1 /* 2 * ntp_timer.c - event timer support routines 3 */ 4 #ifdef HAVE_CONFIG_H 5 # include <config.h> 6 #endif 7 8 #include "ntp_machine.h" 9 #include "ntpd.h" 10 #include "ntp_stdlib.h" 11 #include "ntp_calendar.h" 12 #include "ntp_leapsec.h" 13 14 #if defined(HAVE_IO_COMPLETION_PORT) 15 # include "ntp_iocompletionport.h" 16 # include "ntp_timer.h" 17 #endif 18 19 #include <stdio.h> 20 #include <signal.h> 21 #ifdef HAVE_SYS_SIGNAL_H 22 # include <sys/signal.h> 23 #endif 24 #ifdef HAVE_UNISTD_H 25 # include <unistd.h> 26 #endif 27 28 #ifdef KERNEL_PLL 29 #include "ntp_syscall.h" 30 #endif /* KERNEL_PLL */ 31 32 #ifdef AUTOKEY 33 #include <openssl/rand.h> 34 #endif /* AUTOKEY */ 35 36 37 /* TC_ERR represents the timer_create() error return value. */ 38 #ifdef SYS_VXWORKS 39 #define TC_ERR ERROR 40 #else 41 #define TC_ERR (-1) 42 #endif 43 44 45 static void check_leapsec(u_int32, const time_t*, int/*BOOL*/); 46 47 /* 48 * These routines provide support for the event timer. The timer is 49 * implemented by a signal routine which sets a flag once every 50 * second, and a timer routine which is called when the mainline code 51 * gets around to seeing the flag. The timer routine dispatches the 52 * clock adjustment code if its time has come, then searches the timer 53 * queue for expiries which are dispatched to the transmit procedure. 54 * Finally, we call the hourly procedure to do cleanup and print a 55 * message. 56 */ 57 58 /* 59 * Initializing flag. All async routines watch this and only do their 60 * thing when it is clear. 61 */ 62 int initializing; 63 64 /* 65 * Alarm flag. The mainline code imports this. 66 */ 67 volatile int alarm_flag; 68 69 /* 70 * The counters and timeouts 71 */ 72 u_long endpt_scan_timer; /* interface update timer */ 73 static u_long adjust_timer; /* second timer */ 74 static u_long stats_timer; /* stats timer */ 75 static u_long leapf_timer; /* Report leapfile problems once/day */ 76 static u_long huffpuff_timer; /* huff-n'-puff timer */ 77 static u_long worker_idle_timer;/* next check for idle intres */ 78 int endpt_scan_period; /* init_io() sets def. 301s */ 79 u_long leapsec; /* seconds to next leap (proximity class) */ 80 int leapdif; /* TAI difference step at next leap second*/ 81 u_long orphwait; /* orphan wait time */ 82 #ifdef AUTOKEY 83 static u_long revoke_timer; /* keys revoke timer */ 84 static u_long keys_timer; /* session key timer */ 85 u_char sys_revoke = KEY_REVOKE; /* keys revoke timeout (log2 s) */ 86 u_char sys_automax = NTP_AUTOMAX; /* key list timeout (log2 s) */ 87 #endif /* AUTOKEY */ 88 89 /* 90 * Statistics counter for the interested. 91 */ 92 volatile u_long alarm_overflow; 93 94 u_long current_time; /* seconds since startup */ 95 96 /* 97 * Stats. Number of overflows and number of calls to transmit(). 