faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge NCR_Process functions

Browse source
This commit is contained in:
Miroslav Lichvar 2011-09-01 16:25:13 +02:00
parent 6ab3d1daa3
commit cc3f5962b8
3 changed files with 34 additions and 121 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

118
ntp_core.c
View file

@ -1314,9 +1314,11 @@ receive_packet(NTP_Packet *message, struct timeval *now, double now_err, NCR_Ins
*/ */
/* ================================================== */ /* ================================================== */
/* This routine is called when a new packet arrives off the network,
and it relates to a source we have an ongoing protocol exchange with */
static void void
process_known NCR_ProcessKnown
(NTP_Packet *message, /* the received message */ (NTP_Packet *message, /* the received message */
struct timeval *now, /* timestamp at time of receipt */ struct timeval *now, /* timestamp at time of receipt */
double now_err, double now_err,
@ -1499,9 +1501,6 @@ process_known
break; break;
} }
} }
/* ================================================== */ /* ================================================== */
@ -1509,96 +1508,15 @@ process_known
and it relates to a source we have an ongoing protocol exchange with */ and it relates to a source we have an ongoing protocol exchange with */
void void
NCR_ProcessNoauthKnown(NTP_Packet *message, struct timeval *now, double now_err, NCR_Instance inst) NCR_ProcessUnknown
(NTP_Packet *message, /* the received message */
struct timeval *now, /* timestamp at time of receipt */
double now_err, /* assumed error in the timestamp */
NTP_Remote_Address *remote_addr,
int do_auth /* whether the received packet allegedly contains
authentication info */
)
{ {
process_known(message, now, now_err, inst, 0);
}
/* ================================================== */
/* This routine is called when a new packet arrives off the network,
and we do not recognize its source */
void
NCR_ProcessNoauthUnknown(NTP_Packet *message, struct timeval *now, double now_err, NTP_Remote_Address *remote_addr)
{
NTP_Mode his_mode;
NTP_Mode my_mode;
int my_poll, version;
/* Check version */
version = (message->lvm >> 3) & 0x7;
if (version < NTP_MIN_COMPAT_VERSION || version > NTP_MAX_COMPAT_VERSION) {
/* Ignore packet, but might want to log it */
return;
}
if (ADF_IsAllowed(access_auth_table, &remote_addr->ip_addr)) {
his_mode = message->lvm & 0x07;
if (his_mode == MODE_CLIENT) {
/* We are server */
my_mode = MODE_SERVER;
CLG_LogNTPClientAccess(&remote_addr->ip_addr, (time_t) now->tv_sec);
} else if (his_mode == MODE_ACTIVE) {
/* We are symmetric passive, even though we don't ever lock to him */
my_mode = MODE_PASSIVE;
CLG_LogNTPPeerAccess(&remote_addr->ip_addr, (time_t) now->tv_sec);
} else {
my_mode = MODE_UNDEFINED;
}
/* If we can't determine a sensible mode to reply with, it means
he has supplied a wierd mode in his request, so ignore it. */
if (my_mode != MODE_UNDEFINED) {
my_poll = message->poll; /* What should this be set to? Does the client actually care? */
transmit_packet(my_mode, my_poll,
0, 0UL,
&message->transmit_ts, /* Originate (for us) is the transmit time for the client */
now, /* Time we received the packet */
NULL, /* Don't care when we send reply, we aren't maintaining state about this client */
NULL, /* Ditto */
remote_addr);
}
} else if (!LOG_RateLimited()) {
LOG(LOGS_WARN, LOGF_NtpCore, "NTP packet received from unauthorised host %s port %d",
UTI_IPToString(&remote_addr->ip_addr),
remote_addr->port);
}
return;
}
/* ================================================== */
/* This routine is called when a new authenticated packet arrives off
the network, and it relates to a source we have an ongoing protocol
exchange with */
void
NCR_ProcessAuthKnown(NTP_Packet *message, struct timeval *now, double now_err, NCR_Instance data)
{
process_known(message, now, now_err, data, 1);
}
/* ================================================== */
/* This routine is called when a new authenticated packet arrives off
the network, and we do not recognize its source */
void
NCR_ProcessAuthUnknown(NTP_Packet *message, struct timeval *now, double now_err, NTP_Remote_Address *remote_addr)
{
NTP_Mode his_mode; NTP_Mode his_mode;
NTP_Mode my_mode; NTP_Mode my_mode;
int my_poll, version; int my_poll, version;
@ -1635,6 +1553,7 @@ NCR_ProcessAuthUnknown(NTP_Packet *message, struct timeval *now, double now_err,
if (my_mode != MODE_UNDEFINED) { if (my_mode != MODE_UNDEFINED) {
if (do_auth) {
/* Only reply if we know the key and the packet authenticates /* Only reply if we know the key and the packet authenticates
properly. */ properly. */
key_id = ntohl(message->auth_keyid); key_id = ntohl(message->auth_keyid);
@ -1645,12 +1564,13 @@ NCR_ProcessAuthUnknown(NTP_Packet *message, struct timeval *now, double now_err,
} else { } else {
valid_auth = 0; valid_auth = 0;
} }
}
if (valid_key && valid_auth) { if (!do_auth || (valid_key && valid_auth)) {
my_poll = message->poll; /* What should this be set to? Does the client actually care? */ my_poll = message->poll; /* What should this be set to? Does the client actually care? */
transmit_packet(my_mode, my_poll, transmit_packet(my_mode, my_poll,
1, key_id, do_auth, do_auth ? key_id : 0,
&message->transmit_ts, /* Originate (for us) is the transmit time for the client */ &message->transmit_ts, /* Originate (for us) is the transmit time for the client */
now, /* Time we received the packet */ now, /* Time we received the packet */
NULL, /* Don't care when we send reply, we aren't maintaining state about this client */ NULL, /* Don't care when we send reply, we aren't maintaining state about this client */
@ -1658,10 +1578,12 @@ NCR_ProcessAuthUnknown(NTP_Packet *message, struct timeval *now, double now_err,
remote_addr); remote_addr);
} }
} }
} else if (!LOG_RateLimited()) {
LOG(LOGS_WARN, LOGF_NtpCore, "NTP packet received from unauthorised host %s port %d",
UTI_IPToString(&remote_addr->ip_addr),
remote_addr->port);
} }
return; return;
} }
/* ================================================== */ /* ================================================== */

