From cc3f5962b82f6b1df675fff58c2eaf0f0a5fbd38 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Thu, 1 Sep 2011 16:25:13 +0200 Subject: [PATCH] Merge NCR_Process functions --- ntp_core.c | 134 +++++++++++--------------------------------------- ntp_core.h | 13 +---- ntp_sources.c | 8 +-- 3 files changed, 34 insertions(+), 121 deletions(-) diff --git a/ntp_core.c b/ntp_core.c index adc876e..c935cdb 100644 --- a/ntp_core.c +++ b/ntp_core.c @@ -1314,9 +1314,11 @@ receive_packet(NTP_Packet *message, struct timeval *now, double now_err, NCR_Ins */ /* ================================================== */ +/* This routine is called when a new packet arrives off the network, + and it relates to a source we have an ongoing protocol exchange with */ -static void -process_known +void +NCR_ProcessKnown (NTP_Packet *message, /* the received message */ struct timeval *now, /* timestamp at time of receipt */ double now_err, @@ -1499,9 +1501,6 @@ process_known break; } - - - } /* ================================================== */ @@ -1509,96 +1508,15 @@ process_known and it relates to a source we have an ongoing protocol exchange with */ void -NCR_ProcessNoauthKnown(NTP_Packet *message, struct timeval *now, double now_err, NCR_Instance inst) +NCR_ProcessUnknown +(NTP_Packet *message, /* the received message */ + struct timeval *now, /* timestamp at time of receipt */ + double now_err, /* assumed error in the timestamp */ + NTP_Remote_Address *remote_addr, + int do_auth /* whether the received packet allegedly contains + authentication info */ + ) { - - process_known(message, now, now_err, inst, 0); - -} - -/* ================================================== */ -/* This routine is called when a new packet arrives off the network, - and we do not recognize its source */ - -void -NCR_ProcessNoauthUnknown(NTP_Packet *message, struct timeval *now, double now_err, NTP_Remote_Address *remote_addr) -{ - - NTP_Mode his_mode; - NTP_Mode my_mode; - int my_poll, version; - - /* Check version */ - version = (message->lvm >> 3) & 0x7; - if (version < NTP_MIN_COMPAT_VERSION || version > NTP_MAX_COMPAT_VERSION) { - /* Ignore packet, but might want to log it */ - return; - } - - if (ADF_IsAllowed(access_auth_table, &remote_addr->ip_addr)) { - - his_mode = message->lvm & 0x07; - - if (his_mode == MODE_CLIENT) { - /* We are server */ - my_mode = MODE_SERVER; - CLG_LogNTPClientAccess(&remote_addr->ip_addr, (time_t) now->tv_sec); - - } else if (his_mode == MODE_ACTIVE) { - /* We are symmetric passive, even though we don't ever lock to him */ - my_mode = MODE_PASSIVE; - CLG_LogNTPPeerAccess(&remote_addr->ip_addr, (time_t) now->tv_sec); - - } else { - my_mode = MODE_UNDEFINED; - } - - /* If we can't determine a sensible mode to reply with, it means - he has supplied a wierd mode in his request, so ignore it. */ - - if (my_mode != MODE_UNDEFINED) { - - my_poll = message->poll; /* What should this be set to? Does the client actually care? */ - - transmit_packet(my_mode, my_poll, - 0, 0UL, - &message->transmit_ts, /* Originate (for us) is the transmit time for the client */ - now, /* Time we received the packet */ - NULL, /* Don't care when we send reply, we aren't maintaining state about this client */ - NULL, /* Ditto */ - remote_addr); - - } - } else if (!LOG_RateLimited()) { - LOG(LOGS_WARN, LOGF_NtpCore, "NTP packet received from unauthorised host %s port %d", - UTI_IPToString(&remote_addr->ip_addr), - remote_addr->port); - } - - return; - -} - -/* ================================================== */ -/* This routine is called when a new authenticated packet arrives off - the network, and it relates to a source we have an ongoing protocol - exchange with */ - -void -NCR_ProcessAuthKnown(NTP_Packet *message, struct timeval *now, double now_err, NCR_Instance data) -{ - process_known(message, now, now_err, data, 1); - -} - -/* ================================================== */ -/* This routine is called when a new authenticated packet arrives off - the network, and we do not recognize its source */ - -void -NCR_ProcessAuthUnknown(NTP_Packet *message, struct timeval *now, double now_err, NTP_Remote_Address *remote_addr) -{ - NTP_Mode