98 */ 99 u_long timer_timereset; 100 u_long timer_overflows; 101 u_long timer_xmtcalls; 102 103 #if defined(VMS) 104 static int vmstimer[2]; /* time for next timer AST */ 105 static int vmsinc[2]; /* timer increment */ 106 #endif /* VMS */ 107 108 #ifdef SYS_WINNT 109 HANDLE WaitableTimerHandle; 110 #else 111 static RETSIGTYPE alarming (int); 112 #endif /* SYS_WINNT */ 113 114 #if !defined(VMS) 115 # if !defined SYS_WINNT || defined(SYS_CYGWIN32) 116 # ifdef HAVE_TIMER_CREATE 117 static timer_t timer_id; 118 typedef struct itimerspec intervaltimer; 119 # define itv_frac tv_nsec 120 # else 121 typedef struct itimerval intervaltimer; 122 # define itv_frac tv_usec 123 # endif 124 intervaltimer itimer; 125 # endif 126 #endif 127 128 #if !defined(SYS_WINNT) && !defined(VMS) 129 void set_timer_or_die(const intervaltimer *); 130 #endif 131 132 133 #if !defined(SYS_WINNT) && !defined(VMS) 134 void 135 set_timer_or_die( 136 const intervaltimer * ptimer 137 ) 138 { 139 const char * setfunc; 140 int rc; 141 142 # ifdef HAVE_TIMER_CREATE 143 setfunc = "timer_settime"; 144 rc = timer_settime(timer_id, 0, &itimer, NULL); 145 # else 146 setfunc = "setitimer"; 147 rc = setitimer(ITIMER_REAL, &itimer, NULL); 148 # endif 149 if (-1 == rc) { 150 msyslog(LOG_ERR, "interval timer %s failed, %m", 151 setfunc); 152 exit(1); 153 } 154 } 155 #endif /* !SYS_WINNT && !VMS */ 156 157 158 /* 159 * reinit_timer - reinitialize interval timer after a clock step. 160 */ 161 void 162 reinit_timer(void) 163 { 164 #if !defined(SYS_WINNT) && !defined(VMS) 165 ZERO(itimer); 166 # ifdef HAVE_TIMER_CREATE 167 timer_gettime(timer_id, &itimer); 168 # else 169 getitimer(ITIMER_REAL, &itimer); 170 # endif 171 if (itimer.it_value.tv_sec < 0 || 172 itimer.it_value.tv_sec > (1 << EVENT_TIMEOUT)) 173 itimer.it_value.tv_sec = (1 << EVENT_TIMEOUT); 174 if (itimer.it_value.itv_frac < 0) 175 itimer.it_value.itv_frac = 0; 176 if (0 == itimer.it_value.tv_sec && 177 0 == itimer.it_value.itv_frac) 178 itimer.it_value.tv_sec = (1 << EVENT_TIMEOUT); 179 itimer.it_interval.tv_sec = (1 << EVENT_TIMEOUT); 180 itimer.it_interval.itv_frac = 0; 181 set_timer_or_die(&itimer); 182 # endif /* VMS */ 183 } 184 185 186 /* 187 * init_timer - initialize the timer data structures 188 */ 189 void 190 init_timer(void) 191 { 192 /* 193 * Initialize... 194 */ 195 alarm_flag = FALSE; 196 alarm_overflow = 0; 197 adjust_timer = 1; 198 stats_timer = SECSPERHR; 199 leapf_timer = SECSPERDAY; 200 huffpuff_timer = 0; 201 endpt_scan_timer = 0; 202 current_time = 0; 203 timer_overflows = 0; 204 timer_xmtcalls = 0; 205 timer_timereset = 0; 206 207 #ifndef SYS_WINNT 208 /* 209 * Set up the alarm interrupt. The first comes 2**EVENT_TIMEOUT 210 * seconds from now and they continue on every 2**EVENT_TIMEOUT 211 * seconds. 212 */ 213 # ifndef VMS 214 # ifdef HAVE_TIMER_CREATE 215 if (TC_ERR == timer_create(CLOCK_REALTIME, NULL, &timer_id)) { 216 msyslog(LOG_ERR, "timer_create failed, %m"); 217 exit(1); 218 } 219 # endif 220 signal_no_reset(SIGALRM, alarming); 221 itimer.it_interval.tv_sec = 222 itimer.it_value.tv_sec = (1 << EVENT_TIMEOUT); 223 itimer.it_interval.itv_frac = itimer.it_value.itv_frac = 0; 224 set_timer_or_die(&itimer); 225 # else /* VMS follows */ 226 vmsinc[0] = 10000000; /* 1 sec */ 227 vmsinc[1] = 0; 228 lib$emul(&(1<<EVENT_TIMEOUT), &vmsinc, &0, &vmsinc); 229 230 sys$gettim(&vmstimer); /* that's "now" as abstime */ 231 232 lib$addx(&vmsinc, &vmstimer, &vmstimer); 233 sys$setimr(0, &vmstimer, alarming, alarming, 0); 234 # endif /* VMS */ 235 #else /* SYS_WINNT follows */ 236 /* 237 * Set up timer interrupts for every 2**EVENT_TIMEOUT seconds 238 * Under Windows/NT, 