_to_list( 4416 SOCKET fd, 4417 enum desc_type type 4418 ) 4419 { 4420 vsock_t *lsock = emalloc(sizeof(*lsock)); 4421 4422 lsock->fd = fd; 4423 lsock->type = type; 4424 4425 LINK_SLIST(fd_list, lsock, link); 4426 maintain_activefds(fd, 0); 4427 } 4428 4429 4430 static void 4431 close_and_delete_fd_from_list( 4432 SOCKET fd 4433 ) 4434 { 4435 vsock_t *lsock; 4436 4437 UNLINK_EXPR_SLIST(lsock, fd_list, fd == 4438 UNLINK_EXPR_SLIST_CURRENT()->fd, link, vsock_t); 4439 4440 if (NULL == lsock) 4441 return; 4442 4443 switch (lsock->type) { 4444 4445 case FD_TYPE_SOCKET: 4446 closesocket(lsock->fd); 4447 break; 4448 4449 case FD_TYPE_FILE: 4450 closeserial(lsock->fd); 4451 break; 4452 4453 default: 4454 msyslog(LOG_ERR, 4455 "internal error - illegal descriptor type %d - EXITING", 4456 (int)lsock->type); 4457 exit(1); 4458 } 4459 4460 free(lsock); 4461 /* 4462 * remove from activefds 4463 */ 4464 maintain_activefds(fd, 1); 4465 } 4466 4467 4468 static void 4469 add_addr_to_list( 4470 sockaddr_u * addr, 4471 endpt * ep 4472 ) 4473 { 4474 remaddr_t *laddr; 4475 4476 #ifdef DEBUG 4477 if (find_addr_in_list(addr) == NULL) { 4478 #endif 4479 /* not there yet - add to list */ 4480 laddr = emalloc(sizeof(*laddr)); 4481 laddr->addr = *addr; 4482 laddr->ep = ep; 4483 4484 LINK_SLIST(remoteaddr_list, laddr, link); 4485 4486 DPRINTF(4, ("Added addr %s to list of addresses\n", 4487 stoa(addr))); 4488 #ifdef DEBUG 4489 } else 4490 DPRINTF(4, ("WARNING: Attempt to add duplicate addr %s to address list\n", 4491 stoa(addr))); 4492 #endif 4493 } 4494 4495 4496 static void 4497 delete_addr_from_list( 4498 sockaddr_u *addr 4499 ) 4500 { 4501 remaddr_t *unlinked; 4502 4503 UNLINK_EXPR_SLIST(unlinked, remoteaddr_list, SOCK_EQ(addr, 4504 &(UNLINK_EXPR_SLIST_CURRENT()->addr)), link, remaddr_t); 4505 4506 if (unlinked != NULL) { 4507 DPRINTF(4, ("Deleted addr %s from list of addresses\n", 4508 stoa(addr))); 4509 free(unlinked); 4510 } 4511 } 4512 4513 4514 static void 4515 delete_interface_from_list( 4516 endpt *iface 4517 ) 4518 { 4519 remaddr_t *unlinked; 4520 4521 for (;;) { 4522 UNLINK_EXPR_SLIST(unlinked, remoteaddr_list, iface == 4523 UNLINK_EXPR_SLIST_CURRENT()->ep, link, 4524 remaddr_t); 4525 4526 if (unlinked == NULL) 4527 break; 4528 DPRINTF(4, ("Deleted addr %s for interface #%d %s from list of addresses\n", 4529 stoa(&unlinked->addr), iface->ifnum, 4530 iface->name)); 4531 free(unlinked); 4532 } 4533 } 4534 4535 4536 static struct interface * 4537 find_addr_in_list( 4538 sockaddr_u *addr 4539 ) 4540 { 4541 remaddr_t *entry; 4542 4543 DPRINTF(4, ("Searching for addr %s in list of addresses - ", 4544 stoa(addr))); 4545 4546 for (entry = remoteaddr_list; 4547 entry != NULL; 4548 entry = entry->link) 4549 if (SOCK_EQ(&entry->addr, addr)) { 4550 DPRINTF(4, ("FOUND\n")); 4551 return entry->ep; 4552 } 4553 4554 DPRINTF(4, ("NOT FOUND\n")); 4555 return NULL; 4556 } 4557 4558 4559 /* 4560 * Find the given address with the all given flags set in the list 4561 */ 4562 static endpt * 4563 find_flagged_addr_in_list( 4564 sockaddr_u * addr, 4565 u_int32 flags 4566 ) 4567 { 4568 remaddr_t *entry; 4569 4570 DPRINTF(4, ("Finding addr %s with flags %d in list: ", 4571 stoa(addr), flags)); 4572 4573 for (entry = remoteaddr_list; 4574 entry != NULL; 4575 entry = entry->link) 4576 4577 if (SOCK_EQ(&entry->addr, addr) 4578 && (entry->ep->flags & flags) == flags) { 4579 4580 DPRINTF(4, ("FOUND\n")); 4581 return entry->ep; 4582 } 4583 4584 DPRINTF(4, ("NOT FOUND\n")); 4585 return NULL; 4586 } 4587 4588 4589 const char * 4590 localaddrtoa( 4591 endpt *la 4592 ) 4593 { 4594 return (NULL == la) 4595 ? "<null>" 4596 : stoa(&la->sin); 4597 } 4598 4599 4600 #ifdef HAS_ROUTING_SOCKET 4601 # ifndef UPDATE_GRACE 4602 # define UPDATE_GRACE 2 /* wait UPDATE_GRACE seconds before scanning */ 4603 # endif 4604 4605 static void 4606 process_routing_msgs(struct asyncio_reader *reader) 4607 { 4608 char buffer[5120]; 4609 int cnt, msg_type; 4610 #ifdef HAVE_RTNETLINK 4611 struct nlmsghdr *nh; 4612 #else 4613 struct rt_msghdr rtm; 4614 char *p; 4615 #endif 4616 4617 if (disable_dynamic_updates) { 4618 /* 4619 * discard ourselves if we are not needed any more 4620 * usually happens when running unprivileged 4621 */ 4622 remove_asyncio_reader(reader); 4623 delete_asyncio_reader(reader); 4624 return; 4625 } 4626 4627 cnt = read(reader->fd, buffer, sizeof(buffer)); 4628 4629 if (cnt < 0) { 4630 if (errno == ENOBUFS) { 4631 msyslog(LOG_ERR, 4632 "routing socket reports: %m"); 4633 } else { 4634 msyslog(LOG_ERR, 4635 "routing socket reports: %m - disabling"); 4636 remove_asyncio_reader(reader); 4637 delete_asyncio_reader(reader); 4638 } 4639 return; 4640 } 4641 4642 /* 4643 * process routing message 4644 */ 4645 #ifdef HAVE_RTNETLINK 4646 for (nh = (struct nlmsghdr *)buffer; 4647 NLMSG_OK(nh, cnt); 4648 nh = NLMSG_NEXT(nh, cnt)) { 4649 msg_type = nh->nlmsg_type; 4650 #else 4651 for (p = buffer; 4652 (p + sizeof(struct rt_msghdr)) <= (buffer + cnt); 4653 p += rtm.rtm_msglen) { 4654 memcpy(&rtm, p, sizeof(rtm)); 4655 if (rtm.rtm_version != RTM_VERSION) { 4656 msyslog(LOG_ERR, 4657 "version mismatch (got %d - expected %d) on routing socket - disabling", 4658 rtm.rtm_version, RTM_VERSION); 4659 4660 remove_asyncio_reader(reader); 4661 delete_asyncio_reader(reader); 4662 return; 4663 } 4664 msg_type = rtm.rtm_type; 4665 #endif 4666 switch (msg_type) { 4667 #ifdef RTM_NEWADDR 4668 case RTM_NEWADDR: 4669 #endif 4670 #ifdef RTM_DELADDR 4671 case