his_mode; NTP_Mode my_mode; int my_poll, version; @@ -1635,22 +1553,24 @@ NCR_ProcessAuthUnknown(NTP_Packet *message, struct timeval *now, double now_err, if (my_mode != MODE_UNDEFINED) { - /* Only reply if we know the key and the packet authenticates - properly. */ - key_id = ntohl(message->auth_keyid); - valid_key = KEY_KeyKnown(key_id); + if (do_auth) { + /* Only reply if we know the key and the packet authenticates + properly. */ + key_id = ntohl(message->auth_keyid); + valid_key = KEY_KeyKnown(key_id); - if (valid_key) { - valid_auth = check_packet_auth(message, key_id); - } else { - valid_auth = 0; + if (valid_key) { + valid_auth = check_packet_auth(message, key_id); + } else { + valid_auth = 0; + } } - if (valid_key && valid_auth) { + if (!do_auth || (valid_key && valid_auth)) { my_poll = message->poll; /* What should this be set to? Does the client actually care? */ transmit_packet(my_mode, my_poll, - 1, key_id, + do_auth, do_auth ? key_id : 0, &message->transmit_ts, /* Originate (for us) is the transmit time for the client */ now, /* Time we received the packet */ NULL, /* Don't care when we send reply, we aren't maintaining state about this client */ @@ -1658,10 +1578,12 @@ NCR_ProcessAuthUnknown(NTP_Packet *message, struct timeval *now, double now_err, remote_addr); } } + } else if (!LOG_RateLimited()) { + LOG(LOGS_WARN, LOGF_NtpCore, "NTP packet received from unauthorised host %s port %d", + UTI_IPToString(&remote_addr->ip_addr), + remote_addr->port); } return; - - } /* ================================================== */ diff --git a/ntp_core.h b/ntp_core.h index 6b2c8ed..239e3c8 100644 --- a/ntp_core.h +++ b/ntp_core.h @@ -54,20 +54,11 @@ extern void NCR_DestroyInstance(NCR_Instance instance); /* This routine is called when a new packet arrives off the network, and it relates to a source we have an ongoing protocol exchange with */ -extern void NCR_ProcessNoauthKnown(NTP_Packet *message, struct timeval *now, double now_err, NCR_Instance data); +extern void NCR_ProcessKnown(NTP_Packet *message, struct timeval *now, double now_err, NCR_Instance data, int do_auth); /* This routine is called when a new packet arrives off the network, and we do not recognize its source */ -extern void NCR_ProcessNoauthUnknown(NTP_Packet *message, struct timeval *now, double now_err, NTP_Remote_Address *remote_addr); - -/* This routine is called when a new authenticated packet arrives off - the network, and it relates to a source we have an ongoing protocol - exchange with */ -extern void NCR_ProcessAuthKnown(NTP_Packet *message, struct timeval *now, double now_err, NCR_Instance data); - -/* This routine is called when a new authenticated packet arrives off - the network, and we do not recognize its source */ -extern void NCR_ProcessAuthUnknown(NTP_Packet *message, struct timeval *now, double now_err, NTP_Remote_Address *remote_addr); +extern void NCR_ProcessUnknown(NTP_Packet *message, struct timeval *now, double now_err, NTP_Remote_Address *remote_addr, int do_auth); /* Slew receive and transmit times in instance records */ extern void NCR_SlewTimes(NCR_Instance inst, struct timeval *when, double dfreq, double doffset); diff --git a/ntp_sources.c b/ntp_sources.c index f7fce83..5c05969 100644 --- a/ntp_sources.c +++ b/ntp_sources.c @@ -362,9 +362,9 @@ NSR_ProcessReceive(NTP_Packet *message, struct timeval *now, double now_err, NTP find_slot(remote_addr, &slot, &found); if (found == 2) { /* Must match IP address AND port number */ - NCR_ProcessNoauthKnown(message, now, now_err, records[slot].data); + NCR_ProcessKnown(message, now, now_err, records[slot].data, 0); } else { - NCR_ProcessNoauthUnknown(message, now, now_err, remote_addr); + NCR_ProcessUnknown(message, now, now_err, remote_addr, 0); } } @@ -380,9 +380,9 @@ NSR_ProcessAuthenticatedReceive(NTP_Packet *message, struct timeval *now, double find_slot(remote_addr, &slot, &found); if (found == 2) { - NCR_ProcessAuthKnown(message, now, now_err, records[slot].data); + NCR_ProcessKnown(message, now, now_err, records[slot].data, 1); } else { - NCR_ProcessAuthUnknown(message, now, now_err, remote_addr); + NCR_ProcessUnknown(message, now, now_err, remote_addr, 1); } }