239 */ 240 241 WaitableTimerHandle = CreateWaitableTimer(NULL, FALSE, NULL); 242 if (WaitableTimerHandle == NULL) { 243 msyslog(LOG_ERR, "CreateWaitableTimer failed: %m"); 244 exit(1); 245 } 246 else { 247 DWORD Period; 248 LARGE_INTEGER DueTime; 249 BOOL rc; 250 251 Period = (1 << EVENT_TIMEOUT) * 1000; 252 DueTime.QuadPart = Period * 10000ll; 253 rc = SetWaitableTimer(WaitableTimerHandle, &DueTime, 254 Period, NULL, NULL, FALSE); 255 if (!rc) { 256 msyslog(LOG_ERR, "SetWaitableTimer failed: %m"); 257 exit(1); 258 } 259 } 260 261 #endif /* SYS_WINNT */ 262 } 263 264 265 /* 266 * intres_timeout_req(s) is invoked in the parent to schedule an idle 267 * timeout to fire in s seconds, if not reset earlier by a call to 268 * intres_timeout_req(0), which clears any pending timeout. When the 269 * timeout expires, worker_idle_timer_fired() is invoked (again, in the 270 * parent). 271 * 272 * sntp and ntpd each provide implementations adapted to their timers. 273 */ 274 void 275 intres_timeout_req( 276 u_int seconds /* 0 cancels */ 277 ) 278 { 279 #if defined(HAVE_DROPROOT) && defined(NEED_EARLY_FORK) 280 if (droproot) { 281 worker_idle_timer = 0; 282 return; 283 } 284 #endif 285 if (0 == seconds) { 286 worker_idle_timer = 0; 287 return; 288 } 289 worker_idle_timer = current_time + seconds; 290 } 291 292 293 /* 294 * timer - event timer 295 */ 296 void 297 timer(void) 298 { 299 struct peer* p; 300 struct peer* next_peer; 301 l_fp now; 302 time_t tnow; 303 304 /* 305 * The basic timerevent is one second. This is used to adjust the 306 * system clock in time and frequency, implement the kiss-o'-death 307 * function and the association polling function. 308 */ 309 current_time++; 310 if (adjust_timer <= current_time) { 311 adjust_timer += 1; 312 adj_host_clock(); 313 #ifdef REFCLOCK 314 for (p = peer_list; p != NULL; p = next_peer) { 315 next_peer = p->p_link; 316 if (FLAG_REFCLOCK & p->flags) 317 refclock_timer(p); 318 } 319 #endif /* REFCLOCK */ 320 } 321 322 /* 323 * Now dispatch any peers whose event timer has expired. Be 324 * careful here, since the peer structure might go away as the 325 * result of the call. 326 */ 327 for (p = peer_list; p != NULL; p = next_peer) { 328 next_peer = p->p_link; 329 330 /* 331 * Restrain the non-burst packet rate not more 332 * than one packet every 16 seconds. This is 333 * usually tripped using iburst and minpoll of 334 * 128 s or less. 335 */ 336 if (p->throttle > 0) { 337 p->throttle--; 338 } 339 if (p->nextdate <= current_time) { 340 #ifdef REFCLOCK 341 if (FLAG_REFCLOCK & p->flags) { 342 refclock_transmit(p); 343 } else 344 #endif /* REFCLOCK */ 345 { 346 transmit(p); 347 } 348 } 349 } 350 351 /* 352 * Orphan mode is active when enabled and when no servers less 353 * than the orphan stratum are available. A server with no other 354 * synchronization source is an orphan. It shows offset zero and 355 * reference ID the loopback address. 356 * 357 * [bug 3644] If the orphan stratum is >= STRATUM_UNSPEC, we 358 * have to do it a bit different. 