RTM_DELADDR: 4672 #endif 4673 #ifdef RTM_ADD 4674 case RTM_ADD: 4675 #endif 4676 #ifdef RTM_DELETE 4677 case RTM_DELETE: 4678 #endif 4679 #ifdef RTM_REDIRECT 4680 case RTM_REDIRECT: 4681 #endif 4682 #ifdef RTM_CHANGE 4683 case RTM_CHANGE: 4684 #endif 4685 #ifdef RTM_LOSING 4686 case RTM_LOSING: 4687 #endif 4688 #ifdef RTM_IFINFO 4689 case RTM_IFINFO: 4690 #endif 4691 #ifdef RTM_IFANNOUNCE 4692 case RTM_IFANNOUNCE: 4693 #endif 4694 #ifdef RTM_NEWLINK 4695 case RTM_NEWLINK: 4696 #endif 4697 #ifdef RTM_DELLINK 4698 case RTM_DELLINK: 4699 #endif 4700 #ifdef RTM_NEWROUTE 4701 case RTM_NEWROUTE: 4702 #endif 4703 #ifdef RTM_DELROUTE 4704 case RTM_DELROUTE: 4705 #endif 4706 /* 4707 * we are keen on new and deleted addresses and 4708 * if an interface goes up and down or routing 4709 * changes 4710 */ 4711 DPRINTF(3, ("routing message op = %d: scheduling interface update\n", 4712 msg_type)); 4713 timer_interfacetimeout(current_time + UPDATE_GRACE); 4714 break; 4715 #ifdef HAVE_RTNETLINK 4716 case NLMSG_DONE: 4717 /* end of multipart message */ 4718 return; 4719 #endif 4720 default: 4721 /* 4722 * the rest doesn't bother us. 4723 */ 4724 DPRINTF(4, ("routing message op = %d: ignored\n", 4725 msg_type)); 4726 break; 4727 } 4728 } 4729 } 4730 4731 /* 4732 * set up routing notifications 4733 */ 4734 static void 4735 init_async_notifications() 4736 { 4737 struct asyncio_reader *reader; 4738 #ifdef HAVE_RTNETLINK 4739 int fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE); 4740 struct sockaddr_nl sa; 4741 #else 4742 int fd = socket(PF_ROUTE, SOCK_RAW, 0); 4743 #endif 4744 if (fd < 0) { 4745 msyslog(LOG_ERR, 4746 "unable to open routing socket (%m) - using polled interface update"); 4747 return; 4748 } 4749 4750 fd = move_fd(fd); 4751 #ifdef HAVE_RTNETLINK 4752 ZERO(sa); 4753 sa.nl_family = PF_NETLINK; 4754 sa.nl_groups = RTMGRP_LINK | RTMGRP_IPV4_IFADDR 4755 | RTMGRP_IPV6_IFADDR | RTMGRP_IPV4_ROUTE 4756 | RTMGRP_IPV4_MROUTE | RTMGRP_IPV6_ROUTE 4757 | RTMGRP_IPV6_MROUTE; 4758 if (bind(fd, (struct sockaddr *)&sa, sizeof(sa)) < 0) { 4759 msyslog(LOG_ERR, 4760 "bind failed on routing socket (%m) - using polled interface update"); 4761 return; 4762 } 4763 #endif 4764 make_socket_nonblocking(fd); 4765 #if defined(HAVE_SIGNALED_IO) 4766 init_socket_sig(fd); 4767 #endif /* HAVE_SIGNALED_IO */ 4768 4769 reader = new_asyncio_reader(); 4770 4771 reader->fd = fd; 4772 reader->receiver = process_routing_msgs; 4773 4774 add_asyncio_reader(reader, FD_TYPE_SOCKET); 4775 msyslog(LOG_INFO, 4776 "Listening on routing socket on fd #%d for interface updates", 4777 fd); 4778 } 4779 #else 4780 /* HAS_ROUTING_SOCKET not defined */ 4781 static void 4782 init_async_notifications(void) 4783 { 4784 } 4785 #endif 4786 4787