13
ntp_core.h
View file

@ -54,20 +54,11 @@ extern void NCR_DestroyInstance(NCR_Instance instance);
/* This routine is called when a new packet arrives off the network, /* This routine is called when a new packet arrives off the network,
and it relates to a source we have an ongoing protocol exchange with */ and it relates to a source we have an ongoing protocol exchange with */
extern void NCR_ProcessNoauthKnown(NTP_Packet *message, struct timeval *now, double now_err, NCR_Instance data); extern void NCR_ProcessKnown(NTP_Packet *message, struct timeval *now, double now_err, NCR_Instance data, int do_auth);
/* This routine is called when a new packet arrives off the network, /* This routine is called when a new packet arrives off the network,
and we do not recognize its source */ and we do not recognize its source */
extern void NCR_ProcessNoauthUnknown(NTP_Packet *message, struct timeval *now, double now_err, NTP_Remote_Address *remote_addr); extern void NCR_ProcessUnknown(NTP_Packet *message, struct timeval *now, double now_err, NTP_Remote_Address *remote_addr, int do_auth);
/* This routine is called when a new authenticated packet arrives off
the network, and it relates to a source we have an ongoing protocol
exchange with */
extern void NCR_ProcessAuthKnown(NTP_Packet *message, struct timeval *now, double now_err, NCR_Instance data);
/* This routine is called when a new authenticated packet arrives off
the network, and we do not recognize its source */
extern void NCR_ProcessAuthUnknown(NTP_Packet *message, struct timeval *now, double now_err, NTP_Remote_Address *remote_addr);
/* Slew receive and transmit times in instance records */ /* Slew receive and transmit times in instance records */
extern void NCR_SlewTimes(NCR_Instance inst, struct timeval *when, double dfreq, double doffset); extern void NCR_SlewTimes(NCR_Instance inst, struct timeval *when, double dfreq, double doffset);

8
ntp_sources.c
View file

@ -362,9 +362,9 @@ NSR_ProcessReceive(NTP_Packet *message, struct timeval *now, double now_err, NTP
find_slot(remote_addr, &slot, &found); find_slot(remote_addr, &slot, &found);
if (found == 2) { /* Must match IP address AND port number */ if (found == 2) { /* Must match IP address AND port number */
NCR_ProcessNoauthKnown(message, now, now_err, records[slot].data); NCR_ProcessKnown(message, now, now_err, records[slot].data, 0);
} else { } else {
NCR_ProcessNoauthUnknown(message, now, now_err, remote_addr); NCR_ProcessUnknown(message, now, now_err, remote_addr, 0);
} }
} }
@ -380,9 +380,9 @@ NSR_ProcessAuthenticatedReceive(NTP_Packet *message, struct timeval *now, double
find_slot(remote_addr, &slot, &found); find_slot(remote_addr, &slot, &found);
if (found == 2) { if (found == 2) {
NCR_ProcessAuthKnown(message, now, now_err, records[slot].data); NCR_ProcessKnown(message, now, now_err, records[slot].data, 1);
} else { } else {
NCR_ProcessAuthUnknown(message, now, now_err, remote_addr); NCR_ProcessUnknown(message, now, now_err, remote_addr, 1);
} }
} }