'clock_select()' simply 359 * tiptoed home, but since we're unsync'd and have no peer, we 360 * should eventually declare we're out of sync. Otherwise we 361 * would persistently claim we're good, and we're everything but 362 * that... 363 * 364 * XXX: do we want to log an event about this? 365 */ 366 if (sys_peer == NULL && current_time > orphwait) { 367 if (sys_orphan < STRATUM_UNSPEC) { 368 if (sys_leap == LEAP_NOTINSYNC) { 369 set_sys_leap(LEAP_NOWARNING); 370 #ifdef AUTOKEY 371 if (crypto_flags) 372 crypto_update(); 373 #endif /* AUTOKEY */ 374 } 375 sys_stratum = (u_char)sys_orphan; 376 } 377 else { 378 if (sys_leap != LEAP_NOTINSYNC) { 379 set_sys_leap(LEAP_NOTINSYNC); 380 msyslog(LOG_WARNING, "%s", 381 "no peer for too long, server running free now"); 382 } 383 sys_stratum = STRATUM_UNSPEC; 384 } 385 if (sys_stratum > 1) 386 sys_refid = htonl(LOOPBACKADR); 387 else 388 memcpy(&sys_refid, "ORPH", 4); 389 sys_offset = 0; 390 sys_rootdelay = 0; 391 sys_rootdisp = 0; 392 } 393 394 get_systime(&now); 395 time(&tnow); 396 397 /* 398 * Leapseconds. Get time and defer to worker if either something 399 * is imminent or every 8th second. 400 */ 401 if (leapsec > LSPROX_NOWARN || 0 == (current_time & 7)) 402 check_leapsec( now.l_ui 403 , &tnow 404 , (sys_leap == LEAP_NOTINSYNC)); 405 if (sys_leap != LEAP_NOTINSYNC) { 406 if (leapsec >= LSPROX_ANNOUNCE && leapdif) { 407 if (leapdif > 0) { 408 set_sys_leap(LEAP_ADDSECOND); 409 } else { 410 set_sys_leap(LEAP_DELSECOND); 411 } 412 } else { 413 set_sys_leap(LEAP_NOWARNING); 414 } 415 } 416 417 /* 418 * Update huff-n'-puff filter. 419 */ 420 if (huffpuff_timer <= current_time) { 421 huffpuff_timer += HUFFPUFF; 422 huffpuff(); 423 } 424 425 #ifdef AUTOKEY 426 /* 427 * Garbage collect expired keys. 428 */ 429 if (keys_timer <= current_time) { 430 keys_timer += (1UL << sys_automax); 431 auth_agekeys(); 432 } 433 434 /* 435 * Generate new private value. This causes all associations 436 * to regenerate cookies. 437 */ 438 if (revoke_timer && revoke_timer <= current_time) { 439 revoke_timer += (1UL << sys_revoke); 440 RAND_bytes((u_char *)&sys_private, sizeof(sys_private)); 441 } 442 #endif /* AUTOKEY */ 443 444 /* 445 * Network interface rescan timer 446 */ 447 if (endpt_scan_timer && endpt_scan_timer <= current_time) { 448 if (no_periodic_scan) { 449 endpt_scan_timer = 0; 450 DPRINTF(2, ("timer: network interface rescan disabled\n")); 451 } else { 452 endpt_scan_timer = current_time 453 + endpt_scan_period; 454 DPRINTF(2, ("timer: network interface rescan in %d seconds\n", endpt_scan_period)); 455 } 456 interface_update(NULL, NULL); 457 } 458 459 if (worker_idle_timer && worker_idle_timer <= current_time) { 460 worker_idle_timer_fired(); 461 } 462 /* 463 * Finally, write hourly stats and do the hourly 464 * and daily leapfile checks. 465 */ 466 if (stats_timer <= current_time) { 467 stats_timer += SECSPERHR; 468 write_stats(); 469 if (leapf_timer <= current_time) { 470 leapf_timer += SECSPERDAY; 471 check_leap_file(TRUE, now.l_ui, &tnow); 472 } else { 473 check_leap_file(FALSE, now.l_ui, &tnow); 474 } 475 } 476 } 477 478 479 #ifndef SYS_WINNT 480 /* 481 * alarming - tell the world we've been alarmed 482 */ 483 static RETSIGTYPE 484 alarming( 485 int sig 486 ) 487 { 488 # ifdef DEBUG 489 const char *msg = "alarming: initializing TRUE\n"; 490 # endif 491 492 if (!initializing) { 493 if (alarm_flag) { 494 alarm_overflow++; 495 # ifdef DEBUG 496 msg = "alarming: overflow\n"; 497 # endif 498 } else { 499 # ifndef VMS 500 alarm_flag++; 501 # else 502 /* VMS AST routine, increment is no good */ 503 alarm_flag = 1; 504 # endif 505 # ifdef DEBUG 506 msg = "alarming: normal\n"; 507 # endif 508 } 509 } 510 # ifdef VMS 511 lib$addx(&vmsinc, &vmstimer, &vmstimer); 512 sys$setimr(0, &vmstimer, alarming, alarming, 0); 513 # endif 514 # ifdef DEBUG 515 if (debug >= 4) 516 (void)(-1 == write(1, msg, strlen(msg))); 517 # endif 518 } 519 #endif /* SYS_WINNT */ 520 521 522 /* 523 * timer_clr_stats - clear timer module stat counters 524 */ 525 void 526 timer_clr_stats(void) 527 { 528 timer_overflows = 0; 529 timer_xmtcalls = 0; 530 timer_timereset = current_time; 531 } 532 533 534 static void 535 check_leap_sec_in_progress( 536 const leap_result_t *lsdata 537 ) 538 { 539 int prv_leap_sec_in_progress = leap_sec_in_progress; 540 541 leap_sec_in_progress = lsdata->tai_diff && (lsdata->ddist < 3); 542 543 /* if changed we have to update the leap bits sent to clients */ 544 if (leap_sec_in_progress != prv_leap_sec_in_progress) { 545 set_sys_leap(sys_leap); 546 } 547 } 548 549 550 static void 551 check_leapsec( 552 u_int32 now, 553 const time_t * tpiv, 554 int/*BOOL*/ reset 555 ) 556 { 557 static const char leapmsg_p_step[] = 558 "Positive leap second, stepped backward."; 559 static const char leapmsg_p_slew[] = 560 "Positive leap second, no step correction. " 561 "System clock will be inaccurate for a long time."; 562 563 static const char leapmsg_n_step[] = 564 "Negative leap second, stepped forward."; 565 static const char leapmsg_n_slew[] = 566 "Negative leap second, no step correction. " 567 "System clock will be inaccurate for a long time."; 568 569 leap_result_t lsdata; 570 u_int32 lsprox; 571 #ifdef AUTOKEY 572 int/*BOOL*/ update_autokey = FALSE; 573 #endif 574 575 #ifndef SYS_WINNT /* WinNT port has its own leap second handling */ 576 # ifdef KERNEL_PLL 577 leapsec_electric(pll_control && kern_enable); 578 # else 579 leapsec_electric(0); 580 # endif 581 #endif /* !SYS_WINNT */ 582 583 #ifdef LEAP_SMEAR 584 leap_smear.enabled = leap_smear_intv != 0; 585 #endif 586 if (reset) { 587 lsprox = LSPROX_NOWARN; 588 leapsec_reset_frame(); 589 ZERO(lsdata); 590 } else { 591 int fired; 592 593 fired = leapsec_query(&lsdata, now, tpiv); 594 595 DPRINTF(3, ("*** leapsec_query: fired %i, now %u (0x%08X)," 596 " tai_diff %i, ddist %u\n", 597 fired, now, now, lsdata.tai_diff, lsdata.ddist)); 598 599 #ifdef LEAP_SMEAR 600 leap_smear.in_progress = FALSE; 601 leap_smear.doffset = 0.0; 602 603 if (leap_smear.enabled) { 604 if (lsdata.tai_diff) { 605 if (0 == leap_smear.interval) { 606 leap_smear.interval = leap_smear_intv; 607 leap_smear.intv_end = lsdata.ttime.Q_s; 608 leap_smear.intv_start = leap_smear.intv_end - leap_smear.interval; 609 DPRINTF(1, ("*** leapsec_query: setting leap_smear interval %li, begin %.0f, end %.0f\n", 610 leap_smear.interval, leap_smear.intv_start, leap_smear.intv_end)); 611 } 612 } else { 613 if (leap_smear.interval) { 614 DPRINTF(1, ("*** leapsec_query: clearing leap_smear interval\n")); 615 leap_smear.interval = 0; 616 } 617 } 618 619 if (leap_smear.interval) { 620 double dtemp = now; 621 622 if (dtemp >= leap_smear.intv_start && dtemp <= leap_smear.intv_end) { 623 double leap_smear_time = dtemp - leap_smear.intv_start; 624 #if 0 625 /* linear interpolation */ 626 leap_smear.doffset = -(leap_smear_time * lsdata.tai_diff / leap_smear.interval); 627 #else 628 /* Google approach : lie(t) = (1.0 - cos(pi * t / w)) / 2.0 */ 629 leap_smear.doffset = -((double) lsdata.tai_diff - cos( M_PI * leap_smear_time / leap_smear.interval)) / 2.0; 630 #endif 631 /* 632 * TODO see if we're inside an inserted leap second, so we need to compute 633 * leap_smear.doffset = 1.0 - leap_smear.doffset 634 */ 635 leap_smear.in_progress = TRUE; 636 DPRINTF(1, ("*** leapsec_query: [%.0f:%.0f] (%li), now %u (%.0f), smear offset %.6f ms\n", 637 leap_smear.intv_start, leap_smear.intv_end, leap_smear.interval, 638 now, leap_smear_time, leap_smear.doffset)); 639 640 } 641 } 642 } else { 643 leap_smear.interval = 0; 644 } 645 /* 646 * Update the current leap smear offset, eventually 0.0 if outside smear interval. 647 */ 648 DTOLFP(leap_smear.doffset, &leap_smear.offset); 649 #endif /* LEAP_SMEAR */ 650 651 if (fired) { 652 /* Full hit. Eventually step the clock, but always 653 * announce the leap event has happened. 654 */ 655 const char *leapmsg = NULL; 656 double lswarp = lsdata.warped; 657 if (lswarp < 0.0) { 658 if (clock_max_back > 0.0 && 659 clock_max_back < -lswarp) { 660 step_systime(lswarp); 661 leapmsg = leapmsg_p_step; 662 } else { 663 leapmsg = leapmsg_p_slew; 664 } 665 } else if (lswarp > 0.0) { 666 if (clock_max_fwd > 0.0 && 667 clock_max_fwd < lswarp) { 668 step_systime(lswarp); 669 leapmsg = leapmsg_n_step; 670 } else { 671 leapmsg = leapmsg_n_slew; 672 } 673 } 674 if (leapmsg) { 675 msyslog(LOG_NOTICE, "%s", leapmsg); 676 } 677 report_event(EVNT_LEAP, NULL, NULL); 678 #ifdef AUTOKEY 679 update_autokey = TRUE; 680 #endif 681 lsprox = LSPROX_NOWARN; 682 leapsec = LSPROX_NOWARN; 683 sys_tai = lsdata.tai_offs; 684 } else { 685 #ifdef AUTOKEY 686 update_autokey = (sys_tai != (u_int)lsdata.tai_offs); 687 #endif 688 lsprox = lsdata.proximity; 689 sys_tai = lsdata.tai_offs; 690 } 691 } 692 693 /* We guard against panic alarming during the red alert phase. 694 * Strange and evil things might happen if we go from stone cold 695 * to piping hot in one step. If things are already that wobbly, 696 * we let the normal clock correction take over, even if a jump 697 * is involved. 698 * Also make sure the alarming events are edge-triggered, that is, 699 * created only when the threshold is crossed. 700 */ 701 if ( (leapsec > 0 || lsprox < LSPROX_ALERT) 702 && leapsec < lsprox) { 703 if ( leapsec < LSPROX_SCHEDULE 704 && lsprox >= LSPROX_SCHEDULE) { 705 if (lsdata.dynamic) 706 report_event(PEVNT_ARMED, sys_peer, NULL); 707 else 708 report_event(EVNT_ARMED, NULL, NULL); 709 } 710 leapsec = lsprox; 711 } 712 if (leapsec > lsprox) { 713 if ( leapsec >= LSPROX_SCHEDULE 714 && lsprox < LSPROX_SCHEDULE) { 715 report_event(EVNT_DISARMED, NULL, NULL); 716 } 717 leapsec = lsprox; 718 } 719 720 if (leapsec >= LSPROX_SCHEDULE) { 721 leapdif = lsdata.tai_diff; 722 } else { 723 leapdif = 0; 724 } 725 check_leap_sec_in_progress(&lsdata); 726 727 #ifdef AUTOKEY 728 if (update_autokey) { 729 crypto_update_taichange(); 730 } 731 #endif 732 } 733